From f44abba4ec19ee8b7ae4dfbe557fa4846eec8ad6 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 3 Aug 2019 12:46:20 +0200 Subject: [PATCH 1/3] clarify that unchecked indexing is UB even if the reference is never used --- src/libcore/slice/mod.rs | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/libcore/slice/mod.rs b/src/libcore/slice/mod.rs index b06511cad975c..bb6abd8e003de 100644 --- a/src/libcore/slice/mod.rs +++ b/src/libcore/slice/mod.rs @@ -292,8 +292,10 @@ impl [T] { /// Returns a reference to an element or subslice, without doing bounds /// checking. /// - /// This is generally not recommended, use with caution! For a safe - /// alternative see [`get`]. + /// This is generally not recommended, use with caution! + /// Calling this method with an out-of-bounds index is UB even if the resulting + /// reference is not used. + /// For a safe alternative see [`get`]. /// /// [`get`]: #method.get /// @@ -317,8 +319,10 @@ impl [T] { /// Returns a mutable reference to an element or subslice, without doing /// bounds checking. /// - /// This is generally not recommended, use with caution! For a safe - /// alternative see [`get_mut`]. + /// This is generally not recommended, use with caution! + /// Calling this method with an out-of-bounds index is UB even if the resulting + /// reference is not used. + /// For a safe alternative see [`get_mut`]. /// /// [`get_mut`]: #method.get_mut /// @@ -2629,11 +2633,15 @@ pub trait SliceIndex: private_slice_index::Sealed { /// Returns a shared reference to the output at this location, without /// performing any bounds checking. + /// Calling this method with an out-of-bounds index is UB even if the resulting + /// reference is not used. #[unstable(feature = "slice_index_methods", issue = "0")] unsafe fn get_unchecked(self, slice: &T) -> &Self::Output; /// Returns a mutable reference to the output at this location, without /// performing any bounds checking. + /// Calling this method with an out-of-bounds index is UB even if the resulting + /// reference is not used. #[unstable(feature = "slice_index_methods", issue = "0")] unsafe fn get_unchecked_mut(self, slice: &mut T) -> &mut Self::Output; From 3b9cda4693c89acef5db1138b8516fabc17670fd Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 3 Aug 2019 13:45:15 +0200 Subject: [PATCH 2/3] Apply suggestions from code review Co-Authored-By: Mazdak Farrokhzad --- src/libcore/slice/mod.rs | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/libcore/slice/mod.rs b/src/libcore/slice/mod.rs index bb6abd8e003de..9d16d34815945 100644 --- a/src/libcore/slice/mod.rs +++ b/src/libcore/slice/mod.rs @@ -293,11 +293,12 @@ impl [T] { /// checking. /// /// This is generally not recommended, use with caution! - /// Calling this method with an out-of-bounds index is UB even if the resulting - /// reference is not used. + /// Calling this method with an out-of-bounds index is *[undefined behavior]* + /// even if the resulting reference is not used. /// For a safe alternative see [`get`]. /// /// [`get`]: #method.get + /// [undefined behavior]: ../../reference/behavior-considered-undefined.html /// /// # Examples /// @@ -320,11 +321,12 @@ impl [T] { /// bounds checking. /// /// This is generally not recommended, use with caution! - /// Calling this method with an out-of-bounds index is UB even if the resulting - /// reference is not used. + /// Calling this method with an out-of-bounds index is *[undefined behavior]* + /// even if the resulting reference is not used. /// For a safe alternative see [`get_mut`]. /// /// [`get_mut`]: #method.get_mut + /// [undefined behavior]: ../../reference/behavior-considered-undefined.html /// /// # Examples /// @@ -2633,15 +2635,17 @@ pub trait SliceIndex: private_slice_index::Sealed { /// Returns a shared reference to the output at this location, without /// performing any bounds checking. - /// Calling this method with an out-of-bounds index is UB even if the resulting - /// reference is not used. + /// Calling this method with an out-of-bounds index is *[undefined behavior]* + /// even if the resulting reference is not used. + /// [undefined behavior]: ../../reference/behavior-considered-undefined.html #[unstable(feature = "slice_index_methods", issue = "0")] unsafe fn get_unchecked(self, slice: &T) -> &Self::Output; /// Returns a mutable reference to the output at this location, without /// performing any bounds checking. - /// Calling this method with an out-of-bounds index is UB even if the resulting - /// reference is not used. + /// Calling this method with an out-of-bounds index is *[undefined behavior]* + /// even if the resulting reference is not used. + /// [undefined behavior]: ../../reference/behavior-considered-undefined.html #[unstable(feature = "slice_index_methods", issue = "0")] unsafe fn get_unchecked_mut(self, slice: &mut T) -> &mut Self::Output; From 9b5623f8bcc5f69fb3aac5a473231bee70234a51 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 4 Aug 2019 09:52:36 +0200 Subject: [PATCH 3/3] fix links relative links do not work because this is included in several places --- src/libcore/slice/mod.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libcore/slice/mod.rs b/src/libcore/slice/mod.rs index 9d16d34815945..c8257d30488a9 100644 --- a/src/libcore/slice/mod.rs +++ b/src/libcore/slice/mod.rs @@ -298,7 +298,7 @@ impl [T] { /// For a safe alternative see [`get`]. /// /// [`get`]: #method.get - /// [undefined behavior]: ../../reference/behavior-considered-undefined.html + /// [undefined behavior]: https://doc.rust-lang.org/reference/behavior-considered-undefined.html /// /// # Examples /// @@ -326,7 +326,7 @@ impl [T] { /// For a safe alternative see [`get_mut`]. /// /// [`get_mut`]: #method.get_mut - /// [undefined behavior]: ../../reference/behavior-considered-undefined.html + /// [undefined behavior]: https://doc.rust-lang.org/reference/behavior-considered-undefined.html /// /// # Examples ///