Rollup merge of #71148 - bluss:vec-drop-raw-slice, r=RalfJung

tmandry · web-flow · commit 4adebb9f29d8 · 2020-04-30T15:23:08.000-07:00
Vec drop and truncate: drop using raw slice *mut [T] By creating a *mut [T] directly (without going through &mut [T]), avoid questions of validity of the contents of the slice. Consider the following risky code: ```rust unsafe { let mut v = Vec::<bool>::with_capacity(16); v.set_len(16); } ``` The intention is that with this change, we avoid one of the soundness questions about the above snippet, because Vec::drop no longer produces a mutable slice of the vector's contents. r? @RalfJung
diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs
@@ -741,7 +741,7 @@ impl<T> Vec<T> {
                 return;
             }
             let remaining_len = self.len - len;
-            let s = slice::from_raw_parts_mut(self.as_mut_ptr().add(len), remaining_len);
+            let s = ptr::slice_from_raw_parts_mut(self.as_mut_ptr().add(len), remaining_len);
             self.len = len;
             ptr::drop_in_place(s);
         }
@@ -2379,7 +2379,9 @@ unsafe impl<#[may_dangle] T> Drop for Vec<T> {
     fn drop(&mut self) {
         unsafe {
             // use drop for [T]
-            ptr::drop_in_place(&mut self[..]);
+            // use a raw slice to refer to the elements of the vector as weakest necessary type;
+            // could avoid questions of validity in certain cases
+            ptr::drop_in_place(ptr::slice_from_raw_parts_mut(self.as_mut_ptr(), self.len))
         }
         // RawVec handles deallocation
     }
@@ -2596,7 +2598,11 @@ impl<T> IntoIter<T> {
     /// ```
     #[stable(feature = "vec_into_iter_as_slice", since = "1.15.0")]
     pub fn as_mut_slice(&mut self) -> &mut [T] {
-        unsafe { slice::from_raw_parts_mut(self.ptr as *mut T, self.len()) }
+        unsafe { &mut *self.as_raw_mut_slice() }
+    }
+
+    fn as_raw_mut_slice(&mut self) -> *mut [T] {
+        ptr::slice_from_raw_parts_mut(self.ptr as *mut T, self.len())
     }
 }
 
@@ -2708,7 +2714,7 @@ unsafe impl<#[may_dangle] T> Drop for IntoIter<T> {
         let guard = DropGuard(self);
         // destroy the remaining elements
         unsafe {
-            ptr::drop_in_place(guard.0.as_mut_slice());
+            ptr::drop_in_place(guard.0.as_raw_mut_slice());
         }
         // now `guard` will be dropped and do the rest
     }

Original file line number	Diff line number	Diff line change
`@@ -741,7 +741,7 @@ impl<T> Vec<T> {`
`741`	`741`	`return;`
`742`	`742`	`}`
`743`	`743`	`let remaining_len = self.len - len;`
`744`		`- let s = slice::from_raw_parts_mut(self.as_mut_ptr().add(len), remaining_len);`
	`744`	`+ let s = ptr::slice_from_raw_parts_mut(self.as_mut_ptr().add(len), remaining_len);`
`745`	`745`	`self.len = len;`
`746`	`746`	`ptr::drop_in_place(s);`
`747`	`747`	`}`
`@@ -2379,7 +2379,9 @@ unsafe impl<#[may_dangle] T> Drop for Vec<T> {`
`2379`	`2379`	`fn drop(&mut self) {`
`2380`	`2380`	`unsafe {`
`2381`	`2381`	`// use drop for [T]`
`2382`		`- ptr::drop_in_place(&mut self[..]);`
	`2382`	`+ // use a raw slice to refer to the elements of the vector as weakest necessary type;`
	`2383`	`+ // could avoid questions of validity in certain cases`
	`2384`	`+ ptr::drop_in_place(ptr::slice_from_raw_parts_mut(self.as_mut_ptr(), self.len))`
`2383`	`2385`	`}`
`2384`	`2386`	`// RawVec handles deallocation`
`2385`	`2387`	`}`
`@@ -2596,7 +2598,11 @@ impl<T> IntoIter<T> {`
`2596`	`2598`	/// ```
`2597`	`2599`	`#[stable(feature = "vec_into_iter_as_slice", since = "1.15.0")]`
`2598`	`2600`	`pub fn as_mut_slice(&mut self) -> &mut [T] {`
`2599`		`- unsafe { slice::from_raw_parts_mut(self.ptr as *mut T, self.len()) }`
	`2601`	`+ unsafe { &mut *self.as_raw_mut_slice() }`
	`2602`	`+ }`
	`2603`	`+`
	`2604`	`+ fn as_raw_mut_slice(&mut self) -> *mut [T] {`
	`2605`	`+ ptr::slice_from_raw_parts_mut(self.ptr as *mut T, self.len())`
`2600`	`2606`	`}`
`2601`	`2607`	`}`
`2602`	`2608`
`@@ -2708,7 +2714,7 @@ unsafe impl<#[may_dangle] T> Drop for IntoIter<T> {`
`2708`	`2714`	`let guard = DropGuard(self);`
`2709`	`2715`	`// destroy the remaining elements`
`2710`	`2716`	`unsafe {`
`2711`		`- ptr::drop_in_place(guard.0.as_mut_slice());`
	`2717`	`+ ptr::drop_in_place(guard.0.as_raw_mut_slice());`
`2712`	`2718`	`}`
`2713`	`2719`	// now `guard` will be dropped and do the rest
`2714`	`2720`	`}`