From 0475310e99a478413dafb6883272b8cbceedccd6 Mon Sep 17 00:00:00 2001 From: Varun Doshi <61531351+varun-doshi@users.noreply.github.com> Date: Tue, 8 Oct 2024 03:56:59 +0530 Subject: [PATCH] Update safety comments to cite specific versions (#1835) Update Reference and docs links in safety comments to reference specific versions of the Rust toolchain. Makes progress on #1655 --- src/impls.rs | 40 ++++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/src/impls.rs b/src/impls.rs index 1deeb1fe39..05a198f463 100644 --- a/src/impls.rs +++ b/src/impls.rs @@ -19,7 +19,7 @@ safety_comment! { /// - `IntoBytes`: Since `()` has size 0, it contains no padding bytes. /// - `Unaligned`: `()` has alignment 1. /// - /// [1] https://doc.rust-lang.org/reference/type-layout.html#tuple-layout + /// [1] https://doc.rust-lang.org/1.81.0/reference/type-layout.html#tuple-layout unsafe_impl!((): Immutable, TryFromBytes, FromZeros, FromBytes, IntoBytes, Unaligned); assert_unaligned!(()); } @@ -47,13 +47,13 @@ safety_comment! { /// TODO(https://github.com/rust-lang/reference/pull/1392): Once this text /// is available on the Stable docs, cite those instead. /// - /// [2] https://doc.rust-lang.org/reference/type-layout.html#primitive-data-layout + /// [2] https://doc.rust-lang.org/1.81.0/reference/type-layout.html#primitive-data-layout /// - /// [3] Per https://doc.rust-lang.org/reference/type-layout.html#size-and-alignment: + /// [3] Per https://doc.rust-lang.org/1.81.0/reference/type-layout.html#size-and-alignment: /// /// Alignment is measured in bytes, and must be at least 1. /// - /// [4] Per https://doc.rust-lang.org/reference/type-layout.html#size-and-alignment: + /// [4] Per https://doc.rust-lang.org/1.81.0/reference/type-layout.html#size-and-alignment: /// /// The size of a value is always a multiple of its alignment. /// @@ -89,7 +89,7 @@ safety_comment! { /// - `Unaligned`: Per the reference [1], "[a]n object with the boolean type /// has a size and alignment of 1 each." /// - /// [1] https://doc.rust-lang.org/reference/types/boolean.html + /// [1] https://doc.rust-lang.org/1.81.0/reference/types/boolean.html unsafe_impl!(bool: Immutable, FromZeros, IntoBytes, Unaligned); assert_unaligned!(bool); /// SAFETY: @@ -112,7 +112,7 @@ safety_comment! { /// the `u8` value is 0 or 1, and both of these are valid values for /// `bool`. [3] /// - /// [1] Per https://doc.rust-lang.org/reference/type-layout.html#primitive-data-layout: + /// [1] Per https://doc.rust-lang.org/1.81.0/reference/type-layout.html#primitive-data-layout: /// /// The size of most primitives is given in this table. /// @@ -121,11 +121,11 @@ safety_comment! { /// | `bool` | 1 | /// | `u8`/`i8` | 1 | /// - /// [2] Per https://doc.rust-lang.org/reference/type-layout.html#size-and-alignment: + /// [2] Per https://doc.rust-lang.org/1.81.0/reference/type-layout.html#size-and-alignment: /// /// The size of a value is always a multiple of its alignment. /// - /// [3] Per https://doc.rust-lang.org/reference/types/boolean.html: + /// [3] Per https://doc.rust-lang.org/1.81.0/reference/types/boolean.html: /// /// The value false has the bit pattern 0x00 and the value true has the /// bit pattern 0x01. @@ -144,7 +144,7 @@ safety_comment! { /// unsigned word" (`u32`) which is `IntoBytes`. Note that unlike `u32`, /// not all bit patterns are valid for `char`. /// - /// [1] https://doc.rust-lang.org/reference/types/textual.html + /// [1] https://doc.rust-lang.org/1.81.0/reference/types/textual.html unsafe_impl!(char: Immutable, FromZeros, IntoBytes); /// SAFETY: /// - The safety requirements for `unsafe_impl!` with an `is_bit_valid` @@ -202,7 +202,7 @@ safety_comment! { /// - Improve safety proof for `FromZeros` and `IntoBytes`; having the same /// layout as `[u8]` isn't sufficient. /// - /// [1] https://doc.rust-lang.org/reference/type-layout.html#str-layout + /// [1] https://doc.rust-lang.org/1.81.0/reference/type-layout.html#str-layout unsafe_impl!(str: Immutable, FromZeros, IntoBytes, Unaligned); /// SAFETY: /// - The safety requirements for `unsafe_impl!` with an `is_bit_valid` @@ -226,7 +226,7 @@ safety_comment! { /// guarantees that it returns `Err` if its input is not a valid `str`. /// [2] /// - /// [1] Per https://doc.rust-lang.org/reference/types/textual.html: + /// [1] Per https://doc.rust-lang.org/1.81.0/reference/types/textual.html: /// /// A value of type `str` is represented the same was as `[u8]`. /// @@ -264,8 +264,12 @@ safety_comment! { /// clear how we'd prove it short of adding text to the stdlib docs that /// says so explicitly, which likely wouldn't be accepted. /// - /// [1] https://doc.rust-lang.org/stable/std/num/struct.NonZeroU8.html - /// [2] https://doc.rust-lang.org/stable/std/num/struct.NonZeroI8.html + /// [1] https://doc.rust-lang.org/1.81.0/std/num/type.NonZeroU8.html + /// + /// `NonZeroU8` is guaranteed to have the same layout and bit validity as `u8` with + /// the exception that 0 is not a valid instance + /// + /// [2] https://doc.rust-lang.org/1.81.0/std/num/type.NonZeroI8.html /// TODO(https://github.com/rust-lang/rust/pull/104082): Cite documentation /// that layout is the same as primitive layout. unsafe_impl!(NonZeroU8: Immutable, IntoBytes, Unaligned); @@ -302,7 +306,7 @@ safety_comment! { /// `Maybe` refers to a valid `NonZeroXxx`. The only /// `xxx` which is not also a valid `NonZeroXxx` is 0. [1] /// - /// [1] Per https://doc.rust-lang.org/core/num/struct.NonZeroU16.html: + /// [1] Per https://doc.rust-lang.org/1.81.0/core/num/type.NonZeroU16.html: /// /// `NonZeroU16` is guaranteed to have the same layout and bit validity as /// `u16` with the exception that `0` is not a valid instance. @@ -493,11 +497,11 @@ mod atomics { /// This type has the same size, alignment, and bit validity as /// the underlying integer type /// - /// [2] Per https://doc.rust-lang.org/reference/type-layout.html#size-and-alignment: + /// [2] Per https://doc.rust-lang.org/1.81.0/reference/type-layout.html#size-and-alignment: /// /// Alignment is measured in bytes, and must be at least 1. /// - /// [3] Per https://doc.rust-lang.org/reference/type-layout.html#size-and-alignment: + /// [3] Per https://doc.rust-lang.org/1.81.0/reference/type-layout.html#size-and-alignment: /// /// The size of a value is always a multiple of its alignment. unsafe_impl!(AtomicBool: Unaligned); @@ -604,7 +608,7 @@ safety_comment! { /// - `Unaligned`: Per the preceding reference, `PhantomData` has alignment /// 1. /// - /// [1] https://doc.rust-lang.org/std/marker/struct.PhantomData.html#layout-1 + /// [1] https://doc.rust-lang.org/1.81.0/std/marker/struct.PhantomData.html#layout-1 unsafe_impl!(T: ?Sized => Immutable for PhantomData); unsafe_impl!(T: ?Sized => TryFromBytes for PhantomData); unsafe_impl!(T: ?Sized => FromZeros for PhantomData); @@ -710,7 +714,7 @@ safety_comment! { /// Note that we don't `assert_unaligned!` for slice types because /// `assert_unaligned!` uses `align_of`, which only works for `Sized` types. /// - /// [1] https://doc.rust-lang.org/reference/type-layout.html#array-layout + /// [1] https://doc.rust-lang.org/1.81.0/reference/type-layout.html#array-layout unsafe_impl!(const N: usize, T: Immutable => Immutable for [T; N]); unsafe_impl!(const N: usize, T: TryFromBytes => TryFromBytes for [T; N]; |c: Maybe<[T; N]>| { // Note that this call may panic, but it would still be sound even if it