Re: [PATCH] rust: alloc: use `spare_capacity_mut` to reduce unsafe

From: Alice Ryhl
Date: Tue Mar 18 2025 - 05:24:30 EST

Next message: Frederic Weisbecker: "[PATCH] rcu/nocb: Dump gp state even if rdp gp itself is not offloaded"
Previous message: Uwe Kleine-König: "Re: [PATCH v10 0/3] Change PWM-controlled LED pin active mode and algorithm"
In reply to: Tamir Duberstein: "Re: [PATCH] rust: alloc: use `spare_capacity_mut` to reduce unsafe"
Next in thread: Danilo Krummrich: "Re: [PATCH] rust: alloc: use `spare_capacity_mut` to reduce unsafe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 17, 2025 at 01:55:18PM -0400, Tamir Duberstein wrote:
> > >
> > > fn dec_len(&mut self, count: usize) -> &mut [T] {
> > > self.len = self.len.saturating_sub(count);
> > >
> > > // Potentially broken, since maybe `count > self.len`, hence need an
> > > // additional check.
> > > unsafe { slice::from_raw_parts_mut(self.as_mut_ptr().add(self.len), count) }
> > > }
> >
> > Ah sorry, in my mental model the function returned `()`. Do we need the
> > return value?
>
> The return value is the whole genesis of `dec_len`, we want to return
> something to let the caller know they need to drop or copy the memory.

Hold on .. it returns &mut [T]. You're usually not allowed to take
ownership of or drop values behind a mutable reference.

Alice

Next message: Frederic Weisbecker: "[PATCH] rcu/nocb: Dump gp state even if rdp gp itself is not offloaded"
Previous message: Uwe Kleine-König: "Re: [PATCH v10 0/3] Change PWM-controlled LED pin active mode and algorithm"
In reply to: Tamir Duberstein: "Re: [PATCH] rust: alloc: use `spare_capacity_mut` to reduce unsafe"
Next in thread: Danilo Krummrich: "Re: [PATCH] rust: alloc: use `spare_capacity_mut` to reduce unsafe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]