1.0.0[][src]Module sp_std::ptr

Manually manage memory through raw pointers.

See also the pointer primitive types.

Safety

Many functions in this module take raw pointers as arguments and read from or write to them. For this to be safe, these pointers must be valid. Whether a pointer is valid depends on the operation it is used for (read or write), and the extent of the memory that is accessed (i.e., how many bytes are read/written). Most functions use *mut T and *const T to access only a single value, in which case the documentation omits the size and implicitly assumes it to be size_of::<T>() bytes.

The precise rules for validity are not determined yet. The guarantees that are provided at this point are very minimal:

  • A null pointer is never valid, not even for accesses of size zero.
  • For a pointer to be valid, it is necessary, but not always sufficient, that the pointer be dereferenceable: the memory range of the given size starting at the pointer must all be within the bounds of a single allocated object. Note that in Rust, every (stack-allocated) variable is considered a separate allocated object.
  • Even for operations of size zero, the pointer must not be pointing to deallocated memory, i.e., deallocation makes pointers invalid even for zero-sized operations. However, casting any non-zero integer literal to a pointer is valid for zero-sized accesses, even if some memory happens to exist at that address and gets deallocated. This corresponds to writing your own allocator: allocating zero-sized objects is not very hard. The canonical way to obtain a pointer that is valid for zero-sized accesses is NonNull::dangling.
  • All accesses performed by functions in this module are non-atomic in the sense of atomic operations used to synchronize between threads. This means it is undefined behavior to perform two concurrent accesses to the same location from different threads unless both accesses only read from memory. Notice that this explicitly includes read_volatile and write_volatile: Volatile accesses cannot be used for inter-thread synchronization.
  • The result of casting a reference to a pointer is valid for as long as the underlying object is live and no reference (just raw pointers) is used to access the same memory.

These axioms, along with careful use of offset for pointer arithmetic, are enough to correctly implement many useful things in unsafe code. Stronger guarantees will be provided eventually, as the aliasing rules are being determined. For more information, see the book as well as the section in the reference devoted to undefined behavior.

Alignment

Valid raw pointers as defined above are not necessarily properly aligned (where "proper" alignment is defined by the pointee type, i.e., *const T must be aligned to mem::align_of::<T>()). However, most functions require their arguments to be properly aligned, and will explicitly state this requirement in their documentation. Notable exceptions to this are read_unaligned and write_unaligned.

When a function requires proper alignment, it does so even if the access has size 0, i.e., even if memory is not actually touched. Consider using NonNull::dangling in such cases.

Macros

raw_constExperimental

Create a const raw pointer to a place, without creating an intermediate reference.

raw_mutExperimental

Create a mut raw pointer to a place, without creating an intermediate reference.

Structs

NonNull

*mut T but non-zero and covariant.

Functions

copy

Copies count * size_of::<T>() bytes from src to dst. The source and destination may overlap.

copy_nonoverlapping

Copies count * size_of::<T>() bytes from src to dst. The source and destination must not overlap.

drop_in_place

Executes the destructor (if any) of the pointed-to value.

eq

Compares raw pointers for equality.

hash

Hash a raw pointer.

null

Creates a null raw pointer.

null_mut

Creates a null mutable raw pointer.

read

Reads the value from src without moving it. This leaves the memory in src unchanged.

read_unaligned

Reads the value from src without moving it. This leaves the memory in src unchanged.

read_volatile

Performs a volatile read of the value from src without moving it. This leaves the memory in src unchanged.

replace

Moves src into the pointed dst, returning the previous dst value.

slice_from_raw_parts

Forms a raw slice from a pointer and a length.

slice_from_raw_parts_mut

Performs the same functionality as slice_from_raw_parts, except that a raw mutable slice is returned, as opposed to a raw immutable slice.

swap

Swaps the values at two mutable locations of the same type, without deinitializing either.

swap_nonoverlapping

Swaps count * size_of::<T>() bytes between the two regions of memory beginning at x and y. The two regions must not overlap.

write

Overwrites a memory location with the given value without reading or dropping the old value.

write_bytes

Sets count * size_of::<T>() bytes of memory starting at dst to val.

write_unaligned

Overwrites a memory location with the given value without reading or dropping the old value.

write_volatile

Performs a volatile write of a memory location with the given value without reading or dropping the old value.