Skip to content
Permalink
Browse files

Note that NonNull does not launder shared references for mutation

  • Loading branch information...
RalfJung committed Mar 12, 2019
1 parent 7486b9c commit 7fcdb93cf55ad7ddfd07f5265b363379ae16b3b6
Showing with 9 additions and 0 deletions.
  1. +9 −0 src/libcore/ptr.rs
@@ -2874,6 +2874,15 @@ impl<'a, T: ?Sized> From<NonNull<T>> for Unique<T> {
/// Usually this won't be necessary; covariance is correct for most safe abstractions,
/// such as Box, Rc, Arc, Vec, and LinkedList. This is the case because they
/// provide a public API that follows the normal shared XOR mutable rules of Rust.
///
/// Notice that `NonNull<T>` has a `From` instance for `&T`. However, this does
/// not change the fact that mutating through a (pointer derived from a) shared
/// reference is undefined behavior unless the mutation happens inside an
/// [`UnsafeCell<T>`]. When using this `From` instance without an `UnsafeCell<T>`,
/// it is your responsibility to ensure that `as_mut` is never called, and `as_ptr`
/// is never used for mutation.
///
/// [`UnsafeCell<T>`]: ../cell/struct.UnsafeCell.html
#[stable(feature = "nonnull", since = "1.25.0")]
#[repr(transparent)]
#[rustc_layout_scalar_valid_range_start(1)]

0 comments on commit 7fcdb93

Please sign in to comment.
You can’t perform that action at this time.