vec: limit unsafe to where it's actually needed

2 years ago · 195fbfbc55
parent cfe77d0f5f
commit 195fbfbc55
5 changed files with 56 additions and 60 deletions
--- a/src/vec/vec-drain.md
+++ b/src/vec/vec-drain.md
@ -135,8 +135,7 @@ impl<'a, T> Drop for Drain<'a, T> {
 impl<T> Vec<T> {
    pub fn drain(&mut self) -> Drain<T> {
-        unsafe {
+        let iter = unsafe { RawValIter::new(&self) };
            let iter = RawValIter::new(&self);
        // this is a mem::forget safety thing. If Drain is forgotten, we just
        // leak the whole Vec's contents. Also we need to do this *eventually*
@ -149,7 +148,6 @@ impl<T> Vec<T> {
        }
    }
 }
 }
 ```
 For more details on the `mem::forget` problem, see the
--- a/src/vec/vec-final.md
+++ b/src/vec/vec-final.md
@ -138,14 +138,17 @@ impl<T> Vec<T> {
                self.len - index,
            );
            ptr::write(self.ptr().add(index), elem);
            self.len += 1;
        }
        self.len += 1;
    }
    pub fn remove(&mut self, index: usize) -> T {
        assert!(index < self.len, "index out of bounds");
-        unsafe {
+
        self.len -= 1;
        unsafe {
            let result = ptr::read(self.ptr().add(index));
            ptr::copy(
                self.ptr().add(index + 1),
@ -157,8 +160,7 @@ impl<T> Vec<T> {
    }
    pub fn drain(&mut self) -> Drain<T> {
-        unsafe {
+        let iter = unsafe { RawValIter::new(&self) };
            let iter = RawValIter::new(&self);
        // this is a mem::forget safety thing. If Drain is forgotten, we just
        // leak the whole Vec's contents. Also we need to do this *eventually*
@ -171,7 +173,6 @@ impl<T> Vec<T> {
        }
    }
 }
 }
 impl<T> Drop for Vec<T> {
    fn drop(&mut self) {
@ -197,9 +198,10 @@ impl<T> IntoIterator for Vec<T> {
    type Item = T;
    type IntoIter = IntoIter<T>;
    fn into_iter(self) -> IntoIter<T> {
-        unsafe {
+        let (iter, buf) = unsafe {
-            let iter = RawValIter::new(&self);
+            (RawValIter::new(&self), ptr::read(&self.buf))
-            let buf = ptr::read(&self.buf);
+        };
        mem::forget(self);
        IntoIter {
@ -208,7 +210,6 @@ impl<T> IntoIterator for Vec<T> {
        }
    }
 }
 }
 struct RawValIter<T> {
    start: *const T,
--- a/src/vec/vec-insert-remove.md
+++ b/src/vec/vec-insert-remove.md
@ -28,8 +28,9 @@ pub fn insert(&mut self, index: usize, elem: T) {
            self.len - index,
        );
        ptr::write(self.ptr.as_ptr().add(index), elem);
        self.len += 1;
    }
    self.len += 1;
 }
 ```
--- a/src/vec/vec-into-iter.md
+++ b/src/vec/vec-into-iter.md
@ -68,7 +68,6 @@ impl<T> IntoIterator for Vec<T> {
        let cap = vec.cap;
        let len = vec.len;
        unsafe {
        IntoIter {
            buf: ptr,
            cap,
@ -77,12 +76,11 @@ impl<T> IntoIterator for Vec<T> {
                // can't offset off this pointer, it's not allocated!
                ptr.as_ptr()
            } else {
-                    ptr.as_ptr().add(len)
+                unsafe { ptr.as_ptr().add(len) }
            },
        }
    }
 }
 }
 ```
 Here's iterating forward:
--- a/src/vec/vec-raw.md
+++ b/src/vec/vec-raw.md
@ -131,10 +131,9 @@ impl<T> IntoIterator for Vec<T> {
    type Item = T;
    type IntoIter = IntoIter<T>;
    fn into_iter(self) -> IntoIter<T> {
        unsafe {
        // need to use ptr::read to unsafely move the buf out since it's
        // not Copy, and Vec implements Drop (so we can't destructure it).
-            let buf = ptr::read(&self.buf);
+        let buf = unsafe { ptr::read(&self.buf) };
        let len = self.len;
        mem::forget(self);
@ -144,13 +143,12 @@ impl<T> IntoIterator for Vec<T> {
                // can't offset off of a pointer unless it's part of an allocation
                buf.ptr.as_ptr()
            } else {
-                    buf.ptr.as_ptr().add(len)
+                unsafe { buf.ptr.as_ptr().add(len) }
            },
            _buf: buf,
        }
    }
 }
 }
 ```
 Much better.