2 use crate::cmp::Ordering::{self, Equal, Greater, Less};
4 use crate::slice::{self, SliceIndex};
7 impl<T: ?Sized> *mut T {
8 /// Returns `true` if the pointer is null.
10 /// Note that unsized types have many possible null pointers, as only the
11 /// raw data pointer is considered, not their length, vtable, etc.
12 /// Therefore, two pointers that are null may still not compare equal to
15 /// ## Behavior during const evaluation
17 /// When this function is used during const evaluation, it may return `false` for pointers
18 /// that turn out to be null at runtime. Specifically, when a pointer to some memory
19 /// is offset beyond its bounds in such a way that the resulting pointer is null,
20 /// the function will still return `false`. There is no way for CTFE to know
21 /// the absolute position of that memory, so we cannot tell if the pointer is
29 /// let mut s = [1, 2, 3];
30 /// let ptr: *mut u32 = s.as_mut_ptr();
31 /// assert!(!ptr.is_null());
33 #[stable(feature = "rust1", since = "1.0.0")]
34 #[rustc_const_unstable(feature = "const_ptr_is_null", issue = "74939")]
36 pub const fn is_null(self) -> bool {
37 // Compare via a cast to a thin pointer, so fat pointers are only
38 // considering their "data" part for null-ness.
39 (self as *mut u8).guaranteed_eq(null_mut())
42 /// Casts to a pointer of another type.
43 #[stable(feature = "ptr_cast", since = "1.38.0")]
44 #[rustc_const_stable(feature = "const_ptr_cast", since = "1.38.0")]
46 pub const fn cast<U>(self) -> *mut U {
50 /// Decompose a (possibly wide) pointer into is address and metadata components.
52 /// The pointer can be later reconstructed with [`from_raw_parts_mut`].
53 #[cfg(not(bootstrap))]
54 #[unstable(feature = "ptr_metadata", issue = "81513")]
55 #[rustc_const_unstable(feature = "ptr_metadata", issue = "81513")]
57 pub const fn to_raw_parts(self) -> (*mut (), <T as super::Pointee>::Metadata) {
58 (self.cast(), super::metadata(self))
61 /// Returns `None` if the pointer is null, or else returns a shared reference to
62 /// the value wrapped in `Some`. If the value may be uninitialized, [`as_uninit_ref`]
63 /// must be used instead.
65 /// For the mutable counterpart see [`as_mut`].
67 /// [`as_uninit_ref`]: #method.as_uninit_ref-1
68 /// [`as_mut`]: #method.as_mut
72 /// When calling this method, you have to ensure that *either* the pointer is NULL *or*
73 /// all of the following is true:
75 /// * The pointer must be properly aligned.
77 /// * It must be "dereferencable" in the sense defined in [the module documentation].
79 /// * The pointer must point to an initialized instance of `T`.
81 /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is
82 /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data.
83 /// In particular, for the duration of this lifetime, the memory the pointer points to must
84 /// not get mutated (except inside `UnsafeCell`).
86 /// This applies even if the result of this method is unused!
87 /// (The part about being initialized is not yet fully decided, but until
88 /// it is, the only safe approach is to ensure that they are indeed initialized.)
90 /// [the module documentation]: crate::ptr#safety
97 /// let ptr: *mut u8 = &mut 10u8 as *mut u8;
100 /// if let Some(val_back) = ptr.as_ref() {
101 /// println!("We got back the value: {}!", val_back);
106 /// # Null-unchecked version
108 /// If you are sure the pointer can never be null and are looking for some kind of
109 /// `as_ref_unchecked` that returns the `&T` instead of `Option<&T>`, know that you can
110 /// dereference the pointer directly.
113 /// let ptr: *mut u8 = &mut 10u8 as *mut u8;
116 /// let val_back = &*ptr;
117 /// println!("We got back the value: {}!", val_back);
120 #[stable(feature = "ptr_as_ref", since = "1.9.0")]
122 pub unsafe fn as_ref<'a>(self) -> Option<&'a T> {
123 // SAFETY: the caller must guarantee that `self` is valid for a
124 // reference if it isn't null.
125 if self.is_null() { None } else { unsafe { Some(&*self) } }
128 /// Returns `None` if the pointer is null, or else returns a shared reference to
129 /// the value wrapped in `Some`. In contrast to [`as_ref`], this does not require
130 /// that the value has to be initialized.
132 /// For the mutable counterpart see [`as_uninit_mut`].
134 /// [`as_ref`]: #method.as_ref-1
135 /// [`as_uninit_mut`]: #method.as_uninit_mut
139 /// When calling this method, you have to ensure that *either* the pointer is NULL *or*
140 /// all of the following is true:
142 /// * The pointer must be properly aligned.
144 /// * It must be "dereferencable" in the sense defined in [the module documentation].
146 /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is
147 /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data.
148 /// In particular, for the duration of this lifetime, the memory the pointer points to must
149 /// not get mutated (except inside `UnsafeCell`).
151 /// This applies even if the result of this method is unused!
153 /// [the module documentation]: crate::ptr#safety
160 /// #![feature(ptr_as_uninit)]
162 /// let ptr: *mut u8 = &mut 10u8 as *mut u8;
165 /// if let Some(val_back) = ptr.as_uninit_ref() {
166 /// println!("We got back the value: {}!", val_back.assume_init());
171 #[unstable(feature = "ptr_as_uninit", issue = "75402")]
172 pub unsafe fn as_uninit_ref<'a>(self) -> Option<&'a MaybeUninit<T>>
176 // SAFETY: the caller must guarantee that `self` meets all the
177 // requirements for a reference.
178 if self.is_null() { None } else { Some(unsafe { &*(self as *const MaybeUninit<T>) }) }
181 /// Calculates the offset from a pointer.
183 /// `count` is in units of T; e.g., a `count` of 3 represents a pointer
184 /// offset of `3 * size_of::<T>()` bytes.
188 /// If any of the following conditions are violated, the result is Undefined
191 /// * Both the starting and resulting pointer must be either in bounds or one
192 /// byte past the end of the same allocated object. Note that in Rust,
193 /// every (stack-allocated) variable is considered a separate allocated object.
195 /// * The computed offset, **in bytes**, cannot overflow an `isize`.
197 /// * The offset being in bounds cannot rely on "wrapping around" the address
198 /// space. That is, the infinite-precision sum, **in bytes** must fit in a usize.
200 /// The compiler and standard library generally tries to ensure allocations
201 /// never reach a size where an offset is a concern. For instance, `Vec`
202 /// and `Box` ensure they never allocate more than `isize::MAX` bytes, so
203 /// `vec.as_ptr().add(vec.len())` is always safe.
205 /// Most platforms fundamentally can't even construct such an allocation.
206 /// For instance, no known 64-bit platform can ever serve a request
207 /// for 2<sup>63</sup> bytes due to page-table limitations or splitting the address space.
208 /// However, some 32-bit and 16-bit platforms may successfully serve a request for
209 /// more than `isize::MAX` bytes with things like Physical Address
210 /// Extension. As such, memory acquired directly from allocators or memory
211 /// mapped files *may* be too large to handle with this function.
213 /// Consider using [`wrapping_offset`] instead if these constraints are
214 /// difficult to satisfy. The only advantage of this method is that it
215 /// enables more aggressive compiler optimizations.
217 /// [`wrapping_offset`]: #method.wrapping_offset
224 /// let mut s = [1, 2, 3];
225 /// let ptr: *mut u32 = s.as_mut_ptr();
228 /// println!("{}", *ptr.offset(1));
229 /// println!("{}", *ptr.offset(2));
232 #[stable(feature = "rust1", since = "1.0.0")]
233 #[must_use = "returns a new pointer rather than modifying its argument"]
234 #[rustc_const_unstable(feature = "const_ptr_offset", issue = "71499")]
236 pub const unsafe fn offset(self, count: isize) -> *mut T
240 // SAFETY: the caller must uphold the safety contract for `offset`.
241 // The obtained pointer is valid for writes since the caller must
242 // guarantee that it points to the same allocated object as `self`.
243 unsafe { intrinsics::offset(self, count) as *mut T }
246 /// Calculates the offset from a pointer using wrapping arithmetic.
247 /// `count` is in units of T; e.g., a `count` of 3 represents a pointer
248 /// offset of `3 * size_of::<T>()` bytes.
252 /// This operation itself is always safe, but using the resulting pointer is not.
254 /// The resulting pointer remains attached to the same allocated object that `self` points to.
255 /// It may *not* be used to access a different allocated object. Note that in Rust, every
256 /// (stack-allocated) variable is considered a separate allocated object.
258 /// In other words, `let z = x.wrapping_offset((y as isize) - (x as isize))` does *not* make `z`
259 /// the same as `y` even if we assume `T` has size `1` and there is no overflow: `z` is still
260 /// attached to the object `x` is attached to, and dereferencing it is Undefined Behavior unless
261 /// `x` and `y` point into the same allocated object.
263 /// Compared to [`offset`], this method basically delays the requirement of staying within the
264 /// same allocated object: [`offset`] is immediate Undefined Behavior when crossing object
265 /// boundaries; `wrapping_offset` produces a pointer but still leads to Undefined Behavior if a
266 /// pointer is dereferenced when it is out-of-bounds of the object it is attached to. [`offset`]
267 /// can be optimized better and is thus preferable in performance-sensitive code.
269 /// The delayed check only considers the value of the pointer that was dereferenced, not the
270 /// intermediate values used during the computation of the final result. For example,
271 /// `x.wrapping_offset(o).wrapping_offset(o.wrapping_neg())` is always the same as `x`. In other
272 /// words, leaving the allocated object and then re-entering it later is permitted.
274 /// If you need to cross object boundaries, cast the pointer to an integer and
275 /// do the arithmetic there.
277 /// [`offset`]: #method.offset
284 /// // Iterate using a raw pointer in increments of two elements
285 /// let mut data = [1u8, 2, 3, 4, 5];
286 /// let mut ptr: *mut u8 = data.as_mut_ptr();
288 /// let end_rounded_up = ptr.wrapping_offset(6);
290 /// while ptr != end_rounded_up {
294 /// ptr = ptr.wrapping_offset(step);
296 /// assert_eq!(&data, &[0, 2, 0, 4, 0]);
298 #[stable(feature = "ptr_wrapping_offset", since = "1.16.0")]
299 #[must_use = "returns a new pointer rather than modifying its argument"]
300 #[rustc_const_unstable(feature = "const_ptr_offset", issue = "71499")]
302 pub const fn wrapping_offset(self, count: isize) -> *mut T
306 // SAFETY: the `arith_offset` intrinsic has no prerequisites to be called.
307 unsafe { intrinsics::arith_offset(self, count) as *mut T }
310 /// Returns `None` if the pointer is null, or else returns a unique reference to
311 /// the value wrapped in `Some`. If the value may be uninitialized, [`as_uninit_mut`]
312 /// must be used instead.
314 /// For the shared counterpart see [`as_ref`].
316 /// [`as_uninit_mut`]: #method.as_uninit_mut
317 /// [`as_ref`]: #method.as_ref-1
321 /// When calling this method, you have to ensure that *either* the pointer is NULL *or*
322 /// all of the following is true:
324 /// * The pointer must be properly aligned.
326 /// * It must be "dereferencable" in the sense defined in [the module documentation].
328 /// * The pointer must point to an initialized instance of `T`.
330 /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is
331 /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data.
332 /// In particular, for the duration of this lifetime, the memory the pointer points to must
333 /// not get accessed (read or written) through any other pointer.
335 /// This applies even if the result of this method is unused!
336 /// (The part about being initialized is not yet fully decided, but until
337 /// it is, the only safe approach is to ensure that they are indeed initialized.)
339 /// [the module documentation]: crate::ptr#safety
346 /// let mut s = [1, 2, 3];
347 /// let ptr: *mut u32 = s.as_mut_ptr();
348 /// let first_value = unsafe { ptr.as_mut().unwrap() };
349 /// *first_value = 4;
350 /// # assert_eq!(s, [4, 2, 3]);
351 /// println!("{:?}", s); // It'll print: "[4, 2, 3]".
354 /// # Null-unchecked version
356 /// If you are sure the pointer can never be null and are looking for some kind of
357 /// `as_mut_unchecked` that returns the `&mut T` instead of `Option<&mut T>`, know that
358 /// you can dereference the pointer directly.
361 /// let mut s = [1, 2, 3];
362 /// let ptr: *mut u32 = s.as_mut_ptr();
363 /// let first_value = unsafe { &mut *ptr };
364 /// *first_value = 4;
365 /// # assert_eq!(s, [4, 2, 3]);
366 /// println!("{:?}", s); // It'll print: "[4, 2, 3]".
368 #[stable(feature = "ptr_as_ref", since = "1.9.0")]
370 pub unsafe fn as_mut<'a>(self) -> Option<&'a mut T> {
371 // SAFETY: the caller must guarantee that `self` is be valid for
372 // a mutable reference if it isn't null.
373 if self.is_null() { None } else { unsafe { Some(&mut *self) } }
376 /// Returns `None` if the pointer is null, or else returns a unique reference to
377 /// the value wrapped in `Some`. In contrast to [`as_mut`], this does not require
378 /// that the value has to be initialized.
380 /// For the shared counterpart see [`as_uninit_ref`].
382 /// [`as_mut`]: #method.as_mut
383 /// [`as_uninit_ref`]: #method.as_uninit_ref-1
387 /// When calling this method, you have to ensure that *either* the pointer is NULL *or*
388 /// all of the following is true:
390 /// * The pointer must be properly aligned.
392 /// * It must be "dereferencable" in the sense defined in [the module documentation].
394 /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is
395 /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data.
396 /// In particular, for the duration of this lifetime, the memory the pointer points to must
397 /// not get accessed (read or written) through any other pointer.
399 /// This applies even if the result of this method is unused!
401 /// [the module documentation]: crate::ptr#safety
403 #[unstable(feature = "ptr_as_uninit", issue = "75402")]
404 pub unsafe fn as_uninit_mut<'a>(self) -> Option<&'a mut MaybeUninit<T>>
408 // SAFETY: the caller must guarantee that `self` meets all the
409 // requirements for a reference.
410 if self.is_null() { None } else { Some(unsafe { &mut *(self as *mut MaybeUninit<T>) }) }
413 /// Returns whether two pointers are guaranteed to be equal.
415 /// At runtime this function behaves like `self == other`.
416 /// However, in some contexts (e.g., compile-time evaluation),
417 /// it is not always possible to determine equality of two pointers, so this function may
418 /// spuriously return `false` for pointers that later actually turn out to be equal.
419 /// But when it returns `true`, the pointers are guaranteed to be equal.
421 /// This function is the mirror of [`guaranteed_ne`], but not its inverse. There are pointer
422 /// comparisons for which both functions return `false`.
424 /// [`guaranteed_ne`]: #method.guaranteed_ne
426 /// The return value may change depending on the compiler version and unsafe code may not
427 /// rely on the result of this function for soundness. It is suggested to only use this function
428 /// for performance optimizations where spurious `false` return values by this function do not
429 /// affect the outcome, but just the performance.
430 /// The consequences of using this method to make runtime and compile-time code behave
431 /// differently have not been explored. This method should not be used to introduce such
432 /// differences, and it should also not be stabilized before we have a better understanding
434 #[unstable(feature = "const_raw_ptr_comparison", issue = "53020")]
435 #[rustc_const_unstable(feature = "const_raw_ptr_comparison", issue = "53020")]
437 pub const fn guaranteed_eq(self, other: *mut T) -> bool
441 intrinsics::ptr_guaranteed_eq(self as *const _, other as *const _)
444 /// Returns whether two pointers are guaranteed to be unequal.
446 /// At runtime this function behaves like `self != other`.
447 /// However, in some contexts (e.g., compile-time evaluation),
448 /// it is not always possible to determine the inequality of two pointers, so this function may
449 /// spuriously return `false` for pointers that later actually turn out to be unequal.
450 /// But when it returns `true`, the pointers are guaranteed to be unequal.
452 /// This function is the mirror of [`guaranteed_eq`], but not its inverse. There are pointer
453 /// comparisons for which both functions return `false`.
455 /// [`guaranteed_eq`]: #method.guaranteed_eq
457 /// The return value may change depending on the compiler version and unsafe code may not
458 /// rely on the result of this function for soundness. It is suggested to only use this function
459 /// for performance optimizations where spurious `false` return values by this function do not
460 /// affect the outcome, but just the performance.
461 /// The consequences of using this method to make runtime and compile-time code behave
462 /// differently have not been explored. This method should not be used to introduce such
463 /// differences, and it should also not be stabilized before we have a better understanding
465 #[unstable(feature = "const_raw_ptr_comparison", issue = "53020")]
466 #[rustc_const_unstable(feature = "const_raw_ptr_comparison", issue = "53020")]
468 pub const unsafe fn guaranteed_ne(self, other: *mut T) -> bool
472 intrinsics::ptr_guaranteed_ne(self as *const _, other as *const _)
475 /// Calculates the distance between two pointers. The returned value is in
476 /// units of T: the distance in bytes is divided by `mem::size_of::<T>()`.
478 /// This function is the inverse of [`offset`].
480 /// [`offset`]: #method.offset-1
484 /// If any of the following conditions are violated, the result is Undefined
487 /// * Both the starting and other pointer must be either in bounds or one
488 /// byte past the end of the same allocated object. Note that in Rust,
489 /// every (stack-allocated) variable is considered a separate allocated object.
491 /// * Both pointers must be *derived from* a pointer to the same object.
492 /// (See below for an example.)
494 /// * The distance between the pointers, **in bytes**, cannot overflow an `isize`.
496 /// * The distance between the pointers, in bytes, must be an exact multiple
497 /// of the size of `T`.
499 /// * The distance being in bounds cannot rely on "wrapping around" the address space.
501 /// The compiler and standard library generally try to ensure allocations
502 /// never reach a size where an offset is a concern. For instance, `Vec`
503 /// and `Box` ensure they never allocate more than `isize::MAX` bytes, so
504 /// `ptr_into_vec.offset_from(vec.as_ptr())` is always safe.
506 /// Most platforms fundamentally can't even construct such an allocation.
507 /// For instance, no known 64-bit platform can ever serve a request
508 /// for 2<sup>63</sup> bytes due to page-table limitations or splitting the address space.
509 /// However, some 32-bit and 16-bit platforms may successfully serve a request for
510 /// more than `isize::MAX` bytes with things like Physical Address
511 /// Extension. As such, memory acquired directly from allocators or memory
512 /// mapped files *may* be too large to handle with this function.
516 /// This function panics if `T` is a Zero-Sized Type ("ZST").
523 /// let mut a = [0; 5];
524 /// let ptr1: *mut i32 = &mut a[1];
525 /// let ptr2: *mut i32 = &mut a[3];
527 /// assert_eq!(ptr2.offset_from(ptr1), 2);
528 /// assert_eq!(ptr1.offset_from(ptr2), -2);
529 /// assert_eq!(ptr1.offset(2), ptr2);
530 /// assert_eq!(ptr2.offset(-2), ptr1);
534 /// *Incorrect* usage:
537 /// let ptr1 = Box::into_raw(Box::new(0u8));
538 /// let ptr2 = Box::into_raw(Box::new(1u8));
539 /// let diff = (ptr2 as isize).wrapping_sub(ptr1 as isize);
540 /// // Make ptr2_other an "alias" of ptr2, but derived from ptr1.
541 /// let ptr2_other = (ptr1 as *mut u8).wrapping_offset(diff);
542 /// assert_eq!(ptr2 as usize, ptr2_other as usize);
543 /// // Since ptr2_other and ptr2 are derived from pointers to different objects,
544 /// // computing their offset is undefined behavior, even though
545 /// // they point to the same address!
547 /// let zero = ptr2_other.offset_from(ptr2); // Undefined Behavior
550 #[stable(feature = "ptr_offset_from", since = "1.47.0")]
551 #[rustc_const_unstable(feature = "const_ptr_offset_from", issue = "41079")]
553 pub const unsafe fn offset_from(self, origin: *const T) -> isize
557 // SAFETY: the caller must uphold the safety contract for `offset_from`.
558 unsafe { (self as *const T).offset_from(origin) }
561 /// Calculates the offset from a pointer (convenience for `.offset(count as isize)`).
563 /// `count` is in units of T; e.g., a `count` of 3 represents a pointer
564 /// offset of `3 * size_of::<T>()` bytes.
568 /// If any of the following conditions are violated, the result is Undefined
571 /// * Both the starting and resulting pointer must be either in bounds or one
572 /// byte past the end of the same allocated object. Note that in Rust,
573 /// every (stack-allocated) variable is considered a separate allocated object.
575 /// * The computed offset, **in bytes**, cannot overflow an `isize`.
577 /// * The offset being in bounds cannot rely on "wrapping around" the address
578 /// space. That is, the infinite-precision sum must fit in a `usize`.
580 /// The compiler and standard library generally tries to ensure allocations
581 /// never reach a size where an offset is a concern. For instance, `Vec`
582 /// and `Box` ensure they never allocate more than `isize::MAX` bytes, so
583 /// `vec.as_ptr().add(vec.len())` is always safe.
585 /// Most platforms fundamentally can't even construct such an allocation.
586 /// For instance, no known 64-bit platform can ever serve a request
587 /// for 2<sup>63</sup> bytes due to page-table limitations or splitting the address space.
588 /// However, some 32-bit and 16-bit platforms may successfully serve a request for
589 /// more than `isize::MAX` bytes with things like Physical Address
590 /// Extension. As such, memory acquired directly from allocators or memory
591 /// mapped files *may* be too large to handle with this function.
593 /// Consider using [`wrapping_add`] instead if these constraints are
594 /// difficult to satisfy. The only advantage of this method is that it
595 /// enables more aggressive compiler optimizations.
597 /// [`wrapping_add`]: #method.wrapping_add
604 /// let s: &str = "123";
605 /// let ptr: *const u8 = s.as_ptr();
608 /// println!("{}", *ptr.add(1) as char);
609 /// println!("{}", *ptr.add(2) as char);
612 #[stable(feature = "pointer_methods", since = "1.26.0")]
613 #[must_use = "returns a new pointer rather than modifying its argument"]
614 #[rustc_const_unstable(feature = "const_ptr_offset", issue = "71499")]
616 pub const unsafe fn add(self, count: usize) -> Self
620 // SAFETY: the caller must uphold the safety contract for `offset`.
621 unsafe { self.offset(count as isize) }
624 /// Calculates the offset from a pointer (convenience for
625 /// `.offset((count as isize).wrapping_neg())`).
627 /// `count` is in units of T; e.g., a `count` of 3 represents a pointer
628 /// offset of `3 * size_of::<T>()` bytes.
632 /// If any of the following conditions are violated, the result is Undefined
635 /// * Both the starting and resulting pointer must be either in bounds or one
636 /// byte past the end of the same allocated object. Note that in Rust,
637 /// every (stack-allocated) variable is considered a separate allocated object.
639 /// * The computed offset cannot exceed `isize::MAX` **bytes**.
641 /// * The offset being in bounds cannot rely on "wrapping around" the address
642 /// space. That is, the infinite-precision sum must fit in a usize.
644 /// The compiler and standard library generally tries to ensure allocations
645 /// never reach a size where an offset is a concern. For instance, `Vec`
646 /// and `Box` ensure they never allocate more than `isize::MAX` bytes, so
647 /// `vec.as_ptr().add(vec.len()).sub(vec.len())` is always safe.
649 /// Most platforms fundamentally can't even construct such an allocation.
650 /// For instance, no known 64-bit platform can ever serve a request
651 /// for 2<sup>63</sup> bytes due to page-table limitations or splitting the address space.
652 /// However, some 32-bit and 16-bit platforms may successfully serve a request for
653 /// more than `isize::MAX` bytes with things like Physical Address
654 /// Extension. As such, memory acquired directly from allocators or memory
655 /// mapped files *may* be too large to handle with this function.
657 /// Consider using [`wrapping_sub`] instead if these constraints are
658 /// difficult to satisfy. The only advantage of this method is that it
659 /// enables more aggressive compiler optimizations.
661 /// [`wrapping_sub`]: #method.wrapping_sub
668 /// let s: &str = "123";
671 /// let end: *const u8 = s.as_ptr().add(3);
672 /// println!("{}", *end.sub(1) as char);
673 /// println!("{}", *end.sub(2) as char);
676 #[stable(feature = "pointer_methods", since = "1.26.0")]
677 #[must_use = "returns a new pointer rather than modifying its argument"]
678 #[rustc_const_unstable(feature = "const_ptr_offset", issue = "71499")]
680 pub const unsafe fn sub(self, count: usize) -> Self
684 // SAFETY: the caller must uphold the safety contract for `offset`.
685 unsafe { self.offset((count as isize).wrapping_neg()) }
688 /// Calculates the offset from a pointer using wrapping arithmetic.
689 /// (convenience for `.wrapping_offset(count as isize)`)
691 /// `count` is in units of T; e.g., a `count` of 3 represents a pointer
692 /// offset of `3 * size_of::<T>()` bytes.
696 /// This operation itself is always safe, but using the resulting pointer is not.
698 /// The resulting pointer remains attached to the same allocated object that `self` points to.
699 /// It may *not* be used to access a different allocated object. Note that in Rust, every
700 /// (stack-allocated) variable is considered a separate allocated object.
702 /// In other words, `let z = x.wrapping_add((y as usize) - (x as usize))` does *not* make `z`
703 /// the same as `y` even if we assume `T` has size `1` and there is no overflow: `z` is still
704 /// attached to the object `x` is attached to, and dereferencing it is Undefined Behavior unless
705 /// `x` and `y` point into the same allocated object.
707 /// Compared to [`add`], this method basically delays the requirement of staying within the
708 /// same allocated object: [`add`] is immediate Undefined Behavior when crossing object
709 /// boundaries; `wrapping_add` produces a pointer but still leads to Undefined Behavior if a
710 /// pointer is dereferenced when it is out-of-bounds of the object it is attached to. [`add`]
711 /// can be optimized better and is thus preferable in performance-sensitive code.
713 /// The delayed check only considers the value of the pointer that was dereferenced, not the
714 /// intermediate values used during the computation of the final result. For example,
715 /// `x.wrapping_add(o).wrapping_sub(o)` is always the same as `x`. In other words, leaving the
716 /// allocated object and then re-entering it later is permitted.
718 /// If you need to cross object boundaries, cast the pointer to an integer and
719 /// do the arithmetic there.
721 /// [`add`]: #method.add
728 /// // Iterate using a raw pointer in increments of two elements
729 /// let data = [1u8, 2, 3, 4, 5];
730 /// let mut ptr: *const u8 = data.as_ptr();
732 /// let end_rounded_up = ptr.wrapping_add(6);
734 /// // This loop prints "1, 3, 5, "
735 /// while ptr != end_rounded_up {
737 /// print!("{}, ", *ptr);
739 /// ptr = ptr.wrapping_add(step);
742 #[stable(feature = "pointer_methods", since = "1.26.0")]
743 #[must_use = "returns a new pointer rather than modifying its argument"]
744 #[rustc_const_unstable(feature = "const_ptr_offset", issue = "71499")]
746 pub const fn wrapping_add(self, count: usize) -> Self
750 self.wrapping_offset(count as isize)
753 /// Calculates the offset from a pointer using wrapping arithmetic.
754 /// (convenience for `.wrapping_offset((count as isize).wrapping_neg())`)
756 /// `count` is in units of T; e.g., a `count` of 3 represents a pointer
757 /// offset of `3 * size_of::<T>()` bytes.
761 /// This operation itself is always safe, but using the resulting pointer is not.
763 /// The resulting pointer remains attached to the same allocated object that `self` points to.
764 /// It may *not* be used to access a different allocated object. Note that in Rust, every
765 /// (stack-allocated) variable is considered a separate allocated object.
767 /// In other words, `let z = x.wrapping_sub((x as usize) - (y as usize))` does *not* make `z`
768 /// the same as `y` even if we assume `T` has size `1` and there is no overflow: `z` is still
769 /// attached to the object `x` is attached to, and dereferencing it is Undefined Behavior unless
770 /// `x` and `y` point into the same allocated object.
772 /// Compared to [`sub`], this method basically delays the requirement of staying within the
773 /// same allocated object: [`sub`] is immediate Undefined Behavior when crossing object
774 /// boundaries; `wrapping_sub` produces a pointer but still leads to Undefined Behavior if a
775 /// pointer is dereferenced when it is out-of-bounds of the object it is attached to. [`sub`]
776 /// can be optimized better and is thus preferable in performance-sensitive code.
778 /// The delayed check only considers the value of the pointer that was dereferenced, not the
779 /// intermediate values used during the computation of the final result. For example,
780 /// `x.wrapping_add(o).wrapping_sub(o)` is always the same as `x`. In other words, leaving the
781 /// allocated object and then re-entering it later is permitted.
783 /// If you need to cross object boundaries, cast the pointer to an integer and
784 /// do the arithmetic there.
786 /// [`sub`]: #method.sub
793 /// // Iterate using a raw pointer in increments of two elements (backwards)
794 /// let data = [1u8, 2, 3, 4, 5];
795 /// let mut ptr: *const u8 = data.as_ptr();
796 /// let start_rounded_down = ptr.wrapping_sub(2);
797 /// ptr = ptr.wrapping_add(4);
799 /// // This loop prints "5, 3, 1, "
800 /// while ptr != start_rounded_down {
802 /// print!("{}, ", *ptr);
804 /// ptr = ptr.wrapping_sub(step);
807 #[stable(feature = "pointer_methods", since = "1.26.0")]
808 #[must_use = "returns a new pointer rather than modifying its argument"]
809 #[rustc_const_unstable(feature = "const_ptr_offset", issue = "71499")]
811 pub const fn wrapping_sub(self, count: usize) -> Self
815 self.wrapping_offset((count as isize).wrapping_neg())
818 /// Sets the pointer value to `ptr`.
820 /// In case `self` is a (fat) pointer to an unsized type, this operation
821 /// will only affect the pointer part, whereas for (thin) pointers to
822 /// sized types, this has the same effect as a simple assignment.
824 /// The resulting pointer will have provenance of `val`, i.e., for a fat
825 /// pointer, this operation is semantically the same as creating a new
826 /// fat pointer with the data pointer value of `val` but the metadata of
831 /// This function is primarily useful for allowing byte-wise pointer
832 /// arithmetic on potentially fat pointers:
835 /// #![feature(set_ptr_value)]
836 /// # use core::fmt::Debug;
837 /// let mut arr: [i32; 3] = [1, 2, 3];
838 /// let mut ptr = &mut arr[0] as *mut dyn Debug;
839 /// let thin = ptr as *mut u8;
841 /// ptr = ptr.set_ptr_value(thin.add(8));
842 /// # assert_eq!(*(ptr as *mut i32), 3);
843 /// println!("{:?}", &*ptr); // will print "3"
846 #[unstable(feature = "set_ptr_value", issue = "75091")]
847 #[must_use = "returns a new pointer rather than modifying its argument"]
849 pub fn set_ptr_value(mut self, val: *mut u8) -> Self {
850 let thin = &mut self as *mut *mut T as *mut *mut u8;
851 // SAFETY: In case of a thin pointer, this operations is identical
852 // to a simple assignment. In case of a fat pointer, with the current
853 // fat pointer layout implementation, the first field of such a
854 // pointer is always the data pointer, which is likewise assigned.
855 unsafe { *thin = val };
859 /// Reads the value from `self` without moving it. This leaves the
860 /// memory in `self` unchanged.
862 /// See [`ptr::read`] for safety concerns and examples.
864 /// [`ptr::read`]: crate::ptr::read()
865 #[stable(feature = "pointer_methods", since = "1.26.0")]
866 #[rustc_const_unstable(feature = "const_ptr_read", issue = "80377")]
868 pub const unsafe fn read(self) -> T
872 // SAFETY: the caller must uphold the safety contract for ``.
873 unsafe { read(self) }
876 /// Performs a volatile read of the value from `self` without moving it. This
877 /// leaves the memory in `self` unchanged.
879 /// Volatile operations are intended to act on I/O memory, and are guaranteed
880 /// to not be elided or reordered by the compiler across other volatile
883 /// See [`ptr::read_volatile`] for safety concerns and examples.
885 /// [`ptr::read_volatile`]: crate::ptr::read_volatile()
886 #[stable(feature = "pointer_methods", since = "1.26.0")]
888 pub unsafe fn read_volatile(self) -> T
892 // SAFETY: the caller must uphold the safety contract for `read_volatile`.
893 unsafe { read_volatile(self) }
896 /// Reads the value from `self` without moving it. This leaves the
897 /// memory in `self` unchanged.
899 /// Unlike `read`, the pointer may be unaligned.
901 /// See [`ptr::read_unaligned`] for safety concerns and examples.
903 /// [`ptr::read_unaligned`]: crate::ptr::read_unaligned()
904 #[stable(feature = "pointer_methods", since = "1.26.0")]
905 #[rustc_const_unstable(feature = "const_ptr_read", issue = "80377")]
907 pub const unsafe fn read_unaligned(self) -> T
911 // SAFETY: the caller must uphold the safety contract for `read_unaligned`.
912 unsafe { read_unaligned(self) }
915 /// Copies `count * size_of<T>` bytes from `self` to `dest`. The source
916 /// and destination may overlap.
918 /// NOTE: this has the *same* argument order as [`ptr::copy`].
920 /// See [`ptr::copy`] for safety concerns and examples.
922 /// [`ptr::copy`]: crate::ptr::copy()
923 #[stable(feature = "pointer_methods", since = "1.26.0")]
925 pub unsafe fn copy_to(self, dest: *mut T, count: usize)
929 // SAFETY: the caller must uphold the safety contract for `copy`.
930 unsafe { copy(self, dest, count) }
933 /// Copies `count * size_of<T>` bytes from `self` to `dest`. The source
934 /// and destination may *not* overlap.
936 /// NOTE: this has the *same* argument order as [`ptr::copy_nonoverlapping`].
938 /// See [`ptr::copy_nonoverlapping`] for safety concerns and examples.
940 /// [`ptr::copy_nonoverlapping`]: crate::ptr::copy_nonoverlapping()
941 #[stable(feature = "pointer_methods", since = "1.26.0")]
943 pub unsafe fn copy_to_nonoverlapping(self, dest: *mut T, count: usize)
947 // SAFETY: the caller must uphold the safety contract for `copy_nonoverlapping`.
948 unsafe { copy_nonoverlapping(self, dest, count) }
951 /// Copies `count * size_of<T>` bytes from `src` to `self`. The source
952 /// and destination may overlap.
954 /// NOTE: this has the *opposite* argument order of [`ptr::copy`].
956 /// See [`ptr::copy`] for safety concerns and examples.
958 /// [`ptr::copy`]: crate::ptr::copy()
959 #[stable(feature = "pointer_methods", since = "1.26.0")]
961 pub unsafe fn copy_from(self, src: *const T, count: usize)
965 // SAFETY: the caller must uphold the safety contract for `copy`.
966 unsafe { copy(src, self, count) }
969 /// Copies `count * size_of<T>` bytes from `src` to `self`. The source
970 /// and destination may *not* overlap.
972 /// NOTE: this has the *opposite* argument order of [`ptr::copy_nonoverlapping`].
974 /// See [`ptr::copy_nonoverlapping`] for safety concerns and examples.
976 /// [`ptr::copy_nonoverlapping`]: crate::ptr::copy_nonoverlapping()
977 #[stable(feature = "pointer_methods", since = "1.26.0")]
979 pub unsafe fn copy_from_nonoverlapping(self, src: *const T, count: usize)
983 // SAFETY: the caller must uphold the safety contract for `copy_nonoverlapping`.
984 unsafe { copy_nonoverlapping(src, self, count) }
987 /// Executes the destructor (if any) of the pointed-to value.
989 /// See [`ptr::drop_in_place`] for safety concerns and examples.
991 /// [`ptr::drop_in_place`]: crate::ptr::drop_in_place()
992 #[stable(feature = "pointer_methods", since = "1.26.0")]
994 pub unsafe fn drop_in_place(self) {
995 // SAFETY: the caller must uphold the safety contract for `drop_in_place`.
996 unsafe { drop_in_place(self) }
999 /// Overwrites a memory location with the given value without reading or
1000 /// dropping the old value.
1002 /// See [`ptr::write`] for safety concerns and examples.
1004 /// [`ptr::write`]: crate::ptr::write()
1005 #[stable(feature = "pointer_methods", since = "1.26.0")]
1007 pub unsafe fn write(self, val: T)
1011 // SAFETY: the caller must uphold the safety contract for `write`.
1012 unsafe { write(self, val) }
1015 /// Invokes memset on the specified pointer, setting `count * size_of::<T>()`
1016 /// bytes of memory starting at `self` to `val`.
1018 /// See [`ptr::write_bytes`] for safety concerns and examples.
1020 /// [`ptr::write_bytes`]: crate::ptr::write_bytes()
1021 #[stable(feature = "pointer_methods", since = "1.26.0")]
1023 pub unsafe fn write_bytes(self, val: u8, count: usize)
1027 // SAFETY: the caller must uphold the safety contract for `write_bytes`.
1028 unsafe { write_bytes(self, val, count) }
1031 /// Performs a volatile write of a memory location with the given value without
1032 /// reading or dropping the old value.
1034 /// Volatile operations are intended to act on I/O memory, and are guaranteed
1035 /// to not be elided or reordered by the compiler across other volatile
1038 /// See [`ptr::write_volatile`] for safety concerns and examples.
1040 /// [`ptr::write_volatile`]: crate::ptr::write_volatile()
1041 #[stable(feature = "pointer_methods", since = "1.26.0")]
1043 pub unsafe fn write_volatile(self, val: T)
1047 // SAFETY: the caller must uphold the safety contract for `write_volatile`.
1048 unsafe { write_volatile(self, val) }
1051 /// Overwrites a memory location with the given value without reading or
1052 /// dropping the old value.
1054 /// Unlike `write`, the pointer may be unaligned.
1056 /// See [`ptr::write_unaligned`] for safety concerns and examples.
1058 /// [`ptr::write_unaligned`]: crate::ptr::write_unaligned()
1059 #[stable(feature = "pointer_methods", since = "1.26.0")]
1061 pub unsafe fn write_unaligned(self, val: T)
1065 // SAFETY: the caller must uphold the safety contract for `write_unaligned`.
1066 unsafe { write_unaligned(self, val) }
1069 /// Replaces the value at `self` with `src`, returning the old
1070 /// value, without dropping either.
1072 /// See [`ptr::replace`] for safety concerns and examples.
1074 /// [`ptr::replace`]: crate::ptr::replace()
1075 #[stable(feature = "pointer_methods", since = "1.26.0")]
1077 pub unsafe fn replace(self, src: T) -> T
1081 // SAFETY: the caller must uphold the safety contract for `replace`.
1082 unsafe { replace(self, src) }
1085 /// Swaps the values at two mutable locations of the same type, without
1086 /// deinitializing either. They may overlap, unlike `mem::swap` which is
1087 /// otherwise equivalent.
1089 /// See [`ptr::swap`] for safety concerns and examples.
1091 /// [`ptr::swap`]: crate::ptr::swap()
1092 #[stable(feature = "pointer_methods", since = "1.26.0")]
1094 pub unsafe fn swap(self, with: *mut T)
1098 // SAFETY: the caller must uphold the safety contract for `swap`.
1099 unsafe { swap(self, with) }
1102 /// Computes the offset that needs to be applied to the pointer in order to make it aligned to
1105 /// If it is not possible to align the pointer, the implementation returns
1106 /// `usize::MAX`. It is permissible for the implementation to *always*
1107 /// return `usize::MAX`. Only your algorithm's performance can depend
1108 /// on getting a usable offset here, not its correctness.
1110 /// The offset is expressed in number of `T` elements, and not bytes. The value returned can be
1111 /// used with the `wrapping_add` method.
1113 /// There are no guarantees whatsoever that offsetting the pointer will not overflow or go
1114 /// beyond the allocation that the pointer points into. It is up to the caller to ensure that
1115 /// the returned offset is correct in all terms other than alignment.
1119 /// The function panics if `align` is not a power-of-two.
1123 /// Accessing adjacent `u8` as `u16`
1126 /// # fn foo(n: usize) {
1127 /// # use std::mem::align_of;
1129 /// let x = [5u8, 6u8, 7u8, 8u8, 9u8];
1130 /// let ptr = x.as_ptr().add(n) as *const u8;
1131 /// let offset = ptr.align_offset(align_of::<u16>());
1132 /// if offset < x.len() - n - 1 {
1133 /// let u16_ptr = ptr.add(offset) as *const u16;
1134 /// assert_ne!(*u16_ptr, 500);
1136 /// // while the pointer can be aligned via `offset`, it would point
1137 /// // outside the allocation
1141 #[stable(feature = "align_offset", since = "1.36.0")]
1142 pub fn align_offset(self, align: usize) -> usize
1146 if !align.is_power_of_two() {
1147 panic!("align_offset: align is not a power-of-two");
1149 // SAFETY: `align` has been checked to be a power of 2 above
1150 unsafe { align_offset(self, align) }
1154 #[lang = "mut_slice_ptr"]
1156 /// Returns the length of a raw slice.
1158 /// The returned value is the number of **elements**, not the number of bytes.
1160 /// This function is safe, even when the raw slice cannot be cast to a slice
1161 /// reference because the pointer is null or unaligned.
1166 /// #![feature(slice_ptr_len)]
1169 /// let slice: *mut [i8] = ptr::slice_from_raw_parts_mut(ptr::null_mut(), 3);
1170 /// assert_eq!(slice.len(), 3);
1173 #[unstable(feature = "slice_ptr_len", issue = "71146")]
1174 #[rustc_const_unstable(feature = "const_slice_ptr_len", issue = "71146")]
1175 pub const fn len(self) -> usize {
1178 // SAFETY: this is safe because `*const [T]` and `FatPtr<T>` have the same layout.
1179 // Only `std` can make this guarantee.
1180 unsafe { Repr { rust_mut: self }.raw }.len
1182 #[cfg(not(bootstrap))]
1186 /// Returns a raw pointer to the slice's buffer.
1188 /// This is equivalent to casting `self` to `*mut T`, but more type-safe.
1193 /// #![feature(slice_ptr_get)]
1196 /// let slice: *mut [i8] = ptr::slice_from_raw_parts_mut(ptr::null_mut(), 3);
1197 /// assert_eq!(slice.as_mut_ptr(), 0 as *mut i8);
1200 #[unstable(feature = "slice_ptr_get", issue = "74265")]
1201 #[rustc_const_unstable(feature = "slice_ptr_get", issue = "74265")]
1202 pub const fn as_mut_ptr(self) -> *mut T {
1206 /// Returns a raw pointer to an element or subslice, without doing bounds
1209 /// Calling this method with an out-of-bounds index or when `self` is not dereferencable
1210 /// is *[undefined behavior]* even if the resulting pointer is not used.
1212 /// [undefined behavior]: https://doc.rust-lang.org/reference/behavior-considered-undefined.html
1217 /// #![feature(slice_ptr_get)]
1219 /// let x = &mut [1, 2, 4] as *mut [i32];
1222 /// assert_eq!(x.get_unchecked_mut(1), x.as_mut_ptr().add(1));
1225 #[unstable(feature = "slice_ptr_get", issue = "74265")]
1227 pub unsafe fn get_unchecked_mut<I>(self, index: I) -> *mut I::Output
1231 // SAFETY: the caller ensures that `self` is dereferencable and `index` in-bounds.
1232 unsafe { index.get_unchecked_mut(self) }
1235 /// Returns `None` if the pointer is null, or else returns a shared slice to
1236 /// the value wrapped in `Some`. In contrast to [`as_ref`], this does not require
1237 /// that the value has to be initialized.
1239 /// For the mutable counterpart see [`as_uninit_slice_mut`].
1241 /// [`as_ref`]: #method.as_ref-1
1242 /// [`as_uninit_slice_mut`]: #method.as_uninit_slice_mut
1246 /// When calling this method, you have to ensure that *either* the pointer is NULL *or*
1247 /// all of the following is true:
1249 /// * The pointer must be [valid] for reads for `ptr.len() * mem::size_of::<T>()` many bytes,
1250 /// and it must be properly aligned. This means in particular:
1252 /// * The entire memory range of this slice must be contained within a single allocated object!
1253 /// Slices can never span across multiple allocated objects.
1255 /// * The pointer must be aligned even for zero-length slices. One
1256 /// reason for this is that enum layout optimizations may rely on references
1257 /// (including slices of any length) being aligned and non-null to distinguish
1258 /// them from other data. You can obtain a pointer that is usable as `data`
1259 /// for zero-length slices using [`NonNull::dangling()`].
1261 /// * The total size `ptr.len() * mem::size_of::<T>()` of the slice must be no larger than `isize::MAX`.
1262 /// See the safety documentation of [`pointer::offset`].
1264 /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is
1265 /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data.
1266 /// In particular, for the duration of this lifetime, the memory the pointer points to must
1267 /// not get mutated (except inside `UnsafeCell`).
1269 /// This applies even if the result of this method is unused!
1271 /// See also [`slice::from_raw_parts`][].
1273 /// [valid]: crate::ptr#safety
1274 /// [`NonNull::dangling()`]: NonNull::dangling
1275 /// [`pointer::offset`]: ../std/primitive.pointer.html#method.offset
1277 #[unstable(feature = "ptr_as_uninit", issue = "75402")]
1278 pub unsafe fn as_uninit_slice<'a>(self) -> Option<&'a [MaybeUninit<T>]> {
1282 // SAFETY: the caller must uphold the safety contract for `as_uninit_slice`.
1283 Some(unsafe { slice::from_raw_parts(self as *const MaybeUninit<T>, self.len()) })
1287 /// Returns `None` if the pointer is null, or else returns a unique slice to
1288 /// the value wrapped in `Some`. In contrast to [`as_mut`], this does not require
1289 /// that the value has to be initialized.
1291 /// For the shared counterpart see [`as_uninit_slice`].
1293 /// [`as_mut`]: #method.as_mut
1294 /// [`as_uninit_slice`]: #method.as_uninit_slice-1
1298 /// When calling this method, you have to ensure that *either* the pointer is NULL *or*
1299 /// all of the following is true:
1301 /// * The pointer must be [valid] for reads and writes for `ptr.len() * mem::size_of::<T>()`
1302 /// many bytes, and it must be properly aligned. This means in particular:
1304 /// * The entire memory range of this slice must be contained within a single allocated object!
1305 /// Slices can never span across multiple allocated objects.
1307 /// * The pointer must be aligned even for zero-length slices. One
1308 /// reason for this is that enum layout optimizations may rely on references
1309 /// (including slices of any length) being aligned and non-null to distinguish
1310 /// them from other data. You can obtain a pointer that is usable as `data`
1311 /// for zero-length slices using [`NonNull::dangling()`].
1313 /// * The total size `ptr.len() * mem::size_of::<T>()` of the slice must be no larger than `isize::MAX`.
1314 /// See the safety documentation of [`pointer::offset`].
1316 /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is
1317 /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data.
1318 /// In particular, for the duration of this lifetime, the memory the pointer points to must
1319 /// not get accessed (read or written) through any other pointer.
1321 /// This applies even if the result of this method is unused!
1323 /// See also [`slice::from_raw_parts_mut`][].
1325 /// [valid]: crate::ptr#safety
1326 /// [`NonNull::dangling()`]: NonNull::dangling
1327 /// [`pointer::offset`]: ../std/primitive.pointer.html#method.offset
1329 #[unstable(feature = "ptr_as_uninit", issue = "75402")]
1330 pub unsafe fn as_uninit_slice_mut<'a>(self) -> Option<&'a mut [MaybeUninit<T>]> {
1334 // SAFETY: the caller must uphold the safety contract for `as_uninit_slice_mut`.
1335 Some(unsafe { slice::from_raw_parts_mut(self as *mut MaybeUninit<T>, self.len()) })
1340 // Equality for pointers
1341 #[stable(feature = "rust1", since = "1.0.0")]
1342 impl<T: ?Sized> PartialEq for *mut T {
1344 fn eq(&self, other: &*mut T) -> bool {
1349 #[stable(feature = "rust1", since = "1.0.0")]
1350 impl<T: ?Sized> Eq for *mut T {}
1352 #[stable(feature = "rust1", since = "1.0.0")]
1353 impl<T: ?Sized> Ord for *mut T {
1355 fn cmp(&self, other: &*mut T) -> Ordering {
1358 } else if self == other {
1366 #[stable(feature = "rust1", since = "1.0.0")]
1367 impl<T: ?Sized> PartialOrd for *mut T {
1369 fn partial_cmp(&self, other: &*mut T) -> Option<Ordering> {
1370 Some(self.cmp(other))
1374 fn lt(&self, other: &*mut T) -> bool {
1379 fn le(&self, other: &*mut T) -> bool {
1384 fn gt(&self, other: &*mut T) -> bool {
1389 fn ge(&self, other: &*mut T) -> bool {