Improve #Safety in various methods in core::ptr

[rust.git] / src / libcore / ptr / mod.rs

diff --git a/src/libcore/ptr/mod.rs b/src/libcore/ptr/mod.rs
index 7faede44020310e3cb32ed541981b363cea3036b..7fb2d4f0399293b62f15e01872ad7b6cbc99f2d6 100644 (file)
--- a/src/libcore/ptr/mod.rs
+++ b/src/libcore/ptr/mod.rs
@@ -475,6 +475,8 @@ unsafe fn swap_nonoverlapping_bytes(x: *mut u8, y: *mut u8, len: usize) {
 ///
 /// * `dst` must be properly aligned.
 ///
+/// * `dst` must point to a properly initialized value of type `T`.
+///
 /// Note that even if `T` has size `0`, the pointer must be non-NULL and properly aligned.
 ///
 /// [valid]: ../ptr/index.html#safety
@@ -514,6 +516,8 @@ pub unsafe fn replace<T>(dst: *mut T, mut src: T) -> T {
 /// * `src` must be properly aligned. Use [`read_unaligned`] if this is not the
 ///   case.
 ///
+/// * `src` must point to a properly initialized value of type `T`.
+///
 /// Note that even if `T` has size `0`, the pointer must be non-NULL and properly aligned.
 ///
 /// # Examples
@@ -628,6 +632,8 @@ pub unsafe fn read<T>(src: *const T) -> T {
 ///
 /// * `src` must be [valid] for reads.
 ///
+/// * `src` must point to a properly initialized value of type `T`.
+///
 /// Like [`read`], `read_unaligned` creates a bitwise copy of `T`, regardless of
 /// whether `T` is [`Copy`]. If `T` is not [`Copy`], using both the returned
 /// value and the value at `*src` can [violate memory safety][read-ownership].
@@ -922,6 +928,8 @@ pub unsafe fn write_unaligned<T>(dst: *mut T, src: T) {
 ///
 /// * `src` must be properly aligned.
 ///
+/// * `src` must point to a properly initialized value of type `T`.
+///
 /// Like [`read`], `read_volatile` creates a bitwise copy of `T`, regardless of
 /// whether `T` is [`Copy`]. If `T` is not [`Copy`], using both the returned
 /// value and the value at `*src` can [violate memory safety][read-ownership].