Redefine range validity

Uses `x.offset(i)` must be valid for all `i` in `0..count`.

diff --git a/src/libcore/intrinsics.rs b/src/libcore/intrinsics.rs
index ba16715a6b88f54d67de9b749a368e08680d5719..43dcc180b862327ec6d86270a7fd0757345b4935 100644 (file)
--- a/src/libcore/intrinsics.rs
+++ b/src/libcore/intrinsics.rs
@@ -976,17 +976,17 @@
     ///
     /// Behavior is undefined if any of the following conditions are violated:
     ///
-    /// * Both `src` and `dst` must be [valid].
-    ///
     /// * Both `src` and `dst` must be properly aligned.
     ///
-    /// * `src.offset(count-1)` must be [valid]. In other words, the region of
-    ///   memory which begins at `src` and has a length of `count *
-    ///   size_of::<T>()` bytes must belong to a single, live allocation.
+    /// * `src.offset(i)` must be [valid] for all `i` in `0..count`. In other
+    ///   words, the region of memory which begins at `src` and has a length of
+    ///   `count * size_of::<T>()` bytes must belong to a single, live
+    ///   allocation.
     ///
-    /// * `dst.offset(count-1)` must be [valid]. In other words, the region of
-    ///   memory which begins at `dst` and has a length of `count *
-    ///   size_of::<T>()` bytes must belong to a single, live allocation.
+    /// * `dst.offset(i)` must be [valid] for all `i` in `0..count`. In other
+    ///   words, the region of memory which begins at `dst` and has a length of
+    ///   `count * size_of::<T>()` bytes must belong to a single, live
+    ///   allocation.
     ///
     /// * The two regions of memory must *not* overlap.
     ///
@@ -1064,17 +1064,17 @@
     ///
     /// Behavior is undefined if any of the following conditions are violated:
     ///
-    /// * Both `src` and `dst` must be [valid].
-    ///
     /// * Both `src` and `dst` must be properly aligned.
     ///
-    /// * `src.offset(count-1)` must be [valid]. In other words, the region of
-    ///   memory which begins at `src` and has a length of `count *
-    ///   size_of::<T>()` bytes must belong to a single, live allocation.
+    /// * `src.offset(i)` must be [valid] for all `i` in `0..count`. In other
+    ///   words, the region of memory which begins at `src` and has a length of
+    ///   `count * size_of::<T>()` bytes must belong to a single, live
+    ///   allocation.
     ///
-    /// * `dst.offset(count-1)` must be [valid]. In other words, the region of
-    ///   memory which begins at `dst` and has a length of `count *
-    ///   size_of::<T>()` bytes must belong to a single, live allocation.
+    /// * `dst.offset(i)` must be [valid] for all `i` in `0..count`. In other
+    ///   words, the region of memory which begins at `dst` and has a length of
+    ///   `count * size_of::<T>()` bytes must belong to a single, live
+    ///   allocation.
     ///
     /// Like [`read`], `copy` creates a bitwise copy of `T`, regardless of
     /// whether `T` is [`Copy`].  If `T` is not [`Copy`], using both the values
@@ -1116,14 +1116,13 @@
     ///
     /// Behavior is undefined if any of the following conditions are violated:
     ///
-    /// * `dst` must be [valid].
-    ///
-    /// * `dst.offset(count-1)` must be [valid]. In other words, the region of
-    ///   memory which begins at `dst` and has a length of `count *
-    ///   size_of::<T>()` bytes must belong to a single, live allocation.
-    ///
     /// * `dst` must be properly aligned.
     ///
+    /// * `dst.offset(i)` must be [valid] for all `i` in `0..count`. In other
+    ///   words, the region of memory which begins at `dst` and has a length of
+    ///   `count * size_of::<T>()` bytes must belong to a single, live
+    ///   allocation.
+    ///
     /// Additionally, the caller must ensure that writing `count *
     /// size_of::<T>()` bytes to the given region of memory results in a valid
     /// value of `T`. Creating an invalid value of `T` can result in undefined

diff --git a/src/libcore/ptr.rs b/src/libcore/ptr.rs
index dd27bc715fa9068c2b738f9829bc228aa4d9bf9e..7cbb4462d06d856de49ef5598b4e5b8a42c1ee64 100644 (file)
--- a/src/libcore/ptr.rs
+++ b/src/libcore/ptr.rs
@@ -240,17 +240,15 @@ pub unsafe fn swap<T>(x: *mut T, y: *mut T) {
 ///
 /// Behavior is undefined if any of the following conditions are violated:
 ///
-/// * Both `x` and `y` must be [valid].
-///
 /// * Both `x` and `y` must be properly aligned.
 ///
-/// * `x.offset(count-1)` must be [valid]. In other words, the region of memory
-///   which begins at `x` and has a length of `count * size_of::<T>()` bytes
-///   must belong to a single, live allocation.
+/// * `x.offset(i)` must be [valid] for all `i` in `0..count`. In other words,
+///   the region of memory which begins at `x` and has a length of `count *
+///   size_of::<T>()` bytes must belong to a single, live allocation.
 ///
-/// * `y.offset(count-1)` must be [valid]. In other words, the region of memory
-///   which begins at `y` and has a length of `count * size_of::<T>()` bytes
-///   must belong to a single, live allocation.
+/// * `y.offset(i)` must be [valid] for all `i` in `0..count`. In other words,
+///   the region of memory which begins at `y` and has a length of `count *
+///   size_of::<T>()` bytes must belong to a single, live allocation.
 ///
 /// * The two regions of memory must *not* overlap.
 ///