From ea5570cf277601f479a0a5fc8e65adfac60d2922 Mon Sep 17 00:00:00 2001
From: Dylan MacKenzie <ecstaticmorse@gmail.com>
Date: Fri, 15 Jun 2018 22:33:00 -0700
Subject: [PATCH] Redefine range validity

Uses `x.offset(i)` must be valid for all `i` in `0..count`.
---
 src/libcore/intrinsics.rs | 43 +++++++++++++++++++--------------------
 src/libcore/ptr.rs        | 14 ++++++-------
 2 files changed, 27 insertions(+), 30 deletions(-)

diff --git a/src/libcore/intrinsics.rs b/src/libcore/intrinsics.rs
index ba16715a6b8..43dcc180b86 100644
--- a/src/libcore/intrinsics.rs
+++ b/src/libcore/intrinsics.rs
@@ -976,17 +976,17 @@
     ///
     /// Behavior is undefined if any of the following conditions are violated:
     ///
-    /// * Both `src` and `dst` must be [valid].
-    ///
     /// * Both `src` and `dst` must be properly aligned.
     ///
-    /// * `src.offset(count-1)` must be [valid]. In other words, the region of
-    ///   memory which begins at `src` and has a length of `count *
-    ///   size_of::<T>()` bytes must belong to a single, live allocation.
+    /// * `src.offset(i)` must be [valid] for all `i` in `0..count`. In other
+    ///   words, the region of memory which begins at `src` and has a length of
+    ///   `count * size_of::<T>()` bytes must belong to a single, live
+    ///   allocation.
     ///
-    /// * `dst.offset(count-1)` must be [valid]. In other words, the region of
-    ///   memory which begins at `dst` and has a length of `count *
-    ///   size_of::<T>()` bytes must belong to a single, live allocation.
+    /// * `dst.offset(i)` must be [valid] for all `i` in `0..count`. In other
+    ///   words, the region of memory which begins at `dst` and has a length of
+    ///   `count * size_of::<T>()` bytes must belong to a single, live
+    ///   allocation.
     ///
     /// * The two regions of memory must *not* overlap.
     ///
@@ -1064,17 +1064,17 @@
     ///
     /// Behavior is undefined if any of the following conditions are violated:
     ///
-    /// * Both `src` and `dst` must be [valid].
-    ///
     /// * Both `src` and `dst` must be properly aligned.
     ///
-    /// * `src.offset(count-1)` must be [valid]. In other words, the region of
-    ///   memory which begins at `src` and has a length of `count *
-    ///   size_of::<T>()` bytes must belong to a single, live allocation.
+    /// * `src.offset(i)` must be [valid] for all `i` in `0..count`. In other
+    ///   words, the region of memory which begins at `src` and has a length of
+    ///   `count * size_of::<T>()` bytes must belong to a single, live
+    ///   allocation.
     ///
-    /// * `dst.offset(count-1)` must be [valid]. In other words, the region of
-    ///   memory which begins at `dst` and has a length of `count *
-    ///   size_of::<T>()` bytes must belong to a single, live allocation.
+    /// * `dst.offset(i)` must be [valid] for all `i` in `0..count`. In other
+    ///   words, the region of memory which begins at `dst` and has a length of
+    ///   `count * size_of::<T>()` bytes must belong to a single, live
+    ///   allocation.
     ///
     /// Like [`read`], `copy` creates a bitwise copy of `T`, regardless of
     /// whether `T` is [`Copy`].  If `T` is not [`Copy`], using both the values
@@ -1116,14 +1116,13 @@
     ///
     /// Behavior is undefined if any of the following conditions are violated:
     ///
-    /// * `dst` must be [valid].
-    ///
-    /// * `dst.offset(count-1)` must be [valid]. In other words, the region of
-    ///   memory which begins at `dst` and has a length of `count *
-    ///   size_of::<T>()` bytes must belong to a single, live allocation.
-    ///
     /// * `dst` must be properly aligned.
     ///
+    /// * `dst.offset(i)` must be [valid] for all `i` in `0..count`. In other
+    ///   words, the region of memory which begins at `dst` and has a length of
+    ///   `count * size_of::<T>()` bytes must belong to a single, live
+    ///   allocation.
+    ///
     /// Additionally, the caller must ensure that writing `count *
     /// size_of::<T>()` bytes to the given region of memory results in a valid
     /// value of `T`. Creating an invalid value of `T` can result in undefined
diff --git a/src/libcore/ptr.rs b/src/libcore/ptr.rs
index dd27bc715fa..7cbb4462d06 100644
--- a/src/libcore/ptr.rs
+++ b/src/libcore/ptr.rs
@@ -240,17 +240,15 @@ pub unsafe fn swap<T>(x: *mut T, y: *mut T) {
 ///
 /// Behavior is undefined if any of the following conditions are violated:
 ///
-/// * Both `x` and `y` must be [valid].
-///
 /// * Both `x` and `y` must be properly aligned.
 ///
-/// * `x.offset(count-1)` must be [valid]. In other words, the region of memory
-///   which begins at `x` and has a length of `count * size_of::<T>()` bytes
-///   must belong to a single, live allocation.
+/// * `x.offset(i)` must be [valid] for all `i` in `0..count`. In other words,
+///   the region of memory which begins at `x` and has a length of `count *
+///   size_of::<T>()` bytes must belong to a single, live allocation.
 ///
-/// * `y.offset(count-1)` must be [valid]. In other words, the region of memory
-///   which begins at `y` and has a length of `count * size_of::<T>()` bytes
-///   must belong to a single, live allocation.
+/// * `y.offset(i)` must be [valid] for all `i` in `0..count`. In other words,
+///   the region of memory which begins at `y` and has a length of `count *
+///   size_of::<T>()` bytes must belong to a single, live allocation.
 ///
 /// * The two regions of memory must *not* overlap.
 ///
-- 
2.44.0