libcore: avoid mem::uninitialized and raw ptr casts

RalfJung · RalfJung · commit a88414e007d9 · 2019-01-28T10:39:49.000+01:00
diff --git a/src/libcore/fmt/num.rs b/src/libcore/fmt/num.rs
@@ -6,7 +6,7 @@ use ops::{Div, Rem, Sub};
 use str;
 use slice;
 use ptr;
-use mem;
+use mem::MaybeUninit;
 
 #[doc(hidden)]
 trait Int: PartialEq + PartialOrd + Div<Output=Self> + Rem<Output=Self> +
@@ -51,7 +51,12 @@ trait GenericRadix {
         // characters for a base 2 number.
         let zero = T::zero();
         let is_nonnegative = x >= zero;
-        let mut buf: [u8; 128] = unsafe { mem::uninitialized() };
+        // Creating a `[MaybeUninit; N]` array by first creating a
+        // `MaybeUninit<[MaybeUninit; N]>`; the `into_inner` is safe because the inner
+        // array does not require initialization.
+        let mut buf: [MaybeUninit<u8>; 128] = unsafe {
+            MaybeUninit::uninitialized().into_inner()
+        };
         let mut curr = buf.len();
         let base = T::from_u8(Self::BASE);
         if is_nonnegative {
@@ -60,7 +65,7 @@ trait GenericRadix {
             for byte in buf.iter_mut().rev() {
                 let n = x % base;               // Get the current place value.
                 x = x / base;                   // Deaccumulate the number.
-                *byte = Self::digit(n.to_u8()); // Store the digit in the buffer.
+                byte.set(Self::digit(n.to_u8())); // Store the digit in the buffer.
                 curr -= 1;
                 if x == zero {
                     // No more digits left to accumulate.
@@ -72,15 +77,19 @@ trait GenericRadix {
             for byte in buf.iter_mut().rev() {
                 let n = zero - (x % base);      // Get the current place value.
                 x = x / base;                   // Deaccumulate the number.
-                *byte = Self::digit(n.to_u8()); // Store the digit in the buffer.
+                byte.set(Self::digit(n.to_u8())); // Store the digit in the buffer.
                 curr -= 1;
                 if x == zero {
                     // No more digits left to accumulate.
                     break
                 };
             }
         }
-        let buf = unsafe { str::from_utf8_unchecked(&buf[curr..]) };
+        let buf = &buf[curr..];
+        let buf = unsafe { str::from_utf8_unchecked(slice::from_raw_parts(
+            MaybeUninit::first_ptr(buf),
+            buf.len()
+        )) };
         f.pad_integral(is_nonnegative, Self::PREFIX, buf)
     }
 }
@@ -194,9 +203,14 @@ macro_rules! impl_Display {
                 // convert the negative num to positive by summing 1 to it's 2 complement
                 (!self.$conv_fn()).wrapping_add(1)
             };
-            let mut buf: [u8; 39] = unsafe { mem::uninitialized() };
+            // Creating a `[MaybeUninit; N]` array by first creating a
+            // `MaybeUninit<[MaybeUninit; N]>`; the `into_inner` is safe because the inner
+            // array does not require initialization.
+            let mut buf: [MaybeUninit<u8>; 39] = unsafe {
+                MaybeUninit::uninitialized().into_inner()
+            };
             let mut curr = buf.len() as isize;
-            let buf_ptr = buf.as_mut_ptr();
+            let buf_ptr = MaybeUninit::first_mut_ptr(&mut buf);
             let lut_ptr = DEC_DIGITS_LUT.as_ptr();
 
             unsafe {
diff --git a/src/libcore/lib.rs b/src/libcore/lib.rs
@@ -60,6 +60,7 @@
        test(attr(allow(dead_code, deprecated, unused_variables, unused_mut))))]
 
 #![no_core]
+#![warn(deprecated_in_future)]
 #![deny(missing_docs)]
 #![deny(intra_doc_link_resolution_failure)]
 #![deny(missing_debug_implementations)]
diff --git a/src/libcore/mem.rs b/src/libcore/mem.rs
@@ -1148,4 +1148,18 @@ impl<T> MaybeUninit<T> {
     pub fn as_mut_ptr(&mut self) -> *mut T {
         unsafe { &mut *self.value as *mut T }
     }
+
+    /// Get a pointer to the first contained values.
+    #[unstable(feature = "maybe_uninit", issue = "53491")]
+    #[inline(always)]
+    pub fn first_ptr(this: &[MaybeUninit<T>]) -> *const T {
+        this as *const [MaybeUninit<T>] as *const T
+    }
+
+    /// Get a mutable pointer to the first contained values.
+    #[unstable(feature = "maybe_uninit", issue = "53491")]
+    #[inline(always)]
+    pub fn first_mut_ptr(this: &mut [MaybeUninit<T>]) -> *mut T {
+        this as *mut [MaybeUninit<T>] as *mut T
+    }
 }
diff --git a/src/libcore/slice/sort.rs b/src/libcore/slice/sort.rs
@@ -216,14 +216,21 @@ fn partition_in_blocks<T, F>(v: &mut [T], pivot: &T, is_less: &mut F) -> usize
     let mut block_l = BLOCK;
     let mut start_l = ptr::null_mut();
     let mut end_l = ptr::null_mut();
-    let mut offsets_l = MaybeUninit::<[u8; BLOCK]>::uninitialized();
+    // Creating a `[MaybeUninit; N]` array by first creating a
+    // `MaybeUninit<[MaybeUninit; N]>`; the `into_inner` is safe because the inner
+    // array does not require initialization.
+    let mut offsets_l: [MaybeUninit<u8>; BLOCK] = unsafe {
+        MaybeUninit::uninitialized().into_inner()
+    };
 
     // The current block on the right side (from `r.sub(block_r)` to `r`).
     let mut r = unsafe { l.add(v.len()) };
     let mut block_r = BLOCK;
     let mut start_r = ptr::null_mut();
     let mut end_r = ptr::null_mut();
-    let mut offsets_r = MaybeUninit::<[u8; BLOCK]>::uninitialized();
+    let mut offsets_r: [MaybeUninit<u8>; BLOCK] = unsafe {
+        MaybeUninit::uninitialized().into_inner()
+    };
 
     // FIXME: When we get VLAs, try creating one array of length `min(v.len(), 2 * BLOCK)` rather
     // than two fixed-size arrays of length `BLOCK`. VLAs might be more cache-efficient.
@@ -262,8 +269,8 @@ fn partition_in_blocks<T, F>(v: &mut [T], pivot: &T, is_less: &mut F) -> usize
 
         if start_l == end_l {
             // Trace `block_l` elements from the left side.
-            start_l = offsets_l.as_mut_ptr() as *mut u8;
-            end_l = offsets_l.as_mut_ptr() as *mut u8;
+            start_l = MaybeUninit::first_mut_ptr(&mut offsets_l);
+            end_l = MaybeUninit::first_mut_ptr(&mut offsets_l);
             let mut elem = l;
 
             for i in 0..block_l {
@@ -278,8 +285,8 @@ fn partition_in_blocks<T, F>(v: &mut [T], pivot: &T, is_less: &mut F) -> usize
 
         if start_r == end_r {
             // Trace `block_r` elements from the right side.
-            start_r = offsets_r.as_mut_ptr() as *mut u8;
-            end_r = offsets_r.as_mut_ptr() as *mut u8;
+            start_r = MaybeUninit::first_mut_ptr(&mut offsets_r);
+            end_r = MaybeUninit::first_mut_ptr(&mut offsets_r);
             let mut elem = r;
 
             for i in 0..block_r {
