Auto merge of #97053 - CAD97:realloc-clarification, r=dtolnay

bors · bors · commit 56d540e0571a · 2022-05-16T02:33:34.000Z
Remove potentially misleading realloc parenthetical This parenthetical is problematic, because it suggests that the following is sound: ```rust let layout = Layout::new::<[u8; 32]>(); let p1 = alloc(layout); let p2 = realloc(p1, layout, 32); if p1 == p2 { p1.write([0; 32]); dealloc(p1, layout); } else { dealloc(p2, layout); } ``` At the very least, this isn't the case for [ANSI `realloc`](https://en.cppreference.com/w/c/memory/realloc) > The original pointer `ptr` is invalidated and any access to it is undefined behavior (even if reallocation was in-place). and [Windows `HeapReAlloc`](https://docs.microsoft.com/en-us/windows/win32/api/heapapi/nf-heapapi-heaprealloc) is unclear at best (`HEAP_REALLOC_IN_PLACE_ONLY`'s description may imply that the old pointer may be used if `HEAP_REALLOC_IN_PLACE_ONLY` is provided). The conservative position is to just remove the parenthetical. cc `@rust-lang/wg-unsafe-code-guidelines` `@rust-lang/wg-allocators`
diff --git a/library/core/src/alloc/global.rs b/library/core/src/alloc/global.rs
@@ -208,11 +208,9 @@ pub unsafe trait GlobalAlloc {
     ///
     /// If this returns a non-null pointer, then ownership of the memory block
     /// referenced by `ptr` has been transferred to this allocator.
-    /// The memory may or may not have been deallocated,
-    /// and should be considered unusable (unless of course it was
-    /// transferred back to the caller again via the return value of
-    /// this method). The new memory block is allocated with `layout`, but
-    /// with the `size` updated to `new_size`. This new layout should be
+    /// The memory may or may not have been deallocated, and should be
+    /// considered unusable. The new memory block is allocated with `layout`,
+    /// but with the `size` updated to `new_size`. This new layout should be
     /// used when deallocating the new memory block with `dealloc`. The range
     /// `0..min(layout.size(), new_size)` of the new memory block is
     /// guaranteed to have the same values as the original block.
diff --git a/library/core/src/alloc/mod.rs b/library/core/src/alloc/mod.rs
@@ -161,8 +161,7 @@ pub unsafe trait Allocator {
     ///
     /// If this returns `Ok`, then ownership of the memory block referenced by `ptr` has been
     /// transferred to this allocator. The memory may or may not have been freed, and should be
-    /// considered unusable unless it was transferred back to the caller again via the return value
-    /// of this method.
+    /// considered unusable.
     ///
     /// If this method returns `Err`, then ownership of the memory block has not been transferred to
     /// this allocator, and the contents of the memory block are unaltered.
@@ -288,8 +287,7 @@ pub unsafe trait Allocator {
     ///
     /// If this returns `Ok`, then ownership of the memory block referenced by `ptr` has been
     /// transferred to this allocator. The memory may or may not have been freed, and should be
-    /// considered unusable unless it was transferred back to the caller again via the return value
-    /// of this method.
+    /// considered unusable.
     ///
     /// If this method returns `Err`, then ownership of the memory block has not been transferred to
     /// this allocator, and the contents of the memory block are unaltered.
