@@ -1695,9 +1695,9 @@ impl<T> [T] {
16951695 while size > 1 {
16961696 let half = size / 2 ;
16971697 let mid = base + half;
1698- // SAFETY:
1699- // mid >= 0: by definition
1700- // mid < size: mid = size / 2 + size / 4 + size / 8 ...
1698+ // SAFETY: the call is made safe by the following inconstants:
1699+ // - ` mid >= 0` : by definition
1700+ // - ` mid < size`: ` mid = size / 2 + size / 4 + size / 8 ...`
17011701 let cmp = f ( unsafe { s. get_unchecked ( mid) } ) ;
17021702 base = if cmp == Greater { base } else { mid } ;
17031703 size -= half;
@@ -2690,6 +2690,7 @@ impl<T> [T] {
26902690 // First, find at what point do we split between the first and 2nd slice. Easy with
26912691 // ptr.align_offset.
26922692 let ptr = self . as_ptr ( ) ;
2693+ // SAFETY: See the `align_to_mut` method for the detailed safety comment.
26932694 let offset = unsafe { crate :: ptr:: align_offset ( ptr, mem:: align_of :: < U > ( ) ) } ;
26942695 if offset > self . len ( ) {
26952696 ( self , & [ ] , & [ ] )
@@ -2749,6 +2750,13 @@ impl<T> [T] {
27492750 // First, find at what point do we split between the first and 2nd slice. Easy with
27502751 // ptr.align_offset.
27512752 let ptr = self . as_ptr ( ) ;
2753+ // SAFETY: Here we are ensuring we will use aligned pointers for U for the
2754+ // rest of the method. This is done by passing a pointer to &[T] with an
2755+ // alignment targeted for U.
2756+ // `crate::ptr::align_offset` is called with a correctly aligned and
2757+ // valid pointer `ptr` (it comes from a reference to `self`) and with
2758+ // a size that is a power of two (since it comes from the alignement for U),
2759+ // satisfying its safety constraints.
27522760 let offset = unsafe { crate :: ptr:: align_offset ( ptr, mem:: align_of :: < U > ( ) ) } ;
27532761 if offset > self . len ( ) {
27542762 ( self , & mut [ ] , & mut [ ] )
@@ -2874,15 +2882,13 @@ impl<T> [T] {
28742882
28752883 while left != right {
28762884 let mid = left + ( right - left) / 2 ;
2877- // SAFETY:
2878- // When left < right, left <= mid < right.
2879- // Therefore left always increases and right always decreases,
2880- // and eigher of them is selected.
2881- // In both cases left <= right is satisfied.
2882- // Therefore if left < right in a step,
2883- // left <= right is satisfied in the next step.
2884- // Therefore as long as left != right, 0 <= left < right <= len is satisfied
2885- // and if this case 0 <= mid < len is satisfied too.
2885+ // SAFETY: When `left < right`, `left <= mid < right`.
2886+ // Therefore `left` always increases and `right` always decreases,
2887+ // and either of them is selected. In both cases `left <= right` is
2888+ // satisfied. Therefore if `left < right` in a step, `left <= right`
2889+ // is satisfied in the next step. Therefore as long as `left != right`,
2890+ // `0 <= left < right <= len` is satisfied and if this case
2891+ // `0 <= mid < len` is satisfied too.
28862892 let value = unsafe { self . get_unchecked ( mid) } ;
28872893 if pred ( value) {
28882894 left = mid + 1 ;
@@ -3002,7 +3008,8 @@ fn is_ascii(s: &[u8]) -> bool {
30023008 // above.
30033009 debug_assert ! ( offset_to_aligned <= len) ;
30043010
3005- // word_ptr is the (properly aligned) usize ptr we use to read the middle chunk of the slice.
3011+ // SAFETY: word_ptr is the (properly aligned) usize ptr we use to read the
3012+ // middle chunk of the slice.
30063013 let mut word_ptr = unsafe { start. add ( offset_to_aligned) as * const usize } ;
30073014
30083015 // `byte_pos` is the byte index of `word_ptr`, used for loop end checks.
@@ -5660,6 +5667,8 @@ impl<T, const N: usize> FusedIterator for ArrayChunks<'_, T, N> {}
56605667#[ unstable( feature = "array_chunks" , issue = "74985" ) ]
56615668unsafe impl < ' a , T , const N : usize > TrustedRandomAccess for ArrayChunks < ' a , T , N > {
56625669 unsafe fn get_unchecked ( & mut self , i : usize ) -> & ' a [ T ; N ] {
5670+ // SAFETY: The safety guarantees of `get_unchecked` are transferred to
5671+ // the caller.
56635672 unsafe { self . iter . get_unchecked ( i) }
56645673 }
56655674 fn may_have_side_effect ( ) -> bool {
0 commit comments