|
160 | 160 | //! this is the name of the variable/static. (This is mildly overloading the term "pointer" |
161 | 161 | //! for the sake of brevity/exposition.) |
162 | 162 | //! |
163 | | -//! The Original Pointer for an allocated object has provenance that constraints the *spatial* |
| 163 | +//! The Original Pointer for an allocated object has provenance that constrains the *spatial* |
164 | 164 | //! permissions of this pointer to the memory range of the allocation, and the *temporal* |
165 | 165 | //! permissions to the lifetime of the allocation. Provenance is implicitly inherited by all |
166 | 166 | //! pointers transitively derived from the Original Pointer through operations like [`offset`], |
|
186 | 186 | //! |
187 | 187 | //! * It is undefined behavior to [`offset`] a pointer across a memory range that is not contained |
188 | 188 | //! in the allocated object it is derived from, or to [`offset_from`] two pointers not derived |
189 | | -//! from the same allocated object. Provenance is used to say what excatly "derived from" even |
| 189 | +//! from the same allocated object. Provenance is used to say what exactly "derived from" even |
190 | 190 | //! means: the lineage of a pointer is traced back to the Original Pointer it descends from, and |
191 | 191 | //! that identifies the relevant allocated object. In particular, it's always UB to offset a |
192 | 192 | //! pointer derived from something that is now deallocated, except if the offset is 0. |
|
209 | 209 | //! * Compare arbitrary pointers by address. Pointer comparison ignores provenance and addresses |
210 | 210 | //! *are* just integers, so there is always a coherent answer, even if the pointers are dangling |
211 | 211 | //! or from different provenances. Note that if you get "lucky" and notice that a pointer at the |
212 | | -//! end of one allocated object is the "same" address as the start of another allocatted object, |
| 212 | +//! end of one allocated object is the "same" address as the start of another allocated object, |
213 | 213 | //! anything you do with that fact is *probably* going to be gibberish. The scope of that |
214 | 214 | //! gibberish is kept under control by the fact that the two pointers *still* aren't allowed to |
215 | 215 | //! access the other's allocation (bytes), because they still have different provenance. |
|
0 commit comments