diff options
| author | Tamir Duberstein <[email protected]> | 2025-04-16 17:15:42 +0000 |
|---|---|---|
| committer | Danilo Krummrich <[email protected]> | 2025-04-23 10:05:22 +0000 |
| commit | 1b04b466c873f62413bf65a05a558f036660aedc (patch) | |
| tree | 4f28ce9cc1f562e7c4f827b0f126f36766e5dc01 | |
| parent | rust: alloc: add `Vec::dec_len` (diff) | |
| download | kernel-1b04b466c873f62413bf65a05a558f036660aedc.tar.gz kernel-1b04b466c873f62413bf65a05a558f036660aedc.zip | |
rust: alloc: refactor `Vec::truncate` using `dec_len`
Use `checked_sub` to satisfy the safety requirements of `dec_len` and
replace nearly the whole body of `truncate` with a call to `dec_len`.
Reviewed-by: Andrew Ballance <[email protected]>
Reviewed-by: Alice Ryhl <[email protected]>
Signed-off-by: Tamir Duberstein <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
[ Remove #[expect(unused)] from dec_len(). - Danilo ]
Signed-off-by: Danilo Krummrich <[email protected]>
| -rw-r--r-- | rust/kernel/alloc/kvec.rs | 25 |
1 files changed, 8 insertions, 17 deletions
diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs index 7671867165a0..87dc37ecb94d 100644 --- a/rust/kernel/alloc/kvec.rs +++ b/rust/kernel/alloc/kvec.rs @@ -209,7 +209,6 @@ where /// # Safety /// /// - `count` must be less than or equal to `self.len`. - #[expect(unused)] unsafe fn dec_len(&mut self, count: usize) -> &mut [T] { debug_assert!(count <= self.len()); // INVARIANT: We relinquish ownership of the elements within the range `[self.len - count, @@ -489,23 +488,15 @@ where /// # Ok::<(), Error>(()) /// ``` pub fn truncate(&mut self, len: usize) { - if len >= self.len() { - return; - } - - let drop_range = len..self.len(); - - // SAFETY: `drop_range` is a subrange of `[0, len)` by the bounds check above. - let ptr: *mut [T] = unsafe { self.get_unchecked_mut(drop_range) }; + if let Some(count) = self.len().checked_sub(len) { + // SAFETY: `count` is `self.len() - len` so it is guaranteed to be less than or + // equal to `self.len()`. + let ptr: *mut [T] = unsafe { self.dec_len(count) }; - // SAFETY: By the above bounds check, it is guaranteed that `len < self.capacity()`. - unsafe { self.set_len(len) }; - - // SAFETY: - // - the dropped values are valid `T`s by the type invariant - // - we are allowed to invalidate [`new_len`, `old_len`) because we just changed the - // len, therefore we have exclusive access to [`new_len`, `old_len`) - unsafe { ptr::drop_in_place(ptr) }; + // SAFETY: the contract of `dec_len` guarantees that the elements in `ptr` are + // valid elements whose ownership has been transferred to the caller. + unsafe { ptr::drop_in_place(ptr) }; + } } } |