On Sun, Jul 30, 2023 at 10:41:54PM +0000, Björn Roy Baron wrote: > On Jul 30, 2023, 10:43 PM, Miguel Ojeda < miguel.ojeda.sandonis@xxxxxxxxx> wrote: > > On Sun, Jul 30, 2023 at 3:29 AM Boqun > Feng <boqun.feng@xxxxxxxxx> wrote: > > > > > > +// Note: Although these are *safe* functions, but they are only generated at > > > +// `GlobalAlloc` callsites, hence we assume the parameters obey the same > > > +// `GlobalAlloc` function safety requirements: size and align should form a > > > +// valid layout, and size is greater than 0. > > > > Thanks for adding all the `// SAFETY` comments here Boqun! > > > > Björn, do they look good to you? (since you fixed the issue in the compiler) > > Based on a quick look, yes. The __rust_* methods that are normally generated by the compiled directly jump to the respective global allocator method, so they have the same safety requirements. > Good to know, thanks! > > > > On this comment in particular, "generated at `GlobalAlloc` callsites" > sounds a bit confusing to me. Would "... called by the compiler with > parameters that obey ..." make sense? Or does the sentence refer to Agreed. It's better. So reword as below: // Note: Although these are *safe* functions, but they are called by the // compiler with the parameters that obey the same `GlobalAlloc` // function safety requirements: size and align should form a valid // layout, and size is greater than 0. Regards, Boqun > the normal case (i.e. when the functions are generated)? Anyway, it is > not a big deal. > > > > Cheers, > > Miguel > > Cheers, > Björn > > (resent as I accidentally sent html instead of plain text)
