Macro creusot_contracts::std::ptr::addr_of
1.51.0 · source · pub macro addr_of($place:expr) { ... }
Expand description
Create a const
raw pointer to a place, without creating an intermediate reference.
Creating a reference with &
/&mut
is only allowed if the pointer is properly aligned
and points to initialized data. For cases where those requirements do not hold,
raw pointers should be used instead. However, &expr as *const _
creates a reference
before casting it to a raw pointer, and that reference is subject to the same rules
as all other references. This macro can create a raw pointer without creating
a reference first.
See addr_of_mut
for how to create a pointer to uninitialized data.
Doing that with addr_of
would not make much sense since one could only
read the data, and that would be Undefined Behavior.
§Safety
The expr
in addr_of!(expr)
is evaluated as a place expression, but never loads from the
place or requires the place to be dereferenceable. This means that addr_of!((*ptr).field)
still requires the projection to field
to be in-bounds, using the same rules as offset
.
However, addr_of!(*ptr)
is defined behavior even if ptr
is null, dangling, or misaligned.
Note that Deref
/Index
coercions (and their mutable counterparts) are applied inside
addr_of!
like everywhere else, in which case a reference is created to call Deref::deref
or
Index::index
, respectively. The statements above only apply when no such coercions are
applied.
§Example
Correct usage: Creating a pointer to unaligned data
use std::ptr;
#[repr(packed)]
struct Packed {
f1: u8,
f2: u16,
}
let packed = Packed { f1: 1, f2: 2 };
// `&packed.f2` would create an unaligned reference, and thus be Undefined Behavior!
let raw_f2 = ptr::addr_of!(packed.f2);
assert_eq!(unsafe { raw_f2.read_unaligned() }, 2);
Incorrect usage: Out-of-bounds fields projection
use std::ptr;
#[repr(C)]
struct MyStruct {
field1: i32,
field2: i32,
}
let ptr: *const MyStruct = ptr::null();
let fieldptr = unsafe { ptr::addr_of!((*ptr).field2) }; // Undefined Behavior ⚠️
The field projection .field2
would offset the pointer by 4 bytes,
but the pointer is not in-bounds of an allocation for 4 bytes,
so this offset is Undefined Behavior.
See the offset
docs for a full list of requirements for inbounds pointer arithmetic; the
same requirements apply to field projections, even inside addr_of!
. (In particular, it makes
no difference whether the pointer is null or dangling.)