Macro creusot_contracts::std::ptr::addr_of_mut

1.51.0 · source ·
pub macro addr_of_mut($place:expr) {
    ...
}
Expand description

Create a mut raw pointer to a place, without creating an intermediate reference.

Creating a reference with &/&mut is only allowed if the pointer is properly aligned and points to initialized data. For cases where those requirements do not hold, raw pointers should be used instead. However, &mut expr as *mut _ creates a reference before casting it to a raw pointer, and that reference is subject to the same rules as all other references. This macro can create a raw pointer without creating a reference first.

§Safety

The expr in addr_of_mut!(expr) is evaluated as a place expression, but never loads from the place or requires the place to be dereferenceable. This means that addr_of_mut!((*ptr).field) still requires the projection to field to be in-bounds, using the same rules as offset. However, addr_of_mut!(*ptr) is defined behavior even if ptr is null, dangling, or misaligned.

Note that Deref/Index coercions (and their mutable counterparts) are applied inside addr_of_mut! like everywhere else, in which case a reference is created to call Deref::deref or Index::index, respectively. The statements above only apply when no such coercions are applied.

§Examples

Correct usage: Creating a pointer to unaligned data

use std::ptr;

#[repr(packed)]
struct Packed {
    f1: u8,
    f2: u16,
}

let mut packed = Packed { f1: 1, f2: 2 };
// `&mut packed.f2` would create an unaligned reference, and thus be Undefined Behavior!
let raw_f2 = ptr::addr_of_mut!(packed.f2);
unsafe { raw_f2.write_unaligned(42); }
assert_eq!({packed.f2}, 42); // `{...}` forces copying the field instead of creating a reference.

Correct usage: Creating a pointer to uninitialized data

use std::{ptr, mem::MaybeUninit};

struct Demo {
    field: bool,
}

let mut uninit = MaybeUninit::<Demo>::uninit();
// `&uninit.as_mut().field` would create a reference to an uninitialized `bool`,
// and thus be Undefined Behavior!
let f1_ptr = unsafe { ptr::addr_of_mut!((*uninit.as_mut_ptr()).field) };
unsafe { f1_ptr.write(true); }
let init = unsafe { uninit.assume_init() };

Incorrect usage: Out-of-bounds fields projection

use std::ptr;

#[repr(C)]
struct MyStruct {
    field1: i32,
    field2: i32,
}

let ptr: *mut MyStruct = ptr::null_mut();
let fieldptr = unsafe { ptr::addr_of_mut!((*ptr).field2) }; // Undefined Behavior ⚠️

The field projection .field2 would offset the pointer by 4 bytes, but the pointer is not in-bounds of an allocation for 4 bytes, so this offset is Undefined Behavior. See the offset docs for a full list of requirements for inbounds pointer arithmetic; the same requirements apply to field projections, even inside addr_of_mut!. (In particular, it makes no difference whether the pointer is null or dangling.)