Function creusot_contracts::std::slice::from_ptr_range
source · pub const unsafe fn from_ptr_range<'a, T>(range: Range<*const T>) -> &'a [T]
slice_from_ptr_range
)Expand description
Forms a slice from a pointer range.
This function is useful for interacting with foreign interfaces which use two pointers to refer to a range of elements in memory, as is common in C++.
§Safety
Behavior is undefined if any of the following conditions are violated:
-
The
start
pointer of the range must be a valid and properly aligned pointer to the first element of a slice. -
The
end
pointer must be a valid and properly aligned pointer to one past the last element, such that the offset from the end to the start pointer is the length of the slice. -
The entire memory range of this slice must be contained within a single allocated object! Slices can never span across multiple allocated objects.
-
The range must contain
N
consecutive properly initialized values of typeT
. -
The memory referenced by the returned slice must not be mutated for the duration of lifetime
'a
, except inside anUnsafeCell
. -
The total length of the range must be no larger than
isize::MAX
, and adding that size todata
must not “wrap around” the address space. See the safety documentation ofpointer::offset
.
Note that a range created from slice::as_ptr_range
fulfills these requirements.
§Panics
This function panics if T
is a Zero-Sized Type (“ZST”).
§Caveat
The lifetime for the returned slice is inferred from its usage. To prevent accidental misuse, it’s suggested to tie the lifetime to whichever source lifetime is safe in the context, such as by providing a helper function taking the lifetime of a host value for the slice, or by explicit annotation.
§Examples
#![feature(slice_from_ptr_range)]
use core::slice;
let x = [1, 2, 3];
let range = x.as_ptr_range();
unsafe {
assert_eq!(slice::from_ptr_range(range), &x);
}