Commit 1b04b466 authored by Tamir Duberstein's avatar Tamir Duberstein Committed by Danilo Krummrich
Browse files

rust: alloc: refactor `Vec::truncate` using `dec_len` 



Use `checked_sub` to satisfy the safety requirements of `dec_len` and
replace nearly the whole body of `truncate` with a call to `dec_len`.

Reviewed-by: default avatarAndrew Ballance <andrewjballance@gmail.com>
Reviewed-by: default avatarAlice Ryhl <aliceryhl@google.com>
Signed-off-by: default avatarTamir Duberstein <tamird@gmail.com>
Link: https://lore.kernel.org/r/20250416-vec-set-len-v4-3-112b222604cd@gmail.com


[ Remove #[expect(unused)] from dec_len(). - Danilo ]
Signed-off-by: default avatarDanilo Krummrich <dakr@kernel.org>
parent dbb0b840

rust/kernel/alloc/kvec.rs

+8 −17
Original line number Diff line number Diff line
@@ -209,7 +209,6 @@ pub unsafe fn set_len(&mut self, new_len: usize) { 
    /// # Safety

    ///

    /// - `count` must be less than or equal to `self.len`.

    #[expect(unused)]

    unsafe fn dec_len(&mut self, count: usize) -> &mut [T] {

        debug_assert!(count <= self.len());

        // INVARIANT: We relinquish ownership of the elements within the range `[self.len - count,
@@ -489,25 +488,17 @@ pub fn reserve(&mut self, additional: usize, flags: Flags) -> Result<(), AllocEr 
    /// # Ok::<(), Error>(())

    /// ```

    pub fn truncate(&mut self, len: usize) {

        if len >= self.len() {

            return;

        }



        let drop_range = len..self.len();



        // SAFETY: `drop_range` is a subrange of `[0, len)` by the bounds check above.

        let ptr: *mut [T] = unsafe { self.get_unchecked_mut(drop_range) };

        if let Some(count) = self.len().checked_sub(len) {

            // SAFETY: `count` is `self.len() - len` so it is guaranteed to be less than or

            // equal to `self.len()`.

            let ptr: *mut [T] = unsafe { self.dec_len(count) };



        // SAFETY: By the above bounds check, it is guaranteed that `len < self.capacity()`.

        unsafe { self.set_len(len) };



        // SAFETY:

        // - the dropped values are valid `T`s by the type invariant

        // - we are allowed to invalidate [`new_len`, `old_len`) because we just changed the

        //   len, therefore we have exclusive access to [`new_len`, `old_len`)

            // SAFETY: the contract of `dec_len` guarantees that the elements in `ptr` are

            // valid elements whose ownership has been transferred to the caller.

            unsafe { ptr::drop_in_place(ptr) };

        }

    }

}



impl<T: Clone, A: Allocator> Vec<T, A> {

    /// Extend the vector by `n` clones of `value`.