132: Add comments explaining why transmutes are safe r=cuviper a=Shnatsel

Add comments explaining why transmutes are safe so that people auditing unsafe code don't have to spend time figuring it out by themselves.

Co-authored-by: Sergey "Shnatsel" Davidoff <sdavydov@google.com>
This commit is contained in:
bors[bot] 2019-09-09 17:42:57 +00:00 committed by GitHub
commit 3add713434
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions

View File

@ -766,6 +766,8 @@ impl FloatCore for f32 {
const EXP_MASK: u32 = 0x7f800000; const EXP_MASK: u32 = 0x7f800000;
const MAN_MASK: u32 = 0x007fffff; const MAN_MASK: u32 = 0x007fffff;
// Safety: this identical to the implementation of f32::to_bits(),
// which is only available starting at Rust 1.20
let bits: u32 = unsafe { mem::transmute(self) }; let bits: u32 = unsafe { mem::transmute(self) };
match (bits & MAN_MASK, bits & EXP_MASK) { match (bits & MAN_MASK, bits & EXP_MASK) {
(0, 0) => FpCategory::Zero, (0, 0) => FpCategory::Zero,
@ -838,6 +840,8 @@ impl FloatCore for f64 {
const EXP_MASK: u64 = 0x7ff0000000000000; const EXP_MASK: u64 = 0x7ff0000000000000;
const MAN_MASK: u64 = 0x000fffffffffffff; const MAN_MASK: u64 = 0x000fffffffffffff;
// Safety: this identical to the implementation of f64::to_bits(),
// which is only available starting at Rust 1.20
let bits: u64 = unsafe { mem::transmute(self) }; let bits: u64 = unsafe { mem::transmute(self) };
match (bits & MAN_MASK, bits & EXP_MASK) { match (bits & MAN_MASK, bits & EXP_MASK) {
(0, 0) => FpCategory::Zero, (0, 0) => FpCategory::Zero,
@ -1881,6 +1885,8 @@ macro_rules! float_impl {
} }
fn integer_decode_f32(f: f32) -> (u64, i16, i8) { fn integer_decode_f32(f: f32) -> (u64, i16, i8) {
// Safety: this identical to the implementation of f32::to_bits(),
// which is only available starting at Rust 1.20
let bits: u32 = unsafe { mem::transmute(f) }; let bits: u32 = unsafe { mem::transmute(f) };
let sign: i8 = if bits >> 31 == 0 { 1 } else { -1 }; let sign: i8 = if bits >> 31 == 0 { 1 } else { -1 };
let mut exponent: i16 = ((bits >> 23) & 0xff) as i16; let mut exponent: i16 = ((bits >> 23) & 0xff) as i16;
@ -1895,6 +1901,8 @@ fn integer_decode_f32(f: f32) -> (u64, i16, i8) {
} }
fn integer_decode_f64(f: f64) -> (u64, i16, i8) { fn integer_decode_f64(f: f64) -> (u64, i16, i8) {
// Safety: this identical to the implementation of f64::to_bits(),
// which is only available starting at Rust 1.20
let bits: u64 = unsafe { mem::transmute(f) }; let bits: u64 = unsafe { mem::transmute(f) };
let sign: i8 = if bits >> 63 == 0 { 1 } else { -1 }; let sign: i8 = if bits >> 63 == 0 { 1 } else { -1 };
let mut exponent: i16 = ((bits >> 52) & 0x7ff) as i16; let mut exponent: i16 = ((bits >> 52) & 0x7ff) as i16;