From dd20225681cf581066afab23db0c0d854806370d Mon Sep 17 00:00:00 2001 From: Jon Bauman Date: Tue, 29 Apr 2025 11:24:31 -0700 Subject: [PATCH 1/2] Update rc.rs docs `wrapped_add` is used, not `checked_add` --- library/alloc/src/rc.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/alloc/src/rc.rs b/library/alloc/src/rc.rs index 619d9f258e342..247afc6283264 100644 --- a/library/alloc/src/rc.rs +++ b/library/alloc/src/rc.rs @@ -3536,7 +3536,7 @@ impl Default for Weak { } } -// NOTE: We checked_add here to deal with mem::forget safely. In particular +// NOTE: We wrapping_add here to deal with mem::forget safely. In particular // if you mem::forget Rcs (or Weaks), the ref-count can overflow, and then // you can free the allocation while outstanding Rcs (or Weaks) exist. // We abort because this is such a degenerate scenario that we don't care about From 6a4af821b00a1e55f44c80846c1a438a3c41dee5 Mon Sep 17 00:00:00 2001 From: Jon Bauman Date: Tue, 6 May 2025 13:19:42 -0700 Subject: [PATCH 2/2] Update rc.rs docs Update comment per review feedback --- library/alloc/src/rc.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/alloc/src/rc.rs b/library/alloc/src/rc.rs index 247afc6283264..4b8ea708e7e57 100644 --- a/library/alloc/src/rc.rs +++ b/library/alloc/src/rc.rs @@ -3536,11 +3536,11 @@ impl Default for Weak { } } -// NOTE: We wrapping_add here to deal with mem::forget safely. In particular -// if you mem::forget Rcs (or Weaks), the ref-count can overflow, and then -// you can free the allocation while outstanding Rcs (or Weaks) exist. -// We abort because this is such a degenerate scenario that we don't care about -// what happens -- no real program should ever experience this. +// NOTE: If you mem::forget Rcs (or Weaks), drop is skipped and the ref-count +// is not decremented, meaning the ref-count can overflow, and then you can +// free the allocation while outstanding Rcs (or Weaks) exist, which would be +// unsound. We abort because this is such a degenerate scenario that we don't +// care about what happens -- no real program should ever experience this. // // This should have negligible overhead since you don't actually need to // clone these much in Rust thanks to ownership and move-semantics.