From af96b1df1da916561547dd30b3187b30308d6843 Mon Sep 17 00:00:00 2001
From: Aaron Hill <aa1ronham@gmail.com>
Date: Wed, 3 Jul 2019 21:45:17 -0400
Subject: [PATCH 1/3] Document that ManuallyDrop::drop should not called more
 than once

Double dropping is unsound (e.g. https://github.com/rust-lang/rust/issues/60977). This commit documents the fact that `ManuallyDrop::drop` should not be called multiple times on the same instance, as it might not be immediately obvious that this counts as a use of uninitialized data.
---
 src/libcore/mem/manually_drop.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libcore/mem/manually_drop.rs b/src/libcore/mem/manually_drop.rs
index 3ad1223e331ec..5d43090250803 100644
--- a/src/libcore/mem/manually_drop.rs
+++ b/src/libcore/mem/manually_drop.rs
@@ -118,7 +118,8 @@ impl<T: ?Sized> ManuallyDrop<T> {
     ///
     /// This function runs the destructor of the contained value and thus the wrapped value
     /// now represents uninitialized data. It is up to the user of this method to ensure the
-    /// uninitialized data is not actually used.
+    /// uninitialized data is not actually used, and that this function is called at most once
+    /// for a given instance of ManuallyDrop
     ///
     /// [`ManuallyDrop::into_inner`]: #method.into_inner
     #[stable(feature = "manually_drop", since = "1.20.0")]

From 626ae7585c555010bee23d7e63b28147b63c0c19 Mon Sep 17 00:00:00 2001
From: Aaron Hill <aa1ronham@gmail.com>
Date: Wed, 3 Jul 2019 22:16:48 -0400
Subject: [PATCH 2/3] Improve formatting of 'ManuallyDrop'

Co-Authored-By: Mazdak Farrokhzad <twingoow@gmail.com>
---
 src/libcore/mem/manually_drop.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libcore/mem/manually_drop.rs b/src/libcore/mem/manually_drop.rs
index 5d43090250803..d6907000ffc4a 100644
--- a/src/libcore/mem/manually_drop.rs
+++ b/src/libcore/mem/manually_drop.rs
@@ -119,7 +119,7 @@ impl<T: ?Sized> ManuallyDrop<T> {
     /// This function runs the destructor of the contained value and thus the wrapped value
     /// now represents uninitialized data. It is up to the user of this method to ensure the
     /// uninitialized data is not actually used, and that this function is called at most once
-    /// for a given instance of ManuallyDrop
+    /// for a given instance of `ManuallyDrop<T>`.
     ///
     /// [`ManuallyDrop::into_inner`]: #method.into_inner
     #[stable(feature = "manually_drop", since = "1.20.0")]

From a93f4abe24019e2dbe1e8f9bffae01d91d5079e0 Mon Sep 17 00:00:00 2001
From: Aaron Hill <aa1ronham@gmail.com>
Date: Sat, 27 Jul 2019 18:42:47 -0400
Subject: [PATCH 3/3] Update wording

---
 src/libcore/mem/manually_drop.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libcore/mem/manually_drop.rs b/src/libcore/mem/manually_drop.rs
index d6907000ffc4a..bb35399323628 100644
--- a/src/libcore/mem/manually_drop.rs
+++ b/src/libcore/mem/manually_drop.rs
@@ -118,7 +118,8 @@ impl<T: ?Sized> ManuallyDrop<T> {
     ///
     /// This function runs the destructor of the contained value and thus the wrapped value
     /// now represents uninitialized data. It is up to the user of this method to ensure the
-    /// uninitialized data is not actually used, and that this function is called at most once
+    /// uninitialized data is not actually used.
+    /// In particular, this function can only be called called at most once
     /// for a given instance of `ManuallyDrop<T>`.
     ///
     /// [`ManuallyDrop::into_inner`]: #method.into_inner