Auto merge of rust-lang#149132 - matthiaskrgr:rollup-8khp9s2, r=matthiaskrgr

Rollup of 9 pull requests

Successful merges:

 - rust-lang#146925 (Add doc for va_list APIs)
 - rust-lang#147035 (alloc: fix `Debug` implementation of `ExtractIf`)
 - rust-lang#147173 (Add support for hexagon-unknown-qurt target)
 - rust-lang#148261 (rustc_public: Make Id types !Send / !Sync)
 - rust-lang#149041 (ignore unsized types in mips64 and sparc64 callconvs)
 - rust-lang#149056 (fix the fragment_in_dst_padding_gets_overwritten test on s390x)
 - rust-lang#149071 (Add test scaffolding for the `remote-test-client`)
 - rust-lang#149095 (rustc-dev-guide subtree update)
 - rust-lang#149108 ([AIX][ppc64le-linux-gnu] Add Amy Kwan to target maintainers)

r? `@ghost`
`@rustbot` modify labels: rollup

Author: bors

alloc/src/vec/extract_if.rs

@@ -130,7 +130,20 @@ where
     A: Allocator,
 {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        let peek = if self.idx < self.end { self.vec.get(self.idx) } else { None };
+        let peek = if self.idx < self.end {
+            // This has to use pointer arithmetic as `self.vec[self.idx]` or
+            // `self.vec.get_unchecked(self.idx)` wouldn't work since we
+            // temporarily set the length of `self.vec` to zero.
+            //
+            // SAFETY:
+            // Since `self.idx` is smaller than `self.end` and `self.end` is
+            // smaller than `self.old_len`, `idx` is valid for indexing the
+            // buffer. Also, per the invariant of `self.idx`, this element
+            // has not been inspected/moved out yet.
+            Some(unsafe { &*self.vec.as_ptr().add(self.idx) })
+        } else {
+            None
+        };
         f.debug_struct("ExtractIf").field("peek", &peek).finish_non_exhaustive()
     }
 }

alloctests/tests/vec.rs

@@ -1650,6 +1650,17 @@ fn extract_if_unconsumed() {
     assert_eq!(vec, [1, 2, 3, 4]);
 }
 
+#[test]
+fn extract_if_debug() {
+    let mut vec = vec![1, 2];
+    let mut drain = vec.extract_if(.., |&mut x| x % 2 != 0);
+    assert!(format!("{drain:?}").contains("Some(1)"));
+    drain.next();
+    assert!(format!("{drain:?}").contains("Some(2)"));
+    drain.next();
+    assert!(format!("{drain:?}").contains("None"));
+}
+
 #[test]
 fn test_reserve_exact() {
     // This is all the same as test_reserve

core/src/ffi/va_list.rs

@@ -243,10 +243,11 @@ impl<'f> VaListImpl<'f> {
     ///
     /// # Safety
     ///
-    /// This function is only sound to call when the next variable argument:
+    /// This function is only sound to call when:
     ///
-    /// - has a type that is ABI-compatible with the type `T`
-    /// - has a value that is a properly initialized value of type `T`
+    /// - there is a next variable argument available.
+    /// - the next argument's type must be ABI-compatible with the type `T`.
+    /// - the next argument must have a properly initialized value of type `T`.
     ///
     /// Calling this function with an incompatible type, an invalid value, or when there
     /// are no more variable arguments, is unsound.

core/src/intrinsics/mod.rs

@@ -3350,22 +3350,41 @@ pub(crate) const fn miri_promise_symbolic_alignment(ptr: *const (), align: usize
 
 /// Copies the current location of arglist `src` to the arglist `dst`.
 ///
-/// FIXME: document safety requirements
+/// # Safety
+///
+/// You must check the following invariants before you call this function:
+///
+/// - `dest` must be non-null and point to valid, writable memory.
+/// - `dest` must not alias `src`.
+///
 #[rustc_intrinsic]
 #[rustc_nounwind]
 pub unsafe fn va_copy<'f>(dest: *mut VaListImpl<'f>, src: &VaListImpl<'f>);
 
 /// Loads an argument of type `T` from the `va_list` `ap` and increment the
 /// argument `ap` points to.
 ///
-/// FIXME: document safety requirements
+/// # Safety
+///
+/// This function is only sound to call when:
+///
+/// - there is a next variable argument available.
+/// - the next argument's type must be ABI-compatible with the type `T`.
+/// - the next argument must have a properly initialized value of type `T`.
+///
+/// Calling this function with an incompatible type, an invalid value, or when there
+/// are no more variable arguments, is unsound.
+///
 #[rustc_intrinsic]
 #[rustc_nounwind]
 pub unsafe fn va_arg<T: VaArgSafe>(ap: &mut VaListImpl<'_>) -> T;
 
 /// Destroy the arglist `ap` after initialization with `va_start` or `va_copy`.
 ///
-/// FIXME: document safety requirements
+/// # Safety
+///
+/// `ap` must not be used to access variable arguments after this call.
+///
 #[rustc_intrinsic]
 #[rustc_nounwind]
 pub unsafe fn va_end(ap: &mut VaListImpl<'_>);