From 9e8b42c02bfa348b024ad07652e860b125345acf Mon Sep 17 00:00:00 2001
From: Hanif Bin Ariffin <hanif.ariffin.4326@gmail.com>
Date: Sat, 25 Apr 2020 19:39:40 -0400
Subject: [PATCH] Added unsafety documentation to shift_tail

This is just the reverse of shift_head.
---
 src/libcore/slice/sort.rs | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/libcore/slice/sort.rs b/src/libcore/slice/sort.rs
index 3c14647f3c72..0177c5a9ffdf 100644
--- a/src/libcore/slice/sort.rs
+++ b/src/libcore/slice/sort.rs
@@ -76,6 +76,20 @@ where
     F: FnMut(&T, &T) -> bool,
 {
     let len = v.len();
+    // SAFETY: As with shift_head, the unsafe operations below involves indexing without a bound check (`get_unchecked` and `get_unchecked_mut`)
+    // and copying memory (`ptr::copy_nonoverlapping`).
+    //
+    // a. Indexing:
+    //  1. We checked the size of the array to >=2.
+    //  2. All the indexing that we will do is always between {0 <= index < len-1} at most.
+    //
+    // b. Memory copying
+    //  1. We are obtaining pointers to references which are guaranteed to be valid.
+    //  2. They cannot overlap because we obtain pointers to difference indices of the slice.
+    //     Namely, `i` and `i+1`.
+    //  3. FIXME: Guarantees that the elements are properly aligned?
+    //
+    // See comments below for further detail.
     unsafe {
         // If the last two elements are out-of-order...
         if len >= 2 && is_less(v.get_unchecked(len - 1), v.get_unchecked(len - 2)) {