@@ -4,32 +4,34 @@ The following is a list of behavior which is forbidden in all Rust code,
4
4
including within ` unsafe ` blocks and ` unsafe ` functions. Type checking provides
5
5
the guarantee that these issues are never caused by safe code.
6
6
7
- * Data races
8
- * Dereferencing a null/dangling raw pointer
9
- * Reads of [ undef] ( http://llvm.org/docs/LangRef.html#undefined-values )
10
- (uninitialized) memory
11
- * Breaking the [ pointer aliasing
12
- rules] ( http://llvm.org/docs/LangRef.html#pointer-aliasing-rules )
13
- on accesses through raw pointers (a subset of the rules used by C)
7
+ * Data races.
8
+ * Dereferencing a null or dangling raw pointer.
9
+ * Reads of [ undef] \( uninitialized) memory.
10
+ * Breaking the [ pointer aliasing rules] on accesses through raw pointers;
11
+ a subset of the rules used by C.
14
12
* ` &mut T ` and ` &T ` follow LLVM’s scoped [ noalias] model, except if the ` &T `
15
- contains an ` UnsafeCell<U> ` . Unsafe code must not violate these aliasing
16
- guarantees.
17
- * Mutating non-mutable data (that is, data reached through a shared reference or
18
- data owned by a ` let ` binding), unless that data is contained within an ` UnsafeCell<U> ` .
13
+ contains an [ ` UnsafeCell<U> ` ] .
14
+ * Mutating non-mutable data & mdash ; that is, data reached through a shared
15
+ reference or data owned by a ` let ` binding), unless that data is contained
16
+ within an [ ` UnsafeCell<U> ` ] .
19
17
* Invoking undefined behavior via compiler intrinsics:
20
- * Indexing outside of the bounds of an object with ` std::ptr::offset `
21
- (` offset ` intrinsic), with
22
- the exception of one byte past the end which is permitted.
23
- * Using ` std::ptr::copy_nonoverlapping_memory ` (` memcpy32 ` /` memcpy64 `
24
- intrinsics) on overlapping buffers
25
- * Invalid values in primitive types, even in private fields/locals:
26
- * Dangling/null references or boxes
27
- * A value other than ` false ` (0) or ` true ` (1) in a ` bool `
28
- * A discriminant in an ` enum ` not included in the type definition
29
- * A value in a ` char ` which is a surrogate or above ` char::MAX `
30
- * Non-UTF-8 byte sequences in a ` str `
18
+ * Indexing outside of the bounds of an object with [ ` offset ` ] with
19
+ the exception of one byte past the end of the object.
20
+ * Using [ ` std::ptr::copy_nonoverlapping_memory ` ] , a.k.a. the ` memcpy32 ` and
21
+ ` memcpy64 ` intrinsics, on overlapping buffers.
22
+ * Invalid values in primitive types, even in private fields and locals:
23
+ * Dangling or null references and boxes.
24
+ * A value other than ` false ` (` 0 ` ) or ` true ` (` 1 ` ) in a ` bool ` .
25
+ * A discriminant in an ` enum ` not included in the type definition.
26
+ * A value in a ` char ` which is a surrogate or above ` char::MAX ` .
27
+ * Non-UTF-8 byte sequences in a ` str ` .
31
28
* Unwinding into Rust from foreign code or unwinding from Rust into foreign
32
- code. Rust's failure system is not compatible with exception handling in
29
+ code. Rust's panic system is not compatible with exception handling in
33
30
other languages. Unwinding must be caught and handled at FFI boundaries.
34
31
35
32
[ noalias ] : http://llvm.org/docs/LangRef.html#noalias
33
+ [ pointer aliasing rules ] : http://llvm.org/docs/LangRef.html#pointer-aliasing-rules
34
+ [ undef ] : http://llvm.org/docs/LangRef.html#undefined-values
35
+ [ `offset` ] : https://doc.rust-lang.org/std/primitive.pointer.html#method.offset
36
+ [ `std::ptr::copy_nonoverlapping_memory` ] : https://doc.rust-lang.org/std/ptr/fn.copy_nonoverlapping.html
37
+ [ `UnsafeCell<U>` ] : https://doc.rust-lang.org/std/cell/struct.UnsafeCell.html
0 commit comments