@@ -4,32 +4,34 @@ The following is a list of behavior which is forbidden in all Rust code,
44including within ` unsafe ` blocks and ` unsafe ` functions. Type checking provides
55the guarantee that these issues are never caused by safe code.
66
7- * Data races
8- * Dereferencing a null/dangling raw pointer
9- * Reads of [ undef] ( http://llvm.org/docs/LangRef.html#undefined-values )
10- (uninitialized) memory
11- * Breaking the [ pointer aliasing
12- rules] ( http://llvm.org/docs/LangRef.html#pointer-aliasing-rules )
13- on accesses through raw pointers (a subset of the rules used by C)
7+ * Data races.
8+ * Dereferencing a null or dangling raw pointer.
9+ * Reads of [ undef] \( uninitialized) memory.
10+ * Breaking the [ pointer aliasing rules] on accesses through raw pointers;
11+ a subset of the rules used by C.
1412* ` &mut T ` and ` &T ` follow LLVM’s scoped [ noalias] model, except if the ` &T `
15- contains an ` UnsafeCell<U> ` . Unsafe code must not violate these aliasing
16- guarantees.
17- * Mutating non-mutable data (that is, data reached through a shared reference or
18- data owned by a ` let ` binding), unless that data is contained within an ` UnsafeCell<U> ` .
13+ contains an [ ` UnsafeCell<U> ` ] .
14+ * Mutating non-mutable data & mdash ; that is, data reached through a shared
15+ reference or data owned by a ` let ` binding), unless that data is contained
16+ within an [ ` UnsafeCell<U> ` ] .
1917* Invoking undefined behavior via compiler intrinsics:
20- * Indexing outside of the bounds of an object with ` std::ptr::offset `
21- (` offset ` intrinsic), with
22- the exception of one byte past the end which is permitted.
23- * Using ` std::ptr::copy_nonoverlapping_memory ` (` memcpy32 ` /` memcpy64 `
24- intrinsics) on overlapping buffers
25- * Invalid values in primitive types, even in private fields/locals:
26- * Dangling/null references or boxes
27- * A value other than ` false ` (0) or ` true ` (1) in a ` bool `
28- * A discriminant in an ` enum ` not included in the type definition
29- * A value in a ` char ` which is a surrogate or above ` char::MAX `
30- * Non-UTF-8 byte sequences in a ` str `
18+ * Indexing outside of the bounds of an object with [ ` offset ` ] with
19+ the exception of one byte past the end of the object.
20+ * Using [ ` std::ptr::copy_nonoverlapping_memory ` ] , a.k.a. the ` memcpy32 ` and
21+ ` memcpy64 ` intrinsics, on overlapping buffers.
22+ * Invalid values in primitive types, even in private fields and locals:
23+ * Dangling or null references and boxes.
24+ * A value other than ` false ` (` 0 ` ) or ` true ` (` 1 ` ) in a ` bool ` .
25+ * A discriminant in an ` enum ` not included in the type definition.
26+ * A value in a ` char ` which is a surrogate or above ` char::MAX ` .
27+ * Non-UTF-8 byte sequences in a ` str ` .
3128* Unwinding into Rust from foreign code or unwinding from Rust into foreign
32- code. Rust's failure system is not compatible with exception handling in
29+ code. Rust's panic system is not compatible with exception handling in
3330 other languages. Unwinding must be caught and handled at FFI boundaries.
3431
3532[ noalias ] : http://llvm.org/docs/LangRef.html#noalias
33+ [ pointer aliasing rules ] : http://llvm.org/docs/LangRef.html#pointer-aliasing-rules
34+ [ undef ] : http://llvm.org/docs/LangRef.html#undefined-values
35+ [ `offset` ] : https://doc.rust-lang.org/std/primitive.pointer.html#method.offset
36+ [ `std::ptr::copy_nonoverlapping_memory` ] : https://doc.rust-lang.org/std/ptr/fn.copy_nonoverlapping.html
37+ [ `UnsafeCell<U>` ] : https://doc.rust-lang.org/std/cell/struct.UnsafeCell.html
0 commit comments