You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: reference/src/glossary.md
+2-2
Original file line number
Diff line number
Diff line change
@@ -129,7 +129,7 @@ fn main() { unsafe {
129
129
The *safety* invariant is an invariant that safe code may assume all data to uphold.
130
130
This invariant is used to justify which operations safe code can perform.
131
131
The safety invariant can be temporarily violated by unsafe code, but must always be upheld when interfacing with unknown safe code.
132
-
It is not relevant when arguing whether some *program* has UB, but it is relevant when arguing whether some code safely encapsulates its unsafety -- IOW, it is relevant when arguing whether some *library* is [sound][soundness].
132
+
It is not relevant when arguing whether some *program* has UB, but it is relevant when arguing whether some code safely encapsulates its unsafety -- in other words, it is relevant when arguing whether some *library* is [sound][soundness].
133
133
134
134
In terms of code, some data computed by `TERM` (possibly constructed from some `arguments` that can be *assumed* to satisfy the safety invariant) is valid at type `T` if and only if the following library function can be safely exposed to arbitrary (safe) code as part of the public library interface:
135
135
```rust,ignore
@@ -155,7 +155,7 @@ In return, the compiler promises to compile the code in a way that the final pro
155
155
If it turns out the program *does* have undefined behavior, the contract is void, and the program produced by the compiler is essentially garbage (in particular, it is not bound by any specification; the program does not even have to be well-formed executable code).
156
156
157
157
In Rust, the [Nomicon](https://doc.rust-lang.org/nomicon/what-unsafe-does.html) and the [Reference](https://doc.rust-lang.org/reference/behavior-considered-undefined.html) both have a list of behavior that the language considers undefined.
158
-
Rust promises that safe code cannot cause Undefined Behavior---it takes the burden of this contract on itself.
158
+
Rust promises that safe code cannot cause Undefined Behavior---the compiler and authors of unsafe code takes the burden of this contract on themselves.
159
159
For unsafe code, however, the burden is still on the programmer.
0 commit comments