From 02b64d1672f58a6412a82519e47eccf3b157efff Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Wed, 31 Jul 2019 14:33:37 +0200 Subject: [PATCH] clarify dangling --- src/what-unsafe-does.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/what-unsafe-does.md b/src/what-unsafe-does.md index 58a78e2..228c970 100644 --- a/src/what-unsafe-does.md +++ b/src/what-unsafe-does.md @@ -47,9 +47,10 @@ language cares about is preventing the following things: function/primitive operation or returned from a function/primitive operation. A reference/pointer is "dangling" if it is null or not all of the bytes it -points to are part of the same allocation. The span of bytes it points to is -determined by the pointer value and the size of the pointee type. If the span -is empty, "dangling" is the same as "non-null". +points to are part of the same allocation (so in particular they all have to be +part of *some* allocation). The span of bytes it points to is determined by the +pointer value and the size of the pointee type. As a consequence, if the span is +empty, "dangling" is the same as "non-null". That's it. That's all the causes of Undefined Behavior baked into Rust. Of course, unsafe functions and traits are free to declare arbitrary other