|
|
|
@ -16,8 +16,7 @@ to your program. You definitely *should not* invoke Undefined Behavior.
|
|
|
|
Unlike C, Undefined Behavior is pretty limited in scope in Rust. All the core
|
|
|
|
Unlike C, Undefined Behavior is pretty limited in scope in Rust. All the core
|
|
|
|
language cares about is preventing the following things:
|
|
|
|
language cares about is preventing the following things:
|
|
|
|
|
|
|
|
|
|
|
|
* Dereferencing (using the `*` operator on) dangling, or unaligned pointers, or
|
|
|
|
* Dereferencing (using the `*` operator on) dangling or unaligned pointers (see below)
|
|
|
|
wide pointers with invalid metadata (see below)
|
|
|
|
|
|
|
|
* Breaking the [pointer aliasing rules][]
|
|
|
|
* Breaking the [pointer aliasing rules][]
|
|
|
|
* Unwinding into another language
|
|
|
|
* Unwinding into another language
|
|
|
|
* Causing a [data race][race]
|
|
|
|
* Causing a [data race][race]
|
|
|
|
@ -36,6 +35,7 @@ language cares about is preventing the following things:
|
|
|
|
`isize::MAX` bytes in memory
|
|
|
|
`isize::MAX` bytes in memory
|
|
|
|
* `dyn Trait` metadata is invalid if it is not a pointer to a vtable for
|
|
|
|
* `dyn Trait` metadata is invalid if it is not a pointer to a vtable for
|
|
|
|
`Trait` that matches the actual dynamic trait the reference points to
|
|
|
|
`Trait` that matches the actual dynamic trait the reference points to
|
|
|
|
|
|
|
|
* a wide raw pointer that has invalid metadata (see above)
|
|
|
|
* a `str` that isn't valid UTF-8
|
|
|
|
* a `str` that isn't valid UTF-8
|
|
|
|
* an integer (`i*`/`u*`), floating point value (`f*`), or raw pointer read from
|
|
|
|
* an integer (`i*`/`u*`), floating point value (`f*`), or raw pointer read from
|
|
|
|
[uninitialized memory][]
|
|
|
|
[uninitialized memory][]
|
|
|
|
|
Ralf Jung
5 years ago