From f59eca24f4398d0cd62316fd323afe0b1857ecfa Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 20 Jul 2019 22:57:28 +0200 Subject: [PATCH] be more precise about dangling --- src/what-unsafe-does.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/what-unsafe-does.md b/src/what-unsafe-does.md index f3b10cc..e583044 100644 --- a/src/what-unsafe-does.md +++ b/src/what-unsafe-does.md @@ -16,7 +16,8 @@ to your program. You definitely *should not* invoke Undefined Behavior. Unlike C, Undefined Behavior is pretty limited in scope in Rust. All the core language cares about is preventing the following things: -* Dereferencing null, dangling, or unaligned references or raw pointers +* Loading from or storing to null, dangling, or unaligned references or raw + pointers * Performing out-of-bounds arithmetic for the computation of an `enum`/`struct`/array/slice/tuple field address * Reading [uninitialized memory][] @@ -37,6 +38,10 @@ language cares about is preventing the following things: "Producing" a value happens any time a value is assigned, passed to a function/primitive operation or returned from a function/primitive operation. +A reference/pointer is "dangling" if not all of the bytes it points to are part +of the same allocation. The span of bytes it points to is determined by the +pointer value and the size of the pointee type. + That's it. That's all the causes of Undefined Behavior baked into Rust. Of course, unsafe functions and traits are free to declare arbitrary other constraints that a program must maintain to avoid Undefined Behavior. For