Skip to content

Commit

Permalink
reference type safety invariant docs: clarification
Browse files Browse the repository at this point in the history
  • Loading branch information
RalfJung committed May 12, 2024
1 parent 2259028 commit 7c76eec
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions library/core/src/primitive_docs.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1475,14 +1475,17 @@ mod prim_usize {}
///
/// For instance, this means that unsafe code in a safe function may assume these invariants are
/// ensured of arguments passed by the caller, and it may assume that these invariants are ensured
/// of return values from any safe functions it calls. In most cases, the inverse is also true:
/// unsafe code must not violate these invariants when passing arguments to safe functions or
/// returning values from safe functions; such violations may result in undefined behavior. Where
/// exceptions to this latter requirement exist, they will be called out explicitly in documentation.
/// of return values from any safe functions it calls.
///
/// For the other direction, things are more complicated: when unsafe code passes arguments
/// to safe functions or returns values from safe functions, they generally must *at least*
/// not violate these invariants. The full requirements are stronger, as the reference generally
/// must point to data that is safe to use at type `T`.
///
/// It is not decided yet whether unsafe code may violate these invariants temporarily on internal
/// data. As a consequence, unsafe code which violates these invariants temporarily on internal data
/// may become unsound in future versions of Rust depending on how this question is decided.
/// may be unsound or become unsound in future versions of Rust depending on how this question is
/// decided.
///
/// [allocated object]: ptr#allocated-object
#[stable(feature = "rust1", since = "1.0.0")]
Expand Down

0 comments on commit 7c76eec

Please sign in to comment.