add the first litmus test, and a template

nikomatsakis · nikomatsakis · commit 8d2b5937698d · 2016-02-19T07:37:43.000-05:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/README.md b/README.md
@@ -0,0 +1,27 @@
+This repository is intended to help us develop a coherent and clear
+"memory model" for Rust. The goal of a memory model specifically is to
+define:
+
+- what kinds of aliasing and accesses unsafe code can perform;
+- what kinds of transformations and optimizations the compiler can do.
+
+This in turn implies the kinds of things that unsafe code can rely on.
+
+We're still in the 'data gathering' stage of this effort. Therefore,
+this repository currently consists of a series of examples scraped
+from various comment threads. These are broken into two categories:
+
+- `litmus_tests` -- bits of unsafe code that someone might write;
+  eventually, we may decide that some of these bits of unsafe code are
+  illegal and hence might trigger undefined behavior.
+- `optimizations` -- transformations the compiler might want to
+  perform; eventually, we may decide that some of these bits of unsafe
+  code are illegal and hence the compiler could not do them.
+  
+Naturally these two things are in tension. That is, the more
+optimizations the compiler can do, the fewer litmus tests will be
+legal. Eventually I would like to make a nice chart indicating which
+tests are in conflict with which optimizations.
+
+For each example, I include a markdown file
+
diff --git a/litmus_tests/compare_dangling_pointers.md b/litmus_tests/compare_dangling_pointers.md
@@ -0,0 +1,35 @@
+### Example
+
+```
+fn compare_dangling_pointers()
+{
+    let p1: *const i32;
+    {
+        let x = Box::new(0);
+        p1 = &*x;
+    }
+    {
+        let y = Box::new(0);
+        let p2: *const _ = &*y;
+        let b = p1 == p2;
+        println!("Are they equal? {} {}", b, b, p1 == p2);
+    }
+}
+```
+
+### Explanation
+
+In C, once an object is deallocated, all pointers to it have an
+indeterminate value. Hence the value of `p1` would be indeterminate
+here. But it is accessible in safe Rust.
+
+However, LLVM has a [different model][sunfish1], where it thinks only
+about "aliasing". In other words, even if two pointers are equal, they
+might be considered not to alias, in the case that one of them is
+invalidated. This makes the above code perfectly legal.
+
+[sunfish1]: https://internals.rust-lang.org/t/comparing-dangling-pointers/3019/22?u=nikomatsakis
+
+### Source
+
+https://internals.rust-lang.org/t/comparing-dangling-pointers/3019
diff --git a/template.md b/template.md
@@ -0,0 +1,17 @@
+### Example
+
+```
+rust source code
+```
+
+(In the case of a compiler transform, include the transformed source
+code as well.)
+
+### Explanation
+
+What makes this example interesting? A few words
+can go a long way.
+
+### Source
+
+Where did this example come from?
