Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doc clarification for MaybeUninit::zeroed() #74343

Closed
kjvalencik opened this issue Jul 14, 2020 · 0 comments · Fixed by #74602
Closed

Doc clarification for MaybeUninit::zeroed() #74343

kjvalencik opened this issue Jul 14, 2020 · 0 comments · Fixed by #74602
Labels
A-docs Area: Documentation for any part of the project, including the compiler, standard library, and tools C-enhancement Category: An issue proposing an enhancement or a PR with one.

Comments

@kjvalencik
Copy link

kjvalencik commented Jul 14, 2020
edited
Loading

👋 Hi! While reading the documentation for MaybeUninit::zeroed() I found it unclear whether using this method for a struct where 0 is an invalid bit pattern is correct usage or not.

The method description makes it clear that it is acceptable to use this method, only a user cannot assume that it is already valid.

It depends on T whether that already makes for proper initialization.

https://doc.rust-lang.org/std/mem/union.MaybeUninit.html#method.zeroed

However, the example introduces some ambiguity.

Incorrect usage of this function: initializing a struct with zero, where some fields cannot hold 0 as a valid value.

This phrasing seems to suggest that you should not use MaybeUninit::zeroed() when 0 is not a valid bit pattern. However, I believe the intent is to merely to convey that calling assume_init() without otherwise initializing the value is invalid.

There are some valid use cases to zero the memory to prevent an accidental security issue from mis-initialization, even if the bit pattern is invalid.

Suggested alternate phrasing:

Incorrect usage of this function: assuming zero filled memory is initialized, where some fields cannot hold 0 as a valid value, without overwriting with a valid bit-pattern.
@Alexendoo Alexendoo added C-enhancement Category: An issue proposing an enhancement or a PR with one. A-docs Area: Documentation for any part of the project, including the compiler, standard library, and tools labels Jul 15, 2020
@poliorcetics poliorcetics mentioned this issue Jul 21, 2020
Merged
@bors bors closed this as completed in 39436eb Aug 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-docs Area: Documentation for any part of the project, including the compiler, standard library, and tools C-enhancement Category: An issue proposing an enhancement or a PR with one.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Clarify the doc for MaybeUninit::zeroed on incorrect use poliorcetics/rust
2 participants
@Alexendoo @kjvalencik