Skip to content

Commit b867c7c

Browse files
joshlfjoshlf
authored
Update primitive_docs.rs
1 parent c2c6e33 commit b867c7c

File tree

1 file changed

+12
-7
lines changed

1 file changed

+12
-7
lines changed

library/core/src/primitive_docs.rs

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1392,20 +1392,25 @@ mod prim_usize {}
13921392
///
13931393
/// # Safety
13941394
///
1395-
/// For all types, `T: ?Sized`, and for all `t: &T` or `t: &mut T`, unsafe code may assume that
1396-
/// the following properties hold. Rust programmers must assume that, unless explicitly stated
1397-
/// otherwise, any Rust code they did not author themselves may rely on these properties, and that
1398-
/// violating them may cause that code to exhibit undefined behavior.
1395+
/// For all types, `T: ?Sized`, and for all `t: &T` or `t: &mut T`, when such values cross an API
1396+
/// boundary, the following invariants must generally be upheld:
13991397
///
14001398
/// * `t` is aligned to `align_of_val(t)`
14011399
/// * `t` is dereferenceable for `size_of_val(t)` many bytes
14021400
///
14031401
/// If `t` points at address `a`, being "dereferenceable" for N bytes means that the memory range
14041402
/// `[a, a + N)` is all contained within a single [allocated object].
14051403
///
1406-
/// Note that the precise validity invariants for reference types are a work in progress. In the
1407-
/// future, new guarantees may be added. However, the guarantees documented in this section will
1408-
/// never be removed.
1404+
/// For instance, this means that unsafe code in a safe function may assume these invariants are
1405+
/// ensured of arguments passed by the caller, and it may assume that these invariants are ensured
1406+
/// of return values from any safe functions it calls. In most cases, the inverse is also true:
1407+
/// unsafe code must not violate these invariants when passing arguments to safe functions or
1408+
/// returning values from safe functions; such violations may result in undefined behavior. Where
1409+
/// exceptions to this latter requirement exist, they will be called out explicitly in documentation.
1410+
///
1411+
/// It is not decided yet whether unsafe code may violate these invariants temporarily on internal
1412+
/// data. As a consequence, unsafe code which violates these invariants temporarily on internal data
1413+
/// may become unsound in future versions of Rust depending on how this question is decided.
14091414
///
14101415
/// [allocated object]: ptr#allocated-object
14111416
#[stable(feature = "rust1", since = "1.0.0")]

0 commit comments

Comments
 (0)