Merge pull request rust-lang#647 from RalfJung/sound

Define sound and unsound

src/behavior-considered-undefined.md

@@ -1,9 +1,16 @@
 ## Behavior considered undefined
 
-Rust code, including within `unsafe` blocks and `unsafe` functions is incorrect
-if it exhibits any of the behaviors in the following list. It is the
-programmer's responsibility when writing `unsafe` code that it is not possible
-to let `safe` code exhibit these behaviors.
+Rust code is incorrect if it exhibits any of the behaviors in the following
+list. This includes code within `unsafe` blocks and `unsafe` functions.
+`unsafe` only means that avoiding undefined behavior is on the programmer; it
+does not change anything about the fact that Rust programs must never cause
+undefined behavior.
+
+It is the programmer's responsibility when writing `unsafe` code to ensure that
+any safe code interacting with the `unsafe` code cannot trigger these
+behaviors. `unsafe` code that satisfies this property for any safe client is
+called *sound*; if `unsafe` code can be misused by safe code to exhibit
+undefined behavior, it is *unsound*.
 
 <div class="warning">