From 3724dab341d875fcf4530957d713d7041401d0c6 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 5 Aug 2019 19:42:14 +0200 Subject: [PATCH 1/4] sound and unsound --- src/behavior-considered-undefined.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md index 1a1ec9dc356a0..069df50c4506a 100644 --- a/src/behavior-considered-undefined.md +++ b/src/behavior-considered-undefined.md @@ -1,9 +1,14 @@ ## Behavior considered undefined -Rust code, including within `unsafe` blocks and `unsafe` functions is incorrect -if it exhibits any of the behaviors in the following list. It is the -programmer's responsibility when writing `unsafe` code that it is not possible -to let `safe` code exhibit these behaviors. +Rust code is incorrect if it exhibits any of the behaviors in the following +list. This includes code within `unsafe` blocks and `unsafe` functions! +`unsafe` is not an excuse to cause undefined behavior. + +It is the programmer's responsibility when writing `unsafe` code that it is not +possible to let `safe` code exhibit these behaviors. `unsafe` code that +satisfies this property for any `safe` client is called *sound*; if `unsafe` +code can be misused by `safe` code to exhibit undefined behavior, it is +*unsound*.
From 1ef61c3e8aa2b1bed3864c3bf7c4e8522c139c66 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Tue, 6 Aug 2019 18:10:43 +0200 Subject: [PATCH 2/4] Apply suggestions from code review Co-Authored-By: Mazdak Farrokhzad --- src/behavior-considered-undefined.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md index 069df50c4506a..d323b66102ea2 100644 --- a/src/behavior-considered-undefined.md +++ b/src/behavior-considered-undefined.md @@ -1,13 +1,13 @@ ## Behavior considered undefined Rust code is incorrect if it exhibits any of the behaviors in the following -list. This includes code within `unsafe` blocks and `unsafe` functions! +list. This includes code within `unsafe` blocks and `unsafe` functions. `unsafe` is not an excuse to cause undefined behavior. -It is the programmer's responsibility when writing `unsafe` code that it is not +It is the programmer's responsibility when writing `unsafe` code to ensure that it is not possible to let `safe` code exhibit these behaviors. `unsafe` code that -satisfies this property for any `safe` client is called *sound*; if `unsafe` -code can be misused by `safe` code to exhibit undefined behavior, it is +satisfies this property for any safe client is called *sound*; if `unsafe` +code can be misused by safe code to exhibit undefined behavior, it is *unsound*.
From 95995e5be808a734ef196f5fee18fcbea48468c9 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Tue, 6 Aug 2019 20:56:58 +0200 Subject: [PATCH 3/4] no excuse --- src/behavior-considered-undefined.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md index d323b66102ea2..244926dd23d9e 100644 --- a/src/behavior-considered-undefined.md +++ b/src/behavior-considered-undefined.md @@ -2,7 +2,9 @@ Rust code is incorrect if it exhibits any of the behaviors in the following list. This includes code within `unsafe` blocks and `unsafe` functions. -`unsafe` is not an excuse to cause undefined behavior. +`unsafe` only means that avoiding undefined behavior is on the programmer; it +does not change anything about the fact that Rust programs must never cause +undefined behavior. It is the programmer's responsibility when writing `unsafe` code to ensure that it is not possible to let `safe` code exhibit these behaviors. `unsafe` code that From 3597e8f912452d1f8f422bdb967c66f482df5dcf Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Tue, 6 Aug 2019 20:58:40 +0200 Subject: [PATCH 4/4] quantifying more explicitly over all clients --- src/behavior-considered-undefined.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md index 244926dd23d9e..b6a9aabe93f74 100644 --- a/src/behavior-considered-undefined.md +++ b/src/behavior-considered-undefined.md @@ -6,11 +6,11 @@ list. This includes code within `unsafe` blocks and `unsafe` functions. does not change anything about the fact that Rust programs must never cause undefined behavior. -It is the programmer's responsibility when writing `unsafe` code to ensure that it is not -possible to let `safe` code exhibit these behaviors. `unsafe` code that -satisfies this property for any safe client is called *sound*; if `unsafe` -code can be misused by safe code to exhibit undefined behavior, it is -*unsound*. +It is the programmer's responsibility when writing `unsafe` code to ensure that +any safe code interacting with the `unsafe` code cannot trigger these +behaviors. `unsafe` code that satisfies this property for any safe client is +called *sound*; if `unsafe` code can be misused by safe code to exhibit +undefined behavior, it is *unsound*.