mirror of
https://github.com/rust-lang/rust.git
synced 2025-02-16 17:03:35 +00:00
ab9e0a72ef
reference type safety invariant docs: clarification The old text could have been read as saying that you can call a function if these requirements are upheld, which is definitely not true as they are an underapproximation of the actual safety invariant. I removed the part about functions relaxing the requirements via their documentation... this seems incoherent with saying that it may actually be unsound to ever temporarily violate the requirement. Furthermore, a function *cannot* just relax this for its return value, that would in general be unsound. And the part about "unsafe code in a safe function may assume these invariants are ensured of arguments passed by the caller" also interacts with relaxing things: clearly, if the invariant has been relaxed, unsafe code cannot rely on it any more. There may be a place to give general guidance on what kinds of function contracts can exist, but the reference type is definitely not the right place to write that down. I also took a clarification from https://github.com/rust-lang/rust/pull/121965 that is orthogonal to the rest of that PR. Cc ```@joshlf``` ```@scottmcm``` |
||
|---|---|---|
| .. | ||
| alloc | ||
| backtrace@e151306182 | ||
| core | ||
| panic_abort | ||
| panic_unwind | ||
| portable-simd | ||
| proc_macro | ||
| profiler_builtins | ||
| rtstartup | ||
| rustc-std-workspace-alloc | ||
| rustc-std-workspace-core | ||
| rustc-std-workspace-std | ||
| std | ||
| stdarch@df3618d9f3 | ||
| sysroot | ||
| test | ||
| unwind | ||