From f4add4be0305a51cf54e22b39aa9ef0e58b0fe53 Mon Sep 17 00:00:00 2001 From: Pure White Date: Sun, 24 Mar 2024 21:47:23 +0800 Subject: [PATCH 1/5] add link to reference about undefined behavior --- src/what-unsafe-does.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/what-unsafe-does.md b/src/what-unsafe-does.md index 67fbe8ae..372538ed 100644 --- a/src/what-unsafe-does.md +++ b/src/what-unsafe-does.md @@ -41,6 +41,9 @@ language cares about is preventing the following things: [`NonNull`] that is null. (Requesting custom invalid values is an unstable feature, but some stable libstd types, like `NonNull`, make use of it.) +For a more detailed explanation about "Undefined Bahavior", you may refer to +[the reference][behavior-considered-undefined]. + "Producing" a value happens any time a value is assigned, passed to a function/primitive operation or returned from a function/primitive operation. @@ -75,6 +78,8 @@ Rust considers it "safe" to: * Abort the program * Delete the production database +For more detailed information, you may refer to [the reference][behavior-not-considered-unsafe]. + However any program that actually manages to do such a thing is *probably* incorrect. Rust provides lots of tools to make these things rare, but these problems are considered impractical to categorically prevent. @@ -84,3 +89,5 @@ these problems are considered impractical to categorically prevent. [race]: races.html [target features]: ../reference/attributes/codegen.html#the-target_feature-attribute [`NonNull`]: ../std/ptr/struct.NonNull.html +[behavior-considered-undefined]: ../reference/behavior-considered-undefined.html +[behavior-not-considered-unsafe]: ../reference/behavior-not-considered-unsafe.html From 8d96cc06854f148f33ff7408fd9cead3f27c5f99 Mon Sep 17 00:00:00 2001 From: guqicun Date: Sat, 6 Apr 2024 18:20:19 +0800 Subject: [PATCH 2/5] chore: fix typo Signed-off-by: guqicun --- src/subtyping.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/subtyping.md b/src/subtyping.md index 4c45b2d3..f09feade 100644 --- a/src/subtyping.md +++ b/src/subtyping.md @@ -268,7 +268,7 @@ To see why `fn(T) -> U` should be covariant over `U`, consider the following sig fn get_str() -> &'a str; ``` -This function claims to produce a `str` bound by some liftime `'a`. As such, it is perfectly valid to +This function claims to produce a `str` bound by some lifetime `'a`. As such, it is perfectly valid to provide a function with the following signature instead: From 462ac2d92c80aa10ae378c0f73057dfc8e4754fd Mon Sep 17 00:00:00 2001 From: Ben Kimock Date: Sat, 18 May 2024 20:14:40 -0400 Subject: [PATCH 3/5] cfg out the extern crate libc on Windows --- src/beneath-std.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/beneath-std.md b/src/beneath-std.md index 02a02bd7..da2cc500 100644 --- a/src/beneath-std.md +++ b/src/beneath-std.md @@ -19,7 +19,10 @@ Note that the default features have been disabled. This is a critical step - disabled.** Alternatively, we can use the unstable `rustc_private` private feature together -with an `extern crate libc;` declaration as shown in the examples below. +with an `extern crate libc;` declaration as shown in the examples below. Note that +windows-msvc targets do not require a libc, and correspondingly there is no `libc` +crate in their sysroot. We do not need the `extern crate libc;` below, and having it +on a windows-msvc target would be a compile error. ## Writing an executable without `std` @@ -39,11 +42,12 @@ in the same format as C (aside from the exact integer types being used): #![allow(internal_features)] #![no_std] -// Necessary for `panic = "unwind"` builds on some platforms. +// Necessary for `panic = "unwind"` builds on cfg(unix) platforms. #![feature(panic_unwind)] extern crate unwind; // Pull in the system libc library for what crt0.o likely requires. +#[cfg(not(windows))] extern crate libc; use core::panic::PanicInfo; @@ -73,11 +77,12 @@ compiler's name mangling too: #![no_std] #![no_main] -// Necessary for `panic = "unwind"` builds on some platforms. +// Necessary for `panic = "unwind"` builds on cfg(unix) platforms. #![feature(panic_unwind)] extern crate unwind; // Pull in the system libc library for what crt0.o likely requires. +#[cfg(not(windows))] extern crate libc; use core::ffi::{c_char, c_int}; From 1d0b6c122ba6c79e3a11d9f80f9d79125a260bb4 Mon Sep 17 00:00:00 2001 From: alimf17 Date: Fri, 2 Aug 2024 13:55:45 -0400 Subject: [PATCH 4/5] Update what-unsafe-does.md --- src/what-unsafe-does.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/what-unsafe-does.md b/src/what-unsafe-does.md index 372538ed..3fb07216 100644 --- a/src/what-unsafe-does.md +++ b/src/what-unsafe-does.md @@ -5,7 +5,7 @@ The only things that are different in Unsafe Rust are that you can: * Dereference raw pointers * Call `unsafe` functions (including C functions, compiler intrinsics, and the raw allocator) * Implement `unsafe` traits -* Mutate statics +* Access or modify mutable statics * Access fields of `union`s That's it. The reason these operations are relegated to Unsafe is that misusing From 16d2f21daea641f4da7c5821446d7816af4d9c81 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 3 Aug 2024 13:10:52 +0200 Subject: [PATCH 5/5] repr(int) enums: both size and sign matter --- src/other-reprs.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/other-reprs.md b/src/other-reprs.md index 228b22bd..289da575 100644 --- a/src/other-reprs.md +++ b/src/other-reprs.md @@ -42,7 +42,7 @@ says they should still consume a byte of space. difference from a struct is that the fields aren’t named. * `repr(C)` is equivalent to one of `repr(u*)` (see the next section) for -fieldless enums. The chosen size is the default enum size for the target platform's C +fieldless enums. The chosen size and sign is the default enum size and sign for the target platform's C application binary interface (ABI). Note that enum representation in C is implementation defined, so this is really a "best guess". In particular, this may be incorrect when the C code of interest is compiled with certain flags. @@ -79,7 +79,7 @@ More details are in the [RFC 1758][rfc-transparent] and the [RFC 2645][rfc-trans ## repr(u*), repr(i*) -These specify the size to make a fieldless enum. If the discriminant overflows +These specify the size and sign to make a fieldless enum. If the discriminant overflows the integer it has to fit in, it will produce a compile-time error. You can manually ask Rust to allow this by setting the overflowing element to explicitly be 0. However Rust will not allow you to create an enum where two variants have @@ -89,7 +89,7 @@ The term "fieldless enum" only means that the enum doesn't have data in any of its variants. A fieldless enum without a `repr(u*)` or `repr(C)` is still a Rust native type, and does not have a stable ABI representation. Adding a `repr` causes it to be treated exactly like the specified -integer size for ABI purposes. +integer type for ABI purposes. If the enum has fields, the effect is similar to the effect of `repr(C)` in that there is a defined layout of the type. This makes it possible to