Here we track all the FCPs of the team. These reflect consensus decisions and are thus a useful starting point for figuring out what is (and is not) guaranteed.
- Stack-allocated 8-aligned objects are insufficiently aligned by MSCV on x86-32. That is indeed UB when such pointers flow to Rust.
- The validity invariant of integers, floats, bool, thin raw pointers, and char is as documented here.
- The validity invariant of function pointers is as documented here.
- Typed copies reset all padding bytes to uninitialized memory.
- Layout cannot change at runtime.
- Unsafe code gets to assume that
size == stridein arrays. - The
*projection (value-to-place conversion) itself is never UB; instead, inbounds/alignment checks get deferred to later during place evaluation. _patterns inmatchdo not read from the place, they only require place construction itself to succeed without UB.- Atomic loads can work on read-only memory, but only under some conditions.
- Zero-sized memory accesses and offsets are NOPs
- The validity invariant of slice wide pointer metadata are defined here.
- Int-to-pointer transmutation is questionable.
- Redundant StorageDead/StorageLive are legal.
size_of_valis safe to call on slice-tailed unsized types with a dynamic slice length of 0.