From fe7f9303aae819691258dac750cfb570611b2924 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 11 Apr 2020 16:35:00 +0200 Subject: [PATCH 1/2] remove language-level UB for non-UTF-8 str --- src/behavior-considered-undefined.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md index 89c318a04..d40351674 100644 --- a/src/behavior-considered-undefined.md +++ b/src/behavior-considered-undefined.md @@ -51,7 +51,6 @@ code. `Trait` that matches the actual dynamic trait the pointer or reference points to. * Slice metadata is invalid if the length is not a valid `usize` (i.e., it must not be read from uninitialized memory). - * Non-UTF-8 byte sequences in a `str`. * Invalid values for a type with a custom definition of invalid values. In the standard library, this affects [`NonNull`] and [`NonZero*`]. @@ -63,8 +62,8 @@ points to are part of the same allocation (so in particular they all have to be part of *some* allocation). The span of bytes it points to is determined by the pointer value and the size of the pointee type (using `size_of_val`). As a consequence, if the span is empty, "dangling" is the same as "non-null". Note -that slices point to their entire range, so it is important that the length -metadata is never too large. In particular, allocations and therefore slices +that slices and strings point to their entire range, so it is important that the length +metadata is never too large. In particular, allocations and therefore slices and strings cannot be bigger than `isize::MAX` bytes. > **Note**: Undefined behavior affects the entire program. For example, calling From c7e1552035b4dacce903b64a89c750012e4c1f10 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 11 May 2020 18:36:42 +0200 Subject: [PATCH 2/2] clarify that str data must still be initialized --- src/behavior-considered-undefined.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md index d40351674..d2488591c 100644 --- a/src/behavior-considered-undefined.md +++ b/src/behavior-considered-undefined.md @@ -44,7 +44,7 @@ code. * A value in a `char` which is a surrogate or above `char::MAX`. * A `!` (all values are invalid for this type). * An integer (`i*`/`u*`), floating point value (`f*`), or raw pointer obtained - from [uninitialized memory][undef]. + from [uninitialized memory][undef], or uninitialized memory in a `str`. * A reference or `Box` that is dangling, unaligned, or points to an invalid value. * Invalid metadata in a wide reference, `Box`, or raw pointer: * `dyn Trait` metadata is invalid if it is not a pointer to a vtable for