diff options
| author | Ralf Jung <post@ralfj.de> | 2023-07-16 13:47:16 +0200 |
|---|---|---|
| committer | Ralf Jung <post@ralfj.de> | 2023-07-16 13:47:16 +0200 |
| commit | d537a7aaa26b48e723dcea0e1d065690a5632b45 (patch) | |
| tree | b186e832d5955415b4b069968a18d0846478ae07 | |
| parent | 0548274b4b746f708ac0fd7ed772e5413afeba3e (diff) | |
| download | rust-d537a7aaa26b48e723dcea0e1d065690a5632b45.tar.gz rust-d537a7aaa26b48e723dcea0e1d065690a5632b45.zip | |
clarify that we do not prove soundness
| -rw-r--r-- | src/tools/miri/README.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/tools/miri/README.md b/src/tools/miri/README.md index 601101905f1..d51384d0a14 100644 --- a/src/tools/miri/README.md +++ b/src/tools/miri/README.md @@ -74,6 +74,12 @@ behavior** in your program, and cannot run all programs: unobservable by compiled programs running on real hardware when `SeqCst` fences are used, and it cannot produce all behaviors possibly observable on real hardware. +Moreover, Miri fundamentally cannot tell you whether your code is *sound*. Soundness is the property +of never causing undefined behavior when invoked from arbitrary safe code, even in combination with +other sound code. In contrast, Miri can just tell you if *a particular way of interacting with your +code* (e.g., a test suite) causes any undefined behavior. It is up to you to ensure sufficient +coverage. + [rust]: https://www.rust-lang.org/ [mir]: https://github.com/rust-lang/rfcs/blob/master/text/1211-mir.md [`unreachable_unchecked`]: https://doc.rust-lang.org/stable/std/hint/fn.unreachable_unchecked.html |