diff options
| author | León Orell Valerian Liehr <me@fmease.dev> | 2024-05-22 23:41:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-22 23:41:11 +0200 |
| commit | ab9e0a72ef51122a1b0bbf88b7e738baaccf68d6 (patch) | |
| tree | d70f08cc26aa14bb0cdf2000a0f84236d583073f /compiler/rustc_codegen_llvm/src/errors.rs | |
| parent | 22f5bdc42b06e0719eda6e3e23f28fe5493b2305 (diff) | |
| parent | 7c76eec30ff6cdb00b234896f6e0c5b76ef7143f (diff) | |
| download | rust-ab9e0a72ef51122a1b0bbf88b7e738baaccf68d6.tar.gz rust-ab9e0a72ef51122a1b0bbf88b7e738baaccf68d6.zip | |
Rollup merge of #125043 - RalfJung:ref-type-safety-invariant, r=scottmcm
reference type safety invariant docs: clarification The old text could have been read as saying that you can call a function if these requirements are upheld, which is definitely not true as they are an underapproximation of the actual safety invariant. I removed the part about functions relaxing the requirements via their documentation... this seems incoherent with saying that it may actually be unsound to ever temporarily violate the requirement. Furthermore, a function *cannot* just relax this for its return value, that would in general be unsound. And the part about "unsafe code in a safe function may assume these invariants are ensured of arguments passed by the caller" also interacts with relaxing things: clearly, if the invariant has been relaxed, unsafe code cannot rely on it any more. There may be a place to give general guidance on what kinds of function contracts can exist, but the reference type is definitely not the right place to write that down. I also took a clarification from https://github.com/rust-lang/rust/pull/121965 that is orthogonal to the rest of that PR. Cc ```@joshlf``` ```@scottmcm```
Diffstat (limited to 'compiler/rustc_codegen_llvm/src/errors.rs')
0 files changed, 0 insertions, 0 deletions