diff options
| author | Christopher Durham <cad97@cad97.com> | 2022-04-10 15:04:57 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-10 15:04:57 -0500 |
| commit | b92cd1a32c842e82575e59374545dda5f9b9f77a (patch) | |
| tree | ffd92326255a3ba08b1933645a2cafbea208801c /compiler/rustc_llvm/llvm-wrapper/RustWrapper.cpp | |
| parent | 18f32b73bdb3833c18c73fe3062bde8e1721ccca (diff) | |
| download | rust-b92cd1a32c842e82575e59374545dda5f9b9f77a.tar.gz rust-b92cd1a32c842e82575e59374545dda5f9b9f77a.zip | |
Clarify str::from_utf8_unchecked's invariants
Specifically, make it clear that it is immediately UB to pass ill-formed UTF-8 into the function. The previous wording left space to interpret that the UB only occurred when calling another function, which "assumes that `&str`s are valid UTF-8." This does not change whether str being UTF-8 is a safety or a validity invariant. (As per previous discussion, it is a safety invariant, not a validity invariant.) It just makes it clear that valid UTF-8 is a precondition of str::from_utf8_unchecked, and that emitting an Abstract Machine fault (e.g. UB or a sanitizer error) on invalid UTF-8 is a valid thing to do. If user code wants to create an unsafe `&str` pointing to ill-formed UTF-8, it must be done via transmutes. Also, just, don't.
Diffstat (limited to 'compiler/rustc_llvm/llvm-wrapper/RustWrapper.cpp')
0 files changed, 0 insertions, 0 deletions