rust-lang/unsafe-code-guidelines

Issues

• Should values be well-typed?

  #561 opened 8 months ago by ia0
  10

• `'static` reference to local variable that never goes out of scope?

  #565 opened 7 months ago by joshlf
  10

• `repr(C)`/`extern "C"` does not always match the current target's C toolchain (when that target is windows-msvc)

  #521 opened a year ago by RalfJung
  12

• Just how unspecified is repr Rust over extern C?

  #563 opened 7 months ago by CAD97
  5

• Copy propagation on "move" assignments introduces UB (using Miri/MiniRust semantics)

  #556 opened 9 months ago by RalfJung
  2

• What is the operational spec for `use` expressions?

  #564 opened 7 months ago by RalfJung
  0

• Should we / can we make MaybeUninit<T> always preserve all bytes of T (including padding)?

  #518 opened a year ago by RalfJung
  71

• Possible to interleave `&mut` and `&` safely?

  #562 opened 7 months ago by joshlf
  8

• Can the layouts of `Vec<i32>` and `Vec<u32>` guaranteed to be the same?

  #560 opened 8 months ago by davidzeng0
  5

• Stabilize having the concept of "validity invariant" and "safety invariant"? Under which name?

  #539 opened a year ago by RalfJung
  90

• Reading Pointer bytes as Integers

  #547 opened a year ago by chorman0773
  16

• Do you need UnsafeCell to mutate through a mut pointer behind a shared ref?

  #559 opened 9 months ago by coffeenotfound
  3

• Do the bytes of a pointer have to stay in the same order?

  #558 opened 9 months ago by RalfJung
  2

• Is it safe to treat an arbitrary reference as an `&[()]`?

  #557 opened 9 months ago by Manishearth
  5

• How to explain linker symbols used as integers (and not pointers to an allocation)?

  #554 opened 9 months ago by ia0
  4

• What are the validity requirements of wide pointers/references with `dyn Trait` tail?

  #516 opened a year ago by RalfJung
  11

• Do typed copies of unions preserve "invalid" bytes?

  #555 opened 9 months ago by jswrenn
  1

• Externally initialized memory and the abstract machine

  #553 opened 9 months ago by anp
  2

• "Any two types with size 0 and alignment 1 are ABI-compatible" vs the Windows ABI

  #552 opened 10 months ago by RalfJung
  21

• Does the Allocator API allow sending pointer ownership across an FFI boundary?

  #550 opened 10 months ago by not-an-aardvark
  1

• What are the preconditions for (overlapping) `ptr::copy`?

  #549 opened a year ago by steffahn
  10

• Our concurrency memory model (inherited from C++20) is incompatible with x86

  #548 opened a year ago by RalfJung
  28

• Do the current nightly `std::ptr` docs violate provenance monotonicity?

  #530 opened a year ago by joshlf
  2

• Are long-lived references to thread_local variables allowed?

  #541 opened a year ago by theemathas
  4

• Where does one instance of the Rust Abstract Machine end and another one start?

  #543 opened a year ago by VorpalBlade
  19

• What about: distributed slices (linkme)

  #545 opened a year ago by CAD97
  3

• Wait, how does placing ZST statics work again?

  #546 opened a year ago by workingjubilee
  0

• Will destructors create `&mut` references only when `Drop::drop()` is called?

  #542 opened a year ago by theemathas
  2

• Packing pointers into double-word width atomics

  #517 opened a year ago by eggyal
  48

• What are the special magic rules around `malloc`?

  #535 opened a year ago by RalfJung
  9

• Minimum guarantees for union construction and typed copies?

  #533 opened a year ago by joshlf
  1

• Is pattern evaluation order guaranteed?

  #540 opened a year ago by zachs18
  0

• What about: aliasing requirements for nested references?

  #532 opened a year ago by oxalica
  5

• How can I tell the Rust compiler `&mut [u8]` has changed after a DMA operation

  #537 opened a year ago by schultetwin1
  41

• Confusion of retagging in the blog stacked-borrows-implementation

  #536 opened a year ago by hanayashiki
  1

• What memory is the Global allocator allowed to access

  #534 opened a year ago by jwong101
  8

• Is there a way to soundly implement racy read/writes as used in Chase/Lev deques?

  #531 opened a year ago by anp
  6

• Do ZST `Box`es violate provenance monotonicity?

  #529 opened a year ago by joshlf
  4

• What are the requirements for unloading a library (`dlclose`)?

  #526 opened a year ago by VorpalBlade
  8

• Can FFI code use `memory_order_consume`

  #528 opened a year ago by chorman0773
  9

• Can uninitialized memory come from the outside world?

  #527 opened a year ago by ChayimFriedman2
  4

• What are the soundness requirements for `dlopen`?

  #525 opened a year ago by RalfJung
  40

• What do we say about the equality of pointers in constants, vtables, and function pointers?

  #522 opened a year ago by RalfJung
  19

• Is it UB to have a mutable reference that could be misused, or simply to misuse it?

  #524 opened a year ago by clarfonthey
  4

• How do aliasing model protectors interact with tail calls?

  #523 opened a year ago by RalfJung
  5

• What are the operational semantics of unsized locals?

  #520 opened a year ago by RalfJung
  4

• If a Pin is changed to point to a different location, what happens?

  #519 opened a year ago by theemathas
  3

• Is it UB to change a non-`mut` `extern static`?

  #514 opened a year ago by ChayimFriedman2
  3

• Should we have a way to give functions a stable address?

  #515 opened a year ago by RalfJung
  5

• Validity of a `char` value that is a surrogate

  #513 opened a year ago by celinval
  16