Skip to content

Commit 4127552

Browse files
EgorBoEgorBo
committed
add blank lines
1 parent d1f9f6b commit 4127552

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

docs/standard/unsafe-code/best-practices.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -669,6 +669,7 @@ the intended logic.
669669
### Recommendations
670670

671671
1. ✔️ DO always consume `stackalloc` into `ReadOnlySpan<T>`/`Span<T>` on the left side of the expression to provide bounds checks:
672+
672673
```cs
673674
// Good:
674675
Span<int> s = stackalloc int[10];
@@ -680,9 +681,11 @@ the intended logic.
680681
s[2] = 0;
681682
s[42] = 0; // Out of bounds write, undefined behavior.
682683
```
684+
683685
2. ❌ DON'T use `stackalloc` inside loops. The stack space isn't reclaimed until the method returns, so including a `stackalloc` inside a loop could result in process termination due to stack overflow.
684686
3. ❌ DON'T use large lengths for `stackalloc`. For example, 1024 bytes could be considered a reasonable upper bound.
685687
4. ✔️ DO check the range of variables used as `stackalloc` lengths.
688+
686689
```cs
687690
void ProblematicCode(int length)
688691
{
@@ -706,6 +709,7 @@ the intended logic.
706709
Consume(s);
707710
}
708711
```
712+
709713
5. ✔️ DO use modern C# features such as collection literals (`Span<int> s = [1, 2, 3];`), `params Span<T>` and Inline Arrays to avoid manual memory management when possible.
710714

711715
## 15. Fixed-size buffers
@@ -775,6 +779,7 @@ can lead to information disclosure, data corruption, or process termination via
775779
1. ❌ DON'T expose methods whose arguments are pointer types (unmanaged pointers `T*` or managed pointers `ref T`) when those arguments are intended to represent buffers. Use safe buffer types like `Span<T>` or `ReadOnlySpan<T>` instead.
776780
2. ❌ DON'T use implicit contracts for byref arguments, such as requiring all callers to allocate the input on the stack. If such a contract is necessary, consider using [ref struct](https://learn.microsoft.com/dotnet/csharp/language-reference/builtin-types/ref-struct) instead.
777781
3. ❌ DON'T assume buffers are zero-terminated unless the scenario explicitly documents that this is a valid assumption. For example, even though .NET guarantees that `string` instances are null-terminated, the same does not hold of other buffer types like `ReadOnlySpan<char>` or `char[]`.
782+
778783
```cs
779784
unsafe void NullTerminationExamples(string str, ReadOnlySpan<char> span, char[] array)
780785
{
@@ -803,6 +808,7 @@ can lead to information disclosure, data corruption, or process termination via
803808
}
804809
}
805810
```
811+
806812
4. ❌ DON'T pass a pinned `Span<char>` or `ReadOnlySpan<char>` across a p/invoke boundary unless you have also passed an explicit length argument. Otherwise, the code on the other side of the p/invoke boundary might improperly believe the buffer is null-terminated.
807813

808814
```cs

0 commit comments

Comments
 (0)