You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Documentation cleanup of UB detected by Kani (#4245)
Cleanup of documentation previously introduced in #1141:
1. No need to repeatedly discuss compiler intrinsics.
2. I am not aware of invalid dereferences that we would _not_ catch,
even place expressions.
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 and MIT licenses.
Copy file name to clipboardExpand all lines: docs/src/undefined-behaviour.md
+2-8Lines changed: 2 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ Rust’s [definition of UB](https://doc.rust-lang.org/reference/behavior-conside
19
19
> The following list is not exhaustive. There is no formal model of Rust's semantics for what is and is not allowed in unsafe code, so there may be more behavior considered unsafe. The following list is just what we know for sure is undefined behavior. Please read the Rustonomicon (https://doc.rust-lang.org/nomicon/index.html) before writing unsafe code.
20
20
21
21
22
-
Given the lack of a formal semantics for UB, and given Kani's focus on memory safety, there are classes of UB which Kani does not detect.
22
+
Given the lack of a formal semantics for UB, and given Kani's focus on memory safety, there are classes of UB which Kani does not detect, or only makes a best-effort attempt to detect them.
23
23
A non-exhaustive list of these, based on the non-exhaustive list from the [Rust documentation](https://doc.rust-lang.org/reference/behavior-considered-undefined.html), is:
24
24
25
25
* Data races.
@@ -29,7 +29,7 @@ A non-exhaustive list of these, based on the non-exhaustive list from the [Rust
29
29
* Mutating immutable data.
30
30
* Kani can detect if modification of immutable data causes memory safety or assertion violations, but does not track reference lifetimes.
31
31
* Invoking undefined behavior via compiler intrinsics.
32
-
* Kani makes a best effort attempt to check the preconditions of compiler intrinsics, but does not guarantee to do so in all cases.
32
+
* Kani makes a best effort attempt to check the preconditions of compiler intrinsics, but does not guarantee to do so in all cases. See also [current support for compiler intrinsics](./rust-feature-support/intrinsics.md).
33
33
* Executing code compiled with platform features that the current platform does not support (see [target_feature](https://doc.rust-lang.org/reference/attributes/codegen.html#the-target_feature-attribute)).
34
34
* Kani relies on `rustc` to check for this case.
35
35
* Calling a function with the wrong call ABI or unwinding from a function with the wrong unwind ABI.
@@ -40,9 +40,3 @@ A non-exhaustive list of these, based on the non-exhaustive list from the [Rust
40
40
* Kani does not support inline assembly.
41
41
* Using uninitialized memory.
42
42
* See the corresponding section in our [Rust feature support](./rust-feature-support.md#uninitialized-memory).
43
-
44
-
Kani makes a best-effort attempt to detect some cases of UB:
45
-
* Evaluating a dereference expression (`*expr`) on a raw pointer that is dangling or unaligned.
46
-
* Kani can detect invalid dereferences, but may not detect them in [place expression context](https://doc.rust-lang.org/reference/expressions.html#place-expressions-and-value-expressions).
47
-
* Invoking undefined behavior via compiler intrinsics.
48
-
* See [current support for compiler intrinsics](./rust-feature-support/intrinsics.md).
0 commit comments