From 8b21fb51d3a67410306845f55a444d35a41be7ac Mon Sep 17 00:00:00 2001 From: Joshua Liebow-Feeser Date: Wed, 2 Nov 2022 13:24:56 -0700 Subject: [PATCH 1/4] Document bit validity of numeric primitives --- src/types/numeric.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/types/numeric.md b/src/types/numeric.md index 8ab53a792..30257ff35 100644 --- a/src/types/numeric.md +++ b/src/types/numeric.md @@ -45,3 +45,11 @@ within an object along with one byte past the end. > `isize` are either 32-bit or 64-bit. As a consequence, 16-bit > pointer support is limited and may require explicit care and acknowledgment > from a library to support. + +## Bit validity and padding + +For each primitive integer and floating-point type, `T`: +- Any sequence of `size_of::()` bytes is a valid instance of `T` (in other + words, `transmute::<[u8; size_of::()], T>(...)` is guaranteed to be sound). +- `T` contains no padding or otherwise uninitialized bytes (in other words, + `transmute::()]>(...)` is guaranteed to be sound). From ae91c1aa3ec5fdb01b2d4583d96e482f08526b26 Mon Sep 17 00:00:00 2001 From: Joshua Liebow-Feeser Date: Wed, 2 Nov 2022 13:33:18 -0700 Subject: [PATCH 2/4] Bool has no padding bytes --- src/types/boolean.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/types/boolean.md b/src/types/boolean.md index d8984025f..4ef2f8c01 100644 --- a/src/types/boolean.md +++ b/src/types/boolean.md @@ -17,6 +17,9 @@ value false has the bit pattern `0x00` and the value true has the bit pattern `0x01`. It is [undefined behavior] for an object with the boolean type to have any other bit pattern. +The boolean type contains no padding or otherwise uninitialized bytes. In other +words, `transmute::(...)` is guaranteed to be sound. + The boolean type is the type of many operands in various [expressions]: * The condition operand in [if expressions] and [while expressions] From b8e0194e227ad9f7ea9a199d448800d76654f44e Mon Sep 17 00:00:00 2001 From: Joshua Liebow-Feeser Date: Wed, 2 Nov 2022 13:36:14 -0700 Subject: [PATCH 3/4] Char contains no padding bytes --- src/types/textual.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/types/textual.md b/src/types/textual.md index 7f3899d70..bc5ee4e72 100644 --- a/src/types/textual.md +++ b/src/types/textual.md @@ -8,7 +8,10 @@ or 0xE000 to 0x10FFFF range. It is immediate [Undefined Behavior] to create a `char` that falls outside this range. A `[char]` is effectively a UCS-4 / UTF-32 string of length 1. -A value of type `str` is represented the same way as `[u8]`, it is a slice of +The `char` type has no padding or otherwise uninitialized bytes. In other words, +`transmute::(...)` is guaranteed to be sound. + +A value of type `str` is represented the same way as `[u8]`: it is a slice of 8-bit unsigned bytes. However, the Rust standard library makes extra assumptions about `str`: methods working on `str` assume and ensure that the data in there is valid UTF-8. Calling a `str` method with a non-UTF-8 buffer can cause From e847787cc8e7c44520750ab71850e023f44963d9 Mon Sep 17 00:00:00 2001 From: Joshua Liebow-Feeser Date: Wed, 2 Nov 2022 13:41:08 -0700 Subject: [PATCH 4/4] s/has/contains --- src/types/textual.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/types/textual.md b/src/types/textual.md index bc5ee4e72..6302554b3 100644 --- a/src/types/textual.md +++ b/src/types/textual.md @@ -8,8 +8,8 @@ or 0xE000 to 0x10FFFF range. It is immediate [Undefined Behavior] to create a `char` that falls outside this range. A `[char]` is effectively a UCS-4 / UTF-32 string of length 1. -The `char` type has no padding or otherwise uninitialized bytes. In other words, -`transmute::(...)` is guaranteed to be sound. +The `char` type contains no padding or otherwise uninitialized bytes. In other +words, `transmute::(...)` is guaranteed to be sound. A value of type `str` is represented the same way as `[u8]`: it is a slice of 8-bit unsigned bytes. However, the Rust standard library makes extra assumptions