Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
81c52e0
separate a comment from a rule
tshepang Apr 30, 2026
a81f18f
Fix grammar rules pertaining to obsolete range patterns
fmease May 5, 2026
8d2c69a
New rule `layout.repr.c.struct.align-empty`
DanielEScherzer May 5, 2026
7b88ecb
Update link_name for updated restrictions
ehuss May 11, 2026
f165283
Document target_has_atomic_primitive_alignment
ehuss May 19, 2026
1c233d6
avoid using 'place projection' for only some of the projections
RalfJung May 3, 2026
78bbc5b
Merge pull request #2253 from RalfJung/ub-place-proj
ehuss May 26, 2026
264aec4
Integrate `layout.repr.c.struct.align-empty` into `layout.repr.c.stru…
DanielEScherzer May 24, 2026
3c5c1c2
Merge pull request #2264 from DanielEScherzer/repr-c-no-fields
traviscross May 26, 2026
1723e6d
Unwrap "Special types and traits"
ehuss May 26, 2026
5f75caa
Unwrap memory model chapters
ehuss May 26, 2026
fd3bb57
Unwrap "Linkage"
ehuss May 26, 2026
f776529
Unwrap safety chapters
ehuss May 26, 2026
6ace9ab
Unwrap ABI chapter
ehuss May 26, 2026
9fa9987
Merge pull request #2276 from ehuss/unwrap-last
traviscross May 26, 2026
5978835
Merge pull request #2259 from fmease/fix-obs-range-pat-grammars
ehuss May 26, 2026
f1b7b9a
Revise `target_has_atomic_primitive_alignment`
traviscross May 26, 2026
d0b0900
Merge pull request #2273 from ehuss/cfg_target_has_atomic_primitive_a…
traviscross May 26, 2026
d1fb175
Reword "must" to "can"
ehuss May 26, 2026
eac7589
Merge pull request #2224 from tshepang/patch-2
ehuss May 26, 2026
11015c9
Revise `link_name` restrictions wording
traviscross May 26, 2026
3fde038
Merge pull request #2268 from ehuss/link_name-invalid-names
traviscross May 26, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 9 additions & 21 deletions src/abi.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,9 @@ r[abi]
# Application binary interface (ABI)

r[abi.intro]
This section documents features that affect the ABI of the compiled output of
a crate.
This section documents features that affect the ABI of the compiled output of a crate.

See *[extern functions]* for information on specifying the ABI for exporting
functions. See *[external blocks]* for information on specifying the ABI for
linking external libraries.
See *[extern functions]* for information on specifying the ABI for exporting functions. See *[external blocks]* for information on specifying the ABI for linking external libraries.

<!-- template:attributes -->
r[abi.used]
Expand Down Expand Up @@ -68,17 +65,13 @@ r[abi.no_mangle]
## The `no_mangle` attribute

r[abi.no_mangle.intro]
The *`no_mangle` attribute* may be used on any [item] to disable standard
symbol name mangling. The symbol for the item will be the identifier of the
item's name.
The *`no_mangle` attribute* may be used on any [item] to disable standard symbol name mangling. The symbol for the item will be the identifier of the item's name.

r[abi.no_mangle.publicly-exported]
Additionally, the item will be publicly exported from the produced library or
object file, similar to the [`used` attribute](#the-used-attribute).
Additionally, the item will be publicly exported from the produced library or object file, similar to the [`used` attribute](#the-used-attribute).

r[abi.no_mangle.unsafe]
This attribute is unsafe as an unmangled symbol may collide with another symbol
with the same name (or with a well-known symbol), leading to undefined behavior.
This attribute is unsafe as an unmangled symbol may collide with another symbol with the same name (or with a well-known symbol), leading to undefined behavior.

```rust
#[unsafe(no_mangle)]
Expand All @@ -93,8 +86,7 @@ r[abi.link_section]
## The `link_section` attribute

r[abi.link_section.intro]
The *`link_section` attribute* specifies the section of the object file that a
[function] or [static]'s content will be placed into.
The *`link_section` attribute* specifies the section of the object file that a [function] or [static]'s content will be placed into.

r[abi.link_section.syntax]
The `link_section` attribute uses the [MetaNameValueStr] syntax to specify the section name.
Expand All @@ -109,8 +101,7 @@ pub static VAR1: u32 = 1;
```

r[abi.link_section.unsafe]
This attribute is unsafe as it allows users to place data and code into sections
of memory not expecting them, such as mutable data into read-only areas.
This attribute is unsafe as it allows users to place data and code into sections of memory not expecting them, such as mutable data into read-only areas.

r[abi.link_section.duplicates]
Only the first use of `link_section` on an item has effect.
Expand All @@ -126,8 +117,7 @@ r[abi.export_name]
## The `export_name` attribute

r[abi.export_name.intro]
The *`export_name` attribute* specifies the name of the symbol that will be
exported on a [function] or [static].
The *`export_name` attribute* specifies the name of the symbol that will be exported on a [function] or [static].

r[abi.export_name.syntax]
The `export_name `attribute uses the [MetaNameValueStr] syntax to specify the symbol name.
Expand All @@ -138,9 +128,7 @@ pub fn name_in_rust() { }
```

r[abi.export_name.unsafe]
This attribute is unsafe as a symbol with a custom name may collide with another
symbol with the same name (or with a well-known symbol), leading to undefined
behavior.
This attribute is unsafe as a symbol with a custom name may collide with another symbol with the same name (or with a well-known symbol), leading to undefined behavior.

r[abi.export_name.duplicates]
Only the first use of `export_name` on an item has effect.
Expand Down
124 changes: 31 additions & 93 deletions src/behavior-considered-undefined.md

Large diffs are not rendered by default.

47 changes: 10 additions & 37 deletions src/behavior-not-considered-unsafe.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
# Behavior not considered `unsafe`

The Rust compiler does not consider the following behaviors _unsafe_,
though a programmer may (should) find them undesirable, unexpected,
or erroneous.
The Rust compiler does not consider the following behaviors _unsafe_, though a programmer may (should) find them undesirable, unexpected, or erroneous.

- Deadlocks
- Leaks of memory and other resources
Expand All @@ -11,47 +9,22 @@ or erroneous.

## Integer overflow

If a program contains arithmetic overflow, the programmer has made an
error. In the following discussion, we maintain a distinction between
arithmetic overflow and wrapping arithmetic. The first is erroneous,
while the second is intentional.
If a program contains arithmetic overflow, the programmer has made an error. In the following discussion, we maintain a distinction between arithmetic overflow and wrapping arithmetic. The first is erroneous, while the second is intentional.

When the programmer has enabled `debug_assert!` assertions (for
example, by enabling a non-optimized build), implementations must
insert dynamic checks that `panic` on overflow. Other kinds of builds
may result in `panics` or silently wrapped values on overflow, at the
implementation's discretion.
When the programmer has enabled `debug_assert!` assertions (for example, by enabling a non-optimized build), implementations must insert dynamic checks that `panic` on overflow. Other kinds of builds may result in `panics` or silently wrapped values on overflow, at the implementation's discretion.

In the case of implicitly-wrapped overflow, implementations must
provide well-defined (even if still considered erroneous) results by
using two's complement overflow conventions.
In the case of implicitly-wrapped overflow, implementations must provide well-defined (even if still considered erroneous) results by using two's complement overflow conventions.

The integral types provide inherent methods to allow programmers
explicitly to perform wrapping arithmetic. For example,
`i32::wrapping_add` provides two's complement, wrapping addition.
The integral types provide inherent methods to allow programmers explicitly to perform wrapping arithmetic. For example, `i32::wrapping_add` provides two's complement, wrapping addition.

The standard library also provides a `Wrapping<T>` newtype which
ensures all standard arithmetic operations for `T` have wrapping
semantics.
The standard library also provides a `Wrapping<T>` newtype which ensures all standard arithmetic operations for `T` have wrapping semantics.

See [RFC 560] for error conditions, rationale, and more details about
integer overflow.
See [RFC 560] for error conditions, rationale, and more details about integer overflow.

## Logic errors

Safe code may impose extra logical constraints that can be checked
at neither compile-time nor runtime. If a program breaks such
a constraint, the behavior may be unspecified but will not result in
undefined behavior. This could include panics, incorrect results,
aborts, and non-termination. The behavior may also differ between
runs, builds, or kinds of build.

For example, implementing both `Hash` and `Eq` requires that values
considered equal have equal hashes. Another example are data structures
like `BinaryHeap`, `BTreeMap`, `BTreeSet`, `HashMap` and `HashSet`
which describe constraints on the modification of their keys while
they are in the data structure. Violating such constraints is not
considered unsafe, yet the program is considered erroneous and
its behavior unpredictable.
Safe code may impose extra logical constraints that can be checked at neither compile-time nor runtime. If a program breaks such a constraint, the behavior may be unspecified but will not result in undefined behavior. This could include panics, incorrect results, aborts, and non-termination. The behavior may also differ between runs, builds, or kinds of build.

For example, implementing both `Hash` and `Eq` requires that values considered equal have equal hashes. Another example are data structures like `BinaryHeap`, `BTreeMap`, `BTreeSet`, `HashMap` and `HashSet` which describe constraints on the modification of their keys while they are in the data structure. Violating such constraints is not considered unsafe, yet the program is considered erroneous and its behavior unpredictable.

[RFC 560]: https://github.com/rust-lang/rfcs/blob/master/text/0560-integer-overflow.md
19 changes: 19 additions & 0 deletions src/conditional-compilation.md
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,25 @@ Possible values:
* `"128"`
* `"ptr"`

r[cfg.target_has_atomic_primitive_alignment]
### `target_has_atomic_primitive_alignment`

r[cfg.target_has_atomic_primitive_alignment.def]
Key-value option set for each bit width where the [atomic][core::sync::atomic] type has the same alignment as the corresponding integer type.

> [!NOTE]
> The alignment is usually the same for a given bit width. However, on some targets such as 32-bit x86, 64-bit atomic types such as [`AtomicI64`][core::sync::atomic::AtomicI64] have an alignment of 8 bytes while `i64` is only aligned to 4 bytes. In this situation, `target_has_atomic_primitive_alignment = "64"` is not set.

r[cfg.target_has_atomic_primitive_alignment.values]
Possible values:

* `"8"`
* `"16"`
* `"32"`
* `"64"`
* `"128"`
* `"ptr"`

r[cfg.test]
### `test`

Expand Down
23 changes: 14 additions & 9 deletions src/expressions/if-expr.md
Original file line number Diff line number Diff line change
Expand Up @@ -186,15 +186,20 @@ fn nested() {
```

r[expr.if.chains.or]
If any condition operand is a `let` pattern, then none of the condition operands can be a `||` [lazy boolean operator expression][expr.bool-logic] due to ambiguity and precedence with the `let` scrutinee. If a `||` expression is needed, then parentheses can be used. For example:

```rust
# let foo = Some(123);
# let condition1 = true;
# let condition2 = false;
// Parentheses are required here.
if let Some(x) = foo && (condition1 || condition2) { /*...*/ }
```
If any condition operand is a `let` pattern, then none of the condition operands can be a `||` [lazy boolean operator expression][expr.bool-logic] due to ambiguity and precedence with the `let` scrutinee.

> [!EXAMPLE]
> If a `||` expression is needed, then parentheses can be used. For example:
>
> ```rust
> # let foo = Some(123);
> # let condition1 = true;
> # let condition2 = false;
> if let Some(x) = foo
> // Parentheses are required here.
> && (condition1 || condition2)
> {}
> ```

r[expr.if.edition2024]
> [!EDITION-2024]
Expand Down
5 changes: 3 additions & 2 deletions src/expressions/match-expr.md
Original file line number Diff line number Diff line change
Expand Up @@ -240,8 +240,9 @@ If any guard condition operand is a `let` pattern, then none of the condition op
> ```rust
> # let foo = Some([123]);
> match foo {
> // Parentheses are required here.
> Some(xs) if let [x] = xs && (x < -100 || x > 20) => {}
> Some(xs) if let [x] = xs
> // Parentheses are required here.
> && (x < -100 || x > 20) => {}
> _ => {}
> }
> ```
Expand Down
3 changes: 3 additions & 0 deletions src/items/external-blocks.md
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,9 @@ The *`link_name` [attribute][attributes]* may be applied to declarations inside
r[items.extern.attributes.link_name.syntax]
The `link_name` attribute uses the [MetaNameValueStr] syntax.

r[items.extern.attributes.link_name.invalid-names]
The symbol name must not be the empty string or contain any `U+0000` (NUL) bytes.

r[items.extern.attributes.link_name.allowed-positions]
The `link_name` attribute may only be applied to a function or static item in an `extern` block.

Expand Down
Loading
Loading