From 098bec82f6171c2e7e5b4136880eb52eda876bde Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Wed, 29 Aug 2018 19:27:20 +0200 Subject: [PATCH] clarify that these are preliminary guarantees --- src/libcore/ptr.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/libcore/ptr.rs b/src/libcore/ptr.rs index b82afecd769..07e8d253af8 100644 --- a/src/libcore/ptr.rs +++ b/src/libcore/ptr.rs @@ -24,8 +24,8 @@ //! to access only a single value, in which case the documentation omits the size //! and implicitly assumes it to be `size_of::()` bytes. //! -//! While we can't yet define whether an arbitrary pointer is valid, there -//! are a few rules regarding validity: +//! The precise rules for validity are not determined yet. The guarantees that are +//! provided at this point are very minimal: //! //! * A [null] pointer is *never* valid, not even for accesses of [size zero][zst]. //! * All pointers (except for the null pointer) are valid for all operations of @@ -35,9 +35,8 @@ //! access the same memory. //! //! These axioms, along with careful use of [`offset`] for pointer arithmentic, -//! are enough to correctly implement many useful things in unsafe code. Still, -//! unsafe code should be carefully examined since some of the finer -//! details—notably the [aliasing] rules—are not yet settled. For more +//! are enough to correctly implement many useful things in unsafe code. Stronger guarantees +//! will be provided eventually, as the [aliasing] rules are being determined. For more //! information, see the [book] as well as the section in the reference devoted //! to [undefined behavior][ub]. //!