mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

clarify that the str invariant is a safety, not validity, invariant

Browse Source
This commit is contained in:
Ralf Jung 2023-11-03 07:23:24 +01:00
parent 2429818b20
commit 57f570bb33
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
library/core/src/primitive_docs.rs
View File

@ -291,7 +291,7 @@ mod prim_never {}
/// Surrogate code points, used by UTF-16, are in the range 0xD800 to 0xDFFF. /// Surrogate code points, used by UTF-16, are in the range 0xD800 to 0xDFFF.
/// ///
/// No `char` may be constructed, whether as a literal or at runtime, that is not a /// No `char` may be constructed, whether as a literal or at runtime, that is not a
/// Unicode scalar value: /// Unicode scalar value. Violating this rule causes Undefined Behavior.
/// ///
/// ```compile_fail /// ```compile_fail
/// // Each of these is a compiler error /// // Each of these is a compiler error
@ -308,9 +308,10 @@ mod prim_never {}
/// let _ = unsafe { char::from_u32_unchecked(0x110000) }; /// let _ = unsafe { char::from_u32_unchecked(0x110000) };
/// ``` /// ```
/// ///
/// USVs are also the exact set of values that may be encoded in UTF-8. Because /// USVs are also the exact set of values that may be encoded in UTF-8. Because `char` values are
/// `char` values are USVs and `str` values are valid UTF-8, it is safe to store /// USVs and functions may assume [incoming `str` values are valid
/// any `char` in a `str` or read any character from a `str` as a `char`. /// UTF-8](primitive.str.html#invariant), it is safe to store any `char` in a `str` or read any
/// character from a `str` as a `char`.
/// ///
/// The gap in valid `char` values is understood by the compiler, so in the /// The gap in valid `char` values is understood by the compiler, so in the
/// below example the two ranges are understood to cover the whole range of /// below example the two ranges are understood to cover the whole range of
@ -887,8 +888,6 @@ mod prim_slice {}
/// type. It is usually seen in its borrowed form, `&str`. It is also the type /// type. It is usually seen in its borrowed form, `&str`. It is also the type
/// of string literals, `&'static str`. /// of string literals, `&'static str`.
/// ///
/// String slices are always valid UTF-8.
///
/// # Basic Usage /// # Basic Usage
/// ///
/// String literals are string slices: /// String literals are string slices:
@ -942,6 +941,14 @@ mod prim_slice {}
/// Note: This example shows the internals of `&str`. `unsafe` should not be /// Note: This example shows the internals of `&str`. `unsafe` should not be
/// used to get a string slice under normal circumstances. Use `as_str` /// used to get a string slice under normal circumstances. Use `as_str`
/// instead. /// instead.
///
/// # Invariant
///
/// Rust libraries may assume that string slices are always valid UTF-8.
///
/// Constructing a non-UTF-8 string slice is not immediate Undefined Behavior, but any function
/// called on a string slice may assume that it is valid UTF-8, which means that a non-UTF-8 string
/// slice can lead to Undefined Behaviior down the road.
#[stable(feature = "rust1", since = "1.0.0")] #[stable(feature = "rust1", since = "1.0.0")]
mod prim_str {} mod prim_str {}