From d537a7aaa26b48e723dcea0e1d065690a5632b45 Mon Sep 17 00:00:00 2001
From: Ralf Jung <post@ralfj.de>
Date: Sun, 16 Jul 2023 13:47:16 +0200
Subject: [PATCH] clarify that we do not prove soundness

---
 src/tools/miri/README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/tools/miri/README.md b/src/tools/miri/README.md
index 601101905f1..d51384d0a14 100644
--- a/src/tools/miri/README.md
+++ b/src/tools/miri/README.md
@@ -74,6 +74,12 @@ behavior** in your program, and cannot run all programs:
   unobservable by compiled programs running on real hardware when `SeqCst` fences are used, and it
   cannot produce all behaviors possibly observable on real hardware.
 
+Moreover, Miri fundamentally cannot tell you whether your code is *sound*. Soundness is the property
+of never causing undefined behavior when invoked from arbitrary safe code, even in combination with
+other sound code. In contrast, Miri can just tell you if *a particular way of interacting with your
+code* (e.g., a test suite) causes any undefined behavior. It is up to you to ensure sufficient
+coverage.
+
 [rust]: https://www.rust-lang.org/
 [mir]: https://github.com/rust-lang/rfcs/blob/master/text/1211-mir.md
 [`unreachable_unchecked`]: https://doc.rust-lang.org/stable/std/hint/fn.unreachable_unchecked.html