Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clarify that the str invariant is a safety, not validity, invariant #117534

Merged
merged 2 commits into from
Nov 4, 2023
Merged

clarify that the str invariant is a safety, not validity, invariant #117534

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
57f570b
clarify that the str invariant is a safety, not validity, invariant
RalfJung Nov 3, 2023
0550ba5
avoid acronyms when we don't really need them
RalfJung Nov 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 13 additions & 6 deletions library/core/src/primitive_docs.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -291,7 +291,7 @@ mod prim_never {}
/// Surrogate code points, used by UTF-16, are in the range 0xD800 to 0xDFFF.
///
/// No `char` may be constructed, whether as a literal or at runtime, that is not a
/// Unicode scalar value:
/// Unicode scalar value. Violating this rule causes Undefined Behavior.
RalfJung marked this conversation as resolved.
Show resolved Hide resolved
///
/// ```compile_fail
/// // Each of these is a compiler error
Expand All @@ -308,9 +308,10 @@ mod prim_never {}
/// let _ = unsafe { char::from_u32_unchecked(0x110000) };
/// ```
///
/// USVs are also the exact set of values that may be encoded in UTF-8. Because
/// `char` values are USVs and `str` values are valid UTF-8, it is safe to store
/// any `char` in a `str` or read any character from a `str` as a `char`.
/// USVs are also the exact set of values that may be encoded in UTF-8. Because `char` values are
RalfJung marked this conversation as resolved.
Show resolved Hide resolved
/// USVs and functions may assume [incoming `str` values are valid
/// UTF-8](primitive.str.html#invariant), it is safe to store any `char` in a `str` or read any
/// character from a `str` as a `char`.
///
/// The gap in valid `char` values is understood by the compiler, so in the
/// below example the two ranges are understood to cover the whole range of
Expand Down Expand Up @@ -887,8 +888,6 @@ mod prim_slice {}
/// type. It is usually seen in its borrowed form, `&str`. It is also the type
/// of string literals, `&'static str`.
///
/// String slices are always valid UTF-8.
///
/// # Basic Usage
///
/// String literals are string slices:
Expand Down Expand Up @@ -942,6 +941,14 @@ mod prim_slice {}
/// Note: This example shows the internals of `&str`. `unsafe` should not be
/// used to get a string slice under normal circumstances. Use `as_str`
/// instead.
///
/// # Invariant
///
/// Rust libraries may assume that string slices are always valid UTF-8.
///
/// Constructing a non-UTF-8 string slice is not immediate Undefined Behavior, but any function
/// called on a string slice may assume that it is valid UTF-8, which means that a non-UTF-8 string
/// slice can lead to Undefined Behaviior down the road.
RalfJung marked this conversation as resolved.
Show resolved Hide resolved
#[stable(feature = "rust1", since = "1.0.0")]
mod prim_str {}

Expand Down
Loading