3535 :id: rat_kjFRrhpS8Wu6
3636 :status: draft
3737
38- Rust’ s memory model treats all types except unions as having an invariant that all bytes must be initialized before a value may be constructed.
38+ Rust' s memory model treats all types except unions as having an invariant that all bytes must be initialized before a value may be constructed.
3939 Reading uninitialized memory:
4040
4141 - creates undefined behavior for most types,
4444 - may produce values that violate type invariants.
4545
4646 The sole exception is that unions work like C unions: any union field may be read, even if it was never written.
47- The resulting bytes must, however, form a valid representation for the field’ s type,
47+ The resulting bytes must, however, form a valid representation for the field' s type,
4848 which is not guaranteed if the union contains arbitrary data.
4949
5050 .. non_compliant_example ::
5454 This noncompliant example creates a value of type ``u32 `` from uninitialized memory via
5555 `assume_init <https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.assume_init >`_:
5656
57- .. code-block :: rust
57+ .. rust-example ::
5858
5959 use std::mem: :MaybeUninit;
6060
@@ -67,23 +67,23 @@ Values
6767 Types such as ``u8 ``, ``u16 ``, ``u32 ``, and ``i128 `` allow all possible bit patterns.
6868 Provided the memory is initialized, there is no undefined behavior.
6969
70- .. code-block :: rust
70+ .. rust-example ::
7171
7272 union U {
7373 n: u32,
7474 bytes: [u8; 4],
7575 }
7676
77- let u = U { bytes: [0xFF, 0xEE, 0xDD, 0xCC] };
78- let n = unsafe { u.n }; // OK — all bit patterns valid for u32
77+ let u = U { bytes: [0xFF, 0xEE, 0xDD, 0xCC] };
78+ let n = unsafe { u.n }; // OK — all bit patterns valid for u32
7979
8080 .. compliant_example ::
8181 :id: compl_ex_Ke869nSXuShV
8282 :status: draft
8383
8484 This compliant example calles the ``write `` function to fully initialize low-level memory.
8585
86- .. code-block :: rust
86+ .. rust-example ::
8787
8888 use std::mem: :MaybeUninit;
8989
9999 References must be valid, aligned, properly dereferenceable, and non-null.
100100 Uninitialized memory cannot satisfy these invariants.
101101
102- .. code-block :: rust
102+ .. rust-example ::
103103
104104 use std::mem: :MaybeUninit;
105105
@@ -113,7 +113,7 @@ Values
113113 You cannot create a pointer from unspecified bytes.
114114 Even a raw pointer type (e.g., ``*const T ``) has validity rules.
115115
116- .. code-block :: rust
116+ .. rust-example ::
117117
118118 use std::mem: :MaybeUninit;
119119
@@ -125,7 +125,7 @@ Values
125125
126126 Array elements must individually be valid values.
127127
128- .. code-block :: rust
128+ .. rust-example ::
129129
130130 use std::mem: :MaybeUninit;
131131
@@ -138,7 +138,7 @@ Values
138138
139139 The following code reads a union field:
140140
141- .. code-block :: rust
141+ .. rust-example ::
142142
143143 union U {
144144 x: u32,
@@ -157,7 +157,7 @@ Values
157157 Only the read itself is allowed;
158158 the resulting bytes must still be a valid bool.
159159
160- .. code-block :: rust
160+ .. rust-example ::
161161
162162 union U {
163163 b: bool,
@@ -168,22 +168,24 @@ Values
168168 let b = unsafe { u.b }; // UB — invalid bool
169169
170170 .. compliant_example ::
171- :id: compl_ex_Ke869nSXuShT
171+ :id: compl_ex_Ke869nSXuShW
172172 :status: draft
173173
174174 Accessing padding bytes is allowed if not interpreted as typed data:
175175
176- .. code-block :: rust
176+ .. rust-example ::
177177
178178 #[repr(C)]
179179 struct S {
180180 a: u8,
181181 b: u32,
182182 }
183183
184+ # fn main() {
184185 let mut buf = [0u8; std::mem::size_of: :<S>()];
185186 buf[0] = 10;
186187 buf[1] = 20; // writing padding is fine
187188
188189 let p = buf.as_ptr() as *const S;
189- let s = unsafe { p.read_unaligned() }; // OK — all *fields* are initialized (padding doesn’t matter)
190+ let s = unsafe { p.read_unaligned() }; // OK — all *fields * are initialized (padding doesn't matter)
191+ # }
0 commit comments