Language guarantees
Undefined Behaviors (UB)
The behavior of a program is undefined when its semantics is not described in the Rust language.
Considering rust-reference, the existence of UB is considered an error.
For example, dereferencing the null pointer is a UB. On the other hand, unwraping the None object is well defined because it is the language that processes this error (by launching a panic).
The current list of UBs is given in the language reference. Notice the following guarantees:
- No dereference of pointer to an unallocated or unaligned memory address (dangling pointer), which implies
- No buffer overflow
- No access to freed memory
- No non-aligned access
- The pointed values are consistent with the pointer's type. For example, a value pointed at by a boolean pointer will be byte of value 1 or 0.
- Respect of aliasing rules (see also nomicon for examples): a mutable reference cannot be shared.
- No concurrent access (reading/writing is not possible while writing), to the same memory address (see also nomicon for examples)
Rust guarantees
The language paradigm is to ensure the absence of a UB in a program using only the non-unsafe part of Rust.
However, the language does not prevent
- resource leaks (memory, IO, ...),
- numeric overflows.
No Undefined Behavior is allowed.
References
- The Rust Reference (rust-reference)
- The Rustonomicon (nomicon)