Language guarantees
Undefined Behaviors (UB)
The behavior of a program is undefined when its semantics is not described in the Rust language.
the existence of UB is considered a programming error and must be avoided.
Dereferencing the null pointer is a UB. On the other hand, unwraping the None object is well defined because it is the language that processes this error (by launching a panic).
A list of programming errors leading to UBs is given in the Rust reference. Among them, the following errors are noteworthy:
- No dereference of pointer to an unallocated or unaligned memory address (dangling pointer), which implies
- No buffer overflow
- No access to freed memory
- No non-aligned access
- The pointed values are consistent with the pointer's type. For example, a value pointed at by a boolean pointer will be byte of value 1 or 0.
- Respect of aliasing rules (see also the Rustonomicon for examples): a mutable reference cannot be shared.
- No concurrent access (reading/writing is not possible while simultaneously writing), to the same memory address (see also the Rustonomicon for examples)
Rust guarantees
The language paradigm is to ensure the absence of a UB in a program using only the non-unsafe part of Rust.
Despite these memory safety guarantees, the language does not prevent
- resource leaks (memory, I/O, ...) (see the memory management section),
- numeric overflows (see the integer operations section).
References
- The Rust Reference (rust-reference)
- The Rustonomicon (nomicon)