Merge pull request #377 from Havvy/unsafe-warning

alercah · web-flow · commit 104da42e6280 · 2018-08-03T10:08:05.000-04:00
Warning about UB being not being complete
diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md
@@ -5,6 +5,16 @@ if it exhibits any of the behaviors in the following list. It is the
 programmer's responsibility when writing `unsafe` code that it is not possible
 to let `safe` code exhibit these behaviors.
 
+<div class="warning">
+
+***Warning:*** The following list is not exhaustive. There is no formal model of
+Rust's semantics for what is and is not allowed in unsafe code, so there may be
+more behavior considered unsafe. The following list is just what we know for
+sure is undefined behavior. Please read the [Rustonomicon] before writing unsafe
+code.
+
+</div>
+
 * Data races.
 * Dereferencing a null or dangling raw pointer.
 * Unaligned pointer reading and writing outside of [`read_unaligned`]
@@ -37,3 +47,4 @@ to let `safe` code exhibit these behaviors.
 [`UnsafeCell<U>`]: https://doc.rust-lang.org/std/cell/struct.UnsafeCell.html
 [`read_unaligned`]: https://doc.rust-lang.org/std/ptr/fn.read_unaligned.html
 [`write_unaligned`]: https://doc.rust-lang.org/std/ptr/fn.write_unaligned.html
+[Rustonomicon]: ../nomicon
diff --git a/src/unsafety.md b/src/unsafety.md
@@ -1,6 +1,6 @@
 # Unsafety
 
-Unsafe operations are those that potentially violate the memory-safety
+Unsafe operations are those that can potentially violate the memory-safety
 guarantees of Rust's static semantics.
 
 The following language level features cannot be used in the safe subset of
@@ -11,4 +11,4 @@ Rust:
 - Reading a field of a [`union`](items/unions.html), or writing to a field of a
   union that isn't [`Copy`](special-types-and-traits.html#copy).
 - Calling an unsafe function (including an intrinsic or foreign function).
-- Implementing an unsafe trait.
+- Implementing an unsafe trait.
