Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document from_bits_unchecked unsafety (#200) #207

Merged
merged 1 commit into from Jan 28, 2020

Conversation

niklasf
Copy link
Contributor

@niklasf niklasf commented Jan 22, 2020

Every unsafe method should have documented safety invariants. Here's an attempt for from_bits_unchecked().

Copy link
Member

@KodrAus KodrAus left a comment

Thanks @niklasf! This looks good to me

@KodrAus KodrAus merged commit 15e911c into bitflags:master Jan 28, 2020
@SOF3
Copy link

SOF3 commented Aug 10, 2020

How exactly can the bitflags! {} caller decide whether to allow extra flags? Furthermore, how exactly could unchecked bits actually lead to memory unsafety (rather than just unexpected behaviour)?

@KodrAus
Copy link
Member

KodrAus commented Aug 11, 2020

@SOF3 Whether or not to allow extra flags is determined by the source-of-truth for those flags. The motivation for this feature was for bitflags! that mirror another source that might change from under them. It's unsafe in the same sense that transmuting an integer to boolean is unsafe. Not every possible bit-pattern is a valid value for flags, so as the caller you're guaranteeing the bits you provide are "valid", where the definition of valid depends on the source of the flags.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants