summaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
authorkyren <kerriganw@gmail.com>2018-02-11 06:23:52 -0500
committerkyren <kerriganw@gmail.com>2018-02-11 06:23:52 -0500
commitb123eb087da0171af8881aa46bf7d359d1f5823f (patch)
treef47fe12e82f0a10b8ab5066ef78f6b9f5eb9bb26 /README.md
parentca631e470a2c8b4a7ac0c2aa73d6093dd7598706 (diff)
downloadmlua-b123eb087da0171af8881aa46bf7d359d1f5823f.zip
Clarify some things in the README
Diffstat (limited to 'README.md')
-rw-r--r--README.md24
1 files changed, 15 insertions, 9 deletions
diff --git a/README.md b/README.md
index 91a9b78..2972fe0 100644
--- a/README.md
+++ b/README.md
@@ -56,9 +56,10 @@ by 0.x version bumps.
The goal of this library is complete safety, it should not be possible to cause
undefined behavior whatsoever with the API, even in edge cases. There is,
however, QUITE a lot of unsafe code in this crate, and I would call the current
-safety level of the crate "Work In Progress". Still, UB is considered the most
-serious kind of bug, so if you find the ability to cause UB with this API *at
-all*, please file a bug report.
+safety level of the crate "Work In Progress". Still, I am not *currently* aware
+of any way to cause UB, and UB is considered the most serious kind of bug, so if
+you find the ability to cause UB with this API *at all*, please file a bug
+report.
Another goal of this library is complete protection from panics and aborts.
Currently, it should not be possible for a script to trigger a panic or abort
@@ -95,6 +96,10 @@ handling panic errors on the receiving Rust side by resuming the panic.
In summary, here is a list of `rlua` behaviors that should be considered a bug.
If you encounter them, a bug report would be very welcome:
+ * If you can cause UB at all with `rlua` without typing the word "unsafe",
+ this is absolutely 100% a bug. This does not include loading the "debug"
+ library, which requires typing "unsafe". If you load the debug library,
+ every guarantee goes out the window.
* If your code panics / aborts with a message that contains the string "rlua
internal error", this is a bug.
* The above is true even for the internal panic about running out of stack
@@ -110,9 +115,10 @@ If you encounter them, a bug report would be very welcome:
would longjmp should be protected from Rust, except in a few cases of
internal callbacks where there are only Copy types on the stack. If you
detect that `rlua` is triggering a longjmp over Rust stack frames (other
- than the internal ones), this is a bug! (NOTE: I believe it is still an
- open question whether technically Rust allows longjmp over Rust stack frames
- *at all*, even if there are only Copy types on the stack. Currently `rlua`
- uses this to avoid having to write a lot of messy C shims. It *currently*
- works fine, and it is difficult to imagine how it would ever NOT work, but
- what is and isn't UB in unsafe Rust is not precisely specified.)
+ than the internal ones where this is intentional), this is a bug! (NOTE: I
+ believe it is still an open question whether technically Rust allows longjmp
+ over Rust stack frames *at all*, even if there are only Copy types on the
+ stack. Currently `rlua` uses this to avoid having to write a lot of messy C
+ shims. It *currently* works fine, and it is difficult to imagine how it
+ would ever NOT work, but what is and isn't UB in unsafe Rust is not
+ precisely specified.)