update UB

RalfJung · RalfJung · commit a64e5d91da0c · 2019-08-25T12:44:51.000+02:00
diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md
@@ -23,44 +23,56 @@ code.
 </div>
 
 * Data races.
-* Dereferencing a null or dangling raw pointer.
-* Unaligned pointer reading and writing outside of [`read_unaligned`]
-  and [`write_unaligned`].
-* Reads of [undef] \(uninitialized) memory.
-* Breaking the [pointer aliasing rules] on accesses through raw pointers;
-  a subset of the rules used by C.
-* `&mut T` and `&T` follow LLVM’s scoped [noalias] model, except if the `&T`
-  contains an [`UnsafeCell<U>`].
-* Mutating non-mutable data &mdash; that is, data reached through a shared
+* Dereferencing (using the `*` operator on) a dangling or unaligned raw pointer.
+* Breaking the [pointer aliasing rules]. `&mut T` and `&T` follow LLVM’s scoped
+  [noalias] model, except if the `&T` contains an [`UnsafeCell<U>`].
+* Mutating non-mutable data (that is, data reached through a shared
   reference or data owned by a `let` binding), unless that data is contained
   within an [`UnsafeCell<U>`].
-* Invoking undefined behavior via compiler intrinsics:
-  * Indexing outside of the bounds of an object with [`offset`] with
-    the exception of one byte past the end of the object.
-  * Using [`std::ptr::copy_nonoverlapping_memory`], a.k.a. the `memcpy32`and
-    `memcpy64` intrinsics, on overlapping buffers.
-* Invalid values in primitive types, even in private fields and locals:
-  * Dangling or null references and boxes.
+* Invoking undefined behavior via compiler intrinsics.
+* Executing code compiled with platform features that the current platform
+  does not support (see [`target_feature`]).
+* Unwinding into another language.
+* Producing an invalid value, even in private fields and locals. "Producing" a
+  value happens any time a value is assigned, passed to a function/primitive
+  operation or returned from a function/primitive operation.
+  The following values are invalid (at their respective type):
   * A value other than `false` (`0`) or `true` (`1`) in a `bool`.
   * A discriminant in an `enum` not included in the type definition.
+  * A null `fn` pointer.
   * A value in a `char` which is a surrogate or above `char::MAX`.
+  * A `!` (all values are invalid for this type).
+  * A dangling or unaligned reference or `Box`, or one that points to an invalid value.
+  * Invalid metadata in a wide reference, `Box` or raw pointer:
+    * slice metadata is invalid if the slice has a total size larger than
+      `isize::MAX` bytes in memory.
+    * `dyn Trait` metadata is invalid if it is not a pointer to a vtable for
+      `Trait` that matches the actual dynamic trait the reference points to.
   * Non-UTF-8 byte sequences in a `str`.
-* Executing code compiled with platform features that the current platform
-  does not support (see [`target_feature`]).
+  * [Uninitialized memory][undef] in the value of an integer (`i*`/`u*`),
+    floating point value (`f*`), or raw pointer.
+  * Invalid values for a type with a custom definition of invalid values, such
+    as a `NonNull` that is null. (Requesting custom invalid values is an
+    unstable feature, but some stable libstd types, like `NonNull`, make use of
+    it.)
 
 > **Note**: Undefined behavior affects the entire program. For example, calling
 > a function in C that exhibits undefined behavior of C means your entire
 > program contains undefined behaviour that can also affect the Rust code. And
 > vice versa, undefined behavior in Rust can cause adverse affects on code
 > executed by any FFI calls to other languages.
 
+A reference/pointer is "dangling" if it is null or not all of the bytes it
+points to are part of the same allocation (so in particular they all have to be
+part of *some* allocation). The span of bytes it points to is determined by the
+pointer value and the size of the pointee type. As a consequence, if the span is
+empty, "dangling" is the same as "non-null". Note that slices point to their
+entire range, so it is very important that the length metadata is never too
+large.
+
 [noalias]: http://llvm.org/docs/LangRef.html#noalias
 [pointer aliasing rules]: http://llvm.org/docs/LangRef.html#pointer-aliasing-rules
 [undef]: http://llvm.org/docs/LangRef.html#undefined-values
-[`offset`]: ../std/primitive.pointer.html#method.offset
-[`std::ptr::copy_nonoverlapping_memory`]: ../std/ptr/fn.copy_nonoverlapping.html
 [`target_feature`]: attributes/codegen.md#the-target_feature-attribute
 [`UnsafeCell<U>`]: ../std/cell/struct.UnsafeCell.html
-[`read_unaligned`]: ../std/ptr/fn.read_unaligned.html
-[`write_unaligned`]: ../std/ptr/fn.write_unaligned.html
 [Rustonomicon]: ../nomicon/index.html
