From 45d065c2b48349d6dad5a890e6e70cc04b9bd19e Mon Sep 17 00:00:00 2001 From: Alessio Date: Mon, 12 Jan 2026 22:54:41 +0100 Subject: [PATCH 1/5] library: Add Safety and Examples section in std::mem::uninitialized Documentation of `std::mem::uninitialized` now have a # Safety section and a # Examples section. --- library/core/src/mem/mod.rs | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/library/core/src/mem/mod.rs b/library/core/src/mem/mod.rs index 1671c8219de16..136b7d54afca0 100644 --- a/library/core/src/mem/mod.rs +++ b/library/core/src/mem/mod.rs @@ -705,9 +705,40 @@ pub const unsafe fn zeroed() -> T { /// Therefore, it is immediate undefined behavior to call this function on nearly all types, /// including integer types and arrays of integer types, and even if the result is unused. /// +/// # Safety +/// +/// - `T` must be *valid* with any sequence of bytes of the appropriate length, +/// initialized or uninitialized (e.g. `T` can be [`MaybeUninit`]). +/// - `T` must be *[inhabited]*, i.e. possible to construct. This means that types +/// like zero-variant enums and [`!`] are unsound to construct with this function. +/// - You must use the value only in ways which do not violate any *safety* +/// invariants of the type. +/// +/// # Examples +/// +/// Correct usage of this function: constructing an uninitialized array of [`MaybeUninit`]. +/// +/// ``` +/// use std::mem::{self, MaybeUninit}; +/// +/// // SAFETY: an array of `MaybeUninit` is always valid, even if uninitialized. +/// let array: [MaybeUninit; 10] = unsafe { mem::uninitialized() }; +/// ``` +/// +/// *Incorrect* usage of this function: constructing an uninitialized `bool`. +/// +/// ```rust,no_run +/// use std::mem; +/// +/// let b: bool = unsafe { mem::uninitialized() }; +/// // bool does not permit to have an uninitialized state, +/// // so this last line caused undefined behavior. ⚠️ +/// ``` +/// /// [uninit]: MaybeUninit::uninit /// [assume_init]: MaybeUninit::assume_init /// [inv]: MaybeUninit#initialization-invariant +/// [inhabited]: https://doc.rust-lang.org/reference/glossary.html#inhabited #[inline(always)] #[must_use] #[deprecated(since = "1.39.0", note = "use `mem::MaybeUninit` instead")] From 2c7cad578633e5f80f3f90b134c9152ddf25eeed Mon Sep 17 00:00:00 2001 From: Alessio Date: Mon, 12 Jan 2026 23:05:16 +0100 Subject: [PATCH 2/5] library: Add another example in `uninitialized` safety conditions --- library/core/src/mem/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/core/src/mem/mod.rs b/library/core/src/mem/mod.rs index 136b7d54afca0..8732ec7578394 100644 --- a/library/core/src/mem/mod.rs +++ b/library/core/src/mem/mod.rs @@ -708,7 +708,7 @@ pub const unsafe fn zeroed() -> T { /// # Safety /// /// - `T` must be *valid* with any sequence of bytes of the appropriate length, -/// initialized or uninitialized (e.g. `T` can be [`MaybeUninit`]). +/// initialized or uninitialized (e.g. `T` can be [`MaybeUninit`] or `()`). /// - `T` must be *[inhabited]*, i.e. possible to construct. This means that types /// like zero-variant enums and [`!`] are unsound to construct with this function. /// - You must use the value only in ways which do not violate any *safety* From de12e312246255e2b629a3ce1261442ab36f8ef5 Mon Sep 17 00:00:00 2001 From: Alessio Date: Tue, 13 Jan 2026 00:45:31 +0100 Subject: [PATCH 3/5] library: use allow(deprecated) for uninitialized doctests --- library/core/src/mem/mod.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/core/src/mem/mod.rs b/library/core/src/mem/mod.rs index 8732ec7578394..bf7ee7c560e99 100644 --- a/library/core/src/mem/mod.rs +++ b/library/core/src/mem/mod.rs @@ -722,6 +722,7 @@ pub const unsafe fn zeroed() -> T { /// use std::mem::{self, MaybeUninit}; /// /// // SAFETY: an array of `MaybeUninit` is always valid, even if uninitialized. +/// # #[allow(deprecated, deprecated_in_future)] /// let array: [MaybeUninit; 10] = unsafe { mem::uninitialized() }; /// ``` /// @@ -730,6 +731,7 @@ pub const unsafe fn zeroed() -> T { /// ```rust,no_run /// use std::mem; /// +/// # #[allow(deprecated, deprecated_in_future)] /// let b: bool = unsafe { mem::uninitialized() }; /// // bool does not permit to have an uninitialized state, /// // so this last line caused undefined behavior. ⚠️ From c7b6315b0197d68a72aed97c1407ff8580f42248 Mon Sep 17 00:00:00 2001 From: Alessio Date: Wed, 21 Jan 2026 22:10:51 +0100 Subject: [PATCH 4/5] Reword safety of uninitialized for #151033 (comment) --- library/core/src/mem/mod.rs | 30 ++++++------------------------ 1 file changed, 6 insertions(+), 24 deletions(-) diff --git a/library/core/src/mem/mod.rs b/library/core/src/mem/mod.rs index bf7ee7c560e99..c951a4d1829a6 100644 --- a/library/core/src/mem/mod.rs +++ b/library/core/src/mem/mod.rs @@ -707,36 +707,18 @@ pub const unsafe fn zeroed() -> T { /// /// # Safety /// +/// This function is highly unsafe, as calling this function on nearly all types causes +/// undefined behavior. You should **always** prefer using [`MaybeUninit`] instead. +/// +/// If you absolutely must use this function, the following conditions must be upheld: +/// /// - `T` must be *valid* with any sequence of bytes of the appropriate length, -/// initialized or uninitialized (e.g. `T` can be [`MaybeUninit`] or `()`). +/// initialized or uninitialized. /// - `T` must be *[inhabited]*, i.e. possible to construct. This means that types /// like zero-variant enums and [`!`] are unsound to construct with this function. /// - You must use the value only in ways which do not violate any *safety* /// invariants of the type. /// -/// # Examples -/// -/// Correct usage of this function: constructing an uninitialized array of [`MaybeUninit`]. -/// -/// ``` -/// use std::mem::{self, MaybeUninit}; -/// -/// // SAFETY: an array of `MaybeUninit` is always valid, even if uninitialized. -/// # #[allow(deprecated, deprecated_in_future)] -/// let array: [MaybeUninit; 10] = unsafe { mem::uninitialized() }; -/// ``` -/// -/// *Incorrect* usage of this function: constructing an uninitialized `bool`. -/// -/// ```rust,no_run -/// use std::mem; -/// -/// # #[allow(deprecated, deprecated_in_future)] -/// let b: bool = unsafe { mem::uninitialized() }; -/// // bool does not permit to have an uninitialized state, -/// // so this last line caused undefined behavior. ⚠️ -/// ``` -/// /// [uninit]: MaybeUninit::uninit /// [assume_init]: MaybeUninit::assume_init /// [inv]: MaybeUninit#initialization-invariant From 47a2785218d8da9d9604a884a8adb360c11a3c53 Mon Sep 17 00:00:00 2001 From: CieriA Date: Thu, 22 Jan 2026 22:09:22 +0100 Subject: [PATCH 5/5] fix failed job --- tests/ui/thir-print/offset_of.stdout | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/ui/thir-print/offset_of.stdout b/tests/ui/thir-print/offset_of.stdout index dcf60a86af9b4..c8709affcf803 100644 --- a/tests/ui/thir-print/offset_of.stdout +++ b/tests/ui/thir-print/offset_of.stdout @@ -68,7 +68,7 @@ body: ) else_block: None lint_level: Explicit(HirId(DefId(offset_of::concrete).10)) - span: $DIR/offset_of.rs:37:5: 1440:57 (#0) + span: $DIR/offset_of.rs:37:5: 1455:57 (#0) } } Stmt { @@ -117,7 +117,7 @@ body: ) else_block: None lint_level: Explicit(HirId(DefId(offset_of::concrete).20)) - span: $DIR/offset_of.rs:38:5: 1440:57 (#0) + span: $DIR/offset_of.rs:38:5: 1455:57 (#0) } } Stmt { @@ -166,7 +166,7 @@ body: ) else_block: None lint_level: Explicit(HirId(DefId(offset_of::concrete).30)) - span: $DIR/offset_of.rs:39:5: 1440:57 (#0) + span: $DIR/offset_of.rs:39:5: 1455:57 (#0) } } Stmt { @@ -215,7 +215,7 @@ body: ) else_block: None lint_level: Explicit(HirId(DefId(offset_of::concrete).40)) - span: $DIR/offset_of.rs:40:5: 1440:57 (#0) + span: $DIR/offset_of.rs:40:5: 1455:57 (#0) } } Stmt { @@ -264,7 +264,7 @@ body: ) else_block: None lint_level: Explicit(HirId(DefId(offset_of::concrete).50)) - span: $DIR/offset_of.rs:41:5: 1440:57 (#0) + span: $DIR/offset_of.rs:41:5: 1455:57 (#0) } } ] @@ -864,7 +864,7 @@ body: ) else_block: None lint_level: Explicit(HirId(DefId(offset_of::generic).12)) - span: $DIR/offset_of.rs:45:5: 1440:57 (#0) + span: $DIR/offset_of.rs:45:5: 1455:57 (#0) } } Stmt { @@ -913,7 +913,7 @@ body: ) else_block: None lint_level: Explicit(HirId(DefId(offset_of::generic).24)) - span: $DIR/offset_of.rs:46:5: 1440:57 (#0) + span: $DIR/offset_of.rs:46:5: 1455:57 (#0) } } Stmt { @@ -962,7 +962,7 @@ body: ) else_block: None lint_level: Explicit(HirId(DefId(offset_of::generic).36)) - span: $DIR/offset_of.rs:47:5: 1440:57 (#0) + span: $DIR/offset_of.rs:47:5: 1455:57 (#0) } } Stmt { @@ -1011,7 +1011,7 @@ body: ) else_block: None lint_level: Explicit(HirId(DefId(offset_of::generic).48)) - span: $DIR/offset_of.rs:48:5: 1440:57 (#0) + span: $DIR/offset_of.rs:48:5: 1455:57 (#0) } } ]