Notes on safe reachability for Rust


I wrote some very rough, brain-dumpy, incomplete notes on safe reachability for a notion of legal unsafe code.

The rough idea is that unsafe code can do what it likes to the heap which isn’t reachable by safe code, but it should maintain the Rust memory safety invariants in the safely reachable subset of the heap.


A conversation with @nikomatsakis on irc:

Summary: the defn of typed rooted heap isn’t quite right, as it’s not taking lifetimes into account.