Oh, I missed that comment. And I don't think it is true. I already quoted malloc above as yielding indeterminate values; the padding bytes of a struct will usually stay indeterminate. In fact, a quick search for "padding" in the standard brings up "The contents of ‘‘holes’’ used as padding for purposes of alignment within structure objects are indeterminate."
I think there is general agreement in the unsafe code guidelines team that there are some optimizations we want to do on safe code, and that we are willing to make things UB for that purpose. See https://github.com/nikomatsakis/rust-memory-model/tree/master/optimizations for some examples. I agree that UB is bad, but slow code is also bad. This is a trade-off. Making fewer things UB is one way to improve the situation here; another one that we are looking into is making UB testable. That would be a big thing, and put us in a totally different spot than where C sits. If we have a way to run your test suite in "UB checking mode", so that you can be sure it doesn't do anything the compiler doesn't want you to do -- that makes it much less of a problem for the UB rules to be subtle. Still, we want them to be as "un-subtle" as reasonable while still permitting sufficient optimization. After all, if people use C or assembly over Rust for reasons of performance, we haven't gained much in terms of overall safety. (Also notice that the UB rules will only ever affect people the use unsafe, so most Rust programmers should not have to care.)
Also, is some forum moderator reading this? I think most everything since https://internals.rust-lang.org/t/canvas-unsafe-code-in-the-wild/4990/23 is interesting discussion and very valuable feedback, but it's not on-topic in this thread any more, so maybe we could have it split into a new thread?