The documentation for
alloc::alloc::GlobalAlloc says (emphasis added):
You must not rely on allocations actually happening, even if there are explicit heap allocations in the source. The optimizer may detect unused allocations that it can either eliminate entirely or move to the stack and thus never invoke the allocator. The optimizer may further assume that allocation is infallible, so code that used to fail due to allocator failures may now suddenly work because the optimizer worked around the need for an allocation.
Given that many functions in the standard library attempt to handle allocation failure (by panicking or aborting) and that there has been interest for years in allowing Rust users to attempt to handle allocation failure in less disruptive ways, I think the permission that the emphasized phrase gives to the optimizer is much broader than is intended — if the optimizer actually used that permission, all the standard library's checks for allocation failure would be useless.
I considered submitting a patch to change this phrase, but I don't know anywhere near enough about Rust at this level of detail to know to what to change the phrase, so I open this topic to propose that it be changed and leave to more knowledgeable persons choosing what phrasing to use.
Maybe "The optimizer is allowed to eliminate an allocation even if the allocation might, or would, have failed. There is no guarantee that code that fails with an allocator error in one version of Rust will continue to fail in future versions of Rust; instead, it may cease failing because the optimizer worked around the need for the allocation."?