"accessible" terminology in with_exposed_provenance docs is misleading #137060
Description
During stabilization, we changed the documentation of exposed provenance from saying that memory outside the AM "is always exposed" to "is always accessible". Based on a conversation I just had, I believe the new documentation to be wrong, because it suggests that this program is permitted:
use std::ptr; fn main() { // Create a byte we "magically" know the address of (by capturing it) // Another way to stash or know a valid-to-write address would make a better demo. let mut byte = 0u8; let magic_addr = &mut byte as *mut u8 as usize; let func = |r: &mut u8| { *r = 123; unsafe { // The docs say: // memory which is outside the control of the Rust abstract machine // (MMIO registers, for example) is always considered to be accessible // with an exposed provenance // So this address should be accessible, according to the docs. // But the access here is a clear violation of the noalias attribute. dbg!(*ptr::with_exposed_provenance::<u8>(magic_addr)) } }; let ptr = ptr::with_exposed_provenance_mut::<u8>(magic_addr); unsafe { func(&mut *ptr); } }The current documentation can be traced to this part of the stabilization PR discussion: #130350 (comment)
I am writing this up as I am heading to bed, so please just correct me if I seem wrong. cc @rust-lang/opsem