From 4bacf7c8451cfb29a5413878293fcfb0f65d08df Mon Sep 17 00:00:00 2001 From: Andy Gocke Date: Wed, 6 May 2026 14:34:40 -0700 Subject: [PATCH 1/3] Include .NET Memory Model in memory safety documentation Add reference to .NET Memory Model for clarity on memory safety. --- accepted/2025/memory-safety/caller-unsafe.md | 1 + 1 file changed, 1 insertion(+) diff --git a/accepted/2025/memory-safety/caller-unsafe.md b/accepted/2025/memory-safety/caller-unsafe.md index c494963e2..de9000b94 100644 --- a/accepted/2025/memory-safety/caller-unsafe.md +++ b/accepted/2025/memory-safety/caller-unsafe.md @@ -16,6 +16,7 @@ The overall goal is to ensure .NET code is "valid" with respect to certain prope * Memory safety * No access to uninitialized memory +* The [.NET Memory Model](https://github.com/dotnet/runtime/blob/main/docs/design/specs/Memory-model.md) The complete definition of these properties is in [Global invariants](#global-invariants). From c170b8e62ea413c56016e3986ef926fe94e742ed Mon Sep 17 00:00:00 2001 From: Andy Gocke Date: Fri, 8 May 2026 14:02:53 -0700 Subject: [PATCH 2/3] Update memory safety properties and add alignment section Add alignment requirement to .NET memory model section and update properties list. --- accepted/2025/memory-safety/caller-unsafe.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/accepted/2025/memory-safety/caller-unsafe.md b/accepted/2025/memory-safety/caller-unsafe.md index de9000b94..c7eedabfe 100644 --- a/accepted/2025/memory-safety/caller-unsafe.md +++ b/accepted/2025/memory-safety/caller-unsafe.md @@ -115,10 +115,11 @@ public sealed class RequiresUnsafeAttribute : System.Attribute ### Global invariants -Two properties which should always hold in .NET programs are: +Three properties which should always hold in .NET programs are: * Memory safety * No access to uninitialized memory +* Alignment with the .NET Memory Model The "safe" subset of C# must guarantee these properties by construction. The unsafe subset cannot be guaranteed entirely by the system -- it needs external validation by the user or other tooling. @@ -134,6 +135,12 @@ These properties are guaranteed by "safe" code through a combination of compiler `unsafe` members are used to identify the places that cannot be automatically checked by the compiler and runtime for validity. Inside unsafe blocks, the programmer is responsible for ensuring that all requirements of the unsafe code are met, and that all code outside the block will have validity properly enforced by the system. +#### .NET Memory Model Alignment + +The .NET memory model contains guarantees which must not be violated by unsafe code: + +* Managed references must always point to aligned data + ### Non-goals The new definition of `unsafe` is centered around memory safety, specifically ensuring access to valid memory and avoiding memory corruption. There are some properties that may be desirable but are not covered by memory safety. This includes: From cbc621e8550ace5053f7994d2889ac9b93477317 Mon Sep 17 00:00:00 2001 From: Andy Gocke Date: Fri, 8 May 2026 14:09:32 -0700 Subject: [PATCH 3/3] Clarify alignment requirement for managed references --- accepted/2025/memory-safety/caller-unsafe.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accepted/2025/memory-safety/caller-unsafe.md b/accepted/2025/memory-safety/caller-unsafe.md index c7eedabfe..0329d5f0b 100644 --- a/accepted/2025/memory-safety/caller-unsafe.md +++ b/accepted/2025/memory-safety/caller-unsafe.md @@ -139,7 +139,7 @@ These properties are guaranteed by "safe" code through a combination of compiler The .NET memory model contains guarantees which must not be violated by unsafe code: -* Managed references must always point to aligned data +* Managed references must always be aligned ### Non-goals