Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiahnpabxdj4h3645qnokwz2r36yb4fc236gih3l5rr4klss4oro6y",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mfwptlkm3to2"
  },
  "path": "/t/impact-of-static-variables-on-api-soundness/24039#post_1",
  "publishedAt": "2026-02-26T16:11:58.000Z",
  "site": "https://internals.rust-lang.org",
  "textContent": "I have a question regarding the policy for declaring API safety when it depends on the value of static variables. In the example below, the module `FooSys` contains a static variable `PTR` with internal mutability and two public APIs. Can the API `do_critical_task` be declared safe?\n\nThe function `do_critical_task` requires that `PTR` is either `null` or points to `CONFIG`. In the current module, this is guaranteed because `PTR` can only have these two states. However, future modifications to the module could introduce additional states or allow `PTR` to be changed, which could break this guarantee.\n\nMy specific questions are as follows:\n\n  1. In the current implementation, I believe `do_critical_task` can be declared safe. Is this correct?\n  2. If `PTR` remains private, but additional invalid states become possible, then `do_critical_task` cannot be declared safe, correct?\n  3. If `PTR` is made public (but not to other crates), meaning that additional invalid states could be introduced from outside the module, can `do_critical_task` still be declared safe?\n\n\n\n\n    mod FooSys {\n        use std::{ptr, sync::atomic::{AtomicPtr, Ordering}};\n\n        /// Static atomic pointer pointing to system configuration\n        static PTR: AtomicPtr<u32> = AtomicPtr::new(ptr::null_mut());\n\n        /// Initialize the system and set PTR to point to a valid static resource\n        pub fn initialize_system() {\n            static CONFIG: u32 = 42;\n            PTR.store(&CONFIG as *const u32 as *mut u32, Ordering::SeqCst);\n        }\n\n        pub fn do_critical_task() {\n            let ptr = PTR.load(Ordering::SeqCst);\n            if !ptr.is_null() {\n                unsafe { read_config(ptr); }\n            }\n        }\n\n        // Safety: `ptr` must point to a valid configuration.\n        unsafe fn read_config(ptr: *mut u32) {\n           ...\n        }\n    }\n",
  "title": "Impact of Static Variables on API Soundness"
}