link to 'two kinds of invariants'

[web.git] / ralf / _posts / 2020-07-15-unused-data.md

diff --git a/ralf/_posts/2020-07-15-unused-data.md b/ralf/_posts/2020-07-15-unused-data.md
index afdfff91d7aae85c5e652e8642292bbfbcdc9949..ccde20408a75ca3b29f95bb6d08e8cbadaed2ecc 100644 (file)
--- a/ralf/_posts/2020-07-15-unused-data.md
+++ b/ralf/_posts/2020-07-15-unused-data.md
@@ -30,6 +30,8 @@ fn example(b: bool) -> i32 {
 
 I hope it is not very surprising that calling `example` on, e.g., `3` transmuted to `bool` is Undefined Behavior (UB).
 When compiling `if`, the compiler assumes that `0` and `1` are the only possible values; there is no saying what could go wrong when that assumption is violated.
+(This is a compiler-understood *validity invariant* that is fixed in the language specification, which is very different from a user-defined *safety invariant*.
+See [this earlier post]({% post_url 2018-08-22-two-kinds-of-invariants.md %}) for more details on that distinction.)
 
 What is less obvious is why calling `example` on `3` is UB even when there is no such `if` being executed.
 To understand why that is important, let us consider the following example: