Last week I published a post, then titled Using Drop for Safety in Rust, that contained a significant error — one I should have known about, because it is ancient Rust history! If you read that post, the main thing to take away is that it is always unsafe and therefore unsound to rely on a Drop imlpementation for safety or soundness, because Rust does not (and as a matter of fairly long-standing constraints on its design cannot) guarantee that a Drop implementation will be run. Thus, any unsafe code you write must not rely on the Drop implementation.

In the case of the std::vec::Drain type specifically, soundness is preserved at construction. Specifically, it truncates the original Vec so that the underlying elements may be leaked but will never be illegally aliased.

This morning, I updated the post to account for that:

• I corrected the text itself, to say that Drop must not be responsible for upholding soundness and to clarify that it is only responsible to be sound in its own implementation, and explaining the correct-at-construction implementation instead.

• I changed the title to Using Drop Safely in Rust, to convey the shift in meaning, updated the URL to match, and redirected the original post to the new location.

• I added a note explaining the mistake mid-text, and also flagged it in the Updates section at the end of the piece.