bjoernager/rust
bjoernager/rust
1
Fork 0
Code Issues Pull requests Activity

Rollup merge of #76504 - Flying-Toast:master, r=lcnr

Browse source 
Capitalize safety comments
This commit is contained in:
Tyler Mandry 2020-09-09 15:06:00 -07:00 committed by GitHub
commit c18fa460a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 42 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

2
compiler/rustc_data_structures/src/temp_dir.rs
View file

@ -12,7 +12,7 @@ pub struct MaybeTempDir {
impl Drop for MaybeTempDir { impl Drop for MaybeTempDir {
fn drop(&mut self) { fn drop(&mut self) {
// Safety: We are in the destructor, and no further access will // SAFETY: We are in the destructor, and no further access will
// occur. // occur.
let dir = unsafe { ManuallyDrop::take(&mut self.dir) }; let dir = unsafe { ManuallyDrop::take(&mut self.dir) };
if self.keep { if self.keep {

2
library/alloc/src/alloc.rs
View file

@ -157,7 +157,7 @@ impl Global {
} }
} }
// Safety: Same as `AllocRef::grow` // SAFETY: Same as `AllocRef::grow`
#[inline] #[inline]
unsafe fn grow_impl( unsafe fn grow_impl(
&mut self, &mut self,

2
library/alloc/src/collections/vec_deque.rs
View file

@ -2388,7 +2388,7 @@ impl<T> VecDeque<T> {
} }
} }
// Safety: the following two methods require that the rotation amount // SAFETY: the following two methods require that the rotation amount
// be less than half the length of the deque. // be less than half the length of the deque.
// //
// `wrap_copy` requires that `min(x, cap() - x) + copy_len <= cap()`, // `wrap_copy` requires that `min(x, cap() - x) + copy_len <= cap()`,

2
library/core/src/future/mod.rs
View file

@ -71,7 +71,7 @@ where
impl<T: Generator<ResumeTy, Yield = ()>> Future for GenFuture<T> { impl<T: Generator<ResumeTy, Yield = ()>> Future for GenFuture<T> {
type Output = T::Return; type Output = T::Return;
fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> { fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
// Safety: Safe because we're !Unpin + !Drop, and this is just a field projection. // SAFETY: Safe because we're !Unpin + !Drop, and this is just a field projection.
let gen = unsafe { Pin::map_unchecked_mut(self, |s| &mut s.0) }; let gen = unsafe { Pin::map_unchecked_mut(self, |s| &mut s.0) };
// Resume the generator, turning the `&mut Context` into a `NonNull` raw pointer. The // Resume the generator, turning the `&mut Context` into a `NonNull` raw pointer. The

2
library/core/src/iter/adapters/fuse.rs
View file

@ -530,7 +530,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
match self.iter { match self.iter {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
Some(ref mut iter) => unsafe { SourceIter::as_inner(iter) }, Some(ref mut iter) => unsafe { SourceIter::as_inner(iter) },
// SAFETY: the specialized iterator never sets `None` // SAFETY: the specialized iterator never sets `None`
None => unsafe { intrinsics::unreachable() }, None => unsafe { intrinsics::unreachable() },

24
library/core/src/iter/adapters/mod.rs
View file

@ -1019,7 +1019,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -1168,7 +1168,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -1312,7 +1312,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -1550,7 +1550,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -1848,7 +1848,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -1967,7 +1967,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -2102,7 +2102,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -2200,7 +2200,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -2403,7 +2403,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -2530,7 +2530,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -2712,7 +2712,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }
@ -2879,7 +2879,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.iter) } unsafe { SourceIter::as_inner(&mut self.iter) }
} }
} }

2
library/core/src/iter/adapters/zip.rs
View file

@ -343,7 +343,7 @@ where
#[inline] #[inline]
unsafe fn as_inner(&mut self) -> &mut S { unsafe fn as_inner(&mut self) -> &mut S {
// Safety: unsafe function forwarding to unsafe function with the same requirements // SAFETY: unsafe function forwarding to unsafe function with the same requirements
unsafe { SourceIter::as_inner(&mut self.a) } unsafe { SourceIter::as_inner(&mut self.a) }
} }
} }

8
library/core/src/lazy.rs
View file

@ -92,7 +92,7 @@ impl<T> OnceCell<T> {
/// Returns `None` if the cell is empty. /// Returns `None` if the cell is empty.
#[unstable(feature = "once_cell", issue = "74465")] #[unstable(feature = "once_cell", issue = "74465")]
pub fn get(&self) -> Option<&T> { pub fn get(&self) -> Option<&T> {
// Safety: Safe due to `inner`'s invariant // SAFETY: Safe due to `inner`'s invariant
unsafe { &*self.inner.get() }.as_ref() unsafe { &*self.inner.get() }.as_ref()
} }
@ -101,7 +101,7 @@ impl<T> OnceCell<T> {
/// Returns `None` if the cell is empty. /// Returns `None` if the cell is empty.
#[unstable(feature = "once_cell", issue = "74465")] #[unstable(feature = "once_cell", issue = "74465")]
pub fn get_mut(&mut self) -> Option<&mut T> { pub fn get_mut(&mut self) -> Option<&mut T> {
// Safety: Safe because we have unique access // SAFETY: Safe because we have unique access
unsafe { &mut *self.inner.get() }.as_mut() unsafe { &mut *self.inner.get() }.as_mut()
} }
@ -129,13 +129,13 @@ impl<T> OnceCell<T> {
/// ``` /// ```
#[unstable(feature = "once_cell", issue = "74465")] #[unstable(feature = "once_cell", issue = "74465")]
pub fn set(&self, value: T) -> Result<(), T> { pub fn set(&self, value: T) -> Result<(), T> {
// Safety: Safe because we cannot have overlapping mutable borrows // SAFETY: Safe because we cannot have overlapping mutable borrows
let slot = unsafe { &*self.inner.get() }; let slot = unsafe { &*self.inner.get() };
if slot.is_some() { if slot.is_some() {
return Err(value); return Err(value);
} }
// Safety: This is the only place where we set the slot, no races // SAFETY: This is the only place where we set the slot, no races
// due to reentrancy/concurrency are possible, and we've // due to reentrancy/concurrency are possible, and we've
// checked that slot is currently `None`, so this write // checked that slot is currently `None`, so this write
// maintains the `inner`'s invariant. // maintains the `inner`'s invariant.

4
library/core/src/mem/maybe_uninit.rs
View file

@ -599,7 +599,7 @@ impl<T> MaybeUninit<T> {
/// // Now that our `MaybeUninit<_>` is known to be initialized, it is okay to /// // Now that our `MaybeUninit<_>` is known to be initialized, it is okay to
/// // create a shared reference to it: /// // create a shared reference to it:
/// let x: &Vec<u32> = unsafe { /// let x: &Vec<u32> = unsafe {
/// // Safety: `x` has been initialized. /// // SAFETY: `x` has been initialized.
/// x.assume_init_ref() /// x.assume_init_ref()
/// }; /// };
/// assert_eq!(x, &vec![1, 2, 3]); /// assert_eq!(x, &vec![1, 2, 3]);
@ -676,7 +676,7 @@ impl<T> MaybeUninit<T> {
/// // To assert our buffer has been initialized without copying it, we upgrade /// // To assert our buffer has been initialized without copying it, we upgrade
/// // the `&mut MaybeUninit<[u8; 2048]>` to a `&mut [u8; 2048]`: /// // the `&mut MaybeUninit<[u8; 2048]>` to a `&mut [u8; 2048]`:
/// let buf: &mut [u8; 2048] = unsafe { /// let buf: &mut [u8; 2048] = unsafe {
/// // Safety: `buf` has been initialized. /// // SAFETY: `buf` has been initialized.
/// buf.assume_init_mut() /// buf.assume_init_mut()
/// }; /// };
/// ///

6
library/core/src/num/mod.rs
View file

@ -124,7 +124,7 @@ assert_eq!(size_of::<Option<core::num::", stringify!($Ty), ">>(), size_of::<", s
type Output = Self; type Output = Self;
#[inline] #[inline]
fn bitor(self, rhs: Self) -> Self::Output { fn bitor(self, rhs: Self) -> Self::Output {
// Safety: since `self` and `rhs` are both nonzero, the // SAFETY: since `self` and `rhs` are both nonzero, the
// result of the bitwise-or will be nonzero. // result of the bitwise-or will be nonzero.
unsafe { $Ty::new_unchecked(self.get() | rhs.get()) } unsafe { $Ty::new_unchecked(self.get() | rhs.get()) }
} }
@ -135,7 +135,7 @@ assert_eq!(size_of::<Option<core::num::", stringify!($Ty), ">>(), size_of::<", s
type Output = Self; type Output = Self;
#[inline] #[inline]
fn bitor(self, rhs: $Int) -> Self::Output { fn bitor(self, rhs: $Int) -> Self::Output {
// Safety: since `self` is nonzero, the result of the // SAFETY: since `self` is nonzero, the result of the
// bitwise-or will be nonzero regardless of the value of // bitwise-or will be nonzero regardless of the value of
// `rhs`. // `rhs`.
unsafe { $Ty::new_unchecked(self.get() | rhs) } unsafe { $Ty::new_unchecked(self.get() | rhs) }
@ -147,7 +147,7 @@ assert_eq!(size_of::<Option<core::num::", stringify!($Ty), ">>(), size_of::<", s
type Output = $Ty; type Output = $Ty;
#[inline] #[inline]
fn bitor(self, rhs: $Ty) -> Self::Output { fn bitor(self, rhs: $Ty) -> Self::Output {
// Safety: since `rhs` is nonzero, the result of the // SAFETY: since `rhs` is nonzero, the result of the
// bitwise-or will be nonzero regardless of the value of // bitwise-or will be nonzero regardless of the value of
// `self`. // `self`.
unsafe { $Ty::new_unchecked(self | rhs.get()) } unsafe { $Ty::new_unchecked(self | rhs.get()) }

2
library/core/src/pin.rs
View file

@ -474,7 +474,7 @@ impl<P: Deref<Target: Unpin>> Pin<P> {
#[stable(feature = "pin", since = "1.33.0")] #[stable(feature = "pin", since = "1.33.0")]
#[inline(always)] #[inline(always)]
pub fn new(pointer: P) -> Pin<P> { pub fn new(pointer: P) -> Pin<P> {
// Safety: the value pointed to is `Unpin`, and so has no requirements // SAFETY: the value pointed to is `Unpin`, and so has no requirements
// around pinning. // around pinning.
unsafe { Pin::new_unchecked(pointer) } unsafe { Pin::new_unchecked(pointer) }
} }

2
library/core/src/slice/mod.rs
View file

@ -3245,7 +3245,7 @@ fn is_ascii(s: &[u8]) -> bool {
(word_ptr as usize) - (start as usize) == byte_pos (word_ptr as usize) - (start as usize) == byte_pos
); );
// Safety: We know `word_ptr` is properly aligned (because of // SAFETY: We know `word_ptr` is properly aligned (because of
// `align_offset`), and we know that we have enough bytes between `word_ptr` and the end // `align_offset`), and we know that we have enough bytes between `word_ptr` and the end
let word = unsafe { word_ptr.read() }; let word = unsafe { word_ptr.read() };
if contains_nonascii(word) { if contains_nonascii(word) {

2
library/std/src/alloc.rs
View file

@ -149,7 +149,7 @@ impl System {
} }
} }
// Safety: Same as `AllocRef::grow` // SAFETY: Same as `AllocRef::grow`
#[inline] #[inline]
unsafe fn grow_impl( unsafe fn grow_impl(
&mut self, &mut self,

4
library/std/src/ffi/c_str.rs
View file

@ -881,13 +881,13 @@ impl From<Vec<NonZeroU8>> for CString {
unsafe { unsafe {
// Transmute `Vec<NonZeroU8>` to `Vec<u8>`. // Transmute `Vec<NonZeroU8>` to `Vec<u8>`.
let v: Vec<u8> = { let v: Vec<u8> = {
// Safety: // SAFETY:
// - transmuting between `NonZeroU8` and `u8` is sound; // - transmuting between `NonZeroU8` and `u8` is sound;
// - `alloc::Layout<NonZeroU8> == alloc::Layout<u8>`. // - `alloc::Layout<NonZeroU8> == alloc::Layout<u8>`.
let (ptr, len, cap): (*mut NonZeroU8, _, _) = Vec::into_raw_parts(v); let (ptr, len, cap): (*mut NonZeroU8, _, _) = Vec::into_raw_parts(v);
Vec::from_raw_parts(ptr.cast::<u8>(), len, cap) Vec::from_raw_parts(ptr.cast::<u8>(), len, cap)
}; };
// Safety: `v` cannot contain null bytes, given the type-level // SAFETY: `v` cannot contain null bytes, given the type-level
// invariant of `NonZeroU8`. // invariant of `NonZeroU8`.
CString::from_vec_unchecked(v) CString::from_vec_unchecked(v)
} }

4
library/std/src/ffi/os_str.rs
View file

@ -510,14 +510,14 @@ impl OsStr {
#[inline] #[inline]
fn from_inner(inner: &Slice) -> &OsStr { fn from_inner(inner: &Slice) -> &OsStr {
// Safety: OsStr is just a wrapper of Slice, // SAFETY: OsStr is just a wrapper of Slice,
// therefore converting &Slice to &OsStr is safe. // therefore converting &Slice to &OsStr is safe.
unsafe { &*(inner as *const Slice as *const OsStr) } unsafe { &*(inner as *const Slice as *const OsStr) }
} }
#[inline] #[inline]
fn from_inner_mut(inner: &mut Slice) -> &mut OsStr { fn from_inner_mut(inner: &mut Slice) -> &mut OsStr {
// Safety: OsStr is just a wrapper of Slice, // SAFETY: OsStr is just a wrapper of Slice,
// therefore converting &mut Slice to &mut OsStr is safe. // therefore converting &mut Slice to &mut OsStr is safe.
// Any method that mutates OsStr must be careful not to // Any method that mutates OsStr must be careful not to
// break platform-specific encoding, in particular Wtf8 on Windows. // break platform-specific encoding, in particular Wtf8 on Windows.

6
library/std/src/lazy.rs
View file

@ -293,7 +293,7 @@ impl<T> SyncOnceCell<T> {
debug_assert!(self.is_initialized()); debug_assert!(self.is_initialized());
// Safety: The inner value has been initialized // SAFETY: The inner value has been initialized
Ok(unsafe { self.get_unchecked() }) Ok(unsafe { self.get_unchecked() })
} }
@ -316,7 +316,7 @@ impl<T> SyncOnceCell<T> {
/// ``` /// ```
#[unstable(feature = "once_cell", issue = "74465")] #[unstable(feature = "once_cell", issue = "74465")]
pub fn into_inner(mut self) -> Option<T> { pub fn into_inner(mut self) -> Option<T> {
// Safety: Safe because we immediately free `self` without dropping // SAFETY: Safe because we immediately free `self` without dropping
let inner = unsafe { self.take_inner() }; let inner = unsafe { self.take_inner() };
// Don't drop this `SyncOnceCell`. We just moved out one of the fields, but didn't set // Don't drop this `SyncOnceCell`. We just moved out one of the fields, but didn't set
@ -416,7 +416,7 @@ impl<T> SyncOnceCell<T> {
unsafe impl<#[may_dangle] T> Drop for SyncOnceCell<T> { unsafe impl<#[may_dangle] T> Drop for SyncOnceCell<T> {
fn drop(&mut self) { fn drop(&mut self) {
// Safety: The cell is being dropped, so it can't be accessed again. // SAFETY: The cell is being dropped, so it can't be accessed again.
// We also don't touch the `T`, which validates our usage of #[may_dangle]. // We also don't touch the `T`, which validates our usage of #[may_dangle].
unsafe { self.take_inner() }; unsafe { self.take_inner() };
} }

4
library/std/src/sys/windows/os_str.rs
View file

@ -77,14 +77,14 @@ impl Buf {
} }
pub fn as_slice(&self) -> &Slice { pub fn as_slice(&self) -> &Slice {
// Safety: Slice is just a wrapper for Wtf8, // SAFETY: Slice is just a wrapper for Wtf8,
// and self.inner.as_slice() returns &Wtf8. // and self.inner.as_slice() returns &Wtf8.
// Therefore, transmuting &Wtf8 to &Slice is safe. // Therefore, transmuting &Wtf8 to &Slice is safe.
unsafe { mem::transmute(self.inner.as_slice()) } unsafe { mem::transmute(self.inner.as_slice()) }
} }
pub fn as_mut_slice(&mut self) -> &mut Slice { pub fn as_mut_slice(&mut self) -> &mut Slice {
// Safety: Slice is just a wrapper for Wtf8, // SAFETY: Slice is just a wrapper for Wtf8,
// and self.inner.as_mut_slice() returns &mut Wtf8. // and self.inner.as_mut_slice() returns &mut Wtf8.
// Therefore, transmuting &mut Wtf8 to &mut Slice is safe. // Therefore, transmuting &mut Wtf8 to &mut Slice is safe.
// Additionally, care should be taken to ensure the slice // Additionally, care should be taken to ensure the slice

4
library/std/src/sys_common/os_str_bytes.rs
View file

@ -106,7 +106,7 @@ impl Buf {
#[inline] #[inline]
pub fn as_slice(&self) -> &Slice { pub fn as_slice(&self) -> &Slice {
// Safety: Slice just wraps [u8], // SAFETY: Slice just wraps [u8],
// and &*self.inner is &[u8], therefore // and &*self.inner is &[u8], therefore
// transmuting &[u8] to &Slice is safe. // transmuting &[u8] to &Slice is safe.
unsafe { mem::transmute(&*self.inner) } unsafe { mem::transmute(&*self.inner) }
@ -114,7 +114,7 @@ impl Buf {
#[inline] #[inline]
pub fn as_mut_slice(&mut self) -> &mut Slice { pub fn as_mut_slice(&mut self) -> &mut Slice {
// Safety: Slice just wraps [u8], // SAFETY: Slice just wraps [u8],
// and &mut *self.inner is &mut [u8], therefore // and &mut *self.inner is &mut [u8], therefore
// transmuting &mut [u8] to &mut Slice is safe. // transmuting &mut [u8] to &mut Slice is safe.
unsafe { mem::transmute(&mut *self.inner) } unsafe { mem::transmute(&mut *self.inner) }

2
src/test/ui/generator/static-generators.rs
View file

@ -12,7 +12,7 @@ fn main() {
yield; yield;
assert_eq!(b as *const _, &a as *const _); assert_eq!(b as *const _, &a as *const _);
}; };
// Safety: We shadow the original generator variable so have no safe API to // SAFETY: We shadow the original generator variable so have no safe API to
// move it after this point. // move it after this point.
let mut generator = unsafe { Pin::new_unchecked(&mut generator) }; let mut generator = unsafe { Pin::new_unchecked(&mut generator) };
assert_eq!(generator.as_mut().resume(()), GeneratorState::Yielded(())); assert_eq!(generator.as_mut().resume(()), GeneratorState::Yielded(()));