diff --git a/server/src/compat/mod.rs b/server/src/compat/mod.rs index 280f168c..cc26e2e3 100644 --- a/server/src/compat/mod.rs +++ b/server/src/compat/mod.rs @@ -174,6 +174,7 @@ fn upgrade_file( ) } Format::Sparrowlock => unsafe { + // UNSAFE(@ohsayan): Not possible as we've already checked this earlier (no upgrades required) unreachable_unchecked(); }, }; diff --git a/server/src/config/mod.rs b/server/src/config/mod.rs index 69f53825..b70d3c14 100644 --- a/server/src/config/mod.rs +++ b/server/src/config/mod.rs @@ -433,6 +433,7 @@ pub fn get_config_file_or_return_cfg() -> Result Deref for TableLockStateGuard<' impl<'a, K: Hash + Eq + Serialize, V: Serialize> Drop for TableLockStateGuard<'a, K, V> { fn drop(&mut self) { unsafe { - // we know that no such guards exist, so indicate that the guards has been released + // UNSAFE(@ohsayan): we know that no such guards exist, so indicate that the guards has been released self.inner._force_unlock_writes(); } } @@ -322,6 +322,7 @@ where /// but however **will block if the table is already locked** and then return when a guard is available pub fn lock_writes(&self) -> TableLockStateGuard<'_, K, V> { self.wait_for_write_unlock_and_then(|| unsafe { + // UNSAFE(@ohsayan): This is safe because we're running it exactly after acquiring a lock // since we've got a write unlock at this exact point, we're free to lock the table // so this _should be_ safe // FIXME: UB/race condition here? What if exactly after the write unlock another thread does a lock_writes? diff --git a/server/src/diskstore/flock.rs b/server/src/diskstore/flock.rs index f3f99ac4..35e801ac 100644 --- a/server/src/diskstore/flock.rs +++ b/server/src/diskstore/flock.rs @@ -188,6 +188,7 @@ mod __sys { /// unlock files on Windows platforms. fn lock_file(file: &File, flags: DWORD) -> Result<()> { unsafe { + // UNSAFE(@ohsayan): Interfacing with low-level winapi stuff, and we know what's happening here :D let mut overlapped = mem::zeroed(); let ret = LockFileEx( file.as_raw_handle(), // handle @@ -207,6 +208,7 @@ mod __sys { /// Attempt to unlock a file pub fn unlock_file(file: &File) -> Result<()> { let ret = unsafe { + // UNSAFE(@ohsayan): Interfacing with low-level winapi stuff, and we know what's happening here :D UnlockFile( file.as_raw_handle(), // handle 0, // LOWORD of starting byte offset @@ -227,6 +229,7 @@ mod __sys { /// has the same permissions as the original file pub fn duplicate(file: &File) -> Result { unsafe { + // UNSAFE(@ohsayan): Interfacing with low-level winapi stuff, and we know what's happening here :D let mut handle = ptr::null_mut(); let current_process = GetCurrentProcess(); let ret = DuplicateHandle( @@ -293,7 +296,10 @@ mod __sys { } /// Attempt to unlock a file pub fn unlock_file(file: &File) -> Result<()> { - let errno = unsafe { unlock(file.as_raw_fd()) }; + let errno = unsafe { + // UNSAFE(@ohsayan): Again, we know what's going on here. Good ol' C stuff + unlock(file.as_raw_fd()) + }; match errno { 0 => Ok(()), x @ _ => Err(Error::from_raw_os_error(x)), @@ -304,6 +310,7 @@ mod __sys { /// Good ol' libc dup() calls pub fn duplicate(file: &File) -> Result { unsafe { + // UNSAFE(@ohsayan): Completely safe, just that this is FFI let fd = libc::dup(file.as_raw_fd()); if fd < 0 { Err(Error::last_os_error()) diff --git a/server/src/protocol/mod.rs b/server/src/protocol/mod.rs index 37d3881a..bb9f1daf 100644 --- a/server/src/protocol/mod.rs +++ b/server/src/protocol/mod.rs @@ -187,7 +187,10 @@ impl<'a> Parser<'a> { // if 9 is given, the subtraction should give us 9! let curdig: usize = dig .checked_sub(48) - .unwrap_or_else(|| unsafe { unreachable_unchecked() }) + .unwrap_or_else(|| unsafe { + // UNSAFE(@ohsayan): We already know that dig is an ASCII digit + unreachable_unchecked() + }) .into(); // The usize can overflow; check that case let product = match item_usize.checked_mul(10) { @@ -219,7 +222,10 @@ impl<'a> Parser<'a> { // if 9 is given, the subtraction should give us 9! let curdig: u64 = dig .checked_sub(48) - .unwrap_or_else(|| unsafe { unreachable_unchecked() }) + .unwrap_or_else(|| unsafe { + // UNSAFE(@ohsayan): We already know that dig is an ASCII digit + unreachable_unchecked() + }) .into(); // Now the entire u64 can overflow, so let's attempt to check it let product = match item_u64.checked_mul(10) { @@ -374,7 +380,7 @@ impl<'a> Parser<'a> { if self .will_cursor_give_char(b'*', true) .unwrap_or_else(|_| unsafe { - // This will never be the case because we'll always get a result and no error value + // UNSAFE(@ohsayan): This will never be the case because we'll always get a result and no error value // as we've passed true which will yield Ok(true) even if there is no byte ahead unreachable_unchecked() })