Document missing instances of `unsafe`

3 years ago · a68c42f720
parent 952c5caa86
commit a68c42f720
5 changed files with 21 additions and 5 deletions
--- a/server/src/compat/mod.rs
+++ b/server/src/compat/mod.rs
@ -174,6 +174,7 @@ fn upgrade_file(
            )
        }
        Format::Sparrowlock => unsafe {
+            // UNSAFE(@ohsayan): Not possible as we've already checked this earlier (no upgrades required)
            unreachable_unchecked();
        },
    };
--- a/server/src/config/mod.rs
+++ b/server/src/config/mod.rs
@ -433,6 +433,7 @@ pub fn get_config_file_or_return_cfg() -> Result<ConfigType<ParsedConfig, String
            }
        } else {
            unsafe {
+                // UNSAFE(@ohsayan): Completely safe as our CLI args require a value to be passed to upgrade
                unreachable_unchecked();
            }
        }
--- a/server/src/coredb/htable.rs
+++ b/server/src/coredb/htable.rs
@ -189,7 +189,7 @@ impl<'a, K: Eq + Hash + Serialize, V: Serialize> Deref for TableLockStateGuard<'
 impl<'a, K: Hash + Eq + Serialize, V: Serialize> Drop for TableLockStateGuard<'a, K, V> {
    fn drop(&mut self) {
        unsafe {
-            // we know that no such guards exist, so indicate that the guards has been released
+            // UNSAFE(@ohsayan): we know that no such guards exist, so indicate that the guards has been released
            self.inner._force_unlock_writes();
        }
    }
@ -322,6 +322,7 @@ where
    /// but however **will block if the table is already locked** and then return when a guard is available
    pub fn lock_writes(&self) -> TableLockStateGuard<'_, K, V> {
        self.wait_for_write_unlock_and_then(|| unsafe {
+            // UNSAFE(@ohsayan): This is safe because we're running it exactly after acquiring a lock
            // since we've got a write unlock at this exact point, we're free to lock the table
            // so this _should be_ safe
            // FIXME: UB/race condition here? What if exactly after the write unlock another thread does a lock_writes?
--- a/server/src/diskstore/flock.rs
+++ b/server/src/diskstore/flock.rs
@ -188,6 +188,7 @@ mod __sys {
    /// unlock files on Windows platforms.
    fn lock_file(file: &File, flags: DWORD) -> Result<()> {
        unsafe {
+            // UNSAFE(@ohsayan): Interfacing with low-level winapi stuff, and we know what's happening here :D
            let mut overlapped = mem::zeroed();
            let ret = LockFileEx(
                file.as_raw_handle(), // handle
@ -207,6 +208,7 @@ mod __sys {
    /// Attempt to unlock a file
    pub fn unlock_file(file: &File) -> Result<()> {
        let ret = unsafe {
+            // UNSAFE(@ohsayan): Interfacing with low-level winapi stuff, and we know what's happening here :D
            UnlockFile(
                file.as_raw_handle(), // handle
                0,                    // LOWORD of starting byte offset
@ -227,6 +229,7 @@ mod __sys {
    /// has the same permissions as the original file
    pub fn duplicate(file: &File) -> Result<File> {
        unsafe {
+            // UNSAFE(@ohsayan): Interfacing with low-level winapi stuff, and we know what's happening here :D
            let mut handle = ptr::null_mut();
            let current_process = GetCurrentProcess();
            let ret = DuplicateHandle(
@ -293,7 +296,10 @@ mod __sys {
    }
    /// Attempt to unlock a file
    pub fn unlock_file(file: &File) -> Result<()> {
-        let errno = unsafe { unlock(file.as_raw_fd()) };
+        let errno = unsafe {
+            // UNSAFE(@ohsayan): Again, we know what's going on here. Good ol' C stuff
+            unlock(file.as_raw_fd())
+        };
        match errno {
            0 => Ok(()),
            x @ _ => Err(Error::from_raw_os_error(x)),
@ -304,6 +310,7 @@ mod __sys {
    /// Good ol' libc dup() calls
    pub fn duplicate(file: &File) -> Result<File> {
        unsafe {
+            // UNSAFE(@ohsayan): Completely safe, just that this is FFI
            let fd = libc::dup(file.as_raw_fd());
            if fd < 0 {
                Err(Error::last_os_error())
--- a/server/src/protocol/mod.rs
+++ b/server/src/protocol/mod.rs
@ -187,7 +187,10 @@ impl<'a> Parser<'a> {
            // if 9 is given, the subtraction should give us 9!
            let curdig: usize = dig
                .checked_sub(48)
-                .unwrap_or_else(|| unsafe { unreachable_unchecked() })
+                .unwrap_or_else(|| unsafe {
+                    // UNSAFE(@ohsayan): We already know that dig is an ASCII digit
+                    unreachable_unchecked()
+                })
                .into();
            // The usize can overflow; check that case
            let product = match item_usize.checked_mul(10) {
@ -219,7 +222,10 @@ impl<'a> Parser<'a> {
            // if 9 is given, the subtraction should give us 9!
            let curdig: u64 = dig
                .checked_sub(48)
-                .unwrap_or_else(|| unsafe { unreachable_unchecked() })
+                .unwrap_or_else(|| unsafe {
+                    // UNSAFE(@ohsayan): We already know that dig is an ASCII digit
+                    unreachable_unchecked()
+                })
                .into();
            // Now the entire u64 can overflow, so let's attempt to check it
            let product = match item_u64.checked_mul(10) {
@ -374,7 +380,7 @@ impl<'a> Parser<'a> {
            if self
                .will_cursor_give_char(b'*', true)
                .unwrap_or_else(|_| unsafe {
-                    // This will never be the case because we'll always get a result and no error value
+                    // UNSAFE(@ohsayan): This will never be the case because we'll always get a result and no error value
                    // as we've passed true which will yield Ok(true) even if there is no byte ahead
                    unreachable_unchecked()
                })