build: require safety comments on unsafe code (#13870)

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
author: Luca Casonato <hello@lcas.dev> 2022-06-26 00:13:24 +0200
committer: GitHub <noreply@github.com> 2022-06-26 00:13:24 +0200
commit: 8d82ba729937baf83011354242cabc3d50c13dc2 (patch)
tree: 3e8c4d87986338639eeef4a76543e4335020262c /core/async_cancel.rs
parent: 38505db39137f33bfdb942658ea892a617ac0980 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/core/async_cancel.rs b/core/async_cancel.rs
index cf338174d..55ab8f4d1 100644
--- a/core/async_cancel.rs
+++ b/core/async_cancel.rs
@@ -302,13 +302,19 @@ mod internal {
         Some((head, rc)) => {
           // Register this `Cancelable` node with a `CancelHandle` head node.
           assert_ne!(self, head);
+          // TODO(piscisaureus): safety comment
+          #[allow(clippy::undocumented_unsafe_blocks)]
           let self_inner = unsafe { &mut *self.inner.get() };
+          // TODO(piscisaureus): safety comment
+          #[allow(clippy::undocumented_unsafe_blocks)]
           let head_inner = unsafe { &mut *head.inner.get() };
           self_inner.link(waker, head_inner, rc)
         }
         None => {
           // This `Cancelable` has already been linked to a `CancelHandle` head
           // node; just update our stored `Waker` if necessary.
+          // TODO(piscisaureus): safety comment
+          #[allow(clippy::undocumented_unsafe_blocks)]
           let inner = unsafe { &mut *self.inner.get() };
           inner.update_waker(waker)
         }
@@ -316,11 +322,15 @@ mod internal {
     }
 
     pub fn cancel(&self) {
+      // TODO(piscisaureus): safety comment
+      #[allow(clippy::undocumented_unsafe_blocks)]
       let inner = unsafe { &mut *self.inner.get() };
       inner.cancel();
     }
 
     pub fn is_canceled(&self) -> bool {
+      // TODO(piscisaureus): safety comment
+      #[allow(clippy::undocumented_unsafe_blocks)]
       let inner = unsafe { &mut *self.inner.get() };
       inner.is_canceled()
     }
@@ -337,6 +347,8 @@ mod internal {
 
   impl Drop for Node {
     fn drop(&mut self) {
+      // TODO(piscisaureus): safety comment
+      #[allow(clippy::undocumented_unsafe_blocks)]
       let inner = unsafe { &mut *self.inner.get() };
       inner.unlink();
     }
@@ -392,6 +404,8 @@ mod internal {
           prev: next_prev_nn,
           ..
         } => {
+          // TODO(piscisaureus): safety comment
+          #[allow(clippy::undocumented_unsafe_blocks)]
           let prev = unsafe { &mut *next_prev_nn.as_ptr() };
           match prev {
             NodeInner::Linked {
@@ -444,10 +458,14 @@ mod internal {
         if prev_nn == next_nn {
           // There were only two nodes in this chain; after unlinking ourselves
           // the other node is no longer linked.
+          // TODO(piscisaureus): safety comment
+          #[allow(clippy::undocumented_unsafe_blocks)]
           let other = unsafe { prev_nn.as_mut() };
           *other = NodeInner::Unlinked;
         } else {
           // The chain had more than two nodes.
+          // TODO(piscisaureus): safety comment
+          #[allow(clippy::undocumented_unsafe_blocks)]
           match unsafe { prev_nn.as_mut() } {
             NodeInner::Linked {
               next: prev_next_nn, ..
@@ -456,6 +474,8 @@ mod internal {
             }
             _ => unreachable!(),
           }
+          // TODO(piscisaureus): safety comment
+          #[allow(clippy::undocumented_unsafe_blocks)]
           match unsafe { next_nn.as_mut() } {
             NodeInner::Linked {
               prev: next_prev_nn, ..
@@ -473,6 +493,8 @@ mod internal {
     fn cancel(&mut self) {
       let mut head_nn = NonNull::from(self);
 
+      // TODO(piscisaureus): safety comment
+      #[allow(clippy::undocumented_unsafe_blocks)]
       // Mark the head node as canceled.
       let mut item_nn =
         match replace(unsafe { head_nn.as_mut() }, NodeInner::Canceled) {
@@ -487,6 +509,8 @@ mod internal {
 
       // Cancel all item nodes in the chain, waking each stored `Waker`.
       while item_nn != head_nn {
+        // TODO(piscisaureus): safety comment
+        #[allow(clippy::undocumented_unsafe_blocks)]
         match replace(unsafe { item_nn.as_mut() }, NodeInner::Canceled) {
           NodeInner::Linked {
             kind: NodeKind::Item { waker },
@@ -745,6 +769,7 @@ mod tests {
     assert!(Rc::get_mut(&mut cancel_handle).is_some());
 
     let mut future = pending::<Never>().or_cancel(&cancel_handle);
+    // SAFETY: `Cancelable` pins the future
     let future = unsafe { Pin::new_unchecked(&mut future) };
 
     // There are two `Rc<CancelHandle>` references now, so this fails.
author	Luca Casonato <hello@lcas.dev>	2022-06-26 00:13:24 +0200
committer	GitHub <noreply@github.com>	2022-06-26 00:13:24 +0200
commit	8d82ba729937baf83011354242cabc3d50c13dc2 (patch)
tree	3e8c4d87986338639eeef4a76543e4335020262c /core/async_cancel.rs
parent	38505db39137f33bfdb942658ea892a617ac0980 (diff)