build: require safety comments on unsafe code (#13870)

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
author: Luca Casonato <hello@lcas.dev> 2022-06-26 00:13:24 +0200
committer: GitHub <noreply@github.com> 2022-06-26 00:13:24 +0200
commit: 8d82ba729937baf83011354242cabc3d50c13dc2 (patch)
tree: 3e8c4d87986338639eeef4a76543e4335020262c /core/runtime.rs
parent: 38505db39137f33bfdb942658ea892a617ac0980 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/core/runtime.rs b/core/runtime.rs
index f82f06207..7cb556fd3 100644
--- a/core/runtime.rs
+++ b/core/runtime.rs
@@ -333,6 +333,9 @@ impl JsRuntime {
       assert!(options.startup_snapshot.is_none());
       let mut creator =
         v8::SnapshotCreator::new(Some(&bindings::EXTERNAL_REFERENCES));
+      // SAFETY: `get_owned_isolate` is unsafe because it may only be called
+      // once. This is the only place we call this function, so this call is
+      // safe.
       let isolate = unsafe { creator.get_owned_isolate() };
       let mut isolate = JsRuntime::setup_isolate(isolate);
       {
@@ -1028,6 +1031,8 @@ extern "C" fn near_heap_limit_callback<F>(
 where
   F: FnMut(usize, usize) -> usize,
 {
+  // SAFETY: The data is a pointer to the Rust callback function. It is stored
+  // in `JsRuntime::allocations` and thus is guaranteed to outlive the isolate.
   let callback = unsafe { &mut *(data as *mut F) };
   callback(current_heap_limit, initial_heap_limit)
 }
author	Luca Casonato <hello@lcas.dev>	2022-06-26 00:13:24 +0200
committer	GitHub <noreply@github.com>	2022-06-26 00:13:24 +0200
commit	8d82ba729937baf83011354242cabc3d50c13dc2 (patch)
tree	3e8c4d87986338639eeef4a76543e4335020262c /core/runtime.rs
parent	38505db39137f33bfdb942658ea892a617ac0980 (diff)