From c66789d572ab3d950bc187d3bca3bc0042023358 Mon Sep 17 00:00:00 2001 From: Flying-Toast <38232168+Flying-Toast@users.noreply.github.com> Date: Tue, 8 Sep 2020 22:26:44 -0400 Subject: [PATCH] Capitalize safety comments --- library/core/src/future/mod.rs | 2 +- library/core/src/iter/adapters/fuse.rs | 2 +- library/core/src/iter/adapters/mod.rs | 24 +++++++++++----------- library/core/src/iter/adapters/zip.rs | 2 +- library/core/src/lazy.rs | 8 ++++---- library/core/src/mem/maybe_uninit.rs | 4 ++-- library/core/src/num/mod.rs | 6 +++--- library/core/src/pin.rs | 2 +- library/core/src/slice/mod.rs | 2 +- library/std/src/alloc.rs | 2 +- library/std/src/ffi/c_str.rs | 4 ++-- library/std/src/ffi/os_str.rs | 4 ++-- library/std/src/lazy.rs | 6 +++--- library/std/src/sys/windows/os_str.rs | 4 ++-- library/std/src/sys_common/os_str_bytes.rs | 4 ++-- 15 files changed, 38 insertions(+), 38 deletions(-) diff --git a/library/core/src/future/mod.rs b/library/core/src/future/mod.rs index 8b3df76f71f..ddce0fe4b7d 100644 --- a/library/core/src/future/mod.rs +++ b/library/core/src/future/mod.rs @@ -71,7 +71,7 @@ impl> !Unpin for GenFuture {} impl> Future for GenFuture { type Output = T::Return; fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll { - // Safety: Safe because we're !Unpin + !Drop, and this is just a field projection. + // SAFETY: Safe because we're !Unpin + !Drop, and this is just a field projection. let gen = unsafe { Pin::map_unchecked_mut(self, |s| &mut s.0) }; // Resume the generator, turning the `&mut Context` into a `NonNull` raw pointer. The diff --git a/library/core/src/iter/adapters/fuse.rs b/library/core/src/iter/adapters/fuse.rs index 4185453ac5a..409f202780b 100644 --- a/library/core/src/iter/adapters/fuse.rs +++ b/library/core/src/iter/adapters/fuse.rs @@ -530,7 +530,7 @@ unsafe impl SourceIter for Fuse #[inline] unsafe fn as_inner(&mut self) -> &mut S { match self.iter { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements Some(ref mut iter) => unsafe { SourceIter::as_inner(iter) }, // SAFETY: the specialized iterator never sets `None` None => unsafe { intrinsics::unreachable() }, diff --git a/library/core/src/iter/adapters/mod.rs b/library/core/src/iter/adapters/mod.rs index b411222856e..ab27fe15a8e 100644 --- a/library/core/src/iter/adapters/mod.rs +++ b/library/core/src/iter/adapters/mod.rs @@ -1019,7 +1019,7 @@ unsafe impl SourceIter for Map #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -1168,7 +1168,7 @@ unsafe impl SourceIter for Filter #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -1312,7 +1312,7 @@ unsafe impl SourceIter for FilterMap #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -1550,7 +1550,7 @@ unsafe impl SourceIter for Enumerate #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -1848,7 +1848,7 @@ unsafe impl SourceIter for Peekable #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -1967,7 +1967,7 @@ unsafe impl SourceIter for SkipWhile #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -2102,7 +2102,7 @@ unsafe impl SourceIter for TakeWhile #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -2200,7 +2200,7 @@ unsafe impl SourceIter for MapWhile #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -2403,7 +2403,7 @@ unsafe impl SourceIter for Skip #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -2530,7 +2530,7 @@ unsafe impl SourceIter for Take #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -2712,7 +2712,7 @@ unsafe impl SourceIter for Scan #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } @@ -2879,7 +2879,7 @@ unsafe impl SourceIter for Inspect #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.iter) } } } diff --git a/library/core/src/iter/adapters/zip.rs b/library/core/src/iter/adapters/zip.rs index c1c90ec9a83..e02de0ce45d 100644 --- a/library/core/src/iter/adapters/zip.rs +++ b/library/core/src/iter/adapters/zip.rs @@ -343,7 +343,7 @@ unsafe impl SourceIter for Zip #[inline] unsafe fn as_inner(&mut self) -> &mut S { - // Safety: unsafe function forwarding to unsafe function with the same requirements + // SAFETY: unsafe function forwarding to unsafe function with the same requirements unsafe { SourceIter::as_inner(&mut self.a) } } } diff --git a/library/core/src/lazy.rs b/library/core/src/lazy.rs index 5cf7217ef11..2c517371c2c 100644 --- a/library/core/src/lazy.rs +++ b/library/core/src/lazy.rs @@ -92,7 +92,7 @@ pub const fn new() -> OnceCell { /// Returns `None` if the cell is empty. #[unstable(feature = "once_cell", issue = "74465")] pub fn get(&self) -> Option<&T> { - // Safety: Safe due to `inner`'s invariant + // SAFETY: Safe due to `inner`'s invariant unsafe { &*self.inner.get() }.as_ref() } @@ -101,7 +101,7 @@ pub fn get(&self) -> Option<&T> { /// Returns `None` if the cell is empty. #[unstable(feature = "once_cell", issue = "74465")] pub fn get_mut(&mut self) -> Option<&mut T> { - // Safety: Safe because we have unique access + // SAFETY: Safe because we have unique access unsafe { &mut *self.inner.get() }.as_mut() } @@ -129,13 +129,13 @@ pub fn get_mut(&mut self) -> Option<&mut T> { /// ``` #[unstable(feature = "once_cell", issue = "74465")] pub fn set(&self, value: T) -> Result<(), T> { - // Safety: Safe because we cannot have overlapping mutable borrows + // SAFETY: Safe because we cannot have overlapping mutable borrows let slot = unsafe { &*self.inner.get() }; if slot.is_some() { return Err(value); } - // Safety: This is the only place where we set the slot, no races + // SAFETY: This is the only place where we set the slot, no races // due to reentrancy/concurrency are possible, and we've // checked that slot is currently `None`, so this write // maintains the `inner`'s invariant. diff --git a/library/core/src/mem/maybe_uninit.rs b/library/core/src/mem/maybe_uninit.rs index b64abf68c5e..3a7489aa279 100644 --- a/library/core/src/mem/maybe_uninit.rs +++ b/library/core/src/mem/maybe_uninit.rs @@ -599,7 +599,7 @@ pub unsafe fn read(&self) -> T { /// // Now that our `MaybeUninit<_>` is known to be initialized, it is okay to /// // create a shared reference to it: /// let x: &Vec = unsafe { - /// // Safety: `x` has been initialized. + /// // SAFETY: `x` has been initialized. /// x.assume_init_ref() /// }; /// assert_eq!(x, &vec![1, 2, 3]); @@ -676,7 +676,7 @@ pub unsafe fn assume_init_ref(&self) -> &T { /// // To assert our buffer has been initialized without copying it, we upgrade /// // the `&mut MaybeUninit<[u8; 2048]>` to a `&mut [u8; 2048]`: /// let buf: &mut [u8; 2048] = unsafe { - /// // Safety: `buf` has been initialized. + /// // SAFETY: `buf` has been initialized. /// buf.assume_init_mut() /// }; /// diff --git a/library/core/src/num/mod.rs b/library/core/src/num/mod.rs index 757ad5252ba..2a936c1867d 100644 --- a/library/core/src/num/mod.rs +++ b/library/core/src/num/mod.rs @@ -124,7 +124,7 @@ impl BitOr for $Ty { type Output = Self; #[inline] fn bitor(self, rhs: Self) -> Self::Output { - // Safety: since `self` and `rhs` are both nonzero, the + // SAFETY: since `self` and `rhs` are both nonzero, the // result of the bitwise-or will be nonzero. unsafe { $Ty::new_unchecked(self.get() | rhs.get()) } } @@ -135,7 +135,7 @@ impl BitOr<$Int> for $Ty { type Output = Self; #[inline] fn bitor(self, rhs: $Int) -> Self::Output { - // Safety: since `self` is nonzero, the result of the + // SAFETY: since `self` is nonzero, the result of the // bitwise-or will be nonzero regardless of the value of // `rhs`. unsafe { $Ty::new_unchecked(self.get() | rhs) } @@ -147,7 +147,7 @@ impl BitOr<$Ty> for $Int { type Output = $Ty; #[inline] fn bitor(self, rhs: $Ty) -> Self::Output { - // Safety: since `rhs` is nonzero, the result of the + // SAFETY: since `rhs` is nonzero, the result of the // bitwise-or will be nonzero regardless of the value of // `self`. unsafe { $Ty::new_unchecked(self | rhs.get()) } diff --git a/library/core/src/pin.rs b/library/core/src/pin.rs index 3c3bb68c671..1cc1dfb0143 100644 --- a/library/core/src/pin.rs +++ b/library/core/src/pin.rs @@ -474,7 +474,7 @@ impl> Pin

{ #[stable(feature = "pin", since = "1.33.0")] #[inline(always)] pub fn new(pointer: P) -> Pin

{ - // Safety: the value pointed to is `Unpin`, and so has no requirements + // SAFETY: the value pointed to is `Unpin`, and so has no requirements // around pinning. unsafe { Pin::new_unchecked(pointer) } } diff --git a/library/core/src/slice/mod.rs b/library/core/src/slice/mod.rs index c274ddf81bb..ce3a17a0d28 100644 --- a/library/core/src/slice/mod.rs +++ b/library/core/src/slice/mod.rs @@ -3245,7 +3245,7 @@ fn is_ascii(s: &[u8]) -> bool { (word_ptr as usize) - (start as usize) == byte_pos ); - // Safety: We know `word_ptr` is properly aligned (because of + // SAFETY: We know `word_ptr` is properly aligned (because of // `align_offset`), and we know that we have enough bytes between `word_ptr` and the end let word = unsafe { word_ptr.read() }; if contains_nonascii(word) { diff --git a/library/std/src/alloc.rs b/library/std/src/alloc.rs index 64d8edf33bd..770c97899f0 100644 --- a/library/std/src/alloc.rs +++ b/library/std/src/alloc.rs @@ -149,7 +149,7 @@ fn alloc_impl(&mut self, layout: Layout, zeroed: bool) -> Result, } } - // Safety: Same as `AllocRef::grow` + // SAFETY: Same as `AllocRef::grow` #[inline] unsafe fn grow_impl( &mut self, diff --git a/library/std/src/ffi/c_str.rs b/library/std/src/ffi/c_str.rs index 51deb217c7c..13021738af1 100644 --- a/library/std/src/ffi/c_str.rs +++ b/library/std/src/ffi/c_str.rs @@ -881,13 +881,13 @@ fn from(v: Vec) -> CString { unsafe { // Transmute `Vec` to `Vec`. let v: Vec = { - // Safety: + // SAFETY: // - transmuting between `NonZeroU8` and `u8` is sound; // - `alloc::Layout == alloc::Layout`. let (ptr, len, cap): (*mut NonZeroU8, _, _) = Vec::into_raw_parts(v); Vec::from_raw_parts(ptr.cast::(), len, cap) }; - // Safety: `v` cannot contain null bytes, given the type-level + // SAFETY: `v` cannot contain null bytes, given the type-level // invariant of `NonZeroU8`. CString::from_vec_unchecked(v) } diff --git a/library/std/src/ffi/os_str.rs b/library/std/src/ffi/os_str.rs index e0be6d1c836..c83e996634c 100644 --- a/library/std/src/ffi/os_str.rs +++ b/library/std/src/ffi/os_str.rs @@ -510,14 +510,14 @@ pub fn new + ?Sized>(s: &S) -> &OsStr { #[inline] fn from_inner(inner: &Slice) -> &OsStr { - // Safety: OsStr is just a wrapper of Slice, + // SAFETY: OsStr is just a wrapper of Slice, // therefore converting &Slice to &OsStr is safe. unsafe { &*(inner as *const Slice as *const OsStr) } } #[inline] fn from_inner_mut(inner: &mut Slice) -> &mut OsStr { - // Safety: OsStr is just a wrapper of Slice, + // SAFETY: OsStr is just a wrapper of Slice, // therefore converting &mut Slice to &mut OsStr is safe. // Any method that mutates OsStr must be careful not to // break platform-specific encoding, in particular Wtf8 on Windows. diff --git a/library/std/src/lazy.rs b/library/std/src/lazy.rs index d171231b0f1..091e2091fb0 100644 --- a/library/std/src/lazy.rs +++ b/library/std/src/lazy.rs @@ -293,7 +293,7 @@ pub fn get_or_try_init(&self, f: F) -> Result<&T, E> debug_assert!(self.is_initialized()); - // Safety: The inner value has been initialized + // SAFETY: The inner value has been initialized Ok(unsafe { self.get_unchecked() }) } @@ -316,7 +316,7 @@ pub fn get_or_try_init(&self, f: F) -> Result<&T, E> /// ``` #[unstable(feature = "once_cell", issue = "74465")] pub fn into_inner(mut self) -> Option { - // Safety: Safe because we immediately free `self` without dropping + // SAFETY: Safe because we immediately free `self` without dropping let inner = unsafe { self.take_inner() }; // Don't drop this `SyncOnceCell`. We just moved out one of the fields, but didn't set @@ -416,7 +416,7 @@ unsafe fn get_unchecked_mut(&mut self) -> &mut T { unsafe impl<#[may_dangle] T> Drop for SyncOnceCell { fn drop(&mut self) { - // Safety: The cell is being dropped, so it can't be accessed again. + // SAFETY: The cell is being dropped, so it can't be accessed again. // We also don't touch the `T`, which validates our usage of #[may_dangle]. unsafe { self.take_inner() }; } diff --git a/library/std/src/sys/windows/os_str.rs b/library/std/src/sys/windows/os_str.rs index 2f5fc72ab44..7e09a4fd561 100644 --- a/library/std/src/sys/windows/os_str.rs +++ b/library/std/src/sys/windows/os_str.rs @@ -77,14 +77,14 @@ pub fn from_string(s: String) -> Buf { } pub fn as_slice(&self) -> &Slice { - // Safety: Slice is just a wrapper for Wtf8, + // SAFETY: Slice is just a wrapper for Wtf8, // and self.inner.as_slice() returns &Wtf8. // Therefore, transmuting &Wtf8 to &Slice is safe. unsafe { mem::transmute(self.inner.as_slice()) } } pub fn as_mut_slice(&mut self) -> &mut Slice { - // Safety: Slice is just a wrapper for Wtf8, + // SAFETY: Slice is just a wrapper for Wtf8, // and self.inner.as_mut_slice() returns &mut Wtf8. // Therefore, transmuting &mut Wtf8 to &mut Slice is safe. // Additionally, care should be taken to ensure the slice diff --git a/library/std/src/sys_common/os_str_bytes.rs b/library/std/src/sys_common/os_str_bytes.rs index 323165cda6b..497e5fc7bdd 100644 --- a/library/std/src/sys_common/os_str_bytes.rs +++ b/library/std/src/sys_common/os_str_bytes.rs @@ -106,7 +106,7 @@ pub fn shrink_to(&mut self, min_capacity: usize) { #[inline] pub fn as_slice(&self) -> &Slice { - // Safety: Slice just wraps [u8], + // SAFETY: Slice just wraps [u8], // and &*self.inner is &[u8], therefore // transmuting &[u8] to &Slice is safe. unsafe { mem::transmute(&*self.inner) } @@ -114,7 +114,7 @@ pub fn as_slice(&self) -> &Slice { #[inline] pub fn as_mut_slice(&mut self) -> &mut Slice { - // Safety: Slice just wraps [u8], + // SAFETY: Slice just wraps [u8], // and &mut *self.inner is &mut [u8], therefore // transmuting &mut [u8] to &mut Slice is safe. unsafe { mem::transmute(&mut *self.inner) } -- 2.44.0