Skip to content

Commit c8e532a

Browse files
padenotpadenot
committed
Add safety section to unsafe API function
1 parent 173a19f commit c8e532a

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

src/lib.rs

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -258,6 +258,10 @@ pub extern "C" fn atp_get_current_thread_info() -> *mut atp_thread_info {
258258
/// # Return value
259259
///
260260
/// 0 in case of success, 1 otherwise (if `thread_info` is NULL).
261+
///
262+
/// # Safety
263+
///
264+
/// This function is safe only and only if the pointer comes from this library, of if is null.
261265
#[no_mangle]
262266
pub unsafe extern "C" fn atp_free_thread_info(thread_info: *mut atp_thread_info) -> i32 {
263267
if thread_info.is_null() {
@@ -276,6 +280,11 @@ pub unsafe extern "C" fn atp_free_thread_info(thread_info: *mut atp_thread_info)
276280
///
277281
/// This call is useful on Linux desktop only, when the process is sandboxed, cannot promote itself
278282
/// directly, and the `atp_thread_info` struct must be passed via IPC.
283+
///
284+
/// # Safety
285+
///
286+
/// This function is safe only and only if the first pointer comes from this library, and the
287+
/// second pointer is at least ATP_THREAD_INFO_SIZE bytes long.
279288
#[no_mangle]
280289
pub unsafe extern "C" fn atp_serialize_thread_info(
281290
thread_info: *mut atp_thread_info,
@@ -294,6 +303,10 @@ pub unsafe extern "C" fn atp_serialize_thread_info(
294303
/// # Arguments
295304
///
296305
/// A byte buffer containing a serializezd `RtPriorityThreadInfo`.
306+
///
307+
/// # Safety
308+
///
309+
/// This function is safe only and only if pointer is at least ATP_THREAD_INFO_SIZE bytes long.
297310
#[no_mangle]
298311
pub unsafe extern "C" fn atp_deserialize_thread_info(
299312
in_bytes: *mut u8,
@@ -369,6 +382,10 @@ pub struct atp_thread_info(RtPriorityThreadInfo);
369382
/// # Return value
370383
///
371384
/// A pointer to an `atp_handle` in case of success, NULL otherwise.
385+
///
386+
/// # Safety
387+
///
388+
/// This function is safe as long as the first pointer comes from this library.
372389
#[no_mangle]
373390
pub unsafe extern "C" fn atp_promote_thread_to_real_time(
374391
thread_info: *mut atp_thread_info,
@@ -391,6 +408,10 @@ pub unsafe extern "C" fn atp_promote_thread_to_real_time(
391408
/// # Return value
392409
///
393410
/// 0 in case of success, non-zero otherwise.
411+
///
412+
/// # Safety
413+
///
414+
/// This function is safe as long as the first pointer comes from this library, or is null.
394415
#[no_mangle]
395416
pub unsafe extern "C" fn atp_demote_thread_from_real_time(thread_info: *mut atp_thread_info) -> i32 {
396417
if thread_info.is_null() {

0 commit comments

Comments
 (0)