Home
last modified time | relevance | path

Searched full:safety (Results 1 – 25 of 504) sorted by relevance

12345678910>>...21

/openbmc/linux/Documentation/translations/zh_CN/rust/
H A Dcoding-guidelines.rst53 此外,就像文档一样,注释在句子的开头要大写,并以句号结束(即使是单句)。这包括 ``// SAFETY:``,
80 一种特殊的注释是 ``// SAFETY:`` 注释。这些注释必须出现在每个 ``unsafe`` 块之前,它们
85 // SAFETY: `p` is valid by the safety requirements.
88 ``// SAFETY:`` 注释不能与代码文档中的 ``# Safety`` 部分相混淆。 ``# Safety`` 部
90 ``// SAFETY:`` 注释显示了为什么一个(函数)调用者或(特性)实现者实际上尊重了
91 ``# Safety`` 部分或语言参考中的前提条件。
111 /// # Safety
127 // SAFETY: The safety contract must be upheld by the caller.
137 - 不安全的函数必须在 ``# Safety`` 部分记录其安全前提条件。
150 - 任何 ``unsafe`` 的代码块都必须在前面加上一个 ``// SAFETY:`` 的注释,描述里面
/openbmc/linux/rust/kernel/
H A Dallocator.rs14 /// # Safety
34 // SAFETY: in krealloc_aligned()
36 // function safety requirement. in krealloc_aligned()
38 // according to the function safety requirement) or a result from `next_power_of_two()`. in krealloc_aligned()
44 // SAFETY: `ptr::null_mut()` is null and `layout` has a non-zero size by the function safety in alloc()
56 // SAFETY: in realloc()
58 // overflow `isize` by the function safety requirement. in realloc()
62 // SAFETY: in realloc()
63 // - `ptr` is either null or a pointer allocated by this allocator by the function safety in realloc()
65 // - the size of `layout` is not zero because `new_size` is not zero by the function safety in realloc()
[all …]
H A Dtask.rs14 // SAFETY: Deref + addr-of below create a temporary `TaskRef` that cannot outlive the
67 // SAFETY: By design, the only way to access a `Task` is via the `current` function or via an
73 // SAFETY: It's OK to access `Task` through shared references from other threads because we're
87 /// # Safety
104 // SAFETY: Just an FFI call with no additional safety requirements. in current()
108 // SAFETY: If the current thread is still running, the current task is valid. Given in current()
118 // SAFETY: By the type invariant, we know that `self.0` is a valid task. Valid tasks always in group_leader()
122 // SAFETY: The lifetime of the returned task reference is tied to the lifetime of `self`, in group_leader()
130 // SAFETY: By the type invariant, we know that `self.0` is a valid task. Valid tasks always in pid()
137 // SAFETY: By the type invariant, we know that `self.0` is valid. in signal_pending()
[all …]
H A Dstr.rs75 // SAFETY: This is one of the invariant of `CStr`. in len_with_nul()
92 /// # Safety
99 // SAFETY: The safety precondition guarantees `ptr` is a valid pointer in from_char_ptr()
102 // SAFETY: Lifetime guaranteed by the safety precondition. in from_char_ptr()
104 // SAFETY: As `len` is returned by `strlen`, `bytes` does not contain interior `NUL`. in from_char_ptr()
129 // SAFETY: We just checked that all properties hold. in from_bytes_with_nul()
136 /// # Safety
142 // SAFETY: Properties of `bytes` guaranteed by the safety precondition. in from_bytes_with_nul_unchecked()
185 /// # Safety
194 /// // SAFETY: String literals are guaranteed to be valid UTF-8
[all …]
H A Dtypes.rs34 /// # Safety
42 /// # Safety
59 // SAFETY: The safety requirements for this function ensure that the object is still alive, in borrow()
61 // The safety requirements of `from_foreign` also ensure that the object remains alive for in borrow()
67 // SAFETY: The safety requirements of this function ensure that `ptr` comes from a previous in from_foreign()
240 // SAFETY: We contain a `MaybeUninit`, so it is OK for the `init_func` to not fully in ffi_init()
274 /// # Safety
290 /// # Safety
315 // SAFETY: It is safe to send `ARef<T>` to another thread when the underlying `T` is `Sync` because
321 // SAFETY: It is safe to send `&ARef<T>` to another thread when the underlying `T` is `Sync`
[all …]
H A Dinit.rs154 //! // SAFETY:
184 //! // SAFETY: Since `foo` is initialized, destroying is safe.
649 /// The syntax is identical to [`pin_init!`] and its safety caveats also apply:
686 /// The safety caveats from [`try_pin_init!`] also apply:
752 /// # Safety
771 /// # Safety
829 // SAFETY: The `__pinned_init` function is implemented such that it
839 // SAFETY: All requirements fulfilled since this function is `__pinned_init`. in __pinned_init()
841 // SAFETY: The above call initialized `slot` and we still have unique access. in __pinned_init()
843 // SAFETY: `slot` is considered pinned. in __pinned_init()
[all …]
H A Dkunit.rs16 // SAFETY: The format string is null-terminated and the `%pA` specifier matches the argument we in err()
32 // SAFETY: The format string is null-terminated and the `%pA` specifier matches the argument we in info()
63 // SAFETY: FFI call without safety requirements.
92 // SAFETY: There is only a static instance and in that one the pointer field points to
96 // SAFETY: There is only a static instance and in that one the pointer field points to
110 // SAFETY:
139 // SAFETY: FFI call; the `test` pointer is valid because this hidden macro should only
H A Derror.rs119 /// # Safety
136 // SAFETY: `self.0` is a valid error due to its invariant. in to_ptr()
143 // SAFETY: Just an FFI call, there are no extra safety requirements. in name()
148 // SAFETY: The string returned by `errname` is static and `NUL`-terminated. in name()
169 // SAFETY: These strings are ASCII-only. in fmt()
267 /// // SAFETY: FFI call.
281 // SAFETY: The FFI function does not deref the pointer. in from_err_ptr()
283 // SAFETY: The FFI function does not deref the pointer. in from_err_ptr()
292 // SAFETY: `IS_ERR()` ensures `err` is a in from_err_ptr()
/openbmc/linux/rust/kernel/sync/
H A Dlock.rs21 /// # Safety
36 /// # Safety
48 /// # Safety
56 /// # Safety
63 /// # Safety
68 // SAFETY: The safety requirements ensure that the lock is initialised. in relock()
93 // SAFETY: `Lock` can be transferred across thread boundaries iff the data it protects can.
96 // SAFETY: `Lock` serialises the interior mutability it provides, so it is `Sync` as long as the
107 // SAFETY: `slot` is valid while the closure is called and both `name` and `key` have in new()
119 // SAFETY: The constructor of the type calls `init`, so the existence of the object proves in lock()
[all …]
H A Darc.rs150 // SAFETY: It is safe to send `Arc<T>` to another thread when the underlying `T` is `Sync` because
156 // SAFETY: It is safe to send `&Arc<T>` to another thread when the underlying `T` is `Sync`
168 // SAFETY: There are no safety requirements for this FFI call. in try_new()
175 // SAFETY: We just created `inner` with a reference count of 1, which is owned by the new in try_new()
206 /// # Safety
211 // INVARIANT: By the safety requirements, the invariants hold. in from_inner()
224 // SAFETY: The constraint that the lifetime of the shared reference must outlive that of in as_arc_borrow()
244 // SAFETY: By the safety requirement of this function, we know that `ptr` came from in borrow()
248 // SAFETY: The safety requirements of `from_foreign` ensure that the object remains alive in borrow()
254 // SAFETY: By the safety requirement of this function, we know that `ptr` came from in from_foreign()
[all …]
H A Dcondvar.rs84 // SAFETY: `CondVar` only uses a `struct wait_queue_head`, which is safe to use on any thread.
88 // SAFETY: `CondVar` only uses a `struct wait_queue_head`, which is safe to use on multiple threads
98 // SAFETY: `slot` is valid while the closure is called and both `name` and `key` have in new()
109 // SAFETY: `wait` points to valid memory. in wait_internal()
112 // SAFETY: Both `wait` and `wait_list` point to valid memory. in wait_internal()
117 // SAFETY: No arguments, switches to another thread. in wait_internal()
120 // SAFETY: Both `wait` and `wait_list` point to valid memory. in wait_internal()
148 // SAFETY: `wait_list` points to valid memory. in notify()
/openbmc/linux/Documentation/rust/
H A Dcoding-guidelines.rst58 includes ``// SAFETY:``, ``// TODO:`` and other "tagged" comments, e.g.:
88 One special kind of comments are the ``// SAFETY:`` comments. These must appear
94 // SAFETY: `p` is valid by the safety requirements.
97 ``// SAFETY:`` comments are not to be confused with the ``# Safety`` sections
98 in code documentation. ``# Safety`` sections specify the contract that callers
99 (for functions) or implementors (for traits) need to abide by. ``// SAFETY:``
101 respects the preconditions stated in a ``# Safety`` section or the language
124 /// # Safety
140 // SAFETY: The safety contract must be upheld by the caller.
151 - Unsafe functions must document their safety preconditions under
[all …]
/openbmc/linux/rust/kernel/init/
H A D__internal.rs19 /// type, since the closure needs to fulfill the same safety requirement as the
23 // SAFETY: While constructing the `InitClosure`, the user promised that it upholds the
35 // SAFETY: While constructing the `InitClosure`, the user promised that it upholds the
50 /// # Safety
61 /// # Safety
79 /// # Safety
90 /// # Safety
143 // SAFETY: As we are being dropped, we only call this once. And since `self.is_init` is in drop()
166 // SAFETY: We never move out of `this`. in init()
169 // the memory (this is a safety guarantee of `Pin`). in init()
[all …]
/openbmc/qemu/rust/qemu-api/src/
H A Dqom.rs125 /// # Safety
132 // SAFETY: it is always safe to cast to your own type
138 /// # Safety
148 // SAFETY: it is the caller responsibility to have $parent as the
154 // SAFETY: follows the same rules as for IsA<U>, which is
212 // SAFETY: obj is an instance of T, since rust_instance_init<T> in rust_instance_init()
222 // SAFETY: obj is an instance of T, since rust_instance_post_init<T> in rust_instance_post_init()
235 // SAFETY: klass is a T::Class, since rust_class_init<T> in rust_class_init()
242 // SAFETY: obj is an instance of T, since drop_object<T> is called in drop_object()
246 // implement the unsafe trait ObjectType; the safety rules for the in drop_object()
[all …]
H A Dtimer.rs38 /// # Safety
43 // SAFETY: requirements relayed to callers of Timer::new in new()
65 // SAFETY: the opaque was passed as a reference to `T`. in init_full()
71 // SAFETY: the opaque outlives the timer in init_full()
90 // SAFETY: the only way to obtain a Timer safely is via methods that in modify()
96 // SAFETY: the only way to obtain a Timer safely is via methods that in delete()
115 // SAFETY: cannot be created outside this module, therefore id in get_ns()
H A Dchardev.rs77 // SAFETY: accessed just to print the values in fmt()
113 // SAFETY: the values are safe according to the contract of in enable_handlers()
125 // SAFETY: the values are safe according to the contract of in enable_handlers()
136 // SAFETY: the values are safe according to the contract of in enable_handlers()
156 // SAFETY: the borrow promises that the BQL is taken in enable_handlers()
174 // SAFETY: the borrow promises that the BQL is taken in disable_handlers()
192 // SAFETY: the borrow promises that the BQL is taken in accept_input()
209 // SAFETY: the borrow promises that the BQL is taken in send_break()
230 // SAFETY: qemu_chr_fe_write is thread-safe in write()
244 // SAFETY: qemu_chr_fe_write_all is thread-safe in write_all()
H A Dlib.rs123 // SAFETY: g_malloc0() is safe to call. in alloc()
128 // SAFETY: g_aligned_alloc0() is safe to call. in alloc()
140 // SAFETY: qemu_memalign() is safe to call. in alloc()
149 // SAFETY: `ptr` must have been allocated by Self::alloc thus a valid in dealloc()
155 // SAFETY: `ptr` must have been allocated by Self::alloc thus a valid aligned in dealloc()
161 // SAFETY: `ptr` must have been allocated by Self::alloc thus a valid aligned in dealloc()
H A Dcell.rs32 //! Rust memory safety is based on this rule: Given an object `T`, it is only
55 //! maintaining Rust's safety guarantees. For this reason, unlike
60 //! release builds, providing runtime safety during development with no overhead
74 //! thread-safety issues.
153 //! safety by modifying memory even if it is shared. Furthermore, C structs
161 //! require `unsafe` blocks, making it clear where safety guarantees must be
229 // SAFETY: integration tests are run with --test-threads=1, while in bql_start_test()
239 // SAFETY: the function does nothing but return a thread-local bool in bql_locked()
245 // SAFETY: this only adjusts a counter in bql_block_unlock()
262 // SAFETY: Same as for std::sync::Mutex. In the end this *is* a Mutex,
[all …]
H A Dbindings.rs26 // SAFETY: these are implemented in C; the bindings need to assert that the
33 // SAFETY: this is a pure data struct
37 // SAFETY: these are constants and vtables; the Send and Sync requirements
/openbmc/linux/rust/alloc/
H A Dalloc.rs69 /// # Safety
113 /// # Safety
131 /// # Safety
150 /// # Safety
181 // SAFETY: `layout` is non-zero in size, in alloc_impl()
190 // SAFETY: Same as `Allocator::grow`
207 // SAFETY: `new_size` is non-zero as `old_size` is greater than or equal to `new_size` in grow_impl()
208 // as required by safety conditions. Other conditions must be upheld by the caller in grow_impl()
223 // SAFETY: because `new_layout.size()` must be greater than or equal to `old_size`, in grow_impl()
226 // `new_ptr`. Thus, the call to `copy_nonoverlapping` is safe. The safety contract in grow_impl()
[all …]
/openbmc/linux/rust/kernel/sync/lock/
H A Dspinlock.rs91 // SAFETY: The underlying kernel `spinlock_t` object ensures mutual exclusion. `relock` uses the
102 // SAFETY: The safety requirements ensure that `ptr` is valid for writes, and `name` and in init()
108 // SAFETY: The safety requirements of this function ensure that `ptr` points to valid in lock()
114 // SAFETY: The safety requirements of this function ensure that `ptr` is valid and that the in unlock()
H A Dmutex.rs93 // SAFETY: The underlying kernel `struct mutex` object ensures mutual exclusion.
103 // SAFETY: The safety requirements ensure that `ptr` is valid for writes, and `name` and in init()
109 // SAFETY: The safety requirements of this function ensure that `ptr` points to valid in lock()
115 // SAFETY: The safety requirements of this function ensure that `ptr` is valid and that the in unlock()
/openbmc/linux/rust/macros/
H A Dmodule.rs202 // SAFETY: `__this_module` is constructed by the kernel at load time and will not be in module()
234 /// # Safety in module()
243 // SAFETY: This function is inaccessible to the outside due to the double in module()
253 // SAFETY: in module()
285 // SAFETY: This function is inaccessible to the outside due to the double in module()
295 // SAFETY: in module()
304 /// # Safety in module()
310 // SAFETY: No data race, since `__MOD` can only be accessed by this in module()
325 /// # Safety in module()
331 // SAFETY: No data race, since `__MOD` can only be accessed by this module in module()
/openbmc/linux/arch/arm/mm/
H A Dproc-sa110.S95 mov r0, r0 @ safety
96 mov r0, r0 @ safety
97 mov r0, r0 @ safety
99 mov r0, r0 @ safety
100 mov r0, r0 @ safety
101 mov r0, r0 @ safety
/openbmc/linux/rust/alloc/vec/
H A Dinto_iter.rs151 // SAFETY: This allocation originally came from a `Vec`, so it passes in into_vecdeque()
226 // SAFETY: the min() above ensures that step_size is in bounds in advance_by()
229 // SAFETY: the min() above ensures that step_size is in bounds in advance_by()
250 // Safety: ZSTs can be conjured ex nihilo, only the amount has to be correct
255 // Safety: ditto
260 … // Safety: `len` indicates that this many elements are available and we just checked that
269 // Safety: `len` is larger than the array size. Copy a fixed amount here to fully initialize
282 // SAFETY: the caller must guarantee that `i` is in bounds of the in __iterator_get_unchecked()
319 // SAFETY: same as for advance_by() in advance_back_by()
322 // SAFETY: same as for advance_by() in advance_back_by()
[all …]

12345678910>>...21