Add safety docs sections to unsafe functions

Twinklebear · Oct 25, 2022 · ec149c6 · ec149c6
1 parent 0d5425a
commit ec149c6
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/runtime/src/exec.rs b/runtime/src/exec.rs
@@ -26,6 +26,11 @@ pub trait TaskSystem {
     /// The `handle_ptr` should be set to some context tracking facility so that you can later
     /// track task groups launched in the context and perform finer grained synchronization in
     /// `sync`.
+    ///
+    /// # Safety
+    /// This function is unsafe as it is called directly from ISPC and must work with
+    /// the raw pointers passed from ISPC to perform the allocation. Your implementation of the
+    /// allocation operations can be safe internally depending on how you choose to implement it.
     unsafe fn alloc(
         &self,
         handle_ptr: *mut *mut libc::c_void,
@@ -55,6 +60,10 @@ pub trait TaskSystem {
     ///     }
     /// }
     /// ```
+    ///
+    /// # Safety
+    /// This function is unsafe as it is called directly from ISPC and must operate on the raw
+    /// pointers passed by ISPC.
     unsafe fn launch(
         &self,
         handle_ptr: *mut *mut libc::c_void,
@@ -70,6 +79,10 @@ pub trait TaskSystem {
     /// This function should not return until all tasks launched within the context being
     /// synchronized with have been completed. You can use the `handle` to determine which context
     /// is being synchronized with and thus which tasks must be completed before returning.
+    ///
+    /// # Safety
+    /// This function is unsafe as it is called directly from ISPC and must operate on the raw
+    /// pointers passed by ISPC.
     unsafe fn sync(&self, handle: *mut libc::c_void);
 }
 

diff --git a/runtime/src/task.rs b/runtime/src/task.rs
@@ -86,6 +86,10 @@ impl Context {
         self.tasks.read().unwrap().iter().all(|t| t.is_finished())
     }
     /// Allocate some memory for this Context's task groups, returns a pointer to the allocated memory.
+    ///
+    /// # Safety
+    /// This function is unsafe as it is used to perform a raw memory allocation to be passed back
+    /// to ISPC
     pub unsafe fn alloc(&self, size: usize, align: usize) -> *mut libc::c_void {
         // TODO: The README for this lib mentions it may be slow. Maybe use some other allocator?
         let layout = std::alloc::Layout::from_size_align(size as usize, align as usize)