add comments about safety

TyPR124 · TyPR124 · commit 21975a1aaa68 · 2020-03-16T16:12:54.000-04:00
diff --git a/src/libstd/ffi/os_str.rs b/src/libstd/ffi/os_str.rs
@@ -525,11 +525,15 @@ impl OsStr {
 
     #[inline]
     fn from_inner(inner: &Slice) -> &OsStr {
+        // Safety: OsStr is just a wrapper of Slice,
+        // therefore converting &Slice to &OsStr is safe.
         unsafe { &*(inner as *const Slice as *const OsStr) }
     }
 
     #[inline]
     fn from_inner_mut(inner: &mut Slice) -> &mut OsStr {
+        // Safety: OsStr is just a wrapper of Slice,
+        // therefore converting &mut Slice to &mut OsStr is safe.
         unsafe { &mut *(inner as *mut Slice as *mut OsStr) }
     }
 
diff --git a/src/libstd/sys/windows/os_str.rs b/src/libstd/sys/windows/os_str.rs
@@ -77,11 +77,17 @@ impl Buf {
     }
 
     pub fn as_slice(&self) -> &Slice {
+        // Safety: Slice is just a wrapper for Wtf8,
+        // and as_slice returns &Wtf8. Therefore,
+        // transmute &Wtf8 to &Slice is safe.
         unsafe { mem::transmute(self.inner.as_slice()) }
     }
 
     #[inline]
     pub fn as_mut_slice(&mut self) -> &mut Slice {
+        // Safety: Slice is just a wrapper for Wtf8,
+        // and as_slice returns &Wtf8. Therefore,
+        // transmute &mut Wtf8 to &mut Slice is safe.
         unsafe { mem::transmute(self.inner.as_mut_slice()) }
     }
 
diff --git a/src/libstd/sys_common/os_str_bytes.rs b/src/libstd/sys_common/os_str_bytes.rs
@@ -106,11 +106,17 @@ impl Buf {
 
     #[inline]
     pub fn as_slice(&self) -> &Slice {
+        // Safety: Slice just wraps [u8],
+        // and &*self.inner is &[u8], therefore
+        // transmuting &[u8] to &Slice is safe.
         unsafe { mem::transmute(&*self.inner) }
     }
 
     #[inline]
     pub fn as_mut_slice(&mut self) -> &mut Slice {
+        // Safety: Slice just wraps [u8],
+        // and &mut *self.inner is &mut [u8], therefore
+        // transmuting &mut [u8] to &mut Slice is safe.
         unsafe { mem::transmute(&mut *self.inner) }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -525,11 +525,15 @@ impl OsStr {`
`525`	`525`
`526`	`526`	`#[inline]`
`527`	`527`	`fn from_inner(inner: &Slice) -> &OsStr {`
	`528`	`+ // Safety: OsStr is just a wrapper of Slice,`
	`529`	`+ // therefore converting &Slice to &OsStr is safe.`
`528`	`530`	`unsafe { &(inner as const Slice as *const OsStr) }`
`529`	`531`	`}`
`530`	`532`
`531`	`533`	`#[inline]`
`532`	`534`	`fn from_inner_mut(inner: &mut Slice) -> &mut OsStr {`
	`535`	`+ // Safety: OsStr is just a wrapper of Slice,`
	`536`	`+ // therefore converting &mut Slice to &mut OsStr is safe.`
`533`	`537`	`unsafe { &mut (inner as mut Slice as *mut OsStr) }`
`534`	`538`	`}`
`535`	`539`
Original file line number	Diff line number	Diff line change
`@@ -77,11 +77,17 @@ impl Buf {`
`77`	`77`	`}`
`78`	`78`
`79`	`79`	`pub fn as_slice(&self) -> &Slice {`
	`80`	`+ // Safety: Slice is just a wrapper for Wtf8,`
	`81`	`+ // and as_slice returns &Wtf8. Therefore,`
	`82`	`+ // transmute &Wtf8 to &Slice is safe.`
`80`	`83`	`unsafe { mem::transmute(self.inner.as_slice()) }`
`81`	`84`	`}`
`82`	`85`
`83`	`86`	`#[inline]`
`84`	`87`	`pub fn as_mut_slice(&mut self) -> &mut Slice {`
	`88`	`+ // Safety: Slice is just a wrapper for Wtf8,`
	`89`	`+ // and as_slice returns &Wtf8. Therefore,`
	`90`	`+ // transmute &mut Wtf8 to &mut Slice is safe.`
`85`	`91`	`unsafe { mem::transmute(self.inner.as_mut_slice()) }`
`86`	`92`	`}`
`87`	`93`