From b1efa5b26bc66091c6d89cb569d8bbca191bc0da Mon Sep 17 00:00:00 2001
From: Wei Liu <liuwe@microsoft.com>
Date: Wed, 16 Nov 2022 21:22:45 +0000
Subject: [PATCH] event_monitor: add safety comments

Signed-off-by: Wei Liu <liuwe@microsoft.com>
---
 event_monitor/src/lib.rs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/event_monitor/src/lib.rs b/event_monitor/src/lib.rs
index 20091f1d4..245f40c11 100644
--- a/event_monitor/src/lib.rs
+++ b/event_monitor/src/lib.rs
@@ -16,8 +16,10 @@ static mut MONITOR: Option<(File, Instant)> = None;
 /// This function must only be called once from the main process before any threads
 /// are created to avoid race conditions
 pub fn set_monitor(file: File) -> Result<(), std::io::Error> {
+    // SAFETY: there is only one caller of this function, so MONITOR is written to only once
     assert!(unsafe { MONITOR.is_none() });
     let fd = file.as_raw_fd();
+    // SAFETY: FFI call to configure the fd
     let ret = unsafe {
         let mut flags = libc::fcntl(fd, libc::F_GETFL);
         flags |= libc::O_NONBLOCK;
@@ -26,6 +28,7 @@ pub fn set_monitor(file: File) -> Result<(), std::io::Error> {
     if ret < 0 {
         return Err(std::io::Error::last_os_error());
     }
+    // SAFETY: MONITOR is None. Nobody else can hold a reference to it.
     unsafe {
         MONITOR = Some((file, Instant::now()));
     };
@@ -41,6 +44,7 @@ struct Event<'a> {
 }
 
 pub fn event_log(source: &str, event: &str, properties: Option<&HashMap<Cow<str>, Cow<str>>>) {
+    // SAFETY: MONITOR is always in a valid state (None or Some).
     if let Some((file, start)) = unsafe { MONITOR.as_ref() } {
         let e = Event {
             timestamp: start.elapsed(),