docs(db): document safety invariants for sqlite-vec transmute
Adds a SAFETY comment explaining why the transmute of sqlite3_vec_init to the sqlite3_auto_extension callback type is sound. The three invariants (stable C-ABI signature, single-call-per-connection contract, idempotency) were previously undocumented, which left the lone unsafe block without justification for future readers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Taylor Eernisse
@@ -55,6 +55,13 @@ const MIGRATIONS: &[(&str, &str)] = &[
|
||||
];
|
||||
|
||||
pub fn create_connection(db_path: &Path) -> Result<Connection> {
|
||||
// SAFETY: `sqlite3_vec_init` is an extern "C" function provided by the sqlite-vec
|
||||
// crate with the exact signature expected by `sqlite3_auto_extension`. The transmute
|
||||
// converts the concrete function pointer to the `Option<unsafe extern "C" fn()>` type
|
||||
// that the FFI expects. This is safe because:
|
||||
// 1. The function is a C-ABI init callback with a stable signature.
|
||||
// 2. SQLite calls it once per new connection, matching sqlite-vec's contract.
|
||||
// 3. `sqlite3_auto_extension` is idempotent for the same function pointer.
|
||||
#[allow(clippy::missing_transmute_annotations)]
|
||||
unsafe {
|
||||
rusqlite::ffi::sqlite3_auto_extension(Some(std::mem::transmute(
|
||||
|
||||
Reference in New Issue
Block a user