theirongolddev/gitlore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(db): document safety invariants for sqlite-vec transmute

Browse Source 
Adds a SAFETY comment explaining why the transmute of sqlite3_vec_init
to the sqlite3_auto_extension callback type is sound. The three
invariants (stable C-ABI signature, single-call-per-connection contract,
idempotency) were previously undocumented, which left the lone unsafe
block without justification for future readers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Taylor Eernisse
2026-02-06 08:38:41 -05:00
parent 7eadae75f0
commit 03d9f8cce5
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/core/db.rs
View File

@@ -55,6 +55,13 @@ const MIGRATIONS: &[(&str, &str)] = &[
];
pub fn create_connection(db_path: &Path) -> Result<Connection> {
// SAFETY: `sqlite3_vec_init` is an extern "C" function provided by the sqlite-vec
// crate with the exact signature expected by `sqlite3_auto_extension`. The transmute
// converts the concrete function pointer to the `Option<unsafe extern "C" fn()>` type
// that the FFI expects. This is safe because:
// 1. The function is a C-ABI init callback with a stable signature.
// 2. SQLite calls it once per new connection, matching sqlite-vec's contract.
// 3. `sqlite3_auto_extension` is idempotent for the same function pointer.
#[allow(clippy::missing_transmute_annotations)]
unsafe {
rusqlite::ffi::sqlite3_auto_extension(Some(std::mem::transmute(