Capitalize safety comments

compiler/rustc_data_structures/src/temp_dir.rs

@@ -12,7 +12,7 @@ pub struct MaybeTempDir {
 
 impl Drop for MaybeTempDir {
     fn drop(&mut self) {
-        // Safety: We are in the destructor, and no further access will
+        // SAFETY: We are in the destructor, and no further access will
         // occur.
         let dir = unsafe { ManuallyDrop::take(&mut self.dir) };
         if self.keep {

library/alloc/src/alloc.rs

@@ -157,7 +157,7 @@ impl Global {
         }
     }
 
-    // Safety: Same as `AllocRef::grow`
+    // SAFETY: Same as `AllocRef::grow`
     #[inline]
     unsafe fn grow_impl(
         &mut self,

library/alloc/src/collections/vec_deque.rs

@@ -2392,7 +2392,7 @@ impl<T> VecDeque<T> {
         }
     }
 
-    // Safety: the following two methods require that the rotation amount
+    // SAFETY: the following two methods require that the rotation amount
     // be less than half the length of the deque.
     //
     // `wrap_copy` requires that `min(x, cap() - x) + copy_len <= cap()`,

library/core/src/future/mod.rs

@@ -71,7 +71,7 @@ where
     impl<T: Generator<ResumeTy, Yield = ()>> Future for GenFuture<T> {
         type Output = T::Return;
         fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
-            // Safety: Safe because we're !Unpin + !Drop, and this is just a field projection.
+            // SAFETY: Safe because we're !Unpin + !Drop, and this is just a field projection.
             let gen = unsafe { Pin::map_unchecked_mut(self, |s| &mut s.0) };
 
             // Resume the generator, turning the `&mut Context` into a `NonNull` raw pointer. The

library/core/src/iter/adapters/fuse.rs

@@ -530,7 +530,7 @@ where
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
         match self.iter {
-            // Safety: unsafe function forwarding to unsafe function with the same requirements
+            // SAFETY: unsafe function forwarding to unsafe function with the same requirements
             Some(ref mut iter) => unsafe { SourceIter::as_inner(iter) },
             // SAFETY: the specialized iterator never sets `None`
             None => unsafe { intrinsics::unreachable() },

library/core/src/iter/adapters/mod.rs

@@ -1019,7 +1019,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -1168,7 +1168,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -1312,7 +1312,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -1550,7 +1550,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -1848,7 +1848,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -1967,7 +1967,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -2102,7 +2102,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -2200,7 +2200,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -2403,7 +2403,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -2530,7 +2530,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -2712,7 +2712,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }
@@ -2879,7 +2879,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.iter) }
     }
 }

library/core/src/iter/adapters/zip.rs

@@ -343,7 +343,7 @@ where
 
     #[inline]
     unsafe fn as_inner(&mut self) -> &mut S {
-        // Safety: unsafe function forwarding to unsafe function with the same requirements
+        // SAFETY: unsafe function forwarding to unsafe function with the same requirements
         unsafe { SourceIter::as_inner(&mut self.a) }
     }
 }

library/core/src/lazy.rs

@@ -92,7 +92,7 @@ impl<T> OnceCell<T> {
     /// Returns `None` if the cell is empty.
     #[unstable(feature = "once_cell", issue = "74465")]
     pub fn get(&self) -> Option<&T> {
-        // Safety: Safe due to `inner`'s invariant
+        // SAFETY: Safe due to `inner`'s invariant
         unsafe { &*self.inner.get() }.as_ref()
     }
 
@@ -101,7 +101,7 @@ impl<T> OnceCell<T> {
     /// Returns `None` if the cell is empty.
     #[unstable(feature = "once_cell", issue = "74465")]
     pub fn get_mut(&mut self) -> Option<&mut T> {
-        // Safety: Safe because we have unique access
+        // SAFETY: Safe because we have unique access
         unsafe { &mut *self.inner.get() }.as_mut()
     }
 
@@ -129,13 +129,13 @@ impl<T> OnceCell<T> {
     /// ```
     #[unstable(feature = "once_cell", issue = "74465")]
     pub fn set(&self, value: T) -> Result<(), T> {
-        // Safety: Safe because we cannot have overlapping mutable borrows
+        // SAFETY: Safe because we cannot have overlapping mutable borrows
         let slot = unsafe { &*self.inner.get() };
         if slot.is_some() {
             return Err(value);
         }
 
-        // Safety: This is the only place where we set the slot, no races
+        // SAFETY: This is the only place where we set the slot, no races
         // due to reentrancy/concurrency are possible, and we've
         // checked that slot is currently `None`, so this write
         // maintains the `inner`'s invariant.

library/core/src/mem/maybe_uninit.rs

@@ -599,7 +599,7 @@ impl<T> MaybeUninit<T> {
     /// // Now that our `MaybeUninit<_>` is known to be initialized, it is okay to
     /// // create a shared reference to it:
     /// let x: &Vec<u32> = unsafe {
-    ///     // Safety: `x` has been initialized.
+    ///     // SAFETY: `x` has been initialized.
     ///     x.assume_init_ref()
     /// };
     /// assert_eq!(x, &vec![1, 2, 3]);
@@ -676,7 +676,7 @@ impl<T> MaybeUninit<T> {
     /// // To assert our buffer has been initialized without copying it, we upgrade
     /// // the `&mut MaybeUninit<[u8; 2048]>` to a `&mut [u8; 2048]`:
     /// let buf: &mut [u8; 2048] = unsafe {
-    ///     // Safety: `buf` has been initialized.
+    ///     // SAFETY: `buf` has been initialized.
     ///     buf.assume_init_mut()
     /// };
     ///

library/core/src/num/mod.rs

@@ -124,7 +124,7 @@ assert_eq!(size_of::<Option<core::num::", stringify!($Ty), ">>(), size_of::<", s
                 type Output = Self;
                 #[inline]
                 fn bitor(self, rhs: Self) -> Self::Output {
-                    // Safety: since `self` and `rhs` are both nonzero, the
+                    // SAFETY: since `self` and `rhs` are both nonzero, the
                     // result of the bitwise-or will be nonzero.
                     unsafe { $Ty::new_unchecked(self.get() | rhs.get()) }
                 }
@@ -135,7 +135,7 @@ assert_eq!(size_of::<Option<core::num::", stringify!($Ty), ">>(), size_of::<", s
                 type Output = Self;
                 #[inline]
                 fn bitor(self, rhs: $Int) -> Self::Output {
-                    // Safety: since `self` is nonzero, the result of the
+                    // SAFETY: since `self` is nonzero, the result of the
                     // bitwise-or will be nonzero regardless of the value of
                     // `rhs`.
                     unsafe { $Ty::new_unchecked(self.get() | rhs) }
@@ -147,7 +147,7 @@ assert_eq!(size_of::<Option<core::num::", stringify!($Ty), ">>(), size_of::<", s
                 type Output = $Ty;
                 #[inline]
                 fn bitor(self, rhs: $Ty) -> Self::Output {
-                    // Safety: since `rhs` is nonzero, the result of the
+                    // SAFETY: since `rhs` is nonzero, the result of the
                     // bitwise-or will be nonzero regardless of the value of
                     // `self`.
                     unsafe { $Ty::new_unchecked(self | rhs.get()) }

library/core/src/pin.rs

@@ -474,7 +474,7 @@ impl<P: Deref<Target: Unpin>> Pin<P> {
     #[stable(feature = "pin", since = "1.33.0")]
     #[inline(always)]
     pub fn new(pointer: P) -> Pin<P> {
-        // Safety: the value pointed to is `Unpin`, and so has no requirements
+        // SAFETY: the value pointed to is `Unpin`, and so has no requirements
         // around pinning.
         unsafe { Pin::new_unchecked(pointer) }
     }

library/core/src/slice/mod.rs

@@ -3245,7 +3245,7 @@ fn is_ascii(s: &[u8]) -> bool {
             (word_ptr as usize) - (start as usize) == byte_pos
         );
 
-        // Safety: We know `word_ptr` is properly aligned (because of
+        // SAFETY: We know `word_ptr` is properly aligned (because of
         // `align_offset`), and we know that we have enough bytes between `word_ptr` and the end
         let word = unsafe { word_ptr.read() };
         if contains_nonascii(word) {

library/std/src/alloc.rs

@@ -149,7 +149,7 @@ impl System {
         }
     }
 
-    // Safety: Same as `AllocRef::grow`
+    // SAFETY: Same as `AllocRef::grow`
     #[inline]
     unsafe fn grow_impl(
         &mut self,

library/std/src/ffi/c_str.rs

@@ -881,13 +881,13 @@ impl From<Vec<NonZeroU8>> for CString {
         unsafe {
             // Transmute `Vec<NonZeroU8>` to `Vec<u8>`.
             let v: Vec<u8> = {
-                // Safety:
+                // SAFETY:
                 //   - transmuting between `NonZeroU8` and `u8` is sound;
                 //   - `alloc::Layout<NonZeroU8> == alloc::Layout<u8>`.
                 let (ptr, len, cap): (*mut NonZeroU8, _, _) = Vec::into_raw_parts(v);
                 Vec::from_raw_parts(ptr.cast::<u8>(), len, cap)
             };
-            // Safety: `v` cannot contain null bytes, given the type-level
+            // SAFETY: `v` cannot contain null bytes, given the type-level
             // invariant of `NonZeroU8`.
             CString::from_vec_unchecked(v)
         }

library/std/src/ffi/os_str.rs

@@ -510,14 +510,14 @@ impl OsStr {
 
     #[inline]
     fn from_inner(inner: &Slice) -> &OsStr {
-        // Safety: OsStr is just a wrapper of Slice,
+        // SAFETY: OsStr is just a wrapper of Slice,
         // therefore converting &Slice to &OsStr is safe.
         unsafe { &*(inner as *const Slice as *const OsStr) }
     }
 
     #[inline]
     fn from_inner_mut(inner: &mut Slice) -> &mut OsStr {
-        // Safety: OsStr is just a wrapper of Slice,
+        // SAFETY: OsStr is just a wrapper of Slice,
         // therefore converting &mut Slice to &mut OsStr is safe.
         // Any method that mutates OsStr must be careful not to
         // break platform-specific encoding, in particular Wtf8 on Windows.

library/std/src/lazy.rs

@@ -293,7 +293,7 @@ impl<T> SyncOnceCell<T> {
 
         debug_assert!(self.is_initialized());
 
-        // Safety: The inner value has been initialized
+        // SAFETY: The inner value has been initialized
         Ok(unsafe { self.get_unchecked() })
     }
 
@@ -316,7 +316,7 @@ impl<T> SyncOnceCell<T> {
     /// ```
     #[unstable(feature = "once_cell", issue = "74465")]
     pub fn into_inner(mut self) -> Option<T> {
-        // Safety: Safe because we immediately free `self` without dropping
+        // SAFETY: Safe because we immediately free `self` without dropping
         let inner = unsafe { self.take_inner() };
 
         // Don't drop this `SyncOnceCell`. We just moved out one of the fields, but didn't set
@@ -416,7 +416,7 @@ impl<T> SyncOnceCell<T> {
 
 unsafe impl<#[may_dangle] T> Drop for SyncOnceCell<T> {
     fn drop(&mut self) {
-        // Safety: The cell is being dropped, so it can't be accessed again.
+        // SAFETY: The cell is being dropped, so it can't be accessed again.
         // We also don't touch the `T`, which validates our usage of #[may_dangle].
         unsafe { self.take_inner() };
     }

library/std/src/sys/windows/os_str.rs

@@ -77,14 +77,14 @@ impl Buf {
     }
 
     pub fn as_slice(&self) -> &Slice {
-        // Safety: Slice is just a wrapper for Wtf8,
+        // SAFETY: Slice is just a wrapper for Wtf8,
         // and self.inner.as_slice() returns &Wtf8.
         // Therefore, transmuting &Wtf8 to &Slice is safe.
         unsafe { mem::transmute(self.inner.as_slice()) }
     }
 
     pub fn as_mut_slice(&mut self) -> &mut Slice {
-        // Safety: Slice is just a wrapper for Wtf8,
+        // SAFETY: Slice is just a wrapper for Wtf8,
         // and self.inner.as_mut_slice() returns &mut Wtf8.
         // Therefore, transmuting &mut Wtf8 to &mut Slice is safe.
         // Additionally, care should be taken to ensure the slice

library/std/src/sys_common/os_str_bytes.rs

@@ -106,15 +106,15 @@ impl Buf {
 
     #[inline]
     pub fn as_slice(&self) -> &Slice {
-        // Safety: Slice just wraps [u8],
+        // SAFETY: Slice just wraps [u8],
         // and &*self.inner is &[u8], therefore
         // transmuting &[u8] to &Slice is safe.
         unsafe { mem::transmute(&*self.inner) }
     }
 
     #[inline]
     pub fn as_mut_slice(&mut self) -> &mut Slice {
-        // Safety: Slice just wraps [u8],
+        // SAFETY: Slice just wraps [u8],
         // and &mut *self.inner is &mut [u8], therefore
         // transmuting &mut [u8] to &mut Slice is safe.
         unsafe { mem::transmute(&mut *self.inner) }

src/test/ui/generator/static-generators.rs

@@ -12,7 +12,7 @@ fn main() {
         yield;
         assert_eq!(b as *const _, &a as *const _);
     };
-    // Safety: We shadow the original generator variable so have no safe API to
+    // SAFETY: We shadow the original generator variable so have no safe API to
     // move it after this point.
     let mut generator = unsafe { Pin::new_unchecked(&mut generator) };
     assert_eq!(generator.as_mut().resume(()), GeneratorState::Yielded(()));