Skip to content

Commit d3fe67c

Browse files
morrisonlevimorrisonlevi
committed
docs: ProfileStatus ownership
1 parent 41f951f commit d3fe67c

File tree

1 file changed

+37
-8
lines changed

1 file changed

+37
-8
lines changed

libdd-profiling-ffi/src/profile_status.rs

Lines changed: 37 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -18,20 +18,49 @@ const MASK_IS_ERROR: usize = 0b01;
1818
const MASK_IS_ALLOCATED: usize = 0b10;
1919
const MASK_UNUSED: usize = !(MASK_IS_ERROR | MASK_IS_ALLOCATED);
2020

21-
/// Represents the result of an operation that either succeeds with no value,
22-
/// or fails with an error message. This is like `Result<(), Cow<CStr>` except
23-
/// its representation is smaller, and is FFI-stable.
21+
/// Represents the result of an operation that either succeeds with no value, or fails with an
22+
/// error message. This is like `Result<(), Cow<'static, CStr>` except its representation is
23+
/// smaller, and is FFI-stable.
2424
///
2525
/// The OK status is guaranteed to have a representation of `{ 0, null }`.
26+
///
27+
/// # Ownership
28+
///
29+
/// A `ProfileStatus` owns its error message data. When a `ProfileStatus` with an error is
30+
/// created, it takes ownership of the error string (either as a static reference or heap
31+
/// allocation). The caller is responsible for eventually calling [`ddog_prof_Status_drop`] to
32+
/// free any heap-allocated memory. This is safe to call on OK as well; it does nothing.
33+
///
34+
/// # FFI Safety
35+
///
36+
/// This type is `#[repr(C)]` and safe to pass across FFI boundaries. The C side must treat
37+
/// this as an opaque struct and use the provided FFI functions to inspect and drop it.
2638
#[repr(C)]
2739
#[derive(Debug)]
2840
pub struct ProfileStatus {
29-
/// 0 means okay, everything else is opaque in C.
30-
/// In Rust, the bits help us know whether it is heap allocated or not.
41+
/// Bitflags indicating the status and storage type.
42+
/// - `FLAG_OK` (0): Success, no error. `err` must be null. From C, this is the only thing you
43+
/// should check; the other flags are internal details.
44+
/// - `FLAG_STATIC`: Error message points to static data. `err` is non-null and points to a
45+
/// `&'static CStr`. Must not be freed.
46+
/// - `FLAG_ALLOCATED`: Error message is heap-allocated. `err` is non-null and points to a
47+
/// heap-allocated, null-terminated string that this `ProfileStatus` owns. Must be freed via
48+
/// [`ddog_prof_Status_drop`].
3149
pub flags: libc::size_t,
32-
/// If not null, this is a pointer to a valid null-terminated string in
33-
/// UTF-8 encoding.
34-
/// This is null if `flags` == 0.
50+
51+
/// Pointer to a null-terminated UTF-8 error message string.
52+
/// - If `flags == FLAG_OK`, this **must** be null.
53+
/// - If `flags & FLAG_STATIC`, this points to static data with lifetime `'static`.
54+
/// - If `flags & FLAG_ALLOCATED`, this points to heap-allocated data owned by this
55+
/// `ProfileStatus`. The allocation was created by the global allocator and must be freed by
56+
/// [`ddog_prof_Status_drop`].
57+
///
58+
/// # Safety Invariant
59+
///
60+
/// When non-null, `err` must point to a valid, null-terminated C
61+
/// string in UTF-8 encoding. The pointer remains valid for the
62+
/// lifetime of this `ProfileStatus` or until [`ddog_prof_Status_drop`]
63+
/// is called.
3564
pub err: *const c_char,
3665
}
3766

0 commit comments

Comments
 (0)