Document that init and cleanup are not guaranteed to run

Author: CDirkx

std/src/sys/hermit/mod.rs

@@ -96,12 +96,14 @@ pub extern "C" fn __rust_abort() {
 }
 
 // SAFETY: must be called only once during runtime initialization.
+// NOTE: this is not guaranteed to run, for example when Rust code is called externally.
 pub unsafe fn init(argc: isize, argv: *const *const u8) {
     let _ = net::init();
     args::init(argc, argv);
 }
 
 // SAFETY: must be called only once during runtime cleanup.
+// NOTE: this is not guaranteed to run, for example when the program aborts.
 pub unsafe fn cleanup() {
     args::cleanup();
 }

std/src/sys/sgx/mod.rs

@@ -40,13 +40,15 @@ pub mod time;
 pub use crate::sys_common::os_str_bytes as os_str;
 
 // SAFETY: must be called only once during runtime initialization.
+// NOTE: this is not guaranteed to run, for example when Rust code is called externally.
 pub unsafe fn init(argc: isize, argv: *const *const u8) {
     unsafe {
         args::init(argc, argv);
     }
 }
 
 // SAFETY: must be called only once during runtime cleanup.
+// NOTE: this is not guaranteed to run, for example when the program aborts.
 pub unsafe fn cleanup() {}
 
 /// This function is used to implement functionality that simply doesn't exist.

std/src/sys/unix/mod.rs

@@ -45,6 +45,7 @@ pub mod time;
 pub use crate::sys_common::os_str_bytes as os_str;
 
 // SAFETY: must be called only once during runtime initialization.
+// NOTE: this is not guaranteed to run, for example when Rust code is called externally.
 pub unsafe fn init(argc: isize, argv: *const *const u8) {
     // The standard streams might be closed on application startup. To prevent
     // std::io::{stdin, stdout,stderr} objects from using other unrelated file
@@ -120,6 +121,7 @@ pub unsafe fn init(argc: isize, argv: *const *const u8) {
 }
 
 // SAFETY: must be called only once during runtime cleanup.
+// NOTE: this is not guaranteed to run, for example when the program aborts.
 pub unsafe fn cleanup() {
     args::cleanup();
     stack_overflow::cleanup();

std/src/sys/unsupported/common.rs

@@ -11,9 +11,11 @@ pub use crate::sys_common::os_str_bytes as os_str;
 use crate::os::raw::c_char;
 
 // SAFETY: must be called only once during runtime initialization.
+// NOTE: this is not guaranteed to run, for example when Rust code is called externally.
 pub unsafe fn init(_argc: isize, _argv: *const *const u8) {}
 
 // SAFETY: must be called only once during runtime cleanup.
+// NOTE: this is not guaranteed to run, for example when the program aborts.
 pub unsafe fn cleanup() {}
 
 pub fn unsupported<T>() -> std_io::Result<T> {

std/src/sys/windows/mod.rs

@@ -50,11 +50,13 @@ cfg_if::cfg_if! {
 }
 
 // SAFETY: must be called only once during runtime initialization.
+// NOTE: this is not guaranteed to run, for example when Rust code is called externally.
 pub unsafe fn init(_argc: isize, _argv: *const *const u8) {
     stack_overflow::init();
 }
 
 // SAFETY: must be called only once during runtime cleanup.
+// NOTE: this is not guaranteed to run, for example when the program aborts.
 pub unsafe fn cleanup() {
     net::cleanup();
 }

std/src/sys_common/rt.rs

@@ -5,6 +5,7 @@ use crate::thread::Thread;
 
 // One-time runtime initialization.
 // Runs before `main`.
+// NOTE: this is not guaranteed to run, for example when Rust code is called externally.
 #[cfg_attr(test, allow(dead_code))]
 pub fn init(argc: isize, argv: *const *const u8) {
     static INIT: Once = Once::new();
@@ -23,8 +24,8 @@ pub fn init(argc: isize, argv: *const *const u8) {
 }
 
 // One-time runtime cleanup.
-// Runs after `main` or at program exit. Note however that this is not guaranteed to run,
-// for example when the program aborts.
+// Runs after `main` or at program exit.
+// NOTE: this is not guaranteed to run, for example when the program aborts.
 #[cfg_attr(test, allow(dead_code))]
 pub fn cleanup() {
     static CLEANUP: Once = Once::new();