From 7cae9e8c88e468e94c157d9aaee4b8e3cf90b9a4 Mon Sep 17 00:00:00 2001 From: maekawatoshiki Date: Fri, 31 Jul 2020 18:50:11 +0900 Subject: [PATCH 1/4] `#![deny(unsafe_op_in_unsafe_fn)]` in sys/hermit --- library/std/src/sys/hermit/alloc.rs | 25 ++++--- library/std/src/sys/hermit/args.rs | 16 +++-- library/std/src/sys/hermit/condvar.rs | 34 +++++++--- library/std/src/sys/hermit/fd.rs | 1 + library/std/src/sys/hermit/mod.rs | 22 ++++-- library/std/src/sys/hermit/mutex.rs | 26 ++++--- library/std/src/sys/hermit/os.rs | 2 + library/std/src/sys/hermit/rwlock.rs | 68 ++++++++++++------- library/std/src/sys/hermit/thread.rs | 21 +++--- .../std/src/sys/hermit/thread_local_dtor.rs | 7 +- 10 files changed, 147 insertions(+), 75 deletions(-) diff --git a/library/std/src/sys/hermit/alloc.rs b/library/std/src/sys/hermit/alloc.rs index d153914e77e10..04446172197f7 100644 --- a/library/std/src/sys/hermit/alloc.rs +++ b/library/std/src/sys/hermit/alloc.rs @@ -1,3 +1,5 @@ +#![deny(unsafe_op_in_unsafe_fn)] + use crate::alloc::{GlobalAlloc, Layout, System}; use crate::ptr; use crate::sys::hermit::abi; @@ -6,26 +8,33 @@ use crate::sys::hermit::abi; unsafe impl GlobalAlloc for System { #[inline] unsafe fn alloc(&self, layout: Layout) -> *mut u8 { - abi::malloc(layout.size(), layout.align()) + // SAFETY: The safety contract for `malloc` must be upheld by the caller. + unsafe { abi::malloc(layout.size(), layout.align()) } } unsafe fn alloc_zeroed(&self, layout: Layout) -> *mut u8 { - let addr = abi::malloc(layout.size(), layout.align()); + // SAFETY: The safety contract for `malloc` must be upheld by the caller. + // Also, `addr` must be valid for writes of `layout.size() * size_of::()` bytes. + unsafe { + let addr = abi::malloc(layout.size(), layout.align()); - if !addr.is_null() { - ptr::write_bytes(addr, 0x00, layout.size()); - } + if !addr.is_null() { + ptr::write_bytes(addr, 0x00, layout.size()); + } - addr + addr + } } #[inline] unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout) { - abi::free(ptr, layout.size(), layout.align()) + // SAFETY: The safety contract for `free` must be upheld by the caller. + unsafe { abi::free(ptr, layout.size(), layout.align()) } } #[inline] unsafe fn realloc(&self, ptr: *mut u8, layout: Layout, new_size: usize) -> *mut u8 { - abi::realloc(ptr, layout.size(), layout.align(), new_size) + // SAFETY: The safety contract for `realloc` must be upheld by the caller. + unsafe { abi::realloc(ptr, layout.size(), layout.align(), new_size) } } } diff --git a/library/std/src/sys/hermit/args.rs b/library/std/src/sys/hermit/args.rs index 72c1b8511cac8..dd8830599c37e 100644 --- a/library/std/src/sys/hermit/args.rs +++ b/library/std/src/sys/hermit/args.rs @@ -1,15 +1,17 @@ +#![deny(unsafe_op_in_unsafe_fn)] + use crate::ffi::OsString; use crate::marker::PhantomData; use crate::vec; /// One-time global initialization. pub unsafe fn init(argc: isize, argv: *const *const u8) { - imp::init(argc, argv) + unsafe { imp::init(argc, argv) } } /// One-time global cleanup. pub unsafe fn cleanup() { - imp::cleanup() + unsafe { imp::cleanup() } } /// Returns the command line arguments @@ -65,14 +67,18 @@ mod imp { pub unsafe fn init(argc: isize, argv: *const *const u8) { let _guard = LOCK.lock(); - ARGC = argc; - ARGV = argv; + unsafe { + ARGC = argc; + ARGV = argv; + } } pub unsafe fn cleanup() { let _guard = LOCK.lock(); ARGC = 0; - ARGV = ptr::null(); + unsafe { + ARGV = ptr::null(); + } } pub fn args() -> Args { diff --git a/library/std/src/sys/hermit/condvar.rs b/library/std/src/sys/hermit/condvar.rs index 52c8c3b17e826..662dc9394a36f 100644 --- a/library/std/src/sys/hermit/condvar.rs +++ b/library/std/src/sys/hermit/condvar.rs @@ -1,3 +1,5 @@ +#![deny(unsafe_op_in_unsafe_fn)] + use crate::ffi::c_void; use crate::ptr; use crate::sync::atomic::{AtomicUsize, Ordering::SeqCst}; @@ -23,33 +25,43 @@ impl Condvar { } pub unsafe fn init(&mut self) { - let _ = abi::sem_init(&mut self.sem1 as *mut *const c_void, 0); - let _ = abi::sem_init(&mut self.sem2 as *mut *const c_void, 0); + unsafe { + let _ = abi::sem_init(&mut self.sem1 as *mut *const c_void, 0); + let _ = abi::sem_init(&mut self.sem2 as *mut *const c_void, 0); + } } pub unsafe fn notify_one(&self) { if self.counter.load(SeqCst) > 0 { self.counter.fetch_sub(1, SeqCst); - abi::sem_post(self.sem1); - abi::sem_timedwait(self.sem2, 0); + unsafe { + abi::sem_post(self.sem1); + abi::sem_timedwait(self.sem2, 0); + } } } pub unsafe fn notify_all(&self) { let counter = self.counter.swap(0, SeqCst); for _ in 0..counter { - abi::sem_post(self.sem1); + unsafe { + abi::sem_post(self.sem1); + } } for _ in 0..counter { - abi::sem_timedwait(self.sem2, 0); + unsafe { + abi::sem_timedwait(self.sem2, 0); + } } } pub unsafe fn wait(&self, mutex: &Mutex) { self.counter.fetch_add(1, SeqCst); mutex.unlock(); - abi::sem_timedwait(self.sem1, 0); - abi::sem_post(self.sem2); + unsafe { + abi::sem_timedwait(self.sem1, 0); + abi::sem_post(self.sem2); + } mutex.lock(); } @@ -58,7 +70,9 @@ impl Condvar { } pub unsafe fn destroy(&self) { - let _ = abi::sem_destroy(self.sem1); - let _ = abi::sem_destroy(self.sem2); + unsafe { + let _ = abi::sem_destroy(self.sem1); + let _ = abi::sem_destroy(self.sem2); + } } } diff --git a/library/std/src/sys/hermit/fd.rs b/library/std/src/sys/hermit/fd.rs index 97d1a38b41ab1..2914e5ad3dbe2 100644 --- a/library/std/src/sys/hermit/fd.rs +++ b/library/std/src/sys/hermit/fd.rs @@ -1,3 +1,4 @@ +#![deny(unsafe_op_in_unsafe_fn)] #![unstable(reason = "not public", issue = "none", feature = "fd")] use crate::io::{self, ErrorKind, Read}; diff --git a/library/std/src/sys/hermit/mod.rs b/library/std/src/sys/hermit/mod.rs index 675b82ceb775f..0e4504020df42 100644 --- a/library/std/src/sys/hermit/mod.rs +++ b/library/std/src/sys/hermit/mod.rs @@ -13,6 +13,8 @@ //! compiling for wasm. That way it's a compile time error for something that's //! guaranteed to be a runtime error! +#![deny(unsafe_op_in_unsafe_fn)] + use crate::intrinsics; use crate::os::raw::c_char; @@ -62,8 +64,12 @@ pub enum Void {} pub unsafe fn strlen(start: *const c_char) -> usize { let mut str = start; - while *str != 0 { - str = str.offset(1); + // SAFETY: The safety contract for `*str != 0` must be upheld by the caller. + // `start` must not be null. + unsafe { + while *str != 0 { + str = str.offset(1); + } } (str as usize) - (start as usize) @@ -111,13 +117,15 @@ pub unsafe extern "C" fn runtime_entry( fn main(argc: isize, argv: *const *const c_char) -> i32; } - // initialize environment - os::init_environment(env as *const *const i8); + unsafe { + // initialize environment + os::init_environment(env as *const *const i8); - let result = main(argc as isize, argv); + let result = main(argc as isize, argv); - run_dtors(); - abi::exit(result); + run_dtors(); + abi::exit(result); + } } pub fn decode_error_kind(errno: i32) -> ErrorKind { diff --git a/library/std/src/sys/hermit/mutex.rs b/library/std/src/sys/hermit/mutex.rs index 3d4813209cbc4..bcb2554ab2927 100644 --- a/library/std/src/sys/hermit/mutex.rs +++ b/library/std/src/sys/hermit/mutex.rs @@ -1,3 +1,5 @@ +#![deny(unsafe_op_in_unsafe_fn)] + use crate::ffi::c_void; use crate::ptr; use crate::sys::hermit::abi; @@ -16,28 +18,34 @@ impl Mutex { #[inline] pub unsafe fn init(&mut self) { - let _ = abi::sem_init(&mut self.inner as *mut *const c_void, 1); + unsafe { + let _ = abi::sem_init(&mut self.inner as *mut *const c_void, 1); + } } #[inline] pub unsafe fn lock(&self) { - let _ = abi::sem_timedwait(self.inner, 0); + unsafe { + let _ = abi::sem_timedwait(self.inner, 0); + } } #[inline] pub unsafe fn unlock(&self) { - let _ = abi::sem_post(self.inner); + unsafe { + let _ = abi::sem_post(self.inner); + } } #[inline] pub unsafe fn try_lock(&self) -> bool { - let result = abi::sem_trywait(self.inner); + let result = unsafe { abi::sem_trywait(self.inner) }; result == 0 } #[inline] pub unsafe fn destroy(&self) { - let _ = abi::sem_destroy(self.inner); + let _ = unsafe { abi::sem_destroy(self.inner) }; } } @@ -52,12 +60,12 @@ impl ReentrantMutex { #[inline] pub unsafe fn init(&self) { - let _ = abi::recmutex_init(&self.inner as *const *const c_void as *mut _); + let _ = unsafe { abi::recmutex_init(&self.inner as *const *const c_void as *mut _) }; } #[inline] pub unsafe fn lock(&self) { - let _ = abi::recmutex_lock(self.inner); + let _ = unsafe { abi::recmutex_lock(self.inner) }; } #[inline] @@ -67,11 +75,11 @@ impl ReentrantMutex { #[inline] pub unsafe fn unlock(&self) { - let _ = abi::recmutex_unlock(self.inner); + let _ = unsafe { abi::recmutex_unlock(self.inner) }; } #[inline] pub unsafe fn destroy(&self) { - let _ = abi::recmutex_destroy(self.inner); + let _ = unsafe { abi::recmutex_destroy(self.inner) }; } } diff --git a/library/std/src/sys/hermit/os.rs b/library/std/src/sys/hermit/os.rs index 78eabf8f81e98..d95940c9a76c8 100644 --- a/library/std/src/sys/hermit/os.rs +++ b/library/std/src/sys/hermit/os.rs @@ -1,3 +1,5 @@ +#![deny(unsafe_op_in_unsafe_fn)] + use crate::collections::HashMap; use crate::error::Error as StdError; use crate::ffi::{CStr, OsStr, OsString}; diff --git a/library/std/src/sys/hermit/rwlock.rs b/library/std/src/sys/hermit/rwlock.rs index 06442e925f4c8..a6c7bcc7641fc 100644 --- a/library/std/src/sys/hermit/rwlock.rs +++ b/library/std/src/sys/hermit/rwlock.rs @@ -1,3 +1,5 @@ +#![deny(unsafe_op_in_unsafe_fn)] + use crate::cell::UnsafeCell; use crate::sys::condvar::Condvar; use crate::sys::mutex::Mutex; @@ -32,62 +34,76 @@ impl RWLock { #[inline] pub unsafe fn read(&self) { - self.lock.lock(); - while !(*self.state.get()).inc_readers() { - self.cond.wait(&self.lock); + unsafe { + self.lock.lock(); + while !(*self.state.get()).inc_readers() { + self.cond.wait(&self.lock); + } + self.lock.unlock(); } - self.lock.unlock(); } #[inline] pub unsafe fn try_read(&self) -> bool { - self.lock.lock(); - let ok = (*self.state.get()).inc_readers(); - self.lock.unlock(); + unsafe { + self.lock.lock(); + let ok = (*self.state.get()).inc_readers(); + self.lock.unlock(); + } return ok; } #[inline] pub unsafe fn write(&self) { - self.lock.lock(); - while !(*self.state.get()).inc_writers() { - self.cond.wait(&self.lock); + unsafe { + self.lock.lock(); + while !(*self.state.get()).inc_writers() { + self.cond.wait(&self.lock); + } } self.lock.unlock(); } #[inline] pub unsafe fn try_write(&self) -> bool { - self.lock.lock(); - let ok = (*self.state.get()).inc_writers(); - self.lock.unlock(); + unsafe { + self.lock.lock(); + let ok = (*self.state.get()).inc_writers(); + self.lock.unlock(); + } return ok; } #[inline] pub unsafe fn read_unlock(&self) { - self.lock.lock(); - let notify = (*self.state.get()).dec_readers(); - self.lock.unlock(); - if notify { - // FIXME: should only wake up one of these some of the time - self.cond.notify_all(); + unsafe { + self.lock.lock(); + let notify = (*self.state.get()).dec_readers(); + self.lock.unlock(); + if notify { + // FIXME: should only wake up one of these some of the time + self.cond.notify_all(); + } } } #[inline] pub unsafe fn write_unlock(&self) { - self.lock.lock(); - (*self.state.get()).dec_writers(); - self.lock.unlock(); - // FIXME: should only wake up one of these some of the time - self.cond.notify_all(); + unsafe { + self.lock.lock(); + (*self.state.get()).dec_writers(); + self.lock.unlock(); + // FIXME: should only wake up one of these some of the time + self.cond.notify_all(); + } } #[inline] pub unsafe fn destroy(&self) { - self.lock.destroy(); - self.cond.destroy(); + unsafe { + self.lock.destroy(); + self.cond.destroy(); + } } } diff --git a/library/std/src/sys/hermit/thread.rs b/library/std/src/sys/hermit/thread.rs index e11afed668728..7c52112a80c2d 100644 --- a/library/std/src/sys/hermit/thread.rs +++ b/library/std/src/sys/hermit/thread.rs @@ -1,4 +1,5 @@ #![allow(dead_code)] +#![deny(unsafe_op_in_unsafe_fn)] use crate::ffi::CStr; use crate::io; @@ -25,18 +26,22 @@ impl Thread { core_id: isize, ) -> io::Result { let p = Box::into_raw(box p); - let tid = abi::spawn2( - thread_start, - p as usize, - abi::Priority::into(abi::NORMAL_PRIO), - stack, - core_id, - ); + let tid = unsafe { + abi::spawn2( + thread_start, + p as usize, + abi::Priority::into(abi::NORMAL_PRIO), + stack, + core_id, + ) + }; return if tid == 0 { // The thread failed to start and as a result p was not consumed. Therefore, it is // safe to reconstruct the box so that it gets deallocated. - drop(Box::from_raw(p)); + unsafe { + drop(Box::from_raw(p)); + } Err(io::Error::new(io::ErrorKind::Other, "Unable to create thread!")) } else { Ok(Thread { tid: tid }) diff --git a/library/std/src/sys/hermit/thread_local_dtor.rs b/library/std/src/sys/hermit/thread_local_dtor.rs index 9b683fce15748..7998dd3cb4347 100644 --- a/library/std/src/sys/hermit/thread_local_dtor.rs +++ b/library/std/src/sys/hermit/thread_local_dtor.rs @@ -1,5 +1,6 @@ #![cfg(target_thread_local)] #![unstable(feature = "thread_local_internals", issue = "none")] +#![deny(unsafe_op_in_unsafe_fn)] // Simplify dtor registration by using a list of destructors. // The this solution works like the implementation of macOS and @@ -19,7 +20,8 @@ pub unsafe fn register_dtor(t: *mut u8, dtor: unsafe extern "C" fn(*mut u8)) { DTORS.set(Box::into_raw(v)); } - let list: &mut List = &mut *DTORS.get(); + // SAFETY: `DTORS.get()` is not null. + let list: &mut List = unsafe { &mut *DTORS.get() }; list.push((t, dtor)); } @@ -27,7 +29,8 @@ pub unsafe fn register_dtor(t: *mut u8, dtor: unsafe extern "C" fn(*mut u8)) { pub unsafe fn run_dtors() { let mut ptr = DTORS.replace(ptr::null_mut()); while !ptr.is_null() { - let list = Box::from_raw(ptr); + // SAFETY: `ptr` is not null. + let list = unsafe { Box::from_raw(ptr) }; for (ptr, dtor) in list.into_iter() { dtor(ptr); } From 3a46cca4aeb2f5c0dcbc9e982d915c519c44f783 Mon Sep 17 00:00:00 2001 From: maekawatoshiki Date: Fri, 21 Aug 2020 14:14:58 +0900 Subject: [PATCH 2/4] Revert "`#![deny(unsafe_op_in_unsafe_fn)]` in sys/hermit" This reverts commit 7cae9e8c88e468e94c157d9aaee4b8e3cf90b9a4. --- library/std/src/sys/hermit/alloc.rs | 25 +++---- library/std/src/sys/hermit/args.rs | 16 ++--- library/std/src/sys/hermit/condvar.rs | 34 +++------- library/std/src/sys/hermit/fd.rs | 1 - library/std/src/sys/hermit/mod.rs | 22 ++---- library/std/src/sys/hermit/mutex.rs | 26 +++---- library/std/src/sys/hermit/os.rs | 2 - library/std/src/sys/hermit/rwlock.rs | 68 +++++++------------ library/std/src/sys/hermit/thread.rs | 21 +++--- .../std/src/sys/hermit/thread_local_dtor.rs | 7 +- 10 files changed, 75 insertions(+), 147 deletions(-) diff --git a/library/std/src/sys/hermit/alloc.rs b/library/std/src/sys/hermit/alloc.rs index 04446172197f7..d153914e77e10 100644 --- a/library/std/src/sys/hermit/alloc.rs +++ b/library/std/src/sys/hermit/alloc.rs @@ -1,5 +1,3 @@ -#![deny(unsafe_op_in_unsafe_fn)] - use crate::alloc::{GlobalAlloc, Layout, System}; use crate::ptr; use crate::sys::hermit::abi; @@ -8,33 +6,26 @@ use crate::sys::hermit::abi; unsafe impl GlobalAlloc for System { #[inline] unsafe fn alloc(&self, layout: Layout) -> *mut u8 { - // SAFETY: The safety contract for `malloc` must be upheld by the caller. - unsafe { abi::malloc(layout.size(), layout.align()) } + abi::malloc(layout.size(), layout.align()) } unsafe fn alloc_zeroed(&self, layout: Layout) -> *mut u8 { - // SAFETY: The safety contract for `malloc` must be upheld by the caller. - // Also, `addr` must be valid for writes of `layout.size() * size_of::()` bytes. - unsafe { - let addr = abi::malloc(layout.size(), layout.align()); - - if !addr.is_null() { - ptr::write_bytes(addr, 0x00, layout.size()); - } + let addr = abi::malloc(layout.size(), layout.align()); - addr + if !addr.is_null() { + ptr::write_bytes(addr, 0x00, layout.size()); } + + addr } #[inline] unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout) { - // SAFETY: The safety contract for `free` must be upheld by the caller. - unsafe { abi::free(ptr, layout.size(), layout.align()) } + abi::free(ptr, layout.size(), layout.align()) } #[inline] unsafe fn realloc(&self, ptr: *mut u8, layout: Layout, new_size: usize) -> *mut u8 { - // SAFETY: The safety contract for `realloc` must be upheld by the caller. - unsafe { abi::realloc(ptr, layout.size(), layout.align(), new_size) } + abi::realloc(ptr, layout.size(), layout.align(), new_size) } } diff --git a/library/std/src/sys/hermit/args.rs b/library/std/src/sys/hermit/args.rs index dd8830599c37e..72c1b8511cac8 100644 --- a/library/std/src/sys/hermit/args.rs +++ b/library/std/src/sys/hermit/args.rs @@ -1,17 +1,15 @@ -#![deny(unsafe_op_in_unsafe_fn)] - use crate::ffi::OsString; use crate::marker::PhantomData; use crate::vec; /// One-time global initialization. pub unsafe fn init(argc: isize, argv: *const *const u8) { - unsafe { imp::init(argc, argv) } + imp::init(argc, argv) } /// One-time global cleanup. pub unsafe fn cleanup() { - unsafe { imp::cleanup() } + imp::cleanup() } /// Returns the command line arguments @@ -67,18 +65,14 @@ mod imp { pub unsafe fn init(argc: isize, argv: *const *const u8) { let _guard = LOCK.lock(); - unsafe { - ARGC = argc; - ARGV = argv; - } + ARGC = argc; + ARGV = argv; } pub unsafe fn cleanup() { let _guard = LOCK.lock(); ARGC = 0; - unsafe { - ARGV = ptr::null(); - } + ARGV = ptr::null(); } pub fn args() -> Args { diff --git a/library/std/src/sys/hermit/condvar.rs b/library/std/src/sys/hermit/condvar.rs index 662dc9394a36f..52c8c3b17e826 100644 --- a/library/std/src/sys/hermit/condvar.rs +++ b/library/std/src/sys/hermit/condvar.rs @@ -1,5 +1,3 @@ -#![deny(unsafe_op_in_unsafe_fn)] - use crate::ffi::c_void; use crate::ptr; use crate::sync::atomic::{AtomicUsize, Ordering::SeqCst}; @@ -25,43 +23,33 @@ impl Condvar { } pub unsafe fn init(&mut self) { - unsafe { - let _ = abi::sem_init(&mut self.sem1 as *mut *const c_void, 0); - let _ = abi::sem_init(&mut self.sem2 as *mut *const c_void, 0); - } + let _ = abi::sem_init(&mut self.sem1 as *mut *const c_void, 0); + let _ = abi::sem_init(&mut self.sem2 as *mut *const c_void, 0); } pub unsafe fn notify_one(&self) { if self.counter.load(SeqCst) > 0 { self.counter.fetch_sub(1, SeqCst); - unsafe { - abi::sem_post(self.sem1); - abi::sem_timedwait(self.sem2, 0); - } + abi::sem_post(self.sem1); + abi::sem_timedwait(self.sem2, 0); } } pub unsafe fn notify_all(&self) { let counter = self.counter.swap(0, SeqCst); for _ in 0..counter { - unsafe { - abi::sem_post(self.sem1); - } + abi::sem_post(self.sem1); } for _ in 0..counter { - unsafe { - abi::sem_timedwait(self.sem2, 0); - } + abi::sem_timedwait(self.sem2, 0); } } pub unsafe fn wait(&self, mutex: &Mutex) { self.counter.fetch_add(1, SeqCst); mutex.unlock(); - unsafe { - abi::sem_timedwait(self.sem1, 0); - abi::sem_post(self.sem2); - } + abi::sem_timedwait(self.sem1, 0); + abi::sem_post(self.sem2); mutex.lock(); } @@ -70,9 +58,7 @@ impl Condvar { } pub unsafe fn destroy(&self) { - unsafe { - let _ = abi::sem_destroy(self.sem1); - let _ = abi::sem_destroy(self.sem2); - } + let _ = abi::sem_destroy(self.sem1); + let _ = abi::sem_destroy(self.sem2); } } diff --git a/library/std/src/sys/hermit/fd.rs b/library/std/src/sys/hermit/fd.rs index 2914e5ad3dbe2..97d1a38b41ab1 100644 --- a/library/std/src/sys/hermit/fd.rs +++ b/library/std/src/sys/hermit/fd.rs @@ -1,4 +1,3 @@ -#![deny(unsafe_op_in_unsafe_fn)] #![unstable(reason = "not public", issue = "none", feature = "fd")] use crate::io::{self, ErrorKind, Read}; diff --git a/library/std/src/sys/hermit/mod.rs b/library/std/src/sys/hermit/mod.rs index 0e4504020df42..675b82ceb775f 100644 --- a/library/std/src/sys/hermit/mod.rs +++ b/library/std/src/sys/hermit/mod.rs @@ -13,8 +13,6 @@ //! compiling for wasm. That way it's a compile time error for something that's //! guaranteed to be a runtime error! -#![deny(unsafe_op_in_unsafe_fn)] - use crate::intrinsics; use crate::os::raw::c_char; @@ -64,12 +62,8 @@ pub enum Void {} pub unsafe fn strlen(start: *const c_char) -> usize { let mut str = start; - // SAFETY: The safety contract for `*str != 0` must be upheld by the caller. - // `start` must not be null. - unsafe { - while *str != 0 { - str = str.offset(1); - } + while *str != 0 { + str = str.offset(1); } (str as usize) - (start as usize) @@ -117,15 +111,13 @@ pub unsafe extern "C" fn runtime_entry( fn main(argc: isize, argv: *const *const c_char) -> i32; } - unsafe { - // initialize environment - os::init_environment(env as *const *const i8); + // initialize environment + os::init_environment(env as *const *const i8); - let result = main(argc as isize, argv); + let result = main(argc as isize, argv); - run_dtors(); - abi::exit(result); - } + run_dtors(); + abi::exit(result); } pub fn decode_error_kind(errno: i32) -> ErrorKind { diff --git a/library/std/src/sys/hermit/mutex.rs b/library/std/src/sys/hermit/mutex.rs index bcb2554ab2927..3d4813209cbc4 100644 --- a/library/std/src/sys/hermit/mutex.rs +++ b/library/std/src/sys/hermit/mutex.rs @@ -1,5 +1,3 @@ -#![deny(unsafe_op_in_unsafe_fn)] - use crate::ffi::c_void; use crate::ptr; use crate::sys::hermit::abi; @@ -18,34 +16,28 @@ impl Mutex { #[inline] pub unsafe fn init(&mut self) { - unsafe { - let _ = abi::sem_init(&mut self.inner as *mut *const c_void, 1); - } + let _ = abi::sem_init(&mut self.inner as *mut *const c_void, 1); } #[inline] pub unsafe fn lock(&self) { - unsafe { - let _ = abi::sem_timedwait(self.inner, 0); - } + let _ = abi::sem_timedwait(self.inner, 0); } #[inline] pub unsafe fn unlock(&self) { - unsafe { - let _ = abi::sem_post(self.inner); - } + let _ = abi::sem_post(self.inner); } #[inline] pub unsafe fn try_lock(&self) -> bool { - let result = unsafe { abi::sem_trywait(self.inner) }; + let result = abi::sem_trywait(self.inner); result == 0 } #[inline] pub unsafe fn destroy(&self) { - let _ = unsafe { abi::sem_destroy(self.inner) }; + let _ = abi::sem_destroy(self.inner); } } @@ -60,12 +52,12 @@ impl ReentrantMutex { #[inline] pub unsafe fn init(&self) { - let _ = unsafe { abi::recmutex_init(&self.inner as *const *const c_void as *mut _) }; + let _ = abi::recmutex_init(&self.inner as *const *const c_void as *mut _); } #[inline] pub unsafe fn lock(&self) { - let _ = unsafe { abi::recmutex_lock(self.inner) }; + let _ = abi::recmutex_lock(self.inner); } #[inline] @@ -75,11 +67,11 @@ impl ReentrantMutex { #[inline] pub unsafe fn unlock(&self) { - let _ = unsafe { abi::recmutex_unlock(self.inner) }; + let _ = abi::recmutex_unlock(self.inner); } #[inline] pub unsafe fn destroy(&self) { - let _ = unsafe { abi::recmutex_destroy(self.inner) }; + let _ = abi::recmutex_destroy(self.inner); } } diff --git a/library/std/src/sys/hermit/os.rs b/library/std/src/sys/hermit/os.rs index d95940c9a76c8..78eabf8f81e98 100644 --- a/library/std/src/sys/hermit/os.rs +++ b/library/std/src/sys/hermit/os.rs @@ -1,5 +1,3 @@ -#![deny(unsafe_op_in_unsafe_fn)] - use crate::collections::HashMap; use crate::error::Error as StdError; use crate::ffi::{CStr, OsStr, OsString}; diff --git a/library/std/src/sys/hermit/rwlock.rs b/library/std/src/sys/hermit/rwlock.rs index a6c7bcc7641fc..06442e925f4c8 100644 --- a/library/std/src/sys/hermit/rwlock.rs +++ b/library/std/src/sys/hermit/rwlock.rs @@ -1,5 +1,3 @@ -#![deny(unsafe_op_in_unsafe_fn)] - use crate::cell::UnsafeCell; use crate::sys::condvar::Condvar; use crate::sys::mutex::Mutex; @@ -34,76 +32,62 @@ impl RWLock { #[inline] pub unsafe fn read(&self) { - unsafe { - self.lock.lock(); - while !(*self.state.get()).inc_readers() { - self.cond.wait(&self.lock); - } - self.lock.unlock(); + self.lock.lock(); + while !(*self.state.get()).inc_readers() { + self.cond.wait(&self.lock); } + self.lock.unlock(); } #[inline] pub unsafe fn try_read(&self) -> bool { - unsafe { - self.lock.lock(); - let ok = (*self.state.get()).inc_readers(); - self.lock.unlock(); - } + self.lock.lock(); + let ok = (*self.state.get()).inc_readers(); + self.lock.unlock(); return ok; } #[inline] pub unsafe fn write(&self) { - unsafe { - self.lock.lock(); - while !(*self.state.get()).inc_writers() { - self.cond.wait(&self.lock); - } + self.lock.lock(); + while !(*self.state.get()).inc_writers() { + self.cond.wait(&self.lock); } self.lock.unlock(); } #[inline] pub unsafe fn try_write(&self) -> bool { - unsafe { - self.lock.lock(); - let ok = (*self.state.get()).inc_writers(); - self.lock.unlock(); - } + self.lock.lock(); + let ok = (*self.state.get()).inc_writers(); + self.lock.unlock(); return ok; } #[inline] pub unsafe fn read_unlock(&self) { - unsafe { - self.lock.lock(); - let notify = (*self.state.get()).dec_readers(); - self.lock.unlock(); - if notify { - // FIXME: should only wake up one of these some of the time - self.cond.notify_all(); - } + self.lock.lock(); + let notify = (*self.state.get()).dec_readers(); + self.lock.unlock(); + if notify { + // FIXME: should only wake up one of these some of the time + self.cond.notify_all(); } } #[inline] pub unsafe fn write_unlock(&self) { - unsafe { - self.lock.lock(); - (*self.state.get()).dec_writers(); - self.lock.unlock(); - // FIXME: should only wake up one of these some of the time - self.cond.notify_all(); - } + self.lock.lock(); + (*self.state.get()).dec_writers(); + self.lock.unlock(); + // FIXME: should only wake up one of these some of the time + self.cond.notify_all(); } #[inline] pub unsafe fn destroy(&self) { - unsafe { - self.lock.destroy(); - self.cond.destroy(); - } + self.lock.destroy(); + self.cond.destroy(); } } diff --git a/library/std/src/sys/hermit/thread.rs b/library/std/src/sys/hermit/thread.rs index 7c52112a80c2d..e11afed668728 100644 --- a/library/std/src/sys/hermit/thread.rs +++ b/library/std/src/sys/hermit/thread.rs @@ -1,5 +1,4 @@ #![allow(dead_code)] -#![deny(unsafe_op_in_unsafe_fn)] use crate::ffi::CStr; use crate::io; @@ -26,22 +25,18 @@ impl Thread { core_id: isize, ) -> io::Result { let p = Box::into_raw(box p); - let tid = unsafe { - abi::spawn2( - thread_start, - p as usize, - abi::Priority::into(abi::NORMAL_PRIO), - stack, - core_id, - ) - }; + let tid = abi::spawn2( + thread_start, + p as usize, + abi::Priority::into(abi::NORMAL_PRIO), + stack, + core_id, + ); return if tid == 0 { // The thread failed to start and as a result p was not consumed. Therefore, it is // safe to reconstruct the box so that it gets deallocated. - unsafe { - drop(Box::from_raw(p)); - } + drop(Box::from_raw(p)); Err(io::Error::new(io::ErrorKind::Other, "Unable to create thread!")) } else { Ok(Thread { tid: tid }) diff --git a/library/std/src/sys/hermit/thread_local_dtor.rs b/library/std/src/sys/hermit/thread_local_dtor.rs index 7998dd3cb4347..9b683fce15748 100644 --- a/library/std/src/sys/hermit/thread_local_dtor.rs +++ b/library/std/src/sys/hermit/thread_local_dtor.rs @@ -1,6 +1,5 @@ #![cfg(target_thread_local)] #![unstable(feature = "thread_local_internals", issue = "none")] -#![deny(unsafe_op_in_unsafe_fn)] // Simplify dtor registration by using a list of destructors. // The this solution works like the implementation of macOS and @@ -20,8 +19,7 @@ pub unsafe fn register_dtor(t: *mut u8, dtor: unsafe extern "C" fn(*mut u8)) { DTORS.set(Box::into_raw(v)); } - // SAFETY: `DTORS.get()` is not null. - let list: &mut List = unsafe { &mut *DTORS.get() }; + let list: &mut List = &mut *DTORS.get(); list.push((t, dtor)); } @@ -29,8 +27,7 @@ pub unsafe fn register_dtor(t: *mut u8, dtor: unsafe extern "C" fn(*mut u8)) { pub unsafe fn run_dtors() { let mut ptr = DTORS.replace(ptr::null_mut()); while !ptr.is_null() { - // SAFETY: `ptr` is not null. - let list = unsafe { Box::from_raw(ptr) }; + let list = Box::from_raw(ptr); for (ptr, dtor) in list.into_iter() { dtor(ptr); } From d94258e83ed5c873200b9ba3314144ef9251ebf9 Mon Sep 17 00:00:00 2001 From: maekawatoshiki Date: Fri, 21 Aug 2020 14:20:59 +0900 Subject: [PATCH 3/4] Add `#![allow(unsafe_op_in_unsafe_fn)]` in sys/hermit --- library/std/src/sys/hermit/alloc.rs | 2 ++ library/std/src/sys/hermit/args.rs | 2 ++ library/std/src/sys/hermit/condvar.rs | 2 ++ library/std/src/sys/hermit/fd.rs | 1 + library/std/src/sys/hermit/mod.rs | 2 ++ library/std/src/sys/hermit/mutex.rs | 2 ++ library/std/src/sys/hermit/os.rs | 2 ++ library/std/src/sys/hermit/rwlock.rs | 2 ++ library/std/src/sys/hermit/thread.rs | 1 + library/std/src/sys/hermit/thread_local_dtor.rs | 1 + 10 files changed, 17 insertions(+) diff --git a/library/std/src/sys/hermit/alloc.rs b/library/std/src/sys/hermit/alloc.rs index d153914e77e10..cebe317de5678 100644 --- a/library/std/src/sys/hermit/alloc.rs +++ b/library/std/src/sys/hermit/alloc.rs @@ -1,3 +1,5 @@ +#![allow(unsafe_op_in_unsafe_fn)] + use crate::alloc::{GlobalAlloc, Layout, System}; use crate::ptr; use crate::sys::hermit::abi; diff --git a/library/std/src/sys/hermit/args.rs b/library/std/src/sys/hermit/args.rs index 72c1b8511cac8..194d94805724b 100644 --- a/library/std/src/sys/hermit/args.rs +++ b/library/std/src/sys/hermit/args.rs @@ -1,3 +1,5 @@ +#![allow(unsafe_op_in_unsafe_fn)] + use crate::ffi::OsString; use crate::marker::PhantomData; use crate::vec; diff --git a/library/std/src/sys/hermit/condvar.rs b/library/std/src/sys/hermit/condvar.rs index 52c8c3b17e826..a69ab2d643cd2 100644 --- a/library/std/src/sys/hermit/condvar.rs +++ b/library/std/src/sys/hermit/condvar.rs @@ -1,3 +1,5 @@ +#![allow(unsafe_op_in_unsafe_fn)] + use crate::ffi::c_void; use crate::ptr; use crate::sync::atomic::{AtomicUsize, Ordering::SeqCst}; diff --git a/library/std/src/sys/hermit/fd.rs b/library/std/src/sys/hermit/fd.rs index 97d1a38b41ab1..fcdf1f058b162 100644 --- a/library/std/src/sys/hermit/fd.rs +++ b/library/std/src/sys/hermit/fd.rs @@ -1,4 +1,5 @@ #![unstable(reason = "not public", issue = "none", feature = "fd")] +#![allow(unsafe_op_in_unsafe_fn)] use crate::io::{self, ErrorKind, Read}; use crate::mem; diff --git a/library/std/src/sys/hermit/mod.rs b/library/std/src/sys/hermit/mod.rs index 675b82ceb775f..17a2cdf6bf8fa 100644 --- a/library/std/src/sys/hermit/mod.rs +++ b/library/std/src/sys/hermit/mod.rs @@ -13,6 +13,8 @@ //! compiling for wasm. That way it's a compile time error for something that's //! guaranteed to be a runtime error! +#![allow(unsafe_op_in_unsafe_fn)] + use crate::intrinsics; use crate::os::raw::c_char; diff --git a/library/std/src/sys/hermit/mutex.rs b/library/std/src/sys/hermit/mutex.rs index 3d4813209cbc4..6af1854e7041c 100644 --- a/library/std/src/sys/hermit/mutex.rs +++ b/library/std/src/sys/hermit/mutex.rs @@ -1,3 +1,5 @@ +#![allow(unsafe_op_in_unsafe_fn)] + use crate::ffi::c_void; use crate::ptr; use crate::sys::hermit::abi; diff --git a/library/std/src/sys/hermit/os.rs b/library/std/src/sys/hermit/os.rs index 78eabf8f81e98..ca0ffb7524d29 100644 --- a/library/std/src/sys/hermit/os.rs +++ b/library/std/src/sys/hermit/os.rs @@ -1,3 +1,5 @@ +#![allow(unsafe_op_in_unsafe_fn)] + use crate::collections::HashMap; use crate::error::Error as StdError; use crate::ffi::{CStr, OsStr, OsString}; diff --git a/library/std/src/sys/hermit/rwlock.rs b/library/std/src/sys/hermit/rwlock.rs index 06442e925f4c8..5672118188b37 100644 --- a/library/std/src/sys/hermit/rwlock.rs +++ b/library/std/src/sys/hermit/rwlock.rs @@ -1,3 +1,5 @@ +#![allow(unsafe_op_in_unsafe_fn)] + use crate::cell::UnsafeCell; use crate::sys::condvar::Condvar; use crate::sys::mutex::Mutex; diff --git a/library/std/src/sys/hermit/thread.rs b/library/std/src/sys/hermit/thread.rs index e11afed668728..22fe57f38d23e 100644 --- a/library/std/src/sys/hermit/thread.rs +++ b/library/std/src/sys/hermit/thread.rs @@ -1,4 +1,5 @@ #![allow(dead_code)] +#![allow(unsafe_op_in_unsafe_fn)] use crate::ffi::CStr; use crate::io; diff --git a/library/std/src/sys/hermit/thread_local_dtor.rs b/library/std/src/sys/hermit/thread_local_dtor.rs index 9b683fce15748..178788057a176 100644 --- a/library/std/src/sys/hermit/thread_local_dtor.rs +++ b/library/std/src/sys/hermit/thread_local_dtor.rs @@ -1,5 +1,6 @@ #![cfg(target_thread_local)] #![unstable(feature = "thread_local_internals", issue = "none")] +#![allow(unsafe_op_in_unsafe_fn)] // Simplify dtor registration by using a list of destructors. // The this solution works like the implementation of macOS and From 14158f551474d4114b9a2a583b0bf6c2502ad166 Mon Sep 17 00:00:00 2001 From: maekawatoshiki Date: Thu, 8 Oct 2020 22:13:14 +0900 Subject: [PATCH 4/4] Remove #![allow(unsafe_op_in_unsafe_fn)] except for mod.rs --- library/std/src/sys/hermit/alloc.rs | 2 -- library/std/src/sys/hermit/args.rs | 2 -- library/std/src/sys/hermit/condvar.rs | 2 -- library/std/src/sys/hermit/fd.rs | 1 - library/std/src/sys/hermit/mutex.rs | 2 -- library/std/src/sys/hermit/os.rs | 2 -- library/std/src/sys/hermit/rwlock.rs | 2 -- library/std/src/sys/hermit/thread.rs | 1 - library/std/src/sys/hermit/thread_local_dtor.rs | 1 - 9 files changed, 15 deletions(-) diff --git a/library/std/src/sys/hermit/alloc.rs b/library/std/src/sys/hermit/alloc.rs index cebe317de5678..d153914e77e10 100644 --- a/library/std/src/sys/hermit/alloc.rs +++ b/library/std/src/sys/hermit/alloc.rs @@ -1,5 +1,3 @@ -#![allow(unsafe_op_in_unsafe_fn)] - use crate::alloc::{GlobalAlloc, Layout, System}; use crate::ptr; use crate::sys::hermit::abi; diff --git a/library/std/src/sys/hermit/args.rs b/library/std/src/sys/hermit/args.rs index 194d94805724b..72c1b8511cac8 100644 --- a/library/std/src/sys/hermit/args.rs +++ b/library/std/src/sys/hermit/args.rs @@ -1,5 +1,3 @@ -#![allow(unsafe_op_in_unsafe_fn)] - use crate::ffi::OsString; use crate::marker::PhantomData; use crate::vec; diff --git a/library/std/src/sys/hermit/condvar.rs b/library/std/src/sys/hermit/condvar.rs index a69ab2d643cd2..52c8c3b17e826 100644 --- a/library/std/src/sys/hermit/condvar.rs +++ b/library/std/src/sys/hermit/condvar.rs @@ -1,5 +1,3 @@ -#![allow(unsafe_op_in_unsafe_fn)] - use crate::ffi::c_void; use crate::ptr; use crate::sync::atomic::{AtomicUsize, Ordering::SeqCst}; diff --git a/library/std/src/sys/hermit/fd.rs b/library/std/src/sys/hermit/fd.rs index fcdf1f058b162..97d1a38b41ab1 100644 --- a/library/std/src/sys/hermit/fd.rs +++ b/library/std/src/sys/hermit/fd.rs @@ -1,5 +1,4 @@ #![unstable(reason = "not public", issue = "none", feature = "fd")] -#![allow(unsafe_op_in_unsafe_fn)] use crate::io::{self, ErrorKind, Read}; use crate::mem; diff --git a/library/std/src/sys/hermit/mutex.rs b/library/std/src/sys/hermit/mutex.rs index 6af1854e7041c..3d4813209cbc4 100644 --- a/library/std/src/sys/hermit/mutex.rs +++ b/library/std/src/sys/hermit/mutex.rs @@ -1,5 +1,3 @@ -#![allow(unsafe_op_in_unsafe_fn)] - use crate::ffi::c_void; use crate::ptr; use crate::sys::hermit::abi; diff --git a/library/std/src/sys/hermit/os.rs b/library/std/src/sys/hermit/os.rs index ca0ffb7524d29..78eabf8f81e98 100644 --- a/library/std/src/sys/hermit/os.rs +++ b/library/std/src/sys/hermit/os.rs @@ -1,5 +1,3 @@ -#![allow(unsafe_op_in_unsafe_fn)] - use crate::collections::HashMap; use crate::error::Error as StdError; use crate::ffi::{CStr, OsStr, OsString}; diff --git a/library/std/src/sys/hermit/rwlock.rs b/library/std/src/sys/hermit/rwlock.rs index 5672118188b37..06442e925f4c8 100644 --- a/library/std/src/sys/hermit/rwlock.rs +++ b/library/std/src/sys/hermit/rwlock.rs @@ -1,5 +1,3 @@ -#![allow(unsafe_op_in_unsafe_fn)] - use crate::cell::UnsafeCell; use crate::sys::condvar::Condvar; use crate::sys::mutex::Mutex; diff --git a/library/std/src/sys/hermit/thread.rs b/library/std/src/sys/hermit/thread.rs index 22fe57f38d23e..e11afed668728 100644 --- a/library/std/src/sys/hermit/thread.rs +++ b/library/std/src/sys/hermit/thread.rs @@ -1,5 +1,4 @@ #![allow(dead_code)] -#![allow(unsafe_op_in_unsafe_fn)] use crate::ffi::CStr; use crate::io; diff --git a/library/std/src/sys/hermit/thread_local_dtor.rs b/library/std/src/sys/hermit/thread_local_dtor.rs index 178788057a176..9b683fce15748 100644 --- a/library/std/src/sys/hermit/thread_local_dtor.rs +++ b/library/std/src/sys/hermit/thread_local_dtor.rs @@ -1,6 +1,5 @@ #![cfg(target_thread_local)] #![unstable(feature = "thread_local_internals", issue = "none")] -#![allow(unsafe_op_in_unsafe_fn)] // Simplify dtor registration by using a list of destructors. // The this solution works like the implementation of macOS and