fix(pal/hermit): deny(unsafe_op_in_unsafe_fn) · model-checking/verify-rust-std@0260e47 (original) (raw)
5 files changed
lines changed
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,21 +1,28 @@ | ||
| 1 | 1 | use super::hermit_abi; |
| 2 | 2 | use crate::alloc::{GlobalAlloc, Layout, System}; |
| 3 | -use crate::ptr; | |
| 4 | 3 | |
| 5 | 4 | #[stable(feature = "alloc_system_type", since = "1.28.0")] |
| 6 | 5 | unsafe impl GlobalAlloc for System { |
| 7 | 6 | #[inline] |
| 8 | 7 | unsafe fn alloc(&self, layout: Layout) -> *mut u8 { |
| 9 | - hermit_abi::malloc(layout.size(), layout.align()) | |
| 8 | +let size = layout.size(); | |
| 9 | +let align = layout.align(); | |
| 10 | +unsafe { hermit_abi::malloc(size, align) } | |
| 10 | 11 | } |
| 11 | 12 | |
| 12 | 13 | #[inline] |
| 13 | 14 | unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout) { |
| 14 | - hermit_abi::free(ptr, layout.size(), layout.align()) | |
| 15 | +let size = layout.size(); | |
| 16 | +let align = layout.align(); | |
| 17 | +unsafe { | |
| 18 | + hermit_abi::free(ptr, size, align); | |
| 19 | +} | |
| 15 | 20 | } |
| 16 | 21 | |
| 17 | 22 | #[inline] |
| 18 | 23 | unsafe fn realloc(&self, ptr: *mut u8, layout: Layout, new_size: usize) -> *mut u8 { |
| 19 | - hermit_abi::realloc(ptr, layout.size(), layout.align(), new_size) | |
| 24 | +let size = layout.size(); | |
| 25 | +let align = layout.align(); | |
| 26 | +unsafe { hermit_abi::realloc(ptr, size, align, new_size) } | |
| 20 | 27 | } |
| 21 | 28 | } |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -111,7 +111,8 @@ impl FromInner for FileDesc { | ||
| 111 | 111 | |
| 112 | 112 | impl FromRawFd for FileDesc { |
| 113 | 113 | unsafe fn from_raw_fd(raw_fd: RawFd) -> Self { |
| 114 | -Self { fd: FromRawFd::from_raw_fd(raw_fd) } | |
| 114 | +let fd = unsafe { OwnedFd::from_raw_fd(raw_fd) }; | |
| 115 | +Self { fd } | |
| 115 | 116 | } |
| 116 | 117 | } |
| 117 | 118 |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -484,7 +484,8 @@ impl IntoRawFd for File { | ||
| 484 | 484 | |
| 485 | 485 | impl FromRawFd for File { |
| 486 | 486 | unsafe fn from_raw_fd(raw_fd: RawFd) -> Self { |
| 487 | -Self(FromRawFd::from_raw_fd(raw_fd)) | |
| 487 | +let file_desc = unsafe { FileDesc::from_raw_fd(raw_fd) }; | |
| 488 | +Self(file_desc) | |
| 488 | 489 | } |
| 489 | 490 | } |
| 490 | 491 |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -13,7 +13,8 @@ | ||
| 13 | 13 | //! compiling for wasm. That way it's a compile time error for something that's |
| 14 | 14 | //! guaranteed to be a runtime error! |
| 15 | 15 | |
| 16 | -#![allow(missing_docs, nonstandard_style, unsafe_op_in_unsafe_fn)] | |
| 16 | +#![deny(unsafe_op_in_unsafe_fn)] | |
| 17 | +#![allow(missing_docs, nonstandard_style)] | |
| 17 | 18 | |
| 18 | 19 | use crate::os::raw::c_char; |
| 19 | 20 | |
| @@ -78,7 +79,9 @@ pub extern "C" fn __rust_abort() { | ||
| 78 | 79 | // SAFETY: must be called only once during runtime initialization. |
| 79 | 80 | // NOTE: this is not guaranteed to run, for example when Rust code is called externally. |
| 80 | 81 | pub unsafe fn init(argc: isize, argv: *const *const u8, _sigpipe: u8) { |
| 81 | - args::init(argc, argv); | |
| 82 | +unsafe { | |
| 83 | + args::init(argc, argv); | |
| 84 | +} | |
| 82 | 85 | } |
| 83 | 86 | |
| 84 | 87 | // SAFETY: must be called only once during runtime cleanup. |
| @@ -99,10 +102,12 @@ pub unsafe extern "C" fn runtime_entry( | ||
| 99 | 102 | // initialize environment |
| 100 | 103 | os::init_environment(env as *const *const i8); |
| 101 | 104 | |
| 102 | -let result = main(argc as isize, argv); | |
| 105 | +let result = unsafe { main(argc as isize, argv) }; | |
| 103 | 106 | |
| 104 | -crate::sys::thread_local::destructors::run(); | |
| 105 | - hermit_abi::exit(result) | |
| 107 | +unsafe { | |
| 108 | +crate::sys::thread_local::destructors::run(); | |
| 109 | +} | |
| 110 | +unsafe { hermit_abi::exit(result) } | |
| 106 | 111 | } |
| 107 | 112 | |
| 108 | 113 | #[inline] |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -25,18 +25,22 @@ impl Thread { | ||
| 25 | 25 | core_id: isize, |
| 26 | 26 | ) -> io::Result<Thread> { |
| 27 | 27 | let p = Box::into_raw(Box::new(p)); |
| 28 | -let tid = hermit_abi::spawn2( | |
| 29 | - thread_start, | |
| 30 | - p.expose_provenance(), | |
| 31 | - hermit_abi::Priority::into(hermit_abi::NORMAL_PRIO), | |
| 32 | - stack, | |
| 33 | - core_id, | |
| 34 | -); | |
| 28 | +let tid = unsafe { | |
| 29 | + hermit_abi::spawn2( | |
| 30 | + thread_start, | |
| 31 | + p.expose_provenance(), | |
| 32 | + hermit_abi::Priority::into(hermit_abi::NORMAL_PRIO), | |
| 33 | + stack, | |
| 34 | + core_id, | |
| 35 | +) | |
| 36 | +}; | |
| 35 | 37 | |
| 36 | 38 | return if tid == 0 { |
| 37 | 39 | // The thread failed to start and as a result p was not consumed. Therefore, it is |
| 38 | 40 | // safe to reconstruct the box so that it gets deallocated. |
| 39 | -drop(Box::from_raw(p)); | |
| 41 | +unsafe { | |
| 42 | +drop(Box::from_raw(p)); | |
| 43 | +} | |
| 40 | 44 | Err(io::const_io_error!(io::ErrorKind::Uncategorized, "Unable to create thread!")) |
| 41 | 45 | } else { |
| 42 | 46 | Ok(Thread { tid: tid }) |
| @@ -54,7 +58,9 @@ impl Thread { | ||
| 54 | 58 | } |
| 55 | 59 | |
| 56 | 60 | pub unsafe fn new(stack: usize, p: Box<dyn FnOnce()>) -> io::Result<Thread> { |
| 57 | -Thread::new_with_coreid(stack, p, -1 /* = no specific core */) | |
| 61 | +unsafe { | |
| 62 | +Thread::new_with_coreid(stack, p, -1 /* = no specific core */) | |
| 63 | +} | |
| 58 | 64 | } |
| 59 | 65 | |
| 60 | 66 | #[inline] |