Rollup merge of #128432 - g0djan:godjan/wasi_prohibit_implicit_unsafe… · patricklam/verify-rust-std@024ec3c (original) (raw)

``

1

`+

#![forbid(unsafe_op_in_unsafe_fn)]

`

``

2

+

1

3

`use crate::ffi::CStr;

`

2

4

`use crate::num::NonZero;

`

3

5

`use crate::sys::unsupported;

`

`@@ -73,13 +75,13 @@ impl Thread {

`

73

75

`if #[cfg(target_feature = "atomics")] {

`

74

76

`pub unsafe fn new(stack: usize, p: Box<dyn FnOnce()>) -> io::Result {

`

75

77

`let p = Box::into_raw(Box::new(p));

`

76

``

`-

let mut native: libc::pthread_t = mem::zeroed();

`

77

``

`-

let mut attr: libc::pthread_attr_t = mem::zeroed();

`

78

``

`-

assert_eq!(libc::pthread_attr_init(&mut attr), 0);

`

``

78

`+

let mut native: libc::pthread_t = unsafe { mem::zeroed() };

`

``

79

`+

let mut attr: libc::pthread_attr_t = unsafe { mem::zeroed() };

`

``

80

`+

assert_eq!(unsafe { libc::pthread_attr_init(&mut attr) }, 0);

`

79

81

``

80

82

`let stack_size = cmp::max(stack, DEFAULT_MIN_STACK_SIZE);

`

81

83

``

82

``

`-

match libc::pthread_attr_setstacksize(&mut attr, stack_size) {

`

``

84

`+

match unsafe { libc::pthread_attr_setstacksize(&mut attr, stack_size) } {

`

83

85

`0 => {}

`

84

86

` n => {

`

85

87

` assert_eq!(n, libc::EINVAL);

`

`@@ -90,20 +92,20 @@ impl Thread {

`

90

92

`let page_size = os::page_size();

`

91

93

`let stack_size =

`

92

94

`(stack_size + page_size - 1) & (-(page_size as isize - 1) as usize - 1);

`

93

``

`-

assert_eq!(libc::pthread_attr_setstacksize(&mut attr, stack_size), 0);

`

``

95

`+

assert_eq!(unsafe { libc::pthread_attr_setstacksize(&mut attr, stack_size) }, 0);

`

94

96

`}

`

95

97

`};

`

96

98

``

97

``

`-

let ret = libc::pthread_create(&mut native, &attr, thread_start, p as *mut _);

`

``

99

`+

let ret = unsafe { libc::pthread_create(&mut native, &attr, thread_start, p as *mut _) };

`

98

100

`// Note: if the thread creation fails and this assert fails, then p will

`

99

101

`// be leaked. However, an alternative design could cause double-free

`

100

102

`// which is clearly worse.

`

101

``

`-

assert_eq!(libc::pthread_attr_destroy(&mut attr), 0);

`

``

103

`+

assert_eq!(unsafe {libc::pthread_attr_destroy(&mut attr) }, 0);

`

102

104

``

103

105

`return if ret != 0 {

`

104

106

`// The thread failed to start and as a result p was not consumed. Therefore, it is

`

105

107

`// safe to reconstruct the box so that it gets deallocated.

`

106

``

`-

drop(Box::from_raw(p));

`

``

108

`+

unsafe { drop(Box::from_raw(p)); }

`

107

109

`Err(io::Error::from_raw_os_error(ret))

`

108

110

`} else {

`

109

111

`Ok(Thread { id: native })

`