dnrops
/
rust
mirror of https://github.com/rust-lang/rust.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rollup merge of #127750 - ChrisDenton:safe-unsafe-unsafe, r=workingjubilee 

Make os/windows and pal/windows default to `#![deny(unsafe_op_in_unsafe_fn)]`

This is to prevent regressions in modules that currently pass. I did also fix up a few trivial places where the module contained only one or two simple wrappers. In more complex cases we should try to ensure the `unsafe` blocks are appropriately scoped and have any appropriate safety comments.

This does not fix the windows bits of #127747 but it should help prevent regressions until that is done and also make it more obvious specifically which modules need attention.
This commit is contained in:
Jubilee 2024-07-15 02:28:44 -07:00 committed by GitHub
parent 99c5302d9f 7e16d5fb61
commit 476d399782
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 51 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
library/std/src/os/windows/io/raw.rs
View File

@ -159,10 +159,12 @@ fn stdio_handle(raw: RawHandle) -> RawHandle {
impl FromRawHandle for fs::File { impl FromRawHandle for fs::File {
#[inline] #[inline]
unsafe fn from_raw_handle(handle: RawHandle) -> fs::File { unsafe fn from_raw_handle(handle: RawHandle) -> fs::File {
let handle = handle as sys::c::HANDLE; unsafe {
fs::File::from_inner(sys::fs::File::from_inner(FromInner::from_inner( let handle = handle as sys::c::HANDLE;
OwnedHandle::from_raw_handle(handle), fs::File::from_inner(sys::fs::File::from_inner(FromInner::from_inner(
))) OwnedHandle::from_raw_handle(handle),
)))
}
} }
} }
@ -260,24 +262,30 @@ impl AsRawSocket for net::UdpSocket {
impl FromRawSocket for net::TcpStream { impl FromRawSocket for net::TcpStream {
#[inline] #[inline]
unsafe fn from_raw_socket(sock: RawSocket) -> net::TcpStream { unsafe fn from_raw_socket(sock: RawSocket) -> net::TcpStream {
let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock)); unsafe {
net::TcpStream::from_inner(sys_common::net::TcpStream::from_inner(sock)) let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock));
net::TcpStream::from_inner(sys_common::net::TcpStream::from_inner(sock))
}
} }
} }
#[stable(feature = "from_raw_os", since = "1.1.0")] #[stable(feature = "from_raw_os", since = "1.1.0")]
impl FromRawSocket for net::TcpListener { impl FromRawSocket for net::TcpListener {
#[inline] #[inline]
unsafe fn from_raw_socket(sock: RawSocket) -> net::TcpListener { unsafe fn from_raw_socket(sock: RawSocket) -> net::TcpListener {
let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock)); unsafe {
net::TcpListener::from_inner(sys_common::net::TcpListener::from_inner(sock)) let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock));
net::TcpListener::from_inner(sys_common::net::TcpListener::from_inner(sock))
}
} }
} }
#[stable(feature = "from_raw_os", since = "1.1.0")] #[stable(feature = "from_raw_os", since = "1.1.0")]
impl FromRawSocket for net::UdpSocket { impl FromRawSocket for net::UdpSocket {
#[inline] #[inline]
unsafe fn from_raw_socket(sock: RawSocket) -> net::UdpSocket { unsafe fn from_raw_socket(sock: RawSocket) -> net::UdpSocket {
let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock)); unsafe {
net::UdpSocket::from_inner(sys_common::net::UdpSocket::from_inner(sock)) let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock));
net::UdpSocket::from_inner(sys_common::net::UdpSocket::from_inner(sock))
}
} }
} }

8
library/std/src/os/windows/io/socket.rs
View File

@ -76,7 +76,7 @@ impl BorrowedSocket<'_> {
#[stable(feature = "io_safety", since = "1.63.0")] #[stable(feature = "io_safety", since = "1.63.0")]
pub const unsafe fn borrow_raw(socket: RawSocket) -> Self { pub const unsafe fn borrow_raw(socket: RawSocket) -> Self {
assert!(socket != sys::c::INVALID_SOCKET as RawSocket); assert!(socket != sys::c::INVALID_SOCKET as RawSocket);
Self { socket, _phantom: PhantomData } unsafe { Self { socket, _phantom: PhantomData } }
} }
} }
@ -201,8 +201,10 @@ impl IntoRawSocket for OwnedSocket {
impl FromRawSocket for OwnedSocket { impl FromRawSocket for OwnedSocket {
#[inline] #[inline]
unsafe fn from_raw_socket(socket: RawSocket) -> Self { unsafe fn from_raw_socket(socket: RawSocket) -> Self {
debug_assert_ne!(socket, sys::c::INVALID_SOCKET as RawSocket); unsafe {
Self { socket } debug_assert_ne!(socket, sys::c::INVALID_SOCKET as RawSocket);
Self { socket }
}
} }
} }

1
library/std/src/os/windows/mod.rs
View File

@ -24,6 +24,7 @@
#![stable(feature = "rust1", since = "1.0.0")] #![stable(feature = "rust1", since = "1.0.0")]
#![doc(cfg(windows))] #![doc(cfg(windows))]
#![deny(unsafe_op_in_unsafe_fn)]
pub mod ffi; pub mod ffi;
pub mod fs; pub mod fs;

4
library/std/src/os/windows/process.rs
View File

@ -16,7 +16,7 @@ use crate::sys_common::{AsInner, AsInnerMut, FromInner, IntoInner};
#[stable(feature = "process_extensions", since = "1.2.0")] #[stable(feature = "process_extensions", since = "1.2.0")]
impl FromRawHandle for process::Stdio { impl FromRawHandle for process::Stdio {
unsafe fn from_raw_handle(handle: RawHandle) -> process::Stdio { unsafe fn from_raw_handle(handle: RawHandle) -> process::Stdio {
let handle = sys::handle::Handle::from_raw_handle(handle as *mut _); let handle = unsafe { sys::handle::Handle::from_raw_handle(handle as *mut _) };
let io = sys::process::Stdio::Handle(handle); let io = sys::process::Stdio::Handle(handle);
process::Stdio::from_inner(io) process::Stdio::from_inner(io)
} }
@ -407,7 +407,7 @@ impl CommandExt for process::Command {
attribute: usize, attribute: usize,
value: T, value: T,
) -> &mut process::Command { ) -> &mut process::Command {
self.as_inner_mut().raw_attribute(attribute, value); unsafe { self.as_inner_mut().raw_attribute(attribute, value) };
self self
} }
} }

6
library/std/src/sys/pal/windows/api.rs
View File

@ -227,8 +227,10 @@ pub fn set_file_information_by_handle<T: SetFileInformation>(
info: *const c_void, info: *const c_void,
size: u32, size: u32,
) -> Result<(), WinError> { ) -> Result<(), WinError> {
let result = c::SetFileInformationByHandle(handle, class, info, size); unsafe {
(result != 0).then_some(()).ok_or_else(get_last_error) let result = c::SetFileInformationByHandle(handle, class, info, size);
(result != 0).then_some(()).ok_or_else(get_last_error)
}
} }
// SAFETY: The `SetFileInformation` trait ensures that this is safe. // SAFETY: The `SetFileInformation` trait ensures that this is safe.
unsafe { set_info(handle, T::CLASS, info.as_ptr(), info.size()) } unsafe { set_info(handle, T::CLASS, info.as_ptr(), info.size()) }

1
library/std/src/sys/pal/windows/c.rs
View File

@ -4,6 +4,7 @@
#![cfg_attr(test, allow(dead_code))] #![cfg_attr(test, allow(dead_code))]
#![unstable(issue = "none", feature = "windows_c")] #![unstable(issue = "none", feature = "windows_c")]
#![allow(clippy::style)] #![allow(clippy::style)]
#![allow(unsafe_op_in_unsafe_fn)]
use crate::ffi::CStr; use crate::ffi::CStr;
use crate::mem; use crate::mem;

6
library/std/src/sys/pal/windows/compat.rs
View File

@ -112,8 +112,10 @@ impl Module {
/// (e.g. kernel32 and ntdll). /// (e.g. kernel32 and ntdll).
pub unsafe fn new(name: &CStr) -> Option<Self> { pub unsafe fn new(name: &CStr) -> Option<Self> {
// SAFETY: A CStr is always null terminated. // SAFETY: A CStr is always null terminated.
let module = c::GetModuleHandleA(name.as_ptr().cast::<u8>()); unsafe {
NonNull::new(module).map(Self) let module = c::GetModuleHandleA(name.as_ptr().cast::<u8>());
NonNull::new(module).map(Self)
}
} }
// Try to get the address of a function. // Try to get the address of a function.

1
library/std/src/sys/pal/windows/fs.rs
View File

@ -1,3 +1,4 @@
#![allow(unsafe_op_in_unsafe_fn)]
use core::ptr::addr_of; use core::ptr::addr_of;
use crate::os::windows::prelude::*; use crate::os::windows::prelude::*;

1
library/std/src/sys/pal/windows/handle.rs
View File

@ -1,4 +1,5 @@
#![unstable(issue = "none", feature = "windows_handle")] #![unstable(issue = "none", feature = "windows_handle")]
#![allow(unsafe_op_in_unsafe_fn)]
#[cfg(test)] #[cfg(test)]
mod tests; mod tests;

1
library/std/src/sys/pal/windows/io.rs
View File

@ -1,3 +1,4 @@
#![allow(unsafe_op_in_unsafe_fn)]
use crate::marker::PhantomData; use crate::marker::PhantomData;
use crate::mem::size_of; use crate::mem::size_of;
use crate::os::windows::io::{AsHandle, AsRawHandle, BorrowedHandle}; use crate::os::windows::io::{AsHandle, AsRawHandle, BorrowedHandle};

11
library/std/src/sys/pal/windows/mod.rs
View File

@ -1,4 +1,5 @@
#![allow(missing_docs, nonstandard_style)] #![allow(missing_docs, nonstandard_style)]
#![deny(unsafe_op_in_unsafe_fn)]
use crate::ffi::{OsStr, OsString}; use crate::ffi::{OsStr, OsString};
use crate::io::ErrorKind; use crate::io::ErrorKind;
@ -54,11 +55,13 @@ impl<T> IoResult<T> for Result<T, api::WinError> {
// SAFETY: must be called only once during runtime initialization. // SAFETY: must be called only once during runtime initialization.
// NOTE: this is not guaranteed to run, for example when Rust code is called externally. // NOTE: this is not guaranteed to run, for example when Rust code is called externally.
pub unsafe fn init(_argc: isize, _argv: *const *const u8, _sigpipe: u8) { pub unsafe fn init(_argc: isize, _argv: *const *const u8, _sigpipe: u8) {
stack_overflow::init(); unsafe {
stack_overflow::init();
// Normally, `thread::spawn` will call `Thread::set_name` but since this thread already // Normally, `thread::spawn` will call `Thread::set_name` but since this thread already
// exists, we have to call it ourselves. // exists, we have to call it ourselves.
thread::Thread::set_name_wide(wide_str!("main")); thread::Thread::set_name_wide(wide_str!("main"));
}
} }
// SAFETY: must be called only once during runtime cleanup. // SAFETY: must be called only once during runtime cleanup.

4
library/std/src/sys/pal/windows/net.rs
View File

@ -436,7 +436,7 @@ impl Socket {
pub unsafe fn from_raw(raw: c::SOCKET) -> Self { pub unsafe fn from_raw(raw: c::SOCKET) -> Self {
debug_assert_eq!(mem::size_of::<c::SOCKET>(), mem::size_of::<RawSocket>()); debug_assert_eq!(mem::size_of::<c::SOCKET>(), mem::size_of::<RawSocket>());
debug_assert_eq!(mem::align_of::<c::SOCKET>(), mem::align_of::<RawSocket>()); debug_assert_eq!(mem::align_of::<c::SOCKET>(), mem::align_of::<RawSocket>());
Self::from_raw_socket(raw as RawSocket) unsafe { Self::from_raw_socket(raw as RawSocket) }
} }
} }
@ -486,6 +486,6 @@ impl IntoRawSocket for Socket {
impl FromRawSocket for Socket { impl FromRawSocket for Socket {
unsafe fn from_raw_socket(raw_socket: RawSocket) -> Self { unsafe fn from_raw_socket(raw_socket: RawSocket) -> Self {
Self(FromRawSocket::from_raw_socket(raw_socket)) unsafe { Self(FromRawSocket::from_raw_socket(raw_socket)) }
} }
} }

1
library/std/src/sys/pal/windows/os.rs
View File

@ -1,6 +1,7 @@
//! Implementation of `std::os` functionality for Windows. //! Implementation of `std::os` functionality for Windows.
#![allow(nonstandard_style)] #![allow(nonstandard_style)]
#![allow(unsafe_op_in_unsafe_fn)]
#[cfg(test)] #[cfg(test)]
mod tests; mod tests;

1
library/std/src/sys/pal/windows/pipe.rs
View File

@ -1,3 +1,4 @@
#![allow(unsafe_op_in_unsafe_fn)]
use crate::os::windows::prelude::*; use crate::os::windows::prelude::*;
use crate::ffi::OsStr; use crate::ffi::OsStr;

1
library/std/src/sys/pal/windows/stack_overflow.rs
View File

@ -1,4 +1,5 @@
#![cfg_attr(test, allow(dead_code))] #![cfg_attr(test, allow(dead_code))]
#![allow(unsafe_op_in_unsafe_fn)]
use crate::sys::c; use crate::sys::c;
use crate::thread; use crate::thread;

1
library/std/src/sys/pal/windows/thread.rs
View File

@ -1,3 +1,4 @@
#![allow(unsafe_op_in_unsafe_fn)]
use crate::ffi::CStr; use crate::ffi::CStr;
use crate::io; use crate::io;
use crate::num::NonZero; use crate::num::NonZero;