From f001cf24c0dba5c396c691236a5d347270ea6066 Mon Sep 17 00:00:00 2001 From: Joshua Liebow-Feeser Date: Fri, 29 Sep 2023 12:02:27 -0700 Subject: [PATCH] Refactor `unsafe` blocks; update TODO comments (#432) Update TODO comments which track adding safety comments to `unsafe` blocks which are missing them. Previously, we used #61 to track these. Now, we're using #429. --- src/lib.rs | 62 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 8fd5c209aa..7a02c3a523 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -754,13 +754,15 @@ pub unsafe trait FromZeroes { return Box::new(Self::new_zeroed()); } - // TODO(#61): Add a "SAFETY" comment and remove this `allow`. + // TODO(#429): Add a "SAFETY" comment and remove this `allow`. + #[allow(clippy::undocumented_unsafe_blocks)] + let ptr = unsafe { alloc::alloc::alloc_zeroed(layout).cast::() }; + if ptr.is_null() { + alloc::alloc::handle_alloc_error(layout); + } + // TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe { - let ptr = alloc::alloc::alloc_zeroed(layout).cast::(); - if ptr.is_null() { - alloc::alloc::handle_alloc_error(layout); - } Box::from_raw(ptr) } } @@ -810,21 +812,25 @@ pub unsafe trait FromZeroes { let layout = Layout::from_size_align(size, align).expect("total allocation size overflows `isize`"); - // TODO(#61): Add a "SAFETY" comment and remove this `allow`. + let ptr = if layout.size() != 0 { + // TODO(#429): Add a "SAFETY" comment and remove this `allow`. + #[allow(clippy::undocumented_unsafe_blocks)] + let ptr = unsafe { alloc::alloc::alloc_zeroed(layout).cast::() }; + if ptr.is_null() { + alloc::alloc::handle_alloc_error(layout); + } + ptr + } else { + // `Box<[T]>` does not allocate when `T` is zero-sized or when `len` + // is zero, but it does require a non-null dangling pointer for its + // allocation. + NonNull::::dangling().as_ptr() + }; + + // TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe { - if layout.size() != 0 { - let ptr = alloc::alloc::alloc_zeroed(layout).cast::(); - if ptr.is_null() { - alloc::alloc::handle_alloc_error(layout); - } - Box::from_raw(slice::from_raw_parts_mut(ptr, len)) - } else { - // `Box<[T]>` does not allocate when `T` is zero-sized or when - // `len` is zero, but it does require a non-null dangling - // pointer for its allocation. - Box::from_raw(slice::from_raw_parts_mut(NonNull::::dangling().as_ptr(), len)) - } + Box::from_raw(slice::from_raw_parts_mut(ptr, len)) } } @@ -2328,7 +2334,7 @@ where /// and no mutable references to the same memory may be constructed during /// `'a`. unsafe fn deref_helper<'a>(&self) -> &'a T { - // TODO(#61): Add a "SAFETY" comment and remove this `allow`. + // TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe { &*self.0.as_ptr().cast::() @@ -2353,7 +2359,7 @@ where /// and no other references - mutable or immutable - to the same memory may /// be constructed during `'a`. unsafe fn deref_mut_helper<'a>(&mut self) -> &'a mut T { - // TODO(#61): Add a "SAFETY" comment and remove this `allow`. + // TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe { &mut *self.0.as_mut_ptr().cast::() @@ -2382,7 +2388,7 @@ where debug_assert_eq!(len % elem_size, 0); len / elem_size }; - // TODO(#61): Add a "SAFETY" comment and remove this `allow`. + // TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe { slice::from_raw_parts(self.0.as_ptr().cast::(), elems) @@ -2412,7 +2418,7 @@ where debug_assert_eq!(len % elem_size, 0); len / elem_size }; - // TODO(#61): Add a "SAFETY" comment and remove this `allow`. + // TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe { slice::from_raw_parts_mut(self.0.as_mut_ptr().cast::(), elems) @@ -2754,7 +2760,7 @@ pub unsafe trait ByteSliceMut: ByteSlice + DerefMut { } impl<'a> sealed::ByteSliceSealed for &'a [u8] {} -// TODO(#61): Add a "SAFETY" comment and remove this `allow`. +// TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe impl<'a> ByteSlice for &'a [u8] { #[inline] @@ -2764,7 +2770,7 @@ unsafe impl<'a> ByteSlice for &'a [u8] { } impl<'a> sealed::ByteSliceSealed for &'a mut [u8] {} -// TODO(#61): Add a "SAFETY" comment and remove this `allow`. +// TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe impl<'a> ByteSlice for &'a mut [u8] { #[inline] @@ -2774,7 +2780,7 @@ unsafe impl<'a> ByteSlice for &'a mut [u8] { } impl<'a> sealed::ByteSliceSealed for cell::Ref<'a, [u8]> {} -// TODO(#61): Add a "SAFETY" comment and remove this `allow`. +// TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe impl<'a> ByteSlice for cell::Ref<'a, [u8]> { #[inline] @@ -2784,7 +2790,7 @@ unsafe impl<'a> ByteSlice for cell::Ref<'a, [u8]> { } impl<'a> sealed::ByteSliceSealed for RefMut<'a, [u8]> {} -// TODO(#61): Add a "SAFETY" comment and remove this `allow`. +// TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe impl<'a> ByteSlice for RefMut<'a, [u8]> { #[inline] @@ -2793,11 +2799,11 @@ unsafe impl<'a> ByteSlice for RefMut<'a, [u8]> { } } -// TODO(#61): Add a "SAFETY" comment and remove this `allow`. +// TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe impl<'a> ByteSliceMut for &'a mut [u8] {} -// TODO(#61): Add a "SAFETY" comment and remove this `allow`. +// TODO(#429): Add a "SAFETY" comment and remove this `allow`. #[allow(clippy::undocumented_unsafe_blocks)] unsafe impl<'a> ByteSliceMut for RefMut<'a, [u8]> {}