perlmod: deny unsafe_op_in_unsafe_fn

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2025-10-29 17:36:46 +00:00 · 2021-12-17 09:20:58 +01:00 · 2021-12-17 09:20:58 +01:00 · c0afdc3a97
commit c0afdc3a97
parent 25d21384ae
8 changed files with 54 additions and 40 deletions
--- a/perlmod/src/array.rs
+++ b/perlmod/src/array.rs
@ -52,7 +52,7 @@ impl Array {
    /// The caller must ensure that it is safe to decrease the reference count later on, or use
    /// [`into_raw()`](Value::into_raw()) instead of letting the [`Array`] get dropped.
    pub unsafe fn from_raw_move(ptr: *mut AV) -> Self {
-        Self(Scalar::from_raw_move(ptr as *mut SV))
+        Self(unsafe { Scalar::from_raw_move(ptr as *mut SV) })
    }

    /// Create a new reference to an existing [`AV`] value. This will increase the value's
@ -62,7 +62,7 @@ impl Array {
    ///
    /// The caller may still need to decrease the reference count for the `ptr` source value.
    pub unsafe fn from_raw_ref(ptr: *mut AV) -> Self {
-        Self(Scalar::from_raw_ref(ptr as *mut SV))
+        Self(unsafe { Scalar::from_raw_ref(ptr as *mut SV) })
    }

    /// Create a new reference to this value.
--- a/perlmod/src/de.rs
+++ b/perlmod/src/de.rs
@ -186,7 +186,7 @@ impl<'deserializer> Deserializer<'deserializer> {
 /// from a borrowed Value (keeping references to all the contained data within perl), which lives
 /// longer than the deserializer.
 unsafe fn str_set_wrong_lifetime<'a, 'b>(s: &'a str) -> &'b str {
-    std::str::from_utf8_unchecked(std::slice::from_raw_parts(s.as_ptr(), s.len()))
+    unsafe { std::str::from_utf8_unchecked(std::slice::from_raw_parts(s.as_ptr(), s.len())) }
 }

 impl<'de, 'a> de::Deserializer<'de> for &'a mut Deserializer<'de> {
--- a/perlmod/src/ffi.rs
+++ b/perlmod/src/ffi.rs
@ -341,8 +341,10 @@ impl StackMark {
    /// This is only valid if the mark is still valid (smaller than `PL_stack_sp`) and all values
    /// still remaining on the stack are mortal (which should normally be the case anyway).
    pub unsafe fn set_stack(self) {
+        unsafe {
            RSPL_stack_shrink_to(self.0);
        }
+    }
 }

 /// Iterator over the stack up to the [`StackMark`].
@ -377,7 +379,7 @@ impl Iterator for StackIter {
 ///
 /// Read up on `PL_markstack_ptr` in perlguts. This is equivalent to `*PL_markstack_ptr--` in C.
 pub unsafe fn pop_arg_mark() -> StackMark {
-    StackMark(RSPL_pop_markstack_ptr())
+    StackMark(unsafe { RSPL_pop_markstack_ptr() })
 }

 /// Push a value to the stack.
@ -387,8 +389,10 @@ pub unsafe fn pop_arg_mark() -> StackMark {
 /// Read up on mortals and the stack and when it is legal to put a value onto it. Typically a
 /// mortal value with no more references to it to avoid leaking if they aren't used later on.
 pub unsafe fn stack_push_raw(value: *mut SV) {
+    unsafe {
        RSPL_stack_resize_by(1);
        *RSPL_stack_sp() = value;
+    }
 }

 pub fn stack_push(value: crate::Mortal) {
@ -453,7 +457,9 @@ pub fn stack_push(value: crate::Mortal) {
 /// }
 /// ```
 pub unsafe fn croak(sv: *mut SV) -> ! {
+    unsafe {
        RSPL_croak_sv(sv);
+    }
 }

 /// Create a pseudo-block for mortals & temps to be freed after it.
--- a/perlmod/src/hash.rs
+++ b/perlmod/src/hash.rs
@ -50,7 +50,7 @@ impl Hash {
    /// The caller must ensure that it is safe to decrease the reference count later on, or use
    /// [`into_raw()`](Value::into_raw()) instead of letting the [`Hash`](struct@Hash) get dropped.
    pub unsafe fn from_raw_move(ptr: *mut HV) -> Self {
-        Self(Scalar::from_raw_move(ptr as *mut SV))
+        Self(unsafe { Scalar::from_raw_move(ptr as *mut SV) })
    }

    /// Create a new reference to an existing [`HV`] value. This will increase the value's
@ -60,7 +60,7 @@ impl Hash {
    ///
    /// The caller may still need to decrease the reference count for the `ptr` source value.
    pub unsafe fn from_raw_ref(ptr: *mut HV) -> Self {
-        Self(Scalar::from_raw_ref(ptr as *mut SV))
+        Self(unsafe { Scalar::from_raw_ref(ptr as *mut SV) })
    }

    /// Create a new reference to this value.
--- a/perlmod/src/lib.rs
+++ b/perlmod/src/lib.rs
@ -21,6 +21,8 @@
 //! [`package`]: attr.package.html
 //! [`export`]: attr.export.html

+#![deny(unsafe_op_in_unsafe_fn)]
+
 pub mod error;
 pub use error::Error;

--- a/perlmod/src/magic.rs
+++ b/perlmod/src/magic.rs
@ -105,7 +105,7 @@ unsafe impl<T> Leakable for Box<T> {
    }

    unsafe fn reclaim(ptr: &T) -> Self {
-        Box::from_raw(ptr as *const T as *mut T)
+        unsafe { Box::from_raw(ptr as *const T as *mut T) }
    }
 }

@ -117,7 +117,7 @@ unsafe impl<T> Leakable for std::sync::Arc<T> {
    }

    unsafe fn reclaim(ptr: &T) -> Self {
-        std::sync::Arc::from_raw(ptr as *const T)
+        unsafe { std::sync::Arc::from_raw(ptr as *const T) }
    }
 }

@ -129,7 +129,7 @@ unsafe impl<T> Leakable for std::rc::Rc<T> {
    }

    unsafe fn reclaim(ptr: &T) -> Self {
-        std::rc::Rc::from_raw(ptr as *const T)
+        unsafe { std::rc::Rc::from_raw(ptr as *const T) }
    }
 }

--- a/perlmod/src/scalar.rs
+++ b/perlmod/src/scalar.rs
@ -55,7 +55,7 @@ impl Scalar {
    ///
    /// The caller may still need to decrease the reference count for the `ptr` source value.
    pub unsafe fn from_raw_ref(ptr: *mut SV) -> Self {
-        Self::from_raw_move(ffi::RSPL_SvREFCNT_inc(ptr))
+        unsafe { Self::from_raw_move(ffi::RSPL_SvREFCNT_inc(ptr)) }
    }

    /// Create a reference to `PL_sv_undef`.
@ -332,7 +332,7 @@ impl ScalarRef {
    ///
    /// The user is responsible for making sure the underlying pointer is correct.
    pub unsafe fn pv_ref<T>(&self) -> Result<&T, Error> {
-        self.pv_raw().map(|p| &*p)
+        self.pv_raw().map(|p| unsafe { &*p })
    }

    /// Interpret the byte string as a pointer and return it as a mutable reference for
@ -342,7 +342,7 @@ impl ScalarRef {
    ///
    /// The user is responsible for making sure the underlying pointer is correct.
    pub unsafe fn pv_mut_ref<T>(&self) -> Result<&mut T, Error> {
-        self.pv_raw().map(|p| &mut *p)
+        self.pv_raw().map(|p| unsafe { &mut *p })
    }

    /// Create another owned reference to this value.
@ -394,14 +394,16 @@ impl ScalarRef {
        name: *const libc::c_char,
        namelen: i32,
    ) {
-        let _magic_ptr = ffi::RSPL_sv_magicext(
+        let _magic_ptr = unsafe {
+            ffi::RSPL_sv_magicext(
                self.sv(),
                obj.map(Self::sv).unwrap_or(std::ptr::null_mut()),
                how.unwrap_or_else(|| ffi::RSPL_PERL_MAGIC_ext()),
                vtbl,
                name,
                namelen,
-        );
+            )
+        };
    }

    /// Remove attached magic.
@ -412,12 +414,14 @@ impl ScalarRef {
    ///
    /// It is up to the user that doing this will not crash the perl interpreter.
    pub unsafe fn remove_raw_magic(&self, ty: Option<libc::c_int>, vtbl: Option<&ffi::MGVTBL>) {
+        unsafe {
            ffi::RSPL_sv_unmagicext(
                self.sv(),
                ty.unwrap_or_else(|| ffi::RSPL_PERL_MAGIC_ext()),
                vtbl,
            )
        }
+    }

    /// Find a magic value, if present.
    ///
--- a/perlmod/src/value.rs
+++ b/perlmod/src/value.rs
@ -60,6 +60,7 @@ impl Value {
    /// you're doing, as perl code WILL execute the function and expect it to behave in a
    /// particular way!
    pub unsafe fn new_xsub(xsub: perl_fn!(extern "C" fn(*mut crate::ffi::CV))) -> Self {
+        unsafe {
            Self::from_raw_move(crate::ffi::RSPL_newXS_flags(
                std::ptr::null(),
                xsub as _,
@ -68,6 +69,7 @@ impl Value {
                0,
            ) as _)
        }
+    }

    /// If the value is an array, returns the associated [`Array`].
    pub fn as_array(&self) -> Option<&Array> {
@ -223,7 +225,7 @@ impl Value {
    /// The caller must ensure that it is safe to decrease the reference count later on, or use
    /// `into_raw()` instead of letting the `Value` get dropped.
    pub unsafe fn from_raw_move(ptr: *mut SV) -> Self {
-        Self::from_scalar(Scalar::from_raw_move(ptr as *mut SV))
+        Self::from_scalar(unsafe { Scalar::from_raw_move(ptr as *mut SV) })
    }

    /// Create a new reference to an existing `SV` value. This will increase the value's reference
@ -233,7 +235,7 @@ impl Value {
    ///
    /// The caller may still need to decrease the reference count for the `ptr` source value.
    pub unsafe fn from_raw_ref(ptr: *mut SV) -> Self {
-        Self::from_scalar(Scalar::from_raw_ref(ptr as *mut SV))
+        Self::from_scalar(unsafe { Scalar::from_raw_ref(ptr as *mut SV) })
    }

    /// Convert a [`Scalar`] to a [`Value`].
@ -301,7 +303,7 @@ impl Value {
            .dereference()
            .ok_or_else(|| Error::new("not a reference"))?
            .pv_raw()?;
-        Ok(&*(ptr as *const T))
+        Ok(unsafe { &*(ptr as *const T) })
    }

    /// Check that the value is a reference and blessed into a particular package name. If so,
@ -325,7 +327,7 @@ impl Value {
            )));
        }

-        Ok(&*(ptr.pv_raw()? as *const T))
+        Ok(unsafe { &*(ptr.pv_raw()? as *const T) })
    }

    /// Take ownership of a boxed value and create a perl value blessed into a package name.