From 095fee55f85b07322d4cb9970c1ebb0b05bfa676 Mon Sep 17 00:00:00 2001 From: Karol Herbst Date: Wed, 14 Jun 2023 23:06:23 +0200 Subject: [PATCH] rusticl: enforce using unsafe blocks in unsafe functions Signed-off-by: Karol Herbst Part-of: --- src/gallium/frontends/rusticl/api/kernel.rs | 2 +- src/gallium/frontends/rusticl/api/types.rs | 4 +++- .../frontends/rusticl/mesa/compiler/clc/spirv.rs | 11 ++++++++--- src/gallium/frontends/rusticl/meson.build | 2 ++ src/gallium/frontends/rusticl/util/ptr.rs | 9 ++++++++- 5 files changed, 22 insertions(+), 6 deletions(-) diff --git a/src/gallium/frontends/rusticl/api/kernel.rs b/src/gallium/frontends/rusticl/api/kernel.rs index 1807d09c5a6..e3c27bf902b 100644 --- a/src/gallium/frontends/rusticl/api/kernel.rs +++ b/src/gallium/frontends/rusticl/api/kernel.rs @@ -122,7 +122,7 @@ const ZERO_ARR: [usize; 3] = [0; 3]; /// This function is only safe when called on an array of `work_dim` length unsafe fn kernel_work_arr_or_default<'a>(arr: *const usize, work_dim: cl_uint) -> &'a [usize] { if !arr.is_null() { - slice::from_raw_parts(arr, work_dim as usize) + unsafe { slice::from_raw_parts(arr, work_dim as usize) } } else { &ZERO_ARR } diff --git a/src/gallium/frontends/rusticl/api/types.rs b/src/gallium/frontends/rusticl/api/types.rs index f190574db52..eac1bfb90f9 100644 --- a/src/gallium/frontends/rusticl/api/types.rs +++ b/src/gallium/frontends/rusticl/api/types.rs @@ -90,7 +90,9 @@ impl CLVec { /// /// Using it for anything else is undefined. pub unsafe fn from_raw(v: *const T) -> Self { - Self { vals: *v.cast() } + Self { + vals: unsafe { *v.cast() }, + } } pub fn pixels<'a>(&'a self) -> T diff --git a/src/gallium/frontends/rusticl/mesa/compiler/clc/spirv.rs b/src/gallium/frontends/rusticl/mesa/compiler/clc/spirv.rs index ee9f1233421..ed5f7df8358 100644 --- a/src/gallium/frontends/rusticl/mesa/compiler/clc/spirv.rs +++ b/src/gallium/frontends/rusticl/mesa/compiler/clc/spirv.rs @@ -38,12 +38,15 @@ pub struct CLCHeader<'a> { } unsafe fn callback_impl(data: *mut c_void, msg: *const c_char) { - let msgs = (data as *mut Vec).as_mut().expect(""); + let data = data as *mut Vec; + let msgs = unsafe { data.as_mut() }.unwrap(); msgs.push(c_string_to_string(msg)); } unsafe extern "C" fn spirv_msg_callback(data: *mut c_void, msg: *const c_char) { - callback_impl(data, msg); + unsafe { + callback_impl(data, msg); + } } unsafe extern "C" fn spirv_to_nir_msg_callback( @@ -53,7 +56,9 @@ unsafe extern "C" fn spirv_to_nir_msg_callback( msg: *const c_char, ) { if dbg_level >= nir_spirv_debug_level::NIR_SPIRV_DEBUG_LEVEL_WARNING { - callback_impl(data, msg); + unsafe { + callback_impl(data, msg); + } } } diff --git a/src/gallium/frontends/rusticl/meson.build b/src/gallium/frontends/rusticl/meson.build index e844dc17428..9aecb339537 100644 --- a/src/gallium/frontends/rusticl/meson.build +++ b/src/gallium/frontends/rusticl/meson.build @@ -76,6 +76,8 @@ rusticl_files = files( ) rusticl_args = [ + # we want unsafe blocks inside unsafe functions + '-Dunsafe_op_in_unsafe_fn', # we error on all clippy warnings unless they are disabled '-Dclippy::all', # we want to add asserts in control flow diff --git a/src/gallium/frontends/rusticl/util/ptr.rs b/src/gallium/frontends/rusticl/util/ptr.rs index 98532ad4fb0..8aa96373256 100644 --- a/src/gallium/frontends/rusticl/util/ptr.rs +++ b/src/gallium/frontends/rusticl/util/ptr.rs @@ -10,9 +10,16 @@ pub trait CheckedPtr { } impl CheckedPtr for *mut T { + /// # Safety + /// + /// This function follows the same safety rules as `std::ptr::copy` except that it already + /// checks for a NULL pointer. unsafe fn copy_checked(self, val: *const T, size: usize) { if !self.is_null() { - ptr::copy(val, self, size); + // SAFETY: we move the responsibilities up to the caller + unsafe { + ptr::copy(val, self, size); + } } }