Do not use new_unchecked; the effect is the same, but the
code is easier to read and unsafe regions become smaller.
Likewise, NonNull::new can be used instead of assertion and
followed by as_ref() or as_mut() instead of dereferencing the
pointer.
Suggested-by: Zhao Liu <zhao1....@intel.com>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
rust/hw/char/pl011/src/device.rs | 17 +++++------------
rust/hw/char/pl011/src/device_class.rs | 23 +++++++++--------------
rust/hw/char/pl011/src/memory_ops.rs | 9 +++------
rust/qemu-api/src/qdev.rs | 12 +++++-------
rust/qemu-api/src/qom.rs | 21 +++++++++++++--------
5 files changed, 35 insertions(+), 47 deletions(-)
diff --git a/rust/hw/char/pl011/src/device.rs b/rust/hw/char/pl011/src/device.rs
index a1a522fdcdb..c0b53f2515c 100644
--- a/rust/hw/char/pl011/src/device.rs
+++ b/rust/hw/char/pl011/src/device.rs
@@ -593,11 +593,8 @@ pub fn post_load(&mut self, _version_id: u32) ->
Result<(), ()> {
/// the same size as [`PL011State`]. We also expect the device is
/// readable/writeable from one thread at any time.
pub unsafe extern "C" fn pl011_can_receive(opaque: *mut c_void) -> c_int {
- unsafe {
- debug_assert!(!opaque.is_null());
- let state = NonNull::new_unchecked(opaque.cast::<PL011State>());
- state.as_ref().can_receive().into()
- }
+ let state = NonNull::new(opaque).unwrap().cast::<PL011State>();
+ unsafe { state.as_ref().can_receive().into() }
}
/// # Safety
@@ -608,9 +605,8 @@ pub fn post_load(&mut self, _version_id: u32) -> Result<(),
()> {
///
/// The buffer and size arguments must also be valid.
pub unsafe extern "C" fn pl011_receive(opaque: *mut c_void, buf: *const u8,
size: c_int) {
+ let mut state = NonNull::new(opaque).unwrap().cast::<PL011State>();
unsafe {
- debug_assert!(!opaque.is_null());
- let mut state = NonNull::new_unchecked(opaque.cast::<PL011State>());
if state.as_ref().loopback_enabled() {
return;
}
@@ -627,11 +623,8 @@ pub fn post_load(&mut self, _version_id: u32) ->
Result<(), ()> {
/// the same size as [`PL011State`]. We also expect the device is
/// readable/writeable from one thread at any time.
pub unsafe extern "C" fn pl011_event(opaque: *mut c_void, event: QEMUChrEvent)
{
- unsafe {
- debug_assert!(!opaque.is_null());
- let mut state = NonNull::new_unchecked(opaque.cast::<PL011State>());
- state.as_mut().event(event)
- }
+ let mut state = NonNull::new(opaque).unwrap().cast::<PL011State>();
+ unsafe { state.as_mut().event(event) }
}
/// # Safety
diff --git a/rust/hw/char/pl011/src/device_class.rs
b/rust/hw/char/pl011/src/device_class.rs
index b052d98803f..6fa14ca0f9b 100644
--- a/rust/hw/char/pl011/src/device_class.rs
+++ b/rust/hw/char/pl011/src/device_class.rs
@@ -12,12 +12,10 @@
use crate::device::PL011State;
+#[allow(clippy::missing_const_for_fn)]
extern "C" fn pl011_clock_needed(opaque: *mut c_void) -> bool {
- unsafe {
- debug_assert!(!opaque.is_null());
- let state = NonNull::new_unchecked(opaque.cast::<PL011State>());
- state.as_ref().migrate_clock
- }
+ let state = NonNull::new(opaque).unwrap().cast::<PL011State>();
+ unsafe { state.as_ref().migrate_clock }
}
/// Migration subsection for [`PL011State`] clock.
@@ -33,15 +31,12 @@ extern "C" fn pl011_clock_needed(opaque: *mut c_void) ->
bool {
};
extern "C" fn pl011_post_load(opaque: *mut c_void, version_id: c_int) -> c_int
{
- unsafe {
- debug_assert!(!opaque.is_null());
- let mut state = NonNull::new_unchecked(opaque.cast::<PL011State>());
- let result = state.as_mut().post_load(version_id as u32);
- if result.is_err() {
- -1
- } else {
- 0
- }
+ let mut state = NonNull::new(opaque).unwrap().cast::<PL011State>();
+ let result = unsafe { state.as_mut().post_load(version_id as u32) };
+ if result.is_err() {
+ -1
+ } else {
+ 0
}
}
diff --git a/rust/hw/char/pl011/src/memory_ops.rs
b/rust/hw/char/pl011/src/memory_ops.rs
index c4e8599ba43..a286003d136 100644
--- a/rust/hw/char/pl011/src/memory_ops.rs
+++ b/rust/hw/char/pl011/src/memory_ops.rs
@@ -25,7 +25,7 @@
unsafe extern "C" fn pl011_read(opaque: *mut c_void, addr: hwaddr, size:
c_uint) -> u64 {
assert!(!opaque.is_null());
- let mut state = unsafe {
NonNull::new_unchecked(opaque.cast::<PL011State>()) };
+ let mut state = NonNull::new(opaque).unwrap().cast::<PL011State>();
let val = unsafe { state.as_mut().read(addr, size) };
match val {
std::ops::ControlFlow::Break(val) => val,
@@ -43,9 +43,6 @@
}
unsafe extern "C" fn pl011_write(opaque: *mut c_void, addr: hwaddr, data: u64,
_size: c_uint) {
- unsafe {
- assert!(!opaque.is_null());
- let mut state = NonNull::new_unchecked(opaque.cast::<PL011State>());
- state.as_mut().write(addr, data)
- }
+ let mut state = NonNull::new(opaque).unwrap().cast::<PL011State>();
+ unsafe { state.as_mut().write(addr, data) }
}
diff --git a/rust/qemu-api/src/qdev.rs b/rust/qemu-api/src/qdev.rs
index a5121e31a37..42429903aae 100644
--- a/rust/qemu-api/src/qdev.rs
+++ b/rust/qemu-api/src/qdev.rs
@@ -4,7 +4,7 @@
//! Bindings to create devices and access device functionality from Rust.
-use std::ffi::CStr;
+use std::{ffi::CStr, ptr::NonNull};
pub use bindings::{DeviceClass, DeviceState, Property};
@@ -55,9 +55,8 @@ fn vmsd() -> Option<&'static VMStateDescription> {
/// can be downcasted to type `T`. We also expect the device is
/// readable/writeable from one thread at any time.
unsafe extern "C" fn rust_realize_fn<T: DeviceImpl>(dev: *mut DeviceState,
_errp: *mut *mut Error) {
- assert!(!dev.is_null());
- let state = dev.cast::<T>();
- T::REALIZE.unwrap()(unsafe { &mut *state });
+ let state = NonNull::new(dev).unwrap().cast::<T>();
+ T::REALIZE.unwrap()(unsafe { state.as_ref() });
}
/// # Safety
@@ -66,9 +65,8 @@ fn vmsd() -> Option<&'static VMStateDescription> {
/// can be downcasted to type `T`. We also expect the device is
/// readable/writeable from one thread at any time.
unsafe extern "C" fn rust_reset_fn<T: DeviceImpl>(dev: *mut DeviceState) {
- assert!(!dev.is_null());
- let state = dev.cast::<T>();
- T::RESET.unwrap()(unsafe { &mut *state });
+ let mut state = NonNull::new(dev).unwrap().cast::<T>();
+ T::RESET.unwrap()(unsafe { state.as_mut() });
}
impl<T> ClassInitImpl<DeviceClass> for T
diff --git a/rust/qemu-api/src/qom.rs b/rust/qemu-api/src/qom.rs
index 97901fb9084..f50ee371aac 100644
--- a/rust/qemu-api/src/qom.rs
+++ b/rust/qemu-api/src/qom.rs
@@ -58,6 +58,7 @@
fmt,
ops::{Deref, DerefMut},
os::raw::c_void,
+ ptr::NonNull,
};
pub use bindings::{Object, ObjectClass};
@@ -153,27 +154,34 @@ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(),
fmt::Error> {
}
unsafe extern "C" fn rust_instance_init<T: ObjectImpl>(obj: *mut Object) {
+ let mut state = NonNull::new(obj).unwrap().cast::<T>();
// SAFETY: obj is an instance of T, since rust_instance_init<T>
// is called from QOM core as the instance_init function
// for class T
- unsafe { T::INSTANCE_INIT.unwrap()(&mut *obj.cast::<T>()) }
+ unsafe {
+ T::INSTANCE_INIT.unwrap()(state.as_mut());
+ }
}
unsafe extern "C" fn rust_instance_post_init<T: ObjectImpl>(obj: *mut Object) {
+ let state = NonNull::new(obj).unwrap().cast::<T>();
// SAFETY: obj is an instance of T, since rust_instance_post_init<T>
// is called from QOM core as the instance_post_init function
// for class T
- T::INSTANCE_POST_INIT.unwrap()(unsafe { &*obj.cast::<T>() })
+ T::INSTANCE_POST_INIT.unwrap()(unsafe { state.as_ref() });
}
unsafe extern "C" fn rust_class_init<T: ObjectType + ClassInitImpl<T::Class>>(
klass: *mut ObjectClass,
_data: *mut c_void,
) {
+ let mut klass = NonNull::new(klass)
+ .unwrap()
+ .cast::<<T as ObjectType>::Class>();
// SAFETY: klass is a T::Class, since rust_class_init<T>
// is called from QOM core as the class_init function
// for class T
- T::class_init(unsafe { &mut *klass.cast::<T::Class>() })
+ T::class_init(unsafe { klass.as_mut() })
}
unsafe extern "C" fn drop_object<T: ObjectImpl>(obj: *mut Object) {
@@ -581,11 +589,8 @@ pub trait ClassInitImpl<T> {
/// can be downcasted to type `T`. We also expect the device is
/// readable/writeable from one thread at any time.
unsafe extern "C" fn rust_unparent_fn<T: ObjectImpl>(dev: *mut Object) {
- unsafe {
- assert!(!dev.is_null());
- let state = core::ptr::NonNull::new_unchecked(dev.cast::<T>());
- T::UNPARENT.unwrap()(state.as_ref());
- }
+ let state = NonNull::new(dev).unwrap().cast::<T>();
+ T::UNPARENT.unwrap()(unsafe { state.as_ref() });
}
impl<T> ClassInitImpl<ObjectClass> for T
--
2.48.1
