From 0260e47b16ec9b7badf7fdb11e7dc7182633c875 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Kr=C3=B6ning?=
 <martin.kroening@eonerc.rwth-aachen.de>
Date: Wed, 31 Jul 2024 13:20:35 +0200
Subject: [PATCH] fix(pal/hermit): `deny(unsafe_op_in_unsafe_fn)`
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Martin Kröning <martin.kroening@eonerc.rwth-aachen.de>
---
 std/src/sys/pal/hermit/alloc.rs  | 15 +++++++++++----
 std/src/sys/pal/hermit/fd.rs     |  3 ++-
 std/src/sys/pal/hermit/fs.rs     |  3 ++-
 std/src/sys/pal/hermit/mod.rs    | 15 ++++++++++-----
 std/src/sys/pal/hermit/thread.rs | 24 +++++++++++++++---------
 5 files changed, 40 insertions(+), 20 deletions(-)

diff --git a/std/src/sys/pal/hermit/alloc.rs b/std/src/sys/pal/hermit/alloc.rs
index 5daa5f9e49ffe..f10d5f9227e63 100644
--- a/std/src/sys/pal/hermit/alloc.rs
+++ b/std/src/sys/pal/hermit/alloc.rs
@@ -1,21 +1,28 @@
 use super::hermit_abi;
 use crate::alloc::{GlobalAlloc, Layout, System};
-use crate::ptr;
 
 #[stable(feature = "alloc_system_type", since = "1.28.0")]
 unsafe impl GlobalAlloc for System {
     #[inline]
     unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
-        hermit_abi::malloc(layout.size(), layout.align())
+        let size = layout.size();
+        let align = layout.align();
+        unsafe { hermit_abi::malloc(size, align) }
     }
 
     #[inline]
     unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout) {
-        hermit_abi::free(ptr, layout.size(), layout.align())
+        let size = layout.size();
+        let align = layout.align();
+        unsafe {
+            hermit_abi::free(ptr, size, align);
+        }
     }
 
     #[inline]
     unsafe fn realloc(&self, ptr: *mut u8, layout: Layout, new_size: usize) -> *mut u8 {
-        hermit_abi::realloc(ptr, layout.size(), layout.align(), new_size)
+        let size = layout.size();
+        let align = layout.align();
+        unsafe { hermit_abi::realloc(ptr, size, align, new_size) }
     }
 }
diff --git a/std/src/sys/pal/hermit/fd.rs b/std/src/sys/pal/hermit/fd.rs
index bdcf880484dfc..79fc13bd4a87f 100644
--- a/std/src/sys/pal/hermit/fd.rs
+++ b/std/src/sys/pal/hermit/fd.rs
@@ -111,7 +111,8 @@ impl FromInner<OwnedFd> for FileDesc {
 
 impl FromRawFd for FileDesc {
     unsafe fn from_raw_fd(raw_fd: RawFd) -> Self {
-        Self { fd: FromRawFd::from_raw_fd(raw_fd) }
+        let fd = unsafe { OwnedFd::from_raw_fd(raw_fd) };
+        Self { fd }
     }
 }
 
diff --git a/std/src/sys/pal/hermit/fs.rs b/std/src/sys/pal/hermit/fs.rs
index cbdb942ac58ef..aaf1a044d0613 100644
--- a/std/src/sys/pal/hermit/fs.rs
+++ b/std/src/sys/pal/hermit/fs.rs
@@ -484,7 +484,8 @@ impl IntoRawFd for File {
 
 impl FromRawFd for File {
     unsafe fn from_raw_fd(raw_fd: RawFd) -> Self {
-        Self(FromRawFd::from_raw_fd(raw_fd))
+        let file_desc = unsafe { FileDesc::from_raw_fd(raw_fd) };
+        Self(file_desc)
     }
 }
 
diff --git a/std/src/sys/pal/hermit/mod.rs b/std/src/sys/pal/hermit/mod.rs
index 2c9aeb480445c..ef406b9ec7f0d 100644
--- a/std/src/sys/pal/hermit/mod.rs
+++ b/std/src/sys/pal/hermit/mod.rs
@@ -13,7 +13,8 @@
 //! compiling for wasm. That way it's a compile time error for something that's
 //! guaranteed to be a runtime error!
 
-#![allow(missing_docs, nonstandard_style, unsafe_op_in_unsafe_fn)]
+#![deny(unsafe_op_in_unsafe_fn)]
+#![allow(missing_docs, nonstandard_style)]
 
 use crate::os::raw::c_char;
 
@@ -78,7 +79,9 @@ pub extern "C" fn __rust_abort() {
 // SAFETY: must be called only once during runtime initialization.
 // NOTE: this is not guaranteed to run, for example when Rust code is called externally.
 pub unsafe fn init(argc: isize, argv: *const *const u8, _sigpipe: u8) {
-    args::init(argc, argv);
+    unsafe {
+        args::init(argc, argv);
+    }
 }
 
 // SAFETY: must be called only once during runtime cleanup.
@@ -99,10 +102,12 @@ pub unsafe extern "C" fn runtime_entry(
     // initialize environment
     os::init_environment(env as *const *const i8);
 
-    let result = main(argc as isize, argv);
+    let result = unsafe { main(argc as isize, argv) };
 
-    crate::sys::thread_local::destructors::run();
-    hermit_abi::exit(result)
+    unsafe {
+        crate::sys::thread_local::destructors::run();
+    }
+    unsafe { hermit_abi::exit(result) }
 }
 
 #[inline]
diff --git a/std/src/sys/pal/hermit/thread.rs b/std/src/sys/pal/hermit/thread.rs
index 95c13e53b470b..6321f92e3d9d0 100644
--- a/std/src/sys/pal/hermit/thread.rs
+++ b/std/src/sys/pal/hermit/thread.rs
@@ -25,18 +25,22 @@ impl Thread {
         core_id: isize,
     ) -> io::Result<Thread> {
         let p = Box::into_raw(Box::new(p));
-        let tid = hermit_abi::spawn2(
-            thread_start,
-            p.expose_provenance(),
-            hermit_abi::Priority::into(hermit_abi::NORMAL_PRIO),
-            stack,
-            core_id,
-        );
+        let tid = unsafe {
+            hermit_abi::spawn2(
+                thread_start,
+                p.expose_provenance(),
+                hermit_abi::Priority::into(hermit_abi::NORMAL_PRIO),
+                stack,
+                core_id,
+            )
+        };
 
         return if tid == 0 {
             // The thread failed to start and as a result p was not consumed. Therefore, it is
             // safe to reconstruct the box so that it gets deallocated.
-            drop(Box::from_raw(p));
+            unsafe {
+                drop(Box::from_raw(p));
+            }
             Err(io::const_io_error!(io::ErrorKind::Uncategorized, "Unable to create thread!"))
         } else {
             Ok(Thread { tid: tid })
@@ -54,7 +58,9 @@ impl Thread {
     }
 
     pub unsafe fn new(stack: usize, p: Box<dyn FnOnce()>) -> io::Result<Thread> {
-        Thread::new_with_coreid(stack, p, -1 /* = no specific core */)
+        unsafe {
+            Thread::new_with_coreid(stack, p, -1 /* = no specific core */)
+        }
     }
 
     #[inline]