Skip to content

Bitfield raw getters/setters generate unsafe_op_in_unsafe_fn warnings #3123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nikkon-dev opened this issue Feb 9, 2025 · 0 comments · Fixed by #3124
Closed

Bitfield raw getters/setters generate unsafe_op_in_unsafe_fn warnings #3123

nikkon-dev opened this issue Feb 9, 2025 · 0 comments · Fixed by #3124

Comments

@nikkon-dev
Copy link
Contributor

Generated code (getter):

    pub unsafe fn raw_get_bit(this: *const Self, index: usize) -> bool {
        debug_assert!(index / 8 < core::mem::size_of::<Storage>());
        let byte_index = index / 8;
        let byte = *(core::ptr::addr_of!((*this).storage) as *const u8).offset(byte_index as isize);
        Self::extract_bit(byte, index)
    }

Generates warning in 2024 Edition:

  --> /.../out/bindings.rs:39:20
   |
39 |         let byte = *(core::ptr::addr_of!((*this).storage) as *const u8).offset(byte_index as isize);
   |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer
   |
   = note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/unsafe-op-in-unsafe-fn.html>
   = note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior

Generated code (setter):

    pub unsafe fn raw_set_bit(this: *mut Self, index: usize, val: bool) {
        debug_assert!(index / 8 < core::mem::size_of::<Storage>());
        let byte_index = index / 8;
        let byte = (core::ptr::addr_of_mut!((*this).storage) as *mut u8).offset(byte_index as isize);
        *byte = Self::change_bit(*byte, index, val);
    }

Warning:

warning[E0133]: dereference of raw pointer is unsafe and requires unsafe block
  --> /.../out/bindings.rs:64:34
   |
64 |         *byte = Self::change_bit(*byte, index, val);
   |                                  ^^^^^ dereference of raw pointer
   |
   = note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/unsafe-op-in-unsafe-fn.html>
   = note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior

Generated code (getter):

    #[inline]
    pub unsafe fn raw_get(this: *const Self, bit_offset: usize, bit_width: u8) -> u64 {
        debug_assert!(bit_width <= 64);
        debug_assert!(bit_offset / 8 < core::mem::size_of::<Storage>());
        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= core::mem::size_of::<Storage>());
        let mut val = 0;
        for i in 0..(bit_width as usize) {
            if Self::raw_get_bit(this, i + bit_offset) {
                let index = if cfg!(target_endian = "big") {
                    bit_width as usize - 1 - i
                } else {
                    i
                };
                val |= 1 << index;
            }
        }
        val
    }

Warning:

warning[E0133]: call to unsafe function `__BindgenBitfieldUnit::<Storage>::raw_get_bit` is unsafe and requires unsafe block
  --> /.../out/bindings.rs:91:16
   |
91 |             if Self::raw_get_bit(this, i + bit_offset) {
   |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
   |
   = note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/unsafe-op-in-unsafe-fn.html>
   = note: consult the function's documentation for information on how to avoid undefined behavior

Generated code (setter):

#[inline]
    pub unsafe fn raw_set(this: *mut Self, bit_offset: usize, bit_width: u8, val: u64) {
        debug_assert!(bit_width <= 64);
        debug_assert!(bit_offset / 8 < core::mem::size_of::<Storage>());
        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= core::mem::size_of::<Storage>());
        for i in 0..(bit_width as usize) {
            let mask = 1 << i;
            let val_bit_is_set = val & mask == mask;
            let index = if cfg!(target_endian = "big") {
                bit_width as usize - 1 - i
            } else {
                i
            };
            Self::raw_set_bit(this, index + bit_offset, val_bit_is_set);
        }
    }

Warning:

warning[E0133]: call to unsafe function `__BindgenBitfieldUnit::<Storage>::raw_set_bit` is unsafe and requires unsafe block
   --> /.../out/bindings.rs:131:13
    |
131 |             Self::raw_set_bit(this, index + bit_offset, val_bit_is_set);
    |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
    |
    = note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/unsafe-op-in-unsafe-fn.html>
    = note: consult the function's documentation for information on how to avoid undefined behavior
nikkon-dev added a commit to nikkon-dev/rust-bindgen that referenced this issue Feb 9, 2025
@nikkon-dev
Fixes rust-lang#3123
068d4ce 
Signed-off-by: Nik Konyuchenko <[email protected]>
@nikkon-dev nikkon-dev mentioned this issue Feb 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use unsafe in bitfields raw getters/setters nikkon-dev/rust-bindgen
1 participant
@nikkon-dev