Introduce unsafe_op_in_unsafe_fn lint

Author: twistedfall

binding-generator/src/func.rs

@@ -816,14 +816,6 @@ impl Safety {
 		}
 	}
 
-	/// Returns `""` or `"unsafe "`, for usage for unsafe blocks within functions with `self` safety
-	pub fn rust_block_safety_qual(self) -> &'static str {
-		match self {
-			Safety::Safe => "unsafe ",
-			Safety::Unsafe => "",
-		}
-	}
-
 	/// Returns `""` or `"unsafe "`, for usage as function declaration specifier
 	pub fn rust_func_safety_qual(self) -> &'static str {
 		match self {

binding-generator/src/writer/rust_native/func.rs

@@ -14,7 +14,7 @@ use super::element::{DefaultRustNativeElement, RustElement};
 use super::type_ref::{Lifetime, TypeRefExt};
 use super::{comment, rust_disambiguate_names, RustNativeGeneratedElement};
 use crate::field::Field;
-use crate::func::{FuncCppBody, FuncKind, FuncRustBody, FuncRustExtern, InheritConfig, OperatorKind, ReturnKind, Safety};
+use crate::func::{FuncCppBody, FuncKind, FuncRustBody, FuncRustExtern, InheritConfig, OperatorKind, ReturnKind};
 use crate::name_pool::NamePool;
 use crate::settings::ARG_OVERRIDE_SELF;
 use crate::type_ref::{Constness, CppNameStyle, ExternDir, FishStyle, NameStyle, StrEnc, StrType, TypeRef, TypeRefTypeHint};
@@ -246,7 +246,6 @@ impl RustNativeGeneratedElement for Func<'_, '_> {
 		let mut callback_arg_name: Option<&str> = None;
 		let function_props = FunctionProps {
 			is_infallible: return_kind.is_infallible(),
-			safety,
 		};
 		for (name, arg) in &args {
 			let arg_type_ref = arg.type_ref();
@@ -335,7 +334,7 @@ impl RustNativeGeneratedElement for Func<'_, '_> {
 		} else {
 			format!(" -> {return_type_func_decl}")
 		};
-		let (ret_pre_call, ret_handle, ret_stmt) = rust_return(self, &return_type_ref, return_kind, safety, return_lifetime);
+		let (ret_pre_call, ret_handle, ret_stmt) = rust_return(self, &return_type_ref, return_kind, return_lifetime);
 		let mut attributes = Vec::with_capacity(2);
 		if self.is_no_discard() {
 			attributes.push(Borrowed("#[must_use]"));
@@ -360,7 +359,7 @@ impl RustNativeGeneratedElement for Func<'_, '_> {
 			("return_pre_call", ret_pre_call),
 			(
 				"call",
-				&rust_call(self, safety, &identifier, &name, &call_args, &forward_args, return_kind),
+				&rust_call(self, &identifier, &name, &call_args, &forward_args, return_kind),
 			),
 			("return_handle", &ret_handle),
 			("post_success_call_args", &post_success_call_args.join("\n")),
@@ -534,7 +533,6 @@ fn pre_post_arg_handle(mut arg: String, args: &mut Vec<String>) {
 
 fn rust_call(
 	f: &Func,
-	func_safety: Safety,
 	identifier: &str,
 	func_name: &str,
 	call_args: &[String],
@@ -543,7 +541,7 @@ fn rust_call(
 ) -> String {
 	#![allow(clippy::too_many_arguments)]
 	static CALL_TPL: Lazy<CompiledInterpolation> =
-		Lazy::new(|| "{{ret_receive}}{{unsafety_call}}{ sys::{{identifier}}({{call_args}}) };".compile_interpolation());
+		Lazy::new(|| "{{ret_receive}}unsafe { sys::{{identifier}}({{call_args}}) };".compile_interpolation());
 
 	let ret_receive = if return_kind.is_naked() {
 		"let ret = "
@@ -556,7 +554,6 @@ fn rust_call(
 	};
 	tpl.interpolate(&HashMap::from([
 		("ret_receive", ret_receive),
-		("unsafety_call", func_safety.rust_block_safety_qual()),
 		("identifier", identifier),
 		("name", func_name),
 		("call_args", &call_args.join(", ")),
@@ -568,7 +565,6 @@ fn rust_return(
 	f: &Func,
 	return_type_ref: &TypeRef,
 	return_kind: ReturnKind,
-	safety: Safety,
 	lifetime: Lifetime,
 ) -> (&'static str, String, &'static str) {
 	match f.rust_body() {
@@ -581,15 +577,12 @@ fn rust_return(
 
 			let mut ret_convert = Vec::with_capacity(3);
 			if !return_kind.is_naked() {
-				ret_convert.push(Owned(format!(
-					"return_receive!({safety}ocvrs_return => ret);",
-					safety = safety.rust_block_safety_qual()
-				)));
+				ret_convert.push(Borrowed("return_receive!(ocvrs_return => ret);"));
 			}
 			if !return_kind.is_infallible() {
 				ret_convert.push("let ret = ret.into_result()?;".into())
 			}
-			let ret_map = rust_return_map(return_type_ref, "ret", safety, return_kind, lifetime);
+			let ret_map = rust_return_map(return_type_ref, "ret", return_kind, lifetime);
 			if !ret_map.is_empty() {
 				ret_convert.push(format!("let ret = {ret_map};").into());
 			}
@@ -605,18 +598,11 @@ fn rust_return(
 	}
 }
 
-fn rust_return_map(
-	return_type: &TypeRef,
-	ret_name: &str,
-	context_safety: Safety,
-	return_kind: ReturnKind,
-	lifetime: Lifetime,
-) -> Cow<'static, str> {
-	let unsafety_call = context_safety.rust_block_safety_qual();
+fn rust_return_map(return_type: &TypeRef, ret_name: &str, return_kind: ReturnKind, lifetime: Lifetime) -> Cow<'static, str> {
 	let return_type_kind = return_type.kind();
 	if return_type_kind.as_string(return_type.type_hint()).is_some() || return_type_kind.extern_pass_kind().is_by_void_ptr() {
 		format!(
-			"{unsafety_call}{{ {typ}::opencv_from_extern({ret_name}) }}",
+			"unsafe {{ {typ}::opencv_from_extern({ret_name}) }}",
 			typ = return_type.rust_return(FishStyle::Turbo, lifetime),
 		)
 		.into()
@@ -634,7 +620,7 @@ fn rust_return_map(
 		} else {
 			".ok_or_else(|| Error::new(core::StsNullPtr, \"Function returned null pointer\"))?"
 		};
-		format!("{unsafety_call}{{ {ret_name}.{ptr_call}() }}{error_handling}").into()
+		format!("unsafe {{ {ret_name}.{ptr_call}() }}{error_handling}").into()
 	} else {
 		"".into()
 	}

binding-generator/src/writer/rust_native/type_ref/render_lane.rs

@@ -14,7 +14,6 @@ pub use string::{InStringRenderLane, OutStringRenderLane};
 pub use trait_class::TraitClassRenderLane;
 pub use void_slice::VoidSliceRenderLane;
 
-use crate::func::Safety;
 use crate::type_ref::{Constness, TypeRef};
 use crate::writer::rust_native::type_ref::{Lifetime, TypeRefExt};
 
@@ -146,7 +145,6 @@ fn rust_self_func_decl(method_constness: Constness, lifetime: Lifetime) -> Cow<'
 
 pub struct FunctionProps {
 	pub is_infallible: bool,
-	pub safety: Safety,
 }
 
 fn rust_arg_func_decl(name: &str, argument_constness: Constness, typ: &str) -> String {

binding-generator/src/writer/rust_native/type_ref/render_lane/cpp_pass_by_void_ptr.rs

@@ -37,17 +37,14 @@ impl RenderLaneTrait for CppPassByVoidPtrRenderLane<'_, '_> {
 		)
 	}
 
-	fn rust_arg_pre_call(&self, name: &str, function_props: &FunctionProps) -> String {
+	fn rust_arg_pre_call(&self, name: &str, _function_props: &FunctionProps) -> String {
 		let is_nullable = self.non_canonical.type_hint().nullability().is_nullable();
 		if is_nullable && self.non_canonical.source().kind().as_smart_ptr().is_some() {
 			let ref_spec = match self.indirection {
 				Indirection::Pointer | Indirection::Reference => "ref ",
 				Indirection::None => "",
 			};
-			format!(
-				"smart_ptr_option_arg!({safety}{ref_spec}{name})",
-				safety = function_props.safety.rust_block_safety_qual()
-			)
+			format!("smart_ptr_option_arg!({ref_spec}{name})")
 		} else {
 			"".to_string()
 		}

binding-generator/tests/generation.rs

@@ -72,7 +72,7 @@ fn extract_functions(code: &str, cb: impl FnMut(Func)) {
 #[test]
 fn char_ptr_slice() {
 	extract_functions("CV_EXPORTS int startLoop(int argc, char* argv[]);", |f| {
-		assert_eq!(f.gen_rust("0.0.0").trim(), "#[inline]\npub fn start_loop(argv: &mut [&str]) -> Result<i32> {\n\tstring_array_arg_mut!(argv);\n\treturn_send!(via ocvrs_return);\n\tunsafe { sys::cv_startLoop_int_charXX(argv.len().try_into()?, argv.as_mut_ptr(), ocvrs_return.as_mut_ptr()) };\n\treturn_receive!(unsafe ocvrs_return => ret);\n\tlet ret = ret.into_result()?;\n\tOk(ret)\n}");
+		assert_eq!(f.gen_rust("0.0.0").trim(), "#[inline]\npub fn start_loop(argv: &mut [&str]) -> Result<i32> {\n\tstring_array_arg_mut!(argv);\n\treturn_send!(via ocvrs_return);\n\tunsafe { sys::cv_startLoop_int_charXX(argv.len().try_into()?, argv.as_mut_ptr(), ocvrs_return.as_mut_ptr()) };\n\treturn_receive!(ocvrs_return => ret);\n\tlet ret = ret.into_result()?;\n\tOk(ret)\n}");
 		assert_eq!(f.gen_cpp().trim(), "void cv_startLoop_int_charXX(int argc, char** argv, Result<int>* ocvrs_return) {\n\ttry {\n\t\tint ret = cv::startLoop(argc, argv);\n\t\tOk(ret, ocvrs_return);\n\t} OCVRS_CATCH(ocvrs_return);\n}");
 		assert_eq!(
 			f.gen_rust_externs().trim(),

build/generator/collector.rs

@@ -193,13 +193,13 @@ impl<'r> Collector<'r> {
 		// MSRV: use #[unsafe(no_mangle)] when MSRV is 1.82
 		writeln!(
 			hub_rs,
-			r#"#[no_mangle] unsafe extern "C" fn ocvrs_create_string{}(s: *const c_char) -> *mut String {{ crate::templ::ocvrs_create_string(s) }}"#,
+			r#"#[no_mangle] unsafe extern "C" fn ocvrs_create_string{}(s: *const c_char) -> *mut String {{ unsafe {{ crate::templ::ocvrs_create_string(s) }} }}"#,
 			self.ffi_export_suffix
 		)?;
 		write!(hub_rs, "\t")?;
 		writeln!(
 			hub_rs,
-			r#"#[no_mangle] unsafe extern "C" fn ocvrs_create_byte_string{}(v: *const u8, len: size_t) -> *mut Vec<u8> {{ crate::templ::ocvrs_create_byte_string(v, len) }}"#,
+			r#"#[no_mangle] unsafe extern "C" fn ocvrs_create_byte_string{}(v: *const u8, len: size_t) -> *mut Vec<u8> {{ unsafe {{ crate::templ::ocvrs_create_byte_string(v, len) }} }}"#,
 			self.ffi_export_suffix
 		)?;
 		writeln!(hub_rs, "}}")?;

src/boxed_ref.rs

@@ -60,7 +60,7 @@ impl<T: OpenCVFromExtern + Boxed> OpenCVFromExtern for BoxedRef<'_, T> {
 	#[inline]
 	unsafe fn opencv_from_extern(s: Self::ExternReceive) -> Self {
 		Self {
-			reference: T::opencv_from_extern(s),
+			reference: unsafe { T::opencv_from_extern(s) },
 			referenced_object: PhantomData,
 		}
 	}
@@ -139,7 +139,7 @@ impl<T: OpenCVFromExtern + Boxed> OpenCVFromExtern for BoxedRefMut<'_, T> {
 	#[inline]
 	unsafe fn opencv_from_extern(s: Self::ExternReceive) -> Self {
 		Self {
-			reference: T::opencv_from_extern(s),
+			reference: unsafe { T::opencv_from_extern(s) },
 			referenced_object: PhantomData,
 		}
 	}

src/lib.rs

@@ -1,4 +1,6 @@
 #![allow(rustdoc::broken_intra_doc_links)]
+// MSRV: remove this hint when edition is "2024" because it's included in it
+#![deny(unsafe_op_in_unsafe_fn)]
 //! Rust bindings for the OpenCV computer vision library
 //!
 //! [Git](https://github.com/twistedfall/opencv-rust) | [Readme](https://github.com/twistedfall/opencv-rust/blob/master/README.md) |

src/manual/core/inplace.rs

@@ -16,7 +16,7 @@ pub trait ModifyInplace {
 impl<Mat: Boxed> ModifyInplace for Mat {
 	#[inline(always)]
 	unsafe fn modify_inplace<Res>(&mut self, f: impl FnOnce(&Self, &mut Self) -> Res) -> Res {
-		let mut m_alias = Mat::from_raw(self.as_raw_mut());
+		let mut m_alias = unsafe { Mat::from_raw(self.as_raw_mut()) };
 		let out = f(self, &mut m_alias);
 		// prevent running destructor on m_alias
 		let _ = m_alias.into_raw();
@@ -27,7 +27,7 @@ impl<Mat: Boxed> ModifyInplace for Mat {
 impl<Mat: Boxed> ModifyInplace for BoxedRefMut<'_, Mat> {
 	#[inline(always)]
 	unsafe fn modify_inplace<Res>(&mut self, f: impl FnOnce(&Self, &mut Self) -> Res) -> Res {
-		let mut m_alias = BoxedRefMut::from(Mat::from_raw(self.reference.as_raw_mut()));
+		let mut m_alias = BoxedRefMut::from(unsafe { Mat::from_raw(self.reference.as_raw_mut()) });
 		let out = f(self, &mut m_alias);
 		// prevent running destructor on m_alias
 		let _ = m_alias.reference.into_raw();

src/manual/core/input_output_array.rs

@@ -45,7 +45,7 @@ fn call_input_array(input_array: &impl _InputArrayTraitConst) -> Result<BoxedRef
 	}
 	return_send!(via ocvrs_return);
 	unsafe { cv_InputArray_input_array(input_array.as_raw__InputArray(), ocvrs_return.as_mut_ptr()) }
-	return_receive!(unsafe ocvrs_return => ret);
+	return_receive!(ocvrs_return => ret);
 	ret.into_result().map(|ptr| unsafe { _InputArray::from_raw(ptr) }.into())
 }
 
@@ -56,7 +56,7 @@ fn call_output_array(output_array: &mut impl _OutputArrayTrait) -> Result<BoxedR
 	}
 	return_send!(via ocvrs_return);
 	unsafe { cv_OutputArray_output_array(output_array.as_raw_mut__OutputArray(), ocvrs_return.as_mut_ptr()) }
-	return_receive!(unsafe ocvrs_return => ret);
+	return_receive!(ocvrs_return => ret);
 	ret.into_result().map(|ptr| unsafe { _OutputArray::from_raw(ptr) }.into())
 }
 
@@ -103,7 +103,7 @@ impl ToInputOutputArray for _InputOutputArray {
 		}
 		return_send!(via ocvrs_return);
 		unsafe { cv_InputOutputArray_input_output_array(self.as_raw_mut__InputOutputArray(), ocvrs_return.as_mut_ptr()) }
-		return_receive!(unsafe ocvrs_return => ret);
+		return_receive!(ocvrs_return => ret);
 		ret.into_result()
 			.map(|ptr| unsafe { _InputOutputArray::from_raw(ptr) }.into())
 	}