diff options
| author | Paolo Bonzini <pbonzini@redhat.com> | 2025-01-23 11:25:22 +0100 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2025-01-23 18:47:46 +0100 |
| commit | 7d0520398f7f58214cf5242b34c1b46efa2fcf4f (patch) | |
| tree | 1aa706baadc819ff3f569af00c91ba99fe4696fd /rust/qemu-api/src | |
| parent | 24f0e8d818b931758b6dc47f973a6b1b80ecee1f (diff) | |
| download | qemu-7d0520398f7f58214cf5242b34c1b46efa2fcf4f.zip qemu-7d0520398f7f58214cf5242b34c1b46efa2fcf4f.tar.gz qemu-7d0520398f7f58214cf5242b34c1b46efa2fcf4f.tar.bz2 | |
rust: prefer NonNull::new to assertions
Do not use new_unchecked; the effect is the same, but the
code is easier to read and unsafe regions become smaller.
Likewise, NonNull::new can be used instead of assertion and
followed by as_ref() or as_mut() instead of dereferencing the
pointer.
Suggested-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'rust/qemu-api/src')
| -rw-r--r-- | rust/qemu-api/src/qdev.rs | 12 | ||||
| -rw-r--r-- | rust/qemu-api/src/qom.rs | 21 |
2 files changed, 18 insertions, 15 deletions
diff --git a/rust/qemu-api/src/qdev.rs b/rust/qemu-api/src/qdev.rs index a5121e3..4242990 100644 --- a/rust/qemu-api/src/qdev.rs +++ b/rust/qemu-api/src/qdev.rs @@ -4,7 +4,7 @@ //! Bindings to create devices and access device functionality from Rust. -use std::ffi::CStr; +use std::{ffi::CStr, ptr::NonNull}; pub use bindings::{DeviceClass, DeviceState, Property}; @@ -55,9 +55,8 @@ pub trait DeviceImpl { /// can be downcasted to type `T`. We also expect the device is /// readable/writeable from one thread at any time. unsafe extern "C" fn rust_realize_fn<T: DeviceImpl>(dev: *mut DeviceState, _errp: *mut *mut Error) { - assert!(!dev.is_null()); - let state = dev.cast::<T>(); - T::REALIZE.unwrap()(unsafe { &mut *state }); + let state = NonNull::new(dev).unwrap().cast::<T>(); + T::REALIZE.unwrap()(unsafe { state.as_ref() }); } /// # Safety @@ -66,9 +65,8 @@ unsafe extern "C" fn rust_realize_fn<T: DeviceImpl>(dev: *mut DeviceState, _errp /// can be downcasted to type `T`. We also expect the device is /// readable/writeable from one thread at any time. unsafe extern "C" fn rust_reset_fn<T: DeviceImpl>(dev: *mut DeviceState) { - assert!(!dev.is_null()); - let state = dev.cast::<T>(); - T::RESET.unwrap()(unsafe { &mut *state }); + let mut state = NonNull::new(dev).unwrap().cast::<T>(); + T::RESET.unwrap()(unsafe { state.as_mut() }); } impl<T> ClassInitImpl<DeviceClass> for T diff --git a/rust/qemu-api/src/qom.rs b/rust/qemu-api/src/qom.rs index 97901fb..f50ee37 100644 --- a/rust/qemu-api/src/qom.rs +++ b/rust/qemu-api/src/qom.rs @@ -58,6 +58,7 @@ use std::{ fmt, ops::{Deref, DerefMut}, os::raw::c_void, + ptr::NonNull, }; pub use bindings::{Object, ObjectClass}; @@ -153,27 +154,34 @@ impl<T: fmt::Display + ObjectType> fmt::Display for ParentField<T> { } unsafe extern "C" fn rust_instance_init<T: ObjectImpl>(obj: *mut Object) { + let mut state = NonNull::new(obj).unwrap().cast::<T>(); // SAFETY: obj is an instance of T, since rust_instance_init<T> // is called from QOM core as the instance_init function // for class T - unsafe { T::INSTANCE_INIT.unwrap()(&mut *obj.cast::<T>()) } + unsafe { + T::INSTANCE_INIT.unwrap()(state.as_mut()); + } } unsafe extern "C" fn rust_instance_post_init<T: ObjectImpl>(obj: *mut Object) { + let state = NonNull::new(obj).unwrap().cast::<T>(); // SAFETY: obj is an instance of T, since rust_instance_post_init<T> // is called from QOM core as the instance_post_init function // for class T - T::INSTANCE_POST_INIT.unwrap()(unsafe { &*obj.cast::<T>() }) + T::INSTANCE_POST_INIT.unwrap()(unsafe { state.as_ref() }); } unsafe extern "C" fn rust_class_init<T: ObjectType + ClassInitImpl<T::Class>>( klass: *mut ObjectClass, _data: *mut c_void, ) { + let mut klass = NonNull::new(klass) + .unwrap() + .cast::<<T as ObjectType>::Class>(); // SAFETY: klass is a T::Class, since rust_class_init<T> // is called from QOM core as the class_init function // for class T - T::class_init(unsafe { &mut *klass.cast::<T::Class>() }) + T::class_init(unsafe { klass.as_mut() }) } unsafe extern "C" fn drop_object<T: ObjectImpl>(obj: *mut Object) { @@ -581,11 +589,8 @@ pub trait ClassInitImpl<T> { /// can be downcasted to type `T`. We also expect the device is /// readable/writeable from one thread at any time. unsafe extern "C" fn rust_unparent_fn<T: ObjectImpl>(dev: *mut Object) { - unsafe { - assert!(!dev.is_null()); - let state = core::ptr::NonNull::new_unchecked(dev.cast::<T>()); - T::UNPARENT.unwrap()(state.as_ref()); - } + let state = NonNull::new(dev).unwrap().cast::<T>(); + T::UNPARENT.unwrap()(unsafe { state.as_ref() }); } impl<T> ClassInitImpl<ObjectClass> for T |