Rollup merge of #128433 - hermit-os:hermit-unsafe_op_in_unsafe_fn, r=joboet

fix(hermit): `deny(unsafe_op_in_unsafe_fn)`

Tracking issue: https://github.com/rust-lang/rust/issues/127747

r? workingjubilee

CC: ``@stlankes``

library/std/src/os/hermit/mod.rs

@@ -1,4 +1,5 @@
 #![stable(feature = "rust1", since = "1.0.0")]
+#![deny(unsafe_op_in_unsafe_fn)]
 
 #[allow(unused_extern_crates)]
 #[stable(feature = "rust1", since = "1.0.0")]

library/std/src/sys/pal/hermit/alloc.rs

@@ -1,31 +1,28 @@
 use super::hermit_abi;
 use crate::alloc::{GlobalAlloc, Layout, System};
-use crate::ptr;
 
 #[stable(feature = "alloc_system_type", since = "1.28.0")]
 unsafe impl GlobalAlloc for System {
     #[inline]
     unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
-        hermit_abi::malloc(layout.size(), layout.align())
-    }
-
-    unsafe fn alloc_zeroed(&self, layout: Layout) -> *mut u8 {
-        let addr = hermit_abi::malloc(layout.size(), layout.align());
-
-        if !addr.is_null() {
-            ptr::write_bytes(addr, 0x00, layout.size());
-        }
-
-        addr
+        let size = layout.size();
+        let align = layout.align();
+        unsafe { hermit_abi::malloc(size, align) }
     }
 
     #[inline]
     unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout) {
-        hermit_abi::free(ptr, layout.size(), layout.align())
+        let size = layout.size();
+        let align = layout.align();
+        unsafe {
+            hermit_abi::free(ptr, size, align);
+        }
     }
 
     #[inline]
     unsafe fn realloc(&self, ptr: *mut u8, layout: Layout, new_size: usize) -> *mut u8 {
-        hermit_abi::realloc(ptr, layout.size(), layout.align(), new_size)
+        let size = layout.size();
+        let align = layout.align();
+        unsafe { hermit_abi::realloc(ptr, size, align, new_size) }
     }
 }

library/std/src/sys/pal/hermit/fd.rs

@@ -111,7 +111,8 @@ fn from_inner(owned_fd: OwnedFd) -> Self {
 
 impl FromRawFd for FileDesc {
     unsafe fn from_raw_fd(raw_fd: RawFd) -> Self {
-        Self { fd: FromRawFd::from_raw_fd(raw_fd) }
+        let fd = unsafe { OwnedFd::from_raw_fd(raw_fd) };
+        Self { fd }
     }
 }
 

library/std/src/sys/pal/hermit/fs.rs

@@ -484,7 +484,8 @@ fn into_raw_fd(self) -> RawFd {
 
 impl FromRawFd for File {
     unsafe fn from_raw_fd(raw_fd: RawFd) -> Self {
-        Self(FromRawFd::from_raw_fd(raw_fd))
+        let file_desc = unsafe { FileDesc::from_raw_fd(raw_fd) };
+        Self(file_desc)
     }
 }
 

library/std/src/sys/pal/hermit/mod.rs

@@ -13,7 +13,8 @@
 //! compiling for wasm. That way it's a compile time error for something that's
 //! guaranteed to be a runtime error!
 
-#![allow(missing_docs, nonstandard_style, unsafe_op_in_unsafe_fn)]
+#![deny(unsafe_op_in_unsafe_fn)]
+#![allow(missing_docs, nonstandard_style)]
 
 use crate::os::raw::c_char;
 
@@ -49,9 +50,7 @@ pub fn unsupported_err() -> crate::io::Error {
 }
 
 pub fn abort_internal() -> ! {
-    unsafe {
-        hermit_abi::abort();
-    }
+    unsafe { hermit_abi::abort() }
 }
 
 pub fn hashmap_random_keys() -> (u64, u64) {
@@ -80,7 +79,9 @@ pub extern "C" fn __rust_abort() {
 // SAFETY: must be called only once during runtime initialization.
 // NOTE: this is not guaranteed to run, for example when Rust code is called externally.
 pub unsafe fn init(argc: isize, argv: *const *const u8, _sigpipe: u8) {
-    args::init(argc, argv);
+    unsafe {
+        args::init(argc, argv);
+    }
 }
 
 // SAFETY: must be called only once during runtime cleanup.
@@ -101,10 +102,12 @@ pub unsafe fn cleanup() {}
     // initialize environment
     os::init_environment(env as *const *const i8);
 
-    let result = main(argc as isize, argv);
+    let result = unsafe { main(argc as isize, argv) };
 
-    crate::sys::thread_local::destructors::run();
-    hermit_abi::exit(result);
+    unsafe {
+        crate::sys::thread_local::destructors::run();
+    }
+    unsafe { hermit_abi::exit(result) }
 }
 
 #[inline]

library/std/src/sys/pal/hermit/os.rs

@@ -68,21 +68,21 @@ pub fn current_exe() -> io::Result<PathBuf> {
     unsupported()
 }
 
-static mut ENV: Option<Mutex<HashMap<OsString, OsString>>> = None;
+static ENV: Mutex<Option<HashMap<OsString, OsString>>> = Mutex::new(None);
 
 pub fn init_environment(env: *const *const i8) {
+    let mut guard = ENV.lock().unwrap();
+    let map = guard.insert(HashMap::new());
+
+    if env.is_null() {
+        return;
+    }
+
     unsafe {
-        ENV = Some(Mutex::new(HashMap::new()));
-
-        if env.is_null() {
-            return;
-        }
-
-        let mut guard = ENV.as_ref().unwrap().lock().unwrap();
         let mut environ = env;
         while !(*environ).is_null() {
             if let Some((key, value)) = parse(CStr::from_ptr(*environ).to_bytes()) {
-                guard.insert(key, value);
+                map.insert(key, value);
             }
             environ = environ.add(1);
         }
@@ -154,30 +154,26 @@ fn size_hint(&self) -> (usize, Option<usize>) {
 /// Returns a vector of (variable, value) byte-vector pairs for all the
 /// environment variables of the current process.
 pub fn env() -> Env {
-    unsafe {
-        let guard = ENV.as_ref().unwrap().lock().unwrap();
-        let mut result = Vec::new();
+    let guard = ENV.lock().unwrap();
+    let env = guard.as_ref().unwrap();
 
-        for (key, value) in guard.iter() {
-            result.push((key.clone(), value.clone()));
-        }
+    let result = env.iter().map(|(key, value)| (key.clone(), value.clone())).collect::<Vec<_>>();
 
-        return Env { iter: result.into_iter() };
-    }
+    Env { iter: result.into_iter() }
 }
 
 pub fn getenv(k: &OsStr) -> Option<OsString> {
-    unsafe { ENV.as_ref().unwrap().lock().unwrap().get_mut(k).cloned() }
+    ENV.lock().unwrap().as_ref().unwrap().get(k).cloned()
 }
 
 pub unsafe fn setenv(k: &OsStr, v: &OsStr) -> io::Result<()> {
     let (k, v) = (k.to_owned(), v.to_owned());
-    ENV.as_ref().unwrap().lock().unwrap().insert(k, v);
+    ENV.lock().unwrap().as_mut().unwrap().insert(k, v);
     Ok(())
 }
 
 pub unsafe fn unsetenv(k: &OsStr) -> io::Result<()> {
-    ENV.as_ref().unwrap().lock().unwrap().remove(k);
+    ENV.lock().unwrap().as_mut().unwrap().remove(k);
     Ok(())
 }
 
@@ -190,9 +186,7 @@ pub fn home_dir() -> Option<PathBuf> {
 }
 
 pub fn exit(code: i32) -> ! {
-    unsafe {
-        hermit_abi::exit(code);
-    }
+    unsafe { hermit_abi::exit(code) }
 }
 
 pub fn getpid() -> u32 {

library/std/src/sys/pal/hermit/thread.rs

@@ -25,18 +25,22 @@ pub unsafe fn new_with_coreid(
         core_id: isize,
     ) -> io::Result<Thread> {
         let p = Box::into_raw(Box::new(p));
-        let tid = hermit_abi::spawn2(
-            thread_start,
-            p.expose_provenance(),
-            hermit_abi::Priority::into(hermit_abi::NORMAL_PRIO),
-            stack,
-            core_id,
-        );
+        let tid = unsafe {
+            hermit_abi::spawn2(
+                thread_start,
+                p.expose_provenance(),
+                hermit_abi::Priority::into(hermit_abi::NORMAL_PRIO),
+                stack,
+                core_id,
+            )
+        };
 
         return if tid == 0 {
             // The thread failed to start and as a result p was not consumed. Therefore, it is
             // safe to reconstruct the box so that it gets deallocated.
-            drop(Box::from_raw(p));
+            unsafe {
+                drop(Box::from_raw(p));
+            }
             Err(io::const_io_error!(io::ErrorKind::Uncategorized, "Unable to create thread!"))
         } else {
             Ok(Thread { tid: tid })
@@ -54,7 +58,9 @@ extern "C" fn thread_start(main: usize) {
     }
 
     pub unsafe fn new(stack: usize, p: Box<dyn FnOnce()>) -> io::Result<Thread> {
-        Thread::new_with_coreid(stack, p, -1 /* = no specific core */)
+        unsafe {
+            Thread::new_with_coreid(stack, p, -1 /* = no specific core */)
+        }
     }
 
     #[inline]