0.0.2-alpha: WIP of: unsafe_static_set, unsafe_ref, unsafe_ref_mut, unsafe_ref_set, unsafe_cast

peter-lyons-kehl · peter-lyons-kehl · commit 82f1a07f69f1 · 2025-10-26T11:15:12.000-07:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+# 0.0.2-alpha
+
+Initial `unsafe_static_set`, `unsafe_ref`, `unsafe_ref_mut`, `unsafe_ref_set`, `unsafe_cast`. All are WIP.
+
 # 0.0.1-alpha
 
 Initial. Only `unsafe_fn!` and `unsafe_method!` macros.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "prudent"
-version = "0.0.1-alpha"
+version = "0.0.2-alpha"
 edition = "2018"
 
 license = "BSD-2-Clause OR Apache-2.0 OR MIT"
diff --git a/src/lib.rs b/src/lib.rs
@@ -3,8 +3,8 @@
 // This only refuses unsafe code in functions/expressions in this crate, not ones generated by this
 // crate's macros.
 #![cfg_attr(not(any(doc, test)), forbid(unsafe_code))]
-//#[cfg(doc)]
-//extern crate alloc;
+#[cfg(doc)]
+extern crate alloc;
 
 /// Invoke am unsafe function.
 ///
@@ -40,7 +40,8 @@ macro_rules! unsafe_fn {
     (~~ $last:expr) => {
         ($last,)
     };
-    // Commented out: For now, we require the (potentially unsafe) function to have at least 1 argument.
+    // Commented out: For now, we require the (potentially unsafe) function to have at least 1
+    // argument.
     //
     //(~~) => { () };
 
@@ -85,7 +86,7 @@ macro_rules! unsafe_fn {
 /// Invoke an unsafe method. Like [unsafe_fn], but
 /// - we accept a receiver `self`
 /// - we store `self` in a variable outside of the generated `unsafe {...}`
-/// - we don't allow $fn to be an expression (which doesn't work in standard methods calls), but
+/// - we do NOT allow $fn to be an expression (which doesn't work in standard methods calls), but
 ///   only an identifier.
 #[macro_export]
 macro_rules! unsafe_method {
@@ -188,25 +189,21 @@ macro_rules! unsafe_deref_set {
 /// underlying type).
 #[macro_export]
 macro_rules! unsafe_ref {
-    ($ptr:expr) => {
-        {
-            let ptr = $ptr;
-            let _: *const _ = ptr; // Partial type check: $ptr needs to yield a const pointer
-            unsafe { &*ptr }
-        }
-    };
+    ($ptr:expr) => {{
+        let ptr = $ptr;
+        let _: *const _ = ptr; // Partial type check: $ptr needs to yield a const pointer
+        unsafe { &*ptr }
+    }};
 }
 
 /// Deref a `mut` pointer and yield a `mut` reference (to the same underlying type).
 #[macro_export]
 macro_rules! unsafe_ref_mut {
-    ($ptr:expr) => {
-        {
-            let ptr = $ptr;
-            let _: *mut _ = ptr; // Partial type check: $ptr needs to yield a mut pointer
-            unsafe { &mut *ptr }
-        }
-    };
+    ($ptr:expr) => {{
+        let ptr = $ptr;
+        let _: *mut _ = ptr; // Partial type check: $ptr needs to yield a mut pointer
+        unsafe { &mut *ptr }
+    }};
 }
 
 /// Assign the given value to the location given in the pointer.
@@ -225,7 +222,9 @@ macro_rules! unsafe_ref_set {
         let ptr = $ptr;
         let _: *mut _ = ptr; // Partial type check: $ptr needs to yield a mut pointer
         let value = $value;
-        unsafe { *ptr = value; }
+        unsafe {
+            *ptr = value;
+        }
     }};
 }
 
@@ -237,11 +236,10 @@ macro_rules! unsafe_ref_set {
 macro_rules! unsafe_cast {
     ($ptr:expr, $t:ty) => {{
         let ptr = $ptr;
-        unsafe { ptr as $ty }
+        unsafe { &*ptr as $t }
     }};
 }
 
-
 //-------------
 
 #[cfg(test)]
@@ -289,8 +287,8 @@ mod fn_method_tests {
         }
         fn _unsafe_set_x_0_simple_2(value: bool) {
             *unsafe {
-                // @TODO The expression (here: X) could include subexpressions (like array index) and
-                // those may include `unsafe` code, too!
+                // @TODO The expression (here: X) could include subexpressions (like array index)
+                // and those may include `unsafe` code, too!
                 #[allow(static_mut_refs)]
                 &mut X[0]
                 //
@@ -303,7 +301,7 @@ mod fn_method_tests {
 
             // FLEXIBLE: <<~<<~<<
             (*&mut unsafe { X })[0] = value;
-            
+
             (*&mut unsafe { X }) = [true, true];
         }
         fn _unsafe_set_x_0_store_ref(value: bool) {
@@ -349,8 +347,8 @@ mod fn_method_tests {
 
                     // @TODO requires a return type
                     //
-                    // @TODO doesn't work if the static variable is identified with a
-                    // path like `crate::mod_x::mod_y::STATIC_X``
+                    // @TODO doesn't work if the static variable is identified with a path like
+                    // `crate::mod_x::mod_y::STATIC_X``
                     pub fn _f() -> bool {
                         #[allow(non_snake_case)]
                         let X = &unsafe { super::X };
@@ -397,8 +395,7 @@ mod fn_method_tests {
         let pt: *mut bool = &mut a as *mut bool;
 
         let a2: bool = unsafe_deref!(pt);
-        // FAILS:
-        //unsafe_deref!(pt) = false;
+        // FAILS: unsafe_deref!(pt) = false;
     }
     #[test]
     fn deref_mut_field_or_method() {
@@ -416,6 +413,9 @@ mod fn_method_tests {
 mod casting_tests {
     use std::fmt::Display;
 
+    #[test]
+    fn todo() {}
+
     #[test]
     fn read_only() {
         let a: bool = true;
@@ -434,10 +434,10 @@ mod casting_tests {
         // Not allowed:
         //
         // unsafe { *pt  } = false;
-        unsafe { *pt  = false };
+        unsafe { *pt = false };
 
         // Move to a separate test:
-        unsafe_ref_set!( pt, false);
+        unsafe_ref_set!(pt, false);
     }
 
     #[test]
