unsafe_method and violations_coverage

peter-lyons-kehl · peter-lyons-kehl · commit b1c2919644f8 · 2025-11-08T20:07:22.000-08:00
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -37,7 +37,7 @@ jobs:
         run: |
           cargo clippy
           cargo fmt --check
-          cd violations_coverage/format_files
+          cd violations_coverage/in_crate
           cargo fmt --check
 
       - name: Doc (stable, nightly)
diff --git a/src/lib.rs b/src/lib.rs
@@ -167,12 +167,21 @@ macro_rules! unsafe_method {
         // without upsetting operator precedence.
         {
             if false {
-                // We **cannot** take $self by value, in case it's a non-Copy static variable.
-                let rref = &( $self );
-                let mref = ::prudent::shared_to_mut(rref);
-                let mut owned_receiver = ::core::mem::replace(mref, unsafe{ ::core::mem::zeroed() });
-                let _ = owned_receiver. $fn( $( $arg ),* );
-
+                if false {
+                    // This block makes an instance/owned value of the same type as $self. The
+                    // purpose is then to invoke the method inside unsafe {...}, BUT without
+                    // evaluating the given $self expression inside that unsafe {...} block, so that
+                    // we isolate/catch any unsafe code in $self.
+                    //
+                    // We **cannot** move/take/assign $self by value, in case it's a non-Copy
+                    // **static** variable.
+                    let rref = &( $self );
+                    let mref = ::prudent::shared_to_mut(rref);
+                    let mut owned_receiver = ::core::mem::replace(mref, unsafe{ ::core::mem::zeroed() });
+                    let _ = unsafe { owned_receiver. $fn( $( $arg ),* ) };
+                } else {
+                    $( let _ = $arg; )*
+                }
                 unreachable!()
             } else {
                 #[allow(unsafe_code)]
diff --git a/violations_coverage/in_crate/Cargo.toml b/violations_coverage/in_crate/Cargo.toml
@@ -4,3 +4,4 @@ version = "0.1.0"
 edition = "2024"
 
 [dependencies]
+prudent = {path = "../..", version="0.0.3-alpha"}
diff --git a/violations_coverage/in_crate/README.md b/violations_coverage/in_crate/README.md
@@ -2,6 +2,6 @@ Compilation fails - as intended.
 
 This crate exists to run
 - `cargo fmt`, so that symlinked-files get formatted.
-- `cargo expand`
+- `cargo expand`, for example: `cargo expand --bin unsafe_fn_some_args_arg`
 
 This needs a filesystem that supports symlinks.
diff --git a/violations_coverage/in_crate/src/lib.rs b/violations_coverage/in_crate/src/lib.rs
diff --git a/violations_coverage/unsafe_method/zero_args/self.rs b/violations_coverage/unsafe_method/zero_args/self.rs
@@ -2,5 +2,6 @@ use prudent::unsafe_method;
 
 fn main() {
     #[allow(unused_unsafe)]
+    // str::len is actually not unsafe, but that doesn't matter for this example
     let _ = unsafe_method!(core::str::from_utf8_unchecked(b"hi"), len);
 }

Original file line number	Diff line number	Diff line change
`@@ -4,3 +4,4 @@ version = "0.1.0"`
`4`	`4`	`edition = "2024"`
`5`	`5`
`6`	`6`	`[dependencies]`
	`7`	`+prudent = {path = "../..", version="0.0.3-alpha"}`
Original file line number	Diff line number	Diff line change
`@@ -2,5 +2,6 @@ use prudent::unsafe_method;`
`2`	`2`
`3`	`3`	`fn main() {`
`4`	`4`	`#[allow(unused_unsafe)]`
	`5`	`+ // str::len is actually not unsafe, but that doesn't matter for this example`
`5`	`6`	`let _ = unsafe_method!(core::str::from_utf8_unchecked(b"hi"), len);`
`6`	`7`	`}`