@@ -97,10 +97,8 @@ extern crate alloc;
9797#[ macro_export]
9898macro_rules! unsafe_fn {
9999 ( $fn: expr $( , $arg: expr) * ) => {
100- // Enclosed in a block, so that the result can be used as a value in an outer expression.
101- //
102- // @TODO here and elsewhere - test that this {...} enclosing works with array access suffix
103- // [usize_idx]. Otherwise test if (...) would work instead.
100+ // Enclosed in (...) and NOT in {...}. Why? Because the later does NOT work if the result is
101+ // an array/slice and then it's indexed with array access suffix [usize_idx].
104102 (
105103 if false {
106104 let _ = $fn;
@@ -164,9 +162,8 @@ pub const fn shared_to_mut<T>(_: &T) -> &mut T {
164162#[ macro_export]
165163macro_rules! unsafe_method {
166164 ( $self: expr, $fn: ident $( , $arg: expr) * ) => {
167- // Enclosed in a block, so that the result can be used as a value in an outer expression
168- // without upsetting operator precedence.
169- {
165+ // See unsafe_fn for why here we enclose in (...) and not in {...}.
166+ (
170167 if false {
171168 if false {
172169 // This block makes an instance/owned value of the same type as $self. The
@@ -176,27 +173,36 @@ macro_rules! unsafe_method {
176173 //
177174 // We **cannot** move/take/assign $self by value, in case it's a non-Copy
178175 // **static** variable.
176+ //
177+ // @TODO If NOT #allow_unsafe, inject: #[forbid(unsafe_code)]
179178 let rref = & ( $self ) ;
179+ //
180180 let mref = :: prudent:: shared_to_mut( rref) ;
181181 let mut owned_receiver = :: core:: mem:: replace( mref, unsafe { :: core:: mem:: zeroed( ) } ) ;
182+ // Detect code where unsafe_fn! or unsafe_method! is not needed at all. That is,
183+ // where a function/method used to be `unsafe`, but it stopped being so.
184+ //
185+ // @TODO
186+ //
187+ // 1. store args and then inject them here, instead of $arg:
188+ //
189+ // 2. #[forbid(unused_unsafe)]
182190 let _ = unsafe { owned_receiver. $fn( $( $arg ) ,* ) } ;
183191 } else {
184192 $( let _ = $arg; ) *
185193 }
186194 unreachable!( )
187195 } else {
188196 #[ allow( unsafe_code) ]
189- //@TODO: for unsafe_fn, too:
190- //
191- // If $self or any $arg include `unsafe {...}`, that would trigger "unused_unsafe".
197+ // If $self includes `unsafe {...}`, but no #allow_unsafe, that would trigger
198+ // "unused_unsafe".
192199 //
193- // Unfortunately, because of this, we can't detect code where unsafe_fn! or
194- // unsafe_method! is not needed at all. For example, if a function/method use to be
195- // `unsafe`, and it stopped being so.
200+ // @TODO If NOT #allow_unsafe, inject #[forbid(unused_unsafe)]. Otherwise inject
201+ // #[expect(unused_unsafe)].
196202 #[ allow( unused_unsafe) ]
197203 unsafe { $self. $fn ( $( $arg ) ,* ) }
198204 }
199- }
205+ )
200206 } ;
201207 //@TODO
202208 ( #allow_unsafe $self: expr, $fn: ident $( , $arg: expr) * ) => {
0 commit comments