firmware: eliminate most transmutes and document the rest. NFC.

2017-10-02 03:09:46 +00:00 · 2017-10-02 03:09:46 +00:00 · 73c76ebb9a
parent 7ad54e1dcf
commit 73c76ebb9a
4 changed files with 7 additions and 6 deletions
--- a/artiq/firmware/ksupport/eh.rs
+++ b/artiq/firmware/ksupport/eh.rs
@ -409,7 +409,7 @@ static mut INFLIGHT: ExceptionInfo = ExceptionInfo {
 #[export_name="__artiq_raise"]
 #[unwind]
 pub unsafe extern fn raise(exception: *const Exception) -> ! {
-    // Zing! The Exception<'a> as Exception<'static> cast is not really sound in case
+    // Zing! The Exception<'a> to Exception<'static> transmute is not really sound in case
    // the exception is ever captured. Fortunately, they currently aren't, and we save
    // on the hassle of having to allocate exceptions somewhere except on stack.
    INFLIGHT.exception = Some(mem::transmute::<Exception, Exception<'static>>(*exception));
--- a/artiq/firmware/ksupport/lib.rs
+++ b/artiq/firmware/ksupport/lib.rs
@ -34,7 +34,7 @@ fn send(request: &Message) {

 fn recv<R, F: FnOnce(&Message) -> R>(f: F) -> R {
    while mailbox::receive() == 0 {}
-    let result = f(unsafe { mem::transmute::<usize, &Message>(mailbox::receive()) });
+    let result = f(unsafe { &*(mailbox::receive() as *const Message) });
    mailbox::acknowledge();
    result
 }
--- a/artiq/firmware/liblogger_artiq/lib.rs
+++ b/artiq/firmware/liblogger_artiq/lib.rs
@ -4,7 +4,6 @@ extern crate log;
 extern crate log_buffer;
 extern crate board;

-use core::{mem, ptr};
 use core::cell::{Cell, RefCell};
 use core::fmt::Write;
 use log::{Log, LogMetadata, LogRecord, LogLevelFilter, MaxLogLevelFilter};
@ -43,12 +42,12 @@ impl BufferLogger {
        f();
        log::shutdown_logger_raw().unwrap();
        unsafe {
-            LOGGER = ptr::null();
+            LOGGER = 0 as *const _;
        }
    }

    pub fn with<R, F: FnOnce(&BufferLogger) -> R>(f: F) -> R {
-        f(unsafe { mem::transmute::<*const BufferLogger, &BufferLogger>(LOGGER) })
+        f(unsafe { &*LOGGER })
    }

    pub fn clear(&self) {
--- a/artiq/firmware/runtime/session.rs
+++ b/artiq/firmware/runtime/session.rs
@ -150,7 +150,7 @@ fn kern_recv_notrace<R, F>(io: &Io, f: F) -> io::Result<R>
        return Err(io::Error::new(io::ErrorKind::InvalidData, message))
    }

-    f(unsafe { mem::transmute::<usize, &kern::Message>(mailbox::receive()) })
+    f(unsafe { &*(mailbox::receive() as *const kern::Message) })
 }

 fn kern_recv_dotrace(reply: &kern::Message) {
@ -445,6 +445,8 @@ fn process_kern_message(io: &Io, mut stream: Option<&mut TcpStream>,
            &kern::CacheGetRequest { key } => {
                let value = session.congress.cache.get(key);
                kern_send(io, &kern::CacheGetReply {
+                    // Zing! This transmute is only safe because we dynamically track
+                    // whether the kernel has borrowed any values from the cache.
                    value: unsafe { mem::transmute::<*const [i32], &'static [i32]>(value) }
                })
            }