Require unsafe blocks in unsafe functions
Some hopefully harmless refactoring. Only minor behavioral changes are
introduced.
Turn on the unsafe_op_in_unsafe_fn lint, treated as an error, for all
our low-level code, to ensure that unsafe code is properly highlighted
& commented even inside unsafe functions. I've moved the setting from
the code to the blueprint in order to make it the default for new
code, and reduce clutter.
Add unsafe blocks as required to fix all the errors that this
surfaced, with appropriate safety comments. I've tried to keep them as
small as possible.
Slightly to my surprise I removed the unsafe marker from malloc_ (and
renamed it in passing); I believe it has no preconditions and is
always safe - although doing anything with the returned memory
wouldn't be.
Bug: 275693559
Test: flash pvmfw, atest MicrodroidTests
Change-Id: Ia6f39102caea05c6517bc7500914b7fe7025286c
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index 8be5f7d..dff7d13 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -8,6 +8,8 @@
defaults: ["vmbase_ffi_defaults"],
srcs: ["src/main.rs"],
edition: "2021",
+ // Require unsafe blocks for inside unsafe functions.
+ flags: ["-Dunsafe_op_in_unsafe_fn"],
features: [
"legacy",
],
@@ -30,6 +32,7 @@
"libuuid_nostd",
"libvirtio_drivers",
"libvmbase",
+ "libzerocopy_nostd",
"libzeroize_nostd",
],
}