commit 7cc4526db6e79ea68a5096b48efeb34a5c4afaaf
author David Brown <david.brown@linaro.org> Wed Mar 10 05:13:44 2021 -0700
committer David Brown <davidb@davidb.org> Thu Mar 11 07:25:43 2021 -0700
tree 4a66bd490b8f98997ed2a8969ab428299865b261
parent fc8e3c5b69a6dcf27cd0d010984da8020668ca43

sim: unsafe cleanup

Cleanup some of the unsafe usage in mcuboot-sys.  In one case, add a
safety comment to the function documentation.  In the other, move the
unsafe to a narrower scope, reducing the number of instances of unsafe
needed.  From clippy suggestions.

Signed-off-by: David Brown <david.brown@linaro.org>

sim/mcuboot-sys/src/api.rs

diff --git a/sim/mcuboot-sys/src/api.rs b/sim/mcuboot-sys/src/api.rs
index 7bd4fc4..a6acd53 100644
--- a/sim/mcuboot-sys/src/api.rs
+++ b/sim/mcuboot-sys/src/api.rs
@@ -94,20 +94,27 @@
     pub static SIM_CTX: RefCell<CSimContextPtr> = RefCell::new(CSimContextPtr::new());
 }
 
-// Set the flash device to be used by the simulation.  The pointer is unsafely stashed away.
-pub unsafe fn set_flash(dev_id: u8, dev: &mut dyn Flash) {
+/// Set the flash device to be used by the simulation.  The pointer is unsafely stashed away.
+///
+/// # Safety
+///
+/// This uses mem::transmute to stash a Rust pointer into a C value to
+/// retrieve later.  It should be safe to use this.
+pub fn set_flash(dev_id: u8, dev: &mut dyn Flash) {
     THREAD_CTX.with(|ctx| {
         ctx.borrow_mut().flash_params.insert(dev_id, FlashParamsStruct {
             align: dev.align() as u16,
             erased_val: dev.erased_val(),
         });
-        let dev: &'static mut dyn Flash = mem::transmute(dev);
-        ctx.borrow_mut().flash_map.insert(
-            dev_id, FlashPtr{ptr: dev as *mut dyn Flash});
+        unsafe {
+            let dev: &'static mut dyn Flash = mem::transmute(dev);
+            ctx.borrow_mut().flash_map.insert(
+                dev_id, FlashPtr{ptr: dev as *mut dyn Flash});
+        }
     });
 }
 
-pub unsafe fn clear_flash(dev_id: u8) {
+pub fn clear_flash(dev_id: u8) {
     THREAD_CTX.with(|ctx| {
         ctx.borrow_mut().flash_map.remove(&dev_id);
     });

sim/mcuboot-sys/src/c.rs

diff --git a/sim/mcuboot-sys/src/c.rs b/sim/mcuboot-sys/src/c.rs
index fa2a3dd..eb5f90f 100644
--- a/sim/mcuboot-sys/src/c.rs
+++ b/sim/mcuboot-sys/src/c.rs
@@ -13,10 +13,8 @@
 /// Invoke the bootloader on this flash device.
 pub fn boot_go(multiflash: &mut SimMultiFlash, areadesc: &AreaDesc,
                counter: Option<&mut i32>, catch_asserts: bool) -> (i32, u8) {
-    unsafe {
-        for (&dev_id, flash) in multiflash.iter_mut() {
-            api::set_flash(dev_id, flash);
-        }
+    for (&dev_id, flash) in multiflash.iter_mut() {
+        api::set_flash(dev_id, flash);
     }
     let mut sim_ctx = api::CSimContext {
         flash_counter: match counter {
@@ -33,11 +31,9 @@
     };
     let asserts = sim_ctx.c_asserts;
     counter.map(|c| *c = sim_ctx.flash_counter);
-    unsafe {
-        for (&dev_id, _) in multiflash {
-            api::clear_flash(dev_id);
-        }
-    };
+    for &dev_id in multiflash.keys() {
+        api::clear_flash(dev_id);
+    }
     (result, asserts)
 }