sim: unsafe cleanup
Cleanup some of the unsafe usage in mcuboot-sys. In one case, add a
safety comment to the function documentation. In the other, move the
unsafe to a narrower scope, reducing the number of instances of unsafe
needed. From clippy suggestions.
Signed-off-by: David Brown <david.brown@linaro.org>
diff --git a/sim/mcuboot-sys/src/api.rs b/sim/mcuboot-sys/src/api.rs
index 7bd4fc4..a6acd53 100644
--- a/sim/mcuboot-sys/src/api.rs
+++ b/sim/mcuboot-sys/src/api.rs
@@ -94,20 +94,27 @@
pub static SIM_CTX: RefCell<CSimContextPtr> = RefCell::new(CSimContextPtr::new());
}
-// Set the flash device to be used by the simulation. The pointer is unsafely stashed away.
-pub unsafe fn set_flash(dev_id: u8, dev: &mut dyn Flash) {
+/// Set the flash device to be used by the simulation. The pointer is unsafely stashed away.
+///
+/// # Safety
+///
+/// This uses mem::transmute to stash a Rust pointer into a C value to
+/// retrieve later. It should be safe to use this.
+pub fn set_flash(dev_id: u8, dev: &mut dyn Flash) {
THREAD_CTX.with(|ctx| {
ctx.borrow_mut().flash_params.insert(dev_id, FlashParamsStruct {
align: dev.align() as u16,
erased_val: dev.erased_val(),
});
- let dev: &'static mut dyn Flash = mem::transmute(dev);
- ctx.borrow_mut().flash_map.insert(
- dev_id, FlashPtr{ptr: dev as *mut dyn Flash});
+ unsafe {
+ let dev: &'static mut dyn Flash = mem::transmute(dev);
+ ctx.borrow_mut().flash_map.insert(
+ dev_id, FlashPtr{ptr: dev as *mut dyn Flash});
+ }
});
}
-pub unsafe fn clear_flash(dev_id: u8) {
+pub fn clear_flash(dev_id: u8) {
THREAD_CTX.with(|ctx| {
ctx.borrow_mut().flash_map.remove(&dev_id);
});