Refactoring unsafe parts
Eliminate or limit the scope of unsafe code.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I16976b2a3554d6bfc822312d3f84c4db3f5b24ea
diff --git a/src/descriptor.rs b/src/descriptor.rs
index 039cdae..ef78d13 100644
--- a/src/descriptor.rs
+++ b/src/descriptor.rs
@@ -102,6 +102,7 @@
/// Memory descriptor of a memory translation table
#[repr(C)]
+#[derive(Default)]
pub struct Descriptor {
cell: UnsafeCell<u64>,
}
@@ -122,7 +123,7 @@
pub fn get_descriptor_type(&self, level: usize) -> DescriptorType {
assert!(level <= 3);
- let desc_type_bits = unsafe { self.get() } & Self::DESCRIPTOR_TYPE_MASK;
+ let desc_type_bits = self.get() & Self::DESCRIPTOR_TYPE_MASK;
if desc_type_bits & Self::VALID_BIT != 0 {
if level == 3 {
assert_eq!(Self::TABLE_BIT, desc_type_bits & Self::TABLE_BIT);
@@ -141,7 +142,7 @@
/// Check if it is a valid descriptor
pub fn is_valid(&self) -> bool {
- unsafe { self.get() & Self::VALID_BIT != 0 }
+ self.get() & Self::VALID_BIT != 0
}
// Block descriptor functions
@@ -162,9 +163,7 @@
let table_bit = if level < 3 { 0 } else { Self::TABLE_BIT };
- unsafe {
- self.set(Self::VALID_BIT | table_bit | output_address as u64 | attr);
- }
+ self.set(Self::VALID_BIT | table_bit | output_address as u64 | attr);
}
/// Get output address from the block descriptor
@@ -172,7 +171,7 @@
assert!(level <= 3);
assert_eq!(DescriptorType::Block, self.get_descriptor_type(level));
- ((unsafe { self.get() }) & Self::OA_MASK) as usize
+ (self.get() & Self::OA_MASK) as usize
}
/// Set the attributes of the block descriptor
@@ -182,7 +181,7 @@
assert_eq!(0, attr & !Self::ATTR_MASK);
assert_eq!(DescriptorType::Block, self.get_descriptor_type(level));
- unsafe { self.modify(|d| (d & !Self::ATTR_MASK) | attr) };
+ self.modify(|d| (d & !Self::ATTR_MASK) | attr);
}
/// Get the attributes of the block descriptor
@@ -190,7 +189,7 @@
assert!(level <= 3);
assert_eq!(DescriptorType::Block, self.get_descriptor_type(level));
- Attributes::from((unsafe { self.get() }) & Self::ATTR_MASK)
+ Attributes::from(self.get() & Self::ATTR_MASK)
}
/// Set block descriptor to invalid
@@ -198,7 +197,7 @@
assert!(level <= 3);
assert_eq!(DescriptorType::Block, self.get_descriptor_type(level));
- unsafe { self.set(Self::INVALID_DESCRIPTOR_VALUE) }
+ self.set(Self::INVALID_DESCRIPTOR_VALUE)
}
/// Set table descriptor
@@ -260,7 +259,7 @@
assert!(level <= 2);
assert_eq!(DescriptorType::Table, self.get_descriptor_type(level));
- NextLevelAttributes::from((unsafe { self.get() }) & Self::NEXT_ATTR_MASK)
+ NextLevelAttributes::from(self.get() & Self::NEXT_ATTR_MASK)
}
/// Set table descriptor to invalid
@@ -278,17 +277,17 @@
}
/// Get raw descriptor value
- unsafe fn get(&self) -> u64 {
- ptr::read_volatile(self.cell.get())
+ fn get(&self) -> u64 {
+ unsafe { ptr::read_volatile(self.cell.get()) }
}
/// Set raw descriptor value
- unsafe fn set(&mut self, value: u64) {
- ptr::write_volatile(self.cell.get(), value)
+ fn set(&mut self, value: u64) {
+ unsafe { ptr::write_volatile(self.cell.get(), value) }
}
/// Modify raw descriptor value
- unsafe fn modify<F>(&mut self, f: F)
+ fn modify<F>(&mut self, f: F)
where
F: Fn(u64) -> u64,
{
@@ -459,7 +458,7 @@
};
descriptor.set_block_descriptor(1, 0, Attributes::default());
- assert_eq!(0x1, unsafe { descriptor.get() });
+ assert_eq!(0x1, descriptor.get());
}
#[test]
@@ -486,7 +485,7 @@
..Default::default()
},
);
- assert_eq!(0x0040000f_c0000001, unsafe { descriptor.get() });
+ assert_eq!(0x0040000f_c0000001, descriptor.get());
let mut descriptor = Descriptor {
cell: UnsafeCell::new(0),
@@ -500,7 +499,7 @@
..Default::default()
},
);
- assert_eq!(0x0040000f_fffff003, unsafe { descriptor.get() });
+ assert_eq!(0x0040000f_fffff003, descriptor.get());
assert_eq!(0x0000000f_fffff000, descriptor.get_block_output_address(3));
assert_eq!(
@@ -544,7 +543,7 @@
};
descriptor.set_block_descriptor_to_invalid(3);
- assert_eq!(0, unsafe { descriptor.get() });
+ assert_eq!(0, descriptor.get());
}
#[test]
@@ -573,7 +572,7 @@
unsafe {
descriptor.set_table_descriptor(0, next_level_table, None);
}
- assert_eq!(0x1003, unsafe { descriptor.get() });
+ assert_eq!(0x1003, descriptor.get());
}
#[test]
@@ -615,7 +614,7 @@
unsafe {
descriptor.set_table_descriptor(0, next_level_table, None);
}
- assert_eq!(0x0000_000c_ba98_7003, unsafe { descriptor.get() });
+ assert_eq!(0x0000_000c_ba98_7003, descriptor.get());
}
#[test]
@@ -637,9 +636,7 @@
}),
);
}
- assert_eq!(NEXT_LEVEL_ADDR | 0x8000_0000_0000_0003, unsafe {
- descriptor.get()
- });
+ assert_eq!(NEXT_LEVEL_ADDR | 0x8000_0000_0000_0003, descriptor.get());
}
#[test]
@@ -688,7 +685,7 @@
assert_eq!(KernelSpace::pa_to_kernel(NEXT_LEVEL_ADDR), unsafe {
descriptor.set_table_descriptor_to_invalid(0).as_ptr() as *mut Descriptor as u64
});
- assert_eq!(0, unsafe { descriptor.get() });
+ assert_eq!(0, descriptor.get());
}
#[test]
@@ -700,13 +697,11 @@
cell: UnsafeCell::new(cell_value),
};
- unsafe {
- assert_eq!(cell_value, descriptor.get());
+ assert_eq!(cell_value, descriptor.get());
- descriptor.set(cell_new_value);
- assert_eq!(cell_new_value, descriptor.get());
+ descriptor.set(cell_new_value);
+ assert_eq!(cell_new_value, descriptor.get());
- descriptor.modify(|d| d + 1);
- assert_eq!(cell_new_value + 1, descriptor.get());
- }
+ descriptor.modify(|d| d + 1);
+ assert_eq!(cell_new_value + 1, descriptor.get());
}
diff --git a/src/lib.rs b/src/lib.rs
index c70824e..9592c04 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -44,7 +44,7 @@
impl BaseTable {
pub fn new() -> Self {
BaseTable {
- descriptors: unsafe { core::mem::transmute([0u64; 64]) },
+ descriptors: core::array::from_fn(|_| Descriptor::default()),
}
}
}