diff options
| author |  Jorge Aparicio <jorge@japaric.io>
| 2018-09-18 00:26:28 +0200 |
|---|---|---|
| committer | Jorge Aparicio <jorge@japaric.io>
| 2018-09-18 00:26:28 +0200 |
| commit | 8385882be93fd4ba4e20ea0a812766cdc1a74c33 (patch) | |
| tree | 9f2f8e03f77a604b3669c26232873b3c527f2f61 | |
| parent | 403d8881ac3be806b519dedf107f6038d220bb59 (diff) | |
| download | cortex-m-8385882be93fd4ba4e20ea0a812766cdc1a74c33.tar.gz cortex-m-8385882be93fd4ba4e20ea0a812766cdc1a74c33.tar.zst cortex-m-8385882be93fd4ba4e20ea0a812766cdc1a74c33.zip | |
respect declared unsafety
the `#[entry]` and `#[exception]` attributes ignored the declared unsafety and
always expanded to a safe function. This caused the following valid code to
error at compile time:
``` rust
#[entry]
unsafe fn main() -> ! {
foo();
//~^ ERROR call to unsafe function is unsafe and requires unsafe function or block
loop {}
}
unsafe fn foo() {}
```
| -rw-r--r-- | cortex-m-rt/examples/unsafety.rs | 36 | ||||
| -rw-r--r-- | cortex-m-rt/macros/src/lib.rs | 10 |
2 files changed, 42 insertions, 4 deletions
diff --git a/cortex-m-rt/examples/unsafety.rs b/cortex-m-rt/examples/unsafety.rs new file mode 100644 index 0000000..a9f0234 --- /dev/null +++ b/cortex-m-rt/examples/unsafety.rs @@ -0,0 +1,36 @@ +//! Checks that the declared unsafety is respected by the attributes + +#![deny(warnings)] +#![no_main] +#![no_std] + +extern crate cortex_m_rt; +extern crate panic_semihosting; + +use cortex_m_rt::{entry, exception, ExceptionFrame}; + +#[entry] +unsafe fn main() -> ! { + foo(); + + loop {} +} + +#[exception] +unsafe fn DefaultHandler(_irqn: i16) { + foo(); +} + +#[exception] +unsafe fn HardFault(_ef: &ExceptionFrame) -> ! { + foo(); + + loop {} +} + +#[exception] +unsafe fn SysTick() { + foo(); +} + +unsafe fn foo() {} diff --git a/cortex-m-rt/macros/src/lib.rs b/cortex-m-rt/macros/src/lib.rs index 4c65916..804dd64 100644 --- a/cortex-m-rt/macros/src/lib.rs +++ b/cortex-m-rt/macros/src/lib.rs @@ -105,6 +105,7 @@ pub fn entry(args: TokenStream, input: TokenStream) -> TokenStream { // XXX should we blacklist other attributes? let attrs = f.attrs; + let unsafety = f.unsafety; let hash = random_ident(); let (statics, stmts) = extract_static_muts(f.block.stmts); @@ -131,7 +132,7 @@ pub fn entry(args: TokenStream, input: TokenStream) -> TokenStream { quote!( #[export_name = "main"] #(#attrs)* - pub fn #hash() -> ! { + pub #unsafety fn #hash() -> ! { #(#vars)* #(#stmts)* @@ -282,6 +283,7 @@ pub fn exception(args: TokenStream, input: TokenStream) -> TokenStream { let attrs = f.attrs; let block = f.block; let stmts = block.stmts; + let unsafety = f.unsafety; let hash = random_ident(); match exn { @@ -313,7 +315,7 @@ pub fn exception(args: TokenStream, input: TokenStream) -> TokenStream { quote!( #[export_name = #ident_s] #(#attrs)* - pub extern "C" fn #hash() { + pub #unsafety extern "C" fn #hash() { extern crate core; const SCB_ICSR: *const u32 = 0xE000_ED04 as *const u32; @@ -362,7 +364,7 @@ pub fn exception(args: TokenStream, input: TokenStream) -> TokenStream { quote!( #[export_name = "UserHardFault"] #(#attrs)* - pub extern "C" fn #hash(#arg) -> ! { + pub #unsafety extern "C" fn #hash(#arg) -> ! { extern crate cortex_m_rt; // further type check of the input argument @@ -418,7 +420,7 @@ pub fn exception(args: TokenStream, input: TokenStream) -> TokenStream { quote!( #[export_name = #ident_s] #(#attrs)* - pub extern "C" fn #hash() { + pub #unsafety extern "C" fn #hash() { extern crate cortex_m_rt; // check that this exception actually exists |