Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix unsafe_op_in_unsafe_fn warning for unsafe operations in generated module #1473

Merged
merged 1 commit into from
Mar 5, 2025
Merged

Fix unsafe_op_in_unsafe_fn warning for unsafe operations in generated module #1473

merged 1 commit into from
Mar 5, 2025

Conversation

xinchengxx
Copy link
Contributor

@xinchengxx xinchengxx commented Mar 5, 2025
edited
Loading

Fix unsafe_op_in_unsafe_fn warning for unsafe operations in generated module

This PR adds #[allow(unsafe_op_in_unsafe_fn)] attributes to autocxx-generated unsafe functions to suppress warnings that would appear when using Rust 2024 edition.

Background

Rust 2024 edition introduces the stabilized unsafe_op_in_unsafe_fn lint (Edition Guide), which requires unsafe operations inside unsafe functions to be explicitly wrapped in unsafe blocks.

While this is a valuable safety improvement for hand-written code (as described in RFC #2585), it creates unnecessary noise for generated FFI bindings like those produced by autocxx.

Example of warnings

Without this fix, code generated by autocxx produces warnings like:

warning[E0133]: call to unsafe function `std::pin::Pin::<&'a mut T>::get_unchecked_mut` is unsafe and requires unsafe block
 --> target/debug/build/utils-3c769df202ee350f/out/autocxx-build-dir/rs/autocxx-ffi-gen.rs:1:18417
  |
1 | ...b769b983bff6673a_autocxx_wrapper_0xb769b983bff6673a (this . get_unchecked_mut () . as_mut_ptr () , other) } } impl Drop for output :: PlainString { # [doc = ...
  |                                                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
  |
  = note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/unsafe-op-in-unsafe-fn.html>
  = note: consult the function's documentation for information on how to avoid undefined behavior

Changes

This PR modifies the code generation templates to add the #[allow(unsafe_op_in_unsafe_fn)] attribute to generated unsafe functions. I think this is appropriate because:

  • The generated bindings already have clear unsafe markers at the API boundary
  • Internal implementation details are not directly visible to users
  • The safety concerns are properly addressed at the function signature level

@google-cla Google CLA
Copy link

google-cla bot commented Mar 5, 2025

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@xinchengxx
Copy link
Contributor Author

Note: According to RFC #2585, this warning may become a compilation error in a future. If that happens, we'll need to modify our code generator implementation to wrap unsafe operations in explicit unsafe blocks rather than using allow attributes.

@adetaylor
Copy link
Collaborator

Thanks. Yep. I'd be very pleased to receive a PR to do this "properly" i.e ensure we have an unsafe block everywhere it's needed.

@adetaylor adetaylor merged commit ca48925 into google:main Mar 5, 2025
19 checks passed
@xinchengxx xinchengxx mentioned this pull request Mar 11, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xinchengxx @adetaylor