Rename invalid_mut to without_provenance_mut

c-gull/src/nss.rs

@@ -9,7 +9,7 @@
 
 use core::ffi::CStr;
 use core::mem::{align_of, zeroed};
-use core::ptr::{copy_nonoverlapping, null, null_mut, write};
+use core::ptr::{addr_of_mut, copy_nonoverlapping, null, null_mut, write};
 use core::str;
 use core::str::FromStr;
 use errno::{set_errno, Errno};
@@ -677,7 +677,7 @@ unsafe fn getserv_r(
     // musl returns just the protocol name as the alias list. The intersection
     // of these two that portable code is obliged to assume is an empty list.
     static mut STATIC_SERVENT_ALIASES: *mut c_char = null_mut();
-    let s_aliases = &mut STATIC_SERVENT_ALIASES;
+    let s_aliases = &mut *addr_of_mut!(STATIC_SERVENT_ALIASES);
 
     let mut command = command;
     let output = match command.output() {
@@ -806,7 +806,15 @@ unsafe extern "C" fn getservbyname(
     libc!(libc::getservbyname(name, proto));
 
     let mut result = null_mut();
-    if getservbyname_r(name, proto, &mut STATIC_SERVENT, null_mut(), 0, &mut result) == 0 {
+    if getservbyname_r(
+        name,
+        proto,
+        addr_of_mut!(STATIC_SERVENT),
+        null_mut(),
+        0,
+        &mut result,
+    ) == 0
+    {
         result
     } else {
         null_mut()
@@ -822,7 +830,7 @@ unsafe extern "C" fn getservbyport(port: c_int, proto: *const c_char) -> *mut li
     if getservbyport_r(
         port,
         proto,
-        &mut STATIC_SERVENT,
+        addr_of_mut!(STATIC_SERVENT),
         buf.as_mut_ptr(),
         buf.len(),
         &mut result,

c-gull/src/termios_.rs

@@ -6,7 +6,6 @@
 
 use crate::convert_res;
 use alloc::ffi::CString;
-use alloc::vec::Vec;
 use core::cell::SyncUnsafeCell;
 use core::ptr::{copy_nonoverlapping, null_mut};
 use libc::{c_char, c_int, size_t};

c-scape/Cargo.toml

@@ -23,7 +23,7 @@ rustix = { version = "0.38.31", default-features = false, features = ["event", "
 rustix-futex-sync = { version = "0.2.1", features = ["atomic_usize"] }
 memoffset = "0.9.0"
 realpath-ext = { version = "0.1.0", default-features = false }
-origin = { version = "0.17.0", default-features = false, features = ["thread", "init-fini-arrays", "alloc"] }
+origin = { version = "0.18.1", default-features = false, features = ["thread", "init-fini-arrays", "alloc"] }
 # We use the libc crate for C ABI types and constants, but we don't depend on
 # the actual platform libc.
 libc = { version = "0.2.138", default-features = false }
@@ -64,7 +64,7 @@ static_assertions = "1.1.0"
 
 [features]
 default = ["thread", "std", "coexist-with-libc", "threadsafe-setenv", "use-compiler-builtins"]
-thread = ["origin/set_thread_id"]
+thread = []
 std = ["rustix/std", "printf-compat/std"]
 
 # In "take-charge" mode, this enables code in c-scape to define the

c-scape/src/brk.rs

@@ -1,5 +1,5 @@
 use crate::convert_res;
-use core::ptr::{invalid_mut, null_mut};
+use core::ptr::{null_mut, without_provenance_mut};
 use errno::{set_errno, Errno};
 use libc::{c_int, c_void, intptr_t};
 
@@ -35,7 +35,7 @@ unsafe extern "C" fn sbrk(increment: intptr_t) -> *mut c_void {
         // Read the current value from the OS.
         old = match convert_res(rustix::runtime::brk(null_mut())) {
             Some(old) => old,
-            None => return invalid_mut(!0),
+            None => return without_provenance_mut(!0),
         };
     }
 
@@ -57,15 +57,15 @@ unsafe extern "C" fn sbrk(increment: intptr_t) -> *mut c_void {
     if !ok {
         CURRENT = old;
         set_errno(Errno(libc::ENOMEM));
-        return invalid_mut(!0);
+        return without_provenance_mut(!0);
     }
 
     // Install the new address.
     let new = match convert_res(rustix::runtime::brk(want)) {
         Some(new) => new,
         None => {
             CURRENT = old;
-            return invalid_mut(!0);
+            return without_provenance_mut(!0);
         }
     };
 
@@ -74,7 +74,7 @@ unsafe extern "C" fn sbrk(increment: intptr_t) -> *mut c_void {
     // The `brk` syscall returns the old value if it failed.
     if new != want {
         set_errno(Errno(libc::ENOMEM));
-        return invalid_mut(!0);
+        return without_provenance_mut(!0);
     }
 
     old

c-scape/src/errno_.rs

@@ -1,7 +1,7 @@
 use alloc::borrow::ToOwned;
 use alloc::format;
 use core::cell::SyncUnsafeCell;
-use core::ptr::{copy_nonoverlapping, null_mut};
+use core::ptr::{addr_of_mut, copy_nonoverlapping, null_mut};
 use libc::{c_char, c_int};
 
 /// Return the address of the thread-local `errno` state.
@@ -15,7 +15,7 @@ unsafe extern "C" fn __errno_location() -> *mut c_int {
 
     #[cfg_attr(feature = "thread", thread_local)]
     static mut ERRNO: i32 = 0;
-    &mut ERRNO
+    addr_of_mut!(ERRNO)
 }
 
 #[no_mangle]

c-scape/src/fs/dir/readdir.rs

@@ -1,4 +1,3 @@
-use core::convert::TryInto;
 use core::mem::transmute;
 use core::ptr::null_mut;
 

c-scape/src/fs/lseek.rs

@@ -1,5 +1,4 @@
 use crate::convert_res;
-use core::convert::TryInto;
 use errno::{set_errno, Errno};
 use libc::{c_int, off64_t, off_t};
 use rustix::fd::BorrowedFd;

c-scape/src/fs/stat.rs

@@ -1,4 +1,3 @@
-use core::convert::TryInto;
 use core::ffi::CStr;
 use core::mem::size_of_val;
 use core::ptr::{addr_of, addr_of_mut, copy_nonoverlapping};

c-scape/src/fs/xattr.rs

@@ -3,7 +3,7 @@
 use crate::{convert_res, READ_BUFFER};
 use core::cmp::min;
 use core::ffi::CStr;
-use core::ptr::copy_nonoverlapping;
+use core::ptr::{addr_of_mut, copy_nonoverlapping};
 use core::slice;
 use libc::{c_char, c_int, c_void, size_t, ssize_t};
 use rustix::fd::BorrowedFd;
@@ -26,7 +26,7 @@ unsafe extern "C" fn getxattr(
     match convert_res(rustix::fs::getxattr(
         path,
         name,
-        &mut READ_BUFFER[..min(len, READ_BUFFER.len())],
+        &mut *addr_of_mut!(READ_BUFFER[..min(len, READ_BUFFER.len())]),
     )) {
         Some(size) => {
             // If `size` is 0, `value` could be null.
@@ -56,7 +56,7 @@ unsafe extern "C" fn lgetxattr(
     match convert_res(rustix::fs::lgetxattr(
         path,
         name,
-        &mut READ_BUFFER[..min(len, READ_BUFFER.len())],
+        &mut *addr_of_mut!(READ_BUFFER[..min(len, READ_BUFFER.len())]),
     )) {
         Some(size) => {
             // If `size` is 0, `value` could be null.
@@ -86,7 +86,7 @@ unsafe extern "C" fn fgetxattr(
     match convert_res(rustix::fs::fgetxattr(
         fd,
         name,
-        &mut READ_BUFFER[..min(len, READ_BUFFER.len())],
+        &mut *addr_of_mut!(READ_BUFFER[..min(len, READ_BUFFER.len())]),
     )) {
         Some(size) => {
             // If `size` is 0, `value` could be null.
@@ -169,7 +169,7 @@ unsafe extern "C" fn listxattr(path: *const c_char, list: *mut c_char, len: size
     // a slice, use a temporary copy.
     match convert_res(rustix::fs::listxattr(
         path,
-        &mut READ_BUFFER[..min(len, READ_BUFFER.len())],
+        &mut *addr_of_mut!(READ_BUFFER[..min(len, READ_BUFFER.len())]),
     )) {
         Some(size) => {
             // If `size` is 0, `value` could be null.
@@ -192,7 +192,7 @@ unsafe extern "C" fn llistxattr(path: *const c_char, list: *mut c_char, len: siz
     // a slice, use a temporary copy.
     match convert_res(rustix::fs::llistxattr(
         path,
-        &mut READ_BUFFER[..min(len, READ_BUFFER.len())],
+        &mut *addr_of_mut!(READ_BUFFER[..min(len, READ_BUFFER.len())]),
     )) {
         Some(size) => {
             // If `size` is 0, `value` could be null.
@@ -215,7 +215,7 @@ unsafe extern "C" fn flistxattr(fd: c_int, list: *mut c_char, len: size_t) -> ss
     // a slice, use a temporary copy.
     match convert_res(rustix::fs::flistxattr(
         fd,
-        &mut READ_BUFFER[..min(len, READ_BUFFER.len())],
+        &mut *addr_of_mut!(READ_BUFFER[..min(len, READ_BUFFER.len())]),
     )) {
         Some(size) => {
             // If `size` is 0, `value` could be null.

c-scape/src/io/mod.rs

@@ -15,7 +15,6 @@ mod write;
 use rustix::event::EventfdFlags;
 use rustix::fd::{BorrowedFd, IntoRawFd};
 
-use core::convert::TryInto;
 use libc::{c_int, c_long, c_uint};
 
 use crate::convert_res;

c-scape/src/io/poll.rs

@@ -1,4 +1,3 @@
-use core::convert::TryInto;
 use core::slice;
 use libc::c_int;
 

c-scape/src/lib.rs

@@ -7,7 +7,6 @@
 #![feature(exposed_provenance)]
 #![feature(inline_const)]
 #![feature(sync_unsafe_cell)]
-#![feature(ip_in_core)]
 #![feature(linkage)]
 #![deny(fuzzy_provenance_casts, lossy_provenance_casts)]
 

c-scape/src/net/mod.rs

@@ -1,7 +1,6 @@
 mod inet;
 
 use core::cmp::min;
-use core::convert::TryInto;
 use core::ffi::c_void;
 #[cfg(not(target_os = "wasi"))]
 use core::mem::size_of;

c-scape/src/process_.rs

@@ -189,8 +189,8 @@ unsafe extern "C" fn __getauxval(type_: c_ulong) -> *mut c_void {
 #[cfg(feature = "take-charge")]
 fn _getauxval(type_: c_ulong) -> *mut c_void {
     match type_ {
-        libc::AT_HWCAP => ptr::invalid_mut(rustix::param::linux_hwcap().0),
-        libc::AT_HWCAP2 => ptr::invalid_mut(rustix::param::linux_hwcap().1),
+        libc::AT_HWCAP => ptr::without_provenance_mut(rustix::param::linux_hwcap().0),
+        libc::AT_HWCAP2 => ptr::without_provenance_mut(rustix::param::linux_hwcap().1),
         _ => todo!("unrecognized __getauxval {}", type_),
     }
 }