Unsafety checks

arnie · March 6, 2023, 5:18pm

To switch to unsafe Rust, use the unsafe keyword and then start a new block that holds the unsafe code. You can take five actions in unsafe Rust that you can’t in safe Rust, which we call unsafe superpowers. Those superpowers include the ability to:

Dereference a raw pointer

Call an unsafe function or method

Access or modify a mutable static variable

Implement an unsafe trait

Access fields of unions

It’s important to understand that unsafe doesn’t turn off the borrow checker or disable any other of Rust’s safety checks:

This demonstrates that another important safety check is not performed in unsafe code:

unsafe extern "C" fn hotplug_callback(
    ctx: *mut libusb_context,
    device: *mut libusb_device,
    event: libusb_hotplug_event,
    user_data: *mut ::std::os::raw::c_void,
) -> ::std::os::raw::c_int {
    println!("Event occured");
    let dev_handle: *mut *mut libusb_device_handle = std::ptr::null_mut();
    match usb_sys::libusb_open(device, dev_handle) {
        0 => {
            eprintln!("SUCCESS libusb_open")
        }
        LIBUSB_ERROR_NO_MEM => {
            eprintln!("LIBUSB_ERROR_NO_MEM")
        }
        LIBUSB_ERROR_ACCESS => {
            eprintln!("LIBUSB_ERROR_ACCESS")
        }
        LIBUSB_ERROR_NO_DEVICE => {
            eprintln!("LIBUSB_ERROR_NO_DEVICE")
        }
//NO ENTRY FOR REST OF THE ERRORS, NON THE LESS, IT COMPILES
    }
    0
}

jbe · March 6, 2023, 5:33pm

Are you sure? I wonder why, because this doesn't compile:

unsafe fn foo() -> i32 {
    0
}

fn main() {
    unsafe {
        match foo() {
            0 => (),
        }
    }
}

(Playground)

Errors:

   Compiling playground v0.0.1 (/playground)
error[E0004]: non-exhaustive patterns: `i32::MIN..=-1_i32` and `1_i32..=i32::MAX` not covered
 --> src/main.rs:7:15
  |
7 |         match foo() {
  |               ^^^^^ patterns `i32::MIN..=-1_i32` and `1_i32..=i32::MAX` not covered
  |
  = note: the matched value is of type `i32`
help: ensure that all possible cases are being handled by adding a match arm with a wildcard pattern, a match arm with multiple or-patterns as shown, or multiple match arms
  |
8 ~             0 => (),
9 ~             i32::MIN..=-1_i32 | 1_i32..=i32::MAX => todo!(),
  |

For more information about this error, try `rustc --explain E0004`.
error: could not compile `playground` due to previous error

arnie · March 6, 2023, 5:42pm

I am sure. Strange that your example compiles. I'm glad that it does.
What happens if you add: unsafe extern "C" ?

cole-miller · March 6, 2023, 5:49pm

The problem is that LIBUSB_ERROR_NO_MEM is a wildcard pattern that matches any value, equivalent to _, as the compiler will tell you:

warning: unreachable pattern
  --> src/lib.rs:29:9
   |
26 |         LIBUSB_ERROR_NO_MEM => {
   |         ------------------- matches any value
...
29 |         LIBUSB_ERROR_ACCESS => {
   |         ^^^^^^^^^^^^^^^^^^^ unreachable pattern
   |

This has nothing to do with unsafe or extern "C". To fix it, ensure that LIBUSB_ERROR_NO_MEM and similar are defined as consts and imported under the names you expect.

arnie · March 6, 2023, 5:59pm

Thanks, that cleared that out!

jbe · March 6, 2023, 7:50pm

What is a wildcard pattern and how can you define one? I don't see any macro invocation. How does it work?

semicoleon · March 6, 2023, 7:52pm

Its just a default match arm binding the value to a new identifier.

jbe · March 6, 2023, 7:59pm

Oh evil!

fn main() {
    match 37 {
        ELEPHANT => {
            println!("Töröhh!");
        },
        DOG => {
            println!("Woof!")
        },
    }
}

(Playground)

scottmcm · March 6, 2023, 8:02pm

Well that's why it gets five warnings!

Paying attention to what the compiler tells you is important.

system · June 4, 2023, 8:03pm

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.