Increase MSRV to 1.38 and use ptr.cast::<T>() whenever practical to…

… clarify casts. (#425) Avoid anonymous type casts of the form `as *{const,mut} _`. Make it clearer that we're never casting away constness by avoiding `as *mut T` whenever practical.
rust-random · May 26, 2024 · 1390386 · 1390386
1 parent bcbadc1
commit 1390386
Show file tree

Hide file tree

Showing 19 changed files with 39 additions and 27 deletions.
diff --git a/.clippy.toml b/.clippy.toml
@@ -1 +1 @@
-msrv = "1.36"
+msrv = "1.38"
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -44,7 +44,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-22.04, windows-2022]
-        toolchain: [nightly, beta, stable, 1.36]
+        toolchain: [nightly, beta, stable, 1.38]
         # Only Test macOS on stable to reduce macOS CI jobs
         include:
           # x86_64-apple-darwin.

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Breaking Changes
+- Update MSRV to 1.38 [#425]
+
+[#425]: https://github.com/rust-random/getrandom/pull/425
+
 ## [0.2.15] - 2024-05-06
 ### Added
 - Apple visionOS support [#410]

diff --git a/README.md b/README.md
@@ -52,7 +52,7 @@ crate features, WASM support and Custom RNGs see the
 
 ## Minimum Supported Rust Version
 
-This crate requires Rust 1.36.0 or later.
+This crate requires Rust 1.38.0 or later.
 
 ## Platform Support
 

diff --git a/src/apple-other.rs b/src/apple-other.rs
@@ -14,7 +14,7 @@ extern "C" {
 }
 
 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
-    let ret = unsafe { CCRandomGenerateBytes(dest.as_mut_ptr() as *mut c_void, dest.len()) };
+    let ret = unsafe { CCRandomGenerateBytes(dest.as_mut_ptr().cast::<c_void>(), dest.len()) };
     // kCCSuccess (from CommonCryptoError.h) is always zero.
     if ret != 0 {
         Err(Error::IOS_SEC_RANDOM)

diff --git a/src/error.rs b/src/error.rs
@@ -99,7 +99,7 @@ impl Error {
 cfg_if! {
     if #[cfg(unix)] {
         fn os_err(errno: i32, buf: &mut [u8]) -> Option<&str> {
-            let buf_ptr = buf.as_mut_ptr() as *mut libc::c_char;
+            let buf_ptr = buf.as_mut_ptr().cast::<libc::c_char>();
             if unsafe { libc::strerror_r(errno, buf_ptr, buf.len()) } != 0 {
                 return None;
             }

diff --git a/src/fuchsia.rs b/src/fuchsia.rs
@@ -8,6 +8,6 @@ extern "C" {
 }
 
 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
-    unsafe { zx_cprng_draw(dest.as_mut_ptr() as *mut u8, dest.len()) }
+    unsafe { zx_cprng_draw(dest.as_mut_ptr().cast::<u8>(), dest.len()) }
     Ok(())
 }
diff --git a/src/getentropy.rs b/src/getentropy.rs
@@ -8,11 +8,11 @@
 //!
 //! For these targets, we use getentropy(2) because getrandom(2) doesn't exist.
 use crate::{util_libc::last_os_error, Error};
-use core::mem::MaybeUninit;
+use core::{ffi::c_void, mem::MaybeUninit};
 
 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     for chunk in dest.chunks_mut(256) {
-        let ret = unsafe { libc::getentropy(chunk.as_mut_ptr() as *mut libc::c_void, chunk.len()) };
+        let ret = unsafe { libc::getentropy(chunk.as_mut_ptr().cast::<c_void>(), chunk.len()) };
         if ret != 0 {
             return Err(last_os_error());
         }

diff --git a/src/getrandom.rs b/src/getrandom.rs
@@ -16,10 +16,10 @@
 //! nothing. On illumos, the default pool is used to implement getentropy(2),
 //! so we assume it is acceptable here.
 use crate::{util_libc::sys_fill_exact, Error};
-use core::mem::MaybeUninit;
+use core::{ffi::c_void, mem::MaybeUninit};
 
 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     sys_fill_exact(dest, |buf| unsafe {
-        libc::getrandom(buf.as_mut_ptr() as *mut libc::c_void, buf.len(), 0)
+        libc::getrandom(buf.as_mut_ptr().cast::<c_void>(), buf.len(), 0)
     })
 }
diff --git a/src/hermit.rs b/src/hermit.rs
@@ -13,7 +13,7 @@ extern "C" {
 
 pub fn getrandom_inner(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     while !dest.is_empty() {
-        let res = unsafe { sys_read_entropy(dest.as_mut_ptr() as *mut u8, dest.len(), 0) };
+        let res = unsafe { sys_read_entropy(dest.as_mut_ptr().cast::<u8>(), dest.len(), 0) };
         // Positive `isize`s can be safely casted to `usize`
         if res > 0 && (res as usize) <= dest.len() {
             dest = &mut dest[res as usize..];

diff --git a/src/js.rs b/src/js.rs
@@ -40,7 +40,7 @@ pub(crate) fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error>
                     // have a notion of "uninitialized memory", this is purely
                     // a Rust/C/C++ concept.
                     let res = n.random_fill_sync(unsafe {
-                        Uint8Array::view_mut_raw(chunk.as_mut_ptr() as *mut u8, chunk.len())
+                        Uint8Array::view_mut_raw(chunk.as_mut_ptr().cast::<u8>(), chunk.len())
                     });
                     if res.is_err() {
                         return Err(Error::NODE_RANDOM_FILL_SYNC);
@@ -60,7 +60,7 @@ pub(crate) fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error>
                     }
 
                     // SAFETY: `sub_buf`'s length is the same length as `chunk`
-                    unsafe { sub_buf.raw_copy_to_ptr(chunk.as_mut_ptr() as *mut u8) };
+                    unsafe { sub_buf.raw_copy_to_ptr(chunk.as_mut_ptr().cast::<u8>()) };
                 }
             }
         };

diff --git a/src/netbsd.rs b/src/netbsd.rs
@@ -9,7 +9,7 @@ fn kern_arnd(buf: &mut [MaybeUninit<u8>]) -> libc::ssize_t {
         libc::sysctl(
             MIB.as_ptr(),
             MIB.len() as libc::c_uint,
-            buf.as_mut_ptr() as *mut _,
+            buf.as_mut_ptr().cast::<c_void>(),
             &mut len,
             ptr::null(),
             0,
@@ -29,7 +29,7 @@ static GETRANDOM: LazyPtr = LazyPtr::new();
 
 fn dlsym_getrandom() -> *mut c_void {
     static NAME: &[u8] = b"getrandom\0";
-    let name_ptr = NAME.as_ptr() as *const libc::c_char;
+    let name_ptr = NAME.as_ptr().cast::<libc::c_char>();
     unsafe { libc::dlsym(libc::RTLD_DEFAULT, name_ptr) }
 }
 
@@ -38,7 +38,7 @@ pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     if !fptr.is_null() {
         let func: GetRandomFn = unsafe { core::mem::transmute(fptr) };
         return sys_fill_exact(dest, |buf| unsafe {
-            func(buf.as_mut_ptr() as *mut u8, buf.len(), 0)
+            func(buf.as_mut_ptr().cast::<u8>(), buf.len(), 0)
         });
     }
 

diff --git a/src/solaris.rs b/src/solaris.rs
@@ -13,13 +13,13 @@
 //! https://blogs.oracle.com/solaris/post/solaris-new-system-calls-getentropy2-and-getrandom2
 //! which also explains why this crate should not use getentropy(2).
 use crate::{util_libc::last_os_error, Error};
-use core::mem::MaybeUninit;
+use core::{ffi::c_void, mem::MaybeUninit};
 
 const MAX_BYTES: usize = 1024;
 
 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     for chunk in dest.chunks_mut(MAX_BYTES) {
-        let ptr = chunk.as_mut_ptr() as *mut libc::c_void;
+        let ptr = chunk.as_mut_ptr().cast::<c_void>();
         let ret = unsafe { libc::getrandom(ptr, chunk.len(), libc::GRND_RANDOM) };
         // In case the man page has a typo, we also check for negative ret.
         if ret <= 0 {

diff --git a/src/solid.rs b/src/solid.rs
@@ -7,7 +7,7 @@ extern "C" {
 }
 
 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
-    let ret = unsafe { SOLID_RNG_SampleRandomBytes(dest.as_mut_ptr() as *mut u8, dest.len()) };
+    let ret = unsafe { SOLID_RNG_SampleRandomBytes(dest.as_mut_ptr().cast::<u8>(), dest.len()) };
     if ret >= 0 {
         Ok(())
     } else {

diff --git a/src/use_file.rs b/src/use_file.rs
@@ -5,6 +5,7 @@ use crate::{
 };
 use core::{
     cell::UnsafeCell,
+    ffi::c_void,
     mem::MaybeUninit,
     sync::atomic::{AtomicUsize, Ordering::Relaxed},
 };
@@ -21,7 +22,7 @@ const FD_UNINIT: usize = usize::max_value();
 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     let fd = get_rng_fd()?;
     sys_fill_exact(dest, |buf| unsafe {
-        libc::read(fd, buf.as_mut_ptr() as *mut libc::c_void, buf.len())
+        libc::read(fd, buf.as_mut_ptr().cast::<c_void>(), buf.len())
     })
 }
 

diff --git a/src/util_libc.rs b/src/util_libc.rs
@@ -74,7 +74,10 @@ pub fn sys_fill_exact(
 pub unsafe fn open_readonly(path: &str) -> Result<libc::c_int, Error> {
     debug_assert_eq!(path.as_bytes().last(), Some(&0));
     loop {
-        let fd = libc::open(path.as_ptr() as *const _, libc::O_RDONLY | libc::O_CLOEXEC);
+        let fd = libc::open(
+            path.as_ptr().cast::<libc::c_char>(),
+            libc::O_RDONLY | libc::O_CLOEXEC,
+        );
         if fd >= 0 {
             return Ok(fd);
         }
@@ -92,7 +95,7 @@ pub fn getrandom_syscall(buf: &mut [MaybeUninit<u8>]) -> libc::ssize_t {
     unsafe {
         libc::syscall(
             libc::SYS_getrandom,
-            buf.as_mut_ptr() as *mut libc::c_void,
+            buf.as_mut_ptr().cast::<core::ffi::c_void>(),
             buf.len(),
             0,
         ) as libc::ssize_t

diff --git a/src/vxworks.rs b/src/vxworks.rs
@@ -20,7 +20,7 @@ pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
 
     // Prevent overflow of i32
     for chunk in dest.chunks_mut(i32::max_value() as usize) {
-        let ret = unsafe { libc::randABytes(chunk.as_mut_ptr() as *mut u8, chunk.len() as i32) };
+        let ret = unsafe { libc::randABytes(chunk.as_mut_ptr().cast::<u8>(), chunk.len() as i32) };
         if ret != 0 {
             return Err(last_os_error());
         }

diff --git a/src/wasi.rs b/src/wasi.rs
@@ -7,7 +7,7 @@ use core::{
 use wasi::random_get;
 
 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
-    unsafe { random_get(dest.as_mut_ptr() as *mut u8, dest.len()) }.map_err(|e| {
+    unsafe { random_get(dest.as_mut_ptr().cast::<u8>(), dest.len()) }.map_err(|e| {
         // The WASI errno will always be non-zero, but we check just in case.
         match NonZeroU16::new(e.raw()) {
             Some(r) => Error::from(NonZeroU32::from(r)),

diff --git a/src/windows.rs b/src/windows.rs
@@ -29,7 +29,7 @@ pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
         let ret = unsafe {
             BCryptGenRandom(
                 ptr::null_mut(),
-                chunk.as_mut_ptr() as *mut u8,
+                chunk.as_mut_ptr().cast::<u8>(),
                 chunk.len() as u32,
                 BCRYPT_USE_SYSTEM_PREFERRED_RNG,
             )
@@ -39,8 +39,9 @@ pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
             // Failed. Try RtlGenRandom as a fallback.
             #[cfg(not(target_vendor = "uwp"))]
             {
-                let ret =
-                    unsafe { RtlGenRandom(chunk.as_mut_ptr() as *mut c_void, chunk.len() as u32) };
+                let ret = unsafe {
+                    RtlGenRandom(chunk.as_mut_ptr().cast::<c_void>(), chunk.len() as u32)
+                };
                 if ret != 0 {
                     continue;
                 }