Moved user initialization code out of the unsafe block.

The user-provided initialization expression was being evaluated in an
unsafe block, because it appeared as the argument of transmute. This
meant that 1) the user code could do unsafe operations without it being
marked by an unsafe block, and 2) writing an unsafe block in the user
code produced a warning. Now the user code is spliced into an inline
function defined above the unsafe block, and the function is called
inside the unsafe block.

Author: tov

src/lazy_static.rs

@@ -89,11 +89,14 @@ macro_rules! lazy_static {
                 #[inline(always)]
                 fn require_sync<T: Sync>(_: &T) { }
 
+                #[inline(always)]
+                fn initialize() -> Box<$T> { Box::new($e) }
+
                 unsafe {
                     static mut __static: *const $T = 0 as *const $T;
                     static mut __ONCE: Once = ONCE_INIT;
                     __ONCE.call_once(|| {
-                        __static = transmute::<Box<$T>, *const $T>(Box::new(($e)));
+                        __static = transmute::<Box<$T>, *const $T>(initialize());
                     });
                     let static_ref = &*__static;
                     require_sync(static_ref);

tests/test.rs

@@ -13,6 +13,10 @@ lazy_static! {
         m.insert(2, "ghi");
         m
     };
+    // This should not compile if the unsafe is removed.
+    static ref UNSAFE: u32 = unsafe {
+        std::mem::transmute::<i32, u32>(-1)
+    };
     // This *should* triggger warn(dead_code) by design.
     static ref UNUSED: () = ();
 }
@@ -28,6 +32,7 @@ fn test_basic() {
     assert!(HASHMAP.get(&1).is_some());
     assert!(HASHMAP.get(&3).is_none());
     assert_eq!(&*ARRAY_BOXES, &[Box::new(1), Box::new(2), Box::new(3)]);
+    assert_eq!(*UNSAFE, std::u32::MAX);
 }
 
 #[test]