Address MSRV TODOs (#755)

Author: tamird

build.rs

@@ -1,35 +1,3 @@
-use std::{env, ffi::OsString, process::Command};
-
-/// Tries to get the minor version of the Rust compiler in use.
-/// If it fails for any reason, returns `None`.
-///
-/// Based on the `rustc_version` crate.
-fn rustc_minor_version() -> Option<u64> {
-    let rustc = env::var_os("RUSTC").unwrap_or_else(|| OsString::from("rustc"));
-    let mut cmd = if let Some(wrapper) = env::var_os("RUSTC_WRAPPER").filter(|w| !w.is_empty()) {
-        let mut cmd = Command::new(wrapper);
-        cmd.arg(rustc);
-        cmd
-    } else {
-        Command::new(rustc)
-    };
-
-    let out = cmd.arg("-vV").output().ok()?;
-
-    if !out.status.success() {
-        return None;
-    }
-
-    let stdout = std::str::from_utf8(&out.stdout).ok()?;
-
-    // Assumes that the first line contains "rustc 1.xx.0-channel (abcdef 2025-01-01)"
-    // where "xx" is the minor version which we want to extract
-    let mut lines = stdout.lines();
-    let first_line = lines.next()?;
-    let minor_ver_str = first_line.split('.').nth(1)?;
-    minor_ver_str.parse().ok()
-}
-
 fn main() {
     // Automatically detect cfg(sanitize = "memory") even if cfg(sanitize) isn't
     // supported. Build scripts get cfg() info, even if the cfg is unstable.
@@ -38,20 +6,4 @@ fn main() {
     if sanitizers.contains("memory") {
         println!("cargo:rustc-cfg=getrandom_msan");
     }
-
-    // Use `RtlGenRandom` on older compiler versions since win7 targets
-    // TODO(MSRV 1.78): Remove this check
-    let target_family = env::var_os("CARGO_CFG_TARGET_FAMILY").and_then(|f| f.into_string().ok());
-    if target_family.as_deref() == Some("windows") {
-        /// Minor version of the Rust compiler in which win7 targets were inroduced
-        const WIN7_INTRODUCED_MINOR_VER: u64 = 78;
-
-        match rustc_minor_version() {
-            Some(minor_ver) if minor_ver < WIN7_INTRODUCED_MINOR_VER => {
-                println!("cargo:rustc-cfg=getrandom_backend=\"windows_legacy\"");
-            }
-            None => println!("cargo:warning=Couldn't detect minor version of the Rust compiler"),
-            _ => {}
-        }
-    }
 }

src/backends/getrandom.rs

@@ -25,11 +25,10 @@ mod util_libc;
 
 #[inline]
 pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
-    util_libc::sys_fill_exact(dest, |buf| unsafe {
-        let ret = libc::getrandom(buf.as_mut_ptr().cast(), buf.len(), 0);
+    util_libc::sys_fill_exact(dest, |buf| {
+        let ret = unsafe { libc::getrandom(buf.as_mut_ptr().cast(), buf.len(), 0) };
 
         #[cfg(any(target_os = "android", target_os = "linux"))]
-        #[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
         unsafe {
             super::sanitizer::unpoison_linux_getrandom_result(buf, ret);
         }

src/backends/linux_raw.rs

@@ -12,8 +12,11 @@ unsafe fn getrandom_syscall(buf: *mut u8, buflen: usize, flags: u32) -> isize {
 
     // Based on `rustix` and `linux-raw-sys` code.
     cfg_if! {
-        if #[cfg(target_arch = "arm")] {
-            // TODO(MSRV-1.78): Also check `target_abi = "eabi"`.
+        if #[cfg(all(
+            target_arch = "arm",
+            any(target_abi = "eabi", target_abi = "eabihf"),
+        ))] {
+            const __NR_getrandom: u32 = 384;
             // In thumb-mode, r7 is the frame pointer and is not permitted to be used in
             // an inline asm operand, so we have to use a different register and copy it
             // into r7 inside the inline asm.
@@ -23,19 +26,21 @@ unsafe fn getrandom_syscall(buf: *mut u8, buflen: usize, flags: u32) -> isize {
             unsafe {
                 core::arch::asm!(
                     "mov {tmp}, r7",
-                    // TODO(MSRV-1.82): replace with `nr = const __NR_getrandom,`
-                    "mov r7, #384",
+                    "mov r7, {nr}",
                     "svc 0",
                     "mov r7, {tmp}",
                     tmp = out(reg) _,
+                    nr = const __NR_getrandom,
                     inlateout("r0") buf => r0,
                     in("r1") buflen,
                     in("r2") flags,
                     options(nostack, preserves_flags)
                 );
             }
-        } else if #[cfg(target_arch = "aarch64")] {
-            // TODO(MSRV-1.78): Also check `any(target_abi = "", target_abi = "ilp32")` above.
+        } else if #[cfg(all(
+            target_arch = "aarch64",
+            any(target_abi = "", target_abi = "ilp32"),
+        ))] {
             // According to the ILP32 patch for the kernel that hasn't yet
             // been merged into the mainline, "AARCH64/ILP32 ABI uses standard
             // syscall table [...] with the exceptions listed below," where
@@ -51,8 +56,10 @@ unsafe fn getrandom_syscall(buf: *mut u8, buflen: usize, flags: u32) -> isize {
                     options(nostack, preserves_flags)
                 );
             }
-        } else if #[cfg(target_arch = "loongarch64")] {
-            // TODO(MSRV-1.78): Also check `any(target_abi = "", target_abi = "ilp32")` above.
+        } else if #[cfg(all(
+            target_arch = "loongarch64",
+            any(target_abi = "", target_abi = "ilp32"),
+        ))] {
             const __NR_getrandom: u32 = 278;
             unsafe {
                 core::arch::asm!(
@@ -104,8 +111,10 @@ unsafe fn getrandom_syscall(buf: *mut u8, buflen: usize, flags: u32) -> isize {
                     options(nostack, preserves_flags)
                 );
             }
-        } else if #[cfg(target_arch = "x86_64")] {
-            // TODO(MSRV-1.78): Add `any(target_abi = "", target_abi = "x32")` above.
+        } else if #[cfg(all(
+            target_arch = "x86_64",
+            any(target_abi = "", target_abi = "x32"),
+        ))] {
             const __X32_SYSCALL_BIT: u32 = 0x40000000;
             const OFFSET: u32 = if cfg!(target_pointer_width = "32") { __X32_SYSCALL_BIT } else { 0 };
             const __NR_getrandom: u32 = OFFSET + 318;

src/backends/rdrand.rs

@@ -51,7 +51,7 @@ compile_error!(
 #[target_feature(enable = "rdrand")]
 unsafe fn self_test() -> bool {
     // On AMD, RDRAND returns 0xFF...FF on failure, count it as a collision.
-    let mut prev = !0; // TODO(MSRV 1.43): Move to usize::MAX
+    let mut prev = Word::MAX;
     let mut fails = 0;
     for _ in 0..8 {
         match unsafe { rdrand() } {

src/backends/sanitizer.rs

@@ -20,7 +20,6 @@ pub unsafe fn unpoison(buf: &mut [MaybeUninit<u8>]) {
             }
             let a = buf.as_mut_ptr().cast();
             let size = buf.len();
-            #[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
             unsafe {
                 __msan_unpoison(a, size);
             }
@@ -50,10 +49,7 @@ pub unsafe fn unpoison(buf: &mut [MaybeUninit<u8>]) {
 pub unsafe fn unpoison_linux_getrandom_result(buf: &mut [MaybeUninit<u8>], ret: isize) {
     if let Ok(bytes_written) = usize::try_from(ret) {
         if let Some(written) = buf.get_mut(..bytes_written) {
-            #[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
-            unsafe {
-                unpoison(written)
-            }
+            unsafe { unpoison(written) }
         }
     }
 }

src/backends/use_file.rs

@@ -1,7 +1,7 @@
 //! Implementations that just need to read from a file
 use crate::Error;
 use core::{
-    ffi::c_void,
+    ffi::{CStr, c_void},
     mem::MaybeUninit,
     sync::atomic::{AtomicI32, Ordering},
 };
@@ -18,7 +18,7 @@ pub(super) mod util_libc;
 ///   - On Redox, only /dev/urandom is provided.
 ///   - On AIX, /dev/urandom will "provide cryptographically secure output".
 ///   - On Haiku and QNX Neutrino they are identical.
-const FILE_PATH: &[u8] = b"/dev/urandom\0";
+const FILE_PATH: &CStr = c"/dev/urandom";
 
 // File descriptor is a "nonnegative integer", so we can safely use negative sentinel values.
 const FD_UNINIT: libc::c_int = -1;
@@ -52,20 +52,9 @@ pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
 }
 
 /// Open a file in read-only mode.
-///
-/// # Panics
-/// If `path` does not contain any zeros.
-// TODO: Move `path` to `CStr` and use `CStr::from_bytes_until_nul` (MSRV 1.69)
-// or C-string literals (MSRV 1.77) for statics
-fn open_readonly(path: &[u8]) -> Result<libc::c_int, Error> {
-    assert!(path.contains(&0));
+fn open_readonly(path: &CStr) -> Result<libc::c_int, Error> {
     loop {
-        let fd = unsafe {
-            libc::open(
-                path.as_ptr().cast::<libc::c_char>(),
-                libc::O_RDONLY | libc::O_CLOEXEC,
-            )
-        };
+        let fd = unsafe { libc::open(path.as_ptr(), libc::O_RDONLY | libc::O_CLOEXEC) };
         if fd >= 0 {
             return Ok(fd);
         }
@@ -205,7 +194,7 @@ mod sync {
     //
     // libsodium uses `libc::poll` similarly to this.
     pub(super) fn wait_until_rng_ready() -> Result<(), Error> {
-        let fd = open_readonly(b"/dev/random\0")?;
+        let fd = open_readonly(c"/dev/random")?;
         let mut pfd = libc::pollfd {
             fd,
             events: libc::POLLIN,

src/backends/windows.rs

@@ -26,9 +26,7 @@ use core::mem::MaybeUninit;
 pub use crate::util::{inner_u32, inner_u64};
 
 // Binding to the Windows.Win32.Security.Cryptography.ProcessPrng API. As
-// bcryptprimitives.dll lacks an import library, we use "raw-dylib". This
-// was added in Rust 1.65 for x86_64/aarch64 and in Rust 1.71 for x86.
-// We don't need MSRV 1.71, as we only use this backend on Rust 1.78 and later.
+// bcryptprimitives.dll lacks an import library, we use "raw-dylib".
 #[cfg_attr(
     target_arch = "x86",
     link(
@@ -44,8 +42,8 @@ pub use crate::util::{inner_u32, inner_u64};
 unsafe extern "system" {
     fn ProcessPrng(pbdata: *mut u8, cbdata: usize) -> BOOL;
 }
-#[allow(clippy::upper_case_acronyms, clippy::incompatible_msrv)]
-type BOOL = core::ffi::c_int; // MSRV 1.64, similarly OK for this backend.
+#[expect(clippy::upper_case_acronyms)]
+type BOOL = core::ffi::c_int;
 const TRUE: BOOL = 1;
 
 #[inline]

src/util.rs

@@ -6,9 +6,8 @@ use core::{mem::MaybeUninit, ptr, slice};
 /// `MaybeUninit::slice_assume_init_mut`. Every element of `slice` must have
 /// been initialized.
 #[inline(always)]
-#[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
 pub unsafe fn slice_assume_init_mut<T>(slice: &mut [MaybeUninit<T>]) -> &mut [T] {
-    let ptr = ptr_from_mut::<[MaybeUninit<T>]>(slice) as *mut [T];
+    let ptr = ptr::from_mut(slice) as *mut [T];
     // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
     unsafe { &mut *ptr }
 }
@@ -21,7 +20,7 @@ pub fn uninit_slice_fill_zero(slice: &mut [MaybeUninit<u8>]) -> &mut [u8] {
 
 #[inline(always)]
 pub fn slice_as_uninit<T>(slice: &[T]) -> &[MaybeUninit<T>] {
-    let ptr = ptr_from_ref::<[T]>(slice) as *const [MaybeUninit<T>];
+    let ptr = ptr::from_ref(slice) as *const [MaybeUninit<T>];
     // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
     unsafe { &*ptr }
 }
@@ -31,23 +30,12 @@ pub fn slice_as_uninit<T>(slice: &[T]) -> &[MaybeUninit<T>] {
 /// This is unsafe because it allows assigning uninitialized values into
 /// `slice`, which would be undefined behavior.
 #[inline(always)]
-#[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
 pub unsafe fn slice_as_uninit_mut<T>(slice: &mut [T]) -> &mut [MaybeUninit<T>] {
-    let ptr = ptr_from_mut::<[T]>(slice) as *mut [MaybeUninit<T>];
+    let ptr = ptr::from_mut(slice) as *mut [MaybeUninit<T>];
     // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
     unsafe { &mut *ptr }
 }
 
-// TODO: MSRV(1.76.0): Replace with `core::ptr::from_mut`.
-fn ptr_from_mut<T: ?Sized>(r: &mut T) -> *mut T {
-    r
-}
-
-// TODO: MSRV(1.76.0): Replace with `core::ptr::from_ref`.
-fn ptr_from_ref<T: ?Sized>(r: &T) -> *const T {
-    r
-}
-
 /// Default implementation of `inner_u32` on top of `fill_uninit`
 #[inline]
 pub fn inner_u32() -> Result<u32, Error> {

tests/mod.rs

@@ -40,12 +40,6 @@ fn num_diff_bits<T: DiffBits>(s1: &[T], s2: &[T]) -> usize {
     s1.iter().zip(s2.iter()).map(T::diff_bits).sum()
 }
 
-// TODO: use `[const { MaybeUninit::uninit() }; N]` after MSRV is bumped to 1.79+
-// or `MaybeUninit::uninit_array`
-fn uninit_vec(n: usize) -> Vec<MaybeUninit<u8>> {
-    vec![MaybeUninit::uninit(); n]
-}
-
 // Tests the quality of calling getrandom on two large buffers
 #[test]
 fn test_diff() {
@@ -55,8 +49,8 @@ fn test_diff() {
     fill(&mut v1).unwrap();
     fill(&mut v2).unwrap();
 
-    let mut t1 = uninit_vec(N);
-    let mut t2 = uninit_vec(N);
+    let mut t1 = [MaybeUninit::uninit(); N];
+    let mut t2 = [MaybeUninit::uninit(); N];
     let r1 = fill_uninit(&mut t1).unwrap();
     let r2 = fill_uninit(&mut t2).unwrap();
     assert_eq!(r1.len(), N);
@@ -148,8 +142,8 @@ fn test_small_uninit() {
         let mut num_bytes = 0;
         let mut diff_bits = 0;
         while num_bytes < 256 {
-            let mut buf1 = uninit_vec(N);
-            let mut buf2 = uninit_vec(N);
+            let mut buf1 = [MaybeUninit::uninit(); N];
+            let mut buf2 = [MaybeUninit::uninit(); N];
 
             let s1 = &mut buf1[..size];
             let s2 = &mut buf2[..size];
@@ -176,7 +170,7 @@ fn test_huge() {
 #[test]
 fn test_huge_uninit() {
     const N: usize = 100_000;
-    let mut huge = uninit_vec(N);
+    let mut huge = [MaybeUninit::uninit(); N];
     let res = fill_uninit(&mut huge).unwrap();
     assert_eq!(res.len(), N);
 }