Fix clippy warnings etc. (#393)

* Fix various unsafe declarations

As reported by clippy. These are all cases where a pointer argument is
dereferenced by a declared safe function. The functions are changed to be unsafe
functions. Though some of these functions are declared pub, they all seem to be
related to internal binding matters and appear to be written correctly, just
declared incorrectly, so there shouldn't be any external impact for callers
that aren't using the crocksdb API directly.

Signed-off-by: Brian Anderson <[email protected]>

* Fix some clippy style lints

Signed-off-by: Brian Anderson <[email protected]>

* Fix mutability of crocksdb_load_latest_options errptr

This value can be mutated on the C side. Caught by clippy.

Signed-off-by: Brian Anderson <[email protected]>

* Cleanup some unit-return functions

Signed-off-by: Brian Anderson <[email protected]>

* Disable a clippy lint

Signed-off-by: Brian Anderson <[email protected]>

* make a transmute more typesafe

Signed-off-by: Brian Anderson <[email protected]>

* Elide a lifetime

Signed-off-by: Brian Anderson <[email protected]>

* Remove unnecessary unsafe blocks

Signed-off-by: Brian Anderson <[email protected]>

* Use repr(C) structs of c_void for opaque types.

These represent opaque RocksDB types. They are used behind pointers, but are
also wrapped in other types in the higher-level bindings.

These use the strategy for opaque C types described in the nomicon [1]:
but with the exception that they contain c_void instead of [u8; 0], thus
making them uninstantiable sized types instead of ZSTs.

The c_void documentation publicly recommends using the ZST pattern from the
nomicon, but in private documentation [2] warns about UB from dereferencing
pointers to uninhabited types, which these bindings do.

Additionally, these bindings wrap some these types directly (not through
pointers) and it's impossible to repr(transparent) a ZST, without which the
unsafe casts within are dubious.

[1]: https://doc.rust-lang.org/nomicon/ffi.html#representing-opaque-structs
[2]: https://doc.rust-lang.org/nightly/src/core/ffi.rs.html#28

Signed-off-by: Brian Anderson <[email protected]>

* Apply repr(transparent) to various unsafe-cast wrappers

These are wrappers of opaque FFI types, and pointers are being unsafely cast
between the two. repr(transparent) is probably needed to make this well-defined.

Signed-off-by: Brian Anderson <[email protected]>

* Replace mem::transmute with pointer casts

Slightly more typesafe, and more explicit about what's being cast.

Signed-off-by: Brian Anderson <[email protected]>

* Replace more mem::transmute with casts

Signed-off-by: Brian Anderson <[email protected]>

* Remove a no-op mem::transmute

Signed-off-by: Brian Anderson <[email protected]>

* Remove is_power_of_two

std contains a branchless bitmagic version of this function

Signed-off-by: Brian Anderson <[email protected]>

* Add clippy makefile target

Signed-off-by: Brian Anderson <[email protected]>

* Add clippy to CI

Signed-off-by: Brian Anderson <[email protected]>

* Fix types in memcpy

This code is copying from c_void pointers when it should be copying
from byte pointers.

Fortunately c_void and u8 have the same size, but I don't know if that is
guaranteed.

Signed-off-by: Brian Anderson <[email protected]>

* Update src/rocksdb.rs

Co-Authored-By: kennytm <[email protected]>
Signed-off-by: Brian Anderson <[email protected]>

* Install clippy on travis

Signed-off-by: Brian Anderson <[email protected]>

* Adjust clippy lints for CI toolchain

Signed-off-by: Brian Anderson <[email protected]>

* Make a typesafe cast

Signed-off-by: Brian Anderson <[email protected]>

* rustfmt

Signed-off-by: Brian Anderson <[email protected]>

Author: brson

.travis.yml

@@ -24,8 +24,10 @@ cache: false
 before_script:
   - rustup default nightly-2019-09-05
   - rustup component add rustfmt-preview
+  - rustup component add clippy
 
 script:
+  - make clippy
   - cargo fmt --all -- --check
   - cargo build
   - cargo test --all

Makefile

@@ -14,6 +14,14 @@ clean:
 	@cargo clean
 	@cd librocksdb_sys && cargo clean
 
+# TODO it could be worth fixing some of these lints
+clippy:
+	@cargo clippy --all -- \
+	-D warnings \
+	-A clippy::redundant_field_names -A clippy::single_match \
+	-A clippy::assign_op_pattern -A clippy::new_without_default -A clippy::useless_let_if_seq \
+	-A clippy::needless_return -A clippy::len_zero
+
 update_titan:
 	@if [ -n "${TITAN_REPO}" ]; then \
 		git config --file=.gitmodules submodule.titan.url https://github.com/${TITAN_REPO}/titan.git; \
@@ -32,4 +40,4 @@ update_rocksdb:
 		git config --file=.gitmodules submodule.rocksdb.branch ${ROCKSDB_BRANCH}; \
 	fi
 	@git submodule sync
-	@git submodule update --remote librocksdb_sys/rocksdb
+	@git submodule update --remote librocksdb_sys/rocksdb

librocksdb_sys/src/lib.rs

@@ -22,60 +22,134 @@ use libc::{c_char, c_double, c_int, c_uchar, c_void, size_t};
 use std::ffi::CStr;
 use std::fmt;
 
-pub enum Options {}
-pub enum ColumnFamilyDescriptor {}
-pub enum DBInstance {}
-pub enum DBWriteOptions {}
-pub enum DBReadOptions {}
-pub enum DBMergeOperator {}
-pub enum DBBlockBasedTableOptions {}
-pub enum DBMemoryAllocator {}
-pub enum DBLRUCacheOptions {}
-pub enum DBCache {}
-pub enum DBFilterPolicy {}
-pub enum DBSnapshot {}
-pub enum DBIterator {}
-pub enum DBCFHandle {}
-pub enum DBWriteBatch {}
-pub enum DBComparator {}
-pub enum DBFlushOptions {}
-pub enum DBCompactionFilter {}
-pub enum EnvOptions {}
-pub enum SstFileReader {}
-pub enum SstFileWriter {}
-pub enum ExternalSstFileInfo {}
-pub enum IngestExternalFileOptions {}
-pub enum DBBackupEngine {}
-pub enum DBRestoreOptions {}
-pub enum DBSliceTransform {}
-pub enum DBRateLimiter {}
-pub enum DBLogger {}
-pub enum DBCompactOptions {}
-pub enum DBFifoCompactionOptions {}
-pub enum DBPinnableSlice {}
-pub enum DBUserCollectedProperties {}
-pub enum DBUserCollectedPropertiesIterator {}
-pub enum DBTableProperties {}
-pub enum DBTablePropertiesCollection {}
-pub enum DBTablePropertiesCollectionIterator {}
-pub enum DBTablePropertiesCollector {}
-pub enum DBTablePropertiesCollectorFactory {}
-pub enum DBFlushJobInfo {}
-pub enum DBCompactionJobInfo {}
-pub enum DBIngestionInfo {}
-pub enum DBEventListener {}
-pub enum DBKeyVersions {}
-pub enum DBEnv {}
-pub enum DBSequentialFile {}
-pub enum DBColumnFamilyMetaData {}
-pub enum DBLevelMetaData {}
-pub enum DBSstFileMetaData {}
-pub enum DBCompactionOptions {}
-pub enum DBPerfContext {}
-pub enum DBIOStatsContext {}
-pub enum DBWriteStallInfo {}
-pub enum DBStatusPtr {}
-pub enum DBMapProperty {}
+// FFI-safe opaque types.
+//
+// These represent opaque RocksDB types. They are used behind pointers, but are
+// also wrapped in other types in the higher-level bindings.
+//
+// These use the strategy for opaque C types described in the nomicon [1]:
+// but with the exception that they contain c_void instead of [u8; 0], thus
+// making them uninstantiable sized types instead of ZSTs.
+//
+// The c_void documentation publicly recommends using the ZST pattern from the
+// nomicon, but in private documentation [2] warns about UB from dereferencing
+// pointers to uninhabited types, which these bindings do.
+//
+// Additionally, these bindings wrap some these types directly (not through
+// pointers) and it's impossible to repr(transparent) a ZST, without which the
+// unsafe casts within are dubious.
+//
+// [1]: https://doc.rust-lang.org/nomicon/ffi.html#representing-opaque-structs
+// [2]: https://doc.rust-lang.org/nightly/src/core/ffi.rs.html#28
+
+#[repr(C)]
+pub struct Options(c_void);
+#[repr(C)]
+pub struct ColumnFamilyDescriptor(c_void);
+#[repr(C)]
+pub struct DBInstance(c_void);
+#[repr(C)]
+pub struct DBWriteOptions(c_void);
+#[repr(C)]
+pub struct DBReadOptions(c_void);
+#[repr(C)]
+pub struct DBMergeOperator(c_void);
+#[repr(C)]
+pub struct DBBlockBasedTableOptions(c_void);
+#[repr(C)]
+pub struct DBMemoryAllocator(c_void);
+#[repr(C)]
+pub struct DBLRUCacheOptions(c_void);
+#[repr(C)]
+pub struct DBCache(c_void);
+#[repr(C)]
+pub struct DBFilterPolicy(c_void);
+#[repr(C)]
+pub struct DBSnapshot(c_void);
+#[repr(C)]
+pub struct DBIterator(c_void);
+#[repr(C)]
+pub struct DBCFHandle(c_void);
+#[repr(C)]
+pub struct DBWriteBatch(c_void);
+#[repr(C)]
+pub struct DBComparator(c_void);
+#[repr(C)]
+pub struct DBFlushOptions(c_void);
+#[repr(C)]
+pub struct DBCompactionFilter(c_void);
+#[repr(C)]
+pub struct EnvOptions(c_void);
+#[repr(C)]
+pub struct SstFileReader(c_void);
+#[repr(C)]
+pub struct SstFileWriter(c_void);
+#[repr(C)]
+pub struct ExternalSstFileInfo(c_void);
+#[repr(C)]
+pub struct IngestExternalFileOptions(c_void);
+#[repr(C)]
+pub struct DBBackupEngine(c_void);
+#[repr(C)]
+pub struct DBRestoreOptions(c_void);
+#[repr(C)]
+pub struct DBSliceTransform(c_void);
+#[repr(C)]
+pub struct DBRateLimiter(c_void);
+#[repr(C)]
+pub struct DBLogger(c_void);
+#[repr(C)]
+pub struct DBCompactOptions(c_void);
+#[repr(C)]
+pub struct DBFifoCompactionOptions(c_void);
+#[repr(C)]
+pub struct DBPinnableSlice(c_void);
+#[repr(C)]
+pub struct DBUserCollectedProperties(c_void);
+#[repr(C)]
+pub struct DBUserCollectedPropertiesIterator(c_void);
+#[repr(C)]
+pub struct DBTableProperties(c_void);
+#[repr(C)]
+pub struct DBTablePropertiesCollection(c_void);
+#[repr(C)]
+pub struct DBTablePropertiesCollectionIterator(c_void);
+#[repr(C)]
+pub struct DBTablePropertiesCollector(c_void);
+#[repr(C)]
+pub struct DBTablePropertiesCollectorFactory(c_void);
+#[repr(C)]
+pub struct DBFlushJobInfo(c_void);
+#[repr(C)]
+pub struct DBCompactionJobInfo(c_void);
+#[repr(C)]
+pub struct DBIngestionInfo(c_void);
+#[repr(C)]
+pub struct DBEventListener(c_void);
+#[repr(C)]
+pub struct DBKeyVersions(c_void);
+#[repr(C)]
+pub struct DBEnv(c_void);
+#[repr(C)]
+pub struct DBSequentialFile(c_void);
+#[repr(C)]
+pub struct DBColumnFamilyMetaData(c_void);
+#[repr(C)]
+pub struct DBLevelMetaData(c_void);
+#[repr(C)]
+pub struct DBSstFileMetaData(c_void);
+#[repr(C)]
+pub struct DBCompactionOptions(c_void);
+#[repr(C)]
+pub struct DBPerfContext(c_void);
+#[repr(C)]
+pub struct DBIOStatsContext(c_void);
+#[repr(C)]
+pub struct DBWriteStallInfo(c_void);
+#[repr(C)]
+pub struct DBStatusPtr(c_void);
+#[repr(C)]
+pub struct DBMapProperty(c_void);
 
 #[derive(Copy, Clone, Debug, Eq, PartialEq)]
 #[repr(C)]
@@ -88,8 +162,10 @@ pub enum WriteStallCondition {
 mod generated;
 pub use generated::*;
 
-pub enum DBTitanDBOptions {}
-pub enum DBTitanReadOptions {}
+#[repr(C)]
+pub struct DBTitanDBOptions(c_void);
+#[repr(C)]
+pub struct DBTitanReadOptions(c_void);
 
 #[derive(Clone, Debug, Default)]
 #[repr(C)]
@@ -103,8 +179,8 @@ pub fn new_bloom_filter(bits: c_int) -> *mut DBFilterPolicy {
     unsafe { crocksdb_filterpolicy_create_bloom(bits) }
 }
 
-pub fn new_lru_cache(opt: *mut DBLRUCacheOptions) -> *mut DBCache {
-    unsafe { crocksdb_cache_create_lru(opt) }
+pub unsafe fn new_lru_cache(opt: *mut DBLRUCacheOptions) -> *mut DBCache {
+    crocksdb_cache_create_lru(opt)
 }
 
 #[derive(Copy, Clone, Debug, Eq, PartialEq)]
@@ -302,12 +378,10 @@ pub enum DBBackgroundErrorReason {
     MemTable = 4,
 }
 
-pub fn error_message(ptr: *mut c_char) -> String {
-    let c_str = unsafe { CStr::from_ptr(ptr) };
+pub unsafe fn error_message(ptr: *mut c_char) -> String {
+    let c_str = CStr::from_ptr(ptr);
     let s = format!("{}", c_str.to_string_lossy());
-    unsafe {
-        libc::free(ptr as *mut c_void);
-    }
+    libc::free(ptr as *mut c_void);
     s
 }
 
@@ -634,7 +708,7 @@ extern "C" {
         cf_descs: *const *mut *mut ColumnFamilyDescriptor,
         cf_descs_len: *mut size_t,
         ignore_unknown_options: bool,
-        errptr: *const *mut c_char,
+        errptr: *mut *mut c_char,
     ) -> bool;
     pub fn crocksdb_ratelimiter_create(
         rate_bytes_per_sec: i64,
@@ -863,8 +937,8 @@ extern "C" {
     );
     pub fn crocksdb_mergeoperator_create(
         state: *mut c_void,
-        destroy: extern "C" fn(*mut c_void) -> (),
-        full_merge: extern "C" fn(
+        destroy: unsafe extern "C" fn(*mut c_void) -> (),
+        full_merge: unsafe extern "C" fn(
             arg: *mut c_void,
             key: *const c_char,
             key_len: size_t,
@@ -876,7 +950,7 @@ extern "C" {
             success: *mut u8,
             new_value_length: *mut size_t,
         ) -> *const c_char,
-        partial_merge: extern "C" fn(
+        partial_merge: unsafe extern "C" fn(
             arg: *mut c_void,
             key: *const c_char,
             key_len: size_t,
@@ -887,9 +961,9 @@ extern "C" {
             new_value_length: *mut size_t,
         ) -> *const c_char,
         delete_value: Option<
-            extern "C" fn(*mut c_void, value: *const c_char, value_len: *mut size_t) -> (),
+            unsafe extern "C" fn(*mut c_void, value: *const c_char, value_len: *mut size_t) -> (),
         >,
-        name_fn: extern "C" fn(*mut c_void) -> *const c_char,
+        name_fn: unsafe extern "C" fn(*mut c_void) -> *const c_char,
     ) -> *mut DBMergeOperator;
     pub fn crocksdb_mergeoperator_destroy(mo: *mut DBMergeOperator);
     pub fn crocksdb_options_set_merge_operator(options: *mut Options, mo: *mut DBMergeOperator);
@@ -1005,15 +1079,15 @@ extern "C" {
     pub fn crocksdb_options_set_comparator(options: *mut Options, cb: *mut DBComparator);
     pub fn crocksdb_comparator_create(
         state: *mut c_void,
-        destroy: extern "C" fn(*mut c_void) -> (),
-        compare: extern "C" fn(
+        destroy: unsafe extern "C" fn(*mut c_void) -> (),
+        compare: unsafe extern "C" fn(
             arg: *mut c_void,
             a: *const c_char,
             alen: size_t,
             b: *const c_char,
             blen: size_t,
         ) -> c_int,
-        name_fn: extern "C" fn(*mut c_void) -> *const c_char,
+        name_fn: unsafe extern "C" fn(*mut c_void) -> *const c_char,
     ) -> *mut DBComparator;
     pub fn crocksdb_comparator_destroy(cmp: *mut DBComparator);
 

src/comparator.rs

@@ -15,38 +15,33 @@
 
 use libc::{c_char, c_int, c_void, size_t};
 use std::ffi::CString;
-use std::mem;
 use std::slice;
 
 pub struct ComparatorCallback {
     pub name: CString,
     pub f: fn(&[u8], &[u8]) -> i32,
 }
 
-pub extern "C" fn destructor_callback(raw_cb: *mut c_void) {
+pub unsafe extern "C" fn destructor_callback(raw_cb: *mut c_void) {
     // turn this back into a local variable so rust will reclaim it
-    let _: Box<ComparatorCallback> = unsafe { mem::transmute(raw_cb) };
+    let _ = Box::from_raw(raw_cb as *mut ComparatorCallback);
 }
 
-pub extern "C" fn name_callback(raw_cb: *mut c_void) -> *const c_char {
-    unsafe {
-        let cb: &mut ComparatorCallback = &mut *(raw_cb as *mut ComparatorCallback);
-        let ptr = cb.name.as_ptr();
-        ptr as *const c_char
-    }
+pub unsafe extern "C" fn name_callback(raw_cb: *mut c_void) -> *const c_char {
+    let cb: &mut ComparatorCallback = &mut *(raw_cb as *mut ComparatorCallback);
+    let ptr = cb.name.as_ptr();
+    ptr as *const c_char
 }
 
-pub extern "C" fn compare_callback(
+pub unsafe extern "C" fn compare_callback(
     raw_cb: *mut c_void,
     a_raw: *const c_char,
     a_len: size_t,
     b_raw: *const c_char,
     b_len: size_t,
 ) -> c_int {
-    unsafe {
-        let cb: &mut ComparatorCallback = &mut *(raw_cb as *mut ComparatorCallback);
-        let a: &[u8] = slice::from_raw_parts(a_raw as *const u8, a_len as usize);
-        let b: &[u8] = slice::from_raw_parts(b_raw as *const u8, b_len as usize);
-        (cb.f)(a, b)
-    }
+    let cb: &mut ComparatorCallback = &mut *(raw_cb as *mut ComparatorCallback);
+    let a: &[u8] = slice::from_raw_parts(a_raw as *const u8, a_len as usize);
+    let b: &[u8] = slice::from_raw_parts(b_raw as *const u8, b_len as usize);
+    (cb.f)(a, b)
 }