Remove unsafe ptr deref and use as_ref (#2959)

joseph-isaacs · web-flow · commit 1228604487f0 · 2025-04-09T17:25:16.000+01:00
diff --git a/vortex-ffi/src/array.rs b/vortex-ffi/src/array.rs
@@ -22,7 +22,7 @@ pub struct FFIArray {
 /// Get the length of the array.
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn FFIArray_len(ffi_array: *const FFIArray) -> u64 {
-    let array = &*ffi_array;
+    let array = ffi_array.as_ref().vortex_expect("array null");
 
     array.inner.len() as u64
 }
@@ -33,7 +33,7 @@ pub unsafe extern "C" fn FFIArray_len(ffi_array: *const FFIArray) -> u64 {
 /// for ensuring that it is never dereferenced after the array has been freed.
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn FFIArray_dtype(ffi_array: *const FFIArray) -> *const DType {
-    let array = &*ffi_array;
+    let array = ffi_array.as_ref().vortex_expect("array null");
 
     array.inner.dtype()
 }
@@ -43,7 +43,7 @@ pub unsafe extern "C" fn FFIArray_get_field(
     ffi_array: *const FFIArray,
     index: u32,
 ) -> *const FFIArray {
-    let array = &*ffi_array;
+    let array = ffi_array.as_ref().vortex_expect("array null");
 
     let field_array = array
         .inner
@@ -75,15 +75,15 @@ pub unsafe extern "C" fn FFIArray_slice(
     start: u32,
     stop: u32,
 ) -> *mut FFIArray {
-    let array = &*array;
+    let array = array.as_ref().vortex_expect("array null");
     let sliced = slice(array.inner.as_ref(), start as usize, stop as usize)
         .vortex_expect("FFIArray_slice: slice");
     Box::into_raw(Box::new(FFIArray { inner: sliced }))
 }
 
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn FFIArray_is_null(array: *const FFIArray, index: u32) -> bool {
-    let array = &*array;
+    let array = array.as_ref().vortex_expect("array null");
     array
         .inner
         .is_invalid(index as usize)
@@ -92,7 +92,7 @@ pub unsafe extern "C" fn FFIArray_is_null(array: *const FFIArray, index: u32) ->
 
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn FFIArray_null_count(array: *const FFIArray) -> u32 {
-    let array = &*array;
+    let array = array.as_ref().vortex_expect("array null");
     array
         .inner
         .as_ref()
@@ -107,7 +107,7 @@ macro_rules! ffiarray_get_ptype {
         paste::paste! {
             #[unsafe(no_mangle)]
             pub unsafe extern "C" fn [<FFIArray_get_ $ptype>](array: *const FFIArray, index: u32) -> $ptype {
-                let array = &*array;
+                let array = array.as_ref().vortex_expect("array null");
                 let value = scalar_at(array.inner.as_ref(), index as usize).vortex_expect("scalar_at");
                 value.as_primitive()
                     .as_::<$ptype>()
@@ -117,7 +117,7 @@ macro_rules! ffiarray_get_ptype {
 
             #[unsafe(no_mangle)]
             pub unsafe extern "C" fn [<FFIArray_get_storage_ $ptype>](array: *const FFIArray, index: u32) -> $ptype {
-                let array = &*array;
+                let array = array.as_ref().vortex_expect("array null");
                 let value = scalar_at(array.inner.as_ref(), index as usize).vortex_expect("scalar_at");
                 value.as_extension()
                     .storage()
@@ -151,7 +151,7 @@ pub unsafe extern "C" fn FFIArray_get_utf8(
     dst: *mut c_void,
     len: *mut c_int,
 ) {
-    let array = &*array;
+    let array = array.as_ref().vortex_expect("array null");
     let value = scalar_at(array.inner.as_ref(), index as usize).vortex_expect("scalar_at");
     let utf8_scalar = value.as_utf8();
     if let Some(buffer) = utf8_scalar.value() {
@@ -171,7 +171,7 @@ pub unsafe extern "C" fn FFIArray_get_binary(
     dst: *mut c_void,
     len: *mut c_int,
 ) {
-    let array = &*array;
+    let array = array.as_ref().vortex_expect("array null");
     let value = scalar_at(array.inner.as_ref(), index as usize).vortex_expect("scalar_at");
     let utf8_scalar = value.as_binary();
     if let Some(bytes) = utf8_scalar.value() {
diff --git a/vortex-ffi/src/dtype.rs b/vortex-ffi/src/dtype.rs
@@ -90,7 +90,7 @@ pub unsafe extern "C" fn DType_free(dtype: *mut DType) {
 /// Get the dtype variant tag for an [`DType`].
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn DType_get(dtype: *const DType) -> u8 {
-    match &*dtype {
+    match dtype.as_ref().vortex_expect("null dtype") {
         DType::Null => DTYPE_NULL,
         DType::Bool(_) => DTYPE_BOOL,
         DType::Primitive(ptype, _) => match ptype {
@@ -116,14 +116,15 @@ pub unsafe extern "C" fn DType_get(dtype: *const DType) -> u8 {
 
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn DType_nullable(dtype: *const DType) -> bool {
-    let dtype = &*dtype;
+    let dtype = unsafe { dtype.as_ref() }.vortex_expect("dtype null");
     dtype.is_nullable()
 }
 
 /// For `DTYPE_STRUCT` variant DTypes, get the number of fields.
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn DType_field_count(dtype: *const DType) -> u32 {
-    let DType::Struct(struct_dtype, _) = &*dtype else {
+    let DType::Struct(struct_dtype, _) = unsafe { dtype.as_ref() }.vortex_expect("dtype null")
+    else {
         panic!("FFIDType_field_count: not a struct dtype")
     };
 
@@ -143,7 +144,8 @@ pub unsafe extern "C" fn DType_field_name(
     assert!(!dst.is_null(), "DType_field_name: null ptr dst");
     assert!(!len.is_null(), "DType_field_name: null ptr len");
 
-    let DType::Struct(struct_dtype, _) = &*dtype else {
+    let dtype = unsafe { dtype.as_ref() }.vortex_expect("dtype null");
+    let DType::Struct(struct_dtype, _) = dtype else {
         panic!("FFIDType_field_name: not a struct dtype")
     };
 
@@ -162,7 +164,8 @@ pub unsafe extern "C" fn DType_field_name(
 /// by the caller.
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn DType_field_dtype(dtype: *const DType, index: u32) -> *mut DType {
-    let DType::Struct(struct_dtype, _) = &*dtype else {
+    let dtype = unsafe { dtype.as_ref() }.vortex_expect("dtype null");
+    let DType::Struct(struct_dtype, _) = dtype else {
         panic!("DType_field_dtype: not a struct dtype")
     };
 
@@ -184,7 +187,8 @@ pub unsafe extern "C" fn DType_field_dtype(dtype: *const DType, index: u32) -> *
 pub unsafe extern "C" fn DType_element_type(dtype: *const DType) -> *const DType {
     assert!(!dtype.is_null(), "DType_element_type: null ptr");
 
-    let DType::List(element_dtype, _) = &*dtype else {
+    let dtype = unsafe { dtype.as_ref() }.vortex_expect("dtype null");
+    let DType::List(element_dtype, _) = dtype else {
         panic!("DType_element_type: not a list dtype")
     };
 
@@ -193,31 +197,39 @@ pub unsafe extern "C" fn DType_element_type(dtype: *const DType) -> *const DType
 
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn DType_is_time(dtype: *const DType) -> bool {
-    match &*dtype {
+    let dtype = unsafe { dtype.as_ref() }.vortex_expect("dtype null");
+
+    match dtype {
         DType::Extension(ext_dtype) => ext_dtype.id() == &*TIME_ID,
         _ => false,
     }
 }
 
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn DType_is_date(dtype: *const DType) -> bool {
-    match &*dtype {
+    let dtype = unsafe { dtype.as_ref() }.vortex_expect("dtype null");
+
+    match dtype {
         DType::Extension(ext_dtype) => ext_dtype.id() == &*DATE_ID,
         _ => false,
     }
 }
 
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn DType_is_timestamp(dtype: *const DType) -> bool {
-    match &*dtype {
+    let dtype = unsafe { dtype.as_ref() }.vortex_expect("dtype null");
+
+    match dtype {
         DType::Extension(ext_dtype) => ext_dtype.id() == &*TIMESTAMP_ID,
         _ => false,
     }
 }
 
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn DType_time_unit(dtype: *const DType) -> u8 {
-    let DType::Extension(ext_dtype) = &*dtype else {
+    let dtype = unsafe { dtype.as_ref() }.vortex_expect("dtype null");
+
+    let DType::Extension(ext_dtype) = dtype else {
         panic!("DType_time_unit: not a time dtype")
     };
 
@@ -229,7 +241,9 @@ pub unsafe extern "C" fn DType_time_unit(dtype: *const DType) -> u8 {
 
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn DType_time_zone(dtype: *const DType, dst: *mut c_void, len: *mut c_int) {
-    let DType::Extension(ext_dtype) = &*dtype else {
+    let dtype = unsafe { dtype.as_ref() }.vortex_expect("dtype null");
+
+    let DType::Extension(ext_dtype) = dtype else {
         panic!("DType_time_unit: not a time dtype")
     };
 
diff --git a/vortex-ffi/src/duckdb/mod.rs b/vortex-ffi/src/duckdb/mod.rs
@@ -23,7 +23,7 @@ use crate::to_string;
 
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn DType_to_duckdb_logical_type(dtype: *mut DType) -> duckdb_logical_type {
-    let dtype = unsafe { &*dtype };
+    let dtype = unsafe { dtype.as_ref().vortex_expect("null dtype") };
 
     dtype
         .to_duckdb_type()
@@ -43,7 +43,10 @@ pub unsafe extern "C" fn FFIArray_to_duckdb_chunk(
     cache: *mut FFIConversionCache,
 ) -> c_uint {
     let offset = offset as usize;
-    let array = unsafe { &(*stream).inner };
+
+    let array = &unsafe { stream.as_ref() }
+        .vortex_expect("null stream")
+        .inner;
 
     assert!(array.len() > offset, "offset out of bounds");
 
@@ -103,7 +106,7 @@ pub unsafe extern "C" fn FFIArray_append_duckdb_chunk(
     array: *mut FFIArray,
     chunk: duckdb_data_chunk,
 ) -> *mut FFIArray {
-    let array = unsafe { &*array };
+    let array = unsafe { array.as_ref().vortex_expect("null array") };
 
     let struct_type = array
         .inner
diff --git a/vortex-ffi/src/file.rs b/vortex-ffi/src/file.rs
@@ -70,9 +70,7 @@ pub struct FileScanOptions {
 /// Open a file at the given path on the file system.
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn File_open(options: *const FileOpenOptions) -> *mut FFIFile {
-    assert!(!options.is_null(), "File_open: null options");
-
-    let options = &*options;
+    let options = unsafe { options.as_ref().vortex_expect("null options") };
 
     assert!(!options.uri.is_null(), "File_open: null uri");
     let uri = CStr::from_ptr(options.uri).to_string_lossy();
@@ -104,12 +102,12 @@ pub unsafe extern "C" fn File_create_and_write_array(
     options: *const FileCreateOptions,
     ffi_array: *mut FFIArray,
 ) {
-    let options = &*options;
+    let options = unsafe { options.as_ref().vortex_expect("null options") };
 
     assert!(!options.path.is_null(), "File_open: null uri");
     let path = CStr::from_ptr(options.path).to_string_lossy();
 
-    let array = unsafe { &*ffi_array };
+    let array = unsafe { ffi_array.as_ref().vortex_expect("null array") };
 
     RUNTIME.block_on(async move {
         let file = tokio::fs::File::create(path.to_string())
@@ -149,10 +147,7 @@ pub unsafe extern "C" fn FileStatistics_free(stat: *mut FileStatistics) {
 /// dereferenced after the file has been freed.
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn File_dtype(file: *const FFIFile) -> *const DType {
-    assert!(!file.is_null(), "File_dtype: file is null");
-
-    let file = &*file;
-    file.inner.dtype()
+    file.as_ref().vortex_expect("null file").inner.dtype()
 }
 
 /// Build a new `FFIArrayStream` that return a series of `FFIArray`s scan over a `FFIFile`.
diff --git a/vortex-ffi/src/stream.rs b/vortex-ffi/src/stream.rs
@@ -21,8 +21,8 @@ pub struct FFIArrayStreamInner {
 
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn FFIArrayStream_dtype(stream: *const FFIArrayStream) -> *const DType {
-    let stream = &*stream;
-    stream
+    unsafe { stream.as_ref() }
+        .vortex_expect("null stream")
         .inner
         .as_ref()
         .vortex_expect("FFIArrayStream_dtype: called after finish")
@@ -38,7 +38,7 @@ pub unsafe extern "C" fn FFIArrayStream_dtype(stream: *const FFIArrayStream) ->
 /// It is an error to call this function again after the stream is finished.
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn FFIArrayStream_next(stream: *mut FFIArrayStream) -> bool {
-    let stream = &mut *stream;
+    let stream = unsafe { stream.as_mut() }.vortex_expect("stream null");
     let inner = stream
         .inner
         .as_mut()
@@ -66,8 +66,9 @@ pub unsafe extern "C" fn FFIArrayStream_next(stream: *mut FFIArrayStream) -> boo
 /// Predicate function to check if the array stream is finished.
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn FFIArrayStream_finished(stream: *const FFIArrayStream) -> bool {
-    let stream = &*stream;
-    stream.inner.is_none()
+    unsafe { stream.as_ref().vortex_expect("null stream") }
+        .inner
+        .is_none()
 }
 
 /// Get the current array batch from the stream. Returns a unique pointer.
@@ -79,7 +80,7 @@ pub unsafe extern "C" fn FFIArrayStream_finished(stream: *const FFIArrayStream)
 /// This function is unsafe because it dereferences the `stream` pointer.
 #[unsafe(no_mangle)]
 pub unsafe extern "C" fn FFIArrayStream_current(stream: *mut FFIArrayStream) -> *mut FFIArray {
-    let stream = &mut *stream;
+    let stream = unsafe { stream.as_mut().vortex_expect("null stream") };
 
     let current = stream
         .current
