Removed unsafe from uarte

The constructors themselves are not strictly unsafe. Interactions with DMA can be generally unsafe if a future is dropped, but that's a separate issue. It is important that we use the `unsafe` keyword diligently as it can lead to confusion otherwise.
This commit is contained in:
huntc 2021-12-01 09:14:24 +11:00
parent e36e36dab6
commit 469852c667
4 changed files with 32 additions and 41 deletions

View File

@ -65,8 +65,7 @@ pub struct BufferedUarte<'d, U: UarteInstance, T: TimerInstance> {
impl<'d, U: UarteInstance, T: TimerInstance> Unpin for BufferedUarte<'d, U, T> {} impl<'d, U: UarteInstance, T: TimerInstance> Unpin for BufferedUarte<'d, U, T> {}
impl<'d, U: UarteInstance, T: TimerInstance> BufferedUarte<'d, U, T> { impl<'d, U: UarteInstance, T: TimerInstance> BufferedUarte<'d, U, T> {
/// unsafe: may not leak self or futures pub fn new(
pub unsafe fn new(
state: &'d mut State<'d, U, T>, state: &'d mut State<'d, U, T>,
_uarte: impl Unborrow<Target = U> + 'd, _uarte: impl Unborrow<Target = U> + 'd,
timer: impl Unborrow<Target = T> + 'd, timer: impl Unborrow<Target = T> + 'd,
@ -160,7 +159,8 @@ impl<'d, U: UarteInstance, T: TimerInstance> BufferedUarte<'d, U, T> {
ppi_ch2.enable(); ppi_ch2.enable();
Self { Self {
inner: PeripheralMutex::new_unchecked(irq, &mut state.0, move || StateInner { inner: unsafe {
PeripheralMutex::new_unchecked(irq, &mut state.0, move || StateInner {
phantom: PhantomData, phantom: PhantomData,
timer, timer,
_ppi_ch1: ppi_ch1, _ppi_ch1: ppi_ch1,
@ -173,7 +173,8 @@ impl<'d, U: UarteInstance, T: TimerInstance> BufferedUarte<'d, U, T> {
tx: RingBuffer::new(tx_buffer), tx: RingBuffer::new(tx_buffer),
tx_state: TxState::Idle, tx_state: TxState::Idle,
tx_waker: WakerRegistration::new(), tx_waker: WakerRegistration::new(),
}), })
},
} }
} }

View File

@ -48,14 +48,7 @@ pub struct Uarte<'d, T: Instance> {
impl<'d, T: Instance> Uarte<'d, T> { impl<'d, T: Instance> Uarte<'d, T> {
/// Creates the interface to a UARTE instance. /// Creates the interface to a UARTE instance.
/// Sets the baud rate, parity and assigns the pins to the UARTE peripheral. /// Sets the baud rate, parity and assigns the pins to the UARTE peripheral.
/// pub fn new(
/// # Safety
///
/// The returned API is safe unless you use `mem::forget` (or similar safe mechanisms)
/// on stack allocated buffers which which have been passed to [`send()`](Uarte::send)
/// or [`receive`](Uarte::receive).
#[allow(unused_unsafe)]
pub unsafe fn new(
_uarte: impl Unborrow<Target = T> + 'd, _uarte: impl Unborrow<Target = T> + 'd,
irq: impl Unborrow<Target = T::Interrupt> + 'd, irq: impl Unborrow<Target = T::Interrupt> + 'd,
rxd: impl Unborrow<Target = impl GpioPin> + 'd, rxd: impl Unborrow<Target = impl GpioPin> + 'd,

View File

@ -24,8 +24,7 @@ async fn main(_spawner: Spawner, p: Peripherals) {
let irq = interrupt::take!(UARTE0_UART0); let irq = interrupt::take!(UARTE0_UART0);
let mut state = State::new(); let mut state = State::new();
let u = unsafe { let u = BufferedUarte::new(
BufferedUarte::new(
&mut state, &mut state,
p.UARTE0, p.UARTE0,
p.TIMER0, p.TIMER0,
@ -39,8 +38,7 @@ async fn main(_spawner: Spawner, p: Peripherals) {
config, config,
&mut rx_buffer, &mut rx_buffer,
&mut tx_buffer, &mut tx_buffer,
) );
};
pin_mut!(u); pin_mut!(u);
info!("uarte initialized!"); info!("uarte initialized!");

View File

@ -18,8 +18,7 @@ async fn main(_spawner: Spawner, p: Peripherals) {
config.baudrate = uarte::Baudrate::BAUD115200; config.baudrate = uarte::Baudrate::BAUD115200;
let irq = interrupt::take!(UARTE0_UART0); let irq = interrupt::take!(UARTE0_UART0);
let mut uart = let mut uart = uarte::Uarte::new(p.UARTE0, irq, p.P0_08, p.P0_06, NoPin, NoPin, config);
unsafe { uarte::Uarte::new(p.UARTE0, irq, p.P0_08, p.P0_06, NoPin, NoPin, config) };
info!("uarte initialized!"); info!("uarte initialized!");