Make os/windows and pal/windows default to #![deny(unsafe_op_in_unsafe_fn)]

library/std/src/os/windows/io/raw.rs

@@ -159,10 +159,12 @@ fn stdio_handle(raw: RawHandle) -> RawHandle {
 impl FromRawHandle for fs::File {
  #[inline]
  unsafe fn from_raw_handle(handle: RawHandle) -> fs::File {
- let handle = handle as sys::c::HANDLE;
- fs::File::from_inner(sys::fs::File::from_inner(FromInner::from_inner(
- OwnedHandle::from_raw_handle(handle),
- )))
+ unsafe {
+ let handle = handle as sys::c::HANDLE;
+ fs::File::from_inner(sys::fs::File::from_inner(FromInner::from_inner(
+ OwnedHandle::from_raw_handle(handle),
+ )))
+ }
  }
 }
 
@@ -260,24 +262,30 @@ impl AsRawSocket for net::UdpSocket {
 impl FromRawSocket for net::TcpStream {
  #[inline]
  unsafe fn from_raw_socket(sock: RawSocket) -> net::TcpStream {
- let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock));
- net::TcpStream::from_inner(sys_common::net::TcpStream::from_inner(sock))
+ unsafe {
+ let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock));
+ net::TcpStream::from_inner(sys_common::net::TcpStream::from_inner(sock))
+ }
  }
 }
 #[stable(feature = "from_raw_os", since = "1.1.0")]
 impl FromRawSocket for net::TcpListener {
  #[inline]
  unsafe fn from_raw_socket(sock: RawSocket) -> net::TcpListener {
- let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock));
- net::TcpListener::from_inner(sys_common::net::TcpListener::from_inner(sock))
+ unsafe {
+ let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock));
+ net::TcpListener::from_inner(sys_common::net::TcpListener::from_inner(sock))
+ }
  }
 }
 #[stable(feature = "from_raw_os", since = "1.1.0")]
 impl FromRawSocket for net::UdpSocket {
  #[inline]
  unsafe fn from_raw_socket(sock: RawSocket) -> net::UdpSocket {
- let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock));
- net::UdpSocket::from_inner(sys_common::net::UdpSocket::from_inner(sock))
+ unsafe {
+ let sock = sys::net::Socket::from_inner(OwnedSocket::from_raw_socket(sock));
+ net::UdpSocket::from_inner(sys_common::net::UdpSocket::from_inner(sock))
+ }
  }
 }
 

library/std/src/os/windows/io/socket.rs

@@ -76,7 +76,7 @@ impl BorrowedSocket<'_> {
  #[stable(feature = "io_safety", since = "1.63.0")]
  pub const unsafe fn borrow_raw(socket: RawSocket) -> Self {
  assert!(socket != sys::c::INVALID_SOCKET as RawSocket);
- Self { socket, _phantom: PhantomData }
+ unsafe { Self { socket, _phantom: PhantomData } }
  }
 }
 
@@ -201,8 +201,10 @@ impl IntoRawSocket for OwnedSocket {
 impl FromRawSocket for OwnedSocket {
  #[inline]
  unsafe fn from_raw_socket(socket: RawSocket) -> Self {
- debug_assert_ne!(socket, sys::c::INVALID_SOCKET as RawSocket);
- Self { socket }
+ unsafe {
+ debug_assert_ne!(socket, sys::c::INVALID_SOCKET as RawSocket);
+ Self { socket }
+ }
  }
 }
 

library/std/src/os/windows/mod.rs

@@ -24,6 +24,7 @@
 
 #![stable(feature = "rust1", since = "1.0.0")]
 #![doc(cfg(windows))]
+#![deny(unsafe_op_in_unsafe_fn)]
 
 pub mod ffi;
 pub mod fs;

library/std/src/os/windows/process.rs

@@ -16,7 +16,7 @@ use crate::sys_common::{AsInner, AsInnerMut, FromInner, IntoInner};
 #[stable(feature = "process_extensions", since = "1.2.0")]
 impl FromRawHandle for process::Stdio {
  unsafe fn from_raw_handle(handle: RawHandle) -> process::Stdio {
- let handle = sys::handle::Handle::from_raw_handle(handle as *mut _);
+ let handle = unsafe { sys::handle::Handle::from_raw_handle(handle as *mut _) };
  let io = sys::process::Stdio::Handle(handle);
  process::Stdio::from_inner(io)
  }
@@ -407,7 +407,7 @@ impl CommandExt for process::Command {
  attribute: usize,
  value: T,
  ) -> &mut process::Command {
- self.as_inner_mut().raw_attribute(attribute, value);
+ unsafe { self.as_inner_mut().raw_attribute(attribute, value) };
  self
  }
 }

library/std/src/sys/pal/windows/api.rs

@@ -227,8 +227,10 @@ pub fn set_file_information_by_handle<T: SetFileInformation>(
  info: *const c_void,
  size: u32,
  ) -> Result<(), WinError> {
- let result = c::SetFileInformationByHandle(handle, class, info, size);
- (result != 0).then_some(()).ok_or_else(get_last_error)
+ unsafe {
+ let result = c::SetFileInformationByHandle(handle, class, info, size);
+ (result != 0).then_some(()).ok_or_else(get_last_error)
+ }
  }
  // SAFETY: The `SetFileInformation` trait ensures that this is safe.
  unsafe { set_info(handle, T::CLASS, info.as_ptr(), info.size()) }

library/std/src/sys/pal/windows/c.rs

@@ -4,6 +4,7 @@
 #![cfg_attr(test, allow(dead_code))]
 #![unstable(issue = "none", feature = "windows_c")]
 #![allow(clippy::style)]
+#![allow(unsafe_op_in_unsafe_fn)]
 
 use crate::ffi::CStr;
 use crate::mem;

library/std/src/sys/pal/windows/compat.rs

@@ -112,8 +112,10 @@ impl Module {
  /// (e.g. kernel32 and ntdll).
  pub unsafe fn new(name: &CStr) -> Option<Self> {
  // SAFETY: A CStr is always null terminated.
- let module = c::GetModuleHandleA(name.as_ptr().cast::<u8>());
- NonNull::new(module).map(Self)
+ unsafe {
+ let module = c::GetModuleHandleA(name.as_ptr().cast::<u8>());
+ NonNull::new(module).map(Self)
+ }
  }
 
  // Try to get the address of a function.

library/std/src/sys/pal/windows/fs.rs

@@ -1,3 +1,4 @@
+#![allow(unsafe_op_in_unsafe_fn)]
 use core::ptr::addr_of;
 
 use crate::os::windows::prelude::*;

library/std/src/sys/pal/windows/handle.rs

@@ -1,4 +1,5 @@
 #![unstable(issue = "none", feature = "windows_handle")]
+#![allow(unsafe_op_in_unsafe_fn)]
 
 #[cfg(test)]
 mod tests;

library/std/src/sys/pal/windows/io.rs

@@ -1,3 +1,4 @@
+#![allow(unsafe_op_in_unsafe_fn)]
 use crate::marker::PhantomData;
 use crate::mem::size_of;
 use crate::os::windows::io::{AsHandle, AsRawHandle, BorrowedHandle};

library/std/src/sys/pal/windows/mod.rs

@@ -1,4 +1,5 @@
 #![allow(missing_docs, nonstandard_style)]
+#![deny(unsafe_op_in_unsafe_fn)]
 
 use crate::ffi::{OsStr, OsString};
 use crate::io::ErrorKind;
@@ -54,11 +55,13 @@ impl<T> IoResult<T> for Result<T, api::WinError> {
 // SAFETY: must be called only once during runtime initialization.
 // NOTE: this is not guaranteed to run, for example when Rust code is called externally.
 pub unsafe fn init(_argc: isize, _argv: *const *const u8, _sigpipe: u8) {
- stack_overflow::init();
+ unsafe {
+ stack_overflow::init();
 
- // Normally, `thread::spawn` will call `Thread::set_name` but since this thread already
- // exists, we have to call it ourselves.
- thread::Thread::set_name_wide(wide_str!("main"));
+ // Normally, `thread::spawn` will call `Thread::set_name` but since this thread already
+ // exists, we have to call it ourselves.
+ thread::Thread::set_name_wide(wide_str!("main"));
+ }
 }
 
 // SAFETY: must be called only once during runtime cleanup.

library/std/src/sys/pal/windows/net.rs

@@ -436,7 +436,7 @@ impl Socket {
  pub unsafe fn from_raw(raw: c::SOCKET) -> Self {
  debug_assert_eq!(mem::size_of::<c::SOCKET>(), mem::size_of::<RawSocket>());
  debug_assert_eq!(mem::align_of::<c::SOCKET>(), mem::align_of::<RawSocket>());
- Self::from_raw_socket(raw as RawSocket)
+ unsafe { Self::from_raw_socket(raw as RawSocket) }
  }
 }
 
@@ -486,6 +486,6 @@ impl IntoRawSocket for Socket {
 
 impl FromRawSocket for Socket {
  unsafe fn from_raw_socket(raw_socket: RawSocket) -> Self {
- Self(FromRawSocket::from_raw_socket(raw_socket))
+ unsafe { Self(FromRawSocket::from_raw_socket(raw_socket)) }
  }
 }

library/std/src/sys/pal/windows/os.rs

@@ -1,6 +1,7 @@
 //! Implementation of `std::os` functionality for Windows.
 
 #![allow(nonstandard_style)]
+#![allow(unsafe_op_in_unsafe_fn)]
 
 #[cfg(test)]
 mod tests;

library/std/src/sys/pal/windows/pipe.rs

@@ -1,3 +1,4 @@
+#![allow(unsafe_op_in_unsafe_fn)]
 use crate::os::windows::prelude::*;
 
 use crate::ffi::OsStr;

library/std/src/sys/pal/windows/stack_overflow.rs

@@ -1,4 +1,5 @@
 #![cfg_attr(test, allow(dead_code))]
+#![allow(unsafe_op_in_unsafe_fn)]
 
 use crate::sys::c;
 use crate::thread;

library/std/src/sys/pal/windows/thread.rs

@@ -1,3 +1,4 @@
+#![allow(unsafe_op_in_unsafe_fn)]
 use crate::ffi::CStr;
 use crate::io;
 use crate::num::NonZero;