remove several uses of unsafe (#8600)

This PR removes several uses of `unsafe`. I generally limited myself to low hanging fruit that I could see. There are still a few remaining uses of `unsafe` that looked a bit more difficult to remove (if possible at all). But this gets rid of a good chunk of them. I put each `unsafe` removal into its own commit with a justification for why I did it. So I would encourage reviewing this PR commit-by-commit. That way, we can legislate them independently. It's no problem to drop a commit if we feel the `unsafe` should stay in that case.
2025-10-01 06:11:43 +00:00 · 2023-11-28 09:50:03 -05:00 · 2023-11-28 09:50:03 -05:00 · f585e3e2dc
commit f585e3e2dc
parent 578ddf1bb1
10 changed files with 69 additions and 83 deletions
--- a/crates/ruff_formatter/src/arguments.rs
+++ b/crates/ruff_formatter/src/arguments.rs
@ -1,23 +1,9 @@
 use super::{Buffer, Format, Formatter};
 use crate::FormatResult;
-use std::ffi::c_void;
-use std::marker::PhantomData;

-/// Mono-morphed type to format an object. Used by the [`crate::format`!], [`crate::format_args`!], and
-/// [`crate::write`!] macros.
-///
-/// This struct is similar to a dynamic dispatch (using `dyn Format`) because it stores a pointer to the value.
-/// However, it doesn't store the pointer to `dyn Format`'s vtable, instead it statically resolves the function
-/// pointer of `Format::format` and stores it in `formatter`.
+/// A convenience wrapper for representing a formattable argument.
 pub struct Argument<'fmt, Context> {
-    /// The value to format stored as a raw pointer where `lifetime` stores the value's lifetime.
-    value: *const c_void,
-
-    /// Stores the lifetime of the value. To get the most out of our dear borrow checker.
-    lifetime: PhantomData<&'fmt ()>,
-
-    /// The function pointer to `value`'s `Format::format` method
-    formatter: fn(*const c_void, &mut Formatter<'_, Context>) -> FormatResult<()>,
+    value: &'fmt dyn Format<Context>,
 }

 impl<Context> Clone for Argument<'_, Context> {
@ -28,32 +14,19 @@ impl<Context> Clone for Argument<'_, Context> {
 impl<Context> Copy for Argument<'_, Context> {}

 impl<'fmt, Context> Argument<'fmt, Context> {
-    /// Called by the [ruff_formatter::format_args] macro. Creates a mono-morphed value for formatting
-    /// an object.
+    /// Called by the [ruff_formatter::format_args] macro.
    #[doc(hidden)]
    #[inline]
    pub fn new<F: Format<Context>>(value: &'fmt F) -> Self {
-        #[inline]
-        fn formatter<F: Format<Context>, Context>(
-            ptr: *const c_void,
-            fmt: &mut Formatter<Context>,
-        ) -> FormatResult<()> {
-            // SAFETY: Safe because the 'fmt lifetime is captured by the 'lifetime' field.
-            #[allow(unsafe_code)]
-            F::fmt(unsafe { &*ptr.cast::<F>() }, fmt)
-        }
-
-        Self {
-            value: (value as *const F).cast::<std::ffi::c_void>(),
-            lifetime: PhantomData,
-            formatter: formatter::<F, Context>,
-        }
+        Self { value }
    }

    /// Formats the value stored by this argument using the given formatter.
    #[inline]
+    // Seems to only be triggered on wasm32 and looks like a false positive?
+    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub(super) fn format(&self, f: &mut Formatter<Context>) -> FormatResult<()> {
-        (self.formatter)(self.value, f)
+        self.value.fmt(f)
    }
 }