Remove implicit bounds checking from rcc module

author: David Flemström <[email protected]> 2024-06-28 21:10:41 +0200
committer: David Flemström <[email protected]> 2024-06-28 22:52:10 +0200
commit: 73d937dc332d14c9e6e9bcf3871b99033399f924 (patch)
tree: 092cfed78844dcce71daf59b3b0e91cf64c0ae6c
parent: cbc67469d3faa65c4839657609b8e804bcfd75fd (diff)
1 files changed, 20 insertions, 10 deletions
diff --git a/embassy-stm32/src/rcc/mod.rs b/embassy-stm32/src/rcc/mod.rs
index 0bf344c40..c29d31fd9 100644
--- a/embassy-stm32/src/rcc/mod.rs
+++ b/embassy-stm32/src/rcc/mod.rs
@@ -138,11 +138,17 @@ impl RccInfo {
    pub(crate) fn enable_and_reset_with_cs(&self, _cs: CriticalSection) {
        if self.refcount_idx_or_0xff != 0xff {
            let refcount_idx = self.refcount_idx_or_0xff as usize;
-            unsafe {
-                crate::_generated::REFCOUNTS[refcount_idx] += 1;
+            // Use .get_mut instead of []-operator so that we control how bounds checks happen.
-            }
+            // Otherwise, core::fmt will be pulled in here in order to format the integer in the
-            if unsafe { crate::_generated::REFCOUNTS[refcount_idx] } > 1 {
+            // out-of-bounds error.
-                return;
+            if let Some(refcount) = unsafe { crate::_generated::REFCOUNTS }.get_mut(refcount_idx) {
+                *refcount += 1;
+                if *refcount > 1 {
+                    return;
+                }
+            } else {
+                panic!("refcount_idx out of bounds: {}", refcount_idx)
            }
        }
@@ -196,11 +202,15 @@ impl RccInfo {
    pub(crate) fn disable_with_cs(&self, _cs: CriticalSection) {
        if self.refcount_idx_or_0xff != 0xff {
            let refcount_idx = self.refcount_idx_or_0xff as usize;
-            unsafe {
-                crate::_generated::REFCOUNTS[refcount_idx] -= 1;
+            // Use .get_mut instead of []-operator so that we control how bounds checks happen.
-            }
+            // Otherwise, core::fmt will be pulled in here in order to format the integer in the
-            if unsafe { crate::_generated::REFCOUNTS[refcount_idx] } > 0 {
+            // out-of-bounds error.
-                return;
+            if let Some(refcount) = unsafe { crate::_generated::REFCOUNTS }.get_mut(refcount_idx) {
+                *refcount -= 1;
+                if *refcount > 0 {
+                    return;
+                }
            }
        }
author	David Flemström <[email protected]>	2024-06-28 21:10:41 +0200
committer	David Flemström <[email protected]>	2024-06-28 22:52:10 +0200
commit	73d937dc332d14c9e6e9bcf3871b99033399f924 (patch)
tree	092cfed78844dcce71daf59b3b0e91cf64c0ae6c
parent	cbc67469d3faa65c4839657609b8e804bcfd75fd (diff)

diff --git a/embassy-stm32/src/rcc/mod.rs b/embassy-stm32/src/rcc/mod.rs index 0bf344c40..c29d31fd9 100644 --- a/embassy-stm32/src/rcc/mod.rs +++ b/embassy-stm32/src/rcc/mod.rs
@@ -138,11 +138,17 @@ impl RccInfo {
138	pub(crate) fn enable_and_reset_with_cs(&self, _cs: CriticalSection) {	138	pub(crate) fn enable_and_reset_with_cs(&self, _cs: CriticalSection) {
139	if self.refcount_idx_or_0xff != 0xff {	139	if self.refcount_idx_or_0xff != 0xff {
140	let refcount_idx = self.refcount_idx_or_0xff as usize;	140	let refcount_idx = self.refcount_idx_or_0xff as usize;
141	unsafe {	141
142	crate::_generated::REFCOUNTS[refcount_idx] += 1;	142	// Use .get_mut instead of []-operator so that we control how bounds checks happen.
143	}	143	// Otherwise, core::fmt will be pulled in here in order to format the integer in the
144	if unsafe { crate::_generated::REFCOUNTS[refcount_idx] } > 1 {	144	// out-of-bounds error.
145	return;	145	if let Some(refcount) = unsafe { crate::_generated::REFCOUNTS }.get_mut(refcount_idx) {
		146	*refcount += 1;
		147	if *refcount > 1 {
		148	return;
		149	}
		150	} else {
		151	panic!("refcount_idx out of bounds: {}", refcount_idx)
146	}	152	}
147	}	153	}
148		154
@@ -196,11 +202,15 @@ impl RccInfo {
196	pub(crate) fn disable_with_cs(&self, _cs: CriticalSection) {	202	pub(crate) fn disable_with_cs(&self, _cs: CriticalSection) {
197	if self.refcount_idx_or_0xff != 0xff {	203	if self.refcount_idx_or_0xff != 0xff {
198	let refcount_idx = self.refcount_idx_or_0xff as usize;	204	let refcount_idx = self.refcount_idx_or_0xff as usize;
199	unsafe {	205
200	crate::_generated::REFCOUNTS[refcount_idx] -= 1;	206	// Use .get_mut instead of []-operator so that we control how bounds checks happen.
201	}	207	// Otherwise, core::fmt will be pulled in here in order to format the integer in the
202	if unsafe { crate::_generated::REFCOUNTS[refcount_idx] } > 0 {	208	// out-of-bounds error.
203	return;	209	if let Some(refcount) = unsafe { crate::_generated::REFCOUNTS }.get_mut(refcount_idx) {
		210	*refcount -= 1;
		211	if *refcount > 0 {
		212	return;
		213	}
204	}	214	}
205	}	215	}
206		216