From a52965dc5d3d0c706310998d3eda8bc15cd45b02 Mon Sep 17 00:00:00 2001
From: Brezak <bezak.adamko@gmail.com>
Date: Tue, 22 Jul 2025 20:56:46 +0200
Subject: embassy-executor: unsafe tasks as unsafe

---
 embassy-executor/CHANGELOG.md                      |  1 +
 embassy-executor/tests/ui.rs                       |  1 +
 embassy-executor/tests/ui/task_safety_attribute.rs | 25 ++++++++++++++++++++++
 3 files changed, 27 insertions(+)
 create mode 100644 embassy-executor/tests/ui/task_safety_attribute.rs

(limited to 'embassy-executor')

diff --git a/embassy-executor/CHANGELOG.md b/embassy-executor/CHANGELOG.md
index 914863a83..7404961f3 100644
--- a/embassy-executor/CHANGELOG.md
+++ b/embassy-executor/CHANGELOG.md
@@ -21,6 +21,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added support for `-> impl Future<Output = ()>` in `#[task]`
 - Fixed `Send` unsoundness with `-> impl Future` tasks
 - Marked `Spawner::for_current_executor` as `unsafe`
+- `#[task]` now properly marks the generated function as unsafe if the task is marked unsafe
 
 ## 0.7.0 - 2025-01-02
 
diff --git a/embassy-executor/tests/ui.rs b/embassy-executor/tests/ui.rs
index 7757775ee..8b83cd368 100644
--- a/embassy-executor/tests/ui.rs
+++ b/embassy-executor/tests/ui.rs
@@ -32,4 +32,5 @@ fn ui() {
     t.compile_fail("tests/ui/self.rs");
     t.compile_fail("tests/ui/type_error.rs");
     t.compile_fail("tests/ui/where_clause.rs");
+    t.pass("tests/ui/task_safety_attribute.rs");
 }
diff --git a/embassy-executor/tests/ui/task_safety_attribute.rs b/embassy-executor/tests/ui/task_safety_attribute.rs
new file mode 100644
index 000000000..ab5a2f99f
--- /dev/null
+++ b/embassy-executor/tests/ui/task_safety_attribute.rs
@@ -0,0 +1,25 @@
+#![cfg_attr(feature = "nightly", feature(impl_trait_in_assoc_type))]
+#![deny(unused_unsafe)]
+
+use std::mem;
+
+#[embassy_executor::task]
+async fn safe() {}
+
+#[embassy_executor::task]
+async unsafe fn not_safe() {}
+
+#[export_name = "__pender"]
+fn pender(_: *mut ()) {
+    // The test doesn't link if we don't include this.
+    // We never call this anyway.
+}
+
+fn main() {
+    let _forget_me = safe();
+    // SAFETY: not_safe has not safety preconditions
+    let _forget_me2 = unsafe { not_safe() };
+
+    mem::forget(_forget_me);
+    mem::forget(_forget_me2);
+}
-- 
cgit 


From 1b42e624246f9355a91ef98ddf96d5af1b9b3687 Mon Sep 17 00:00:00 2001
From: Brezak <bezak.adamko@gmail.com>
Date: Wed, 23 Jul 2025 19:20:09 +0200
Subject: embassy-executor: explicitly return impl Future in task inner task

---
 embassy-executor/tests/ui/nonstatic_struct_elided.stderr | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'embassy-executor')

diff --git a/embassy-executor/tests/ui/nonstatic_struct_elided.stderr b/embassy-executor/tests/ui/nonstatic_struct_elided.stderr
index 099ef8b4e..0ee1bfe0c 100644
--- a/embassy-executor/tests/ui/nonstatic_struct_elided.stderr
+++ b/embassy-executor/tests/ui/nonstatic_struct_elided.stderr
@@ -8,3 +8,17 @@ help: indicate the anonymous lifetime
   |
 6 | async fn task(_x: Foo<'_>) {}
   |                      ++++
+
+error[E0700]: hidden type for `impl Sized` captures lifetime that does not appear in bounds
+ --> tests/ui/nonstatic_struct_elided.rs:5:1
+  |
+5 | #[embassy_executor::task]
+  | ^^^^^^^^^^^^^^^^^^^^^^^^^ opaque type defined here
+6 | async fn task(_x: Foo) {}
+  |                   --- hidden type `impl Sized` captures the anonymous lifetime defined here
+  |
+  = note: this error originates in the attribute macro `embassy_executor::task` (in Nightly builds, run with -Z macro-backtrace for more info)
+help: add a `use<...>` bound to explicitly capture `'_`
+  |
+5 | #[embassy_executor::task] + use<'_>
+  |                           +++++++++
-- 
cgit 


From 539ff78ebbdedbb75d0faf940e3ee69f5e7f276a Mon Sep 17 00:00:00 2001
From: Brezak <bezak.adamko@gmail.com>
Date: Wed, 23 Jul 2025 19:51:31 +0200
Subject: embassy-executor: explicitly return impl Future in task inner task

---
 embassy-executor/src/lib.rs                                   |  8 ++++----
 embassy-executor/tests/test.rs                                | 11 ++++++++++-
 .../tests/ui/bad_return_impl_future_nightly.stderr            |  2 +-
 3 files changed, 15 insertions(+), 6 deletions(-)

(limited to 'embassy-executor')

diff --git a/embassy-executor/src/lib.rs b/embassy-executor/src/lib.rs
index e174a0594..0747db032 100644
--- a/embassy-executor/src/lib.rs
+++ b/embassy-executor/src/lib.rs
@@ -216,7 +216,7 @@ pub mod _export {
     );
 
     #[allow(dead_code)]
-    trait HasOutput {
+    pub trait HasOutput {
         type Output;
     }
 
@@ -225,7 +225,7 @@ pub mod _export {
     }
 
     #[allow(dead_code)]
-    type Never = <fn() -> ! as HasOutput>::Output;
+    pub type Never = <fn() -> ! as HasOutput>::Output;
 }
 
 /// Implementation details for embassy macros.
@@ -242,7 +242,7 @@ pub mod _export {
     impl TaskReturnValue for Never {}
 
     #[allow(dead_code)]
-    trait HasOutput {
+    pub trait HasOutput {
         type Output;
     }
 
@@ -251,5 +251,5 @@ pub mod _export {
     }
 
     #[allow(dead_code)]
-    type Never = <fn() -> ! as HasOutput>::Output;
+    pub type Never = <fn() -> ! as HasOutput>::Output;
 }
diff --git a/embassy-executor/tests/test.rs b/embassy-executor/tests/test.rs
index c1e7ec5d7..b84d3785a 100644
--- a/embassy-executor/tests/test.rs
+++ b/embassy-executor/tests/test.rs
@@ -7,7 +7,7 @@ use std::sync::{Arc, Mutex};
 use std::task::Poll;
 
 use embassy_executor::raw::Executor;
-use embassy_executor::task;
+use embassy_executor::{task, Spawner};
 
 #[export_name = "__pender"]
 fn __pender(context: *mut ()) {
@@ -317,3 +317,12 @@ fn executor_task_cfg_args() {
         let (_, _, _) = (a, b, c);
     }
 }
+
+#[test]
+fn recursive_task() {
+    #[embassy_executor::task(pool_size = 2)]
+    async fn task1() {
+        let spawner = unsafe { Spawner::for_current_executor().await };
+        spawner.spawn(task1());
+    }
+}
diff --git a/embassy-executor/tests/ui/bad_return_impl_future_nightly.stderr b/embassy-executor/tests/ui/bad_return_impl_future_nightly.stderr
index 73ceb989d..3c3c9503b 100644
--- a/embassy-executor/tests/ui/bad_return_impl_future_nightly.stderr
+++ b/embassy-executor/tests/ui/bad_return_impl_future_nightly.stderr
@@ -7,4 +7,4 @@ error[E0277]: task futures must resolve to `()` or `!`
   = note: use `async fn` or change the return type to `impl Future<Output = ()>`
   = help: the following other types implement trait `TaskReturnValue`:
             ()
-            <fn() -> ! as _export::HasOutput>::Output
+            <fn() -> ! as HasOutput>::Output
-- 
cgit 


From 54d9a7fed3ab211b1049aae0af0bc49f912c9df4 Mon Sep 17 00:00:00 2001
From: Brezak <bezak.adamko@gmail.com>
Date: Wed, 23 Jul 2025 21:17:12 +0200
Subject: embassy-executor: add macro ui test for unsafe ops in unsafe tasks

Check if the #[task] macro properly handles unsafe functions so the `unsafe_op_in_unsafe_fn` lint still works
---
 embassy-executor/tests/ui.rs                           |  2 ++
 embassy-executor/tests/ui/unsafe_op_in_unsafe_task.rs  | 10 ++++++++++
 .../tests/ui/unsafe_op_in_unsafe_task.stderr           | 18 ++++++++++++++++++
 3 files changed, 30 insertions(+)
 create mode 100644 embassy-executor/tests/ui/unsafe_op_in_unsafe_task.rs
 create mode 100644 embassy-executor/tests/ui/unsafe_op_in_unsafe_task.stderr

(limited to 'embassy-executor')

diff --git a/embassy-executor/tests/ui.rs b/embassy-executor/tests/ui.rs
index 8b83cd368..5486a0624 100644
--- a/embassy-executor/tests/ui.rs
+++ b/embassy-executor/tests/ui.rs
@@ -32,5 +32,7 @@ fn ui() {
     t.compile_fail("tests/ui/self.rs");
     t.compile_fail("tests/ui/type_error.rs");
     t.compile_fail("tests/ui/where_clause.rs");
+    t.compile_fail("tests/ui/unsafe_op_in_unsafe_task.rs");
+
     t.pass("tests/ui/task_safety_attribute.rs");
 }
diff --git a/embassy-executor/tests/ui/unsafe_op_in_unsafe_task.rs b/embassy-executor/tests/ui/unsafe_op_in_unsafe_task.rs
new file mode 100644
index 000000000..ee7924838
--- /dev/null
+++ b/embassy-executor/tests/ui/unsafe_op_in_unsafe_task.rs
@@ -0,0 +1,10 @@
+#![cfg_attr(feature = "nightly", feature(impl_trait_in_assoc_type))]
+#![deny(unsafe_op_in_unsafe_fn)]
+
+#[embassy_executor::task]
+async unsafe fn task() {
+    let x = 5;
+    (&x as *const i32).read();
+}
+
+fn main() {}
diff --git a/embassy-executor/tests/ui/unsafe_op_in_unsafe_task.stderr b/embassy-executor/tests/ui/unsafe_op_in_unsafe_task.stderr
new file mode 100644
index 000000000..d987a4b95
--- /dev/null
+++ b/embassy-executor/tests/ui/unsafe_op_in_unsafe_task.stderr
@@ -0,0 +1,18 @@
+error[E0133]: call to unsafe function `std::ptr::const_ptr::<impl *const T>::read` is unsafe and requires unsafe block
+ --> tests/ui/unsafe_op_in_unsafe_task.rs:7:5
+  |
+7 |     (&x as *const i32).read();
+  |     ^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
+  |
+  = note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/unsafe-op-in-unsafe-fn.html>
+  = note: consult the function's documentation for information on how to avoid undefined behavior
+note: an unsafe function restricts its caller, but its body is safe by default
+ --> tests/ui/unsafe_op_in_unsafe_task.rs:5:1
+  |
+5 | async unsafe fn task() {
+  | ^^^^^^^^^^^^^^^^^^^^^^
+note: the lint level is defined here
+ --> tests/ui/unsafe_op_in_unsafe_task.rs:2:9
+  |
+2 | #![deny(unsafe_op_in_unsafe_fn)]
+  |         ^^^^^^^^^^^^^^^^^^^^^^
-- 
cgit