safety: introduce pointer types and their restrictions

Makefile

@@ -63,7 +63,8 @@ CASSANDRA_TEST_FILTER := $(subst ${SPACE},${EMPTY},ClusterTests.*\
 endif
 
 ifndef CCM_COMMIT_ID
-	export CCM_COMMIT_ID := master
+	# TODO: change it back to master/next when https://github.com/scylladb/scylla-ccm/issues/646 is fixed.
+	export CCM_COMMIT_ID := 5392dd68
 endif
 
 ifndef SCYLLA_VERSION

scylla-rust-wrapper/src/batch.rs

@@ -1,4 +1,7 @@
-use crate::argconv::{ArcFFI, BoxFFI};
+use crate::argconv::{
+    ArcFFI, BoxFFI, CMut, CassBorrowedExclusivePtr, CassBorrowedSharedPtr, CassOwnedExclusivePtr,
+    FromBox, FFI,
+};
 use crate::cass_error::CassError;
 use crate::cass_types::CassConsistency;
 use crate::cass_types::{make_batch_type, CassBatchType};
@@ -19,7 +22,9 @@ pub struct CassBatch {
     pub(crate) exec_profile: Option<PerStatementExecProfile>,
 }
 
-impl BoxFFI for CassBatch {}
+impl FFI for CassBatch {
+    type Origin = FromBox;
+}
 
 #[derive(Clone)]
 pub struct CassBatchState {
@@ -28,7 +33,9 @@ pub struct CassBatchState {
 }
 
 #[no_mangle]
-pub unsafe extern "C" fn cass_batch_new(type_: CassBatchType) -> *mut CassBatch {
+pub unsafe extern "C" fn cass_batch_new(
+    type_: CassBatchType,
+) -> CassOwnedExclusivePtr<CassBatch, CMut> {
     if let Some(batch_type) = make_batch_type(type_) {
         BoxFFI::into_ptr(Box::new(CassBatch {
             state: Arc::new(CassBatchState {
@@ -39,21 +46,21 @@ pub unsafe extern "C" fn cass_batch_new(type_: CassBatchType) -> *mut CassBatch
             exec_profile: None,
         }))
     } else {
-        std::ptr::null_mut()
+        BoxFFI::null_mut()
     }
 }
 
 #[no_mangle]
-pub unsafe extern "C" fn cass_batch_free(batch: *mut CassBatch) {
+pub unsafe extern "C" fn cass_batch_free(batch: CassOwnedExclusivePtr<CassBatch, CMut>) {
     BoxFFI::free(batch);
 }
 
 #[no_mangle]
 pub unsafe extern "C" fn cass_batch_set_consistency(
-    batch: *mut CassBatch,
+    batch: CassBorrowedExclusivePtr<CassBatch, CMut>,
     consistency: CassConsistency,
 ) -> CassError {
-    let batch = BoxFFI::as_mut_ref(batch);
+    let batch = BoxFFI::as_mut_ref(batch).unwrap();
     let consistency = match consistency.try_into().ok() {
         Some(c) => c,
         None => return CassError::CASS_ERROR_LIB_BAD_PARAMS,
@@ -67,10 +74,10 @@ pub unsafe extern "C" fn cass_batch_set_consistency(
 
 #[no_mangle]
 pub unsafe extern "C" fn cass_batch_set_serial_consistency(
-    batch: *mut CassBatch,
+    batch: CassBorrowedExclusivePtr<CassBatch, CMut>,
     serial_consistency: CassConsistency,
 ) -> CassError {
-    let batch = BoxFFI::as_mut_ref(batch);
+    let batch = BoxFFI::as_mut_ref(batch).unwrap();
     let serial_consistency = match serial_consistency.try_into().ok() {
         Some(c) => c,
         None => return CassError::CASS_ERROR_LIB_BAD_PARAMS,
@@ -84,13 +91,13 @@ pub unsafe extern "C" fn cass_batch_set_serial_consistency(
 
 #[no_mangle]
 pub unsafe extern "C" fn cass_batch_set_retry_policy(
-    batch: *mut CassBatch,
-    retry_policy: *const CassRetryPolicy,
+    batch: CassBorrowedExclusivePtr<CassBatch, CMut>,
+    retry_policy: CassBorrowedSharedPtr<CassRetryPolicy, CMut>,
 ) -> CassError {
-    let batch = BoxFFI::as_mut_ref(batch);
+    let batch = BoxFFI::as_mut_ref(batch).unwrap();
 
     let maybe_arced_retry_policy: Option<Arc<dyn scylla::policies::retry::RetryPolicy>> =
-        ArcFFI::as_maybe_ref(retry_policy).map(|policy| match policy {
+        ArcFFI::as_ref(retry_policy).map(|policy| match policy {
             CassRetryPolicy::DefaultRetryPolicy(default) => {
                 default.clone() as Arc<dyn scylla::policies::retry::RetryPolicy>
             }
@@ -107,10 +114,10 @@ pub unsafe extern "C" fn cass_batch_set_retry_policy(
 
 #[no_mangle]
 pub unsafe extern "C" fn cass_batch_set_timestamp(
-    batch: *mut CassBatch,
+    batch: CassBorrowedExclusivePtr<CassBatch, CMut>,
     timestamp: cass_int64_t,
 ) -> CassError {
-    let batch = BoxFFI::as_mut_ref(batch);
+    let batch = BoxFFI::as_mut_ref(batch).unwrap();
 
     Arc::make_mut(&mut batch.state)
         .batch
@@ -121,21 +128,21 @@ pub unsafe extern "C" fn cass_batch_set_timestamp(
 
 #[no_mangle]
 pub unsafe extern "C" fn cass_batch_set_request_timeout(
-    batch: *mut CassBatch,
+    batch: CassBorrowedExclusivePtr<CassBatch, CMut>,
     timeout_ms: cass_uint64_t,
 ) -> CassError {
-    let batch = BoxFFI::as_mut_ref(batch);
+    let batch = BoxFFI::as_mut_ref(batch).unwrap();
     batch.batch_request_timeout_ms = Some(timeout_ms);
 
     CassError::CASS_OK
 }
 
 #[no_mangle]
 pub unsafe extern "C" fn cass_batch_set_is_idempotent(
-    batch: *mut CassBatch,
+    batch: CassBorrowedExclusivePtr<CassBatch, CMut>,
     is_idempotent: cass_bool_t,
 ) -> CassError {
-    let batch = BoxFFI::as_mut_ref(batch);
+    let batch = BoxFFI::as_mut_ref(batch).unwrap();
     Arc::make_mut(&mut batch.state)
         .batch
         .set_is_idempotent(is_idempotent != 0);
@@ -145,10 +152,10 @@ pub unsafe extern "C" fn cass_batch_set_is_idempotent(
 
 #[no_mangle]
 pub unsafe extern "C" fn cass_batch_set_tracing(
-    batch: *mut CassBatch,
+    batch: CassBorrowedExclusivePtr<CassBatch, CMut>,
     enabled: cass_bool_t,
 ) -> CassError {
-    let batch = BoxFFI::as_mut_ref(batch);
+    let batch = BoxFFI::as_mut_ref(batch).unwrap();
     Arc::make_mut(&mut batch.state)
         .batch
         .set_tracing(enabled != 0);
@@ -158,12 +165,12 @@ pub unsafe extern "C" fn cass_batch_set_tracing(
 
 #[no_mangle]
 pub unsafe extern "C" fn cass_batch_add_statement(
-    batch: *mut CassBatch,
-    statement: *const CassStatement,
+    batch: CassBorrowedExclusivePtr<CassBatch, CMut>,
+    statement: CassBorrowedSharedPtr<CassStatement, CMut>,
 ) -> CassError {
-    let batch = BoxFFI::as_mut_ref(batch);
+    let batch = BoxFFI::as_mut_ref(batch).unwrap();
     let state = Arc::make_mut(&mut batch.state);
-    let statement = BoxFFI::as_ref(statement);
+    let statement = BoxFFI::as_ref(statement).unwrap();
 
     match &statement.statement {
         BoundStatement::Simple(q) => {

scylla-rust-wrapper/src/binding.rs

@@ -53,15 +53,15 @@ macro_rules! make_index_binder {
         #[no_mangle]
         #[allow(clippy::redundant_closure_call)]
         pub unsafe extern "C" fn $fn_by_idx(
-            this: *mut $this,
+            this: CassBorrowedExclusivePtr<$this, CMut>,
             index: size_t,
             $($arg: $t), *
         ) -> CassError {
             // For some reason detected as unused, which is not true
             #[allow(unused_imports)]
             use crate::value::CassCqlValue::*;
             match ($e)($($arg), *) {
-                Ok(v) => $consume_v(BoxFFI::as_mut_ref(this), index as usize, v),
+                Ok(v) => $consume_v(BoxFFI::as_mut_ref(this).unwrap(), index as usize, v),
                 Err(e) => e,
             }
         }
@@ -73,7 +73,7 @@ macro_rules! make_name_binder {
         #[no_mangle]
         #[allow(clippy::redundant_closure_call)]
         pub unsafe extern "C" fn $fn_by_name(
-            this: *mut $this,
+            this: CassBorrowedExclusivePtr<$this, CMut>,
             name: *const c_char,
             $($arg: $t), *
         ) -> CassError {
@@ -82,7 +82,7 @@ macro_rules! make_name_binder {
             use crate::value::CassCqlValue::*;
             let name = ptr_to_cstr(name).unwrap();
             match ($e)($($arg), *) {
-                Ok(v) => $consume_v(BoxFFI::as_mut_ref(this), name, v),
+                Ok(v) => $consume_v(BoxFFI::as_mut_ref(this).unwrap(), name, v),
                 Err(e) => e,
             }
         }
@@ -94,7 +94,7 @@ macro_rules! make_name_n_binder {
         #[no_mangle]
         #[allow(clippy::redundant_closure_call)]
         pub unsafe extern "C" fn $fn_by_name_n(
-            this: *mut $this,
+            this: CassBorrowedExclusivePtr<$this, CMut>,
             name: *const c_char,
             name_length: size_t,
             $($arg: $t), *
@@ -104,7 +104,7 @@ macro_rules! make_name_n_binder {
             use crate::value::CassCqlValue::*;
             let name = ptr_to_cstr_n(name, name_length).unwrap();
             match ($e)($($arg), *) {
-                Ok(v) => $consume_v(BoxFFI::as_mut_ref(this), name, v),
+                Ok(v) => $consume_v(BoxFFI::as_mut_ref(this).unwrap(), name, v),
                 Err(e) => e,
             }
         }
@@ -116,14 +116,14 @@ macro_rules! make_appender {
         #[no_mangle]
         #[allow(clippy::redundant_closure_call)]
         pub unsafe extern "C" fn $fn_append(
-            this: *mut $this,
+            this: CassBorrowedExclusivePtr<$this, CMut>,
             $($arg: $t), *
         ) -> CassError {
             // For some reason detected as unused, which is not true
             #[allow(unused_imports)]
             use crate::value::CassCqlValue::*;
             match ($e)($($arg), *) {
-                Ok(v) => $consume_v(BoxFFI::as_mut_ref(this), v),
+                Ok(v) => $consume_v(BoxFFI::as_mut_ref(this).unwrap(), v),
                 Err(e) => e,
             }
         }
@@ -302,33 +302,35 @@ macro_rules! invoke_binder_maker_macro_with_type {
             $this,
             $consume_v,
             $fn,
-            |p: *const crate::collection::CassCollection| {
-                match std::convert::TryInto::try_into(BoxFFI::as_ref(p)) {
+            |p: CassBorrowedSharedPtr<crate::collection::CassCollection, CConst>| {
+                match std::convert::TryInto::try_into(BoxFFI::as_ref(p).unwrap()) {
                     Ok(v) => Ok(Some(v)),
                     Err(_) => Err(CassError::CASS_ERROR_LIB_INVALID_VALUE_TYPE),
                 }
             },
-            [p @ *const crate::collection::CassCollection]
+            [p @ CassBorrowedSharedPtr<crate::collection::CassCollection, CConst>]
         );
     };
     (tuple, $macro_name:ident, $this:ty, $consume_v:expr, $fn:ident) => {
         $macro_name!(
             $this,
             $consume_v,
             $fn,
-            |p: *const crate::tuple::CassTuple| {
-                Ok(Some(BoxFFI::as_ref(p).into()))
+            |p: CassBorrowedSharedPtr<crate::tuple::CassTuple, CConst>| {
+                Ok(Some(BoxFFI::as_ref(p).unwrap().into()))
             },
-            [p @ *const crate::tuple::CassTuple]
+            [p @ CassBorrowedSharedPtr<crate::tuple::CassTuple, CConst>]
         );
     };
     (user_type, $macro_name:ident, $this:ty, $consume_v:expr, $fn:ident) => {
         $macro_name!(
             $this,
             $consume_v,
             $fn,
-            |p: *const crate::user_type::CassUserType| Ok(Some(BoxFFI::as_ref(p).into())),
-            [p @ *const crate::user_type::CassUserType]
+            |p: CassBorrowedSharedPtr<crate::user_type::CassUserType, CConst>| {
+                Ok(Some(BoxFFI::as_ref(p).unwrap().into()))
+            },
+            [p @ CassBorrowedSharedPtr<crate::user_type::CassUserType, CConst>]
         );
     };
 }