Fix pin prob

[adetaylor]

Fixes #833 by documenting all unsafe code, and forbidding unsafe code in most places.

[bsilver8192]

I think it's still broken the same way it was before @adetaylor . Rust is moving storage without calling a C++ copy or move constructor again.

It's interesting that it passes asan, maybe the compiler optimizes the memory allocation out completely? https://github.com/google/autocxx/runs/5391090192?check_suite_focus=true shows it failing even though I'm pretty sure my changes in #843 don't cause it.

On top of current main, this patch:

diff --git a/integration-tests/tests/integration_test.rs b/integration-tests/tests/integration_test.rs
index f9c6b91..0fc0560 100644
--- a/integration-tests/tests/integration_test.rs
+++ b/integration-tests/tests/integration_test.rs
@@ -7739,7 +7739,11 @@ fn test_pass_by_value_moveit() {
     let hdr = indoc! {"
     #include <stdint.h>
     #include <string>
+    #include <stdio.h>
     struct A {
+        A() { fprintf(stderr, \"default %p\\n\", this); }
+        ~A() { fprintf(stderr, \"destructor %p\\n\", this); }
+        A(const A&other) : a(other.a) { fprintf(stderr, \"copy %p from %p\\n\", this, &other); }
         void set(uint32_t val) { a = val; }
         uint32_t a;
         std::string so_we_are_non_trivial;

makes it fail for me locally, and print this when it does fail:

default 0x7ffe4bce6998
copy 0x7ffe4bce68f0 from 0x7ffe4bce6998
copy 0x7ffe4bce6870 from 0x7ffe4bce68f0
destructor 0x7ffe4bce6870
destructor 0x7ffe4bce6838
free(): invalid pointer

[adetaylor]

I don't see the crash, but I do see that one of the destructor addresses doesn't match up, so looking now.

[adetaylor]

Pretty sure this is it - what do you think, @bsilver8192? #872

[bsilver8192]

Yep, I think that fixes it.