Mark certain CF functions' first argument as non-NULL

The headers are sometimes insufficient in this regard, and you're likely
to be able to cause unsoundness if passing NULL to these.

Part of #695.

crates/header-translator/src/rust_type.rs

@@ -2394,6 +2394,26 @@ impl Ty {
             panic!("tried to fix related result type on non-id type")
         }
     }
+
+    pub(crate) fn fix_fn_first_argument_cf_nullability(&mut self, fn_name: &str) {
+        if let Self::TypeDef {
+            id,
+            nullability: nullability @ Nullability::Unspecified,
+            is_cf: true,
+            ..
+        } = self
+        {
+            let type_name = id.name.strip_suffix("Ref").unwrap_or(&id.name);
+            // We don't ever want to mark these as non-NULL, as they have NULL
+            // statics (`kCFAllocatorDefault` and `kODSessionDefault`).
+            if fn_name.contains(type_name) && !matches!(type_name, "ODSession" | "CFAllocator") {
+                // Is likely a getter, so let's mark it as non-null (CF will
+                // usually crash if given an unexpected NULL pointer, but
+                // we're not entirely sure it will always do so).
+                *nullability = Nullability::NonNull;
+            }
+        }
+    }
 }
 
 /// Strip macros from unexposed types.

crates/header-translator/src/stmt.rs

@@ -1595,6 +1595,10 @@ impl Stmt {
                     _ => error!("unknown"),
                 });
 
+                if let Some((_, first_ty)) = arguments.first_mut() {
+                    first_ty.fix_fn_first_argument_cf_nullability(&id.name);
+                }
+
                 // Don't map `CFRetain`, `CFRelease`, `CFAutorelease`, as well
                 // as custom ones like as `CGColorRelease`, but not things
                 // like `CMBufferQueueDequeueAndRetain`.

framework-crates/objc2-core-foundation/src/string.rs

@@ -90,7 +90,7 @@ impl CFString {
     // encoded strings, see the `as_str_broken` test below.
     #[allow(dead_code)]
     unsafe fn as_str(&self) -> Option<&str> {
-        let bytes = unsafe { CFStringGetCStringPtr(Some(self), CFStringEncoding::UTF8) };
+        let bytes = unsafe { CFStringGetCStringPtr(self, CFStringEncoding::UTF8) };
         NonNull::new(bytes as *mut c_char).map(|bytes| {
             // SAFETY: The pointer is valid for as long as the CFString is not
             // mutated (which the caller ensures it isn't for the lifetime of
@@ -128,11 +128,11 @@ impl fmt::Display for CFString {
         let mut location_utf16 = 0;
 
         loop {
-            let len_utf16 = unsafe { CFStringGetLength(Some(self)) };
+            let len_utf16 = unsafe { CFStringGetLength(self) };
             let mut read_utf8 = 0;
             let read_utf16 = unsafe {
                 CFStringGetBytes(
-                    Some(self),
+                    self,
                     CFRange {
                         location: location_utf16,
                         length: len_utf16 - location_utf16,
@@ -218,7 +218,7 @@ mod tests {
             .unwrap()
         };
         assert_eq!(s.to_string(), "�"); // Replacement character
-        assert_eq!(unsafe { CFStringGetLength(Some(&s)) }, 1);
+        assert_eq!(unsafe { CFStringGetLength(&s) }, 1);
     }
 
     #[test]
@@ -232,7 +232,7 @@ mod tests {
         assert_ne!(
             unsafe {
                 CFStringGetCString(
-                    Some(&s),
+                    &s,
                     buf.as_mut_ptr().cast(),
                     buf.len() as _,
                     CFStringEncoding::UTF8,
@@ -281,7 +281,7 @@ mod tests {
         assert_ne!(
             unsafe {
                 CFStringGetCString(
-                    Some(&s),
+                    &s,
                     buf.as_mut_ptr().cast(),
                     buf.len() as _,
                     CFStringEncoding::UTF8,