diff --git a/src/lib.rs b/src/lib.rs index 7d0ae09..a6c9e56 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -3,7 +3,7 @@ pub(crate) use core::arch::x86; #[cfg(target_arch = "x86_64")] pub(crate) use core::arch::x86_64; // -pub(crate) use core::{marker::*, num::*, ptr::*}; +pub(crate) use core::{marker::*, mem::*, num::*, ptr::*}; macro_rules! impl_unsafe_marker_for_array { ( $marker:ident , $( $n:expr ),* ) => { @@ -11,11 +11,226 @@ macro_rules! impl_unsafe_marker_for_array { } } -macro_rules! impl_unsafe_marker_for_type { - ( $marker:ident , $( $t:ty ),* ) => { - $(unsafe impl $marker for $t {})* +mod zeroable; +pub use zeroable::*; + +mod pod; +pub use pod::*; + +/// Re-interprets `&T` as `&[u8]`. +/// +/// Any ZST becomes an empty slice, and in that case the pointer value of that +/// empty slice might not match the pointer value of the input reference. +#[inline] +pub fn bytes_of(t: &T) -> &[u8] { + try_cast_slice::(core::slice::from_ref(t)).unwrap_or(&[]) +} + +/// Re-interprets `&mut T` as `&mut [u8]`. +/// +/// Any ZST becomes an empty slice, and in that case the pointer value of that +/// empty slice might not match the pointer value of the input reference. +#[inline] +pub fn bytes_of_mut(t: &mut T) -> &mut [u8] { + try_cast_slice_mut::(core::slice::from_mut(t)).unwrap_or(&mut []) +} + +/// The things that can go wrong when casting between [`Pod`] data forms. +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum PodCastError { + /// You tried to cast a slice to an element type with a higher alignment + /// requirement but the slice wasn't aligned. + TargetAlignmentGreaterAndInputNotAligned, + /// You tried to cast between a zero-sized type and a non-zero-sized type. + /// Because the output slice resizes based on the input and output types, it's + /// fairly nonsensical to throw a ZST into the mix. You can go from a ZST to + /// another ZST, if you want. + CantConvertBetweenZSTAndNonZST, + /// If the element size changes then the output slice changes length + /// accordingly. If the output slice wouldn't be a whole number of elements + /// then the conversion fails. + OutputSliceWouldHaveSlop, + /// When casting an individual `T`, `&T`, or `&mut T` value the source size + /// and destination size must be an exact match. + SizeMismatch, +} + +/// Cast `T` into `U` +/// +/// ## Panics +/// +/// This is [`try_cast`] with an unwrap. +#[inline] +pub fn cast(a: A) -> B { + try_cast(a).unwrap() +} + +/// Cast `&mut T` into `&mut U`. +/// +/// ## Panics +/// +/// This is [`try_cast_mut`] with an unwrap. +#[inline] +pub fn cast_mut(a: &mut A) -> &mut B { + try_cast_mut(a).unwrap() +} + +/// Cast `&T` into `&U`. +/// +/// ## Panics +/// +/// This is [`try_cast_ref`] with an unwrap. +#[inline] +pub fn cast_ref(a: &A) -> &B { + try_cast_ref(a).unwrap() +} + +/// Cast `&[T]` into `&[U]`. +/// +/// ## Panics +/// +/// This is [`try_cast_slice`] with an unwrap. +#[inline] +pub fn cast_slice(a: &[A]) -> &[B] { + try_cast_slice(a).unwrap() +} + +/// Cast `&mut [T]` into `&mut [U]`. +/// +/// ## Panics +/// +/// This is [`try_cast_slice_mut`] with an unwrap. +#[inline] +pub fn cast_slice_mut(a: &mut [A]) -> &mut [B] { + try_cast_slice_mut(a).unwrap() +} + +/// As `align_to`, but safe because of the [`Pod`] bound. +#[inline] +pub fn pod_align_to(vals: &[T]) -> (&[T], &[U], &[T]) { + unsafe { vals.align_to::() } +} + +/// As `align_to_mut`, but safe because of the [`Pod`] bound. +#[inline] +pub fn pod_align_to_mut(vals: &mut [T]) -> (&mut [T], &mut [U], &mut [T]) { + unsafe { vals.align_to_mut::() } +} + +/// Try to cast `T` into `U`. +/// +/// ## Failure +/// +/// * If the types don't have the same size this fails. +#[inline] +pub fn try_cast(a: A) -> Result { + if size_of::() == size_of::() { + let mut b = B::zeroed(); + // Note(Lokathor): We copy in terms of `u8` because that allows us to bypass + // any potential alignment difficulties. + let ap = &a as *const A as *const u8; + let bp = &mut b as *mut B as *mut u8; + unsafe { ap.copy_to_nonoverlapping(bp, size_of::()) }; + Ok(b) + } else { + Err(PodCastError::SizeMismatch) } } -mod zeroable; -pub use zeroable::*; +/// Try to convert a `&T` into `&U`. +/// +/// ## Failure +/// +/// * If the reference isn't aligned in the new type +/// * If the source type and target type aren't the same size. +#[inline] +pub fn try_cast_ref(a: &A) -> Result<&B, PodCastError> { + // Note(Lokathor): everything with `align_of` and `size_of` will optimize away + // after monomorphization. + if align_of::() > align_of::() && (a as *const A as usize) % align_of::() != 0 { + Err(PodCastError::TargetAlignmentGreaterAndInputNotAligned) + } else if size_of::() == size_of::() { + Ok(unsafe { + (a as *const A as *const B) + .as_ref() + .unwrap_or_else(|| core::hint::unreachable_unchecked()) + }) + } else { + Err(PodCastError::SizeMismatch) + } +} + +/// Try to convert a `&mut T` into `&mut U`. +/// +/// As [`try_cast_ref`], but `mut`. +#[inline] +pub fn try_cast_mut(a: &mut A) -> Result<&mut B, PodCastError> { + // Note(Lokathor): everything with `align_of` and `size_of` will optimize away + // after monomorphization. + if align_of::() > align_of::() && (a as *mut A as usize) % align_of::() != 0 { + Err(PodCastError::TargetAlignmentGreaterAndInputNotAligned) + } else if size_of::() == size_of::() { + Ok(unsafe { + (a as *mut A as *mut B) + .as_mut() + .unwrap_or_else(|| core::hint::unreachable_unchecked()) + }) + } else { + Err(PodCastError::SizeMismatch) + } +} + +/// Try to convert `&[T]` into `&[U]` (possibly with a change in length). +/// +/// * `input.as_ptr() as usize == output.as_ptr() as usize` +/// * `input.len() * size_of::() == output.len() * size_of::()` +/// +/// ## Failure +/// +/// * If the target type has a greater alignment requirement and the input slice +/// isn't aligned. +/// * If the target element type is a different size from the current element +/// type, and the output slice wouldn't be a whole number of elements when +/// accounting for the size change (eg: three `u16` values is 1.5 `u32` +/// values, so that's a failure). +/// * Similarly, you can't convert between a +/// [ZST](https://doc.rust-lang.org/nomicon/exotic-sizes.html#zero-sized-types-zsts) +/// and a non-ZST. +#[inline] +pub fn try_cast_slice(a: &[A]) -> Result<&[B], PodCastError> { + // Note(Lokathor): everything with `align_of` and `size_of` will optimize away + // after monomorphization. + if align_of::() > align_of::() && (a.as_ptr() as usize) % align_of::() != 0 { + Err(PodCastError::TargetAlignmentGreaterAndInputNotAligned) + } else if size_of::() == size_of::() { + Ok(unsafe { core::slice::from_raw_parts(a.as_ptr() as *const B, a.len()) }) + } else if size_of::() == 0 || size_of::() == 0 { + Err(PodCastError::CantConvertBetweenZSTAndNonZST) + } else if core::mem::size_of_val(a) % size_of::() == 0 { + let new_len = core::mem::size_of_val(a) / size_of::(); + Ok(unsafe { core::slice::from_raw_parts(a.as_ptr() as *const B, new_len) }) + } else { + Err(PodCastError::OutputSliceWouldHaveSlop) + } +} + +/// Try to convert `&mut [T]` into `mut [U]` (possibly with a change in length). +/// +/// As [`try_cast_slice`], but `mut`. +#[inline] +pub fn try_cast_slice_mut(a: &mut [A]) -> Result<&mut [B], PodCastError> { + // Note(Lokathor): everything with `align_of` and `size_of` will optimize away + // after monomorphization. + if align_of::() > align_of::() && (a.as_ptr() as usize) % align_of::() != 0 { + Err(PodCastError::TargetAlignmentGreaterAndInputNotAligned) + } else if size_of::() == size_of::() { + Ok(unsafe { core::slice::from_raw_parts_mut(a.as_ptr() as *mut B, a.len()) }) + } else if size_of::() == 0 || size_of::() == 0 { + Err(PodCastError::CantConvertBetweenZSTAndNonZST) + } else if core::mem::size_of_val(a) % size_of::() == 0 { + let new_len = core::mem::size_of_val(a) / size_of::(); + Ok(unsafe { core::slice::from_raw_parts_mut(a.as_ptr() as *mut B, new_len) }) + } else { + Err(PodCastError::OutputSliceWouldHaveSlop) + } +} diff --git a/src/pod.rs b/src/pod.rs new file mode 100644 index 0000000..b6ed590 --- /dev/null +++ b/src/pod.rs @@ -0,0 +1,90 @@ +use super::*; + +/// Marker trait for "plain old data". +/// +/// The point of this trait is that once something is marked "plain old data" +/// you can really go to town with the bit fiddling and bit casting. Therefore, +/// it's a relatively strong claim to make about a type. Do not add this to your +/// type casually. +/// +/// **Reminder:** The results of casting around bytes between data types are +/// _endian dependant_. Little-endian machines are the most common, but +/// big-endian machines do exist (and big-endian is also used for "network +/// order" bytes). +/// +/// ## Safety +/// +/// * The type must be inhabited (eg: no +/// [Infallible](core::convert::Infallible)). +/// * The type must allow any bit pattern (eg: no `bool` or `char`). +/// * The type must not contain any padding bytes (eg: no `(u8, u16)`). +/// * A struct needs to be `repr(C)`, or a `repr(transparent)` wrapper around a +/// `Pod` type. +pub unsafe trait Pod: Zeroable + Copy + 'static {} + +unsafe impl Pod for () {} +unsafe impl Pod for u8 {} +unsafe impl Pod for i8 {} +unsafe impl Pod for u16 {} +unsafe impl Pod for i16 {} +unsafe impl Pod for u32 {} +unsafe impl Pod for i32 {} +unsafe impl Pod for u64 {} +unsafe impl Pod for i64 {} +unsafe impl Pod for usize {} +unsafe impl Pod for isize {} +unsafe impl Pod for u128 {} +unsafe impl Pod for i128 {} +unsafe impl Pod for f32 {} +unsafe impl Pod for f64 {} +unsafe impl Pod for Wrapping {} + +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} +unsafe impl Pod for Option {} + +unsafe impl Pod for *mut T {} +unsafe impl Pod for *const T {} +unsafe impl Pod for Option> {} +unsafe impl Pod for PhantomData {} +unsafe impl Pod for ManuallyDrop {} + +impl_unsafe_marker_for_array!( + Pod, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, 48, 64, 96, 128, 256, 512, 1024 +); + +#[cfg(target_arch = "x86")] +unsafe impl Pod for x86::__m128i {} +#[cfg(target_arch = "x86")] +unsafe impl Pod for x86::__m128 {} +#[cfg(target_arch = "x86")] +unsafe impl Pod for x86::__m128d {} +#[cfg(target_arch = "x86")] +unsafe impl Pod for x86::__m256i {} +#[cfg(target_arch = "x86")] +unsafe impl Pod for x86::__m256 {} +#[cfg(target_arch = "x86")] +unsafe impl Pod for x86::__m256d {} + +#[cfg(target_arch = "x86_64")] +unsafe impl Pod for x86_64::__m128i {} +#[cfg(target_arch = "x86_64")] +unsafe impl Pod for x86_64::__m128 {} +#[cfg(target_arch = "x86_64")] +unsafe impl Pod for x86_64::__m128d {} +#[cfg(target_arch = "x86_64")] +unsafe impl Pod for x86_64::__m256i {} +#[cfg(target_arch = "x86_64")] +unsafe impl Pod for x86_64::__m256 {} +#[cfg(target_arch = "x86_64")] +unsafe impl Pod for x86_64::__m256d {} diff --git a/src/zeroable.rs b/src/zeroable.rs index dd810d8..a5b24b1 100644 --- a/src/zeroable.rs +++ b/src/zeroable.rs @@ -35,6 +35,7 @@ unsafe impl Zeroable for u128 {} unsafe impl Zeroable for i128 {} unsafe impl Zeroable for f32 {} unsafe impl Zeroable for f64 {} +unsafe impl Zeroable for Wrapping {} unsafe impl Zeroable for Option {} unsafe impl Zeroable for Option {} @@ -52,70 +53,35 @@ unsafe impl Zeroable for Option {} unsafe impl Zeroable for *mut T {} unsafe impl Zeroable for *const T {} unsafe impl Zeroable for Option> {} -unsafe impl Zeroable for PhantomData where T: Zeroable {} +unsafe impl Zeroable for PhantomData {} +unsafe impl Zeroable for ManuallyDrop {} -unsafe impl Zeroable for (A,) where A: Zeroable {} -unsafe impl Zeroable for (A, B) -where - A: Zeroable, - B: Zeroable, +unsafe impl Zeroable for (A,) {} +unsafe impl Zeroable for (A, B) {} +unsafe impl Zeroable for (A, B, C) {} +unsafe impl Zeroable for (A, B, C, D) {} +unsafe impl Zeroable + for (A, B, C, D, E) { } -unsafe impl Zeroable for (A, B, C) -where - A: Zeroable, - B: Zeroable, - C: Zeroable, +unsafe impl Zeroable + for (A, B, C, D, E, F) { } -unsafe impl Zeroable for (A, B, C, D) -where - A: Zeroable, - B: Zeroable, - C: Zeroable, - D: Zeroable, +unsafe impl + Zeroable for (A, B, C, D, E, F, G) { } -unsafe impl Zeroable for (A, B, C, D, E) -where - A: Zeroable, - B: Zeroable, - C: Zeroable, - D: Zeroable, - E: Zeroable, -{ -} -unsafe impl Zeroable for (A, B, C, D, E, F) -where - A: Zeroable, - B: Zeroable, - C: Zeroable, - D: Zeroable, - E: Zeroable, - F: Zeroable, -{ -} -unsafe impl Zeroable for (A, B, C, D, E, F, G) -where - A: Zeroable, - B: Zeroable, - C: Zeroable, - D: Zeroable, - E: Zeroable, - F: Zeroable, - G: Zeroable, -{ -} -unsafe impl Zeroable for (A, B, C, D, E, F, G, H) -where - A: Zeroable, - B: Zeroable, - C: Zeroable, - D: Zeroable, - E: Zeroable, - F: Zeroable, - G: Zeroable, - H: Zeroable, +unsafe impl< + A: Zeroable, + B: Zeroable, + C: Zeroable, + D: Zeroable, + E: Zeroable, + F: Zeroable, + G: Zeroable, + H: Zeroable, + > Zeroable for (A, B, C, D, E, F, G, H) { }