nordic-dev.net/bytemuck
2
0
Fork 0
mirror of https://github.com/Lokathor/bytemuck.git synced 2024-11-22 06:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update TransparentWrapper asserts (#232)

Browse Source 
* Update TransparentWrapper asserts.

* Update TransparentWrapperAlloc assert comments.
This commit is contained in:
zachs18 2024-04-09 20:02:38 -05:00 committed by GitHub
parent 0c821ce9d5
commit eeb6e9dd53
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 77 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/allocation.rs
View File

@ -531,6 +531,11 @@ pub trait TransparentWrapperAlloc<Inner: ?Sized>:
/// type. /// type.
#[inline] #[inline]
fn wrap_box(s: Box<Inner>) -> Box<Self> { fn wrap_box(s: Box<Inner>) -> Box<Self> {
// The unsafe contract requires that these two have
// identical representations, and thus identical pointer metadata.
// Assert that Self and Inner have the same pointer size,
// which is the best we can do to assert their metadata is the same type
// on stable.
assert!(size_of::<*mut Inner>() == size_of::<*mut Self>()); assert!(size_of::<*mut Inner>() == size_of::<*mut Self>());
unsafe { unsafe {
@ -555,6 +560,11 @@ pub trait TransparentWrapperAlloc<Inner: ?Sized>:
/// wrapper type. /// wrapper type.
#[inline] #[inline]
fn wrap_rc(s: Rc<Inner>) -> Rc<Self> { fn wrap_rc(s: Rc<Inner>) -> Rc<Self> {
// The unsafe contract requires that these two have
// identical representations, and thus identical pointer metadata.
// Assert that Self and Inner have the same pointer size,
// which is the best we can do to assert their metadata is the same type
// on stable.
assert!(size_of::<*mut Inner>() == size_of::<*mut Self>()); assert!(size_of::<*mut Inner>() == size_of::<*mut Self>());
unsafe { unsafe {
@ -578,6 +588,11 @@ pub trait TransparentWrapperAlloc<Inner: ?Sized>:
#[inline] #[inline]
#[cfg(target_has_atomic = "ptr")] #[cfg(target_has_atomic = "ptr")]
fn wrap_arc(s: Arc<Inner>) -> Arc<Self> { fn wrap_arc(s: Arc<Inner>) -> Arc<Self> {
// The unsafe contract requires that these two have
// identical representations, and thus identical pointer metadata.
// Assert that Self and Inner have the same pointer size,
// which is the best we can do to assert their metadata is the same type
// on stable.
assert!(size_of::<*mut Inner>() == size_of::<*mut Self>()); assert!(size_of::<*mut Inner>() == size_of::<*mut Self>());
unsafe { unsafe {
@ -621,6 +636,11 @@ pub trait TransparentWrapperAlloc<Inner: ?Sized>:
/// type. /// type.
#[inline] #[inline]
fn peel_box(s: Box<Self>) -> Box<Inner> { fn peel_box(s: Box<Self>) -> Box<Inner> {
// The unsafe contract requires that these two have
// identical representations, and thus identical pointer metadata.
// Assert that Self and Inner have the same pointer size,
// which is the best we can do to assert their metadata is the same type
// on stable.
assert!(size_of::<*mut Inner>() == size_of::<*mut Self>()); assert!(size_of::<*mut Inner>() == size_of::<*mut Self>());
unsafe { unsafe {
@ -645,6 +665,11 @@ pub trait TransparentWrapperAlloc<Inner: ?Sized>:
/// inner type. /// inner type.
#[inline] #[inline]
fn peel_rc(s: Rc<Self>) -> Rc<Inner> { fn peel_rc(s: Rc<Self>) -> Rc<Inner> {
// The unsafe contract requires that these two have
// identical representations, and thus identical pointer metadata.
// Assert that Self and Inner have the same pointer size,
// which is the best we can do to assert their metadata is the same type
// on stable.
assert!(size_of::<*mut Inner>() == size_of::<*mut Self>()); assert!(size_of::<*mut Inner>() == size_of::<*mut Self>());
unsafe { unsafe {
@ -668,6 +693,11 @@ pub trait TransparentWrapperAlloc<Inner: ?Sized>:
#[inline] #[inline]
#[cfg(target_has_atomic = "ptr")] #[cfg(target_has_atomic = "ptr")]
fn peel_arc(s: Arc<Self>) -> Arc<Inner> { fn peel_arc(s: Arc<Self>) -> Arc<Inner> {
// The unsafe contract requires that these two have
// identical representations, and thus identical pointer metadata.
// Assert that Self and Inner have the same pointer size,
// which is the best we can do to assert their metadata is the same type
// on stable.
assert!(size_of::<*mut Inner>() == size_of::<*mut Self>()); assert!(size_of::<*mut Inner>() == size_of::<*mut Self>());
unsafe { unsafe {

65
src/transparent.rs
View File

@ -89,9 +89,8 @@ use super::*;
/// ///
/// ## Deriving /// ## Deriving
/// ///
/// When deriving, the non-wrapped fields must uphold all the normal requirements, /// When deriving, the non-wrapped fields must uphold all the normal
/// and must also be `Zeroable`. /// requirements, and must also be `Zeroable`.
///
#[cfg_attr(feature = "derive", doc = "```")] #[cfg_attr(feature = "derive", doc = "```")]
#[cfg_attr( #[cfg_attr(
not(feature = "derive"), not(feature = "derive"),
@ -108,7 +107,6 @@ use super::*;
/// ``` /// ```
/// ///
/// Here, an error will occur, because `MyZst` does not implement `Zeroable`. /// Here, an error will occur, because `MyZst` does not implement `Zeroable`.
///
#[cfg_attr(feature = "derive", doc = "```compile_fail")] #[cfg_attr(feature = "derive", doc = "```compile_fail")]
#[cfg_attr( #[cfg_attr(
not(feature = "derive"), not(feature = "derive"),
@ -131,6 +129,8 @@ pub unsafe trait TransparentWrapper<Inner: ?Sized> {
Self: Sized, Self: Sized,
Inner: Sized, Inner: Sized,
{ {
assert!(size_of::<Inner>() == size_of::<Self>());
assert!(align_of::<Inner>() == align_of::<Self>());
// SAFETY: The unsafe contract requires that `Self` and `Inner` have // SAFETY: The unsafe contract requires that `Self` and `Inner` have
// identical representations. // identical representations.
unsafe { transmute!(s) } unsafe { transmute!(s) }
@ -140,8 +140,13 @@ pub unsafe trait TransparentWrapper<Inner: ?Sized> {
/// type. /// type.
#[inline] #[inline]
fn wrap_ref(s: &Inner) -> &Self { fn wrap_ref(s: &Inner) -> &Self {
unsafe { // The unsafe contract requires that these two have
// identical representations, and thus identical pointer metadata.
// Assert that Self and Inner have the same pointer size,
// which is the best we can do to assert their metadata is the same type
// on stable.
assert!(size_of::<*const Inner>() == size_of::<*const Self>()); assert!(size_of::<*const Inner>() == size_of::<*const Self>());
unsafe {
// A pointer cast doesn't work here because rustc can't tell that // A pointer cast doesn't work here because rustc can't tell that
// the vtables match (because of the `?Sized` restriction relaxation). // the vtables match (because of the `?Sized` restriction relaxation).
// A `transmute` doesn't work because the sizes are unspecified. // A `transmute` doesn't work because the sizes are unspecified.
@ -158,8 +163,12 @@ pub unsafe trait TransparentWrapper<Inner: ?Sized> {
/// the wrapper type. /// the wrapper type.
#[inline] #[inline]
fn wrap_mut(s: &mut Inner) -> &mut Self { fn wrap_mut(s: &mut Inner) -> &mut Self {
unsafe { // The unsafe contract requires that these two have
// identical representations, and thus identical pointer metadata.
// Assert that Self and Inner have the same pointer size,
// which is about the best we can do on stable.
assert!(size_of::<*mut Inner>() == size_of::<*mut Self>()); assert!(size_of::<*mut Inner>() == size_of::<*mut Self>());
unsafe {
// A pointer cast doesn't work here because rustc can't tell that // A pointer cast doesn't work here because rustc can't tell that
// the vtables match (because of the `?Sized` restriction relaxation). // the vtables match (because of the `?Sized` restriction relaxation).
// A `transmute` doesn't work because the sizes are unspecified. // A `transmute` doesn't work because the sizes are unspecified.
@ -179,13 +188,11 @@ pub unsafe trait TransparentWrapper<Inner: ?Sized> {
Self: Sized, Self: Sized,
Inner: Sized, Inner: Sized,
{ {
unsafe { assert!(size_of::<Inner>() == size_of::<Self>());
assert!(size_of::<*const Inner>() == size_of::<*const Self>()); assert!(align_of::<Inner>() == align_of::<Self>());
assert!(align_of::<*const Inner>() == align_of::<*const Self>());
// SAFETY: The unsafe contract requires that these two have // SAFETY: The unsafe contract requires that these two have
// identical representations (size and alignment). // identical representations (size and alignment).
core::slice::from_raw_parts(s.as_ptr() as *const Self, s.len()) unsafe { core::slice::from_raw_parts(s.as_ptr() as *const Self, s.len()) }
}
} }
/// Convert a mutable slice to the inner type into a mutable slice to the /// Convert a mutable slice to the inner type into a mutable slice to the
@ -196,11 +203,11 @@ pub unsafe trait TransparentWrapper<Inner: ?Sized> {
Self: Sized, Self: Sized,
Inner: Sized, Inner: Sized,
{ {
unsafe { assert!(size_of::<Inner>() == size_of::<Self>());
assert!(size_of::<*mut Inner>() == size_of::<*mut Self>()); assert!(align_of::<Inner>() == align_of::<Self>());
assert!(align_of::<*mut Inner>() == align_of::<*mut Self>());
// SAFETY: The unsafe contract requires that these two have // SAFETY: The unsafe contract requires that these two have
// identical representations (size and alignment). // identical representations (size and alignment).
unsafe {
core::slice::from_raw_parts_mut(s.as_mut_ptr() as *mut Self, s.len()) core::slice::from_raw_parts_mut(s.as_mut_ptr() as *mut Self, s.len())
} }
} }
@ -212,6 +219,10 @@ pub unsafe trait TransparentWrapper<Inner: ?Sized> {
Self: Sized, Self: Sized,
Inner: Sized, Inner: Sized,
{ {
assert!(size_of::<Inner>() == size_of::<Self>());
assert!(align_of::<Inner>() == align_of::<Self>());
// SAFETY: The unsafe contract requires that `Self` and `Inner` have
// identical representations.
unsafe { transmute!(s) } unsafe { transmute!(s) }
} }
@ -219,8 +230,12 @@ pub unsafe trait TransparentWrapper<Inner: ?Sized> {
/// type. /// type.
#[inline] #[inline]
fn peel_ref(s: &Self) -> &Inner { fn peel_ref(s: &Self) -> &Inner {
unsafe { // The unsafe contract requires that these two have
// identical representations, and thus identical pointer metadata.
// Assert that Self and Inner have the same pointer size,
// which is about the best we can do on stable.
assert!(size_of::<*const Inner>() == size_of::<*const Self>()); assert!(size_of::<*const Inner>() == size_of::<*const Self>());
unsafe {
// A pointer cast doesn't work here because rustc can't tell that // A pointer cast doesn't work here because rustc can't tell that
// the vtables match (because of the `?Sized` restriction relaxation). // the vtables match (because of the `?Sized` restriction relaxation).
// A `transmute` doesn't work because the sizes are unspecified. // A `transmute` doesn't work because the sizes are unspecified.
@ -237,8 +252,12 @@ pub unsafe trait TransparentWrapper<Inner: ?Sized> {
/// to the inner type. /// to the inner type.
#[inline] #[inline]
fn peel_mut(s: &mut Self) -> &mut Inner { fn peel_mut(s: &mut Self) -> &mut Inner {
unsafe { // The unsafe contract requires that these two have
// identical representations, and thus identical pointer metadata.
// Assert that Self and Inner have the same pointer size,
// which is about the best we can do on stable.
assert!(size_of::<*mut Inner>() == size_of::<*mut Self>()); assert!(size_of::<*mut Inner>() == size_of::<*mut Self>());
unsafe {
// A pointer cast doesn't work here because rustc can't tell that // A pointer cast doesn't work here because rustc can't tell that
// the vtables match (because of the `?Sized` restriction relaxation). // the vtables match (because of the `?Sized` restriction relaxation).
// A `transmute` doesn't work because the sizes are unspecified. // A `transmute` doesn't work because the sizes are unspecified.
@ -258,13 +277,11 @@ pub unsafe trait TransparentWrapper<Inner: ?Sized> {
Self: Sized, Self: Sized,
Inner: Sized, Inner: Sized,
{ {
unsafe { assert!(size_of::<Inner>() == size_of::<Self>());
assert!(size_of::<*const Inner>() == size_of::<*const Self>()); assert!(align_of::<Inner>() == align_of::<Self>());
assert!(align_of::<*const Inner>() == align_of::<*const Self>());
// SAFETY: The unsafe contract requires that these two have // SAFETY: The unsafe contract requires that these two have
// identical representations (size and alignment). // identical representations (size and alignment).
core::slice::from_raw_parts(s.as_ptr() as *const Inner, s.len()) unsafe { core::slice::from_raw_parts(s.as_ptr() as *const Inner, s.len()) }
}
} }
/// Convert a mutable slice to the wrapped type into a mutable slice to the /// Convert a mutable slice to the wrapped type into a mutable slice to the
@ -275,11 +292,11 @@ pub unsafe trait TransparentWrapper<Inner: ?Sized> {
Self: Sized, Self: Sized,
Inner: Sized, Inner: Sized,
{ {
unsafe { assert!(size_of::<Inner>() == size_of::<Self>());
assert!(size_of::<*mut Inner>() == size_of::<*mut Self>()); assert!(align_of::<Inner>() == align_of::<Self>());
assert!(align_of::<*mut Inner>() == align_of::<*mut Self>());
// SAFETY: The unsafe contract requires that these two have // SAFETY: The unsafe contract requires that these two have
// identical representations (size and alignment). // identical representations (size and alignment).
unsafe {
core::slice::from_raw_parts_mut(s.as_mut_ptr() as *mut Inner, s.len()) core::slice::from_raw_parts_mut(s.as_mut_ptr() as *mut Inner, s.len())
} }
} }