From 8251b9b95e6184e368dbf213991cf165d868885a Mon Sep 17 00:00:00 2001 From: Jack Wrenn Date: Sat, 3 Jul 2021 12:18:13 -0400 Subject: [PATCH 1/3] Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null --- core/src/mem/mod.rs | 4 ++++ core/src/mem/transmutability.rs | 39 +++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 core/src/mem/transmutability.rs diff --git a/core/src/mem/mod.rs b/core/src/mem/mod.rs index 234fa213d..add65a3be 100644 --- a/core/src/mem/mod.rs +++ b/core/src/mem/mod.rs @@ -27,6 +27,10 @@ mod valid_align; // alignment as a parameter, such as `Layout::padding_needed_for`. pub(crate) use valid_align::ValidAlign; +mod transmutability; +#[unstable(feature = "transmutability", issue = "none")] +pub use transmutability::{Assume, BikeshedIntrinsicFrom}; + #[stable(feature = "rust1", since = "1.0.0")] #[doc(inline)] pub use crate::intrinsics::transmute; diff --git a/core/src/mem/transmutability.rs b/core/src/mem/transmutability.rs new file mode 100644 index 000000000..52342f8a0 --- /dev/null +++ b/core/src/mem/transmutability.rs @@ -0,0 +1,39 @@ +/// Are values of a type transmutable into values of another type? +/// +/// This trait is implemented on-the-fly by the compiler for types `Src` and `Self` when the bits of +/// any value of type `Self` are safely transmutable into a value of type `Dst`, in a given `Context`, +/// notwithstanding whatever safety checks you have asked the compiler to [`Assume`] are satisfied. +#[unstable(feature = "transmutability", issue = "none")] +#[cfg_attr(not(bootstrap), lang = "transmute_trait")] +pub unsafe trait BikeshedIntrinsicFrom< + Src, + Context, + const ASSUME_ALIGNMENT: bool, + const ASSUME_LIFETIMES: bool, + const ASSUME_VALIDITY: bool, + const ASSUME_VISIBILITY: bool, +> where + Src: ?Sized, +{ +} + +/// What transmutation safety conditions shall the compiler assume that *you* are checking? +#[unstable(feature = "transmutability", issue = "none")] +#[derive(PartialEq, Eq, Clone, Copy, Debug)] +pub struct Assume { + /// When `true`, the compiler assumes that *you* are ensuring (either dynamically or statically) that + /// destination referents do not have stricter alignment requirements than source referents. + pub alignment: bool, + + /// When `true`, the compiler assume that *you* are ensuring that lifetimes are not extended in a manner + /// that violates Rust's memory model. + pub lifetimes: bool, + + /// When `true`, the compiler assumes that *you* are ensuring that the source type is actually a valid + /// instance of the destination type. + pub validity: bool, + + /// When `true`, the compiler assumes that *you* have ensured that it is safe for you to violate the + /// type and field privacy of the destination type (and sometimes of the source type, too). + pub visibility: bool, +} From cf4bdd06db7faf7e8e7fb43c2d3e5f3a8bf608e5 Mon Sep 17 00:00:00 2001 From: Jack Wrenn Date: Thu, 21 Jul 2022 17:53:01 +0000 Subject: [PATCH 2/3] safe transmute: add `rustc_on_unimplemented` to `BikeshedIntrinsicFrom` ref: https://github.com/rust-lang/rust/pull/92268#discussion_r925266583 --- core/src/mem/transmutability.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/core/src/mem/transmutability.rs b/core/src/mem/transmutability.rs index 52342f8a0..820a7582b 100644 --- a/core/src/mem/transmutability.rs +++ b/core/src/mem/transmutability.rs @@ -5,6 +5,10 @@ /// notwithstanding whatever safety checks you have asked the compiler to [`Assume`] are satisfied. #[unstable(feature = "transmutability", issue = "none")] #[cfg_attr(not(bootstrap), lang = "transmute_trait")] +#[rustc_on_unimplemented( + message = "`{Src}` cannot be safely transmuted into `{Self}` in the defining scope of `{Context}`.", + label = "`{Src}` cannot be safely transmuted into `{Self}` in the defining scope of `{Context}`." +)] pub unsafe trait BikeshedIntrinsicFrom< Src, Context, From 2d04c50933d52661c1a04df4e170d02e94bf3086 Mon Sep 17 00:00:00 2001 From: Jack Wrenn Date: Thu, 21 Jul 2022 18:18:36 +0000 Subject: [PATCH 3/3] safe transmute: reference tracking issue ref: https://github.com/rust-lang/rust/pull/92268#discussion_r925266769 --- core/src/mem/mod.rs | 2 +- core/src/mem/transmutability.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/core/src/mem/mod.rs b/core/src/mem/mod.rs index add65a3be..b1cf5bd92 100644 --- a/core/src/mem/mod.rs +++ b/core/src/mem/mod.rs @@ -28,7 +28,7 @@ mod valid_align; pub(crate) use valid_align::ValidAlign; mod transmutability; -#[unstable(feature = "transmutability", issue = "none")] +#[unstable(feature = "transmutability", issue = "99571")] pub use transmutability::{Assume, BikeshedIntrinsicFrom}; #[stable(feature = "rust1", since = "1.0.0")] diff --git a/core/src/mem/transmutability.rs b/core/src/mem/transmutability.rs index 820a7582b..b59a5b89d 100644 --- a/core/src/mem/transmutability.rs +++ b/core/src/mem/transmutability.rs @@ -3,7 +3,7 @@ /// This trait is implemented on-the-fly by the compiler for types `Src` and `Self` when the bits of /// any value of type `Self` are safely transmutable into a value of type `Dst`, in a given `Context`, /// notwithstanding whatever safety checks you have asked the compiler to [`Assume`] are satisfied. -#[unstable(feature = "transmutability", issue = "none")] +#[unstable(feature = "transmutability", issue = "99571")] #[cfg_attr(not(bootstrap), lang = "transmute_trait")] #[rustc_on_unimplemented( message = "`{Src}` cannot be safely transmuted into `{Self}` in the defining scope of `{Context}`.", @@ -22,7 +22,7 @@ pub unsafe trait BikeshedIntrinsicFrom< } /// What transmutation safety conditions shall the compiler assume that *you* are checking? -#[unstable(feature = "transmutability", issue = "none")] +#[unstable(feature = "transmutability", issue = "99571")] #[derive(PartialEq, Eq, Clone, Copy, Debug)] pub struct Assume { /// When `true`, the compiler assumes that *you* are ensuring (either dynamically or statically) that