pub struct Assume {
pub alignment: bool,
pub lifetimes: bool,
pub safety: bool,
pub validity: bool,
}
transmutability
)dep_bytemuck
only.Expand description
Configurable proof assumptions of TransmuteFrom
.
When false
, the respective proof obligation belongs to the compiler. When
true
, the onus of the safety proof belongs to the programmer.
Fields§
§alignment: bool
transmutability
)When false
, TransmuteFrom
is not implemented for transmutations
that might violate the alignment requirements of references; e.g.:
#![feature(transmutability)]
use core::mem::{align_of, TransmuteFrom};
assert_eq!(align_of::<[u8; 2]>(), 1);
assert_eq!(align_of::<u16>(), 2);
let src: &[u8; 2] = &[0xFF, 0xFF];
// SAFETY: No safety obligations.
let dst: &u16 = unsafe {
<_ as TransmuteFrom<_>>::transmute(src)
};
When true
, TransmuteFrom
assumes that you have ensured
that references in the transmuted value satisfy the alignment
requirements of their referent types; e.g.:
#![feature(pointer_is_aligned_to, transmutability)]
use core::mem::{align_of, Assume, TransmuteFrom};
let src: &[u8; 2] = &[0xFF, 0xFF];
let maybe_dst: Option<&u16> = if <*const _>::is_aligned_to(src, align_of::<u16>()) {
// SAFETY: We have checked above that the address of `src` satisfies the
// alignment requirements of `u16`.
Some(unsafe {
<_ as TransmuteFrom<_, { Assume::ALIGNMENT }>>::transmute(src)
})
} else {
None
};
assert!(matches!(maybe_dst, Some(&u16::MAX) | None));
lifetimes: bool
transmutability
)When false
, TransmuteFrom
is not implemented for transmutations
that extend the lifetimes of references.
When true
, TransmuteFrom
assumes that you have ensured that
references in the transmuted value do not outlive their referents.
safety: bool
transmutability
)When false
, TransmuteFrom
is not implemented for transmutations
that might violate the library safety invariants of the destination
type; e.g.:
#![feature(transmutability)]
use core::mem::TransmuteFrom;
let src: u8 = 3;
struct EvenU8 {
// SAFETY: `val` must be an even number.
val: u8,
}
// SAFETY: No safety obligations.
let dst: EvenU8 = unsafe {
<_ as TransmuteFrom<_>>::transmute(src)
};
When true
, TransmuteFrom
assumes that you have ensured
that undefined behavior does not arise from using the transmuted value;
e.g.:
#![feature(transmutability)]
use core::mem::{Assume, TransmuteFrom};
let src: u8 = 42;
struct EvenU8 {
// SAFETY: `val` must be an even number.
val: u8,
}
let maybe_dst: Option<EvenU8> = if src % 2 == 0 {
// SAFETY: We have checked above that the value of `src` is even.
Some(unsafe {
<_ as TransmuteFrom<_, { Assume::SAFETY }>>::transmute(src)
})
} else {
None
};
assert!(matches!(maybe_dst, Some(EvenU8 { val: 42 })));
validity: bool
transmutability
)When false
, TransmuteFrom
is not implemented for transmutations
that might violate the language-level bit-validity invariant of the
destination type; e.g.:
#![feature(transmutability)]
use core::mem::TransmuteFrom;
let src: u8 = 3;
// SAFETY: No safety obligations.
let dst: bool = unsafe {
<_ as TransmuteFrom<_>>::transmute(src)
};
When true
, TransmuteFrom
assumes that you have ensured
that the value being transmuted is a bit-valid instance of the
transmuted value; e.g.:
#![feature(transmutability)]
use core::mem::{Assume, TransmuteFrom};
let src: u8 = 1;
let maybe_dst: Option<bool> = if src == 0 || src == 1 {
// SAFETY: We have checked above that the value of `src` is a bit-valid
// instance of `bool`.
Some(unsafe {
<_ as TransmuteFrom<_, { Assume::VALIDITY }>>::transmute(src)
})
} else {
None
};
assert_eq!(maybe_dst, Some(true));
Implementations§
Source§impl Assume
impl Assume
Sourcepub const NOTHING: Assume
🔬This is a nightly-only experimental API. (transmutability
)Available on crate feature std
only.
pub const NOTHING: Assume
transmutability
)std
only.With this, TransmuteFrom
does not assume you have ensured any safety
obligations are met, and relies only upon its own analysis to (dis)prove
transmutability.
Sourcepub const ALIGNMENT: Assume
🔬This is a nightly-only experimental API. (transmutability
)Available on crate feature std
only.
pub const ALIGNMENT: Assume
transmutability
)std
only.With this, TransmuteFrom
assumes only that you have ensured that
references in the transmuted value satisfy the alignment requirements of
their referent types. See Assume::alignment
for examples.
Sourcepub const LIFETIMES: Assume
🔬This is a nightly-only experimental API. (transmutability
)Available on crate feature std
only.
pub const LIFETIMES: Assume
transmutability
)std
only.With this, TransmuteFrom
assumes only that you have ensured that
references in the transmuted value do not outlive their referents. See
Assume::lifetimes
for examples.
Sourcepub const SAFETY: Assume
🔬This is a nightly-only experimental API. (transmutability
)Available on crate feature std
only.
pub const SAFETY: Assume
transmutability
)std
only.With this, TransmuteFrom
assumes only that you have ensured that
undefined behavior does not arise from using the transmuted value. See
Assume::safety
for examples.
Sourcepub const VALIDITY: Assume
🔬This is a nightly-only experimental API. (transmutability
)Available on crate feature std
only.
pub const VALIDITY: Assume
transmutability
)std
only.With this, TransmuteFrom
assumes only that you have ensured that the
value being transmuted is a bit-valid instance of the transmuted value.
See Assume::validity
for examples.
Sourcepub const fn and(self, other_assumptions: Assume) -> Assume
🔬This is a nightly-only experimental API. (transmutability
)Available on crate feature std
only.
pub const fn and(self, other_assumptions: Assume) -> Assume
transmutability
)std
only.Combine the assumptions of self
and other_assumptions
.
This is especially useful for extending Assume
in generic contexts;
e.g.:
#![feature(
adt_const_params,
generic_const_exprs,
pointer_is_aligned_to,
transmutability,
)]
#![allow(incomplete_features)]
use core::mem::{align_of, Assume, TransmuteFrom};
/// Attempts to transmute `src` to `&Dst`.
///
/// Returns `None` if `src` violates the alignment requirements of `&Dst`.
///
/// # Safety
///
/// The caller guarantees that the obligations required by `ASSUME`, except
/// alignment, are satisfied.
unsafe fn try_transmute_ref<'a, Src, Dst, const ASSUME: Assume>(src: &'a Src) -> Option<&'a Dst>
where
&'a Dst: TransmuteFrom<&'a Src, { ASSUME.and(Assume::ALIGNMENT) }>,
{
if <*const _>::is_aligned_to(src, align_of::<Dst>()) {
// SAFETY: By the above dynamic check, we have ensured that the address
// of `src` satisfies the alignment requirements of `&Dst`. By contract
// on the caller, the safety obligations required by `ASSUME` have also
// been satisfied.
Some(unsafe {
<_ as TransmuteFrom<_, { ASSUME.and(Assume::ALIGNMENT) }>>::transmute(src)
})
} else {
None
}
}
let src: &[u8; 2] = &[0xFF, 0xFF];
// SAFETY: No safety obligations.
let maybe_dst: Option<&u16> = unsafe {
try_transmute_ref::<_, _, { Assume::NOTHING }>(src)
};
Sourcepub const fn but_not(self, other_assumptions: Assume) -> Assume
🔬This is a nightly-only experimental API. (transmutability
)Available on crate feature std
only.
pub const fn but_not(self, other_assumptions: Assume) -> Assume
transmutability
)std
only.Remove other_assumptions
the obligations of self
; e.g.:
#![feature(transmutability)]
use core::mem::Assume;
let assumptions = Assume::ALIGNMENT.and(Assume::SAFETY);
let to_be_removed = Assume::SAFETY.and(Assume::VALIDITY);
assert_eq!(
assumptions.but_not(to_be_removed),
Assume::ALIGNMENT,
);
Trait Implementations§
impl ConstParamTy_ for Assume
impl Copy for Assume
impl Eq for Assume
impl StructuralPartialEq for Assume
impl UnsizedConstParamTy for Assume
Auto Trait Implementations§
impl Freeze for Assume
impl RefUnwindSafe for Assume
impl Send for Assume
impl Sync for Assume
impl Unpin for Assume
impl UnwindSafe for Assume
Blanket Implementations§
§impl<T> ArchivePointee for T
impl<T> ArchivePointee for T
§type ArchivedMetadata = ()
type ArchivedMetadata = ()
§fn pointer_metadata(
_: &<T as ArchivePointee>::ArchivedMetadata,
) -> <T as Pointee>::Metadata
fn pointer_metadata( _: &<T as ArchivePointee>::ArchivedMetadata, ) -> <T as Pointee>::Metadata
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> ByteSized for T
impl<T> ByteSized for T
Source§const BYTE_ALIGN: usize = _
const BYTE_ALIGN: usize = _
Source§fn byte_align(&self) -> usize ⓘ
fn byte_align(&self) -> usize ⓘ
Source§fn ptr_size_ratio(&self) -> [usize; 2]
fn ptr_size_ratio(&self) -> [usize; 2]
Source§impl<T, R> Chain<R> for Twhere
T: ?Sized,
impl<T, R> Chain<R> for Twhere
T: ?Sized,
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key
and return true
if they are equal.Source§impl<T> ExtAny for T
impl<T> ExtAny for T
Source§fn as_any_mut(&mut self) -> &mut dyn Anywhere
Self: Sized,
fn as_any_mut(&mut self) -> &mut dyn Anywhere
Self: Sized,
Source§impl<T> ExtMem for Twhere
T: ?Sized,
impl<T> ExtMem for Twhere
T: ?Sized,
Source§const NEEDS_DROP: bool = _
const NEEDS_DROP: bool = _
Source§fn mem_align_of<T>() -> usize ⓘ
fn mem_align_of<T>() -> usize ⓘ
Source§fn mem_align_of_val(&self) -> usize ⓘ
fn mem_align_of_val(&self) -> usize ⓘ
Source§fn mem_size_of_val(&self) -> usize ⓘ
fn mem_size_of_val(&self) -> usize ⓘ
Source§fn mem_needs_drop(&self) -> bool
fn mem_needs_drop(&self) -> bool
true
if dropping values of this type matters. Read moreSource§fn mem_forget(self)where
Self: Sized,
fn mem_forget(self)where
Self: Sized,
self
without running its destructor. Read moreSource§fn mem_replace(&mut self, other: Self) -> Selfwhere
Self: Sized,
fn mem_replace(&mut self, other: Self) -> Selfwhere
Self: Sized,
Source§unsafe fn mem_zeroed<T>() -> T
unsafe fn mem_zeroed<T>() -> T
unsafe_layout
only.T
represented by the all-zero byte-pattern. Read moreSource§unsafe fn mem_transmute_copy<Src, Dst>(src: &Src) -> Dst
unsafe fn mem_transmute_copy<Src, Dst>(src: &Src) -> Dst
unsafe_layout
only.T
represented by the all-zero byte-pattern. Read moreSource§fn mem_as_bytes(&self) -> &[u8] ⓘ
fn mem_as_bytes(&self) -> &[u8] ⓘ
unsafe_slice
only.§impl<S> FromSample<S> for S
impl<S> FromSample<S> for S
fn from_sample_(s: S) -> S
Source§impl<T> Hook for T
impl<T> Hook for T
§impl<T> Instrument for T
impl<T> Instrument for T
§fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
§fn in_current_span(self) -> Instrumented<Self> ⓘ
fn in_current_span(self) -> Instrumented<Self> ⓘ
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self> ⓘ
fn into_either(self, into_left: bool) -> Either<Self, Self> ⓘ
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self> ⓘ
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self> ⓘ
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more§impl<F, T> IntoSample<T> for Fwhere
T: FromSample<F>,
impl<F, T> IntoSample<T> for Fwhere
T: FromSample<F>,
fn into_sample(self) -> T
§impl<T> LayoutRaw for T
impl<T> LayoutRaw for T
§fn layout_raw(_: <T as Pointee>::Metadata) -> Result<Layout, LayoutError> ⓘ
fn layout_raw(_: <T as Pointee>::Metadata) -> Result<Layout, LayoutError> ⓘ
§impl<T, N1, N2> Niching<NichedOption<T, N1>> for N2
impl<T, N1, N2> Niching<NichedOption<T, N1>> for N2
§unsafe fn is_niched(niched: *const NichedOption<T, N1>) -> bool
unsafe fn is_niched(niched: *const NichedOption<T, N1>) -> bool
§fn resolve_niched(out: Place<NichedOption<T, N1>>)
fn resolve_niched(out: Place<NichedOption<T, N1>>)
out
indicating that a T
is niched.