[WIP][pointer] Support generic TransmuteFrom

Makes progress on #1122

Author: joshlf

src/impls.rs

@@ -443,13 +443,13 @@ mod atomics {
     use super::*;
 
     macro_rules! impl_traits_for_atomics {
-        ($($atomics:ident),* $(,)?) => {
+        ($($atomics:ident[$repr:ty]),* $(,)?) => {
             $(
                 impl_known_layout!($atomics);
-                impl_for_transparent_wrapper!(=> TryFromBytes for $atomics);
-                impl_for_transparent_wrapper!(=> FromZeros for $atomics);
-                impl_for_transparent_wrapper!(=> FromBytes for $atomics);
-                impl_for_transparent_wrapper!(=> IntoBytes for $atomics);
+                impl_for_transmute_from!(=> TryFromBytes for $atomics[$repr]);
+                impl_for_transmute_from!(=> FromZeros for $atomics[$repr]);
+                impl_for_transmute_from!(=> FromBytes for $atomics[$repr]);
+                impl_for_transmute_from!(=> IntoBytes for $atomics[$repr]);
             )*
         };
     }
@@ -461,13 +461,13 @@ mod atomics {
 
         use super::*;
 
-        impl_traits_for_atomics!(AtomicU8, AtomicI8);
+        impl_traits_for_atomics!(AtomicU8[u8], AtomicI8[i8]);
 
         impl_known_layout!(AtomicBool);
 
-        impl_for_transparent_wrapper!(=> TryFromBytes for AtomicBool);
-        impl_for_transparent_wrapper!(=> FromZeros for AtomicBool);
-        impl_for_transparent_wrapper!(=> IntoBytes for AtomicBool);
+        impl_for_transmute_from!(=> TryFromBytes for AtomicBool[bool]);
+        impl_for_transmute_from!(=> FromZeros for AtomicBool[bool]);
+        impl_for_transmute_from!(=> IntoBytes for AtomicBool[bool]);
 
         safety_comment! {
             /// SAFETY:
@@ -497,7 +497,7 @@ mod atomics {
             /// SAFETY:
             /// All of these pass an atomic type and that type's native equivalent, as
             /// required by the macro safety preconditions.
-            unsafe_impl_transparent_wrapper_for_atomic!(AtomicU8 [u8], AtomicI8 [i8], AtomicBool [bool]);
+            unsafe_impl_transmute_from_for_atomic!(AtomicU8 [u8], AtomicI8 [i8], AtomicBool [bool]);
         }
     }
 
@@ -508,13 +508,13 @@ mod atomics {
 
         use super::*;
 
-        impl_traits_for_atomics!(AtomicU16, AtomicI16);
+        impl_traits_for_atomics!(AtomicU16[u16], AtomicI16[i16]);
 
         safety_comment! {
             /// SAFETY:
             /// All of these pass an atomic type and that type's native equivalent, as
             /// required by the macro safety preconditions.
-            unsafe_impl_transparent_wrapper_for_atomic!(AtomicU16 [u16], AtomicI16 [i16]);
+            unsafe_impl_transmute_from_for_atomic!(AtomicU16 [u16], AtomicI16 [i16]);
         }
     }
 
@@ -525,13 +525,13 @@ mod atomics {
 
         use super::*;
 
-        impl_traits_for_atomics!(AtomicU32, AtomicI32);
+        impl_traits_for_atomics!(AtomicU32[u32], AtomicI32[i32]);
 
         safety_comment! {
             /// SAFETY:
             /// All of these pass an atomic type and that type's native equivalent, as
             /// required by the macro safety preconditions.
-            unsafe_impl_transparent_wrapper_for_atomic!(AtomicU32 [u32], AtomicI32 [i32]);
+            unsafe_impl_transmute_from_for_atomic!(AtomicU32 [u32], AtomicI32 [i32]);
         }
     }
 
@@ -542,13 +542,13 @@ mod atomics {
 
         use super::*;
 
-        impl_traits_for_atomics!(AtomicU64, AtomicI64);
+        impl_traits_for_atomics!(AtomicU64[u64], AtomicI64[i64]);
 
         safety_comment! {
             /// SAFETY:
             /// All of these pass an atomic type and that type's native equivalent, as
             /// required by the macro safety preconditions.
-            unsafe_impl_transparent_wrapper_for_atomic!(AtomicU64 [u64], AtomicI64 [i64]);
+            unsafe_impl_transmute_from_for_atomic!(AtomicU64 [u64], AtomicI64 [i64]);
         }
     }
 
@@ -559,21 +559,21 @@ mod atomics {
 
         use super::*;
 
-        impl_traits_for_atomics!(AtomicUsize, AtomicIsize);
+        impl_traits_for_atomics!(AtomicUsize[usize], AtomicIsize[isize]);
 
         impl_known_layout!(T => AtomicPtr<T>);
 
         // TODO(#170): Implement `FromBytes` and `IntoBytes` once we implement
         // those traits for `*mut T`.
-        impl_for_transparent_wrapper!(T => TryFromBytes for AtomicPtr<T>);
-        impl_for_transparent_wrapper!(T => FromZeros for AtomicPtr<T>);
+        impl_for_transmute_from!(T => TryFromBytes for AtomicPtr<T>[*mut T]);
+        impl_for_transmute_from!(T => FromZeros for AtomicPtr<T>[*mut T]);
 
         safety_comment! {
             /// SAFETY:
             /// This passes an atomic type and that type's native equivalent, as
             /// required by the macro safety preconditions.
-            unsafe_impl_transparent_wrapper_for_atomic!(AtomicUsize [usize], AtomicIsize [isize]);
-            unsafe_impl_transparent_wrapper_for_atomic!(T => AtomicPtr<T> [*mut T]);
+            unsafe_impl_transmute_from_for_atomic!(AtomicUsize [usize], AtomicIsize [isize]);
+            unsafe_impl_transmute_from_for_atomic!(T => AtomicPtr<T> [*mut T]);
         }
     }
 }
@@ -603,12 +603,12 @@ safety_comment! {
     assert_unaligned!(PhantomData<()>, PhantomData<u8>, PhantomData<u64>);
 }
 
-impl_for_transparent_wrapper!(T: Immutable => Immutable for Wrapping<T>);
-impl_for_transparent_wrapper!(T: TryFromBytes => TryFromBytes for Wrapping<T>);
-impl_for_transparent_wrapper!(T: FromZeros => FromZeros for Wrapping<T>);
-impl_for_transparent_wrapper!(T: FromBytes => FromBytes for Wrapping<T>);
-impl_for_transparent_wrapper!(T: IntoBytes => IntoBytes for Wrapping<T>);
-impl_for_transparent_wrapper!(T: Unaligned => Unaligned for Wrapping<T>);
+impl_for_transmute_from!(T: Immutable => Immutable for Wrapping<T>[T]);
+impl_for_transmute_from!(T: TryFromBytes => TryFromBytes for Wrapping<T>[T]);
+impl_for_transmute_from!(T: FromZeros => FromZeros for Wrapping<T>[T]);
+impl_for_transmute_from!(T: FromBytes => FromBytes for Wrapping<T>[T]);
+impl_for_transmute_from!(T: IntoBytes => IntoBytes for Wrapping<T>[T]);
+impl_for_transmute_from!(T: Unaligned => Unaligned for Wrapping<T>[T]);
 assert_unaligned!(Wrapping<()>, Wrapping<u8>);
 
 safety_comment! {
@@ -620,22 +620,22 @@ safety_comment! {
     unsafe_impl!(T => FromBytes for MaybeUninit<T>);
 }
 
-impl_for_transparent_wrapper!(T: Immutable => Immutable for MaybeUninit<T>);
-impl_for_transparent_wrapper!(T: Unaligned => Unaligned for MaybeUninit<T>);
+impl_for_transmute_from!(T: Immutable => Immutable for MaybeUninit<T>[T]);
+impl_for_transmute_from!(T: Unaligned => Unaligned for MaybeUninit<T>[T]);
 assert_unaligned!(MaybeUninit<()>, MaybeUninit<u8>);
 
-impl_for_transparent_wrapper!(T: ?Sized + Immutable => Immutable for ManuallyDrop<T>);
-impl_for_transparent_wrapper!(T: ?Sized + TryFromBytes => TryFromBytes for ManuallyDrop<T>);
-impl_for_transparent_wrapper!(T: ?Sized + FromZeros => FromZeros for ManuallyDrop<T>);
-impl_for_transparent_wrapper!(T: ?Sized + FromBytes => FromBytes for ManuallyDrop<T>);
-impl_for_transparent_wrapper!(T: ?Sized + IntoBytes => IntoBytes for ManuallyDrop<T>);
-impl_for_transparent_wrapper!(T: ?Sized + Unaligned => Unaligned for ManuallyDrop<T>);
+impl_for_transmute_from!(T: ?Sized + Immutable => Immutable for ManuallyDrop<T>[T]);
+impl_for_transmute_from!(T: ?Sized + TryFromBytes => TryFromBytes for ManuallyDrop<T>[T]);
+impl_for_transmute_from!(T: ?Sized + FromZeros => FromZeros for ManuallyDrop<T>[T]);
+impl_for_transmute_from!(T: ?Sized + FromBytes => FromBytes for ManuallyDrop<T>[T]);
+impl_for_transmute_from!(T: ?Sized + IntoBytes => IntoBytes for ManuallyDrop<T>[T]);
+impl_for_transmute_from!(T: ?Sized + Unaligned => Unaligned for ManuallyDrop<T>[T]);
 assert_unaligned!(ManuallyDrop<()>, ManuallyDrop<u8>);
 
-impl_for_transparent_wrapper!(T: ?Sized + FromZeros => FromZeros for UnsafeCell<T>);
-impl_for_transparent_wrapper!(T: ?Sized + FromBytes => FromBytes for UnsafeCell<T>);
-impl_for_transparent_wrapper!(T: ?Sized + IntoBytes => IntoBytes for UnsafeCell<T>);
-impl_for_transparent_wrapper!(T: ?Sized + Unaligned => Unaligned for UnsafeCell<T>);
+impl_for_transmute_from!(T: ?Sized + FromZeros => FromZeros for UnsafeCell<T>[T]);
+impl_for_transmute_from!(T: ?Sized + FromBytes => FromBytes for UnsafeCell<T>[T]);
+impl_for_transmute_from!(T: ?Sized + IntoBytes => IntoBytes for UnsafeCell<T>[T]);
+impl_for_transmute_from!(T: ?Sized + Unaligned => Unaligned for UnsafeCell<T>[T]);
 assert_unaligned!(UnsafeCell<()>, UnsafeCell<u8>);
 
 // SAFETY: See safety comment in `is_bit_valid` impl.

src/lib.rs

@@ -2718,7 +2718,7 @@ unsafe fn try_read_from<S, T: TryFromBytes>(
     // We use `from_mut` despite not mutating via `c_ptr` so that we don't need
     // to add a `T: Immutable` bound.
     let c_ptr = Ptr::from_mut(&mut candidate);
-    let c_ptr = c_ptr.transparent_wrapper_into_inner();
+    let c_ptr = c_ptr.transmute();
     // SAFETY: `c_ptr` has no uninitialized sub-ranges because it derived from
     // `candidate`, which the caller promises is entirely initialized.
     let c_ptr = unsafe { c_ptr.assume_validity::<invariant::Initialized>() };

src/pointer/invariant.rs

@@ -13,6 +13,8 @@
 //! Invariants are encoded as ([`Aliasing`], [`Alignment`], [`Validity`])
 //! triples implementing the [`Invariants`] trait.
 
+use super::*;
+
 /// The invariants of a [`Ptr`][super::Ptr].
 pub trait Invariants: Sealed {
     type Aliasing: Aliasing;
@@ -88,7 +90,14 @@ pub trait Validity: Sealed {
 ///
 /// Given `A: Reference`, callers may assume that either `A = Shared` or `A =
 /// Exclusive`.
-pub trait Reference: Aliasing + Sealed {}
+pub trait Reference: Aliasing + Sealed {
+    fn with<'a, T, I, S, E, O>(ptr: Ptr<'a, T, I>, shared: S, exclusive: E) -> O
+    where
+        T: 'a + ?Sized,
+        I: Invariants<Aliasing = Self>,
+        S: FnOnce(Ptr<'a, T, I::WithAliasing<Shared>>) -> O,
+        E: FnOnce(Ptr<'a, T, I::WithAliasing<Exclusive>>) -> O;
+}
 
 /// No requirement - any invariant is allowed.
 pub enum Any {}
@@ -129,7 +138,18 @@ impl Aliasing for Shared {
     type Variance<'a, T: 'a + ?Sized> = &'a T;
     type MappedTo<M: AliasingMapping> = M::FromShared;
 }
-impl Reference for Shared {}
+impl Reference for Shared {
+    #[inline(always)]
+    fn with<'a, T, I, S, E, O>(ptr: Ptr<'a, T, I>, shared: S, _exclusive: E) -> O
+    where
+        T: 'a + ?Sized,
+        I: Invariants<Aliasing = Shared>,
+        S: FnOnce(Ptr<'a, T, I::WithAliasing<Shared>>) -> O,
+        E: FnOnce(Ptr<'a, T, I::WithAliasing<Exclusive>>) -> O,
+    {
+        shared(ptr.unify_invariants())
+    }
+}
 
 /// The `Ptr<'a, T>` adheres to the aliasing rules of a `&'a mut T`.
 ///
@@ -142,10 +162,21 @@ impl Aliasing for Exclusive {
     type Variance<'a, T: 'a + ?Sized> = &'a mut T;
     type MappedTo<M: AliasingMapping> = M::FromExclusive;
 }
-impl Reference for Exclusive {}
+impl Reference for Exclusive {
+    #[inline(always)]
+    fn with<'a, T, I, S, E, O>(ptr: Ptr<'a, T, I>, _shared: S, exclusive: E) -> O
+    where
+        T: 'a + ?Sized,
+        I: Invariants<Aliasing = Exclusive>,
+        S: FnOnce(Ptr<'a, T, I::WithAliasing<Shared>>) -> O,
+        E: FnOnce(Ptr<'a, T, I::WithAliasing<Exclusive>>) -> O,
+    {
+        exclusive(ptr.unify_invariants())
+    }
+}
 
-/// The referent is aligned: for `Ptr<T>`, the referent's address is a
-/// multiple of the `T`'s alignment.
+/// The referent is aligned: for `Ptr<T>`, the referent's address is a multiple
+/// of the `T`'s alignment.
 pub enum Aligned {}
 impl Alignment for Aligned {
     type MappedTo<M: AlignmentMapping> = M::FromAligned;
@@ -182,8 +213,8 @@ impl Validity for AsInitialized {
     type MappedTo<M: ValidityMapping> = M::FromAsInitialized;
 }
 
-/// The byte ranges in the referent are fully initialized. In other words, if
-/// the referent is `N` bytes long, then it contains a bit-valid `[u8; N]`.
+/// The byte ranges in the referent are fully initialized. In other words,
+/// if the referent is `N` bytes long, then it contains a bit-valid `[u8; N]`.
 pub enum Initialized {}
 impl Validity for Initialized {
     type MappedTo<M: ValidityMapping> = M::FromInitialized;
@@ -296,6 +327,32 @@ pub use mapping::*;
 mod mapping {
     use super::*;
 
+    pub trait Mapping {
+        type Aliasing: AliasingMapping;
+        type Alignment: AlignmentMapping;
+        type Validity: ValidityMapping;
+    }
+
+    // TODO: How to make this less error prone? Right now, e.g.,
+    // `(Preserved, Any, Preserved)` and `(Any, Preserved, Preserved)` both
+    // implement `Mapping`, and it's not clear from the definition which
+    // order the invariants come in.
+    //
+    // First attempt was to do `Mapping for ((Aliasing, A), (Alignment, AA),
+    // (Validity, V))`, but not all of `Aliasing`, `Alignment`, and
+    // `Validity` are object safe.
+    impl<A: AliasingMapping, AA: AlignmentMapping, V: ValidityMapping> Mapping for (A, AA, V) {
+        type Aliasing = A;
+        type Alignment = AA;
+        type Validity = V;
+    }
+
+    impl Mapping for Preserved {
+        type Aliasing = Preserved;
+        type Alignment = Preserved;
+        type Validity = Preserved;
+    }
+
     pub trait AliasingMapping {
         type FromAny: Aliasing;
         type FromShared: Aliasing;
@@ -314,6 +371,16 @@ mod mapping {
         type FromValid: Validity;
     }
 
+    // TODO: Better name?
+    pub enum Preserved {}
+
+    #[allow(type_alias_bounds)]
+    pub type Mapped<I: Invariants, M: Mapping> = (
+        MappedAliasing<I::Aliasing, M::Aliasing>,
+        MappedAlignment<I::Alignment, M::Alignment>,
+        MappedValidity<I::Validity, M::Validity>,
+    );
+
     #[allow(type_alias_bounds)]
     pub type MappedAliasing<I: Aliasing, M: AliasingMapping> = I::MappedTo<M>;
 
@@ -331,13 +398,42 @@ mod mapping {
         type FromExclusive = FromExclusive;
     }
 
+    pub enum UnsafeCellMismatch {}
+
+    impl AliasingMapping for UnsafeCellMismatch {
+        type FromAny = Any;
+        type FromShared = Any;
+        type FromExclusive = Exclusive;
+    }
+
+    impl AliasingMapping for Preserved {
+        type FromAny = Any;
+        type FromShared = Shared;
+        type FromExclusive = Exclusive;
+    }
+
     impl<FromAny: Alignment, FromAligned: Alignment> AlignmentMapping
-        for ((Any, FromAny), (Shared, FromAligned))
+        for ((Any, FromAny), (Aligned, FromAligned))
     {
         type FromAny = FromAny;
         type FromAligned = FromAligned;
     }
 
+    impl AlignmentMapping for Any {
+        type FromAny = Any;
+        type FromAligned = Any;
+    }
+
+    impl AlignmentMapping for Preserved {
+        type FromAny = Any;
+        type FromAligned = Aligned;
+    }
+
+    impl AlignmentMapping for Aligned {
+        type FromAny = Aligned;
+        type FromAligned = Aligned;
+    }
+
     impl<
             FromAny: Validity,
             FromAsInitialized: Validity,
@@ -363,4 +459,39 @@ mod mapping {
         type FromInitialized = FromInitialized;
         type FromValid = Any;
     }
+
+    impl ValidityMapping for Any {
+        type FromAny = Any;
+        type FromAsInitialized = Any;
+        type FromInitialized = Any;
+        type FromValid = Any;
+    }
+
+    impl ValidityMapping for Preserved {
+        type FromAny = Any;
+        type FromAsInitialized = AsInitialized;
+        type FromInitialized = Initialized;
+        type FromValid = Valid;
+    }
+
+    impl ValidityMapping for AsInitialized {
+        type FromAny = AsInitialized;
+        type FromAsInitialized = AsInitialized;
+        type FromInitialized = AsInitialized;
+        type FromValid = AsInitialized;
+    }
+
+    impl ValidityMapping for Initialized {
+        type FromAny = Initialized;
+        type FromAsInitialized = Initialized;
+        type FromInitialized = Initialized;
+        type FromValid = Initialized;
+    }
+
+    impl ValidityMapping for Valid {
+        type FromAny = Valid;
+        type FromAsInitialized = Valid;
+        type FromInitialized = Valid;
+        type FromValid = Valid;
+    }
 }