Rollup merge of #129657 - jswrenn:transmute-name, r=compiler-errors ยท patricklam/verify-rust-std@5a4fe40 (original) (raw)
`@@ -11,10 +11,10 @@ use crate:๐:{ConstParamTy_, UnsizedConstParamTy};
`
11
11
`///
`
12
12
`/// # Safety
`
13
13
`///
`
14
``
`` -
/// If Dst: BikeshedIntrinsicFrom<Src, ASSUMPTIONS>, the compiler guarantees
``
15
``
`` -
/// that Src is soundly union-transmutable into a value of type Dst,
``
16
``
`-
/// provided that the programmer has guaranteed that the given
`
17
``
`` -
/// ASSUMPTIONS are satisfied.
``
``
14
`` +
/// If Dst: TransmuteFrom<Src, ASSUMPTIONS>, the compiler guarantees that
``
``
15
`` +
/// Src is soundly union-transmutable into a value of type Dst, provided
``
``
16
`` +
/// that the programmer has guaranteed that the given ASSUMPTIONS
``
``
17
`+
/// are satisfied.
`
18
18
`///
`
19
19
`/// A union-transmute is any bit-reinterpretation conversion in the form of:
`
20
20
`///
`
`@@ -47,15 +47,15 @@ use crate:๐:{ConstParamTy_, UnsizedConstParamTy};
`
47
47
```` #[cfg_attr(not(bootstrap), doc = "```rust")]
`48`
`48`
`/// #![feature(transmutability)]
`
`49`
`49`
`///
`
`50`
``
`-
/// use core::mem::{Assume, BikeshedIntrinsicFrom};
`
``
`50`
`+
/// use core::mem::{Assume, TransmuteFrom};
`
`51`
`51`
`///
`
`52`
`52`
`/// let src = 42u8; // size = 1
`
`53`
`53`
`///
`
`54`
`54`
`/// #[repr(C, align(2))]
`
`55`
`55`
`/// struct Dst(u8); // size = 2
`
`56`
`56`
`//
`
`57`
`57`
`/// let _ = unsafe {
`
`58`
``
`-
/// <Dst as BikeshedIntrinsicFrom<u8, { Assume::SAFETY }>>::transmute(src)
`
``
`58`
`+
/// <Dst as TransmuteFrom<u8, { Assume::SAFETY }>>::transmute(src)
`
`59`
`59`
`/// };
`
`60`
`60`
```` /// ```
61
61
`///
`
`@@ -87,7 +87,7 @@ use crate:๐:{ConstParamTy_, UnsizedConstParamTy};
`
87
87
`#[lang = "transmute_trait"]
`
88
88
`#[rustc_deny_explicit_impl(implement_via_object = false)]
`
89
89
`#[rustc_coinductive]
`
90
``
`-
pub unsafe trait BikeshedIntrinsicFrom<Src, const ASSUME: Assume = { Assume::NOTHING }>
`
``
90
`+
pub unsafe trait TransmuteFrom<Src, const ASSUME: Assume = { Assume::NOTHING }>
`
91
91
`where
`
92
92
`Src: ?Sized,
`
93
93
`{
`
`@@ -140,23 +140,21 @@ where
`
140
140
`}
`
141
141
`}
`
142
142
``
143
``
`` -
/// Configurable proof assumptions of [BikeshedIntrinsicFrom].
``
``
143
`` +
/// Configurable proof assumptions of [TransmuteFrom].
``
144
144
`///
`
145
145
`` /// When false, the respective proof obligation belongs to the compiler. When
``
146
146
`` /// true, the onus of the safety proof belongs to the programmer.
``
147
``
`` -
/// [BikeshedIntrinsicFrom].
``
148
147
`#[unstable(feature = "transmutability", issue = "99571")]
`
149
148
`#[lang = "transmute_opts"]
`
150
149
`#[derive(PartialEq, Eq, Clone, Copy, Debug)]
`
151
150
`pub struct Assume {
`
152
``
`` -
/// When false, [BikeshedIntrinsicFrom] is not implemented for
``
153
``
`-
/// transmutations that might violate the the alignment requirements of
`
154
``
`-
/// references; e.g.:
`
``
151
`` +
/// When false, [TransmuteFrom] is not implemented for transmutations
``
``
152
`+
/// that might violate the the alignment requirements of references; e.g.:
`
155
153
`///
`
156
154
```` #[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
`157`
`155`
```` #[cfg_attr(not(bootstrap), doc = "```compile_fail,E0277")]
158
156
`/// #![feature(transmutability)]
`
159
``
`-
/// use core::mem::{align_of, BikeshedIntrinsicFrom};
`
``
157
`+
/// use core::mem::{align_of, TransmuteFrom};
`
160
158
`///
`
161
159
`/// assert_eq!(align_of::<[u8; 2]>(), 1);
`
162
160
`/// assert_eq!(align_of::(), 2);
`
`@@ -165,26 +163,26 @@ pub struct Assume {
`
165
163
`///
`
166
164
`/// // SAFETY: No safety obligations.
`
167
165
`/// let dst: &u16 = unsafe {
`
168
``
`-
/// <_ as BikeshedIntrinsicFrom<_>>::transmute(src)
`
``
166
`+
/// <_ as TransmuteFrom<_>>::transmute(src)
`
169
167
`/// };
`
170
168
```` /// ```
`171`
`169`
`///
`
`172`
``
`` -
/// When `true`, [`BikeshedIntrinsicFrom`] assumes that *you* have ensured
``
``
`170`
`` +
/// When `true`, [`TransmuteFrom`] assumes that *you* have ensured
``
`173`
`171`
`/// that references in the transmuted value satisfy the alignment
`
`174`
`172`
`/// requirements of their referent types; e.g.:
`
`175`
`173`
`///
`
`176`
`174`
```` #[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
177
175
```` #[cfg_attr(not(bootstrap), doc = "```rust")]
`178`
`176`
`/// #![feature(pointer_is_aligned_to, transmutability)]
`
`179`
``
`-
/// use core::mem::{align_of, Assume, BikeshedIntrinsicFrom};
`
``
`177`
`+
/// use core::mem::{align_of, Assume, TransmuteFrom};
`
`180`
`178`
`///
`
`181`
`179`
`/// let src: &[u8; 2] = &[0xFF, 0xFF];
`
`182`
`180`
`///
`
`183`
`181`
`/// let maybe_dst: Option<&u16> = if <*const _>::is_aligned_to(src, align_of::<u16>()) {
`
`184`
`182`
`` /// // SAFETY: We have checked above that the address of `src` satisfies the
``
`185`
`183`
`` /// // alignment requirements of `u16`.
``
`186`
`184`
`/// Some(unsafe {
`
`187`
``
`-
/// <_ as BikeshedIntrinsicFrom<_, { Assume::ALIGNMENT }>>::transmute(src)
`
``
`185`
`+
/// <_ as TransmuteFrom<_, { Assume::ALIGNMENT }>>::transmute(src)
`
`188`
`186`
`/// })
`
`189`
`187`
`/// } else {
`
`190`
`188`
`/// None
`
`@@ -194,21 +192,21 @@ pub struct Assume {
`
`194`
`192`
```` /// ```
195
193
`pub alignment: bool,
`
196
194
``
197
``
`` -
/// When false, [BikeshedIntrinsicFrom] is not implemented for
``
198
``
`-
/// transmutations that extend the lifetimes of references.
`
``
195
`` +
/// When false, [TransmuteFrom] is not implemented for transmutations
``
``
196
`+
/// that extend the lifetimes of references.
`
199
197
`///
`
200
``
`` -
/// When true, [BikeshedIntrinsicFrom] assumes that you have ensured
``
201
``
`-
/// that references in the transmuted value do not outlive their referents.
`
``
198
`` +
/// When true, [TransmuteFrom] assumes that you have ensured that
``
``
199
`+
/// references in the transmuted value do not outlive their referents.
`
202
200
`pub lifetimes: bool,
`
203
201
``
204
``
`` -
/// When false, [BikeshedIntrinsicFrom] is not implemented for
``
205
``
`-
/// transmutations that might violate the library safety invariants of the
`
206
``
`-
/// destination type; e.g.:
`
``
202
`` +
/// When false, [TransmuteFrom] is not implemented for transmutations
``
``
203
`+
/// that might violate the library safety invariants of the destination
`
``
204
`+
/// type; e.g.:
`
207
205
`///
`
208
206
```` #[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
`209`
`207`
```` #[cfg_attr(not(bootstrap), doc = "```compile_fail,E0277")]
210
208
`/// #![feature(transmutability)]
`
211
``
`-
/// use core::mem::BikeshedIntrinsicFrom;
`
``
209
`+
/// use core::mem::TransmuteFrom;
`
212
210
`///
`
213
211
`/// let src: u8 = 3;
`
214
212
`///
`
`@@ -219,18 +217,18 @@ pub struct Assume {
`
219
217
`///
`
220
218
`/// // SAFETY: No safety obligations.
`
221
219
`/// let dst: EvenU8 = unsafe {
`
222
``
`-
/// <_ as BikeshedIntrinsicFrom<_>>::transmute(src)
`
``
220
`+
/// <_ as TransmuteFrom<_>>::transmute(src)
`
223
221
`/// };
`
224
222
```` /// ```
`225`
`223`
`///
`
`226`
``
`` -
/// When `true`, [`BikeshedIntrinsicFrom`] assumes that *you* have ensured
``
``
`224`
`` +
/// When `true`, [`TransmuteFrom`] assumes that *you* have ensured
``
`227`
`225`
`/// that undefined behavior does not arise from using the transmuted value;
`
`228`
`226`
`/// e.g.:
`
`229`
`227`
`///
`
`230`
`228`
```` #[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
231
229
```` #[cfg_attr(not(bootstrap), doc = "```rust")]
`232`
`230`
`/// #![feature(transmutability)]
`
`233`
``
`-
/// use core::mem::{Assume, BikeshedIntrinsicFrom};
`
``
`231`
`+
/// use core::mem::{Assume, TransmuteFrom};
`
`234`
`232`
`///
`
`235`
`233`
`/// let src: u8 = 42;
`
`236`
`234`
`///
`
`@@ -242,7 +240,7 @@ pub struct Assume {
`
`242`
`240`
`/// let maybe_dst: Option<EvenU8> = if src % 2 == 0 {
`
`243`
`241`
`` /// // SAFETY: We have checked above that the value of `src` is even.
``
`244`
`242`
`/// Some(unsafe {
`
`245`
``
`-
/// <_ as BikeshedIntrinsicFrom<_, { Assume::SAFETY }>>::transmute(src)
`
``
`243`
`+
/// <_ as TransmuteFrom<_, { Assume::SAFETY }>>::transmute(src)
`
`246`
`244`
`/// })
`
`247`
`245`
`/// } else {
`
`248`
`246`
`/// None
`
`@@ -252,39 +250,39 @@ pub struct Assume {
`
`252`
`250`
```` /// ```
253
251
`pub safety: bool,
`
254
252
``
255
``
`` -
/// When false, [BikeshedIntrinsicFrom] is not implemented for
``
256
``
`-
/// transmutations that might violate the language-level bit-validity
`
257
``
`-
/// invariant of the destination type; e.g.:
`
``
253
`` +
/// When false, [TransmuteFrom] is not implemented for transmutations
``
``
254
`+
/// that might violate the language-level bit-validity invariant of the
`
``
255
`+
/// destination type; e.g.:
`
258
256
`///
`
259
257
```` #[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
`260`
`258`
```` #[cfg_attr(not(bootstrap), doc = "```compile_fail,E0277")]
261
259
`/// #![feature(transmutability)]
`
262
``
`-
/// use core::mem::BikeshedIntrinsicFrom;
`
``
260
`+
/// use core::mem::TransmuteFrom;
`
263
261
`///
`
264
262
`/// let src: u8 = 3;
`
265
263
`///
`
266
264
`/// // SAFETY: No safety obligations.
`
267
265
`/// let dst: bool = unsafe {
`
268
``
`-
/// <_ as BikeshedIntrinsicFrom<_>>::transmute(src)
`
``
266
`+
/// <_ as TransmuteFrom<_>>::transmute(src)
`
269
267
`/// };
`
270
268
```` /// ```
`271`
`269`
`///
`
`272`
``
`` -
/// When `true`, [`BikeshedIntrinsicFrom`] assumes that *you* have ensured
``
``
`270`
`` +
/// When `true`, [`TransmuteFrom`] assumes that *you* have ensured
``
`273`
`271`
`/// that the value being transmuted is a bit-valid instance of the
`
`274`
`272`
`/// transmuted value; e.g.:
`
`275`
`273`
`///
`
`276`
`274`
```` #[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
277
275
```` #[cfg_attr(not(bootstrap), doc = "```rust")]
````
278
276
`/// #![feature(transmutability)]
`
279
``
`-
/// use core::mem::{Assume, BikeshedIntrinsicFrom};
`
``
277
`+
/// use core::mem::{Assume, TransmuteFrom};
`
280
278
`///
`
281
279
`/// let src: u8 = 1;
`
282
280
`///
`
283
281
`/// let maybe_dst: Option = if src == 0 || src == 1 {
`
284
282
`` /// // SAFETY: We have checked above that the value of src is a bit-valid
``
285
283
`` /// // instance of bool.
``
286
284
`/// Some(unsafe {
`
287
``
`-
/// <_ as BikeshedIntrinsicFrom<_, { Assume::VALIDITY }>>::transmute(src)
`
``
285
`+
/// <_ as TransmuteFrom<_, { Assume::VALIDITY }>>::transmute(src)
`
288
286
`/// })
`
289
287
`/// } else {
`
290
288
`/// None
`
`@@ -301,35 +299,34 @@ impl ConstParamTy_ for Assume {}
`
301
299
`impl UnsizedConstParamTy for Assume {}
`
302
300
``
303
301
`impl Assume {
`
304
``
`` -
/// With this, [BikeshedIntrinsicFrom] does not assume you have ensured
``
305
``
`-
/// any safety obligations are met, and relies only upon its own analysis to
`
306
``
`-
/// (dis)prove transmutability.
`
``
302
`` +
/// With this, [TransmuteFrom] does not assume you have ensured any safety
``
``
303
`+
/// obligations are met, and relies only upon its own analysis to (dis)prove
`
``
304
`+
/// transmutability.
`
307
305
`#[unstable(feature = "transmutability", issue = "99571")]
`
308
306
`pub const NOTHING: Self =
`
309
307
`Self { alignment: false, lifetimes: false, safety: false, validity: false };
`
310
308
``
311
``
`` -
/// With this, [BikeshedIntrinsicFrom] assumes only that you have ensured
``
312
``
`-
/// that references in the transmuted value satisfy the alignment
`
313
``
`` -
/// requirements of their referent types. See [Assume::alignment] for
``
314
``
`-
/// examples.
`
``
309
`` +
/// With this, [TransmuteFrom] assumes only that you have ensured that
``
``
310
`+
/// references in the transmuted value satisfy the alignment requirements of
`
``
311
`` +
/// their referent types. See [Assume::alignment] for examples.
``
315
312
`#[unstable(feature = "transmutability", issue = "99571")]
`
316
313
`pub const ALIGNMENT: Self = Self { alignment: true, ..Self::NOTHING };
`
317
314
``
318
``
`` -
/// With this, [BikeshedIntrinsicFrom] assumes only that you have ensured
``
319
``
`-
/// that references in the transmuted value do not outlive their referents.
`
320
``
`` -
/// See [Assume::lifetimes] for examples.
``
``
315
`` +
/// With this, [TransmuteFrom] assumes only that you have ensured that
``
``
316
`+
/// references in the transmuted value do not outlive their referents. See
`
``
317
`` +
/// [Assume::lifetimes] for examples.
``
321
318
`#[unstable(feature = "transmutability", issue = "99571")]
`
322
319
`pub const LIFETIMES: Self = Self { lifetimes: true, ..Self::NOTHING };
`
323
320
``
324
``
`` -
/// With this, [BikeshedIntrinsicFrom] assumes only that you have ensured
``
325
``
`-
/// that undefined behavior does not arise from using the transmuted value.
`
326
``
`` -
/// See [Assume::safety] for examples.
``
``
321
`` +
/// With this, [TransmuteFrom] assumes only that you have ensured that
``
``
322
`+
/// undefined behavior does not arise from using the transmuted value. See
`
``
323
`` +
/// [Assume::safety] for examples.
``
327
324
`#[unstable(feature = "transmutability", issue = "99571")]
`
328
325
`pub const SAFETY: Self = Self { safety: true, ..Self::NOTHING };
`
329
326
``
330
``
`` -
/// With this, [BikeshedIntrinsicFrom] assumes only that you have ensured
``
331
``
`-
/// that the value being transmuted is a bit-valid instance of the
`
332
``
`` -
/// transmuted value. See [Assume::validity] for examples.
``
``
327
`` +
/// With this, [TransmuteFrom] assumes only that you have ensured that the
``
``
328
`+
/// value being transmuted is a bit-valid instance of the transmuted value.
`
``
329
`` +
/// See [Assume::validity] for examples.
``
333
330
`#[unstable(feature = "transmutability", issue = "99571")]
`
334
331
`pub const VALIDITY: Self = Self { validity: true, ..Self::NOTHING };
`
335
332
``
`@@ -348,7 +345,7 @@ impl Assume {
`
348
345
`/// transmutability,
`
349
346
`/// )]
`
350
347
`/// #![allow(incomplete_features)]
`
351
``
`-
/// use core::mem::{align_of, Assume, BikeshedIntrinsicFrom};
`
``
348
`+
/// use core::mem::{align_of, Assume, TransmuteFrom};
`
352
349
`///
`
353
350
`` /// /// Attempts to transmute src to &Dst.
``
354
351
`/// ///
`
`@@ -360,15 +357,15 @@ impl Assume {
`
360
357
`/// /// alignment, are satisfied.
`
361
358
`/// unsafe fn try_transmute_ref<'a, Src, Dst, const ASSUME: Assume>(src: &'a Src) -> Option<&'a Dst>
`
362
359
`/// where
`
363
``
`-
/// &'a Dst: BikeshedIntrinsicFrom<&'a Src, { ASSUME.and(Assume::ALIGNMENT) }>,
`
``
360
`+
/// &'a Dst: TransmuteFrom<&'a Src, { ASSUME.and(Assume::ALIGNMENT) }>,
`
364
361
`/// {
`
365
362
`/// if <*const _>::is_aligned_to(src, align_of::()) {
`
366
363
`/// // SAFETY: By the above dynamic check, we have ensured that the address
`
367
364
`` /// // of src satisfies the alignment requirements of &Dst. By contract
``
368
365
`` /// // on the caller, the safety obligations required by ASSUME have also
``
369
366
`/// // been satisfied.
`
370
367
`/// Some(unsafe {
`
371
``
`-
/// <_ as BikeshedIntrinsicFrom<_, { ASSUME.and(Assume::ALIGNMENT) }>>::transmute(src)
`
``
368
`+
/// <_ as TransmuteFrom<_, { ASSUME.and(Assume::ALIGNMENT) }>>::transmute(src)
`
372
369
`/// })
`
373
370
`/// } else {
`
374
371
`/// None
`