Skip to content

transmutability: Support types with restricted validity ranges #148449

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+144 −9
Open

transmutability: Support types with restricted validity ranges #148449

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 38 additions & 9 deletions compiler/rustc_transmute/src/layout/tree.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -330,7 +330,7 @@ pub(crate) mod rustc {
.fold(Tree::unit(), |tree, elt| tree.then(elt)))
}

ty::Adt(adt_def, _args_ref) if !ty.is_box() => {
ty::Adt(adt_def, args_ref) if !ty.is_box() => {
let (lo, hi) = cx.tcx().layout_scalar_valid_range(adt_def.did());

use core::ops::Bound::*;
Expand All @@ -339,14 +339,43 @@ pub(crate) mod rustc {
(AdtKind::Struct, Unbounded, Unbounded) => {
Self::from_struct((ty, layout), *adt_def, cx)
}
(AdtKind::Struct, Included(1), Included(_hi)) if is_transparent => {
// FIXME(@joshlf): Support `NonZero` types:
// - Check to make sure that the first field is
// numerical
// - Check to make sure that the upper bound is the
// maximum value for the field's type
// - Construct `Self::nonzero`
Err(Err::NotYetSupported)
(AdtKind::Struct, Included(1), hi_val) if is_transparent => {
let variant = adt_def.non_enum_variant();
// For now, only support `repr(transparent)` types
// with a single field. Technically
// `repr(transparent)` also works with types with
// any number of zero-sized fields (in addition to
// their single non-zero-sized field), but no such
// types exist in the standard library which also
// use
// `#[rustc_layout_scalar_valid_range_(start|end)]`.
let [field] = &variant.fields.as_slice().raw else {
return Err(Err::NotYetSupported);
};

let field_ty = field.ty(cx.tcx(), args_ref);

let field_layout = layout_of(cx, field_ty)?;
let field_size = field_layout.size;

let max_value = (1u128 << field_size.bits()) - 1;
let hi_val = match hi_val {
Included(hi_val) => hi_val,
Unbounded => max_value,
Excluded(_) => return Err(Err::NotYetSupported),
};

if hi_val == max_value
&& let ty::Uint(_) = *field_ty.kind()
{
Ok(Self::seq([
Self::def(Def::Adt(adt_def.clone())),
Self::def(Def::Field(field)),
Self::nonzero(field_size.bytes()),
]))
} else {
Err(Err::NotYetSupported)
}
}
(AdtKind::Enum, Unbounded, Unbounded) => {
Self::from_enum((ty, layout), *adt_def, cx)
Expand Down
43 changes: 43 additions & 0 deletions tests/ui/transmutability/nonzero.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
#![feature(transmutability)]
#![feature(rustc_attrs)]
#![allow(dead_code)]

mod assert {
use std::mem::{Assume, TransmuteFrom};

pub fn is_transmutable_assume_nothing<Src, Dst>()
where
Dst: TransmuteFrom<Src, { Assume::NOTHING }>,
Copy link
Member

@jswrenn jswrenn Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You probably want to Assume::SAFETY here, otherwise you're just getting sniped by field privacy.

Copy link
Contributor Author

@joshlf joshlf Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't look like it – see the .stderr output.

Copy link
Member

@jswrenn jswrenn Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well that's not good; indicates we need to thread in the field visibility.

Copy link
Contributor Author

@joshlf joshlf Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done – added a test to make sure we don't regress this.

Copy link
Member

@jswrenn jswrenn Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While you're poking around here, can you check that we didn't regress this on regular structs too? I think we might've.

Copy link
Contributor Author

@joshlf joshlf Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do the existing tests in the safety directory cover this?

{
}

pub fn is_transmutable_assume_safety<Src, Dst>()
where
Dst: TransmuteFrom<Src, { Assume::SAFETY }>,
{
}
}

fn main() {
// FIXME: Replace this with `core::num::NonZeroU8` once we support it.
#[rustc_layout_scalar_valid_range_start(1)]
#[repr(transparent)]
struct NonZeroU8(u8);

// FIXME: Replace this with `core::num::NonZeroU16` once we support it.
#[rustc_layout_scalar_valid_range_start(1)]
#[repr(transparent)]
struct NonZeroU16(u16);

assert::is_transmutable_assume_safety::<u8, NonZeroU8>(); //~ ERROR: cannot be safely transmuted
assert::is_transmutable_assume_safety::<NonZeroU8, u8>();

assert::is_transmutable_assume_nothing::<NonZeroU8, NonZeroU8>(); //~ ERROR: cannot be safely transmuted
assert::is_transmutable_assume_safety::<NonZeroU8, NonZeroU8>();

assert::is_transmutable_assume_safety::<u16, NonZeroU16>(); //~ ERROR: cannot be safely transmuted
assert::is_transmutable_assume_safety::<NonZeroU16, u16>();

assert::is_transmutable_assume_nothing::<NonZeroU16, NonZeroU16>(); //~ ERROR: cannot be safely transmuted
assert::is_transmutable_assume_safety::<NonZeroU16, NonZeroU16>();
}
63 changes: 63 additions & 0 deletions tests/ui/transmutability/nonzero.stderr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
error[E0277]: `u8` cannot be safely transmuted into `NonZeroU8`
--> $DIR/nonzero.rs:32:49
|
LL | assert::is_transmutable_assume_safety::<u8, NonZeroU8>();
| ^^^^^^^^^ at least one value of `u8` isn't a bit-valid value of `NonZeroU8`
|
note: required by a bound in `is_transmutable_assume_safety`
--> $DIR/nonzero.rs:16:14
|
LL | pub fn is_transmutable_assume_safety<Src, Dst>()
| ----------------------------- required by a bound in this function
LL | where
LL | Dst: TransmuteFrom<Src, { Assume::SAFETY }>,
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `is_transmutable_assume_safety`

error[E0277]: `NonZeroU8` cannot be safely transmuted into `NonZeroU8`
--> $DIR/nonzero.rs:35:57
|
LL | assert::is_transmutable_assume_nothing::<NonZeroU8, NonZeroU8>();
| ^^^^^^^^^ `NonZeroU8` may carry safety invariants
|
note: required by a bound in `is_transmutable_assume_nothing`
--> $DIR/nonzero.rs:10:14
|
LL | pub fn is_transmutable_assume_nothing<Src, Dst>()
| ------------------------------ required by a bound in this function
LL | where
LL | Dst: TransmuteFrom<Src, { Assume::NOTHING }>,
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `is_transmutable_assume_nothing`

error[E0277]: `u16` cannot be safely transmuted into `NonZeroU16`
--> $DIR/nonzero.rs:38:50
|
LL | assert::is_transmutable_assume_safety::<u16, NonZeroU16>();
| ^^^^^^^^^^ at least one value of `u16` isn't a bit-valid value of `NonZeroU16`
|
note: required by a bound in `is_transmutable_assume_safety`
--> $DIR/nonzero.rs:16:14
|
LL | pub fn is_transmutable_assume_safety<Src, Dst>()
| ----------------------------- required by a bound in this function
LL | where
LL | Dst: TransmuteFrom<Src, { Assume::SAFETY }>,
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `is_transmutable_assume_safety`

error[E0277]: `NonZeroU16` cannot be safely transmuted into `NonZeroU16`
--> $DIR/nonzero.rs:41:58
|
LL | assert::is_transmutable_assume_nothing::<NonZeroU16, NonZeroU16>();
| ^^^^^^^^^^ `NonZeroU16` may carry safety invariants
|
note: required by a bound in `is_transmutable_assume_nothing`
--> $DIR/nonzero.rs:10:14
|
LL | pub fn is_transmutable_assume_nothing<Src, Dst>()
| ------------------------------ required by a bound in this function
LL | where
LL | Dst: TransmuteFrom<Src, { Assume::NOTHING }>,
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `is_transmutable_assume_nothing`

error: aborting due to 4 previous errors

For more information about this error, try `rustc --explain E0277`.
Loading