4949/// # Use in `const` contexts
5050///
5151/// This macro can be invoked in `const` contexts.
52+ // TODO: Update docs to document `#![allow(shrink)]`
5253#[ macro_export]
5354macro_rules! transmute {
54- ( $e: expr) => { {
55- // NOTE: This must be a macro (rather than a function with trait bounds)
56- // because there's no way, in a generic context, to enforce that two
57- // types have the same size. `core::mem::transmute` uses compiler magic
58- // to enforce this so long as the types are concrete.
55+ // NOTE: This must be a macro (rather than a function with trait bounds)
56+ // because there's no way, in a generic context, to enforce that two types
57+ // have the same size. `core::mem::transmute` uses compiler magic to enforce
58+ // this so long as the types are concrete.
59+ ( #![ allow( shrink) ] $e: expr) => { {
60+ let mut e = $e;
61+ if false {
62+ // This branch, though never taken, ensures that the type of `e` is
63+ // `IntoBytes` and that the type of the outer macro invocation
64+ // expression is `FromBytes`.
65+
66+ fn transmute<Src , Dst >( src: Src ) -> Dst
67+ where
68+ Src : $crate:: IntoBytes ,
69+ Dst : $crate:: FromBytes ,
70+ {
71+ let _ = src;
72+ loop { }
73+ }
74+ loop { }
75+ #[ allow( unreachable_code) ]
76+ transmute( e)
77+ } else {
78+ use $crate:: util:: macro_util:: core_reexport:: mem:: ManuallyDrop ;
79+
80+ #[ repr( C , packed) ]
81+ union Transmute <Src , Dst > {
82+ src: ManuallyDrop <Src >,
83+ dst: ManuallyDrop <Dst >,
84+ }
5985
86+ // SAFETY: `Transmute` is a `reper(C)` union whose `src` field has
87+ // type `ManuallyDrop<Src>`. Thus, the `src` field starts at byte
88+ // offset 0 within `Transmute` [1]. `ManuallyDrop<T>` has the same
89+ // layout and bit validity as `T`, so it is sound to transmute `Src`
90+ // to `Transmute`.
91+ //
92+ // [1] https://doc.rust-lang.org/1.85.0/reference/type-layout.html#reprc-unions
93+ //
94+ // [2] Per https://doc.rust-lang.org/1.85.0/std/mem/struct.ManuallyDrop.html:
95+ //
96+ // `ManuallyDrop<T>` is guaranteed to have the same layout and bit
97+ // validity as `T`
98+ let u: Transmute <_, _> = unsafe {
99+ // Clippy: We can't annotate the types; this macro is designed
100+ // to infer the types from the calling context.
101+ #[ allow( clippy:: missing_transmute_annotations) ]
102+ $crate:: util:: macro_util:: core_reexport:: mem:: transmute( e)
103+ } ;
104+
105+ if false {
106+ // SAFETY: This code is never executed.
107+ e = ManuallyDrop :: into_inner( unsafe { u. src } ) ;
108+ // Suppress the `unused_assignments` lint on the previous line.
109+ let _ = e;
110+ loop { }
111+ } else {
112+ // Per the safety comment on `let u` above, the `dst` field in
113+ // `Transmute` starts at byte offset 0, and has the same layout
114+ // and bit validity as `Dst`.
115+ //
116+ // Transmuting `Src` to `Transmute<Src, Dst>` above using
117+ // `core::mem::transmute` ensures that `size_of::<Src>() ==
118+ // size_of::<Transmute<Src, Dst>>()`. A `#[repr(C, packed)]`
119+ // union has the maximum size of all of its fields [1], so this
120+ // is equivalent to `size_of::<Src>() >= size_of::<Dst>()`.
121+ //
122+ // The outer `if`'s `false` branch ensures that `Src: IntoBytes`
123+ // and `Dst: FromBytes`. This, combined with the size bound,
124+ // ensures that this transmute is sound.
125+ //
126+ // Per https://doc.rust-lang.org/1.85.0/reference/type-layout.html#reprc-unions:
127+ //
128+ // The union will have a size of the maximum size of all of
129+ // its fields rounded to its alignment
130+ let dst = unsafe { u. dst } ;
131+ $crate:: util:: macro_util:: must_use( ManuallyDrop :: into_inner( dst) )
132+ }
133+ }
134+ } } ;
135+ ( $e: expr) => { {
60136 let e = $e;
61137 if false {
62138 // This branch, though never taken, ensures that the type of `e` is
63- // `IntoBytes` and that the type of this macro invocation expression
64- // is `FromBytes`.
139+ // `IntoBytes` and that the type of the outer macro invocation
140+ // expression is `FromBytes`.
65141
66- struct AssertIsIntoBytes <T : $crate:: IntoBytes >( T ) ;
67- let _ = AssertIsIntoBytes ( e) ;
68-
69- struct AssertIsFromBytes <U : $crate:: FromBytes >( U ) ;
70- #[ allow( unused, unreachable_code) ]
71- let u = AssertIsFromBytes ( loop { } ) ;
72- u. 0
142+ fn transmute<Src , Dst >( src: Src ) -> Dst
143+ where
144+ Src : $crate:: IntoBytes ,
145+ Dst : $crate:: FromBytes ,
146+ {
147+ let _ = src;
148+ loop { }
149+ }
150+ loop { }
151+ #[ allow( unreachable_code) ]
152+ transmute( e)
73153 } else {
74154 // SAFETY: `core::mem::transmute` ensures that the type of `e` and
75155 // the type of this macro invocation expression have the same size.
76156 // We know this transmute is safe thanks to the `IntoBytes` and
77157 // `FromBytes` bounds enforced by the `false` branch.
78- //
79- // We use this reexport of `core::mem::transmute` because we know it
80- // will always be available for crates which are using the 2015
81- // edition of Rust. By contrast, if we were to use
82- // `std::mem::transmute`, this macro would not work for such crates
83- // in `no_std` contexts, and if we were to use
84- // `core::mem::transmute`, this macro would not work in `std`
85- // contexts in which `core` was not manually imported. This is not a
86- // problem for 2018 edition crates.
87158 let u = unsafe {
88159 // Clippy: We can't annotate the types; this macro is designed
89160 // to infer the types from the calling context.
@@ -92,7 +163,7 @@ macro_rules! transmute {
92163 } ;
93164 $crate:: util:: macro_util:: must_use( u)
94165 }
95- } }
166+ } } ;
96167}
97168
98169/// Safely transmutes a mutable or immutable reference of one type to an
@@ -1046,6 +1117,10 @@ mod tests {
10461117 let x: [ u8 ; 8 ] = transmute ! ( array_of_arrays) ;
10471118 assert_eq ! ( x, array_of_u8s) ;
10481119
1120+ // Test that memory is transmuted as expected when shrinking.
1121+ let x: [ [ u8 ; 2 ] ; 3 ] = transmute ! ( #![ allow( shrink) ] array_of_u8s) ;
1122+ assert_eq ! ( x, [ [ 0u8 , 1 ] , [ 2 , 3 ] , [ 4 , 5 ] ] ) ;
1123+
10491124 // Test that the source expression's value is forgotten rather than
10501125 // dropped.
10511126 #[ derive( IntoBytes ) ]
@@ -1058,12 +1133,16 @@ mod tests {
10581133 }
10591134 #[ allow( clippy:: let_unit_value) ]
10601135 let _: ( ) = transmute ! ( PanicOnDrop ( ( ) ) ) ;
1136+ #[ allow( clippy:: let_unit_value) ]
1137+ let _: ( ) = transmute ! ( #![ allow( shrink) ] PanicOnDrop ( ( ) ) ) ;
10611138
10621139 // Test that `transmute!` is legal in a const context.
10631140 const ARRAY_OF_U8S : [ u8 ; 8 ] = [ 0u8 , 1 , 2 , 3 , 4 , 5 , 6 , 7 ] ;
10641141 const ARRAY_OF_ARRAYS : [ [ u8 ; 2 ] ; 4 ] = [ [ 0 , 1 ] , [ 2 , 3 ] , [ 4 , 5 ] , [ 6 , 7 ] ] ;
10651142 const X : [ [ u8 ; 2 ] ; 4 ] = transmute ! ( ARRAY_OF_U8S ) ;
10661143 assert_eq ! ( X , ARRAY_OF_ARRAYS ) ;
1144+ const X_SHRINK : [ [ u8 ; 2 ] ; 3 ] = transmute ! ( #![ allow( shrink) ] ARRAY_OF_U8S ) ;
1145+ assert_eq ! ( X_SHRINK , [ [ 0u8 , 1 ] , [ 2 , 3 ] , [ 4 , 5 ] ] ) ;
10671146
10681147 // Test that `transmute!` works with `!Immutable` types.
10691148 let x: usize = transmute ! ( UnsafeCell :: new( 1usize ) ) ;
0 commit comments