-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add MaybeUninit::(slice_)as_bytes(_mut) #89747
Conversation
r? @m-ou-se (rust-highfive has picked a reviewer for you, use r? to override) |
This comment has been minimized.
This comment has been minimized.
This seems related to some of the questions that have come up in the safe transmute work. For the mut versions, this allows writing arbitrary data to a value or slice. That data still won't become usable until a call to assume_init, which is unsafe, so this isn't unsound, but as far as I know, doing something like that would previously have required mem::transmute. In either case, this would make it very easy to rely on the internal layout of a type, which a crate may not have intended to make public. So at the very least, I think we need a comment noting that the ability to access the bytes of private fields or the exact layout of a structure does not necessarily make those details part of a crate's stable ABI. I don't have any objections to these methods existing; I just want to make sure we note (and where appropriate document) what new capabilities these methods expose, and the potential hazards associated with them. |
The main use case I have for these methods is reading bytes from a file or memory and turning them into structured types (which I have previously checked to be valid for all bit patterns). I don't think this exposes anything that wasn't already possible with or without unsafe code. |
ping @m-ou-se |
Looks good to me. Can you open a tracking issue? r=me with the tracking issue number added. |
c1b6597
to
daef6b5
Compare
This comment has been minimized.
This comment has been minimized.
daef6b5
to
ae5eb0c
Compare
This comment has been minimized.
This comment has been minimized.
ae5eb0c
to
5c96dcf
Compare
@bors r=m-ou-se |
📌 Commit 5c96dcf has been approved by |
…askrgr Rollup of 13 pull requests Successful merges: - rust-lang#89747 (Add MaybeUninit::(slice_)as_bytes(_mut)) - rust-lang#89764 (Fix variant index / discriminant confusion in uninhabited enum branching) - rust-lang#91606 (Stabilize `-Z print-link-args` as `--print link-args`) - rust-lang#91694 (rustdoc: decouple stability and const-stability) - rust-lang#92183 (Point at correct argument when async fn output type lifetime disagrees with signature) - rust-lang#92582 (improve `_` constants in item signature handling) - rust-lang#92680 (intra-doc: Use the impl's assoc item where possible) - rust-lang#92704 (Change lint message to be stronger for &T -> &mut T transmute) - rust-lang#92861 (Rustdoc mobile: put out-of-band info on its own line) - rust-lang#92992 (Help optimize out backtraces when disabled) - rust-lang#93038 (Fix star handling in block doc comments) - rust-lang#93108 (:arrow_up: rust-analyzer) - rust-lang#93112 (Fix CVE-2022-21658) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
This adds methods to convert between
MaybeUninit<T>
and a slice ofMaybeUninit<u8>
. This is safe sinceMaybeUninit<u8>
can correctly handle padding bytes in anyT
.These methods are added: