Encode infallible alignment errors in types #1718
Conversation
|
Still need to bikeshed naming and how to write the doc comment, but otherwise it's done. |
joshlf
force-pushed
the
infallible-alignment-error
branch
from
1b8c3f7
to
e9e640d
Compare
src/error.rs
Outdated
| @@ -626,6 +683,17 @@ impl<Src, Dst: ?Sized> CastError<Src, Dst> { | |||
| } | |||
| } | |||
|
|
|||
| impl<Src, Dst: ?Sized + Unaligned> Into<SizeError<Src, Dst>> for CastError<Src, Dst> { | |||
| fn into(self) -> SizeError<Src, Dst> { | |||
There was a problem hiding this comment.
Slap an #[inline(always)] on this — we want the effects of unreachable_unchecked to propagate up the call chain.
src/error.rs
Outdated
| @@ -255,6 +290,28 @@ impl<Src, Dst: ?Sized> AlignmentError<Src, Dst> { | |||
| } | |||
| } | |||
|
|
|||
| impl<Src, Dst: ?Sized + Unaligned> AlignmentError<Src, Dst> { | |||
| fn into_infallible(self) -> Infallible { | |||
There was a problem hiding this comment.
Slap an #[inline(always)] on this — we want the effects of unreachable_unchecked to propagate up the call chain.
src/error.rs
Outdated
| } | ||
| } | ||
|
|
||
| impl<Src, Dst: ?Sized + Unaligned, S, V> Into<ConvertError<Infallible, S, V>> |
There was a problem hiding this comment.
Why are we implementing Into here instead of From?
src/error.rs
Outdated
| @@ -255,6 +290,28 @@ impl<Src, Dst: ?Sized> AlignmentError<Src, Dst> { | |||
| } | |||
| } | |||
|
|
|||
| impl<Src, Dst: ?Sized + Unaligned> AlignmentError<Src, Dst> { | |||
| fn into_infallible(self) -> Infallible { | |||
There was a problem hiding this comment.
For consistency, should this be an implementation of From? Then we could have a consistent messaging that calling .into() at all levels makes impossible error branches Infallible.
joshlf
force-pushed
the
infallible-alignment-error
branch
from
e9e640d
to
df8a716
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1718 +/- ##
==========================================
- Coverage 88.79% 88.35% -0.45%
==========================================
Files 16 16
Lines 5846 5889 +43
==========================================
+ Hits 5191 5203 +12
- Misses 655 686 +31 ☔ View full report in Codecov by Sentry. |
joshlf
force-pushed
the
infallible-alignment-error
branch
from
df8a716
to
22e78b9
Compare
Permit callers to prove at compile time that alignment errors are unreachable for unaligned destination types. This permits them to infallibly ignore this error condition.
joshlf
force-pushed
the
infallible-alignment-error
branch
from
22e78b9
to
761d909
Compare
Probably, but let's test it in Fuchsia first. |
| /// Infallibly discards the alignment error from this `ConvertError` since | ||
| /// `Dst` is unaligned. | ||
| /// | ||
| /// Since [`Dst: Unaligned`], it is impossible to encounter an alignment | ||
| /// error. This method permits discarding that alignment error infallibly | ||
| /// and replacing it with [`Infallible`]. | ||
| /// | ||
| /// [`Dst: Unaligned`]: crate::Unaligned | ||
| /// | ||
| /// # Examples | ||
| /// | ||
| /// ``` | ||
| /// use core::convert::Infallible; | ||
| /// use zerocopy::*; | ||
| /// # use zerocopy_derive::*; | ||
| /// | ||
| /// #[derive(TryFromBytes, KnownLayout, Unaligned, Immutable)] | ||
| /// #[repr(C, packed)] | ||
| /// struct Bools { | ||
| /// one: bool, | ||
| /// two: bool, | ||
| /// many: [bool], | ||
| /// } | ||
| /// | ||
| /// impl Bools { | ||
| /// fn parse(bytes: &[u8]) -> Result<&Bools, UnalignedTryCastError<&[u8], Bools>> { | ||
| /// // Since `Bools: Unaligned`, we can infallibly discard | ||
| /// // the alignment error. | ||
| /// Bools::try_ref_from_bytes(bytes).map_err(Into::into) | ||
| /// } | ||
| /// } | ||
| /// ``` |
There was a problem hiding this comment.
I don't think users are primed to expect bespoke documentation on trait impls. Let's move this documentation to the error module docs.
| impl<Src, Dst: ?Sized + Unaligned, S, V> From<ConvertError<AlignmentError<Src, Dst>, S, V>> | ||
| for ConvertError<Infallible, S, V> |
There was a problem hiding this comment.
I think we should make this a general From conversion of A, S, and V:
| impl<Src, Dst: ?Sized + Unaligned, S, V> From<ConvertError<AlignmentError<Src, Dst>, S, V>> | |
| for ConvertError<Infallible, S, V> | |
| impl<Src, Dst: ?Sized + Unaligned, A, S, V, NewA, NewS, NewV> | |
| From<ConvertError<A, S, V>> | |
| for | |
| ConvertError<NewA, NewS, NewV> | |
| where | |
| NewA: From<A>, | |
| NewS: From<S>, | |
| NewV: From<V>, |
Permit callers to prove at compile time that alignment errors are unreachable for unaligned destination types. This permits them to infallibly ignore this error condition.