Skip to content

Commit

Permalink
Rollup merge of rust-lang#129657 - jswrenn:transmute-name, r=compiler…
Browse files Browse the repository at this point in the history
…-errors

Rename `BikeshedIntrinsicFrom` to `TransmuteFrom`

As our implementation of MCP411 nears completion and we begin to solicit testing, it's no longer reasonable to expect testers to type or remember `BikeshedIntrinsicFrom`. The name degrades the ease-of-reading of documentation, and the overall experience of using compiler safe transmute.

Tentatively, we'll instead adopt `TransmuteFrom`.

This name seems to be the one most likely to be stabilized, after discussion on Zulip [1]. We may want to revisit the ordering of `Src` and `Dst` before stabilization, at which point we'd likely consider `TransmuteInto` or `Transmute`.

[1] https://rust-lang.zulipchat.com/#narrow/stream/216762-project-safe-transmute/topic/What.20should.20.60BikeshedIntrinsicFrom.60.20be.20named.3F

Tracking Issue: rust-lang#99571

r​? `@compiler-errors`
  • Loading branch information
matthiaskrgr authored Aug 28, 2024
2 parents 5725119 + 1ad218f commit 29188a5
Show file tree
Hide file tree
Showing 112 changed files with 528 additions and 531 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -862,7 +862,7 @@ where
_ecx: &mut EvalCtxt<'_, D>,
goal: Goal<I, Self>,
) -> Result<Candidate<I>, NoSolution> {
panic!("`BikeshedIntrinsicFrom` does not have an associated type: {:?}", goal)
panic!("`TransmuteFrom` does not have an associated type: {:?}", goal)
}

fn consider_builtin_effects_intersection_candidate(
Expand Down
2 changes: 1 addition & 1 deletion library/core/src/mem/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ pub use maybe_uninit::MaybeUninit;

mod transmutability;
#[unstable(feature = "transmutability", issue = "99571")]
pub use transmutability::{Assume, BikeshedIntrinsicFrom};
pub use transmutability::{Assume, TransmuteFrom};

#[stable(feature = "rust1", since = "1.0.0")]
#[doc(inline)]
Expand Down
109 changes: 53 additions & 56 deletions library/core/src/mem/transmutability.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ use crate::marker::{ConstParamTy_, UnsizedConstParamTy};
///
/// # Safety
///
/// If `Dst: BikeshedIntrinsicFrom<Src, ASSUMPTIONS>`, the compiler guarantees
/// that `Src` is soundly *union-transmutable* into a value of type `Dst`,
/// provided that the programmer has guaranteed that the given
/// [`ASSUMPTIONS`](Assume) are satisfied.
/// If `Dst: TransmuteFrom<Src, ASSUMPTIONS>`, the compiler guarantees that
/// `Src` is soundly *union-transmutable* into a value of type `Dst`, provided
/// that the programmer has guaranteed that the given [`ASSUMPTIONS`](Assume)
/// are satisfied.
///
/// A union-transmute is any bit-reinterpretation conversion in the form of:
///
Expand Down Expand Up @@ -47,15 +47,15 @@ use crate::marker::{ConstParamTy_, UnsizedConstParamTy};
#[cfg_attr(not(bootstrap), doc = "```rust")]
/// #![feature(transmutability)]
///
/// use core::mem::{Assume, BikeshedIntrinsicFrom};
/// use core::mem::{Assume, TransmuteFrom};
///
/// let src = 42u8; // size = 1
///
/// #[repr(C, align(2))]
/// struct Dst(u8); // size = 2
//
/// let _ = unsafe {
/// <Dst as BikeshedIntrinsicFrom<u8, { Assume::SAFETY }>>::transmute(src)
/// <Dst as TransmuteFrom<u8, { Assume::SAFETY }>>::transmute(src)
/// };
/// ```
///
Expand Down Expand Up @@ -87,7 +87,7 @@ use crate::marker::{ConstParamTy_, UnsizedConstParamTy};
#[lang = "transmute_trait"]
#[rustc_deny_explicit_impl(implement_via_object = false)]
#[rustc_coinductive]
pub unsafe trait BikeshedIntrinsicFrom<Src, const ASSUME: Assume = { Assume::NOTHING }>
pub unsafe trait TransmuteFrom<Src, const ASSUME: Assume = { Assume::NOTHING }>
where
Src: ?Sized,
{
Expand Down Expand Up @@ -140,23 +140,21 @@ where
}
}

/// Configurable proof assumptions of [`BikeshedIntrinsicFrom`].
/// Configurable proof assumptions of [`TransmuteFrom`].
///
/// When `false`, the respective proof obligation belongs to the compiler. When
/// `true`, the onus of the safety proof belongs to the programmer.
/// [`BikeshedIntrinsicFrom`].
#[unstable(feature = "transmutability", issue = "99571")]
#[lang = "transmute_opts"]
#[derive(PartialEq, Eq, Clone, Copy, Debug)]
pub struct Assume {
/// When `false`, [`BikeshedIntrinsicFrom`] is not implemented for
/// transmutations that might violate the the alignment requirements of
/// references; e.g.:
/// When `false`, [`TransmuteFrom`] is not implemented for transmutations
/// that might violate the the alignment requirements of references; e.g.:
///
#[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
#[cfg_attr(not(bootstrap), doc = "```compile_fail,E0277")]
/// #![feature(transmutability)]
/// use core::mem::{align_of, BikeshedIntrinsicFrom};
/// use core::mem::{align_of, TransmuteFrom};
///
/// assert_eq!(align_of::<[u8; 2]>(), 1);
/// assert_eq!(align_of::<u16>(), 2);
Expand All @@ -165,26 +163,26 @@ pub struct Assume {
///
/// // SAFETY: No safety obligations.
/// let dst: &u16 = unsafe {
/// <_ as BikeshedIntrinsicFrom<_>>::transmute(src)
/// <_ as TransmuteFrom<_>>::transmute(src)
/// };
/// ```
///
/// When `true`, [`BikeshedIntrinsicFrom`] assumes that *you* have ensured
/// When `true`, [`TransmuteFrom`] assumes that *you* have ensured
/// that references in the transmuted value satisfy the alignment
/// requirements of their referent types; e.g.:
///
#[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
#[cfg_attr(not(bootstrap), doc = "```rust")]
/// #![feature(pointer_is_aligned_to, transmutability)]
/// use core::mem::{align_of, Assume, BikeshedIntrinsicFrom};
/// use core::mem::{align_of, Assume, TransmuteFrom};
///
/// let src: &[u8; 2] = &[0xFF, 0xFF];
///
/// let maybe_dst: Option<&u16> = if <*const _>::is_aligned_to(src, align_of::<u16>()) {
/// // SAFETY: We have checked above that the address of `src` satisfies the
/// // alignment requirements of `u16`.
/// Some(unsafe {
/// <_ as BikeshedIntrinsicFrom<_, { Assume::ALIGNMENT }>>::transmute(src)
/// <_ as TransmuteFrom<_, { Assume::ALIGNMENT }>>::transmute(src)
/// })
/// } else {
/// None
Expand All @@ -194,21 +192,21 @@ pub struct Assume {
/// ```
pub alignment: bool,

/// When `false`, [`BikeshedIntrinsicFrom`] is not implemented for
/// transmutations that extend the lifetimes of references.
/// When `false`, [`TransmuteFrom`] is not implemented for transmutations
/// that extend the lifetimes of references.
///
/// When `true`, [`BikeshedIntrinsicFrom`] assumes that *you* have ensured
/// that references in the transmuted value do not outlive their referents.
/// When `true`, [`TransmuteFrom`] assumes that *you* have ensured that
/// references in the transmuted value do not outlive their referents.
pub lifetimes: bool,

/// When `false`, [`BikeshedIntrinsicFrom`] is not implemented for
/// transmutations that might violate the library safety invariants of the
/// destination type; e.g.:
/// When `false`, [`TransmuteFrom`] is not implemented for transmutations
/// that might violate the library safety invariants of the destination
/// type; e.g.:
///
#[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
#[cfg_attr(not(bootstrap), doc = "```compile_fail,E0277")]
/// #![feature(transmutability)]
/// use core::mem::BikeshedIntrinsicFrom;
/// use core::mem::TransmuteFrom;
///
/// let src: u8 = 3;
///
Expand All @@ -219,18 +217,18 @@ pub struct Assume {
///
/// // SAFETY: No safety obligations.
/// let dst: EvenU8 = unsafe {
/// <_ as BikeshedIntrinsicFrom<_>>::transmute(src)
/// <_ as TransmuteFrom<_>>::transmute(src)
/// };
/// ```
///
/// When `true`, [`BikeshedIntrinsicFrom`] assumes that *you* have ensured
/// When `true`, [`TransmuteFrom`] assumes that *you* have ensured
/// that undefined behavior does not arise from using the transmuted value;
/// e.g.:
///
#[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
#[cfg_attr(not(bootstrap), doc = "```rust")]
/// #![feature(transmutability)]
/// use core::mem::{Assume, BikeshedIntrinsicFrom};
/// use core::mem::{Assume, TransmuteFrom};
///
/// let src: u8 = 42;
///
Expand All @@ -242,7 +240,7 @@ pub struct Assume {
/// let maybe_dst: Option<EvenU8> = if src % 2 == 0 {
/// // SAFETY: We have checked above that the value of `src` is even.
/// Some(unsafe {
/// <_ as BikeshedIntrinsicFrom<_, { Assume::SAFETY }>>::transmute(src)
/// <_ as TransmuteFrom<_, { Assume::SAFETY }>>::transmute(src)
/// })
/// } else {
/// None
Expand All @@ -252,39 +250,39 @@ pub struct Assume {
/// ```
pub safety: bool,

/// When `false`, [`BikeshedIntrinsicFrom`] is not implemented for
/// transmutations that might violate the language-level bit-validity
/// invariant of the destination type; e.g.:
/// When `false`, [`TransmuteFrom`] is not implemented for transmutations
/// that might violate the language-level bit-validity invariant of the
/// destination type; e.g.:
///
#[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
#[cfg_attr(not(bootstrap), doc = "```compile_fail,E0277")]
/// #![feature(transmutability)]
/// use core::mem::BikeshedIntrinsicFrom;
/// use core::mem::TransmuteFrom;
///
/// let src: u8 = 3;
///
/// // SAFETY: No safety obligations.
/// let dst: bool = unsafe {
/// <_ as BikeshedIntrinsicFrom<_>>::transmute(src)
/// <_ as TransmuteFrom<_>>::transmute(src)
/// };
/// ```
///
/// When `true`, [`BikeshedIntrinsicFrom`] assumes that *you* have ensured
/// When `true`, [`TransmuteFrom`] assumes that *you* have ensured
/// that the value being transmuted is a bit-valid instance of the
/// transmuted value; e.g.:
///
#[cfg_attr(bootstrap, doc = "```rust,ignore not runnable on bootstrap")]
#[cfg_attr(not(bootstrap), doc = "```rust")]
/// #![feature(transmutability)]
/// use core::mem::{Assume, BikeshedIntrinsicFrom};
/// use core::mem::{Assume, TransmuteFrom};
///
/// let src: u8 = 1;
///
/// let maybe_dst: Option<bool> = if src == 0 || src == 1 {
/// // SAFETY: We have checked above that the value of `src` is a bit-valid
/// // instance of `bool`.
/// Some(unsafe {
/// <_ as BikeshedIntrinsicFrom<_, { Assume::VALIDITY }>>::transmute(src)
/// <_ as TransmuteFrom<_, { Assume::VALIDITY }>>::transmute(src)
/// })
/// } else {
/// None
Expand All @@ -301,35 +299,34 @@ impl ConstParamTy_ for Assume {}
impl UnsizedConstParamTy for Assume {}

impl Assume {
/// With this, [`BikeshedIntrinsicFrom`] does not assume you have ensured
/// any safety obligations are met, and relies only upon its own analysis to
/// (dis)prove transmutability.
/// With this, [`TransmuteFrom`] does not assume you have ensured any safety
/// obligations are met, and relies only upon its own analysis to (dis)prove
/// transmutability.
#[unstable(feature = "transmutability", issue = "99571")]
pub const NOTHING: Self =
Self { alignment: false, lifetimes: false, safety: false, validity: false };

/// With this, [`BikeshedIntrinsicFrom`] assumes only that you have ensured
/// that references in the transmuted value satisfy the alignment
/// requirements of their referent types. See [`Assume::alignment`] for
/// examples.
/// With this, [`TransmuteFrom`] assumes only that you have ensured that
/// references in the transmuted value satisfy the alignment requirements of
/// their referent types. See [`Assume::alignment`] for examples.
#[unstable(feature = "transmutability", issue = "99571")]
pub const ALIGNMENT: Self = Self { alignment: true, ..Self::NOTHING };

/// With this, [`BikeshedIntrinsicFrom`] assumes only that you have ensured
/// that references in the transmuted value do not outlive their referents.
/// See [`Assume::lifetimes`] for examples.
/// With this, [`TransmuteFrom`] assumes only that you have ensured that
/// references in the transmuted value do not outlive their referents. See
/// [`Assume::lifetimes`] for examples.
#[unstable(feature = "transmutability", issue = "99571")]
pub const LIFETIMES: Self = Self { lifetimes: true, ..Self::NOTHING };

/// With this, [`BikeshedIntrinsicFrom`] assumes only that you have ensured
/// that undefined behavior does not arise from using the transmuted value.
/// See [`Assume::safety`] for examples.
/// With this, [`TransmuteFrom`] assumes only that you have ensured that
/// undefined behavior does not arise from using the transmuted value. See
/// [`Assume::safety`] for examples.
#[unstable(feature = "transmutability", issue = "99571")]
pub const SAFETY: Self = Self { safety: true, ..Self::NOTHING };

/// With this, [`BikeshedIntrinsicFrom`] assumes only that you have ensured
/// that the value being transmuted is a bit-valid instance of the
/// transmuted value. See [`Assume::validity`] for examples.
/// With this, [`TransmuteFrom`] assumes only that you have ensured that the
/// value being transmuted is a bit-valid instance of the transmuted value.
/// See [`Assume::validity`] for examples.
#[unstable(feature = "transmutability", issue = "99571")]
pub const VALIDITY: Self = Self { validity: true, ..Self::NOTHING };

Expand All @@ -348,7 +345,7 @@ impl Assume {
/// transmutability,
/// )]
/// #![allow(incomplete_features)]
/// use core::mem::{align_of, Assume, BikeshedIntrinsicFrom};
/// use core::mem::{align_of, Assume, TransmuteFrom};
///
/// /// Attempts to transmute `src` to `&Dst`.
/// ///
Expand All @@ -360,15 +357,15 @@ impl Assume {
/// /// alignment, are satisfied.
/// unsafe fn try_transmute_ref<'a, Src, Dst, const ASSUME: Assume>(src: &'a Src) -> Option<&'a Dst>
/// where
/// &'a Dst: BikeshedIntrinsicFrom<&'a Src, { ASSUME.and(Assume::ALIGNMENT) }>,
/// &'a Dst: TransmuteFrom<&'a Src, { ASSUME.and(Assume::ALIGNMENT) }>,
/// {
/// if <*const _>::is_aligned_to(src, align_of::<Dst>()) {
/// // SAFETY: By the above dynamic check, we have ensured that the address
/// // of `src` satisfies the alignment requirements of `&Dst`. By contract
/// // on the caller, the safety obligations required by `ASSUME` have also
/// // been satisfied.
/// Some(unsafe {
/// <_ as BikeshedIntrinsicFrom<_, { ASSUME.and(Assume::ALIGNMENT) }>>::transmute(src)
/// <_ as TransmuteFrom<_, { ASSUME.and(Assume::ALIGNMENT) }>>::transmute(src)
/// })
/// } else {
/// None
Expand Down
4 changes: 2 additions & 2 deletions tests/crashes/123693.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@
#![feature(transmutability)]

mod assert {
use std::mem::{Assume, BikeshedIntrinsicFrom};
use std::mem::{Assume, TransmuteFrom};

pub fn is_transmutable<Src, Dst>()
where
Dst: BikeshedIntrinsicFrom<Src, { Assume::NOTHING }>,
Dst: TransmuteFrom<Src, { Assume::NOTHING }>,
{
}
}
Expand Down
2 changes: 1 addition & 1 deletion tests/crashes/124207.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@
trait OpaqueTrait {}
type OpaqueType = impl OpaqueTrait;
trait AnotherTrait {}
impl<T: std::mem::BikeshedIntrinsicFrom<(), ()>> AnotherTrait for T {}
impl<T: std::mem::TransmuteFrom<(), ()>> AnotherTrait for T {}
impl AnotherTrait for OpaqueType {}
pub fn main() {}
2 changes: 1 addition & 1 deletion tests/crashes/125881.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@
#![feature(transmutability)]
#![feature(unboxed_closures,effects)]

const fn test() -> impl std::mem::BikeshedIntrinsicFrom() {
const fn test() -> impl std::mem::TransmuteFrom() {
|| {}
}
4 changes: 2 additions & 2 deletions tests/crashes/126267.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ pub enum Error {
}

mod assert {
use std::mem::BikeshedIntrinsicFrom;
use std::mem::TransmuteFrom;

pub fn is_transmutable<Src, Dst>()
where
Dst: BikeshedIntrinsicFrom<Src>, // safety is NOT assumed
Dst: TransmuteFrom<Src>, // safety is NOT assumed
{
}
}
Expand Down
4 changes: 2 additions & 2 deletions tests/crashes/126377.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
#![feature(generic_const_exprs)]

mod assert {
use std::mem::{Assume, BikeshedIntrinsicFrom};
use std::mem::{Assume, TransmuteFrom};

pub fn is_transmutable<
Src,
Expand All @@ -15,7 +15,7 @@ mod assert {
const ASSUME_VALIDITY: bool,
>()
where
Dst: BikeshedIntrinsicFrom<
Dst: TransmuteFrom<
Src,
{ }
>,
Expand Down
4 changes: 2 additions & 2 deletions tests/crashes/126966.rs
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
//@ known-bug: rust-lang/rust#126966
mod assert {
use std::mem::{Assume, BikeshedIntrinsicFrom};
use std::mem::{Assume, TransmuteFrom};

pub fn is_transmutable<Src, Dst>()
where
Dst: BikeshedIntrinsicFrom<Src>,
Dst: TransmuteFrom<Src>,
{
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
#![allow(incomplete_features, unstable_features)]

mod assert {
use std::mem::BikeshedIntrinsicFrom;
use std::mem::TransmuteFrom;

pub fn is_transmutable<Src, Dst, Context, const ASSUME: std::mem::Assume>()
where
Dst: BikeshedIntrinsicFrom<Src, Context, ASSUME>,
Dst: TransmuteFrom<Src, Context, ASSUME>,
//~^ ERROR trait takes at most 2 generic arguments but 3 generic arguments were supplied
{
}
Expand Down
Loading

0 comments on commit 29188a5

Please sign in to comment.