/rust/registry/src/index.crates.io-1949cf8c6b5b557f/bytemuck-1.24.0/src/checked.rs

Source
//! Checked versions of the casting functions exposed in crate root
//! that support [`CheckedBitPattern`] types.

use crate::{
  internal::{self, something_went_wrong},
  AnyBitPattern, NoUninit,
};

/// A marker trait that allows types that have some invalid bit patterns to be
/// used in places that otherwise require [`AnyBitPattern`] or [`Pod`] types by
/// performing a runtime check on a perticular set of bits. This is particularly
/// useful for types like fieldless ('C-style') enums, [`char`], bool, and
/// structs containing them.
///
/// To do this, we define a `Bits` type which is a type with equivalent layout
/// to `Self` other than the invalid bit patterns which disallow `Self` from
/// being [`AnyBitPattern`]. This `Bits` type must itself implement
/// [`AnyBitPattern`]. Then, we implement a function that checks whether a
/// certain instance of the `Bits` is also a valid bit pattern of `Self`. If
/// this check passes, then we can allow casting from the `Bits` to `Self` (and
/// therefore, any type which is able to be cast to `Bits` is also able to be
/// cast to `Self`).
///
/// [`AnyBitPattern`] is a subset of [`CheckedBitPattern`], meaning that any `T:
/// AnyBitPattern` is also [`CheckedBitPattern`]. This means you can also use
/// any [`AnyBitPattern`] type in the checked versions of casting functions in
/// this module. If it's possible, prefer implementing [`AnyBitPattern`] for
/// your type directly instead of [`CheckedBitPattern`] as it gives greater
/// flexibility.
///
/// # Derive
///
/// A `#[derive(CheckedBitPattern)]` macro is provided under the `derive`
/// feature flag which will automatically validate the requirements of this
/// trait and implement the trait for you for both enums and structs. This is
/// the recommended method for implementing the trait, however it's also
/// possible to do manually.
///
/// # Example
///
/// If manually implementing the trait, we can do something like so:
///
/// ```rust
/// use bytemuck::{CheckedBitPattern, NoUninit};
///
/// #[repr(u32)]
/// #[derive(Copy, Clone)]
/// enum MyEnum {
///     Variant0 = 0,
///     Variant1 = 1,
///     Variant2 = 2,
/// }
///
/// unsafe impl CheckedBitPattern for MyEnum {
///     type Bits = u32;
///
///     fn is_valid_bit_pattern(bits: &u32) -> bool {
///         match *bits {
///             0 | 1 | 2 => true,
///             _ => false,
///         }
///     }
/// }
///
/// // It is often useful to also implement `NoUninit` on our `CheckedBitPattern` types.
/// // This will allow us to do casting of mutable references (and mutable slices).
/// // It is not always possible to do so, but in this case we have no padding so it is.
/// unsafe impl NoUninit for MyEnum {}
/// ```
///
/// We can now use relevant casting functions. For example,
///
/// ```rust
/// # use bytemuck::{CheckedBitPattern, NoUninit};
/// # #[repr(u32)]
/// # #[derive(Copy, Clone, PartialEq, Eq, Debug)]
/// # enum MyEnum {
/// #     Variant0 = 0,
/// #     Variant1 = 1,
/// #     Variant2 = 2,
/// # }
/// # unsafe impl NoUninit for MyEnum {}
/// # unsafe impl CheckedBitPattern for MyEnum {
/// #     type Bits = u32;
/// #     fn is_valid_bit_pattern(bits: &u32) -> bool {
/// #         match *bits {
/// #             0 | 1 | 2 => true,
/// #             _ => false,
/// #         }
/// #     }
/// # }
/// use bytemuck::{bytes_of, bytes_of_mut};
/// use bytemuck::checked;
///
/// let bytes = bytes_of(&2u32);
/// let result = checked::try_from_bytes::<MyEnum>(bytes);
/// assert_eq!(result, Ok(&MyEnum::Variant2));
///
/// // Fails for invalid discriminant
/// let bytes = bytes_of(&100u32);
/// let result = checked::try_from_bytes::<MyEnum>(bytes);
/// assert!(result.is_err());
///
/// // Since we implemented NoUninit, we can also cast mutably from an original type
/// // that is `NoUninit + AnyBitPattern`:
/// let mut my_u32 = 2u32;
/// {
///   let as_enum_mut = checked::cast_mut::<_, MyEnum>(&mut my_u32);
///   assert_eq!(as_enum_mut, &mut MyEnum::Variant2);
///   *as_enum_mut = MyEnum::Variant0;
/// }
/// assert_eq!(my_u32, 0u32);
/// ```
///
/// # Safety
///
/// * `Self` *must* have the same layout as the specified `Bits` except for the
///   possible invalid bit patterns being checked during
///   [`is_valid_bit_pattern`].
/// * This almost certainly means your type must be `#[repr(C)]` or a similar
///   specified repr, but if you think you know better, you probably don't. If
///   you still think you know better, be careful and have fun. And don't mess
///   it up (I mean it).
/// * If [`is_valid_bit_pattern`] returns true, then the bit pattern contained
///   in `bits` must also be valid for an instance of `Self`.
/// * Probably more, don't mess it up (I mean it 2.0)
///
/// [`is_valid_bit_pattern`]: CheckedBitPattern::is_valid_bit_pattern
/// [`Pod`]: crate::Pod
pub unsafe trait CheckedBitPattern: Copy {
  /// `Self` *must* have the same layout as the specified `Bits` except for
  /// the possible invalid bit patterns being checked during
  /// [`is_valid_bit_pattern`].
  ///
  /// [`is_valid_bit_pattern`]: CheckedBitPattern::is_valid_bit_pattern
  type Bits: AnyBitPattern;

  /// If this function returns true, then it must be valid to reinterpret `bits`
  /// as `&Self`.
  fn is_valid_bit_pattern(bits: &Self::Bits) -> bool;
}

unsafe impl<T: AnyBitPattern> CheckedBitPattern for T {
  type Bits = T;

  #[inline(always)]
  fn is_valid_bit_pattern(_bits: &T) -> bool {
    true
  }
}

unsafe impl CheckedBitPattern for char {
  type Bits = u32;

  #[inline]
  fn is_valid_bit_pattern(bits: &Self::Bits) -> bool {
    core::char::from_u32(*bits).is_some()
  }
}

unsafe impl CheckedBitPattern for bool {
  type Bits = u8;

  #[inline]
  fn is_valid_bit_pattern(bits: &Self::Bits) -> bool {
    // DO NOT use the `matches!` macro, it isn't 1.34 compatible.
    match *bits {
      0 | 1 => true,
      _ => false,
    }
  }
}

// Rust 1.70.0 documents that NonZero[int] has the same layout as [int].
macro_rules! impl_checked_for_nonzero {
  ($($nonzero:ty: $primitive:ty),* $(,)?) => {
    $(
      unsafe impl CheckedBitPattern for $nonzero {
        type Bits = $primitive;

        #[inline]
        fn is_valid_bit_pattern(bits: &Self::Bits) -> bool {
          *bits != 0
        }
      }
    )*
  };
}
impl_checked_for_nonzero! {
  core::num::NonZeroU8: u8,
  core::num::NonZeroI8: i8,
  core::num::NonZeroU16: u16,
  core::num::NonZeroI16: i16,
  core::num::NonZeroU32: u32,
  core::num::NonZeroI32: i32,
  core::num::NonZeroU64: u64,
  core::num::NonZeroI64: i64,
  core::num::NonZeroI128: i128,
  core::num::NonZeroU128: u128,
  core::num::NonZeroUsize: usize,
  core::num::NonZeroIsize: isize,
}

/// The things that can go wrong when casting between [`CheckedBitPattern`] data
/// forms.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum CheckedCastError {
  /// An error occurred during a true-[`Pod`] cast
  ///
  /// [`Pod`]: crate::Pod
  PodCastError(crate::PodCastError),
  /// When casting to a [`CheckedBitPattern`] type, it is possible that the
  /// original data contains an invalid bit pattern. If so, the cast will
  /// fail and this error will be returned. Will never happen on casts
  /// between [`Pod`] types.
  ///
  /// [`Pod`]: crate::Pod
  InvalidBitPattern,
}

#[cfg(not(target_arch = "spirv"))]
impl core::fmt::Display for CheckedCastError {
  fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
    write!(f, "{:?}", self)
  }
}
#[cfg(feature = "extern_crate_std")]
#[cfg_attr(feature = "nightly_docs", doc(cfg(feature = "extern_crate_std")))]
impl std::error::Error for CheckedCastError {}

// Rust 1.81+
#[cfg(all(feature = "impl_core_error", not(feature = "extern_crate_std")))]
impl core::error::Error for CheckedCastError {}

impl From<crate::PodCastError> for CheckedCastError {
  fn from(err: crate::PodCastError) -> CheckedCastError {
    CheckedCastError::PodCastError(err)
  }
}

/// Re-interprets `&[u8]` as `&T`.
///
/// ## Failure
///
/// * If the slice isn't aligned for the new type
/// * If the slice's length isn’t exactly the size of the new type
/// * If the slice contains an invalid bit pattern for `T`
#[inline]
pub fn try_from_bytes<T: CheckedBitPattern>(
  s: &[u8],
) -> Result<&T, CheckedCastError> {
  let pod = crate::try_from_bytes(s)?;

  if <T as CheckedBitPattern>::is_valid_bit_pattern(pod) {
    Ok(unsafe { &*(pod as *const <T as CheckedBitPattern>::Bits as *const T) })
  } else {
    Err(CheckedCastError::InvalidBitPattern)
  }
}

/// Re-interprets `&mut [u8]` as `&mut T`.
///
/// ## Failure
///
/// * If the slice isn't aligned for the new type
/// * If the slice's length isn’t exactly the size of the new type
/// * If the slice contains an invalid bit pattern for `T`
#[inline]
pub fn try_from_bytes_mut<T: CheckedBitPattern + NoUninit>(
  s: &mut [u8],
) -> Result<&mut T, CheckedCastError> {
  let pod = unsafe { internal::try_from_bytes_mut(s) }?;

  if <T as CheckedBitPattern>::is_valid_bit_pattern(pod) {
    Ok(unsafe { &mut *(pod as *mut <T as CheckedBitPattern>::Bits as *mut T) })
  } else {
    Err(CheckedCastError::InvalidBitPattern)
  }
}

/// Reads from the bytes as if they were a `T`.
///
/// ## Failure
/// * If the `bytes` length is not equal to `size_of::<T>()`.
/// * If the slice contains an invalid bit pattern for `T`
#[inline]
pub fn try_pod_read_unaligned<T: CheckedBitPattern>(
  bytes: &[u8],
) -> Result<T, CheckedCastError> {
  let pod = crate::try_pod_read_unaligned(bytes)?;

  if <T as CheckedBitPattern>::is_valid_bit_pattern(&pod) {
    Ok(unsafe { transmute!(pod) })
  } else {
    Err(CheckedCastError::InvalidBitPattern)
  }
}

/// Try to cast `A` into `B`.
///
/// Note that for this particular type of cast, alignment isn't a factor. The
/// input value is semantically copied into the function and then returned to a
/// new memory location which will have whatever the required alignment of the
/// output type is.
///
/// ## Failure
///
/// * If the types don't have the same size this fails.
/// * If `a` contains an invalid bit pattern for `B` this fails.
#[inline]
pub fn try_cast<A: NoUninit, B: CheckedBitPattern>(
  a: A,
) -> Result<B, CheckedCastError> {
  let pod = crate::try_cast(a)?;

  if <B as CheckedBitPattern>::is_valid_bit_pattern(&pod) {
    Ok(unsafe { transmute!(pod) })
  } else {
    Err(CheckedCastError::InvalidBitPattern)
  }
}

/// Try to convert a `&A` into `&B`.
///
/// ## Failure
///
/// * If the reference isn't aligned in the new type
/// * If the source type and target type aren't the same size.
/// * If `a` contains an invalid bit pattern for `B` this fails.
#[inline]
pub fn try_cast_ref<A: NoUninit, B: CheckedBitPattern>(
  a: &A,
) -> Result<&B, CheckedCastError> {
  let pod = crate::try_cast_ref(a)?;

  if <B as CheckedBitPattern>::is_valid_bit_pattern(pod) {
    Ok(unsafe { &*(pod as *const <B as CheckedBitPattern>::Bits as *const B) })
  } else {
    Err(CheckedCastError::InvalidBitPattern)
  }
}

/// Try to convert a `&mut A` into `&mut B`.
///
/// As [`try_cast_ref`], but `mut`.
#[inline]
pub fn try_cast_mut<
  A: NoUninit + AnyBitPattern,
  B: CheckedBitPattern + NoUninit,
>(
  a: &mut A,
) -> Result<&mut B, CheckedCastError> {
  let pod = unsafe { internal::try_cast_mut(a) }?;

  if <B as CheckedBitPattern>::is_valid_bit_pattern(pod) {
    Ok(unsafe { &mut *(pod as *mut <B as CheckedBitPattern>::Bits as *mut B) })
  } else {
    Err(CheckedCastError::InvalidBitPattern)
  }
}

/// Try to convert `&[A]` into `&[B]` (possibly with a change in length).
///
/// * `input.as_ptr() as usize == output.as_ptr() as usize`
/// * `input.len() * size_of::<A>() == output.len() * size_of::<B>()`
///
/// ## Failure
///
/// * If the target type has a greater alignment requirement and the input slice
///   isn't aligned.
/// * If the target element type is a different size from the current element
///   type, and the output slice wouldn't be a whole number of elements when
///   accounting for the size change (eg: 3 `u16` values is 1.5 `u32` values, so
///   that's a failure).
/// * If any element of the converted slice would contain an invalid bit pattern
///   for `B` this fails.
#[inline]
pub fn try_cast_slice<A: NoUninit, B: CheckedBitPattern>(
  a: &[A],
) -> Result<&[B], CheckedCastError> {
  let pod = crate::try_cast_slice(a)?;

  if pod.iter().all(|pod| <B as CheckedBitPattern>::is_valid_bit_pattern(pod)) {
    Ok(unsafe {
      core::slice::from_raw_parts(pod.as_ptr() as *const B, pod.len())
    })
  } else {
    Err(CheckedCastError::InvalidBitPattern)
  }
}

/// Try to convert `&mut [A]` into `&mut [B]` (possibly with a change in
/// length).
///
/// As [`try_cast_slice`], but `&mut`.
#[inline]
pub fn try_cast_slice_mut<
  A: NoUninit + AnyBitPattern,
  B: CheckedBitPattern + NoUninit,
>(
  a: &mut [A],
) -> Result<&mut [B], CheckedCastError> {
  let pod = unsafe { internal::try_cast_slice_mut(a) }?;

  if pod.iter().all(|pod| <B as CheckedBitPattern>::is_valid_bit_pattern(pod)) {
    Ok(unsafe {
      core::slice::from_raw_parts_mut(pod.as_mut_ptr() as *mut B, pod.len())
    })
  } else {
    Err(CheckedCastError::InvalidBitPattern)
  }
}

/// Re-interprets `&[u8]` as `&T`.
///
/// ## Panics
///
/// This is [`try_from_bytes`] but will panic on error.
#[inline]
#[cfg_attr(feature = "track_caller", track_caller)]
pub fn from_bytes<T: CheckedBitPattern>(s: &[u8]) -> &T {
  match try_from_bytes(s) {
    Ok(t) => t,
    Err(e) => something_went_wrong("from_bytes", e),
  }
}

/// Re-interprets `&mut [u8]` as `&mut T`.
///
/// ## Panics
///
/// This is [`try_from_bytes_mut`] but will panic on error.
#[inline]
#[cfg_attr(feature = "track_caller", track_caller)]
pub fn from_bytes_mut<T: NoUninit + CheckedBitPattern>(s: &mut [u8]) -> &mut T {
  match try_from_bytes_mut(s) {
    Ok(t) => t,
    Err(e) => something_went_wrong("from_bytes_mut", e),
  }
}

/// Reads the slice into a `T` value.
///
/// ## Panics
/// * This is like [`try_pod_read_unaligned`] but will panic on failure.
#[inline]
#[cfg_attr(feature = "track_caller", track_caller)]
pub fn pod_read_unaligned<T: CheckedBitPattern>(bytes: &[u8]) -> T {
  match try_pod_read_unaligned(bytes) {
    Ok(t) => t,
    Err(e) => something_went_wrong("pod_read_unaligned", e),
  }
}

/// Cast `A` into `B`
///
/// ## Panics
///
/// * This is like [`try_cast`], but will panic on a size mismatch.
#[inline]
#[cfg_attr(feature = "track_caller", track_caller)]
pub fn cast<A: NoUninit, B: CheckedBitPattern>(a: A) -> B {
  match try_cast(a) {
    Ok(t) => t,
    Err(e) => something_went_wrong("cast", e),
  }
}

/// Cast `&mut A` into `&mut B`.
///
/// ## Panics
///
/// This is [`try_cast_mut`] but will panic on error.
#[inline]
#[cfg_attr(feature = "track_caller", track_caller)]
pub fn cast_mut<
  A: NoUninit + AnyBitPattern,
  B: NoUninit + CheckedBitPattern,
>(
  a: &mut A,
) -> &mut B {
  match try_cast_mut(a) {
    Ok(t) => t,
    Err(e) => something_went_wrong("cast_mut", e),
  }
}

/// Cast `&A` into `&B`.
///
/// ## Panics
///
/// This is [`try_cast_ref`] but will panic on error.
#[inline]
#[cfg_attr(feature = "track_caller", track_caller)]
pub fn cast_ref<A: NoUninit, B: CheckedBitPattern>(a: &A) -> &B {
  match try_cast_ref(a) {
    Ok(t) => t,
    Err(e) => something_went_wrong("cast_ref", e),
  }
}

/// Cast `&[A]` into `&[B]`.
///
/// ## Panics
///
/// This is [`try_cast_slice`] but will panic on error.
#[inline]
#[cfg_attr(feature = "track_caller", track_caller)]
pub fn cast_slice<A: NoUninit, B: CheckedBitPattern>(a: &[A]) -> &[B] {
  match try_cast_slice(a) {
    Ok(t) => t,
    Err(e) => something_went_wrong("cast_slice", e),
  }
}

/// Cast `&mut [A]` into `&mut [B]`.
///
/// ## Panics
///
/// This is [`try_cast_slice_mut`] but will panic on error.
#[inline]
#[cfg_attr(feature = "track_caller", track_caller)]
pub fn cast_slice_mut<
  A: NoUninit + AnyBitPattern,
  B: NoUninit + CheckedBitPattern,
>(
  a: &mut [A],
) -> &mut [B] {
  match try_cast_slice_mut(a) {
    Ok(t) => t,
    Err(e) => something_went_wrong("cast_slice_mut", e),
  }
}

Coverage Report

Created: 2025-10-12 08:06

Line	Count	Source
1		//! Checked versions of the casting functions exposed in crate root
2		//! that support [`CheckedBitPattern`] types.
3
4		use crate::{
5		internal::{self, something_went_wrong},
6		AnyBitPattern, NoUninit,
7		};
8
9		/// A marker trait that allows types that have some invalid bit patterns to be
10		/// used in places that otherwise require [`AnyBitPattern`] or [`Pod`] types by
11		/// performing a runtime check on a perticular set of bits. This is particularly
12		/// useful for types like fieldless ('C-style') enums, [`char`], bool, and
13		/// structs containing them.
14		///
15		/// To do this, we define a `Bits` type which is a type with equivalent layout
16		/// to `Self` other than the invalid bit patterns which disallow `Self` from
17		/// being [`AnyBitPattern`]. This `Bits` type must itself implement
18		/// [`AnyBitPattern`]. Then, we implement a function that checks whether a
19		/// certain instance of the `Bits` is also a valid bit pattern of `Self`. If
20		/// this check passes, then we can allow casting from the `Bits` to `Self` (and
21		/// therefore, any type which is able to be cast to `Bits` is also able to be
22		/// cast to `Self`).
23		///
24		/// [`AnyBitPattern`] is a subset of [`CheckedBitPattern`], meaning that any `T:
25		/// AnyBitPattern` is also [`CheckedBitPattern`]. This means you can also use
26		/// any [`AnyBitPattern`] type in the checked versions of casting functions in
27		/// this module. If it's possible, prefer implementing [`AnyBitPattern`] for
28		/// your type directly instead of [`CheckedBitPattern`] as it gives greater
29		/// flexibility.
30		///
31		/// # Derive
32		///
33		/// A `#[derive(CheckedBitPattern)]` macro is provided under the `derive`
34		/// feature flag which will automatically validate the requirements of this
35		/// trait and implement the trait for you for both enums and structs. This is
36		/// the recommended method for implementing the trait, however it's also
37		/// possible to do manually.
38		///
39		/// # Example
40		///
41		/// If manually implementing the trait, we can do something like so:
42		///
43		/// ```rust
44		/// use bytemuck::{CheckedBitPattern, NoUninit};
45		///
46		/// #[repr(u32)]
47		/// #[derive(Copy, Clone)]
48		/// enum MyEnum {
49		/// Variant0 = 0,
50		/// Variant1 = 1,
51		/// Variant2 = 2,
52		/// }
53		///
54		/// unsafe impl CheckedBitPattern for MyEnum {
55		/// type Bits = u32;
56		///
57		/// fn is_valid_bit_pattern(bits: &u32) -> bool {
58		/// match *bits {
59		/// 0 \| 1 \| 2 => true,
60		/// _ => false,
61		/// }
62		/// }
63		/// }
64		///
65		/// // It is often useful to also implement `NoUninit` on our `CheckedBitPattern` types.
66		/// // This will allow us to do casting of mutable references (and mutable slices).
67		/// // It is not always possible to do so, but in this case we have no padding so it is.
68		/// unsafe impl NoUninit for MyEnum {}
69		/// ```
70		///
71		/// We can now use relevant casting functions. For example,
72		///
73		/// ```rust
74		/// # use bytemuck::{CheckedBitPattern, NoUninit};
75		/// # #[repr(u32)]
76		/// # #[derive(Copy, Clone, PartialEq, Eq, Debug)]
77		/// # enum MyEnum {
78		/// # Variant0 = 0,
79		/// # Variant1 = 1,
80		/// # Variant2 = 2,
81		/// # }
82		/// # unsafe impl NoUninit for MyEnum {}
83		/// # unsafe impl CheckedBitPattern for MyEnum {
84		/// # type Bits = u32;
85		/// # fn is_valid_bit_pattern(bits: &u32) -> bool {
86		/// # match *bits {
87		/// # 0 \| 1 \| 2 => true,
88		/// # _ => false,
89		/// # }
90		/// # }
91		/// # }
92		/// use bytemuck::{bytes_of, bytes_of_mut};
93		/// use bytemuck::checked;
94		///
95		/// let bytes = bytes_of(&2u32);
96		/// let result = checked::try_from_bytes::<MyEnum>(bytes);
97		/// assert_eq!(result, Ok(&MyEnum::Variant2));
98		///
99		/// // Fails for invalid discriminant
100		/// let bytes = bytes_of(&100u32);
101		/// let result = checked::try_from_bytes::<MyEnum>(bytes);
102		/// assert!(result.is_err());
103		///
104		/// // Since we implemented NoUninit, we can also cast mutably from an original type
105		/// // that is `NoUninit + AnyBitPattern`:
106		/// let mut my_u32 = 2u32;
107		/// {
108		/// let as_enum_mut = checked::cast_mut::<_, MyEnum>(&mut my_u32);
109		/// assert_eq!(as_enum_mut, &mut MyEnum::Variant2);
110		/// *as_enum_mut = MyEnum::Variant0;
111		/// }
112		/// assert_eq!(my_u32, 0u32);
113		/// ```
114		///
115		/// # Safety
116		///
117		/// * `Self` must have the same layout as the specified `Bits` except for the
118		/// possible invalid bit patterns being checked during
119		/// [`is_valid_bit_pattern`].
120		/// * This almost certainly means your type must be `#[repr(C)]` or a similar
121		/// specified repr, but if you think you know better, you probably don't. If
122		/// you still think you know better, be careful and have fun. And don't mess
123		/// it up (I mean it).
124		/// * If [`is_valid_bit_pattern`] returns true, then the bit pattern contained
125		/// in `bits` must also be valid for an instance of `Self`.
126		/// * Probably more, don't mess it up (I mean it 2.0)
127		///
128		/// [`is_valid_bit_pattern`]: CheckedBitPattern::is_valid_bit_pattern
129		/// [`Pod`]: crate::Pod
130		pub unsafe trait CheckedBitPattern: Copy {
131		/// `Self` must have the same layout as the specified `Bits` except for
132		/// the possible invalid bit patterns being checked during
133		/// [`is_valid_bit_pattern`].
134		///
135		/// [`is_valid_bit_pattern`]: CheckedBitPattern::is_valid_bit_pattern
136		type Bits: AnyBitPattern;
137
138		/// If this function returns true, then it must be valid to reinterpret `bits`
139		/// as `&Self`.
140		fn is_valid_bit_pattern(bits: &Self::Bits) -> bool;
141		}
142
143		unsafe impl<T: AnyBitPattern> CheckedBitPattern for T {
144		type Bits = T;
145
146		#[inline(always)]
147	0	fn is_valid_bit_pattern(_bits: &T) -> bool {
148	0	true
149	0	}
150		}
151
152		unsafe impl CheckedBitPattern for char {
153		type Bits = u32;
154
155		#[inline]
156	0	fn is_valid_bit_pattern(bits: &Self::Bits) -> bool {
157	0	core::char::from_u32(*bits).is_some()
158	0	}
159		}
160
161		unsafe impl CheckedBitPattern for bool {
162		type Bits = u8;
163
164		#[inline]
165	0	fn is_valid_bit_pattern(bits: &Self::Bits) -> bool {
166		// DO NOT use the `matches!` macro, it isn't 1.34 compatible.
167	0	match *bits {
168	0	0 \| 1 => true,
169	0	_ => false,
170		}
171	0	}
172		}
173
174		// Rust 1.70.0 documents that NonZero[int] has the same layout as [int].
175		macro_rules! impl_checked_for_nonzero {
176		($($nonzero:ty: $primitive:ty),* $(,)?) => {
177		$(
178		unsafe impl CheckedBitPattern for $nonzero {
179		type Bits = $primitive;
180
181		#[inline]
182	0	fn is_valid_bit_pattern(bits: &Self::Bits) -> bool {
183	0	*bits != 0
184	0	} Unexecuted instantiation: <core::num::nonzero::NonZero<u8> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<i8> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<u16> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<i16> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<u32> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<i32> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<u64> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<i64> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<i128> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<u128> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<usize> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern Unexecuted instantiation: <core::num::nonzero::NonZero<isize> as bytemuck::checked::CheckedBitPattern>::is_valid_bit_pattern
185		}
186		)*
187		};
188		}
189		impl_checked_for_nonzero! {
190		core::num::NonZeroU8: u8,
191		core::num::NonZeroI8: i8,
192		core::num::NonZeroU16: u16,
193		core::num::NonZeroI16: i16,
194		core::num::NonZeroU32: u32,
195		core::num::NonZeroI32: i32,
196		core::num::NonZeroU64: u64,
197		core::num::NonZeroI64: i64,
198		core::num::NonZeroI128: i128,
199		core::num::NonZeroU128: u128,
200		core::num::NonZeroUsize: usize,
201		core::num::NonZeroIsize: isize,
202		}
203
204		/// The things that can go wrong when casting between [`CheckedBitPattern`] data
205		/// forms.
206		#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
207		pub enum CheckedCastError {
208		/// An error occurred during a true-[`Pod`] cast
209		///
210		/// [`Pod`]: crate::Pod
211		PodCastError(crate::PodCastError),
212		/// When casting to a [`CheckedBitPattern`] type, it is possible that the
213		/// original data contains an invalid bit pattern. If so, the cast will
214		/// fail and this error will be returned. Will never happen on casts
215		/// between [`Pod`] types.
216		///
217		/// [`Pod`]: crate::Pod
218		InvalidBitPattern,
219		}
220
221		#[cfg(not(target_arch = "spirv"))]
222		impl core::fmt::Display for CheckedCastError {
223	0	fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
224	0	write!(f, "{:?}", self)
225	0	}
226		}
227		#[cfg(feature = "extern_crate_std")]
228		#[cfg_attr(feature = "nightly_docs", doc(cfg(feature = "extern_crate_std")))]
229		impl std::error::Error for CheckedCastError {}
230
231		// Rust 1.81+
232		#[cfg(all(feature = "impl_core_error", not(feature = "extern_crate_std")))]
233		impl core::error::Error for CheckedCastError {}
234
235		impl From<crate::PodCastError> for CheckedCastError {
236	0	fn from(err: crate::PodCastError) -> CheckedCastError {
237	0	CheckedCastError::PodCastError(err)
238	0	}
239		}
240
241		/// Re-interprets `&[u8]` as `&T`.
242		///
243		/// ## Failure
244		///
245		/// * If the slice isn't aligned for the new type
246		/// * If the slice's length isn’t exactly the size of the new type
247		/// * If the slice contains an invalid bit pattern for `T`
248		#[inline]
249	0	pub fn try_from_bytes<T: CheckedBitPattern>(
250	0	s: &[u8],
251	0	) -> Result<&T, CheckedCastError> {
252	0	let pod = crate::try_from_bytes(s)?;
253
254	0	if <T as CheckedBitPattern>::is_valid_bit_pattern(pod) {
255	0	Ok(unsafe { &(pod as const <T as CheckedBitPattern>::Bits as *const T) })
256		} else {
257	0	Err(CheckedCastError::InvalidBitPattern)
258		}
259	0	}
260
261		/// Re-interprets `&mut [u8]` as `&mut T`.
262		///
263		/// ## Failure
264		///
265		/// * If the slice isn't aligned for the new type
266		/// * If the slice's length isn’t exactly the size of the new type
267		/// * If the slice contains an invalid bit pattern for `T`
268		#[inline]
269	0	pub fn try_from_bytes_mut<T: CheckedBitPattern + NoUninit>(
270	0	s: &mut [u8],
271	0	) -> Result<&mut T, CheckedCastError> {
272	0	let pod = unsafe { internal::try_from_bytes_mut(s) }?;
273
274	0	if <T as CheckedBitPattern>::is_valid_bit_pattern(pod) {
275	0	Ok(unsafe { &mut (pod as mut <T as CheckedBitPattern>::Bits as *mut T) })
276		} else {
277	0	Err(CheckedCastError::InvalidBitPattern)
278		}
279	0	}
280
281		/// Reads from the bytes as if they were a `T`.
282		///
283		/// ## Failure
284		/// * If the `bytes` length is not equal to `size_of::<T>()`.
285		/// * If the slice contains an invalid bit pattern for `T`
286		#[inline]
287	0	pub fn try_pod_read_unaligned<T: CheckedBitPattern>(
288	0	bytes: &[u8],
289	0	) -> Result<T, CheckedCastError> {
290	0	let pod = crate::try_pod_read_unaligned(bytes)?;
291
292	0	if <T as CheckedBitPattern>::is_valid_bit_pattern(&pod) {
293	0	Ok(unsafe { transmute!(pod) })
294		} else {
295	0	Err(CheckedCastError::InvalidBitPattern)
296		}
297	0	}
298
299		/// Try to cast `A` into `B`.
300		///
301		/// Note that for this particular type of cast, alignment isn't a factor. The
302		/// input value is semantically copied into the function and then returned to a
303		/// new memory location which will have whatever the required alignment of the
304		/// output type is.
305		///
306		/// ## Failure
307		///
308		/// * If the types don't have the same size this fails.
309		/// * If `a` contains an invalid bit pattern for `B` this fails.
310		#[inline]
311	0	pub fn try_cast<A: NoUninit, B: CheckedBitPattern>(
312	0	a: A,
313	0	) -> Result<B, CheckedCastError> {
314	0	let pod = crate::try_cast(a)?;
315
316	0	if <B as CheckedBitPattern>::is_valid_bit_pattern(&pod) {
317	0	Ok(unsafe { transmute!(pod) })
318		} else {
319	0	Err(CheckedCastError::InvalidBitPattern)
320		}
321	0	}
322
323		/// Try to convert a `&A` into `&B`.
324		///
325		/// ## Failure
326		///
327		/// * If the reference isn't aligned in the new type
328		/// * If the source type and target type aren't the same size.
329		/// * If `a` contains an invalid bit pattern for `B` this fails.
330		#[inline]
331	0	pub fn try_cast_ref<A: NoUninit, B: CheckedBitPattern>(
332	0	a: &A,
333	0	) -> Result<&B, CheckedCastError> {
334	0	let pod = crate::try_cast_ref(a)?;
335
336	0	if <B as CheckedBitPattern>::is_valid_bit_pattern(pod) {
337	0	Ok(unsafe { &(pod as const <B as CheckedBitPattern>::Bits as *const B) })
338		} else {
339	0	Err(CheckedCastError::InvalidBitPattern)
340		}
341	0	}
342
343		/// Try to convert a `&mut A` into `&mut B`.
344		///
345		/// As [`try_cast_ref`], but `mut`.
346		#[inline]
347	0	pub fn try_cast_mut<
348	0	A: NoUninit + AnyBitPattern,
349	0	B: CheckedBitPattern + NoUninit,
350	0	>(
351	0	a: &mut A,
352	0	) -> Result<&mut B, CheckedCastError> {
353	0	let pod = unsafe { internal::try_cast_mut(a) }?;
354
355	0	if <B as CheckedBitPattern>::is_valid_bit_pattern(pod) {
356	0	Ok(unsafe { &mut (pod as mut <B as CheckedBitPattern>::Bits as *mut B) })
357		} else {
358	0	Err(CheckedCastError::InvalidBitPattern)
359		}
360	0	}
361
362		/// Try to convert `&[A]` into `&[B]` (possibly with a change in length).
363		///
364		/// * `input.as_ptr() as usize == output.as_ptr() as usize`
365		/// * `input.len() * size_of::<A>() == output.len() * size_of::<B>()`
366		///
367		/// ## Failure
368		///
369		/// * If the target type has a greater alignment requirement and the input slice
370		/// isn't aligned.
371		/// * If the target element type is a different size from the current element
372		/// type, and the output slice wouldn't be a whole number of elements when
373		/// accounting for the size change (eg: 3 `u16` values is 1.5 `u32` values, so
374		/// that's a failure).
375		/// * If any element of the converted slice would contain an invalid bit pattern
376		/// for `B` this fails.
377		#[inline]
378	0	pub fn try_cast_slice<A: NoUninit, B: CheckedBitPattern>(
379	0	a: &[A],
380	0	) -> Result<&[B], CheckedCastError> {
381	0	let pod = crate::try_cast_slice(a)?;
382
383	0	if pod.iter().all(\|pod\| <B as CheckedBitPattern>::is_valid_bit_pattern(pod)) {
384	0	Ok(unsafe {
385	0	core::slice::from_raw_parts(pod.as_ptr() as *const B, pod.len())
386	0	})
387		} else {
388	0	Err(CheckedCastError::InvalidBitPattern)
389		}
390	0	}
391
392		/// Try to convert `&mut [A]` into `&mut [B]` (possibly with a change in
393		/// length).
394		///
395		/// As [`try_cast_slice`], but `&mut`.
396		#[inline]
397	0	pub fn try_cast_slice_mut<
398	0	A: NoUninit + AnyBitPattern,
399	0	B: CheckedBitPattern + NoUninit,
400	0	>(
401	0	a: &mut [A],
402	0	) -> Result<&mut [B], CheckedCastError> {
403	0	let pod = unsafe { internal::try_cast_slice_mut(a) }?;
404
405	0	if pod.iter().all(\|pod\| <B as CheckedBitPattern>::is_valid_bit_pattern(pod)) {
406	0	Ok(unsafe {
407	0	core::slice::from_raw_parts_mut(pod.as_mut_ptr() as *mut B, pod.len())
408	0	})
409		} else {
410	0	Err(CheckedCastError::InvalidBitPattern)
411		}
412	0	}
413
414		/// Re-interprets `&[u8]` as `&T`.
415		///
416		/// ## Panics
417		///
418		/// This is [`try_from_bytes`] but will panic on error.
419		#[inline]
420		#[cfg_attr(feature = "track_caller", track_caller)]
421	0	pub fn from_bytes<T: CheckedBitPattern>(s: &[u8]) -> &T {
422	0	match try_from_bytes(s) {
423	0	Ok(t) => t,
424	0	Err(e) => something_went_wrong("from_bytes", e),
425		}
426	0	}
427
428		/// Re-interprets `&mut [u8]` as `&mut T`.
429		///
430		/// ## Panics
431		///
432		/// This is [`try_from_bytes_mut`] but will panic on error.
433		#[inline]
434		#[cfg_attr(feature = "track_caller", track_caller)]
435	0	pub fn from_bytes_mut<T: NoUninit + CheckedBitPattern>(s: &mut [u8]) -> &mut T {
436	0	match try_from_bytes_mut(s) {
437	0	Ok(t) => t,
438	0	Err(e) => something_went_wrong("from_bytes_mut", e),
439		}
440	0	}
441
442		/// Reads the slice into a `T` value.
443		///
444		/// ## Panics
445		/// * This is like [`try_pod_read_unaligned`] but will panic on failure.
446		#[inline]
447		#[cfg_attr(feature = "track_caller", track_caller)]
448	0	pub fn pod_read_unaligned<T: CheckedBitPattern>(bytes: &[u8]) -> T {
449	0	match try_pod_read_unaligned(bytes) {
450	0	Ok(t) => t,
451	0	Err(e) => something_went_wrong("pod_read_unaligned", e),
452		}
453	0	}
454
455		/// Cast `A` into `B`
456		///
457		/// ## Panics
458		///
459		/// * This is like [`try_cast`], but will panic on a size mismatch.
460		#[inline]
461		#[cfg_attr(feature = "track_caller", track_caller)]
462	0	pub fn cast<A: NoUninit, B: CheckedBitPattern>(a: A) -> B {
463	0	match try_cast(a) {
464	0	Ok(t) => t,
465	0	Err(e) => something_went_wrong("cast", e),
466		}
467	0	}
468
469		/// Cast `&mut A` into `&mut B`.
470		///
471		/// ## Panics
472		///
473		/// This is [`try_cast_mut`] but will panic on error.
474		#[inline]
475		#[cfg_attr(feature = "track_caller", track_caller)]
476	0	pub fn cast_mut<
477	0	A: NoUninit + AnyBitPattern,
478	0	B: NoUninit + CheckedBitPattern,
479	0	>(
480	0	a: &mut A,
481	0	) -> &mut B {
482	0	match try_cast_mut(a) {
483	0	Ok(t) => t,
484	0	Err(e) => something_went_wrong("cast_mut", e),
485		}
486	0	}
487
488		/// Cast `&A` into `&B`.
489		///
490		/// ## Panics
491		///
492		/// This is [`try_cast_ref`] but will panic on error.
493		#[inline]
494		#[cfg_attr(feature = "track_caller", track_caller)]
495	0	pub fn cast_ref<A: NoUninit, B: CheckedBitPattern>(a: &A) -> &B {
496	0	match try_cast_ref(a) {
497	0	Ok(t) => t,
498	0	Err(e) => something_went_wrong("cast_ref", e),
499		}
500	0	}
501
502		/// Cast `&[A]` into `&[B]`.
503		///
504		/// ## Panics
505		///
506		/// This is [`try_cast_slice`] but will panic on error.
507		#[inline]
508		#[cfg_attr(feature = "track_caller", track_caller)]
509	0	pub fn cast_slice<A: NoUninit, B: CheckedBitPattern>(a: &[A]) -> &[B] {
510	0	match try_cast_slice(a) {
511	0	Ok(t) => t,
512	0	Err(e) => something_went_wrong("cast_slice", e),
513		}
514	0	}
515
516		/// Cast `&mut [A]` into `&mut [B]`.
517		///
518		/// ## Panics
519		///
520		/// This is [`try_cast_slice_mut`] but will panic on error.
521		#[inline]
522		#[cfg_attr(feature = "track_caller", track_caller)]
523	0	pub fn cast_slice_mut<
524	0	A: NoUninit + AnyBitPattern,
525	0	B: NoUninit + CheckedBitPattern,
526	0	>(
527	0	a: &mut [A],
528	0	) -> &mut [B] {
529	0	match try_cast_slice_mut(a) {
530	0	Ok(t) => t,
531	0	Err(e) => something_went_wrong("cast_slice_mut", e),
532		}
533	0	}