[][src]Trait bytemuck::Contiguous

pub unsafe trait Contiguous: Copy + 'static {
    type Int: Copy + Ord;

    const MAX_VALUE: Self::Int;
    const MIN_VALUE: Self::Int;
    fn from_integer(value: Self::Int) -> Option<Self> { ... }
fn into_integer(self) -> Self::Int { ... } }

A trait indicating that:

  1. A type has an equivalent representation to some known integral type.
  2. All instances of this type fall in a fixed range of values.
  3. Within that range, there are no gaps.

This is generally useful for fieldless enums (aka "c-style" enums), however it's important that it only be used for those with an explicit #[repr], as #[repr(Rust)] fieldess enums have an unspecified layout.

Additionally, you shouldn't assume that all implementations are enums. Any type which meets the requirements above while following the rules under "Safety" below is valid.

Example

#[repr(u8)]
#[derive(Debug, Copy, Clone, PartialEq)]
enum Foo {
  A = 0,
  B = 1,
  C = 2,
  D = 3,
  E = 4,
}
unsafe impl Contiguous for Foo {
  type Int = u8;
  const MIN_VALUE: u8 = Foo::A as u8;
  const MAX_VALUE: u8 = Foo::E as u8;
}
assert_eq!(Foo::from_integer(3).unwrap(), Foo::D);
assert_eq!(Foo::from_integer(8), None);
assert_eq!(Foo::C.into_integer(), 2);

Safety

This is an unsafe trait, and incorrectly implementing it is undefined behavior.

Informally, by implementing it, you're asserting that C is identical to the integral type C::Int, and that every C falls between C::MIN_VALUE and C::MAX_VALUE exactly once, without any gaps.

Precisely, the guarantees you must uphold when implementing Contiguous for some type C are:

  1. The size of C and C::Int must be the same, and neither may be a ZST. (Note: alignment is explicitly allowed to differ)

  2. C::Int must be a primitive integer, and not a wrapper type. In the future, this may be lifted to include cases where the behavior is identical for a relevant set of traits (Ord, arithmetic, ...).

  3. All C::Ints which are in the inclusive range between C::MIN_VALUE and C::MAX_VALUE are bitwise identical to unique valid instances of C.

  4. There exist no instances of C such that their bitpatterns, when interpreted as instances of C::Int, fall outside of the MAX_VALUE / MIN_VALUE range -- It is legal for unsafe code to assume that if it gets a C that implements Contiguous, it is in the appropriate range.

  5. Finally, you promise not to provide overridden implementations of Contiguous::from_integer and Contiguous::into_integer.

For clarity, the following rules could be derived from the above, but are listed explicitly:

  • C::MAX_VALUE must be greater or equal to C::MIN_VALUE (therefore, C must be an inhabited type).

  • There exist no two values between MIN_VALUE and MAX_VALUE such that when interpreted as a C they are considered identical (by, say, match).

Associated Types

type Int: Copy + Ord

The primitive integer type with an identical representation to this type.

Contiguous is broadly intended for use with fieldless enums, and for these the correct integer type is easy: The enum should have a #[repr(Int)] or #[repr(C)] attribute, (if it does not, it is unsound to implement Contiguous!).

  • For #[repr(Int)], use the listed Int. e.g. #[repr(u8)] should use type Int = u8.

  • For #[repr(C)], use whichever type the C compiler will use to represent the given enum. This is usually c_int (from std::os::raw or libc), but it's up to you to make the determination as the implementer of the unsafe trait.

For precise rules, see the list under "Safety" above.

Loading content...

Associated Constants

const MAX_VALUE: Self::Int

The upper inclusive bound for valid instances of this type.

const MIN_VALUE: Self::Int

The lower inclusive bound for valid instances of this type.

Loading content...

Provided methods

fn from_integer(value: Self::Int) -> Option<Self>

If value is within the range for valid instances of this type, returns Some(converted_value), otherwise, returns None.

This is a trait method so that you can write value.into_integer() in your code. It is a contract of this trait that if you implement Contiguous on your type you must not override this method.

Panics

We will not panic for any correct implementation of Contiguous, but may panic if we detect an incorrect one.

This is undefined behavior regardless, so it could have been the nasal demons at that point anyway ;).

fn into_integer(self) -> Self::Int

Perform the conversion from C into the underlying integral type. This mostly exists otherwise generic code would need unsafe for the value as integer

This is a trait method so that you can write value.into_integer() in your code. It is a contract of this trait that if you implement Contiguous on your type you must not override this method.

Panics

We will not panic for any correct implementation of Contiguous, but may panic if we detect an incorrect one.

This is undefined behavior regardless, so it could have been the nasal demons at that point anyway ;).

Loading content...

Implementations on Foreign Types

impl Contiguous for NonZeroU8[src]

type Int = u8

impl Contiguous for NonZeroU16[src]

type Int = u16

impl Contiguous for NonZeroU32[src]

type Int = u32

impl Contiguous for NonZeroU64[src]

type Int = u64

impl Contiguous for NonZeroU128[src]

type Int = u128

impl Contiguous for NonZeroUsize[src]

type Int = usize

Loading content...

Implementors

impl Contiguous for bool[src]

type Int = u8

impl Contiguous for i8[src]

type Int = i8

impl Contiguous for i16[src]

type Int = i16

impl Contiguous for i32[src]

type Int = i32

impl Contiguous for i64[src]

type Int = i64

impl Contiguous for i128[src]

type Int = i128

impl Contiguous for isize[src]

type Int = isize

impl Contiguous for u8[src]

type Int = u8

impl Contiguous for u16[src]

type Int = u16

impl Contiguous for u32[src]

type Int = u32

impl Contiguous for u64[src]

type Int = u64

impl Contiguous for u128[src]

type Int = u128

impl Contiguous for usize[src]

type Int = usize

Loading content...