resource-bound 0.1.0

Compile-time enforcement of struct size limits and heap allocation constraints
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280

[![Crates.io](https://img.shields.io/crates/v/resource-bound)](https://crates.io/crates/resource-bound)
[![Docs.rs](https://img.shields.io/docsrs/resource-bound)](https://docs.rs/resource-bound)
[![GitHub stars](https://img.shields.io/github/stars/oop95/resource-bound)](https://github.com/oOp995/resource-bound)
[![License](https://img.shields.io/github/license/ossamaabboud/resource-bound)](https://github.com/ossamaabboud/resource-bound/blob/main/LICENSE)

 

# resource-bound


`resource-bound` is a **procedural macro crate** that enforces **compile-time resource constraints** on Rust structs.

It allows you to:

* enforce a **maximum struct size** at compile time
* **disallow heap allocation by default**
* explicitly **opt in to heap usage** when required
* catch violations **early**, with **zero runtime cost**

This crate is intentionally **conservative**, **explicit**, and **honest** about what Rust can and cannot guarantee at compile time.

---

## Motivation


In embedded, systems, and performance-critical Rust code, it is often necessary to ensure that certain data structures:

* have a **known and bounded size**
* do **not allocate on the heap** unless explicitly allowed
* fail **at compile time**, not at runtime

Rust itself does not provide a built-in way to enforce these constraints declaratively.

`resource-bound` fills this gap by providing a derive macro that performs **static checks** during compilation.

---

## What this crate guarantees


When you write:

```rust
#[derive(ResourceBound)]

#[size_limit = 32]

struct MyStruct { /* ... */ }
```

`resource-bound` guarantees at **compile time** that:

* `std::mem::size_of::<MyStruct>() <= 32`
* all field types are **explicitly approved stack-only types**
* no heap-allocating types are used **unless explicitly allowed**

All checks are performed **at compile time**. There is **no runtime overhead**.

---

## What this crate does NOT guarantee


It is important to be explicit about limitations:

* This crate does **not** detect runtime or indirect heap allocations
* This crate does **not** perform escape or alias analysis
* This crate does **not** infer allocation behavior of generic types
* This crate does **not** track allocator behavior

Heap usage is approximated by **explicit type allow-listing**, not by analysis.

If you need runtime memory tracking or allocator instrumentation, this crate is **not** the right tool.

---

## Usage


Add the dependency:

```toml
[dependencies]
resource-bound = "0.1"
```

Import the derive macro:

```rust
use resource_bound::ResourceBound;
```

---

## Example: stack-only struct


```rust
// in case of size overflow you will get compile-time error
// -> attempt to compute `0_usize - 1_usize`, which would overflow


#[derive(ResourceBound)] 

#[size_limit=32] // 32 Bytes size struct, ,if the size of fields exceeds

                 // explictly defined value, you will get compile-time error.
struct StackStruct{

    // size is exact value returned by std::mem::size_of()
    // size is 32 bytes on 64-bit targets, 24 bytes on 32-bit targets

    unit:(),

    i32value:i32,  //signed-integer   i8,i16,i32,i64,i128 are StackOnly marked

    u32value:u32,  //unsigned-integer u8,u16,u32,u64,u128 are StackOnly marked

    f32value:f32,  //flaots f32,f64 are StackOnly marked

    char_value:char,//char is StackOnly marked

    bool_value:bool, //bool is StackOnly marked

    usize_value:usize

    //std::mem::size_of::<StackStruct>() is:

    //32 bytes on 64-bit

    //24 bytes on 32-bit

    //if you try to set #[size_limit] less than the actual
    //size depending on your structure ,you will trigger a
    //compile-time error


}

```

On common platforms:

* **64-bit targets**`size_of::<StackStruct>() == 32`
* **32-bit targets**`size_of::<StackStruct>() == 24`

If the actual size exceeds `#[size_limit]`, compilation will fail.

---

## Example: heap-enabled struct


Heap allocation is **disallowed by default**.

To allow heap usage, you must opt in explicitly:

```rust
#[derive(ResourceBound)]

#[size_limit = 48] // in Bytes

#[allow_heap = true] //default is false, if you want heap explicilty opt-in 

                     // #[allow_heap = true] ,
                     //othetwise #[allow_heap = false] is the default

//lifetimes are allowed for the sake of storing ref

//generics is disable intentionally , because generic heap behaviour 
//is not guaranted at compile-time neither at runtime
//actually using generics with ResourceBound will trigger compile-error

struct HeapStruct<'a>{

    string_value:String,

    str_value:&'a str,

    box_value:Box<i32>,
}
```

This makes heap usage **visible and intentional**, while still enforcing a maximum struct size.

---

## Default behavior


* `#[allow_heap]` defaults to **false**
* heap-allocating types such as `Vec`, `String`, and `Box` are **rejected by default**
* `#[size_limit]` enforces a hard upper bound on `size_of::<Self>()`
* `#[size_limit]` enforced by the compiler, **compile-time** error if **missing**.


All violations result in **compile-time errors**.

---

## Allowed primitive types (v0.1.0)


By default, the following **primitive scalar types** are considered stack-only and allowed:

* `()`
* `bool`
* `char`
* Signed integers: `i8`, `i16`, `i32`, `i64`, `i128`
* Unsigned integers: `u8`, `u16`, `u32`, `u64`, `u128`
* Pointer-sized integers: `isize`, `usize`
* Floating-point types: `f32`, `f64`

All other types are rejected unless heap usage is explicitly enabled.

---

## Generics and lifetimes


### Lifetimes


Lifetimes are allowed:

```rust
struct RefStruct<'a> {
    value: &'a u32,
}
```

### Generics


Generic type parameters are **intentionally disallowed**:

```rust
struct Generic<T> {
    value: T,
}
```

Generic heap behavior cannot be reliably verified at compile time, so `ResourceBound` rejects generic structs by design.

---

## Diagnostics


When a constraint is violated, `resource-bound` emits **clear, targeted compile-time errors** that:

* explain what rule was violated
* point to the offending field or item
* suggest how to fix the issue

No runtime panics. No silent failures.

---

## Design philosophy


`resource-bound` follows a few core principles:

* **Explicit over implicit**
* **Conservative by default**
* **Compile-time enforcement**
* **Zero runtime cost**
* **No false guarantees**

If a property cannot be proven at compile time, it is **not assumed**.

---

## Versioning and stability


This crate is intentionally strict in its initial release.

Future versions may:

* expand the allow-list deliberately
* introduce explicit opt-in traits
* add additional compile-time checks

Breaking changes will follow semantic versioning.

---

## License


Licensed under the MIT license.

---

## Final note


`resource-bound` is designed for developers who care deeply about **predictability**, **clarity**, and **compile-time guarantees**.

If that matches your use case, this crate was built for you.
#