1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198


use core::{mem, slice};

use {Error, Plain};

/// Check if a byte slice is aligned suitably for type T.
#[inline]
pub fn is_aligned<T>(bytes: &[u8]) -> bool {
    ((bytes.as_ptr() as usize) % mem::align_of::<T>()) == 0
}

#[inline(always)]
fn check_alignment<T>(bytes: &[u8]) -> Result<(), Error> {
    if is_aligned::<T>(bytes) {
        Ok(())
    } else {
        Err(Error::BadAlignment)
    }
}

#[inline(always)]
fn check_length<T>(bytes: &[u8], len: usize) -> Result<(), Error> {
    if mem::size_of::<T>() > 0 && (bytes.len() / mem::size_of::<T>()) < len {
        Err(Error::TooShort)
    } else {
        Ok(())
    }
}

/// Interpret data as bytes. Not safe for data with padding.
#[inline(always)]
pub unsafe fn as_bytes<S>(s: &S) -> &[u8]
where
    S: ?Sized,
{
    let bptr = s as *const S as *const u8;
    let bsize = mem::size_of_val(s);
    slice::from_raw_parts(bptr, bsize)
}

/// Interpret data as mutable bytes.
/// Reading is not safe for data with padding. Writing is ok.
#[inline(always)]
pub unsafe fn as_mut_bytes<S>(s: &mut S) -> &mut [u8]
where
    S: Plain + ?Sized,
{
    let bptr = s as *mut S as *mut u8;
    let bsize = mem::size_of_val(s);
    slice::from_raw_parts_mut(bptr, bsize)
}

/// Safely converts a byte slice to a reference.
///
/// However, if the byte slice is not long enough
/// to contain target type, or if it doesn't
/// satisfy the type's alignment requirements,
/// the function returns an error.
///
/// The function will not fail when the
/// byte slice is longer than necessary, since it is
/// a common practice to interpret the beginning of
/// a slice as a fixed-size header.
///
/// In many cases it is preferrable to allocate
/// a value/slice of the target type and use
/// [`copy_from_bytes()`](fn.copy_from_bytes.html) to copy
/// data instead. That way, any issues with alignment
/// are implicitly avoided.
///
#[inline]
pub fn from_bytes<T>(bytes: &[u8]) -> Result<&T, Error>
where
    T: Plain,
{
    try!(check_alignment::<T>(bytes));
    try!(check_length::<T>(bytes, 1));
    Ok(unsafe { &*(bytes.as_ptr() as *const T) })
}

/// Similar to [`from_bytes()`](fn.from_bytes.html),
/// except that the output is a slice of T, instead
/// of a reference to a single T. All concerns about
/// alignment also apply here, but size is handled
/// differently.
///
/// The result slice's length is set to be
/// `bytes.len() / size_of::<T>()`, and there
/// are no requirements for input size. I.e.
/// the result may be empty slice, and the input
/// slice doesn't necessarily have to end on `T`'s
/// boundary. The latter has pragmatic reasons: If the
/// length of the array is not known in advance,
/// e.g. if it's terminated by a special element,
/// it's perfectly legal to turn the whole rest
/// of data into `&[T]` and set the proper length
/// after inspecting the array.
///
/// In many cases it is preferrable to allocate
/// a value/slice of the target type and use
/// [`copy_from_bytes()`](fn.copy_from_bytes.html) to copy
/// data instead. That way, any issues with alignment
/// are implicitly avoided.
///
#[inline]
pub fn slice_from_bytes<T>(bytes: &[u8]) -> Result<&[T], Error>
where
    T: Plain,
{
    let len = bytes.len() / mem::size_of::<T>();
    slice_from_bytes_len(bytes, len)
}


/// Same as [`slice_from_bytes()`](fn.slice_from_bytes.html),
/// except that it takes explicit length of the result slice.
///
/// If the input slice cannot satisfy the length, returns error.
/// The input slice is allowed to be longer than necessary.
///
#[inline]
pub fn slice_from_bytes_len<T>(bytes: &[u8], len: usize) -> Result<&[T], Error>
where
    T: Plain,
{
    try!(check_alignment::<T>(bytes));
    try!(check_length::<T>(bytes, len));
    Ok(unsafe {
        slice::from_raw_parts(bytes.as_ptr() as *const T, len)
    })
}

/// See [`from_bytes()`](fn.from_bytes.html).
///
/// Does the same, except with mutable references.
///
#[inline]
pub fn from_mut_bytes<T>(bytes: &mut [u8]) -> Result<&mut T, Error>
where
    T: Plain,
{
    try!(check_alignment::<T>(bytes));
    try!(check_length::<T>(bytes, 1));
    Ok(unsafe { &mut *(bytes.as_mut_ptr() as *mut T) })
}

/// See [`slice_from_bytes()`](fn.slice_from_bytes.html).
///
/// Does the same, except with mutable references.
///
#[inline]
pub fn slice_from_mut_bytes<T>(bytes: &mut [u8]) -> Result<&mut [T], Error>
where
    T: Plain,
{
    let len = bytes.len() / mem::size_of::<T>();
    slice_from_mut_bytes_len(bytes, len)
}

/// See [`slice_from_bytes_len()`](fn.slice_from_bytes_len.html).
///
/// Does the same, except with mutable references.
///
#[inline]
pub fn slice_from_mut_bytes_len<T>(bytes: &mut [u8], len: usize) -> Result<&mut [T], Error>
where
    T: Plain,
{
    try!(check_alignment::<T>(bytes));
    try!(check_length::<T>(bytes, len));
    Ok(unsafe {
        slice::from_raw_parts_mut(bytes.as_ptr() as *mut T, len)
    })
}

/// Copies data from a byte slice into existing memory.
/// Suitable when [`from_bytes()`](fn.from_bytes.html) would normally
/// be used, but the data is not aligned properly in memory.
///
/// For an example how to use it, see crate-level documentation.
///
#[inline]
pub fn copy_from_bytes<T>(into: &mut T, bytes: &[u8]) -> Result<(), Error>
where
    T: Plain + ?Sized,
{
    let sz = mem::size_of_val(into);

    if bytes.len() < sz {
        return Err(Error::TooShort);
    }

    unsafe {
        as_mut_bytes(into).copy_from_slice(&bytes[..sz]);
    }

    Ok(())
}