Teach transmute_{ref,mut}! to handle slice DSTs

TODO:
- Figure out how to make this backwards-compatible (since current macros
  work with `T: Sized`, but `T: Sized` does not imply `T: KnownLayout`)
- Make it so that `Sized` bounds are still enforced on older toolchains
  that don't support slice DST transmutes
- Write safety comments
- Get rid of now-unused macros and functions in util::macro_util

Makes progress on #1817

gherrit-pr-id: Ib4bc62202e0b3b09d155333b525087f7aa8f02c2

Author: joshlf

src/macros.rs

@@ -182,22 +182,15 @@ macro_rules! transmute_ref {
             // this macro expression is `&U` where `U: 'u + Sized + FromBytes +
             // Immutable`, and that `'t` outlives `'u`.
 
-            struct AssertSrcIsSized<'a, T: ::core::marker::Sized>(&'a T);
             struct AssertSrcIsIntoBytes<'a, T: ?::core::marker::Sized + $crate::IntoBytes>(&'a T);
             struct AssertSrcIsImmutable<'a, T: ?::core::marker::Sized + $crate::Immutable>(&'a T);
-            struct AssertDstIsSized<'a, T: ::core::marker::Sized>(&'a T);
             struct AssertDstIsFromBytes<'a, U: ?::core::marker::Sized + $crate::FromBytes>(&'a U);
             struct AssertDstIsImmutable<'a, T: ?::core::marker::Sized + $crate::Immutable>(&'a T);
 
-            let _ = AssertSrcIsSized(e);
             let _ = AssertSrcIsIntoBytes(e);
             let _ = AssertSrcIsImmutable(e);
 
             if true {
-                #[allow(unused, unreachable_code)]
-                let u = AssertDstIsSized(loop {});
-                u.0
-            } else if true {
                 #[allow(unused, unreachable_code)]
                 let u = AssertDstIsFromBytes(loop {});
                 u.0
@@ -206,36 +199,13 @@ macro_rules! transmute_ref {
                 let u = AssertDstIsImmutable(loop {});
                 u.0
             }
-        } else if false {
-            // This branch, though never taken, ensures that `size_of::<T>() ==
-            // size_of::<U>()` and that that `align_of::<T>() >=
-            // align_of::<U>()`.
-
-            // `t` is inferred to have type `T` because it's assigned to `e` (of
-            // type `&T`) as `&t`.
-            let mut t = loop {};
-            e = &t;
-
-            // `u` is inferred to have type `U` because it's used as `&u` as the
-            // value returned from this branch.
-            let u;
-
-            $crate::assert_size_eq!(t, u);
-            $crate::assert_align_gt_eq!(t, u);
-
-            &u
         } else {
-            // SAFETY: For source type `Src` and destination type `Dst`:
-            // - We know that `Src: IntoBytes + Immutable` and `Dst: FromBytes +
-            //   Immutable` thanks to the uses of `AssertSrcIsIntoBytes`,
-            //   `AssertSrcIsImmutable`, `AssertDstIsFromBytes`, and
-            //   `AssertDstIsImmutable` above.
-            // - We know that `size_of::<Src>() == size_of::<Dst>()` thanks to
-            //   the use of `assert_size_eq!` above.
-            // - We know that `align_of::<Src>() >= align_of::<Dst>()` thanks to
-            //   the use of `assert_align_gt_eq!` above.
-            let u = unsafe { $crate::util::macro_util::transmute_ref(e) };
-            $crate::util::macro_util::must_use(u)
+            use $crate::util::macro_util::TransmuteRefDst;
+            let t = $crate::util::macro_util::Wrap(e);
+            // SAFETY: todo
+            unsafe {
+                t.transmute_ref()
+            }
         }
     }}
 }
@@ -334,26 +304,18 @@ macro_rules! transmute_mut {
             // writing, mutable references are banned), the error message
             // appears to originate in the user's code rather than in the
             // internals of this macro.
-            struct AssertSrcIsSized<'a, T: ::core::marker::Sized>(&'a T);
             struct AssertSrcIsFromBytes<'a, T: ?::core::marker::Sized + $crate::FromBytes>(&'a T);
             struct AssertSrcIsIntoBytes<'a, T: ?::core::marker::Sized + $crate::IntoBytes>(&'a T);
-            struct AssertDstIsSized<'a, T: ::core::marker::Sized>(&'a T);
             struct AssertDstIsFromBytes<'a, T: ?::core::marker::Sized + $crate::FromBytes>(&'a T);
             struct AssertDstIsIntoBytes<'a, T: ?::core::marker::Sized + $crate::IntoBytes>(&'a T);
 
             if true {
-                let _ = AssertSrcIsSized(&*e);
-            } else if true {
                 let _ = AssertSrcIsFromBytes(&*e);
             } else {
                 let _ = AssertSrcIsIntoBytes(&*e);
             }
 
             if true {
-                #[allow(unused, unreachable_code)]
-                let u = AssertDstIsSized(loop {});
-                &mut *u.0
-            } else if true {
                 #[allow(unused, unreachable_code)]
                 let u = AssertDstIsFromBytes(loop {});
                 &mut *u.0
@@ -362,32 +324,13 @@ macro_rules! transmute_mut {
                 let u = AssertDstIsIntoBytes(loop {});
                 &mut *u.0
             }
-        } else if false {
-            // This branch, though never taken, ensures that `size_of::<T>() ==
-            // size_of::<U>()` and that that `align_of::<T>() >=
-            // align_of::<U>()`.
-
-            // `t` is inferred to have type `T` because it's assigned to `e` (of
-            // type `&mut T`) as `&mut t`.
-            let mut t = loop {};
-            e = &mut t;
-
-            // `u` is inferred to have type `U` because it's used as `&mut u` as
-            // the value returned from this branch.
-            let u;
-
-            $crate::assert_size_eq!(t, u);
-            $crate::assert_align_gt_eq!(t, u);
-
-            &mut u
         } else {
-            // SAFETY: For source type `Src` and destination type `Dst`:
-            // - We know that `size_of::<Src>() == size_of::<Dst>()` thanks to
-            //   the use of `assert_size_eq!` above.
-            // - We know that `align_of::<Src>() >= align_of::<Dst>()` thanks to
-            //   the use of `assert_align_gt_eq!` above.
-            let u = unsafe { $crate::util::macro_util::transmute_mut(e) };
-            $crate::util::macro_util::must_use(u)
+            use $crate::util::macro_util::TransmuteMutDst;
+            let t = $crate::util::macro_util::Wrap(e);
+            // SAFETY: todo
+            unsafe {
+                t.transmute_mut()
+            }
         }
     }}
 }
@@ -1038,6 +981,18 @@ mod tests {
         assert_eq!(x.into_inner(), 1);
     }
 
+    // A `Sized` type which doesn't implement `KnownLayout` (it is "not
+    // `KnownLayout`", or `Nkl`).
+    //
+    // This permits us to test that `transmute_ref!` and `transmute_mut!` work
+    // for types which are `Sized + !KnownLayout`. When we added support for
+    // slice DSTs in #1924, this new support relied on `KnownLayout`, but we
+    // need to make sure to remain backwards-compatible with code which ueses
+    // these macros with types which are `!KnownLayout`.
+    #[derive(FromBytes, IntoBytes, Immutable, PartialEq, Eq, Debug)]
+    #[repr(transparent)]
+    struct Nkl<T>(T);
+
     #[test]
     fn test_transmute_ref() {
         // Test that memory is transmuted as expected.
@@ -1055,6 +1010,39 @@ mod tests {
         const X: &'static [[u8; 2]; 4] = transmute_ref!(&ARRAY_OF_U8S);
         assert_eq!(*X, ARRAY_OF_ARRAYS);
 
+        // Call through a generic function to make sure our autoref
+        // specialization trick works even when types are generic.
+        const fn transmute_ref<T, U>(t: &T) -> &U
+        where
+            T: IntoBytes + Immutable,
+            U: FromBytes + Immutable,
+        {
+            transmute_ref!(t)
+        }
+
+        // Test that `transmute_ref!` supports non-`KnownLayout` `Sized` types.
+        const ARRAY_OF_NKL_U8S: Nkl<[u8; 8]> = Nkl([0u8, 1, 2, 3, 4, 5, 6, 7]);
+        const ARRAY_OF_NKL_ARRAYS: Nkl<[[u8; 2]; 4]> = Nkl([[0, 1], [2, 3], [4, 5], [6, 7]]);
+        const X_NKL: &Nkl<[[u8; 2]; 4]> = transmute_ref(&ARRAY_OF_NKL_U8S);
+        assert_eq!(*X_NKL, ARRAY_OF_NKL_ARRAYS);
+
+        // Test that `transmute_ref!` works on slice DSTs in and that memory is
+        // transmuted as expected.
+        #[derive(KnownLayout, Immutable, FromBytes, IntoBytes, PartialEq, Debug)]
+        #[repr(C)]
+        struct SliceDst<T> {
+            a: u8,
+            b: [T],
+        }
+
+        use crate::byteorder::native_endian::U16;
+        let slice_dst_of_u8s =
+            SliceDst::<[u8; 2]>::ref_from_bytes(&[0, 1, 2, 3, 4, 5, 6][..]).unwrap();
+        let slice_dst_of_u16s =
+            SliceDst::<U16>::ref_from_bytes(&[0, 1, 2, 3, 4, 5, 6][..]).unwrap();
+        let x: &SliceDst<U16> = transmute_ref!(slice_dst_of_u8s);
+        assert_eq!(x, slice_dst_of_u16s);
+
         // Test that it's legal to transmute a reference while shrinking the
         // lifetime (note that `X` has the lifetime `'static`).
         let x: &[u8; 8] = transmute_ref!(X);
@@ -1198,6 +1186,15 @@ mod tests {
             let x: &mut [u8; 8] = transmute_mut!(&mut array_of_arrays);
             assert_eq!(*x, array_of_u8s);
         }
+
+        // Test that `transmute_mut!` supports non-`KnownLayout` types.
+        let mut array_of_u8s = Nkl([0u8, 1, 2, 3, 4, 5, 6, 7]);
+        let mut array_of_arrays = Nkl([[0, 1], [2, 3], [4, 5], [6, 7]]);
+        let x: &mut Nkl<[[u8; 2]; 4]> = transmute_mut!(&mut array_of_u8s);
+        assert_eq!(*x, array_of_arrays);
+        let x: &mut Nkl<[u8; 8]> = transmute_mut!(&mut array_of_arrays);
+        assert_eq!(*x, array_of_u8s);
+
         // Test that `transmute_mut!` supports decreasing alignment.
         let mut u = AU64(0);
         let array = [0, 0, 0, 0, 0, 0, 0, 0];
@@ -1209,6 +1206,30 @@ mod tests {
         #[allow(clippy::useless_transmute)]
         let y: &u8 = transmute_mut!(&mut x);
         assert_eq!(*y, 0);
+
+        // Test that `transmute_mut!` works on slice DSTs in and that memory is
+        // transmuted as expected.
+        #[derive(KnownLayout, Immutable, FromBytes, IntoBytes, PartialEq, Debug)]
+        #[repr(C)]
+        struct SliceDst<T> {
+            a: u8,
+            b: [T],
+        }
+
+        use crate::byteorder::native_endian::U16;
+        let mut bytes = [0, 1, 2, 3, 4, 5, 6];
+        let slice_dst_of_u8s = SliceDst::<[u8; 2]>::mut_from_bytes(&mut bytes[..]).unwrap();
+        let mut bytes = [0, 1, 2, 3, 4, 5, 6];
+        let slice_dst_of_u16s = SliceDst::<U16>::mut_from_bytes(&mut bytes[..]).unwrap();
+        let x: &mut SliceDst<U16> = transmute_mut!(slice_dst_of_u8s);
+        assert_eq!(x, slice_dst_of_u16s);
+
+        // Test that `transmute_mut!` works on slices that memory is transmuted
+        // as expected.
+        let array_of_u16s: &mut [u16] = &mut [0u16, 1, 2];
+        let array_of_i16s: &mut [i16] = &mut [0i16, 1, 2];
+        let x: &mut [i16] = transmute_mut!(array_of_u16s);
+        assert_eq!(x, array_of_i16s);
     }
 
     #[test]