-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce custom derive for ByteValued/replace ByteValued with zerocopy #246
Comments
rust-vmm/vhost#215 and rust-vmm/vhost#208 are an examples where this would have helped. The helper should probably also check that the types of the fields are only integeral types that can be safely assigning from byte slices. Checking repr(C) would also help. |
As @roypat suggested on #274, there is https://docs.rs/zerocopy/latest/zerocopy that may be useful here. However, it only allows (de)serializing from and to &[u8]. That does not work for our volatile memory scenarios. But maybe one could contribute a pointer based API towards that crate? 🤔 |
I don't think we'd need a pointer based API for zerocopy, our |
It seems that rust-vmm/acpi_tables has done the switch from I think doing this can be a good first step towards reducing our confusing jungle of traits |
Ah. You are right. I misunderstood the API. I thought that it would require an additional copy from the slice to the object. But it just turns a reference to a slice into a reference to a struct instance. So we can just copy to a slice and then use zerocopy. |
I have a crate that solves this without requiring any procedural macros. |
This means we don't have to reason about when it's safe to implement `ByteValued`, as `zerocopy` gives us derives for `FromBytes` and `AsBytes` that are safe to use. Closes rust-vmm#246 Signed-off-by: Patrick Roy <[email protected]>
ByteValued
is an unsafe trait and implementing it is tricky with the padding requirement. But I think it can be autoderived.Basically, a custom derive that does two things:
const __ASSERT_SIZES_Foo: [(); mem::size_of::<Foo>()] = [(); mem::size_of::<Field1>() + mem::size_of::<Field2>() + ...] ] ]
to assert that there is no paddingThis might significantly reduce the amount of
unsafe
needed by crate users.The text was updated successfully, but these errors were encountered: