// Copyright 2023 The Fuchsia Authors // // Licensed under a BSD-style license , Apache License, Version 2.0 // , or the MIT // license , at your option. // This file may not be copied, modified, or distributed except according to // those terms. // See comment in `include.rs` for why we disable the prelude. #![no_implicit_prelude] #![allow(warnings)] include!("include.rs"); // A struct is `imp::TryFromBytes` if: // - all fields are `imp::TryFromBytes` #[test] fn zst() { // TODO(#5): Use `try_transmute` in this test once it's available. let candidate = ::zerocopy::Ptr::from_ref(&()); let candidate = candidate.forget_aligned(); // SAFETY: `&()` trivially consists entirely of initialized bytes. let candidate = unsafe { candidate.assume_initialized() }; let is_bit_valid = <() as imp::TryFromBytes>::is_bit_valid(candidate); imp::assert!(is_bit_valid); } #[derive(imp::TryFromBytes)] #[repr(C)] struct One { a: u8, } util_assert_impl_all!(One: imp::TryFromBytes); #[test] fn one() { // TODO(#5): Use `try_transmute` in this test once it's available. let candidate = ::zerocopy::Ptr::from_ref(&One { a: 42 }); let candidate = candidate.forget_aligned(); // SAFETY: `&One` consists entirely of initialized bytes. let candidate = unsafe { candidate.assume_initialized() }; let is_bit_valid = ::is_bit_valid(candidate); imp::assert!(is_bit_valid); } #[derive(imp::TryFromBytes)] #[repr(C)] struct Two { a: bool, b: (), } util_assert_impl_all!(Two: imp::TryFromBytes); #[test] fn two() { // TODO(#5): Use `try_transmute` in this test once it's available. let candidate = ::zerocopy::Ptr::from_ref(&Two { a: false, b: () }); let candidate = candidate.forget_aligned(); // SAFETY: `&Two` consists entirely of initialized bytes. let candidate = unsafe { candidate.assume_initialized() }; let is_bit_valid = ::is_bit_valid(candidate); imp::assert!(is_bit_valid); } #[test] fn two_bad() { // TODO(#5): Use `try_transmute` in this test once it's available. let candidate = ::zerocopy::Ptr::from_ref(&[2u8][..]); let candidate = candidate.forget_aligned(); // SAFETY: `&Two` consists entirely of initialized bytes. let candidate = unsafe { candidate.assume_initialized() }; // SAFETY: // - The cast preserves address and size. As a result, the cast will address // the same bytes as `c`. // - The cast preserves provenance. // - Neither the input nor output types contain any `UnsafeCell`s. let candidate = unsafe { candidate.cast_unsized_unchecked(|p| p as *mut Two) }; // SAFETY: `candidate`'s referent is as-initialized as `Two`. let candidate = unsafe { candidate.assume_initialized() }; let is_bit_valid = ::is_bit_valid(candidate); imp::assert!(!is_bit_valid); } #[derive(imp::TryFromBytes)] #[repr(C)] struct Unsized { a: [u8], } util_assert_impl_all!(Unsized: imp::TryFromBytes); #[test] fn un_sized() { // TODO(#5): Use `try_transmute` in this test once it's available. let candidate = ::zerocopy::Ptr::from_ref(&[16, 12, 42][..]); let candidate = candidate.forget_aligned(); // SAFETY: `&Unsized` consists entirely of initialized bytes. let candidate = unsafe { candidate.assume_initialized() }; // SAFETY: // - The cast preserves address and size. As a result, the cast will address // the same bytes as `c`. // - The cast preserves provenance. // - Neither the input nor output types contain any `UnsafeCell`s. let candidate = unsafe { candidate.cast_unsized_unchecked(|p| p as *mut Unsized) }; // SAFETY: `candidate`'s referent is as-initialized as `Two`. let candidate = unsafe { candidate.assume_initialized() }; let is_bit_valid = ::is_bit_valid(candidate); imp::assert!(is_bit_valid); } #[derive(imp::TryFromBytes)] #[repr(C)] struct TypeParams<'a, T: ?imp::Sized, I: imp::Iterator> { a: I::Item, b: u8, c: imp::PhantomData<&'a [u8]>, d: imp::PhantomData<&'static str>, e: imp::PhantomData, f: T, } util_assert_impl_all!(TypeParams<'static, (), imp::IntoIter<()>>: imp::TryFromBytes); util_assert_impl_all!(TypeParams<'static, util::AU16, imp::IntoIter<()>>: imp::TryFromBytes); util_assert_impl_all!(TypeParams<'static, [util::AU16], imp::IntoIter<()>>: imp::TryFromBytes); // Deriving `imp::TryFromBytes` should work if the struct has bounded parameters. #[derive(imp::TryFromBytes)] #[repr(transparent)] struct WithParams<'a: 'b, 'b: 'a, T: 'a + 'b + imp::TryFromBytes, const N: usize>( imp::PhantomData<&'a &'b ()>, [T], ) where 'a: 'b, 'b: 'a, T: 'a + 'b + imp::TryFromBytes; util_assert_impl_all!(WithParams<'static, 'static, u8, 42>: imp::TryFromBytes); #[derive(imp::FromBytes)] #[repr(C)] struct MaybeFromBytes(T); #[test] fn test_maybe_from_bytes() { // When deriving `FromBytes` on a type with no generic parameters, we emit a // trivial `is_bit_valid` impl that always returns true. This test confirms // that we *don't* spuriously do that when generic parameters are present. let candidate = ::zerocopy::Ptr::from_ref(&[2u8][..]); let candidate = candidate.bikeshed_recall_initialized_from_bytes(); // SAFETY: // - The cast preserves address and size. As a result, the cast will address // the same bytes as `c`. // - The cast preserves provenance. // - Neither the input nor output types contain any `UnsafeCell`s. let candidate = unsafe { candidate.cast_unsized_unchecked(|p| p as *mut MaybeFromBytes) }; // SAFETY: `[u8]` consists entirely of initialized bytes. let candidate = unsafe { candidate.assume_initialized() }; let is_bit_valid = as imp::TryFromBytes>::is_bit_valid(candidate); imp::assert!(!is_bit_valid); } #[derive(Debug, PartialEq, Eq, imp::TryFromBytes, imp::Immutable, imp::KnownLayout)] #[repr(C, packed)] struct CPacked { a: u8, // NOTE: The `u32` type is not guaranteed to have alignment 4, although it // does on many platforms. However, to fix this would require a custom type // with a `#[repr(align(4))]` attribute, and `#[repr(packed)]` types are not // allowed to transitively contain `#[repr(align(...))]` types. Thus, we // have no choice but to use `u32` here. Luckily, these tests run in CI on // platforms on which `u32` has alignment 4, so this isn't that big of a // deal. b: u32, } #[test] fn c_packed() { let candidate = &[42u8, 0xFF, 0xFF, 0xFF, 0xFF]; let converted = ::try_ref_from_bytes(candidate); imp::assert_eq!(converted, imp::Ok(&CPacked { a: 42, b: u32::MAX })); } #[derive(imp::TryFromBytes, imp::KnownLayout, imp::Immutable)] #[repr(C, packed)] struct CPackedUnsized { a: u8, // NOTE: The `u32` type is not guaranteed to have alignment 4, although it // does on many platforms. However, to fix this would require a custom type // with a `#[repr(align(4))]` attribute, and `#[repr(packed)]` types are not // allowed to transitively contain `#[repr(align(...))]` types. Thus, we // have no choice but to use `u32` here. Luckily, these tests run in CI on // platforms on which `u32` has alignment 4, so this isn't that big of a // deal. b: [u32], } #[test] fn c_packed_unsized() { let candidate = &[42u8, 0xFF, 0xFF, 0xFF, 0xFF]; let converted = ::try_ref_from_bytes(candidate); imp::assert!(converted.is_ok()); } #[derive(imp::TryFromBytes)] #[repr(packed)] struct PackedUnsized { a: u8, // NOTE: The `u32` type is not guaranteed to have alignment 4, although it // does on many platforms. However, to fix this would require a custom type // with a `#[repr(align(4))]` attribute, and `#[repr(packed)]` types are not // allowed to transitively contain `#[repr(align(...))]` types. Thus, we // have no choice but to use `u32` here. Luckily, these tests run in CI on // platforms on which `u32` has alignment 4, so this isn't that big of a // deal. b: [u32], } #[test] fn packed_unsized() { let candidate = &[42u8, 0xFF, 0xFF, 0xFF, 0xFF]; let converted = ::try_ref_from_bytes(candidate); imp::assert!(converted.is_ok()); let candidate = &[42u8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF]; let converted = ::try_ref_from_bytes(candidate); imp::assert!(converted.is_err()); let candidate = &[42u8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF]; let converted = ::try_ref_from_bytes(candidate); imp::assert!(converted.is_ok()); } #[derive(imp::TryFromBytes)] struct A; #[derive(imp::TryFromBytes)] struct B { a: A, }