1 // Copyright 2023 The Fuchsia Authors
2 //
3 // Licensed under a BSD-style license <LICENSE-BSD>, Apache License, Version 2.0
4 // <LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0>, or the MIT
5 // license <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your option.
6 // This file may not be copied, modified, or distributed except according to
7 // those terms.
8
9 // See comment in `include.rs` for why we disable the prelude.
10 #![no_implicit_prelude]
11 #![allow(warnings)]
12
13 include!("include.rs");
14
15 // A struct is `imp::TryFromBytes` if:
16 // - all fields are `imp::TryFromBytes`
17
18 #[test]
zst()19 fn zst() {
20 // TODO(#5): Use `try_transmute` in this test once it's available.
21 let candidate = ::zerocopy::Ptr::from_ref(&());
22 let candidate = candidate.forget_aligned();
23 // SAFETY: `&()` trivially consists entirely of initialized bytes.
24 let candidate = unsafe { candidate.assume_initialized() };
25 let is_bit_valid = <() as imp::TryFromBytes>::is_bit_valid(candidate);
26 imp::assert!(is_bit_valid);
27 }
28
29 #[derive(imp::TryFromBytes)]
30 #[repr(C)]
31 struct One {
32 a: u8,
33 }
34
35 util_assert_impl_all!(One: imp::TryFromBytes);
36
37 #[test]
one()38 fn one() {
39 // TODO(#5): Use `try_transmute` in this test once it's available.
40 let candidate = ::zerocopy::Ptr::from_ref(&One { a: 42 });
41 let candidate = candidate.forget_aligned();
42 // SAFETY: `&One` consists entirely of initialized bytes.
43 let candidate = unsafe { candidate.assume_initialized() };
44 let is_bit_valid = <One as imp::TryFromBytes>::is_bit_valid(candidate);
45 imp::assert!(is_bit_valid);
46 }
47
48 #[derive(imp::TryFromBytes)]
49 #[repr(C)]
50 struct Two {
51 a: bool,
52 b: (),
53 }
54
55 util_assert_impl_all!(Two: imp::TryFromBytes);
56
57 #[test]
two()58 fn two() {
59 // TODO(#5): Use `try_transmute` in this test once it's available.
60 let candidate = ::zerocopy::Ptr::from_ref(&Two { a: false, b: () });
61 let candidate = candidate.forget_aligned();
62 // SAFETY: `&Two` consists entirely of initialized bytes.
63 let candidate = unsafe { candidate.assume_initialized() };
64 let is_bit_valid = <Two as imp::TryFromBytes>::is_bit_valid(candidate);
65 imp::assert!(is_bit_valid);
66 }
67
68 #[test]
two_bad()69 fn two_bad() {
70 // TODO(#5): Use `try_transmute` in this test once it's available.
71 let candidate = ::zerocopy::Ptr::from_ref(&[2u8][..]);
72 let candidate = candidate.forget_aligned();
73 // SAFETY: `&Two` consists entirely of initialized bytes.
74 let candidate = unsafe { candidate.assume_initialized() };
75
76 // SAFETY:
77 // - The cast preserves address and size. As a result, the cast will address
78 // the same bytes as `c`.
79 // - The cast preserves provenance.
80 // - Neither the input nor output types contain any `UnsafeCell`s.
81 let candidate = unsafe { candidate.cast_unsized_unchecked(|p| p as *mut Two) };
82
83 // SAFETY: `candidate`'s referent is as-initialized as `Two`.
84 let candidate = unsafe { candidate.assume_initialized() };
85
86 let is_bit_valid = <Two as imp::TryFromBytes>::is_bit_valid(candidate);
87 imp::assert!(!is_bit_valid);
88 }
89
90 #[derive(imp::TryFromBytes)]
91 #[repr(C)]
92 struct Unsized {
93 a: [u8],
94 }
95
96 util_assert_impl_all!(Unsized: imp::TryFromBytes);
97
98 #[test]
un_sized()99 fn un_sized() {
100 // TODO(#5): Use `try_transmute` in this test once it's available.
101 let candidate = ::zerocopy::Ptr::from_ref(&[16, 12, 42][..]);
102 let candidate = candidate.forget_aligned();
103 // SAFETY: `&Unsized` consists entirely of initialized bytes.
104 let candidate = unsafe { candidate.assume_initialized() };
105
106 // SAFETY:
107 // - The cast preserves address and size. As a result, the cast will address
108 // the same bytes as `c`.
109 // - The cast preserves provenance.
110 // - Neither the input nor output types contain any `UnsafeCell`s.
111 let candidate = unsafe { candidate.cast_unsized_unchecked(|p| p as *mut Unsized) };
112
113 // SAFETY: `candidate`'s referent is as-initialized as `Two`.
114 let candidate = unsafe { candidate.assume_initialized() };
115 let is_bit_valid = <Unsized as imp::TryFromBytes>::is_bit_valid(candidate);
116 imp::assert!(is_bit_valid);
117 }
118
119 #[derive(imp::TryFromBytes)]
120 #[repr(C)]
121 struct TypeParams<'a, T: ?imp::Sized, I: imp::Iterator> {
122 a: I::Item,
123 b: u8,
124 c: imp::PhantomData<&'a [u8]>,
125 d: imp::PhantomData<&'static str>,
126 e: imp::PhantomData<imp::String>,
127 f: T,
128 }
129
130 util_assert_impl_all!(TypeParams<'static, (), imp::IntoIter<()>>: imp::TryFromBytes);
131 util_assert_impl_all!(TypeParams<'static, util::AU16, imp::IntoIter<()>>: imp::TryFromBytes);
132 util_assert_impl_all!(TypeParams<'static, [util::AU16], imp::IntoIter<()>>: imp::TryFromBytes);
133
134 // Deriving `imp::TryFromBytes` should work if the struct has bounded parameters.
135
136 #[derive(imp::TryFromBytes)]
137 #[repr(transparent)]
138 struct WithParams<'a: 'b, 'b: 'a, T: 'a + 'b + imp::TryFromBytes, const N: usize>(
139 imp::PhantomData<&'a &'b ()>,
140 [T],
141 )
142 where
143 'a: 'b,
144 'b: 'a,
145 T: 'a + 'b + imp::TryFromBytes;
146
147 util_assert_impl_all!(WithParams<'static, 'static, u8, 42>: imp::TryFromBytes);
148
149 #[derive(imp::FromBytes)]
150 #[repr(C)]
151 struct MaybeFromBytes<T>(T);
152
153 #[test]
test_maybe_from_bytes()154 fn test_maybe_from_bytes() {
155 // When deriving `FromBytes` on a type with no generic parameters, we emit a
156 // trivial `is_bit_valid` impl that always returns true. This test confirms
157 // that we *don't* spuriously do that when generic parameters are present.
158
159 let candidate = ::zerocopy::Ptr::from_ref(&[2u8][..]);
160 let candidate = candidate.bikeshed_recall_initialized_from_bytes();
161
162 // SAFETY:
163 // - The cast preserves address and size. As a result, the cast will address
164 // the same bytes as `c`.
165 // - The cast preserves provenance.
166 // - Neither the input nor output types contain any `UnsafeCell`s.
167 let candidate = unsafe { candidate.cast_unsized_unchecked(|p| p as *mut MaybeFromBytes<bool>) };
168
169 // SAFETY: `[u8]` consists entirely of initialized bytes.
170 let candidate = unsafe { candidate.assume_initialized() };
171 let is_bit_valid = <MaybeFromBytes<bool> as imp::TryFromBytes>::is_bit_valid(candidate);
172 imp::assert!(!is_bit_valid);
173 }
174
175 #[derive(Debug, PartialEq, Eq, imp::TryFromBytes, imp::Immutable, imp::KnownLayout)]
176 #[repr(C, packed)]
177 struct CPacked {
178 a: u8,
179 // NOTE: The `u32` type is not guaranteed to have alignment 4, although it
180 // does on many platforms. However, to fix this would require a custom type
181 // with a `#[repr(align(4))]` attribute, and `#[repr(packed)]` types are not
182 // allowed to transitively contain `#[repr(align(...))]` types. Thus, we
183 // have no choice but to use `u32` here. Luckily, these tests run in CI on
184 // platforms on which `u32` has alignment 4, so this isn't that big of a
185 // deal.
186 b: u32,
187 }
188
189 #[test]
c_packed()190 fn c_packed() {
191 let candidate = &[42u8, 0xFF, 0xFF, 0xFF, 0xFF];
192 let converted = <CPacked as imp::TryFromBytes>::try_ref_from_bytes(candidate);
193 imp::assert_eq!(converted, imp::Ok(&CPacked { a: 42, b: u32::MAX }));
194 }
195
196 #[derive(imp::TryFromBytes, imp::KnownLayout, imp::Immutable)]
197 #[repr(C, packed)]
198 struct CPackedUnsized {
199 a: u8,
200 // NOTE: The `u32` type is not guaranteed to have alignment 4, although it
201 // does on many platforms. However, to fix this would require a custom type
202 // with a `#[repr(align(4))]` attribute, and `#[repr(packed)]` types are not
203 // allowed to transitively contain `#[repr(align(...))]` types. Thus, we
204 // have no choice but to use `u32` here. Luckily, these tests run in CI on
205 // platforms on which `u32` has alignment 4, so this isn't that big of a
206 // deal.
207 b: [u32],
208 }
209
210 #[test]
c_packed_unsized()211 fn c_packed_unsized() {
212 let candidate = &[42u8, 0xFF, 0xFF, 0xFF, 0xFF];
213 let converted = <CPackedUnsized as imp::TryFromBytes>::try_ref_from_bytes(candidate);
214 imp::assert!(converted.is_ok());
215 }
216
217 #[derive(imp::TryFromBytes)]
218 #[repr(packed)]
219 struct PackedUnsized {
220 a: u8,
221 // NOTE: The `u32` type is not guaranteed to have alignment 4, although it
222 // does on many platforms. However, to fix this would require a custom type
223 // with a `#[repr(align(4))]` attribute, and `#[repr(packed)]` types are not
224 // allowed to transitively contain `#[repr(align(...))]` types. Thus, we
225 // have no choice but to use `u32` here. Luckily, these tests run in CI on
226 // platforms on which `u32` has alignment 4, so this isn't that big of a
227 // deal.
228 b: [u32],
229 }
230
231 #[test]
packed_unsized()232 fn packed_unsized() {
233 let candidate = &[42u8, 0xFF, 0xFF, 0xFF, 0xFF];
234 let converted = <CPackedUnsized as imp::TryFromBytes>::try_ref_from_bytes(candidate);
235 imp::assert!(converted.is_ok());
236
237 let candidate = &[42u8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF];
238 let converted = <CPackedUnsized as imp::TryFromBytes>::try_ref_from_bytes(candidate);
239 imp::assert!(converted.is_err());
240
241 let candidate = &[42u8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF];
242 let converted = <CPackedUnsized as imp::TryFromBytes>::try_ref_from_bytes(candidate);
243 imp::assert!(converted.is_ok());
244 }
245
246 #[derive(imp::TryFromBytes)]
247 struct A;
248
249 #[derive(imp::TryFromBytes)]
250 struct B {
251 a: A,
252 }
253