Skip to content

Use ReadOnly in TryFromBytes::is_bit_valid#2873

Merged
joshlf merged 1 commit intomainfrom
G7691845b6b02e9f3d9578435d732bacfa6ca674f
Jan 27, 2026
Merged

Use ReadOnly in TryFromBytes::is_bit_valid#2873
joshlf merged 1 commit intomainfrom
G7691845b6b02e9f3d9578435d732bacfa6ca674f

Conversation

@joshlf
Copy link
Member

@joshlf joshlf commented Jan 7, 2026
edited
Loading

Previously, is_bit_valid had the signature:

fn is_bit_valid<A>(c: Ptr<'_, Self, (A, Unaligned, Initialized)>) -> bool

In this commit, we remove the A aliasing parameter and wrap Self in
ReadOnly, yielding:

fn is_bit_valid(c: Ptr<'_, ReadOnly<Self>, (Shared, Unaligned, Initialized)>) -> bool

This ensures that is_bit_valid's argument is always uconditionally
Immutable regardless of whether Self: Immutable. This solves a
number of open problems:

Makes progress on #2336

Latest Update: v93 — Compare vs v92

📚 Full Patch History

Links show the diff between the row version and the column version.

Version v92 v91 v90 v89 v88 v87 v86 v85 v84 v83 v82 v81 v80 v79 v78 v77 v76 v75 v74 v73 v72 v71 v70 v69 v68 v67 v66 v65 v64 v63 v62 v61 v60 v59 v58 v57 v56 v55 v54 v53 v52 v51 v50 v49 v48 v47 v46 v45 v44 v43 v42 v41 v40 v39 v38 v37 v36 v35 v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v93 v92 v91 v90 v89 v88 v87 v86 v85 v84 v83 v82 v81 v80 v79 v78 v77 v76 v75 v74 v73 v72 v71 v70 v69 v68 v67 v66 v65 v64 v63 v62 v61 v60 v59 v58 v57 v56 v55 v54 v53 v52 v51 v50 v49 v48 v47 v46 v45 v44 v43 v42 v41 v40 v39 v38 v37 v36 v35 v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v92 v91 Base
v91 v90 Base
v90 v89 Base
v89 v88 Base
v88 v87 Base
v87 v86 Base
v86 v85 Base
v85 v84 Base
v84 v83 Base
v83 v82 Base
v82 v81 Base
v81 v80 Base
v80 v79 Base
v79 v78 Base
v78 v77 Base
v77 v76 Base
v76 v75 Base
v75 v74 Base
v74 v73 Base
v73 v72 Base
v72 v71 Base
v71 v70 Base
v70 v69 Base
v69 v68 Base
v68 v67 Base
v67 v66 Base
v66 v65 Base
v65 v64 Base
v64 v63 Base
v63 v62 Base
v62 v61 Base
v61 v60 Base
v60 v59 Base
v59 v58 Base
v58 v57 Base
v57 v56 Base
v56 v55 Base
v55 v54 Base
v54 v53 Base
v53 v52 Base
v52 v51 Base
v51 v50 Base
v50 v49 Base
v49 v48 Base
v48 v47 Base
v47 v46 Base
v46 v45 Base
v45 v44 Base
v44 v43 Base
v43 v42 Base
v42 v41 Base
v41 v40 Base
v40 v39 Base
v39 v38 Base
v38 v37 Base
v37 v36 Base
v36 v35 Base
v35 v34 Base
v34 v33 Base
v33 v32 Base
v32 v31 Base
v31 v30 Base
v30 v29 Base
v29 v28 Base
v28 v27 Base
v27 v26 Base
v26 v25 Base
v25 v24 Base
v24 v23 Base
v23 v22 Base
v22 v21 Base
v21 v20 Base
v20 v19 Base
v19 v18 Base
v18 v17 Base
v17 v16 Base
v16 v15 Base
v15 v14 Base
v14 v13 Base
v13 v12 Base
v12 v11 Base
v11 v10 Base
v10 v9 Base
v9 v8 Base
v8 v7 Base
v7 v6 Base
v6 v5 Base
v5 v4 Base
v4 v3 Base
v3 v2 Base
v2 v1 Base
v1 Base

This was referenced Jan 7, 2026
Closed
Closed
Merged
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Jan 7, 2026

Summary of Changes

Hello @joshlf, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant refactoring to consistently use ReadOnly views when performing bit validity checks across the codebase. By updating the Maybe type alias and modifying various macros and trait implementations, the change ensures that is_bit_valid functions operate on immutable data, enhancing type safety and correctness. This also streamlines the implementation of validity checks for types like UnsafeCell and atomic types, making the system more robust.

Highlights

  • is_bit_valid Refactoring: The is_bit_valid function for UnsafeCell<T> and within the impl_for_transmute_from! macro has been simplified to directly use candidate.transmute() instead of into_exclusive_or_pme() and get_mut().
  • Maybe Type Alias Update: The Maybe type alias, which defines the argument type for TryFromBytes::is_bit_valid, now uses ReadOnly<T> instead of T, ensuring that bit validity checks operate on immutable views.
  • Macro Enhancements for ReadOnly: The impl_size_eq! and unsafe_impl_for_transparent_wrapper! macros have been extended to correctly handle ReadOnly types, including new SizeEq implementations and casting mechanisms.
  • Atomic Type Trait Refinement: The macros for implementing traits for atomic types have been split into impl_layout_traits_for_atomics! and impl_validity_traits_for_atomics!, providing a clearer separation of concerns for layout and validity traits, and incorporating the new impl_size_eq! syntax.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a ReadOnly wrapper to the Maybe type alias, which is used in is_bit_valid checks. This is a significant safety improvement, as it enforces at the type level that these checks do not perform mutations. The changes correctly propagate this new approach through various macros and implementations, and the refactoring of some macros for better clarity is appreciated. My review focuses on cleaning up some leftover commented-out code from this refactoring effort.

@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch from 81ada6e to a353963 Compare January 7, 2026 23:08
@joshlf joshlf force-pushed the Gbe8d7edd150d80731c79815685c596ed88460ae7 branch from ad978ce to ee75641 Compare January 7, 2026 23:08
@joshlf joshlf mentioned this pull request Jan 7, 2026
Closed
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch 3 times, most recently from 09a6d35 to 6ac888a Compare January 8, 2026 14:21
@codecov-commenter
Copy link

codecov-commenter commented Jan 8, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 81.08108% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 92.30%. Comparing base (b66e6cf) to head (0c202f7).

Files with missing lines Patch % Lines
src/wrappers.rs 52.00% 12 Missing ⚠️
src/macros.rs 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2873      +/-   ##
==========================================
- Coverage   92.33%   92.30%   -0.03%     
==========================================
  Files          19       19              
  Lines        5843     5849       +6     
==========================================
+ Hits         5395     5399       +4     
- Misses        448      450       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@joshlf joshlf force-pushed the Gbe8d7edd150d80731c79815685c596ed88460ae7 branch from ee75641 to 6539cee Compare January 8, 2026 15:26
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch from 6ac888a to 1b4834d Compare January 8, 2026 15:26
@joshlf joshlf force-pushed the Gbe8d7edd150d80731c79815685c596ed88460ae7 branch from 6539cee to e2f1bc3 Compare January 8, 2026 15:36
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch 2 times, most recently from c83b71f to db5ec29 Compare January 8, 2026 15:58
@joshlf joshlf force-pushed the Gbe8d7edd150d80731c79815685c596ed88460ae7 branch from e2f1bc3 to 45ff87c Compare January 8, 2026 15:58
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch from db5ec29 to 845c5e7 Compare January 8, 2026 16:54
This was referenced Jan 8, 2026
Closed
Merged
@joshlf joshlf force-pushed the Gbe8d7edd150d80731c79815685c596ed88460ae7 branch from 45ff87c to d1f62db Compare January 8, 2026 19:34
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch 3 times, most recently from b6642a7 to d0f57ea Compare January 8, 2026 19:50
@joshlf joshlf force-pushed the Gbe8d7edd150d80731c79815685c596ed88460ae7 branch from d1f62db to 65f15b8 Compare January 8, 2026 19:50
@joshlf joshlf mentioned this pull request Jan 8, 2026
Merged
@joshlf joshlf force-pushed the Gbe8d7edd150d80731c79815685c596ed88460ae7 branch from 65f15b8 to 318b671 Compare January 9, 2026 00:00
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch from d0f57ea to 6cbe1ca Compare January 9, 2026 00:00
@joshlf joshlf mentioned this pull request Jan 9, 2026
Open
@joshlf joshlf force-pushed the G06bb22c59364654d5c0b44cdcb9b70ad58fe8092 branch from f5944c4 to f0bff5b Compare January 27, 2026 18:46
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch 2 times, most recently from 7d3d321 to f83a061 Compare January 27, 2026 18:49
@joshlf joshlf force-pushed the G06bb22c59364654d5c0b44cdcb9b70ad58fe8092 branch from f0bff5b to 55cbce3 Compare January 27, 2026 18:49
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch from f83a061 to dad9c64 Compare January 27, 2026 18:55
@joshlf joshlf force-pushed the G06bb22c59364654d5c0b44cdcb9b70ad58fe8092 branch from 55cbce3 to b0b3dd7 Compare January 27, 2026 18:55
@joshlf
Copy link
Member Author

joshlf commented Jan 27, 2026

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 27, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request is a significant and welcome refactoring of the TryFromBytes::is_bit_valid method, changing its signature to use ReadOnly<Self>. This improves safety by preventing mutation within validation logic and simplifies the implementation of custom validators. The changes are extensive, touching core traits, macros, and numerous implementations. While the overall direction is excellent, I've identified a few critical issues, primarily related to type mismatches at the new is_bit_valid call sites which will likely cause compilation failures. Additionally, there's a potential unintentional breaking change regarding SizeEq implementations for atomic types that should be addressed.

I am having trouble creating individual review comments. Click here to see my feedback.

src/pointer/ptr.rs (776)

critical

This line seems to have a compile error. reborrow_shared is a method on &mut Ptr, but it's being called on a temporary Ptr value returned by transmute. A similar issue exists in try_read_from in src/lib.rs (line 3082), where c_ptr.reborrow_shared() is called, but its return type Ptr<'_, Wrapping<T>, _> doesn't match the expected Ptr<'_, ReadOnly<Wrapping<T>>, _> for is_bit_valid. These call sites might need to be adjusted to correctly construct the Maybe<...> argument for is_bit_valid.

src/impls.rs (432-435)

high

The SizeEq<$atomic> for $prim and SizeEq<$prim> for $atomic implementations have been removed. While the new SizeEq<ReadOnly<$atomic>> for ReadOnly<$prim> is necessary for the changes to is_bit_valid, the removed impls seem to still be required for other operations like transmute_ref!. For example, transmute_ref!(&AtomicU8) to &u8 would now fail to compile. Was this removal intentional? If so, it seems like a potentially breaking change. If not, these impls should probably be restored.

zerocopy-derive/tests/struct_try_from_bytes.rs (79)

medium

There seems to be a type mismatch here. is_bit_valid expects a Maybe<'_, Unsized>, which is Ptr<'_, ReadOnly<Unsized>, _>, but candidate.reborrow_shared() returns a Ptr<'_, Unsized, _>. This test will likely fail to compile.

@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch 2 times, most recently from beb77bf to 54942f9 Compare January 27, 2026 19:26
@joshlf joshlf force-pushed the G06bb22c59364654d5c0b44cdcb9b70ad58fe8092 branch 2 times, most recently from e6fb649 to a4d2ae8 Compare January 27, 2026 19:44
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch from 54942f9 to 4a46118 Compare January 27, 2026 19:44
@joshlf joshlf force-pushed the G06bb22c59364654d5c0b44cdcb9b70ad58fe8092 branch from a4d2ae8 to a98e1d0 Compare January 27, 2026 19:46
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch 2 times, most recently from 2096433 to 9477a95 Compare January 27, 2026 19:59
Base automatically changed from G06bb22c59364654d5c0b44cdcb9b70ad58fe8092 to main January 27, 2026 20:21
@joshlf
Use ReadOnly in TryFromBytes::is_bit_valid
0c202f7 
Previously, `is_bit_valid` had the signature:

```rust
fn is_bit_valid<A>(c: Ptr<'_, Self, (A, Unaligned, Initialized)>) -> bool
```

In this commit, we remove the `A` aliasing parameter and wrap `Self` in
`ReadOnly`, yielding:

```rust
fn is_bit_valid(c: Ptr<'_, ReadOnly<Self>, (Shared, Unaligned, Initialized)>) -> bool
```

This ensures that `is_bit_valid`'s argument is always uconditionally
`Immutable` regardless of whether `Self: Immutable`. This solves a
number of open problems:
- Ensures that `is_bit_valid` can never mutate its referent (#1831),
  which is important for custom validators (#1330)
- Makes it so that custom validators can be written without needing to
  be generic over aliasing, which in turn means we can support custom
  validators without exposing much of our `Ptr` machinery in our public
  API
- Allows us to support `#[derive(TryFromBytes)]` on unions without
  requiring `Self: Immutable` (#1832)
- Permits `T -> U` fallible transmutation in more cases (see #2336 for
  more details)

Makes progress on #2336

gherrit-pr-id: G7691845b6b02e9f3d9578435d732bacfa6ca674f
@joshlf joshlf force-pushed the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch from 9477a95 to 0c202f7 Compare January 27, 2026 20:21
@joshlf joshlf enabled auto-merge January 27, 2026 20:22
@joshlf joshlf added this pull request to the merge queue Jan 27, 2026
@joshlf joshlf mentioned this pull request Jan 27, 2026
Merged
Merged via the queue into main with commit a7d3fda Jan 27, 2026
105 of 124 checks passed
@joshlf joshlf deleted the G7691845b6b02e9f3d9578435d732bacfa6ca674f branch January 27, 2026 20:58
This was referenced Jan 28, 2026
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jswrenn jswrenn jswrenn approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joshlf @codecov-commenter @jswrenn