[WIP] Introduce TryFromBytes::Uninit

[jswrenn]

---

• 👉 [WIP] Introduce TryFromBytes::Uninit #3021
• 　  [wip] Introduce Ptr::project_map #2984
• 　  [WIP] Introduce compound Ptr validity #2966

Latest Update: v3 — Compare vs v2

📚 Full Patch History

Links show the diff between the row version and the column version.

Version	v2	v1	Base
v3	vs v2	vs v1	vs Base
v2		vs v1	vs Base
v1			vs Base

⬇️ Download this PR

Branch

git fetch origin refs/heads/Geec83fc8d47be6b2e51a15b84a2735bbc909ce68 && git checkout -b pr-Geec83fc8d47be6b2e51a15b84a2735bbc909ce68 FETCH_HEAD

Checkout

git fetch origin refs/heads/Geec83fc8d47be6b2e51a15b84a2735bbc909ce68 && git checkout FETCH_HEAD

Cherry Pick

git fetch origin refs/heads/Geec83fc8d47be6b2e51a15b84a2735bbc909ce68 && git cherry-pick FETCH_HEAD

Pull

git pull origin refs/heads/Geec83fc8d47be6b2e51a15b84a2735bbc909ce68

Stacked PRs enabled by GHerrit.

[gemini-code-assist]

Summary of Changes

Hello @jswrenn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request lays the groundwork for more precise handling of uninitialized memory within the zerocopy crate by introducing an Uninit associated type to the TryFromBytes trait. This change allows for explicit declaration of how a type behaves when its underlying bytes are uninitialized, which is a critical step for ensuring memory safety in low-level byte-to-type conversions. The modifications span the trait definition, macro system, and existing implementations, setting the stage for future refinements and audits of these new Uninit declarations.

Highlights

• New Associated Type TryFromBytes::Uninit: Introduced a new associated type, Uninit, to the TryFromBytes trait, which is intended to describe the validity of a type in an uninitialized state.
• Macro System Updates: Updated the unsafe_impl! macro and related helper macros (impl_for_transmute_from!, unsafe_impl_for_power_set!) to support the specification and propagation of this new Uninit associated type.
• Propagation to Existing Implementations: Applied the Uninit type to numerous existing TryFromBytes implementations for various primitive types, pointers, arrays, slices, and other composite structures, often with TODO comments indicating areas for future auditing.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• src/impls.rs
  • Modified TryFromBytes implementations for bool, char, str, NonZero types, Option wrappers, PhantomData, CoreMaybeUninit, UnsafeCell, arrays, slices, and raw pointers to include the type Uninit = crate::invariant::Uninit; declaration.
  • Introduced a module-level Uninit type alias within the tuples module for use in tuple implementations.
• src/lib.rs
  • Added the type Uninit; associated type to the pub unsafe trait TryFromBytes definition.
• src/util/macros.rs
  • Updated the unsafe_impl! macro to parse and include the type Uninit = $uninit_state:ty; syntax in trait implementations.
  • Adjusted impl_for_transmute_from! and unsafe_impl_for_power_set! macros to correctly handle the new Uninit type parameter.
  • Added a default type Uninit = crate::invariant::Uninit; to TryFromBytes implementations generated by the unsafe_impl! macro when Uninit is not explicitly provided.
• src/wrappers.rs
  • Updated TryFromBytes implementations for Unalign<T> and ReadOnly<T> to include type Uninit = crate::invariant::Uninit;.

Activity

• This pull request is marked as [WIP], indicating that it is still under active development and not yet ready for final review or merge.
• The description notes that it was automatically generated by GHerrit and links to related issues (#3021, #2984, #2966), suggesting it's part of a broader feature or refactoring effort.
• The presence of numerous TODO comments throughout the code, specifically regarding the auditing of the newly introduced Uninit type, further confirms that this is an initial implementation requiring subsequent review and potential adjustments.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new associated type Uninit to the TryFromBytes trait, which is a significant step towards more fine-grained validity tracking. The changes propagate this new type through various trait implementations and macros. My review focuses on a few places where the Uninit type is being set to a default placeholder but should instead be inherited from an inner or representation type. These changes will improve the correctness of the new validity system.

[gemini-code-assist]

The Uninit associated type for a type that is TransmuteFrom<Repr> should be inherited from its representation Repr. Currently, it's hardcoded to crate::invariant::Uninit, which is incorrect if Repr has a more complex Uninit type (e.g., if it's a tuple).

Suggested change

	// TODO: Audit this `Uninit`
	type Uninit = crate::invariant::Uninit;
	type Uninit = <$repr as $crate::TryFromBytes>::Uninit;

[gemini-code-assist]

Since Unalign<T> has the same bit validity as T and its is_bit_valid implementation delegates to T, its Uninit associated type should also be inherited from T.

Suggested change

	// TODO: Is this the `Uninit` we want here?
	type Uninit = crate::invariant::Uninit;
	type Uninit = <T as crate::TryFromBytes>::Uninit;

[gemini-code-assist]

ReadOnly<T> is a transparent wrapper, and its is_bit_valid implementation delegates to T. Therefore, its Uninit associated type should be inherited from T as well.

Suggested change

	// TODO: Is this the `Uninit` we want here?
	type Uninit = crate::invariant::Uninit;
	type Uninit = <T as crate::TryFromBytes>::Uninit;