rust/zerocopy/src/ref.rs
Source file repositories/reference/linux-study-clean/rust/zerocopy/src/ref.rs
File Facts
- System
- Linux kernel
- Corpus path
rust/zerocopy/src/ref.rs- Extension
.rs- Size
- 53260 bytes
- Lines
- 1359
- Domain
- Rust Kernel Layer
- Bucket
- Rust API Membrane
- Inferred role
- Rust Kernel Layer: implementation source
- Status
- source implementation candidate
Why This File Exists
Rust-side wrappers and abstractions around kernel C APIs, ownership contracts, allocation, synchronization, and module integration.
- Rust-side wrappers and abstractions around kernel C APIs, ownership contracts, allocation, synchronization, and module integration.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
- No C-style include directives detected by the generator.
Detected Declarations
enum CastForSizedfunction pubfunction Errfunction Okfunction Errfunction Errfunction Errfunction writefunction test_mut_slice_into_reffunction test_addressfunction test_new_helperfunction test_new_helper_slicefunction test_new_aligned_sizedfunction test_new_oversizedfunction test_new_errorfunction test_into_ref_mutfunction test_display_debugfunction test_eqfunction test_nefunction test_ordfunction bench_from_bytes_sizedfunction bench_into_ref_sizedfunction bench_into_mut_sizedfunction bench_deref_sizedfunction bench_deref_mut_sized
Annotated Snippet
if let Err(err) = util::validate_aligned_to::<_, T>(bytes.deref()) {
return Err(err.with_src(bytes).into());
}
// SAFETY: We just validated size and alignment.
Ok(unsafe { Ref::new_unchecked(bytes) })
}
}
impl<B, T> Ref<B, T>
where
B: SplitByteSlice,
{
#[must_use = "has no side effects"]
pub(crate) fn sized_from_prefix(bytes: B) -> Result<(Ref<B, T>, B), CastError<B, T>> {
if bytes.len() < mem::size_of::<T>() {
return Err(SizeError::new(bytes).into());
}
if let Err(err) = util::validate_aligned_to::<_, T>(bytes.deref()) {
return Err(err.with_src(bytes).into());
}
let (bytes, suffix) = bytes.split_at(mem::size_of::<T>()).map_err(
#[inline(always)]
|b| SizeError::new(b).into(),
)?;
// SAFETY: We just validated alignment and that `bytes` is at least as
// large as `T`. `bytes.split_at(mem::size_of::<T>())?` ensures that the
// new `bytes` is exactly the size of `T`. By safety postcondition on
// `SplitByteSlice::split_at` we can rely on `split_at` to produce the
// correct `bytes` and `suffix`.
let r = unsafe { Ref::new_unchecked(bytes) };
Ok((r, suffix))
}
#[must_use = "has no side effects"]
pub(crate) fn sized_from_suffix(bytes: B) -> Result<(B, Ref<B, T>), CastError<B, T>> {
let bytes_len = bytes.len();
let split_at = if let Some(split_at) = bytes_len.checked_sub(mem::size_of::<T>()) {
split_at
} else {
return Err(SizeError::new(bytes).into());
};
let (prefix, bytes) = bytes.split_at(split_at).map_err(|b| SizeError::new(b).into())?;
if let Err(err) = util::validate_aligned_to::<_, T>(bytes.deref()) {
return Err(err.with_src(bytes).into());
}
// SAFETY: Since `split_at` is defined as `bytes_len - size_of::<T>()`,
// the `bytes` which results from `let (prefix, bytes) =
// bytes.split_at(split_at)?` has length `size_of::<T>()`. After
// constructing `bytes`, we validate that it has the proper alignment.
// By safety postcondition on `SplitByteSlice::split_at` we can rely on
// `split_at` to produce the correct `prefix` and `bytes`.
let r = unsafe { Ref::new_unchecked(bytes) };
Ok((prefix, r))
}
}
impl<B, T> Ref<B, T>
where
B: ByteSlice,
T: KnownLayout + Immutable + ?Sized,
{
/// Constructs a `Ref` from a byte slice.
///
/// If the length of `source` is not a [valid size of `T`][valid-size], or
/// if `source` is not appropriately aligned for `T`, this returns `Err`. If
/// [`T: Unaligned`][t-unaligned], you can [infallibly discard the alignment
/// error][size-error-from].
///
/// `T` may be a sized type, a slice, or a [slice DST][slice-dst].
///
/// [valid-size]: crate::KnownLayout#what-is-a-valid-size
/// [t-unaligned]: crate::Unaligned
/// [size-error-from]: error/struct.SizeError.html#method.from-1
/// [slice-dst]: KnownLayout#dynamically-sized-types
///
/// # Compile-Time Assertions
///
/// This method cannot yet be used on unsized types whose dynamically-sized
/// component is zero-sized. Attempting to use this method on such types
/// results in a compile-time assertion error; e.g.:
///
/// ```compile_fail,E0080
/// use zerocopy::*;
/// # use zerocopy_derive::*;
///
/// #[derive(Immutable, KnownLayout)]
/// #[repr(C)]
/// struct ZSTy {
/// leading_sized: u16,
Annotation
- Detected declarations: `enum CastForSized`, `function pub`, `function Err`, `function Ok`, `function Err`, `function Err`, `function Err`, `function write`, `function test_mut_slice_into_ref`, `function test_address`.
- Atlas domain: Rust Kernel Layer / Rust API Membrane.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.