zerovec/ule/
slices.rs

1// This file is part of ICU4X. For terms of use, please see the file
2// called LICENSE at the top level of the ICU4X source tree
3// (online at: https://github.com/unicode-org/icu4x/blob/main/LICENSE ).
4
5use crate::ule::*;
6
7// Safety (based on the safety checklist on the ULE trait):
8//  1. [T; N] does not include any uninitialized or padding bytes since T is ULE
9//  2. [T; N] is aligned to 1 byte since T is ULE
10//  3. The impl of validate_bytes() returns an error if any byte is not valid.
11//  4. The impl of validate_bytes() returns an error if there are leftover bytes.
12//  5. The other ULE methods use the default impl.
13//  6. [T; N] byte equality is semantic equality since T is ULE
14unsafe impl<T: ULE, const N: usize> ULE for [T; N] {
15    #[inline]
16    fn validate_bytes(bytes: &[u8]) -> Result<(), UleError> {
17        // a slice of multiple Selfs is equivalent to just a larger slice of Ts
18        T::validate_bytes(bytes)
19    }
20}
21
22impl<T: AsULE, const N: usize> AsULE for [T; N] {
23    type ULE = [T::ULE; N];
24    #[inline]
25    fn to_unaligned(self) -> Self::ULE {
26        self.map(T::to_unaligned)
27    }
28    #[inline]
29    fn from_unaligned(unaligned: Self::ULE) -> Self {
30        unaligned.map(T::from_unaligned)
31    }
32}
33
34unsafe impl<T: EqULE, const N: usize> EqULE for [T; N] {}
35
36// Safety (based on the safety checklist on the VarULE trait):
37//  1. str does not include any uninitialized or padding bytes.
38//  2. str is aligned to 1 byte.
39//  3. The impl of `validate_bytes()` returns an error if any byte is not valid.
40//  4. The impl of `validate_bytes()` returns an error if the slice cannot be used in its entirety
41//  5. The impl of `from_bytes_unchecked()` returns a reference to the same data.
42//  6. `parse_bytes()` is equivalent to `validate_bytes()` followed by `from_bytes_unchecked()`
43//  7. str byte equality is semantic equality
44unsafe impl VarULE for str {
45    #[inline]
46    fn validate_bytes(bytes: &[u8]) -> Result<(), UleError> {
47        core::str::from_utf8(bytes).map_err(|_| UleError::parse::<Self>())?;
48        Ok(())
49    }
50
51    #[inline]
52    fn parse_bytes(bytes: &[u8]) -> Result<&Self, UleError> {
53        core::str::from_utf8(bytes).map_err(|_| UleError::parse::<Self>())
54    }
55    /// Invariant: must be safe to call when called on a slice that previously
56    /// succeeded with `parse_bytes`
57    #[inline]
58    unsafe fn from_bytes_unchecked(bytes: &[u8]) -> &Self {
59        core::str::from_utf8_unchecked(bytes)
60    }
61}
62
63/// Note: VarULE is well-defined for all `[T]` where `T: ULE`, but [`ZeroSlice`] is more ergonomic
64/// when `T` is a low-level ULE type. For example:
65///
66/// ```no_run
67/// # use zerovec::ZeroSlice;
68/// # use zerovec::VarZeroVec;
69/// # use zerovec::ule::AsULE;
70/// // OK: [u8] is a useful type
71/// let _: VarZeroVec<[u8]> = unimplemented!();
72///
73/// // Technically works, but [u32::ULE] is not very useful
74/// let _: VarZeroVec<[<u32 as AsULE>::ULE]> = unimplemented!();
75///
76/// // Better: ZeroSlice<u32>
77/// let _: VarZeroVec<ZeroSlice<u32>> = unimplemented!();
78/// ```
79///
80/// [`ZeroSlice`]: crate::ZeroSlice
81// Safety (based on the safety checklist on the VarULE trait):
82//  1. [T] does not include any uninitialized or padding bytes (achieved by being a slice of a ULE type)
83//  2. [T] is aligned to 1 byte (achieved by being a slice of a ULE type)
84//  3. The impl of `validate_bytes()` returns an error if any byte is not valid.
85//  4. The impl of `validate_bytes()` returns an error if the slice cannot be used in its entirety
86//  5. The impl of `from_bytes_unchecked()` returns a reference to the same data.
87//  6. All other methods are defaulted
88//  7. `[T]` byte equality is semantic equality (achieved by being a slice of a ULE type)
89unsafe impl<T> VarULE for [T]
90where
91    T: ULE,
92{
93    #[inline]
94    fn validate_bytes(slice: &[u8]) -> Result<(), UleError> {
95        T::validate_bytes(slice)
96    }
97
98    #[inline]
99    unsafe fn from_bytes_unchecked(bytes: &[u8]) -> &Self {
100        T::slice_from_bytes_unchecked(bytes)
101    }
102}