[PATCH v2 08/14] rust: do not use MaybeUninit::zeroed()

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: berrange@redhat.com, kwolf@redhat.com, junjie.mao@hotmail.com,
	manos.pitsidianakis@linaro.org
Subject: [PATCH v2 08/14] rust: do not use MaybeUninit::zeroed()
Date: Tue, 22 Oct 2024 12:09:49 +0200	[thread overview]
Message-ID: <20241022100956.196657-9-pbonzini@redhat.com> (raw)
In-Reply-To: <20241022100956.196657-1-pbonzini@redhat.com>

MaybeUninit::zeroed() is handy is not available as a "const" function until
Rust 1.75.0.

Remove the default implemntation of Zeroable::ZERO, and write by hand
the definitions for those types that need it.  It may be possible to
add automatic implementation of the trait, via a procedural macro and/or
a trick similar to offset_of!, but do it the easy way for now.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 rust/qemu-api/src/zeroable.rs | 91 +++++++++++++++++++++++++++++------
 1 file changed, 77 insertions(+), 14 deletions(-)

diff --git a/rust/qemu-api/src/zeroable.rs b/rust/qemu-api/src/zeroable.rs
index 45ec95c9f70..13cdb2ccba5 100644
--- a/rust/qemu-api/src/zeroable.rs
+++ b/rust/qemu-api/src/zeroable.rs
@@ -1,23 +1,86 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 
+use std::ptr;
+
 /// Encapsulates the requirement that
-/// `MaybeUninit::<Self>::zeroed().assume_init()` does not cause
-/// undefined behavior.
+/// `MaybeUninit::<Self>::zeroed().assume_init()` does not cause undefined
+/// behavior.  This trait in principle could be implemented as just:
+///
+/// ```
+///     const ZERO: Self = unsafe {
+///         ::core::mem::MaybeUninit::<$crate::bindings::Property>::zeroed().assume_init()
+///     },
+/// ```
+///
+/// The need for a manual implementation is only because `zeroed()` cannot
+/// be used as a `const fn` prior to Rust 1.75.0. Once we can assume a new
+/// enough version of the compiler, we could provide a `#[derive(Zeroable)]`
+/// macro to check at compile-time that all struct fields are Zeroable, and
+/// use the above blanket implementation of the `ZERO` constant.
 ///
 /// # Safety
 ///
-/// Do not add this trait to a type unless all-zeroes is
-/// a valid value for the type.  In particular, remember that raw
-/// pointers can be zero, but references and `NonNull<T>` cannot
-/// unless wrapped with `Option<>`.
+/// Because the implementation of `ZERO` is manual, it does not make
+/// any assumption on the safety of `zeroed()`.  However, other users of the
+/// trait could use it that way.  Do not add this trait to a type unless
+/// all-zeroes is a valid value for the type.  In particular, remember that
+/// raw pointers can be zero, but references and `NonNull<T>` cannot
 pub unsafe trait Zeroable: Default {
-    /// SAFETY: If the trait was added to a type, then by definition
-    /// this is safe.
-    const ZERO: Self = unsafe { ::core::mem::MaybeUninit::<Self>::zeroed().assume_init() };
+    const ZERO: Self;
 }
 
-unsafe impl Zeroable for crate::bindings::Property__bindgen_ty_1 {}
-unsafe impl Zeroable for crate::bindings::Property {}
-unsafe impl Zeroable for crate::bindings::VMStateDescription {}
-unsafe impl Zeroable for crate::bindings::MemoryRegionOps__bindgen_ty_1 {}
-unsafe impl Zeroable for crate::bindings::MemoryRegionOps__bindgen_ty_2 {}
+unsafe impl Zeroable for crate::bindings::Property__bindgen_ty_1 {
+    const ZERO: Self = Self { i: 0 };
+}
+
+unsafe impl Zeroable for crate::bindings::Property {
+    const ZERO: Self = Self {
+        name: ptr::null(),
+        info: ptr::null(),
+        offset: 0,
+        bitnr: 0,
+        bitmask: 0,
+        set_default: false,
+        defval: Zeroable::ZERO,
+        arrayoffset: 0,
+        arrayinfo: ptr::null(),
+        arrayfieldsize: 0,
+        link_type: ptr::null(),
+    };
+}
+
+unsafe impl Zeroable for crate::bindings::VMStateDescription {
+    const ZERO: Self = Self {
+        name: ptr::null(),
+        unmigratable: false,
+        early_setup: false,
+        version_id: 0,
+        minimum_version_id: 0,
+        priority: crate::bindings::MigrationPriority::MIG_PRI_DEFAULT,
+        pre_load: None,
+        post_load: None,
+        pre_save: None,
+        post_save: None,
+        needed: None,
+        dev_unplug_pending: None,
+        fields: ptr::null(),
+        subsections: ptr::null(),
+    };
+}
+
+unsafe impl Zeroable for crate::bindings::MemoryRegionOps__bindgen_ty_1 {
+    const ZERO: Self = Self {
+        min_access_size: 0,
+        max_access_size: 0,
+        unaligned: false,
+        accepts: None,
+    };
+}
+
+unsafe impl Zeroable for crate::bindings::MemoryRegionOps__bindgen_ty_2 {
+    const ZERO: Self = Self {
+        min_access_size: 0,
+        max_access_size: 0,
+        unaligned: false,
+    };
+}
-- 
2.46.2

next prev parent reply	other threads:[~2024-10-22 10:12 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-22 10:09 [PATCH v2 00/14] rust: allow older versions of rustc and bindgen Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 01/14] rust: patch bilge-impl to allow compilation with 1.63.0 Paolo Bonzini
2024-10-24  2:12   ` Junjie Mao
2024-10-24 10:43   ` Alex Bennée
2024-10-22 10:09 ` [PATCH v2 02/14] rust: fix cfgs of proc-macro2 for 1.63.0 Paolo Bonzini
2024-10-24  2:33   ` Junjie Mao
2024-10-24  9:02     ` Paolo Bonzini
2024-10-24  9:09       ` Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 03/14] rust: use std::os::raw instead of core::ffi Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 04/14] rust: introduce a c_str macro Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 05/14] rust: silence unknown warnings for the sake of old compilers Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 06/14] rust: synchronize dependencies between subprojects and Cargo.lock Paolo Bonzini
2024-10-24  2:53   ` Junjie Mao
2024-10-24  9:04     ` Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 07/14] rust: introduce alternative implementation of offset_of! Paolo Bonzini
2024-10-22 10:09 ` Paolo Bonzini [this message]
2024-10-22 10:09 ` [PATCH v2 09/14] rust: clean up detection of the language Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 10/14] rust: allow version 1.63.0 of rustc Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 11/14] rust: do not use --generate-cstr Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 12/14] rust: allow older version of bindgen Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 13/14] rust: make rustfmt optional Paolo Bonzini
2024-10-22 10:09 ` [PATCH v2 14/14] dockerfiles: install bindgen from cargo on Ubuntu 22.04 Paolo Bonzini
2024-10-24 11:28 ` [PATCH v2 00/14] rust: allow older versions of rustc and bindgen Paolo Bonzini

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:45ec95c9f7 dfblob:13cdb2ccba )
 OR (
bs:"[PATCH v2 08/14] rust: do not use MaybeUninit::zeroed()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241022100956.196657-9-pbonzini@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=berrange@redhat.com \
    --cc=junjie.mao@hotmail.com \
    --cc=kwolf@redhat.com \
    --cc=manos.pitsidianakis@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).