Skip to content

Rename SizeEq to SizeCompat, make it safe #2872

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joshlf wants to merge 1 commit into
base: G481927cb6e9ca76c1531c05465f608e1b2607a62
Choose a base branch
from
Open

Rename SizeEq to SizeCompat, make it safe #2872

joshlf wants to merge 1 commit into from
+132 −148

Conversation

@joshlf
Copy link
Member

@joshlf joshlf commented Jan 7, 2026
edited
Loading

Rename the SizeEq trait to SizeCompat, and remove the safety
invariant that casts preserve referent size. This removes all safety
invariants, allowing us to make it a safe trait.

Latest Update: v41 — Compare vs v40

📚 Full Patch History

Links show the diff between the row version and the column version.

Version v40 v39 v38 v37 v36 v35 v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v41 v40 v39 v38 v37 v36 v35 v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v40 v39 v38 v37 v36 v35 v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v39 v38 v37 v36 v35 v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v38 v37 v36 v35 v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v37 v36 v35 v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v36 v35 v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v35 v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v34 v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v33 v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v32 v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v31 v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v30 v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v29 v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v28 v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v27 v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v26 v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v8 v7 v6 v5 v4 v3 v2 v1 Base
v7 v6 v5 v4 v3 v2 v1 Base
v6 v5 v4 v3 v2 v1 Base
v5 v4 v3 v2 v1 Base
v4 v3 v2 v1 Base
v3 v2 v1 Base
v2 v1 Base
v1 Base

This was referenced Jan 7, 2026
Closed
Open
Open
@joshlf joshlf requested a review from jswrenn January 7, 2026 21:28
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Jan 7, 2026

Summary of Changes

Hello @joshlf, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the safety and soundness of pointer casting operations by introducing the CastExact trait. This new trait ensures that any cast used in SizeEq implementations precisely maintains the size of the referent bytes. By requiring this stricter guarantee, the SizeEq trait itself can be made safe, removing the need for unsafe annotations on its implementations and improving the overall reliability of memory-related operations.

Highlights

  • Introduction of CastExact Trait: A new unsafe trait CastExact has been introduced, which is a specialized Cast trait guaranteeing that the cast operation exactly preserves the set of referent bytes, without shrinking them.
  • Refinement of SizeEq Trait: The SizeEq trait has been made safer by changing it from an unsafe trait to a regular trait. Its associated type CastFrom now requires the new CastExact bound, ensuring that all SizeEq implementations use casts that precisely preserve memory size.
  • Updates to Existing Implementations: Existing SizeEq implementations for atomic types, UnsafeCell, MaybeUninit, and those generated by macros like unsafe_impl_for_transparent_wrapper! have been updated to use CastSizedExact or to implement CastExact directly, aligning with the new safety guarantees.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request is a great step forward for the library's safety by making the SizeEq trait safe to implement. The introduction of the CastExact trait to enforce size-preserving casts is a solid approach. The changes are consistently applied throughout the codebase.

I've found a couple of places where new unsafe impls for CastExact are missing their safety comments. It's important to document the justification for these unsafe blocks to ensure long-term maintainability and correctness. Please see the specific comments for details.

@codecov-commenter
Copy link

codecov-commenter commented Jan 7, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.90%. Comparing base (897a5a3) to head (fe97d59).

Additional details and impacted files 
@@                            Coverage Diff                             @@
##           G481927cb6e9ca76c1531c05465f608e1b2607a62    #2872   +/-   ##
==========================================================================
  Coverage                                      91.90%   91.90%           
==========================================================================
  Files                                             20       20           
  Lines                                           5878     5879    +1     
==========================================================================
+ Hits                                            5402     5403    +1     
  Misses                                           476      476

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@joshlf joshlf mentioned this pull request Jan 7, 2026
Open
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch from a6e9a9b to a972b24 Compare January 8, 2026 15:26
joshlf
joshlf commented Jan 8, 2026
View reviewed changes
src/pointer/transmute.rs Outdated
Comment on lines 112 to 114
// TODO: Update this comment to not rely on `SizeEq` implying size equality
// (but instead rely on *runtime execution* of `SizeEq::CastFrom::project`
// guaranteeing size equality).
Copy link
Member Author

@joshlf joshlf Jan 8, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jswrenn Calling out this subtlety. We should have made sure to update all of our safety comments this way before – when we introduced the PME for metadata updating in the layout module. But now that SizeEq is safe, and Cast technically allows impls which diverge at runtime, we need to be extra careful.

joshlf
joshlf commented Jan 8, 2026
View reviewed changes
joshlf
joshlf commented Jan 8, 2026
View reviewed changes
src/pointer/mod.rs Outdated
Comment on lines 66 to 74
/// Projects a [`PtrInner`] from `Src` to `Dst`.
///
/// # Safety
///
/// The caller may assume that the resulting `PtrInner` addresses a
/// subset of the bytes of `src`'s referent.
#[must_use]
#[inline(always)]
fn project(src: PtrInner<'_, Src>) -> PtrInner<'_, Dst> {
Copy link
Member Author

@joshlf joshlf Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NOTE: Moving this here so we can reference SizeEq::CastFrom::project in safety comments. This allows us to just assume that project is a valid PtrInner -> PtrInner conversion and not have to prove anything about PtrInner's invariants (see the safety comment on TryTransmuteFromPtr in transmute.rs).

This was referenced Jan 8, 2026
Closed
Open
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch 2 times, most recently from 420424b to a0789ec Compare January 8, 2026 19:50
@joshlf joshlf changed the base branch from main to G3cc35009cf6e17a935df0ae0c3c37dcc389e2f9f January 8, 2026 19:50
@joshlf joshlf mentioned this pull request Jan 8, 2026
Merged
Base automatically changed from G3cc35009cf6e17a935df0ae0c3c37dcc389e2f9f to main January 8, 2026 22:45
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch from a0789ec to 8d0245a Compare January 9, 2026 00:00
@joshlf joshlf mentioned this pull request Jan 9, 2026
Open
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch from 8d0245a to 796deda Compare January 9, 2026 16:57
@joshlf joshlf mentioned this pull request Jan 9, 2026
Merged
@joshlf joshlf changed the base branch from main to G3eff65bc88b62c899bbd054028b3ff9306fe2167 January 9, 2026 16:57
@joshlf joshlf force-pushed the G3eff65bc88b62c899bbd054028b3ff9306fe2167 branch from f7e10fa to 59f812e Compare January 9, 2026 17:22
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch from 796deda to 4ef287c Compare January 9, 2026 17:22
Base automatically changed from G3eff65bc88b62c899bbd054028b3ff9306fe2167 to main January 9, 2026 18:48
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch 2 times, most recently from 9e67acb to a9e1eb5 Compare January 16, 2026 00:02
@joshlf joshlf changed the title Make SizeEq safe, introduce CastExact Rename SizeEq to SizeCompat, make it safe Jan 16, 2026
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch 2 times, most recently from 413a87a to c89b776 Compare January 16, 2026 00:35
@joshlf joshlf changed the base branch from main to G2eb58496ed1e3c61421020abbbb694d970d43c1c January 16, 2026 00:35
@joshlf joshlf mentioned this pull request Jan 16, 2026
Merged
@joshlf joshlf force-pushed the G2eb58496ed1e3c61421020abbbb694d970d43c1c branch from 7886b0a to 034707a Compare January 16, 2026 00:41
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch 5 times, most recently from b77e3a2 to f29bc13 Compare January 16, 2026 19:00
@joshlf joshlf force-pushed the G2eb58496ed1e3c61421020abbbb694d970d43c1c branch from 034707a to c17d945 Compare January 16, 2026 19:00
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch from f29bc13 to 5dac13c Compare January 16, 2026 20:37
@joshlf joshlf force-pushed the G2eb58496ed1e3c61421020abbbb694d970d43c1c branch from c17d945 to 07d042b Compare January 16, 2026 20:37
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch from 5dac13c to ade58d5 Compare January 16, 2026 20:57
@joshlf joshlf changed the base branch from G2eb58496ed1e3c61421020abbbb694d970d43c1c to G82a7bac1fdbde51b23d1760bfc7881a3bf862452 January 16, 2026 20:57
@joshlf joshlf mentioned this pull request Jan 16, 2026
Closed
@joshlf joshlf force-pushed the G82a7bac1fdbde51b23d1760bfc7881a3bf862452 branch from e947a60 to e8b0ab6 Compare January 16, 2026 22:10
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch 2 times, most recently from 26e76d5 to 41f96c8 Compare January 16, 2026 22:33
@joshlf joshlf changed the base branch from G82a7bac1fdbde51b23d1760bfc7881a3bf862452 to G481927cb6e9ca76c1531c05465f608e1b2607a62 January 16, 2026 22:33
@joshlf joshlf mentioned this pull request Jan 16, 2026
Open
@joshlf joshlf force-pushed the G481927cb6e9ca76c1531c05465f608e1b2607a62 branch from 71168f1 to ccfcfc0 Compare January 16, 2026 22:49
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch from 41f96c8 to 8d752d9 Compare January 16, 2026 22:49
@joshlf
Rename SizeEq to SizeCompat, make it safe
fe97d59 
Rename the `SizeEq` trait to `SizeCompat`, and remove the safety
invariant that casts preserve referent size. This removes all safety
invariants, allowing us to make it a safe trait.

gherrit-pr-id: G57ec07c3841271440bbaf40cab04b942cbdbddb9
@joshlf joshlf force-pushed the G57ec07c3841271440bbaf40cab04b942cbdbddb9 branch from 8d752d9 to fe97d59 Compare January 16, 2026 22:54
@joshlf joshlf force-pushed the G481927cb6e9ca76c1531c05465f608e1b2607a62 branch from ccfcfc0 to 897a5a3 Compare January 16, 2026 22:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jswrenn jswrenn Awaiting requested review from jswrenn

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joshlf @codecov-commenter