[pointer] Add generic projection/cast framework

[joshlf]

Add unsafe trait Project and unsafe trait Cast: Project. Cast is
implemented for any address-preserving cast, while Project generalizes
to conversions which may not preserve the address of the referent (ie,
field projections). Use these (mostly Cast, but some Project) to
unify PtrInner/Ptr casts, field projections, and SizeEq casts.
Replace a good amount of unsafe derive-generated code with uses of this
machinery.

Makes progress on #196
Closes #2856

---

• 　 [WIP] ReadOnly #2866
• 　 Simplify MutationCompatible impls #2867
• 👉 [pointer] Add generic projection/cast framework #2860

Latest Update: v16 — Compare vs v15

📚 Full Patch History

Links show the diff between the row version and the column version.

Version	v15	v14	v13	v12	v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v16	v15	v14	v13	v12	v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v15		v14	v13	v12	v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v14			v13	v12	v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v13				v12	v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v12					v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v11						v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v10							v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v9								v8	v7	v6	v5	v4	v3	v2	v1	Base
v8									v7	v6	v5	v4	v3	v2	v1	Base
v7										v6	v5	v4	v3	v2	v1	Base
v6											v5	v4	v3	v2	v1	Base
v5												v4	v3	v2	v1	Base
v4													v3	v2	v1	Base
v3														v2	v1	Base
v2															v1	Base
v1																Base

[gemini-code-assist]

Summary of Changes

Hello @joshlf, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a foundational generic framework for pointer projection and casting within the zerocopy crate. By defining Project and Cast traits, it establishes a standardized and extensible way to handle various pointer transformations, from simple address-preserving casts to complex field projections. This refactoring aims to consolidate existing, often repetitive, unsafe pointer logic into a more robust and unified system, paving the way for safer and more efficient low-level memory operations.

Highlights

• New Generic Projection/Cast Framework: Introduced unsafe trait Project and unsafe trait Cast to provide a generic and unified mechanism for pointer conversions. Cast is specifically for address-preserving casts, while Project covers more general conversions like field projections.
• Unification of Existing Casts: The new framework unifies various existing pointer operations, including PtrInner/Ptr casts, field projections, and SizeEq casts, under a consistent trait-based system.
• Reduced Unsafe Boilerplate: A significant amount of unsafe, derive-generated code has been replaced by leveraging this new generic machinery, improving code maintainability and reducing potential for errors.
• Refactored SizeEq Trait: The SizeEq trait now uses an associated type CastFrom which implements cast::Cast, allowing for more flexible and composable casting logic.
• Updated PtrInner and Ptr Methods: Core pointer manipulation methods like cast_sized, cast, project, and transmute_unchecked have been updated to utilize the new Project and Cast traits, streamlining their implementation.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[codecov-commenter]

Codecov Report

❌ Patch coverage is 74.41860% with 33 lines in your changes missing coverage. Please review.
✅ Project coverage is 91.89%. Comparing base (b99b86d) to head (6414d5d).

Files with missing lines	Patch %	Lines
src/layout.rs	23.07%	30 Missing ⚠️
src/impls.rs	0.00%	2 Missing ⚠️
src/pointer/mod.rs	95.83%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2860      +/-   ##
==========================================
- Coverage   91.94%   91.89%   -0.06%     
==========================================
  Files          20       20              
  Lines        5824     5773      -51     
==========================================
- Hits         5355     5305      -50     
+ Misses        469      468       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gemini-code-assist]

Code Review

This pull request introduces a significant and well-designed refactoring of the pointer casting and projection framework by adding the Project and Cast traits. This unification simplifies the codebase and makes the casting logic more extensible and type-driven. The changes across the files are consistent with this new design.

My review focuses on the correctness and safety of these new abstractions. I've found a few places where // SAFETY: TODO comments indicate missing safety justifications for unsafe blocks. It's important to fill these in to ensure the soundness of the library. Most notably, I've identified one InvariantsEq implementation in zerocopy-derive/src/enum.rs that appears to be incorrect and could lead to unsoundness. Please address these points to finalize this excellent refactoring.

[joshlf]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a generic framework for pointer projections and casts using the new Project and Cast traits. This is a significant and valuable refactoring that unifies various casting and projection mechanisms throughout the codebase, making them more composable and robust. The changes are extensive, touching many core parts of the pointer manipulation logic.

While the overall direction is excellent, I've found several critical issues related to TODOs in SAFETY comments, particularly concerning potential soundness holes with InvariantsEq implementations for enums and a missing safety justification for a new public project method. These must be addressed to ensure the soundness guarantees of zerocopy are upheld. I've also pointed out a few other places where TODOs in safety comments should be replaced with proper justifications.

[jswrenn]

For repr(C) unions, this guarantees zero offsets:

Fields might have a non-zero offset (except when the C representation is used); in that case the bits starting at the offset of the fields are read.

[joshlf]

Updated to cite that: https://github.com/google/zerocopy/compare/gherrit/Gdeb4f5a282b778a82175703218739a93074d0cc4/v9..gherrit/Gdeb4f5a282b778a82175703218739a93074d0cc4/v10#diff-977c29e6cf079bd7307f811df24f99633df603962785c583145eb6250b0e12daR822

[joshlf]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a powerful and generic framework for pointer projections and casts with the Project and Cast traits. This is a significant improvement that unifies various casting mechanisms throughout the codebase, reducing boilerplate and increasing clarity. The use of transitive projections is particularly elegant. The changes are extensive and touch core parts of the library, and the refactoring appears to be very well thought out. I've found a couple of places where safety comments need to be addressed to fully justify the soundness of the new additions.

[joshlf]

/gemini review

[gemini-code-assist]

Code Review

This is a significant and well-executed refactoring that introduces a generic framework for pointer projections and casts through the new Project and Cast traits. This change successfully unifies various casting mechanisms throughout the codebase, replacing a good amount of unsafe derive-generated code with this new, more robust machinery. The new abstractions are thoughtfully designed and improve the overall structure and safety of pointer manipulations. I have one minor suggestion for code style.