// Copyright 2024 The Fuchsia Authors // // Licensed under the 2-Clause BSD License , Apache License, Version 2.0 // , or the MIT // license , at your option. // This file may not be copied, modified, or distributed except according to // those terms. //! Types related to error reporting. //! //! ## Single failure mode errors //! //! Generally speaking, zerocopy's conversions may fail for one of up to three //! reasons: //! - [`AlignmentError`]: the conversion source was improperly aligned //! - [`SizeError`]: the conversion source was of incorrect size //! - [`ValidityError`]: the conversion source contained invalid data //! //! Methods that only have one failure mode, like //! [`FromBytes::read_from_bytes`], return that mode's corresponding error type //! directly. //! //! ## Compound errors //! //! Conversion methods that have either two or three possible failure modes //! return one of these error types: //! - [`CastError`]: the error type of reference conversions //! - [`TryCastError`]: the error type of fallible reference conversions //! - [`TryReadError`]: the error type of fallible read conversions //! //! ## [`Unaligned`] destination types //! //! For [`Unaligned`] destination types, alignment errors are impossible. All //! compound error types support infallibly discarding the alignment error via //! [`From`] so long as `Dst: Unaligned`. For example, see [`>::from`][size-error-from]. //! //! [size-error-from]: struct.SizeError.html#method.from-1 //! //! ## Accessing the conversion source //! //! All error types provide an `into_src` method that converts the error into //! the source value underlying the failed conversion. //! //! ## Display formatting //! //! All error types provide a `Display` implementation that produces a //! human-readable error message. When `debug_assertions` are enabled, these //! error messages are verbose and may include potentially sensitive //! information, including: //! //! - the names of the involved types //! - the sizes of the involved types //! - the addresses of the involved types //! - the contents of the involved types //! //! When `debug_assertions` are disabled (as is default for `release` builds), //! such potentially sensitive information is excluded. //! //! In the future, we may support manually configuring this behavior. If you are //! interested in this feature, [let us know on GitHub][issue-1457] so we know //! to prioritize it. //! //! [issue-1457]: https://github.com/google/zerocopy/issues/1457 //! //! ## Validation order //! //! Our conversion methods typically check alignment, then size, then bit //! validity. However, we do not guarantee that this is always the case, and //! this behavior may change between releases. //! //! ## `Send`, `Sync`, and `'static` //! //! Our error types are `Send`, `Sync`, and `'static` when their `Src` parameter //! is `Send`, `Sync`, or `'static`, respectively. This can cause issues when an //! error is sent or synchronized across threads; e.g.: //! //! ```compile_fail,E0515 //! use zerocopy::*; //! //! let result: SizeError<&[u8], u32> = std::thread::spawn(|| { //! let source = &mut [0u8, 1, 2][..]; //! // Try (and fail) to read a `u32` from `source`. //! u32::read_from_bytes(source).unwrap_err() //! }).join().unwrap(); //! ``` //! //! To work around this, use [`map_src`][CastError::map_src] to convert the //! source parameter to an unproblematic type; e.g.: //! //! ``` //! use zerocopy::*; //! //! let result: SizeError<(), u32> = std::thread::spawn(|| { //! let source = &mut [0u8, 1, 2][..]; //! // Try (and fail) to read a `u32` from `source`. //! u32::read_from_bytes(source).unwrap_err() //! // Erase the error source. //! .map_src(drop) //! }).join().unwrap(); //! ``` //! //! Alternatively, use `.to_string()` to eagerly convert the error into a //! human-readable message; e.g.: //! //! ``` //! use zerocopy::*; //! //! let result: Result = std::thread::spawn(|| { //! let source = &mut [0u8, 1, 2][..]; //! // Try (and fail) to read a `u32` from `source`. //! u32::read_from_bytes(source) //! // Eagerly render the error message. //! .map_err(|err| err.to_string()) //! }).join().unwrap(); //! ``` #[cfg(zerocopy_core_error_1_81_0)] use core::error::Error; use core::{ convert::Infallible, fmt::{self, Debug, Write}, ops::Deref, }; #[cfg(all(not(zerocopy_core_error_1_81_0), any(feature = "std", test)))] use std::error::Error; use crate::{util::SendSyncPhantomData, KnownLayout, TryFromBytes, Unaligned}; #[cfg(doc)] use crate::{FromBytes, Ref}; /// Zerocopy's generic error type. /// /// Generally speaking, zerocopy's conversions may fail for one of up to three /// reasons: /// - [`AlignmentError`]: the conversion source was improperly aligned /// - [`SizeError`]: the conversion source was of incorrect size /// - [`ValidityError`]: the conversion source contained invalid data /// /// However, not all conversions produce all errors. For instance, /// [`FromBytes::ref_from_bytes`] may fail due to alignment or size issues, but /// not validity issues. This generic error type captures these /// (im)possibilities via parameterization: `A` is parameterized with /// [`AlignmentError`], `S` is parameterized with [`SizeError`], and `V` is /// parameterized with [`Infallible`]. /// /// Zerocopy never uses this type directly in its API. Rather, we provide three /// pre-parameterized aliases: /// - [`CastError`]: the error type of reference conversions /// - [`TryCastError`]: the error type of fallible reference conversions /// - [`TryReadError`]: the error type of fallible read conversions #[derive(PartialEq, Eq)] pub enum ConvertError { /// The conversion source was improperly aligned. Alignment(A), /// The conversion source was of incorrect size. Size(S), /// The conversion source contained invalid data. Validity(V), } impl From, S, V>> for ConvertError { /// Infallibly discards the alignment error from this `ConvertError` since /// `Dst` is unaligned. /// /// Since [`Dst: Unaligned`], it is impossible to encounter an alignment /// error. This method permits discarding that alignment error infallibly /// and replacing it with [`Infallible`]. /// /// [`Dst: Unaligned`]: crate::Unaligned /// /// # Examples /// /// ``` /// use core::convert::Infallible; /// use zerocopy::*; /// # use zerocopy_derive::*; /// /// #[derive(TryFromBytes, KnownLayout, Unaligned, Immutable)] /// #[repr(C, packed)] /// struct Bools { /// one: bool, /// two: bool, /// many: [bool], /// } /// /// impl Bools { /// fn parse(bytes: &[u8]) -> Result<&Bools, AlignedTryCastError<&[u8], Bools>> { /// // Since `Bools: Unaligned`, we can infallibly discard /// // the alignment error. /// Bools::try_ref_from_bytes(bytes).map_err(Into::into) /// } /// } /// ``` #[inline] fn from(err: ConvertError, S, V>) -> ConvertError { match err { ConvertError::Alignment(e) => ConvertError::Alignment(Infallible::from(e)), ConvertError::Size(e) => ConvertError::Size(e), ConvertError::Validity(e) => ConvertError::Validity(e), } } } impl fmt::Debug for ConvertError { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match self { Self::Alignment(e) => f.debug_tuple("Alignment").field(e).finish(), Self::Size(e) => f.debug_tuple("Size").field(e).finish(), Self::Validity(e) => f.debug_tuple("Validity").field(e).finish(), } } } /// Produces a human-readable error message. /// /// The message differs between debug and release builds. When /// `debug_assertions` are enabled, this message is verbose and includes /// potentially sensitive information. impl fmt::Display for ConvertError { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match self { Self::Alignment(e) => e.fmt(f), Self::Size(e) => e.fmt(f), Self::Validity(e) => e.fmt(f), } } } #[cfg(any(zerocopy_core_error_1_81_0, feature = "std", test))] #[cfg_attr(doc_cfg, doc(cfg(all(rust = "1.81.0", feature = "std"))))] impl Error for ConvertError where A: fmt::Display + fmt::Debug, S: fmt::Display + fmt::Debug, V: fmt::Display + fmt::Debug, { } /// The error emitted if the conversion source is improperly aligned. #[derive(PartialEq, Eq)] pub struct AlignmentError { /// The source value involved in the conversion. src: Src, /// The inner destination type inolved in the conversion. /// /// INVARIANT: An `AlignmentError` may only be constructed if `Dst`'s /// alignment requirement is greater than one. dst: SendSyncPhantomData, } impl AlignmentError { /// # Safety /// /// The caller must ensure that `Dst`'s alignment requirement is greater /// than one. pub(crate) unsafe fn new_unchecked(src: Src) -> Self { // INVARIANT: The caller guarantees that `Dst`'s alignment requirement // is greater than one. Self { src, dst: SendSyncPhantomData::default() } } /// Produces the source underlying the failed conversion. #[inline] pub fn into_src(self) -> Src { self.src } pub(crate) fn with_src(self, new_src: NewSrc) -> AlignmentError { // INVARIANT: `with_src` doesn't change the type of `Dst`, so the // invariant that `Dst`'s alignment requirement is greater than one is // preserved. AlignmentError { src: new_src, dst: SendSyncPhantomData::default() } } /// Maps the source value associated with the conversion error. /// /// This can help mitigate [issues with `Send`, `Sync` and `'static` /// bounds][self#send-sync-and-static]. /// /// # Examples /// /// ``` /// use zerocopy::*; /// /// let unaligned = Unalign::new(0u16); /// /// // Attempt to deref `unaligned`. This might fail with an alignment error. /// let maybe_n: Result<&u16, AlignmentError<&Unalign, u16>> = unaligned.try_deref(); /// /// // Map the error's source to its address as a usize. /// let maybe_n: Result<&u16, AlignmentError> = maybe_n.map_err(|err| { /// err.map_src(|src| src as *const _ as usize) /// }); /// ``` #[inline] pub fn map_src(self, f: impl FnOnce(Src) -> NewSrc) -> AlignmentError { AlignmentError { src: f(self.src), dst: SendSyncPhantomData::default() } } pub(crate) fn into(self) -> ConvertError { ConvertError::Alignment(self) } /// Format extra details for a verbose, human-readable error message. /// /// This formatting may include potentially sensitive information. fn display_verbose_extras(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result where Src: Deref, Dst: KnownLayout, { #[allow(clippy::as_conversions)] let addr = self.src.deref() as *const _ as *const (); let addr_align = 2usize.pow((crate::util::AsAddress::addr(addr)).trailing_zeros()); f.write_str("\n\nSource type: ")?; f.write_str(core::any::type_name::())?; f.write_str("\nSource address: ")?; addr.fmt(f)?; f.write_str(" (a multiple of ")?; addr_align.fmt(f)?; f.write_str(")")?; f.write_str("\nDestination type: ")?; f.write_str(core::any::type_name::())?; f.write_str("\nDestination alignment: ")?; ::LAYOUT.align.get().fmt(f)?; Ok(()) } } impl From> for Infallible { #[inline(always)] fn from(_: AlignmentError) -> Infallible { // SAFETY: `AlignmentError`s can only be constructed when `Dst`'s // alignment requirement is greater than one. In this block, `Dst: // Unaligned`, which means that its alignment requirement is equal to // one. Thus, it's not possible to reach here at runtime. unsafe { core::hint::unreachable_unchecked() } } } #[cfg(test)] impl AlignmentError { // A convenience constructor so that test code doesn't need to write // `unsafe`. fn new_checked(src: Src) -> AlignmentError { assert_ne!(core::mem::align_of::(), 1); // SAFETY: The preceding assertion guarantees that `Dst`'s alignment // requirement is greater than one. unsafe { AlignmentError::new_unchecked(src) } } } impl fmt::Debug for AlignmentError { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("AlignmentError").finish() } } /// Produces a human-readable error message. /// /// The message differs between debug and release builds. When /// `debug_assertions` are enabled, this message is verbose and includes /// potentially sensitive information. impl fmt::Display for AlignmentError where Src: Deref, Dst: KnownLayout, { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.write_str("The conversion failed because the address of the source is not a multiple of the alignment of the destination type.")?; if cfg!(debug_assertions) { self.display_verbose_extras(f) } else { Ok(()) } } } #[cfg(any(zerocopy_core_error_1_81_0, feature = "std", test))] #[cfg_attr(doc_cfg, doc(cfg(all(rust = "1.81.0", feature = "std"))))] impl Error for AlignmentError where Src: Deref, Dst: KnownLayout, { } impl From> for ConvertError, S, V> { #[inline(always)] fn from(err: AlignmentError) -> Self { Self::Alignment(err) } } /// The error emitted if the conversion source is of incorrect size. #[derive(PartialEq, Eq)] pub struct SizeError { /// The source value involved in the conversion. src: Src, /// The inner destination type inolved in the conversion. dst: SendSyncPhantomData, } impl SizeError { pub(crate) fn new(src: Src) -> Self { Self { src, dst: SendSyncPhantomData::default() } } /// Produces the source underlying the failed conversion. #[inline] pub fn into_src(self) -> Src { self.src } /// Sets the source value associated with the conversion error. pub(crate) fn with_src(self, new_src: NewSrc) -> SizeError { SizeError { src: new_src, dst: SendSyncPhantomData::default() } } /// Maps the source value associated with the conversion error. /// /// This can help mitigate [issues with `Send`, `Sync` and `'static` /// bounds][self#send-sync-and-static]. /// /// # Examples /// /// ``` /// use zerocopy::*; /// /// let source: [u8; 3] = [0, 1, 2]; /// /// // Try to read a `u32` from `source`. This will fail because there are insufficient /// // bytes in `source`. /// let maybe_u32: Result> = u32::read_from_bytes(&source[..]); /// /// // Map the error's source to its size. /// let maybe_u32: Result> = maybe_u32.map_err(|err| { /// err.map_src(|src| src.len()) /// }); /// ``` #[inline] pub fn map_src(self, f: impl FnOnce(Src) -> NewSrc) -> SizeError { SizeError { src: f(self.src), dst: SendSyncPhantomData::default() } } /// Sets the destination type associated with the conversion error. pub(crate) fn with_dst(self) -> SizeError { SizeError { src: self.src, dst: SendSyncPhantomData::default() } } /// Converts the error into a general [`ConvertError`]. pub(crate) fn into(self) -> ConvertError { ConvertError::Size(self) } /// Format extra details for a verbose, human-readable error message. /// /// This formatting may include potentially sensitive information. fn display_verbose_extras(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result where Src: Deref, Dst: KnownLayout, { // include the source type f.write_str("\nSource type: ")?; f.write_str(core::any::type_name::())?; // include the source.deref() size let src_size = core::mem::size_of_val(&*self.src); f.write_str("\nSource size: ")?; src_size.fmt(f)?; f.write_str(" byte")?; if src_size != 1 { f.write_char('s')?; } // if `Dst` is `Sized`, include the `Dst` size if let crate::SizeInfo::Sized { size } = Dst::LAYOUT.size_info { f.write_str("\nDestination size: ")?; size.fmt(f)?; f.write_str(" byte")?; if size != 1 { f.write_char('s')?; } } // include the destination type f.write_str("\nDestination type: ")?; f.write_str(core::any::type_name::())?; Ok(()) } } impl fmt::Debug for SizeError { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("SizeError").finish() } } /// Produces a human-readable error message. /// /// The message differs between debug and release builds. When /// `debug_assertions` are enabled, this message is verbose and includes /// potentially sensitive information. impl fmt::Display for SizeError where Src: Deref, Dst: KnownLayout, { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.write_str("The conversion failed because the source was incorrectly sized to complete the conversion into the destination type.")?; if cfg!(debug_assertions) { f.write_str("\n")?; self.display_verbose_extras(f)?; } Ok(()) } } #[cfg(any(zerocopy_core_error_1_81_0, feature = "std", test))] #[cfg_attr(doc_cfg, doc(cfg(all(rust = "1.81.0", feature = "std"))))] impl Error for SizeError where Src: Deref, Dst: KnownLayout, { } impl From> for ConvertError, V> { #[inline(always)] fn from(err: SizeError) -> Self { Self::Size(err) } } /// The error emitted if the conversion source contains invalid data. #[derive(PartialEq, Eq)] pub struct ValidityError { /// The source value involved in the conversion. pub(crate) src: Src, /// The inner destination type inolved in the conversion. dst: SendSyncPhantomData, } impl ValidityError { pub(crate) fn new(src: Src) -> Self { Self { src, dst: SendSyncPhantomData::default() } } /// Produces the source underlying the failed conversion. #[inline] pub fn into_src(self) -> Src { self.src } /// Maps the source value associated with the conversion error. /// /// This can help mitigate [issues with `Send`, `Sync` and `'static` /// bounds][self#send-sync-and-static]. /// /// # Examples /// /// ``` /// use zerocopy::*; /// /// let source: u8 = 42; /// /// // Try to transmute the `source` to a `bool`. This will fail. /// let maybe_bool: Result> = try_transmute!(source); /// /// // Drop the error's source. /// let maybe_bool: Result> = maybe_bool.map_err(|err| { /// err.map_src(drop) /// }); /// ``` #[inline] pub fn map_src(self, f: impl FnOnce(Src) -> NewSrc) -> ValidityError { ValidityError { src: f(self.src), dst: SendSyncPhantomData::default() } } /// Converts the error into a general [`ConvertError`]. pub(crate) fn into(self) -> ConvertError { ConvertError::Validity(self) } /// Format extra details for a verbose, human-readable error message. /// /// This formatting may include potentially sensitive information. fn display_verbose_extras(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result where Dst: KnownLayout, { f.write_str("Destination type: ")?; f.write_str(core::any::type_name::())?; Ok(()) } } impl fmt::Debug for ValidityError { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("ValidityError").finish() } } /// Produces a human-readable error message. /// /// The message differs between debug and release builds. When /// `debug_assertions` are enabled, this message is verbose and includes /// potentially sensitive information. impl fmt::Display for ValidityError where Dst: KnownLayout + TryFromBytes, { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.write_str("The conversion failed because the source bytes are not a valid value of the destination type.")?; if cfg!(debug_assertions) { f.write_str("\n\n")?; self.display_verbose_extras(f)?; } Ok(()) } } #[cfg(any(zerocopy_core_error_1_81_0, feature = "std", test))] #[cfg_attr(doc_cfg, doc(cfg(all(rust = "1.81.0", feature = "std"))))] impl Error for ValidityError where Dst: KnownLayout + TryFromBytes {} impl From> for ConvertError> { #[inline(always)] fn from(err: ValidityError) -> Self { Self::Validity(err) } } /// The error type of reference conversions. /// /// Reference conversions, like [`FromBytes::ref_from_bytes`] may emit /// [alignment](AlignmentError) and [size](SizeError) errors. // Bounds on generic parameters are not enforced in type aliases, but they do // appear in rustdoc. #[allow(type_alias_bounds)] pub type CastError = ConvertError, SizeError, Infallible>; impl CastError { /// Produces the source underlying the failed conversion. #[inline] pub fn into_src(self) -> Src { match self { Self::Alignment(e) => e.src, Self::Size(e) => e.src, Self::Validity(i) => match i {}, } } /// Sets the source value associated with the conversion error. pub(crate) fn with_src(self, new_src: NewSrc) -> CastError { match self { Self::Alignment(e) => CastError::Alignment(e.with_src(new_src)), Self::Size(e) => CastError::Size(e.with_src(new_src)), Self::Validity(i) => match i {}, } } /// Maps the source value associated with the conversion error. /// /// This can help mitigate [issues with `Send`, `Sync` and `'static` /// bounds][self#send-sync-and-static]. /// /// # Examples /// /// ``` /// use zerocopy::*; /// /// let source: [u8; 3] = [0, 1, 2]; /// /// // Try to read a `u32` from `source`. This will fail because there are insufficient /// // bytes in `source`. /// let maybe_u32: Result<&u32, CastError<&[u8], u32>> = u32::ref_from_bytes(&source[..]); /// /// // Map the error's source to its size and address. /// let maybe_u32: Result<&u32, CastError<(usize, usize), u32>> = maybe_u32.map_err(|err| { /// err.map_src(|src| (src.len(), src.as_ptr() as usize)) /// }); /// ``` #[inline] pub fn map_src(self, f: impl FnOnce(Src) -> NewSrc) -> CastError { match self { Self::Alignment(e) => CastError::Alignment(e.map_src(f)), Self::Size(e) => CastError::Size(e.map_src(f)), Self::Validity(i) => match i {}, } } /// Converts the error into a general [`ConvertError`]. pub(crate) fn into(self) -> TryCastError where Dst: TryFromBytes, { match self { Self::Alignment(e) => TryCastError::Alignment(e), Self::Size(e) => TryCastError::Size(e), Self::Validity(i) => match i {}, } } } impl From> for SizeError { /// Infallibly extracts the [`SizeError`] from this `CastError` since `Dst` /// is unaligned. /// /// Since [`Dst: Unaligned`], it is impossible to encounter an alignment /// error, and so the only error that can be encountered at runtime is a /// [`SizeError`]. This method permits extracting that `SizeError` /// infallibly. /// /// [`Dst: Unaligned`]: crate::Unaligned /// /// # Examples /// /// ```rust /// use zerocopy::*; /// # use zerocopy_derive::*; /// /// #[derive(FromBytes, IntoBytes, KnownLayout, Immutable, Unaligned)] /// #[repr(C)] /// struct UdpHeader { /// src_port: [u8; 2], /// dst_port: [u8; 2], /// length: [u8; 2], /// checksum: [u8; 2], /// } /// /// #[derive(FromBytes, IntoBytes, KnownLayout, Immutable, Unaligned)] /// #[repr(C, packed)] /// struct UdpPacket { /// header: UdpHeader, /// body: [u8], /// } /// /// impl UdpPacket { /// pub fn parse(bytes: &[u8]) -> Result<&UdpPacket, SizeError<&[u8], UdpPacket>> { /// // Since `UdpPacket: Unaligned`, we can map the `CastError` to a `SizeError`. /// UdpPacket::ref_from_bytes(bytes).map_err(Into::into) /// } /// } /// ``` #[inline(always)] fn from(err: CastError) -> SizeError { match err { #[allow(unreachable_code)] CastError::Alignment(e) => match Infallible::from(e) {}, CastError::Size(e) => e, CastError::Validity(i) => match i {}, } } } /// The error type of fallible reference conversions. /// /// Fallible reference conversions, like [`TryFromBytes::try_ref_from_bytes`] /// may emit [alignment](AlignmentError), [size](SizeError), and /// [validity](ValidityError) errors. // Bounds on generic parameters are not enforced in type aliases, but they do // appear in rustdoc. #[allow(type_alias_bounds)] pub type TryCastError = ConvertError, SizeError, ValidityError>; // FIXME(#1139): Remove the `TryFromBytes` here and in other downstream // locations (all the way to `ValidityError`) if we determine it's not necessary // for rich validity errors. impl TryCastError { /// Produces the source underlying the failed conversion. #[inline] pub fn into_src(self) -> Src { match self { Self::Alignment(e) => e.src, Self::Size(e) => e.src, Self::Validity(e) => e.src, } } /// Maps the source value associated with the conversion error. /// /// This can help mitigate [issues with `Send`, `Sync` and `'static` /// bounds][self#send-sync-and-static]. /// /// # Examples /// /// ``` /// use core::num::NonZeroU32; /// use zerocopy::*; /// /// let source: [u8; 3] = [0, 0, 0]; /// /// // Try to read a `NonZeroU32` from `source`. /// let maybe_u32: Result<&NonZeroU32, TryCastError<&[u8], NonZeroU32>> /// = NonZeroU32::try_ref_from_bytes(&source[..]); /// /// // Map the error's source to its size and address. /// let maybe_u32: Result<&NonZeroU32, TryCastError<(usize, usize), NonZeroU32>> = /// maybe_u32.map_err(|err| { /// err.map_src(|src| (src.len(), src.as_ptr() as usize)) /// }); /// ``` #[inline] pub fn map_src(self, f: impl FnOnce(Src) -> NewSrc) -> TryCastError { match self { Self::Alignment(e) => TryCastError::Alignment(e.map_src(f)), Self::Size(e) => TryCastError::Size(e.map_src(f)), Self::Validity(e) => TryCastError::Validity(e.map_src(f)), } } } impl From> for TryCastError { #[inline] fn from(value: CastError) -> Self { match value { CastError::Alignment(e) => Self::Alignment(e), CastError::Size(e) => Self::Size(e), CastError::Validity(i) => match i {}, } } } /// The error type of fallible read-conversions. /// /// Fallible read-conversions, like [`TryFromBytes::try_read_from_bytes`] may emit /// [size](SizeError) and [validity](ValidityError) errors, but not alignment errors. // Bounds on generic parameters are not enforced in type aliases, but they do // appear in rustdoc. #[allow(type_alias_bounds)] pub type TryReadError = ConvertError, ValidityError>; impl TryReadError { /// Produces the source underlying the failed conversion. #[inline] pub fn into_src(self) -> Src { match self { Self::Alignment(i) => match i {}, Self::Size(e) => e.src, Self::Validity(e) => e.src, } } /// Maps the source value associated with the conversion error. /// /// This can help mitigate [issues with `Send`, `Sync` and `'static` /// bounds][self#send-sync-and-static]. /// /// # Examples /// /// ``` /// use core::num::NonZeroU32; /// use zerocopy::*; /// /// let source: [u8; 3] = [0, 0, 0]; /// /// // Try to read a `NonZeroU32` from `source`. /// let maybe_u32: Result> /// = NonZeroU32::try_read_from_bytes(&source[..]); /// /// // Map the error's source to its size. /// let maybe_u32: Result> = /// maybe_u32.map_err(|err| { /// err.map_src(|src| src.len()) /// }); /// ``` #[inline] pub fn map_src(self, f: impl FnOnce(Src) -> NewSrc) -> TryReadError { match self { Self::Alignment(i) => match i {}, Self::Size(e) => TryReadError::Size(e.map_src(f)), Self::Validity(e) => TryReadError::Validity(e.map_src(f)), } } } /// The error type of well-aligned, fallible casts. /// /// This is like [`TryCastError`], but for casts that are always well-aligned. /// It is identical to `TryCastError`, except that its alignment error is /// [`Infallible`]. /// /// As of this writing, none of zerocopy's API produces this error directly. /// However, it is useful since it permits users to infallibly discard alignment /// errors when they can prove statically that alignment errors are impossible. /// /// # Examples /// /// ``` /// use core::convert::Infallible; /// use zerocopy::*; /// # use zerocopy_derive::*; /// /// #[derive(TryFromBytes, KnownLayout, Unaligned, Immutable)] /// #[repr(C, packed)] /// struct Bools { /// one: bool, /// two: bool, /// many: [bool], /// } /// /// impl Bools { /// fn parse(bytes: &[u8]) -> Result<&Bools, AlignedTryCastError<&[u8], Bools>> { /// // Since `Bools: Unaligned`, we can infallibly discard /// // the alignment error. /// Bools::try_ref_from_bytes(bytes).map_err(Into::into) /// } /// } /// ``` #[allow(type_alias_bounds)] pub type AlignedTryCastError = ConvertError, ValidityError>; /// The error type of a failed allocation. /// /// This type is intended to be deprecated in favor of the standard library's /// [`AllocError`] type once it is stabilized. When that happens, this type will /// be replaced by a type alias to the standard library type. We do not intend /// to treat this as a breaking change; users who wish to avoid breakage should /// avoid writing code which assumes that this is *not* such an alias. For /// example, implementing the same trait for both types will result in an impl /// conflict once this type is an alias. /// /// [`AllocError`]: https://doc.rust-lang.org/alloc/alloc/struct.AllocError.html #[derive(Copy, Clone, PartialEq, Eq, Debug)] pub struct AllocError; #[cfg(test)] mod tests { use super::*; #[test] fn test_send_sync() { // Test that all error types are `Send + Sync` even if `Dst: !Send + // !Sync`. #[allow(dead_code)] fn is_send_sync(_t: T) {} #[allow(dead_code)] fn alignment_err_is_send_sync(err: AlignmentError) { is_send_sync(err) } #[allow(dead_code)] fn size_err_is_send_sync(err: SizeError) { is_send_sync(err) } #[allow(dead_code)] fn validity_err_is_send_sync( err: ValidityError, ) { is_send_sync(err) } #[allow(dead_code)] fn convert_error_is_send_sync( err: ConvertError< AlignmentError, SizeError, ValidityError, >, ) { is_send_sync(err) } } #[test] fn alignment_display() { #[repr(C, align(128))] struct Aligned { bytes: [u8; 128], } impl_known_layout!(elain::Align::<8>); let aligned = Aligned { bytes: [0; 128] }; let bytes = &aligned.bytes[1..]; let addr = crate::util::AsAddress::addr(bytes); assert_eq!( AlignmentError::<_, elain::Align::<8>>::new_checked(bytes).to_string(), format!("The conversion failed because the address of the source is not a multiple of the alignment of the destination type.\n\ \nSource type: &[u8]\ \nSource address: 0x{:x} (a multiple of 1)\ \nDestination type: elain::Align<8>\ \nDestination alignment: 8", addr) ); let bytes = &aligned.bytes[2..]; let addr = crate::util::AsAddress::addr(bytes); assert_eq!( AlignmentError::<_, elain::Align::<8>>::new_checked(bytes).to_string(), format!("The conversion failed because the address of the source is not a multiple of the alignment of the destination type.\n\ \nSource type: &[u8]\ \nSource address: 0x{:x} (a multiple of 2)\ \nDestination type: elain::Align<8>\ \nDestination alignment: 8", addr) ); let bytes = &aligned.bytes[3..]; let addr = crate::util::AsAddress::addr(bytes); assert_eq!( AlignmentError::<_, elain::Align::<8>>::new_checked(bytes).to_string(), format!("The conversion failed because the address of the source is not a multiple of the alignment of the destination type.\n\ \nSource type: &[u8]\ \nSource address: 0x{:x} (a multiple of 1)\ \nDestination type: elain::Align<8>\ \nDestination alignment: 8", addr) ); let bytes = &aligned.bytes[4..]; let addr = crate::util::AsAddress::addr(bytes); assert_eq!( AlignmentError::<_, elain::Align::<8>>::new_checked(bytes).to_string(), format!("The conversion failed because the address of the source is not a multiple of the alignment of the destination type.\n\ \nSource type: &[u8]\ \nSource address: 0x{:x} (a multiple of 4)\ \nDestination type: elain::Align<8>\ \nDestination alignment: 8", addr) ); } #[test] fn size_display() { assert_eq!( SizeError::<_, [u8]>::new(&[0u8; 2][..]).to_string(), "The conversion failed because the source was incorrectly sized to complete the conversion into the destination type.\n\ \nSource type: &[u8]\ \nSource size: 2 bytes\ \nDestination type: [u8]" ); assert_eq!( SizeError::<_, [u8; 2]>::new(&[0u8; 1][..]).to_string(), "The conversion failed because the source was incorrectly sized to complete the conversion into the destination type.\n\ \nSource type: &[u8]\ \nSource size: 1 byte\ \nDestination size: 2 bytes\ \nDestination type: [u8; 2]" ); } #[test] fn validity_display() { assert_eq!( ValidityError::<_, bool>::new(&[2u8; 1][..]).to_string(), "The conversion failed because the source bytes are not a valid value of the destination type.\n\ \n\ Destination type: bool" ); } }