From 6e50bde1e1c8edc70145fb87b21b0d0843250600 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 18 Oct 2024 10:51:10 +0200 Subject: rust: provide safe wrapper for MaybeUninit::zeroed() MaybeUninit::zeroed() is handy, but it introduces unsafe (and has a pretty heavy syntax in general). Introduce a trait that provides the same functionality while staying within safe Rust. In addition, MaybeUninit::zeroed() is not available as a "const" function until Rust 1.75.0, so this also prepares for having handwritten implementations of the trait until we can assume that version. Reviewed-by: Junjie Mao Reviewed-by: Kevin Wolf Signed-off-by: Paolo Bonzini --- rust/qemu-api/src/zeroable.rs | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 rust/qemu-api/src/zeroable.rs (limited to 'rust/qemu-api/src/zeroable.rs') diff --git a/rust/qemu-api/src/zeroable.rs b/rust/qemu-api/src/zeroable.rs new file mode 100644 index 0000000..45ec95c --- /dev/null +++ b/rust/qemu-api/src/zeroable.rs @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0-or-later + +/// Encapsulates the requirement that +/// `MaybeUninit::::zeroed().assume_init()` does not cause +/// undefined behavior. +/// +/// # Safety +/// +/// Do not add this trait to a type unless all-zeroes is +/// a valid value for the type. In particular, remember that raw +/// pointers can be zero, but references and `NonNull` cannot +/// unless wrapped with `Option<>`. +pub unsafe trait Zeroable: Default { + /// SAFETY: If the trait was added to a type, then by definition + /// this is safe. + const ZERO: Self = unsafe { ::core::mem::MaybeUninit::::zeroed().assume_init() }; +} + +unsafe impl Zeroable for crate::bindings::Property__bindgen_ty_1 {} +unsafe impl Zeroable for crate::bindings::Property {} +unsafe impl Zeroable for crate::bindings::VMStateDescription {} +unsafe impl Zeroable for crate::bindings::MemoryRegionOps__bindgen_ty_1 {} +unsafe impl Zeroable for crate::bindings::MemoryRegionOps__bindgen_ty_2 {} -- cgit v1.1