getrandom/
util.rs

1#![allow(dead_code)]
2use crate::Error;
3use core::{mem::MaybeUninit, ptr, slice};
4
5/// Polyfill for `maybe_uninit_slice` feature's
6/// `MaybeUninit::slice_assume_init_mut`. Every element of `slice` must have
7/// been initialized.
8#[inline(always)]
9#[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
10pub unsafe fn slice_assume_init_mut<T>(slice: &mut [MaybeUninit<T>]) -> &mut [T] {
11    let ptr = ptr_from_mut::<[MaybeUninit<T>]>(slice) as *mut [T];
12    // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
13    unsafe { &mut *ptr }
14}
15
16#[inline]
17pub fn uninit_slice_fill_zero(slice: &mut [MaybeUninit<u8>]) -> &mut [u8] {
18    unsafe { ptr::write_bytes(slice.as_mut_ptr(), 0, slice.len()) };
19    unsafe { slice_assume_init_mut(slice) }
20}
21
22#[inline(always)]
23pub fn slice_as_uninit<T>(slice: &[T]) -> &[MaybeUninit<T>] {
24    let ptr = ptr_from_ref::<[T]>(slice) as *const [MaybeUninit<T>];
25    // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
26    unsafe { &*ptr }
27}
28
29/// View an mutable initialized array as potentially-uninitialized.
30///
31/// This is unsafe because it allows assigning uninitialized values into
32/// `slice`, which would be undefined behavior.
33#[inline(always)]
34#[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
35pub unsafe fn slice_as_uninit_mut<T>(slice: &mut [T]) -> &mut [MaybeUninit<T>] {
36    let ptr = ptr_from_mut::<[T]>(slice) as *mut [MaybeUninit<T>];
37    // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
38    unsafe { &mut *ptr }
39}
40
41// TODO: MSRV(1.76.0): Replace with `core::ptr::from_mut`.
42fn ptr_from_mut<T: ?Sized>(r: &mut T) -> *mut T {
43    r
44}
45
46// TODO: MSRV(1.76.0): Replace with `core::ptr::from_ref`.
47fn ptr_from_ref<T: ?Sized>(r: &T) -> *const T {
48    r
49}
50
51/// Default implementation of `inner_u32` on top of `fill_uninit`
52#[inline]
53pub fn inner_u32() -> Result<u32, Error> {
54    let mut res = MaybeUninit::<u32>::uninit();
55    // SAFETY: the created slice has the same size as `res`
56    let dst = unsafe {
57        let p: *mut MaybeUninit<u8> = res.as_mut_ptr().cast();
58        slice::from_raw_parts_mut(p, core::mem::size_of::<u32>())
59    };
60    crate::fill_uninit(dst)?;
61    // SAFETY: `dst` has been fully initialized by `imp::fill_inner`
62    // since it returned `Ok`.
63    Ok(unsafe { res.assume_init() })
64}
65
66/// Default implementation of `inner_u64` on top of `fill_uninit`
67#[inline]
68pub fn inner_u64() -> Result<u64, Error> {
69    let mut res = MaybeUninit::<u64>::uninit();
70    // SAFETY: the created slice has the same size as `res`
71    let dst = unsafe {
72        let p: *mut MaybeUninit<u8> = res.as_mut_ptr().cast();
73        slice::from_raw_parts_mut(p, core::mem::size_of::<u64>())
74    };
75    crate::fill_uninit(dst)?;
76    // SAFETY: `dst` has been fully initialized by `imp::fill_inner`
77    // since it returned `Ok`.
78    Ok(unsafe { res.assume_init() })
79}
80
81/// Truncates `u64` and returns the lower 32 bits as `u32`
82pub(crate) fn truncate(val: u64) -> u32 {
83    u32::try_from(val & u64::from(u32::MAX)).expect("The higher 32 bits are masked")
84}
getrandom/util.rs

getrandom/
util.rs
