Implement FromZeroes for thin raw pointers

Makes progress on #170

Author: joshlf

src/lib.rs

@@ -945,6 +945,35 @@ safety_comment! {
     unsafe_impl!(T: ?Sized + Unaligned => Unaligned for ManuallyDrop<T>);
     assert_unaligned!(ManuallyDrop<()>, ManuallyDrop<u8>);
 }
+safety_comment! {
+    /// SAFETY:
+    /// The all-zeroes const and mut raw pointers are valid (see e.g.
+    /// `ptr::null` [1] and `ptr::null_mut` [2]). Unlike non-null pointers, it
+    /// is always unsound to dereference null pointers, and so it's not a
+    /// footgun that converting from zeroes may not preserve pointer provenance
+    /// information.
+    ///
+    /// Since the encoding of fat pointers is not currently defined by the
+    /// reference, it would not be sound to implement `FromZeroes` for fat
+    /// pointer types such `*const T` for `T: ?Sized` or even for more
+    /// constrained pointer types such as `*const [T]` for `T: Sized`.
+    ///
+    /// Currently, though it would likely be sound, we choose not to implement
+    /// `FromBytes` or `AsBytes` for raw pointers because it would be easy for
+    /// code to mistakenly assume that converting from a raw pointer to a
+    /// different representation (such as a byte array) and back again via
+    /// `FromBytes` and `AsBytes` would result in a semantically identical
+    /// pointer. Thanks to provenance information, that may not actually be
+    /// true, so this would present a serious footgun. Note that this aspect of
+    /// Rust's memory model is still up in the air, so it's possible that these
+    /// conversions will one day be determined to be sound, at which point we
+    /// could choose to support these impls. See #170 for more information.
+    ///
+    /// [1] https://doc.rust-lang.org/core/ptr/fn.null.html
+    /// [2] https://doc.rust-lang.org/core/ptr/fn.null_mut.html
+    unsafe_impl!(T: Sized => FromZeroes for *const T);
+    unsafe_impl!(T: Sized => FromZeroes for *mut T);
+}
 safety_comment! {
     /// SAFETY:
     /// Per the reference [1]:
@@ -3983,6 +4012,9 @@ mod tests {
         assert_impls!(Unalign<u8>: FromZeroes, FromBytes, AsBytes, Unaligned);
         assert_impls!(Unalign<NotZerocopy>: Unaligned, !FromZeroes, !FromBytes, !AsBytes);
 
+        assert_impls!(*const NotZerocopy: FromZeroes, !FromBytes, !AsBytes, !Unaligned);
+        assert_impls!(*mut NotZerocopy: FromZeroes, !FromBytes, !AsBytes, !Unaligned);
+
         assert_impls!([u8]: FromZeroes, FromBytes, AsBytes, Unaligned);
         assert_impls!([NotZerocopy]: !FromZeroes, !FromBytes, !AsBytes, !Unaligned);
         assert_impls!([u8; 0]: FromZeroes, FromBytes, AsBytes, Unaligned);

zerocopy-derive/tests/ui-nightly/derive_transparent.stderr

@@ -6,13 +6,13 @@ error[E0277]: the trait bound `NotZerocopy: FromZeroes` is not satisfied
    |
    = help: the following other types implement trait `FromZeroes`:
              ()
+             *const T
+             *mut T
              AU16
              F32<O>
              F64<O>
              I128<O>
              I16<O>
-             I32<O>
-             I64<O>
            and $N others
 note: required for `TransparentStruct<NotZerocopy>` to implement `FromZeroes`
   --> tests/ui-nightly/derive_transparent.rs:23:19

zerocopy-derive/tests/ui-nightly/late_compile_pass.stderr

@@ -6,13 +6,13 @@ error[E0277]: the trait bound `NotZerocopy: FromZeroes` is not satisfied
    |
    = help: the following other types implement trait `FromZeroes`:
              ()
+             *const T
+             *mut T
              AU16
              F32<O>
              F64<O>
              FromZeroes1
              I128<O>
-             I16<O>
-             I32<O>
            and $N others
    = help: see issue #48214
    = help: add `#![feature(trivial_bounds)]` to the crate attributes to enable
@@ -46,13 +46,13 @@ error[E0277]: the trait bound `FromBytes1: FromZeroes` is not satisfied
    |
    = help: the following other types implement trait `FromZeroes`:
              ()
+             *const T
+             *mut T
              AU16
              F32<O>
              F64<O>
              FromZeroes1
              I128<O>
-             I16<O>
-             I32<O>
            and $N others
 note: required by a bound in `FromBytes`
   --> $WORKSPACE/src/lib.rs