Skip to content

Commit

Permalink
document zerocopy's relationship to Project Safe Transmute
Browse files Browse the repository at this point in the history
Fixes #480
  • Loading branch information
jswrenn committed Oct 10, 2023
1 parent f40c10a commit c07573e
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 0 deletions.
24 changes: 24 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,30 @@ memory model, and *any future memory model*. We ensure this by:
[Miri]: https://github.com/rust-lang/miri
[Kani]: https://github.com/model-checking/kani

## Relationship to Project Safe Transmute

[Project Safe Transmute] is an official initiative of the Rust Project to
develop language-level support for safer transmutation. The Project consults
with crates like zerocopy to identify aspects of safer transmutation that
would benefit from compiler support, and has developed an [experimental,
compiler-supported analysis][mcp-transmutability] of when a value of one
type is soundly transmutable into another. Once this functionality is
sufficiently mature, zerocopy intends to replace its internal
transmutability analysis with the compiler-supported one. This change will
likely be solely an implementation detail that is invisible to zerocopy's
users.

However, Project Safe Transmute will not replace the need for most of
zerocopy's higher-level abstractions over transmutability. The experimental
compiler analysis is a tool for checking the soundness of `unsafe` code—not
a tool to avoid writing `unsafe` code altogether. For the foreseeable
future, crates like zerocopy will still be required in order to provide
higher-level abstractions on top of the building block provided by Project
Safe Transmute.

[Project Safe Transmute]: https://rust-lang.github.io/rfcs/2835-project-safe-transmute.html
[mcp-transmutability]: https://github.com/rust-lang/compiler-team/issues/411

## Disclaimer

Disclaimer: Zerocopy is not an officially supported Google product.
24 changes: 24 additions & 0 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,30 @@
//!
//! [Miri]: https://github.com/rust-lang/miri
//! [Kani]: https://github.com/model-checking/kani
//!
//! # Relationship to Project Safe Transmute
//!
//! [Project Safe Transmute] is an official initiative of the Rust Project to
//! develop language-level support for safer transmutation. The Project consults
//! with crates like zerocopy to identify aspects of safer transmutation that
//! would benefit from compiler support, and has developed an [experimental,
//! compiler-supported analysis][mcp-transmutability] of when a value of one
//! type is soundly transmutable into another. Once this functionality is
//! sufficiently mature, zerocopy intends to replace its internal
//! transmutability analysis with the compiler-supported one. This change will
//! likely be an implementation detail that is invisible to zerocopy's
//! users.
//!
//! However, Project Safe Transmute will not replace the need for most of
//! zerocopy's higher-level abstractions over transmutability. The experimental
//! compiler analysis is a tool for checking the soundness of `unsafe` code—not
//! a tool to avoid writing `unsafe` code altogether. For the foreseeable
//! future, crates like zerocopy will still be required in order to provide
//! higher-level abstractions on top of the building block provided by Project
//! Safe Transmute.
//!
//! [Project Safe Transmute]: https://rust-lang.github.io/rfcs/2835-project-safe-transmute.html
//! [mcp-transmutability]: https://github.com/rust-lang/compiler-team/issues/411
// Sometimes we want to use lints which were added after our MSRV.
// `unknown_lints` is `warn` by default and we deny warnings in CI, so without
Expand Down

0 comments on commit c07573e

Please sign in to comment.