This depends on the `assertions` crate added in CL:1366819.
`const_assert!(boolean expression)` is a compile-time assertion that
fails to compile if the expression is false.
TEST=`cargo check` each of the modified crates
Change-Id: I559884baf2275b1b506619693cd100a4ffc8adcd
Reviewed-on: https://chromium-review.googlesource.com/1368364
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Because the alignment of the data passed into from_slice is not checked,
it is very easy to pass in unaligned data that will get dereferenced at
a later point in the code. On ARM, this will lead to a SIGBUS.
This change adds an alignment check to prevent getting a signal.
Instead, the caller will get `None`.
BUG=chromium:900962
TEST=cargo test -p data_model
Change-Id: I7a0f835f7d0ffd8c3d44bbcd80a790027f652bc9
Reviewed-on: https://chromium-review.googlesource.com/1343989
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Now that cargo fmt has landed, run it over everything at once to bring
rust source to the standard formatting.
TEST=cargo test
BUG=None
Change-Id: Ic95a48725e5a40dcbd33ba6d5aef2bd01e91865b
Reviewed-on: https://chromium-review.googlesource.com/1259287
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
These functions are very useful C-style type casting of byte buffers to
structs in a safe manner for types that implement DataInit.
BUG=None
TEST=None
Change-Id: I4c8e1b9f7f13da5a39b65f224b65f09f31d56f1c
Reviewed-on: https://chromium-review.googlesource.com/869354
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This includes both VolatileRef, for accessing DataInit, and
VolatileSlice, for accessing bulk raw memory.
BUG=None
TEST=cargo test
Change-Id: I356c7e6f05361fa711dc91555f68e4323667884a
Reviewed-on: https://chromium-review.googlesource.com/547050
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
These types are just like normal unsigned primitives, except their
endian is explicit.
TEST=cargo test
BUG=None
Change-Id: I3d0a7f7ccbf276e2cfdb34310f173df193c70c79
Reviewed-on: https://chromium-review.googlesource.com/544692
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
The data_model crate is created to hold the DataInit trait. Types
implementing this unsafe trait must guarantee that the type can be
initialized with random data and the resulting object will be valid.
Change-Id: Id6314d114805ec502adabe50a8bd6aa42fdb2c52
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/541681
Reviewed-by: Zach Reizner <zachr@chromium.org>
