MaybeUninit::zeroed() is handy but is not available as a "const" function
until Rust 1.75.0.
Remove the default implementation of Zeroable::ZERO, and write by hand
the definitions for those types that need it. It may be possible to
add automatic implementation of the trait, via a procedural macro and/or
a trick similar to offset_of!, but do it the easy way for now.
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
rust/qemu-api/src/zeroable.rs | 91 +++++++++++++++++++++++++++++------
1 file changed, 77 insertions(+), 14 deletions(-)
diff --git a/rust/qemu-api/src/zeroable.rs b/rust/qemu-api/src/zeroable.rs
index 45ec95c9f70..13cdb2ccba5 100644
--- a/rust/qemu-api/src/zeroable.rs
+++ b/rust/qemu-api/src/zeroable.rs
@@ -1,23 +1,86 @@
// SPDX-License-Identifier: GPL-2.0-or-later
+use std::ptr;
+
/// Encapsulates the requirement that
-/// `MaybeUninit::<Self>::zeroed().assume_init()` does not cause
-/// undefined behavior.
+/// `MaybeUninit::<Self>::zeroed().assume_init()` does not cause undefined
+/// behavior. This trait in principle could be implemented as just:
+///
+/// ```
+/// const ZERO: Self = unsafe {
+///
::core::mem::MaybeUninit::<$crate::bindings::Property>::zeroed().assume_init()
+/// },
+/// ```
+///
+/// The need for a manual implementation is only because `zeroed()` cannot
+/// be used as a `const fn` prior to Rust 1.75.0. Once we can assume a new
+/// enough version of the compiler, we could provide a `#[derive(Zeroable)]`
+/// macro to check at compile-time that all struct fields are Zeroable, and
+/// use the above blanket implementation of the `ZERO` constant.
///
/// # Safety
///
-/// Do not add this trait to a type unless all-zeroes is
-/// a valid value for the type. In particular, remember that raw
-/// pointers can be zero, but references and `NonNull<T>` cannot
-/// unless wrapped with `Option<>`.
+/// Because the implementation of `ZERO` is manual, it does not make
+/// any assumption on the safety of `zeroed()`. However, other users of the
+/// trait could use it that way. Do not add this trait to a type unless
+/// all-zeroes is a valid value for the type. In particular, remember that
+/// raw pointers can be zero, but references and `NonNull<T>` cannot
pub unsafe trait Zeroable: Default {
- /// SAFETY: If the trait was added to a type, then by definition
- /// this is safe.
- const ZERO: Self = unsafe {
::core::mem::MaybeUninit::<Self>::zeroed().assume_init() };
+ const ZERO: Self;
}
-unsafe impl Zeroable for crate::bindings::Property__bindgen_ty_1 {}
-unsafe impl Zeroable for crate::bindings::Property {}
-unsafe impl Zeroable for crate::bindings::VMStateDescription {}
-unsafe impl Zeroable for crate::bindings::MemoryRegionOps__bindgen_ty_1 {}
-unsafe impl Zeroable for crate::bindings::MemoryRegionOps__bindgen_ty_2 {}
+unsafe impl Zeroable for crate::bindings::Property__bindgen_ty_1 {
+ const ZERO: Self = Self { i: 0 };
+}
+
+unsafe impl Zeroable for crate::bindings::Property {
+ const ZERO: Self = Self {
+ name: ptr::null(),
+ info: ptr::null(),
+ offset: 0,
+ bitnr: 0,
+ bitmask: 0,
+ set_default: false,
+ defval: Zeroable::ZERO,
+ arrayoffset: 0,
+ arrayinfo: ptr::null(),
+ arrayfieldsize: 0,
+ link_type: ptr::null(),
+ };
+}
+
+unsafe impl Zeroable for crate::bindings::VMStateDescription {
+ const ZERO: Self = Self {
+ name: ptr::null(),
+ unmigratable: false,
+ early_setup: false,
+ version_id: 0,
+ minimum_version_id: 0,
+ priority: crate::bindings::MigrationPriority::MIG_PRI_DEFAULT,
+ pre_load: None,
+ post_load: None,
+ pre_save: None,
+ post_save: None,
+ needed: None,
+ dev_unplug_pending: None,
+ fields: ptr::null(),
+ subsections: ptr::null(),
+ };
+}
+
+unsafe impl Zeroable for crate::bindings::MemoryRegionOps__bindgen_ty_1 {
+ const ZERO: Self = Self {
+ min_access_size: 0,
+ max_access_size: 0,
+ unaligned: false,
+ accepts: None,
+ };
+}
+
+unsafe impl Zeroable for crate::bindings::MemoryRegionOps__bindgen_ty_2 {
+ const ZERO: Self = Self {
+ min_access_size: 0,
+ max_access_size: 0,
+ unaligned: false,
+ };
+}
--
2.47.0
