Skip to content

Make SizeEq safe #2907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
joshlf merged 1 commit into from
Jan 22, 2026
Merged

Make SizeEq safe #2907

joshlf merged 1 commit into from
Jan 22, 2026
+135 −64

Conversation

@joshlf
Copy link
Member

@joshlf joshlf commented Jan 22, 2026
edited
Loading

Make SizeEq safe by moving its safety invariant to a new CastExact
trait which now bounds the associated SizeEq::CastFrom type. This
permits us to write safety proofs in fewer places, since there are
certain CastFrom impls which we can re-use for many SizeEq impls.

Makes progress on #2701, #1940, #1852

Latest Update: v18 — Compare vs v17

📚 Full Patch History

Links show the diff between the row version and the column version.

Version v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v17 v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v9 v8 v7 v6 v5 v4 v3 v2 v1 Base
v8 v7 v6 v5 v4 v3 v2 v1 Base
v7 v6 v5 v4 v3 v2 v1 Base
v6 v5 v4 v3 v2 v1 Base
v5 v4 v3 v2 v1 Base
v4 v3 v2 v1 Base
v3 v2 v1 Base
v2 v1 Base
v1 Base

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Jan 22, 2026

Summary of Changes

Hello @joshlf, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly refactors the SizeEq trait in the codebase to enhance its safety and maintainability. By introducing a new CastExact trait, the responsibility for guaranteeing size-preserving casts is explicitly delegated, allowing SizeEq to become a regular trait. This change centralizes safety invariants, simplifies future safety proofs, and improves the overall robustness of pointer casting mechanisms.

Highlights

  • Refactored SizeEq Trait: The SizeEq trait is no longer unsafe, with its safety invariants moved to a new CastExact trait, making SizeEq a regular trait and centralizing safety guarantees.
  • Introduced CastExact Trait: A new unsafe trait CastExact is added, which explicitly guarantees that a pointer projection preserves the exact set of referent bytes, improving the clarity and enforceability of safety invariants.
  • Improved Safety Proofs: By bounding SizeEq::CastFrom with CastExact, safety proofs are now centralized and can be reused across multiple implementations, reducing the surface area for potential errors and simplifying reasoning about correctness.
  • New CastSizedExact Type: A new CastSizedExact enum is introduced for statically-sized exact casts, ensuring compile-time size equality and providing a dedicated mechanism for such operations.
  • Renamed Macros and Functions: Several macros (impl_size_eq!, assert_size_eq!, unsafe_with_size_eq!) and test functions (test_size_eq) have been renamed to _compat variants to better reflect the new semantics of size compatibility handled by CastExact.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 22, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request refactors the SizeEq trait to be safe by introducing a new CastExact trait, which now carries the safety invariant. This is a positive change that improves the clarity and localization of unsafe code guarantees. The changes involve renaming macros, updating trait implementations, and adjusting documentation to reflect the new design. The UI test output files have also been updated to match the macro renames.

@joshlf joshlf force-pushed the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch from c524a36 to f6f8283 Compare January 22, 2026 18:31
@joshlf joshlf changed the base branch from main to Gba34c175d9c27344e336de4ed088eb0754d87f30 January 22, 2026 18:31
@joshlf joshlf mentioned this pull request Jan 22, 2026
Merged
@joshlf joshlf force-pushed the Gba34c175d9c27344e336de4ed088eb0754d87f30 branch from 798e16d to f902320 Compare January 22, 2026 18:34
@joshlf joshlf force-pushed the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch 4 times, most recently from 5cf61fc to 5f72904 Compare January 22, 2026 18:44
@joshlf joshlf changed the base branch from Gba34c175d9c27344e336de4ed088eb0754d87f30 to G31f38f3a71e4f8e878e91a9e0d53fd34b4f4d8cb January 22, 2026 18:44
@joshlf joshlf mentioned this pull request Jan 22, 2026
Merged
@codecov-commenter
Copy link

codecov-commenter commented Jan 22, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.90%. Comparing base (d6fd7f3) to head (4cb7174).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2907   +/-   ##
=======================================
  Coverage   91.90%   91.90%           
=======================================
  Files          20       20           
  Lines        5879     5883    +4     
=======================================
+ Hits         5403     5407    +4     
  Misses        476      476

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@joshlf joshlf force-pushed the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch from 5f72904 to b1dd103 Compare January 22, 2026 19:33
@joshlf joshlf force-pushed the G31f38f3a71e4f8e878e91a9e0d53fd34b4f4d8cb branch from 450f99d to bb8ec06 Compare January 22, 2026 19:33
@joshlf joshlf force-pushed the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch from b1dd103 to f606ad5 Compare January 22, 2026 19:38
@joshlf joshlf force-pushed the G31f38f3a71e4f8e878e91a9e0d53fd34b4f4d8cb branch 2 times, most recently from bd011be to cb90955 Compare January 22, 2026 19:50
Base automatically changed from G31f38f3a71e4f8e878e91a9e0d53fd34b4f4d8cb to main January 22, 2026 20:36
@joshlf joshlf force-pushed the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch from f606ad5 to a4ef307 Compare January 22, 2026 20:37
@joshlf joshlf changed the base branch from main to G64ec124d566c828ea61e6edf831a10338aa4c879 January 22, 2026 20:37
This was referenced Jan 22, 2026
Merged
Open
@joshlf joshlf force-pushed the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch from a4ef307 to 591b556 Compare January 22, 2026 20:38
@joshlf joshlf force-pushed the G64ec124d566c828ea61e6edf831a10338aa4c879 branch from 6b22f50 to 22b998f Compare January 22, 2026 20:39
@joshlf joshlf force-pushed the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch from 591b556 to 62ea699 Compare January 22, 2026 20:44
@joshlf joshlf force-pushed the G64ec124d566c828ea61e6edf831a10338aa4c879 branch 2 times, most recently from b65b2c0 to d3d7fbd Compare January 22, 2026 20:47
@joshlf joshlf force-pushed the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch from 62ea699 to 522141c Compare January 22, 2026 20:47
@joshlf joshlf force-pushed the G64ec124d566c828ea61e6edf831a10338aa4c879 branch from d3d7fbd to eb8f348 Compare January 22, 2026 20:57
@joshlf joshlf force-pushed the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch from 522141c to f0a5b8c Compare January 22, 2026 20:57
Base automatically changed from G64ec124d566c828ea61e6edf831a10338aa4c879 to main January 22, 2026 21:44
@joshlf
Make SizeEq safe
4cb7174 
Make `SizeEq` safe by moving its safety invariant to a new `CastExact`
trait which now bounds the associated `SizeEq::CastFrom` type. This
permits us to write safety proofs in fewer places, since there are
certain `CastFrom` impls which we can re-use for many `SizeEq` impls.

Makes progress on #2701, #1940, #1852

gherrit-pr-id: Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3
@joshlf joshlf force-pushed the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch from f0a5b8c to 4cb7174 Compare January 22, 2026 21:45
@joshlf joshlf enabled auto-merge January 22, 2026 21:45
@joshlf joshlf added this pull request to the merge queue Jan 22, 2026
Merged via the queue into main with commit 5754fd7 Jan 22, 2026
106 of 124 checks passed
@joshlf joshlf deleted the Gda7c06c9a8e54f5afd6aa5a093406a7b71259fd3 branch January 22, 2026 22:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jswrenn jswrenn jswrenn approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joshlf @codecov-commenter @jswrenn