Add zerocopy support

Closes google/zerocopy#1444
joshlf · Oct 11, 2024 · e08f711 · e08f711
1 parent d7c1d65
commit e08f711
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 0 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -24,6 +24,7 @@ std = []
 
 [dependencies]
 serde = { version = "1.0.60", optional = true, default-features = false, features = ["alloc"] }
+zerocopy = { version = "0.8.5", optional = true, default-features = false }
 
 [dev-dependencies]
 serde_test = "1.0"

diff --git a/src/bytes.rs b/src/bytes.rs
@@ -1448,6 +1448,29 @@ fn _split_to_must_use() {}
 /// ```
 fn _split_off_must_use() {}
 
+#[cfg(feature = "zerocopy")]
+mod zerocopy {
+    use super::*;
+
+    // SAFETY: `<Bytes as Deref>::deref` calls `Bytes::as_slice`, which
+    // constructs its return value from the `ptr` and `len` fields. Neither of
+    // these fields are modified by any methods on `ByteSlice` or its
+    // super-traits (namely, `Deref::deref`). `Bytes` does not implement
+    // `ByteSliceMut`, `IntoByteSlice`, or `IntoByteSliceMut`. Thus, `<Bytes as
+    // Deref>::deref` is "stable" in the sense required by `ByteSlice`'s safety
+    // invariant.
+    unsafe impl ::zerocopy::ByteSlice for Bytes {}
+    // SAFETY: `split_at_unchecked` is implemented in terms of
+    // `Bytes::split_off`, which is implemented as required by
+    // `SplitByteSlice`'s safety invariant.
+    unsafe impl ::zerocopy::SplitByteSlice for Bytes {
+        unsafe fn split_at_unchecked(mut self, mid: usize) -> (Bytes, Bytes) {
+            let tail = self.split_off(mid);
+            (self, tail)
+        }
+    }
+}
+
 // fuzz tests
 #[cfg(all(test, loom))]
 mod fuzz {

diff --git a/src/bytes_mut.rs b/src/bytes_mut.rs
@@ -1880,6 +1880,32 @@ fn _split_off_must_use() {}
 /// ```
 fn _split_must_use() {}
 
+#[cfg(feature = "zerocopy")]
+mod zerocopy {
+    use super::*;
+
+    // SAFETY: `<BytesMut as Deref>::deref` calls `Bytes::as_slice`, and
+    // `<BytesMut as DerefMut>::deref_mut` calls `Bytes::as_slice_mut`, both of
+    // which construct their return values from the `ptr` and `len` fields.
+    // Neither of these fields are modified by any methods on `ByteSlice`,
+    // `ByteSliceMut`, or their super-traits (namely, `Deref::deref` and
+    // `DerefMut::deref_mut`). `Bytes` does not implement `IntoByteSlice` or
+    // `IntoByteSliceMut`. Thus, `<Bytes as Deref>::deref` and `<BytesMut as
+    // DerefMut>::deref_mut` are "stable" in the sense required by
+    // `ByteSliceMut`'s safety invariant.
+    unsafe impl ::zerocopy::ByteSlice for BytesMut {}
+    unsafe impl ::zerocopy::CloneableByteSlice for BytesMut {}
+    // SAFETY: `split_at_unchecked` is implemented in terms of
+    // `BytesMut::split_off`, which is implemented as required by
+    // `SplitByteSlice`'s safety invariant.
+    unsafe impl ::zerocopy::SplitByteSlice for BytesMut {
+        unsafe fn split_at_unchecked(mut self, mid: usize) -> (BytesMut, BytesMut) {
+            let tail = self.split_off(mid);
+            (self, tail)
+        }
+    }
+}
+
 // fuzz tests
 #[cfg(all(test, loom))]
 mod fuzz {