getrandom/
util.rs

1#![allow(dead_code)]
2use crate::Error;
3use core::{mem::MaybeUninit, ptr, slice};
4
5/// Polyfill for `maybe_uninit_slice` feature's
6/// `MaybeUninit::slice_assume_init_mut`. Every element of `slice` must have
7/// been initialized.
8#[inline(always)]
9#[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
10pub unsafe fn slice_assume_init_mut<T>(slice: &mut [MaybeUninit<T>]) -> &mut [T] {
11    let ptr = ptr_from_mut::<[MaybeUninit<T>]>(slice) as *mut [T];
12    // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
13    unsafe { &mut *ptr }
14}
15
16#[inline]
17pub fn uninit_slice_fill_zero(slice: &mut [MaybeUninit<u8>]) -> &mut [u8] {
18    unsafe { ptr::write_bytes(slice.as_mut_ptr(), 0, slice.len()) };
19    unsafe { slice_assume_init_mut(slice) }
20}
21
22#[inline(always)]
23pub fn slice_as_uninit<T>(slice: &[T]) -> &[MaybeUninit<T>] {
24    let ptr = ptr_from_ref::<[T]>(slice) as *const [MaybeUninit<T>];
25    // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
26    unsafe { &*ptr }
27}
28
29/// View an mutable initialized array as potentially-uninitialized.
30///
31/// This is unsafe because it allows assigning uninitialized values into
32/// `slice`, which would be undefined behavior.
33#[inline(always)]
34#[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
35pub unsafe fn slice_as_uninit_mut<T>(slice: &mut [T]) -> &mut [MaybeUninit<T>] {
36    let ptr = ptr_from_mut::<[T]>(slice) as *mut [MaybeUninit<T>];
37    // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
38    unsafe { &mut *ptr }
39}
40
41// TODO: MSRV(1.76.0): Replace with `core::ptr::from_mut`.
42fn ptr_from_mut<T: ?Sized>(r: &mut T) -> *mut T {
43    r
44}
45
46// TODO: MSRV(1.76.0): Replace with `core::ptr::from_ref`.
47fn ptr_from_ref<T: ?Sized>(r: &T) -> *const T {
48    r
49}
50
51/// Default implementation of `inner_u32` on top of `fill_uninit`
52pub fn inner_u32() -> Result<u32, Error> {
53    let mut res = MaybeUninit::<u32>::uninit();
54    // SAFETY: the created slice has the same size as `res`
55    let dst = unsafe {
56        let p: *mut MaybeUninit<u8> = res.as_mut_ptr().cast();
57        slice::from_raw_parts_mut(p, core::mem::size_of::<u32>())
58    };
59    crate::fill_uninit(dst)?;
60    // SAFETY: `dst` has been fully initialized by `imp::fill_inner`
61    // since it returned `Ok`.
62    Ok(unsafe { res.assume_init() })
63}
64
65/// Default implementation of `inner_u64` on top of `fill_uninit`
66pub fn inner_u64() -> Result<u64, Error> {
67    let mut res = MaybeUninit::<u64>::uninit();
68    // SAFETY: the created slice has the same size as `res`
69    let dst = unsafe {
70        let p: *mut MaybeUninit<u8> = res.as_mut_ptr().cast();
71        slice::from_raw_parts_mut(p, core::mem::size_of::<u64>())
72    };
73    crate::fill_uninit(dst)?;
74    // SAFETY: `dst` has been fully initialized by `imp::fill_inner`
75    // since it returned `Ok`.
76    Ok(unsafe { res.assume_init() })
77}
78
79/// Truncates `u64` and returns the lower 32 bits as `u32`
80pub(crate) fn truncate(val: u64) -> u32 {
81    u32::try_from(val & u64::from(u32::MAX)).expect("The higher 32 bits are masked")
82}