Introduce ReadOnly<T> which is unconditionally Immutable

[joshlf]

In order to make this sound, we change the safety invariant on
Immutable to narrowly ban interior mutation. In other words, the
presence of UnsafeCells is acceptable so long as no interior mutation
is performed in practice.

While we're here, remove the final remaining references to Immutable's
old name, NoCell.

Makes progress on #2336
Closes #1760

---

• 　 [derive] Allow TryFromBytes on non-Immutable unions #2876
• 　 Use ReadOnly in TryFromBytes::is_bit_valid #2873
• 　 [WIP] Wrapped projections #2919
• 👉 Introduce ReadOnly<T> which is unconditionally Immutable #2866

Latest Update: v64 — Compare vs v63

📚 Full Patch History

Links show the diff between the row version and the column version.

Version	v63	v62	v61	v60	v59	v58	v57	v56	v55	v54	v53	v52	v51	v50	v49	v48	v47	v46	v45	v44	v43	v42	v41	v40	v39	v38	v37	v36	v35	v34	v33	v32	v31	v30	v29	v28	v27	v26	v25	v24	v23	v22	v21	v20	v19	v18	v17	v16	v15	v14	v13	v12	v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v64	v63	v62	v61	v60	v59	v58	v57	v56	v55	v54	v53	v52	v51	v50	v49	v48	v47	v46	v45	v44	v43	v42	v41	v40	v39	v38	v37	v36	v35	v34	v33	v32	v31	v30	v29	v28	v27	v26	v25	v24	v23	v22	v21	v20	v19	v18	v17	v16	v15	v14	v13	v12	v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v63		v62																																																														Base
v62			v61																																																													Base
v61				v60																																																												Base
v60					v59																																																											Base
v59						v58																																																										Base
v58							v57																																																									Base
v57								v56																																																								Base
v56									v55																																																							Base
v55										v54																																																						Base
v54											v53																																																					Base
v53												v52																																																				Base
v52													v51																																																			Base
v51														v50																																																		Base
v50															v49																																																	Base
v49																v48																																																Base
v48																	v47																																															Base
v47																		v46																																														Base
v46																			v45																																													Base
v45																				v44																																												Base
v44																					v43																																											Base
v43																						v42																																										Base
v42																							v41																																									Base
v41																								v40																																								Base
v40																									v39																																							Base
v39																										v38																																						Base
v38																											v37																																					Base
v37																												v36																																				Base
v36																													v35																																			Base
v35																														v34																																		Base
v34																															v33																																	Base
v33																																v32																																Base
v32																																	v31																															Base
v31																																		v30																														Base
v30																																			v29																													Base
v29																																				v28																												Base
v28																																					v27																											Base
v27																																						v26																										Base
v26																																							v25																									Base
v25																																								v24																								Base
v24																																									v23																							Base
v23																																										v22																						Base
v22																																											v21																					Base
v21																																												v20																				Base
v20																																													v19																			Base
v19																																														v18																		Base
v18																																															v17																	Base
v17																																																v16																Base
v16																																																	v15															Base
v15																																																		v14														Base
v14																																																			v13													Base
v13																																																				v12												Base
v12																																																					v11											Base
v11																																																						v10										Base
v10																																																							v9									Base
v9																																																								v8								Base
v8																																																									v7							Base
v7																																																										v6						Base
v6																																																											v5					Base
v5																																																												v4				Base
v4																																																													v3			Base
v3																																																														v2		Base
v2																																																															v1	Base
v1																																																																Base

[gemini-code-assist]

Summary of Changes

Hello @joshlf, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new ReadOnly<T> wrapper type designed to enforce read-only access to its inner value, integrating it deeply into the existing type system for low-level memory and pointer manipulation. It also lays the groundwork for handling projections through wrapped types by defining new Wrapped and HasWrappedField traits, which are then implemented for ReadOnly<T> as well as standard library types like MaybeUninit and Wrapping. This work is currently in progress, as indicated by the [WIP] title and numerous TODO comments, signifying that further documentation and safety considerations are pending.

Highlights

• Introduction of ReadOnly: A new #[repr(transparent)] struct ReadOnly<T> is added, intended to provide a read-only view of an underlying type T. This wrapper is designed to integrate seamlessly with the existing type system for low-level memory and pointer manipulation.
• New Pointer Casting Traits: The src/pointer/mod.rs file introduces new unsafe traits, Wrapped and HasWrappedField, which are crucial for facilitating advanced casting and projection operations involving wrapped types. These traits define how to 'unwrap' a type and how to project fields within wrapped structures.
• Integration with Existing Type System: ReadOnly<T> is extensively integrated with various existing traits, including KnownLayout, Unaligned, TryFromBytes, FromZeros, FromBytes, IntoBytes, Immutable, SizeEq, and TransmuteFrom. It also implements the newly introduced Wrapped and HasWrappedField traits, ensuring its compatibility and utility within the framework.
• Standard Library Type Support: The new Wrapped and HasWrappedField traits are implemented for standard library types such as MaybeUninit<T> and Wrapping<T>, demonstrating their general applicability and laying the groundwork for consistent handling of wrapped data structures.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new ReadOnly<T> wrapper type. While it's a work in progress, there are two critical issues with the current implementation that need to be addressed. First, ReadOnly<T> incorrectly implements DerefMut, which contradicts its purpose and allows mutation of the wrapped data. Second, it has an unsound unconditional unsafe impl of the Immutable trait, which can lead to undefined behavior by violating one of the core safety invariants of zerocopy. I've provided detailed comments and suggestions for both of these critical issues.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 0% with 24 lines in your changes missing coverage. Please review.
✅ Project coverage is 91.36%. Comparing base (f1ae52e) to head (108d57a).

Files with missing lines	Patch %	Lines
src/wrappers.rs	0.00%	23 Missing ⚠️
src/lib.rs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2866      +/-   ##
==========================================
- Coverage   91.72%   91.36%   -0.36%     
==========================================
  Files          20       20              
  Lines        5908     5931      +23     
==========================================
  Hits         5419     5419              
- Misses        489      512      +23     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[joshlf]

/gemini review

[gemini-code-assist]

Code Review

This pull request refactors the Immutable trait's safety invariant to focus on preventing interior mutation rather than strictly banning UnsafeCells. This change is reflected in updated documentation and the introduction of a new ReadOnly<T> wrapper type. The ReadOnly<T> wrapper ensures that a &ReadOnly<T> is genuinely read-only, making it unconditionally Immutable regardless of whether the wrapped T is. The changes also include renaming derive_no_cell to derive_immutable for consistency.