• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..--

patches/25-Apr-2025-3130

src/25-Apr-2025-12,1375,752

testdata/include_value/25-Apr-2025-11

tests/25-Apr-2025-8,4686,147

.cargo-checksum.jsonD25-Apr-202532.7 KiB11

Android.bpD25-Apr-20252.4 KiB10296

CONTRIBUTING.mdD25-Apr-202510.2 KiB216162

Cargo.tomlD25-Apr-20252.1 KiB10285

INTERNAL.mdD25-Apr-20252.1 KiB4529

LICENSED25-Apr-20251.2 KiB2521

LICENSE-APACHED25-Apr-202511.1 KiB203169

LICENSE-BSDD25-Apr-20251.2 KiB2521

LICENSE-MITD25-Apr-20251 KiB2722

METADATAD25-Apr-2025680 2523

MODULE_LICENSE_BSD_LIKED25-Apr-20250

POLICIES.mdD25-Apr-20255.8 KiB11582

README.mdD25-Apr-20256.7 KiB155109

TEST_MAPPINGD25-Apr-2025162 98

cargo.shD25-Apr-20253.9 KiB12173

cargo_embargo.jsonD25-Apr-2025969 5251

clippy.tomlD25-Apr-2025446 119

generate-readme.shD25-Apr-20251.6 KiB5120

rustfmt.tomlD25-Apr-2025733 2016

README.md

1<!-- Copyright 2022 The Fuchsia Authors
2
3Licensed under a BSD-style license <LICENSE-BSD>, Apache License, Version 2.0
4<LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0>, or the MIT
5license <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your option.
6This file may not be copied, modified, or distributed except according to
7those terms.
8
9WARNING: DO NOT EDIT THIS FILE. It is generated automatically. Edits should be
10made in the doc comment on `src/lib.rs` or in `generate-readme.sh`.
11-->
12
13# zerocopy
14
15*<span style="font-size: 100%; color:grey;">Want to help improve zerocopy?
16Fill out our [user survey][user-survey]!</span>*
17
18***<span style="font-size: 140%">Fast, safe, <span
19style="color:red;">compile error</span>. Pick two.</span>***
20
21Zerocopy makes zero-cost memory manipulation effortless. We write `unsafe`
22so you don't have to.
23
24## Overview
25
26Zerocopy provides four core marker traits, each of which can be derived
27(e.g., `#[derive(FromZeroes)]`):
28- `FromZeroes` indicates that a sequence of zero bytes represents a valid
29  instance of a type
30- `FromBytes` indicates that a type may safely be converted from an
31  arbitrary byte sequence
32- `AsBytes` indicates that a type may safely be converted *to* a byte
33  sequence
34- `Unaligned` indicates that a type's alignment requirement is 1
35
36Types which implement a subset of these traits can then be converted to/from
37byte sequences with little to no runtime overhead.
38
39Zerocopy also provides byte-order aware integer types that support these
40conversions; see the `byteorder` module. These types are especially useful
41for network parsing.
42
43[user-survey]: https://docs.google.com/forms/d/e/1FAIpQLSdzBNTN9tzwsmtyZxRFNL02K36IWCdHWW2ZBckyQS2xiO3i8Q/viewform?usp=published_options
44
45## Cargo Features
46
47- **`alloc`**
48  By default, `zerocopy` is `no_std`. When the `alloc` feature is enabled,
49  the `alloc` crate is added as a dependency, and some allocation-related
50  functionality is added.
51
52- **`byteorder`** (enabled by default)
53  Adds the `byteorder` module and a dependency on the `byteorder` crate.
54  The `byteorder` module provides byte order-aware equivalents of the
55  multi-byte primitive numerical types. Unlike their primitive equivalents,
56  the types in this module have no alignment requirement and support byte
57  order conversions. This can be useful in handling file formats, network
58  packet layouts, etc which don't provide alignment guarantees and which may
59  use a byte order different from that of the execution platform.
60
61- **`derive`**
62  Provides derives for the core marker traits via the `zerocopy-derive`
63  crate. These derives are re-exported from `zerocopy`, so it is not
64  necessary to depend on `zerocopy-derive` directly.
65
66  However, you may experience better compile times if you instead directly
67  depend on both `zerocopy` and `zerocopy-derive` in your `Cargo.toml`,
68  since doing so will allow Rust to compile these crates in parallel. To do
69  so, do *not* enable the `derive` feature, and list both dependencies in
70  your `Cargo.toml` with the same leading non-zero version number; e.g:
71
72  ```toml
73  [dependencies]
74  zerocopy = "0.X"
75  zerocopy-derive = "0.X"
76  ```
77
78- **`simd`**
79  When the `simd` feature is enabled, `FromZeroes`, `FromBytes`, and
80  `AsBytes` impls are emitted for all stable SIMD types which exist on the
81  target platform. Note that the layout of SIMD types is not yet stabilized,
82  so these impls may be removed in the future if layout changes make them
83  invalid. For more information, see the Unsafe Code Guidelines Reference
84  page on the [layout of packed SIMD vectors][simd-layout].
85
86- **`simd-nightly`**
87  Enables the `simd` feature and adds support for SIMD types which are only
88  available on nightly. Since these types are unstable, support for any type
89  may be removed at any point in the future.
90
91[simd-layout]: https://rust-lang.github.io/unsafe-code-guidelines/layout/packed-simd-vectors.html
92
93## Security Ethos
94
95Zerocopy is expressly designed for use in security-critical contexts. We
96strive to ensure that that zerocopy code is sound under Rust's current
97memory model, and *any future memory model*. We ensure this by:
98- **...not 'guessing' about Rust's semantics.**
99  We annotate `unsafe` code with a precise rationale for its soundness that
100  cites a relevant section of Rust's official documentation. When Rust's
101  documented semantics are unclear, we work with the Rust Operational
102  Semantics Team to clarify Rust's documentation.
103- **...rigorously testing our implementation.**
104  We run tests using [Miri], ensuring that zerocopy is sound across a wide
105  array of supported target platforms of varying endianness and pointer
106  width, and across both current and experimental memory models of Rust.
107- **...formally proving the correctness of our implementation.**
108  We apply formal verification tools like [Kani][kani] to prove zerocopy's
109  correctness.
110
111For more information, see our full [soundness policy].
112
113[Miri]: https://github.com/rust-lang/miri
114[Kani]: https://github.com/model-checking/kani
115[soundness policy]: https://github.com/google/zerocopy/blob/main/POLICIES.md#soundness
116
117## Relationship to Project Safe Transmute
118
119[Project Safe Transmute] is an official initiative of the Rust Project to
120develop language-level support for safer transmutation. The Project consults
121with crates like zerocopy to identify aspects of safer transmutation that
122would benefit from compiler support, and has developed an [experimental,
123compiler-supported analysis][mcp-transmutability] which determines whether,
124for a given type, any value of that type may be soundly transmuted into
125another type. Once this functionality is sufficiently mature, zerocopy
126intends to replace its internal transmutability analysis (implemented by our
127custom derives) with the compiler-supported one. This change will likely be
128an implementation detail that is invisible to zerocopy's users.
129
130Project Safe Transmute will not replace the need for most of zerocopy's
131higher-level abstractions. The experimental compiler analysis is a tool for
132checking the soundness of `unsafe` code, not a tool to avoid writing
133`unsafe` code altogether. For the foreseeable future, crates like zerocopy
134will still be required in order to provide higher-level abstractions on top
135of the building block provided by Project Safe Transmute.
136
137[Project Safe Transmute]: https://rust-lang.github.io/rfcs/2835-project-safe-transmute.html
138[mcp-transmutability]: https://github.com/rust-lang/compiler-team/issues/411
139
140## MSRV
141
142See our [MSRV policy].
143
144[MSRV policy]: https://github.com/google/zerocopy/blob/main/POLICIES.md#msrv
145
146## Changelog
147
148Zerocopy uses [GitHub Releases].
149
150[GitHub Releases]: https://github.com/google/zerocopy/releases
151
152## Disclaimer
153
154Disclaimer: Zerocopy is not an officially supported Google product.
155