Invariant-parameterize Ptr and make is_bit_valid safe

jswrenn · jswrenn · commit af23c45806bc · 2024-01-19T16:49:42.000Z
Closes #715.
diff --git a/src/pointer/mod.rs b/src/pointer/mod.rs
@@ -26,21 +26,23 @@ where
     T: 'a + ?Sized + TryFromBytes,
     Alignment: invariant::Alignment,
 {
-    /// Checks that `Ptr`'s referent is validly initialized for `T`.
+    /// Check that `Ptr`'s referent is validly initialized for `T`.
     ///
     /// # Panics
     ///
     /// This method will panic if
     /// [`T::is_bit_valid`][TryFromBytes::is_bit_valid] panics.
     #[inline]
     pub(crate) fn check_valid(self) -> Option<MaybeAligned<'a, T, Alignment>> {
+        let candidate = self;
         // This call may panic. If that happens, it doesn't cause any soundness
         // issues, as we have not generated any invalid state which we need to
         // fix before returning.
-        if T::is_bit_valid(self.forget_aligned()) {
-            // SAFETY: If `T::is_bit_valid`, code may assume that `self`
+        if T::is_bit_valid(candidate.forget_aligned()) {
+            // SAFETY: If `Self::is_bit_valid`, code may assume that `candidate`
             // contains a bit-valid instance of `Self`.
-            Some(unsafe { self.assume_valid() })
+            let candidate = unsafe { candidate.assume_valid() };
+            Some(candidate)
         } else {
             None
         }
@@ -60,6 +62,8 @@ where
     Alignment: invariant::Alignment,
 {
     /// Reads the value from `MaybeAligned`.
+    ///
+    /// This is only available if `T` is [`Copy`].
     #[inline]
     pub fn read_unaligned(self) -> T
     where
