google
diff --git a/‎Cargo.toml
Lines changed: 4 additions & 1 deletion b/‎Cargo.toml
Lines changed: 4 additions & 1 deletion
diff --git a/‎src/lib.rs
Lines changed: 26 additions & 22 deletions b/‎src/lib.rs
Lines changed: 26 additions & 22 deletions
diff --git a/‎src/macros.rs
Lines changed: 40 additions & 0 deletions b/‎src/macros.rs
Lines changed: 40 additions & 0 deletions
diff --git a/‎src/util.rs
Lines changed: 8 additions & 0 deletions b/‎src/util.rs
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/wrappers.rs
Lines changed: 1 addition & 1 deletion b/‎src/wrappers.rs
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/ui-stable/include_value_not_from_bytes.stderr
Lines changed: 4 additions & 17 deletions b/‎tests/ui-stable/include_value_not_from_bytes.stderr
Lines changed: 4 additions & 17 deletions
diff --git a/‎tests/ui-stable/include_value_wrong_size.stderr
Lines changed: 1 addition & 1 deletion b/‎tests/ui-stable/include_value_wrong_size.stderr
Lines changed: 1 addition & 1 deletion
@@ -20,7 +20,7 @@ authors = ["Joshua Liebow-Feeser <[email protected]>"]
 description = "Utilities for zero-copy parsing and serialization"
 license = "BSD-2-Clause OR Apache-2.0 OR MIT"
 repository = "https://github.com/google/zerocopy"
-rust-version = "1.57.0"
+rust-version = "1.56.0"
 
 exclude = [".*"]
 
@@ -35,6 +35,9 @@ exclude = [".*"]
 # versions, these types require the "simd-nightly" feature.
 zerocopy-aarch64-simd = "1.59.0"
 
+# Permit panicking in `const fn`s.
+zerocopy-panic-in-const = "1.57.0"
+
 [package.metadata.ci]
 # The versions of the stable and nightly compiler toolchains to use in CI.
 pinned-stable = "1.75.0"
 
@@ -363,13 +363,15 @@ pub struct DstLayout {
     size_info: SizeInfo,
 }
 
-#[cfg_attr(any(kani, test), derive(Copy, Clone, Debug, PartialEq, Eq))]
+#[cfg_attr(any(kani, test), derive(Debug, PartialEq, Eq))]
+#[derive(Copy, Clone)]
 enum SizeInfo<E = usize> {
     Sized { _size: usize },
     SliceDst(TrailingSliceLayout<E>),
 }
 
-#[cfg_attr(any(kani, test), derive(Copy, Clone, Debug, PartialEq, Eq))]
+#[cfg_attr(any(kani, test), derive(Debug, PartialEq, Eq))]
+#[derive(Copy, Clone)]
 struct TrailingSliceLayout<E = usize> {
     // The offset of the first byte of the trailing slice field. Note that this
     // is NOT the same as the minimum size of the type. For example, consider
@@ -419,7 +421,7 @@ impl DstLayout {
     /// The minimum possible alignment of a type.
     const MIN_ALIGN: NonZeroUsize = match NonZeroUsize::new(1) {
         Some(min_align) => min_align,
-        None => unreachable!(),
+        None => loop {},
     };
 
     /// The maximum theoretic possible alignment of a type.
@@ -430,7 +432,7 @@ impl DstLayout {
     const THEORETICAL_MAX_ALIGN: NonZeroUsize =
         match NonZeroUsize::new(1 << (POINTER_WIDTH_BITS - 1)) {
             Some(max_align) => max_align,
-            None => unreachable!(),
+            None => loop {},
         };
 
     /// The current, documented max alignment of a type \[1\].
@@ -439,10 +441,10 @@ impl DstLayout {
     ///
     ///   The alignment value must be a power of two from 1 up to
     ///   2<sup>29</sup>.
-    #[cfg(not(kani))]
+    #[cfg(all(not(kani), any(test, zerocopy_panic_in_const)))]
     const CURRENT_MAX_ALIGN: NonZeroUsize = match NonZeroUsize::new(1 << 28) {
         Some(max_align) => max_align,
-        None => unreachable!(),
+        None => loop {},
     };
 
     /// Constructs a `DstLayout` for a zero-sized type with `repr_align`
@@ -464,7 +466,7 @@ impl DstLayout {
             None => Self::MIN_ALIGN,
         };
 
-        assert!(align.get().is_power_of_two());
+        const_assert!(align.get().is_power_of_two());
 
         DstLayout { align, size_info: SizeInfo::Sized { _size: 0 } }
     }
@@ -483,7 +485,7 @@ impl DstLayout {
         DstLayout {
             align: match NonZeroUsize::new(mem::align_of::<T>()) {
                 Some(align) => align,
-                None => unreachable!(),
+                None => loop {},
             },
             size_info: SizeInfo::Sized { _size: mem::size_of::<T>() },
         }
@@ -506,7 +508,7 @@ impl DstLayout {
         DstLayout {
             align: match NonZeroUsize::new(mem::align_of::<T>()) {
                 Some(align) => align,
-                None => unreachable!(),
+                None => loop {},
             },
             size_info: SizeInfo::SliceDst(TrailingSliceLayout {
                 _offset: 0,
@@ -552,12 +554,12 @@ impl DstLayout {
             None => Self::THEORETICAL_MAX_ALIGN,
         };
 
-        assert!(max_align.get().is_power_of_two());
+        const_assert!(max_align.get().is_power_of_two());
 
         // We use Kani to prove that this method is robust to future increases
         // in Rust's maximum allowed alignment. However, if such a change ever
         // actually occurs, we'd like to be notified via assertion failures.
-        #[cfg(not(kani))]
+        #[cfg(all(not(kani), zerocopy_panic_in_const))]
         {
             debug_assert!(self.align.get() <= DstLayout::CURRENT_MAX_ALIGN.get());
             debug_assert!(field.align.get() <= DstLayout::CURRENT_MAX_ALIGN.get());
@@ -583,7 +585,7 @@ impl DstLayout {
         let size_info = match self.size_info {
             // If the layout is already a DST, we panic; DSTs cannot be extended
             // with additional fields.
-            SizeInfo::SliceDst(..) => panic!("Cannot extend a DST with additional fields."),
+            SizeInfo::SliceDst(..) => const_panic!("Cannot extend a DST with additional fields."),
 
             SizeInfo::Sized { _size: preceding_size } => {
                 // Compute the minimum amount of inter-field padding needed to
@@ -604,7 +606,7 @@ impl DstLayout {
                 // exceeding `isize::MAX`).
                 let offset = match preceding_size.checked_add(padding) {
                     Some(offset) => offset,
-                    None => panic!("Adding padding to `self`'s size overflows `usize`."),
+                    None => const_panic!("Adding padding to `self`'s size overflows `usize`."),
                 };
 
                 match field.size_info {
@@ -622,7 +624,7 @@ impl DstLayout {
                         // `usize::MAX`).
                         let size = match offset.checked_add(field_size) {
                             Some(size) => size,
-                            None => panic!("`field` cannot be appended without the total size overflowing `usize`"),
+                            None => const_panic!("`field` cannot be appended without the total size overflowing `usize`"),
                         };
                         SizeInfo::Sized { _size: size }
                     }
@@ -644,7 +646,7 @@ impl DstLayout {
                         // `usize::MAX`).
                         let offset = match offset.checked_add(trailing_offset) {
                             Some(offset) => offset,
-                            None => panic!("`field` cannot be appended without the total size overflowing `usize`"),
+                            None => const_panic!("`field` cannot be appended without the total size overflowing `usize`"),
                         };
                         SizeInfo::SliceDst(TrailingSliceLayout { _offset: offset, _elem_size })
                     }
@@ -691,7 +693,7 @@ impl DstLayout {
                 let padding = padding_needed_for(unpadded_size, self.align);
                 let size = match unpadded_size.checked_add(padding) {
                     Some(size) => size,
-                    None => panic!("Adding padding caused size to overflow `usize`."),
+                    None => const_panic!("Adding padding caused size to overflow `usize`."),
                 };
                 SizeInfo::Sized { _size: size }
             }
@@ -776,9 +778,11 @@ impl DstLayout {
         bytes_len: usize,
         cast_type: _CastType,
     ) -> Option<(usize, usize)> {
-        // `debug_assert!`, but with `#[allow(clippy::arithmetic_side_effects)]`.
+        // `debug_assert!`, but with `#[allow(clippy::arithmetic_side_effects)]`
+        // and `#[cfg(zerocopy_panic_in_const)]`.
         macro_rules! __debug_assert {
             ($e:expr $(, $msg:expr)?) => {
+                #[cfg(zerocopy_panic_in_const)]
                 debug_assert!({
                     #[allow(clippy::arithmetic_side_effects)]
                     let e = $e;
@@ -798,7 +802,7 @@ impl DstLayout {
         // https://blog.rust-lang.org/2022/11/03/Rust-1.65.0.html#let-else-statements
         let size_info = match self.size_info.try_to_nonzero_elem_size() {
             Some(size_info) => size_info,
-            None => panic!("attempted to cast to slice type with zero-sized element"),
+            None => const_panic!("attempted to cast to slice type with zero-sized element"),
         };
 
         // Precondition
@@ -3953,7 +3957,7 @@ macro_rules! transmute_ref {
 
             // `t` is inferred to have type `T` because it's assigned to `e` (of
             // type `&T`) as `&t`.
-            let mut t = unreachable!();
+            let mut t = loop {};
             e = &t;
 
             // `u` is inferred to have type `U` because it's used as `&u` as the
@@ -5326,7 +5330,7 @@ impl<'a> sealed::ByteSliceSealed for cell::Ref<'a, [u8]> {}
 #[allow(clippy::undocumented_unsafe_blocks)]
 unsafe impl<'a> ByteSlice for cell::Ref<'a, [u8]> {
     const INTO_REF_INTO_MUT_ARE_SOUND: bool = if !cfg!(doc) {
-        panic!("Ref::into_ref and Ref::into_mut are unsound when used with core::cell::Ref; see https://github.com/google/zerocopy/issues/716")
+        const_panic!("Ref::into_ref and Ref::into_mut are unsound when used with core::cell::Ref; see https://github.com/google/zerocopy/issues/716")
     } else {
         // When compiling documentation, allow the evaluation of this constant
         // to succeed. This doesn't represent a soundness hole - it just delays
@@ -5346,7 +5350,7 @@ impl<'a> sealed::ByteSliceSealed for RefMut<'a, [u8]> {}
 #[allow(clippy::undocumented_unsafe_blocks)]
 unsafe impl<'a> ByteSlice for RefMut<'a, [u8]> {
     const INTO_REF_INTO_MUT_ARE_SOUND: bool = if !cfg!(doc) {
-        panic!("Ref::into_ref and Ref::into_mut are unsound when used with core::cell::RefMut; see https://github.com/google/zerocopy/issues/716")
+        const_panic!("Ref::into_ref and Ref::into_mut are unsound when used with core::cell::RefMut; see https://github.com/google/zerocopy/issues/716")
     } else {
         // When compiling documentation, allow the evaluation of this constant
         // to succeed. This doesn't represent a soundness hole - it just delays
@@ -5812,7 +5816,7 @@ mod tests {
     // attempt to expose UB.
     #[test]
     #[cfg_attr(miri, ignore)]
-    fn testvalidate_cast_and_convert_metadata() {
+    fn test_validate_cast_and_convert_metadata() {
         impl From<usize> for SizeInfo {
             fn from(_size: usize) -> SizeInfo {
                 SizeInfo::Sized { _size }
 
@@ -416,3 +416,43 @@ macro_rules! assert_unaligned {
         $(assert_unaligned!($ty);)*
     };
 }
+
+/// Either panic (if the current Rust toolchain supports panicking in `const
+/// fn`) or evaluate a constant that will cause an array indexing error whose
+/// error message will include the format string.
+///
+/// The type that this expression evaluates to must be `Copy`, or else the
+/// non-panicking desugaring will fail to compile.
+macro_rules! const_panic {
+    ($fmt:literal) => {{
+        #[cfg(zerocopy_panic_in_const)]
+        panic!($fmt);
+        #[cfg(not(zerocopy_panic_in_const))]
+        const_panic!(@non_panic $fmt)
+    }};
+    (@non_panic $fmt:expr) => {{
+        // This will type check to whatever type is expected based on the call
+        // site.
+        let panic: [_; 0] = [];
+        // This will always fail (since we're indexing into an array of size 0.
+        #[allow(unconditional_panic)]
+        panic[0]
+    }}
+}
+
+/// Either assert (if the current Rust toolchain supports panicking in `const
+/// fn`) or evaluate the expression and, if it evaluates to `false`, call
+/// `const_panic!`.
+macro_rules! const_assert {
+    ($e:expr) => {{
+        #[cfg(zerocopy_panic_in_const)]
+        assert!($e);
+        #[cfg(not(zerocopy_panic_in_const))]
+        {
+            let e = $e;
+            if !e {
+                let _: () = const_panic!(@non_panic concat!("assertion failed: ", stringify!($e)));
+            }
+        }
+    }}
+}
@@ -129,6 +129,7 @@ pub(crate) const fn round_down_to_next_multiple_of_alignment(
     align: NonZeroUsize,
 ) -> usize {
     let align = align.get();
+    #[cfg(zerocopy_panic_in_const)]
     debug_assert!(align.is_power_of_two());
 
     // Subtraction can't underflow because `align.get() >= 1`.
@@ -275,6 +276,13 @@ mod tests {
             }
         }
     }
+
+    #[rustversion::since(1.57.0)]
+    #[test]
+    #[should_panic]
+    fn test_round_down_to_next_multiple_of_alignment_panic_in_const() {
+        round_down_to_next_multiple_of_alignment(0, NonZeroUsize::new(3).unwrap());
+    }
 }
 
 #[cfg(kani)]
 
@@ -477,7 +477,7 @@ mod tests {
             let au64 = unsafe { x.t.deref_unchecked() };
             match au64 {
                 AU64(123) => {}
-                _ => unreachable!(),
+                _ => loop {},
             }
         };
     }
 
@@ -2,24 +2,11 @@ error[E0277]: the trait bound `NotZerocopy<u32>: FromBytes` is not satisfied
   --> tests/ui-stable/include_value_not_from_bytes.rs:13:42
    |
 13 | const NOT_FROM_BYTES: NotZerocopy<u32> = include_value!("../../testdata/include_value/data");
-   |                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-   |                                          |
-   |                                          the trait `FromBytes` is not implemented for `NotZerocopy<u32>`
-   |                                          required by a bound introduced by this call
+   |                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the trait `FromBytes` is not implemented for `NotZerocopy<u32>`
    |
-   = help: the following other types implement trait `FromBytes`:
-             isize
-             i8
-             i16
-             i32
-             i64
-             i128
-             usize
-             u8
-           and $N others
-note: required by a bound in `AssertIsFromBytes`
+note: required by `AssertIsFromBytes`
   --> tests/ui-stable/include_value_not_from_bytes.rs:13:42
    |
 13 | const NOT_FROM_BYTES: NotZerocopy<u32> = include_value!("../../testdata/include_value/data");
-   |                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `AssertIsFromBytes`
-   = note: this error originates in the macro `$crate::transmute` which comes from the expansion of the macro `include_value` (in Nightly builds, run with -Z macro-backtrace for more info)
+   |                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   = note: this error originates in the macro `$crate::transmute` (in Nightly builds, run with -Z macro-backtrace for more info)
@@ -6,4 +6,4 @@ error[E0512]: cannot transmute between types of different sizes, or dependently-
    |
    = note: source type: `[u8; 4]` (32 bits)
    = note: target type: `u64` (64 bits)
-   = note: this error originates in the macro `$crate::transmute` which comes from the expansion of the macro `include_value` (in Nightly builds, run with -Z macro-backtrace for more info)
+   = note: this error originates in the macro `$crate::transmute` (in Nightly builds, run with -Z macro-backtrace for more info)
Original file line number	Diff line number	Diff line change
`@@ -129,6 +129,7 @@ pub(crate) const fn round_down_to_next_multiple_of_alignment(`
`129`	`129`	`align: NonZeroUsize,`
`130`	`130`	`) -> usize {`
`131`	`131`	`let align = align.get();`
	`132`	`+ #[cfg(zerocopy_panic_in_const)]`
`132`	`133`	`debug_assert!(align.is_power_of_two());`
`133`	`134`
`134`	`135`	// Subtraction can't underflow because `align.get() >= 1`.
`@@ -275,6 +276,13 @@ mod tests {`
`275`	`276`	`}`
`276`	`277`	`}`
`277`	`278`	`}`
	`279`	`+`
	`280`	`+ #[rustversion::since(1.57.0)]`
	`281`	`+ #[test]`
	`282`	`+ #[should_panic]`
	`283`	`+ fn test_round_down_to_next_multiple_of_alignment_panic_in_const() {`
	`284`	`+ round_down_to_next_multiple_of_alignment(0, NonZeroUsize::new(3).unwrap());`
	`285`	`+ }`
`278`	`286`	`}`
`279`	`287`
`280`	`288`	`#[cfg(kani)]`
Original file line number	Diff line number	Diff line change
`@@ -477,7 +477,7 @@ mod tests {`
`477`	`477`	`let au64 = unsafe { x.t.deref_unchecked() };`
`478`	`478`	`match au64 {`
`479`	`479`	`AU64(123) => {}`
`480`		`- _ => unreachable!(),`
	`480`	`+ _ => loop {},`
`481`	`481`	`}`
`482`	`482`	`};`
`483`	`483`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,4 @@ error[E0512]: cannot transmute between types of different sizes, or dependently-`
`6`	`6`	`\|`
`7`	`7`	= note: source type: `[u8; 4]` (32 bits)
`8`	`8`	= note: target type: `u64` (64 bits)
`9`		- = note: this error originates in the macro `$crate::transmute` which comes from the expansion of the macro `include_value` (in Nightly builds, run with -Z macro-backtrace for more info)
	`9`	+ = note: this error originates in the macro `$crate::transmute` (in Nightly builds, run with -Z macro-backtrace for more info)