[PATCH 8/8] rust: pin-init: internal: project using full slot
From: Gary Guo
Date: Tue May 12 2026 - 08:10:41 EST
Instead of projecting using pointer to a field project the full slot. This
further shifts the code generation from the initializer site to the struct
definition site, which means less code is generated overall.
It also makes the safety comment easier to justify, as now the projection
is done by the `#[pin_data]` macro which has full visibility of pinnedness
of fields.
The field alignment could also be checked on the `#[pin_data]` side;
however, since `init!()` macro works for other type of structs, we cannot
remove the alignment check from `init!`/`pin_init!` side anyway, so I opted
to still keep the alignment check in init.rs.
Signed-off-by: Gary Guo <gary@xxxxxxxxxxx>
---
rust/pin-init/internal/src/init.rs | 5 ++---
rust/pin-init/internal/src/pin_data.rs | 12 ++++++------
rust/pin-init/src/lib.rs | 2 +-
3 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/rust/pin-init/internal/src/init.rs b/rust/pin-init/internal/src/init.rs
index e6f5ea06f91b..699b105570a5 100644
--- a/rust/pin-init/internal/src/init.rs
+++ b/rust/pin-init/internal/src/init.rs
@@ -245,12 +245,11 @@ fn init_fields(
let slot = if pinned {
quote! {
// SAFETY:
- // - `&raw mut (*slot).#ident` points to the `#ident` field of `slot`.
- // - `&raw mut (*slot).#ident` is valid.
+ // - `slot` is valid and properly aligned.
// - `make_field_check` checks that `&raw mut (*slot).#ident` is properly aligned.
// - `make_field_check` prevents `#ident` from being used twice, therefore
// `(*slot).#ident` is exclusively accessed and has not been initialized.
- (unsafe { #data.#ident(&raw mut (*#slot).#ident) })
+ (unsafe { #data.#ident(#slot) })
}
} else {
quote! {
diff --git a/rust/pin-init/internal/src/pin_data.rs b/rust/pin-init/internal/src/pin_data.rs
index 3278a54510e1..a3431863f5d6 100644
--- a/rust/pin-init/internal/src/pin_data.rs
+++ b/rust/pin-init/internal/src/pin_data.rs
@@ -377,21 +377,21 @@ fn generate_the_pin_data(
quote! {
/// # Safety
///
- /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData`
- /// describes.
- /// - `slot` is a valid, properly aligned and points to uninitialized and
- /// exclusively accessed memory.
+ /// - `slot` is valid and properly aligned.
+ /// - `(*slot).#field_name` is properly aligned.
+ /// - `(*slot).#field_name` points to uninitialized and exclusively accessed
+ /// memory.
#(#attrs)*
#[inline(always)]
#vis unsafe fn #field_name(
self,
- slot: *mut #ty,
+ slot: *mut #struct_name #ty_generics,
) -> ::pin_init::__internal::Slot<::pin_init::__internal::#pin_marker, #ty> {
// SAFETY:
// - If `#pin_marker` is `Pinned`, the corresponding field is structurally
// pinned.
// - Other safety requirements follows the safety requirement.
- unsafe { ::pin_init::__internal::Slot::new(slot) }
+ unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot).#field_name) }
}
}
})
diff --git a/rust/pin-init/src/lib.rs b/rust/pin-init/src/lib.rs
index e891d65cc469..c9e2cbe27915 100644
--- a/rust/pin-init/src/lib.rs
+++ b/rust/pin-init/src/lib.rs
@@ -868,7 +868,7 @@ macro_rules! stack_try_pin_init {
macro_rules! assert_pinned {
($ty:ty, $field:ident, $field_ty:ty, inline) => {
// SAFETY: This code is unreachable.
- let _ = move |ptr: *mut $field_ty| unsafe {
+ let _ = move |ptr: *mut $ty| unsafe {
let data = <$ty as $crate::__internal::HasPinData>::__pin_data();
_ = data
.$field(ptr)
--
2.51.2