Re: [PATCH 8/8] rust: pin-init: internal: project using full slot

From: Gary Guo

Date: Thu May 14 2026 - 15:15:59 EST

On Tue May 12, 2026 at 1:09 PM BST, Gary Guo wrote:
> Instead of projecting using pointer to a field project the full slot. This
> further shifts the code generation from the initializer site to the struct
> definition site, which means less code is generated overall.
>
> It also makes the safety comment easier to justify, as now the projection
> is done by the `#[pin_data]` macro which has full visibility of pinnedness
> of fields.
>
> The field alignment could also be checked on the `#[pin_data]` side;
> however, since `init!()` macro works for other type of structs, we cannot
> remove the alignment check from `init!`/`pin_init!` side anyway, so I opted
> to still keep the alignment check in init.rs.
>
> Signed-off-by: Gary Guo <gary@xxxxxxxxxxx>
> ---
> rust/pin-init/internal/src/init.rs | 5 ++---
> rust/pin-init/internal/src/pin_data.rs | 12 ++++++------
> rust/pin-init/src/lib.rs | 2 +-
> 3 files changed, 9 insertions(+), 10 deletions(-)
>
> diff --git a/rust/pin-init/internal/src/init.rs b/rust/pin-init/internal/src/init.rs
> index e6f5ea06f91b..699b105570a5 100644
> --- a/rust/pin-init/internal/src/init.rs
> +++ b/rust/pin-init/internal/src/init.rs
> @@ -245,12 +245,11 @@ fn init_fields(
> let slot = if pinned {
> quote! {
> // SAFETY:
> - // - `&raw mut (*slot).#ident` points to the `#ident` field of `slot`.
> - // - `&raw mut (*slot).#ident` is valid.
> + // - `slot` is valid and properly aligned.
> // - `make_field_check` checks that `&raw mut (*slot).#ident` is properly aligned.
> // - `make_field_check` prevents `#ident` from being used twice, therefore
> // `(*slot).#ident` is exclusively accessed and has not been initialized.
> - (unsafe { #data.#ident(&raw mut (*#slot).#ident) })
> + (unsafe { #data.#ident(#slot) })
> }
> } else {
> quote! {
> diff --git a/rust/pin-init/internal/src/pin_data.rs b/rust/pin-init/internal/src/pin_data.rs
> index 3278a54510e1..a3431863f5d6 100644
> --- a/rust/pin-init/internal/src/pin_data.rs
> +++ b/rust/pin-init/internal/src/pin_data.rs
> @@ -377,21 +377,21 @@ fn generate_the_pin_data(
> quote! {
> /// # Safety
> ///
> - /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData`
> - /// describes.
> - /// - `slot` is a valid, properly aligned and points to uninitialized and
> - /// exclusively accessed memory.
> + /// - `slot` is valid and properly aligned.
> + /// - `(*slot).#field_name` is properly aligned.
> + /// - `(*slot).#field_name` points to uninitialized and exclusively accessed
> + /// memory.

This line has an extra space. Sometimes visually aligning doesn't mean it
actually is :)

I'll fix this up when applying.

Best,
Gary

> #(#attrs)*
> #[inline(always)]
> #vis unsafe fn #field_name(
> self,
> - slot: *mut #ty,
> + slot: *mut #struct_name #ty_generics,
> ) -> ::pin_init::__internal::Slot<::pin_init::__internal::#pin_marker, #ty> {
> // SAFETY:
> // - If `#pin_marker` is `Pinned`, the corresponding field is structurally
> // pinned.
> // - Other safety requirements follows the safety requirement.
> - unsafe { ::pin_init::__internal::Slot::new(slot) }
> + unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot).#field_name) }
> }
> }
> })
> diff --git a/rust/pin-init/src/lib.rs b/rust/pin-init/src/lib.rs
> index e891d65cc469..c9e2cbe27915 100644
> --- a/rust/pin-init/src/lib.rs
> +++ b/rust/pin-init/src/lib.rs
> @@ -868,7 +868,7 @@ macro_rules! stack_try_pin_init {
> macro_rules! assert_pinned {
> ($ty:ty, $field:ident, $field_ty:ty, inline) => {
> // SAFETY: This code is unreachable.
> - let _ = move |ptr: *mut $field_ty| unsafe {
> + let _ = move |ptr: *mut $ty| unsafe {
> let data = <$ty as $crate::__internal::HasPinData>::__pin_data();
> _ = data
> .$field(ptr)