0.8 Release Roadmap

[joshlf]

0.8

Release plan

• Resolve all remaining outstanding issue (see next section)
• Attempt to vendor 0.8.0-alpha.N into Fuchsia in order to find bugs (we won't be able to actually land this since it will require a temporary workaround for #1292)
• Release 0.8 but do not publicize it
• Put up PRs to other crates to use 0.8
• Do things in the "Do before we publicize 0.8" section below
• After #1292 / rust-lang/rust#45713 is resolved and stable upstream, publicize 0.8

Definitely include

• Any issues labeled blocking-next-release This issue should be resolved before we release on crates.io
• Restrict support for #[derive(IntoBytes)] on unions, work to guarantee forwards-compatible soundness #1792
• Run cargo-semver-checks; audit output to make sure it's as we expect
• Audit our entire API for other changes we should make for 0.8
• Audit API naming #871
• Is macro_util::enum_has_padding sound in the face of both repr(C) and repr(Int) layouts (specifically when the two result in different field packing regarding padding)?
• Soundness hole in #[derive(IntoBytes)] on types with #[repr(align)] #1748
• For byteorder types, add Add impls that permit adding to native types (e.g. Add<f32> for F32) and other traits
  • [byteorder] Implement additional ops for native RHSs #1741
• Improve testing of custom derive support for data-carrying enums #1634
• Pre-0.8 audit #1692
• Test infallible alignment errors in Fuchsia, then remove Ref unaligned constructors #1720
• Update documentation in preparation for 0.8 #1636
• Make extend_vec_zeroed and insert_vec_zeroed fallible #1653
• Separate "no UnsafeCell" property into separate Immutable trait; allow FromZeros, FromBytes, and AsBytes on types with UnsafeCells #251
• Tracking issue for outstanding safety proofs blocking 0.8 #896
• Decide on our policy regarding whether adding #[deprecated] is an MSRV-breaking change; if we decide that it's not, then we can remove some blockers for 0.8
• Deprecate FromZeros::new_boxed_slice_zeroed and replace with method which supports slice DSTs?
  • FromZeros boxed slice method supports slice DSTs #1478
• For types which implement Deref, change some methods to associated functions? #210
• Audit uses of addr_of! for read-only-ness #1607
• Document that #[derive(IntoBytes)] only supports unsized types which are repr(packed) #1566
  • This is important for 0.8 because the addition of KnownLayout will result in more users trying out unsized types
• Accepted risk: Immutable types assumed not to contain UnsafeCells #1358
• Update as necessary based on these changes:
  • Update reference safety requirements rust-lang/rust#125021
  • reference type safety invariant docs: clarification rust-lang/rust#125043
  • [ptr] Document maximum allocation size rust-lang/rust#116675
  • document guarantee about evaluation of associated consts and const blocks rust-lang/reference#1497
  • offset: allow zero-byte offset on arbitrary pointers rust-lang/rust#117329
  • Decide on zero-sized offsets and memory accesses rust-lang/unsafe-code-guidelines#472 (comment)
  • Tracking Issue for allowing zero-sized memory accesses and offsets rust-lang/rust#117945
• Ptr type needs to handle zero-sized types #874
• Build failure in v0.8.0-alpha.7 on Cortex M #1086
• Determine whether it's acceptable to remain pinned to a particular version of syn, or choose a different workaround #1088
• Replace Unalign::set with replace or swap (which returns the original)? Strictly more powerful.
• Support TryFromBytes - conditional conversion analogous to FromBytes #5
• Support AsBytes for fields with a size set as a generic constant #1182
• Resolve rust-lang/unsafe-code-guidelines#429 before releasing NoCell for Box<T> where T: Sized
  • Replaced with Accepted risk: Immutable types assumed not to contain UnsafeCells #1358
• Consider making macros into functions which fail via post-monomorphization error. This has the advantage of supporting transmutations in generic contexts, but the downside of the cross-crate post-monomorphization footgun. It's possible that this can't be supported given our MSRV and our desire to support these macros/functions in a const context.
  • Alternatively, we could always use a macro, but use toolchain version detection to either use the current macro logic or, on more recent toolchains, use a generic function
• Remove Into<&[u8]> bound from IntoByteSlice? #1260
• Implement try_transmute! #1018
• Error Handling in 0.8 #1139
• PointerMetadata::size_for_metadata can return size which overflows isize #1158
• Fix cfgs in rustdoc #1055
• Consider compiler-erroring instead of panicking in DST APIs #1149
• Request: Add FromBytes::read_from_prefix_split and read_from_suffix_split #1051
  • Current draft: Also return remaining bytes in FromBytes conversion methods #1059
• Remove Ref constructors which zero bytes? #1134
• transmute_mut! documents looser requirements than what is implemented #1046
• Crate-level docs contain headings which are too indented #998
• Add deprecated polyfill for IntoBytes::as_mut_bytes #986
• Lower MSRV to 1.56 #855
• Remove dependency on byteorder crate, make byteorder type methods const #438
• FromZeroes is misspelt #431
  • Specifically: Rename FromZeroes to FromZeros #430
• Ref<core::cell::Ref<[u8]>, _>::into_ref is unsound #716
• Implement more complete fix for #716 #758
• Ptr type should reason about UnsafeCell overlap #873
• Ensure zerocopy-derive doesn't emit code that assumes a prelude #882
• Implement TryFromBytes::is_bit_valid for Unalign<T> #897
• [ptr] Fix soundness hole in "at least" invariants #909
• derive(FromBytes) should implicitly derive FromZeros and TryFromBytes #925
• Provide derive for deprecated name AsBytes just as we do for FromZeroes
  • [derive] Support deriving deprecated AsBytes #938

Include if we have time

• Refactor module structure
• Support generic pointer framework and generic pointer casts #1183 (at least the non-public-API parts)
• Make as much of zerocopy as possible work in a const context #115
• Reconsider re-export strategy #888
• Require opting in to repr-less types? #358
• Overhaul naming of various functions and methods
  • Add try_ variants to some methods, make existing methods panic #284
  • Consider renaming as_bytes_mut to as_mut_bytes #253
• Consider adding #[must_use] annotation to some types, functions, and macros #188
• Split ByteSlice::split_at into separate trait #1
• impl Clone + Copy for Ref #627
• Confirm that transmuting floats is sound #1121

Do before we publicize 0.8

• blocking-next-release-publicization
• #[derive(IntoBytes)] on generic enums emits code with an arity error. #1642
• Either add derive name collision tests or generate idents via hash
• The MSRV policy currently says that zerocopy-derive's sole dependency is syn, but this isn't true.
  • [POLICIES] Update MSRV policy: multiple crate deps #1811
• Write 0.8 upgrading guide (and maybe write a cargo fix-like tool) #1295
• Add TryFromBytes::try_xxx_with_elems?
  • Add TryFromBytes::try_{ref,mut}_from_{bytes,prefix,suffix}_with_elems #1747
• Add TryFromBytes::try_read_from_prefix and try_read_from_suffix?
• Make infallible alignment errors more discoverable #1721
• Update release notes to mention elided alignment errors
• Use #[diagnostic::on_unimplemented] to improve padding error messages #1696
• Improve ergonomics of IntoBytes on unsized types #1708
• Make error types usable in more contexts #1297
• Feedback requested! 0.8 pre-release #1288 (comment)
• Defend against padding instability #1648

Non-breaking; do after 0.8 is released

• do-after-next-release Not blocking release, but we should do soon after release
• [ci] use cargo deadlinks to check for dead links #1021
• Indicate in rustdoc that items are conditionally compiled based on Rust toolchain version #894
• Remove panic opportunities #1661
• Make the src field in error types public? #1685
• Add methods to byteorder types which achieve parity with native types (within reason)
• Document support for Unsized types #993
• Implement TryFromBytes for MaybeUninit<T> when T: ?NoCell #893