Teach transmute_{ref,mut}! to handle slice DSTs

[joshlf]

We generalize our existing support in util::macro_util, now relying on
PMEs to detect when transmutes cannot be supported. In order to continue
to support sized reference transmutation in a const context, we use
the autoref specialization trick to fall back to our old (const-safe)
implementation when both the source and destination type are Sized.

The main challenge in generalizing this support is making a trait
implementation available conditional on a PME. We do this using the
unsafe_with_size_eq! helper macro, which introduces
#[repr(transparent)] wrapper types, Src and Dst. Internal to this
macro, we implement SizeEq<Src<T>> for Dst<U>, with the implementation
of SizeEq::cast_from_raw containing the PME logic for size equality.
The macro's caller must promise to only use the Src and Dst types
to wrap the T and U types for which this PME logic has been applied
(or else the SizeEq impl could "leak" to types for which it is
unsound).

In addition, we generalize our prior support for transmuting between
unsized types. In particular, we previously used the SizeEq trait to
denote that two types have equal sizes in the face of a cast operation
(in particular, that *const T as *const U preserves referent size). In
this commit, we add support for metadata fix-up, which means that we
support casts for which *const T as *const U does not preserve
referent size. Instead, we compute an affine function at compile time
and apply it at runtime - computing the destination type's metadata as a
function of the source metadata, dst_meta = A + src_meta * B. A and
B are computed at compile time.

We generalize SizeEq to permit its cast_from_raw method to perform a
runtime metadata fix-up operation.

Makes progress on #1817

Co-authored-by: Jack Wrenn [email protected]

---

This PR is on branch transmute-ref-dst.

• [macros] Support shrinking reference transmutes #2487
• [WIP] Update TransmuteFrom safety proofs #2469
• Generalize SizeEq to SizeFrom, support shrinking #2472
• Teach transmute_{ref,mut}! to handle slice DSTs #2428

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 73.20000% with 67 lines in your changes missing coverage. Please review.

Project coverage is 88.85%. Comparing base (f9c9703) to head (f5fcda2).

Files with missing lines	Patch %	Lines
src/layout.rs	33.33%	28 Missing ⚠️
src/macros.rs	80.64%	18 Missing ⚠️
src/impls.rs	0.00%	8 Missing ⚠️
src/doctests.rs	0.00%	4 Missing ⚠️
src/lib.rs	55.55%	4 Missing ⚠️
src/pointer/transmute.rs	40.00%	3 Missing ⚠️
src/util/macros.rs	88.23%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2428      +/-   ##
==========================================
- Coverage   89.25%   88.85%   -0.40%     
==========================================
  Files          19       20       +1     
  Lines        5126     5312     +186     
==========================================
+ Hits         4575     4720     +145     
- Misses        551      592      +41     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[joshlf]

TODO

Dismissed because we forgot this important TODO: #2428 (comment)

[jswrenn]

Wonder if the outer unsafe required to currently call this macro leaks into cover $blk.

[joshlf]

Tried offline; turned out to be very difficult, so we're going to punt for now.

[jswrenn]

We should drop a comment as to why this block exists.

[jswrenn]

Is this okay? Can we rely on this PME occuring despite this code being dead?

[joshlf]

Comment: Done.

Can we rely on the PME: Maybe not, but the follow-up PR will ensure that it's sound since SizeEq will no longer convey a safety post-condition that can be consumed by unsafe code - the only way to use it will be via SizeEq::cast_from_raw, which will guarantee that the PME is triggered.