I don't think it can because it's strictly less powerful than FromBits
/IntoBits
. In particular, the latter can express the idea that "any valid instance of this type has a bit pattern which is also valid for this type" even if the latter type is not ArbitraryBytesSafe
. For my particular use cases, I don't need anything that powerful, but it sounds like you do.
Have you thought about having a custom derive to cover the gaps? If I've written a type that I'd like to be Convert<T>
, but it has private fields, then I'm forced to unsafe impl Convert<T> for MyType {}
. The thing is, it's not actually memory unsafety that's the issue here, but invariants on the values of my fields, so having to invoke unsafe
here feels wrong and dangerous since it might let you not only break your contract, but actually introduce memory unsafety. A custom derive would give us something like "dear custom derive, I know that I'm OK with converting from T
for the purposes of my invariants, so could you verify for me that it would be memory safe?"
Also, it looks like there hasn't been any discussion about converting references. I'm interested in zero-copy deserializing, so being able to convert references would be huge. In particular, I can imagine the following:
pub fn safe_transmute_ref<T, U>(x: &T) -> &U where U: Compatible<T> { ... }
pub fn safe_transmute_mut<T, U>(x: &mut T) -> &mut U where U: Compatible<T>, T: Compatible<U> { ... }
As discussed in Pre-RFC: Trait for deserializing untrusted input, there are still issues with verifying alignment, but it'd be a very powerful feature to have in general.