FIX: Put .assume_init() on sound ground

Fix up the way we implement .assume_init() - use a mapping of the data
storage type instead of transmute. The end result is similar anyway but
easier to verify that it is correct. See docs for Arc::from_raw for its
requirements - which we should now adhere to.

Author: bluss

src/data_repr.rs

@@ -10,7 +10,11 @@ use crate::extension::nonnull;
 /// *Don’t use this type directly—use the type alias
 /// [`Array`](type.Array.html) for the array type!*
 // Like a Vec, but with non-unique ownership semantics
+//
+// repr(C) to make it transmutable OwnedRepr<A> -> OwnedRepr<B> if
+// transmutable A -> B.
 #[derive(Debug)]
+#[repr(C)]
 pub struct OwnedRepr<A> {
     ptr: NonNull<A>,
     len: usize,
@@ -50,6 +54,23 @@ impl<A> OwnedRepr<A> {
         self.ptr
     }
 
+    /// Cast self into equivalent repr of other element type
+    ///
+    /// ## Safety
+    ///
+    /// Caller must ensure the two types have the same representation.
+    /// **Panics** if sizes don't match (which is not a sufficient check).
+    pub(crate) unsafe fn data_subst<B>(self) -> OwnedRepr<B> {
+        // necessary but not sufficient check
+        assert_eq!(mem::size_of::<A>(), mem::size_of::<B>());
+        let self_ = ManuallyDrop::new(self);
+        OwnedRepr {
+            ptr: self_.ptr.cast::<B>(),
+            len: self_.len,
+            capacity: self_.capacity,
+        }
+    }
+
     fn take_as_vec(&mut self) -> Vec<A> {
         let capacity = self.capacity;
         let len = self.len;

src/data_traits.rs

@@ -526,28 +526,60 @@ unsafe impl<'a, A> DataMut for CowRepr<'a, A> where A: Clone {}
 pub trait RawDataSubst<A>: RawData {
     /// The resulting array storage of the same kind but substituted element type
     type Output: RawData<Elem = A>;
+
+    /// Unsafely translate the data representation from one element
+    /// representation to another.
+    ///
+    /// ## Safety
+    ///
+    /// Caller must ensure the two types have the same representation.
+    unsafe fn data_subst(self) -> Self::Output;
 }
 
 impl<A, B> RawDataSubst<B> for OwnedRepr<A> {
     type Output = OwnedRepr<B>;
+
+    unsafe fn data_subst(self) -> Self::Output {
+        self.data_subst()
+    }
 }
 
 impl<A, B> RawDataSubst<B> for OwnedArcRepr<A> {
     type Output = OwnedArcRepr<B>;
+
+    unsafe fn data_subst(self) -> Self::Output {
+        OwnedArcRepr(Arc::from_raw(Arc::into_raw(self.0) as *const OwnedRepr<B>))
+    }
 }
 
 impl<A, B> RawDataSubst<B> for RawViewRepr<*const A> {
     type Output = RawViewRepr<*const B>;
+
+    unsafe fn data_subst(self) -> Self::Output {
+        RawViewRepr::new()
+    }
 }
 
 impl<A, B> RawDataSubst<B> for RawViewRepr<*mut A> {
     type Output = RawViewRepr<*mut B>;
+
+    unsafe fn data_subst(self) -> Self::Output {
+        RawViewRepr::new()
+    }
 }
 
 impl<'a, A: 'a, B: 'a> RawDataSubst<B> for ViewRepr<&'a A> {
     type Output = ViewRepr<&'a B>;
+
+    unsafe fn data_subst(self) -> Self::Output {
+        ViewRepr::new()
+    }
 }
 
 impl<'a, A: 'a, B: 'a> RawDataSubst<B> for ViewRepr<&'a mut A> {
     type Output = ViewRepr<&'a mut B>;
+
+    unsafe fn data_subst(self) -> Self::Output {
+        ViewRepr::new()
+    }
 }

src/impl_special_element_types.rs

@@ -6,8 +6,6 @@
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
 
-use std::mem::size_of;
-use std::mem::ManuallyDrop;
 use std::mem::MaybeUninit;
 
 use crate::imp_prelude::*;
@@ -37,12 +35,10 @@ where
     /// array's storage; it is for example possible to slice these in place, but that must
     /// only be done after all elements have been initialized.
     pub unsafe fn assume_init(self) -> ArrayBase<<S as RawDataSubst<A>>::Output, D> {
-        // NOTE: Fully initialized includes elements not reachable in current slicing/view.
-
         let ArrayBase { data, ptr, dim, strides } = self;
 
-        // transmute from storage of MaybeUninit<A> to storage of A
-        let data = unlimited_transmute::<S, S::Output>(data);
+        // "transmute" from storage of MaybeUninit<A> to storage of A
+        let data = S::data_subst(data);
         let ptr = ptr.cast::<A>();
 
         ArrayBase {
@@ -53,15 +49,3 @@ where
         }
     }
 }
-
-/// Transmute from A to B.
-///
-/// Like transmute, but does not have the compile-time size check which blocks
-/// using regular transmute for "S to S::Output".
-///
-/// **Panics** if the size of A and B are different.
-unsafe fn unlimited_transmute<A, B>(data: A) -> B {
-    assert_eq!(size_of::<A>(), size_of::<B>());
-    let old_data = ManuallyDrop::new(data);
-    (&*old_data as *const A as *const B).read()
-}