Help auditing an unsafe macro


#1

Hi all,

I’ve been extending my array_refs crate, and added two macros (one mutable and one not) that split a single array reference into several smaller array references. They are intended to be safe, and to be useful for working with byte layouts, e.g. the network format of data, such that the compiler can do length and index checking at compile time, rather than at run time as would be required with slices.

However, I am a relative newbie to rust, so I would appreciate an audit of my macros, to ensure that they do indeed have the safety properties I am aiming for. And any suggestions on better macro names would also be welcome. I hate naming things. Here is the issue I created for the audit:

And for the curious who are too lazy to visit github, here is one of the two (very similar) macros:

#[macro_export]
macro_rules! array_refs {
    ( $arr:expr, $( $len:expr ),* ) => {{
        {
            #[inline]
            #[allow(unused_assignments)]
            unsafe fn as_arrays<T>(a: &[T; $( $len + )* 0 ]) -> ( $( &[T; $len], )* ) {
                let mut p = a.as_ptr() as *const T;
                ( $( {
                    let aref = &*(p as *const [T; $len]);
                    p = p.offset($len);
                    aref
                } ),* )
            }
            let input = $arr;
            unsafe {
                as_arrays(input)
            }
        }
    }}
}

David