Implement TryFrom for CString and CStr

[nvzqz]

Implements TryFrom by utilizing the available conversions.

This is a subset of #33417.

Conversions

From	Into	Kind
&{mut,} [u8]	&{mut,} str	UTF-8
Vec<u8>	String	UTF-8
&[u16]	String	UTF-16
&[u8]	&CStr	UTF-8 with nul
CString	String	UTF-8
Into<Vec<u8>>	CString	UTF-8 with nul

Motivation

These types already have conversions that return Result<Self, Error>. This simply implements TryFrom for such types.

[rust-highfive]

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @BurntSushi (or someone else) soon.

If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes.

Please see the contribution instructions for more information.

[nvzqz]

@sfackler would you like to take a look at this one? It's similar to #44764 in nature.

[nvzqz]

r? @sfackler

[nvzqz]

Getting this error now:

[00:02:28] error: use of unstable library feature 'try_from' (see issue #33417)
[00:02:28]   --> /checkout/src/liballoc/string.rs:60:5
[00:02:28]    |
[00:02:28] 60 | use core::convert::TryFrom;
[00:02:28]    |     ^^^^^^^^^^^^^^^^^^^^^^
[00:02:28]    |
[00:02:28]    = help: add #![feature(try_from)] to the crate attributes to enable
[00:02:28] 
[00:02:28] error: use of unstable library feature 'try_from' (see issue #33417)
[00:02:28]     --> /checkout/src/liballoc/string.rs:1607:5
[00:02:28]      |
[00:02:28] 1607 |     type Error = FromUtf8Error;
[00:02:28]      |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^
[00:02:28]      |
[00:02:28]      = help: add #![feature(try_from)] to the crate attributes to enable

Even though I marked the impl as unstable.

Seems to be fixed with 526de507c81062905e2206eac06308cfe63a91a3.

[arthurprs]

Thank you. Very useful 😄

[sfackler]

I'm feeling a bit unsure about the UTF8 and UTF16 conversions - for [u8] in particular, there are all kinds of text encodings, and it's not necessarily clear that it would obviously interpret it as UTF8 rather than trying to infer the type or whatever.

[sfackler]

cc @rust-lang/libs

[bors]

☔ The latest upstream changes (presumably #45233) made this pull request unmergeable. Please resolve the merge conflicts.

[shepmaster]

Yo — @rust-lang/libs — it's been 16 days since we heard from all y'all. Care to chime in?

[alexcrichton]

These seem fine to me, @sfackler I don't have too many thoughts about the encoding question, it seems fine to me to take a conservative route and not add them for now.

[sfackler]

That'd limit it to the cstr impls then.

[kennytm]

Hello @nvzqz @rust-lang/libs — Is there a decision for this PR, that we limit to the CStr implementations?:

// keep these:
impl<'a> TryFrom<&'a [u8]> for &'a CStr { … }
impl TryFrom<Vec<u8>> for CString { … }
impl TryFrom<CString> for String { … }

// and remove the rest?

[nvzqz]

Makes sense to me. I'll make the appropriate changes later today.

[shepmaster]

I'll make the appropriate changes later today.

Hello from triage, @nvzqz! It's been a week since we last heard from you and it appears you've got some merge conflicts! Will you have some time to address those and the most recent feedback you received?

[nvzqz]

@shepmaster just addressed these changes. Thanks for the reminder 😄

[ollie27]

This checks for valid UTF-8 so this impl should also be removed.

[nvzqz]

TryFrom<CString> for String is an obvious conversion. The underlying conversion checks valid UTF-8 but CString is a named and obvious type unlike Vec<u8>.

[ollie27]

A CString is a sequence of none nul bytes. A Vec<u8> is a sequence of bytes. The conversion to String is exactly the same so it doesn't make sense to include one but not the other.

[nvzqz]

@kennytm @sfackler do you guys have any input on this?

[sfackler]

I'd lean towards leaving this out for now.

[kennytm]

CI failed...

[kennytm]

[00:02:22] error[E0119]: conflicting implementations of trait `core::convert::TryFrom<_>` for type `ffi::c_str::CString`:
[00:02:22]    --> /checkout/src/libstd/ffi/c_str.rs:651:1
[00:02:22]     |
[00:02:22] 651 | / impl<T: Into<Vec<u8>>> TryFrom<T> for CString {
[00:02:22] 652 | |     type Error = NulError;
[00:02:22] 653 | |
[00:02:22] 654 | |     fn try_from(t: T) -> Result<CString, NulError> {
[00:02:22] 655 | |         CString::new(t)
[00:02:22] 656 | |     }
[00:02:22] 657 | | }
[00:02:22]     | |_^
[00:02:22]     |
[00:02:22]     = note: conflicting implementation in crate `core`

It is conflicting with impl<T, U> TryFrom<U> for T where T: From<U>, because CString: Into<Vec<u8>>, i.e. this overlaps with the identity transformation CString: TryFrom<CString>.

Try to change it to impl TryFrom<Vec<u8>> for CString and impl<'a> TryFrom<&'a [u8]> for CString.

[nvzqz]

Perhaps this should just be TryFrom<Vec<u8>> instead. Only having the slice conversion results in a potentially unwanted allocation in the case of:

let vec = vec![/* ... */];

let c_str: CString = vec.try_into()?;

[kennytm]

Hi @nvzqz, do you have time to fix the CI failure?

[kennytm]

Ok @sfackler it's your turn again.

BTW @nvzqz I strongly suggest you rebase and combine everything down to a single commit.

[carols10cents]

Review ping for you @sfackler !

[kennytm]

@sfackler There is a question for you too on #44916 (review).

[kennytm]

@nvzqz I think the consensus here is to keep only the encoding-agnostic conversions [u8] → CStr and Vec<u8> → CString.

[ollie27]

There is also an inconsistency between the &[u8] → &CStr and Vec<u8> → CString conversions. &[u8] → &CStr requires the slice ends in a nul byte but Vec<u8> → CString doesn't. At the very least that needs to be documented on the impls.

[kennytm]

I'm nominating this PR to the @rust-lang/libs team. The consensus so far is removing every conversion involving string encodings, which leaves us with [u8] → CStr and Vec<u8> → CString.

However, as #44916 (comment) pointed out, these two conversions are semantically incompatible in this current form. I can see several resolutions:

1. Accept the discrepancy, improve documentation
2. Remove [u8] → CStr and keep only Vec<u8> → CString
3. Remove Vec<u8> → CString and keep only [u8] → CStr
4. Keep [u8] → CStr and change Vec<u8> → CString to require a trailing zero
5. Give up, don't add any TryFrom implementations.
6. Some other creative solution?

No matter which is picked, I don't think the author can proceed without further decisions.

[sfackler]

The fact that there is any debate over what the semantics of these impls may indicate we shouldn't add them.

[kennytm]

Triage ping @rust-lang/libs @sfackler! Any update on this PR?

[dtolnay]

We discussed these impls with the libs team. Regarding &[u8] ⟶ &CStr and Vec<u8> ⟶ CString we agreed on option 5 of Kenny's #44916 (comment) -- give up and don't add these as TryFrom implementations. We prefer for code to use the verbose but unambiguous named constructors like CStr::from_bytes_with_nul if there is any question of what the impl does.

Feeling the need to document what the impl does is a sure sign that there is a question of what the impl does. From and TryFrom impls should never need explanatory documentation.

The &[u8] ⟶ &CStr conversion is the one that comes closest to meeting this bar. If someone understand the invariants of CStr and the implications of & ⟶ &, it really narrows it down to one possible thing the TryFrom impl could reasonably do. But even for that we felt it involves too much background knowledge and in practice the impl would need to be documented, so the conversion should not be handled by a TryFrom impl.

About CString ⟶ String we felt less strongly, but from reading the discussion here again I agree with the consensus of ruling this one out for the same reason as Vec<u8> ⟶ String.

As a secondary concern, we were skeptical about the motivation for adding any of these TryFrom impls. In general we felt that the existence of a Result<Self, Error> method does not necessary mean that an equivalent TryFrom impl needs to exist. We would have preferred for this to be motivated by a concrete API that someone wanted to write, some function where it makes sense to take T: TryInto<&'a CStr> that cannot be expressed any other way that is as ergonomic for callers.

Thanks anyway for the PR and for the insightful discussion -- this is what helps figure out the role we want for TryFrom.