diff options
| author | Thom Chiovoloni <chiovolonit@gmail.com> | 2021-10-29 19:44:29 -0700 |
|---|---|---|
| committer | Thom Chiovoloni <chiovolonit@gmail.com> | 2021-10-31 13:11:01 -0700 |
| commit | e81fefaa5096b22c79d13df70eb59d2d66cc536c (patch) | |
| tree | 077818afebd7a04aa22c91a74581a8e7bc10c9b9 | |
| parent | 83aa6d4109f94730b62e275df30247091c629ce9 (diff) | |
| download | rust-e81fefaa5096b22c79d13df70eb59d2d66cc536c.tar.gz rust-e81fefaa5096b22c79d13df70eb59d2d66cc536c.zip | |
Address some issues in chunk iterator safety comments
Co-authored-by: the8472 <the8472@users.noreply.github.com>
| -rw-r--r-- | library/core/src/slice/iter.rs | 34 |
1 files changed, 9 insertions, 25 deletions
diff --git a/library/core/src/slice/iter.rs b/library/core/src/slice/iter.rs index 1b9f64ff215..18bf61aeb16 100644 --- a/library/core/src/slice/iter.rs +++ b/library/core/src/slice/iter.rs @@ -1475,22 +1475,19 @@ impl<'a, T> DoubleEndedIterator for Chunks<'a, T> { let remainder = self.v.len() % self.chunk_size; let chunksz = if remainder != 0 { remainder } else { self.chunk_size }; // SAFETY: split_at_unchecked requires the argument be less than or - // equal to the length. This is guaranteed, but subtle: We need the - // expression `self.v.len() - sz` not to overflow, which means we - // need `sz >= tmp_len`. - // - // `sz` will always either be `self.v.len() % self.chunk_size`, - // which will always evaluate to strictly less than `self.v.len()` - // (or panic, in the case that `self.chunk_size` is zero), or it can - // be `self.chunk_size`, in the case that the length is exactly + // equal to the length. This is guaranteed, but subtle: `chunksz` + // will always either be `self.v.len() % self.chunk_size`, which + // will always evaluate to strictly less than `self.v.len()` (or + // panic, in the case that `self.chunk_size` is zero), or it can be + // `self.chunk_size`, in the case that the length is exactly // divisible by the chunk size. // // While it seems like using `self.chunk_size` in this case could // lead to a value greater than `self.v.len()`, it cannot: if // `self.chunk_size` were greater than `self.v.len()`, then - // `self.v.len() % self.chunk_size` would have returned non-zero - // (note that in this branch of the `if`, we already know that - // `self.v` is non-empty). + // `self.v.len() % self.chunk_size` would return nonzero (note that + // in this branch of the `if`, we already know that `self.v` is + // non-empty). let (fst, snd) = unsafe { self.v.split_at_unchecked(self.v.len() - chunksz) }; self.v = fst; Some(snd) @@ -2524,20 +2521,7 @@ impl<'a, T> DoubleEndedIterator for RChunks<'a, T> { } else { let remainder = self.v.len() % self.chunk_size; let chunksz = if remainder != 0 { remainder } else { self.chunk_size }; - // SAFETY: split_at_unchecked requires the argument be less than or - // equal to the length. This is guaranteed, but subtle: `chunksz` - // will always either be `self.v.len() % self.chunk_size`, which - // will always evaluate to strictly less than `self.v.len()` (or - // panic, in the case that `self.chunk_size` is zero), or it can be - // `self.chunk_size`, in the case that the length is exactly - // divisible by the chunk size. - // - // While it seems like using `self.chunk_size` in this case could - // lead to a value greater than `self.v.len()`, it cannot: if - // `self.chunk_size` were greater than `self.v.len()`, then - // `self.v.len() % self.chunk_size` would return nonzero (note that - // in this branch of the `if`, we already know that `self.v` is - // non-empty). + // SAFETY: similar to Chunks::next_back let (fst, snd) = unsafe { self.v.split_at_unchecked(chunksz) }; self.v = snd; Some(fst) |