Add bounds checked get_unchecked, use it everywhere.

src/avx2/deser.rs

@@ -12,6 +12,7 @@ use std::arch::x86_64::{
 use std::mem;
 
 pub use crate::error::{Error, ErrorType};
+use crate::safer_unchecked::GetSaferUnchecked;
 use crate::stringparse::{handle_unicode_codepoint, ESCAPE_MAP};
 use crate::Deserializer;
 pub use crate::Result;
@@ -44,7 +45,7 @@ impl<'de> Deserializer<'de> {
         // This is safe since we check sub's length in the range access above and only
         // create sub sliced form sub to `sub.len()`.
 
-        let src: &[u8] = unsafe { data.get_unchecked(idx..) };
+        let src: &[u8] = unsafe { data.get_kinda_unchecked(idx..) };
         let mut src_i: usize = 0;
         let mut len = src_i;
         loop {
@@ -77,7 +78,7 @@ impl<'de> Deserializer<'de> {
 
                 len += quote_dist as usize;
                 unsafe {
-                    let v = input.get_unchecked(idx..idx + len) as *const [u8] as *const str;
+                    let v = input.get_kinda_unchecked(idx..idx + len) as *const [u8] as *const str;
                     return Ok(&*v);
                 }
 
@@ -142,10 +143,10 @@ impl<'de> Deserializer<'de> {
                 dst_i += quote_dist as usize;
                 unsafe {
                     input
-                        .get_unchecked_mut(idx + len..idx + len + dst_i)
-                        .clone_from_slice(buffer.get_unchecked(..dst_i));
+                        .get_kinda_unchecked_mut(idx + len..idx + len + dst_i)
+                        .clone_from_slice(buffer.get_kinda_unchecked(..dst_i));
                     let v =
-                        input.get_unchecked(idx..idx + len + dst_i) as *const [u8] as *const str;
+                        input.get_kinda_unchecked(idx..idx + len + dst_i) as *const [u8] as *const str;
                     return Ok(&*v);
                 }
 
@@ -155,16 +156,16 @@ impl<'de> Deserializer<'de> {
             if (quote_bits.wrapping_sub(1) & bs_bits) != 0 {
                 // find out where the backspace is
                 let bs_dist: u32 = bs_bits.trailing_zeros();
-                let escape_char: u8 = unsafe { *src.get_unchecked(src_i + bs_dist as usize + 1) };
+                let escape_char: u8 = unsafe { *src.get_kinda_unchecked(src_i + bs_dist as usize + 1) };
                 // we encountered backslash first. Handle backslash
                 if escape_char == b'u' {
                     // move src/dst up to the start; they will be further adjusted
                     // within the unicode codepoint handling code.
                     src_i += bs_dist as usize;
                     dst_i += bs_dist as usize;
                     let (o, s) = if let Ok(r) =
-                        handle_unicode_codepoint(unsafe { src.get_unchecked(src_i..) }, unsafe {
-                            buffer.get_unchecked_mut(dst_i..)
+                        handle_unicode_codepoint(unsafe { src.get_kinda_unchecked(src_i..) }, unsafe {
+                            buffer.get_kinda_unchecked_mut(dst_i..)
                         }) {
                         r
                     } else {
@@ -182,12 +183,12 @@ impl<'de> Deserializer<'de> {
                     // note this may reach beyond the part of the buffer we've actually
                     // seen. I think this is ok
                     let escape_result: u8 =
-                        unsafe { *ESCAPE_MAP.get_unchecked(escape_char as usize) };
+                        unsafe { *ESCAPE_MAP.get_kinda_unchecked(escape_char as usize) };
                     if escape_result == 0 {
                         return Err(Self::raw_error(src_i, escape_char as char, InvalidEscape));
                     }
                     unsafe {
-                        *buffer.get_unchecked_mut(dst_i + bs_dist as usize) = escape_result;
+                        *buffer.get_kinda_unchecked_mut(dst_i + bs_dist as usize) = escape_result;
                     }
                     src_i += bs_dist as usize + 2;
                     dst_i += bs_dist as usize + 1;

src/charutils.rs

@@ -1,3 +1,5 @@
+use crate::safer_unchecked::GetSaferUnchecked;
+
 const STRUCTURAL_OR_WHITESPACE_NEGATED: [u32; 256] = [
     0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
     0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1,
@@ -22,12 +24,12 @@ const STRUCTURAL_OR_WHITESPACE: [u32; 256] = [
 
 #[cfg_attr(not(feature = "no-inline"), inline(always))]
 pub fn is_not_structural_or_whitespace(c: u8) -> u32 {
-    unsafe { *STRUCTURAL_OR_WHITESPACE_NEGATED.get_unchecked(c as usize) }
+    unsafe { *STRUCTURAL_OR_WHITESPACE_NEGATED.get_kinda_unchecked(c as usize) }
 }
 
 #[cfg_attr(not(feature = "no-inline"), inline(always))]
 pub fn is_structural_or_whitespace(c: u8) -> u32 {
-    unsafe { *STRUCTURAL_OR_WHITESPACE.get_unchecked(c as usize) }
+    unsafe { *STRUCTURAL_OR_WHITESPACE.get_kinda_unchecked(c as usize) }
 }
 
 const DIGITTOVAL: [i8; 256] = [
@@ -55,10 +57,10 @@ pub fn hex_to_u32_nocheck(src: &[u8]) -> u32 {
     // invalid value. After the shifts, this will *still* result in the outcome that the high 16 bits of any
     // value with any invalid char will be all 1's. We check for this in the caller.
     unsafe {
-        let v1: i32 = i32::from(*DIGITTOVAL.get_unchecked(*src.get_unchecked(0) as usize));
-        let v2: i32 = i32::from(*DIGITTOVAL.get_unchecked(*src.get_unchecked(1) as usize));
-        let v3: i32 = i32::from(*DIGITTOVAL.get_unchecked(*src.get_unchecked(2) as usize));
-        let v4: i32 = i32::from(*DIGITTOVAL.get_unchecked(*src.get_unchecked(3) as usize));
+        let v1: i32 = i32::from(*DIGITTOVAL.get_kinda_unchecked(*src.get_kinda_unchecked(0) as usize));
+        let v2: i32 = i32::from(*DIGITTOVAL.get_kinda_unchecked(*src.get_kinda_unchecked(1) as usize));
+        let v3: i32 = i32::from(*DIGITTOVAL.get_kinda_unchecked(*src.get_kinda_unchecked(2) as usize));
+        let v4: i32 = i32::from(*DIGITTOVAL.get_kinda_unchecked(*src.get_kinda_unchecked(3) as usize));
         (v1 << 12 | v2 << 8 | v3 << 4 | v4) as u32
     }
 }
@@ -80,27 +82,27 @@ pub fn hex_to_u32_nocheck(src: &[u8]) -> u32 {
 pub fn codepoint_to_utf8(cp: u32, c: &mut [u8]) -> usize {
     unsafe {
         if cp <= 0x7F {
-            *c.get_unchecked_mut(0) = cp as u8;
+            *c.get_kinda_unchecked_mut(0) = cp as u8;
             return 1; // ascii
         }
         if cp <= 0x7FF {
-            *c.get_unchecked_mut(0) = ((cp >> 6) + 192) as u8;
-            *c.get_unchecked_mut(1) = ((cp & 63) + 128) as u8;
+            *c.get_kinda_unchecked_mut(0) = ((cp >> 6) + 192) as u8;
+            *c.get_kinda_unchecked_mut(1) = ((cp & 63) + 128) as u8;
             return 2; // universal plane
                       //  Surrogates are treated elsewhere...
                       //} //else if (0xd800 <= cp && cp <= 0xdfff) {
                       //  return 0; // surrogates // could put assert here
         } else if cp <= 0xFFFF {
-            *c.get_unchecked_mut(0) = ((cp >> 12) + 224) as u8;
-            *c.get_unchecked_mut(1) = (((cp >> 6) & 63) + 128) as u8;
-            *c.get_unchecked_mut(2) = ((cp & 63) + 128) as u8;
+            *c.get_kinda_unchecked_mut(0) = ((cp >> 12) + 224) as u8;
+            *c.get_kinda_unchecked_mut(1) = (((cp >> 6) & 63) + 128) as u8;
+            *c.get_kinda_unchecked_mut(2) = ((cp & 63) + 128) as u8;
             return 3;
         } else if cp <= 0x0010_FFFF {
             // if you know you have a valid code point, this is not needed
-            *c.get_unchecked_mut(0) = ((cp >> 18) + 240) as u8;
-            *c.get_unchecked_mut(1) = (((cp >> 12) & 63) + 128) as u8;
-            *c.get_unchecked_mut(2) = (((cp >> 6) & 63) + 128) as u8;
-            *c.get_unchecked_mut(3) = ((cp & 63) + 128) as u8;
+            *c.get_kinda_unchecked_mut(0) = ((cp >> 18) + 240) as u8;
+            *c.get_kinda_unchecked_mut(1) = (((cp >> 12) & 63) + 128) as u8;
+            *c.get_kinda_unchecked_mut(2) = (((cp >> 6) & 63) + 128) as u8;
+            *c.get_kinda_unchecked_mut(3) = ((cp & 63) + 128) as u8;
             return 4;
         }
     }

src/lib.rs

@@ -1,6 +1,5 @@
 #![deny(warnings)]
 #![cfg_attr(feature = "hints", feature(core_intrinsics))]
-#![deny(warnings)]
 #![warn(unused_extern_crates)]
 #![deny(
     clippy::all,
@@ -139,6 +138,9 @@ mod macros;
 mod error;
 mod numberparse;
 mod stringparse;
+mod safer_unchecked;
+
+use safer_unchecked::GetSaferUnchecked;
 
 /// Reexport of Cow
 pub mod cow;
@@ -479,16 +481,20 @@ impl<'de> Deserializer<'de> {
         }
 
         unsafe {
-            input_buffer
-                .as_mut_slice()
-                .get_unchecked_mut(..len)
-                .clone_from_slice(input);
-            *(input_buffer.get_unchecked_mut(len)) = 0;
-            input_buffer.set_len(len);
+            std::ptr::copy_nonoverlapping(
+                input.as_ptr(),
+                input_buffer.as_mut_ptr(),
+                len,
+            );
+
+            let to_fill = input_buffer.capacity() - len;
+            std::ptr::write_bytes(input_buffer.as_mut_ptr().add(len), 0, to_fill);
+
+            input_buffer.set_len(input_buffer.capacity());
         };
 
         let s1_result: std::result::Result<Vec<u32>, ErrorType> =
-            unsafe { Self::find_structural_bits(input_buffer) };
+            unsafe { Self::find_structural_bits(input) };
 
         let structural_indexes = match s1_result {
             Ok(i) => i,
@@ -519,7 +525,7 @@ impl<'de> Deserializer<'de> {
     #[cfg_attr(not(feature = "no-inline"), inline(always))]
     pub unsafe fn next_(&mut self) -> Node<'de> {
         self.idx += 1;
-        *self.tape.get_unchecked(self.idx)
+        *self.tape.get_kinda_unchecked(self.idx)
     }
 
     //#[inline(never)]
@@ -569,7 +575,7 @@ impl<'de> Deserializer<'de> {
               __builtin_prefetch(buf + idx + 128);
             #endif
              */
-            let chunk = input.get_unchecked(idx..idx + 64);
+            let chunk = input.get_kinda_unchecked(idx..idx + 64);
             utf8_validator.update_from_chunks(chunk);
 
             let input = SimdInput::new(chunk);
@@ -717,15 +723,16 @@ impl AlignedBuf {
         }
     }
 
+    fn as_mut_ptr(&mut self) -> *mut u8 {
+        self.inner.as_ptr()
+    }
+
     fn capacity_overflow() -> ! {
         panic!("capacity overflow");
     }
     fn capacity(&self) -> usize {
         self.capacity
     }
-    fn as_mut_slice(&mut self) -> &mut [u8] {
-        unsafe { std::slice::from_raw_parts_mut(self.inner.as_ptr(), self.len) }
-    }
     unsafe fn set_len(&mut self, n: usize) {
         assert!(
             n <= self.capacity,

src/neon/deser.rs

@@ -1,3 +1,4 @@
+use crate::safer_unchecked::GetSaferUnchecked;
 use crate::error::ErrorType;
 use crate::neon::stage1::bit_mask;
 use crate::stringparse::{handle_unicode_codepoint, ESCAPE_MAP};
@@ -64,14 +65,14 @@ impl<'de> Deserializer<'de> {
         // This is safe since we check sub's length in the range access above and only
         // create sub sliced form sub to `sub.len()`.
 
-        let src: &[u8] = unsafe { data.get_unchecked(idx..) };
+        let src: &[u8] = unsafe { data.get_kinda_unchecked(idx..) };
         let mut src_i: usize = 0;
         let mut len = src_i;
         loop {
             let (v0, v1) = unsafe {
                 (
-                    vld1q_u8(src.get_unchecked(src_i..src_i + 16).as_ptr()),
-                    vld1q_u8(src.get_unchecked(src_i + 16..src_i + 32).as_ptr()),
+                    vld1q_u8(src.get_kinda_unchecked(src_i..src_i + 16).as_ptr()),
+                    vld1q_u8(src.get_kinda_unchecked(src_i + 16..src_i + 32).as_ptr()),
                 )
             };
 
@@ -92,7 +93,7 @@ impl<'de> Deserializer<'de> {
 
                 len += quote_dist as usize;
                 unsafe {
-                    let v = input.get_unchecked(idx..idx + len) as *const [u8] as *const str;
+                    let v = input.get_kinda_unchecked(idx..idx + len) as *const [u8] as *const str;
                     return Ok(&*v);
                 }
 
@@ -119,15 +120,15 @@ impl<'de> Deserializer<'de> {
         loop {
             let (v0, v1) = unsafe {
                 (
-                    vld1q_u8(src.get_unchecked(src_i..src_i + 16).as_ptr()),
-                    vld1q_u8(src.get_unchecked(src_i + 16..src_i + 32).as_ptr()),
+                    vld1q_u8(src.get_kinda_unchecked(src_i..src_i + 16).as_ptr()),
+                    vld1q_u8(src.get_kinda_unchecked(src_i + 16..src_i + 32).as_ptr()),
                 )
             };
 
             unsafe {
                 buffer
-                    .get_unchecked_mut(dst_i..dst_i + 32)
-                    .copy_from_slice(src.get_unchecked(src_i..src_i + 32));
+                    .get_kinda_unchecked_mut(dst_i..dst_i + 32)
+                    .copy_from_slice(src.get_kinda_unchecked(src_i..src_i + 32));
             }
 
             // store to dest unconditionally - we can overwrite the bits we don't like
@@ -150,10 +151,10 @@ impl<'de> Deserializer<'de> {
                 dst_i += quote_dist as usize;
                 unsafe {
                     input
-                        .get_unchecked_mut(idx + len..idx + len + dst_i)
-                        .clone_from_slice(buffer.get_unchecked(..dst_i));
+                        .get_kinda_unchecked_mut(idx + len..idx + len + dst_i)
+                        .clone_from_slice(buffer.get_kinda_unchecked(..dst_i));
                     let v =
-                        input.get_unchecked(idx..idx + len + dst_i) as *const [u8] as *const str;
+                        input.get_kinda_unchecked(idx..idx + len + dst_i) as *const [u8] as *const str;
                     return Ok(&*v);
                 }
 
@@ -163,16 +164,16 @@ impl<'de> Deserializer<'de> {
             if (quote_bits.wrapping_sub(1) & bs_bits) != 0 {
                 // find out where the backspace is
                 let bs_dist: u32 = bs_bits.trailing_zeros();
-                let escape_char: u8 = unsafe { *src.get_unchecked(src_i + bs_dist as usize + 1) };
+                let escape_char: u8 = unsafe { *src.get_kinda_unchecked(src_i + bs_dist as usize + 1) };
                 // we encountered backslash first. Handle backslash
                 if escape_char == b'u' {
                     // move src/dst up to the start; they will be further adjusted
                     // within the unicode codepoint handling code.
                     src_i += bs_dist as usize;
                     dst_i += bs_dist as usize;
                     let (o, s) = if let Ok(r) =
-                        handle_unicode_codepoint(unsafe { src.get_unchecked(src_i..) }, unsafe {
-                            buffer.get_unchecked_mut(dst_i..)
+                        handle_unicode_codepoint(unsafe { src.get_kinda_unchecked(src_i..) }, unsafe {
+                            buffer.get_kinda_unchecked_mut(dst_i..)
                         }) {
                         r
                     } else {
@@ -190,12 +191,12 @@ impl<'de> Deserializer<'de> {
                     // note this may reach beyond the part of the buffer we've actually
                     // seen. I think this is ok
                     let escape_result: u8 =
-                        unsafe { *ESCAPE_MAP.get_unchecked(escape_char as usize) };
+                        unsafe { *ESCAPE_MAP.get_kinda_unchecked(escape_char as usize) };
                     if escape_result == 0 {
                         return Err(Self::raw_error(src_i, escape_char as char, InvalidEscape));
                     }
                     unsafe {
-                        *buffer.get_unchecked_mut(dst_i + bs_dist as usize) = escape_result;
+                        *buffer.get_kinda_unchecked_mut(dst_i + bs_dist as usize) = escape_result;
                     }
                     src_i += bs_dist as usize + 2;
                     dst_i += bs_dist as usize + 1;