Auto merge of #120863 - saethlin:slice-get-checked, r=<try>

Improve precondition checks for unchecked slice indexing

r? `@ghost`

Author: bors

library/core/src/slice/index.rs

@@ -1,9 +1,9 @@
 //! Indexing implementations for `[T]`.
 
+use crate::intrinsics::assert_unsafe_precondition;
 use crate::intrinsics::const_eval_select;
 use crate::intrinsics::unchecked_sub;
 use crate::ops;
-use crate::panic::debug_assert_nounwind;
 use crate::ptr;
 
 #[stable(feature = "rust1", since = "1.0.0")]
@@ -225,28 +225,36 @@ unsafe impl<T> SliceIndex<[T]> for usize {
 
     #[inline]
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const T {
-        debug_assert_nounwind!(
-            self < slice.len(),
-            "slice::get_unchecked requires that the index is within the slice",
-        );
         // SAFETY: the caller guarantees that `slice` is not dangling, so it
         // cannot be longer than `isize::MAX`. They also guarantee that
         // `self` is in bounds of `slice` so `self` cannot overflow an `isize`,
         // so the call to `add` is safe.
         unsafe {
-            crate::hint::assert_unchecked(self < slice.len());
+            assert_unsafe_precondition!(
+                "slice::get_unchecked requires that the index is within the slice",
+                (
+                    this: usize = self,
+                    len: usize = slice.len()
+                ) => this < len
+            );
+            crate::intrinsics::assume(self < slice.len());
             slice.as_ptr().add(self)
         }
     }
 
     #[inline]
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut T {
-        debug_assert_nounwind!(
-            self < slice.len(),
-            "slice::get_unchecked_mut requires that the index is within the slice",
-        );
         // SAFETY: see comments for `get_unchecked` above.
-        unsafe { slice.as_mut_ptr().add(self) }
+        unsafe {
+            assert_unsafe_precondition!(
+                "slice::get_unchecked_mut requires that the index is within the slice",
+                (
+                    this: usize = self,
+                    len: usize = slice.len()
+                ) => this < len
+            );
+            slice.as_mut_ptr().add(self)
+        }
     }
 
     #[inline]
@@ -290,25 +298,36 @@ unsafe impl<T> SliceIndex<[T]> for ops::IndexRange {
 
     #[inline]
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const [T] {
-        debug_assert_nounwind!(
-            self.end() <= slice.len(),
-            "slice::get_unchecked requires that the index is within the slice"
-        );
         // SAFETY: the caller guarantees that `slice` is not dangling, so it
         // cannot be longer than `isize::MAX`. They also guarantee that
         // `self` is in bounds of `slice` so `self` cannot overflow an `isize`,
         // so the call to `add` is safe.
-        unsafe { ptr::slice_from_raw_parts(slice.as_ptr().add(self.start()), self.len()) }
+        unsafe {
+            assert_unsafe_precondition!(
+                "slice::get_unchecked requires that the index is within the slice",
+                (
+                    end: usize = self.end(),
+                    len: usize = slice.len()
+                ) => end <= len
+            );
+            ptr::slice_from_raw_parts(slice.as_ptr().add(self.start()), self.len())
+        }
     }
 
     #[inline]
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
-        debug_assert_nounwind!(
-            self.end() <= slice.len(),
-            "slice::get_unchecked_mut requires that the index is within the slice",
-        );
         // SAFETY: see comments for `get_unchecked` above.
-        unsafe { ptr::slice_from_raw_parts_mut(slice.as_mut_ptr().add(self.start()), self.len()) }
+        unsafe {
+            assert_unsafe_precondition!(
+                "slice::get_unchecked_mut requires that the index is within the slice",
+                (
+                    end: usize = self.end(),
+                    len: usize = slice.len()
+                ) => end <= len
+            );
+
+            ptr::slice_from_raw_parts_mut(slice.as_mut_ptr().add(self.start()), self.len())
+        }
     }
 
     #[inline]
@@ -359,28 +378,36 @@ unsafe impl<T> SliceIndex<[T]> for ops::Range<usize> {
 
     #[inline]
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const [T] {
-        debug_assert_nounwind!(
-            self.end >= self.start && self.end <= slice.len(),
-            "slice::get_unchecked requires that the range is within the slice",
-        );
         // SAFETY: the caller guarantees that `slice` is not dangling, so it
         // cannot be longer than `isize::MAX`. They also guarantee that
         // `self` is in bounds of `slice` so `self` cannot overflow an `isize`,
         // so the call to `add` is safe and the length calculation cannot overflow.
         unsafe {
+            assert_unsafe_precondition!(
+                "slice::get_unchecked requires that the range is within the slice",
+                (
+                    end: usize = self.end,
+                    start: usize = self.start,
+                    len: usize = slice.len()
+                ) => end >= start && end <= len
+            );
             let new_len = unchecked_sub(self.end, self.start);
             ptr::slice_from_raw_parts(slice.as_ptr().add(self.start), new_len)
         }
     }
 
     #[inline]
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
-        debug_assert_nounwind!(
-            self.end >= self.start && self.end <= slice.len(),
-            "slice::get_unchecked_mut requires that the range is within the slice",
-        );
         // SAFETY: see comments for `get_unchecked` above.
         unsafe {
+            assert_unsafe_precondition!(
+                "slice::get_unchecked_mut requires that the range is within the slice",
+                (
+                    end: usize = self.end,
+                    start: usize = self.start,
+                    len: usize = slice.len()
+                ) => end >= start && end <= len
+            );
             let new_len = unchecked_sub(self.end, self.start);
             ptr::slice_from_raw_parts_mut(slice.as_mut_ptr().add(self.start), new_len)
         }

tests/mir-opt/pre-codegen/slice_index.slice_get_mut_usize.PreCodegen.after.panic-abort.mir

@@ -7,89 +7,13 @@ fn slice_get_mut_usize(_1: &mut [u32], _2: usize) -> Option<&mut u32> {
     scope 1 (inlined core::slice::<impl [u32]>::get_mut::<usize>) {
         debug self => _1;
         debug index => _2;
-        scope 2 (inlined <usize as SliceIndex<[u32]>>::get_mut) {
-            debug self => _2;
-            debug slice => _1;
-            let mut _3: usize;
-            let mut _4: bool;
-            let mut _5: *mut [u32];
-            let mut _7: *mut u32;
-            let mut _8: &mut u32;
-            scope 3 {
-                scope 4 (inlined <usize as SliceIndex<[u32]>>::get_unchecked_mut) {
-                    debug self => _2;
-                    debug slice => _5;
-                    let mut _6: *mut u32;
-                    let mut _9: *mut [u32];
-                    let mut _10: &[&str];
-                    scope 5 {
-                        scope 10 (inlined std::ptr::mut_ptr::<impl *mut [u32]>::as_mut_ptr) {
-                            debug self => _5;
-                        }
-                        scope 11 (inlined std::ptr::mut_ptr::<impl *mut u32>::add) {
-                            debug self => _6;
-                            debug count => _2;
-                            scope 12 {
-                            }
-                        }
-                    }
-                    scope 6 (inlined std::ptr::mut_ptr::<impl *mut [u32]>::len) {
-                        debug self => _9;
-                        let mut _11: *const [u32];
-                        scope 7 (inlined std::ptr::metadata::<[u32]>) {
-                            debug ptr => _11;
-                            scope 8 {
-                            }
-                        }
-                    }
-                    scope 9 (inlined Arguments::<'_>::new_const) {
-                        debug pieces => _10;
-                    }
-                }
-            }
-        }
     }
 
     bb0: {
-        StorageLive(_7);
-        StorageLive(_4);
-        StorageLive(_3);
-        _3 = Len((*_1));
-        _4 = Lt(_2, move _3);
-        switchInt(move _4) -> [0: bb1, otherwise: bb2];
+        _0 = <usize as SliceIndex<[u32]>>::get_mut(move _2, move _1) -> [return: bb1, unwind unreachable];
     }
 
     bb1: {
-        StorageDead(_3);
-        _0 = const Option::<&mut u32>::None;
-        goto -> bb3;
-    }
-
-    bb2: {
-        StorageDead(_3);
-        StorageLive(_8);
-        StorageLive(_5);
-        _5 = &raw mut (*_1);
-        StorageLive(_9);
-        StorageLive(_10);
-        StorageLive(_11);
-        StorageLive(_6);
-        _6 = _5 as *mut u32 (PtrToPtr);
-        _7 = Offset(_6, _2);
-        StorageDead(_6);
-        StorageDead(_11);
-        StorageDead(_10);
-        StorageDead(_9);
-        StorageDead(_5);
-        _8 = &mut (*_7);
-        _0 = Option::<&mut u32>::Some(move _8);
-        StorageDead(_8);
-        goto -> bb3;
-    }
-
-    bb3: {
-        StorageDead(_4);
-        StorageDead(_7);
         return;
     }
 }

tests/mir-opt/pre-codegen/slice_index.slice_get_mut_usize.PreCodegen.after.panic-unwind.mir

@@ -7,89 +7,13 @@ fn slice_get_mut_usize(_1: &mut [u32], _2: usize) -> Option<&mut u32> {
     scope 1 (inlined core::slice::<impl [u32]>::get_mut::<usize>) {
         debug self => _1;
         debug index => _2;
-        scope 2 (inlined <usize as SliceIndex<[u32]>>::get_mut) {
-            debug self => _2;
-            debug slice => _1;
-            let mut _3: usize;
-            let mut _4: bool;
-            let mut _5: *mut [u32];
-            let mut _7: *mut u32;
-            let mut _8: &mut u32;
-            scope 3 {
-                scope 4 (inlined <usize as SliceIndex<[u32]>>::get_unchecked_mut) {
-                    debug self => _2;
-                    debug slice => _5;
-                    let mut _6: *mut u32;
-                    let mut _9: *mut [u32];
-                    let mut _10: &[&str];
-                    scope 5 {
-                        scope 10 (inlined std::ptr::mut_ptr::<impl *mut [u32]>::as_mut_ptr) {
-                            debug self => _5;
-                        }
-                        scope 11 (inlined std::ptr::mut_ptr::<impl *mut u32>::add) {
-                            debug self => _6;
-                            debug count => _2;
-                            scope 12 {
-                            }
-                        }
-                    }
-                    scope 6 (inlined std::ptr::mut_ptr::<impl *mut [u32]>::len) {
-                        debug self => _9;
-                        let mut _11: *const [u32];
-                        scope 7 (inlined std::ptr::metadata::<[u32]>) {
-                            debug ptr => _11;
-                            scope 8 {
-                            }
-                        }
-                    }
-                    scope 9 (inlined Arguments::<'_>::new_const) {
-                        debug pieces => _10;
-                    }
-                }
-            }
-        }
     }
 
     bb0: {
-        StorageLive(_7);
-        StorageLive(_4);
-        StorageLive(_3);
-        _3 = Len((*_1));
-        _4 = Lt(_2, move _3);
-        switchInt(move _4) -> [0: bb1, otherwise: bb2];
+        _0 = <usize as SliceIndex<[u32]>>::get_mut(move _2, move _1) -> [return: bb1, unwind continue];
     }
 
     bb1: {
-        StorageDead(_3);
-        _0 = const Option::<&mut u32>::None;
-        goto -> bb3;
-    }
-
-    bb2: {
-        StorageDead(_3);
-        StorageLive(_8);
-        StorageLive(_5);
-        _5 = &raw mut (*_1);
-        StorageLive(_9);
-        StorageLive(_10);
-        StorageLive(_11);
-        StorageLive(_6);
-        _6 = _5 as *mut u32 (PtrToPtr);
-        _7 = Offset(_6, _2);
-        StorageDead(_6);
-        StorageDead(_11);
-        StorageDead(_10);
-        StorageDead(_9);
-        StorageDead(_5);
-        _8 = &mut (*_7);
-        _0 = Option::<&mut u32>::Some(move _8);
-        StorageDead(_8);
-        goto -> bb3;
-    }
-
-    bb3: {
-        StorageDead(_4);
-        StorageDead(_7);
         return;
     }
 }