adetaylor
commented
4 years ago Uses of unsafe:
- Creating a 40-byte long buffer which starts uninitialized, then is filled in using (mostly)
ptr::copy_nonoverlappingto assemble the string representation of the integer, from right to left. - Creating a slice from that data and length.
- Converting that slice to a string without UTF8 checks.
- Some of the above is duplicated for i128s.
Given the need to initialize the string from right to left for performance, the only options I see would be:
- Use a vec (or a String), then reverse it, which would presumably be slower.
- Invent a new buffer type that maintains a bitmap of which bytes are initialized and/or are valid UTF8. That would presumably add runtime overhead too, except in cases of remarkable compiler optimization.
I wonder if the need for that latter type has shown up anywhere else in safety-dance's audits? Or if anyone has any better ideas?
Lokathor
itoahas fast functions for printing integers. It's a dependency ofserde_jsonso is included in lots of things. It's by the awesome dtolnay so I suspect it's unlikely we can add safety, but maybe we can identify patterns that can be better supported in future Rust.https://github.com/dtolnay/itoa