From c6810a569f52feff03a36fb496780410b2912783 Mon Sep 17 00:00:00 2001 From: David Tolnay Date: Fri, 26 Nov 2021 12:57:36 -0800 Subject: [PATCH] Clarify safety comment on using i to index into self.source --- library/core/src/str/lossy.rs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/core/src/str/lossy.rs b/library/core/src/str/lossy.rs index 748ee314e73..32bd22846e7 100644 --- a/library/core/src/str/lossy.rs +++ b/library/core/src/str/lossy.rs @@ -122,8 +122,14 @@ impl<'a> Iterator for Utf8LossyChunksIter<'a> { valid_up_to = i; } - // SAFETY: `i <= self.source.len()` because it only ever increments by 1 - // and the loop is terminated as soon as that goes beyond bounds. + // SAFETY: `i <= self.source.len()` because it is only ever incremented + // via `i += 1` and in between every single one of those increments, `i` + // is compared against `self.source.len()`. That happens either + // literally by `i < self.source.len()` in the while-loop's condition, + // or indirectly by `safe_get(self.source, i) & 192 != TAG_CONT_U8`. The + // loop is terminated as soon as the latest `i += 1` has made `i` no + // longer less than `self.source.len()`, which means it'll be at most + // equal to `self.source.len()`. let (inspected, remaining) = unsafe { self.source.split_at_unchecked(i) }; self.source = remaining;