//! Indexing implementations for `[T]`.
+use crate::intrinsics::assert_unsafe_precondition;
use crate::intrinsics::const_eval_select;
use crate::ops;
use crate::ptr;
/// Implementations of this trait have to promise that if the argument
/// to `get_(mut_)unchecked` is a safe reference, then so is the result.
#[stable(feature = "slice_get_slice", since = "1.28.0")]
+#[rustc_diagnostic_item = "SliceIndex"]
#[rustc_on_unimplemented(
on(T = "str", label = "string indices are ranges of `usize`",),
on(
// cannot be longer than `isize::MAX`. They also guarantee that
// `self` is in bounds of `slice` so `self` cannot overflow an `isize`,
// so the call to `add` is safe.
- unsafe { slice.as_ptr().add(self) }
+ unsafe {
+ assert_unsafe_precondition!(self < slice.len());
+ slice.as_ptr().add(self)
+ }
}
#[inline]
unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut T {
// SAFETY: see comments for `get_unchecked` above.
- unsafe { slice.as_mut_ptr().add(self) }
+ unsafe {
+ assert_unsafe_precondition!(self < slice.len());
+ slice.as_mut_ptr().add(self)
+ }
}
#[inline]
// cannot be longer than `isize::MAX`. They also guarantee that
// `self` is in bounds of `slice` so `self` cannot overflow an `isize`,
// so the call to `add` is safe.
- unsafe { ptr::slice_from_raw_parts(slice.as_ptr().add(self.start), self.end - self.start) }
+
+ unsafe {
+ assert_unsafe_precondition!(self.end >= self.start && self.end <= slice.len());
+ ptr::slice_from_raw_parts(slice.as_ptr().add(self.start), self.end - self.start)
+ }
}
#[inline]
unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
// SAFETY: see comments for `get_unchecked` above.
unsafe {
+ assert_unsafe_precondition!(self.end >= self.start && self.end <= slice.len());
ptr::slice_from_raw_parts_mut(slice.as_mut_ptr().add(self.start), self.end - self.start)
}
}