@@ -43,48 +43,53 @@ mod primitive {
4343 pub struct PushBytes ( [ u8 ] ) ;
4444
4545 impl PushBytes {
46- /// Creates `&Self ` without checking the length.
46+ /// Creates `&PushBytes ` without checking the length.
4747///
4848/// # Safety
4949///
50- /// The caller is responsible for checking that the length is less than the [`LIMIT`] .
50+ /// The caller is responsible for checking that the length is less than the 2^32 .
5151unsafe fn from_slice_unchecked ( bytes : & [ u8 ] ) -> & Self {
52+ // SAFETY: The caller must guarantee that bytes.len() < 2^32.
53+ // If that is the case the conversion is sound because &[u8] and &PushBytes
54+ // have the same layout (because of #[repr(transparent)] on PushBytes).
5255 & * ( bytes as * const [ u8 ] as * const PushBytes )
5356 }
5457
55- /// Creates `&mut Self ` without checking the length.
58+ /// Creates `&mut PushBytes ` without checking the length.
5659///
5760/// # Safety
5861///
59- /// The caller is responsible for checking that the length is less than the [`LIMIT`] .
62+ /// The caller is responsible for checking that the length is less than the 2^32 .
6063unsafe fn from_mut_slice_unchecked ( bytes : & mut [ u8 ] ) -> & mut Self {
64+ // SAFETY: The caller must guarantee that bytes.len() < 2^32.
65+ // If that is the case the conversion is sound because &mut [u8] and &mut PushBytes
66+ // have the same layout (because of #[repr(transparent)] on PushBytes).
6167 & mut * ( bytes as * mut [ u8 ] as * mut PushBytes )
6268 }
6369
64- /// Creates an empty `PushBytes`.
70+ /// Creates an empty `& PushBytes`.
6571pub fn empty ( ) -> & ' static Self {
66- // 0 < LIMIT
72+ // SAFETY: 0 < 2^32.
6773 unsafe { Self :: from_slice_unchecked ( & [ ] ) }
6874 }
6975
7076 /// Returns the underlying bytes.
7177pub fn as_bytes ( & self ) -> & [ u8 ] { & self . 0 }
7278
73- /// Returns the underlying mutbale bytes.
79+ /// Returns the underlying mutable bytes.
7480pub fn as_mut_bytes ( & mut self ) -> & mut [ u8 ] { & mut self . 0 }
7581 }
7682
7783 macro_rules! delegate_index {
7884 ( $( $type: ty) ,* $( , ) ?) => {
7985 $(
80- /// Script subslicing operation - read [slicing safety](#slicing-safety)!
8186 impl Index <$type> for PushBytes {
8287 type Output = Self ;
8388
8489 #[ inline]
8590 #[ track_caller]
8691 fn index( & self , index: $type) -> & Self :: Output {
87- // Slicing can not make slices longer
92+ // SAFETY: Slicing can not make slices longer.
8893 unsafe {
8994 Self :: from_slice_unchecked( & self . 0 [ index] )
9095 }
@@ -117,7 +122,7 @@ mod primitive {
117122
118123 fn try_from ( bytes : & ' a [ u8 ] ) -> Result < Self , Self :: Error > {
119124 check_limit ( bytes. len ( ) ) ?;
120- // We've just checked the length
125+ // SAFETY: We've just checked the length.
121126 Ok ( unsafe { PushBytes :: from_slice_unchecked ( bytes) } )
122127 }
123128 }
@@ -127,7 +132,7 @@ mod primitive {
127132
128133 fn try_from ( bytes : & ' a mut [ u8 ] ) -> Result < Self , Self :: Error > {
129134 check_limit ( bytes. len ( ) ) ?;
130- // We've just checked the length
135+ // SAFETY: We've just checked the length.
131136 Ok ( unsafe { PushBytes :: from_mut_slice_unchecked ( bytes) } )
132137 }
133138 }
@@ -139,15 +144,15 @@ mod primitive {
139144 fn from( bytes: & ' a [ u8 ; $len] ) -> Self {
140145 // Check that the macro wasn't called with a wrong number.
141146 const _: ( ) = [ ( ) ; 1 ] [ ( $len >= 0x100000000u64 ) as usize ] ;
142- // We know the size of array statically and we checked macro input.
147+ // SAFETY: We know the size of array statically and we checked macro input.
143148 unsafe { PushBytes :: from_slice_unchecked( bytes) }
144149 }
145150 }
146151
147152 impl <' a> From <& ' a mut [ u8 ; $len] > for & ' a mut PushBytes {
148153 fn from( bytes: & ' a mut [ u8 ; $len] ) -> Self {
149154 // Macro check already above, no need to duplicate.
150- // We know the size of array statically and we checked macro input.
155+ // SAFETY: We know the size of array statically and we checked macro input.
151156 unsafe { PushBytes :: from_mut_slice_unchecked( bytes) }
152157 }
153158 }
0 commit comments