// This file is part of ICU4X. For terms of use, please see the file // called LICENSE at the top level of the ICU4X source tree // (online at: https://github.com/unicode-org/icu4x/blob/main/LICENSE ). use super::VarZeroVecFormatError; use crate::ule::*; use core::cmp::Ordering; use core::convert::TryFrom; use core::marker::PhantomData; use core::mem; use core::ops::Range; /// This trait allows switching between different possible internal /// representations of VarZeroVec. /// /// Currently this crate supports three formats: [`Index8`], [`Index16`] and [`Index32`], /// with [`Index16`] being the default for all [`VarZeroVec`](super::VarZeroVec) /// types unless explicitly specified otherwise. /// /// Do not implement this trait, its internals may be changed in the future, /// and all of its associated items are hidden from the docs. pub trait VarZeroVecFormat: 'static + Sized { /// The type to use for the indexing array /// /// Safety: must be a ULE for which all byte sequences are allowed #[doc(hidden)] type Index: IntegerULE; /// The type to use for the length segment /// /// Safety: must be a ULE for which all byte sequences are allowed #[doc(hidden)] type Len: IntegerULE; } /// This trait represents various ULE types that can be used to represent an integer /// /// Do not implement this trait, its internals may be changed in the future, /// and all of its associated items are hidden from the docs. #[allow(clippy::missing_safety_doc)] // no safety section for you, don't implement this trait period #[doc(hidden)] pub unsafe trait IntegerULE: ULE { /// The error to show when unable to construct a vec #[doc(hidden)] const TOO_LARGE_ERROR: &'static str; /// Safety: must be sizeof(self) #[doc(hidden)] const SIZE: usize; /// Safety: must be maximum integral value represented here #[doc(hidden)] const MAX_VALUE: u32; /// Safety: Must roundtrip with from_usize and represent the correct /// integral value #[doc(hidden)] fn iule_to_usize(self) -> usize; #[doc(hidden)] fn iule_from_usize(x: usize) -> Option; /// Safety: Should always convert a buffer into an array of Self with the correct length #[doc(hidden)] #[cfg(feature = "alloc")] fn iule_from_bytes_unchecked_mut(bytes: &mut [u8]) -> &mut [Self]; } /// This is a [`VarZeroVecFormat`] that stores u8s in the index array, and a u8 for a length. /// /// Will have a smaller data size, but it's *extremely* likely for larger arrays /// to be unrepresentable (and error on construction). Should probably be used /// for known-small arrays, where all but the last field are known-small. #[derive(Copy, Clone, Debug, Hash, PartialEq, Eq, PartialOrd, Ord)] #[allow(clippy::exhaustive_structs)] // marker pub struct Index8; /// This is a [`VarZeroVecFormat`] that stores u16s in the index array, and a u16 for a length. /// /// Will have a smaller data size, but it's more likely for larger arrays /// to be unrepresentable (and error on construction) /// /// This is the default index size used by all [`VarZeroVec`](super::VarZeroVec) types. #[derive(Copy, Clone, Debug, Hash, PartialEq, Eq, PartialOrd, Ord)] #[allow(clippy::exhaustive_structs)] // marker pub struct Index16; /// This is a [`VarZeroVecFormat`] that stores u32s in the index array, and a u32 for a length. /// Will have a larger data size, but will support large arrays without /// problems. #[derive(Copy, Clone, Debug, Hash, PartialEq, Eq, PartialOrd, Ord)] #[allow(clippy::exhaustive_structs)] // marker pub struct Index32; impl VarZeroVecFormat for Index8 { type Index = u8; type Len = u8; } impl VarZeroVecFormat for Index16 { type Index = RawBytesULE<2>; type Len = RawBytesULE<2>; } impl VarZeroVecFormat for Index32 { type Index = RawBytesULE<4>; type Len = RawBytesULE<4>; } unsafe impl IntegerULE for u8 { const TOO_LARGE_ERROR: &'static str = "Attempted to build VarZeroVec out of elements that \ cumulatively are larger than a u8 in size"; const SIZE: usize = mem::size_of::(); const MAX_VALUE: u32 = u8::MAX as u32; #[inline] fn iule_to_usize(self) -> usize { self as usize } #[inline] fn iule_from_usize(u: usize) -> Option { u8::try_from(u).ok() } #[inline] #[cfg(feature = "alloc")] fn iule_from_bytes_unchecked_mut(bytes: &mut [u8]) -> &mut [Self] { bytes } } unsafe impl IntegerULE for RawBytesULE<2> { const TOO_LARGE_ERROR: &'static str = "Attempted to build VarZeroVec out of elements that \ cumulatively are larger than a u16 in size"; const SIZE: usize = mem::size_of::(); const MAX_VALUE: u32 = u16::MAX as u32; #[inline] fn iule_to_usize(self) -> usize { self.as_unsigned_int() as usize } #[inline] fn iule_from_usize(u: usize) -> Option { u16::try_from(u).ok().map(u16::to_unaligned) } #[inline] #[cfg(feature = "alloc")] fn iule_from_bytes_unchecked_mut(bytes: &mut [u8]) -> &mut [Self] { Self::from_bytes_unchecked_mut(bytes) } } unsafe impl IntegerULE for RawBytesULE<4> { const TOO_LARGE_ERROR: &'static str = "Attempted to build VarZeroVec out of elements that \ cumulatively are larger than a u32 in size"; const SIZE: usize = mem::size_of::(); const MAX_VALUE: u32 = u32::MAX; #[inline] fn iule_to_usize(self) -> usize { self.as_unsigned_int() as usize } #[inline] fn iule_from_usize(u: usize) -> Option { u32::try_from(u).ok().map(u32::to_unaligned) } #[inline] #[cfg(feature = "alloc")] fn iule_from_bytes_unchecked_mut(bytes: &mut [u8]) -> &mut [Self] { Self::from_bytes_unchecked_mut(bytes) } } /// A more parsed version of `VarZeroSlice`. This type is where most of the VarZeroVec /// internal representation code lies. /// /// This is *basically* an `&'a [u8]` to a zero copy buffer, but split out into /// the buffer components. Logically this is capable of behaving as /// a `&'a [T::VarULE]`, but since `T::VarULE` is unsized that type does not actually /// exist. /// /// See [`VarZeroVecComponents::parse_bytes()`] for information on the internal invariants involved #[derive(Debug)] pub struct VarZeroVecComponents<'a, T: ?Sized, F> { /// The number of elements len: u32, /// The list of indices into the `things` slice /// Since the first element is always at things[0], the first element of the indices array is for the *second* element indices: &'a [u8], /// The contiguous list of `T::VarULE`s things: &'a [u8], marker: PhantomData<(&'a T, F)>, } // #[derive()] won't work here since we do not want it to be // bound on T: Copy impl<'a, T: ?Sized, F> Copy for VarZeroVecComponents<'a, T, F> {} impl<'a, T: ?Sized, F> Clone for VarZeroVecComponents<'a, T, F> { fn clone(&self) -> Self { *self } } impl<'a, T: VarULE + ?Sized, F> Default for VarZeroVecComponents<'a, T, F> { #[inline] fn default() -> Self { Self::new() } } impl<'a, T: VarULE + ?Sized, F> VarZeroVecComponents<'a, T, F> { #[inline] pub fn new() -> Self { Self { len: 0, indices: &[], things: &[], marker: PhantomData, } } } impl<'a, T: VarULE + ?Sized, F: VarZeroVecFormat> VarZeroVecComponents<'a, T, F> { /// Construct a new VarZeroVecComponents, checking invariants about the overall buffer size: /// /// - There must be either zero or at least four bytes (if four, this is the "length" parsed as a usize) /// - There must be at least `4*(length - 1) + 4` bytes total, to form the array `indices` of indices /// - `0..indices[0]` must index into a valid section of /// `things` (the data after `indices`), such that it parses to a `T::VarULE` /// - `indices[i - 1]..indices[i]` must index into a valid section of /// `things` (the data after `indices`), such that it parses to a `T::VarULE` /// - `indices[len - 2]..things.len()` must index into a valid section of /// `things`, such that it parses to a `T::VarULE` #[inline] pub fn parse_bytes(slice: &'a [u8]) -> Result { // The empty VZV is special-cased to the empty slice if slice.is_empty() { return Ok(VarZeroVecComponents { len: 0, indices: &[], things: &[], marker: PhantomData, }); } let len_bytes = slice .get(0..F::Len::SIZE) .ok_or(VarZeroVecFormatError::Metadata)?; let len_ule = F::Len::parse_bytes_to_slice(len_bytes).map_err(|_| VarZeroVecFormatError::Metadata)?; let len = len_ule .first() .ok_or(VarZeroVecFormatError::Metadata)? .iule_to_usize(); let rest = slice .get(F::Len::SIZE..) .ok_or(VarZeroVecFormatError::Metadata)?; let len_u32 = u32::try_from(len).map_err(|_| VarZeroVecFormatError::Metadata); // We pass down the rest of the invariants Self::parse_bytes_with_length(len_u32?, rest) } /// Construct a new VarZeroVecComponents, checking invariants about the overall buffer size: /// /// - There must be at least `4*len` bytes total, to form the array `indices` of indices. /// - `indices[i]..indices[i+1]` must index into a valid section of /// `things` (the data after `indices`), such that it parses to a `T::VarULE` /// - `indices[len - 1]..things.len()` must index into a valid section of /// `things`, such that it parses to a `T::VarULE` #[inline] pub fn parse_bytes_with_length( len: u32, slice: &'a [u8], ) -> Result { let len_minus_one = len.checked_sub(1); // The empty VZV is special-cased to the empty slice let Some(len_minus_one) = len_minus_one else { return Ok(VarZeroVecComponents { len: 0, indices: &[], things: &[], marker: PhantomData, }); }; // The indices array is one element shorter since the first index is always 0, // so we use len_minus_one let indices_bytes = slice .get(..F::Index::SIZE * (len_minus_one as usize)) .ok_or(VarZeroVecFormatError::Metadata)?; let things = slice .get(F::Index::SIZE * (len_minus_one as usize)..) .ok_or(VarZeroVecFormatError::Metadata)?; let borrowed = VarZeroVecComponents { len, indices: indices_bytes, things, marker: PhantomData, }; borrowed.check_indices_and_things()?; Ok(borrowed) } /// Construct a [`VarZeroVecComponents`] from a byte slice that has previously /// successfully returned a [`VarZeroVecComponents`] when passed to /// [`VarZeroVecComponents::parse_bytes()`]. Will return the same /// object as one would get from calling [`VarZeroVecComponents::parse_bytes()`]. /// /// # Safety /// The bytes must have previously successfully run through /// [`VarZeroVecComponents::parse_bytes()`] pub unsafe fn from_bytes_unchecked(slice: &'a [u8]) -> Self { // The empty VZV is special-cased to the empty slice if slice.is_empty() { return VarZeroVecComponents { len: 0, indices: &[], things: &[], marker: PhantomData, }; } let (len_bytes, data_bytes) = unsafe { slice.split_at_unchecked(F::Len::SIZE) }; // Safety: F::Len allows all byte sequences let len_ule = F::Len::slice_from_bytes_unchecked(len_bytes); let len = len_ule.get_unchecked(0).iule_to_usize(); let len_u32 = len as u32; // Safety: This method requires the bytes to have passed through `parse_bytes()` // whereas we're calling something that asks for `parse_bytes_with_length()`. // The two methods perform similar validation, with parse_bytes() validating an additional // 4-byte `length` header. Self::from_bytes_unchecked_with_length(len_u32, data_bytes) } /// Construct a [`VarZeroVecComponents`] from a byte slice that has previously /// successfully returned a [`VarZeroVecComponents`] when passed to /// [`VarZeroVecComponents::parse_bytes()`]. Will return the same /// object as one would get from calling [`VarZeroVecComponents::parse_bytes()`]. /// /// # Safety /// The len,bytes must have previously successfully run through /// [`VarZeroVecComponents::parse_bytes_with_length()`] pub unsafe fn from_bytes_unchecked_with_length(len: u32, slice: &'a [u8]) -> Self { let len_minus_one = len.checked_sub(1); // The empty VZV is special-cased to the empty slice let Some(len_minus_one) = len_minus_one else { return VarZeroVecComponents { len: 0, indices: &[], things: &[], marker: PhantomData, }; }; // The indices array is one element shorter since the first index is always 0, // so we use len_minus_one let indices_bytes = slice.get_unchecked(..F::Index::SIZE * (len_minus_one as usize)); let things = slice.get_unchecked(F::Index::SIZE * (len_minus_one as usize)..); VarZeroVecComponents { len, indices: indices_bytes, things, marker: PhantomData, } } /// Get the number of elements in this vector #[inline] pub fn len(self) -> usize { self.len as usize } /// Returns `true` if the vector contains no elements. #[inline] pub fn is_empty(self) -> bool { self.len == 0 } /// Get the idx'th element out of this slice. Returns `None` if out of bounds. #[inline] pub fn get(self, idx: usize) -> Option<&'a T> { if idx >= self.len() { return None; } Some(unsafe { self.get_unchecked(idx) }) } /// Get the idx'th element out of this slice. Does not bounds check. /// /// Safety: /// - `idx` must be in bounds (`idx < self.len()`) #[inline] pub(crate) unsafe fn get_unchecked(self, idx: usize) -> &'a T { let range = self.get_things_range(idx); let things_slice = self.things.get_unchecked(range); T::from_bytes_unchecked(things_slice) } /// Get the range in `things` for the element at `idx`. Does not bounds check. /// /// Safety: /// - `idx` must be in bounds (`idx < self.len()`) #[inline] pub(crate) unsafe fn get_things_range(self, idx: usize) -> Range { let start = if let Some(idx_minus_one) = idx.checked_sub(1) { self.indices_slice() .get_unchecked(idx_minus_one) .iule_to_usize() } else { 0 }; let end = if idx + 1 == self.len() { self.things.len() } else { self.indices_slice().get_unchecked(idx).iule_to_usize() }; debug_assert!(start <= end); start..end } /// Get the size, in bytes, of the indices array pub(crate) unsafe fn get_indices_size(self) -> usize { self.indices.len() } /// Check the internal invariants of VarZeroVecComponents: /// /// - `indices[i]..indices[i+1]` must index into a valid section of /// `things`, such that it parses to a `T::VarULE` /// - `indices[len - 1]..things.len()` must index into a valid section of /// `things`, such that it parses to a `T::VarULE` /// - `indices` is monotonically increasing /// /// This method is NOT allowed to call any other methods on VarZeroVecComponents since all other methods /// assume that the slice has been passed through check_indices_and_things #[inline] #[allow(clippy::len_zero)] // more explicit to enforce safety invariants fn check_indices_and_things(self) -> Result<(), VarZeroVecFormatError> { if self.len() == 0 { if self.things.len() > 0 { return Err(VarZeroVecFormatError::Metadata); } else { return Ok(()); } } let indices_slice = self.indices_slice(); assert_eq!(self.len(), indices_slice.len() + 1); // Safety: i is in bounds (assertion above) let mut start = 0; for i in 0..self.len() { // The indices array is offset by 1: indices[0] is the end of the first // element and the start of the next, since the start of the first element // is always things[0]. So to get the end we get element `i`. let end = if let Some(end) = indices_slice.get(i) { end.iule_to_usize() } else { // This only happens at i = self.len() - 1 = indices_slice.len() + 1 - 1 // = indices_slice.len(). This is the last `end`, which is always the size of // `things` and thus never stored in the array self.things.len() }; if start > end { return Err(VarZeroVecFormatError::Metadata); } if end > self.things.len() { return Err(VarZeroVecFormatError::Metadata); } // Safety: start..end is a valid range in self.things let bytes = unsafe { self.things.get_unchecked(start..end) }; T::parse_bytes(bytes).map_err(VarZeroVecFormatError::Values)?; start = end; } Ok(()) } /// Create an iterator over the Ts contained in VarZeroVecComponents #[inline] pub fn iter(self) -> VarZeroSliceIter<'a, T, F> { VarZeroSliceIter::new(self) } #[cfg(feature = "alloc")] pub fn to_vec(self) -> alloc::vec::Vec> { self.iter().map(T::to_boxed).collect() } #[inline] fn indices_slice(&self) -> &'a [F::Index] { unsafe { F::Index::slice_from_bytes_unchecked(self.indices) } } // Dump a debuggable representation of this type #[allow(unused)] // useful for debugging #[cfg(feature = "alloc")] pub(crate) fn dump(&self) -> alloc::string::String { let indices = self .indices_slice() .iter() .copied() .map(IntegerULE::iule_to_usize) .collect::>(); alloc::format!("VarZeroVecComponents {{ indices: {indices:?} }}") } } /// An iterator over VarZeroSlice #[derive(Debug)] pub struct VarZeroSliceIter<'a, T: ?Sized, F = Index16> { components: VarZeroVecComponents<'a, T, F>, index: usize, // Safety invariant: must be a valid index into the data segment of `components`, or an index at the end // i.e. start_index <= components.things.len() // // It must be a valid index into the `things` array of components, coming from `components.indices_slice()` start_index: usize, } impl<'a, T: VarULE + ?Sized, F: VarZeroVecFormat> VarZeroSliceIter<'a, T, F> { fn new(c: VarZeroVecComponents<'a, T, F>) -> Self { Self { components: c, index: 0, // Invariant upheld, 0 is always a valid index-or-end start_index: 0, } } } impl<'a, T: VarULE + ?Sized, F: VarZeroVecFormat> Iterator for VarZeroSliceIter<'a, T, F> { type Item = &'a T; fn next(&mut self) -> Option { // Note: the indices array doesn't contain 0 or len, we need to specially handle those edges. The 0 is handled // by start_index, and the len is handled by the code for `end`. if self.index >= self.components.len() { return None; } // Invariant established: self.index is in bounds for self.components.len(), // which means it is in bounds for self.components.indices_slice() since that has the same length let end = if self.index + 1 == self.components.len() { // We don't store the end index since it is computable, so the last element should use self.components.things.len() self.components.things.len() } else { // Safety: self.index was known to be in bounds from the bounds check above. unsafe { self.components .indices_slice() .get_unchecked(self.index) .iule_to_usize() } }; // Invariant established: end has the same invariant as self.start_index since it comes from indices_slice, which is guaranteed // to only contain valid indexes let item = unsafe { // Safety: self.start_index and end both have in-range invariants, plus they are valid indices from indices_slice // which means we can treat this data as a T T::from_bytes_unchecked(self.components.things.get_unchecked(self.start_index..end)) }; self.index += 1; // Invariant upheld: end has the same invariant as self.start_index self.start_index = end; Some(item) } fn size_hint(&self) -> (usize, Option) { let remainder = self.components.len() - self.index; (remainder, Some(remainder)) } } impl<'a, T: VarULE + ?Sized, F: VarZeroVecFormat> ExactSizeIterator for VarZeroSliceIter<'a, T, F> { fn len(&self) -> usize { self.components.len() - self.index } } impl<'a, T, F> VarZeroVecComponents<'a, T, F> where T: VarULE, T: ?Sized, T: Ord, F: VarZeroVecFormat, { /// Binary searches a sorted `VarZeroVecComponents` for the given element. For more information, see /// the primitive function [`binary_search`](slice::binary_search). pub fn binary_search(&self, needle: &T) -> Result { self.binary_search_by(|probe| probe.cmp(needle)) } pub fn binary_search_in_range( &self, needle: &T, range: Range, ) -> Option> { self.binary_search_in_range_by(|probe| probe.cmp(needle), range) } } impl<'a, T, F> VarZeroVecComponents<'a, T, F> where T: VarULE, T: ?Sized, F: VarZeroVecFormat, { /// Binary searches a sorted `VarZeroVecComponents` for the given predicate. For more information, see /// the primitive function [`binary_search_by`](slice::binary_search_by). pub fn binary_search_by(&self, predicate: impl FnMut(&T) -> Ordering) -> Result { // Safety: 0 and len are in range unsafe { self.binary_search_in_range_unchecked(predicate, 0..self.len()) } } // Binary search within a range. // Values returned are relative to the range start! pub fn binary_search_in_range_by( &self, predicate: impl FnMut(&T) -> Ordering, range: Range, ) -> Option> { if range.end > self.len() { return None; } if range.end < range.start { return None; } // Safety: We bounds checked above: end is in-bounds or len, and start is <= end let range_absolute = unsafe { self.binary_search_in_range_unchecked(predicate, range.clone()) }; // The values returned are relative to the range start Some( range_absolute .map(|o| o - range.start) .map_err(|e| e - range.start), ) } /// Safety: range must be in range for the slice (start <= len, end <= len, start <= end) unsafe fn binary_search_in_range_unchecked( &self, mut predicate: impl FnMut(&T) -> Ordering, range: Range, ) -> Result { // Function invariant: size is always end - start let mut start = range.start; let mut end = range.end; let mut size; // Loop invariant: 0 <= start < end <= len // This invariant is initialized by the function safety invariants and the loop condition while start < end { size = end - start; // This establishes mid < end (which implies mid < len) // size is end - start. start + size is end (which is <= len). // mid = start + size/2 will be less than end let mid = start + size / 2; // Safety: mid is < end <= len, so in-range let cmp = predicate(self.get_unchecked(mid)); match cmp { Ordering::Less => { // This retains the loop invariant since it // increments start, and we already have 0 <= start // start < end is enforced by the loop condition start = mid + 1; } Ordering::Greater => { // mid < end, so this decreases end. // This means end <= len is still true, and // end > start is enforced by the loop condition end = mid; } Ordering::Equal => return Ok(mid), } } Err(start) } } /// Collects the bytes for a VarZeroSlice into a Vec. #[cfg(feature = "alloc")] pub fn get_serializable_bytes_non_empty(elements: &[A]) -> Option> where T: VarULE + ?Sized, A: EncodeAsVarULE, F: VarZeroVecFormat, { debug_assert!(!elements.is_empty()); let len = compute_serializable_len::(elements)?; debug_assert!( len >= F::Len::SIZE as u32, "Must have at least F::Len::SIZE bytes to hold the length of the vector" ); let mut output = alloc::vec![0u8; len as usize]; write_serializable_bytes::(elements, &mut output); Some(output) } /// Writes the bytes for a VarZeroLengthlessSlice into an output buffer. /// Usable for a VarZeroSlice if you first write the length bytes. /// /// Every byte in the buffer will be initialized after calling this function. /// /// # Panics /// /// Panics if the buffer is not exactly the correct length. pub fn write_serializable_bytes_without_length(elements: &[A], output: &mut [u8]) where T: VarULE + ?Sized, A: EncodeAsVarULE, F: VarZeroVecFormat, { assert!(elements.len() <= F::Len::MAX_VALUE as usize); if elements.is_empty() { return; } // idx_offset = offset from the start of the buffer for the next index let mut idx_offset: usize = 0; // first_dat_offset = offset from the start of the buffer of the first data block let first_dat_offset: usize = idx_offset + (elements.len() - 1) * F::Index::SIZE; // dat_offset = offset from the start of the buffer of the next data block let mut dat_offset: usize = first_dat_offset; for (i, element) in elements.iter().enumerate() { let element_len = element.encode_var_ule_len(); // The first index is always 0. We don't write it, or update the idx offset. if i != 0 { let idx_limit = idx_offset + F::Index::SIZE; #[allow(clippy::indexing_slicing)] // Function contract allows panicky behavior let idx_slice = &mut output[idx_offset..idx_limit]; // VZV expects data offsets to be stored relative to the first data block let idx = dat_offset - first_dat_offset; assert!(idx <= F::Index::MAX_VALUE as usize); #[allow(clippy::expect_used)] // this function is explicitly panicky let bytes_to_write = F::Index::iule_from_usize(idx).expect(F::Index::TOO_LARGE_ERROR); idx_slice.copy_from_slice(ULE::slice_as_bytes(&[bytes_to_write])); idx_offset = idx_limit; } let dat_limit = dat_offset + element_len; #[allow(clippy::indexing_slicing)] // Function contract allows panicky behavior let dat_slice = &mut output[dat_offset..dat_limit]; element.encode_var_ule_write(dat_slice); debug_assert_eq!(T::validate_bytes(dat_slice), Ok(())); dat_offset = dat_limit; } debug_assert_eq!(idx_offset, F::Index::SIZE * (elements.len() - 1)); assert_eq!(dat_offset, output.len()); } /// Writes the bytes for a VarZeroSlice into an output buffer. /// /// Every byte in the buffer will be initialized after calling this function. /// /// # Panics /// /// Panics if the buffer is not exactly the correct length. pub fn write_serializable_bytes(elements: &[A], output: &mut [u8]) where T: VarULE + ?Sized, A: EncodeAsVarULE, F: VarZeroVecFormat, { if elements.is_empty() { return; } assert!(elements.len() <= F::Len::MAX_VALUE as usize); #[allow(clippy::expect_used)] // This function is explicitly panicky let num_elements_ule = F::Len::iule_from_usize(elements.len()).expect(F::Len::TOO_LARGE_ERROR); #[allow(clippy::indexing_slicing)] // Function contract allows panicky behavior output[0..F::Len::SIZE].copy_from_slice(ULE::slice_as_bytes(&[num_elements_ule])); #[allow(clippy::indexing_slicing)] // Function contract allows panicky behavior write_serializable_bytes_without_length::(elements, &mut output[F::Len::SIZE..]); } pub fn compute_serializable_len_without_length(elements: &[A]) -> Option where T: VarULE + ?Sized, A: EncodeAsVarULE, F: VarZeroVecFormat, { let elements_len = elements.len(); let Some(elements_len_minus_one) = elements_len.checked_sub(1) else { // Empty vec is optimized to an empty byte representation return Some(0); }; let idx_len: u32 = u32::try_from(elements_len_minus_one) .ok()? .checked_mul(F::Index::SIZE as u32)?; let data_len: u32 = elements .iter() .map(|v| u32::try_from(v.encode_var_ule_len()).ok()) .try_fold(0u32, |s, v| s.checked_add(v?))?; let ret = idx_len.checked_add(data_len); if let Some(r) = ret { if r >= F::Index::MAX_VALUE { return None; } } ret } pub fn compute_serializable_len(elements: &[A]) -> Option where T: VarULE + ?Sized, A: EncodeAsVarULE, F: VarZeroVecFormat, { compute_serializable_len_without_length::(elements).map(|x| x + F::Len::SIZE as u32) }