document one more stray unsafe

author: iximeow <me@iximeow.net> 2024-06-24 15:21:56 -0700
committer: iximeow <me@iximeow.net> 2024-06-24 15:24:01 -0700
commit: 24b33d5fdc9513c1b46e99b526d21e0a7b5eea38 (patch)
tree: ef002c3ca42199e6ec49ce16f78bc1ec7afd8a9a
parent: 6a5ea107475284756070614a566970fbb383c4e6 (diff)
3 files changed, 18 insertions, 12 deletions
diff --git a/src/long_mode/display.rs b/src/long_mode/display.rs
index 89d952b..b9023ed 100644
--- a/src/long_mode/display.rs
+++ b/src/long_mode/display.rs
@@ -9,6 +9,7 @@ use crate::long_mode::{RegSpec, Opcode, Operand, MergeMode, InstDecoder, Instruc
 
 use yaxpeax_arch::display::DisplaySink;
 use yaxpeax_arch::safer_unchecked::GetSaferUnchecked as _;
+use yaxpeax_arch::safer_unchecked::unreachable_kinda_unchecked as unreachable_unchecked;
 
 trait DisplaySinkExt {
     // `write_opcode` depends on all mnemonics being less than 32 bytes long. check that here, at
@@ -3693,15 +3694,16 @@ pub(crate) fn contextualize_intel<T: DisplaySink>(instr: &Instruction, out: &mut
             // don't worry about checking for `instr.operands[i] != Nothing`, it would be a bug to
             // reach that while iterating only to `operand_count`..
             out.write_fixed_size(", ")?;
+            // hint that accessing `inster.operands[i]` can't panic: this is useful for
+            // `instr.operands` and the segment selector check after.
             if i >= 4 {
-                unsafe { core::hint::unreachable_unchecked(); }
+                // Safety: Instruction::operands is a four-element array; operand_count is always
+                // low enough that 0..operand_count is a valid index.
+                unsafe { unreachable_unchecked(); }
             }
 
             if instr.operands[i as usize].is_memory() {
                 out.write_mem_size_label(instr.mem_size)?;
-                if i >= 4 {
-                    unsafe { core::hint::unreachable_unchecked(); }
-                }
                 if let Some(prefix) = instr.segment_override_for_op(i) {
                     let name = prefix.name();
                     out.write_char(' ')?;
diff --git a/src/protected_mode/display.rs b/src/protected_mode/display.rs
index 321b5b5..8124337 100644
--- a/src/protected_mode/display.rs
+++ b/src/protected_mode/display.rs
@@ -9,6 +9,7 @@ use crate::protected_mode::{RegSpec, Opcode, Operand, MergeMode, InstDecoder, In
 
 use yaxpeax_arch::display::DisplaySink;
 use yaxpeax_arch::safer_unchecked::GetSaferUnchecked as _;
+use yaxpeax_arch::safer_unchecked::unreachable_kinda_unchecked as unreachable_unchecked;
 
 trait DisplaySinkExt {
     // `write_opcode` depends on all mnemonics being less than 32 bytes long. check that here, at
@@ -2249,15 +2250,16 @@ pub(crate) fn contextualize_intel<T: DisplaySink>(instr: &Instruction, out: &mut
             // don't worry about checking for `instr.operands[i] != Nothing`, it would be a bug to
             // reach that while iterating only to `operand_count`..
             out.write_fixed_size(", ")?;
+            // hint that accessing `inster.operands[i]` can't panic: this is useful for
+            // `instr.operands` and the segment selector check after.
             if i >= 4 {
-                unsafe { core::hint::unreachable_unchecked(); }
+                // Safety: Instruction::operands is a four-element array; operand_count is always
+                // low enough that 0..operand_count is a valid index.
+                unsafe { unreachable_unchecked(); }
             }
 
             if instr.operands[i as usize].is_memory() {
                 out.write_mem_size_label(instr.mem_size)?;
-                if i >= 4 {
-                    unsafe { core::hint::unreachable_unchecked(); }
-                }
                 if let Some(prefix) = instr.segment_override_for_op(i) {
                     let name = prefix.name();
                     out.write_char(' ')?;
diff --git a/src/real_mode/display.rs b/src/real_mode/display.rs
index 669b8d7..9607e9d 100644
--- a/src/real_mode/display.rs
+++ b/src/real_mode/display.rs
@@ -9,6 +9,7 @@ use crate::real_mode::{RegSpec, Opcode, Operand, MergeMode, InstDecoder, Instruc
 
 use yaxpeax_arch::display::DisplaySink;
 use yaxpeax_arch::safer_unchecked::GetSaferUnchecked as _;
+use yaxpeax_arch::safer_unchecked::unreachable_kinda_unchecked as unreachable_unchecked;
 
 trait DisplaySinkExt {
     // `write_opcode` depends on all mnemonics being less than 32 bytes long. check that here, at
@@ -2251,15 +2252,16 @@ pub(crate) fn contextualize_intel<T: DisplaySink>(instr: &Instruction, out: &mut
             // don't worry about checking for `instr.operands[i] != Nothing`, it would be a bug to
             // reach that while iterating only to `operand_count`..
             out.write_fixed_size(", ")?;
+            // hint that accessing `inster.operands[i]` can't panic: this is useful for
+            // `instr.operands` and the segment selector check after.
             if i >= 4 {
-                unsafe { core::hint::unreachable_unchecked(); }
+                // Safety: Instruction::operands is a four-element array; operand_count is always
+                // low enough that 0..operand_count is a valid index.
+                unsafe { unreachable_unchecked(); }
             }
 
             if instr.operands[i as usize].is_memory() {
                 out.write_mem_size_label(instr.mem_size)?;
-                if i >= 4 {
-                    unsafe { core::hint::unreachable_unchecked(); }
-                }
                 if let Some(prefix) = instr.segment_override_for_op(i) {
                     let name = prefix.name();
                     out.write_char(' ')?;
author	iximeow <me@iximeow.net>	2024-06-24 15:21:56 -0700
committer	iximeow <me@iximeow.net>	2024-06-24 15:24:01 -0700
commit	24b33d5fdc9513c1b46e99b526d21e0a7b5eea38 (patch)
tree	ef002c3ca42199e6ec49ce16f78bc1ec7afd8a9a
parent	6a5ea107475284756070614a566970fbb383c4e6 (diff)