Merge pull request RustPython#3092 from youknowone/str-safe

Fix PyStr operations to be safe

Author: youknowone

Cargo.lock

@@ -132,7 +132,11 @@ fn bench_rustpy_code(group: &mut BenchmarkGroup<WallTime>, bench: &MicroBenchmar
             if let Some(idx) = iterations {
                 scope
                     .locals
-                    .set_item(vm.ctx.new_ascii_str(b"ITERATIONS"), vm.ctx.new_int(idx), vm)
+                    .set_item(
+                        vm.ctx.new_ascii_literal(crate::utils::ascii!("ITERATIONS")),
+                        vm.ctx.new_int(idx),
+                        vm,
+                    )
                     .expect("Error adding ITERATIONS local variable");
             }
             let setup_result = vm.run_code_obj(setup_code.clone(), scope.clone());

benches/microbenchmarks.rs

@@ -113,6 +113,7 @@ flame = { version = "0.2", optional = true }
 flamer = { version = "0.4", optional = true }
 
 rustpython-common = { path = "../common" }
+ascii = "1.0.0"
 
 [target.'cfg(unix)'.dependencies]
 exitcode = "1.1.2"

vm/Cargo.toml

@@ -364,7 +364,9 @@ impl PyDict {
         if let Some((key, value)) = self.entries.pop_back() {
             Ok(vm.ctx.new_tuple(vec![key, value]))
         } else {
-            let err_msg = vm.ctx.new_ascii_str(b"popitem(): dictionary is empty");
+            let err_msg = vm
+                .ctx
+                .new_ascii_literal(crate::utils::ascii!("popitem(): dictionary is empty"));
             Err(vm.new_key_error(err_msg))
         }
     }

vm/src/builtins/dict.rs

@@ -113,14 +113,6 @@ where
         s.as_ref().to_owned().into()
     }
 }
-impl<T> From<(&T, PyStrKind)> for PyStr
-where
-    T: AsRef<[u8]> + ?Sized,
-{
-    fn from((s, k): (&T, PyStrKind)) -> PyStr {
-        (s.as_ref().to_owned().into_boxed_slice(), k).into()
-    }
-}
 
 impl From<String> for PyStr {
     fn from(s: String) -> PyStr {
@@ -134,10 +126,7 @@ impl From<Box<str>> for PyStr {
         // doing the check is ~10x faster for ascii, and is actually only 2% slower worst case for
         // non-ascii; see https://github.com/RustPython/RustPython/pull/2586#issuecomment-844611532
         let is_ascii = value.is_ascii();
-        let bytes = unsafe {
-            // SAFETY: Box<str> and Box<[u8]> have same layout
-            Box::from_raw(Box::into_raw(value) as _)
-        };
+        let bytes = value.into_boxed_bytes();
         let kind = if is_ascii {
             PyStrKind::Ascii
         } else {
@@ -152,24 +141,6 @@ impl From<Box<str>> for PyStr {
     }
 }
 
-impl From<(Vec<u8>, PyStrKind)> for PyStr {
-    fn from((s, kind): (Vec<u8>, PyStrKind)) -> PyStr {
-        (s.into_boxed_slice(), kind).into()
-    }
-}
-
-impl From<(Box<[u8]>, PyStrKind)> for PyStr {
-    fn from((bytes, kind): (Box<[u8]>, PyStrKind)) -> PyStr {
-        let s = Self {
-            bytes,
-            kind: kind.new_data(),
-            hash: Radium::new(hash::SENTINEL),
-        };
-        debug_assert!(matches!(s.kind, PyStrKindData::Ascii) || !s.as_str().is_ascii());
-        s
-    }
-}
-
 pub type PyStrRef = PyRef<PyStr>;
 
 impl fmt::Display for PyStr {
@@ -241,7 +212,11 @@ impl PyStrIterator {
     fn reduce(&self, vm: &VirtualMachine) -> PyResult {
         let iter = vm.get_attribute(vm.builtins.clone(), "iter")?;
         Ok(vm.ctx.new_tuple(match self.status.load() {
-            Exhausted => vec![iter, vm.ctx.new_tuple(vec![vm.ctx.new_ascii_str(b"")])],
+            Exhausted => vec![
+                iter,
+                vm.ctx
+                    .new_tuple(vec![vm.ctx.new_ascii_literal(crate::utils::ascii!(""))]),
+            ],
             Active => vec![
                 iter,
                 vm.ctx.new_tuple(vec![self.string.clone().into_object()]),
@@ -322,13 +297,20 @@ impl SlotConstructor for PyStr {
 }
 
 impl PyStr {
-    /// SAFETY: Given 's' must be valid data for given 'kind'
-    unsafe fn new_str_unchecked(s: String, kind: PyStrKind) -> Self {
-        Self {
-            bytes: Box::from_raw(Box::into_raw(s.into_boxed_str()) as _),
+    /// SAFETY: Given 'bytes' must be valid data for given 'kind'
+    pub(crate) unsafe fn new_str_unchecked(bytes: Vec<u8>, kind: PyStrKind) -> Self {
+        let s = Self {
+            bytes: bytes.into_boxed_slice(),
             kind: kind.new_data(),
             hash: Radium::new(hash::SENTINEL),
-        }
+        };
+        debug_assert!(matches!(s.kind, PyStrKindData::Ascii) || !s.as_str().is_ascii());
+        s
+    }
+
+    /// SAFETY: Given 'bytes' must be ascii
+    unsafe fn new_ascii_unchecked(bytes: Vec<u8>) -> Self {
+        Self::new_str_unchecked(bytes, PyStrKind::Ascii)
     }
 
     fn new_substr(&self, s: String) -> Self {
@@ -338,8 +320,8 @@ impl PyStr {
             PyStrKind::Utf8
         };
         unsafe {
-            // SAFETY: kind is safely calculated for substring
-            Self::new_str_unchecked(s, kind)
+            // SAFETY: kind is properly decided for substring
+            Self::new_str_unchecked(s.into_bytes(), kind)
         }
     }
 
@@ -367,11 +349,11 @@ impl PyStr {
     #[pymethod(magic)]
     fn add(zelf: PyRef<Self>, other: PyObjectRef, vm: &VirtualMachine) -> PyResult {
         if let Some(other) = other.payload::<PyStr>() {
-            let kind = zelf.kind.kind() | other.kind.kind();
             let bytes = zelf.as_str().py_add(other.as_ref());
             Ok(unsafe {
-                // SAFETY: safe kind operation
-                Self::new_str_unchecked(bytes, kind)
+                // SAFETY: `kind` is safely decided
+                let kind = zelf.kind.kind() | other.kind.kind();
+                Self::new_str_unchecked(bytes.into_bytes(), kind)
             }
             .into_pyobject(vm))
         } else if let Some(radd) = vm.get_method(other.clone(), "__radd__") {
@@ -625,18 +607,23 @@ impl PyStr {
                 |v, s, vm| {
                     v.as_bytes()
                         .split_str(s)
-                        .map(|s| vm.ctx.new_ascii_str(s))
+                        .map(|s| {
+                            unsafe { PyStr::new_ascii_unchecked(s.to_owned()) }.into_pyobject(vm)
+                        })
                         .collect()
                 },
                 |v, s, n, vm| {
                     v.as_bytes()
                         .splitn_str(n, s)
-                        .map(|s| vm.ctx.new_ascii_str(s))
+                        .map(|s| {
+                            unsafe { PyStr::new_ascii_unchecked(s.to_owned()) }.into_pyobject(vm)
+                        })
                         .collect()
                 },
                 |v, n, vm| {
-                    v.as_bytes()
-                        .py_split_whitespace(n, |s| vm.ctx.new_ascii_str(s))
+                    v.as_bytes().py_split_whitespace(n, |s| {
+                        unsafe { PyStr::new_ascii_unchecked(s.to_owned()) }.into_pyobject(vm)
+                    })
                 },
             ),
             PyStrKind::Utf8 => self.as_str().py_split(
@@ -993,7 +980,7 @@ impl PyStr {
             if has_mid {
                 sep.into_object()
             } else {
-                vm.ctx.new_ascii_str(b"")
+                vm.ctx.new_ascii_literal(crate::utils::ascii!(""))
             },
             self.new_substr(back),
         )
@@ -1012,7 +999,7 @@ impl PyStr {
             if has_mid {
                 sep.into_object()
             } else {
-                vm.ctx.new_ascii_str(b"")
+                vm.ctx.new_ascii_literal(crate::utils::ascii!(""))
             },
             self.new_substr(back),
         )
@@ -1410,8 +1397,10 @@ impl PySliceableSequence for PyStr {
             // this is an ascii string
             let mut v = self.bytes[range].to_vec();
             v.reverse();
-            // TODO: from_utf8_unchecked?
-            String::from_utf8(v).unwrap()
+            unsafe {
+                // SAFETY: an ascii string is always utf8
+                String::from_utf8_unchecked(v)
+            }
         } else {
             let mut s = String::with_capacity(self.bytes.len());
             s.extend(
@@ -1556,7 +1545,11 @@ mod tests {
             table.set_item("a", vm.ctx.new_utf8_str("🎅"), &vm).unwrap();
             table.set_item("b", vm.ctx.none(), &vm).unwrap();
             table
-                .set_item("c", vm.ctx.new_ascii_str(b"xda"), &vm)
+                .set_item(
+                    "c",
+                    vm.ctx.new_ascii_literal(crate::utils::ascii!("xda")),
+                    &vm,
+                )
                 .unwrap();
             let translated = PyStr::maketrans(
                 table.into_object(),

vm/src/builtins/pystr.rs

@@ -344,7 +344,7 @@ impl PyType {
                     Some(found)
                 }
             })
-            .unwrap_or_else(|| vm.ctx.new_ascii_str(b"builtins"))
+            .unwrap_or_else(|| vm.ctx.new_ascii_literal(crate::utils::ascii!("builtins")))
     }
 
     #[pyproperty(magic, setter)]

vm/src/builtins/pytype.rs

@@ -236,7 +236,9 @@ impl PySetInner {
         if let Some((key, _)) = self.content.pop_back() {
             Ok(key)
         } else {
-            let err_msg = vm.ctx.new_ascii_str(b"pop from an empty set");
+            let err_msg = vm
+                .ctx
+                .new_ascii_literal(crate::utils::ascii!("pop from an empty set"));
             Err(vm.new_key_error(err_msg))
         }
     }

vm/src/builtins/set.rs

@@ -367,7 +367,10 @@ fn strict_errors(err: PyObjectRef, vm: &VirtualMachine) -> PyResult {
 fn ignore_errors(err: PyObjectRef, vm: &VirtualMachine) -> PyResult<(PyObjectRef, usize)> {
     if is_encode_ish_err(&err, vm) || is_decode_err(&err, vm) {
         let range = extract_unicode_error_range(&err, vm)?;
-        Ok((vm.ctx.new_ascii_str(b""), range.end))
+        Ok((
+            vm.ctx.new_ascii_literal(crate::utils::ascii!("")),
+            range.end,
+        ))
     } else {
         Err(bad_err_type(err, vm))
     }

vm/src/codecs.rs

@@ -775,12 +775,12 @@ mod tests {
             assert_eq!(0, dict.len());
 
             let key1 = vm.ctx.new_bool(true);
-            let value1 = vm.ctx.new_ascii_str(b"abc");
+            let value1 = vm.ctx.new_ascii_literal(crate::utils::ascii!("abc"));
             dict.insert(&vm, key1.clone(), value1.clone()).unwrap();
             assert_eq!(1, dict.len());
 
-            let key2 = vm.ctx.new_ascii_str(b"x");
-            let value2 = vm.ctx.new_ascii_str(b"def");
+            let key2 = vm.ctx.new_ascii_literal(crate::utils::ascii!("x"));
+            let value2 = vm.ctx.new_ascii_literal(crate::utils::ascii!("def"));
             dict.insert(&vm, key2.clone(), value2.clone()).unwrap();
             assert_eq!(2, dict.len());
 

vm/src/dictdatatype.rs

@@ -65,7 +65,9 @@ pub fn file_readline(obj: &PyObjectRef, size: Option<usize>, vm: &VirtualMachine
     let eof_err = || {
         vm.new_exception(
             vm.ctx.exceptions.eof_error.clone(),
-            vec![vm.ctx.new_ascii_str(b"EOF when reading a line")],
+            vec![vm
+                .ctx
+                .new_ascii_literal(crate::utils::ascii!("EOF when reading a line"))],
         )
     };
     let ret = match_class!(match ret {