stdlib: opt out of stack protection in places where there can't be buffer overflows.

We trust the internal implementation of the stdlib to not cause any unintentional buffer overflows.
In such cases we can use the "unprotected" address-to-pointer conversions.
This avoids inserting stack protections where it's not needed.

Author: eeckstein

stdlib/public/core/AnyHashable.swift

@@ -159,9 +159,10 @@ public struct AnyHashable {
     }
 
     self.init(_box: _ConcreteHashableBox(false)) // Dummy value
+    let ptr = UnsafeMutablePointer<AnyHashable>(Builtin.unprotectedAddressOf(&self))
     _makeAnyHashableUpcastingToHashableBaseType(
       base,
-      storingResultInto: &self)
+      storingResultInto: ptr)
   }
 
   internal init<H: Hashable>(_usingDefaultRepresentationOf base: H) {

stdlib/public/core/FloatingPointParsing.swift.gyb

@@ -169,7 +169,7 @@ extension ${Self}: LosslessStringConvertible {
       self.init(Substring(text))
     } else {
       self = 0.0
-      let success = withUnsafeMutablePointer(to: &self) { p -> Bool in
+      let success = _withUnprotectedUnsafeMutablePointer(to: &self) { p -> Bool in
         text.withCString { chars -> Bool in
           switch chars[0] {
           case 9, 10, 11, 12, 13, 32:
@@ -198,7 +198,7 @@ extension ${Self}: LosslessStringConvertible {
   @available(SwiftStdlib 5.3, *)
   public init?(_ text: Substring) {
     self = 0.0
-    let success = withUnsafeMutablePointer(to: &self) { p -> Bool in
+    let success = _withUnprotectedUnsafeMutablePointer(to: &self) { p -> Bool in
       text.withCString { chars -> Bool in
         switch chars[0] {
         case 9, 10, 11, 12, 13, 32:

stdlib/public/core/KeyPath.swift

@@ -1951,7 +1951,8 @@ func _modifyAtWritableKeyPath_impl<Root, Value>(
       keyPath: _unsafeUncheckedDowncast(keyPath,
         to: ReferenceWritableKeyPath<Root, Value>.self))
   }
-  return keyPath._projectMutableAddress(from: &root)
+  let ptr = UnsafePointer<Root>(Builtin.unprotectedAddressOf(&root))
+  return keyPath._projectMutableAddress(from: ptr)
 }
 
 // The release that ends the access scope is guaranteed to happen
@@ -1980,7 +1981,8 @@ func _setAtWritableKeyPath<Root, Value>(
       value: value)
   }
   // TODO: we should be able to do this more efficiently than projecting.
-  let (addr, owner) = keyPath._projectMutableAddress(from: &root)
+  let ptr = UnsafePointer<Root>(Builtin.unprotectedAddressOf(&root))
+  let (addr, owner) = keyPath._projectMutableAddress(from: ptr)
   addr.pointee = value
   _fixLifetime(owner)
   // FIXME: this needs a deallocation barrier to ensure that the
@@ -3277,7 +3279,7 @@ internal struct InstantiateKeyPathBuffer: KeyPathPatternVisitor {
     _internalInvariant(_isPOD(T.self))
     let size = MemoryLayout<T>.size
     let (baseAddress, misalign) = adjustDestForAlignment(of: T.self)
-    withUnsafeBytes(of: value) {
+    _withUnprotectedUnsafeBytes(of: value) {
       _memcpy(dest: baseAddress, src: $0.baseAddress.unsafelyUnwrapped,
               size: UInt(size))
     }

stdlib/public/core/MutableCollection.swift

@@ -488,8 +488,8 @@ extension MutableCollection {
 public func swap<T>(_ a: inout T, _ b: inout T) {
   // Semantically equivalent to (a, b) = (b, a).
   // Microoptimized to avoid retain/release traffic.
-  let p1 = Builtin.addressof(&a)
-  let p2 = Builtin.addressof(&b)
+  let p1 = Builtin.unprotectedAddressOf(&a)
+  let p2 = Builtin.unprotectedAddressOf(&b)
   _debugPrecondition(
     p1 != p2,
     "swapping a location with itself is not supported")

stdlib/public/core/Random.swift

@@ -158,7 +158,8 @@ public struct SystemRandomNumberGenerator: RandomNumberGenerator, Sendable {
   @inlinable
   public mutating func next() -> UInt64 {
     var random: UInt64 = 0
-    swift_stdlib_random(&random, MemoryLayout<UInt64>.size)
+    let ptr = UnsafeMutablePointer<UInt64>(Builtin.unprotectedAddressOf(&random))
+    swift_stdlib_random(ptr, MemoryLayout<UInt64>.size)
     return random
   }
 }

stdlib/public/core/SmallString.swift

@@ -221,7 +221,7 @@ extension _SmallString {
   ) rethrows -> Result {
     let count = self.count
     var raw = self.zeroTerminatedRawCodeUnits
-    return try Swift.withUnsafeBytes(of: &raw) {
+    return try Swift._withUnprotectedUnsafeBytes(of: &raw) {
       let rawPtr = $0.baseAddress._unsafelyUnwrappedUnchecked
       // Rebind the underlying (UInt64, UInt64) tuple to UInt8 for the
       // duration of the closure. Accessing self after this rebind is undefined.

stdlib/public/core/StringSwitch.swift

@@ -68,23 +68,20 @@ func _findStringSwitchCaseWithCache(
   string: String,
   cache: inout _OpaqueStringSwitchCache) -> Int {
 
-  return withUnsafeMutableBytes(of: &cache) {
-    (bufPtr: UnsafeMutableRawBufferPointer) -> Int in
-
-    let oncePtr = bufPtr.baseAddress!
-    let cacheRawPtr = oncePtr + MemoryLayout<Builtin.Word>.stride
-    let cachePtr = cacheRawPtr.bindMemory(to: _StringSwitchCache.self, capacity: 1)
-    var context = _StringSwitchContext(cases: cases, cachePtr: cachePtr)
-    withUnsafeMutablePointer(to: &context) { (context) -> () in
-      Builtin.onceWithContext(oncePtr._rawValue, _createStringTableCache,
-                              context._rawValue)
-    }
-    let cache = cachePtr.pointee;
-    if let idx = cache[string] {
-      return idx
-    }
-    return -1
+  let ptr = UnsafeMutableRawPointer(Builtin.unprotectedAddressOf(&cache))
+  let oncePtr = ptr
+  let cacheRawPtr = oncePtr + MemoryLayout<Builtin.Word>.stride
+  let cachePtr = cacheRawPtr.bindMemory(to: _StringSwitchCache.self, capacity: 1)
+  var context = _StringSwitchContext(cases: cases, cachePtr: cachePtr)
+  withUnsafeMutablePointer(to: &context) { (context) -> () in
+    Builtin.onceWithContext(oncePtr._rawValue, _createStringTableCache,
+                            context._rawValue)
+  }
+  let cache = cachePtr.pointee;
+  if let idx = cache[string] {
+    return idx
   }
+  return -1
 }
 
 /// Builds the string switch case.

stdlib/public/core/UnicodeScalar.swift

@@ -524,7 +524,7 @@ extension Unicode.Scalar {
 
     // The first code unit is in the least significant byte of codeUnits.
     codeUnits = codeUnits.littleEndian
-    return try Swift.withUnsafePointer(to: &codeUnits) {
+    return try Swift._withUnprotectedUnsafePointer(to: &codeUnits) {
       return try $0.withMemoryRebound(to: UInt8.self, capacity: 4) {
         return try body(UnsafeBufferPointer(start: $0, count: utf8Count))
       }

stdlib/public/core/VarArgs.swift

@@ -216,7 +216,7 @@ public func _encodeBitsAsWords<T>(_ x: T) -> [Int] {
   var tmp = x
   // FIXME: use UnsafeMutablePointer.assign(from:) instead of memcpy.
   _memcpy(dest: UnsafeMutablePointer(result._baseAddressIfContiguous!),
-          src: UnsafeMutablePointer(Builtin.addressof(&tmp)),
+          src: UnsafeMutablePointer(Builtin.unprotectedAddressOf(&tmp)),
           size: UInt(MemoryLayout<T>.size))
   return result
 }