itoa has fast functions for printing integers. It's a dependency of serde_json so is included in lots of things. It's by the awesome dtolnay so I suspect it's unlikely we can add safety, but maybe we can identify patterns that can be better supported in future Rust.

https://github.com/dtolnay/itoa

Uses of unsafe:

• Creating a 40-byte long buffer which starts uninitialized, then is filled in using (mostly) ptr::copy_nonoverlapping to assemble the string representation of the integer, from right to left.
• Creating a slice from that data and length.
• Converting that slice to a string without UTF8 checks.
• Some of the above is duplicated for i128s.

Given the need to initialize the string from right to left for performance, the only options I see would be:

• Use a vec (or a String), then reverse it, which would presumably be slower.
• Invent a new buffer type that maintains a bitmap of which bytes are initialized and/or are valid UTF8. That would presumably add runtime overhead too, except in cases of remarkable compiler optimization.

I wonder if the need for that latter type has shown up anywhere else in safety-dance's audits? Or if anyone has any better ideas?

If you only write byte values 0..=127 then it's impossible to not be valid utf8

and making a new buffer type for this would be pretty trivial since you only need push, not all general buffer methods