sameold: remove slice conversion from Window

`SliceRingBuffer` is unsound and has multiple security
advisories [1] [2]. There has been no apparent progress on fixes
since May 2025 [3]. The crate's large volume of interdependent
`unsafe` blocks will likely make it very tricky to maintain.

While a memory-mapped deque is a very cool idea, it is time to
move on for now.

Let's replace `SliceRingBuffer` with a more traditional
double-ended queue.

These queues don't covert to slice, but we don't really *need* a
slice. At present, slice is mostly used to align the end of
`Window` (with the most recent samples) to the filter taps. We
can do that just as easily with a `DoubleEndedIterator`.

* Make `Window` convertible to an iterator of numbers, via
  `IntoIterator`. Replace all uses of slices with iterators.

* Remove slice conversions and accessors from Window. They're
  still technically accessible via `inner()`, but nothing uses
  them.

[1]: https://rustsec.org/advisories/RUSTSEC-2025-0044

[2]: https://rustsec.org/advisories/RUSTSEC-2020-0158

[3]: LiquidityC/slice_ring_buffer#12

Author: cbs228

crates/sameold/src/receiver/dcblock.rs

@@ -168,7 +168,7 @@ mod tests {
             output_history.push_scalar(uut.filter(100.0f32 + clk));
             clk = -1.0 * clk;
         }
-        assert_approx_eq!(output_history.as_slice()[0], 1.0f32, 1.0e-2);
-        assert_approx_eq!(output_history.as_slice()[1], -1.0f32, 1.0e-2);
+        assert_approx_eq!(output_history.inner()[0], 1.0f32, 1.0e-2);
+        assert_approx_eq!(output_history.inner()[1], -1.0f32, 1.0e-2);
     }
 }

crates/sameold/src/receiver/demod.rs

@@ -155,9 +155,8 @@ impl FskDemod {
     // * `< 0` for space
     fn demod_now(&self) -> f32 {
         // matched filter
-        let window = self.window_input.as_slice();
-        let mark = self.coeff_mark.filter(window);
-        let space = self.coeff_space.filter(window);
+        let mark = self.coeff_mark.filter(&self.window_input);
+        let space = self.coeff_space.filter(&self.window_input);
 
         // non-coherently sum matched filter powers to obtain
         // the symbol estimate

crates/sameold/src/receiver/equalize.rs

@@ -133,6 +133,9 @@ impl Equalizer {
         let feedforward_wind = Window::new(nfeedforward);
         let feedback_wind = Window::new(nfeedback);
 
+        assert_eq!(feedforward_coeff.inner().len(), feedforward_wind.len());
+        assert_eq!(feedback_coeff.inner().len(), feedback_wind.len());
+
         Self {
             relaxation,
             regularization,
@@ -314,14 +317,16 @@ impl Equalizer {
             self.relaxation,
             self.regularization,
             error,
-            self.feedforward_wind.as_ref(),
+            &self.feedforward_wind,
             self.feedforward_coeff.as_mut(),
         );
+
+        assert_eq!(self.feedback_wind.inner().len(), self.feedback_coeff.len());
         nlms_update(
             self.relaxation,
             self.regularization,
             -error,
-            self.feedback_wind.as_ref(),
+            &self.feedback_wind,
             self.feedback_coeff.as_mut(),
         );
     }
@@ -346,17 +351,14 @@ enum EqualizerState {
 // variable gain. The gain is computed based on the power
 // of the input. The given `filter` taps are updated based
 // on the input samples in `window`.
-fn nlms_update(
-    relaxation: f32,
-    regularization: f32,
-    error: f32,
-    window: &[f32],
-    filter: &mut [f32],
-) {
-    assert_eq!(window.len(), filter.len());
-
-    let gain = nlms_gain(relaxation, regularization, window);
-    for (coeff, data) in filter.iter_mut().zip(window.iter()) {
+fn nlms_update<W>(relaxation: f32, regularization: f32, error: f32, window: W, filter: &mut [f32])
+where
+    W: IntoIterator<Item = f32>,
+    W::IntoIter: DoubleEndedIterator + Clone,
+{
+    let window = window.into_iter();
+    let gain = nlms_gain(relaxation, regularization, window.clone());
+    for (coeff, data) in filter.iter_mut().zip(window) {
         *coeff += gain * error * data;
     }
 }
@@ -371,7 +373,10 @@ fn nlms_update(
 //
 // where `norm(x, 2)` is the L² norm of `x`
 #[inline]
-fn nlms_gain(relaxation: f32, regularization: f32, window: &[f32]) -> f32 {
+fn nlms_gain<'a, W>(relaxation: f32, regularization: f32, window: W) -> f32
+where
+    W: IntoIterator<Item = f32>,
+{
     let mut sumsq = 0.0f32;
     for w in window {
         sumsq += w * w;
@@ -473,7 +478,7 @@ mod tests {
                 RELAXATION,
                 REGULARIZATION,
                 err,
-                inverse_wind.as_ref(),
+                &inverse_wind,
                 inverse_coeff.as_mut(),
             );
         }

crates/sameold/src/receiver/filter.rs

@@ -116,25 +116,26 @@ where
         self.0.len()
     }
 
-    /// Perform FIR filtering with the given sample history slice
+    /// Perform FIR filtering with the given sample history
     ///
     /// Computes the current output sample of the filter assuming
-    /// the given `history`. `history` should be a slice where
-    /// `history[N-1]` is the most recent sample and `history[0]`
-    /// is the least recent/oldest sample.
+    /// the given `history`. `history` must be a
+    /// `DoubledEndedIterator` which outputs the oldest sample
+    /// first and the newest sample last. The newest sample is
+    /// used for feedforward lag 0. `history` SHOULD contain at
+    /// least `self.len()` samples, but no error is raised if it
+    /// is shorter.
     ///
-    /// The caller should maintain a deque of history. New samples
-    /// should be pushed to the end of the queue, and old samples
-    /// should age off the head of the queue. The queue *should*
-    /// contain `self.len()` samples, but it is not an error if
-    /// it contains more or less.
-    pub fn filter<I, In, Out>(&self, history: I) -> Out
+    /// The caller is encouraged to use a deque for `history`,
+    /// but this is not enforced.
+    pub fn filter<W, In, Out>(&self, history: W) -> Out
     where
-        I: AsRef<[In]>,
+        W: IntoIterator<Item = In>,
+        W::IntoIter: DoubleEndedIterator,
         In: Copy + Scalar + std::ops::Mul<T, Output = Out>,
         Out: Copy + Scalar + Zero + std::ops::AddAssign,
     {
-        multiply_accumulate(history.as_ref(), self.as_ref())
+        multiply_accumulate(history, self.as_ref())
     }
 
     /// Reset to identity filter
@@ -275,7 +276,7 @@ where
     ///
     /// Appends the `input` slice to the right side of the Window.
     /// The last sample of `input` becomes the right-most / most recent
-    /// sample of the Window slice.
+    /// sample of the Window.
     ///
     /// If the length of `input` exceeds the length of the Window,
     /// then the right-most chunk of `input` will be taken.
@@ -301,8 +302,8 @@ where
     /// Append a scalar to the sample window
     ///
     /// Appends the `input` scalar to the right side of the Window.
-    /// It becomes the last / most recent sample of the Window
-    /// slice. Returns the sample that was formerly the oldest
+    /// It becomes the last / most recent sample of Window.
+    /// Returns the sample that was formerly the oldest
     /// sample in the Window.
     #[inline]
     pub fn push_scalar(&mut self, input: T) -> T {
@@ -311,19 +312,26 @@ where
         out
     }
 
-    /// Obtain the inner SliceRingBuffer
-    pub fn inner(&self) -> &SliceRingBuffer<T> {
-        &self.0
+    /// Iterator over window contents
+    ///
+    /// The iterator outputs the least recent sample first.
+    /// The most recent sample is output last.
+    pub fn iter(&self) -> <&Window<T> as IntoIterator>::IntoIter {
+        self.into_iter()
     }
 
-    /// Obtain current window contents, as a slice
+    /// Convert window contents to a vector
     ///
-    /// The zeroth sample of the slice is the least recent
-    /// sample in the window. The last sample of the slice
-    /// is the most recent sample in the window.
-    #[inline]
-    pub fn as_slice(&self) -> &[T] {
-        self.0.as_slice()
+    /// Copy the current contents of the window to a freshly-allocated
+    /// vector. Vector elements are ordered from least recent sample
+    /// to most recent sample.
+    pub fn to_vec(&self) -> Vec<T> {
+        self.iter().collect()
+    }
+
+    /// Obtain the inner SliceRingBuffer
+    pub fn inner(&self) -> &SliceRingBuffer<T> {
+        &self.0
     }
 
     /// Most recent element pushed into the Window
@@ -339,12 +347,16 @@ where
     }
 }
 
-impl<T> AsRef<[T]> for Window<T>
+impl<'a, T> IntoIterator for &'a Window<T>
 where
     T: Copy + Scalar + Zero,
 {
-    fn as_ref(&self) -> &[T] {
-        self.as_slice()
+    type Item = T;
+
+    type IntoIter = std::iter::Copied<core::slice::Iter<'a, T>>;
+
+    fn into_iter(self) -> Self::IntoIter {
+        self.0.as_slice().into_iter().copied()
     }
 }
 
@@ -363,7 +375,7 @@ where
 // stored *reversed* in `rev_coeff`, with `rev_coeff[N-1]` being
 // the zeroth filter coefficient.
 //
-// The two slices need not be the same length. If `history` is shorter
+// The two inputs need not be the same length. If `history` is shorter
 // than `rev_coeff`, then the sample history is assumed to be zero
 // outside of its range.
 //
@@ -373,19 +385,18 @@ where
 //
 // The output value is returned. Any compatible arithmetic types may
 // be used, including complex numbers.
-fn multiply_accumulate<In, Coeff, Out>(history: &[In], rev_coeff: &[Coeff]) -> Out
+fn multiply_accumulate<W, In, Coeff, Out>(history: W, rev_coeff: &[Coeff]) -> Out
 where
+    W: IntoIterator<Item = In>,
+    W::IntoIter: DoubleEndedIterator,
     In: Copy + Scalar + std::ops::Mul<Coeff, Output = Out>,
     Coeff: Copy + Scalar,
     Out: Copy + Scalar + Zero + std::ops::AddAssign,
 {
-    let mul_len = usize::min(history.len(), rev_coeff.len());
-    let history = &history[history.len() - mul_len..];
-    let rev_coeff = &rev_coeff[rev_coeff.len() - mul_len..];
-
+    let history = history.into_iter();
     let mut out = Out::zero();
-    for (hi, co) in history.iter().zip(rev_coeff.iter()) {
-        out += *hi * *co;
+    for (hi, co) in history.rev().zip(rev_coeff.iter().rev()) {
+        out += hi * *co;
     }
     out
 }
@@ -446,26 +457,26 @@ mod tests {
     fn test_window() {
         let mut wind: Window<f32> = Window::new(4);
         assert_eq!(4, wind.len());
-        assert_eq!(&[0.0f32, 0.0f32, 0.0f32, 0.0f32], wind.as_slice());
+        assert_eq!(vec![0.0f32, 0.0f32, 0.0f32, 0.0f32], wind.to_vec());
         wind.push(&[1.0f32]);
-        assert_eq!(&[0.0f32, 0.0f32, 0.0f32, 1.0f32], wind.as_slice());
+        assert_eq!(vec![0.0f32, 0.0f32, 0.0f32, 1.0f32], wind.to_vec());
 
         wind.push(&[2.0f32]);
-        assert_eq!(&[0.0f32, 0.0f32, 1.0f32, 2.0f32], wind.as_slice());
+        assert_eq!(vec![0.0f32, 0.0f32, 1.0f32, 2.0f32], wind.to_vec());
 
         wind.push(&[-1.0f32, -2.0f32, 1.0f32, 2.0f32, 3.0f32, 4.0f32]);
-        assert_eq!(&[1.0f32, 2.0f32, 3.0f32, 4.0f32], wind.as_slice());
+        assert_eq!(vec![1.0f32, 2.0f32, 3.0f32, 4.0f32], wind.to_vec());
         assert_eq!(4.0f32, wind.back());
         assert_eq!(1.0f32, wind.front());
         assert_eq!(4, wind.len());
 
         // push individual samples works too
         assert_eq!(1.0f32, wind.push_scalar(10.0f32));
         assert_eq!(4, wind.len());
-        assert_eq!(&[2.0f32, 3.0f32, 4.0f32, 10.0f32], wind.as_slice());
+        assert_eq!(vec![2.0f32, 3.0f32, 4.0f32, 10.0f32], wind.to_vec());
 
         wind.reset();
         assert_eq!(4, wind.len());
-        assert_eq!(&[0.0f32, 0.0f32, 0.0f32, 0.0f32], wind.as_slice());
+        assert_eq!(vec![0.0f32, 0.0f32, 0.0f32, 0.0f32], wind.to_vec());
     }
 }