Miri considers way more stuff to be raw pointer aliasing now, account for that

Author: slightlyoutofphase

ci/run_linux_and_mac.sh

@@ -16,7 +16,10 @@ rustup default "$MIRI_NIGHTLY"
 rustup component add miri
 # The `-Zmiri-disable-isolation` is so Miri can access the system clock
 # while calling `SystemTime::now()` in one of the tests.
-export MIRIFLAGS="-Zmiri-disable-isolation"
+# The `-Zmiri-permissive-provenance` is because this crate has a few
+# integer-to-pointer casts that are needed to avoid UB with ZST-related
+# stuff. 
+export MIRIFLAGS="-Zmiri-disable-isolation -Zmiri-permissive-provenance"
 # We run the suite once under Miri with all functionality enabled, and then once
 # normally without the default features just to make sure `no_std` support has
 # not been broken.

src/iterators.rs

@@ -536,15 +536,16 @@ impl<T, const N: usize> Iterator for StaticVecIntoIter<T, N> {
         // Get the index in `self.data` of the item to be returned.
         let res_index = old_start + n;
         // Get a pointer to the item, using the above index.
+        let mp = StaticVec::first_ptr_mut(&mut self.data);
         let res = match size_of::<T>() {
-          0 => zst_ptr_add(StaticVec::first_ptr(&self.data), res_index),
-          _ => StaticVec::first_ptr(&self.data).add(res_index),
+          0 => zst_ptr_add(mp, res_index),
+          _ => mp.add(res_index),
         };
         // Drop whatever range of values may exist in earlier positions
         // to avoid memory leaks.
         let drop_at = match size_of::<T>() {
-          0 => zst_ptr_add_mut(StaticVec::first_ptr_mut(&mut self.data), old_start),
-          _ => StaticVec::first_ptr_mut(&mut self.data).add(old_start),
+          0 => zst_ptr_add_mut(mp, old_start),
+          _ => mp.add(old_start),
         };
         ptr::drop_in_place(from_raw_parts_mut(drop_at, res_index - old_start));
         // Adjust our starting index.
@@ -806,9 +807,8 @@ impl<'a, T: 'a, const N: usize> Drop for StaticVecDrain<'a, T, N> {
         let vec_ref = &mut *self.vec;
         let start = vec_ref.length;
         let tail = self.start;
-        vec_ref
-          .ptr_at_unchecked(tail)
-          .copy_to(vec_ref.mut_ptr_at_unchecked(start), total_length);
+        let mp = vec_ref.as_mut_ptr();
+        mp.add(tail).copy_to(mp.add(start), total_length);
         vec_ref.set_len(start + total_length);
       }
     }

src/lib.rs

@@ -1947,9 +1947,8 @@ impl<T, const N: usize> StaticVec<T, N> {
           self
             .ptr_at_unchecked(start)
             .copy_to_nonoverlapping(Self::first_ptr_mut(&mut res), res_length);
-          self
-            .ptr_at_unchecked(end)
-            .copy_to(self.mut_ptr_at_unchecked(start), old_length - end);
+          let mp = self.as_mut_ptr();
+          mp.add(end).copy_to(mp.add(start), old_length - end);
           self.set_len(old_length - res_length);
           res
         }
@@ -2048,9 +2047,8 @@ impl<T, const N: usize> StaticVec<T, N> {
             .write(self.ptr_at_unchecked(i).read());
           res_length += 1;
         } else if res_length > 0 {
-          self
-            .ptr_at_unchecked(i)
-            .copy_to_nonoverlapping(self.mut_ptr_at_unchecked(i - res_length), 1);
+          let mp = self.as_mut_ptr();
+          mp.add(i).copy_to_nonoverlapping(mp.add(i - res_length), 1);
         }
       }
     }
@@ -2470,8 +2468,9 @@ impl<T, const N: usize> StaticVec<T, N> {
   /// ```
   /// # use::staticvec::*;
   /// let mut v = staticvec![4, 5, 6, 7];
+  /// let mp = v.as_mut_ptr();
   /// let t = v.triple_mut();
-  /// assert_eq!(t, (v.as_mut_ptr(), 4, 4));
+  /// assert_eq!(t, (mp, 4, 4));
   /// unsafe { *t.0 = 8 };
   /// assert_eq!(v, [8, 5, 6, 7]);
   /// ```

src/string/mod.rs

@@ -7,8 +7,8 @@ use core::str::{
 
 pub use self::string_errors::StringError;
 use self::string_utils::{
-  encode_char_utf8_unchecked, is_char_boundary, is_inside_boundary, never, shift_left_unchecked,
-  shift_right_unchecked, str_is_char_boundary, truncate_str,
+  encode_char_utf8_unchecked, is_char_boundary, is_inside_boundary, never, str_is_char_boundary,
+  truncate_str,
 };
 use crate::errors::CapacityError;
 use crate::StaticVec;
@@ -783,7 +783,7 @@ impl<const N: usize> StaticString<N> {
       }
     }
     unsafe {
-      shift_left_unchecked(self, start, 0usize);
+      shift_left_unchecked!(self, start, 0usize);
       self.vec.set_len(end - start)
     };
   }
@@ -811,7 +811,7 @@ impl<const N: usize> StaticString<N> {
     let character = character.unwrap_or_else(|| unsafe { never("Missing char") });
     let char_length = character.len_utf8();
     unsafe {
-      shift_left_unchecked(self, index + char_length, index);
+      shift_left_unchecked!(self, index + char_length, index);
       self.vec.set_len(old_length - char_length);
     }
     character
@@ -922,7 +922,7 @@ impl<const N: usize> StaticString<N> {
   #[inline(always)]
   pub unsafe fn insert_unchecked(&mut self, index: usize, character: char) {
     let char_length = character.len_utf8();
-    shift_right_unchecked(self, index, index + char_length);
+    shift_right_unchecked!(self, index, index + char_length);
     encode_char_utf8_unchecked(self, character, index);
   }
 
@@ -1010,7 +1010,7 @@ impl<const N: usize> StaticString<N> {
     let string_length = string_ref.len();
     debug_assert!(string_length <= self.remaining_capacity());
     let string_ptr = string_ref.as_ptr();
-    shift_right_unchecked(self, index, index + string_length);
+    shift_right_unchecked!(self, index, index + string_length);
     string_ptr.copy_to_nonoverlapping(self.vec.mut_ptr_at_unchecked(index), string_length);
     self.vec.set_len(self.len() + string_length);
   }
@@ -1213,17 +1213,20 @@ impl<const N: usize> StaticString<N> {
     );
     if replace_length == 0 {
       unsafe {
-        self
-          .as_ptr()
-          .add(end)
-          .copy_to(self.as_mut_ptr().add(start), old_length.saturating_sub(end));
+        let mp = self.vec.as_mut_ptr();
+        mp.add(end)
+          .copy_to(mp.add(start), old_length.saturating_sub(end));
         self.vec.set_len(old_length.saturating_sub(replaced));
       }
     } else {
       if start + replace_length > end {
-        unsafe { shift_right_unchecked(self, end, start + replace_length) };
+        unsafe {
+          shift_right_unchecked!(self, end, start + replace_length);
+        }
       } else {
-        unsafe { shift_left_unchecked(self, end, start + replace_length) };
+        unsafe {
+          shift_left_unchecked!(self, end, start + replace_length);
+        }
       }
       let ptr = replace_with.as_ptr();
       let dest = unsafe { self.vec.as_mut_ptr().add(start) };

src/string/string_trait_impls.rs

@@ -1,5 +1,6 @@
 use core::borrow::{Borrow, BorrowMut};
 use core::cmp::Ordering;
+use core::convert::Infallible;
 use core::fmt::{self, Arguments, Debug, Display, Formatter, Write};
 use core::hash::{Hash, Hasher};
 use core::iter::FromIterator;
@@ -211,7 +212,7 @@ impl<'a, const N: usize> FromIterator<&'a str> for StaticString<N> {
 }
 
 impl<'a, const N: usize> FromStr for StaticString<N> {
-  type Err = ();
+  type Err = Infallible;
 
   #[inline(always)]
   fn from_str(s: &str) -> Result<Self, Self::Err> {

src/string/string_utils.rs

@@ -76,34 +76,27 @@ pub(crate) const fn encode_utf8_raw(code: u32, len: usize) -> [u8; 4] {
   res
 }
 
-/// Shifts `string` to the right.
-#[inline(always)]
-pub(crate) unsafe fn shift_right_unchecked<const N: usize>(
-  string: &mut StaticString<N>,
-  from: usize,
-  to: usize,
-) {
-  debug_assert!(from <= to && to + string.len() - from <= string.capacity());
-  debug_assert!(string.as_str().is_char_boundary(from));
-  string
-    .as_ptr()
-    .add(from)
-    .copy_to(string.as_mut_ptr().add(to), string.len() - from);
+macro_rules! shift_right_unchecked {
+  ($self_var:expr, $from_var:expr, $to_var:expr) => {
+    debug_assert!(
+      $from_var as usize <= $to_var as usize
+        && $to_var as usize + $self_var.len() - $from_var as usize <= $self_var.capacity()
+    );
+    debug_assert!($self_var.as_str().is_char_boundary($from_var));
+    let mp = $self_var.vec.as_mut_ptr();
+    mp.add($from_var)
+      .copy_to(mp.add($to_var), $self_var.len() - $from_var);
+  };
 }
 
-/// Shifts `string` to the left.
-#[inline(always)]
-pub(crate) unsafe fn shift_left_unchecked<const N: usize>(
-  string: &mut StaticString<N>,
-  from: usize,
-  to: usize,
-) {
-  debug_assert!(to <= from && from <= string.len());
-  debug_assert!(string.as_str().is_char_boundary(from));
-  string
-    .as_ptr()
-    .add(from)
-    .copy_to(string.as_mut_ptr().add(to), string.len() - from);
+macro_rules! shift_left_unchecked {
+  ($self_var:expr, $from_var:expr, $to_var:expr) => {
+    debug_assert!($to_var as usize <= $from_var as usize && $from_var as usize <= $self_var.len());
+    debug_assert!($self_var.as_str().is_char_boundary($from_var));
+    let mp = $self_var.vec.as_mut_ptr();
+    mp.add($from_var)
+      .copy_to(mp.add($to_var), $self_var.len() - $from_var);
+  };
 }
 
 /// Returns an error if `size` is greater than `limit`.
@@ -205,25 +198,33 @@ mod tests {
   #[test]
   fn shift_right() {
     let mut ls = StaticString::<20>::try_from_str("abcdefg").unwrap();
-    unsafe { shift_right_unchecked(&mut ls, 0usize, 4usize) };
+    unsafe {
+      shift_right_unchecked!(ls, 0usize, 4usize);
+    }
     unsafe { ls.vec.set_len(ls.len() + 4) };
     assert_eq!(ls.as_str(), "abcdabcdefg");
   }
 
   #[test]
   fn shift_left() {
     let mut ls = StaticString::<20>::try_from_str("abcdefg").unwrap();
-    unsafe { shift_left_unchecked(&mut ls, 1usize, 0usize) };
+    unsafe {
+      shift_left_unchecked!(ls, 1usize, 0usize);
+    }
     unsafe { ls.vec.set_len(ls.len() - 1) };
     assert_eq!(ls.as_str(), "bcdefg");
   }
 
   #[test]
   fn shift_nop() {
     let mut ls = StaticString::<20>::try_from_str("abcdefg").unwrap();
-    unsafe { shift_right_unchecked(&mut ls, 0usize, 0usize) };
+    unsafe {
+      shift_right_unchecked!(ls, 0usize, 0usize);
+    }
     assert_eq!(ls.as_str(), "abcdefg");
-    unsafe { shift_left_unchecked(&mut ls, 0usize, 0usize) };
+    unsafe {
+      shift_left_unchecked!(ls, 0usize, 0usize);
+    }
     assert_eq!(ls.as_str(), "abcdefg");
   }
 

src/trait_impls.rs

@@ -811,9 +811,9 @@ impl<const N: usize> Read for StaticVec<u8, N> {
     if read_length < current_length {
       // Safety: we just confirmed that `read_length` is less than our current length.
       unsafe {
-        self
-          .ptr_at_unchecked(read_length)
-          .copy_to(self.as_mut_ptr(), current_length - read_length)
+        let mp = self.as_mut_ptr();
+        mp.add(read_length)
+          .copy_to(mp, current_length - read_length)
       };
     }
     // Safety: 0 <= `read_length` <= `current_length`.
@@ -881,9 +881,8 @@ impl<const N: usize> Read for StaticVec<u8, N> {
     let total_read = old_length - current_length;
     if current_length > 0 {
       unsafe {
-        self
-          .ptr_at_unchecked(total_read)
-          .copy_to(self.as_mut_ptr(), current_length);
+        let mp = self.as_mut_ptr();
+        mp.add(total_read).copy_to(mp, current_length);
       }
     }
     Ok(total_read)

test/test_staticvec.rs

@@ -2554,8 +2554,9 @@ fn triple() {
 #[test]
 fn triple_mut() {
   let mut v = staticvec![4, 5, 6, 7];
+  let mp = v.as_mut_ptr();
   let t = v.triple_mut();
-  assert_eq!(t, (v.as_mut_ptr(), 4, 4));
+  assert_eq!(t, (mp, 4, 4));
   unsafe { *t.0 = 8 };
   assert_eq!(v, [8, 5, 6, 7]);
 }