Fix miri bugs (#704)

fafhrd91 · web-flow · commit 14ceab0ac6aa · 2025-12-27T18:12:36.000+09:00
diff --git a/.github/workflows/miri.yml b/.github/workflows/miri.yml
@@ -0,0 +1,22 @@
+name: Miri
+
+on: [push, pull_request]
+
+jobs:
+  miri:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install Rust toolchain
+      uses: actions-rust-lang/setup-rust-toolchain@v1
+      with:
+        profile: minimal
+        # Miri requires nightly Rust
+        toolchain: nightly
+        override: true
+        components: miri
+
+    - name: Run Miri
+      # Run all of your tests inside of Miri interpreter
+      run: cargo miri test -p ntex-bytes
diff --git a/ntex-bytes/Cargo.toml b/ntex-bytes/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ntex-bytes"
-version = "1.0.0"
+version = "1.1.0"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Types and traits for working with bytes (bytes crate fork)"
 documentation = "https://docs.rs/ntex-bytes"
diff --git a/ntex-bytes/src/bvec.rs b/ntex-bytes/src/bvec.rs
@@ -595,11 +595,8 @@ unsafe impl bytes::buf::BufMut for BytesVec {
         let len = self.len();
         unsafe {
             // This will never panic as `len` can never become invalid
-            let ptr = &mut self.storage.as_raw()[len..];
-            bytes::buf::UninitSlice::from_raw_parts_mut(
-                ptr.as_mut_ptr(),
-                self.capacity() - len,
-            )
+            let ptr = self.storage.as_ptr();
+            bytes::buf::UninitSlice::from_raw_parts_mut(ptr.add(len), self.capacity() - len)
         }
     }
 
diff --git a/ntex-bytes/src/storage.rs b/ntex-bytes/src/storage.rs
@@ -224,6 +224,13 @@ pub(crate) const INLINE_CAP: usize = 4 * 8 - 2;
 #[cfg(target_pointer_width = "32")]
 pub(crate) const INLINE_CAP: usize = 4 * 4 - 2;
 
+// Inline storage
+const PTR_INLINE: NonNull<Shared> =
+    unsafe { NonNull::new_unchecked(KIND_INLINE as *mut Shared) };
+// Inline storage
+const PTR_STATIC: NonNull<Shared> =
+    unsafe { NonNull::new_unchecked(KIND_STATIC as *mut Shared) };
+
 /*
  *
  * ===== Storage =====
@@ -234,7 +241,7 @@ impl Storage {
     #[inline]
     pub(crate) const fn empty() -> Storage {
         Storage {
-            arc: unsafe { NonNull::new_unchecked(KIND_INLINE as *mut Shared) },
+            arc: PTR_INLINE,
             ptr: ptr::null_mut::<u8>(),
             len: 0,
             cap: 0,
@@ -259,7 +266,7 @@ impl Storage {
             // `arc` won't ever store a pointer. Instead, use it to
             // track the fact that the `Bytes` handle is backed by a
             // static buffer.
-            arc: unsafe { NonNull::new_unchecked(KIND_STATIC as *mut Shared) },
+            arc: PTR_STATIC,
             ptr,
             len: bytes.len(),
             cap: bytes.len(),
@@ -309,14 +316,15 @@ impl Storage {
     fn from_slice_with_capacity(cap: usize, src: &[u8]) -> Storage {
         let ptr = SharedVec::create(cap, src);
         unsafe {
-            let cap = (*ptr).cap - SHARED_VEC_SIZE;
-            let arc = NonNull::new_unchecked((ptr as usize ^ KIND_VEC) as *mut Shared);
+            let arc = NonNull::new_unchecked(
+                ptr.as_ptr().map_addr(|addr| addr ^ KIND_VEC) as *mut Shared
+            );
 
             // Create new arc, so atomic operations can be avoided.
             Storage {
                 cap,
                 arc,
-                ptr: ptr.add(1) as *mut u8,
+                ptr: ptr.as_ptr().add(1) as *mut u8,
                 len: src.len(),
             }
         }
@@ -325,7 +333,7 @@ impl Storage {
     #[inline]
     unsafe fn from_ptr_inline(src: *const u8, len: usize) -> Storage {
         let mut st = Storage {
-            arc: NonNull::new_unchecked(KIND_INLINE as *mut Shared),
+            arc: PTR_INLINE,
             ptr: ptr::null_mut(),
             len: 0,
             cap: 0,
@@ -441,8 +449,9 @@ impl Storage {
         debug_assert!(len <= INLINE_CAP);
         self.arc = unsafe {
             NonNull::new_unchecked(
-                ((self.arc.as_ptr() as usize & !INLINE_LEN_MASK)
-                    | (len << INLINE_LEN_OFFSET)) as _,
+                self.arc
+                    .as_ptr()
+                    .map_addr(|addr| addr & !INLINE_LEN_MASK | (len << INLINE_LEN_OFFSET)),
             )
         };
     }
@@ -709,7 +718,7 @@ impl Storage {
         } else {
             assert!(kind == KIND_VEC);
 
-            let vec_arc = (arc as usize & KIND_UNMASK) as *mut SharedVec;
+            let vec_arc = arc.map_addr(|addr| addr & KIND_UNMASK) as *mut SharedVec;
             let old_size = (*vec_arc).ref_count.fetch_add(1, Relaxed);
             if old_size == usize::MAX {
                 abort();
@@ -815,7 +824,7 @@ impl Storage {
 
     #[inline]
     fn shared_vec(&self) -> *mut SharedVec {
-        ((self.arc.as_ptr() as usize) & KIND_UNMASK) as *mut SharedVec
+        self.arc.as_ptr().map_addr(|addr| addr & KIND_UNMASK) as *mut SharedVec
     }
 
     #[inline]
@@ -943,16 +952,14 @@ fn release_shared(ptr: *mut Shared) {
 impl StorageVec {
     /// Create new empty storage with specified capacity
     pub(crate) fn with_capacity(capacity: usize) -> StorageVec {
-        let shared_ptr = SharedVec::create(capacity, &[]);
-        StorageVec(unsafe { NonNull::new_unchecked(shared_ptr) })
+        StorageVec(SharedVec::create(capacity, &[]))
     }
 
     /// Create new storage with capacity and copy slice
     ///
     /// Caller must garantee cap is larger or eaqual to src length
     pub(crate) fn from_slice(src: &[u8]) -> StorageVec {
-        let shared_ptr = SharedVec::create(src.len(), src);
-        StorageVec(unsafe { NonNull::new_unchecked(shared_ptr) })
+        StorageVec(SharedVec::create(src.len(), src))
     }
 
     /// Return a slice for the handle's view into the shared buffer
@@ -972,7 +979,7 @@ impl StorageVec {
     }
 
     /// Return a raw pointer to data
-    unsafe fn as_ptr(&self) -> *mut u8 {
+    pub(crate) unsafe fn as_ptr(&self) -> *mut u8 {
         (self.0.as_ptr() as *mut u8).add((*self.0.as_ptr()).offset as usize)
     }
 
@@ -1009,7 +1016,7 @@ impl StorageVec {
                     len: self.len(),
                     cap: self.capacity(),
                     arc: NonNull::new_unchecked(
-                        (self.0.as_ptr() as usize ^ KIND_VEC) as *mut Shared,
+                        self.0.as_ptr().map_addr(|addr| addr ^ KIND_VEC) as *mut Shared,
                     ),
                 };
                 mem::forget(self);
@@ -1042,7 +1049,7 @@ impl StorageVec {
                     len: self.len(),
                     cap: self.capacity(),
                     arc: NonNull::new_unchecked(
-                        (self.0.as_ptr() as usize ^ KIND_VEC) as *mut Shared,
+                        self.0.as_ptr().map_addr(|addr| addr ^ KIND_VEC) as *mut Shared,
                     ),
                 },
             };
@@ -1098,7 +1105,7 @@ impl StorageVec {
                     len: at,
                     cap: at,
                     arc: NonNull::new_unchecked(
-                        (self.0.as_ptr() as usize ^ KIND_VEC) as *mut Shared,
+                        self.0.as_ptr().map_addr(|addr| addr ^ KIND_VEC) as *mut Shared,
                     ),
                 }
             };
@@ -1178,10 +1185,7 @@ impl StorageVec {
                 }
             } else {
                 // Create a new vector storage
-                *self = StorageVec(NonNull::new_unchecked(SharedVec::create(
-                    new_cap,
-                    self.as_ref(),
-                )));
+                *self = StorageVec(SharedVec::create(new_cap, self.as_ref()));
             }
         }
     }
@@ -1244,15 +1248,16 @@ impl Shared {
 }
 
 impl SharedVec {
-    fn create(cap: usize, src: &[u8]) -> *mut SharedVec {
+    fn create(cap: usize, src: &[u8]) -> NonNull<SharedVec> {
         let layout = shared_vec_layout(cap).unwrap();
 
         // Alloc memory and store data
         unsafe {
-            let shared_ptr = alloc::alloc(layout) as *mut SharedVec;
-            if shared_ptr.is_null() {
+            let ptr = alloc::alloc(layout);
+            if ptr.is_null() {
                 alloc::handle_alloc_error(layout);
             }
+            let shared_ptr = ptr as *mut SharedVec;
 
             ptr::write(
                 shared_ptr,
@@ -1266,11 +1271,11 @@ impl SharedVec {
             );
 
             if !src.is_empty() {
-                let data = &((&*shared_ptr).data) as *const u8 as *mut _;
-                ptr::copy_nonoverlapping(src.as_ptr(), data, src.len());
+                let ptr = ptr.add(SHARED_VEC_SIZE);
+                let sl = slice::from_raw_parts_mut(ptr, src.len());
+                sl.copy_from_slice(src);
             }
-
-            shared_ptr
+            NonNull::new_unchecked(shared_ptr)
         }
     }
 
@@ -1309,7 +1314,8 @@ fn release_shared_vec(ptr: *mut SharedVec) {
         // Drop the data
         let cap = (*ptr).cap;
         ptr::drop_in_place(ptr);
-        alloc::dealloc(ptr as *mut _, shared_vec_layout(cap).unwrap());
+        let layout = shared_vec_layout(cap - SHARED_VEC_SIZE).unwrap();
+        alloc::dealloc(ptr as *mut _, layout);
     }
 }
 
@@ -1320,7 +1326,7 @@ const fn shared_vec_layout(cap: usize) -> Result<Layout, LayoutError> {
         Ok(l) => l,
         Err(e) => return Err(e),
     };
-    match Layout::new::<SharedVec>().extend(s_layout) {
+    match Layout::new::<SharedVec>().pad_to_align().extend(s_layout) {
         Ok((l, _)) => Ok(l),
         Err(err) => Err(err),
     }
diff --git a/ntex-bytes/tests/test_buf.rs b/ntex-bytes/tests/test_buf.rs
@@ -79,12 +79,12 @@ fn test_bytes_mut_buf() {
     bytes::buf::BufMut::put_u8(&mut buf, b'3');
     bytes::buf::BufMut::put_i8(&mut buf, b'4' as i8);
     unsafe {
-        bytes::buf::BufMut::advance_mut(&mut buf, 2);
         let c = bytes::buf::BufMut::chunk_mut(&mut buf);
         *c.as_mut_ptr() = b'5';
         assert!(c.as_mut_ptr().as_ref().unwrap() == &b'5');
+        bytes::buf::BufMut::advance_mut(&mut buf, 1);
     }
-    assert_eq!(&bytes::buf::Buf::chunk(&buf)[..4], b"1234");
+    assert_eq!(&bytes::buf::Buf::chunk(&buf), b"12345");
 }
 
 #[test]
@@ -127,12 +127,12 @@ fn test_bytes_vec_buf() {
     bytes::buf::BufMut::put_u8(&mut buf, b'3');
     bytes::buf::BufMut::put_i8(&mut buf, b'4' as i8);
     unsafe {
-        bytes::buf::BufMut::advance_mut(&mut buf, 1);
         let c = bytes::buf::BufMut::chunk_mut(&mut buf);
         *c.as_mut_ptr() = b'5';
         assert!(c.as_mut_ptr().as_ref().unwrap() == &b'5');
+        bytes::buf::BufMut::advance_mut(&mut buf, 1);
     }
-    assert_eq!(&bytes::buf::Buf::chunk(&buf)[..4], b"1234");
+    assert_eq!(&bytes::buf::Buf::chunk(&buf), b"12345");
 }
 
 #[test]

Original file line number	Diff line number	Diff line change
`@@ -595,11 +595,8 @@ unsafe impl bytes::buf::BufMut for BytesVec {`
`595`	`595`	`let len = self.len();`
`596`	`596`	`unsafe {`
`597`	`597`	// This will never panic as `len` can never become invalid
`598`		`- let ptr = &mut self.storage.as_raw()[len..];`
`599`		`- bytes::buf::UninitSlice::from_raw_parts_mut(`
`600`		`- ptr.as_mut_ptr(),`
`601`		`- self.capacity() - len,`
`602`		`- )`
	`598`	`+ let ptr = self.storage.as_ptr();`
	`599`	`+ bytes::buf::UninitSlice::from_raw_parts_mut(ptr.add(len), self.capacity() - len)`
`603`	`600`	`}`
`604`	`601`	`}`
`605`	`602`