Merge branch 'fix/ub-pass-miri-tests' of https://github.com/xgroleau/bbqueue into main

Sympatron · Sympatron · commit 8468029832ce · 2024-12-10T11:09:53.000+01:00
diff --git a/core/src/bbbuffer.rs b/core/src/bbbuffer.rs
@@ -10,7 +10,7 @@ use core::{
     ops::{Deref, DerefMut},
     ptr::NonNull,
     result::Result as CoreResult,
-    slice::from_raw_parts_mut,
+    slice::{from_raw_parts, from_raw_parts_mut},
     sync::atomic::{
         AtomicBool, AtomicUsize,
         Ordering::{AcqRel, Acquire, Release},
@@ -404,9 +404,10 @@ impl<'a, const N: usize> Producer<'a, N> {
         let grant_slice = unsafe { from_raw_parts_mut(start_of_buf_ptr.add(start), sz) };
 
         Ok(GrantW {
-            buf: grant_slice,
+            buf: grant_slice.into(),
             bbq: self.bbq,
             to_commit: 0,
+            phatom: PhantomData,
         })
     }
 
@@ -507,9 +508,10 @@ impl<'a, const N: usize> Producer<'a, N> {
         let grant_slice = unsafe { from_raw_parts_mut(start_of_buf_ptr.add(start), sz) };
 
         Ok(GrantW {
-            buf: grant_slice,
+            buf: grant_slice.into(),
             bbq: self.bbq,
             to_commit: 0,
+            phatom: PhantomData,
         })
     }
 }
@@ -598,9 +600,10 @@ impl<'a, const N: usize> Consumer<'a, N> {
         let grant_slice = unsafe { from_raw_parts_mut(start_of_buf_ptr.add(read), sz) };
 
         Ok(GrantR {
-            buf: grant_slice,
+            buf: grant_slice.into(),
             bbq: self.bbq,
             to_release: 0,
+            phatom: PhantomData,
         })
     }
 
@@ -651,10 +654,11 @@ impl<'a, const N: usize> Consumer<'a, N> {
         let grant_slice2 = unsafe { from_raw_parts_mut(start_of_buf_ptr, sz2) };
 
         Ok(SplitGrantR {
-            buf1: grant_slice1,
-            buf2: grant_slice2,
+            buf1: grant_slice1.into(),
+            buf2: grant_slice2.into(),
             bbq: self.bbq,
             to_release: 0,
+            phatom: PhantomData,
         })
     }
 }
@@ -697,9 +701,10 @@ impl<const N: usize> BBBuffer<N> {
 /// without committing it takes a short critical section,
 #[derive(Debug, PartialEq)]
 pub struct GrantW<'a, const N: usize> {
-    pub(crate) buf: &'a mut [u8],
+    pub(crate) buf: NonNull<[u8]>,
     bbq: NonNull<BBBuffer<N>>,
     pub(crate) to_commit: usize,
+    phatom: PhantomData<&'a mut [u8]>,
 }
 
 unsafe impl<'a, const N: usize> Send for GrantW<'a, N> {}
@@ -718,20 +723,22 @@ unsafe impl<'a, const N: usize> Send for GrantW<'a, N> {}
 /// without releasing it takes a short critical section,
 #[derive(Debug, PartialEq)]
 pub struct GrantR<'a, const N: usize> {
-    pub(crate) buf: &'a mut [u8],
+    pub(crate) buf: NonNull<[u8]>,
     bbq: NonNull<BBBuffer<N>>,
     pub(crate) to_release: usize,
+    phatom: PhantomData<&'a mut [u8]>,
 }
 
 /// A structure representing up to two contiguous regions of memory that
 /// may be read from, and potentially "released" (or cleared)
 /// from the queue
 #[derive(Debug, PartialEq)]
 pub struct SplitGrantR<'a, const N: usize> {
-    pub(crate) buf1: &'a mut [u8],
-    pub(crate) buf2: &'a mut [u8],
+    pub(crate) buf1: NonNull<[u8]>,
+    pub(crate) buf2: NonNull<[u8]>,
     bbq: NonNull<BBBuffer<N>>,
     pub(crate) to_release: usize,
+    phatom: PhantomData<&'a mut [u8]>,
 }
 
 unsafe impl<'a, const N: usize> Send for GrantR<'a, N> {}
@@ -777,7 +784,7 @@ impl<'a, const N: usize> GrantW<'a, N> {
     /// # }
     /// ```
     pub fn buf(&mut self) -> &mut [u8] {
-        self.buf
+        unsafe { from_raw_parts_mut(self.buf.as_ptr() as *mut u8, self.buf.len()) }
     }
 
     /// Sometimes, it's not possible for the lifetimes to check out. For example,
@@ -794,7 +801,7 @@ impl<'a, const N: usize> GrantW<'a, N> {
     /// Additionally, you must ensure that a separate reference to this data is not created
     /// to this data, e.g. using `DerefMut` or the `buf()` method of this grant.
     pub unsafe fn as_static_mut_buf(&mut self) -> &'static mut [u8] {
-        transmute::<&mut [u8], &'static mut [u8]>(self.buf)
+        transmute::<&mut [u8], &'static mut [u8]>(self.buf())
     }
 
     #[inline(always)]
@@ -875,9 +882,9 @@ impl<'a, const N: usize> GrantR<'a, N> {
 
     pub(crate) fn shrink(&mut self, len: usize) {
         let mut new_buf: &mut [u8] = &mut [];
-        core::mem::swap(&mut self.buf, &mut new_buf);
+        core::mem::swap(&mut self.buf_mut(), &mut new_buf);
         let (new, _) = new_buf.split_at_mut(len);
-        self.buf = new;
+        self.buf = new.into();
     }
 
     /// Obtain access to the inner buffer for reading
@@ -910,15 +917,15 @@ impl<'a, const N: usize> GrantR<'a, N> {
     /// # }
     /// ```
     pub fn buf(&self) -> &[u8] {
-        self.buf
+        unsafe { from_raw_parts(self.buf.as_ptr() as *const u8, self.buf.len()) }
     }
 
     /// Obtain mutable access to the read grant
     ///
     /// This is useful if you are performing in-place operations
     /// on an incoming packet, such as decryption
     pub fn buf_mut(&mut self) -> &mut [u8] {
-        self.buf
+        unsafe { from_raw_parts_mut(self.buf.as_ptr() as *mut u8, self.buf.len()) }
     }
 
     /// Sometimes, it's not possible for the lifetimes to check out. For example,
@@ -935,7 +942,7 @@ impl<'a, const N: usize> GrantR<'a, N> {
     /// Additionally, you must ensure that a separate reference to this data is not created
     /// to this data, e.g. using `Deref` or the `buf()` method of this grant.
     pub unsafe fn as_static_buf(&self) -> &'static [u8] {
-        transmute::<&[u8], &'static [u8]>(self.buf)
+        transmute::<&[u8], &'static [u8]>(self.buf())
     }
 
     #[inline(always)]
@@ -1022,15 +1029,19 @@ impl<'a, const N: usize> SplitGrantR<'a, N> {
     /// # }
     /// ```
     pub fn bufs(&self) -> (&[u8], &[u8]) {
-        (self.buf1, self.buf2)
+        let buf1 = unsafe { from_raw_parts(self.buf1.as_ptr() as *const u8, self.buf1.len()) };
+        let buf2 = unsafe { from_raw_parts(self.buf2.as_ptr() as *const u8, self.buf2.len()) };
+        (buf1, buf2)
     }
 
     /// Obtain mutable access to both parts of the read grant
     ///
     /// This is useful if you are performing in-place operations
     /// on an incoming packet, such as decryption
     pub fn bufs_mut(&mut self) -> (&mut [u8], &mut [u8]) {
-        (self.buf1, self.buf2)
+        let buf1 = unsafe { from_raw_parts_mut(self.buf1.as_ptr() as *mut u8, self.buf1.len()) };
+        let buf2 = unsafe { from_raw_parts_mut(self.buf2.as_ptr() as *mut u8, self.buf2.len()) };
+        (buf1, buf2)
     }
 
     #[inline(always)]
@@ -1091,27 +1102,27 @@ impl<'a, const N: usize> Deref for GrantW<'a, N> {
     type Target = [u8];
 
     fn deref(&self) -> &Self::Target {
-        self.buf
+        unsafe { from_raw_parts_mut(self.buf.as_ptr() as *mut u8, self.buf.len()) }
     }
 }
 
 impl<'a, const N: usize> DerefMut for GrantW<'a, N> {
     fn deref_mut(&mut self) -> &mut [u8] {
-        self.buf
+        self.buf()
     }
 }
 
 impl<'a, const N: usize> Deref for GrantR<'a, N> {
     type Target = [u8];
 
     fn deref(&self) -> &Self::Target {
-        self.buf
+        self.buf()
     }
 }
 
 impl<'a, const N: usize> DerefMut for GrantR<'a, N> {
     fn deref_mut(&mut self) -> &mut [u8] {
-        self.buf
+        self.buf_mut()
     }
 }
 
diff --git a/core/src/framed.rs b/core/src/framed.rs
@@ -159,27 +159,27 @@ impl<'a, const N: usize> Deref for FrameGrantW<'a, N> {
     type Target = [u8];
 
     fn deref(&self) -> &Self::Target {
-        &self.grant_w.buf[self.hdr_len.into()..]
+        &self.grant_w[self.hdr_len.into()..]
     }
 }
 
 impl<'a, const N: usize> DerefMut for FrameGrantW<'a, N> {
     fn deref_mut(&mut self) -> &mut [u8] {
-        &mut self.grant_w.buf[self.hdr_len.into()..]
+        &mut self.grant_w[self.hdr_len.into()..]
     }
 }
 
 impl<'a, const N: usize> Deref for FrameGrantR<'a, N> {
     type Target = [u8];
 
     fn deref(&self) -> &Self::Target {
-        &self.grant_r.buf[self.hdr_len.into()..]
+        &self.grant_r[self.hdr_len.into()..]
     }
 }
 
 impl<'a, const N: usize> DerefMut for FrameGrantR<'a, N> {
     fn deref_mut(&mut self) -> &mut [u8] {
-        &mut self.grant_r.buf[self.hdr_len.into()..]
+        &mut self.grant_r[self.hdr_len.into()..]
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -159,27 +159,27 @@ impl<'a, const N: usize> Deref for FrameGrantW<'a, N> {`
`159`	`159`	`type Target = [u8];`
`160`	`160`
`161`	`161`	`fn deref(&self) -> &Self::Target {`
`162`		`- &self.grant_w.buf[self.hdr_len.into()..]`
	`162`	`+ &self.grant_w[self.hdr_len.into()..]`
`163`	`163`	`}`
`164`	`164`	`}`
`165`	`165`
`166`	`166`	`impl<'a, const N: usize> DerefMut for FrameGrantW<'a, N> {`
`167`	`167`	`fn deref_mut(&mut self) -> &mut [u8] {`
`168`		`- &mut self.grant_w.buf[self.hdr_len.into()..]`
	`168`	`+ &mut self.grant_w[self.hdr_len.into()..]`
`169`	`169`	`}`
`170`	`170`	`}`
`171`	`171`
`172`	`172`	`impl<'a, const N: usize> Deref for FrameGrantR<'a, N> {`
`173`	`173`	`type Target = [u8];`
`174`	`174`
`175`	`175`	`fn deref(&self) -> &Self::Target {`
`176`		`- &self.grant_r.buf[self.hdr_len.into()..]`
	`176`	`+ &self.grant_r[self.hdr_len.into()..]`
`177`	`177`	`}`
`178`	`178`	`}`
`179`	`179`
`180`	`180`	`impl<'a, const N: usize> DerefMut for FrameGrantR<'a, N> {`
`181`	`181`	`fn deref_mut(&mut self) -> &mut [u8] {`
`182`		`- &mut self.grant_r.buf[self.hdr_len.into()..]`
	`182`	`+ &mut self.grant_r[self.hdr_len.into()..]`
`183`	`183`	`}`
`184`	`184`	`}`
`185`	`185`