arc::tests::zero_sized::clone encounters UB, will fail in Rust 1.83 #2519
Description
I am filing this issue because this project's tests failed in a crater run for this PR: rust-lang/rust#130251 which should land in Rust 1.83.
The problem is that this crate can (under some conditions I do not understand but are encountered by arc::tests::zero_sized::clone) apply a negative offset to a null pointer via ptr::offset, which would cause the pointer to wrap around the address space. The standard library is getting a debug assertion for such wrapping offsets. I suspect that there are other problems with ArcBlock; it looks like its pointer-returning functions are based on creating a temporary reference which creates a whole host of aliasing problems.
In any case, Miri can also be used to detect this bug today:
╰ ➤ cargo +nightly miri test arc::tests::zero_sized::clone
Finished `test` profile [unoptimized + debuginfo] target(s) in 0.02s
Running unittests src/lib.rs (target/miri/x86_64-unknown-linux-gnu/debug/deps/pen_ffi-222e70836f70fa68)
running 1 test
test arc::tests::zero_sized::clone ... error: Undefined Behavior: out-of-bounds pointer arithmetic: expected a pointer to the end of 8 bytes of memory, but got a null pointer
--> src/arc/arc_block.rs:65:19
|
65 | (unsafe { (self.pointer as *const usize).offset(-1) }) as *const ArcInner
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ out-of-bounds pointer arithmetic: expected a pointer to the end of 8 bytes of memory, but got a null pointer
|