std::slice::from_raw_parts panics (gnu, nightly) if ptr=0, size=0

[riverar]

Code

fn main() {
    unsafe {
        std::slice::from_raw_parts(std::ptr::null() as *const u16, 0);
    }
}

Expected: No panic, aligning with behavior on *-pc-windows-msvc
Actual:

thread 'main' panicked at library\core\src\panicking.rs:155:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`

Version it worked on

It most recently worked on:

rustc 1.76.0 (07dca489a 2024-02-04)
binary: rustc
commit-hash: 07dca489ac2d933c78d3c5158e3f43beefeb02ce
commit-date: 2024-02-04
host: x86_64-pc-windows-gnu
release: 1.76.0
LLVM version: 17.0.6

Version with regression

rustc --version --verbose:

rustc 1.78.0-nightly (d44e3b95c 2024-02-09)
binary: rustc
commit-hash: d44e3b95cb9d410d89cb8ab3233906a33f43756a
commit-date: 2024-02-09
host: x86_64-pc-windows-gnu
release: 1.78.0-nightly
LLVM version: 17.0.6

Backtrace

Backtrace

   0:     0x7ff76c71706a - std::backtrace_rs::backtrace::dbghelp::trace::h90185df43158e6af
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src\..\..\backtrace\src\backtrace/dbghelp.rs:131:5
   1:     0x7ff76c71706a - std::backtrace_rs::backtrace::trace_unsynchronized::h78fb9b90738ff620
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src\..\..\backtrace\src\backtrace/mod.rs:66:5
   2:     0x7ff76c71706a - std::sys_common::backtrace::_print_fmt::haeff333efe03cf6f
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src\sys_common/backtrace.rs:68:5
   3:     0x7ff76c71706a - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h31830f1679b72f15
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src\sys_common/backtrace.rs:44:22
   4:     0x7ff76c765ded - core::fmt::rt::Argument::fmt::h2cdf5a40ed57f68d
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\core\src\fmt/rt.rs:142:9
   5:     0x7ff76c765ded - core::fmt::write::ha2952b5384db7571
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\core\src\fmt/mod.rs:1120:17
   6:     0x7ff76c70d51d - std::io::Write::write_fmt::h10dcf34efcc8e584
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src\io/mod.rs:1854:15
   7:     0x7ff76c716e93 - std::sys_common::backtrace::_print::h573e868e62e9f084
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src\sys_common/backtrace.rs:47:5
   8:     0x7ff76c716e93 - std::sys_common::backtrace::print::hf37468515e56cfc1
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src\sys_common/backtrace.rs:34:9
   9:     0x7ff76c719be9 - std::panicking::default_hook::{{closure}}::h90ac92f5c9580414
  10:     0x7ff76c7198e8 - std::panicking::default_hook::h942862a3c4d784a8
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/panicking.rs:292:9
  11:     0x7ff76c71a2c8 - std::panicking::rust_panic_with_hook::h1f219087312eebe1
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/panicking.rs:781:13
  12:     0x7ff76c71a161 - std::panicking::begin_panic_handler::{{closure}}::h46c2ccc4aac9d806
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/panicking.rs:651:13
  13:     0x7ff76c717809 - std::sys_common::backtrace::__rust_end_short_backtrace::hac488667e589251a
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src\sys_common/backtrace.rs:171:18
  14:     0x7ff76c719ee6 - rust_begin_unwind
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/panicking.rs:647:5
  15:     0x7ff76c76245b - core::panicking::panic_nounwind_fmt::runtime::hf596e13fdca8d43b
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\core\src/panicking.rs:110:18
  16:     0x7ff76c76245b - core::panicking::panic_nounwind_fmt::h82af71f00faaaa46
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\core\src/panicking.rs:122:9
  17:     0x7ff76c762508 - core::panicking::panic_nounwind::h176d8c45feb48661
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\core\src/panicking.rs:155:5
  18:     0x7ff76c774976 - core::slice::raw::from_raw_parts::precondition_check::hd4fbc4397f1af71a
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\core\src/intrinsics.rs:2634:21
  19:     0x7ff76c6e1602 - core::slice::raw::from_raw_parts::h884a942bdedcee58
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a\library\core\src\slice/raw.rs:98:9
  20:     0x7ff76c6e1547 - app::main::h4fc0936a7cec3f0d
                               at x:\src\repro\src\main.rs:3:9
  21:     0x7ff76c6e16eb - core::ops::function::FnOnce::call_once::h390a31c9bafad3ab
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a\library\core\src\ops/function.rs:250:5
  22:     0x7ff76c6e161e - std::sys_common::backtrace::__rust_begin_short_backtrace::hcbccafc2d3942630
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a\library\std\src\sys_common/backtrace.rs:155:18
  23:     0x7ff76c6e16a1 - std::rt::lang_start::{{closure}}::hc4217c32adcf251b
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a\library\std\src/rt.rs:166:18
  24:     0x7ff76c7001f4 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::hac84dc346d988782
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\core\src\ops/function.rs:284:13
  25:     0x7ff76c7001f4 - std::panicking::try::do_call::h0caddaf84b74c58f
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/panicking.rs:554:40
  26:     0x7ff76c7001f4 - std::panicking::try::h5d01aa757d23dd7b
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/panicking.rs:518:19
  27:     0x7ff76c7001f4 - std::panic::catch_unwind::h5e6aae4da26d052c
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/panic.rs:142:14
  28:     0x7ff76c7001f4 - std::rt::lang_start_internal::{{closure}}::he1b39b482f90f618
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/rt.rs:148:48
  29:     0x7ff76c7001f4 - std::panicking::try::do_call::h3074f96bdbe0788f
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/panicking.rs:554:40
  30:     0x7ff76c7001f4 - std::panicking::try::h32343ecedbec077c
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/panicking.rs:518:19
  31:     0x7ff76c7001f4 - std::panic::catch_unwind::h123b39353f4b2c59
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/panic.rs:142:14
  32:     0x7ff76c7001f4 - std::rt::lang_start_internal::hb45467820f50ee7b
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a/library\std\src/rt.rs:148:20
  33:     0x7ff76c6e167a - std::rt::lang_start::h3fed546d480b011a
                               at /rustc/d44e3b95cb9d410d89cb8ab3233906a33f43756a\library\std\src/rt.rs:165:17
  34:     0x7ff76c6e157f - main
  35:     0x7ff76c6e1395 - __tmainCRTStartup
  36:     0x7ff76c6e14e6 - mainCRTStartup
  37:     0x7ff8be8e8d17 - <unknown>
  38:     0x7ff8bf5a7450 - <unknown>

cc: @mati865 @ChrisDenton

[saethlin]

Why are you mentioning the MSVC targets? Does this code not panic on those?

[riverar]

@saethlin Yup, doesn't panic on stable or nightly MSVC.

Am tracking down recent build failures we're seeing in the windows crate https://github.com/microsoft/windows-rs/actions/runs/7851648662/job/21429019066

[saethlin]

It looks to me like your -msvc jobs were cancelled before they got to the test that tries to execute UB.

Beyond that, the precondition that's being checked here is explicitly documented: https://doc.rust-lang.org/stable/std/slice/fn.from_raw_parts.html

data must be non-null and aligned even for zero-length slices. One reason for this is that enum layout optimizations may rely on references (including slices of any length) being aligned and non-null to distinguish them from other data. You can obtain a pointer that is usable as data for zero-length slices using NonNull::dangling().

[riverar]

Right, I was just providing some context as to what I'm doing. I've run the test above locally using stable msvc/gnu with no panics. If this is new expected behavior, happy to close this and we'll guard against the size=0,ptr=0 scenario.

[saethlin]

Yeah; that is the expected behavior. I was just making sure there wasn't anything odd happening with MSVC targets; we have a different check disabled for i686-pc-windows-msvc because MSVC and LLVM disagree about the alignment of u64 on that target. I wasn't sure if I was learning about another MSVC discrepancy.

You don't see these panics on stable because they were merged yesterday: #120594

I'm always worried when we add checks like this that people will be confused and quiet. Thank you for testing with nightly and getting in touch when you have a question!