some fixes

Signed-off-by: Adam Gutglick <adam@spiraldb.com>

Author: AdamGS

vortex-buffer/src/bit/buf_mut.rs

@@ -650,6 +650,8 @@ impl FromIterator<bool> for BitBufferMut {
 
 #[cfg(test)]
 mod tests {
+    use rstest::rstest;
+
     use crate::BufferMut;
     use crate::bit::buf_mut::BitBufferMut;
     use crate::bitbuffer;
@@ -924,6 +926,20 @@ mod tests {
         assert!(frozen.value(7));
     }
 
+    #[test]
+    fn append_after_clear_reads_back_false() {
+        // `clear` must not leave stale set bits behind: `append_false` and `append_buffer`
+        // rely on bits beyond `len` being zero.
+        let mut bools = BitBufferMut::new_set(16);
+        bools.clear();
+        bools.append_false();
+        bools.append_buffer(&crate::BitBuffer::new_unset(8));
+
+        let bools = bools.freeze();
+        assert_eq!(bools.len(), 9);
+        assert_eq!(bools.true_count(), 0);
+    }
+
     #[test]
     fn test_append_buffer_after_truncate() {
         // Truncating leaves stale set bits in the last partial byte; an append after that
@@ -942,22 +958,27 @@ mod tests {
         }
     }
 
-    #[test]
-    fn test_append_buffer_misaligned_long() {
-        // Force mismatched source/destination bit offsets across many words.
+    #[rstest]
+    #[case::both_aligned(0, 0)]
+    #[case::dst_unaligned(3, 0)]
+    #[case::src_unaligned(0, 5)]
+    #[case::mismatched(3, 5)]
+    #[case::equal_nonzero(5, 5)]
+    fn test_append_buffer_long(#[case] dst_prefix: usize, #[case] src_start: usize) {
+        // Exercise every alignment combination across many words.
         let source = crate::BitBuffer::from_iter((0..301).map(|i| i % 3 == 0));
-        let source = source.slice(5..301);
+        let source = source.slice(src_start..301);
 
         let mut dest = BitBufferMut::with_capacity(512);
-        dest.append_n(true, 3);
+        dest.append_n(true, dst_prefix);
         dest.append_buffer(&source);
 
-        assert_eq!(dest.len(), 3 + source.len());
-        for i in 0..3 {
+        assert_eq!(dest.len(), dst_prefix + source.len());
+        for i in 0..dst_prefix {
             assert!(dest.value(i), "prefix bit {i}");
         }
         for i in 0..source.len() {
-            assert_eq!(dest.value(3 + i), source.value(i), "bit {i}");
+            assert_eq!(dest.value(dst_prefix + i), source.value(i), "bit {i}");
         }
     }
 

vortex-buffer/src/buffer.rs

@@ -32,17 +32,20 @@ pub struct Buffer<T> {
     pub(crate) _marker: PhantomData<T>,
 }
 
-/// Zero-length backing memory for empty buffers, aligned to [`Alignment::MAX`] so it satisfies
-/// any valid alignment without allocating.
-#[repr(align(32768))]
-struct EmptyBacking([u8; 0]);
-
-static EMPTY_BACKING: EmptyBacking = EmptyBacking([]);
+/// Zero-length backing for empty buffers, "aligned" to [`Alignment::MAX`] so it satisfies any
+/// valid alignment without allocating. A zero-length slice never reads memory, so it may use a
+/// dangling pointer as long as it is non-null and aligned.
+const EMPTY_BACKING: &[u8] = {
+    let addr = 1usize << 15;
+    assert!(Alignment::MAX.is_offset_aligned(addr));
+    // SAFETY: the pointer is non-null and aligned, and the slice is zero-length.
+    unsafe { std::slice::from_raw_parts(std::ptr::without_provenance(addr), 0) }
+};
 
 impl<T> Default for Buffer<T> {
     fn default() -> Self {
         Self {
-            bytes: Bytes::from_static(&EMPTY_BACKING.0),
+            bytes: Bytes::from_static(EMPTY_BACKING),
             length: 0,
             alignment: Alignment::of::<T>(),
             _marker: PhantomData,
@@ -113,7 +116,7 @@ impl<T> Buffer<T> {
 
     /// Create a new empty `ByteBuffer` with the provided alignment.
     ///
-    /// This does not allocate: empty buffers are backed by a shared static allocation that is
+    /// This does not allocate: empty buffers are backed by a zero-length `Bytes` that is
     /// aligned to [`Alignment::MAX`].
     pub fn empty_aligned(alignment: Alignment) -> Self {
         if !alignment.is_aligned_to(Alignment::of::<T>()) {
@@ -124,7 +127,7 @@ impl<T> Buffer<T> {
             );
         }
         Self {
-            bytes: Bytes::from_static(&EMPTY_BACKING.0),
+            bytes: Bytes::from_static(EMPTY_BACKING),
             length: 0,
             alignment,
             _marker: PhantomData,