Refactor underlying data of map_windows::Buffer into RawBuffer

[Paladynee]

Refactor the liveness and access invariants of Buffer into RawBuffer. This lets us initialize a Buffer without dropping any uninitialized data if anything panics transiently.

Fixes #156501.

[rustbot]

r? @scottmcm

rustbot has assigned @scottmcm.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

• Owners of files modified in this PR: @scottmcm, libs
• @scottmcm, libs expanded to 8 candidates
• Random selection from Mark-Simulacrum, nia-e, scottmcm

[Paladynee]

r? @nia-e

[rustbot]

⚠️ Warning ⚠️

• There are issue links (such as #123) in the commit messages of the following commits.
  Please move them to the PR description, to avoid spamming the issues with references to the commit, and so this bot can automatically canonicalize them to avoid issues with subtree.
  • 4fad2ca

[bjorn3]

I think this would make optimizing away the copy just as hard for the optimizer as with #156517.

[Paladynee]

I think this would make optimizing away the copy just as hard for the optimizer as with #156517.

do you mean Self::new, the as_array_ref extraction, or some other copy that i'm not aware of?

is ManuallyDrop special cased in the compiler to have better copy elision?

[bjorn3]

With this PR there is first a copy during the clone. Then a copy into new_raw, a copy for Self::new and finally a copy into the return area. The copy during clone is unavoidable. The copy into new_raw can probably be folded into the clone copy and the copy into the return area can probably be folded into creating the output of Self::new. My gut feeling says that the copy for Self::new probably won't be optimized out though.

For the other PR there is first a copy during the clone. Then a copy into buffer and finally a copy to the return area. Again the copy to the return area will probably be optimized away. The copy into buffer might not be.

is ManuallyDrop special cased in the compiler to have better copy elision?

It isn't. The ManuallyDrop would just be to suppress the Drop impl that is causing the unsoundness.

To be clear I haven't checked if my suggestion actually helps.

[Paladynee]

My gut feeling says that the copy for Self::new probably won't be optimized out though.

I can replace the calls to new with struct literals, though it would need invariant clarification. is there a guideline for documenting struct literals with invariants (like // SAFETY comments)?

[bjorn3]

Self::new will probably be inlined, so manually inlining shouldn't matter.

[nia-e]

I'm not convinced that this level of overhaul is really necessary for this. The bug can probably be addressed much more simply by implementing bjorn3's suggestion from the other PR; this is a lot of churn in a very delicate part of the codebase. I'll take another look at an overhaul like this if a simple fix isn't possible, but I'd like to see the reasoning there first.