diff --git a/src/proc/exec.rs b/src/proc/exec.rs
index 94d7afc8..f81dca62 100644
--- a/src/proc/exec.rs
+++ b/src/proc/exec.rs
@@ -1,5 +1,5 @@
 //! Binary execution functions
-use core::alloc::Layout;
+use core::{alloc::Layout, ptr::NonNull};
 
 use abi::{
     error::Error,
@@ -33,40 +33,43 @@ impl<'a> BufferPlacer<'a> {
         }
     }
 
-    unsafe fn alloc_layout(&mut self, layout: Layout) -> Result<(*mut u8, usize), Error> {
+    unsafe fn alloc_layout<T>(
+        &mut self,
+        layout: Layout,
+    ) -> Result<(NonNull<T>, NonNull<T>), Error> {
         // TODO checks
         let aligned = (self.offset + layout.align() - 1) & !(layout.align() - 1);
         self.offset = aligned + layout.size();
         Ok((
-            self.buffer.as_mut_ptr().add(aligned),
-            self.virtual_offset + aligned,
+            NonNull::new_unchecked(self.buffer.as_mut_ptr().add(aligned) as *mut T),
+            NonNull::new_unchecked((self.virtual_offset + aligned) as *mut T),
         ))
     }
 }
 
-impl<'a> Placer for BufferPlacer<'a> {
-    fn place_ref<T: Place>(&mut self, r: &T) -> Result<*const T::Output, Error> {
+unsafe impl<'a> Placer for BufferPlacer<'a> {
+    fn place_ref<T: Place>(&mut self, r: &T) -> Result<NonNull<T::Output>, Error> {
         let layout = Layout::new::<T::Output>();
         unsafe {
-            let (ptr, addr) = self.alloc_layout(layout)?;
-            let ptr = ptr as *mut T::Output;
-            ptr.write(r.place(self)?);
-            Ok(&*(addr as *const T::Output))
+            let (kernel, user) = self.alloc_layout::<T::Output>(layout)?;
+            kernel.as_ptr().write(r.place(self)?);
+            Ok(user)
         }
     }
 
-    fn place_slice<T: Place>(&mut self, r: &[T]) -> Result<*const [T::Output], Error> {
+    fn place_slice<T: Place>(&mut self, r: &[T]) -> Result<NonNull<[T::Output]>, Error> {
         let layout = Layout::array::<T>(r.len()).unwrap();
         unsafe {
-            let (ptr, addr) = self.alloc_layout(layout)?;
-            let ptr_slice = core::ptr::slice_from_raw_parts_mut(ptr as *mut T::Output, r.len());
+            let (kernel, user) = self.alloc_layout::<T::Output>(layout)?;
+            let kernel = NonNull::slice_from_raw_parts(kernel, r.len());
+            let user = NonNull::slice_from_raw_parts(user, r.len());
             for (i, elem) in r.iter().enumerate() {
-                ptr_slice.get_unchecked_mut(i).write(elem.place(self)?);
+                kernel
+                    .get_unchecked_mut(i)
+                    .as_ptr()
+                    .write(elem.place(self)?);
             }
-            Ok(core::slice::from_raw_parts(
-                addr as *const T::Output,
-                r.len(),
-            ))
+            Ok(user)
         }
     }
 }