enable optimizer in tests and procmacros #67
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -281,18 +281,61 @@ macro_rules! custom_panic_default { | |
|
|
||
| /// The bump allocator used as the default rust heap when running programs. | ||
| pub struct BumpAllocator { | ||
| #[deprecated( | ||
| since = "2.2.2", | ||
| note = "This field should not be accessed directly. It will become private in future versions" | ||
| )] | ||
| pub start: usize, | ||
| #[deprecated( | ||
| since = "2.2.2", | ||
| note = "This field should not be accessed directly. It will become private in future versions" | ||
| )] | ||
| pub len: usize, | ||
| } | ||
|
|
||
| impl BumpAllocator { | ||
| /// Creates the allocator tied to a provided slice. | ||
| /// This will not initialize the provided memory, except for the first | ||
| /// bytes where the pointer is stored. | ||
| /// | ||
| /// # Safety | ||
| /// As long as BumpAllocator or any of its allocations are alive, | ||
| /// writing into or deallocating the arena will cause UB. | ||
| /// | ||
| /// Integer arithmetic in this global allocator implementation is safe when | ||
| /// operating on the prescribed `HEAP_START_ADDRESS` and `HEAP_LENGTH`. Any | ||
| /// other use may overflow and is thus unsupported and at one's own risk. | ||
| #[inline] | ||
| #[allow(clippy::arithmetic_side_effects)] | ||
| pub unsafe fn new(arena: &mut [u8]) -> Self { | ||
| debug_assert!( | ||
| arena.len() > size_of::<usize>(), | ||
| "Arena should be larger than usize" | ||
| ); | ||
|
|
||
| // create a pointer to the start of the arena | ||
| // that will hold an address of the byte following free space | ||
| let pos_ptr = arena.as_mut_ptr() as *mut usize; | ||
| // initialize the data there | ||
| *pos_ptr = pos_ptr as usize + arena.len(); | ||
|
Comment on lines
+310
to
+320
Contributor
There was a problem hiding this comment. I think there is a potential alignment issue here. You can use
Contributor
Author
There was a problem hiding this comment. Write unaligned could work, yes, but I think to properly address this, the entire BumpAllocator should be rewritten to use some form of interior mutability in the struct itself rather than storing the position pointer inline with the allocated data. It would make code a lot cleaner too. I will make a PR for that. |
||
|
|
||
| #[allow(deprecated)] //we get to use deprecated pub fields | ||
| Self { | ||
| start: pos_ptr as usize, | ||
| len: arena.len(), | ||
| } | ||
| } | ||
| } | ||
|
|
||
| /// Integer arithmetic in this global allocator implementation is safe when | ||
| /// operating on the prescribed `HEAP_START_ADDRESS` and `HEAP_LENGTH`. Any | ||
| /// other use may overflow and is thus unsupported and at one's own risk. | ||
| #[allow(clippy::arithmetic_side_effects)] | ||
| unsafe impl std::alloc::GlobalAlloc for BumpAllocator { | ||
| #[inline] | ||
| #[allow(deprecated)] //we get to use deprecated pub fields | ||
| unsafe fn alloc(&self, layout: Layout) -> *mut u8 { | ||
| let pos_ptr = self.start as *mut usize; | ||
| let mut pos = *pos_ptr; | ||
| if pos == 0 { | ||
| // First time, set starting position | ||
|
|
@@ -513,31 +556,22 @@ mod test { | |
| fn test_bump_allocator() { | ||
| // alloc the entire | ||
| { | ||
| let mut heap = [0u8; 128]; | ||
| let allocator = unsafe { BumpAllocator::new(&mut heap) }; | ||
| for i in 0..128 - size_of::<*mut u8>() { | ||
| let ptr = unsafe { | ||
| allocator.alloc(Layout::from_size_align(1, size_of::<u8>()).unwrap()) | ||
| }; | ||
| assert_eq!(ptr as usize, heap.as_ptr() as usize + heap.len() - 1 - i); | ||
| } | ||
| assert_eq!(null_mut(), unsafe { | ||
| allocator.alloc(Layout::from_size_align(1, 1).unwrap()) | ||
| }); | ||
| } | ||
| // check alignment | ||
| { | ||
| let mut heap = [0u8; 128]; | ||
| let allocator = unsafe { BumpAllocator::new(&mut heap) }; | ||
| let ptr = | ||
| unsafe { allocator.alloc(Layout::from_size_align(1, size_of::<u8>()).unwrap()) }; | ||
| assert_eq!(0, ptr.align_offset(size_of::<u8>())); | ||
|
|
@@ -558,13 +592,14 @@ mod test { | |
| } | ||
| // alloc entire block (minus the pos ptr) | ||
| { | ||
| let mut heap = [0u8; 128]; | ||
| let allocator = unsafe { BumpAllocator::new(&mut heap) }; | ||
| let ptr = unsafe { | ||
| allocator.alloc( | ||
| Layout::from_size_align(heap.len() - size_of::<usize>(), size_of::<u8>()) | ||
| .unwrap(), | ||
| ) | ||
| }; | ||
| assert_ne!(ptr, null_mut()); | ||
| assert_eq!(0, ptr.align_offset(size_of::<u64>())); | ||
| } | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change looks good, but for my own understanding, how does this avoid undefined behavior exactly?
Is the idea that the
newcall forces the optimizer to keepheaparound in the tests because some part of it is written to? Would there still be UB if this code here were removed?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fn new() correctly initializes the arena content where the allocated amount is, which was not done before, as the code assumed all arenas come zeroed. If you were to instantiate the BumpAllocator over a non-zeroed slice, it would cause UB the moment you call alloc().
The reason bug UB was triggered before this change was due to
heapvariable not marked as mut, so compiler assumed that it does not need to reinitialize it (since noone would write into it).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah very interesting, thanks for the explanation!