Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify guarantees for Box allocation #58183

Merged
merged 1 commit into from
Feb 24, 2019

Conversation

jethrogb
Copy link
Contributor

@jethrogb jethrogb commented Feb 5, 2019

This basically says Box does the obvious things for its allocations.

See also: https://users.rust-lang.org/t/alloc-crate-guarantees/24981

This may require a T-libs FCP? Not sure.

r? @sfackler

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Feb 5, 2019
@sfackler sfackler added the T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. label Feb 5, 2019
@sfackler
Copy link
Member

sfackler commented Feb 5, 2019

@rfcbot fcp merge

We'll probably want to be a bit more specific about what the specified behavior is, but I do think that we want to guarantee this, in similar ways to how we already guarantee that we'll never e.g. do small string optimizations in String.

@rfcbot
Copy link

rfcbot commented Feb 5, 2019

Team member @sfackler has proposed to merge this. The next step is review by the rest of the tagged team members:

Concerns:

Once a majority of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for info about what commands tagged team members can give me.

@rfcbot rfcbot added proposed-final-comment-period Proposed to merge/close by relevant subteam, see T-<team> label. Will enter FCP once signed off. disposition-merge This issue / PR is in PFCP or FCP with a disposition to merge it. labels Feb 5, 2019
@SimonSapin
Copy link
Contributor

@rfcbot concern global

The principle sounds good, but the diff is incorrect. Box uses the global allocator, which (now) happens to default to System but can be overridden by #[global_allocator].

@SimonSapin
Copy link
Contributor

Maybe this should mention Layout::new<T>() specifically?

@withoutboats
Copy link
Contributor

I think the language around conversion with pointers needs to be worded more precisely also.

@jethrogb jethrogb force-pushed the jb/alloc-box-guarantees branch from cc88f02 to eacadd8 Compare February 5, 2019 17:29
@jethrogb
Copy link
Contributor Author

jethrogb commented Feb 5, 2019

In the changes I just pushed I have elaborated on the conversion.

@SimonSapin

the diff is incorrect. Box uses the global allocator

thanks for catching that.

@SimonSapin

Maybe this should mention Layout::new<T>() specifically?

I used Layout::for_value because it should hold for DSTs as well.

@Centril Centril requested review from eddyb and oli-obk February 11, 2019 18:11
@jethrogb
Copy link
Contributor Author

@SimonSapin is your concern resolved?

@@ -4,6 +4,16 @@
//! heap allocation in Rust. Boxes provide ownership for this allocation, and
//! drop their contents when they go out of scope.
//!
//! A [`Box`] will use the [`Global`] allocator for its allocation. It is valid
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this all true for zero-sized types?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yeah, we need to add an exception for ZSTs since those can't interact with global allocators.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added qualifier.

Copy link
Contributor Author

@jethrogb jethrogb Feb 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tangentially related, is there a reason std::alloc::Layout::from_size_align(0, 1) returns Ok?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Creating a (possibly) zero-size layout is valid. It could be used as an intermediate value passed to Layout::extend, for example.

@jethrogb jethrogb force-pushed the jb/alloc-box-guarantees branch from eacadd8 to 861405c Compare February 13, 2019 04:55
@SimonSapin
Copy link
Contributor

Yes, thanks.

@rfcbot resolve global.

One more tweak: what matters is whether the value is zero-size or whether the allocation would be zero-size, rather than the type. This makes a difference for dynamically-sized types: [u8] is not zero-size (it’s not Sized) but its values can be and Vec::<u8>::new().into_boxed_slice() produces a Box<[u8]> that doesn’t allocate.

@SimonSapin
Copy link
Contributor

@rfcbot resolve global

@rfcbot rfcbot added the final-comment-period In the final comment period and will be merged soon unless new substantive objections are raised. label Feb 13, 2019
@rfcbot
Copy link

rfcbot commented Feb 13, 2019

🔔 This is now entering its final comment period, as per the review above. 🔔

@rfcbot rfcbot removed the proposed-final-comment-period Proposed to merge/close by relevant subteam, see T-<team> label. Will enter FCP once signed off. label Feb 13, 2019
@jethrogb jethrogb force-pushed the jb/alloc-box-guarantees branch from 861405c to e41e694 Compare February 13, 2019 07:22
@jethrogb
Copy link
Contributor Author

Changed “non-zero-sized types” to “non-zero-sized values”.

@jethrogb
Copy link
Contributor Author

jethrogb commented Feb 13, 2019

Actually, should we add some guarantees around zero-sized values as well? Such as

  1. it's ok to leak a pointer from Box::into_raw if it's a zero-sized value
  2. it's ok to convert any non-null well-aligned pointer (or something stronger like NonNull<T>::dangling()) to a Box<T> if the value is zero-sized

@SimonSapin
Copy link
Contributor

Maybe this should all go into the docs for Box::into_raw and Box::from_raw, rather than in docs for the Box type?

@rfcbot rfcbot added the finished-final-comment-period The final comment period is finished for this PR / Issue. label Feb 23, 2019
@rfcbot
Copy link

rfcbot commented Feb 23, 2019

The final comment period, with a disposition to merge, as per the review above, is now complete.

As the automated representative of the governance process,I would like to thank @sfacklerfor their work and everyone else who contributed.

The RFC will be merged soon.

@rfcbot rfcbot removed the final-comment-period In the final comment period and will be merged soon unless new substantive objections are raised. label Feb 23, 2019
@SimonSapin
Copy link
Contributor

Maybe this should all go into the docs for Box::into_raw and Box::from_raw, rather than in docs for the Box type?

We can still do this but the current diff looks good already.

@bors r+

@bors
Copy link
Contributor

bors commented Feb 23, 2019

📌 Commit e41e694 has been approved by SimonSapin

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Feb 23, 2019
@Centril
Copy link
Contributor

Centril commented Feb 24, 2019

@RalfJung Oliver suggested we add a miri test for what's written here to ensure it's fine for CTFE; I have no idea how to do that, but maybe you do?

Centril added a commit to Centril/rust that referenced this pull request Feb 24, 2019
…=SimonSapin

Clarify guarantees for `Box` allocation

This basically says `Box` does the obvious things for its allocations.

See also: https://users.rust-lang.org/t/alloc-crate-guarantees/24981

This may require a T-libs FCP? Not sure.

r? @sfackler
Centril added a commit to Centril/rust that referenced this pull request Feb 24, 2019
…=SimonSapin

Clarify guarantees for `Box` allocation

This basically says `Box` does the obvious things for its allocations.

See also: https://users.rust-lang.org/t/alloc-crate-guarantees/24981

This may require a T-libs FCP? Not sure.

r? @sfackler
bors added a commit that referenced this pull request Feb 24, 2019
Rollup of 6 pull requests

Successful merges:

 - #57364 (Improve parsing diagnostic for negative supertrait bounds)
 - #58183 (Clarify guarantees for `Box` allocation)
 - #58442 (Simplify the unix `Weak` functionality)
 - #58454 (Refactor Windows stdio and remove stdin double buffering )
 - #58511 (Const to op simplification)
 - #58642 (rustdoc: support methods on primitives in intra-doc links)

Failed merges:

r? @ghost
@bors bors merged commit e41e694 into rust-lang:master Feb 24, 2019
@RalfJung
Copy link
Member

@oli-obk do you mean like this?

@oli-obk
Copy link
Contributor

oli-obk commented Feb 25, 2019

yes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
disposition-merge This issue / PR is in PFCP or FCP with a disposition to merge it. finished-final-comment-period The final comment period is finished for this PR / Issue. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs-api Relevant to the library API team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.