alloc-checked 0.1.3

Collections that don't panic on alloc failures
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199

use crate::claim::Claim;
use alloc::sync::Arc;
use core::ptr::NonNull;
use core::sync::atomic::{AtomicUsize, Ordering};
use std::alloc::{AllocError, Allocator, Global, GlobalAlloc, Layout, System};

thread_local! {
    static GLOBAL_ALLOC_ALLOWED: std::cell::RefCell<bool> = const { std::cell::RefCell::new(true) };
}

struct NoPubCtor;

/// A guard that temporarily error if a test performs global allocation in the current thread.
pub struct NoGlobalAllocGuard(NoPubCtor);

impl NoGlobalAllocGuard {
    pub fn new() -> Self {
        GLOBAL_ALLOC_ALLOWED.with(|alloc_allowed| {
            let mut alloc_allowed = alloc_allowed.borrow_mut();
            if !*alloc_allowed {
                panic!("NoGlobalAllocGuard is not re-entrant.");
            }
            *alloc_allowed = false; // Disable global allocation
        });

        Self(NoPubCtor)
    }
}

impl Drop for NoGlobalAllocGuard {
    fn drop(&mut self) {
        GLOBAL_ALLOC_ALLOWED.with(|alloc_allowed| {
            let mut alloc_allowed = alloc_allowed.borrow_mut();
            *alloc_allowed = true;
        });
    }
}

pub struct AllowGlobalAllocGuard {
    was_allowed: bool,
}

impl AllowGlobalAllocGuard {
    pub fn new() -> Self {
        let was_allowed = GLOBAL_ALLOC_ALLOWED.with(|alloc_allowed| {
            let was_allowed = *alloc_allowed.borrow();
            if !was_allowed {
                let mut alloc_allowed = alloc_allowed.borrow_mut();
                *alloc_allowed = true;
            }
            was_allowed
        });

        Self { was_allowed }
    }
}

impl Drop for AllowGlobalAllocGuard {
    fn drop(&mut self) {
        GLOBAL_ALLOC_ALLOWED.with(|alloc_allowed| {
            let mut alloc_allowed = alloc_allowed.borrow_mut();
            *alloc_allowed = self.was_allowed;
        });
    }
}

/// Enables the `NoGlobalAllocGuard` by acting as a global allocator.
pub struct GlobalAllocTestGuardAllocator;

impl GlobalAllocTestGuardAllocator {
    fn is_allowed(&self) -> bool {
        GLOBAL_ALLOC_ALLOWED.with(|alloc_allowed| {
            *alloc_allowed.borrow() // Check if allocation is allowed for the current thread
        })
    }

    fn guard(&self) {
        if !self.is_allowed() {
            panic!("Caught unexpected global allocation with the NoGlobalAllocGuard. Run tests under debugger.");
        }
    }
}

unsafe impl GlobalAlloc for GlobalAllocTestGuardAllocator {
    unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
        self.guard();
        System.alloc(layout)
    }

    unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout) {
        self.guard();
        System.dealloc(ptr, layout)
    }

    unsafe fn alloc_zeroed(&self, layout: Layout) -> *mut u8 {
        self.guard();
        System.alloc_zeroed(layout)
    }

    unsafe fn realloc(&self, ptr: *mut u8, layout: Layout, new_size: usize) -> *mut u8 {
        self.guard();
        System.realloc(ptr, layout, new_size)
    }
}

#[derive(Clone)]
pub struct WatermarkAllocator {
    watermark: usize,
    in_use: Option<Arc<AtomicUsize>>,
}

impl Drop for WatermarkAllocator {
    fn drop(&mut self) {
        let in_use = self.in_use.take().unwrap();
        let _g = AllowGlobalAllocGuard::new();
        drop(in_use);
    }
}

impl WatermarkAllocator {
    pub fn new(watermark: usize) -> Self {
        let in_use = Some({
            let _g = AllowGlobalAllocGuard::new();
            AtomicUsize::new(0).into()
        });
        Self { watermark, in_use }
    }

    pub fn in_use(&self) -> usize {
        self.in_use.as_ref().unwrap().load(Ordering::SeqCst)
    }
}

impl Claim for WatermarkAllocator {}

unsafe impl Allocator for WatermarkAllocator {
    fn allocate(&self, layout: Layout) -> Result<NonNull<[u8]>, AllocError> {
        let current_in_use = self.in_use.as_ref().unwrap().load(Ordering::SeqCst);
        let new_in_use = current_in_use + layout.size();
        if new_in_use > self.watermark {
            return Err(AllocError);
        }
        let allocated = {
            let _g = AllowGlobalAllocGuard::new();
            Global.allocate(layout)?
        };
        let true_new_in_use = self
            .in_use
            .as_ref()
            .unwrap()
            .fetch_add(allocated.len(), Ordering::SeqCst);
        unsafe {
            if true_new_in_use > self.watermark {
                let ptr = allocated.as_ptr() as *mut u8;
                let to_dealloc = NonNull::new_unchecked(ptr);
                {
                    let _g = AllowGlobalAllocGuard::new();
                    Global.deallocate(to_dealloc, layout);
                }
                Err(AllocError)
            } else {
                Ok(allocated)
            }
        }
    }

    unsafe fn deallocate(&self, ptr: NonNull<u8>, layout: Layout) {
        let _g = AllowGlobalAllocGuard::new();
        Global.deallocate(ptr, layout);
        self.in_use
            .as_ref()
            .unwrap()
            .fetch_sub(layout.size(), Ordering::SeqCst);
    }
}

/// A second watermark allocator. This is just to test cases where we need generic types
/// to interoperate, even when their allocator differs. E.g. `lhs: Vec<T, A1> == rhs: Vec<T, A2>`.
#[derive(Clone)]
pub struct WatermarkAllocator2(WatermarkAllocator);

impl WatermarkAllocator2 {
    pub fn new(watermark: usize) -> Self {
        let inner = WatermarkAllocator::new(watermark);
        Self(inner)
    }
}

impl Claim for WatermarkAllocator2 {}

unsafe impl Allocator for WatermarkAllocator2 {
    fn allocate(&self, layout: Layout) -> Result<NonNull<[u8]>, AllocError> {
        self.0.allocate(layout)
    }

    unsafe fn deallocate(&self, ptr: NonNull<u8>, layout: Layout) {
        self.0.deallocate(ptr, layout)
    }
}