1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
// Capacity-telemetry global registry — only compiled with the `telemetry`
// feature.
//
// Stores per call-site location:
// • creation_count — total number of instances **constructed** at this site
// (AtomicU64). Incremented exactly once per construction
// via `record_creation` or `record_initial`.
// • samples — bounded reservoir of capacity/len observations (Vitter
// Algorithm R, default 4096). Updated on every Drop,
// into_iter, or cap_inspect call via `record_sample`.
//
// # Semantic invariants
//
// creation_count = number of times the type was constructed at this site.
// total_observed = samples.total_observed() = total capacity observations
// (every Drop / into_iter / cap_inspect call increments this).
//
// For a **safe-only** binding (wrap_from + only safe usages like push / len /
// &v + Drop):
// creation_count == 1, total_observed == 1 (Drop sample only).
//
// For a **mixed** binding (1 wrap_from + N cap_inspect consumption points + Drop):
// creation_count == 1, total_observed >= N + 1.
//
// For a **t*_owned!** binding (returns a bare type — Drop is NOT tracked):
// creation_count == 1, total_observed == 1 (construction sample only).
//
// The registry is a lock-free `scc::HashMap` keyed by (file, line, column) so
// that each call-site in source code = one distinct entry.
use ;
use OnceLock;
use crateReservoir;
/// Per-location capacity statistics accumulated over the lifetime of the process.
///
/// # Semantic invariants
///
/// `creation_count` is incremented exactly once per construction event
/// (`wrap_from`, `with_capacity_named`, `t*!` / `t*_owned!` macros).
/// `cap_inspect_at` (Phase L injection at consumption points) does **not**
/// touch `creation_count`.
///
/// `samples.total_observed()` counts every call to `record_sample` — one
/// per `Drop` / `into_iter` / `cap_inspect_at`.
///
/// Typical patterns:
///
/// | Binding kind | `creation_count` | `total_observed` |
/// |---------------------------|------------------|-----------------------|
/// | safe-only (wrap_from + Drop) | 1 | 1 (Drop sample) |
/// | mixed (wrap_from + N inspects + Drop) | 1 | N + 1 |
/// | t*_owned! (no Drop tracking) | 1 | 1 (initial sample) |
///
/// `creation_count` can exceed `samples.total_observed()` when instances
/// are in-flight (created but not yet dropped), leaked via
/// `std::mem::forget`, or when Drop panics before `record_sample` is
/// reached. The difference is an indicator of outstanding live instances.
///
/// `samples.snapshot()` returns at most `CAPTRACK_SAMPLE_CAP` (default 4096)
/// values — a statistically representative reservoir of all observed capacities.
/// Location key: (file, line, column) — uniquely identifies a call-site.
pub type Loc = ;
// The registry uses std RandomState for its own internal map — this is an
// implementation detail, not exposed to callers, and is not performance
// critical (registry operations are only on creation/drop paths).
type Registry = HashMap;
static REGISTRY: = new;
/// Return a reference to the process-global registry, initialising it on
/// first call.
/// Record one new creation for the call-site identified by (file, line, column).
/// Called from every `with_capacity_named` / `new_named` constructor.
/// Thread-safe: the scc map is lock-free; the counter update is `Relaxed`.
/// Record both creation AND an initial capacity sample for a call-site in
/// one call. Used by `t*_owned!` macros that return bare types — there is
/// no `Tracked*` wrapper to capture the Drop-time capacity, so the only
/// sample is the cap requested at construction.
///
/// Equivalent to calling `record_creation` followed by `record_sample`.
/// Record a capacity sample for the call-site.
///
/// Called from every `Drop` impl, `IntoIterator::into_iter` impl, and
/// `CapInspect::cap_inspect_at` impl (Phase L injection).
///
/// If the call-site key is not in the registry (e.g. `cap_inspect_at` is
/// called for a construction site that was never registered via
/// `record_creation` / `record_initial`), the sample is silently discarded
/// in release mode. In debug mode a `debug_assert` fires to surface the
/// orphan call.
///
/// Does **not** touch `creation_count`.