polymock 0.2.2

A thread-safe arena bytes allocator
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691

use core::alloc::Layout;
use core::mem;
use core::ops::Deref;
use core::ptr::{self, NonNull};
use core::sync::atomic::AtomicPtr;

use alloc::boxed::Box;

use crate::bytes_mut::BytesMut;
use crate::loom::sync::atomic::{AtomicExt, AtomicUsize, Ordering};

pub const PAGE: usize = u16::MAX as usize;

/// A bump allocation arena.
///
/// # Examples
///
/// ```
/// # use polymock::Arena;
/// #
/// let mut arena = Arena::new(1000);
///
///
/// let mut buffers = Vec::new();
/// for _ in 0..10 {
///     // All 10 buffers will be allocated in the same chunk.
///     let mut buf = arena.alloc(100);
///
///     buffers.push(buf);
/// }
///
/// // The buffers may outlive the arena they were allocated with.
/// drop(arena);
///
/// buffers[0][0] = 1;
/// ```
///
#[derive(Debug)]
pub struct Arena {
    chunk_size: usize,
    head: AtomicPtr<ChunkInner>,
}

impl Arena {
    /// Creates a new `Arena` using the given `chunk_size` for every allocated chunk.
    ///
    /// # Panics
    ///
    /// Panics if `chunk_size` is bigger than `isize::MAX`.
    pub fn new(chunk_size: usize) -> Self {
        // We cannot allocated more than isize::MAX so allowing this would only
        // result in the first chunk allocation to fail.
        if chunk_size > usize::MAX >> 1 {
            panic!("cannot create arena with bigger than isize::MAX chunk_size");
        }

        Self {
            chunk_size,
            head: AtomicPtr::new(ptr::null_mut()),
        }
    }

    /// Allocates a new [`BytesMut`] from the `Arena`.
    ///
    /// Note that the returned [`BytesMut`] may contain previously used buffers. If you need to
    /// create a zeroed [`BytesMut`], consider using [`zeroed`].
    ///
    /// [`zeroed`]: Self::zeroed
    #[inline]
    pub fn alloc(&self, size: usize) -> BytesMut {
        let (chunk, ptr) = self.alloc_raw(size);

        unsafe { BytesMut::from_raw_parts(chunk, ptr, size) }
    }

    /// Allocates a new, zeroed [`BytesMut`] from the `Arena`.
    ///
    /// Note that `zeroed` zeroes the returned [`BytesMut`]. If that's not necessary you may want
    /// to use [`alloc`], which does not zero the returned [`BytesMut`].
    ///
    /// [`alloc`]: Self::alloc
    #[inline]
    pub fn zeroed(&self, size: usize) -> BytesMut {
        let mut buf = self.alloc(size);

        unsafe {
            ptr::write_bytes(buf.as_mut_ptr(), 0, size);
        }

        buf
    }

    fn alloc_raw(&self, size: usize) -> (ChunkRef, NonNull<u8>) {
        if size > self.chunk_size {
            panic_too_large();
        }

        let mut next = self.head.load(Ordering::SeqCst);
        loop {
            if next.is_null() {
                break;
            }

            let chunk = unsafe { &*next };

            // If the arena has the only reference to the chunk, it may be reused
            // for future operations.
            if chunk.ref_count.load(Ordering::SeqCst) == 1 {
                // SAFETY: The arena has the only reference to the chunk. There are
                // not references to the memory buffer of the chunk.
                unsafe {
                    chunk.reset();
                }
            }

            if let Some(ptr) = chunk.alloc(size) {
                // Construct a `ChunkRef` manually from its base pointer.
                let chunk = unsafe { ChunkRef::from_ptr(next) };
                chunk.increment_reference_count();

                return (chunk, ptr);
            }

            // Next chunk.
            next = chunk.next.load(Ordering::SeqCst);
        }

        // Allocate and append a new chunk.
        // SAFETY: `chunk_size` is guaranteed to never overflow isize (enforced by constructor).
        let mut chunk = ChunkRef::new(self.chunk_size);
        let ch = chunk.clone();

        // SAFETY: We still have exclusive access to the chunk and previously
        // asserted that size <= chunk_size.
        let ptr = unsafe { chunk.as_mut().alloc_mut_unchecked(size) };

        // Find the tail chunk, i.e. the last chunk in the linked list.
        let mut tail = &self.head;
        loop {
            let chunk_ptr = chunk.inner.as_ptr();

            let tail_ptr = tail.load(Ordering::SeqCst);
            if !tail_ptr.is_null() {
                // Tail is not null.
                tail = unsafe { &(*tail_ptr).next };
                continue;
            }

            // tail_ptr is the tail.
            // FIXME: Can this effectively be replaced with an compare_exchange_weak?
            let Err(tail_ptr) = tail
                .compare_exchange(
                    ptr::null_mut(),
                    chunk_ptr,
                    Ordering::SeqCst,
                    Ordering::SeqCst,
                )
            else {
                break;
            };

            // Tail is not null.
            tail = unsafe { &(*tail_ptr).next };
        }

        // We store the pointer to the chunk manually.
        // Do not decrement the reference count.
        core::mem::forget(chunk);

        (ch, ptr)
    }
}

#[inline(never)]
#[cold]
fn panic_too_large() -> ! {
    panic!("cannot allocate larger than chunk size");
}

impl Default for Arena {
    #[inline]
    fn default() -> Self {
        Self::new(PAGE)
    }
}

impl Drop for Arena {
    fn drop(&mut self) {
        let mut next = *self.head.get_mut();

        loop {
            if next.is_null() {
                break;
            }

            let chunk = unsafe { ChunkRef::from_ptr(next) };

            // FIXME: An atomic access is not necessary here as
            // we have exclusive ownership of chunk.
            next = chunk.next.load(Ordering::Relaxed);

            drop(chunk);
        }
    }
}

/// A reference to a [`ChunkInner`], similar to an [`Arc`].
///
/// [`Arc`]: alloc::sync::Arc
#[derive(Debug, PartialEq, Eq)]
#[repr(transparent)]
pub(crate) struct ChunkRef {
    inner: NonNull<ChunkInner>,
}

impl ChunkRef {
    /// Copies the `ChunkRef` without incrementing the reference count.
    ///
    /// # Safety
    ///
    /// This function does not go through the [`Clone`] implementation of `ChunkRef`, but the
    /// copied value will still be dropped as normal. If both `ChunkRef`s will be dropped normally
    /// the underlying backing store **will be freed twice, resulting in undefined behavior.**
    #[inline]
    pub unsafe fn copy(&self) -> Self {
        // SAFETY: `self` is always a valid, initialized and aligned reference.
        // `ChunkRef` can be safely be copied as `NonNull` is `Copy`.
        unsafe { ptr::read(self as *const Self) }
    }

    /// Manually constructs a `ChunkRef` from its underlying [`ChunkInner`] pointer.
    ///
    /// **Note that `from_ptr` does not increment the reference count.**
    ///
    /// # Safety
    ///
    /// `ptr` must not be null and must point to a valid [`ChunkInner`] instance.
    #[inline]
    pub unsafe fn from_ptr(ptr: *mut ChunkInner) -> Self {
        debug_assert!(!ptr.is_null());

        Self {
            // SAFETY: The caller guarantees that `ptr` is not null.
            inner: unsafe { NonNull::new_unchecked(ptr) },
        }
    }

    /// Consumes the `ChunkRef`, returning a raw pointer.
    ///
    /// `into_raw` does not decrement the reference count.
    #[inline]
    pub fn into_raw(self) -> *mut ChunkInner {
        let ptr = self.inner.as_ptr();
        mem::forget(self);
        ptr
    }

    /// Creates a new `ChunkRef` with a new underlying chunk with the given `size`.
    #[inline]
    pub(crate) fn new(size: usize) -> Self {
        let chunk = unsafe { ChunkInner::new_unchecked(size) };

        let boxed = Box::new(chunk);
        let ptr = NonNull::from(Box::leak(boxed));

        Self { inner: ptr }
    }

    #[inline]
    pub(crate) unsafe fn as_mut(&mut self) -> &mut ChunkInner {
        unsafe { self.inner.as_mut() }
    }
}

impl Deref for ChunkRef {
    type Target = ChunkInner;

    #[inline]
    fn deref(&self) -> &Self::Target {
        unsafe { self.inner.as_ref() }
    }
}

impl Clone for ChunkRef {
    #[inline]
    fn clone(&self) -> Self {
        let old_rc = self.ref_count.fetch_add(1, Ordering::Relaxed);

        // Since leaking elements is a safe operation, we must make sure to
        // NEVER overflow the reference count.
        if old_rc > usize::MAX >> 1 {
            crate::abort();
        }

        Self { inner: self.inner }
    }
}

impl Drop for ChunkRef {
    #[inline]
    fn drop(&mut self) {
        let old_rc = self.ref_count.fetch_sub(1, Ordering::Release);

        if old_rc != 1 {
            return;
        }

        // Fence to prevent reordering of data access after deletion.
        // Synchronizes with the Release load.
        self.ref_count.load(Ordering::Acquire);

        // SAFETY: We've had the last reference to the underlying value.
        unsafe {
            drop(Box::from_raw(self.inner.as_ptr()));
        }
    }
}

unsafe impl Send for ChunkRef {}
unsafe impl Sync for ChunkRef {}

#[derive(Debug)]
pub(crate) struct ChunkInner {
    /// The length of the allocated heap buffer.
    ///
    /// Note that we're not storing the Layout, which saves one `usize`.
    size: usize,
    // layout: Layout,
    ptr: *mut u8,
    head: AtomicUsize,
    pub(crate) ref_count: AtomicUsize,
    /// Pointer to the next chunk.
    next: AtomicPtr<Self>,
}

impl ChunkInner {
    /// Creates a new `ChunkInner` with the given `size`.
    ///
    /// # Safety
    ///
    /// `size` must not overflow `isize` (i.e. `size` must be less than or equal to `isize::MAX`).
    #[inline]
    unsafe fn new_unchecked(size: usize) -> Self {
        // SAFETY: The caller guarantees that `size` does not overflow isize.
        let layout = unsafe { Self::layout(size) };

        let ptr = unsafe { alloc::alloc::alloc(layout) };
        if ptr.is_null() {
            alloc::alloc::handle_alloc_error(layout);
        }

        Self {
            size,
            ptr,
            head: AtomicUsize::new(0),
            ref_count: AtomicUsize::new(1),
            next: AtomicPtr::new(core::ptr::null_mut()),
        }
    }

    pub(crate) fn alloc(&self, size: usize) -> Option<NonNull<u8>> {
        let mut head = self.head.load(Ordering::Acquire);

        if head + size > self.size {
            return None;
        }

        while let Err(curr) =
            self.head
                .compare_exchange_weak(head, head + size, Ordering::SeqCst, Ordering::SeqCst)
        {
            head = curr;

            if head + size > self.size {
                return None;
            }
        }

        unsafe { Some(NonNull::new_unchecked(self.ptr.add(head))) }
    }

    /// # Safety
    ///
    /// size must fit into the chunk.
    #[inline]
    pub(crate) unsafe fn alloc_mut_unchecked(&mut self, size: usize) -> NonNull<u8> {
        let head = self.head.get();
        self.head.set(head + size);

        unsafe { NonNull::new_unchecked(self.ptr.add(head)) }
    }

    /// Force the head of the chunk back to the start.
    ///
    /// # Safety
    ///
    /// This is only safe to call if there are no references to the chunk that access the buffer,
    /// mutably and immutably. If this condition is violated, buffers may overlap resulting in
    /// undefined behavior.
    #[inline]
    unsafe fn reset(&self) {
        self.head.store(0, Ordering::Release);
    }

    /// Increments the reference count on the `ChunkInner` by one.
    #[inline]
    pub(crate) fn increment_reference_count(&self) {
        let old_rc = self.ref_count.fetch_add(1, Ordering::Relaxed);

        // Since leaking elements is a safe operation, we must make sure to
        // NEVER overflow the reference count.
        if old_rc > usize::MAX >> 1 {
            crate::abort();
        }
    }

    /// Returns the [`Layout`] used to allocate the buffer.
    ///
    /// # Safety
    ///
    /// `size` must not overflow isize (i.e. `size` must be less than or equal to `isize::MAX`).
    #[inline]
    unsafe fn layout(size: usize) -> Layout {
        let align = mem::align_of::<u8>();

        #[cfg(debug_assertions)]
        let _ = Layout::from_size_align(size, align);

        // SAFETY: The alignment is 1 (u8) which satisfies all alignment requirements.
        // The caller guarantees that `size` does not overflow `isize`.
        unsafe { Layout::from_size_align_unchecked(size, align) }
    }
}

impl Drop for ChunkInner {
    #[inline]
    fn drop(&mut self) {
        // SAFETY: The given pointer and layout were previously used to allocate the memory.
        unsafe {
            alloc::alloc::dealloc(self.ptr, Self::layout(self.size));
        }
    }
}

#[cfg(all(not(loom), test))]
mod tests {
    use std::ptr::NonNull;
    use std::sync::{mpsc, Arc};
    use std::thread;
    use std::vec::Vec;

    use super::ChunkRef;
    use crate::loom::sync::atomic::Ordering;
    use crate::{Arena, BytesMut};

    const THREADS: usize = 2;
    const ITERATIONS: usize = 20;

    struct SendNonNull(NonNull<u8>);

    unsafe impl Send for SendNonNull {}

    impl From<NonNull<u8>> for SendNonNull {
        fn from(value: NonNull<u8>) -> Self {
            Self(value)
        }
    }

    #[test]
    fn test_chunk() {
        let chunk = ChunkRef::new(4000);
        assert_eq!(chunk.head.load(Ordering::Acquire), 0);

        let ptr = chunk.alloc(1000).unwrap();
        assert_eq!(ptr.as_ptr() as usize, chunk.ptr as usize);
        assert_eq!(chunk.head.load(Ordering::Acquire), 1000);

        let ptr = chunk.alloc(1000).unwrap();
        assert_eq!(ptr.as_ptr() as usize, chunk.ptr as usize + 1000);
        assert_eq!(chunk.head.load(Ordering::Acquire), 2000);

        let ptr = chunk.alloc(1000).unwrap();
        assert_eq!(ptr.as_ptr() as usize, chunk.ptr as usize + 2000);
        assert_eq!(chunk.head.load(Ordering::Acquire), 3000);

        let ptr = chunk.alloc(1000).unwrap();
        assert_eq!(ptr.as_ptr() as usize, chunk.ptr as usize + 3000);
        assert_eq!(chunk.head.load(Ordering::Acquire), 4000);

        assert!(chunk.alloc(1).is_none());
    }

    #[test]
    fn test_chunk_threads() {
        let chunk = ChunkRef::new(1_000_000);

        let (tx, rx) = mpsc::channel::<Vec<SendNonNull>>();

        let threads: Vec<_> = (0..THREADS)
            .map(|_| {
                let chunk = chunk.clone();
                let tx = tx.clone();
                thread::spawn(move || {
                    let mut ptrs = Vec::<SendNonNull>::with_capacity(ITERATIONS);

                    for _ in 0..ITERATIONS {
                        let ptr = chunk.alloc(1).unwrap();

                        ptrs.push(ptr.into());
                    }

                    tx.send(ptrs).unwrap();
                })
            })
            .collect();

        drop(tx);

        for th in threads {
            th.join().unwrap();
        }

        let mut ptrs = Vec::with_capacity(THREADS * ITERATIONS);

        while let Ok(vec) = rx.recv() {
            ptrs.extend(vec);
        }

        for (index, ptr) in ptrs.iter().enumerate() {
            for (index2, ptr2) in ptrs.iter().enumerate() {
                if index == index2 {
                    continue;
                }

                if ptr.0 == ptr2.0 {
                    panic!("[{}] [{}] duplicate pointer: {:p}", index, index2, ptr.0);
                }
            }
        }

        assert_eq!(chunk.head.load(Ordering::Relaxed), THREADS * ITERATIONS);
    }

    #[test]
    fn test_arena() {
        let arena = Arena::new(4000);

        for _ in 0..4000 * 4 {
            arena.zeroed(1);
        }
    }

    #[test]
    fn test_arena_threads() {
        let arena = Arc::new(Arena::new(1_000));

        let (tx, rx) = mpsc::channel::<Vec<BytesMut>>();

        let threads: Vec<_> = (0..THREADS)
            .map(|_| {
                let arena = arena.clone();
                let tx = tx.clone();
                thread::spawn(move || {
                    let mut bufs = Vec::<BytesMut>::with_capacity(ITERATIONS);

                    for _ in 0..ITERATIONS {
                        let buf = arena.zeroed(1);

                        bufs.push(buf);
                    }

                    tx.send(bufs).unwrap();
                })
            })
            .collect();

        drop(tx);

        for th in threads {
            th.join().unwrap();
        }

        let mut bufs = Vec::with_capacity(THREADS * ITERATIONS);
        while let Ok(vec) = rx.recv() {
            bufs.extend(vec);
        }

        for (index, buf) in bufs.iter().enumerate() {
            for (index2, buf2) in bufs.iter().enumerate() {
                if index == index2 {
                    continue;
                }

                let ptr = buf.as_ptr();
                let ptr2 = buf2.as_ptr();

                if ptr == ptr2 {
                    panic!("[{}] [{}] duplicate pointer: {:p}", index, index2, ptr);
                }
            }
        }
    }
}

#[cfg(all(loom, test))]
mod loom_tests {
    use std::sync::mpsc;
    use std::vec::Vec;

    use loom::sync::atomic::Ordering;
    use loom::thread;

    use super::ChunkRef;

    const THREADS: usize = 2;
    const ITERATIONS: usize = 1;

    #[test]
    fn test_chunk() {
        loom::model(|| {
            let chunk = ChunkRef::new(1_000_000);

            let (tx, rx) = mpsc::channel::<Vec<*mut u8>>();

            let threads: Vec<_> = (0..THREADS)
                .map(|_| {
                    let chunk = chunk.clone();
                    let tx = tx.clone();
                    thread::spawn(move || {
                        let mut bufs = Vec::with_capacity(ITERATIONS);

                        for _ in 0..ITERATIONS {
                            let ptr = chunk.alloc(1).unwrap();

                            bufs.push(ptr.as_ptr());
                        }

                        tx.send(bufs).unwrap();
                    })
                })
                .collect();

            drop(tx);

            for th in threads {
                th.join().unwrap();
            }

            assert_eq!(chunk.head.load(Ordering::Relaxed), THREADS * ITERATIONS);

            let mut bufs = Vec::with_capacity(THREADS * ITERATIONS);
            while let Ok(vec) = rx.recv() {
                bufs.extend(vec);
            }

            for (index, ptr) in bufs.iter().enumerate() {
                for (index2, ptr2) in bufs.iter().enumerate() {
                    if index == index2 {
                        continue;
                    }

                    if ptr == ptr2 {
                        panic!("[{}] [{}] duplicate pointer: {:p}", index, index2, ptr);
                    }
                }
            }
        });
    }

    // #[test]
    // fn test_arena() {
    //     loom::model(|| {
    //         let arena = Arc::new(Arena::new(1_000));

    //         let threads: Vec<_> = (0..THREADS)
    //             .map(|_| {
    //                 let arena = arena.clone();
    //                 thread::spawn(move || {
    //                     for _ in 0..ITERATIONS {
    //                         arena.zeroed(500);
    //                     }
    //                 })
    //             })
    //             .collect();

    //         for th in threads {
    //             th.join().unwrap();
    //         }
    //     });
    // }
}