ma_proper

Struct MAProper

Source 
pub struct MAProper;
Expand description

The MAProper memory allocator

This memory allocator is an extension around std::alloc::System which ensures that the allocated memory is always erased before it is deallocated.

§Using MAProper as global allocator

#[global_allocator]
static MA_PROPER: MAProper = MAProper;

fn main() {
	// This `Vec` will allocate memory through `MA_PROPER` above
	let mut v = Vec::new();
	v.push(1);
}

§How it works

§Allocation

To ensure that we have enough information to erase everything, we allocate slightly more memory than requested and prepend some checksummed metadata to it. So a final chunk looks like this:

Layout: [ metadata | alignment padding | requested memory ]
Length:   META_LEN |      dynamic      |  user specified

Then we increment the pointer so that it points to requested memory and return it.

§Deallocation

Once the pointer is to be deallocated, we rewind the pointer so that it points to metadata/length info again to read and verify it. Once we know the length, we overwrite the entire allocated space using one of memset_s/SecureZeroMemory/explicit_bzero/explicit_memset.

Then we deallocate it.

§Important

Please note that MAProper only erases memory that is deallocated properly. This especially means that:

  • stack items are not overwritten by this allocator – to erase stack memory, we expose MAProper::erase_slice and MAProper::erase_ptr<T> so that you can erase them manually if necessary
  • depending on your panic-policy and your Rc/Arc use (retain-cycles), the destructor (and thus the deallocator) may never be called

Trait Implementations§

Source§

impl GlobalAlloc for MAProper

Source§

unsafe fn alloc(&self, layout: Layout) -> *mut u8

Allocates memory as described by the given layout. Read more
Source§

unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout)

Deallocates the block of memory at the given ptr pointer with the given layout. Read more
1.28.0 · Source§

unsafe fn alloc_zeroed(&self, layout: Layout) -> *mut u8

Behaves like alloc, but also ensures that the contents are set to zero before being returned. Read more
1.28.0 · Source§

unsafe fn realloc( &self, ptr: *mut u8, layout: Layout, new_size: usize, ) -> *mut u8

Shrinks or grows a block of memory to the given new_size in bytes. The block is described by the given ptr pointer and layout. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.