Skip to main content

Module inplace_return

relon_eval_api

Module inplace_return 

Source
Expand description

Backend-shared host side of the in-place region-walk return ABI (S1/S2 List<List<scalar>>, S3 List<String>, S4 List<Schema>, and pointer-array variant lists such as List<Enum>). When a compiled #main returns a parameter-sourced pointer-array list, the machine code does not copy the value into out_buf. Instead the epilogue reports the arena-absolute offset of the return root via the negative sentinel -(root_abs + 1). The host then:

  1. recovers root_abs from the sentinel (decode_inplace_sentinel),
  2. selects the arena region root_abs lands in,
  3. runs the bounds [verify_value_at] over the whole reachable graph confined to that region — a verify failure aborts the decode,
  4. only on a clean verify decodes the value in place via the matching positional reader (read_list_list_at / read_list_string_at / read_list_record_at).

Both the cranelift and llvm backends call into this one implementation, so the sentinel → region-select → verifier → decode pipeline is genuinely backend-shared rather than mirrored per crate. The machine-code side (which negative sentinel to emit) is the only per-backend half; the host decode is here.

Structs§

ArenaRegions
Arena region boundaries the in-place decode selects between. The arena layout (shared by both AOT backends) is [const_data | pad | in_buf | pad | out_buf | pad | scratch]; the returned root may live in any region (S1 only ever sees the param-sourced in_buf list, but the selection is generic so S2+ can return out_buf / scratch roots through the same gate).

Functions§

decode_inplace_return
Decode an in-place region-walk return for a single-value return whose root is a parameter-sourced pointer-array list: List<List<scalar>> (S1/S2), List<String> (S3), List<Schema> (S4), or a variant list such as List<Option<T>> / List<Result<T, E>> / List<Enum>. The machine code reported root_abs (the arena-absolute offset of the return root) via the negative sentinel; the caller already recovered it with decode_inplace_sentinel.
decode_inplace_sentinel
Decode the in-place region-walk return sentinel. The machine code encodes an in-place return as -(root_abs + 1) (a value <= -9, since root_abs >= in_ptr >= 8). Recover root_abs = -ret - 1, rejecting a sentinel that doesn’t round-trip into a non-negative offset (a corrupt / impossible encoding).
decode_object_return
Single central entry for the object (positive-bytes_written) return path, shared by both AOT backends. It enforces the one correct order — verify_object_return_multi before any decode — so no present or future object-return caller can reach a BufferReader without the multi-region bounds gate having run first. A verify failure aborts loudly; the decode never runs on an unverified arena.
verify_object_return_multi
Gate the object (positive-bytes_written) return path through the multi-region bounds verifier before its BufferReader decode runs — closing the red-line gap the S5 design flagged (an object return previously trusted out_buf self-containment and ran no verifier at all).