Struct ArenaManager 

pub struct ArenaManager { /* private fields */ }

Manages multiple specialized memory arenas.

Each arena is optimized for a specific purpose:

• Witness Arena: For private ZK inputs, with secure wiping.
• Polynomial Arena: For FFT/NTT coefficient vectors.
• Scratch Arena: For temporary computation buffers.

Drop Safety

The ArenaManager tracks the number of outstanding arena handles. On drop, it verifies that all handles have been released before deallocating memory. If handles are still in use, the memory is intentionally leaked to prevent use-after-free (with a warning).

Implementations

impl ArenaManager

pub fn new() -> Result<Self, AllocFailed>

Create a new ArenaManager with default sizes.

This will allocate a total of ~1.4 GB of virtual memory. Note: On modern OSes, virtual memory is cheap; physical pages are only allocated when touched.

pub fn with_sizes( witness_size: usize, poly_size: usize, scratch_size: usize, ) -> Result<Self, AllocFailed>

Create a new ArenaManager with custom sizes.

Use this for fine-tuned configurations based on your circuit size.

pub fn with_guard_pages( witness_size: usize, poly_size: usize, scratch_size: usize, ) -> Result<Self, AllocFailed>

Create arenas with guard pages for buffer overflow protection.

pub fn lock_witness(&self) -> Result<(), AllocFailed>

Lock witness memory to prevent swapping (important for sensitive data).

pub fn unlock_witness(&self) -> Result<(), AllocFailed>

Unlock previously locked witness memory.

pub fn witness(&self) -> Arc<BumpAlloc>

Get a handle to the witness arena.

pub fn polynomial(&self) -> Arc<BumpAlloc>

Get a handle to the polynomial arena.

pub fn scratch(&self) -> Arc<BumpAlloc>

Get a handle to the scratch arena.

pub unsafe fn reset_all(&self)

Reset all arenas.

The witness arena is securely wiped (zeroed) before reset.

Safety

This will invalidate all memory previously allocated from these arenas. The caller must ensure:

• No other thread is concurrently allocating from these arenas
• No references to arena memory exist
• No concurrent access to arena-allocated memory occurs during or after reset

pub fn stats(&self) -> ArenaStats

Get statistics about arena usage.

pub fn is_sole_owner(&self) -> bool

Check if all arena handles have been released.

Returns true if this ArenaManager is the sole owner of all arenas.

pub fn ref_counts(&self) -> (usize, usize, usize)

Get the reference counts for each arena (for debugging).

pub fn contains_address(&self, addr: usize) -> bool

Check if an address falls within any of the arena memory ranges.

Used by Issue #1 fix to distinguish arena allocations from fallback allocations. Returns true if the address is within witness, polynomial, or scratch arena.

Trait Implementations

impl Drop for ArenaManager

fn drop(&mut self)

Safety Note: ref-count check is not atomic with deallocation

The ref-count read and the subsequent deallocation are two separate operations with no lock between them. In theory, another thread could clone an Arc<BumpAlloc> handle between the check and the dealloc, causing a use-after-free.

In practice this cannot occur because ArenaManager::drop is only reachable when NAlloc is dropped (&mut self ⇒ exclusive access). At that point no thread can obtain new WitnessArena / PolynomialArena handles from this NAlloc, so the ref counts are stable.

The check therefore serves as a debug-mode invariant assertion, not as a concurrent-safety mechanism.

impl Send for ArenaManager

impl Sync for ArenaManager