Struct BumpAlloc 

pub struct BumpAlloc { /* private fields */ }

A fast, lock-free bump allocator with fallback support.

Thread-safety is achieved via atomic compare-and-swap on the cursor. This allows multiple threads to allocate concurrently without locks, though there may be occasional retries on contention.

When the arena is exhausted and the fallback feature is enabled, allocations fall back to the system allocator.

Implementations

impl BumpAlloc

pub unsafe fn new(base: *mut u8, size: usize) -> Self

Create a new bump allocator from a raw memory block.

Safety

The memory block [base, base+size) must be valid and writable.

pub fn base_ptr(&self) -> *mut u8

Get the base pointer of this allocator.

pub fn alloc(&self, size: usize, align: usize) -> *mut u8

Allocate memory with the given size and alignment.

Returns a null pointer if there is not enough space and fallback is disabled. With the fallback feature, falls back to system allocator.

pub fn is_recycled(&self) -> bool

Check if this arena has been recycled (reset after initial use).

Uses Acquire ordering so that all memory writes performed by the thread that called reset() (in particular the volatile zeroing in secure_reset) are visible to the caller before any subsequent reads from arena memory. A Relaxed load would break the happens-before chain with the Release store in reset().

pub fn fallback_count(&self) -> usize

Get the number of fallback allocations (only with fallback feature).

pub fn fallback_bytes(&self) -> usize

Get the total bytes allocated via fallback (only with fallback feature).

Note (Issue #9): This tracks the requested allocation size, not the actual size allocated by the system allocator (which may be larger due to alignment and internal bookkeeping). Use this for monitoring, not precise accounting.

pub unsafe fn reset(&self)

Reset the bump pointer to the base.

Safety

All previously allocated memory becomes invalid after this call.

Warning (Issue #10)

Fallback allocations are NOT freed by reset. When arena exhaustion triggers fallback to the system allocator (with fallback feature), those allocations must be individually deallocated via GlobalAlloc::dealloc. If using NAlloc as the global allocator, this happens automatically when the memory is dropped. However, if using arenas directly, be aware that reset only reclaims arena memory, not system allocator memory.

pub unsafe fn secure_reset(&self)

Zero out all memory in the arena and reset the cursor.

This is critical for security-sensitive applications like ZK provers, where witness data must be wiped after use to prevent leakage.

Uses volatile writes to prevent the compiler from optimizing away the zeroing operation (dead store elimination).

Safety

All previously allocated memory becomes invalid after this call.

pub fn capacity(&self) -> usize

Returns the total capacity in bytes.

pub fn used(&self) -> usize

Returns the number of bytes currently allocated.

pub fn remaining(&self) -> usize

Returns the number of bytes remaining.

Trait Implementations

impl Send for BumpAlloc

impl Sync for BumpAlloc