Conversation
edi33416
requested review from
PetarKirov,
andralex and
wilzbach
as code owners
|
Thanks for your pull request, @edi33416! We are looking forward to reviewing it, and you should be hearing from a maintainer soon. Some tips to help speed things up:
Bear in mind that large or tricky changes may require multiple rounds of review and revision. Please see CONTRIBUTING.md for more information. Bugzilla referencesYour PR doesn't reference any Bugzilla issue. If your PR contains non-trivial changes, please reference a Bugzilla issue or create a manual changelog. |
| static if (stateSize!Prefix) | ||
| { | ||
| assert(result.ptr.alignedAt(Prefix.alignof)); | ||
| emplace!Prefix(cast(Prefix*) result.ptr); |
There was a problem hiding this comment.
This assumes that it's safe to write over result. As far as I see, you can't assume that. Every array type implicitly converts to void[], so it's possible that parent.allocate returns memory that's already used elsewhere, differently typed.
Same with Suffix below.
There was a problem hiding this comment.
Isn't it safe to assume that parent.allocate will return fresh memory? Imho, allocate should always return fresh memory.
There was a problem hiding this comment.
Isn't it safe to assume that parent.allocate will return fresh memory?
No. parent is provided by the user. You can't assume anything about it beyond what is guaranteed/required by the language.
It might be possible to check if the return value is unique. Then you can rely on that. But you have to check.
There was a problem hiding this comment.
This is problematic. We may need to replace the result of allocate with ubyte[] everywhere, or give up on making allocate safe for this allocator.
|
@edi33416 I suggest for now let's leave AffixAllocator with an unsafe allocate. |
|
|
||
| // Check that goodAllocSize inherits from parent, i.e. GCAllocator | ||
| assert(__traits(compiles, (() nothrow @safe @nogc => a.goodAllocSize(1))())); | ||
| assert(__traits(compiles, (() @nogc => a.goodAllocSize(1))())); |
There was a problem hiding this comment.
This is an anti-pattern. Get rid of the __traits(compiles here.
There was a problem hiding this comment.
@wilzbach What is the preferred alternative to __traits(compiles, ...)?
There was a problem hiding this comment.
a.goodAllocSize(1) and if don't want to call it, simply put it in a function or lambda which isn't called. It looks a lot nicer to read and has the same effect and for the main reason you see the error messages e.g. if you decide to refactor your codebase.
FWIW it should have been static assert too.
| auto b = a.allocate(42); | ||
| assert(b.length == 42); | ||
| () nothrow @nogc { a.deallocate(b); }(); | ||
| () @trusted @nogc { a.deallocate(b); }(); |
There was a problem hiding this comment.
Where did the nothrow go? And better wrap the specific part in an @safe lambda than spreading @trusted
There was a problem hiding this comment.
Where did the nothrow go?
I changed the unittest to nothrow @safe
And better wrap the specific part in an
@safelambda than spreading@trusted
What do you mean?
| } | ||
|
|
||
| bool failedNewAlloc = false; | ||
| mixin(q{() } ~ trusted_ ~ q{ { |
There was a problem hiding this comment.
You can do this without a mixin, by simply doing sth. like
static if (<checkWhetherItCanBeTrusted>)
() @trusted { callFun() }();
else
callFun();| metadata. | ||
| */ | ||
| @trusted void[] allocate(const size_t s) | ||
| pure nothrow @trusted @nogc |
There was a problem hiding this comment.
Why can this @trusted? (Please don't slap @trusted on functions.)
There was a problem hiding this comment.
This was made @trusted before. I just added pure nothrow @nogc.
Should I make this @safe and add @trusted lambdas inside?
| /** | ||
| Directs the call to either one of the $(D buckets) allocators. | ||
| */ | ||
| //pure nothrow @safe @nogc |
| static if (hasMember!(ParentAllocator, "deallocate")) | ||
| { | ||
| clear; | ||
| () @trusted { clear; }(); |
There was a problem hiding this comment.
How about making the function @safe instead of blindly trusting it?
| assert(b1.length == 10000); | ||
| assert(b2.length == 20000); | ||
| assert(b3.length == 30000); | ||
| () @trusted @nogc { a.deallocate(b1); }(); |
There was a problem hiding this comment.
Close lambda and open it three lines later ;-)
| assert(b.length == 42); | ||
| // Ensure deallocate inherits from parent | ||
| () nothrow @nogc { a.deallocate(b); }(); | ||
| () @trusted nothrow @nogc { a.deallocate(b); }(); |
There was a problem hiding this comment.
You could have wrapped the other block in an @safe lambda ...
| version(Posix) | ||
| { | ||
| /// Allocator API. | ||
| @trusted @nogc nothrow |
There was a problem hiding this comment.
Don't apply @trusted to entire functions.
| PAGE_READWRITE, MEM_RELEASE; | ||
|
|
||
| /// Allocator API. | ||
| @trusted @nogc nothrow |
There was a problem hiding this comment.
Don't apply @trusted to entire functions.
|
@edi33416 I recommend splitting this PR up into smaller chunks, s.t. it can be reviewed and merged more quickly. As an additional benefit your chances of running into merge conflicts decrease too ;-) |
|
Per the convo with @edi33416 today, please convert this diff to making allocate only |
|
Ping @edi33416 |
|
@edi33416 Any chance of finishing this? |
LightBender
added
the
Review:Phantom Zone
|
PR closed as stalled. If you wish to resurrect it you are welcome to do so. We will look into this in Phobos 3. |
8 participants
For allocators that implement their own
allocatemethod, this should be apure nothrow @safefunction.Allocators that are building on top of such allocators should infer the function attributes from their parents.
This PR is a subset of #5330, as this approach will provide us with better granularity. More smaller PRs to come :)