-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactoring system interface #15
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In addition, please change all existing platforms to the new API.
432a542
to
356d1ea
Compare
356d1ea
to
d7f5a05
Compare
d7f5a05
to
d69304d
Compare
d69304d
to
e3e1305
Compare
Thanks for the PR! I'm not sure though that this is something I want to commit to in this crate. I'd prefer to not have a trait that exposes the underlying required operations since that's difficult to change over time. If sgx is changing rapidly then it may be best for a separate allocator other than this crate (although maybe based on this one?) to be used in libstd. |
The main purpose of the PR is not because SGX may change (again) in the future. It's because there is a dependency inversion; implementing the system allocator for SGX (and other targets) relies on information provided by libstd. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry it's been a hectic week, but that makes sense if the embedding has application-specific knowledge about how to implement the allocator. I've left some comments throughout.
src/lib.rs
Outdated
/// Instances of this type are used to allocate blocks of memory. For best | ||
/// results only use one of these. Currently doesn't implement `Drop` to release | ||
/// lingering memory back to the OS. That may happen eventually though! | ||
#[cfg(any(target_os = "linux", target_arch = "wasm32", target_os = "macos"))] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is similar to my comment above, but I would prefer that this structure not have a conditional definition.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It only conditionally sets the type parameter default. I don't see how you could have a default (in order not to break existing users) but also have platforms that don't have an in-crate implementation without conditional compilation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Platforms which don't have an implementation in this crate would default to just saying "allocation failed"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this #[cfg]
can be removed?
No worries about the timing @alexcrichton, thanks for changing your point of view on this. I'll address your comments as soon as possible. |
src/lib.rs
Outdated
/// Instances of this type are used to allocate blocks of memory. For best | ||
/// results only use one of these. Currently doesn't implement `Drop` to release | ||
/// lingering memory back to the OS. That may happen eventually though! | ||
#[cfg(any(target_os = "linux", target_arch = "wasm32", target_os = "macos"))] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Platforms which don't have an implementation in this crate would default to just saying "allocation failed"
I don't see what exactly a default implementation of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I personally find that dealing with #[cfg]
soup is much less fun and flexible than having APIs available that simply return errors. It's not great if you're not expecting an error but the error comes out really fast so long as you use basically anything. Overall I think the user experience is improved with fallible runtime methods rather than not-provided-at-compile-time methods.
8b0a8ee
to
c798baf
Compare
src/lib.rs
Outdated
/// Instances of this type are used to allocate blocks of memory. For best | ||
/// results only use one of these. Currently doesn't implement `Drop` to release | ||
/// lingering memory back to the OS. That may happen eventually though! | ||
#[cfg(any(target_os = "linux", target_arch = "wasm32", target_os = "macos"))] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this #[cfg]
can be removed?
src/lib.rs
Outdated
|
||
impl<S> Dlmalloc<S> { | ||
/// Creates a new instance of an allocator | ||
pub const fn new_with_platform(sys_allocator: S) -> Dlmalloc<S> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this may want to be new_with_system
since the name of the trait is "System"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can also be lumped in with the impl
block below I think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately, that results in trait bounds other than
Sized on const fn parameters are unstable
. I'm assuming you'd want to avoid a const_fn
crate attribute?
src/lib.rs
Outdated
@@ -29,15 +30,54 @@ mod dlmalloc; | |||
#[cfg(all(feature = "global", not(test)))] | |||
mod global; | |||
|
|||
/// A platform interface | |||
pub unsafe trait System: Send { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To bikeshed a bit, the documentation and wording here are used somewhat interchangeably (e.g. this trait's documentation says "platform" where the trait says "system"). Perhaps the trait could be Allocator
and the default struct could be System
(to mirror std::alloc
a bit).
367bab4
to
97ff3f5
Compare
Ok this looks good to me, but I think CI is failing? |
CI is failing on master too |
944418c
to
b1f9c2f
Compare
b1f9c2f
to
4786050
Compare
Thanks again! |
Thanks for merging! |
…Simulacrum Upgrade dlmalloc to version 0.2 In preparation of adding dynamic memory management support for SGXv2-enabled platforms, the dlmalloc crate has been refactored. More specifically, support has been added to implement platform specification outside of the dlmalloc crate. (see alexcrichton/dlmalloc-rs#15) This PR upgrades dlmalloc to version 0.2 for the `wasm` and `sgx` targets. As the dlmalloc changes have received a positive review, but have not been merged yet, this PR contains a commit to prevent tidy from aborting CI prematurely. cc: `@jethrogb`
With the arrival of SGXv2, enclaves can dynamically add and remove memory pages. In SGXv1 this was not supported. Instead of adding the required changes for SGXv2 to this crate, the choice was made to factor out the sys interface. Now users of dlmalloc can simply implement the
System
trait. This allows further changes to this trait implementation (e.g., for SGXv2 support) without impacting this crate.cc: @jethrogb