-
-
Notifications
You must be signed in to change notification settings - Fork 739
Add attributes to most functions in allocator.mallocator and allocator.common. #3957
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There were several functions in |
unittest | ||
{ | ||
alias f = Ternary.no, t = Ternary.yes, u = Ternary.unknown; | ||
auto truthTableAnd = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I disagree with these changes from auto
. auto
should really be the default everywhere, see http://herbsutter.com/2013/08/12/gotw-94-solution-aaa-style-almost-always-auto/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The type of the variable would be inferred to be a slice instead of a static array with auto
, so it's not just a stylistic change. That being said, this is in an unit test, so one could argue that it doesn't really matter either way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
auto makes it a dynamic array, which precludes @nogc
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also prefer auto
, but array literals are not stack allocated and the whole unittest will become non-@nogc
if I leave the declarations as auto
.
There were proposals for the syntax auto arr = [1, 2, 3]s
or auto[$] arr = [1, 2, 3]
, however they were rejected :(
1dbfa00
to
77bd9a2
Compare
@@ -210,7 +225,8 @@ struct AlignedMallocator | |||
$(WEB msdn.microsoft.com/en-us/library/8z34s9c6(v=vs.80).aspx, | |||
$(D __aligned_malloc)) on Windows. | |||
*/ | |||
version(Posix) @trusted @nogc | |||
version(Posix) | |||
@trusted @nogc nothrow |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't memory safe when asserts are disabled. posix_memalign
fails with EINVAL
when given a poor alignment argument, which isn't handled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately there's no satisfactory way to make this both memory safe and @nogc
.
For ENOMEM
, return null per the allocator spec, problem handled.
EINVAL
only happens for poor values of a
. Per the assert, we can see that this function expects a good value of a
as a precondition. Preconditions cannot be relied on for the memory safety guarantee. Throwing an exception on EINVAL
provides memory safety but precludes @nogc
, even if onAssertError
is used, as it's not @nogc
either. Returning null
is not an option as it signals OOM.
I suggest leaving it as @system
or using code == EINVAL || assert(0);
as a stopgap measure until we've figured out @nogc
exceptions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I see now that this is an issue with the existing code, not with this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JakobOvrum Added assert(0)
for the other possible cases.
Some of these changes are introduced in #3891 but it's nice to have them in a separate PR like this. |
I don't think we should be strict about placement of attributes at this time. The rationale of keeping to the column limit sounds sensible. LGTM. I was initially confused as it looked like it added |
2e99236
to
0cefeff
Compare
return null; | ||
|
||
else if (code == EINVAL) | ||
assert (0, "AlignedMallocator.alignment is not a power of two multiple of (void*).sizeof, according to posix_memalign!"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, does assert(0, …)
still have its special behaviour when given a message string? Just how would that work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe in the future it will be replaced with some form of abort on the compiler side.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assert(0)
emits a HLT
instruction in release mode. I am wondering if assert(0, …)
behaves similarly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it behaves exactly the same, just a HLT. On Posix systems (which obviously this will be on), this manifests as a segmentation fault. This is why I created abort as mentioned above -- no point in having a message when it is ignored.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, thanks!
…r.common. Also made the style more consistent.
0cefeff
to
1c555f0
Compare
Thanks all for the review. Is there something else that I need to address? |
Auto-merge toggled on |
Add attributes to most functions in allocator.mallocator and allocator.common.
Also made the attribute style more consistent, because it was all over the place throughout the package.
I looked at the Phobos styleguide, but I couldn't find anything about this, so I decided to follow the soft limit of 80 chars per line. That's why I put the attributes on their own line.
Overall the scheme is something like this:
Let me know if there is an existing style that I need to follow. I only care about adding correct attributes on the functions, not about bikeshedding about the code style.