Skip to content

Add attributes to most functions in allocator.mallocator and allocator.common. #3957

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Feb 3, 2016

Conversation

PetarKirov
Copy link
Member

Also made the attribute style more consistent, because it was all over the place throughout the package.

I looked at the Phobos styleguide, but I couldn't find anything about this, so I decided to follow the soft limit of 80 chars per line. That's why I put the attributes on their own line.
Overall the scheme is something like this:

[@safe] [@nogc] [nothrow] [pure]
[protection-level] [extern] <function-name / unittest>[params] [shared]

Let me know if there is an existing style that I need to follow. I only care about adding correct attributes on the functions, not about bikeshedding about the code style.

@PetarKirov
Copy link
Member Author

There were several functions in std.experimental.allocator.common that accept void[] or void* arguments. I decided to leave them as implicitly @system.

unittest
{
alias f = Ternary.no, t = Ternary.yes, u = Ternary.unknown;
auto truthTableAnd =
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I disagree with these changes from auto. auto should really be the default everywhere, see http://herbsutter.com/2013/08/12/gotw-94-solution-aaa-style-almost-always-auto/

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The type of the variable would be inferred to be a slice instead of a static array with auto, so it's not just a stylistic change. That being said, this is in an unit test, so one could argue that it doesn't really matter either way.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

auto makes it a dynamic array, which precludes @nogc.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also prefer auto, but array literals are not stack allocated and the whole unittest will become non-@nogc if I leave the declarations as auto.
There were proposals for the syntax auto arr = [1, 2, 3]s or auto[$] arr = [1, 2, 3], however they were rejected :(

@@ -210,7 +225,8 @@ struct AlignedMallocator
$(WEB msdn.microsoft.com/en-us/library/8z34s9c6(v=vs.80).aspx,
$(D __aligned_malloc)) on Windows.
*/
version(Posix) @trusted @nogc
version(Posix)
@trusted @nogc nothrow
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't memory safe when asserts are disabled. posix_memalign fails with EINVAL when given a poor alignment argument, which isn't handled.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately there's no satisfactory way to make this both memory safe and @nogc.

For ENOMEM, return null per the allocator spec, problem handled.

EINVAL only happens for poor values of a. Per the assert, we can see that this function expects a good value of a as a precondition. Preconditions cannot be relied on for the memory safety guarantee. Throwing an exception on EINVAL provides memory safety but precludes @nogc, even if onAssertError is used, as it's not @nogc either. Returning null is not an option as it signals OOM.

I suggest leaving it as @system or using code == EINVAL || assert(0); as a stopgap measure until we've figured out @nogc exceptions.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I see now that this is an issue with the existing code, not with this PR.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JakobOvrum Added assert(0) for the other possible cases.

@JakobOvrum
Copy link
Member

Some of these changes are introduced in #3891 but it's nice to have them in a separate PR like this.

@JakobOvrum
Copy link
Member

I don't think we should be strict about placement of attributes at this time. The rationale of keeping to the column limit sounds sensible.

LGTM. I was initially confused as it looked like it added @trusted here and there, but those were already there.

@PetarKirov PetarKirov force-pushed the nothrow-mallocator branch 2 times, most recently from 2e99236 to 0cefeff Compare January 27, 2016 18:45
return null;

else if (code == EINVAL)
assert (0, "AlignedMallocator.alignment is not a power of two multiple of (void*).sizeof, according to posix_memalign!");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, does assert(0, …) still have its special behaviour when given a message string? Just how would that work?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a NOP on the higher optimization levels, otherwise it calls _d_assert_msg, however I prefer to have an informative message for those willing to debug the assert if it happens.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe in the future it will be replaced with some form of abort on the compiler side.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

assert(0) emits a HLT instruction in release mode. I am wondering if assert(0, …) behaves similarly.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it behaves exactly the same, just a HLT. On Posix systems (which obviously this will be on), this manifests as a segmentation fault. This is why I created abort as mentioned above -- no point in having a message when it is ignored.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, thanks!

@PetarKirov
Copy link
Member Author

Thanks all for the review. Is there something else that I need to address?

@dnadlinger
Copy link
Member

Auto-merge toggled on

dnadlinger added a commit that referenced this pull request Feb 3, 2016
Add attributes to most functions in allocator.mallocator and allocator.common.
@dnadlinger dnadlinger merged commit 7652976 into dlang:master Feb 3, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants