[STF] Migrate __stf/allocators/ from cuda_safe_call to cuda_try

[andralex]

Summary

First PR in a series migrating production STF headers off the abort-on-failure cuda_safe_call and onto the throw-on-failure cuda_try, so callers (including Python wrappers and any wider exception-aware control flow) have the option to recover from CUDA errors instead of having the process aborted underneath them.

Scope here is intentionally tiny -- the entire cudax/include/cuda/experimental/__stf/allocators/ subtree, two call sites -- so the migration pattern can be reviewed before it scales up.

Changes

pooled_allocator.cuh

Plain cudaGetDeviceProperties query inside the constructor. No CUDA state in flight, no rollback needed -- straight cuda_safe_call -> cuda_try substitution.

adapters.cuh

stream_adapter::clear() synchronizes the stream before any blocking deallocations. With cuda_try, that path can now throw. The existing ~stream_adapter() sanity assertion (cleared_or_moved must be true at destruction) would then fire spuriously and report "clear() was not called" -- which is misleading: clear() was called, it just failed mid-way.

Guarded the bool flip with SCOPE(exit) at the top of clear() so the destructor's contract holds whether or not the synchronization throws. Explicit scope_guard.cuh include added rather than relying on transitive inclusion.

void clear()
{
  _CCCL_ASSERT(adapter_state, "Invalid state");
  _CCCL_ASSERT(!cleared_or_moved, "clear() was already called, or the object was moved.");

  SCOPE(exit) { cleared_or_moved = true; };

  // ... cuda_try(cudaStreamSynchronize(stream)); ...
}

The SCOPE(exit) body only writes a bool, which is noexcept -- no risk of std::terminate during unwinding.

Migration pattern notes (for the follow-ups)

• SAFE: pure queries with no in-flight CUDA state -> direct cuda_try substitution.
• GUARDED: operations that need an undo step on failure -> cuda_try + SCOPE(fail) for the rollback. Inside the SCOPE(fail) body, use cuda_safe_call, not cuda_try -- guard destructors are noexcept, so a thrown exception during unwinding would std::terminate.
• KEEP: destructors and CUDA host callbacks remain cuda_safe_call. Same rationale -- those contexts are noexcept.

Test plan

• CI green (/ok to test once branch is pushed -- see comment below)
• No behavioral change for the success path
• Confirmed no @code doxygen blocks in either file reference cuda_safe_call, so docs do not drift

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Bug Fixes
  • Improved exception safety in memory allocation operations to prevent resource leaks during CUDA operations.
  • Enhanced error handling approach for device configuration queries to increase overall system robustness.

Walkthrough

This PR improves exception-safety and error-handling consistency in STF allocators. stream_adapter::clear() now uses scope guards to guarantee the destructor precondition is met even when CUDA operations throw, and switches stream synchronization from cuda_safe_call to cuda_try. Similarly, block_data_pool switches device-properties queries to cuda_try.

Changes

STF Allocator Robustness

Layer / File(s)	Summary
stream_adapter::clear() exception-safety and error-handling cudax/include/cuda/experimental/__stf/allocators/adapters.cuh	Includes scope_guard header and adds SCOPE(exit) guard in clear() to set cleared_or_moved = true on all exit paths; replaces cuda_safe_call with cuda_try for stream synchronization before blocking deallocations.
block_data_pool error-handling consistency cudax/include/cuda/experimental/__stf/allocators/pooled_allocator.cuh	Switches cudaGetDeviceProperties from cuda_safe_call to cuda_try wrapper in pool constructor.

Possibly related PRs

• NVIDIA/cccl#8891: Implements enhanced cuda_try output-parameter inference that this PR depends on for cudaGetDeviceProperties calls.

Suggested labels

stf

Suggested reviewers

• caugonnet
• alliepiper
• bernhardmgruber

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 963e43f7-56ce-479c-8aca-f1922db75a36

📥 Commits

Reviewing files that changed from the base of the PR and between d2d87ed and 0f22512.

📒 Files selected for processing (2)

• cudax/include/cuda/experimental/__stf/allocators/adapters.cuh
• cudax/include/cuda/experimental/__stf/allocators/pooled_allocator.cuh

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

critical: Do not mark clear() as completed when it exits via exception.

If cuda_try throws on Line 195, adapter_state->to_free is still populated, but the SCOPE(exit) on Lines 179-182 sets cleared_or_moved = true anyway. That makes a retry hit the precondition on Line 172 and lets the destructor stop asserting even though buffers were never released, so this exception path becomes a silent leak. Only flip the state after all frees succeed, or split this into separate "clear attempted" and "clear completed" flags.

Also applies to: 195-195

[caugonnet]

@andralex Would not that go through SCOPE(fail) instead of SCOPE(exit) ?

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[andralex]

/ok to test 0f22512

[andralex]

Closing to let the author review the diff locally before pushing. Will reopen (or a successor PR) once approved.

[github-actions]

🥳 CI Workflow Results

🟩 Finished in 59m 28s: Pass: 100%/55 | Total: 23h 04m | Max: 59m 27s | Hits: 15%/150797

See results here.