New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up the stack implementations #54
Conversation
First, can you please separate the "clean ups" into distinct commits?
Uh, how about no. Now anyone implementing a stack externally will now have to 1) implement the Valgrind interface 2) implement interfaces of any other debugging tools we may be interested in the future 3) predicate on the architecture-specific availability of Valgrind themselves. This significantly decreases ergonomics (and also it's not a cleanup, it creates duplication).
Again, how about no. This makes it completely useless for its original purpose, that is using a |
Can't you just use a
The motivation here was to associate the debug info with the stacks rather than with the generators. Consider the case where a stack is reused for multiple generators, this would cause the stack to be registered and de-registered multiple times. |
/// | ||
/// This function will automatically align the slice to make it suitable for | ||
/// use as a stack. However this function may panic if the slice is smaller | ||
/// than `STACK_ALIGNMENT`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where does it panic in release builds?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may panic even in release builds: &mut slice[offset..(offset + adjusted_len)]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Worth a comment, I think.
I don't see how this is a problem. You're sacrificing ergonomics in a misguided attempt to improve efficiency of a feature only useful for debugging in the first place. (And we should also gate the valgrind stuff behind
Hm, I tried that and encountered some sort of problem, but I don't recall it now. Disregard that comment then. That said, if SliceStack::new didn't mess with valgrind then it could be a const fn. |
I reverted the valgrind changes. |
LGTM. SliceStack's |
There's no real point in making |
I don't think Also, publicly exposing the field would allow safety violations (in particular, the alignment restriction won't be enforced). |
3b75d61
to
0b6f2b7
Compare
Right.
Using SliceStack is already unsafe since it provides no guard page; exposing the field could be seen as inelegant design since it lets you violate what's supposed to be an invariant, but it does not add any more unsafety. |
32dd60b
to
4f4040b
Compare
let adjusted_len = (slice.len() - offset) & !(::STACK_ALIGNMENT - 1); | ||
|
||
// This may panic if offset is larger than the size of the slice | ||
SliceStack(&mut slice[offset..(offset + adjusted_len)]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please group these two panics into one explicit one, and write a test for both conditions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only panic is the explicit one. adjusted_len
is guaranteed to be less than slice.len() - offset
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So the comment is wrong now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops, forgot about that one. Fixed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And the test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test added.
3a0682e
to
3fb86e0
Compare
} | ||
} | ||
|
||
#[cfg(test)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These tests don't poke into any implementation details as far as I see, so shouldn't they go to tests/
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well I feel that the precise behavior of whether it panics or not is a bit of an implementation detail. The only thing the interface guarantees is that it won't panic if the slice is larger than STACK_ALIGNMENT
, and it may panic if it is smaller.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a weird contract...
I moved the tests into |
Changes:
The valgrind stuff is moved out of the generators and into the stack implementations.Stack
is now an unsafe trait since it has a contract that must be upheld by an implementation.SliceStack
will now automatically align a slice on construction. However this means that its fields are now private.