Clean up the stack implementations #54
Conversation
|
First, can you please separate the "clean ups" into distinct commits?
Uh, how about no. Now anyone implementing a stack externally will now have to 1) implement the Valgrind interface 2) implement interfaces of any other debugging tools we may be interested in the future 3) predicate on the architecture-specific availability of Valgrind themselves. This significantly decreases ergonomics (and also it's not a cleanup, it creates duplication).
Again, how about no. This makes it completely useless for its original purpose, that is using a |
Can't you just use a
The motivation here was to associate the debug info with the stacks rather than with the generators. Consider the case where a stack is reused for multiple generators, this would cause the stack to be registered and de-registered multiple times. |
| /// | ||
| /// This function will automatically align the slice to make it suitable for | ||
| /// use as a stack. However this function may panic if the slice is smaller | ||
| /// than `STACK_ALIGNMENT`. |
There was a problem hiding this comment.
Where does it panic in release builds?
There was a problem hiding this comment.
This may panic even in release builds: &mut slice[offset..(offset + adjusted_len)]
There was a problem hiding this comment.
Worth a comment, I think.
I don't see how this is a problem. You're sacrificing ergonomics in a misguided attempt to improve efficiency of a feature only useful for debugging in the first place. (And we should also gate the valgrind stuff behind
Hm, I tried that and encountered some sort of problem, but I don't recall it now. Disregard that comment then. That said, if SliceStack::new didn't mess with valgrind then it could be a const fn. |
|
I reverted the valgrind changes. |
|
LGTM. SliceStack's |
|
There's no real point in making |
|
I don't think Also, publicly exposing the field would allow safety violations (in particular, the alignment restriction won't be enforced). |
Amanieu
force-pushed
the
stack
branch
3 times, most recently
from
3b75d61
to
0b6f2b7
Compare
Right.
Using SliceStack is already unsafe since it provides no guard page; exposing the field could be seen as inelegant design since it lets you violate what's supposed to be an invariant, but it does not add any more unsafety. |
Amanieu
force-pushed
the
stack
branch
2 times, most recently
from
32dd60b
to
4f4040b
Compare
| let adjusted_len = (slice.len() - offset) & !(::STACK_ALIGNMENT - 1); | ||
|
|
||
| // This may panic if offset is larger than the size of the slice | ||
| SliceStack(&mut slice[offset..(offset + adjusted_len)]) |
There was a problem hiding this comment.
Please group these two panics into one explicit one, and write a test for both conditions.
There was a problem hiding this comment.
The only panic is the explicit one. adjusted_len is guaranteed to be less than slice.len() - offset.
There was a problem hiding this comment.
So the comment is wrong now?
There was a problem hiding this comment.
Oops, forgot about that one. Fixed.
Amanieu
force-pushed
the
stack
branch
2 times, most recently
from
3a0682e
to
3fb86e0
Compare
| } | ||
| } | ||
|
|
||
| #[cfg(test)] |
There was a problem hiding this comment.
These tests don't poke into any implementation details as far as I see, so shouldn't they go to tests/?
There was a problem hiding this comment.
Well I feel that the precise behavior of whether it panics or not is a bit of an implementation detail. The only thing the interface guarantees is that it won't panic if the slice is larger than STACK_ALIGNMENT, and it may panic if it is smaller.
There was a problem hiding this comment.
That's a weird contract...
|
I moved the tests into |
Changes:
The valgrind stuff is moved out of the generators and into the stack implementations.Stackis now an unsafe trait since it has a contract that must be upheld by an implementation.SliceStackwill now automatically align a slice on construction. However this means that its fields are now private.