-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new
(mutable unboxed vector) hands the user uninitialized memory
#30
Comments
What you say seems right to me, ST shouldn't be nondeterministic. I've seen a suprising lot of code that uses I'd also like to mention that |
I've been contemplating how best to fix this issue. I can see two or three ways, so I'd like some input. The problem is that One possibility is A second option is to introduce a new operation that zeroes out unboxed arrays and no-ops on others. A third option is to fix this even for Does anyone have a strong preference for any of these solutions? |
So, I'm having trouble actually verifying that this problem exists. Are we sure that GHC or something below it isn't zeroing the memory already? I wrote some test cases where I allocate new primitive vectors and sum them, and I always get 0 as an answer. Have you seen something different, @rwbarton? I'm using 7.8.3, but maybe older versions worked differently (or newer ones do)? I suppose it could also be OS dependent? |
Never mind. My test case wasn't good enough. I can reproduce this in compiled programs. |
I was testing in ghci, but yeah, the OS will zero newly-allocated pages it hands you, so the unallocated area of the nursery is likely to be zeroed initially, but not after the first GC. |
I have a fairly strong preference for maintaining a "trust me" option (to maintain the "performance at any cost" theme of this package). Repurposing the |
The problem, last I checked, is that fixing this while leaving an escape hatch requires adding operations to be very good. You need a generic I also question whether array allocation is ever a bottleneck that requires "performance at any cost." And we need something like that to justify the more complicated solution. |
I imagine it could be significant in an array-doubling situation like an unfold. |
This has been fixed. Released in 0.11.0.0. |
I don't think it should be the default behavior in a managed language to provide access to uninitialized memory. Aside from potential security issues, it also means that computations using mutable unboxed vectors in ST are nondeterministic. At the very least, this behavior should be clearly documented!
Naturally some applications need uninitialized arrays. I would suggest repurposing the name
unsafeNew
for this (the currentunsafeNew
is silly—I can't imagine any application for skipping the bounds check of an allocation), or using a new name likenewUninitialized
.The same comments apply to
grow
andunsafeGrow
.For comparison, the array package has a
newArray
with an extra argument which is used as the initial value of every entry of the new mutable array, and anewArray_
which (for unboxed arrays) produces an uninitialized array when used inIO
, and an array initialized to a fixed value (depending on the type) when used inST
.The text was updated successfully, but these errors were encountered: