fix: prevent corruption of the small allocator state#13548
Merged
Conversation
This code threw an `std::bad_alloc` in the case of memory exhaustion, but left the small allocator in an inconsistent state when doing so. This would mean any code catching and recovering from the allocation failure would likely find itself with a corrupt small allocator. While we could try and make this code exception safe in future, simply making it panic is better than the status quo, and is consistent with how we handle most other allocation failures.
Contributor
Author
|
changelog-language |
github-actions
Bot
added
changelog-language
|
Mathlib CI status (docs):
|
Collaborator
|
Reference manual CI status:
|
Kha
reviewed
May 5, 2026
| void heap::alloc_segment() { | ||
| LEAN_RUNTIME_STAT_CODE(g_num_segments++); | ||
| segment * s = new segment(); | ||
| LEAN_RUNTIME_STAT_CODE(g_num_segments++); |
Contributor
Author
There was a problem hiding this comment.
If new throws, then the number of segments has not yet increased.
Member
There was a problem hiding this comment.
Ah, I was confused in the combination with abort but I guess it doesn't hurt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes possible corruption when recovering from memory exhaustion.
This code threw an
std::bad_allocin the case of memory exhaustion, but left the small allocator in an inconsistent state when doing so. This would mean any code catching and recovering from the allocation failure would likely find itself with a corrupt small allocator.While we could try and make this code exception safe in future, simply making it panic is better than the status quo, and is consistent with how we handle most other allocation failures.
changelog-please-rerun-the-changelog-ci