Skip to content

Add more safety requirements for Allocator impls#156544

Open
theemathas wants to merge 1 commit into
rust-lang:mainfrom
theemathas:more-allocator-docs
Open

Add more safety requirements for Allocator impls#156544
theemathas wants to merge 1 commit into
rust-lang:mainfrom
theemathas:more-allocator-docs

Conversation

@theemathas
Copy link
Copy Markdown
Contributor

@theemathas theemathas commented May 13, 2026

An Allocator implementation is now allowed to invalidate its allocations when the allocator is mutated or when a lifetime in the allocator type expires.

Mutation of an Allocator should sensibly be allowed to invalidate its allocations. For example, the bumpalo crates has a Bump::reset method that takes &mut self and invalidates all past allocations. Accesses via & still must not invalidate past allocations since, for example, Box provides & access to the allocator.

The "lifetime expiry" clause closes a hole/ambiguity on when an allocator is considered to be "dropped" if it does not have a destructor. Additionally, this clause matches what is required for Box::into_pin and {Rc, Arc}::pin to be sound. (Those methods have an A: 'static bound to prevent allocating via a &MyAllocator and then running MyAllocator's destructor.)

r? libs-api

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels May 13, 2026
danielhenrymantilla
danielhenrymantilla reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@danielhenrymantilla danielhenrymantilla left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about when an allocator is moved? Iow, is an allocator allowed to lend pointers to its own shallow memory?

View changes since this review

Comment thread library/core/src/alloc/mod.rs Outdated
Comment thread library/core/src/alloc/mod.rs Outdated
@theemathas
Copy link
Copy Markdown
Contributor Author

theemathas commented May 13, 2026
edited
Loading

There's text immediately after my edits that address moving the allocator. An allocator must not invalidate its allocations upon moving.

@theemathas
Add more safety requirements for Allocator impls
459726c 
An `Allocator` implementation is now allowed to invalidate its
allocations when the allocator is mutated or when a lifetime in the
allocator type expires.

Mutation of an `Allocator` should sensibly be allowed to invalidate its
allocations. For example, the `bumpalo` crates has a `Bump::reset`
method that takes `&mut self` and invalidates all past allocations.
Accesses via `&` still must not invalidate past allocations since,
for example, `Box` provides `&` access to the allocator.

The "lifetime expiry" clause closes a hole/ambiguity on when an
allocator is considered to be "dropped" if it does not have a
destructor. Additionally, this clause matches what is required for
`Box::into_pin` and `{Rc, Arc}::pin` to be sound. (Those methods have an
`A: 'static` bound to prevent allocating via a `&MyAllocator` and then
running `MyAllocator`'s destructor.)
@theemathas theemathas force-pushed the more-allocator-docs branch from 5f2bc9f to 459726c Compare May 13, 2026 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@danielhenrymantilla danielhenrymantilla danielhenrymantilla left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@Amanieu Amanieu

Labels

S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@theemathas @danielhenrymantilla @Amanieu @rustbot