sdk: Use forward allocation #301
Conversation
febo
force-pushed
the
febo/forward-bump-allocator
branch
from
4ab6fab to
1b0bfc6
Compare
joncinque
left a comment
joncinque
left a comment
There was a problem hiding this comment.
Looks great to me! Mostly nits and one comment
| /// `layout` must have non-zero size. Attempting to allocate for a zero-sized layout will | ||
| /// result in undefined behavior. |
There was a problem hiding this comment.
I believe this is ok, since most users of allocators no-op if the type is zero-sized, ie https://doc.rust-lang.org/src/alloc/boxed.rs.html#571
sdk/src/entrypoint/mod.rs
Outdated
| let padding = layout.align() - 1; | ||
|
|
||
| if unlikely(self.end - pos < padding) { | ||
| return null_mut(); |
There was a problem hiding this comment.
Maybe I'm being dense, but is this check necessary? allocation finds the start address, so we should just need to later check that self.end > allocation + layout.size()
There was a problem hiding this comment.
I was avoiding doing the allocation + layout.size() operation without checks since it can overflow if you try to allocate u64::MAX for example. And allocation might be bigger than self.end if there is no "space" left for the alignment padding.
We could probably save 1 CU by testing that layout.size() is not greater than MAX_HEAP_SIZE and then do the check self.end > allocation + layout.size() instead. I will try that.
There was a problem hiding this comment.
It does save 1 extra CU. 😊
| unsafe fn alloc_zeroed(&self, layout: Layout) -> *mut u8 { | ||
| self.alloc(layout) |
Problem
Currently, the
BumpAllocatorallocates memory backwards and it has a fixed limit of32KiBsize. Even if a program requests a larger heap size, this won't be used unless a custom allocator is implemented.Solution
Refactor the
BumpAllocatorto allocate memory forward. This has 2 benefits:~7CUs per allocation;The implementation relies on the runtime to zero initialize the heap region and to enforce the available heap length. The execution of a program is sand-boxed and the runtime prevents memory access outside the program memory space.