@@ -96,9 +96,8 @@ impl fmt::Display for AllocError {
9696/// - the memory block is deallocated,
9797/// - the allocator is mutated through public API taking `&mut` access (notably,
9898/// running the allocator's destructor is such a mutation), or
99- /// - the allocator's type becomes invalid.
100- /// (For example, the type `&'a T` becomes invalid when `'a` expires.
101- /// More generally, a type becomes invalid when any of its lifetime parameters has expired.)
99+ /// - any lifetime parameter on the allocator's type expires, thus making the
100+ /// type invalid.
102101///
103102/// Copying, cloning, or moving the allocator must not invalidate memory blocks returned from it.
104103/// A copied or cloned allocator must behave like the original allocator.
@@ -108,7 +107,9 @@ impl fmt::Display for AllocError {
108107///
109108/// Users of this trait must not rely on side effects of allocating or deallocating method calls
110109/// on `Allocator` implementors being observable (i.e. it is sound for an allocation followed
111- /// immediately by a deallocation to be optimised away).
110+ /// immediately by a deallocation to be optimised away). While it is possible to make
111+ /// such calls *unlikely* to be elided (e.g. for benchmarking), this cannot be relied upon
112+ /// for soundness.
112113///
113114/// Additionally, any memory block returned by the allocator must
114115/// satisfy the allocation invariants described in `core::ptr`.
@@ -118,16 +119,17 @@ impl fmt::Display for AllocError {
118119/// This ensures that pointer arithmetic within the allocation
119120/// (for example, `ptr.add(len)`) cannot overflow the address space.
120121///
121- /// Additionally, the following requirements must be upheld by implementors, but are still
122- /// considered experimental and thus downstream users cannot rely on them being upheld for
123- /// correctness as they may be relaxed in the future:
124- ///
125- /// Implementors of the trait must guarantee that none of the methods on this trait unwind.
122+ /// As an experimental requirement, implementors of the trait must guarantee that
123+ /// none of the methods herein unwind. Due to the bound being experimental, it may be
124+ /// removed in the future and so this cannot be relied upon by other unsafe code for
125+ /// proving soundness.
126126///
127127/// [*currently allocated*]: #currently-allocated-memory
128128// NOTE: the above bound on allocating methods not unwinding, alongside the similar
129- // bound on `AllocatorClone`, are currently load-bearing in std! see #156490 and #155746
130- // and make sure those issues cannot be triggered before relaxing this.
129+ // bound on `AllocatorClone`, are currently load-bearing in std! see the below issues
130+ // and make sure they cannot be triggered before relaxing this:
131+ // https://rust.tf/156490
132+ // https://rust.tf/155746
131133#[ unstable( feature = "allocator_api" , issue = "32838" ) ]
132134#[ rustc_const_unstable( feature = "const_heap" , issue = "79597" ) ]
133135#[ rustc_dyn_incompatible_trait]
@@ -141,7 +143,8 @@ pub const unsafe trait Allocator {
141143 ///
142144 /// The returned block of memory remains valid as long as it is [*currently allocated*] and
143145 /// the borrow-checker lifetime of the allocator type has not expired. Note that implementors
144- /// which are also [`AllocatorClone`] must obey stricter semantics.
146+ /// which are also [`AllocatorClone`], [`AllocatorEq`], or [`StaticAllocator`] must obey
147+ /// stricter semantics.
145148 ///
146149 /// [*currently allocated*]: #currently-allocated-memory
147150 ///
@@ -189,10 +192,12 @@ pub const unsafe trait Allocator {
189192 /// * `ptr` must denote a block of memory [*currently allocated*] via this allocator, and
190193 /// * `layout` must [*fit*] that block of memory.
191194 ///
192- /// Note that it is UB for a deallocation or reallocation to invalidate any
193- /// outstanding references, `Rc<_>`s, etc.; thus, notably, an allocator that has
194- /// been moved into its own [*currently allocated*] memory must not be invalidated
195- /// by a call to this method, as it would invalidate the `&self` reference used.
195+ /// Note that it is *immediate* language UB for a deallocation or reallocation to
196+ /// invalidate any outstanding references, smart pointers, etc.; thus, notably, an
197+ /// allocator that has been moved into its own [*currently allocated*] memory may
198+ /// not have its backing memory be freed, even if the allocator is never used again
199+ /// afterwards. This is due to the fact that such a deallocation would invalidate the
200+ /// `&self` reference passed to this method.
196201 ///
197202 /// [*currently allocated*]: #currently-allocated-memory
198203 /// [*fit*]: #memory-fitting
@@ -394,7 +399,7 @@ pub const unsafe trait Allocator {
394399///
395400/// # Safety
396401///
397- /// See [`Allocator`].
402+ /// Same as [`Allocator`].
398403#[ unstable( feature = "allocator_api" , issue = "32838" ) ]
399404pub impl( self ) unsafe trait DynAllocator {
400405 #[ doc( hidden) ]
@@ -468,13 +473,18 @@ where
468473{
469474}
470475
471- /// Marks that an allocator will not break [`Pin`] guarantees, even if subtyped with a
472- /// shorter lifetime. This trivially applies to allocators that always maintain
473- /// global state, e.g. `System` or `Global`.
476+ /// Marks that an allocator will behave as if it were `'static`, even if subtyped
477+ /// with a shorter lifetime. This trivially applies to allocators that always maintain
478+ /// global state, e.g. `System` or `Global`. Notably, the requirement means that
479+ /// downstream consumers may rely on this allocator not invalidating its currently
480+ /// allocated memory even if its lifetime has expired.
481+ ///
482+ /// This is a necessity in conjunction with [`Pin`], as only `'static` allocators may
483+ /// be used to back a pinned pointer.
474484///
475485/// [`Pin`]: ../../core/pin/struct.Pin.html
476486#[ unstable( feature = "allocator_api" , issue = "32838" ) ]
477- pub unsafe trait PinSafeAllocator : Allocator + ' static { }
487+ pub unsafe trait StaticAllocator : Allocator { }
478488
479489#[ unstable( feature = "allocator_api" , issue = "32838" ) ]
480490#[ rustc_const_unstable( feature = "const_heap" , issue = "79597" ) ]
@@ -628,7 +638,9 @@ unsafe impl<A: Allocator + ?Sized> DynAllocator for A {
628638 }
629639}
630640
631- // FIXME(nia-e): Make this all builtin
641+ // FIXME(nia-e): See if it's possible to make this built-in to the typesystem,
642+ // e.g. by making the impl work on arbitrary `dyn DynAlloc + Foo + Bar`. Otherwise,
643+ // just expand this macro with other trait combinations for now.
632644
633645macro_rules! impl_dyn_allocator {
634646 ( $t: ty, $( $n: ty) ,+) => {
0 commit comments