Skip to content

Make explicit guarantees about Vec’s allocator #145260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Make explicit guarantees about Vec’s allocator #145260

wants to merge 3 commits into from
+61 −11

Conversation

SabrinaJewson
Copy link
Contributor

This commit amends the documentation of Vec::as_mut_ptr and Vec::into_raw_parts to make it explicit that such calls may be paired with calls to dealloc with a suitable layout. This guarantee was effectively already provided by the docs of Vec::from_raw_parts mentioning alloc.

Additionally, we copy-paste and adjust the “Memory layout” section from the documentation of std::boxed to std::vec. This explains the allocator guarantees in more detail.

@SabrinaJewson
Make explicit guarantees about Vec’s allocator
19df24b 
This commit amends the documentation of `Vec::as_mut_ptr` and
`Vec::into_raw_parts` to make it explicit that such calls may be paired
with calls to `dealloc` with a suitable layout. This guarantee was
effectively already provided by the docs of `Vec::from_raw_parts`
mentioning `alloc`.

Additionally, we copy-paste and adjust the “Memory layout” section from
the documentation of `std::boxed` to `std::vec`. This explains the allocator
guarantees in more detail.
@rustbot
Copy link
Collaborator

rustbot commented Aug 11, 2025

r? @ibraheemdev

rustbot has assigned @ibraheemdev.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Aug 11, 2025
Kivooeo
Kivooeo reviewed Aug 11, 2025
View reviewed changes
Copy link
Member

@Kivooeo Kivooeo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some nits

@ibraheemdev
Copy link
Member

r? libs-api

@rustbot rustbot added the T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. label Aug 11, 2025
@rustbot rustbot assigned dtolnay and unassigned ibraheemdev Aug 11, 2025
dtolnay
dtolnay approved these changes Aug 11, 2025
View reviewed changes
Copy link
Member

@dtolnay dtolnay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This guarantee was effectively already provided by the docs of Vec::from_raw_parts mentioning alloc.

This is also my understanding. If you can feed an arbitrary heap allocation into Vec::from_raw_parts and get it back from into_raw_parts / as_mut_ptr / capacity, it's effectively a guarantee that these things can be deallocated in the obvious way.

There is one other piece required to complete the argument. The above by itself does not guarantee that a ZST vector ptr is fine to "leak" as written in this PR: "and if T is zero-sized nothing needs to be done". This scenario falls outside any consequences drawn from from_raw_parts because from_raw_parts is documented as follows: "ptr must have been allocated using the global allocator, such as via the alloc::alloc function", and allocating a zero-sized layout with a global allocator is documented as being UB. If Vec somehow allocated nonzero size internally for ZST vectors, this PR would be a new guarantee. But there is plenty of existing documentation that Vec does not allocate for ZST.

Hypothetically, dropping a vector of ZST could require some other non-allocator thing, such as std::internal::decrement_outstanding_zst_vectors(). But this is pretty outlandish and I do not believe we require a team consensus to rule this out.

Thank you for the improvements!

Separately, it would be good to update the documentation of from_raw_parts to speak about the ZST case. As currently written, it seems to imply round-tripping into_raw_parts -> from_raw_parts can be UB, which is not the intention.

@dtolnay
Copy link
Member

dtolnay commented Aug 11, 2025

@bors r+ rollup

@bors
Copy link
Collaborator

bors commented Aug 11, 2025

📌 Commit 45e2449 has been approved by dtolnay

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Aug 11, 2025
fmease added a commit to fmease/rust that referenced this pull request Aug 11, 2025
@fmease
Rollup merge of rust-lang#145260 - SabrinaJewson:vec-allocator-docs, …
7f97c04 
…r=dtolnay

Make explicit guarantees about `Vec`’s allocator

This commit amends the documentation of `Vec::as_mut_ptr` and `Vec::into_raw_parts` to make it explicit that such calls may be paired with calls to `dealloc` with a suitable layout. This guarantee was effectively already provided by the docs of `Vec::from_raw_parts` mentioning `alloc`.

Additionally, we copy-paste and adjust the “Memory layout” section from the documentation of `std::boxed` to `std::vec`. This explains the allocator guarantees in more detail.
@fmease fmease mentioned this pull request Aug 11, 2025
Closed
fmease added a commit to fmease/rust that referenced this pull request Aug 12, 2025
@fmease
Rollup merge of rust-lang#145260 - SabrinaJewson:vec-allocator-docs, …
3344ed9 
…r=dtolnay

Make explicit guarantees about `Vec`’s allocator

This commit amends the documentation of `Vec::as_mut_ptr` and `Vec::into_raw_parts` to make it explicit that such calls may be paired with calls to `dealloc` with a suitable layout. This guarantee was effectively already provided by the docs of `Vec::from_raw_parts` mentioning `alloc`.

Additionally, we copy-paste and adjust the “Memory layout” section from the documentation of `std::boxed` to `std::vec`. This explains the allocator guarantees in more detail.
@fmease fmease mentioned this pull request Aug 12, 2025
Closed
fmease added a commit to fmease/rust that referenced this pull request Aug 12, 2025
@fmease
Rollup merge of rust-lang#145260 - SabrinaJewson:vec-allocator-docs, …
82097cd 
…r=dtolnay

Make explicit guarantees about `Vec`’s allocator

This commit amends the documentation of `Vec::as_mut_ptr` and `Vec::into_raw_parts` to make it explicit that such calls may be paired with calls to `dealloc` with a suitable layout. This guarantee was effectively already provided by the docs of `Vec::from_raw_parts` mentioning `alloc`.

Additionally, we copy-paste and adjust the “Memory layout” section from the documentation of `std::boxed` to `std::vec`. This explains the allocator guarantees in more detail.
fmease added a commit to fmease/rust that referenced this pull request Aug 12, 2025
@fmease
Rollup merge of rust-lang#145260 - SabrinaJewson:vec-allocator-docs, …
79b02dc 
…r=dtolnay

Make explicit guarantees about `Vec`’s allocator

This commit amends the documentation of `Vec::as_mut_ptr` and `Vec::into_raw_parts` to make it explicit that such calls may be paired with calls to `dealloc` with a suitable layout. This guarantee was effectively already provided by the docs of `Vec::from_raw_parts` mentioning `alloc`.

Additionally, we copy-paste and adjust the “Memory layout” section from the documentation of `std::boxed` to `std::vec`. This explains the allocator guarantees in more detail.
@fmease fmease mentioned this pull request Aug 12, 2025
Closed
@theemathas
Copy link
Contributor

This PR is incorrect. It needs to mention the case where the Vec is zero-length in addition to the case where T is zero-sized.

bors added a commit that referenced this pull request Aug 12, 2025
@bors
Auto merge of #145282 - fmease:rollup-1hpb5q5, r=fmease
c274350 
Rollup of 15 pull requests

Successful merges:

 - #131477 (Apple: Always pass SDK root when linking with `cc`, and pass it via `SDKROOT` env var)
 - #139806 (std: sys: pal: uefi: Overhaul Time)
 - #144386 (Extract TraitImplHeader in AST/HIR)
 - #144542 (Stabilize `sse4a` and `tbm` target features)
 - #144921 (Don't emit `rustdoc::broken_intra_doc_links` for GitHub-flavored Markdown admonitions like `[!NOTE]`)
 - #145155 (Port `#[allow_internal_unsafe]` to the new attribute system (attempt 2))
 - #145214 (fix: re-enable self-assignment)
 - #145216 (rustdoc: correct negative-to-implicit discriminant display)
 - #145238 (Tweak invalid builtin attribute output)
 - #145249 (Rename entered trace span variables from `_span` to  `_trace`)
 - #145251 (Support using #[unstable_feature_bound] on trait)
 - #145253 (Document compiler and stdlib in stage1 in `pr-check-2` CI job)
 - #145260 (Make explicit guarantees about `Vec`’s allocator)
 - #145263 (Update books)
 - #145273 (Account for new `assert!` desugaring in `!condition` suggestion)

r? `@ghost`
`@rustbot` modify labels: rollup
@fmease
Copy link
Member

fmease commented Aug 12, 2025
edited
Loading

The overarching rollup is 20mins in (out if ~3h15 total). If theemathas's concern is valid, either r- now-ish or wait for the rollup to fail or get merged (in the latter case: plz open a follow-up PR instead). Either way, don't push before an r-.

@fmease
Copy link
Member

fmease commented Aug 12, 2025
edited
Loading

Ok, rollup failed. I'll tangentially r- this due to the concern raised in #145260 (comment) (of which I don't know if it is valid).
@bors r-

@bors bors added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Aug 12, 2025
@SabrinaJewson
Copy link
Contributor Author

The comment is correct – that’s an oversight on my part. I also updated the docs of Vec::from_raw_parts while I was at it.

@dtolnay
Copy link
Member

dtolnay commented Aug 12, 2025

@bors r+

@bors
Copy link
Collaborator

bors commented Aug 12, 2025

📌 Commit 1ce4b37 has been approved by dtolnay

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Aug 12, 2025
Zalathar added a commit to Zalathar/rust that referenced this pull request Aug 12, 2025
@Zalathar
Rollup merge of rust-lang#145260 - SabrinaJewson:vec-allocator-docs, …
422b3a2 
…r=dtolnay

Make explicit guarantees about `Vec`’s allocator

This commit amends the documentation of `Vec::as_mut_ptr` and `Vec::into_raw_parts` to make it explicit that such calls may be paired with calls to `dealloc` with a suitable layout. This guarantee was effectively already provided by the docs of `Vec::from_raw_parts` mentioning `alloc`.

Additionally, we copy-paste and adjust the “Memory layout” section from the documentation of `std::boxed` to `std::vec`. This explains the allocator guarantees in more detail.
@Zalathar Zalathar mentioned this pull request Aug 12, 2025
Open
bors added a commit that referenced this pull request Aug 12, 2025
@bors
Auto merge of #145293 - Zalathar:rollup-rsp9t9l, r=Zalathar
1c7121c 
Rollup of 17 pull requests

Successful merges:

 - #131477 (Apple: Always pass SDK root when linking with `cc`, and pass it via `SDKROOT` env var)
 - #139806 (std: sys: pal: uefi: Overhaul Time)
 - #144210 (std: thread: Return error if setting thread stack size fails)
 - #144386 (Extract TraitImplHeader in AST/HIR)
 - #144921 (Don't emit `rustdoc::broken_intra_doc_links` for GitHub-flavored Markdown admonitions like `[!NOTE]`)
 - #145155 (Port `#[allow_internal_unsafe]` to the new attribute system (attempt 2))
 - #145214 (fix: re-enable self-assignment)
 - #145216 (rustdoc: correct negative-to-implicit discriminant display)
 - #145238 (Tweak invalid builtin attribute output)
 - #145249 (Rename entered trace span variables from `_span` to  `_trace`)
 - #145251 (Support using #[unstable_feature_bound] on trait)
 - #145253 (Document compiler and stdlib in stage1 in `pr-check-2` CI job)
 - #145260 (Make explicit guarantees about `Vec`’s allocator)
 - #145263 (Update books)
 - #145273 (Account for new `assert!` desugaring in `!condition` suggestion)
 - #145283 (Make I-miscompile imply I-prioritize)
 - #145291 (bootstrap: Only warn about `rust.debug-assertions` if downloading rustc)

r? `@ghost`
`@rustbot` modify labels: rollup
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kivooeo Kivooeo Kivooeo left review comments

@dtolnay dtolnay dtolnay approved these changes

Assignees

@dtolnay dtolnay

Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue. T-libs-api Relevant to the library API team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@SabrinaJewson @rustbot @ibraheemdev @dtolnay @bors @theemathas @fmease @Kivooeo