refactor(allocator): refactor and improve safty comments of String::from_strs_array_in#9639
Merged
graphite-app[bot] merged 1 commit intomainfrom Mar 10, 2025
Conversation
Member
Author
How to use the Graphite Merge QueueAdd either label to this PR to merge it via the merge queue:
You must have a Graphite account in order to use the merge queue. Sign up using this link. An organization admin has enabled the Graphite Merge Queue in this repository. Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue. This stack of pull requests is managed by Graphite. Learn more about stacking. |
github-actions
bot
added
the
C-cleanup
CodSpeed Performance ReportMerging #9639 will not alter performanceComparing Summary
|
overlookmotel
force-pushed
the
03-07-refactor_allocator_optimize_and_improve_safty_comments_of_string_from_strs_array_in_
branch
from
8d9618b to
c394d37
Compare
overlookmotel
changed the title
String::from_strs_array_inString::from_strs_array_in
Member
Author
|
I think we can remove some branches by relying on the fact that |
Contributor
Merge activity
|
…from_strs_array_in` (#9639) Follow-on after #9329. More fully document the constraints that ensure the safety of `String::from_strs_array_in`. The implementation in #9329 was already sound, but the comments didn't prove that (and in fact without checking the docs for `ptr::copy_nonoverlapping` and `*mut T::add`, I wasn't sure that it *was* sound if some of the input strings are zero length). Also add a debug assertion to check the pointer calculations are correct. Also refactor: Use `String::from_utf8_unchecked` to construct the eventual `String`, instead of `String::from_raw_parts_in`. The 2 are currently equivalent, but `allocator_api2::vec::Vec` does not guaranteed that `with_capacity_in` won't allocate *more* bytes than requested. If it does, `String::from_utf8_unchecked` makes use of that spare capacity in the `String`, whereas `String::from_raw_parts_in(ptr, len, len, allocator)` doesn't. That wasn't a soundness hole because both `Vec` and `String` are non-`Drop`, but it would have been a potential memory leak if they were.
graphite-app
bot
force-pushed
the
03-07-refactor_allocator_optimize_and_improve_safty_comments_of_string_from_strs_array_in_
branch
from
c394d37 to
44101bd
Compare
Member
|
Wow, thanks for taking time improving it, I learned a lot to about writing detailed safety comments! |
graphite-app
bot
deleted the
03-07-refactor_allocator_optimize_and_improve_safty_comments_of_string_from_strs_array_in_
branch
Boshen
added a commit
that referenced
this pull request
Mar 11, 2025
## [0.57.0] - 2025-03-11 - 510446a parser: [**BREAKING**] Align JSXNamespacedName with ESTree (#9648) (Arnaud Barré) - b0d979d semantic: [**BREAKING**] Make `Scoping::references` private (#9629) (Boshen) - 3c6f140 semantic: [**BREAKING**] Make `Scoping` methods consistent (#9628) (Boshen) - ef6e0cc semantic: [**BREAKING**] Combine `SymbolTable` and `ScopeTree` into `Scoping` (#9615) (Boshen) - 7331656 semantic: [**BREAKING**] Rename `SymbolTable` and `ScopeTree` methods (#9613) (Boshen) - 23738bf semantic: [**BREAKING**] Introduce `Scoping` (#9611) (Boshen) ### Features - b6deff8 ecmascript: Support integer index access for array and string in `may_have_side_effects` (#9603) (sapphi-red) - 047fb01 minifier: Place `void 0` on right hand side if possible (#9606) (sapphi-red) - 36f8703 minifier: Compress `[] + string` to `string` (#9602) (sapphi-red) - 554c4ce minifier: Compress constant integer index access (#9604) (sapphi-red) - e3c2015 minifier: Allow compressing computed __proto__ more precisely (#9595) (sapphi-red) - 6a57198 minifier: Allow compressing computed constructor/prototype keys precisely (#9594) (sapphi-red) - 638007b parser: Apply `preserveParens` to `TSParenthesizedType` (#9653) (Boshen) ### Bug Fixes - eae1a41 ast: Align `TSImportType` field names with ts-eslint (#9664) (Boshen) - 96eef8b ecmascript: `(foo() + "").length` may have a side effect (#9605) (sapphi-red) - 24d9261 minifier: Remove names from functions / classes in normal pass to make the minifier idempotent (#9608) (sapphi-red) - 6ac3635 napi/parser: Disable raw transfer on unsupported platforms (#9651) (overlookmotel) - cfdcfdb parser: Fix end span for optional binding pattern without type annotation (#9652) (Boshen) - 26da65d parser: Parse asi after class accessor property (#9623) (Boshen) - 87462fd parser: Fix end span for `using` declaration (#9622) (Boshen) - 29edb51 transformer: Fix module runner transform of export default expression (#9661) (hi-ogawa) ### Documentation - 31a2618 allocator: Add safety constraint for `String::from_raw_parts_in` (#9640) (overlookmotel) ### Refactor - 44101bd allocator: Refactor and improve safty comments of `String::from_strs_array_in` (#9639) (overlookmotel) - c6edafe napi: Remove `npm/oxc-*/` npm packages (#9631) (Boshen) - a43c341 semantic: Add `Scoping` to `Semantic` (#9614) (Boshen) Co-authored-by: Boshen <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-on after #9329.
More fully document the constraints that ensure the safety of
String::from_strs_array_in.The implementation in #9329 was already sound, but the comments didn't prove that (and in fact without checking the docs for
ptr::copy_nonoverlappingand*mut T::add, I wasn't sure that it was sound if some of the input strings are zero length).Also add a debug assertion to check the pointer calculations are correct.
Also refactor:
Use
String::from_utf8_uncheckedto construct the eventualString, instead ofString::from_raw_parts_in. The 2 are currently equivalent, butallocator_api2::vec::Vecdoes not guaranteed thatwith_capacity_inwon't allocate more bytes than requested. If it does,String::from_utf8_uncheckedmakes use of that spare capacity in theString, whereasString::from_raw_parts_in(ptr, len, len, allocator)doesn't.That wasn't a soundness hole because both
VecandStringare non-Drop, but it would have been a potential memory leak if they were.