Released YYYY-MM-DD.
- TODO (or remove section if none)
- TODO (or remove section if none)
- TODO (or remove section if none)
- TODO (or remove section if none)
- TODO (or remove section if none)
- TODO (or remove section if none)
Released 2020-05-13.
-
Added fallible allocation methods to
Bump:try_new,try_with_capacity, andtry_alloc_layout. -
Added
Bump::chunk_capacity -
Added
bumpalo::collections::Vec::try_reserve[_exact]
Released 2020-03-24.
-
When
reallocing, if we allocate new space, we need to copy the old allocation's bytes into the new space. There areold_sizenumber of bytes in the old allocation, but we were accidentally copyingnew_sizenumber of bytes, which could lead to copying bytes into the realloc'd space from past the chunk that we're bump allocating out of, from unknown memory.If an attacker can cause
reallocs, and can read therealoced data back, this could allow them to read things from other regions of memory that they shouldn't be able to. For example, if some crypto keys happened to live in memory right after a chunk we were bump allocating out of, this could allow the attacker to read the crypto keys.Beyond just fixing the bug and adding a regression test, I've also taken two additional steps:
-
While we were already running the testsuite under
valgrindin CI, becausevalgrindexits with the same code that the program did, if there are invalid reads/writes that happen not to trigger a segfault, the program can still exit OK and we will be none the wiser. I've enabled the--error-exitcode=1flag forvalgrindin CI so that tests eagerly fail in these scenarios. -
I've written a quickcheck test to exercise
realloc. Without the bug fix in this patch, this quickcheck immediately triggers invalid reads when run undervalgrind. We didn't previously have quickchecks that exercisedreallocbeacusereallocisn't publicly exposed directly, and instead can only be indirectly called. This new quickcheck test exercisesreallocviabumpalo::collections::Vec::resizeandbumpalo::collections::Vec::shrink_to_fitcalls.
This bug was introduced in version 3.0.0.
See #69 for details.
-
Released 2020-02-07.
- Added the
bumpalo::collections::Vec::into_bump_slice_mutmethod to turn abumpalo::collections::Vec<'bump, T>into a&'bump mut [T].
Released 2020-01-07.
- The
bumpalo::collections::format!macro did not used to accept a trailing comma likeformat!(in bump; "{}", 1,), but it does now.
Released 2020-01-03.
- The
bumpalo::collections::vec!macro did not used to accept a trailing comma likevec![in bump; 1, 2,], but it does now.
Released 2019-12-27.
- Added the
Bump::allocated_bytesdiagnostic method for counting the total number of bytes aBumphas allocated.
Released 2019-12-20.
-
Added
Bump::alloc_strfor copying string slices into aBump. -
Added
Bump::alloc_slice_copyandBump::alloc_slice_clonefor copying or cloning slices into aBump. -
Added
Bump::alloc_slice_fill_iterfor allocating a slice in theBumpfrom an iterator. -
Added
Bump::alloc_slice_fill_copyandBump::alloc_slice_fill_clonefor creating slices of lengthnthat are filled with copies or clones of an inital element. -
Added
Bump::alloc_slice_fill_defaultfor creating slices of lengthnwith the element type's default instance. -
Added
Bump::alloc_slice_fill_withfor creating slices of lengthnwhose elements are initialized with a function or closure. -
Added
Bump::iter_allocated_chunksas a replacement for the oldBump::each_allocated_chunk. Theiter_allocated_chunksversion returns an iterator, which is more idiomatic than its old, callback-taking counterpart. Additionally,iter_allocated_chunksexposes the chunks asMaybeUninits instead of slices, which makes it usable in more situations without triggering undefined behavior. See also the note about bump direction in the "changed" section; if you're iterating chunks, you're likely affected by that change! -
Added
Bump::with_capacityso that you can pre-allocate a chunk with the requested space.
-
BREAKING: The direction we allocate within a chunk has changed. It used to be "upwards", from low addresses within a chunk towards high addresses. It is now "downwards", from high addresses towards lower addresses.
Additionally, the order in which we iterate over allocated chunks has changed! We used to iterate over chunks from oldest chunk to youngest chunk, and now we do the opposite: the youngest chunks are iterated over first, and the oldest chunks are iterated over last.
If you were using
Bump::each_allocated_chunkto iterate over data that you had previously allocated, and you want to iterate in order of oldest-to-youngest allocation, you need to reverse the chunks iterator and also reverse the order in which you loop through the data within a chunk!For example, if you had this code:
unsafe { bump.each_allocated_chunk(|chunk| { for byte in chunk { // Touch each byte in oldest-to-youngest allocation order... } }); }
It should become this code:
let mut chunks: Vec<_> = bump.iter_allocated_chunks().collect(); chunks.reverse(); for chunk in chunks { for byte in chunk.iter().rev() { let byte = unsafe { byte.assume_init() }; // Touch each byte in oldest-to-youngest allocation order... } }
The good news is that this change yielded a speed up in allocation throughput of 3-19%!
See fitzgen#37 and https://fitzgeraldnick.com/2019/11/01/always-bump-downwards.html for details.
-
BREAKING: The
collectionscargo feature is no longer on by default. You must explicitly turn it on if you intend to use thebumpalo::collectionsmodule. -
Bump::resetwill now retain only the last allocated chunk (the biggest), rather than only the first allocated chunk (the smallest). This should enableBumpto better adapt to workload sizes and quickly reach a steady state where new chunks are not requested from the global allocator.
-
The
Bump::each_allocated_chunkmethod is removed in favor ofBump::iter_allocated_chunks. Note that its safety requirements for reading from the allocated chunks are slightly different from the oldeach_allocated_chunk: only up to 16-byte alignment is supported now. If you allocate anything with greater alignment than that into the bump arena, there might be uninitilized padding inserted in the chunks, and therefore it is no longer safe to read them viaMaybeUninit::assume_init. See also the note about bump direction in the "changed" section; if you're iterating chunks, you're likely affected by that change! -
The
stdcargo feature has been removed, since this crate is now always no-std.
- Fixed a bug involving potential integer overflows with large requested allocation sizes.
Released 2019-08-19.
- Implement
SendforBump.
Released 2019-07-01.
- Add
alloc_slice_copyandalloc_slice_clonemethods that allocate space for slices and either copy (with boundT: Copy) or clone (with boundT: Clone) the provided slice's data into the newly allocated space.
Released 2019-05-20.
- Fixed a bug where chunks were always deallocated with the default chunk layout, not the layout that the chunk was actually allocated with (i.e. if we started growing largers chunks with larger layouts, we would deallocate those chunks with an incorrect layout).
Released 2019-05-17.
- Added an implementation
DefaultforBump. - Made it so that if bump allocation within a chunk overflows, we still try to allocate a new chunk to bump out of for the requested allocation. This can avoid some OOMs in scenarios where the chunk we are currently allocating out of is very near the high end of the address space, and there is still available address space lower down for new chunks.
Released 2019-04-19.
- Added readme metadata to Cargo.toml so it shows up on crates.io
Released 2019-04-19.
- Added support for
reallocing in-place when the pointer beingrealloced is the last allocation made from the bump arena. This should speed up variousString,Vec, andformat!operations in many cases.
Released 2019-03-26.
- Add the
alloc_withmethod, that (usually) avoids stack-allocating the allocated value and then moving it into the bump arena. This avoids potential stack overflows in release mode when allocating very large objects, and also somememcpycalls. This is similar to thecopylesscrate. Read thealloc_withdoc comments and the original issue proposing this API for more.
Released 2019-03-18.
- Fix a regression from 2.2.1 where chunks were not always aligned to the chunk footer's alignment.
Released 2019-03-18.
- Fix a regression in 2.2.0 where newly allocated bump chunks could fail to have capacity for a large requested bump allocation in some corner cases.
Released 2019-03-15.
- Chunks in an arena now start out small, and double in size as more chunks are requested.
Released 2019-02-12.
- Added the
into_bump_slicemethod onbumpalo::collections::Vec<T>.
Released 2019-02-11.
- Removed the
BumpAllocSafetrait. - Correctly detect overflows from large allocations and panic.
Released 2019-01-15.
- Fixed an overly-aggressive
debug_assert!that had false positives. - Ported to Rust 2018 edition.
Released 2018-11-28.
- Added the
collectionsmodule, which contains ports ofstd's collection types that are compatible with backing their storage inBumparenas. - Lifted the limits on size and alignment of allocations.