Fail when a vec::reserve is too large #7578
Conversation
|
I think it needs to be decided what the semantics of reserve are. Is capacity guaranteed to be increased? Is it reserve-or-fail, or can it just be silent? It's normally just a performance optimization, although some code might rely on it always increasing the vec::capacity() number. |
|
I don't think that this should silently fail. If you request a reservation of space, then you're expecting to definitely get that. There are also points in the code right now which rely on the fact that reserve succeeds if it returns (grep for Furthermore, even if the overflow check failed, there's still the abort which happens if rust fails to allocate memory (which is the more likely scenario anyway). |
|
Yeah, reserve has to give you at least that much space to maintain a sane safety guarantee. |
|
@thestinger: agreed. This is especially important for optimized FFI functions, when you want to malloc a block of memory without initializing it with vec::reserve, pass it to an external function, then set the length. It's ugly, but important in a couple circumstances. So reserve can't just be a hint, it needs to allocate all the space requested or fail in some manner. |
This should never cause a segfault, but rather fail somehow. Possibly a condition could be used here, but for now there's not much else to do.
…teffen Small documentation update for the new metadata_collector Just small documentation updates after the merge of the new metadata collection. I'm also here to deliver on the promised fairy tale: *Once upon a time, there was a world with many languages. One of the oldest was C a very versatile language that gave great power for the cost of great complexity and manual work. C was so powerful that it was able to create new languages. There is Java a versatile language often used by companies and in formal settings. Python that focused on readability and rapid prototyping capabilities. JavaScript which has some interesting edge cases but was still loved and widely used in the world. Together they build the foundation of our world and continue to shape the interactions between kingdoms worldwide.* *C ruled as the king of Linux and other operating systems alongside the Queen C++. Together they were powerful leaders, in fact so powerful that they have been ruling this world for over 49 years. They remain happy together and loved by the community. However, with great power comes great responsibility! The two of them have a dark secret. To tell the truth, they sometimes suffer from memory loss and even worse in some instances from race conditions.* *A mystical creature called Firefox lead to the creation of Mozilla, a global organization fighting for privacy and for their market share in the browser marked. As part of this fight, they started to modify parts of Firefox and eventually created Servo. A completely new creature with a new language called Rust. This new form of communication was focussed on correctness, speed and a new model of memory management.* *Rust grew up over several years with modification to syntax, content among other things. Finally, in 2015 Rust has reached adulthood which enabled it to take part in the global discourse and shape the future of our world. Some even say that this was the start of a new area withing language design.* *Rust had already started to build its kingdom and was now the head of a complete organization, with teams being in charge of individual tools used for further development. One team focussing on further improving Rust when it comes to complexity, style and performance was **The Clippy Team**. Its members were a friendly bunch, with mages and wizards among them.* *With the goal of giving more power to Rust, they identified a Python tool inside Clippy that could be rewritten. This led to the creating of the **Metadata collection monster**. This monster soon replaced the old Python tool and allowed for new creative additions inside Clippy's lint list. With the eradication of the old tool, there came a possibility to update the configuration documentation to span over a lager area. This was done, but some doc comments remained until now in memory of the old tool. This is now the PR that removes these doc comments.* --- I have to stop now, this already took way longer than the actual changes. It probably also contains some spelling mistakes, but oh well. I hope you get the gist of it 🙃. --- r? `@camsteffen` changelog: none
This should never cause a segfault, but rather fail somehow. Possibly a condition could be used here, but for now there's not much else to do.