Document that the ptr field of Allocator/Random should not be compared and remove existing comparison
#22691
Conversation
squeek502
force-pushed
the
child-internal-array-list
branch
from
36c6092 to
39536a6
Compare
|
I think this is a much better approach than #21760.
To me, a doc comment isn't some "best effort" thing, it's precisely the right thing to do here. Doc comments are how we communicate aspects of APIs which aren't clear from the type system alone. In this case, we're trying to communicate the constraint "comparisons with this field may result in
The alternative is to write code which is almost certainly a bug. #21760 masks weird behavior by making it valid; this approach means that it does at least sometimes have the possibility to result in a safety panic! The specific example in #21760 isn't indicative of a bug as such, but of an incredibly poor API. I can't think of any reason to look at
I disagree. The intention here is to convey "this pointer is guaranteed to be unused, so its value is irrelevant"; those are precisely the semantics that |
|
Makes sense.
I think this is our only real disagreement, as I don't see this as a sufficient guarantee. Can totally understand this being merged instead of #21760, though; it's just not the choice I would personally make. |
squeek502
force-pushed
the
child-internal-array-list
branch
from
39536a6 to
73c121a
Compare
|
Might be worth noting that https://github.com/search?q=collectOutput+language%3Azig&type=code |
|
Thanks for checking, in that case I'll make a different flavor of review |
| stdout: *std.ArrayList(u8), | ||
| stderr: *std.ArrayList(u8), | ||
| /// Used for `stdout` and `stderr`. | ||
| allocator: Allocator, |
There was a problem hiding this comment.
Since this is going to break some people's code, let's put a little effort into making it more future-proof. My suggestion also happens to be more familiar to existing callsites.
- Make them both
std.ArrayListUnmanaged - Make the function only append to them, not clear them
Sure, this implementation uses that fifo abstraction but that's not necessarily how it has to work. And append-only array list is generally a very flexible API from the caller's perspective.
I'll note also that this patch introduces more error handling that can be deleted with the above suggestion.
There was a problem hiding this comment.
Pushed a simple version of this API while I look into improving the implementation (the version I just pushed still uses std.io.poll and then just calls appendSlice to copy the data from the FIFO to the ArrayListUnmanaged).
Unsure how long it'll take to write the improved version; one option would be to leave improving the implementation as a follow-up issue.
There was a problem hiding this comment.
Pushed an attempt at making std.io.Poller not FIFO-specific and then using the ArrayListUnmanageds directly here:
Let me know if it looks like I'm vaguely on the right track and I'll add it to this PR.
There was a problem hiding this comment.
Sorry I didn't look at your branch yet, I'll try to get to that later
There was a problem hiding this comment.
No worries, it's only a minor improvement after the list.capacity == 0 optimization from #22691 (comment)
squeek502
force-pushed
the
child-internal-array-list
branch
from
3b4a04d to
fd40c36
Compare
alexrp
force-pushed
the
child-internal-array-list
branch
from
fd40c36 to
16200c8
Compare
Removes an inadvisable comparison of Allocator.ptr fields
squeek502
force-pushed
the
child-internal-array-list
branch
from
16200c8 to
4041cc0
Compare
|
Thanks, appreciate all the follow-ups. |
|
This should get the |
alexrp
added
breaking
Release Notesstd.process.Child.collectOutput API changesUpgrade guide: var stdout = std.ArrayList(u8).init(allocator);
defer stdout.deinit();
var stderr = std.ArrayList(u8).init(allocator);
defer stderr.deinit();
try child.collectOutput(&stdout, &stderr, max_output_bytes);↓ var stdout: std.ArrayListUnmanaged(u8) = .empty;
defer stdout.deinit(allocator);
var stderr: std.ArrayListUnmanaged(u8) = .empty;
defer stderr.deinit(allocator);
try child.collectOutput(allocator, &stdout, &stderr, max_output_bytes);Before, With this change, that unsafe |
|
probably shouldnt use decl literals in the before since 0.13 didnt have them |
|
Good call, removed them from the 'before' code. |
Release notes: #22691 (comment)
This is an alternative to #21760 (it's the 1st option in that PR's description):
(suggested for exploration here: #21760 (comment))
However, I personally think this is probably not the best solution to #21756 / #17704, for a few reasons:
Allocatorimplementations that set.ptr = undefined)undefinedfor the ptr field ofAllocator/Randominstances #21760 better communicates the intention behind setting.ptr = undefined, and removes the possibility of illegal behavior (and doesn't increase the field's size, so there's no real downside AFAIK)If #21760 is merged, this PR could be seen as just a straightforward improvement to the API of
process.Child.collectOutput, plus an irrelevant extra commit that could be dropped.What I personally would like to see happen is exactly that: merge #21760 to address #21756 / #17704, and then drop the second commit from this PR and merge it too.
Note that the changes to
collectOutputdiffer from those suggested in #21760 (comment) because I realized that there's no tangible benefit to takingArrayListpointers--the memory forstdout/stderris handled viastd.io.polland itsLinearFifos, and then the result is stuffed into the ArrayList fields and returned, so doing something like callingensureTotalCapacity/etc beforecollectOutputis wasted at best (or will leak memory at worst).Instead, the
ArrayListparameters were removed in favor of just an allocator parameter, and the ArrayList usage is now just an implementation detail (it's just used for the convenience oftoOwnedSlice).If this is merged instead of #21760, then: