Add xfree_sized and xrealloc_sized #3894
Open
+154
−10
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
Ruby internals have had a
ruby_sized_xfreefunction for a very longtime. Until recently it was just used to feed the freed size into the GC statistics, to allow it to be smarter as of when to trigger.However C23 does introduce
free_sized: https://en.cppreference.com/w/c/memory/free_sized.html, which when used allow allocator to either deallocate faster or be more secure by aborting when the size doesn't match.It is however important to note that passing an incorrect size is undefined behavior, so the allocator could just as well leak or crash.
Very recently
glibc 2.43added support forfree_sized: https://sourceware.org/pipermail/libc-announce/2026/000052.html, and other common allocators likejemallochave supported it for years.However if the allocator doesn't support it, it's easily shimed with a simple macro that discard the size.
The last few days I've changed a majority of
xfreecalls inside MRI to useruby_sized_xfree, and added some debug checks inside it to ensure the passed size is correct, and that surfaced a few minor bugs (mostly strings losing a few bytes of capacity when switching between encodings). (e.g. ruby/ruby#16010)Now most of Ruby's own codebase have been converted, and most of the remaining unsized frees are within
prismand similarly vendored codebases. I haven't yet hooked MRI to the allocator, for now it's still only used for GC statistics.xrealloc_sizedI'm not sure why, but C23 standard doesn't defined
realloc_sized, but similarly Ruby hadruby_sized_xreallocfor a while, and I think it does make a lot of sense for that purpose given realloc is essentiallymalloc + free.Proposal
I'd like to also convert Prism to use sized frees as well, so that when compiled inside Ruby it can use
ruby_sized_xfree, hence play better with the GC and potentially benefit from C23free_sizedperformance benefits in the future.In this PR I implemented debug checks for the allocator sizes, and converted a few call sites to the new API, as well as added a couple convenience macros that make using
free_sizedmuch easier.A side benefit of these debug checks is that if you accidentally use raw
freeor rawmalloc, it will blow up.If there is interest from the maintainers, I can convert the rest of the prism codebase.