rune_alloc/limit/
mod.rs

1//! Memory limits for Rune.
2//!
3//! This module contains methods which allows for limiting the memory use of the
4//! virtual machine to abide by the specified memory limit.
5//!
6//! By default memory limits are disabled, but can be enabled by wrapping your
7//! function call or future in [with].
8//!
9//! # Limitations
10//!
11//! Limiting is plugged in at the [Rust allocator level], and does not account
12//! for allocator overhead. Allocator overhead comes about because an allocator
13//! needs to use some extra system memory to perform internal bookkeeping.
14//! Usually this should not be an issue, because the allocator overhead should
15//! be a fragment of memory use. But the exact details would depend on the
16//! [global allocator] used.
17//!
18//! As an example, see the [implementation notes for jemalloc].
19//!
20//! [implementation notes for jemalloc]:
21//!     http://jemalloc.net/jemalloc.3.html#implementation_notes
22//! [Rust allocator level]: https://doc.rust-lang.org/alloc/alloc/index.html
23//! [global allocator]:
24//!     https://doc.rust-lang.org/alloc/alloc/trait.GlobalAlloc.html
25
26#[cfg_attr(feature = "std", path = "std.rs")]
27mod no_std;
28
29use core::future::Future;
30use core::pin::Pin;
31use core::task::{Context, Poll};
32
33use pin_project::pin_project;
34
35use crate::callable::Callable;
36
37/// Something being budgeted.
38///
39/// See [`with`].
40#[pin_project]
41pub struct Memory<T> {
42    /// The current limit.
43    memory: usize,
44    /// The thing being budgeted.
45    #[pin]
46    value: T,
47}
48
49/// Wrap the given value with a memory limit. Using a value of [`usize::MAX`]
50/// effectively disables the memory limit.
51///
52/// The following things can be wrapped:
53/// * A [`FnOnce`] closure, like `with(|| println!("Hello World")).call()`.
54/// * A [`Future`], like `with(async { /* async work */ }).await`;
55///
56/// It's also possible to wrap other wrappers which implement [`Callable`].
57///
58/// See the [module level documentation] for more details.
59///
60/// [module level documentation]: crate::limit
61///
62/// # Examples
63///
64/// ```
65/// use rune::alloc::limit;
66/// use rune::alloc::Vec;
67///
68/// let f = limit::with(1024, || {
69///     let mut vec = Vec::<u32>::try_with_capacity(256)?;
70///
71///     for n in 0..256u32 {
72///         vec.try_push(n)?;
73///     }
74///
75///     Ok::<_, rune::alloc::Error>(vec.into_iter().sum::<u32>())
76/// });
77///
78/// let sum = f.call()?;
79/// assert_eq!(sum, 32640);
80/// # Ok::<_, rune::alloc::Error>(())
81/// ```
82///
83/// Breaching the limit. Note that this happens because while the vector is
84/// growing it might both over-allocate, and hold onto two allocations
85/// simultaneously.
86///
87/// ```
88/// use rune::alloc::limit;
89/// use rune::alloc::Vec;
90///
91/// let f = limit::with(1024, || {
92///     let mut vec = Vec::<u32>::new();
93///
94///     for n in 0..256u32 {
95///         vec.try_push(n)?;
96///     }
97///
98///     Ok::<_, rune::alloc::Error>(vec.into_iter().sum::<u32>())
99/// });
100///
101/// assert!(f.call().is_err());
102/// ```
103pub fn with<T>(memory: usize, value: T) -> Memory<T> {
104    Memory { memory, value }
105}
106
107/// Get remaining memory that may be allocated.
108///
109/// # Examples
110///
111/// Example dealing with trait objects that were allocated externally:
112///
113/// ```
114/// use rune::alloc::{Box, Vec};
115/// use rune::alloc::limit;
116/// use std::boxed::Box as StdBox;
117///
118/// assert_eq!(limit::get(), usize::MAX);
119///
120/// let b: StdBox<dyn Iterator<Item = u32>> = StdBox::new(1..3);
121/// let mut b = Box::from_std(b)?;
122/// assert_eq!(b.next(), Some(1));
123/// assert_eq!(b.next(), Some(2));
124/// assert_eq!(b.next(), None);
125///
126/// assert!(limit::get() < usize::MAX);
127/// drop(b);
128///
129/// assert_eq!(limit::get(), usize::MAX);
130/// # Ok::<_, rune::alloc::Error>(())
131/// ```
132pub fn get() -> usize {
133    self::no_std::rune_memory_get()
134}
135
136/// Take memory from the current budget.
137#[inline(never)]
138pub(crate) fn take(amount: usize) -> bool {
139    self::no_std::rune_memory_take(amount)
140}
141
142/// Release memory from the current budget.
143#[inline(never)]
144pub(crate) fn release(amount: usize) {
145    self::no_std::rune_memory_release(amount);
146}
147
148#[repr(transparent)]
149struct MemoryGuard(usize);
150
151impl Drop for MemoryGuard {
152    fn drop(&mut self) {
153        let _ = self::no_std::rune_memory_replace(self.0);
154    }
155}
156
157impl<T> Memory<T>
158where
159    T: Callable,
160{
161    /// Call the wrapped function, replacing the current budget and restoring it
162    /// once the function call completes.
163    ///
164    /// # Examples
165    ///
166    /// ```
167    /// use rune::alloc::limit;
168    /// use rune::alloc::{Box, Result};
169    /// use rune::alloc::alloc::AllocError;
170    ///
171    /// const LIMIT: usize = 1024;
172    ///
173    /// fn doit() -> Result<Box<[u8; 256]>, AllocError> {
174    ///     Box::try_new([0u8; 256])
175    /// }
176    ///
177    /// fn limited() -> Result<()> {
178    ///     assert_eq!(limit::get(), LIMIT);
179    ///
180    ///     // Hold onto a 256 byte allocation.
181    ///     let b = doit()?;
182    ///     assert_eq!(limit::get(), LIMIT - 256);
183    ///
184    ///     // Drop the allocation, making the memory available again.
185    ///     drop(b);
186    ///     assert_eq!(limit::get(), LIMIT);
187    ///     Ok(())
188    /// }
189    ///
190    /// let inner = limit::with(LIMIT, limited);
191    ///
192    /// assert_eq!(limit::get(), usize::MAX);
193    /// inner.call()?;
194    /// assert_eq!(limit::get(), usize::MAX);
195    /// # Ok::<_, rune::alloc::Error>(())
196    /// ```
197    ///
198    /// Limit being restored after its been breached:
199    ///
200    /// ```
201    /// use rune::alloc::limit;
202    /// use rune::alloc::{Box, Result};
203    /// use rune::alloc::alloc::AllocError;
204    ///
205    /// const LIMIT: usize = 128;
206    ///
207    /// fn doit() -> Result<Box<[u8; 256]>, AllocError> {
208    ///     Box::try_new([0u8; 256])
209    /// }
210    ///
211    /// fn limited() -> Result<()> {
212    ///     assert_eq!(limit::get(), LIMIT);
213    ///
214    ///     // Fail to allocate since we don't have enough memory available.
215    ///     assert!(doit().is_err());
216    ///
217    ///     assert_eq!(limit::get(), LIMIT);
218    ///     Ok(())
219    /// }
220    ///
221    /// let inner = limit::with(LIMIT, limited);
222    ///
223    /// assert_eq!(limit::get(), usize::MAX);
224    /// inner.call()?;
225    /// assert_eq!(limit::get(), usize::MAX);
226    /// # Ok::<_, rune::alloc::Error>(())
227    /// ```
228    pub fn call(self) -> T::Output {
229        Callable::call(self)
230    }
231}
232
233impl<T> Callable for Memory<T>
234where
235    T: Callable,
236{
237    type Output = T::Output;
238
239    #[inline]
240    fn call(self) -> Self::Output {
241        let _guard = MemoryGuard(self::no_std::rune_memory_replace(self.memory));
242        self.value.call()
243    }
244}
245
246/// Treat the current budget as a future, ensuring that the budget is suspended
247/// and restored as necessary when the future is being polled.
248///
249/// # Examples
250///
251/// ```
252/// use rune::alloc::limit;
253/// use rune::alloc::{Box, Result};
254/// use rune::alloc::alloc::AllocError;
255///
256/// const LIMIT: usize = 1024;
257///
258/// async fn doit() -> Result<Box<[u8; 256]>, AllocError> {
259///     Box::try_new([0u8; 256])
260/// }
261///
262/// async fn limited() -> Result<()> {
263///     assert_eq!(limit::get(), LIMIT);
264///
265///     // Hold onto a 256 byte allocation.
266///     let b = doit().await?;
267///     assert_eq!(limit::get(), LIMIT - 256);
268///
269///     // Drop the allocation, making the memory available again.
270///     drop(b);
271///     assert_eq!(limit::get(), LIMIT);
272///     Ok(())
273/// }
274///
275/// # #[tokio::main(flavor = "current_thread")]
276/// # async fn main() -> rune::alloc::Result<()> {
277/// let inner = limit::with(LIMIT, limited());
278///
279/// assert_eq!(limit::get(), usize::MAX);
280/// inner.await?;
281/// assert_eq!(limit::get(), usize::MAX);
282/// # Ok::<_, rune::alloc::Error>(())
283/// # }
284/// ```
285///
286/// Limit being restored after its been breached:
287///
288/// ```
289/// use rune::alloc::limit;
290/// use rune::alloc::{Box, Result};
291/// use rune::alloc::alloc::AllocError;
292///
293/// const LIMIT: usize = 128;
294///
295/// async fn doit() -> Result<Box<[u8; 256]>, AllocError> {
296///     Box::try_new([0u8; 256])
297/// }
298///
299/// async fn limited() -> Result<()> {
300///     assert_eq!(limit::get(), LIMIT);
301///
302///     // Fail to allocate since we don't have enough memory available.
303///     assert!(doit().await.is_err());
304///
305///     assert_eq!(limit::get(), LIMIT);
306///     Ok(())
307/// }
308///
309/// # #[tokio::main(flavor = "current_thread")]
310/// # async fn main() -> rune::alloc::Result<()> {
311/// let inner = limit::with(LIMIT, limited());
312///
313/// assert_eq!(limit::get(), usize::MAX);
314/// inner.await?;
315/// assert_eq!(limit::get(), usize::MAX);
316/// # Ok::<_, rune::alloc::Error>(())
317/// # }
318/// ```
319impl<T> Future for Memory<T>
320where
321    T: Future,
322{
323    type Output = T::Output;
324
325    fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
326        let this = self.project();
327
328        let _guard = MemoryGuard(self::no_std::rune_memory_replace(*this.memory));
329        let poll = this.value.poll(cx);
330        *this.memory = self::no_std::rune_memory_get();
331        poll
332    }
333}