fitzgen
commented
2 years ago iter_allocated_chunks gives our shared references to the underlying chunks which, if we allowed &self on iter_allocated_chunks, could have active exclusive references from allocated things, thereby breaking Rust's exlusive xor shared rules and causing undefined behavior. So I think iter_allocated_chunks is a non-starter here.
However, we could have something like iter_allocated_chunk_ptrs that just returns raw *mut u8s and leaves it up to you to figure out whether it is safe to turn those things into a reference or not. I think this would still have to be unsafe because nothing would stop you from allocating from the bump while iterating over the chunks, which will mess with the iterator. It could technically be possible to handle this correctly, but it seems like a lot of unnecessary maintenance overhead for a use case that shouldn't really be supported. I'd rather just mark it unsafe and document that part of the unsafety contract is that allocating from the Bump while one of these iterators is active is unsafe.
ndmitchell
poconn
In starlark-rust we use Bumpalo as the backing for a garbage collector. Starlark has the property that after a module has been interpreted, its heap is frozen, which leads us to have
struct FrozenHeap(Arc<Bumpalo>). We'd like to add a feature to iterate over the heap to produce memory profile reports, but alas,iter_allocated_chunkstakes a&mut self, which we can't produce given an immutableBumpaloin anArc. Would it be possible to provide aniter_allocated_chunksvariant which took a non-mutself, perhaps inunsafeif necessary. While I'm happy to callunsafe, converting my&Bumpalointo an&mut Bumpalogiven many owners is instant undefined behaviour in Rust.