logos-messaging/nim-ffi
1
0
Fork 0
mirror of https://github.com/logos-messaging/nim-ffi.git synced 2026-06-21 00:40:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
nim-ffi/ffi/alloc.nim

92 lines
3.4 KiB
Nim
Raw Permalink Normal View History

chore(ci): fsanitize tests (#34)
2026-05-20 14:14:42 -03:00
## Cross-thread allocation helpers backed by libc `malloc`/`free`.
##
## We deliberately avoid Nim's `allocShared`/`deallocShared` here. Under
## `--mm:orc` they delegate to the per-thread `allocator` MemRegion stored
## in TLS; freeing such a buffer from a different thread later walks
## `chunk.owner` back to that MemRegion. If the original thread has exited
## by then (e.g. a `std::async` worker that produced the FFI request and
## was destroyed before the FFI thread ran `deleteRequest`), `chunk.owner`
## dangles into reclaimed TLS and `addToSharedFreeList` segfaults — TSan on
## ARM reproduces this from `TimerE2E.ThreadedHammer`. `malloc`/`free` are
## process-global and thread-lifetime-independent, so freeing on a different
## thread is safe.
import system/ansi_c
First commit
2025-08-09 22:56:44 +02:00
## Can be shared safely between threads
type SharedSeq*[T] = tuple[data: ptr UncheckedArray[T], len: int]
proc alloc*(str: cstring): cstring =
chore(ci): fsanitize tests (#34)
2026-05-20 14:14:42 -03:00
## Allocates a fresh null-terminated copy of `str` via `c_malloc`. The
## returned pointer must be released with `dealloc(cstring)`.
First commit
2025-08-09 22:56:44 +02:00
if str.isNil():
chore(ci): fsanitize tests (#34)
2026-05-20 14:14:42 -03:00
var ret = cast[cstring](c_malloc(1))
ret[0] = '\0'
First commit
2025-08-09 22:56:44 +02:00
return ret
chore(ci): fsanitize tests (#34)
2026-05-20 14:14:42 -03:00
let ret = cast[cstring](c_malloc(csize_t(len(str) + 1)))
First commit
2025-08-09 22:56:44 +02:00
copyMem(ret, str, len(str) + 1)
return ret
proc alloc*(str: string): cstring =
chore(ci): fsanitize tests (#34)
2026-05-20 14:14:42 -03:00
## Allocates a fresh null-terminated copy of `str` via `c_malloc`. The
## returned pointer must be released with `dealloc(cstring)`.
var ret = cast[cstring](c_malloc(csize_t(str.len + 1)))
First commit
2025-08-09 22:56:44 +02:00
let s = cast[seq[char]](str)
for i in 0 ..< str.len:
ret[i] = s[i]
ret[str.len] = '\0'
return ret
chore(ci): fsanitize tests (#34)
2026-05-20 14:14:42 -03:00
proc dealloc*(p: cstring) {.inline.} =
## Frees a buffer obtained from one of the `alloc(...)` overloads above.
## Nil-safe.
if not p.isNil():
c_free(cast[pointer](p))
Fix memleaks (#11) * protect against mem leak in case of failures sending requests to ffi thread * better cleanup if failures in createFFIContext * avoid dangling cstring in handleRes under ARC/ORC * better resource cleanup in destroyFFIContext * invoke onNotResponding if failure in destroyFFIContext * correct seq copy in alloc * make sure the lock is init before cleanUpResources * better possible exception handling in processReq * guard allocSharedSeq if given seq is empty * enhance error handling in ffi_context * add new tests and some corrections
2026-04-27 21:22:45 +02:00
feat(ffi): emit a native (zero-serialization) C ABI alongside CBOR A single {.ffi.} definition now produces BOTH interfaces, chosen by the caller at link time rather than by a global compile flag: - `<name>` — native typed-arg C export. Args travel to the FFI thread in a c_malloc'd C-POD struct passed by pointer (no CBOR), and the result is delivered to the callback as raw bytes. This is the preferred path for same-process callers: no serialization on either side. - `<name>_cbor` — the existing CBOR-buffer dispatcher, kept for generic / cross-language callers. Both share the user's helper proc; they register distinct handlers keyed by "<Camel>Req" (CBOR) and "<Camel>ReqNative". FFIThreadRequest gains a `cborMode` flag and a `payloadFree` hook so the native C-POD payload (which owns duplicated cstring fields) is released correctly and an empty native result is delivered as a zero-length buffer instead of the CBOR null sentinel. alloc.nim gains ffiCMalloc/ffiCFree (prefixed to avoid Nim's style-insensitive clash with ansi_c.c_malloc/c_free). Verified end-to-end on a scalar-param lib: native calls return raw strings ("calc v1", "sum=42"); the _cbor variant still returns CBOR. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-31 01:05:12 +02:00
proc ffiCMalloc*(T: typedesc): ptr T =
## Allocates a zero-initialised `T` via `c_malloc` so the buffer can cross
## threads safely (see the module note). Used to carry a native (non-CBOR)
## request payload by pointer; release with `ffiCFree`. (Named with the `ffi`
## prefix so it doesn't collide with `ansi_c.c_free`/`c_malloc` under Nim's
## style-insensitive identifier rules.)
let p = cast[ptr T](c_malloc(csize_t(sizeof(T))))
zeroMem(p, sizeof(T))
return p
proc ffiCFree*(p: pointer) {.inline.} =
## Frees a buffer obtained from `ffiCMalloc`. Nil-safe.
if not p.isNil():
c_free(p)
feat(ffi): cross struct/seq/Option params natively via POD The native (zero-serialization) path previously handed `{.ffi.}` struct params to the FFI thread using the Nim object layout (GC'd `string` fields), which does not match the C-POD layout the generated header declares — an ABI mismatch that left struct-param procs uncallable from C and skipped by the Go codegen. Wire the generated POD machinery into both the `{.ffi.}` and `{.ffiCtor.}` native paths: a registered `{.ffi.}` struct now travels as its `<T>Pod` mirror — `clonePod` deep-copies it off the caller's buffers into shared (`c_malloc`) memory on the caller thread, `podToNim` rebuilds the Nim value on the FFI thread, and `freePod` releases it from the CArgs free proc. `string` collapses to `cstring` (alloc/ffiCFree); scalars copy direct. New classifiers (`nativeWireType` / `nativeArgCopyStmt` / `nativeArgUnpackStmt`) keep both paths and the CArgs alloc/free in lockstep so ownership can't drift. The load-bearing invariant: the `<T>Pod` `{.bycopy.}` layout is identical to the C struct emitted by `codegen/c.emitCStructs`, so the `exportc` symbol's ABI matches the header even though Nim's own struct name differs. Keep the two emitters in sync. Validated end-to-end from C (TimerConfig, EchoRequest, and a nested ComplexRequest with seq-of-structs, seq-of-strings and two Options) and clean under ASAN. Struct *returns* still travel as CBOR on the native path; that is left for a follow-up. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-31 10:41:06 +02:00
proc ffiCAllocArray*(T: typedesc, n: int): ptr UncheckedArray[T] =
## Allocates a zero-initialised array of `n` × `T` via `c_malloc` so it can
## cross threads safely. Used by the native POD codegen for `seq[T]` fields;
## release with `ffiCFree`. Returns nil for a non-positive count.
if n <= 0:
return nil
let p = c_malloc(csize_t(sizeof(T) * n))
zeroMem(p, sizeof(T) * n)
return cast[ptr UncheckedArray[T]](p)
chore(ci): fsanitize tests (#34)
2026-05-20 14:14:42 -03:00
proc allocSharedSeq*[T](s: seq[T]): SharedSeq[T] =
Fix memleaks (#11) * protect against mem leak in case of failures sending requests to ffi thread * better cleanup if failures in createFFIContext * avoid dangling cstring in handleRes under ARC/ORC * better resource cleanup in destroyFFIContext * invoke onNotResponding if failure in destroyFFIContext * correct seq copy in alloc * make sure the lock is init before cleanUpResources * better possible exception handling in processReq * guard allocSharedSeq if given seq is empty * enhance error handling in ffi_context * add new tests and some corrections
2026-04-27 21:22:45 +02:00
if s.len == 0:
return (cast[ptr UncheckedArray[T]](nil), 0)
chore(ci): fsanitize tests (#34)
2026-05-20 14:14:42 -03:00
let data = c_malloc(csize_t(sizeof(T) * s.len))
Fix memleaks (#11) * protect against mem leak in case of failures sending requests to ffi thread * better cleanup if failures in createFFIContext * avoid dangling cstring in handleRes under ARC/ORC * better resource cleanup in destroyFFIContext * invoke onNotResponding if failure in destroyFFIContext * correct seq copy in alloc * make sure the lock is init before cleanUpResources * better possible exception handling in processReq * guard allocSharedSeq if given seq is empty * enhance error handling in ffi_context * add new tests and some corrections
2026-04-27 21:22:45 +02:00
copyMem(data, unsafeAddr s[0], sizeof(T) * s.len)
First commit
2025-08-09 22:56:44 +02:00
return (cast[ptr UncheckedArray[T]](data), s.len)
proc deallocSharedSeq*[T](s: var SharedSeq[T]) =
Fix memleaks (#11) * protect against mem leak in case of failures sending requests to ffi thread * better cleanup if failures in createFFIContext * avoid dangling cstring in handleRes under ARC/ORC * better resource cleanup in destroyFFIContext * invoke onNotResponding if failure in destroyFFIContext * correct seq copy in alloc * make sure the lock is init before cleanUpResources * better possible exception handling in processReq * guard allocSharedSeq if given seq is empty * enhance error handling in ffi_context * add new tests and some corrections
2026-04-27 21:22:45 +02:00
if not s.data.isNil():
chore(ci): fsanitize tests (#34)
2026-05-20 14:14:42 -03:00
c_free(s.data)
First commit
2025-08-09 22:56:44 +02:00
s.len = 0
proc toSeq*[T](s: SharedSeq[T]): seq[T] =
## Creates a seq[T] from a SharedSeq[T]. No explicit dealloc is required
## as req[T] is a GC managed type.
var ret = newSeq[T]()
for i in 0 ..< s.len:
ret.add(s.data[i])
return ret
Reference in New Issue Copy Permalink