feat: mach-std 0.13.0 — robust spawn, deallocate Result, format coverage#297
Merged
Conversation
Replace the fork()-based linux spawn with clone(CLONE_VM|CLONE_VFORK| SIGCHLD) onto a private child stack plus a pinned trampoline, so the child never copies or touches the parent's address space. Under CLONE_VM the kernel never runs fork's COW commit-accounting, so spawn no longer ENOMEMs on a swapless vm.overcommit_memory=0 host (GitHub runners) — mach#1487 — and the fix benefits every fork-heavy mach program. The child runs the trampoline on its own stack (reached by a direct jump/branch from the clone child, mirroring thread_spawn): it only redirects fds, closes inherited fds, and execs, then exits 126/127 on failure. CLONE_VFORK suspends the parent until the child execs or exits, keeping argv/envp and the ctx struct stable. Verified x86_64 (native) and aarch64 (qemu): strace/QEMU_STRACE confirm clone(CLONE_VM|CLONE_VFORK|SIGCHLD, child_stack=...); exec/capture and a new repeated-spawn regression pass on both arches. Refs mach#1487
… hex Document f32 formatting (widens to f64, no f32-specific shortest round-trip) on the module and the dispatch arm, and add tests: - f32 exactly-representable values plus an inexact one (0.1f32) showing the full f64 expansion of the widened value. - one case per smaller width class (i8/i16/i32, u16/u32) that widens to i64/u64. - negative signed hex (-1i64 -> ffffffffffffffff, -42i64 -> ...d6). Closes #293
Align the generic deallocate[T] with allocate/reallocate by translating the raw deallocator status into a Result instead of a bare i64: ok(true) on success (including the nil-pointer / count == 0 no-op), err on a non-zero status. Update every caller that inspected the return (vector/deque/heap/bitset/buffer dnit, map free, arena tests) and add a generic-deallocate Result test. deallocate_raw stays i64 (the raw errno primitive under the typed layer). Closes #291
octalide
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Integration branch for the 0.13.0 release.
Items
os.spawn/spawn_redirectednowclone(CLONE_VM|CLONE_VFORK|SIGCHLD)the child onto a private stack + a pinned trampoline instead offork(). Sharing the address space (CLONE_VM) skips fork's copy-on-write commit accounting, so spawn never ENOMEMs on a swaplessvm.overcommit_memory=0host. Verified on x86_64 (native) and aarch64 (qemu) via strace/QEMU_STRACE (clone(child_stack=…, flags=CLONE_VM|CLONE_VFORK|SIGCHLD), zerofork/vfork) + exec/capture + a new repeated-spawn regression. Darwin intentionally stays onfork()— see note below.std.allocator.deallocategeneric returns a numeric value instead of translating to a Result or Option #291 —std.allocator.deallocate→Result. The genericdeallocate[T]now returnsResult[bool, str](ok on the nil/zero no-op too), aligning withallocate/reallocate;deallocate_rawstays the raw i64 primitive. Every caller that inspected the status was updated + a new test added.f32widening tof64(module + dispatch arm) and added tests for f32 widening, smaller int widths (i8/i16/i32, u16/u32), and negative signed hex.Notes
$fieldsderive helpers) is NOT in this release — blocked by a mach 2.0.1 limitation:$each $fields(T)unrolls eagerly at template sema and rejects a generic type parameter ($fields requires a record type), unlike variadic packs which defer to monomorphization (#1475). Only concrete record types work today. It is an explicit stretch ("not required for the release"); deferring pending a compiler fix.fork(): it is not subject to the linux heuristic-overcommit ENOMEM, and a separate-stack vfork variant needs hand-written stack-switch asm that cannot be runtime-verified without macOS CI — out of scope for a memory-safety-critical change verified here only on linux.mach build+mach testgreen (563 passed, 0 failed).Closes #291
Closes #293
Refs mach#1487