{"id":13822623,"url":"https://github.com/dropbox/rust-alloc-no-stdlib","last_synced_at":"2025-05-16T17:31:18.691Z","repository":{"id":6289521,"uuid":"55284098","full_name":"dropbox/rust-alloc-no-stdlib","owner":"dropbox","description":"An interface to a generic allocator so a no_std rust library can allocate memory, with, or without stdlib being linked.","archived":false,"fork":false,"pushed_at":"2023-11-06T11:28:48.000Z","size":60,"stargazers_count":174,"open_issues_count":8,"forks_count":18,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-05-03T00:38:34.680Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dropbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-04-02T07:57:09.000Z","updated_at":"2024-11-19T21:06:04.000Z","dependencies_parsed_at":"2024-01-18T04:07:10.744Z","dependency_job_id":"8db8be3a-a322-4725-87e8-01928def0035","html_url":"https://github.com/dropbox/rust-alloc-no-stdlib","commit_stats":{"total_commits":43,"total_committers":3,"mean_commits":"14.333333333333334","dds":"0.34883720930232553","last_synced_commit":"6032b6a9b20e03737135c55a0270ccffcc1438ef"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Frust-alloc-no-stdlib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Frust-alloc-no-stdlib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Frust-alloc-no-stdlib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Frust-alloc-no-stdlib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dropbox","download_url":"https://codeload.github.com/dropbox/rust-alloc-no-stdlib/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254036813,"owners_count":22003655,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T08:02:09.595Z","updated_at":"2025-05-16T17:31:18.412Z","avatar_url":"https://github.com/dropbox.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"# Framework for allocating memory in #![no_std] modules.\n\n[![crates.io](http://meritbadge.herokuapp.com/alloc-no-stdlib)](https://crates.io/crates/alloc-no-stdlib)\n[![Build Status](https://travis-ci.org/dropbox/rust-alloc-no-stdlib.svg?branch=master)](https://travis-ci.org/dropbox/rust-alloc-no-stdlib)\n\n\n## Requirements\n * Rust 1.6\n\n## Documentation\nCurrently there is no standard way to allocate memory from within a module that is no_std.\nThis provides a mechanism to describe a memory allocation that can be satisfied entirely on\nthe stack, by unsafely linking to calloc, or by unsafely referencing a mutable global variable.\nThis library currently will leak memory if free_cell isn't specifically invoked on memory.\n\nHowever, if linked by a library that actually can depend on the stdlib then that library\ncan simply pass in a few allocators and use the standard Box allocation and will free automatically.\n\nThis library should also make it possible to entirely jail a rust application that needs dynamic\nallocations by preallocating a maximum limit of data upfront using calloc and\nusing seccomp to disallow future syscalls.\n\n## Usage\n\nThere are 3 modes for allocating memory, each with advantages and disadvantages\n\n### On the stack\nThis is possible without the stdlib at all\nHowever, this eats into the natural ulimit on the stack depth and generally\nlimits the program to only a few megs of dynamically allocated data\n\nExample:\n\n```rust\n// First define a struct to hold all the array on the stack.\ndeclare_stack_allocator_struct!(StackAllocatedFreelist4, 4, stack);\n// since generics cannot be used, the actual struct to hold the memory must be defined with a macro\n...\n\n// in the code where the memory must be used, first the array needs to be readied\nlet mut stack_buffer = define_allocator_memory_pool!(4, u8, [0; 65536], stack);\n// then an allocator needs to be made and pointed to the stack_buffer on the stack\n// the final argument tells the system if free'd data should be zero'd before being\n// reused by a subsequent call to alloc_cell\nlet mut ags = StackAllocatedFreelist4::\u003cu8\u003e::new_allocator(\u0026mut stack_buffer, bzero);\n{\n    // now we can get memory dynamically\n    let mut x = ags.alloc_cell(9999);\n    x.slice_mut()[0] = 4;\n    // get more memory\n    let mut y = ags.alloc_cell(4);\n    y[0] = 5;\n    // and free it, consuming the buffer\n    ags.free_cell(y);\n\n    //y.mem[0] = 6; // \u003c-- this is an error: won't compile (use after free)\n    assert_eq!(x[0], 4);\n```\n\n### On the heap\nThis uses the standard Box facilities to allocate memory\n\n```rust\nlet mut halloc = HeapAlloc::\u003cu8\u003e::new(0);\nfor _i in 1..10 { // heap test\n    let mut x = halloc.alloc_cell(100000);\n    x[0] = 4;\n    let mut y = halloc.alloc_cell(110000);\n    y[0] = 5;\n    let mut z = halloc.alloc_cell(120000);\n    z[0] = 6;\n    assert_eq!(y[0], 5);\n    halloc.free_cell(y);\n    assert_eq!(x[0], 4);\n    assert_eq!(x[9], 0);\n    assert_eq!(z[0], 6);\n}\n```\n\n### On the heap, but uninitialized\nThis does allocate data every time it is requested, but it does not allocate the\nmemory, so naturally it is unsafe. The caller must initialize the memory properly\n```rust\nlet mut halloc = unsafe{HeapAllocUninitialized::\u003cu8\u003e::new()};\n{ // heap test\n    let mut x = halloc.alloc_cell(100000);\n    x[0] = 4;\n    let mut y = halloc.alloc_cell(110000);\n    y[0] = 5;\n    let mut z = halloc.alloc_cell(120000);\n    z[0] = 6;\n    assert_eq!(y[0], 5);\n    halloc.free_cell(y);\n    assert_eq!(x[0], 4);\n    assert_eq!(x[9], 0);\n    assert_eq!(z[0], 6);\n    ...\n}\n```\n\n\n### On the heap in a single pool allocation\nThis does a single big allocation on the heap, after which no further usage of the stdlib\nwill happen. This can be useful for a jailed application that wishes to restrict syscalls\nat this point\n\n```rust\nuse alloc_no_stdlib::HeapPrealloc;\n...\nlet mut heap_global_buffer = define_allocator_memory_pool!(4096, u8, [0; 6 * 1024 * 1024], heap);\nlet mut ags = HeapPrealloc::\u003cu8\u003e::new_allocator(4096, \u0026mut heap_global_buffer, uninitialized);\n{\n    let mut x = ags.alloc_cell(9999);\n    x.slice_mut()[0] = 4;\n    let mut y = ags.alloc_cell(4);\n    y[0] = 5;\n    ags.free_cell(y);\n\n    //y.mem[0] = 6; // \u003c-- this is an error (use after free)\n}\n```\n\n\n\n### On the heap, uninitialized\nThis does a single big allocation on the heap, after which no further usage of the stdlib\nwill happen. This can be useful for a jailed application that wishes to restrict syscalls\nat this point. This option keep does not set the memory to a valid value, so it is\nnecessarily marked unsafe\n\n```rust\nuse alloc_no_stdlib::HeapPrealloc;\n...\nlet mut heap_global_buffer = unsafe{HeapPrealloc::\u003cu8\u003e::new_uninitialized_memory_pool(6 * 1024 * 1024)};\nlet mut ags = HeapPrealloc::\u003cu8\u003e::new_allocator(4096, \u0026mut heap_global_buffer, uninitialized);\n{\n    let mut x = ags.alloc_cell(9999);\n    x.slice_mut()[0] = 4;\n    let mut y = ags.alloc_cell(4);\n    y[0] = 5;\n    ags.free_cell(y);\n\n    //y.mem[0] = 6; // \u003c-- this is an error (use after free)\n}\n```\n\n### With calloc\nThis is the most efficient way to get a zero'd dynamically sized buffer without the stdlib\nIt does invoke the C calloc function and hence must invoke unsafe code.\nIn this version, the number of cells are fixed to the parameter specified in the struct definition\n(4096 in this example)\n\n```rust\nextern {\n    fn calloc(n_elem : usize, el_size : usize) -\u003e *mut u8;\n    fn malloc(len : usize) -\u003e *mut u8;\n    fn free(item : *mut u8);\n}\n\ndeclare_stack_allocator_struct!(CallocAllocatedFreelist4096, 4096, calloc);\n...\n\n// the buffer is defined with 200 megs of zero'd memory from calloc\nlet mut calloc_global_buffer = unsafe {define_allocator_memory_pool!(4096, u8, [0; 200 * 1024 * 1024], calloc)};\n// and assigned to a new_allocator\nlet mut ags = CallocAllocatedFreelist4096::\u003cu8\u003e::new_allocator(\u0026mut calloc_global_buffer.data, bzero);\n{\n    let mut x = ags.alloc_cell(9999);\n    x.slice_mut()[0] = 4;\n    let mut y = ags.alloc_cell(4);\n    y[0] = 5;\n    ags.free_cell(y);\n    //y.mem[0] = 6; // \u003c-- this is an error (use after free)\n}\n```\n\n### With a static, mutable buffer\nIf a single buffer of data is needed for the entire span of the application\nThen the simplest way to do so without a zero operation on\nthe memory and without using the stdlib is to simply have a global allocated\nstructure. Accessing mutable static variables requires unsafe code; however,\nso this code will invoke an unsafe block.\n\n\nMake sure to only reference global_buffer in a single place, at a single time in the code\nIf it is used from two places or at different times, undefined behavior may result,\nsince multiple allocators may get access to global_buffer.\n\n\n```rust\ndeclare_stack_allocator_struct!(GlobalAllocatedFreelist, 16, global);\ndefine_allocator_memory_pool!(16, u8, [0; 1024 * 1024 * 100], global, global_buffer);\n\n...\n// this references a global buffer\nlet mut ags = GlobalAllocatedFreelist::\u003cu8\u003e::new_allocator(bzero);\nunsafe {\n    bind_global_buffers_to_allocator!(ags, global_buffer, u8);\n}\n{\n    let mut x = ags.alloc_cell(9999);\n    x.slice_mut()[0] = 4;\n    let mut y = ags.alloc_cell(4);\n    y[0] = 5;\n    ags.free_cell(y);\n\n    //y.mem[0] = 6; // \u003c-- this is an error (use after free)\n}\n```\n\n\n## Contributors\n- Daniel Reiter Horn\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdropbox%2Frust-alloc-no-stdlib","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdropbox%2Frust-alloc-no-stdlib","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdropbox%2Frust-alloc-no-stdlib/lists"}