[vocx2tx]

An allocator that silently does nothing on free if you violate one if its invariants (freeing an allocation that wasn't the latest) seems an incredibly error-prone design? It should probably return an error or panic (if free's API allows it, I guess).

[masklinn]

It’s not a invariant is the thing.

Transient allocators doing little to nothing on free so you can do all the work at once at end of scope is often what you want, if anything a bump allocator freeing its tip is an optimisation.

The issue is not that it behaves this way, it’s that it’s not obvious at first glance that this is a bump allocator.

[vocx2tx]

> a bump allocator freeing its tip is an optimisation

That's kinda my point? free is there and does something, but also silently does nothing if you violate a fairly subtle invariant. Kinda the definition of "error-prone", and the whole blog post seems to prove it, as the leak was essentially caused by the author not realizing that free was silently doing nothing. I understand why bump-allocators exist, I'm just saying this particular one's API has quite the footgun.

[masklinn]

> That's kinda my point?

It’s the exact opposite of your point.

> free is there and does something, but also silently does nothing if you violate a fairly subtle invariant.

Again, not an invariant.

> the leak was essentially caused by the author not realizing that free was silently doing nothing

The leak was caused by the author not knowing this is a bump allocator because that was not clear from the naming (and the documentation is essentially non-existent).

> I'm just saying this particular one's API has quite the footgun.

It’s not the API that’s a footgun, it follows the standard allocator API so it can be used wherever an allocator is expected. If it did not, its usage scope would be extremely limited as you'd only be able to use it for bespoke allocations, and wouldn't be able to use it for allocating e.g. arrays or sets or maps.

[throwbadubadu]

No, there are contexts where you exactly want this behaviour is what poster above wanted to say, and I agree. But it needs to be well documented.

[LoganDark]

> invariant

There is absolutely no such invariant here that allocations must be freed in the reverse order that they were allocated in. This was never a part of the contract.

> this particular one's API has quite the footgun

Agreed, however.

[eternalban]

You are entirely correct. If anything, if I were the OP the title of the blog would be "Naming matters - The curious case of ..."

https://docs.rs/bumpalo/latest/bumpalo/

[mort96]

The point of a bump allocator is to be short-lived, and to be incredibly fast. You want to be able to make a bump allocator with a fixed buffer, pass it to some code which takes a generic allocator (and therefore will call allocate and free in any order), and then free all the memory in one shot at the end. If calling free out of order made it throw, it would be useless for that purpose; it would only be useful for code written specifically to use a bump allocator.

[audunw]

> It should probably return an error or panic (if free's API allows it, I guess).

Then how would you use it in the cases where you want free to be a no-op?

I think that's half of the point of the allocator.. free shouldn't do anything, certainly not throw an error. You can free the buffer behind the allocator later, or for some simple command line tools you'll just let the OS free memory when the process finishes.

Perhaps some kind of debug message could be OK. Would perhaps be nice if you have some problems with allocation, you activate debug messages related to allocation, and one of them would be "free was called on something other than the last allocation so it was ignored"