Explicitly deallocate instead of dropping the IntoIter.

kpreid · kpreid · commit 5fa286ddc6f8 · 2025-11-04T14:28:31.000-08:00
This has the same end goal as the previous commit but does not rely on
compiler optimizations to delete the unwanted code; instead it enters a
code path which explicitly frees the allocation and forgets the
`IntoIter`.
diff --git a/library/alloc/src/collections/vec_deque/spec_extend.rs b/library/alloc/src/collections/vec_deque/spec_extend.rs
@@ -78,15 +78,15 @@ where
 
 #[cfg(not(test))]
 impl<T, A: Allocator> SpecExtend<T, vec::IntoIter<T>> for VecDeque<T, A> {
-    fn spec_extend(&mut self, mut iterator: vec::IntoIter<T>) {
+    fn spec_extend(&mut self, iterator: vec::IntoIter<T>) {
         let slice = iterator.as_slice();
         self.reserve(slice.len());
 
         unsafe {
             self.copy_slice(self.to_physical_idx(self.len), slice);
             self.len += slice.len();
         }
-        iterator.forget_remaining_elements();
+        iterator.forget_remaining_elements_and_dealloc();
     }
 }
 
diff --git a/library/alloc/src/vec/into_iter.rs b/library/alloc/src/vec/into_iter.rs
@@ -160,12 +160,51 @@ impl<T, A: Allocator> IntoIter<T, A> {
     }
 
     /// Forgets to Drop the remaining elements while still allowing the backing allocation to be freed.
+    ///
+    /// This method does not consume `self`, and leaves deallocation to `impl Drop for IntoIter`.
+    /// If consuming `self` is possible, consider calling
+    /// [`Self::forget_remaining_elements_and_dealloc()`] instead.
     pub(crate) fn forget_remaining_elements(&mut self) {
         // For the ZST case, it is crucial that we mutate `end` here, not `ptr`.
         // `ptr` must stay aligned, while `end` may be unaligned.
         self.end = self.ptr.as_ptr();
     }
 
+    /// Forgets to Drop the remaining elements and frees the backing allocation.
+    /// Consuming version of [`Self::forget_remaining_elements()`].
+    ///
+    /// This can be used in place of `drop(self)` when `self` is known to be exhausted,
+    /// to avoid producing a needless `drop_in_place::<[T]>()`.
+    #[inline]
+    pub(crate) fn forget_remaining_elements_and_dealloc(self) {
+        let mut this = ManuallyDrop::new(self);
+        // SAFETY: `this` is in ManuallyDrop, so it will not be double-freed.
+        unsafe {
+            this.dealloc_only();
+        }
+    }
+
+    /// Frees the allocation, without checking or dropping anything else.
+    ///
+    /// The safe version of this method is [`Self::forget_remaining_elements_and_dealloc()`].
+    /// This function exists only to share code between that method and the `impl Drop`.
+    ///
+    /// # Safety
+    ///
+    /// This function must only be called with an [`IntoIter`] that is not going to be dropped
+    /// or otherwise used in any way, either because it is being forgotten or because its `Drop`
+    /// is already executing; otherwise a double-free will occur, and possibly a read from freed
+    /// memory if there are any remaining elements.
+    #[inline]
+    unsafe fn dealloc_only(&mut self) {
+        unsafe {
+            // SAFETY: our caller promises not to touch `*self` again
+            let alloc = ManuallyDrop::take(&mut self.alloc);
+            // RawVec handles deallocation
+            let _ = RawVec::from_nonnull_in(self.buf, self.cap, alloc);
+        }
+    }
+
     #[cfg(not(no_global_oom_handling))]
     #[inline]
     pub(crate) fn into_vecdeque(self) -> VecDeque<T, A> {
@@ -333,7 +372,7 @@ impl<T, A: Allocator> Iterator for IntoIter<T, A> {
         // There are in fact no remaining elements to forget, but by doing this we can avoid
         // potentially generating a needless loop to drop the elements that cannot exist at
         // this point.
-        self.forget_remaining_elements();
+        self.forget_remaining_elements_and_dealloc();
 
         accum
     }
@@ -502,10 +541,7 @@ unsafe impl<#[may_dangle] T, A: Allocator> Drop for IntoIter<T, A> {
         impl<T, A: Allocator> Drop for DropGuard<'_, T, A> {
             fn drop(&mut self) {
                 unsafe {
-                    // `IntoIter::alloc` is not used anymore after this and will be dropped by RawVec
-                    let alloc = ManuallyDrop::take(&mut self.0.alloc);
-                    // RawVec handles deallocation
-                    let _ = RawVec::from_nonnull_in(self.0.buf, self.0.cap, alloc);
+                    self.0.dealloc_only();
                 }
             }
         }
diff --git a/tests/codegen-llvm/vec-into-iter-drops.rs b/tests/codegen-llvm/vec-into-iter-drops.rs
@@ -12,12 +12,16 @@ impl Drop for Bomb {
     }
 }
 
-/// This test case from https://users.rust-lang.org/t/unnecessary-drop-in-place-emitted-for-a-fully-consumed-intoiter/135119
-/// It should not emit any `drop::<Bomb>()` because every element is forgotten.
-// CHECK-LABEL: @vec_into_iter_drop_option
+/// Test case originally from https://users.rust-lang.org/t/unnecessary-drop-in-place-emitted-for-a-fully-consumed-intoiter/135119
+///
+/// What we are looking for is that there should be no calls to `impl Drop for Bomb`
+/// because every element is unconditionally forgotten.
+//
+// CHECK-LABEL: @vec_for_each_doesnt_drop
 #[no_mangle]
-pub fn vec_into_iter_drop_option(v: vec::Vec<(usize, Option<Bomb>)>) -> usize {
+pub fn vec_for_each_doesnt_drop(v: vec::Vec<(usize, Option<Bomb>)>) -> usize {
     // CHECK-NOT: panic
+    // CHECK-NOT: {{call.*drop_in_place}}
     // CHECK-NOT: Bomb$u20$as$u20$core..ops..drop..Drop
     let mut last = 0;
     v.into_iter().for_each(|(x, bomb)| {
@@ -26,3 +30,38 @@ pub fn vec_into_iter_drop_option(v: vec::Vec<(usize, Option<Bomb>)>) -> usize {
     });
     last
 }
+
+/// Test that does *not* get the above optimization we are expecting:
+/// it uses a normal `for` loop which calls `Iterator::next()` and then drops the iterator,
+/// and dropping the iterator drops remaining items.
+///
+/// This test exists to prove that the above CHECK-NOT is looking for the right things.
+/// However, it might start failing if LLVM figures out that there are no remaining items.
+//
+// CHECK-LABEL: @vec_for_loop
+#[no_mangle]
+pub fn vec_for_loop(v: vec::Vec<(usize, Option<Bomb>)>) -> usize {
+    // CHECK: {{call.*drop_in_place}}
+    let mut last = 0;
+    for (x, bomb) in v {
+        last = x;
+        std::mem::forget(bomb);
+    }
+    last
+}
+
+/// Test where there still should be drops because there are no forgets.
+///
+/// This test exists to prove that the above CHECK-NOT is looking for the right things
+/// and does not say anything interesting about codegen itself.
+//
+// CHECK-LABEL: @vec_for_each_does_drop
+#[no_mangle]
+pub fn vec_for_each_does_drop(v: vec::Vec<(usize, Option<Bomb>)>) -> usize {
+    // CHECK: begin_panic
+    let mut last = 0;
+    v.into_iter().for_each(|(x, bomb)| {
+        last = x;
+    });
+    last
+}

Original file line number	Diff line number	Diff line change
`@@ -78,15 +78,15 @@ where`
`78`	`78`
`79`	`79`	`#[cfg(not(test))]`
`80`	`80`	`impl<T, A: Allocator> SpecExtend<T, vec::IntoIter<T>> for VecDeque<T, A> {`
`81`		`- fn spec_extend(&mut self, mut iterator: vec::IntoIter<T>) {`
	`81`	`+ fn spec_extend(&mut self, iterator: vec::IntoIter<T>) {`
`82`	`82`	`let slice = iterator.as_slice();`
`83`	`83`	`self.reserve(slice.len());`
`84`	`84`
`85`	`85`	`unsafe {`
`86`	`86`	`self.copy_slice(self.to_physical_idx(self.len), slice);`
`87`	`87`	`self.len += slice.len();`
`88`	`88`	`}`
`89`		`- iterator.forget_remaining_elements();`
	`89`	`+ iterator.forget_remaining_elements_and_dealloc();`
`90`	`90`	`}`
`91`	`91`	`}`
`92`	`92`