fix: implement deallocation for fixed-length lists with heap elements

Fixed three bugs in the handling of FixedLengthList types:

1. `deallocate` in abi.rs was `todo!()`, causing a panic when flat
   deallocation was needed (e.g. `list<own<resource>, 3>`). Now uses
   `flat_for_each_record_type` to iterate element types.

2. `deallocate_indirect` in abi.rs was a silent no-op `=> {}`, leaking
   heap-allocated elements (e.g. strings in `list<string, 3>`). Now
   iterates each element's memory offset and deallocates using
   `deallocate_indirect_fields`.

3. `FixedLengthListLower` in the Rust code generator used array
   indexing (`a[0]`, `a[1]`, ...) to extract elements, which fails for
   non-Copy types like String. Changed to use array destructuring
   (`let [e0, e1, ...] = a;`) to properly move elements out.

Added runtime tests with `list<string, 3>` functions (param, result,
roundtrip) and allocation tracking via Guard pattern to verify no
memory leaks when passing/returning fixed-length lists of strings.

Author: sumleo

crates/core/src/abi.rs

@@ -2404,7 +2404,13 @@ impl<'a, B: Bindgen> Generator<'a, B> {
                 TypeDefKind::Resource => unreachable!(),
                 TypeDefKind::Unknown => unreachable!(),
 
-                TypeDefKind::FixedLengthList(..) => todo!(),
+                TypeDefKind::FixedLengthList(element, size) => {
+                    self.flat_for_each_record_type(
+                        ty,
+                        iter::repeat_n(element, *size as usize),
+                        |me, ty| me.deallocate(ty, what),
+                    );
+                }
                 TypeDefKind::Map(..) => todo!(),
             },
         }
@@ -2526,7 +2532,10 @@ impl<'a, B: Bindgen> Generator<'a, B> {
                 TypeDefKind::Future(_) => unreachable!(),
                 TypeDefKind::Stream(_) => unreachable!(),
                 TypeDefKind::Unknown => unreachable!(),
-                TypeDefKind::FixedLengthList(_, _) => {}
+                TypeDefKind::FixedLengthList(element, size) => {
+                    let tys: Vec<Type> = iter::repeat_n(*element, *size as usize).collect();
+                    self.deallocate_indirect_fields(&tys, addr, offset, what);
+                }
                 TypeDefKind::Map(..) => todo!(),
             },
         }

crates/rust/src/bindgen.rs

@@ -1224,9 +1224,12 @@ impl Bindgen for FunctionBindgen<'_, '_> {
                 size,
                 id: _,
             } => {
-                for i in 0..(*size as usize) {
-                    results.push(format!("{}[{i}]", operands[0]));
-                }
+                let tmp = self.tmp();
+                let names: Vec<String> = (0..(*size as usize))
+                    .map(|i| format!("e{tmp}_{i}"))
+                    .collect();
+                self.push_str(&format!("let [{}] = {};\n", names.join(", "), operands[0]));
+                results.extend(names);
             }
             Instruction::FixedLengthListLiftFromMemory {
                 element,

tests/runtime/fixed-length-lists/alloc.rs

@@ -0,0 +1,30 @@
+use std::alloc::{GlobalAlloc, Layout, System};
+use std::sync::atomic::{AtomicUsize, Ordering::SeqCst};
+
+#[global_allocator]
+static ALLOC: A = A;
+
+static ALLOC_AMT: AtomicUsize = AtomicUsize::new(0);
+
+struct A;
+
+unsafe impl GlobalAlloc for A {
+    unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
+        let ptr = System.alloc(layout);
+        if !ptr.is_null() {
+            ALLOC_AMT.fetch_add(layout.size(), SeqCst);
+        }
+        return ptr;
+    }
+
+    unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout) {
+        // Poison all deallocations to try to catch any use-after-free in the
+        // bindings as early as possible.
+        std::ptr::write_bytes(ptr, 0xde, layout.size());
+        ALLOC_AMT.fetch_sub(layout.size(), SeqCst);
+        System.dealloc(ptr, layout)
+    }
+}
+pub fn get() -> usize {
+    ALLOC_AMT.load(SeqCst)
+}

tests/runtime/fixed-length-lists/runner.rs

@@ -4,30 +4,66 @@ include!(env!("BINDINGS"));
 
 use test::fixed_length_lists::to_test::*;
 
+mod alloc;
+
+struct Guard {
+    me_before: usize,
+    remote_before: u32,
+}
+
+impl Guard {
+    fn new() -> Guard {
+        Guard {
+            me_before: alloc::get(),
+            remote_before: allocated_bytes(),
+        }
+    }
+}
+
+impl Drop for Guard {
+    fn drop(&mut self) {
+        assert_eq!(self.me_before, alloc::get());
+        assert_eq!(self.remote_before, allocated_bytes());
+    }
+}
+
 struct Component;
 
 export!(Component);
 
 impl Guest for Component {
     fn run() {
-        list_param([1, 2, 3, 4]);
-        list_param2([[1, 2], [3, 4]]);
-        list_param3([
-            -1, 2, -3, 4, -5, 6, -7, 8, -9, 10, -11, 12, -13, 14, -15, 16, -17, 18, -19, 20,
-        ]);
         {
+            let _guard = Guard::new();
+            list_param([1, 2, 3, 4]);
+        }
+        {
+            let _guard = Guard::new();
+            list_param2([[1, 2], [3, 4]]);
+        }
+        {
+            let _guard = Guard::new();
+            list_param3([
+                -1, 2, -3, 4, -5, 6, -7, 8, -9, 10, -11, 12, -13, 14, -15, 16, -17, 18, -19, 20,
+            ]);
+        }
+        {
+            let _guard = Guard::new();
             let result = list_result();
             assert_eq!(result, [b'0', b'1', b'A', b'B', b'a', b'b', 128, 255]);
         }
         {
+            let _guard = Guard::new();
             let result = list_minmax16([0, 1024, 32768, 65535], [1, 2048, -32767, -2]);
             assert_eq!(result, ([0, 1024, 32768, 65535], [1, 2048, -32767, -2]));
         }
         {
+            let _guard = Guard::new();
             let result = list_minmax_float([2.0, -42.0], [0.25, -0.125]);
             assert_eq!(result, ([2.0, -42.0], [0.25, -0.125]));
         }
         {
+            let _guard = Guard::new();
             let result =
                 list_roundtrip([b'a', b'b', b'c', b'd', 0, 1, 2, 3, b'A', b'B', b'Y', b'Z']);
             assert_eq!(
@@ -36,13 +72,15 @@ impl Guest for Component {
             );
         }
         {
+            let _guard = Guard::new();
             let result = nested_roundtrip([[1, 5], [42, 1_000_000]], [[-1, 3], [-2_000_000, 4711]]);
             assert_eq!(
                 result,
                 ([[1, 5], [42, 1_000_000]], [[-1, 3], [-2_000_000, 4711]])
             );
         }
         {
+            let _guard = Guard::new();
             let result = large_roundtrip(
                 [[1, 5], [42, 1_000_000]],
                 [
@@ -66,9 +104,24 @@ impl Guest for Component {
             );
         }
         {
+            let _guard = Guard::new();
             let result = nightmare_on_cpp([Nested { l: [1, -1] }, Nested { l: [2, -2] }]);
             assert_eq!(result[0].l, [1, -1]);
             assert_eq!(result[1].l, [2, -2]);
         }
+        {
+            let _guard = Guard::new();
+            string_list_param(["foo".to_owned(), "bar".to_owned(), "baz".to_owned()]);
+        }
+        {
+            let _guard = Guard::new();
+            let result = string_list_result();
+            assert_eq!(result, ["foo", "bar", "baz"]);
+        }
+        {
+            let _guard = Guard::new();
+            let result = string_list_roundtrip(["foo".to_owned(), "bar".to_owned(), "baz".to_owned()]);
+            assert_eq!(result, ["foo", "bar", "baz"]);
+        }
     }
 }

tests/runtime/fixed-length-lists/test.cpp

@@ -49,3 +49,21 @@ std::array<to_test::Nested, 2>
 to_test::NightmareOnCpp(std::array<to_test::Nested, 2> a) {
     return a;
 }
+void to_test::StringListParam(std::array<wit::string, 3> a) {
+    assert(a[0].get_view() == "foo");
+    assert(a[1].get_view() == "bar");
+    assert(a[2].get_view() == "baz");
+}
+std::array<wit::string, 3> to_test::StringListResult() {
+    return std::array<wit::string, 3>{
+        wit::string::from_view("foo"),
+        wit::string::from_view("bar"),
+        wit::string::from_view("baz"),
+    };
+}
+std::array<wit::string, 3> to_test::StringListRoundtrip(std::array<wit::string, 3> a) {
+    return a;
+}
+uint32_t to_test::AllocatedBytes() {
+    return 0;
+}

tests/runtime/fixed-length-lists/test.rs

@@ -4,9 +4,14 @@ struct Component;
 
 export!(Component);
 
+mod alloc;
+
 use crate::exports::test::fixed_length_lists::to_test::Nested;
 
 impl exports::test::fixed_length_lists::to_test::Guest for Component {
+    fn allocated_bytes() -> u32 {
+        alloc::get().try_into().unwrap()
+    }
     fn list_param(a: [u32; 4]) {
         assert_eq!(a, [1, 2, 3, 4]);
     }
@@ -40,4 +45,13 @@ impl exports::test::fixed_length_lists::to_test::Guest for Component {
     fn nightmare_on_cpp(a: [Nested; 2]) -> [Nested; 2] {
         a
     }
+    fn string_list_param(a: [String; 3]) {
+        assert_eq!(a, ["foo", "bar", "baz"]);
+    }
+    fn string_list_result() -> [String; 3] {
+        ["foo".to_owned(), "bar".to_owned(), "baz".to_owned()]
+    }
+    fn string_list_roundtrip(a: [String; 3]) -> [String; 3] {
+        a
+    }
 }

tests/runtime/fixed-length-lists/test.wit

@@ -20,6 +20,12 @@ interface to-test {
   }
 
   nightmare-on-cpp: func(a: list<nested, 2>) -> list<nested, 2>;
+
+  string-list-param: func(a: list<string, 3>);
+  string-list-result: func() -> list<string, 3>;
+  string-list-roundtrip: func(a: list<string, 3>) -> list<string, 3>;
+
+  allocated-bytes: func() -> u32;
 }
 
 world test {