fix: implement deallocation for fixed-length lists with heap elements

Fixed two bugs in the core ABI for FixedLengthList types:

1. `deallocate` was `todo!()`, causing a panic when flat deallocation
   was needed (e.g. `list<own<resource>, 3>`). Now uses
   `flat_for_each_record_type` to iterate element types.

2. `deallocate_indirect` was a silent no-op `=> {}`, leaking
   heap-allocated elements (e.g. strings in `list<string, 3>`). Now
   iterates each element's memory offset and deallocates it using
   `deallocate_indirect_fields`.

Added both a codegen test (verifying `cabi_post_` functions are
generated) and a runtime test with allocation tracking (verifying
no memory leaks when passing/returning fixed-length lists of strings).

Author: sumleo

crates/core/src/abi.rs

@@ -2404,7 +2404,13 @@ impl<'a, B: Bindgen> Generator<'a, B> {
                 TypeDefKind::Resource => unreachable!(),
                 TypeDefKind::Unknown => unreachable!(),
 
-                TypeDefKind::FixedLengthList(..) => todo!(),
+                TypeDefKind::FixedLengthList(element, size) => {
+                    self.flat_for_each_record_type(
+                        ty,
+                        iter::repeat_n(element, *size as usize),
+                        |me, ty| me.deallocate(ty, what),
+                    );
+                }
                 TypeDefKind::Map(..) => todo!(),
             },
         }
@@ -2526,7 +2532,10 @@ impl<'a, B: Bindgen> Generator<'a, B> {
                 TypeDefKind::Future(_) => unreachable!(),
                 TypeDefKind::Stream(_) => unreachable!(),
                 TypeDefKind::Unknown => unreachable!(),
-                TypeDefKind::FixedLengthList(_, _) => {}
+                TypeDefKind::FixedLengthList(element, size) => {
+                    let tys: Vec<Type> = iter::repeat_n(*element, *size as usize).collect();
+                    self.deallocate_indirect_fields(&tys, addr, offset, what);
+                }
                 TypeDefKind::Map(..) => todo!(),
             },
         }

crates/rust/tests/codegen.rs

@@ -142,6 +142,44 @@ mod newtyped_list {
         }
     }
 }
+
+#[test]
+fn fixed_length_list_deallocation() {
+    let wit = r#"
+        package test:fll-dealloc;
+
+        world test {
+            export return-string-array: func() -> list<string, 3>;
+            export accept-string-array: func(a: list<string, 3>);
+        }
+    "#;
+
+    let mut resolve = wit_bindgen_core::wit_parser::Resolve::default();
+    let pkg = resolve.push_str("test.wit", wit).unwrap();
+    let world = resolve.select_world(&[pkg], None).unwrap();
+
+    let opts = wit_bindgen_rust::Opts {
+        generate_all: true,
+        ..Default::default()
+    };
+
+    let mut generator = opts.build();
+    let mut files = wit_bindgen_core::Files::default();
+    use wit_bindgen_core::WorldGenerator;
+    generator.generate(&mut resolve, world, &mut files).unwrap();
+
+    let (_name, contents) = files.iter().next().unwrap();
+    let code = String::from_utf8_lossy(contents);
+
+    // Verify post-return deallocation functions are generated for
+    // fixed-length lists containing heap-allocated elements (strings)
+    assert!(
+        code.contains("cabi_post_"),
+        "expected cabi_post_ deallocation function for fixed-length list \
+         with string elements, but none was generated"
+    );
+}
+
 #[allow(unused, reason = "testing codegen, not functionality")]
 mod retyped_list {
     use std::ops::Deref;

tests/runtime/fixed-length-lists/alloc.rs

@@ -0,0 +1,30 @@
+use std::alloc::{GlobalAlloc, Layout, System};
+use std::sync::atomic::{AtomicUsize, Ordering::SeqCst};
+
+#[global_allocator]
+static ALLOC: A = A;
+
+static ALLOC_AMT: AtomicUsize = AtomicUsize::new(0);
+
+struct A;
+
+unsafe impl GlobalAlloc for A {
+    unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
+        let ptr = System.alloc(layout);
+        if !ptr.is_null() {
+            ALLOC_AMT.fetch_add(layout.size(), SeqCst);
+        }
+        return ptr;
+    }
+
+    unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout) {
+        // Poison all deallocations to try to catch any use-after-free in the
+        // bindings as early as possible.
+        std::ptr::write_bytes(ptr, 0xde, layout.size());
+        ALLOC_AMT.fetch_sub(layout.size(), SeqCst);
+        System.dealloc(ptr, layout)
+    }
+}
+pub fn get() -> usize {
+    ALLOC_AMT.load(SeqCst)
+}

tests/runtime/fixed-length-lists/runner.rs

@@ -4,30 +4,66 @@ include!(env!("BINDINGS"));
 
 use test::fixed_length_lists::to_test::*;
 
+mod alloc;
+
+struct Guard {
+    me_before: usize,
+    remote_before: u32,
+}
+
+impl Guard {
+    fn new() -> Guard {
+        Guard {
+            me_before: alloc::get(),
+            remote_before: allocated_bytes(),
+        }
+    }
+}
+
+impl Drop for Guard {
+    fn drop(&mut self) {
+        assert_eq!(self.me_before, alloc::get());
+        assert_eq!(self.remote_before, allocated_bytes());
+    }
+}
+
 struct Component;
 
 export!(Component);
 
 impl Guest for Component {
     fn run() {
-        list_param([1, 2, 3, 4]);
-        list_param2([[1, 2], [3, 4]]);
-        list_param3([
-            -1, 2, -3, 4, -5, 6, -7, 8, -9, 10, -11, 12, -13, 14, -15, 16, -17, 18, -19, 20,
-        ]);
         {
+            let _guard = Guard::new();
+            list_param([1, 2, 3, 4]);
+        }
+        {
+            let _guard = Guard::new();
+            list_param2([[1, 2], [3, 4]]);
+        }
+        {
+            let _guard = Guard::new();
+            list_param3([
+                -1, 2, -3, 4, -5, 6, -7, 8, -9, 10, -11, 12, -13, 14, -15, 16, -17, 18, -19, 20,
+            ]);
+        }
+        {
+            let _guard = Guard::new();
             let result = list_result();
             assert_eq!(result, [b'0', b'1', b'A', b'B', b'a', b'b', 128, 255]);
         }
         {
+            let _guard = Guard::new();
             let result = list_minmax16([0, 1024, 32768, 65535], [1, 2048, -32767, -2]);
             assert_eq!(result, ([0, 1024, 32768, 65535], [1, 2048, -32767, -2]));
         }
         {
+            let _guard = Guard::new();
             let result = list_minmax_float([2.0, -42.0], [0.25, -0.125]);
             assert_eq!(result, ([2.0, -42.0], [0.25, -0.125]));
         }
         {
+            let _guard = Guard::new();
             let result =
                 list_roundtrip([b'a', b'b', b'c', b'd', 0, 1, 2, 3, b'A', b'B', b'Y', b'Z']);
             assert_eq!(
@@ -36,13 +72,15 @@ impl Guest for Component {
             );
         }
         {
+            let _guard = Guard::new();
             let result = nested_roundtrip([[1, 5], [42, 1_000_000]], [[-1, 3], [-2_000_000, 4711]]);
             assert_eq!(
                 result,
                 ([[1, 5], [42, 1_000_000]], [[-1, 3], [-2_000_000, 4711]])
             );
         }
         {
+            let _guard = Guard::new();
             let result = large_roundtrip(
                 [[1, 5], [42, 1_000_000]],
                 [
@@ -66,6 +104,7 @@ impl Guest for Component {
             );
         }
         {
+            let _guard = Guard::new();
             let result = nightmare_on_cpp([Nested { l: [1, -1] }, Nested { l: [2, -2] }]);
             assert_eq!(result[0].l, [1, -1]);
             assert_eq!(result[1].l, [2, -2]);

tests/runtime/fixed-length-lists/test.cpp

@@ -49,3 +49,6 @@ std::array<to_test::Nested, 2>
 to_test::NightmareOnCpp(std::array<to_test::Nested, 2> a) {
     return a;
 }
+uint32_t to_test::AllocatedBytes() {
+    return 0;
+}

tests/runtime/fixed-length-lists/test.rs

@@ -4,9 +4,14 @@ struct Component;
 
 export!(Component);
 
+mod alloc;
+
 use crate::exports::test::fixed_length_lists::to_test::Nested;
 
 impl exports::test::fixed_length_lists::to_test::Guest for Component {
+    fn allocated_bytes() -> u32 {
+        alloc::get().try_into().unwrap()
+    }
     fn list_param(a: [u32; 4]) {
         assert_eq!(a, [1, 2, 3, 4]);
     }

tests/runtime/fixed-length-lists/test.wit

@@ -20,6 +20,8 @@ interface to-test {
   }
 
   nightmare-on-cpp: func(a: list<nested, 2>) -> list<nested, 2>;
+
+  allocated-bytes: func() -> u32;
 }
 
 world test {