// Nim seq, arrays, openarray, slicing, and views best practices for zero-allocation cryptographic code. Use when working with buffers, slicing data, or managing memory in Constantine to avoid heap allocations and side-channels.
Debugging techniques and tools for Constantine cryptographic code. Use debugEcho, toHex, debug: template, and stack trace flags when debugging Nim crypto implementations.
Profile and identify performance bottlenecks in Constantine cryptographic code using metering and benchmarking tools. Use when optimizing cryptographic algorithms, analyzing hotspots, or comparing implementations against reference benchmarks.
Constantine serialization and hex debugging conventions. Use when serializing cryptographic types, parsing bytes, debugging values with toHex, or working with BLS12-381, Banderwagon, or ECDSA codecs.
| name | seq-arrays-openarrays-slicing-views |
| description | Nim seq, arrays, openarray, slicing, and views best practices for zero-allocation cryptographic code. Use when working with buffers, slicing data, or managing memory in Constantine to avoid heap allocations and side-channels. |
| license | MIT |
| metadata | {"audience":"developers","language":"nim"} |
Provide guidance on working with dynamically-sized buffers in Nim for cryptographic code.
Emphasizes avoiding seq in favor of auditable memory management through Constantine's shim over the system allocator.
Avoid Nim slicing syntax ..< slice syntax on arrays, sequences and openarrays as it creates an intermediate seq, which:
We actively avoid memory allocation for any protocol that:
This includes encryption, hashing and signatures protocols.
When memory allocation is necessary, for example for multithreading, GPU computing or succinct or zero-knowledge proof protocol, we use custom allocators from constantine/platforms/allocs.nim. Those are thin wrappers around the OS malloc/free with effect tracking {.tags:[HeapAlloc].} or {.tags:[Alloca].}. Then we can use Nim's effect tracking {.tags:[].} to ensure no heap allocation or alloca is used in the call stack of specific functions.
# Compiler tracked heap allocation
let ptr = allocHeapArrayAligned(int, 128, alignment = 64)
# Compiler tracked stack allocation
let stackPtr = allocStackArray(int, 128)
# Don't do this in cryptographic code!
let bad = @[1, 2, 3] # seq - hidden allocation!
sizeof to compute total size for heap allocation[a ..< b] creates an intermediate seq (heap allocation!)cast[ptr UncheckedArray[T]](addr) or .asUnchecked() to convert.toOpenArray template# PREFERRED: Using views.nim (import constantine/platforms/views)
let ptrArr = oa.asUnchecked()
# Alternative: Using cast
let ptrArr = cast[ptr UncheckedArray[T]](oa[0].unsafeAddr)
# Using system.nim (start, stopInclusive) - default
let oa = toOpenArray(ptrArr, start, stopInclusive)
# Using views.nim (ptr, length) - convenience template
let oa = toOpenArray(ptrArr, length)
# Or simply: ptrArr.toOpenArray(len)
let v = toView(oa)
# Or: View[T](data: cast[ptr UncheckedArray[T]](oa[0].unsafeAddr), len: oa.len)
NEVER use slice syntax like array[0 ..< len] on openArray parameters - this creates a seq (heap allocation).
Instead use:
# Bad - creates seq!
process(data[0 ..< count])
# Good - no allocation (system.nim uses stopInclusive)
process(data.toOpenArray(0, count-1))
ptr UncheckedArray should use the ptr+len syntax from import constantine/platforms/views
# Good - using views.nim convenience (ptr, length)
process(myDataPtr.toOpenArray(count))
Constantine provides tracked memory management in constantine/platforms/allocs.nim:
template allocStack*(T: typedesc): ptr T
template allocStackUnchecked*(T: typedesc, size: int): ptr T
template allocStackArray*(T: typedesc, len: SomeInteger): ptr UncheckedArray[T]
# Standard allocation (uninitialized memory)
proc allocHeap*(T: typedesc): ptr T
proc allocHeapUnchecked*(T: typedesc, size: int): ptr T
proc allocHeapArray*(T: typedesc, len: SomeInteger): ptr UncheckedArray[T]
proc allocHeapAligned*(T: typedesc, alignment: static Natural): ptr T
proc allocHeapArrayAligned*(T: typedesc, len: int, alignment: static Natural): ptr UncheckedArray[T]
proc allocHeapAlignedPtr*(T: typedesc[ptr], alignment: static Natural): T
proc allocHeapUncheckedAlignedPtr*(T: typedesc[ptr], size: int, alignment: static Natural): T
# Zero-initialized allocation (critical for ARC with custom =destroy procs)
proc alloc0Heap*(T: typedesc): ptr T
proc alloc0HeapUnchecked*(T: typedesc, size: int): ptr T
proc alloc0HeapArray*(T: typedesc, len: SomeInteger): ptr UncheckedArray[T]
proc alloc0HeapAligned*(T: typedesc, alignment: static Natural): ptr T
proc alloc0HeapArrayAligned*(T: typedesc, len: int, alignment: static Natural): ptr UncheckedArray[T]
proc alloc0HeapAlignedPtr*(T: typedesc[ptr], alignment: static Natural): T
proc alloc0HeapUncheckedAlignedPtr*(T: typedesc[ptr], size: int, alignment: static Natural): T
Important: Use alloc0* variants when:
=destroy procs that check for nil pointersEthereumKZGContext has ECFFT_Descriptor fields with =destroy that free memoryNim varargs can accept:
foo([1, 2, 3])foo(@[1, 2, 3]) - avoid in crypto codefoo(someOpenArray)foo(1, 2, 3)