refactor(allocator): improve safety of dealloc_chunk_list

[overlookmotel]

Improve the safety of Arena's dealloc_chunk_list function:

• Ensure &ChunkFooter reference is not live when the chunk containing that ChunkFooter is deallocated.
• Scope unsafe { ... } blocks to cover just the statements that require them.
• Document the safety invariants.

I don't believe there was a soundness issue here (as &ChunkFooter references were short-lived), but this change makes the importance of avoiding live references clear, and explicitly guards against it.

[overlookmotel]

• refactor(linter/plugins, napi/plugins): use constant for arena alignment from Allocator #21797
• refactor(allocator): clarify max calculations in Arena #21796
• refactor(allocator): combine Arena::new_chunk_memory_details into Arena::new_chunk #21795
• refactor(allocator): improve safety of dealloc_chunk_list #21779 👈 (View in Graphite)
• refactor(allocator): reduce scope of unsafe blocks in Arena chunk iterators #21778
• fix(allocator): Arena retry allocation when chunk size approaches maximum #21777
• perf(allocator): reduce branches when allocating new chunk #21776
• refactor(allocator): remove sentinel empty chunk #21775
• fix(linter): add checks that Program is in current allocator chunk before JS plugins linting #21774
• feat(allocator): add Allocator::cursor_ptr method #21773
• refactor(allocator): replace ChunkFooter::is_empty with free function #21772
• perf(allocator): Allocator::used_bytes do not use chunk iterator #21771
• test(allocator): increase test coverage for Arena::allocated_bytes #21770
• test(allocator): reformat comments #21747
• refactor(allocator): remove pointless Option in Arena::new_chunk_memory_details #21746
• perf(allocator): remove check in Arena::new_chunk_memory_details #21750
• fix(allocator): fix arithmetic overflow in Arena::new_chunk_memory_details #21745
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• 0-merge - adds this PR to the back of the merge queue
• hotfix - for urgent changes, fast-track this PR to the front of the merge queue

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[codspeed-hq]

Merging this PR will not alter performance

✅ 48 untouched benchmarks
⏩ 3 skipped benchmarks¹

---

_{Comparing om/04-26-refactor_allocator_improve_safety_of_dealloc_chunk_list_ (5e7dbac) with om/04-26-refactor_allocator_reduce_scope_of_unsafe_blocks_in_arena_chunk_iterators (6889c46)}

Footnotes

1. 3 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[Copilot]

Pull request overview

This PR refactors Arena’s chunk deallocation helper to make aliasing/lifetime boundaries around ChunkFooter references explicit, reduce the scope of unsafe blocks, and document the safety assumptions involved in freeing arena chunks.

Changes:

• Refactors dealloc_chunk_list to ensure &ChunkFooter borrows are not live across dealloc.
• Narrows unsafe blocks to only the operations that require them.
• Adds safety documentation/comments explaining required invariants.

[graphite-app]

Merge activity

• Apr 26, 9:42 PM UTC: overlookmotel added this pull request to the Graphite merge queue.
• Apr 26, 10:10 PM UTC: Merged by the Graphite merge queue.