Fix stack-use-after-return in Stack initialization (#868)

Problem
Stack::default() was taking a raw pointer to self.sentinel and storing it in
every StackEntry, then returning self by value. Because Rust moved the struct
to the caller's location on return, all stored pointers were left pointing to
the now-freed stack frame of default().

This would have caused silent data corruption or a crash whenever
contcorrhist/conthist was dereferenced, most likely under thread contention(?).
The bug was probably invisible in normal builds because the freed stack memory
was rarely overwritten before being read, but caught it thanks to ASan.

Solution
Fixed by heap-allocating Stack via Box in a new Stack::new() constructor,
making sure that the address of sentinel is stable before the pointer is
stored.

Bench: 2981881

Author: Saphereye

src/search.rs

@@ -129,7 +129,7 @@ pub fn start(td: &mut ThreadData, report: Report, thread_count: usize) {
             td.optimism[!td.board.side_to_move()] = -td.optimism[td.board.side_to_move()];
 
             loop {
-                td.stack = Stack::default();
+                td.stack = Stack::new();
                 td.root_delta = beta - alpha;
 
                 // Root Search

src/stack.rs

@@ -11,15 +11,9 @@ impl Stack {
     pub fn sentinel(&mut self) -> &mut StackEntry {
         unsafe { self.data.get_unchecked_mut(0) }
     }
-}
-
-impl Default for Stack {
-    fn default() -> Self {
-        let mut stack = Self {
-            data: [StackEntry::default(); MAX_PLY + 16],
-            sentinel: [[0; 64]; 13],
-        };
 
+    pub fn new() -> Box<Self> {
+        let mut stack = Box::new(Self::default());
         let ptr = &raw mut stack.sentinel;
         for entry in &mut stack.data {
             entry.conthist = ptr;
@@ -29,6 +23,15 @@ impl Default for Stack {
     }
 }
 
+impl Default for Stack {
+    fn default() -> Self {
+        Self {
+            data: [StackEntry::default(); MAX_PLY + 16],
+            sentinel: [[0; 64]; 13],
+        }
+    }
+}
+
 #[derive(Copy, Clone)]
 pub struct StackEntry {
     pub mv: Move,

src/thread.rs

@@ -131,7 +131,7 @@ pub struct ThreadData {
     pub shared: Arc<SharedContext>,
     pub board: Board,
     pub time_manager: TimeManager,
-    pub stack: Stack,
+    pub stack: Box<Stack>,
     pub nnue: Network,
     pub root_moves: Vec<RootMove>,
     pub pv_table: PrincipalVariationTable,
@@ -162,7 +162,7 @@ impl ThreadData {
             shared,
             board: Board::starting_position(),
             time_manager: TimeManager::new(Limits::Infinite, 0, 0),
-            stack: Stack::default(),
+            stack: Stack::new(),
             nnue: Network::default(),
             root_moves: Vec::new(),
             pv_table: PrincipalVariationTable::default(),

src/threadpool.rs

@@ -17,7 +17,7 @@ use crate::{
 
 pub struct ThreadPool {
     pub workers: Vec<WorkerThread>,
-    pub vector: Vec<Box<ThreadData>>,
+    pub vector: Vec<ThreadData>,
 }
 
 impl ThreadPool {
@@ -57,11 +57,11 @@ impl ThreadPool {
         self.vector.len()
     }
 
-    pub fn iter(&self) -> impl Iterator<Item = &Box<ThreadData>> {
+    pub fn iter(&self) -> impl Iterator<Item = &ThreadData> {
         self.vector.iter()
     }
 
-    pub fn iter_mut(&mut self) -> impl Iterator<Item = &mut Box<ThreadData>> {
+    pub fn iter_mut(&mut self) -> impl Iterator<Item = &mut ThreadData> {
         self.vector.iter_mut()
     }
 
@@ -260,10 +260,8 @@ fn make_worker_threads(num_threads: usize) -> Vec<WorkerThread> {
     }
 }
 
-fn make_thread_data(
-    shared: Arc<SharedContext>, worker_threads: &[WorkerThread], board: Arc<Board>,
-) -> Vec<Box<ThreadData>> {
-    std::thread::scope(|scope| -> Vec<Box<ThreadData>> {
+fn make_thread_data(shared: Arc<SharedContext>, worker_threads: &[WorkerThread], board: Arc<Board>) -> Vec<ThreadData> {
+    std::thread::scope(|scope| -> Vec<ThreadData> {
         let handles = worker_threads
             .iter()
             .map(|worker| {
@@ -282,10 +280,10 @@ fn make_thread_data(
             })
             .collect::<Vec<_>>();
 
-        let mut thread_data: Vec<Box<ThreadData>> = Vec::with_capacity(handles.len());
+        let mut thread_data: Vec<ThreadData> = Vec::with_capacity(handles.len());
         for (rx, handle) in handles {
             let td = rx.recv().unwrap();
-            thread_data.push(td);
+            thread_data.push(*td);
             handle.join();
         }