|
version 1.1, 2012/02/21 22:57:48
|
version 1.1.1.3, 2021/03/17 13:38:46
|
|
Line 1
|
Line 1
|
| /* Safe automatic memory allocation. |
/* Safe automatic memory allocation. |
| Copyright (C) 2003, 2006-2007 Free Software Foundation, Inc. | Copyright (C) 2003, 2006-2007, 2009-2019 Free Software Foundation, Inc. |
| Written by Bruno Haible <bruno@clisp.org>, 2003. | Written by Bruno Haible <bruno@clisp.org>, 2003, 2018. |
| |
|
| This program is free software; you can redistribute it and/or modify |
This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
it under the terms of the GNU General Public License as published by |
|
Line 13
|
Line 13
|
| GNU General Public License for more details. |
GNU General Public License for more details. |
| |
|
| You should have received a copy of the GNU General Public License |
You should have received a copy of the GNU General Public License |
| along with this program; if not, write to the Free Software Foundation, | along with this program; if not, see <https://www.gnu.org/licenses/>. */ |
| Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ | |
| |
|
| |
#define _GL_USE_STDLIB_ALLOC 1 |
| #include <config.h> |
#include <config.h> |
| |
|
| /* Specification. */ |
/* Specification. */ |
| #include "malloca.h" |
#include "malloca.h" |
| |
|
| |
#include "verify.h" |
| |
|
| /* The speed critical point in this file is freea() applied to an alloca() |
/* The speed critical point in this file is freea() applied to an alloca() |
| result: it must be fast, to match the speed of alloca(). The speed of |
result: it must be fast, to match the speed of alloca(). The speed of |
| mmalloca() and freea() in the other case are not critical, because they |
mmalloca() and freea() in the other case are not critical, because they |
| are only invoked for big memory sizes. */ | are only invoked for big memory sizes. |
| | Here we use a bit in the address as an indicator, an idea by Ondřej Bílka. |
| | malloca() can return three types of pointers: |
| | - Pointers ≡ 0 mod 2*sa_alignment_max come from stack allocation. |
| | - Pointers ≡ sa_alignment_max mod 2*sa_alignment_max come from heap |
| | allocation. |
| | - NULL comes from a failed heap allocation. */ |
| |
|
| #if HAVE_ALLOCA | /* Type for holding very small pointer differences. */ |
| | typedef unsigned char small_t; |
| | /* Verify that it is wide enough. */ |
| | verify (2 * sa_alignment_max - 1 <= (small_t) -1); |
| |
|
| /* Store the mmalloca() results in a hash table. This is needed to reliably |
|
| distinguish a mmalloca() result and an alloca() result. |
|
| |
|
| Although it is possible that the same pointer is returned by alloca() and |
|
| by mmalloca() at different times in the same application, it does not lead |
|
| to a bug in freea(), because: |
|
| - Before a pointer returned by alloca() can point into malloc()ed memory, |
|
| the function must return, and once this has happened the programmer must |
|
| not call freea() on it anyway. |
|
| - Before a pointer returned by mmalloca() can point into the stack, it |
|
| must be freed. The only function that can free it is freea(), and |
|
| when freea() frees it, it also removes it from the hash table. */ |
|
| |
|
| #define MAGIC_NUMBER 0x1415fb4a |
|
| #define MAGIC_SIZE sizeof (int) |
|
| /* This is how the header info would look like without any alignment |
|
| considerations. */ |
|
| struct preliminary_header { void *next; char room[MAGIC_SIZE]; }; |
|
| /* But the header's size must be a multiple of sa_alignment_max. */ |
|
| #define HEADER_SIZE \ |
|
| (((sizeof (struct preliminary_header) + sa_alignment_max - 1) / sa_alignment_max) * sa_alignment_max) |
|
| struct header { void *next; char room[HEADER_SIZE - sizeof (struct preliminary_header) + MAGIC_SIZE]; }; |
|
| /* Verify that HEADER_SIZE == sizeof (struct header). */ |
|
| typedef int verify1[2 * (HEADER_SIZE == sizeof (struct header)) - 1]; |
|
| /* We make the hash table quite big, so that during lookups the probability |
|
| of empty hash buckets is quite high. There is no need to make the hash |
|
| table resizable, because when the hash table gets filled so much that the |
|
| lookup becomes slow, it means that the application has memory leaks. */ |
|
| #define HASH_TABLE_SIZE 257 |
|
| static void * mmalloca_results[HASH_TABLE_SIZE]; |
|
| |
|
| #endif |
|
| |
|
| void * |
void * |
| mmalloca (size_t n) |
mmalloca (size_t n) |
| { |
{ |
| #if HAVE_ALLOCA |
#if HAVE_ALLOCA |
| /* Allocate one more word, that serves as an indicator for malloc()ed | /* Allocate one more word, used to determine the address to pass to freea(), |
| memory, so that freea() of an alloca() result is fast. */ | and room for the alignment ≡ sa_alignment_max mod 2*sa_alignment_max. */ |
| size_t nplus = n + HEADER_SIZE; | size_t nplus = n + sizeof (small_t) + 2 * sa_alignment_max - 1; |
| |
|
| if (nplus >= n) |
if (nplus >= n) |
| { |
{ |
| char *p = (char *) malloc (nplus); | char *mem = (char *) malloc (nplus); |
| |
|
| if (p != NULL) | if (mem != NULL) |
| { | { |
| size_t slot; | char *p = |
| (char *)((((uintptr_t)mem + sizeof (small_t) + sa_alignment_max - 1) |
| p += HEADER_SIZE; | & ~(uintptr_t)(2 * sa_alignment_max - 1)) |
| + sa_alignment_max); |
| /* Put a magic number into the indicator word. */ | /* Here p >= mem + sizeof (small_t), |
| ((int *) p)[-1] = MAGIC_NUMBER; | and p <= mem + sizeof (small_t) + 2 * sa_alignment_max - 1 |
| hence p + n <= mem + nplus. |
| /* Enter p into the hash table. */ | So, the memory range [p, p+n) lies in the allocated memory range |
| slot = (unsigned long) p % HASH_TABLE_SIZE; | [mem, mem + nplus). */ |
| ((struct header *) (p - HEADER_SIZE))->next = mmalloca_results[slot]; | ((small_t *) p)[-1] = p - mem; |
| mmalloca_results[slot] = p; | /* p ≡ sa_alignment_max mod 2*sa_alignment_max. */ |
| return p; |
| return p; | } |
| } | |
| } |
} |
| /* Out of memory. */ |
/* Out of memory. */ |
| return NULL; |
return NULL; |
|
Line 105 mmalloca (size_t n)
|
Line 82 mmalloca (size_t n)
|
| void |
void |
| freea (void *p) |
freea (void *p) |
| { |
{ |
| /* mmalloca() may have returned NULL. */ | /* Check argument. */ |
| if (p != NULL) | if ((uintptr_t) p & (sa_alignment_max - 1)) |
| { |
{ |
| /* Attempt to quickly distinguish the mmalloca() result - which has | /* p was not the result of a malloca() call. Invalid argument. */ |
| a magic indicator word - and the alloca() result - which has an | abort (); |
| uninitialized indicator word. It is for this test that sa_increment | |
| additional bytes are allocated in the alloca() case. */ | |
| if (((int *) p)[-1] == MAGIC_NUMBER) | |
| { | |
| /* Looks like a mmalloca() result. To see whether it really is one, | |
| perform a lookup in the hash table. */ | |
| size_t slot = (unsigned long) p % HASH_TABLE_SIZE; | |
| void **chain = &mmalloca_results[slot]; | |
| for (; *chain != NULL;) | |
| { | |
| if (*chain == p) | |
| { | |
| /* Found it. Remove it from the hash table and free it. */ | |
| char *p_begin = (char *) p - HEADER_SIZE; | |
| *chain = ((struct header *) p_begin)->next; | |
| free (p_begin); | |
| return; | |
| } | |
| chain = &((struct header *) ((char *) *chain - HEADER_SIZE))->next; | |
| } | |
| } | |
| /* At this point, we know it was not a mmalloca() result. */ | |
| } |
} |
| |
/* Determine whether p was a non-NULL pointer returned by mmalloca(). */ |
| |
if ((uintptr_t) p & sa_alignment_max) |
| |
{ |
| |
void *mem = (char *) p - ((small_t *) p)[-1]; |
| |
free (mem); |
| |
} |
| } |
} |
| #endif |
#endif |
| |
|
| |
/* |
| |
* Hey Emacs! |
| |
* Local Variables: |
| |
* coding: utf-8 |
| |
* End: |
| |
*/ |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to malloca.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libiconv / srclib