malloca.h 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127
  1. /* Safe automatic memory allocation.
  2. Copyright (C) 2003-2007, 2009-2022 Free Software Foundation, Inc.
  3. Written by Bruno Haible <bruno@clisp.org>, 2003.
  4. This file is free software: you can redistribute it and/or modify
  5. it under the terms of the GNU Lesser General Public License as
  6. published by the Free Software Foundation; either version 2.1 of the
  7. License, or (at your option) any later version.
  8. This file is distributed in the hope that it will be useful,
  9. but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11. GNU Lesser General Public License for more details.
  12. You should have received a copy of the GNU Lesser General Public License
  13. along with this program. If not, see <https://www.gnu.org/licenses/>. */
  14. #ifndef _MALLOCA_H
  15. #define _MALLOCA_H
  16. #include <alloca.h>
  17. #include <stddef.h>
  18. #include <stdlib.h>
  19. #include <stdint.h>
  20. #include "xalloc-oversized.h"
  21. #ifdef __cplusplus
  22. extern "C" {
  23. #endif
  24. /* safe_alloca(N) is equivalent to alloca(N) when it is safe to call
  25. alloca(N); otherwise it returns NULL. It either returns N bytes of
  26. memory allocated on the stack, that lasts until the function returns,
  27. or NULL.
  28. Use of safe_alloca should be avoided:
  29. - inside arguments of function calls - undefined behaviour,
  30. - in inline functions - the allocation may actually last until the
  31. calling function returns.
  32. */
  33. #if HAVE_ALLOCA
  34. /* The OS usually guarantees only one guard page at the bottom of the stack,
  35. and a page size can be as small as 4096 bytes. So we cannot safely
  36. allocate anything larger than 4096 bytes. Also care for the possibility
  37. of a few compiler-allocated temporary stack slots.
  38. This must be a macro, not a function. */
  39. # define safe_alloca(N) ((N) < 4032 ? alloca (N) : NULL)
  40. #else
  41. # define safe_alloca(N) ((void) (N), NULL)
  42. #endif
  43. /* Free a block of memory allocated through malloca(). */
  44. #if HAVE_ALLOCA
  45. extern void freea (void *p);
  46. #else
  47. # define freea free
  48. #endif
  49. /* malloca(N) is a safe variant of alloca(N). It allocates N bytes of
  50. memory allocated on the stack, that must be freed using freea() before
  51. the function returns. Upon failure, it returns NULL. */
  52. #if HAVE_ALLOCA
  53. # define malloca(N) \
  54. ((N) < 4032 - (2 * sa_alignment_max - 1) \
  55. ? (void *) (((uintptr_t) (char *) alloca ((N) + 2 * sa_alignment_max - 1) \
  56. + (2 * sa_alignment_max - 1)) \
  57. & ~(uintptr_t)(2 * sa_alignment_max - 1)) \
  58. : mmalloca (N))
  59. #else
  60. # define malloca(N) \
  61. mmalloca (N)
  62. #endif
  63. extern void *mmalloca (size_t n)
  64. _GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC (freea, 1)
  65. _GL_ATTRIBUTE_ALLOC_SIZE ((1));
  66. /* nmalloca(N,S) is an overflow-safe variant of malloca (N * S).
  67. It allocates an array of N objects, each with S bytes of memory,
  68. on the stack. N and S should be nonnegative and free of side effects.
  69. The array must be freed using freea() before the function returns. */
  70. #define nmalloca(n, s) \
  71. (xalloc_oversized (n, s) ? NULL : malloca ((n) * (size_t) (s)))
  72. #ifdef __cplusplus
  73. }
  74. #endif
  75. /* ------------------- Auxiliary, non-public definitions ------------------- */
  76. /* Determine the alignment of a type at compile time. */
  77. #if defined __GNUC__ || defined __clang__ || defined __IBM__ALIGNOF__
  78. # define sa_alignof __alignof__
  79. #elif defined __cplusplus
  80. template <class type> struct sa_alignof_helper { char __slot1; type __slot2; };
  81. # define sa_alignof(type) offsetof (sa_alignof_helper<type>, __slot2)
  82. #elif defined __hpux
  83. /* Work around a HP-UX 10.20 cc bug with enums constants defined as offsetof
  84. values. */
  85. # define sa_alignof(type) (sizeof (type) <= 4 ? 4 : 8)
  86. #elif defined _AIX
  87. /* Work around an AIX 3.2.5 xlc bug with enums constants defined as offsetof
  88. values. */
  89. # define sa_alignof(type) (sizeof (type) <= 4 ? 4 : 8)
  90. #else
  91. # define sa_alignof(type) offsetof (struct { char __slot1; type __slot2; }, __slot2)
  92. #endif
  93. enum
  94. {
  95. /* The desired alignment of memory allocations is the maximum alignment
  96. among all elementary types. */
  97. sa_alignment_long = sa_alignof (long),
  98. sa_alignment_double = sa_alignof (double),
  99. sa_alignment_longlong = sa_alignof (long long),
  100. sa_alignment_longdouble = sa_alignof (long double),
  101. sa_alignment_max = ((sa_alignment_long - 1) | (sa_alignment_double - 1)
  102. | (sa_alignment_longlong - 1)
  103. | (sa_alignment_longdouble - 1)
  104. ) + 1
  105. };
  106. #endif /* _MALLOCA_H */