1: /* Safe automatic memory allocation.
    2:    Copyright (C) 2003, 2006 Free Software Foundation, Inc.
    3:    Written by Bruno Haible <bruno@clisp.org>, 2003.
    4: 
    5:    This program is free software; you can redistribute it and/or modify
    6:    it under the terms of the GNU General Public License as published by
    7:    the Free Software Foundation; either version 2, or (at your option)
    8:    any later version.
    9: 
   10:    This program is distributed in the hope that it will be useful,
   11:    but WITHOUT ANY WARRANTY; without even the implied warranty of
   12:    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   13:    GNU General Public License for more details.
   14: 
   15:    You should have received a copy of the GNU General Public License
   16:    along with this program; if not, write to the Free Software Foundation,
   17:    Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
   18: 
   19: #include <config.h>
   20: 
   21: /* Specification.  */
   22: #include "allocsa.h"
   23: 
   24: /* The speed critical point in this file is freesa() applied to an alloca()
   25:    result: it must be fast, to match the speed of alloca().  The speed of
   26:    mallocsa() and freesa() in the other case are not critical, because they
   27:    are only invoked for big memory sizes.  */
   28: 
   29: #if HAVE_ALLOCA
   30: 
   31: /* Store the mallocsa() results in a hash table.  This is needed to reliably
   32:    distinguish a mallocsa() result and an alloca() result.
   33: 
   34:    Although it is possible that the same pointer is returned by alloca() and
   35:    by mallocsa() at different times in the same application, it does not lead
   36:    to a bug in freesa(), because:
   37:      - Before a pointer returned by alloca() can point into malloc()ed memory,
   38:        the function must return, and once this has happened the programmer must
   39:        not call freesa() on it anyway.
   40:      - Before a pointer returned by mallocsa() can point into the stack, it
   41:        must be freed.  The only function that can free it is freesa(), and
   42:        when freesa() frees it, it also removes it from the hash table.  */
   43: 
   44: #define MAGIC_NUMBER 0x1415fb4a
   45: #define MAGIC_SIZE sizeof (int)
   46: /* This is how the header info would look like without any alignment
   47:    considerations.  */
   48: struct preliminary_header { void *next; char room[MAGIC_SIZE]; };
   49: /* But the header's size must be a multiple of sa_alignment_max.  */
   50: #define HEADER_SIZE \
   51:   (((sizeof (struct preliminary_header) + sa_alignment_max - 1) / sa_alignment_max) * sa_alignment_max)
   52: struct header { void *next; char room[HEADER_SIZE - sizeof (struct preliminary_header) + MAGIC_SIZE]; };
   53: /* Verify that HEADER_SIZE == sizeof (struct header).  */
   54: typedef int verify1[2 * (HEADER_SIZE == sizeof (struct header)) - 1];
   55: /* We make the hash table quite big, so that during lookups the probability
   56:    of empty hash buckets is quite high.  There is no need to make the hash
   57:    table resizable, because when the hash table gets filled so much that the
   58:    lookup becomes slow, it means that the application has memory leaks.  */
   59: #define HASH_TABLE_SIZE 257
   60: static void * mallocsa_results[HASH_TABLE_SIZE];
   61: 
   62: #endif
   63: 
   64: void *
   65: mallocsa (size_t n)
   66: {
   67: #if HAVE_ALLOCA
   68:   /* Allocate one more word, that serves as an indicator for malloc()ed
   69:      memory, so that freesa() of an alloca() result is fast.  */
   70:   size_t nplus = n + HEADER_SIZE;
   71: 
   72:   if (nplus >= n)
   73:     {
   74:       char *p = (char *) malloc (nplus);
   75: 
   76:       if (p != NULL)
   77:         {
   78:           size_t slot;
   79: 
   80:           p += HEADER_SIZE;
   81: 
   82:           /* Put a magic number into the indicator word.  */
   83:           ((int *) p)[-1] = MAGIC_NUMBER;
   84: 
   85:           /* Enter p into the hash table.  */
   86:           slot = (unsigned long) p % HASH_TABLE_SIZE;
   87:           ((struct header *) (p - HEADER_SIZE))->next = mallocsa_results[slot];
   88:           mallocsa_results[slot] = p;
   89: 
   90:           return p;
   91:         }
   92:     }
   93:   /* Out of memory.  */
   94:   return NULL;
   95: #else
   96: # if !MALLOC_0_IS_NONNULL
   97:   if (n == 0)
   98:     n = 1;
   99: # endif
  100:   return malloc (n);
  101: #endif
  102: }
  103: 
  104: #if HAVE_ALLOCA
  105: void
  106: freesa (void *p)
  107: {
  108:   /* mallocsa() may have returned NULL.  */
  109:   if (p != NULL)
  110:     {
  111:       /* Attempt to quickly distinguish the mallocsa() result - which has
  112:          a magic indicator word - and the alloca() result - which has an
  113:          uninitialized indicator word.  It is for this test that sa_increment
  114:          additional bytes are allocated in the alloca() case.  */
  115:       if (((int *) p)[-1] == MAGIC_NUMBER)
  116:         {
  117:           /* Looks like a mallocsa() result.  To see whether it really is one,
  118:              perform a lookup in the hash table.  */
  119:           size_t slot = (unsigned long) p % HASH_TABLE_SIZE;
  120:           void **chain = &mallocsa_results[slot];
  121:           for (; *chain != NULL;)
  122:             {
  123:               if (*chain == p)
  124:                 {
  125:                   /* Found it.  Remove it from the hash table and free it.  */
  126:                   char *p_begin = (char *) p - HEADER_SIZE;
  127:                   *chain = ((struct header *) p_begin)->next;
  128:                   free (p_begin);
  129:                   return;
  130:                 }
  131:               chain = &((struct header *) ((char *) *chain - HEADER_SIZE))->next;
  132:             }
  133:         }
  134:       /* At this point, we know it was not a mallocsa() result.  */
  135:     }
  136: }
  137: #endif