1 /* xalloc.h -- malloc with out-of-memory checking
2 
3    Copyright (C) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998,
4    1999, 2000, 2003, 2004, 2006, 2007, 2008 Free Software Foundation, Inc.
5 
6    This program is free software: you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10 
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15 
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
18 
19 #ifndef XALLOC_H_
20 # define XALLOC_H_
21 
22 # include <stddef.h>
23 
24 
25 # ifdef __cplusplus
26 extern "C" {
27 # endif
28 
29 
30 # ifndef __attribute__
31 #  if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 8)
32 #   define __attribute__(x)
33 #  endif
34 # endif
35 
36 # ifndef ATTRIBUTE_NORETURN
37 #  define ATTRIBUTE_NORETURN __attribute__ ((__noreturn__))
38 # endif
39 
40 # ifndef ATTRIBUTE_MALLOC
41 #  if __GNUC__ >= 3
42 #   define ATTRIBUTE_MALLOC __attribute__ ((__malloc__))
43 #  else
44 #   define ATTRIBUTE_MALLOC
45 #  endif
46 # endif
47 
48 /* This function is always triggered when memory is exhausted.
49    It must be defined by the application, either explicitly
50    or by using gnulib's xalloc-die module.  This is the
51    function to call when one wants the program to die because of a
52    memory allocation failure.  */
53 extern void xalloc_die (void) ATTRIBUTE_NORETURN;
54 
55 void *xmalloc (size_t s) ATTRIBUTE_MALLOC;
56 void *xzalloc (size_t s) ATTRIBUTE_MALLOC;
57 void *xcalloc (size_t n, size_t s) ATTRIBUTE_MALLOC;
58 void *xrealloc (void *p, size_t s);
59 void *x2realloc (void *p, size_t *pn);
60 void *xmemdup (void const *p, size_t s) ATTRIBUTE_MALLOC;
61 char *xstrdup (char const *str) ATTRIBUTE_MALLOC;
62 
63 /* Return 1 if an array of N objects, each of size S, cannot exist due
64    to size arithmetic overflow.  S must be positive and N must be
65    nonnegative.  This is a macro, not an inline function, so that it
66    works correctly even when SIZE_MAX < N.
67 
68    By gnulib convention, SIZE_MAX represents overflow in size
69    calculations, so the conservative dividend to use here is
70    SIZE_MAX - 1, since SIZE_MAX might represent an overflowed value.
71    However, malloc (SIZE_MAX) fails on all known hosts where
72    sizeof (ptrdiff_t) <= sizeof (size_t), so do not bother to test for
73    exactly-SIZE_MAX allocations on such hosts; this avoids a test and
74    branch when S is known to be 1.  */
75 # define xalloc_oversized(n, s) \
76     ((size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) < (n))
77 
78 
79 /* In the following macros, T must be an elementary or structure/union or
80    typedef'ed type, or a pointer to such a type.  To apply one of the
81    following macros to a function pointer or array type, you need to typedef
82    it first and use the typedef name.  */
83 
84 /* Allocate an object of type T dynamically, with error checking.  */
85 /* extern t *XMALLOC (typename t); */
86 # define XMALLOC(t) ((t *) xmalloc (sizeof (t)))
87 
88 /* Allocate memory for N elements of type T, with error checking.  */
89 /* extern t *XNMALLOC (size_t n, typename t); */
90 # define XNMALLOC(n, t) \
91     ((t *) (sizeof (t) == 1 ? xmalloc (n) : xnmalloc (n, sizeof (t))))
92 
93 /* Allocate an object of type T dynamically, with error checking,
94    and zero it.  */
95 /* extern t *XZALLOC (typename t); */
96 # define XZALLOC(t) ((t *) xzalloc (sizeof (t)))
97 
98 /* Allocate memory for N elements of type T, with error checking,
99    and zero it.  */
100 /* extern t *XCALLOC (size_t n, typename t); */
101 # define XCALLOC(n, t) \
102     ((t *) (sizeof (t) == 1 ? xzalloc (n) : xcalloc (n, sizeof (t))))
103 
104 
105 # if HAVE_INLINE
106 #  define static_inline static inline
107 # else
108    void *xnmalloc (size_t n, size_t s) ATTRIBUTE_MALLOC;
109    void *xnrealloc (void *p, size_t n, size_t s);
110    void *x2nrealloc (void *p, size_t *pn, size_t s);
111    char *xcharalloc (size_t n) ATTRIBUTE_MALLOC;
112 # endif
113 
114 # ifdef static_inline
115 
116 /* Allocate an array of N objects, each with S bytes of memory,
117    dynamically, with error checking.  S must be nonzero.  */
118 
119 static_inline void *xnmalloc (size_t n, size_t s) ATTRIBUTE_MALLOC;
120 static_inline void *
xnmalloc(size_t n,size_t s)121 xnmalloc (size_t n, size_t s)
122 {
123   if (xalloc_oversized (n, s))
124     xalloc_die ();
125   return xmalloc (n * s);
126 }
127 
128 /* Change the size of an allocated block of memory P to an array of N
129    objects each of S bytes, with error checking.  S must be nonzero.  */
130 
131 static_inline void *
xnrealloc(void * p,size_t n,size_t s)132 xnrealloc (void *p, size_t n, size_t s)
133 {
134   if (xalloc_oversized (n, s))
135     xalloc_die ();
136   return xrealloc (p, n * s);
137 }
138 
139 /* If P is null, allocate a block of at least *PN such objects;
140    otherwise, reallocate P so that it contains more than *PN objects
141    each of S bytes.  *PN must be nonzero unless P is null, and S must
142    be nonzero.  Set *PN to the new number of objects, and return the
143    pointer to the new block.  *PN is never set to zero, and the
144    returned pointer is never null.
145 
146    Repeated reallocations are guaranteed to make progress, either by
147    allocating an initial block with a nonzero size, or by allocating a
148    larger block.
149 
150    In the following implementation, nonzero sizes are increased by a
151    factor of approximately 1.5 so that repeated reallocations have
152    O(N) overall cost rather than O(N**2) cost, but the
153    specification for this function does not guarantee that rate.
154 
155    Here is an example of use:
156 
157      int *p = NULL;
158      size_t used = 0;
159      size_t allocated = 0;
160 
161      void
162      append_int (int value)
163        {
164 	 if (used == allocated)
165 	   p = x2nrealloc (p, &allocated, sizeof *p);
166 	 p[used++] = value;
167        }
168 
169    This causes x2nrealloc to allocate a block of some nonzero size the
170    first time it is called.
171 
172    To have finer-grained control over the initial size, set *PN to a
173    nonzero value before calling this function with P == NULL.  For
174    example:
175 
176      int *p = NULL;
177      size_t used = 0;
178      size_t allocated = 0;
179      size_t allocated1 = 1000;
180 
181      void
182      append_int (int value)
183        {
184 	 if (used == allocated)
185 	   {
186 	     p = x2nrealloc (p, &allocated1, sizeof *p);
187 	     allocated = allocated1;
188 	   }
189 	 p[used++] = value;
190        }
191 
192    */
193 
194 static_inline void *
x2nrealloc(void * p,size_t * pn,size_t s)195 x2nrealloc (void *p, size_t *pn, size_t s)
196 {
197   size_t n = *pn;
198 
199   if (! p)
200     {
201       if (! n)
202 	{
203 	  /* The approximate size to use for initial small allocation
204 	     requests, when the invoking code specifies an old size of
205 	     zero.  64 bytes is the largest "small" request for the
206 	     GNU C library malloc.  */
207 	  enum { DEFAULT_MXFAST = 64 };
208 
209 	  n = DEFAULT_MXFAST / s;
210 	  n += !n;
211 	}
212     }
213   else
214     {
215       /* Set N = ceil (1.5 * N) so that progress is made if N == 1.
216 	 Check for overflow, so that N * S stays in size_t range.
217 	 The check is slightly conservative, but an exact check isn't
218 	 worth the trouble.  */
219       if ((size_t) -1 / 3 * 2 / s <= n)
220 	xalloc_die ();
221       n += (n + 1) / 2;
222     }
223 
224   *pn = n;
225   return xrealloc (p, n * s);
226 }
227 
228 /* Return a pointer to a new buffer of N bytes.  This is like xmalloc,
229    except it returns char *.  */
230 
231 static_inline char *xcharalloc (size_t n) ATTRIBUTE_MALLOC;
232 static_inline char *
xcharalloc(size_t n)233 xcharalloc (size_t n)
234 {
235   return XNMALLOC (n, char);
236 }
237 
238 # endif
239 
240 # ifdef __cplusplus
241 }
242 
243 /* C++ does not allow conversions from void * to other pointer types
244    without a cast.  Use templates to work around the problem when
245    possible.  */
246 
247 template <typename T> inline T *
xrealloc(T * p,size_t s)248 xrealloc (T *p, size_t s)
249 {
250   return (T *) xrealloc ((void *) p, s);
251 }
252 
253 template <typename T> inline T *
xnrealloc(T * p,size_t n,size_t s)254 xnrealloc (T *p, size_t n, size_t s)
255 {
256   return (T *) xnrealloc ((void *) p, n, s);
257 }
258 
259 template <typename T> inline T *
x2realloc(T * p,size_t * pn)260 x2realloc (T *p, size_t *pn)
261 {
262   return (T *) x2realloc ((void *) p, pn);
263 }
264 
265 template <typename T> inline T *
x2nrealloc(T * p,size_t * pn,size_t s)266 x2nrealloc (T *p, size_t *pn, size_t s)
267 {
268   return (T *) x2nrealloc ((void *) p, pn, s);
269 }
270 
271 template <typename T> inline T *
xmemdup(T const * p,size_t s)272 xmemdup (T const *p, size_t s)
273 {
274   return (T *) xmemdup ((void const *) p, s);
275 }
276 
277 # endif
278 
279 
280 #endif /* !XALLOC_H_ */
281