1 /* xalloc.h -- malloc with out-of-memory checking 2 3 Copyright (C) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 4 1999, 2000, 2003, 2004, 2006, 2007 Free Software Foundation, Inc. 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 2, or (at your option) 9 any later version. 10 11 This program is distributed in the hope that it will be useful, 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 GNU General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with this program; if not, write to the Free Software Foundation, 18 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ 19 20 #ifndef XALLOC_H_ 21 # define XALLOC_H_ 22 23 # include <stddef.h> 24 25 26 # ifdef __cplusplus 27 extern "C" { 28 # endif 29 30 31 # ifndef __attribute__ 32 # if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 8) || __STRICT_ANSI__ 33 # define __attribute__(x) 34 # endif 35 # endif 36 37 # ifndef ATTRIBUTE_NORETURN 38 # define ATTRIBUTE_NORETURN __attribute__ ((__noreturn__)) 39 # endif 40 41 /* This function is always triggered when memory is exhausted. 42 It must be defined by the application, either explicitly 43 or by using gnulib's xalloc-die module. This is the 44 function to call when one wants the program to die because of a 45 memory allocation failure. */ 46 extern void xalloc_die (void) ATTRIBUTE_NORETURN; 47 48 void *xmalloc (size_t s); 49 void *xzalloc (size_t s); 50 void *xcalloc (size_t n, size_t s); 51 void *xrealloc (void *p, size_t s); 52 void *x2realloc (void *p, size_t *pn); 53 void *xmemdup (void const *p, size_t s); 54 char *xstrdup (char const *str); 55 56 /* Return 1 if an array of N objects, each of size S, cannot exist due 57 to size arithmetic overflow. S must be positive and N must be 58 nonnegative. This is a macro, not an inline function, so that it 59 works correctly even when SIZE_MAX < N. 60 61 By gnulib convention, SIZE_MAX represents overflow in size 62 calculations, so the conservative dividend to use here is 63 SIZE_MAX - 1, since SIZE_MAX might represent an overflowed value. 64 However, malloc (SIZE_MAX) fails on all known hosts where 65 sizeof (ptrdiff_t) <= sizeof (size_t), so do not bother to test for 66 exactly-SIZE_MAX allocations on such hosts; this avoids a test and 67 branch when S is known to be 1. */ 68 # define xalloc_oversized(n, s) \ 69 ((size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) < (n)) 70 71 72 /* In the following macros, T must be an elementary or structure/union or 73 typedef'ed type, or a pointer to such a type. To apply one of the 74 following macros to a function pointer or array type, you need to typedef 75 it first and use the typedef name. */ 76 77 /* Allocate an object of type T dynamically, with error checking. */ 78 /* extern t *XMALLOC (typename t); */ 79 # define XMALLOC(t) ((t *) xmalloc (sizeof (t))) 80 81 /* Allocate memory for N elements of type T, with error checking. */ 82 /* extern t *XNMALLOC (size_t n, typename t); */ 83 # define XNMALLOC(n, t) \ 84 ((t *) (sizeof (t) == 1 ? xmalloc (n) : xnmalloc (n, sizeof (t)))) 85 86 /* Allocate an object of type T dynamically, with error checking, 87 and zero it. */ 88 /* extern t *XZALLOC (typename t); */ 89 # define XZALLOC(t) ((t *) xzalloc (sizeof (t))) 90 91 /* Allocate memory for N elements of type T, with error checking, 92 and zero it. */ 93 /* extern t *XCALLOC (size_t n, typename t); */ 94 # define XCALLOC(n, t) \ 95 ((t *) (sizeof (t) == 1 ? xzalloc (n) : xcalloc (n, sizeof (t)))) 96 97 98 # if HAVE_INLINE 99 # define static_inline static inline 100 # else 101 void *xnmalloc (size_t n, size_t s); 102 void *xnrealloc (void *p, size_t n, size_t s); 103 void *x2nrealloc (void *p, size_t *pn, size_t s); 104 char *xcharalloc (size_t n); 105 # endif 106 107 # ifdef static_inline 108 109 /* Allocate an array of N objects, each with S bytes of memory, 110 dynamically, with error checking. S must be nonzero. */ 111 112 static_inline void * 113 xnmalloc (size_t n, size_t s) 114 { 115 if (xalloc_oversized (n, s)) 116 xalloc_die (); 117 return xmalloc (n * s); 118 } 119 120 /* Change the size of an allocated block of memory P to an array of N 121 objects each of S bytes, with error checking. S must be nonzero. */ 122 123 static_inline void * 124 xnrealloc (void *p, size_t n, size_t s) 125 { 126 if (xalloc_oversized (n, s)) 127 xalloc_die (); 128 return xrealloc (p, n * s); 129 } 130 131 /* If P is null, allocate a block of at least *PN such objects; 132 otherwise, reallocate P so that it contains more than *PN objects 133 each of S bytes. *PN must be nonzero unless P is null, and S must 134 be nonzero. Set *PN to the new number of objects, and return the 135 pointer to the new block. *PN is never set to zero, and the 136 returned pointer is never null. 137 138 Repeated reallocations are guaranteed to make progress, either by 139 allocating an initial block with a nonzero size, or by allocating a 140 larger block. 141 142 In the following implementation, nonzero sizes are increased by a 143 factor of approximately 1.5 so that repeated reallocations have 144 O(N) overall cost rather than O(N**2) cost, but the 145 specification for this function does not guarantee that rate. 146 147 Here is an example of use: 148 149 int *p = NULL; 150 size_t used = 0; 151 size_t allocated = 0; 152 153 void 154 append_int (int value) 155 { 156 if (used == allocated) 157 p = x2nrealloc (p, &allocated, sizeof *p); 158 p[used++] = value; 159 } 160 161 This causes x2nrealloc to allocate a block of some nonzero size the 162 first time it is called. 163 164 To have finer-grained control over the initial size, set *PN to a 165 nonzero value before calling this function with P == NULL. For 166 example: 167 168 int *p = NULL; 169 size_t used = 0; 170 size_t allocated = 0; 171 size_t allocated1 = 1000; 172 173 void 174 append_int (int value) 175 { 176 if (used == allocated) 177 { 178 p = x2nrealloc (p, &allocated1, sizeof *p); 179 allocated = allocated1; 180 } 181 p[used++] = value; 182 } 183 184 */ 185 186 static_inline void * 187 x2nrealloc (void *p, size_t *pn, size_t s) 188 { 189 size_t n = *pn; 190 191 if (! p) 192 { 193 if (! n) 194 { 195 /* The approximate size to use for initial small allocation 196 requests, when the invoking code specifies an old size of 197 zero. 64 bytes is the largest "small" request for the 198 GNU C library malloc. */ 199 enum { DEFAULT_MXFAST = 64 }; 200 201 n = DEFAULT_MXFAST / s; 202 n += !n; 203 } 204 } 205 else 206 { 207 /* Set N = ceil (1.5 * N) so that progress is made if N == 1. 208 Check for overflow, so that N * S stays in size_t range. 209 The check is slightly conservative, but an exact check isn't 210 worth the trouble. */ 211 if ((size_t) -1 / 3 * 2 / s <= n) 212 xalloc_die (); 213 n += (n + 1) / 2; 214 } 215 216 *pn = n; 217 return xrealloc (p, n * s); 218 } 219 220 /* Return a pointer to a new buffer of N bytes. This is like xmalloc, 221 except it returns char *. */ 222 223 static_inline char * 224 xcharalloc (size_t n) 225 { 226 return XNMALLOC (n, char); 227 } 228 229 # endif 230 231 # ifdef __cplusplus 232 } 233 234 /* C++ does not allow conversions from void * to other pointer types 235 without a cast. Use templates to work around the problem when 236 possible. */ 237 238 template <typename T> inline T * 239 xrealloc (T *p, size_t s) 240 { 241 return (T *) xrealloc ((void *) p, s); 242 } 243 244 template <typename T> inline T * 245 xnrealloc (T *p, size_t n, size_t s) 246 { 247 return (T *) xnrealloc ((void *) p, n, s); 248 } 249 250 template <typename T> inline T * 251 x2realloc (T *p, size_t *pn) 252 { 253 return (T *) x2realloc ((void *) p, pn); 254 } 255 256 template <typename T> inline T * 257 x2nrealloc (T *p, size_t *pn, size_t s) 258 { 259 return (T *) x2nrealloc ((void *) p, pn, s); 260 } 261 262 template <typename T> inline T * 263 xmemdup (T const *p, size_t s) 264 { 265 return (T *) xmemdup ((void const *) p, s); 266 } 267 268 # endif 269 270 271 #endif /* !XALLOC_H_ */