Commit | Line | Data |
---|---|---|
98399780 | 1 | /* Safe automatic memory allocation. |
5e8754f9 | 2 | Copyright (C) 2003-2007, 2009-2016 Free Software Foundation, Inc. |
98399780 YQ |
3 | Written by Bruno Haible <bruno@clisp.org>, 2003. |
4 | ||
5 | This program is free software; you can redistribute it and/or modify | |
6 | it under the terms of the GNU General Public License as published by | |
7 | the Free Software Foundation; either version 3, or (at your option) | |
8 | any later version. | |
9 | ||
10 | This program is distributed in the hope that it will be useful, | |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | GNU General Public License for more details. | |
14 | ||
15 | You should have received a copy of the GNU General Public License | |
5e8754f9 | 16 | along with this program; if not, see <http://www.gnu.org/licenses/>. */ |
98399780 YQ |
17 | |
18 | #ifndef _MALLOCA_H | |
19 | #define _MALLOCA_H | |
20 | ||
21 | #include <alloca.h> | |
22 | #include <stddef.h> | |
23 | #include <stdlib.h> | |
24 | ||
25 | ||
26 | #ifdef __cplusplus | |
27 | extern "C" { | |
28 | #endif | |
29 | ||
30 | ||
31 | /* safe_alloca(N) is equivalent to alloca(N) when it is safe to call | |
32 | alloca(N); otherwise it returns NULL. It either returns N bytes of | |
33 | memory allocated on the stack, that lasts until the function returns, | |
34 | or NULL. | |
35 | Use of safe_alloca should be avoided: | |
36 | - inside arguments of function calls - undefined behaviour, | |
37 | - in inline functions - the allocation may actually last until the | |
38 | calling function returns. | |
39 | */ | |
40 | #if HAVE_ALLOCA | |
41 | /* The OS usually guarantees only one guard page at the bottom of the stack, | |
42 | and a page size can be as small as 4096 bytes. So we cannot safely | |
43 | allocate anything larger than 4096 bytes. Also care for the possibility | |
44 | of a few compiler-allocated temporary stack slots. | |
45 | This must be a macro, not a function. */ | |
46 | # define safe_alloca(N) ((N) < 4032 ? alloca (N) : NULL) | |
47 | #else | |
48 | # define safe_alloca(N) ((void) (N), NULL) | |
49 | #endif | |
50 | ||
51 | /* malloca(N) is a safe variant of alloca(N). It allocates N bytes of | |
52 | memory allocated on the stack, that must be freed using freea() before | |
53 | the function returns. Upon failure, it returns NULL. */ | |
54 | #if HAVE_ALLOCA | |
55 | # define malloca(N) \ | |
5e8754f9 SDJ |
56 | ((N) < 4032 - sa_increment \ |
57 | ? (void *) ((char *) alloca ((N) + sa_increment) + sa_increment) \ | |
98399780 YQ |
58 | : mmalloca (N)) |
59 | #else | |
60 | # define malloca(N) \ | |
61 | mmalloca (N) | |
62 | #endif | |
63 | extern void * mmalloca (size_t n); | |
64 | ||
65 | /* Free a block of memory allocated through malloca(). */ | |
66 | #if HAVE_ALLOCA | |
67 | extern void freea (void *p); | |
68 | #else | |
69 | # define freea free | |
70 | #endif | |
71 | ||
72 | /* nmalloca(N,S) is an overflow-safe variant of malloca (N * S). | |
73 | It allocates an array of N objects, each with S bytes of memory, | |
74 | on the stack. S must be positive and N must be nonnegative. | |
75 | The array must be freed using freea() before the function returns. */ | |
5e8754f9 SDJ |
76 | #if 1 |
77 | /* Cf. the definition of xalloc_oversized. */ | |
78 | # define nmalloca(n, s) \ | |
79 | ((n) > (size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) \ | |
80 | ? NULL \ | |
81 | : malloca ((n) * (s))) | |
82 | #else | |
83 | extern void * nmalloca (size_t n, size_t s); | |
84 | #endif | |
98399780 YQ |
85 | |
86 | ||
87 | #ifdef __cplusplus | |
88 | } | |
89 | #endif | |
90 | ||
91 | ||
92 | /* ------------------- Auxiliary, non-public definitions ------------------- */ | |
93 | ||
94 | /* Determine the alignment of a type at compile time. */ | |
4a626d0a | 95 | #if defined __GNUC__ || defined __IBM__ALIGNOF__ |
98399780 YQ |
96 | # define sa_alignof __alignof__ |
97 | #elif defined __cplusplus | |
98 | template <class type> struct sa_alignof_helper { char __slot1; type __slot2; }; | |
99 | # define sa_alignof(type) offsetof (sa_alignof_helper<type>, __slot2) | |
100 | #elif defined __hpux | |
101 | /* Work around a HP-UX 10.20 cc bug with enums constants defined as offsetof | |
102 | values. */ | |
103 | # define sa_alignof(type) (sizeof (type) <= 4 ? 4 : 8) | |
104 | #elif defined _AIX | |
105 | /* Work around an AIX 3.2.5 xlc bug with enums constants defined as offsetof | |
106 | values. */ | |
107 | # define sa_alignof(type) (sizeof (type) <= 4 ? 4 : 8) | |
108 | #else | |
109 | # define sa_alignof(type) offsetof (struct { char __slot1; type __slot2; }, __slot2) | |
110 | #endif | |
111 | ||
112 | enum | |
113 | { | |
114 | /* The desired alignment of memory allocations is the maximum alignment | |
115 | among all elementary types. */ | |
116 | sa_alignment_long = sa_alignof (long), | |
117 | sa_alignment_double = sa_alignof (double), | |
118 | #if HAVE_LONG_LONG_INT | |
119 | sa_alignment_longlong = sa_alignof (long long), | |
120 | #endif | |
121 | sa_alignment_longdouble = sa_alignof (long double), | |
122 | sa_alignment_max = ((sa_alignment_long - 1) | (sa_alignment_double - 1) | |
123 | #if HAVE_LONG_LONG_INT | |
124 | | (sa_alignment_longlong - 1) | |
125 | #endif | |
126 | | (sa_alignment_longdouble - 1) | |
5e8754f9 SDJ |
127 | ) + 1, |
128 | /* The increment that guarantees room for a magic word must be >= sizeof (int) | |
129 | and a multiple of sa_alignment_max. */ | |
130 | sa_increment = ((sizeof (int) + sa_alignment_max - 1) / sa_alignment_max) * sa_alignment_max | |
98399780 YQ |
131 | }; |
132 | ||
133 | #endif /* _MALLOCA_H */ |