2023-02-04 21:13:59 +01:00
|
|
|
/*
|
|
|
|
* SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
|
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
2023-02-19 20:40:16 +01:00
|
|
|
#ifndef SHADOW_INCLUDE_LIB_MALLOC_H_
|
|
|
|
#define SHADOW_INCLUDE_LIB_MALLOC_H_
|
|
|
|
|
|
|
|
|
2023-02-04 21:13:59 +01:00
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include <assert.h>
|
|
|
|
#include <errno.h>
|
2023-02-19 20:40:16 +01:00
|
|
|
#include <stddef.h>
|
2023-02-04 21:13:59 +01:00
|
|
|
#include <stdint.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
#include "defines.h"
|
|
|
|
|
|
|
|
|
libmisc: Add safer allocation macros
This macros have several benefits over the standard functions:
- The type of the allocated object (not the pointer) is specified as an
argument, which improves readability:
- It is directly obvious what is the type of the object just by
reading the macro call.
- It allows grepping for all allocations of a given type.
This is admittedly similar to using sizeof() to get the size of the
object, but we'll see why this is better.
- In the case of reallocation macros, an extra check is performed to
make sure that the previous pointer was compatible with the allocated
type, which can avoid some mistakes.
- The cast is performed automatically, with a pointer type derived from
the type of the object. This is the best point of this macro, since
it does an automatic cast, where there's no chance of typos.
Usually, programmers have to decide whether to cast or not the result
of malloc(3). Casts usually hide warnings, so are to be avoided.
However, these functions already return a void *, so a cast doesn't
really add much danger. Moreover, a cast can even add warnings in
this exceptional case, if the type of the cast is different than the
type of the assigned pointer. Performing a manual cast is still not
perfect, since there are chances that a mistake will be done, and
even ignoring accidents, they clutter code, hurting readability.
And now we have a cast that is synced with sizeof.
- Whenever the type of the object changes, since we perform an explicit
cast to the old type, there will be a warning due to type mismatch in
the assignment, so we'll be able to see all lines that are affected
by such a change. This is especially important, since changing the
type of a variable and missing to update an allocation call far away
from the declaration is easy, and the consequences can be quite bad.
Cc: Valentin V. Bartenev <vbartenev@gmail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-02-01 16:30:52 +01:00
|
|
|
#define ALLOCARRAY(n, type) ((type *) alloca(sizeof(type) * (n)))
|
|
|
|
#define CALLOC(n, type) ((type *) calloc(n, sizeof(type)))
|
|
|
|
#define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
|
|
|
|
#define MALLOCARRAY(n, type) ((type *) mallocarray(n, sizeof(type)))
|
|
|
|
#define XMALLOCARRAY(n, type) ((type *) xmallocarray(n, sizeof(type)))
|
|
|
|
|
|
|
|
#define ALLOCA(type) ALLOCARRAY(1, type)
|
|
|
|
#define MALLOC(type) MALLOCARRAY(1, type)
|
|
|
|
#define XMALLOC(type) XMALLOCARRAY(1, type)
|
|
|
|
#define REALLOC(ptr, type) REALLOCARRAY(ptr, 1, type)
|
|
|
|
#define REALLOCF(ptr, type) REALLOCARRAYF(ptr, 1, type)
|
|
|
|
|
|
|
|
#define REALLOCARRAY(ptr, n, type) \
|
|
|
|
({ \
|
|
|
|
__auto_type p_ = (ptr); \
|
|
|
|
\
|
|
|
|
static_assert(__builtin_types_compatible_p(typeof(p_), type *), ""); \
|
|
|
|
\
|
|
|
|
(type *) reallocarray(p_, n, sizeof(type)); \
|
|
|
|
})
|
|
|
|
|
|
|
|
#define REALLOCARRAYF(ptr, n, type) \
|
|
|
|
({ \
|
|
|
|
__auto_type p_ = (ptr); \
|
|
|
|
\
|
|
|
|
static_assert(__builtin_types_compatible_p(typeof(p_), type *), ""); \
|
|
|
|
\
|
|
|
|
(type *) reallocarrayf(p_, n, sizeof(type)); \
|
|
|
|
})
|
|
|
|
|
|
|
|
#define XREALLOCARRAY(ptr, n, type) \
|
|
|
|
({ \
|
|
|
|
__auto_type p_ = (ptr); \
|
|
|
|
\
|
|
|
|
static_assert(__builtin_types_compatible_p(typeof(p_), type *), ""); \
|
|
|
|
\
|
|
|
|
(type *) xreallocarray(p_, n, sizeof(type)); \
|
|
|
|
})
|
|
|
|
|
|
|
|
|
2023-02-04 21:13:59 +01:00
|
|
|
ATTR_MALLOC(free)
|
|
|
|
inline void *xmalloc(size_t size);
|
|
|
|
ATTR_MALLOC(free)
|
|
|
|
inline void *xmallocarray(size_t nmemb, size_t size);
|
|
|
|
ATTR_MALLOC(free)
|
|
|
|
inline void *mallocarray(size_t nmemb, size_t size);
|
|
|
|
ATTR_MALLOC(free)
|
|
|
|
inline void *reallocarrayf(void *p, size_t nmemb, size_t size);
|
|
|
|
ATTR_MALLOC(free)
|
|
|
|
inline char *xstrdup(const char *str);
|
|
|
|
|
|
|
|
ATTR_MALLOC(free)
|
|
|
|
void *xcalloc(size_t nmemb, size_t size);
|
|
|
|
ATTR_MALLOC(free)
|
|
|
|
void *xreallocarray(void *p, size_t nmemb, size_t size);
|
|
|
|
|
|
|
|
|
|
|
|
inline void *
|
|
|
|
xmalloc(size_t size)
|
|
|
|
{
|
|
|
|
return xmallocarray(1, size);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
inline void *
|
|
|
|
xmallocarray(size_t nmemb, size_t size)
|
|
|
|
{
|
|
|
|
return xreallocarray(NULL, nmemb, size);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
inline void *
|
|
|
|
mallocarray(size_t nmemb, size_t size)
|
|
|
|
{
|
|
|
|
return reallocarray(NULL, nmemb, size);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
inline void *
|
|
|
|
reallocarrayf(void *p, size_t nmemb, size_t size)
|
|
|
|
{
|
|
|
|
void *q;
|
|
|
|
|
|
|
|
q = reallocarray(p, nmemb, size);
|
|
|
|
|
|
|
|
/* realloc(p, 0) is equivalent to free(p); avoid double free. */
|
|
|
|
if (q == NULL && nmemb != 0 && size != 0)
|
|
|
|
free(p);
|
|
|
|
return q;
|
|
|
|
}
|
|
|
|
|
2023-02-19 20:40:16 +01:00
|
|
|
|
2023-02-04 21:13:59 +01:00
|
|
|
inline char *
|
|
|
|
xstrdup(const char *str)
|
|
|
|
{
|
|
|
|
return strcpy(XMALLOCARRAY(strlen(str) + 1, char), str);
|
|
|
|
}
|
2023-02-19 20:40:16 +01:00
|
|
|
|
|
|
|
|
|
|
|
#endif // include guard
|