/src/libunistring/lib/malloca.c

Source (jump to first uncovered line)
/* Safe automatic memory allocation.
   Copyright (C) 2003, 2006-2007, 2009-2022 Free Software Foundation, Inc.
   Written by Bruno Haible <bruno@clisp.org>, 2003, 2018.

   This file is free software: you can redistribute it and/or modify
   it under the terms of the GNU Lesser General Public License as
   published by the Free Software Foundation; either version 2.1 of the
   License, or (at your option) any later version.

   This file is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public License
   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */

#define _GL_USE_STDLIB_ALLOC 1
#include <config.h>

/* Specification.  */
#include "malloca.h"

#include "idx.h"
#include "intprops.h"
#include "verify.h"

/* The speed critical point in this file is freea() applied to an alloca()
   result: it must be fast, to match the speed of alloca().  The speed of
   mmalloca() and freea() in the other case are not critical, because they
   are only invoked for big memory sizes.
   Here we use a bit in the address as an indicator, an idea by Ondřej Bílka.
   malloca() can return three types of pointers:
     - Pointers ≡ 0 mod 2*sa_alignment_max come from stack allocation.
     - Pointers ≡ sa_alignment_max mod 2*sa_alignment_max come from heap
       allocation.
     - NULL comes from a failed heap allocation.  */

/* Type for holding very small pointer differences.  */
typedef unsigned char small_t;
/* Verify that it is wide enough.  */
verify (2 * sa_alignment_max - 1 <= (small_t) -1);

void *
mmalloca (size_t n)
{
#if HAVE_ALLOCA
  /* Allocate one more word, used to determine the address to pass to freea(),
     and room for the alignment ≡ sa_alignment_max mod 2*sa_alignment_max.  */
  uintptr_t alignment2_mask = 2 * sa_alignment_max - 1;
  int plus = sizeof (small_t) + alignment2_mask;
  idx_t nplus;
  if (!INT_ADD_WRAPV (n, plus, &nplus) && !xalloc_oversized (nplus, 1))
    {
      char *mem = (char *) malloc (nplus);

      if (mem != NULL)
        {
          uintptr_t umem = (uintptr_t)mem, umemplus;
          /* The INT_ADD_WRAPV avoids signed integer overflow on
             theoretical platforms where UINTPTR_MAX <= INT_MAX.  */
          INT_ADD_WRAPV (umem, sizeof (small_t) + sa_alignment_max - 1,
                         &umemplus);
          idx_t offset = ((umemplus & ~alignment2_mask)
                          + sa_alignment_max - umem);
          void *vp = mem + offset;
          small_t *p = vp;
          /* Here p >= mem + sizeof (small_t),
             and p <= mem + sizeof (small_t) + 2 * sa_alignment_max - 1
             hence p + n <= mem + nplus.
             So, the memory range [p, p+n) lies in the allocated memory range
             [mem, mem + nplus).  */
          p[-1] = offset;
          /* p ≡ sa_alignment_max mod 2*sa_alignment_max.  */
          return p;
        }
    }
  /* Out of memory.  */
  return NULL;
#else
# if !MALLOC_0_IS_NONNULL
  if (n == 0)
    n = 1;
# endif
  return malloc (n);
#endif
}

#if HAVE_ALLOCA
void
freea (void *p)
{
  /* Check argument.  */
  if ((uintptr_t) p & (sa_alignment_max - 1))
    {
      /* p was not the result of a malloca() call.  Invalid argument.  */
      abort ();
    }
  /* Determine whether p was a non-NULL pointer returned by mmalloca().  */
  if ((uintptr_t) p & sa_alignment_max)
    {
      void *mem = (char *) p - ((small_t *) p)[-1];
      free (mem);
    }
}
#endif

/*
 * Hey Emacs!
 * Local Variables:
 * coding: utf-8
 * End:
 */

Line	Count	Source (jump to first uncovered line)
1		/* Safe automatic memory allocation.
2		Copyright (C) 2003, 2006-2007, 2009-2022 Free Software Foundation, Inc.
3		Written by Bruno Haible <bruno@clisp.org>, 2003, 2018.
4
5		This file is free software: you can redistribute it and/or modify
6		it under the terms of the GNU Lesser General Public License as
7		published by the Free Software Foundation; either version 2.1 of the
8		License, or (at your option) any later version.
9
10		This file is distributed in the hope that it will be useful,
11		but WITHOUT ANY WARRANTY; without even the implied warranty of
12		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13		GNU Lesser General Public License for more details.
14
15		You should have received a copy of the GNU Lesser General Public License
16		along with this program. If not, see <https://www.gnu.org/licenses/>. */
17
18		#define _GL_USE_STDLIB_ALLOC 1
19		#include <config.h>
20
21		/* Specification. */
22		#include "malloca.h"
23
24		#include "idx.h"
25		#include "intprops.h"
26		#include "verify.h"
27
28		/* The speed critical point in this file is freea() applied to an alloca()
29		result: it must be fast, to match the speed of alloca(). The speed of
30		mmalloca() and freea() in the other case are not critical, because they
31		are only invoked for big memory sizes.
32		Here we use a bit in the address as an indicator, an idea by Ondřej Bílka.
33		malloca() can return three types of pointers:
34		- Pointers ≡ 0 mod 2*sa_alignment_max come from stack allocation.
35		- Pointers ≡ sa_alignment_max mod 2*sa_alignment_max come from heap
36		allocation.
37		- NULL comes from a failed heap allocation. */
38
39		/* Type for holding very small pointer differences. */
40		typedef unsigned char small_t;
41		/* Verify that it is wide enough. */
42		verify (2 * sa_alignment_max - 1 <= (small_t) -1);
43
44		void *
45		mmalloca (size_t n)
46	0	{
47	0	#if HAVE_ALLOCA
48		/* Allocate one more word, used to determine the address to pass to freea(),
49		and room for the alignment ≡ sa_alignment_max mod 2sa_alignment_max. /
50	0	uintptr_t alignment2_mask = 2 * sa_alignment_max - 1;
51	0	int plus = sizeof (small_t) + alignment2_mask;
52	0	idx_t nplus;
53	0	if (!INT_ADD_WRAPV (n, plus, &nplus) && !xalloc_oversized (nplus, 1))
54	0	{
55	0	char mem = (char ) malloc (nplus);
56
57	0	if (mem != NULL)
58	0	{
59	0	uintptr_t umem = (uintptr_t)mem, umemplus;
60		/* The INT_ADD_WRAPV avoids signed integer overflow on
61		theoretical platforms where UINTPTR_MAX <= INT_MAX. */
62	0	INT_ADD_WRAPV (umem, sizeof (small_t) + sa_alignment_max - 1,
63	0	&umemplus);
64	0	idx_t offset = ((umemplus & ~alignment2_mask)
65	0	+ sa_alignment_max - umem);
66	0	void *vp = mem + offset;
67	0	small_t *p = vp;
68		/* Here p >= mem + sizeof (small_t),
69		and p <= mem + sizeof (small_t) + 2 * sa_alignment_max - 1
70		hence p + n <= mem + nplus.
71		So, the memory range [p, p+n) lies in the allocated memory range
72		[mem, mem + nplus). */
73	0	p[-1] = offset;
74		/* p ≡ sa_alignment_max mod 2sa_alignment_max. /
75	0	return p;
76	0	}
77	0	}
78		/* Out of memory. */
79	0	return NULL;
80		#else
81		# if !MALLOC_0_IS_NONNULL
82		if (n == 0)
83		n = 1;
84		# endif
85		return malloc (n);
86		#endif
87	0	}
88
89		#if HAVE_ALLOCA
90		void
91		freea (void *p)
92	0	{
93		/* Check argument. */
94	0	if ((uintptr_t) p & (sa_alignment_max - 1))
95	0	{
96		/* p was not the result of a malloca() call. Invalid argument. */
97	0	abort ();
98	0	}
99		/* Determine whether p was a non-NULL pointer returned by mmalloca(). */
100	0	if ((uintptr_t) p & sa_alignment_max)
101	0	{
102	0	void mem = (char ) p - ((small_t *) p)[-1];
103	0	free (mem);
104	0	}
105	0	}
106		#endif
107
108		/*
109		* Hey Emacs!
110		* Local Variables:
111		* coding: utf-8
112		* End:
113		*/

Coverage Report

Created: 2023-03-26 07:33