| /* xmalloc.c -- malloc with out of memory checking |
| |
| Copyright (C) 1990-2000, 2002-2006, 2008-2021 Free Software Foundation, Inc. |
| |
| This program is free software: you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation; either version 3 of the License, or |
| (at your option) any later version. |
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| GNU General Public License for more details. |
| |
| You should have received a copy of the GNU General Public License |
| along with this program. If not, see <https://www.gnu.org/licenses/>. */ |
| |
| #include <config.h> |
| |
| #define XALLOC_INLINE _GL_EXTERN_INLINE |
| |
| #include "xalloc.h" |
| |
| #include "ialloc.h" |
| #include "intprops.h" |
| #include "minmax.h" |
| |
| #include <stdlib.h> |
| #include <string.h> |
| |
| static void * _GL_ATTRIBUTE_PURE |
| nonnull (void *p) |
| { |
| if (!p) |
| xalloc_die (); |
| return p; |
| } |
| |
| /* Allocate S bytes of memory dynamically, with error checking. */ |
| |
| void * |
| xmalloc (size_t s) |
| { |
| return nonnull (malloc (s)); |
| } |
| |
| void * |
| ximalloc (idx_t s) |
| { |
| return nonnull (imalloc (s)); |
| } |
| |
| char * |
| xcharalloc (size_t n) |
| { |
| return XNMALLOC (n, char); |
| } |
| |
| /* Change the size of an allocated block of memory P to S bytes, |
| with error checking. */ |
| |
| void * |
| xrealloc (void *p, size_t s) |
| { |
| void *r = realloc (p, s); |
| if (!r && (!p || s)) |
| xalloc_die (); |
| return r; |
| } |
| |
| void * |
| xirealloc (void *p, idx_t s) |
| { |
| return nonnull (irealloc (p, s)); |
| } |
| |
| /* Change the size of an allocated block of memory P to an array of N |
| objects each of S bytes, with error checking. */ |
| |
| void * |
| xreallocarray (void *p, size_t n, size_t s) |
| { |
| void *r = reallocarray (p, n, s); |
| if (!r && (!p || (n && s))) |
| xalloc_die (); |
| return r; |
| } |
| |
| void * |
| xireallocarray (void *p, idx_t n, idx_t s) |
| { |
| return nonnull (ireallocarray (p, n, s)); |
| } |
| |
| /* Allocate an array of N objects, each with S bytes of memory, |
| dynamically, with error checking. S must be nonzero. */ |
| |
| void * |
| xnmalloc (size_t n, size_t s) |
| { |
| return xreallocarray (NULL, n, s); |
| } |
| |
| /* If P is null, allocate a block of at least *PS bytes; otherwise, |
| reallocate P so that it contains more than *PS bytes. *PS must be |
| nonzero unless P is null. Set *PS to the new block's size, and |
| return the pointer to the new block. *PS is never set to zero, and |
| the returned pointer is never null. */ |
| |
| void * |
| x2realloc (void *p, size_t *ps) |
| { |
| return x2nrealloc (p, ps, 1); |
| } |
| |
| /* If P is null, allocate a block of at least *PN such objects; |
| otherwise, reallocate P so that it contains more than *PN objects |
| each of S bytes. S must be nonzero. Set *PN to the new number of |
| objects, and return the pointer to the new block. *PN is never set |
| to zero, and the returned pointer is never null. |
| |
| Repeated reallocations are guaranteed to make progress, either by |
| allocating an initial block with a nonzero size, or by allocating a |
| larger block. |
| |
| In the following implementation, nonzero sizes are increased by a |
| factor of approximately 1.5 so that repeated reallocations have |
| O(N) overall cost rather than O(N**2) cost, but the |
| specification for this function does not guarantee that rate. |
| |
| Here is an example of use: |
| |
| int *p = NULL; |
| size_t used = 0; |
| size_t allocated = 0; |
| |
| void |
| append_int (int value) |
| { |
| if (used == allocated) |
| p = x2nrealloc (p, &allocated, sizeof *p); |
| p[used++] = value; |
| } |
| |
| This causes x2nrealloc to allocate a block of some nonzero size the |
| first time it is called. |
| |
| To have finer-grained control over the initial size, set *PN to a |
| nonzero value before calling this function with P == NULL. For |
| example: |
| |
| int *p = NULL; |
| size_t used = 0; |
| size_t allocated = 0; |
| size_t allocated1 = 1000; |
| |
| void |
| append_int (int value) |
| { |
| if (used == allocated) |
| { |
| p = x2nrealloc (p, &allocated1, sizeof *p); |
| allocated = allocated1; |
| } |
| p[used++] = value; |
| } |
| |
| */ |
| |
| void * |
| x2nrealloc (void *p, size_t *pn, size_t s) |
| { |
| size_t n = *pn; |
| |
| if (! p) |
| { |
| if (! n) |
| { |
| /* The approximate size to use for initial small allocation |
| requests, when the invoking code specifies an old size of |
| zero. This is the largest "small" request for the GNU C |
| library malloc. */ |
| enum { DEFAULT_MXFAST = 64 * sizeof (size_t) / 4 }; |
| |
| n = DEFAULT_MXFAST / s; |
| n += !n; |
| } |
| } |
| else |
| { |
| /* Set N = floor (1.5 * N) + 1 to make progress even if N == 0. */ |
| if (INT_ADD_WRAPV (n, (n >> 1) + 1, &n)) |
| xalloc_die (); |
| } |
| |
| p = xreallocarray (p, n, s); |
| *pn = n; |
| return p; |
| } |
| |
| /* Grow PA, which points to an array of *PN items, and return the |
| location of the reallocated array, updating *PN to reflect its |
| new size. The new array will contain at least N_INCR_MIN more |
| items, but will not contain more than N_MAX items total. |
| S is the size of each item, in bytes. |
| |
| S and N_INCR_MIN must be positive. *PN must be |
| nonnegative. If N_MAX is -1, it is treated as if it were |
| infinity. |
| |
| If PA is null, then allocate a new array instead of reallocating |
| the old one. |
| |
| Thus, to grow an array A without saving its old contents, do |
| { free (A); A = xpalloc (NULL, &AITEMS, ...); }. */ |
| |
| void * |
| xpalloc (void *pa, idx_t *pn, idx_t n_incr_min, ptrdiff_t n_max, idx_t s) |
| { |
| idx_t n0 = *pn; |
| |
| /* The approximate size to use for initial small allocation |
| requests. This is the largest "small" request for the GNU C |
| library malloc. */ |
| enum { DEFAULT_MXFAST = 64 * sizeof (size_t) / 4 }; |
| |
| /* If the array is tiny, grow it to about (but no greater than) |
| DEFAULT_MXFAST bytes. Otherwise, grow it by about 50%. |
| Adjust the growth according to three constraints: N_INCR_MIN, |
| N_MAX, and what the C language can represent safely. */ |
| |
| idx_t n; |
| if (INT_ADD_WRAPV (n0, n0 >> 1, &n)) |
| n = IDX_MAX; |
| if (0 <= n_max && n_max < n) |
| n = n_max; |
| |
| /* NBYTES is of a type suitable for holding the count of bytes in an object. |
| This is typically idx_t, but it should be size_t on (theoretical?) |
| platforms where SIZE_MAX < IDX_MAX so xpalloc does not pass |
| values greater than SIZE_MAX to xrealloc. */ |
| #if IDX_MAX <= SIZE_MAX |
| idx_t nbytes; |
| #else |
| size_t nbytes; |
| #endif |
| idx_t adjusted_nbytes |
| = (INT_MULTIPLY_WRAPV (n, s, &nbytes) |
| ? MIN (IDX_MAX, SIZE_MAX) |
| : nbytes < DEFAULT_MXFAST ? DEFAULT_MXFAST : 0); |
| if (adjusted_nbytes) |
| { |
| n = adjusted_nbytes / s; |
| nbytes = adjusted_nbytes - adjusted_nbytes % s; |
| } |
| |
| if (! pa) |
| *pn = 0; |
| if (n - n0 < n_incr_min |
| && (INT_ADD_WRAPV (n0, n_incr_min, &n) |
| || (0 <= n_max && n_max < n) |
| || INT_MULTIPLY_WRAPV (n, s, &nbytes))) |
| xalloc_die (); |
| pa = xrealloc (pa, nbytes); |
| *pn = n; |
| return pa; |
| } |
| |
| /* Allocate S bytes of zeroed memory dynamically, with error checking. |
| There's no need for xnzalloc (N, S), since it would be equivalent |
| to xcalloc (N, S). */ |
| |
| void * |
| xzalloc (size_t s) |
| { |
| return xcalloc (s, 1); |
| } |
| |
| void * |
| xizalloc (idx_t s) |
| { |
| return xicalloc (s, 1); |
| } |
| |
| /* Allocate zeroed memory for N elements of S bytes, with error |
| checking. S must be nonzero. */ |
| |
| void * |
| xcalloc (size_t n, size_t s) |
| { |
| return nonnull (calloc (n, s)); |
| } |
| |
| void * |
| xicalloc (idx_t n, idx_t s) |
| { |
| return nonnull (icalloc (n, s)); |
| } |
| |
| /* Clone an object P of size S, with error checking. There's no need |
| for xnmemdup (P, N, S), since xmemdup (P, N * S) works without any |
| need for an arithmetic overflow check. */ |
| |
| void * |
| xmemdup (void const *p, size_t s) |
| { |
| return memcpy (xmalloc (s), p, s); |
| } |
| |
| void * |
| ximemdup (void const *p, idx_t s) |
| { |
| return memcpy (ximalloc (s), p, s); |
| } |
| |
| /* Clone an object P of size S, with error checking. Append |
| a terminating NUL byte. */ |
| |
| char * |
| ximemdup0 (void const *p, idx_t s) |
| { |
| char *result = ximalloc (s + 1); |
| result[s] = 0; |
| return memcpy (result, p, s); |
| } |
| |
| /* Clone STRING. */ |
| |
| char * |
| xstrdup (char const *string) |
| { |
| return xmemdup (string, strlen (string) + 1); |
| } |