/* vim: set expandtab ts=4 sw=4: */ /* * You may redistribute this program and/or modify it under the terms of * the GNU General Public License as published by the Free Software Foundation, * either version 3 of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef Allocator_H #define Allocator_H #include "util/Identity.h" #include "util/Gcc.h" #include "util/Linker.h" Linker_require("memory/Allocator.c") #include /** * A handle which is provided in response to calls to Allocator_onFree(). * This handle is sutable for use with Allocator_notOnFree() to cancel a job. */ struct Allocator_OnFreeJob; typedef void (* Allocator_OnFreeCallback)(struct Allocator_OnFreeJob* job); struct Allocator_OnFreeJob { /** Set by caller. */ Allocator_OnFreeCallback callback; void* userData; Identity }; /** * Allocator for structured memory management. * The objective of the allocator structure is to make manual memory management easier, specifically * to make making a mistake difficult. * * Every function which allocates memory, either to return a structure or to do processing which * cannot be done on the stack takes an allocator as a parameter. * * In traditional C, each call to malloc() must be traced to a corresponding free() call, a * laborious process which can be partially automated but inevitably leaves some memory leak * investigative work to the developer. Allocator attempts to move the memory freeing operations * close to the memory allocations, thus making bugs easy to spot without searching over large * amounts of code. * * With Allocator, you might do the following: * * struct Allocator* child = Allocator_child(myAlloc); <-- myAlloc is the one provided to you * potentiallyLeakyFunction(child); * Allocator_free(child); * * Given this simple pattern, as long as potentiallyLeakyFunction() did not bypass the allocator * system using malloc() directly, we can prove that it is not the source of a memory leak. * As the real code is far more complex than this contrived example, there are a few rules which * have proven useful in preventing both memory leaks and dangling pointers. * * #1 Do not create new root allocators, create child allocators instead. * When you call Allocator_new() or equivalent, you are creating a parentless allocator and * you must take responsibility for its freeing when you are finished with it. In cjdns there is * only one call to a main allocator and all other allocators are spawned from it using * Allocator_child(). * Exception: In certain code which interfaces with libuv, an alternate root allocator is necessary * because libuv teardown process is asynchronous, and memory used by libuv must not be freed * until this is complete. * * #2 Free your allocators and not anyone else's. * With precious few exceptions, an allocator is always freed in the same .c file where it was * created. It is obviously rude to destroy something of someone else's just as it is rude to leave * things lying around expecting someone else to clean up after you. Sometimes you want to "take * ownership" of some memory which somebody else allocated and they are passing to you. Rather * than slowly allocate your own memory and copy the data over, you can use Allocator_adopt() to * hold that memory in existence until you and the creator both are finished with it. * * #3 Assume that any allocator may be freed at any time. * A typical example is the ping message. When a ping is sent, a structure is allocated to hold * information about the ping so that when the response comes back it will be recognized. That * structure is inserted into a table of outstanding pings. If that allocator were freed while the * ping was outstanding, the response would come back and the table lookup would access freed * memory. To prevent this, every place where temporary memory is placed into a more permanent * structure (the table), Allocator_onFree() is used to hook the freeing of that memory and add a * function to remove the entry from the table. * Cjdns is notably lacking in "deregister" or "cancel" type functions as the accepted method of * deregistering a peer or cancelling an operation is by freeing the associated allocator, both * simplifying the code and avoiding bug prone "cold" codepaths. * * The function pointers in the allocator structure are best called through the associated macros. */ typedef struct Allocator Allocator_t; struct Allocator_Allocation { uintptr_t size; }; #define Allocator_Allocation_SIZE __SIZEOF_POINTER__ /** * Allocate some memory from this memory allocator. * The allocation will be aligned on the size of a pointer, if you need further alignment then * you must handle it manually. * * @param alloc the memory allocator. * @param size the number of bytes to allocate. * @return a pointer to the newly allocated memory. * @see malloc() */ Gcc_ALLOC_SIZE(2) void* Allocator__malloc(struct Allocator* allocator, unsigned long length, const char* fileName, int lineNum); #define Allocator_malloc(a, b) Allocator__malloc((a),(b),Gcc_SHORT_FILE,Gcc_LINE) /** * Allocate some memory from this memory allocator. * The allocation will be aligned on the size of a pointer, if you need further alignment then * you must handle it manually. * Memory location will be filled with 0 bytes. * * @param alloc the memory allocator. * @param size the number of bytes per element. * @param count the number of elements in the allocation. * @return a pointer to the newly allocated memory. * @see calloc() */ Gcc_ALLOC_SIZE(2,3) void* Allocator__calloc(struct Allocator* alloc, unsigned long length, unsigned long count, const char* fileName, int lineNum); #define Allocator_calloc(a, b, c) Allocator__calloc((a),(b),(c),Gcc_SHORT_FILE,Gcc_LINE) /** * Re-allocate memory so that an allocation can be expanded. * The allocation will be aligned on the size of a pointer, if you need further alignment then * you must handle it manually. * Caution: Use of this function is not advisable with memory which is shared with other parts * of the system. * * @param alloc the allocator to allocate with, must be the same allocator which allocated orig. * @param orig a pointer to the original memory allocation which is to be reallocated. * if NULL, this function will behave exactly as Allocator_malloc(). * @param size how much memory to allocate. If 0, this function will free the specific memory * without freeing the entire allocator. * @return a pointer to the newly allocated memory. */ Gcc_ALLOC_SIZE(3) void* Allocator__realloc(struct Allocator* allocator, const void* original, unsigned long size, const char* fileName, int lineNum); #define Allocator_realloc(a, b, c) Allocator__realloc((a),(b),(c),Gcc_SHORT_FILE,Gcc_LINE) /** * Allocate some memory and copy something into that memory space. * The allocation will be aligned on the size of a pointer, if you need further alignment then * you must handle it manually. * Caution: if content is an expression, it will be evaluated twice. * * @param alloc the memory allocator. * @param content a pointer to something which will be cloned into the newly allocated memory. * the size of the new allocation will be sizeof(*content). * @return a pointer to the newly allocated memory. */ Gcc_ALLOC_SIZE(3) void* Allocator__clone(struct Allocator* allocator, const void* toClone, unsigned long length, const char* fileName, int lineNum); #define Allocator_clone(a, b) Allocator__clone((a),(b),sizeof(*(b)),Gcc_SHORT_FILE,Gcc_LINE) /** * Spawn a new child of this allocator. * When this allocator is freed all of its children which have no surviving parent will also be * freed. * * @param alloc the memory allocator. * @return a child allocator. */ struct Allocator* Allocator__child(struct Allocator* alloc, const char* fileName, int lineNum); #define Allocator_child(a) Allocator__child((a),Gcc_SHORT_FILE,Gcc_LINE) /** * Sever the link between an allocator and it's original parent. * If it has been adopted using Allocator_adopt() then the freeing of the allocator will be deferred * until the allocator returned by Allocator_adopt() has also been freed. * Any allocator which has no surviving parent allocator will be implicitly freed. * NOTE: This does not do what it seems to do, it does not necessarily *free* the allocator, it * only promises to cut the link to the allocator's normal parent, if the allocator has been * adopter then the adopted parent becomes the normal parent and then the allocator is not * freed even though you asked to free it! * * @param alloc the allocator to disconnect from it's parent. */ void Allocator__free(struct Allocator* alloc, const char* file, int line); #define Allocator_free(a) Allocator__free((a),Gcc_SHORT_FILE,Gcc_LINE) int Allocator_isFreeing(Allocator_t* alloc); /** * Add a function to be called when the allocator is freed. * There is no guarantee of which order the onFree jobs will be executed. * * @param alloc the memory allocator. * @param callback the function to call. * @return an Allocator_OnFreeJob which can be cancelled with Allocator_cancelOnFree(). */ struct Allocator_OnFreeJob* Allocator__onFree(struct Allocator* alloc, Allocator_OnFreeCallback callback, void* context, const char* file, int line); #define Allocator_onFree(a, b, c) Allocator__onFree((a), (b), (c), Gcc_SHORT_FILE, Gcc_LINE) /** * Remove a function which was registered with Allocator_onFree(). * * @param job the return value from calling Allocator_onFree(). * @return 0 if the job was found and removed, -1 otherwise. */ int Allocator_cancelOnFree(struct Allocator_OnFreeJob* toRemove); /** * Adopt an allocator. * This creates a child of parentAlloc which is an adopted parent of toAdopt. * When Allocator_free() is called on toAdopt or one of it's parents, it will not be freed until * Allocator_free() has also been called on the allocator newly returned by this function. * This function may be used multiple times. * * Caution: Do not free an allocator which you did not create, even after adopting it. * * Allocator_adopt(myAlloc, somebodyElsesAllocator); * asynchronousStuff(); * .... some time later... * Allocator_free(somebodyElsesAllocator); <-- WRONG: you freed an allocator that is not yours. * * * struct Allocator* adoptedParent = Allocator_child(myAlloc); * Allocator_adopt(adoptedParent, somebodyElsesAllocator); * asynchronousStuff(); * .... some time later... * Allocator_free(adoptedParent); <-- RIGHT * * * @param parentAlloc the allocator to create a child of. * @param toAdopt the allocator which should be adopted by the returned child allocator. */ void Allocator__adopt(struct Allocator* parentAlloc, struct Allocator* alloc, const char* fileName, int lineNum); #define Allocator_adopt(a, b) Allocator__adopt((a),(b),Gcc_SHORT_FILE,Gcc_LINE) /** * Set the heap protection canary for the next child allocator. * If heap protection canaries are enabled, they will be added at the beginning and end * of each memory allocation and checked during free and other operations. If one is corrupted * the program will be aborted to protect against security attacks and other faults. * By default the canaries are statically set but this allows the value to be changed so that * the value of the canaries is unpredictable in order to foil targetted attacks. */ void Allocator_setCanary(struct Allocator* alloc, uintptr_t value); /** * Get the number of bytes allocated by this allocator and all of it's children. */ unsigned long Allocator_bytesAllocated(struct Allocator* allocator); /** * Dump a memory snapshot to stderr. * * @param alloc any allocator in the tree, the whole tree will be dumped. * @param includeAllocations if non-zero then the individual memory allocations will be printed. */ void Allocator_snapshot(struct Allocator* alloc, int includeAllocations); struct Allocator* Allocator__new(unsigned long sizeLimit, const char* fileName, int lineNum); #define Allocator_new(x) Allocator__new(x,Gcc_SHORT_FILE,Gcc_LINE) #endif