From 032310a69161066be953842f2dc69efae2f745a1 Mon Sep 17 00:00:00 2001 From: David Lutterkort Date: Sat, 21 Feb 2009 11:08:37 +0100 Subject: New module 'safe-alloc'. --- doc/safe-alloc.texi | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 doc/safe-alloc.texi (limited to 'doc/safe-alloc.texi') diff --git a/doc/safe-alloc.texi b/doc/safe-alloc.texi new file mode 100644 index 0000000000..bd398907ee --- /dev/null +++ b/doc/safe-alloc.texi @@ -0,0 +1,83 @@ +@node Safe Allocation Macros +@section Safe Allocation Macros + +The standard C library malloc/realloc/calloc/free APIs are prone to a +number of common coding errors. The @code{safe-alloc} module provides +macros that make it easier to avoid many of them. It still uses the +standard C allocation functions behind the scenes. + +Some of the memory allocation mistakes that are commonly made are + +@itemize @bullet +@item +passing the incorrect number of bytes to @code{malloc}, especially +when allocationg an array +@item +fail to check the return value of @code{malloc} and @code{realloc} for +errors +@item +forget to fully initialize memory just allocated with @code{malloc} +@item +duplicate calls to @code{free} by forgetting to set the pointer +variable to @code{NULL} +@item +leaking memory in calls to @code{realloc} when that call fails +@end itemize + +The @code{safe-alloc} module addresses these problems in the following way: + +@itemize @bullet +@item +Define macros that wrap around the standard C allocation +functions. That makes it possible to use the compiler's knowledge of +the size of objects for allocation; it also allows setting pointers +passed in as arguments when appropriate +@item +Use return values only for a success/fail error condition flag, +and annotate them with GCC's @code{__warn_unused_result__} +@item +Use @code{calloc} in favor of @code{malloc} +@end itemize + +@defmac {int} ALLOC (ptr) +@findex ALLOC +Allocate @code{sizeof(*ptr)} bytes of memory and store the address of +allocated memory in @code{ptr}. Fill the newly allocated memory with +zeros. + +Returns -1 on failure, 0 on success. +@end defmac + +@defmac {int} ALLOC_N(ptr, count) +@findex ALLOC_N +Allocate an array of @code{count} elements, each @code{sizeof(*ptr)} +bytes long and store the address of allocated memory in +@code{ptr}. Fill the newly allocated memory with zeros. + +Returns -1 on failure, 0 on success. +@end defmac + +@defmac {int} ALLOC_N_UNINITIALIZED(ptr, count) +@findex ALLOC_N_UNINITIALIZED +Allocate an array of @code{count} elements, each @code{sizeof(*ptr)} +bytes long and store the address of allocated memory in +@code{ptr}. The allocated memory is not initialized. + +Returns -1 on failure, 0 on success. +@end defmac + +@defmac {int} REALLOC_N(ptr, count) +@findex REALLOC_N +Reallocate the memory pointedto by @code{ptr} to be big enough to hold +at least @code{count} elements, each @code{sizeof(*ptr)} bytes long +and store the address of allocated memory in @code{ptr}. If +reallocation fails, the @code{ptr} is not modified. + +Returns -1 on failure, 0 on success. +@end defmac + +@defmac {void} FREE(ptr) +@findex FREE +Free the memory stored in @code{ptr} and set @code{ptr} to +@code{NULL}. +@end defmac -- cgit v1.2.1