From 22d37d84a7ab0bb4208cdc8828541a30ef0821e2 Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Sun, 30 Aug 2015 17:36:09 +0200 Subject: add memory allocation functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- include/slibc-alloc.h | 54 +++++++++++++++++- include/stddef.h | 4 +- include/stdlib.h | 135 +++++++++++++++++++++++++++++++++++++++++++++ src/slibc-alloc.c | 149 ++++++++++++++++++++++++++++++++++++++++++++++++-- src/stdlib/malloc.c | 134 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 466 insertions(+), 10 deletions(-) create mode 100644 include/stdlib.h create mode 100644 src/stdlib/malloc.c diff --git a/include/slibc-alloc.h b/include/slibc-alloc.h index 0308482..b230f16 100644 --- a/include/slibc-alloc.h +++ b/include/slibc-alloc.h @@ -54,9 +54,12 @@ void secure_free(void*); * @throws EINVAL If `segment` is `NULL`. * @throws EFAULT If `segment` is not a pointer to an allocation * on the heap, or was not allocated with a function - * implemented in slibc. + * implemented in slibc. It is however not guaranteed + * that this will happen, undefined behaviour may be + * invoked instead. */ -size_t allocsize(void*); /* TODO not implemented */ +size_t allocsize(void*) + __GCC_ONLY(__attribute__((warn_unused_result))); /** * Variant of `realloc` that overrides newly allocated space @@ -67,8 +70,53 @@ size_t allocsize(void*); /* TODO not implemented */ * @param ptr The old allocation, see `realloc` for more details. * @param size The new allocation size, see `realloc` for more details. * @return The new allocation, see `realloc` for more details. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* crealloc(void*, size_t) + __GCC_ONLY(__attribute__((warn_unused_result))); + +/** + * This function behaves exactly like `realloc`, except it is + * guaranteed to never initialise or errors data. + * + * @param ptr The old allocation, see `realloc` for more details. + * @param size The new allocation size, see `realloc` for more details. + * @return The new allocation, see `realloc` for more details. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* fast_realloc(void*, size_t) + __GCC_ONLY(__attribute__((warn_unused_result))); + +/** + * This function behaves exactly like `crealloc`, except it + * does not initialise newly allocated size. + * + * @param ptr The old allocation, see `realloc` for more details. + * @param size The new allocation size, see `realloc` for more details. + * @return The new allocation, see `realloc` for more details. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* secure_realloc(void*, size_t) + __GCC_ONLY(__attribute__((warn_unused_result))); + +/** + * This function behaves exactly like `fast_realloc`, except: + * - Its haviour is undefined if `ptr` is `NULL`. + * - Its haviour is undefined `size` equals the old allocation size. + * - Its haviour is undefined if `size` is zero. + * - It will never free `ptr`. + * + * @param ptr The old allocation, see `realloc` for more details. + * @param size The new allocation size, see `realloc` for more details. + * @return The new allocation, see `realloc` for more details. + * + * @throws ENOMEM The process cannot allocate more memory. */ -void* crealloc(void*, size_t); /* TODO not implemented */ +void* naive_realloc(void*, size_t) /* sic! we limit ourself to ASCII */ + __GCC_ONLY(__attribute__((nonnull, warn_unused_result))); /** diff --git a/include/stddef.h b/include/stddef.h index e3b98e5..275e53c 100644 --- a/include/stddef.h +++ b/include/stddef.h @@ -29,7 +29,9 @@ * way), use to indicate that a pointer does not point * to anything. */ -#define NULL ((void*)0) +#ifndef NULL +# define NULL ((void*)0) +#define /** diff --git a/include/stdlib.h b/include/stdlib.h new file mode 100644 index 0000000..0b88fd2 --- /dev/null +++ b/include/stdlib.h @@ -0,0 +1,135 @@ +/** + * slibc — Yet another C library + * Copyright © 2015 Mattias Andrée (maandree@member.fsf.org) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +#ifndef _STDLIB_H +#define _STDLIB_H +#include + + +#include + + + +#define __NEED_size_t +#define __NEED_wchar_t +#define __NEED_div_t /* TODO not defined */ +#define __NEED_ldiv_t /* TODO not defined */ +#define __NEED_lldiv_t /* TODO not defined */ + +#include + + +/** + * `NULL`'s canonical header is + */ +#ifndef NULL +# define NULL ((void*)0) +#define + + + +/** + * Create a new memory allocation on the heap. + * The allocation will not be initialised. + * + * @param size The size of the allocation. + * @return Pointer to the beginning of the new allocation. + * If `size` is zero, this function will either return + * `NULL` (that is what this implement does) or return + * a unique pointer that can later be freed with `free`. + * `NULL` is returned on error, and `errno` is set to + * indicate the error. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* malloc(size_t) + __GCC_ONLY(__attribute__((malloc, warn_unused_result))); + +/** + * Variant of `malloc` that clears the allocation with zeroes. + * + * `p = calloc(n, m)` is equivalent to + * `(p = malloc(n * m), p ? (explicit_bzero(p, n * m), p) : NULL)` + * + * @param elem_count The number of elements to allocate. + * @param elem_size The size of each element. + * @return Pointer to the beginning of the new allocation. + * If `elem_count` or `elem_size` is zero, this function + * will either return `NULL` (that is what this implement + * does) or return a unique pointer that can later be + * freed with `free`. `NULL` is returned on error, and + * `errno` is set to indicate the error. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* calloc(size_t, size_t) + __GCC_ONLY(__attribute__((malloc, warn_unused_result))); + +/** + * Variant of `malloc` that extends, or shrinks, an existing allocation, + * if beneficial and possible, or creates a new allocation with the new + * size, copies the data, and frees the old allocation. + * + * On error, `ptr` is not freed. + * + * @param ptr Pointer to the beginning of the old memory allocation. + * The process may crash if it does not point to the + * beginning of a memory allocation on the heap. + * However, if it is `NULL`, this function will behave + * like `malloc`. + * @param size The new allocation size. If zero, this function will + * behave like `free`, and will return `NULL`. + * @return Pointer to the beginning of the new allocation. + * If `size` is zero, `NULL` is returned. On error `NULL` + * is returned and `errno` is set to indicate the error. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* realloc(void*, size_t) + __GCC_ONLY(__attribute__((warn_unused_result))) + __slibc_warning("Use 'fast_realloc', 'secure_realloc' or 'crealloc' instead."); + +/** + * Free a memory allocation. + * + * @param ptr Pointer to the beginning of the memory allocation. + * The process may crash if it does not point to the + * beginning of a memory allocation on the heap. + * However, if it is `NULL`, nothing will happen. + */ +void free(void*) __slibc_warning("Use 'fast_free' or 'secure_free' instead."); + +/** + * This function is identical to `free`. + * Any argument beyond the first argument, is ignored. + * + * This function uses variadic arguments because there + * there are multiple conflicting specifications for `cfree`. + * + * @param ptr Pointer to the beginning of the memory allocation. + * The process may crash if it does not point to the + * beginning of a memory allocation on the heap. + * However, if it is `NULL`, nothing will happen. + */ +#ifndef _PORTABLE_SOURCE +void cfree(void*, ...) __deprecated("'cfree' is deprecated and not portable, use 'free' instead."); +#endif + + + +#endif + diff --git a/src/slibc-alloc.c b/src/slibc-alloc.c index a29b188..0cbf623 100644 --- a/src/slibc-alloc.c +++ b/src/slibc-alloc.c @@ -18,6 +18,13 @@ #include #include #include +#include +#include + + + +#define PURE_ALLOC(p) (((char*)(p)) - sizeof(size_t)) +#define PURE_SIZE(z) ((z) + sizeof(size_t)) @@ -29,7 +36,9 @@ */ void fast_free(void* segment) { - free(segment); + if (segument == NULL) + return; + munmap(PURE_ALLOC(segment), PURE_SIZE(*(size_t*)segment)); } @@ -41,10 +50,138 @@ void fast_free(void* segment) */ void secure_free(void* segment) { - if (segment) - { - explicit_bzero(segment, allocsize(segment)); - free(segment); - } + if (segument == NULL) + return; + explicit_bzero(PURE_ALLOC(segment), PURE_SIZE(allocsize(segment))); + fast_free(segment); +} + + +/** + * This function returns the allocation size of + * a memory segment. + * + * `p = malloc(n), allocsize(p)` will return `n`. + * + * @param segment The memory segment. + * @return The size of the memory segment, 0 on error. + * + * @throws EINVAL If `segment` is `NULL`. + * @throws EFAULT If `segment` is not a pointer to an allocation + * on the heap, or was not allocated with a function + * implemented in slibc. It is however not guaranteed + * that this will happen, undefined behaviour may be + * invoked instead. + */ +size_t allocsize(void* segment) +{ + if (segment == NULL) + return errno = EINVAL, 0; + return *(size_t*)PURE_ALLOC(segment); +} + + +/** + * Common code for realloc-functions, apart from `naive_realloc`. + */ +#define REALLOC(ptr, size, CLEAR_OLD, CLEAR_NEW, CLEAR_FREE) \ + size_t old_size; \ + void* new_ptr; \ + \ + if (size == 0) \ + return secure_free(ptr), NULL; \ + \ + if (ptr == NULL) \ + return CLEAR_NEW ? malloc(size) : calloc(1, size); \ + \ + old_size = allocsize(ptr); \ + if (old_size == size) \ + return ptr; \ + \ + if (CLEAR_OLD ? (old_size > size) : 0) \ + explicit_bzero(((char*)ptr) + size, old_size - size); \ + \ + new_ptr = naive_realloc(ptr); \ + if (new_ptr != ptr) \ + { \ + if (CLEAR_FREE) \ + explicit_bzero(PURE_ALLOC(ptr), PURE_SIZE(old_size)); \ + fast_free(new_ptr); \ + } \ + \ + if (CLEAR_NEW ? (old_size < size) : 0) \ + explicit_bzero(((char*)new_ptr) + old, size - old_size); \ + \ + return new_ptr + + +/** + * Variant of `realloc` that overrides newly allocated space + * with zeroes. Additionally, it will override any freed space + * with zeroes, including the old allocation if it creates a + * new allocation. + * + * @param ptr The old allocation, see `realloc` for more details. + * @param size The new allocation size, see `realloc` for more details. + * @return The new allocation, see `realloc` for more details. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* crealloc(void* ptr, size_t size) +{ + REALLOC(ptr, size, 1, 1, 1); +} + + +/** + * This function behaves exactly like `realloc`, except it is + * guaranteed to never initialise or errors data. + * + * @param ptr The old allocation, see `realloc` for more details. + * @param size The new allocation size, see `realloc` for more details. + * @return The new allocation, see `realloc` for more details. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* fast_realloc(void* ptr, size_t size) +{ + REALLOC(ptr, size, 0, 0, 0); +} + + +/** + * This function behaves exactly like `crealloc`, except it + * does not initialise newly allocated size. + * + * @param ptr The old allocation, see `realloc` for more details. + * @param size The new allocation size, see `realloc` for more details. + * @return The new allocation, see `realloc` for more details. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* secure_realloc(void* ptr, size_t size) +{ + REALLOC(ptr, size, 1, 0, 1); +} + + +/** + * This function behaves exactly like `fast_realloc`, except: + * - Its haviour is undefined if `ptr` is `NULL`. + * - Its haviour is undefined `size` equals the old allocation size. + * - Its haviour is undefined if `size` is zero. + * - It will never free `ptr`. + * + * @param ptr The old allocation, see `realloc` for more details. + * @param size The new allocation size, see `realloc` for more details. + * @return The new allocation, see `realloc` for more details. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* naive_realloc(void* ptr, size_t size) +{ + /* TODO improve implementation of naive_realloc */ + return malloc(size); + (void) ptr; } diff --git a/src/stdlib/malloc.c b/src/stdlib/malloc.c new file mode 100644 index 0000000..82a6f54 --- /dev/null +++ b/src/stdlib/malloc.c @@ -0,0 +1,134 @@ +/** + * slibc — Yet another C library + * Copyright © 2015 Mattias Andrée (maandree@member.fsf.org) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +#include +#include +#include +#include + + + +/** + * Create a new memory allocation on the heap. + * The allocation will not be initialised. + * + * @param size The size of the allocation. + * @return Pointer to the beginning of the new allocation. + * If `size` is zero, this function will either return + * `NULL` (that is what this implement does) or return + * a unique pointer that can later be freed with `free`. + * `NULL` is returned on error, and `errno` is set to + * indicate the error. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* malloc(size_t size) +{ + /* TODO implement implementation of malloc */ + char* ptr; + if (size == 0) + return NULL; + ptr = mmap(NULL, sizeof(size_t) + size, (PROT_READ | PROT_WRITE), + (MAP_PRIVATE | MAP_ANONYMOUS), -1, 0); + *(size_t*)ptr = size; + return ptr + sizeof(size_t); +} + + +/** + * Variant of `malloc` that clears the allocation with zeroes. + * + * `p = calloc(n, m)` is equivalent to + * `(p = malloc(n * m), p ? (explicit_bzero(p, n * m), p) : NULL)` + * + * @param elem_count The number of elements to allocate. + * @param elem_size The size of each element. + * @return Pointer to the beginning of the new allocation. + * If `elem_count` or `elem_size` is zero, this function + * will either return `NULL` (that is what this implement + * does) or return a unique pointer that can later be + * freed with `free`. `NULL` is returned on error, and + * `errno` is set to indicate the error. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* calloc(size_t elem_count, size_t elem_size) +{ + void* ptr = malloc(elem_count * elem_size); + if (ptr != NULL) + explicit_bzero(ptr, elem_count * elem_size); + return ptr; +} + + +/** + * Variant of `malloc` that extends, or shrinks, an existing allocation, + * if beneficial and possible, or creates a new allocation with the new + * size, copies the data, and frees the old allocation. + * + * On error, `ptr` is not freed. + * + * @param ptr Pointer to the beginning of the old memory allocation. + * The process may crash if it does not point to the + * beginning of a memory allocation on the heap. + * However, if it is `NULL`, this function will behave + * like `malloc`. + * @param size The new allocation size. If zero, this function will + * behave like `free`, and will return `NULL`. + * @return Pointer to the beginning of the new allocation. + * If `size` is zero, `NULL` is returned. On error `NULL` + * is returned and `errno` is set to indicate the error. + * + * @throws ENOMEM The process cannot allocate more memory. + */ +void* realloc(void* ptr, size_t size) +{ + return fast_realloc(ptr, size); +} + + +/** + * Free a memory allocation. + * + * @param ptr Pointer to the beginning of the memory allocation. + * The process may crash if it does not point to the + * beginning of a memory allocation on the heap. + * However, if it is `NULL`, nothing will happen. + */ +void free(void* ptr) +{ + fast_free(ptr); +} + + +/** + * This function is identical to `free`. + * Any argument beyond the first argument, is ignored. + * + * This function uses variadic arguments because there + * there are multiple conflicting specifications for `cfree`. + * + * @param ptr Pointer to the beginning of the memory allocation. + * The process may crash if it does not point to the + * beginning of a memory allocation on the heap. + * However, if it is `NULL`, nothing will happen. + */ +void cfree(void* ptr, ...) +{ + fast_free(ptr); +} + -- cgit v1.2.3-70-g09d2