diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /mfbt/AllocPolicy.h | |
parent | Initial commit. (diff) | |
download | firefox-esr-upstream.tar.xz firefox-esr-upstream.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | mfbt/AllocPolicy.h | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/mfbt/AllocPolicy.h b/mfbt/AllocPolicy.h new file mode 100644 index 0000000000..e5c62bcd64 --- /dev/null +++ b/mfbt/AllocPolicy.h @@ -0,0 +1,175 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * An allocation policy concept, usable for structures and algorithms to + * control how memory is allocated and how failures are handled. + */ + +#ifndef mozilla_AllocPolicy_h +#define mozilla_AllocPolicy_h + +#include "mozilla/Attributes.h" +#include "mozilla/Assertions.h" +#include "mozilla/TemplateLib.h" + +#include <stddef.h> +#include <stdlib.h> + +namespace mozilla { + +/* + * Allocation policies are used to implement the standard allocation behaviors + * in a customizable way. Additionally, custom behaviors may be added to these + * behaviors, such as additionally reporting an error through an out-of-band + * mechanism when OOM occurs. The concept modeled here is as follows: + * + * - public copy constructor, assignment, destructor + * - template <typename T> T* maybe_pod_malloc(size_t) + * Fallible, but doesn't report an error on OOM. + * - template <typename T> T* maybe_pod_calloc(size_t) + * Fallible, but doesn't report an error on OOM. + * - template <typename T> T* maybe_pod_realloc(T*, size_t, size_t) + * Fallible, but doesn't report an error on OOM. The old allocation + * size is passed in, in addition to the new allocation size requested. + * - template <typename T> T* pod_malloc(size_t) + * Responsible for OOM reporting when null is returned. + * - template <typename T> T* pod_calloc(size_t) + * Responsible for OOM reporting when null is returned. + * - template <typename T> T* pod_realloc(T*, size_t, size_t) + * Responsible for OOM reporting when null is returned. The old allocation + * size is passed in, in addition to the new allocation size requested. + * - template <typename T> void free_(T*, size_t) + * The capacity passed in must match the old allocation size. + * - template <typename T> void free_(T*) + * Frees a buffer without knowing its allocated size. This might not be + * implemented by allocation policies that need the allocation size. + * - void reportAllocOverflow() const + * Called on allocation overflow (that is, an allocation implicitly tried + * to allocate more than the available memory space -- think allocating an + * array of large-size objects, where N * size overflows) before null is + * returned. + * - bool checkSimulatedOOM() const + * Some clients generally allocate memory yet in some circumstances won't + * need to do so. For example, appending to a vector with a small amount of + * inline storage generally allocates memory, but no allocation occurs + * unless appending exceeds inline storage. But for testing purposes, it + * can be useful to treat *every* operation as allocating. + * Clients (such as this hypothetical append method implementation) should + * call this method in situations that don't allocate, but could generally, + * to support this. The default behavior should return true; more + * complicated behavior might be to return false only after a certain + * number of allocations-or-check-simulated-OOMs (coordinating with the + * other AllocPolicy methods) have occurred. + * + * mfbt provides (and typically uses by default) only MallocAllocPolicy, which + * does nothing more than delegate to the malloc/alloc/free functions. + */ + +/* + * A policy that straightforwardly uses malloc/calloc/realloc/free and adds no + * extra behaviors. + */ +class MallocAllocPolicy { + public: + template <typename T> + T* maybe_pod_malloc(size_t aNumElems) { + if (aNumElems & mozilla::tl::MulOverflowMask<sizeof(T)>::value) { + return nullptr; + } + return static_cast<T*>(malloc(aNumElems * sizeof(T))); + } + + template <typename T> + T* maybe_pod_calloc(size_t aNumElems) { + return static_cast<T*>(calloc(aNumElems, sizeof(T))); + } + + template <typename T> + T* maybe_pod_realloc(T* aPtr, size_t aOldSize, size_t aNewSize) { + if (aNewSize & mozilla::tl::MulOverflowMask<sizeof(T)>::value) { + return nullptr; + } + return static_cast<T*>(realloc(aPtr, aNewSize * sizeof(T))); + } + + template <typename T> + T* pod_malloc(size_t aNumElems) { + return maybe_pod_malloc<T>(aNumElems); + } + + template <typename T> + T* pod_calloc(size_t aNumElems) { + return maybe_pod_calloc<T>(aNumElems); + } + + template <typename T> + T* pod_realloc(T* aPtr, size_t aOldSize, size_t aNewSize) { + return maybe_pod_realloc<T>(aPtr, aOldSize, aNewSize); + } + + template <typename T> + void free_(T* aPtr, size_t aNumElems = 0) { + free(aPtr); + } + + void reportAllocOverflow() const {} + + [[nodiscard]] bool checkSimulatedOOM() const { return true; } +}; + +/* + * A policy which always fails to allocate memory, returning nullptr. Methods + * which expect an existing allocation assert. + * + * This type should be used in situations where you want to use a MFBT type with + * inline storage, and don't want to allow it to allocate on the heap. + */ +class NeverAllocPolicy { + public: + template <typename T> + T* maybe_pod_malloc(size_t aNumElems) { + return nullptr; + } + + template <typename T> + T* maybe_pod_calloc(size_t aNumElems) { + return nullptr; + } + + template <typename T> + T* maybe_pod_realloc(T* aPtr, size_t aOldSize, size_t aNewSize) { + MOZ_CRASH("NeverAllocPolicy::maybe_pod_realloc"); + } + + template <typename T> + T* pod_malloc(size_t aNumElems) { + return nullptr; + } + + template <typename T> + T* pod_calloc(size_t aNumElems) { + return nullptr; + } + + template <typename T> + T* pod_realloc(T* aPtr, size_t aOldSize, size_t aNewSize) { + MOZ_CRASH("NeverAllocPolicy::pod_realloc"); + } + + template <typename T> + void free_(T* aPtr, size_t aNumElems = 0) { + MOZ_CRASH("NeverAllocPolicy::free_"); + } + + void reportAllocOverflow() const {} + + [[nodiscard]] bool checkSimulatedOOM() const { return true; } +}; + +} // namespace mozilla + +#endif /* mozilla_AllocPolicy_h */ |