Jim Meyering wrote:
> ---------------------------------------------
> While looking through gcc's documentation (latest upstream),
> I noticed this, which can be put to good use in xalloc.h:
>
> @item alloc_size
> @cindex @code{alloc_size} attribute
> The @code{alloc_size} attribute is used to tell the compiler that the
> function return value points to memory, where the size is given by
> one or two of the functions parameters. GCC uses this
> information to improve the correctness of @code{__builtin_object_size}.
Here is a proposed patch:
2010-10-17 Bruno Haible <br...@clisp.org>
Make use of GCC's attribute __alloc_size__.
* lib/xalloc.h (ATTRIBUTE_ALLOC_SIZE): New macro.
(xmalloc, xzalloc, xcalloc, xrealloc, xmemdup, xnmalloc, xnrealloc,
xcharalloc): Declare with ATTRIBUTE_ALLOC_SIZE.
* lib/eealloc.h (eemalloc, eerealloc): Declare with attribute
__alloc_size__.
* lib/pagealign_alloc.h (pagealign_alloc, pagealign_xalloc): Likewise.
Suggested by Jim Meyering.
--- lib/eealloc.h.orig Sun Oct 17 15:33:30 2010
+++ lib/eealloc.h Sun Oct 17 15:33:29 2010
@@ -1,5 +1,5 @@
/* Memory allocation with expensive empty allocations.
- Copyright (C) 2003, 2008, 2009, 2010 Free Software Foundation, Inc.
+ Copyright (C) 2003, 2008, 2010 Free Software Foundation, Inc.
Written by Bruno Haible <br...@clisp.org>, 2003,
based on prior work by Jim Meyering.
@@ -35,7 +35,12 @@
# define eemalloc malloc
#else
# if __GNUC__ >= 3
-static inline void *eemalloc (size_t n) __attribute__ ((__malloc__));
+static inline void *eemalloc (size_t n)
+ __attribute__ ((__malloc__))
+# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)
+ __attribute__ ((__alloc_size__ (1)))
+# endif
+ ;
# endif
static inline void *
eemalloc (size_t n)
@@ -50,6 +55,10 @@
#if REALLOC_0_IS_NONNULL
# define eerealloc realloc
#else
+# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)
+static inline void *eerealloc (void *p, size_t n)
+ __attribute__ ((__alloc_size__ (2)));
+# endif
static inline void *
eerealloc (void *p, size_t n)
{
--- lib/pagealign_alloc.h.orig Sun Oct 17 15:33:30 2010
+++ lib/pagealign_alloc.h Sun Oct 17 15:27:53 2010
@@ -1,6 +1,6 @@
/* Memory allocation aligned to system page boundaries.
- Copyright (C) 2005, 2008, 2009, 2010 Free Software Foundation, Inc.
+ Copyright (C) 2005, 2008, 2010 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -29,6 +29,9 @@
extern void *pagealign_alloc (size_t size)
# if __GNUC__ >= 3
__attribute__ ((__malloc__))
+# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)
+ __attribute__ ((__alloc_size__ (1)))
+# endif
# endif
;
@@ -37,6 +40,9 @@
extern void *pagealign_xalloc (size_t size)
# if __GNUC__ >= 3
__attribute__ ((__malloc__))
+# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)
+ __attribute__ ((__alloc_size__ (1)))
+# endif
# endif
;
--- lib/xalloc.h.orig Sun Oct 17 15:33:30 2010
+++ lib/xalloc.h Sun Oct 17 15:32:00 2010
@@ -46,6 +46,14 @@
# endif
# endif
+# ifndef ATTRIBUTE_ALLOC_SIZE
+# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)
+# define ATTRIBUTE_ALLOC_SIZE(args) __attribute__ ((__alloc_size__ args))
+# else
+# define ATTRIBUTE_ALLOC_SIZE(args)
+# endif
+# endif
+
/* This function is always triggered when memory is exhausted.
It must be defined by the application, either explicitly
or by using gnulib's xalloc-die module. This is the
@@ -53,13 +61,19 @@
memory allocation failure. */
extern void xalloc_die (void) ATTRIBUTE_NORETURN;
-void *xmalloc (size_t s) ATTRIBUTE_MALLOC;
-void *xzalloc (size_t s) ATTRIBUTE_MALLOC;
-void *xcalloc (size_t n, size_t s) ATTRIBUTE_MALLOC;
-void *xrealloc (void *p, size_t s);
+void *xmalloc (size_t s)
+ ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE ((1));
+void *xzalloc (size_t s)
+ ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE ((1));
+void *xcalloc (size_t n, size_t s)
+ ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE ((1, 2));
+void *xrealloc (void *p, size_t s)
+ ATTRIBUTE_ALLOC_SIZE ((2));
void *x2realloc (void *p, size_t *pn);
-void *xmemdup (void const *p, size_t s) ATTRIBUTE_MALLOC;
-char *xstrdup (char const *str) ATTRIBUTE_MALLOC;
+void *xmemdup (void const *p, size_t s)
+ ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE ((2));
+char *xstrdup (char const *str)
+ ATTRIBUTE_MALLOC;
/* Return 1 if an array of N objects, each of size S, cannot exist due
to size arithmetic overflow. S must be positive and N must be
@@ -106,10 +120,13 @@
# if HAVE_INLINE
# define static_inline static inline
# else
-void *xnmalloc (size_t n, size_t s) ATTRIBUTE_MALLOC;
-void *xnrealloc (void *p, size_t n, size_t s);
+void *xnmalloc (size_t n, size_t s)
+ ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE ((1, 2));
+void *xnrealloc (void *p, size_t n, size_t s)
+ ATTRIBUTE_ALLOC_SIZE ((2, 3));
void *x2nrealloc (void *p, size_t *pn, size_t s);
-char *xcharalloc (size_t n) ATTRIBUTE_MALLOC;
+char *xcharalloc (size_t n)
+ ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE ((1));
# endif
# ifdef static_inline
@@ -117,7 +134,8 @@
/* Allocate an array of N objects, each with S bytes of memory,
dynamically, with error checking. S must be nonzero. */
-static_inline void *xnmalloc (size_t n, size_t s) ATTRIBUTE_MALLOC;
+static_inline void *xnmalloc (size_t n, size_t s)
+ ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE ((1, 2));
static_inline void *
xnmalloc (size_t n, size_t s)
{
@@ -129,6 +147,8 @@
/* Change the size of an allocated block of memory P to an array of N
objects each of S bytes, with error checking. S must be nonzero. */
+static_inline void *xnrealloc (void *p, size_t n, size_t s)
+ ATTRIBUTE_ALLOC_SIZE ((2, 3));
static_inline void *
xnrealloc (void *p, size_t n, size_t s)
{
@@ -229,7 +249,8 @@
/* Return a pointer to a new buffer of N bytes. This is like xmalloc,
except it returns char *. */
-static_inline char *xcharalloc (size_t n) ATTRIBUTE_MALLOC;
+static_inline char *xcharalloc (size_t n)
+ ATTRIBUTE_MALLOC ATTRIBUTE_ALLOC_SIZE ((1));
static_inline char *
xcharalloc (size_t n)
{
