begin cleanup of malloc porting layer

1. Merge some of the allocators into sk_malloc_flags by redefining a flag to mean zero-init 2. Add more private helpers to simplify our call-sites (and handle some overflow mul checks) 3. The 2-param helpers rely on the saturating SkSafeMath::Mul to pass max_size_t as the request, which should always fail. Bug:508641 Change-Id: I322f1e6ed91113467e0fdb12c91c3dad33d890c8 Reviewed-on: https://skia-review.googlesource.com/90940 Commit-Queue: Mike Reed <reed@google.com> Reviewed-by: Robert Phillips <robertphillips@google.com> Reviewed-by: Stephan Altmueller <stephana@google.com>
author: Mike Reed <reed@google.com> 2018-01-05 11:20:10 -0500
committer: Skia Commit-Bot <skia-commit-bot@chromium.org> 2018-01-05 21:29:35 +0000
commit: 8dc8dbc8211e7b0245a6e7db911265efbe0fccaf (patch)
tree: f112c74f618a536e86a80d9d657b804a039f3f54 /include/private
parent: f21b32ccd7bd174ce647078854b2314f8b64d94c (diff)
3 files changed, 82 insertions, 35 deletions
diff --git a/include/private/SkMalloc.h b/include/private/SkMalloc.h
index ba14d465c1..53c3d99a8f 100644
--- a/include/private/SkMalloc.h
+++ b/include/private/SkMalloc.h
@@ -17,26 +17,52 @@
     memory wrappers to be implemented by the porting layer (platform)
 */
 
+
+/** Free memory returned by sk_malloc(). It is safe to pass null. */
+SK_API extern void sk_free(void*);
+
+/**
+ *  Called internally if we run out of memory. The platform implementation must
+ *  not return, but should either throw an exception or otherwise exit.
+ */
+SK_API extern void sk_out_of_memory(void);
+
 enum {
-    SK_MALLOC_TEMP  = 0x01, //!< hint to sk_malloc that the requested memory will be freed in the scope of the stack frame
-    SK_MALLOC_THROW = 0x02  //!< instructs sk_malloc to not return normally if the memory cannot be allocated.
+#ifdef SK_SUPPORT_LEGACY_MALLOC_PORTING_LAYER
+    SK_MALLOC_TEMP = 1,
+#else
+    /**
+     *  If this bit is set, the returned buffer must be zero-initialized. If this bit is not set
+     *  the buffer can be uninitialized.
+     */
+    SK_MALLOC_ZERO_INITIALIZE   = 1 << 0,
+#endif
+
+    /**
+     *  If this bit is set, the implementation must throw/crash/quit if the request cannot
+     *  be fulfilled. If this bit is not set, then it should return nullptr on failure.
+     */
+    SK_MALLOC_THROW             = 1 << 1,
 };
-/** Return a block of memory (at least 4-byte aligned) of at least the
-    specified size. If the requested memory cannot be returned, either
-    return null (if SK_MALLOC_TEMP bit is clear) or throw an exception
-    (if SK_MALLOC_TEMP bit is set). To free the memory, call sk_free().
-*/
+/**
+ *  Return a block of memory (at least 4-byte aligned) of at least the specified size.
+ *  If the requested memory cannot be returned, either return nullptr or throw/exit, depending
+ *  on the SK_MALLOC_THROW bit. If the allocation succeeds, the memory will be zero-initialized
+ *  if the SK_MALLOC_ZERO_INITIALIZE bit was set.
+ *
+ *  To free the memory, call sk_free()
+ */
 SK_API extern void* sk_malloc_flags(size_t size, unsigned flags);
-/** Same as sk_malloc(), but hard coded to pass SK_MALLOC_THROW as the flag
-*/
-SK_API extern void* sk_malloc_throw(size_t size);
+
 /** Same as standard realloc(), but this one never returns null on failure. It will throw
-    an exception if it fails.
-*/
+ *  an exception if it fails.
+ */
 SK_API extern void* sk_realloc_throw(void* buffer, size_t size);
-/** Free memory returned by sk_malloc(). It is safe to pass null.
-*/
-SK_API extern void sk_free(void*);
+
+#ifdef SK_SUPPORT_LEGACY_MALLOC_PORTING_LAYER
+
+/** Same as sk_malloc_flags(), but hard coded to pass SK_MALLOC_THROW as the flag */
+SK_API extern void* sk_malloc_throw(size_t size);
 
 /** Much like calloc: returns a pointer to at least size zero bytes, or NULL on failure.
  */
@@ -46,10 +72,36 @@ SK_API extern void* sk_calloc(size_t size);
  */
 SK_API extern void* sk_calloc_throw(size_t size);
 
-/** Called internally if we run out of memory. The platform implementation must
-    not return, but should either throw an exception or otherwise exit.
-*/
-SK_API extern void sk_out_of_memory(void);
+#else
+static inline void* sk_malloc_throw(size_t size) {
+    return sk_malloc_flags(size, SK_MALLOC_THROW);
+}
+
+static inline void* sk_calloc_throw(size_t size) {
+    return sk_malloc_flags(size, SK_MALLOC_THROW | SK_MALLOC_ZERO_INITIALIZE);
+}
+#endif
+
+static inline void* sk_calloc_canfail(size_t size) {
+#ifdef SK_SUPPORT_LEGACY_MALLOC_PORTING_LAYER
+    return sk_calloc(size);
+#else
+    return sk_malloc_flags(size, SK_MALLOC_ZERO_INITIALIZE);
+#endif
+}
+
+// Performs a safe multiply count * elemSize, checking for overflow
+SK_API extern void* sk_calloc_throw(size_t count, size_t elemSize);
+SK_API extern void* sk_malloc_throw(size_t count, size_t elemSize);
+SK_API extern void* sk_realloc_throw(void* buffer, size_t count, size_t elemSize);
+
+/**
+ *  These variants return nullptr on failure
+ */
+static inline void* sk_malloc_canfail(size_t size) {
+    return sk_malloc_flags(size, 0);
+}
+SK_API extern void* sk_malloc_canfail(size_t count, size_t elemSize);
 
 // bzero is safer than memset, but we can't rely on it, so... sk_bzero()
 static inline void sk_bzero(void* buffer, size_t size) {
diff --git a/include/private/SkTArray.h b/include/private/SkTArray.h
index 3f4cc429b4..68dab9a33a 100644
--- a/include/private/SkTArray.h
+++ b/include/private/SkTArray.h
@@ -445,7 +445,7 @@ private:
             fReserved = false;
         } else {
             fAllocCount = SkTMax(count, SkTMax(kMinHeapAllocCount, reserveCount));
-            fMemArray = sk_malloc_throw(fAllocCount * sizeof(T));
+            fMemArray = sk_malloc_throw(fAllocCount, sizeof(T));
             fOwnMemory = true;
             fReserved = reserveCount > 0;
         }
@@ -460,7 +460,7 @@ private:
         fReserved = false;
         if (count > preallocCount) {
             fAllocCount = SkTMax(count, kMinHeapAllocCount);
-            fMemArray = sk_malloc_throw(fAllocCount * sizeof(T));
+            fMemArray = sk_malloc_throw(fAllocCount, sizeof(T));
             fOwnMemory = true;
         } else {
             fAllocCount = preallocCount;
@@ -537,7 +537,7 @@ private:
             return;
         }
         fAllocCount = newAllocCount;
-        void* newMemArray = sk_malloc_throw(fAllocCount * sizeof(T));
+        void* newMemArray = sk_malloc_throw(fAllocCount, sizeof(T));
         this->move(newMemArray);
         if (fOwnMemory) {
             sk_free(fMemArray);
diff --git a/include/private/SkTemplates.h b/include/private/SkTemplates.h
index 8a605fbd02..3f70203555 100644
--- a/include/private/SkTemplates.h
+++ b/include/private/SkTemplates.h
@@ -175,12 +175,7 @@ public:
             }
 
             if (count > kCount) {
-                const uint64_t size64 = sk_64_mul(count, sizeof(T));
-                const size_t size = static_cast<size_t>(size64);
-                if (size != size64) {
-                    sk_out_of_memory();
-                }
-                fArray = (T*) sk_malloc_throw(size);
+                fArray = (T*) sk_malloc_throw(count, sizeof(T));
             } else if (count > 0) {
                 fArray = (T*) fStorage;
             } else {
@@ -250,7 +245,7 @@ public:
 
     /** Allocates space for 'count' Ts. */
     explicit SkAutoTMalloc(size_t count) {
-        fPtr = count ? (T*)sk_malloc_flags(count * sizeof(T), SK_MALLOC_THROW) : nullptr;
+        fPtr = count ? (T*)sk_malloc_throw(count, sizeof(T)) : nullptr;
     }
 
     SkAutoTMalloc(SkAutoTMalloc<T>&& that) : fPtr(that.release()) {}
@@ -271,7 +266,7 @@ public:
     /** Resize the memory area pointed to by the current ptr without preserving contents. */
     T* reset(size_t count = 0) {
         sk_free(fPtr);
-        fPtr = count ? (T*)sk_malloc_flags(count * sizeof(T), SK_MALLOC_THROW) : nullptr;
+        fPtr = count ? (T*)sk_malloc_throw(count, sizeof(T)) : nullptr;
         return fPtr;
     }
 
@@ -322,7 +317,7 @@ public:
 
     SkAutoSTMalloc(size_t count) {
         if (count > kCount) {
-            fPtr = (T*)sk_malloc_flags(count * sizeof(T), SK_MALLOC_THROW | SK_MALLOC_TEMP);
+            fPtr = (T*)sk_malloc_throw(count, sizeof(T));
         } else if (count) {
             fPtr = fTStorage;
         } else {
@@ -342,7 +337,7 @@ public:
             sk_free(fPtr);
         }
         if (count > kCount) {
-            fPtr = (T*)sk_malloc_throw(count * sizeof(T));
+            fPtr = (T*)sk_malloc_throw(count, sizeof(T));
         } else if (count) {
             fPtr = fTStorage;
         } else {
@@ -373,14 +368,14 @@ public:
     void realloc(size_t count) {
         if (count > kCount) {
             if (fPtr == fTStorage) {
-                fPtr = (T*)sk_malloc_throw(count * sizeof(T));
+                fPtr = (T*)sk_malloc_throw(count, sizeof(T));
                 memcpy(fPtr, fTStorage, kCount * sizeof(T));
             } else {
-                fPtr = (T*)sk_realloc_throw(fPtr, count * sizeof(T));
+                fPtr = (T*)sk_realloc_throw(fPtr, count, sizeof(T));
             }
         } else if (count) {
             if (fPtr != fTStorage) {
-                fPtr = (T*)sk_realloc_throw(fPtr, count * sizeof(T));
+                fPtr = (T*)sk_realloc_throw(fPtr, count, sizeof(T));
             }
         } else {
             this->reset(0);
author	Mike Reed <reed@google.com>	2018-01-05 11:20:10 -0500
committer	Skia Commit-Bot <skia-commit-bot@chromium.org>	2018-01-05 21:29:35 +0000
commit	8dc8dbc8211e7b0245a6e7db911265efbe0fccaf (patch)
tree	f112c74f618a536e86a80d9d657b804a039f3f54 /include/private
parent	f21b32ccd7bd174ce647078854b2314f8b64d94c (diff)