| commit | 7fcce24e75b8281621a0b8816dc58cbdc05fdc91 | |
| author | Paul Eggert <eggert@cs.ucla.edu> | |
| Sun, 28 Aug 2016 09:13:18 +0000 (28 02:13 -0700) | ||
| committer | Paul Eggert <eggert@cs.ucla.edu> | |
| Sun, 28 Aug 2016 09:14:13 +0000 (28 02:14 -0700) | ||
| tree | f6de4c69b1d0db6811cfbf085ff896906a124b84 | treesnapshot (tar.gz zip) |
| parent | 4be1ab61f4c1784f6870a5d53185bb0a6d9c5312 | commitdiff |
Memory allocator alignment fixes
These changes remove some assumptions about heap allocator
alignment that may not be true on unusual platforms.
* src/alloc.c (POWER_OF_2): New macro.
(ROUNDUP): Use it.
(BLOCK_ALIGN): Verify that it is a power of 2.
(aligned_alloc): Check that alignment passed to posix_memalign
satisfies POSIX restrictions.
(lisp_align_malloc): Check that size passed to aligned_alloc
satisfies C11 restrictions.
(MALLOC_IS_GC_ALIGNED): Check that GCALIGNMENT is 8, since the
code has not been verified to work with other GCALIGNMENT values
and the ice is thin here. On GNU/Linux, malloc can return a value
that is a multiple of 8 but not 16, even though __alignof__
(max_align_t) is 16. See:
https://gcc.gnu.org/ml/gcc-patches/2016-08/msg01902.html
(lmalloc) [USE_ALIGNED_ALLOC]: Use aligned_alloc only if size
is a multiple of alignment, since C11 says the behavior is
undefined otherwise.
(lmalloc, lrealloc): Don't use INT_ADD_WRAPV on size_t, as in
general this macro is restricted to signed types. Remove
assertion that the result is a multiple of GCALIGNMENT, as that
need not be true.
These changes remove some assumptions about heap allocator
alignment that may not be true on unusual platforms.
* src/alloc.c (POWER_OF_2): New macro.
(ROUNDUP): Use it.
(BLOCK_ALIGN): Verify that it is a power of 2.
(aligned_alloc): Check that alignment passed to posix_memalign
satisfies POSIX restrictions.
(lisp_align_malloc): Check that size passed to aligned_alloc
satisfies C11 restrictions.
(MALLOC_IS_GC_ALIGNED): Check that GCALIGNMENT is 8, since the
code has not been verified to work with other GCALIGNMENT values
and the ice is thin here. On GNU/Linux, malloc can return a value
that is a multiple of 8 but not 16, even though __alignof__
(max_align_t) is 16. See:
https://gcc.gnu.org/ml/gcc-patches/2016-08/msg01902.html
(lmalloc) [USE_ALIGNED_ALLOC]: Use aligned_alloc only if size
is a multiple of alignment, since C11 says the behavior is
undefined otherwise.
(lmalloc, lrealloc): Don't use INT_ADD_WRAPV on size_t, as in
general this macro is restricted to signed types. Remove
assertion that the result is a multiple of GCALIGNMENT, as that
need not be true.
| src/alloc.c | diffblobblamehistory |