Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it safe to allocate too little space (if you know you won't need it)?

So C99 blessed the commonly-used "flexible array member" hack to allow us to make structs that could be overallocated to suit our size requirements. I suspect it's perfectly safe on most sane implementations to do this, but is it legal in C to "underallocate" if we know in certain situations that we won't need some members of a struct?

Abstract Example

Say I have a type:

struct a {
  bool   data_is_x;
  void * data;
  size_t pos;
};

If data_is_x, then the type of data is a type that needs to use the pos member. Otherwise, the functions that work with this struct won't need the pos member for this particular copy of the struct. Essentially, the struct carries around information about whether or not it has a pos member, and this information will not be changed within the struct's lifetime (outside of evil mischief, which will break pretty much anything anyway). Is it safe to say:

struct a *a = malloc(data_is_x ? sizeof(struct a) : offsetof(struct a, pos));

which will allocate space for a pos member only if one is needed? Or does it violate a constraint to use cast space that is too small to a struct pointer, even when you never use the members in question?

Concrete Example

My real-world use case is a bit involved; it's here mainly so you can understand why I want to do this:

typedef struct {
  size_t size;
  void * data;
  size_t pos;
} mylist;

The code for mylist_create specifies that, for size > 0, data is an array of contiguous data that is size items long (whatever an item may be), but that for size == 0 it is the current node of a doubly-linked list containing the items. All the functions that work with mylists will check whether size == 0. If it does, they'll handle the data as a linked list with the "current" index being whichever node data points to. If not, they'll handle the data as an array with the "current" index stored in pos.

Now if size == 0 we don't really need the pos member, but if size > 0 we will. So my question is, is it legal to do this:

mylist *list = malloc(size ? sizeof(mylist) : offsetof(mylist, pos));

If we guarantee (on penalty of undefined behavior) that, while size == 0, we will never try to (or need to) access the pos member? Or does it say somewhere in the standard that it's UB to even think about doing this?

like image 246
Chris Lutz Avatar asked Sep 09 '11 02:09

Chris Lutz


People also ask

What happens if you don't free allocated memory?

If free() is not used in a program the memory allocated using malloc() will be de-allocated after completion of the execution of the program (included program execution time is relatively small and the program ends normally).

What is the importance of allocation of resources?

Why is resource allocation important? In the delivery of any project, poor allocation of resources will have a knock-on impact on overall performance. Without the right skills or knowledge on a project, efficiency, time, confidence, and motivation can be lost along the way.

What happens if you don't delete dynamically allocated memory?

For dynamically allocated memory like “int *p = new int[10]”, it is the programmer's responsibility to deallocate memory when no longer needed. If the programmer doesn't deallocate memory, it causes a memory leak (memory is not deallocated until the program terminates).


2 Answers

malloc itself doesn't care at all how much memory you allocate for a structure, it's the dereferencing of memory outside the block that is undefined. From C99 6.5.3.2 Address and indirection operators:

If an invalid value has been assigned to the pointer, the behavior of the unary * operator is undefined.

And, from 7.20.3 Memory management functions, we find (my italics):

The pointer returned if the allocation succeeds is suitably aligned so that it may be assigned to a pointer to any type of object and then used to access such an object or an array of such objects in the space allocated (until the space is explicitly deallocated).

Hence, you can do something like:

typedef struct { char ch[100]; } ch100;
ch100 *c = malloc (1);

and, provided you only ever try to do anything with c->ch[0], it's perfectly acceptable.


For your specific concrete example, I'm not too sure I'd be that worried, assuming that what you're concerned about is storage space. If you're concerned for other reasons, feel free to ignore this bit, especially since the assumptions included within are not mandated by the standard.

From my understanding, you have a structure:

typedef struct {
  size_t size;
  void * data;
  size_t pos;
} mylist;

where you want to use only data where size is 0, and both data and pos where size is greater than 0. This precludes the use of putting data and pos in a union.

A significant number of malloc implementations will round up your requested space to a multiple of 16 bytes (or some greater power of two) in order to ease memory fragmentation issues. This isn't required by the standard of course, but it is pretty common.

Assuming (for example) 32-bit pointers and size_t, your twelve bytes of structure will most likely take up a 16-byte arena header and a 16-byte chunk for the data. This chunk would still be 16 bytes even if you only asked for 8 (ie. without pos).

If you had 64-bit pointer and size_t types, it might make a difference - 24 bytes with pos and 16 without.

But even then, unless you're allocating a lot of these structures, it may not be a problem.

like image 113
paxdiablo Avatar answered Sep 18 '22 15:09

paxdiablo


It is perfectly legal, but you should probably make it less obscure by having two structs, and when you read it:

struct leaf_node {
    size_t size;
    void *data;
    size_t pos;
};
struct linked_node {
    size_t size;
    void *next;
};

void *in = ...;

if (*(size_t*)(in) == 0) {
    struct leaf_node *node = in;
    ...
} else {
    struct linked_node *node = in;
    ....
}

This goes more hand-in-hand with the standard that paxdiablo quoted, that you can cast the pointer to any data pointer. If you do it this way you will also always make sure you cast it to a struct that fits in the allocated buffer (an unnecessary but convenient feat).

What paxdiablo said about a minimum size of 16 bytes on 32-bit systems is often true, but you can still allocate big chunks to get around that.

On a 32-bit system the linked_node will use 8 bytes. You must use pools to benefit from what you are trying to do.

struct leaf_node *leaf_pool = malloc(N*sizeof(struct leaf_node));
struct linked_node *linked_pool = malloc(N*sizeof(struct linked_node));

Of course you should never realloc the pools, but allocate new pools as needed and reuse nodes. In this case a single leaf_node will use 12 bytes.

Same applies to linked_node, which will use 8 bytes instead of 16 bytes if you allocate them in a pool.

There will be no performance bottleneck as long as your structs aren't using __attribute__ ((packed)) in GCC, in which case your structs could get very badly aligned. Especially if you have, for example, an extra char in your struct giving it a size of 13 bytes.

Now if we go back to your initial question, the pointer you use to point to allocated data doesn't matter as long as you make sure you don't access data outside of the buffer. Your struct is essentially like a char string, and you check if the first size_t is a "null byte", if it is then assume the buffer is smaller. If it is not null, then the "string" is assumed to be longer and you read more data. The exact same risks are involved, and the only difference after compilation is the size per element read. There is nothing magic about using [el] for strings compared to casting to a struct pointer and reading elements, as you can verify by just as easily causing a segfault using [el].

like image 24
Emil Romanus Avatar answered Sep 20 '22 15:09

Emil Romanus