Safely extend the size of a malloced memory block after realloc
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Wed Aug 19 07:45:37 PDT 2015
On 8/18/15 1:51 AM, Benjamin Thaut wrote:
> On Monday, 17 August 2015 at 19:38:21 UTC, Steven Schveighoffer wrote:
>> On 8/17/15 3:27 PM, Benjamin Thaut wrote:
>>> Consider the following code
>>>
>>> void* mem = malloc(500);
>>> GC.addRange(mem, 500);
>>> mem = realloc(mem, 512); // assume the pointer didn't change
>>> GC.removeRange(mem);
>>
>> This is actually unsafe, you have to remove the range first, or else
>> if it *does* change the pointer, your GC is using free'd memory. Plus,
>> if it does change the pointer, how do you remove the original range?
>
> I specifically asked for the case where the pointer doesn't change.
> Obvisouly the case where it does change is easy, you first add the new
> range and then remove the old one. But if you do this and the pointer
> didn't change, the addRange doesn't do anything because its a duplicate
> and the removeRange then removes the range, because the pointer is still
> the same. You then end up with the GC not knowing anything about the
> range anymore.
In the case where the pointer changes, you are in trouble. The original
memory is now free, which means it can be overwritten by something else
(either the C heap or some other thread that reallocates it). Then if
your GC runs *before* you have added the new memory, it may collect the
now-no-longer-referred-to data. It's no different than your original
situation.
I actually think the case where the pointer changes is worse.
>>
>>> // if the GC kicks in here we're f*****
>>> GC.addRange(mem, 512);
>>
>> Can't you GC.disable around this whole thing?
>>
>
> Yes, this would work, but It seems kind of broken to me, that you have
> to make 4 API Calls to the gc to handle something as simple as a realloc.
First measure code in terms of correctness, before anything else. This
is neither a "simple" situation, nor a common one -- the more obscure
you get, the more low level you need to write your code. It may come
down to the conclusion that using realloc for this just isn't a good
idea, use something else.
Also, I note that others have said one can call GC.collect from another
thread, which is true. One could call GC.enable as well. If you have
concerns of this happening (i.e. you don't control all the code, and
think your code may coexist with something that calls GC.collect), the
likely correct mechanism is to take the GC global lock while doing your
operation. I'm not sure if you can do that via the current API, you may
have to add such a feature.
-Steve
More information about the Digitalmars-d
mailing list