1/*
2 * Copyright 2017 Google Inc.
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8#ifndef SkMalloc_DEFINED
9#define SkMalloc_DEFINED
10
11#include <cstddef>
12#include <cstring>
13
14#include "SkTypes.h"
15
16/*
17    memory wrappers to be implemented by the porting layer (platform)
18*/
19
20
21/** Free memory returned by sk_malloc(). It is safe to pass null. */
22SK_API extern void sk_free(void*);
23
24/**
25 *  Called internally if we run out of memory. The platform implementation must
26 *  not return, but should either throw an exception or otherwise exit.
27 */
28SK_API extern void sk_out_of_memory(void);
29
30enum {
31    /**
32     *  If this bit is set, the returned buffer must be zero-initialized. If this bit is not set
33     *  the buffer can be uninitialized.
34     */
35    SK_MALLOC_ZERO_INITIALIZE   = 1 << 0,
36
37    /**
38     *  If this bit is set, the implementation must throw/crash/quit if the request cannot
39     *  be fulfilled. If this bit is not set, then it should return nullptr on failure.
40     */
41    SK_MALLOC_THROW             = 1 << 1,
42};
43/**
44 *  Return a block of memory (at least 4-byte aligned) of at least the specified size.
45 *  If the requested memory cannot be returned, either return nullptr or throw/exit, depending
46 *  on the SK_MALLOC_THROW bit. If the allocation succeeds, the memory will be zero-initialized
47 *  if the SK_MALLOC_ZERO_INITIALIZE bit was set.
48 *
49 *  To free the memory, call sk_free()
50 */
51SK_API extern void* sk_malloc_flags(size_t size, unsigned flags);
52
53/** Same as standard realloc(), but this one never returns null on failure. It will throw
54 *  an exception if it fails.
55 */
56SK_API extern void* sk_realloc_throw(void* buffer, size_t size);
57
58static inline void* sk_malloc_throw(size_t size) {
59    return sk_malloc_flags(size, SK_MALLOC_THROW);
60}
61
62static inline void* sk_calloc_throw(size_t size) {
63    return sk_malloc_flags(size, SK_MALLOC_THROW | SK_MALLOC_ZERO_INITIALIZE);
64}
65
66static inline void* sk_calloc_canfail(size_t size) {
67    return sk_malloc_flags(size, SK_MALLOC_ZERO_INITIALIZE);
68}
69
70// Performs a safe multiply count * elemSize, checking for overflow
71SK_API extern void* sk_calloc_throw(size_t count, size_t elemSize);
72SK_API extern void* sk_malloc_throw(size_t count, size_t elemSize);
73SK_API extern void* sk_realloc_throw(void* buffer, size_t count, size_t elemSize);
74
75/**
76 *  These variants return nullptr on failure
77 */
78static inline void* sk_malloc_canfail(size_t size) {
79    return sk_malloc_flags(size, 0);
80}
81SK_API extern void* sk_malloc_canfail(size_t count, size_t elemSize);
82
83// bzero is safer than memset, but we can't rely on it, so... sk_bzero()
84static inline void sk_bzero(void* buffer, size_t size) {
85    // Please c.f. sk_careful_memcpy.  It's undefined behavior to call memset(null, 0, 0).
86    if (size) {
87        memset(buffer, 0, size);
88    }
89}
90
91/**
92 *  sk_careful_memcpy() is just like memcpy(), but guards against undefined behavior.
93 *
94 * It is undefined behavior to call memcpy() with null dst or src, even if len is 0.
95 * If an optimizer is "smart" enough, it can exploit this to do unexpected things.
96 *     memcpy(dst, src, 0);
97 *     if (src) {
98 *         printf("%x\n", *src);
99 *     }
100 * In this code the compiler can assume src is not null and omit the if (src) {...} check,
101 * unconditionally running the printf, crashing the program if src really is null.
102 * Of the compilers we pay attention to only GCC performs this optimization in practice.
103 */
104static inline void* sk_careful_memcpy(void* dst, const void* src, size_t len) {
105    // When we pass >0 len we had better already be passing valid pointers.
106    // So we just need to skip calling memcpy when len == 0.
107    if (len) {
108        memcpy(dst,src,len);
109    }
110    return dst;
111}
112
113#endif  // SkMalloc_DEFINED
114