1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
------------------------------------------------------------------------------
-- --
-- GNAT RUN-TIME COMPONENTS --
-- --
-- S Y S T E M . M E M O R Y --
-- --
-- B o d y --
-- --
-- Copyright (C) 2001-2024, Free Software Foundation, Inc. --
-- --
-- GNAT is free software; you can redistribute it and/or modify it under --
-- terms of the GNU General Public License as published by the Free Soft- --
-- ware Foundation; either version 3, or (at your option) any later ver- --
-- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
-- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
-- or FITNESS FOR A PARTICULAR PURPOSE. --
-- --
-- As a special exception under Section 7 of GPL version 3, you are granted --
-- additional permissions described in the GCC Runtime Library Exception, --
-- version 3.1, as published by the Free Software Foundation. --
-- --
-- You should have received a copy of the GNU General Public License and --
-- a copy of the GCC Runtime Library Exception along with this program; --
-- see the files COPYING3 and COPYING.RUNTIME respectively. If not, see --
-- <http://www.gnu.org/licenses/>. --
-- --
-- GNAT was originally developed by the GNAT team at New York University. --
-- Extensive contributions were provided by Ada Core Technologies Inc. --
-- --
------------------------------------------------------------------------------
-- This is the default implementation of this package
-- This implementation assumes that the underlying malloc/free/realloc
-- implementation is thread safe, and thus, no additional lock is required.
-- Note that when using sjlj exception handling, we still need to defer abort
-- because an asynchronous signal (as used for implementing asynchronous abort
-- of task on sjlj runtimes) cannot safely be handled while malloc is
-- executing.
with System.CRTL;
with System.Parameters;
with System.Soft_Links;
package body System.Memory is
use System.Soft_Links;
function c_malloc (Size : System.CRTL.size_t) return System.Address
renames System.CRTL.malloc;
procedure c_free (Ptr : System.Address)
renames System.CRTL.free;
function c_realloc
(Ptr : System.Address; Size : System.CRTL.size_t) return System.Address
renames System.CRTL.realloc;
-----------
-- Alloc --
-----------
function Alloc (Size : size_t) return System.Address is
Result : System.Address;
begin
-- A previous version moved the check for size_t'Last below, into the
-- "if Result = System.Null_Address...". So malloc(size_t'Last) should
-- return Null_Address, and then we can check for that special value.
-- However, that doesn't work on VxWorks, because malloc(size_t'Last)
-- prints an unwanted warning message before returning Null_Address.
-- Note that the branch is correctly predicted on modern hardware, so
-- there is negligible overhead.
if Size = size_t'Last then
raise Storage_Error with "object too large";
end if;
if ZCX_By_Default or else Parameters.No_Abort then
Result := c_malloc (System.CRTL.size_t (Size));
else
Abort_Defer.all;
Result := c_malloc (System.CRTL.size_t (Size));
Abort_Undefer.all;
end if;
if Result = System.Null_Address then
-- If Size = 0, we can't allocate 0 bytes, because then two different
-- allocators, one of which has Size = 0, could return pointers that
-- compare equal, which is wrong. (Nonnull pointers compare equal if
-- and only if they designate the same object, and two different
-- allocators allocate two different objects).
-- malloc(0) is defined to allocate a non-zero-sized object (in which
-- case we won't get here, and all is well) or NULL, in which case we
-- get here. We also get here in case of error. So check for the
-- zero-size case, and allocate 1 byte. Otherwise, raise
-- Storage_Error.
-- We check for zero size here, rather than at the start, for
-- efficiency.
if Size = 0 then
return Alloc (1);
end if;
raise Storage_Error with "heap exhausted";
end if;
return Result;
end Alloc;
----------
-- Free --
----------
procedure Free (Ptr : System.Address) is
begin
if ZCX_By_Default or else Parameters.No_Abort then
c_free (Ptr);
else
Abort_Defer.all;
c_free (Ptr);
Abort_Undefer.all;
end if;
end Free;
-------------
-- Realloc --
-------------
function Realloc
(Ptr : System.Address;
Size : size_t)
return System.Address
is
Result : System.Address;
begin
if Size = size_t'Last then
raise Storage_Error with "object too large";
end if;
if ZCX_By_Default or else Parameters.No_Abort then
Result := c_realloc (Ptr, System.CRTL.size_t (Size));
else
Abort_Defer.all;
Result := c_realloc (Ptr, System.CRTL.size_t (Size));
Abort_Undefer.all;
end if;
if Result = System.Null_Address then
raise Storage_Error with "heap exhausted";
end if;
return Result;
end Realloc;
end System.Memory;
|
