diff options
author | Jeff King <peff@peff.net> | 2016-06-07 18:53:00 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-06-07 17:47:34 -0700 |
commit | b8ba412bf7c38ac86dbaebdf939b0039bacf434c (patch) | |
tree | 42aca02b2d38147aa5a76b8a2bf4e9077e6c67fb /commit.h | |
parent | 765428699a5381f113d19974720bc91b5bfeaf1d (diff) | |
download | git-jk/avoid-unbounded-alloca.tar.gz |
tree-diff: avoid alloca for large allocationsjk/avoid-unbounded-alloca
Commit 72441af (tree-diff: rework diff_tree() to generate
diffs for multiparent cases as well, 2014-04-07) introduced
the use of alloca so that the common cases of commits with 1
or 2 parents would not be adversely affected by going
through the multi-parent code.
However, our xalloca is not ideal when the number of parents
grows very large:
1. If the requested size is too large for our stack,
alloca() has no way to tell us, and we simply segfault
while trying to access the memory.
2. It does not use our usual memory_limit_check() logic.
I measured, and alloca is indeed buying us a very small
speedup over xmalloc()/free(). So we'd want to keep
something like it.
This patch simply puts a conditional in place at each
callsite: we use alloca for common known-small numbers of
parents, and otherwise use the heap. We are technically
still vulnerable to (1), but no more so than if we simply
put a few dozen bytes on the stack, which we must do all the
time anyway. And likewise, we technically miss a memory
limit check if it is tiny, but such a limit is pointless.
An alternative to this would be implement something like:
struct tree *tp, tp_fallback[2];
if (nparent <= ARRAY_SIZE(tp_fallback))
tp = tp_fallback;
else
ALLOC_ARRAY(tp, nparent);
...
if (tp != tp_fallback)
free(tp);
That would let us drop our xalloca() portability code
entirely. But in my measurements, this seemed to perform
slightly worse than the xalloca solution.
Note in the example above, and in the patch below, I've used
ALLOC_ARRAY() to replace the manual xmalloc(nr * sizeof(*x)).
Besides being shorter, this has the bonus that one cannot
accidentally overflow a size_t during that computation.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'commit.h')
0 files changed, 0 insertions, 0 deletions