summaryrefslogtreecommitdiff
path: root/commit.h
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2016-06-07 18:53:00 -0400
committerJunio C Hamano <gitster@pobox.com>2016-06-07 17:47:34 -0700
commitb8ba412bf7c38ac86dbaebdf939b0039bacf434c (patch)
tree42aca02b2d38147aa5a76b8a2bf4e9077e6c67fb /commit.h
parent765428699a5381f113d19974720bc91b5bfeaf1d (diff)
downloadgit-jk/avoid-unbounded-alloca.tar.gz
tree-diff: avoid alloca for large allocationsjk/avoid-unbounded-alloca
Commit 72441af (tree-diff: rework diff_tree() to generate diffs for multiparent cases as well, 2014-04-07) introduced the use of alloca so that the common cases of commits with 1 or 2 parents would not be adversely affected by going through the multi-parent code. However, our xalloca is not ideal when the number of parents grows very large: 1. If the requested size is too large for our stack, alloca() has no way to tell us, and we simply segfault while trying to access the memory. 2. It does not use our usual memory_limit_check() logic. I measured, and alloca is indeed buying us a very small speedup over xmalloc()/free(). So we'd want to keep something like it. This patch simply puts a conditional in place at each callsite: we use alloca for common known-small numbers of parents, and otherwise use the heap. We are technically still vulnerable to (1), but no more so than if we simply put a few dozen bytes on the stack, which we must do all the time anyway. And likewise, we technically miss a memory limit check if it is tiny, but such a limit is pointless. An alternative to this would be implement something like: struct tree *tp, tp_fallback[2]; if (nparent <= ARRAY_SIZE(tp_fallback)) tp = tp_fallback; else ALLOC_ARRAY(tp, nparent); ... if (tp != tp_fallback) free(tp); That would let us drop our xalloca() portability code entirely. But in my measurements, this seemed to perform slightly worse than the xalloca solution. Note in the example above, and in the patch below, I've used ALLOC_ARRAY() to replace the manual xmalloc(nr * sizeof(*x)). Besides being shorter, this has the bonus that one cannot accidentally overflow a size_t during that computation. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'commit.h')
0 files changed, 0 insertions, 0 deletions