aligned_alloc underspecifiedThis issue has been automatically converted from the original issue lists and some formatting may not have been preserved.
Authors: WG14, Martin Sebor
Date: 2014-03-22
Reference document: N1808
Submitted against: C11 / C17
Status: Fixed
Fixed in: C17
Converted from: n2396.htm
The aligned_alloc function specifies the following constraints on its
arguments, alignment and size:
The value of
alignmentshall be a valid alignment supported by the implementation and the value ofsizeshall be an integral multiple of alignment.
Therefore, the behavior of the function is undefined when either constraint is violated.
According to section 6.2.8, paragraph 1, the greatest alignment a conforming
implementation is required to support (known as fundamental alignment) is
_Alignof(max_align_t). Furthermore, according to paragraph 2 of the same
section, whether alignments greater than the fundamental alignment (known as
extended alignments) are supported and in what contexts is
implementation-defined.
The standard specifies no mechanism by which programs could determine whether an
extended alignment is supported by an implementation, or whether the
aligned_alloc function is among the contexts where an extended alignment is
supported.
As a result, there is no way for strictly conforming programs to use the
aligned_alloc function with an alignment argument greater than the result of
_Alignof(max_align_t). Since the malloc function returns objects that meet
the same alignment requirement, this restriction makes aligned_alloc useless
in portable programs.
This restriction is unnecessary since it's possible, and in fact nearly trivial
given access to the internal details of the memory allocator, to implement an
efficient aligned_function that fails when its arguments don't meet the
specified requirements.
As a data point, the POSIX Advanced Realtime function
posix_memalign,
as well as the historical BSD memalign function, are both required to return a
null pointer when either of their arguments don't meet the specified
requirements (in addition to setting errno to EINVAL.
The proposed corrigendum below changes the standard to require aligned_alloc
to fail by returning a null pointer when either of its constraints is violated.
In section 7.22.3.1, modify paragraph 2 as indicated below:
The
aligned_allocfunction allocates space for an object whose alignment is specified byalignment, whose size is specified bysize, and whose value is indeterminate.TIf the value ofalignmentshall beis not a valid alignment supported by the implementationandor the value ofsizeshall beis not an integral multiple ofalignmentthe function shall fail by returning a null pointer.
In addition, in section J.2 Undefined behavior, remove the following bullet:
— The alignment requested of the aligned_alloc function is not valid or not supported by the implementation, or the size requested is not an integral multiple of the alignment (7.22.3.1).
If the proposal above isn't acceptable, then an alternative solution to consider
that would allow aligned_alloc to be used even in strictly conforming programs
is to add a new function to determine whether a given alignment is supported by
an implementation. For example:
_Bool alignment_is_valid (size_t alignment);Returns
The
alignment_is_validfunction returns non-zero if the value specified byalignmentis a valid alignment argument to thealigned_allocfunction, and zero otherwise.
Comment from WG14 on 2017-11-03:
Apr 2014 meeting
The committee agrees that the first proposal in the suggested technical corrigendum should be adopted.
Oct 2016 meeting
alignment are useful for allocating on, say, page size boundaries.In section 7.22.3.1, change paragraph 2 from:
The
aligned_allocfunction allocates space for an object whose alignment is specified byalignment, whose size is specified bysize, and whose value is indeterminate. The value ofalignmentshall be a valid alignment supported by the implementation and the value ofsizeshall be an integral multiple ofalignment.
to:
The
aligned_allocfunction allocates space for an object whose alignment is specified byalignment, whose size is specified bysize, and whose value is indeterminate. If the value ofalignmentis not a valid alignment supported by the implementation the function shall fail by returning a null pointer.
In addition, in section J.2 Undefined behavior, remove the following bullet:
— The alignment requested of the aligned_alloc function is not valid or not supported by the implementation, or the size requested is not an integral multiple of the alignment (7.22.3.1).