A stack allocation API

Fri, 27 Feb 2026 04:00:38 -0800 

Hi,

In the locale code we often use a 1KB array for copies of strings
where we need a NUL-terminated or transcoded version to give a library
function, with a fallback to palloc() + pfree() if we need more space
than that, but:

* we open code it repeatedly
* we often have two allocations but won't use the stack if we can't fit both
* we don't use it in nearby places that are obviously similar,
probably because it's a bit tedious to repeat
* in the past we've forgotten to pfree() large allocations and had to fix leaks
* it's not very type-safe
* we don't seem to consider alignment for non-char types, eg UChar,
wchar_t (apparently ASAN has never complained about that and I think I
see why it's always OK as written, but I suspect that might be UB)

In the attached, I tried to tidy that up with an interface that lets you write:

    DECLARE_STACK_BUFFER();

    p = stack_buffer_alloc(n);
    ...
    stack_buffer_free(p);

The point of the _free() call is that it might need to call pfree() if
it was a large allocation and not from the stack.

Or slightly higher level and supporting the most common use cases with
a one-liner:

    cstr1 = stack_buffer_strdup_with_len(str1, len1);
    cstr2 = stack_buffer_strdup_with_len(str2, len2);
    result = strcoll_l(cstr1, cstr2, locale);
    stack_buffer_free(cstr1);
    stack_buffer_free(cstr2);

Or for non-char cases without casts or pointer/size arithmetic, in the
style of recent palloc() variants:

    wcstr = stack_buffer_alloc_array(wchar_t, len);
    uchar = stack_buffer_alloc_array(UChar, len);

Better names/ideas welcome.

I also wondered if we might have a reasonable case for using alloca(),
where available.  It's pretty much the thing we are emulating, but
keeps the stack nice and compact without big holes to step over for
the following call to strcoll_l() or whatever it might be.  Though
it's non-standard and often discouraged due to the inherent danger of
overflow, our usage is metered.  I don't see why it's any more
dangerous than the existing code as long as our cap is applied to it,
or am I missing some other problem with that idea?  One issue with
USE_ALLOCA is that we have no systems where that wouldn't be used, so
the fallback code would be untested unless you comment the #define
out...

Attachment: v1-0001-Provide-stack-allocation-API.patch
Description: Binary data

Reply via email to