[Botan-devel] Why Pooling_Allocator?
lloyd at randombit.net
Thu Oct 13 11:03:24 EDT 2005
On Thu, Oct 13, 2005 at 03:43:11AM -0700, Nathaniel Smith wrote:
> So, we're working on finding a minimal test case for this, but, in the
> mean time... can anyone explain _why_ this strange Pool_Allocator
> class exists? I'm just not sure why we wouldn't simply defer to
> the system's highly-optimized malloc, and this confusion makes it hard
> to know what a proper fix would look like.
Pool_Allocator (and the whole allocation system in general, SecureVector and
MemoryRegion and all of that) exists to support "secure" allocators which
protect the contents better than could be done simply using malloc/free and
memset'ing all the memory before you deallocate it. The primary example of that
right now is the mmap-based allocator, which is the only allocator currently
that doesn't back to malloc for actual storage. There was at least one other
non-trivial allocator written but it was only used by one company internally.
I think you may have hit a pathological case, because generally I found that
Pool_Allocator is faster than using malloc/free directly. If you can develop a
reasonable test case, please send either it to me or to the list.
> We also were a bit confused about what the proper semantics of an
> allocator are -- when is it expected to clear memory, and is it
> expected to work to delete an allocator that still has live objects in
> it? Are these things documented anywhere?
No - if they were documented, that sort of thing would be in the internals
documentation. I just checked that, and not only does it having nothing about
the allocators, it was last updated in 2002... I'm going to have to do some
work on that, I think.
As a general rule, the allocator clears memory as soon as possible. If you
destroy the deallocator, it deletes all memory that it has allocated, including
memory that has not been freed by the caller. That was an explicit design
decision, to ensure that memory is always zeroized even if the application is
leaking memory somehow.
More information about the botan-devel