alloc-util: simplify GREEDY_REALLOC() logic by relying on malloc_usable_size()

We recently started making more use of malloc_usable_size() and rely on
it (see the string_erase() story). Given that we don't really support
sytems where malloc_usable_size() cannot be trusted beyond statistics
anyway, let's go fully in and rework GREEDY_REALLOC() on top of it:
instead of passing around and maintaining the currenly allocated size
everywhere, let's just derive it automatically from
malloc_usable_size().

I am mostly after this for the simplicity this brings. It also brings
minor efficiency improvements I guess, but things become so much nicer
to look at if we can avoid these allocation size variables everywhere.

Note that the malloc_usable_size() man page says relying on it wasn't
"good programming practice", but I think it does this for reasons that
don't apply here: the greedy realloc logic specifically doesn't rely on
the returned extra size, beyond the fact that it is equal or larger than
what was requested.

(This commit was supposed to be a quick patch btw, but apparently we use
the greedy realloc stuff quite a bit across the codebase, so this ends
up touching *a*lot* of code.)

1 files changed, 27 insertions, 24 deletions

diff --git a/src/test/test-alloc-util.c b/src/test/test-alloc-util.c
index 3b77dd98ca..2baae0cb9b 100644
--- a/src/test/test-alloc-util.c
+++ b/src/test/test-alloc-util.c
@@ -24,31 +24,31 @@ static void test_alloca(void) {
 
 static void test_GREEDY_REALLOC(void) {
         _cleanup_free_ int *a = NULL, *b = NULL;
-        size_t n_allocated = 0, i, j;
+        size_t i, j;
 
         /* Give valgrind a chance to verify our realloc() operations */
 
         for (i = 0; i < 20480; i++) {
-                assert_se(GREEDY_REALLOC(a, n_allocated, i + 1));
-                assert_se(n_allocated >= i + 1);
-                assert_se(malloc_usable_size(a) >= (i + 1) * sizeof(int));
+                assert_se(GREEDY_REALLOC(a, i + 1));
+                assert_se(MALLOC_ELEMENTSOF(a) >= i + 1);
+                assert_se(MALLOC_SIZEOF_SAFE(a) >= (i + 1) * sizeof(int));
                 a[i] = (int) i;
-                assert_se(GREEDY_REALLOC(a, n_allocated, i / 2));
-                assert_se(n_allocated >= i / 2);
-                assert_se(malloc_usable_size(a) >= (i / 2) * sizeof(int));
+                assert_se(GREEDY_REALLOC(a, i / 2));
+                assert_se(MALLOC_ELEMENTSOF(a) >= i / 2);
+                assert_se(MALLOC_SIZEOF_SAFE(a) >= (i / 2) * sizeof(int));
         }
 
         for (j = 0; j < i / 2; j++)
                 assert_se(a[j] == (int) j);
 
-        for (i = 30, n_allocated = 0; i < 20480; i += 7) {
-                assert_se(GREEDY_REALLOC(b, n_allocated, i + 1));
-                assert_se(n_allocated >= i + 1);
-                assert_se(malloc_usable_size(b) >= (i + 1) * sizeof(int));
+        for (i = 30; i < 20480; i += 7) {
+                assert_se(GREEDY_REALLOC(b, i + 1));
+                assert_se(MALLOC_ELEMENTSOF(b) >= i + 1);
+                assert_se(MALLOC_SIZEOF_SAFE(b) >= (i + 1) * sizeof(int));
                 b[i] = (int) i;
-                assert_se(GREEDY_REALLOC(b, n_allocated, i / 2));
-                assert_se(n_allocated >= i / 2);
-                assert_se(malloc_usable_size(b) >= (i / 2) * sizeof(int));
+                assert_se(GREEDY_REALLOC(b, i / 2));
+                assert_se(MALLOC_ELEMENTSOF(b) >= i / 2);
+                assert_se(MALLOC_SIZEOF_SAFE(b) >= (i / 2) * sizeof(int));
         }
 
         for (j = 30; j < i / 2; j += 7)
@@ -58,8 +58,8 @@ static void test_GREEDY_REALLOC(void) {
 static void test_memdup_multiply_and_greedy_realloc(void) {
         static const int org[] = { 1, 2, 3 };
         _cleanup_free_ int *dup;
+        size_t i;
         int *p;
-        size_t i, allocated = 3;
 
         dup = memdup_suffix0_multiply(org, sizeof(int), 3);
         assert_se(dup);
@@ -75,16 +75,18 @@ static void test_memdup_multiply_and_greedy_realloc(void) {
         assert_se(dup[1] == 2);
         assert_se(dup[2] == 3);
 
+        memzero(dup + 3, malloc_usable_size(dup) - sizeof(int) * 3);
+
         p = dup;
-        assert_se(greedy_realloc0((void**) &dup, &allocated, 2, sizeof(int)) == p);
+        assert_se(GREEDY_REALLOC0(dup, 2) == p);
 
-        p = (int *) greedy_realloc0((void**) &dup, &allocated, 10, sizeof(int));
+        p = GREEDY_REALLOC0(dup, 10);
         assert_se(p == dup);
-        assert_se(allocated >= 10);
+        assert_se(MALLOC_ELEMENTSOF(p) >= 10);
         assert_se(p[0] == 1);
         assert_se(p[1] == 2);
         assert_se(p[2] == 3);
-        for (i = 3; i < allocated; i++)
+        for (i = 3; i < MALLOC_ELEMENTSOF(p); i++)
                 assert_se(p[i] == 0);
 }
 
@@ -139,14 +141,15 @@ static void test_auto_erase_memory(void) {
         /* print address of p2, else e.g. clang-11 will optimize it out */
         log_debug("p1: %p p2: %p", &p1, &p2);
 
-        assert_se(p1 = new(uint8_t, 1024));
-        assert_se(p2 = new(uint8_t, 1024));
+        assert_se(p1 = new(uint8_t, 4703)); /* use prime size, to ensure that there will be free space at the
+                                             * end of the allocation, since malloc() enforces alignment */
+        assert_se(p2 = new(uint8_t, 4703));
 
-        assert_se(genuine_random_bytes(p1, 1024, RANDOM_BLOCK) == 0);
+        assert_se(genuine_random_bytes(p1, 4703, RANDOM_BLOCK) == 0);
 
         /* before we exit the scope, do something with this data, so that the compiler won't optimize this away */
-        memcpy(p2, p1, 1024);
-        for (size_t i = 0; i < 1024; i++)
+        memcpy(p2, p1, 4703);
+        for (size_t i = 0; i < 4703; i++)
                 assert_se(p1[i] == p2[i]);
 }