Auto release of stack variables in C

Question

Unfortunately, in C there aren't any smart pointers.. but is it possible to build a macro that wrap variable declaration and invoke function call with that variable as an input variable upon leaving the scope where the variable was declared ?

Sorry for the long phrase, but I'm working on xnu kernel where you have many elements that have built-in reference counters, and one must not forget to unref this element when done using it to avoid memory leaks.

For example, if I have the following type of proc_t:

struct proc;
typedef struct proc * proc_t;

I want to declare a stack variable based on this type within a scope, for example :

{
    proc_t_release_upon_exit proc_t proc_iter = proc_find(mypid);
    //the rest of the code in this scope 
}

After preprocessor analyze the macro and before compilation, the following code I expect to be generated is :

{ 
    proc_t myproc = proc_find(mypid)
    //the rest of the code in scope
    proc_rele(myproc);
}

Is there any way to define such macro as in C ?

Answer 1

You could use the cleanup variable attribute in GCC. Please take a look at this: http://echorand.me/site/notes/articles/c_cleanup/cleanup_attribute_c.html

Sample code:

#include <stdio.h>
#include <stdlib.h>

void free_memory(void **ptr)
{
    printf("Free memory: %p\n", *ptr);
    free(*ptr);
}

int main(void)
{
    // Define variable and allocate 1 byte, the memory will be free at
    // the end of the scope by the free_memory function. The free_memory 
    // function will get the pointer to the variable *ptr (double pointer
    // **ptr).
    void *ptr  __attribute__ ((__cleanup__(free_memory))) = malloc(1);
    return 0;
}

If you save the source code in a file named main.c, you could compile it with this command:

gcc main.c -o main

and verify if there are any memory leaks by:

valgrind ./main

Example output from valgrind:

==1026== Memcheck, a memory error detector
==1026== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==1026== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==1026== Command: ./main
==1026== 
Free memory: 0x51ff040
==1026== 
==1026== HEAP SUMMARY:
==1026==     in use at exit: 0 bytes in 0 blocks
==1026==   total heap usage: 1 allocs, 1 frees, 1 bytes allocated
==1026== 
==1026== All heap blocks were freed -- no leaks are possible
==1026== 
==1026== For counts of detected and suppressed errors, rerun with: -v
==1026== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Answer 2

C does provide a way to place code syntactically before other code that will execute first: the for block. Remember that clause 3 of a for structure can contain an arbitrary expression, and always runs after the execution of the main block.

You can therefore create a macro that makes a predetermined call after a given chunk of following code by wrapping a for block in a macro:

#define M_GEN_DONE_FLAG() _done_ ## __LINE__ 

#define M_AROUND_BLOCK2(FLAG, DECL, BEFORE, AFTER) \
  for (int FLAG = (BEFORE, 0); !FLAG; ) \
    for (DECL; !FLAG; FLAG = (AFTER, 1))

#define M_AROUND_BLOCK(DECL, BEFORE, AFTER) M_AROUND_BLOCK2(M_GEN_DONE_FLAG(), DECL, BEFORE, AFTER)

#define M_CLEANUP_VAR(DECL, CLEANUP_CALL) M_AROUND_BLOCK(DECL, (void)0, CLEANUP_CALL)

...and you can use it like this:

#include <stdio.h>

struct proc;
typedef struct proc * proc_t;

proc_t proc_find(int);
void proc_rele(proc_t);

void fun(int mypid) {
  M_CLEANUP_VAR (proc_t myproc = proc_find(mypid), proc_rele(myproc))
  {
    printf("%p\n", &myproc); // just to prove it's in scope
  }
}

The trick here is that a for block accepts a following statement, but if we don't actually put that statement in the macro definition, we can follow the macro invocation with a normal code block and it will "magically" belong to our new scoped-control-structure syntax, simply by virtue of following the expanded for.

Any optimizer worth using will remove the loop flag at its lowest optimization settings. Note that name clashing with the flag is not a huge concern (i.e. you don't really need a gensym for this) because the flag is scoped to the loop body, and any nested loops will safely hide it if they use the same flag name.

The bonus here is that the scope of the variable to cleanup is restricted (it cannot be used outside of the compound immediately following its declaration) and visually explicit (because of said compound).

Pros:

• this is standard C with no extensions
• the control flow is straightforward
• it's actually (somehow) less verbose than __attribute__ __cleanup__

Cons:

• it doesn't provide "full" RAII (i.e. won't protect against goto or C++ exceptions: __cleanup__ is usually implemented with C++ machinery under the hood so it's more complete). More seriously, it doesn't protect against early return (thanks @Voo). (You can at least guard against a misplaced break - if you want to - by adding a third line, switch (0) default: to the end of M_AROUND_BLOCK2.)
• not everyone agrees with syntax-extending macros (but consider that you are extending C's semantics here, so...)

Answer 3

I know this isn't what you want to hear, but I urge you not to do this.

It is perfectly acceptable C style to have a single point of return, before which everything gets cleaned up. Since there are no exceptions, this is easy to do, and easy to verify by looking at the function.

Using macro-hackery or compiler "features" to do this is not accepted C style. It will be a burden for everyone after you to read and understand. And in the end it doesn't actually gain you much.