C memory management in server application

Question

I am student and I am writing HTTP proxy application in C. I have trouble with memory management. In all my previous applications I simply wrote a wrapper around malloc which aborted when malloc failed.

void *xmalloc(size_t size)
{
    void *ptr;

    assert(size);

    ptr = malloc(size);
    if (!ptr) 
        abort();

    return ptr;
}

This I now find insufficient as I just want to refuse client and continue serving other clients when memory allocation fails due to temporary shortage of memory. If I don't want to clutter my code with checks after each malloc call (I have quite lot of them per function in parsing code), what are other options to handle memory management and which one is the best for my purposes and how what is a common way for server applications to handle memory management and shortage of memory?

Consider this function from my current code which parses one line from header portion of HTTP message (xstrndup calls xmalloc):

int http_header_parse(http_hdr_table *t, const char *s)
{
    const char *p;
    const char *b;
    char *tmp_name;
    char *tmp_value;
    int ret = -1;

    assert(t);
    assert(s);

    p = b = s;

    /* field name */
    for (; ; p++) {
        if (*p == ':') {
            if (p-b <= 0) goto out;
            tmp_name = xstrndup(b, p-b);
            b = ++p;
            break;
        }

        if (is_ctl_char(*p) || is_sep_char(*p)) goto out;
    }

    while (*p == ' ' || *p == '\t') {
        p++; b++;
    }

    /* field value */
    for (; ; p++) {
        if (is_crlf(p)) {
            if (p-b <= 0) goto err_value;
            tmp_value = xstrndup(b, p-b);
            p += 2;
            break;
        }

        if (!*p) goto err_value;
    }
    http_hdr_table_set(t, tmp_name, tmp_value);

    ret = 0;
    xfree(tmp_value);
err_value:
    xfree(tmp_name);
out:
    return ret;
}

I would like to keep things simple and handle memory allocation errors at one place and to not clutter code with malloc error handling code. What should I do? Thank you.

P.S: I am writing the application to run on POSIX/Unix-like systems. Also feel free to criticize my current coding style and practices.

Answer 1

You could of course use alloca, but that has issues that mean it must be used with care. Alternatively, you can write your code so that you minimise and localise the use of malloc. For example your function above could be rewritten to localise the allocations:

static size_t field_name_length(const char *s)
{
    const char *p = s;
    for ( ; *p != ':'; ++p) {
        if (is_ctl_char(*p) || is_sep_char(*p))
            return 0;
    }
    return (size_t) (p - s);
}

static size_t value_length(const char *s)
{
    const char *p = s;
    for (; *p && !is_crlf(p); p+=2) {
        /* nothing */
    }
    return *p ? (size_t) (p - s) : 0;
}

int http_header_parse(http_hdr_table *t, const char *s)
{
    const char *v;
    int ret = -1;
    size_t v_len = 0;
    size_t f_len = field_name_length(s);

    if (f_len) {
        v = s + f_len + 1;
        v = s + strspn(s, " \t");
        v_len = value_length(s);
    }
    if (v_len > 0 && f_len > 0) {
        /* Allocation is localised to this block */
        const char *name = xstrndup(s, f_len);
        const char *value = xstrndup(v, v_len);

        if (name && value) {
            http_hdr_table_set(t, name, value);
            ret = 0;
        }
        xfree(value);
        xfree(name);
    }
    return ret;
}

Or, even better, you could modify http_hdr_table_set to accept the pointers and lengths and avoid allocation completely.

Answer 2

If you're on a system that supports fork(), which linux does, you can run each client connection in it's own process. When a client connection is first established, you fork your main process into a child process to handle the rest of the request. Then you can abort() like you always have and only the specific client connection is affected. This is a classic unix server model.

If you don't want to or can't use fork(), you need to abort the request by throwing an exception. In C, that would be done by using setjump() when the connection is first established and then calling longjump() when out of memory is detected. This will reset execution and the stack back to where setjump() was called.

The problem is, this will leak all the resources allocated up to that point (for example, other memory allocations that had succeeded up to the point of getting out of memory). So additionally, your memory allocator will have to track all the memory allocations for each request. When longjump() is called, the setjump() return location will then have to free all the memory that was associated with the aborted request.

This is what apache does using pools. Apache uses pools to track resource allocations so it can auto free them in the case of an abort or because the code just didn't free it: http://www.apachetutor.org/dev/pools.

You should also consider the pool model and not just simply wrap malloc() so one client can't use up all the memory in the system.

Answer 3

Another possibility would be to use Boehm's GC by using its GC_malloc instead of malloc (you won't need to call free or GC_free); its GC_oom_fn function pointer (called internally from GC_malloc when no memory is available any more) can be set to your particular out of memory handler (which would deny the incoming HTTP request, perhaps with a longjmp)

The major advantage of using Boehm GC is that you don't care any more about free-ing your dynamically allocated data (provided it was allocated using GC_malloc or friends, e.g. GC_malloc_atomic for data without any pointers inside).

Notice that memory management is not a modular property. The liveness of some given data is a whole program property, see garbage collection wikipage, and RAII programming idiom.

Answer 4

Modern languages give you garbage collection and exceptions. C doesn't, so you have to work hard. There's no magical solution here.

Some tips:

1. Create a session structure, and keep all your allocated memory pointed from it. When the session is aborted, always call a cleanup function. This way, even if you have to check for failures in many places, at least all failures are handled the same way.
2. You can even create a session_allocate() function, which allocates memory and keeps it on a linked list pointed from the session structure. Everything you allocate using this function would be freed when the session is destroy.
3. Try to concentrate all allocations in the beginning of the session. After you've allocated all you need, the rest of your code won't need to worry about failures.

Answer 5

If you want to use a relatively low level language like C, then you shouldn't be too worried about adding something like if(tmp_value == NULL) goto out; in 2 places.

If you can't stand the idea of 2 trivial lines of extra code, then maybe try a language that supports exceptions properly (e.g. C++) and add throw/try/catch instead. Note: I really don't like C++, but using C++ would have to make more sense than implementing your own "exception like" features and an entire layer of automated resource de-allocation in C.