7 The most current version of this document is available at
8 http://samba.org/ftp/unpacked/samba4/talloc_guide.txt
10 If you are used to talloc from Samba3 then please read this carefully,
11 as talloc has changed a lot.
13 The new talloc is a hierarchical, reference counted memory pool system
14 with destructors. Quite a mounthful really, but not too bad once you
17 Perhaps the biggest change from Samba3 is that there is no distinction
18 between a "talloc context" and a "talloc pointer". Any pointer
19 returned from talloc() is itself a valid talloc context. This means
22 struct foo *X = talloc_p(mem_ctx, struct foo);
23 X->name = talloc_strdup(X, "foo");
25 and the pointer X->name would be a "child" of the talloc context "X"
26 which is itself a child of mem_ctx. So if you do talloc_free(mem_ctx)
27 then it is all destroyed, whereas if you do talloc_free(X) then just X
28 and X->name are destroyed, and if you do talloc_free(X->name) then
29 just the name element of X is destroyed.
31 If you think about this, then what this effectively gives you is an
32 n-ary tree, where you can free any part of the tree with
35 If you find this confusing, then I suggest you run the LOCAL-TALLOC
36 smbtorture test with the --leak-report-full option to watch talloc in
37 action. You may also like to add your own tests to
38 source/torture/local/talloc.c to clarify how some particular situation
45 All the additional features of talloc() over malloc() do come at a
46 price. We have a simple performance test in Samba4 that measures
47 talloc() versus malloc() performance, and it seems that talloc() is
48 about 10% slower than malloc() on my x86 Debian Linux box. For Samba,
49 the great reduction in code complexity that we get by using talloc
50 makes this worthwhile, especially as the total overhead of
51 talloc/malloc in Samba is already quite small.
57 The following is a complete guide to the talloc API. Read it all at
61 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
62 void *talloc(const void *context, size_t size);
64 The talloc() function is the core of the talloc library. It takes a
65 memory context, and returns a pointer to a new area of memory of the
68 The returned pointer is itself a talloc context, so you can use it as
69 the context argument to more calls to talloc if you wish.
71 The returned pointer is a "child" of the supplied context. This means
72 that if you talloc_free() the context then the new child disappears as
73 well. Alternatively you can free just the child.
75 The context argument to talloc() can be NULL, in which case a new top
76 level context is created.
79 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
80 void *talloc_p(const void *context, type);
82 The talloc_p() macro is the equivalent of
84 (type *)talloc(ctx, sizeof(type))
86 You should use it in preference to talloc() whenever possible, as it
87 provides additional type safety. It also automatically calls the
88 talloc_set_name_const() function with the name being a string holding
92 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
93 int talloc_free(void *ptr);
95 The talloc_free() function frees a piece of talloc memory, and all its
96 children. You can call talloc_free() on any pointer returned by
99 The return value of talloc_free() indicates success or failure, with 0
100 returned for success and -1 for failure. The only possible failure
101 condition is if the pointer had a destructor attached to it and the
102 destructor returned -1. See talloc_set_destructor() for details on
105 If this pointer has an additional reference when talloc_free() is
106 called then the memory is not actually released, but instead the
107 reference is destroyed. See talloc_reference() for details on
108 establishing additional references.
110 talloc_free() operates recursively on its children.
113 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
114 void *talloc_reference(const void *context, const void *ptr);
116 The talloc_reference() function returns an additional reference to
117 "ptr", and makes this additional reference a child of "context".
119 The return value of talloc_reference() is always the original pointer
120 "ptr", unless talloc ran out of memory in creating the reference in
121 which case it will return NULL (each additional reference consumes
122 around 48 bytes of memory on intel x86 platforms).
124 After creating a reference you can free it in one of the following
127 - you can talloc_free() a parent of the original pointer. That will
128 destroy the reference and make the pointer a child of the
129 "context" argument from the most recently called
130 talloc_reference() on the pointer.
132 - you can talloc_free() the pointer itself. That will destroy the
133 most recently established reference to the pointer and leave the
134 pointer as a child of its current parent.
136 - you can talloc_free() the context where you placed the
137 reference. That will destroy the reference, and leave the pointer
141 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
142 void *talloc_unreference(const void *context, const void *ptr);
144 The talloc_unreference() function removes a reference added by
145 talloc_reference(). It must be called with exactly the same arguments
146 as talloc_reference().
148 Note that if the reference has already been removed using
149 talloc_free() then this function will fail and will return NULL.
151 Usually you can just use talloc_free() instead of
152 talloc_unreference(), but sometimes it is useful to have the
153 additional control on who becomes the parent of the pointer given by
154 talloc_unreference().
157 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
158 void talloc_set_destructor(const void *ptr, int (*destructor)(void *));
160 The function talloc_set_destructor() sets the "destructor" for the
161 pointer "ptr". A destructor is a function that is called when the
162 memory used by a pointer is about to be released. The destructor
163 receives the pointer as an argument, and should return 0 for success
166 The destructor can do anything it wants to, including freeing other
167 pieces of memory. A common use for destructors is to clean up
168 operating system resources (such as open file descriptors) contained
169 in the structure the destructor is placed on.
171 You can only place one destructor on a pointer. If you need more than
172 one destructor then you can create a zero-length child of the pointer
173 and place an additional destructor on that.
175 To remove a destructor call talloc_set_destructor() with NULL for the
178 If your destructor attempts to talloc_free() the pointer that it is
179 the destructor for then talloc_free() will return -1 and the free will
180 be ignored. This would be a pointless operation anyway, as the
181 destructor is only called when the memory is just about to go away.
184 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
185 void talloc_increase_ref_count(const void *ptr);
187 The talloc_increase_ref_count(ptr) function is exactly equivalent to:
189 talloc_reference(NULL, ptr);
191 You can use either syntax, depending on which you think is clearer in
195 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
196 void talloc_set_name(const void *ptr, const char *fmt, ...);
198 Each talloc pointer has a "name". The name is used principally for
199 debugging purposes, although it is also possible to set and get the
200 name on a pointer in as a way of "marking" pointers in your code.
202 The main use for names on pointer is for "talloc reports". See
203 talloc_report() and talloc_report_full() for details. Also see
204 talloc_enable_leak_report() and talloc_enable_leak_report_full().
207 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
208 void talloc_set_name_const(const void *ptr, const char *name);
210 The function talloc_set_name_const() is just like talloc_set_name(),
211 but it takes a string constant, and is much faster. It is extensively
212 used by the "auto naming" macros, such as talloc_p().
215 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
216 void *talloc_named(const void *context, size_t size, const char *fmt, ...);
218 The talloc_named() function creates a named talloc pointer. It is
221 ptr = talloc(context, size);
222 talloc_set_name(ptr, fmt, ....);
225 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
226 void *talloc_named_const(const void *context, size_t size, const char *name);
228 This is equivalent to:
230 ptr = talloc(context, size);
231 talloc_set_name_const(ptr, name);
234 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
235 const char *talloc_get_name(const void *ptr);
237 This returns the current name for the given talloc pointer. See
238 talloc_set_name() for details.
241 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
242 void *talloc_init(const char *fmt, ...);
244 This function creates a zero length named talloc context as a top
245 level context. It is equivalent to:
247 talloc_named(NULL, 0, fmt, ...);
250 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
251 void *talloc_realloc(const void *context, void *ptr, size_t size);
253 The talloc_realloc() function changes the size of a talloc
254 pointer. It has the following equivalences:
256 talloc_realloc(context, NULL, size) ==> talloc(context, size);
257 talloc_realloc(context, ptr, 0) ==> talloc_free(ptr);
259 The "context" argument is only used if "ptr" is not NULL, otherwise it
262 talloc_realloc() returns the new pointer, or NULL on failure. The call
263 will fail either due to a lack of memory, or because the pointer has
264 an reference (see talloc_reference()).
267 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
268 void *talloc_steal(const void *new_ctx, const void *ptr);
270 The talloc_steal() function changes the parent context of a talloc
271 pointer. It is typically used when the context that the pointer is
272 currently a child of is going to be freed and you wish to keep the
273 memory for a longer time.
275 The talloc_steal() function returns the pointer that you pass it. It
276 does not have any failure modes.
278 NOTE: It is possible to produce loops in the parent/child relationship
279 if you are not careful with talloc_steal(). No guarantees are provided
280 as to your sanity or the safety of your data if you do this.
283 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
284 off_t talloc_total_size(const void *ptr);
286 The talloc_total_size() function returns the total size in bytes used
287 by this pointer and all child pointers. Mostly useful for debugging.
289 Passing NULL is allowed, but it will only give a meaningful result if
290 talloc_enable_leak_report() or talloc_enable_leak_report_full() has
294 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
295 off_t talloc_total_blocks(const void *ptr);
297 The talloc_total_blocks() function returns the total memory block
298 count used by this pointer and all child pointers. Mostly useful for
301 Passing NULL is allowed, but it will only give a meaningful result if
302 talloc_enable_leak_report() or talloc_enable_leak_report_full() has
306 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
307 void talloc_report(const void *ptr, FILE *f);
309 The talloc_report() function prints a summary report of all memory
310 used by ptr. One line of report is printed for each immediate child of
311 ptr, showing the total memory and number of blocks used by that child.
313 You can pass NULL for the pointer, in which case a report is printed
314 for the top level memory context, but only if
315 talloc_enable_leak_report() or talloc_enable_leak_report_full() has
319 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
320 void talloc_report_full(const void *ptr, FILE *f);
322 This provides a more detailed report than talloc_report(). It will
323 recursively print the ensire tree of memory referenced by the
324 pointer. References in the tree are shown by giving the name of the
325 pointer that is referenced.
327 You can pass NULL for the pointer, in which case a report is printed
328 for the top level memory context, but only if
329 talloc_enable_leak_report() or talloc_enable_leak_report_full() has
333 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
334 void talloc_enable_leak_report(void);
336 This enables calling of talloc_report(NULL, stderr) when the program
337 exits. In Samba4 this is enabled by using the --leak-report command
340 For it to be useful, this function must be called before any other
341 talloc function as it establishes a "null context" that acts as the
342 top of the tree. If you don't call this function first then passing
343 NULL to talloc_report() or talloc_report_full() won't give you the
346 Here is a typical talloc report:
348 talloc report on 'null_context' (total 267 bytes in 15 blocks)
349 libcli/auth/spnego_parse.c:55 contains 31 bytes in 2 blocks
350 libcli/auth/spnego_parse.c:55 contains 31 bytes in 2 blocks
351 iconv(UTF8,CP850) contains 42 bytes in 2 blocks
352 libcli/auth/spnego_parse.c:55 contains 31 bytes in 2 blocks
353 iconv(CP850,UTF8) contains 42 bytes in 2 blocks
354 iconv(UTF8,UTF-16LE) contains 45 bytes in 2 blocks
355 iconv(UTF-16LE,UTF8) contains 45 bytes in 2 blocks
358 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
359 void talloc_enable_leak_report_full(void);
361 This enables calling of talloc_report_full(NULL, stderr) when the
362 program exits. In Samba4 this is enabled by using the
363 --leak-report-full command line option.
365 For it to be useful, this function must be called before any other
366 talloc function as it establishes a "null context" that acts as the
367 top of the tree. If you don't call this function first then passing
368 NULL to talloc_report() or talloc_report_full() won't give you the
371 Here is a typical full report:
373 full talloc report on 'root' (total 18 bytes in 8 blocks)
374 p1 contains 18 bytes in 7 blocks (ref 0)
375 r1 contains 13 bytes in 2 blocks (ref 0)
377 p2 contains 1 bytes in 1 blocks (ref 1)
378 x3 contains 1 bytes in 1 blocks (ref 0)
379 x2 contains 1 bytes in 1 blocks (ref 0)
380 x1 contains 1 bytes in 1 blocks (ref 0)
383 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
384 void *talloc_zero(const void *ctx, size_t size);
386 The talloc_zero() function is equivalent to:
388 ptr = talloc(ctx, size);
389 if (ptr) memset(ptr, 0, size);
392 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
393 void *talloc_memdup(const void *ctx, const void *p, size_t size);
395 The talloc_memdup() function is equivalent to:
397 ptr = talloc(ctx, size);
398 if (ptr) memcpy(ptr, p, size);
401 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
402 char *talloc_strdup(const void *ctx, const char *p);
404 The talloc_strdup() function is equivalent to:
406 ptr = talloc(ctx, strlen(p)+1);
407 if (ptr) memcpy(ptr, p, strlen(p)+1);
410 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
411 char *talloc_strndup(const void *t, const char *p, size_t n);
413 The talloc_strndup() function is the talloc equivalent of the C
414 library function strndup()
417 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
418 char *talloc_vasprintf(const void *t, const char *fmt, va_list ap);
420 The talloc_vasprintf() function is the talloc equivalent of the C
421 library function vasprintf()
424 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
425 char *talloc_asprintf(const void *t, const char *fmt, ...);
427 The talloc_asprintf() function is the talloc equivalent of the C
428 library function asprintf()
431 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
432 char *talloc_asprintf_append(char *s, const char *fmt, ...);
434 The talloc_asprintf_append() function appends the given formatted
435 string to the given string.
438 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
439 void *talloc_array_p(const void *ctx, type, uint_t count);
441 The talloc_array_p() macro is equivalent to:
443 (type *)talloc(ctx, sizeof(type) * count);
445 except that it provides integer overflow protection for the multiply,
446 returning NULL if the multiply overflows.
449 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
450 void *talloc_realloc_p(const void *ctx, void *ptr, type, uint_t count);
452 The talloc_realloc_p() macro is equivalent to:
454 (type *)talloc_realloc(ctx, ptr, sizeof(type) * count);
456 except that it provides integer overflow protection for the multiply,
457 returning NULL if the multiply overflows.