tal: handle take() pointers more carefully.
[ccan] / ccan / tal / tal.c
1 /* Licensed under BSD-MIT - see LICENSE file for details */
2 #include <ccan/tal/tal.h>
3 #include <ccan/compiler/compiler.h>
4 #include <ccan/list/list.h>
5 #include <ccan/alignof/alignof.h>
6 #include <assert.h>
7 #include <stdio.h>
8 #include <stddef.h>
9 #include <string.h>
10 #include <limits.h>
11 #include <stdint.h>
12 #include <errno.h>
13
14 //#define TAL_DEBUG 1
15
16 #define NOTIFY_IS_DESTRUCTOR 512
17 #define NOTIFY_EXTRA_ARG 1024
18
19 /* This makes our parent_child ptr stand out for to_tal_hdr checks */
20 #define TAL_PTR_OBFUSTICATOR ((intptr_t)0x1984200820142016ULL)
21
22 /* 32-bit type field, first byte 0 in either endianness. */
23 enum prop_type {
24         CHILDREN = 0x00c1d500,
25         NAME = 0x00111100,
26         NOTIFIER = 0x00071f00,
27 };
28
29 struct tal_hdr {
30         struct list_node list;
31         struct prop_hdr *prop;
32         /* XOR with TAL_PTR_OBFUSTICATOR */
33         intptr_t parent_child;
34         size_t bytelen;
35 };
36
37 struct prop_hdr {
38         enum prop_type type;
39         struct prop_hdr *next;
40 };
41
42 struct children {
43         struct prop_hdr hdr; /* CHILDREN */
44         struct tal_hdr *parent;
45         struct list_head children; /* Head of siblings. */
46 };
47
48 struct name {
49         struct prop_hdr hdr; /* NAME */
50         char name[];
51 };
52
53 struct notifier {
54         struct prop_hdr hdr; /* NOTIFIER */
55         enum tal_notify_type types;
56         union {
57                 void (*notifyfn)(tal_t *, enum tal_notify_type, void *);
58                 void (*destroy)(tal_t *); /* If NOTIFY_IS_DESTRUCTOR set */
59                 void (*destroy2)(tal_t *, void *); /* If NOTIFY_EXTRA_ARG */
60         } u;
61 };
62
63 /* Extra arg */
64 struct notifier_extra_arg {
65         struct notifier n;
66         void *arg;
67 };
68
69 #define EXTRA_ARG(n) (((struct notifier_extra_arg *)(n))->arg)
70
71 static struct {
72         struct tal_hdr hdr;
73         struct children c;
74 } null_parent = { { { &null_parent.hdr.list, &null_parent.hdr.list },
75                     &null_parent.c.hdr, TAL_PTR_OBFUSTICATOR, 0 },
76                   { { CHILDREN, NULL },
77                     &null_parent.hdr,
78                     { { &null_parent.c.children.n,
79                         &null_parent.c.children.n } }
80                   }
81 };
82
83
84 static void *(*allocfn)(size_t size) = malloc;
85 static void *(*resizefn)(void *, size_t size) = realloc;
86 static void (*freefn)(void *) = free;
87 static void (*errorfn)(const char *msg) = (void *)abort;
88 /* Count on non-destrutor notifiers; often stays zero. */
89 static size_t notifiers = 0;
90
91 static inline void COLD call_error(const char *msg)
92 {
93         errorfn(msg);
94 }
95
96 static bool get_destroying_bit(intptr_t parent_child)
97 {
98         return parent_child & 1;
99 }
100
101 static void set_destroying_bit(intptr_t *parent_child)
102 {
103         *parent_child |= 1;
104 }
105
106 static struct children *ignore_destroying_bit(intptr_t parent_child)
107 {
108         return (void *)((parent_child ^ TAL_PTR_OBFUSTICATOR) & ~(intptr_t)1);
109 }
110
111 /* This means valgrind can see leaks. */
112 void tal_cleanup(void)
113 {
114         struct tal_hdr *i;
115
116         while ((i = list_top(&null_parent.c.children, struct tal_hdr, list))) {
117                 list_del(&i->list);
118                 memset(i, 0, sizeof(*i));
119         }
120
121         /* Cleanup any taken pointers. */
122         take_cleanup();
123 }
124
125 /* We carefully start all real properties with a zero byte. */
126 static bool is_literal(const struct prop_hdr *prop)
127 {
128         return ((char *)prop)[0] != 0;
129 }
130
131 #ifndef NDEBUG
132 static const void *bounds_start, *bounds_end;
133
134 static void update_bounds(const void *new, size_t size)
135 {
136         if (unlikely(!bounds_start)) {
137                 bounds_start = new;
138                 bounds_end = (char *)new + size;
139         } else if (new < bounds_start)
140                 bounds_start = new;
141         else if ((char *)new + size > (char *)bounds_end)
142                 bounds_end = (char *)new + size;
143 }
144
145 static bool in_bounds(const void *p)
146 {
147         return !p
148                 || (p >= (void *)&null_parent && p <= (void *)(&null_parent + 1))
149                 || (p >= bounds_start && p <= bounds_end);
150 }
151 #else
152 static void update_bounds(const void *new, size_t size)
153 {
154 }
155
156 static bool in_bounds(const void *p)
157 {
158         return true;
159 }
160 #endif
161
162 static void check_bounds(const void *p)
163 {
164         if (!in_bounds(p))
165                 call_error("Not a valid header");
166 }
167
168 static struct tal_hdr *to_tal_hdr(const void *ctx)
169 {
170         struct tal_hdr *t;
171
172         t = (struct tal_hdr *)((char *)ctx - sizeof(struct tal_hdr));
173         check_bounds(t);
174         check_bounds(ignore_destroying_bit(t->parent_child));
175         check_bounds(t->list.next);
176         check_bounds(t->list.prev);
177         if (t->prop && !is_literal(t->prop))
178                 check_bounds(t->prop);
179         return t;
180 }
181
182 static struct tal_hdr *to_tal_hdr_or_null(const void *ctx)
183 {
184         if (!ctx)
185                 return &null_parent.hdr;
186         return to_tal_hdr(ctx);
187 }
188
189 static void *from_tal_hdr(const struct tal_hdr *hdr)
190 {
191         return (void *)(hdr + 1);
192 }
193
194 static void *from_tal_hdr_or_null(const struct tal_hdr *hdr)
195 {
196         if (hdr == &null_parent.hdr)
197                 return NULL;
198         return from_tal_hdr(hdr);
199 }
200
201 #ifdef TAL_DEBUG
202 static struct tal_hdr *debug_tal(struct tal_hdr *tal)
203 {
204         tal_check(from_tal_hdr_or_null(tal), "TAL_DEBUG ");
205         return tal;
206 }
207 #else
208 static struct tal_hdr *debug_tal(struct tal_hdr *tal)
209 {
210         return tal;
211 }
212 #endif
213
214 static void notify(const struct tal_hdr *ctx,
215                    enum tal_notify_type type, const void *info,
216                    int saved_errno)
217 {
218         const struct prop_hdr *p;
219
220         for (p = ctx->prop; p; p = p->next) {
221                 struct notifier *n;
222
223                 if (is_literal(p))
224                         break;
225                 if (p->type != NOTIFIER)
226                         continue;
227                 n = (struct notifier *)p;
228                 if (n->types & type) {
229                         errno = saved_errno;
230                         if (n->types & NOTIFY_IS_DESTRUCTOR) {
231                                 if (n->types & NOTIFY_EXTRA_ARG)
232                                         n->u.destroy2(from_tal_hdr(ctx),
233                                                       EXTRA_ARG(n));
234                                 else
235                                         n->u.destroy(from_tal_hdr(ctx));
236                         } else
237                                 n->u.notifyfn(from_tal_hdr_or_null(ctx), type,
238                                               (void *)info);
239                 }
240         }
241 }
242
243 static void *allocate(size_t size)
244 {
245         void *ret = allocfn(size);
246         if (!ret)
247                 call_error("allocation failed");
248         else
249                 update_bounds(ret, size);
250         return ret;
251 }
252
253 static struct prop_hdr **find_property_ptr(const struct tal_hdr *t,
254                                            enum prop_type type)
255 {
256         struct prop_hdr **p;
257
258         for (p = (struct prop_hdr **)&t->prop; *p; p = &(*p)->next) {
259                 if (is_literal(*p)) {
260                         if (type == NAME)
261                                 return p;
262                         break;
263                 }
264                 if ((*p)->type == type)
265                         return p;
266         }
267         return NULL;
268 }
269
270 static void *find_property(const struct tal_hdr *parent, enum prop_type type)
271 {
272         struct prop_hdr **p = find_property_ptr(parent, type);
273
274         if (p)
275                 return *p;
276         return NULL;
277 }
278
279 static void init_property(struct prop_hdr *hdr,
280                           struct tal_hdr *parent,
281                           enum prop_type type)
282 {
283         hdr->type = type;
284         hdr->next = parent->prop;
285         parent->prop = hdr;
286 }
287
288 static struct notifier *add_notifier_property(struct tal_hdr *t,
289                                               enum tal_notify_type types,
290                                               void (*fn)(void *,
291                                                          enum tal_notify_type,
292                                                          void *),
293                                               void *extra_arg)
294 {
295         struct notifier *prop;
296
297         if (types & NOTIFY_EXTRA_ARG)
298                 prop = allocate(sizeof(struct notifier_extra_arg));
299         else
300                 prop = allocate(sizeof(struct notifier));
301
302         if (prop) {
303                 init_property(&prop->hdr, t, NOTIFIER);
304                 prop->types = types;
305                 prop->u.notifyfn = fn;
306                 if (types & NOTIFY_EXTRA_ARG)
307                         EXTRA_ARG(prop) = extra_arg;
308         }
309         return prop;
310 }
311
312 static enum tal_notify_type del_notifier_property(struct tal_hdr *t,
313                                                   void (*fn)(tal_t *,
314                                                              enum tal_notify_type,
315                                                              void *),
316                                                   bool match_extra_arg,
317                                                   void *extra_arg)
318 {
319         struct prop_hdr **p;
320
321         for (p = (struct prop_hdr **)&t->prop; *p; p = &(*p)->next) {
322                 struct notifier *n;
323                 enum tal_notify_type types;
324
325                 if (is_literal(*p))
326                         break;
327                 if ((*p)->type != NOTIFIER)
328                         continue;
329                 n = (struct notifier *)*p;
330                 if (n->u.notifyfn != fn)
331                         continue;
332
333                 types = n->types;
334                 if ((types & NOTIFY_EXTRA_ARG)
335                     && match_extra_arg
336                     && extra_arg != EXTRA_ARG(n))
337                         continue;
338
339                 *p = (*p)->next;
340                 freefn(n);
341                 return types & ~(NOTIFY_IS_DESTRUCTOR|NOTIFY_EXTRA_ARG);
342         }
343         return 0;
344 }
345
346 static struct name *add_name_property(struct tal_hdr *t, const char *name)
347 {
348         struct name *prop;
349
350         prop = allocate(sizeof(*prop) + strlen(name) + 1);
351         if (prop) {
352                 init_property(&prop->hdr, t, NAME);
353                 strcpy(prop->name, name);
354         }
355         return prop;
356 }
357
358 static struct children *add_child_property(struct tal_hdr *parent,
359                                            struct tal_hdr *child UNNEEDED)
360 {
361         struct children *prop = allocate(sizeof(*prop));
362         if (prop) {
363                 init_property(&prop->hdr, parent, CHILDREN);
364                 prop->parent = parent;
365                 list_head_init(&prop->children);
366         }
367         return prop;
368 }
369
370 static bool add_child(struct tal_hdr *parent, struct tal_hdr *child)
371 {
372         struct children *children = find_property(parent, CHILDREN);
373
374         if (!children) {
375                 children = add_child_property(parent, child);
376                 if (!children)
377                         return false;
378         }
379         list_add(&children->children, &child->list);
380         child->parent_child = (intptr_t)children ^ TAL_PTR_OBFUSTICATOR;
381         return true;
382 }
383
384 static void del_tree(struct tal_hdr *t, const tal_t *orig, int saved_errno)
385 {
386         struct prop_hdr **prop, *p, *next;
387
388         assert(!taken(from_tal_hdr(t)));
389
390         /* Already being destroyed?  Don't loop. */
391         if (unlikely(get_destroying_bit(t->parent_child)))
392                 return;
393
394         set_destroying_bit(&t->parent_child);
395
396         /* Call free notifiers. */
397         notify(t, TAL_NOTIFY_FREE, (tal_t *)orig, saved_errno);
398
399         /* Now free children and groups. */
400         prop = find_property_ptr(t, CHILDREN);
401         if (prop) {
402                 struct tal_hdr *i;
403                 struct children *c = (struct children *)*prop;
404
405                 while ((i = list_top(&c->children, struct tal_hdr, list))) {
406                         list_del(&i->list);
407                         del_tree(i, orig, saved_errno);
408                 }
409         }
410
411         /* Finally free our properties. */
412         for (p = t->prop; p && !is_literal(p); p = next) {
413                 next = p->next;
414                 freefn(p);
415         }
416         freefn(t);
417 }
418
419 void *tal_alloc_(const tal_t *ctx, size_t size, bool clear, const char *label)
420 {
421         struct tal_hdr *child, *parent = debug_tal(to_tal_hdr_or_null(ctx));
422
423         child = allocate(sizeof(struct tal_hdr) + size);
424         if (!child)
425                 return NULL;
426         if (clear)
427                 memset(from_tal_hdr(child), 0, size);
428         child->prop = (void *)label;
429         child->bytelen = size;
430
431         if (!add_child(parent, child)) {
432                 freefn(child);
433                 return NULL;
434         }
435         debug_tal(parent);
436         if (notifiers)
437                 notify(parent, TAL_NOTIFY_ADD_CHILD, from_tal_hdr(child), 0);
438         return from_tal_hdr(debug_tal(child));
439 }
440
441 static bool adjust_size(size_t *size, size_t count)
442 {
443         const size_t extra = sizeof(struct tal_hdr);
444
445         /* Multiplication wrap */
446         if (count && unlikely(*size * count / *size != count))
447                 goto overflow;
448
449         *size *= count;
450
451         /* Make sure we don't wrap adding header. */
452         if (*size + extra < extra)
453                 goto overflow;
454         return true;
455 overflow:
456         call_error("allocation size overflow");
457         return false;
458 }
459
460 void *tal_alloc_arr_(const tal_t *ctx, size_t size, size_t count, bool clear,
461                      const char *label)
462 {
463         if (!adjust_size(&size, count))
464                 return NULL;
465
466         return tal_alloc_(ctx, size, clear, label);
467 }
468
469 void *tal_free(const tal_t *ctx)
470 {
471         if (ctx) {
472                 struct tal_hdr *t;
473                 int saved_errno = errno;
474                 t = debug_tal(to_tal_hdr(ctx));
475                 if (unlikely(get_destroying_bit(t->parent_child)))
476                         return NULL;
477                 if (notifiers)
478                         notify(ignore_destroying_bit(t->parent_child)->parent,
479                                TAL_NOTIFY_DEL_CHILD, ctx, saved_errno);
480                 list_del(&t->list);
481                 del_tree(t, ctx, saved_errno);
482                 errno = saved_errno;
483         }
484         return NULL;
485 }
486
487 void *tal_steal_(const tal_t *new_parent, const tal_t *ctx)
488 {
489         if (ctx) {
490                 struct tal_hdr *newpar, *t, *old_parent;
491
492                 newpar = debug_tal(to_tal_hdr_or_null(new_parent));
493                 t = debug_tal(to_tal_hdr(ctx));
494
495                 /* Unlink it from old parent. */
496                 list_del(&t->list);
497                 old_parent = ignore_destroying_bit(t->parent_child)->parent;
498
499                 if (unlikely(!add_child(newpar, t))) {
500                         /* We can always add to old parent, because it has a
501                          * children property already. */
502                         if (!add_child(old_parent, t))
503                                 abort();
504                         return NULL;
505                 }
506                 debug_tal(newpar);
507                 if (notifiers)
508                         notify(t, TAL_NOTIFY_STEAL, new_parent, 0);
509         }
510         return (void *)ctx;
511 }
512
513 bool tal_add_destructor_(const tal_t *ctx, void (*destroy)(void *me))
514 {
515         tal_t *t = debug_tal(to_tal_hdr(ctx));
516         return add_notifier_property(t, TAL_NOTIFY_FREE|NOTIFY_IS_DESTRUCTOR,
517                                      (void *)destroy, NULL);
518 }
519
520 bool tal_add_destructor2_(const tal_t *ctx, void (*destroy)(void *me, void *arg),
521                           void *arg)
522 {
523         tal_t *t = debug_tal(to_tal_hdr(ctx));
524         return add_notifier_property(t, TAL_NOTIFY_FREE|NOTIFY_IS_DESTRUCTOR
525                                      |NOTIFY_EXTRA_ARG,
526                                      (void *)destroy, arg);
527 }
528
529 /* We could support notifiers with an extra arg, but we didn't add to API */
530 bool tal_add_notifier_(const tal_t *ctx, enum tal_notify_type types,
531                        void (*callback)(tal_t *, enum tal_notify_type, void *))
532 {
533         struct tal_hdr *t = debug_tal(to_tal_hdr_or_null(ctx));
534         struct notifier *n;
535
536         assert(types);
537         assert((types & ~(TAL_NOTIFY_FREE | TAL_NOTIFY_STEAL | TAL_NOTIFY_MOVE
538                           | TAL_NOTIFY_RESIZE | TAL_NOTIFY_RENAME
539                           | TAL_NOTIFY_ADD_CHILD | TAL_NOTIFY_DEL_CHILD
540                           | TAL_NOTIFY_ADD_NOTIFIER
541                           | TAL_NOTIFY_DEL_NOTIFIER)) == 0);
542
543         /* Don't call notifier about itself: set types after! */
544         n = add_notifier_property(t, 0, callback, NULL);
545         if (unlikely(!n))
546                 return false;
547
548         if (notifiers)
549                 notify(t, TAL_NOTIFY_ADD_NOTIFIER, callback, 0);
550
551         n->types = types;
552         if (types != TAL_NOTIFY_FREE)
553                 notifiers++;
554         return true;
555 }
556
557 bool tal_del_notifier_(const tal_t *ctx,
558                        void (*callback)(tal_t *, enum tal_notify_type, void *),
559                        bool match_extra_arg, void *extra_arg)
560 {
561         struct tal_hdr *t = debug_tal(to_tal_hdr_or_null(ctx));
562         enum tal_notify_type types;
563
564         types = del_notifier_property(t, callback, match_extra_arg, extra_arg);
565         if (types) {
566                 notify(t, TAL_NOTIFY_DEL_NOTIFIER, callback, 0);
567                 if (types != TAL_NOTIFY_FREE)
568                         notifiers--;
569                 return true;
570         }
571         return false;
572 }
573
574 bool tal_del_destructor_(const tal_t *ctx, void (*destroy)(void *me))
575 {
576         return tal_del_notifier_(ctx, (void *)destroy, false, NULL);
577 }
578
579 bool tal_del_destructor2_(const tal_t *ctx, void (*destroy)(void *me, void *arg),
580                           void *arg)
581 {
582         return tal_del_notifier_(ctx, (void *)destroy, true, arg);
583 }
584
585 bool tal_set_name_(tal_t *ctx, const char *name, bool literal)
586 {
587         struct tal_hdr *t = debug_tal(to_tal_hdr(ctx));
588         struct prop_hdr **prop = find_property_ptr(t, NAME);
589
590         /* Get rid of any old name */
591         if (prop) {
592                 struct name *name = (struct name *)*prop;
593                 if (is_literal(&name->hdr))
594                         *prop = NULL;
595                 else {
596                         *prop = name->hdr.next;
597                         freefn(name);
598                 }
599         }
600
601         if (literal && name[0]) {
602                 struct prop_hdr **p;
603
604                 /* Append literal. */
605                 for (p = &t->prop; *p && !is_literal(*p); p = &(*p)->next);
606                 *p = (struct prop_hdr *)name;
607         } else if (!add_name_property(t, name))
608                 return false;
609
610         debug_tal(t);
611         if (notifiers)
612                 notify(t, TAL_NOTIFY_RENAME, name, 0);
613         return true;
614 }
615
616 const char *tal_name(const tal_t *t)
617 {
618         struct name *n;
619
620         n = find_property(debug_tal(to_tal_hdr(t)), NAME);
621         if (!n)
622                 return NULL;
623
624         if (is_literal(&n->hdr))
625                 return (const char *)n;
626         return n->name;
627 }
628
629 size_t tal_bytelen(const tal_t *ptr)
630 {
631         /* NULL -> null_parent which has bytelen 0 */
632         struct tal_hdr *t = debug_tal(to_tal_hdr_or_null(ptr));
633
634         return t->bytelen;
635 }
636
637 /* Start one past first child: make stopping natural in circ. list. */
638 static struct tal_hdr *first_child(struct tal_hdr *parent)
639 {
640         struct children *child;
641
642         child = find_property(parent, CHILDREN);
643         if (!child)
644                 return NULL;
645
646         return list_top(&child->children, struct tal_hdr, list);
647 }
648
649 tal_t *tal_first(const tal_t *root)
650 {
651         struct tal_hdr *c, *t = debug_tal(to_tal_hdr_or_null(root));
652
653         c = first_child(t);
654         if (!c)
655                 return NULL;
656         return from_tal_hdr(c);
657 }
658
659 tal_t *tal_next(const tal_t *prev)
660 {
661         struct tal_hdr *next, *prevhdr = debug_tal(to_tal_hdr(prev));
662         struct list_head *head;
663
664         head = &ignore_destroying_bit(prevhdr->parent_child)->children;
665         next = list_next(head, prevhdr, list);
666         if (!next)
667                 return NULL;
668         return from_tal_hdr(next);
669 }
670
671 tal_t *tal_parent(const tal_t *ctx)
672 {
673         struct tal_hdr *t;
674
675         if (!ctx)
676                 return NULL;
677
678         t = debug_tal(to_tal_hdr(ctx));
679         if (ignore_destroying_bit(t->parent_child)->parent == &null_parent.hdr)
680                 return NULL;
681         return from_tal_hdr(ignore_destroying_bit(t->parent_child)->parent);
682 }
683
684 bool tal_resize_(tal_t **ctxp, size_t size, size_t count, bool clear)
685 {
686         struct tal_hdr *old_t, *t;
687         struct children *child;
688
689         old_t = debug_tal(to_tal_hdr(*ctxp));
690
691         if (!adjust_size(&size, count))
692                 return false;
693
694         t = resizefn(old_t, sizeof(struct tal_hdr) + size);
695         if (!t) {
696                 call_error("Reallocation failure");
697                 return false;
698         }
699
700         /* Clear between old end and new end. */
701         if (clear && size > t->bytelen) {
702                 char *old_end = (char *)(t + 1) + t->bytelen;
703                 memset(old_end, 0, size - t->bytelen);
704         }
705
706         /* Update length. */
707         t->bytelen = size;
708         update_bounds(t, sizeof(struct tal_hdr) + size);
709
710         /* If it didn't move, we're done! */
711         if (t != old_t) {
712                 /* Fix up linked list pointers. */
713                 t->list.next->prev = t->list.prev->next = &t->list;
714
715                 /* Copy take() property. */
716                 if (taken(from_tal_hdr(old_t)))
717                         take(from_tal_hdr(t));
718
719                 /* Fix up child property's parent pointer. */
720                 child = find_property(t, CHILDREN);
721                 if (child) {
722                         assert(child->parent == old_t);
723                         child->parent = t;
724                 }
725                 *ctxp = from_tal_hdr(debug_tal(t));
726                 if (notifiers)
727                         notify(t, TAL_NOTIFY_MOVE, from_tal_hdr(old_t), 0);
728         }
729         if (notifiers)
730                 notify(t, TAL_NOTIFY_RESIZE, (void *)size, 0);
731
732         return true;
733 }
734
735 bool tal_expand_(tal_t **ctxp, const void *src, size_t size, size_t count)
736 {
737         size_t old_len;
738         bool ret = false;
739
740         old_len = debug_tal(to_tal_hdr(*ctxp))->bytelen;
741
742         /* Check for additive overflow */
743         if (old_len + count * size < old_len) {
744                 call_error("dup size overflow");
745                 goto out;
746         }
747
748         /* Don't point src inside thing we're expanding! */
749         assert(src < *ctxp
750                || (char *)src >= (char *)(*ctxp) + old_len);
751
752         if (!tal_resize_(ctxp, size, old_len/size + count, false))
753                 goto out;
754
755         memcpy((char *)*ctxp + old_len, src, count * size);
756         ret = true;
757
758 out:
759         if (taken(src))
760                 tal_free(src);
761         return ret;
762 }
763
764 void *tal_dup_(const tal_t *ctx, const void *p, size_t size,
765                size_t n, size_t extra, const char *label)
766 {
767         void *ret;
768         size_t nbytes = size;
769
770         if (!adjust_size(&nbytes, n)) {
771                 if (taken(p))
772                         tal_free(p);
773                 return NULL;
774         }
775
776         /* Beware addition overflow! */
777         if (n + extra < n) {
778                 call_error("dup size overflow");
779                 if (taken(p))
780                         tal_free(p);
781                 return NULL;
782         }
783
784         if (taken(p)) {
785                 if (unlikely(!p))
786                         return NULL;
787                 if (unlikely(!tal_resize_((void **)&p, size, n + extra, false)))
788                         return tal_free(p);
789                 if (unlikely(!tal_steal(ctx, p)))
790                         return tal_free(p);
791                 return (void *)p;
792         }
793
794         ret = tal_alloc_arr_(ctx, size, n + extra, false, label);
795         if (ret)
796                 memcpy(ret, p, nbytes);
797         return ret;
798 }
799
800 void tal_set_backend(void *(*alloc_fn)(size_t size),
801                      void *(*resize_fn)(void *, size_t size),
802                      void (*free_fn)(void *),
803                      void (*error_fn)(const char *msg))
804 {
805         if (alloc_fn)
806                 allocfn = alloc_fn;
807         if (resize_fn)
808                 resizefn = resize_fn;
809         if (free_fn)
810                 freefn = free_fn;
811         if (error_fn)
812                 errorfn = error_fn;
813 }
814
815 #ifdef CCAN_TAL_DEBUG
816 static void dump_node(unsigned int indent, const struct tal_hdr *t)
817 {
818         unsigned int i;
819         const struct prop_hdr *p;
820
821         for (i = 0; i < indent; i++)
822                 printf("  ");
823         printf("%p len=%zu", t, t->bytelen);
824         for (p = t->prop; p; p = p->next) {
825                 struct children *c;
826                 struct name *n;
827                 struct notifier *no;
828                 if (is_literal(p)) {
829                         printf(" \"%s\"", (const char *)p);
830                         break;
831                 }
832                 switch (p->type) {
833                 case CHILDREN:
834                         c = (struct children *)p;
835                         printf(" CHILDREN(%p):parent=%p,children={%p,%p}\n",
836                                p, c->parent,
837                                c->children.n.prev, c->children.n.next);
838                         break;
839                 case NAME:
840                         n = (struct name *)p;
841                         printf(" NAME(%p):%s", p, n->name);
842                         break;
843                 case NOTIFIER:
844                         no = (struct notifier *)p;
845                         printf(" NOTIFIER(%p):fn=%p", p, no->u.notifyfn);
846                         break;
847                 default:
848                         printf(" **UNKNOWN(%p):%i**", p, p->type);
849                 }
850         }
851         printf("\n");
852 }
853
854 static void tal_dump_(unsigned int level, const struct tal_hdr *t)
855 {
856         struct children *children;
857
858         dump_node(level, t);
859
860         children = find_property(t, CHILDREN);
861         if (children) {
862                 struct tal_hdr *i;
863
864                 list_for_each(&children->children, i, list)
865                         tal_dump_(level + 1, i);
866         }
867 }
868
869 void tal_dump(void)
870 {
871         tal_dump_(0, &null_parent.hdr);
872 }
873 #endif /* CCAN_TAL_DEBUG */
874
875 #ifndef NDEBUG
876 static bool check_err(struct tal_hdr *t, const char *errorstr,
877                       const char *errmsg)
878 {
879         if (errorstr) {
880                 /* Try not to malloc: it may be corrupted. */
881                 char msg[strlen(errorstr) + 20 + strlen(errmsg) + 1];
882                 sprintf(msg, "%s:%p %s", errorstr, from_tal_hdr(t), errmsg);
883                 call_error(msg);
884         }
885         return false;
886 }
887
888 static bool check_node(struct children *parent_child,
889                        struct tal_hdr *t, const char *errorstr)
890 {
891         struct prop_hdr *p;
892         struct name *name = NULL;
893         struct children *children = NULL;
894
895         if (!in_bounds(t))
896                 return check_err(t, errorstr, "invalid pointer");
897
898         if (ignore_destroying_bit(t->parent_child) != parent_child)
899                 return check_err(t, errorstr, "incorrect parent");
900
901         for (p = t->prop; p; p = p->next) {
902                 if (is_literal(p)) {
903                         if (name)
904                                 return check_err(t, errorstr,
905                                                  "has extra literal");
906                         break;
907                 }
908                 if (!in_bounds(p))
909                         return check_err(t, errorstr,
910                                          "has bad property pointer");
911
912                 switch (p->type) {
913                 case CHILDREN:
914                         if (children)
915                                 return check_err(t, errorstr,
916                                                  "has two child nodes");
917                         children = (struct children *)p;
918                         break;
919                 case NOTIFIER:
920                         break;
921                 case NAME:
922                         if (name)
923                                 return check_err(t, errorstr,
924                                                  "has two names");
925                         name = (struct name *)p;
926                         break;
927                 default:
928                         return check_err(t, errorstr, "has unknown property");
929                 }
930         }
931         if (children) {
932                 struct tal_hdr *i;
933
934                 if (!list_check(&children->children, errorstr))
935                         return false;
936                 list_for_each(&children->children, i, list) {
937                         if (!check_node(children, i, errorstr))
938                                 return false;
939                 }
940         }
941         return true;
942 }
943
944 bool tal_check(const tal_t *ctx, const char *errorstr)
945 {
946         struct tal_hdr *t = to_tal_hdr_or_null(ctx);
947
948         return check_node(ignore_destroying_bit(t->parent_child), t, errorstr);
949 }
950 #else /* NDEBUG */
951 bool tal_check(const tal_t *ctx, const char *errorstr)
952 {
953         return true;
954 }
955 #endif