]>
Commit | Line | Data |
---|---|---|
56137dbc | 1 | /* Malloc implementation for multiple threads without lock contention. |
2b778ceb | 2 | Copyright (C) 1996-2021 Free Software Foundation, Inc. |
88e316b0 | 3 | Copyright The GNU Toolchain Authors. |
f65fd747 | 4 | This file is part of the GNU C Library. |
f65fd747 UD |
5 | |
6 | The GNU C Library is free software; you can redistribute it and/or | |
cc7375ce RM |
7 | modify it under the terms of the GNU Lesser General Public License as |
8 | published by the Free Software Foundation; either version 2.1 of the | |
fa8d436c | 9 | License, or (at your option) any later version. |
f65fd747 UD |
10 | |
11 | The GNU C Library is distributed in the hope that it will be useful, | |
12 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
cc7375ce | 14 | Lesser General Public License for more details. |
f65fd747 | 15 | |
cc7375ce | 16 | You should have received a copy of the GNU Lesser General Public |
59ba27a6 | 17 | License along with the GNU C Library; see the file COPYING.LIB. If |
5a82c748 | 18 | not, see <https://www.gnu.org/licenses/>. */ |
f65fd747 | 19 | |
fa8d436c UD |
20 | /* |
21 | This is a version (aka ptmalloc2) of malloc/free/realloc written by | |
22 | Doug Lea and adapted to multiple threads/arenas by Wolfram Gloger. | |
23 | ||
bb2ce416 | 24 | There have been substantial changes made after the integration into |
da2d2fb6 UD |
25 | glibc in all parts of the code. Do not look for much commonality |
26 | with the ptmalloc2 version. | |
27 | ||
fa8d436c | 28 | * Version ptmalloc2-20011215 |
fa8d436c UD |
29 | based on: |
30 | VERSION 2.7.0 Sun Mar 11 14:14:06 2001 Doug Lea (dl at gee) | |
f65fd747 | 31 | |
fa8d436c | 32 | * Quickstart |
f65fd747 | 33 | |
fa8d436c UD |
34 | In order to compile this implementation, a Makefile is provided with |
35 | the ptmalloc2 distribution, which has pre-defined targets for some | |
36 | popular systems (e.g. "make posix" for Posix threads). All that is | |
37 | typically required with regard to compiler flags is the selection of | |
38 | the thread package via defining one out of USE_PTHREADS, USE_THR or | |
39 | USE_SPROC. Check the thread-m.h file for what effects this has. | |
40 | Many/most systems will additionally require USE_TSD_DATA_HACK to be | |
41 | defined, so this is the default for "make posix". | |
f65fd747 UD |
42 | |
43 | * Why use this malloc? | |
44 | ||
45 | This is not the fastest, most space-conserving, most portable, or | |
46 | most tunable malloc ever written. However it is among the fastest | |
47 | while also being among the most space-conserving, portable and tunable. | |
48 | Consistent balance across these factors results in a good general-purpose | |
fa8d436c UD |
49 | allocator for malloc-intensive programs. |
50 | ||
51 | The main properties of the algorithms are: | |
52 | * For large (>= 512 bytes) requests, it is a pure best-fit allocator, | |
53 | with ties normally decided via FIFO (i.e. least recently used). | |
54 | * For small (<= 64 bytes by default) requests, it is a caching | |
55 | allocator, that maintains pools of quickly recycled chunks. | |
56 | * In between, and for combinations of large and small requests, it does | |
57 | the best it can trying to meet both goals at once. | |
58 | * For very large requests (>= 128KB by default), it relies on system | |
59 | memory mapping facilities, if supported. | |
60 | ||
61 | For a longer but slightly out of date high-level description, see | |
62 | http://gee.cs.oswego.edu/dl/html/malloc.html | |
63 | ||
64 | You may already by default be using a C library containing a malloc | |
65 | that is based on some version of this malloc (for example in | |
66 | linux). You might still want to use the one in this file in order to | |
67 | customize settings or to avoid overheads associated with library | |
68 | versions. | |
69 | ||
70 | * Contents, described in more detail in "description of public routines" below. | |
71 | ||
72 | Standard (ANSI/SVID/...) functions: | |
73 | malloc(size_t n); | |
74 | calloc(size_t n_elements, size_t element_size); | |
22a89187 UD |
75 | free(void* p); |
76 | realloc(void* p, size_t n); | |
fa8d436c UD |
77 | memalign(size_t alignment, size_t n); |
78 | valloc(size_t n); | |
79 | mallinfo() | |
80 | mallopt(int parameter_number, int parameter_value) | |
81 | ||
82 | Additional functions: | |
22a89187 UD |
83 | independent_calloc(size_t n_elements, size_t size, void* chunks[]); |
84 | independent_comalloc(size_t n_elements, size_t sizes[], void* chunks[]); | |
fa8d436c | 85 | pvalloc(size_t n); |
fa8d436c | 86 | malloc_trim(size_t pad); |
22a89187 | 87 | malloc_usable_size(void* p); |
fa8d436c | 88 | malloc_stats(); |
f65fd747 UD |
89 | |
90 | * Vital statistics: | |
91 | ||
fa8d436c | 92 | Supported pointer representation: 4 or 8 bytes |
a9177ff5 | 93 | Supported size_t representation: 4 or 8 bytes |
f65fd747 | 94 | Note that size_t is allowed to be 4 bytes even if pointers are 8. |
fa8d436c UD |
95 | You can adjust this by defining INTERNAL_SIZE_T |
96 | ||
97 | Alignment: 2 * sizeof(size_t) (default) | |
98 | (i.e., 8 byte alignment with 4byte size_t). This suffices for | |
99 | nearly all current machines and C compilers. However, you can | |
100 | define MALLOC_ALIGNMENT to be wider than this if necessary. | |
f65fd747 | 101 | |
fa8d436c UD |
102 | Minimum overhead per allocated chunk: 4 or 8 bytes |
103 | Each malloced chunk has a hidden word of overhead holding size | |
f65fd747 UD |
104 | and status information. |
105 | ||
106 | Minimum allocated size: 4-byte ptrs: 16 bytes (including 4 overhead) | |
72f90263 | 107 | 8-byte ptrs: 24/32 bytes (including, 4/8 overhead) |
f65fd747 UD |
108 | |
109 | When a chunk is freed, 12 (for 4byte ptrs) or 20 (for 8 byte | |
110 | ptrs but 4 byte size) or 24 (for 8/8) additional bytes are | |
fa8d436c UD |
111 | needed; 4 (8) for a trailing size field and 8 (16) bytes for |
112 | free list pointers. Thus, the minimum allocatable size is | |
113 | 16/24/32 bytes. | |
f65fd747 UD |
114 | |
115 | Even a request for zero bytes (i.e., malloc(0)) returns a | |
116 | pointer to something of the minimum allocatable size. | |
117 | ||
fa8d436c UD |
118 | The maximum overhead wastage (i.e., number of extra bytes |
119 | allocated than were requested in malloc) is less than or equal | |
120 | to the minimum size, except for requests >= mmap_threshold that | |
121 | are serviced via mmap(), where the worst case wastage is 2 * | |
122 | sizeof(size_t) bytes plus the remainder from a system page (the | |
123 | minimal mmap unit); typically 4096 or 8192 bytes. | |
f65fd747 | 124 | |
a9177ff5 | 125 | Maximum allocated size: 4-byte size_t: 2^32 minus about two pages |
72f90263 | 126 | 8-byte size_t: 2^64 minus about two pages |
fa8d436c UD |
127 | |
128 | It is assumed that (possibly signed) size_t values suffice to | |
f65fd747 UD |
129 | represent chunk sizes. `Possibly signed' is due to the fact |
130 | that `size_t' may be defined on a system as either a signed or | |
fa8d436c UD |
131 | an unsigned type. The ISO C standard says that it must be |
132 | unsigned, but a few systems are known not to adhere to this. | |
133 | Additionally, even when size_t is unsigned, sbrk (which is by | |
134 | default used to obtain memory from system) accepts signed | |
135 | arguments, and may not be able to handle size_t-wide arguments | |
136 | with negative sign bit. Generally, values that would | |
137 | appear as negative after accounting for overhead and alignment | |
138 | are supported only via mmap(), which does not have this | |
139 | limitation. | |
140 | ||
141 | Requests for sizes outside the allowed range will perform an optional | |
142 | failure action and then return null. (Requests may also | |
143 | also fail because a system is out of memory.) | |
144 | ||
22a89187 | 145 | Thread-safety: thread-safe |
fa8d436c UD |
146 | |
147 | Compliance: I believe it is compliant with the 1997 Single Unix Specification | |
2b0fba75 | 148 | Also SVID/XPG, ANSI C, and probably others as well. |
f65fd747 UD |
149 | |
150 | * Synopsis of compile-time options: | |
151 | ||
152 | People have reported using previous versions of this malloc on all | |
153 | versions of Unix, sometimes by tweaking some of the defines | |
22a89187 | 154 | below. It has been tested most extensively on Solaris and Linux. |
fa8d436c UD |
155 | People also report using it in stand-alone embedded systems. |
156 | ||
157 | The implementation is in straight, hand-tuned ANSI C. It is not | |
158 | at all modular. (Sorry!) It uses a lot of macros. To be at all | |
159 | usable, this code should be compiled using an optimizing compiler | |
160 | (for example gcc -O3) that can simplify expressions and control | |
161 | paths. (FAQ: some macros import variables as arguments rather than | |
162 | declare locals because people reported that some debuggers | |
163 | otherwise get confused.) | |
164 | ||
165 | OPTION DEFAULT VALUE | |
166 | ||
167 | Compilation Environment options: | |
168 | ||
2a26ef3a | 169 | HAVE_MREMAP 0 |
fa8d436c UD |
170 | |
171 | Changing default word sizes: | |
172 | ||
173 | INTERNAL_SIZE_T size_t | |
fa8d436c UD |
174 | |
175 | Configuration and functionality options: | |
176 | ||
fa8d436c UD |
177 | USE_PUBLIC_MALLOC_WRAPPERS NOT defined |
178 | USE_MALLOC_LOCK NOT defined | |
179 | MALLOC_DEBUG NOT defined | |
180 | REALLOC_ZERO_BYTES_FREES 1 | |
fa8d436c UD |
181 | TRIM_FASTBINS 0 |
182 | ||
183 | Options for customizing MORECORE: | |
184 | ||
185 | MORECORE sbrk | |
186 | MORECORE_FAILURE -1 | |
a9177ff5 | 187 | MORECORE_CONTIGUOUS 1 |
fa8d436c UD |
188 | MORECORE_CANNOT_TRIM NOT defined |
189 | MORECORE_CLEARS 1 | |
a9177ff5 | 190 | MMAP_AS_MORECORE_SIZE (1024 * 1024) |
fa8d436c UD |
191 | |
192 | Tuning options that are also dynamically changeable via mallopt: | |
193 | ||
425ce2ed | 194 | DEFAULT_MXFAST 64 (for 32bit), 128 (for 64bit) |
fa8d436c UD |
195 | DEFAULT_TRIM_THRESHOLD 128 * 1024 |
196 | DEFAULT_TOP_PAD 0 | |
197 | DEFAULT_MMAP_THRESHOLD 128 * 1024 | |
198 | DEFAULT_MMAP_MAX 65536 | |
199 | ||
200 | There are several other #defined constants and macros that you | |
201 | probably don't want to touch unless you are extending or adapting malloc. */ | |
f65fd747 UD |
202 | |
203 | /* | |
22a89187 | 204 | void* is the pointer type that malloc should say it returns |
f65fd747 UD |
205 | */ |
206 | ||
22a89187 UD |
207 | #ifndef void |
208 | #define void void | |
209 | #endif /*void*/ | |
f65fd747 | 210 | |
fa8d436c UD |
211 | #include <stddef.h> /* for size_t */ |
212 | #include <stdlib.h> /* for getenv(), abort() */ | |
2a26ef3a | 213 | #include <unistd.h> /* for __libc_enable_secure */ |
f65fd747 | 214 | |
425ce2ed | 215 | #include <atomic.h> |
eb96ffb0 | 216 | #include <_itoa.h> |
e404fb16 | 217 | #include <bits/wordsize.h> |
425ce2ed | 218 | #include <sys/sysinfo.h> |
c56da3a3 | 219 | |
02d46fc4 UD |
220 | #include <ldsodefs.h> |
221 | ||
fa8d436c | 222 | #include <unistd.h> |
fa8d436c | 223 | #include <stdio.h> /* needed for malloc_stats */ |
8e58439c | 224 | #include <errno.h> |
406e7a0a | 225 | #include <assert.h> |
f65fd747 | 226 | |
66274218 AJ |
227 | #include <shlib-compat.h> |
228 | ||
5d78bb43 UD |
229 | /* For uintptr_t. */ |
230 | #include <stdint.h> | |
f65fd747 | 231 | |
3e030bd5 UD |
232 | /* For va_arg, va_start, va_end. */ |
233 | #include <stdarg.h> | |
234 | ||
070906ff RM |
235 | /* For MIN, MAX, powerof2. */ |
236 | #include <sys/param.h> | |
237 | ||
ca6be165 | 238 | /* For ALIGN_UP et. al. */ |
9090848d | 239 | #include <libc-pointer-arith.h> |
8a35c3fe | 240 | |
d5c3fafc DD |
241 | /* For DIAG_PUSH/POP_NEEDS_COMMENT et al. */ |
242 | #include <libc-diag.h> | |
243 | ||
3784dfc0 RE |
244 | /* For memory tagging. */ |
245 | #include <libc-mtag.h> | |
246 | ||
29d79486 | 247 | #include <malloc/malloc-internal.h> |
c0f62c56 | 248 | |
6d43de4b WD |
249 | /* For SINGLE_THREAD_P. */ |
250 | #include <sysdep-cancel.h> | |
251 | ||
29a4db29 FW |
252 | #include <libc-internal.h> |
253 | ||
fc859c30 SP |
254 | /* For tcache double-free check. */ |
255 | #include <random-bits.h> | |
256 | #include <sys/random.h> | |
257 | ||
fa8d436c UD |
258 | /* |
259 | Debugging: | |
260 | ||
261 | Because freed chunks may be overwritten with bookkeeping fields, this | |
262 | malloc will often die when freed memory is overwritten by user | |
263 | programs. This can be very effective (albeit in an annoying way) | |
264 | in helping track down dangling pointers. | |
265 | ||
266 | If you compile with -DMALLOC_DEBUG, a number of assertion checks are | |
267 | enabled that will catch more memory errors. You probably won't be | |
268 | able to make much sense of the actual assertion errors, but they | |
269 | should help you locate incorrectly overwritten memory. The checking | |
270 | is fairly extensive, and will slow down execution | |
271 | noticeably. Calling malloc_stats or mallinfo with MALLOC_DEBUG set | |
272 | will attempt to check every non-mmapped allocated and free chunk in | |
273 | the course of computing the summmaries. (By nature, mmapped regions | |
274 | cannot be checked very much automatically.) | |
275 | ||
276 | Setting MALLOC_DEBUG may also be helpful if you are trying to modify | |
277 | this code. The assertions in the check routines spell out in more | |
278 | detail the assumptions and invariants underlying the algorithms. | |
279 | ||
280 | Setting MALLOC_DEBUG does NOT provide an automated mechanism for | |
281 | checking that all accesses to malloced memory stay within their | |
282 | bounds. However, there are several add-ons and adaptations of this | |
283 | or other mallocs available that do this. | |
f65fd747 UD |
284 | */ |
285 | ||
439bda32 WN |
286 | #ifndef MALLOC_DEBUG |
287 | #define MALLOC_DEBUG 0 | |
288 | #endif | |
289 | ||
b5bd5bfe | 290 | #if IS_IN (libc) |
406e7a0a ST |
291 | #ifndef NDEBUG |
292 | # define __assert_fail(assertion, file, line, function) \ | |
293 | __malloc_assert(assertion, file, line, function) | |
72f90263 UD |
294 | |
295 | extern const char *__progname; | |
296 | ||
297 | static void | |
298 | __malloc_assert (const char *assertion, const char *file, unsigned int line, | |
299 | const char *function) | |
300 | { | |
301 | (void) __fxprintf (NULL, "%s%s%s:%u: %s%sAssertion `%s' failed.\n", | |
302 | __progname, __progname[0] ? ": " : "", | |
303 | file, line, | |
304 | function ? function : "", function ? ": " : "", | |
305 | assertion); | |
306 | fflush (stderr); | |
307 | abort (); | |
308 | } | |
309 | #endif | |
b5bd5bfe | 310 | #endif |
f65fd747 | 311 | |
d5c3fafc DD |
312 | #if USE_TCACHE |
313 | /* We want 64 entries. This is an arbitrary limit, which tunables can reduce. */ | |
314 | # define TCACHE_MAX_BINS 64 | |
315 | # define MAX_TCACHE_SIZE tidx2usize (TCACHE_MAX_BINS-1) | |
316 | ||
317 | /* Only used to pre-fill the tunables. */ | |
318 | # define tidx2usize(idx) (((size_t) idx) * MALLOC_ALIGNMENT + MINSIZE - SIZE_SZ) | |
319 | ||
320 | /* When "x" is from chunksize(). */ | |
321 | # define csize2tidx(x) (((x) - MINSIZE + MALLOC_ALIGNMENT - 1) / MALLOC_ALIGNMENT) | |
322 | /* When "x" is a user-provided size. */ | |
323 | # define usize2tidx(x) csize2tidx (request2size (x)) | |
324 | ||
325 | /* With rounding and alignment, the bins are... | |
326 | idx 0 bytes 0..24 (64-bit) or 0..12 (32-bit) | |
327 | idx 1 bytes 25..40 or 13..20 | |
328 | idx 2 bytes 41..56 or 21..28 | |
329 | etc. */ | |
330 | ||
331 | /* This is another arbitrary limit, which tunables can change. Each | |
332 | tcache bin will hold at most this number of chunks. */ | |
333 | # define TCACHE_FILL_COUNT 7 | |
1f50f2ad WD |
334 | |
335 | /* Maximum chunks in tcache bins for tunables. This value must fit the range | |
336 | of tcache->counts[] entries, else they may overflow. */ | |
337 | # define MAX_TCACHE_COUNT UINT16_MAX | |
d5c3fafc DD |
338 | #endif |
339 | ||
a1a486d7 EI |
340 | /* Safe-Linking: |
341 | Use randomness from ASLR (mmap_base) to protect single-linked lists | |
342 | of Fast-Bins and TCache. That is, mask the "next" pointers of the | |
343 | lists' chunks, and also perform allocation alignment checks on them. | |
344 | This mechanism reduces the risk of pointer hijacking, as was done with | |
345 | Safe-Unlinking in the double-linked lists of Small-Bins. | |
346 | It assumes a minimum page size of 4096 bytes (12 bits). Systems with | |
347 | larger pages provide less entropy, although the pointer mangling | |
348 | still works. */ | |
349 | #define PROTECT_PTR(pos, ptr) \ | |
350 | ((__typeof (ptr)) ((((size_t) pos) >> 12) ^ ((size_t) ptr))) | |
351 | #define REVEAL_PTR(ptr) PROTECT_PTR (&ptr, ptr) | |
f65fd747 | 352 | |
fa8d436c | 353 | /* |
9f1bed18 PE |
354 | The REALLOC_ZERO_BYTES_FREES macro controls the behavior of realloc (p, 0) |
355 | when p is nonnull. If the macro is nonzero, the realloc call returns NULL; | |
356 | otherwise, the call returns what malloc (0) would. In either case, | |
357 | p is freed. Glibc uses a nonzero REALLOC_ZERO_BYTES_FREES, which | |
358 | implements common historical practice. | |
359 | ||
360 | ISO C17 says the realloc call has implementation-defined behavior, | |
361 | and it might not even free p. | |
fa8d436c UD |
362 | */ |
363 | ||
364 | #ifndef REALLOC_ZERO_BYTES_FREES | |
365 | #define REALLOC_ZERO_BYTES_FREES 1 | |
366 | #endif | |
367 | ||
368 | /* | |
369 | TRIM_FASTBINS controls whether free() of a very small chunk can | |
370 | immediately lead to trimming. Setting to true (1) can reduce memory | |
371 | footprint, but will almost always slow down programs that use a lot | |
372 | of small chunks. | |
373 | ||
374 | Define this only if you are willing to give up some speed to more | |
375 | aggressively reduce system-level memory footprint when releasing | |
376 | memory in programs that use many small chunks. You can get | |
377 | essentially the same effect by setting MXFAST to 0, but this can | |
378 | lead to even greater slowdowns in programs using many small chunks. | |
379 | TRIM_FASTBINS is an in-between compile-time option, that disables | |
380 | only those chunks bordering topmost memory from being placed in | |
381 | fastbins. | |
382 | */ | |
383 | ||
384 | #ifndef TRIM_FASTBINS | |
385 | #define TRIM_FASTBINS 0 | |
386 | #endif | |
387 | ||
3b49edc0 | 388 | /* Definition for getting more memory from the OS. */ |
55a4dd39 SP |
389 | #include "morecore.c" |
390 | ||
391 | #define MORECORE (*__glibc_morecore) | |
fa8d436c | 392 | #define MORECORE_FAILURE 0 |
f65fd747 | 393 | |
3784dfc0 RE |
394 | /* Memory tagging. */ |
395 | ||
396 | /* Some systems support the concept of tagging (sometimes known as | |
397 | coloring) memory locations on a fine grained basis. Each memory | |
398 | location is given a color (normally allocated randomly) and | |
399 | pointers are also colored. When the pointer is dereferenced, the | |
400 | pointer's color is checked against the memory's color and if they | |
401 | differ the access is faulted (sometimes lazily). | |
402 | ||
403 | We use this in glibc by maintaining a single color for the malloc | |
404 | data structures that are interleaved with the user data and then | |
405 | assigning separate colors for each block allocation handed out. In | |
406 | this way simple buffer overruns will be rapidly detected. When | |
407 | memory is freed, the memory is recolored back to the glibc default | |
408 | so that simple use-after-free errors can also be detected. | |
409 | ||
410 | If memory is reallocated the buffer is recolored even if the | |
411 | address remains the same. This has a performance impact, but | |
412 | guarantees that the old pointer cannot mistakenly be reused (code | |
413 | that compares old against new will see a mismatch and will then | |
414 | need to behave as though realloc moved the data to a new location). | |
415 | ||
416 | Internal API for memory tagging support. | |
417 | ||
418 | The aim is to keep the code for memory tagging support as close to | |
419 | the normal APIs in glibc as possible, so that if tagging is not | |
420 | enabled in the library, or is disabled at runtime then standard | |
421 | operations can continue to be used. Support macros are used to do | |
422 | this: | |
423 | ||
c076a0bc | 424 | void *tag_new_zero_region (void *ptr, size_t size) |
3784dfc0 | 425 | |
c076a0bc SN |
426 | Allocates a new tag, colors the memory with that tag, zeros the |
427 | memory and returns a pointer that is correctly colored for that | |
428 | location. The non-tagging version will simply call memset with 0. | |
3784dfc0 | 429 | |
0c719cf4 | 430 | void *tag_region (void *ptr, size_t size) |
3784dfc0 RE |
431 | |
432 | Color the region of memory pointed to by PTR and size SIZE with | |
433 | the color of PTR. Returns the original pointer. | |
434 | ||
0c719cf4 | 435 | void *tag_new_usable (void *ptr) |
3784dfc0 RE |
436 | |
437 | Allocate a new random color and use it to color the user region of | |
438 | a chunk; this may include data from the subsequent chunk's header | |
439 | if tagging is sufficiently fine grained. Returns PTR suitably | |
440 | recolored for accessing the memory there. | |
441 | ||
0c719cf4 | 442 | void *tag_at (void *ptr) |
3784dfc0 RE |
443 | |
444 | Read the current color of the memory at the address pointed to by | |
445 | PTR (ignoring it's current color) and return PTR recolored to that | |
446 | color. PTR must be valid address in all other respects. When | |
447 | tagging is not enabled, it simply returns the original pointer. | |
448 | */ | |
449 | ||
450 | #ifdef USE_MTAG | |
42bac88a SN |
451 | static bool mtag_enabled = false; |
452 | static int mtag_mmap_flags = 0; | |
42bac88a SN |
453 | #else |
454 | # define mtag_enabled false | |
455 | # define mtag_mmap_flags 0 | |
456 | #endif | |
3784dfc0 | 457 | |
42bac88a SN |
458 | static __always_inline void * |
459 | tag_region (void *ptr, size_t size) | |
3784dfc0 | 460 | { |
42bac88a SN |
461 | if (__glibc_unlikely (mtag_enabled)) |
462 | return __libc_mtag_tag_region (ptr, size); | |
3784dfc0 RE |
463 | return ptr; |
464 | } | |
465 | ||
42bac88a | 466 | static __always_inline void * |
c076a0bc | 467 | tag_new_zero_region (void *ptr, size_t size) |
3784dfc0 | 468 | { |
42bac88a | 469 | if (__glibc_unlikely (mtag_enabled)) |
c076a0bc SN |
470 | return __libc_mtag_tag_zero_region (__libc_mtag_new_tag (ptr), size); |
471 | return memset (ptr, 0, size); | |
3784dfc0 RE |
472 | } |
473 | ||
42bac88a SN |
474 | /* Defined later. */ |
475 | static void * | |
476 | tag_new_usable (void *ptr); | |
3784dfc0 | 477 | |
42bac88a SN |
478 | static __always_inline void * |
479 | tag_at (void *ptr) | |
480 | { | |
481 | if (__glibc_unlikely (mtag_enabled)) | |
482 | return __libc_mtag_address_get_tag (ptr); | |
483 | return ptr; | |
484 | } | |
f65fd747 | 485 | |
22a89187 | 486 | #include <string.h> |
f65fd747 | 487 | |
fa8d436c UD |
488 | /* |
489 | MORECORE-related declarations. By default, rely on sbrk | |
490 | */ | |
09f5e163 | 491 | |
f65fd747 | 492 | |
fa8d436c UD |
493 | /* |
494 | MORECORE is the name of the routine to call to obtain more memory | |
495 | from the system. See below for general guidance on writing | |
496 | alternative MORECORE functions, as well as a version for WIN32 and a | |
497 | sample version for pre-OSX macos. | |
498 | */ | |
f65fd747 | 499 | |
fa8d436c UD |
500 | #ifndef MORECORE |
501 | #define MORECORE sbrk | |
502 | #endif | |
f65fd747 | 503 | |
fa8d436c UD |
504 | /* |
505 | MORECORE_FAILURE is the value returned upon failure of MORECORE | |
506 | as well as mmap. Since it cannot be an otherwise valid memory address, | |
507 | and must reflect values of standard sys calls, you probably ought not | |
508 | try to redefine it. | |
509 | */ | |
09f5e163 | 510 | |
fa8d436c UD |
511 | #ifndef MORECORE_FAILURE |
512 | #define MORECORE_FAILURE (-1) | |
513 | #endif | |
514 | ||
515 | /* | |
516 | If MORECORE_CONTIGUOUS is true, take advantage of fact that | |
517 | consecutive calls to MORECORE with positive arguments always return | |
518 | contiguous increasing addresses. This is true of unix sbrk. Even | |
519 | if not defined, when regions happen to be contiguous, malloc will | |
520 | permit allocations spanning regions obtained from different | |
521 | calls. But defining this when applicable enables some stronger | |
522 | consistency checks and space efficiencies. | |
523 | */ | |
f65fd747 | 524 | |
fa8d436c UD |
525 | #ifndef MORECORE_CONTIGUOUS |
526 | #define MORECORE_CONTIGUOUS 1 | |
f65fd747 UD |
527 | #endif |
528 | ||
fa8d436c UD |
529 | /* |
530 | Define MORECORE_CANNOT_TRIM if your version of MORECORE | |
531 | cannot release space back to the system when given negative | |
532 | arguments. This is generally necessary only if you are using | |
533 | a hand-crafted MORECORE function that cannot handle negative arguments. | |
534 | */ | |
535 | ||
536 | /* #define MORECORE_CANNOT_TRIM */ | |
f65fd747 | 537 | |
fa8d436c UD |
538 | /* MORECORE_CLEARS (default 1) |
539 | The degree to which the routine mapped to MORECORE zeroes out | |
540 | memory: never (0), only for newly allocated space (1) or always | |
541 | (2). The distinction between (1) and (2) is necessary because on | |
542 | some systems, if the application first decrements and then | |
543 | increments the break value, the contents of the reallocated space | |
544 | are unspecified. | |
6c8dbf00 | 545 | */ |
fa8d436c UD |
546 | |
547 | #ifndef MORECORE_CLEARS | |
6c8dbf00 | 548 | # define MORECORE_CLEARS 1 |
7cabd57c UD |
549 | #endif |
550 | ||
fa8d436c | 551 | |
a9177ff5 | 552 | /* |
fa8d436c | 553 | MMAP_AS_MORECORE_SIZE is the minimum mmap size argument to use if |
22a89187 UD |
554 | sbrk fails, and mmap is used as a backup. The value must be a |
555 | multiple of page size. This backup strategy generally applies only | |
556 | when systems have "holes" in address space, so sbrk cannot perform | |
557 | contiguous expansion, but there is still space available on system. | |
558 | On systems for which this is known to be useful (i.e. most linux | |
559 | kernels), this occurs only when programs allocate huge amounts of | |
560 | memory. Between this, and the fact that mmap regions tend to be | |
561 | limited, the size should be large, to avoid too many mmap calls and | |
562 | thus avoid running out of kernel resources. */ | |
fa8d436c UD |
563 | |
564 | #ifndef MMAP_AS_MORECORE_SIZE | |
565 | #define MMAP_AS_MORECORE_SIZE (1024 * 1024) | |
f65fd747 UD |
566 | #endif |
567 | ||
568 | /* | |
569 | Define HAVE_MREMAP to make realloc() use mremap() to re-allocate | |
2a26ef3a | 570 | large blocks. |
f65fd747 UD |
571 | */ |
572 | ||
573 | #ifndef HAVE_MREMAP | |
fa8d436c | 574 | #define HAVE_MREMAP 0 |
f65fd747 UD |
575 | #endif |
576 | ||
f65fd747 | 577 | /* |
f65fd747 | 578 | This version of malloc supports the standard SVID/XPG mallinfo |
fa8d436c UD |
579 | routine that returns a struct containing usage properties and |
580 | statistics. It should work on any SVID/XPG compliant system that has | |
581 | a /usr/include/malloc.h defining struct mallinfo. (If you'd like to | |
582 | install such a thing yourself, cut out the preliminary declarations | |
583 | as described above and below and save them in a malloc.h file. But | |
584 | there's no compelling reason to bother to do this.) | |
f65fd747 UD |
585 | |
586 | The main declaration needed is the mallinfo struct that is returned | |
587 | (by-copy) by mallinfo(). The SVID/XPG malloinfo struct contains a | |
fa8d436c UD |
588 | bunch of fields that are not even meaningful in this version of |
589 | malloc. These fields are are instead filled by mallinfo() with | |
590 | other numbers that might be of interest. | |
f65fd747 UD |
591 | */ |
592 | ||
f65fd747 | 593 | |
fa8d436c | 594 | /* ---------- description of public routines ------------ */ |
f65fd747 | 595 | |
b5bd5bfe | 596 | #if IS_IN (libc) |
f65fd747 | 597 | /* |
fa8d436c UD |
598 | malloc(size_t n) |
599 | Returns a pointer to a newly allocated chunk of at least n bytes, or null | |
600 | if no space is available. Additionally, on failure, errno is | |
601 | set to ENOMEM on ANSI C systems. | |
602 | ||
862897d2 | 603 | If n is zero, malloc returns a minimum-sized chunk. (The minimum |
fa8d436c UD |
604 | size is 16 bytes on most 32bit systems, and 24 or 32 bytes on 64bit |
605 | systems.) On most systems, size_t is an unsigned type, so calls | |
606 | with negative arguments are interpreted as requests for huge amounts | |
607 | of space, which will often fail. The maximum supported value of n | |
608 | differs across systems, but is in all cases less than the maximum | |
609 | representable value of a size_t. | |
f65fd747 | 610 | */ |
3b49edc0 UD |
611 | void* __libc_malloc(size_t); |
612 | libc_hidden_proto (__libc_malloc) | |
f65fd747 | 613 | |
fa8d436c | 614 | /* |
22a89187 | 615 | free(void* p) |
fa8d436c UD |
616 | Releases the chunk of memory pointed to by p, that had been previously |
617 | allocated using malloc or a related routine such as realloc. | |
618 | It has no effect if p is null. It can have arbitrary (i.e., bad!) | |
619 | effects if p has already been freed. | |
620 | ||
621 | Unless disabled (using mallopt), freeing very large spaces will | |
622 | when possible, automatically trigger operations that give | |
623 | back unused memory to the system, thus reducing program footprint. | |
624 | */ | |
3b49edc0 UD |
625 | void __libc_free(void*); |
626 | libc_hidden_proto (__libc_free) | |
f65fd747 | 627 | |
fa8d436c UD |
628 | /* |
629 | calloc(size_t n_elements, size_t element_size); | |
630 | Returns a pointer to n_elements * element_size bytes, with all locations | |
631 | set to zero. | |
632 | */ | |
3b49edc0 | 633 | void* __libc_calloc(size_t, size_t); |
f65fd747 UD |
634 | |
635 | /* | |
22a89187 | 636 | realloc(void* p, size_t n) |
fa8d436c UD |
637 | Returns a pointer to a chunk of size n that contains the same data |
638 | as does chunk p up to the minimum of (n, p's size) bytes, or null | |
a9177ff5 | 639 | if no space is available. |
f65fd747 | 640 | |
fa8d436c UD |
641 | The returned pointer may or may not be the same as p. The algorithm |
642 | prefers extending p when possible, otherwise it employs the | |
643 | equivalent of a malloc-copy-free sequence. | |
f65fd747 | 644 | |
a9177ff5 | 645 | If p is null, realloc is equivalent to malloc. |
f65fd747 | 646 | |
fa8d436c UD |
647 | If space is not available, realloc returns null, errno is set (if on |
648 | ANSI) and p is NOT freed. | |
f65fd747 | 649 | |
fa8d436c UD |
650 | if n is for fewer bytes than already held by p, the newly unused |
651 | space is lopped off and freed if possible. Unless the #define | |
652 | REALLOC_ZERO_BYTES_FREES is set, realloc with a size argument of | |
653 | zero (re)allocates a minimum-sized chunk. | |
f65fd747 | 654 | |
3b5f801d DD |
655 | Large chunks that were internally obtained via mmap will always be |
656 | grown using malloc-copy-free sequences unless the system supports | |
657 | MREMAP (currently only linux). | |
f65fd747 | 658 | |
fa8d436c UD |
659 | The old unix realloc convention of allowing the last-free'd chunk |
660 | to be used as an argument to realloc is not supported. | |
f65fd747 | 661 | */ |
3b49edc0 UD |
662 | void* __libc_realloc(void*, size_t); |
663 | libc_hidden_proto (__libc_realloc) | |
f65fd747 | 664 | |
fa8d436c UD |
665 | /* |
666 | memalign(size_t alignment, size_t n); | |
667 | Returns a pointer to a newly allocated chunk of n bytes, aligned | |
668 | in accord with the alignment argument. | |
669 | ||
670 | The alignment argument should be a power of two. If the argument is | |
671 | not a power of two, the nearest greater power is used. | |
672 | 8-byte alignment is guaranteed by normal malloc calls, so don't | |
673 | bother calling memalign with an argument of 8 or less. | |
674 | ||
675 | Overreliance on memalign is a sure way to fragment space. | |
676 | */ | |
3b49edc0 UD |
677 | void* __libc_memalign(size_t, size_t); |
678 | libc_hidden_proto (__libc_memalign) | |
f65fd747 UD |
679 | |
680 | /* | |
fa8d436c UD |
681 | valloc(size_t n); |
682 | Equivalent to memalign(pagesize, n), where pagesize is the page | |
683 | size of the system. If the pagesize is unknown, 4096 is used. | |
684 | */ | |
3b49edc0 | 685 | void* __libc_valloc(size_t); |
fa8d436c | 686 | |
f65fd747 | 687 | |
f65fd747 | 688 | |
fa8d436c UD |
689 | /* |
690 | mallinfo() | |
691 | Returns (by copy) a struct containing various summary statistics: | |
692 | ||
a9177ff5 RM |
693 | arena: current total non-mmapped bytes allocated from system |
694 | ordblks: the number of free chunks | |
fa8d436c | 695 | smblks: the number of fastbin blocks (i.e., small chunks that |
72f90263 | 696 | have been freed but not use resused or consolidated) |
a9177ff5 RM |
697 | hblks: current number of mmapped regions |
698 | hblkhd: total bytes held in mmapped regions | |
ca135f82 | 699 | usmblks: always 0 |
a9177ff5 | 700 | fsmblks: total bytes held in fastbin blocks |
fa8d436c | 701 | uordblks: current total allocated space (normal or mmapped) |
a9177ff5 | 702 | fordblks: total free space |
fa8d436c | 703 | keepcost: the maximum number of bytes that could ideally be released |
72f90263 UD |
704 | back to system via malloc_trim. ("ideally" means that |
705 | it ignores page restrictions etc.) | |
fa8d436c UD |
706 | |
707 | Because these fields are ints, but internal bookkeeping may | |
a9177ff5 | 708 | be kept as longs, the reported values may wrap around zero and |
fa8d436c UD |
709 | thus be inaccurate. |
710 | */ | |
e3960d1c | 711 | struct mallinfo2 __libc_mallinfo2(void); |
cdf64542 | 712 | libc_hidden_proto (__libc_mallinfo2) |
e3960d1c | 713 | |
3b49edc0 | 714 | struct mallinfo __libc_mallinfo(void); |
88764ae2 | 715 | |
f65fd747 | 716 | |
fa8d436c UD |
717 | /* |
718 | pvalloc(size_t n); | |
719 | Equivalent to valloc(minimum-page-that-holds(n)), that is, | |
720 | round up n to nearest pagesize. | |
721 | */ | |
3b49edc0 | 722 | void* __libc_pvalloc(size_t); |
fa8d436c UD |
723 | |
724 | /* | |
725 | malloc_trim(size_t pad); | |
726 | ||
727 | If possible, gives memory back to the system (via negative | |
728 | arguments to sbrk) if there is unused memory at the `high' end of | |
729 | the malloc pool. You can call this after freeing large blocks of | |
730 | memory to potentially reduce the system-level memory requirements | |
731 | of a program. However, it cannot guarantee to reduce memory. Under | |
732 | some allocation patterns, some large free blocks of memory will be | |
733 | locked between two used chunks, so they cannot be given back to | |
734 | the system. | |
a9177ff5 | 735 | |
fa8d436c UD |
736 | The `pad' argument to malloc_trim represents the amount of free |
737 | trailing space to leave untrimmed. If this argument is zero, | |
738 | only the minimum amount of memory to maintain internal data | |
739 | structures will be left (one page or less). Non-zero arguments | |
740 | can be supplied to maintain enough trailing space to service | |
741 | future expected allocations without having to re-obtain memory | |
742 | from the system. | |
a9177ff5 | 743 | |
fa8d436c UD |
744 | Malloc_trim returns 1 if it actually released any memory, else 0. |
745 | On systems that do not support "negative sbrks", it will always | |
c958a6a4 | 746 | return 0. |
fa8d436c | 747 | */ |
3b49edc0 | 748 | int __malloc_trim(size_t); |
fa8d436c UD |
749 | |
750 | /* | |
22a89187 | 751 | malloc_usable_size(void* p); |
fa8d436c UD |
752 | |
753 | Returns the number of bytes you can actually use in | |
754 | an allocated chunk, which may be more than you requested (although | |
755 | often not) due to alignment and minimum size constraints. | |
756 | You can use this many bytes without worrying about | |
757 | overwriting other allocated objects. This is not a particularly great | |
758 | programming practice. malloc_usable_size can be more useful in | |
759 | debugging and assertions, for example: | |
760 | ||
761 | p = malloc(n); | |
762 | assert(malloc_usable_size(p) >= 256); | |
763 | ||
764 | */ | |
3b49edc0 | 765 | size_t __malloc_usable_size(void*); |
fa8d436c UD |
766 | |
767 | /* | |
768 | malloc_stats(); | |
769 | Prints on stderr the amount of space obtained from the system (both | |
770 | via sbrk and mmap), the maximum amount (which may be more than | |
771 | current if malloc_trim and/or munmap got called), and the current | |
772 | number of bytes allocated via malloc (or realloc, etc) but not yet | |
773 | freed. Note that this is the number of bytes allocated, not the | |
774 | number requested. It will be larger than the number requested | |
775 | because of alignment and bookkeeping overhead. Because it includes | |
776 | alignment wastage as being in use, this figure may be greater than | |
777 | zero even when no user-level chunks are allocated. | |
778 | ||
779 | The reported current and maximum system memory can be inaccurate if | |
780 | a program makes other calls to system memory allocation functions | |
781 | (normally sbrk) outside of malloc. | |
782 | ||
783 | malloc_stats prints only the most commonly interesting statistics. | |
784 | More information can be obtained by calling mallinfo. | |
785 | ||
786 | */ | |
3b49edc0 | 787 | void __malloc_stats(void); |
f65fd747 | 788 | |
f7ddf3d3 UD |
789 | /* |
790 | posix_memalign(void **memptr, size_t alignment, size_t size); | |
791 | ||
792 | POSIX wrapper like memalign(), checking for validity of size. | |
793 | */ | |
794 | int __posix_memalign(void **, size_t, size_t); | |
b5bd5bfe | 795 | #endif /* IS_IN (libc) */ |
f7ddf3d3 | 796 | |
5b8d2715 SP |
797 | /* |
798 | mallopt(int parameter_number, int parameter_value) | |
799 | Sets tunable parameters The format is to provide a | |
800 | (parameter-number, parameter-value) pair. mallopt then sets the | |
801 | corresponding parameter to the argument value if it can (i.e., so | |
802 | long as the value is meaningful), and returns 1 if successful else | |
803 | 0. SVID/XPG/ANSI defines four standard param numbers for mallopt, | |
804 | normally defined in malloc.h. Only one of these (M_MXFAST) is used | |
805 | in this malloc. The others (M_NLBLKS, M_GRAIN, M_KEEP) don't apply, | |
806 | so setting them has no effect. But this malloc also supports four | |
807 | other options in mallopt. See below for details. Briefly, supported | |
808 | parameters are as follows (listed defaults are for "typical" | |
809 | configurations). | |
810 | ||
811 | Symbol param # default allowed param values | |
812 | M_MXFAST 1 64 0-80 (0 disables fastbins) | |
813 | M_TRIM_THRESHOLD -1 128*1024 any (-1U disables trimming) | |
814 | M_TOP_PAD -2 0 any | |
815 | M_MMAP_THRESHOLD -3 128*1024 any (or 0 if no MMAP support) | |
816 | M_MMAP_MAX -4 65536 any (0 disables use of mmap) | |
817 | */ | |
818 | int __libc_mallopt(int, int); | |
819 | #if IS_IN (libc) | |
820 | libc_hidden_proto (__libc_mallopt) | |
821 | #endif | |
822 | ||
fa8d436c UD |
823 | /* mallopt tuning options */ |
824 | ||
f65fd747 | 825 | /* |
fa8d436c UD |
826 | M_MXFAST is the maximum request size used for "fastbins", special bins |
827 | that hold returned chunks without consolidating their spaces. This | |
828 | enables future requests for chunks of the same size to be handled | |
829 | very quickly, but can increase fragmentation, and thus increase the | |
830 | overall memory footprint of a program. | |
831 | ||
832 | This malloc manages fastbins very conservatively yet still | |
833 | efficiently, so fragmentation is rarely a problem for values less | |
834 | than or equal to the default. The maximum supported value of MXFAST | |
835 | is 80. You wouldn't want it any higher than this anyway. Fastbins | |
836 | are designed especially for use with many small structs, objects or | |
837 | strings -- the default handles structs/objects/arrays with sizes up | |
838 | to 8 4byte fields, or small strings representing words, tokens, | |
839 | etc. Using fastbins for larger objects normally worsens | |
840 | fragmentation without improving speed. | |
841 | ||
842 | M_MXFAST is set in REQUEST size units. It is internally used in | |
843 | chunksize units, which adds padding and alignment. You can reduce | |
844 | M_MXFAST to 0 to disable all use of fastbins. This causes the malloc | |
845 | algorithm to be a closer approximation of fifo-best-fit in all cases, | |
846 | not just for larger requests, but will generally cause it to be | |
847 | slower. | |
f65fd747 UD |
848 | */ |
849 | ||
850 | ||
fa8d436c UD |
851 | /* M_MXFAST is a standard SVID/XPG tuning option, usually listed in malloc.h */ |
852 | #ifndef M_MXFAST | |
a9177ff5 | 853 | #define M_MXFAST 1 |
fa8d436c | 854 | #endif |
f65fd747 | 855 | |
fa8d436c | 856 | #ifndef DEFAULT_MXFAST |
425ce2ed | 857 | #define DEFAULT_MXFAST (64 * SIZE_SZ / 4) |
10dc2a90 UD |
858 | #endif |
859 | ||
10dc2a90 | 860 | |
fa8d436c UD |
861 | /* |
862 | M_TRIM_THRESHOLD is the maximum amount of unused top-most memory | |
863 | to keep before releasing via malloc_trim in free(). | |
864 | ||
865 | Automatic trimming is mainly useful in long-lived programs. | |
866 | Because trimming via sbrk can be slow on some systems, and can | |
867 | sometimes be wasteful (in cases where programs immediately | |
868 | afterward allocate more large chunks) the value should be high | |
869 | enough so that your overall system performance would improve by | |
870 | releasing this much memory. | |
871 | ||
872 | The trim threshold and the mmap control parameters (see below) | |
873 | can be traded off with one another. Trimming and mmapping are | |
874 | two different ways of releasing unused memory back to the | |
875 | system. Between these two, it is often possible to keep | |
876 | system-level demands of a long-lived program down to a bare | |
877 | minimum. For example, in one test suite of sessions measuring | |
878 | the XF86 X server on Linux, using a trim threshold of 128K and a | |
879 | mmap threshold of 192K led to near-minimal long term resource | |
880 | consumption. | |
881 | ||
882 | If you are using this malloc in a long-lived program, it should | |
883 | pay to experiment with these values. As a rough guide, you | |
884 | might set to a value close to the average size of a process | |
885 | (program) running on your system. Releasing this much memory | |
886 | would allow such a process to run in memory. Generally, it's | |
887 | worth it to tune for trimming rather tham memory mapping when a | |
888 | program undergoes phases where several large chunks are | |
889 | allocated and released in ways that can reuse each other's | |
890 | storage, perhaps mixed with phases where there are no such | |
891 | chunks at all. And in well-behaved long-lived programs, | |
892 | controlling release of large blocks via trimming versus mapping | |
893 | is usually faster. | |
894 | ||
895 | However, in most programs, these parameters serve mainly as | |
896 | protection against the system-level effects of carrying around | |
897 | massive amounts of unneeded memory. Since frequent calls to | |
898 | sbrk, mmap, and munmap otherwise degrade performance, the default | |
899 | parameters are set to relatively high values that serve only as | |
900 | safeguards. | |
901 | ||
902 | The trim value It must be greater than page size to have any useful | |
a9177ff5 | 903 | effect. To disable trimming completely, you can set to |
fa8d436c UD |
904 | (unsigned long)(-1) |
905 | ||
906 | Trim settings interact with fastbin (MXFAST) settings: Unless | |
907 | TRIM_FASTBINS is defined, automatic trimming never takes place upon | |
908 | freeing a chunk with size less than or equal to MXFAST. Trimming is | |
909 | instead delayed until subsequent freeing of larger chunks. However, | |
910 | you can still force an attempted trim by calling malloc_trim. | |
911 | ||
912 | Also, trimming is not generally possible in cases where | |
913 | the main arena is obtained via mmap. | |
914 | ||
915 | Note that the trick some people use of mallocing a huge space and | |
916 | then freeing it at program startup, in an attempt to reserve system | |
917 | memory, doesn't have the intended effect under automatic trimming, | |
918 | since that memory will immediately be returned to the system. | |
919 | */ | |
920 | ||
921 | #define M_TRIM_THRESHOLD -1 | |
922 | ||
923 | #ifndef DEFAULT_TRIM_THRESHOLD | |
924 | #define DEFAULT_TRIM_THRESHOLD (128 * 1024) | |
925 | #endif | |
926 | ||
927 | /* | |
928 | M_TOP_PAD is the amount of extra `padding' space to allocate or | |
929 | retain whenever sbrk is called. It is used in two ways internally: | |
930 | ||
931 | * When sbrk is called to extend the top of the arena to satisfy | |
932 | a new malloc request, this much padding is added to the sbrk | |
933 | request. | |
934 | ||
935 | * When malloc_trim is called automatically from free(), | |
936 | it is used as the `pad' argument. | |
937 | ||
938 | In both cases, the actual amount of padding is rounded | |
939 | so that the end of the arena is always a system page boundary. | |
940 | ||
941 | The main reason for using padding is to avoid calling sbrk so | |
942 | often. Having even a small pad greatly reduces the likelihood | |
943 | that nearly every malloc request during program start-up (or | |
944 | after trimming) will invoke sbrk, which needlessly wastes | |
945 | time. | |
946 | ||
947 | Automatic rounding-up to page-size units is normally sufficient | |
948 | to avoid measurable overhead, so the default is 0. However, in | |
949 | systems where sbrk is relatively slow, it can pay to increase | |
950 | this value, at the expense of carrying around more memory than | |
951 | the program needs. | |
952 | */ | |
10dc2a90 | 953 | |
fa8d436c | 954 | #define M_TOP_PAD -2 |
10dc2a90 | 955 | |
fa8d436c UD |
956 | #ifndef DEFAULT_TOP_PAD |
957 | #define DEFAULT_TOP_PAD (0) | |
958 | #endif | |
f65fd747 | 959 | |
1d05c2fb UD |
960 | /* |
961 | MMAP_THRESHOLD_MAX and _MIN are the bounds on the dynamically | |
962 | adjusted MMAP_THRESHOLD. | |
963 | */ | |
964 | ||
965 | #ifndef DEFAULT_MMAP_THRESHOLD_MIN | |
966 | #define DEFAULT_MMAP_THRESHOLD_MIN (128 * 1024) | |
967 | #endif | |
968 | ||
969 | #ifndef DEFAULT_MMAP_THRESHOLD_MAX | |
e404fb16 UD |
970 | /* For 32-bit platforms we cannot increase the maximum mmap |
971 | threshold much because it is also the minimum value for the | |
bd2c2341 UD |
972 | maximum heap size and its alignment. Going above 512k (i.e., 1M |
973 | for new heaps) wastes too much address space. */ | |
e404fb16 | 974 | # if __WORDSIZE == 32 |
bd2c2341 | 975 | # define DEFAULT_MMAP_THRESHOLD_MAX (512 * 1024) |
e404fb16 | 976 | # else |
bd2c2341 | 977 | # define DEFAULT_MMAP_THRESHOLD_MAX (4 * 1024 * 1024 * sizeof(long)) |
e404fb16 | 978 | # endif |
1d05c2fb UD |
979 | #endif |
980 | ||
fa8d436c UD |
981 | /* |
982 | M_MMAP_THRESHOLD is the request size threshold for using mmap() | |
983 | to service a request. Requests of at least this size that cannot | |
984 | be allocated using already-existing space will be serviced via mmap. | |
985 | (If enough normal freed space already exists it is used instead.) | |
986 | ||
987 | Using mmap segregates relatively large chunks of memory so that | |
988 | they can be individually obtained and released from the host | |
989 | system. A request serviced through mmap is never reused by any | |
990 | other request (at least not directly; the system may just so | |
991 | happen to remap successive requests to the same locations). | |
992 | ||
993 | Segregating space in this way has the benefits that: | |
994 | ||
a9177ff5 RM |
995 | 1. Mmapped space can ALWAYS be individually released back |
996 | to the system, which helps keep the system level memory | |
997 | demands of a long-lived program low. | |
fa8d436c UD |
998 | 2. Mapped memory can never become `locked' between |
999 | other chunks, as can happen with normally allocated chunks, which | |
1000 | means that even trimming via malloc_trim would not release them. | |
1001 | 3. On some systems with "holes" in address spaces, mmap can obtain | |
1002 | memory that sbrk cannot. | |
1003 | ||
1004 | However, it has the disadvantages that: | |
1005 | ||
1006 | 1. The space cannot be reclaimed, consolidated, and then | |
1007 | used to service later requests, as happens with normal chunks. | |
1008 | 2. It can lead to more wastage because of mmap page alignment | |
1009 | requirements | |
1010 | 3. It causes malloc performance to be more dependent on host | |
1011 | system memory management support routines which may vary in | |
1012 | implementation quality and may impose arbitrary | |
1013 | limitations. Generally, servicing a request via normal | |
1014 | malloc steps is faster than going through a system's mmap. | |
1015 | ||
1016 | The advantages of mmap nearly always outweigh disadvantages for | |
1017 | "large" chunks, but the value of "large" varies across systems. The | |
1018 | default is an empirically derived value that works well in most | |
1019 | systems. | |
1d05c2fb UD |
1020 | |
1021 | ||
1022 | Update in 2006: | |
1023 | The above was written in 2001. Since then the world has changed a lot. | |
1024 | Memory got bigger. Applications got bigger. The virtual address space | |
1025 | layout in 32 bit linux changed. | |
1026 | ||
1027 | In the new situation, brk() and mmap space is shared and there are no | |
1028 | artificial limits on brk size imposed by the kernel. What is more, | |
1029 | applications have started using transient allocations larger than the | |
1030 | 128Kb as was imagined in 2001. | |
1031 | ||
1032 | The price for mmap is also high now; each time glibc mmaps from the | |
1033 | kernel, the kernel is forced to zero out the memory it gives to the | |
1034 | application. Zeroing memory is expensive and eats a lot of cache and | |
1035 | memory bandwidth. This has nothing to do with the efficiency of the | |
1036 | virtual memory system, by doing mmap the kernel just has no choice but | |
1037 | to zero. | |
1038 | ||
1039 | In 2001, the kernel had a maximum size for brk() which was about 800 | |
1040 | megabytes on 32 bit x86, at that point brk() would hit the first | |
1041 | mmaped shared libaries and couldn't expand anymore. With current 2.6 | |
1042 | kernels, the VA space layout is different and brk() and mmap | |
1043 | both can span the entire heap at will. | |
1044 | ||
1045 | Rather than using a static threshold for the brk/mmap tradeoff, | |
1046 | we are now using a simple dynamic one. The goal is still to avoid | |
1047 | fragmentation. The old goals we kept are | |
1048 | 1) try to get the long lived large allocations to use mmap() | |
1049 | 2) really large allocations should always use mmap() | |
1050 | and we're adding now: | |
1051 | 3) transient allocations should use brk() to avoid forcing the kernel | |
1052 | having to zero memory over and over again | |
1053 | ||
1054 | The implementation works with a sliding threshold, which is by default | |
1055 | limited to go between 128Kb and 32Mb (64Mb for 64 bitmachines) and starts | |
1056 | out at 128Kb as per the 2001 default. | |
1057 | ||
1058 | This allows us to satisfy requirement 1) under the assumption that long | |
1059 | lived allocations are made early in the process' lifespan, before it has | |
1060 | started doing dynamic allocations of the same size (which will | |
1061 | increase the threshold). | |
1062 | ||
1063 | The upperbound on the threshold satisfies requirement 2) | |
1064 | ||
1065 | The threshold goes up in value when the application frees memory that was | |
1066 | allocated with the mmap allocator. The idea is that once the application | |
1067 | starts freeing memory of a certain size, it's highly probable that this is | |
1068 | a size the application uses for transient allocations. This estimator | |
1069 | is there to satisfy the new third requirement. | |
1070 | ||
f65fd747 UD |
1071 | */ |
1072 | ||
fa8d436c | 1073 | #define M_MMAP_THRESHOLD -3 |
f65fd747 | 1074 | |
fa8d436c | 1075 | #ifndef DEFAULT_MMAP_THRESHOLD |
1d05c2fb | 1076 | #define DEFAULT_MMAP_THRESHOLD DEFAULT_MMAP_THRESHOLD_MIN |
fa8d436c UD |
1077 | #endif |
1078 | ||
1079 | /* | |
1080 | M_MMAP_MAX is the maximum number of requests to simultaneously | |
1081 | service using mmap. This parameter exists because | |
1082 | some systems have a limited number of internal tables for | |
1083 | use by mmap, and using more than a few of them may degrade | |
1084 | performance. | |
1085 | ||
1086 | The default is set to a value that serves only as a safeguard. | |
22a89187 | 1087 | Setting to 0 disables use of mmap for servicing large requests. |
fa8d436c | 1088 | */ |
f65fd747 | 1089 | |
fa8d436c UD |
1090 | #define M_MMAP_MAX -4 |
1091 | ||
1092 | #ifndef DEFAULT_MMAP_MAX | |
fa8d436c | 1093 | #define DEFAULT_MMAP_MAX (65536) |
f65fd747 UD |
1094 | #endif |
1095 | ||
100351c3 | 1096 | #include <malloc.h> |
f65fd747 | 1097 | |
fa8d436c UD |
1098 | #ifndef RETURN_ADDRESS |
1099 | #define RETURN_ADDRESS(X_) (NULL) | |
9ae6fc54 | 1100 | #endif |
431c33c0 | 1101 | |
fa8d436c UD |
1102 | /* Forward declarations. */ |
1103 | struct malloc_chunk; | |
1104 | typedef struct malloc_chunk* mchunkptr; | |
431c33c0 | 1105 | |
fa8d436c | 1106 | /* Internal routines. */ |
f65fd747 | 1107 | |
22a89187 | 1108 | static void* _int_malloc(mstate, size_t); |
425ce2ed | 1109 | static void _int_free(mstate, mchunkptr, int); |
22a89187 | 1110 | static void* _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T, |
6e4b2107 | 1111 | INTERNAL_SIZE_T); |
22a89187 | 1112 | static void* _int_memalign(mstate, size_t, size_t); |
b5bd5bfe | 1113 | #if IS_IN (libc) |
10ad46bc | 1114 | static void* _mid_memalign(size_t, size_t, void *); |
b5bd5bfe | 1115 | #endif |
10ad46bc | 1116 | |
ac3ed168 | 1117 | static void malloc_printerr(const char *str) __attribute__ ((noreturn)); |
fa8d436c | 1118 | |
0c71122c | 1119 | static void munmap_chunk(mchunkptr p); |
a9177ff5 | 1120 | #if HAVE_MREMAP |
0c71122c | 1121 | static mchunkptr mremap_chunk(mchunkptr p, size_t new_size); |
a9177ff5 | 1122 | #endif |
fa8d436c | 1123 | |
fa8d436c | 1124 | /* ------------------ MMAP support ------------------ */ |
f65fd747 | 1125 | |
f65fd747 | 1126 | |
fa8d436c | 1127 | #include <fcntl.h> |
fa8d436c | 1128 | #include <sys/mman.h> |
f65fd747 | 1129 | |
fa8d436c UD |
1130 | #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON) |
1131 | # define MAP_ANONYMOUS MAP_ANON | |
1132 | #endif | |
f65fd747 | 1133 | |
fa8d436c | 1134 | #ifndef MAP_NORESERVE |
3b49edc0 | 1135 | # define MAP_NORESERVE 0 |
f65fd747 UD |
1136 | #endif |
1137 | ||
fa8d436c | 1138 | #define MMAP(addr, size, prot, flags) \ |
3b49edc0 | 1139 | __mmap((addr), (size), (prot), (flags)|MAP_ANONYMOUS|MAP_PRIVATE, -1, 0) |
f65fd747 | 1140 | |
f65fd747 UD |
1141 | |
1142 | /* | |
fa8d436c | 1143 | ----------------------- Chunk representations ----------------------- |
f65fd747 UD |
1144 | */ |
1145 | ||
1146 | ||
fa8d436c UD |
1147 | /* |
1148 | This struct declaration is misleading (but accurate and necessary). | |
1149 | It declares a "view" into memory allowing access to necessary | |
1150 | fields at known offsets from a given base. See explanation below. | |
1151 | */ | |
1152 | ||
1153 | struct malloc_chunk { | |
1154 | ||
e9c4fe93 FW |
1155 | INTERNAL_SIZE_T mchunk_prev_size; /* Size of previous chunk (if free). */ |
1156 | INTERNAL_SIZE_T mchunk_size; /* Size in bytes, including overhead. */ | |
fa8d436c UD |
1157 | |
1158 | struct malloc_chunk* fd; /* double links -- used only if free. */ | |
f65fd747 | 1159 | struct malloc_chunk* bk; |
7ecfbd38 UD |
1160 | |
1161 | /* Only used for large blocks: pointer to next larger size. */ | |
1162 | struct malloc_chunk* fd_nextsize; /* double links -- used only if free. */ | |
1163 | struct malloc_chunk* bk_nextsize; | |
f65fd747 UD |
1164 | }; |
1165 | ||
f65fd747 UD |
1166 | |
1167 | /* | |
f65fd747 UD |
1168 | malloc_chunk details: |
1169 | ||
1170 | (The following includes lightly edited explanations by Colin Plumb.) | |
1171 | ||
1172 | Chunks of memory are maintained using a `boundary tag' method as | |
1173 | described in e.g., Knuth or Standish. (See the paper by Paul | |
1174 | Wilson ftp://ftp.cs.utexas.edu/pub/garbage/allocsrv.ps for a | |
1175 | survey of such techniques.) Sizes of free chunks are stored both | |
1176 | in the front of each chunk and at the end. This makes | |
1177 | consolidating fragmented chunks into bigger chunks very fast. The | |
1178 | size fields also hold bits representing whether chunks are free or | |
1179 | in use. | |
1180 | ||
1181 | An allocated chunk looks like this: | |
1182 | ||
1183 | ||
1184 | chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
ae9166f2 | 1185 | | Size of previous chunk, if unallocated (P clear) | |
72f90263 | 1186 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
ae9166f2 | 1187 | | Size of chunk, in bytes |A|M|P| |
f65fd747 | 1188 | mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
72f90263 UD |
1189 | | User data starts here... . |
1190 | . . | |
1191 | . (malloc_usable_size() bytes) . | |
1192 | . | | |
f65fd747 | 1193 | nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
ae9166f2 FW |
1194 | | (size of chunk, but used for application data) | |
1195 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
1196 | | Size of next chunk, in bytes |A|0|1| | |
72f90263 | 1197 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
f65fd747 UD |
1198 | |
1199 | Where "chunk" is the front of the chunk for the purpose of most of | |
1200 | the malloc code, but "mem" is the pointer that is returned to the | |
1201 | user. "Nextchunk" is the beginning of the next contiguous chunk. | |
1202 | ||
6f65e668 | 1203 | Chunks always begin on even word boundaries, so the mem portion |
f65fd747 | 1204 | (which is returned to the user) is also on an even word boundary, and |
fa8d436c | 1205 | thus at least double-word aligned. |
f65fd747 UD |
1206 | |
1207 | Free chunks are stored in circular doubly-linked lists, and look like this: | |
1208 | ||
1209 | chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
ae9166f2 | 1210 | | Size of previous chunk, if unallocated (P clear) | |
72f90263 | 1211 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
ae9166f2 | 1212 | `head:' | Size of chunk, in bytes |A|0|P| |
f65fd747 | 1213 | mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
72f90263 UD |
1214 | | Forward pointer to next chunk in list | |
1215 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
1216 | | Back pointer to previous chunk in list | | |
1217 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
1218 | | Unused space (may be 0 bytes long) . | |
1219 | . . | |
1220 | . | | |
f65fd747 UD |
1221 | nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1222 | `foot:' | Size of chunk, in bytes | | |
72f90263 | 1223 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
ae9166f2 FW |
1224 | | Size of next chunk, in bytes |A|0|0| |
1225 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
f65fd747 UD |
1226 | |
1227 | The P (PREV_INUSE) bit, stored in the unused low-order bit of the | |
1228 | chunk size (which is always a multiple of two words), is an in-use | |
1229 | bit for the *previous* chunk. If that bit is *clear*, then the | |
1230 | word before the current chunk size contains the previous chunk | |
1231 | size, and can be used to find the front of the previous chunk. | |
fa8d436c UD |
1232 | The very first chunk allocated always has this bit set, |
1233 | preventing access to non-existent (or non-owned) memory. If | |
1234 | prev_inuse is set for any given chunk, then you CANNOT determine | |
1235 | the size of the previous chunk, and might even get a memory | |
1236 | addressing fault when trying to do so. | |
f65fd747 | 1237 | |
ae9166f2 FW |
1238 | The A (NON_MAIN_ARENA) bit is cleared for chunks on the initial, |
1239 | main arena, described by the main_arena variable. When additional | |
1240 | threads are spawned, each thread receives its own arena (up to a | |
1241 | configurable limit, after which arenas are reused for multiple | |
1242 | threads), and the chunks in these arenas have the A bit set. To | |
1243 | find the arena for a chunk on such a non-main arena, heap_for_ptr | |
1244 | performs a bit mask operation and indirection through the ar_ptr | |
1245 | member of the per-heap header heap_info (see arena.c). | |
1246 | ||
f65fd747 | 1247 | Note that the `foot' of the current chunk is actually represented |
fa8d436c UD |
1248 | as the prev_size of the NEXT chunk. This makes it easier to |
1249 | deal with alignments etc but can be very confusing when trying | |
1250 | to extend or adapt this code. | |
f65fd747 | 1251 | |
ae9166f2 | 1252 | The three exceptions to all this are: |
f65fd747 | 1253 | |
fa8d436c | 1254 | 1. The special chunk `top' doesn't bother using the |
72f90263 UD |
1255 | trailing size field since there is no next contiguous chunk |
1256 | that would have to index off it. After initialization, `top' | |
1257 | is forced to always exist. If it would become less than | |
1258 | MINSIZE bytes long, it is replenished. | |
f65fd747 UD |
1259 | |
1260 | 2. Chunks allocated via mmap, which have the second-lowest-order | |
72f90263 | 1261 | bit M (IS_MMAPPED) set in their size fields. Because they are |
ae9166f2 FW |
1262 | allocated one-by-one, each must contain its own trailing size |
1263 | field. If the M bit is set, the other bits are ignored | |
1264 | (because mmapped chunks are neither in an arena, nor adjacent | |
1265 | to a freed chunk). The M bit is also used for chunks which | |
1266 | originally came from a dumped heap via malloc_set_state in | |
1267 | hooks.c. | |
1268 | ||
1269 | 3. Chunks in fastbins are treated as allocated chunks from the | |
1270 | point of view of the chunk allocator. They are consolidated | |
1271 | with their neighbors only in bulk, in malloc_consolidate. | |
f65fd747 UD |
1272 | */ |
1273 | ||
1274 | /* | |
fa8d436c UD |
1275 | ---------- Size and alignment checks and conversions ---------- |
1276 | */ | |
f65fd747 | 1277 | |
3784dfc0 RE |
1278 | /* Conversion from malloc headers to user pointers, and back. When |
1279 | using memory tagging the user data and the malloc data structure | |
1280 | headers have distinct tags. Converting fully from one to the other | |
1281 | involves extracting the tag at the other address and creating a | |
1282 | suitable pointer using it. That can be quite expensive. There are | |
4eac0ab1 SN |
1283 | cases when the pointers are not dereferenced (for example only used |
1284 | for alignment check) so the tags are not relevant, and there are | |
1285 | cases when user data is not tagged distinctly from malloc headers | |
1286 | (user data is untagged because tagging is done late in malloc and | |
1287 | early in free). User memory tagging across internal interfaces: | |
1288 | ||
1289 | sysmalloc: Returns untagged memory. | |
1290 | _int_malloc: Returns untagged memory. | |
1291 | _int_free: Takes untagged memory. | |
1292 | _int_memalign: Returns untagged memory. | |
1293 | _int_memalign: Returns untagged memory. | |
1294 | _mid_memalign: Returns tagged memory. | |
1295 | _int_realloc: Takes and returns tagged memory. | |
1296 | */ | |
3784dfc0 RE |
1297 | |
1298 | /* The chunk header is two SIZE_SZ elements, but this is used widely, so | |
1299 | we define it here for clarity later. */ | |
1300 | #define CHUNK_HDR_SZ (2 * SIZE_SZ) | |
1301 | ||
4eac0ab1 | 1302 | /* Convert a chunk address to a user mem pointer without correcting |
3784dfc0 | 1303 | the tag. */ |
ca89f1c7 | 1304 | #define chunk2mem(p) ((void*)((char*)(p) + CHUNK_HDR_SZ)) |
f65fd747 | 1305 | |
ca89f1c7 SN |
1306 | /* Convert a chunk address to a user mem pointer and extract the right tag. */ |
1307 | #define chunk2mem_tag(p) ((void*)tag_at ((char*)(p) + CHUNK_HDR_SZ)) | |
1308 | ||
1309 | /* Convert a user mem pointer to a chunk address and extract the right tag. */ | |
0c719cf4 | 1310 | #define mem2chunk(mem) ((mchunkptr)tag_at (((char*)(mem) - CHUNK_HDR_SZ))) |
f65fd747 | 1311 | |
fa8d436c | 1312 | /* The smallest possible chunk */ |
7ecfbd38 | 1313 | #define MIN_CHUNK_SIZE (offsetof(struct malloc_chunk, fd_nextsize)) |
f65fd747 | 1314 | |
fa8d436c | 1315 | /* The smallest size we can malloc is an aligned minimal chunk */ |
f65fd747 | 1316 | |
fa8d436c UD |
1317 | #define MINSIZE \ |
1318 | (unsigned long)(((MIN_CHUNK_SIZE+MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK)) | |
f65fd747 | 1319 | |
fa8d436c | 1320 | /* Check if m has acceptable alignment */ |
f65fd747 | 1321 | |
073f560e UD |
1322 | #define aligned_OK(m) (((unsigned long)(m) & MALLOC_ALIGN_MASK) == 0) |
1323 | ||
1324 | #define misaligned_chunk(p) \ | |
ca89f1c7 | 1325 | ((uintptr_t)(MALLOC_ALIGNMENT == CHUNK_HDR_SZ ? (p) : chunk2mem (p)) \ |
073f560e | 1326 | & MALLOC_ALIGN_MASK) |
f65fd747 | 1327 | |
fa8d436c | 1328 | /* pad request bytes into a usable size -- internal version */ |
3784dfc0 RE |
1329 | /* Note: This must be a macro that evaluates to a compile time constant |
1330 | if passed a literal constant. */ | |
fa8d436c UD |
1331 | #define request2size(req) \ |
1332 | (((req) + SIZE_SZ + MALLOC_ALIGN_MASK < MINSIZE) ? \ | |
1333 | MINSIZE : \ | |
1334 | ((req) + SIZE_SZ + MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK) | |
f65fd747 | 1335 | |
9bf8e29c AZ |
1336 | /* Check if REQ overflows when padded and aligned and if the resulting value |
1337 | is less than PTRDIFF_T. Returns TRUE and the requested size or MINSIZE in | |
1338 | case the value is less than MINSIZE on SZ or false if any of the previous | |
1339 | check fail. */ | |
1340 | static inline bool | |
1341 | checked_request2size (size_t req, size_t *sz) __nonnull (1) | |
1342 | { | |
1343 | if (__glibc_unlikely (req > PTRDIFF_MAX)) | |
1344 | return false; | |
3784dfc0 | 1345 | |
3784dfc0 RE |
1346 | /* When using tagged memory, we cannot share the end of the user |
1347 | block with the header for the next chunk, so ensure that we | |
1348 | allocate blocks that are rounded up to the granule size. Take | |
1349 | care not to overflow from close to MAX_SIZE_T to a small | |
1350 | number. Ideally, this would be part of request2size(), but that | |
1351 | must be a macro that produces a compile time constant if passed | |
1352 | a constant literal. */ | |
63a20eb0 | 1353 | if (__glibc_unlikely (mtag_enabled)) |
850dbf24 SN |
1354 | { |
1355 | /* Ensure this is not evaluated if !mtag_enabled, see gcc PR 99551. */ | |
1356 | asm (""); | |
1357 | ||
1358 | req = (req + (__MTAG_GRANULE_SIZE - 1)) & | |
1359 | ~(size_t)(__MTAG_GRANULE_SIZE - 1); | |
1360 | } | |
3784dfc0 | 1361 | |
9bf8e29c AZ |
1362 | *sz = request2size (req); |
1363 | return true; | |
1364 | } | |
f65fd747 UD |
1365 | |
1366 | /* | |
6c8dbf00 OB |
1367 | --------------- Physical chunk operations --------------- |
1368 | */ | |
f65fd747 | 1369 | |
10dc2a90 | 1370 | |
fa8d436c UD |
1371 | /* size field is or'ed with PREV_INUSE when previous adjacent chunk in use */ |
1372 | #define PREV_INUSE 0x1 | |
f65fd747 | 1373 | |
fa8d436c | 1374 | /* extract inuse bit of previous chunk */ |
e9c4fe93 | 1375 | #define prev_inuse(p) ((p)->mchunk_size & PREV_INUSE) |
f65fd747 | 1376 | |
f65fd747 | 1377 | |
fa8d436c UD |
1378 | /* size field is or'ed with IS_MMAPPED if the chunk was obtained with mmap() */ |
1379 | #define IS_MMAPPED 0x2 | |
f65fd747 | 1380 | |
fa8d436c | 1381 | /* check for mmap()'ed chunk */ |
e9c4fe93 | 1382 | #define chunk_is_mmapped(p) ((p)->mchunk_size & IS_MMAPPED) |
f65fd747 | 1383 | |
f65fd747 | 1384 | |
fa8d436c UD |
1385 | /* size field is or'ed with NON_MAIN_ARENA if the chunk was obtained |
1386 | from a non-main arena. This is only set immediately before handing | |
1387 | the chunk to the user, if necessary. */ | |
1388 | #define NON_MAIN_ARENA 0x4 | |
f65fd747 | 1389 | |
ae9166f2 | 1390 | /* Check for chunk from main arena. */ |
e9c4fe93 FW |
1391 | #define chunk_main_arena(p) (((p)->mchunk_size & NON_MAIN_ARENA) == 0) |
1392 | ||
1393 | /* Mark a chunk as not being on the main arena. */ | |
1394 | #define set_non_main_arena(p) ((p)->mchunk_size |= NON_MAIN_ARENA) | |
f65fd747 UD |
1395 | |
1396 | ||
a9177ff5 | 1397 | /* |
6c8dbf00 | 1398 | Bits to mask off when extracting size |
f65fd747 | 1399 | |
6c8dbf00 OB |
1400 | Note: IS_MMAPPED is intentionally not masked off from size field in |
1401 | macros for which mmapped chunks should never be seen. This should | |
1402 | cause helpful core dumps to occur if it is tried by accident by | |
1403 | people extending or adapting this malloc. | |
1404 | */ | |
1405 | #define SIZE_BITS (PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) | |
f65fd747 | 1406 | |
fa8d436c | 1407 | /* Get size, ignoring use bits */ |
e9c4fe93 | 1408 | #define chunksize(p) (chunksize_nomask (p) & ~(SIZE_BITS)) |
f65fd747 | 1409 | |
e9c4fe93 FW |
1410 | /* Like chunksize, but do not mask SIZE_BITS. */ |
1411 | #define chunksize_nomask(p) ((p)->mchunk_size) | |
f65fd747 | 1412 | |
fa8d436c | 1413 | /* Ptr to next physical malloc_chunk. */ |
e9c4fe93 FW |
1414 | #define next_chunk(p) ((mchunkptr) (((char *) (p)) + chunksize (p))) |
1415 | ||
229855e5 | 1416 | /* Size of the chunk below P. Only valid if !prev_inuse (P). */ |
e9c4fe93 FW |
1417 | #define prev_size(p) ((p)->mchunk_prev_size) |
1418 | ||
229855e5 | 1419 | /* Set the size of the chunk below P. Only valid if !prev_inuse (P). */ |
e9c4fe93 | 1420 | #define set_prev_size(p, sz) ((p)->mchunk_prev_size = (sz)) |
f65fd747 | 1421 | |
229855e5 | 1422 | /* Ptr to previous physical malloc_chunk. Only valid if !prev_inuse (P). */ |
e9c4fe93 | 1423 | #define prev_chunk(p) ((mchunkptr) (((char *) (p)) - prev_size (p))) |
f65fd747 | 1424 | |
fa8d436c | 1425 | /* Treat space at ptr + offset as a chunk */ |
6c8dbf00 | 1426 | #define chunk_at_offset(p, s) ((mchunkptr) (((char *) (p)) + (s))) |
fa8d436c UD |
1427 | |
1428 | /* extract p's inuse bit */ | |
6c8dbf00 | 1429 | #define inuse(p) \ |
e9c4fe93 | 1430 | ((((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size) & PREV_INUSE) |
f65fd747 | 1431 | |
fa8d436c | 1432 | /* set/clear chunk as being inuse without otherwise disturbing */ |
6c8dbf00 | 1433 | #define set_inuse(p) \ |
e9c4fe93 | 1434 | ((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size |= PREV_INUSE |
f65fd747 | 1435 | |
6c8dbf00 | 1436 | #define clear_inuse(p) \ |
e9c4fe93 | 1437 | ((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size &= ~(PREV_INUSE) |
f65fd747 UD |
1438 | |
1439 | ||
fa8d436c | 1440 | /* check/set/clear inuse bits in known places */ |
6c8dbf00 | 1441 | #define inuse_bit_at_offset(p, s) \ |
e9c4fe93 | 1442 | (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size & PREV_INUSE) |
f65fd747 | 1443 | |
6c8dbf00 | 1444 | #define set_inuse_bit_at_offset(p, s) \ |
e9c4fe93 | 1445 | (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size |= PREV_INUSE) |
f65fd747 | 1446 | |
6c8dbf00 | 1447 | #define clear_inuse_bit_at_offset(p, s) \ |
e9c4fe93 | 1448 | (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size &= ~(PREV_INUSE)) |
f65fd747 | 1449 | |
f65fd747 | 1450 | |
fa8d436c | 1451 | /* Set size at head, without disturbing its use bit */ |
e9c4fe93 | 1452 | #define set_head_size(p, s) ((p)->mchunk_size = (((p)->mchunk_size & SIZE_BITS) | (s))) |
f65fd747 | 1453 | |
fa8d436c | 1454 | /* Set size/use field */ |
e9c4fe93 | 1455 | #define set_head(p, s) ((p)->mchunk_size = (s)) |
f65fd747 | 1456 | |
fa8d436c | 1457 | /* Set size at footer (only when chunk is not in use) */ |
e9c4fe93 | 1458 | #define set_foot(p, s) (((mchunkptr) ((char *) (p) + (s)))->mchunk_prev_size = (s)) |
f65fd747 | 1459 | |
e9c4fe93 FW |
1460 | #pragma GCC poison mchunk_size |
1461 | #pragma GCC poison mchunk_prev_size | |
1462 | ||
faf003ed SN |
1463 | /* This is the size of the real usable data in the chunk. Not valid for |
1464 | dumped heap chunks. */ | |
1465 | #define memsize(p) \ | |
1466 | (__MTAG_GRANULE_SIZE > SIZE_SZ && __glibc_unlikely (mtag_enabled) ? \ | |
1467 | chunksize (p) - CHUNK_HDR_SZ : \ | |
1468 | chunksize (p) - CHUNK_HDR_SZ + (chunk_is_mmapped (p) ? 0 : SIZE_SZ)) | |
1469 | ||
5295172e | 1470 | /* If memory tagging is enabled the layout changes to accommodate the granule |
faf003ed SN |
1471 | size, this is wasteful for small allocations so not done by default. |
1472 | Both the chunk header and user data has to be granule aligned. */ | |
1473 | _Static_assert (__MTAG_GRANULE_SIZE <= CHUNK_HDR_SZ, | |
1474 | "memory tagging is not supported with large granule."); | |
1475 | ||
42bac88a SN |
1476 | static __always_inline void * |
1477 | tag_new_usable (void *ptr) | |
1478 | { | |
1479 | if (__glibc_unlikely (mtag_enabled) && ptr) | |
1480 | { | |
1481 | mchunkptr cp = mem2chunk(ptr); | |
faf003ed | 1482 | ptr = __libc_mtag_tag_region (__libc_mtag_new_tag (ptr), memsize (cp)); |
42bac88a SN |
1483 | } |
1484 | return ptr; | |
1485 | } | |
1486 | ||
fa8d436c | 1487 | /* |
6c8dbf00 | 1488 | -------------------- Internal data structures -------------------- |
fa8d436c UD |
1489 | |
1490 | All internal state is held in an instance of malloc_state defined | |
1491 | below. There are no other static variables, except in two optional | |
a9177ff5 | 1492 | cases: |
6c8dbf00 OB |
1493 | * If USE_MALLOC_LOCK is defined, the mALLOC_MUTEx declared above. |
1494 | * If mmap doesn't support MAP_ANONYMOUS, a dummy file descriptor | |
22a89187 | 1495 | for mmap. |
fa8d436c UD |
1496 | |
1497 | Beware of lots of tricks that minimize the total bookkeeping space | |
1498 | requirements. The result is a little over 1K bytes (for 4byte | |
1499 | pointers and size_t.) | |
6c8dbf00 | 1500 | */ |
f65fd747 UD |
1501 | |
1502 | /* | |
6c8dbf00 | 1503 | Bins |
fa8d436c UD |
1504 | |
1505 | An array of bin headers for free chunks. Each bin is doubly | |
1506 | linked. The bins are approximately proportionally (log) spaced. | |
1507 | There are a lot of these bins (128). This may look excessive, but | |
1508 | works very well in practice. Most bins hold sizes that are | |
1509 | unusual as malloc request sizes, but are more usual for fragments | |
1510 | and consolidated sets of chunks, which is what these bins hold, so | |
1511 | they can be found quickly. All procedures maintain the invariant | |
1512 | that no consolidated chunk physically borders another one, so each | |
1513 | chunk in a list is known to be preceeded and followed by either | |
1514 | inuse chunks or the ends of memory. | |
1515 | ||
1516 | Chunks in bins are kept in size order, with ties going to the | |
1517 | approximately least recently used chunk. Ordering isn't needed | |
1518 | for the small bins, which all contain the same-sized chunks, but | |
1519 | facilitates best-fit allocation for larger chunks. These lists | |
1520 | are just sequential. Keeping them in order almost never requires | |
1521 | enough traversal to warrant using fancier ordered data | |
a9177ff5 | 1522 | structures. |
fa8d436c UD |
1523 | |
1524 | Chunks of the same size are linked with the most | |
1525 | recently freed at the front, and allocations are taken from the | |
1526 | back. This results in LRU (FIFO) allocation order, which tends | |
1527 | to give each chunk an equal opportunity to be consolidated with | |
1528 | adjacent freed chunks, resulting in larger free chunks and less | |
1529 | fragmentation. | |
1530 | ||
1531 | To simplify use in double-linked lists, each bin header acts | |
1532 | as a malloc_chunk. This avoids special-casing for headers. | |
1533 | But to conserve space and improve locality, we allocate | |
1534 | only the fd/bk pointers of bins, and then use repositioning tricks | |
a9177ff5 | 1535 | to treat these as the fields of a malloc_chunk*. |
6c8dbf00 | 1536 | */ |
f65fd747 | 1537 | |
6c8dbf00 | 1538 | typedef struct malloc_chunk *mbinptr; |
f65fd747 | 1539 | |
fa8d436c | 1540 | /* addressing -- note that bin_at(0) does not exist */ |
41999a1a UD |
1541 | #define bin_at(m, i) \ |
1542 | (mbinptr) (((char *) &((m)->bins[((i) - 1) * 2])) \ | |
6c8dbf00 | 1543 | - offsetof (struct malloc_chunk, fd)) |
f65fd747 | 1544 | |
fa8d436c | 1545 | /* analog of ++bin */ |
6c8dbf00 | 1546 | #define next_bin(b) ((mbinptr) ((char *) (b) + (sizeof (mchunkptr) << 1))) |
f65fd747 | 1547 | |
fa8d436c UD |
1548 | /* Reminders about list directionality within bins */ |
1549 | #define first(b) ((b)->fd) | |
1550 | #define last(b) ((b)->bk) | |
f65fd747 | 1551 | |
fa8d436c | 1552 | /* |
6c8dbf00 | 1553 | Indexing |
fa8d436c UD |
1554 | |
1555 | Bins for sizes < 512 bytes contain chunks of all the same size, spaced | |
1556 | 8 bytes apart. Larger bins are approximately logarithmically spaced: | |
f65fd747 | 1557 | |
fa8d436c UD |
1558 | 64 bins of size 8 |
1559 | 32 bins of size 64 | |
1560 | 16 bins of size 512 | |
1561 | 8 bins of size 4096 | |
1562 | 4 bins of size 32768 | |
1563 | 2 bins of size 262144 | |
1564 | 1 bin of size what's left | |
f65fd747 | 1565 | |
fa8d436c UD |
1566 | There is actually a little bit of slop in the numbers in bin_index |
1567 | for the sake of speed. This makes no difference elsewhere. | |
f65fd747 | 1568 | |
fa8d436c UD |
1569 | The bins top out around 1MB because we expect to service large |
1570 | requests via mmap. | |
b5a2bbe6 L |
1571 | |
1572 | Bin 0 does not exist. Bin 1 is the unordered list; if that would be | |
1573 | a valid chunk size the small bins are bumped up one. | |
6c8dbf00 | 1574 | */ |
f65fd747 | 1575 | |
fa8d436c UD |
1576 | #define NBINS 128 |
1577 | #define NSMALLBINS 64 | |
1d47e92f | 1578 | #define SMALLBIN_WIDTH MALLOC_ALIGNMENT |
3784dfc0 | 1579 | #define SMALLBIN_CORRECTION (MALLOC_ALIGNMENT > CHUNK_HDR_SZ) |
b5a2bbe6 | 1580 | #define MIN_LARGE_SIZE ((NSMALLBINS - SMALLBIN_CORRECTION) * SMALLBIN_WIDTH) |
f65fd747 | 1581 | |
fa8d436c | 1582 | #define in_smallbin_range(sz) \ |
6c8dbf00 | 1583 | ((unsigned long) (sz) < (unsigned long) MIN_LARGE_SIZE) |
f65fd747 | 1584 | |
1d47e92f | 1585 | #define smallbin_index(sz) \ |
6c8dbf00 | 1586 | ((SMALLBIN_WIDTH == 16 ? (((unsigned) (sz)) >> 4) : (((unsigned) (sz)) >> 3))\ |
b5a2bbe6 | 1587 | + SMALLBIN_CORRECTION) |
f65fd747 | 1588 | |
1d47e92f | 1589 | #define largebin_index_32(sz) \ |
6c8dbf00 OB |
1590 | (((((unsigned long) (sz)) >> 6) <= 38) ? 56 + (((unsigned long) (sz)) >> 6) :\ |
1591 | ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\ | |
1592 | ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\ | |
1593 | ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\ | |
1594 | ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\ | |
1595 | 126) | |
f65fd747 | 1596 | |
b5a2bbe6 | 1597 | #define largebin_index_32_big(sz) \ |
6c8dbf00 OB |
1598 | (((((unsigned long) (sz)) >> 6) <= 45) ? 49 + (((unsigned long) (sz)) >> 6) :\ |
1599 | ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\ | |
1600 | ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\ | |
1601 | ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\ | |
1602 | ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\ | |
1603 | 126) | |
b5a2bbe6 | 1604 | |
1d47e92f UD |
1605 | // XXX It remains to be seen whether it is good to keep the widths of |
1606 | // XXX the buckets the same or whether it should be scaled by a factor | |
1607 | // XXX of two as well. | |
1608 | #define largebin_index_64(sz) \ | |
6c8dbf00 OB |
1609 | (((((unsigned long) (sz)) >> 6) <= 48) ? 48 + (((unsigned long) (sz)) >> 6) :\ |
1610 | ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\ | |
1611 | ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\ | |
1612 | ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\ | |
1613 | ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\ | |
1614 | 126) | |
1d47e92f UD |
1615 | |
1616 | #define largebin_index(sz) \ | |
b5a2bbe6 L |
1617 | (SIZE_SZ == 8 ? largebin_index_64 (sz) \ |
1618 | : MALLOC_ALIGNMENT == 16 ? largebin_index_32_big (sz) \ | |
1619 | : largebin_index_32 (sz)) | |
1d47e92f | 1620 | |
fa8d436c | 1621 | #define bin_index(sz) \ |
6c8dbf00 | 1622 | ((in_smallbin_range (sz)) ? smallbin_index (sz) : largebin_index (sz)) |
f65fd747 | 1623 | |
1ecba1fa FW |
1624 | /* Take a chunk off a bin list. */ |
1625 | static void | |
1626 | unlink_chunk (mstate av, mchunkptr p) | |
1627 | { | |
1628 | if (chunksize (p) != prev_size (next_chunk (p))) | |
1629 | malloc_printerr ("corrupted size vs. prev_size"); | |
1630 | ||
1631 | mchunkptr fd = p->fd; | |
1632 | mchunkptr bk = p->bk; | |
1633 | ||
1634 | if (__builtin_expect (fd->bk != p || bk->fd != p, 0)) | |
1635 | malloc_printerr ("corrupted double-linked list"); | |
1636 | ||
1637 | fd->bk = bk; | |
1638 | bk->fd = fd; | |
1639 | if (!in_smallbin_range (chunksize_nomask (p)) && p->fd_nextsize != NULL) | |
1640 | { | |
1641 | if (p->fd_nextsize->bk_nextsize != p | |
1642 | || p->bk_nextsize->fd_nextsize != p) | |
1643 | malloc_printerr ("corrupted double-linked list (not small)"); | |
1644 | ||
1645 | if (fd->fd_nextsize == NULL) | |
1646 | { | |
1647 | if (p->fd_nextsize == p) | |
1648 | fd->fd_nextsize = fd->bk_nextsize = fd; | |
1649 | else | |
1650 | { | |
1651 | fd->fd_nextsize = p->fd_nextsize; | |
1652 | fd->bk_nextsize = p->bk_nextsize; | |
1653 | p->fd_nextsize->bk_nextsize = fd; | |
1654 | p->bk_nextsize->fd_nextsize = fd; | |
1655 | } | |
1656 | } | |
1657 | else | |
1658 | { | |
1659 | p->fd_nextsize->bk_nextsize = p->bk_nextsize; | |
1660 | p->bk_nextsize->fd_nextsize = p->fd_nextsize; | |
1661 | } | |
1662 | } | |
1663 | } | |
f65fd747 UD |
1664 | |
1665 | /* | |
6c8dbf00 | 1666 | Unsorted chunks |
fa8d436c UD |
1667 | |
1668 | All remainders from chunk splits, as well as all returned chunks, | |
1669 | are first placed in the "unsorted" bin. They are then placed | |
1670 | in regular bins after malloc gives them ONE chance to be used before | |
1671 | binning. So, basically, the unsorted_chunks list acts as a queue, | |
1672 | with chunks being placed on it in free (and malloc_consolidate), | |
1673 | and taken off (to be either used or placed in bins) in malloc. | |
1674 | ||
1675 | The NON_MAIN_ARENA flag is never set for unsorted chunks, so it | |
1676 | does not have to be taken into account in size comparisons. | |
6c8dbf00 | 1677 | */ |
f65fd747 | 1678 | |
fa8d436c | 1679 | /* The otherwise unindexable 1-bin is used to hold unsorted chunks. */ |
6c8dbf00 | 1680 | #define unsorted_chunks(M) (bin_at (M, 1)) |
f65fd747 | 1681 | |
fa8d436c | 1682 | /* |
6c8dbf00 | 1683 | Top |
fa8d436c UD |
1684 | |
1685 | The top-most available chunk (i.e., the one bordering the end of | |
1686 | available memory) is treated specially. It is never included in | |
1687 | any bin, is used only if no other chunk is available, and is | |
1688 | released back to the system if it is very large (see | |
1689 | M_TRIM_THRESHOLD). Because top initially | |
1690 | points to its own bin with initial zero size, thus forcing | |
1691 | extension on the first malloc request, we avoid having any special | |
1692 | code in malloc to check whether it even exists yet. But we still | |
1693 | need to do so when getting memory from system, so we make | |
1694 | initial_top treat the bin as a legal but unusable chunk during the | |
1695 | interval between initialization and the first call to | |
3b49edc0 | 1696 | sysmalloc. (This is somewhat delicate, since it relies on |
fa8d436c | 1697 | the 2 preceding words to be zero during this interval as well.) |
6c8dbf00 | 1698 | */ |
f65fd747 | 1699 | |
fa8d436c | 1700 | /* Conveniently, the unsorted bin can be used as dummy top on first call */ |
6c8dbf00 | 1701 | #define initial_top(M) (unsorted_chunks (M)) |
f65fd747 | 1702 | |
fa8d436c | 1703 | /* |
6c8dbf00 | 1704 | Binmap |
f65fd747 | 1705 | |
fa8d436c UD |
1706 | To help compensate for the large number of bins, a one-level index |
1707 | structure is used for bin-by-bin searching. `binmap' is a | |
1708 | bitvector recording whether bins are definitely empty so they can | |
1709 | be skipped over during during traversals. The bits are NOT always | |
1710 | cleared as soon as bins are empty, but instead only | |
1711 | when they are noticed to be empty during traversal in malloc. | |
6c8dbf00 | 1712 | */ |
f65fd747 | 1713 | |
fa8d436c UD |
1714 | /* Conservatively use 32 bits per map word, even if on 64bit system */ |
1715 | #define BINMAPSHIFT 5 | |
1716 | #define BITSPERMAP (1U << BINMAPSHIFT) | |
1717 | #define BINMAPSIZE (NBINS / BITSPERMAP) | |
f65fd747 | 1718 | |
fa8d436c | 1719 | #define idx2block(i) ((i) >> BINMAPSHIFT) |
6c8dbf00 | 1720 | #define idx2bit(i) ((1U << ((i) & ((1U << BINMAPSHIFT) - 1)))) |
f65fd747 | 1721 | |
6c8dbf00 OB |
1722 | #define mark_bin(m, i) ((m)->binmap[idx2block (i)] |= idx2bit (i)) |
1723 | #define unmark_bin(m, i) ((m)->binmap[idx2block (i)] &= ~(idx2bit (i))) | |
1724 | #define get_binmap(m, i) ((m)->binmap[idx2block (i)] & idx2bit (i)) | |
f65fd747 | 1725 | |
fa8d436c | 1726 | /* |
6c8dbf00 | 1727 | Fastbins |
fa8d436c UD |
1728 | |
1729 | An array of lists holding recently freed small chunks. Fastbins | |
1730 | are not doubly linked. It is faster to single-link them, and | |
1731 | since chunks are never removed from the middles of these lists, | |
1732 | double linking is not necessary. Also, unlike regular bins, they | |
1733 | are not even processed in FIFO order (they use faster LIFO) since | |
1734 | ordering doesn't much matter in the transient contexts in which | |
1735 | fastbins are normally used. | |
1736 | ||
1737 | Chunks in fastbins keep their inuse bit set, so they cannot | |
1738 | be consolidated with other free chunks. malloc_consolidate | |
1739 | releases all chunks in fastbins and consolidates them with | |
a9177ff5 | 1740 | other free chunks. |
6c8dbf00 | 1741 | */ |
f65fd747 | 1742 | |
6c8dbf00 | 1743 | typedef struct malloc_chunk *mfastbinptr; |
425ce2ed | 1744 | #define fastbin(ar_ptr, idx) ((ar_ptr)->fastbinsY[idx]) |
f65fd747 | 1745 | |
fa8d436c | 1746 | /* offset 2 to use otherwise unindexable first 2 bins */ |
425ce2ed | 1747 | #define fastbin_index(sz) \ |
6c8dbf00 | 1748 | ((((unsigned int) (sz)) >> (SIZE_SZ == 8 ? 4 : 3)) - 2) |
425ce2ed | 1749 | |
f65fd747 | 1750 | |
fa8d436c | 1751 | /* The maximum fastbin request size we support */ |
425ce2ed | 1752 | #define MAX_FAST_SIZE (80 * SIZE_SZ / 4) |
f65fd747 | 1753 | |
6c8dbf00 | 1754 | #define NFASTBINS (fastbin_index (request2size (MAX_FAST_SIZE)) + 1) |
f65fd747 UD |
1755 | |
1756 | /* | |
6c8dbf00 OB |
1757 | FASTBIN_CONSOLIDATION_THRESHOLD is the size of a chunk in free() |
1758 | that triggers automatic consolidation of possibly-surrounding | |
1759 | fastbin chunks. This is a heuristic, so the exact value should not | |
1760 | matter too much. It is defined at half the default trim threshold as a | |
1761 | compromise heuristic to only attempt consolidation if it is likely | |
1762 | to lead to trimming. However, it is not dynamically tunable, since | |
1763 | consolidation reduces fragmentation surrounding large chunks even | |
1764 | if trimming is not used. | |
1765 | */ | |
f65fd747 | 1766 | |
fa8d436c | 1767 | #define FASTBIN_CONSOLIDATION_THRESHOLD (65536UL) |
f65fd747 | 1768 | |
f65fd747 | 1769 | /* |
6c8dbf00 OB |
1770 | NONCONTIGUOUS_BIT indicates that MORECORE does not return contiguous |
1771 | regions. Otherwise, contiguity is exploited in merging together, | |
1772 | when possible, results from consecutive MORECORE calls. | |
f65fd747 | 1773 | |
6c8dbf00 OB |
1774 | The initial value comes from MORECORE_CONTIGUOUS, but is |
1775 | changed dynamically if mmap is ever used as an sbrk substitute. | |
1776 | */ | |
f65fd747 | 1777 | |
fa8d436c | 1778 | #define NONCONTIGUOUS_BIT (2U) |
f65fd747 | 1779 | |
6c8dbf00 OB |
1780 | #define contiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) == 0) |
1781 | #define noncontiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) != 0) | |
1782 | #define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT) | |
9bf248c6 | 1783 | #define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT) |
f65fd747 | 1784 | |
eac43cbb FW |
1785 | /* Maximum size of memory handled in fastbins. */ |
1786 | static INTERNAL_SIZE_T global_max_fast; | |
1787 | ||
a9177ff5 RM |
1788 | /* |
1789 | Set value of max_fast. | |
fa8d436c | 1790 | Use impossibly small value if 0. |
3381be5c WD |
1791 | Precondition: there are no existing fastbin chunks in the main arena. |
1792 | Since do_check_malloc_state () checks this, we call malloc_consolidate () | |
1793 | before changing max_fast. Note other arenas will leak their fast bin | |
1794 | entries if max_fast is reduced. | |
6c8dbf00 | 1795 | */ |
f65fd747 | 1796 | |
9bf248c6 | 1797 | #define set_max_fast(s) \ |
b9cde4e3 | 1798 | global_max_fast = (((size_t) (s) <= MALLOC_ALIGN_MASK - SIZE_SZ) \ |
ff12e0fb | 1799 | ? MIN_CHUNK_SIZE / 2 : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK)) |
f65fd747 | 1800 | |
eac43cbb FW |
1801 | static inline INTERNAL_SIZE_T |
1802 | get_max_fast (void) | |
1803 | { | |
1804 | /* Tell the GCC optimizers that global_max_fast is never larger | |
1805 | than MAX_FAST_SIZE. This avoids out-of-bounds array accesses in | |
1806 | _int_malloc after constant propagation of the size parameter. | |
1807 | (The code never executes because malloc preserves the | |
1808 | global_max_fast invariant, but the optimizers may not recognize | |
1809 | this.) */ | |
1810 | if (global_max_fast > MAX_FAST_SIZE) | |
1811 | __builtin_unreachable (); | |
1812 | return global_max_fast; | |
1813 | } | |
f65fd747 UD |
1814 | |
1815 | /* | |
fa8d436c | 1816 | ----------- Internal state representation and initialization ----------- |
6c8dbf00 | 1817 | */ |
f65fd747 | 1818 | |
e956075a WD |
1819 | /* |
1820 | have_fastchunks indicates that there are probably some fastbin chunks. | |
1821 | It is set true on entering a chunk into any fastbin, and cleared early in | |
1822 | malloc_consolidate. The value is approximate since it may be set when there | |
1823 | are no fastbin chunks, or it may be clear even if there are fastbin chunks | |
1824 | available. Given it's sole purpose is to reduce number of redundant calls to | |
1825 | malloc_consolidate, it does not affect correctness. As a result we can safely | |
1826 | use relaxed atomic accesses. | |
1827 | */ | |
1828 | ||
1829 | ||
6c8dbf00 OB |
1830 | struct malloc_state |
1831 | { | |
fa8d436c | 1832 | /* Serialize access. */ |
cbb47fa1 | 1833 | __libc_lock_define (, mutex); |
9bf248c6 UD |
1834 | |
1835 | /* Flags (formerly in max_fast). */ | |
1836 | int flags; | |
f65fd747 | 1837 | |
e956075a | 1838 | /* Set if the fastbin chunks contain recently inserted free blocks. */ |
2c2245b9 WD |
1839 | /* Note this is a bool but not all targets support atomics on booleans. */ |
1840 | int have_fastchunks; | |
e956075a | 1841 | |
fa8d436c | 1842 | /* Fastbins */ |
6c8dbf00 | 1843 | mfastbinptr fastbinsY[NFASTBINS]; |
f65fd747 | 1844 | |
fa8d436c | 1845 | /* Base of the topmost chunk -- not otherwise kept in a bin */ |
6c8dbf00 | 1846 | mchunkptr top; |
f65fd747 | 1847 | |
fa8d436c | 1848 | /* The remainder from the most recent split of a small request */ |
6c8dbf00 | 1849 | mchunkptr last_remainder; |
f65fd747 | 1850 | |
fa8d436c | 1851 | /* Normal bins packed as described above */ |
6c8dbf00 | 1852 | mchunkptr bins[NBINS * 2 - 2]; |
f65fd747 | 1853 | |
fa8d436c | 1854 | /* Bitmap of bins */ |
6c8dbf00 | 1855 | unsigned int binmap[BINMAPSIZE]; |
f65fd747 | 1856 | |
fa8d436c UD |
1857 | /* Linked list */ |
1858 | struct malloc_state *next; | |
f65fd747 | 1859 | |
a62719ba | 1860 | /* Linked list for free arenas. Access to this field is serialized |
90c400bd | 1861 | by free_list_lock in arena.c. */ |
425ce2ed | 1862 | struct malloc_state *next_free; |
425ce2ed | 1863 | |
a62719ba | 1864 | /* Number of threads attached to this arena. 0 if the arena is on |
90c400bd FW |
1865 | the free list. Access to this field is serialized by |
1866 | free_list_lock in arena.c. */ | |
a62719ba FW |
1867 | INTERNAL_SIZE_T attached_threads; |
1868 | ||
fa8d436c UD |
1869 | /* Memory allocated from the system in this arena. */ |
1870 | INTERNAL_SIZE_T system_mem; | |
1871 | INTERNAL_SIZE_T max_system_mem; | |
1872 | }; | |
f65fd747 | 1873 | |
6c8dbf00 OB |
1874 | struct malloc_par |
1875 | { | |
fa8d436c | 1876 | /* Tunable parameters */ |
6c8dbf00 OB |
1877 | unsigned long trim_threshold; |
1878 | INTERNAL_SIZE_T top_pad; | |
1879 | INTERNAL_SIZE_T mmap_threshold; | |
1880 | INTERNAL_SIZE_T arena_test; | |
1881 | INTERNAL_SIZE_T arena_max; | |
fa8d436c | 1882 | |
5f6d8d97 AZ |
1883 | #if HAVE_TUNABLES |
1884 | /* Transparent Large Page support. */ | |
1885 | INTERNAL_SIZE_T thp_pagesize; | |
98d5fcb8 AZ |
1886 | /* A value different than 0 means to align mmap allocation to hp_pagesize |
1887 | add hp_flags on flags. */ | |
1888 | INTERNAL_SIZE_T hp_pagesize; | |
1889 | int hp_flags; | |
5f6d8d97 AZ |
1890 | #endif |
1891 | ||
fa8d436c | 1892 | /* Memory map support */ |
6c8dbf00 OB |
1893 | int n_mmaps; |
1894 | int n_mmaps_max; | |
1895 | int max_n_mmaps; | |
1d05c2fb UD |
1896 | /* the mmap_threshold is dynamic, until the user sets |
1897 | it manually, at which point we need to disable any | |
1898 | dynamic behavior. */ | |
6c8dbf00 | 1899 | int no_dyn_threshold; |
fa8d436c | 1900 | |
fa8d436c | 1901 | /* Statistics */ |
6c8dbf00 | 1902 | INTERNAL_SIZE_T mmapped_mem; |
6c8dbf00 | 1903 | INTERNAL_SIZE_T max_mmapped_mem; |
fa8d436c UD |
1904 | |
1905 | /* First address handed out by MORECORE/sbrk. */ | |
6c8dbf00 | 1906 | char *sbrk_base; |
d5c3fafc DD |
1907 | |
1908 | #if USE_TCACHE | |
1909 | /* Maximum number of buckets to use. */ | |
1910 | size_t tcache_bins; | |
1911 | size_t tcache_max_bytes; | |
1912 | /* Maximum number of chunks in each bucket. */ | |
1913 | size_t tcache_count; | |
1914 | /* Maximum number of chunks to remove from the unsorted list, which | |
1915 | aren't used to prefill the cache. */ | |
1916 | size_t tcache_unsorted_limit; | |
1917 | #endif | |
fa8d436c | 1918 | }; |
f65fd747 | 1919 | |
fa8d436c UD |
1920 | /* There are several instances of this struct ("arenas") in this |
1921 | malloc. If you are adapting this malloc in a way that does NOT use | |
1922 | a static or mmapped malloc_state, you MUST explicitly zero-fill it | |
1923 | before using. This malloc relies on the property that malloc_state | |
1924 | is initialized to all zeroes (as is true of C statics). */ | |
f65fd747 | 1925 | |
02d46fc4 | 1926 | static struct malloc_state main_arena = |
6c8dbf00 | 1927 | { |
400e1226 | 1928 | .mutex = _LIBC_LOCK_INITIALIZER, |
a62719ba FW |
1929 | .next = &main_arena, |
1930 | .attached_threads = 1 | |
6c8dbf00 | 1931 | }; |
f65fd747 | 1932 | |
fa8d436c | 1933 | /* There is only one instance of the malloc parameters. */ |
f65fd747 | 1934 | |
02d46fc4 | 1935 | static struct malloc_par mp_ = |
6c8dbf00 OB |
1936 | { |
1937 | .top_pad = DEFAULT_TOP_PAD, | |
1938 | .n_mmaps_max = DEFAULT_MMAP_MAX, | |
1939 | .mmap_threshold = DEFAULT_MMAP_THRESHOLD, | |
1940 | .trim_threshold = DEFAULT_TRIM_THRESHOLD, | |
1941 | #define NARENAS_FROM_NCORES(n) ((n) * (sizeof (long) == 4 ? 2 : 8)) | |
1942 | .arena_test = NARENAS_FROM_NCORES (1) | |
d5c3fafc DD |
1943 | #if USE_TCACHE |
1944 | , | |
1945 | .tcache_count = TCACHE_FILL_COUNT, | |
1946 | .tcache_bins = TCACHE_MAX_BINS, | |
1947 | .tcache_max_bytes = tidx2usize (TCACHE_MAX_BINS-1), | |
1948 | .tcache_unsorted_limit = 0 /* No limit. */ | |
1949 | #endif | |
6c8dbf00 | 1950 | }; |
f65fd747 | 1951 | |
fa8d436c | 1952 | /* |
6c8dbf00 | 1953 | Initialize a malloc_state struct. |
f65fd747 | 1954 | |
3381be5c WD |
1955 | This is called from ptmalloc_init () or from _int_new_arena () |
1956 | when creating a new arena. | |
6c8dbf00 | 1957 | */ |
f65fd747 | 1958 | |
6c8dbf00 OB |
1959 | static void |
1960 | malloc_init_state (mstate av) | |
fa8d436c | 1961 | { |
6c8dbf00 | 1962 | int i; |
fa8d436c | 1963 | mbinptr bin; |
a9177ff5 | 1964 | |
fa8d436c | 1965 | /* Establish circular links for normal bins */ |
6c8dbf00 OB |
1966 | for (i = 1; i < NBINS; ++i) |
1967 | { | |
1968 | bin = bin_at (av, i); | |
1969 | bin->fd = bin->bk = bin; | |
1970 | } | |
f65fd747 | 1971 | |
fa8d436c UD |
1972 | #if MORECORE_CONTIGUOUS |
1973 | if (av != &main_arena) | |
1974 | #endif | |
6c8dbf00 | 1975 | set_noncontiguous (av); |
9bf248c6 | 1976 | if (av == &main_arena) |
6c8dbf00 | 1977 | set_max_fast (DEFAULT_MXFAST); |
e956075a | 1978 | atomic_store_relaxed (&av->have_fastchunks, false); |
f65fd747 | 1979 | |
6c8dbf00 | 1980 | av->top = initial_top (av); |
fa8d436c | 1981 | } |
e9b3e3c5 | 1982 | |
a9177ff5 | 1983 | /* |
fa8d436c | 1984 | Other internal utilities operating on mstates |
6c8dbf00 | 1985 | */ |
f65fd747 | 1986 | |
6c8dbf00 OB |
1987 | static void *sysmalloc (INTERNAL_SIZE_T, mstate); |
1988 | static int systrim (size_t, mstate); | |
1989 | static void malloc_consolidate (mstate); | |
7e3be507 | 1990 | |
404d4cef RM |
1991 | |
1992 | /* -------------- Early definitions for debugging hooks ---------------- */ | |
1993 | ||
0a947e06 FW |
1994 | /* This function is called from the arena shutdown hook, to free the |
1995 | thread cache (if it exists). */ | |
1996 | static void tcache_thread_shutdown (void); | |
404d4cef | 1997 | |
854278df UD |
1998 | /* ------------------ Testing support ----------------------------------*/ |
1999 | ||
2000 | static int perturb_byte; | |
2001 | ||
af102d95 | 2002 | static void |
e8349efd OB |
2003 | alloc_perturb (char *p, size_t n) |
2004 | { | |
2005 | if (__glibc_unlikely (perturb_byte)) | |
2006 | memset (p, perturb_byte ^ 0xff, n); | |
2007 | } | |
2008 | ||
af102d95 | 2009 | static void |
e8349efd OB |
2010 | free_perturb (char *p, size_t n) |
2011 | { | |
2012 | if (__glibc_unlikely (perturb_byte)) | |
2013 | memset (p, perturb_byte, n); | |
2014 | } | |
2015 | ||
854278df UD |
2016 | |
2017 | ||
3ea5be54 AO |
2018 | #include <stap-probe.h> |
2019 | ||
5f6d8d97 AZ |
2020 | /* ----------- Routines dealing with transparent huge pages ----------- */ |
2021 | ||
2022 | static inline void | |
2023 | madvise_thp (void *p, INTERNAL_SIZE_T size) | |
2024 | { | |
2025 | #if HAVE_TUNABLES && defined (MADV_HUGEPAGE) | |
2026 | /* Do not consider areas smaller than a huge page or if the tunable is | |
2027 | not active. */ | |
2028 | if (mp_.thp_pagesize == 0 || size < mp_.thp_pagesize) | |
2029 | return; | |
7478c995 AZ |
2030 | |
2031 | /* Linux requires the input address to be page-aligned, and unaligned | |
2032 | inputs happens only for initial data segment. */ | |
2033 | if (__glibc_unlikely (!PTR_IS_ALIGNED (p, GLRO (dl_pagesize)))) | |
2034 | { | |
2035 | void *q = PTR_ALIGN_DOWN (p, GLRO (dl_pagesize)); | |
2036 | size += PTR_DIFF (p, q); | |
2037 | p = q; | |
2038 | } | |
2039 | ||
5f6d8d97 AZ |
2040 | __madvise (p, size, MADV_HUGEPAGE); |
2041 | #endif | |
2042 | } | |
2043 | ||
fa8d436c UD |
2044 | /* ------------------- Support for multiple arenas -------------------- */ |
2045 | #include "arena.c" | |
f65fd747 | 2046 | |
fa8d436c | 2047 | /* |
6c8dbf00 | 2048 | Debugging support |
f65fd747 | 2049 | |
6c8dbf00 OB |
2050 | These routines make a number of assertions about the states |
2051 | of data structures that should be true at all times. If any | |
2052 | are not true, it's very likely that a user program has somehow | |
2053 | trashed memory. (It's also possible that there is a coding error | |
2054 | in malloc. In which case, please report it!) | |
2055 | */ | |
ee74a442 | 2056 | |
6c8dbf00 | 2057 | #if !MALLOC_DEBUG |
d8f00d46 | 2058 | |
6c8dbf00 OB |
2059 | # define check_chunk(A, P) |
2060 | # define check_free_chunk(A, P) | |
2061 | # define check_inuse_chunk(A, P) | |
2062 | # define check_remalloced_chunk(A, P, N) | |
2063 | # define check_malloced_chunk(A, P, N) | |
2064 | # define check_malloc_state(A) | |
d8f00d46 | 2065 | |
fa8d436c | 2066 | #else |
ca34d7a7 | 2067 | |
6c8dbf00 OB |
2068 | # define check_chunk(A, P) do_check_chunk (A, P) |
2069 | # define check_free_chunk(A, P) do_check_free_chunk (A, P) | |
2070 | # define check_inuse_chunk(A, P) do_check_inuse_chunk (A, P) | |
2071 | # define check_remalloced_chunk(A, P, N) do_check_remalloced_chunk (A, P, N) | |
2072 | # define check_malloced_chunk(A, P, N) do_check_malloced_chunk (A, P, N) | |
2073 | # define check_malloc_state(A) do_check_malloc_state (A) | |
ca34d7a7 | 2074 | |
fa8d436c | 2075 | /* |
6c8dbf00 OB |
2076 | Properties of all chunks |
2077 | */ | |
ca34d7a7 | 2078 | |
6c8dbf00 OB |
2079 | static void |
2080 | do_check_chunk (mstate av, mchunkptr p) | |
ca34d7a7 | 2081 | { |
6c8dbf00 | 2082 | unsigned long sz = chunksize (p); |
fa8d436c | 2083 | /* min and max possible addresses assuming contiguous allocation */ |
6c8dbf00 OB |
2084 | char *max_address = (char *) (av->top) + chunksize (av->top); |
2085 | char *min_address = max_address - av->system_mem; | |
fa8d436c | 2086 | |
6c8dbf00 OB |
2087 | if (!chunk_is_mmapped (p)) |
2088 | { | |
2089 | /* Has legal address ... */ | |
2090 | if (p != av->top) | |
2091 | { | |
2092 | if (contiguous (av)) | |
2093 | { | |
2094 | assert (((char *) p) >= min_address); | |
2095 | assert (((char *) p + sz) <= ((char *) (av->top))); | |
2096 | } | |
2097 | } | |
2098 | else | |
2099 | { | |
2100 | /* top size is always at least MINSIZE */ | |
2101 | assert ((unsigned long) (sz) >= MINSIZE); | |
2102 | /* top predecessor always marked inuse */ | |
2103 | assert (prev_inuse (p)); | |
2104 | } | |
fa8d436c | 2105 | } |
0552fd2c | 2106 | else |
6c8dbf00 OB |
2107 | { |
2108 | /* address is outside main heap */ | |
2109 | if (contiguous (av) && av->top != initial_top (av)) | |
2110 | { | |
2111 | assert (((char *) p) < min_address || ((char *) p) >= max_address); | |
2112 | } | |
2113 | /* chunk is page-aligned */ | |
e9c4fe93 | 2114 | assert (((prev_size (p) + sz) & (GLRO (dl_pagesize) - 1)) == 0); |
6c8dbf00 | 2115 | /* mem is aligned */ |
ca89f1c7 | 2116 | assert (aligned_OK (chunk2mem (p))); |
fa8d436c | 2117 | } |
eb406346 UD |
2118 | } |
2119 | ||
fa8d436c | 2120 | /* |
6c8dbf00 OB |
2121 | Properties of free chunks |
2122 | */ | |
ee74a442 | 2123 | |
6c8dbf00 OB |
2124 | static void |
2125 | do_check_free_chunk (mstate av, mchunkptr p) | |
67c94753 | 2126 | { |
3381be5c | 2127 | INTERNAL_SIZE_T sz = chunksize_nomask (p) & ~(PREV_INUSE | NON_MAIN_ARENA); |
6c8dbf00 | 2128 | mchunkptr next = chunk_at_offset (p, sz); |
67c94753 | 2129 | |
6c8dbf00 | 2130 | do_check_chunk (av, p); |
67c94753 | 2131 | |
fa8d436c | 2132 | /* Chunk must claim to be free ... */ |
6c8dbf00 OB |
2133 | assert (!inuse (p)); |
2134 | assert (!chunk_is_mmapped (p)); | |
67c94753 | 2135 | |
fa8d436c | 2136 | /* Unless a special marker, must have OK fields */ |
6c8dbf00 OB |
2137 | if ((unsigned long) (sz) >= MINSIZE) |
2138 | { | |
2139 | assert ((sz & MALLOC_ALIGN_MASK) == 0); | |
ca89f1c7 | 2140 | assert (aligned_OK (chunk2mem (p))); |
6c8dbf00 | 2141 | /* ... matching footer field */ |
3381be5c | 2142 | assert (prev_size (next_chunk (p)) == sz); |
6c8dbf00 OB |
2143 | /* ... and is fully consolidated */ |
2144 | assert (prev_inuse (p)); | |
2145 | assert (next == av->top || inuse (next)); | |
2146 | ||
2147 | /* ... and has minimally sane links */ | |
2148 | assert (p->fd->bk == p); | |
2149 | assert (p->bk->fd == p); | |
2150 | } | |
fa8d436c | 2151 | else /* markers are always of size SIZE_SZ */ |
6c8dbf00 | 2152 | assert (sz == SIZE_SZ); |
67c94753 | 2153 | } |
67c94753 | 2154 | |
fa8d436c | 2155 | /* |
6c8dbf00 OB |
2156 | Properties of inuse chunks |
2157 | */ | |
fa8d436c | 2158 | |
6c8dbf00 OB |
2159 | static void |
2160 | do_check_inuse_chunk (mstate av, mchunkptr p) | |
f65fd747 | 2161 | { |
fa8d436c | 2162 | mchunkptr next; |
f65fd747 | 2163 | |
6c8dbf00 | 2164 | do_check_chunk (av, p); |
f65fd747 | 2165 | |
6c8dbf00 | 2166 | if (chunk_is_mmapped (p)) |
fa8d436c | 2167 | return; /* mmapped chunks have no next/prev */ |
ca34d7a7 | 2168 | |
fa8d436c | 2169 | /* Check whether it claims to be in use ... */ |
6c8dbf00 | 2170 | assert (inuse (p)); |
10dc2a90 | 2171 | |
6c8dbf00 | 2172 | next = next_chunk (p); |
10dc2a90 | 2173 | |
fa8d436c | 2174 | /* ... and is surrounded by OK chunks. |
6c8dbf00 OB |
2175 | Since more things can be checked with free chunks than inuse ones, |
2176 | if an inuse chunk borders them and debug is on, it's worth doing them. | |
2177 | */ | |
2178 | if (!prev_inuse (p)) | |
2179 | { | |
2180 | /* Note that we cannot even look at prev unless it is not inuse */ | |
2181 | mchunkptr prv = prev_chunk (p); | |
2182 | assert (next_chunk (prv) == p); | |
2183 | do_check_free_chunk (av, prv); | |
2184 | } | |
fa8d436c | 2185 | |
6c8dbf00 OB |
2186 | if (next == av->top) |
2187 | { | |
2188 | assert (prev_inuse (next)); | |
2189 | assert (chunksize (next) >= MINSIZE); | |
2190 | } | |
2191 | else if (!inuse (next)) | |
2192 | do_check_free_chunk (av, next); | |
10dc2a90 UD |
2193 | } |
2194 | ||
fa8d436c | 2195 | /* |
6c8dbf00 OB |
2196 | Properties of chunks recycled from fastbins |
2197 | */ | |
fa8d436c | 2198 | |
6c8dbf00 OB |
2199 | static void |
2200 | do_check_remalloced_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T s) | |
10dc2a90 | 2201 | { |
3381be5c | 2202 | INTERNAL_SIZE_T sz = chunksize_nomask (p) & ~(PREV_INUSE | NON_MAIN_ARENA); |
fa8d436c | 2203 | |
6c8dbf00 OB |
2204 | if (!chunk_is_mmapped (p)) |
2205 | { | |
2206 | assert (av == arena_for_chunk (p)); | |
e9c4fe93 | 2207 | if (chunk_main_arena (p)) |
6c8dbf00 | 2208 | assert (av == &main_arena); |
e9c4fe93 FW |
2209 | else |
2210 | assert (av != &main_arena); | |
6c8dbf00 | 2211 | } |
fa8d436c | 2212 | |
6c8dbf00 | 2213 | do_check_inuse_chunk (av, p); |
fa8d436c UD |
2214 | |
2215 | /* Legal size ... */ | |
6c8dbf00 OB |
2216 | assert ((sz & MALLOC_ALIGN_MASK) == 0); |
2217 | assert ((unsigned long) (sz) >= MINSIZE); | |
fa8d436c | 2218 | /* ... and alignment */ |
ca89f1c7 | 2219 | assert (aligned_OK (chunk2mem (p))); |
fa8d436c | 2220 | /* chunk is less than MINSIZE more than request */ |
6c8dbf00 OB |
2221 | assert ((long) (sz) - (long) (s) >= 0); |
2222 | assert ((long) (sz) - (long) (s + MINSIZE) < 0); | |
10dc2a90 UD |
2223 | } |
2224 | ||
fa8d436c | 2225 | /* |
6c8dbf00 OB |
2226 | Properties of nonrecycled chunks at the point they are malloced |
2227 | */ | |
fa8d436c | 2228 | |
6c8dbf00 OB |
2229 | static void |
2230 | do_check_malloced_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T s) | |
10dc2a90 | 2231 | { |
fa8d436c | 2232 | /* same as recycled case ... */ |
6c8dbf00 | 2233 | do_check_remalloced_chunk (av, p, s); |
10dc2a90 | 2234 | |
fa8d436c | 2235 | /* |
6c8dbf00 OB |
2236 | ... plus, must obey implementation invariant that prev_inuse is |
2237 | always true of any allocated chunk; i.e., that each allocated | |
2238 | chunk borders either a previously allocated and still in-use | |
2239 | chunk, or the base of its memory arena. This is ensured | |
2240 | by making all allocations from the `lowest' part of any found | |
2241 | chunk. This does not necessarily hold however for chunks | |
2242 | recycled via fastbins. | |
2243 | */ | |
2244 | ||
2245 | assert (prev_inuse (p)); | |
fa8d436c | 2246 | } |
10dc2a90 | 2247 | |
f65fd747 | 2248 | |
fa8d436c | 2249 | /* |
6c8dbf00 | 2250 | Properties of malloc_state. |
f65fd747 | 2251 | |
6c8dbf00 OB |
2252 | This may be useful for debugging malloc, as well as detecting user |
2253 | programmer errors that somehow write into malloc_state. | |
f65fd747 | 2254 | |
6c8dbf00 OB |
2255 | If you are extending or experimenting with this malloc, you can |
2256 | probably figure out how to hack this routine to print out or | |
2257 | display chunk addresses, sizes, bins, and other instrumentation. | |
2258 | */ | |
f65fd747 | 2259 | |
6c8dbf00 OB |
2260 | static void |
2261 | do_check_malloc_state (mstate av) | |
fa8d436c UD |
2262 | { |
2263 | int i; | |
2264 | mchunkptr p; | |
2265 | mchunkptr q; | |
2266 | mbinptr b; | |
fa8d436c UD |
2267 | unsigned int idx; |
2268 | INTERNAL_SIZE_T size; | |
2269 | unsigned long total = 0; | |
2270 | int max_fast_bin; | |
f65fd747 | 2271 | |
fa8d436c | 2272 | /* internal size_t must be no wider than pointer type */ |
6c8dbf00 | 2273 | assert (sizeof (INTERNAL_SIZE_T) <= sizeof (char *)); |
f65fd747 | 2274 | |
fa8d436c | 2275 | /* alignment is a power of 2 */ |
6c8dbf00 | 2276 | assert ((MALLOC_ALIGNMENT & (MALLOC_ALIGNMENT - 1)) == 0); |
f65fd747 | 2277 | |
3381be5c WD |
2278 | /* Check the arena is initialized. */ |
2279 | assert (av->top != 0); | |
2280 | ||
2281 | /* No memory has been allocated yet, so doing more tests is not possible. */ | |
2282 | if (av->top == initial_top (av)) | |
fa8d436c | 2283 | return; |
f65fd747 | 2284 | |
fa8d436c | 2285 | /* pagesize is a power of 2 */ |
8a35c3fe | 2286 | assert (powerof2(GLRO (dl_pagesize))); |
f65fd747 | 2287 | |
fa8d436c | 2288 | /* A contiguous main_arena is consistent with sbrk_base. */ |
6c8dbf00 OB |
2289 | if (av == &main_arena && contiguous (av)) |
2290 | assert ((char *) mp_.sbrk_base + av->system_mem == | |
2291 | (char *) av->top + chunksize (av->top)); | |
fa8d436c UD |
2292 | |
2293 | /* properties of fastbins */ | |
2294 | ||
2295 | /* max_fast is in allowed range */ | |
6c8dbf00 OB |
2296 | assert ((get_max_fast () & ~1) <= request2size (MAX_FAST_SIZE)); |
2297 | ||
2298 | max_fast_bin = fastbin_index (get_max_fast ()); | |
2299 | ||
2300 | for (i = 0; i < NFASTBINS; ++i) | |
2301 | { | |
2302 | p = fastbin (av, i); | |
2303 | ||
2304 | /* The following test can only be performed for the main arena. | |
2305 | While mallopt calls malloc_consolidate to get rid of all fast | |
2306 | bins (especially those larger than the new maximum) this does | |
2307 | only happen for the main arena. Trying to do this for any | |
2308 | other arena would mean those arenas have to be locked and | |
2309 | malloc_consolidate be called for them. This is excessive. And | |
2310 | even if this is acceptable to somebody it still cannot solve | |
2311 | the problem completely since if the arena is locked a | |
2312 | concurrent malloc call might create a new arena which then | |
2313 | could use the newly invalid fast bins. */ | |
2314 | ||
2315 | /* all bins past max_fast are empty */ | |
2316 | if (av == &main_arena && i > max_fast_bin) | |
2317 | assert (p == 0); | |
2318 | ||
2319 | while (p != 0) | |
2320 | { | |
49c3c376 | 2321 | if (__glibc_unlikely (misaligned_chunk (p))) |
768358b6 | 2322 | malloc_printerr ("do_check_malloc_state(): " |
a1a486d7 | 2323 | "unaligned fastbin chunk detected"); |
6c8dbf00 OB |
2324 | /* each chunk claims to be inuse */ |
2325 | do_check_inuse_chunk (av, p); | |
2326 | total += chunksize (p); | |
2327 | /* chunk belongs in this bin */ | |
2328 | assert (fastbin_index (chunksize (p)) == i); | |
a1a486d7 | 2329 | p = REVEAL_PTR (p->fd); |
6c8dbf00 | 2330 | } |
fa8d436c | 2331 | } |
fa8d436c | 2332 | |
fa8d436c | 2333 | /* check normal bins */ |
6c8dbf00 OB |
2334 | for (i = 1; i < NBINS; ++i) |
2335 | { | |
2336 | b = bin_at (av, i); | |
2337 | ||
2338 | /* binmap is accurate (except for bin 1 == unsorted_chunks) */ | |
2339 | if (i >= 2) | |
2340 | { | |
2341 | unsigned int binbit = get_binmap (av, i); | |
2342 | int empty = last (b) == b; | |
2343 | if (!binbit) | |
2344 | assert (empty); | |
2345 | else if (!empty) | |
2346 | assert (binbit); | |
2347 | } | |
2348 | ||
2349 | for (p = last (b); p != b; p = p->bk) | |
2350 | { | |
2351 | /* each chunk claims to be free */ | |
2352 | do_check_free_chunk (av, p); | |
2353 | size = chunksize (p); | |
2354 | total += size; | |
2355 | if (i >= 2) | |
2356 | { | |
2357 | /* chunk belongs in bin */ | |
2358 | idx = bin_index (size); | |
2359 | assert (idx == i); | |
2360 | /* lists are sorted */ | |
2361 | assert (p->bk == b || | |
2362 | (unsigned long) chunksize (p->bk) >= (unsigned long) chunksize (p)); | |
2363 | ||
2364 | if (!in_smallbin_range (size)) | |
2365 | { | |
2366 | if (p->fd_nextsize != NULL) | |
2367 | { | |
2368 | if (p->fd_nextsize == p) | |
2369 | assert (p->bk_nextsize == p); | |
2370 | else | |
2371 | { | |
2372 | if (p->fd_nextsize == first (b)) | |
2373 | assert (chunksize (p) < chunksize (p->fd_nextsize)); | |
2374 | else | |
2375 | assert (chunksize (p) > chunksize (p->fd_nextsize)); | |
2376 | ||
2377 | if (p == first (b)) | |
2378 | assert (chunksize (p) > chunksize (p->bk_nextsize)); | |
2379 | else | |
2380 | assert (chunksize (p) < chunksize (p->bk_nextsize)); | |
2381 | } | |
2382 | } | |
2383 | else | |
2384 | assert (p->bk_nextsize == NULL); | |
2385 | } | |
2386 | } | |
2387 | else if (!in_smallbin_range (size)) | |
2388 | assert (p->fd_nextsize == NULL && p->bk_nextsize == NULL); | |
2389 | /* chunk is followed by a legal chain of inuse chunks */ | |
2390 | for (q = next_chunk (p); | |
2391 | (q != av->top && inuse (q) && | |
2392 | (unsigned long) (chunksize (q)) >= MINSIZE); | |
2393 | q = next_chunk (q)) | |
2394 | do_check_inuse_chunk (av, q); | |
2395 | } | |
fa8d436c | 2396 | } |
f65fd747 | 2397 | |
fa8d436c | 2398 | /* top chunk is OK */ |
6c8dbf00 | 2399 | check_chunk (av, av->top); |
fa8d436c UD |
2400 | } |
2401 | #endif | |
2402 | ||
2403 | ||
2404 | /* ----------------- Support for debugging hooks -------------------- */ | |
b5bd5bfe | 2405 | #if IS_IN (libc) |
fa8d436c | 2406 | #include "hooks.c" |
b5bd5bfe | 2407 | #endif |
fa8d436c UD |
2408 | |
2409 | ||
2410 | /* ----------- Routines dealing with system allocation -------------- */ | |
2411 | ||
2412 | /* | |
6c8dbf00 OB |
2413 | sysmalloc handles malloc cases requiring more memory from the system. |
2414 | On entry, it is assumed that av->top does not have enough | |
2415 | space to service request for nb bytes, thus requiring that av->top | |
2416 | be extended or replaced. | |
2417 | */ | |
fa8d436c | 2418 | |
6cc3ccc6 AZ |
2419 | static void * |
2420 | sysmalloc_mmap (INTERNAL_SIZE_T nb, size_t pagesize, int extra_flags, mstate av) | |
2421 | { | |
2422 | long int size; | |
2423 | ||
2424 | /* | |
2425 | Round up size to nearest page. For mmapped chunks, the overhead is one | |
2426 | SIZE_SZ unit larger than for normal chunks, because there is no | |
2427 | following chunk whose prev_size field could be used. | |
2428 | ||
2429 | See the front_misalign handling below, for glibc there is no need for | |
2430 | further alignments unless we have have high alignment. | |
2431 | */ | |
2432 | if (MALLOC_ALIGNMENT == CHUNK_HDR_SZ) | |
2433 | size = ALIGN_UP (nb + SIZE_SZ, pagesize); | |
2434 | else | |
2435 | size = ALIGN_UP (nb + SIZE_SZ + MALLOC_ALIGN_MASK, pagesize); | |
2436 | ||
2437 | /* Don't try if size wraps around 0. */ | |
2438 | if ((unsigned long) (size) <= (unsigned long) (nb)) | |
2439 | return MAP_FAILED; | |
2440 | ||
2441 | char *mm = (char *) MMAP (0, size, | |
2442 | mtag_mmap_flags | PROT_READ | PROT_WRITE, | |
2443 | extra_flags); | |
2444 | if (mm == MAP_FAILED) | |
2445 | return mm; | |
2446 | ||
98d5fcb8 AZ |
2447 | #ifdef MAP_HUGETLB |
2448 | if (!(extra_flags & MAP_HUGETLB)) | |
2449 | madvise_thp (mm, size); | |
2450 | #endif | |
6cc3ccc6 AZ |
2451 | |
2452 | /* | |
2453 | The offset to the start of the mmapped region is stored in the prev_size | |
2454 | field of the chunk. This allows us to adjust returned start address to | |
2455 | meet alignment requirements here and in memalign(), and still be able to | |
2456 | compute proper address argument for later munmap in free() and realloc(). | |
2457 | */ | |
2458 | ||
2459 | INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */ | |
2460 | ||
2461 | if (MALLOC_ALIGNMENT == CHUNK_HDR_SZ) | |
2462 | { | |
2463 | /* For glibc, chunk2mem increases the address by CHUNK_HDR_SZ and | |
2464 | MALLOC_ALIGN_MASK is CHUNK_HDR_SZ-1. Each mmap'ed area is page | |
2465 | aligned and therefore definitely MALLOC_ALIGN_MASK-aligned. */ | |
2466 | assert (((INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK) == 0); | |
2467 | front_misalign = 0; | |
2468 | } | |
2469 | else | |
2470 | front_misalign = (INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK; | |
2471 | ||
2472 | mchunkptr p; /* the allocated/returned chunk */ | |
2473 | ||
2474 | if (front_misalign > 0) | |
2475 | { | |
2476 | ptrdiff_t correction = MALLOC_ALIGNMENT - front_misalign; | |
2477 | p = (mchunkptr) (mm + correction); | |
2478 | set_prev_size (p, correction); | |
2479 | set_head (p, (size - correction) | IS_MMAPPED); | |
2480 | } | |
2481 | else | |
2482 | { | |
2483 | p = (mchunkptr) mm; | |
2484 | set_prev_size (p, 0); | |
2485 | set_head (p, size | IS_MMAPPED); | |
2486 | } | |
2487 | ||
2488 | /* update statistics */ | |
2489 | int new = atomic_exchange_and_add (&mp_.n_mmaps, 1) + 1; | |
2490 | atomic_max (&mp_.max_n_mmaps, new); | |
2491 | ||
2492 | unsigned long sum; | |
2493 | sum = atomic_exchange_and_add (&mp_.mmapped_mem, size) + size; | |
2494 | atomic_max (&mp_.max_mmapped_mem, sum); | |
2495 | ||
2496 | check_chunk (av, p); | |
2497 | ||
2498 | return chunk2mem (p); | |
2499 | } | |
2500 | ||
6c8dbf00 OB |
2501 | static void * |
2502 | sysmalloc (INTERNAL_SIZE_T nb, mstate av) | |
f65fd747 | 2503 | { |
6c8dbf00 | 2504 | mchunkptr old_top; /* incoming value of av->top */ |
fa8d436c | 2505 | INTERNAL_SIZE_T old_size; /* its size */ |
6c8dbf00 | 2506 | char *old_end; /* its end address */ |
f65fd747 | 2507 | |
6c8dbf00 OB |
2508 | long size; /* arg to first MORECORE or mmap call */ |
2509 | char *brk; /* return value from MORECORE */ | |
f65fd747 | 2510 | |
6c8dbf00 OB |
2511 | long correction; /* arg to 2nd MORECORE call */ |
2512 | char *snd_brk; /* 2nd return val */ | |
f65fd747 | 2513 | |
fa8d436c UD |
2514 | INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */ |
2515 | INTERNAL_SIZE_T end_misalign; /* partial page left at end of new space */ | |
6c8dbf00 | 2516 | char *aligned_brk; /* aligned offset into brk */ |
f65fd747 | 2517 | |
6c8dbf00 OB |
2518 | mchunkptr p; /* the allocated/returned chunk */ |
2519 | mchunkptr remainder; /* remainder from allocation */ | |
2520 | unsigned long remainder_size; /* its size */ | |
fa8d436c | 2521 | |
fa8d436c | 2522 | |
8a35c3fe | 2523 | size_t pagesize = GLRO (dl_pagesize); |
6c8dbf00 | 2524 | bool tried_mmap = false; |
fa8d436c UD |
2525 | |
2526 | ||
fa8d436c | 2527 | /* |
6c8dbf00 OB |
2528 | If have mmap, and the request size meets the mmap threshold, and |
2529 | the system supports mmap, and there are few enough currently | |
2530 | allocated mmapped regions, try to directly map this request | |
2531 | rather than expanding top. | |
2532 | */ | |
2533 | ||
fff94fa2 SP |
2534 | if (av == NULL |
2535 | || ((unsigned long) (nb) >= (unsigned long) (mp_.mmap_threshold) | |
2536 | && (mp_.n_mmaps < mp_.n_mmaps_max))) | |
6c8dbf00 | 2537 | { |
98d5fcb8 AZ |
2538 | char *mm; |
2539 | #if HAVE_TUNABLES | |
2540 | if (mp_.hp_pagesize > 0 && nb >= mp_.hp_pagesize) | |
2541 | { | |
2542 | /* There is no need to isse the THP madvise call if Huge Pages are | |
2543 | used directly. */ | |
2544 | mm = sysmalloc_mmap (nb, mp_.hp_pagesize, mp_.hp_flags, av); | |
2545 | if (mm != MAP_FAILED) | |
2546 | return mm; | |
2547 | } | |
2548 | #endif | |
2549 | mm = sysmalloc_mmap (nb, pagesize, 0, av); | |
6cc3ccc6 AZ |
2550 | if (mm != MAP_FAILED) |
2551 | return mm; | |
6c8dbf00 | 2552 | tried_mmap = true; |
fa8d436c | 2553 | } |
fa8d436c | 2554 | |
fff94fa2 SP |
2555 | /* There are no usable arenas and mmap also failed. */ |
2556 | if (av == NULL) | |
2557 | return 0; | |
2558 | ||
fa8d436c UD |
2559 | /* Record incoming configuration of top */ |
2560 | ||
6c8dbf00 OB |
2561 | old_top = av->top; |
2562 | old_size = chunksize (old_top); | |
2563 | old_end = (char *) (chunk_at_offset (old_top, old_size)); | |
fa8d436c | 2564 | |
6c8dbf00 | 2565 | brk = snd_brk = (char *) (MORECORE_FAILURE); |
fa8d436c | 2566 | |
a9177ff5 | 2567 | /* |
fa8d436c UD |
2568 | If not the first time through, we require old_size to be |
2569 | at least MINSIZE and to have prev_inuse set. | |
6c8dbf00 | 2570 | */ |
fa8d436c | 2571 | |
6c8dbf00 OB |
2572 | assert ((old_top == initial_top (av) && old_size == 0) || |
2573 | ((unsigned long) (old_size) >= MINSIZE && | |
2574 | prev_inuse (old_top) && | |
8a35c3fe | 2575 | ((unsigned long) old_end & (pagesize - 1)) == 0)); |
fa8d436c UD |
2576 | |
2577 | /* Precondition: not enough current space to satisfy nb request */ | |
6c8dbf00 | 2578 | assert ((unsigned long) (old_size) < (unsigned long) (nb + MINSIZE)); |
a9177ff5 | 2579 | |
72f90263 | 2580 | |
6c8dbf00 OB |
2581 | if (av != &main_arena) |
2582 | { | |
2583 | heap_info *old_heap, *heap; | |
2584 | size_t old_heap_size; | |
2585 | ||
2586 | /* First try to extend the current heap. */ | |
2587 | old_heap = heap_for_ptr (old_top); | |
2588 | old_heap_size = old_heap->size; | |
2589 | if ((long) (MINSIZE + nb - old_size) > 0 | |
2590 | && grow_heap (old_heap, MINSIZE + nb - old_size) == 0) | |
2591 | { | |
2592 | av->system_mem += old_heap->size - old_heap_size; | |
6c8dbf00 OB |
2593 | set_head (old_top, (((char *) old_heap + old_heap->size) - (char *) old_top) |
2594 | | PREV_INUSE); | |
2595 | } | |
2596 | else if ((heap = new_heap (nb + (MINSIZE + sizeof (*heap)), mp_.top_pad))) | |
2597 | { | |
2598 | /* Use a newly allocated heap. */ | |
2599 | heap->ar_ptr = av; | |
2600 | heap->prev = old_heap; | |
2601 | av->system_mem += heap->size; | |
6c8dbf00 OB |
2602 | /* Set up the new top. */ |
2603 | top (av) = chunk_at_offset (heap, sizeof (*heap)); | |
2604 | set_head (top (av), (heap->size - sizeof (*heap)) | PREV_INUSE); | |
2605 | ||
2606 | /* Setup fencepost and free the old top chunk with a multiple of | |
2607 | MALLOC_ALIGNMENT in size. */ | |
2608 | /* The fencepost takes at least MINSIZE bytes, because it might | |
2609 | become the top chunk again later. Note that a footer is set | |
2610 | up, too, although the chunk is marked in use. */ | |
2611 | old_size = (old_size - MINSIZE) & ~MALLOC_ALIGN_MASK; | |
3784dfc0 RE |
2612 | set_head (chunk_at_offset (old_top, old_size + CHUNK_HDR_SZ), |
2613 | 0 | PREV_INUSE); | |
6c8dbf00 OB |
2614 | if (old_size >= MINSIZE) |
2615 | { | |
3784dfc0 RE |
2616 | set_head (chunk_at_offset (old_top, old_size), |
2617 | CHUNK_HDR_SZ | PREV_INUSE); | |
2618 | set_foot (chunk_at_offset (old_top, old_size), CHUNK_HDR_SZ); | |
6c8dbf00 OB |
2619 | set_head (old_top, old_size | PREV_INUSE | NON_MAIN_ARENA); |
2620 | _int_free (av, old_top, 1); | |
2621 | } | |
2622 | else | |
2623 | { | |
3784dfc0 RE |
2624 | set_head (old_top, (old_size + CHUNK_HDR_SZ) | PREV_INUSE); |
2625 | set_foot (old_top, (old_size + CHUNK_HDR_SZ)); | |
6c8dbf00 OB |
2626 | } |
2627 | } | |
2628 | else if (!tried_mmap) | |
6cc3ccc6 | 2629 | { |
98d5fcb8 AZ |
2630 | /* We can at least try to use to mmap memory. If new_heap fails |
2631 | it is unlikely that trying to allocate huge pages will | |
2632 | succeed. */ | |
6cc3ccc6 AZ |
2633 | char *mm = sysmalloc_mmap (nb, pagesize, 0, av); |
2634 | if (mm != MAP_FAILED) | |
2635 | return mm; | |
2636 | } | |
fa8d436c | 2637 | } |
6c8dbf00 | 2638 | else /* av == main_arena */ |
fa8d436c | 2639 | |
fa8d436c | 2640 | |
6c8dbf00 OB |
2641 | { /* Request enough space for nb + pad + overhead */ |
2642 | size = nb + mp_.top_pad + MINSIZE; | |
a9177ff5 | 2643 | |
6c8dbf00 OB |
2644 | /* |
2645 | If contiguous, we can subtract out existing space that we hope to | |
2646 | combine with new space. We add it back later only if | |
2647 | we don't actually get contiguous space. | |
2648 | */ | |
a9177ff5 | 2649 | |
6c8dbf00 OB |
2650 | if (contiguous (av)) |
2651 | size -= old_size; | |
fa8d436c | 2652 | |
6c8dbf00 | 2653 | /* |
7478c995 | 2654 | Round to a multiple of page size or huge page size. |
6c8dbf00 OB |
2655 | If MORECORE is not contiguous, this ensures that we only call it |
2656 | with whole-page arguments. And if MORECORE is contiguous and | |
2657 | this is not first time through, this preserves page-alignment of | |
2658 | previous calls. Otherwise, we correct to page-align below. | |
2659 | */ | |
fa8d436c | 2660 | |
7478c995 AZ |
2661 | #if HAVE_TUNABLES && defined (MADV_HUGEPAGE) |
2662 | /* Defined in brk.c. */ | |
2663 | extern void *__curbrk; | |
2664 | if (__glibc_unlikely (mp_.thp_pagesize != 0)) | |
2665 | { | |
2666 | uintptr_t top = ALIGN_UP ((uintptr_t) __curbrk + size, | |
2667 | mp_.thp_pagesize); | |
2668 | size = top - (uintptr_t) __curbrk; | |
2669 | } | |
2670 | else | |
2671 | #endif | |
2672 | size = ALIGN_UP (size, GLRO(dl_pagesize)); | |
fa8d436c | 2673 | |
6c8dbf00 OB |
2674 | /* |
2675 | Don't try to call MORECORE if argument is so big as to appear | |
2676 | negative. Note that since mmap takes size_t arg, it may succeed | |
2677 | below even if we cannot call MORECORE. | |
2678 | */ | |
2679 | ||
2680 | if (size > 0) | |
2681 | { | |
2682 | brk = (char *) (MORECORE (size)); | |
5f6d8d97 AZ |
2683 | if (brk != (char *) (MORECORE_FAILURE)) |
2684 | madvise_thp (brk, size); | |
6c8dbf00 OB |
2685 | LIBC_PROBE (memory_sbrk_more, 2, brk, size); |
2686 | } | |
2687 | ||
57b07bed | 2688 | if (brk == (char *) (MORECORE_FAILURE)) |
6c8dbf00 OB |
2689 | { |
2690 | /* | |
2691 | If have mmap, try using it as a backup when MORECORE fails or | |
2692 | cannot be used. This is worth doing on systems that have "holes" in | |
2693 | address space, so sbrk cannot extend to give contiguous space, but | |
2694 | space is available elsewhere. Note that we ignore mmap max count | |
2695 | and threshold limits, since the space will not be used as a | |
2696 | segregated mmap region. | |
2697 | */ | |
2698 | ||
2699 | /* Cannot merge with old top, so add its size back in */ | |
2700 | if (contiguous (av)) | |
8a35c3fe | 2701 | size = ALIGN_UP (size + old_size, pagesize); |
6c8dbf00 OB |
2702 | |
2703 | /* If we are relying on mmap as backup, then use larger units */ | |
2704 | if ((unsigned long) (size) < (unsigned long) (MMAP_AS_MORECORE_SIZE)) | |
2705 | size = MMAP_AS_MORECORE_SIZE; | |
2706 | ||
2707 | /* Don't try if size wraps around 0 */ | |
2708 | if ((unsigned long) (size) > (unsigned long) (nb)) | |
2709 | { | |
3784dfc0 | 2710 | char *mbrk = (char *) (MMAP (0, size, |
0c719cf4 | 2711 | mtag_mmap_flags | PROT_READ | PROT_WRITE, |
3784dfc0 | 2712 | 0)); |
6c8dbf00 OB |
2713 | |
2714 | if (mbrk != MAP_FAILED) | |
2715 | { | |
5f6d8d97 AZ |
2716 | madvise_thp (mbrk, size); |
2717 | ||
6c8dbf00 OB |
2718 | /* We do not need, and cannot use, another sbrk call to find end */ |
2719 | brk = mbrk; | |
2720 | snd_brk = brk + size; | |
2721 | ||
2722 | /* | |
2723 | Record that we no longer have a contiguous sbrk region. | |
2724 | After the first time mmap is used as backup, we do not | |
2725 | ever rely on contiguous space since this could incorrectly | |
2726 | bridge regions. | |
2727 | */ | |
2728 | set_noncontiguous (av); | |
2729 | } | |
2730 | } | |
2731 | } | |
2732 | ||
2733 | if (brk != (char *) (MORECORE_FAILURE)) | |
2734 | { | |
2735 | if (mp_.sbrk_base == 0) | |
2736 | mp_.sbrk_base = brk; | |
2737 | av->system_mem += size; | |
2738 | ||
2739 | /* | |
2740 | If MORECORE extends previous space, we can likewise extend top size. | |
2741 | */ | |
2742 | ||
2743 | if (brk == old_end && snd_brk == (char *) (MORECORE_FAILURE)) | |
2744 | set_head (old_top, (size + old_size) | PREV_INUSE); | |
2745 | ||
2746 | else if (contiguous (av) && old_size && brk < old_end) | |
ac3ed168 FW |
2747 | /* Oops! Someone else killed our space.. Can't touch anything. */ |
2748 | malloc_printerr ("break adjusted to free malloc space"); | |
6c8dbf00 OB |
2749 | |
2750 | /* | |
2751 | Otherwise, make adjustments: | |
2752 | ||
2753 | * If the first time through or noncontiguous, we need to call sbrk | |
2754 | just to find out where the end of memory lies. | |
2755 | ||
2756 | * We need to ensure that all returned chunks from malloc will meet | |
2757 | MALLOC_ALIGNMENT | |
2758 | ||
2759 | * If there was an intervening foreign sbrk, we need to adjust sbrk | |
2760 | request size to account for fact that we will not be able to | |
2761 | combine new space with existing space in old_top. | |
2762 | ||
2763 | * Almost all systems internally allocate whole pages at a time, in | |
2764 | which case we might as well use the whole last page of request. | |
2765 | So we allocate enough more memory to hit a page boundary now, | |
2766 | which in turn causes future contiguous calls to page-align. | |
2767 | */ | |
2768 | ||
2769 | else | |
2770 | { | |
2771 | front_misalign = 0; | |
2772 | end_misalign = 0; | |
2773 | correction = 0; | |
2774 | aligned_brk = brk; | |
2775 | ||
2776 | /* handle contiguous cases */ | |
2777 | if (contiguous (av)) | |
2778 | { | |
2779 | /* Count foreign sbrk as system_mem. */ | |
2780 | if (old_size) | |
2781 | av->system_mem += brk - old_end; | |
2782 | ||
2783 | /* Guarantee alignment of first new chunk made from this space */ | |
2784 | ||
ca89f1c7 | 2785 | front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK; |
6c8dbf00 OB |
2786 | if (front_misalign > 0) |
2787 | { | |
2788 | /* | |
2789 | Skip over some bytes to arrive at an aligned position. | |
2790 | We don't need to specially mark these wasted front bytes. | |
2791 | They will never be accessed anyway because | |
2792 | prev_inuse of av->top (and any chunk created from its start) | |
2793 | is always true after initialization. | |
2794 | */ | |
2795 | ||
2796 | correction = MALLOC_ALIGNMENT - front_misalign; | |
2797 | aligned_brk += correction; | |
2798 | } | |
2799 | ||
2800 | /* | |
2801 | If this isn't adjacent to existing space, then we will not | |
2802 | be able to merge with old_top space, so must add to 2nd request. | |
2803 | */ | |
2804 | ||
2805 | correction += old_size; | |
2806 | ||
2807 | /* Extend the end address to hit a page boundary */ | |
2808 | end_misalign = (INTERNAL_SIZE_T) (brk + size + correction); | |
8a35c3fe | 2809 | correction += (ALIGN_UP (end_misalign, pagesize)) - end_misalign; |
6c8dbf00 OB |
2810 | |
2811 | assert (correction >= 0); | |
2812 | snd_brk = (char *) (MORECORE (correction)); | |
2813 | ||
2814 | /* | |
2815 | If can't allocate correction, try to at least find out current | |
2816 | brk. It might be enough to proceed without failing. | |
2817 | ||
2818 | Note that if second sbrk did NOT fail, we assume that space | |
2819 | is contiguous with first sbrk. This is a safe assumption unless | |
2820 | program is multithreaded but doesn't use locks and a foreign sbrk | |
2821 | occurred between our first and second calls. | |
2822 | */ | |
2823 | ||
2824 | if (snd_brk == (char *) (MORECORE_FAILURE)) | |
2825 | { | |
2826 | correction = 0; | |
2827 | snd_brk = (char *) (MORECORE (0)); | |
2828 | } | |
5f6d8d97 AZ |
2829 | else |
2830 | madvise_thp (snd_brk, correction); | |
6c8dbf00 OB |
2831 | } |
2832 | ||
2833 | /* handle non-contiguous cases */ | |
2834 | else | |
2835 | { | |
3784dfc0 | 2836 | if (MALLOC_ALIGNMENT == CHUNK_HDR_SZ) |
6c8dbf00 | 2837 | /* MORECORE/mmap must correctly align */ |
ca89f1c7 | 2838 | assert (((unsigned long) chunk2mem (brk) & MALLOC_ALIGN_MASK) == 0); |
6c8dbf00 OB |
2839 | else |
2840 | { | |
ca89f1c7 | 2841 | front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK; |
6c8dbf00 OB |
2842 | if (front_misalign > 0) |
2843 | { | |
2844 | /* | |
2845 | Skip over some bytes to arrive at an aligned position. | |
2846 | We don't need to specially mark these wasted front bytes. | |
2847 | They will never be accessed anyway because | |
2848 | prev_inuse of av->top (and any chunk created from its start) | |
2849 | is always true after initialization. | |
2850 | */ | |
2851 | ||
2852 | aligned_brk += MALLOC_ALIGNMENT - front_misalign; | |
2853 | } | |
2854 | } | |
2855 | ||
2856 | /* Find out current end of memory */ | |
2857 | if (snd_brk == (char *) (MORECORE_FAILURE)) | |
2858 | { | |
2859 | snd_brk = (char *) (MORECORE (0)); | |
2860 | } | |
2861 | } | |
2862 | ||
2863 | /* Adjust top based on results of second sbrk */ | |
2864 | if (snd_brk != (char *) (MORECORE_FAILURE)) | |
2865 | { | |
2866 | av->top = (mchunkptr) aligned_brk; | |
2867 | set_head (av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE); | |
2868 | av->system_mem += correction; | |
2869 | ||
2870 | /* | |
2871 | If not the first time through, we either have a | |
2872 | gap due to foreign sbrk or a non-contiguous region. Insert a | |
2873 | double fencepost at old_top to prevent consolidation with space | |
2874 | we don't own. These fenceposts are artificial chunks that are | |
2875 | marked as inuse and are in any case too small to use. We need | |
2876 | two to make sizes and alignments work out. | |
2877 | */ | |
2878 | ||
2879 | if (old_size != 0) | |
2880 | { | |
2881 | /* | |
2882 | Shrink old_top to insert fenceposts, keeping size a | |
2883 | multiple of MALLOC_ALIGNMENT. We know there is at least | |
2884 | enough space in old_top to do this. | |
2885 | */ | |
3784dfc0 | 2886 | old_size = (old_size - 2 * CHUNK_HDR_SZ) & ~MALLOC_ALIGN_MASK; |
6c8dbf00 OB |
2887 | set_head (old_top, old_size | PREV_INUSE); |
2888 | ||
2889 | /* | |
2890 | Note that the following assignments completely overwrite | |
2891 | old_top when old_size was previously MINSIZE. This is | |
2892 | intentional. We need the fencepost, even if old_top otherwise gets | |
2893 | lost. | |
2894 | */ | |
e9c4fe93 | 2895 | set_head (chunk_at_offset (old_top, old_size), |
3784dfc0 RE |
2896 | CHUNK_HDR_SZ | PREV_INUSE); |
2897 | set_head (chunk_at_offset (old_top, | |
2898 | old_size + CHUNK_HDR_SZ), | |
2899 | CHUNK_HDR_SZ | PREV_INUSE); | |
6c8dbf00 OB |
2900 | |
2901 | /* If possible, release the rest. */ | |
2902 | if (old_size >= MINSIZE) | |
2903 | { | |
2904 | _int_free (av, old_top, 1); | |
2905 | } | |
2906 | } | |
2907 | } | |
2908 | } | |
2909 | } | |
2910 | } /* if (av != &main_arena) */ | |
2911 | ||
2912 | if ((unsigned long) av->system_mem > (unsigned long) (av->max_system_mem)) | |
fa8d436c | 2913 | av->max_system_mem = av->system_mem; |
6c8dbf00 | 2914 | check_malloc_state (av); |
a9177ff5 | 2915 | |
fa8d436c UD |
2916 | /* finally, do the allocation */ |
2917 | p = av->top; | |
6c8dbf00 | 2918 | size = chunksize (p); |
fa8d436c UD |
2919 | |
2920 | /* check that one of the above allocation paths succeeded */ | |
6c8dbf00 OB |
2921 | if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE)) |
2922 | { | |
2923 | remainder_size = size - nb; | |
2924 | remainder = chunk_at_offset (p, nb); | |
2925 | av->top = remainder; | |
2926 | set_head (p, nb | PREV_INUSE | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
2927 | set_head (remainder, remainder_size | PREV_INUSE); | |
2928 | check_malloced_chunk (av, p, nb); | |
ca89f1c7 | 2929 | return chunk2mem (p); |
6c8dbf00 | 2930 | } |
fa8d436c UD |
2931 | |
2932 | /* catch all failure paths */ | |
8e58439c | 2933 | __set_errno (ENOMEM); |
fa8d436c UD |
2934 | return 0; |
2935 | } | |
2936 | ||
2937 | ||
2938 | /* | |
6c8dbf00 OB |
2939 | systrim is an inverse of sorts to sysmalloc. It gives memory back |
2940 | to the system (via negative arguments to sbrk) if there is unused | |
2941 | memory at the `high' end of the malloc pool. It is called | |
2942 | automatically by free() when top space exceeds the trim | |
2943 | threshold. It is also called by the public malloc_trim routine. It | |
2944 | returns 1 if it actually released any memory, else 0. | |
2945 | */ | |
fa8d436c | 2946 | |
6c8dbf00 OB |
2947 | static int |
2948 | systrim (size_t pad, mstate av) | |
fa8d436c | 2949 | { |
6c8dbf00 OB |
2950 | long top_size; /* Amount of top-most memory */ |
2951 | long extra; /* Amount to release */ | |
2952 | long released; /* Amount actually released */ | |
2953 | char *current_brk; /* address returned by pre-check sbrk call */ | |
2954 | char *new_brk; /* address returned by post-check sbrk call */ | |
6c8dbf00 | 2955 | long top_area; |
fa8d436c | 2956 | |
6c8dbf00 | 2957 | top_size = chunksize (av->top); |
a9177ff5 | 2958 | |
4b5b548c FS |
2959 | top_area = top_size - MINSIZE - 1; |
2960 | if (top_area <= pad) | |
2961 | return 0; | |
2962 | ||
ca6be165 | 2963 | /* Release in pagesize units and round down to the nearest page. */ |
7478c995 AZ |
2964 | #if HAVE_TUNABLES && defined (MADV_HUGEPAGE) |
2965 | if (__glibc_unlikely (mp_.thp_pagesize != 0)) | |
2966 | extra = ALIGN_DOWN (top_area - pad, mp_.thp_pagesize); | |
2967 | else | |
2968 | #endif | |
2969 | extra = ALIGN_DOWN (top_area - pad, GLRO(dl_pagesize)); | |
a9177ff5 | 2970 | |
51a7380b WN |
2971 | if (extra == 0) |
2972 | return 0; | |
2973 | ||
4b5b548c | 2974 | /* |
6c8dbf00 OB |
2975 | Only proceed if end of memory is where we last set it. |
2976 | This avoids problems if there were foreign sbrk calls. | |
2977 | */ | |
2978 | current_brk = (char *) (MORECORE (0)); | |
2979 | if (current_brk == (char *) (av->top) + top_size) | |
2980 | { | |
2981 | /* | |
2982 | Attempt to release memory. We ignore MORECORE return value, | |
2983 | and instead call again to find out where new end of memory is. | |
2984 | This avoids problems if first call releases less than we asked, | |
2985 | of if failure somehow altered brk value. (We could still | |
2986 | encounter problems if it altered brk in some very bad way, | |
2987 | but the only thing we can do is adjust anyway, which will cause | |
2988 | some downstream failure.) | |
2989 | */ | |
2990 | ||
2991 | MORECORE (-extra); | |
6c8dbf00 OB |
2992 | new_brk = (char *) (MORECORE (0)); |
2993 | ||
2994 | LIBC_PROBE (memory_sbrk_less, 2, new_brk, extra); | |
2995 | ||
2996 | if (new_brk != (char *) MORECORE_FAILURE) | |
2997 | { | |
2998 | released = (long) (current_brk - new_brk); | |
2999 | ||
3000 | if (released != 0) | |
3001 | { | |
3002 | /* Success. Adjust top. */ | |
3003 | av->system_mem -= released; | |
3004 | set_head (av->top, (top_size - released) | PREV_INUSE); | |
3005 | check_malloc_state (av); | |
3006 | return 1; | |
3007 | } | |
3008 | } | |
fa8d436c | 3009 | } |
fa8d436c | 3010 | return 0; |
f65fd747 UD |
3011 | } |
3012 | ||
431c33c0 | 3013 | static void |
6c8dbf00 | 3014 | munmap_chunk (mchunkptr p) |
f65fd747 | 3015 | { |
c0e82f11 | 3016 | size_t pagesize = GLRO (dl_pagesize); |
6c8dbf00 | 3017 | INTERNAL_SIZE_T size = chunksize (p); |
f65fd747 | 3018 | |
6c8dbf00 | 3019 | assert (chunk_is_mmapped (p)); |
8e635611 | 3020 | |
ca89f1c7 | 3021 | uintptr_t mem = (uintptr_t) chunk2mem (p); |
e9c4fe93 FW |
3022 | uintptr_t block = (uintptr_t) p - prev_size (p); |
3023 | size_t total_size = prev_size (p) + size; | |
8e635611 UD |
3024 | /* Unfortunately we have to do the compilers job by hand here. Normally |
3025 | we would test BLOCK and TOTAL-SIZE separately for compliance with the | |
3026 | page size. But gcc does not recognize the optimization possibility | |
3027 | (in the moment at least) so we combine the two values into one before | |
3028 | the bit test. */ | |
c0e82f11 IK |
3029 | if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0 |
3030 | || __glibc_unlikely (!powerof2 (mem & (pagesize - 1)))) | |
ac3ed168 | 3031 | malloc_printerr ("munmap_chunk(): invalid pointer"); |
f65fd747 | 3032 | |
c6e4925d OB |
3033 | atomic_decrement (&mp_.n_mmaps); |
3034 | atomic_add (&mp_.mmapped_mem, -total_size); | |
f65fd747 | 3035 | |
6ef76f3b UD |
3036 | /* If munmap failed the process virtual memory address space is in a |
3037 | bad shape. Just leave the block hanging around, the process will | |
3038 | terminate shortly anyway since not much can be done. */ | |
6c8dbf00 | 3039 | __munmap ((char *) block, total_size); |
f65fd747 UD |
3040 | } |
3041 | ||
3042 | #if HAVE_MREMAP | |
3043 | ||
431c33c0 | 3044 | static mchunkptr |
6c8dbf00 | 3045 | mremap_chunk (mchunkptr p, size_t new_size) |
f65fd747 | 3046 | { |
8a35c3fe | 3047 | size_t pagesize = GLRO (dl_pagesize); |
e9c4fe93 | 3048 | INTERNAL_SIZE_T offset = prev_size (p); |
6c8dbf00 | 3049 | INTERNAL_SIZE_T size = chunksize (p); |
f65fd747 UD |
3050 | char *cp; |
3051 | ||
6c8dbf00 | 3052 | assert (chunk_is_mmapped (p)); |
ebe544bf IK |
3053 | |
3054 | uintptr_t block = (uintptr_t) p - offset; | |
ca89f1c7 | 3055 | uintptr_t mem = (uintptr_t) chunk2mem(p); |
ebe544bf IK |
3056 | size_t total_size = offset + size; |
3057 | if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0 | |
3058 | || __glibc_unlikely (!powerof2 (mem & (pagesize - 1)))) | |
3059 | malloc_printerr("mremap_chunk(): invalid pointer"); | |
f65fd747 UD |
3060 | |
3061 | /* Note the extra SIZE_SZ overhead as in mmap_chunk(). */ | |
8a35c3fe | 3062 | new_size = ALIGN_UP (new_size + offset + SIZE_SZ, pagesize); |
f65fd747 | 3063 | |
68f3802d | 3064 | /* No need to remap if the number of pages does not change. */ |
ebe544bf | 3065 | if (total_size == new_size) |
68f3802d UD |
3066 | return p; |
3067 | ||
ebe544bf | 3068 | cp = (char *) __mremap ((char *) block, total_size, new_size, |
6c8dbf00 | 3069 | MREMAP_MAYMOVE); |
f65fd747 | 3070 | |
6c8dbf00 OB |
3071 | if (cp == MAP_FAILED) |
3072 | return 0; | |
f65fd747 | 3073 | |
5f6d8d97 AZ |
3074 | madvise_thp (cp, new_size); |
3075 | ||
6c8dbf00 | 3076 | p = (mchunkptr) (cp + offset); |
f65fd747 | 3077 | |
ca89f1c7 | 3078 | assert (aligned_OK (chunk2mem (p))); |
f65fd747 | 3079 | |
e9c4fe93 | 3080 | assert (prev_size (p) == offset); |
6c8dbf00 | 3081 | set_head (p, (new_size - offset) | IS_MMAPPED); |
f65fd747 | 3082 | |
c6e4925d OB |
3083 | INTERNAL_SIZE_T new; |
3084 | new = atomic_exchange_and_add (&mp_.mmapped_mem, new_size - size - offset) | |
6c8dbf00 | 3085 | + new_size - size - offset; |
c6e4925d | 3086 | atomic_max (&mp_.max_mmapped_mem, new); |
f65fd747 UD |
3087 | return p; |
3088 | } | |
f65fd747 UD |
3089 | #endif /* HAVE_MREMAP */ |
3090 | ||
fa8d436c | 3091 | /*------------------------ Public wrappers. --------------------------------*/ |
f65fd747 | 3092 | |
d5c3fafc DD |
3093 | #if USE_TCACHE |
3094 | ||
3095 | /* We overlay this structure on the user-data portion of a chunk when | |
3096 | the chunk is stored in the per-thread cache. */ | |
3097 | typedef struct tcache_entry | |
3098 | { | |
3099 | struct tcache_entry *next; | |
bcdaad21 | 3100 | /* This field exists to detect double frees. */ |
fc859c30 | 3101 | uintptr_t key; |
d5c3fafc DD |
3102 | } tcache_entry; |
3103 | ||
3104 | /* There is one of these for each thread, which contains the | |
3105 | per-thread cache (hence "tcache_perthread_struct"). Keeping | |
3106 | overall size low is mildly important. Note that COUNTS and ENTRIES | |
3107 | are redundant (we could have just counted the linked list each | |
3108 | time), this is for performance reasons. */ | |
3109 | typedef struct tcache_perthread_struct | |
3110 | { | |
1f50f2ad | 3111 | uint16_t counts[TCACHE_MAX_BINS]; |
d5c3fafc DD |
3112 | tcache_entry *entries[TCACHE_MAX_BINS]; |
3113 | } tcache_perthread_struct; | |
3114 | ||
1e26d351 | 3115 | static __thread bool tcache_shutting_down = false; |
d5c3fafc DD |
3116 | static __thread tcache_perthread_struct *tcache = NULL; |
3117 | ||
fc859c30 SP |
3118 | /* Process-wide key to try and catch a double-free in the same thread. */ |
3119 | static uintptr_t tcache_key; | |
3120 | ||
3121 | /* The value of tcache_key does not really have to be a cryptographically | |
3122 | secure random number. It only needs to be arbitrary enough so that it does | |
3123 | not collide with values present in applications. If a collision does happen | |
3124 | consistently enough, it could cause a degradation in performance since the | |
3125 | entire list is checked to check if the block indeed has been freed the | |
3126 | second time. The odds of this happening are exceedingly low though, about 1 | |
3127 | in 2^wordsize. There is probably a higher chance of the performance | |
3128 | degradation being due to a double free where the first free happened in a | |
3129 | different thread; that's a case this check does not cover. */ | |
3130 | static void | |
3131 | tcache_key_initialize (void) | |
3132 | { | |
3133 | if (__getrandom (&tcache_key, sizeof(tcache_key), GRND_NONBLOCK) | |
3134 | != sizeof (tcache_key)) | |
3135 | { | |
3136 | tcache_key = random_bits (); | |
3137 | #if __WORDSIZE == 64 | |
3138 | tcache_key = (tcache_key << 32) | random_bits (); | |
3139 | #endif | |
3140 | } | |
3141 | } | |
3142 | ||
d5c3fafc DD |
3143 | /* Caller must ensure that we know tc_idx is valid and there's room |
3144 | for more chunks. */ | |
e4dd4ace | 3145 | static __always_inline void |
d5c3fafc DD |
3146 | tcache_put (mchunkptr chunk, size_t tc_idx) |
3147 | { | |
ca89f1c7 | 3148 | tcache_entry *e = (tcache_entry *) chunk2mem (chunk); |
bcdaad21 DD |
3149 | |
3150 | /* Mark this chunk as "in the tcache" so the test in _int_free will | |
3151 | detect a double free. */ | |
fc859c30 | 3152 | e->key = tcache_key; |
bcdaad21 | 3153 | |
a1a486d7 | 3154 | e->next = PROTECT_PTR (&e->next, tcache->entries[tc_idx]); |
d5c3fafc DD |
3155 | tcache->entries[tc_idx] = e; |
3156 | ++(tcache->counts[tc_idx]); | |
3157 | } | |
3158 | ||
3159 | /* Caller must ensure that we know tc_idx is valid and there's | |
3160 | available chunks to remove. */ | |
e4dd4ace | 3161 | static __always_inline void * |
d5c3fafc DD |
3162 | tcache_get (size_t tc_idx) |
3163 | { | |
3164 | tcache_entry *e = tcache->entries[tc_idx]; | |
49c3c376 EI |
3165 | if (__glibc_unlikely (!aligned_OK (e))) |
3166 | malloc_printerr ("malloc(): unaligned tcache chunk detected"); | |
a1a486d7 | 3167 | tcache->entries[tc_idx] = REVEAL_PTR (e->next); |
d5c3fafc | 3168 | --(tcache->counts[tc_idx]); |
fc859c30 | 3169 | e->key = 0; |
d5c3fafc DD |
3170 | return (void *) e; |
3171 | } | |
3172 | ||
0a947e06 FW |
3173 | static void |
3174 | tcache_thread_shutdown (void) | |
d5c3fafc DD |
3175 | { |
3176 | int i; | |
3177 | tcache_perthread_struct *tcache_tmp = tcache; | |
3178 | ||
dfec225e J |
3179 | tcache_shutting_down = true; |
3180 | ||
d5c3fafc DD |
3181 | if (!tcache) |
3182 | return; | |
3183 | ||
1e26d351 | 3184 | /* Disable the tcache and prevent it from being reinitialized. */ |
d5c3fafc DD |
3185 | tcache = NULL; |
3186 | ||
1e26d351 CD |
3187 | /* Free all of the entries and the tcache itself back to the arena |
3188 | heap for coalescing. */ | |
d5c3fafc DD |
3189 | for (i = 0; i < TCACHE_MAX_BINS; ++i) |
3190 | { | |
3191 | while (tcache_tmp->entries[i]) | |
3192 | { | |
3193 | tcache_entry *e = tcache_tmp->entries[i]; | |
768358b6 EI |
3194 | if (__glibc_unlikely (!aligned_OK (e))) |
3195 | malloc_printerr ("tcache_thread_shutdown(): " | |
3196 | "unaligned tcache chunk detected"); | |
a1a486d7 | 3197 | tcache_tmp->entries[i] = REVEAL_PTR (e->next); |
d5c3fafc DD |
3198 | __libc_free (e); |
3199 | } | |
3200 | } | |
3201 | ||
3202 | __libc_free (tcache_tmp); | |
d5c3fafc | 3203 | } |
d5c3fafc DD |
3204 | |
3205 | static void | |
3206 | tcache_init(void) | |
3207 | { | |
3208 | mstate ar_ptr; | |
3209 | void *victim = 0; | |
3210 | const size_t bytes = sizeof (tcache_perthread_struct); | |
3211 | ||
3212 | if (tcache_shutting_down) | |
3213 | return; | |
3214 | ||
3215 | arena_get (ar_ptr, bytes); | |
3216 | victim = _int_malloc (ar_ptr, bytes); | |
3217 | if (!victim && ar_ptr != NULL) | |
3218 | { | |
3219 | ar_ptr = arena_get_retry (ar_ptr, bytes); | |
3220 | victim = _int_malloc (ar_ptr, bytes); | |
3221 | } | |
3222 | ||
3223 | ||
3224 | if (ar_ptr != NULL) | |
3225 | __libc_lock_unlock (ar_ptr->mutex); | |
3226 | ||
3227 | /* In a low memory situation, we may not be able to allocate memory | |
3228 | - in which case, we just keep trying later. However, we | |
3229 | typically do this very early, so either there is sufficient | |
3230 | memory, or there isn't enough memory to do non-trivial | |
3231 | allocations anyway. */ | |
3232 | if (victim) | |
3233 | { | |
3234 | tcache = (tcache_perthread_struct *) victim; | |
3235 | memset (tcache, 0, sizeof (tcache_perthread_struct)); | |
3236 | } | |
3237 | ||
3238 | } | |
3239 | ||
0a947e06 | 3240 | # define MAYBE_INIT_TCACHE() \ |
d5c3fafc DD |
3241 | if (__glibc_unlikely (tcache == NULL)) \ |
3242 | tcache_init(); | |
3243 | ||
0a947e06 FW |
3244 | #else /* !USE_TCACHE */ |
3245 | # define MAYBE_INIT_TCACHE() | |
3246 | ||
3247 | static void | |
3248 | tcache_thread_shutdown (void) | |
3249 | { | |
3250 | /* Nothing to do if there is no thread cache. */ | |
3251 | } | |
3252 | ||
3253 | #endif /* !USE_TCACHE */ | |
d5c3fafc | 3254 | |
b5bd5bfe | 3255 | #if IS_IN (libc) |
6c8dbf00 OB |
3256 | void * |
3257 | __libc_malloc (size_t bytes) | |
fa8d436c UD |
3258 | { |
3259 | mstate ar_ptr; | |
22a89187 | 3260 | void *victim; |
f65fd747 | 3261 | |
9bf8e29c AZ |
3262 | _Static_assert (PTRDIFF_MAX <= SIZE_MAX / 2, |
3263 | "PTRDIFF_MAX is not more than half of SIZE_MAX"); | |
3264 | ||
cc35896e | 3265 | if (!__malloc_initialized) |
2d2d9f2b | 3266 | ptmalloc_init (); |
d5c3fafc DD |
3267 | #if USE_TCACHE |
3268 | /* int_free also calls request2size, be careful to not pad twice. */ | |
34697694 | 3269 | size_t tbytes; |
9bf8e29c AZ |
3270 | if (!checked_request2size (bytes, &tbytes)) |
3271 | { | |
3272 | __set_errno (ENOMEM); | |
3273 | return NULL; | |
3274 | } | |
d5c3fafc DD |
3275 | size_t tc_idx = csize2tidx (tbytes); |
3276 | ||
3277 | MAYBE_INIT_TCACHE (); | |
3278 | ||
3279 | DIAG_PUSH_NEEDS_COMMENT; | |
3280 | if (tc_idx < mp_.tcache_bins | |
d5c3fafc | 3281 | && tcache |
1f50f2ad | 3282 | && tcache->counts[tc_idx] > 0) |
d5c3fafc | 3283 | { |
3784dfc0 | 3284 | victim = tcache_get (tc_idx); |
0c719cf4 | 3285 | return tag_new_usable (victim); |
d5c3fafc DD |
3286 | } |
3287 | DIAG_POP_NEEDS_COMMENT; | |
3288 | #endif | |
f65fd747 | 3289 | |
3f6bb8a3 WD |
3290 | if (SINGLE_THREAD_P) |
3291 | { | |
0c719cf4 | 3292 | victim = tag_new_usable (_int_malloc (&main_arena, bytes)); |
3f6bb8a3 WD |
3293 | assert (!victim || chunk_is_mmapped (mem2chunk (victim)) || |
3294 | &main_arena == arena_for_chunk (mem2chunk (victim))); | |
3295 | return victim; | |
3296 | } | |
3297 | ||
94c5a52a | 3298 | arena_get (ar_ptr, bytes); |
425ce2ed | 3299 | |
6c8dbf00 | 3300 | victim = _int_malloc (ar_ptr, bytes); |
fff94fa2 SP |
3301 | /* Retry with another arena only if we were able to find a usable arena |
3302 | before. */ | |
3303 | if (!victim && ar_ptr != NULL) | |
6c8dbf00 OB |
3304 | { |
3305 | LIBC_PROBE (memory_malloc_retry, 1, bytes); | |
3306 | ar_ptr = arena_get_retry (ar_ptr, bytes); | |
fff94fa2 | 3307 | victim = _int_malloc (ar_ptr, bytes); |
60f0e64b | 3308 | } |
fff94fa2 SP |
3309 | |
3310 | if (ar_ptr != NULL) | |
4bf5f222 | 3311 | __libc_lock_unlock (ar_ptr->mutex); |
fff94fa2 | 3312 | |
0c719cf4 | 3313 | victim = tag_new_usable (victim); |
3784dfc0 | 3314 | |
6c8dbf00 OB |
3315 | assert (!victim || chunk_is_mmapped (mem2chunk (victim)) || |
3316 | ar_ptr == arena_for_chunk (mem2chunk (victim))); | |
fa8d436c | 3317 | return victim; |
f65fd747 | 3318 | } |
6c8dbf00 | 3319 | libc_hidden_def (__libc_malloc) |
f65fd747 | 3320 | |
fa8d436c | 3321 | void |
6c8dbf00 | 3322 | __libc_free (void *mem) |
f65fd747 | 3323 | { |
fa8d436c UD |
3324 | mstate ar_ptr; |
3325 | mchunkptr p; /* chunk corresponding to mem */ | |
3326 | ||
fa8d436c UD |
3327 | if (mem == 0) /* free(0) has no effect */ |
3328 | return; | |
f65fd747 | 3329 | |
3784dfc0 RE |
3330 | /* Quickly check that the freed pointer matches the tag for the memory. |
3331 | This gives a useful double-free detection. */ | |
d3262480 SN |
3332 | if (__glibc_unlikely (mtag_enabled)) |
3333 | *(volatile char *)mem; | |
3784dfc0 | 3334 | |
69fda43b PE |
3335 | int err = errno; |
3336 | ||
6c8dbf00 | 3337 | p = mem2chunk (mem); |
f65fd747 | 3338 | |
6c8dbf00 OB |
3339 | if (chunk_is_mmapped (p)) /* release mmapped memory. */ |
3340 | { | |
4cf6c72f FW |
3341 | /* See if the dynamic brk/mmap threshold needs adjusting. |
3342 | Dumped fake mmapped chunks do not affect the threshold. */ | |
6c8dbf00 | 3343 | if (!mp_.no_dyn_threshold |
e9c4fe93 | 3344 | && chunksize_nomask (p) > mp_.mmap_threshold |
0552fd2c | 3345 | && chunksize_nomask (p) <= DEFAULT_MMAP_THRESHOLD_MAX) |
6c8dbf00 OB |
3346 | { |
3347 | mp_.mmap_threshold = chunksize (p); | |
3348 | mp_.trim_threshold = 2 * mp_.mmap_threshold; | |
3349 | LIBC_PROBE (memory_mallopt_free_dyn_thresholds, 2, | |
3350 | mp_.mmap_threshold, mp_.trim_threshold); | |
3351 | } | |
3352 | munmap_chunk (p); | |
6c8dbf00 | 3353 | } |
69fda43b PE |
3354 | else |
3355 | { | |
3356 | MAYBE_INIT_TCACHE (); | |
f65fd747 | 3357 | |
b9b85be6 | 3358 | /* Mark the chunk as belonging to the library again. */ |
ca89f1c7 | 3359 | (void)tag_region (chunk2mem (p), memsize (p)); |
b9b85be6 | 3360 | |
69fda43b PE |
3361 | ar_ptr = arena_for_chunk (p); |
3362 | _int_free (ar_ptr, p, 0); | |
3363 | } | |
d5c3fafc | 3364 | |
69fda43b | 3365 | __set_errno (err); |
f65fd747 | 3366 | } |
3b49edc0 | 3367 | libc_hidden_def (__libc_free) |
f65fd747 | 3368 | |
6c8dbf00 OB |
3369 | void * |
3370 | __libc_realloc (void *oldmem, size_t bytes) | |
f65fd747 | 3371 | { |
fa8d436c | 3372 | mstate ar_ptr; |
6c8dbf00 | 3373 | INTERNAL_SIZE_T nb; /* padded request size */ |
f65fd747 | 3374 | |
6c8dbf00 | 3375 | void *newp; /* chunk to return */ |
f65fd747 | 3376 | |
cc35896e | 3377 | if (!__malloc_initialized) |
2d2d9f2b | 3378 | ptmalloc_init (); |
f65fd747 | 3379 | |
fa8d436c | 3380 | #if REALLOC_ZERO_BYTES_FREES |
6c8dbf00 OB |
3381 | if (bytes == 0 && oldmem != NULL) |
3382 | { | |
3383 | __libc_free (oldmem); return 0; | |
3384 | } | |
f65fd747 | 3385 | #endif |
f65fd747 | 3386 | |
fa8d436c | 3387 | /* realloc of null is supposed to be same as malloc */ |
6c8dbf00 OB |
3388 | if (oldmem == 0) |
3389 | return __libc_malloc (bytes); | |
f65fd747 | 3390 | |
3784dfc0 RE |
3391 | /* Perform a quick check to ensure that the pointer's tag matches the |
3392 | memory's tag. */ | |
d3262480 SN |
3393 | if (__glibc_unlikely (mtag_enabled)) |
3394 | *(volatile char*) oldmem; | |
3784dfc0 | 3395 | |
78ac92ad | 3396 | /* chunk corresponding to oldmem */ |
6c8dbf00 | 3397 | const mchunkptr oldp = mem2chunk (oldmem); |
78ac92ad | 3398 | /* its size */ |
6c8dbf00 | 3399 | const INTERNAL_SIZE_T oldsize = chunksize (oldp); |
f65fd747 | 3400 | |
fff94fa2 SP |
3401 | if (chunk_is_mmapped (oldp)) |
3402 | ar_ptr = NULL; | |
3403 | else | |
d5c3fafc DD |
3404 | { |
3405 | MAYBE_INIT_TCACHE (); | |
3406 | ar_ptr = arena_for_chunk (oldp); | |
3407 | } | |
fff94fa2 | 3408 | |
4cf6c72f FW |
3409 | /* Little security check which won't hurt performance: the allocator |
3410 | never wrapps around at the end of the address space. Therefore | |
3411 | we can exclude some size values which might appear here by | |
0552fd2c | 3412 | accident or by "design" from some intruder. */ |
4cf6c72f | 3413 | if ((__builtin_expect ((uintptr_t) oldp > (uintptr_t) -oldsize, 0) |
0552fd2c | 3414 | || __builtin_expect (misaligned_chunk (oldp), 0))) |
ac3ed168 | 3415 | malloc_printerr ("realloc(): invalid pointer"); |
dc165f7b | 3416 | |
9bf8e29c AZ |
3417 | if (!checked_request2size (bytes, &nb)) |
3418 | { | |
3419 | __set_errno (ENOMEM); | |
3420 | return NULL; | |
3421 | } | |
f65fd747 | 3422 | |
6c8dbf00 OB |
3423 | if (chunk_is_mmapped (oldp)) |
3424 | { | |
3425 | void *newmem; | |
f65fd747 | 3426 | |
fa8d436c | 3427 | #if HAVE_MREMAP |
6c8dbf00 OB |
3428 | newp = mremap_chunk (oldp, nb); |
3429 | if (newp) | |
3784dfc0 | 3430 | { |
ca89f1c7 | 3431 | void *newmem = chunk2mem_tag (newp); |
3784dfc0 RE |
3432 | /* Give the new block a different tag. This helps to ensure |
3433 | that stale handles to the previous mapping are not | |
3434 | reused. There's a performance hit for both us and the | |
3435 | caller for doing this, so we might want to | |
3436 | reconsider. */ | |
0c719cf4 | 3437 | return tag_new_usable (newmem); |
3784dfc0 | 3438 | } |
f65fd747 | 3439 | #endif |
6c8dbf00 OB |
3440 | /* Note the extra SIZE_SZ overhead. */ |
3441 | if (oldsize - SIZE_SZ >= nb) | |
3442 | return oldmem; /* do nothing */ | |
3443 | ||
3444 | /* Must alloc, copy, free. */ | |
3445 | newmem = __libc_malloc (bytes); | |
3446 | if (newmem == 0) | |
3447 | return 0; /* propagate failure */ | |
fa8d436c | 3448 | |
3784dfc0 | 3449 | memcpy (newmem, oldmem, oldsize - CHUNK_HDR_SZ); |
6c8dbf00 OB |
3450 | munmap_chunk (oldp); |
3451 | return newmem; | |
3452 | } | |
3453 | ||
3f6bb8a3 WD |
3454 | if (SINGLE_THREAD_P) |
3455 | { | |
3456 | newp = _int_realloc (ar_ptr, oldp, oldsize, nb); | |
3457 | assert (!newp || chunk_is_mmapped (mem2chunk (newp)) || | |
3458 | ar_ptr == arena_for_chunk (mem2chunk (newp))); | |
3459 | ||
3460 | return newp; | |
3461 | } | |
3462 | ||
4bf5f222 | 3463 | __libc_lock_lock (ar_ptr->mutex); |
f65fd747 | 3464 | |
6c8dbf00 | 3465 | newp = _int_realloc (ar_ptr, oldp, oldsize, nb); |
f65fd747 | 3466 | |
4bf5f222 | 3467 | __libc_lock_unlock (ar_ptr->mutex); |
6c8dbf00 OB |
3468 | assert (!newp || chunk_is_mmapped (mem2chunk (newp)) || |
3469 | ar_ptr == arena_for_chunk (mem2chunk (newp))); | |
07014fca UD |
3470 | |
3471 | if (newp == NULL) | |
3472 | { | |
3473 | /* Try harder to allocate memory in other arenas. */ | |
35fed6f1 | 3474 | LIBC_PROBE (memory_realloc_retry, 2, bytes, oldmem); |
6c8dbf00 | 3475 | newp = __libc_malloc (bytes); |
07014fca | 3476 | if (newp != NULL) |
6c8dbf00 | 3477 | { |
faf003ed | 3478 | size_t sz = memsize (oldp); |
42cc9606 | 3479 | memcpy (newp, oldmem, sz); |
ca89f1c7 | 3480 | (void) tag_region (chunk2mem (oldp), sz); |
6c8dbf00 OB |
3481 | _int_free (ar_ptr, oldp, 0); |
3482 | } | |
07014fca UD |
3483 | } |
3484 | ||
fa8d436c UD |
3485 | return newp; |
3486 | } | |
3b49edc0 | 3487 | libc_hidden_def (__libc_realloc) |
f65fd747 | 3488 | |
6c8dbf00 OB |
3489 | void * |
3490 | __libc_memalign (size_t alignment, size_t bytes) | |
10ad46bc | 3491 | { |
cc35896e | 3492 | if (!__malloc_initialized) |
2d2d9f2b SP |
3493 | ptmalloc_init (); |
3494 | ||
10ad46bc OB |
3495 | void *address = RETURN_ADDRESS (0); |
3496 | return _mid_memalign (alignment, bytes, address); | |
3497 | } | |
3498 | ||
3499 | static void * | |
3500 | _mid_memalign (size_t alignment, size_t bytes, void *address) | |
fa8d436c UD |
3501 | { |
3502 | mstate ar_ptr; | |
22a89187 | 3503 | void *p; |
f65fd747 | 3504 | |
10ad46bc | 3505 | /* If we need less alignment than we give anyway, just relay to malloc. */ |
6c8dbf00 OB |
3506 | if (alignment <= MALLOC_ALIGNMENT) |
3507 | return __libc_malloc (bytes); | |
1228ed5c | 3508 | |
fa8d436c | 3509 | /* Otherwise, ensure that it is at least a minimum chunk size */ |
6c8dbf00 OB |
3510 | if (alignment < MINSIZE) |
3511 | alignment = MINSIZE; | |
f65fd747 | 3512 | |
a56ee40b WN |
3513 | /* If the alignment is greater than SIZE_MAX / 2 + 1 it cannot be a |
3514 | power of 2 and will cause overflow in the check below. */ | |
3515 | if (alignment > SIZE_MAX / 2 + 1) | |
3516 | { | |
3517 | __set_errno (EINVAL); | |
3518 | return 0; | |
3519 | } | |
3520 | ||
10ad46bc OB |
3521 | |
3522 | /* Make sure alignment is power of 2. */ | |
6c8dbf00 OB |
3523 | if (!powerof2 (alignment)) |
3524 | { | |
3525 | size_t a = MALLOC_ALIGNMENT * 2; | |
3526 | while (a < alignment) | |
3527 | a <<= 1; | |
3528 | alignment = a; | |
3529 | } | |
10ad46bc | 3530 | |
3f6bb8a3 WD |
3531 | if (SINGLE_THREAD_P) |
3532 | { | |
3533 | p = _int_memalign (&main_arena, alignment, bytes); | |
3534 | assert (!p || chunk_is_mmapped (mem2chunk (p)) || | |
3535 | &main_arena == arena_for_chunk (mem2chunk (p))); | |
0c719cf4 | 3536 | return tag_new_usable (p); |
3f6bb8a3 WD |
3537 | } |
3538 | ||
6c8dbf00 | 3539 | arena_get (ar_ptr, bytes + alignment + MINSIZE); |
6c8dbf00 OB |
3540 | |
3541 | p = _int_memalign (ar_ptr, alignment, bytes); | |
fff94fa2 | 3542 | if (!p && ar_ptr != NULL) |
6c8dbf00 OB |
3543 | { |
3544 | LIBC_PROBE (memory_memalign_retry, 2, bytes, alignment); | |
3545 | ar_ptr = arena_get_retry (ar_ptr, bytes); | |
fff94fa2 | 3546 | p = _int_memalign (ar_ptr, alignment, bytes); |
f65fd747 | 3547 | } |
fff94fa2 SP |
3548 | |
3549 | if (ar_ptr != NULL) | |
4bf5f222 | 3550 | __libc_lock_unlock (ar_ptr->mutex); |
fff94fa2 | 3551 | |
6c8dbf00 OB |
3552 | assert (!p || chunk_is_mmapped (mem2chunk (p)) || |
3553 | ar_ptr == arena_for_chunk (mem2chunk (p))); | |
0c719cf4 | 3554 | return tag_new_usable (p); |
f65fd747 | 3555 | } |
380d7e87 | 3556 | /* For ISO C11. */ |
3b49edc0 UD |
3557 | weak_alias (__libc_memalign, aligned_alloc) |
3558 | libc_hidden_def (__libc_memalign) | |
f65fd747 | 3559 | |
6c8dbf00 OB |
3560 | void * |
3561 | __libc_valloc (size_t bytes) | |
fa8d436c | 3562 | { |
cc35896e | 3563 | if (!__malloc_initialized) |
fa8d436c | 3564 | ptmalloc_init (); |
8088488d | 3565 | |
10ad46bc | 3566 | void *address = RETURN_ADDRESS (0); |
8a35c3fe | 3567 | size_t pagesize = GLRO (dl_pagesize); |
05f878c5 | 3568 | return _mid_memalign (pagesize, bytes, address); |
fa8d436c | 3569 | } |
f65fd747 | 3570 | |
6c8dbf00 OB |
3571 | void * |
3572 | __libc_pvalloc (size_t bytes) | |
fa8d436c | 3573 | { |
cc35896e | 3574 | if (!__malloc_initialized) |
fa8d436c | 3575 | ptmalloc_init (); |
8088488d | 3576 | |
10ad46bc | 3577 | void *address = RETURN_ADDRESS (0); |
8a35c3fe | 3578 | size_t pagesize = GLRO (dl_pagesize); |
9bf8e29c AZ |
3579 | size_t rounded_bytes; |
3580 | /* ALIGN_UP with overflow check. */ | |
3581 | if (__glibc_unlikely (__builtin_add_overflow (bytes, | |
3582 | pagesize - 1, | |
3583 | &rounded_bytes))) | |
1159a193 WN |
3584 | { |
3585 | __set_errno (ENOMEM); | |
3586 | return 0; | |
3587 | } | |
9bf8e29c | 3588 | rounded_bytes = rounded_bytes & -(pagesize - 1); |
1159a193 | 3589 | |
05f878c5 | 3590 | return _mid_memalign (pagesize, rounded_bytes, address); |
fa8d436c | 3591 | } |
f65fd747 | 3592 | |
6c8dbf00 OB |
3593 | void * |
3594 | __libc_calloc (size_t n, size_t elem_size) | |
f65fd747 | 3595 | { |
d6285c9f | 3596 | mstate av; |
3784dfc0 RE |
3597 | mchunkptr oldtop; |
3598 | INTERNAL_SIZE_T sz, oldtopsize; | |
6c8dbf00 | 3599 | void *mem; |
d6285c9f CD |
3600 | unsigned long clearsize; |
3601 | unsigned long nclears; | |
3602 | INTERNAL_SIZE_T *d; | |
9bf8e29c | 3603 | ptrdiff_t bytes; |
0950889b | 3604 | |
9bf8e29c | 3605 | if (__glibc_unlikely (__builtin_mul_overflow (n, elem_size, &bytes))) |
6c8dbf00 | 3606 | { |
9bf8e29c AZ |
3607 | __set_errno (ENOMEM); |
3608 | return NULL; | |
d9af917d | 3609 | } |
3784dfc0 | 3610 | |
9bf8e29c | 3611 | sz = bytes; |
0950889b | 3612 | |
cc35896e | 3613 | if (!__malloc_initialized) |
2d2d9f2b | 3614 | ptmalloc_init (); |
f65fd747 | 3615 | |
d5c3fafc DD |
3616 | MAYBE_INIT_TCACHE (); |
3617 | ||
3f6bb8a3 WD |
3618 | if (SINGLE_THREAD_P) |
3619 | av = &main_arena; | |
3620 | else | |
3621 | arena_get (av, sz); | |
3622 | ||
fff94fa2 SP |
3623 | if (av) |
3624 | { | |
3625 | /* Check if we hand out the top chunk, in which case there may be no | |
3626 | need to clear. */ | |
d6285c9f | 3627 | #if MORECORE_CLEARS |
fff94fa2 SP |
3628 | oldtop = top (av); |
3629 | oldtopsize = chunksize (top (av)); | |
d6285c9f | 3630 | # if MORECORE_CLEARS < 2 |
fff94fa2 SP |
3631 | /* Only newly allocated memory is guaranteed to be cleared. */ |
3632 | if (av == &main_arena && | |
3633 | oldtopsize < mp_.sbrk_base + av->max_system_mem - (char *) oldtop) | |
3634 | oldtopsize = (mp_.sbrk_base + av->max_system_mem - (char *) oldtop); | |
d6285c9f | 3635 | # endif |
fff94fa2 SP |
3636 | if (av != &main_arena) |
3637 | { | |
3638 | heap_info *heap = heap_for_ptr (oldtop); | |
3639 | if (oldtopsize < (char *) heap + heap->mprotect_size - (char *) oldtop) | |
3640 | oldtopsize = (char *) heap + heap->mprotect_size - (char *) oldtop; | |
3641 | } | |
3642 | #endif | |
3643 | } | |
3644 | else | |
d6285c9f | 3645 | { |
fff94fa2 SP |
3646 | /* No usable arenas. */ |
3647 | oldtop = 0; | |
3648 | oldtopsize = 0; | |
d6285c9f | 3649 | } |
d6285c9f CD |
3650 | mem = _int_malloc (av, sz); |
3651 | ||
d6285c9f CD |
3652 | assert (!mem || chunk_is_mmapped (mem2chunk (mem)) || |
3653 | av == arena_for_chunk (mem2chunk (mem))); | |
3654 | ||
3f6bb8a3 | 3655 | if (!SINGLE_THREAD_P) |
d6285c9f | 3656 | { |
3f6bb8a3 WD |
3657 | if (mem == 0 && av != NULL) |
3658 | { | |
3659 | LIBC_PROBE (memory_calloc_retry, 1, sz); | |
3660 | av = arena_get_retry (av, sz); | |
3661 | mem = _int_malloc (av, sz); | |
3662 | } | |
fff94fa2 | 3663 | |
3f6bb8a3 WD |
3664 | if (av != NULL) |
3665 | __libc_lock_unlock (av->mutex); | |
3666 | } | |
fff94fa2 SP |
3667 | |
3668 | /* Allocation failed even after a retry. */ | |
3669 | if (mem == 0) | |
3670 | return 0; | |
3671 | ||
3784dfc0 | 3672 | mchunkptr p = mem2chunk (mem); |
9d61722b | 3673 | |
3784dfc0 RE |
3674 | /* If we are using memory tagging, then we need to set the tags |
3675 | regardless of MORECORE_CLEARS, so we zero the whole block while | |
3676 | doing so. */ | |
9d61722b | 3677 | if (__glibc_unlikely (mtag_enabled)) |
faf003ed | 3678 | return tag_new_zero_region (mem, memsize (p)); |
9d61722b | 3679 | |
3784dfc0 | 3680 | INTERNAL_SIZE_T csz = chunksize (p); |
d6285c9f CD |
3681 | |
3682 | /* Two optional cases in which clearing not necessary */ | |
3683 | if (chunk_is_mmapped (p)) | |
3684 | { | |
3685 | if (__builtin_expect (perturb_byte, 0)) | |
3686 | return memset (mem, 0, sz); | |
3687 | ||
3688 | return mem; | |
3689 | } | |
3690 | ||
d6285c9f CD |
3691 | #if MORECORE_CLEARS |
3692 | if (perturb_byte == 0 && (p == oldtop && csz > oldtopsize)) | |
3693 | { | |
3694 | /* clear only the bytes from non-freshly-sbrked memory */ | |
3695 | csz = oldtopsize; | |
3696 | } | |
3697 | #endif | |
3698 | ||
3699 | /* Unroll clear of <= 36 bytes (72 if 8byte sizes). We know that | |
3700 | contents have an odd number of INTERNAL_SIZE_T-sized words; | |
3701 | minimally 3. */ | |
3702 | d = (INTERNAL_SIZE_T *) mem; | |
3703 | clearsize = csz - SIZE_SZ; | |
3704 | nclears = clearsize / sizeof (INTERNAL_SIZE_T); | |
3705 | assert (nclears >= 3); | |
3706 | ||
3707 | if (nclears > 9) | |
3708 | return memset (d, 0, clearsize); | |
3709 | ||
3710 | else | |
3711 | { | |
3712 | *(d + 0) = 0; | |
3713 | *(d + 1) = 0; | |
3714 | *(d + 2) = 0; | |
3715 | if (nclears > 4) | |
3716 | { | |
3717 | *(d + 3) = 0; | |
3718 | *(d + 4) = 0; | |
3719 | if (nclears > 6) | |
3720 | { | |
3721 | *(d + 5) = 0; | |
3722 | *(d + 6) = 0; | |
3723 | if (nclears > 8) | |
3724 | { | |
3725 | *(d + 7) = 0; | |
3726 | *(d + 8) = 0; | |
3727 | } | |
3728 | } | |
3729 | } | |
3730 | } | |
3731 | ||
3732 | return mem; | |
fa8d436c | 3733 | } |
b5bd5bfe | 3734 | #endif /* IS_IN (libc) */ |
f65fd747 | 3735 | |
f65fd747 | 3736 | /* |
6c8dbf00 OB |
3737 | ------------------------------ malloc ------------------------------ |
3738 | */ | |
f65fd747 | 3739 | |
6c8dbf00 OB |
3740 | static void * |
3741 | _int_malloc (mstate av, size_t bytes) | |
f65fd747 | 3742 | { |
fa8d436c | 3743 | INTERNAL_SIZE_T nb; /* normalized request size */ |
6c8dbf00 OB |
3744 | unsigned int idx; /* associated bin index */ |
3745 | mbinptr bin; /* associated bin */ | |
f65fd747 | 3746 | |
6c8dbf00 | 3747 | mchunkptr victim; /* inspected/selected chunk */ |
fa8d436c | 3748 | INTERNAL_SIZE_T size; /* its size */ |
6c8dbf00 | 3749 | int victim_index; /* its bin index */ |
f65fd747 | 3750 | |
6c8dbf00 OB |
3751 | mchunkptr remainder; /* remainder from a split */ |
3752 | unsigned long remainder_size; /* its size */ | |
8a4b65b4 | 3753 | |
6c8dbf00 OB |
3754 | unsigned int block; /* bit map traverser */ |
3755 | unsigned int bit; /* bit map traverser */ | |
3756 | unsigned int map; /* current word of binmap */ | |
8a4b65b4 | 3757 | |
6c8dbf00 OB |
3758 | mchunkptr fwd; /* misc temp for linking */ |
3759 | mchunkptr bck; /* misc temp for linking */ | |
8a4b65b4 | 3760 | |
d5c3fafc DD |
3761 | #if USE_TCACHE |
3762 | size_t tcache_unsorted_count; /* count of unsorted chunks processed */ | |
3763 | #endif | |
3764 | ||
fa8d436c | 3765 | /* |
6c8dbf00 OB |
3766 | Convert request size to internal form by adding SIZE_SZ bytes |
3767 | overhead plus possibly more to obtain necessary alignment and/or | |
3768 | to obtain a size of at least MINSIZE, the smallest allocatable | |
9bf8e29c | 3769 | size. Also, checked_request2size returns false for request sizes |
6c8dbf00 OB |
3770 | that are so large that they wrap around zero when padded and |
3771 | aligned. | |
3772 | */ | |
f65fd747 | 3773 | |
9bf8e29c AZ |
3774 | if (!checked_request2size (bytes, &nb)) |
3775 | { | |
3776 | __set_errno (ENOMEM); | |
3777 | return NULL; | |
3778 | } | |
f65fd747 | 3779 | |
fff94fa2 SP |
3780 | /* There are no usable arenas. Fall back to sysmalloc to get a chunk from |
3781 | mmap. */ | |
3782 | if (__glibc_unlikely (av == NULL)) | |
3783 | { | |
3784 | void *p = sysmalloc (nb, av); | |
3785 | if (p != NULL) | |
3786 | alloc_perturb (p, bytes); | |
3787 | return p; | |
3788 | } | |
3789 | ||
fa8d436c | 3790 | /* |
6c8dbf00 OB |
3791 | If the size qualifies as a fastbin, first check corresponding bin. |
3792 | This code is safe to execute even if av is not yet initialized, so we | |
3793 | can try it without checking, which saves some time on this fast path. | |
3794 | */ | |
f65fd747 | 3795 | |
71effcea FW |
3796 | #define REMOVE_FB(fb, victim, pp) \ |
3797 | do \ | |
3798 | { \ | |
3799 | victim = pp; \ | |
3800 | if (victim == NULL) \ | |
3801 | break; \ | |
a1a486d7 | 3802 | pp = REVEAL_PTR (victim->fd); \ |
49c3c376 | 3803 | if (__glibc_unlikely (pp != NULL && misaligned_chunk (pp))) \ |
a1a486d7 | 3804 | malloc_printerr ("malloc(): unaligned fastbin chunk detected"); \ |
71effcea | 3805 | } \ |
a1a486d7 | 3806 | while ((pp = catomic_compare_and_exchange_val_acq (fb, pp, victim)) \ |
71effcea FW |
3807 | != victim); \ |
3808 | ||
6c8dbf00 OB |
3809 | if ((unsigned long) (nb) <= (unsigned long) (get_max_fast ())) |
3810 | { | |
3811 | idx = fastbin_index (nb); | |
3812 | mfastbinptr *fb = &fastbin (av, idx); | |
71effcea FW |
3813 | mchunkptr pp; |
3814 | victim = *fb; | |
3815 | ||
905a7725 WD |
3816 | if (victim != NULL) |
3817 | { | |
49c3c376 EI |
3818 | if (__glibc_unlikely (misaligned_chunk (victim))) |
3819 | malloc_printerr ("malloc(): unaligned fastbin chunk detected 2"); | |
a1a486d7 | 3820 | |
71effcea | 3821 | if (SINGLE_THREAD_P) |
a1a486d7 | 3822 | *fb = REVEAL_PTR (victim->fd); |
71effcea FW |
3823 | else |
3824 | REMOVE_FB (fb, pp, victim); | |
3825 | if (__glibc_likely (victim != NULL)) | |
6923f6db | 3826 | { |
71effcea FW |
3827 | size_t victim_idx = fastbin_index (chunksize (victim)); |
3828 | if (__builtin_expect (victim_idx != idx, 0)) | |
3829 | malloc_printerr ("malloc(): memory corruption (fast)"); | |
3830 | check_remalloced_chunk (av, victim, nb); | |
3831 | #if USE_TCACHE | |
3832 | /* While we're here, if we see other chunks of the same size, | |
3833 | stash them in the tcache. */ | |
3834 | size_t tc_idx = csize2tidx (nb); | |
3835 | if (tcache && tc_idx < mp_.tcache_bins) | |
d5c3fafc | 3836 | { |
71effcea FW |
3837 | mchunkptr tc_victim; |
3838 | ||
3839 | /* While bin not empty and tcache not full, copy chunks. */ | |
3840 | while (tcache->counts[tc_idx] < mp_.tcache_count | |
3841 | && (tc_victim = *fb) != NULL) | |
3842 | { | |
49c3c376 EI |
3843 | if (__glibc_unlikely (misaligned_chunk (tc_victim))) |
3844 | malloc_printerr ("malloc(): unaligned fastbin chunk detected 3"); | |
71effcea | 3845 | if (SINGLE_THREAD_P) |
a1a486d7 | 3846 | *fb = REVEAL_PTR (tc_victim->fd); |
71effcea FW |
3847 | else |
3848 | { | |
3849 | REMOVE_FB (fb, pp, tc_victim); | |
3850 | if (__glibc_unlikely (tc_victim == NULL)) | |
3851 | break; | |
3852 | } | |
3853 | tcache_put (tc_victim, tc_idx); | |
3854 | } | |
d5c3fafc | 3855 | } |
6923f6db | 3856 | #endif |
ca89f1c7 | 3857 | void *p = chunk2mem (victim); |
71effcea FW |
3858 | alloc_perturb (p, bytes); |
3859 | return p; | |
3860 | } | |
905a7725 | 3861 | } |
fa8d436c | 3862 | } |
f65fd747 | 3863 | |
fa8d436c | 3864 | /* |
6c8dbf00 OB |
3865 | If a small request, check regular bin. Since these "smallbins" |
3866 | hold one size each, no searching within bins is necessary. | |
3867 | (For a large request, we need to wait until unsorted chunks are | |
3868 | processed to find best fit. But for small ones, fits are exact | |
3869 | anyway, so we can check now, which is faster.) | |
3870 | */ | |
3871 | ||
3872 | if (in_smallbin_range (nb)) | |
3873 | { | |
3874 | idx = smallbin_index (nb); | |
3875 | bin = bin_at (av, idx); | |
3876 | ||
3877 | if ((victim = last (bin)) != bin) | |
3878 | { | |
3381be5c WD |
3879 | bck = victim->bk; |
3880 | if (__glibc_unlikely (bck->fd != victim)) | |
3881 | malloc_printerr ("malloc(): smallbin double linked list corrupted"); | |
3882 | set_inuse_bit_at_offset (victim, nb); | |
3883 | bin->bk = bck; | |
3884 | bck->fd = bin; | |
3885 | ||
3886 | if (av != &main_arena) | |
3887 | set_non_main_arena (victim); | |
3888 | check_malloced_chunk (av, victim, nb); | |
d5c3fafc DD |
3889 | #if USE_TCACHE |
3890 | /* While we're here, if we see other chunks of the same size, | |
3891 | stash them in the tcache. */ | |
3892 | size_t tc_idx = csize2tidx (nb); | |
3893 | if (tcache && tc_idx < mp_.tcache_bins) | |
3894 | { | |
3895 | mchunkptr tc_victim; | |
3896 | ||
3897 | /* While bin not empty and tcache not full, copy chunks over. */ | |
3898 | while (tcache->counts[tc_idx] < mp_.tcache_count | |
3899 | && (tc_victim = last (bin)) != bin) | |
3900 | { | |
3901 | if (tc_victim != 0) | |
3902 | { | |
3903 | bck = tc_victim->bk; | |
3904 | set_inuse_bit_at_offset (tc_victim, nb); | |
3905 | if (av != &main_arena) | |
3906 | set_non_main_arena (tc_victim); | |
3907 | bin->bk = bck; | |
3908 | bck->fd = bin; | |
3909 | ||
3910 | tcache_put (tc_victim, tc_idx); | |
3911 | } | |
3912 | } | |
3913 | } | |
3914 | #endif | |
ca89f1c7 | 3915 | void *p = chunk2mem (victim); |
3381be5c WD |
3916 | alloc_perturb (p, bytes); |
3917 | return p; | |
6c8dbf00 | 3918 | } |
fa8d436c | 3919 | } |
f65fd747 | 3920 | |
a9177ff5 | 3921 | /* |
fa8d436c UD |
3922 | If this is a large request, consolidate fastbins before continuing. |
3923 | While it might look excessive to kill all fastbins before | |
3924 | even seeing if there is space available, this avoids | |
3925 | fragmentation problems normally associated with fastbins. | |
3926 | Also, in practice, programs tend to have runs of either small or | |
a9177ff5 | 3927 | large requests, but less often mixtures, so consolidation is not |
fa8d436c UD |
3928 | invoked all that often in most programs. And the programs that |
3929 | it is called frequently in otherwise tend to fragment. | |
6c8dbf00 | 3930 | */ |
7799b7b3 | 3931 | |
6c8dbf00 OB |
3932 | else |
3933 | { | |
3934 | idx = largebin_index (nb); | |
e956075a | 3935 | if (atomic_load_relaxed (&av->have_fastchunks)) |
6c8dbf00 OB |
3936 | malloc_consolidate (av); |
3937 | } | |
f65fd747 | 3938 | |
fa8d436c | 3939 | /* |
6c8dbf00 OB |
3940 | Process recently freed or remaindered chunks, taking one only if |
3941 | it is exact fit, or, if this a small request, the chunk is remainder from | |
3942 | the most recent non-exact fit. Place other traversed chunks in | |
3943 | bins. Note that this step is the only place in any routine where | |
3944 | chunks are placed in bins. | |
3945 | ||
3946 | The outer loop here is needed because we might not realize until | |
3947 | near the end of malloc that we should have consolidated, so must | |
3948 | do so and retry. This happens at most once, and only when we would | |
3949 | otherwise need to expand memory to service a "small" request. | |
3950 | */ | |
3951 | ||
d5c3fafc DD |
3952 | #if USE_TCACHE |
3953 | INTERNAL_SIZE_T tcache_nb = 0; | |
3954 | size_t tc_idx = csize2tidx (nb); | |
3955 | if (tcache && tc_idx < mp_.tcache_bins) | |
3956 | tcache_nb = nb; | |
3957 | int return_cached = 0; | |
3958 | ||
3959 | tcache_unsorted_count = 0; | |
3960 | #endif | |
3961 | ||
6c8dbf00 OB |
3962 | for (;; ) |
3963 | { | |
3964 | int iters = 0; | |
3965 | while ((victim = unsorted_chunks (av)->bk) != unsorted_chunks (av)) | |
3966 | { | |
3967 | bck = victim->bk; | |
6c8dbf00 | 3968 | size = chunksize (victim); |
b90ddd08 IK |
3969 | mchunkptr next = chunk_at_offset (victim, size); |
3970 | ||
3784dfc0 | 3971 | if (__glibc_unlikely (size <= CHUNK_HDR_SZ) |
b90ddd08 IK |
3972 | || __glibc_unlikely (size > av->system_mem)) |
3973 | malloc_printerr ("malloc(): invalid size (unsorted)"); | |
3784dfc0 | 3974 | if (__glibc_unlikely (chunksize_nomask (next) < CHUNK_HDR_SZ) |
b90ddd08 IK |
3975 | || __glibc_unlikely (chunksize_nomask (next) > av->system_mem)) |
3976 | malloc_printerr ("malloc(): invalid next size (unsorted)"); | |
3977 | if (__glibc_unlikely ((prev_size (next) & ~(SIZE_BITS)) != size)) | |
3978 | malloc_printerr ("malloc(): mismatching next->prev_size (unsorted)"); | |
3979 | if (__glibc_unlikely (bck->fd != victim) | |
3980 | || __glibc_unlikely (victim->fd != unsorted_chunks (av))) | |
3981 | malloc_printerr ("malloc(): unsorted double linked list corrupted"); | |
35cfefd9 | 3982 | if (__glibc_unlikely (prev_inuse (next))) |
b90ddd08 | 3983 | malloc_printerr ("malloc(): invalid next->prev_inuse (unsorted)"); |
6c8dbf00 OB |
3984 | |
3985 | /* | |
3986 | If a small request, try to use last remainder if it is the | |
3987 | only chunk in unsorted bin. This helps promote locality for | |
3988 | runs of consecutive small requests. This is the only | |
3989 | exception to best-fit, and applies only when there is | |
3990 | no exact fit for a small chunk. | |
3991 | */ | |
3992 | ||
3993 | if (in_smallbin_range (nb) && | |
3994 | bck == unsorted_chunks (av) && | |
3995 | victim == av->last_remainder && | |
3996 | (unsigned long) (size) > (unsigned long) (nb + MINSIZE)) | |
3997 | { | |
3998 | /* split and reattach remainder */ | |
3999 | remainder_size = size - nb; | |
4000 | remainder = chunk_at_offset (victim, nb); | |
4001 | unsorted_chunks (av)->bk = unsorted_chunks (av)->fd = remainder; | |
4002 | av->last_remainder = remainder; | |
4003 | remainder->bk = remainder->fd = unsorted_chunks (av); | |
4004 | if (!in_smallbin_range (remainder_size)) | |
4005 | { | |
4006 | remainder->fd_nextsize = NULL; | |
4007 | remainder->bk_nextsize = NULL; | |
4008 | } | |
4009 | ||
4010 | set_head (victim, nb | PREV_INUSE | | |
4011 | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
4012 | set_head (remainder, remainder_size | PREV_INUSE); | |
4013 | set_foot (remainder, remainder_size); | |
4014 | ||
4015 | check_malloced_chunk (av, victim, nb); | |
ca89f1c7 | 4016 | void *p = chunk2mem (victim); |
6c8dbf00 OB |
4017 | alloc_perturb (p, bytes); |
4018 | return p; | |
4019 | } | |
4020 | ||
4021 | /* remove from unsorted list */ | |
bdc3009b FG |
4022 | if (__glibc_unlikely (bck->fd != victim)) |
4023 | malloc_printerr ("malloc(): corrupted unsorted chunks 3"); | |
6c8dbf00 OB |
4024 | unsorted_chunks (av)->bk = bck; |
4025 | bck->fd = unsorted_chunks (av); | |
4026 | ||
4027 | /* Take now instead of binning if exact fit */ | |
4028 | ||
4029 | if (size == nb) | |
4030 | { | |
4031 | set_inuse_bit_at_offset (victim, size); | |
4032 | if (av != &main_arena) | |
e9c4fe93 | 4033 | set_non_main_arena (victim); |
d5c3fafc DD |
4034 | #if USE_TCACHE |
4035 | /* Fill cache first, return to user only if cache fills. | |
4036 | We may return one of these chunks later. */ | |
4037 | if (tcache_nb | |
4038 | && tcache->counts[tc_idx] < mp_.tcache_count) | |
4039 | { | |
4040 | tcache_put (victim, tc_idx); | |
4041 | return_cached = 1; | |
4042 | continue; | |
4043 | } | |
4044 | else | |
4045 | { | |
4046 | #endif | |
6c8dbf00 | 4047 | check_malloced_chunk (av, victim, nb); |
ca89f1c7 | 4048 | void *p = chunk2mem (victim); |
6c8dbf00 OB |
4049 | alloc_perturb (p, bytes); |
4050 | return p; | |
d5c3fafc DD |
4051 | #if USE_TCACHE |
4052 | } | |
4053 | #endif | |
6c8dbf00 OB |
4054 | } |
4055 | ||
4056 | /* place chunk in bin */ | |
4057 | ||
4058 | if (in_smallbin_range (size)) | |
4059 | { | |
4060 | victim_index = smallbin_index (size); | |
4061 | bck = bin_at (av, victim_index); | |
4062 | fwd = bck->fd; | |
4063 | } | |
4064 | else | |
4065 | { | |
4066 | victim_index = largebin_index (size); | |
4067 | bck = bin_at (av, victim_index); | |
4068 | fwd = bck->fd; | |
4069 | ||
4070 | /* maintain large bins in sorted order */ | |
4071 | if (fwd != bck) | |
4072 | { | |
4073 | /* Or with inuse bit to speed comparisons */ | |
4074 | size |= PREV_INUSE; | |
4075 | /* if smaller than smallest, bypass loop below */ | |
e9c4fe93 FW |
4076 | assert (chunk_main_arena (bck->bk)); |
4077 | if ((unsigned long) (size) | |
4078 | < (unsigned long) chunksize_nomask (bck->bk)) | |
6c8dbf00 OB |
4079 | { |
4080 | fwd = bck; | |
4081 | bck = bck->bk; | |
4082 | ||
4083 | victim->fd_nextsize = fwd->fd; | |
4084 | victim->bk_nextsize = fwd->fd->bk_nextsize; | |
4085 | fwd->fd->bk_nextsize = victim->bk_nextsize->fd_nextsize = victim; | |
4086 | } | |
4087 | else | |
4088 | { | |
e9c4fe93 FW |
4089 | assert (chunk_main_arena (fwd)); |
4090 | while ((unsigned long) size < chunksize_nomask (fwd)) | |
6c8dbf00 OB |
4091 | { |
4092 | fwd = fwd->fd_nextsize; | |
e9c4fe93 | 4093 | assert (chunk_main_arena (fwd)); |
6c8dbf00 OB |
4094 | } |
4095 | ||
e9c4fe93 FW |
4096 | if ((unsigned long) size |
4097 | == (unsigned long) chunksize_nomask (fwd)) | |
6c8dbf00 OB |
4098 | /* Always insert in the second position. */ |
4099 | fwd = fwd->fd; | |
4100 | else | |
4101 | { | |
4102 | victim->fd_nextsize = fwd; | |
4103 | victim->bk_nextsize = fwd->bk_nextsize; | |
5b06f538 AM |
4104 | if (__glibc_unlikely (fwd->bk_nextsize->fd_nextsize != fwd)) |
4105 | malloc_printerr ("malloc(): largebin double linked list corrupted (nextsize)"); | |
6c8dbf00 OB |
4106 | fwd->bk_nextsize = victim; |
4107 | victim->bk_nextsize->fd_nextsize = victim; | |
4108 | } | |
4109 | bck = fwd->bk; | |
5b06f538 AM |
4110 | if (bck->fd != fwd) |
4111 | malloc_printerr ("malloc(): largebin double linked list corrupted (bk)"); | |
6c8dbf00 OB |
4112 | } |
4113 | } | |
4114 | else | |
4115 | victim->fd_nextsize = victim->bk_nextsize = victim; | |
4116 | } | |
4117 | ||
4118 | mark_bin (av, victim_index); | |
4119 | victim->bk = bck; | |
4120 | victim->fd = fwd; | |
4121 | fwd->bk = victim; | |
4122 | bck->fd = victim; | |
4123 | ||
d5c3fafc DD |
4124 | #if USE_TCACHE |
4125 | /* If we've processed as many chunks as we're allowed while | |
4126 | filling the cache, return one of the cached ones. */ | |
4127 | ++tcache_unsorted_count; | |
4128 | if (return_cached | |
4129 | && mp_.tcache_unsorted_limit > 0 | |
4130 | && tcache_unsorted_count > mp_.tcache_unsorted_limit) | |
4131 | { | |
4132 | return tcache_get (tc_idx); | |
4133 | } | |
4134 | #endif | |
4135 | ||
6c8dbf00 OB |
4136 | #define MAX_ITERS 10000 |
4137 | if (++iters >= MAX_ITERS) | |
4138 | break; | |
4139 | } | |
fa8d436c | 4140 | |
d5c3fafc DD |
4141 | #if USE_TCACHE |
4142 | /* If all the small chunks we found ended up cached, return one now. */ | |
4143 | if (return_cached) | |
4144 | { | |
4145 | return tcache_get (tc_idx); | |
4146 | } | |
4147 | #endif | |
4148 | ||
a9177ff5 | 4149 | /* |
6c8dbf00 OB |
4150 | If a large request, scan through the chunks of current bin in |
4151 | sorted order to find smallest that fits. Use the skip list for this. | |
4152 | */ | |
4153 | ||
4154 | if (!in_smallbin_range (nb)) | |
4155 | { | |
4156 | bin = bin_at (av, idx); | |
4157 | ||
4158 | /* skip scan if empty or largest chunk is too small */ | |
e9c4fe93 FW |
4159 | if ((victim = first (bin)) != bin |
4160 | && (unsigned long) chunksize_nomask (victim) | |
4161 | >= (unsigned long) (nb)) | |
6c8dbf00 OB |
4162 | { |
4163 | victim = victim->bk_nextsize; | |
4164 | while (((unsigned long) (size = chunksize (victim)) < | |
4165 | (unsigned long) (nb))) | |
4166 | victim = victim->bk_nextsize; | |
4167 | ||
4168 | /* Avoid removing the first entry for a size so that the skip | |
4169 | list does not have to be rerouted. */ | |
e9c4fe93 FW |
4170 | if (victim != last (bin) |
4171 | && chunksize_nomask (victim) | |
4172 | == chunksize_nomask (victim->fd)) | |
6c8dbf00 OB |
4173 | victim = victim->fd; |
4174 | ||
4175 | remainder_size = size - nb; | |
1ecba1fa | 4176 | unlink_chunk (av, victim); |
6c8dbf00 OB |
4177 | |
4178 | /* Exhaust */ | |
4179 | if (remainder_size < MINSIZE) | |
4180 | { | |
4181 | set_inuse_bit_at_offset (victim, size); | |
4182 | if (av != &main_arena) | |
e9c4fe93 | 4183 | set_non_main_arena (victim); |
6c8dbf00 OB |
4184 | } |
4185 | /* Split */ | |
4186 | else | |
4187 | { | |
4188 | remainder = chunk_at_offset (victim, nb); | |
4189 | /* We cannot assume the unsorted list is empty and therefore | |
4190 | have to perform a complete insert here. */ | |
4191 | bck = unsorted_chunks (av); | |
4192 | fwd = bck->fd; | |
ac3ed168 FW |
4193 | if (__glibc_unlikely (fwd->bk != bck)) |
4194 | malloc_printerr ("malloc(): corrupted unsorted chunks"); | |
6c8dbf00 OB |
4195 | remainder->bk = bck; |
4196 | remainder->fd = fwd; | |
4197 | bck->fd = remainder; | |
4198 | fwd->bk = remainder; | |
4199 | if (!in_smallbin_range (remainder_size)) | |
4200 | { | |
4201 | remainder->fd_nextsize = NULL; | |
4202 | remainder->bk_nextsize = NULL; | |
4203 | } | |
4204 | set_head (victim, nb | PREV_INUSE | | |
4205 | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
4206 | set_head (remainder, remainder_size | PREV_INUSE); | |
4207 | set_foot (remainder, remainder_size); | |
4208 | } | |
4209 | check_malloced_chunk (av, victim, nb); | |
ca89f1c7 | 4210 | void *p = chunk2mem (victim); |
6c8dbf00 OB |
4211 | alloc_perturb (p, bytes); |
4212 | return p; | |
4213 | } | |
4214 | } | |
f65fd747 | 4215 | |
6c8dbf00 OB |
4216 | /* |
4217 | Search for a chunk by scanning bins, starting with next largest | |
4218 | bin. This search is strictly by best-fit; i.e., the smallest | |
4219 | (with ties going to approximately the least recently used) chunk | |
4220 | that fits is selected. | |
4221 | ||
4222 | The bitmap avoids needing to check that most blocks are nonempty. | |
4223 | The particular case of skipping all bins during warm-up phases | |
4224 | when no chunks have been returned yet is faster than it might look. | |
4225 | */ | |
4226 | ||
4227 | ++idx; | |
4228 | bin = bin_at (av, idx); | |
4229 | block = idx2block (idx); | |
4230 | map = av->binmap[block]; | |
4231 | bit = idx2bit (idx); | |
4232 | ||
4233 | for (;; ) | |
4234 | { | |
4235 | /* Skip rest of block if there are no more set bits in this block. */ | |
4236 | if (bit > map || bit == 0) | |
4237 | { | |
4238 | do | |
4239 | { | |
4240 | if (++block >= BINMAPSIZE) /* out of bins */ | |
4241 | goto use_top; | |
4242 | } | |
4243 | while ((map = av->binmap[block]) == 0); | |
4244 | ||
4245 | bin = bin_at (av, (block << BINMAPSHIFT)); | |
4246 | bit = 1; | |
4247 | } | |
4248 | ||
4249 | /* Advance to bin with set bit. There must be one. */ | |
4250 | while ((bit & map) == 0) | |
4251 | { | |
4252 | bin = next_bin (bin); | |
4253 | bit <<= 1; | |
4254 | assert (bit != 0); | |
4255 | } | |
4256 | ||
4257 | /* Inspect the bin. It is likely to be non-empty */ | |
4258 | victim = last (bin); | |
4259 | ||
4260 | /* If a false alarm (empty bin), clear the bit. */ | |
4261 | if (victim == bin) | |
4262 | { | |
4263 | av->binmap[block] = map &= ~bit; /* Write through */ | |
4264 | bin = next_bin (bin); | |
4265 | bit <<= 1; | |
4266 | } | |
4267 | ||
4268 | else | |
4269 | { | |
4270 | size = chunksize (victim); | |
4271 | ||
4272 | /* We know the first chunk in this bin is big enough to use. */ | |
4273 | assert ((unsigned long) (size) >= (unsigned long) (nb)); | |
4274 | ||
4275 | remainder_size = size - nb; | |
4276 | ||
4277 | /* unlink */ | |
1ecba1fa | 4278 | unlink_chunk (av, victim); |
6c8dbf00 OB |
4279 | |
4280 | /* Exhaust */ | |
4281 | if (remainder_size < MINSIZE) | |
4282 | { | |
4283 | set_inuse_bit_at_offset (victim, size); | |
4284 | if (av != &main_arena) | |
e9c4fe93 | 4285 | set_non_main_arena (victim); |
6c8dbf00 OB |
4286 | } |
4287 | ||
4288 | /* Split */ | |
4289 | else | |
4290 | { | |
4291 | remainder = chunk_at_offset (victim, nb); | |
4292 | ||
4293 | /* We cannot assume the unsorted list is empty and therefore | |
4294 | have to perform a complete insert here. */ | |
4295 | bck = unsorted_chunks (av); | |
4296 | fwd = bck->fd; | |
ac3ed168 FW |
4297 | if (__glibc_unlikely (fwd->bk != bck)) |
4298 | malloc_printerr ("malloc(): corrupted unsorted chunks 2"); | |
6c8dbf00 OB |
4299 | remainder->bk = bck; |
4300 | remainder->fd = fwd; | |
4301 | bck->fd = remainder; | |
4302 | fwd->bk = remainder; | |
4303 | ||
4304 | /* advertise as last remainder */ | |
4305 | if (in_smallbin_range (nb)) | |
4306 | av->last_remainder = remainder; | |
4307 | if (!in_smallbin_range (remainder_size)) | |
4308 | { | |
4309 | remainder->fd_nextsize = NULL; | |
4310 | remainder->bk_nextsize = NULL; | |
4311 | } | |
4312 | set_head (victim, nb | PREV_INUSE | | |
4313 | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
4314 | set_head (remainder, remainder_size | PREV_INUSE); | |
4315 | set_foot (remainder, remainder_size); | |
4316 | } | |
4317 | check_malloced_chunk (av, victim, nb); | |
ca89f1c7 | 4318 | void *p = chunk2mem (victim); |
6c8dbf00 OB |
4319 | alloc_perturb (p, bytes); |
4320 | return p; | |
4321 | } | |
4322 | } | |
4323 | ||
4324 | use_top: | |
4325 | /* | |
4326 | If large enough, split off the chunk bordering the end of memory | |
4327 | (held in av->top). Note that this is in accord with the best-fit | |
4328 | search rule. In effect, av->top is treated as larger (and thus | |
4329 | less well fitting) than any other available chunk since it can | |
4330 | be extended to be as large as necessary (up to system | |
4331 | limitations). | |
4332 | ||
4333 | We require that av->top always exists (i.e., has size >= | |
4334 | MINSIZE) after initialization, so if it would otherwise be | |
4335 | exhausted by current request, it is replenished. (The main | |
4336 | reason for ensuring it exists is that we may need MINSIZE space | |
4337 | to put in fenceposts in sysmalloc.) | |
4338 | */ | |
4339 | ||
4340 | victim = av->top; | |
4341 | size = chunksize (victim); | |
4342 | ||
30a17d8c PC |
4343 | if (__glibc_unlikely (size > av->system_mem)) |
4344 | malloc_printerr ("malloc(): corrupted top size"); | |
4345 | ||
6c8dbf00 OB |
4346 | if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE)) |
4347 | { | |
4348 | remainder_size = size - nb; | |
4349 | remainder = chunk_at_offset (victim, nb); | |
4350 | av->top = remainder; | |
4351 | set_head (victim, nb | PREV_INUSE | | |
4352 | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
4353 | set_head (remainder, remainder_size | PREV_INUSE); | |
4354 | ||
4355 | check_malloced_chunk (av, victim, nb); | |
ca89f1c7 | 4356 | void *p = chunk2mem (victim); |
6c8dbf00 OB |
4357 | alloc_perturb (p, bytes); |
4358 | return p; | |
4359 | } | |
4360 | ||
4361 | /* When we are using atomic ops to free fast chunks we can get | |
4362 | here for all block sizes. */ | |
e956075a | 4363 | else if (atomic_load_relaxed (&av->have_fastchunks)) |
6c8dbf00 OB |
4364 | { |
4365 | malloc_consolidate (av); | |
4366 | /* restore original bin index */ | |
4367 | if (in_smallbin_range (nb)) | |
4368 | idx = smallbin_index (nb); | |
4369 | else | |
4370 | idx = largebin_index (nb); | |
4371 | } | |
f65fd747 | 4372 | |
6c8dbf00 OB |
4373 | /* |
4374 | Otherwise, relay to handle system-dependent cases | |
4375 | */ | |
425ce2ed | 4376 | else |
6c8dbf00 OB |
4377 | { |
4378 | void *p = sysmalloc (nb, av); | |
4379 | if (p != NULL) | |
4380 | alloc_perturb (p, bytes); | |
4381 | return p; | |
4382 | } | |
425ce2ed | 4383 | } |
fa8d436c | 4384 | } |
f65fd747 | 4385 | |
fa8d436c | 4386 | /* |
6c8dbf00 OB |
4387 | ------------------------------ free ------------------------------ |
4388 | */ | |
f65fd747 | 4389 | |
78ac92ad | 4390 | static void |
6c8dbf00 | 4391 | _int_free (mstate av, mchunkptr p, int have_lock) |
f65fd747 | 4392 | { |
fa8d436c | 4393 | INTERNAL_SIZE_T size; /* its size */ |
6c8dbf00 OB |
4394 | mfastbinptr *fb; /* associated fastbin */ |
4395 | mchunkptr nextchunk; /* next contiguous chunk */ | |
fa8d436c | 4396 | INTERNAL_SIZE_T nextsize; /* its size */ |
6c8dbf00 | 4397 | int nextinuse; /* true if nextchunk is used */ |
fa8d436c | 4398 | INTERNAL_SIZE_T prevsize; /* size of previous contiguous chunk */ |
6c8dbf00 OB |
4399 | mchunkptr bck; /* misc temp for linking */ |
4400 | mchunkptr fwd; /* misc temp for linking */ | |
fa8d436c | 4401 | |
6c8dbf00 | 4402 | size = chunksize (p); |
f65fd747 | 4403 | |
37fa1953 UD |
4404 | /* Little security check which won't hurt performance: the |
4405 | allocator never wrapps around at the end of the address space. | |
4406 | Therefore we can exclude some size values which might appear | |
4407 | here by accident or by "design" from some intruder. */ | |
dc165f7b | 4408 | if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0) |
073f560e | 4409 | || __builtin_expect (misaligned_chunk (p), 0)) |
ac3ed168 | 4410 | malloc_printerr ("free(): invalid pointer"); |
347c92e9 L |
4411 | /* We know that each chunk is at least MINSIZE bytes in size or a |
4412 | multiple of MALLOC_ALIGNMENT. */ | |
a1ffb40e | 4413 | if (__glibc_unlikely (size < MINSIZE || !aligned_OK (size))) |
ac3ed168 | 4414 | malloc_printerr ("free(): invalid size"); |
f65fd747 | 4415 | |
37fa1953 | 4416 | check_inuse_chunk(av, p); |
f65fd747 | 4417 | |
d5c3fafc DD |
4418 | #if USE_TCACHE |
4419 | { | |
4420 | size_t tc_idx = csize2tidx (size); | |
affec03b | 4421 | if (tcache != NULL && tc_idx < mp_.tcache_bins) |
d5c3fafc | 4422 | { |
affec03b | 4423 | /* Check to see if it's already in the tcache. */ |
ca89f1c7 | 4424 | tcache_entry *e = (tcache_entry *) chunk2mem (p); |
affec03b FW |
4425 | |
4426 | /* This test succeeds on double free. However, we don't 100% | |
4427 | trust it (it also matches random payload data at a 1 in | |
4428 | 2^<size_t> chance), so verify it's not an unlikely | |
4429 | coincidence before aborting. */ | |
fc859c30 | 4430 | if (__glibc_unlikely (e->key == tcache_key)) |
affec03b FW |
4431 | { |
4432 | tcache_entry *tmp; | |
0e00b357 | 4433 | size_t cnt = 0; |
affec03b FW |
4434 | LIBC_PROBE (memory_tcache_double_free, 2, e, tc_idx); |
4435 | for (tmp = tcache->entries[tc_idx]; | |
4436 | tmp; | |
0e00b357 | 4437 | tmp = REVEAL_PTR (tmp->next), ++cnt) |
768358b6 | 4438 | { |
0e00b357 H |
4439 | if (cnt >= mp_.tcache_count) |
4440 | malloc_printerr ("free(): too many chunks detected in tcache"); | |
768358b6 EI |
4441 | if (__glibc_unlikely (!aligned_OK (tmp))) |
4442 | malloc_printerr ("free(): unaligned chunk detected in tcache 2"); | |
4443 | if (tmp == e) | |
4444 | malloc_printerr ("free(): double free detected in tcache 2"); | |
4445 | /* If we get here, it was a coincidence. We've wasted a | |
4446 | few cycles, but don't abort. */ | |
4447 | } | |
affec03b FW |
4448 | } |
4449 | ||
4450 | if (tcache->counts[tc_idx] < mp_.tcache_count) | |
4451 | { | |
4452 | tcache_put (p, tc_idx); | |
4453 | return; | |
4454 | } | |
d5c3fafc DD |
4455 | } |
4456 | } | |
4457 | #endif | |
4458 | ||
37fa1953 UD |
4459 | /* |
4460 | If eligible, place chunk on a fastbin so it can be found | |
4461 | and used quickly in malloc. | |
4462 | */ | |
6bf4302e | 4463 | |
9bf248c6 | 4464 | if ((unsigned long)(size) <= (unsigned long)(get_max_fast ()) |
6bf4302e | 4465 | |
37fa1953 UD |
4466 | #if TRIM_FASTBINS |
4467 | /* | |
4468 | If TRIM_FASTBINS set, don't place chunks | |
4469 | bordering top into fastbins | |
4470 | */ | |
4471 | && (chunk_at_offset(p, size) != av->top) | |
4472 | #endif | |
4473 | ) { | |
fa8d436c | 4474 | |
e9c4fe93 | 4475 | if (__builtin_expect (chunksize_nomask (chunk_at_offset (p, size)) |
3784dfc0 | 4476 | <= CHUNK_HDR_SZ, 0) |
893e6098 UD |
4477 | || __builtin_expect (chunksize (chunk_at_offset (p, size)) |
4478 | >= av->system_mem, 0)) | |
4479 | { | |
d74e6f6c | 4480 | bool fail = true; |
bec466d9 | 4481 | /* We might not have a lock at this point and concurrent modifications |
d74e6f6c WD |
4482 | of system_mem might result in a false positive. Redo the test after |
4483 | getting the lock. */ | |
4484 | if (!have_lock) | |
4485 | { | |
4486 | __libc_lock_lock (av->mutex); | |
3784dfc0 | 4487 | fail = (chunksize_nomask (chunk_at_offset (p, size)) <= CHUNK_HDR_SZ |
d74e6f6c WD |
4488 | || chunksize (chunk_at_offset (p, size)) >= av->system_mem); |
4489 | __libc_lock_unlock (av->mutex); | |
4490 | } | |
4491 | ||
4492 | if (fail) | |
ac3ed168 | 4493 | malloc_printerr ("free(): invalid next size (fast)"); |
893e6098 UD |
4494 | } |
4495 | ||
ca89f1c7 | 4496 | free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ); |
425ce2ed | 4497 | |
e956075a | 4498 | atomic_store_relaxed (&av->have_fastchunks, true); |
90a3055e UD |
4499 | unsigned int idx = fastbin_index(size); |
4500 | fb = &fastbin (av, idx); | |
425ce2ed | 4501 | |
362b47fe | 4502 | /* Atomically link P to its fastbin: P->FD = *FB; *FB = P; */ |
71effcea FW |
4503 | mchunkptr old = *fb, old2; |
4504 | ||
4505 | if (SINGLE_THREAD_P) | |
4506 | { | |
4507 | /* Check that the top of the bin is not the record we are going to | |
4508 | add (i.e., double free). */ | |
4509 | if (__builtin_expect (old == p, 0)) | |
4510 | malloc_printerr ("double free or corruption (fasttop)"); | |
a1a486d7 | 4511 | p->fd = PROTECT_PTR (&p->fd, old); |
71effcea FW |
4512 | *fb = p; |
4513 | } | |
4514 | else | |
4515 | do | |
4516 | { | |
4517 | /* Check that the top of the bin is not the record we are going to | |
4518 | add (i.e., double free). */ | |
4519 | if (__builtin_expect (old == p, 0)) | |
4520 | malloc_printerr ("double free or corruption (fasttop)"); | |
a1a486d7 EI |
4521 | old2 = old; |
4522 | p->fd = PROTECT_PTR (&p->fd, old); | |
71effcea FW |
4523 | } |
4524 | while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2)) | |
4525 | != old2); | |
a15d53e2 WD |
4526 | |
4527 | /* Check that size of fastbin chunk at the top is the same as | |
4528 | size of the chunk that we are adding. We can dereference OLD | |
4529 | only if we have the lock, otherwise it might have already been | |
4530 | allocated again. */ | |
4531 | if (have_lock && old != NULL | |
4532 | && __builtin_expect (fastbin_index (chunksize (old)) != idx, 0)) | |
ac3ed168 | 4533 | malloc_printerr ("invalid fastbin entry (free)"); |
37fa1953 | 4534 | } |
f65fd747 | 4535 | |
37fa1953 UD |
4536 | /* |
4537 | Consolidate other non-mmapped chunks as they arrive. | |
4538 | */ | |
fa8d436c | 4539 | |
37fa1953 | 4540 | else if (!chunk_is_mmapped(p)) { |
a15d53e2 WD |
4541 | |
4542 | /* If we're single-threaded, don't lock the arena. */ | |
4543 | if (SINGLE_THREAD_P) | |
4544 | have_lock = true; | |
4545 | ||
24cffce7 | 4546 | if (!have_lock) |
4bf5f222 | 4547 | __libc_lock_lock (av->mutex); |
425ce2ed | 4548 | |
37fa1953 | 4549 | nextchunk = chunk_at_offset(p, size); |
fa8d436c | 4550 | |
37fa1953 UD |
4551 | /* Lightweight tests: check whether the block is already the |
4552 | top block. */ | |
a1ffb40e | 4553 | if (__glibc_unlikely (p == av->top)) |
ac3ed168 | 4554 | malloc_printerr ("double free or corruption (top)"); |
37fa1953 UD |
4555 | /* Or whether the next chunk is beyond the boundaries of the arena. */ |
4556 | if (__builtin_expect (contiguous (av) | |
4557 | && (char *) nextchunk | |
4558 | >= ((char *) av->top + chunksize(av->top)), 0)) | |
ac3ed168 | 4559 | malloc_printerr ("double free or corruption (out)"); |
37fa1953 | 4560 | /* Or whether the block is actually not marked used. */ |
a1ffb40e | 4561 | if (__glibc_unlikely (!prev_inuse(nextchunk))) |
ac3ed168 | 4562 | malloc_printerr ("double free or corruption (!prev)"); |
fa8d436c | 4563 | |
37fa1953 | 4564 | nextsize = chunksize(nextchunk); |
3784dfc0 | 4565 | if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0) |
893e6098 | 4566 | || __builtin_expect (nextsize >= av->system_mem, 0)) |
ac3ed168 | 4567 | malloc_printerr ("free(): invalid next size (normal)"); |
fa8d436c | 4568 | |
ca89f1c7 | 4569 | free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ); |
854278df | 4570 | |
37fa1953 UD |
4571 | /* consolidate backward */ |
4572 | if (!prev_inuse(p)) { | |
e9c4fe93 | 4573 | prevsize = prev_size (p); |
37fa1953 UD |
4574 | size += prevsize; |
4575 | p = chunk_at_offset(p, -((long) prevsize)); | |
d6db68e6 ME |
4576 | if (__glibc_unlikely (chunksize(p) != prevsize)) |
4577 | malloc_printerr ("corrupted size vs. prev_size while consolidating"); | |
1ecba1fa | 4578 | unlink_chunk (av, p); |
37fa1953 | 4579 | } |
a9177ff5 | 4580 | |
37fa1953 UD |
4581 | if (nextchunk != av->top) { |
4582 | /* get and clear inuse bit */ | |
4583 | nextinuse = inuse_bit_at_offset(nextchunk, nextsize); | |
4584 | ||
4585 | /* consolidate forward */ | |
4586 | if (!nextinuse) { | |
1ecba1fa | 4587 | unlink_chunk (av, nextchunk); |
37fa1953 UD |
4588 | size += nextsize; |
4589 | } else | |
4590 | clear_inuse_bit_at_offset(nextchunk, 0); | |
10dc2a90 | 4591 | |
fa8d436c | 4592 | /* |
37fa1953 UD |
4593 | Place the chunk in unsorted chunk list. Chunks are |
4594 | not placed into regular bins until after they have | |
4595 | been given one chance to be used in malloc. | |
fa8d436c | 4596 | */ |
f65fd747 | 4597 | |
37fa1953 UD |
4598 | bck = unsorted_chunks(av); |
4599 | fwd = bck->fd; | |
a1ffb40e | 4600 | if (__glibc_unlikely (fwd->bk != bck)) |
ac3ed168 | 4601 | malloc_printerr ("free(): corrupted unsorted chunks"); |
37fa1953 | 4602 | p->fd = fwd; |
7ecfbd38 UD |
4603 | p->bk = bck; |
4604 | if (!in_smallbin_range(size)) | |
4605 | { | |
4606 | p->fd_nextsize = NULL; | |
4607 | p->bk_nextsize = NULL; | |
4608 | } | |
37fa1953 UD |
4609 | bck->fd = p; |
4610 | fwd->bk = p; | |
8a4b65b4 | 4611 | |
37fa1953 UD |
4612 | set_head(p, size | PREV_INUSE); |
4613 | set_foot(p, size); | |
4614 | ||
4615 | check_free_chunk(av, p); | |
4616 | } | |
4617 | ||
4618 | /* | |
4619 | If the chunk borders the current high end of memory, | |
4620 | consolidate into top | |
4621 | */ | |
4622 | ||
4623 | else { | |
4624 | size += nextsize; | |
4625 | set_head(p, size | PREV_INUSE); | |
4626 | av->top = p; | |
4627 | check_chunk(av, p); | |
4628 | } | |
4629 | ||
4630 | /* | |
4631 | If freeing a large space, consolidate possibly-surrounding | |
4632 | chunks. Then, if the total unused topmost memory exceeds trim | |
4633 | threshold, ask malloc_trim to reduce top. | |
4634 | ||
4635 | Unless max_fast is 0, we don't know if there are fastbins | |
4636 | bordering top, so we cannot tell for sure whether threshold | |
4637 | has been reached unless fastbins are consolidated. But we | |
4638 | don't want to consolidate on each free. As a compromise, | |
4639 | consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD | |
4640 | is reached. | |
4641 | */ | |
fa8d436c | 4642 | |
37fa1953 | 4643 | if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) { |
e956075a | 4644 | if (atomic_load_relaxed (&av->have_fastchunks)) |
37fa1953 | 4645 | malloc_consolidate(av); |
fa8d436c | 4646 | |
37fa1953 | 4647 | if (av == &main_arena) { |
a9177ff5 | 4648 | #ifndef MORECORE_CANNOT_TRIM |
37fa1953 UD |
4649 | if ((unsigned long)(chunksize(av->top)) >= |
4650 | (unsigned long)(mp_.trim_threshold)) | |
3b49edc0 | 4651 | systrim(mp_.top_pad, av); |
fa8d436c | 4652 | #endif |
37fa1953 UD |
4653 | } else { |
4654 | /* Always try heap_trim(), even if the top chunk is not | |
4655 | large, because the corresponding heap might go away. */ | |
4656 | heap_info *heap = heap_for_ptr(top(av)); | |
fa8d436c | 4657 | |
37fa1953 UD |
4658 | assert(heap->ar_ptr == av); |
4659 | heap_trim(heap, mp_.top_pad); | |
fa8d436c | 4660 | } |
fa8d436c | 4661 | } |
10dc2a90 | 4662 | |
24cffce7 | 4663 | if (!have_lock) |
4bf5f222 | 4664 | __libc_lock_unlock (av->mutex); |
37fa1953 UD |
4665 | } |
4666 | /* | |
22a89187 | 4667 | If the chunk was allocated via mmap, release via munmap(). |
37fa1953 UD |
4668 | */ |
4669 | ||
4670 | else { | |
c120d94d | 4671 | munmap_chunk (p); |
fa8d436c | 4672 | } |
10dc2a90 UD |
4673 | } |
4674 | ||
fa8d436c UD |
4675 | /* |
4676 | ------------------------- malloc_consolidate ------------------------- | |
4677 | ||
4678 | malloc_consolidate is a specialized version of free() that tears | |
4679 | down chunks held in fastbins. Free itself cannot be used for this | |
4680 | purpose since, among other things, it might place chunks back onto | |
4681 | fastbins. So, instead, we need to use a minor variant of the same | |
4682 | code. | |
fa8d436c UD |
4683 | */ |
4684 | ||
fa8d436c | 4685 | static void malloc_consolidate(mstate av) |
10dc2a90 | 4686 | { |
fa8d436c UD |
4687 | mfastbinptr* fb; /* current fastbin being consolidated */ |
4688 | mfastbinptr* maxfb; /* last fastbin (for loop control) */ | |
4689 | mchunkptr p; /* current chunk being consolidated */ | |
4690 | mchunkptr nextp; /* next chunk to consolidate */ | |
4691 | mchunkptr unsorted_bin; /* bin header */ | |
4692 | mchunkptr first_unsorted; /* chunk to link to */ | |
4693 | ||
4694 | /* These have same use as in free() */ | |
4695 | mchunkptr nextchunk; | |
4696 | INTERNAL_SIZE_T size; | |
4697 | INTERNAL_SIZE_T nextsize; | |
4698 | INTERNAL_SIZE_T prevsize; | |
4699 | int nextinuse; | |
10dc2a90 | 4700 | |
3381be5c | 4701 | atomic_store_relaxed (&av->have_fastchunks, false); |
10dc2a90 | 4702 | |
3381be5c | 4703 | unsorted_bin = unsorted_chunks(av); |
a9177ff5 | 4704 | |
3381be5c WD |
4705 | /* |
4706 | Remove each chunk from fast bin and consolidate it, placing it | |
4707 | then in unsorted bin. Among other reasons for doing this, | |
4708 | placing in unsorted bin avoids needing to calculate actual bins | |
4709 | until malloc is sure that chunks aren't immediately going to be | |
4710 | reused anyway. | |
4711 | */ | |
72f90263 | 4712 | |
3381be5c WD |
4713 | maxfb = &fastbin (av, NFASTBINS - 1); |
4714 | fb = &fastbin (av, 0); | |
4715 | do { | |
71effcea | 4716 | p = atomic_exchange_acq (fb, NULL); |
3381be5c WD |
4717 | if (p != 0) { |
4718 | do { | |
249a5895 | 4719 | { |
49c3c376 | 4720 | if (__glibc_unlikely (misaligned_chunk (p))) |
768358b6 | 4721 | malloc_printerr ("malloc_consolidate(): " |
a1a486d7 EI |
4722 | "unaligned fastbin chunk detected"); |
4723 | ||
249a5895 IK |
4724 | unsigned int idx = fastbin_index (chunksize (p)); |
4725 | if ((&fastbin (av, idx)) != fb) | |
4726 | malloc_printerr ("malloc_consolidate(): invalid chunk size"); | |
4727 | } | |
4728 | ||
3381be5c | 4729 | check_inuse_chunk(av, p); |
a1a486d7 | 4730 | nextp = REVEAL_PTR (p->fd); |
3381be5c WD |
4731 | |
4732 | /* Slightly streamlined version of consolidation code in free() */ | |
4733 | size = chunksize (p); | |
4734 | nextchunk = chunk_at_offset(p, size); | |
4735 | nextsize = chunksize(nextchunk); | |
4736 | ||
4737 | if (!prev_inuse(p)) { | |
4738 | prevsize = prev_size (p); | |
4739 | size += prevsize; | |
4740 | p = chunk_at_offset(p, -((long) prevsize)); | |
d6db68e6 ME |
4741 | if (__glibc_unlikely (chunksize(p) != prevsize)) |
4742 | malloc_printerr ("corrupted size vs. prev_size in fastbins"); | |
1ecba1fa | 4743 | unlink_chunk (av, p); |
3381be5c | 4744 | } |
72f90263 | 4745 | |
3381be5c WD |
4746 | if (nextchunk != av->top) { |
4747 | nextinuse = inuse_bit_at_offset(nextchunk, nextsize); | |
a9177ff5 | 4748 | |
3381be5c WD |
4749 | if (!nextinuse) { |
4750 | size += nextsize; | |
1ecba1fa | 4751 | unlink_chunk (av, nextchunk); |
3381be5c WD |
4752 | } else |
4753 | clear_inuse_bit_at_offset(nextchunk, 0); | |
a9177ff5 | 4754 | |
3381be5c WD |
4755 | first_unsorted = unsorted_bin->fd; |
4756 | unsorted_bin->fd = p; | |
4757 | first_unsorted->bk = p; | |
7ecfbd38 | 4758 | |
3381be5c WD |
4759 | if (!in_smallbin_range (size)) { |
4760 | p->fd_nextsize = NULL; | |
4761 | p->bk_nextsize = NULL; | |
72f90263 | 4762 | } |
a9177ff5 | 4763 | |
3381be5c WD |
4764 | set_head(p, size | PREV_INUSE); |
4765 | p->bk = unsorted_bin; | |
4766 | p->fd = first_unsorted; | |
4767 | set_foot(p, size); | |
4768 | } | |
a9177ff5 | 4769 | |
3381be5c WD |
4770 | else { |
4771 | size += nextsize; | |
4772 | set_head(p, size | PREV_INUSE); | |
4773 | av->top = p; | |
4774 | } | |
a9177ff5 | 4775 | |
3381be5c WD |
4776 | } while ( (p = nextp) != 0); |
4777 | ||
4778 | } | |
4779 | } while (fb++ != maxfb); | |
fa8d436c | 4780 | } |
10dc2a90 | 4781 | |
fa8d436c UD |
4782 | /* |
4783 | ------------------------------ realloc ------------------------------ | |
4784 | */ | |
f65fd747 | 4785 | |
79969f41 SP |
4786 | static void * |
4787 | _int_realloc (mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize, | |
4c8b8cc3 | 4788 | INTERNAL_SIZE_T nb) |
fa8d436c | 4789 | { |
fa8d436c UD |
4790 | mchunkptr newp; /* chunk to return */ |
4791 | INTERNAL_SIZE_T newsize; /* its size */ | |
22a89187 | 4792 | void* newmem; /* corresponding user mem */ |
f65fd747 | 4793 | |
fa8d436c | 4794 | mchunkptr next; /* next contiguous chunk after oldp */ |
f65fd747 | 4795 | |
fa8d436c UD |
4796 | mchunkptr remainder; /* extra space at end of newp */ |
4797 | unsigned long remainder_size; /* its size */ | |
f65fd747 | 4798 | |
6dd6a580 | 4799 | /* oldmem size */ |
3784dfc0 | 4800 | if (__builtin_expect (chunksize_nomask (oldp) <= CHUNK_HDR_SZ, 0) |
76761b63 | 4801 | || __builtin_expect (oldsize >= av->system_mem, 0)) |
ac3ed168 | 4802 | malloc_printerr ("realloc(): invalid old size"); |
76761b63 | 4803 | |
6c8dbf00 | 4804 | check_inuse_chunk (av, oldp); |
f65fd747 | 4805 | |
4c8b8cc3 | 4806 | /* All callers already filter out mmap'ed chunks. */ |
6c8dbf00 | 4807 | assert (!chunk_is_mmapped (oldp)); |
f65fd747 | 4808 | |
6c8dbf00 OB |
4809 | next = chunk_at_offset (oldp, oldsize); |
4810 | INTERNAL_SIZE_T nextsize = chunksize (next); | |
3784dfc0 | 4811 | if (__builtin_expect (chunksize_nomask (next) <= CHUNK_HDR_SZ, 0) |
22a89187 | 4812 | || __builtin_expect (nextsize >= av->system_mem, 0)) |
ac3ed168 | 4813 | malloc_printerr ("realloc(): invalid next size"); |
22a89187 | 4814 | |
6c8dbf00 OB |
4815 | if ((unsigned long) (oldsize) >= (unsigned long) (nb)) |
4816 | { | |
4817 | /* already big enough; split below */ | |
fa8d436c | 4818 | newp = oldp; |
6c8dbf00 | 4819 | newsize = oldsize; |
7799b7b3 | 4820 | } |
f65fd747 | 4821 | |
6c8dbf00 OB |
4822 | else |
4823 | { | |
4824 | /* Try to expand forward into top */ | |
4825 | if (next == av->top && | |
4826 | (unsigned long) (newsize = oldsize + nextsize) >= | |
4827 | (unsigned long) (nb + MINSIZE)) | |
4828 | { | |
4829 | set_head_size (oldp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
4830 | av->top = chunk_at_offset (oldp, nb); | |
4831 | set_head (av->top, (newsize - nb) | PREV_INUSE); | |
4832 | check_inuse_chunk (av, oldp); | |
ca89f1c7 | 4833 | return tag_new_usable (chunk2mem (oldp)); |
6c8dbf00 OB |
4834 | } |
4835 | ||
4836 | /* Try to expand forward into next chunk; split off remainder below */ | |
4837 | else if (next != av->top && | |
4838 | !inuse (next) && | |
4839 | (unsigned long) (newsize = oldsize + nextsize) >= | |
4840 | (unsigned long) (nb)) | |
4841 | { | |
4842 | newp = oldp; | |
1ecba1fa | 4843 | unlink_chunk (av, next); |
6c8dbf00 OB |
4844 | } |
4845 | ||
4846 | /* allocate, copy, free */ | |
4847 | else | |
4848 | { | |
4849 | newmem = _int_malloc (av, nb - MALLOC_ALIGN_MASK); | |
4850 | if (newmem == 0) | |
4851 | return 0; /* propagate failure */ | |
4852 | ||
4853 | newp = mem2chunk (newmem); | |
4854 | newsize = chunksize (newp); | |
4855 | ||
4856 | /* | |
4857 | Avoid copy if newp is next chunk after oldp. | |
4858 | */ | |
4859 | if (newp == next) | |
4860 | { | |
4861 | newsize += oldsize; | |
4862 | newp = oldp; | |
4863 | } | |
4864 | else | |
4865 | { | |
ca89f1c7 | 4866 | void *oldmem = chunk2mem (oldp); |
faf003ed | 4867 | size_t sz = memsize (oldp); |
0c719cf4 SN |
4868 | (void) tag_region (oldmem, sz); |
4869 | newmem = tag_new_usable (newmem); | |
8ae909a5 SN |
4870 | memcpy (newmem, oldmem, sz); |
4871 | _int_free (av, oldp, 1); | |
4872 | check_inuse_chunk (av, newp); | |
4873 | return newmem; | |
6c8dbf00 OB |
4874 | } |
4875 | } | |
fa8d436c | 4876 | } |
f65fd747 | 4877 | |
22a89187 | 4878 | /* If possible, free extra space in old or extended chunk */ |
f65fd747 | 4879 | |
6c8dbf00 | 4880 | assert ((unsigned long) (newsize) >= (unsigned long) (nb)); |
f65fd747 | 4881 | |
22a89187 | 4882 | remainder_size = newsize - nb; |
10dc2a90 | 4883 | |
6c8dbf00 OB |
4884 | if (remainder_size < MINSIZE) /* not enough extra to split off */ |
4885 | { | |
4886 | set_head_size (newp, newsize | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
4887 | set_inuse_bit_at_offset (newp, newsize); | |
4888 | } | |
4889 | else /* split remainder */ | |
4890 | { | |
4891 | remainder = chunk_at_offset (newp, nb); | |
3784dfc0 | 4892 | /* Clear any user-space tags before writing the header. */ |
0c719cf4 | 4893 | remainder = tag_region (remainder, remainder_size); |
6c8dbf00 OB |
4894 | set_head_size (newp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0)); |
4895 | set_head (remainder, remainder_size | PREV_INUSE | | |
4896 | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
4897 | /* Mark remainder as inuse so free() won't complain */ | |
4898 | set_inuse_bit_at_offset (remainder, remainder_size); | |
4899 | _int_free (av, remainder, 1); | |
4900 | } | |
22a89187 | 4901 | |
6c8dbf00 | 4902 | check_inuse_chunk (av, newp); |
ca89f1c7 | 4903 | return tag_new_usable (chunk2mem (newp)); |
fa8d436c UD |
4904 | } |
4905 | ||
4906 | /* | |
6c8dbf00 OB |
4907 | ------------------------------ memalign ------------------------------ |
4908 | */ | |
fa8d436c | 4909 | |
6c8dbf00 OB |
4910 | static void * |
4911 | _int_memalign (mstate av, size_t alignment, size_t bytes) | |
fa8d436c UD |
4912 | { |
4913 | INTERNAL_SIZE_T nb; /* padded request size */ | |
6c8dbf00 OB |
4914 | char *m; /* memory returned by malloc call */ |
4915 | mchunkptr p; /* corresponding chunk */ | |
4916 | char *brk; /* alignment point within p */ | |
4917 | mchunkptr newp; /* chunk to return */ | |
fa8d436c UD |
4918 | INTERNAL_SIZE_T newsize; /* its size */ |
4919 | INTERNAL_SIZE_T leadsize; /* leading space before alignment point */ | |
6c8dbf00 OB |
4920 | mchunkptr remainder; /* spare room at end to split off */ |
4921 | unsigned long remainder_size; /* its size */ | |
fa8d436c | 4922 | INTERNAL_SIZE_T size; |
f65fd747 | 4923 | |
f65fd747 | 4924 | |
f65fd747 | 4925 | |
9bf8e29c AZ |
4926 | if (!checked_request2size (bytes, &nb)) |
4927 | { | |
4928 | __set_errno (ENOMEM); | |
4929 | return NULL; | |
4930 | } | |
fa8d436c UD |
4931 | |
4932 | /* | |
6c8dbf00 OB |
4933 | Strategy: find a spot within that chunk that meets the alignment |
4934 | request, and then possibly free the leading and trailing space. | |
4935 | */ | |
fa8d436c | 4936 | |
fa8d436c UD |
4937 | /* Call malloc with worst case padding to hit alignment. */ |
4938 | ||
6c8dbf00 OB |
4939 | m = (char *) (_int_malloc (av, nb + alignment + MINSIZE)); |
4940 | ||
4941 | if (m == 0) | |
4942 | return 0; /* propagate failure */ | |
4943 | ||
4944 | p = mem2chunk (m); | |
4945 | ||
4946 | if ((((unsigned long) (m)) % alignment) != 0) /* misaligned */ | |
4947 | ||
4948 | { /* | |
4949 | Find an aligned spot inside chunk. Since we need to give back | |
4950 | leading space in a chunk of at least MINSIZE, if the first | |
4951 | calculation places us at a spot with less than MINSIZE leader, | |
4952 | we can move to the next aligned spot -- we've allocated enough | |
4953 | total room so that this is always possible. | |
4954 | */ | |
4955 | brk = (char *) mem2chunk (((unsigned long) (m + alignment - 1)) & | |
4956 | - ((signed long) alignment)); | |
4957 | if ((unsigned long) (brk - (char *) (p)) < MINSIZE) | |
4958 | brk += alignment; | |
4959 | ||
4960 | newp = (mchunkptr) brk; | |
4961 | leadsize = brk - (char *) (p); | |
4962 | newsize = chunksize (p) - leadsize; | |
4963 | ||
4964 | /* For mmapped chunks, just adjust offset */ | |
4965 | if (chunk_is_mmapped (p)) | |
4966 | { | |
e9c4fe93 | 4967 | set_prev_size (newp, prev_size (p) + leadsize); |
6c8dbf00 | 4968 | set_head (newp, newsize | IS_MMAPPED); |
ca89f1c7 | 4969 | return chunk2mem (newp); |
6c8dbf00 OB |
4970 | } |
4971 | ||
4972 | /* Otherwise, give back leader, use the rest */ | |
4973 | set_head (newp, newsize | PREV_INUSE | | |
4974 | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
4975 | set_inuse_bit_at_offset (newp, newsize); | |
4976 | set_head_size (p, leadsize | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
4977 | _int_free (av, p, 1); | |
4978 | p = newp; | |
4979 | ||
4980 | assert (newsize >= nb && | |
ca89f1c7 | 4981 | (((unsigned long) (chunk2mem (p))) % alignment) == 0); |
f65fd747 | 4982 | } |
f65fd747 | 4983 | |
f65fd747 | 4984 | /* Also give back spare room at the end */ |
6c8dbf00 OB |
4985 | if (!chunk_is_mmapped (p)) |
4986 | { | |
4987 | size = chunksize (p); | |
4988 | if ((unsigned long) (size) > (unsigned long) (nb + MINSIZE)) | |
4989 | { | |
4990 | remainder_size = size - nb; | |
4991 | remainder = chunk_at_offset (p, nb); | |
4992 | set_head (remainder, remainder_size | PREV_INUSE | | |
4993 | (av != &main_arena ? NON_MAIN_ARENA : 0)); | |
4994 | set_head_size (p, nb); | |
4995 | _int_free (av, remainder, 1); | |
4996 | } | |
fa8d436c | 4997 | } |
f65fd747 | 4998 | |
6c8dbf00 | 4999 | check_inuse_chunk (av, p); |
ca89f1c7 | 5000 | return chunk2mem (p); |
f65fd747 UD |
5001 | } |
5002 | ||
f65fd747 | 5003 | |
fa8d436c | 5004 | /* |
6c8dbf00 OB |
5005 | ------------------------------ malloc_trim ------------------------------ |
5006 | */ | |
8a4b65b4 | 5007 | |
6c8dbf00 OB |
5008 | static int |
5009 | mtrim (mstate av, size_t pad) | |
f65fd747 | 5010 | { |
3381be5c | 5011 | /* Ensure all blocks are consolidated. */ |
68631c8e UD |
5012 | malloc_consolidate (av); |
5013 | ||
6c8dbf00 | 5014 | const size_t ps = GLRO (dl_pagesize); |
68631c8e UD |
5015 | int psindex = bin_index (ps); |
5016 | const size_t psm1 = ps - 1; | |
5017 | ||
5018 | int result = 0; | |
5019 | for (int i = 1; i < NBINS; ++i) | |
5020 | if (i == 1 || i >= psindex) | |
5021 | { | |
6c8dbf00 | 5022 | mbinptr bin = bin_at (av, i); |
68631c8e | 5023 | |
6c8dbf00 OB |
5024 | for (mchunkptr p = last (bin); p != bin; p = p->bk) |
5025 | { | |
5026 | INTERNAL_SIZE_T size = chunksize (p); | |
68631c8e | 5027 | |
6c8dbf00 OB |
5028 | if (size > psm1 + sizeof (struct malloc_chunk)) |
5029 | { | |
5030 | /* See whether the chunk contains at least one unused page. */ | |
5031 | char *paligned_mem = (char *) (((uintptr_t) p | |
5032 | + sizeof (struct malloc_chunk) | |
5033 | + psm1) & ~psm1); | |
68631c8e | 5034 | |
ca89f1c7 | 5035 | assert ((char *) chunk2mem (p) + 2 * CHUNK_HDR_SZ |
3784dfc0 | 5036 | <= paligned_mem); |
6c8dbf00 | 5037 | assert ((char *) p + size > paligned_mem); |
68631c8e | 5038 | |
6c8dbf00 OB |
5039 | /* This is the size we could potentially free. */ |
5040 | size -= paligned_mem - (char *) p; | |
68631c8e | 5041 | |
6c8dbf00 OB |
5042 | if (size > psm1) |
5043 | { | |
439bda32 | 5044 | #if MALLOC_DEBUG |
6c8dbf00 OB |
5045 | /* When debugging we simulate destroying the memory |
5046 | content. */ | |
5047 | memset (paligned_mem, 0x89, size & ~psm1); | |
68631c8e | 5048 | #endif |
6c8dbf00 | 5049 | __madvise (paligned_mem, size & ~psm1, MADV_DONTNEED); |
68631c8e | 5050 | |
6c8dbf00 OB |
5051 | result = 1; |
5052 | } | |
5053 | } | |
5054 | } | |
68631c8e | 5055 | } |
8a4b65b4 | 5056 | |
a9177ff5 | 5057 | #ifndef MORECORE_CANNOT_TRIM |
3b49edc0 | 5058 | return result | (av == &main_arena ? systrim (pad, av) : 0); |
6c8dbf00 | 5059 | |
8a4b65b4 | 5060 | #else |
68631c8e | 5061 | return result; |
f65fd747 | 5062 | #endif |
f65fd747 UD |
5063 | } |
5064 | ||
f65fd747 | 5065 | |
3b49edc0 | 5066 | int |
6c8dbf00 | 5067 | __malloc_trim (size_t s) |
3b49edc0 UD |
5068 | { |
5069 | int result = 0; | |
5070 | ||
cc35896e | 5071 | if (!__malloc_initialized) |
3b49edc0 UD |
5072 | ptmalloc_init (); |
5073 | ||
5074 | mstate ar_ptr = &main_arena; | |
5075 | do | |
5076 | { | |
4bf5f222 | 5077 | __libc_lock_lock (ar_ptr->mutex); |
3b49edc0 | 5078 | result |= mtrim (ar_ptr, s); |
4bf5f222 | 5079 | __libc_lock_unlock (ar_ptr->mutex); |
3b49edc0 UD |
5080 | |
5081 | ar_ptr = ar_ptr->next; | |
5082 | } | |
5083 | while (ar_ptr != &main_arena); | |
5084 | ||
5085 | return result; | |
5086 | } | |
5087 | ||
5088 | ||
f65fd747 | 5089 | /* |
6c8dbf00 OB |
5090 | ------------------------- malloc_usable_size ------------------------- |
5091 | */ | |
f65fd747 | 5092 | |
3b49edc0 | 5093 | static size_t |
6c8dbf00 | 5094 | musable (void *mem) |
f65fd747 | 5095 | { |
88e316b0 | 5096 | mchunkptr p = mem2chunk (mem); |
6c8dbf00 | 5097 | |
88e316b0 SP |
5098 | if (chunk_is_mmapped (p)) |
5099 | return chunksize (p) - CHUNK_HDR_SZ; | |
5100 | else if (inuse (p)) | |
5101 | return memsize (p); | |
3784dfc0 | 5102 | |
fa8d436c | 5103 | return 0; |
f65fd747 UD |
5104 | } |
5105 | ||
b5bd5bfe | 5106 | #if IS_IN (libc) |
3b49edc0 | 5107 | size_t |
6c8dbf00 | 5108 | __malloc_usable_size (void *m) |
3b49edc0 | 5109 | { |
88e316b0 SP |
5110 | if (m == NULL) |
5111 | return 0; | |
5112 | return musable (m); | |
3b49edc0 | 5113 | } |
b5bd5bfe | 5114 | #endif |
3b49edc0 | 5115 | |
fa8d436c | 5116 | /* |
6c8dbf00 OB |
5117 | ------------------------------ mallinfo ------------------------------ |
5118 | Accumulate malloc statistics for arena AV into M. | |
5119 | */ | |
bedee953 | 5120 | static void |
e3960d1c | 5121 | int_mallinfo (mstate av, struct mallinfo2 *m) |
f65fd747 | 5122 | { |
6dd67bd5 | 5123 | size_t i; |
f65fd747 UD |
5124 | mbinptr b; |
5125 | mchunkptr p; | |
f65fd747 | 5126 | INTERNAL_SIZE_T avail; |
fa8d436c UD |
5127 | INTERNAL_SIZE_T fastavail; |
5128 | int nblocks; | |
5129 | int nfastblocks; | |
f65fd747 | 5130 | |
6c8dbf00 | 5131 | check_malloc_state (av); |
8a4b65b4 | 5132 | |
fa8d436c | 5133 | /* Account for top */ |
6c8dbf00 | 5134 | avail = chunksize (av->top); |
fa8d436c | 5135 | nblocks = 1; /* top always exists */ |
f65fd747 | 5136 | |
fa8d436c UD |
5137 | /* traverse fastbins */ |
5138 | nfastblocks = 0; | |
5139 | fastavail = 0; | |
5140 | ||
6c8dbf00 OB |
5141 | for (i = 0; i < NFASTBINS; ++i) |
5142 | { | |
a1a486d7 EI |
5143 | for (p = fastbin (av, i); |
5144 | p != 0; | |
5145 | p = REVEAL_PTR (p->fd)) | |
6c8dbf00 | 5146 | { |
49c3c376 | 5147 | if (__glibc_unlikely (misaligned_chunk (p))) |
768358b6 | 5148 | malloc_printerr ("int_mallinfo(): " |
a1a486d7 | 5149 | "unaligned fastbin chunk detected"); |
6c8dbf00 OB |
5150 | ++nfastblocks; |
5151 | fastavail += chunksize (p); | |
5152 | } | |
fa8d436c | 5153 | } |
fa8d436c UD |
5154 | |
5155 | avail += fastavail; | |
f65fd747 | 5156 | |
fa8d436c | 5157 | /* traverse regular bins */ |
6c8dbf00 OB |
5158 | for (i = 1; i < NBINS; ++i) |
5159 | { | |
5160 | b = bin_at (av, i); | |
5161 | for (p = last (b); p != b; p = p->bk) | |
5162 | { | |
5163 | ++nblocks; | |
5164 | avail += chunksize (p); | |
5165 | } | |
fa8d436c | 5166 | } |
f65fd747 | 5167 | |
bedee953 PP |
5168 | m->smblks += nfastblocks; |
5169 | m->ordblks += nblocks; | |
5170 | m->fordblks += avail; | |
5171 | m->uordblks += av->system_mem - avail; | |
5172 | m->arena += av->system_mem; | |
5173 | m->fsmblks += fastavail; | |
5174 | if (av == &main_arena) | |
5175 | { | |
5176 | m->hblks = mp_.n_mmaps; | |
5177 | m->hblkhd = mp_.mmapped_mem; | |
ca135f82 | 5178 | m->usmblks = 0; |
6c8dbf00 | 5179 | m->keepcost = chunksize (av->top); |
bedee953 | 5180 | } |
fa8d436c | 5181 | } |
f65fd747 | 5182 | |
3b49edc0 | 5183 | |
e3960d1c ML |
5184 | struct mallinfo2 |
5185 | __libc_mallinfo2 (void) | |
3b49edc0 | 5186 | { |
e3960d1c | 5187 | struct mallinfo2 m; |
bedee953 | 5188 | mstate ar_ptr; |
3b49edc0 | 5189 | |
cc35896e | 5190 | if (!__malloc_initialized) |
3b49edc0 | 5191 | ptmalloc_init (); |
bedee953 | 5192 | |
6c8dbf00 | 5193 | memset (&m, 0, sizeof (m)); |
bedee953 | 5194 | ar_ptr = &main_arena; |
6c8dbf00 OB |
5195 | do |
5196 | { | |
4bf5f222 | 5197 | __libc_lock_lock (ar_ptr->mutex); |
6c8dbf00 | 5198 | int_mallinfo (ar_ptr, &m); |
4bf5f222 | 5199 | __libc_lock_unlock (ar_ptr->mutex); |
bedee953 | 5200 | |
6c8dbf00 OB |
5201 | ar_ptr = ar_ptr->next; |
5202 | } | |
5203 | while (ar_ptr != &main_arena); | |
bedee953 | 5204 | |
3b49edc0 UD |
5205 | return m; |
5206 | } | |
cdf64542 | 5207 | libc_hidden_def (__libc_mallinfo2) |
3b49edc0 | 5208 | |
e3960d1c ML |
5209 | struct mallinfo |
5210 | __libc_mallinfo (void) | |
5211 | { | |
5212 | struct mallinfo m; | |
5213 | struct mallinfo2 m2 = __libc_mallinfo2 (); | |
5214 | ||
5215 | m.arena = m2.arena; | |
5216 | m.ordblks = m2.ordblks; | |
5217 | m.smblks = m2.smblks; | |
5218 | m.hblks = m2.hblks; | |
5219 | m.hblkhd = m2.hblkhd; | |
5220 | m.usmblks = m2.usmblks; | |
5221 | m.fsmblks = m2.fsmblks; | |
5222 | m.uordblks = m2.uordblks; | |
5223 | m.fordblks = m2.fordblks; | |
5224 | m.keepcost = m2.keepcost; | |
5225 | ||
5226 | return m; | |
5227 | } | |
5228 | ||
5229 | ||
fa8d436c | 5230 | /* |
6c8dbf00 OB |
5231 | ------------------------------ malloc_stats ------------------------------ |
5232 | */ | |
f65fd747 | 5233 | |
3b49edc0 | 5234 | void |
60d2f8f3 | 5235 | __malloc_stats (void) |
f65fd747 | 5236 | { |
8a4b65b4 | 5237 | int i; |
fa8d436c | 5238 | mstate ar_ptr; |
fa8d436c | 5239 | unsigned int in_use_b = mp_.mmapped_mem, system_b = in_use_b; |
8a4b65b4 | 5240 | |
cc35896e | 5241 | if (!__malloc_initialized) |
a234e27d | 5242 | ptmalloc_init (); |
8dab36a1 | 5243 | _IO_flockfile (stderr); |
9964a145 ZW |
5244 | int old_flags2 = stderr->_flags2; |
5245 | stderr->_flags2 |= _IO_FLAGS2_NOTCANCEL; | |
6c8dbf00 OB |
5246 | for (i = 0, ar_ptr = &main_arena;; i++) |
5247 | { | |
e3960d1c | 5248 | struct mallinfo2 mi; |
6c8dbf00 OB |
5249 | |
5250 | memset (&mi, 0, sizeof (mi)); | |
4bf5f222 | 5251 | __libc_lock_lock (ar_ptr->mutex); |
6c8dbf00 OB |
5252 | int_mallinfo (ar_ptr, &mi); |
5253 | fprintf (stderr, "Arena %d:\n", i); | |
5254 | fprintf (stderr, "system bytes = %10u\n", (unsigned int) mi.arena); | |
5255 | fprintf (stderr, "in use bytes = %10u\n", (unsigned int) mi.uordblks); | |
fa8d436c | 5256 | #if MALLOC_DEBUG > 1 |
6c8dbf00 OB |
5257 | if (i > 0) |
5258 | dump_heap (heap_for_ptr (top (ar_ptr))); | |
fa8d436c | 5259 | #endif |
6c8dbf00 OB |
5260 | system_b += mi.arena; |
5261 | in_use_b += mi.uordblks; | |
4bf5f222 | 5262 | __libc_lock_unlock (ar_ptr->mutex); |
6c8dbf00 OB |
5263 | ar_ptr = ar_ptr->next; |
5264 | if (ar_ptr == &main_arena) | |
5265 | break; | |
5266 | } | |
5267 | fprintf (stderr, "Total (incl. mmap):\n"); | |
5268 | fprintf (stderr, "system bytes = %10u\n", system_b); | |
5269 | fprintf (stderr, "in use bytes = %10u\n", in_use_b); | |
5270 | fprintf (stderr, "max mmap regions = %10u\n", (unsigned int) mp_.max_n_mmaps); | |
5271 | fprintf (stderr, "max mmap bytes = %10lu\n", | |
5272 | (unsigned long) mp_.max_mmapped_mem); | |
9964a145 | 5273 | stderr->_flags2 = old_flags2; |
8dab36a1 | 5274 | _IO_funlockfile (stderr); |
f65fd747 UD |
5275 | } |
5276 | ||
f65fd747 UD |
5277 | |
5278 | /* | |
6c8dbf00 OB |
5279 | ------------------------------ mallopt ------------------------------ |
5280 | */ | |
c2d8f0b7 | 5281 | static __always_inline int |
be7991c0 SP |
5282 | do_set_trim_threshold (size_t value) |
5283 | { | |
5284 | LIBC_PROBE (memory_mallopt_trim_threshold, 3, value, mp_.trim_threshold, | |
5285 | mp_.no_dyn_threshold); | |
5286 | mp_.trim_threshold = value; | |
5287 | mp_.no_dyn_threshold = 1; | |
5288 | return 1; | |
5289 | } | |
5290 | ||
c2d8f0b7 | 5291 | static __always_inline int |
be7991c0 SP |
5292 | do_set_top_pad (size_t value) |
5293 | { | |
5294 | LIBC_PROBE (memory_mallopt_top_pad, 3, value, mp_.top_pad, | |
5295 | mp_.no_dyn_threshold); | |
5296 | mp_.top_pad = value; | |
5297 | mp_.no_dyn_threshold = 1; | |
5298 | return 1; | |
5299 | } | |
5300 | ||
c2d8f0b7 | 5301 | static __always_inline int |
be7991c0 SP |
5302 | do_set_mmap_threshold (size_t value) |
5303 | { | |
5304 | /* Forbid setting the threshold too high. */ | |
5305 | if (value <= HEAP_MAX_SIZE / 2) | |
5306 | { | |
5307 | LIBC_PROBE (memory_mallopt_mmap_threshold, 3, value, mp_.mmap_threshold, | |
5308 | mp_.no_dyn_threshold); | |
5309 | mp_.mmap_threshold = value; | |
5310 | mp_.no_dyn_threshold = 1; | |
5311 | return 1; | |
5312 | } | |
5313 | return 0; | |
5314 | } | |
5315 | ||
c2d8f0b7 | 5316 | static __always_inline int |
be7991c0 SP |
5317 | do_set_mmaps_max (int32_t value) |
5318 | { | |
5319 | LIBC_PROBE (memory_mallopt_mmap_max, 3, value, mp_.n_mmaps_max, | |
5320 | mp_.no_dyn_threshold); | |
5321 | mp_.n_mmaps_max = value; | |
5322 | mp_.no_dyn_threshold = 1; | |
5323 | return 1; | |
5324 | } | |
5325 | ||
c2d8f0b7 | 5326 | static __always_inline int |
be7991c0 SP |
5327 | do_set_mallopt_check (int32_t value) |
5328 | { | |
be7991c0 SP |
5329 | return 1; |
5330 | } | |
5331 | ||
c2d8f0b7 | 5332 | static __always_inline int |
be7991c0 SP |
5333 | do_set_perturb_byte (int32_t value) |
5334 | { | |
5335 | LIBC_PROBE (memory_mallopt_perturb, 2, value, perturb_byte); | |
5336 | perturb_byte = value; | |
5337 | return 1; | |
5338 | } | |
5339 | ||
c2d8f0b7 | 5340 | static __always_inline int |
be7991c0 SP |
5341 | do_set_arena_test (size_t value) |
5342 | { | |
5343 | LIBC_PROBE (memory_mallopt_arena_test, 2, value, mp_.arena_test); | |
5344 | mp_.arena_test = value; | |
5345 | return 1; | |
5346 | } | |
5347 | ||
c2d8f0b7 | 5348 | static __always_inline int |
be7991c0 SP |
5349 | do_set_arena_max (size_t value) |
5350 | { | |
5351 | LIBC_PROBE (memory_mallopt_arena_max, 2, value, mp_.arena_max); | |
5352 | mp_.arena_max = value; | |
5353 | return 1; | |
5354 | } | |
5355 | ||
d5c3fafc | 5356 | #if USE_TCACHE |
c2d8f0b7 | 5357 | static __always_inline int |
d5c3fafc DD |
5358 | do_set_tcache_max (size_t value) |
5359 | { | |
16554464 | 5360 | if (value <= MAX_TCACHE_SIZE) |
d5c3fafc DD |
5361 | { |
5362 | LIBC_PROBE (memory_tunable_tcache_max_bytes, 2, value, mp_.tcache_max_bytes); | |
5363 | mp_.tcache_max_bytes = value; | |
5364 | mp_.tcache_bins = csize2tidx (request2size(value)) + 1; | |
16554464 | 5365 | return 1; |
d5c3fafc | 5366 | } |
16554464 | 5367 | return 0; |
d5c3fafc DD |
5368 | } |
5369 | ||
c2d8f0b7 | 5370 | static __always_inline int |
d5c3fafc DD |
5371 | do_set_tcache_count (size_t value) |
5372 | { | |
5ad533e8 WD |
5373 | if (value <= MAX_TCACHE_COUNT) |
5374 | { | |
5375 | LIBC_PROBE (memory_tunable_tcache_count, 2, value, mp_.tcache_count); | |
5376 | mp_.tcache_count = value; | |
16554464 | 5377 | return 1; |
5ad533e8 | 5378 | } |
16554464 | 5379 | return 0; |
d5c3fafc DD |
5380 | } |
5381 | ||
c2d8f0b7 | 5382 | static __always_inline int |
d5c3fafc DD |
5383 | do_set_tcache_unsorted_limit (size_t value) |
5384 | { | |
5385 | LIBC_PROBE (memory_tunable_tcache_unsorted_limit, 2, value, mp_.tcache_unsorted_limit); | |
5386 | mp_.tcache_unsorted_limit = value; | |
5387 | return 1; | |
5388 | } | |
5389 | #endif | |
f65fd747 | 5390 | |
c48d92b4 DD |
5391 | static inline int |
5392 | __always_inline | |
5393 | do_set_mxfast (size_t value) | |
5394 | { | |
16554464 | 5395 | if (value <= MAX_FAST_SIZE) |
c48d92b4 DD |
5396 | { |
5397 | LIBC_PROBE (memory_mallopt_mxfast, 2, value, get_max_fast ()); | |
5398 | set_max_fast (value); | |
5399 | return 1; | |
5400 | } | |
5401 | return 0; | |
5402 | } | |
5403 | ||
5f6d8d97 AZ |
5404 | #if HAVE_TUNABLES |
5405 | static __always_inline int | |
98d5fcb8 | 5406 | do_set_hugetlb (size_t value) |
5f6d8d97 AZ |
5407 | { |
5408 | if (value == 1) | |
5409 | { | |
5410 | enum malloc_thp_mode_t thp_mode = __malloc_thp_mode (); | |
5411 | /* | |
5412 | Only enable THP madvise usage if system does support it and | |
5413 | has 'madvise' mode. Otherwise the madvise() call is wasteful. | |
5414 | */ | |
5415 | if (thp_mode == malloc_thp_mode_madvise) | |
5416 | mp_.thp_pagesize = __malloc_default_thp_pagesize (); | |
5417 | } | |
98d5fcb8 AZ |
5418 | else if (value >= 2) |
5419 | __malloc_hugepage_config (value == 2 ? 0 : value, &mp_.hp_pagesize, | |
5420 | &mp_.hp_flags); | |
5f6d8d97 AZ |
5421 | return 0; |
5422 | } | |
5423 | #endif | |
5424 | ||
6c8dbf00 OB |
5425 | int |
5426 | __libc_mallopt (int param_number, int value) | |
f65fd747 | 5427 | { |
fa8d436c UD |
5428 | mstate av = &main_arena; |
5429 | int res = 1; | |
f65fd747 | 5430 | |
cc35896e | 5431 | if (!__malloc_initialized) |
0cb71e02 | 5432 | ptmalloc_init (); |
4bf5f222 | 5433 | __libc_lock_lock (av->mutex); |
2f6d1f1b | 5434 | |
3ea5be54 AO |
5435 | LIBC_PROBE (memory_mallopt, 2, param_number, value); |
5436 | ||
3381be5c WD |
5437 | /* We must consolidate main arena before changing max_fast |
5438 | (see definition of set_max_fast). */ | |
5439 | malloc_consolidate (av); | |
5440 | ||
16554464 DD |
5441 | /* Many of these helper functions take a size_t. We do not worry |
5442 | about overflow here, because negative int values will wrap to | |
5443 | very large size_t values and the helpers have sufficient range | |
5444 | checking for such conversions. Many of these helpers are also | |
5445 | used by the tunables macros in arena.c. */ | |
5446 | ||
6c8dbf00 OB |
5447 | switch (param_number) |
5448 | { | |
5449 | case M_MXFAST: | |
16554464 | 5450 | res = do_set_mxfast (value); |
6c8dbf00 OB |
5451 | break; |
5452 | ||
5453 | case M_TRIM_THRESHOLD: | |
16554464 | 5454 | res = do_set_trim_threshold (value); |
6c8dbf00 OB |
5455 | break; |
5456 | ||
5457 | case M_TOP_PAD: | |
16554464 | 5458 | res = do_set_top_pad (value); |
6c8dbf00 OB |
5459 | break; |
5460 | ||
5461 | case M_MMAP_THRESHOLD: | |
be7991c0 | 5462 | res = do_set_mmap_threshold (value); |
6c8dbf00 OB |
5463 | break; |
5464 | ||
5465 | case M_MMAP_MAX: | |
16554464 | 5466 | res = do_set_mmaps_max (value); |
6c8dbf00 OB |
5467 | break; |
5468 | ||
5469 | case M_CHECK_ACTION: | |
16554464 | 5470 | res = do_set_mallopt_check (value); |
6c8dbf00 OB |
5471 | break; |
5472 | ||
5473 | case M_PERTURB: | |
16554464 | 5474 | res = do_set_perturb_byte (value); |
6c8dbf00 OB |
5475 | break; |
5476 | ||
5477 | case M_ARENA_TEST: | |
5478 | if (value > 0) | |
16554464 | 5479 | res = do_set_arena_test (value); |
6c8dbf00 OB |
5480 | break; |
5481 | ||
5482 | case M_ARENA_MAX: | |
5483 | if (value > 0) | |
16554464 | 5484 | res = do_set_arena_max (value); |
6c8dbf00 OB |
5485 | break; |
5486 | } | |
4bf5f222 | 5487 | __libc_lock_unlock (av->mutex); |
fa8d436c | 5488 | return res; |
b22fc5f5 | 5489 | } |
3b49edc0 | 5490 | libc_hidden_def (__libc_mallopt) |
b22fc5f5 | 5491 | |
10dc2a90 | 5492 | |
a9177ff5 | 5493 | /* |
6c8dbf00 OB |
5494 | -------------------- Alternative MORECORE functions -------------------- |
5495 | */ | |
10dc2a90 | 5496 | |
b22fc5f5 | 5497 | |
fa8d436c | 5498 | /* |
6c8dbf00 | 5499 | General Requirements for MORECORE. |
b22fc5f5 | 5500 | |
6c8dbf00 | 5501 | The MORECORE function must have the following properties: |
b22fc5f5 | 5502 | |
6c8dbf00 | 5503 | If MORECORE_CONTIGUOUS is false: |
10dc2a90 | 5504 | |
6c8dbf00 | 5505 | * MORECORE must allocate in multiples of pagesize. It will |
fa8d436c | 5506 | only be called with arguments that are multiples of pagesize. |
10dc2a90 | 5507 | |
6c8dbf00 | 5508 | * MORECORE(0) must return an address that is at least |
fa8d436c | 5509 | MALLOC_ALIGNMENT aligned. (Page-aligning always suffices.) |
10dc2a90 | 5510 | |
6c8dbf00 | 5511 | else (i.e. If MORECORE_CONTIGUOUS is true): |
10dc2a90 | 5512 | |
6c8dbf00 | 5513 | * Consecutive calls to MORECORE with positive arguments |
fa8d436c UD |
5514 | return increasing addresses, indicating that space has been |
5515 | contiguously extended. | |
10dc2a90 | 5516 | |
6c8dbf00 | 5517 | * MORECORE need not allocate in multiples of pagesize. |
fa8d436c | 5518 | Calls to MORECORE need not have args of multiples of pagesize. |
10dc2a90 | 5519 | |
6c8dbf00 | 5520 | * MORECORE need not page-align. |
10dc2a90 | 5521 | |
6c8dbf00 | 5522 | In either case: |
10dc2a90 | 5523 | |
6c8dbf00 | 5524 | * MORECORE may allocate more memory than requested. (Or even less, |
fa8d436c | 5525 | but this will generally result in a malloc failure.) |
10dc2a90 | 5526 | |
6c8dbf00 | 5527 | * MORECORE must not allocate memory when given argument zero, but |
fa8d436c UD |
5528 | instead return one past the end address of memory from previous |
5529 | nonzero call. This malloc does NOT call MORECORE(0) | |
5530 | until at least one call with positive arguments is made, so | |
5531 | the initial value returned is not important. | |
10dc2a90 | 5532 | |
6c8dbf00 | 5533 | * Even though consecutive calls to MORECORE need not return contiguous |
fa8d436c UD |
5534 | addresses, it must be OK for malloc'ed chunks to span multiple |
5535 | regions in those cases where they do happen to be contiguous. | |
10dc2a90 | 5536 | |
6c8dbf00 | 5537 | * MORECORE need not handle negative arguments -- it may instead |
fa8d436c UD |
5538 | just return MORECORE_FAILURE when given negative arguments. |
5539 | Negative arguments are always multiples of pagesize. MORECORE | |
5540 | must not misinterpret negative args as large positive unsigned | |
5541 | args. You can suppress all such calls from even occurring by defining | |
5542 | MORECORE_CANNOT_TRIM, | |
10dc2a90 | 5543 | |
6c8dbf00 OB |
5544 | There is some variation across systems about the type of the |
5545 | argument to sbrk/MORECORE. If size_t is unsigned, then it cannot | |
5546 | actually be size_t, because sbrk supports negative args, so it is | |
5547 | normally the signed type of the same width as size_t (sometimes | |
5548 | declared as "intptr_t", and sometimes "ptrdiff_t"). It doesn't much | |
5549 | matter though. Internally, we use "long" as arguments, which should | |
5550 | work across all reasonable possibilities. | |
5551 | ||
5552 | Additionally, if MORECORE ever returns failure for a positive | |
5553 | request, then mmap is used as a noncontiguous system allocator. This | |
5554 | is a useful backup strategy for systems with holes in address spaces | |
5555 | -- in this case sbrk cannot contiguously expand the heap, but mmap | |
5556 | may be able to map noncontiguous space. | |
5557 | ||
5558 | If you'd like mmap to ALWAYS be used, you can define MORECORE to be | |
5559 | a function that always returns MORECORE_FAILURE. | |
5560 | ||
5561 | If you are using this malloc with something other than sbrk (or its | |
5562 | emulation) to supply memory regions, you probably want to set | |
5563 | MORECORE_CONTIGUOUS as false. As an example, here is a custom | |
5564 | allocator kindly contributed for pre-OSX macOS. It uses virtually | |
5565 | but not necessarily physically contiguous non-paged memory (locked | |
5566 | in, present and won't get swapped out). You can use it by | |
5567 | uncommenting this section, adding some #includes, and setting up the | |
5568 | appropriate defines above: | |
5569 | ||
5570 | *#define MORECORE osMoreCore | |
5571 | *#define MORECORE_CONTIGUOUS 0 | |
5572 | ||
5573 | There is also a shutdown routine that should somehow be called for | |
5574 | cleanup upon program exit. | |
5575 | ||
5576 | *#define MAX_POOL_ENTRIES 100 | |
5577 | *#define MINIMUM_MORECORE_SIZE (64 * 1024) | |
5578 | static int next_os_pool; | |
5579 | void *our_os_pools[MAX_POOL_ENTRIES]; | |
5580 | ||
5581 | void *osMoreCore(int size) | |
5582 | { | |
fa8d436c UD |
5583 | void *ptr = 0; |
5584 | static void *sbrk_top = 0; | |
ca34d7a7 | 5585 | |
fa8d436c UD |
5586 | if (size > 0) |
5587 | { | |
5588 | if (size < MINIMUM_MORECORE_SIZE) | |
6c8dbf00 | 5589 | size = MINIMUM_MORECORE_SIZE; |
fa8d436c | 5590 | if (CurrentExecutionLevel() == kTaskLevel) |
6c8dbf00 | 5591 | ptr = PoolAllocateResident(size + RM_PAGE_SIZE, 0); |
fa8d436c UD |
5592 | if (ptr == 0) |
5593 | { | |
6c8dbf00 | 5594 | return (void *) MORECORE_FAILURE; |
fa8d436c UD |
5595 | } |
5596 | // save ptrs so they can be freed during cleanup | |
5597 | our_os_pools[next_os_pool] = ptr; | |
5598 | next_os_pool++; | |
5599 | ptr = (void *) ((((unsigned long) ptr) + RM_PAGE_MASK) & ~RM_PAGE_MASK); | |
5600 | sbrk_top = (char *) ptr + size; | |
5601 | return ptr; | |
5602 | } | |
5603 | else if (size < 0) | |
5604 | { | |
5605 | // we don't currently support shrink behavior | |
5606 | return (void *) MORECORE_FAILURE; | |
5607 | } | |
5608 | else | |
5609 | { | |
5610 | return sbrk_top; | |
431c33c0 | 5611 | } |
6c8dbf00 | 5612 | } |
ca34d7a7 | 5613 | |
6c8dbf00 OB |
5614 | // cleanup any allocated memory pools |
5615 | // called as last thing before shutting down driver | |
ca34d7a7 | 5616 | |
6c8dbf00 OB |
5617 | void osCleanupMem(void) |
5618 | { | |
fa8d436c | 5619 | void **ptr; |
ca34d7a7 | 5620 | |
fa8d436c UD |
5621 | for (ptr = our_os_pools; ptr < &our_os_pools[MAX_POOL_ENTRIES]; ptr++) |
5622 | if (*ptr) | |
5623 | { | |
6c8dbf00 OB |
5624 | PoolDeallocate(*ptr); |
5625 | * ptr = 0; | |
fa8d436c | 5626 | } |
6c8dbf00 | 5627 | } |
ee74a442 | 5628 | |
6c8dbf00 | 5629 | */ |
f65fd747 | 5630 | |
7e3be507 | 5631 | |
3e030bd5 UD |
5632 | /* Helper code. */ |
5633 | ||
ae7f5313 UD |
5634 | extern char **__libc_argv attribute_hidden; |
5635 | ||
3e030bd5 | 5636 | static void |
ac3ed168 | 5637 | malloc_printerr (const char *str) |
3e030bd5 | 5638 | { |
b5bd5bfe | 5639 | #if IS_IN (libc) |
ec2c1fce | 5640 | __libc_message (do_abort, "%s\n", str); |
b5bd5bfe SP |
5641 | #else |
5642 | __libc_fatal (str); | |
5643 | #endif | |
ec2c1fce | 5644 | __builtin_unreachable (); |
3e030bd5 UD |
5645 | } |
5646 | ||
b5bd5bfe | 5647 | #if IS_IN (libc) |
a204dbb2 UD |
5648 | /* We need a wrapper function for one of the additions of POSIX. */ |
5649 | int | |
5650 | __posix_memalign (void **memptr, size_t alignment, size_t size) | |
5651 | { | |
5652 | void *mem; | |
5653 | ||
cc35896e | 5654 | if (!__malloc_initialized) |
2d2d9f2b SP |
5655 | ptmalloc_init (); |
5656 | ||
a204dbb2 UD |
5657 | /* Test whether the SIZE argument is valid. It must be a power of |
5658 | two multiple of sizeof (void *). */ | |
de02bd05 | 5659 | if (alignment % sizeof (void *) != 0 |
fc56e970 | 5660 | || !powerof2 (alignment / sizeof (void *)) |
de02bd05 | 5661 | || alignment == 0) |
a204dbb2 UD |
5662 | return EINVAL; |
5663 | ||
10ad46bc OB |
5664 | |
5665 | void *address = RETURN_ADDRESS (0); | |
5666 | mem = _mid_memalign (alignment, size, address); | |
a204dbb2 | 5667 | |
6c8dbf00 OB |
5668 | if (mem != NULL) |
5669 | { | |
5670 | *memptr = mem; | |
5671 | return 0; | |
5672 | } | |
a204dbb2 UD |
5673 | |
5674 | return ENOMEM; | |
5675 | } | |
5676 | weak_alias (__posix_memalign, posix_memalign) | |
b5bd5bfe | 5677 | #endif |
a204dbb2 | 5678 | |
20c13899 OB |
5679 | |
5680 | int | |
c52ff39e | 5681 | __malloc_info (int options, FILE *fp) |
bb066545 | 5682 | { |
20c13899 OB |
5683 | /* For now, at least. */ |
5684 | if (options != 0) | |
5685 | return EINVAL; | |
bb066545 | 5686 | |
20c13899 OB |
5687 | int n = 0; |
5688 | size_t total_nblocks = 0; | |
5689 | size_t total_nfastblocks = 0; | |
5690 | size_t total_avail = 0; | |
5691 | size_t total_fastavail = 0; | |
5692 | size_t total_system = 0; | |
5693 | size_t total_max_system = 0; | |
5694 | size_t total_aspace = 0; | |
5695 | size_t total_aspace_mprotect = 0; | |
bb066545 | 5696 | |
6c8dbf00 | 5697 | |
6c8dbf00 | 5698 | |
cc35896e | 5699 | if (!__malloc_initialized) |
987c0269 | 5700 | ptmalloc_init (); |
bb066545 | 5701 | |
987c0269 | 5702 | fputs ("<malloc version=\"1\">\n", fp); |
bb066545 | 5703 | |
987c0269 OB |
5704 | /* Iterate over all arenas currently in use. */ |
5705 | mstate ar_ptr = &main_arena; | |
5706 | do | |
5707 | { | |
5708 | fprintf (fp, "<heap nr=\"%d\">\n<sizes>\n", n++); | |
8b35e35d | 5709 | |
987c0269 OB |
5710 | size_t nblocks = 0; |
5711 | size_t nfastblocks = 0; | |
5712 | size_t avail = 0; | |
5713 | size_t fastavail = 0; | |
5714 | struct | |
5715 | { | |
5716 | size_t from; | |
5717 | size_t to; | |
5718 | size_t total; | |
5719 | size_t count; | |
5720 | } sizes[NFASTBINS + NBINS - 1]; | |
5721 | #define nsizes (sizeof (sizes) / sizeof (sizes[0])) | |
6c8dbf00 | 5722 | |
4bf5f222 | 5723 | __libc_lock_lock (ar_ptr->mutex); |
bb066545 | 5724 | |
b6d2c447 NH |
5725 | /* Account for top chunk. The top-most available chunk is |
5726 | treated specially and is never in any bin. See "initial_top" | |
5727 | comments. */ | |
5728 | avail = chunksize (ar_ptr->top); | |
5729 | nblocks = 1; /* Top always exists. */ | |
5730 | ||
987c0269 OB |
5731 | for (size_t i = 0; i < NFASTBINS; ++i) |
5732 | { | |
5733 | mchunkptr p = fastbin (ar_ptr, i); | |
5734 | if (p != NULL) | |
5735 | { | |
5736 | size_t nthissize = 0; | |
5737 | size_t thissize = chunksize (p); | |
5738 | ||
5739 | while (p != NULL) | |
5740 | { | |
49c3c376 | 5741 | if (__glibc_unlikely (misaligned_chunk (p))) |
768358b6 | 5742 | malloc_printerr ("__malloc_info(): " |
a1a486d7 | 5743 | "unaligned fastbin chunk detected"); |
987c0269 | 5744 | ++nthissize; |
a1a486d7 | 5745 | p = REVEAL_PTR (p->fd); |
987c0269 OB |
5746 | } |
5747 | ||
5748 | fastavail += nthissize * thissize; | |
5749 | nfastblocks += nthissize; | |
5750 | sizes[i].from = thissize - (MALLOC_ALIGNMENT - 1); | |
5751 | sizes[i].to = thissize; | |
5752 | sizes[i].count = nthissize; | |
5753 | } | |
5754 | else | |
5755 | sizes[i].from = sizes[i].to = sizes[i].count = 0; | |
bb066545 | 5756 | |
987c0269 OB |
5757 | sizes[i].total = sizes[i].count * sizes[i].to; |
5758 | } | |
bb066545 | 5759 | |
bb066545 | 5760 | |
987c0269 OB |
5761 | mbinptr bin; |
5762 | struct malloc_chunk *r; | |
bb066545 | 5763 | |
987c0269 OB |
5764 | for (size_t i = 1; i < NBINS; ++i) |
5765 | { | |
5766 | bin = bin_at (ar_ptr, i); | |
5767 | r = bin->fd; | |
5768 | sizes[NFASTBINS - 1 + i].from = ~((size_t) 0); | |
5769 | sizes[NFASTBINS - 1 + i].to = sizes[NFASTBINS - 1 + i].total | |
5770 | = sizes[NFASTBINS - 1 + i].count = 0; | |
5771 | ||
5772 | if (r != NULL) | |
5773 | while (r != bin) | |
5774 | { | |
e9c4fe93 | 5775 | size_t r_size = chunksize_nomask (r); |
987c0269 | 5776 | ++sizes[NFASTBINS - 1 + i].count; |
e9c4fe93 | 5777 | sizes[NFASTBINS - 1 + i].total += r_size; |
987c0269 | 5778 | sizes[NFASTBINS - 1 + i].from |
e9c4fe93 | 5779 | = MIN (sizes[NFASTBINS - 1 + i].from, r_size); |
987c0269 | 5780 | sizes[NFASTBINS - 1 + i].to = MAX (sizes[NFASTBINS - 1 + i].to, |
e9c4fe93 | 5781 | r_size); |
987c0269 OB |
5782 | |
5783 | r = r->fd; | |
5784 | } | |
5785 | ||
5786 | if (sizes[NFASTBINS - 1 + i].count == 0) | |
5787 | sizes[NFASTBINS - 1 + i].from = 0; | |
5788 | nblocks += sizes[NFASTBINS - 1 + i].count; | |
5789 | avail += sizes[NFASTBINS - 1 + i].total; | |
5790 | } | |
bb066545 | 5791 | |
7a9368a1 FW |
5792 | size_t heap_size = 0; |
5793 | size_t heap_mprotect_size = 0; | |
34eb4157 | 5794 | size_t heap_count = 0; |
7a9368a1 FW |
5795 | if (ar_ptr != &main_arena) |
5796 | { | |
34eb4157 | 5797 | /* Iterate over the arena heaps from back to front. */ |
7a9368a1 | 5798 | heap_info *heap = heap_for_ptr (top (ar_ptr)); |
34eb4157 FW |
5799 | do |
5800 | { | |
5801 | heap_size += heap->size; | |
5802 | heap_mprotect_size += heap->mprotect_size; | |
5803 | heap = heap->prev; | |
5804 | ++heap_count; | |
5805 | } | |
5806 | while (heap != NULL); | |
7a9368a1 FW |
5807 | } |
5808 | ||
4bf5f222 | 5809 | __libc_lock_unlock (ar_ptr->mutex); |
da2d2fb6 | 5810 | |
987c0269 OB |
5811 | total_nfastblocks += nfastblocks; |
5812 | total_fastavail += fastavail; | |
0588a9cb | 5813 | |
987c0269 OB |
5814 | total_nblocks += nblocks; |
5815 | total_avail += avail; | |
0588a9cb | 5816 | |
987c0269 OB |
5817 | for (size_t i = 0; i < nsizes; ++i) |
5818 | if (sizes[i].count != 0 && i != NFASTBINS) | |
b0f6679b | 5819 | fprintf (fp, "\ |
987c0269 OB |
5820 | <size from=\"%zu\" to=\"%zu\" total=\"%zu\" count=\"%zu\"/>\n", |
5821 | sizes[i].from, sizes[i].to, sizes[i].total, sizes[i].count); | |
fdfd175d | 5822 | |
987c0269 OB |
5823 | if (sizes[NFASTBINS].count != 0) |
5824 | fprintf (fp, "\ | |
5825 | <unsorted from=\"%zu\" to=\"%zu\" total=\"%zu\" count=\"%zu\"/>\n", | |
5826 | sizes[NFASTBINS].from, sizes[NFASTBINS].to, | |
5827 | sizes[NFASTBINS].total, sizes[NFASTBINS].count); | |
fdfd175d | 5828 | |
987c0269 OB |
5829 | total_system += ar_ptr->system_mem; |
5830 | total_max_system += ar_ptr->max_system_mem; | |
bb066545 | 5831 | |
987c0269 OB |
5832 | fprintf (fp, |
5833 | "</sizes>\n<total type=\"fast\" count=\"%zu\" size=\"%zu\"/>\n" | |
5834 | "<total type=\"rest\" count=\"%zu\" size=\"%zu\"/>\n" | |
5835 | "<system type=\"current\" size=\"%zu\"/>\n" | |
5836 | "<system type=\"max\" size=\"%zu\"/>\n", | |
5837 | nfastblocks, fastavail, nblocks, avail, | |
5838 | ar_ptr->system_mem, ar_ptr->max_system_mem); | |
346bc35c | 5839 | |
987c0269 OB |
5840 | if (ar_ptr != &main_arena) |
5841 | { | |
987c0269 OB |
5842 | fprintf (fp, |
5843 | "<aspace type=\"total\" size=\"%zu\"/>\n" | |
34eb4157 FW |
5844 | "<aspace type=\"mprotect\" size=\"%zu\"/>\n" |
5845 | "<aspace type=\"subheaps\" size=\"%zu\"/>\n", | |
5846 | heap_size, heap_mprotect_size, heap_count); | |
7a9368a1 FW |
5847 | total_aspace += heap_size; |
5848 | total_aspace_mprotect += heap_mprotect_size; | |
987c0269 OB |
5849 | } |
5850 | else | |
5851 | { | |
5852 | fprintf (fp, | |
5853 | "<aspace type=\"total\" size=\"%zu\"/>\n" | |
5854 | "<aspace type=\"mprotect\" size=\"%zu\"/>\n", | |
5855 | ar_ptr->system_mem, ar_ptr->system_mem); | |
5856 | total_aspace += ar_ptr->system_mem; | |
5857 | total_aspace_mprotect += ar_ptr->system_mem; | |
5858 | } | |
bb066545 | 5859 | |
987c0269 | 5860 | fputs ("</heap>\n", fp); |
bb066545 UD |
5861 | ar_ptr = ar_ptr->next; |
5862 | } | |
5863 | while (ar_ptr != &main_arena); | |
5864 | ||
5865 | fprintf (fp, | |
62a58816 SP |
5866 | "<total type=\"fast\" count=\"%zu\" size=\"%zu\"/>\n" |
5867 | "<total type=\"rest\" count=\"%zu\" size=\"%zu\"/>\n" | |
9fa76613 | 5868 | "<total type=\"mmap\" count=\"%d\" size=\"%zu\"/>\n" |
62a58816 SP |
5869 | "<system type=\"current\" size=\"%zu\"/>\n" |
5870 | "<system type=\"max\" size=\"%zu\"/>\n" | |
5871 | "<aspace type=\"total\" size=\"%zu\"/>\n" | |
5872 | "<aspace type=\"mprotect\" size=\"%zu\"/>\n" | |
5873 | "</malloc>\n", | |
5874 | total_nfastblocks, total_fastavail, total_nblocks, total_avail, | |
4d653a59 | 5875 | mp_.n_mmaps, mp_.mmapped_mem, |
62a58816 SP |
5876 | total_system, total_max_system, |
5877 | total_aspace, total_aspace_mprotect); | |
bb066545 UD |
5878 | |
5879 | return 0; | |
5880 | } | |
b5bd5bfe | 5881 | #if IS_IN (libc) |
c52ff39e | 5882 | weak_alias (__malloc_info, malloc_info) |
bb066545 | 5883 | |
eba19d2b | 5884 | strong_alias (__libc_calloc, __calloc) weak_alias (__libc_calloc, calloc) |
eba19d2b UD |
5885 | strong_alias (__libc_free, __free) strong_alias (__libc_free, free) |
5886 | strong_alias (__libc_malloc, __malloc) strong_alias (__libc_malloc, malloc) | |
5887 | strong_alias (__libc_memalign, __memalign) | |
5888 | weak_alias (__libc_memalign, memalign) | |
5889 | strong_alias (__libc_realloc, __realloc) strong_alias (__libc_realloc, realloc) | |
5890 | strong_alias (__libc_valloc, __valloc) weak_alias (__libc_valloc, valloc) | |
5891 | strong_alias (__libc_pvalloc, __pvalloc) weak_alias (__libc_pvalloc, pvalloc) | |
5892 | strong_alias (__libc_mallinfo, __mallinfo) | |
5893 | weak_alias (__libc_mallinfo, mallinfo) | |
e3960d1c ML |
5894 | strong_alias (__libc_mallinfo2, __mallinfo2) |
5895 | weak_alias (__libc_mallinfo2, mallinfo2) | |
eba19d2b | 5896 | strong_alias (__libc_mallopt, __mallopt) weak_alias (__libc_mallopt, mallopt) |
7e3be507 UD |
5897 | |
5898 | weak_alias (__malloc_stats, malloc_stats) | |
5899 | weak_alias (__malloc_usable_size, malloc_usable_size) | |
5900 | weak_alias (__malloc_trim, malloc_trim) | |
b5bd5bfe | 5901 | #endif |
7e3be507 | 5902 | |
025b33ae FW |
5903 | #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_26) |
5904 | compat_symbol (libc, __libc_free, cfree, GLIBC_2_0); | |
5905 | #endif | |
f65fd747 | 5906 | |
fa8d436c | 5907 | /* ------------------------------------------------------------ |
6c8dbf00 | 5908 | History: |
f65fd747 | 5909 | |
6c8dbf00 | 5910 | [see ftp://g.oswego.edu/pub/misc/malloc.c for the history of dlmalloc] |
f65fd747 | 5911 | |
6c8dbf00 | 5912 | */ |
fa8d436c UD |
5913 | /* |
5914 | * Local variables: | |
5915 | * c-basic-offset: 2 | |
5916 | * End: | |
5917 | */ |