]>
Commit | Line | Data |
---|---|---|
99a20616 UD |
1 | @node Memory, Character Handling, Error Reporting, Top |
2 | @chapter Virtual Memory Allocation And Paging | |
3 | @c %MENU% Allocating virtual memory and controlling paging | |
28f540f4 RM |
4 | @cindex memory allocation |
5 | @cindex storage allocation | |
6 | ||
99a20616 | 7 | This chapter describes how processes manage and use memory in a system |
1f77f049 | 8 | that uses @theglibc{}. |
99a20616 | 9 | |
1f77f049 | 10 | @Theglibc{} has several functions for dynamically allocating |
99a20616 UD |
11 | virtual memory in various ways. They vary in generality and in |
12 | efficiency. The library also provides functions for controlling paging | |
13 | and allocation of real memory. | |
14 | ||
15 | ||
16 | @menu | |
17 | * Memory Concepts:: An introduction to concepts and terminology. | |
18 | * Memory Allocation:: Allocating storage for your program data | |
99a20616 | 19 | * Resizing the Data Segment:: @code{brk}, @code{sbrk} |
0f74bbf5 | 20 | * Memory Protection:: Controlling access to memory regions. |
4c23fed5 | 21 | * Locking Pages:: Preventing page faults |
99a20616 UD |
22 | @end menu |
23 | ||
24 | Memory mapped I/O is not discussed in this chapter. @xref{Memory-mapped I/O}. | |
25 | ||
26 | ||
27 | ||
28 | @node Memory Concepts | |
29 | @section Process Memory Concepts | |
30 | ||
31 | One of the most basic resources a process has available to it is memory. | |
32 | There are a lot of different ways systems organize memory, but in a | |
33 | typical one, each process has one linear virtual address space, with | |
34 | addresses running from zero to some huge maximum. It need not be | |
11bf311e | 35 | contiguous; i.e., not all of these addresses actually can be used to |
99a20616 UD |
36 | store data. |
37 | ||
38 | The virtual memory is divided into pages (4 kilobytes is typical). | |
39 | Backing each page of virtual memory is a page of real memory (called a | |
40 | @dfn{frame}) or some secondary storage, usually disk space. The disk | |
41 | space might be swap space or just some ordinary disk file. Actually, a | |
42 | page of all zeroes sometimes has nothing at all backing it -- there's | |
43 | just a flag saying it is all zeroes. | |
44 | @cindex page frame | |
45 | @cindex frame, real memory | |
46 | @cindex swap space | |
47 | @cindex page, virtual memory | |
48 | ||
49 | The same frame of real memory or backing store can back multiple virtual | |
50 | pages belonging to multiple processes. This is normally the case, for | |
1f77f049 | 51 | example, with virtual memory occupied by @glibcadj{} code. The same |
99a20616 UD |
52 | real memory frame containing the @code{printf} function backs a virtual |
53 | memory page in each of the existing processes that has a @code{printf} | |
54 | call in its program. | |
55 | ||
56 | In order for a program to access any part of a virtual page, the page | |
57 | must at that moment be backed by (``connected to'') a real frame. But | |
58 | because there is usually a lot more virtual memory than real memory, the | |
59 | pages must move back and forth between real memory and backing store | |
60 | regularly, coming into real memory when a process needs to access them | |
61 | and then retreating to backing store when not needed anymore. This | |
62 | movement is called @dfn{paging}. | |
63 | ||
64 | When a program attempts to access a page which is not at that moment | |
65 | backed by real memory, this is known as a @dfn{page fault}. When a page | |
66 | fault occurs, the kernel suspends the process, places the page into a | |
67 | real page frame (this is called ``paging in'' or ``faulting in''), then | |
68 | resumes the process so that from the process' point of view, the page | |
69 | was in real memory all along. In fact, to the process, all pages always | |
70 | seem to be in real memory. Except for one thing: the elapsed execution | |
71 | time of an instruction that would normally be a few nanoseconds is | |
72 | suddenly much, much, longer (because the kernel normally has to do I/O | |
73 | to complete the page-in). For programs sensitive to that, the functions | |
74 | described in @ref{Locking Pages} can control it. | |
75 | @cindex page fault | |
76 | @cindex paging | |
77 | ||
78 | Within each virtual address space, a process has to keep track of what | |
79 | is at which addresses, and that process is called memory allocation. | |
80 | Allocation usually brings to mind meting out scarce resources, but in | |
81 | the case of virtual memory, that's not a major goal, because there is | |
82 | generally much more of it than anyone needs. Memory allocation within a | |
68979757 | 83 | process is mainly just a matter of making sure that the same byte of |
99a20616 UD |
84 | memory isn't used to store two different things. |
85 | ||
86 | Processes allocate memory in two major ways: by exec and | |
87 | programmatically. Actually, forking is a third way, but it's not very | |
88 | interesting. @xref{Creating a Process}. | |
89 | ||
90 | Exec is the operation of creating a virtual address space for a process, | |
91 | loading its basic program into it, and executing the program. It is | |
92 | done by the ``exec'' family of functions (e.g. @code{execl}). The | |
93 | operation takes a program file (an executable), it allocates space to | |
94 | load all the data in the executable, loads it, and transfers control to | |
95 | it. That data is most notably the instructions of the program (the | |
96 | @dfn{text}), but also literals and constants in the program and even | |
97 | some variables: C variables with the static storage class (@pxref{Memory | |
98 | Allocation and C}). | |
99 | @cindex executable | |
100 | @cindex literals | |
101 | @cindex constants | |
102 | ||
103 | Once that program begins to execute, it uses programmatic allocation to | |
1f77f049 | 104 | gain additional memory. In a C program with @theglibc{}, there |
99a20616 UD |
105 | are two kinds of programmatic allocation: automatic and dynamic. |
106 | @xref{Memory Allocation and C}. | |
107 | ||
108 | Memory-mapped I/O is another form of dynamic virtual memory allocation. | |
109 | Mapping memory to a file means declaring that the contents of certain | |
110 | range of a process' addresses shall be identical to the contents of a | |
111 | specified regular file. The system makes the virtual memory initially | |
112 | contain the contents of the file, and if you modify the memory, the | |
113 | system writes the same modification to the file. Note that due to the | |
114 | magic of virtual memory and page faults, there is no reason for the | |
115 | system to do I/O to read the file, or allocate real memory for its | |
116 | contents, until the program accesses the virtual memory. | |
117 | @xref{Memory-mapped I/O}. | |
118 | @cindex memory mapped I/O | |
119 | @cindex memory mapped file | |
120 | @cindex files, accessing | |
121 | ||
122 | Just as it programmatically allocates memory, the program can | |
123 | programmatically deallocate (@dfn{free}) it. You can't free the memory | |
124 | that was allocated by exec. When the program exits or execs, you might | |
125 | say that all its memory gets freed, but since in both cases the address | |
126 | space ceases to exist, the point is really moot. @xref{Program | |
127 | Termination}. | |
128 | @cindex execing a program | |
129 | @cindex freeing memory | |
130 | @cindex exiting a program | |
131 | ||
132 | A process' virtual address space is divided into segments. A segment is | |
133 | a contiguous range of virtual addresses. Three important segments are: | |
28f540f4 | 134 | |
28f540f4 | 135 | @itemize @bullet |
28f540f4 | 136 | |
68979757 | 137 | @item |
99a20616 UD |
138 | |
139 | The @dfn{text segment} contains a program's instructions and literals and | |
140 | static constants. It is allocated by exec and stays the same size for | |
68979757 | 141 | the life of the virtual address space. |
28f540f4 RM |
142 | |
143 | @item | |
99a20616 UD |
144 | The @dfn{data segment} is working storage for the program. It can be |
145 | preallocated and preloaded by exec and the process can extend or shrink | |
146 | it by calling functions as described in @xref{Resizing the Data | |
147 | Segment}. Its lower end is fixed. | |
148 | ||
68979757 | 149 | @item |
99a20616 UD |
150 | The @dfn{stack segment} contains a program stack. It grows as the stack |
151 | grows, but doesn't shrink when the stack shrinks. | |
152 | ||
28f540f4 | 153 | @end itemize |
99a20616 UD |
154 | |
155 | ||
156 | ||
157 | @node Memory Allocation | |
68979757 | 158 | @section Allocating Storage For Program Data |
99a20616 UD |
159 | |
160 | This section covers how ordinary programs manage storage for their data, | |
161 | including the famous @code{malloc} function and some fancier facilities | |
3ef569c7 | 162 | special to @theglibc{} and GNU Compiler. |
28f540f4 RM |
163 | |
164 | @menu | |
99a20616 | 165 | * Memory Allocation and C:: How to get different kinds of allocation in C. |
c1234e60 SP |
166 | * The GNU Allocator:: An overview of the GNU @code{malloc} |
167 | implementation. | |
28f540f4 RM |
168 | * Unconstrained Allocation:: The @code{malloc} facility allows fully general |
169 | dynamic allocation. | |
bd355af0 | 170 | * Allocation Debugging:: Finding memory leaks and not freed memory. |
44e4b889 | 171 | * Replacing malloc:: Using your own @code{malloc}-style allocator. |
28f540f4 RM |
172 | * Obstacks:: Obstacks are less general than malloc |
173 | but more efficient and convenient. | |
174 | * Variable Size Automatic:: Allocation of variable-sized blocks | |
175 | of automatic storage that are freed when the | |
176 | calling function returns. | |
28f540f4 RM |
177 | @end menu |
178 | ||
28f540f4 | 179 | |
99a20616 UD |
180 | @node Memory Allocation and C |
181 | @subsection Memory Allocation in C Programs | |
28f540f4 | 182 | |
99a20616 UD |
183 | The C language supports two kinds of memory allocation through the |
184 | variables in C programs: | |
28f540f4 RM |
185 | |
186 | @itemize @bullet | |
187 | @item | |
188 | @dfn{Static allocation} is what happens when you declare a static or | |
189 | global variable. Each static or global variable defines one block of | |
190 | space, of a fixed size. The space is allocated once, when your program | |
99a20616 UD |
191 | is started (part of the exec operation), and is never freed. |
192 | @cindex static memory allocation | |
193 | @cindex static storage class | |
28f540f4 RM |
194 | |
195 | @item | |
196 | @dfn{Automatic allocation} happens when you declare an automatic | |
197 | variable, such as a function argument or a local variable. The space | |
198 | for an automatic variable is allocated when the compound statement | |
199 | containing the declaration is entered, and is freed when that | |
200 | compound statement is exited. | |
99a20616 UD |
201 | @cindex automatic memory allocation |
202 | @cindex automatic storage class | |
28f540f4 | 203 | |
99a20616 | 204 | In GNU C, the size of the automatic storage can be an expression |
28f540f4 RM |
205 | that varies. In other C implementations, it must be a constant. |
206 | @end itemize | |
207 | ||
99a20616 | 208 | A third important kind of memory allocation, @dfn{dynamic allocation}, |
1f77f049 | 209 | is not supported by C variables but is available via @glibcadj{} |
99a20616 UD |
210 | functions. |
211 | @cindex dynamic memory allocation | |
212 | ||
213 | @subsubsection Dynamic Memory Allocation | |
214 | @cindex dynamic memory allocation | |
215 | ||
216 | @dfn{Dynamic memory allocation} is a technique in which programs | |
217 | determine as they are running where to store some information. You need | |
218 | dynamic allocation when the amount of memory you need, or how long you | |
219 | continue to need it, depends on factors that are not known before the | |
220 | program runs. | |
221 | ||
222 | For example, you may need a block to store a line read from an input | |
223 | file; since there is no limit to how long a line can be, you must | |
224 | allocate the memory dynamically and make it dynamically larger as you | |
225 | read more of the line. | |
226 | ||
227 | Or, you may need a block for each record or each definition in the input | |
228 | data; since you can't know in advance how many there will be, you must | |
229 | allocate a new block for each record or definition as you read it. | |
230 | ||
231 | When you use dynamic allocation, the allocation of a block of memory is | |
232 | an action that the program requests explicitly. You call a function or | |
233 | macro when you want to allocate space, and specify the size with an | |
234 | argument. If you want to free the space, you do so by calling another | |
235 | function or macro. You can do these things whenever you want, as often | |
236 | as you want. | |
237 | ||
28f540f4 RM |
238 | Dynamic allocation is not supported by C variables; there is no storage |
239 | class ``dynamic'', and there can never be a C variable whose value is | |
99a20616 | 240 | stored in dynamically allocated space. The only way to get dynamically |
1f77f049 JM |
241 | allocated memory is via a system call (which is generally via a @glibcadj{} |
242 | function call), and the only way to refer to dynamically | |
99a20616 UD |
243 | allocated space is through a pointer. Because it is less convenient, |
244 | and because the actual process of dynamic allocation requires more | |
245 | computation time, programmers generally use dynamic allocation only when | |
246 | neither static nor automatic allocation will serve. | |
28f540f4 RM |
247 | |
248 | For example, if you want to allocate dynamically some space to hold a | |
249 | @code{struct foobar}, you cannot declare a variable of type @code{struct | |
250 | foobar} whose contents are the dynamically allocated space. But you can | |
251 | declare a variable of pointer type @code{struct foobar *} and assign it the | |
252 | address of the space. Then you can use the operators @samp{*} and | |
253 | @samp{->} on this pointer variable to refer to the contents of the space: | |
254 | ||
255 | @smallexample | |
256 | @{ | |
bdc674d9 | 257 | struct foobar *ptr = malloc (sizeof *ptr); |
28f540f4 RM |
258 | ptr->name = x; |
259 | ptr->next = current_foobar; | |
260 | current_foobar = ptr; | |
261 | @} | |
262 | @end smallexample | |
263 | ||
c1234e60 SP |
264 | @node The GNU Allocator |
265 | @subsection The GNU Allocator | |
266 | @cindex gnu allocator | |
267 | ||
268 | The @code{malloc} implementation in @theglibc{} is derived from ptmalloc | |
269 | (pthreads malloc), which in turn is derived from dlmalloc (Doug Lea malloc). | |
bdc674d9 PE |
270 | This @code{malloc} may allocate memory |
271 | in two different ways depending on their size | |
c1234e60 SP |
272 | and certain parameters that may be controlled by users. The most common way is |
273 | to allocate portions of memory (called chunks) from a large contiguous area of | |
274 | memory and manage these areas to optimize their use and reduce wastage in the | |
275 | form of unusable chunks. Traditionally the system heap was set up to be the one | |
276 | large memory area but the @glibcadj{} @code{malloc} implementation maintains | |
277 | multiple such areas to optimize their use in multi-threaded applications. Each | |
278 | such area is internally referred to as an @dfn{arena}. | |
279 | ||
280 | As opposed to other versions, the @code{malloc} in @theglibc{} does not round | |
281 | up chunk sizes to powers of two, neither for large nor for small sizes. | |
282 | Neighboring chunks can be coalesced on a @code{free} no matter what their size | |
283 | is. This makes the implementation suitable for all kinds of allocation | |
284 | patterns without generally incurring high memory waste through fragmentation. | |
285 | The presence of multiple arenas allows multiple threads to allocate | |
286 | memory simultaneously in separate arenas, thus improving performance. | |
287 | ||
288 | The other way of memory allocation is for very large blocks, i.e. much larger | |
289 | than a page. These requests are allocated with @code{mmap} (anonymous or via | |
290 | @file{/dev/zero}; @pxref{Memory-mapped I/O})). This has the great advantage | |
291 | that these chunks are returned to the system immediately when they are freed. | |
292 | Therefore, it cannot happen that a large chunk becomes ``locked'' in between | |
293 | smaller ones and even after calling @code{free} wastes memory. The size | |
294 | threshold for @code{mmap} to be used is dynamic and gets adjusted according to | |
295 | allocation patterns of the program. @code{mallopt} can be used to statically | |
296 | adjust the threshold using @code{M_MMAP_THRESHOLD} and the use of @code{mmap} | |
297 | can be disabled completely with @code{M_MMAP_MAX}; | |
298 | @pxref{Malloc Tunable Parameters}. | |
299 | ||
300 | A more detailed technical description of the GNU Allocator is maintained in | |
301 | the @glibcadj{} wiki. See | |
302 | @uref{https://sourceware.org/glibc/wiki/MallocInternals}. | |
303 | ||
44e4b889 FW |
304 | It is possible to use your own custom @code{malloc} instead of the |
305 | built-in allocator provided by @theglibc{}. @xref{Replacing malloc}. | |
306 | ||
28f540f4 | 307 | @node Unconstrained Allocation |
99a20616 UD |
308 | @subsection Unconstrained Allocation |
309 | @cindex unconstrained memory allocation | |
28f540f4 RM |
310 | @cindex @code{malloc} function |
311 | @cindex heap, dynamic allocation from | |
312 | ||
313 | The most general dynamic allocation facility is @code{malloc}. It | |
314 | allows you to allocate blocks of memory of any size at any time, make | |
315 | them bigger or smaller at any time, and free the blocks individually at | |
316 | any time (or never). | |
317 | ||
318 | @menu | |
319 | * Basic Allocation:: Simple use of @code{malloc}. | |
320 | * Malloc Examples:: Examples of @code{malloc}. @code{xmalloc}. | |
321 | * Freeing after Malloc:: Use @code{free} to free a block you | |
322 | got with @code{malloc}. | |
323 | * Changing Block Size:: Use @code{realloc} to make a block | |
324 | bigger or smaller. | |
325 | * Allocating Cleared Space:: Use @code{calloc} to allocate a | |
326 | block and clear it. | |
68979757 | 327 | * Aligned Memory Blocks:: Allocating specially aligned memory. |
c131718c UD |
328 | * Malloc Tunable Parameters:: Use @code{mallopt} to adjust allocation |
329 | parameters. | |
28f540f4 | 330 | * Heap Consistency Checking:: Automatic checking for errors. |
28f540f4 RM |
331 | * Statistics of Malloc:: Getting information about how much |
332 | memory your program is using. | |
333 | * Summary of Malloc:: Summary of @code{malloc} and related functions. | |
334 | @end menu | |
335 | ||
336 | @node Basic Allocation | |
99a20616 | 337 | @subsubsection Basic Memory Allocation |
28f540f4 RM |
338 | @cindex allocation of memory with @code{malloc} |
339 | ||
340 | To allocate a block of memory, call @code{malloc}. The prototype for | |
341 | this function is in @file{stdlib.h}. | |
342 | @pindex stdlib.h | |
343 | ||
28f540f4 | 344 | @deftypefun {void *} malloc (size_t @var{size}) |
d08a7e4c RJ |
345 | @standards{ISO, malloc.h} |
346 | @standards{ISO, stdlib.h} | |
9f529d7c AO |
347 | @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} |
348 | @c Malloc hooks and __morecore pointers, as well as such parameters as | |
349 | @c max_n_mmaps and max_mmapped_mem, are accessed without guards, so they | |
350 | @c could pose a thread safety issue; in order to not declare malloc | |
351 | @c MT-unsafe, it's modifying the hooks and parameters while multiple | |
352 | @c threads are active that is regarded as unsafe. An arena's next field | |
353 | @c is initialized and never changed again, except for main_arena's, | |
354 | @c that's protected by list_lock; next_free is only modified while | |
355 | @c list_lock is held too. All other data members of an arena, as well | |
356 | @c as the metadata of the memory areas assigned to it, are only modified | |
357 | @c while holding the arena's mutex (fastbin pointers use catomic ops | |
358 | @c because they may be modified by free without taking the arena's | |
359 | @c lock). Some reassurance was needed for fastbins, for it wasn't clear | |
360 | @c how they were initialized. It turns out they are always | |
361 | @c zero-initialized: main_arena's, for being static data, and other | |
362 | @c arena's, for being just-mmapped memory. | |
363 | ||
364 | @c Leaking file descriptors and memory in case of cancellation is | |
365 | @c unavoidable without disabling cancellation, but the lock situation is | |
366 | @c a bit more complicated: we don't have fallback arenas for malloc to | |
367 | @c be safe to call from within signal handlers. Error-checking mutexes | |
368 | @c or trylock could enable us to try and use alternate arenas, even with | |
369 | @c -DPER_THREAD (enabled by default), but supporting interruption | |
370 | @c (cancellation or signal handling) while holding the arena list mutex | |
371 | @c would require more work; maybe blocking signals and disabling async | |
372 | @c cancellation while manipulating the arena lists? | |
373 | ||
374 | @c __libc_malloc @asulock @aculock @acsfd @acsmem | |
375 | @c force_reg ok | |
376 | @c *malloc_hook unguarded | |
9f529d7c AO |
377 | @c arena_lock @asulock @aculock @acsfd @acsmem |
378 | @c mutex_lock @asulock @aculock | |
379 | @c arena_get2 @asulock @aculock @acsfd @acsmem | |
380 | @c get_free_list @asulock @aculock | |
381 | @c mutex_lock (list_lock) dup @asulock @aculock | |
382 | @c mutex_unlock (list_lock) dup @aculock | |
383 | @c mutex_lock (arena lock) dup @asulock @aculock [returns locked] | |
9f529d7c AO |
384 | @c __get_nprocs ext ok @acsfd |
385 | @c NARENAS_FROM_NCORES ok | |
386 | @c catomic_compare_and_exchange_bool_acq ok | |
387 | @c _int_new_arena ok @asulock @aculock @acsmem | |
388 | @c new_heap ok @acsmem | |
389 | @c mmap ok @acsmem | |
390 | @c munmap ok @acsmem | |
391 | @c mprotect ok | |
392 | @c chunk2mem ok | |
393 | @c set_head ok | |
394 | @c tsd_setspecific dup ok | |
395 | @c mutex_init ok | |
396 | @c mutex_lock (just-created mutex) ok, returns locked | |
397 | @c mutex_lock (list_lock) dup @asulock @aculock | |
398 | @c atomic_write_barrier ok | |
399 | @c mutex_unlock (list_lock) @aculock | |
400 | @c catomic_decrement ok | |
401 | @c reused_arena @asulock @aculock | |
402 | @c reads&writes next_to_use and iterates over arena next without guards | |
403 | @c those are harmless as long as we don't drop arenas from the | |
404 | @c NEXT list, and we never do; when a thread terminates, | |
124e0258 | 405 | @c __malloc_arena_thread_freeres prepends the arena to the free_list |
9f529d7c AO |
406 | @c NEXT_FREE list, but NEXT is never modified, so it's safe! |
407 | @c mutex_trylock (arena lock) @asulock @aculock | |
408 | @c mutex_lock (arena lock) dup @asulock @aculock | |
409 | @c tsd_setspecific dup ok | |
410 | @c _int_malloc @acsfd @acsmem | |
411 | @c checked_request2size ok | |
412 | @c REQUEST_OUT_OF_RANGE ok | |
413 | @c request2size ok | |
414 | @c get_max_fast ok | |
415 | @c fastbin_index ok | |
416 | @c fastbin ok | |
417 | @c catomic_compare_and_exhange_val_acq ok | |
418 | @c malloc_printerr dup @mtsenv | |
419 | @c if we get to it, we're toast already, undefined behavior must have | |
420 | @c been invoked before | |
421 | @c libc_message @mtsenv [no leaks with cancellation disabled] | |
422 | @c FATAL_PREPARE ok | |
423 | @c pthread_setcancelstate disable ok | |
424 | @c libc_secure_getenv @mtsenv | |
425 | @c getenv @mtsenv | |
426 | @c open_not_cancel_2 dup @acsfd | |
427 | @c strchrnul ok | |
428 | @c WRITEV_FOR_FATAL ok | |
429 | @c writev ok | |
430 | @c mmap ok @acsmem | |
431 | @c munmap ok @acsmem | |
432 | @c BEFORE_ABORT @acsfd | |
433 | @c backtrace ok | |
434 | @c write_not_cancel dup ok | |
435 | @c backtrace_symbols_fd @aculock | |
436 | @c open_not_cancel_2 dup @acsfd | |
437 | @c read_not_cancel dup ok | |
438 | @c close_not_cancel_no_status dup @acsfd | |
439 | @c abort ok | |
440 | @c itoa_word ok | |
441 | @c abort ok | |
442 | @c check_remalloced_chunk ok/disabled | |
443 | @c chunk2mem dup ok | |
444 | @c alloc_perturb ok | |
445 | @c in_smallbin_range ok | |
446 | @c smallbin_index ok | |
447 | @c bin_at ok | |
448 | @c last ok | |
449 | @c malloc_consolidate ok | |
450 | @c get_max_fast dup ok | |
451 | @c clear_fastchunks ok | |
452 | @c unsorted_chunks dup ok | |
453 | @c fastbin dup ok | |
22f4ab2d | 454 | @c atomic_exchange_acquire ok |
9f529d7c AO |
455 | @c check_inuse_chunk dup ok/disabled |
456 | @c chunk_at_offset dup ok | |
457 | @c chunksize dup ok | |
458 | @c inuse_bit_at_offset dup ok | |
459 | @c unlink dup ok | |
460 | @c clear_inuse_bit_at_offset dup ok | |
461 | @c in_smallbin_range dup ok | |
462 | @c set_head dup ok | |
463 | @c malloc_init_state ok | |
464 | @c bin_at dup ok | |
465 | @c set_noncontiguous dup ok | |
466 | @c set_max_fast dup ok | |
467 | @c initial_top ok | |
468 | @c unsorted_chunks dup ok | |
469 | @c check_malloc_state ok/disabled | |
470 | @c set_inuse_bit_at_offset ok | |
471 | @c check_malloced_chunk ok/disabled | |
472 | @c largebin_index ok | |
473 | @c have_fastchunks ok | |
474 | @c unsorted_chunks ok | |
475 | @c bin_at ok | |
476 | @c chunksize ok | |
477 | @c chunk_at_offset ok | |
478 | @c set_head ok | |
479 | @c set_foot ok | |
480 | @c mark_bin ok | |
481 | @c idx2bit ok | |
482 | @c first ok | |
483 | @c unlink ok | |
484 | @c malloc_printerr dup ok | |
485 | @c in_smallbin_range dup ok | |
486 | @c idx2block ok | |
487 | @c idx2bit dup ok | |
488 | @c next_bin ok | |
489 | @c sysmalloc @acsfd @acsmem | |
490 | @c MMAP @acsmem | |
491 | @c set_head dup ok | |
492 | @c check_chunk ok/disabled | |
493 | @c chunk2mem dup ok | |
494 | @c chunksize dup ok | |
495 | @c chunk_at_offset dup ok | |
496 | @c heap_for_ptr ok | |
497 | @c grow_heap ok | |
498 | @c mprotect ok | |
499 | @c set_head dup ok | |
500 | @c new_heap @acsmem | |
501 | @c MMAP dup @acsmem | |
502 | @c munmap @acsmem | |
503 | @c top ok | |
504 | @c set_foot dup ok | |
505 | @c contiguous ok | |
506 | @c MORECORE ok | |
507 | @c *__morecore ok unguarded | |
508 | @c __default_morecore | |
509 | @c sbrk ok | |
510 | @c force_reg dup ok | |
511 | @c *__after_morecore_hook unguarded | |
512 | @c set_noncontiguous ok | |
513 | @c malloc_printerr dup ok | |
514 | @c _int_free (have_lock) @acsfd @acsmem [@asulock @aculock] | |
515 | @c chunksize dup ok | |
516 | @c mutex_unlock dup @aculock/!have_lock | |
517 | @c malloc_printerr dup ok | |
518 | @c check_inuse_chunk ok/disabled | |
519 | @c chunk_at_offset dup ok | |
520 | @c mutex_lock dup @asulock @aculock/@have_lock | |
521 | @c chunk2mem dup ok | |
522 | @c free_perturb ok | |
523 | @c set_fastchunks ok | |
524 | @c catomic_and ok | |
525 | @c fastbin_index dup ok | |
526 | @c fastbin dup ok | |
527 | @c catomic_compare_and_exchange_val_rel ok | |
528 | @c chunk_is_mmapped ok | |
529 | @c contiguous dup ok | |
530 | @c prev_inuse ok | |
531 | @c unlink dup ok | |
532 | @c inuse_bit_at_offset dup ok | |
533 | @c clear_inuse_bit_at_offset ok | |
534 | @c unsorted_chunks dup ok | |
535 | @c in_smallbin_range dup ok | |
536 | @c set_head dup ok | |
537 | @c set_foot dup ok | |
538 | @c check_free_chunk ok/disabled | |
539 | @c check_chunk dup ok/disabled | |
540 | @c have_fastchunks dup ok | |
541 | @c malloc_consolidate dup ok | |
542 | @c systrim ok | |
543 | @c MORECORE dup ok | |
544 | @c *__after_morecore_hook dup unguarded | |
545 | @c set_head dup ok | |
546 | @c check_malloc_state ok/disabled | |
547 | @c top dup ok | |
548 | @c heap_for_ptr dup ok | |
549 | @c heap_trim @acsfd @acsmem | |
550 | @c top dup ok | |
551 | @c chunk_at_offset dup ok | |
552 | @c prev_chunk ok | |
553 | @c chunksize dup ok | |
554 | @c prev_inuse dup ok | |
555 | @c delete_heap @acsmem | |
556 | @c munmap dup @acsmem | |
557 | @c unlink dup ok | |
558 | @c set_head dup ok | |
559 | @c shrink_heap @acsfd | |
560 | @c check_may_shrink_heap @acsfd | |
561 | @c open_not_cancel_2 @acsfd | |
562 | @c read_not_cancel ok | |
563 | @c close_not_cancel_no_status @acsfd | |
564 | @c MMAP dup ok | |
565 | @c madvise ok | |
566 | @c munmap_chunk @acsmem | |
567 | @c chunksize dup ok | |
568 | @c chunk_is_mmapped dup ok | |
569 | @c chunk2mem dup ok | |
570 | @c malloc_printerr dup ok | |
571 | @c munmap dup @acsmem | |
572 | @c check_malloc_state ok/disabled | |
573 | @c arena_get_retry @asulock @aculock @acsfd @acsmem | |
574 | @c mutex_unlock dup @aculock | |
575 | @c mutex_lock dup @asulock @aculock | |
576 | @c arena_get2 dup @asulock @aculock @acsfd @acsmem | |
577 | @c mutex_unlock @aculock | |
578 | @c mem2chunk ok | |
579 | @c chunk_is_mmapped ok | |
580 | @c arena_for_chunk ok | |
581 | @c chunk_non_main_arena ok | |
582 | @c heap_for_ptr ok | |
28f540f4 | 583 | This function returns a pointer to a newly allocated block @var{size} |
bdc674d9 PE |
584 | bytes long, or a null pointer (setting @code{errno}) |
585 | if the block could not be allocated. | |
28f540f4 RM |
586 | @end deftypefun |
587 | ||
588 | The contents of the block are undefined; you must initialize it yourself | |
589 | (or use @code{calloc} instead; @pxref{Allocating Cleared Space}). | |
bdc674d9 | 590 | Normally you would convert the value to a pointer to the kind of object |
28f540f4 RM |
591 | that you want to store in the block. Here we show an example of doing |
592 | so, and of initializing the space with zeros using the library function | |
0a13c9e9 | 593 | @code{memset} (@pxref{Copying Strings and Arrays}): |
28f540f4 RM |
594 | |
595 | @smallexample | |
bdc674d9 | 596 | struct foo *ptr = malloc (sizeof *ptr); |
28f540f4 RM |
597 | if (ptr == 0) abort (); |
598 | memset (ptr, 0, sizeof (struct foo)); | |
599 | @end smallexample | |
600 | ||
601 | You can store the result of @code{malloc} into any pointer variable | |
f65fd747 | 602 | without a cast, because @w{ISO C} automatically converts the type |
bdc674d9 PE |
603 | @code{void *} to another type of pointer when necessary. However, a cast |
604 | is necessary if the type is needed but not specified by context. | |
28f540f4 RM |
605 | |
606 | Remember that when allocating space for a string, the argument to | |
607 | @code{malloc} must be one plus the length of the string. This is | |
608 | because a string is terminated with a null character that doesn't count | |
609 | in the ``length'' of the string but does need space. For example: | |
610 | ||
611 | @smallexample | |
bdc674d9 | 612 | char *ptr = malloc (length + 1); |
28f540f4 RM |
613 | @end smallexample |
614 | ||
615 | @noindent | |
616 | @xref{Representation of Strings}, for more information about this. | |
617 | ||
618 | @node Malloc Examples | |
99a20616 | 619 | @subsubsection Examples of @code{malloc} |
28f540f4 RM |
620 | |
621 | If no more space is available, @code{malloc} returns a null pointer. | |
622 | You should check the value of @emph{every} call to @code{malloc}. It is | |
623 | useful to write a subroutine that calls @code{malloc} and reports an | |
624 | error if the value is a null pointer, returning only if the value is | |
625 | nonzero. This function is conventionally called @code{xmalloc}. Here | |
626 | it is: | |
bdc674d9 | 627 | @cindex @code{xmalloc} function |
28f540f4 RM |
628 | |
629 | @smallexample | |
630 | void * | |
631 | xmalloc (size_t size) | |
632 | @{ | |
e256c421 | 633 | void *value = malloc (size); |
28f540f4 RM |
634 | if (value == 0) |
635 | fatal ("virtual memory exhausted"); | |
636 | return value; | |
637 | @} | |
638 | @end smallexample | |
639 | ||
640 | Here is a real example of using @code{malloc} (by way of @code{xmalloc}). | |
641 | The function @code{savestring} will copy a sequence of characters into | |
642 | a newly allocated null-terminated string: | |
643 | ||
644 | @smallexample | |
645 | @group | |
646 | char * | |
647 | savestring (const char *ptr, size_t len) | |
648 | @{ | |
bdc674d9 | 649 | char *value = xmalloc (len + 1); |
28f540f4 | 650 | value[len] = '\0'; |
bdc674d9 | 651 | return memcpy (value, ptr, len); |
28f540f4 RM |
652 | @} |
653 | @end group | |
654 | @end smallexample | |
655 | ||
656 | The block that @code{malloc} gives you is guaranteed to be aligned so | |
a7a93d50 | 657 | that it can hold any type of data. On @gnusystems{}, the address is |
0a096e44 | 658 | always a multiple of eight on 32-bit systems, and a multiple of 16 on |
c131718c | 659 | 64-bit systems. Only rarely is any higher boundary (such as a page |
5764c27f WN |
660 | boundary) necessary; for those cases, use @code{aligned_alloc} or |
661 | @code{posix_memalign} (@pxref{Aligned Memory Blocks}). | |
28f540f4 RM |
662 | |
663 | Note that the memory located after the end of the block is likely to be | |
664 | in use for something else; perhaps a block already allocated by another | |
665 | call to @code{malloc}. If you attempt to treat the block as longer than | |
666 | you asked for it to be, you are liable to destroy the data that | |
667 | @code{malloc} uses to keep track of its blocks, or you may destroy the | |
668 | contents of another block. If you have already allocated a block and | |
669 | discover you want it to be bigger, use @code{realloc} (@pxref{Changing | |
670 | Block Size}). | |
671 | ||
bdc674d9 PE |
672 | @strong{Portability Notes:} |
673 | ||
674 | @itemize @bullet | |
675 | @item | |
676 | In @theglibc{}, a successful @code{malloc (0)} | |
677 | returns a non-null pointer to a newly allocated size-zero block; | |
678 | other implementations may return @code{NULL} instead. | |
679 | POSIX and the ISO C standard allow both behaviors. | |
680 | ||
681 | @item | |
682 | In @theglibc{}, a failed @code{malloc} call sets @code{errno}, | |
683 | but ISO C does not require this and non-POSIX implementations | |
684 | need not set @code{errno} when failing. | |
685 | ||
686 | @item | |
687 | In @theglibc{}, @code{malloc} always fails when @var{size} exceeds | |
688 | @code{PTRDIFF_MAX}, to avoid problems with programs that subtract | |
689 | pointers or use signed indexes. Other implementations may succeed in | |
690 | this case, leading to undefined behavior later. | |
691 | @end itemize | |
692 | ||
28f540f4 | 693 | @node Freeing after Malloc |
99a20616 | 694 | @subsubsection Freeing Memory Allocated with @code{malloc} |
28f540f4 RM |
695 | @cindex freeing memory allocated with @code{malloc} |
696 | @cindex heap, freeing memory from | |
697 | ||
698 | When you no longer need a block that you got with @code{malloc}, use the | |
699 | function @code{free} to make the block available to be allocated again. | |
700 | The prototype for this function is in @file{stdlib.h}. | |
701 | @pindex stdlib.h | |
702 | ||
28f540f4 | 703 | @deftypefun void free (void *@var{ptr}) |
d08a7e4c RJ |
704 | @standards{ISO, malloc.h} |
705 | @standards{ISO, stdlib.h} | |
9f529d7c AO |
706 | @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} |
707 | @c __libc_free @asulock @aculock @acsfd @acsmem | |
708 | @c releasing memory into fastbins modifies the arena without taking | |
709 | @c its mutex, but catomic operations ensure safety. If two (or more) | |
710 | @c threads are running malloc and have their own arenas locked when | |
711 | @c each gets a signal whose handler free()s large (non-fastbin-able) | |
712 | @c blocks from each other's arena, we deadlock; this is a more general | |
713 | @c case of @asulock. | |
714 | @c *__free_hook unguarded | |
715 | @c mem2chunk ok | |
716 | @c chunk_is_mmapped ok, chunk bits not modified after allocation | |
717 | @c chunksize ok | |
718 | @c munmap_chunk dup @acsmem | |
719 | @c arena_for_chunk dup ok | |
720 | @c _int_free (!have_lock) dup @asulock @aculock @acsfd @acsmem | |
99a20616 | 721 | The @code{free} function deallocates the block of memory pointed at |
28f540f4 RM |
722 | by @var{ptr}. |
723 | @end deftypefun | |
724 | ||
28f540f4 RM |
725 | Freeing a block alters the contents of the block. @strong{Do not expect to |
726 | find any data (such as a pointer to the next block in a chain of blocks) in | |
727 | the block after freeing it.} Copy whatever you need out of the block before | |
728 | freeing it! Here is an example of the proper way to free all the blocks in | |
729 | a chain, and the strings that they point to: | |
730 | ||
731 | @smallexample | |
732 | struct chain | |
733 | @{ | |
734 | struct chain *next; | |
735 | char *name; | |
736 | @} | |
737 | ||
738 | void | |
739 | free_chain (struct chain *chain) | |
740 | @{ | |
741 | while (chain != 0) | |
742 | @{ | |
743 | struct chain *next = chain->next; | |
744 | free (chain->name); | |
745 | free (chain); | |
746 | chain = next; | |
747 | @} | |
748 | @} | |
749 | @end smallexample | |
750 | ||
751 | Occasionally, @code{free} can actually return memory to the operating | |
752 | system and make the process smaller. Usually, all it can do is allow a | |
753 | later call to @code{malloc} to reuse the space. In the meantime, the | |
754 | space remains in your program as part of a free-list used internally by | |
755 | @code{malloc}. | |
756 | ||
69fda43b PE |
757 | The @code{free} function preserves the value of @code{errno}, so that |
758 | cleanup code need not worry about saving and restoring @code{errno} | |
759 | around a call to @code{free}. Although neither @w{ISO C} nor | |
760 | POSIX.1-2017 requires @code{free} to preserve @code{errno}, a future | |
761 | version of POSIX is planned to require it. | |
762 | ||
28f540f4 RM |
763 | There is no point in freeing blocks at the end of a program, because all |
764 | of the program's space is given back to the system when the process | |
765 | terminates. | |
766 | ||
767 | @node Changing Block Size | |
99a20616 | 768 | @subsubsection Changing the Size of a Block |
28f540f4 RM |
769 | @cindex changing the size of a block (@code{malloc}) |
770 | ||
771 | Often you do not know for certain how big a block you will ultimately need | |
772 | at the time you must begin to use the block. For example, the block might | |
773 | be a buffer that you use to hold a line being read from a file; no matter | |
774 | how long you make the buffer initially, you may encounter a line that is | |
775 | longer. | |
776 | ||
2e0bbbfb DW |
777 | You can make the block longer by calling @code{realloc} or |
778 | @code{reallocarray}. These functions are declared in @file{stdlib.h}. | |
28f540f4 RM |
779 | @pindex stdlib.h |
780 | ||
28f540f4 | 781 | @deftypefun {void *} realloc (void *@var{ptr}, size_t @var{newsize}) |
d08a7e4c RJ |
782 | @standards{ISO, malloc.h} |
783 | @standards{ISO, stdlib.h} | |
9f529d7c AO |
784 | @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} |
785 | @c It may call the implementations of malloc and free, so all of their | |
786 | @c issues arise, plus the realloc hook, also accessed without guards. | |
787 | ||
788 | @c __libc_realloc @asulock @aculock @acsfd @acsmem | |
789 | @c *__realloc_hook unguarded | |
790 | @c __libc_free dup @asulock @aculock @acsfd @acsmem | |
791 | @c __libc_malloc dup @asulock @aculock @acsfd @acsmem | |
792 | @c mem2chunk dup ok | |
793 | @c chunksize dup ok | |
794 | @c malloc_printerr dup ok | |
795 | @c checked_request2size dup ok | |
796 | @c chunk_is_mmapped dup ok | |
797 | @c mremap_chunk | |
798 | @c chunksize dup ok | |
799 | @c __mremap ok | |
800 | @c set_head dup ok | |
801 | @c MALLOC_COPY ok | |
802 | @c memcpy ok | |
803 | @c munmap_chunk dup @acsmem | |
804 | @c arena_for_chunk dup ok | |
805 | @c mutex_lock (arena mutex) dup @asulock @aculock | |
806 | @c _int_realloc @acsfd @acsmem | |
807 | @c malloc_printerr dup ok | |
808 | @c check_inuse_chunk dup ok/disabled | |
809 | @c chunk_at_offset dup ok | |
810 | @c chunksize dup ok | |
811 | @c set_head_size dup ok | |
812 | @c chunk_at_offset dup ok | |
813 | @c set_head dup ok | |
814 | @c chunk2mem dup ok | |
815 | @c inuse dup ok | |
816 | @c unlink dup ok | |
817 | @c _int_malloc dup @acsfd @acsmem | |
818 | @c mem2chunk dup ok | |
819 | @c MALLOC_COPY dup ok | |
820 | @c _int_free (have_lock) dup @acsfd @acsmem | |
821 | @c set_inuse_bit_at_offset dup ok | |
822 | @c set_head dup ok | |
823 | @c mutex_unlock (arena mutex) dup @aculock | |
824 | @c _int_free (!have_lock) dup @asulock @aculock @acsfd @acsmem | |
825 | ||
28f540f4 RM |
826 | The @code{realloc} function changes the size of the block whose address is |
827 | @var{ptr} to be @var{newsize}. | |
828 | ||
829 | Since the space after the end of the block may be in use, @code{realloc} | |
830 | may find it necessary to copy the block to a new address where more free | |
831 | space is available. The value of @code{realloc} is the new address of the | |
832 | block. If the block needs to be moved, @code{realloc} copies the old | |
833 | contents. | |
834 | ||
835 | If you pass a null pointer for @var{ptr}, @code{realloc} behaves just | |
bdc674d9 PE |
836 | like @samp{malloc (@var{newsize})}. |
837 | Otherwise, if @var{newsize} is zero | |
838 | @code{realloc} frees the block and returns @code{NULL}. | |
839 | Otherwise, if @code{realloc} cannot reallocate the requested size | |
840 | it returns @code{NULL} and sets @code{errno}; the original block | |
841 | is left undisturbed. | |
28f540f4 RM |
842 | @end deftypefun |
843 | ||
2e0bbbfb | 844 | @deftypefun {void *} reallocarray (void *@var{ptr}, size_t @var{nmemb}, size_t @var{size}) |
d08a7e4c RJ |
845 | @standards{BSD, malloc.h} |
846 | @standards{BSD, stdlib.h} | |
2e0bbbfb DW |
847 | @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} |
848 | ||
849 | The @code{reallocarray} function changes the size of the block whose address | |
850 | is @var{ptr} to be long enough to contain a vector of @var{nmemb} elements, | |
851 | each of size @var{size}. It is equivalent to @samp{realloc (@var{ptr}, | |
852 | @var{nmemb} * @var{size})}, except that @code{reallocarray} fails safely if | |
853 | the multiplication overflows, by setting @code{errno} to @code{ENOMEM}, | |
854 | returning a null pointer, and leaving the original block unchanged. | |
855 | ||
856 | @code{reallocarray} should be used instead of @code{realloc} when the new size | |
857 | of the allocated block is the result of a multiplication that might overflow. | |
858 | ||
859 | @strong{Portability Note:} This function is not part of any standard. It was | |
860 | first introduced in OpenBSD 5.6. | |
861 | @end deftypefun | |
862 | ||
863 | Like @code{malloc}, @code{realloc} and @code{reallocarray} may return a null | |
864 | pointer if no memory space is available to make the block bigger. When this | |
865 | happens, the original block is untouched; it has not been modified or | |
866 | relocated. | |
28f540f4 RM |
867 | |
868 | In most cases it makes no difference what happens to the original block | |
869 | when @code{realloc} fails, because the application program cannot continue | |
870 | when it is out of memory, and the only thing to do is to give a fatal error | |
bdc674d9 PE |
871 | message. Often it is convenient to write and use subroutines, |
872 | conventionally called @code{xrealloc} and @code{xreallocarray}, | |
873 | that take care of the error message | |
28f540f4 | 874 | as @code{xmalloc} does for @code{malloc}: |
bdc674d9 | 875 | @cindex @code{xrealloc} and @code{xreallocarray} functions |
28f540f4 RM |
876 | |
877 | @smallexample | |
878 | void * | |
bdc674d9 | 879 | xreallocarray (void *ptr, size_t nmemb, size_t size) |
28f540f4 | 880 | @{ |
bdc674d9 | 881 | void *value = reallocarray (ptr, nmemb, size); |
28f540f4 RM |
882 | if (value == 0) |
883 | fatal ("Virtual memory exhausted"); | |
884 | return value; | |
885 | @} | |
bdc674d9 PE |
886 | |
887 | void * | |
888 | xrealloc (void *ptr, size_t size) | |
889 | @{ | |
890 | return xreallocarray (ptr, 1, size); | |
891 | @} | |
28f540f4 RM |
892 | @end smallexample |
893 | ||
2e0bbbfb DW |
894 | You can also use @code{realloc} or @code{reallocarray} to make a block |
895 | smaller. The reason you would do this is to avoid tying up a lot of memory | |
896 | space when only a little is needed. | |
c131718c UD |
897 | @comment The following is no longer true with the new malloc. |
898 | @comment But it seems wise to keep the warning for other implementations. | |
899 | In several allocation implementations, making a block smaller sometimes | |
900 | necessitates copying it, so it can fail if no other space is available. | |
28f540f4 | 901 | |
bdc674d9 PE |
902 | @strong{Portability Notes:} |
903 | ||
904 | @itemize @bullet | |
905 | @item | |
906 | Portable programs should not attempt to reallocate blocks to be size zero. | |
907 | On other implementations if @var{ptr} is non-null, @code{realloc (ptr, 0)} | |
908 | might free the block and return a non-null pointer to a size-zero | |
909 | object, or it might fail and return @code{NULL} without freeing the block. | |
910 | The ISO C17 standard allows these variations. | |
911 | ||
912 | @item | |
913 | In @theglibc{}, reallocation fails if the resulting block | |
914 | would exceed @code{PTRDIFF_MAX} in size, to avoid problems with programs | |
915 | that subtract pointers or use signed indexes. Other implementations may | |
916 | succeed, leading to undefined behavior later. | |
917 | ||
918 | @item | |
919 | In @theglibc{}, if the new size is the same as the old, @code{realloc} and | |
2e0bbbfb | 920 | @code{reallocarray} are guaranteed to change nothing and return the same |
bdc674d9 PE |
921 | address that you gave. However, POSIX and ISO C allow the functions |
922 | to relocate the object or fail in this situation. | |
923 | @end itemize | |
28f540f4 RM |
924 | |
925 | @node Allocating Cleared Space | |
99a20616 | 926 | @subsubsection Allocating Cleared Space |
28f540f4 RM |
927 | |
928 | The function @code{calloc} allocates memory and clears it to zero. It | |
929 | is declared in @file{stdlib.h}. | |
930 | @pindex stdlib.h | |
931 | ||
28f540f4 | 932 | @deftypefun {void *} calloc (size_t @var{count}, size_t @var{eltsize}) |
d08a7e4c RJ |
933 | @standards{ISO, malloc.h} |
934 | @standards{ISO, stdlib.h} | |
9f529d7c AO |
935 | @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} |
936 | @c Same caveats as malloc. | |
937 | ||
938 | @c __libc_calloc @asulock @aculock @acsfd @acsmem | |
939 | @c *__malloc_hook dup unguarded | |
940 | @c memset dup ok | |
941 | @c arena_get @asulock @aculock @acsfd @acsmem | |
9f529d7c AO |
942 | @c arena_lock dup @asulock @aculock @acsfd @acsmem |
943 | @c top dup ok | |
944 | @c chunksize dup ok | |
945 | @c heap_for_ptr dup ok | |
946 | @c _int_malloc dup @acsfd @acsmem | |
947 | @c arena_get_retry dup @asulock @aculock @acsfd @acsmem | |
948 | @c mutex_unlock dup @aculock | |
949 | @c mem2chunk dup ok | |
950 | @c chunk_is_mmapped dup ok | |
951 | @c MALLOC_ZERO ok | |
952 | @c memset dup ok | |
28f540f4 RM |
953 | This function allocates a block long enough to contain a vector of |
954 | @var{count} elements, each of size @var{eltsize}. Its contents are | |
955 | cleared to zero before @code{calloc} returns. | |
956 | @end deftypefun | |
957 | ||
958 | You could define @code{calloc} as follows: | |
959 | ||
960 | @smallexample | |
961 | void * | |
962 | calloc (size_t count, size_t eltsize) | |
963 | @{ | |
bdc674d9 | 964 | void *value = reallocarray (0, count, eltsize); |
28f540f4 | 965 | if (value != 0) |
bdc674d9 | 966 | memset (value, 0, count * eltsize); |
28f540f4 RM |
967 | return value; |
968 | @} | |
969 | @end smallexample | |
970 | ||
c131718c | 971 | But in general, it is not guaranteed that @code{calloc} calls |
bdc674d9 PE |
972 | @code{reallocarray} and @code{memset} internally. For example, if the |
973 | @code{calloc} implementation knows for other reasons that the new | |
974 | memory block is zero, it need not zero out the block again with | |
975 | @code{memset}. Also, if an application provides its own | |
976 | @code{reallocarray} outside the C library, @code{calloc} might not use | |
977 | that redefinition. @xref{Replacing malloc}. | |
c131718c | 978 | |
28f540f4 | 979 | @node Aligned Memory Blocks |
99a20616 | 980 | @subsubsection Allocating Aligned Memory Blocks |
28f540f4 RM |
981 | |
982 | @cindex page boundary | |
983 | @cindex alignment (with @code{malloc}) | |
984 | @pindex stdlib.h | |
985 | The address of a block returned by @code{malloc} or @code{realloc} in | |
a7a93d50 | 986 | @gnusystems{} is always a multiple of eight (or sixteen on 64-bit |
c131718c | 987 | systems). If you need a block whose address is a multiple of a higher |
5764c27f WN |
988 | power of two than that, use @code{aligned_alloc} or @code{posix_memalign}. |
989 | @code{aligned_alloc} and @code{posix_memalign} are declared in | |
990 | @file{stdlib.h}. | |
991 | ||
5764c27f | 992 | @deftypefun {void *} aligned_alloc (size_t @var{alignment}, size_t @var{size}) |
d08a7e4c | 993 | @standards{???, stdlib.h} |
9f529d7c AO |
994 | @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} |
995 | @c Alias to memalign. | |
5764c27f WN |
996 | The @code{aligned_alloc} function allocates a block of @var{size} bytes whose |
997 | address is a multiple of @var{alignment}. The @var{alignment} must be a | |
998 | power of two and @var{size} must be a multiple of @var{alignment}. | |
999 | ||
1000 | The @code{aligned_alloc} function returns a null pointer on error and sets | |
1001 | @code{errno} to one of the following values: | |
1002 | ||
1003 | @table @code | |
1004 | @item ENOMEM | |
1005 | There was insufficient memory available to satisfy the request. | |
1006 | ||
1007 | @item EINVAL | |
1008 | @var{alignment} is not a power of two. | |
1009 | ||
1010 | This function was introduced in @w{ISO C11} and hence may have better | |
1011 | portability to modern non-POSIX systems than @code{posix_memalign}. | |
1012 | @end table | |
1013 | ||
1014 | @end deftypefun | |
28f540f4 | 1015 | |
22a1292a | 1016 | @deftypefun {void *} memalign (size_t @var{boundary}, size_t @var{size}) |
d08a7e4c | 1017 | @standards{BSD, malloc.h} |
9f529d7c AO |
1018 | @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} |
1019 | @c Same issues as malloc. The padding bytes are safely freed in | |
1020 | @c _int_memalign, with the arena still locked. | |
1021 | ||
1022 | @c __libc_memalign @asulock @aculock @acsfd @acsmem | |
1023 | @c *__memalign_hook dup unguarded | |
1024 | @c __libc_malloc dup @asulock @aculock @acsfd @acsmem | |
1025 | @c arena_get dup @asulock @aculock @acsfd @acsmem | |
1026 | @c _int_memalign @acsfd @acsmem | |
1027 | @c _int_malloc dup @acsfd @acsmem | |
1028 | @c checked_request2size dup ok | |
1029 | @c mem2chunk dup ok | |
1030 | @c chunksize dup ok | |
1031 | @c chunk_is_mmapped dup ok | |
1032 | @c set_head dup ok | |
1033 | @c chunk2mem dup ok | |
1034 | @c set_inuse_bit_at_offset dup ok | |
1035 | @c set_head_size dup ok | |
1036 | @c _int_free (have_lock) dup @acsfd @acsmem | |
1037 | @c chunk_at_offset dup ok | |
1038 | @c check_inuse_chunk dup ok | |
1039 | @c arena_get_retry dup @asulock @aculock @acsfd @acsmem | |
1040 | @c mutex_unlock dup @aculock | |
28f540f4 RM |
1041 | The @code{memalign} function allocates a block of @var{size} bytes whose |
1042 | address is a multiple of @var{boundary}. The @var{boundary} must be a | |
c131718c UD |
1043 | power of two! The function @code{memalign} works by allocating a |
1044 | somewhat larger block, and then returning an address within the block | |
1045 | that is on the specified boundary. | |
0a096e44 WN |
1046 | |
1047 | The @code{memalign} function returns a null pointer on error and sets | |
1048 | @code{errno} to one of the following values: | |
1049 | ||
1050 | @table @code | |
1051 | @item ENOMEM | |
1052 | There was insufficient memory available to satisfy the request. | |
1053 | ||
1054 | @item EINVAL | |
3ef569c7 | 1055 | @var{boundary} is not a power of two. |
0a096e44 WN |
1056 | |
1057 | @end table | |
1058 | ||
5764c27f WN |
1059 | The @code{memalign} function is obsolete and @code{aligned_alloc} or |
1060 | @code{posix_memalign} should be used instead. | |
28f540f4 RM |
1061 | @end deftypefun |
1062 | ||
68979757 | 1063 | @deftypefun int posix_memalign (void **@var{memptr}, size_t @var{alignment}, size_t @var{size}) |
d08a7e4c | 1064 | @standards{POSIX, stdlib.h} |
9f529d7c AO |
1065 | @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} |
1066 | @c Calls memalign unless the requirements are not met (powerof2 macro is | |
1067 | @c safe given an automatic variable as an argument) or there's a | |
1068 | @c memalign hook (accessed unguarded, but safely). | |
68979757 UD |
1069 | The @code{posix_memalign} function is similar to the @code{memalign} |
1070 | function in that it returns a buffer of @var{size} bytes aligned to a | |
1071 | multiple of @var{alignment}. But it adds one requirement to the | |
1072 | parameter @var{alignment}: the value must be a power of two multiple of | |
1073 | @code{sizeof (void *)}. | |
1074 | ||
1075 | If the function succeeds in allocation memory a pointer to the allocated | |
1076 | memory is returned in @code{*@var{memptr}} and the return value is zero. | |
1077 | Otherwise the function returns an error value indicating the problem. | |
0a096e44 WN |
1078 | The possible error values returned are: |
1079 | ||
1080 | @table @code | |
1081 | @item ENOMEM | |
1082 | There was insufficient memory available to satisfy the request. | |
1083 | ||
1084 | @item EINVAL | |
1085 | @var{alignment} is not a power of two multiple of @code{sizeof (void *)}. | |
1086 | ||
1087 | @end table | |
68979757 | 1088 | |
cf822e3c | 1089 | This function was introduced in POSIX 1003.1d. Although this function is |
5764c27f WN |
1090 | superseded by @code{aligned_alloc}, it is more portable to older POSIX |
1091 | systems that do not support @w{ISO C11}. | |
68979757 UD |
1092 | @end deftypefun |
1093 | ||
28f540f4 | 1094 | @deftypefun {void *} valloc (size_t @var{size}) |
d08a7e4c RJ |
1095 | @standards{BSD, malloc.h} |
1096 | @standards{BSD, stdlib.h} | |
9f529d7c AO |
1097 | @safety{@prelim{}@mtunsafe{@mtuinit{}}@asunsafe{@asuinit{} @asulock{}}@acunsafe{@acuinit{} @aculock{} @acsfd{} @acsmem{}}} |
1098 | @c __libc_valloc @mtuinit @asuinit @asulock @aculock @acsfd @acsmem | |
1099 | @c ptmalloc_init (once) @mtsenv @asulock @aculock @acsfd @acsmem | |
1100 | @c _dl_addr @asucorrupt? @aculock | |
1101 | @c __rtld_lock_lock_recursive (dl_load_lock) @asucorrupt? @aculock | |
1102 | @c _dl_find_dso_for_object ok, iterates over dl_ns and its _ns_loaded objs | |
1103 | @c the ok above assumes no partial updates on dl_ns and _ns_loaded | |
1104 | @c that could confuse a _dl_addr call in a signal handler | |
1105 | @c _dl_addr_inside_object ok | |
1106 | @c determine_info ok | |
1107 | @c __rtld_lock_unlock_recursive (dl_load_lock) @aculock | |
9f529d7c AO |
1108 | @c *_environ @mtsenv |
1109 | @c next_env_entry ok | |
1110 | @c strcspn dup ok | |
1111 | @c __libc_mallopt dup @mtasuconst:mallopt [setting mp_] | |
9f529d7c AO |
1112 | @c *__malloc_initialize_hook unguarded, ok |
1113 | @c *__memalign_hook dup ok, unguarded | |
1114 | @c arena_get dup @asulock @aculock @acsfd @acsmem | |
1115 | @c _int_valloc @acsfd @acsmem | |
1116 | @c malloc_consolidate dup ok | |
1117 | @c _int_memalign dup @acsfd @acsmem | |
1118 | @c arena_get_retry dup @asulock @aculock @acsfd @acsmem | |
1119 | @c _int_memalign dup @acsfd @acsmem | |
1120 | @c mutex_unlock dup @aculock | |
28f540f4 | 1121 | Using @code{valloc} is like using @code{memalign} and passing the page size |
3ef569c7 | 1122 | as the value of the first argument. It is implemented like this: |
28f540f4 RM |
1123 | |
1124 | @smallexample | |
1125 | void * | |
1126 | valloc (size_t size) | |
1127 | @{ | |
22a1292a | 1128 | return memalign (getpagesize (), size); |
28f540f4 RM |
1129 | @} |
1130 | @end smallexample | |
b642f101 UD |
1131 | |
1132 | @ref{Query Memory Parameters} for more information about the memory | |
1133 | subsystem. | |
0a096e44 | 1134 | |
5764c27f WN |
1135 | The @code{valloc} function is obsolete and @code{aligned_alloc} or |
1136 | @code{posix_memalign} should be used instead. | |
28f540f4 RM |
1137 | @end deftypefun |
1138 | ||
c131718c | 1139 | @node Malloc Tunable Parameters |
99a20616 | 1140 | @subsubsection Malloc Tunable Parameters |
c131718c UD |
1141 | |
1142 | You can adjust some parameters for dynamic memory allocation with the | |
1143 | @code{mallopt} function. This function is the general SVID/XPG | |
1144 | interface, defined in @file{malloc.h}. | |
1145 | @pindex malloc.h | |
1146 | ||
1147 | @deftypefun int mallopt (int @var{param}, int @var{value}) | |
9f529d7c AO |
1148 | @safety{@prelim{}@mtunsafe{@mtuinit{} @mtasuconst{:mallopt}}@asunsafe{@asuinit{} @asulock{}}@acunsafe{@acuinit{} @aculock{}}} |
1149 | @c __libc_mallopt @mtuinit @mtasuconst:mallopt @asuinit @asulock @aculock | |
1150 | @c ptmalloc_init (once) dup @mtsenv @asulock @aculock @acsfd @acsmem | |
1151 | @c mutex_lock (main_arena->mutex) @asulock @aculock | |
1152 | @c malloc_consolidate dup ok | |
1153 | @c set_max_fast ok | |
1154 | @c mutex_unlock dup @aculock | |
1155 | ||
c131718c UD |
1156 | When calling @code{mallopt}, the @var{param} argument specifies the |
1157 | parameter to be set, and @var{value} the new value to be set. Possible | |
1158 | choices for @var{param}, as defined in @file{malloc.h}, are: | |
1159 | ||
2fe82ca6 | 1160 | @vtable @code |
ec4ff04d CD |
1161 | @item M_MMAP_MAX |
1162 | The maximum number of chunks to allocate with @code{mmap}. Setting this | |
1163 | to zero disables all use of @code{mmap}. | |
2bce3035 SP |
1164 | |
1165 | The default value of this parameter is @code{65536}. | |
1166 | ||
1167 | This parameter can also be set for the process at startup by setting the | |
1168 | environment variable @env{MALLOC_MMAP_MAX_} to the desired value. | |
1169 | ||
c131718c UD |
1170 | @item M_MMAP_THRESHOLD |
1171 | All chunks larger than this value are allocated outside the normal | |
1172 | heap, using the @code{mmap} system call. This way it is guaranteed | |
1173 | that the memory for these chunks can be returned to the system on | |
13c0f771 AJ |
1174 | @code{free}. Note that requests smaller than this threshold might still |
1175 | be allocated via @code{mmap}. | |
2bce3035 SP |
1176 | |
1177 | If this parameter is not set, the default value is set as 128 KiB and the | |
1178 | threshold is adjusted dynamically to suit the allocation patterns of the | |
1179 | program. If the parameter is set, the dynamic adjustment is disabled and the | |
1180 | value is set statically to the input value. | |
1181 | ||
1182 | This parameter can also be set for the process at startup by setting the | |
1183 | environment variable @env{MALLOC_MMAP_THRESHOLD_} to the desired value. | |
ec4ff04d | 1184 | @comment TODO: @item M_MXFAST |
2bce3035 | 1185 | |
deb9cabb AS |
1186 | @item M_PERTURB |
1187 | If non-zero, memory blocks are filled with values depending on some | |
1188 | low order bits of this parameter when they are allocated (except when | |
1189 | allocated by @code{calloc}) and freed. This can be used to debug the | |
b741de23 SP |
1190 | use of uninitialized or freed heap memory. Note that this option does not |
1191 | guarantee that the freed block will have any specific values. It only | |
1192 | guarantees that the content the block had before it was freed will be | |
1193 | overwritten. | |
2bce3035 SP |
1194 | |
1195 | The default value of this parameter is @code{0}. | |
1196 | ||
1197 | This parameter can also be set for the process at startup by setting the | |
af548086 | 1198 | environment variable @env{MALLOC_PERTURB_} to the desired value. |
2bce3035 | 1199 | |
ec4ff04d | 1200 | @item M_TOP_PAD |
aceb22c1 SP |
1201 | This parameter determines the amount of extra memory to obtain from the system |
1202 | when an arena needs to be extended. It also specifies the number of bytes to | |
1203 | retain when shrinking an arena. This provides the necessary hysteresis in heap | |
1204 | size such that excessive amounts of system calls can be avoided. | |
2bce3035 SP |
1205 | |
1206 | The default value of this parameter is @code{0}. | |
1207 | ||
1208 | This parameter can also be set for the process at startup by setting the | |
1209 | environment variable @env{MALLOC_TOP_PAD_} to the desired value. | |
1210 | ||
ec4ff04d CD |
1211 | @item M_TRIM_THRESHOLD |
1212 | This is the minimum size (in bytes) of the top-most, releasable chunk | |
aceb22c1 | 1213 | that will trigger a system call in order to return memory to the system. |
2bce3035 SP |
1214 | |
1215 | If this parameter is not set, the default value is set as 128 KiB and the | |
1216 | threshold is adjusted dynamically to suit the allocation patterns of the | |
1217 | program. If the parameter is set, the dynamic adjustment is disabled and the | |
1218 | value is set statically to the provided input. | |
1219 | ||
1220 | This parameter can also be set for the process at startup by setting the | |
1221 | environment variable @env{MALLOC_TRIM_THRESHOLD_} to the desired value. | |
1222 | ||
c1234e60 SP |
1223 | @item M_ARENA_TEST |
1224 | This parameter specifies the number of arenas that can be created before the | |
1225 | test on the limit to the number of arenas is conducted. The value is ignored if | |
1226 | @code{M_ARENA_MAX} is set. | |
1227 | ||
1228 | The default value of this parameter is 2 on 32-bit systems and 8 on 64-bit | |
1229 | systems. | |
1230 | ||
1231 | This parameter can also be set for the process at startup by setting the | |
1232 | environment variable @env{MALLOC_ARENA_TEST} to the desired value. | |
1233 | ||
1234 | @item M_ARENA_MAX | |
1235 | This parameter sets the number of arenas to use regardless of the number of | |
1236 | cores in the system. | |
1237 | ||
1238 | The default value of this tunable is @code{0}, meaning that the limit on the | |
1239 | number of arenas is determined by the number of CPU cores online. For 32-bit | |
1240 | systems the limit is twice the number of cores online and on 64-bit systems, it | |
1241 | is eight times the number of cores online. Note that the default value is not | |
1242 | derived from the default value of M_ARENA_TEST and is computed independently. | |
1243 | ||
1244 | This parameter can also be set for the process at startup by setting the | |
1245 | environment variable @env{MALLOC_ARENA_MAX} to the desired value. | |
2fe82ca6 | 1246 | @end vtable |
c131718c UD |
1247 | |
1248 | @end deftypefun | |
1249 | ||
28f540f4 | 1250 | @node Heap Consistency Checking |
99a20616 | 1251 | @subsubsection Heap Consistency Checking |
28f540f4 RM |
1252 | |
1253 | @cindex heap consistency checking | |
1254 | @cindex consistency checking, of heap | |
1255 | ||
99a20616 | 1256 | You can ask @code{malloc} to check the consistency of dynamic memory by |
2d2d9f2b | 1257 | using the @code{mcheck} function and preloading the malloc debug library |
fb1621a8 | 1258 | @file{libc_malloc_debug} using the @var{LD_PRELOAD} environment variable. |
2d2d9f2b | 1259 | This function is a GNU extension, declared in @file{mcheck.h}. |
4775243a | 1260 | @pindex mcheck.h |
28f540f4 | 1261 | |
28f540f4 | 1262 | @deftypefun int mcheck (void (*@var{abortfn}) (enum mcheck_status @var{status})) |
d08a7e4c | 1263 | @standards{GNU, mcheck.h} |
9f529d7c AO |
1264 | @safety{@prelim{}@mtunsafe{@mtasurace{:mcheck} @mtasuconst{:malloc_hooks}}@asunsafe{@asucorrupt{}}@acunsafe{@acucorrupt{}}} |
1265 | @c The hooks must be set up before malloc is first used, which sort of | |
1266 | @c implies @mtuinit/@asuinit but since the function is a no-op if malloc | |
1267 | @c was already used, that doesn't pose any safety issues. The actual | |
1268 | @c problem is with the hooks, designed for single-threaded | |
1269 | @c fully-synchronous operation: they manage an unguarded linked list of | |
1270 | @c allocated blocks, and get temporarily overwritten before calling the | |
1271 | @c allocation functions recursively while holding the old hooks. There | |
1272 | @c are no guards for thread safety, and inconsistent hooks may be found | |
1273 | @c within signal handlers or left behind in case of cancellation. | |
1274 | ||
28f540f4 RM |
1275 | Calling @code{mcheck} tells @code{malloc} to perform occasional |
1276 | consistency checks. These will catch things such as writing | |
1277 | past the end of a block that was allocated with @code{malloc}. | |
1278 | ||
1279 | The @var{abortfn} argument is the function to call when an inconsistency | |
1280 | is found. If you supply a null pointer, then @code{mcheck} uses a | |
1281 | default function which prints a message and calls @code{abort} | |
1282 | (@pxref{Aborting a Program}). The function you supply is called with | |
1283 | one argument, which says what sort of inconsistency was detected; its | |
1284 | type is described below. | |
1285 | ||
1286 | It is too late to begin allocation checking once you have allocated | |
1287 | anything with @code{malloc}. So @code{mcheck} does nothing in that | |
1288 | case. The function returns @code{-1} if you call it too late, and | |
1289 | @code{0} otherwise (when it is successful). | |
1290 | ||
1291 | The easiest way to arrange to call @code{mcheck} early enough is to use | |
1292 | the option @samp{-lmcheck} when you link your program; then you don't | |
bc938d3d | 1293 | need to modify your program source at all. Alternatively you might use |
3cb07217 UD |
1294 | a debugger to insert a call to @code{mcheck} whenever the program is |
1295 | started, for example these gdb commands will automatically call @code{mcheck} | |
1296 | whenever the program starts: | |
1297 | ||
1298 | @smallexample | |
1299 | (gdb) break main | |
1300 | Breakpoint 1, main (argc=2, argv=0xbffff964) at whatever.c:10 | |
1301 | (gdb) command 1 | |
1302 | Type commands for when breakpoint 1 is hit, one per line. | |
1303 | End with a line saying just "end". | |
1304 | >call mcheck(0) | |
1305 | >continue | |
1306 | >end | |
95fdc6a0 | 1307 | (gdb) @dots{} |
3cb07217 UD |
1308 | @end smallexample |
1309 | ||
1310 | This will however only work if no initialization function of any object | |
1311 | involved calls any of the @code{malloc} functions since @code{mcheck} | |
1312 | must be called before the first such function. | |
1313 | ||
28f540f4 RM |
1314 | @end deftypefun |
1315 | ||
1316 | @deftypefun {enum mcheck_status} mprobe (void *@var{pointer}) | |
9f529d7c AO |
1317 | @safety{@prelim{}@mtunsafe{@mtasurace{:mcheck} @mtasuconst{:malloc_hooks}}@asunsafe{@asucorrupt{}}@acunsafe{@acucorrupt{}}} |
1318 | @c The linked list of headers may be modified concurrently by other | |
1319 | @c threads, and it may find a partial update if called from a signal | |
1320 | @c handler. It's mostly read only, so cancelling it might be safe, but | |
1321 | @c it will modify global state that, if cancellation hits at just the | |
1322 | @c right spot, may be left behind inconsistent. This path is only taken | |
1323 | @c if checkhdr finds an inconsistency. If the inconsistency could only | |
1324 | @c occur because of earlier undefined behavior, that wouldn't be an | |
1325 | @c additional safety issue problem, but because of the other concurrency | |
1326 | @c issues in the mcheck hooks, the apparent inconsistency could be the | |
1327 | @c result of mcheck's own internal data race. So, AC-Unsafe it is. | |
1328 | ||
28f540f4 RM |
1329 | The @code{mprobe} function lets you explicitly check for inconsistencies |
1330 | in a particular allocated block. You must have already called | |
1331 | @code{mcheck} at the beginning of the program, to do its occasional | |
1332 | checks; calling @code{mprobe} requests an additional consistency check | |
1333 | to be done at the time of the call. | |
1334 | ||
1335 | The argument @var{pointer} must be a pointer returned by @code{malloc} | |
1336 | or @code{realloc}. @code{mprobe} returns a value that says what | |
1337 | inconsistency, if any, was found. The values are described below. | |
1338 | @end deftypefun | |
1339 | ||
1340 | @deftp {Data Type} {enum mcheck_status} | |
1341 | This enumerated type describes what kind of inconsistency was detected | |
1342 | in an allocated block, if any. Here are the possible values: | |
1343 | ||
1344 | @table @code | |
1345 | @item MCHECK_DISABLED | |
1346 | @code{mcheck} was not called before the first allocation. | |
1347 | No consistency checking can be done. | |
1348 | @item MCHECK_OK | |
1349 | No inconsistency detected. | |
1350 | @item MCHECK_HEAD | |
1351 | The data immediately before the block was modified. | |
1352 | This commonly happens when an array index or pointer | |
1353 | is decremented too far. | |
1354 | @item MCHECK_TAIL | |
1355 | The data immediately after the block was modified. | |
1356 | This commonly happens when an array index or pointer | |
1357 | is incremented too far. | |
1358 | @item MCHECK_FREE | |
1359 | The block was already freed. | |
1360 | @end table | |
1361 | @end deftp | |
1362 | ||
7551a1e5 UD |
1363 | Another possibility to check for and guard against bugs in the use of |
1364 | @code{malloc}, @code{realloc} and @code{free} is to set the environment | |
ec2c1fce | 1365 | variable @code{MALLOC_CHECK_}. When @code{MALLOC_CHECK_} is set to a |
83e55c98 SP |
1366 | non-zero value less than 4, a special (less efficient) implementation is |
1367 | used which is designed to be tolerant against simple errors, such as | |
1368 | double calls of @code{free} with the same argument, or overruns of a | |
1369 | single byte (off-by-one bugs). Not all such errors can be protected | |
2d2d9f2b | 1370 | against, however, and memory leaks can result. Like in the case of |
fb1621a8 | 1371 | @code{mcheck}, one would need to preload the @file{libc_malloc_debug} |
2d2d9f2b SP |
1372 | library to enable @code{MALLOC_CHECK_} functionality. Without this |
1373 | preloaded library, setting @code{MALLOC_CHECK_} will have no effect. | |
ec2c1fce FW |
1374 | |
1375 | Any detected heap corruption results in immediate termination of the | |
1376 | process. | |
7551a1e5 | 1377 | |
68979757 UD |
1378 | There is one problem with @code{MALLOC_CHECK_}: in SUID or SGID binaries |
1379 | it could possibly be exploited since diverging from the normal programs | |
0bc93a2f | 1380 | behavior it now writes something to the standard error descriptor. |
68979757 UD |
1381 | Therefore the use of @code{MALLOC_CHECK_} is disabled by default for |
1382 | SUID and SGID binaries. It can be enabled again by the system | |
1383 | administrator by adding a file @file{/etc/suid-debug} (the content is | |
1384 | not important it could be empty). | |
1385 | ||
789b13c4 | 1386 | So, what's the difference between using @code{MALLOC_CHECK_} and linking |
bc938d3d | 1387 | with @samp{-lmcheck}? @code{MALLOC_CHECK_} is orthogonal with respect to |
789b13c4 UD |
1388 | @samp{-lmcheck}. @samp{-lmcheck} has been added for backward |
1389 | compatibility. Both @code{MALLOC_CHECK_} and @samp{-lmcheck} should | |
1390 | uncover the same bugs - but using @code{MALLOC_CHECK_} you don't need to | |
1391 | recompile your application. | |
1392 | ||
28f540f4 RM |
1393 | @c __morecore, __after_morecore_hook are undocumented |
1394 | @c It's not clear whether to document them. | |
1395 | ||
1396 | @node Statistics of Malloc | |
99a20616 | 1397 | @subsubsection Statistics for Memory Allocation with @code{malloc} |
28f540f4 RM |
1398 | |
1399 | @cindex allocation statistics | |
99a20616 | 1400 | You can get information about dynamic memory allocation by calling the |
e3960d1c | 1401 | @code{mallinfo2} function. This function and its associated data type |
c131718c UD |
1402 | are declared in @file{malloc.h}; they are an extension of the standard |
1403 | SVID/XPG version. | |
28f540f4 RM |
1404 | @pindex malloc.h |
1405 | ||
e3960d1c | 1406 | @deftp {Data Type} {struct mallinfo2} |
d08a7e4c | 1407 | @standards{GNU, malloc.h} |
28f540f4 | 1408 | This structure type is used to return information about the dynamic |
99a20616 | 1409 | memory allocator. It contains the following members: |
28f540f4 RM |
1410 | |
1411 | @table @code | |
e3960d1c | 1412 | @item size_t arena |
c131718c UD |
1413 | This is the total size of memory allocated with @code{sbrk} by |
1414 | @code{malloc}, in bytes. | |
1415 | ||
e3960d1c | 1416 | @item size_t ordblks |
99a20616 | 1417 | This is the number of chunks not in use. (The memory allocator |
e3960d1c | 1418 | size_ternally gets chunks of memory from the operating system, and then |
c1234e60 SP |
1419 | carves them up to satisfy individual @code{malloc} requests; |
1420 | @pxref{The GNU Allocator}.) | |
c131718c | 1421 | |
e3960d1c | 1422 | @item size_t smblks |
c131718c UD |
1423 | This field is unused. |
1424 | ||
e3960d1c | 1425 | @item size_t hblks |
c131718c UD |
1426 | This is the total number of chunks allocated with @code{mmap}. |
1427 | ||
e3960d1c | 1428 | @item size_t hblkhd |
c131718c UD |
1429 | This is the total size of memory allocated with @code{mmap}, in bytes. |
1430 | ||
e3960d1c | 1431 | @item size_t usmblks |
ca135f82 | 1432 | This field is unused and always 0. |
28f540f4 | 1433 | |
e3960d1c | 1434 | @item size_t fsmblks |
c131718c | 1435 | This field is unused. |
28f540f4 | 1436 | |
e3960d1c | 1437 | @item size_t uordblks |
c131718c UD |
1438 | This is the total size of memory occupied by chunks handed out by |
1439 | @code{malloc}. | |
1440 | ||
e3960d1c | 1441 | @item size_t fordblks |
c131718c | 1442 | This is the total size of memory occupied by free (not in use) chunks. |
28f540f4 | 1443 | |
e3960d1c | 1444 | @item size_t keepcost |
e8b1163e | 1445 | This is the size of the top-most releasable chunk that normally |
11bf311e | 1446 | borders the end of the heap (i.e., the high end of the virtual address |
99a20616 | 1447 | space's data segment). |
28f540f4 | 1448 | |
28f540f4 RM |
1449 | @end table |
1450 | @end deftp | |
1451 | ||
e3960d1c | 1452 | @deftypefun {struct mallinfo2} mallinfo2 (void) |
d08a7e4c | 1453 | @standards{SVID, malloc.h} |
9f529d7c AO |
1454 | @safety{@prelim{}@mtunsafe{@mtuinit{} @mtasuconst{:mallopt}}@asunsafe{@asuinit{} @asulock{}}@acunsafe{@acuinit{} @aculock{}}} |
1455 | @c Accessing mp_.n_mmaps and mp_.max_mmapped_mem, modified with atomics | |
1456 | @c but non-atomically elsewhere, may get us inconsistent results. We | |
1457 | @c mark the statistics as unsafe, rather than the fast-path functions | |
1458 | @c that collect the possibly inconsistent data. | |
1459 | ||
e3960d1c | 1460 | @c __libc_mallinfo2 @mtuinit @mtasuconst:mallopt @asuinit @asulock @aculock |
9f529d7c AO |
1461 | @c ptmalloc_init (once) dup @mtsenv @asulock @aculock @acsfd @acsmem |
1462 | @c mutex_lock dup @asulock @aculock | |
1463 | @c int_mallinfo @mtasuconst:mallopt [mp_ access on main_arena] | |
1464 | @c malloc_consolidate dup ok | |
1465 | @c check_malloc_state dup ok/disabled | |
1466 | @c chunksize dup ok | |
1467 | @c fastbin dupo ok | |
1468 | @c bin_at dup ok | |
1469 | @c last dup ok | |
1470 | @c mutex_unlock @aculock | |
1471 | ||
28f540f4 | 1472 | This function returns information about the current dynamic memory usage |
e3960d1c | 1473 | in a structure of type @code{struct mallinfo2}. |
28f540f4 RM |
1474 | @end deftypefun |
1475 | ||
1476 | @node Summary of Malloc | |
99a20616 | 1477 | @subsubsection Summary of @code{malloc}-Related Functions |
28f540f4 RM |
1478 | |
1479 | Here is a summary of the functions that work with @code{malloc}: | |
1480 | ||
1481 | @table @code | |
1482 | @item void *malloc (size_t @var{size}) | |
1483 | Allocate a block of @var{size} bytes. @xref{Basic Allocation}. | |
1484 | ||
1485 | @item void free (void *@var{addr}) | |
1486 | Free a block previously allocated by @code{malloc}. @xref{Freeing after | |
1487 | Malloc}. | |
1488 | ||
1489 | @item void *realloc (void *@var{addr}, size_t @var{size}) | |
1490 | Make a block previously allocated by @code{malloc} larger or smaller, | |
1491 | possibly by copying it to a new location. @xref{Changing Block Size}. | |
1492 | ||
2e0bbbfb DW |
1493 | @item void *reallocarray (void *@var{ptr}, size_t @var{nmemb}, size_t @var{size}) |
1494 | Change the size of a block previously allocated by @code{malloc} to | |
1495 | @code{@var{nmemb} * @var{size}} bytes as with @code{realloc}. @xref{Changing | |
1496 | Block Size}. | |
1497 | ||
28f540f4 RM |
1498 | @item void *calloc (size_t @var{count}, size_t @var{eltsize}) |
1499 | Allocate a block of @var{count} * @var{eltsize} bytes using | |
1500 | @code{malloc}, and set its contents to zero. @xref{Allocating Cleared | |
1501 | Space}. | |
1502 | ||
1503 | @item void *valloc (size_t @var{size}) | |
1504 | Allocate a block of @var{size} bytes, starting on a page boundary. | |
1505 | @xref{Aligned Memory Blocks}. | |
1506 | ||
5764c27f WN |
1507 | @item void *aligned_alloc (size_t @var{size}, size_t @var{alignment}) |
1508 | Allocate a block of @var{size} bytes, starting on an address that is a | |
1509 | multiple of @var{alignment}. @xref{Aligned Memory Blocks}. | |
1510 | ||
0a096e44 WN |
1511 | @item int posix_memalign (void **@var{memptr}, size_t @var{alignment}, size_t @var{size}) |
1512 | Allocate a block of @var{size} bytes, starting on an address that is a | |
1513 | multiple of @var{alignment}. @xref{Aligned Memory Blocks}. | |
1514 | ||
28f540f4 RM |
1515 | @item void *memalign (size_t @var{size}, size_t @var{boundary}) |
1516 | Allocate a block of @var{size} bytes, starting on an address that is a | |
1517 | multiple of @var{boundary}. @xref{Aligned Memory Blocks}. | |
1518 | ||
c131718c | 1519 | @item int mallopt (int @var{param}, int @var{value}) |
8b7fb588 | 1520 | Adjust a tunable parameter. @xref{Malloc Tunable Parameters}. |
c131718c | 1521 | |
28f540f4 RM |
1522 | @item int mcheck (void (*@var{abortfn}) (void)) |
1523 | Tell @code{malloc} to perform occasional consistency checks on | |
1524 | dynamically allocated memory, and to call @var{abortfn} when an | |
1525 | inconsistency is found. @xref{Heap Consistency Checking}. | |
1526 | ||
e3960d1c | 1527 | @item struct mallinfo2 mallinfo2 (void) |
28f540f4 RM |
1528 | Return information about the current dynamic memory usage. |
1529 | @xref{Statistics of Malloc}. | |
1530 | @end table | |
1531 | ||
bd355af0 | 1532 | @node Allocation Debugging |
99a20616 | 1533 | @subsection Allocation Debugging |
bd355af0 UD |
1534 | @cindex allocation debugging |
1535 | @cindex malloc debugger | |
1536 | ||
bc938d3d | 1537 | A complicated task when programming with languages which do not use |
bd355af0 | 1538 | garbage collected dynamic memory allocation is to find memory leaks. |
3ef569c7 | 1539 | Long running programs must ensure that dynamically allocated objects are |
bd355af0 UD |
1540 | freed at the end of their lifetime. If this does not happen the system |
1541 | runs out of memory, sooner or later. | |
1542 | ||
1f77f049 | 1543 | The @code{malloc} implementation in @theglibc{} provides some |
bc938d3d | 1544 | simple means to detect such leaks and obtain some information to find |
bd355af0 UD |
1545 | the location. To do this the application must be started in a special |
1546 | mode which is enabled by an environment variable. There are no speed | |
bc938d3d | 1547 | penalties for the program if the debugging mode is not enabled. |
bd355af0 UD |
1548 | |
1549 | @menu | |
1550 | * Tracing malloc:: How to install the tracing functionality. | |
1551 | * Using the Memory Debugger:: Example programs excerpts. | |
1552 | * Tips for the Memory Debugger:: Some more or less clever ideas. | |
1553 | * Interpreting the traces:: What do all these lines mean? | |
1554 | @end menu | |
1555 | ||
1556 | @node Tracing malloc | |
99a20616 | 1557 | @subsubsection How to install the tracing functionality |
bd355af0 | 1558 | |
bd355af0 | 1559 | @deftypefun void mtrace (void) |
d08a7e4c | 1560 | @standards{GNU, mcheck.h} |
1e5a5866 | 1561 | @safety{@prelim{}@mtunsafe{@mtsenv{} @mtasurace{:mtrace} @mtuinit{}}@asunsafe{@asuinit{} @ascuheap{} @asucorrupt{} @asulock{}}@acunsafe{@acuinit{} @acucorrupt{} @aculock{} @acsfd{} @acsmem{}}} |
9f529d7c AO |
1562 | @c Like the mcheck hooks, these are not designed with thread safety in |
1563 | @c mind, because the hook pointers are temporarily modified without | |
1564 | @c regard to other threads, signals or cancellation. | |
1565 | ||
1566 | @c mtrace @mtuinit @mtasurace:mtrace @mtsenv @asuinit @ascuheap @asucorrupt @acuinit @acucorrupt @aculock @acsfd @acsmem | |
1567 | @c __libc_secure_getenv dup @mtsenv | |
1568 | @c malloc dup @ascuheap @acsmem | |
1569 | @c fopen dup @ascuheap @asulock @aculock @acsmem @acsfd | |
1570 | @c fcntl dup ok | |
1571 | @c setvbuf dup @aculock | |
1572 | @c fprintf dup (on newly-created stream) @aculock | |
1573 | @c __cxa_atexit (once) dup @asulock @aculock @acsmem | |
1574 | @c free dup @ascuheap @acsmem | |
2d2d9f2b SP |
1575 | The @code{mtrace} function provides a way to trace memory allocation |
1576 | events in the program that calls it. It is disabled by default in the | |
1577 | library and can be enabled by preloading the debugging library | |
fb1621a8 | 1578 | @file{libc_malloc_debug} using the @code{LD_PRELOAD} environment |
2d2d9f2b SP |
1579 | variable. |
1580 | ||
bd355af0 UD |
1581 | When the @code{mtrace} function is called it looks for an environment |
1582 | variable named @code{MALLOC_TRACE}. This variable is supposed to | |
1583 | contain a valid file name. The user must have write access. If the | |
1584 | file already exists it is truncated. If the environment variable is not | |
1585 | set or it does not name a valid file which can be opened for writing | |
0bc93a2f | 1586 | nothing is done. The behavior of @code{malloc} etc. is not changed. |
bc938d3d UD |
1587 | For obvious reasons this also happens if the application is installed |
1588 | with the SUID or SGID bit set. | |
bd355af0 | 1589 | |
e8b1163e | 1590 | If the named file is successfully opened, @code{mtrace} installs special |
bd355af0 | 1591 | handlers for the functions @code{malloc}, @code{realloc}, and |
1e5a5866 SP |
1592 | @code{free}. From then on, all uses of these functions are traced and |
1593 | protocolled into the file. There is now of course a speed penalty for all | |
1594 | calls to the traced functions so tracing should not be enabled during normal | |
1595 | use. | |
bd355af0 UD |
1596 | |
1597 | This function is a GNU extension and generally not available on other | |
1598 | systems. The prototype can be found in @file{mcheck.h}. | |
1599 | @end deftypefun | |
1600 | ||
bd355af0 | 1601 | @deftypefun void muntrace (void) |
d08a7e4c | 1602 | @standards{GNU, mcheck.h} |
1e5a5866 | 1603 | @safety{@prelim{}@mtunsafe{@mtasurace{:mtrace} @mtslocale{}}@asunsafe{@asucorrupt{} @ascuheap{}}@acunsafe{@acucorrupt{} @acsmem{} @aculock{} @acsfd{}}} |
9f529d7c AO |
1604 | |
1605 | @c muntrace @mtasurace:mtrace @mtslocale @asucorrupt @ascuheap @acucorrupt @acsmem @aculock @acsfd | |
1606 | @c fprintf (fputs) dup @mtslocale @asucorrupt @ascuheap @acsmem @aculock @acucorrupt | |
1607 | @c fclose dup @ascuheap @asulock @aculock @acsmem @acsfd | |
bd355af0 | 1608 | The @code{muntrace} function can be called after @code{mtrace} was used |
0bc93a2f | 1609 | to enable tracing the @code{malloc} calls. If no (successful) call of |
bd355af0 UD |
1610 | @code{mtrace} was made @code{muntrace} does nothing. |
1611 | ||
1612 | Otherwise it deinstalls the handlers for @code{malloc}, @code{realloc}, | |
1613 | and @code{free} and then closes the protocol file. No calls are | |
bc938d3d | 1614 | protocolled anymore and the program runs again at full speed. |
bd355af0 UD |
1615 | |
1616 | This function is a GNU extension and generally not available on other | |
1617 | systems. The prototype can be found in @file{mcheck.h}. | |
1618 | @end deftypefun | |
1619 | ||
1620 | @node Using the Memory Debugger | |
99a20616 | 1621 | @subsubsection Example program excerpts |
bd355af0 UD |
1622 | |
1623 | Even though the tracing functionality does not influence the runtime | |
0bc93a2f | 1624 | behavior of the program it is not a good idea to call @code{mtrace} in |
bc938d3d UD |
1625 | all programs. Just imagine that you debug a program using @code{mtrace} |
1626 | and all other programs used in the debugging session also trace their | |
1627 | @code{malloc} calls. The output file would be the same for all programs | |
1628 | and thus is unusable. Therefore one should call @code{mtrace} only if | |
1629 | compiled for debugging. A program could therefore start like this: | |
bd355af0 UD |
1630 | |
1631 | @example | |
1632 | #include <mcheck.h> | |
1633 | ||
1634 | int | |
1635 | main (int argc, char *argv[]) | |
1636 | @{ | |
1637 | #ifdef DEBUGGING | |
1638 | mtrace (); | |
1639 | #endif | |
1640 | @dots{} | |
1641 | @} | |
1642 | @end example | |
1643 | ||
3ef569c7 | 1644 | This is all that is needed if you want to trace the calls during the |
bd355af0 UD |
1645 | whole runtime of the program. Alternatively you can stop the tracing at |
1646 | any time with a call to @code{muntrace}. It is even possible to restart | |
bc938d3d UD |
1647 | the tracing again with a new call to @code{mtrace}. But this can cause |
1648 | unreliable results since there may be calls of the functions which are | |
1649 | not called. Please note that not only the application uses the traced | |
1650 | functions, also libraries (including the C library itself) use these | |
1651 | functions. | |
bd355af0 | 1652 | |
3ef569c7 RJ |
1653 | This last point is also why it is not a good idea to call @code{muntrace} |
1654 | before the program terminates. The libraries are informed about the | |
bd355af0 UD |
1655 | termination of the program only after the program returns from |
1656 | @code{main} or calls @code{exit} and so cannot free the memory they use | |
1657 | before this time. | |
1658 | ||
1659 | So the best thing one can do is to call @code{mtrace} as the very first | |
1660 | function in the program and never call @code{muntrace}. So the program | |
1661 | traces almost all uses of the @code{malloc} functions (except those | |
1662 | calls which are executed by constructors of the program or used | |
1663 | libraries). | |
1664 | ||
1665 | @node Tips for the Memory Debugger | |
99a20616 | 1666 | @subsubsection Some more or less clever ideas |
bd355af0 UD |
1667 | |
1668 | You know the situation. The program is prepared for debugging and in | |
1669 | all debugging sessions it runs well. But once it is started without | |
bc938d3d UD |
1670 | debugging the error shows up. A typical example is a memory leak that |
1671 | becomes visible only when we turn off the debugging. If you foresee | |
1672 | such situations you can still win. Simply use something equivalent to | |
1673 | the following little program: | |
bd355af0 UD |
1674 | |
1675 | @example | |
1676 | #include <mcheck.h> | |
1677 | #include <signal.h> | |
1678 | ||
1679 | static void | |
1680 | enable (int sig) | |
1681 | @{ | |
1682 | mtrace (); | |
1683 | signal (SIGUSR1, enable); | |
1684 | @} | |
1685 | ||
1686 | static void | |
1687 | disable (int sig) | |
1688 | @{ | |
1689 | muntrace (); | |
1690 | signal (SIGUSR2, disable); | |
1691 | @} | |
1692 | ||
1693 | int | |
1694 | main (int argc, char *argv[]) | |
1695 | @{ | |
1696 | @dots{} | |
1697 | ||
1698 | signal (SIGUSR1, enable); | |
1699 | signal (SIGUSR2, disable); | |
1700 | ||
1701 | @dots{} | |
1702 | @} | |
1703 | @end example | |
1704 | ||
9756dfe1 | 1705 | I.e., the user can start the memory debugger any time s/he wants if the |
bd355af0 UD |
1706 | program was started with @code{MALLOC_TRACE} set in the environment. |
1707 | The output will of course not show the allocations which happened before | |
1708 | the first signal but if there is a memory leak this will show up | |
1709 | nevertheless. | |
1710 | ||
1711 | @node Interpreting the traces | |
99a20616 | 1712 | @subsubsection Interpreting the traces |
bd355af0 UD |
1713 | |
1714 | If you take a look at the output it will look similar to this: | |
1715 | ||
1716 | @example | |
1717 | = Start | |
1718 | @ [0x8048209] - 0x8064cc8 | |
1719 | @ [0x8048209] - 0x8064ce0 | |
1720 | @ [0x8048209] - 0x8064cf8 | |
1721 | @ [0x80481eb] + 0x8064c48 0x14 | |
1722 | @ [0x80481eb] + 0x8064c60 0x14 | |
1723 | @ [0x80481eb] + 0x8064c78 0x14 | |
1724 | @ [0x80481eb] + 0x8064c90 0x14 | |
1725 | = End | |
1726 | @end example | |
1727 | ||
1728 | What this all means is not really important since the trace file is not | |
bc938d3d | 1729 | meant to be read by a human. Therefore no attention is given to |
1f77f049 JM |
1730 | readability. Instead there is a program which comes with @theglibc{} |
1731 | which interprets the traces and outputs a summary in an | |
bd355af0 UD |
1732 | user-friendly way. The program is called @code{mtrace} (it is in fact a |
1733 | Perl script) and it takes one or two arguments. In any case the name of | |
bc938d3d UD |
1734 | the file with the trace output must be specified. If an optional |
1735 | argument precedes the name of the trace file this must be the name of | |
1736 | the program which generated the trace. | |
bd355af0 UD |
1737 | |
1738 | @example | |
1739 | drepper$ mtrace tst-mtrace log | |
1740 | No memory leaks. | |
1741 | @end example | |
1742 | ||
1743 | In this case the program @code{tst-mtrace} was run and it produced a | |
1744 | trace file @file{log}. The message printed by @code{mtrace} shows there | |
1745 | are no problems with the code, all allocated memory was freed | |
1746 | afterwards. | |
1747 | ||
1748 | If we call @code{mtrace} on the example trace given above we would get a | |
1749 | different outout: | |
1750 | ||
1751 | @example | |
1752 | drepper$ mtrace errlog | |
1753 | - 0x08064cc8 Free 2 was never alloc'd 0x8048209 | |
1754 | - 0x08064ce0 Free 3 was never alloc'd 0x8048209 | |
1755 | - 0x08064cf8 Free 4 was never alloc'd 0x8048209 | |
1756 | ||
1757 | Memory not freed: | |
1758 | ----------------- | |
1759 | Address Size Caller | |
1760 | 0x08064c48 0x14 at 0x80481eb | |
1761 | 0x08064c60 0x14 at 0x80481eb | |
1762 | 0x08064c78 0x14 at 0x80481eb | |
1763 | 0x08064c90 0x14 at 0x80481eb | |
1764 | @end example | |
1765 | ||
1766 | We have called @code{mtrace} with only one argument and so the script | |
1767 | has no chance to find out what is meant with the addresses given in the | |
1768 | trace. We can do better: | |
1769 | ||
1770 | @example | |
bc938d3d UD |
1771 | drepper$ mtrace tst errlog |
1772 | - 0x08064cc8 Free 2 was never alloc'd /home/drepper/tst.c:39 | |
1773 | - 0x08064ce0 Free 3 was never alloc'd /home/drepper/tst.c:39 | |
1774 | - 0x08064cf8 Free 4 was never alloc'd /home/drepper/tst.c:39 | |
bd355af0 UD |
1775 | |
1776 | Memory not freed: | |
1777 | ----------------- | |
1778 | Address Size Caller | |
bc938d3d UD |
1779 | 0x08064c48 0x14 at /home/drepper/tst.c:33 |
1780 | 0x08064c60 0x14 at /home/drepper/tst.c:33 | |
1781 | 0x08064c78 0x14 at /home/drepper/tst.c:33 | |
1782 | 0x08064c90 0x14 at /home/drepper/tst.c:33 | |
bd355af0 UD |
1783 | @end example |
1784 | ||
1785 | Suddenly the output makes much more sense and the user can see | |
1786 | immediately where the function calls causing the trouble can be found. | |
1787 | ||
9756dfe1 UD |
1788 | Interpreting this output is not complicated. There are at most two |
1789 | different situations being detected. First, @code{free} was called for | |
1790 | pointers which were never returned by one of the allocation functions. | |
bc938d3d | 1791 | This is usually a very bad problem and what this looks like is shown in |
9756dfe1 UD |
1792 | the first three lines of the output. Situations like this are quite |
1793 | rare and if they appear they show up very drastically: the program | |
1794 | normally crashes. | |
1795 | ||
1796 | The other situation which is much harder to detect are memory leaks. As | |
1797 | you can see in the output the @code{mtrace} function collects all this | |
1798 | information and so can say that the program calls an allocation function | |
1799 | from line 33 in the source file @file{/home/drepper/tst-mtrace.c} four | |
1800 | times without freeing this memory before the program terminates. | |
bc938d3d | 1801 | Whether this is a real problem remains to be investigated. |
9756dfe1 | 1802 | |
44e4b889 FW |
1803 | @node Replacing malloc |
1804 | @subsection Replacing @code{malloc} | |
1805 | ||
1806 | @cindex @code{malloc} replacement | |
1807 | @cindex @code{LD_PRELOAD} and @code{malloc} | |
1808 | @cindex alternative @code{malloc} implementations | |
1809 | @cindex customizing @code{malloc} | |
1810 | @cindex interposing @code{malloc} | |
1811 | @cindex preempting @code{malloc} | |
1812 | @cindex replacing @code{malloc} | |
1813 | @Theglibc{} supports replacing the built-in @code{malloc} implementation | |
1814 | with a different allocator with the same interface. For dynamically | |
1815 | linked programs, this happens through ELF symbol interposition, either | |
1816 | using shared object dependencies or @code{LD_PRELOAD}. For static | |
1817 | linking, the @code{malloc} replacement library must be linked in before | |
1818 | linking against @code{libc.a} (explicitly or implicitly). | |
1819 | ||
1820 | @strong{Note:} Failure to provide a complete set of replacement | |
1821 | functions (that is, all the functions used by the application, | |
1822 | @theglibc{}, and other linked-in libraries) can lead to static linking | |
1823 | failures, and, at run time, to heap corruption and application crashes. | |
69fda43b PE |
1824 | Replacement functions should implement the behavior documented for |
1825 | their counterparts in @theglibc{}; for example, the replacement | |
1826 | @code{free} should also preserve @code{errno}. | |
44e4b889 FW |
1827 | |
1828 | The minimum set of functions which has to be provided by a custom | |
1829 | @code{malloc} is given in the table below. | |
1830 | ||
1831 | @table @code | |
1832 | @item malloc | |
1833 | @item free | |
1834 | @item calloc | |
1835 | @item realloc | |
1836 | @end table | |
1837 | ||
1838 | These @code{malloc}-related functions are required for @theglibc{} to | |
1839 | work.@footnote{Versions of @theglibc{} before 2.25 required that a | |
1840 | custom @code{malloc} defines @code{__libc_memalign} (with the same | |
1841 | interface as the @code{memalign} function).} | |
1842 | ||
1843 | The @code{malloc} implementation in @theglibc{} provides additional | |
1844 | functionality not used by the library itself, but which is often used by | |
1845 | other system libraries and applications. A general-purpose replacement | |
1846 | @code{malloc} implementation should provide definitions of these | |
1847 | functions, too. Their names are listed in the following table. | |
1848 | ||
1849 | @table @code | |
1850 | @item aligned_alloc | |
1851 | @item malloc_usable_size | |
1852 | @item memalign | |
1853 | @item posix_memalign | |
1854 | @item pvalloc | |
1855 | @item valloc | |
1856 | @end table | |
1857 | ||
1858 | In addition, very old applications may use the obsolete @code{cfree} | |
1859 | function. | |
1860 | ||
1861 | Further @code{malloc}-related functions such as @code{mallopt} or | |
e3960d1c | 1862 | @code{mallinfo2} will not have any effect or return incorrect statistics |
44e4b889 FW |
1863 | when a replacement @code{malloc} is in use. However, failure to replace |
1864 | these functions typically does not result in crashes or other incorrect | |
1865 | application behavior, but may result in static linking failures. | |
1866 | ||
d34ed66f SP |
1867 | There are other functions (@code{reallocarray}, @code{strdup}, etc.) in |
1868 | @theglibc{} that are not listed above but return newly allocated memory to | |
1869 | callers. Replacement of these functions is not supported and may produce | |
1870 | incorrect results. @Theglibc{} implementations of these functions call | |
1871 | the replacement allocator functions whenever available, so they will work | |
1872 | correctly with @code{malloc} replacement. | |
1873 | ||
28f540f4 | 1874 | @node Obstacks |
99a20616 | 1875 | @subsection Obstacks |
28f540f4 RM |
1876 | @cindex obstacks |
1877 | ||
1878 | An @dfn{obstack} is a pool of memory containing a stack of objects. You | |
1879 | can create any number of separate obstacks, and then allocate objects in | |
1880 | specified obstacks. Within each obstack, the last object allocated must | |
1881 | always be the first one freed, but distinct obstacks are independent of | |
1882 | each other. | |
1883 | ||
1884 | Aside from this one constraint of order of freeing, obstacks are totally | |
1885 | general: an obstack can contain any number of objects of any size. They | |
1886 | are implemented with macros, so allocation is usually very fast as long as | |
1887 | the objects are usually small. And the only space overhead per object is | |
1888 | the padding needed to start each object on a suitable boundary. | |
1889 | ||
1890 | @menu | |
1891 | * Creating Obstacks:: How to declare an obstack in your program. | |
1892 | * Preparing for Obstacks:: Preparations needed before you can | |
1893 | use obstacks. | |
1894 | * Allocation in an Obstack:: Allocating objects in an obstack. | |
1895 | * Freeing Obstack Objects:: Freeing objects in an obstack. | |
1896 | * Obstack Functions:: The obstack functions are both | |
1897 | functions and macros. | |
1898 | * Growing Objects:: Making an object bigger by stages. | |
1899 | * Extra Fast Growing:: Extra-high-efficiency (though more | |
1900 | complicated) growing objects. | |
1901 | * Status of an Obstack:: Inquiries about the status of an obstack. | |
1902 | * Obstacks Data Alignment:: Controlling alignment of objects in obstacks. | |
1903 | * Obstack Chunks:: How obstacks obtain and release chunks; | |
1904 | efficiency considerations. | |
a5113b14 | 1905 | * Summary of Obstacks:: |
28f540f4 RM |
1906 | @end menu |
1907 | ||
1908 | @node Creating Obstacks | |
99a20616 | 1909 | @subsubsection Creating Obstacks |
28f540f4 RM |
1910 | |
1911 | The utilities for manipulating obstacks are declared in the header | |
1912 | file @file{obstack.h}. | |
1913 | @pindex obstack.h | |
1914 | ||
28f540f4 | 1915 | @deftp {Data Type} {struct obstack} |
d08a7e4c | 1916 | @standards{GNU, obstack.h} |
28f540f4 RM |
1917 | An obstack is represented by a data structure of type @code{struct |
1918 | obstack}. This structure has a small fixed size; it records the status | |
1919 | of the obstack and how to find the space in which objects are allocated. | |
1920 | It does not contain any of the objects themselves. You should not try | |
1921 | to access the contents of the structure directly; use only the functions | |
1922 | described in this chapter. | |
1923 | @end deftp | |
1924 | ||
1925 | You can declare variables of type @code{struct obstack} and use them as | |
1926 | obstacks, or you can allocate obstacks dynamically like any other kind | |
1927 | of object. Dynamic allocation of obstacks allows your program to have a | |
1928 | variable number of different stacks. (You can even allocate an | |
1929 | obstack structure in another obstack, but this is rarely useful.) | |
1930 | ||
1931 | All the functions that work with obstacks require you to specify which | |
1932 | obstack to use. You do this with a pointer of type @code{struct obstack | |
1933 | *}. In the following, we often say ``an obstack'' when strictly | |
1934 | speaking the object at hand is such a pointer. | |
1935 | ||
1936 | The objects in the obstack are packed into large blocks called | |
1937 | @dfn{chunks}. The @code{struct obstack} structure points to a chain of | |
1938 | the chunks currently in use. | |
1939 | ||
1940 | The obstack library obtains a new chunk whenever you allocate an object | |
1941 | that won't fit in the previous chunk. Since the obstack library manages | |
1942 | chunks automatically, you don't need to pay much attention to them, but | |
1943 | you do need to supply a function which the obstack library should use to | |
1944 | get a chunk. Usually you supply a function which uses @code{malloc} | |
1945 | directly or indirectly. You must also supply a function to free a chunk. | |
1946 | These matters are described in the following section. | |
1947 | ||
1948 | @node Preparing for Obstacks | |
99a20616 | 1949 | @subsubsection Preparing for Using Obstacks |
28f540f4 RM |
1950 | |
1951 | Each source file in which you plan to use the obstack functions | |
1952 | must include the header file @file{obstack.h}, like this: | |
1953 | ||
1954 | @smallexample | |
1955 | #include <obstack.h> | |
1956 | @end smallexample | |
1957 | ||
1958 | @findex obstack_chunk_alloc | |
1959 | @findex obstack_chunk_free | |
1960 | Also, if the source file uses the macro @code{obstack_init}, it must | |
1961 | declare or define two functions or macros that will be called by the | |
1962 | obstack library. One, @code{obstack_chunk_alloc}, is used to allocate | |
1963 | the chunks of memory into which objects are packed. The other, | |
1964 | @code{obstack_chunk_free}, is used to return chunks when the objects in | |
1965 | them are freed. These macros should appear before any use of obstacks | |
1966 | in the source file. | |
1967 | ||
1968 | Usually these are defined to use @code{malloc} via the intermediary | |
1969 | @code{xmalloc} (@pxref{Unconstrained Allocation}). This is done with | |
1970 | the following pair of macro definitions: | |
1971 | ||
1972 | @smallexample | |
1973 | #define obstack_chunk_alloc xmalloc | |
1974 | #define obstack_chunk_free free | |
1975 | @end smallexample | |
1976 | ||
1977 | @noindent | |
99a20616 | 1978 | Though the memory you get using obstacks really comes from @code{malloc}, |
28f540f4 RM |
1979 | using obstacks is faster because @code{malloc} is called less often, for |
1980 | larger blocks of memory. @xref{Obstack Chunks}, for full details. | |
1981 | ||
1982 | At run time, before the program can use a @code{struct obstack} object | |
1983 | as an obstack, it must initialize the obstack by calling | |
1984 | @code{obstack_init}. | |
1985 | ||
28f540f4 | 1986 | @deftypefun int obstack_init (struct obstack *@var{obstack-ptr}) |
d08a7e4c | 1987 | @standards{GNU, obstack.h} |
9f529d7c AO |
1988 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acsafe{@acsmem{}}} |
1989 | @c obstack_init @mtsrace:obstack-ptr @acsmem | |
1990 | @c _obstack_begin @acsmem | |
1991 | @c chunkfun = obstack_chunk_alloc (suggested malloc) | |
1992 | @c freefun = obstack_chunk_free (suggested free) | |
1993 | @c *chunkfun @acsmem | |
1994 | @c obstack_chunk_alloc user-supplied | |
1995 | @c *obstack_alloc_failed_handler user-supplied | |
1996 | @c -> print_and_abort (default) | |
1997 | @c | |
1998 | @c print_and_abort | |
1999 | @c _ dup @ascuintl | |
2000 | @c fxprintf dup @asucorrupt @aculock @acucorrupt | |
2001 | @c exit @acucorrupt? | |
28f540f4 | 2002 | Initialize obstack @var{obstack-ptr} for allocation of objects. This |
3cb07217 UD |
2003 | function calls the obstack's @code{obstack_chunk_alloc} function. If |
2004 | allocation of memory fails, the function pointed to by | |
2005 | @code{obstack_alloc_failed_handler} is called. The @code{obstack_init} | |
2006 | function always returns 1 (Compatibility notice: Former versions of | |
2007 | obstack returned 0 if allocation failed). | |
28f540f4 RM |
2008 | @end deftypefun |
2009 | ||
2010 | Here are two examples of how to allocate the space for an obstack and | |
2011 | initialize it. First, an obstack that is a static variable: | |
2012 | ||
2013 | @smallexample | |
2014 | static struct obstack myobstack; | |
2015 | @dots{} | |
2016 | obstack_init (&myobstack); | |
2017 | @end smallexample | |
2018 | ||
2019 | @noindent | |
2020 | Second, an obstack that is itself dynamically allocated: | |
2021 | ||
2022 | @smallexample | |
2023 | struct obstack *myobstack_ptr | |
2024 | = (struct obstack *) xmalloc (sizeof (struct obstack)); | |
2025 | ||
2026 | obstack_init (myobstack_ptr); | |
2027 | @end smallexample | |
2028 | ||
3cb07217 | 2029 | @defvar obstack_alloc_failed_handler |
d08a7e4c | 2030 | @standards{GNU, obstack.h} |
3cb07217 UD |
2031 | The value of this variable is a pointer to a function that |
2032 | @code{obstack} uses when @code{obstack_chunk_alloc} fails to allocate | |
2033 | memory. The default action is to print a message and abort. | |
2034 | You should supply a function that either calls @code{exit} | |
2035 | (@pxref{Program Termination}) or @code{longjmp} (@pxref{Non-Local | |
2036 | Exits}) and doesn't return. | |
2037 | ||
2038 | @smallexample | |
2039 | void my_obstack_alloc_failed (void) | |
2040 | @dots{} | |
2041 | obstack_alloc_failed_handler = &my_obstack_alloc_failed; | |
2042 | @end smallexample | |
2043 | ||
2044 | @end defvar | |
2045 | ||
28f540f4 | 2046 | @node Allocation in an Obstack |
99a20616 | 2047 | @subsubsection Allocation in an Obstack |
28f540f4 RM |
2048 | @cindex allocation (obstacks) |
2049 | ||
2050 | The most direct way to allocate an object in an obstack is with | |
2051 | @code{obstack_alloc}, which is invoked almost like @code{malloc}. | |
2052 | ||
28f540f4 | 2053 | @deftypefun {void *} obstack_alloc (struct obstack *@var{obstack-ptr}, int @var{size}) |
d08a7e4c | 2054 | @standards{GNU, obstack.h} |
9f529d7c AO |
2055 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{} @acsmem{}}} |
2056 | @c obstack_alloc @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2057 | @c obstack_blank dup @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2058 | @c obstack_finish dup @mtsrace:obstack-ptr @acucorrupt | |
28f540f4 RM |
2059 | This allocates an uninitialized block of @var{size} bytes in an obstack |
2060 | and returns its address. Here @var{obstack-ptr} specifies which obstack | |
2061 | to allocate the block in; it is the address of the @code{struct obstack} | |
2062 | object which represents the obstack. Each obstack function or macro | |
2063 | requires you to specify an @var{obstack-ptr} as the first argument. | |
2064 | ||
2065 | This function calls the obstack's @code{obstack_chunk_alloc} function if | |
3cb07217 UD |
2066 | it needs to allocate a new chunk of memory; it calls |
2067 | @code{obstack_alloc_failed_handler} if allocation of memory by | |
2068 | @code{obstack_chunk_alloc} failed. | |
28f540f4 RM |
2069 | @end deftypefun |
2070 | ||
2071 | For example, here is a function that allocates a copy of a string @var{str} | |
2072 | in a specific obstack, which is in the variable @code{string_obstack}: | |
2073 | ||
2074 | @smallexample | |
2075 | struct obstack string_obstack; | |
2076 | ||
2077 | char * | |
2078 | copystring (char *string) | |
2079 | @{ | |
7cc27f44 UD |
2080 | size_t len = strlen (string) + 1; |
2081 | char *s = (char *) obstack_alloc (&string_obstack, len); | |
2082 | memcpy (s, string, len); | |
28f540f4 RM |
2083 | return s; |
2084 | @} | |
2085 | @end smallexample | |
2086 | ||
2087 | To allocate a block with specified contents, use the function | |
2088 | @code{obstack_copy}, declared like this: | |
2089 | ||
28f540f4 | 2090 | @deftypefun {void *} obstack_copy (struct obstack *@var{obstack-ptr}, void *@var{address}, int @var{size}) |
d08a7e4c | 2091 | @standards{GNU, obstack.h} |
9f529d7c AO |
2092 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{} @acsmem{}}} |
2093 | @c obstack_copy @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2094 | @c obstack_grow dup @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2095 | @c obstack_finish dup @mtsrace:obstack-ptr @acucorrupt | |
28f540f4 | 2096 | This allocates a block and initializes it by copying @var{size} |
3cb07217 UD |
2097 | bytes of data starting at @var{address}. It calls |
2098 | @code{obstack_alloc_failed_handler} if allocation of memory by | |
2099 | @code{obstack_chunk_alloc} failed. | |
28f540f4 RM |
2100 | @end deftypefun |
2101 | ||
28f540f4 | 2102 | @deftypefun {void *} obstack_copy0 (struct obstack *@var{obstack-ptr}, void *@var{address}, int @var{size}) |
d08a7e4c | 2103 | @standards{GNU, obstack.h} |
9f529d7c AO |
2104 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{} @acsmem{}}} |
2105 | @c obstack_copy0 @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2106 | @c obstack_grow0 dup @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2107 | @c obstack_finish dup @mtsrace:obstack-ptr @acucorrupt | |
28f540f4 RM |
2108 | Like @code{obstack_copy}, but appends an extra byte containing a null |
2109 | character. This extra byte is not counted in the argument @var{size}. | |
2110 | @end deftypefun | |
2111 | ||
2112 | The @code{obstack_copy0} function is convenient for copying a sequence | |
2113 | of characters into an obstack as a null-terminated string. Here is an | |
2114 | example of its use: | |
2115 | ||
2116 | @smallexample | |
2117 | char * | |
2118 | obstack_savestring (char *addr, int size) | |
2119 | @{ | |
2120 | return obstack_copy0 (&myobstack, addr, size); | |
2121 | @} | |
2122 | @end smallexample | |
2123 | ||
2124 | @noindent | |
2125 | Contrast this with the previous example of @code{savestring} using | |
2126 | @code{malloc} (@pxref{Basic Allocation}). | |
2127 | ||
2128 | @node Freeing Obstack Objects | |
99a20616 | 2129 | @subsubsection Freeing Objects in an Obstack |
28f540f4 RM |
2130 | @cindex freeing (obstacks) |
2131 | ||
2132 | To free an object allocated in an obstack, use the function | |
2133 | @code{obstack_free}. Since the obstack is a stack of objects, freeing | |
2134 | one object automatically frees all other objects allocated more recently | |
2135 | in the same obstack. | |
2136 | ||
28f540f4 | 2137 | @deftypefun void obstack_free (struct obstack *@var{obstack-ptr}, void *@var{object}) |
d08a7e4c | 2138 | @standards{GNU, obstack.h} |
9f529d7c AO |
2139 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{}}} |
2140 | @c obstack_free @mtsrace:obstack-ptr @acucorrupt | |
2141 | @c (obstack_free) @mtsrace:obstack-ptr @acucorrupt | |
2142 | @c *freefun dup user-supplied | |
28f540f4 RM |
2143 | If @var{object} is a null pointer, everything allocated in the obstack |
2144 | is freed. Otherwise, @var{object} must be the address of an object | |
2145 | allocated in the obstack. Then @var{object} is freed, along with | |
3ef569c7 | 2146 | everything allocated in @var{obstack-ptr} since @var{object}. |
28f540f4 RM |
2147 | @end deftypefun |
2148 | ||
2149 | Note that if @var{object} is a null pointer, the result is an | |
99a20616 | 2150 | uninitialized obstack. To free all memory in an obstack but leave it |
28f540f4 RM |
2151 | valid for further allocation, call @code{obstack_free} with the address |
2152 | of the first object allocated on the obstack: | |
2153 | ||
2154 | @smallexample | |
2155 | obstack_free (obstack_ptr, first_object_allocated_ptr); | |
2156 | @end smallexample | |
2157 | ||
2158 | Recall that the objects in an obstack are grouped into chunks. When all | |
2159 | the objects in a chunk become free, the obstack library automatically | |
2160 | frees the chunk (@pxref{Preparing for Obstacks}). Then other | |
2161 | obstacks, or non-obstack allocation, can reuse the space of the chunk. | |
2162 | ||
2163 | @node Obstack Functions | |
99a20616 | 2164 | @subsubsection Obstack Functions and Macros |
28f540f4 RM |
2165 | @cindex macros |
2166 | ||
2167 | The interfaces for using obstacks may be defined either as functions or | |
2168 | as macros, depending on the compiler. The obstack facility works with | |
f65fd747 | 2169 | all C compilers, including both @w{ISO C} and traditional C, but there are |
28f540f4 RM |
2170 | precautions you must take if you plan to use compilers other than GNU C. |
2171 | ||
f65fd747 | 2172 | If you are using an old-fashioned @w{non-ISO C} compiler, all the obstack |
28f540f4 RM |
2173 | ``functions'' are actually defined only as macros. You can call these |
2174 | macros like functions, but you cannot use them in any other way (for | |
2175 | example, you cannot take their address). | |
2176 | ||
2177 | Calling the macros requires a special precaution: namely, the first | |
2178 | operand (the obstack pointer) may not contain any side effects, because | |
2179 | it may be computed more than once. For example, if you write this: | |
2180 | ||
2181 | @smallexample | |
2182 | obstack_alloc (get_obstack (), 4); | |
2183 | @end smallexample | |
2184 | ||
2185 | @noindent | |
2186 | you will find that @code{get_obstack} may be called several times. | |
2187 | If you use @code{*obstack_list_ptr++} as the obstack pointer argument, | |
2188 | you will get very strange results since the incrementation may occur | |
2189 | several times. | |
2190 | ||
f65fd747 | 2191 | In @w{ISO C}, each function has both a macro definition and a function |
28f540f4 RM |
2192 | definition. The function definition is used if you take the address of the |
2193 | function without calling it. An ordinary call uses the macro definition by | |
2194 | default, but you can request the function definition instead by writing the | |
2195 | function name in parentheses, as shown here: | |
2196 | ||
2197 | @smallexample | |
2198 | char *x; | |
2199 | void *(*funcp) (); | |
2200 | /* @r{Use the macro}. */ | |
2201 | x = (char *) obstack_alloc (obptr, size); | |
2202 | /* @r{Call the function}. */ | |
2203 | x = (char *) (obstack_alloc) (obptr, size); | |
2204 | /* @r{Take the address of the function}. */ | |
2205 | funcp = obstack_alloc; | |
2206 | @end smallexample | |
2207 | ||
2208 | @noindent | |
f65fd747 | 2209 | This is the same situation that exists in @w{ISO C} for the standard library |
28f540f4 RM |
2210 | functions. @xref{Macro Definitions}. |
2211 | ||
2212 | @strong{Warning:} When you do use the macros, you must observe the | |
f65fd747 | 2213 | precaution of avoiding side effects in the first operand, even in @w{ISO C}. |
28f540f4 RM |
2214 | |
2215 | If you use the GNU C compiler, this precaution is not necessary, because | |
2216 | various language extensions in GNU C permit defining the macros so as to | |
2217 | compute each argument only once. | |
2218 | ||
2219 | @node Growing Objects | |
99a20616 | 2220 | @subsubsection Growing Objects |
28f540f4 RM |
2221 | @cindex growing objects (in obstacks) |
2222 | @cindex changing the size of a block (obstacks) | |
2223 | ||
99a20616 | 2224 | Because memory in obstack chunks is used sequentially, it is possible to |
28f540f4 RM |
2225 | build up an object step by step, adding one or more bytes at a time to the |
2226 | end of the object. With this technique, you do not need to know how much | |
2227 | data you will put in the object until you come to the end of it. We call | |
2228 | this the technique of @dfn{growing objects}. The special functions | |
2229 | for adding data to the growing object are described in this section. | |
2230 | ||
2231 | You don't need to do anything special when you start to grow an object. | |
2232 | Using one of the functions to add data to the object automatically | |
2233 | starts it. However, it is necessary to say explicitly when the object is | |
2234 | finished. This is done with the function @code{obstack_finish}. | |
2235 | ||
2236 | The actual address of the object thus built up is not known until the | |
2237 | object is finished. Until then, it always remains possible that you will | |
2238 | add so much data that the object must be copied into a new chunk. | |
2239 | ||
2240 | While the obstack is in use for a growing object, you cannot use it for | |
2241 | ordinary allocation of another object. If you try to do so, the space | |
2242 | already added to the growing object will become part of the other object. | |
2243 | ||
28f540f4 | 2244 | @deftypefun void obstack_blank (struct obstack *@var{obstack-ptr}, int @var{size}) |
d08a7e4c | 2245 | @standards{GNU, obstack.h} |
9f529d7c AO |
2246 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{} @acsmem{}}} |
2247 | @c obstack_blank @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2248 | @c _obstack_newchunk @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2249 | @c *chunkfun dup @acsmem | |
2250 | @c *obstack_alloc_failed_handler dup user-supplied | |
2251 | @c *freefun | |
2252 | @c obstack_blank_fast dup @mtsrace:obstack-ptr | |
28f540f4 RM |
2253 | The most basic function for adding to a growing object is |
2254 | @code{obstack_blank}, which adds space without initializing it. | |
2255 | @end deftypefun | |
2256 | ||
28f540f4 | 2257 | @deftypefun void obstack_grow (struct obstack *@var{obstack-ptr}, void *@var{data}, int @var{size}) |
d08a7e4c | 2258 | @standards{GNU, obstack.h} |
9f529d7c AO |
2259 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{} @acsmem{}}} |
2260 | @c obstack_grow @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2261 | @c _obstack_newchunk dup @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2262 | @c memcpy ok | |
28f540f4 RM |
2263 | To add a block of initialized space, use @code{obstack_grow}, which is |
2264 | the growing-object analogue of @code{obstack_copy}. It adds @var{size} | |
2265 | bytes of data to the growing object, copying the contents from | |
2266 | @var{data}. | |
2267 | @end deftypefun | |
2268 | ||
28f540f4 | 2269 | @deftypefun void obstack_grow0 (struct obstack *@var{obstack-ptr}, void *@var{data}, int @var{size}) |
d08a7e4c | 2270 | @standards{GNU, obstack.h} |
9f529d7c AO |
2271 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{} @acsmem{}}} |
2272 | @c obstack_grow0 @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2273 | @c (no sequence point between storing NUL and incrementing next_free) | |
2274 | @c (multiple changes to next_free => @acucorrupt) | |
2275 | @c _obstack_newchunk dup @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2276 | @c memcpy ok | |
28f540f4 RM |
2277 | This is the growing-object analogue of @code{obstack_copy0}. It adds |
2278 | @var{size} bytes copied from @var{data}, followed by an additional null | |
2279 | character. | |
2280 | @end deftypefun | |
2281 | ||
28f540f4 | 2282 | @deftypefun void obstack_1grow (struct obstack *@var{obstack-ptr}, char @var{c}) |
d08a7e4c | 2283 | @standards{GNU, obstack.h} |
9f529d7c AO |
2284 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{} @acsmem{}}} |
2285 | @c obstack_1grow @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2286 | @c _obstack_newchunk dup @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2287 | @c obstack_1grow_fast dup @mtsrace:obstack-ptr @acucorrupt @acsmem | |
28f540f4 RM |
2288 | To add one character at a time, use the function @code{obstack_1grow}. |
2289 | It adds a single byte containing @var{c} to the growing object. | |
2290 | @end deftypefun | |
2291 | ||
2c6fe0bd | 2292 | @deftypefun void obstack_ptr_grow (struct obstack *@var{obstack-ptr}, void *@var{data}) |
d08a7e4c | 2293 | @standards{GNU, obstack.h} |
9f529d7c AO |
2294 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{} @acsmem{}}} |
2295 | @c obstack_ptr_grow @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2296 | @c _obstack_newchunk dup @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2297 | @c obstack_ptr_grow_fast dup @mtsrace:obstack-ptr | |
2c6fe0bd UD |
2298 | Adding the value of a pointer one can use the function |
2299 | @code{obstack_ptr_grow}. It adds @code{sizeof (void *)} bytes | |
2300 | containing the value of @var{data}. | |
2301 | @end deftypefun | |
2302 | ||
2c6fe0bd | 2303 | @deftypefun void obstack_int_grow (struct obstack *@var{obstack-ptr}, int @var{data}) |
d08a7e4c | 2304 | @standards{GNU, obstack.h} |
9f529d7c AO |
2305 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{} @acsmem{}}} |
2306 | @c obstack_int_grow @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2307 | @c _obstack_newchunk dup @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2308 | @c obstack_int_grow_fast dup @mtsrace:obstack-ptr | |
2c6fe0bd UD |
2309 | A single value of type @code{int} can be added by using the |
2310 | @code{obstack_int_grow} function. It adds @code{sizeof (int)} bytes to | |
2311 | the growing object and initializes them with the value of @var{data}. | |
2312 | @end deftypefun | |
2313 | ||
28f540f4 | 2314 | @deftypefun {void *} obstack_finish (struct obstack *@var{obstack-ptr}) |
d08a7e4c | 2315 | @standards{GNU, obstack.h} |
9f529d7c AO |
2316 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{}}} |
2317 | @c obstack_finish @mtsrace:obstack-ptr @acucorrupt | |
28f540f4 RM |
2318 | When you are finished growing the object, use the function |
2319 | @code{obstack_finish} to close it off and return its final address. | |
2320 | ||
2321 | Once you have finished the object, the obstack is available for ordinary | |
2322 | allocation or for growing another object. | |
2323 | ||
2324 | This function can return a null pointer under the same conditions as | |
2325 | @code{obstack_alloc} (@pxref{Allocation in an Obstack}). | |
2326 | @end deftypefun | |
2327 | ||
2328 | When you build an object by growing it, you will probably need to know | |
2329 | afterward how long it became. You need not keep track of this as you grow | |
2330 | the object, because you can find out the length from the obstack just | |
2331 | before finishing the object with the function @code{obstack_object_size}, | |
2332 | declared as follows: | |
2333 | ||
28f540f4 | 2334 | @deftypefun int obstack_object_size (struct obstack *@var{obstack-ptr}) |
d08a7e4c | 2335 | @standards{GNU, obstack.h} |
9f529d7c | 2336 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acsafe{}} |
28f540f4 RM |
2337 | This function returns the current size of the growing object, in bytes. |
2338 | Remember to call this function @emph{before} finishing the object. | |
2339 | After it is finished, @code{obstack_object_size} will return zero. | |
2340 | @end deftypefun | |
2341 | ||
2342 | If you have started growing an object and wish to cancel it, you should | |
2343 | finish it and then free it, like this: | |
2344 | ||
2345 | @smallexample | |
2346 | obstack_free (obstack_ptr, obstack_finish (obstack_ptr)); | |
2347 | @end smallexample | |
2348 | ||
2349 | @noindent | |
2350 | This has no effect if no object was growing. | |
2351 | ||
2352 | @cindex shrinking objects | |
2353 | You can use @code{obstack_blank} with a negative size argument to make | |
2354 | the current object smaller. Just don't try to shrink it beyond zero | |
2355 | length---there's no telling what will happen if you do that. | |
2356 | ||
2357 | @node Extra Fast Growing | |
99a20616 | 2358 | @subsubsection Extra Fast Growing Objects |
28f540f4 RM |
2359 | @cindex efficiency and obstacks |
2360 | ||
2361 | The usual functions for growing objects incur overhead for checking | |
2362 | whether there is room for the new growth in the current chunk. If you | |
2363 | are frequently constructing objects in small steps of growth, this | |
2364 | overhead can be significant. | |
2365 | ||
2366 | You can reduce the overhead by using special ``fast growth'' | |
2367 | functions that grow the object without checking. In order to have a | |
2368 | robust program, you must do the checking yourself. If you do this checking | |
2369 | in the simplest way each time you are about to add data to the object, you | |
2370 | have not saved anything, because that is what the ordinary growth | |
2371 | functions do. But if you can arrange to check less often, or check | |
2372 | more efficiently, then you make the program faster. | |
2373 | ||
2374 | The function @code{obstack_room} returns the amount of room available | |
2375 | in the current chunk. It is declared as follows: | |
2376 | ||
28f540f4 | 2377 | @deftypefun int obstack_room (struct obstack *@var{obstack-ptr}) |
d08a7e4c | 2378 | @standards{GNU, obstack.h} |
9f529d7c | 2379 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acsafe{}} |
28f540f4 RM |
2380 | This returns the number of bytes that can be added safely to the current |
2381 | growing object (or to an object about to be started) in obstack | |
3ef569c7 | 2382 | @var{obstack-ptr} using the fast growth functions. |
28f540f4 RM |
2383 | @end deftypefun |
2384 | ||
2385 | While you know there is room, you can use these fast growth functions | |
2386 | for adding data to a growing object: | |
2387 | ||
28f540f4 | 2388 | @deftypefun void obstack_1grow_fast (struct obstack *@var{obstack-ptr}, char @var{c}) |
d08a7e4c | 2389 | @standards{GNU, obstack.h} |
9f529d7c AO |
2390 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acunsafe{@acucorrupt{} @acsmem{}}} |
2391 | @c obstack_1grow_fast @mtsrace:obstack-ptr @acucorrupt @acsmem | |
2392 | @c (no sequence point between copying c and incrementing next_free) | |
28f540f4 RM |
2393 | The function @code{obstack_1grow_fast} adds one byte containing the |
2394 | character @var{c} to the growing object in obstack @var{obstack-ptr}. | |
2395 | @end deftypefun | |
2396 | ||
2c6fe0bd | 2397 | @deftypefun void obstack_ptr_grow_fast (struct obstack *@var{obstack-ptr}, void *@var{data}) |
d08a7e4c | 2398 | @standards{GNU, obstack.h} |
9f529d7c AO |
2399 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acsafe{}} |
2400 | @c obstack_ptr_grow_fast @mtsrace:obstack-ptr | |
2c6fe0bd UD |
2401 | The function @code{obstack_ptr_grow_fast} adds @code{sizeof (void *)} |
2402 | bytes containing the value of @var{data} to the growing object in | |
2403 | obstack @var{obstack-ptr}. | |
2404 | @end deftypefun | |
2405 | ||
2c6fe0bd | 2406 | @deftypefun void obstack_int_grow_fast (struct obstack *@var{obstack-ptr}, int @var{data}) |
d08a7e4c | 2407 | @standards{GNU, obstack.h} |
9f529d7c AO |
2408 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acsafe{}} |
2409 | @c obstack_int_grow_fast @mtsrace:obstack-ptr | |
2c6fe0bd UD |
2410 | The function @code{obstack_int_grow_fast} adds @code{sizeof (int)} bytes |
2411 | containing the value of @var{data} to the growing object in obstack | |
2412 | @var{obstack-ptr}. | |
2413 | @end deftypefun | |
2414 | ||
28f540f4 | 2415 | @deftypefun void obstack_blank_fast (struct obstack *@var{obstack-ptr}, int @var{size}) |
d08a7e4c | 2416 | @standards{GNU, obstack.h} |
9f529d7c AO |
2417 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acsafe{}} |
2418 | @c obstack_blank_fast @mtsrace:obstack-ptr | |
28f540f4 RM |
2419 | The function @code{obstack_blank_fast} adds @var{size} bytes to the |
2420 | growing object in obstack @var{obstack-ptr} without initializing them. | |
2421 | @end deftypefun | |
2422 | ||
2423 | When you check for space using @code{obstack_room} and there is not | |
2424 | enough room for what you want to add, the fast growth functions | |
2425 | are not safe. In this case, simply use the corresponding ordinary | |
2426 | growth function instead. Very soon this will copy the object to a | |
a5113b14 | 2427 | new chunk; then there will be lots of room available again. |
28f540f4 RM |
2428 | |
2429 | So, each time you use an ordinary growth function, check afterward for | |
2430 | sufficient space using @code{obstack_room}. Once the object is copied | |
2431 | to a new chunk, there will be plenty of space again, so the program will | |
2432 | start using the fast growth functions again. | |
2433 | ||
2434 | Here is an example: | |
2435 | ||
2436 | @smallexample | |
2437 | @group | |
2438 | void | |
2439 | add_string (struct obstack *obstack, const char *ptr, int len) | |
2440 | @{ | |
2441 | while (len > 0) | |
2442 | @{ | |
2443 | int room = obstack_room (obstack); | |
2444 | if (room == 0) | |
2445 | @{ | |
cf822e3c | 2446 | /* @r{Not enough room. Add one character slowly,} |
28f540f4 RM |
2447 | @r{which may copy to a new chunk and make room.} */ |
2448 | obstack_1grow (obstack, *ptr++); | |
2449 | len--; | |
2450 | @} | |
a5113b14 | 2451 | else |
28f540f4 RM |
2452 | @{ |
2453 | if (room > len) | |
2454 | room = len; | |
2455 | /* @r{Add fast as much as we have room for.} */ | |
2456 | len -= room; | |
2457 | while (room-- > 0) | |
2458 | obstack_1grow_fast (obstack, *ptr++); | |
2459 | @} | |
2460 | @} | |
2461 | @} | |
2462 | @end group | |
2463 | @end smallexample | |
2464 | ||
2465 | @node Status of an Obstack | |
99a20616 | 2466 | @subsubsection Status of an Obstack |
28f540f4 RM |
2467 | @cindex obstack status |
2468 | @cindex status of obstack | |
2469 | ||
2470 | Here are functions that provide information on the current status of | |
2471 | allocation in an obstack. You can use them to learn about an object while | |
2472 | still growing it. | |
2473 | ||
28f540f4 | 2474 | @deftypefun {void *} obstack_base (struct obstack *@var{obstack-ptr}) |
d08a7e4c | 2475 | @standards{GNU, obstack.h} |
9f529d7c | 2476 | @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{}}@acsafe{}} |
28f540f4 RM |
2477 | This function returns the tentative address of the beginning of the |
2478 | currently growing object in @var{obstack-ptr}. If you finish the object | |
2479 | immediately, it will have that address. If you make it larger first, it | |
2480 | may outgrow the current chunk---then its address will change! | |
2481 | ||
2482 | If no object is growing, this value says where the next object you | |
2483 | allocate will start (once again assuming it fits in the current | |
2484 | chunk). | |
2485 | @end deftypefun | |
2486 | ||
28f540f4 | 2487 | @deftypefun {void *} obstack_next_free (struct obstack *@var{obstack-ptr}) |
d08a7e4c | 2488 | @standards{GNU, obstack.h} |
9f529d7c | 2489 | @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{}}@acsafe{}} |
28f540f4 RM |
2490 | This function returns the address of the first free byte in the current |
2491 | chunk of obstack @var{obstack-ptr}. This is the end of the currently | |
2492 | growing object. If no object is growing, @code{obstack_next_free} | |
2493 | returns the same value as @code{obstack_base}. | |
2494 | @end deftypefun | |
2495 | ||
28f540f4 | 2496 | @deftypefun int obstack_object_size (struct obstack *@var{obstack-ptr}) |
d08a7e4c | 2497 | @standards{GNU, obstack.h} |
9f529d7c AO |
2498 | @c dup |
2499 | @safety{@prelim{}@mtsafe{@mtsrace{:obstack-ptr}}@assafe{}@acsafe{}} | |
28f540f4 RM |
2500 | This function returns the size in bytes of the currently growing object. |
2501 | This is equivalent to | |
2502 | ||
2503 | @smallexample | |
2504 | obstack_next_free (@var{obstack-ptr}) - obstack_base (@var{obstack-ptr}) | |
2505 | @end smallexample | |
2506 | @end deftypefun | |
2507 | ||
2508 | @node Obstacks Data Alignment | |
99a20616 | 2509 | @subsubsection Alignment of Data in Obstacks |
28f540f4 RM |
2510 | @cindex alignment (in obstacks) |
2511 | ||
2512 | Each obstack has an @dfn{alignment boundary}; each object allocated in | |
2513 | the obstack automatically starts on an address that is a multiple of the | |
11883883 RM |
2514 | specified boundary. By default, this boundary is aligned so that |
2515 | the object can hold any type of data. | |
28f540f4 RM |
2516 | |
2517 | To access an obstack's alignment boundary, use the macro | |
2518 | @code{obstack_alignment_mask}, whose function prototype looks like | |
2519 | this: | |
2520 | ||
28f540f4 | 2521 | @deftypefn Macro int obstack_alignment_mask (struct obstack *@var{obstack-ptr}) |
d08a7e4c | 2522 | @standards{GNU, obstack.h} |
9f529d7c | 2523 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} |
28f540f4 RM |
2524 | The value is a bit mask; a bit that is 1 indicates that the corresponding |
2525 | bit in the address of an object should be 0. The mask value should be one | |
2526 | less than a power of 2; the effect is that all object addresses are | |
11883883 RM |
2527 | multiples of that power of 2. The default value of the mask is a value |
2528 | that allows aligned objects to hold any type of data: for example, if | |
2529 | its value is 3, any type of data can be stored at locations whose | |
28f540f4 RM |
2530 | addresses are multiples of 4. A mask value of 0 means an object can start |
2531 | on any multiple of 1 (that is, no alignment is required). | |
2532 | ||
2533 | The expansion of the macro @code{obstack_alignment_mask} is an lvalue, | |
2534 | so you can alter the mask by assignment. For example, this statement: | |
2535 | ||
2536 | @smallexample | |
2537 | obstack_alignment_mask (obstack_ptr) = 0; | |
2538 | @end smallexample | |
2539 | ||
2540 | @noindent | |
2541 | has the effect of turning off alignment processing in the specified obstack. | |
2542 | @end deftypefn | |
2543 | ||
2544 | Note that a change in alignment mask does not take effect until | |
2545 | @emph{after} the next time an object is allocated or finished in the | |
2546 | obstack. If you are not growing an object, you can make the new | |
2547 | alignment mask take effect immediately by calling @code{obstack_finish}. | |
2548 | This will finish a zero-length object and then do proper alignment for | |
2549 | the next object. | |
2550 | ||
2551 | @node Obstack Chunks | |
99a20616 | 2552 | @subsubsection Obstack Chunks |
28f540f4 RM |
2553 | @cindex efficiency of chunks |
2554 | @cindex chunks | |
2555 | ||
2556 | Obstacks work by allocating space for themselves in large chunks, and | |
2557 | then parceling out space in the chunks to satisfy your requests. Chunks | |
2558 | are normally 4096 bytes long unless you specify a different chunk size. | |
2559 | The chunk size includes 8 bytes of overhead that are not actually used | |
2560 | for storing objects. Regardless of the specified size, longer chunks | |
2561 | will be allocated when necessary for long objects. | |
2562 | ||
2563 | The obstack library allocates chunks by calling the function | |
2564 | @code{obstack_chunk_alloc}, which you must define. When a chunk is no | |
2565 | longer needed because you have freed all the objects in it, the obstack | |
2566 | library frees the chunk by calling @code{obstack_chunk_free}, which you | |
2567 | must also define. | |
2568 | ||
2569 | These two must be defined (as macros) or declared (as functions) in each | |
2570 | source file that uses @code{obstack_init} (@pxref{Creating Obstacks}). | |
2571 | Most often they are defined as macros like this: | |
2572 | ||
2573 | @smallexample | |
bd355af0 | 2574 | #define obstack_chunk_alloc malloc |
28f540f4 RM |
2575 | #define obstack_chunk_free free |
2576 | @end smallexample | |
2577 | ||
2578 | Note that these are simple macros (no arguments). Macro definitions with | |
2579 | arguments will not work! It is necessary that @code{obstack_chunk_alloc} | |
2580 | or @code{obstack_chunk_free}, alone, expand into a function name if it is | |
2581 | not itself a function name. | |
2582 | ||
2583 | If you allocate chunks with @code{malloc}, the chunk size should be a | |
2584 | power of 2. The default chunk size, 4096, was chosen because it is long | |
2585 | enough to satisfy many typical requests on the obstack yet short enough | |
2586 | not to waste too much memory in the portion of the last chunk not yet used. | |
2587 | ||
28f540f4 | 2588 | @deftypefn Macro int obstack_chunk_size (struct obstack *@var{obstack-ptr}) |
d08a7e4c | 2589 | @standards{GNU, obstack.h} |
9f529d7c | 2590 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} |
28f540f4 RM |
2591 | This returns the chunk size of the given obstack. |
2592 | @end deftypefn | |
2593 | ||
2594 | Since this macro expands to an lvalue, you can specify a new chunk size by | |
2595 | assigning it a new value. Doing so does not affect the chunks already | |
2596 | allocated, but will change the size of chunks allocated for that particular | |
2597 | obstack in the future. It is unlikely to be useful to make the chunk size | |
2598 | smaller, but making it larger might improve efficiency if you are | |
2599 | allocating many objects whose size is comparable to the chunk size. Here | |
2600 | is how to do so cleanly: | |
2601 | ||
2602 | @smallexample | |
2603 | if (obstack_chunk_size (obstack_ptr) < @var{new-chunk-size}) | |
2604 | obstack_chunk_size (obstack_ptr) = @var{new-chunk-size}; | |
2605 | @end smallexample | |
2606 | ||
2607 | @node Summary of Obstacks | |
99a20616 | 2608 | @subsubsection Summary of Obstack Functions |
28f540f4 RM |
2609 | |
2610 | Here is a summary of all the functions associated with obstacks. Each | |
2611 | takes the address of an obstack (@code{struct obstack *}) as its first | |
2612 | argument. | |
2613 | ||
2614 | @table @code | |
2615 | @item void obstack_init (struct obstack *@var{obstack-ptr}) | |
2616 | Initialize use of an obstack. @xref{Creating Obstacks}. | |
2617 | ||
2618 | @item void *obstack_alloc (struct obstack *@var{obstack-ptr}, int @var{size}) | |
2619 | Allocate an object of @var{size} uninitialized bytes. | |
2620 | @xref{Allocation in an Obstack}. | |
2621 | ||
2622 | @item void *obstack_copy (struct obstack *@var{obstack-ptr}, void *@var{address}, int @var{size}) | |
2623 | Allocate an object of @var{size} bytes, with contents copied from | |
2624 | @var{address}. @xref{Allocation in an Obstack}. | |
2625 | ||
2626 | @item void *obstack_copy0 (struct obstack *@var{obstack-ptr}, void *@var{address}, int @var{size}) | |
2627 | Allocate an object of @var{size}+1 bytes, with @var{size} of them copied | |
2628 | from @var{address}, followed by a null character at the end. | |
2629 | @xref{Allocation in an Obstack}. | |
2630 | ||
2631 | @item void obstack_free (struct obstack *@var{obstack-ptr}, void *@var{object}) | |
2632 | Free @var{object} (and everything allocated in the specified obstack | |
2633 | more recently than @var{object}). @xref{Freeing Obstack Objects}. | |
2634 | ||
2635 | @item void obstack_blank (struct obstack *@var{obstack-ptr}, int @var{size}) | |
2636 | Add @var{size} uninitialized bytes to a growing object. | |
2637 | @xref{Growing Objects}. | |
2638 | ||
2639 | @item void obstack_grow (struct obstack *@var{obstack-ptr}, void *@var{address}, int @var{size}) | |
2640 | Add @var{size} bytes, copied from @var{address}, to a growing object. | |
2641 | @xref{Growing Objects}. | |
2642 | ||
2643 | @item void obstack_grow0 (struct obstack *@var{obstack-ptr}, void *@var{address}, int @var{size}) | |
2644 | Add @var{size} bytes, copied from @var{address}, to a growing object, | |
2645 | and then add another byte containing a null character. @xref{Growing | |
2646 | Objects}. | |
2647 | ||
2648 | @item void obstack_1grow (struct obstack *@var{obstack-ptr}, char @var{data-char}) | |
2649 | Add one byte containing @var{data-char} to a growing object. | |
2650 | @xref{Growing Objects}. | |
2651 | ||
2652 | @item void *obstack_finish (struct obstack *@var{obstack-ptr}) | |
2653 | Finalize the object that is growing and return its permanent address. | |
2654 | @xref{Growing Objects}. | |
2655 | ||
2656 | @item int obstack_object_size (struct obstack *@var{obstack-ptr}) | |
2657 | Get the current size of the currently growing object. @xref{Growing | |
2658 | Objects}. | |
2659 | ||
2660 | @item void obstack_blank_fast (struct obstack *@var{obstack-ptr}, int @var{size}) | |
2661 | Add @var{size} uninitialized bytes to a growing object without checking | |
2662 | that there is enough room. @xref{Extra Fast Growing}. | |
2663 | ||
2664 | @item void obstack_1grow_fast (struct obstack *@var{obstack-ptr}, char @var{data-char}) | |
2665 | Add one byte containing @var{data-char} to a growing object without | |
2666 | checking that there is enough room. @xref{Extra Fast Growing}. | |
2667 | ||
2668 | @item int obstack_room (struct obstack *@var{obstack-ptr}) | |
2669 | Get the amount of room now available for growing the current object. | |
2670 | @xref{Extra Fast Growing}. | |
2671 | ||
2672 | @item int obstack_alignment_mask (struct obstack *@var{obstack-ptr}) | |
2673 | The mask used for aligning the beginning of an object. This is an | |
2674 | lvalue. @xref{Obstacks Data Alignment}. | |
2675 | ||
2676 | @item int obstack_chunk_size (struct obstack *@var{obstack-ptr}) | |
2677 | The size for allocating chunks. This is an lvalue. @xref{Obstack Chunks}. | |
2678 | ||
2679 | @item void *obstack_base (struct obstack *@var{obstack-ptr}) | |
2680 | Tentative starting address of the currently growing object. | |
2681 | @xref{Status of an Obstack}. | |
2682 | ||
2683 | @item void *obstack_next_free (struct obstack *@var{obstack-ptr}) | |
2684 | Address just after the end of the currently growing object. | |
2685 | @xref{Status of an Obstack}. | |
2686 | @end table | |
2687 | ||
2688 | @node Variable Size Automatic | |
99a20616 | 2689 | @subsection Automatic Storage with Variable Size |
28f540f4 RM |
2690 | @cindex automatic freeing |
2691 | @cindex @code{alloca} function | |
2692 | @cindex automatic storage with variable size | |
2693 | ||
2694 | The function @code{alloca} supports a kind of half-dynamic allocation in | |
2695 | which blocks are allocated dynamically but freed automatically. | |
2696 | ||
2697 | Allocating a block with @code{alloca} is an explicit action; you can | |
2698 | allocate as many blocks as you wish, and compute the size at run time. But | |
2699 | all the blocks are freed when you exit the function that @code{alloca} was | |
2700 | called from, just as if they were automatic variables declared in that | |
2701 | function. There is no way to free the space explicitly. | |
2702 | ||
2703 | The prototype for @code{alloca} is in @file{stdlib.h}. This function is | |
2704 | a BSD extension. | |
2705 | @pindex stdlib.h | |
2706 | ||
cc6e48bc | 2707 | @deftypefun {void *} alloca (size_t @var{size}) |
d08a7e4c RJ |
2708 | @standards{GNU, stdlib.h} |
2709 | @standards{BSD, stdlib.h} | |
9f529d7c | 2710 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} |
28f540f4 | 2711 | The return value of @code{alloca} is the address of a block of @var{size} |
99a20616 | 2712 | bytes of memory, allocated in the stack frame of the calling function. |
28f540f4 RM |
2713 | @end deftypefun |
2714 | ||
2715 | Do not use @code{alloca} inside the arguments of a function call---you | |
2716 | will get unpredictable results, because the stack space for the | |
2717 | @code{alloca} would appear on the stack in the middle of the space for | |
2718 | the function arguments. An example of what to avoid is @code{foo (x, | |
2719 | alloca (4), y)}. | |
2720 | @c This might get fixed in future versions of GCC, but that won't make | |
2721 | @c it safe with compilers generally. | |
2722 | ||
2723 | @menu | |
2724 | * Alloca Example:: Example of using @code{alloca}. | |
2725 | * Advantages of Alloca:: Reasons to use @code{alloca}. | |
2726 | * Disadvantages of Alloca:: Reasons to avoid @code{alloca}. | |
2727 | * GNU C Variable-Size Arrays:: Only in GNU C, here is an alternative | |
2728 | method of allocating dynamically and | |
2729 | freeing automatically. | |
2730 | @end menu | |
2731 | ||
2732 | @node Alloca Example | |
99a20616 | 2733 | @subsubsection @code{alloca} Example |
28f540f4 | 2734 | |
bc938d3d UD |
2735 | As an example of the use of @code{alloca}, here is a function that opens |
2736 | a file name made from concatenating two argument strings, and returns a | |
2737 | file descriptor or minus one signifying failure: | |
28f540f4 RM |
2738 | |
2739 | @smallexample | |
2740 | int | |
2741 | open2 (char *str1, char *str2, int flags, int mode) | |
2742 | @{ | |
2743 | char *name = (char *) alloca (strlen (str1) + strlen (str2) + 1); | |
a5113b14 | 2744 | stpcpy (stpcpy (name, str1), str2); |
28f540f4 RM |
2745 | return open (name, flags, mode); |
2746 | @} | |
2747 | @end smallexample | |
2748 | ||
2749 | @noindent | |
2750 | Here is how you would get the same results with @code{malloc} and | |
2751 | @code{free}: | |
2752 | ||
2753 | @smallexample | |
2754 | int | |
2755 | open2 (char *str1, char *str2, int flags, int mode) | |
2756 | @{ | |
bdc674d9 | 2757 | char *name = malloc (strlen (str1) + strlen (str2) + 1); |
28f540f4 RM |
2758 | int desc; |
2759 | if (name == 0) | |
2760 | fatal ("virtual memory exceeded"); | |
a5113b14 | 2761 | stpcpy (stpcpy (name, str1), str2); |
28f540f4 RM |
2762 | desc = open (name, flags, mode); |
2763 | free (name); | |
2764 | return desc; | |
2765 | @} | |
2766 | @end smallexample | |
2767 | ||
2768 | As you can see, it is simpler with @code{alloca}. But @code{alloca} has | |
2769 | other, more important advantages, and some disadvantages. | |
2770 | ||
2771 | @node Advantages of Alloca | |
99a20616 | 2772 | @subsubsection Advantages of @code{alloca} |
28f540f4 RM |
2773 | |
2774 | Here are the reasons why @code{alloca} may be preferable to @code{malloc}: | |
2775 | ||
2776 | @itemize @bullet | |
2777 | @item | |
2778 | Using @code{alloca} wastes very little space and is very fast. (It is | |
2779 | open-coded by the GNU C compiler.) | |
2780 | ||
2781 | @item | |
2782 | Since @code{alloca} does not have separate pools for different sizes of | |
3ef569c7 | 2783 | blocks, space used for any size block can be reused for any other size. |
99a20616 | 2784 | @code{alloca} does not cause memory fragmentation. |
28f540f4 RM |
2785 | |
2786 | @item | |
2787 | @cindex longjmp | |
2788 | Nonlocal exits done with @code{longjmp} (@pxref{Non-Local Exits}) | |
2789 | automatically free the space allocated with @code{alloca} when they exit | |
2790 | through the function that called @code{alloca}. This is the most | |
2791 | important reason to use @code{alloca}. | |
2792 | ||
2793 | To illustrate this, suppose you have a function | |
2794 | @code{open_or_report_error} which returns a descriptor, like | |
2795 | @code{open}, if it succeeds, but does not return to its caller if it | |
2796 | fails. If the file cannot be opened, it prints an error message and | |
2797 | jumps out to the command level of your program using @code{longjmp}. | |
2798 | Let's change @code{open2} (@pxref{Alloca Example}) to use this | |
0005e54f | 2799 | subroutine: |
28f540f4 RM |
2800 | |
2801 | @smallexample | |
2802 | int | |
2803 | open2 (char *str1, char *str2, int flags, int mode) | |
2804 | @{ | |
2805 | char *name = (char *) alloca (strlen (str1) + strlen (str2) + 1); | |
a5113b14 | 2806 | stpcpy (stpcpy (name, str1), str2); |
28f540f4 RM |
2807 | return open_or_report_error (name, flags, mode); |
2808 | @} | |
2809 | @end smallexample | |
2810 | ||
2811 | @noindent | |
99a20616 | 2812 | Because of the way @code{alloca} works, the memory it allocates is |
28f540f4 RM |
2813 | freed even when an error occurs, with no special effort required. |
2814 | ||
2815 | By contrast, the previous definition of @code{open2} (which uses | |
99a20616 | 2816 | @code{malloc} and @code{free}) would develop a memory leak if it were |
28f540f4 RM |
2817 | changed in this way. Even if you are willing to make more changes to |
2818 | fix it, there is no easy way to do so. | |
2819 | @end itemize | |
2820 | ||
2821 | @node Disadvantages of Alloca | |
99a20616 | 2822 | @subsubsection Disadvantages of @code{alloca} |
28f540f4 RM |
2823 | |
2824 | @cindex @code{alloca} disadvantages | |
2825 | @cindex disadvantages of @code{alloca} | |
2826 | These are the disadvantages of @code{alloca} in comparison with | |
2827 | @code{malloc}: | |
2828 | ||
2829 | @itemize @bullet | |
2830 | @item | |
99a20616 | 2831 | If you try to allocate more memory than the machine can provide, you |
28f540f4 RM |
2832 | don't get a clean error message. Instead you get a fatal signal like |
2833 | the one you would get from an infinite recursion; probably a | |
2834 | segmentation violation (@pxref{Program Error Signals}). | |
2835 | ||
2836 | @item | |
a7a93d50 | 2837 | Some @nongnusystems{} fail to support @code{alloca}, so it is less |
28f540f4 RM |
2838 | portable. However, a slower emulation of @code{alloca} written in C |
2839 | is available for use on systems with this deficiency. | |
2840 | @end itemize | |
2841 | ||
2842 | @node GNU C Variable-Size Arrays | |
99a20616 | 2843 | @subsubsection GNU C Variable-Size Arrays |
28f540f4 RM |
2844 | @cindex variable-sized arrays |
2845 | ||
2846 | In GNU C, you can replace most uses of @code{alloca} with an array of | |
2847 | variable size. Here is how @code{open2} would look then: | |
2848 | ||
2849 | @smallexample | |
2850 | int open2 (char *str1, char *str2, int flags, int mode) | |
2851 | @{ | |
2852 | char name[strlen (str1) + strlen (str2) + 1]; | |
a5113b14 | 2853 | stpcpy (stpcpy (name, str1), str2); |
28f540f4 RM |
2854 | return open (name, flags, mode); |
2855 | @} | |
2856 | @end smallexample | |
2857 | ||
2858 | But @code{alloca} is not always equivalent to a variable-sized array, for | |
2859 | several reasons: | |
2860 | ||
2861 | @itemize @bullet | |
2862 | @item | |
2863 | A variable size array's space is freed at the end of the scope of the | |
2864 | name of the array. The space allocated with @code{alloca} | |
2865 | remains until the end of the function. | |
2866 | ||
2867 | @item | |
2868 | It is possible to use @code{alloca} within a loop, allocating an | |
2869 | additional block on each iteration. This is impossible with | |
2870 | variable-sized arrays. | |
2871 | @end itemize | |
2872 | ||
48b22986 | 2873 | @strong{NB:} If you mix use of @code{alloca} and variable-sized arrays |
28f540f4 RM |
2874 | within one function, exiting a scope in which a variable-sized array was |
2875 | declared frees all blocks allocated with @code{alloca} during the | |
2876 | execution of that scope. | |
2877 | ||
99a20616 UD |
2878 | |
2879 | @node Resizing the Data Segment | |
2880 | @section Resizing the Data Segment | |
2881 | ||
2882 | The symbols in this section are declared in @file{unistd.h}. | |
2883 | ||
2884 | You will not normally use the functions in this section, because the | |
2885 | functions described in @ref{Memory Allocation} are easier to use. Those | |
1f77f049 | 2886 | are interfaces to a @glibcadj{} memory allocator that uses the |
99a20616 UD |
2887 | functions below itself. The functions below are simple interfaces to |
2888 | system calls. | |
2889 | ||
99a20616 | 2890 | @deftypefun int brk (void *@var{addr}) |
d08a7e4c | 2891 | @standards{BSD, unistd.h} |
9f529d7c | 2892 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} |
99a20616 UD |
2893 | |
2894 | @code{brk} sets the high end of the calling process' data segment to | |
2895 | @var{addr}. | |
2896 | ||
2897 | The address of the end of a segment is defined to be the address of the | |
2898 | last byte in the segment plus 1. | |
2899 | ||
2900 | The function has no effect if @var{addr} is lower than the low end of | |
3ef569c7 | 2901 | the data segment. (This is considered success, by the way.) |
99a20616 UD |
2902 | |
2903 | The function fails if it would cause the data segment to overlap another | |
68979757 | 2904 | segment or exceed the process' data storage limit (@pxref{Limits on |
99a20616 UD |
2905 | Resources}). |
2906 | ||
2907 | The function is named for a common historical case where data storage | |
2908 | and the stack are in the same segment. Data storage allocation grows | |
2909 | upward from the bottom of the segment while the stack grows downward | |
2910 | toward it from the top of the segment and the curtain between them is | |
2911 | called the @dfn{break}. | |
2912 | ||
2913 | The return value is zero on success. On failure, the return value is | |
68979757 | 2914 | @code{-1} and @code{errno} is set accordingly. The following @code{errno} |
99a20616 UD |
2915 | values are specific to this function: |
2916 | ||
2917 | @table @code | |
2918 | @item ENOMEM | |
2919 | The request would cause the data segment to overlap another segment or | |
2920 | exceed the process' data storage limit. | |
2921 | @end table | |
2922 | ||
2923 | @c The Brk system call in Linux (as opposed to the GNU C Library function) | |
2924 | @c is considerably different. It always returns the new end of the data | |
2925 | @c segment, whether it succeeds or fails. The GNU C library Brk determines | |
bbf70ae9 | 2926 | @c it's a failure if and only if the system call returns an address less |
99a20616 UD |
2927 | @c than the address requested. |
2928 | ||
2929 | @end deftypefun | |
2930 | ||
2931 | ||
d6868416 | 2932 | @deftypefun void *sbrk (ptrdiff_t @var{delta}) |
d08a7e4c | 2933 | @standards{BSD, unistd.h} |
9f529d7c AO |
2934 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} |
2935 | ||
99a20616 UD |
2936 | This function is the same as @code{brk} except that you specify the new |
2937 | end of the data segment as an offset @var{delta} from the current end | |
2938 | and on success the return value is the address of the resulting end of | |
2939 | the data segment instead of zero. | |
2940 | ||
2941 | This means you can use @samp{sbrk(0)} to find out what the current end | |
2942 | of the data segment is. | |
2943 | ||
2944 | @end deftypefun | |
2945 | ||
0f74bbf5 FW |
2946 | @node Memory Protection |
2947 | @section Memory Protection | |
2948 | @cindex memory protection | |
2949 | @cindex page protection | |
2950 | @cindex protection flags | |
99a20616 | 2951 | |
0f74bbf5 FW |
2952 | When a page is mapped using @code{mmap}, page protection flags can be |
2953 | specified using the protection flags argument. @xref{Memory-mapped | |
2954 | I/O}. | |
2955 | ||
2956 | The following flags are available: | |
2957 | ||
2958 | @vtable @code | |
2959 | @item PROT_WRITE | |
2960 | @standards{POSIX, sys/mman.h} | |
2961 | The memory can be written to. | |
2962 | ||
2963 | @item PROT_READ | |
2964 | @standards{POSIX, sys/mman.h} | |
2965 | The memory can be read. On some architectures, this flag implies that | |
2966 | the memory can be executed as well (as if @code{PROT_EXEC} had been | |
2967 | specified at the same time). | |
2968 | ||
2969 | @item PROT_EXEC | |
2970 | @standards{POSIX, sys/mman.h} | |
2971 | The memory can be used to store instructions which can then be executed. | |
2972 | On most architectures, this flag implies that the memory can be read (as | |
2973 | if @code{PROT_READ} had been specified). | |
2974 | ||
2975 | @item PROT_NONE | |
2976 | @standards{POSIX, sys/mman.h} | |
2977 | This flag must be specified on its own. | |
2978 | ||
2979 | The memory is reserved, but cannot be read, written, or executed. If | |
2980 | this flag is specified in a call to @code{mmap}, a virtual memory area | |
2981 | will be set aside for future use in the process, and @code{mmap} calls | |
2982 | without the @code{MAP_FIXED} flag will not use it for subsequent | |
2983 | allocations. For anonymous mappings, the kernel will not reserve any | |
2984 | physical memory for the allocation at the time the mapping is created. | |
2985 | @end vtable | |
2986 | ||
2987 | The operating system may keep track of these flags separately even if | |
2988 | the underlying hardware treats them the same for the purposes of access | |
2989 | checking (as happens with @code{PROT_READ} and @code{PROT_EXEC} on some | |
2990 | platforms). On GNU systems, @code{PROT_EXEC} always implies | |
2991 | @code{PROT_READ}, so that users can view the machine code which is | |
2992 | executing on their system. | |
2993 | ||
2994 | Inappropriate access will cause a segfault (@pxref{Program Error | |
2995 | Signals}). | |
2996 | ||
2997 | After allocation, protection flags can be changed using the | |
2998 | @code{mprotect} function. | |
2999 | ||
3000 | @deftypefun int mprotect (void *@var{address}, size_t @var{length}, int @var{protection}) | |
3001 | @standards{POSIX, sys/mman.h} | |
3002 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} | |
3003 | ||
3004 | A successful call to the @code{mprotect} function changes the protection | |
3005 | flags of at least @var{length} bytes of memory, starting at | |
3006 | @var{address}. | |
3007 | ||
3008 | @var{address} must be aligned to the page size for the mapping. The | |
3009 | system page size can be obtained by calling @code{sysconf} with the | |
3010 | @code{_SC_PAGESIZE} parameter (@pxref{Sysconf Definition}). The system | |
3011 | page size is the granularity in which the page protection of anonymous | |
3012 | memory mappings and most file mappings can be changed. Memory which is | |
3013 | mapped from special files or devices may have larger page granularity | |
3014 | than the system page size and may require larger alignment. | |
3015 | ||
3016 | @var{length} is the number of bytes whose protection flags must be | |
3017 | changed. It is automatically rounded up to the next multiple of the | |
3018 | system page size. | |
3019 | ||
3020 | @var{protection} is a combination of the @code{PROT_*} flags described | |
3021 | above. | |
3022 | ||
3023 | The @code{mprotect} function returns @math{0} on success and @math{-1} | |
3024 | on failure. | |
3025 | ||
3026 | The following @code{errno} error conditions are defined for this | |
3027 | function: | |
3028 | ||
3029 | @table @code | |
3030 | @item ENOMEM | |
3031 | The system was not able to allocate resources to fulfill the request. | |
3032 | This can happen if there is not enough physical memory in the system for | |
3033 | the allocation of backing storage. The error can also occur if the new | |
3034 | protection flags would cause the memory region to be split from its | |
3035 | neighbors, and the process limit for the number of such distinct memory | |
3036 | regions would be exceeded. | |
3037 | ||
3038 | @item EINVAL | |
3039 | @var{address} is not properly aligned to a page boundary for the | |
3040 | mapping, or @var{length} (after rounding up to the system page size) is | |
3041 | not a multiple of the applicable page size for the mapping, or the | |
3042 | combination of flags in @var{protection} is not valid. | |
3043 | ||
3044 | @item EACCES | |
3045 | The file for a file-based mapping was not opened with open flags which | |
3046 | are compatible with @var{protection}. | |
3047 | ||
3048 | @item EPERM | |
3049 | The system security policy does not allow a mapping with the specified | |
3050 | flags. For example, mappings which are both @code{PROT_EXEC} and | |
3051 | @code{PROT_WRITE} at the same time might not be allowed. | |
3052 | @end table | |
3053 | @end deftypefun | |
3054 | ||
3055 | If the @code{mprotect} function is used to make a region of memory | |
3056 | inaccessible by specifying the @code{PROT_NONE} protection flag and | |
3057 | access is later restored, the memory retains its previous contents. | |
3058 | ||
3059 | On some systems, it may not be possible to specify additional flags | |
3060 | which were not present when the mapping was first created. For example, | |
3061 | an attempt to make a region of memory executable could fail if the | |
3062 | initial protection flags were @samp{PROT_READ | PROT_WRITE}. | |
3063 | ||
3064 | In general, the @code{mprotect} function can be used to change any | |
3065 | process memory, no matter how it was allocated. However, portable use | |
3066 | of the function requires that it is only used with memory regions | |
3067 | returned by @code{mmap} or @code{mmap64}. | |
99a20616 | 3068 | |
446d22e9 FW |
3069 | @subsection Memory Protection Keys |
3070 | ||
3071 | @cindex memory protection key | |
3072 | @cindex protection key | |
3073 | @cindex MPK | |
3074 | On some systems, further restrictions can be added to specific pages | |
3075 | using @dfn{memory protection keys}. These restrictions work as follows: | |
3076 | ||
3077 | @itemize @bullet | |
3078 | @item | |
3079 | All memory pages are associated with a protection key. The default | |
3080 | protection key does not cause any additional protections to be applied | |
3081 | during memory accesses. New keys can be allocated with the | |
3082 | @code{pkey_alloc} function, and applied to pages using | |
3083 | @code{pkey_mprotect}. | |
3084 | ||
3085 | @item | |
3086 | Each thread has a set of separate access right restriction for each | |
3087 | protection key. These access rights can be manipulated using the | |
3088 | @code{pkey_set} and @code{pkey_get} functions. | |
3089 | ||
3090 | @item | |
3091 | During a memory access, the system obtains the protection key for the | |
3092 | accessed page and uses that to determine the applicable access rights, | |
3093 | as configured for the current thread. If the access is restricted, a | |
3094 | segmentation fault is the result ((@pxref{Program Error Signals}). | |
3095 | These checks happen in addition to the @code{PROT_}* protection flags | |
3096 | set by @code{mprotect} or @code{pkey_mprotect}. | |
3097 | @end itemize | |
3098 | ||
3099 | New threads and subprocesses inherit the access rights of the current | |
3100 | thread. If a protection key is allocated subsequently, existing threads | |
3101 | (except the current) will use an unspecified system default for the | |
3102 | access rights associated with newly allocated keys. | |
3103 | ||
3104 | Upon entering a signal handler, the system resets the access rights of | |
3105 | the current thread so that pages with the default key can be accessed, | |
3106 | but the access rights for other protection keys are unspecified. | |
3107 | ||
3108 | Applications are expected to allocate a key once using | |
3109 | @code{pkey_alloc}, and apply the key to memory regions which need | |
3110 | special protection with @code{pkey_mprotect}: | |
3111 | ||
3112 | @smallexample | |
3113 | int key = pkey_alloc (0, PKEY_DISABLE_ACCESS); | |
3114 | if (key < 0) | |
3115 | /* Perform error checking, including fallback for lack of support. */ | |
3116 | ...; | |
3117 | ||
3118 | /* Apply the key to a special memory region used to store critical | |
3119 | data. */ | |
3120 | if (pkey_mprotect (region, region_length, | |
3121 | PROT_READ | PROT_WRITE, key) < 0) | |
3122 | ...; /* Perform error checking (generally fatal). */ | |
3123 | @end smallexample | |
3124 | ||
3125 | If the key allocation fails due to lack of support for memory protection | |
3126 | keys, the @code{pkey_mprotect} call can usually be skipped. In this | |
3127 | case, the region will not be protected by default. It is also possible | |
3128 | to call @code{pkey_mprotect} with a key value of @math{-1}, in which | |
3129 | case it will behave in the same way as @code{mprotect}. | |
3130 | ||
3131 | After key allocation assignment to memory pages, @code{pkey_set} can be | |
3132 | used to temporarily acquire access to the memory region and relinquish | |
3133 | it again: | |
3134 | ||
3135 | @smallexample | |
3136 | if (key >= 0 && pkey_set (key, 0) < 0) | |
3137 | ...; /* Perform error checking (generally fatal). */ | |
3138 | /* At this point, the current thread has read-write access to the | |
3139 | memory region. */ | |
3140 | ... | |
3141 | /* Revoke access again. */ | |
3142 | if (key >= 0 && pkey_set (key, PKEY_DISABLE_ACCESS) < 0) | |
3143 | ...; /* Perform error checking (generally fatal). */ | |
3144 | @end smallexample | |
3145 | ||
3146 | In this example, a negative key value indicates that no key had been | |
3147 | allocated, which means that the system lacks support for memory | |
3148 | protection keys and it is not necessary to change the the access rights | |
3149 | of the current thread (because it always has access). | |
3150 | ||
3151 | Compared to using @code{mprotect} to change the page protection flags, | |
3152 | this approach has two advantages: It is thread-safe in the sense that | |
3153 | the access rights are only changed for the current thread, so another | |
3154 | thread which changes its own access rights concurrently to gain access | |
3155 | to the mapping will not suddenly see its access rights revoked. And | |
3156 | @code{pkey_set} typically does not involve a call into the kernel and a | |
3157 | context switch, so it is more efficient. | |
3158 | ||
3159 | @deftypefun int pkey_alloc (unsigned int @var{flags}, unsigned int @var{restrictions}) | |
3160 | @standards{Linux, sys/mman.h} | |
3161 | @safety{@prelim{}@mtsafe{}@assafe{}@acunsafe{@acucorrupt{}}} | |
3162 | Allocate a new protection key. The @var{flags} argument is reserved and | |
3163 | must be zero. The @var{restrictions} argument specifies access rights | |
3164 | which are applied to the current thread (as if with @code{pkey_set} | |
3165 | below). Access rights of other threads are not changed. | |
3166 | ||
3167 | The function returns the new protection key, a non-negative number, or | |
3168 | @math{-1} on error. | |
3169 | ||
3170 | The following @code{errno} error conditions are defined for this | |
3171 | function: | |
3172 | ||
3173 | @table @code | |
3174 | @item ENOSYS | |
3175 | The system does not implement memory protection keys. | |
3176 | ||
3177 | @item EINVAL | |
3178 | The @var{flags} argument is not zero. | |
3179 | ||
3180 | The @var{restrictions} argument is invalid. | |
3181 | ||
3182 | The system does not implement memory protection keys or runs in a mode | |
3183 | in which memory protection keys are disabled. | |
3184 | ||
3185 | @item ENOSPC | |
3186 | All available protection keys already have been allocated. | |
70ba28f7 LM |
3187 | |
3188 | The system does not implement memory protection keys or runs in a mode | |
3189 | in which memory protection keys are disabled. | |
3190 | ||
446d22e9 FW |
3191 | @end table |
3192 | @end deftypefun | |
3193 | ||
3194 | @deftypefun int pkey_free (int @var{key}) | |
3195 | @standards{Linux, sys/mman.h} | |
3196 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} | |
3197 | Deallocate the protection key, so that it can be reused by | |
3198 | @code{pkey_alloc}. | |
3199 | ||
3200 | Calling this function does not change the access rights of the freed | |
3201 | protection key. The calling thread and other threads may retain access | |
3202 | to it, even if it is subsequently allocated again. For this reason, it | |
3203 | is not recommended to call the @code{pkey_free} function. | |
3204 | ||
3205 | @table @code | |
3206 | @item ENOSYS | |
3207 | The system does not implement memory protection keys. | |
3208 | ||
3209 | @item EINVAL | |
3210 | The @var{key} argument is not a valid protection key. | |
3211 | @end table | |
3212 | @end deftypefun | |
3213 | ||
3214 | @deftypefun int pkey_mprotect (void *@var{address}, size_t @var{length}, int @var{protection}, int @var{key}) | |
3215 | @standards{Linux, sys/mman.h} | |
3216 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} | |
3217 | Similar to @code{mprotect}, but also set the memory protection key for | |
3218 | the memory region to @code{key}. | |
3219 | ||
3220 | Some systems use memory protection keys to emulate certain combinations | |
3221 | of @var{protection} flags. Under such circumstances, specifying an | |
3222 | explicit protection key may behave as if additional flags have been | |
3223 | specified in @var{protection}, even though this does not happen with the | |
3224 | default protection key. For example, some systems can support | |
3225 | @code{PROT_EXEC}-only mappings only with a default protection key, and | |
3226 | memory with a key which was allocated using @code{pkey_alloc} will still | |
3227 | be readable if @code{PROT_EXEC} is specified without @code{PROT_READ}. | |
3228 | ||
3229 | If @var{key} is @math{-1}, the default protection key is applied to the | |
3230 | mapping, just as if @code{mprotect} had been called. | |
3231 | ||
3232 | The @code{pkey_mprotect} function returns @math{0} on success and | |
3233 | @math{-1} on failure. The same @code{errno} error conditions as for | |
3234 | @code{mprotect} are defined for this function, with the following | |
3235 | addition: | |
3236 | ||
3237 | @table @code | |
3238 | @item EINVAL | |
3239 | The @var{key} argument is not @math{-1} or a valid memory protection | |
3240 | key allocated using @code{pkey_alloc}. | |
3241 | ||
3242 | @item ENOSYS | |
3243 | The system does not implement memory protection keys, and @var{key} is | |
3244 | not @math{-1}. | |
3245 | @end table | |
3246 | @end deftypefun | |
3247 | ||
3248 | @deftypefun int pkey_set (int @var{key}, unsigned int @var{rights}) | |
3249 | @standards{Linux, sys/mman.h} | |
3250 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} | |
3251 | Change the access rights of the current thread for memory pages with the | |
3252 | protection key @var{key} to @var{rights}. If @var{rights} is zero, no | |
3253 | additional access restrictions on top of the page protection flags are | |
3254 | applied. Otherwise, @var{rights} is a combination of the following | |
3255 | flags: | |
3256 | ||
3257 | @vtable @code | |
3258 | @item PKEY_DISABLE_WRITE | |
3259 | @standards{Linux, sys/mman.h} | |
3260 | Subsequent attempts to write to memory with the specified protection | |
3261 | key will fault. | |
3262 | ||
3263 | @item PKEY_DISABLE_ACCESS | |
3264 | @standards{Linux, sys/mman.h} | |
3265 | Subsequent attempts to write to or read from memory with the specified | |
3266 | protection key will fault. | |
3267 | @end vtable | |
3268 | ||
3269 | Operations not specified as flags are not restricted. In particular, | |
3270 | this means that the memory region will remain executable if it was | |
3271 | mapped with the @code{PROT_EXEC} protection flag and | |
3272 | @code{PKEY_DISABLE_ACCESS} has been specified. | |
3273 | ||
3274 | Calling the @code{pkey_set} function with a protection key which was not | |
3275 | allocated by @code{pkey_alloc} results in undefined behavior. This | |
3276 | means that calling this function on systems which do not support memory | |
3277 | protection keys is undefined. | |
3278 | ||
3279 | The @code{pkey_set} function returns @math{0} on success and @math{-1} | |
3280 | on failure. | |
3281 | ||
3282 | The following @code{errno} error conditions are defined for this | |
3283 | function: | |
3284 | ||
3285 | @table @code | |
3286 | @item EINVAL | |
3287 | The system does not support the access rights restrictions expressed in | |
3288 | the @var{rights} argument. | |
3289 | @end table | |
3290 | @end deftypefun | |
3291 | ||
3292 | @deftypefun int pkey_get (int @var{key}) | |
3293 | @standards{Linux, sys/mman.h} | |
3294 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} | |
3295 | Return the access rights of the current thread for memory pages with | |
3296 | protection key @var{key}. The return value is zero or a combination of | |
3297 | the @code{PKEY_DISABLE_}* flags; see the @code{pkey_set} function. | |
3298 | ||
3299 | Calling the @code{pkey_get} function with a protection key which was not | |
3300 | allocated by @code{pkey_alloc} results in undefined behavior. This | |
3301 | means that calling this function on systems which do not support memory | |
3302 | protection keys is undefined. | |
3303 | @end deftypefun | |
3304 | ||
99a20616 UD |
3305 | @node Locking Pages |
3306 | @section Locking Pages | |
3307 | @cindex locking pages | |
3308 | @cindex memory lock | |
3309 | @cindex paging | |
3310 | ||
3311 | You can tell the system to associate a particular virtual memory page | |
11bf311e | 3312 | with a real page frame and keep it that way --- i.e., cause the page to |
99a20616 UD |
3313 | be paged in if it isn't already and mark it so it will never be paged |
3314 | out and consequently will never cause a page fault. This is called | |
3315 | @dfn{locking} a page. | |
3316 | ||
3317 | The functions in this chapter lock and unlock the calling process' | |
3318 | pages. | |
3319 | ||
3320 | @menu | |
3321 | * Why Lock Pages:: Reasons to read this section. | |
3322 | * Locked Memory Details:: Everything you need to know locked | |
3323 | memory | |
3324 | * Page Lock Functions:: Here's how to do it. | |
3325 | @end menu | |
3326 | ||
3327 | @node Why Lock Pages | |
3328 | @subsection Why Lock Pages | |
3329 | ||
3330 | Because page faults cause paged out pages to be paged in transparently, | |
68979757 | 3331 | a process rarely needs to be concerned about locking pages. However, |
99a20616 UD |
3332 | there are two reasons people sometimes are: |
3333 | ||
3334 | @itemize @bullet | |
3335 | ||
3336 | @item | |
3337 | Speed. A page fault is transparent only insofar as the process is not | |
3338 | sensitive to how long it takes to do a simple memory access. Time-critical | |
3339 | processes, especially realtime processes, may not be able to wait or | |
3340 | may not be able to tolerate variance in execution speed. | |
3341 | @cindex realtime processing | |
3342 | @cindex speed of execution | |
3343 | ||
3344 | A process that needs to lock pages for this reason probably also needs | |
3345 | priority among other processes for use of the CPU. @xref{Priority}. | |
3346 | ||
3347 | In some cases, the programmer knows better than the system's demand | |
3348 | paging allocator which pages should remain in real memory to optimize | |
3349 | system performance. In this case, locking pages can help. | |
3350 | ||
3351 | @item | |
3352 | Privacy. If you keep secrets in virtual memory and that virtual memory | |
3353 | gets paged out, that increases the chance that the secrets will get out. | |
841785ba | 3354 | If a passphrase gets written out to disk swap space, for example, it might |
99a20616 UD |
3355 | still be there long after virtual and real memory have been wiped clean. |
3356 | ||
3357 | @end itemize | |
3358 | ||
3359 | Be aware that when you lock a page, that's one fewer page frame that can | |
3360 | be used to back other virtual memory (by the same or other processes), | |
3361 | which can mean more page faults, which means the system runs more | |
3362 | slowly. In fact, if you lock enough memory, some programs may not be | |
3363 | able to run at all for lack of real memory. | |
3364 | ||
3365 | @node Locked Memory Details | |
3366 | @subsection Locked Memory Details | |
3367 | ||
3368 | A memory lock is associated with a virtual page, not a real frame. The | |
3369 | paging rule is: If a frame backs at least one locked page, don't page it | |
3370 | out. | |
3371 | ||
11bf311e | 3372 | Memory locks do not stack. I.e., you can't lock a particular page twice |
99a20616 UD |
3373 | so that it has to be unlocked twice before it is truly unlocked. It is |
3374 | either locked or it isn't. | |
3375 | ||
3376 | A memory lock persists until the process that owns the memory explicitly | |
3377 | unlocks it. (But process termination and exec cause the virtual memory | |
3378 | to cease to exist, which you might say means it isn't locked any more). | |
3379 | ||
3380 | Memory locks are not inherited by child processes. (But note that on a | |
3381 | modern Unix system, immediately after a fork, the parent's and the | |
3382 | child's virtual address space are backed by the same real page frames, | |
3383 | so the child enjoys the parent's locks). @xref{Creating a Process}. | |
3384 | ||
3385 | Because of its ability to impact other processes, only the superuser can | |
3386 | lock a page. Any process can unlock its own page. | |
3387 | ||
3388 | The system sets limits on the amount of memory a process can have locked | |
3389 | and the amount of real memory it can have dedicated to it. @xref{Limits | |
3390 | on Resources}. | |
3391 | ||
3392 | In Linux, locked pages aren't as locked as you might think. | |
3393 | Two virtual pages that are not shared memory can nonetheless be backed | |
3394 | by the same real frame. The kernel does this in the name of efficiency | |
3395 | when it knows both virtual pages contain identical data, and does it | |
68979757 | 3396 | even if one or both of the virtual pages are locked. |
99a20616 UD |
3397 | |
3398 | But when a process modifies one of those pages, the kernel must get it a | |
3399 | separate frame and fill it with the page's data. This is known as a | |
3400 | @dfn{copy-on-write page fault}. It takes a small amount of time and in | |
3401 | a pathological case, getting that frame may require I/O. | |
3402 | @cindex copy-on-write page fault | |
3403 | @cindex page fault, copy-on-write | |
3404 | ||
3405 | To make sure this doesn't happen to your program, don't just lock the | |
3406 | pages. Write to them as well, unless you know you won't write to them | |
3407 | ever. And to make sure you have pre-allocated frames for your stack, | |
3408 | enter a scope that declares a C automatic variable larger than the | |
3409 | maximum stack size you will need, set it to something, then return from | |
3410 | its scope. | |
3411 | ||
3412 | @node Page Lock Functions | |
3413 | @subsection Functions To Lock And Unlock Pages | |
3414 | ||
3415 | The symbols in this section are declared in @file{sys/mman.h}. These | |
3416 | functions are defined by POSIX.1b, but their availability depends on | |
3417 | your kernel. If your kernel doesn't allow these functions, they exist | |
3418 | but always fail. They @emph{are} available with a Linux kernel. | |
3419 | ||
3420 | @strong{Portability Note:} POSIX.1b requires that when the @code{mlock} | |
3421 | and @code{munlock} functions are available, the file @file{unistd.h} | |
3422 | define the macro @code{_POSIX_MEMLOCK_RANGE} and the file | |
3423 | @code{limits.h} define the macro @code{PAGESIZE} to be the size of a | |
3424 | memory page in bytes. It requires that when the @code{mlockall} and | |
3425 | @code{munlockall} functions are available, the @file{unistd.h} file | |
1f77f049 | 3426 | define the macro @code{_POSIX_MEMLOCK}. @Theglibc{} conforms to |
99a20616 UD |
3427 | this requirement. |
3428 | ||
99a20616 | 3429 | @deftypefun int mlock (const void *@var{addr}, size_t @var{len}) |
d08a7e4c | 3430 | @standards{POSIX.1b, sys/mman.h} |
9f529d7c | 3431 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} |
99a20616 UD |
3432 | |
3433 | @code{mlock} locks a range of the calling process' virtual pages. | |
3434 | ||
3435 | The range of memory starts at address @var{addr} and is @var{len} bytes | |
3436 | long. Actually, since you must lock whole pages, it is the range of | |
3437 | pages that include any part of the specified range. | |
3438 | ||
3439 | When the function returns successfully, each of those pages is backed by | |
3440 | (connected to) a real frame (is resident) and is marked to stay that | |
3441 | way. This means the function may cause page-ins and have to wait for | |
3442 | them. | |
3443 | ||
3444 | When the function fails, it does not affect the lock status of any | |
3445 | pages. | |
3446 | ||
3447 | The return value is zero if the function succeeds. Otherwise, it is | |
3448 | @code{-1} and @code{errno} is set accordingly. @code{errno} values | |
3449 | specific to this function are: | |
3450 | ||
3451 | @table @code | |
3452 | @item ENOMEM | |
3453 | @itemize @bullet | |
3454 | @item | |
3455 | At least some of the specified address range does not exist in the | |
3456 | calling process' virtual address space. | |
3457 | @item | |
3458 | The locking would cause the process to exceed its locked page limit. | |
3459 | @end itemize | |
3460 | ||
3461 | @item EPERM | |
3462 | The calling process is not superuser. | |
3463 | ||
3464 | @item EINVAL | |
3465 | @var{len} is not positive. | |
3466 | ||
3467 | @item ENOSYS | |
3468 | The kernel does not provide @code{mlock} capability. | |
3469 | ||
3470 | @end table | |
4bab0224 FW |
3471 | @end deftypefun |
3472 | ||
3473 | @deftypefun int mlock2 (const void *@var{addr}, size_t @var{len}, unsigned int @var{flags}) | |
3474 | @standards{Linux, sys/mman.h} | |
3475 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} | |
3476 | ||
3477 | This function is similar to @code{mlock}. If @var{flags} is zero, a | |
3478 | call to @code{mlock2} behaves exactly as the equivalent call to @code{mlock}. | |
3479 | ||
3480 | The @var{flags} argument must be a combination of zero or more of the | |
3481 | following flags: | |
3482 | ||
3483 | @vtable @code | |
3484 | @item MLOCK_ONFAULT | |
3485 | @standards{Linux, sys/mman.h} | |
3486 | Only those pages in the specified address range which are already in | |
3487 | memory are locked immediately. Additional pages in the range are | |
3488 | automatically locked in case of a page fault and allocation of memory. | |
3489 | @end vtable | |
3490 | ||
3491 | Like @code{mlock}, @code{mlock2} returns zero on success and @code{-1} | |
3492 | on failure, setting @code{errno} accordingly. Additional @code{errno} | |
3493 | values defined for @code{mlock2} are: | |
3494 | ||
3495 | @table @code | |
3496 | @item EINVAL | |
3497 | The specified (non-zero) @var{flags} argument is not supported by this | |
3498 | system. | |
3499 | @end table | |
3500 | @end deftypefun | |
99a20616 UD |
3501 | |
3502 | You can lock @emph{all} a process' memory with @code{mlockall}. You | |
3503 | unlock memory with @code{munlock} or @code{munlockall}. | |
3504 | ||
3505 | To avoid all page faults in a C program, you have to use | |
3506 | @code{mlockall}, because some of the memory a program uses is hidden | |
3507 | from the C code, e.g. the stack and automatic variables, and you | |
3508 | wouldn't know what address to tell @code{mlock}. | |
3509 | ||
99a20616 | 3510 | @deftypefun int munlock (const void *@var{addr}, size_t @var{len}) |
d08a7e4c | 3511 | @standards{POSIX.1b, sys/mman.h} |
9f529d7c | 3512 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} |
99a20616 | 3513 | |
10e0498e | 3514 | @code{munlock} unlocks a range of the calling process' virtual pages. |
99a20616 UD |
3515 | |
3516 | @code{munlock} is the inverse of @code{mlock} and functions completely | |
3517 | analogously to @code{mlock}, except that there is no @code{EPERM} | |
3518 | failure. | |
3519 | ||
3520 | @end deftypefun | |
3521 | ||
99a20616 | 3522 | @deftypefun int mlockall (int @var{flags}) |
d08a7e4c | 3523 | @standards{POSIX.1b, sys/mman.h} |
9f529d7c | 3524 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} |
99a20616 UD |
3525 | |
3526 | @code{mlockall} locks all the pages in a process' virtual memory address | |
3527 | space, and/or any that are added to it in the future. This includes the | |
3528 | pages of the code, data and stack segment, as well as shared libraries, | |
3529 | user space kernel data, shared memory, and memory mapped files. | |
3530 | ||
3531 | @var{flags} is a string of single bit flags represented by the following | |
3532 | macros. They tell @code{mlockall} which of its functions you want. All | |
3533 | other bits must be zero. | |
3534 | ||
2fe82ca6 | 3535 | @vtable @code |
99a20616 UD |
3536 | |
3537 | @item MCL_CURRENT | |
3538 | Lock all pages which currently exist in the calling process' virtual | |
3539 | address space. | |
3540 | ||
3541 | @item MCL_FUTURE | |
3542 | Set a mode such that any pages added to the process' virtual address | |
3543 | space in the future will be locked from birth. This mode does not | |
3544 | affect future address spaces owned by the same process so exec, which | |
3545 | replaces a process' address space, wipes out @code{MCL_FUTURE}. | |
3546 | @xref{Executing a File}. | |
3547 | ||
2fe82ca6 | 3548 | @end vtable |
99a20616 UD |
3549 | |
3550 | When the function returns successfully, and you specified | |
3551 | @code{MCL_CURRENT}, all of the process' pages are backed by (connected | |
3552 | to) real frames (they are resident) and are marked to stay that way. | |
3553 | This means the function may cause page-ins and have to wait for them. | |
3554 | ||
3555 | When the process is in @code{MCL_FUTURE} mode because it successfully | |
3556 | executed this function and specified @code{MCL_CURRENT}, any system call | |
3557 | by the process that requires space be added to its virtual address space | |
3558 | fails with @code{errno} = @code{ENOMEM} if locking the additional space | |
3559 | would cause the process to exceed its locked page limit. In the case | |
0bc93a2f | 3560 | that the address space addition that can't be accommodated is stack |
99a20616 UD |
3561 | expansion, the stack expansion fails and the kernel sends a |
3562 | @code{SIGSEGV} signal to the process. | |
3563 | ||
3564 | When the function fails, it does not affect the lock status of any pages | |
3565 | or the future locking mode. | |
3566 | ||
3567 | The return value is zero if the function succeeds. Otherwise, it is | |
3568 | @code{-1} and @code{errno} is set accordingly. @code{errno} values | |
3569 | specific to this function are: | |
3570 | ||
3571 | @table @code | |
3572 | @item ENOMEM | |
3573 | @itemize @bullet | |
3574 | @item | |
3575 | At least some of the specified address range does not exist in the | |
3576 | calling process' virtual address space. | |
3577 | @item | |
3578 | The locking would cause the process to exceed its locked page limit. | |
3579 | @end itemize | |
3580 | ||
3581 | @item EPERM | |
3582 | The calling process is not superuser. | |
3583 | ||
3584 | @item EINVAL | |
3585 | Undefined bits in @var{flags} are not zero. | |
3586 | ||
3587 | @item ENOSYS | |
3588 | The kernel does not provide @code{mlockall} capability. | |
3589 | ||
3590 | @end table | |
3591 | ||
3592 | You can lock just specific pages with @code{mlock}. You unlock pages | |
3593 | with @code{munlockall} and @code{munlock}. | |
3594 | ||
3595 | @end deftypefun | |
3596 | ||
3597 | ||
99a20616 | 3598 | @deftypefun int munlockall (void) |
d08a7e4c | 3599 | @standards{POSIX.1b, sys/mman.h} |
9f529d7c | 3600 | @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} |
99a20616 UD |
3601 | |
3602 | @code{munlockall} unlocks every page in the calling process' virtual | |
3ef569c7 | 3603 | address space and turns off @code{MCL_FUTURE} future locking mode. |
99a20616 UD |
3604 | |
3605 | The return value is zero if the function succeeds. Otherwise, it is | |
68979757 | 3606 | @code{-1} and @code{errno} is set accordingly. The only way this |
99a20616 UD |
3607 | function can fail is for generic reasons that all functions and system |
3608 | calls can fail, so there are no specific @code{errno} values. | |
3609 | ||
3610 | @end deftypefun | |
3611 | ||
3612 | ||
3613 | ||
3614 | ||
a9ddb793 UD |
3615 | @ignore |
3616 | @c This was never actually implemented. -zw | |
28f540f4 RM |
3617 | @node Relocating Allocator |
3618 | @section Relocating Allocator | |
3619 | ||
3620 | @cindex relocating memory allocator | |
3621 | Any system of dynamic memory allocation has overhead: the amount of | |
3622 | space it uses is more than the amount the program asks for. The | |
3623 | @dfn{relocating memory allocator} achieves very low overhead by moving | |
3624 | blocks in memory as necessary, on its own initiative. | |
3625 | ||
a9ddb793 UD |
3626 | @c @menu |
3627 | @c * Relocator Concepts:: How to understand relocating allocation. | |
3628 | @c * Using Relocator:: Functions for relocating allocation. | |
3629 | @c @end menu | |
28f540f4 RM |
3630 | |
3631 | @node Relocator Concepts | |
3632 | @subsection Concepts of Relocating Allocation | |
3633 | ||
3634 | @ifinfo | |
3635 | The @dfn{relocating memory allocator} achieves very low overhead by | |
3636 | moving blocks in memory as necessary, on its own initiative. | |
3637 | @end ifinfo | |
3638 | ||
3639 | When you allocate a block with @code{malloc}, the address of the block | |
3640 | never changes unless you use @code{realloc} to change its size. Thus, | |
3641 | you can safely store the address in various places, temporarily or | |
3642 | permanently, as you like. This is not safe when you use the relocating | |
3643 | memory allocator, because any and all relocatable blocks can move | |
3644 | whenever you allocate memory in any fashion. Even calling @code{malloc} | |
3645 | or @code{realloc} can move the relocatable blocks. | |
3646 | ||
3647 | @cindex handle | |
3648 | For each relocatable block, you must make a @dfn{handle}---a pointer | |
3649 | object in memory, designated to store the address of that block. The | |
3650 | relocating allocator knows where each block's handle is, and updates the | |
3651 | address stored there whenever it moves the block, so that the handle | |
3652 | always points to the block. Each time you access the contents of the | |
3653 | block, you should fetch its address anew from the handle. | |
3654 | ||
3655 | To call any of the relocating allocator functions from a signal handler | |
3656 | is almost certainly incorrect, because the signal could happen at any | |
3657 | time and relocate all the blocks. The only way to make this safe is to | |
3658 | block the signal around any access to the contents of any relocatable | |
3659 | block---not a convenient mode of operation. @xref{Nonreentrancy}. | |
3660 | ||
3661 | @node Using Relocator | |
3662 | @subsection Allocating and Freeing Relocatable Blocks | |
3663 | ||
3664 | @pindex malloc.h | |
3665 | In the descriptions below, @var{handleptr} designates the address of the | |
3666 | handle. All the functions are declared in @file{malloc.h}; all are GNU | |
3667 | extensions. | |
3668 | ||
3669 | @comment malloc.h | |
3670 | @comment GNU | |
a9ddb793 | 3671 | @c @deftypefun {void *} r_alloc (void **@var{handleptr}, size_t @var{size}) |
28f540f4 RM |
3672 | This function allocates a relocatable block of size @var{size}. It |
3673 | stores the block's address in @code{*@var{handleptr}} and returns | |
3674 | a non-null pointer to indicate success. | |
3675 | ||
3676 | If @code{r_alloc} can't get the space needed, it stores a null pointer | |
3677 | in @code{*@var{handleptr}}, and returns a null pointer. | |
3678 | @end deftypefun | |
3679 | ||
3680 | @comment malloc.h | |
3681 | @comment GNU | |
a9ddb793 | 3682 | @c @deftypefun void r_alloc_free (void **@var{handleptr}) |
28f540f4 RM |
3683 | This function is the way to free a relocatable block. It frees the |
3684 | block that @code{*@var{handleptr}} points to, and stores a null pointer | |
3685 | in @code{*@var{handleptr}} to show it doesn't point to an allocated | |
3686 | block any more. | |
3687 | @end deftypefun | |
3688 | ||
3689 | @comment malloc.h | |
3690 | @comment GNU | |
a9ddb793 | 3691 | @c @deftypefun {void *} r_re_alloc (void **@var{handleptr}, size_t @var{size}) |
28f540f4 RM |
3692 | The function @code{r_re_alloc} adjusts the size of the block that |
3693 | @code{*@var{handleptr}} points to, making it @var{size} bytes long. It | |
3694 | stores the address of the resized block in @code{*@var{handleptr}} and | |
3695 | returns a non-null pointer to indicate success. | |
3696 | ||
3697 | If enough memory is not available, this function returns a null pointer | |
3698 | and does not modify @code{*@var{handleptr}}. | |
3699 | @end deftypefun | |
a9ddb793 | 3700 | @end ignore |
28f540f4 | 3701 | |
99a20616 UD |
3702 | |
3703 | ||
3704 | ||
c131718c UD |
3705 | @ignore |
3706 | @comment No longer available... | |
3707 | ||
3708 | @comment @node Memory Warnings | |
3709 | @comment @section Memory Usage Warnings | |
3710 | @comment @cindex memory usage warnings | |
3711 | @comment @cindex warnings of memory almost full | |
28f540f4 RM |
3712 | |
3713 | @pindex malloc.c | |
3714 | You can ask for warnings as the program approaches running out of memory | |
3715 | space, by calling @code{memory_warnings}. This tells @code{malloc} to | |
3716 | check memory usage every time it asks for more memory from the operating | |
3717 | system. This is a GNU extension declared in @file{malloc.h}. | |
3718 | ||
3719 | @comment malloc.h | |
3720 | @comment GNU | |
c131718c | 3721 | @comment @deftypefun void memory_warnings (void *@var{start}, void (*@var{warn-func}) (const char *)) |
28f540f4 RM |
3722 | Call this function to request warnings for nearing exhaustion of virtual |
3723 | memory. | |
3724 | ||
3725 | The argument @var{start} says where data space begins, in memory. The | |
3726 | allocator compares this against the last address used and against the | |
3727 | limit of data space, to determine the fraction of available memory in | |
3728 | use. If you supply zero for @var{start}, then a default value is used | |
3729 | which is right in most circumstances. | |
3730 | ||
3731 | For @var{warn-func}, supply a function that @code{malloc} can call to | |
3732 | warn you. It is called with a string (a warning message) as argument. | |
3733 | Normally it ought to display the string for the user to read. | |
3734 | @end deftypefun | |
3735 | ||
3736 | The warnings come when memory becomes 75% full, when it becomes 85% | |
3737 | full, and when it becomes 95% full. Above 95% you get another warning | |
3738 | each time memory usage increases. | |
c131718c UD |
3739 | |
3740 | @end ignore |