Make sure that calloc is called at least once
[glibc.git] / malloc / malloc.c
blob452f036387e0b5699e8f0fa33ed027abf066115e
1 /* Malloc implementation for multiple threads without lock contention.
2 Copyright (C) 1996-2015 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Wolfram Gloger <wg@malloc.de>
5 and Doug Lea <dl@cs.oswego.edu>, 2001.
7 The GNU C Library is free software; you can redistribute it and/or
8 modify it under the terms of the GNU Lesser General Public License as
9 published by the Free Software Foundation; either version 2.1 of the
10 License, or (at your option) any later version.
12 The GNU C Library is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public
18 License along with the GNU C Library; see the file COPYING.LIB. If
19 not, see <http://www.gnu.org/licenses/>. */
21 /*
22 This is a version (aka ptmalloc2) of malloc/free/realloc written by
23 Doug Lea and adapted to multiple threads/arenas by Wolfram Gloger.
25 There have been substantial changes made after the integration into
26 glibc in all parts of the code. Do not look for much commonality
27 with the ptmalloc2 version.
29 * Version ptmalloc2-20011215
30 based on:
31 VERSION 2.7.0 Sun Mar 11 14:14:06 2001 Doug Lea (dl at gee)
33 * Quickstart
35 In order to compile this implementation, a Makefile is provided with
36 the ptmalloc2 distribution, which has pre-defined targets for some
37 popular systems (e.g. "make posix" for Posix threads). All that is
38 typically required with regard to compiler flags is the selection of
39 the thread package via defining one out of USE_PTHREADS, USE_THR or
40 USE_SPROC. Check the thread-m.h file for what effects this has.
41 Many/most systems will additionally require USE_TSD_DATA_HACK to be
42 defined, so this is the default for "make posix".
44 * Why use this malloc?
46 This is not the fastest, most space-conserving, most portable, or
47 most tunable malloc ever written. However it is among the fastest
48 while also being among the most space-conserving, portable and tunable.
49 Consistent balance across these factors results in a good general-purpose
50 allocator for malloc-intensive programs.
52 The main properties of the algorithms are:
53 * For large (>= 512 bytes) requests, it is a pure best-fit allocator,
54 with ties normally decided via FIFO (i.e. least recently used).
55 * For small (<= 64 bytes by default) requests, it is a caching
56 allocator, that maintains pools of quickly recycled chunks.
57 * In between, and for combinations of large and small requests, it does
58 the best it can trying to meet both goals at once.
59 * For very large requests (>= 128KB by default), it relies on system
60 memory mapping facilities, if supported.
62 For a longer but slightly out of date high-level description, see
63 http://gee.cs.oswego.edu/dl/html/malloc.html
65 You may already by default be using a C library containing a malloc
66 that is based on some version of this malloc (for example in
67 linux). You might still want to use the one in this file in order to
68 customize settings or to avoid overheads associated with library
69 versions.
71 * Contents, described in more detail in "description of public routines" below.
73 Standard (ANSI/SVID/...) functions:
74 malloc(size_t n);
75 calloc(size_t n_elements, size_t element_size);
76 free(void* p);
77 realloc(void* p, size_t n);
78 memalign(size_t alignment, size_t n);
79 valloc(size_t n);
80 mallinfo()
81 mallopt(int parameter_number, int parameter_value)
83 Additional functions:
84 independent_calloc(size_t n_elements, size_t size, void* chunks[]);
85 independent_comalloc(size_t n_elements, size_t sizes[], void* chunks[]);
86 pvalloc(size_t n);
87 cfree(void* p);
88 malloc_trim(size_t pad);
89 malloc_usable_size(void* p);
90 malloc_stats();
92 * Vital statistics:
94 Supported pointer representation: 4 or 8 bytes
95 Supported size_t representation: 4 or 8 bytes
96 Note that size_t is allowed to be 4 bytes even if pointers are 8.
97 You can adjust this by defining INTERNAL_SIZE_T
99 Alignment: 2 * sizeof(size_t) (default)
100 (i.e., 8 byte alignment with 4byte size_t). This suffices for
101 nearly all current machines and C compilers. However, you can
102 define MALLOC_ALIGNMENT to be wider than this if necessary.
104 Minimum overhead per allocated chunk: 4 or 8 bytes
105 Each malloced chunk has a hidden word of overhead holding size
106 and status information.
108 Minimum allocated size: 4-byte ptrs: 16 bytes (including 4 overhead)
109 8-byte ptrs: 24/32 bytes (including, 4/8 overhead)
111 When a chunk is freed, 12 (for 4byte ptrs) or 20 (for 8 byte
112 ptrs but 4 byte size) or 24 (for 8/8) additional bytes are
113 needed; 4 (8) for a trailing size field and 8 (16) bytes for
114 free list pointers. Thus, the minimum allocatable size is
115 16/24/32 bytes.
117 Even a request for zero bytes (i.e., malloc(0)) returns a
118 pointer to something of the minimum allocatable size.
120 The maximum overhead wastage (i.e., number of extra bytes
121 allocated than were requested in malloc) is less than or equal
122 to the minimum size, except for requests >= mmap_threshold that
123 are serviced via mmap(), where the worst case wastage is 2 *
124 sizeof(size_t) bytes plus the remainder from a system page (the
125 minimal mmap unit); typically 4096 or 8192 bytes.
127 Maximum allocated size: 4-byte size_t: 2^32 minus about two pages
128 8-byte size_t: 2^64 minus about two pages
130 It is assumed that (possibly signed) size_t values suffice to
131 represent chunk sizes. `Possibly signed' is due to the fact
132 that `size_t' may be defined on a system as either a signed or
133 an unsigned type. The ISO C standard says that it must be
134 unsigned, but a few systems are known not to adhere to this.
135 Additionally, even when size_t is unsigned, sbrk (which is by
136 default used to obtain memory from system) accepts signed
137 arguments, and may not be able to handle size_t-wide arguments
138 with negative sign bit. Generally, values that would
139 appear as negative after accounting for overhead and alignment
140 are supported only via mmap(), which does not have this
141 limitation.
143 Requests for sizes outside the allowed range will perform an optional
144 failure action and then return null. (Requests may also
145 also fail because a system is out of memory.)
147 Thread-safety: thread-safe
149 Compliance: I believe it is compliant with the 1997 Single Unix Specification
150 Also SVID/XPG, ANSI C, and probably others as well.
152 * Synopsis of compile-time options:
154 People have reported using previous versions of this malloc on all
155 versions of Unix, sometimes by tweaking some of the defines
156 below. It has been tested most extensively on Solaris and Linux.
157 People also report using it in stand-alone embedded systems.
159 The implementation is in straight, hand-tuned ANSI C. It is not
160 at all modular. (Sorry!) It uses a lot of macros. To be at all
161 usable, this code should be compiled using an optimizing compiler
162 (for example gcc -O3) that can simplify expressions and control
163 paths. (FAQ: some macros import variables as arguments rather than
164 declare locals because people reported that some debuggers
165 otherwise get confused.)
167 OPTION DEFAULT VALUE
169 Compilation Environment options:
171 HAVE_MREMAP 0
173 Changing default word sizes:
175 INTERNAL_SIZE_T size_t
176 MALLOC_ALIGNMENT MAX (2 * sizeof(INTERNAL_SIZE_T),
177 __alignof__ (long double))
179 Configuration and functionality options:
181 USE_PUBLIC_MALLOC_WRAPPERS NOT defined
182 USE_MALLOC_LOCK NOT defined
183 MALLOC_DEBUG NOT defined
184 REALLOC_ZERO_BYTES_FREES 1
185 TRIM_FASTBINS 0
187 Options for customizing MORECORE:
189 MORECORE sbrk
190 MORECORE_FAILURE -1
191 MORECORE_CONTIGUOUS 1
192 MORECORE_CANNOT_TRIM NOT defined
193 MORECORE_CLEARS 1
194 MMAP_AS_MORECORE_SIZE (1024 * 1024)
196 Tuning options that are also dynamically changeable via mallopt:
198 DEFAULT_MXFAST 64 (for 32bit), 128 (for 64bit)
199 DEFAULT_TRIM_THRESHOLD 128 * 1024
200 DEFAULT_TOP_PAD 0
201 DEFAULT_MMAP_THRESHOLD 128 * 1024
202 DEFAULT_MMAP_MAX 65536
204 There are several other #defined constants and macros that you
205 probably don't want to touch unless you are extending or adapting malloc. */
207 /*
208 void* is the pointer type that malloc should say it returns
209 */
211 #ifndef void
212 #define void void
213 #endif /*void*/
215 #include <stddef.h> /* for size_t */
216 #include <stdlib.h> /* for getenv(), abort() */
217 #include <unistd.h> /* for __libc_enable_secure */
219 #include <malloc-machine.h>
220 #include <malloc-sysdep.h>
222 #include <atomic.h>
223 #include <_itoa.h>
224 #include <bits/wordsize.h>
225 #include <sys/sysinfo.h>
227 #include <ldsodefs.h>
229 #include <unistd.h>
230 #include <stdio.h> /* needed for malloc_stats */
231 #include <errno.h>
233 #include <shlib-compat.h>
235 /* For uintptr_t. */
236 #include <stdint.h>
238 /* For va_arg, va_start, va_end. */
239 #include <stdarg.h>
241 /* For MIN, MAX, powerof2. */
242 #include <sys/param.h>
244 /* For ALIGN_UP. */
245 #include <libc-internal.h>
248 /*
249 Debugging:
251 Because freed chunks may be overwritten with bookkeeping fields, this
252 malloc will often die when freed memory is overwritten by user
253 programs. This can be very effective (albeit in an annoying way)
254 in helping track down dangling pointers.
256 If you compile with -DMALLOC_DEBUG, a number of assertion checks are
257 enabled that will catch more memory errors. You probably won't be
258 able to make much sense of the actual assertion errors, but they
259 should help you locate incorrectly overwritten memory. The checking
260 is fairly extensive, and will slow down execution
261 noticeably. Calling malloc_stats or mallinfo with MALLOC_DEBUG set
262 will attempt to check every non-mmapped allocated and free chunk in
263 the course of computing the summmaries. (By nature, mmapped regions
264 cannot be checked very much automatically.)
266 Setting MALLOC_DEBUG may also be helpful if you are trying to modify
267 this code. The assertions in the check routines spell out in more
268 detail the assumptions and invariants underlying the algorithms.
270 Setting MALLOC_DEBUG does NOT provide an automated mechanism for
271 checking that all accesses to malloced memory stay within their
272 bounds. However, there are several add-ons and adaptations of this
273 or other mallocs available that do this.
274 */
276 #ifndef MALLOC_DEBUG
277 #define MALLOC_DEBUG 0
278 #endif
280 #ifdef NDEBUG
281 # define assert(expr) ((void) 0)
282 #else
283 # define assert(expr) \
284 ((expr) \
285 ? ((void) 0) \
286 : __malloc_assert (__STRING (expr), __FILE__, __LINE__, __func__))
288 extern const char *__progname;
290 static void
291 __malloc_assert (const char *assertion, const char *file, unsigned int line,
292 const char *function)
294 (void) __fxprintf (NULL, "%s%s%s:%u: %s%sAssertion `%s' failed.\n",
295 __progname, __progname[0] ? ": " : "",
296 file, line,
297 function ? function : "", function ? ": " : "",
298 assertion);
299 fflush (stderr);
300 abort ();
302 #endif
305 /*
306 INTERNAL_SIZE_T is the word-size used for internal bookkeeping
307 of chunk sizes.
309 The default version is the same as size_t.
311 While not strictly necessary, it is best to define this as an
312 unsigned type, even if size_t is a signed type. This may avoid some
313 artificial size limitations on some systems.
315 On a 64-bit machine, you may be able to reduce malloc overhead by
316 defining INTERNAL_SIZE_T to be a 32 bit `unsigned int' at the
317 expense of not being able to handle more than 2^32 of malloced
318 space. If this limitation is acceptable, you are encouraged to set
319 this unless you are on a platform requiring 16byte alignments. In
320 this case the alignment requirements turn out to negate any
321 potential advantages of decreasing size_t word size.
323 Implementors: Beware of the possible combinations of:
324 - INTERNAL_SIZE_T might be signed or unsigned, might be 32 or 64 bits,
325 and might be the same width as int or as long
326 - size_t might have different width and signedness as INTERNAL_SIZE_T
327 - int and long might be 32 or 64 bits, and might be the same width
328 To deal with this, most comparisons and difference computations
329 among INTERNAL_SIZE_Ts should cast them to unsigned long, being
330 aware of the fact that casting an unsigned int to a wider long does
331 not sign-extend. (This also makes checking for negative numbers
332 awkward.) Some of these casts result in harmless compiler warnings
333 on some systems.
334 */
336 #ifndef INTERNAL_SIZE_T
337 #define INTERNAL_SIZE_T size_t
338 #endif
340 /* The corresponding word size */
341 #define SIZE_SZ (sizeof(INTERNAL_SIZE_T))
344 /*
345 MALLOC_ALIGNMENT is the minimum alignment for malloc'ed chunks.
346 It must be a power of two at least 2 * SIZE_SZ, even on machines
347 for which smaller alignments would suffice. It may be defined as
348 larger than this though. Note however that code and data structures
349 are optimized for the case of 8-byte alignment.
350 */
353 #ifndef MALLOC_ALIGNMENT
354 # if !SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_16)
355 /* This is the correct definition when there is no past ABI to constrain it.
357 Among configurations with a past ABI constraint, it differs from
358 2*SIZE_SZ only on powerpc32. For the time being, changing this is
359 causing more compatibility problems due to malloc_get_state and
360 malloc_set_state than will returning blocks not adequately aligned for
361 long double objects under -mlong-double-128. */
363 # define MALLOC_ALIGNMENT (2 *SIZE_SZ < __alignof__ (long double) \
364 ? __alignof__ (long double) : 2 *SIZE_SZ)
365 # else
366 # define MALLOC_ALIGNMENT (2 *SIZE_SZ)
367 # endif
368 #endif
370 /* The corresponding bit mask value */
371 #define MALLOC_ALIGN_MASK (MALLOC_ALIGNMENT - 1)
375 /*
376 REALLOC_ZERO_BYTES_FREES should be set if a call to
377 realloc with zero bytes should be the same as a call to free.
378 This is required by the C standard. Otherwise, since this malloc
379 returns a unique pointer for malloc(0), so does realloc(p, 0).
380 */
382 #ifndef REALLOC_ZERO_BYTES_FREES
383 #define REALLOC_ZERO_BYTES_FREES 1
384 #endif
386 /*
387 TRIM_FASTBINS controls whether free() of a very small chunk can
388 immediately lead to trimming. Setting to true (1) can reduce memory
389 footprint, but will almost always slow down programs that use a lot
390 of small chunks.
392 Define this only if you are willing to give up some speed to more
393 aggressively reduce system-level memory footprint when releasing
394 memory in programs that use many small chunks. You can get
395 essentially the same effect by setting MXFAST to 0, but this can
396 lead to even greater slowdowns in programs using many small chunks.
397 TRIM_FASTBINS is an in-between compile-time option, that disables
398 only those chunks bordering topmost memory from being placed in
399 fastbins.
400 */
402 #ifndef TRIM_FASTBINS
403 #define TRIM_FASTBINS 0
404 #endif
407 /* Definition for getting more memory from the OS. */
408 #define MORECORE (*__morecore)
409 #define MORECORE_FAILURE 0
410 void * __default_morecore (ptrdiff_t);
411 void *(*__morecore)(ptrdiff_t) = __default_morecore;
414 #include <string.h>
416 /*
417 MORECORE-related declarations. By default, rely on sbrk
418 */
421 /*
422 MORECORE is the name of the routine to call to obtain more memory
423 from the system. See below for general guidance on writing
424 alternative MORECORE functions, as well as a version for WIN32 and a
425 sample version for pre-OSX macos.
426 */
428 #ifndef MORECORE
429 #define MORECORE sbrk
430 #endif
432 /*
433 MORECORE_FAILURE is the value returned upon failure of MORECORE
434 as well as mmap. Since it cannot be an otherwise valid memory address,
435 and must reflect values of standard sys calls, you probably ought not
436 try to redefine it.
437 */
439 #ifndef MORECORE_FAILURE
440 #define MORECORE_FAILURE (-1)
441 #endif
443 /*
444 If MORECORE_CONTIGUOUS is true, take advantage of fact that
445 consecutive calls to MORECORE with positive arguments always return
446 contiguous increasing addresses. This is true of unix sbrk. Even
447 if not defined, when regions happen to be contiguous, malloc will
448 permit allocations spanning regions obtained from different
449 calls. But defining this when applicable enables some stronger
450 consistency checks and space efficiencies.
451 */
453 #ifndef MORECORE_CONTIGUOUS
454 #define MORECORE_CONTIGUOUS 1
455 #endif
457 /*
458 Define MORECORE_CANNOT_TRIM if your version of MORECORE
459 cannot release space back to the system when given negative
460 arguments. This is generally necessary only if you are using
461 a hand-crafted MORECORE function that cannot handle negative arguments.
462 */
464 /* #define MORECORE_CANNOT_TRIM */
466 /* MORECORE_CLEARS (default 1)
467 The degree to which the routine mapped to MORECORE zeroes out
468 memory: never (0), only for newly allocated space (1) or always
469 (2). The distinction between (1) and (2) is necessary because on
470 some systems, if the application first decrements and then
471 increments the break value, the contents of the reallocated space
472 are unspecified.
473 */
475 #ifndef MORECORE_CLEARS
476 # define MORECORE_CLEARS 1
477 #endif
480 /*
481 MMAP_AS_MORECORE_SIZE is the minimum mmap size argument to use if
482 sbrk fails, and mmap is used as a backup. The value must be a
483 multiple of page size. This backup strategy generally applies only
484 when systems have "holes" in address space, so sbrk cannot perform
485 contiguous expansion, but there is still space available on system.
486 On systems for which this is known to be useful (i.e. most linux
487 kernels), this occurs only when programs allocate huge amounts of
488 memory. Between this, and the fact that mmap regions tend to be
489 limited, the size should be large, to avoid too many mmap calls and
490 thus avoid running out of kernel resources. */
492 #ifndef MMAP_AS_MORECORE_SIZE
493 #define MMAP_AS_MORECORE_SIZE (1024 * 1024)
494 #endif
496 /*
497 Define HAVE_MREMAP to make realloc() use mremap() to re-allocate
498 large blocks.
499 */
501 #ifndef HAVE_MREMAP
502 #define HAVE_MREMAP 0
503 #endif
506 /*
507 This version of malloc supports the standard SVID/XPG mallinfo
508 routine that returns a struct containing usage properties and
509 statistics. It should work on any SVID/XPG compliant system that has
510 a /usr/include/malloc.h defining struct mallinfo. (If you'd like to
511 install such a thing yourself, cut out the preliminary declarations
512 as described above and below and save them in a malloc.h file. But
513 there's no compelling reason to bother to do this.)
515 The main declaration needed is the mallinfo struct that is returned
516 (by-copy) by mallinfo(). The SVID/XPG malloinfo struct contains a
517 bunch of fields that are not even meaningful in this version of
518 malloc. These fields are are instead filled by mallinfo() with
519 other numbers that might be of interest.
520 */
523 /* ---------- description of public routines ------------ */
525 /*
526 malloc(size_t n)
527 Returns a pointer to a newly allocated chunk of at least n bytes, or null
528 if no space is available. Additionally, on failure, errno is
529 set to ENOMEM on ANSI C systems.
531 If n is zero, malloc returns a minumum-sized chunk. (The minimum
532 size is 16 bytes on most 32bit systems, and 24 or 32 bytes on 64bit
533 systems.) On most systems, size_t is an unsigned type, so calls
534 with negative arguments are interpreted as requests for huge amounts
535 of space, which will often fail. The maximum supported value of n
536 differs across systems, but is in all cases less than the maximum
537 representable value of a size_t.
538 */
539 void* __libc_malloc(size_t);
540 libc_hidden_proto (__libc_malloc)
542 /*
543 free(void* p)
544 Releases the chunk of memory pointed to by p, that had been previously
545 allocated using malloc or a related routine such as realloc.
546 It has no effect if p is null. It can have arbitrary (i.e., bad!)
547 effects if p has already been freed.
549 Unless disabled (using mallopt), freeing very large spaces will
550 when possible, automatically trigger operations that give
551 back unused memory to the system, thus reducing program footprint.
552 */
553 void __libc_free(void*);
554 libc_hidden_proto (__libc_free)
556 /*
557 calloc(size_t n_elements, size_t element_size);
558 Returns a pointer to n_elements * element_size bytes, with all locations
559 set to zero.
560 */
561 void* __libc_calloc(size_t, size_t);
563 /*
564 realloc(void* p, size_t n)
565 Returns a pointer to a chunk of size n that contains the same data
566 as does chunk p up to the minimum of (n, p's size) bytes, or null
567 if no space is available.
569 The returned pointer may or may not be the same as p. The algorithm
570 prefers extending p when possible, otherwise it employs the
571 equivalent of a malloc-copy-free sequence.
573 If p is null, realloc is equivalent to malloc.
575 If space is not available, realloc returns null, errno is set (if on
576 ANSI) and p is NOT freed.
578 if n is for fewer bytes than already held by p, the newly unused
579 space is lopped off and freed if possible. Unless the #define
580 REALLOC_ZERO_BYTES_FREES is set, realloc with a size argument of
581 zero (re)allocates a minimum-sized chunk.
583 Large chunks that were internally obtained via mmap will always
584 be reallocated using malloc-copy-free sequences unless
585 the system supports MREMAP (currently only linux).
587 The old unix realloc convention of allowing the last-free'd chunk
588 to be used as an argument to realloc is not supported.
589 */
590 void* __libc_realloc(void*, size_t);
591 libc_hidden_proto (__libc_realloc)
593 /*
594 memalign(size_t alignment, size_t n);
595 Returns a pointer to a newly allocated chunk of n bytes, aligned
596 in accord with the alignment argument.
598 The alignment argument should be a power of two. If the argument is
599 not a power of two, the nearest greater power is used.
600 8-byte alignment is guaranteed by normal malloc calls, so don't
601 bother calling memalign with an argument of 8 or less.
603 Overreliance on memalign is a sure way to fragment space.
604 */
605 void* __libc_memalign(size_t, size_t);
606 libc_hidden_proto (__libc_memalign)
608 /*
609 valloc(size_t n);
610 Equivalent to memalign(pagesize, n), where pagesize is the page
611 size of the system. If the pagesize is unknown, 4096 is used.
612 */
613 void* __libc_valloc(size_t);
617 /*
618 mallopt(int parameter_number, int parameter_value)
619 Sets tunable parameters The format is to provide a
620 (parameter-number, parameter-value) pair. mallopt then sets the
621 corresponding parameter to the argument value if it can (i.e., so
622 long as the value is meaningful), and returns 1 if successful else
623 0. SVID/XPG/ANSI defines four standard param numbers for mallopt,
624 normally defined in malloc.h. Only one of these (M_MXFAST) is used
625 in this malloc. The others (M_NLBLKS, M_GRAIN, M_KEEP) don't apply,
626 so setting them has no effect. But this malloc also supports four
627 other options in mallopt. See below for details. Briefly, supported
628 parameters are as follows (listed defaults are for "typical"
629 configurations).
631 Symbol param # default allowed param values
632 M_MXFAST 1 64 0-80 (0 disables fastbins)
633 M_TRIM_THRESHOLD -1 128*1024 any (-1U disables trimming)
634 M_TOP_PAD -2 0 any
635 M_MMAP_THRESHOLD -3 128*1024 any (or 0 if no MMAP support)
636 M_MMAP_MAX -4 65536 any (0 disables use of mmap)
637 */
638 int __libc_mallopt(int, int);
639 libc_hidden_proto (__libc_mallopt)
642 /*
643 mallinfo()
644 Returns (by copy) a struct containing various summary statistics:
646 arena: current total non-mmapped bytes allocated from system
647 ordblks: the number of free chunks
648 smblks: the number of fastbin blocks (i.e., small chunks that
649 have been freed but not use resused or consolidated)
650 hblks: current number of mmapped regions
651 hblkhd: total bytes held in mmapped regions
652 usmblks: the maximum total allocated space. This will be greater
653 than current total if trimming has occurred.
654 fsmblks: total bytes held in fastbin blocks
655 uordblks: current total allocated space (normal or mmapped)
656 fordblks: total free space
657 keepcost: the maximum number of bytes that could ideally be released
658 back to system via malloc_trim. ("ideally" means that
659 it ignores page restrictions etc.)
661 Because these fields are ints, but internal bookkeeping may
662 be kept as longs, the reported values may wrap around zero and
663 thus be inaccurate.
664 */
665 struct mallinfo __libc_mallinfo(void);
668 /*
669 pvalloc(size_t n);
670 Equivalent to valloc(minimum-page-that-holds(n)), that is,
671 round up n to nearest pagesize.
672 */
673 void* __libc_pvalloc(size_t);
675 /*
676 malloc_trim(size_t pad);
678 If possible, gives memory back to the system (via negative
679 arguments to sbrk) if there is unused memory at the `high' end of
680 the malloc pool. You can call this after freeing large blocks of
681 memory to potentially reduce the system-level memory requirements
682 of a program. However, it cannot guarantee to reduce memory. Under
683 some allocation patterns, some large free blocks of memory will be
684 locked between two used chunks, so they cannot be given back to
685 the system.
687 The `pad' argument to malloc_trim represents the amount of free
688 trailing space to leave untrimmed. If this argument is zero,
689 only the minimum amount of memory to maintain internal data
690 structures will be left (one page or less). Non-zero arguments
691 can be supplied to maintain enough trailing space to service
692 future expected allocations without having to re-obtain memory
693 from the system.
695 Malloc_trim returns 1 if it actually released any memory, else 0.
696 On systems that do not support "negative sbrks", it will always
697 return 0.
698 */
699 int __malloc_trim(size_t);
701 /*
702 malloc_usable_size(void* p);
704 Returns the number of bytes you can actually use in
705 an allocated chunk, which may be more than you requested (although
706 often not) due to alignment and minimum size constraints.
707 You can use this many bytes without worrying about
708 overwriting other allocated objects. This is not a particularly great
709 programming practice. malloc_usable_size can be more useful in
710 debugging and assertions, for example:
712 p = malloc(n);
713 assert(malloc_usable_size(p) >= 256);
715 */
716 size_t __malloc_usable_size(void*);
718 /*
719 malloc_stats();
720 Prints on stderr the amount of space obtained from the system (both
721 via sbrk and mmap), the maximum amount (which may be more than
722 current if malloc_trim and/or munmap got called), and the current
723 number of bytes allocated via malloc (or realloc, etc) but not yet
724 freed. Note that this is the number of bytes allocated, not the
725 number requested. It will be larger than the number requested
726 because of alignment and bookkeeping overhead. Because it includes
727 alignment wastage as being in use, this figure may be greater than
728 zero even when no user-level chunks are allocated.
730 The reported current and maximum system memory can be inaccurate if
731 a program makes other calls to system memory allocation functions
732 (normally sbrk) outside of malloc.
734 malloc_stats prints only the most commonly interesting statistics.
735 More information can be obtained by calling mallinfo.
737 */
738 void __malloc_stats(void);
740 /*
741 malloc_get_state(void);
743 Returns the state of all malloc variables in an opaque data
744 structure.
745 */
746 void* __malloc_get_state(void);
748 /*
749 malloc_set_state(void* state);
751 Restore the state of all malloc variables from data obtained with
752 malloc_get_state().
753 */
754 int __malloc_set_state(void*);
756 /*
757 posix_memalign(void **memptr, size_t alignment, size_t size);
759 POSIX wrapper like memalign(), checking for validity of size.
760 */
761 int __posix_memalign(void **, size_t, size_t);
763 /* mallopt tuning options */
765 /*
766 M_MXFAST is the maximum request size used for "fastbins", special bins
767 that hold returned chunks without consolidating their spaces. This
768 enables future requests for chunks of the same size to be handled
769 very quickly, but can increase fragmentation, and thus increase the
770 overall memory footprint of a program.
772 This malloc manages fastbins very conservatively yet still
773 efficiently, so fragmentation is rarely a problem for values less
774 than or equal to the default. The maximum supported value of MXFAST
775 is 80. You wouldn't want it any higher than this anyway. Fastbins
776 are designed especially for use with many small structs, objects or
777 strings -- the default handles structs/objects/arrays with sizes up
778 to 8 4byte fields, or small strings representing words, tokens,
779 etc. Using fastbins for larger objects normally worsens
780 fragmentation without improving speed.
782 M_MXFAST is set in REQUEST size units. It is internally used in
783 chunksize units, which adds padding and alignment. You can reduce
784 M_MXFAST to 0 to disable all use of fastbins. This causes the malloc
785 algorithm to be a closer approximation of fifo-best-fit in all cases,
786 not just for larger requests, but will generally cause it to be
787 slower.
788 */
791 /* M_MXFAST is a standard SVID/XPG tuning option, usually listed in malloc.h */
792 #ifndef M_MXFAST
793 #define M_MXFAST 1
794 #endif
796 #ifndef DEFAULT_MXFAST
797 #define DEFAULT_MXFAST (64 * SIZE_SZ / 4)
798 #endif
801 /*
802 M_TRIM_THRESHOLD is the maximum amount of unused top-most memory
803 to keep before releasing via malloc_trim in free().
805 Automatic trimming is mainly useful in long-lived programs.
806 Because trimming via sbrk can be slow on some systems, and can
807 sometimes be wasteful (in cases where programs immediately
808 afterward allocate more large chunks) the value should be high
809 enough so that your overall system performance would improve by
810 releasing this much memory.
812 The trim threshold and the mmap control parameters (see below)
813 can be traded off with one another. Trimming and mmapping are
814 two different ways of releasing unused memory back to the
815 system. Between these two, it is often possible to keep
816 system-level demands of a long-lived program down to a bare
817 minimum. For example, in one test suite of sessions measuring
818 the XF86 X server on Linux, using a trim threshold of 128K and a
819 mmap threshold of 192K led to near-minimal long term resource
820 consumption.
822 If you are using this malloc in a long-lived program, it should
823 pay to experiment with these values. As a rough guide, you
824 might set to a value close to the average size of a process
825 (program) running on your system. Releasing this much memory
826 would allow such a process to run in memory. Generally, it's
827 worth it to tune for trimming rather tham memory mapping when a
828 program undergoes phases where several large chunks are
829 allocated and released in ways that can reuse each other's
830 storage, perhaps mixed with phases where there are no such
831 chunks at all. And in well-behaved long-lived programs,
832 controlling release of large blocks via trimming versus mapping
833 is usually faster.
835 However, in most programs, these parameters serve mainly as
836 protection against the system-level effects of carrying around
837 massive amounts of unneeded memory. Since frequent calls to
838 sbrk, mmap, and munmap otherwise degrade performance, the default
839 parameters are set to relatively high values that serve only as
840 safeguards.
842 The trim value It must be greater than page size to have any useful
843 effect. To disable trimming completely, you can set to
844 (unsigned long)(-1)
846 Trim settings interact with fastbin (MXFAST) settings: Unless
847 TRIM_FASTBINS is defined, automatic trimming never takes place upon
848 freeing a chunk with size less than or equal to MXFAST. Trimming is
849 instead delayed until subsequent freeing of larger chunks. However,
850 you can still force an attempted trim by calling malloc_trim.
852 Also, trimming is not generally possible in cases where
853 the main arena is obtained via mmap.
855 Note that the trick some people use of mallocing a huge space and
856 then freeing it at program startup, in an attempt to reserve system
857 memory, doesn't have the intended effect under automatic trimming,
858 since that memory will immediately be returned to the system.
859 */
861 #define M_TRIM_THRESHOLD -1
863 #ifndef DEFAULT_TRIM_THRESHOLD
864 #define DEFAULT_TRIM_THRESHOLD (128 * 1024)
865 #endif
867 /*
868 M_TOP_PAD is the amount of extra `padding' space to allocate or
869 retain whenever sbrk is called. It is used in two ways internally:
871 * When sbrk is called to extend the top of the arena to satisfy
872 a new malloc request, this much padding is added to the sbrk
873 request.
875 * When malloc_trim is called automatically from free(),
876 it is used as the `pad' argument.
878 In both cases, the actual amount of padding is rounded
879 so that the end of the arena is always a system page boundary.
881 The main reason for using padding is to avoid calling sbrk so
882 often. Having even a small pad greatly reduces the likelihood
883 that nearly every malloc request during program start-up (or
884 after trimming) will invoke sbrk, which needlessly wastes
885 time.
887 Automatic rounding-up to page-size units is normally sufficient
888 to avoid measurable overhead, so the default is 0. However, in
889 systems where sbrk is relatively slow, it can pay to increase
890 this value, at the expense of carrying around more memory than
891 the program needs.
892 */
894 #define M_TOP_PAD -2
896 #ifndef DEFAULT_TOP_PAD
897 #define DEFAULT_TOP_PAD (0)
898 #endif
900 /*
901 MMAP_THRESHOLD_MAX and _MIN are the bounds on the dynamically
902 adjusted MMAP_THRESHOLD.
903 */
905 #ifndef DEFAULT_MMAP_THRESHOLD_MIN
906 #define DEFAULT_MMAP_THRESHOLD_MIN (128 * 1024)
907 #endif
909 #ifndef DEFAULT_MMAP_THRESHOLD_MAX
910 /* For 32-bit platforms we cannot increase the maximum mmap
911 threshold much because it is also the minimum value for the
912 maximum heap size and its alignment. Going above 512k (i.e., 1M
913 for new heaps) wastes too much address space. */
914 # if __WORDSIZE == 32
915 # define DEFAULT_MMAP_THRESHOLD_MAX (512 * 1024)
916 # else
917 # define DEFAULT_MMAP_THRESHOLD_MAX (4 * 1024 * 1024 * sizeof(long))
918 # endif
919 #endif
921 /*
922 M_MMAP_THRESHOLD is the request size threshold for using mmap()
923 to service a request. Requests of at least this size that cannot
924 be allocated using already-existing space will be serviced via mmap.
925 (If enough normal freed space already exists it is used instead.)
927 Using mmap segregates relatively large chunks of memory so that
928 they can be individually obtained and released from the host
929 system. A request serviced through mmap is never reused by any
930 other request (at least not directly; the system may just so
931 happen to remap successive requests to the same locations).
933 Segregating space in this way has the benefits that:
935 1. Mmapped space can ALWAYS be individually released back
936 to the system, which helps keep the system level memory
937 demands of a long-lived program low.
938 2. Mapped memory can never become `locked' between
939 other chunks, as can happen with normally allocated chunks, which
940 means that even trimming via malloc_trim would not release them.
941 3. On some systems with "holes" in address spaces, mmap can obtain
942 memory that sbrk cannot.
944 However, it has the disadvantages that:
946 1. The space cannot be reclaimed, consolidated, and then
947 used to service later requests, as happens with normal chunks.
948 2. It can lead to more wastage because of mmap page alignment
949 requirements
950 3. It causes malloc performance to be more dependent on host
951 system memory management support routines which may vary in
952 implementation quality and may impose arbitrary
953 limitations. Generally, servicing a request via normal
954 malloc steps is faster than going through a system's mmap.
956 The advantages of mmap nearly always outweigh disadvantages for
957 "large" chunks, but the value of "large" varies across systems. The
958 default is an empirically derived value that works well in most
959 systems.
962 Update in 2006:
963 The above was written in 2001. Since then the world has changed a lot.
964 Memory got bigger. Applications got bigger. The virtual address space
965 layout in 32 bit linux changed.
967 In the new situation, brk() and mmap space is shared and there are no
968 artificial limits on brk size imposed by the kernel. What is more,
969 applications have started using transient allocations larger than the
970 128Kb as was imagined in 2001.
972 The price for mmap is also high now; each time glibc mmaps from the
973 kernel, the kernel is forced to zero out the memory it gives to the
974 application. Zeroing memory is expensive and eats a lot of cache and
975 memory bandwidth. This has nothing to do with the efficiency of the
976 virtual memory system, by doing mmap the kernel just has no choice but
977 to zero.
979 In 2001, the kernel had a maximum size for brk() which was about 800
980 megabytes on 32 bit x86, at that point brk() would hit the first
981 mmaped shared libaries and couldn't expand anymore. With current 2.6
982 kernels, the VA space layout is different and brk() and mmap
983 both can span the entire heap at will.
985 Rather than using a static threshold for the brk/mmap tradeoff,
986 we are now using a simple dynamic one. The goal is still to avoid
987 fragmentation. The old goals we kept are
988 1) try to get the long lived large allocations to use mmap()
989 2) really large allocations should always use mmap()
990 and we're adding now:
991 3) transient allocations should use brk() to avoid forcing the kernel
992 having to zero memory over and over again
994 The implementation works with a sliding threshold, which is by default
995 limited to go between 128Kb and 32Mb (64Mb for 64 bitmachines) and starts
996 out at 128Kb as per the 2001 default.
998 This allows us to satisfy requirement 1) under the assumption that long
999 lived allocations are made early in the process' lifespan, before it has
1000 started doing dynamic allocations of the same size (which will
1001 increase the threshold).
1003 The upperbound on the threshold satisfies requirement 2)
1005 The threshold goes up in value when the application frees memory that was
1006 allocated with the mmap allocator. The idea is that once the application
1007 starts freeing memory of a certain size, it's highly probable that this is
1008 a size the application uses for transient allocations. This estimator
1009 is there to satisfy the new third requirement.
1011 */
1013 #define M_MMAP_THRESHOLD -3
1015 #ifndef DEFAULT_MMAP_THRESHOLD
1016 #define DEFAULT_MMAP_THRESHOLD DEFAULT_MMAP_THRESHOLD_MIN
1017 #endif
1019 /*
1020 M_MMAP_MAX is the maximum number of requests to simultaneously
1021 service using mmap. This parameter exists because
1022 some systems have a limited number of internal tables for
1023 use by mmap, and using more than a few of them may degrade
1024 performance.
1026 The default is set to a value that serves only as a safeguard.
1027 Setting to 0 disables use of mmap for servicing large requests.
1028 */
1030 #define M_MMAP_MAX -4
1032 #ifndef DEFAULT_MMAP_MAX
1033 #define DEFAULT_MMAP_MAX (65536)
1034 #endif
1036 #include <malloc.h>
1038 #ifndef RETURN_ADDRESS
1039 #define RETURN_ADDRESS(X_) (NULL)
1040 #endif
1042 /* On some platforms we can compile internal, not exported functions better.
1043 Let the environment provide a macro and define it to be empty if it
1044 is not available. */
1045 #ifndef internal_function
1046 # define internal_function
1047 #endif
1049 /* Forward declarations. */
1050 struct malloc_chunk;
1051 typedef struct malloc_chunk* mchunkptr;
1053 /* Internal routines. */
1055 static void* _int_malloc(mstate, size_t);
1056 static void _int_free(mstate, mchunkptr, int);
1057 static void* _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T,
1058 INTERNAL_SIZE_T);
1059 static void* _int_memalign(mstate, size_t, size_t);
1060 static void* _mid_memalign(size_t, size_t, void *);
1062 static void malloc_printerr(int action, const char *str, void *ptr, mstate av);
1064 static void* internal_function mem2mem_check(void *p, size_t sz);
1065 static int internal_function top_check(void);
1066 static void internal_function munmap_chunk(mchunkptr p);
1067 #if HAVE_MREMAP
1068 static mchunkptr internal_function mremap_chunk(mchunkptr p, size_t new_size);
1069 #endif
1071 static void* malloc_check(size_t sz, const void *caller);
1072 static void free_check(void* mem, const void *caller);
1073 static void* realloc_check(void* oldmem, size_t bytes,
1074 const void *caller);
1075 static void* memalign_check(size_t alignment, size_t bytes,
1076 const void *caller);
1077 #ifndef NO_THREADS
1078 static void* malloc_atfork(size_t sz, const void *caller);
1079 static void free_atfork(void* mem, const void *caller);
1080 #endif
1082 /* ------------------ MMAP support ------------------ */
1085 #include <fcntl.h>
1086 #include <sys/mman.h>
1088 #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
1089 # define MAP_ANONYMOUS MAP_ANON
1090 #endif
1092 #ifndef MAP_NORESERVE
1093 # define MAP_NORESERVE 0
1094 #endif
1096 #define MMAP(addr, size, prot, flags) \
1097 __mmap((addr), (size), (prot), (flags)|MAP_ANONYMOUS|MAP_PRIVATE, -1, 0)
1100 /*
1101 ----------------------- Chunk representations -----------------------
1102 */
1105 /*
1106 This struct declaration is misleading (but accurate and necessary).
1107 It declares a "view" into memory allowing access to necessary
1108 fields at known offsets from a given base. See explanation below.
1109 */
1111 struct malloc_chunk {
1113 INTERNAL_SIZE_T prev_size; /* Size of previous chunk (if free). */
1114 INTERNAL_SIZE_T size; /* Size in bytes, including overhead. */
1116 struct malloc_chunk* fd; /* double links -- used only if free. */
1117 struct malloc_chunk* bk;
1119 /* Only used for large blocks: pointer to next larger size. */
1120 struct malloc_chunk* fd_nextsize; /* double links -- used only if free. */
1121 struct malloc_chunk* bk_nextsize;
1122 };
1125 /*
1126 malloc_chunk details:
1128 (The following includes lightly edited explanations by Colin Plumb.)
1130 Chunks of memory are maintained using a `boundary tag' method as
1131 described in e.g., Knuth or Standish. (See the paper by Paul
1132 Wilson ftp://ftp.cs.utexas.edu/pub/garbage/allocsrv.ps for a
1133 survey of such techniques.) Sizes of free chunks are stored both
1134 in the front of each chunk and at the end. This makes
1135 consolidating fragmented chunks into bigger chunks very fast. The
1136 size fields also hold bits representing whether chunks are free or
1137 in use.
1139 An allocated chunk looks like this:
1142 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1143 | Size of previous chunk, if allocated | |
1144 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1145 | Size of chunk, in bytes |M|P|
1146 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1147 | User data starts here... .
1148 . .
1149 . (malloc_usable_size() bytes) .
1150 . |
1151 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1152 | Size of chunk |
1153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1156 Where "chunk" is the front of the chunk for the purpose of most of
1157 the malloc code, but "mem" is the pointer that is returned to the
1158 user. "Nextchunk" is the beginning of the next contiguous chunk.
1160 Chunks always begin on even word boundaries, so the mem portion
1161 (which is returned to the user) is also on an even word boundary, and
1162 thus at least double-word aligned.
1164 Free chunks are stored in circular doubly-linked lists, and look like this:
1166 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1167 | Size of previous chunk |
1168 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1169 `head:' | Size of chunk, in bytes |P|
1170 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1171 | Forward pointer to next chunk in list |
1172 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1173 | Back pointer to previous chunk in list |
1174 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1175 | Unused space (may be 0 bytes long) .
1176 . .
1177 . |
1178 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1179 `foot:' | Size of chunk, in bytes |
1180 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1182 The P (PREV_INUSE) bit, stored in the unused low-order bit of the
1183 chunk size (which is always a multiple of two words), is an in-use
1184 bit for the *previous* chunk. If that bit is *clear*, then the
1185 word before the current chunk size contains the previous chunk
1186 size, and can be used to find the front of the previous chunk.
1187 The very first chunk allocated always has this bit set,
1188 preventing access to non-existent (or non-owned) memory. If
1189 prev_inuse is set for any given chunk, then you CANNOT determine
1190 the size of the previous chunk, and might even get a memory
1191 addressing fault when trying to do so.
1193 Note that the `foot' of the current chunk is actually represented
1194 as the prev_size of the NEXT chunk. This makes it easier to
1195 deal with alignments etc but can be very confusing when trying
1196 to extend or adapt this code.
1198 The two exceptions to all this are
1200 1. The special chunk `top' doesn't bother using the
1201 trailing size field since there is no next contiguous chunk
1202 that would have to index off it. After initialization, `top'
1203 is forced to always exist. If it would become less than
1204 MINSIZE bytes long, it is replenished.
1206 2. Chunks allocated via mmap, which have the second-lowest-order
1207 bit M (IS_MMAPPED) set in their size fields. Because they are
1208 allocated one-by-one, each must contain its own trailing size field.
1210 */
1212 /*
1213 ---------- Size and alignment checks and conversions ----------
1214 */
1216 /* conversion from malloc headers to user pointers, and back */
1218 #define chunk2mem(p) ((void*)((char*)(p) + 2*SIZE_SZ))
1219 #define mem2chunk(mem) ((mchunkptr)((char*)(mem) - 2*SIZE_SZ))
1221 /* The smallest possible chunk */
1222 #define MIN_CHUNK_SIZE (offsetof(struct malloc_chunk, fd_nextsize))
1224 /* The smallest size we can malloc is an aligned minimal chunk */
1226 #define MINSIZE \
1227 (unsigned long)(((MIN_CHUNK_SIZE+MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK))
1229 /* Check if m has acceptable alignment */
1231 #define aligned_OK(m) (((unsigned long)(m) & MALLOC_ALIGN_MASK) == 0)
1233 #define misaligned_chunk(p) \
1234 ((uintptr_t)(MALLOC_ALIGNMENT == 2 * SIZE_SZ ? (p) : chunk2mem (p)) \
1235 & MALLOC_ALIGN_MASK)
1238 /*
1239 Check if a request is so large that it would wrap around zero when
1240 padded and aligned. To simplify some other code, the bound is made
1241 low enough so that adding MINSIZE will also not wrap around zero.
1242 */
1244 #define REQUEST_OUT_OF_RANGE(req) \
1245 ((unsigned long) (req) >= \
1246 (unsigned long) (INTERNAL_SIZE_T) (-2 * MINSIZE))
1248 /* pad request bytes into a usable size -- internal version */
1250 #define request2size(req) \
1251 (((req) + SIZE_SZ + MALLOC_ALIGN_MASK < MINSIZE) ? \
1252 MINSIZE : \
1253 ((req) + SIZE_SZ + MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK)
1255 /* Same, except also perform argument check */
1257 #define checked_request2size(req, sz) \
1258 if (REQUEST_OUT_OF_RANGE (req)) { \
1259 __set_errno (ENOMEM); \
1260 return 0; \
1261 } \
1262 (sz) = request2size (req);
1264 /*
1265 --------------- Physical chunk operations ---------------
1266 */
1269 /* size field is or'ed with PREV_INUSE when previous adjacent chunk in use */
1270 #define PREV_INUSE 0x1
1272 /* extract inuse bit of previous chunk */
1273 #define prev_inuse(p) ((p)->size & PREV_INUSE)
1276 /* size field is or'ed with IS_MMAPPED if the chunk was obtained with mmap() */
1277 #define IS_MMAPPED 0x2
1279 /* check for mmap()'ed chunk */
1280 #define chunk_is_mmapped(p) ((p)->size & IS_MMAPPED)
1283 /* size field is or'ed with NON_MAIN_ARENA if the chunk was obtained
1284 from a non-main arena. This is only set immediately before handing
1285 the chunk to the user, if necessary. */
1286 #define NON_MAIN_ARENA 0x4
1288 /* check for chunk from non-main arena */
1289 #define chunk_non_main_arena(p) ((p)->size & NON_MAIN_ARENA)
1292 /*
1293 Bits to mask off when extracting size
1295 Note: IS_MMAPPED is intentionally not masked off from size field in
1296 macros for which mmapped chunks should never be seen. This should
1297 cause helpful core dumps to occur if it is tried by accident by
1298 people extending or adapting this malloc.
1299 */
1300 #define SIZE_BITS (PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA)
1302 /* Get size, ignoring use bits */
1303 #define chunksize(p) ((p)->size & ~(SIZE_BITS))
1306 /* Ptr to next physical malloc_chunk. */
1307 #define next_chunk(p) ((mchunkptr) (((char *) (p)) + ((p)->size & ~SIZE_BITS)))
1309 /* Ptr to previous physical malloc_chunk */
1310 #define prev_chunk(p) ((mchunkptr) (((char *) (p)) - ((p)->prev_size)))
1312 /* Treat space at ptr + offset as a chunk */
1313 #define chunk_at_offset(p, s) ((mchunkptr) (((char *) (p)) + (s)))
1315 /* extract p's inuse bit */
1316 #define inuse(p) \
1317 ((((mchunkptr) (((char *) (p)) + ((p)->size & ~SIZE_BITS)))->size) & PREV_INUSE)
1319 /* set/clear chunk as being inuse without otherwise disturbing */
1320 #define set_inuse(p) \
1321 ((mchunkptr) (((char *) (p)) + ((p)->size & ~SIZE_BITS)))->size |= PREV_INUSE
1323 #define clear_inuse(p) \
1324 ((mchunkptr) (((char *) (p)) + ((p)->size & ~SIZE_BITS)))->size &= ~(PREV_INUSE)
1327 /* check/set/clear inuse bits in known places */
1328 #define inuse_bit_at_offset(p, s) \
1329 (((mchunkptr) (((char *) (p)) + (s)))->size & PREV_INUSE)
1331 #define set_inuse_bit_at_offset(p, s) \
1332 (((mchunkptr) (((char *) (p)) + (s)))->size |= PREV_INUSE)
1334 #define clear_inuse_bit_at_offset(p, s) \
1335 (((mchunkptr) (((char *) (p)) + (s)))->size &= ~(PREV_INUSE))
1338 /* Set size at head, without disturbing its use bit */
1339 #define set_head_size(p, s) ((p)->size = (((p)->size & SIZE_BITS) | (s)))
1341 /* Set size/use field */
1342 #define set_head(p, s) ((p)->size = (s))
1344 /* Set size at footer (only when chunk is not in use) */
1345 #define set_foot(p, s) (((mchunkptr) ((char *) (p) + (s)))->prev_size = (s))
1348 /*
1349 -------------------- Internal data structures --------------------
1351 All internal state is held in an instance of malloc_state defined
1352 below. There are no other static variables, except in two optional
1353 cases:
1354 * If USE_MALLOC_LOCK is defined, the mALLOC_MUTEx declared above.
1355 * If mmap doesn't support MAP_ANONYMOUS, a dummy file descriptor
1356 for mmap.
1358 Beware of lots of tricks that minimize the total bookkeeping space
1359 requirements. The result is a little over 1K bytes (for 4byte
1360 pointers and size_t.)
1361 */
1363 /*
1364 Bins
1366 An array of bin headers for free chunks. Each bin is doubly
1367 linked. The bins are approximately proportionally (log) spaced.
1368 There are a lot of these bins (128). This may look excessive, but
1369 works very well in practice. Most bins hold sizes that are
1370 unusual as malloc request sizes, but are more usual for fragments
1371 and consolidated sets of chunks, which is what these bins hold, so
1372 they can be found quickly. All procedures maintain the invariant
1373 that no consolidated chunk physically borders another one, so each
1374 chunk in a list is known to be preceeded and followed by either
1375 inuse chunks or the ends of memory.
1377 Chunks in bins are kept in size order, with ties going to the
1378 approximately least recently used chunk. Ordering isn't needed
1379 for the small bins, which all contain the same-sized chunks, but
1380 facilitates best-fit allocation for larger chunks. These lists
1381 are just sequential. Keeping them in order almost never requires
1382 enough traversal to warrant using fancier ordered data
1383 structures.
1385 Chunks of the same size are linked with the most
1386 recently freed at the front, and allocations are taken from the
1387 back. This results in LRU (FIFO) allocation order, which tends
1388 to give each chunk an equal opportunity to be consolidated with
1389 adjacent freed chunks, resulting in larger free chunks and less
1390 fragmentation.
1392 To simplify use in double-linked lists, each bin header acts
1393 as a malloc_chunk. This avoids special-casing for headers.
1394 But to conserve space and improve locality, we allocate
1395 only the fd/bk pointers of bins, and then use repositioning tricks
1396 to treat these as the fields of a malloc_chunk*.
1397 */
1399 typedef struct malloc_chunk *mbinptr;
1401 /* addressing -- note that bin_at(0) does not exist */
1402 #define bin_at(m, i) \
1403 (mbinptr) (((char *) &((m)->bins[((i) - 1) * 2])) \
1404 - offsetof (struct malloc_chunk, fd))
1406 /* analog of ++bin */
1407 #define next_bin(b) ((mbinptr) ((char *) (b) + (sizeof (mchunkptr) << 1)))
1409 /* Reminders about list directionality within bins */
1410 #define first(b) ((b)->fd)
1411 #define last(b) ((b)->bk)
1413 /* Take a chunk off a bin list */
1414 #define unlink(AV, P, BK, FD) { \
1415 FD = P->fd; \
1416 BK = P->bk; \
1417 if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \
1418 malloc_printerr (check_action, "corrupted double-linked list", P, AV); \
1419 else { \
1420 FD->bk = BK; \
1421 BK->fd = FD; \
1422 if (!in_smallbin_range (P->size) \
1423 && __builtin_expect (P->fd_nextsize != NULL, 0)) { \
1424 if (__builtin_expect (P->fd_nextsize->bk_nextsize != P, 0) \
1425 || __builtin_expect (P->bk_nextsize->fd_nextsize != P, 0)) \
1426 malloc_printerr (check_action, \
1427 "corrupted double-linked list (not small)", \
1428 P, AV); \
1429 if (FD->fd_nextsize == NULL) { \
1430 if (P->fd_nextsize == P) \
1431 FD->fd_nextsize = FD->bk_nextsize = FD; \
1432 else { \
1433 FD->fd_nextsize = P->fd_nextsize; \
1434 FD->bk_nextsize = P->bk_nextsize; \
1435 P->fd_nextsize->bk_nextsize = FD; \
1436 P->bk_nextsize->fd_nextsize = FD; \
1437 } \
1438 } else { \
1439 P->fd_nextsize->bk_nextsize = P->bk_nextsize; \
1440 P->bk_nextsize->fd_nextsize = P->fd_nextsize; \
1441 } \
1442 } \
1443 } \
1446 /*
1447 Indexing
1449 Bins for sizes < 512 bytes contain chunks of all the same size, spaced
1450 8 bytes apart. Larger bins are approximately logarithmically spaced:
1452 64 bins of size 8
1453 32 bins of size 64
1454 16 bins of size 512
1455 8 bins of size 4096
1456 4 bins of size 32768
1457 2 bins of size 262144
1458 1 bin of size what's left
1460 There is actually a little bit of slop in the numbers in bin_index
1461 for the sake of speed. This makes no difference elsewhere.
1463 The bins top out around 1MB because we expect to service large
1464 requests via mmap.
1466 Bin 0 does not exist. Bin 1 is the unordered list; if that would be
1467 a valid chunk size the small bins are bumped up one.
1468 */
1470 #define NBINS 128
1471 #define NSMALLBINS 64
1472 #define SMALLBIN_WIDTH MALLOC_ALIGNMENT
1473 #define SMALLBIN_CORRECTION (MALLOC_ALIGNMENT > 2 * SIZE_SZ)
1474 #define MIN_LARGE_SIZE ((NSMALLBINS - SMALLBIN_CORRECTION) * SMALLBIN_WIDTH)
1476 #define in_smallbin_range(sz) \
1477 ((unsigned long) (sz) < (unsigned long) MIN_LARGE_SIZE)
1479 #define smallbin_index(sz) \
1480 ((SMALLBIN_WIDTH == 16 ? (((unsigned) (sz)) >> 4) : (((unsigned) (sz)) >> 3))\
1481 + SMALLBIN_CORRECTION)
1483 #define largebin_index_32(sz) \
1484 (((((unsigned long) (sz)) >> 6) <= 38) ? 56 + (((unsigned long) (sz)) >> 6) :\
1485 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1486 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1487 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1488 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1489 126)
1491 #define largebin_index_32_big(sz) \
1492 (((((unsigned long) (sz)) >> 6) <= 45) ? 49 + (((unsigned long) (sz)) >> 6) :\
1493 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1494 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1495 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1496 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1497 126)
1499 // XXX It remains to be seen whether it is good to keep the widths of
1500 // XXX the buckets the same or whether it should be scaled by a factor
1501 // XXX of two as well.
1502 #define largebin_index_64(sz) \
1503 (((((unsigned long) (sz)) >> 6) <= 48) ? 48 + (((unsigned long) (sz)) >> 6) :\
1504 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1505 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1506 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1507 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1508 126)
1510 #define largebin_index(sz) \
1511 (SIZE_SZ == 8 ? largebin_index_64 (sz) \
1512 : MALLOC_ALIGNMENT == 16 ? largebin_index_32_big (sz) \
1513 : largebin_index_32 (sz))
1515 #define bin_index(sz) \
1516 ((in_smallbin_range (sz)) ? smallbin_index (sz) : largebin_index (sz))
1519 /*
1520 Unsorted chunks
1522 All remainders from chunk splits, as well as all returned chunks,
1523 are first placed in the "unsorted" bin. They are then placed
1524 in regular bins after malloc gives them ONE chance to be used before
1525 binning. So, basically, the unsorted_chunks list acts as a queue,
1526 with chunks being placed on it in free (and malloc_consolidate),
1527 and taken off (to be either used or placed in bins) in malloc.
1529 The NON_MAIN_ARENA flag is never set for unsorted chunks, so it
1530 does not have to be taken into account in size comparisons.
1531 */
1533 /* The otherwise unindexable 1-bin is used to hold unsorted chunks. */
1534 #define unsorted_chunks(M) (bin_at (M, 1))
1536 /*
1537 Top
1539 The top-most available chunk (i.e., the one bordering the end of
1540 available memory) is treated specially. It is never included in
1541 any bin, is used only if no other chunk is available, and is
1542 released back to the system if it is very large (see
1543 M_TRIM_THRESHOLD). Because top initially
1544 points to its own bin with initial zero size, thus forcing
1545 extension on the first malloc request, we avoid having any special
1546 code in malloc to check whether it even exists yet. But we still
1547 need to do so when getting memory from system, so we make
1548 initial_top treat the bin as a legal but unusable chunk during the
1549 interval between initialization and the first call to
1550 sysmalloc. (This is somewhat delicate, since it relies on
1551 the 2 preceding words to be zero during this interval as well.)
1552 */
1554 /* Conveniently, the unsorted bin can be used as dummy top on first call */
1555 #define initial_top(M) (unsorted_chunks (M))
1557 /*
1558 Binmap
1560 To help compensate for the large number of bins, a one-level index
1561 structure is used for bin-by-bin searching. `binmap' is a
1562 bitvector recording whether bins are definitely empty so they can
1563 be skipped over during during traversals. The bits are NOT always
1564 cleared as soon as bins are empty, but instead only
1565 when they are noticed to be empty during traversal in malloc.
1566 */
1568 /* Conservatively use 32 bits per map word, even if on 64bit system */
1569 #define BINMAPSHIFT 5
1570 #define BITSPERMAP (1U << BINMAPSHIFT)
1571 #define BINMAPSIZE (NBINS / BITSPERMAP)
1573 #define idx2block(i) ((i) >> BINMAPSHIFT)
1574 #define idx2bit(i) ((1U << ((i) & ((1U << BINMAPSHIFT) - 1))))
1576 #define mark_bin(m, i) ((m)->binmap[idx2block (i)] |= idx2bit (i))
1577 #define unmark_bin(m, i) ((m)->binmap[idx2block (i)] &= ~(idx2bit (i)))
1578 #define get_binmap(m, i) ((m)->binmap[idx2block (i)] & idx2bit (i))
1580 /*
1581 Fastbins
1583 An array of lists holding recently freed small chunks. Fastbins
1584 are not doubly linked. It is faster to single-link them, and
1585 since chunks are never removed from the middles of these lists,
1586 double linking is not necessary. Also, unlike regular bins, they
1587 are not even processed in FIFO order (they use faster LIFO) since
1588 ordering doesn't much matter in the transient contexts in which
1589 fastbins are normally used.
1591 Chunks in fastbins keep their inuse bit set, so they cannot
1592 be consolidated with other free chunks. malloc_consolidate
1593 releases all chunks in fastbins and consolidates them with
1594 other free chunks.
1595 */
1597 typedef struct malloc_chunk *mfastbinptr;
1598 #define fastbin(ar_ptr, idx) ((ar_ptr)->fastbinsY[idx])
1600 /* offset 2 to use otherwise unindexable first 2 bins */
1601 #define fastbin_index(sz) \
1602 ((((unsigned int) (sz)) >> (SIZE_SZ == 8 ? 4 : 3)) - 2)
1605 /* The maximum fastbin request size we support */
1606 #define MAX_FAST_SIZE (80 * SIZE_SZ / 4)
1608 #define NFASTBINS (fastbin_index (request2size (MAX_FAST_SIZE)) + 1)
1610 /*
1611 FASTBIN_CONSOLIDATION_THRESHOLD is the size of a chunk in free()
1612 that triggers automatic consolidation of possibly-surrounding
1613 fastbin chunks. This is a heuristic, so the exact value should not
1614 matter too much. It is defined at half the default trim threshold as a
1615 compromise heuristic to only attempt consolidation if it is likely
1616 to lead to trimming. However, it is not dynamically tunable, since
1617 consolidation reduces fragmentation surrounding large chunks even
1618 if trimming is not used.
1619 */
1621 #define FASTBIN_CONSOLIDATION_THRESHOLD (65536UL)
1623 /*
1624 Since the lowest 2 bits in max_fast don't matter in size comparisons,
1625 they are used as flags.
1626 */
1628 /*
1629 FASTCHUNKS_BIT held in max_fast indicates that there are probably
1630 some fastbin chunks. It is set true on entering a chunk into any
1631 fastbin, and cleared only in malloc_consolidate.
1633 The truth value is inverted so that have_fastchunks will be true
1634 upon startup (since statics are zero-filled), simplifying
1635 initialization checks.
1636 */
1638 #define FASTCHUNKS_BIT (1U)
1640 #define have_fastchunks(M) (((M)->flags & FASTCHUNKS_BIT) == 0)
1641 #define clear_fastchunks(M) catomic_or (&(M)->flags, FASTCHUNKS_BIT)
1642 #define set_fastchunks(M) catomic_and (&(M)->flags, ~FASTCHUNKS_BIT)
1644 /*
1645 NONCONTIGUOUS_BIT indicates that MORECORE does not return contiguous
1646 regions. Otherwise, contiguity is exploited in merging together,
1647 when possible, results from consecutive MORECORE calls.
1649 The initial value comes from MORECORE_CONTIGUOUS, but is
1650 changed dynamically if mmap is ever used as an sbrk substitute.
1651 */
1653 #define NONCONTIGUOUS_BIT (2U)
1655 #define contiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) == 0)
1656 #define noncontiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) != 0)
1657 #define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT)
1658 #define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT)
1660 /* ARENA_CORRUPTION_BIT is set if a memory corruption was detected on the
1661 arena. Such an arena is no longer used to allocate chunks. Chunks
1662 allocated in that arena before detecting corruption are not freed. */
1664 #define ARENA_CORRUPTION_BIT (4U)
1666 #define arena_is_corrupt(A) (((A)->flags & ARENA_CORRUPTION_BIT))
1667 #define set_arena_corrupt(A) ((A)->flags |= ARENA_CORRUPTION_BIT)
1669 /*
1670 Set value of max_fast.
1671 Use impossibly small value if 0.
1672 Precondition: there are no existing fastbin chunks.
1673 Setting the value clears fastchunk bit but preserves noncontiguous bit.
1674 */
1676 #define set_max_fast(s) \
1677 global_max_fast = (((s) == 0) \
1678 ? SMALLBIN_WIDTH : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK))
1679 #define get_max_fast() global_max_fast
1682 /*
1683 ----------- Internal state representation and initialization -----------
1684 */
1686 struct malloc_state
1688 /* Serialize access. */
1689 mutex_t mutex;
1691 /* Flags (formerly in max_fast). */
1692 int flags;
1694 /* Fastbins */
1695 mfastbinptr fastbinsY[NFASTBINS];
1697 /* Base of the topmost chunk -- not otherwise kept in a bin */
1698 mchunkptr top;
1700 /* The remainder from the most recent split of a small request */
1701 mchunkptr last_remainder;
1703 /* Normal bins packed as described above */
1704 mchunkptr bins[NBINS * 2 - 2];
1706 /* Bitmap of bins */
1707 unsigned int binmap[BINMAPSIZE];
1709 /* Linked list */
1710 struct malloc_state *next;
1712 /* Linked list for free arenas. */
1713 struct malloc_state *next_free;
1715 /* Memory allocated from the system in this arena. */
1716 INTERNAL_SIZE_T system_mem;
1717 INTERNAL_SIZE_T max_system_mem;
1718 };
1720 struct malloc_par
1722 /* Tunable parameters */
1723 unsigned long trim_threshold;
1724 INTERNAL_SIZE_T top_pad;
1725 INTERNAL_SIZE_T mmap_threshold;
1726 INTERNAL_SIZE_T arena_test;
1727 INTERNAL_SIZE_T arena_max;
1729 /* Memory map support */
1730 int n_mmaps;
1731 int n_mmaps_max;
1732 int max_n_mmaps;
1733 /* the mmap_threshold is dynamic, until the user sets
1734 it manually, at which point we need to disable any
1735 dynamic behavior. */
1736 int no_dyn_threshold;
1738 /* Statistics */
1739 INTERNAL_SIZE_T mmapped_mem;
1740 /*INTERNAL_SIZE_T sbrked_mem;*/
1741 /*INTERNAL_SIZE_T max_sbrked_mem;*/
1742 INTERNAL_SIZE_T max_mmapped_mem;
1743 INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */
1745 /* First address handed out by MORECORE/sbrk. */
1746 char *sbrk_base;
1747 };
1749 /* There are several instances of this struct ("arenas") in this
1750 malloc. If you are adapting this malloc in a way that does NOT use
1751 a static or mmapped malloc_state, you MUST explicitly zero-fill it
1752 before using. This malloc relies on the property that malloc_state
1753 is initialized to all zeroes (as is true of C statics). */
1755 static struct malloc_state main_arena =
1757 .mutex = MUTEX_INITIALIZER,
1758 .next = &main_arena
1759 };
1761 /* There is only one instance of the malloc parameters. */
1763 static struct malloc_par mp_ =
1765 .top_pad = DEFAULT_TOP_PAD,
1766 .n_mmaps_max = DEFAULT_MMAP_MAX,
1767 .mmap_threshold = DEFAULT_MMAP_THRESHOLD,
1768 .trim_threshold = DEFAULT_TRIM_THRESHOLD,
1769 #define NARENAS_FROM_NCORES(n) ((n) * (sizeof (long) == 4 ? 2 : 8))
1770 .arena_test = NARENAS_FROM_NCORES (1)
1771 };
1774 /* Non public mallopt parameters. */
1775 #define M_ARENA_TEST -7
1776 #define M_ARENA_MAX -8
1779 /* Maximum size of memory handled in fastbins. */
1780 static INTERNAL_SIZE_T global_max_fast;
1782 /*
1783 Initialize a malloc_state struct.
1785 This is called only from within malloc_consolidate, which needs
1786 be called in the same contexts anyway. It is never called directly
1787 outside of malloc_consolidate because some optimizing compilers try
1788 to inline it at all call points, which turns out not to be an
1789 optimization at all. (Inlining it in malloc_consolidate is fine though.)
1790 */
1792 static void
1793 malloc_init_state (mstate av)
1795 int i;
1796 mbinptr bin;
1798 /* Establish circular links for normal bins */
1799 for (i = 1; i < NBINS; ++i)
1801 bin = bin_at (av, i);
1802 bin->fd = bin->bk = bin;
1805 #if MORECORE_CONTIGUOUS
1806 if (av != &main_arena)
1807 #endif
1808 set_noncontiguous (av);
1809 if (av == &main_arena)
1810 set_max_fast (DEFAULT_MXFAST);
1811 av->flags |= FASTCHUNKS_BIT;
1813 av->top = initial_top (av);
1816 /*
1817 Other internal utilities operating on mstates
1818 */
1820 static void *sysmalloc (INTERNAL_SIZE_T, mstate);
1821 static int systrim (size_t, mstate);
1822 static void malloc_consolidate (mstate);
1825 /* -------------- Early definitions for debugging hooks ---------------- */
1827 /* Define and initialize the hook variables. These weak definitions must
1828 appear before any use of the variables in a function (arena.c uses one). */
1829 #ifndef weak_variable
1830 /* In GNU libc we want the hook variables to be weak definitions to
1831 avoid a problem with Emacs. */
1832 # define weak_variable weak_function
1833 #endif
1835 /* Forward declarations. */
1836 static void *malloc_hook_ini (size_t sz,
1837 const void *caller) __THROW;
1838 static void *realloc_hook_ini (void *ptr, size_t sz,
1839 const void *caller) __THROW;
1840 static void *memalign_hook_ini (size_t alignment, size_t sz,
1841 const void *caller) __THROW;
1843 void weak_variable (*__malloc_initialize_hook) (void) = NULL;
1844 void weak_variable (*__free_hook) (void *__ptr,
1845 const void *) = NULL;
1846 void *weak_variable (*__malloc_hook)
1847 (size_t __size, const void *) = malloc_hook_ini;
1848 void *weak_variable (*__realloc_hook)
1849 (void *__ptr, size_t __size, const void *)
1850 = realloc_hook_ini;
1851 void *weak_variable (*__memalign_hook)
1852 (size_t __alignment, size_t __size, const void *)
1853 = memalign_hook_ini;
1854 void weak_variable (*__after_morecore_hook) (void) = NULL;
1857 /* ---------------- Error behavior ------------------------------------ */
1859 #ifndef DEFAULT_CHECK_ACTION
1860 # define DEFAULT_CHECK_ACTION 3
1861 #endif
1863 static int check_action = DEFAULT_CHECK_ACTION;
1866 /* ------------------ Testing support ----------------------------------*/
1868 static int perturb_byte;
1870 static void
1871 alloc_perturb (char *p, size_t n)
1873 if (__glibc_unlikely (perturb_byte))
1874 memset (p, perturb_byte ^ 0xff, n);
1877 static void
1878 free_perturb (char *p, size_t n)
1880 if (__glibc_unlikely (perturb_byte))
1881 memset (p, perturb_byte, n);
1886 #include <stap-probe.h>
1888 /* ------------------- Support for multiple arenas -------------------- */
1889 #include "arena.c"
1891 /*
1892 Debugging support
1894 These routines make a number of assertions about the states
1895 of data structures that should be true at all times. If any
1896 are not true, it's very likely that a user program has somehow
1897 trashed memory. (It's also possible that there is a coding error
1898 in malloc. In which case, please report it!)
1899 */
1901 #if !MALLOC_DEBUG
1903 # define check_chunk(A, P)
1904 # define check_free_chunk(A, P)
1905 # define check_inuse_chunk(A, P)
1906 # define check_remalloced_chunk(A, P, N)
1907 # define check_malloced_chunk(A, P, N)
1908 # define check_malloc_state(A)
1910 #else
1912 # define check_chunk(A, P) do_check_chunk (A, P)
1913 # define check_free_chunk(A, P) do_check_free_chunk (A, P)
1914 # define check_inuse_chunk(A, P) do_check_inuse_chunk (A, P)
1915 # define check_remalloced_chunk(A, P, N) do_check_remalloced_chunk (A, P, N)
1916 # define check_malloced_chunk(A, P, N) do_check_malloced_chunk (A, P, N)
1917 # define check_malloc_state(A) do_check_malloc_state (A)
1919 /*
1920 Properties of all chunks
1921 */
1923 static void
1924 do_check_chunk (mstate av, mchunkptr p)
1926 unsigned long sz = chunksize (p);
1927 /* min and max possible addresses assuming contiguous allocation */
1928 char *max_address = (char *) (av->top) + chunksize (av->top);
1929 char *min_address = max_address - av->system_mem;
1931 if (!chunk_is_mmapped (p))
1933 /* Has legal address ... */
1934 if (p != av->top)
1936 if (contiguous (av))
1938 assert (((char *) p) >= min_address);
1939 assert (((char *) p + sz) <= ((char *) (av->top)));
1942 else
1944 /* top size is always at least MINSIZE */
1945 assert ((unsigned long) (sz) >= MINSIZE);
1946 /* top predecessor always marked inuse */
1947 assert (prev_inuse (p));
1950 else
1952 /* address is outside main heap */
1953 if (contiguous (av) && av->top != initial_top (av))
1955 assert (((char *) p) < min_address || ((char *) p) >= max_address);
1957 /* chunk is page-aligned */
1958 assert (((p->prev_size + sz) & (GLRO (dl_pagesize) - 1)) == 0);
1959 /* mem is aligned */
1960 assert (aligned_OK (chunk2mem (p)));
1964 /*
1965 Properties of free chunks
1966 */
1968 static void
1969 do_check_free_chunk (mstate av, mchunkptr p)
1971 INTERNAL_SIZE_T sz = p->size & ~(PREV_INUSE | NON_MAIN_ARENA);
1972 mchunkptr next = chunk_at_offset (p, sz);
1974 do_check_chunk (av, p);
1976 /* Chunk must claim to be free ... */
1977 assert (!inuse (p));
1978 assert (!chunk_is_mmapped (p));
1980 /* Unless a special marker, must have OK fields */
1981 if ((unsigned long) (sz) >= MINSIZE)
1983 assert ((sz & MALLOC_ALIGN_MASK) == 0);
1984 assert (aligned_OK (chunk2mem (p)));
1985 /* ... matching footer field */
1986 assert (next->prev_size == sz);
1987 /* ... and is fully consolidated */
1988 assert (prev_inuse (p));
1989 assert (next == av->top || inuse (next));
1991 /* ... and has minimally sane links */
1992 assert (p->fd->bk == p);
1993 assert (p->bk->fd == p);
1995 else /* markers are always of size SIZE_SZ */
1996 assert (sz == SIZE_SZ);
1999 /*
2000 Properties of inuse chunks
2001 */
2003 static void
2004 do_check_inuse_chunk (mstate av, mchunkptr p)
2006 mchunkptr next;
2008 do_check_chunk (av, p);
2010 if (chunk_is_mmapped (p))
2011 return; /* mmapped chunks have no next/prev */
2013 /* Check whether it claims to be in use ... */
2014 assert (inuse (p));
2016 next = next_chunk (p);
2018 /* ... and is surrounded by OK chunks.
2019 Since more things can be checked with free chunks than inuse ones,
2020 if an inuse chunk borders them and debug is on, it's worth doing them.
2021 */
2022 if (!prev_inuse (p))
2024 /* Note that we cannot even look at prev unless it is not inuse */
2025 mchunkptr prv = prev_chunk (p);
2026 assert (next_chunk (prv) == p);
2027 do_check_free_chunk (av, prv);
2030 if (next == av->top)
2032 assert (prev_inuse (next));
2033 assert (chunksize (next) >= MINSIZE);
2035 else if (!inuse (next))
2036 do_check_free_chunk (av, next);
2039 /*
2040 Properties of chunks recycled from fastbins
2041 */
2043 static void
2044 do_check_remalloced_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T s)
2046 INTERNAL_SIZE_T sz = p->size & ~(PREV_INUSE | NON_MAIN_ARENA);
2048 if (!chunk_is_mmapped (p))
2050 assert (av == arena_for_chunk (p));
2051 if (chunk_non_main_arena (p))
2052 assert (av != &main_arena);
2053 else
2054 assert (av == &main_arena);
2057 do_check_inuse_chunk (av, p);
2059 /* Legal size ... */
2060 assert ((sz & MALLOC_ALIGN_MASK) == 0);
2061 assert ((unsigned long) (sz) >= MINSIZE);
2062 /* ... and alignment */
2063 assert (aligned_OK (chunk2mem (p)));
2064 /* chunk is less than MINSIZE more than request */
2065 assert ((long) (sz) - (long) (s) >= 0);
2066 assert ((long) (sz) - (long) (s + MINSIZE) < 0);
2069 /*
2070 Properties of nonrecycled chunks at the point they are malloced
2071 */
2073 static void
2074 do_check_malloced_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T s)
2076 /* same as recycled case ... */
2077 do_check_remalloced_chunk (av, p, s);
2079 /*
2080 ... plus, must obey implementation invariant that prev_inuse is
2081 always true of any allocated chunk; i.e., that each allocated
2082 chunk borders either a previously allocated and still in-use
2083 chunk, or the base of its memory arena. This is ensured
2084 by making all allocations from the `lowest' part of any found
2085 chunk. This does not necessarily hold however for chunks
2086 recycled via fastbins.
2087 */
2089 assert (prev_inuse (p));
2093 /*
2094 Properties of malloc_state.
2096 This may be useful for debugging malloc, as well as detecting user
2097 programmer errors that somehow write into malloc_state.
2099 If you are extending or experimenting with this malloc, you can
2100 probably figure out how to hack this routine to print out or
2101 display chunk addresses, sizes, bins, and other instrumentation.
2102 */
2104 static void
2105 do_check_malloc_state (mstate av)
2107 int i;
2108 mchunkptr p;
2109 mchunkptr q;
2110 mbinptr b;
2111 unsigned int idx;
2112 INTERNAL_SIZE_T size;
2113 unsigned long total = 0;
2114 int max_fast_bin;
2116 /* internal size_t must be no wider than pointer type */
2117 assert (sizeof (INTERNAL_SIZE_T) <= sizeof (char *));
2119 /* alignment is a power of 2 */
2120 assert ((MALLOC_ALIGNMENT & (MALLOC_ALIGNMENT - 1)) == 0);
2122 /* cannot run remaining checks until fully initialized */
2123 if (av->top == 0 || av->top == initial_top (av))
2124 return;
2126 /* pagesize is a power of 2 */
2127 assert (powerof2(GLRO (dl_pagesize)));
2129 /* A contiguous main_arena is consistent with sbrk_base. */
2130 if (av == &main_arena && contiguous (av))
2131 assert ((char *) mp_.sbrk_base + av->system_mem ==
2132 (char *) av->top + chunksize (av->top));
2134 /* properties of fastbins */
2136 /* max_fast is in allowed range */
2137 assert ((get_max_fast () & ~1) <= request2size (MAX_FAST_SIZE));
2139 max_fast_bin = fastbin_index (get_max_fast ());
2141 for (i = 0; i < NFASTBINS; ++i)
2143 p = fastbin (av, i);
2145 /* The following test can only be performed for the main arena.
2146 While mallopt calls malloc_consolidate to get rid of all fast
2147 bins (especially those larger than the new maximum) this does
2148 only happen for the main arena. Trying to do this for any
2149 other arena would mean those arenas have to be locked and
2150 malloc_consolidate be called for them. This is excessive. And
2151 even if this is acceptable to somebody it still cannot solve
2152 the problem completely since if the arena is locked a
2153 concurrent malloc call might create a new arena which then
2154 could use the newly invalid fast bins. */
2156 /* all bins past max_fast are empty */
2157 if (av == &main_arena && i > max_fast_bin)
2158 assert (p == 0);
2160 while (p != 0)
2162 /* each chunk claims to be inuse */
2163 do_check_inuse_chunk (av, p);
2164 total += chunksize (p);
2165 /* chunk belongs in this bin */
2166 assert (fastbin_index (chunksize (p)) == i);
2167 p = p->fd;
2171 if (total != 0)
2172 assert (have_fastchunks (av));
2173 else if (!have_fastchunks (av))
2174 assert (total == 0);
2176 /* check normal bins */
2177 for (i = 1; i < NBINS; ++i)
2179 b = bin_at (av, i);
2181 /* binmap is accurate (except for bin 1 == unsorted_chunks) */
2182 if (i >= 2)
2184 unsigned int binbit = get_binmap (av, i);
2185 int empty = last (b) == b;
2186 if (!binbit)
2187 assert (empty);
2188 else if (!empty)
2189 assert (binbit);
2192 for (p = last (b); p != b; p = p->bk)
2194 /* each chunk claims to be free */
2195 do_check_free_chunk (av, p);
2196 size = chunksize (p);
2197 total += size;
2198 if (i >= 2)
2200 /* chunk belongs in bin */
2201 idx = bin_index (size);
2202 assert (idx == i);
2203 /* lists are sorted */
2204 assert (p->bk == b ||
2205 (unsigned long) chunksize (p->bk) >= (unsigned long) chunksize (p));
2207 if (!in_smallbin_range (size))
2209 if (p->fd_nextsize != NULL)
2211 if (p->fd_nextsize == p)
2212 assert (p->bk_nextsize == p);
2213 else
2215 if (p->fd_nextsize == first (b))
2216 assert (chunksize (p) < chunksize (p->fd_nextsize));
2217 else
2218 assert (chunksize (p) > chunksize (p->fd_nextsize));
2220 if (p == first (b))
2221 assert (chunksize (p) > chunksize (p->bk_nextsize));
2222 else
2223 assert (chunksize (p) < chunksize (p->bk_nextsize));
2226 else
2227 assert (p->bk_nextsize == NULL);
2230 else if (!in_smallbin_range (size))
2231 assert (p->fd_nextsize == NULL && p->bk_nextsize == NULL);
2232 /* chunk is followed by a legal chain of inuse chunks */
2233 for (q = next_chunk (p);
2234 (q != av->top && inuse (q) &&
2235 (unsigned long) (chunksize (q)) >= MINSIZE);
2236 q = next_chunk (q))
2237 do_check_inuse_chunk (av, q);
2241 /* top chunk is OK */
2242 check_chunk (av, av->top);
2244 #endif
2247 /* ----------------- Support for debugging hooks -------------------- */
2248 #include "hooks.c"
2251 /* ----------- Routines dealing with system allocation -------------- */
2253 /*
2254 sysmalloc handles malloc cases requiring more memory from the system.
2255 On entry, it is assumed that av->top does not have enough
2256 space to service request for nb bytes, thus requiring that av->top
2257 be extended or replaced.
2258 */
2260 static void *
2261 sysmalloc (INTERNAL_SIZE_T nb, mstate av)
2263 mchunkptr old_top; /* incoming value of av->top */
2264 INTERNAL_SIZE_T old_size; /* its size */
2265 char *old_end; /* its end address */
2267 long size; /* arg to first MORECORE or mmap call */
2268 char *brk; /* return value from MORECORE */
2270 long correction; /* arg to 2nd MORECORE call */
2271 char *snd_brk; /* 2nd return val */
2273 INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */
2274 INTERNAL_SIZE_T end_misalign; /* partial page left at end of new space */
2275 char *aligned_brk; /* aligned offset into brk */
2277 mchunkptr p; /* the allocated/returned chunk */
2278 mchunkptr remainder; /* remainder from allocation */
2279 unsigned long remainder_size; /* its size */
2282 size_t pagesize = GLRO (dl_pagesize);
2283 bool tried_mmap = false;
2286 /*
2287 If have mmap, and the request size meets the mmap threshold, and
2288 the system supports mmap, and there are few enough currently
2289 allocated mmapped regions, try to directly map this request
2290 rather than expanding top.
2291 */
2293 if (av == NULL
2294 || ((unsigned long) (nb) >= (unsigned long) (mp_.mmap_threshold)
2295 && (mp_.n_mmaps < mp_.n_mmaps_max)))
2297 char *mm; /* return value from mmap call*/
2299 try_mmap:
2300 /*
2301 Round up size to nearest page. For mmapped chunks, the overhead
2302 is one SIZE_SZ unit larger than for normal chunks, because there
2303 is no following chunk whose prev_size field could be used.
2305 See the front_misalign handling below, for glibc there is no
2306 need for further alignments unless we have have high alignment.
2307 */
2308 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2309 size = ALIGN_UP (nb + SIZE_SZ, pagesize);
2310 else
2311 size = ALIGN_UP (nb + SIZE_SZ + MALLOC_ALIGN_MASK, pagesize);
2312 tried_mmap = true;
2314 /* Don't try if size wraps around 0 */
2315 if ((unsigned long) (size) > (unsigned long) (nb))
2317 mm = (char *) (MMAP (0, size, PROT_READ | PROT_WRITE, 0));
2319 if (mm != MAP_FAILED)
2321 /*
2322 The offset to the start of the mmapped region is stored
2323 in the prev_size field of the chunk. This allows us to adjust
2324 returned start address to meet alignment requirements here
2325 and in memalign(), and still be able to compute proper
2326 address argument for later munmap in free() and realloc().
2327 */
2329 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2331 /* For glibc, chunk2mem increases the address by 2*SIZE_SZ and
2332 MALLOC_ALIGN_MASK is 2*SIZE_SZ-1. Each mmap'ed area is page
2333 aligned and therefore definitely MALLOC_ALIGN_MASK-aligned. */
2334 assert (((INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK) == 0);
2335 front_misalign = 0;
2337 else
2338 front_misalign = (INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK;
2339 if (front_misalign > 0)
2341 correction = MALLOC_ALIGNMENT - front_misalign;
2342 p = (mchunkptr) (mm + correction);
2343 p->prev_size = correction;
2344 set_head (p, (size - correction) | IS_MMAPPED);
2346 else
2348 p = (mchunkptr) mm;
2349 set_head (p, size | IS_MMAPPED);
2352 /* update statistics */
2354 int new = atomic_exchange_and_add (&mp_.n_mmaps, 1) + 1;
2355 atomic_max (&mp_.max_n_mmaps, new);
2357 unsigned long sum;
2358 sum = atomic_exchange_and_add (&mp_.mmapped_mem, size) + size;
2359 atomic_max (&mp_.max_mmapped_mem, sum);
2361 check_chunk (av, p);
2363 return chunk2mem (p);
2368 /* There are no usable arenas and mmap also failed. */
2369 if (av == NULL)
2370 return 0;
2372 /* Record incoming configuration of top */
2374 old_top = av->top;
2375 old_size = chunksize (old_top);
2376 old_end = (char *) (chunk_at_offset (old_top, old_size));
2378 brk = snd_brk = (char *) (MORECORE_FAILURE);
2380 /*
2381 If not the first time through, we require old_size to be
2382 at least MINSIZE and to have prev_inuse set.
2383 */
2385 assert ((old_top == initial_top (av) && old_size == 0) ||
2386 ((unsigned long) (old_size) >= MINSIZE &&
2387 prev_inuse (old_top) &&
2388 ((unsigned long) old_end & (pagesize - 1)) == 0));
2390 /* Precondition: not enough current space to satisfy nb request */
2391 assert ((unsigned long) (old_size) < (unsigned long) (nb + MINSIZE));
2394 if (av != &main_arena)
2396 heap_info *old_heap, *heap;
2397 size_t old_heap_size;
2399 /* First try to extend the current heap. */
2400 old_heap = heap_for_ptr (old_top);
2401 old_heap_size = old_heap->size;
2402 if ((long) (MINSIZE + nb - old_size) > 0
2403 && grow_heap (old_heap, MINSIZE + nb - old_size) == 0)
2405 av->system_mem += old_heap->size - old_heap_size;
2406 arena_mem += old_heap->size - old_heap_size;
2407 set_head (old_top, (((char *) old_heap + old_heap->size) - (char *) old_top)
2408 | PREV_INUSE);
2410 else if ((heap = new_heap (nb + (MINSIZE + sizeof (*heap)), mp_.top_pad)))
2412 /* Use a newly allocated heap. */
2413 heap->ar_ptr = av;
2414 heap->prev = old_heap;
2415 av->system_mem += heap->size;
2416 arena_mem += heap->size;
2417 /* Set up the new top. */
2418 top (av) = chunk_at_offset (heap, sizeof (*heap));
2419 set_head (top (av), (heap->size - sizeof (*heap)) | PREV_INUSE);
2421 /* Setup fencepost and free the old top chunk with a multiple of
2422 MALLOC_ALIGNMENT in size. */
2423 /* The fencepost takes at least MINSIZE bytes, because it might
2424 become the top chunk again later. Note that a footer is set
2425 up, too, although the chunk is marked in use. */
2426 old_size = (old_size - MINSIZE) & ~MALLOC_ALIGN_MASK;
2427 set_head (chunk_at_offset (old_top, old_size + 2 * SIZE_SZ), 0 | PREV_INUSE);
2428 if (old_size >= MINSIZE)
2430 set_head (chunk_at_offset (old_top, old_size), (2 * SIZE_SZ) | PREV_INUSE);
2431 set_foot (chunk_at_offset (old_top, old_size), (2 * SIZE_SZ));
2432 set_head (old_top, old_size | PREV_INUSE | NON_MAIN_ARENA);
2433 _int_free (av, old_top, 1);
2435 else
2437 set_head (old_top, (old_size + 2 * SIZE_SZ) | PREV_INUSE);
2438 set_foot (old_top, (old_size + 2 * SIZE_SZ));
2441 else if (!tried_mmap)
2442 /* We can at least try to use to mmap memory. */
2443 goto try_mmap;
2445 else /* av == main_arena */
2448 { /* Request enough space for nb + pad + overhead */
2449 size = nb + mp_.top_pad + MINSIZE;
2451 /*
2452 If contiguous, we can subtract out existing space that we hope to
2453 combine with new space. We add it back later only if
2454 we don't actually get contiguous space.
2455 */
2457 if (contiguous (av))
2458 size -= old_size;
2460 /*
2461 Round to a multiple of page size.
2462 If MORECORE is not contiguous, this ensures that we only call it
2463 with whole-page arguments. And if MORECORE is contiguous and
2464 this is not first time through, this preserves page-alignment of
2465 previous calls. Otherwise, we correct to page-align below.
2466 */
2468 size = ALIGN_UP (size, pagesize);
2470 /*
2471 Don't try to call MORECORE if argument is so big as to appear
2472 negative. Note that since mmap takes size_t arg, it may succeed
2473 below even if we cannot call MORECORE.
2474 */
2476 if (size > 0)
2478 brk = (char *) (MORECORE (size));
2479 LIBC_PROBE (memory_sbrk_more, 2, brk, size);
2482 if (brk != (char *) (MORECORE_FAILURE))
2484 /* Call the `morecore' hook if necessary. */
2485 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2486 if (__builtin_expect (hook != NULL, 0))
2487 (*hook)();
2489 else
2491 /*
2492 If have mmap, try using it as a backup when MORECORE fails or
2493 cannot be used. This is worth doing on systems that have "holes" in
2494 address space, so sbrk cannot extend to give contiguous space, but
2495 space is available elsewhere. Note that we ignore mmap max count
2496 and threshold limits, since the space will not be used as a
2497 segregated mmap region.
2498 */
2500 /* Cannot merge with old top, so add its size back in */
2501 if (contiguous (av))
2502 size = ALIGN_UP (size + old_size, pagesize);
2504 /* If we are relying on mmap as backup, then use larger units */
2505 if ((unsigned long) (size) < (unsigned long) (MMAP_AS_MORECORE_SIZE))
2506 size = MMAP_AS_MORECORE_SIZE;
2508 /* Don't try if size wraps around 0 */
2509 if ((unsigned long) (size) > (unsigned long) (nb))
2511 char *mbrk = (char *) (MMAP (0, size, PROT_READ | PROT_WRITE, 0));
2513 if (mbrk != MAP_FAILED)
2515 /* We do not need, and cannot use, another sbrk call to find end */
2516 brk = mbrk;
2517 snd_brk = brk + size;
2519 /*
2520 Record that we no longer have a contiguous sbrk region.
2521 After the first time mmap is used as backup, we do not
2522 ever rely on contiguous space since this could incorrectly
2523 bridge regions.
2524 */
2525 set_noncontiguous (av);
2530 if (brk != (char *) (MORECORE_FAILURE))
2532 if (mp_.sbrk_base == 0)
2533 mp_.sbrk_base = brk;
2534 av->system_mem += size;
2536 /*
2537 If MORECORE extends previous space, we can likewise extend top size.
2538 */
2540 if (brk == old_end && snd_brk == (char *) (MORECORE_FAILURE))
2541 set_head (old_top, (size + old_size) | PREV_INUSE);
2543 else if (contiguous (av) && old_size && brk < old_end)
2545 /* Oops! Someone else killed our space.. Can't touch anything. */
2546 malloc_printerr (3, "break adjusted to free malloc space", brk,
2547 av);
2550 /*
2551 Otherwise, make adjustments:
2553 * If the first time through or noncontiguous, we need to call sbrk
2554 just to find out where the end of memory lies.
2556 * We need to ensure that all returned chunks from malloc will meet
2557 MALLOC_ALIGNMENT
2559 * If there was an intervening foreign sbrk, we need to adjust sbrk
2560 request size to account for fact that we will not be able to
2561 combine new space with existing space in old_top.
2563 * Almost all systems internally allocate whole pages at a time, in
2564 which case we might as well use the whole last page of request.
2565 So we allocate enough more memory to hit a page boundary now,
2566 which in turn causes future contiguous calls to page-align.
2567 */
2569 else
2571 front_misalign = 0;
2572 end_misalign = 0;
2573 correction = 0;
2574 aligned_brk = brk;
2576 /* handle contiguous cases */
2577 if (contiguous (av))
2579 /* Count foreign sbrk as system_mem. */
2580 if (old_size)
2581 av->system_mem += brk - old_end;
2583 /* Guarantee alignment of first new chunk made from this space */
2585 front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
2586 if (front_misalign > 0)
2588 /*
2589 Skip over some bytes to arrive at an aligned position.
2590 We don't need to specially mark these wasted front bytes.
2591 They will never be accessed anyway because
2592 prev_inuse of av->top (and any chunk created from its start)
2593 is always true after initialization.
2594 */
2596 correction = MALLOC_ALIGNMENT - front_misalign;
2597 aligned_brk += correction;
2600 /*
2601 If this isn't adjacent to existing space, then we will not
2602 be able to merge with old_top space, so must add to 2nd request.
2603 */
2605 correction += old_size;
2607 /* Extend the end address to hit a page boundary */
2608 end_misalign = (INTERNAL_SIZE_T) (brk + size + correction);
2609 correction += (ALIGN_UP (end_misalign, pagesize)) - end_misalign;
2611 assert (correction >= 0);
2612 snd_brk = (char *) (MORECORE (correction));
2614 /*
2615 If can't allocate correction, try to at least find out current
2616 brk. It might be enough to proceed without failing.
2618 Note that if second sbrk did NOT fail, we assume that space
2619 is contiguous with first sbrk. This is a safe assumption unless
2620 program is multithreaded but doesn't use locks and a foreign sbrk
2621 occurred between our first and second calls.
2622 */
2624 if (snd_brk == (char *) (MORECORE_FAILURE))
2626 correction = 0;
2627 snd_brk = (char *) (MORECORE (0));
2629 else
2631 /* Call the `morecore' hook if necessary. */
2632 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2633 if (__builtin_expect (hook != NULL, 0))
2634 (*hook)();
2638 /* handle non-contiguous cases */
2639 else
2641 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2642 /* MORECORE/mmap must correctly align */
2643 assert (((unsigned long) chunk2mem (brk) & MALLOC_ALIGN_MASK) == 0);
2644 else
2646 front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
2647 if (front_misalign > 0)
2649 /*
2650 Skip over some bytes to arrive at an aligned position.
2651 We don't need to specially mark these wasted front bytes.
2652 They will never be accessed anyway because
2653 prev_inuse of av->top (and any chunk created from its start)
2654 is always true after initialization.
2655 */
2657 aligned_brk += MALLOC_ALIGNMENT - front_misalign;
2661 /* Find out current end of memory */
2662 if (snd_brk == (char *) (MORECORE_FAILURE))
2664 snd_brk = (char *) (MORECORE (0));
2668 /* Adjust top based on results of second sbrk */
2669 if (snd_brk != (char *) (MORECORE_FAILURE))
2671 av->top = (mchunkptr) aligned_brk;
2672 set_head (av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE);
2673 av->system_mem += correction;
2675 /*
2676 If not the first time through, we either have a
2677 gap due to foreign sbrk or a non-contiguous region. Insert a
2678 double fencepost at old_top to prevent consolidation with space
2679 we don't own. These fenceposts are artificial chunks that are
2680 marked as inuse and are in any case too small to use. We need
2681 two to make sizes and alignments work out.
2682 */
2684 if (old_size != 0)
2686 /*
2687 Shrink old_top to insert fenceposts, keeping size a
2688 multiple of MALLOC_ALIGNMENT. We know there is at least
2689 enough space in old_top to do this.
2690 */
2691 old_size = (old_size - 4 * SIZE_SZ) & ~MALLOC_ALIGN_MASK;
2692 set_head (old_top, old_size | PREV_INUSE);
2694 /*
2695 Note that the following assignments completely overwrite
2696 old_top when old_size was previously MINSIZE. This is
2697 intentional. We need the fencepost, even if old_top otherwise gets
2698 lost.
2699 */
2700 chunk_at_offset (old_top, old_size)->size =
2701 (2 * SIZE_SZ) | PREV_INUSE;
2703 chunk_at_offset (old_top, old_size + 2 * SIZE_SZ)->size =
2704 (2 * SIZE_SZ) | PREV_INUSE;
2706 /* If possible, release the rest. */
2707 if (old_size >= MINSIZE)
2709 _int_free (av, old_top, 1);
2715 } /* if (av != &main_arena) */
2717 if ((unsigned long) av->system_mem > (unsigned long) (av->max_system_mem))
2718 av->max_system_mem = av->system_mem;
2719 check_malloc_state (av);
2721 /* finally, do the allocation */
2722 p = av->top;
2723 size = chunksize (p);
2725 /* check that one of the above allocation paths succeeded */
2726 if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
2728 remainder_size = size - nb;
2729 remainder = chunk_at_offset (p, nb);
2730 av->top = remainder;
2731 set_head (p, nb | PREV_INUSE | (av != &main_arena ? NON_MAIN_ARENA : 0));
2732 set_head (remainder, remainder_size | PREV_INUSE);
2733 check_malloced_chunk (av, p, nb);
2734 return chunk2mem (p);
2737 /* catch all failure paths */
2738 __set_errno (ENOMEM);
2739 return 0;
2743 /*
2744 systrim is an inverse of sorts to sysmalloc. It gives memory back
2745 to the system (via negative arguments to sbrk) if there is unused
2746 memory at the `high' end of the malloc pool. It is called
2747 automatically by free() when top space exceeds the trim
2748 threshold. It is also called by the public malloc_trim routine. It
2749 returns 1 if it actually released any memory, else 0.
2750 */
2752 static int
2753 systrim (size_t pad, mstate av)
2755 long top_size; /* Amount of top-most memory */
2756 long extra; /* Amount to release */
2757 long released; /* Amount actually released */
2758 char *current_brk; /* address returned by pre-check sbrk call */
2759 char *new_brk; /* address returned by post-check sbrk call */
2760 size_t pagesize;
2761 long top_area;
2763 pagesize = GLRO (dl_pagesize);
2764 top_size = chunksize (av->top);
2766 top_area = top_size - MINSIZE - 1;
2767 if (top_area <= pad)
2768 return 0;
2770 /* Release in pagesize units, keeping at least one page */
2771 extra = (top_area - pad) & ~(pagesize - 1);
2773 if (extra == 0)
2774 return 0;
2776 /*
2777 Only proceed if end of memory is where we last set it.
2778 This avoids problems if there were foreign sbrk calls.
2779 */
2780 current_brk = (char *) (MORECORE (0));
2781 if (current_brk == (char *) (av->top) + top_size)
2783 /*
2784 Attempt to release memory. We ignore MORECORE return value,
2785 and instead call again to find out where new end of memory is.
2786 This avoids problems if first call releases less than we asked,
2787 of if failure somehow altered brk value. (We could still
2788 encounter problems if it altered brk in some very bad way,
2789 but the only thing we can do is adjust anyway, which will cause
2790 some downstream failure.)
2791 */
2793 MORECORE (-extra);
2794 /* Call the `morecore' hook if necessary. */
2795 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2796 if (__builtin_expect (hook != NULL, 0))
2797 (*hook)();
2798 new_brk = (char *) (MORECORE (0));
2800 LIBC_PROBE (memory_sbrk_less, 2, new_brk, extra);
2802 if (new_brk != (char *) MORECORE_FAILURE)
2804 released = (long) (current_brk - new_brk);
2806 if (released != 0)
2808 /* Success. Adjust top. */
2809 av->system_mem -= released;
2810 set_head (av->top, (top_size - released) | PREV_INUSE);
2811 check_malloc_state (av);
2812 return 1;
2816 return 0;
2819 static void
2820 internal_function
2821 munmap_chunk (mchunkptr p)
2823 INTERNAL_SIZE_T size = chunksize (p);
2825 assert (chunk_is_mmapped (p));
2827 uintptr_t block = (uintptr_t) p - p->prev_size;
2828 size_t total_size = p->prev_size + size;
2829 /* Unfortunately we have to do the compilers job by hand here. Normally
2830 we would test BLOCK and TOTAL-SIZE separately for compliance with the
2831 page size. But gcc does not recognize the optimization possibility
2832 (in the moment at least) so we combine the two values into one before
2833 the bit test. */
2834 if (__builtin_expect (((block | total_size) & (GLRO (dl_pagesize) - 1)) != 0, 0))
2836 malloc_printerr (check_action, "munmap_chunk(): invalid pointer",
2837 chunk2mem (p), NULL);
2838 return;
2841 atomic_decrement (&mp_.n_mmaps);
2842 atomic_add (&mp_.mmapped_mem, -total_size);
2844 /* If munmap failed the process virtual memory address space is in a
2845 bad shape. Just leave the block hanging around, the process will
2846 terminate shortly anyway since not much can be done. */
2847 __munmap ((char *) block, total_size);
2850 #if HAVE_MREMAP
2852 static mchunkptr
2853 internal_function
2854 mremap_chunk (mchunkptr p, size_t new_size)
2856 size_t pagesize = GLRO (dl_pagesize);
2857 INTERNAL_SIZE_T offset = p->prev_size;
2858 INTERNAL_SIZE_T size = chunksize (p);
2859 char *cp;
2861 assert (chunk_is_mmapped (p));
2862 assert (((size + offset) & (GLRO (dl_pagesize) - 1)) == 0);
2864 /* Note the extra SIZE_SZ overhead as in mmap_chunk(). */
2865 new_size = ALIGN_UP (new_size + offset + SIZE_SZ, pagesize);
2867 /* No need to remap if the number of pages does not change. */
2868 if (size + offset == new_size)
2869 return p;
2871 cp = (char *) __mremap ((char *) p - offset, size + offset, new_size,
2872 MREMAP_MAYMOVE);
2874 if (cp == MAP_FAILED)
2875 return 0;
2877 p = (mchunkptr) (cp + offset);
2879 assert (aligned_OK (chunk2mem (p)));
2881 assert ((p->prev_size == offset));
2882 set_head (p, (new_size - offset) | IS_MMAPPED);
2884 INTERNAL_SIZE_T new;
2885 new = atomic_exchange_and_add (&mp_.mmapped_mem, new_size - size - offset)
2886 + new_size - size - offset;
2887 atomic_max (&mp_.max_mmapped_mem, new);
2888 return p;
2890 #endif /* HAVE_MREMAP */
2892 /*------------------------ Public wrappers. --------------------------------*/
2894 void *
2895 __libc_malloc (size_t bytes)
2897 mstate ar_ptr;
2898 void *victim;
2900 void *(*hook) (size_t, const void *)
2901 = atomic_forced_read (__malloc_hook);
2902 if (__builtin_expect (hook != NULL, 0))
2903 return (*hook)(bytes, RETURN_ADDRESS (0));
2905 arena_get (ar_ptr, bytes);
2907 victim = _int_malloc (ar_ptr, bytes);
2908 /* Retry with another arena only if we were able to find a usable arena
2909 before. */
2910 if (!victim && ar_ptr != NULL)
2912 LIBC_PROBE (memory_malloc_retry, 1, bytes);
2913 ar_ptr = arena_get_retry (ar_ptr, bytes);
2914 victim = _int_malloc (ar_ptr, bytes);
2917 if (ar_ptr != NULL)
2918 (void) mutex_unlock (&ar_ptr->mutex);
2920 assert (!victim || chunk_is_mmapped (mem2chunk (victim)) ||
2921 ar_ptr == arena_for_chunk (mem2chunk (victim)));
2922 return victim;
2924 libc_hidden_def (__libc_malloc)
2926 void
2927 __libc_free (void *mem)
2929 mstate ar_ptr;
2930 mchunkptr p; /* chunk corresponding to mem */
2932 void (*hook) (void *, const void *)
2933 = atomic_forced_read (__free_hook);
2934 if (__builtin_expect (hook != NULL, 0))
2936 (*hook)(mem, RETURN_ADDRESS (0));
2937 return;
2940 if (mem == 0) /* free(0) has no effect */
2941 return;
2943 p = mem2chunk (mem);
2945 if (chunk_is_mmapped (p)) /* release mmapped memory. */
2947 /* see if the dynamic brk/mmap threshold needs adjusting */
2948 if (!mp_.no_dyn_threshold
2949 && p->size > mp_.mmap_threshold
2950 && p->size <= DEFAULT_MMAP_THRESHOLD_MAX)
2952 mp_.mmap_threshold = chunksize (p);
2953 mp_.trim_threshold = 2 * mp_.mmap_threshold;
2954 LIBC_PROBE (memory_mallopt_free_dyn_thresholds, 2,
2955 mp_.mmap_threshold, mp_.trim_threshold);
2957 munmap_chunk (p);
2958 return;
2961 ar_ptr = arena_for_chunk (p);
2962 _int_free (ar_ptr, p, 0);
2964 libc_hidden_def (__libc_free)
2966 void *
2967 __libc_realloc (void *oldmem, size_t bytes)
2969 mstate ar_ptr;
2970 INTERNAL_SIZE_T nb; /* padded request size */
2972 void *newp; /* chunk to return */
2974 void *(*hook) (void *, size_t, const void *) =
2975 atomic_forced_read (__realloc_hook);
2976 if (__builtin_expect (hook != NULL, 0))
2977 return (*hook)(oldmem, bytes, RETURN_ADDRESS (0));
2979 #if REALLOC_ZERO_BYTES_FREES
2980 if (bytes == 0 && oldmem != NULL)
2982 __libc_free (oldmem); return 0;
2984 #endif
2986 /* realloc of null is supposed to be same as malloc */
2987 if (oldmem == 0)
2988 return __libc_malloc (bytes);
2990 /* chunk corresponding to oldmem */
2991 const mchunkptr oldp = mem2chunk (oldmem);
2992 /* its size */
2993 const INTERNAL_SIZE_T oldsize = chunksize (oldp);
2995 if (chunk_is_mmapped (oldp))
2996 ar_ptr = NULL;
2997 else
2998 ar_ptr = arena_for_chunk (oldp);
3000 /* Little security check which won't hurt performance: the
3001 allocator never wrapps around at the end of the address space.
3002 Therefore we can exclude some size values which might appear
3003 here by accident or by "design" from some intruder. */
3004 if (__builtin_expect ((uintptr_t) oldp > (uintptr_t) -oldsize, 0)
3005 || __builtin_expect (misaligned_chunk (oldp), 0))
3007 malloc_printerr (check_action, "realloc(): invalid pointer", oldmem,
3008 ar_ptr);
3009 return NULL;
3012 checked_request2size (bytes, nb);
3014 if (chunk_is_mmapped (oldp))
3016 void *newmem;
3018 #if HAVE_MREMAP
3019 newp = mremap_chunk (oldp, nb);
3020 if (newp)
3021 return chunk2mem (newp);
3022 #endif
3023 /* Note the extra SIZE_SZ overhead. */
3024 if (oldsize - SIZE_SZ >= nb)
3025 return oldmem; /* do nothing */
3027 /* Must alloc, copy, free. */
3028 newmem = __libc_malloc (bytes);
3029 if (newmem == 0)
3030 return 0; /* propagate failure */
3032 memcpy (newmem, oldmem, oldsize - 2 * SIZE_SZ);
3033 munmap_chunk (oldp);
3034 return newmem;
3037 (void) mutex_lock (&ar_ptr->mutex);
3039 newp = _int_realloc (ar_ptr, oldp, oldsize, nb);
3041 (void) mutex_unlock (&ar_ptr->mutex);
3042 assert (!newp || chunk_is_mmapped (mem2chunk (newp)) ||
3043 ar_ptr == arena_for_chunk (mem2chunk (newp)));
3045 if (newp == NULL)
3047 /* Try harder to allocate memory in other arenas. */
3048 LIBC_PROBE (memory_realloc_retry, 2, bytes, oldmem);
3049 newp = __libc_malloc (bytes);
3050 if (newp != NULL)
3052 memcpy (newp, oldmem, oldsize - SIZE_SZ);
3053 _int_free (ar_ptr, oldp, 0);
3057 return newp;
3059 libc_hidden_def (__libc_realloc)
3061 void *
3062 __libc_memalign (size_t alignment, size_t bytes)
3064 void *address = RETURN_ADDRESS (0);
3065 return _mid_memalign (alignment, bytes, address);
3068 static void *
3069 _mid_memalign (size_t alignment, size_t bytes, void *address)
3071 mstate ar_ptr;
3072 void *p;
3074 void *(*hook) (size_t, size_t, const void *) =
3075 atomic_forced_read (__memalign_hook);
3076 if (__builtin_expect (hook != NULL, 0))
3077 return (*hook)(alignment, bytes, address);
3079 /* If we need less alignment than we give anyway, just relay to malloc. */
3080 if (alignment <= MALLOC_ALIGNMENT)
3081 return __libc_malloc (bytes);
3083 /* Otherwise, ensure that it is at least a minimum chunk size */
3084 if (alignment < MINSIZE)
3085 alignment = MINSIZE;
3087 /* If the alignment is greater than SIZE_MAX / 2 + 1 it cannot be a
3088 power of 2 and will cause overflow in the check below. */
3089 if (alignment > SIZE_MAX / 2 + 1)
3091 __set_errno (EINVAL);
3092 return 0;
3095 /* Check for overflow. */
3096 if (bytes > SIZE_MAX - alignment - MINSIZE)
3098 __set_errno (ENOMEM);
3099 return 0;
3103 /* Make sure alignment is power of 2. */
3104 if (!powerof2 (alignment))
3106 size_t a = MALLOC_ALIGNMENT * 2;
3107 while (a < alignment)
3108 a <<= 1;
3109 alignment = a;
3112 arena_get (ar_ptr, bytes + alignment + MINSIZE);
3114 p = _int_memalign (ar_ptr, alignment, bytes);
3115 if (!p && ar_ptr != NULL)
3117 LIBC_PROBE (memory_memalign_retry, 2, bytes, alignment);
3118 ar_ptr = arena_get_retry (ar_ptr, bytes);
3119 p = _int_memalign (ar_ptr, alignment, bytes);
3122 if (ar_ptr != NULL)
3123 (void) mutex_unlock (&ar_ptr->mutex);
3125 assert (!p || chunk_is_mmapped (mem2chunk (p)) ||
3126 ar_ptr == arena_for_chunk (mem2chunk (p)));
3127 return p;
3129 /* For ISO C11. */
3130 weak_alias (__libc_memalign, aligned_alloc)
3131 libc_hidden_def (__libc_memalign)
3133 void *
3134 __libc_valloc (size_t bytes)
3136 if (__malloc_initialized < 0)
3137 ptmalloc_init ();
3139 void *address = RETURN_ADDRESS (0);
3140 size_t pagesize = GLRO (dl_pagesize);
3141 return _mid_memalign (pagesize, bytes, address);
3144 void *
3145 __libc_pvalloc (size_t bytes)
3147 if (__malloc_initialized < 0)
3148 ptmalloc_init ();
3150 void *address = RETURN_ADDRESS (0);
3151 size_t pagesize = GLRO (dl_pagesize);
3152 size_t rounded_bytes = ALIGN_UP (bytes, pagesize);
3154 /* Check for overflow. */
3155 if (bytes > SIZE_MAX - 2 * pagesize - MINSIZE)
3157 __set_errno (ENOMEM);
3158 return 0;
3161 return _mid_memalign (pagesize, rounded_bytes, address);
3164 void *
3165 __libc_calloc (size_t n, size_t elem_size)
3167 mstate av;
3168 mchunkptr oldtop, p;
3169 INTERNAL_SIZE_T bytes, sz, csz, oldtopsize;
3170 void *mem;
3171 unsigned long clearsize;
3172 unsigned long nclears;
3173 INTERNAL_SIZE_T *d;
3175 /* size_t is unsigned so the behavior on overflow is defined. */
3176 bytes = n * elem_size;
3177 #define HALF_INTERNAL_SIZE_T \
3178 (((INTERNAL_SIZE_T) 1) << (8 * sizeof (INTERNAL_SIZE_T) / 2))
3179 if (__builtin_expect ((n | elem_size) >= HALF_INTERNAL_SIZE_T, 0))
3181 if (elem_size != 0 && bytes / elem_size != n)
3183 __set_errno (ENOMEM);
3184 return 0;
3188 void *(*hook) (size_t, const void *) =
3189 atomic_forced_read (__malloc_hook);
3190 if (__builtin_expect (hook != NULL, 0))
3192 sz = bytes;
3193 mem = (*hook)(sz, RETURN_ADDRESS (0));
3194 if (mem == 0)
3195 return 0;
3197 return memset (mem, 0, sz);
3200 sz = bytes;
3202 arena_get (av, sz);
3203 if (av)
3205 /* Check if we hand out the top chunk, in which case there may be no
3206 need to clear. */
3207 #if MORECORE_CLEARS
3208 oldtop = top (av);
3209 oldtopsize = chunksize (top (av));
3210 # if MORECORE_CLEARS < 2
3211 /* Only newly allocated memory is guaranteed to be cleared. */
3212 if (av == &main_arena &&
3213 oldtopsize < mp_.sbrk_base + av->max_system_mem - (char *) oldtop)
3214 oldtopsize = (mp_.sbrk_base + av->max_system_mem - (char *) oldtop);
3215 # endif
3216 if (av != &main_arena)
3218 heap_info *heap = heap_for_ptr (oldtop);
3219 if (oldtopsize < (char *) heap + heap->mprotect_size - (char *) oldtop)
3220 oldtopsize = (char *) heap + heap->mprotect_size - (char *) oldtop;
3222 #endif
3224 else
3226 /* No usable arenas. */
3227 oldtop = 0;
3228 oldtopsize = 0;
3230 mem = _int_malloc (av, sz);
3233 assert (!mem || chunk_is_mmapped (mem2chunk (mem)) ||
3234 av == arena_for_chunk (mem2chunk (mem)));
3236 if (mem == 0 && av != NULL)
3238 LIBC_PROBE (memory_calloc_retry, 1, sz);
3239 av = arena_get_retry (av, sz);
3240 mem = _int_malloc (av, sz);
3243 if (av != NULL)
3244 (void) mutex_unlock (&av->mutex);
3246 /* Allocation failed even after a retry. */
3247 if (mem == 0)
3248 return 0;
3250 p = mem2chunk (mem);
3252 /* Two optional cases in which clearing not necessary */
3253 if (chunk_is_mmapped (p))
3255 if (__builtin_expect (perturb_byte, 0))
3256 return memset (mem, 0, sz);
3258 return mem;
3261 csz = chunksize (p);
3263 #if MORECORE_CLEARS
3264 if (perturb_byte == 0 && (p == oldtop && csz > oldtopsize))
3266 /* clear only the bytes from non-freshly-sbrked memory */
3267 csz = oldtopsize;
3269 #endif
3271 /* Unroll clear of <= 36 bytes (72 if 8byte sizes). We know that
3272 contents have an odd number of INTERNAL_SIZE_T-sized words;
3273 minimally 3. */
3274 d = (INTERNAL_SIZE_T *) mem;
3275 clearsize = csz - SIZE_SZ;
3276 nclears = clearsize / sizeof (INTERNAL_SIZE_T);
3277 assert (nclears >= 3);
3279 if (nclears > 9)
3280 return memset (d, 0, clearsize);
3282 else
3284 *(d + 0) = 0;
3285 *(d + 1) = 0;
3286 *(d + 2) = 0;
3287 if (nclears > 4)
3289 *(d + 3) = 0;
3290 *(d + 4) = 0;
3291 if (nclears > 6)
3293 *(d + 5) = 0;
3294 *(d + 6) = 0;
3295 if (nclears > 8)
3297 *(d + 7) = 0;
3298 *(d + 8) = 0;
3304 return mem;
3307 /*
3308 ------------------------------ malloc ------------------------------
3309 */
3311 static void *
3312 _int_malloc (mstate av, size_t bytes)
3314 INTERNAL_SIZE_T nb; /* normalized request size */
3315 unsigned int idx; /* associated bin index */
3316 mbinptr bin; /* associated bin */
3318 mchunkptr victim; /* inspected/selected chunk */
3319 INTERNAL_SIZE_T size; /* its size */
3320 int victim_index; /* its bin index */
3322 mchunkptr remainder; /* remainder from a split */
3323 unsigned long remainder_size; /* its size */
3325 unsigned int block; /* bit map traverser */
3326 unsigned int bit; /* bit map traverser */
3327 unsigned int map; /* current word of binmap */
3329 mchunkptr fwd; /* misc temp for linking */
3330 mchunkptr bck; /* misc temp for linking */
3332 const char *errstr = NULL;
3334 /*
3335 Convert request size to internal form by adding SIZE_SZ bytes
3336 overhead plus possibly more to obtain necessary alignment and/or
3337 to obtain a size of at least MINSIZE, the smallest allocatable
3338 size. Also, checked_request2size traps (returning 0) request sizes
3339 that are so large that they wrap around zero when padded and
3340 aligned.
3341 */
3343 checked_request2size (bytes, nb);
3345 /* There are no usable arenas. Fall back to sysmalloc to get a chunk from
3346 mmap. */
3347 if (__glibc_unlikely (av == NULL))
3349 void *p = sysmalloc (nb, av);
3350 if (p != NULL)
3351 alloc_perturb (p, bytes);
3352 return p;
3355 /*
3356 If the size qualifies as a fastbin, first check corresponding bin.
3357 This code is safe to execute even if av is not yet initialized, so we
3358 can try it without checking, which saves some time on this fast path.
3359 */
3361 if ((unsigned long) (nb) <= (unsigned long) (get_max_fast ()))
3363 idx = fastbin_index (nb);
3364 mfastbinptr *fb = &fastbin (av, idx);
3365 mchunkptr pp = *fb;
3366 do
3368 victim = pp;
3369 if (victim == NULL)
3370 break;
3372 while ((pp = catomic_compare_and_exchange_val_acq (fb, victim->fd, victim))
3373 != victim);
3374 if (victim != 0)
3376 if (__builtin_expect (fastbin_index (chunksize (victim)) != idx, 0))
3378 errstr = "malloc(): memory corruption (fast)";
3379 errout:
3380 malloc_printerr (check_action, errstr, chunk2mem (victim), av);
3381 return NULL;
3383 check_remalloced_chunk (av, victim, nb);
3384 void *p = chunk2mem (victim);
3385 alloc_perturb (p, bytes);
3386 return p;
3390 /*
3391 If a small request, check regular bin. Since these "smallbins"
3392 hold one size each, no searching within bins is necessary.
3393 (For a large request, we need to wait until unsorted chunks are
3394 processed to find best fit. But for small ones, fits are exact
3395 anyway, so we can check now, which is faster.)
3396 */
3398 if (in_smallbin_range (nb))
3400 idx = smallbin_index (nb);
3401 bin = bin_at (av, idx);
3403 if ((victim = last (bin)) != bin)
3405 if (victim == 0) /* initialization check */
3406 malloc_consolidate (av);
3407 else
3409 bck = victim->bk;
3410 if (__glibc_unlikely (bck->fd != victim))
3412 errstr = "malloc(): smallbin double linked list corrupted";
3413 goto errout;
3415 set_inuse_bit_at_offset (victim, nb);
3416 bin->bk = bck;
3417 bck->fd = bin;
3419 if (av != &main_arena)
3420 victim->size |= NON_MAIN_ARENA;
3421 check_malloced_chunk (av, victim, nb);
3422 void *p = chunk2mem (victim);
3423 alloc_perturb (p, bytes);
3424 return p;
3429 /*
3430 If this is a large request, consolidate fastbins before continuing.
3431 While it might look excessive to kill all fastbins before
3432 even seeing if there is space available, this avoids
3433 fragmentation problems normally associated with fastbins.
3434 Also, in practice, programs tend to have runs of either small or
3435 large requests, but less often mixtures, so consolidation is not
3436 invoked all that often in most programs. And the programs that
3437 it is called frequently in otherwise tend to fragment.
3438 */
3440 else
3442 idx = largebin_index (nb);
3443 if (have_fastchunks (av))
3444 malloc_consolidate (av);
3447 /*
3448 Process recently freed or remaindered chunks, taking one only if
3449 it is exact fit, or, if this a small request, the chunk is remainder from
3450 the most recent non-exact fit. Place other traversed chunks in
3451 bins. Note that this step is the only place in any routine where
3452 chunks are placed in bins.
3454 The outer loop here is needed because we might not realize until
3455 near the end of malloc that we should have consolidated, so must
3456 do so and retry. This happens at most once, and only when we would
3457 otherwise need to expand memory to service a "small" request.
3458 */
3460 for (;; )
3462 int iters = 0;
3463 while ((victim = unsorted_chunks (av)->bk) != unsorted_chunks (av))
3465 bck = victim->bk;
3466 if (__builtin_expect (victim->size <= 2 * SIZE_SZ, 0)
3467 || __builtin_expect (victim->size > av->system_mem, 0))
3468 malloc_printerr (check_action, "malloc(): memory corruption",
3469 chunk2mem (victim), av);
3470 size = chunksize (victim);
3472 /*
3473 If a small request, try to use last remainder if it is the
3474 only chunk in unsorted bin. This helps promote locality for
3475 runs of consecutive small requests. This is the only
3476 exception to best-fit, and applies only when there is
3477 no exact fit for a small chunk.
3478 */
3480 if (in_smallbin_range (nb) &&
3481 bck == unsorted_chunks (av) &&
3482 victim == av->last_remainder &&
3483 (unsigned long) (size) > (unsigned long) (nb + MINSIZE))
3485 /* split and reattach remainder */
3486 remainder_size = size - nb;
3487 remainder = chunk_at_offset (victim, nb);
3488 unsorted_chunks (av)->bk = unsorted_chunks (av)->fd = remainder;
3489 av->last_remainder = remainder;
3490 remainder->bk = remainder->fd = unsorted_chunks (av);
3491 if (!in_smallbin_range (remainder_size))
3493 remainder->fd_nextsize = NULL;
3494 remainder->bk_nextsize = NULL;
3497 set_head (victim, nb | PREV_INUSE |
3498 (av != &main_arena ? NON_MAIN_ARENA : 0));
3499 set_head (remainder, remainder_size | PREV_INUSE);
3500 set_foot (remainder, remainder_size);
3502 check_malloced_chunk (av, victim, nb);
3503 void *p = chunk2mem (victim);
3504 alloc_perturb (p, bytes);
3505 return p;
3508 /* remove from unsorted list */
3509 unsorted_chunks (av)->bk = bck;
3510 bck->fd = unsorted_chunks (av);
3512 /* Take now instead of binning if exact fit */
3514 if (size == nb)
3516 set_inuse_bit_at_offset (victim, size);
3517 if (av != &main_arena)
3518 victim->size |= NON_MAIN_ARENA;
3519 check_malloced_chunk (av, victim, nb);
3520 void *p = chunk2mem (victim);
3521 alloc_perturb (p, bytes);
3522 return p;
3525 /* place chunk in bin */
3527 if (in_smallbin_range (size))
3529 victim_index = smallbin_index (size);
3530 bck = bin_at (av, victim_index);
3531 fwd = bck->fd;
3533 else
3535 victim_index = largebin_index (size);
3536 bck = bin_at (av, victim_index);
3537 fwd = bck->fd;
3539 /* maintain large bins in sorted order */
3540 if (fwd != bck)
3542 /* Or with inuse bit to speed comparisons */
3543 size |= PREV_INUSE;
3544 /* if smaller than smallest, bypass loop below */
3545 assert ((bck->bk->size & NON_MAIN_ARENA) == 0);
3546 if ((unsigned long) (size) < (unsigned long) (bck->bk->size))
3548 fwd = bck;
3549 bck = bck->bk;
3551 victim->fd_nextsize = fwd->fd;
3552 victim->bk_nextsize = fwd->fd->bk_nextsize;
3553 fwd->fd->bk_nextsize = victim->bk_nextsize->fd_nextsize = victim;
3555 else
3557 assert ((fwd->size & NON_MAIN_ARENA) == 0);
3558 while ((unsigned long) size < fwd->size)
3560 fwd = fwd->fd_nextsize;
3561 assert ((fwd->size & NON_MAIN_ARENA) == 0);
3564 if ((unsigned long) size == (unsigned long) fwd->size)
3565 /* Always insert in the second position. */
3566 fwd = fwd->fd;
3567 else
3569 victim->fd_nextsize = fwd;
3570 victim->bk_nextsize = fwd->bk_nextsize;
3571 fwd->bk_nextsize = victim;
3572 victim->bk_nextsize->fd_nextsize = victim;
3574 bck = fwd->bk;
3577 else
3578 victim->fd_nextsize = victim->bk_nextsize = victim;
3581 mark_bin (av, victim_index);
3582 victim->bk = bck;
3583 victim->fd = fwd;
3584 fwd->bk = victim;
3585 bck->fd = victim;
3587 #define MAX_ITERS 10000
3588 if (++iters >= MAX_ITERS)
3589 break;
3592 /*
3593 If a large request, scan through the chunks of current bin in
3594 sorted order to find smallest that fits. Use the skip list for this.
3595 */
3597 if (!in_smallbin_range (nb))
3599 bin = bin_at (av, idx);
3601 /* skip scan if empty or largest chunk is too small */
3602 if ((victim = first (bin)) != bin &&
3603 (unsigned long) (victim->size) >= (unsigned long) (nb))
3605 victim = victim->bk_nextsize;
3606 while (((unsigned long) (size = chunksize (victim)) <
3607 (unsigned long) (nb)))
3608 victim = victim->bk_nextsize;
3610 /* Avoid removing the first entry for a size so that the skip
3611 list does not have to be rerouted. */
3612 if (victim != last (bin) && victim->size == victim->fd->size)
3613 victim = victim->fd;
3615 remainder_size = size - nb;
3616 unlink (av, victim, bck, fwd);
3618 /* Exhaust */
3619 if (remainder_size < MINSIZE)
3621 set_inuse_bit_at_offset (victim, size);
3622 if (av != &main_arena)
3623 victim->size |= NON_MAIN_ARENA;
3625 /* Split */
3626 else
3628 remainder = chunk_at_offset (victim, nb);
3629 /* We cannot assume the unsorted list is empty and therefore
3630 have to perform a complete insert here. */
3631 bck = unsorted_chunks (av);
3632 fwd = bck->fd;
3633 if (__glibc_unlikely (fwd->bk != bck))
3635 errstr = "malloc(): corrupted unsorted chunks";
3636 goto errout;
3638 remainder->bk = bck;
3639 remainder->fd = fwd;
3640 bck->fd = remainder;
3641 fwd->bk = remainder;
3642 if (!in_smallbin_range (remainder_size))
3644 remainder->fd_nextsize = NULL;
3645 remainder->bk_nextsize = NULL;
3647 set_head (victim, nb | PREV_INUSE |
3648 (av != &main_arena ? NON_MAIN_ARENA : 0));
3649 set_head (remainder, remainder_size | PREV_INUSE);
3650 set_foot (remainder, remainder_size);
3652 check_malloced_chunk (av, victim, nb);
3653 void *p = chunk2mem (victim);
3654 alloc_perturb (p, bytes);
3655 return p;
3659 /*
3660 Search for a chunk by scanning bins, starting with next largest
3661 bin. This search is strictly by best-fit; i.e., the smallest
3662 (with ties going to approximately the least recently used) chunk
3663 that fits is selected.
3665 The bitmap avoids needing to check that most blocks are nonempty.
3666 The particular case of skipping all bins during warm-up phases
3667 when no chunks have been returned yet is faster than it might look.
3668 */
3670 ++idx;
3671 bin = bin_at (av, idx);
3672 block = idx2block (idx);
3673 map = av->binmap[block];
3674 bit = idx2bit (idx);
3676 for (;; )
3678 /* Skip rest of block if there are no more set bits in this block. */
3679 if (bit > map || bit == 0)
3681 do
3683 if (++block >= BINMAPSIZE) /* out of bins */
3684 goto use_top;
3686 while ((map = av->binmap[block]) == 0);
3688 bin = bin_at (av, (block << BINMAPSHIFT));
3689 bit = 1;
3692 /* Advance to bin with set bit. There must be one. */
3693 while ((bit & map) == 0)
3695 bin = next_bin (bin);
3696 bit <<= 1;
3697 assert (bit != 0);
3700 /* Inspect the bin. It is likely to be non-empty */
3701 victim = last (bin);
3703 /* If a false alarm (empty bin), clear the bit. */
3704 if (victim == bin)
3706 av->binmap[block] = map &= ~bit; /* Write through */
3707 bin = next_bin (bin);
3708 bit <<= 1;
3711 else
3713 size = chunksize (victim);
3715 /* We know the first chunk in this bin is big enough to use. */
3716 assert ((unsigned long) (size) >= (unsigned long) (nb));
3718 remainder_size = size - nb;
3720 /* unlink */
3721 unlink (av, victim, bck, fwd);
3723 /* Exhaust */
3724 if (remainder_size < MINSIZE)
3726 set_inuse_bit_at_offset (victim, size);
3727 if (av != &main_arena)
3728 victim->size |= NON_MAIN_ARENA;
3731 /* Split */
3732 else
3734 remainder = chunk_at_offset (victim, nb);
3736 /* We cannot assume the unsorted list is empty and therefore
3737 have to perform a complete insert here. */
3738 bck = unsorted_chunks (av);
3739 fwd = bck->fd;
3740 if (__glibc_unlikely (fwd->bk != bck))
3742 errstr = "malloc(): corrupted unsorted chunks 2";
3743 goto errout;
3745 remainder->bk = bck;
3746 remainder->fd = fwd;
3747 bck->fd = remainder;
3748 fwd->bk = remainder;
3750 /* advertise as last remainder */
3751 if (in_smallbin_range (nb))
3752 av->last_remainder = remainder;
3753 if (!in_smallbin_range (remainder_size))
3755 remainder->fd_nextsize = NULL;
3756 remainder->bk_nextsize = NULL;
3758 set_head (victim, nb | PREV_INUSE |
3759 (av != &main_arena ? NON_MAIN_ARENA : 0));
3760 set_head (remainder, remainder_size | PREV_INUSE);
3761 set_foot (remainder, remainder_size);
3763 check_malloced_chunk (av, victim, nb);
3764 void *p = chunk2mem (victim);
3765 alloc_perturb (p, bytes);
3766 return p;
3770 use_top:
3771 /*
3772 If large enough, split off the chunk bordering the end of memory
3773 (held in av->top). Note that this is in accord with the best-fit
3774 search rule. In effect, av->top is treated as larger (and thus
3775 less well fitting) than any other available chunk since it can
3776 be extended to be as large as necessary (up to system
3777 limitations).
3779 We require that av->top always exists (i.e., has size >=
3780 MINSIZE) after initialization, so if it would otherwise be
3781 exhausted by current request, it is replenished. (The main
3782 reason for ensuring it exists is that we may need MINSIZE space
3783 to put in fenceposts in sysmalloc.)
3784 */
3786 victim = av->top;
3787 size = chunksize (victim);
3789 if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
3791 remainder_size = size - nb;
3792 remainder = chunk_at_offset (victim, nb);
3793 av->top = remainder;
3794 set_head (victim, nb | PREV_INUSE |
3795 (av != &main_arena ? NON_MAIN_ARENA : 0));
3796 set_head (remainder, remainder_size | PREV_INUSE);
3798 check_malloced_chunk (av, victim, nb);
3799 void *p = chunk2mem (victim);
3800 alloc_perturb (p, bytes);
3801 return p;
3804 /* When we are using atomic ops to free fast chunks we can get
3805 here for all block sizes. */
3806 else if (have_fastchunks (av))
3808 malloc_consolidate (av);
3809 /* restore original bin index */
3810 if (in_smallbin_range (nb))
3811 idx = smallbin_index (nb);
3812 else
3813 idx = largebin_index (nb);
3816 /*
3817 Otherwise, relay to handle system-dependent cases
3818 */
3819 else
3821 void *p = sysmalloc (nb, av);
3822 if (p != NULL)
3823 alloc_perturb (p, bytes);
3824 return p;
3829 /*
3830 ------------------------------ free ------------------------------
3831 */
3833 static void
3834 _int_free (mstate av, mchunkptr p, int have_lock)
3836 INTERNAL_SIZE_T size; /* its size */
3837 mfastbinptr *fb; /* associated fastbin */
3838 mchunkptr nextchunk; /* next contiguous chunk */
3839 INTERNAL_SIZE_T nextsize; /* its size */
3840 int nextinuse; /* true if nextchunk is used */
3841 INTERNAL_SIZE_T prevsize; /* size of previous contiguous chunk */
3842 mchunkptr bck; /* misc temp for linking */
3843 mchunkptr fwd; /* misc temp for linking */
3845 const char *errstr = NULL;
3846 int locked = 0;
3848 size = chunksize (p);
3850 /* Little security check which won't hurt performance: the
3851 allocator never wrapps around at the end of the address space.
3852 Therefore we can exclude some size values which might appear
3853 here by accident or by "design" from some intruder. */
3854 if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
3855 || __builtin_expect (misaligned_chunk (p), 0))
3857 errstr = "free(): invalid pointer";
3858 errout:
3859 if (!have_lock && locked)
3860 (void) mutex_unlock (&av->mutex);
3861 malloc_printerr (check_action, errstr, chunk2mem (p), av);
3862 return;
3864 /* We know that each chunk is at least MINSIZE bytes in size or a
3865 multiple of MALLOC_ALIGNMENT. */
3866 if (__glibc_unlikely (size < MINSIZE || !aligned_OK (size)))
3868 errstr = "free(): invalid size";
3869 goto errout;
3872 check_inuse_chunk(av, p);
3874 /*
3875 If eligible, place chunk on a fastbin so it can be found
3876 and used quickly in malloc.
3877 */
3879 if ((unsigned long)(size) <= (unsigned long)(get_max_fast ())
3881 #if TRIM_FASTBINS
3882 /*
3883 If TRIM_FASTBINS set, don't place chunks
3884 bordering top into fastbins
3885 */
3886 && (chunk_at_offset(p, size) != av->top)
3887 #endif
3888 ) {
3890 if (__builtin_expect (chunk_at_offset (p, size)->size <= 2 * SIZE_SZ, 0)
3891 || __builtin_expect (chunksize (chunk_at_offset (p, size))
3892 >= av->system_mem, 0))
3894 /* We might not have a lock at this point and concurrent modifications
3895 of system_mem might have let to a false positive. Redo the test
3896 after getting the lock. */
3897 if (have_lock
3898 || ({ assert (locked == 0);
3899 mutex_lock(&av->mutex);
3900 locked = 1;
3901 chunk_at_offset (p, size)->size <= 2 * SIZE_SZ
3902 || chunksize (chunk_at_offset (p, size)) >= av->system_mem;
3903 }))
3905 errstr = "free(): invalid next size (fast)";
3906 goto errout;
3908 if (! have_lock)
3910 (void)mutex_unlock(&av->mutex);
3911 locked = 0;
3915 free_perturb (chunk2mem(p), size - 2 * SIZE_SZ);
3917 set_fastchunks(av);
3918 unsigned int idx = fastbin_index(size);
3919 fb = &fastbin (av, idx);
3921 /* Atomically link P to its fastbin: P->FD = *FB; *FB = P; */
3922 mchunkptr old = *fb, old2;
3923 unsigned int old_idx = ~0u;
3924 do
3926 /* Check that the top of the bin is not the record we are going to add
3927 (i.e., double free). */
3928 if (__builtin_expect (old == p, 0))
3930 errstr = "double free or corruption (fasttop)";
3931 goto errout;
3933 /* Check that size of fastbin chunk at the top is the same as
3934 size of the chunk that we are adding. We can dereference OLD
3935 only if we have the lock, otherwise it might have already been
3936 deallocated. See use of OLD_IDX below for the actual check. */
3937 if (have_lock && old != NULL)
3938 old_idx = fastbin_index(chunksize(old));
3939 p->fd = old2 = old;
3941 while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2)) != old2);
3943 if (have_lock && old != NULL && __builtin_expect (old_idx != idx, 0))
3945 errstr = "invalid fastbin entry (free)";
3946 goto errout;
3950 /*
3951 Consolidate other non-mmapped chunks as they arrive.
3952 */
3954 else if (!chunk_is_mmapped(p)) {
3955 if (! have_lock) {
3956 (void)mutex_lock(&av->mutex);
3957 locked = 1;
3960 nextchunk = chunk_at_offset(p, size);
3962 /* Lightweight tests: check whether the block is already the
3963 top block. */
3964 if (__glibc_unlikely (p == av->top))
3966 errstr = "double free or corruption (top)";
3967 goto errout;
3969 /* Or whether the next chunk is beyond the boundaries of the arena. */
3970 if (__builtin_expect (contiguous (av)
3971 && (char *) nextchunk
3972 >= ((char *) av->top + chunksize(av->top)), 0))
3974 errstr = "double free or corruption (out)";
3975 goto errout;
3977 /* Or whether the block is actually not marked used. */
3978 if (__glibc_unlikely (!prev_inuse(nextchunk)))
3980 errstr = "double free or corruption (!prev)";
3981 goto errout;
3984 nextsize = chunksize(nextchunk);
3985 if (__builtin_expect (nextchunk->size <= 2 * SIZE_SZ, 0)
3986 || __builtin_expect (nextsize >= av->system_mem, 0))
3988 errstr = "free(): invalid next size (normal)";
3989 goto errout;
3992 free_perturb (chunk2mem(p), size - 2 * SIZE_SZ);
3994 /* consolidate backward */
3995 if (!prev_inuse(p)) {
3996 prevsize = p->prev_size;
3997 size += prevsize;
3998 p = chunk_at_offset(p, -((long) prevsize));
3999 unlink(av, p, bck, fwd);
4002 if (nextchunk != av->top) {
4003 /* get and clear inuse bit */
4004 nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
4006 /* consolidate forward */
4007 if (!nextinuse) {
4008 unlink(av, nextchunk, bck, fwd);
4009 size += nextsize;
4010 } else
4011 clear_inuse_bit_at_offset(nextchunk, 0);
4013 /*
4014 Place the chunk in unsorted chunk list. Chunks are
4015 not placed into regular bins until after they have
4016 been given one chance to be used in malloc.
4017 */
4019 bck = unsorted_chunks(av);
4020 fwd = bck->fd;
4021 if (__glibc_unlikely (fwd->bk != bck))
4023 errstr = "free(): corrupted unsorted chunks";
4024 goto errout;
4026 p->fd = fwd;
4027 p->bk = bck;
4028 if (!in_smallbin_range(size))
4030 p->fd_nextsize = NULL;
4031 p->bk_nextsize = NULL;
4033 bck->fd = p;
4034 fwd->bk = p;
4036 set_head(p, size | PREV_INUSE);
4037 set_foot(p, size);
4039 check_free_chunk(av, p);
4042 /*
4043 If the chunk borders the current high end of memory,
4044 consolidate into top
4045 */
4047 else {
4048 size += nextsize;
4049 set_head(p, size | PREV_INUSE);
4050 av->top = p;
4051 check_chunk(av, p);
4054 /*
4055 If freeing a large space, consolidate possibly-surrounding
4056 chunks. Then, if the total unused topmost memory exceeds trim
4057 threshold, ask malloc_trim to reduce top.
4059 Unless max_fast is 0, we don't know if there are fastbins
4060 bordering top, so we cannot tell for sure whether threshold
4061 has been reached unless fastbins are consolidated. But we
4062 don't want to consolidate on each free. As a compromise,
4063 consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD
4064 is reached.
4065 */
4067 if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) {
4068 if (have_fastchunks(av))
4069 malloc_consolidate(av);
4071 if (av == &main_arena) {
4072 #ifndef MORECORE_CANNOT_TRIM
4073 if ((unsigned long)(chunksize(av->top)) >=
4074 (unsigned long)(mp_.trim_threshold))
4075 systrim(mp_.top_pad, av);
4076 #endif
4077 } else {
4078 /* Always try heap_trim(), even if the top chunk is not
4079 large, because the corresponding heap might go away. */
4080 heap_info *heap = heap_for_ptr(top(av));
4082 assert(heap->ar_ptr == av);
4083 heap_trim(heap, mp_.top_pad);
4087 if (! have_lock) {
4088 assert (locked);
4089 (void)mutex_unlock(&av->mutex);
4092 /*
4093 If the chunk was allocated via mmap, release via munmap().
4094 */
4096 else {
4097 munmap_chunk (p);
4101 /*
4102 ------------------------- malloc_consolidate -------------------------
4104 malloc_consolidate is a specialized version of free() that tears
4105 down chunks held in fastbins. Free itself cannot be used for this
4106 purpose since, among other things, it might place chunks back onto
4107 fastbins. So, instead, we need to use a minor variant of the same
4108 code.
4110 Also, because this routine needs to be called the first time through
4111 malloc anyway, it turns out to be the perfect place to trigger
4112 initialization code.
4113 */
4115 static void malloc_consolidate(mstate av)
4117 mfastbinptr* fb; /* current fastbin being consolidated */
4118 mfastbinptr* maxfb; /* last fastbin (for loop control) */
4119 mchunkptr p; /* current chunk being consolidated */
4120 mchunkptr nextp; /* next chunk to consolidate */
4121 mchunkptr unsorted_bin; /* bin header */
4122 mchunkptr first_unsorted; /* chunk to link to */
4124 /* These have same use as in free() */
4125 mchunkptr nextchunk;
4126 INTERNAL_SIZE_T size;
4127 INTERNAL_SIZE_T nextsize;
4128 INTERNAL_SIZE_T prevsize;
4129 int nextinuse;
4130 mchunkptr bck;
4131 mchunkptr fwd;
4133 /*
4134 If max_fast is 0, we know that av hasn't
4135 yet been initialized, in which case do so below
4136 */
4138 if (get_max_fast () != 0) {
4139 clear_fastchunks(av);
4141 unsorted_bin = unsorted_chunks(av);
4143 /*
4144 Remove each chunk from fast bin and consolidate it, placing it
4145 then in unsorted bin. Among other reasons for doing this,
4146 placing in unsorted bin avoids needing to calculate actual bins
4147 until malloc is sure that chunks aren't immediately going to be
4148 reused anyway.
4149 */
4151 maxfb = &fastbin (av, NFASTBINS - 1);
4152 fb = &fastbin (av, 0);
4153 do {
4154 p = atomic_exchange_acq (fb, 0);
4155 if (p != 0) {
4156 do {
4157 check_inuse_chunk(av, p);
4158 nextp = p->fd;
4160 /* Slightly streamlined version of consolidation code in free() */
4161 size = p->size & ~(PREV_INUSE|NON_MAIN_ARENA);
4162 nextchunk = chunk_at_offset(p, size);
4163 nextsize = chunksize(nextchunk);
4165 if (!prev_inuse(p)) {
4166 prevsize = p->prev_size;
4167 size += prevsize;
4168 p = chunk_at_offset(p, -((long) prevsize));
4169 unlink(av, p, bck, fwd);
4172 if (nextchunk != av->top) {
4173 nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
4175 if (!nextinuse) {
4176 size += nextsize;
4177 unlink(av, nextchunk, bck, fwd);
4178 } else
4179 clear_inuse_bit_at_offset(nextchunk, 0);
4181 first_unsorted = unsorted_bin->fd;
4182 unsorted_bin->fd = p;
4183 first_unsorted->bk = p;
4185 if (!in_smallbin_range (size)) {
4186 p->fd_nextsize = NULL;
4187 p->bk_nextsize = NULL;
4190 set_head(p, size | PREV_INUSE);
4191 p->bk = unsorted_bin;
4192 p->fd = first_unsorted;
4193 set_foot(p, size);
4196 else {
4197 size += nextsize;
4198 set_head(p, size | PREV_INUSE);
4199 av->top = p;
4202 } while ( (p = nextp) != 0);
4205 } while (fb++ != maxfb);
4207 else {
4208 malloc_init_state(av);
4209 check_malloc_state(av);
4213 /*
4214 ------------------------------ realloc ------------------------------
4215 */
4217 void*
4218 _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
4219 INTERNAL_SIZE_T nb)
4221 mchunkptr newp; /* chunk to return */
4222 INTERNAL_SIZE_T newsize; /* its size */
4223 void* newmem; /* corresponding user mem */
4225 mchunkptr next; /* next contiguous chunk after oldp */
4227 mchunkptr remainder; /* extra space at end of newp */
4228 unsigned long remainder_size; /* its size */
4230 mchunkptr bck; /* misc temp for linking */
4231 mchunkptr fwd; /* misc temp for linking */
4233 unsigned long copysize; /* bytes to copy */
4234 unsigned int ncopies; /* INTERNAL_SIZE_T words to copy */
4235 INTERNAL_SIZE_T* s; /* copy source */
4236 INTERNAL_SIZE_T* d; /* copy destination */
4238 const char *errstr = NULL;
4240 /* oldmem size */
4241 if (__builtin_expect (oldp->size <= 2 * SIZE_SZ, 0)
4242 || __builtin_expect (oldsize >= av->system_mem, 0))
4244 errstr = "realloc(): invalid old size";
4245 errout:
4246 malloc_printerr (check_action, errstr, chunk2mem (oldp), av);
4247 return NULL;
4250 check_inuse_chunk (av, oldp);
4252 /* All callers already filter out mmap'ed chunks. */
4253 assert (!chunk_is_mmapped (oldp));
4255 next = chunk_at_offset (oldp, oldsize);
4256 INTERNAL_SIZE_T nextsize = chunksize (next);
4257 if (__builtin_expect (next->size <= 2 * SIZE_SZ, 0)
4258 || __builtin_expect (nextsize >= av->system_mem, 0))
4260 errstr = "realloc(): invalid next size";
4261 goto errout;
4264 if ((unsigned long) (oldsize) >= (unsigned long) (nb))
4266 /* already big enough; split below */
4267 newp = oldp;
4268 newsize = oldsize;
4271 else
4273 /* Try to expand forward into top */
4274 if (next == av->top &&
4275 (unsigned long) (newsize = oldsize + nextsize) >=
4276 (unsigned long) (nb + MINSIZE))
4278 set_head_size (oldp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0));
4279 av->top = chunk_at_offset (oldp, nb);
4280 set_head (av->top, (newsize - nb) | PREV_INUSE);
4281 check_inuse_chunk (av, oldp);
4282 return chunk2mem (oldp);
4285 /* Try to expand forward into next chunk; split off remainder below */
4286 else if (next != av->top &&
4287 !inuse (next) &&
4288 (unsigned long) (newsize = oldsize + nextsize) >=
4289 (unsigned long) (nb))
4291 newp = oldp;
4292 unlink (av, next, bck, fwd);
4295 /* allocate, copy, free */
4296 else
4298 newmem = _int_malloc (av, nb - MALLOC_ALIGN_MASK);
4299 if (newmem == 0)
4300 return 0; /* propagate failure */
4302 newp = mem2chunk (newmem);
4303 newsize = chunksize (newp);
4305 /*
4306 Avoid copy if newp is next chunk after oldp.
4307 */
4308 if (newp == next)
4310 newsize += oldsize;
4311 newp = oldp;
4313 else
4315 /*
4316 Unroll copy of <= 36 bytes (72 if 8byte sizes)
4317 We know that contents have an odd number of
4318 INTERNAL_SIZE_T-sized words; minimally 3.
4319 */
4321 copysize = oldsize - SIZE_SZ;
4322 s = (INTERNAL_SIZE_T *) (chunk2mem (oldp));
4323 d = (INTERNAL_SIZE_T *) (newmem);
4324 ncopies = copysize / sizeof (INTERNAL_SIZE_T);
4325 assert (ncopies >= 3);
4327 if (ncopies > 9)
4328 memcpy (d, s, copysize);
4330 else
4332 *(d + 0) = *(s + 0);
4333 *(d + 1) = *(s + 1);
4334 *(d + 2) = *(s + 2);
4335 if (ncopies > 4)
4337 *(d + 3) = *(s + 3);
4338 *(d + 4) = *(s + 4);
4339 if (ncopies > 6)
4341 *(d + 5) = *(s + 5);
4342 *(d + 6) = *(s + 6);
4343 if (ncopies > 8)
4345 *(d + 7) = *(s + 7);
4346 *(d + 8) = *(s + 8);
4352 _int_free (av, oldp, 1);
4353 check_inuse_chunk (av, newp);
4354 return chunk2mem (newp);
4359 /* If possible, free extra space in old or extended chunk */
4361 assert ((unsigned long) (newsize) >= (unsigned long) (nb));
4363 remainder_size = newsize - nb;
4365 if (remainder_size < MINSIZE) /* not enough extra to split off */
4367 set_head_size (newp, newsize | (av != &main_arena ? NON_MAIN_ARENA : 0));
4368 set_inuse_bit_at_offset (newp, newsize);
4370 else /* split remainder */
4372 remainder = chunk_at_offset (newp, nb);
4373 set_head_size (newp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0));
4374 set_head (remainder, remainder_size | PREV_INUSE |
4375 (av != &main_arena ? NON_MAIN_ARENA : 0));
4376 /* Mark remainder as inuse so free() won't complain */
4377 set_inuse_bit_at_offset (remainder, remainder_size);
4378 _int_free (av, remainder, 1);
4381 check_inuse_chunk (av, newp);
4382 return chunk2mem (newp);
4385 /*
4386 ------------------------------ memalign ------------------------------
4387 */
4389 static void *
4390 _int_memalign (mstate av, size_t alignment, size_t bytes)
4392 INTERNAL_SIZE_T nb; /* padded request size */
4393 char *m; /* memory returned by malloc call */
4394 mchunkptr p; /* corresponding chunk */
4395 char *brk; /* alignment point within p */
4396 mchunkptr newp; /* chunk to return */
4397 INTERNAL_SIZE_T newsize; /* its size */
4398 INTERNAL_SIZE_T leadsize; /* leading space before alignment point */
4399 mchunkptr remainder; /* spare room at end to split off */
4400 unsigned long remainder_size; /* its size */
4401 INTERNAL_SIZE_T size;
4405 checked_request2size (bytes, nb);
4407 /*
4408 Strategy: find a spot within that chunk that meets the alignment
4409 request, and then possibly free the leading and trailing space.
4410 */
4413 /* Call malloc with worst case padding to hit alignment. */
4415 m = (char *) (_int_malloc (av, nb + alignment + MINSIZE));
4417 if (m == 0)
4418 return 0; /* propagate failure */
4420 p = mem2chunk (m);
4422 if ((((unsigned long) (m)) % alignment) != 0) /* misaligned */
4424 { /*
4425 Find an aligned spot inside chunk. Since we need to give back
4426 leading space in a chunk of at least MINSIZE, if the first
4427 calculation places us at a spot with less than MINSIZE leader,
4428 we can move to the next aligned spot -- we've allocated enough
4429 total room so that this is always possible.
4430 */
4431 brk = (char *) mem2chunk (((unsigned long) (m + alignment - 1)) &
4432 - ((signed long) alignment));
4433 if ((unsigned long) (brk - (char *) (p)) < MINSIZE)
4434 brk += alignment;
4436 newp = (mchunkptr) brk;
4437 leadsize = brk - (char *) (p);
4438 newsize = chunksize (p) - leadsize;
4440 /* For mmapped chunks, just adjust offset */
4441 if (chunk_is_mmapped (p))
4443 newp->prev_size = p->prev_size + leadsize;
4444 set_head (newp, newsize | IS_MMAPPED);
4445 return chunk2mem (newp);
4448 /* Otherwise, give back leader, use the rest */
4449 set_head (newp, newsize | PREV_INUSE |
4450 (av != &main_arena ? NON_MAIN_ARENA : 0));
4451 set_inuse_bit_at_offset (newp, newsize);
4452 set_head_size (p, leadsize | (av != &main_arena ? NON_MAIN_ARENA : 0));
4453 _int_free (av, p, 1);
4454 p = newp;
4456 assert (newsize >= nb &&
4457 (((unsigned long) (chunk2mem (p))) % alignment) == 0);
4460 /* Also give back spare room at the end */
4461 if (!chunk_is_mmapped (p))
4463 size = chunksize (p);
4464 if ((unsigned long) (size) > (unsigned long) (nb + MINSIZE))
4466 remainder_size = size - nb;
4467 remainder = chunk_at_offset (p, nb);
4468 set_head (remainder, remainder_size | PREV_INUSE |
4469 (av != &main_arena ? NON_MAIN_ARENA : 0));
4470 set_head_size (p, nb);
4471 _int_free (av, remainder, 1);
4475 check_inuse_chunk (av, p);
4476 return chunk2mem (p);
4480 /*
4481 ------------------------------ malloc_trim ------------------------------
4482 */
4484 static int
4485 mtrim (mstate av, size_t pad)
4487 /* Don't touch corrupt arenas. */
4488 if (arena_is_corrupt (av))
4489 return 0;
4491 /* Ensure initialization/consolidation */
4492 malloc_consolidate (av);
4494 const size_t ps = GLRO (dl_pagesize);
4495 int psindex = bin_index (ps);
4496 const size_t psm1 = ps - 1;
4498 int result = 0;
4499 for (int i = 1; i < NBINS; ++i)
4500 if (i == 1 || i >= psindex)
4502 mbinptr bin = bin_at (av, i);
4504 for (mchunkptr p = last (bin); p != bin; p = p->bk)
4506 INTERNAL_SIZE_T size = chunksize (p);
4508 if (size > psm1 + sizeof (struct malloc_chunk))
4510 /* See whether the chunk contains at least one unused page. */
4511 char *paligned_mem = (char *) (((uintptr_t) p
4512 + sizeof (struct malloc_chunk)
4513 + psm1) & ~psm1);
4515 assert ((char *) chunk2mem (p) + 4 * SIZE_SZ <= paligned_mem);
4516 assert ((char *) p + size > paligned_mem);
4518 /* This is the size we could potentially free. */
4519 size -= paligned_mem - (char *) p;
4521 if (size > psm1)
4523 #if MALLOC_DEBUG
4524 /* When debugging we simulate destroying the memory
4525 content. */
4526 memset (paligned_mem, 0x89, size & ~psm1);
4527 #endif
4528 __madvise (paligned_mem, size & ~psm1, MADV_DONTNEED);
4530 result = 1;
4536 #ifndef MORECORE_CANNOT_TRIM
4537 return result | (av == &main_arena ? systrim (pad, av) : 0);
4539 #else
4540 return result;
4541 #endif
4545 int
4546 __malloc_trim (size_t s)
4548 int result = 0;
4550 if (__malloc_initialized < 0)
4551 ptmalloc_init ();
4553 mstate ar_ptr = &main_arena;
4554 do
4556 (void) mutex_lock (&ar_ptr->mutex);
4557 result |= mtrim (ar_ptr, s);
4558 (void) mutex_unlock (&ar_ptr->mutex);
4560 ar_ptr = ar_ptr->next;
4562 while (ar_ptr != &main_arena);
4564 return result;
4568 /*
4569 ------------------------- malloc_usable_size -------------------------
4570 */
4572 static size_t
4573 musable (void *mem)
4575 mchunkptr p;
4576 if (mem != 0)
4578 p = mem2chunk (mem);
4580 if (__builtin_expect (using_malloc_checking == 1, 0))
4581 return malloc_check_get_size (p);
4583 if (chunk_is_mmapped (p))
4584 return chunksize (p) - 2 * SIZE_SZ;
4585 else if (inuse (p))
4586 return chunksize (p) - SIZE_SZ;
4588 return 0;
4592 size_t
4593 __malloc_usable_size (void *m)
4595 size_t result;
4597 result = musable (m);
4598 return result;
4601 /*
4602 ------------------------------ mallinfo ------------------------------
4603 Accumulate malloc statistics for arena AV into M.
4604 */
4606 static void
4607 int_mallinfo (mstate av, struct mallinfo *m)
4609 size_t i;
4610 mbinptr b;
4611 mchunkptr p;
4612 INTERNAL_SIZE_T avail;
4613 INTERNAL_SIZE_T fastavail;
4614 int nblocks;
4615 int nfastblocks;
4617 /* Ensure initialization */
4618 if (av->top == 0)
4619 malloc_consolidate (av);
4621 check_malloc_state (av);
4623 /* Account for top */
4624 avail = chunksize (av->top);
4625 nblocks = 1; /* top always exists */
4627 /* traverse fastbins */
4628 nfastblocks = 0;
4629 fastavail = 0;
4631 for (i = 0; i < NFASTBINS; ++i)
4633 for (p = fastbin (av, i); p != 0; p = p->fd)
4635 ++nfastblocks;
4636 fastavail += chunksize (p);
4640 avail += fastavail;
4642 /* traverse regular bins */
4643 for (i = 1; i < NBINS; ++i)
4645 b = bin_at (av, i);
4646 for (p = last (b); p != b; p = p->bk)
4648 ++nblocks;
4649 avail += chunksize (p);
4653 m->smblks += nfastblocks;
4654 m->ordblks += nblocks;
4655 m->fordblks += avail;
4656 m->uordblks += av->system_mem - avail;
4657 m->arena += av->system_mem;
4658 m->fsmblks += fastavail;
4659 if (av == &main_arena)
4661 m->hblks = mp_.n_mmaps;
4662 m->hblkhd = mp_.mmapped_mem;
4663 m->usmblks = mp_.max_total_mem;
4664 m->keepcost = chunksize (av->top);
4669 struct mallinfo
4670 __libc_mallinfo ()
4672 struct mallinfo m;
4673 mstate ar_ptr;
4675 if (__malloc_initialized < 0)
4676 ptmalloc_init ();
4678 memset (&m, 0, sizeof (m));
4679 ar_ptr = &main_arena;
4680 do
4682 (void) mutex_lock (&ar_ptr->mutex);
4683 int_mallinfo (ar_ptr, &m);
4684 (void) mutex_unlock (&ar_ptr->mutex);
4686 ar_ptr = ar_ptr->next;
4688 while (ar_ptr != &main_arena);
4690 return m;
4693 /*
4694 ------------------------------ malloc_stats ------------------------------
4695 */
4697 void
4698 __malloc_stats (void)
4700 int i;
4701 mstate ar_ptr;
4702 unsigned int in_use_b = mp_.mmapped_mem, system_b = in_use_b;
4704 if (__malloc_initialized < 0)
4705 ptmalloc_init ();
4706 _IO_flockfile (stderr);
4707 int old_flags2 = ((_IO_FILE *) stderr)->_flags2;
4708 ((_IO_FILE *) stderr)->_flags2 |= _IO_FLAGS2_NOTCANCEL;
4709 for (i = 0, ar_ptr = &main_arena;; i++)
4711 struct mallinfo mi;
4713 memset (&mi, 0, sizeof (mi));
4714 (void) mutex_lock (&ar_ptr->mutex);
4715 int_mallinfo (ar_ptr, &mi);
4716 fprintf (stderr, "Arena %d:\n", i);
4717 fprintf (stderr, "system bytes = %10u\n", (unsigned int) mi.arena);
4718 fprintf (stderr, "in use bytes = %10u\n", (unsigned int) mi.uordblks);
4719 #if MALLOC_DEBUG > 1
4720 if (i > 0)
4721 dump_heap (heap_for_ptr (top (ar_ptr)));
4722 #endif
4723 system_b += mi.arena;
4724 in_use_b += mi.uordblks;
4725 (void) mutex_unlock (&ar_ptr->mutex);
4726 ar_ptr = ar_ptr->next;
4727 if (ar_ptr == &main_arena)
4728 break;
4730 fprintf (stderr, "Total (incl. mmap):\n");
4731 fprintf (stderr, "system bytes = %10u\n", system_b);
4732 fprintf (stderr, "in use bytes = %10u\n", in_use_b);
4733 fprintf (stderr, "max mmap regions = %10u\n", (unsigned int) mp_.max_n_mmaps);
4734 fprintf (stderr, "max mmap bytes = %10lu\n",
4735 (unsigned long) mp_.max_mmapped_mem);
4736 ((_IO_FILE *) stderr)->_flags2 |= old_flags2;
4737 _IO_funlockfile (stderr);
4741 /*
4742 ------------------------------ mallopt ------------------------------
4743 */
4745 int
4746 __libc_mallopt (int param_number, int value)
4748 mstate av = &main_arena;
4749 int res = 1;
4751 if (__malloc_initialized < 0)
4752 ptmalloc_init ();
4753 (void) mutex_lock (&av->mutex);
4754 /* Ensure initialization/consolidation */
4755 malloc_consolidate (av);
4757 LIBC_PROBE (memory_mallopt, 2, param_number, value);
4759 switch (param_number)
4761 case M_MXFAST:
4762 if (value >= 0 && value <= MAX_FAST_SIZE)
4764 LIBC_PROBE (memory_mallopt_mxfast, 2, value, get_max_fast ());
4765 set_max_fast (value);
4767 else
4768 res = 0;
4769 break;
4771 case M_TRIM_THRESHOLD:
4772 LIBC_PROBE (memory_mallopt_trim_threshold, 3, value,
4773 mp_.trim_threshold, mp_.no_dyn_threshold);
4774 mp_.trim_threshold = value;
4775 mp_.no_dyn_threshold = 1;
4776 break;
4778 case M_TOP_PAD:
4779 LIBC_PROBE (memory_mallopt_top_pad, 3, value,
4780 mp_.top_pad, mp_.no_dyn_threshold);
4781 mp_.top_pad = value;
4782 mp_.no_dyn_threshold = 1;
4783 break;
4785 case M_MMAP_THRESHOLD:
4786 /* Forbid setting the threshold too high. */
4787 if ((unsigned long) value > HEAP_MAX_SIZE / 2)
4788 res = 0;
4789 else
4791 LIBC_PROBE (memory_mallopt_mmap_threshold, 3, value,
4792 mp_.mmap_threshold, mp_.no_dyn_threshold);
4793 mp_.mmap_threshold = value;
4794 mp_.no_dyn_threshold = 1;
4796 break;
4798 case M_MMAP_MAX:
4799 LIBC_PROBE (memory_mallopt_mmap_max, 3, value,
4800 mp_.n_mmaps_max, mp_.no_dyn_threshold);
4801 mp_.n_mmaps_max = value;
4802 mp_.no_dyn_threshold = 1;
4803 break;
4805 case M_CHECK_ACTION:
4806 LIBC_PROBE (memory_mallopt_check_action, 2, value, check_action);
4807 check_action = value;
4808 break;
4810 case M_PERTURB:
4811 LIBC_PROBE (memory_mallopt_perturb, 2, value, perturb_byte);
4812 perturb_byte = value;
4813 break;
4815 case M_ARENA_TEST:
4816 if (value > 0)
4818 LIBC_PROBE (memory_mallopt_arena_test, 2, value, mp_.arena_test);
4819 mp_.arena_test = value;
4821 break;
4823 case M_ARENA_MAX:
4824 if (value > 0)
4826 LIBC_PROBE (memory_mallopt_arena_max, 2, value, mp_.arena_max);
4827 mp_.arena_max = value;
4829 break;
4831 (void) mutex_unlock (&av->mutex);
4832 return res;
4834 libc_hidden_def (__libc_mallopt)
4837 /*
4838 -------------------- Alternative MORECORE functions --------------------
4839 */
4842 /*
4843 General Requirements for MORECORE.
4845 The MORECORE function must have the following properties:
4847 If MORECORE_CONTIGUOUS is false:
4849 * MORECORE must allocate in multiples of pagesize. It will
4850 only be called with arguments that are multiples of pagesize.
4852 * MORECORE(0) must return an address that is at least
4853 MALLOC_ALIGNMENT aligned. (Page-aligning always suffices.)
4855 else (i.e. If MORECORE_CONTIGUOUS is true):
4857 * Consecutive calls to MORECORE with positive arguments
4858 return increasing addresses, indicating that space has been
4859 contiguously extended.
4861 * MORECORE need not allocate in multiples of pagesize.
4862 Calls to MORECORE need not have args of multiples of pagesize.
4864 * MORECORE need not page-align.
4866 In either case:
4868 * MORECORE may allocate more memory than requested. (Or even less,
4869 but this will generally result in a malloc failure.)
4871 * MORECORE must not allocate memory when given argument zero, but
4872 instead return one past the end address of memory from previous
4873 nonzero call. This malloc does NOT call MORECORE(0)
4874 until at least one call with positive arguments is made, so
4875 the initial value returned is not important.
4877 * Even though consecutive calls to MORECORE need not return contiguous
4878 addresses, it must be OK for malloc'ed chunks to span multiple
4879 regions in those cases where they do happen to be contiguous.
4881 * MORECORE need not handle negative arguments -- it may instead
4882 just return MORECORE_FAILURE when given negative arguments.
4883 Negative arguments are always multiples of pagesize. MORECORE
4884 must not misinterpret negative args as large positive unsigned
4885 args. You can suppress all such calls from even occurring by defining
4886 MORECORE_CANNOT_TRIM,
4888 There is some variation across systems about the type of the
4889 argument to sbrk/MORECORE. If size_t is unsigned, then it cannot
4890 actually be size_t, because sbrk supports negative args, so it is
4891 normally the signed type of the same width as size_t (sometimes
4892 declared as "intptr_t", and sometimes "ptrdiff_t"). It doesn't much
4893 matter though. Internally, we use "long" as arguments, which should
4894 work across all reasonable possibilities.
4896 Additionally, if MORECORE ever returns failure for a positive
4897 request, then mmap is used as a noncontiguous system allocator. This
4898 is a useful backup strategy for systems with holes in address spaces
4899 -- in this case sbrk cannot contiguously expand the heap, but mmap
4900 may be able to map noncontiguous space.
4902 If you'd like mmap to ALWAYS be used, you can define MORECORE to be
4903 a function that always returns MORECORE_FAILURE.
4905 If you are using this malloc with something other than sbrk (or its
4906 emulation) to supply memory regions, you probably want to set
4907 MORECORE_CONTIGUOUS as false. As an example, here is a custom
4908 allocator kindly contributed for pre-OSX macOS. It uses virtually
4909 but not necessarily physically contiguous non-paged memory (locked
4910 in, present and won't get swapped out). You can use it by
4911 uncommenting this section, adding some #includes, and setting up the
4912 appropriate defines above:
4914 *#define MORECORE osMoreCore
4915 *#define MORECORE_CONTIGUOUS 0
4917 There is also a shutdown routine that should somehow be called for
4918 cleanup upon program exit.
4920 *#define MAX_POOL_ENTRIES 100
4921 *#define MINIMUM_MORECORE_SIZE (64 * 1024)
4922 static int next_os_pool;
4923 void *our_os_pools[MAX_POOL_ENTRIES];
4925 void *osMoreCore(int size)
4927 void *ptr = 0;
4928 static void *sbrk_top = 0;
4930 if (size > 0)
4932 if (size < MINIMUM_MORECORE_SIZE)
4933 size = MINIMUM_MORECORE_SIZE;
4934 if (CurrentExecutionLevel() == kTaskLevel)
4935 ptr = PoolAllocateResident(size + RM_PAGE_SIZE, 0);
4936 if (ptr == 0)
4938 return (void *) MORECORE_FAILURE;
4940 // save ptrs so they can be freed during cleanup
4941 our_os_pools[next_os_pool] = ptr;
4942 next_os_pool++;
4943 ptr = (void *) ((((unsigned long) ptr) + RM_PAGE_MASK) & ~RM_PAGE_MASK);
4944 sbrk_top = (char *) ptr + size;
4945 return ptr;
4947 else if (size < 0)
4949 // we don't currently support shrink behavior
4950 return (void *) MORECORE_FAILURE;
4952 else
4954 return sbrk_top;
4958 // cleanup any allocated memory pools
4959 // called as last thing before shutting down driver
4961 void osCleanupMem(void)
4963 void **ptr;
4965 for (ptr = our_os_pools; ptr < &our_os_pools[MAX_POOL_ENTRIES]; ptr++)
4966 if (*ptr)
4968 PoolDeallocate(*ptr);
4969 * ptr = 0;
4973 */
4976 /* Helper code. */
4978 extern char **__libc_argv attribute_hidden;
4980 static void
4981 malloc_printerr (int action, const char *str, void *ptr, mstate ar_ptr)
4983 /* Avoid using this arena in future. We do not attempt to synchronize this
4984 with anything else because we minimally want to ensure that __libc_message
4985 gets its resources safely without stumbling on the current corruption. */
4986 if (ar_ptr)
4987 set_arena_corrupt (ar_ptr);
4989 if ((action & 5) == 5)
4990 __libc_message (action & 2, "%s\n", str);
4991 else if (action & 1)
4993 char buf[2 * sizeof (uintptr_t) + 1];
4995 buf[sizeof (buf) - 1] = '\0';
4996 char *cp = _itoa_word ((uintptr_t) ptr, &buf[sizeof (buf) - 1], 16, 0);
4997 while (cp > buf)
4998 *--cp = '0';
5000 __libc_message (action & 2, "*** Error in `%s': %s: 0x%s ***\n",
5001 __libc_argv[0] ? : "<unknown>", str, cp);
5003 else if (action & 2)
5004 abort ();
5007 /* We need a wrapper function for one of the additions of POSIX. */
5008 int
5009 __posix_memalign (void **memptr, size_t alignment, size_t size)
5011 void *mem;
5013 /* Test whether the SIZE argument is valid. It must be a power of
5014 two multiple of sizeof (void *). */
5015 if (alignment % sizeof (void *) != 0
5016 || !powerof2 (alignment / sizeof (void *))
5017 || alignment == 0)
5018 return EINVAL;
5021 void *address = RETURN_ADDRESS (0);
5022 mem = _mid_memalign (alignment, size, address);
5024 if (mem != NULL)
5026 *memptr = mem;
5027 return 0;
5030 return ENOMEM;
5032 weak_alias (__posix_memalign, posix_memalign)
5035 int
5036 __malloc_info (int options, FILE *fp)
5038 /* For now, at least. */
5039 if (options != 0)
5040 return EINVAL;
5042 int n = 0;
5043 size_t total_nblocks = 0;
5044 size_t total_nfastblocks = 0;
5045 size_t total_avail = 0;
5046 size_t total_fastavail = 0;
5047 size_t total_system = 0;
5048 size_t total_max_system = 0;
5049 size_t total_aspace = 0;
5050 size_t total_aspace_mprotect = 0;
5054 if (__malloc_initialized < 0)
5055 ptmalloc_init ();
5057 fputs ("<malloc version=\"1\">\n", fp);
5059 /* Iterate over all arenas currently in use. */
5060 mstate ar_ptr = &main_arena;
5061 do
5063 fprintf (fp, "<heap nr=\"%d\">\n<sizes>\n", n++);
5065 size_t nblocks = 0;
5066 size_t nfastblocks = 0;
5067 size_t avail = 0;
5068 size_t fastavail = 0;
5069 struct
5071 size_t from;
5072 size_t to;
5073 size_t total;
5074 size_t count;
5075 } sizes[NFASTBINS + NBINS - 1];
5076 #define nsizes (sizeof (sizes) / sizeof (sizes[0]))
5078 mutex_lock (&ar_ptr->mutex);
5080 for (size_t i = 0; i < NFASTBINS; ++i)
5082 mchunkptr p = fastbin (ar_ptr, i);
5083 if (p != NULL)
5085 size_t nthissize = 0;
5086 size_t thissize = chunksize (p);
5088 while (p != NULL)
5090 ++nthissize;
5091 p = p->fd;
5094 fastavail += nthissize * thissize;
5095 nfastblocks += nthissize;
5096 sizes[i].from = thissize - (MALLOC_ALIGNMENT - 1);
5097 sizes[i].to = thissize;
5098 sizes[i].count = nthissize;
5100 else
5101 sizes[i].from = sizes[i].to = sizes[i].count = 0;
5103 sizes[i].total = sizes[i].count * sizes[i].to;
5107 mbinptr bin;
5108 struct malloc_chunk *r;
5110 for (size_t i = 1; i < NBINS; ++i)
5112 bin = bin_at (ar_ptr, i);
5113 r = bin->fd;
5114 sizes[NFASTBINS - 1 + i].from = ~((size_t) 0);
5115 sizes[NFASTBINS - 1 + i].to = sizes[NFASTBINS - 1 + i].total
5116 = sizes[NFASTBINS -