powerpc: Fix logbl on power7 [BZ# 21280]
[glibc.git] / malloc / malloc.c
blob068ffc1684cc368bbeceb95d6d310b6042311e1c
1 /* Malloc implementation for multiple threads without lock contention.
2 Copyright (C) 1996-2017 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Wolfram Gloger <wg@malloc.de>
5 and Doug Lea <dl@cs.oswego.edu>, 2001.
7 The GNU C Library is free software; you can redistribute it and/or
8 modify it under the terms of the GNU Lesser General Public License as
9 published by the Free Software Foundation; either version 2.1 of the
10 License, or (at your option) any later version.
12 The GNU C Library is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public
18 License along with the GNU C Library; see the file COPYING.LIB. If
19 not, see <http://www.gnu.org/licenses/>. */
22 This is a version (aka ptmalloc2) of malloc/free/realloc written by
23 Doug Lea and adapted to multiple threads/arenas by Wolfram Gloger.
25 There have been substantial changes made after the integration into
26 glibc in all parts of the code. Do not look for much commonality
27 with the ptmalloc2 version.
29 * Version ptmalloc2-20011215
30 based on:
31 VERSION 2.7.0 Sun Mar 11 14:14:06 2001 Doug Lea (dl at gee)
33 * Quickstart
35 In order to compile this implementation, a Makefile is provided with
36 the ptmalloc2 distribution, which has pre-defined targets for some
37 popular systems (e.g. "make posix" for Posix threads). All that is
38 typically required with regard to compiler flags is the selection of
39 the thread package via defining one out of USE_PTHREADS, USE_THR or
40 USE_SPROC. Check the thread-m.h file for what effects this has.
41 Many/most systems will additionally require USE_TSD_DATA_HACK to be
42 defined, so this is the default for "make posix".
44 * Why use this malloc?
46 This is not the fastest, most space-conserving, most portable, or
47 most tunable malloc ever written. However it is among the fastest
48 while also being among the most space-conserving, portable and tunable.
49 Consistent balance across these factors results in a good general-purpose
50 allocator for malloc-intensive programs.
52 The main properties of the algorithms are:
53 * For large (>= 512 bytes) requests, it is a pure best-fit allocator,
54 with ties normally decided via FIFO (i.e. least recently used).
55 * For small (<= 64 bytes by default) requests, it is a caching
56 allocator, that maintains pools of quickly recycled chunks.
57 * In between, and for combinations of large and small requests, it does
58 the best it can trying to meet both goals at once.
59 * For very large requests (>= 128KB by default), it relies on system
60 memory mapping facilities, if supported.
62 For a longer but slightly out of date high-level description, see
63 http://gee.cs.oswego.edu/dl/html/malloc.html
65 You may already by default be using a C library containing a malloc
66 that is based on some version of this malloc (for example in
67 linux). You might still want to use the one in this file in order to
68 customize settings or to avoid overheads associated with library
69 versions.
71 * Contents, described in more detail in "description of public routines" below.
73 Standard (ANSI/SVID/...) functions:
74 malloc(size_t n);
75 calloc(size_t n_elements, size_t element_size);
76 free(void* p);
77 realloc(void* p, size_t n);
78 memalign(size_t alignment, size_t n);
79 valloc(size_t n);
80 mallinfo()
81 mallopt(int parameter_number, int parameter_value)
83 Additional functions:
84 independent_calloc(size_t n_elements, size_t size, void* chunks[]);
85 independent_comalloc(size_t n_elements, size_t sizes[], void* chunks[]);
86 pvalloc(size_t n);
87 malloc_trim(size_t pad);
88 malloc_usable_size(void* p);
89 malloc_stats();
91 * Vital statistics:
93 Supported pointer representation: 4 or 8 bytes
94 Supported size_t representation: 4 or 8 bytes
95 Note that size_t is allowed to be 4 bytes even if pointers are 8.
96 You can adjust this by defining INTERNAL_SIZE_T
98 Alignment: 2 * sizeof(size_t) (default)
99 (i.e., 8 byte alignment with 4byte size_t). This suffices for
100 nearly all current machines and C compilers. However, you can
101 define MALLOC_ALIGNMENT to be wider than this if necessary.
103 Minimum overhead per allocated chunk: 4 or 8 bytes
104 Each malloced chunk has a hidden word of overhead holding size
105 and status information.
107 Minimum allocated size: 4-byte ptrs: 16 bytes (including 4 overhead)
108 8-byte ptrs: 24/32 bytes (including, 4/8 overhead)
110 When a chunk is freed, 12 (for 4byte ptrs) or 20 (for 8 byte
111 ptrs but 4 byte size) or 24 (for 8/8) additional bytes are
112 needed; 4 (8) for a trailing size field and 8 (16) bytes for
113 free list pointers. Thus, the minimum allocatable size is
114 16/24/32 bytes.
116 Even a request for zero bytes (i.e., malloc(0)) returns a
117 pointer to something of the minimum allocatable size.
119 The maximum overhead wastage (i.e., number of extra bytes
120 allocated than were requested in malloc) is less than or equal
121 to the minimum size, except for requests >= mmap_threshold that
122 are serviced via mmap(), where the worst case wastage is 2 *
123 sizeof(size_t) bytes plus the remainder from a system page (the
124 minimal mmap unit); typically 4096 or 8192 bytes.
126 Maximum allocated size: 4-byte size_t: 2^32 minus about two pages
127 8-byte size_t: 2^64 minus about two pages
129 It is assumed that (possibly signed) size_t values suffice to
130 represent chunk sizes. `Possibly signed' is due to the fact
131 that `size_t' may be defined on a system as either a signed or
132 an unsigned type. The ISO C standard says that it must be
133 unsigned, but a few systems are known not to adhere to this.
134 Additionally, even when size_t is unsigned, sbrk (which is by
135 default used to obtain memory from system) accepts signed
136 arguments, and may not be able to handle size_t-wide arguments
137 with negative sign bit. Generally, values that would
138 appear as negative after accounting for overhead and alignment
139 are supported only via mmap(), which does not have this
140 limitation.
142 Requests for sizes outside the allowed range will perform an optional
143 failure action and then return null. (Requests may also
144 also fail because a system is out of memory.)
146 Thread-safety: thread-safe
148 Compliance: I believe it is compliant with the 1997 Single Unix Specification
149 Also SVID/XPG, ANSI C, and probably others as well.
151 * Synopsis of compile-time options:
153 People have reported using previous versions of this malloc on all
154 versions of Unix, sometimes by tweaking some of the defines
155 below. It has been tested most extensively on Solaris and Linux.
156 People also report using it in stand-alone embedded systems.
158 The implementation is in straight, hand-tuned ANSI C. It is not
159 at all modular. (Sorry!) It uses a lot of macros. To be at all
160 usable, this code should be compiled using an optimizing compiler
161 (for example gcc -O3) that can simplify expressions and control
162 paths. (FAQ: some macros import variables as arguments rather than
163 declare locals because people reported that some debuggers
164 otherwise get confused.)
166 OPTION DEFAULT VALUE
168 Compilation Environment options:
170 HAVE_MREMAP 0
172 Changing default word sizes:
174 INTERNAL_SIZE_T size_t
176 Configuration and functionality options:
178 USE_PUBLIC_MALLOC_WRAPPERS NOT defined
179 USE_MALLOC_LOCK NOT defined
180 MALLOC_DEBUG NOT defined
181 REALLOC_ZERO_BYTES_FREES 1
182 TRIM_FASTBINS 0
184 Options for customizing MORECORE:
186 MORECORE sbrk
187 MORECORE_FAILURE -1
188 MORECORE_CONTIGUOUS 1
189 MORECORE_CANNOT_TRIM NOT defined
190 MORECORE_CLEARS 1
191 MMAP_AS_MORECORE_SIZE (1024 * 1024)
193 Tuning options that are also dynamically changeable via mallopt:
195 DEFAULT_MXFAST 64 (for 32bit), 128 (for 64bit)
196 DEFAULT_TRIM_THRESHOLD 128 * 1024
197 DEFAULT_TOP_PAD 0
198 DEFAULT_MMAP_THRESHOLD 128 * 1024
199 DEFAULT_MMAP_MAX 65536
201 There are several other #defined constants and macros that you
202 probably don't want to touch unless you are extending or adapting malloc. */
205 void* is the pointer type that malloc should say it returns
208 #ifndef void
209 #define void void
210 #endif /*void*/
212 #include <stddef.h> /* for size_t */
213 #include <stdlib.h> /* for getenv(), abort() */
214 #include <unistd.h> /* for __libc_enable_secure */
216 #include <atomic.h>
217 #include <_itoa.h>
218 #include <bits/wordsize.h>
219 #include <sys/sysinfo.h>
221 #include <ldsodefs.h>
223 #include <unistd.h>
224 #include <stdio.h> /* needed for malloc_stats */
225 #include <errno.h>
227 #include <shlib-compat.h>
229 /* For uintptr_t. */
230 #include <stdint.h>
232 /* For va_arg, va_start, va_end. */
233 #include <stdarg.h>
235 /* For MIN, MAX, powerof2. */
236 #include <sys/param.h>
238 /* For ALIGN_UP et. al. */
239 #include <libc-pointer-arith.h>
241 #include <malloc/malloc-internal.h>
244 Debugging:
246 Because freed chunks may be overwritten with bookkeeping fields, this
247 malloc will often die when freed memory is overwritten by user
248 programs. This can be very effective (albeit in an annoying way)
249 in helping track down dangling pointers.
251 If you compile with -DMALLOC_DEBUG, a number of assertion checks are
252 enabled that will catch more memory errors. You probably won't be
253 able to make much sense of the actual assertion errors, but they
254 should help you locate incorrectly overwritten memory. The checking
255 is fairly extensive, and will slow down execution
256 noticeably. Calling malloc_stats or mallinfo with MALLOC_DEBUG set
257 will attempt to check every non-mmapped allocated and free chunk in
258 the course of computing the summmaries. (By nature, mmapped regions
259 cannot be checked very much automatically.)
261 Setting MALLOC_DEBUG may also be helpful if you are trying to modify
262 this code. The assertions in the check routines spell out in more
263 detail the assumptions and invariants underlying the algorithms.
265 Setting MALLOC_DEBUG does NOT provide an automated mechanism for
266 checking that all accesses to malloced memory stay within their
267 bounds. However, there are several add-ons and adaptations of this
268 or other mallocs available that do this.
271 #ifndef MALLOC_DEBUG
272 #define MALLOC_DEBUG 0
273 #endif
275 #ifdef NDEBUG
276 # define assert(expr) ((void) 0)
277 #else
278 # define assert(expr) \
279 ((expr) \
280 ? ((void) 0) \
281 : __malloc_assert (#expr, __FILE__, __LINE__, __func__))
283 extern const char *__progname;
285 static void
286 __malloc_assert (const char *assertion, const char *file, unsigned int line,
287 const char *function)
289 (void) __fxprintf (NULL, "%s%s%s:%u: %s%sAssertion `%s' failed.\n",
290 __progname, __progname[0] ? ": " : "",
291 file, line,
292 function ? function : "", function ? ": " : "",
293 assertion);
294 fflush (stderr);
295 abort ();
297 #endif
301 REALLOC_ZERO_BYTES_FREES should be set if a call to
302 realloc with zero bytes should be the same as a call to free.
303 This is required by the C standard. Otherwise, since this malloc
304 returns a unique pointer for malloc(0), so does realloc(p, 0).
307 #ifndef REALLOC_ZERO_BYTES_FREES
308 #define REALLOC_ZERO_BYTES_FREES 1
309 #endif
312 TRIM_FASTBINS controls whether free() of a very small chunk can
313 immediately lead to trimming. Setting to true (1) can reduce memory
314 footprint, but will almost always slow down programs that use a lot
315 of small chunks.
317 Define this only if you are willing to give up some speed to more
318 aggressively reduce system-level memory footprint when releasing
319 memory in programs that use many small chunks. You can get
320 essentially the same effect by setting MXFAST to 0, but this can
321 lead to even greater slowdowns in programs using many small chunks.
322 TRIM_FASTBINS is an in-between compile-time option, that disables
323 only those chunks bordering topmost memory from being placed in
324 fastbins.
327 #ifndef TRIM_FASTBINS
328 #define TRIM_FASTBINS 0
329 #endif
332 /* Definition for getting more memory from the OS. */
333 #define MORECORE (*__morecore)
334 #define MORECORE_FAILURE 0
335 void * __default_morecore (ptrdiff_t);
336 void *(*__morecore)(ptrdiff_t) = __default_morecore;
339 #include <string.h>
342 MORECORE-related declarations. By default, rely on sbrk
347 MORECORE is the name of the routine to call to obtain more memory
348 from the system. See below for general guidance on writing
349 alternative MORECORE functions, as well as a version for WIN32 and a
350 sample version for pre-OSX macos.
353 #ifndef MORECORE
354 #define MORECORE sbrk
355 #endif
358 MORECORE_FAILURE is the value returned upon failure of MORECORE
359 as well as mmap. Since it cannot be an otherwise valid memory address,
360 and must reflect values of standard sys calls, you probably ought not
361 try to redefine it.
364 #ifndef MORECORE_FAILURE
365 #define MORECORE_FAILURE (-1)
366 #endif
369 If MORECORE_CONTIGUOUS is true, take advantage of fact that
370 consecutive calls to MORECORE with positive arguments always return
371 contiguous increasing addresses. This is true of unix sbrk. Even
372 if not defined, when regions happen to be contiguous, malloc will
373 permit allocations spanning regions obtained from different
374 calls. But defining this when applicable enables some stronger
375 consistency checks and space efficiencies.
378 #ifndef MORECORE_CONTIGUOUS
379 #define MORECORE_CONTIGUOUS 1
380 #endif
383 Define MORECORE_CANNOT_TRIM if your version of MORECORE
384 cannot release space back to the system when given negative
385 arguments. This is generally necessary only if you are using
386 a hand-crafted MORECORE function that cannot handle negative arguments.
389 /* #define MORECORE_CANNOT_TRIM */
391 /* MORECORE_CLEARS (default 1)
392 The degree to which the routine mapped to MORECORE zeroes out
393 memory: never (0), only for newly allocated space (1) or always
394 (2). The distinction between (1) and (2) is necessary because on
395 some systems, if the application first decrements and then
396 increments the break value, the contents of the reallocated space
397 are unspecified.
400 #ifndef MORECORE_CLEARS
401 # define MORECORE_CLEARS 1
402 #endif
406 MMAP_AS_MORECORE_SIZE is the minimum mmap size argument to use if
407 sbrk fails, and mmap is used as a backup. The value must be a
408 multiple of page size. This backup strategy generally applies only
409 when systems have "holes" in address space, so sbrk cannot perform
410 contiguous expansion, but there is still space available on system.
411 On systems for which this is known to be useful (i.e. most linux
412 kernels), this occurs only when programs allocate huge amounts of
413 memory. Between this, and the fact that mmap regions tend to be
414 limited, the size should be large, to avoid too many mmap calls and
415 thus avoid running out of kernel resources. */
417 #ifndef MMAP_AS_MORECORE_SIZE
418 #define MMAP_AS_MORECORE_SIZE (1024 * 1024)
419 #endif
422 Define HAVE_MREMAP to make realloc() use mremap() to re-allocate
423 large blocks.
426 #ifndef HAVE_MREMAP
427 #define HAVE_MREMAP 0
428 #endif
430 /* We may need to support __malloc_initialize_hook for backwards
431 compatibility. */
433 #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_24)
434 # define HAVE_MALLOC_INIT_HOOK 1
435 #else
436 # define HAVE_MALLOC_INIT_HOOK 0
437 #endif
441 This version of malloc supports the standard SVID/XPG mallinfo
442 routine that returns a struct containing usage properties and
443 statistics. It should work on any SVID/XPG compliant system that has
444 a /usr/include/malloc.h defining struct mallinfo. (If you'd like to
445 install such a thing yourself, cut out the preliminary declarations
446 as described above and below and save them in a malloc.h file. But
447 there's no compelling reason to bother to do this.)
449 The main declaration needed is the mallinfo struct that is returned
450 (by-copy) by mallinfo(). The SVID/XPG malloinfo struct contains a
451 bunch of fields that are not even meaningful in this version of
452 malloc. These fields are are instead filled by mallinfo() with
453 other numbers that might be of interest.
457 /* ---------- description of public routines ------------ */
460 malloc(size_t n)
461 Returns a pointer to a newly allocated chunk of at least n bytes, or null
462 if no space is available. Additionally, on failure, errno is
463 set to ENOMEM on ANSI C systems.
465 If n is zero, malloc returns a minumum-sized chunk. (The minimum
466 size is 16 bytes on most 32bit systems, and 24 or 32 bytes on 64bit
467 systems.) On most systems, size_t is an unsigned type, so calls
468 with negative arguments are interpreted as requests for huge amounts
469 of space, which will often fail. The maximum supported value of n
470 differs across systems, but is in all cases less than the maximum
471 representable value of a size_t.
473 void* __libc_malloc(size_t);
474 libc_hidden_proto (__libc_malloc)
477 free(void* p)
478 Releases the chunk of memory pointed to by p, that had been previously
479 allocated using malloc or a related routine such as realloc.
480 It has no effect if p is null. It can have arbitrary (i.e., bad!)
481 effects if p has already been freed.
483 Unless disabled (using mallopt), freeing very large spaces will
484 when possible, automatically trigger operations that give
485 back unused memory to the system, thus reducing program footprint.
487 void __libc_free(void*);
488 libc_hidden_proto (__libc_free)
491 calloc(size_t n_elements, size_t element_size);
492 Returns a pointer to n_elements * element_size bytes, with all locations
493 set to zero.
495 void* __libc_calloc(size_t, size_t);
498 realloc(void* p, size_t n)
499 Returns a pointer to a chunk of size n that contains the same data
500 as does chunk p up to the minimum of (n, p's size) bytes, or null
501 if no space is available.
503 The returned pointer may or may not be the same as p. The algorithm
504 prefers extending p when possible, otherwise it employs the
505 equivalent of a malloc-copy-free sequence.
507 If p is null, realloc is equivalent to malloc.
509 If space is not available, realloc returns null, errno is set (if on
510 ANSI) and p is NOT freed.
512 if n is for fewer bytes than already held by p, the newly unused
513 space is lopped off and freed if possible. Unless the #define
514 REALLOC_ZERO_BYTES_FREES is set, realloc with a size argument of
515 zero (re)allocates a minimum-sized chunk.
517 Large chunks that were internally obtained via mmap will always
518 be reallocated using malloc-copy-free sequences unless
519 the system supports MREMAP (currently only linux).
521 The old unix realloc convention of allowing the last-free'd chunk
522 to be used as an argument to realloc is not supported.
524 void* __libc_realloc(void*, size_t);
525 libc_hidden_proto (__libc_realloc)
528 memalign(size_t alignment, size_t n);
529 Returns a pointer to a newly allocated chunk of n bytes, aligned
530 in accord with the alignment argument.
532 The alignment argument should be a power of two. If the argument is
533 not a power of two, the nearest greater power is used.
534 8-byte alignment is guaranteed by normal malloc calls, so don't
535 bother calling memalign with an argument of 8 or less.
537 Overreliance on memalign is a sure way to fragment space.
539 void* __libc_memalign(size_t, size_t);
540 libc_hidden_proto (__libc_memalign)
543 valloc(size_t n);
544 Equivalent to memalign(pagesize, n), where pagesize is the page
545 size of the system. If the pagesize is unknown, 4096 is used.
547 void* __libc_valloc(size_t);
552 mallopt(int parameter_number, int parameter_value)
553 Sets tunable parameters The format is to provide a
554 (parameter-number, parameter-value) pair. mallopt then sets the
555 corresponding parameter to the argument value if it can (i.e., so
556 long as the value is meaningful), and returns 1 if successful else
557 0. SVID/XPG/ANSI defines four standard param numbers for mallopt,
558 normally defined in malloc.h. Only one of these (M_MXFAST) is used
559 in this malloc. The others (M_NLBLKS, M_GRAIN, M_KEEP) don't apply,
560 so setting them has no effect. But this malloc also supports four
561 other options in mallopt. See below for details. Briefly, supported
562 parameters are as follows (listed defaults are for "typical"
563 configurations).
565 Symbol param # default allowed param values
566 M_MXFAST 1 64 0-80 (0 disables fastbins)
567 M_TRIM_THRESHOLD -1 128*1024 any (-1U disables trimming)
568 M_TOP_PAD -2 0 any
569 M_MMAP_THRESHOLD -3 128*1024 any (or 0 if no MMAP support)
570 M_MMAP_MAX -4 65536 any (0 disables use of mmap)
572 int __libc_mallopt(int, int);
573 libc_hidden_proto (__libc_mallopt)
577 mallinfo()
578 Returns (by copy) a struct containing various summary statistics:
580 arena: current total non-mmapped bytes allocated from system
581 ordblks: the number of free chunks
582 smblks: the number of fastbin blocks (i.e., small chunks that
583 have been freed but not use resused or consolidated)
584 hblks: current number of mmapped regions
585 hblkhd: total bytes held in mmapped regions
586 usmblks: always 0
587 fsmblks: total bytes held in fastbin blocks
588 uordblks: current total allocated space (normal or mmapped)
589 fordblks: total free space
590 keepcost: the maximum number of bytes that could ideally be released
591 back to system via malloc_trim. ("ideally" means that
592 it ignores page restrictions etc.)
594 Because these fields are ints, but internal bookkeeping may
595 be kept as longs, the reported values may wrap around zero and
596 thus be inaccurate.
598 struct mallinfo __libc_mallinfo(void);
602 pvalloc(size_t n);
603 Equivalent to valloc(minimum-page-that-holds(n)), that is,
604 round up n to nearest pagesize.
606 void* __libc_pvalloc(size_t);
609 malloc_trim(size_t pad);
611 If possible, gives memory back to the system (via negative
612 arguments to sbrk) if there is unused memory at the `high' end of
613 the malloc pool. You can call this after freeing large blocks of
614 memory to potentially reduce the system-level memory requirements
615 of a program. However, it cannot guarantee to reduce memory. Under
616 some allocation patterns, some large free blocks of memory will be
617 locked between two used chunks, so they cannot be given back to
618 the system.
620 The `pad' argument to malloc_trim represents the amount of free
621 trailing space to leave untrimmed. If this argument is zero,
622 only the minimum amount of memory to maintain internal data
623 structures will be left (one page or less). Non-zero arguments
624 can be supplied to maintain enough trailing space to service
625 future expected allocations without having to re-obtain memory
626 from the system.
628 Malloc_trim returns 1 if it actually released any memory, else 0.
629 On systems that do not support "negative sbrks", it will always
630 return 0.
632 int __malloc_trim(size_t);
635 malloc_usable_size(void* p);
637 Returns the number of bytes you can actually use in
638 an allocated chunk, which may be more than you requested (although
639 often not) due to alignment and minimum size constraints.
640 You can use this many bytes without worrying about
641 overwriting other allocated objects. This is not a particularly great
642 programming practice. malloc_usable_size can be more useful in
643 debugging and assertions, for example:
645 p = malloc(n);
646 assert(malloc_usable_size(p) >= 256);
649 size_t __malloc_usable_size(void*);
652 malloc_stats();
653 Prints on stderr the amount of space obtained from the system (both
654 via sbrk and mmap), the maximum amount (which may be more than
655 current if malloc_trim and/or munmap got called), and the current
656 number of bytes allocated via malloc (or realloc, etc) but not yet
657 freed. Note that this is the number of bytes allocated, not the
658 number requested. It will be larger than the number requested
659 because of alignment and bookkeeping overhead. Because it includes
660 alignment wastage as being in use, this figure may be greater than
661 zero even when no user-level chunks are allocated.
663 The reported current and maximum system memory can be inaccurate if
664 a program makes other calls to system memory allocation functions
665 (normally sbrk) outside of malloc.
667 malloc_stats prints only the most commonly interesting statistics.
668 More information can be obtained by calling mallinfo.
671 void __malloc_stats(void);
674 malloc_get_state(void);
676 Returns the state of all malloc variables in an opaque data
677 structure.
679 void* __malloc_get_state(void);
682 malloc_set_state(void* state);
684 Restore the state of all malloc variables from data obtained with
685 malloc_get_state().
687 int __malloc_set_state(void*);
690 posix_memalign(void **memptr, size_t alignment, size_t size);
692 POSIX wrapper like memalign(), checking for validity of size.
694 int __posix_memalign(void **, size_t, size_t);
696 /* mallopt tuning options */
699 M_MXFAST is the maximum request size used for "fastbins", special bins
700 that hold returned chunks without consolidating their spaces. This
701 enables future requests for chunks of the same size to be handled
702 very quickly, but can increase fragmentation, and thus increase the
703 overall memory footprint of a program.
705 This malloc manages fastbins very conservatively yet still
706 efficiently, so fragmentation is rarely a problem for values less
707 than or equal to the default. The maximum supported value of MXFAST
708 is 80. You wouldn't want it any higher than this anyway. Fastbins
709 are designed especially for use with many small structs, objects or
710 strings -- the default handles structs/objects/arrays with sizes up
711 to 8 4byte fields, or small strings representing words, tokens,
712 etc. Using fastbins for larger objects normally worsens
713 fragmentation without improving speed.
715 M_MXFAST is set in REQUEST size units. It is internally used in
716 chunksize units, which adds padding and alignment. You can reduce
717 M_MXFAST to 0 to disable all use of fastbins. This causes the malloc
718 algorithm to be a closer approximation of fifo-best-fit in all cases,
719 not just for larger requests, but will generally cause it to be
720 slower.
724 /* M_MXFAST is a standard SVID/XPG tuning option, usually listed in malloc.h */
725 #ifndef M_MXFAST
726 #define M_MXFAST 1
727 #endif
729 #ifndef DEFAULT_MXFAST
730 #define DEFAULT_MXFAST (64 * SIZE_SZ / 4)
731 #endif
735 M_TRIM_THRESHOLD is the maximum amount of unused top-most memory
736 to keep before releasing via malloc_trim in free().
738 Automatic trimming is mainly useful in long-lived programs.
739 Because trimming via sbrk can be slow on some systems, and can
740 sometimes be wasteful (in cases where programs immediately
741 afterward allocate more large chunks) the value should be high
742 enough so that your overall system performance would improve by
743 releasing this much memory.
745 The trim threshold and the mmap control parameters (see below)
746 can be traded off with one another. Trimming and mmapping are
747 two different ways of releasing unused memory back to the
748 system. Between these two, it is often possible to keep
749 system-level demands of a long-lived program down to a bare
750 minimum. For example, in one test suite of sessions measuring
751 the XF86 X server on Linux, using a trim threshold of 128K and a
752 mmap threshold of 192K led to near-minimal long term resource
753 consumption.
755 If you are using this malloc in a long-lived program, it should
756 pay to experiment with these values. As a rough guide, you
757 might set to a value close to the average size of a process
758 (program) running on your system. Releasing this much memory
759 would allow such a process to run in memory. Generally, it's
760 worth it to tune for trimming rather tham memory mapping when a
761 program undergoes phases where several large chunks are
762 allocated and released in ways that can reuse each other's
763 storage, perhaps mixed with phases where there are no such
764 chunks at all. And in well-behaved long-lived programs,
765 controlling release of large blocks via trimming versus mapping
766 is usually faster.
768 However, in most programs, these parameters serve mainly as
769 protection against the system-level effects of carrying around
770 massive amounts of unneeded memory. Since frequent calls to
771 sbrk, mmap, and munmap otherwise degrade performance, the default
772 parameters are set to relatively high values that serve only as
773 safeguards.
775 The trim value It must be greater than page size to have any useful
776 effect. To disable trimming completely, you can set to
777 (unsigned long)(-1)
779 Trim settings interact with fastbin (MXFAST) settings: Unless
780 TRIM_FASTBINS is defined, automatic trimming never takes place upon
781 freeing a chunk with size less than or equal to MXFAST. Trimming is
782 instead delayed until subsequent freeing of larger chunks. However,
783 you can still force an attempted trim by calling malloc_trim.
785 Also, trimming is not generally possible in cases where
786 the main arena is obtained via mmap.
788 Note that the trick some people use of mallocing a huge space and
789 then freeing it at program startup, in an attempt to reserve system
790 memory, doesn't have the intended effect under automatic trimming,
791 since that memory will immediately be returned to the system.
794 #define M_TRIM_THRESHOLD -1
796 #ifndef DEFAULT_TRIM_THRESHOLD
797 #define DEFAULT_TRIM_THRESHOLD (128 * 1024)
798 #endif
801 M_TOP_PAD is the amount of extra `padding' space to allocate or
802 retain whenever sbrk is called. It is used in two ways internally:
804 * When sbrk is called to extend the top of the arena to satisfy
805 a new malloc request, this much padding is added to the sbrk
806 request.
808 * When malloc_trim is called automatically from free(),
809 it is used as the `pad' argument.
811 In both cases, the actual amount of padding is rounded
812 so that the end of the arena is always a system page boundary.
814 The main reason for using padding is to avoid calling sbrk so
815 often. Having even a small pad greatly reduces the likelihood
816 that nearly every malloc request during program start-up (or
817 after trimming) will invoke sbrk, which needlessly wastes
818 time.
820 Automatic rounding-up to page-size units is normally sufficient
821 to avoid measurable overhead, so the default is 0. However, in
822 systems where sbrk is relatively slow, it can pay to increase
823 this value, at the expense of carrying around more memory than
824 the program needs.
827 #define M_TOP_PAD -2
829 #ifndef DEFAULT_TOP_PAD
830 #define DEFAULT_TOP_PAD (0)
831 #endif
834 MMAP_THRESHOLD_MAX and _MIN are the bounds on the dynamically
835 adjusted MMAP_THRESHOLD.
838 #ifndef DEFAULT_MMAP_THRESHOLD_MIN
839 #define DEFAULT_MMAP_THRESHOLD_MIN (128 * 1024)
840 #endif
842 #ifndef DEFAULT_MMAP_THRESHOLD_MAX
843 /* For 32-bit platforms we cannot increase the maximum mmap
844 threshold much because it is also the minimum value for the
845 maximum heap size and its alignment. Going above 512k (i.e., 1M
846 for new heaps) wastes too much address space. */
847 # if __WORDSIZE == 32
848 # define DEFAULT_MMAP_THRESHOLD_MAX (512 * 1024)
849 # else
850 # define DEFAULT_MMAP_THRESHOLD_MAX (4 * 1024 * 1024 * sizeof(long))
851 # endif
852 #endif
855 M_MMAP_THRESHOLD is the request size threshold for using mmap()
856 to service a request. Requests of at least this size that cannot
857 be allocated using already-existing space will be serviced via mmap.
858 (If enough normal freed space already exists it is used instead.)
860 Using mmap segregates relatively large chunks of memory so that
861 they can be individually obtained and released from the host
862 system. A request serviced through mmap is never reused by any
863 other request (at least not directly; the system may just so
864 happen to remap successive requests to the same locations).
866 Segregating space in this way has the benefits that:
868 1. Mmapped space can ALWAYS be individually released back
869 to the system, which helps keep the system level memory
870 demands of a long-lived program low.
871 2. Mapped memory can never become `locked' between
872 other chunks, as can happen with normally allocated chunks, which
873 means that even trimming via malloc_trim would not release them.
874 3. On some systems with "holes" in address spaces, mmap can obtain
875 memory that sbrk cannot.
877 However, it has the disadvantages that:
879 1. The space cannot be reclaimed, consolidated, and then
880 used to service later requests, as happens with normal chunks.
881 2. It can lead to more wastage because of mmap page alignment
882 requirements
883 3. It causes malloc performance to be more dependent on host
884 system memory management support routines which may vary in
885 implementation quality and may impose arbitrary
886 limitations. Generally, servicing a request via normal
887 malloc steps is faster than going through a system's mmap.
889 The advantages of mmap nearly always outweigh disadvantages for
890 "large" chunks, but the value of "large" varies across systems. The
891 default is an empirically derived value that works well in most
892 systems.
895 Update in 2006:
896 The above was written in 2001. Since then the world has changed a lot.
897 Memory got bigger. Applications got bigger. The virtual address space
898 layout in 32 bit linux changed.
900 In the new situation, brk() and mmap space is shared and there are no
901 artificial limits on brk size imposed by the kernel. What is more,
902 applications have started using transient allocations larger than the
903 128Kb as was imagined in 2001.
905 The price for mmap is also high now; each time glibc mmaps from the
906 kernel, the kernel is forced to zero out the memory it gives to the
907 application. Zeroing memory is expensive and eats a lot of cache and
908 memory bandwidth. This has nothing to do with the efficiency of the
909 virtual memory system, by doing mmap the kernel just has no choice but
910 to zero.
912 In 2001, the kernel had a maximum size for brk() which was about 800
913 megabytes on 32 bit x86, at that point brk() would hit the first
914 mmaped shared libaries and couldn't expand anymore. With current 2.6
915 kernels, the VA space layout is different and brk() and mmap
916 both can span the entire heap at will.
918 Rather than using a static threshold for the brk/mmap tradeoff,
919 we are now using a simple dynamic one. The goal is still to avoid
920 fragmentation. The old goals we kept are
921 1) try to get the long lived large allocations to use mmap()
922 2) really large allocations should always use mmap()
923 and we're adding now:
924 3) transient allocations should use brk() to avoid forcing the kernel
925 having to zero memory over and over again
927 The implementation works with a sliding threshold, which is by default
928 limited to go between 128Kb and 32Mb (64Mb for 64 bitmachines) and starts
929 out at 128Kb as per the 2001 default.
931 This allows us to satisfy requirement 1) under the assumption that long
932 lived allocations are made early in the process' lifespan, before it has
933 started doing dynamic allocations of the same size (which will
934 increase the threshold).
936 The upperbound on the threshold satisfies requirement 2)
938 The threshold goes up in value when the application frees memory that was
939 allocated with the mmap allocator. The idea is that once the application
940 starts freeing memory of a certain size, it's highly probable that this is
941 a size the application uses for transient allocations. This estimator
942 is there to satisfy the new third requirement.
946 #define M_MMAP_THRESHOLD -3
948 #ifndef DEFAULT_MMAP_THRESHOLD
949 #define DEFAULT_MMAP_THRESHOLD DEFAULT_MMAP_THRESHOLD_MIN
950 #endif
953 M_MMAP_MAX is the maximum number of requests to simultaneously
954 service using mmap. This parameter exists because
955 some systems have a limited number of internal tables for
956 use by mmap, and using more than a few of them may degrade
957 performance.
959 The default is set to a value that serves only as a safeguard.
960 Setting to 0 disables use of mmap for servicing large requests.
963 #define M_MMAP_MAX -4
965 #ifndef DEFAULT_MMAP_MAX
966 #define DEFAULT_MMAP_MAX (65536)
967 #endif
969 #include <malloc.h>
971 #ifndef RETURN_ADDRESS
972 #define RETURN_ADDRESS(X_) (NULL)
973 #endif
975 /* On some platforms we can compile internal, not exported functions better.
976 Let the environment provide a macro and define it to be empty if it
977 is not available. */
978 #ifndef internal_function
979 # define internal_function
980 #endif
982 /* Forward declarations. */
983 struct malloc_chunk;
984 typedef struct malloc_chunk* mchunkptr;
986 /* Internal routines. */
988 static void* _int_malloc(mstate, size_t);
989 static void _int_free(mstate, mchunkptr, int);
990 static void* _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T,
991 INTERNAL_SIZE_T);
992 static void* _int_memalign(mstate, size_t, size_t);
993 static void* _mid_memalign(size_t, size_t, void *);
995 static void malloc_printerr(int action, const char *str, void *ptr, mstate av);
997 static void* internal_function mem2mem_check(void *p, size_t sz);
998 static int internal_function top_check(void);
999 static void internal_function munmap_chunk(mchunkptr p);
1000 #if HAVE_MREMAP
1001 static mchunkptr internal_function mremap_chunk(mchunkptr p, size_t new_size);
1002 #endif
1004 static void* malloc_check(size_t sz, const void *caller);
1005 static void free_check(void* mem, const void *caller);
1006 static void* realloc_check(void* oldmem, size_t bytes,
1007 const void *caller);
1008 static void* memalign_check(size_t alignment, size_t bytes,
1009 const void *caller);
1011 /* ------------------ MMAP support ------------------ */
1014 #include <fcntl.h>
1015 #include <sys/mman.h>
1017 #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
1018 # define MAP_ANONYMOUS MAP_ANON
1019 #endif
1021 #ifndef MAP_NORESERVE
1022 # define MAP_NORESERVE 0
1023 #endif
1025 #define MMAP(addr, size, prot, flags) \
1026 __mmap((addr), (size), (prot), (flags)|MAP_ANONYMOUS|MAP_PRIVATE, -1, 0)
1030 ----------------------- Chunk representations -----------------------
1035 This struct declaration is misleading (but accurate and necessary).
1036 It declares a "view" into memory allowing access to necessary
1037 fields at known offsets from a given base. See explanation below.
1040 struct malloc_chunk {
1042 INTERNAL_SIZE_T mchunk_prev_size; /* Size of previous chunk (if free). */
1043 INTERNAL_SIZE_T mchunk_size; /* Size in bytes, including overhead. */
1045 struct malloc_chunk* fd; /* double links -- used only if free. */
1046 struct malloc_chunk* bk;
1048 /* Only used for large blocks: pointer to next larger size. */
1049 struct malloc_chunk* fd_nextsize; /* double links -- used only if free. */
1050 struct malloc_chunk* bk_nextsize;
1055 malloc_chunk details:
1057 (The following includes lightly edited explanations by Colin Plumb.)
1059 Chunks of memory are maintained using a `boundary tag' method as
1060 described in e.g., Knuth or Standish. (See the paper by Paul
1061 Wilson ftp://ftp.cs.utexas.edu/pub/garbage/allocsrv.ps for a
1062 survey of such techniques.) Sizes of free chunks are stored both
1063 in the front of each chunk and at the end. This makes
1064 consolidating fragmented chunks into bigger chunks very fast. The
1065 size fields also hold bits representing whether chunks are free or
1066 in use.
1068 An allocated chunk looks like this:
1071 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1072 | Size of previous chunk, if unallocated (P clear) |
1073 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1074 | Size of chunk, in bytes |A|M|P|
1075 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1076 | User data starts here... .
1078 . (malloc_usable_size() bytes) .
1080 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1081 | (size of chunk, but used for application data) |
1082 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1083 | Size of next chunk, in bytes |A|0|1|
1084 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1086 Where "chunk" is the front of the chunk for the purpose of most of
1087 the malloc code, but "mem" is the pointer that is returned to the
1088 user. "Nextchunk" is the beginning of the next contiguous chunk.
1090 Chunks always begin on even word boundaries, so the mem portion
1091 (which is returned to the user) is also on an even word boundary, and
1092 thus at least double-word aligned.
1094 Free chunks are stored in circular doubly-linked lists, and look like this:
1096 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1097 | Size of previous chunk, if unallocated (P clear) |
1098 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1099 `head:' | Size of chunk, in bytes |A|0|P|
1100 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1101 | Forward pointer to next chunk in list |
1102 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1103 | Back pointer to previous chunk in list |
1104 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1105 | Unused space (may be 0 bytes long) .
1108 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1109 `foot:' | Size of chunk, in bytes |
1110 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1111 | Size of next chunk, in bytes |A|0|0|
1112 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1114 The P (PREV_INUSE) bit, stored in the unused low-order bit of the
1115 chunk size (which is always a multiple of two words), is an in-use
1116 bit for the *previous* chunk. If that bit is *clear*, then the
1117 word before the current chunk size contains the previous chunk
1118 size, and can be used to find the front of the previous chunk.
1119 The very first chunk allocated always has this bit set,
1120 preventing access to non-existent (or non-owned) memory. If
1121 prev_inuse is set for any given chunk, then you CANNOT determine
1122 the size of the previous chunk, and might even get a memory
1123 addressing fault when trying to do so.
1125 The A (NON_MAIN_ARENA) bit is cleared for chunks on the initial,
1126 main arena, described by the main_arena variable. When additional
1127 threads are spawned, each thread receives its own arena (up to a
1128 configurable limit, after which arenas are reused for multiple
1129 threads), and the chunks in these arenas have the A bit set. To
1130 find the arena for a chunk on such a non-main arena, heap_for_ptr
1131 performs a bit mask operation and indirection through the ar_ptr
1132 member of the per-heap header heap_info (see arena.c).
1134 Note that the `foot' of the current chunk is actually represented
1135 as the prev_size of the NEXT chunk. This makes it easier to
1136 deal with alignments etc but can be very confusing when trying
1137 to extend or adapt this code.
1139 The three exceptions to all this are:
1141 1. The special chunk `top' doesn't bother using the
1142 trailing size field since there is no next contiguous chunk
1143 that would have to index off it. After initialization, `top'
1144 is forced to always exist. If it would become less than
1145 MINSIZE bytes long, it is replenished.
1147 2. Chunks allocated via mmap, which have the second-lowest-order
1148 bit M (IS_MMAPPED) set in their size fields. Because they are
1149 allocated one-by-one, each must contain its own trailing size
1150 field. If the M bit is set, the other bits are ignored
1151 (because mmapped chunks are neither in an arena, nor adjacent
1152 to a freed chunk). The M bit is also used for chunks which
1153 originally came from a dumped heap via malloc_set_state in
1154 hooks.c.
1156 3. Chunks in fastbins are treated as allocated chunks from the
1157 point of view of the chunk allocator. They are consolidated
1158 with their neighbors only in bulk, in malloc_consolidate.
1162 ---------- Size and alignment checks and conversions ----------
1165 /* conversion from malloc headers to user pointers, and back */
1167 #define chunk2mem(p) ((void*)((char*)(p) + 2*SIZE_SZ))
1168 #define mem2chunk(mem) ((mchunkptr)((char*)(mem) - 2*SIZE_SZ))
1170 /* The smallest possible chunk */
1171 #define MIN_CHUNK_SIZE (offsetof(struct malloc_chunk, fd_nextsize))
1173 /* The smallest size we can malloc is an aligned minimal chunk */
1175 #define MINSIZE \
1176 (unsigned long)(((MIN_CHUNK_SIZE+MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK))
1178 /* Check if m has acceptable alignment */
1180 #define aligned_OK(m) (((unsigned long)(m) & MALLOC_ALIGN_MASK) == 0)
1182 #define misaligned_chunk(p) \
1183 ((uintptr_t)(MALLOC_ALIGNMENT == 2 * SIZE_SZ ? (p) : chunk2mem (p)) \
1184 & MALLOC_ALIGN_MASK)
1188 Check if a request is so large that it would wrap around zero when
1189 padded and aligned. To simplify some other code, the bound is made
1190 low enough so that adding MINSIZE will also not wrap around zero.
1193 #define REQUEST_OUT_OF_RANGE(req) \
1194 ((unsigned long) (req) >= \
1195 (unsigned long) (INTERNAL_SIZE_T) (-2 * MINSIZE))
1197 /* pad request bytes into a usable size -- internal version */
1199 #define request2size(req) \
1200 (((req) + SIZE_SZ + MALLOC_ALIGN_MASK < MINSIZE) ? \
1201 MINSIZE : \
1202 ((req) + SIZE_SZ + MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK)
1204 /* Same, except also perform argument check */
1206 #define checked_request2size(req, sz) \
1207 if (REQUEST_OUT_OF_RANGE (req)) { \
1208 __set_errno (ENOMEM); \
1209 return 0; \
1211 (sz) = request2size (req);
1214 --------------- Physical chunk operations ---------------
1218 /* size field is or'ed with PREV_INUSE when previous adjacent chunk in use */
1219 #define PREV_INUSE 0x1
1221 /* extract inuse bit of previous chunk */
1222 #define prev_inuse(p) ((p)->mchunk_size & PREV_INUSE)
1225 /* size field is or'ed with IS_MMAPPED if the chunk was obtained with mmap() */
1226 #define IS_MMAPPED 0x2
1228 /* check for mmap()'ed chunk */
1229 #define chunk_is_mmapped(p) ((p)->mchunk_size & IS_MMAPPED)
1232 /* size field is or'ed with NON_MAIN_ARENA if the chunk was obtained
1233 from a non-main arena. This is only set immediately before handing
1234 the chunk to the user, if necessary. */
1235 #define NON_MAIN_ARENA 0x4
1237 /* Check for chunk from main arena. */
1238 #define chunk_main_arena(p) (((p)->mchunk_size & NON_MAIN_ARENA) == 0)
1240 /* Mark a chunk as not being on the main arena. */
1241 #define set_non_main_arena(p) ((p)->mchunk_size |= NON_MAIN_ARENA)
1245 Bits to mask off when extracting size
1247 Note: IS_MMAPPED is intentionally not masked off from size field in
1248 macros for which mmapped chunks should never be seen. This should
1249 cause helpful core dumps to occur if it is tried by accident by
1250 people extending or adapting this malloc.
1252 #define SIZE_BITS (PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA)
1254 /* Get size, ignoring use bits */
1255 #define chunksize(p) (chunksize_nomask (p) & ~(SIZE_BITS))
1257 /* Like chunksize, but do not mask SIZE_BITS. */
1258 #define chunksize_nomask(p) ((p)->mchunk_size)
1260 /* Ptr to next physical malloc_chunk. */
1261 #define next_chunk(p) ((mchunkptr) (((char *) (p)) + chunksize (p)))
1263 /* Size of the chunk below P. Only valid if prev_inuse (P). */
1264 #define prev_size(p) ((p)->mchunk_prev_size)
1266 /* Set the size of the chunk below P. Only valid if prev_inuse (P). */
1267 #define set_prev_size(p, sz) ((p)->mchunk_prev_size = (sz))
1269 /* Ptr to previous physical malloc_chunk. Only valid if prev_inuse (P). */
1270 #define prev_chunk(p) ((mchunkptr) (((char *) (p)) - prev_size (p)))
1272 /* Treat space at ptr + offset as a chunk */
1273 #define chunk_at_offset(p, s) ((mchunkptr) (((char *) (p)) + (s)))
1275 /* extract p's inuse bit */
1276 #define inuse(p) \
1277 ((((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size) & PREV_INUSE)
1279 /* set/clear chunk as being inuse without otherwise disturbing */
1280 #define set_inuse(p) \
1281 ((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size |= PREV_INUSE
1283 #define clear_inuse(p) \
1284 ((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size &= ~(PREV_INUSE)
1287 /* check/set/clear inuse bits in known places */
1288 #define inuse_bit_at_offset(p, s) \
1289 (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size & PREV_INUSE)
1291 #define set_inuse_bit_at_offset(p, s) \
1292 (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size |= PREV_INUSE)
1294 #define clear_inuse_bit_at_offset(p, s) \
1295 (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size &= ~(PREV_INUSE))
1298 /* Set size at head, without disturbing its use bit */
1299 #define set_head_size(p, s) ((p)->mchunk_size = (((p)->mchunk_size & SIZE_BITS) | (s)))
1301 /* Set size/use field */
1302 #define set_head(p, s) ((p)->mchunk_size = (s))
1304 /* Set size at footer (only when chunk is not in use) */
1305 #define set_foot(p, s) (((mchunkptr) ((char *) (p) + (s)))->mchunk_prev_size = (s))
1308 #pragma GCC poison mchunk_size
1309 #pragma GCC poison mchunk_prev_size
1312 -------------------- Internal data structures --------------------
1314 All internal state is held in an instance of malloc_state defined
1315 below. There are no other static variables, except in two optional
1316 cases:
1317 * If USE_MALLOC_LOCK is defined, the mALLOC_MUTEx declared above.
1318 * If mmap doesn't support MAP_ANONYMOUS, a dummy file descriptor
1319 for mmap.
1321 Beware of lots of tricks that minimize the total bookkeeping space
1322 requirements. The result is a little over 1K bytes (for 4byte
1323 pointers and size_t.)
1327 Bins
1329 An array of bin headers for free chunks. Each bin is doubly
1330 linked. The bins are approximately proportionally (log) spaced.
1331 There are a lot of these bins (128). This may look excessive, but
1332 works very well in practice. Most bins hold sizes that are
1333 unusual as malloc request sizes, but are more usual for fragments
1334 and consolidated sets of chunks, which is what these bins hold, so
1335 they can be found quickly. All procedures maintain the invariant
1336 that no consolidated chunk physically borders another one, so each
1337 chunk in a list is known to be preceeded and followed by either
1338 inuse chunks or the ends of memory.
1340 Chunks in bins are kept in size order, with ties going to the
1341 approximately least recently used chunk. Ordering isn't needed
1342 for the small bins, which all contain the same-sized chunks, but
1343 facilitates best-fit allocation for larger chunks. These lists
1344 are just sequential. Keeping them in order almost never requires
1345 enough traversal to warrant using fancier ordered data
1346 structures.
1348 Chunks of the same size are linked with the most
1349 recently freed at the front, and allocations are taken from the
1350 back. This results in LRU (FIFO) allocation order, which tends
1351 to give each chunk an equal opportunity to be consolidated with
1352 adjacent freed chunks, resulting in larger free chunks and less
1353 fragmentation.
1355 To simplify use in double-linked lists, each bin header acts
1356 as a malloc_chunk. This avoids special-casing for headers.
1357 But to conserve space and improve locality, we allocate
1358 only the fd/bk pointers of bins, and then use repositioning tricks
1359 to treat these as the fields of a malloc_chunk*.
1362 typedef struct malloc_chunk *mbinptr;
1364 /* addressing -- note that bin_at(0) does not exist */
1365 #define bin_at(m, i) \
1366 (mbinptr) (((char *) &((m)->bins[((i) - 1) * 2])) \
1367 - offsetof (struct malloc_chunk, fd))
1369 /* analog of ++bin */
1370 #define next_bin(b) ((mbinptr) ((char *) (b) + (sizeof (mchunkptr) << 1)))
1372 /* Reminders about list directionality within bins */
1373 #define first(b) ((b)->fd)
1374 #define last(b) ((b)->bk)
1376 /* Take a chunk off a bin list */
1377 #define unlink(AV, P, BK, FD) { \
1378 if (__builtin_expect (chunksize(P) != prev_size (next_chunk(P)), 0)) \
1379 malloc_printerr (check_action, "corrupted size vs. prev_size", P, AV); \
1380 FD = P->fd; \
1381 BK = P->bk; \
1382 if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \
1383 malloc_printerr (check_action, "corrupted double-linked list", P, AV); \
1384 else { \
1385 FD->bk = BK; \
1386 BK->fd = FD; \
1387 if (!in_smallbin_range (chunksize_nomask (P)) \
1388 && __builtin_expect (P->fd_nextsize != NULL, 0)) { \
1389 if (__builtin_expect (P->fd_nextsize->bk_nextsize != P, 0) \
1390 || __builtin_expect (P->bk_nextsize->fd_nextsize != P, 0)) \
1391 malloc_printerr (check_action, \
1392 "corrupted double-linked list (not small)", \
1393 P, AV); \
1394 if (FD->fd_nextsize == NULL) { \
1395 if (P->fd_nextsize == P) \
1396 FD->fd_nextsize = FD->bk_nextsize = FD; \
1397 else { \
1398 FD->fd_nextsize = P->fd_nextsize; \
1399 FD->bk_nextsize = P->bk_nextsize; \
1400 P->fd_nextsize->bk_nextsize = FD; \
1401 P->bk_nextsize->fd_nextsize = FD; \
1403 } else { \
1404 P->fd_nextsize->bk_nextsize = P->bk_nextsize; \
1405 P->bk_nextsize->fd_nextsize = P->fd_nextsize; \
1412 Indexing
1414 Bins for sizes < 512 bytes contain chunks of all the same size, spaced
1415 8 bytes apart. Larger bins are approximately logarithmically spaced:
1417 64 bins of size 8
1418 32 bins of size 64
1419 16 bins of size 512
1420 8 bins of size 4096
1421 4 bins of size 32768
1422 2 bins of size 262144
1423 1 bin of size what's left
1425 There is actually a little bit of slop in the numbers in bin_index
1426 for the sake of speed. This makes no difference elsewhere.
1428 The bins top out around 1MB because we expect to service large
1429 requests via mmap.
1431 Bin 0 does not exist. Bin 1 is the unordered list; if that would be
1432 a valid chunk size the small bins are bumped up one.
1435 #define NBINS 128
1436 #define NSMALLBINS 64
1437 #define SMALLBIN_WIDTH MALLOC_ALIGNMENT
1438 #define SMALLBIN_CORRECTION (MALLOC_ALIGNMENT > 2 * SIZE_SZ)
1439 #define MIN_LARGE_SIZE ((NSMALLBINS - SMALLBIN_CORRECTION) * SMALLBIN_WIDTH)
1441 #define in_smallbin_range(sz) \
1442 ((unsigned long) (sz) < (unsigned long) MIN_LARGE_SIZE)
1444 #define smallbin_index(sz) \
1445 ((SMALLBIN_WIDTH == 16 ? (((unsigned) (sz)) >> 4) : (((unsigned) (sz)) >> 3))\
1446 + SMALLBIN_CORRECTION)
1448 #define largebin_index_32(sz) \
1449 (((((unsigned long) (sz)) >> 6) <= 38) ? 56 + (((unsigned long) (sz)) >> 6) :\
1450 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1451 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1452 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1453 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1454 126)
1456 #define largebin_index_32_big(sz) \
1457 (((((unsigned long) (sz)) >> 6) <= 45) ? 49 + (((unsigned long) (sz)) >> 6) :\
1458 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1459 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1460 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1461 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1462 126)
1464 // XXX It remains to be seen whether it is good to keep the widths of
1465 // XXX the buckets the same or whether it should be scaled by a factor
1466 // XXX of two as well.
1467 #define largebin_index_64(sz) \
1468 (((((unsigned long) (sz)) >> 6) <= 48) ? 48 + (((unsigned long) (sz)) >> 6) :\
1469 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1470 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1471 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1472 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1473 126)
1475 #define largebin_index(sz) \
1476 (SIZE_SZ == 8 ? largebin_index_64 (sz) \
1477 : MALLOC_ALIGNMENT == 16 ? largebin_index_32_big (sz) \
1478 : largebin_index_32 (sz))
1480 #define bin_index(sz) \
1481 ((in_smallbin_range (sz)) ? smallbin_index (sz) : largebin_index (sz))
1485 Unsorted chunks
1487 All remainders from chunk splits, as well as all returned chunks,
1488 are first placed in the "unsorted" bin. They are then placed
1489 in regular bins after malloc gives them ONE chance to be used before
1490 binning. So, basically, the unsorted_chunks list acts as a queue,
1491 with chunks being placed on it in free (and malloc_consolidate),
1492 and taken off (to be either used or placed in bins) in malloc.
1494 The NON_MAIN_ARENA flag is never set for unsorted chunks, so it
1495 does not have to be taken into account in size comparisons.
1498 /* The otherwise unindexable 1-bin is used to hold unsorted chunks. */
1499 #define unsorted_chunks(M) (bin_at (M, 1))
1504 The top-most available chunk (i.e., the one bordering the end of
1505 available memory) is treated specially. It is never included in
1506 any bin, is used only if no other chunk is available, and is
1507 released back to the system if it is very large (see
1508 M_TRIM_THRESHOLD). Because top initially
1509 points to its own bin with initial zero size, thus forcing
1510 extension on the first malloc request, we avoid having any special
1511 code in malloc to check whether it even exists yet. But we still
1512 need to do so when getting memory from system, so we make
1513 initial_top treat the bin as a legal but unusable chunk during the
1514 interval between initialization and the first call to
1515 sysmalloc. (This is somewhat delicate, since it relies on
1516 the 2 preceding words to be zero during this interval as well.)
1519 /* Conveniently, the unsorted bin can be used as dummy top on first call */
1520 #define initial_top(M) (unsorted_chunks (M))
1523 Binmap
1525 To help compensate for the large number of bins, a one-level index
1526 structure is used for bin-by-bin searching. `binmap' is a
1527 bitvector recording whether bins are definitely empty so they can
1528 be skipped over during during traversals. The bits are NOT always
1529 cleared as soon as bins are empty, but instead only
1530 when they are noticed to be empty during traversal in malloc.
1533 /* Conservatively use 32 bits per map word, even if on 64bit system */
1534 #define BINMAPSHIFT 5
1535 #define BITSPERMAP (1U << BINMAPSHIFT)
1536 #define BINMAPSIZE (NBINS / BITSPERMAP)
1538 #define idx2block(i) ((i) >> BINMAPSHIFT)
1539 #define idx2bit(i) ((1U << ((i) & ((1U << BINMAPSHIFT) - 1))))
1541 #define mark_bin(m, i) ((m)->binmap[idx2block (i)] |= idx2bit (i))
1542 #define unmark_bin(m, i) ((m)->binmap[idx2block (i)] &= ~(idx2bit (i)))
1543 #define get_binmap(m, i) ((m)->binmap[idx2block (i)] & idx2bit (i))
1546 Fastbins
1548 An array of lists holding recently freed small chunks. Fastbins
1549 are not doubly linked. It is faster to single-link them, and
1550 since chunks are never removed from the middles of these lists,
1551 double linking is not necessary. Also, unlike regular bins, they
1552 are not even processed in FIFO order (they use faster LIFO) since
1553 ordering doesn't much matter in the transient contexts in which
1554 fastbins are normally used.
1556 Chunks in fastbins keep their inuse bit set, so they cannot
1557 be consolidated with other free chunks. malloc_consolidate
1558 releases all chunks in fastbins and consolidates them with
1559 other free chunks.
1562 typedef struct malloc_chunk *mfastbinptr;
1563 #define fastbin(ar_ptr, idx) ((ar_ptr)->fastbinsY[idx])
1565 /* offset 2 to use otherwise unindexable first 2 bins */
1566 #define fastbin_index(sz) \
1567 ((((unsigned int) (sz)) >> (SIZE_SZ == 8 ? 4 : 3)) - 2)
1570 /* The maximum fastbin request size we support */
1571 #define MAX_FAST_SIZE (80 * SIZE_SZ / 4)
1573 #define NFASTBINS (fastbin_index (request2size (MAX_FAST_SIZE)) + 1)
1576 FASTBIN_CONSOLIDATION_THRESHOLD is the size of a chunk in free()
1577 that triggers automatic consolidation of possibly-surrounding
1578 fastbin chunks. This is a heuristic, so the exact value should not
1579 matter too much. It is defined at half the default trim threshold as a
1580 compromise heuristic to only attempt consolidation if it is likely
1581 to lead to trimming. However, it is not dynamically tunable, since
1582 consolidation reduces fragmentation surrounding large chunks even
1583 if trimming is not used.
1586 #define FASTBIN_CONSOLIDATION_THRESHOLD (65536UL)
1589 Since the lowest 2 bits in max_fast don't matter in size comparisons,
1590 they are used as flags.
1594 FASTCHUNKS_BIT held in max_fast indicates that there are probably
1595 some fastbin chunks. It is set true on entering a chunk into any
1596 fastbin, and cleared only in malloc_consolidate.
1598 The truth value is inverted so that have_fastchunks will be true
1599 upon startup (since statics are zero-filled), simplifying
1600 initialization checks.
1603 #define FASTCHUNKS_BIT (1U)
1605 #define have_fastchunks(M) (((M)->flags & FASTCHUNKS_BIT) == 0)
1606 #define clear_fastchunks(M) catomic_or (&(M)->flags, FASTCHUNKS_BIT)
1607 #define set_fastchunks(M) catomic_and (&(M)->flags, ~FASTCHUNKS_BIT)
1610 NONCONTIGUOUS_BIT indicates that MORECORE does not return contiguous
1611 regions. Otherwise, contiguity is exploited in merging together,
1612 when possible, results from consecutive MORECORE calls.
1614 The initial value comes from MORECORE_CONTIGUOUS, but is
1615 changed dynamically if mmap is ever used as an sbrk substitute.
1618 #define NONCONTIGUOUS_BIT (2U)
1620 #define contiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) == 0)
1621 #define noncontiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) != 0)
1622 #define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT)
1623 #define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT)
1625 /* ARENA_CORRUPTION_BIT is set if a memory corruption was detected on the
1626 arena. Such an arena is no longer used to allocate chunks. Chunks
1627 allocated in that arena before detecting corruption are not freed. */
1629 #define ARENA_CORRUPTION_BIT (4U)
1631 #define arena_is_corrupt(A) (((A)->flags & ARENA_CORRUPTION_BIT))
1632 #define set_arena_corrupt(A) ((A)->flags |= ARENA_CORRUPTION_BIT)
1635 Set value of max_fast.
1636 Use impossibly small value if 0.
1637 Precondition: there are no existing fastbin chunks.
1638 Setting the value clears fastchunk bit but preserves noncontiguous bit.
1641 #define set_max_fast(s) \
1642 global_max_fast = (((s) == 0) \
1643 ? SMALLBIN_WIDTH : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK))
1644 #define get_max_fast() global_max_fast
1648 ----------- Internal state representation and initialization -----------
1651 struct malloc_state
1653 /* Serialize access. */
1654 __libc_lock_define (, mutex);
1656 /* Flags (formerly in max_fast). */
1657 int flags;
1659 /* Fastbins */
1660 mfastbinptr fastbinsY[NFASTBINS];
1662 /* Base of the topmost chunk -- not otherwise kept in a bin */
1663 mchunkptr top;
1665 /* The remainder from the most recent split of a small request */
1666 mchunkptr last_remainder;
1668 /* Normal bins packed as described above */
1669 mchunkptr bins[NBINS * 2 - 2];
1671 /* Bitmap of bins */
1672 unsigned int binmap[BINMAPSIZE];
1674 /* Linked list */
1675 struct malloc_state *next;
1677 /* Linked list for free arenas. Access to this field is serialized
1678 by free_list_lock in arena.c. */
1679 struct malloc_state *next_free;
1681 /* Number of threads attached to this arena. 0 if the arena is on
1682 the free list. Access to this field is serialized by
1683 free_list_lock in arena.c. */
1684 INTERNAL_SIZE_T attached_threads;
1686 /* Memory allocated from the system in this arena. */
1687 INTERNAL_SIZE_T system_mem;
1688 INTERNAL_SIZE_T max_system_mem;
1691 struct malloc_par
1693 /* Tunable parameters */
1694 unsigned long trim_threshold;
1695 INTERNAL_SIZE_T top_pad;
1696 INTERNAL_SIZE_T mmap_threshold;
1697 INTERNAL_SIZE_T arena_test;
1698 INTERNAL_SIZE_T arena_max;
1700 /* Memory map support */
1701 int n_mmaps;
1702 int n_mmaps_max;
1703 int max_n_mmaps;
1704 /* the mmap_threshold is dynamic, until the user sets
1705 it manually, at which point we need to disable any
1706 dynamic behavior. */
1707 int no_dyn_threshold;
1709 /* Statistics */
1710 INTERNAL_SIZE_T mmapped_mem;
1711 INTERNAL_SIZE_T max_mmapped_mem;
1713 /* First address handed out by MORECORE/sbrk. */
1714 char *sbrk_base;
1717 /* There are several instances of this struct ("arenas") in this
1718 malloc. If you are adapting this malloc in a way that does NOT use
1719 a static or mmapped malloc_state, you MUST explicitly zero-fill it
1720 before using. This malloc relies on the property that malloc_state
1721 is initialized to all zeroes (as is true of C statics). */
1723 static struct malloc_state main_arena =
1725 .mutex = _LIBC_LOCK_INITIALIZER,
1726 .next = &main_arena,
1727 .attached_threads = 1
1730 /* These variables are used for undumping support. Chunked are marked
1731 as using mmap, but we leave them alone if they fall into this
1732 range. NB: The chunk size for these chunks only includes the
1733 initial size field (of SIZE_SZ bytes), there is no trailing size
1734 field (unlike with regular mmapped chunks). */
1735 static mchunkptr dumped_main_arena_start; /* Inclusive. */
1736 static mchunkptr dumped_main_arena_end; /* Exclusive. */
1738 /* True if the pointer falls into the dumped arena. Use this after
1739 chunk_is_mmapped indicates a chunk is mmapped. */
1740 #define DUMPED_MAIN_ARENA_CHUNK(p) \
1741 ((p) >= dumped_main_arena_start && (p) < dumped_main_arena_end)
1743 /* There is only one instance of the malloc parameters. */
1745 static struct malloc_par mp_ =
1747 .top_pad = DEFAULT_TOP_PAD,
1748 .n_mmaps_max = DEFAULT_MMAP_MAX,
1749 .mmap_threshold = DEFAULT_MMAP_THRESHOLD,
1750 .trim_threshold = DEFAULT_TRIM_THRESHOLD,
1751 #define NARENAS_FROM_NCORES(n) ((n) * (sizeof (long) == 4 ? 2 : 8))
1752 .arena_test = NARENAS_FROM_NCORES (1)
1755 /* Maximum size of memory handled in fastbins. */
1756 static INTERNAL_SIZE_T global_max_fast;
1759 Initialize a malloc_state struct.
1761 This is called only from within malloc_consolidate, which needs
1762 be called in the same contexts anyway. It is never called directly
1763 outside of malloc_consolidate because some optimizing compilers try
1764 to inline it at all call points, which turns out not to be an
1765 optimization at all. (Inlining it in malloc_consolidate is fine though.)
1768 static void
1769 malloc_init_state (mstate av)
1771 int i;
1772 mbinptr bin;
1774 /* Establish circular links for normal bins */
1775 for (i = 1; i < NBINS; ++i)
1777 bin = bin_at (av, i);
1778 bin->fd = bin->bk = bin;
1781 #if MORECORE_CONTIGUOUS
1782 if (av != &main_arena)
1783 #endif
1784 set_noncontiguous (av);
1785 if (av == &main_arena)
1786 set_max_fast (DEFAULT_MXFAST);
1787 av->flags |= FASTCHUNKS_BIT;
1789 av->top = initial_top (av);
1793 Other internal utilities operating on mstates
1796 static void *sysmalloc (INTERNAL_SIZE_T, mstate);
1797 static int systrim (size_t, mstate);
1798 static void malloc_consolidate (mstate);
1801 /* -------------- Early definitions for debugging hooks ---------------- */
1803 /* Define and initialize the hook variables. These weak definitions must
1804 appear before any use of the variables in a function (arena.c uses one). */
1805 #ifndef weak_variable
1806 /* In GNU libc we want the hook variables to be weak definitions to
1807 avoid a problem with Emacs. */
1808 # define weak_variable weak_function
1809 #endif
1811 /* Forward declarations. */
1812 static void *malloc_hook_ini (size_t sz,
1813 const void *caller) __THROW;
1814 static void *realloc_hook_ini (void *ptr, size_t sz,
1815 const void *caller) __THROW;
1816 static void *memalign_hook_ini (size_t alignment, size_t sz,
1817 const void *caller) __THROW;
1819 #if HAVE_MALLOC_INIT_HOOK
1820 void weak_variable (*__malloc_initialize_hook) (void) = NULL;
1821 compat_symbol (libc, __malloc_initialize_hook,
1822 __malloc_initialize_hook, GLIBC_2_0);
1823 #endif
1825 void weak_variable (*__free_hook) (void *__ptr,
1826 const void *) = NULL;
1827 void *weak_variable (*__malloc_hook)
1828 (size_t __size, const void *) = malloc_hook_ini;
1829 void *weak_variable (*__realloc_hook)
1830 (void *__ptr, size_t __size, const void *)
1831 = realloc_hook_ini;
1832 void *weak_variable (*__memalign_hook)
1833 (size_t __alignment, size_t __size, const void *)
1834 = memalign_hook_ini;
1835 void weak_variable (*__after_morecore_hook) (void) = NULL;
1838 /* ---------------- Error behavior ------------------------------------ */
1840 #ifndef DEFAULT_CHECK_ACTION
1841 # define DEFAULT_CHECK_ACTION 3
1842 #endif
1844 static int check_action = DEFAULT_CHECK_ACTION;
1847 /* ------------------ Testing support ----------------------------------*/
1849 static int perturb_byte;
1851 static void
1852 alloc_perturb (char *p, size_t n)
1854 if (__glibc_unlikely (perturb_byte))
1855 memset (p, perturb_byte ^ 0xff, n);
1858 static void
1859 free_perturb (char *p, size_t n)
1861 if (__glibc_unlikely (perturb_byte))
1862 memset (p, perturb_byte, n);
1867 #include <stap-probe.h>
1869 /* ------------------- Support for multiple arenas -------------------- */
1870 #include "arena.c"
1873 Debugging support
1875 These routines make a number of assertions about the states
1876 of data structures that should be true at all times. If any
1877 are not true, it's very likely that a user program has somehow
1878 trashed memory. (It's also possible that there is a coding error
1879 in malloc. In which case, please report it!)
1882 #if !MALLOC_DEBUG
1884 # define check_chunk(A, P)
1885 # define check_free_chunk(A, P)
1886 # define check_inuse_chunk(A, P)
1887 # define check_remalloced_chunk(A, P, N)
1888 # define check_malloced_chunk(A, P, N)
1889 # define check_malloc_state(A)
1891 #else
1893 # define check_chunk(A, P) do_check_chunk (A, P)
1894 # define check_free_chunk(A, P) do_check_free_chunk (A, P)
1895 # define check_inuse_chunk(A, P) do_check_inuse_chunk (A, P)
1896 # define check_remalloced_chunk(A, P, N) do_check_remalloced_chunk (A, P, N)
1897 # define check_malloced_chunk(A, P, N) do_check_malloced_chunk (A, P, N)
1898 # define check_malloc_state(A) do_check_malloc_state (A)
1901 Properties of all chunks
1904 static void
1905 do_check_chunk (mstate av, mchunkptr p)
1907 unsigned long sz = chunksize (p);
1908 /* min and max possible addresses assuming contiguous allocation */
1909 char *max_address = (char *) (av->top) + chunksize (av->top);
1910 char *min_address = max_address - av->system_mem;
1912 if (!chunk_is_mmapped (p))
1914 /* Has legal address ... */
1915 if (p != av->top)
1917 if (contiguous (av))
1919 assert (((char *) p) >= min_address);
1920 assert (((char *) p + sz) <= ((char *) (av->top)));
1923 else
1925 /* top size is always at least MINSIZE */
1926 assert ((unsigned long) (sz) >= MINSIZE);
1927 /* top predecessor always marked inuse */
1928 assert (prev_inuse (p));
1931 else if (!DUMPED_MAIN_ARENA_CHUNK (p))
1933 /* address is outside main heap */
1934 if (contiguous (av) && av->top != initial_top (av))
1936 assert (((char *) p) < min_address || ((char *) p) >= max_address);
1938 /* chunk is page-aligned */
1939 assert (((prev_size (p) + sz) & (GLRO (dl_pagesize) - 1)) == 0);
1940 /* mem is aligned */
1941 assert (aligned_OK (chunk2mem (p)));
1946 Properties of free chunks
1949 static void
1950 do_check_free_chunk (mstate av, mchunkptr p)
1952 INTERNAL_SIZE_T sz = p->size & ~(PREV_INUSE | NON_MAIN_ARENA);
1953 mchunkptr next = chunk_at_offset (p, sz);
1955 do_check_chunk (av, p);
1957 /* Chunk must claim to be free ... */
1958 assert (!inuse (p));
1959 assert (!chunk_is_mmapped (p));
1961 /* Unless a special marker, must have OK fields */
1962 if ((unsigned long) (sz) >= MINSIZE)
1964 assert ((sz & MALLOC_ALIGN_MASK) == 0);
1965 assert (aligned_OK (chunk2mem (p)));
1966 /* ... matching footer field */
1967 assert (prev_size (p) == sz);
1968 /* ... and is fully consolidated */
1969 assert (prev_inuse (p));
1970 assert (next == av->top || inuse (next));
1972 /* ... and has minimally sane links */
1973 assert (p->fd->bk == p);
1974 assert (p->bk->fd == p);
1976 else /* markers are always of size SIZE_SZ */
1977 assert (sz == SIZE_SZ);
1981 Properties of inuse chunks
1984 static void
1985 do_check_inuse_chunk (mstate av, mchunkptr p)
1987 mchunkptr next;
1989 do_check_chunk (av, p);
1991 if (chunk_is_mmapped (p))
1992 return; /* mmapped chunks have no next/prev */
1994 /* Check whether it claims to be in use ... */
1995 assert (inuse (p));
1997 next = next_chunk (p);
1999 /* ... and is surrounded by OK chunks.
2000 Since more things can be checked with free chunks than inuse ones,
2001 if an inuse chunk borders them and debug is on, it's worth doing them.
2003 if (!prev_inuse (p))
2005 /* Note that we cannot even look at prev unless it is not inuse */
2006 mchunkptr prv = prev_chunk (p);
2007 assert (next_chunk (prv) == p);
2008 do_check_free_chunk (av, prv);
2011 if (next == av->top)
2013 assert (prev_inuse (next));
2014 assert (chunksize (next) >= MINSIZE);
2016 else if (!inuse (next))
2017 do_check_free_chunk (av, next);
2021 Properties of chunks recycled from fastbins
2024 static void
2025 do_check_remalloced_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T s)
2027 INTERNAL_SIZE_T sz = p->size & ~(PREV_INUSE | NON_MAIN_ARENA);
2029 if (!chunk_is_mmapped (p))
2031 assert (av == arena_for_chunk (p));
2032 if (chunk_main_arena (p))
2033 assert (av == &main_arena);
2034 else
2035 assert (av != &main_arena);
2038 do_check_inuse_chunk (av, p);
2040 /* Legal size ... */
2041 assert ((sz & MALLOC_ALIGN_MASK) == 0);
2042 assert ((unsigned long) (sz) >= MINSIZE);
2043 /* ... and alignment */
2044 assert (aligned_OK (chunk2mem (p)));
2045 /* chunk is less than MINSIZE more than request */
2046 assert ((long) (sz) - (long) (s) >= 0);
2047 assert ((long) (sz) - (long) (s + MINSIZE) < 0);
2051 Properties of nonrecycled chunks at the point they are malloced
2054 static void
2055 do_check_malloced_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T s)
2057 /* same as recycled case ... */
2058 do_check_remalloced_chunk (av, p, s);
2061 ... plus, must obey implementation invariant that prev_inuse is
2062 always true of any allocated chunk; i.e., that each allocated
2063 chunk borders either a previously allocated and still in-use
2064 chunk, or the base of its memory arena. This is ensured
2065 by making all allocations from the `lowest' part of any found
2066 chunk. This does not necessarily hold however for chunks
2067 recycled via fastbins.
2070 assert (prev_inuse (p));
2075 Properties of malloc_state.
2077 This may be useful for debugging malloc, as well as detecting user
2078 programmer errors that somehow write into malloc_state.
2080 If you are extending or experimenting with this malloc, you can
2081 probably figure out how to hack this routine to print out or
2082 display chunk addresses, sizes, bins, and other instrumentation.
2085 static void
2086 do_check_malloc_state (mstate av)
2088 int i;
2089 mchunkptr p;
2090 mchunkptr q;
2091 mbinptr b;
2092 unsigned int idx;
2093 INTERNAL_SIZE_T size;
2094 unsigned long total = 0;
2095 int max_fast_bin;
2097 /* internal size_t must be no wider than pointer type */
2098 assert (sizeof (INTERNAL_SIZE_T) <= sizeof (char *));
2100 /* alignment is a power of 2 */
2101 assert ((MALLOC_ALIGNMENT & (MALLOC_ALIGNMENT - 1)) == 0);
2103 /* cannot run remaining checks until fully initialized */
2104 if (av->top == 0 || av->top == initial_top (av))
2105 return;
2107 /* pagesize is a power of 2 */
2108 assert (powerof2(GLRO (dl_pagesize)));
2110 /* A contiguous main_arena is consistent with sbrk_base. */
2111 if (av == &main_arena && contiguous (av))
2112 assert ((char *) mp_.sbrk_base + av->system_mem ==
2113 (char *) av->top + chunksize (av->top));
2115 /* properties of fastbins */
2117 /* max_fast is in allowed range */
2118 assert ((get_max_fast () & ~1) <= request2size (MAX_FAST_SIZE));
2120 max_fast_bin = fastbin_index (get_max_fast ());
2122 for (i = 0; i < NFASTBINS; ++i)
2124 p = fastbin (av, i);
2126 /* The following test can only be performed for the main arena.
2127 While mallopt calls malloc_consolidate to get rid of all fast
2128 bins (especially those larger than the new maximum) this does
2129 only happen for the main arena. Trying to do this for any
2130 other arena would mean those arenas have to be locked and
2131 malloc_consolidate be called for them. This is excessive. And
2132 even if this is acceptable to somebody it still cannot solve
2133 the problem completely since if the arena is locked a
2134 concurrent malloc call might create a new arena which then
2135 could use the newly invalid fast bins. */
2137 /* all bins past max_fast are empty */
2138 if (av == &main_arena && i > max_fast_bin)
2139 assert (p == 0);
2141 while (p != 0)
2143 /* each chunk claims to be inuse */
2144 do_check_inuse_chunk (av, p);
2145 total += chunksize (p);
2146 /* chunk belongs in this bin */
2147 assert (fastbin_index (chunksize (p)) == i);
2148 p = p->fd;
2152 if (total != 0)
2153 assert (have_fastchunks (av));
2154 else if (!have_fastchunks (av))
2155 assert (total == 0);
2157 /* check normal bins */
2158 for (i = 1; i < NBINS; ++i)
2160 b = bin_at (av, i);
2162 /* binmap is accurate (except for bin 1 == unsorted_chunks) */
2163 if (i >= 2)
2165 unsigned int binbit = get_binmap (av, i);
2166 int empty = last (b) == b;
2167 if (!binbit)
2168 assert (empty);
2169 else if (!empty)
2170 assert (binbit);
2173 for (p = last (b); p != b; p = p->bk)
2175 /* each chunk claims to be free */
2176 do_check_free_chunk (av, p);
2177 size = chunksize (p);
2178 total += size;
2179 if (i >= 2)
2181 /* chunk belongs in bin */
2182 idx = bin_index (size);
2183 assert (idx == i);
2184 /* lists are sorted */
2185 assert (p->bk == b ||
2186 (unsigned long) chunksize (p->bk) >= (unsigned long) chunksize (p));
2188 if (!in_smallbin_range (size))
2190 if (p->fd_nextsize != NULL)
2192 if (p->fd_nextsize == p)
2193 assert (p->bk_nextsize == p);
2194 else
2196 if (p->fd_nextsize == first (b))
2197 assert (chunksize (p) < chunksize (p->fd_nextsize));
2198 else
2199 assert (chunksize (p) > chunksize (p->fd_nextsize));
2201 if (p == first (b))
2202 assert (chunksize (p) > chunksize (p->bk_nextsize));
2203 else
2204 assert (chunksize (p) < chunksize (p->bk_nextsize));
2207 else
2208 assert (p->bk_nextsize == NULL);
2211 else if (!in_smallbin_range (size))
2212 assert (p->fd_nextsize == NULL && p->bk_nextsize == NULL);
2213 /* chunk is followed by a legal chain of inuse chunks */
2214 for (q = next_chunk (p);
2215 (q != av->top && inuse (q) &&
2216 (unsigned long) (chunksize (q)) >= MINSIZE);
2217 q = next_chunk (q))
2218 do_check_inuse_chunk (av, q);
2222 /* top chunk is OK */
2223 check_chunk (av, av->top);
2225 #endif
2228 /* ----------------- Support for debugging hooks -------------------- */
2229 #include "hooks.c"
2232 /* ----------- Routines dealing with system allocation -------------- */
2235 sysmalloc handles malloc cases requiring more memory from the system.
2236 On entry, it is assumed that av->top does not have enough
2237 space to service request for nb bytes, thus requiring that av->top
2238 be extended or replaced.
2241 static void *
2242 sysmalloc (INTERNAL_SIZE_T nb, mstate av)
2244 mchunkptr old_top; /* incoming value of av->top */
2245 INTERNAL_SIZE_T old_size; /* its size */
2246 char *old_end; /* its end address */
2248 long size; /* arg to first MORECORE or mmap call */
2249 char *brk; /* return value from MORECORE */
2251 long correction; /* arg to 2nd MORECORE call */
2252 char *snd_brk; /* 2nd return val */
2254 INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */
2255 INTERNAL_SIZE_T end_misalign; /* partial page left at end of new space */
2256 char *aligned_brk; /* aligned offset into brk */
2258 mchunkptr p; /* the allocated/returned chunk */
2259 mchunkptr remainder; /* remainder from allocation */
2260 unsigned long remainder_size; /* its size */
2263 size_t pagesize = GLRO (dl_pagesize);
2264 bool tried_mmap = false;
2268 If have mmap, and the request size meets the mmap threshold, and
2269 the system supports mmap, and there are few enough currently
2270 allocated mmapped regions, try to directly map this request
2271 rather than expanding top.
2274 if (av == NULL
2275 || ((unsigned long) (nb) >= (unsigned long) (mp_.mmap_threshold)
2276 && (mp_.n_mmaps < mp_.n_mmaps_max)))
2278 char *mm; /* return value from mmap call*/
2280 try_mmap:
2282 Round up size to nearest page. For mmapped chunks, the overhead
2283 is one SIZE_SZ unit larger than for normal chunks, because there
2284 is no following chunk whose prev_size field could be used.
2286 See the front_misalign handling below, for glibc there is no
2287 need for further alignments unless we have have high alignment.
2289 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2290 size = ALIGN_UP (nb + SIZE_SZ, pagesize);
2291 else
2292 size = ALIGN_UP (nb + SIZE_SZ + MALLOC_ALIGN_MASK, pagesize);
2293 tried_mmap = true;
2295 /* Don't try if size wraps around 0 */
2296 if ((unsigned long) (size) > (unsigned long) (nb))
2298 mm = (char *) (MMAP (0, size, PROT_READ | PROT_WRITE, 0));
2300 if (mm != MAP_FAILED)
2303 The offset to the start of the mmapped region is stored
2304 in the prev_size field of the chunk. This allows us to adjust
2305 returned start address to meet alignment requirements here
2306 and in memalign(), and still be able to compute proper
2307 address argument for later munmap in free() and realloc().
2310 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2312 /* For glibc, chunk2mem increases the address by 2*SIZE_SZ and
2313 MALLOC_ALIGN_MASK is 2*SIZE_SZ-1. Each mmap'ed area is page
2314 aligned and therefore definitely MALLOC_ALIGN_MASK-aligned. */
2315 assert (((INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK) == 0);
2316 front_misalign = 0;
2318 else
2319 front_misalign = (INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK;
2320 if (front_misalign > 0)
2322 correction = MALLOC_ALIGNMENT - front_misalign;
2323 p = (mchunkptr) (mm + correction);
2324 set_prev_size (p, correction);
2325 set_head (p, (size - correction) | IS_MMAPPED);
2327 else
2329 p = (mchunkptr) mm;
2330 set_prev_size (p, 0);
2331 set_head (p, size | IS_MMAPPED);
2334 /* update statistics */
2336 int new = atomic_exchange_and_add (&mp_.n_mmaps, 1) + 1;
2337 atomic_max (&mp_.max_n_mmaps, new);
2339 unsigned long sum;
2340 sum = atomic_exchange_and_add (&mp_.mmapped_mem, size) + size;
2341 atomic_max (&mp_.max_mmapped_mem, sum);
2343 check_chunk (av, p);
2345 return chunk2mem (p);
2350 /* There are no usable arenas and mmap also failed. */
2351 if (av == NULL)
2352 return 0;
2354 /* Record incoming configuration of top */
2356 old_top = av->top;
2357 old_size = chunksize (old_top);
2358 old_end = (char *) (chunk_at_offset (old_top, old_size));
2360 brk = snd_brk = (char *) (MORECORE_FAILURE);
2363 If not the first time through, we require old_size to be
2364 at least MINSIZE and to have prev_inuse set.
2367 assert ((old_top == initial_top (av) && old_size == 0) ||
2368 ((unsigned long) (old_size) >= MINSIZE &&
2369 prev_inuse (old_top) &&
2370 ((unsigned long) old_end & (pagesize - 1)) == 0));
2372 /* Precondition: not enough current space to satisfy nb request */
2373 assert ((unsigned long) (old_size) < (unsigned long) (nb + MINSIZE));
2376 if (av != &main_arena)
2378 heap_info *old_heap, *heap;
2379 size_t old_heap_size;
2381 /* First try to extend the current heap. */
2382 old_heap = heap_for_ptr (old_top);
2383 old_heap_size = old_heap->size;
2384 if ((long) (MINSIZE + nb - old_size) > 0
2385 && grow_heap (old_heap, MINSIZE + nb - old_size) == 0)
2387 av->system_mem += old_heap->size - old_heap_size;
2388 set_head (old_top, (((char *) old_heap + old_heap->size) - (char *) old_top)
2389 | PREV_INUSE);
2391 else if ((heap = new_heap (nb + (MINSIZE + sizeof (*heap)), mp_.top_pad)))
2393 /* Use a newly allocated heap. */
2394 heap->ar_ptr = av;
2395 heap->prev = old_heap;
2396 av->system_mem += heap->size;
2397 /* Set up the new top. */
2398 top (av) = chunk_at_offset (heap, sizeof (*heap));
2399 set_head (top (av), (heap->size - sizeof (*heap)) | PREV_INUSE);
2401 /* Setup fencepost and free the old top chunk with a multiple of
2402 MALLOC_ALIGNMENT in size. */
2403 /* The fencepost takes at least MINSIZE bytes, because it might
2404 become the top chunk again later. Note that a footer is set
2405 up, too, although the chunk is marked in use. */
2406 old_size = (old_size - MINSIZE) & ~MALLOC_ALIGN_MASK;
2407 set_head (chunk_at_offset (old_top, old_size + 2 * SIZE_SZ), 0 | PREV_INUSE);
2408 if (old_size >= MINSIZE)
2410 set_head (chunk_at_offset (old_top, old_size), (2 * SIZE_SZ) | PREV_INUSE);
2411 set_foot (chunk_at_offset (old_top, old_size), (2 * SIZE_SZ));
2412 set_head (old_top, old_size | PREV_INUSE | NON_MAIN_ARENA);
2413 _int_free (av, old_top, 1);
2415 else
2417 set_head (old_top, (old_size + 2 * SIZE_SZ) | PREV_INUSE);
2418 set_foot (old_top, (old_size + 2 * SIZE_SZ));
2421 else if (!tried_mmap)
2422 /* We can at least try to use to mmap memory. */
2423 goto try_mmap;
2425 else /* av == main_arena */
2428 { /* Request enough space for nb + pad + overhead */
2429 size = nb + mp_.top_pad + MINSIZE;
2432 If contiguous, we can subtract out existing space that we hope to
2433 combine with new space. We add it back later only if
2434 we don't actually get contiguous space.
2437 if (contiguous (av))
2438 size -= old_size;
2441 Round to a multiple of page size.
2442 If MORECORE is not contiguous, this ensures that we only call it
2443 with whole-page arguments. And if MORECORE is contiguous and
2444 this is not first time through, this preserves page-alignment of
2445 previous calls. Otherwise, we correct to page-align below.
2448 size = ALIGN_UP (size, pagesize);
2451 Don't try to call MORECORE if argument is so big as to appear
2452 negative. Note that since mmap takes size_t arg, it may succeed
2453 below even if we cannot call MORECORE.
2456 if (size > 0)
2458 brk = (char *) (MORECORE (size));
2459 LIBC_PROBE (memory_sbrk_more, 2, brk, size);
2462 if (brk != (char *) (MORECORE_FAILURE))
2464 /* Call the `morecore' hook if necessary. */
2465 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2466 if (__builtin_expect (hook != NULL, 0))
2467 (*hook)();
2469 else
2472 If have mmap, try using it as a backup when MORECORE fails or
2473 cannot be used. This is worth doing on systems that have "holes" in
2474 address space, so sbrk cannot extend to give contiguous space, but
2475 space is available elsewhere. Note that we ignore mmap max count
2476 and threshold limits, since the space will not be used as a
2477 segregated mmap region.
2480 /* Cannot merge with old top, so add its size back in */
2481 if (contiguous (av))
2482 size = ALIGN_UP (size + old_size, pagesize);
2484 /* If we are relying on mmap as backup, then use larger units */
2485 if ((unsigned long) (size) < (unsigned long) (MMAP_AS_MORECORE_SIZE))
2486 size = MMAP_AS_MORECORE_SIZE;
2488 /* Don't try if size wraps around 0 */
2489 if ((unsigned long) (size) > (unsigned long) (nb))
2491 char *mbrk = (char *) (MMAP (0, size, PROT_READ | PROT_WRITE, 0));
2493 if (mbrk != MAP_FAILED)
2495 /* We do not need, and cannot use, another sbrk call to find end */
2496 brk = mbrk;
2497 snd_brk = brk + size;
2500 Record that we no longer have a contiguous sbrk region.
2501 After the first time mmap is used as backup, we do not
2502 ever rely on contiguous space since this could incorrectly
2503 bridge regions.
2505 set_noncontiguous (av);
2510 if (brk != (char *) (MORECORE_FAILURE))
2512 if (mp_.sbrk_base == 0)
2513 mp_.sbrk_base = brk;
2514 av->system_mem += size;
2517 If MORECORE extends previous space, we can likewise extend top size.
2520 if (brk == old_end && snd_brk == (char *) (MORECORE_FAILURE))
2521 set_head (old_top, (size + old_size) | PREV_INUSE);
2523 else if (contiguous (av) && old_size && brk < old_end)
2525 /* Oops! Someone else killed our space.. Can't touch anything. */
2526 malloc_printerr (3, "break adjusted to free malloc space", brk,
2527 av);
2531 Otherwise, make adjustments:
2533 * If the first time through or noncontiguous, we need to call sbrk
2534 just to find out where the end of memory lies.
2536 * We need to ensure that all returned chunks from malloc will meet
2537 MALLOC_ALIGNMENT
2539 * If there was an intervening foreign sbrk, we need to adjust sbrk
2540 request size to account for fact that we will not be able to
2541 combine new space with existing space in old_top.
2543 * Almost all systems internally allocate whole pages at a time, in
2544 which case we might as well use the whole last page of request.
2545 So we allocate enough more memory to hit a page boundary now,
2546 which in turn causes future contiguous calls to page-align.
2549 else
2551 front_misalign = 0;
2552 end_misalign = 0;
2553 correction = 0;
2554 aligned_brk = brk;
2556 /* handle contiguous cases */
2557 if (contiguous (av))
2559 /* Count foreign sbrk as system_mem. */
2560 if (old_size)
2561 av->system_mem += brk - old_end;
2563 /* Guarantee alignment of first new chunk made from this space */
2565 front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
2566 if (front_misalign > 0)
2569 Skip over some bytes to arrive at an aligned position.
2570 We don't need to specially mark these wasted front bytes.
2571 They will never be accessed anyway because
2572 prev_inuse of av->top (and any chunk created from its start)
2573 is always true after initialization.
2576 correction = MALLOC_ALIGNMENT - front_misalign;
2577 aligned_brk += correction;
2581 If this isn't adjacent to existing space, then we will not
2582 be able to merge with old_top space, so must add to 2nd request.
2585 correction += old_size;
2587 /* Extend the end address to hit a page boundary */
2588 end_misalign = (INTERNAL_SIZE_T) (brk + size + correction);
2589 correction += (ALIGN_UP (end_misalign, pagesize)) - end_misalign;
2591 assert (correction >= 0);
2592 snd_brk = (char *) (MORECORE (correction));
2595 If can't allocate correction, try to at least find out current
2596 brk. It might be enough to proceed without failing.
2598 Note that if second sbrk did NOT fail, we assume that space
2599 is contiguous with first sbrk. This is a safe assumption unless
2600 program is multithreaded but doesn't use locks and a foreign sbrk
2601 occurred between our first and second calls.
2604 if (snd_brk == (char *) (MORECORE_FAILURE))
2606 correction = 0;
2607 snd_brk = (char *) (MORECORE (0));
2609 else
2611 /* Call the `morecore' hook if necessary. */
2612 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2613 if (__builtin_expect (hook != NULL, 0))
2614 (*hook)();
2618 /* handle non-contiguous cases */
2619 else
2621 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2622 /* MORECORE/mmap must correctly align */
2623 assert (((unsigned long) chunk2mem (brk) & MALLOC_ALIGN_MASK) == 0);
2624 else
2626 front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
2627 if (front_misalign > 0)
2630 Skip over some bytes to arrive at an aligned position.
2631 We don't need to specially mark these wasted front bytes.
2632 They will never be accessed anyway because
2633 prev_inuse of av->top (and any chunk created from its start)
2634 is always true after initialization.
2637 aligned_brk += MALLOC_ALIGNMENT - front_misalign;
2641 /* Find out current end of memory */
2642 if (snd_brk == (char *) (MORECORE_FAILURE))
2644 snd_brk = (char *) (MORECORE (0));
2648 /* Adjust top based on results of second sbrk */
2649 if (snd_brk != (char *) (MORECORE_FAILURE))
2651 av->top = (mchunkptr) aligned_brk;
2652 set_head (av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE);
2653 av->system_mem += correction;
2656 If not the first time through, we either have a
2657 gap due to foreign sbrk or a non-contiguous region. Insert a
2658 double fencepost at old_top to prevent consolidation with space
2659 we don't own. These fenceposts are artificial chunks that are
2660 marked as inuse and are in any case too small to use. We need
2661 two to make sizes and alignments work out.
2664 if (old_size != 0)
2667 Shrink old_top to insert fenceposts, keeping size a
2668 multiple of MALLOC_ALIGNMENT. We know there is at least
2669 enough space in old_top to do this.
2671 old_size = (old_size - 4 * SIZE_SZ) & ~MALLOC_ALIGN_MASK;
2672 set_head (old_top, old_size | PREV_INUSE);
2675 Note that the following assignments completely overwrite
2676 old_top when old_size was previously MINSIZE. This is
2677 intentional. We need the fencepost, even if old_top otherwise gets
2678 lost.
2680 set_head (chunk_at_offset (old_top, old_size),
2681 (2 * SIZE_SZ) | PREV_INUSE);
2682 set_head (chunk_at_offset (old_top, old_size + 2 * SIZE_SZ),
2683 (2 * SIZE_SZ) | PREV_INUSE);
2685 /* If possible, release the rest. */
2686 if (old_size >= MINSIZE)
2688 _int_free (av, old_top, 1);
2694 } /* if (av != &main_arena) */
2696 if ((unsigned long) av->system_mem > (unsigned long) (av->max_system_mem))
2697 av->max_system_mem = av->system_mem;
2698 check_malloc_state (av);
2700 /* finally, do the allocation */
2701 p = av->top;
2702 size = chunksize (p);
2704 /* check that one of the above allocation paths succeeded */
2705 if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
2707 remainder_size = size - nb;
2708 remainder = chunk_at_offset (p, nb);
2709 av->top = remainder;
2710 set_head (p, nb | PREV_INUSE | (av != &main_arena ? NON_MAIN_ARENA : 0));
2711 set_head (remainder, remainder_size | PREV_INUSE);
2712 check_malloced_chunk (av, p, nb);
2713 return chunk2mem (p);
2716 /* catch all failure paths */
2717 __set_errno (ENOMEM);
2718 return 0;
2723 systrim is an inverse of sorts to sysmalloc. It gives memory back
2724 to the system (via negative arguments to sbrk) if there is unused
2725 memory at the `high' end of the malloc pool. It is called
2726 automatically by free() when top space exceeds the trim
2727 threshold. It is also called by the public malloc_trim routine. It
2728 returns 1 if it actually released any memory, else 0.
2731 static int
2732 systrim (size_t pad, mstate av)
2734 long top_size; /* Amount of top-most memory */
2735 long extra; /* Amount to release */
2736 long released; /* Amount actually released */
2737 char *current_brk; /* address returned by pre-check sbrk call */
2738 char *new_brk; /* address returned by post-check sbrk call */
2739 size_t pagesize;
2740 long top_area;
2742 pagesize = GLRO (dl_pagesize);
2743 top_size = chunksize (av->top);
2745 top_area = top_size - MINSIZE - 1;
2746 if (top_area <= pad)
2747 return 0;
2749 /* Release in pagesize units and round down to the nearest page. */
2750 extra = ALIGN_DOWN(top_area - pad, pagesize);
2752 if (extra == 0)
2753 return 0;
2756 Only proceed if end of memory is where we last set it.
2757 This avoids problems if there were foreign sbrk calls.
2759 current_brk = (char *) (MORECORE (0));
2760 if (current_brk == (char *) (av->top) + top_size)
2763 Attempt to release memory. We ignore MORECORE return value,
2764 and instead call again to find out where new end of memory is.
2765 This avoids problems if first call releases less than we asked,
2766 of if failure somehow altered brk value. (We could still
2767 encounter problems if it altered brk in some very bad way,
2768 but the only thing we can do is adjust anyway, which will cause
2769 some downstream failure.)
2772 MORECORE (-extra);
2773 /* Call the `morecore' hook if necessary. */
2774 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2775 if (__builtin_expect (hook != NULL, 0))
2776 (*hook)();
2777 new_brk = (char *) (MORECORE (0));
2779 LIBC_PROBE (memory_sbrk_less, 2, new_brk, extra);
2781 if (new_brk != (char *) MORECORE_FAILURE)
2783 released = (long) (current_brk - new_brk);
2785 if (released != 0)
2787 /* Success. Adjust top. */
2788 av->system_mem -= released;
2789 set_head (av->top, (top_size - released) | PREV_INUSE);
2790 check_malloc_state (av);
2791 return 1;
2795 return 0;
2798 static void
2799 internal_function
2800 munmap_chunk (mchunkptr p)
2802 INTERNAL_SIZE_T size = chunksize (p);
2804 assert (chunk_is_mmapped (p));
2806 /* Do nothing if the chunk is a faked mmapped chunk in the dumped
2807 main arena. We never free this memory. */
2808 if (DUMPED_MAIN_ARENA_CHUNK (p))
2809 return;
2811 uintptr_t block = (uintptr_t) p - prev_size (p);
2812 size_t total_size = prev_size (p) + size;
2813 /* Unfortunately we have to do the compilers job by hand here. Normally
2814 we would test BLOCK and TOTAL-SIZE separately for compliance with the
2815 page size. But gcc does not recognize the optimization possibility
2816 (in the moment at least) so we combine the two values into one before
2817 the bit test. */
2818 if (__builtin_expect (((block | total_size) & (GLRO (dl_pagesize) - 1)) != 0, 0))
2820 malloc_printerr (check_action, "munmap_chunk(): invalid pointer",
2821 chunk2mem (p), NULL);
2822 return;
2825 atomic_decrement (&mp_.n_mmaps);
2826 atomic_add (&mp_.mmapped_mem, -total_size);
2828 /* If munmap failed the process virtual memory address space is in a
2829 bad shape. Just leave the block hanging around, the process will
2830 terminate shortly anyway since not much can be done. */
2831 __munmap ((char *) block, total_size);
2834 #if HAVE_MREMAP
2836 static mchunkptr
2837 internal_function
2838 mremap_chunk (mchunkptr p, size_t new_size)
2840 size_t pagesize = GLRO (dl_pagesize);
2841 INTERNAL_SIZE_T offset = prev_size (p);
2842 INTERNAL_SIZE_T size = chunksize (p);
2843 char *cp;
2845 assert (chunk_is_mmapped (p));
2846 assert (((size + offset) & (GLRO (dl_pagesize) - 1)) == 0);
2848 /* Note the extra SIZE_SZ overhead as in mmap_chunk(). */
2849 new_size = ALIGN_UP (new_size + offset + SIZE_SZ, pagesize);
2851 /* No need to remap if the number of pages does not change. */
2852 if (size + offset == new_size)
2853 return p;
2855 cp = (char *) __mremap ((char *) p - offset, size + offset, new_size,
2856 MREMAP_MAYMOVE);
2858 if (cp == MAP_FAILED)
2859 return 0;
2861 p = (mchunkptr) (cp + offset);
2863 assert (aligned_OK (chunk2mem (p)));
2865 assert (prev_size (p) == offset);
2866 set_head (p, (new_size - offset) | IS_MMAPPED);
2868 INTERNAL_SIZE_T new;
2869 new = atomic_exchange_and_add (&mp_.mmapped_mem, new_size - size - offset)
2870 + new_size - size - offset;
2871 atomic_max (&mp_.max_mmapped_mem, new);
2872 return p;
2874 #endif /* HAVE_MREMAP */
2876 /*------------------------ Public wrappers. --------------------------------*/
2878 void *
2879 __libc_malloc (size_t bytes)
2881 mstate ar_ptr;
2882 void *victim;
2884 void *(*hook) (size_t, const void *)
2885 = atomic_forced_read (__malloc_hook);
2886 if (__builtin_expect (hook != NULL, 0))
2887 return (*hook)(bytes, RETURN_ADDRESS (0));
2889 arena_get (ar_ptr, bytes);
2891 victim = _int_malloc (ar_ptr, bytes);
2892 /* Retry with another arena only if we were able to find a usable arena
2893 before. */
2894 if (!victim && ar_ptr != NULL)
2896 LIBC_PROBE (memory_malloc_retry, 1, bytes);
2897 ar_ptr = arena_get_retry (ar_ptr, bytes);
2898 victim = _int_malloc (ar_ptr, bytes);
2901 if (ar_ptr != NULL)
2902 __libc_lock_unlock (ar_ptr->mutex);
2904 assert (!victim || chunk_is_mmapped (mem2chunk (victim)) ||
2905 ar_ptr == arena_for_chunk (mem2chunk (victim)));
2906 return victim;
2908 libc_hidden_def (__libc_malloc)
2910 void
2911 __libc_free (void *mem)
2913 mstate ar_ptr;
2914 mchunkptr p; /* chunk corresponding to mem */
2916 void (*hook) (void *, const void *)
2917 = atomic_forced_read (__free_hook);
2918 if (__builtin_expect (hook != NULL, 0))
2920 (*hook)(mem, RETURN_ADDRESS (0));
2921 return;
2924 if (mem == 0) /* free(0) has no effect */
2925 return;
2927 p = mem2chunk (mem);
2929 if (chunk_is_mmapped (p)) /* release mmapped memory. */
2931 /* See if the dynamic brk/mmap threshold needs adjusting.
2932 Dumped fake mmapped chunks do not affect the threshold. */
2933 if (!mp_.no_dyn_threshold
2934 && chunksize_nomask (p) > mp_.mmap_threshold
2935 && chunksize_nomask (p) <= DEFAULT_MMAP_THRESHOLD_MAX
2936 && !DUMPED_MAIN_ARENA_CHUNK (p))
2938 mp_.mmap_threshold = chunksize (p);
2939 mp_.trim_threshold = 2 * mp_.mmap_threshold;
2940 LIBC_PROBE (memory_mallopt_free_dyn_thresholds, 2,
2941 mp_.mmap_threshold, mp_.trim_threshold);
2943 munmap_chunk (p);
2944 return;
2947 ar_ptr = arena_for_chunk (p);
2948 _int_free (ar_ptr, p, 0);
2950 libc_hidden_def (__libc_free)
2952 void *
2953 __libc_realloc (void *oldmem, size_t bytes)
2955 mstate ar_ptr;
2956 INTERNAL_SIZE_T nb; /* padded request size */
2958 void *newp; /* chunk to return */
2960 void *(*hook) (void *, size_t, const void *) =
2961 atomic_forced_read (__realloc_hook);
2962 if (__builtin_expect (hook != NULL, 0))
2963 return (*hook)(oldmem, bytes, RETURN_ADDRESS (0));
2965 #if REALLOC_ZERO_BYTES_FREES
2966 if (bytes == 0 && oldmem != NULL)
2968 __libc_free (oldmem); return 0;
2970 #endif
2972 /* realloc of null is supposed to be same as malloc */
2973 if (oldmem == 0)
2974 return __libc_malloc (bytes);
2976 /* chunk corresponding to oldmem */
2977 const mchunkptr oldp = mem2chunk (oldmem);
2978 /* its size */
2979 const INTERNAL_SIZE_T oldsize = chunksize (oldp);
2981 if (chunk_is_mmapped (oldp))
2982 ar_ptr = NULL;
2983 else
2984 ar_ptr = arena_for_chunk (oldp);
2986 /* Little security check which won't hurt performance: the allocator
2987 never wrapps around at the end of the address space. Therefore
2988 we can exclude some size values which might appear here by
2989 accident or by "design" from some intruder. We need to bypass
2990 this check for dumped fake mmap chunks from the old main arena
2991 because the new malloc may provide additional alignment. */
2992 if ((__builtin_expect ((uintptr_t) oldp > (uintptr_t) -oldsize, 0)
2993 || __builtin_expect (misaligned_chunk (oldp), 0))
2994 && !DUMPED_MAIN_ARENA_CHUNK (oldp))
2996 malloc_printerr (check_action, "realloc(): invalid pointer", oldmem,
2997 ar_ptr);
2998 return NULL;
3001 checked_request2size (bytes, nb);
3003 if (chunk_is_mmapped (oldp))
3005 /* If this is a faked mmapped chunk from the dumped main arena,
3006 always make a copy (and do not free the old chunk). */
3007 if (DUMPED_MAIN_ARENA_CHUNK (oldp))
3009 /* Must alloc, copy, free. */
3010 void *newmem = __libc_malloc (bytes);
3011 if (newmem == 0)
3012 return NULL;
3013 /* Copy as many bytes as are available from the old chunk
3014 and fit into the new size. NB: The overhead for faked
3015 mmapped chunks is only SIZE_SZ, not 2 * SIZE_SZ as for
3016 regular mmapped chunks. */
3017 if (bytes > oldsize - SIZE_SZ)
3018 bytes = oldsize - SIZE_SZ;
3019 memcpy (newmem, oldmem, bytes);
3020 return newmem;
3023 void *newmem;
3025 #if HAVE_MREMAP
3026 newp = mremap_chunk (oldp, nb);
3027 if (newp)
3028 return chunk2mem (newp);
3029 #endif
3030 /* Note the extra SIZE_SZ overhead. */
3031 if (oldsize - SIZE_SZ >= nb)
3032 return oldmem; /* do nothing */
3034 /* Must alloc, copy, free. */
3035 newmem = __libc_malloc (bytes);
3036 if (newmem == 0)
3037 return 0; /* propagate failure */
3039 memcpy (newmem, oldmem, oldsize - 2 * SIZE_SZ);
3040 munmap_chunk (oldp);
3041 return newmem;
3044 __libc_lock_lock (ar_ptr->mutex);
3046 newp = _int_realloc (ar_ptr, oldp, oldsize, nb);
3048 __libc_lock_unlock (ar_ptr->mutex);
3049 assert (!newp || chunk_is_mmapped (mem2chunk (newp)) ||
3050 ar_ptr == arena_for_chunk (mem2chunk (newp)));
3052 if (newp == NULL)
3054 /* Try harder to allocate memory in other arenas. */
3055 LIBC_PROBE (memory_realloc_retry, 2, bytes, oldmem);
3056 newp = __libc_malloc (bytes);
3057 if (newp != NULL)
3059 memcpy (newp, oldmem, oldsize - SIZE_SZ);
3060 _int_free (ar_ptr, oldp, 0);
3064 return newp;
3066 libc_hidden_def (__libc_realloc)
3068 void *
3069 __libc_memalign (size_t alignment, size_t bytes)
3071 void *address = RETURN_ADDRESS (0);
3072 return _mid_memalign (alignment, bytes, address);
3075 static void *
3076 _mid_memalign (size_t alignment, size_t bytes, void *address)
3078 mstate ar_ptr;
3079 void *p;
3081 void *(*hook) (size_t, size_t, const void *) =
3082 atomic_forced_read (__memalign_hook);
3083 if (__builtin_expect (hook != NULL, 0))
3084 return (*hook)(alignment, bytes, address);
3086 /* If we need less alignment than we give anyway, just relay to malloc. */
3087 if (alignment <= MALLOC_ALIGNMENT)
3088 return __libc_malloc (bytes);
3090 /* Otherwise, ensure that it is at least a minimum chunk size */
3091 if (alignment < MINSIZE)
3092 alignment = MINSIZE;
3094 /* If the alignment is greater than SIZE_MAX / 2 + 1 it cannot be a
3095 power of 2 and will cause overflow in the check below. */
3096 if (alignment > SIZE_MAX / 2 + 1)
3098 __set_errno (EINVAL);
3099 return 0;
3102 /* Check for overflow. */
3103 if (bytes > SIZE_MAX - alignment - MINSIZE)
3105 __set_errno (ENOMEM);
3106 return 0;
3110 /* Make sure alignment is power of 2. */
3111 if (!powerof2 (alignment))
3113 size_t a = MALLOC_ALIGNMENT * 2;
3114 while (a < alignment)
3115 a <<= 1;
3116 alignment = a;
3119 arena_get (ar_ptr, bytes + alignment + MINSIZE);
3121 p = _int_memalign (ar_ptr, alignment, bytes);
3122 if (!p && ar_ptr != NULL)
3124 LIBC_PROBE (memory_memalign_retry, 2, bytes, alignment);
3125 ar_ptr = arena_get_retry (ar_ptr, bytes);
3126 p = _int_memalign (ar_ptr, alignment, bytes);
3129 if (ar_ptr != NULL)
3130 __libc_lock_unlock (ar_ptr->mutex);
3132 assert (!p || chunk_is_mmapped (mem2chunk (p)) ||
3133 ar_ptr == arena_for_chunk (mem2chunk (p)));
3134 return p;
3136 /* For ISO C11. */
3137 weak_alias (__libc_memalign, aligned_alloc)
3138 libc_hidden_def (__libc_memalign)
3140 void *
3141 __libc_valloc (size_t bytes)
3143 if (__malloc_initialized < 0)
3144 ptmalloc_init ();
3146 void *address = RETURN_ADDRESS (0);
3147 size_t pagesize = GLRO (dl_pagesize);
3148 return _mid_memalign (pagesize, bytes, address);
3151 void *
3152 __libc_pvalloc (size_t bytes)
3154 if (__malloc_initialized < 0)
3155 ptmalloc_init ();
3157 void *address = RETURN_ADDRESS (0);
3158 size_t pagesize = GLRO (dl_pagesize);
3159 size_t rounded_bytes = ALIGN_UP (bytes, pagesize);
3161 /* Check for overflow. */
3162 if (bytes > SIZE_MAX - 2 * pagesize - MINSIZE)
3164 __set_errno (ENOMEM);
3165 return 0;
3168 return _mid_memalign (pagesize, rounded_bytes, address);
3171 void *
3172 __libc_calloc (size_t n, size_t elem_size)
3174 mstate av;
3175 mchunkptr oldtop, p;
3176 INTERNAL_SIZE_T bytes, sz, csz, oldtopsize;
3177 void *mem;
3178 unsigned long clearsize;
3179 unsigned long nclears;
3180 INTERNAL_SIZE_T *d;
3182 /* size_t is unsigned so the behavior on overflow is defined. */
3183 bytes = n * elem_size;
3184 #define HALF_INTERNAL_SIZE_T \
3185 (((INTERNAL_SIZE_T) 1) << (8 * sizeof (INTERNAL_SIZE_T) / 2))
3186 if (__builtin_expect ((n | elem_size) >= HALF_INTERNAL_SIZE_T, 0))
3188 if (elem_size != 0 && bytes / elem_size != n)
3190 __set_errno (ENOMEM);
3191 return 0;
3195 void *(*hook) (size_t, const void *) =
3196 atomic_forced_read (__malloc_hook);
3197 if (__builtin_expect (hook != NULL, 0))
3199 sz = bytes;
3200 mem = (*hook)(sz, RETURN_ADDRESS (0));
3201 if (mem == 0)
3202 return 0;
3204 return memset (mem, 0, sz);
3207 sz = bytes;
3209 arena_get (av, sz);
3210 if (av)
3212 /* Check if we hand out the top chunk, in which case there may be no
3213 need to clear. */
3214 #if MORECORE_CLEARS
3215 oldtop = top (av);
3216 oldtopsize = chunksize (top (av));
3217 # if MORECORE_CLEARS < 2
3218 /* Only newly allocated memory is guaranteed to be cleared. */
3219 if (av == &main_arena &&
3220 oldtopsize < mp_.sbrk_base + av->max_system_mem - (char *) oldtop)
3221 oldtopsize = (mp_.sbrk_base + av->max_system_mem - (char *) oldtop);
3222 # endif
3223 if (av != &main_arena)
3225 heap_info *heap = heap_for_ptr (oldtop);
3226 if (oldtopsize < (char *) heap + heap->mprotect_size - (char *) oldtop)
3227 oldtopsize = (char *) heap + heap->mprotect_size - (char *) oldtop;
3229 #endif
3231 else
3233 /* No usable arenas. */
3234 oldtop = 0;
3235 oldtopsize = 0;
3237 mem = _int_malloc (av, sz);
3240 assert (!mem || chunk_is_mmapped (mem2chunk (mem)) ||
3241 av == arena_for_chunk (mem2chunk (mem)));
3243 if (mem == 0 && av != NULL)
3245 LIBC_PROBE (memory_calloc_retry, 1, sz);
3246 av = arena_get_retry (av, sz);
3247 mem = _int_malloc (av, sz);
3250 if (av != NULL)
3251 __libc_lock_unlock (av->mutex);
3253 /* Allocation failed even after a retry. */
3254 if (mem == 0)
3255 return 0;
3257 p = mem2chunk (mem);
3259 /* Two optional cases in which clearing not necessary */
3260 if (chunk_is_mmapped (p))
3262 if (__builtin_expect (perturb_byte, 0))
3263 return memset (mem, 0, sz);
3265 return mem;
3268 csz = chunksize (p);
3270 #if MORECORE_CLEARS
3271 if (perturb_byte == 0 && (p == oldtop && csz > oldtopsize))
3273 /* clear only the bytes from non-freshly-sbrked memory */
3274 csz = oldtopsize;
3276 #endif
3278 /* Unroll clear of <= 36 bytes (72 if 8byte sizes). We know that
3279 contents have an odd number of INTERNAL_SIZE_T-sized words;
3280 minimally 3. */
3281 d = (INTERNAL_SIZE_T *) mem;
3282 clearsize = csz - SIZE_SZ;
3283 nclears = clearsize / sizeof (INTERNAL_SIZE_T);
3284 assert (nclears >= 3);
3286 if (nclears > 9)
3287 return memset (d, 0, clearsize);
3289 else
3291 *(d + 0) = 0;
3292 *(d + 1) = 0;
3293 *(d + 2) = 0;
3294 if (nclears > 4)
3296 *(d + 3) = 0;
3297 *(d + 4) = 0;
3298 if (nclears > 6)
3300 *(d + 5) = 0;
3301 *(d + 6) = 0;
3302 if (nclears > 8)
3304 *(d + 7) = 0;
3305 *(d + 8) = 0;
3311 return mem;
3315 ------------------------------ malloc ------------------------------
3318 static void *
3319 _int_malloc (mstate av, size_t bytes)
3321 INTERNAL_SIZE_T nb; /* normalized request size */
3322 unsigned int idx; /* associated bin index */
3323 mbinptr bin; /* associated bin */
3325 mchunkptr victim; /* inspected/selected chunk */
3326 INTERNAL_SIZE_T size; /* its size */
3327 int victim_index; /* its bin index */
3329 mchunkptr remainder; /* remainder from a split */
3330 unsigned long remainder_size; /* its size */
3332 unsigned int block; /* bit map traverser */
3333 unsigned int bit; /* bit map traverser */
3334 unsigned int map; /* current word of binmap */
3336 mchunkptr fwd; /* misc temp for linking */
3337 mchunkptr bck; /* misc temp for linking */
3339 const char *errstr = NULL;
3342 Convert request size to internal form by adding SIZE_SZ bytes
3343 overhead plus possibly more to obtain necessary alignment and/or
3344 to obtain a size of at least MINSIZE, the smallest allocatable
3345 size. Also, checked_request2size traps (returning 0) request sizes
3346 that are so large that they wrap around zero when padded and
3347 aligned.
3350 checked_request2size (bytes, nb);
3352 /* There are no usable arenas. Fall back to sysmalloc to get a chunk from
3353 mmap. */
3354 if (__glibc_unlikely (av == NULL))
3356 void *p = sysmalloc (nb, av);
3357 if (p != NULL)
3358 alloc_perturb (p, bytes);
3359 return p;
3363 If the size qualifies as a fastbin, first check corresponding bin.
3364 This code is safe to execute even if av is not yet initialized, so we
3365 can try it without checking, which saves some time on this fast path.
3368 if ((unsigned long) (nb) <= (unsigned long) (get_max_fast ()))
3370 idx = fastbin_index (nb);
3371 mfastbinptr *fb = &fastbin (av, idx);
3372 mchunkptr pp = *fb;
3375 victim = pp;
3376 if (victim == NULL)
3377 break;
3379 while ((pp = catomic_compare_and_exchange_val_acq (fb, victim->fd, victim))
3380 != victim);
3381 if (victim != 0)
3383 if (__builtin_expect (fastbin_index (chunksize (victim)) != idx, 0))
3385 errstr = "malloc(): memory corruption (fast)";
3386 errout:
3387 malloc_printerr (check_action, errstr, chunk2mem (victim), av);
3388 return NULL;
3390 check_remalloced_chunk (av, victim, nb);
3391 void *p = chunk2mem (victim);
3392 alloc_perturb (p, bytes);
3393 return p;
3398 If a small request, check regular bin. Since these "smallbins"
3399 hold one size each, no searching within bins is necessary.
3400 (For a large request, we need to wait until unsorted chunks are
3401 processed to find best fit. But for small ones, fits are exact
3402 anyway, so we can check now, which is faster.)
3405 if (in_smallbin_range (nb))
3407 idx = smallbin_index (nb);
3408 bin = bin_at (av, idx);
3410 if ((victim = last (bin)) != bin)
3412 if (victim == 0) /* initialization check */
3413 malloc_consolidate (av);
3414 else
3416 bck = victim->bk;
3417 if (__glibc_unlikely (bck->fd != victim))
3419 errstr = "malloc(): smallbin double linked list corrupted";
3420 goto errout;
3422 set_inuse_bit_at_offset (victim, nb);
3423 bin->bk = bck;
3424 bck->fd = bin;
3426 if (av != &main_arena)
3427 set_non_main_arena (victim);
3428 check_malloced_chunk (av, victim, nb);
3429 void *p = chunk2mem (victim);
3430 alloc_perturb (p, bytes);
3431 return p;
3437 If this is a large request, consolidate fastbins before continuing.
3438 While it might look excessive to kill all fastbins before
3439 even seeing if there is space available, this avoids
3440 fragmentation problems normally associated with fastbins.
3441 Also, in practice, programs tend to have runs of either small or
3442 large requests, but less often mixtures, so consolidation is not
3443 invoked all that often in most programs. And the programs that
3444 it is called frequently in otherwise tend to fragment.
3447 else
3449 idx = largebin_index (nb);
3450 if (have_fastchunks (av))
3451 malloc_consolidate (av);
3455 Process recently freed or remaindered chunks, taking one only if
3456 it is exact fit, or, if this a small request, the chunk is remainder from
3457 the most recent non-exact fit. Place other traversed chunks in
3458 bins. Note that this step is the only place in any routine where
3459 chunks are placed in bins.
3461 The outer loop here is needed because we might not realize until
3462 near the end of malloc that we should have consolidated, so must
3463 do so and retry. This happens at most once, and only when we would
3464 otherwise need to expand memory to service a "small" request.
3467 for (;; )
3469 int iters = 0;
3470 while ((victim = unsorted_chunks (av)->bk) != unsorted_chunks (av))
3472 bck = victim->bk;
3473 if (__builtin_expect (chunksize_nomask (victim) <= 2 * SIZE_SZ, 0)
3474 || __builtin_expect (chunksize_nomask (victim)
3475 > av->system_mem, 0))
3476 malloc_printerr (check_action, "malloc(): memory corruption",
3477 chunk2mem (victim), av);
3478 size = chunksize (victim);
3481 If a small request, try to use last remainder if it is the
3482 only chunk in unsorted bin. This helps promote locality for
3483 runs of consecutive small requests. This is the only
3484 exception to best-fit, and applies only when there is
3485 no exact fit for a small chunk.
3488 if (in_smallbin_range (nb) &&
3489 bck == unsorted_chunks (av) &&
3490 victim == av->last_remainder &&
3491 (unsigned long) (size) > (unsigned long) (nb + MINSIZE))
3493 /* split and reattach remainder */
3494 remainder_size = size - nb;
3495 remainder = chunk_at_offset (victim, nb);
3496 unsorted_chunks (av)->bk = unsorted_chunks (av)->fd = remainder;
3497 av->last_remainder = remainder;
3498 remainder->bk = remainder->fd = unsorted_chunks (av);
3499 if (!in_smallbin_range (remainder_size))
3501 remainder->fd_nextsize = NULL;
3502 remainder->bk_nextsize = NULL;
3505 set_head (victim, nb | PREV_INUSE |
3506 (av != &main_arena ? NON_MAIN_ARENA : 0));
3507 set_head (remainder, remainder_size | PREV_INUSE);
3508 set_foot (remainder, remainder_size);
3510 check_malloced_chunk (av, victim, nb);
3511 void *p = chunk2mem (victim);
3512 alloc_perturb (p, bytes);
3513 return p;
3516 /* remove from unsorted list */
3517 unsorted_chunks (av)->bk = bck;
3518 bck->fd = unsorted_chunks (av);
3520 /* Take now instead of binning if exact fit */
3522 if (size == nb)
3524 set_inuse_bit_at_offset (victim, size);
3525 if (av != &main_arena)
3526 set_non_main_arena (victim);
3527 check_malloced_chunk (av, victim, nb);
3528 void *p = chunk2mem (victim);
3529 alloc_perturb (p, bytes);
3530 return p;
3533 /* place chunk in bin */
3535 if (in_smallbin_range (size))
3537 victim_index = smallbin_index (size);
3538 bck = bin_at (av, victim_index);
3539 fwd = bck->fd;
3541 else
3543 victim_index = largebin_index (size);
3544 bck = bin_at (av, victim_index);
3545 fwd = bck->fd;
3547 /* maintain large bins in sorted order */
3548 if (fwd != bck)
3550 /* Or with inuse bit to speed comparisons */
3551 size |= PREV_INUSE;
3552 /* if smaller than smallest, bypass loop below */
3553 assert (chunk_main_arena (bck->bk));
3554 if ((unsigned long) (size)
3555 < (unsigned long) chunksize_nomask (bck->bk))
3557 fwd = bck;
3558 bck = bck->bk;
3560 victim->fd_nextsize = fwd->fd;
3561 victim->bk_nextsize = fwd->fd->bk_nextsize;
3562 fwd->fd->bk_nextsize = victim->bk_nextsize->fd_nextsize = victim;
3564 else
3566 assert (chunk_main_arena (fwd));
3567 while ((unsigned long) size < chunksize_nomask (fwd))
3569 fwd = fwd->fd_nextsize;
3570 assert (chunk_main_arena (fwd));
3573 if ((unsigned long) size
3574 == (unsigned long) chunksize_nomask (fwd))
3575 /* Always insert in the second position. */
3576 fwd = fwd->fd;
3577 else
3579 victim->fd_nextsize = fwd;
3580 victim->bk_nextsize = fwd->bk_nextsize;
3581 fwd->bk_nextsize = victim;
3582 victim->bk_nextsize->fd_nextsize = victim;
3584 bck = fwd->bk;
3587 else
3588 victim->fd_nextsize = victim->bk_nextsize = victim;
3591 mark_bin (av, victim_index);
3592 victim->bk = bck;
3593 victim->fd = fwd;
3594 fwd->bk = victim;
3595 bck->fd = victim;
3597 #define MAX_ITERS 10000
3598 if (++iters >= MAX_ITERS)
3599 break;
3603 If a large request, scan through the chunks of current bin in
3604 sorted order to find smallest that fits. Use the skip list for this.
3607 if (!in_smallbin_range (nb))
3609 bin = bin_at (av, idx);
3611 /* skip scan if empty or largest chunk is too small */
3612 if ((victim = first (bin)) != bin
3613 && (unsigned long) chunksize_nomask (victim)
3614 >= (unsigned long) (nb))
3616 victim = victim->bk_nextsize;
3617 while (((unsigned long) (size = chunksize (victim)) <
3618 (unsigned long) (nb)))
3619 victim = victim->bk_nextsize;
3621 /* Avoid removing the first entry for a size so that the skip
3622 list does not have to be rerouted. */
3623 if (victim != last (bin)
3624 && chunksize_nomask (victim)
3625 == chunksize_nomask (victim->fd))
3626 victim = victim->fd;
3628 remainder_size = size - nb;
3629 unlink (av, victim, bck, fwd);
3631 /* Exhaust */
3632 if (remainder_size < MINSIZE)
3634 set_inuse_bit_at_offset (victim, size);
3635 if (av != &main_arena)
3636 set_non_main_arena (victim);
3638 /* Split */
3639 else
3641 remainder = chunk_at_offset (victim, nb);
3642 /* We cannot assume the unsorted list is empty and therefore
3643 have to perform a complete insert here. */
3644 bck = unsorted_chunks (av);
3645 fwd = bck->fd;
3646 if (__glibc_unlikely (fwd->bk != bck))
3648 errstr = "malloc(): corrupted unsorted chunks";
3649 goto errout;
3651 remainder->bk = bck;
3652 remainder->fd = fwd;
3653 bck->fd = remainder;
3654 fwd->bk = remainder;
3655 if (!in_smallbin_range (remainder_size))
3657 remainder->fd_nextsize = NULL;
3658 remainder->bk_nextsize = NULL;
3660 set_head (victim, nb | PREV_INUSE |
3661 (av != &main_arena ? NON_MAIN_ARENA : 0));
3662 set_head (remainder, remainder_size | PREV_INUSE);
3663 set_foot (remainder, remainder_size);
3665 check_malloced_chunk (av, victim, nb);
3666 void *p = chunk2mem (victim);
3667 alloc_perturb (p, bytes);
3668 return p;
3673 Search for a chunk by scanning bins, starting with next largest
3674 bin. This search is strictly by best-fit; i.e., the smallest
3675 (with ties going to approximately the least recently used) chunk
3676 that fits is selected.
3678 The bitmap avoids needing to check that most blocks are nonempty.
3679 The particular case of skipping all bins during warm-up phases
3680 when no chunks have been returned yet is faster than it might look.
3683 ++idx;
3684 bin = bin_at (av, idx);
3685 block = idx2block (idx);
3686 map = av->binmap[block];
3687 bit = idx2bit (idx);
3689 for (;; )
3691 /* Skip rest of block if there are no more set bits in this block. */
3692 if (bit > map || bit == 0)
3696 if (++block >= BINMAPSIZE) /* out of bins */
3697 goto use_top;
3699 while ((map = av->binmap[block]) == 0);
3701 bin = bin_at (av, (block << BINMAPSHIFT));
3702 bit = 1;
3705 /* Advance to bin with set bit. There must be one. */
3706 while ((bit & map) == 0)
3708 bin = next_bin (bin);
3709 bit <<= 1;
3710 assert (bit != 0);
3713 /* Inspect the bin. It is likely to be non-empty */
3714 victim = last (bin);
3716 /* If a false alarm (empty bin), clear the bit. */
3717 if (victim == bin)
3719 av->binmap[block] = map &= ~bit; /* Write through */
3720 bin = next_bin (bin);
3721 bit <<= 1;
3724 else
3726 size = chunksize (victim);
3728 /* We know the first chunk in this bin is big enough to use. */
3729 assert ((unsigned long) (size) >= (unsigned long) (nb));
3731 remainder_size = size - nb;
3733 /* unlink */
3734 unlink (av, victim, bck, fwd);
3736 /* Exhaust */
3737 if (remainder_size < MINSIZE)
3739 set_inuse_bit_at_offset (victim, size);
3740 if (av != &main_arena)
3741 set_non_main_arena (victim);
3744 /* Split */
3745 else
3747 remainder = chunk_at_offset (victim, nb);
3749 /* We cannot assume the unsorted list is empty and therefore
3750 have to perform a complete insert here. */
3751 bck = unsorted_chunks (av);
3752 fwd = bck->fd;
3753 if (__glibc_unlikely (fwd->bk != bck))
3755 errstr = "malloc(): corrupted unsorted chunks 2";
3756 goto errout;
3758 remainder->bk = bck;
3759 remainder->fd = fwd;
3760 bck->fd = remainder;
3761 fwd->bk = remainder;
3763 /* advertise as last remainder */
3764 if (in_smallbin_range (nb))
3765 av->last_remainder = remainder;
3766 if (!in_smallbin_range (remainder_size))
3768 remainder->fd_nextsize = NULL;
3769 remainder->bk_nextsize = NULL;
3771 set_head (victim, nb | PREV_INUSE |
3772 (av != &main_arena ? NON_MAIN_ARENA : 0));
3773 set_head (remainder, remainder_size | PREV_INUSE);
3774 set_foot (remainder, remainder_size);
3776 check_malloced_chunk (av, victim, nb);
3777 void *p = chunk2mem (victim);
3778 alloc_perturb (p, bytes);
3779 return p;
3783 use_top:
3785 If large enough, split off the chunk bordering the end of memory
3786 (held in av->top). Note that this is in accord with the best-fit
3787 search rule. In effect, av->top is treated as larger (and thus
3788 less well fitting) than any other available chunk since it can
3789 be extended to be as large as necessary (up to system
3790 limitations).
3792 We require that av->top always exists (i.e., has size >=
3793 MINSIZE) after initialization, so if it would otherwise be
3794 exhausted by current request, it is replenished. (The main
3795 reason for ensuring it exists is that we may need MINSIZE space
3796 to put in fenceposts in sysmalloc.)
3799 victim = av->top;
3800 size = chunksize (victim);
3802 if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
3804 remainder_size = size - nb;
3805 remainder = chunk_at_offset (victim, nb);
3806 av->top = remainder;
3807 set_head (victim, nb | PREV_INUSE |
3808 (av != &main_arena ? NON_MAIN_ARENA : 0));
3809 set_head (remainder, remainder_size | PREV_INUSE);
3811 check_malloced_chunk (av, victim, nb);
3812 void *p = chunk2mem (victim);
3813 alloc_perturb (p, bytes);
3814 return p;
3817 /* When we are using atomic ops to free fast chunks we can get
3818 here for all block sizes. */
3819 else if (have_fastchunks (av))
3821 malloc_consolidate (av);
3822 /* restore original bin index */
3823 if (in_smallbin_range (nb))
3824 idx = smallbin_index (nb);
3825 else
3826 idx = largebin_index (nb);
3830 Otherwise, relay to handle system-dependent cases
3832 else
3834 void *p = sysmalloc (nb, av);
3835 if (p != NULL)
3836 alloc_perturb (p, bytes);
3837 return p;
3843 ------------------------------ free ------------------------------
3846 static void
3847 _int_free (mstate av, mchunkptr p, int have_lock)
3849 INTERNAL_SIZE_T size; /* its size */
3850 mfastbinptr *fb; /* associated fastbin */
3851 mchunkptr nextchunk; /* next contiguous chunk */
3852 INTERNAL_SIZE_T nextsize; /* its size */
3853 int nextinuse; /* true if nextchunk is used */
3854 INTERNAL_SIZE_T prevsize; /* size of previous contiguous chunk */
3855 mchunkptr bck; /* misc temp for linking */
3856 mchunkptr fwd; /* misc temp for linking */
3858 const char *errstr = NULL;
3859 int locked = 0;
3861 size = chunksize (p);
3863 /* Little security check which won't hurt performance: the
3864 allocator never wrapps around at the end of the address space.
3865 Therefore we can exclude some size values which might appear
3866 here by accident or by "design" from some intruder. */
3867 if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
3868 || __builtin_expect (misaligned_chunk (p), 0))
3870 errstr = "free(): invalid pointer";
3871 errout:
3872 if (!have_lock && locked)
3873 __libc_lock_unlock (av->mutex);
3874 malloc_printerr (check_action, errstr, chunk2mem (p), av);
3875 return;
3877 /* We know that each chunk is at least MINSIZE bytes in size or a
3878 multiple of MALLOC_ALIGNMENT. */
3879 if (__glibc_unlikely (size < MINSIZE || !aligned_OK (size)))
3881 errstr = "free(): invalid size";
3882 goto errout;
3885 check_inuse_chunk(av, p);
3888 If eligible, place chunk on a fastbin so it can be found
3889 and used quickly in malloc.
3892 if ((unsigned long)(size) <= (unsigned long)(get_max_fast ())
3894 #if TRIM_FASTBINS
3896 If TRIM_FASTBINS set, don't place chunks
3897 bordering top into fastbins
3899 && (chunk_at_offset(p, size) != av->top)
3900 #endif
3903 if (__builtin_expect (chunksize_nomask (chunk_at_offset (p, size))
3904 <= 2 * SIZE_SZ, 0)
3905 || __builtin_expect (chunksize (chunk_at_offset (p, size))
3906 >= av->system_mem, 0))
3908 /* We might not have a lock at this point and concurrent modifications
3909 of system_mem might have let to a false positive. Redo the test
3910 after getting the lock. */
3911 if (have_lock
3912 || ({ assert (locked == 0);
3913 __libc_lock_lock (av->mutex);
3914 locked = 1;
3915 chunksize_nomask (chunk_at_offset (p, size)) <= 2 * SIZE_SZ
3916 || chunksize (chunk_at_offset (p, size)) >= av->system_mem;
3919 errstr = "free(): invalid next size (fast)";
3920 goto errout;
3922 if (! have_lock)
3924 __libc_lock_unlock (av->mutex);
3925 locked = 0;
3929 free_perturb (chunk2mem(p), size - 2 * SIZE_SZ);
3931 set_fastchunks(av);
3932 unsigned int idx = fastbin_index(size);
3933 fb = &fastbin (av, idx);
3935 /* Atomically link P to its fastbin: P->FD = *FB; *FB = P; */
3936 mchunkptr old = *fb, old2;
3937 unsigned int old_idx = ~0u;
3940 /* Check that the top of the bin is not the record we are going to add
3941 (i.e., double free). */
3942 if (__builtin_expect (old == p, 0))
3944 errstr = "double free or corruption (fasttop)";
3945 goto errout;
3947 /* Check that size of fastbin chunk at the top is the same as
3948 size of the chunk that we are adding. We can dereference OLD
3949 only if we have the lock, otherwise it might have already been
3950 deallocated. See use of OLD_IDX below for the actual check. */
3951 if (have_lock && old != NULL)
3952 old_idx = fastbin_index(chunksize(old));
3953 p->fd = old2 = old;
3955 while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2)) != old2);
3957 if (have_lock && old != NULL && __builtin_expect (old_idx != idx, 0))
3959 errstr = "invalid fastbin entry (free)";
3960 goto errout;
3965 Consolidate other non-mmapped chunks as they arrive.
3968 else if (!chunk_is_mmapped(p)) {
3969 if (! have_lock) {
3970 __libc_lock_lock (av->mutex);
3971 locked = 1;
3974 nextchunk = chunk_at_offset(p, size);
3976 /* Lightweight tests: check whether the block is already the
3977 top block. */
3978 if (__glibc_unlikely (p == av->top))
3980 errstr = "double free or corruption (top)";
3981 goto errout;
3983 /* Or whether the next chunk is beyond the boundaries of the arena. */
3984 if (__builtin_expect (contiguous (av)
3985 && (char *) nextchunk
3986 >= ((char *) av->top + chunksize(av->top)), 0))
3988 errstr = "double free or corruption (out)";
3989 goto errout;
3991 /* Or whether the block is actually not marked used. */
3992 if (__glibc_unlikely (!prev_inuse(nextchunk)))
3994 errstr = "double free or corruption (!prev)";
3995 goto errout;
3998 nextsize = chunksize(nextchunk);
3999 if (__builtin_expect (chunksize_nomask (nextchunk) <= 2 * SIZE_SZ, 0)
4000 || __builtin_expect (nextsize >= av->system_mem, 0))
4002 errstr = "free(): invalid next size (normal)";
4003 goto errout;
4006 free_perturb (chunk2mem(p), size - 2 * SIZE_SZ);
4008 /* consolidate backward */
4009 if (!prev_inuse(p)) {
4010 prevsize = prev_size (p);
4011 size += prevsize;
4012 p = chunk_at_offset(p, -((long) prevsize));
4013 unlink(av, p, bck, fwd);
4016 if (nextchunk != av->top) {
4017 /* get and clear inuse bit */
4018 nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
4020 /* consolidate forward */
4021 if (!nextinuse) {
4022 unlink(av, nextchunk, bck, fwd);
4023 size += nextsize;
4024 } else
4025 clear_inuse_bit_at_offset(nextchunk, 0);
4028 Place the chunk in unsorted chunk list. Chunks are
4029 not placed into regular bins until after they have
4030 been given one chance to be used in malloc.
4033 bck = unsorted_chunks(av);
4034 fwd = bck->fd;
4035 if (__glibc_unlikely (fwd->bk != bck))
4037 errstr = "free(): corrupted unsorted chunks";
4038 goto errout;
4040 p->fd = fwd;
4041 p->bk = bck;
4042 if (!in_smallbin_range(size))
4044 p->fd_nextsize = NULL;
4045 p->bk_nextsize = NULL;
4047 bck->fd = p;
4048 fwd->bk = p;
4050 set_head(p, size | PREV_INUSE);
4051 set_foot(p, size);
4053 check_free_chunk(av, p);
4057 If the chunk borders the current high end of memory,
4058 consolidate into top
4061 else {
4062 size += nextsize;
4063 set_head(p, size | PREV_INUSE);
4064 av->top = p;
4065 check_chunk(av, p);
4069 If freeing a large space, consolidate possibly-surrounding
4070 chunks. Then, if the total unused topmost memory exceeds trim
4071 threshold, ask malloc_trim to reduce top.
4073 Unless max_fast is 0, we don't know if there are fastbins
4074 bordering top, so we cannot tell for sure whether threshold
4075 has been reached unless fastbins are consolidated. But we
4076 don't want to consolidate on each free. As a compromise,
4077 consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD
4078 is reached.
4081 if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) {
4082 if (have_fastchunks(av))
4083 malloc_consolidate(av);
4085 if (av == &main_arena) {
4086 #ifndef MORECORE_CANNOT_TRIM
4087 if ((unsigned long)(chunksize(av->top)) >=
4088 (unsigned long)(mp_.trim_threshold))
4089 systrim(mp_.top_pad, av);
4090 #endif
4091 } else {
4092 /* Always try heap_trim(), even if the top chunk is not
4093 large, because the corresponding heap might go away. */
4094 heap_info *heap = heap_for_ptr(top(av));
4096 assert(heap->ar_ptr == av);
4097 heap_trim(heap, mp_.top_pad);
4101 if (! have_lock) {
4102 assert (locked);
4103 __libc_lock_unlock (av->mutex);
4107 If the chunk was allocated via mmap, release via munmap().
4110 else {
4111 munmap_chunk (p);
4116 ------------------------- malloc_consolidate -------------------------
4118 malloc_consolidate is a specialized version of free() that tears
4119 down chunks held in fastbins. Free itself cannot be used for this
4120 purpose since, among other things, it might place chunks back onto
4121 fastbins. So, instead, we need to use a minor variant of the same
4122 code.
4124 Also, because this routine needs to be called the first time through
4125 malloc anyway, it turns out to be the perfect place to trigger
4126 initialization code.
4129 static void malloc_consolidate(mstate av)
4131 mfastbinptr* fb; /* current fastbin being consolidated */
4132 mfastbinptr* maxfb; /* last fastbin (for loop control) */
4133 mchunkptr p; /* current chunk being consolidated */
4134 mchunkptr nextp; /* next chunk to consolidate */
4135 mchunkptr unsorted_bin; /* bin header */
4136 mchunkptr first_unsorted; /* chunk to link to */
4138 /* These have same use as in free() */
4139 mchunkptr nextchunk;
4140 INTERNAL_SIZE_T size;
4141 INTERNAL_SIZE_T nextsize;
4142 INTERNAL_SIZE_T prevsize;
4143 int nextinuse;
4144 mchunkptr bck;
4145 mchunkptr fwd;
4148 If max_fast is 0, we know that av hasn't
4149 yet been initialized, in which case do so below
4152 if (get_max_fast () != 0) {
4153 clear_fastchunks(av);
4155 unsorted_bin = unsorted_chunks(av);
4158 Remove each chunk from fast bin and consolidate it, placing it
4159 then in unsorted bin. Among other reasons for doing this,
4160 placing in unsorted bin avoids needing to calculate actual bins
4161 until malloc is sure that chunks aren't immediately going to be
4162 reused anyway.
4165 maxfb = &fastbin (av, NFASTBINS - 1);
4166 fb = &fastbin (av, 0);
4167 do {
4168 p = atomic_exchange_acq (fb, NULL);
4169 if (p != 0) {
4170 do {
4171 check_inuse_chunk(av, p);
4172 nextp = p->fd;
4174 /* Slightly streamlined version of consolidation code in free() */
4175 size = chunksize (p);
4176 nextchunk = chunk_at_offset(p, size);
4177 nextsize = chunksize(nextchunk);
4179 if (!prev_inuse(p)) {
4180 prevsize = prev_size (p);
4181 size += prevsize;
4182 p = chunk_at_offset(p, -((long) prevsize));
4183 unlink(av, p, bck, fwd);
4186 if (nextchunk != av->top) {
4187 nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
4189 if (!nextinuse) {
4190 size += nextsize;
4191 unlink(av, nextchunk, bck, fwd);
4192 } else
4193 clear_inuse_bit_at_offset(nextchunk, 0);
4195 first_unsorted = unsorted_bin->fd;
4196 unsorted_bin->fd = p;
4197 first_unsorted->bk = p;
4199 if (!in_smallbin_range (size)) {
4200 p->fd_nextsize = NULL;
4201 p->bk_nextsize = NULL;
4204 set_head(p, size | PREV_INUSE);
4205 p->bk = unsorted_bin;
4206 p->fd = first_unsorted;
4207 set_foot(p, size);
4210 else {
4211 size += nextsize;
4212 set_head(p, size | PREV_INUSE);
4213 av->top = p;
4216 } while ( (p = nextp) != 0);
4219 } while (fb++ != maxfb);
4221 else {
4222 malloc_init_state(av);
4223 check_malloc_state(av);
4228 ------------------------------ realloc ------------------------------
4231 void*
4232 _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
4233 INTERNAL_SIZE_T nb)
4235 mchunkptr newp; /* chunk to return */
4236 INTERNAL_SIZE_T newsize; /* its size */
4237 void* newmem; /* corresponding user mem */
4239 mchunkptr next; /* next contiguous chunk after oldp */
4241 mchunkptr remainder; /* extra space at end of newp */
4242 unsigned long remainder_size; /* its size */
4244 mchunkptr bck; /* misc temp for linking */
4245 mchunkptr fwd; /* misc temp for linking */
4247 unsigned long copysize; /* bytes to copy */
4248 unsigned int ncopies; /* INTERNAL_SIZE_T words to copy */
4249 INTERNAL_SIZE_T* s; /* copy source */
4250 INTERNAL_SIZE_T* d; /* copy destination */
4252 const char *errstr = NULL;
4254 /* oldmem size */
4255 if (__builtin_expect (chunksize_nomask (oldp) <= 2 * SIZE_SZ, 0)
4256 || __builtin_expect (oldsize >= av->system_mem, 0))
4258 errstr = "realloc(): invalid old size";
4259 errout:
4260 malloc_printerr (check_action, errstr, chunk2mem (oldp), av);
4261 return NULL;
4264 check_inuse_chunk (av, oldp);
4266 /* All callers already filter out mmap'ed chunks. */
4267 assert (!chunk_is_mmapped (oldp));
4269 next = chunk_at_offset (oldp, oldsize);
4270 INTERNAL_SIZE_T nextsize = chunksize (next);
4271 if (__builtin_expect (chunksize_nomask (next) <= 2 * SIZE_SZ, 0)
4272 || __builtin_expect (nextsize >= av->system_mem, 0))
4274 errstr = "realloc(): invalid next size";
4275 goto errout;
4278 if ((unsigned long) (oldsize) >= (unsigned long) (nb))
4280 /* already big enough; split below */
4281 newp = oldp;
4282 newsize = oldsize;
4285 else
4287 /* Try to expand forward into top */
4288 if (next == av->top &&
4289 (unsigned long) (newsize = oldsize + nextsize) >=
4290 (unsigned long) (nb + MINSIZE))
4292 set_head_size (oldp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0));
4293 av->top = chunk_at_offset (oldp, nb);
4294 set_head (av->top, (newsize - nb) | PREV_INUSE);
4295 check_inuse_chunk (av, oldp);
4296 return chunk2mem (oldp);
4299 /* Try to expand forward into next chunk; split off remainder below */
4300 else if (next != av->top &&
4301 !inuse (next) &&
4302 (unsigned long) (newsize = oldsize + nextsize) >=
4303 (unsigned long) (nb))
4305 newp = oldp;
4306 unlink (av, next, bck, fwd);
4309 /* allocate, copy, free */
4310 else
4312 newmem = _int_malloc (av, nb - MALLOC_ALIGN_MASK);
4313 if (newmem == 0)
4314 return 0; /* propagate failure */
4316 newp = mem2chunk (newmem);
4317 newsize = chunksize (newp);
4320 Avoid copy if newp is next chunk after oldp.
4322 if (newp == next)
4324 newsize += oldsize;
4325 newp = oldp;
4327 else
4330 Unroll copy of <= 36 bytes (72 if 8byte sizes)
4331 We know that contents have an odd number of
4332 INTERNAL_SIZE_T-sized words; minimally 3.
4335 copysize = oldsize - SIZE_SZ;
4336 s = (INTERNAL_SIZE_T *) (chunk2mem (oldp));
4337 d = (INTERNAL_SIZE_T *) (newmem);
4338 ncopies = copysize / sizeof (INTERNAL_SIZE_T);
4339 assert (ncopies >= 3);
4341 if (ncopies > 9)
4342 memcpy (d, s, copysize);
4344 else
4346 *(d + 0) = *(s + 0);
4347 *(d + 1) = *(s + 1);
4348 *(d + 2) = *(s + 2);
4349 if (ncopies > 4)
4351 *(d + 3) = *(s + 3);
4352 *(d + 4) = *(s + 4);
4353 if (ncopies > 6)
4355 *(d + 5) = *(s + 5);
4356 *(d + 6) = *(s + 6);
4357 if (ncopies > 8)
4359 *(d + 7) = *(s + 7);
4360 *(d + 8) = *(s + 8);
4366 _int_free (av, oldp, 1);
4367 check_inuse_chunk (av, newp);
4368 return chunk2mem (newp);
4373 /* If possible, free extra space in old or extended chunk */
4375 assert ((unsigned long) (newsize) >= (unsigned long) (nb));
4377 remainder_size = newsize - nb;
4379 if (remainder_size < MINSIZE) /* not enough extra to split off */
4381 set_head_size (newp, newsize | (av != &main_arena ? NON_MAIN_ARENA : 0));
4382 set_inuse_bit_at_offset (newp, newsize);
4384 else /* split remainder */
4386 remainder = chunk_at_offset (newp, nb);
4387 set_head_size (newp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0));
4388 set_head (remainder, remainder_size | PREV_INUSE |
4389 (av != &main_arena ? NON_MAIN_ARENA : 0));
4390 /* Mark remainder as inuse so free() won't complain */
4391 set_inuse_bit_at_offset (remainder, remainder_size);
4392 _int_free (av, remainder, 1);
4395 check_inuse_chunk (av, newp);
4396 return chunk2mem (newp);
4400 ------------------------------ memalign ------------------------------
4403 static void *
4404 _int_memalign (mstate av, size_t alignment, size_t bytes)
4406 INTERNAL_SIZE_T nb; /* padded request size */
4407 char *m; /* memory returned by malloc call */
4408 mchunkptr p; /* corresponding chunk */
4409 char *brk; /* alignment point within p */
4410 mchunkptr newp; /* chunk to return */
4411 INTERNAL_SIZE_T newsize; /* its size */
4412 INTERNAL_SIZE_T leadsize; /* leading space before alignment point */
4413 mchunkptr remainder; /* spare room at end to split off */
4414 unsigned long remainder_size; /* its size */
4415 INTERNAL_SIZE_T size;
4419 checked_request2size (bytes, nb);
4422 Strategy: find a spot within that chunk that meets the alignment
4423 request, and then possibly free the leading and trailing space.
4427 /* Call malloc with worst case padding to hit alignment. */
4429 m = (char *) (_int_malloc (av, nb + alignment + MINSIZE));
4431 if (m == 0)
4432 return 0; /* propagate failure */
4434 p = mem2chunk (m);
4436 if ((((unsigned long) (m)) % alignment) != 0) /* misaligned */
4438 { /*
4439 Find an aligned spot inside chunk. Since we need to give back
4440 leading space in a chunk of at least MINSIZE, if the first
4441 calculation places us at a spot with less than MINSIZE leader,
4442 we can move to the next aligned spot -- we've allocated enough
4443 total room so that this is always possible.
4445 brk = (char *) mem2chunk (((unsigned long) (m + alignment - 1)) &
4446 - ((signed long) alignment));
4447 if ((unsigned long) (brk - (char *) (p)) < MINSIZE)
4448 brk += alignment;
4450 newp = (mchunkptr) brk;
4451 leadsize = brk - (char *) (p);
4452 newsize = chunksize (p) - leadsize;
4454 /* For mmapped chunks, just adjust offset */
4455 if (chunk_is_mmapped (p))
4457 set_prev_size (newp, prev_size (p) + leadsize);
4458 set_head (newp, newsize | IS_MMAPPED);
4459 return chunk2mem (newp);
4462 /* Otherwise, give back leader, use the rest */
4463 set_head (newp, newsize | PREV_INUSE |
4464 (av != &main_arena ? NON_MAIN_ARENA : 0));
4465 set_inuse_bit_at_offset (newp, newsize);
4466 set_head_size (p, leadsize | (av != &main_arena ? NON_MAIN_ARENA : 0));
4467 _int_free (av, p, 1);
4468 p = newp;
4470 assert (newsize >= nb &&
4471 (((unsigned long) (chunk2mem (p))) % alignment) == 0);
4474 /* Also give back spare room at the end */
4475 if (!chunk_is_mmapped (p))
4477 size = chunksize (p);
4478 if ((unsigned long) (size) > (unsigned long) (nb + MINSIZE))
4480 remainder_size = size - nb;
4481 remainder = chunk_at_offset (p, nb);
4482 set_head (remainder, remainder_size | PREV_INUSE |
4483 (av != &main_arena ? NON_MAIN_ARENA : 0));
4484 set_head_size (p, nb);
4485 _int_free (av, remainder, 1);
4489 check_inuse_chunk (av, p);
4490 return chunk2mem (p);
4495 ------------------------------ malloc_trim ------------------------------
4498 static int
4499 mtrim (mstate av, size_t pad)
4501 /* Don't touch corrupt arenas. */
4502 if (arena_is_corrupt (av))
4503 return 0;
4505 /* Ensure initialization/consolidation */
4506 malloc_consolidate (av);
4508 const size_t ps = GLRO (dl_pagesize);
4509 int psindex = bin_index (ps);
4510 const size_t psm1 = ps - 1;
4512 int result = 0;
4513 for (int i = 1; i < NBINS; ++i)
4514 if (i == 1 || i >= psindex)
4516 mbinptr bin = bin_at (av, i);
4518 for (mchunkptr p = last (bin); p != bin; p = p->bk)
4520 INTERNAL_SIZE_T size = chunksize (p);
4522 if (size > psm1 + sizeof (struct malloc_chunk))
4524 /* See whether the chunk contains at least one unused page. */
4525 char *paligned_mem = (char *) (((uintptr_t) p
4526 + sizeof (struct malloc_chunk)
4527 + psm1) & ~psm1);
4529 assert ((char *) chunk2mem (p) + 4 * SIZE_SZ <= paligned_mem);
4530 assert ((char *) p + size > paligned_mem);
4532 /* This is the size we could potentially free. */
4533 size -= paligned_mem - (char *) p;
4535 if (size > psm1)
4537 #if MALLOC_DEBUG
4538 /* When debugging we simulate destroying the memory
4539 content. */
4540 memset (paligned_mem, 0x89, size & ~psm1);
4541 #endif
4542 __madvise (paligned_mem, size & ~psm1, MADV_DONTNEED);
4544 result = 1;
4550 #ifndef MORECORE_CANNOT_TRIM
4551 return result | (av == &main_arena ? systrim (pad, av) : 0);
4553 #else
4554 return result;
4555 #endif
4560 __malloc_trim (size_t s)
4562 int result = 0;
4564 if (__malloc_initialized < 0)
4565 ptmalloc_init ();
4567 mstate ar_ptr = &main_arena;
4570 __libc_lock_lock (ar_ptr->mutex);
4571 result |= mtrim (ar_ptr, s);
4572 __libc_lock_unlock (ar_ptr->mutex);
4574 ar_ptr = ar_ptr->next;
4576 while (ar_ptr != &main_arena);
4578 return result;
4583 ------------------------- malloc_usable_size -------------------------
4586 static size_t
4587 musable (void *mem)
4589 mchunkptr p;
4590 if (mem != 0)
4592 p = mem2chunk (mem);
4594 if (__builtin_expect (using_malloc_checking == 1, 0))
4595 return malloc_check_get_size (p);
4597 if (chunk_is_mmapped (p))
4599 if (DUMPED_MAIN_ARENA_CHUNK (p))
4600 return chunksize (p) - SIZE_SZ;
4601 else
4602 return chunksize (p) - 2 * SIZE_SZ;
4604 else if (inuse (p))
4605 return chunksize (p) - SIZE_SZ;
4607 return 0;
4611 size_t
4612 __malloc_usable_size (void *m)
4614 size_t result;
4616 result = musable (m);
4617 return result;
4621 ------------------------------ mallinfo ------------------------------
4622 Accumulate malloc statistics for arena AV into M.
4625 static void
4626 int_mallinfo (mstate av, struct mallinfo *m)
4628 size_t i;
4629 mbinptr b;
4630 mchunkptr p;
4631 INTERNAL_SIZE_T avail;
4632 INTERNAL_SIZE_T fastavail;
4633 int nblocks;
4634 int nfastblocks;
4636 /* Ensure initialization */
4637 if (av->top == 0)
4638 malloc_consolidate (av);
4640 check_malloc_state (av);
4642 /* Account for top */
4643 avail = chunksize (av->top);
4644 nblocks = 1; /* top always exists */
4646 /* traverse fastbins */
4647 nfastblocks = 0;
4648 fastavail = 0;
4650 for (i = 0; i < NFASTBINS; ++i)
4652 for (p = fastbin (av, i); p != 0; p = p->fd)
4654 ++nfastblocks;
4655 fastavail += chunksize (p);
4659 avail += fastavail;
4661 /* traverse regular bins */
4662 for (i = 1; i < NBINS; ++i)
4664 b = bin_at (av, i);
4665 for (p = last (b); p != b; p = p->bk)
4667 ++nblocks;
4668 avail += chunksize (p);
4672 m->smblks += nfastblocks;
4673 m->ordblks += nblocks;
4674 m->fordblks += avail;
4675 m->uordblks += av->system_mem - avail;
4676 m->arena += av->system_mem;
4677 m->fsmblks += fastavail;
4678 if (av == &main_arena)
4680 m->hblks = mp_.n_mmaps;
4681 m->hblkhd = mp_.mmapped_mem;
4682 m->usmblks = 0;
4683 m->keepcost = chunksize (av->top);
4688 struct mallinfo
4689 __libc_mallinfo (void)
4691 struct mallinfo m;
4692 mstate ar_ptr;
4694 if (__malloc_initialized < 0)
4695 ptmalloc_init ();
4697 memset (&m, 0, sizeof (m));
4698 ar_ptr = &main_arena;
4701 __libc_lock_lock (ar_ptr->mutex);
4702 int_mallinfo (ar_ptr, &m);
4703 __libc_lock_unlock (ar_ptr->mutex);
4705 ar_ptr = ar_ptr->next;
4707 while (ar_ptr != &main_arena);
4709 return m;
4713 ------------------------------ malloc_stats ------------------------------
4716 void
4717 __malloc_stats (void)
4719 int i;
4720 mstate ar_ptr;
4721 unsigned int in_use_b = mp_.mmapped_mem, system_b = in_use_b;
4723 if (__malloc_initialized < 0)
4724 ptmalloc_init ();
4725 _IO_flockfile (stderr);
4726 int old_flags2 = ((_IO_FILE *) stderr)->_flags2;
4727 ((_IO_FILE *) stderr)->_flags2 |= _IO_FLAGS2_NOTCANCEL;
4728 for (i = 0, ar_ptr = &main_arena;; i++)
4730 struct mallinfo mi;
4732 memset (&mi, 0, sizeof (mi));
4733 __libc_lock_lock (ar_ptr->mutex);
4734 int_mallinfo (ar_ptr, &mi);
4735 fprintf (stderr, "Arena %d:\n", i);
4736 fprintf (stderr, "system bytes = %10u\n", (unsigned int) mi.arena);
4737 fprintf (stderr, "in use bytes = %10u\n", (unsigned int) mi.uordblks);
4738 #if MALLOC_DEBUG > 1
4739 if (i > 0)
4740 dump_heap (heap_for_ptr (top (ar_ptr)));
4741 #endif
4742 system_b += mi.arena;
4743 in_use_b += mi.uordblks;
4744 __libc_lock_unlock (ar_ptr->mutex);
4745 ar_ptr = ar_ptr->next;
4746 if (ar_ptr == &main_arena)
4747 break;
4749 fprintf (stderr, "Total (incl. mmap):\n");
4750 fprintf (stderr, "system bytes = %10u\n", system_b);
4751 fprintf (stderr, "in use bytes = %10u\n", in_use_b);
4752 fprintf (stderr, "max mmap regions = %10u\n", (unsigned int) mp_.max_n_mmaps);
4753 fprintf (stderr, "max mmap bytes = %10lu\n",
4754 (unsigned long) mp_.max_mmapped_mem);
4755 ((_IO_FILE *) stderr)->_flags2 |= old_flags2;
4756 _IO_funlockfile (stderr);
4761 ------------------------------ mallopt ------------------------------
4763 static inline int
4764 __always_inline
4765 do_set_trim_threshold (size_t value)
4767 LIBC_PROBE (memory_mallopt_trim_threshold, 3, value, mp_.trim_threshold,
4768 mp_.no_dyn_threshold);
4769 mp_.trim_threshold = value;
4770 mp_.no_dyn_threshold = 1;
4771 return 1;
4774 static inline int
4775 __always_inline
4776 do_set_top_pad (size_t value)
4778 LIBC_PROBE (memory_mallopt_top_pad, 3, value, mp_.top_pad,
4779 mp_.no_dyn_threshold);
4780 mp_.top_pad = value;
4781 mp_.no_dyn_threshold = 1;
4782 return 1;
4785 static inline int
4786 __always_inline
4787 do_set_mmap_threshold (size_t value)
4789 /* Forbid setting the threshold too high. */
4790 if (value <= HEAP_MAX_SIZE / 2)
4792 LIBC_PROBE (memory_mallopt_mmap_threshold, 3, value, mp_.mmap_threshold,
4793 mp_.no_dyn_threshold);
4794 mp_.mmap_threshold = value;
4795 mp_.no_dyn_threshold = 1;
4796 return 1;
4798 return 0;
4801 static inline int
4802 __always_inline
4803 do_set_mmaps_max (int32_t value)
4805 LIBC_PROBE (memory_mallopt_mmap_max, 3, value, mp_.n_mmaps_max,
4806 mp_.no_dyn_threshold);
4807 mp_.n_mmaps_max = value;
4808 mp_.no_dyn_threshold = 1;
4809 return 1;
4812 static inline int
4813 __always_inline
4814 do_set_mallopt_check (int32_t value)
4816 LIBC_PROBE (memory_mallopt_check_action, 2, value, check_action);
4817 check_action = value;
4818 return 1;
4821 static inline int
4822 __always_inline
4823 do_set_perturb_byte (int32_t value)
4825 LIBC_PROBE (memory_mallopt_perturb, 2, value, perturb_byte);
4826 perturb_byte = value;
4827 return 1;
4830 static inline int
4831 __always_inline
4832 do_set_arena_test (size_t value)
4834 LIBC_PROBE (memory_mallopt_arena_test, 2, value, mp_.arena_test);
4835 mp_.arena_test = value;
4836 return 1;
4839 static inline int
4840 __always_inline
4841 do_set_arena_max (size_t value)
4843 LIBC_PROBE (memory_mallopt_arena_max, 2, value, mp_.arena_max);
4844 mp_.arena_max = value;
4845 return 1;
4850 __libc_mallopt (int param_number, int value)
4852 mstate av = &main_arena;
4853 int res = 1;
4855 if (__malloc_initialized < 0)
4856 ptmalloc_init ();
4857 __libc_lock_lock (av->mutex);
4858 /* Ensure initialization/consolidation */
4859 malloc_consolidate (av);
4861 LIBC_PROBE (memory_mallopt, 2, param_number, value);
4863 switch (param_number)
4865 case M_MXFAST:
4866 if (value >= 0 && value <= MAX_FAST_SIZE)
4868 LIBC_PROBE (memory_mallopt_mxfast, 2, value, get_max_fast ());
4869 set_max_fast (value);
4871 else
4872 res = 0;
4873 break;
4875 case M_TRIM_THRESHOLD:
4876 do_set_trim_threshold (value);
4877 break;
4879 case M_TOP_PAD:
4880 do_set_top_pad (value);
4881 break;
4883 case M_MMAP_THRESHOLD:
4884 res = do_set_mmap_threshold (value);
4885 break;
4887 case M_MMAP_MAX:
4888 do_set_mmaps_max (value);
4889 break;
4891 case M_CHECK_ACTION:
4892 do_set_mallopt_check (value);
4893 break;
4895 case M_PERTURB:
4896 do_set_perturb_byte (value);
4897 break;
4899 case M_ARENA_TEST:
4900 if (value > 0)
4901 do_set_arena_test (value);
4902 break;
4904 case M_ARENA_MAX:
4905 if (value > 0)
4906 do_set_arena_max (value);
4907 break;
4909 __libc_lock_unlock (av->mutex);
4910 return res;
4912 libc_hidden_def (__libc_mallopt)
4916 -------------------- Alternative MORECORE functions --------------------
4921 General Requirements for MORECORE.
4923 The MORECORE function must have the following properties:
4925 If MORECORE_CONTIGUOUS is false:
4927 * MORECORE must allocate in multiples of pagesize. It will
4928 only be called with arguments that are multiples of pagesize.
4930 * MORECORE(0) must return an address that is at least
4931 MALLOC_ALIGNMENT aligned. (Page-aligning always suffices.)
4933 else (i.e. If MORECORE_CONTIGUOUS is true):
4935 * Consecutive calls to MORECORE with positive arguments
4936 return increasing addresses, indicating that space has been
4937 contiguously extended.
4939 * MORECORE need not allocate in multiples of pagesize.
4940 Calls to MORECORE need not have args of multiples of pagesize.
4942 * MORECORE need not page-align.
4944 In either case:
4946 * MORECORE may allocate more memory than requested. (Or even less,
4947 but this will generally result in a malloc failure.)
4949 * MORECORE must not allocate memory when given argument zero, but
4950 instead return one past the end address of memory from previous
4951 nonzero call. This malloc does NOT call MORECORE(0)
4952 until at least one call with positive arguments is made, so
4953 the initial value returned is not important.
4955 * Even though consecutive calls to MORECORE need not return contiguous
4956 addresses, it must be OK for malloc'ed chunks to span multiple
4957 regions in those cases where they do happen to be contiguous.
4959 * MORECORE need not handle negative arguments -- it may instead
4960 just return MORECORE_FAILURE when given negative arguments.
4961 Negative arguments are always multiples of pagesize. MORECORE
4962 must not misinterpret negative args as large positive unsigned
4963 args. You can suppress all such calls from even occurring by defining
4964 MORECORE_CANNOT_TRIM,
4966 There is some variation across systems about the type of the
4967 argument to sbrk/MORECORE. If size_t is unsigned, then it cannot
4968 actually be size_t, because sbrk supports negative args, so it is
4969 normally the signed type of the same width as size_t (sometimes
4970 declared as "intptr_t", and sometimes "ptrdiff_t"). It doesn't much
4971 matter though. Internally, we use "long" as arguments, which should
4972 work across all reasonable possibilities.
4974 Additionally, if MORECORE ever returns failure for a positive
4975 request, then mmap is used as a noncontiguous system allocator. This
4976 is a useful backup strategy for systems with holes in address spaces
4977 -- in this case sbrk cannot contiguously expand the heap, but mmap
4978 may be able to map noncontiguous space.
4980 If you'd like mmap to ALWAYS be used, you can define MORECORE to be
4981 a function that always returns MORECORE_FAILURE.
4983 If you are using this malloc with something other than sbrk (or its
4984 emulation) to supply memory regions, you probably want to set
4985 MORECORE_CONTIGUOUS as false. As an example, here is a custom
4986 allocator kindly contributed for pre-OSX macOS. It uses virtually
4987 but not necessarily physically contiguous non-paged memory (locked
4988 in, present and won't get swapped out). You can use it by
4989 uncommenting this section, adding some #includes, and setting up the
4990 appropriate defines above:
4992 *#define MORECORE osMoreCore
4993 *#define MORECORE_CONTIGUOUS 0
4995 There is also a shutdown routine that should somehow be called for
4996 cleanup upon program exit.
4998 *#define MAX_POOL_ENTRIES 100
4999 *#define MINIMUM_MORECORE_SIZE (64 * 1024)
5000 static int next_os_pool;
5001 void *our_os_pools[MAX_POOL_ENTRIES];
5003 void *osMoreCore(int size)
5005 void *ptr = 0;
5006 static void *sbrk_top = 0;
5008 if (size > 0)
5010 if (size < MINIMUM_MORECORE_SIZE)
5011 size = MINIMUM_MORECORE_SIZE;
5012 if (CurrentExecutionLevel() == kTaskLevel)
5013 ptr = PoolAllocateResident(size + RM_PAGE_SIZE, 0);
5014 if (ptr == 0)
5016 return (void *) MORECORE_FAILURE;
5018 // save ptrs so they can be freed during cleanup
5019 our_os_pools[next_os_pool] = ptr;
5020 next_os_pool++;
5021 ptr = (void *) ((((unsigned long) ptr) + RM_PAGE_MASK) & ~RM_PAGE_MASK);
5022 sbrk_top = (char *) ptr + size;
5023 return ptr;
5025 else if (size < 0)
5027 // we don't currently support shrink behavior
5028 return (void *) MORECORE_FAILURE;
5030 else
5032 return sbrk_top;
5036 // cleanup any allocated memory pools
5037 // called as last thing before shutting down driver
5039 void osCleanupMem(void)
5041 void **ptr;
5043 for (ptr = our_os_pools; ptr < &our_os_pools[MAX_POOL_ENTRIES]; ptr++)
5044 if (*ptr)
5046 PoolDeallocate(*ptr);
5047 * ptr = 0;
5054 /* Helper code. */
5056 extern char **__libc_argv attribute_hidden;
5058 static void
5059 malloc_printerr (int action, const char *str, void *ptr, mstate ar_ptr)
5061 /* Avoid using this arena in future. We do not attempt to synchronize this
5062 with anything else because we minimally want to ensure that __libc_message
5063 gets its resources safely without stumbling on the current corruption. */
5064 if (ar_ptr)
5065 set_arena_corrupt (ar_ptr);
5067 if ((action & 5) == 5)
5068 __libc_message (action & 2, "%s\n", str);
5069 else if (action & 1)
5071 char buf[2 * sizeof (uintptr_t) + 1];
5073 buf[sizeof (buf) - 1] = '\0';
5074 char *cp = _itoa_word ((uintptr_t) ptr, &buf[sizeof (buf) - 1], 16, 0);
5075 while (cp > buf)
5076 *--cp = '0';
5078 __libc_message (action & 2, "*** Error in `%s': %s: 0x%s ***\n",
5079 __libc_argv[0] ? : "<unknown>", str, cp);
5081 else if (action & 2)
5082 abort ();
5085 /* We need a wrapper function for one of the additions of POSIX. */
5087 __posix_memalign (void **memptr, size_t alignment, size_t size)
5089 void *mem;
5091 /* Test whether the SIZE argument is valid. It must be a power of
5092 two multiple of sizeof (void *). */
5093 if (alignment % sizeof (void *) != 0
5094 || !powerof2 (alignment / sizeof (void *))
5095 || alignment == 0)
5096 return EINVAL;
5099 void *address = RETURN_ADDRESS (0);
5100 mem = _mid_memalign (alignment, size, address);
5102 if (mem != NULL)
5104 *memptr = mem;
5105 return 0;
5108 return ENOMEM;
5110 weak_alias (__posix_memalign, posix_memalign)
5114 __malloc_info (int options, FILE *fp)
5116 /* For now, at least. */
5117 if (options != 0)
5118 return EINVAL;
5120 int n = 0;
5121 size_t total_nblocks = 0;
5122 size_t total_nfastblocks = 0;
5123 size_t total_avail = 0;
5124 size_t total_fastavail = 0;
5125 size_t total_system = 0;
5126 size_t total_max_system = 0;
5127 size_t total_aspace = 0;
5128 size_t total_aspace_mprotect = 0;
5132 if (__malloc_initialized < 0)
5133 ptmalloc_init ();
5135 fputs ("<malloc version=\"1\">\n", fp);
5137 /* Iterate over all arenas currently in use. */
5138 mstate ar_ptr = &main_arena;
5141 fprintf (fp, "<heap nr=\"%d\">\n<sizes>\n", n++);
5143 size_t nblocks = 0;
5144 size_t nfastblocks = 0;
5145 size_t avail = 0;
5146 size_t fastavail = 0;
5147 struct
5149 size_t from;
5150 size_t to;
5151 size_t total;
5152 size_t count;
5153 } sizes[NFASTBINS + NBINS - 1];
5154 #define nsizes (sizeof (sizes) / sizeof (sizes[0]))
5156 __libc_lock_lock (ar_ptr->mutex);
5158 for (size_t i = 0; i < NFASTBINS; ++i)
5160 mchunkptr p = fastbin (ar_ptr, i);
5161 if (p != NULL)
5163 size_t nthissize = 0;
5164 size_t thissize = chunksize (p);
5166 while (p != NULL)
5168 ++nthissize;
5169 p = p->fd;
5172 fastavail += nthissize * thissize;
5173 nfastblocks += nthissize;
5174 sizes[i].from = thissize - (MALLOC_ALIGNMENT -