posix: Do not use WNOHANG in waitpid call for Linux posix_spawn
[glibc.git] / malloc / malloc.c
blob32b6e968fcf4daf63b63a41515be12170e9fbf05
1 /* Malloc implementation for multiple threads without lock contention.
2 Copyright (C) 1996-2017 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Wolfram Gloger <wg@malloc.de>
5 and Doug Lea <dl@cs.oswego.edu>, 2001.
7 The GNU C Library is free software; you can redistribute it and/or
8 modify it under the terms of the GNU Lesser General Public License as
9 published by the Free Software Foundation; either version 2.1 of the
10 License, or (at your option) any later version.
12 The GNU C Library is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public
18 License along with the GNU C Library; see the file COPYING.LIB. If
19 not, see <http://www.gnu.org/licenses/>. */
22 This is a version (aka ptmalloc2) of malloc/free/realloc written by
23 Doug Lea and adapted to multiple threads/arenas by Wolfram Gloger.
25 There have been substantial changes made after the integration into
26 glibc in all parts of the code. Do not look for much commonality
27 with the ptmalloc2 version.
29 * Version ptmalloc2-20011215
30 based on:
31 VERSION 2.7.0 Sun Mar 11 14:14:06 2001 Doug Lea (dl at gee)
33 * Quickstart
35 In order to compile this implementation, a Makefile is provided with
36 the ptmalloc2 distribution, which has pre-defined targets for some
37 popular systems (e.g. "make posix" for Posix threads). All that is
38 typically required with regard to compiler flags is the selection of
39 the thread package via defining one out of USE_PTHREADS, USE_THR or
40 USE_SPROC. Check the thread-m.h file for what effects this has.
41 Many/most systems will additionally require USE_TSD_DATA_HACK to be
42 defined, so this is the default for "make posix".
44 * Why use this malloc?
46 This is not the fastest, most space-conserving, most portable, or
47 most tunable malloc ever written. However it is among the fastest
48 while also being among the most space-conserving, portable and tunable.
49 Consistent balance across these factors results in a good general-purpose
50 allocator for malloc-intensive programs.
52 The main properties of the algorithms are:
53 * For large (>= 512 bytes) requests, it is a pure best-fit allocator,
54 with ties normally decided via FIFO (i.e. least recently used).
55 * For small (<= 64 bytes by default) requests, it is a caching
56 allocator, that maintains pools of quickly recycled chunks.
57 * In between, and for combinations of large and small requests, it does
58 the best it can trying to meet both goals at once.
59 * For very large requests (>= 128KB by default), it relies on system
60 memory mapping facilities, if supported.
62 For a longer but slightly out of date high-level description, see
63 http://gee.cs.oswego.edu/dl/html/malloc.html
65 You may already by default be using a C library containing a malloc
66 that is based on some version of this malloc (for example in
67 linux). You might still want to use the one in this file in order to
68 customize settings or to avoid overheads associated with library
69 versions.
71 * Contents, described in more detail in "description of public routines" below.
73 Standard (ANSI/SVID/...) functions:
74 malloc(size_t n);
75 calloc(size_t n_elements, size_t element_size);
76 free(void* p);
77 realloc(void* p, size_t n);
78 memalign(size_t alignment, size_t n);
79 valloc(size_t n);
80 mallinfo()
81 mallopt(int parameter_number, int parameter_value)
83 Additional functions:
84 independent_calloc(size_t n_elements, size_t size, void* chunks[]);
85 independent_comalloc(size_t n_elements, size_t sizes[], void* chunks[]);
86 pvalloc(size_t n);
87 malloc_trim(size_t pad);
88 malloc_usable_size(void* p);
89 malloc_stats();
91 * Vital statistics:
93 Supported pointer representation: 4 or 8 bytes
94 Supported size_t representation: 4 or 8 bytes
95 Note that size_t is allowed to be 4 bytes even if pointers are 8.
96 You can adjust this by defining INTERNAL_SIZE_T
98 Alignment: 2 * sizeof(size_t) (default)
99 (i.e., 8 byte alignment with 4byte size_t). This suffices for
100 nearly all current machines and C compilers. However, you can
101 define MALLOC_ALIGNMENT to be wider than this if necessary.
103 Minimum overhead per allocated chunk: 4 or 8 bytes
104 Each malloced chunk has a hidden word of overhead holding size
105 and status information.
107 Minimum allocated size: 4-byte ptrs: 16 bytes (including 4 overhead)
108 8-byte ptrs: 24/32 bytes (including, 4/8 overhead)
110 When a chunk is freed, 12 (for 4byte ptrs) or 20 (for 8 byte
111 ptrs but 4 byte size) or 24 (for 8/8) additional bytes are
112 needed; 4 (8) for a trailing size field and 8 (16) bytes for
113 free list pointers. Thus, the minimum allocatable size is
114 16/24/32 bytes.
116 Even a request for zero bytes (i.e., malloc(0)) returns a
117 pointer to something of the minimum allocatable size.
119 The maximum overhead wastage (i.e., number of extra bytes
120 allocated than were requested in malloc) is less than or equal
121 to the minimum size, except for requests >= mmap_threshold that
122 are serviced via mmap(), where the worst case wastage is 2 *
123 sizeof(size_t) bytes plus the remainder from a system page (the
124 minimal mmap unit); typically 4096 or 8192 bytes.
126 Maximum allocated size: 4-byte size_t: 2^32 minus about two pages
127 8-byte size_t: 2^64 minus about two pages
129 It is assumed that (possibly signed) size_t values suffice to
130 represent chunk sizes. `Possibly signed' is due to the fact
131 that `size_t' may be defined on a system as either a signed or
132 an unsigned type. The ISO C standard says that it must be
133 unsigned, but a few systems are known not to adhere to this.
134 Additionally, even when size_t is unsigned, sbrk (which is by
135 default used to obtain memory from system) accepts signed
136 arguments, and may not be able to handle size_t-wide arguments
137 with negative sign bit. Generally, values that would
138 appear as negative after accounting for overhead and alignment
139 are supported only via mmap(), which does not have this
140 limitation.
142 Requests for sizes outside the allowed range will perform an optional
143 failure action and then return null. (Requests may also
144 also fail because a system is out of memory.)
146 Thread-safety: thread-safe
148 Compliance: I believe it is compliant with the 1997 Single Unix Specification
149 Also SVID/XPG, ANSI C, and probably others as well.
151 * Synopsis of compile-time options:
153 People have reported using previous versions of this malloc on all
154 versions of Unix, sometimes by tweaking some of the defines
155 below. It has been tested most extensively on Solaris and Linux.
156 People also report using it in stand-alone embedded systems.
158 The implementation is in straight, hand-tuned ANSI C. It is not
159 at all modular. (Sorry!) It uses a lot of macros. To be at all
160 usable, this code should be compiled using an optimizing compiler
161 (for example gcc -O3) that can simplify expressions and control
162 paths. (FAQ: some macros import variables as arguments rather than
163 declare locals because people reported that some debuggers
164 otherwise get confused.)
166 OPTION DEFAULT VALUE
168 Compilation Environment options:
170 HAVE_MREMAP 0
172 Changing default word sizes:
174 INTERNAL_SIZE_T size_t
176 Configuration and functionality options:
178 USE_PUBLIC_MALLOC_WRAPPERS NOT defined
179 USE_MALLOC_LOCK NOT defined
180 MALLOC_DEBUG NOT defined
181 REALLOC_ZERO_BYTES_FREES 1
182 TRIM_FASTBINS 0
184 Options for customizing MORECORE:
186 MORECORE sbrk
187 MORECORE_FAILURE -1
188 MORECORE_CONTIGUOUS 1
189 MORECORE_CANNOT_TRIM NOT defined
190 MORECORE_CLEARS 1
191 MMAP_AS_MORECORE_SIZE (1024 * 1024)
193 Tuning options that are also dynamically changeable via mallopt:
195 DEFAULT_MXFAST 64 (for 32bit), 128 (for 64bit)
196 DEFAULT_TRIM_THRESHOLD 128 * 1024
197 DEFAULT_TOP_PAD 0
198 DEFAULT_MMAP_THRESHOLD 128 * 1024
199 DEFAULT_MMAP_MAX 65536
201 There are several other #defined constants and macros that you
202 probably don't want to touch unless you are extending or adapting malloc. */
205 void* is the pointer type that malloc should say it returns
208 #ifndef void
209 #define void void
210 #endif /*void*/
212 #include <stddef.h> /* for size_t */
213 #include <stdlib.h> /* for getenv(), abort() */
214 #include <unistd.h> /* for __libc_enable_secure */
216 #include <atomic.h>
217 #include <_itoa.h>
218 #include <bits/wordsize.h>
219 #include <sys/sysinfo.h>
221 #include <ldsodefs.h>
223 #include <unistd.h>
224 #include <stdio.h> /* needed for malloc_stats */
225 #include <errno.h>
227 #include <shlib-compat.h>
229 /* For uintptr_t. */
230 #include <stdint.h>
232 /* For va_arg, va_start, va_end. */
233 #include <stdarg.h>
235 /* For MIN, MAX, powerof2. */
236 #include <sys/param.h>
238 /* For ALIGN_UP et. al. */
239 #include <libc-pointer-arith.h>
241 /* For DIAG_PUSH/POP_NEEDS_COMMENT et al. */
242 #include <libc-diag.h>
244 #include <malloc/malloc-internal.h>
246 /* For SINGLE_THREAD_P. */
247 #include <sysdep-cancel.h>
250 Debugging:
252 Because freed chunks may be overwritten with bookkeeping fields, this
253 malloc will often die when freed memory is overwritten by user
254 programs. This can be very effective (albeit in an annoying way)
255 in helping track down dangling pointers.
257 If you compile with -DMALLOC_DEBUG, a number of assertion checks are
258 enabled that will catch more memory errors. You probably won't be
259 able to make much sense of the actual assertion errors, but they
260 should help you locate incorrectly overwritten memory. The checking
261 is fairly extensive, and will slow down execution
262 noticeably. Calling malloc_stats or mallinfo with MALLOC_DEBUG set
263 will attempt to check every non-mmapped allocated and free chunk in
264 the course of computing the summmaries. (By nature, mmapped regions
265 cannot be checked very much automatically.)
267 Setting MALLOC_DEBUG may also be helpful if you are trying to modify
268 this code. The assertions in the check routines spell out in more
269 detail the assumptions and invariants underlying the algorithms.
271 Setting MALLOC_DEBUG does NOT provide an automated mechanism for
272 checking that all accesses to malloced memory stay within their
273 bounds. However, there are several add-ons and adaptations of this
274 or other mallocs available that do this.
277 #ifndef MALLOC_DEBUG
278 #define MALLOC_DEBUG 0
279 #endif
281 #ifdef NDEBUG
282 # define assert(expr) ((void) 0)
283 #else
284 # define assert(expr) \
285 ((expr) \
286 ? ((void) 0) \
287 : __malloc_assert (#expr, __FILE__, __LINE__, __func__))
289 extern const char *__progname;
291 static void
292 __malloc_assert (const char *assertion, const char *file, unsigned int line,
293 const char *function)
295 (void) __fxprintf (NULL, "%s%s%s:%u: %s%sAssertion `%s' failed.\n",
296 __progname, __progname[0] ? ": " : "",
297 file, line,
298 function ? function : "", function ? ": " : "",
299 assertion);
300 fflush (stderr);
301 abort ();
303 #endif
305 #if USE_TCACHE
306 /* We want 64 entries. This is an arbitrary limit, which tunables can reduce. */
307 # define TCACHE_MAX_BINS 64
308 # define MAX_TCACHE_SIZE tidx2usize (TCACHE_MAX_BINS-1)
310 /* Only used to pre-fill the tunables. */
311 # define tidx2usize(idx) (((size_t) idx) * MALLOC_ALIGNMENT + MINSIZE - SIZE_SZ)
313 /* When "x" is from chunksize(). */
314 # define csize2tidx(x) (((x) - MINSIZE + MALLOC_ALIGNMENT - 1) / MALLOC_ALIGNMENT)
315 /* When "x" is a user-provided size. */
316 # define usize2tidx(x) csize2tidx (request2size (x))
318 /* With rounding and alignment, the bins are...
319 idx 0 bytes 0..24 (64-bit) or 0..12 (32-bit)
320 idx 1 bytes 25..40 or 13..20
321 idx 2 bytes 41..56 or 21..28
322 etc. */
324 /* This is another arbitrary limit, which tunables can change. Each
325 tcache bin will hold at most this number of chunks. */
326 # define TCACHE_FILL_COUNT 7
327 #endif
331 REALLOC_ZERO_BYTES_FREES should be set if a call to
332 realloc with zero bytes should be the same as a call to free.
333 This is required by the C standard. Otherwise, since this malloc
334 returns a unique pointer for malloc(0), so does realloc(p, 0).
337 #ifndef REALLOC_ZERO_BYTES_FREES
338 #define REALLOC_ZERO_BYTES_FREES 1
339 #endif
342 TRIM_FASTBINS controls whether free() of a very small chunk can
343 immediately lead to trimming. Setting to true (1) can reduce memory
344 footprint, but will almost always slow down programs that use a lot
345 of small chunks.
347 Define this only if you are willing to give up some speed to more
348 aggressively reduce system-level memory footprint when releasing
349 memory in programs that use many small chunks. You can get
350 essentially the same effect by setting MXFAST to 0, but this can
351 lead to even greater slowdowns in programs using many small chunks.
352 TRIM_FASTBINS is an in-between compile-time option, that disables
353 only those chunks bordering topmost memory from being placed in
354 fastbins.
357 #ifndef TRIM_FASTBINS
358 #define TRIM_FASTBINS 0
359 #endif
362 /* Definition for getting more memory from the OS. */
363 #define MORECORE (*__morecore)
364 #define MORECORE_FAILURE 0
365 void * __default_morecore (ptrdiff_t);
366 void *(*__morecore)(ptrdiff_t) = __default_morecore;
369 #include <string.h>
372 MORECORE-related declarations. By default, rely on sbrk
377 MORECORE is the name of the routine to call to obtain more memory
378 from the system. See below for general guidance on writing
379 alternative MORECORE functions, as well as a version for WIN32 and a
380 sample version for pre-OSX macos.
383 #ifndef MORECORE
384 #define MORECORE sbrk
385 #endif
388 MORECORE_FAILURE is the value returned upon failure of MORECORE
389 as well as mmap. Since it cannot be an otherwise valid memory address,
390 and must reflect values of standard sys calls, you probably ought not
391 try to redefine it.
394 #ifndef MORECORE_FAILURE
395 #define MORECORE_FAILURE (-1)
396 #endif
399 If MORECORE_CONTIGUOUS is true, take advantage of fact that
400 consecutive calls to MORECORE with positive arguments always return
401 contiguous increasing addresses. This is true of unix sbrk. Even
402 if not defined, when regions happen to be contiguous, malloc will
403 permit allocations spanning regions obtained from different
404 calls. But defining this when applicable enables some stronger
405 consistency checks and space efficiencies.
408 #ifndef MORECORE_CONTIGUOUS
409 #define MORECORE_CONTIGUOUS 1
410 #endif
413 Define MORECORE_CANNOT_TRIM if your version of MORECORE
414 cannot release space back to the system when given negative
415 arguments. This is generally necessary only if you are using
416 a hand-crafted MORECORE function that cannot handle negative arguments.
419 /* #define MORECORE_CANNOT_TRIM */
421 /* MORECORE_CLEARS (default 1)
422 The degree to which the routine mapped to MORECORE zeroes out
423 memory: never (0), only for newly allocated space (1) or always
424 (2). The distinction between (1) and (2) is necessary because on
425 some systems, if the application first decrements and then
426 increments the break value, the contents of the reallocated space
427 are unspecified.
430 #ifndef MORECORE_CLEARS
431 # define MORECORE_CLEARS 1
432 #endif
436 MMAP_AS_MORECORE_SIZE is the minimum mmap size argument to use if
437 sbrk fails, and mmap is used as a backup. The value must be a
438 multiple of page size. This backup strategy generally applies only
439 when systems have "holes" in address space, so sbrk cannot perform
440 contiguous expansion, but there is still space available on system.
441 On systems for which this is known to be useful (i.e. most linux
442 kernels), this occurs only when programs allocate huge amounts of
443 memory. Between this, and the fact that mmap regions tend to be
444 limited, the size should be large, to avoid too many mmap calls and
445 thus avoid running out of kernel resources. */
447 #ifndef MMAP_AS_MORECORE_SIZE
448 #define MMAP_AS_MORECORE_SIZE (1024 * 1024)
449 #endif
452 Define HAVE_MREMAP to make realloc() use mremap() to re-allocate
453 large blocks.
456 #ifndef HAVE_MREMAP
457 #define HAVE_MREMAP 0
458 #endif
460 /* We may need to support __malloc_initialize_hook for backwards
461 compatibility. */
463 #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_24)
464 # define HAVE_MALLOC_INIT_HOOK 1
465 #else
466 # define HAVE_MALLOC_INIT_HOOK 0
467 #endif
471 This version of malloc supports the standard SVID/XPG mallinfo
472 routine that returns a struct containing usage properties and
473 statistics. It should work on any SVID/XPG compliant system that has
474 a /usr/include/malloc.h defining struct mallinfo. (If you'd like to
475 install such a thing yourself, cut out the preliminary declarations
476 as described above and below and save them in a malloc.h file. But
477 there's no compelling reason to bother to do this.)
479 The main declaration needed is the mallinfo struct that is returned
480 (by-copy) by mallinfo(). The SVID/XPG malloinfo struct contains a
481 bunch of fields that are not even meaningful in this version of
482 malloc. These fields are are instead filled by mallinfo() with
483 other numbers that might be of interest.
487 /* ---------- description of public routines ------------ */
490 malloc(size_t n)
491 Returns a pointer to a newly allocated chunk of at least n bytes, or null
492 if no space is available. Additionally, on failure, errno is
493 set to ENOMEM on ANSI C systems.
495 If n is zero, malloc returns a minumum-sized chunk. (The minimum
496 size is 16 bytes on most 32bit systems, and 24 or 32 bytes on 64bit
497 systems.) On most systems, size_t is an unsigned type, so calls
498 with negative arguments are interpreted as requests for huge amounts
499 of space, which will often fail. The maximum supported value of n
500 differs across systems, but is in all cases less than the maximum
501 representable value of a size_t.
503 void* __libc_malloc(size_t);
504 libc_hidden_proto (__libc_malloc)
507 free(void* p)
508 Releases the chunk of memory pointed to by p, that had been previously
509 allocated using malloc or a related routine such as realloc.
510 It has no effect if p is null. It can have arbitrary (i.e., bad!)
511 effects if p has already been freed.
513 Unless disabled (using mallopt), freeing very large spaces will
514 when possible, automatically trigger operations that give
515 back unused memory to the system, thus reducing program footprint.
517 void __libc_free(void*);
518 libc_hidden_proto (__libc_free)
521 calloc(size_t n_elements, size_t element_size);
522 Returns a pointer to n_elements * element_size bytes, with all locations
523 set to zero.
525 void* __libc_calloc(size_t, size_t);
528 realloc(void* p, size_t n)
529 Returns a pointer to a chunk of size n that contains the same data
530 as does chunk p up to the minimum of (n, p's size) bytes, or null
531 if no space is available.
533 The returned pointer may or may not be the same as p. The algorithm
534 prefers extending p when possible, otherwise it employs the
535 equivalent of a malloc-copy-free sequence.
537 If p is null, realloc is equivalent to malloc.
539 If space is not available, realloc returns null, errno is set (if on
540 ANSI) and p is NOT freed.
542 if n is for fewer bytes than already held by p, the newly unused
543 space is lopped off and freed if possible. Unless the #define
544 REALLOC_ZERO_BYTES_FREES is set, realloc with a size argument of
545 zero (re)allocates a minimum-sized chunk.
547 Large chunks that were internally obtained via mmap will always be
548 grown using malloc-copy-free sequences unless the system supports
549 MREMAP (currently only linux).
551 The old unix realloc convention of allowing the last-free'd chunk
552 to be used as an argument to realloc is not supported.
554 void* __libc_realloc(void*, size_t);
555 libc_hidden_proto (__libc_realloc)
558 memalign(size_t alignment, size_t n);
559 Returns a pointer to a newly allocated chunk of n bytes, aligned
560 in accord with the alignment argument.
562 The alignment argument should be a power of two. If the argument is
563 not a power of two, the nearest greater power is used.
564 8-byte alignment is guaranteed by normal malloc calls, so don't
565 bother calling memalign with an argument of 8 or less.
567 Overreliance on memalign is a sure way to fragment space.
569 void* __libc_memalign(size_t, size_t);
570 libc_hidden_proto (__libc_memalign)
573 valloc(size_t n);
574 Equivalent to memalign(pagesize, n), where pagesize is the page
575 size of the system. If the pagesize is unknown, 4096 is used.
577 void* __libc_valloc(size_t);
582 mallopt(int parameter_number, int parameter_value)
583 Sets tunable parameters The format is to provide a
584 (parameter-number, parameter-value) pair. mallopt then sets the
585 corresponding parameter to the argument value if it can (i.e., so
586 long as the value is meaningful), and returns 1 if successful else
587 0. SVID/XPG/ANSI defines four standard param numbers for mallopt,
588 normally defined in malloc.h. Only one of these (M_MXFAST) is used
589 in this malloc. The others (M_NLBLKS, M_GRAIN, M_KEEP) don't apply,
590 so setting them has no effect. But this malloc also supports four
591 other options in mallopt. See below for details. Briefly, supported
592 parameters are as follows (listed defaults are for "typical"
593 configurations).
595 Symbol param # default allowed param values
596 M_MXFAST 1 64 0-80 (0 disables fastbins)
597 M_TRIM_THRESHOLD -1 128*1024 any (-1U disables trimming)
598 M_TOP_PAD -2 0 any
599 M_MMAP_THRESHOLD -3 128*1024 any (or 0 if no MMAP support)
600 M_MMAP_MAX -4 65536 any (0 disables use of mmap)
602 int __libc_mallopt(int, int);
603 libc_hidden_proto (__libc_mallopt)
607 mallinfo()
608 Returns (by copy) a struct containing various summary statistics:
610 arena: current total non-mmapped bytes allocated from system
611 ordblks: the number of free chunks
612 smblks: the number of fastbin blocks (i.e., small chunks that
613 have been freed but not use resused or consolidated)
614 hblks: current number of mmapped regions
615 hblkhd: total bytes held in mmapped regions
616 usmblks: always 0
617 fsmblks: total bytes held in fastbin blocks
618 uordblks: current total allocated space (normal or mmapped)
619 fordblks: total free space
620 keepcost: the maximum number of bytes that could ideally be released
621 back to system via malloc_trim. ("ideally" means that
622 it ignores page restrictions etc.)
624 Because these fields are ints, but internal bookkeeping may
625 be kept as longs, the reported values may wrap around zero and
626 thus be inaccurate.
628 struct mallinfo __libc_mallinfo(void);
632 pvalloc(size_t n);
633 Equivalent to valloc(minimum-page-that-holds(n)), that is,
634 round up n to nearest pagesize.
636 void* __libc_pvalloc(size_t);
639 malloc_trim(size_t pad);
641 If possible, gives memory back to the system (via negative
642 arguments to sbrk) if there is unused memory at the `high' end of
643 the malloc pool. You can call this after freeing large blocks of
644 memory to potentially reduce the system-level memory requirements
645 of a program. However, it cannot guarantee to reduce memory. Under
646 some allocation patterns, some large free blocks of memory will be
647 locked between two used chunks, so they cannot be given back to
648 the system.
650 The `pad' argument to malloc_trim represents the amount of free
651 trailing space to leave untrimmed. If this argument is zero,
652 only the minimum amount of memory to maintain internal data
653 structures will be left (one page or less). Non-zero arguments
654 can be supplied to maintain enough trailing space to service
655 future expected allocations without having to re-obtain memory
656 from the system.
658 Malloc_trim returns 1 if it actually released any memory, else 0.
659 On systems that do not support "negative sbrks", it will always
660 return 0.
662 int __malloc_trim(size_t);
665 malloc_usable_size(void* p);
667 Returns the number of bytes you can actually use in
668 an allocated chunk, which may be more than you requested (although
669 often not) due to alignment and minimum size constraints.
670 You can use this many bytes without worrying about
671 overwriting other allocated objects. This is not a particularly great
672 programming practice. malloc_usable_size can be more useful in
673 debugging and assertions, for example:
675 p = malloc(n);
676 assert(malloc_usable_size(p) >= 256);
679 size_t __malloc_usable_size(void*);
682 malloc_stats();
683 Prints on stderr the amount of space obtained from the system (both
684 via sbrk and mmap), the maximum amount (which may be more than
685 current if malloc_trim and/or munmap got called), and the current
686 number of bytes allocated via malloc (or realloc, etc) but not yet
687 freed. Note that this is the number of bytes allocated, not the
688 number requested. It will be larger than the number requested
689 because of alignment and bookkeeping overhead. Because it includes
690 alignment wastage as being in use, this figure may be greater than
691 zero even when no user-level chunks are allocated.
693 The reported current and maximum system memory can be inaccurate if
694 a program makes other calls to system memory allocation functions
695 (normally sbrk) outside of malloc.
697 malloc_stats prints only the most commonly interesting statistics.
698 More information can be obtained by calling mallinfo.
701 void __malloc_stats(void);
704 malloc_get_state(void);
706 Returns the state of all malloc variables in an opaque data
707 structure.
709 void* __malloc_get_state(void);
712 malloc_set_state(void* state);
714 Restore the state of all malloc variables from data obtained with
715 malloc_get_state().
717 int __malloc_set_state(void*);
720 posix_memalign(void **memptr, size_t alignment, size_t size);
722 POSIX wrapper like memalign(), checking for validity of size.
724 int __posix_memalign(void **, size_t, size_t);
726 /* mallopt tuning options */
729 M_MXFAST is the maximum request size used for "fastbins", special bins
730 that hold returned chunks without consolidating their spaces. This
731 enables future requests for chunks of the same size to be handled
732 very quickly, but can increase fragmentation, and thus increase the
733 overall memory footprint of a program.
735 This malloc manages fastbins very conservatively yet still
736 efficiently, so fragmentation is rarely a problem for values less
737 than or equal to the default. The maximum supported value of MXFAST
738 is 80. You wouldn't want it any higher than this anyway. Fastbins
739 are designed especially for use with many small structs, objects or
740 strings -- the default handles structs/objects/arrays with sizes up
741 to 8 4byte fields, or small strings representing words, tokens,
742 etc. Using fastbins for larger objects normally worsens
743 fragmentation without improving speed.
745 M_MXFAST is set in REQUEST size units. It is internally used in
746 chunksize units, which adds padding and alignment. You can reduce
747 M_MXFAST to 0 to disable all use of fastbins. This causes the malloc
748 algorithm to be a closer approximation of fifo-best-fit in all cases,
749 not just for larger requests, but will generally cause it to be
750 slower.
754 /* M_MXFAST is a standard SVID/XPG tuning option, usually listed in malloc.h */
755 #ifndef M_MXFAST
756 #define M_MXFAST 1
757 #endif
759 #ifndef DEFAULT_MXFAST
760 #define DEFAULT_MXFAST (64 * SIZE_SZ / 4)
761 #endif
765 M_TRIM_THRESHOLD is the maximum amount of unused top-most memory
766 to keep before releasing via malloc_trim in free().
768 Automatic trimming is mainly useful in long-lived programs.
769 Because trimming via sbrk can be slow on some systems, and can
770 sometimes be wasteful (in cases where programs immediately
771 afterward allocate more large chunks) the value should be high
772 enough so that your overall system performance would improve by
773 releasing this much memory.
775 The trim threshold and the mmap control parameters (see below)
776 can be traded off with one another. Trimming and mmapping are
777 two different ways of releasing unused memory back to the
778 system. Between these two, it is often possible to keep
779 system-level demands of a long-lived program down to a bare
780 minimum. For example, in one test suite of sessions measuring
781 the XF86 X server on Linux, using a trim threshold of 128K and a
782 mmap threshold of 192K led to near-minimal long term resource
783 consumption.
785 If you are using this malloc in a long-lived program, it should
786 pay to experiment with these values. As a rough guide, you
787 might set to a value close to the average size of a process
788 (program) running on your system. Releasing this much memory
789 would allow such a process to run in memory. Generally, it's
790 worth it to tune for trimming rather tham memory mapping when a
791 program undergoes phases where several large chunks are
792 allocated and released in ways that can reuse each other's
793 storage, perhaps mixed with phases where there are no such
794 chunks at all. And in well-behaved long-lived programs,
795 controlling release of large blocks via trimming versus mapping
796 is usually faster.
798 However, in most programs, these parameters serve mainly as
799 protection against the system-level effects of carrying around
800 massive amounts of unneeded memory. Since frequent calls to
801 sbrk, mmap, and munmap otherwise degrade performance, the default
802 parameters are set to relatively high values that serve only as
803 safeguards.
805 The trim value It must be greater than page size to have any useful
806 effect. To disable trimming completely, you can set to
807 (unsigned long)(-1)
809 Trim settings interact with fastbin (MXFAST) settings: Unless
810 TRIM_FASTBINS is defined, automatic trimming never takes place upon
811 freeing a chunk with size less than or equal to MXFAST. Trimming is
812 instead delayed until subsequent freeing of larger chunks. However,
813 you can still force an attempted trim by calling malloc_trim.
815 Also, trimming is not generally possible in cases where
816 the main arena is obtained via mmap.
818 Note that the trick some people use of mallocing a huge space and
819 then freeing it at program startup, in an attempt to reserve system
820 memory, doesn't have the intended effect under automatic trimming,
821 since that memory will immediately be returned to the system.
824 #define M_TRIM_THRESHOLD -1
826 #ifndef DEFAULT_TRIM_THRESHOLD
827 #define DEFAULT_TRIM_THRESHOLD (128 * 1024)
828 #endif
831 M_TOP_PAD is the amount of extra `padding' space to allocate or
832 retain whenever sbrk is called. It is used in two ways internally:
834 * When sbrk is called to extend the top of the arena to satisfy
835 a new malloc request, this much padding is added to the sbrk
836 request.
838 * When malloc_trim is called automatically from free(),
839 it is used as the `pad' argument.
841 In both cases, the actual amount of padding is rounded
842 so that the end of the arena is always a system page boundary.
844 The main reason for using padding is to avoid calling sbrk so
845 often. Having even a small pad greatly reduces the likelihood
846 that nearly every malloc request during program start-up (or
847 after trimming) will invoke sbrk, which needlessly wastes
848 time.
850 Automatic rounding-up to page-size units is normally sufficient
851 to avoid measurable overhead, so the default is 0. However, in
852 systems where sbrk is relatively slow, it can pay to increase
853 this value, at the expense of carrying around more memory than
854 the program needs.
857 #define M_TOP_PAD -2
859 #ifndef DEFAULT_TOP_PAD
860 #define DEFAULT_TOP_PAD (0)
861 #endif
864 MMAP_THRESHOLD_MAX and _MIN are the bounds on the dynamically
865 adjusted MMAP_THRESHOLD.
868 #ifndef DEFAULT_MMAP_THRESHOLD_MIN
869 #define DEFAULT_MMAP_THRESHOLD_MIN (128 * 1024)
870 #endif
872 #ifndef DEFAULT_MMAP_THRESHOLD_MAX
873 /* For 32-bit platforms we cannot increase the maximum mmap
874 threshold much because it is also the minimum value for the
875 maximum heap size and its alignment. Going above 512k (i.e., 1M
876 for new heaps) wastes too much address space. */
877 # if __WORDSIZE == 32
878 # define DEFAULT_MMAP_THRESHOLD_MAX (512 * 1024)
879 # else
880 # define DEFAULT_MMAP_THRESHOLD_MAX (4 * 1024 * 1024 * sizeof(long))
881 # endif
882 #endif
885 M_MMAP_THRESHOLD is the request size threshold for using mmap()
886 to service a request. Requests of at least this size that cannot
887 be allocated using already-existing space will be serviced via mmap.
888 (If enough normal freed space already exists it is used instead.)
890 Using mmap segregates relatively large chunks of memory so that
891 they can be individually obtained and released from the host
892 system. A request serviced through mmap is never reused by any
893 other request (at least not directly; the system may just so
894 happen to remap successive requests to the same locations).
896 Segregating space in this way has the benefits that:
898 1. Mmapped space can ALWAYS be individually released back
899 to the system, which helps keep the system level memory
900 demands of a long-lived program low.
901 2. Mapped memory can never become `locked' between
902 other chunks, as can happen with normally allocated chunks, which
903 means that even trimming via malloc_trim would not release them.
904 3. On some systems with "holes" in address spaces, mmap can obtain
905 memory that sbrk cannot.
907 However, it has the disadvantages that:
909 1. The space cannot be reclaimed, consolidated, and then
910 used to service later requests, as happens with normal chunks.
911 2. It can lead to more wastage because of mmap page alignment
912 requirements
913 3. It causes malloc performance to be more dependent on host
914 system memory management support routines which may vary in
915 implementation quality and may impose arbitrary
916 limitations. Generally, servicing a request via normal
917 malloc steps is faster than going through a system's mmap.
919 The advantages of mmap nearly always outweigh disadvantages for
920 "large" chunks, but the value of "large" varies across systems. The
921 default is an empirically derived value that works well in most
922 systems.
925 Update in 2006:
926 The above was written in 2001. Since then the world has changed a lot.
927 Memory got bigger. Applications got bigger. The virtual address space
928 layout in 32 bit linux changed.
930 In the new situation, brk() and mmap space is shared and there are no
931 artificial limits on brk size imposed by the kernel. What is more,
932 applications have started using transient allocations larger than the
933 128Kb as was imagined in 2001.
935 The price for mmap is also high now; each time glibc mmaps from the
936 kernel, the kernel is forced to zero out the memory it gives to the
937 application. Zeroing memory is expensive and eats a lot of cache and
938 memory bandwidth. This has nothing to do with the efficiency of the
939 virtual memory system, by doing mmap the kernel just has no choice but
940 to zero.
942 In 2001, the kernel had a maximum size for brk() which was about 800
943 megabytes on 32 bit x86, at that point brk() would hit the first
944 mmaped shared libaries and couldn't expand anymore. With current 2.6
945 kernels, the VA space layout is different and brk() and mmap
946 both can span the entire heap at will.
948 Rather than using a static threshold for the brk/mmap tradeoff,
949 we are now using a simple dynamic one. The goal is still to avoid
950 fragmentation. The old goals we kept are
951 1) try to get the long lived large allocations to use mmap()
952 2) really large allocations should always use mmap()
953 and we're adding now:
954 3) transient allocations should use brk() to avoid forcing the kernel
955 having to zero memory over and over again
957 The implementation works with a sliding threshold, which is by default
958 limited to go between 128Kb and 32Mb (64Mb for 64 bitmachines) and starts
959 out at 128Kb as per the 2001 default.
961 This allows us to satisfy requirement 1) under the assumption that long
962 lived allocations are made early in the process' lifespan, before it has
963 started doing dynamic allocations of the same size (which will
964 increase the threshold).
966 The upperbound on the threshold satisfies requirement 2)
968 The threshold goes up in value when the application frees memory that was
969 allocated with the mmap allocator. The idea is that once the application
970 starts freeing memory of a certain size, it's highly probable that this is
971 a size the application uses for transient allocations. This estimator
972 is there to satisfy the new third requirement.
976 #define M_MMAP_THRESHOLD -3
978 #ifndef DEFAULT_MMAP_THRESHOLD
979 #define DEFAULT_MMAP_THRESHOLD DEFAULT_MMAP_THRESHOLD_MIN
980 #endif
983 M_MMAP_MAX is the maximum number of requests to simultaneously
984 service using mmap. This parameter exists because
985 some systems have a limited number of internal tables for
986 use by mmap, and using more than a few of them may degrade
987 performance.
989 The default is set to a value that serves only as a safeguard.
990 Setting to 0 disables use of mmap for servicing large requests.
993 #define M_MMAP_MAX -4
995 #ifndef DEFAULT_MMAP_MAX
996 #define DEFAULT_MMAP_MAX (65536)
997 #endif
999 #include <malloc.h>
1001 #ifndef RETURN_ADDRESS
1002 #define RETURN_ADDRESS(X_) (NULL)
1003 #endif
1005 /* Forward declarations. */
1006 struct malloc_chunk;
1007 typedef struct malloc_chunk* mchunkptr;
1009 /* Internal routines. */
1011 static void* _int_malloc(mstate, size_t);
1012 static void _int_free(mstate, mchunkptr, int);
1013 static void* _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T,
1014 INTERNAL_SIZE_T);
1015 static void* _int_memalign(mstate, size_t, size_t);
1016 static void* _mid_memalign(size_t, size_t, void *);
1018 static void malloc_printerr(const char *str) __attribute__ ((noreturn));
1020 static void* mem2mem_check(void *p, size_t sz);
1021 static void top_check(void);
1022 static void munmap_chunk(mchunkptr p);
1023 #if HAVE_MREMAP
1024 static mchunkptr mremap_chunk(mchunkptr p, size_t new_size);
1025 #endif
1027 static void* malloc_check(size_t sz, const void *caller);
1028 static void free_check(void* mem, const void *caller);
1029 static void* realloc_check(void* oldmem, size_t bytes,
1030 const void *caller);
1031 static void* memalign_check(size_t alignment, size_t bytes,
1032 const void *caller);
1034 /* ------------------ MMAP support ------------------ */
1037 #include <fcntl.h>
1038 #include <sys/mman.h>
1040 #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
1041 # define MAP_ANONYMOUS MAP_ANON
1042 #endif
1044 #ifndef MAP_NORESERVE
1045 # define MAP_NORESERVE 0
1046 #endif
1048 #define MMAP(addr, size, prot, flags) \
1049 __mmap((addr), (size), (prot), (flags)|MAP_ANONYMOUS|MAP_PRIVATE, -1, 0)
1053 ----------------------- Chunk representations -----------------------
1058 This struct declaration is misleading (but accurate and necessary).
1059 It declares a "view" into memory allowing access to necessary
1060 fields at known offsets from a given base. See explanation below.
1063 struct malloc_chunk {
1065 INTERNAL_SIZE_T mchunk_prev_size; /* Size of previous chunk (if free). */
1066 INTERNAL_SIZE_T mchunk_size; /* Size in bytes, including overhead. */
1068 struct malloc_chunk* fd; /* double links -- used only if free. */
1069 struct malloc_chunk* bk;
1071 /* Only used for large blocks: pointer to next larger size. */
1072 struct malloc_chunk* fd_nextsize; /* double links -- used only if free. */
1073 struct malloc_chunk* bk_nextsize;
1078 malloc_chunk details:
1080 (The following includes lightly edited explanations by Colin Plumb.)
1082 Chunks of memory are maintained using a `boundary tag' method as
1083 described in e.g., Knuth or Standish. (See the paper by Paul
1084 Wilson ftp://ftp.cs.utexas.edu/pub/garbage/allocsrv.ps for a
1085 survey of such techniques.) Sizes of free chunks are stored both
1086 in the front of each chunk and at the end. This makes
1087 consolidating fragmented chunks into bigger chunks very fast. The
1088 size fields also hold bits representing whether chunks are free or
1089 in use.
1091 An allocated chunk looks like this:
1094 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1095 | Size of previous chunk, if unallocated (P clear) |
1096 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1097 | Size of chunk, in bytes |A|M|P|
1098 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1099 | User data starts here... .
1101 . (malloc_usable_size() bytes) .
1103 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1104 | (size of chunk, but used for application data) |
1105 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1106 | Size of next chunk, in bytes |A|0|1|
1107 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1109 Where "chunk" is the front of the chunk for the purpose of most of
1110 the malloc code, but "mem" is the pointer that is returned to the
1111 user. "Nextchunk" is the beginning of the next contiguous chunk.
1113 Chunks always begin on even word boundaries, so the mem portion
1114 (which is returned to the user) is also on an even word boundary, and
1115 thus at least double-word aligned.
1117 Free chunks are stored in circular doubly-linked lists, and look like this:
1119 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1120 | Size of previous chunk, if unallocated (P clear) |
1121 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1122 `head:' | Size of chunk, in bytes |A|0|P|
1123 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1124 | Forward pointer to next chunk in list |
1125 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1126 | Back pointer to previous chunk in list |
1127 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1128 | Unused space (may be 0 bytes long) .
1131 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1132 `foot:' | Size of chunk, in bytes |
1133 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1134 | Size of next chunk, in bytes |A|0|0|
1135 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1137 The P (PREV_INUSE) bit, stored in the unused low-order bit of the
1138 chunk size (which is always a multiple of two words), is an in-use
1139 bit for the *previous* chunk. If that bit is *clear*, then the
1140 word before the current chunk size contains the previous chunk
1141 size, and can be used to find the front of the previous chunk.
1142 The very first chunk allocated always has this bit set,
1143 preventing access to non-existent (or non-owned) memory. If
1144 prev_inuse is set for any given chunk, then you CANNOT determine
1145 the size of the previous chunk, and might even get a memory
1146 addressing fault when trying to do so.
1148 The A (NON_MAIN_ARENA) bit is cleared for chunks on the initial,
1149 main arena, described by the main_arena variable. When additional
1150 threads are spawned, each thread receives its own arena (up to a
1151 configurable limit, after which arenas are reused for multiple
1152 threads), and the chunks in these arenas have the A bit set. To
1153 find the arena for a chunk on such a non-main arena, heap_for_ptr
1154 performs a bit mask operation and indirection through the ar_ptr
1155 member of the per-heap header heap_info (see arena.c).
1157 Note that the `foot' of the current chunk is actually represented
1158 as the prev_size of the NEXT chunk. This makes it easier to
1159 deal with alignments etc but can be very confusing when trying
1160 to extend or adapt this code.
1162 The three exceptions to all this are:
1164 1. The special chunk `top' doesn't bother using the
1165 trailing size field since there is no next contiguous chunk
1166 that would have to index off it. After initialization, `top'
1167 is forced to always exist. If it would become less than
1168 MINSIZE bytes long, it is replenished.
1170 2. Chunks allocated via mmap, which have the second-lowest-order
1171 bit M (IS_MMAPPED) set in their size fields. Because they are
1172 allocated one-by-one, each must contain its own trailing size
1173 field. If the M bit is set, the other bits are ignored
1174 (because mmapped chunks are neither in an arena, nor adjacent
1175 to a freed chunk). The M bit is also used for chunks which
1176 originally came from a dumped heap via malloc_set_state in
1177 hooks.c.
1179 3. Chunks in fastbins are treated as allocated chunks from the
1180 point of view of the chunk allocator. They are consolidated
1181 with their neighbors only in bulk, in malloc_consolidate.
1185 ---------- Size and alignment checks and conversions ----------
1188 /* conversion from malloc headers to user pointers, and back */
1190 #define chunk2mem(p) ((void*)((char*)(p) + 2*SIZE_SZ))
1191 #define mem2chunk(mem) ((mchunkptr)((char*)(mem) - 2*SIZE_SZ))
1193 /* The smallest possible chunk */
1194 #define MIN_CHUNK_SIZE (offsetof(struct malloc_chunk, fd_nextsize))
1196 /* The smallest size we can malloc is an aligned minimal chunk */
1198 #define MINSIZE \
1199 (unsigned long)(((MIN_CHUNK_SIZE+MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK))
1201 /* Check if m has acceptable alignment */
1203 #define aligned_OK(m) (((unsigned long)(m) & MALLOC_ALIGN_MASK) == 0)
1205 #define misaligned_chunk(p) \
1206 ((uintptr_t)(MALLOC_ALIGNMENT == 2 * SIZE_SZ ? (p) : chunk2mem (p)) \
1207 & MALLOC_ALIGN_MASK)
1211 Check if a request is so large that it would wrap around zero when
1212 padded and aligned. To simplify some other code, the bound is made
1213 low enough so that adding MINSIZE will also not wrap around zero.
1216 #define REQUEST_OUT_OF_RANGE(req) \
1217 ((unsigned long) (req) >= \
1218 (unsigned long) (INTERNAL_SIZE_T) (-2 * MINSIZE))
1220 /* pad request bytes into a usable size -- internal version */
1222 #define request2size(req) \
1223 (((req) + SIZE_SZ + MALLOC_ALIGN_MASK < MINSIZE) ? \
1224 MINSIZE : \
1225 ((req) + SIZE_SZ + MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK)
1227 /* Same, except also perform argument check */
1229 #define checked_request2size(req, sz) \
1230 if (REQUEST_OUT_OF_RANGE (req)) { \
1231 __set_errno (ENOMEM); \
1232 return 0; \
1234 (sz) = request2size (req);
1237 --------------- Physical chunk operations ---------------
1241 /* size field is or'ed with PREV_INUSE when previous adjacent chunk in use */
1242 #define PREV_INUSE 0x1
1244 /* extract inuse bit of previous chunk */
1245 #define prev_inuse(p) ((p)->mchunk_size & PREV_INUSE)
1248 /* size field is or'ed with IS_MMAPPED if the chunk was obtained with mmap() */
1249 #define IS_MMAPPED 0x2
1251 /* check for mmap()'ed chunk */
1252 #define chunk_is_mmapped(p) ((p)->mchunk_size & IS_MMAPPED)
1255 /* size field is or'ed with NON_MAIN_ARENA if the chunk was obtained
1256 from a non-main arena. This is only set immediately before handing
1257 the chunk to the user, if necessary. */
1258 #define NON_MAIN_ARENA 0x4
1260 /* Check for chunk from main arena. */
1261 #define chunk_main_arena(p) (((p)->mchunk_size & NON_MAIN_ARENA) == 0)
1263 /* Mark a chunk as not being on the main arena. */
1264 #define set_non_main_arena(p) ((p)->mchunk_size |= NON_MAIN_ARENA)
1268 Bits to mask off when extracting size
1270 Note: IS_MMAPPED is intentionally not masked off from size field in
1271 macros for which mmapped chunks should never be seen. This should
1272 cause helpful core dumps to occur if it is tried by accident by
1273 people extending or adapting this malloc.
1275 #define SIZE_BITS (PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA)
1277 /* Get size, ignoring use bits */
1278 #define chunksize(p) (chunksize_nomask (p) & ~(SIZE_BITS))
1280 /* Like chunksize, but do not mask SIZE_BITS. */
1281 #define chunksize_nomask(p) ((p)->mchunk_size)
1283 /* Ptr to next physical malloc_chunk. */
1284 #define next_chunk(p) ((mchunkptr) (((char *) (p)) + chunksize (p)))
1286 /* Size of the chunk below P. Only valid if prev_inuse (P). */
1287 #define prev_size(p) ((p)->mchunk_prev_size)
1289 /* Set the size of the chunk below P. Only valid if prev_inuse (P). */
1290 #define set_prev_size(p, sz) ((p)->mchunk_prev_size = (sz))
1292 /* Ptr to previous physical malloc_chunk. Only valid if prev_inuse (P). */
1293 #define prev_chunk(p) ((mchunkptr) (((char *) (p)) - prev_size (p)))
1295 /* Treat space at ptr + offset as a chunk */
1296 #define chunk_at_offset(p, s) ((mchunkptr) (((char *) (p)) + (s)))
1298 /* extract p's inuse bit */
1299 #define inuse(p) \
1300 ((((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size) & PREV_INUSE)
1302 /* set/clear chunk as being inuse without otherwise disturbing */
1303 #define set_inuse(p) \
1304 ((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size |= PREV_INUSE
1306 #define clear_inuse(p) \
1307 ((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size &= ~(PREV_INUSE)
1310 /* check/set/clear inuse bits in known places */
1311 #define inuse_bit_at_offset(p, s) \
1312 (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size & PREV_INUSE)
1314 #define set_inuse_bit_at_offset(p, s) \
1315 (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size |= PREV_INUSE)
1317 #define clear_inuse_bit_at_offset(p, s) \
1318 (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size &= ~(PREV_INUSE))
1321 /* Set size at head, without disturbing its use bit */
1322 #define set_head_size(p, s) ((p)->mchunk_size = (((p)->mchunk_size & SIZE_BITS) | (s)))
1324 /* Set size/use field */
1325 #define set_head(p, s) ((p)->mchunk_size = (s))
1327 /* Set size at footer (only when chunk is not in use) */
1328 #define set_foot(p, s) (((mchunkptr) ((char *) (p) + (s)))->mchunk_prev_size = (s))
1331 #pragma GCC poison mchunk_size
1332 #pragma GCC poison mchunk_prev_size
1335 -------------------- Internal data structures --------------------
1337 All internal state is held in an instance of malloc_state defined
1338 below. There are no other static variables, except in two optional
1339 cases:
1340 * If USE_MALLOC_LOCK is defined, the mALLOC_MUTEx declared above.
1341 * If mmap doesn't support MAP_ANONYMOUS, a dummy file descriptor
1342 for mmap.
1344 Beware of lots of tricks that minimize the total bookkeeping space
1345 requirements. The result is a little over 1K bytes (for 4byte
1346 pointers and size_t.)
1350 Bins
1352 An array of bin headers for free chunks. Each bin is doubly
1353 linked. The bins are approximately proportionally (log) spaced.
1354 There are a lot of these bins (128). This may look excessive, but
1355 works very well in practice. Most bins hold sizes that are
1356 unusual as malloc request sizes, but are more usual for fragments
1357 and consolidated sets of chunks, which is what these bins hold, so
1358 they can be found quickly. All procedures maintain the invariant
1359 that no consolidated chunk physically borders another one, so each
1360 chunk in a list is known to be preceeded and followed by either
1361 inuse chunks or the ends of memory.
1363 Chunks in bins are kept in size order, with ties going to the
1364 approximately least recently used chunk. Ordering isn't needed
1365 for the small bins, which all contain the same-sized chunks, but
1366 facilitates best-fit allocation for larger chunks. These lists
1367 are just sequential. Keeping them in order almost never requires
1368 enough traversal to warrant using fancier ordered data
1369 structures.
1371 Chunks of the same size are linked with the most
1372 recently freed at the front, and allocations are taken from the
1373 back. This results in LRU (FIFO) allocation order, which tends
1374 to give each chunk an equal opportunity to be consolidated with
1375 adjacent freed chunks, resulting in larger free chunks and less
1376 fragmentation.
1378 To simplify use in double-linked lists, each bin header acts
1379 as a malloc_chunk. This avoids special-casing for headers.
1380 But to conserve space and improve locality, we allocate
1381 only the fd/bk pointers of bins, and then use repositioning tricks
1382 to treat these as the fields of a malloc_chunk*.
1385 typedef struct malloc_chunk *mbinptr;
1387 /* addressing -- note that bin_at(0) does not exist */
1388 #define bin_at(m, i) \
1389 (mbinptr) (((char *) &((m)->bins[((i) - 1) * 2])) \
1390 - offsetof (struct malloc_chunk, fd))
1392 /* analog of ++bin */
1393 #define next_bin(b) ((mbinptr) ((char *) (b) + (sizeof (mchunkptr) << 1)))
1395 /* Reminders about list directionality within bins */
1396 #define first(b) ((b)->fd)
1397 #define last(b) ((b)->bk)
1399 /* Take a chunk off a bin list */
1400 #define unlink(AV, P, BK, FD) { \
1401 if (__builtin_expect (chunksize(P) != prev_size (next_chunk(P)), 0)) \
1402 malloc_printerr ("corrupted size vs. prev_size"); \
1403 FD = P->fd; \
1404 BK = P->bk; \
1405 if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \
1406 malloc_printerr ("corrupted double-linked list"); \
1407 else { \
1408 FD->bk = BK; \
1409 BK->fd = FD; \
1410 if (!in_smallbin_range (chunksize_nomask (P)) \
1411 && __builtin_expect (P->fd_nextsize != NULL, 0)) { \
1412 if (__builtin_expect (P->fd_nextsize->bk_nextsize != P, 0) \
1413 || __builtin_expect (P->bk_nextsize->fd_nextsize != P, 0)) \
1414 malloc_printerr ("corrupted double-linked list (not small)"); \
1415 if (FD->fd_nextsize == NULL) { \
1416 if (P->fd_nextsize == P) \
1417 FD->fd_nextsize = FD->bk_nextsize = FD; \
1418 else { \
1419 FD->fd_nextsize = P->fd_nextsize; \
1420 FD->bk_nextsize = P->bk_nextsize; \
1421 P->fd_nextsize->bk_nextsize = FD; \
1422 P->bk_nextsize->fd_nextsize = FD; \
1424 } else { \
1425 P->fd_nextsize->bk_nextsize = P->bk_nextsize; \
1426 P->bk_nextsize->fd_nextsize = P->fd_nextsize; \
1433 Indexing
1435 Bins for sizes < 512 bytes contain chunks of all the same size, spaced
1436 8 bytes apart. Larger bins are approximately logarithmically spaced:
1438 64 bins of size 8
1439 32 bins of size 64
1440 16 bins of size 512
1441 8 bins of size 4096
1442 4 bins of size 32768
1443 2 bins of size 262144
1444 1 bin of size what's left
1446 There is actually a little bit of slop in the numbers in bin_index
1447 for the sake of speed. This makes no difference elsewhere.
1449 The bins top out around 1MB because we expect to service large
1450 requests via mmap.
1452 Bin 0 does not exist. Bin 1 is the unordered list; if that would be
1453 a valid chunk size the small bins are bumped up one.
1456 #define NBINS 128
1457 #define NSMALLBINS 64
1458 #define SMALLBIN_WIDTH MALLOC_ALIGNMENT
1459 #define SMALLBIN_CORRECTION (MALLOC_ALIGNMENT > 2 * SIZE_SZ)
1460 #define MIN_LARGE_SIZE ((NSMALLBINS - SMALLBIN_CORRECTION) * SMALLBIN_WIDTH)
1462 #define in_smallbin_range(sz) \
1463 ((unsigned long) (sz) < (unsigned long) MIN_LARGE_SIZE)
1465 #define smallbin_index(sz) \
1466 ((SMALLBIN_WIDTH == 16 ? (((unsigned) (sz)) >> 4) : (((unsigned) (sz)) >> 3))\
1467 + SMALLBIN_CORRECTION)
1469 #define largebin_index_32(sz) \
1470 (((((unsigned long) (sz)) >> 6) <= 38) ? 56 + (((unsigned long) (sz)) >> 6) :\
1471 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1472 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1473 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1474 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1475 126)
1477 #define largebin_index_32_big(sz) \
1478 (((((unsigned long) (sz)) >> 6) <= 45) ? 49 + (((unsigned long) (sz)) >> 6) :\
1479 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1480 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1481 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1482 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1483 126)
1485 // XXX It remains to be seen whether it is good to keep the widths of
1486 // XXX the buckets the same or whether it should be scaled by a factor
1487 // XXX of two as well.
1488 #define largebin_index_64(sz) \
1489 (((((unsigned long) (sz)) >> 6) <= 48) ? 48 + (((unsigned long) (sz)) >> 6) :\
1490 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1491 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1492 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1493 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1494 126)
1496 #define largebin_index(sz) \
1497 (SIZE_SZ == 8 ? largebin_index_64 (sz) \
1498 : MALLOC_ALIGNMENT == 16 ? largebin_index_32_big (sz) \
1499 : largebin_index_32 (sz))
1501 #define bin_index(sz) \
1502 ((in_smallbin_range (sz)) ? smallbin_index (sz) : largebin_index (sz))
1506 Unsorted chunks
1508 All remainders from chunk splits, as well as all returned chunks,
1509 are first placed in the "unsorted" bin. They are then placed
1510 in regular bins after malloc gives them ONE chance to be used before
1511 binning. So, basically, the unsorted_chunks list acts as a queue,
1512 with chunks being placed on it in free (and malloc_consolidate),
1513 and taken off (to be either used or placed in bins) in malloc.
1515 The NON_MAIN_ARENA flag is never set for unsorted chunks, so it
1516 does not have to be taken into account in size comparisons.
1519 /* The otherwise unindexable 1-bin is used to hold unsorted chunks. */
1520 #define unsorted_chunks(M) (bin_at (M, 1))
1525 The top-most available chunk (i.e., the one bordering the end of
1526 available memory) is treated specially. It is never included in
1527 any bin, is used only if no other chunk is available, and is
1528 released back to the system if it is very large (see
1529 M_TRIM_THRESHOLD). Because top initially
1530 points to its own bin with initial zero size, thus forcing
1531 extension on the first malloc request, we avoid having any special
1532 code in malloc to check whether it even exists yet. But we still
1533 need to do so when getting memory from system, so we make
1534 initial_top treat the bin as a legal but unusable chunk during the
1535 interval between initialization and the first call to
1536 sysmalloc. (This is somewhat delicate, since it relies on
1537 the 2 preceding words to be zero during this interval as well.)
1540 /* Conveniently, the unsorted bin can be used as dummy top on first call */
1541 #define initial_top(M) (unsorted_chunks (M))
1544 Binmap
1546 To help compensate for the large number of bins, a one-level index
1547 structure is used for bin-by-bin searching. `binmap' is a
1548 bitvector recording whether bins are definitely empty so they can
1549 be skipped over during during traversals. The bits are NOT always
1550 cleared as soon as bins are empty, but instead only
1551 when they are noticed to be empty during traversal in malloc.
1554 /* Conservatively use 32 bits per map word, even if on 64bit system */
1555 #define BINMAPSHIFT 5
1556 #define BITSPERMAP (1U << BINMAPSHIFT)
1557 #define BINMAPSIZE (NBINS / BITSPERMAP)
1559 #define idx2block(i) ((i) >> BINMAPSHIFT)
1560 #define idx2bit(i) ((1U << ((i) & ((1U << BINMAPSHIFT) - 1))))
1562 #define mark_bin(m, i) ((m)->binmap[idx2block (i)] |= idx2bit (i))
1563 #define unmark_bin(m, i) ((m)->binmap[idx2block (i)] &= ~(idx2bit (i)))
1564 #define get_binmap(m, i) ((m)->binmap[idx2block (i)] & idx2bit (i))
1567 Fastbins
1569 An array of lists holding recently freed small chunks. Fastbins
1570 are not doubly linked. It is faster to single-link them, and
1571 since chunks are never removed from the middles of these lists,
1572 double linking is not necessary. Also, unlike regular bins, they
1573 are not even processed in FIFO order (they use faster LIFO) since
1574 ordering doesn't much matter in the transient contexts in which
1575 fastbins are normally used.
1577 Chunks in fastbins keep their inuse bit set, so they cannot
1578 be consolidated with other free chunks. malloc_consolidate
1579 releases all chunks in fastbins and consolidates them with
1580 other free chunks.
1583 typedef struct malloc_chunk *mfastbinptr;
1584 #define fastbin(ar_ptr, idx) ((ar_ptr)->fastbinsY[idx])
1586 /* offset 2 to use otherwise unindexable first 2 bins */
1587 #define fastbin_index(sz) \
1588 ((((unsigned int) (sz)) >> (SIZE_SZ == 8 ? 4 : 3)) - 2)
1591 /* The maximum fastbin request size we support */
1592 #define MAX_FAST_SIZE (80 * SIZE_SZ / 4)
1594 #define NFASTBINS (fastbin_index (request2size (MAX_FAST_SIZE)) + 1)
1597 FASTBIN_CONSOLIDATION_THRESHOLD is the size of a chunk in free()
1598 that triggers automatic consolidation of possibly-surrounding
1599 fastbin chunks. This is a heuristic, so the exact value should not
1600 matter too much. It is defined at half the default trim threshold as a
1601 compromise heuristic to only attempt consolidation if it is likely
1602 to lead to trimming. However, it is not dynamically tunable, since
1603 consolidation reduces fragmentation surrounding large chunks even
1604 if trimming is not used.
1607 #define FASTBIN_CONSOLIDATION_THRESHOLD (65536UL)
1610 NONCONTIGUOUS_BIT indicates that MORECORE does not return contiguous
1611 regions. Otherwise, contiguity is exploited in merging together,
1612 when possible, results from consecutive MORECORE calls.
1614 The initial value comes from MORECORE_CONTIGUOUS, but is
1615 changed dynamically if mmap is ever used as an sbrk substitute.
1618 #define NONCONTIGUOUS_BIT (2U)
1620 #define contiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) == 0)
1621 #define noncontiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) != 0)
1622 #define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT)
1623 #define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT)
1625 /* Maximum size of memory handled in fastbins. */
1626 static INTERNAL_SIZE_T global_max_fast;
1629 Set value of max_fast.
1630 Use impossibly small value if 0.
1631 Precondition: there are no existing fastbin chunks in the main arena.
1632 Since do_check_malloc_state () checks this, we call malloc_consolidate ()
1633 before changing max_fast. Note other arenas will leak their fast bin
1634 entries if max_fast is reduced.
1637 #define set_max_fast(s) \
1638 global_max_fast = (((s) == 0) \
1639 ? SMALLBIN_WIDTH : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK))
1641 static inline INTERNAL_SIZE_T
1642 get_max_fast (void)
1644 /* Tell the GCC optimizers that global_max_fast is never larger
1645 than MAX_FAST_SIZE. This avoids out-of-bounds array accesses in
1646 _int_malloc after constant propagation of the size parameter.
1647 (The code never executes because malloc preserves the
1648 global_max_fast invariant, but the optimizers may not recognize
1649 this.) */
1650 if (global_max_fast > MAX_FAST_SIZE)
1651 __builtin_unreachable ();
1652 return global_max_fast;
1656 ----------- Internal state representation and initialization -----------
1660 have_fastchunks indicates that there are probably some fastbin chunks.
1661 It is set true on entering a chunk into any fastbin, and cleared early in
1662 malloc_consolidate. The value is approximate since it may be set when there
1663 are no fastbin chunks, or it may be clear even if there are fastbin chunks
1664 available. Given it's sole purpose is to reduce number of redundant calls to
1665 malloc_consolidate, it does not affect correctness. As a result we can safely
1666 use relaxed atomic accesses.
1670 struct malloc_state
1672 /* Serialize access. */
1673 __libc_lock_define (, mutex);
1675 /* Flags (formerly in max_fast). */
1676 int flags;
1678 /* Set if the fastbin chunks contain recently inserted free blocks. */
1679 /* Note this is a bool but not all targets support atomics on booleans. */
1680 int have_fastchunks;
1682 /* Fastbins */
1683 mfastbinptr fastbinsY[NFASTBINS];
1685 /* Base of the topmost chunk -- not otherwise kept in a bin */
1686 mchunkptr top;
1688 /* The remainder from the most recent split of a small request */
1689 mchunkptr last_remainder;
1691 /* Normal bins packed as described above */
1692 mchunkptr bins[NBINS * 2 - 2];
1694 /* Bitmap of bins */
1695 unsigned int binmap[BINMAPSIZE];
1697 /* Linked list */
1698 struct malloc_state *next;
1700 /* Linked list for free arenas. Access to this field is serialized
1701 by free_list_lock in arena.c. */
1702 struct malloc_state *next_free;
1704 /* Number of threads attached to this arena. 0 if the arena is on
1705 the free list. Access to this field is serialized by
1706 free_list_lock in arena.c. */
1707 INTERNAL_SIZE_T attached_threads;
1709 /* Memory allocated from the system in this arena. */
1710 INTERNAL_SIZE_T system_mem;
1711 INTERNAL_SIZE_T max_system_mem;
1714 struct malloc_par
1716 /* Tunable parameters */
1717 unsigned long trim_threshold;
1718 INTERNAL_SIZE_T top_pad;
1719 INTERNAL_SIZE_T mmap_threshold;
1720 INTERNAL_SIZE_T arena_test;
1721 INTERNAL_SIZE_T arena_max;
1723 /* Memory map support */
1724 int n_mmaps;
1725 int n_mmaps_max;
1726 int max_n_mmaps;
1727 /* the mmap_threshold is dynamic, until the user sets
1728 it manually, at which point we need to disable any
1729 dynamic behavior. */
1730 int no_dyn_threshold;
1732 /* Statistics */
1733 INTERNAL_SIZE_T mmapped_mem;
1734 INTERNAL_SIZE_T max_mmapped_mem;
1736 /* First address handed out by MORECORE/sbrk. */
1737 char *sbrk_base;
1739 #if USE_TCACHE
1740 /* Maximum number of buckets to use. */
1741 size_t tcache_bins;
1742 size_t tcache_max_bytes;
1743 /* Maximum number of chunks in each bucket. */
1744 size_t tcache_count;
1745 /* Maximum number of chunks to remove from the unsorted list, which
1746 aren't used to prefill the cache. */
1747 size_t tcache_unsorted_limit;
1748 #endif
1751 /* There are several instances of this struct ("arenas") in this
1752 malloc. If you are adapting this malloc in a way that does NOT use
1753 a static or mmapped malloc_state, you MUST explicitly zero-fill it
1754 before using. This malloc relies on the property that malloc_state
1755 is initialized to all zeroes (as is true of C statics). */
1757 static struct malloc_state main_arena =
1759 .mutex = _LIBC_LOCK_INITIALIZER,
1760 .next = &main_arena,
1761 .attached_threads = 1
1764 /* These variables are used for undumping support. Chunked are marked
1765 as using mmap, but we leave them alone if they fall into this
1766 range. NB: The chunk size for these chunks only includes the
1767 initial size field (of SIZE_SZ bytes), there is no trailing size
1768 field (unlike with regular mmapped chunks). */
1769 static mchunkptr dumped_main_arena_start; /* Inclusive. */
1770 static mchunkptr dumped_main_arena_end; /* Exclusive. */
1772 /* True if the pointer falls into the dumped arena. Use this after
1773 chunk_is_mmapped indicates a chunk is mmapped. */
1774 #define DUMPED_MAIN_ARENA_CHUNK(p) \
1775 ((p) >= dumped_main_arena_start && (p) < dumped_main_arena_end)
1777 /* There is only one instance of the malloc parameters. */
1779 static struct malloc_par mp_ =
1781 .top_pad = DEFAULT_TOP_PAD,
1782 .n_mmaps_max = DEFAULT_MMAP_MAX,
1783 .mmap_threshold = DEFAULT_MMAP_THRESHOLD,
1784 .trim_threshold = DEFAULT_TRIM_THRESHOLD,
1785 #define NARENAS_FROM_NCORES(n) ((n) * (sizeof (long) == 4 ? 2 : 8))
1786 .arena_test = NARENAS_FROM_NCORES (1)
1787 #if USE_TCACHE
1789 .tcache_count = TCACHE_FILL_COUNT,
1790 .tcache_bins = TCACHE_MAX_BINS,
1791 .tcache_max_bytes = tidx2usize (TCACHE_MAX_BINS-1),
1792 .tcache_unsorted_limit = 0 /* No limit. */
1793 #endif
1797 Initialize a malloc_state struct.
1799 This is called from ptmalloc_init () or from _int_new_arena ()
1800 when creating a new arena.
1803 static void
1804 malloc_init_state (mstate av)
1806 int i;
1807 mbinptr bin;
1809 /* Establish circular links for normal bins */
1810 for (i = 1; i < NBINS; ++i)
1812 bin = bin_at (av, i);
1813 bin->fd = bin->bk = bin;
1816 #if MORECORE_CONTIGUOUS
1817 if (av != &main_arena)
1818 #endif
1819 set_noncontiguous (av);
1820 if (av == &main_arena)
1821 set_max_fast (DEFAULT_MXFAST);
1822 atomic_store_relaxed (&av->have_fastchunks, false);
1824 av->top = initial_top (av);
1828 Other internal utilities operating on mstates
1831 static void *sysmalloc (INTERNAL_SIZE_T, mstate);
1832 static int systrim (size_t, mstate);
1833 static void malloc_consolidate (mstate);
1836 /* -------------- Early definitions for debugging hooks ---------------- */
1838 /* Define and initialize the hook variables. These weak definitions must
1839 appear before any use of the variables in a function (arena.c uses one). */
1840 #ifndef weak_variable
1841 /* In GNU libc we want the hook variables to be weak definitions to
1842 avoid a problem with Emacs. */
1843 # define weak_variable weak_function
1844 #endif
1846 /* Forward declarations. */
1847 static void *malloc_hook_ini (size_t sz,
1848 const void *caller) __THROW;
1849 static void *realloc_hook_ini (void *ptr, size_t sz,
1850 const void *caller) __THROW;
1851 static void *memalign_hook_ini (size_t alignment, size_t sz,
1852 const void *caller) __THROW;
1854 #if HAVE_MALLOC_INIT_HOOK
1855 void weak_variable (*__malloc_initialize_hook) (void) = NULL;
1856 compat_symbol (libc, __malloc_initialize_hook,
1857 __malloc_initialize_hook, GLIBC_2_0);
1858 #endif
1860 void weak_variable (*__free_hook) (void *__ptr,
1861 const void *) = NULL;
1862 void *weak_variable (*__malloc_hook)
1863 (size_t __size, const void *) = malloc_hook_ini;
1864 void *weak_variable (*__realloc_hook)
1865 (void *__ptr, size_t __size, const void *)
1866 = realloc_hook_ini;
1867 void *weak_variable (*__memalign_hook)
1868 (size_t __alignment, size_t __size, const void *)
1869 = memalign_hook_ini;
1870 void weak_variable (*__after_morecore_hook) (void) = NULL;
1873 /* ------------------ Testing support ----------------------------------*/
1875 static int perturb_byte;
1877 static void
1878 alloc_perturb (char *p, size_t n)
1880 if (__glibc_unlikely (perturb_byte))
1881 memset (p, perturb_byte ^ 0xff, n);
1884 static void
1885 free_perturb (char *p, size_t n)
1887 if (__glibc_unlikely (perturb_byte))
1888 memset (p, perturb_byte, n);
1893 #include <stap-probe.h>
1895 /* ------------------- Support for multiple arenas -------------------- */
1896 #include "arena.c"
1899 Debugging support
1901 These routines make a number of assertions about the states
1902 of data structures that should be true at all times. If any
1903 are not true, it's very likely that a user program has somehow
1904 trashed memory. (It's also possible that there is a coding error
1905 in malloc. In which case, please report it!)
1908 #if !MALLOC_DEBUG
1910 # define check_chunk(A, P)
1911 # define check_free_chunk(A, P)
1912 # define check_inuse_chunk(A, P)
1913 # define check_remalloced_chunk(A, P, N)
1914 # define check_malloced_chunk(A, P, N)
1915 # define check_malloc_state(A)
1917 #else
1919 # define check_chunk(A, P) do_check_chunk (A, P)
1920 # define check_free_chunk(A, P) do_check_free_chunk (A, P)
1921 # define check_inuse_chunk(A, P) do_check_inuse_chunk (A, P)
1922 # define check_remalloced_chunk(A, P, N) do_check_remalloced_chunk (A, P, N)
1923 # define check_malloced_chunk(A, P, N) do_check_malloced_chunk (A, P, N)
1924 # define check_malloc_state(A) do_check_malloc_state (A)
1927 Properties of all chunks
1930 static void
1931 do_check_chunk (mstate av, mchunkptr p)
1933 unsigned long sz = chunksize (p);
1934 /* min and max possible addresses assuming contiguous allocation */
1935 char *max_address = (char *) (av->top) + chunksize (av->top);
1936 char *min_address = max_address - av->system_mem;
1938 if (!chunk_is_mmapped (p))
1940 /* Has legal address ... */
1941 if (p != av->top)
1943 if (contiguous (av))
1945 assert (((char *) p) >= min_address);
1946 assert (((char *) p + sz) <= ((char *) (av->top)));
1949 else
1951 /* top size is always at least MINSIZE */
1952 assert ((unsigned long) (sz) >= MINSIZE);
1953 /* top predecessor always marked inuse */
1954 assert (prev_inuse (p));
1957 else if (!DUMPED_MAIN_ARENA_CHUNK (p))
1959 /* address is outside main heap */
1960 if (contiguous (av) && av->top != initial_top (av))
1962 assert (((char *) p) < min_address || ((char *) p) >= max_address);
1964 /* chunk is page-aligned */
1965 assert (((prev_size (p) + sz) & (GLRO (dl_pagesize) - 1)) == 0);
1966 /* mem is aligned */
1967 assert (aligned_OK (chunk2mem (p)));
1972 Properties of free chunks
1975 static void
1976 do_check_free_chunk (mstate av, mchunkptr p)
1978 INTERNAL_SIZE_T sz = chunksize_nomask (p) & ~(PREV_INUSE | NON_MAIN_ARENA);
1979 mchunkptr next = chunk_at_offset (p, sz);
1981 do_check_chunk (av, p);
1983 /* Chunk must claim to be free ... */
1984 assert (!inuse (p));
1985 assert (!chunk_is_mmapped (p));
1987 /* Unless a special marker, must have OK fields */
1988 if ((unsigned long) (sz) >= MINSIZE)
1990 assert ((sz & MALLOC_ALIGN_MASK) == 0);
1991 assert (aligned_OK (chunk2mem (p)));
1992 /* ... matching footer field */
1993 assert (prev_size (next_chunk (p)) == sz);
1994 /* ... and is fully consolidated */
1995 assert (prev_inuse (p));
1996 assert (next == av->top || inuse (next));
1998 /* ... and has minimally sane links */
1999 assert (p->fd->bk == p);
2000 assert (p->bk->fd == p);
2002 else /* markers are always of size SIZE_SZ */
2003 assert (sz == SIZE_SZ);
2007 Properties of inuse chunks
2010 static void
2011 do_check_inuse_chunk (mstate av, mchunkptr p)
2013 mchunkptr next;
2015 do_check_chunk (av, p);
2017 if (chunk_is_mmapped (p))
2018 return; /* mmapped chunks have no next/prev */
2020 /* Check whether it claims to be in use ... */
2021 assert (inuse (p));
2023 next = next_chunk (p);
2025 /* ... and is surrounded by OK chunks.
2026 Since more things can be checked with free chunks than inuse ones,
2027 if an inuse chunk borders them and debug is on, it's worth doing them.
2029 if (!prev_inuse (p))
2031 /* Note that we cannot even look at prev unless it is not inuse */
2032 mchunkptr prv = prev_chunk (p);
2033 assert (next_chunk (prv) == p);
2034 do_check_free_chunk (av, prv);
2037 if (next == av->top)
2039 assert (prev_inuse (next));
2040 assert (chunksize (next) >= MINSIZE);
2042 else if (!inuse (next))
2043 do_check_free_chunk (av, next);
2047 Properties of chunks recycled from fastbins
2050 static void
2051 do_check_remalloced_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T s)
2053 INTERNAL_SIZE_T sz = chunksize_nomask (p) & ~(PREV_INUSE | NON_MAIN_ARENA);
2055 if (!chunk_is_mmapped (p))
2057 assert (av == arena_for_chunk (p));
2058 if (chunk_main_arena (p))
2059 assert (av == &main_arena);
2060 else
2061 assert (av != &main_arena);
2064 do_check_inuse_chunk (av, p);
2066 /* Legal size ... */
2067 assert ((sz & MALLOC_ALIGN_MASK) == 0);
2068 assert ((unsigned long) (sz) >= MINSIZE);
2069 /* ... and alignment */
2070 assert (aligned_OK (chunk2mem (p)));
2071 /* chunk is less than MINSIZE more than request */
2072 assert ((long) (sz) - (long) (s) >= 0);
2073 assert ((long) (sz) - (long) (s + MINSIZE) < 0);
2077 Properties of nonrecycled chunks at the point they are malloced
2080 static void
2081 do_check_malloced_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T s)
2083 /* same as recycled case ... */
2084 do_check_remalloced_chunk (av, p, s);
2087 ... plus, must obey implementation invariant that prev_inuse is
2088 always true of any allocated chunk; i.e., that each allocated
2089 chunk borders either a previously allocated and still in-use
2090 chunk, or the base of its memory arena. This is ensured
2091 by making all allocations from the `lowest' part of any found
2092 chunk. This does not necessarily hold however for chunks
2093 recycled via fastbins.
2096 assert (prev_inuse (p));
2101 Properties of malloc_state.
2103 This may be useful for debugging malloc, as well as detecting user
2104 programmer errors that somehow write into malloc_state.
2106 If you are extending or experimenting with this malloc, you can
2107 probably figure out how to hack this routine to print out or
2108 display chunk addresses, sizes, bins, and other instrumentation.
2111 static void
2112 do_check_malloc_state (mstate av)
2114 int i;
2115 mchunkptr p;
2116 mchunkptr q;
2117 mbinptr b;
2118 unsigned int idx;
2119 INTERNAL_SIZE_T size;
2120 unsigned long total = 0;
2121 int max_fast_bin;
2123 /* internal size_t must be no wider than pointer type */
2124 assert (sizeof (INTERNAL_SIZE_T) <= sizeof (char *));
2126 /* alignment is a power of 2 */
2127 assert ((MALLOC_ALIGNMENT & (MALLOC_ALIGNMENT - 1)) == 0);
2129 /* Check the arena is initialized. */
2130 assert (av->top != 0);
2132 /* No memory has been allocated yet, so doing more tests is not possible. */
2133 if (av->top == initial_top (av))
2134 return;
2136 /* pagesize is a power of 2 */
2137 assert (powerof2(GLRO (dl_pagesize)));
2139 /* A contiguous main_arena is consistent with sbrk_base. */
2140 if (av == &main_arena && contiguous (av))
2141 assert ((char *) mp_.sbrk_base + av->system_mem ==
2142 (char *) av->top + chunksize (av->top));
2144 /* properties of fastbins */
2146 /* max_fast is in allowed range */
2147 assert ((get_max_fast () & ~1) <= request2size (MAX_FAST_SIZE));
2149 max_fast_bin = fastbin_index (get_max_fast ());
2151 for (i = 0; i < NFASTBINS; ++i)
2153 p = fastbin (av, i);
2155 /* The following test can only be performed for the main arena.
2156 While mallopt calls malloc_consolidate to get rid of all fast
2157 bins (especially those larger than the new maximum) this does
2158 only happen for the main arena. Trying to do this for any
2159 other arena would mean those arenas have to be locked and
2160 malloc_consolidate be called for them. This is excessive. And
2161 even if this is acceptable to somebody it still cannot solve
2162 the problem completely since if the arena is locked a
2163 concurrent malloc call might create a new arena which then
2164 could use the newly invalid fast bins. */
2166 /* all bins past max_fast are empty */
2167 if (av == &main_arena && i > max_fast_bin)
2168 assert (p == 0);
2170 while (p != 0)
2172 /* each chunk claims to be inuse */
2173 do_check_inuse_chunk (av, p);
2174 total += chunksize (p);
2175 /* chunk belongs in this bin */
2176 assert (fastbin_index (chunksize (p)) == i);
2177 p = p->fd;
2181 /* check normal bins */
2182 for (i = 1; i < NBINS; ++i)
2184 b = bin_at (av, i);
2186 /* binmap is accurate (except for bin 1 == unsorted_chunks) */
2187 if (i >= 2)
2189 unsigned int binbit = get_binmap (av, i);
2190 int empty = last (b) == b;
2191 if (!binbit)
2192 assert (empty);
2193 else if (!empty)
2194 assert (binbit);
2197 for (p = last (b); p != b; p = p->bk)
2199 /* each chunk claims to be free */
2200 do_check_free_chunk (av, p);
2201 size = chunksize (p);
2202 total += size;
2203 if (i >= 2)
2205 /* chunk belongs in bin */
2206 idx = bin_index (size);
2207 assert (idx == i);
2208 /* lists are sorted */
2209 assert (p->bk == b ||
2210 (unsigned long) chunksize (p->bk) >= (unsigned long) chunksize (p));
2212 if (!in_smallbin_range (size))
2214 if (p->fd_nextsize != NULL)
2216 if (p->fd_nextsize == p)
2217 assert (p->bk_nextsize == p);
2218 else
2220 if (p->fd_nextsize == first (b))
2221 assert (chunksize (p) < chunksize (p->fd_nextsize));
2222 else
2223 assert (chunksize (p) > chunksize (p->fd_nextsize));
2225 if (p == first (b))
2226 assert (chunksize (p) > chunksize (p->bk_nextsize));
2227 else
2228 assert (chunksize (p) < chunksize (p->bk_nextsize));
2231 else
2232 assert (p->bk_nextsize == NULL);
2235 else if (!in_smallbin_range (size))
2236 assert (p->fd_nextsize == NULL && p->bk_nextsize == NULL);
2237 /* chunk is followed by a legal chain of inuse chunks */
2238 for (q = next_chunk (p);
2239 (q != av->top && inuse (q) &&
2240 (unsigned long) (chunksize (q)) >= MINSIZE);
2241 q = next_chunk (q))
2242 do_check_inuse_chunk (av, q);
2246 /* top chunk is OK */
2247 check_chunk (av, av->top);
2249 #endif
2252 /* ----------------- Support for debugging hooks -------------------- */
2253 #include "hooks.c"
2256 /* ----------- Routines dealing with system allocation -------------- */
2259 sysmalloc handles malloc cases requiring more memory from the system.
2260 On entry, it is assumed that av->top does not have enough
2261 space to service request for nb bytes, thus requiring that av->top
2262 be extended or replaced.
2265 static void *
2266 sysmalloc (INTERNAL_SIZE_T nb, mstate av)
2268 mchunkptr old_top; /* incoming value of av->top */
2269 INTERNAL_SIZE_T old_size; /* its size */
2270 char *old_end; /* its end address */
2272 long size; /* arg to first MORECORE or mmap call */
2273 char *brk; /* return value from MORECORE */
2275 long correction; /* arg to 2nd MORECORE call */
2276 char *snd_brk; /* 2nd return val */
2278 INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */
2279 INTERNAL_SIZE_T end_misalign; /* partial page left at end of new space */
2280 char *aligned_brk; /* aligned offset into brk */
2282 mchunkptr p; /* the allocated/returned chunk */
2283 mchunkptr remainder; /* remainder from allocation */
2284 unsigned long remainder_size; /* its size */
2287 size_t pagesize = GLRO (dl_pagesize);
2288 bool tried_mmap = false;
2292 If have mmap, and the request size meets the mmap threshold, and
2293 the system supports mmap, and there are few enough currently
2294 allocated mmapped regions, try to directly map this request
2295 rather than expanding top.
2298 if (av == NULL
2299 || ((unsigned long) (nb) >= (unsigned long) (mp_.mmap_threshold)
2300 && (mp_.n_mmaps < mp_.n_mmaps_max)))
2302 char *mm; /* return value from mmap call*/
2304 try_mmap:
2306 Round up size to nearest page. For mmapped chunks, the overhead
2307 is one SIZE_SZ unit larger than for normal chunks, because there
2308 is no following chunk whose prev_size field could be used.
2310 See the front_misalign handling below, for glibc there is no
2311 need for further alignments unless we have have high alignment.
2313 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2314 size = ALIGN_UP (nb + SIZE_SZ, pagesize);
2315 else
2316 size = ALIGN_UP (nb + SIZE_SZ + MALLOC_ALIGN_MASK, pagesize);
2317 tried_mmap = true;
2319 /* Don't try if size wraps around 0 */
2320 if ((unsigned long) (size) > (unsigned long) (nb))
2322 mm = (char *) (MMAP (0, size, PROT_READ | PROT_WRITE, 0));
2324 if (mm != MAP_FAILED)
2327 The offset to the start of the mmapped region is stored
2328 in the prev_size field of the chunk. This allows us to adjust
2329 returned start address to meet alignment requirements here
2330 and in memalign(), and still be able to compute proper
2331 address argument for later munmap in free() and realloc().
2334 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2336 /* For glibc, chunk2mem increases the address by 2*SIZE_SZ and
2337 MALLOC_ALIGN_MASK is 2*SIZE_SZ-1. Each mmap'ed area is page
2338 aligned and therefore definitely MALLOC_ALIGN_MASK-aligned. */
2339 assert (((INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK) == 0);
2340 front_misalign = 0;
2342 else
2343 front_misalign = (INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK;
2344 if (front_misalign > 0)
2346 correction = MALLOC_ALIGNMENT - front_misalign;
2347 p = (mchunkptr) (mm + correction);
2348 set_prev_size (p, correction);
2349 set_head (p, (size - correction) | IS_MMAPPED);
2351 else
2353 p = (mchunkptr) mm;
2354 set_prev_size (p, 0);
2355 set_head (p, size | IS_MMAPPED);
2358 /* update statistics */
2360 int new = atomic_exchange_and_add (&mp_.n_mmaps, 1) + 1;
2361 atomic_max (&mp_.max_n_mmaps, new);
2363 unsigned long sum;
2364 sum = atomic_exchange_and_add (&mp_.mmapped_mem, size) + size;
2365 atomic_max (&mp_.max_mmapped_mem, sum);
2367 check_chunk (av, p);
2369 return chunk2mem (p);
2374 /* There are no usable arenas and mmap also failed. */
2375 if (av == NULL)
2376 return 0;
2378 /* Record incoming configuration of top */
2380 old_top = av->top;
2381 old_size = chunksize (old_top);
2382 old_end = (char *) (chunk_at_offset (old_top, old_size));
2384 brk = snd_brk = (char *) (MORECORE_FAILURE);
2387 If not the first time through, we require old_size to be
2388 at least MINSIZE and to have prev_inuse set.
2391 assert ((old_top == initial_top (av) && old_size == 0) ||
2392 ((unsigned long) (old_size) >= MINSIZE &&
2393 prev_inuse (old_top) &&
2394 ((unsigned long) old_end & (pagesize - 1)) == 0));
2396 /* Precondition: not enough current space to satisfy nb request */
2397 assert ((unsigned long) (old_size) < (unsigned long) (nb + MINSIZE));
2400 if (av != &main_arena)
2402 heap_info *old_heap, *heap;
2403 size_t old_heap_size;
2405 /* First try to extend the current heap. */
2406 old_heap = heap_for_ptr (old_top);
2407 old_heap_size = old_heap->size;
2408 if ((long) (MINSIZE + nb - old_size) > 0
2409 && grow_heap (old_heap, MINSIZE + nb - old_size) == 0)
2411 av->system_mem += old_heap->size - old_heap_size;
2412 set_head (old_top, (((char *) old_heap + old_heap->size) - (char *) old_top)
2413 | PREV_INUSE);
2415 else if ((heap = new_heap (nb + (MINSIZE + sizeof (*heap)), mp_.top_pad)))
2417 /* Use a newly allocated heap. */
2418 heap->ar_ptr = av;
2419 heap->prev = old_heap;
2420 av->system_mem += heap->size;
2421 /* Set up the new top. */
2422 top (av) = chunk_at_offset (heap, sizeof (*heap));
2423 set_head (top (av), (heap->size - sizeof (*heap)) | PREV_INUSE);
2425 /* Setup fencepost and free the old top chunk with a multiple of
2426 MALLOC_ALIGNMENT in size. */
2427 /* The fencepost takes at least MINSIZE bytes, because it might
2428 become the top chunk again later. Note that a footer is set
2429 up, too, although the chunk is marked in use. */
2430 old_size = (old_size - MINSIZE) & ~MALLOC_ALIGN_MASK;
2431 set_head (chunk_at_offset (old_top, old_size + 2 * SIZE_SZ), 0 | PREV_INUSE);
2432 if (old_size >= MINSIZE)
2434 set_head (chunk_at_offset (old_top, old_size), (2 * SIZE_SZ) | PREV_INUSE);
2435 set_foot (chunk_at_offset (old_top, old_size), (2 * SIZE_SZ));
2436 set_head (old_top, old_size | PREV_INUSE | NON_MAIN_ARENA);
2437 _int_free (av, old_top, 1);
2439 else
2441 set_head (old_top, (old_size + 2 * SIZE_SZ) | PREV_INUSE);
2442 set_foot (old_top, (old_size + 2 * SIZE_SZ));
2445 else if (!tried_mmap)
2446 /* We can at least try to use to mmap memory. */
2447 goto try_mmap;
2449 else /* av == main_arena */
2452 { /* Request enough space for nb + pad + overhead */
2453 size = nb + mp_.top_pad + MINSIZE;
2456 If contiguous, we can subtract out existing space that we hope to
2457 combine with new space. We add it back later only if
2458 we don't actually get contiguous space.
2461 if (contiguous (av))
2462 size -= old_size;
2465 Round to a multiple of page size.
2466 If MORECORE is not contiguous, this ensures that we only call it
2467 with whole-page arguments. And if MORECORE is contiguous and
2468 this is not first time through, this preserves page-alignment of
2469 previous calls. Otherwise, we correct to page-align below.
2472 size = ALIGN_UP (size, pagesize);
2475 Don't try to call MORECORE if argument is so big as to appear
2476 negative. Note that since mmap takes size_t arg, it may succeed
2477 below even if we cannot call MORECORE.
2480 if (size > 0)
2482 brk = (char *) (MORECORE (size));
2483 LIBC_PROBE (memory_sbrk_more, 2, brk, size);
2486 if (brk != (char *) (MORECORE_FAILURE))
2488 /* Call the `morecore' hook if necessary. */
2489 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2490 if (__builtin_expect (hook != NULL, 0))
2491 (*hook)();
2493 else
2496 If have mmap, try using it as a backup when MORECORE fails or
2497 cannot be used. This is worth doing on systems that have "holes" in
2498 address space, so sbrk cannot extend to give contiguous space, but
2499 space is available elsewhere. Note that we ignore mmap max count
2500 and threshold limits, since the space will not be used as a
2501 segregated mmap region.
2504 /* Cannot merge with old top, so add its size back in */
2505 if (contiguous (av))
2506 size = ALIGN_UP (size + old_size, pagesize);
2508 /* If we are relying on mmap as backup, then use larger units */
2509 if ((unsigned long) (size) < (unsigned long) (MMAP_AS_MORECORE_SIZE))
2510 size = MMAP_AS_MORECORE_SIZE;
2512 /* Don't try if size wraps around 0 */
2513 if ((unsigned long) (size) > (unsigned long) (nb))
2515 char *mbrk = (char *) (MMAP (0, size, PROT_READ | PROT_WRITE, 0));
2517 if (mbrk != MAP_FAILED)
2519 /* We do not need, and cannot use, another sbrk call to find end */
2520 brk = mbrk;
2521 snd_brk = brk + size;
2524 Record that we no longer have a contiguous sbrk region.
2525 After the first time mmap is used as backup, we do not
2526 ever rely on contiguous space since this could incorrectly
2527 bridge regions.
2529 set_noncontiguous (av);
2534 if (brk != (char *) (MORECORE_FAILURE))
2536 if (mp_.sbrk_base == 0)
2537 mp_.sbrk_base = brk;
2538 av->system_mem += size;
2541 If MORECORE extends previous space, we can likewise extend top size.
2544 if (brk == old_end && snd_brk == (char *) (MORECORE_FAILURE))
2545 set_head (old_top, (size + old_size) | PREV_INUSE);
2547 else if (contiguous (av) && old_size && brk < old_end)
2548 /* Oops! Someone else killed our space.. Can't touch anything. */
2549 malloc_printerr ("break adjusted to free malloc space");
2552 Otherwise, make adjustments:
2554 * If the first time through or noncontiguous, we need to call sbrk
2555 just to find out where the end of memory lies.
2557 * We need to ensure that all returned chunks from malloc will meet
2558 MALLOC_ALIGNMENT
2560 * If there was an intervening foreign sbrk, we need to adjust sbrk
2561 request size to account for fact that we will not be able to
2562 combine new space with existing space in old_top.
2564 * Almost all systems internally allocate whole pages at a time, in
2565 which case we might as well use the whole last page of request.
2566 So we allocate enough more memory to hit a page boundary now,
2567 which in turn causes future contiguous calls to page-align.
2570 else
2572 front_misalign = 0;
2573 end_misalign = 0;
2574 correction = 0;
2575 aligned_brk = brk;
2577 /* handle contiguous cases */
2578 if (contiguous (av))
2580 /* Count foreign sbrk as system_mem. */
2581 if (old_size)
2582 av->system_mem += brk - old_end;
2584 /* Guarantee alignment of first new chunk made from this space */
2586 front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
2587 if (front_misalign > 0)
2590 Skip over some bytes to arrive at an aligned position.
2591 We don't need to specially mark these wasted front bytes.
2592 They will never be accessed anyway because
2593 prev_inuse of av->top (and any chunk created from its start)
2594 is always true after initialization.
2597 correction = MALLOC_ALIGNMENT - front_misalign;
2598 aligned_brk += correction;
2602 If this isn't adjacent to existing space, then we will not
2603 be able to merge with old_top space, so must add to 2nd request.
2606 correction += old_size;
2608 /* Extend the end address to hit a page boundary */
2609 end_misalign = (INTERNAL_SIZE_T) (brk + size + correction);
2610 correction += (ALIGN_UP (end_misalign, pagesize)) - end_misalign;
2612 assert (correction >= 0);
2613 snd_brk = (char *) (MORECORE (correction));
2616 If can't allocate correction, try to at least find out current
2617 brk. It might be enough to proceed without failing.
2619 Note that if second sbrk did NOT fail, we assume that space
2620 is contiguous with first sbrk. This is a safe assumption unless
2621 program is multithreaded but doesn't use locks and a foreign sbrk
2622 occurred between our first and second calls.
2625 if (snd_brk == (char *) (MORECORE_FAILURE))
2627 correction = 0;
2628 snd_brk = (char *) (MORECORE (0));
2630 else
2632 /* Call the `morecore' hook if necessary. */
2633 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2634 if (__builtin_expect (hook != NULL, 0))
2635 (*hook)();
2639 /* handle non-contiguous cases */
2640 else
2642 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2643 /* MORECORE/mmap must correctly align */
2644 assert (((unsigned long) chunk2mem (brk) & MALLOC_ALIGN_MASK) == 0);
2645 else
2647 front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
2648 if (front_misalign > 0)
2651 Skip over some bytes to arrive at an aligned position.
2652 We don't need to specially mark these wasted front bytes.
2653 They will never be accessed anyway because
2654 prev_inuse of av->top (and any chunk created from its start)
2655 is always true after initialization.
2658 aligned_brk += MALLOC_ALIGNMENT - front_misalign;
2662 /* Find out current end of memory */
2663 if (snd_brk == (char *) (MORECORE_FAILURE))
2665 snd_brk = (char *) (MORECORE (0));
2669 /* Adjust top based on results of second sbrk */
2670 if (snd_brk != (char *) (MORECORE_FAILURE))
2672 av->top = (mchunkptr) aligned_brk;
2673 set_head (av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE);
2674 av->system_mem += correction;
2677 If not the first time through, we either have a
2678 gap due to foreign sbrk or a non-contiguous region. Insert a
2679 double fencepost at old_top to prevent consolidation with space
2680 we don't own. These fenceposts are artificial chunks that are
2681 marked as inuse and are in any case too small to use. We need
2682 two to make sizes and alignments work out.
2685 if (old_size != 0)
2688 Shrink old_top to insert fenceposts, keeping size a
2689 multiple of MALLOC_ALIGNMENT. We know there is at least
2690 enough space in old_top to do this.
2692 old_size = (old_size - 4 * SIZE_SZ) & ~MALLOC_ALIGN_MASK;
2693 set_head (old_top, old_size | PREV_INUSE);
2696 Note that the following assignments completely overwrite
2697 old_top when old_size was previously MINSIZE. This is
2698 intentional. We need the fencepost, even if old_top otherwise gets
2699 lost.
2701 set_head (chunk_at_offset (old_top, old_size),
2702 (2 * SIZE_SZ) | PREV_INUSE);
2703 set_head (chunk_at_offset (old_top, old_size + 2 * SIZE_SZ),
2704 (2 * SIZE_SZ) | PREV_INUSE);
2706 /* If possible, release the rest. */
2707 if (old_size >= MINSIZE)
2709 _int_free (av, old_top, 1);
2715 } /* if (av != &main_arena) */
2717 if ((unsigned long) av->system_mem > (unsigned long) (av->max_system_mem))
2718 av->max_system_mem = av->system_mem;
2719 check_malloc_state (av);
2721 /* finally, do the allocation */
2722 p = av->top;
2723 size = chunksize (p);
2725 /* check that one of the above allocation paths succeeded */
2726 if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
2728 remainder_size = size - nb;
2729 remainder = chunk_at_offset (p, nb);
2730 av->top = remainder;
2731 set_head (p, nb | PREV_INUSE | (av != &main_arena ? NON_MAIN_ARENA : 0));
2732 set_head (remainder, remainder_size | PREV_INUSE);
2733 check_malloced_chunk (av, p, nb);
2734 return chunk2mem (p);
2737 /* catch all failure paths */
2738 __set_errno (ENOMEM);
2739 return 0;
2744 systrim is an inverse of sorts to sysmalloc. It gives memory back
2745 to the system (via negative arguments to sbrk) if there is unused
2746 memory at the `high' end of the malloc pool. It is called
2747 automatically by free() when top space exceeds the trim
2748 threshold. It is also called by the public malloc_trim routine. It
2749 returns 1 if it actually released any memory, else 0.
2752 static int
2753 systrim (size_t pad, mstate av)
2755 long top_size; /* Amount of top-most memory */
2756 long extra; /* Amount to release */
2757 long released; /* Amount actually released */
2758 char *current_brk; /* address returned by pre-check sbrk call */
2759 char *new_brk; /* address returned by post-check sbrk call */
2760 size_t pagesize;
2761 long top_area;
2763 pagesize = GLRO (dl_pagesize);
2764 top_size = chunksize (av->top);
2766 top_area = top_size - MINSIZE - 1;
2767 if (top_area <= pad)
2768 return 0;
2770 /* Release in pagesize units and round down to the nearest page. */
2771 extra = ALIGN_DOWN(top_area - pad, pagesize);
2773 if (extra == 0)
2774 return 0;
2777 Only proceed if end of memory is where we last set it.
2778 This avoids problems if there were foreign sbrk calls.
2780 current_brk = (char *) (MORECORE (0));
2781 if (current_brk == (char *) (av->top) + top_size)
2784 Attempt to release memory. We ignore MORECORE return value,
2785 and instead call again to find out where new end of memory is.
2786 This avoids problems if first call releases less than we asked,
2787 of if failure somehow altered brk value. (We could still
2788 encounter problems if it altered brk in some very bad way,
2789 but the only thing we can do is adjust anyway, which will cause
2790 some downstream failure.)
2793 MORECORE (-extra);
2794 /* Call the `morecore' hook if necessary. */
2795 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2796 if (__builtin_expect (hook != NULL, 0))
2797 (*hook)();
2798 new_brk = (char *) (MORECORE (0));
2800 LIBC_PROBE (memory_sbrk_less, 2, new_brk, extra);
2802 if (new_brk != (char *) MORECORE_FAILURE)
2804 released = (long) (current_brk - new_brk);
2806 if (released != 0)
2808 /* Success. Adjust top. */
2809 av->system_mem -= released;
2810 set_head (av->top, (top_size - released) | PREV_INUSE);
2811 check_malloc_state (av);
2812 return 1;
2816 return 0;
2819 static void
2820 munmap_chunk (mchunkptr p)
2822 INTERNAL_SIZE_T size = chunksize (p);
2824 assert (chunk_is_mmapped (p));
2826 /* Do nothing if the chunk is a faked mmapped chunk in the dumped
2827 main arena. We never free this memory. */
2828 if (DUMPED_MAIN_ARENA_CHUNK (p))
2829 return;
2831 uintptr_t block = (uintptr_t) p - prev_size (p);
2832 size_t total_size = prev_size (p) + size;
2833 /* Unfortunately we have to do the compilers job by hand here. Normally
2834 we would test BLOCK and TOTAL-SIZE separately for compliance with the
2835 page size. But gcc does not recognize the optimization possibility
2836 (in the moment at least) so we combine the two values into one before
2837 the bit test. */
2838 if (__builtin_expect (((block | total_size) & (GLRO (dl_pagesize) - 1)) != 0, 0))
2839 malloc_printerr ("munmap_chunk(): invalid pointer");
2841 atomic_decrement (&mp_.n_mmaps);
2842 atomic_add (&mp_.mmapped_mem, -total_size);
2844 /* If munmap failed the process virtual memory address space is in a
2845 bad shape. Just leave the block hanging around, the process will
2846 terminate shortly anyway since not much can be done. */
2847 __munmap ((char *) block, total_size);
2850 #if HAVE_MREMAP
2852 static mchunkptr
2853 mremap_chunk (mchunkptr p, size_t new_size)
2855 size_t pagesize = GLRO (dl_pagesize);
2856 INTERNAL_SIZE_T offset = prev_size (p);
2857 INTERNAL_SIZE_T size = chunksize (p);
2858 char *cp;
2860 assert (chunk_is_mmapped (p));
2861 assert (((size + offset) & (GLRO (dl_pagesize) - 1)) == 0);
2863 /* Note the extra SIZE_SZ overhead as in mmap_chunk(). */
2864 new_size = ALIGN_UP (new_size + offset + SIZE_SZ, pagesize);
2866 /* No need to remap if the number of pages does not change. */
2867 if (size + offset == new_size)
2868 return p;
2870 cp = (char *) __mremap ((char *) p - offset, size + offset, new_size,
2871 MREMAP_MAYMOVE);
2873 if (cp == MAP_FAILED)
2874 return 0;
2876 p = (mchunkptr) (cp + offset);
2878 assert (aligned_OK (chunk2mem (p)));
2880 assert (prev_size (p) == offset);
2881 set_head (p, (new_size - offset) | IS_MMAPPED);
2883 INTERNAL_SIZE_T new;
2884 new = atomic_exchange_and_add (&mp_.mmapped_mem, new_size - size - offset)
2885 + new_size - size - offset;
2886 atomic_max (&mp_.max_mmapped_mem, new);
2887 return p;
2889 #endif /* HAVE_MREMAP */
2891 /*------------------------ Public wrappers. --------------------------------*/
2893 #if USE_TCACHE
2895 /* We overlay this structure on the user-data portion of a chunk when
2896 the chunk is stored in the per-thread cache. */
2897 typedef struct tcache_entry
2899 struct tcache_entry *next;
2900 } tcache_entry;
2902 /* There is one of these for each thread, which contains the
2903 per-thread cache (hence "tcache_perthread_struct"). Keeping
2904 overall size low is mildly important. Note that COUNTS and ENTRIES
2905 are redundant (we could have just counted the linked list each
2906 time), this is for performance reasons. */
2907 typedef struct tcache_perthread_struct
2909 char counts[TCACHE_MAX_BINS];
2910 tcache_entry *entries[TCACHE_MAX_BINS];
2911 } tcache_perthread_struct;
2913 static __thread bool tcache_shutting_down = false;
2914 static __thread tcache_perthread_struct *tcache = NULL;
2916 /* Caller must ensure that we know tc_idx is valid and there's room
2917 for more chunks. */
2918 static __always_inline void
2919 tcache_put (mchunkptr chunk, size_t tc_idx)
2921 tcache_entry *e = (tcache_entry *) chunk2mem (chunk);
2922 assert (tc_idx < TCACHE_MAX_BINS);
2923 e->next = tcache->entries[tc_idx];
2924 tcache->entries[tc_idx] = e;
2925 ++(tcache->counts[tc_idx]);
2928 /* Caller must ensure that we know tc_idx is valid and there's
2929 available chunks to remove. */
2930 static __always_inline void *
2931 tcache_get (size_t tc_idx)
2933 tcache_entry *e = tcache->entries[tc_idx];
2934 assert (tc_idx < TCACHE_MAX_BINS);
2935 assert (tcache->entries[tc_idx] > 0);
2936 tcache->entries[tc_idx] = e->next;
2937 --(tcache->counts[tc_idx]);
2938 return (void *) e;
2941 static void __attribute__ ((section ("__libc_thread_freeres_fn")))
2942 tcache_thread_freeres (void)
2944 int i;
2945 tcache_perthread_struct *tcache_tmp = tcache;
2947 if (!tcache)
2948 return;
2950 /* Disable the tcache and prevent it from being reinitialized. */
2951 tcache = NULL;
2952 tcache_shutting_down = true;
2954 /* Free all of the entries and the tcache itself back to the arena
2955 heap for coalescing. */
2956 for (i = 0; i < TCACHE_MAX_BINS; ++i)
2958 while (tcache_tmp->entries[i])
2960 tcache_entry *e = tcache_tmp->entries[i];
2961 tcache_tmp->entries[i] = e->next;
2962 __libc_free (e);
2966 __libc_free (tcache_tmp);
2968 text_set_element (__libc_thread_subfreeres, tcache_thread_freeres);
2970 static void
2971 tcache_init(void)
2973 mstate ar_ptr;
2974 void *victim = 0;
2975 const size_t bytes = sizeof (tcache_perthread_struct);
2977 if (tcache_shutting_down)
2978 return;
2980 arena_get (ar_ptr, bytes);
2981 victim = _int_malloc (ar_ptr, bytes);
2982 if (!victim && ar_ptr != NULL)
2984 ar_ptr = arena_get_retry (ar_ptr, bytes);
2985 victim = _int_malloc (ar_ptr, bytes);
2989 if (ar_ptr != NULL)
2990 __libc_lock_unlock (ar_ptr->mutex);
2992 /* In a low memory situation, we may not be able to allocate memory
2993 - in which case, we just keep trying later. However, we
2994 typically do this very early, so either there is sufficient
2995 memory, or there isn't enough memory to do non-trivial
2996 allocations anyway. */
2997 if (victim)
2999 tcache = (tcache_perthread_struct *) victim;
3000 memset (tcache, 0, sizeof (tcache_perthread_struct));
3005 #define MAYBE_INIT_TCACHE() \
3006 if (__glibc_unlikely (tcache == NULL)) \
3007 tcache_init();
3009 #else
3010 #define MAYBE_INIT_TCACHE()
3011 #endif
3013 void *
3014 __libc_malloc (size_t bytes)
3016 mstate ar_ptr;
3017 void *victim;
3019 void *(*hook) (size_t, const void *)
3020 = atomic_forced_read (__malloc_hook);
3021 if (__builtin_expect (hook != NULL, 0))
3022 return (*hook)(bytes, RETURN_ADDRESS (0));
3023 #if USE_TCACHE
3024 /* int_free also calls request2size, be careful to not pad twice. */
3025 size_t tbytes = request2size (bytes);
3026 size_t tc_idx = csize2tidx (tbytes);
3028 MAYBE_INIT_TCACHE ();
3030 DIAG_PUSH_NEEDS_COMMENT;
3031 if (tc_idx < mp_.tcache_bins
3032 /*&& tc_idx < TCACHE_MAX_BINS*/ /* to appease gcc */
3033 && tcache
3034 && tcache->entries[tc_idx] != NULL)
3036 return tcache_get (tc_idx);
3038 DIAG_POP_NEEDS_COMMENT;
3039 #endif
3041 arena_get (ar_ptr, bytes);
3043 victim = _int_malloc (ar_ptr, bytes);
3044 /* Retry with another arena only if we were able to find a usable arena
3045 before. */
3046 if (!victim && ar_ptr != NULL)
3048 LIBC_PROBE (memory_malloc_retry, 1, bytes);
3049 ar_ptr = arena_get_retry (ar_ptr, bytes);
3050 victim = _int_malloc (ar_ptr, bytes);
3053 if (ar_ptr != NULL)
3054 __libc_lock_unlock (ar_ptr->mutex);
3056 assert (!victim || chunk_is_mmapped (mem2chunk (victim)) ||
3057 ar_ptr == arena_for_chunk (mem2chunk (victim)));
3058 return victim;
3060 libc_hidden_def (__libc_malloc)
3062 void
3063 __libc_free (void *mem)
3065 mstate ar_ptr;
3066 mchunkptr p; /* chunk corresponding to mem */
3068 void (*hook) (void *, const void *)
3069 = atomic_forced_read (__free_hook);
3070 if (__builtin_expect (hook != NULL, 0))
3072 (*hook)(mem, RETURN_ADDRESS (0));
3073 return;
3076 if (mem == 0) /* free(0) has no effect */
3077 return;
3079 p = mem2chunk (mem);
3081 if (chunk_is_mmapped (p)) /* release mmapped memory. */
3083 /* See if the dynamic brk/mmap threshold needs adjusting.
3084 Dumped fake mmapped chunks do not affect the threshold. */
3085 if (!mp_.no_dyn_threshold
3086 && chunksize_nomask (p) > mp_.mmap_threshold
3087 && chunksize_nomask (p) <= DEFAULT_MMAP_THRESHOLD_MAX
3088 && !DUMPED_MAIN_ARENA_CHUNK (p))
3090 mp_.mmap_threshold = chunksize (p);
3091 mp_.trim_threshold = 2 * mp_.mmap_threshold;
3092 LIBC_PROBE (memory_mallopt_free_dyn_thresholds, 2,
3093 mp_.mmap_threshold, mp_.trim_threshold);
3095 munmap_chunk (p);
3096 return;
3099 MAYBE_INIT_TCACHE ();
3101 ar_ptr = arena_for_chunk (p);
3102 _int_free (ar_ptr, p, 0);
3104 libc_hidden_def (__libc_free)
3106 void *
3107 __libc_realloc (void *oldmem, size_t bytes)
3109 mstate ar_ptr;
3110 INTERNAL_SIZE_T nb; /* padded request size */
3112 void *newp; /* chunk to return */
3114 void *(*hook) (void *, size_t, const void *) =
3115 atomic_forced_read (__realloc_hook);
3116 if (__builtin_expect (hook != NULL, 0))
3117 return (*hook)(oldmem, bytes, RETURN_ADDRESS (0));
3119 #if REALLOC_ZERO_BYTES_FREES
3120 if (bytes == 0 && oldmem != NULL)
3122 __libc_free (oldmem); return 0;
3124 #endif
3126 /* realloc of null is supposed to be same as malloc */
3127 if (oldmem == 0)
3128 return __libc_malloc (bytes);
3130 /* chunk corresponding to oldmem */
3131 const mchunkptr oldp = mem2chunk (oldmem);
3132 /* its size */
3133 const INTERNAL_SIZE_T oldsize = chunksize (oldp);
3135 if (chunk_is_mmapped (oldp))
3136 ar_ptr = NULL;
3137 else
3139 MAYBE_INIT_TCACHE ();
3140 ar_ptr = arena_for_chunk (oldp);
3143 /* Little security check which won't hurt performance: the allocator
3144 never wrapps around at the end of the address space. Therefore
3145 we can exclude some size values which might appear here by
3146 accident or by "design" from some intruder. We need to bypass
3147 this check for dumped fake mmap chunks from the old main arena
3148 because the new malloc may provide additional alignment. */
3149 if ((__builtin_expect ((uintptr_t) oldp > (uintptr_t) -oldsize, 0)
3150 || __builtin_expect (misaligned_chunk (oldp), 0))
3151 && !DUMPED_MAIN_ARENA_CHUNK (oldp))
3152 malloc_printerr ("realloc(): invalid pointer");
3154 checked_request2size (bytes, nb);
3156 if (chunk_is_mmapped (oldp))
3158 /* If this is a faked mmapped chunk from the dumped main arena,
3159 always make a copy (and do not free the old chunk). */
3160 if (DUMPED_MAIN_ARENA_CHUNK (oldp))
3162 /* Must alloc, copy, free. */
3163 void *newmem = __libc_malloc (bytes);
3164 if (newmem == 0)
3165 return NULL;
3166 /* Copy as many bytes as are available from the old chunk
3167 and fit into the new size. NB: The overhead for faked
3168 mmapped chunks is only SIZE_SZ, not 2 * SIZE_SZ as for
3169 regular mmapped chunks. */
3170 if (bytes > oldsize - SIZE_SZ)
3171 bytes = oldsize - SIZE_SZ;
3172 memcpy (newmem, oldmem, bytes);
3173 return newmem;
3176 void *newmem;
3178 #if HAVE_MREMAP
3179 newp = mremap_chunk (oldp, nb);
3180 if (newp)
3181 return chunk2mem (newp);
3182 #endif
3183 /* Note the extra SIZE_SZ overhead. */
3184 if (oldsize - SIZE_SZ >= nb)
3185 return oldmem; /* do nothing */
3187 /* Must alloc, copy, free. */
3188 newmem = __libc_malloc (bytes);
3189 if (newmem == 0)
3190 return 0; /* propagate failure */
3192 memcpy (newmem, oldmem, oldsize - 2 * SIZE_SZ);
3193 munmap_chunk (oldp);
3194 return newmem;
3197 __libc_lock_lock (ar_ptr->mutex);
3199 newp = _int_realloc (ar_ptr, oldp, oldsize, nb);
3201 __libc_lock_unlock (ar_ptr->mutex);
3202 assert (!newp || chunk_is_mmapped (mem2chunk (newp)) ||
3203 ar_ptr == arena_for_chunk (mem2chunk (newp)));
3205 if (newp == NULL)
3207 /* Try harder to allocate memory in other arenas. */
3208 LIBC_PROBE (memory_realloc_retry, 2, bytes, oldmem);
3209 newp = __libc_malloc (bytes);
3210 if (newp != NULL)
3212 memcpy (newp, oldmem, oldsize - SIZE_SZ);
3213 _int_free (ar_ptr, oldp, 0);
3217 return newp;
3219 libc_hidden_def (__libc_realloc)
3221 void *
3222 __libc_memalign (size_t alignment, size_t bytes)
3224 void *address = RETURN_ADDRESS (0);
3225 return _mid_memalign (alignment, bytes, address);
3228 static void *
3229 _mid_memalign (size_t alignment, size_t bytes, void *address)
3231 mstate ar_ptr;
3232 void *p;
3234 void *(*hook) (size_t, size_t, const void *) =
3235 atomic_forced_read (__memalign_hook);
3236 if (__builtin_expect (hook != NULL, 0))
3237 return (*hook)(alignment, bytes, address);
3239 /* If we need less alignment than we give anyway, just relay to malloc. */
3240 if (alignment <= MALLOC_ALIGNMENT)
3241 return __libc_malloc (bytes);
3243 /* Otherwise, ensure that it is at least a minimum chunk size */
3244 if (alignment < MINSIZE)
3245 alignment = MINSIZE;
3247 /* If the alignment is greater than SIZE_MAX / 2 + 1 it cannot be a
3248 power of 2 and will cause overflow in the check below. */
3249 if (alignment > SIZE_MAX / 2 + 1)
3251 __set_errno (EINVAL);
3252 return 0;
3255 /* Check for overflow. */
3256 if (bytes > SIZE_MAX - alignment - MINSIZE)
3258 __set_errno (ENOMEM);
3259 return 0;
3263 /* Make sure alignment is power of 2. */
3264 if (!powerof2 (alignment))
3266 size_t a = MALLOC_ALIGNMENT * 2;
3267 while (a < alignment)
3268 a <<= 1;
3269 alignment = a;
3272 arena_get (ar_ptr, bytes + alignment + MINSIZE);
3274 p = _int_memalign (ar_ptr, alignment, bytes);
3275 if (!p && ar_ptr != NULL)
3277 LIBC_PROBE (memory_memalign_retry, 2, bytes, alignment);
3278 ar_ptr = arena_get_retry (ar_ptr, bytes);
3279 p = _int_memalign (ar_ptr, alignment, bytes);
3282 if (ar_ptr != NULL)
3283 __libc_lock_unlock (ar_ptr->mutex);
3285 assert (!p || chunk_is_mmapped (mem2chunk (p)) ||
3286 ar_ptr == arena_for_chunk (mem2chunk (p)));
3287 return p;
3289 /* For ISO C11. */
3290 weak_alias (__libc_memalign, aligned_alloc)
3291 libc_hidden_def (__libc_memalign)
3293 void *
3294 __libc_valloc (size_t bytes)
3296 if (__malloc_initialized < 0)
3297 ptmalloc_init ();
3299 void *address = RETURN_ADDRESS (0);
3300 size_t pagesize = GLRO (dl_pagesize);
3301 return _mid_memalign (pagesize, bytes, address);
3304 void *
3305 __libc_pvalloc (size_t bytes)
3307 if (__malloc_initialized < 0)
3308 ptmalloc_init ();
3310 void *address = RETURN_ADDRESS (0);
3311 size_t pagesize = GLRO (dl_pagesize);
3312 size_t rounded_bytes = ALIGN_UP (bytes, pagesize);
3314 /* Check for overflow. */
3315 if (bytes > SIZE_MAX - 2 * pagesize - MINSIZE)
3317 __set_errno (ENOMEM);
3318 return 0;
3321 return _mid_memalign (pagesize, rounded_bytes, address);
3324 void *
3325 __libc_calloc (size_t n, size_t elem_size)
3327 mstate av;
3328 mchunkptr oldtop, p;
3329 INTERNAL_SIZE_T bytes, sz, csz, oldtopsize;
3330 void *mem;
3331 unsigned long clearsize;
3332 unsigned long nclears;
3333 INTERNAL_SIZE_T *d;
3335 /* size_t is unsigned so the behavior on overflow is defined. */
3336 bytes = n * elem_size;
3337 #define HALF_INTERNAL_SIZE_T \
3338 (((INTERNAL_SIZE_T) 1) << (8 * sizeof (INTERNAL_SIZE_T) / 2))
3339 if (__builtin_expect ((n | elem_size) >= HALF_INTERNAL_SIZE_T, 0))
3341 if (elem_size != 0 && bytes / elem_size != n)
3343 __set_errno (ENOMEM);
3344 return 0;
3348 void *(*hook) (size_t, const void *) =
3349 atomic_forced_read (__malloc_hook);
3350 if (__builtin_expect (hook != NULL, 0))
3352 sz = bytes;
3353 mem = (*hook)(sz, RETURN_ADDRESS (0));
3354 if (mem == 0)
3355 return 0;
3357 return memset (mem, 0, sz);
3360 sz = bytes;
3362 MAYBE_INIT_TCACHE ();
3364 arena_get (av, sz);
3365 if (av)
3367 /* Check if we hand out the top chunk, in which case there may be no
3368 need to clear. */
3369 #if MORECORE_CLEARS
3370 oldtop = top (av);
3371 oldtopsize = chunksize (top (av));
3372 # if MORECORE_CLEARS < 2
3373 /* Only newly allocated memory is guaranteed to be cleared. */
3374 if (av == &main_arena &&
3375 oldtopsize < mp_.sbrk_base + av->max_system_mem - (char *) oldtop)
3376 oldtopsize = (mp_.sbrk_base + av->max_system_mem - (char *) oldtop);
3377 # endif
3378 if (av != &main_arena)
3380 heap_info *heap = heap_for_ptr (oldtop);
3381 if (oldtopsize < (char *) heap + heap->mprotect_size - (char *) oldtop)
3382 oldtopsize = (char *) heap + heap->mprotect_size - (char *) oldtop;
3384 #endif
3386 else
3388 /* No usable arenas. */
3389 oldtop = 0;
3390 oldtopsize = 0;
3392 mem = _int_malloc (av, sz);
3395 assert (!mem || chunk_is_mmapped (mem2chunk (mem)) ||
3396 av == arena_for_chunk (mem2chunk (mem)));
3398 if (mem == 0 && av != NULL)
3400 LIBC_PROBE (memory_calloc_retry, 1, sz);
3401 av = arena_get_retry (av, sz);
3402 mem = _int_malloc (av, sz);
3405 if (av != NULL)
3406 __libc_lock_unlock (av->mutex);
3408 /* Allocation failed even after a retry. */
3409 if (mem == 0)
3410 return 0;
3412 p = mem2chunk (mem);
3414 /* Two optional cases in which clearing not necessary */
3415 if (chunk_is_mmapped (p))
3417 if (__builtin_expect (perturb_byte, 0))
3418 return memset (mem, 0, sz);
3420 return mem;
3423 csz = chunksize (p);
3425 #if MORECORE_CLEARS
3426 if (perturb_byte == 0 && (p == oldtop && csz > oldtopsize))
3428 /* clear only the bytes from non-freshly-sbrked memory */
3429 csz = oldtopsize;
3431 #endif
3433 /* Unroll clear of <= 36 bytes (72 if 8byte sizes). We know that
3434 contents have an odd number of INTERNAL_SIZE_T-sized words;
3435 minimally 3. */
3436 d = (INTERNAL_SIZE_T *) mem;
3437 clearsize = csz - SIZE_SZ;
3438 nclears = clearsize / sizeof (INTERNAL_SIZE_T);
3439 assert (nclears >= 3);
3441 if (nclears > 9)
3442 return memset (d, 0, clearsize);
3444 else
3446 *(d + 0) = 0;
3447 *(d + 1) = 0;
3448 *(d + 2) = 0;
3449 if (nclears > 4)
3451 *(d + 3) = 0;
3452 *(d + 4) = 0;
3453 if (nclears > 6)
3455 *(d + 5) = 0;
3456 *(d + 6) = 0;
3457 if (nclears > 8)
3459 *(d + 7) = 0;
3460 *(d + 8) = 0;
3466 return mem;
3470 ------------------------------ malloc ------------------------------
3473 static void *
3474 _int_malloc (mstate av, size_t bytes)
3476 INTERNAL_SIZE_T nb; /* normalized request size */
3477 unsigned int idx; /* associated bin index */
3478 mbinptr bin; /* associated bin */
3480 mchunkptr victim; /* inspected/selected chunk */
3481 INTERNAL_SIZE_T size; /* its size */
3482 int victim_index; /* its bin index */
3484 mchunkptr remainder; /* remainder from a split */
3485 unsigned long remainder_size; /* its size */
3487 unsigned int block; /* bit map traverser */
3488 unsigned int bit; /* bit map traverser */
3489 unsigned int map; /* current word of binmap */
3491 mchunkptr fwd; /* misc temp for linking */
3492 mchunkptr bck; /* misc temp for linking */
3494 #if USE_TCACHE
3495 size_t tcache_unsorted_count; /* count of unsorted chunks processed */
3496 #endif
3499 Convert request size to internal form by adding SIZE_SZ bytes
3500 overhead plus possibly more to obtain necessary alignment and/or
3501 to obtain a size of at least MINSIZE, the smallest allocatable
3502 size. Also, checked_request2size traps (returning 0) request sizes
3503 that are so large that they wrap around zero when padded and
3504 aligned.
3507 checked_request2size (bytes, nb);
3509 /* There are no usable arenas. Fall back to sysmalloc to get a chunk from
3510 mmap. */
3511 if (__glibc_unlikely (av == NULL))
3513 void *p = sysmalloc (nb, av);
3514 if (p != NULL)
3515 alloc_perturb (p, bytes);
3516 return p;
3520 If the size qualifies as a fastbin, first check corresponding bin.
3521 This code is safe to execute even if av is not yet initialized, so we
3522 can try it without checking, which saves some time on this fast path.
3525 #define REMOVE_FB(fb, victim, pp) \
3526 do \
3528 victim = pp; \
3529 if (victim == NULL) \
3530 break; \
3532 while ((pp = catomic_compare_and_exchange_val_acq (fb, victim->fd, victim)) \
3533 != victim); \
3535 if ((unsigned long) (nb) <= (unsigned long) (get_max_fast ()))
3537 idx = fastbin_index (nb);
3538 mfastbinptr *fb = &fastbin (av, idx);
3539 mchunkptr pp = *fb;
3540 REMOVE_FB (fb, victim, pp);
3541 if (victim != 0)
3543 if (__builtin_expect (fastbin_index (chunksize (victim)) != idx, 0))
3544 malloc_printerr ("malloc(): memory corruption (fast)");
3545 check_remalloced_chunk (av, victim, nb);
3546 #if USE_TCACHE
3547 /* While we're here, if we see other chunks of the same size,
3548 stash them in the tcache. */
3549 size_t tc_idx = csize2tidx (nb);
3550 if (tcache && tc_idx < mp_.tcache_bins)
3552 mchunkptr tc_victim;
3554 /* While bin not empty and tcache not full, copy chunks over. */
3555 while (tcache->counts[tc_idx] < mp_.tcache_count
3556 && (pp = *fb) != NULL)
3558 REMOVE_FB (fb, tc_victim, pp);
3559 if (tc_victim != 0)
3561 tcache_put (tc_victim, tc_idx);
3565 #endif
3566 void *p = chunk2mem (victim);
3567 alloc_perturb (p, bytes);
3568 return p;
3573 If a small request, check regular bin. Since these "smallbins"
3574 hold one size each, no searching within bins is necessary.
3575 (For a large request, we need to wait until unsorted chunks are
3576 processed to find best fit. But for small ones, fits are exact
3577 anyway, so we can check now, which is faster.)
3580 if (in_smallbin_range (nb))
3582 idx = smallbin_index (nb);
3583 bin = bin_at (av, idx);
3585 if ((victim = last (bin)) != bin)
3587 bck = victim->bk;
3588 if (__glibc_unlikely (bck->fd != victim))
3589 malloc_printerr ("malloc(): smallbin double linked list corrupted");
3590 set_inuse_bit_at_offset (victim, nb);
3591 bin->bk = bck;
3592 bck->fd = bin;
3594 if (av != &main_arena)
3595 set_non_main_arena (victim);
3596 check_malloced_chunk (av, victim, nb);
3597 #if USE_TCACHE
3598 /* While we're here, if we see other chunks of the same size,
3599 stash them in the tcache. */
3600 size_t tc_idx = csize2tidx (nb);
3601 if (tcache && tc_idx < mp_.tcache_bins)
3603 mchunkptr tc_victim;
3605 /* While bin not empty and tcache not full, copy chunks over. */
3606 while (tcache->counts[tc_idx] < mp_.tcache_count
3607 && (tc_victim = last (bin)) != bin)
3609 if (tc_victim != 0)
3611 bck = tc_victim->bk;
3612 set_inuse_bit_at_offset (tc_victim, nb);
3613 if (av != &main_arena)
3614 set_non_main_arena (tc_victim);
3615 bin->bk = bck;
3616 bck->fd = bin;
3618 tcache_put (tc_victim, tc_idx);
3622 #endif
3623 void *p = chunk2mem (victim);
3624 alloc_perturb (p, bytes);
3625 return p;
3630 If this is a large request, consolidate fastbins before continuing.
3631 While it might look excessive to kill all fastbins before
3632 even seeing if there is space available, this avoids
3633 fragmentation problems normally associated with fastbins.
3634 Also, in practice, programs tend to have runs of either small or
3635 large requests, but less often mixtures, so consolidation is not
3636 invoked all that often in most programs. And the programs that
3637 it is called frequently in otherwise tend to fragment.
3640 else
3642 idx = largebin_index (nb);
3643 if (atomic_load_relaxed (&av->have_fastchunks))
3644 malloc_consolidate (av);
3648 Process recently freed or remaindered chunks, taking one only if
3649 it is exact fit, or, if this a small request, the chunk is remainder from
3650 the most recent non-exact fit. Place other traversed chunks in
3651 bins. Note that this step is the only place in any routine where
3652 chunks are placed in bins.
3654 The outer loop here is needed because we might not realize until
3655 near the end of malloc that we should have consolidated, so must
3656 do so and retry. This happens at most once, and only when we would
3657 otherwise need to expand memory to service a "small" request.
3660 #if USE_TCACHE
3661 INTERNAL_SIZE_T tcache_nb = 0;
3662 size_t tc_idx = csize2tidx (nb);
3663 if (tcache && tc_idx < mp_.tcache_bins)
3664 tcache_nb = nb;
3665 int return_cached = 0;
3667 tcache_unsorted_count = 0;
3668 #endif
3670 for (;; )
3672 int iters = 0;
3673 while ((victim = unsorted_chunks (av)->bk) != unsorted_chunks (av))
3675 bck = victim->bk;
3676 if (__builtin_expect (chunksize_nomask (victim) <= 2 * SIZE_SZ, 0)
3677 || __builtin_expect (chunksize_nomask (victim)
3678 > av->system_mem, 0))
3679 malloc_printerr ("malloc(): memory corruption");
3680 size = chunksize (victim);
3683 If a small request, try to use last remainder if it is the
3684 only chunk in unsorted bin. This helps promote locality for
3685 runs of consecutive small requests. This is the only
3686 exception to best-fit, and applies only when there is
3687 no exact fit for a small chunk.
3690 if (in_smallbin_range (nb) &&
3691 bck == unsorted_chunks (av) &&
3692 victim == av->last_remainder &&
3693 (unsigned long) (size) > (unsigned long) (nb + MINSIZE))
3695 /* split and reattach remainder */
3696 remainder_size = size - nb;
3697 remainder = chunk_at_offset (victim, nb);
3698 unsorted_chunks (av)->bk = unsorted_chunks (av)->fd = remainder;
3699 av->last_remainder = remainder;
3700 remainder->bk = remainder->fd = unsorted_chunks (av);
3701 if (!in_smallbin_range (remainder_size))
3703 remainder->fd_nextsize = NULL;
3704 remainder->bk_nextsize = NULL;
3707 set_head (victim, nb | PREV_INUSE |
3708 (av != &main_arena ? NON_MAIN_ARENA : 0));
3709 set_head (remainder, remainder_size | PREV_INUSE);
3710 set_foot (remainder, remainder_size);
3712 check_malloced_chunk (av, victim, nb);
3713 void *p = chunk2mem (victim);
3714 alloc_perturb (p, bytes);
3715 return p;
3718 /* remove from unsorted list */
3719 unsorted_chunks (av)->bk = bck;
3720 bck->fd = unsorted_chunks (av);
3722 /* Take now instead of binning if exact fit */
3724 if (size == nb)
3726 set_inuse_bit_at_offset (victim, size);
3727 if (av != &main_arena)
3728 set_non_main_arena (victim);
3729 #if USE_TCACHE
3730 /* Fill cache first, return to user only if cache fills.
3731 We may return one of these chunks later. */
3732 if (tcache_nb
3733 && tcache->counts[tc_idx] < mp_.tcache_count)
3735 tcache_put (victim, tc_idx);
3736 return_cached = 1;
3737 continue;
3739 else
3741 #endif
3742 check_malloced_chunk (av, victim, nb);
3743 void *p = chunk2mem (victim);
3744 alloc_perturb (p, bytes);
3745 return p;
3746 #if USE_TCACHE
3748 #endif
3751 /* place chunk in bin */
3753 if (in_smallbin_range (size))
3755 victim_index = smallbin_index (size);
3756 bck = bin_at (av, victim_index);
3757 fwd = bck->fd;
3759 else
3761 victim_index = largebin_index (size);
3762 bck = bin_at (av, victim_index);
3763 fwd = bck->fd;
3765 /* maintain large bins in sorted order */
3766 if (fwd != bck)
3768 /* Or with inuse bit to speed comparisons */
3769 size |= PREV_INUSE;
3770 /* if smaller than smallest, bypass loop below */
3771 assert (chunk_main_arena (bck->bk));
3772 if ((unsigned long) (size)
3773 < (unsigned long) chunksize_nomask (bck->bk))
3775 fwd = bck;
3776 bck = bck->bk;
3778 victim->fd_nextsize = fwd->fd;
3779 victim->bk_nextsize = fwd->fd->bk_nextsize;
3780 fwd->fd->bk_nextsize = victim->bk_nextsize->fd_nextsize = victim;
3782 else
3784 assert (chunk_main_arena (fwd));
3785 while ((unsigned long) size < chunksize_nomask (fwd))
3787 fwd = fwd->fd_nextsize;
3788 assert (chunk_main_arena (fwd));
3791 if ((unsigned long) size
3792 == (unsigned long) chunksize_nomask (fwd))
3793 /* Always insert in the second position. */
3794 fwd = fwd->fd;
3795 else
3797 victim->fd_nextsize = fwd;
3798 victim->bk_nextsize = fwd->bk_nextsize;
3799 fwd->bk_nextsize = victim;
3800 victim->bk_nextsize->fd_nextsize = victim;
3802 bck = fwd->bk;
3805 else
3806 victim->fd_nextsize = victim->bk_nextsize = victim;
3809 mark_bin (av, victim_index);
3810 victim->bk = bck;
3811 victim->fd = fwd;
3812 fwd->bk = victim;
3813 bck->fd = victim;
3815 #if USE_TCACHE
3816 /* If we've processed as many chunks as we're allowed while
3817 filling the cache, return one of the cached ones. */
3818 ++tcache_unsorted_count;
3819 if (return_cached
3820 && mp_.tcache_unsorted_limit > 0
3821 && tcache_unsorted_count > mp_.tcache_unsorted_limit)
3823 return tcache_get (tc_idx);
3825 #endif
3827 #define MAX_ITERS 10000
3828 if (++iters >= MAX_ITERS)
3829 break;
3832 #if USE_TCACHE
3833 /* If all the small chunks we found ended up cached, return one now. */
3834 if (return_cached)
3836 return tcache_get (tc_idx);
3838 #endif
3841 If a large request, scan through the chunks of current bin in
3842 sorted order to find smallest that fits. Use the skip list for this.
3845 if (!in_smallbin_range (nb))
3847 bin = bin_at (av, idx);
3849 /* skip scan if empty or largest chunk is too small */
3850 if ((victim = first (bin)) != bin
3851 && (unsigned long) chunksize_nomask (victim)
3852 >= (unsigned long) (nb))
3854 victim = victim->bk_nextsize;
3855 while (((unsigned long) (size = chunksize (victim)) <
3856 (unsigned long) (nb)))
3857 victim = victim->bk_nextsize;
3859 /* Avoid removing the first entry for a size so that the skip
3860 list does not have to be rerouted. */
3861 if (victim != last (bin)
3862 && chunksize_nomask (victim)
3863 == chunksize_nomask (victim->fd))
3864 victim = victim->fd;
3866 remainder_size = size - nb;
3867 unlink (av, victim, bck, fwd);
3869 /* Exhaust */
3870 if (remainder_size < MINSIZE)
3872 set_inuse_bit_at_offset (victim, size);
3873 if (av != &main_arena)
3874 set_non_main_arena (victim);
3876 /* Split */
3877 else
3879 remainder = chunk_at_offset (victim, nb);
3880 /* We cannot assume the unsorted list is empty and therefore
3881 have to perform a complete insert here. */
3882 bck = unsorted_chunks (av);
3883 fwd = bck->fd;
3884 if (__glibc_unlikely (fwd->bk != bck))
3885 malloc_printerr ("malloc(): corrupted unsorted chunks");
3886 remainder->bk = bck;
3887 remainder->fd = fwd;
3888 bck->fd = remainder;
3889 fwd->bk = remainder;
3890 if (!in_smallbin_range (remainder_size))
3892 remainder->fd_nextsize = NULL;
3893 remainder->bk_nextsize = NULL;
3895 set_head (victim, nb | PREV_INUSE |
3896 (av != &main_arena ? NON_MAIN_ARENA : 0));
3897 set_head (remainder, remainder_size | PREV_INUSE);
3898 set_foot (remainder, remainder_size);
3900 check_malloced_chunk (av, victim, nb);
3901 void *p = chunk2mem (victim);
3902 alloc_perturb (p, bytes);
3903 return p;
3908 Search for a chunk by scanning bins, starting with next largest
3909 bin. This search is strictly by best-fit; i.e., the smallest
3910 (with ties going to approximately the least recently used) chunk
3911 that fits is selected.
3913 The bitmap avoids needing to check that most blocks are nonempty.
3914 The particular case of skipping all bins during warm-up phases
3915 when no chunks have been returned yet is faster than it might look.
3918 ++idx;
3919 bin = bin_at (av, idx);
3920 block = idx2block (idx);
3921 map = av->binmap[block];
3922 bit = idx2bit (idx);
3924 for (;; )
3926 /* Skip rest of block if there are no more set bits in this block. */
3927 if (bit > map || bit == 0)
3931 if (++block >= BINMAPSIZE) /* out of bins */
3932 goto use_top;
3934 while ((map = av->binmap[block]) == 0);
3936 bin = bin_at (av, (block << BINMAPSHIFT));
3937 bit = 1;
3940 /* Advance to bin with set bit. There must be one. */
3941 while ((bit & map) == 0)
3943 bin = next_bin (bin);
3944 bit <<= 1;
3945 assert (bit != 0);
3948 /* Inspect the bin. It is likely to be non-empty */
3949 victim = last (bin);
3951 /* If a false alarm (empty bin), clear the bit. */
3952 if (victim == bin)
3954 av->binmap[block] = map &= ~bit; /* Write through */
3955 bin = next_bin (bin);
3956 bit <<= 1;
3959 else
3961 size = chunksize (victim);
3963 /* We know the first chunk in this bin is big enough to use. */
3964 assert ((unsigned long) (size) >= (unsigned long) (nb));
3966 remainder_size = size - nb;
3968 /* unlink */
3969 unlink (av, victim, bck, fwd);
3971 /* Exhaust */
3972 if (remainder_size < MINSIZE)
3974 set_inuse_bit_at_offset (victim, size);
3975 if (av != &main_arena)
3976 set_non_main_arena (victim);
3979 /* Split */
3980 else
3982 remainder = chunk_at_offset (victim, nb);
3984 /* We cannot assume the unsorted list is empty and therefore
3985 have to perform a complete insert here. */
3986 bck = unsorted_chunks (av);
3987 fwd = bck->fd;
3988 if (__glibc_unlikely (fwd->bk != bck))
3989 malloc_printerr ("malloc(): corrupted unsorted chunks 2");
3990 remainder->bk = bck;
3991 remainder->fd = fwd;
3992 bck->fd = remainder;
3993 fwd->bk = remainder;
3995 /* advertise as last remainder */
3996 if (in_smallbin_range (nb))
3997 av->last_remainder = remainder;
3998 if (!in_smallbin_range (remainder_size))
4000 remainder->fd_nextsize = NULL;
4001 remainder->bk_nextsize = NULL;
4003 set_head (victim, nb | PREV_INUSE |
4004 (av != &main_arena ? NON_MAIN_ARENA : 0));
4005 set_head (remainder, remainder_size | PREV_INUSE);
4006 set_foot (remainder, remainder_size);
4008 check_malloced_chunk (av, victim, nb);
4009 void *p = chunk2mem (victim);
4010 alloc_perturb (p, bytes);
4011 return p;
4015 use_top:
4017 If large enough, split off the chunk bordering the end of memory
4018 (held in av->top). Note that this is in accord with the best-fit
4019 search rule. In effect, av->top is treated as larger (and thus
4020 less well fitting) than any other available chunk since it can
4021 be extended to be as large as necessary (up to system
4022 limitations).
4024 We require that av->top always exists (i.e., has size >=
4025 MINSIZE) after initialization, so if it would otherwise be
4026 exhausted by current request, it is replenished. (The main
4027 reason for ensuring it exists is that we may need MINSIZE space
4028 to put in fenceposts in sysmalloc.)
4031 victim = av->top;
4032 size = chunksize (victim);
4034 if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
4036 remainder_size = size - nb;
4037 remainder = chunk_at_offset (victim, nb);
4038 av->top = remainder;
4039 set_head (victim, nb | PREV_INUSE |
4040 (av != &main_arena ? NON_MAIN_ARENA : 0));
4041 set_head (remainder, remainder_size | PREV_INUSE);
4043 check_malloced_chunk (av, victim, nb);
4044 void *p = chunk2mem (victim);
4045 alloc_perturb (p, bytes);
4046 return p;
4049 /* When we are using atomic ops to free fast chunks we can get
4050 here for all block sizes. */
4051 else if (atomic_load_relaxed (&av->have_fastchunks))
4053 malloc_consolidate (av);
4054 /* restore original bin index */
4055 if (in_smallbin_range (nb))
4056 idx = smallbin_index (nb);
4057 else
4058 idx = largebin_index (nb);
4062 Otherwise, relay to handle system-dependent cases
4064 else
4066 void *p = sysmalloc (nb, av);
4067 if (p != NULL)
4068 alloc_perturb (p, bytes);
4069 return p;
4075 ------------------------------ free ------------------------------
4078 static void
4079 _int_free (mstate av, mchunkptr p, int have_lock)
4081 INTERNAL_SIZE_T size; /* its size */
4082 mfastbinptr *fb; /* associated fastbin */
4083 mchunkptr nextchunk; /* next contiguous chunk */
4084 INTERNAL_SIZE_T nextsize; /* its size */
4085 int nextinuse; /* true if nextchunk is used */
4086 INTERNAL_SIZE_T prevsize; /* size of previous contiguous chunk */
4087 mchunkptr bck; /* misc temp for linking */
4088 mchunkptr fwd; /* misc temp for linking */
4090 size = chunksize (p);
4092 /* Little security check which won't hurt performance: the
4093 allocator never wrapps around at the end of the address space.
4094 Therefore we can exclude some size values which might appear
4095 here by accident or by "design" from some intruder. */
4096 if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
4097 || __builtin_expect (misaligned_chunk (p), 0))
4098 malloc_printerr ("free(): invalid pointer");
4099 /* We know that each chunk is at least MINSIZE bytes in size or a
4100 multiple of MALLOC_ALIGNMENT. */
4101 if (__glibc_unlikely (size < MINSIZE || !aligned_OK (size)))
4102 malloc_printerr ("free(): invalid size");
4104 check_inuse_chunk(av, p);
4106 #if USE_TCACHE
4108 size_t tc_idx = csize2tidx (size);
4110 if (tcache
4111 && tc_idx < mp_.tcache_bins
4112 && tcache->counts[tc_idx] < mp_.tcache_count)
4114 tcache_put (p, tc_idx);
4115 return;
4118 #endif
4121 If eligible, place chunk on a fastbin so it can be found
4122 and used quickly in malloc.
4125 if ((unsigned long)(size) <= (unsigned long)(get_max_fast ())
4127 #if TRIM_FASTBINS
4129 If TRIM_FASTBINS set, don't place chunks
4130 bordering top into fastbins
4132 && (chunk_at_offset(p, size) != av->top)
4133 #endif
4136 if (__builtin_expect (chunksize_nomask (chunk_at_offset (p, size))
4137 <= 2 * SIZE_SZ, 0)
4138 || __builtin_expect (chunksize (chunk_at_offset (p, size))
4139 >= av->system_mem, 0))
4141 bool fail = true;
4142 /* We might not have a lock at this point and concurrent modifications
4143 of system_mem might result in a false positive. Redo the test after
4144 getting the lock. */
4145 if (!have_lock)
4147 __libc_lock_lock (av->mutex);
4148 fail = (chunksize_nomask (chunk_at_offset (p, size)) <= 2 * SIZE_SZ
4149 || chunksize (chunk_at_offset (p, size)) >= av->system_mem);
4150 __libc_lock_unlock (av->mutex);
4153 if (fail)
4154 malloc_printerr ("free(): invalid next size (fast)");
4157 free_perturb (chunk2mem(p), size - 2 * SIZE_SZ);
4159 atomic_store_relaxed (&av->have_fastchunks, true);
4160 unsigned int idx = fastbin_index(size);
4161 fb = &fastbin (av, idx);
4163 /* Atomically link P to its fastbin: P->FD = *FB; *FB = P; */
4164 mchunkptr old = *fb, old2;
4166 if (SINGLE_THREAD_P)
4168 /* Check that the top of the bin is not the record we are going to
4169 add (i.e., double free). */
4170 if (__builtin_expect (old == p, 0))
4171 malloc_printerr ("double free or corruption (fasttop)");
4172 p->fd = old;
4173 *fb = p;
4175 else
4178 /* Check that the top of the bin is not the record we are going to
4179 add (i.e., double free). */
4180 if (__builtin_expect (old == p, 0))
4181 malloc_printerr ("double free or corruption (fasttop)");
4182 p->fd = old2 = old;
4184 while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2))
4185 != old2);
4187 /* Check that size of fastbin chunk at the top is the same as
4188 size of the chunk that we are adding. We can dereference OLD
4189 only if we have the lock, otherwise it might have already been
4190 allocated again. */
4191 if (have_lock && old != NULL
4192 && __builtin_expect (fastbin_index (chunksize (old)) != idx, 0))
4193 malloc_printerr ("invalid fastbin entry (free)");
4197 Consolidate other non-mmapped chunks as they arrive.
4200 else if (!chunk_is_mmapped(p)) {
4202 /* If we're single-threaded, don't lock the arena. */
4203 if (SINGLE_THREAD_P)
4204 have_lock = true;
4206 if (!have_lock)
4207 __libc_lock_lock (av->mutex);
4209 nextchunk = chunk_at_offset(p, size);
4211 /* Lightweight tests: check whether the block is already the
4212 top block. */
4213 if (__glibc_unlikely (p == av->top))
4214 malloc_printerr ("double free or corruption (top)");
4215 /* Or whether the next chunk is beyond the boundaries of the arena. */
4216 if (__builtin_expect (contiguous (av)
4217 && (char *) nextchunk
4218 >= ((char *) av->top + chunksize(av->top)), 0))
4219 malloc_printerr ("double free or corruption (out)");
4220 /* Or whether the block is actually not marked used. */
4221 if (__glibc_unlikely (!prev_inuse(nextchunk)))
4222 malloc_printerr ("double free or corruption (!prev)");
4224 nextsize = chunksize(nextchunk);
4225 if (__builtin_expect (chunksize_nomask (nextchunk) <= 2 * SIZE_SZ, 0)
4226 || __builtin_expect (nextsize >= av->system_mem, 0))
4227 malloc_printerr ("free(): invalid next size (normal)");
4229 free_perturb (chunk2mem(p), size - 2 * SIZE_SZ);
4231 /* consolidate backward */
4232 if (!prev_inuse(p)) {
4233 prevsize = prev_size (p);
4234 size += prevsize;
4235 p = chunk_at_offset(p, -((long) prevsize));
4236 unlink(av, p, bck, fwd);
4239 if (nextchunk != av->top) {
4240 /* get and clear inuse bit */
4241 nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
4243 /* consolidate forward */
4244 if (!nextinuse) {
4245 unlink(av, nextchunk, bck, fwd);
4246 size += nextsize;
4247 } else
4248 clear_inuse_bit_at_offset(nextchunk, 0);
4251 Place the chunk in unsorted chunk list. Chunks are
4252 not placed into regular bins until after they have
4253 been given one chance to be used in malloc.
4256 bck = unsorted_chunks(av);
4257 fwd = bck->fd;
4258 if (__glibc_unlikely (fwd->bk != bck))
4259 malloc_printerr ("free(): corrupted unsorted chunks");
4260 p->fd = fwd;
4261 p->bk = bck;
4262 if (!in_smallbin_range(size))
4264 p->fd_nextsize = NULL;
4265 p->bk_nextsize = NULL;
4267 bck->fd = p;
4268 fwd->bk = p;
4270 set_head(p, size | PREV_INUSE);
4271 set_foot(p, size);
4273 check_free_chunk(av, p);
4277 If the chunk borders the current high end of memory,
4278 consolidate into top
4281 else {
4282 size += nextsize;
4283 set_head(p, size | PREV_INUSE);
4284 av->top = p;
4285 check_chunk(av, p);
4289 If freeing a large space, consolidate possibly-surrounding
4290 chunks. Then, if the total unused topmost memory exceeds trim
4291 threshold, ask malloc_trim to reduce top.
4293 Unless max_fast is 0, we don't know if there are fastbins
4294 bordering top, so we cannot tell for sure whether threshold
4295 has been reached unless fastbins are consolidated. But we
4296 don't want to consolidate on each free. As a compromise,
4297 consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD
4298 is reached.
4301 if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) {
4302 if (atomic_load_relaxed (&av->have_fastchunks))
4303 malloc_consolidate(av);
4305 if (av == &main_arena) {
4306 #ifndef MORECORE_CANNOT_TRIM
4307 if ((unsigned long)(chunksize(av->top)) >=
4308 (unsigned long)(mp_.trim_threshold))
4309 systrim(mp_.top_pad, av);
4310 #endif
4311 } else {
4312 /* Always try heap_trim(), even if the top chunk is not
4313 large, because the corresponding heap might go away. */
4314 heap_info *heap = heap_for_ptr(top(av));
4316 assert(heap->ar_ptr == av);
4317 heap_trim(heap, mp_.top_pad);
4321 if (!have_lock)
4322 __libc_lock_unlock (av->mutex);
4325 If the chunk was allocated via mmap, release via munmap().
4328 else {
4329 munmap_chunk (p);
4334 ------------------------- malloc_consolidate -------------------------
4336 malloc_consolidate is a specialized version of free() that tears
4337 down chunks held in fastbins. Free itself cannot be used for this
4338 purpose since, among other things, it might place chunks back onto
4339 fastbins. So, instead, we need to use a minor variant of the same
4340 code.
4343 static void malloc_consolidate(mstate av)
4345 mfastbinptr* fb; /* current fastbin being consolidated */
4346 mfastbinptr* maxfb; /* last fastbin (for loop control) */
4347 mchunkptr p; /* current chunk being consolidated */
4348 mchunkptr nextp; /* next chunk to consolidate */
4349 mchunkptr unsorted_bin; /* bin header */
4350 mchunkptr first_unsorted; /* chunk to link to */
4352 /* These have same use as in free() */
4353 mchunkptr nextchunk;
4354 INTERNAL_SIZE_T size;
4355 INTERNAL_SIZE_T nextsize;
4356 INTERNAL_SIZE_T prevsize;
4357 int nextinuse;
4358 mchunkptr bck;
4359 mchunkptr fwd;
4361 atomic_store_relaxed (&av->have_fastchunks, false);
4363 unsorted_bin = unsorted_chunks(av);
4366 Remove each chunk from fast bin and consolidate it, placing it
4367 then in unsorted bin. Among other reasons for doing this,
4368 placing in unsorted bin avoids needing to calculate actual bins
4369 until malloc is sure that chunks aren't immediately going to be
4370 reused anyway.
4373 maxfb = &fastbin (av, NFASTBINS - 1);
4374 fb = &fastbin (av, 0);
4375 do {
4376 p = atomic_exchange_acq (fb, NULL);
4377 if (p != 0) {
4378 do {
4379 check_inuse_chunk(av, p);
4380 nextp = p->fd;
4382 /* Slightly streamlined version of consolidation code in free() */
4383 size = chunksize (p);
4384 nextchunk = chunk_at_offset(p, size);
4385 nextsize = chunksize(nextchunk);
4387 if (!prev_inuse(p)) {
4388 prevsize = prev_size (p);
4389 size += prevsize;
4390 p = chunk_at_offset(p, -((long) prevsize));
4391 unlink(av, p, bck, fwd);
4394 if (nextchunk != av->top) {
4395 nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
4397 if (!nextinuse) {
4398 size += nextsize;
4399 unlink(av, nextchunk, bck, fwd);
4400 } else
4401 clear_inuse_bit_at_offset(nextchunk, 0);
4403 first_unsorted = unsorted_bin->fd;
4404 unsorted_bin->fd = p;
4405 first_unsorted->bk = p;
4407 if (!in_smallbin_range (size)) {
4408 p->fd_nextsize = NULL;
4409 p->bk_nextsize = NULL;
4412 set_head(p, size | PREV_INUSE);
4413 p->bk = unsorted_bin;
4414 p->fd = first_unsorted;
4415 set_foot(p, size);
4418 else {
4419 size += nextsize;
4420 set_head(p, size | PREV_INUSE);
4421 av->top = p;
4424 } while ( (p = nextp) != 0);
4427 } while (fb++ != maxfb);
4431 ------------------------------ realloc ------------------------------
4434 void*
4435 _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
4436 INTERNAL_SIZE_T nb)
4438 mchunkptr newp; /* chunk to return */
4439 INTERNAL_SIZE_T newsize; /* its size */
4440 void* newmem; /* corresponding user mem */
4442 mchunkptr next; /* next contiguous chunk after oldp */
4444 mchunkptr remainder; /* extra space at end of newp */
4445 unsigned long remainder_size; /* its size */
4447 mchunkptr bck; /* misc temp for linking */
4448 mchunkptr fwd; /* misc temp for linking */
4450 unsigned long copysize; /* bytes to copy */
4451 unsigned int ncopies; /* INTERNAL_SIZE_T words to copy */
4452 INTERNAL_SIZE_T* s; /* copy source */
4453 INTERNAL_SIZE_T* d; /* copy destination */
4455 /* oldmem size */
4456 if (__builtin_expect (chunksize_nomask (oldp) <= 2 * SIZE_SZ, 0)
4457 || __builtin_expect (oldsize >= av->system_mem, 0))
4458 malloc_printerr ("realloc(): invalid old size");
4460 check_inuse_chunk (av, oldp);
4462 /* All callers already filter out mmap'ed chunks. */
4463 assert (!chunk_is_mmapped (oldp));
4465 next = chunk_at_offset (oldp, oldsize);
4466 INTERNAL_SIZE_T nextsize = chunksize (next);
4467 if (__builtin_expect (chunksize_nomask (next) <= 2 * SIZE_SZ, 0)
4468 || __builtin_expect (nextsize >= av->system_mem, 0))
4469 malloc_printerr ("realloc(): invalid next size");
4471 if ((unsigned long) (oldsize) >= (unsigned long) (nb))
4473 /* already big enough; split below */
4474 newp = oldp;
4475 newsize = oldsize;
4478 else
4480 /* Try to expand forward into top */
4481 if (next == av->top &&
4482 (unsigned long) (newsize = oldsize + nextsize) >=
4483 (unsigned long) (nb + MINSIZE))
4485 set_head_size (oldp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0));
4486 av->top = chunk_at_offset (oldp, nb);
4487 set_head (av->top, (newsize - nb) | PREV_INUSE);
4488 check_inuse_chunk (av, oldp);
4489 return chunk2mem (oldp);
4492 /* Try to expand forward into next chunk; split off remainder below */
4493 else if (next != av->top &&
4494 !inuse (next) &&
4495 (unsigned long) (newsize = oldsize + nextsize) >=
4496 (unsigned long) (nb))
4498 newp = oldp;
4499 unlink (av, next, bck, fwd);
4502 /* allocate, copy, free */
4503 else
4505 newmem = _int_malloc (av, nb - MALLOC_ALIGN_MASK);
4506 if (newmem == 0)
4507 return 0; /* propagate failure */
4509 newp = mem2chunk (newmem);
4510 newsize = chunksize (newp);
4513 Avoid copy if newp is next chunk after oldp.
4515 if (newp == next)
4517 newsize += oldsize;
4518 newp = oldp;
4520 else
4523 Unroll copy of <= 36 bytes (72 if 8byte sizes)
4524 We know that contents have an odd number of
4525 INTERNAL_SIZE_T-sized words; minimally 3.
4528 copysize = oldsize - SIZE_SZ;
4529 s = (INTERNAL_SIZE_T *) (chunk2mem (oldp));
4530 d = (INTERNAL_SIZE_T *) (newmem);
4531 ncopies = copysize / sizeof (INTERNAL_SIZE_T);
4532 assert (ncopies >= 3);
4534 if (ncopies > 9)
4535 memcpy (d, s, copysize);
4537 else
4539 *(d + 0) = *(s + 0);
4540 *(d + 1) = *(s + 1);
4541 *(d + 2) = *(s + 2);
4542 if (ncopies > 4)
4544 *(d + 3) = *(s + 3);
4545 *(d + 4) = *(s + 4);
4546 if (ncopies > 6)
4548 *(d + 5) = *(s + 5);
4549 *(d + 6) = *(s + 6);
4550 if (ncopies > 8)
4552 *(d + 7) = *(s + 7);
4553 *(d + 8) = *(s + 8);
4559 _int_free (av, oldp, 1);
4560 check_inuse_chunk (av, newp);
4561 return chunk2mem (newp);
4566 /* If possible, free extra space in old or extended chunk */
4568 assert ((unsigned long) (newsize) >= (unsigned long) (nb));
4570 remainder_size = newsize - nb;
4572 if (remainder_size < MINSIZE) /* not enough extra to split off */
4574 set_head_size (newp, newsize | (av != &main_arena ? NON_MAIN_ARENA : 0));
4575 set_inuse_bit_at_offset (newp, newsize);
4577 else /* split remainder */
4579 remainder = chunk_at_offset (newp, nb);
4580 set_head_size (newp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0));
4581 set_head (remainder, remainder_size | PREV_INUSE |
4582 (av != &main_arena ? NON_MAIN_ARENA : 0));
4583 /* Mark remainder as inuse so free() won't complain */
4584 set_inuse_bit_at_offset (remainder, remainder_size);
4585 _int_free (av, remainder, 1);
4588 check_inuse_chunk (av, newp);
4589 return chunk2mem (newp);
4593 ------------------------------ memalign ------------------------------
4596 static void *
4597 _int_memalign (mstate av, size_t alignment, size_t bytes)
4599 INTERNAL_SIZE_T nb; /* padded request size */
4600 char *m; /* memory returned by malloc call */
4601 mchunkptr p; /* corresponding chunk */
4602 char *brk; /* alignment point within p */
4603 mchunkptr newp; /* chunk to return */
4604 INTERNAL_SIZE_T newsize; /* its size */
4605 INTERNAL_SIZE_T leadsize; /* leading space before alignment point */
4606 mchunkptr remainder; /* spare room at end to split off */
4607 unsigned long remainder_size; /* its size */
4608 INTERNAL_SIZE_T size;
4612 checked_request2size (bytes, nb);
4615 Strategy: find a spot within that chunk that meets the alignment
4616 request, and then possibly free the leading and trailing space.
4620 /* Call malloc with worst case padding to hit alignment. */
4622 m = (char *) (_int_malloc (av, nb + alignment + MINSIZE));
4624 if (m == 0)
4625 return 0; /* propagate failure */
4627 p = mem2chunk (m);
4629 if ((((unsigned long) (m)) % alignment) != 0) /* misaligned */
4631 { /*
4632 Find an aligned spot inside chunk. Since we need to give back
4633 leading space in a chunk of at least MINSIZE, if the first
4634 calculation places us at a spot with less than MINSIZE leader,
4635 we can move to the next aligned spot -- we've allocated enough
4636 total room so that this is always possible.
4638 brk = (char *) mem2chunk (((unsigned long) (m + alignment - 1)) &
4639 - ((signed long) alignment));
4640 if ((unsigned long) (brk - (char *) (p)) < MINSIZE)
4641 brk += alignment;
4643 newp = (mchunkptr) brk;
4644 leadsize = brk - (char *) (p);
4645 newsize = chunksize (p) - leadsize;
4647 /* For mmapped chunks, just adjust offset */
4648 if (chunk_is_mmapped (p))
4650 set_prev_size (newp, prev_size (p) + leadsize);
4651 set_head (newp, newsize | IS_MMAPPED);
4652 return chunk2mem (newp);
4655 /* Otherwise, give back leader, use the rest */
4656 set_head (newp, newsize | PREV_INUSE |
4657 (av != &main_arena ? NON_MAIN_ARENA : 0));
4658 set_inuse_bit_at_offset (newp, newsize);
4659 set_head_size (p, leadsize | (av != &main_arena ? NON_MAIN_ARENA : 0));
4660 _int_free (av, p, 1);
4661 p = newp;
4663 assert (newsize >= nb &&
4664 (((unsigned long) (chunk2mem (p))) % alignment) == 0);
4667 /* Also give back spare room at the end */
4668 if (!chunk_is_mmapped (p))
4670 size = chunksize (p);
4671 if ((unsigned long) (size) > (unsigned long) (nb + MINSIZE))
4673 remainder_size = size - nb;
4674 remainder = chunk_at_offset (p, nb);
4675 set_head (remainder, remainder_size | PREV_INUSE |
4676 (av != &main_arena ? NON_MAIN_ARENA : 0));
4677 set_head_size (p, nb);
4678 _int_free (av, remainder, 1);
4682 check_inuse_chunk (av, p);
4683 return chunk2mem (p);
4688 ------------------------------ malloc_trim ------------------------------
4691 static int
4692 mtrim (mstate av, size_t pad)
4694 /* Ensure all blocks are consolidated. */
4695 malloc_consolidate (av);
4697 const size_t ps = GLRO (dl_pagesize);
4698 int psindex = bin_index (ps);
4699 const size_t psm1 = ps - 1;
4701 int result = 0;
4702 for (int i = 1; i < NBINS; ++i)
4703 if (i == 1 || i >= psindex)
4705 mbinptr bin = bin_at (av, i);
4707 for (mchunkptr p = last (bin); p != bin; p = p->bk)
4709 INTERNAL_SIZE_T size = chunksize (p);
4711 if (size > psm1 + sizeof (struct malloc_chunk))
4713 /* See whether the chunk contains at least one unused page. */
4714 char *paligned_mem = (char *) (((uintptr_t) p
4715 + sizeof (struct malloc_chunk)
4716 + psm1) & ~psm1);
4718 assert ((char *) chunk2mem (p) + 4 * SIZE_SZ <= paligned_mem);
4719 assert ((char *) p + size > paligned_mem);
4721 /* This is the size we could potentially free. */
4722 size -= paligned_mem - (char *) p;
4724 if (size > psm1)
4726 #if MALLOC_DEBUG
4727 /* When debugging we simulate destroying the memory
4728 content. */
4729 memset (paligned_mem, 0x89, size & ~psm1);
4730 #endif
4731 __madvise (paligned_mem, size & ~psm1, MADV_DONTNEED);
4733 result = 1;
4739 #ifndef MORECORE_CANNOT_TRIM
4740 return result | (av == &main_arena ? systrim (pad, av) : 0);
4742 #else
4743 return result;
4744 #endif
4749 __malloc_trim (size_t s)
4751 int result = 0;
4753 if (__malloc_initialized < 0)
4754 ptmalloc_init ();
4756 mstate ar_ptr = &main_arena;
4759 __libc_lock_lock (ar_ptr->mutex);
4760 result |= mtrim (ar_ptr, s);
4761 __libc_lock_unlock (ar_ptr->mutex);
4763 ar_ptr = ar_ptr->next;
4765 while (ar_ptr != &main_arena);
4767 return result;
4772 ------------------------- malloc_usable_size -------------------------
4775 static size_t
4776 musable (void *mem)
4778 mchunkptr p;
4779 if (mem != 0)
4781 p = mem2chunk (mem);
4783 if (__builtin_expect (using_malloc_checking == 1, 0))
4784 return malloc_check_get_size (p);
4786 if (chunk_is_mmapped (p))
4788 if (DUMPED_MAIN_ARENA_CHUNK (p))
4789 return chunksize (p) - SIZE_SZ;
4790 else
4791 return chunksize (p) - 2 * SIZE_SZ;
4793 else if (inuse (p))
4794 return chunksize (p) - SIZE_SZ;
4796 return 0;
4800 size_t
4801 __malloc_usable_size (void *m)
4803 size_t result;
4805 result = musable (m);
4806 return result;
4810 ------------------------------ mallinfo ------------------------------
4811 Accumulate malloc statistics for arena AV into M.
4814 static void
4815 int_mallinfo (mstate av, struct mallinfo *m)
4817 size_t i;
4818 mbinptr b;
4819 mchunkptr p;
4820 INTERNAL_SIZE_T avail;
4821 INTERNAL_SIZE_T fastavail;
4822 int nblocks;
4823 int nfastblocks;
4825 check_malloc_state (av);
4827 /* Account for top */
4828 avail = chunksize (av->top);
4829 nblocks = 1; /* top always exists */
4831 /* traverse fastbins */
4832 nfastblocks = 0;
4833 fastavail = 0;
4835 for (i = 0; i < NFASTBINS; ++i)
4837 for (p = fastbin (av, i); p != 0; p = p->fd)
4839 ++nfastblocks;
4840 fastavail += chunksize (p);
4844 avail += fastavail;
4846 /* traverse regular bins */
4847 for (i = 1; i < NBINS; ++i)
4849 b = bin_at (av, i);
4850 for (p = last (b); p != b; p = p->bk)
4852 ++nblocks;
4853 avail += chunksize (p);
4857 m->smblks += nfastblocks;
4858 m->ordblks += nblocks;
4859 m->fordblks += avail;
4860 m->uordblks += av->system_mem - avail;
4861 m->arena += av->system_mem;
4862 m->fsmblks += fastavail;
4863 if (av == &main_arena)
4865 m->hblks = mp_.n_mmaps;
4866 m->hblkhd = mp_.mmapped_mem;
4867 m->usmblks = 0;
4868 m->keepcost = chunksize (av->top);
4873 struct mallinfo
4874 __libc_mallinfo (void)
4876 struct mallinfo m;
4877 mstate ar_ptr;
4879 if (__malloc_initialized < 0)
4880 ptmalloc_init ();
4882 memset (&m, 0, sizeof (m));
4883 ar_ptr = &main_arena;
4886 __libc_lock_lock (ar_ptr->mutex);
4887 int_mallinfo (ar_ptr, &m);
4888 __libc_lock_unlock (ar_ptr->mutex);
4890 ar_ptr = ar_ptr->next;
4892 while (ar_ptr != &main_arena);
4894 return m;
4898 ------------------------------ malloc_stats ------------------------------
4901 void
4902 __malloc_stats (void)
4904 int i;
4905 mstate ar_ptr;
4906 unsigned int in_use_b = mp_.mmapped_mem, system_b = in_use_b;
4908 if (__malloc_initialized < 0)
4909 ptmalloc_init ();
4910 _IO_flockfile (stderr);
4911 int old_flags2 = ((_IO_FILE *) stderr)->_flags2;
4912 ((_IO_FILE *) stderr)->_flags2 |= _IO_FLAGS2_NOTCANCEL;
4913 for (i = 0, ar_ptr = &main_arena;; i++)
4915 struct mallinfo mi;
4917 memset (&mi, 0, sizeof (mi));
4918 __libc_lock_lock (ar_ptr->mutex);
4919 int_mallinfo (ar_ptr, &mi);
4920 fprintf (stderr, "Arena %d:\n", i);
4921 fprintf (stderr, "system bytes = %10u\n", (unsigned int) mi.arena);
4922 fprintf (stderr, "in use bytes = %10u\n", (unsigned int) mi.uordblks);
4923 #if MALLOC_DEBUG > 1
4924 if (i > 0)
4925 dump_heap (heap_for_ptr (top (ar_ptr)));
4926 #endif
4927 system_b += mi.arena;
4928 in_use_b += mi.uordblks;
4929 __libc_lock_unlock (ar_ptr->mutex);
4930 ar_ptr = ar_ptr->next;
4931 if (ar_ptr == &main_arena)
4932 break;
4934 fprintf (stderr, "Total (incl. mmap):\n");
4935 fprintf (stderr, "system bytes = %10u\n", system_b);
4936 fprintf (stderr, "in use bytes = %10u\n", in_use_b);
4937 fprintf (stderr, "max mmap regions = %10u\n", (unsigned int) mp_.max_n_mmaps);
4938 fprintf (stderr, "max mmap bytes = %10lu\n",
4939 (unsigned long) mp_.max_mmapped_mem);
4940 ((_IO_FILE *) stderr)->_flags2 |= old_flags2;
4941 _IO_funlockfile (stderr);
4946 ------------------------------ mallopt ------------------------------
4948 static inline int
4949 __always_inline
4950 do_set_trim_threshold (size_t value)
4952 LIBC_PROBE (memory_mallopt_trim_threshold, 3, value, mp_.trim_threshold,
4953 mp_.no_dyn_threshold);
4954 mp_.trim_threshold = value;
4955 mp_.no_dyn_threshold = 1;
4956 return 1;
4959 static inline int
4960 __always_inline
4961 do_set_top_pad (size_t value)
4963 LIBC_PROBE (memory_mallopt_top_pad, 3, value, mp_.top_pad,
4964 mp_.no_dyn_threshold);
4965 mp_.top_pad = value;
4966 mp_.no_dyn_threshold = 1;
4967 return 1;
4970 static inline int
4971 __always_inline
4972 do_set_mmap_threshold (size_t value)
4974 /* Forbid setting the threshold too high. */
4975 if (value <= HEAP_MAX_SIZE / 2)
4977 LIBC_PROBE (memory_mallopt_mmap_threshold, 3, value, mp_.mmap_threshold,
4978 mp_.no_dyn_threshold);
4979 mp_.mmap_threshold = value;
4980 mp_.no_dyn_threshold = 1;
4981 return 1;
4983 return 0;
4986 static inline int
4987 __always_inline
4988 do_set_mmaps_max (int32_t value)
4990 LIBC_PROBE (memory_mallopt_mmap_max, 3, value, mp_.n_mmaps_max,
4991 mp_.no_dyn_threshold);
4992 mp_.n_mmaps_max = value;
4993 mp_.no_dyn_threshold = 1;
4994 return 1;
4997 static inline int
4998 __always_inline
4999 do_set_mallopt_check (int32_t value)
5001 return 1;
5004 static inline int
5005 __always_inline
5006 do_set_perturb_byte (int32_t value)
5008 LIBC_PROBE (memory_mallopt_perturb, 2, value, perturb_byte);
5009 perturb_byte = value;
5010 return 1;
5013 static inline int
5014 __always_inline
5015 do_set_arena_test (size_t value)
5017 LIBC_PROBE (memory_mallopt_arena_test, 2, value, mp_.arena_test);
5018 mp_.arena_test = value;
5019 return 1;
5022 static inline int
5023 __always_inline
5024 do_set_arena_max (size_t value)
5026 LIBC_PROBE (memory_mallopt_arena_max, 2, value, mp_.arena_max);
5027 mp_.arena_max = value;
5028 return 1;
5031 #if USE_TCACHE
5032 static inline int
5033 __always_inline
5034 do_set_tcache_max (size_t value)
5036 if (value >= 0 && value <= MAX_TCACHE_SIZE)
5038 LIBC_PROBE (memory_tunable_tcache_max_bytes, 2, value, mp_.tcache_max_bytes);
5039 mp_.tcache_max_bytes = value;
5040 mp_.tcache_bins = csize2tidx (request2size(value)) + 1;
5042 return 1;
5045 static inline int
5046 __always_inline
5047 do_set_tcache_count (size_t value)
5049 LIBC_PROBE (memory_tunable_tcache_count, 2, value, mp_.tcache_count);
5050 mp_.tcache_count = value;
5051 return 1;
5054 static inline int
5055 __always_inline
5056 do_set_tcache_unsorted_limit (size_t value)
5058 LIBC_PROBE (memory_tunable_tcache_unsorted_limit, 2, value, mp_.tcache_unsorted_limit);
5059 mp_.tcache_unsorted_limit = value;
5060 return 1;
5062 #endif
5065 __libc_mallopt (int param_number, int value)
5067 mstate av = &main_arena;
5068 int res = 1;
5070 if (__malloc_initialized < 0)
5071 ptmalloc_init ();
5072 __libc_lock_lock (av->mutex);
5074 LIBC_PROBE (memory_mallopt, 2, param_number, value);
5076 /* We must consolidate main arena before changing max_fast
5077 (see definition of set_max_fast). */
5078 malloc_consolidate (av);
5080 switch (param_number)
5082 case M_MXFAST:
5083 if (value >= 0 && value <= MAX_FAST_SIZE)
5085 LIBC_PROBE (memory_mallopt_mxfast, 2, value, get_max_fast ());
5086 set_max_fast (value);
5088 else
5089 res = 0;
5090 break;
5092 case M_TRIM_THRESHOLD:
5093 do_set_trim_threshold (value);
5094 break;
5096 case M_TOP_PAD:
5097 do_set_top_pad (value);
5098 break;
5100 case M_MMAP_THRESHOLD:
5101 res = do_set_mmap_threshold (value);
5102 break;
5104 case M_MMAP_MAX:
5105 do_set_mmaps_max (value);
5106 break;
5108 case M_CHECK_ACTION:
5109 do_set_mallopt_check (value);
5110 break;
5112 case M_PERTURB:
5113 do_set_perturb_byte (value);
5114 break;
5116 case M_ARENA_TEST:
5117 if (value > 0)
5118 do_set_arena_test (value);
5119 break;
5121 case M_ARENA_MAX:
5122 if (value > 0)
5123 do_set_arena_max (value);
5124 break;
5126 __libc_lock_unlock (av->mutex);
5127 return res;
5129 libc_hidden_def (__libc_mallopt)
5133 -------------------- Alternative MORECORE functions --------------------
5138 General Requirements for MORECORE.
5140 The MORECORE function must have the following properties:
5142 If MORECORE_CONTIGUOUS is false:
5144 * MORECORE must allocate in multiples of pagesize. It will
5145 only be called with arguments that are multiples of pagesize.
5147 * MORECORE(0) must return an address that is at least
5148 MALLOC_ALIGNMENT aligned. (Page-aligning always suffices.)
5150 else (i.e. If MORECORE_CONTIGUOUS is true):
5152 * Consecutive calls to MORECORE with positive arguments
5153 return increasing addresses, indicating that space has been
5154 contiguously extended.
5156 * MORECORE need not allocate in multiples of pagesize.
5157 Calls to MORECORE need not have args of multiples of pagesize.
5159 * MORECORE need not page-align.
5161 In either case:
5163 * MORECORE may allocate more memory than requested. (Or even less,
5164 but this will generally result in a malloc failure.)
5166 * MORECORE must not allocate memory when given argument zero, but
5167 instead return one past the end address of memory from previous