Remove duplicate inclusion of header math-svid-compat.h
[glibc.git] / malloc / malloc.c
blobe3ff778113febdd0533aeea70f1a35f62259bcfd
1 /* Malloc implementation for multiple threads without lock contention.
2 Copyright (C) 1996-2017 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Wolfram Gloger <wg@malloc.de>
5 and Doug Lea <dl@cs.oswego.edu>, 2001.
7 The GNU C Library is free software; you can redistribute it and/or
8 modify it under the terms of the GNU Lesser General Public License as
9 published by the Free Software Foundation; either version 2.1 of the
10 License, or (at your option) any later version.
12 The GNU C Library is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public
18 License along with the GNU C Library; see the file COPYING.LIB. If
19 not, see <http://www.gnu.org/licenses/>. */
22 This is a version (aka ptmalloc2) of malloc/free/realloc written by
23 Doug Lea and adapted to multiple threads/arenas by Wolfram Gloger.
25 There have been substantial changes made after the integration into
26 glibc in all parts of the code. Do not look for much commonality
27 with the ptmalloc2 version.
29 * Version ptmalloc2-20011215
30 based on:
31 VERSION 2.7.0 Sun Mar 11 14:14:06 2001 Doug Lea (dl at gee)
33 * Quickstart
35 In order to compile this implementation, a Makefile is provided with
36 the ptmalloc2 distribution, which has pre-defined targets for some
37 popular systems (e.g. "make posix" for Posix threads). All that is
38 typically required with regard to compiler flags is the selection of
39 the thread package via defining one out of USE_PTHREADS, USE_THR or
40 USE_SPROC. Check the thread-m.h file for what effects this has.
41 Many/most systems will additionally require USE_TSD_DATA_HACK to be
42 defined, so this is the default for "make posix".
44 * Why use this malloc?
46 This is not the fastest, most space-conserving, most portable, or
47 most tunable malloc ever written. However it is among the fastest
48 while also being among the most space-conserving, portable and tunable.
49 Consistent balance across these factors results in a good general-purpose
50 allocator for malloc-intensive programs.
52 The main properties of the algorithms are:
53 * For large (>= 512 bytes) requests, it is a pure best-fit allocator,
54 with ties normally decided via FIFO (i.e. least recently used).
55 * For small (<= 64 bytes by default) requests, it is a caching
56 allocator, that maintains pools of quickly recycled chunks.
57 * In between, and for combinations of large and small requests, it does
58 the best it can trying to meet both goals at once.
59 * For very large requests (>= 128KB by default), it relies on system
60 memory mapping facilities, if supported.
62 For a longer but slightly out of date high-level description, see
63 http://gee.cs.oswego.edu/dl/html/malloc.html
65 You may already by default be using a C library containing a malloc
66 that is based on some version of this malloc (for example in
67 linux). You might still want to use the one in this file in order to
68 customize settings or to avoid overheads associated with library
69 versions.
71 * Contents, described in more detail in "description of public routines" below.
73 Standard (ANSI/SVID/...) functions:
74 malloc(size_t n);
75 calloc(size_t n_elements, size_t element_size);
76 free(void* p);
77 realloc(void* p, size_t n);
78 memalign(size_t alignment, size_t n);
79 valloc(size_t n);
80 mallinfo()
81 mallopt(int parameter_number, int parameter_value)
83 Additional functions:
84 independent_calloc(size_t n_elements, size_t size, void* chunks[]);
85 independent_comalloc(size_t n_elements, size_t sizes[], void* chunks[]);
86 pvalloc(size_t n);
87 malloc_trim(size_t pad);
88 malloc_usable_size(void* p);
89 malloc_stats();
91 * Vital statistics:
93 Supported pointer representation: 4 or 8 bytes
94 Supported size_t representation: 4 or 8 bytes
95 Note that size_t is allowed to be 4 bytes even if pointers are 8.
96 You can adjust this by defining INTERNAL_SIZE_T
98 Alignment: 2 * sizeof(size_t) (default)
99 (i.e., 8 byte alignment with 4byte size_t). This suffices for
100 nearly all current machines and C compilers. However, you can
101 define MALLOC_ALIGNMENT to be wider than this if necessary.
103 Minimum overhead per allocated chunk: 4 or 8 bytes
104 Each malloced chunk has a hidden word of overhead holding size
105 and status information.
107 Minimum allocated size: 4-byte ptrs: 16 bytes (including 4 overhead)
108 8-byte ptrs: 24/32 bytes (including, 4/8 overhead)
110 When a chunk is freed, 12 (for 4byte ptrs) or 20 (for 8 byte
111 ptrs but 4 byte size) or 24 (for 8/8) additional bytes are
112 needed; 4 (8) for a trailing size field and 8 (16) bytes for
113 free list pointers. Thus, the minimum allocatable size is
114 16/24/32 bytes.
116 Even a request for zero bytes (i.e., malloc(0)) returns a
117 pointer to something of the minimum allocatable size.
119 The maximum overhead wastage (i.e., number of extra bytes
120 allocated than were requested in malloc) is less than or equal
121 to the minimum size, except for requests >= mmap_threshold that
122 are serviced via mmap(), where the worst case wastage is 2 *
123 sizeof(size_t) bytes plus the remainder from a system page (the
124 minimal mmap unit); typically 4096 or 8192 bytes.
126 Maximum allocated size: 4-byte size_t: 2^32 minus about two pages
127 8-byte size_t: 2^64 minus about two pages
129 It is assumed that (possibly signed) size_t values suffice to
130 represent chunk sizes. `Possibly signed' is due to the fact
131 that `size_t' may be defined on a system as either a signed or
132 an unsigned type. The ISO C standard says that it must be
133 unsigned, but a few systems are known not to adhere to this.
134 Additionally, even when size_t is unsigned, sbrk (which is by
135 default used to obtain memory from system) accepts signed
136 arguments, and may not be able to handle size_t-wide arguments
137 with negative sign bit. Generally, values that would
138 appear as negative after accounting for overhead and alignment
139 are supported only via mmap(), which does not have this
140 limitation.
142 Requests for sizes outside the allowed range will perform an optional
143 failure action and then return null. (Requests may also
144 also fail because a system is out of memory.)
146 Thread-safety: thread-safe
148 Compliance: I believe it is compliant with the 1997 Single Unix Specification
149 Also SVID/XPG, ANSI C, and probably others as well.
151 * Synopsis of compile-time options:
153 People have reported using previous versions of this malloc on all
154 versions of Unix, sometimes by tweaking some of the defines
155 below. It has been tested most extensively on Solaris and Linux.
156 People also report using it in stand-alone embedded systems.
158 The implementation is in straight, hand-tuned ANSI C. It is not
159 at all modular. (Sorry!) It uses a lot of macros. To be at all
160 usable, this code should be compiled using an optimizing compiler
161 (for example gcc -O3) that can simplify expressions and control
162 paths. (FAQ: some macros import variables as arguments rather than
163 declare locals because people reported that some debuggers
164 otherwise get confused.)
166 OPTION DEFAULT VALUE
168 Compilation Environment options:
170 HAVE_MREMAP 0
172 Changing default word sizes:
174 INTERNAL_SIZE_T size_t
176 Configuration and functionality options:
178 USE_PUBLIC_MALLOC_WRAPPERS NOT defined
179 USE_MALLOC_LOCK NOT defined
180 MALLOC_DEBUG NOT defined
181 REALLOC_ZERO_BYTES_FREES 1
182 TRIM_FASTBINS 0
184 Options for customizing MORECORE:
186 MORECORE sbrk
187 MORECORE_FAILURE -1
188 MORECORE_CONTIGUOUS 1
189 MORECORE_CANNOT_TRIM NOT defined
190 MORECORE_CLEARS 1
191 MMAP_AS_MORECORE_SIZE (1024 * 1024)
193 Tuning options that are also dynamically changeable via mallopt:
195 DEFAULT_MXFAST 64 (for 32bit), 128 (for 64bit)
196 DEFAULT_TRIM_THRESHOLD 128 * 1024
197 DEFAULT_TOP_PAD 0
198 DEFAULT_MMAP_THRESHOLD 128 * 1024
199 DEFAULT_MMAP_MAX 65536
201 There are several other #defined constants and macros that you
202 probably don't want to touch unless you are extending or adapting malloc. */
205 void* is the pointer type that malloc should say it returns
208 #ifndef void
209 #define void void
210 #endif /*void*/
212 #include <stddef.h> /* for size_t */
213 #include <stdlib.h> /* for getenv(), abort() */
214 #include <unistd.h> /* for __libc_enable_secure */
216 #include <atomic.h>
217 #include <_itoa.h>
218 #include <bits/wordsize.h>
219 #include <sys/sysinfo.h>
221 #include <ldsodefs.h>
223 #include <unistd.h>
224 #include <stdio.h> /* needed for malloc_stats */
225 #include <errno.h>
227 #include <shlib-compat.h>
229 /* For uintptr_t. */
230 #include <stdint.h>
232 /* For va_arg, va_start, va_end. */
233 #include <stdarg.h>
235 /* For MIN, MAX, powerof2. */
236 #include <sys/param.h>
238 /* For ALIGN_UP et. al. */
239 #include <libc-pointer-arith.h>
241 /* For DIAG_PUSH/POP_NEEDS_COMMENT et al. */
242 #include <libc-diag.h>
244 #include <malloc/malloc-internal.h>
247 Debugging:
249 Because freed chunks may be overwritten with bookkeeping fields, this
250 malloc will often die when freed memory is overwritten by user
251 programs. This can be very effective (albeit in an annoying way)
252 in helping track down dangling pointers.
254 If you compile with -DMALLOC_DEBUG, a number of assertion checks are
255 enabled that will catch more memory errors. You probably won't be
256 able to make much sense of the actual assertion errors, but they
257 should help you locate incorrectly overwritten memory. The checking
258 is fairly extensive, and will slow down execution
259 noticeably. Calling malloc_stats or mallinfo with MALLOC_DEBUG set
260 will attempt to check every non-mmapped allocated and free chunk in
261 the course of computing the summmaries. (By nature, mmapped regions
262 cannot be checked very much automatically.)
264 Setting MALLOC_DEBUG may also be helpful if you are trying to modify
265 this code. The assertions in the check routines spell out in more
266 detail the assumptions and invariants underlying the algorithms.
268 Setting MALLOC_DEBUG does NOT provide an automated mechanism for
269 checking that all accesses to malloced memory stay within their
270 bounds. However, there are several add-ons and adaptations of this
271 or other mallocs available that do this.
274 #ifndef MALLOC_DEBUG
275 #define MALLOC_DEBUG 0
276 #endif
278 #ifdef NDEBUG
279 # define assert(expr) ((void) 0)
280 #else
281 # define assert(expr) \
282 ((expr) \
283 ? ((void) 0) \
284 : __malloc_assert (#expr, __FILE__, __LINE__, __func__))
286 extern const char *__progname;
288 static void
289 __malloc_assert (const char *assertion, const char *file, unsigned int line,
290 const char *function)
292 (void) __fxprintf (NULL, "%s%s%s:%u: %s%sAssertion `%s' failed.\n",
293 __progname, __progname[0] ? ": " : "",
294 file, line,
295 function ? function : "", function ? ": " : "",
296 assertion);
297 fflush (stderr);
298 abort ();
300 #endif
302 #if USE_TCACHE
303 /* We want 64 entries. This is an arbitrary limit, which tunables can reduce. */
304 # define TCACHE_MAX_BINS 64
305 # define MAX_TCACHE_SIZE tidx2usize (TCACHE_MAX_BINS-1)
307 /* Only used to pre-fill the tunables. */
308 # define tidx2usize(idx) (((size_t) idx) * MALLOC_ALIGNMENT + MINSIZE - SIZE_SZ)
310 /* When "x" is from chunksize(). */
311 # define csize2tidx(x) (((x) - MINSIZE + MALLOC_ALIGNMENT - 1) / MALLOC_ALIGNMENT)
312 /* When "x" is a user-provided size. */
313 # define usize2tidx(x) csize2tidx (request2size (x))
315 /* With rounding and alignment, the bins are...
316 idx 0 bytes 0..24 (64-bit) or 0..12 (32-bit)
317 idx 1 bytes 25..40 or 13..20
318 idx 2 bytes 41..56 or 21..28
319 etc. */
321 /* This is another arbitrary limit, which tunables can change. Each
322 tcache bin will hold at most this number of chunks. */
323 # define TCACHE_FILL_COUNT 7
324 #endif
328 REALLOC_ZERO_BYTES_FREES should be set if a call to
329 realloc with zero bytes should be the same as a call to free.
330 This is required by the C standard. Otherwise, since this malloc
331 returns a unique pointer for malloc(0), so does realloc(p, 0).
334 #ifndef REALLOC_ZERO_BYTES_FREES
335 #define REALLOC_ZERO_BYTES_FREES 1
336 #endif
339 TRIM_FASTBINS controls whether free() of a very small chunk can
340 immediately lead to trimming. Setting to true (1) can reduce memory
341 footprint, but will almost always slow down programs that use a lot
342 of small chunks.
344 Define this only if you are willing to give up some speed to more
345 aggressively reduce system-level memory footprint when releasing
346 memory in programs that use many small chunks. You can get
347 essentially the same effect by setting MXFAST to 0, but this can
348 lead to even greater slowdowns in programs using many small chunks.
349 TRIM_FASTBINS is an in-between compile-time option, that disables
350 only those chunks bordering topmost memory from being placed in
351 fastbins.
354 #ifndef TRIM_FASTBINS
355 #define TRIM_FASTBINS 0
356 #endif
359 /* Definition for getting more memory from the OS. */
360 #define MORECORE (*__morecore)
361 #define MORECORE_FAILURE 0
362 void * __default_morecore (ptrdiff_t);
363 void *(*__morecore)(ptrdiff_t) = __default_morecore;
366 #include <string.h>
369 MORECORE-related declarations. By default, rely on sbrk
374 MORECORE is the name of the routine to call to obtain more memory
375 from the system. See below for general guidance on writing
376 alternative MORECORE functions, as well as a version for WIN32 and a
377 sample version for pre-OSX macos.
380 #ifndef MORECORE
381 #define MORECORE sbrk
382 #endif
385 MORECORE_FAILURE is the value returned upon failure of MORECORE
386 as well as mmap. Since it cannot be an otherwise valid memory address,
387 and must reflect values of standard sys calls, you probably ought not
388 try to redefine it.
391 #ifndef MORECORE_FAILURE
392 #define MORECORE_FAILURE (-1)
393 #endif
396 If MORECORE_CONTIGUOUS is true, take advantage of fact that
397 consecutive calls to MORECORE with positive arguments always return
398 contiguous increasing addresses. This is true of unix sbrk. Even
399 if not defined, when regions happen to be contiguous, malloc will
400 permit allocations spanning regions obtained from different
401 calls. But defining this when applicable enables some stronger
402 consistency checks and space efficiencies.
405 #ifndef MORECORE_CONTIGUOUS
406 #define MORECORE_CONTIGUOUS 1
407 #endif
410 Define MORECORE_CANNOT_TRIM if your version of MORECORE
411 cannot release space back to the system when given negative
412 arguments. This is generally necessary only if you are using
413 a hand-crafted MORECORE function that cannot handle negative arguments.
416 /* #define MORECORE_CANNOT_TRIM */
418 /* MORECORE_CLEARS (default 1)
419 The degree to which the routine mapped to MORECORE zeroes out
420 memory: never (0), only for newly allocated space (1) or always
421 (2). The distinction between (1) and (2) is necessary because on
422 some systems, if the application first decrements and then
423 increments the break value, the contents of the reallocated space
424 are unspecified.
427 #ifndef MORECORE_CLEARS
428 # define MORECORE_CLEARS 1
429 #endif
433 MMAP_AS_MORECORE_SIZE is the minimum mmap size argument to use if
434 sbrk fails, and mmap is used as a backup. The value must be a
435 multiple of page size. This backup strategy generally applies only
436 when systems have "holes" in address space, so sbrk cannot perform
437 contiguous expansion, but there is still space available on system.
438 On systems for which this is known to be useful (i.e. most linux
439 kernels), this occurs only when programs allocate huge amounts of
440 memory. Between this, and the fact that mmap regions tend to be
441 limited, the size should be large, to avoid too many mmap calls and
442 thus avoid running out of kernel resources. */
444 #ifndef MMAP_AS_MORECORE_SIZE
445 #define MMAP_AS_MORECORE_SIZE (1024 * 1024)
446 #endif
449 Define HAVE_MREMAP to make realloc() use mremap() to re-allocate
450 large blocks.
453 #ifndef HAVE_MREMAP
454 #define HAVE_MREMAP 0
455 #endif
457 /* We may need to support __malloc_initialize_hook for backwards
458 compatibility. */
460 #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_24)
461 # define HAVE_MALLOC_INIT_HOOK 1
462 #else
463 # define HAVE_MALLOC_INIT_HOOK 0
464 #endif
468 This version of malloc supports the standard SVID/XPG mallinfo
469 routine that returns a struct containing usage properties and
470 statistics. It should work on any SVID/XPG compliant system that has
471 a /usr/include/malloc.h defining struct mallinfo. (If you'd like to
472 install such a thing yourself, cut out the preliminary declarations
473 as described above and below and save them in a malloc.h file. But
474 there's no compelling reason to bother to do this.)
476 The main declaration needed is the mallinfo struct that is returned
477 (by-copy) by mallinfo(). The SVID/XPG malloinfo struct contains a
478 bunch of fields that are not even meaningful in this version of
479 malloc. These fields are are instead filled by mallinfo() with
480 other numbers that might be of interest.
484 /* ---------- description of public routines ------------ */
487 malloc(size_t n)
488 Returns a pointer to a newly allocated chunk of at least n bytes, or null
489 if no space is available. Additionally, on failure, errno is
490 set to ENOMEM on ANSI C systems.
492 If n is zero, malloc returns a minumum-sized chunk. (The minimum
493 size is 16 bytes on most 32bit systems, and 24 or 32 bytes on 64bit
494 systems.) On most systems, size_t is an unsigned type, so calls
495 with negative arguments are interpreted as requests for huge amounts
496 of space, which will often fail. The maximum supported value of n
497 differs across systems, but is in all cases less than the maximum
498 representable value of a size_t.
500 void* __libc_malloc(size_t);
501 libc_hidden_proto (__libc_malloc)
504 free(void* p)
505 Releases the chunk of memory pointed to by p, that had been previously
506 allocated using malloc or a related routine such as realloc.
507 It has no effect if p is null. It can have arbitrary (i.e., bad!)
508 effects if p has already been freed.
510 Unless disabled (using mallopt), freeing very large spaces will
511 when possible, automatically trigger operations that give
512 back unused memory to the system, thus reducing program footprint.
514 void __libc_free(void*);
515 libc_hidden_proto (__libc_free)
518 calloc(size_t n_elements, size_t element_size);
519 Returns a pointer to n_elements * element_size bytes, with all locations
520 set to zero.
522 void* __libc_calloc(size_t, size_t);
525 realloc(void* p, size_t n)
526 Returns a pointer to a chunk of size n that contains the same data
527 as does chunk p up to the minimum of (n, p's size) bytes, or null
528 if no space is available.
530 The returned pointer may or may not be the same as p. The algorithm
531 prefers extending p when possible, otherwise it employs the
532 equivalent of a malloc-copy-free sequence.
534 If p is null, realloc is equivalent to malloc.
536 If space is not available, realloc returns null, errno is set (if on
537 ANSI) and p is NOT freed.
539 if n is for fewer bytes than already held by p, the newly unused
540 space is lopped off and freed if possible. Unless the #define
541 REALLOC_ZERO_BYTES_FREES is set, realloc with a size argument of
542 zero (re)allocates a minimum-sized chunk.
544 Large chunks that were internally obtained via mmap will always be
545 grown using malloc-copy-free sequences unless the system supports
546 MREMAP (currently only linux).
548 The old unix realloc convention of allowing the last-free'd chunk
549 to be used as an argument to realloc is not supported.
551 void* __libc_realloc(void*, size_t);
552 libc_hidden_proto (__libc_realloc)
555 memalign(size_t alignment, size_t n);
556 Returns a pointer to a newly allocated chunk of n bytes, aligned
557 in accord with the alignment argument.
559 The alignment argument should be a power of two. If the argument is
560 not a power of two, the nearest greater power is used.
561 8-byte alignment is guaranteed by normal malloc calls, so don't
562 bother calling memalign with an argument of 8 or less.
564 Overreliance on memalign is a sure way to fragment space.
566 void* __libc_memalign(size_t, size_t);
567 libc_hidden_proto (__libc_memalign)
570 valloc(size_t n);
571 Equivalent to memalign(pagesize, n), where pagesize is the page
572 size of the system. If the pagesize is unknown, 4096 is used.
574 void* __libc_valloc(size_t);
579 mallopt(int parameter_number, int parameter_value)
580 Sets tunable parameters The format is to provide a
581 (parameter-number, parameter-value) pair. mallopt then sets the
582 corresponding parameter to the argument value if it can (i.e., so
583 long as the value is meaningful), and returns 1 if successful else
584 0. SVID/XPG/ANSI defines four standard param numbers for mallopt,
585 normally defined in malloc.h. Only one of these (M_MXFAST) is used
586 in this malloc. The others (M_NLBLKS, M_GRAIN, M_KEEP) don't apply,
587 so setting them has no effect. But this malloc also supports four
588 other options in mallopt. See below for details. Briefly, supported
589 parameters are as follows (listed defaults are for "typical"
590 configurations).
592 Symbol param # default allowed param values
593 M_MXFAST 1 64 0-80 (0 disables fastbins)
594 M_TRIM_THRESHOLD -1 128*1024 any (-1U disables trimming)
595 M_TOP_PAD -2 0 any
596 M_MMAP_THRESHOLD -3 128*1024 any (or 0 if no MMAP support)
597 M_MMAP_MAX -4 65536 any (0 disables use of mmap)
599 int __libc_mallopt(int, int);
600 libc_hidden_proto (__libc_mallopt)
604 mallinfo()
605 Returns (by copy) a struct containing various summary statistics:
607 arena: current total non-mmapped bytes allocated from system
608 ordblks: the number of free chunks
609 smblks: the number of fastbin blocks (i.e., small chunks that
610 have been freed but not use resused or consolidated)
611 hblks: current number of mmapped regions
612 hblkhd: total bytes held in mmapped regions
613 usmblks: always 0
614 fsmblks: total bytes held in fastbin blocks
615 uordblks: current total allocated space (normal or mmapped)
616 fordblks: total free space
617 keepcost: the maximum number of bytes that could ideally be released
618 back to system via malloc_trim. ("ideally" means that
619 it ignores page restrictions etc.)
621 Because these fields are ints, but internal bookkeeping may
622 be kept as longs, the reported values may wrap around zero and
623 thus be inaccurate.
625 struct mallinfo __libc_mallinfo(void);
629 pvalloc(size_t n);
630 Equivalent to valloc(minimum-page-that-holds(n)), that is,
631 round up n to nearest pagesize.
633 void* __libc_pvalloc(size_t);
636 malloc_trim(size_t pad);
638 If possible, gives memory back to the system (via negative
639 arguments to sbrk) if there is unused memory at the `high' end of
640 the malloc pool. You can call this after freeing large blocks of
641 memory to potentially reduce the system-level memory requirements
642 of a program. However, it cannot guarantee to reduce memory. Under
643 some allocation patterns, some large free blocks of memory will be
644 locked between two used chunks, so they cannot be given back to
645 the system.
647 The `pad' argument to malloc_trim represents the amount of free
648 trailing space to leave untrimmed. If this argument is zero,
649 only the minimum amount of memory to maintain internal data
650 structures will be left (one page or less). Non-zero arguments
651 can be supplied to maintain enough trailing space to service
652 future expected allocations without having to re-obtain memory
653 from the system.
655 Malloc_trim returns 1 if it actually released any memory, else 0.
656 On systems that do not support "negative sbrks", it will always
657 return 0.
659 int __malloc_trim(size_t);
662 malloc_usable_size(void* p);
664 Returns the number of bytes you can actually use in
665 an allocated chunk, which may be more than you requested (although
666 often not) due to alignment and minimum size constraints.
667 You can use this many bytes without worrying about
668 overwriting other allocated objects. This is not a particularly great
669 programming practice. malloc_usable_size can be more useful in
670 debugging and assertions, for example:
672 p = malloc(n);
673 assert(malloc_usable_size(p) >= 256);
676 size_t __malloc_usable_size(void*);
679 malloc_stats();
680 Prints on stderr the amount of space obtained from the system (both
681 via sbrk and mmap), the maximum amount (which may be more than
682 current if malloc_trim and/or munmap got called), and the current
683 number of bytes allocated via malloc (or realloc, etc) but not yet
684 freed. Note that this is the number of bytes allocated, not the
685 number requested. It will be larger than the number requested
686 because of alignment and bookkeeping overhead. Because it includes
687 alignment wastage as being in use, this figure may be greater than
688 zero even when no user-level chunks are allocated.
690 The reported current and maximum system memory can be inaccurate if
691 a program makes other calls to system memory allocation functions
692 (normally sbrk) outside of malloc.
694 malloc_stats prints only the most commonly interesting statistics.
695 More information can be obtained by calling mallinfo.
698 void __malloc_stats(void);
701 malloc_get_state(void);
703 Returns the state of all malloc variables in an opaque data
704 structure.
706 void* __malloc_get_state(void);
709 malloc_set_state(void* state);
711 Restore the state of all malloc variables from data obtained with
712 malloc_get_state().
714 int __malloc_set_state(void*);
717 posix_memalign(void **memptr, size_t alignment, size_t size);
719 POSIX wrapper like memalign(), checking for validity of size.
721 int __posix_memalign(void **, size_t, size_t);
723 /* mallopt tuning options */
726 M_MXFAST is the maximum request size used for "fastbins", special bins
727 that hold returned chunks without consolidating their spaces. This
728 enables future requests for chunks of the same size to be handled
729 very quickly, but can increase fragmentation, and thus increase the
730 overall memory footprint of a program.
732 This malloc manages fastbins very conservatively yet still
733 efficiently, so fragmentation is rarely a problem for values less
734 than or equal to the default. The maximum supported value of MXFAST
735 is 80. You wouldn't want it any higher than this anyway. Fastbins
736 are designed especially for use with many small structs, objects or
737 strings -- the default handles structs/objects/arrays with sizes up
738 to 8 4byte fields, or small strings representing words, tokens,
739 etc. Using fastbins for larger objects normally worsens
740 fragmentation without improving speed.
742 M_MXFAST is set in REQUEST size units. It is internally used in
743 chunksize units, which adds padding and alignment. You can reduce
744 M_MXFAST to 0 to disable all use of fastbins. This causes the malloc
745 algorithm to be a closer approximation of fifo-best-fit in all cases,
746 not just for larger requests, but will generally cause it to be
747 slower.
751 /* M_MXFAST is a standard SVID/XPG tuning option, usually listed in malloc.h */
752 #ifndef M_MXFAST
753 #define M_MXFAST 1
754 #endif
756 #ifndef DEFAULT_MXFAST
757 #define DEFAULT_MXFAST (64 * SIZE_SZ / 4)
758 #endif
762 M_TRIM_THRESHOLD is the maximum amount of unused top-most memory
763 to keep before releasing via malloc_trim in free().
765 Automatic trimming is mainly useful in long-lived programs.
766 Because trimming via sbrk can be slow on some systems, and can
767 sometimes be wasteful (in cases where programs immediately
768 afterward allocate more large chunks) the value should be high
769 enough so that your overall system performance would improve by
770 releasing this much memory.
772 The trim threshold and the mmap control parameters (see below)
773 can be traded off with one another. Trimming and mmapping are
774 two different ways of releasing unused memory back to the
775 system. Between these two, it is often possible to keep
776 system-level demands of a long-lived program down to a bare
777 minimum. For example, in one test suite of sessions measuring
778 the XF86 X server on Linux, using a trim threshold of 128K and a
779 mmap threshold of 192K led to near-minimal long term resource
780 consumption.
782 If you are using this malloc in a long-lived program, it should
783 pay to experiment with these values. As a rough guide, you
784 might set to a value close to the average size of a process
785 (program) running on your system. Releasing this much memory
786 would allow such a process to run in memory. Generally, it's
787 worth it to tune for trimming rather tham memory mapping when a
788 program undergoes phases where several large chunks are
789 allocated and released in ways that can reuse each other's
790 storage, perhaps mixed with phases where there are no such
791 chunks at all. And in well-behaved long-lived programs,
792 controlling release of large blocks via trimming versus mapping
793 is usually faster.
795 However, in most programs, these parameters serve mainly as
796 protection against the system-level effects of carrying around
797 massive amounts of unneeded memory. Since frequent calls to
798 sbrk, mmap, and munmap otherwise degrade performance, the default
799 parameters are set to relatively high values that serve only as
800 safeguards.
802 The trim value It must be greater than page size to have any useful
803 effect. To disable trimming completely, you can set to
804 (unsigned long)(-1)
806 Trim settings interact with fastbin (MXFAST) settings: Unless
807 TRIM_FASTBINS is defined, automatic trimming never takes place upon
808 freeing a chunk with size less than or equal to MXFAST. Trimming is
809 instead delayed until subsequent freeing of larger chunks. However,
810 you can still force an attempted trim by calling malloc_trim.
812 Also, trimming is not generally possible in cases where
813 the main arena is obtained via mmap.
815 Note that the trick some people use of mallocing a huge space and
816 then freeing it at program startup, in an attempt to reserve system
817 memory, doesn't have the intended effect under automatic trimming,
818 since that memory will immediately be returned to the system.
821 #define M_TRIM_THRESHOLD -1
823 #ifndef DEFAULT_TRIM_THRESHOLD
824 #define DEFAULT_TRIM_THRESHOLD (128 * 1024)
825 #endif
828 M_TOP_PAD is the amount of extra `padding' space to allocate or
829 retain whenever sbrk is called. It is used in two ways internally:
831 * When sbrk is called to extend the top of the arena to satisfy
832 a new malloc request, this much padding is added to the sbrk
833 request.
835 * When malloc_trim is called automatically from free(),
836 it is used as the `pad' argument.
838 In both cases, the actual amount of padding is rounded
839 so that the end of the arena is always a system page boundary.
841 The main reason for using padding is to avoid calling sbrk so
842 often. Having even a small pad greatly reduces the likelihood
843 that nearly every malloc request during program start-up (or
844 after trimming) will invoke sbrk, which needlessly wastes
845 time.
847 Automatic rounding-up to page-size units is normally sufficient
848 to avoid measurable overhead, so the default is 0. However, in
849 systems where sbrk is relatively slow, it can pay to increase
850 this value, at the expense of carrying around more memory than
851 the program needs.
854 #define M_TOP_PAD -2
856 #ifndef DEFAULT_TOP_PAD
857 #define DEFAULT_TOP_PAD (0)
858 #endif
861 MMAP_THRESHOLD_MAX and _MIN are the bounds on the dynamically
862 adjusted MMAP_THRESHOLD.
865 #ifndef DEFAULT_MMAP_THRESHOLD_MIN
866 #define DEFAULT_MMAP_THRESHOLD_MIN (128 * 1024)
867 #endif
869 #ifndef DEFAULT_MMAP_THRESHOLD_MAX
870 /* For 32-bit platforms we cannot increase the maximum mmap
871 threshold much because it is also the minimum value for the
872 maximum heap size and its alignment. Going above 512k (i.e., 1M
873 for new heaps) wastes too much address space. */
874 # if __WORDSIZE == 32
875 # define DEFAULT_MMAP_THRESHOLD_MAX (512 * 1024)
876 # else
877 # define DEFAULT_MMAP_THRESHOLD_MAX (4 * 1024 * 1024 * sizeof(long))
878 # endif
879 #endif
882 M_MMAP_THRESHOLD is the request size threshold for using mmap()
883 to service a request. Requests of at least this size that cannot
884 be allocated using already-existing space will be serviced via mmap.
885 (If enough normal freed space already exists it is used instead.)
887 Using mmap segregates relatively large chunks of memory so that
888 they can be individually obtained and released from the host
889 system. A request serviced through mmap is never reused by any
890 other request (at least not directly; the system may just so
891 happen to remap successive requests to the same locations).
893 Segregating space in this way has the benefits that:
895 1. Mmapped space can ALWAYS be individually released back
896 to the system, which helps keep the system level memory
897 demands of a long-lived program low.
898 2. Mapped memory can never become `locked' between
899 other chunks, as can happen with normally allocated chunks, which
900 means that even trimming via malloc_trim would not release them.
901 3. On some systems with "holes" in address spaces, mmap can obtain
902 memory that sbrk cannot.
904 However, it has the disadvantages that:
906 1. The space cannot be reclaimed, consolidated, and then
907 used to service later requests, as happens with normal chunks.
908 2. It can lead to more wastage because of mmap page alignment
909 requirements
910 3. It causes malloc performance to be more dependent on host
911 system memory management support routines which may vary in
912 implementation quality and may impose arbitrary
913 limitations. Generally, servicing a request via normal
914 malloc steps is faster than going through a system's mmap.
916 The advantages of mmap nearly always outweigh disadvantages for
917 "large" chunks, but the value of "large" varies across systems. The
918 default is an empirically derived value that works well in most
919 systems.
922 Update in 2006:
923 The above was written in 2001. Since then the world has changed a lot.
924 Memory got bigger. Applications got bigger. The virtual address space
925 layout in 32 bit linux changed.
927 In the new situation, brk() and mmap space is shared and there are no
928 artificial limits on brk size imposed by the kernel. What is more,
929 applications have started using transient allocations larger than the
930 128Kb as was imagined in 2001.
932 The price for mmap is also high now; each time glibc mmaps from the
933 kernel, the kernel is forced to zero out the memory it gives to the
934 application. Zeroing memory is expensive and eats a lot of cache and
935 memory bandwidth. This has nothing to do with the efficiency of the
936 virtual memory system, by doing mmap the kernel just has no choice but
937 to zero.
939 In 2001, the kernel had a maximum size for brk() which was about 800
940 megabytes on 32 bit x86, at that point brk() would hit the first
941 mmaped shared libaries and couldn't expand anymore. With current 2.6
942 kernels, the VA space layout is different and brk() and mmap
943 both can span the entire heap at will.
945 Rather than using a static threshold for the brk/mmap tradeoff,
946 we are now using a simple dynamic one. The goal is still to avoid
947 fragmentation. The old goals we kept are
948 1) try to get the long lived large allocations to use mmap()
949 2) really large allocations should always use mmap()
950 and we're adding now:
951 3) transient allocations should use brk() to avoid forcing the kernel
952 having to zero memory over and over again
954 The implementation works with a sliding threshold, which is by default
955 limited to go between 128Kb and 32Mb (64Mb for 64 bitmachines) and starts
956 out at 128Kb as per the 2001 default.
958 This allows us to satisfy requirement 1) under the assumption that long
959 lived allocations are made early in the process' lifespan, before it has
960 started doing dynamic allocations of the same size (which will
961 increase the threshold).
963 The upperbound on the threshold satisfies requirement 2)
965 The threshold goes up in value when the application frees memory that was
966 allocated with the mmap allocator. The idea is that once the application
967 starts freeing memory of a certain size, it's highly probable that this is
968 a size the application uses for transient allocations. This estimator
969 is there to satisfy the new third requirement.
973 #define M_MMAP_THRESHOLD -3
975 #ifndef DEFAULT_MMAP_THRESHOLD
976 #define DEFAULT_MMAP_THRESHOLD DEFAULT_MMAP_THRESHOLD_MIN
977 #endif
980 M_MMAP_MAX is the maximum number of requests to simultaneously
981 service using mmap. This parameter exists because
982 some systems have a limited number of internal tables for
983 use by mmap, and using more than a few of them may degrade
984 performance.
986 The default is set to a value that serves only as a safeguard.
987 Setting to 0 disables use of mmap for servicing large requests.
990 #define M_MMAP_MAX -4
992 #ifndef DEFAULT_MMAP_MAX
993 #define DEFAULT_MMAP_MAX (65536)
994 #endif
996 #include <malloc.h>
998 #ifndef RETURN_ADDRESS
999 #define RETURN_ADDRESS(X_) (NULL)
1000 #endif
1002 /* On some platforms we can compile internal, not exported functions better.
1003 Let the environment provide a macro and define it to be empty if it
1004 is not available. */
1005 #ifndef internal_function
1006 # define internal_function
1007 #endif
1009 /* Forward declarations. */
1010 struct malloc_chunk;
1011 typedef struct malloc_chunk* mchunkptr;
1013 /* Internal routines. */
1015 static void* _int_malloc(mstate, size_t);
1016 static void _int_free(mstate, mchunkptr, int);
1017 static void* _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T,
1018 INTERNAL_SIZE_T);
1019 static void* _int_memalign(mstate, size_t, size_t);
1020 static void* _mid_memalign(size_t, size_t, void *);
1022 static void malloc_printerr(int action, const char *str, void *ptr, mstate av);
1024 static void* internal_function mem2mem_check(void *p, size_t sz);
1025 static int internal_function top_check(void);
1026 static void internal_function munmap_chunk(mchunkptr p);
1027 #if HAVE_MREMAP
1028 static mchunkptr internal_function mremap_chunk(mchunkptr p, size_t new_size);
1029 #endif
1031 static void* malloc_check(size_t sz, const void *caller);
1032 static void free_check(void* mem, const void *caller);
1033 static void* realloc_check(void* oldmem, size_t bytes,
1034 const void *caller);
1035 static void* memalign_check(size_t alignment, size_t bytes,
1036 const void *caller);
1038 /* ------------------ MMAP support ------------------ */
1041 #include <fcntl.h>
1042 #include <sys/mman.h>
1044 #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
1045 # define MAP_ANONYMOUS MAP_ANON
1046 #endif
1048 #ifndef MAP_NORESERVE
1049 # define MAP_NORESERVE 0
1050 #endif
1052 #define MMAP(addr, size, prot, flags) \
1053 __mmap((addr), (size), (prot), (flags)|MAP_ANONYMOUS|MAP_PRIVATE, -1, 0)
1057 ----------------------- Chunk representations -----------------------
1062 This struct declaration is misleading (but accurate and necessary).
1063 It declares a "view" into memory allowing access to necessary
1064 fields at known offsets from a given base. See explanation below.
1067 struct malloc_chunk {
1069 INTERNAL_SIZE_T mchunk_prev_size; /* Size of previous chunk (if free). */
1070 INTERNAL_SIZE_T mchunk_size; /* Size in bytes, including overhead. */
1072 struct malloc_chunk* fd; /* double links -- used only if free. */
1073 struct malloc_chunk* bk;
1075 /* Only used for large blocks: pointer to next larger size. */
1076 struct malloc_chunk* fd_nextsize; /* double links -- used only if free. */
1077 struct malloc_chunk* bk_nextsize;
1082 malloc_chunk details:
1084 (The following includes lightly edited explanations by Colin Plumb.)
1086 Chunks of memory are maintained using a `boundary tag' method as
1087 described in e.g., Knuth or Standish. (See the paper by Paul
1088 Wilson ftp://ftp.cs.utexas.edu/pub/garbage/allocsrv.ps for a
1089 survey of such techniques.) Sizes of free chunks are stored both
1090 in the front of each chunk and at the end. This makes
1091 consolidating fragmented chunks into bigger chunks very fast. The
1092 size fields also hold bits representing whether chunks are free or
1093 in use.
1095 An allocated chunk looks like this:
1098 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1099 | Size of previous chunk, if unallocated (P clear) |
1100 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1101 | Size of chunk, in bytes |A|M|P|
1102 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1103 | User data starts here... .
1105 . (malloc_usable_size() bytes) .
1107 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1108 | (size of chunk, but used for application data) |
1109 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1110 | Size of next chunk, in bytes |A|0|1|
1111 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1113 Where "chunk" is the front of the chunk for the purpose of most of
1114 the malloc code, but "mem" is the pointer that is returned to the
1115 user. "Nextchunk" is the beginning of the next contiguous chunk.
1117 Chunks always begin on even word boundaries, so the mem portion
1118 (which is returned to the user) is also on an even word boundary, and
1119 thus at least double-word aligned.
1121 Free chunks are stored in circular doubly-linked lists, and look like this:
1123 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1124 | Size of previous chunk, if unallocated (P clear) |
1125 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1126 `head:' | Size of chunk, in bytes |A|0|P|
1127 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1128 | Forward pointer to next chunk in list |
1129 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1130 | Back pointer to previous chunk in list |
1131 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1132 | Unused space (may be 0 bytes long) .
1135 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1136 `foot:' | Size of chunk, in bytes |
1137 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1138 | Size of next chunk, in bytes |A|0|0|
1139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1141 The P (PREV_INUSE) bit, stored in the unused low-order bit of the
1142 chunk size (which is always a multiple of two words), is an in-use
1143 bit for the *previous* chunk. If that bit is *clear*, then the
1144 word before the current chunk size contains the previous chunk
1145 size, and can be used to find the front of the previous chunk.
1146 The very first chunk allocated always has this bit set,
1147 preventing access to non-existent (or non-owned) memory. If
1148 prev_inuse is set for any given chunk, then you CANNOT determine
1149 the size of the previous chunk, and might even get a memory
1150 addressing fault when trying to do so.
1152 The A (NON_MAIN_ARENA) bit is cleared for chunks on the initial,
1153 main arena, described by the main_arena variable. When additional
1154 threads are spawned, each thread receives its own arena (up to a
1155 configurable limit, after which arenas are reused for multiple
1156 threads), and the chunks in these arenas have the A bit set. To
1157 find the arena for a chunk on such a non-main arena, heap_for_ptr
1158 performs a bit mask operation and indirection through the ar_ptr
1159 member of the per-heap header heap_info (see arena.c).
1161 Note that the `foot' of the current chunk is actually represented
1162 as the prev_size of the NEXT chunk. This makes it easier to
1163 deal with alignments etc but can be very confusing when trying
1164 to extend or adapt this code.
1166 The three exceptions to all this are:
1168 1. The special chunk `top' doesn't bother using the
1169 trailing size field since there is no next contiguous chunk
1170 that would have to index off it. After initialization, `top'
1171 is forced to always exist. If it would become less than
1172 MINSIZE bytes long, it is replenished.
1174 2. Chunks allocated via mmap, which have the second-lowest-order
1175 bit M (IS_MMAPPED) set in their size fields. Because they are
1176 allocated one-by-one, each must contain its own trailing size
1177 field. If the M bit is set, the other bits are ignored
1178 (because mmapped chunks are neither in an arena, nor adjacent
1179 to a freed chunk). The M bit is also used for chunks which
1180 originally came from a dumped heap via malloc_set_state in
1181 hooks.c.
1183 3. Chunks in fastbins are treated as allocated chunks from the
1184 point of view of the chunk allocator. They are consolidated
1185 with their neighbors only in bulk, in malloc_consolidate.
1189 ---------- Size and alignment checks and conversions ----------
1192 /* conversion from malloc headers to user pointers, and back */
1194 #define chunk2mem(p) ((void*)((char*)(p) + 2*SIZE_SZ))
1195 #define mem2chunk(mem) ((mchunkptr)((char*)(mem) - 2*SIZE_SZ))
1197 /* The smallest possible chunk */
1198 #define MIN_CHUNK_SIZE (offsetof(struct malloc_chunk, fd_nextsize))
1200 /* The smallest size we can malloc is an aligned minimal chunk */
1202 #define MINSIZE \
1203 (unsigned long)(((MIN_CHUNK_SIZE+MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK))
1205 /* Check if m has acceptable alignment */
1207 #define aligned_OK(m) (((unsigned long)(m) & MALLOC_ALIGN_MASK) == 0)
1209 #define misaligned_chunk(p) \
1210 ((uintptr_t)(MALLOC_ALIGNMENT == 2 * SIZE_SZ ? (p) : chunk2mem (p)) \
1211 & MALLOC_ALIGN_MASK)
1215 Check if a request is so large that it would wrap around zero when
1216 padded and aligned. To simplify some other code, the bound is made
1217 low enough so that adding MINSIZE will also not wrap around zero.
1220 #define REQUEST_OUT_OF_RANGE(req) \
1221 ((unsigned long) (req) >= \
1222 (unsigned long) (INTERNAL_SIZE_T) (-2 * MINSIZE))
1224 /* pad request bytes into a usable size -- internal version */
1226 #define request2size(req) \
1227 (((req) + SIZE_SZ + MALLOC_ALIGN_MASK < MINSIZE) ? \
1228 MINSIZE : \
1229 ((req) + SIZE_SZ + MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK)
1231 /* Same, except also perform argument check */
1233 #define checked_request2size(req, sz) \
1234 if (REQUEST_OUT_OF_RANGE (req)) { \
1235 __set_errno (ENOMEM); \
1236 return 0; \
1238 (sz) = request2size (req);
1241 --------------- Physical chunk operations ---------------
1245 /* size field is or'ed with PREV_INUSE when previous adjacent chunk in use */
1246 #define PREV_INUSE 0x1
1248 /* extract inuse bit of previous chunk */
1249 #define prev_inuse(p) ((p)->mchunk_size & PREV_INUSE)
1252 /* size field is or'ed with IS_MMAPPED if the chunk was obtained with mmap() */
1253 #define IS_MMAPPED 0x2
1255 /* check for mmap()'ed chunk */
1256 #define chunk_is_mmapped(p) ((p)->mchunk_size & IS_MMAPPED)
1259 /* size field is or'ed with NON_MAIN_ARENA if the chunk was obtained
1260 from a non-main arena. This is only set immediately before handing
1261 the chunk to the user, if necessary. */
1262 #define NON_MAIN_ARENA 0x4
1264 /* Check for chunk from main arena. */
1265 #define chunk_main_arena(p) (((p)->mchunk_size & NON_MAIN_ARENA) == 0)
1267 /* Mark a chunk as not being on the main arena. */
1268 #define set_non_main_arena(p) ((p)->mchunk_size |= NON_MAIN_ARENA)
1272 Bits to mask off when extracting size
1274 Note: IS_MMAPPED is intentionally not masked off from size field in
1275 macros for which mmapped chunks should never be seen. This should
1276 cause helpful core dumps to occur if it is tried by accident by
1277 people extending or adapting this malloc.
1279 #define SIZE_BITS (PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA)
1281 /* Get size, ignoring use bits */
1282 #define chunksize(p) (chunksize_nomask (p) & ~(SIZE_BITS))
1284 /* Like chunksize, but do not mask SIZE_BITS. */
1285 #define chunksize_nomask(p) ((p)->mchunk_size)
1287 /* Ptr to next physical malloc_chunk. */
1288 #define next_chunk(p) ((mchunkptr) (((char *) (p)) + chunksize (p)))
1290 /* Size of the chunk below P. Only valid if prev_inuse (P). */
1291 #define prev_size(p) ((p)->mchunk_prev_size)
1293 /* Set the size of the chunk below P. Only valid if prev_inuse (P). */
1294 #define set_prev_size(p, sz) ((p)->mchunk_prev_size = (sz))
1296 /* Ptr to previous physical malloc_chunk. Only valid if prev_inuse (P). */
1297 #define prev_chunk(p) ((mchunkptr) (((char *) (p)) - prev_size (p)))
1299 /* Treat space at ptr + offset as a chunk */
1300 #define chunk_at_offset(p, s) ((mchunkptr) (((char *) (p)) + (s)))
1302 /* extract p's inuse bit */
1303 #define inuse(p) \
1304 ((((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size) & PREV_INUSE)
1306 /* set/clear chunk as being inuse without otherwise disturbing */
1307 #define set_inuse(p) \
1308 ((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size |= PREV_INUSE
1310 #define clear_inuse(p) \
1311 ((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size &= ~(PREV_INUSE)
1314 /* check/set/clear inuse bits in known places */
1315 #define inuse_bit_at_offset(p, s) \
1316 (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size & PREV_INUSE)
1318 #define set_inuse_bit_at_offset(p, s) \
1319 (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size |= PREV_INUSE)
1321 #define clear_inuse_bit_at_offset(p, s) \
1322 (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size &= ~(PREV_INUSE))
1325 /* Set size at head, without disturbing its use bit */
1326 #define set_head_size(p, s) ((p)->mchunk_size = (((p)->mchunk_size & SIZE_BITS) | (s)))
1328 /* Set size/use field */
1329 #define set_head(p, s) ((p)->mchunk_size = (s))
1331 /* Set size at footer (only when chunk is not in use) */
1332 #define set_foot(p, s) (((mchunkptr) ((char *) (p) + (s)))->mchunk_prev_size = (s))
1335 #pragma GCC poison mchunk_size
1336 #pragma GCC poison mchunk_prev_size
1339 -------------------- Internal data structures --------------------
1341 All internal state is held in an instance of malloc_state defined
1342 below. There are no other static variables, except in two optional
1343 cases:
1344 * If USE_MALLOC_LOCK is defined, the mALLOC_MUTEx declared above.
1345 * If mmap doesn't support MAP_ANONYMOUS, a dummy file descriptor
1346 for mmap.
1348 Beware of lots of tricks that minimize the total bookkeeping space
1349 requirements. The result is a little over 1K bytes (for 4byte
1350 pointers and size_t.)
1354 Bins
1356 An array of bin headers for free chunks. Each bin is doubly
1357 linked. The bins are approximately proportionally (log) spaced.
1358 There are a lot of these bins (128). This may look excessive, but
1359 works very well in practice. Most bins hold sizes that are
1360 unusual as malloc request sizes, but are more usual for fragments
1361 and consolidated sets of chunks, which is what these bins hold, so
1362 they can be found quickly. All procedures maintain the invariant
1363 that no consolidated chunk physically borders another one, so each
1364 chunk in a list is known to be preceeded and followed by either
1365 inuse chunks or the ends of memory.
1367 Chunks in bins are kept in size order, with ties going to the
1368 approximately least recently used chunk. Ordering isn't needed
1369 for the small bins, which all contain the same-sized chunks, but
1370 facilitates best-fit allocation for larger chunks. These lists
1371 are just sequential. Keeping them in order almost never requires
1372 enough traversal to warrant using fancier ordered data
1373 structures.
1375 Chunks of the same size are linked with the most
1376 recently freed at the front, and allocations are taken from the
1377 back. This results in LRU (FIFO) allocation order, which tends
1378 to give each chunk an equal opportunity to be consolidated with
1379 adjacent freed chunks, resulting in larger free chunks and less
1380 fragmentation.
1382 To simplify use in double-linked lists, each bin header acts
1383 as a malloc_chunk. This avoids special-casing for headers.
1384 But to conserve space and improve locality, we allocate
1385 only the fd/bk pointers of bins, and then use repositioning tricks
1386 to treat these as the fields of a malloc_chunk*.
1389 typedef struct malloc_chunk *mbinptr;
1391 /* addressing -- note that bin_at(0) does not exist */
1392 #define bin_at(m, i) \
1393 (mbinptr) (((char *) &((m)->bins[((i) - 1) * 2])) \
1394 - offsetof (struct malloc_chunk, fd))
1396 /* analog of ++bin */
1397 #define next_bin(b) ((mbinptr) ((char *) (b) + (sizeof (mchunkptr) << 1)))
1399 /* Reminders about list directionality within bins */
1400 #define first(b) ((b)->fd)
1401 #define last(b) ((b)->bk)
1403 /* Take a chunk off a bin list */
1404 #define unlink(AV, P, BK, FD) { \
1405 if (__builtin_expect (chunksize(P) != prev_size (next_chunk(P)), 0)) \
1406 malloc_printerr (check_action, "corrupted size vs. prev_size", P, AV); \
1407 FD = P->fd; \
1408 BK = P->bk; \
1409 if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \
1410 malloc_printerr (check_action, "corrupted double-linked list", P, AV); \
1411 else { \
1412 FD->bk = BK; \
1413 BK->fd = FD; \
1414 if (!in_smallbin_range (chunksize_nomask (P)) \
1415 && __builtin_expect (P->fd_nextsize != NULL, 0)) { \
1416 if (__builtin_expect (P->fd_nextsize->bk_nextsize != P, 0) \
1417 || __builtin_expect (P->bk_nextsize->fd_nextsize != P, 0)) \
1418 malloc_printerr (check_action, \
1419 "corrupted double-linked list (not small)", \
1420 P, AV); \
1421 if (FD->fd_nextsize == NULL) { \
1422 if (P->fd_nextsize == P) \
1423 FD->fd_nextsize = FD->bk_nextsize = FD; \
1424 else { \
1425 FD->fd_nextsize = P->fd_nextsize; \
1426 FD->bk_nextsize = P->bk_nextsize; \
1427 P->fd_nextsize->bk_nextsize = FD; \
1428 P->bk_nextsize->fd_nextsize = FD; \
1430 } else { \
1431 P->fd_nextsize->bk_nextsize = P->bk_nextsize; \
1432 P->bk_nextsize->fd_nextsize = P->fd_nextsize; \
1439 Indexing
1441 Bins for sizes < 512 bytes contain chunks of all the same size, spaced
1442 8 bytes apart. Larger bins are approximately logarithmically spaced:
1444 64 bins of size 8
1445 32 bins of size 64
1446 16 bins of size 512
1447 8 bins of size 4096
1448 4 bins of size 32768
1449 2 bins of size 262144
1450 1 bin of size what's left
1452 There is actually a little bit of slop in the numbers in bin_index
1453 for the sake of speed. This makes no difference elsewhere.
1455 The bins top out around 1MB because we expect to service large
1456 requests via mmap.
1458 Bin 0 does not exist. Bin 1 is the unordered list; if that would be
1459 a valid chunk size the small bins are bumped up one.
1462 #define NBINS 128
1463 #define NSMALLBINS 64
1464 #define SMALLBIN_WIDTH MALLOC_ALIGNMENT
1465 #define SMALLBIN_CORRECTION (MALLOC_ALIGNMENT > 2 * SIZE_SZ)
1466 #define MIN_LARGE_SIZE ((NSMALLBINS - SMALLBIN_CORRECTION) * SMALLBIN_WIDTH)
1468 #define in_smallbin_range(sz) \
1469 ((unsigned long) (sz) < (unsigned long) MIN_LARGE_SIZE)
1471 #define smallbin_index(sz) \
1472 ((SMALLBIN_WIDTH == 16 ? (((unsigned) (sz)) >> 4) : (((unsigned) (sz)) >> 3))\
1473 + SMALLBIN_CORRECTION)
1475 #define largebin_index_32(sz) \
1476 (((((unsigned long) (sz)) >> 6) <= 38) ? 56 + (((unsigned long) (sz)) >> 6) :\
1477 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1478 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1479 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1480 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1481 126)
1483 #define largebin_index_32_big(sz) \
1484 (((((unsigned long) (sz)) >> 6) <= 45) ? 49 + (((unsigned long) (sz)) >> 6) :\
1485 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1486 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1487 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1488 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1489 126)
1491 // XXX It remains to be seen whether it is good to keep the widths of
1492 // XXX the buckets the same or whether it should be scaled by a factor
1493 // XXX of two as well.
1494 #define largebin_index_64(sz) \
1495 (((((unsigned long) (sz)) >> 6) <= 48) ? 48 + (((unsigned long) (sz)) >> 6) :\
1496 ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\
1497 ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\
1498 ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\
1499 ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\
1500 126)
1502 #define largebin_index(sz) \
1503 (SIZE_SZ == 8 ? largebin_index_64 (sz) \
1504 : MALLOC_ALIGNMENT == 16 ? largebin_index_32_big (sz) \
1505 : largebin_index_32 (sz))
1507 #define bin_index(sz) \
1508 ((in_smallbin_range (sz)) ? smallbin_index (sz) : largebin_index (sz))
1512 Unsorted chunks
1514 All remainders from chunk splits, as well as all returned chunks,
1515 are first placed in the "unsorted" bin. They are then placed
1516 in regular bins after malloc gives them ONE chance to be used before
1517 binning. So, basically, the unsorted_chunks list acts as a queue,
1518 with chunks being placed on it in free (and malloc_consolidate),
1519 and taken off (to be either used or placed in bins) in malloc.
1521 The NON_MAIN_ARENA flag is never set for unsorted chunks, so it
1522 does not have to be taken into account in size comparisons.
1525 /* The otherwise unindexable 1-bin is used to hold unsorted chunks. */
1526 #define unsorted_chunks(M) (bin_at (M, 1))
1531 The top-most available chunk (i.e., the one bordering the end of
1532 available memory) is treated specially. It is never included in
1533 any bin, is used only if no other chunk is available, and is
1534 released back to the system if it is very large (see
1535 M_TRIM_THRESHOLD). Because top initially
1536 points to its own bin with initial zero size, thus forcing
1537 extension on the first malloc request, we avoid having any special
1538 code in malloc to check whether it even exists yet. But we still
1539 need to do so when getting memory from system, so we make
1540 initial_top treat the bin as a legal but unusable chunk during the
1541 interval between initialization and the first call to
1542 sysmalloc. (This is somewhat delicate, since it relies on
1543 the 2 preceding words to be zero during this interval as well.)
1546 /* Conveniently, the unsorted bin can be used as dummy top on first call */
1547 #define initial_top(M) (unsorted_chunks (M))
1550 Binmap
1552 To help compensate for the large number of bins, a one-level index
1553 structure is used for bin-by-bin searching. `binmap' is a
1554 bitvector recording whether bins are definitely empty so they can
1555 be skipped over during during traversals. The bits are NOT always
1556 cleared as soon as bins are empty, but instead only
1557 when they are noticed to be empty during traversal in malloc.
1560 /* Conservatively use 32 bits per map word, even if on 64bit system */
1561 #define BINMAPSHIFT 5
1562 #define BITSPERMAP (1U << BINMAPSHIFT)
1563 #define BINMAPSIZE (NBINS / BITSPERMAP)
1565 #define idx2block(i) ((i) >> BINMAPSHIFT)
1566 #define idx2bit(i) ((1U << ((i) & ((1U << BINMAPSHIFT) - 1))))
1568 #define mark_bin(m, i) ((m)->binmap[idx2block (i)] |= idx2bit (i))
1569 #define unmark_bin(m, i) ((m)->binmap[idx2block (i)] &= ~(idx2bit (i)))
1570 #define get_binmap(m, i) ((m)->binmap[idx2block (i)] & idx2bit (i))
1573 Fastbins
1575 An array of lists holding recently freed small chunks. Fastbins
1576 are not doubly linked. It is faster to single-link them, and
1577 since chunks are never removed from the middles of these lists,
1578 double linking is not necessary. Also, unlike regular bins, they
1579 are not even processed in FIFO order (they use faster LIFO) since
1580 ordering doesn't much matter in the transient contexts in which
1581 fastbins are normally used.
1583 Chunks in fastbins keep their inuse bit set, so they cannot
1584 be consolidated with other free chunks. malloc_consolidate
1585 releases all chunks in fastbins and consolidates them with
1586 other free chunks.
1589 typedef struct malloc_chunk *mfastbinptr;
1590 #define fastbin(ar_ptr, idx) ((ar_ptr)->fastbinsY[idx])
1592 /* offset 2 to use otherwise unindexable first 2 bins */
1593 #define fastbin_index(sz) \
1594 ((((unsigned int) (sz)) >> (SIZE_SZ == 8 ? 4 : 3)) - 2)
1597 /* The maximum fastbin request size we support */
1598 #define MAX_FAST_SIZE (80 * SIZE_SZ / 4)
1600 #define NFASTBINS (fastbin_index (request2size (MAX_FAST_SIZE)) + 1)
1603 FASTBIN_CONSOLIDATION_THRESHOLD is the size of a chunk in free()
1604 that triggers automatic consolidation of possibly-surrounding
1605 fastbin chunks. This is a heuristic, so the exact value should not
1606 matter too much. It is defined at half the default trim threshold as a
1607 compromise heuristic to only attempt consolidation if it is likely
1608 to lead to trimming. However, it is not dynamically tunable, since
1609 consolidation reduces fragmentation surrounding large chunks even
1610 if trimming is not used.
1613 #define FASTBIN_CONSOLIDATION_THRESHOLD (65536UL)
1616 Since the lowest 2 bits in max_fast don't matter in size comparisons,
1617 they are used as flags.
1621 FASTCHUNKS_BIT held in max_fast indicates that there are probably
1622 some fastbin chunks. It is set true on entering a chunk into any
1623 fastbin, and cleared only in malloc_consolidate.
1625 The truth value is inverted so that have_fastchunks will be true
1626 upon startup (since statics are zero-filled), simplifying
1627 initialization checks.
1630 #define FASTCHUNKS_BIT (1U)
1632 #define have_fastchunks(M) (((M)->flags & FASTCHUNKS_BIT) == 0)
1633 #define clear_fastchunks(M) catomic_or (&(M)->flags, FASTCHUNKS_BIT)
1634 #define set_fastchunks(M) catomic_and (&(M)->flags, ~FASTCHUNKS_BIT)
1637 NONCONTIGUOUS_BIT indicates that MORECORE does not return contiguous
1638 regions. Otherwise, contiguity is exploited in merging together,
1639 when possible, results from consecutive MORECORE calls.
1641 The initial value comes from MORECORE_CONTIGUOUS, but is
1642 changed dynamically if mmap is ever used as an sbrk substitute.
1645 #define NONCONTIGUOUS_BIT (2U)
1647 #define contiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) == 0)
1648 #define noncontiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) != 0)
1649 #define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT)
1650 #define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT)
1652 /* ARENA_CORRUPTION_BIT is set if a memory corruption was detected on the
1653 arena. Such an arena is no longer used to allocate chunks. Chunks
1654 allocated in that arena before detecting corruption are not freed. */
1656 #define ARENA_CORRUPTION_BIT (4U)
1658 #define arena_is_corrupt(A) (((A)->flags & ARENA_CORRUPTION_BIT))
1659 #define set_arena_corrupt(A) ((A)->flags |= ARENA_CORRUPTION_BIT)
1661 /* Maximum size of memory handled in fastbins. */
1662 static INTERNAL_SIZE_T global_max_fast;
1665 Set value of max_fast.
1666 Use impossibly small value if 0.
1667 Precondition: there are no existing fastbin chunks.
1668 Setting the value clears fastchunk bit but preserves noncontiguous bit.
1671 #define set_max_fast(s) \
1672 global_max_fast = (((s) == 0) \
1673 ? SMALLBIN_WIDTH : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK))
1675 static inline INTERNAL_SIZE_T
1676 get_max_fast (void)
1678 /* Tell the GCC optimizers that global_max_fast is never larger
1679 than MAX_FAST_SIZE. This avoids out-of-bounds array accesses in
1680 _int_malloc after constant propagation of the size parameter.
1681 (The code never executes because malloc preserves the
1682 global_max_fast invariant, but the optimizers may not recognize
1683 this.) */
1684 if (global_max_fast > MAX_FAST_SIZE)
1685 __builtin_unreachable ();
1686 return global_max_fast;
1690 ----------- Internal state representation and initialization -----------
1693 struct malloc_state
1695 /* Serialize access. */
1696 __libc_lock_define (, mutex);
1698 /* Flags (formerly in max_fast). */
1699 int flags;
1701 /* Fastbins */
1702 mfastbinptr fastbinsY[NFASTBINS];
1704 /* Base of the topmost chunk -- not otherwise kept in a bin */
1705 mchunkptr top;
1707 /* The remainder from the most recent split of a small request */
1708 mchunkptr last_remainder;
1710 /* Normal bins packed as described above */
1711 mchunkptr bins[NBINS * 2 - 2];
1713 /* Bitmap of bins */
1714 unsigned int binmap[BINMAPSIZE];
1716 /* Linked list */
1717 struct malloc_state *next;
1719 /* Linked list for free arenas. Access to this field is serialized
1720 by free_list_lock in arena.c. */
1721 struct malloc_state *next_free;
1723 /* Number of threads attached to this arena. 0 if the arena is on
1724 the free list. Access to this field is serialized by
1725 free_list_lock in arena.c. */
1726 INTERNAL_SIZE_T attached_threads;
1728 /* Memory allocated from the system in this arena. */
1729 INTERNAL_SIZE_T system_mem;
1730 INTERNAL_SIZE_T max_system_mem;
1733 struct malloc_par
1735 /* Tunable parameters */
1736 unsigned long trim_threshold;
1737 INTERNAL_SIZE_T top_pad;
1738 INTERNAL_SIZE_T mmap_threshold;
1739 INTERNAL_SIZE_T arena_test;
1740 INTERNAL_SIZE_T arena_max;
1742 /* Memory map support */
1743 int n_mmaps;
1744 int n_mmaps_max;
1745 int max_n_mmaps;
1746 /* the mmap_threshold is dynamic, until the user sets
1747 it manually, at which point we need to disable any
1748 dynamic behavior. */
1749 int no_dyn_threshold;
1751 /* Statistics */
1752 INTERNAL_SIZE_T mmapped_mem;
1753 INTERNAL_SIZE_T max_mmapped_mem;
1755 /* First address handed out by MORECORE/sbrk. */
1756 char *sbrk_base;
1758 #if USE_TCACHE
1759 /* Maximum number of buckets to use. */
1760 size_t tcache_bins;
1761 size_t tcache_max_bytes;
1762 /* Maximum number of chunks in each bucket. */
1763 size_t tcache_count;
1764 /* Maximum number of chunks to remove from the unsorted list, which
1765 aren't used to prefill the cache. */
1766 size_t tcache_unsorted_limit;
1767 #endif
1770 /* There are several instances of this struct ("arenas") in this
1771 malloc. If you are adapting this malloc in a way that does NOT use
1772 a static or mmapped malloc_state, you MUST explicitly zero-fill it
1773 before using. This malloc relies on the property that malloc_state
1774 is initialized to all zeroes (as is true of C statics). */
1776 static struct malloc_state main_arena =
1778 .mutex = _LIBC_LOCK_INITIALIZER,
1779 .next = &main_arena,
1780 .attached_threads = 1
1783 /* These variables are used for undumping support. Chunked are marked
1784 as using mmap, but we leave them alone if they fall into this
1785 range. NB: The chunk size for these chunks only includes the
1786 initial size field (of SIZE_SZ bytes), there is no trailing size
1787 field (unlike with regular mmapped chunks). */
1788 static mchunkptr dumped_main_arena_start; /* Inclusive. */
1789 static mchunkptr dumped_main_arena_end; /* Exclusive. */
1791 /* True if the pointer falls into the dumped arena. Use this after
1792 chunk_is_mmapped indicates a chunk is mmapped. */
1793 #define DUMPED_MAIN_ARENA_CHUNK(p) \
1794 ((p) >= dumped_main_arena_start && (p) < dumped_main_arena_end)
1796 /* There is only one instance of the malloc parameters. */
1798 static struct malloc_par mp_ =
1800 .top_pad = DEFAULT_TOP_PAD,
1801 .n_mmaps_max = DEFAULT_MMAP_MAX,
1802 .mmap_threshold = DEFAULT_MMAP_THRESHOLD,
1803 .trim_threshold = DEFAULT_TRIM_THRESHOLD,
1804 #define NARENAS_FROM_NCORES(n) ((n) * (sizeof (long) == 4 ? 2 : 8))
1805 .arena_test = NARENAS_FROM_NCORES (1)
1806 #if USE_TCACHE
1808 .tcache_count = TCACHE_FILL_COUNT,
1809 .tcache_bins = TCACHE_MAX_BINS,
1810 .tcache_max_bytes = tidx2usize (TCACHE_MAX_BINS-1),
1811 .tcache_unsorted_limit = 0 /* No limit. */
1812 #endif
1816 Initialize a malloc_state struct.
1818 This is called only from within malloc_consolidate, which needs
1819 be called in the same contexts anyway. It is never called directly
1820 outside of malloc_consolidate because some optimizing compilers try
1821 to inline it at all call points, which turns out not to be an
1822 optimization at all. (Inlining it in malloc_consolidate is fine though.)
1825 static void
1826 malloc_init_state (mstate av)
1828 int i;
1829 mbinptr bin;
1831 /* Establish circular links for normal bins */
1832 for (i = 1; i < NBINS; ++i)
1834 bin = bin_at (av, i);
1835 bin->fd = bin->bk = bin;
1838 #if MORECORE_CONTIGUOUS
1839 if (av != &main_arena)
1840 #endif
1841 set_noncontiguous (av);
1842 if (av == &main_arena)
1843 set_max_fast (DEFAULT_MXFAST);
1844 av->flags |= FASTCHUNKS_BIT;
1846 av->top = initial_top (av);
1850 Other internal utilities operating on mstates
1853 static void *sysmalloc (INTERNAL_SIZE_T, mstate);
1854 static int systrim (size_t, mstate);
1855 static void malloc_consolidate (mstate);
1858 /* -------------- Early definitions for debugging hooks ---------------- */
1860 /* Define and initialize the hook variables. These weak definitions must
1861 appear before any use of the variables in a function (arena.c uses one). */
1862 #ifndef weak_variable
1863 /* In GNU libc we want the hook variables to be weak definitions to
1864 avoid a problem with Emacs. */
1865 # define weak_variable weak_function
1866 #endif
1868 /* Forward declarations. */
1869 static void *malloc_hook_ini (size_t sz,
1870 const void *caller) __THROW;
1871 static void *realloc_hook_ini (void *ptr, size_t sz,
1872 const void *caller) __THROW;
1873 static void *memalign_hook_ini (size_t alignment, size_t sz,
1874 const void *caller) __THROW;
1876 #if HAVE_MALLOC_INIT_HOOK
1877 void weak_variable (*__malloc_initialize_hook) (void) = NULL;
1878 compat_symbol (libc, __malloc_initialize_hook,
1879 __malloc_initialize_hook, GLIBC_2_0);
1880 #endif
1882 void weak_variable (*__free_hook) (void *__ptr,
1883 const void *) = NULL;
1884 void *weak_variable (*__malloc_hook)
1885 (size_t __size, const void *) = malloc_hook_ini;
1886 void *weak_variable (*__realloc_hook)
1887 (void *__ptr, size_t __size, const void *)
1888 = realloc_hook_ini;
1889 void *weak_variable (*__memalign_hook)
1890 (size_t __alignment, size_t __size, const void *)
1891 = memalign_hook_ini;
1892 void weak_variable (*__after_morecore_hook) (void) = NULL;
1895 /* ---------------- Error behavior ------------------------------------ */
1897 #ifndef DEFAULT_CHECK_ACTION
1898 # define DEFAULT_CHECK_ACTION 3
1899 #endif
1901 static int check_action = DEFAULT_CHECK_ACTION;
1904 /* ------------------ Testing support ----------------------------------*/
1906 static int perturb_byte;
1908 static void
1909 alloc_perturb (char *p, size_t n)
1911 if (__glibc_unlikely (perturb_byte))
1912 memset (p, perturb_byte ^ 0xff, n);
1915 static void
1916 free_perturb (char *p, size_t n)
1918 if (__glibc_unlikely (perturb_byte))
1919 memset (p, perturb_byte, n);
1924 #include <stap-probe.h>
1926 /* ------------------- Support for multiple arenas -------------------- */
1927 #include "arena.c"
1930 Debugging support
1932 These routines make a number of assertions about the states
1933 of data structures that should be true at all times. If any
1934 are not true, it's very likely that a user program has somehow
1935 trashed memory. (It's also possible that there is a coding error
1936 in malloc. In which case, please report it!)
1939 #if !MALLOC_DEBUG
1941 # define check_chunk(A, P)
1942 # define check_free_chunk(A, P)
1943 # define check_inuse_chunk(A, P)
1944 # define check_remalloced_chunk(A, P, N)
1945 # define check_malloced_chunk(A, P, N)
1946 # define check_malloc_state(A)
1948 #else
1950 # define check_chunk(A, P) do_check_chunk (A, P)
1951 # define check_free_chunk(A, P) do_check_free_chunk (A, P)
1952 # define check_inuse_chunk(A, P) do_check_inuse_chunk (A, P)
1953 # define check_remalloced_chunk(A, P, N) do_check_remalloced_chunk (A, P, N)
1954 # define check_malloced_chunk(A, P, N) do_check_malloced_chunk (A, P, N)
1955 # define check_malloc_state(A) do_check_malloc_state (A)
1958 Properties of all chunks
1961 static void
1962 do_check_chunk (mstate av, mchunkptr p)
1964 unsigned long sz = chunksize (p);
1965 /* min and max possible addresses assuming contiguous allocation */
1966 char *max_address = (char *) (av->top) + chunksize (av->top);
1967 char *min_address = max_address - av->system_mem;
1969 if (!chunk_is_mmapped (p))
1971 /* Has legal address ... */
1972 if (p != av->top)
1974 if (contiguous (av))
1976 assert (((char *) p) >= min_address);
1977 assert (((char *) p + sz) <= ((char *) (av->top)));
1980 else
1982 /* top size is always at least MINSIZE */
1983 assert ((unsigned long) (sz) >= MINSIZE);
1984 /* top predecessor always marked inuse */
1985 assert (prev_inuse (p));
1988 else if (!DUMPED_MAIN_ARENA_CHUNK (p))
1990 /* address is outside main heap */
1991 if (contiguous (av) && av->top != initial_top (av))
1993 assert (((char *) p) < min_address || ((char *) p) >= max_address);
1995 /* chunk is page-aligned */
1996 assert (((prev_size (p) + sz) & (GLRO (dl_pagesize) - 1)) == 0);
1997 /* mem is aligned */
1998 assert (aligned_OK (chunk2mem (p)));
2003 Properties of free chunks
2006 static void
2007 do_check_free_chunk (mstate av, mchunkptr p)
2009 INTERNAL_SIZE_T sz = p->size & ~(PREV_INUSE | NON_MAIN_ARENA);
2010 mchunkptr next = chunk_at_offset (p, sz);
2012 do_check_chunk (av, p);
2014 /* Chunk must claim to be free ... */
2015 assert (!inuse (p));
2016 assert (!chunk_is_mmapped (p));
2018 /* Unless a special marker, must have OK fields */
2019 if ((unsigned long) (sz) >= MINSIZE)
2021 assert ((sz & MALLOC_ALIGN_MASK) == 0);
2022 assert (aligned_OK (chunk2mem (p)));
2023 /* ... matching footer field */
2024 assert (prev_size (p) == sz);
2025 /* ... and is fully consolidated */
2026 assert (prev_inuse (p));
2027 assert (next == av->top || inuse (next));
2029 /* ... and has minimally sane links */
2030 assert (p->fd->bk == p);
2031 assert (p->bk->fd == p);
2033 else /* markers are always of size SIZE_SZ */
2034 assert (sz == SIZE_SZ);
2038 Properties of inuse chunks
2041 static void
2042 do_check_inuse_chunk (mstate av, mchunkptr p)
2044 mchunkptr next;
2046 do_check_chunk (av, p);
2048 if (chunk_is_mmapped (p))
2049 return; /* mmapped chunks have no next/prev */
2051 /* Check whether it claims to be in use ... */
2052 assert (inuse (p));
2054 next = next_chunk (p);
2056 /* ... and is surrounded by OK chunks.
2057 Since more things can be checked with free chunks than inuse ones,
2058 if an inuse chunk borders them and debug is on, it's worth doing them.
2060 if (!prev_inuse (p))
2062 /* Note that we cannot even look at prev unless it is not inuse */
2063 mchunkptr prv = prev_chunk (p);
2064 assert (next_chunk (prv) == p);
2065 do_check_free_chunk (av, prv);
2068 if (next == av->top)
2070 assert (prev_inuse (next));
2071 assert (chunksize (next) >= MINSIZE);
2073 else if (!inuse (next))
2074 do_check_free_chunk (av, next);
2078 Properties of chunks recycled from fastbins
2081 static void
2082 do_check_remalloced_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T s)
2084 INTERNAL_SIZE_T sz = p->size & ~(PREV_INUSE | NON_MAIN_ARENA);
2086 if (!chunk_is_mmapped (p))
2088 assert (av == arena_for_chunk (p));
2089 if (chunk_main_arena (p))
2090 assert (av == &main_arena);
2091 else
2092 assert (av != &main_arena);
2095 do_check_inuse_chunk (av, p);
2097 /* Legal size ... */
2098 assert ((sz & MALLOC_ALIGN_MASK) == 0);
2099 assert ((unsigned long) (sz) >= MINSIZE);
2100 /* ... and alignment */
2101 assert (aligned_OK (chunk2mem (p)));
2102 /* chunk is less than MINSIZE more than request */
2103 assert ((long) (sz) - (long) (s) >= 0);
2104 assert ((long) (sz) - (long) (s + MINSIZE) < 0);
2108 Properties of nonrecycled chunks at the point they are malloced
2111 static void
2112 do_check_malloced_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T s)
2114 /* same as recycled case ... */
2115 do_check_remalloced_chunk (av, p, s);
2118 ... plus, must obey implementation invariant that prev_inuse is
2119 always true of any allocated chunk; i.e., that each allocated
2120 chunk borders either a previously allocated and still in-use
2121 chunk, or the base of its memory arena. This is ensured
2122 by making all allocations from the `lowest' part of any found
2123 chunk. This does not necessarily hold however for chunks
2124 recycled via fastbins.
2127 assert (prev_inuse (p));
2132 Properties of malloc_state.
2134 This may be useful for debugging malloc, as well as detecting user
2135 programmer errors that somehow write into malloc_state.
2137 If you are extending or experimenting with this malloc, you can
2138 probably figure out how to hack this routine to print out or
2139 display chunk addresses, sizes, bins, and other instrumentation.
2142 static void
2143 do_check_malloc_state (mstate av)
2145 int i;
2146 mchunkptr p;
2147 mchunkptr q;
2148 mbinptr b;
2149 unsigned int idx;
2150 INTERNAL_SIZE_T size;
2151 unsigned long total = 0;
2152 int max_fast_bin;
2154 /* internal size_t must be no wider than pointer type */
2155 assert (sizeof (INTERNAL_SIZE_T) <= sizeof (char *));
2157 /* alignment is a power of 2 */
2158 assert ((MALLOC_ALIGNMENT & (MALLOC_ALIGNMENT - 1)) == 0);
2160 /* cannot run remaining checks until fully initialized */
2161 if (av->top == 0 || av->top == initial_top (av))
2162 return;
2164 /* pagesize is a power of 2 */
2165 assert (powerof2(GLRO (dl_pagesize)));
2167 /* A contiguous main_arena is consistent with sbrk_base. */
2168 if (av == &main_arena && contiguous (av))
2169 assert ((char *) mp_.sbrk_base + av->system_mem ==
2170 (char *) av->top + chunksize (av->top));
2172 /* properties of fastbins */
2174 /* max_fast is in allowed range */
2175 assert ((get_max_fast () & ~1) <= request2size (MAX_FAST_SIZE));
2177 max_fast_bin = fastbin_index (get_max_fast ());
2179 for (i = 0; i < NFASTBINS; ++i)
2181 p = fastbin (av, i);
2183 /* The following test can only be performed for the main arena.
2184 While mallopt calls malloc_consolidate to get rid of all fast
2185 bins (especially those larger than the new maximum) this does
2186 only happen for the main arena. Trying to do this for any
2187 other arena would mean those arenas have to be locked and
2188 malloc_consolidate be called for them. This is excessive. And
2189 even if this is acceptable to somebody it still cannot solve
2190 the problem completely since if the arena is locked a
2191 concurrent malloc call might create a new arena which then
2192 could use the newly invalid fast bins. */
2194 /* all bins past max_fast are empty */
2195 if (av == &main_arena && i > max_fast_bin)
2196 assert (p == 0);
2198 while (p != 0)
2200 /* each chunk claims to be inuse */
2201 do_check_inuse_chunk (av, p);
2202 total += chunksize (p);
2203 /* chunk belongs in this bin */
2204 assert (fastbin_index (chunksize (p)) == i);
2205 p = p->fd;
2209 if (total != 0)
2210 assert (have_fastchunks (av));
2211 else if (!have_fastchunks (av))
2212 assert (total == 0);
2214 /* check normal bins */
2215 for (i = 1; i < NBINS; ++i)
2217 b = bin_at (av, i);
2219 /* binmap is accurate (except for bin 1 == unsorted_chunks) */
2220 if (i >= 2)
2222 unsigned int binbit = get_binmap (av, i);
2223 int empty = last (b) == b;
2224 if (!binbit)
2225 assert (empty);
2226 else if (!empty)
2227 assert (binbit);
2230 for (p = last (b); p != b; p = p->bk)
2232 /* each chunk claims to be free */
2233 do_check_free_chunk (av, p);
2234 size = chunksize (p);
2235 total += size;
2236 if (i >= 2)
2238 /* chunk belongs in bin */
2239 idx = bin_index (size);
2240 assert (idx == i);
2241 /* lists are sorted */
2242 assert (p->bk == b ||
2243 (unsigned long) chunksize (p->bk) >= (unsigned long) chunksize (p));
2245 if (!in_smallbin_range (size))
2247 if (p->fd_nextsize != NULL)
2249 if (p->fd_nextsize == p)
2250 assert (p->bk_nextsize == p);
2251 else
2253 if (p->fd_nextsize == first (b))
2254 assert (chunksize (p) < chunksize (p->fd_nextsize));
2255 else
2256 assert (chunksize (p) > chunksize (p->fd_nextsize));
2258 if (p == first (b))
2259 assert (chunksize (p) > chunksize (p->bk_nextsize));
2260 else
2261 assert (chunksize (p) < chunksize (p->bk_nextsize));
2264 else
2265 assert (p->bk_nextsize == NULL);
2268 else if (!in_smallbin_range (size))
2269 assert (p->fd_nextsize == NULL && p->bk_nextsize == NULL);
2270 /* chunk is followed by a legal chain of inuse chunks */
2271 for (q = next_chunk (p);
2272 (q != av->top && inuse (q) &&
2273 (unsigned long) (chunksize (q)) >= MINSIZE);
2274 q = next_chunk (q))
2275 do_check_inuse_chunk (av, q);
2279 /* top chunk is OK */
2280 check_chunk (av, av->top);
2282 #endif
2285 /* ----------------- Support for debugging hooks -------------------- */
2286 #include "hooks.c"
2289 /* ----------- Routines dealing with system allocation -------------- */
2292 sysmalloc handles malloc cases requiring more memory from the system.
2293 On entry, it is assumed that av->top does not have enough
2294 space to service request for nb bytes, thus requiring that av->top
2295 be extended or replaced.
2298 static void *
2299 sysmalloc (INTERNAL_SIZE_T nb, mstate av)
2301 mchunkptr old_top; /* incoming value of av->top */
2302 INTERNAL_SIZE_T old_size; /* its size */
2303 char *old_end; /* its end address */
2305 long size; /* arg to first MORECORE or mmap call */
2306 char *brk; /* return value from MORECORE */
2308 long correction; /* arg to 2nd MORECORE call */
2309 char *snd_brk; /* 2nd return val */
2311 INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */
2312 INTERNAL_SIZE_T end_misalign; /* partial page left at end of new space */
2313 char *aligned_brk; /* aligned offset into brk */
2315 mchunkptr p; /* the allocated/returned chunk */
2316 mchunkptr remainder; /* remainder from allocation */
2317 unsigned long remainder_size; /* its size */
2320 size_t pagesize = GLRO (dl_pagesize);
2321 bool tried_mmap = false;
2325 If have mmap, and the request size meets the mmap threshold, and
2326 the system supports mmap, and there are few enough currently
2327 allocated mmapped regions, try to directly map this request
2328 rather than expanding top.
2331 if (av == NULL
2332 || ((unsigned long) (nb) >= (unsigned long) (mp_.mmap_threshold)
2333 && (mp_.n_mmaps < mp_.n_mmaps_max)))
2335 char *mm; /* return value from mmap call*/
2337 try_mmap:
2339 Round up size to nearest page. For mmapped chunks, the overhead
2340 is one SIZE_SZ unit larger than for normal chunks, because there
2341 is no following chunk whose prev_size field could be used.
2343 See the front_misalign handling below, for glibc there is no
2344 need for further alignments unless we have have high alignment.
2346 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2347 size = ALIGN_UP (nb + SIZE_SZ, pagesize);
2348 else
2349 size = ALIGN_UP (nb + SIZE_SZ + MALLOC_ALIGN_MASK, pagesize);
2350 tried_mmap = true;
2352 /* Don't try if size wraps around 0 */
2353 if ((unsigned long) (size) > (unsigned long) (nb))
2355 mm = (char *) (MMAP (0, size, PROT_READ | PROT_WRITE, 0));
2357 if (mm != MAP_FAILED)
2360 The offset to the start of the mmapped region is stored
2361 in the prev_size field of the chunk. This allows us to adjust
2362 returned start address to meet alignment requirements here
2363 and in memalign(), and still be able to compute proper
2364 address argument for later munmap in free() and realloc().
2367 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2369 /* For glibc, chunk2mem increases the address by 2*SIZE_SZ and
2370 MALLOC_ALIGN_MASK is 2*SIZE_SZ-1. Each mmap'ed area is page
2371 aligned and therefore definitely MALLOC_ALIGN_MASK-aligned. */
2372 assert (((INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK) == 0);
2373 front_misalign = 0;
2375 else
2376 front_misalign = (INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK;
2377 if (front_misalign > 0)
2379 correction = MALLOC_ALIGNMENT - front_misalign;
2380 p = (mchunkptr) (mm + correction);
2381 set_prev_size (p, correction);
2382 set_head (p, (size - correction) | IS_MMAPPED);
2384 else
2386 p = (mchunkptr) mm;
2387 set_prev_size (p, 0);
2388 set_head (p, size | IS_MMAPPED);
2391 /* update statistics */
2393 int new = atomic_exchange_and_add (&mp_.n_mmaps, 1) + 1;
2394 atomic_max (&mp_.max_n_mmaps, new);
2396 unsigned long sum;
2397 sum = atomic_exchange_and_add (&mp_.mmapped_mem, size) + size;
2398 atomic_max (&mp_.max_mmapped_mem, sum);
2400 check_chunk (av, p);
2402 return chunk2mem (p);
2407 /* There are no usable arenas and mmap also failed. */
2408 if (av == NULL)
2409 return 0;
2411 /* Record incoming configuration of top */
2413 old_top = av->top;
2414 old_size = chunksize (old_top);
2415 old_end = (char *) (chunk_at_offset (old_top, old_size));
2417 brk = snd_brk = (char *) (MORECORE_FAILURE);
2420 If not the first time through, we require old_size to be
2421 at least MINSIZE and to have prev_inuse set.
2424 assert ((old_top == initial_top (av) && old_size == 0) ||
2425 ((unsigned long) (old_size) >= MINSIZE &&
2426 prev_inuse (old_top) &&
2427 ((unsigned long) old_end & (pagesize - 1)) == 0));
2429 /* Precondition: not enough current space to satisfy nb request */
2430 assert ((unsigned long) (old_size) < (unsigned long) (nb + MINSIZE));
2433 if (av != &main_arena)
2435 heap_info *old_heap, *heap;
2436 size_t old_heap_size;
2438 /* First try to extend the current heap. */
2439 old_heap = heap_for_ptr (old_top);
2440 old_heap_size = old_heap->size;
2441 if ((long) (MINSIZE + nb - old_size) > 0
2442 && grow_heap (old_heap, MINSIZE + nb - old_size) == 0)
2444 av->system_mem += old_heap->size - old_heap_size;
2445 set_head (old_top, (((char *) old_heap + old_heap->size) - (char *) old_top)
2446 | PREV_INUSE);
2448 else if ((heap = new_heap (nb + (MINSIZE + sizeof (*heap)), mp_.top_pad)))
2450 /* Use a newly allocated heap. */
2451 heap->ar_ptr = av;
2452 heap->prev = old_heap;
2453 av->system_mem += heap->size;
2454 /* Set up the new top. */
2455 top (av) = chunk_at_offset (heap, sizeof (*heap));
2456 set_head (top (av), (heap->size - sizeof (*heap)) | PREV_INUSE);
2458 /* Setup fencepost and free the old top chunk with a multiple of
2459 MALLOC_ALIGNMENT in size. */
2460 /* The fencepost takes at least MINSIZE bytes, because it might
2461 become the top chunk again later. Note that a footer is set
2462 up, too, although the chunk is marked in use. */
2463 old_size = (old_size - MINSIZE) & ~MALLOC_ALIGN_MASK;
2464 set_head (chunk_at_offset (old_top, old_size + 2 * SIZE_SZ), 0 | PREV_INUSE);
2465 if (old_size >= MINSIZE)
2467 set_head (chunk_at_offset (old_top, old_size), (2 * SIZE_SZ) | PREV_INUSE);
2468 set_foot (chunk_at_offset (old_top, old_size), (2 * SIZE_SZ));
2469 set_head (old_top, old_size | PREV_INUSE | NON_MAIN_ARENA);
2470 _int_free (av, old_top, 1);
2472 else
2474 set_head (old_top, (old_size + 2 * SIZE_SZ) | PREV_INUSE);
2475 set_foot (old_top, (old_size + 2 * SIZE_SZ));
2478 else if (!tried_mmap)
2479 /* We can at least try to use to mmap memory. */
2480 goto try_mmap;
2482 else /* av == main_arena */
2485 { /* Request enough space for nb + pad + overhead */
2486 size = nb + mp_.top_pad + MINSIZE;
2489 If contiguous, we can subtract out existing space that we hope to
2490 combine with new space. We add it back later only if
2491 we don't actually get contiguous space.
2494 if (contiguous (av))
2495 size -= old_size;
2498 Round to a multiple of page size.
2499 If MORECORE is not contiguous, this ensures that we only call it
2500 with whole-page arguments. And if MORECORE is contiguous and
2501 this is not first time through, this preserves page-alignment of
2502 previous calls. Otherwise, we correct to page-align below.
2505 size = ALIGN_UP (size, pagesize);
2508 Don't try to call MORECORE if argument is so big as to appear
2509 negative. Note that since mmap takes size_t arg, it may succeed
2510 below even if we cannot call MORECORE.
2513 if (size > 0)
2515 brk = (char *) (MORECORE (size));
2516 LIBC_PROBE (memory_sbrk_more, 2, brk, size);
2519 if (brk != (char *) (MORECORE_FAILURE))
2521 /* Call the `morecore' hook if necessary. */
2522 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2523 if (__builtin_expect (hook != NULL, 0))
2524 (*hook)();
2526 else
2529 If have mmap, try using it as a backup when MORECORE fails or
2530 cannot be used. This is worth doing on systems that have "holes" in
2531 address space, so sbrk cannot extend to give contiguous space, but
2532 space is available elsewhere. Note that we ignore mmap max count
2533 and threshold limits, since the space will not be used as a
2534 segregated mmap region.
2537 /* Cannot merge with old top, so add its size back in */
2538 if (contiguous (av))
2539 size = ALIGN_UP (size + old_size, pagesize);
2541 /* If we are relying on mmap as backup, then use larger units */
2542 if ((unsigned long) (size) < (unsigned long) (MMAP_AS_MORECORE_SIZE))
2543 size = MMAP_AS_MORECORE_SIZE;
2545 /* Don't try if size wraps around 0 */
2546 if ((unsigned long) (size) > (unsigned long) (nb))
2548 char *mbrk = (char *) (MMAP (0, size, PROT_READ | PROT_WRITE, 0));
2550 if (mbrk != MAP_FAILED)
2552 /* We do not need, and cannot use, another sbrk call to find end */
2553 brk = mbrk;
2554 snd_brk = brk + size;
2557 Record that we no longer have a contiguous sbrk region.
2558 After the first time mmap is used as backup, we do not
2559 ever rely on contiguous space since this could incorrectly
2560 bridge regions.
2562 set_noncontiguous (av);
2567 if (brk != (char *) (MORECORE_FAILURE))
2569 if (mp_.sbrk_base == 0)
2570 mp_.sbrk_base = brk;
2571 av->system_mem += size;
2574 If MORECORE extends previous space, we can likewise extend top size.
2577 if (brk == old_end && snd_brk == (char *) (MORECORE_FAILURE))
2578 set_head (old_top, (size + old_size) | PREV_INUSE);
2580 else if (contiguous (av) && old_size && brk < old_end)
2582 /* Oops! Someone else killed our space.. Can't touch anything. */
2583 malloc_printerr (3, "break adjusted to free malloc space", brk,
2584 av);
2588 Otherwise, make adjustments:
2590 * If the first time through or noncontiguous, we need to call sbrk
2591 just to find out where the end of memory lies.
2593 * We need to ensure that all returned chunks from malloc will meet
2594 MALLOC_ALIGNMENT
2596 * If there was an intervening foreign sbrk, we need to adjust sbrk
2597 request size to account for fact that we will not be able to
2598 combine new space with existing space in old_top.
2600 * Almost all systems internally allocate whole pages at a time, in
2601 which case we might as well use the whole last page of request.
2602 So we allocate enough more memory to hit a page boundary now,
2603 which in turn causes future contiguous calls to page-align.
2606 else
2608 front_misalign = 0;
2609 end_misalign = 0;
2610 correction = 0;
2611 aligned_brk = brk;
2613 /* handle contiguous cases */
2614 if (contiguous (av))
2616 /* Count foreign sbrk as system_mem. */
2617 if (old_size)
2618 av->system_mem += brk - old_end;
2620 /* Guarantee alignment of first new chunk made from this space */
2622 front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
2623 if (front_misalign > 0)
2626 Skip over some bytes to arrive at an aligned position.
2627 We don't need to specially mark these wasted front bytes.
2628 They will never be accessed anyway because
2629 prev_inuse of av->top (and any chunk created from its start)
2630 is always true after initialization.
2633 correction = MALLOC_ALIGNMENT - front_misalign;
2634 aligned_brk += correction;
2638 If this isn't adjacent to existing space, then we will not
2639 be able to merge with old_top space, so must add to 2nd request.
2642 correction += old_size;
2644 /* Extend the end address to hit a page boundary */
2645 end_misalign = (INTERNAL_SIZE_T) (brk + size + correction);
2646 correction += (ALIGN_UP (end_misalign, pagesize)) - end_misalign;
2648 assert (correction >= 0);
2649 snd_brk = (char *) (MORECORE (correction));
2652 If can't allocate correction, try to at least find out current
2653 brk. It might be enough to proceed without failing.
2655 Note that if second sbrk did NOT fail, we assume that space
2656 is contiguous with first sbrk. This is a safe assumption unless
2657 program is multithreaded but doesn't use locks and a foreign sbrk
2658 occurred between our first and second calls.
2661 if (snd_brk == (char *) (MORECORE_FAILURE))
2663 correction = 0;
2664 snd_brk = (char *) (MORECORE (0));
2666 else
2668 /* Call the `morecore' hook if necessary. */
2669 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2670 if (__builtin_expect (hook != NULL, 0))
2671 (*hook)();
2675 /* handle non-contiguous cases */
2676 else
2678 if (MALLOC_ALIGNMENT == 2 * SIZE_SZ)
2679 /* MORECORE/mmap must correctly align */
2680 assert (((unsigned long) chunk2mem (brk) & MALLOC_ALIGN_MASK) == 0);
2681 else
2683 front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
2684 if (front_misalign > 0)
2687 Skip over some bytes to arrive at an aligned position.
2688 We don't need to specially mark these wasted front bytes.
2689 They will never be accessed anyway because
2690 prev_inuse of av->top (and any chunk created from its start)
2691 is always true after initialization.
2694 aligned_brk += MALLOC_ALIGNMENT - front_misalign;
2698 /* Find out current end of memory */
2699 if (snd_brk == (char *) (MORECORE_FAILURE))
2701 snd_brk = (char *) (MORECORE (0));
2705 /* Adjust top based on results of second sbrk */
2706 if (snd_brk != (char *) (MORECORE_FAILURE))
2708 av->top = (mchunkptr) aligned_brk;
2709 set_head (av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE);
2710 av->system_mem += correction;
2713 If not the first time through, we either have a
2714 gap due to foreign sbrk or a non-contiguous region. Insert a
2715 double fencepost at old_top to prevent consolidation with space
2716 we don't own. These fenceposts are artificial chunks that are
2717 marked as inuse and are in any case too small to use. We need
2718 two to make sizes and alignments work out.
2721 if (old_size != 0)
2724 Shrink old_top to insert fenceposts, keeping size a
2725 multiple of MALLOC_ALIGNMENT. We know there is at least
2726 enough space in old_top to do this.
2728 old_size = (old_size - 4 * SIZE_SZ) & ~MALLOC_ALIGN_MASK;
2729 set_head (old_top, old_size | PREV_INUSE);
2732 Note that the following assignments completely overwrite
2733 old_top when old_size was previously MINSIZE. This is
2734 intentional. We need the fencepost, even if old_top otherwise gets
2735 lost.
2737 set_head (chunk_at_offset (old_top, old_size),
2738 (2 * SIZE_SZ) | PREV_INUSE);
2739 set_head (chunk_at_offset (old_top, old_size + 2 * SIZE_SZ),
2740 (2 * SIZE_SZ) | PREV_INUSE);
2742 /* If possible, release the rest. */
2743 if (old_size >= MINSIZE)
2745 _int_free (av, old_top, 1);
2751 } /* if (av != &main_arena) */
2753 if ((unsigned long) av->system_mem > (unsigned long) (av->max_system_mem))
2754 av->max_system_mem = av->system_mem;
2755 check_malloc_state (av);
2757 /* finally, do the allocation */
2758 p = av->top;
2759 size = chunksize (p);
2761 /* check that one of the above allocation paths succeeded */
2762 if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
2764 remainder_size = size - nb;
2765 remainder = chunk_at_offset (p, nb);
2766 av->top = remainder;
2767 set_head (p, nb | PREV_INUSE | (av != &main_arena ? NON_MAIN_ARENA : 0));
2768 set_head (remainder, remainder_size | PREV_INUSE);
2769 check_malloced_chunk (av, p, nb);
2770 return chunk2mem (p);
2773 /* catch all failure paths */
2774 __set_errno (ENOMEM);
2775 return 0;
2780 systrim is an inverse of sorts to sysmalloc. It gives memory back
2781 to the system (via negative arguments to sbrk) if there is unused
2782 memory at the `high' end of the malloc pool. It is called
2783 automatically by free() when top space exceeds the trim
2784 threshold. It is also called by the public malloc_trim routine. It
2785 returns 1 if it actually released any memory, else 0.
2788 static int
2789 systrim (size_t pad, mstate av)
2791 long top_size; /* Amount of top-most memory */
2792 long extra; /* Amount to release */
2793 long released; /* Amount actually released */
2794 char *current_brk; /* address returned by pre-check sbrk call */
2795 char *new_brk; /* address returned by post-check sbrk call */
2796 size_t pagesize;
2797 long top_area;
2799 pagesize = GLRO (dl_pagesize);
2800 top_size = chunksize (av->top);
2802 top_area = top_size - MINSIZE - 1;
2803 if (top_area <= pad)
2804 return 0;
2806 /* Release in pagesize units and round down to the nearest page. */
2807 extra = ALIGN_DOWN(top_area - pad, pagesize);
2809 if (extra == 0)
2810 return 0;
2813 Only proceed if end of memory is where we last set it.
2814 This avoids problems if there were foreign sbrk calls.
2816 current_brk = (char *) (MORECORE (0));
2817 if (current_brk == (char *) (av->top) + top_size)
2820 Attempt to release memory. We ignore MORECORE return value,
2821 and instead call again to find out where new end of memory is.
2822 This avoids problems if first call releases less than we asked,
2823 of if failure somehow altered brk value. (We could still
2824 encounter problems if it altered brk in some very bad way,
2825 but the only thing we can do is adjust anyway, which will cause
2826 some downstream failure.)
2829 MORECORE (-extra);
2830 /* Call the `morecore' hook if necessary. */
2831 void (*hook) (void) = atomic_forced_read (__after_morecore_hook);
2832 if (__builtin_expect (hook != NULL, 0))
2833 (*hook)();
2834 new_brk = (char *) (MORECORE (0));
2836 LIBC_PROBE (memory_sbrk_less, 2, new_brk, extra);
2838 if (new_brk != (char *) MORECORE_FAILURE)
2840 released = (long) (current_brk - new_brk);
2842 if (released != 0)
2844 /* Success. Adjust top. */
2845 av->system_mem -= released;
2846 set_head (av->top, (top_size - released) | PREV_INUSE);
2847 check_malloc_state (av);
2848 return 1;
2852 return 0;
2855 static void
2856 internal_function
2857 munmap_chunk (mchunkptr p)
2859 INTERNAL_SIZE_T size = chunksize (p);
2861 assert (chunk_is_mmapped (p));
2863 /* Do nothing if the chunk is a faked mmapped chunk in the dumped
2864 main arena. We never free this memory. */
2865 if (DUMPED_MAIN_ARENA_CHUNK (p))
2866 return;
2868 uintptr_t block = (uintptr_t) p - prev_size (p);
2869 size_t total_size = prev_size (p) + size;
2870 /* Unfortunately we have to do the compilers job by hand here. Normally
2871 we would test BLOCK and TOTAL-SIZE separately for compliance with the
2872 page size. But gcc does not recognize the optimization possibility
2873 (in the moment at least) so we combine the two values into one before
2874 the bit test. */
2875 if (__builtin_expect (((block | total_size) & (GLRO (dl_pagesize) - 1)) != 0, 0))
2877 malloc_printerr (check_action, "munmap_chunk(): invalid pointer",
2878 chunk2mem (p), NULL);
2879 return;
2882 atomic_decrement (&mp_.n_mmaps);
2883 atomic_add (&mp_.mmapped_mem, -total_size);
2885 /* If munmap failed the process virtual memory address space is in a
2886 bad shape. Just leave the block hanging around, the process will
2887 terminate shortly anyway since not much can be done. */
2888 __munmap ((char *) block, total_size);
2891 #if HAVE_MREMAP
2893 static mchunkptr
2894 internal_function
2895 mremap_chunk (mchunkptr p, size_t new_size)
2897 size_t pagesize = GLRO (dl_pagesize);
2898 INTERNAL_SIZE_T offset = prev_size (p);
2899 INTERNAL_SIZE_T size = chunksize (p);
2900 char *cp;
2902 assert (chunk_is_mmapped (p));
2903 assert (((size + offset) & (GLRO (dl_pagesize) - 1)) == 0);
2905 /* Note the extra SIZE_SZ overhead as in mmap_chunk(). */
2906 new_size = ALIGN_UP (new_size + offset + SIZE_SZ, pagesize);
2908 /* No need to remap if the number of pages does not change. */
2909 if (size + offset == new_size)
2910 return p;
2912 cp = (char *) __mremap ((char *) p - offset, size + offset, new_size,
2913 MREMAP_MAYMOVE);
2915 if (cp == MAP_FAILED)
2916 return 0;
2918 p = (mchunkptr) (cp + offset);
2920 assert (aligned_OK (chunk2mem (p)));
2922 assert (prev_size (p) == offset);
2923 set_head (p, (new_size - offset) | IS_MMAPPED);
2925 INTERNAL_SIZE_T new;
2926 new = atomic_exchange_and_add (&mp_.mmapped_mem, new_size - size - offset)
2927 + new_size - size - offset;
2928 atomic_max (&mp_.max_mmapped_mem, new);
2929 return p;
2931 #endif /* HAVE_MREMAP */
2933 /*------------------------ Public wrappers. --------------------------------*/
2935 #if USE_TCACHE
2937 /* We overlay this structure on the user-data portion of a chunk when
2938 the chunk is stored in the per-thread cache. */
2939 typedef struct tcache_entry
2941 struct tcache_entry *next;
2942 } tcache_entry;
2944 /* There is one of these for each thread, which contains the
2945 per-thread cache (hence "tcache_perthread_struct"). Keeping
2946 overall size low is mildly important. Note that COUNTS and ENTRIES
2947 are redundant (we could have just counted the linked list each
2948 time), this is for performance reasons. */
2949 typedef struct tcache_perthread_struct
2951 char counts[TCACHE_MAX_BINS];
2952 tcache_entry *entries[TCACHE_MAX_BINS];
2953 } tcache_perthread_struct;
2955 static __thread char tcache_shutting_down = 0;
2956 static __thread tcache_perthread_struct *tcache = NULL;
2958 /* Caller must ensure that we know tc_idx is valid and there's room
2959 for more chunks. */
2960 static void
2961 tcache_put (mchunkptr chunk, size_t tc_idx)
2963 tcache_entry *e = (tcache_entry *) chunk2mem (chunk);
2964 assert (tc_idx < TCACHE_MAX_BINS);
2965 e->next = tcache->entries[tc_idx];
2966 tcache->entries[tc_idx] = e;
2967 ++(tcache->counts[tc_idx]);
2970 /* Caller must ensure that we know tc_idx is valid and there's
2971 available chunks to remove. */
2972 static void *
2973 tcache_get (size_t tc_idx)
2975 tcache_entry *e = tcache->entries[tc_idx];
2976 assert (tc_idx < TCACHE_MAX_BINS);
2977 assert (tcache->entries[tc_idx] > 0);
2978 tcache->entries[tc_idx] = e->next;
2979 --(tcache->counts[tc_idx]);
2980 return (void *) e;
2983 static void __attribute__ ((section ("__libc_thread_freeres_fn")))
2984 tcache_thread_freeres (void)
2986 int i;
2987 tcache_perthread_struct *tcache_tmp = tcache;
2989 if (!tcache)
2990 return;
2992 tcache = NULL;
2994 for (i = 0; i < TCACHE_MAX_BINS; ++i)
2996 while (tcache_tmp->entries[i])
2998 tcache_entry *e = tcache_tmp->entries[i];
2999 tcache_tmp->entries[i] = e->next;
3000 __libc_free (e);
3004 __libc_free (tcache_tmp);
3006 tcache_shutting_down = 1;
3008 text_set_element (__libc_thread_subfreeres, tcache_thread_freeres);
3010 static void
3011 tcache_init(void)
3013 mstate ar_ptr;
3014 void *victim = 0;
3015 const size_t bytes = sizeof (tcache_perthread_struct);
3017 if (tcache_shutting_down)
3018 return;
3020 arena_get (ar_ptr, bytes);
3021 victim = _int_malloc (ar_ptr, bytes);
3022 if (!victim && ar_ptr != NULL)
3024 ar_ptr = arena_get_retry (ar_ptr, bytes);
3025 victim = _int_malloc (ar_ptr, bytes);
3029 if (ar_ptr != NULL)
3030 __libc_lock_unlock (ar_ptr->mutex);
3032 /* In a low memory situation, we may not be able to allocate memory
3033 - in which case, we just keep trying later. However, we
3034 typically do this very early, so either there is sufficient
3035 memory, or there isn't enough memory to do non-trivial
3036 allocations anyway. */
3037 if (victim)
3039 tcache = (tcache_perthread_struct *) victim;
3040 memset (tcache, 0, sizeof (tcache_perthread_struct));
3045 #define MAYBE_INIT_TCACHE() \
3046 if (__glibc_unlikely (tcache == NULL)) \
3047 tcache_init();
3049 #else
3050 #define MAYBE_INIT_TCACHE()
3051 #endif
3053 void *
3054 __libc_malloc (size_t bytes)
3056 mstate ar_ptr;
3057 void *victim;
3059 void *(*hook) (size_t, const void *)
3060 = atomic_forced_read (__malloc_hook);
3061 if (__builtin_expect (hook != NULL, 0))
3062 return (*hook)(bytes, RETURN_ADDRESS (0));
3063 #if USE_TCACHE
3064 /* int_free also calls request2size, be careful to not pad twice. */
3065 size_t tbytes = request2size (bytes);
3066 size_t tc_idx = csize2tidx (tbytes);
3068 MAYBE_INIT_TCACHE ();
3070 DIAG_PUSH_NEEDS_COMMENT;
3071 if (tc_idx < mp_.tcache_bins
3072 /*&& tc_idx < TCACHE_MAX_BINS*/ /* to appease gcc */
3073 && tcache
3074 && tcache->entries[tc_idx] != NULL)
3076 return tcache_get (tc_idx);
3078 DIAG_POP_NEEDS_COMMENT;
3079 #endif
3081 arena_get (ar_ptr, bytes);
3083 victim = _int_malloc (ar_ptr, bytes);
3084 /* Retry with another arena only if we were able to find a usable arena
3085 before. */
3086 if (!victim && ar_ptr != NULL)
3088 LIBC_PROBE (memory_malloc_retry, 1, bytes);
3089 ar_ptr = arena_get_retry (ar_ptr, bytes);
3090 victim = _int_malloc (ar_ptr, bytes);
3093 if (ar_ptr != NULL)
3094 __libc_lock_unlock (ar_ptr->mutex);
3096 assert (!victim || chunk_is_mmapped (mem2chunk (victim)) ||
3097 ar_ptr == arena_for_chunk (mem2chunk (victim)));
3098 return victim;
3100 libc_hidden_def (__libc_malloc)
3102 void
3103 __libc_free (void *mem)
3105 mstate ar_ptr;
3106 mchunkptr p; /* chunk corresponding to mem */
3108 void (*hook) (void *, const void *)
3109 = atomic_forced_read (__free_hook);
3110 if (__builtin_expect (hook != NULL, 0))
3112 (*hook)(mem, RETURN_ADDRESS (0));
3113 return;
3116 if (mem == 0) /* free(0) has no effect */
3117 return;
3119 p = mem2chunk (mem);
3121 if (chunk_is_mmapped (p)) /* release mmapped memory. */
3123 /* See if the dynamic brk/mmap threshold needs adjusting.
3124 Dumped fake mmapped chunks do not affect the threshold. */
3125 if (!mp_.no_dyn_threshold
3126 && chunksize_nomask (p) > mp_.mmap_threshold
3127 && chunksize_nomask (p) <= DEFAULT_MMAP_THRESHOLD_MAX
3128 && !DUMPED_MAIN_ARENA_CHUNK (p))
3130 mp_.mmap_threshold = chunksize (p);
3131 mp_.trim_threshold = 2 * mp_.mmap_threshold;
3132 LIBC_PROBE (memory_mallopt_free_dyn_thresholds, 2,
3133 mp_.mmap_threshold, mp_.trim_threshold);
3135 munmap_chunk (p);
3136 return;
3139 MAYBE_INIT_TCACHE ();
3141 ar_ptr = arena_for_chunk (p);
3142 _int_free (ar_ptr, p, 0);
3144 libc_hidden_def (__libc_free)
3146 void *
3147 __libc_realloc (void *oldmem, size_t bytes)
3149 mstate ar_ptr;
3150 INTERNAL_SIZE_T nb; /* padded request size */
3152 void *newp; /* chunk to return */
3154 void *(*hook) (void *, size_t, const void *) =
3155 atomic_forced_read (__realloc_hook);
3156 if (__builtin_expect (hook != NULL, 0))
3157 return (*hook)(oldmem, bytes, RETURN_ADDRESS (0));
3159 #if REALLOC_ZERO_BYTES_FREES
3160 if (bytes == 0 && oldmem != NULL)
3162 __libc_free (oldmem); return 0;
3164 #endif
3166 /* realloc of null is supposed to be same as malloc */
3167 if (oldmem == 0)
3168 return __libc_malloc (bytes);
3170 /* chunk corresponding to oldmem */
3171 const mchunkptr oldp = mem2chunk (oldmem);
3172 /* its size */
3173 const INTERNAL_SIZE_T oldsize = chunksize (oldp);
3175 if (chunk_is_mmapped (oldp))
3176 ar_ptr = NULL;
3177 else
3179 MAYBE_INIT_TCACHE ();
3180 ar_ptr = arena_for_chunk (oldp);
3183 /* Little security check which won't hurt performance: the allocator
3184 never wrapps around at the end of the address space. Therefore
3185 we can exclude some size values which might appear here by
3186 accident or by "design" from some intruder. We need to bypass
3187 this check for dumped fake mmap chunks from the old main arena
3188 because the new malloc may provide additional alignment. */
3189 if ((__builtin_expect ((uintptr_t) oldp > (uintptr_t) -oldsize, 0)
3190 || __builtin_expect (misaligned_chunk (oldp), 0))
3191 && !DUMPED_MAIN_ARENA_CHUNK (oldp))
3193 malloc_printerr (check_action, "realloc(): invalid pointer", oldmem,
3194 ar_ptr);
3195 return NULL;
3198 checked_request2size (bytes, nb);
3200 if (chunk_is_mmapped (oldp))
3202 /* If this is a faked mmapped chunk from the dumped main arena,
3203 always make a copy (and do not free the old chunk). */
3204 if (DUMPED_MAIN_ARENA_CHUNK (oldp))
3206 /* Must alloc, copy, free. */
3207 void *newmem = __libc_malloc (bytes);
3208 if (newmem == 0)
3209 return NULL;
3210 /* Copy as many bytes as are available from the old chunk
3211 and fit into the new size. NB: The overhead for faked
3212 mmapped chunks is only SIZE_SZ, not 2 * SIZE_SZ as for
3213 regular mmapped chunks. */
3214 if (bytes > oldsize - SIZE_SZ)
3215 bytes = oldsize - SIZE_SZ;
3216 memcpy (newmem, oldmem, bytes);
3217 return newmem;
3220 void *newmem;
3222 #if HAVE_MREMAP
3223 newp = mremap_chunk (oldp, nb);
3224 if (newp)
3225 return chunk2mem (newp);
3226 #endif
3227 /* Note the extra SIZE_SZ overhead. */
3228 if (oldsize - SIZE_SZ >= nb)
3229 return oldmem; /* do nothing */
3231 /* Must alloc, copy, free. */
3232 newmem = __libc_malloc (bytes);
3233 if (newmem == 0)
3234 return 0; /* propagate failure */
3236 memcpy (newmem, oldmem, oldsize - 2 * SIZE_SZ);
3237 munmap_chunk (oldp);
3238 return newmem;
3241 __libc_lock_lock (ar_ptr->mutex);
3243 newp = _int_realloc (ar_ptr, oldp, oldsize, nb);
3245 __libc_lock_unlock (ar_ptr->mutex);
3246 assert (!newp || chunk_is_mmapped (mem2chunk (newp)) ||
3247 ar_ptr == arena_for_chunk (mem2chunk (newp)));
3249 if (newp == NULL)
3251 /* Try harder to allocate memory in other arenas. */
3252 LIBC_PROBE (memory_realloc_retry, 2, bytes, oldmem);
3253 newp = __libc_malloc (bytes);
3254 if (newp != NULL)
3256 memcpy (newp, oldmem, oldsize - SIZE_SZ);
3257 _int_free (ar_ptr, oldp, 0);
3261 return newp;
3263 libc_hidden_def (__libc_realloc)
3265 void *
3266 __libc_memalign (size_t alignment, size_t bytes)
3268 void *address = RETURN_ADDRESS (0);
3269 return _mid_memalign (alignment, bytes, address);
3272 static void *
3273 _mid_memalign (size_t alignment, size_t bytes, void *address)
3275 mstate ar_ptr;
3276 void *p;
3278 void *(*hook) (size_t, size_t, const void *) =
3279 atomic_forced_read (__memalign_hook);
3280 if (__builtin_expect (hook != NULL, 0))
3281 return (*hook)(alignment, bytes, address);
3283 /* If we need less alignment than we give anyway, just relay to malloc. */
3284 if (alignment <= MALLOC_ALIGNMENT)
3285 return __libc_malloc (bytes);
3287 /* Otherwise, ensure that it is at least a minimum chunk size */
3288 if (alignment < MINSIZE)
3289 alignment = MINSIZE;
3291 /* If the alignment is greater than SIZE_MAX / 2 + 1 it cannot be a
3292 power of 2 and will cause overflow in the check below. */
3293 if (alignment > SIZE_MAX / 2 + 1)
3295 __set_errno (EINVAL);
3296 return 0;
3299 /* Check for overflow. */
3300 if (bytes > SIZE_MAX - alignment - MINSIZE)
3302 __set_errno (ENOMEM);
3303 return 0;
3307 /* Make sure alignment is power of 2. */
3308 if (!powerof2 (alignment))
3310 size_t a = MALLOC_ALIGNMENT * 2;
3311 while (a < alignment)
3312 a <<= 1;
3313 alignment = a;
3316 arena_get (ar_ptr, bytes + alignment + MINSIZE);
3318 p = _int_memalign (ar_ptr, alignment, bytes);
3319 if (!p && ar_ptr != NULL)
3321 LIBC_PROBE (memory_memalign_retry, 2, bytes, alignment);
3322 ar_ptr = arena_get_retry (ar_ptr, bytes);
3323 p = _int_memalign (ar_ptr, alignment, bytes);
3326 if (ar_ptr != NULL)
3327 __libc_lock_unlock (ar_ptr->mutex);
3329 assert (!p || chunk_is_mmapped (mem2chunk (p)) ||
3330 ar_ptr == arena_for_chunk (mem2chunk (p)));
3331 return p;
3333 /* For ISO C11. */
3334 weak_alias (__libc_memalign, aligned_alloc)
3335 libc_hidden_def (__libc_memalign)
3337 void *
3338 __libc_valloc (size_t bytes)
3340 if (__malloc_initialized < 0)
3341 ptmalloc_init ();
3343 void *address = RETURN_ADDRESS (0);
3344 size_t pagesize = GLRO (dl_pagesize);
3345 return _mid_memalign (pagesize, bytes, address);
3348 void *
3349 __libc_pvalloc (size_t bytes)
3351 if (__malloc_initialized < 0)
3352 ptmalloc_init ();
3354 void *address = RETURN_ADDRESS (0);
3355 size_t pagesize = GLRO (dl_pagesize);
3356 size_t rounded_bytes = ALIGN_UP (bytes, pagesize);
3358 /* Check for overflow. */
3359 if (bytes > SIZE_MAX - 2 * pagesize - MINSIZE)
3361 __set_errno (ENOMEM);
3362 return 0;
3365 return _mid_memalign (pagesize, rounded_bytes, address);
3368 void *
3369 __libc_calloc (size_t n, size_t elem_size)
3371 mstate av;
3372 mchunkptr oldtop, p;
3373 INTERNAL_SIZE_T bytes, sz, csz, oldtopsize;
3374 void *mem;
3375 unsigned long clearsize;
3376 unsigned long nclears;
3377 INTERNAL_SIZE_T *d;
3379 /* size_t is unsigned so the behavior on overflow is defined. */
3380 bytes = n * elem_size;
3381 #define HALF_INTERNAL_SIZE_T \
3382 (((INTERNAL_SIZE_T) 1) << (8 * sizeof (INTERNAL_SIZE_T) / 2))
3383 if (__builtin_expect ((n | elem_size) >= HALF_INTERNAL_SIZE_T, 0))
3385 if (elem_size != 0 && bytes / elem_size != n)
3387 __set_errno (ENOMEM);
3388 return 0;
3392 void *(*hook) (size_t, const void *) =
3393 atomic_forced_read (__malloc_hook);
3394 if (__builtin_expect (hook != NULL, 0))
3396 sz = bytes;
3397 mem = (*hook)(sz, RETURN_ADDRESS (0));
3398 if (mem == 0)
3399 return 0;
3401 return memset (mem, 0, sz);
3404 sz = bytes;
3406 MAYBE_INIT_TCACHE ();
3408 arena_get (av, sz);
3409 if (av)
3411 /* Check if we hand out the top chunk, in which case there may be no
3412 need to clear. */
3413 #if MORECORE_CLEARS
3414 oldtop = top (av);
3415 oldtopsize = chunksize (top (av));
3416 # if MORECORE_CLEARS < 2
3417 /* Only newly allocated memory is guaranteed to be cleared. */
3418 if (av == &main_arena &&
3419 oldtopsize < mp_.sbrk_base + av->max_system_mem - (char *) oldtop)
3420 oldtopsize = (mp_.sbrk_base + av->max_system_mem - (char *) oldtop);
3421 # endif
3422 if (av != &main_arena)
3424 heap_info *heap = heap_for_ptr (oldtop);
3425 if (oldtopsize < (char *) heap + heap->mprotect_size - (char *) oldtop)
3426 oldtopsize = (char *) heap + heap->mprotect_size - (char *) oldtop;
3428 #endif
3430 else
3432 /* No usable arenas. */
3433 oldtop = 0;
3434 oldtopsize = 0;
3436 mem = _int_malloc (av, sz);
3439 assert (!mem || chunk_is_mmapped (mem2chunk (mem)) ||
3440 av == arena_for_chunk (mem2chunk (mem)));
3442 if (mem == 0 && av != NULL)
3444 LIBC_PROBE (memory_calloc_retry, 1, sz);
3445 av = arena_get_retry (av, sz);
3446 mem = _int_malloc (av, sz);
3449 if (av != NULL)
3450 __libc_lock_unlock (av->mutex);
3452 /* Allocation failed even after a retry. */
3453 if (mem == 0)
3454 return 0;
3456 p = mem2chunk (mem);
3458 /* Two optional cases in which clearing not necessary */
3459 if (chunk_is_mmapped (p))
3461 if (__builtin_expect (perturb_byte, 0))
3462 return memset (mem, 0, sz);
3464 return mem;
3467 csz = chunksize (p);
3469 #if MORECORE_CLEARS
3470 if (perturb_byte == 0 && (p == oldtop && csz > oldtopsize))
3472 /* clear only the bytes from non-freshly-sbrked memory */
3473 csz = oldtopsize;
3475 #endif
3477 /* Unroll clear of <= 36 bytes (72 if 8byte sizes). We know that
3478 contents have an odd number of INTERNAL_SIZE_T-sized words;
3479 minimally 3. */
3480 d = (INTERNAL_SIZE_T *) mem;
3481 clearsize = csz - SIZE_SZ;
3482 nclears = clearsize / sizeof (INTERNAL_SIZE_T);
3483 assert (nclears >= 3);
3485 if (nclears > 9)
3486 return memset (d, 0, clearsize);
3488 else
3490 *(d + 0) = 0;
3491 *(d + 1) = 0;
3492 *(d + 2) = 0;
3493 if (nclears > 4)
3495 *(d + 3) = 0;
3496 *(d + 4) = 0;
3497 if (nclears > 6)
3499 *(d + 5) = 0;
3500 *(d + 6) = 0;
3501 if (nclears > 8)
3503 *(d + 7) = 0;
3504 *(d + 8) = 0;
3510 return mem;
3514 ------------------------------ malloc ------------------------------
3517 static void *
3518 _int_malloc (mstate av, size_t bytes)
3520 INTERNAL_SIZE_T nb; /* normalized request size */
3521 unsigned int idx; /* associated bin index */
3522 mbinptr bin; /* associated bin */
3524 mchunkptr victim; /* inspected/selected chunk */
3525 INTERNAL_SIZE_T size; /* its size */
3526 int victim_index; /* its bin index */
3528 mchunkptr remainder; /* remainder from a split */
3529 unsigned long remainder_size; /* its size */
3531 unsigned int block; /* bit map traverser */
3532 unsigned int bit; /* bit map traverser */
3533 unsigned int map; /* current word of binmap */
3535 mchunkptr fwd; /* misc temp for linking */
3536 mchunkptr bck; /* misc temp for linking */
3538 #if USE_TCACHE
3539 size_t tcache_unsorted_count; /* count of unsorted chunks processed */
3540 #endif
3542 const char *errstr = NULL;
3545 Convert request size to internal form by adding SIZE_SZ bytes
3546 overhead plus possibly more to obtain necessary alignment and/or
3547 to obtain a size of at least MINSIZE, the smallest allocatable
3548 size. Also, checked_request2size traps (returning 0) request sizes
3549 that are so large that they wrap around zero when padded and
3550 aligned.
3553 checked_request2size (bytes, nb);
3555 /* There are no usable arenas. Fall back to sysmalloc to get a chunk from
3556 mmap. */
3557 if (__glibc_unlikely (av == NULL))
3559 void *p = sysmalloc (nb, av);
3560 if (p != NULL)
3561 alloc_perturb (p, bytes);
3562 return p;
3566 If the size qualifies as a fastbin, first check corresponding bin.
3567 This code is safe to execute even if av is not yet initialized, so we
3568 can try it without checking, which saves some time on this fast path.
3571 #define REMOVE_FB(fb, victim, pp) \
3572 do \
3574 victim = pp; \
3575 if (victim == NULL) \
3576 break; \
3578 while ((pp = catomic_compare_and_exchange_val_acq (fb, victim->fd, victim)) \
3579 != victim); \
3581 if ((unsigned long) (nb) <= (unsigned long) (get_max_fast ()))
3583 idx = fastbin_index (nb);
3584 mfastbinptr *fb = &fastbin (av, idx);
3585 mchunkptr pp = *fb;
3586 REMOVE_FB (fb, victim, pp);
3587 if (victim != 0)
3589 if (__builtin_expect (fastbin_index (chunksize (victim)) != idx, 0))
3591 errstr = "malloc(): memory corruption (fast)";
3592 errout:
3593 malloc_printerr (check_action, errstr, chunk2mem (victim), av);
3594 return NULL;
3596 check_remalloced_chunk (av, victim, nb);
3597 #if USE_TCACHE
3598 /* While we're here, if we see other chunks of the same size,
3599 stash them in the tcache. */
3600 size_t tc_idx = csize2tidx (nb);
3601 if (tcache && tc_idx < mp_.tcache_bins)
3603 mchunkptr tc_victim;
3605 /* While bin not empty and tcache not full, copy chunks over. */
3606 while (tcache->counts[tc_idx] < mp_.tcache_count
3607 && (pp = *fb) != NULL)
3609 REMOVE_FB (fb, tc_victim, pp);
3610 if (tc_victim != 0)
3612 tcache_put (tc_victim, tc_idx);
3616 #endif
3617 void *p = chunk2mem (victim);
3618 alloc_perturb (p, bytes);
3619 return p;
3624 If a small request, check regular bin. Since these "smallbins"
3625 hold one size each, no searching within bins is necessary.
3626 (For a large request, we need to wait until unsorted chunks are
3627 processed to find best fit. But for small ones, fits are exact
3628 anyway, so we can check now, which is faster.)
3631 if (in_smallbin_range (nb))
3633 idx = smallbin_index (nb);
3634 bin = bin_at (av, idx);
3636 if ((victim = last (bin)) != bin)
3638 if (victim == 0) /* initialization check */
3639 malloc_consolidate (av);
3640 else
3642 bck = victim->bk;
3643 if (__glibc_unlikely (bck->fd != victim))
3645 errstr = "malloc(): smallbin double linked list corrupted";
3646 goto errout;
3648 set_inuse_bit_at_offset (victim, nb);
3649 bin->bk = bck;
3650 bck->fd = bin;
3652 if (av != &main_arena)
3653 set_non_main_arena (victim);
3654 check_malloced_chunk (av, victim, nb);
3655 #if USE_TCACHE
3656 /* While we're here, if we see other chunks of the same size,
3657 stash them in the tcache. */
3658 size_t tc_idx = csize2tidx (nb);
3659 if (tcache && tc_idx < mp_.tcache_bins)
3661 mchunkptr tc_victim;
3663 /* While bin not empty and tcache not full, copy chunks over. */
3664 while (tcache->counts[tc_idx] < mp_.tcache_count
3665 && (tc_victim = last (bin)) != bin)
3667 if (tc_victim != 0)
3669 bck = tc_victim->bk;
3670 set_inuse_bit_at_offset (tc_victim, nb);
3671 if (av != &main_arena)
3672 set_non_main_arena (tc_victim);
3673 bin->bk = bck;
3674 bck->fd = bin;
3676 tcache_put (tc_victim, tc_idx);
3680 #endif
3681 void *p = chunk2mem (victim);
3682 alloc_perturb (p, bytes);
3683 return p;
3689 If this is a large request, consolidate fastbins before continuing.
3690 While it might look excessive to kill all fastbins before
3691 even seeing if there is space available, this avoids
3692 fragmentation problems normally associated with fastbins.
3693 Also, in practice, programs tend to have runs of either small or
3694 large requests, but less often mixtures, so consolidation is not
3695 invoked all that often in most programs. And the programs that
3696 it is called frequently in otherwise tend to fragment.
3699 else
3701 idx = largebin_index (nb);
3702 if (have_fastchunks (av))
3703 malloc_consolidate (av);
3707 Process recently freed or remaindered chunks, taking one only if
3708 it is exact fit, or, if this a small request, the chunk is remainder from
3709 the most recent non-exact fit. Place other traversed chunks in
3710 bins. Note that this step is the only place in any routine where
3711 chunks are placed in bins.
3713 The outer loop here is needed because we might not realize until
3714 near the end of malloc that we should have consolidated, so must
3715 do so and retry. This happens at most once, and only when we would
3716 otherwise need to expand memory to service a "small" request.
3719 #if USE_TCACHE
3720 INTERNAL_SIZE_T tcache_nb = 0;
3721 size_t tc_idx = csize2tidx (nb);
3722 if (tcache && tc_idx < mp_.tcache_bins)
3723 tcache_nb = nb;
3724 int return_cached = 0;
3726 tcache_unsorted_count = 0;
3727 #endif
3729 for (;; )
3731 int iters = 0;
3732 while ((victim = unsorted_chunks (av)->bk) != unsorted_chunks (av))
3734 bck = victim->bk;
3735 if (__builtin_expect (chunksize_nomask (victim) <= 2 * SIZE_SZ, 0)
3736 || __builtin_expect (chunksize_nomask (victim)
3737 > av->system_mem, 0))
3738 malloc_printerr (check_action, "malloc(): memory corruption",
3739 chunk2mem (victim), av);
3740 size = chunksize (victim);
3743 If a small request, try to use last remainder if it is the
3744 only chunk in unsorted bin. This helps promote locality for
3745 runs of consecutive small requests. This is the only
3746 exception to best-fit, and applies only when there is
3747 no exact fit for a small chunk.
3750 if (in_smallbin_range (nb) &&
3751 bck == unsorted_chunks (av) &&
3752 victim == av->last_remainder &&
3753 (unsigned long) (size) > (unsigned long) (nb + MINSIZE))
3755 /* split and reattach remainder */
3756 remainder_size = size - nb;
3757 remainder = chunk_at_offset (victim, nb);
3758 unsorted_chunks (av)->bk = unsorted_chunks (av)->fd = remainder;
3759 av->last_remainder = remainder;
3760 remainder->bk = remainder->fd = unsorted_chunks (av);
3761 if (!in_smallbin_range (remainder_size))
3763 remainder->fd_nextsize = NULL;
3764 remainder->bk_nextsize = NULL;
3767 set_head (victim, nb | PREV_INUSE |
3768 (av != &main_arena ? NON_MAIN_ARENA : 0));
3769 set_head (remainder, remainder_size | PREV_INUSE);
3770 set_foot (remainder, remainder_size);
3772 check_malloced_chunk (av, victim, nb);
3773 void *p = chunk2mem (victim);
3774 alloc_perturb (p, bytes);
3775 return p;
3778 /* remove from unsorted list */
3779 unsorted_chunks (av)->bk = bck;
3780 bck->fd = unsorted_chunks (av);
3782 /* Take now instead of binning if exact fit */
3784 if (size == nb)
3786 set_inuse_bit_at_offset (victim, size);
3787 if (av != &main_arena)
3788 set_non_main_arena (victim);
3789 #if USE_TCACHE
3790 /* Fill cache first, return to user only if cache fills.
3791 We may return one of these chunks later. */
3792 if (tcache_nb
3793 && tcache->counts[tc_idx] < mp_.tcache_count)
3795 tcache_put (victim, tc_idx);
3796 return_cached = 1;
3797 continue;
3799 else
3801 #endif
3802 check_malloced_chunk (av, victim, nb);
3803 void *p = chunk2mem (victim);
3804 alloc_perturb (p, bytes);
3805 return p;
3806 #if USE_TCACHE
3808 #endif
3811 /* place chunk in bin */
3813 if (in_smallbin_range (size))
3815 victim_index = smallbin_index (size);
3816 bck = bin_at (av, victim_index);
3817 fwd = bck->fd;
3819 else
3821 victim_index = largebin_index (size);
3822 bck = bin_at (av, victim_index);
3823 fwd = bck->fd;
3825 /* maintain large bins in sorted order */
3826 if (fwd != bck)
3828 /* Or with inuse bit to speed comparisons */
3829 size |= PREV_INUSE;
3830 /* if smaller than smallest, bypass loop below */
3831 assert (chunk_main_arena (bck->bk));
3832 if ((unsigned long) (size)
3833 < (unsigned long) chunksize_nomask (bck->bk))
3835 fwd = bck;
3836 bck = bck->bk;
3838 victim->fd_nextsize = fwd->fd;
3839 victim->bk_nextsize = fwd->fd->bk_nextsize;
3840 fwd->fd->bk_nextsize = victim->bk_nextsize->fd_nextsize = victim;
3842 else
3844 assert (chunk_main_arena (fwd));
3845 while ((unsigned long) size < chunksize_nomask (fwd))
3847 fwd = fwd->fd_nextsize;
3848 assert (chunk_main_arena (fwd));
3851 if ((unsigned long) size
3852 == (unsigned long) chunksize_nomask (fwd))
3853 /* Always insert in the second position. */
3854 fwd = fwd->fd;
3855 else
3857 victim->fd_nextsize = fwd;
3858 victim->bk_nextsize = fwd->bk_nextsize;
3859 fwd->bk_nextsize = victim;
3860 victim->bk_nextsize->fd_nextsize = victim;
3862 bck = fwd->bk;
3865 else
3866 victim->fd_nextsize = victim->bk_nextsize = victim;
3869 mark_bin (av, victim_index);
3870 victim->bk = bck;
3871 victim->fd = fwd;
3872 fwd->bk = victim;
3873 bck->fd = victim;
3875 #if USE_TCACHE
3876 /* If we've processed as many chunks as we're allowed while
3877 filling the cache, return one of the cached ones. */
3878 ++tcache_unsorted_count;
3879 if (return_cached
3880 && mp_.tcache_unsorted_limit > 0
3881 && tcache_unsorted_count > mp_.tcache_unsorted_limit)
3883 return tcache_get (tc_idx);
3885 #endif
3887 #define MAX_ITERS 10000
3888 if (++iters >= MAX_ITERS)
3889 break;
3892 #if USE_TCACHE
3893 /* If all the small chunks we found ended up cached, return one now. */
3894 if (return_cached)
3896 return tcache_get (tc_idx);
3898 #endif
3901 If a large request, scan through the chunks of current bin in
3902 sorted order to find smallest that fits. Use the skip list for this.
3905 if (!in_smallbin_range (nb))
3907 bin = bin_at (av, idx);
3909 /* skip scan if empty or largest chunk is too small */
3910 if ((victim = first (bin)) != bin
3911 && (unsigned long) chunksize_nomask (victim)
3912 >= (unsigned long) (nb))
3914 victim = victim->bk_nextsize;
3915 while (((unsigned long) (size = chunksize (victim)) <
3916 (unsigned long) (nb)))
3917 victim = victim->bk_nextsize;
3919 /* Avoid removing the first entry for a size so that the skip
3920 list does not have to be rerouted. */
3921 if (victim != last (bin)
3922 && chunksize_nomask (victim)
3923 == chunksize_nomask (victim->fd))
3924 victim = victim->fd;
3926 remainder_size = size - nb;
3927 unlink (av, victim, bck, fwd);
3929 /* Exhaust */
3930 if (remainder_size < MINSIZE)
3932 set_inuse_bit_at_offset (victim, size);
3933 if (av != &main_arena)
3934 set_non_main_arena (victim);
3936 /* Split */
3937 else
3939 remainder = chunk_at_offset (victim, nb);
3940 /* We cannot assume the unsorted list is empty and therefore
3941 have to perform a complete insert here. */
3942 bck = unsorted_chunks (av);
3943 fwd = bck->fd;
3944 if (__glibc_unlikely (fwd->bk != bck))
3946 errstr = "malloc(): corrupted unsorted chunks";
3947 goto errout;
3949 remainder->bk = bck;
3950 remainder->fd = fwd;
3951 bck->fd = remainder;
3952 fwd->bk = remainder;
3953 if (!in_smallbin_range (remainder_size))
3955 remainder->fd_nextsize = NULL;
3956 remainder->bk_nextsize = NULL;
3958 set_head (victim, nb | PREV_INUSE |
3959 (av != &main_arena ? NON_MAIN_ARENA : 0));
3960 set_head (remainder, remainder_size | PREV_INUSE);
3961 set_foot (remainder, remainder_size);
3963 check_malloced_chunk (av, victim, nb);
3964 void *p = chunk2mem (victim);
3965 alloc_perturb (p, bytes);
3966 return p;
3971 Search for a chunk by scanning bins, starting with next largest
3972 bin. This search is strictly by best-fit; i.e., the smallest
3973 (with ties going to approximately the least recently used) chunk
3974 that fits is selected.
3976 The bitmap avoids needing to check that most blocks are nonempty.
3977 The particular case of skipping all bins during warm-up phases
3978 when no chunks have been returned yet is faster than it might look.
3981 ++idx;
3982 bin = bin_at (av, idx);
3983 block = idx2block (idx);
3984 map = av->binmap[block];
3985 bit = idx2bit (idx);
3987 for (;; )
3989 /* Skip rest of block if there are no more set bits in this block. */
3990 if (bit > map || bit == 0)
3994 if (++block >= BINMAPSIZE) /* out of bins */
3995 goto use_top;
3997 while ((map = av->binmap[block]) == 0);
3999 bin = bin_at (av, (block << BINMAPSHIFT));
4000 bit = 1;
4003 /* Advance to bin with set bit. There must be one. */
4004 while ((bit & map) == 0)
4006 bin = next_bin (bin);
4007 bit <<= 1;
4008 assert (bit != 0);
4011 /* Inspect the bin. It is likely to be non-empty */
4012 victim = last (bin);
4014 /* If a false alarm (empty bin), clear the bit. */
4015 if (victim == bin)
4017 av->binmap[block] = map &= ~bit; /* Write through */
4018 bin = next_bin (bin);
4019 bit <<= 1;
4022 else
4024 size = chunksize (victim);
4026 /* We know the first chunk in this bin is big enough to use. */
4027 assert ((unsigned long) (size) >= (unsigned long) (nb));
4029 remainder_size = size - nb;
4031 /* unlink */
4032 unlink (av, victim, bck, fwd);
4034 /* Exhaust */
4035 if (remainder_size < MINSIZE)
4037 set_inuse_bit_at_offset (victim, size);
4038 if (av != &main_arena)
4039 set_non_main_arena (victim);
4042 /* Split */
4043 else
4045 remainder = chunk_at_offset (victim, nb);
4047 /* We cannot assume the unsorted list is empty and therefore
4048 have to perform a complete insert here. */
4049 bck = unsorted_chunks (av);
4050 fwd = bck->fd;
4051 if (__glibc_unlikely (fwd->bk != bck))
4053 errstr = "malloc(): corrupted unsorted chunks 2";
4054 goto errout;
4056 remainder->bk = bck;
4057 remainder->fd = fwd;
4058 bck->fd = remainder;
4059 fwd->bk = remainder;
4061 /* advertise as last remainder */
4062 if (in_smallbin_range (nb))
4063 av->last_remainder = remainder;
4064 if (!in_smallbin_range (remainder_size))
4066 remainder->fd_nextsize = NULL;
4067 remainder->bk_nextsize = NULL;
4069 set_head (victim, nb | PREV_INUSE |
4070 (av != &main_arena ? NON_MAIN_ARENA : 0));
4071 set_head (remainder, remainder_size | PREV_INUSE);
4072 set_foot (remainder, remainder_size);
4074 check_malloced_chunk (av, victim, nb);
4075 void *p = chunk2mem (victim);
4076 alloc_perturb (p, bytes);
4077 return p;
4081 use_top:
4083 If large enough, split off the chunk bordering the end of memory
4084 (held in av->top). Note that this is in accord with the best-fit
4085 search rule. In effect, av->top is treated as larger (and thus
4086 less well fitting) than any other available chunk since it can
4087 be extended to be as large as necessary (up to system
4088 limitations).
4090 We require that av->top always exists (i.e., has size >=
4091 MINSIZE) after initialization, so if it would otherwise be
4092 exhausted by current request, it is replenished. (The main
4093 reason for ensuring it exists is that we may need MINSIZE space
4094 to put in fenceposts in sysmalloc.)
4097 victim = av->top;
4098 size = chunksize (victim);
4100 if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
4102 remainder_size = size - nb;
4103 remainder = chunk_at_offset (victim, nb);
4104 av->top = remainder;
4105 set_head (victim, nb | PREV_INUSE |
4106 (av != &main_arena ? NON_MAIN_ARENA : 0));
4107 set_head (remainder, remainder_size | PREV_INUSE);
4109 check_malloced_chunk (av, victim, nb);
4110 void *p = chunk2mem (victim);
4111 alloc_perturb (p, bytes);
4112 return p;
4115 /* When we are using atomic ops to free fast chunks we can get
4116 here for all block sizes. */
4117 else if (have_fastchunks (av))
4119 malloc_consolidate (av);
4120 /* restore original bin index */
4121 if (in_smallbin_range (nb))
4122 idx = smallbin_index (nb);
4123 else
4124 idx = largebin_index (nb);
4128 Otherwise, relay to handle system-dependent cases
4130 else
4132 void *p = sysmalloc (nb, av);
4133 if (p != NULL)
4134 alloc_perturb (p, bytes);
4135 return p;
4141 ------------------------------ free ------------------------------
4144 static void
4145 _int_free (mstate av, mchunkptr p, int have_lock)
4147 INTERNAL_SIZE_T size; /* its size */
4148 mfastbinptr *fb; /* associated fastbin */
4149 mchunkptr nextchunk; /* next contiguous chunk */
4150 INTERNAL_SIZE_T nextsize; /* its size */
4151 int nextinuse; /* true if nextchunk is used */
4152 INTERNAL_SIZE_T prevsize; /* size of previous contiguous chunk */
4153 mchunkptr bck; /* misc temp for linking */
4154 mchunkptr fwd; /* misc temp for linking */
4156 const char *errstr = NULL;
4157 int locked = 0;
4159 size = chunksize (p);
4161 /* Little security check which won't hurt performance: the
4162 allocator never wrapps around at the end of the address space.
4163 Therefore we can exclude some size values which might appear
4164 here by accident or by "design" from some intruder. */
4165 if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
4166 || __builtin_expect (misaligned_chunk (p), 0))
4168 errstr = "free(): invalid pointer";
4169 errout:
4170 if (!have_lock && locked)
4171 __libc_lock_unlock (av->mutex);
4172 malloc_printerr (check_action, errstr, chunk2mem (p), av);
4173 return;
4175 /* We know that each chunk is at least MINSIZE bytes in size or a
4176 multiple of MALLOC_ALIGNMENT. */
4177 if (__glibc_unlikely (size < MINSIZE || !aligned_OK (size)))
4179 errstr = "free(): invalid size";
4180 goto errout;
4183 check_inuse_chunk(av, p);
4185 #if USE_TCACHE
4187 size_t tc_idx = csize2tidx (size);
4189 if (tcache
4190 && tc_idx < mp_.tcache_bins
4191 && tcache->counts[tc_idx] < mp_.tcache_count)
4193 tcache_put (p, tc_idx);
4194 return;
4197 #endif
4200 If eligible, place chunk on a fastbin so it can be found
4201 and used quickly in malloc.
4204 if ((unsigned long)(size) <= (unsigned long)(get_max_fast ())
4206 #if TRIM_FASTBINS
4208 If TRIM_FASTBINS set, don't place chunks
4209 bordering top into fastbins
4211 && (chunk_at_offset(p, size) != av->top)
4212 #endif
4215 if (__builtin_expect (chunksize_nomask (chunk_at_offset (p, size))
4216 <= 2 * SIZE_SZ, 0)
4217 || __builtin_expect (chunksize (chunk_at_offset (p, size))
4218 >= av->system_mem, 0))
4220 /* We might not have a lock at this point and concurrent modifications
4221 of system_mem might have let to a false positive. Redo the test
4222 after getting the lock. */
4223 if (have_lock
4224 || ({ assert (locked == 0);
4225 __libc_lock_lock (av->mutex);
4226 locked = 1;
4227 chunksize_nomask (chunk_at_offset (p, size)) <= 2 * SIZE_SZ
4228 || chunksize (chunk_at_offset (p, size)) >= av->system_mem;
4231 errstr = "free(): invalid next size (fast)";
4232 goto errout;
4234 if (! have_lock)
4236 __libc_lock_unlock (av->mutex);
4237 locked = 0;
4241 free_perturb (chunk2mem(p), size - 2 * SIZE_SZ);
4243 set_fastchunks(av);
4244 unsigned int idx = fastbin_index(size);
4245 fb = &fastbin (av, idx);
4247 /* Atomically link P to its fastbin: P->FD = *FB; *FB = P; */
4248 mchunkptr old = *fb, old2;
4249 unsigned int old_idx = ~0u;
4252 /* Check that the top of the bin is not the record we are going to add
4253 (i.e., double free). */
4254 if (__builtin_expect (old == p, 0))
4256 errstr = "double free or corruption (fasttop)";
4257 goto errout;
4259 /* Check that size of fastbin chunk at the top is the same as
4260 size of the chunk that we are adding. We can dereference OLD
4261 only if we have the lock, otherwise it might have already been
4262 deallocated. See use of OLD_IDX below for the actual check. */
4263 if (have_lock && old != NULL)
4264 old_idx = fastbin_index(chunksize(old));
4265 p->fd = old2 = old;
4267 while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2)) != old2);
4269 if (have_lock && old != NULL && __builtin_expect (old_idx != idx, 0))
4271 errstr = "invalid fastbin entry (free)";
4272 goto errout;
4277 Consolidate other non-mmapped chunks as they arrive.
4280 else if (!chunk_is_mmapped(p)) {
4281 if (! have_lock) {
4282 __libc_lock_lock (av->mutex);
4283 locked = 1;
4286 nextchunk = chunk_at_offset(p, size);
4288 /* Lightweight tests: check whether the block is already the
4289 top block. */
4290 if (__glibc_unlikely (p == av->top))
4292 errstr = "double free or corruption (top)";
4293 goto errout;
4295 /* Or whether the next chunk is beyond the boundaries of the arena. */
4296 if (__builtin_expect (contiguous (av)
4297 && (char *) nextchunk
4298 >= ((char *) av->top + chunksize(av->top)), 0))
4300 errstr = "double free or corruption (out)";
4301 goto errout;
4303 /* Or whether the block is actually not marked used. */
4304 if (__glibc_unlikely (!prev_inuse(nextchunk)))
4306 errstr = "double free or corruption (!prev)";
4307 goto errout;
4310 nextsize = chunksize(nextchunk);
4311 if (__builtin_expect (chunksize_nomask (nextchunk) <= 2 * SIZE_SZ, 0)
4312 || __builtin_expect (nextsize >= av->system_mem, 0))
4314 errstr = "free(): invalid next size (normal)";
4315 goto errout;
4318 free_perturb (chunk2mem(p), size - 2 * SIZE_SZ);
4320 /* consolidate backward */
4321 if (!prev_inuse(p)) {
4322 prevsize = prev_size (p);
4323 size += prevsize;
4324 p = chunk_at_offset(p, -((long) prevsize));
4325 unlink(av, p, bck, fwd);
4328 if (nextchunk != av->top) {
4329 /* get and clear inuse bit */
4330 nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
4332 /* consolidate forward */
4333 if (!nextinuse) {
4334 unlink(av, nextchunk, bck, fwd);
4335 size += nextsize;
4336 } else
4337 clear_inuse_bit_at_offset(nextchunk, 0);
4340 Place the chunk in unsorted chunk list. Chunks are
4341 not placed into regular bins until after they have
4342 been given one chance to be used in malloc.
4345 bck = unsorted_chunks(av);
4346 fwd = bck->fd;
4347 if (__glibc_unlikely (fwd->bk != bck))
4349 errstr = "free(): corrupted unsorted chunks";
4350 goto errout;
4352 p->fd = fwd;
4353 p->bk = bck;
4354 if (!in_smallbin_range(size))
4356 p->fd_nextsize = NULL;
4357 p->bk_nextsize = NULL;
4359 bck->fd = p;
4360 fwd->bk = p;
4362 set_head(p, size | PREV_INUSE);
4363 set_foot(p, size);
4365 check_free_chunk(av, p);
4369 If the chunk borders the current high end of memory,
4370 consolidate into top
4373 else {
4374 size += nextsize;
4375 set_head(p, size | PREV_INUSE);
4376 av->top = p;
4377 check_chunk(av, p);
4381 If freeing a large space, consolidate possibly-surrounding
4382 chunks. Then, if the total unused topmost memory exceeds trim
4383 threshold, ask malloc_trim to reduce top.
4385 Unless max_fast is 0, we don't know if there are fastbins
4386 bordering top, so we cannot tell for sure whether threshold
4387 has been reached unless fastbins are consolidated. But we
4388 don't want to consolidate on each free. As a compromise,
4389 consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD
4390 is reached.
4393 if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) {
4394 if (have_fastchunks(av))
4395 malloc_consolidate(av);
4397 if (av == &main_arena) {
4398 #ifndef MORECORE_CANNOT_TRIM
4399 if ((unsigned long)(chunksize(av->top)) >=
4400 (unsigned long)(mp_.trim_threshold))
4401 systrim(mp_.top_pad, av);
4402 #endif
4403 } else {
4404 /* Always try heap_trim(), even if the top chunk is not
4405 large, because the corresponding heap might go away. */
4406 heap_info *heap = heap_for_ptr(top(av));
4408 assert(heap->ar_ptr == av);
4409 heap_trim(heap, mp_.top_pad);
4413 if (! have_lock) {
4414 assert (locked);
4415 __libc_lock_unlock (av->mutex);
4419 If the chunk was allocated via mmap, release via munmap().
4422 else {
4423 munmap_chunk (p);
4428 ------------------------- malloc_consolidate -------------------------
4430 malloc_consolidate is a specialized version of free() that tears
4431 down chunks held in fastbins. Free itself cannot be used for this
4432 purpose since, among other things, it might place chunks back onto
4433 fastbins. So, instead, we need to use a minor variant of the same
4434 code.
4436 Also, because this routine needs to be called the first time through
4437 malloc anyway, it turns out to be the perfect place to trigger
4438 initialization code.
4441 static void malloc_consolidate(mstate av)
4443 mfastbinptr* fb; /* current fastbin being consolidated */
4444 mfastbinptr* maxfb; /* last fastbin (for loop control) */
4445 mchunkptr p; /* current chunk being consolidated */
4446 mchunkptr nextp; /* next chunk to consolidate */
4447 mchunkptr unsorted_bin; /* bin header */
4448 mchunkptr first_unsorted; /* chunk to link to */
4450 /* These have same use as in free() */
4451 mchunkptr nextchunk;
4452 INTERNAL_SIZE_T size;
4453 INTERNAL_SIZE_T nextsize;
4454 INTERNAL_SIZE_T prevsize;
4455 int nextinuse;
4456 mchunkptr bck;
4457 mchunkptr fwd;
4460 If max_fast is 0, we know that av hasn't
4461 yet been initialized, in which case do so below
4464 if (get_max_fast () != 0) {
4465 clear_fastchunks(av);
4467 unsorted_bin = unsorted_chunks(av);
4470 Remove each chunk from fast bin and consolidate it, placing it
4471 then in unsorted bin. Among other reasons for doing this,
4472 placing in unsorted bin avoids needing to calculate actual bins
4473 until malloc is sure that chunks aren't immediately going to be
4474 reused anyway.
4477 maxfb = &fastbin (av, NFASTBINS - 1);
4478 fb = &fastbin (av, 0);
4479 do {
4480 p = atomic_exchange_acq (fb, NULL);
4481 if (p != 0) {
4482 do {
4483 check_inuse_chunk(av, p);
4484 nextp = p->fd;
4486 /* Slightly streamlined version of consolidation code in free() */
4487 size = chunksize (p);
4488 nextchunk = chunk_at_offset(p, size);
4489 nextsize = chunksize(nextchunk);
4491 if (!prev_inuse(p)) {
4492 prevsize = prev_size (p);
4493 size += prevsize;
4494 p = chunk_at_offset(p, -((long) prevsize));
4495 unlink(av, p, bck, fwd);
4498 if (nextchunk != av->top) {
4499 nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
4501 if (!nextinuse) {
4502 size += nextsize;
4503 unlink(av, nextchunk, bck, fwd);
4504 } else
4505 clear_inuse_bit_at_offset(nextchunk, 0);
4507 first_unsorted = unsorted_bin->fd;
4508 unsorted_bin->fd = p;
4509 first_unsorted->bk = p;
4511 if (!in_smallbin_range (size)) {
4512 p->fd_nextsize = NULL;
4513 p->bk_nextsize = NULL;
4516 set_head(p, size | PREV_INUSE);
4517 p->bk = unsorted_bin;
4518 p->fd = first_unsorted;
4519 set_foot(p, size);
4522 else {
4523 size += nextsize;
4524 set_head(p, size | PREV_INUSE);
4525 av->top = p;
4528 } while ( (p = nextp) != 0);
4531 } while (fb++ != maxfb);
4533 else {
4534 malloc_init_state(av);
4535 check_malloc_state(av);
4540 ------------------------------ realloc ------------------------------
4543 void*
4544 _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
4545 INTERNAL_SIZE_T nb)
4547 mchunkptr newp; /* chunk to return */
4548 INTERNAL_SIZE_T newsize; /* its size */
4549 void* newmem; /* corresponding user mem */
4551 mchunkptr next; /* next contiguous chunk after oldp */
4553 mchunkptr remainder; /* extra space at end of newp */
4554 unsigned long remainder_size; /* its size */
4556 mchunkptr bck; /* misc temp for linking */
4557 mchunkptr fwd; /* misc temp for linking */
4559 unsigned long copysize; /* bytes to copy */
4560 unsigned int ncopies; /* INTERNAL_SIZE_T words to copy */
4561 INTERNAL_SIZE_T* s; /* copy source */
4562 INTERNAL_SIZE_T* d; /* copy destination */
4564 const char *errstr = NULL;
4566 /* oldmem size */
4567 if (__builtin_expect (chunksize_nomask (oldp) <= 2 * SIZE_SZ, 0)
4568 || __builtin_expect (oldsize >= av->system_mem, 0))
4570 errstr = "realloc(): invalid old size";
4571 errout:
4572 malloc_printerr (check_action, errstr, chunk2mem (oldp), av);
4573 return NULL;
4576 check_inuse_chunk (av, oldp);
4578 /* All callers already filter out mmap'ed chunks. */
4579 assert (!chunk_is_mmapped (oldp));
4581 next = chunk_at_offset (oldp, oldsize);
4582 INTERNAL_SIZE_T nextsize = chunksize (next);
4583 if (__builtin_expect (chunksize_nomask (next) <= 2 * SIZE_SZ, 0)
4584 || __builtin_expect (nextsize >= av->system_mem, 0))
4586 errstr = "realloc(): invalid next size";
4587 goto errout;
4590 if ((unsigned long) (oldsize) >= (unsigned long) (nb))
4592 /* already big enough; split below */
4593 newp = oldp;
4594 newsize = oldsize;
4597 else
4599 /* Try to expand forward into top */
4600 if (next == av->top &&
4601 (unsigned long) (newsize = oldsize + nextsize) >=
4602 (unsigned long) (nb + MINSIZE))
4604 set_head_size (oldp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0));
4605 av->top = chunk_at_offset (oldp, nb);
4606 set_head (av->top, (newsize - nb) | PREV_INUSE);
4607 check_inuse_chunk (av, oldp);
4608 return chunk2mem (oldp);
4611 /* Try to expand forward into next chunk; split off remainder below */
4612 else if (next != av->top &&
4613 !inuse (next) &&
4614 (unsigned long) (newsize = oldsize + nextsize) >=
4615 (unsigned long) (nb))
4617 newp = oldp;
4618 unlink (av, next, bck, fwd);
4621 /* allocate, copy, free */
4622 else
4624 newmem = _int_malloc (av, nb - MALLOC_ALIGN_MASK);
4625 if (newmem == 0)
4626 return 0; /* propagate failure */
4628 newp = mem2chunk (newmem);
4629 newsize = chunksize (newp);
4632 Avoid copy if newp is next chunk after oldp.
4634 if (newp == next)
4636 newsize += oldsize;
4637 newp = oldp;
4639 else
4642 Unroll copy of <= 36 bytes (72 if 8byte sizes)
4643 We know that contents have an odd number of
4644 INTERNAL_SIZE_T-sized words; minimally 3.
4647 copysize = oldsize - SIZE_SZ;
4648 s = (INTERNAL_SIZE_T *) (chunk2mem (oldp));
4649 d = (INTERNAL_SIZE_T *) (newmem);
4650 ncopies = copysize / sizeof (INTERNAL_SIZE_T);
4651 assert (ncopies >= 3);
4653 if (ncopies > 9)
4654 memcpy (d, s, copysize);
4656 else
4658 *(d + 0) = *(s + 0);
4659 *(d + 1) = *(s + 1);
4660 *(d + 2) = *(s + 2);
4661 if (ncopies > 4)
4663 *(d + 3) = *(s + 3);
4664 *(d + 4) = *(s + 4);
4665 if (ncopies > 6)
4667 *(d + 5) = *(s + 5);
4668 *(d + 6) = *(s + 6);
4669 if (ncopies > 8)
4671 *(d + 7) = *(s + 7);
4672 *(d + 8) = *(s + 8);
4678 _int_free (av, oldp, 1);
4679 check_inuse_chunk (av, newp);
4680 return chunk2mem (newp);
4685 /* If possible, free extra space in old or extended chunk */
4687 assert ((unsigned long) (newsize) >= (unsigned long) (nb));
4689 remainder_size = newsize - nb;
4691 if (remainder_size < MINSIZE) /* not enough extra to split off */
4693 set_head_size (newp, newsize | (av != &main_arena ? NON_MAIN_ARENA : 0));
4694 set_inuse_bit_at_offset (newp, newsize);
4696 else /* split remainder */
4698 remainder = chunk_at_offset (newp, nb);
4699 set_head_size (newp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0));
4700 set_head (remainder, remainder_size | PREV_INUSE |
4701 (av != &main_arena ? NON_MAIN_ARENA : 0));
4702 /* Mark remainder as inuse so free() won't complain */
4703 set_inuse_bit_at_offset (remainder, remainder_size);
4704 _int_free (av, remainder, 1);
4707 check_inuse_chunk (av, newp);
4708 return chunk2mem (newp);
4712 ------------------------------ memalign ------------------------------
4715 static void *
4716 _int_memalign (mstate av, size_t alignment, size_t bytes)
4718 INTERNAL_SIZE_T nb; /* padded request size */
4719 char *m; /* memory returned by malloc call */
4720 mchunkptr p; /* corresponding chunk */
4721 char *brk; /* alignment point within p */
4722 mchunkptr newp; /* chunk to return */
4723 INTERNAL_SIZE_T newsize; /* its size */
4724 INTERNAL_SIZE_T leadsize; /* leading space before alignment point */
4725 mchunkptr remainder; /* spare room at end to split off */
4726 unsigned long remainder_size; /* its size */
4727 INTERNAL_SIZE_T size;
4731 checked_request2size (bytes, nb);
4734 Strategy: find a spot within that chunk that meets the alignment
4735 request, and then possibly free the leading and trailing space.
4739 /* Call malloc with worst case padding to hit alignment. */
4741 m = (char *) (_int_malloc (av, nb + alignment + MINSIZE));
4743 if (m == 0)
4744 return 0; /* propagate failure */
4746 p = mem2chunk (m);
4748 if ((((unsigned long) (m)) % alignment) != 0) /* misaligned */
4750 { /*
4751 Find an aligned spot inside chunk. Since we need to give back
4752 leading space in a chunk of at least MINSIZE, if the first
4753 calculation places us at a spot with less than MINSIZE leader,
4754 we can move to the next aligned spot -- we've allocated enough
4755 total room so that this is always possible.
4757 brk = (char *) mem2chunk (((unsigned long) (m + alignment - 1)) &
4758 - ((signed long) alignment));
4759 if ((unsigned long) (brk - (char *) (p)) < MINSIZE)
4760 brk += alignment;
4762 newp = (mchunkptr) brk;
4763 leadsize = brk - (char *) (p);
4764 newsize = chunksize (p) - leadsize;
4766 /* For mmapped chunks, just adjust offset */
4767 if (chunk_is_mmapped (p))
4769 set_prev_size (newp, prev_size (p) + leadsize);
4770 set_head (newp, newsize | IS_MMAPPED);
4771 return chunk2mem (newp);
4774 /* Otherwise, give back leader, use the rest */
4775 set_head (newp, newsize | PREV_INUSE |
4776 (av != &main_arena ? NON_MAIN_ARENA : 0));
4777 set_inuse_bit_at_offset (newp, newsize);
4778 set_head_size (p, leadsize | (av != &main_arena ? NON_MAIN_ARENA : 0));
4779 _int_free (av, p, 1);
4780 p = newp;
4782 assert (newsize >= nb &&
4783 (((unsigned long) (chunk2mem (p))) % alignment) == 0);
4786 /* Also give back spare room at the end */
4787 if (!chunk_is_mmapped (p))
4789 size = chunksize (p);
4790 if ((unsigned long) (size) > (unsigned long) (nb + MINSIZE))
4792 remainder_size = size - nb;
4793 remainder = chunk_at_offset (p, nb);
4794 set_head (remainder, remainder_size | PREV_INUSE |
4795 (av != &main_arena ? NON_MAIN_ARENA : 0));
4796 set_head_size (p, nb);
4797 _int_free (av, remainder, 1);
4801 check_inuse_chunk (av, p);
4802 return chunk2mem (p);
4807 ------------------------------ malloc_trim ------------------------------
4810 static int
4811 mtrim (mstate av, size_t pad)
4813 /* Don't touch corrupt arenas. */
4814 if (arena_is_corrupt (av))
4815 return 0;
4817 /* Ensure initialization/consolidation */
4818 malloc_consolidate (av);
4820 const size_t ps = GLRO (dl_pagesize);
4821 int psindex = bin_index (ps);
4822 const size_t psm1 = ps - 1;
4824 int result = 0;
4825 for (int i = 1; i < NBINS; ++i)
4826 if (i == 1 || i >= psindex)
4828 mbinptr bin = bin_at (av, i);
4830 for (mchunkptr p = last (bin); p != bin; p = p->bk)
4832 INTERNAL_SIZE_T size = chunksize (p);
4834 if (size > psm1 + sizeof (struct malloc_chunk))
4836 /* See whether the chunk contains at least one unused page. */
4837 char *paligned_mem = (char *) (((uintptr_t) p
4838 + sizeof (struct malloc_chunk)
4839 + psm1) & ~psm1);
4841 assert ((char *) chunk2mem (p) + 4 * SIZE_SZ <= paligned_mem);
4842 assert ((char *) p + size > paligned_mem);
4844 /* This is the size we could potentially free. */
4845 size -= paligned_mem - (char *) p;
4847 if (size > psm1)
4849 #if MALLOC_DEBUG
4850 /* When debugging we simulate destroying the memory
4851 content. */
4852 memset (paligned_mem, 0x89, size & ~psm1);
4853 #endif
4854 __madvise (paligned_mem, size & ~psm1, MADV_DONTNEED);
4856 result = 1;
4862 #ifndef MORECORE_CANNOT_TRIM
4863 return result | (av == &main_arena ? systrim (pad, av) : 0);
4865 #else
4866 return result;
4867 #endif
4872 __malloc_trim (size_t s)
4874 int result = 0;
4876 if (__malloc_initialized < 0)
4877 ptmalloc_init ();
4879 mstate ar_ptr = &main_arena;
4882 __libc_lock_lock (ar_ptr->mutex);
4883 result |= mtrim (ar_ptr, s);
4884 __libc_lock_unlock (ar_ptr->mutex);
4886 ar_ptr = ar_ptr->next;
4888 while (ar_ptr != &main_arena);
4890 return result;
4895 ------------------------- malloc_usable_size -------------------------
4898 static size_t
4899 musable (void *mem)
4901 mchunkptr p;
4902 if (mem != 0)
4904 p = mem2chunk (mem);
4906 if (__builtin_expect (using_malloc_checking == 1, 0))
4907 return malloc_check_get_size (p);
4909 if (chunk_is_mmapped (p))
4911 if (DUMPED_MAIN_ARENA_CHUNK (p))
4912 return chunksize (p) - SIZE_SZ;
4913 else
4914 return chunksize (p) - 2 * SIZE_SZ;
4916 else if (inuse (p))
4917 return chunksize (p) - SIZE_SZ;
4919 return 0;
4923 size_t
4924 __malloc_usable_size (void *m)
4926 size_t result;
4928 result = musable (m);
4929 return result;
4933 ------------------------------ mallinfo ------------------------------
4934 Accumulate malloc statistics for arena AV into M.
4937 static void
4938 int_mallinfo (mstate av, struct mallinfo *m)
4940 size_t i;
4941 mbinptr b;
4942 mchunkptr p;
4943 INTERNAL_SIZE_T avail;
4944 INTERNAL_SIZE_T fastavail;
4945 int nblocks;
4946 int nfastblocks;
4948 /* Ensure initialization */
4949 if (av->top == 0)
4950 malloc_consolidate (av);
4952 check_malloc_state (av);
4954 /* Account for top */
4955 avail = chunksize (av->top);
4956 nblocks = 1; /* top always exists */
4958 /* traverse fastbins */
4959 nfastblocks = 0;
4960 fastavail = 0;
4962 for (i = 0; i < NFASTBINS; ++i)
4964 for (p = fastbin (av, i); p != 0; p = p->fd)
4966 ++nfastblocks;
4967 fastavail += chunksize (p);
4971 avail += fastavail;
4973 /* traverse regular bins */
4974 for (i = 1; i < NBINS; ++i)
4976 b = bin_at (av, i);
4977 for (p = last (b); p != b; p = p->bk)
4979 ++nblocks;
4980 avail += chunksize (p);
4984 m->smblks += nfastblocks;
4985 m->ordblks += nblocks;
4986 m->fordblks += avail;
4987 m->uordblks += av->system_mem - avail;
4988 m->arena += av->system_mem;
4989 m->fsmblks += fastavail;
4990 if (av == &main_arena)
4992 m->hblks = mp_.n_mmaps;
4993 m->hblkhd = mp_.mmapped_mem;
4994 m->usmblks = 0;
4995 m->keepcost = chunksize (av->top);
5000 struct mallinfo
5001 __libc_mallinfo (void)
5003 struct mallinfo m;
5004 mstate ar_ptr;
5006 if (__malloc_initialized < 0)
5007 ptmalloc_init ();
5009 memset (&m, 0, sizeof (m));
5010 ar_ptr = &main_arena;
5013 __libc_lock_lock (ar_ptr->mutex);
5014 int_mallinfo (ar_ptr, &m);
5015 __libc_lock_unlock (ar_ptr->mutex);
5017 ar_ptr = ar_ptr->next;
5019 while (ar_ptr != &main_arena);
5021 return m;
5025 ------------------------------ malloc_stats ------------------------------
5028 void
5029 __malloc_stats (void)
5031 int i;
5032 mstate ar_ptr;
5033 unsigned int in_use_b = mp_.mmapped_mem, system_b = in_use_b;
5035 if (__malloc_initialized < 0)
5036 ptmalloc_init ();
5037 _IO_flockfile (stderr);
5038 int old_flags2 = ((_IO_FILE *) stderr)->_flags2;
5039 ((_IO_FILE *) stderr)->_flags2 |= _IO_FLAGS2_NOTCANCEL;
5040 for (i = 0, ar_ptr = &main_arena;; i++)
5042 struct mallinfo mi;
5044 memset (&mi, 0, sizeof (mi));
5045 __libc_lock_lock (ar_ptr->mutex);
5046 int_mallinfo (ar_ptr, &mi);
5047 fprintf (stderr, "Arena %d:\n", i);
5048 fprintf (stderr, "system bytes = %10u\n", (unsigned int) mi.arena);
5049 fprintf (stderr, "in use bytes = %10u\n", (unsigned int) mi.uordblks);
5050 #if MALLOC_DEBUG > 1
5051 if (i > 0)
5052 dump_heap (heap_for_ptr (top (ar_ptr)));
5053 #endif
5054 system_b += mi.arena;
5055 in_use_b += mi.uordblks;
5056 __libc_lock_unlock (ar_ptr->mutex);
5057 ar_ptr = ar_ptr->next;
5058 if (ar_ptr == &main_arena)
5059 break;
5061 fprintf (stderr, "Total (incl. mmap):\n");
5062 fprintf (stderr, "system bytes = %10u\n", system_b);
5063 fprintf (stderr, "in use bytes = %10u\n", in_use_b);
5064 fprintf (stderr, "max mmap regions = %10u\n", (unsigned int) mp_.max_n_mmaps);
5065 fprintf (stderr, "max mmap bytes = %10lu\n",
5066 (unsigned long) mp_.max_mmapped_mem);
5067 ((_IO_FILE *) stderr)->_flags2 |= old_flags2;
5068 _IO_funlockfile (stderr);
5073 ------------------------------ mallopt ------------------------------
5075 static inline int
5076 __always_inline
5077 do_set_trim_threshold (size_t value)
5079 LIBC_PROBE (memory_mallopt_trim_threshold, 3, value, mp_.trim_threshold,
5080 mp_.no_dyn_threshold);
5081 mp_.trim_threshold = value;
5082 mp_.no_dyn_threshold = 1;
5083 return 1;
5086 static inline int
5087 __always_inline
5088 do_set_top_pad (size_t value)
5090 LIBC_PROBE (memory_mallopt_top_pad, 3, value, mp_.top_pad,
5091 mp_.no_dyn_threshold);
5092 mp_.top_pad = value;
5093 mp_.no_dyn_threshold = 1;
5094 return 1;
5097 static inline int
5098 __always_inline
5099 do_set_mmap_threshold (size_t value)
5101 /* Forbid setting the threshold too high. */
5102 if (value <= HEAP_MAX_SIZE / 2)
5104 LIBC_PROBE (memory_mallopt_mmap_threshold, 3, value, mp_.mmap_threshold,
5105 mp_.no_dyn_threshold);
5106 mp_.mmap_threshold = value;
5107 mp_.no_dyn_threshold = 1;
5108 return 1;
5110 return 0;
5113 static inline int
5114 __always_inline
5115 do_set_mmaps_max (int32_t value)
5117 LIBC_PROBE (memory_mallopt_mmap_max, 3, value, mp_.n_mmaps_max,
5118 mp_.no_dyn_threshold);
5119 mp_.n_mmaps_max = value;
5120 mp_.no_dyn_threshold = 1;
5121 return 1;
5124 static inline int
5125 __always_inline
5126 do_set_mallopt_check (int32_t value)
5128 LIBC_PROBE (memory_mallopt_check_action, 2, value, check_action);
5129 check_action = value;
5130 return 1;
5133 static inline int
5134 __always_inline
5135 do_set_perturb_byte (int32_t value)
5137 LIBC_PROBE (memory_mallopt_perturb, 2, value, perturb_byte);
5138 perturb_byte = value;
5139 return 1;
5142 static inline int
5143 __always_inline
5144 do_set_arena_test (size_t value)
5146 LIBC_PROBE (memory_mallopt_arena_test, 2, value, mp_.arena_test);
5147 mp_.arena_test = value;
5148 return 1;
5151 static inline int
5152 __always_inline
5153 do_set_arena_max (size_t value)
5155 LIBC_PROBE (memory_mallopt_arena_max, 2, value, mp_.arena_max);
5156 mp_.arena_max = value;
5157 return 1;
5160 #if USE_TCACHE
5161 static inline int
5162 __always_inline
5163 do_set_tcache_max (size_t value)
5165 if (value >= 0 && value <= MAX_TCACHE_SIZE)
5167 LIBC_PROBE (memory_tunable_tcache_max_bytes, 2, value, mp_.tcache_max_bytes);
5168 mp_.tcache_max_bytes = value;
5169 mp_.tcache_bins = csize2tidx (request2size(value)) + 1;
5171 return 1;