| blob | 96104c8d57c170ff00d7507fbf086c3a235cdadd |
2 /*--------------------------------------------------------------------*/
3 /*--- An implementation of malloc/free which doesn't use sbrk. ---*/
4 /*--- m_mallocfree.c ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of Valgrind, a dynamic binary instrumentation
9 framework.
11 Copyright (C) 2000-2017 Julian Seward
12 jseward@acm.org
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, see <http://www.gnu.org/licenses/>.
27 The GNU General Public License is contained in the file COPYING.
28 */
46 #if defined(ENABLE_INNER_CLIENT_REQUEST)
48 #endif
50 // #define DEBUG_MALLOC // turn on heavyweight debugging machinery
51 // #define VERBOSE_MALLOC // make verbose, esp. in debugging machinery
53 /* Number and total size of blocks in free queue. Used by mallinfo(). */
59 /*------------------------------------------------------------*/
60 /*--- Main types ---*/
61 /*------------------------------------------------------------*/
65 // The amount you can ask for is limited only by sizeof(SizeT)...
66 #define MAX_PSZB (~((SizeT)0x0))
68 // Each arena has a sorted array of superblocks, which expands
69 // dynamically. This is its initial size.
70 #define SBLOCKS_SIZE_INITIAL 50
74 /* Layout of an in-use block:
76 cost center (OPTIONAL) (VG_MIN_MALLOC_SZB bytes, only when h-p enabled)
77 this block total szB (sizeof(SizeT) bytes)
78 red zone bytes (depends on Arena.rz_szB, but >= sizeof(void*))
79 (payload bytes)
80 red zone bytes (depends on Arena.rz_szB, but >= sizeof(void*))
81 this block total szB (sizeof(SizeT) bytes)
83 Layout of a block on the free list:
85 cost center (OPTIONAL) (VG_MIN_MALLOC_SZB bytes, only when h-p enabled)
86 this block total szB (sizeof(SizeT) bytes)
87 freelist previous ptr (sizeof(void*) bytes)
88 excess red zone bytes (if Arena.rz_szB > sizeof(void*))
89 (payload bytes)
90 excess red zone bytes (if Arena.rz_szB > sizeof(void*))
91 freelist next ptr (sizeof(void*) bytes)
92 this block total szB (sizeof(SizeT) bytes)
94 Total size in bytes (bszB) and payload size in bytes (pszB)
95 are related by:
97 bszB == pszB + 2*sizeof(SizeT) + 2*a->rz_szB
99 when heap profiling is not enabled, and
101 bszB == pszB + 2*sizeof(SizeT) + 2*a->rz_szB + VG_MIN_MALLOC_SZB
103 when it is enabled. It follows that the minimum overhead per heap
104 block for arenas used by the core is:
106 32-bit platforms: 2*4 + 2*4 == 16 bytes
107 64-bit platforms: 2*8 + 2*8 == 32 bytes
109 when heap profiling is not enabled, and
111 32-bit platforms: 2*4 + 2*4 + 8 == 24 bytes
112 64-bit platforms: 2*8 + 2*8 + 16 == 48 bytes
114 when it is enabled. In all cases, extra overhead may be incurred
115 when rounding the payload size up to VG_MIN_MALLOC_SZB.
117 Furthermore, both size fields in the block have their least-significant
118 bit set if the block is not in use, and unset if it is in use.
119 (The bottom 3 or so bits are always free for this because of alignment.)
120 A block size of zero is not possible, because a block always has at
121 least two SizeTs and two pointers of overhead.
123 Nb: All Block payloads must be VG_MIN_MALLOC_SZB-aligned. This is
124 achieved by ensuring that Superblocks are VG_MIN_MALLOC_SZB-aligned
125 (see newSuperblock() for how), and that the lengths of the following
126 things are a multiple of VG_MIN_MALLOC_SZB:
127 - Superblock admin section lengths (due to elastic padding)
128 - Block admin section (low and high) lengths (due to elastic redzones)
129 - Block payload lengths (due to req_pszB rounding up)
131 The heap-profile cost-center field is 8 bytes even on 32 bit
132 platforms. This is so as to keep the payload field 8-aligned. On
133 a 64-bit platform, this cc-field contains a pointer to a const
134 HChar*, which is the cost center name. On 32-bit platforms, the
135 pointer lives in the lower-addressed half of the field, regardless
136 of the endianness of the host.
137 */
138 typedef
140 // No fields are actually used in this struct, because a Block has
141 // many variable sized fields and so can't be accessed
142 // meaningfully with normal fields. So we use access functions all
143 // the time. This struct gives us a type to use, though. Also, we
144 // make sizeof(Block) 1 byte so that we can do arithmetic with the
145 // Block* type in increments of 1!
146 UByte dummy;
147 }
148 Block;
150 /* Ensure that Block payloads can be safely cast to various pointers below. */
153 // A superblock. 'padding' is never used, it just ensures that if the
154 // entire Superblock is aligned to VG_MIN_MALLOC_SZB, then payload_bytes[]
155 // will be too. It can add small amounts of padding unnecessarily -- eg.
156 // 8-bytes on 32-bit machines with an 8-byte VG_MIN_MALLOC_SZB -- because
157 // it's too hard to make a constant expression that works perfectly in all
158 // cases.
159 // 'unsplittable' is set to NULL if superblock can be split, otherwise
160 // it is set to the address of the superblock. An unsplittable superblock
161 // will contain only one allocated block. An unsplittable superblock will
162 // be unmapped when its (only) allocated block is freed.
163 // The free space at the end of an unsplittable superblock is not used to
164 // make a free block. Note that this means that an unsplittable superblock can
165 // have up to slightly less than 1 page of unused bytes at the end of the
166 // superblock.
167 // 'unsplittable' is used to avoid quadratic memory usage for linear
168 // reallocation of big structures
169 // (see http://bugs.kde.org/show_bug.cgi?id=250101).
170 // ??? unsplittable replaces 'void *padding2'. Choosed this
171 // ??? to avoid changing the alignment logic. Maybe something cleaner
172 // ??? can be done.
173 // A splittable block can be reclaimed when all its blocks are freed :
174 // the reclaim of such a block is deferred till either another superblock
175 // of the same arena can be reclaimed or till a new superblock is needed
176 // in any arena.
177 // payload_bytes[] is made a single big Block when the Superblock is
178 // created, and then can be split and the splittings remerged, but Blocks
179 // always cover its entire length -- there's never any unused bytes at the
180 // end, for example.
181 typedef
183 SizeT n_payload_bytes;
187 VG_MIN_MALLOC_SZB) ];
189 }
190 Superblock;
192 // An arena. 'freelist' is a circular, doubly-linked list. 'rz_szB' is
193 // elastic, in that it can be bigger than asked-for to ensure alignment.
194 typedef
200 SizeT min_unsplittable_sblock_szB;
201 // Minimum unsplittable superblock size in bytes. To be marked as
202 // unsplittable, a superblock must have a
203 // size >= min_unsplittable_sblock_szB and cannot be split.
204 // So, to avoid big overhead, superblocks used to provide aligned
205 // blocks on big alignments are splittable.
206 // Unsplittable superblocks will be reclaimed when their (only)
207 // allocated block is freed.
208 // Smaller size superblocks are splittable and can be reclaimed when all
209 // their blocks are freed.
211 // A dynamically expanding, ordered array of (pointers to)
212 // superblocks in the arena. If this array is expanded, which
213 // is rare, the previous space it occupies is simply abandoned.
214 // To avoid having to get yet another block from m_aspacemgr for
215 // the first incarnation of this array, the first allocation of
216 // it is within this struct. If it has to be expanded then the
217 // new space is acquired from m_aspacemgr as you would expect.
219 SizeT sblocks_size;
220 SizeT sblocks_used;
224 // VG_(arena_perm_malloc) returns memory from superblocks
225 // only used for permanent blocks. No overhead. These superblocks
226 // are not stored in sblocks array above.
230 // Stats only
231 SizeT stats__perm_bytes_on_loan;
232 SizeT stats__perm_blocks;
234 ULong stats__nreclaim_unsplit;
235 ULong stats__nreclaim_split;
236 /* total # of reclaim executed for unsplittable/splittable superblocks */
237 SizeT stats__bytes_on_loan;
238 SizeT stats__bytes_mmaped;
239 SizeT stats__bytes_on_loan_max;
243 // If profiling, when should the next profile happen at
244 // (in terms of stats__bytes_on_loan_max) ?
245 SizeT next_profile_at;
246 SizeT stats__bytes_mmaped_max;
247 }
248 Arena;
251 /*------------------------------------------------------------*/
252 /*--- Low-level functions for working with Blocks. ---*/
253 /*------------------------------------------------------------*/
255 #define SIZE_T_0x1 ((SizeT)0x1)
263 // Mark a bszB as in-use, and not in-use, and remove the in-use attribute.
264 static __inline__
266 {
269 }
270 static __inline__
272 {
275 }
276 static __inline__
278 {
281 }
283 // Forward definition.
284 static
287 // return either 0 or sizeof(ULong) depending on whether or not
288 // heap profiling is engaged
289 #define hp_overhead_szB() set_at_init_hp_overhead_szB
291 // startup value chosen to very likely cause a problem if used before
292 // a proper value is given by ensure_mm_init.
294 //---------------------------------------------------------------------------
296 // Get a block's size as stored, ie with the in-use/free attribute.
297 static __inline__
299 {
308 }
310 // Get a block's plain size, ie. remove the in-use/free attribute.
311 static __inline__
313 {
315 }
317 // Set the size fields of a block. bszB may have the in-use/free attribute.
318 static __inline__
320 {
324 }
326 //---------------------------------------------------------------------------
328 // Does this block have the in-use attribute?
329 static __inline__
331 {
335 }
337 //---------------------------------------------------------------------------
339 // Return the lower, upper and total overhead in bytes for a block.
340 // These are determined purely by which arena the block lives in.
341 static __inline__
343 {
345 }
346 static __inline__
348 {
350 }
351 static __inline__
353 {
355 }
357 //---------------------------------------------------------------------------
359 // Return the minimum bszB for a block in this arena. Can have zero-length
360 // payloads, so it's the size of the admin bytes.
361 static __inline__
363 {
365 }
367 //---------------------------------------------------------------------------
369 // Convert payload size <--> block size (both in bytes).
370 static __inline__
372 {
374 }
375 static __inline__
377 {
380 }
382 //---------------------------------------------------------------------------
384 // Get a block's payload size.
385 static __inline__
387 {
389 }
391 //---------------------------------------------------------------------------
393 // Given the addr of a block, return the addr of its payload, and vice versa.
394 static __inline__
396 {
399 }
400 // Given the addr of a block's payload, return the addr of the block itself.
401 static __inline__
403 {
405 }
407 //---------------------------------------------------------------------------
409 // Set and get the next and previous link fields of a block.
410 static __inline__
412 {
415 }
416 static __inline__
418 {
422 }
423 static __inline__
425 {
428 }
429 static __inline__
431 {
435 }
437 //---------------------------------------------------------------------------
439 // Set and get the cost-center field of a block.
440 static __inline__
442 {
446 }
447 static __inline__
449 {
453 }
455 //---------------------------------------------------------------------------
457 // Get the block immediately preceding this one in the Superblock.
458 static __inline__
460 {
464 }
466 //---------------------------------------------------------------------------
468 // Read and write the lower and upper red-zone bytes of a block.
469 static __inline__
471 {
474 }
475 static __inline__
477 {
480 }
481 static __inline__
483 {
486 }
487 static __inline__
489 {
492 }
494 #if defined(ENABLE_INNER_CLIENT_REQUEST)
495 /* When running as an inner, the block headers before and after
496 (see 'Layout of an in-use block:' above) are made non accessible
497 by VALGRIND_MALLOCLIKE_BLOCK/VALGRIND_FREELIKE_BLOCK
498 to allow the outer to detect block overrun.
499 The below two functions are used when these headers must be
500 temporarily accessed. */
502 {
507 }
509 /* Mark block hdr as not accessible.
510 !!! Currently, we do not mark the cost center and szB fields unaccessible
511 as these are accessed at too many places. */
513 {
518 }
520 /* Make the cc+szB fields accessible. */
522 {
525 /* We cannot use get_bszB(b), as this reads the 'hi' szB we want
526 to mark accessible. So, we only access the 'lo' szB. */
530 }
531 #endif
533 /*------------------------------------------------------------*/
534 /*--- Arena management ---*/
535 /*------------------------------------------------------------*/
537 #define CORE_ARENA_MIN_SZB 1048576
539 // The arena structures themselves.
542 // Functions external to this module identify arenas using ArenaIds,
543 // not Arena*s. This fn converts the former to the latter.
545 {
548 }
551 {
555 }
557 // Initialise an arena. rz_szB is the (default) minimum redzone size;
558 // It might be overridden by VG_(clo_redzone_size) or VG_(clo_core_redzone_size).
559 // it might be made bigger to ensure that VG_MIN_MALLOC_SZB is observed.
560 static
563 {
564 SizeT i;
567 // Ensure default redzones are a reasonable size.
570 /* Override the default redzone size if a clo value was given.
571 Note that the clo value can be significantly bigger than MAX_REDZONE_SZB
572 to allow the user to chase horrible bugs using up to 1 page
573 of protection. */
580 }
582 // Redzones must always be at least the size of a pointer, for holding the
583 // prev/next pointer (see the layout details at the top of this file).
586 // The size of the low and high admin sections in a block must be a
587 // multiple of VG_MIN_MALLOC_SZB. So we round up the asked-for
588 // redzone size if necessary to achieve this.
593 // Here we have established the effective redzone size.
624 }
626 /* Print vital stats for an arena. */
628 {
629 UInt i;
633 "%-8s: %'13lu/%'13lu max/curr mmap'd, "
634 "%llu/%llu unsplit/split sb unmmap'd, "
635 "%'13lu/%'13lu max/curr, "
636 "%10llu/%10llu totalloc-blocks/bytes,"
645 a->rz_szB
646 );
647 }
648 }
651 {
652 UInt i;
656 }
657 }
660 /* This library is self-initialising, as it makes this more self-contained,
661 less coupled with the outside world. Hence VG_(arena_malloc)() and
662 VG_(arena_free)() below always call ensure_mm_init() to ensure things are
663 correctly initialised.
665 We initialise the client arena separately (and later) because the core
666 must do non-client allocation before the tool has a chance to set the
667 client arena's redzone size.
668 */
672 static
674 {
677 /* We use checked red zones (of various sizes) for our internal stuff,
678 and an unchecked zone of arbitrary size for the client. Of
679 course the client's red zone can be checked by the tool, eg.
680 by using addressibility maps, but not by the mechanism implemented
681 here, which merely checks at the time of freeing that the red
682 zone bytes are unchanged.
684 Nb: redzone sizes are *minimums*; they could be made bigger to ensure
685 alignment. Eg. with 8 byte alignment, on 32-bit machines 4 stays as
686 4, but 16 becomes 20; but on 64-bit machines 4 becomes 8, and 16
687 stays as 16 --- the extra 4 bytes in both are accounted for by the
688 larger prev/next ptr.
689 */
691 Int ar_client_sbszB;
693 // This assertion ensures that a tool cannot try to change the client
694 // redzone size with VG_(needs_malloc_replacement)() after this module
695 // has done its first allocation from the client arena.
699 }
701 // Check and set the client arena redzone size
709 }
710 }
711 // Initialise the client arena. On all platforms,
712 // increasing the superblock size reduces the number of superblocks
713 // in the client arena, which makes findSb cheaper.
715 // superblocks with a size > ar_client_sbszB will be unsplittable
716 // (unless used for providing memalign-ed blocks).
724 }
725 set_at_init_hp_overhead_szB =
727 // Initialise the non-client arenas
728 // Similarly to client arena, big allocations will be unsplittable.
738 }
740 # ifdef DEBUG_MALLOC
744 # endif
745 }
748 /*------------------------------------------------------------*/
749 /*--- Superblock management ---*/
750 /*------------------------------------------------------------*/
754 {
756 // We try once to output the full memory state followed by the below message.
757 // If that fails (due to out of memory during first trial), we try to just
758 // output the below message.
759 // And then we abandon.
790 outputTrial++;
791 // First print the memory stats with the aspacemgr data.
796 // And then print some other information that might help.
802 /* In case we are an inner valgrind, asks the outer to report
803 its memory state in its log output. */
806 }
807 outputTrial++;
817 }
820 }
823 // Align ptr p upwards to an align-sized boundary.
824 static
826 {
830 }
832 // Forward definition.
833 static
836 // If not enough memory available, either aborts (for non-client memory)
837 // or returns 0 (for client memory).
838 static
840 {
842 SysRes sres;
843 Bool unsplittable;
844 ArenaId aid;
846 // A new superblock is needed for arena a. We will execute the deferred
847 // reclaim in all arenas in order to minimise fragmentation and
848 // peak memory usage.
853 }
855 // Take into account admin bytes in the Superblock.
863 else
868 // client allocation -- return 0 to client if it fails
875 // non-client allocation -- abort if it fails
879 /* NOTREACHED */
883 }
884 }
899 }
901 // Reclaims the given superblock:
902 // * removes sb from arena sblocks list.
903 // * munmap the superblock segment.
904 static
906 {
907 SysRes sres;
908 SizeT cszB;
917 // Take into account admin bytes in the Superblock.
920 // removes sb from superblock list.
924 }
930 // paranoia: NULLify ptr to reclaimed sb or NULLify copy of ptr to last sb.
935 else
938 // Now that the sb is removed from the list, mnumap its space.
940 // reclaimable client allocation
944 /* We somewhat help the client by discarding the range.
945 Note however that if the client has JITted some code in
946 a small block that was freed, we do not provide this
947 'discard support' */
948 /* JRS 2011-Sept-26: it would be nice to move the discard
949 outwards somewhat (in terms of calls) so as to make it easier
950 to verify that there will be no nonterminating recursive set
951 of calls a result of calling VG_(discard_translations).
952 Another day, perhaps. */
956 // reclaimable non-client allocation
959 }
961 }
963 // Find the superblock containing the given chunk.
964 static
966 {
978 {
984 }
985 }
990 }
993 // Find the superblock containing the given address.
994 // If superblock not found, return NULL.
995 static
997 {
1014 }
1015 }
1017 }
1020 /*------------------------------------------------------------*/
1021 /*--- Functions for working with freelists. ---*/
1022 /*------------------------------------------------------------*/
1024 #if defined(__clang__)
1025 /* The nicely aligned 'returns' in the function below produce
1026 * misleading indentation warnings. Rather than turn the
1027 * warning off globally, just turn it off for the block of code. */
1028 #pragma clang diagnostic push
1030 #endif
1032 // Nb: Determination of which freelist a block lives on is based on the
1033 // payload size, not block size.
1035 // Convert a payload size in bytes to a freelist number.
1038 {
1045 /* -- Exponential slope up, factor 1.05 -- */
1053 }
1063 }
1064 }
1073 /* -- Exponential slope up, factor 1.10 -- */
1076 }
1086 }
1087 }
1088 }
1100 }
1105 /* -- Exponential slope up, factor 1.20 -- */
1111 }
1112 }
1123 }
1133 }
1134 }
1135 }
1136 }
1137 /*NOTREACHED*/
1139 }
1141 #if defined(__clang__)
1142 #pragma clang diagnostic pop
1143 #endif
1147 {
1151 // The first 64 lists hold blocks of size VG_MIN_MALLOC_SZB * list_num.
1152 // The final 48 hold bigger blocks and are dealt with by the _SLOW
1153 // case.
1158 }
1159 }
1161 // What is the minimum payload size for a given list?
1162 static
1164 {
1165 /* Repeatedly computing this function at every request is
1166 expensive. Hence at the first call just cache the result for
1167 every possible argument. */
1171 UInt i;
1177 }
1179 }
1180 /* Returned cached answer. */
1183 }
1185 // What is the maximum payload size for a given list?
1186 static
1188 {
1194 }
1195 }
1198 /* A nasty hack to try and reduce fragmentation. Try and replace
1199 a->freelist[lno] with another block on the same list but with a
1200 lower address, with the idea of attempting to recycle the same
1201 blocks rather than cruise through the address space. */
1202 static
1204 {
1208 UInt i;
1215 // This loop bound was 20 for a long time, but experiments showed that
1216 // reducing it to 10 gave the same result in all the tests, and 5 got the
1217 // same result in 85--100% of cases. And it's called often enough to be
1218 // noticeable in programs that allocated a lot.
1224 }
1226 # ifdef VERBOSE_MALLOC
1228 # endif
1230 }
1231 }
1234 /*------------------------------------------------------------*/
1235 /*--- Sanity-check/debugging machinery. ---*/
1236 /*------------------------------------------------------------*/
1238 #define REDZONE_LO_MASK 0x31
1239 #define REDZONE_HI_MASK 0x7c
1241 // Do some crude sanity checks on a Block.
1242 static
1244 {
1246 UInt i;
1247 // The lo and hi size fields will be checked (indirectly) by the call
1248 // to get_rz_hi_byte().
1250 // In the inner, for memcheck sake, temporarily mark redzone accessible.
1259 }
1261 }
1263 # undef BLEAT
1264 }
1266 // Sanity checks on a Block inside an unsplittable superblock
1267 static
1269 {
1284 // b must be first block (i.e. no unused bytes at the beginning)
1288 // b must be last block (i.e. no unused bytes at the end)
1294 # undef BLEAT
1295 }
1297 // Print superblocks (only for debugging).
1298 static
1300 {
1302 SizeT b_bszB;
1317 }
1319 }
1321 }
1323 // Sanity check both the superblocks and the chains.
1325 {
1332 SizeT arena_bytes_on_loan;
1339 // Check the superblock array.
1340 sblockarrOK
1349 BOMB;
1350 }
1352 // First, traverse all the superblocks, inspecting the Blocks in each.
1358 superblockctr++;
1360 blockctr_sb++;
1366 BOMB;
1367 }
1372 BOMB;
1373 }
1378 }
1382 BOMB;
1383 }
1384 }
1389 # ifdef VERBOSE_MALLOC
1391 "arena_bytes_on_loan %lu: "
1393 # endif
1395 BOMB;
1396 }
1398 /* Second, traverse each list, checking that the back pointers make
1399 sense, counting blocks encountered, and checking that each block
1400 is an appropriate size for this list. */
1414 BOMB;
1415 }
1419 "sanity_check_malloc_arena: list %u at %p: "
1422 BOMB;
1423 }
1424 blockctr_li++;
1426 }
1427 }
1430 # ifdef VERBOSE_MALLOC
1434 # endif
1436 BOMB;
1437 }
1441 "%-8s: %2u sbs, %5u bs, %2u/%-2u free bs, "
1444 superblockctr,
1447 # undef BOMB
1448 }
1451 #define N_AN_CCS 1000
1454 ULong nBytes;
1455 ULong nBlocks;
1461 /* Sorting by decreasing cost center nBytes, to have the biggest
1462 cost centres at the top. */
1469 }
1472 {
1477 SizeT b_bszB;
1481 //return;
1484 /* arena is not in use, is not initialised and will fail the
1485 sanity check that follows. */
1487 }
1493 "%llu/%llu unsplit/split sb unmmap'd, "
1498 a->rz_szB
1499 );
1511 }
1517 }
1524 else
1536 }
1541 n_ccs++;
1545 }
1550 }
1555 }
1556 }
1563 n_ccs++;
1564 }
1571 }
1574 }
1578 {
1579 UInt i;
1584 }
1585 }
1588 {
1589 UInt i;
1599 Word j;
1600 SizeT b_bszB;
1610 }
1616 }
1617 }
1623 }
1625 /*------------------------------------------------------------*/
1626 /*--- Creating and deleting blocks. ---*/
1627 /*------------------------------------------------------------*/
1629 // Mark the bytes at b .. b+bszB-1 as not in use, and add them to the
1630 // relevant free list.
1632 static
1634 {
1638 // Set the size fields and indicate not-in-use.
1641 // Add to the relevant list.
1653 }
1654 # ifdef DEBUG_MALLOC
1656 # endif
1657 }
1659 // Mark the bytes at b .. b+bszB-1 as in use, and set up the block
1660 // appropriately.
1661 static
1663 {
1664 UInt i;
1674 }
1675 }
1676 # ifdef DEBUG_MALLOC
1678 # endif
1679 }
1681 // Mark the bytes at b .. b+bszB-1 as being part of a block that has been shrunk.
1682 static
1684 {
1685 UInt i;
1694 }
1695 }
1698 # ifdef DEBUG_MALLOC
1700 # endif
1701 }
1703 // Remove a block from a given list. Does no sanity checking.
1704 static
1706 {
1709 // Only one element in the list; treat it specially.
1719 }
1722 }
1725 /*------------------------------------------------------------*/
1726 /*--- Core-visible functions. ---*/
1727 /*------------------------------------------------------------*/
1729 // Align the request size.
1730 static __inline__
1732 {
1735 }
1737 static
1739 {
1744 /* next profile after 10% more growth */
1745 a->next_profile_at
1750 }
1751 }
1754 }
1756 /* Allocate a piece of memory of req_pszB bytes on the given arena.
1757 The function may return NULL if (and only if) aid == VG_AR_CLIENT.
1758 Otherwise, the function returns a non-NULL value. */
1760 {
1776 // You must provide a cost-center name against which to charge
1777 // this allocation; it isn't optional.
1780 // Scan through all the big-enough freelists for a block.
1781 //
1782 // Nb: this scanning might be expensive in some cases. Eg. if you
1783 // allocate lots of small objects without freeing them, but no
1784 // medium-sized objects, it will repeatedly scanning through the whole
1785 // list, and each time not find any free blocks until the last element.
1786 //
1787 // If this becomes a noticeable problem... the loop answers the question
1788 // "where is the first nonempty list above me?" And most of the time,
1789 // you ask the same question and get the same answer. So it would be
1790 // good to somehow cache the results of previous searches.
1791 // One possibility is an array (with N_MALLOC_LISTS elements) of
1792 // shortcuts. shortcut[i] would give the index number of the nearest
1793 // larger list above list i which is non-empty. Then this loop isn't
1794 // necessary. However, we'd have to modify some section [ .. i-1] of the
1795 // shortcut array every time a list [i] changes from empty to nonempty or
1796 // back. This would require care to avoid pathological worst-case
1797 // behaviour.
1798 //
1804 stats__nsearches++;
1805 nsearches_this_level++;
1808 /* Avoid excessive scanning on this freelist, and instead
1809 try the next one up. But first, move this freelist's
1810 start pointer one element along, so as to ensure that
1811 subsequent searches of this list don't endlessly
1812 revisit only these 100 elements, but in fact slowly
1813 progress through the entire list. */
1818 }
1823 }
1824 }
1826 // If we reach here, no suitable block found, allocate a new superblock
1830 // Should only fail if for client, otherwise, should have aborted
1831 // already.
1834 }
1845 /* NOTREACHED */
1846 }
1855 }
1865 }
1867 }
1876 // fall through
1878 obtained_block:
1879 // Ok, we can allocate from b, which lives in list lno.
1884 // req_bszB is the size of the block we are after. b_bszB is the
1885 // size of what we've actually got. */
1888 // Could we split this block and still get a useful fragment?
1889 // A block in an unsplittable superblock can never be split.
1893 // Yes, split block in two, put the fragment on the appropriate free
1894 // list, and update b_bszB accordingly.
1895 // printf( "split %dB into %dB and %dB\n", b_bszB, req_bszB, frag_bszB );
1906 // No, mark as in use and use as-is.
1911 }
1913 // Update stats
1918 # ifdef DEBUG_MALLOC
1920 # endif
1925 // Which size should we pass to VALGRIND_MALLOCLIKE_BLOCK ?
1926 // We have 2 possible options:
1927 // 1. The final resulting usable size.
1928 // 2. The initial (non-aligned) req_pszB.
1929 // Memcheck implements option 2 easily, as the initial requested size
1930 // is maintained in the mc_chunk data structure.
1931 // This is not as easy in the core, as there is no such structure.
1932 // (note: using the aligned req_pszB is not simpler than 2, as
1933 // requesting an aligned req_pszB might still be satisfied by returning
1934 // a (slightly) bigger block than requested if the remaining part of
1935 // of a free block is not big enough to make a free block by itself).
1936 // Implement Sol 2 can be done the following way:
1937 // After having called VALGRIND_MALLOCLIKE_BLOCK, the non accessible
1938 // redzone just after the block can be used to determine the
1939 // initial requested size.
1940 // Currently, not implemented => we use Option 1.
1941 INNER_REQUEST
1946 /* For debugging/testing purposes, fill the newly allocated area
1947 with a definite value in an attempt to shake out any
1948 uninitialised uses of the data (by V core / V tools, not by the
1949 client). Testing on 25 Nov 07 with the values 0x00, 0xFF, 0x55,
1950 0xAA showed no differences in the regression tests on
1951 amd64-linux. Note, is disabled by default. */
1956 }
1958 // If arena has already a deferred reclaimed superblock and
1959 // this superblock is still reclaimable, then this superblock is first
1960 // reclaimed.
1961 // sb becomes then the new arena deferred superblock.
1962 // Passing NULL as sb allows to reclaim a deferred sb without setting a new
1963 // deferred reclaim.
1964 static
1966 {
1970 // no deferred sb to reclaim now, nothing to do in the future =>
1971 // return directly.
1975 "deferred_reclaimSuperblock NULL "
1981 "deferred_reclaimSuperblock at %p (pszB %7lu) %s "
1989 // If we are deferring another block that the current block deferred,
1990 // then if this block can stil be reclaimed, reclaim it now.
1991 // Note that we might have a re-deferred reclaim of the same block
1992 // with a sequence: free (causing a deferred reclaim of sb)
1993 // alloc (using a piece of memory of the deferred sb)
1994 // free of the just alloc-ed block (causing a re-defer).
2006 // Check if the deferred_reclaimed_sb is still reclaimable.
2007 // If yes, we will execute the reclaim.
2009 // b (at the beginning of def_sb) is not in use.
2010 UInt b_listno;
2015 // b (not in use) covers the full superblock.
2016 // => def_sb is still reclaimable
2017 // => execute now the reclaim of this def_sb.
2022 }
2023 }
2024 }
2026 // sb (possibly NULL) becomes the new deferred reclaimed superblock.
2028 }
2030 /* b must be a free block, of size b_bszB.
2031 If b is followed by another free block, merge them.
2032 If b is preceded by another free block, merge them.
2033 If the merge results in the superblock being fully free,
2034 deferred_reclaimSuperblock the superblock. */
2037 {
2041 SizeT other_bszB;
2042 UInt b_listno;
2049 // See if this block can be merged with its successor.
2050 // First test if we're far enough before the superblock's end to possibly
2051 // have a successor.
2054 // Ok, we have a successor, merge if it's not in use.
2057 // VG_(printf)( "merge-successor\n");
2058 # ifdef DEBUG_MALLOC
2060 # endif
2069 }
2071 // Not enough space for successor: check that b is the last block
2072 // ie. there are no unused bytes at the end of the Superblock.
2074 }
2076 // Then see if this block can be merged with its predecessor.
2077 // First test if we're far enough after the superblock's start to possibly
2078 // have a predecessor.
2080 // Ok, we have a predecessor, merge if it's not in use.
2084 // VG_(printf)( "merge-predecessor\n");
2094 }
2096 // Not enough space for predecessor: check that b is the first block,
2097 // ie. there are no unused bytes at the start of the Superblock.
2099 }
2101 /* If the block b just merged is the only block of the superblock sb,
2102 then we defer reclaim sb. */
2105 }
2106 }
2109 {
2113 UInt b_listno;
2121 }
2125 /* If this is one of V's areas, check carefully the block we're
2126 getting back. This picks up simple block-end overruns. */
2136 /* If this is one of V's areas, fill it up with junk to enhance the
2137 chances of catching any later reads of it. Note, 0xDD is
2138 carefully chosen junk :-), in that: (1) 0xDDDDDDDD is an invalid
2139 and non-word-aligned address on most systems, and (2) 0xDD is a
2140 value which is unlikely to be generated by the new compressed
2141 Vbits representation for memcheck. */
2146 // Put this chunk back on a list somewhere.
2152 /* Possibly merge b with its predecessor or successor. */
2155 // Inform that ptr has been released. We give redzone size
2156 // 0 instead of a->rz_szB as proper accessibility is done just after.
2159 // We need to (re-)establish the minimum accessibility needed
2160 // for free list management. E.g. if block ptr has been put in a free
2161 // list and a neighbour block is released afterwards, the
2162 // "lo" and "hi" portions of the block ptr will be accessed to
2163 // glue the 2 blocks together.
2164 // We could mark the whole block as not accessible, and each time
2165 // transiently mark accessible the needed lo/hi parts. Not done as this
2166 // is quite complex, for very little expected additional bug detection.
2167 // fully unaccessible. Note that the below marks the (possibly) merged
2168 // block, not the block corresponding to the ptr argument.
2170 // First mark the whole block unaccessible.
2172 // Then mark the relevant administrative headers as defined.
2173 // No need to mark the heap profile portion as defined, this is not
2174 // used for free blocks.
2183 // Inform that ptr has been released. Redzone size value
2184 // is not relevant (so we give 0 instead of a->rz_szB)
2185 // as it is expected that the aspacemgr munmap will be used by
2186 // outer to mark the whole superblock as unaccessible.
2189 // Reclaim immediately the unsplittable superblock sb.
2191 }
2193 # ifdef DEBUG_MALLOC
2195 # endif
2197 }
2200 /*
2201 The idea for malloc_aligned() is to allocate a big block, base, and
2202 then split it into two parts: frag, which is returned to the free
2203 pool, and align, which is the bit we're really after. Here's
2204 a picture. L and H denote the block lower and upper overheads, in
2205 bytes. The details are gruesome. Note it is slightly complicated
2206 because the initial request to generate base may return a bigger
2207 block than we asked for, so it is important to distinguish the base
2208 request size and the base actual size.
2210 frag_b align_b
2211 | |
2212 | frag_p | align_p
2213 | | | |
2214 v v v v
2216 +---+ +---+---+ +---+
2217 | L |----------------| H | L |---------------| H |
2218 +---+ +---+---+ +---+
2220 ^ ^ ^
2221 | | :
2222 | base_p this addr must be aligned
2223 |
2224 base_b
2226 . . . . . . .
2227 <------ frag_bszB -------> . . .
2228 . <------------- base_pszB_act -----------> .
2229 . . . . . . .
2231 */
2234 {
2238 SizeT saved_bytes_on_loan;
2246 // You must provide a cost-center name against which to charge
2247 // this allocation; it isn't optional.
2250 // Check that the requested alignment has a plausible size.
2251 // Check that the requested alignment seems reasonable; that is, is
2252 // a power of 2.
2259 /*NOTREACHED*/
2260 }
2267 /*NOTREACHED*/
2268 }
2275 /*NOTREACHED*/
2276 }
2277 // Paranoid
2280 /* Required payload size for the aligned chunk. */
2283 /* Payload size to request for the big block that we will split up. */
2286 /* Payload ptr for the block we are going to split. Note this
2287 changes a->bytes_on_loan; we save and restore it ourselves. */
2289 {
2290 /* As we will split the block given back by VG_(arena_malloc),
2291 we have to (temporarily) disable unsplittable for this arena,
2292 as unsplittable superblocks cannot be split. */
2293 const SizeT save_min_unsplittable_sblock_szB
2298 }
2301 /* Give up if we couldn't allocate enough space */
2304 /* base_p was marked as allocated by VALGRIND_MALLOCLIKE_BLOCK
2305 inside VG_(arena_malloc). We need to indicate it is free, then
2306 we need to mark it undefined to allow the below code to access is. */
2310 /* Block ptr for the block we are going to split. */
2313 /* Pointer to the payload of the aligned block we are going to
2314 return. This has to be suitably aligned. */
2317 req_alignB );
2320 /* The block size of the fragment we will create. This must be big
2321 enough to actually create a fragment. */
2326 /* The actual payload size of the block we are going to split. */
2329 /* Create the fragment block, and put it back on the relevant free list. */
2335 /* Create the aligned block. */
2337 base_p + base_pszB_act
2342 /* Final sanity checks. */
2350 }
2351 /* a->stats__tot_blocks, a->stats__tot_bytes, a->stats__nsearches
2352 are updated by the call to VG_(arena_malloc) just a few lines
2353 above. So we don't need to update them here. */
2355 # ifdef DEBUG_MALLOC
2357 # endif
2365 }
2369 {
2373 }
2376 // Implementation of mallinfo(). There is no recent standard that defines
2377 // the behavior of mallinfo(). The meaning of the fields in struct mallinfo
2378 // is as follows:
2379 //
2380 // struct mallinfo {
2381 // int arena; /* total space in arena */
2382 // int ordblks; /* number of ordinary blocks */
2383 // int smblks; /* number of small blocks */
2384 // int hblks; /* number of holding blocks */
2385 // int hblkhd; /* space in holding block headers */
2386 // int usmblks; /* space in small blocks in use */
2387 // int fsmblks; /* space in free small blocks */
2388 // int uordblks; /* space in ordinary blocks in use */
2389 // int fordblks; /* space in free ordinary blocks */
2390 // int keepcost; /* space penalty if keep option */
2391 // /* is used */
2392 // };
2393 //
2394 // The glibc documentation about mallinfo (which is somewhat outdated) can
2395 // be found here:
2396 // http://www.gnu.org/software/libtool/manual/libc/Statistics-of-Malloc.html
2397 //
2398 // See also http://bugs.kde.org/show_bug.cgi?id=160956.
2399 //
2400 // Regarding the implementation of VG_(mallinfo)(): we cannot return the
2401 // whole struct as the library function does, because this is called by a
2402 // client request. So instead we use a pointer to do call by reference.
2404 {
2408 // Traverse free list and calculate free blocks statistics.
2409 // This may seem slow but glibc works the same way.
2415 free_blocks++;
2419 }
2420 }
2422 // We don't have fastbins so smblks & fsmblks are always 0. Also we don't
2423 // have a separate mmap allocator so set hblks & hblkhd to 0.
2434 }
2437 {
2439 /* ensure_mm_init will call arena_init if not yet done.
2440 This then ensures that the arena redzone size is properly
2441 initialised. */
2443 }
2445 /*------------------------------------------------------------*/
2446 /*--- Services layered on top of malloc/free. ---*/
2447 /*------------------------------------------------------------*/
2451 {
2452 SizeT size;
2464 }
2469 {
2471 SizeT old_pszB;
2482 }
2487 }
2497 }
2506 }
2511 {
2515 SizeT old_pszB;
2535 Addr frag;
2544 SysRes sres;
2549 INNER_REQUEST
2551 old_pszB,
2554 /* Have the minimum admin headers needed accessibility. */
2560 "shrink superblock %p to (pszB %7lu) "
2568 frag,
2569 frag_bszB);
2573 frag_bszB);
2574 }
2579 }
2589 INNER_REQUEST
2591 old_pszB,
2594 /* Have the minimum admin headers needed accessibility. */
2599 /* Mark the admin headers as accessible. */
2603 /* Possibly merge &b[req_bszB] with its free neighbours. */
2608 }
2611 # ifdef DEBUG_MALLOC
2613 # endif
2614 }
2616 /* Inline just for the wrapper VG_(strdup) below */
2619 {
2620 Int i;
2621 Int len;
2633 }
2636 {
2646 // Get a superblock, but we will not insert it into the superblock list.
2647 // The superblock structure is not needed, so we will use the full
2648 // memory range of it. This superblock is however counted in the
2649 // mmaped statistics.
2653 // We do not mind starting allocating from the beginning of the superblock
2654 // as afterwards, we "lose" it as a superblock.
2656 }
2664 }
2666 /*------------------------------------------------------------*/
2667 /*--- Tool-visible functions. ---*/
2668 /*------------------------------------------------------------*/
2670 // All just wrappers to avoid exposing arenas to tools.
2672 // This function never returns NULL.
2674 {
2676 }
2679 {
2681 }
2684 {
2686 }
2689 {
2691 }
2694 {
2696 }
2699 {
2701 }
2704 {
2706 }
2709 /*--------------------------------------------------------------------*/
2710 /*--- end ---*/
2711 /*--------------------------------------------------------------------*/