1 /* Malloc implementation for multiple threads without lock contention.
2 Copyright (C) 1996, 1997 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>
5 and Doug Lea <dl@cs.oswego.edu>, 1996.
7 The GNU C Library is free software; you can redistribute it and/or
8 modify it under the terms of the GNU Library General Public License as
9 published by the Free Software Foundation; either version 2 of the
10 License, or (at your option) any later version.
12 The GNU C Library is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Library General Public License for more details.
17 You should have received a copy of the GNU Library General Public
18 License along with the GNU C Library; see the file COPYING.LIB. If not,
19 write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
20 Boston, MA 02111-1307, USA. */
22 /* V2.6.4-pt3 Thu Feb 20 1997
24 This work is mainly derived from malloc-2.6.4 by Doug Lea
25 <dl@cs.oswego.edu>, which is available from:
27 ftp://g.oswego.edu/pub/misc/malloc.c
29 Most of the original comments are reproduced in the code below.
31 * Why use this malloc?
33 This is not the fastest, most space-conserving, most portable, or
34 most tunable malloc ever written. However it is among the fastest
35 while also being among the most space-conserving, portable and tunable.
36 Consistent balance across these factors results in a good general-purpose
37 allocator. For a high-level description, see
38 http://g.oswego.edu/dl/html/malloc.html
40 On many systems, the standard malloc implementation is by itself not
41 thread-safe, and therefore wrapped with a single global lock around
42 all malloc-related functions. In some applications, especially with
43 multiple available processors, this can lead to contention problems
44 and bad performance. This malloc version was designed with the goal
45 to avoid waiting for locks as much as possible. Statistics indicate
46 that this goal is achieved in many cases.
48 * Synopsis of public routines
50 (Much fuller descriptions are contained in the program documentation below.)
53 Initialize global configuration. When compiled for multiple threads,
54 this function must be called once before any other function in the
55 package. It is not required otherwise. It is called automatically
56 in the Linux/GNU C libray or when compiling with MALLOC_HOOKS.
58 Return a pointer to a newly allocated chunk of at least n bytes, or null
59 if no space is available.
61 Release the chunk of memory pointed to by p, or no effect if p is null.
62 realloc(Void_t* p, size_t n);
63 Return a pointer to a chunk of size n that contains the same data
64 as does chunk p up to the minimum of (n, p's size) bytes, or null
65 if no space is available. The returned pointer may or may not be
66 the same as p. If p is null, equivalent to malloc. Unless the
67 #define REALLOC_ZERO_BYTES_FREES below is set, realloc with a
68 size argument of zero (re)allocates a minimum-sized chunk.
69 memalign(size_t alignment, size_t n);
70 Return a pointer to a newly allocated chunk of n bytes, aligned
71 in accord with the alignment argument, which must be a power of
74 Equivalent to memalign(pagesize, n), where pagesize is the page
75 size of the system (or as near to this as can be figured out from
76 all the includes/defines below.)
78 Equivalent to valloc(minimum-page-that-holds(n)), that is,
79 round up n to nearest pagesize.
80 calloc(size_t unit, size_t quantity);
81 Returns a pointer to quantity * unit bytes, with all locations
84 Equivalent to free(p).
85 malloc_trim(size_t pad);
86 Release all but pad bytes of freed top-most memory back
87 to the system. Return 1 if successful, else 0.
88 malloc_usable_size(Void_t* p);
89 Report the number usable allocated bytes associated with allocated
90 chunk p. This may or may not report more bytes than were requested,
91 due to alignment and minimum size constraints.
93 Prints brief summary statistics on stderr.
95 Returns (by copy) a struct containing various summary statistics.
96 mallopt(int parameter_number, int parameter_value)
97 Changes one of the tunable parameters described below. Returns
98 1 if successful in changing the parameter, else 0.
103 8 byte alignment is currently hardwired into the design. This
104 seems to suffice for all current machines and C compilers.
106 Assumed pointer representation: 4 or 8 bytes
107 Code for 8-byte pointers is untested by me but has worked
108 reliably by Wolfram Gloger, who contributed most of the
109 changes supporting this.
111 Assumed size_t representation: 4 or 8 bytes
112 Note that size_t is allowed to be 4 bytes even if pointers are 8.
114 Minimum overhead per allocated chunk: 4 or 8 bytes
115 Each malloced chunk has a hidden overhead of 4 bytes holding size
116 and status information.
118 Minimum allocated size: 4-byte ptrs: 16 bytes (including 4 overhead)
119 8-byte ptrs: 24/32 bytes (including, 4/8 overhead)
121 When a chunk is freed, 12 (for 4byte ptrs) or 20 (for 8 byte
122 ptrs but 4 byte size) or 24 (for 8/8) additional bytes are
123 needed; 4 (8) for a trailing size field
124 and 8 (16) bytes for free list pointers. Thus, the minimum
125 allocatable size is 16/24/32 bytes.
127 Even a request for zero bytes (i.e., malloc(0)) returns a
128 pointer to something of the minimum allocatable size.
130 Maximum allocated size: 4-byte size_t: 2^31 - 8 bytes
131 8-byte size_t: 2^63 - 16 bytes
133 It is assumed that (possibly signed) size_t bit values suffice to
134 represent chunk sizes. `Possibly signed' is due to the fact
135 that `size_t' may be defined on a system as either a signed or
136 an unsigned type. To be conservative, values that would appear
137 as negative numbers are avoided.
138 Requests for sizes with a negative sign bit will return a
141 Maximum overhead wastage per allocated chunk: normally 15 bytes
143 Alignment demands, plus the minimum allocatable size restriction
144 make the normal worst-case wastage 15 bytes (i.e., up to 15
145 more bytes will be allocated than were requested in malloc), with
147 1. Because requests for zero bytes allocate non-zero space,
148 the worst case wastage for a request of zero bytes is 24 bytes.
149 2. For requests >= mmap_threshold that are serviced via
150 mmap(), the worst case wastage is 8 bytes plus the remainder
151 from a system page (the minimal mmap unit); typically 4096 bytes.
155 Here are some features that are NOT currently supported
157 * No automated mechanism for fully checking that all accesses
158 to malloced memory stay within their bounds.
159 * No support for compaction.
161 * Synopsis of compile-time options:
163 People have reported using previous versions of this malloc on all
164 versions of Unix, sometimes by tweaking some of the defines
165 below. It has been tested most extensively on Solaris and
166 Linux. People have also reported adapting this malloc for use in
167 stand-alone embedded systems.
169 The implementation is in straight, hand-tuned ANSI C. Among other
170 consequences, it uses a lot of macros. Because of this, to be at
171 all usable, this code should be compiled using an optimizing compiler
172 (for example gcc -O2) that can simplify expressions and control
175 __STD_C (default: derived from C compiler defines)
176 Nonzero if using ANSI-standard C compiler, a C++ compiler, or
177 a C compiler sufficiently close to ANSI to get away with it.
178 MALLOC_DEBUG (default: NOT defined)
179 Define to enable debugging. Adds fairly extensive assertion-based
180 checking to help track down memory errors, but noticeably slows down
182 MALLOC_HOOKS (default: NOT defined)
183 Define to enable support run-time replacement of the allocation
184 functions through user-defined `hooks'.
185 REALLOC_ZERO_BYTES_FREES (default: NOT defined)
186 Define this if you think that realloc(p, 0) should be equivalent
187 to free(p). Otherwise, since malloc returns a unique pointer for
188 malloc(0), so does realloc(p, 0).
189 HAVE_MEMCPY (default: defined)
190 Define if you are not otherwise using ANSI STD C, but still
191 have memcpy and memset in your C library and want to use them.
192 Otherwise, simple internal versions are supplied.
193 USE_MEMCPY (default: 1 if HAVE_MEMCPY is defined, 0 otherwise)
194 Define as 1 if you want the C library versions of memset and
195 memcpy called in realloc and calloc (otherwise macro versions are used).
196 At least on some platforms, the simple macro versions usually
197 outperform libc versions.
198 HAVE_MMAP (default: defined as 1)
199 Define to non-zero to optionally make malloc() use mmap() to
200 allocate very large blocks.
201 HAVE_MREMAP (default: defined as 0 unless Linux libc set)
202 Define to non-zero to optionally make realloc() use mremap() to
203 reallocate very large blocks.
204 malloc_getpagesize (default: derived from system #includes)
205 Either a constant or routine call returning the system page size.
206 HAVE_USR_INCLUDE_MALLOC_H (default: NOT defined)
207 Optionally define if you are on a system with a /usr/include/malloc.h
208 that declares struct mallinfo. It is not at all necessary to
209 define this even if you do, but will ensure consistency.
210 INTERNAL_SIZE_T (default: size_t)
211 Define to a 32-bit type (probably `unsigned int') if you are on a
212 64-bit machine, yet do not want or need to allow malloc requests of
213 greater than 2^31 to be handled. This saves space, especially for
215 _LIBC (default: NOT defined)
216 Defined only when compiled as part of the Linux libc/glibc.
217 Also note that there is some odd internal name-mangling via defines
218 (for example, internally, `malloc' is named `mALLOc') needed
219 when compiling in this case. These look funny but don't otherwise
221 LACKS_UNISTD_H (default: undefined)
222 Define this if your system does not have a <unistd.h>.
223 MORECORE (default: sbrk)
224 The name of the routine to call to obtain more memory from the system.
225 MORECORE_FAILURE (default: -1)
226 The value returned upon failure of MORECORE.
227 MORECORE_CLEARS (default 1)
228 True (1) if the routine mapped to MORECORE zeroes out memory (which
230 DEFAULT_TRIM_THRESHOLD
232 DEFAULT_MMAP_THRESHOLD
234 Default values of tunable parameters (described in detail below)
235 controlling interaction with host system routines (sbrk, mmap, etc).
236 These values may also be changed dynamically via mallopt(). The
237 preset defaults are those that give best performance for typical
240 When the standard debugging hooks are in place, and a pointer is
241 detected as corrupt, do nothing (0), print an error message (1),
249 * Compile-time options for multiple threads:
251 USE_PTHREADS, USE_THR, USE_SPROC
252 Define one of these as 1 to select the thread interface:
253 POSIX threads, Solaris threads or SGI sproc's, respectively.
254 If none of these is defined as non-zero, you get a `normal'
255 malloc implementation which is not thread-safe. Support for
256 multiple threads requires HAVE_MMAP=1. As an exception, when
257 compiling for GNU libc, i.e. when _LIBC is defined, then none of
258 the USE_... symbols have to be defined.
262 When thread support is enabled, additional `heap's are created
263 with mmap calls. These are limited in size; HEAP_MIN_SIZE should
264 be a multiple of the page size, while HEAP_MAX_SIZE must be a power
265 of two for alignment reasons. HEAP_MAX_SIZE should be at least
266 twice as large as the mmap threshold.
268 When this is defined as non-zero, some statistics on mutex locking
279 #if defined (__STDC__)
286 #endif /*__cplusplus*/
299 # include <stddef.h> /* for size_t */
300 # if defined(_LIBC) || defined(MALLOC_HOOKS)
301 # include <stdlib.h> /* for getenv(), abort() */
304 # include <sys/types.h>
307 /* Macros for handling mutexes and thread-specific data. This is
308 included early, because some thread-related header files (such as
309 pthread.h) should be included before any others. */
310 #include "thread-m.h"
316 #include <stdio.h> /* needed for malloc_stats */
327 Because freed chunks may be overwritten with link fields, this
328 malloc will often die when freed memory is overwritten by user
329 programs. This can be very effective (albeit in an annoying way)
330 in helping track down dangling pointers.
332 If you compile with -DMALLOC_DEBUG, a number of assertion checks are
333 enabled that will catch more memory errors. You probably won't be
334 able to make much sense of the actual assertion errors, but they
335 should help you locate incorrectly overwritten memory. The
336 checking is fairly extensive, and will slow down execution
337 noticeably. Calling malloc_stats or mallinfo with MALLOC_DEBUG set will
338 attempt to check every non-mmapped allocated and free chunk in the
339 course of computing the summaries. (By nature, mmapped regions
340 cannot be checked very much automatically.)
342 Setting MALLOC_DEBUG may also be helpful if you are trying to modify
343 this code. The assertions in the check routines spell out in more
344 detail the assumptions and invariants underlying the algorithms.
351 #define assert(x) ((void)0)
356 INTERNAL_SIZE_T is the word-size used for internal bookkeeping
357 of chunk sizes. On a 64-bit machine, you can reduce malloc
358 overhead by defining INTERNAL_SIZE_T to be a 32 bit `unsigned int'
359 at the expense of not being able to handle requests greater than
360 2^31. This limitation is hardly ever a concern; you are encouraged
361 to set this. However, the default version is the same as size_t.
364 #ifndef INTERNAL_SIZE_T
365 #define INTERNAL_SIZE_T size_t
369 REALLOC_ZERO_BYTES_FREES should be set if a call to
370 realloc with zero bytes should be the same as a call to free.
371 Some people think it should. Otherwise, since this malloc
372 returns a unique pointer for malloc(0), so does realloc(p, 0).
376 /* #define REALLOC_ZERO_BYTES_FREES */
380 HAVE_MEMCPY should be defined if you are not otherwise using
381 ANSI STD C, but still have memcpy and memset in your C library
382 and want to use them in calloc and realloc. Otherwise simple
383 macro versions are defined here.
385 USE_MEMCPY should be defined as 1 if you actually want to
386 have memset and memcpy called. People report that the macro
387 versions are often enough faster than libc versions on many
388 systems that it is better to use them.
392 #define HAVE_MEMCPY 1
402 #if (__STD_C || defined(HAVE_MEMCPY))
405 void* memset(void*, int, size_t);
406 void* memcpy(void*, const void*, size_t);
415 /* The following macros are only invoked with (2n+1)-multiples of
416 INTERNAL_SIZE_T units, with a positive integer n. This is exploited
417 for fast inline execution when n is small. */
419 #define MALLOC_ZERO(charp, nbytes) \
421 INTERNAL_SIZE_T mzsz = (nbytes); \
422 if(mzsz <= 9*sizeof(mzsz)) { \
423 INTERNAL_SIZE_T* mz = (INTERNAL_SIZE_T*) (charp); \
424 if(mzsz >= 5*sizeof(mzsz)) { *mz++ = 0; \
426 if(mzsz >= 7*sizeof(mzsz)) { *mz++ = 0; \
428 if(mzsz >= 9*sizeof(mzsz)) { *mz++ = 0; \
433 } else memset((charp), 0, mzsz); \
436 #define MALLOC_COPY(dest,src,nbytes) \
438 INTERNAL_SIZE_T mcsz = (nbytes); \
439 if(mcsz <= 9*sizeof(mcsz)) { \
440 INTERNAL_SIZE_T* mcsrc = (INTERNAL_SIZE_T*) (src); \
441 INTERNAL_SIZE_T* mcdst = (INTERNAL_SIZE_T*) (dest); \
442 if(mcsz >= 5*sizeof(mcsz)) { *mcdst++ = *mcsrc++; \
443 *mcdst++ = *mcsrc++; \
444 if(mcsz >= 7*sizeof(mcsz)) { *mcdst++ = *mcsrc++; \
445 *mcdst++ = *mcsrc++; \
446 if(mcsz >= 9*sizeof(mcsz)) { *mcdst++ = *mcsrc++; \
447 *mcdst++ = *mcsrc++; }}} \
448 *mcdst++ = *mcsrc++; \
449 *mcdst++ = *mcsrc++; \
451 } else memcpy(dest, src, mcsz); \
454 #else /* !USE_MEMCPY */
456 /* Use Duff's device for good zeroing/copying performance. */
458 #define MALLOC_ZERO(charp, nbytes) \
460 INTERNAL_SIZE_T* mzp = (INTERNAL_SIZE_T*)(charp); \
461 long mctmp = (nbytes)/sizeof(INTERNAL_SIZE_T), mcn; \
462 if (mctmp < 8) mcn = 0; else { mcn = (mctmp-1)/8; mctmp %= 8; } \
464 case 0: for(;;) { *mzp++ = 0; \
465 case 7: *mzp++ = 0; \
466 case 6: *mzp++ = 0; \
467 case 5: *mzp++ = 0; \
468 case 4: *mzp++ = 0; \
469 case 3: *mzp++ = 0; \
470 case 2: *mzp++ = 0; \
471 case 1: *mzp++ = 0; if(mcn <= 0) break; mcn--; } \
475 #define MALLOC_COPY(dest,src,nbytes) \
477 INTERNAL_SIZE_T* mcsrc = (INTERNAL_SIZE_T*) src; \
478 INTERNAL_SIZE_T* mcdst = (INTERNAL_SIZE_T*) dest; \
479 long mctmp = (nbytes)/sizeof(INTERNAL_SIZE_T), mcn; \
480 if (mctmp < 8) mcn = 0; else { mcn = (mctmp-1)/8; mctmp %= 8; } \
482 case 0: for(;;) { *mcdst++ = *mcsrc++; \
483 case 7: *mcdst++ = *mcsrc++; \
484 case 6: *mcdst++ = *mcsrc++; \
485 case 5: *mcdst++ = *mcsrc++; \
486 case 4: *mcdst++ = *mcsrc++; \
487 case 3: *mcdst++ = *mcsrc++; \
488 case 2: *mcdst++ = *mcsrc++; \
489 case 1: *mcdst++ = *mcsrc++; if(mcn <= 0) break; mcn--; } \
497 Define HAVE_MMAP to optionally make malloc() use mmap() to
498 allocate very large blocks. These will be returned to the
499 operating system immediately after a free().
507 Define HAVE_MREMAP to make realloc() use mremap() to re-allocate
508 large blocks. This is currently only possible on Linux with
509 kernel versions newer than 1.3.77.
513 #define HAVE_MREMAP defined(__linux__)
520 #include <sys/mman.h>
522 #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
523 #define MAP_ANONYMOUS MAP_ANON
526 #endif /* HAVE_MMAP */
529 Access to system page size. To the extent possible, this malloc
530 manages memory from the system in page-size units.
532 The following mechanics for getpagesize were adapted from
533 bsd/gnu getpagesize.h
536 #ifndef LACKS_UNISTD_H
540 #ifndef malloc_getpagesize
541 # ifdef _SC_PAGESIZE /* some SVR4 systems omit an underscore */
542 # ifndef _SC_PAGE_SIZE
543 # define _SC_PAGE_SIZE _SC_PAGESIZE
546 # ifdef _SC_PAGE_SIZE
547 # define malloc_getpagesize sysconf(_SC_PAGE_SIZE)
549 # if defined(BSD) || defined(DGUX) || defined(HAVE_GETPAGESIZE)
550 extern size_t getpagesize();
551 # define malloc_getpagesize getpagesize()
553 # include <sys/param.h>
554 # ifdef EXEC_PAGESIZE
555 # define malloc_getpagesize EXEC_PAGESIZE
559 # define malloc_getpagesize NBPG
561 # define malloc_getpagesize (NBPG * CLSIZE)
565 # define malloc_getpagesize NBPC
568 # define malloc_getpagesize PAGESIZE
570 # define malloc_getpagesize (4096) /* just guess */
583 This version of malloc supports the standard SVID/XPG mallinfo
584 routine that returns a struct containing the same kind of
585 information you can get from malloc_stats. It should work on
586 any SVID/XPG compliant system that has a /usr/include/malloc.h
587 defining struct mallinfo. (If you'd like to install such a thing
588 yourself, cut out the preliminary declarations as described above
589 and below and save them in a malloc.h file. But there's no
590 compelling reason to bother to do this.)
592 The main declaration needed is the mallinfo struct that is returned
593 (by-copy) by mallinfo(). The SVID/XPG malloinfo struct contains a
594 bunch of fields, most of which are not even meaningful in this
595 version of malloc. Some of these fields are are instead filled by
596 mallinfo() with other numbers that might possibly be of interest.
598 HAVE_USR_INCLUDE_MALLOC_H should be set if you have a
599 /usr/include/malloc.h file that includes a declaration of struct
600 mallinfo. If so, it is included; else an SVID2/XPG2 compliant
601 version is declared below. These must be precisely the same for
606 /* #define HAVE_USR_INCLUDE_MALLOC_H */
608 #if HAVE_USR_INCLUDE_MALLOC_H
609 # include "/usr/include/malloc.h"
614 # include "ptmalloc.h"
620 #ifndef DEFAULT_TRIM_THRESHOLD
621 #define DEFAULT_TRIM_THRESHOLD (128 * 1024)
625 M_TRIM_THRESHOLD is the maximum amount of unused top-most memory
626 to keep before releasing via malloc_trim in free().
628 Automatic trimming is mainly useful in long-lived programs.
629 Because trimming via sbrk can be slow on some systems, and can
630 sometimes be wasteful (in cases where programs immediately
631 afterward allocate more large chunks) the value should be high
632 enough so that your overall system performance would improve by
635 The trim threshold and the mmap control parameters (see below)
636 can be traded off with one another. Trimming and mmapping are
637 two different ways of releasing unused memory back to the
638 system. Between these two, it is often possible to keep
639 system-level demands of a long-lived program down to a bare
640 minimum. For example, in one test suite of sessions measuring
641 the XF86 X server on Linux, using a trim threshold of 128K and a
642 mmap threshold of 192K led to near-minimal long term resource
645 If you are using this malloc in a long-lived program, it should
646 pay to experiment with these values. As a rough guide, you
647 might set to a value close to the average size of a process
648 (program) running on your system. Releasing this much memory
649 would allow such a process to run in memory. Generally, it's
650 worth it to tune for trimming rather than memory mapping when a
651 program undergoes phases where several large chunks are
652 allocated and released in ways that can reuse each other's
653 storage, perhaps mixed with phases where there are no such
654 chunks at all. And in well-behaved long-lived programs,
655 controlling release of large blocks via trimming versus mapping
658 However, in most programs, these parameters serve mainly as
659 protection against the system-level effects of carrying around
660 massive amounts of unneeded memory. Since frequent calls to
661 sbrk, mmap, and munmap otherwise degrade performance, the default
662 parameters are set to relatively high values that serve only as
665 The default trim value is high enough to cause trimming only in
666 fairly extreme (by current memory consumption standards) cases.
667 It must be greater than page size to have any useful effect. To
668 disable trimming completely, you can set to (unsigned long)(-1);
674 #ifndef DEFAULT_TOP_PAD
675 #define DEFAULT_TOP_PAD (0)
679 M_TOP_PAD is the amount of extra `padding' space to allocate or
680 retain whenever sbrk is called. It is used in two ways internally:
682 * When sbrk is called to extend the top of the arena to satisfy
683 a new malloc request, this much padding is added to the sbrk
686 * When malloc_trim is called automatically from free(),
687 it is used as the `pad' argument.
689 In both cases, the actual amount of padding is rounded
690 so that the end of the arena is always a system page boundary.
692 The main reason for using padding is to avoid calling sbrk so
693 often. Having even a small pad greatly reduces the likelihood
694 that nearly every malloc request during program start-up (or
695 after trimming) will invoke sbrk, which needlessly wastes
698 Automatic rounding-up to page-size units is normally sufficient
699 to avoid measurable overhead, so the default is 0. However, in
700 systems where sbrk is relatively slow, it can pay to increase
701 this value, at the expense of carrying around more memory than
707 #ifndef DEFAULT_MMAP_THRESHOLD
708 #define DEFAULT_MMAP_THRESHOLD (128 * 1024)
713 M_MMAP_THRESHOLD is the request size threshold for using mmap()
714 to service a request. Requests of at least this size that cannot
715 be allocated using already-existing space will be serviced via mmap.
716 (If enough normal freed space already exists it is used instead.)
718 Using mmap segregates relatively large chunks of memory so that
719 they can be individually obtained and released from the host
720 system. A request serviced through mmap is never reused by any
721 other request (at least not directly; the system may just so
722 happen to remap successive requests to the same locations).
724 Segregating space in this way has the benefit that mmapped space
725 can ALWAYS be individually released back to the system, which
726 helps keep the system level memory demands of a long-lived
727 program low. Mapped memory can never become `locked' between
728 other chunks, as can happen with normally allocated chunks, which
729 menas that even trimming via malloc_trim would not release them.
731 However, it has the disadvantages that:
733 1. The space cannot be reclaimed, consolidated, and then
734 used to service later requests, as happens with normal chunks.
735 2. It can lead to more wastage because of mmap page alignment
737 3. It causes malloc performance to be more dependent on host
738 system memory management support routines which may vary in
739 implementation quality and may impose arbitrary
740 limitations. Generally, servicing a request via normal
741 malloc steps is faster than going through a system's mmap.
743 All together, these considerations should lead you to use mmap
744 only for relatively large requests.
751 #ifndef DEFAULT_MMAP_MAX
753 #define DEFAULT_MMAP_MAX (1024)
755 #define DEFAULT_MMAP_MAX (0)
760 M_MMAP_MAX is the maximum number of requests to simultaneously
761 service using mmap. This parameter exists because:
763 1. Some systems have a limited number of internal tables for
765 2. In most systems, overreliance on mmap can degrade overall
767 3. If a program allocates many large regions, it is probably
768 better off using normal sbrk-based allocation routines that
769 can reclaim and reallocate normal heap memory. Using a
770 small value allows transition into this mode after the
771 first few allocations.
773 Setting to 0 disables all use of mmap. If HAVE_MMAP is not set,
774 the default value is 0, and attempts to set it to non-zero values
775 in mallopt will fail.
780 #ifndef DEFAULT_CHECK_ACTION
781 #define DEFAULT_CHECK_ACTION 1
784 /* What to do if the standard debugging hooks are in place and a
785 corrupt pointer is detected: do nothing (0), print an error message
786 (1), or call abort() (2). */
790 #define HEAP_MIN_SIZE (32*1024)
791 #define HEAP_MAX_SIZE (1024*1024) /* must be a power of two */
793 /* HEAP_MIN_SIZE and HEAP_MAX_SIZE limit the size of mmap()ed heaps
794 that are dynamically created for multi-threaded programs. The
795 maximum size must be a power of two, for fast determination of
796 which heap belongs to a chunk. It should be much larger than
797 the mmap threshold, so that requests with a size just below that
798 threshold can be fulfilled without creating too many heaps.
804 #define THREAD_STATS 0
807 /* If THREAD_STATS is non-zero, some statistics on mutex locking are
813 Special defines for the Linux/GNU C library.
822 Void_t * __default_morecore (ptrdiff_t);
823 Void_t *(*__morecore)(ptrdiff_t) = __default_morecore;
827 Void_t * __default_morecore ();
828 Void_t *(*__morecore)() = __default_morecore;
832 #define MORECORE (*__morecore)
833 #define MORECORE_FAILURE 0
834 #define MORECORE_CLEARS 1
836 #define munmap __munmap
837 #define mremap __mremap
838 #undef malloc_getpagesize
839 #define malloc_getpagesize __getpagesize()
844 extern Void_t* sbrk(ptrdiff_t);
846 extern Void_t* sbrk();
850 #define MORECORE sbrk
853 #ifndef MORECORE_FAILURE
854 #define MORECORE_FAILURE -1
857 #ifndef MORECORE_CLEARS
858 #define MORECORE_CLEARS 1
865 #define cALLOc __libc_calloc
866 #define fREe __libc_free
867 #define mALLOc __libc_malloc
868 #define mEMALIGn __libc_memalign
869 #define rEALLOc __libc_realloc
870 #define vALLOc __libc_valloc
871 #define pvALLOc __libc_pvalloc
872 #define mALLINFo __libc_mallinfo
873 #define mALLOPt __libc_mallopt
874 #define mALLOC_STATs __malloc_stats
875 #define mALLOC_USABLE_SIZe __malloc_usable_size
876 #define mALLOC_TRIm __malloc_trim
877 #define mALLOC_GET_STATe __malloc_get_state
878 #define mALLOC_SET_STATe __malloc_set_state
882 #define cALLOc calloc
884 #define mALLOc malloc
885 #define mEMALIGn memalign
886 #define rEALLOc realloc
887 #define vALLOc valloc
888 #define pvALLOc pvalloc
889 #define mALLINFo mallinfo
890 #define mALLOPt mallopt
891 #define mALLOC_STATs malloc_stats
892 #define mALLOC_USABLE_SIZe malloc_usable_size
893 #define mALLOC_TRIm malloc_trim
894 #define mALLOC_GET_STATe malloc_get_state
895 #define mALLOC_SET_STATe malloc_set_state
899 /* Public routines */
904 void ptmalloc_init(void);
906 Void_t* mALLOc(size_t);
908 Void_t* rEALLOc(Void_t*, size_t);
909 Void_t* mEMALIGn(size_t, size_t);
910 Void_t* vALLOc(size_t);
911 Void_t* pvALLOc(size_t);
912 Void_t* cALLOc(size_t, size_t);
914 int mALLOC_TRIm(size_t);
915 size_t mALLOC_USABLE_SIZe(Void_t*);
916 void mALLOC_STATs(void);
917 int mALLOPt(int, int);
918 struct mallinfo mALLINFo(void);
919 Void_t* mALLOC_GET_STATe(void);
920 int mALLOC_SET_STATe(Void_t*);
925 void ptmalloc_init();
936 size_t mALLOC_USABLE_SIZe();
939 struct mallinfo mALLINFo();
940 Void_t* mALLOC_GET_STATe();
941 int mALLOC_SET_STATe();
947 }; /* end of extern "C" */
950 #if !defined(NO_THREADS) && !HAVE_MMAP
951 "Can't have threads support without mmap"
962 INTERNAL_SIZE_T prev_size; /* Size of previous chunk (if free). */
963 INTERNAL_SIZE_T size; /* Size in bytes, including overhead. */
964 struct malloc_chunk* fd; /* double links -- used only if free. */
965 struct malloc_chunk* bk;
968 typedef struct malloc_chunk* mchunkptr;
972 malloc_chunk details:
974 (The following includes lightly edited explanations by Colin Plumb.)
976 Chunks of memory are maintained using a `boundary tag' method as
977 described in e.g., Knuth or Standish. (See the paper by Paul
978 Wilson ftp://ftp.cs.utexas.edu/pub/garbage/allocsrv.ps for a
979 survey of such techniques.) Sizes of free chunks are stored both
980 in the front of each chunk and at the end. This makes
981 consolidating fragmented chunks into bigger chunks very fast. The
982 size fields also hold bits representing whether chunks are free or
985 An allocated chunk looks like this:
988 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
989 | Size of previous chunk, if allocated | |
990 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
991 | Size of chunk, in bytes |P|
992 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
993 | User data starts here... .
995 . (malloc_usable_space() bytes) .
997 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
999 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1002 Where "chunk" is the front of the chunk for the purpose of most of
1003 the malloc code, but "mem" is the pointer that is returned to the
1004 user. "Nextchunk" is the beginning of the next contiguous chunk.
1006 Chunks always begin on even word boundaries, so the mem portion
1007 (which is returned to the user) is also on an even word boundary, and
1008 thus double-word aligned.
1010 Free chunks are stored in circular doubly-linked lists, and look like this:
1012 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1013 | Size of previous chunk |
1014 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1015 `head:' | Size of chunk, in bytes |P|
1016 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1017 | Forward pointer to next chunk in list |
1018 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1019 | Back pointer to previous chunk in list |
1020 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1021 | Unused space (may be 0 bytes long) .
1024 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1025 `foot:' | Size of chunk, in bytes |
1026 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1028 The P (PREV_INUSE) bit, stored in the unused low-order bit of the
1029 chunk size (which is always a multiple of two words), is an in-use
1030 bit for the *previous* chunk. If that bit is *clear*, then the
1031 word before the current chunk size contains the previous chunk
1032 size, and can be used to find the front of the previous chunk.
1033 (The very first chunk allocated always has this bit set,
1034 preventing access to non-existent (or non-owned) memory.)
1036 Note that the `foot' of the current chunk is actually represented
1037 as the prev_size of the NEXT chunk. (This makes it easier to
1038 deal with alignments etc).
1040 The two exceptions to all this are
1042 1. The special chunk `top', which doesn't bother using the
1043 trailing size field since there is no
1044 next contiguous chunk that would have to index off it. (After
1045 initialization, `top' is forced to always exist. If it would
1046 become less than MINSIZE bytes long, it is replenished via
1049 2. Chunks allocated via mmap, which have the second-lowest-order
1050 bit (IS_MMAPPED) set in their size fields. Because they are
1051 never merged or traversed from any other chunk, they have no
1052 foot size or inuse information.
1054 Available chunks are kept in any of several places (all declared below):
1056 * `av': An array of chunks serving as bin headers for consolidated
1057 chunks. Each bin is doubly linked. The bins are approximately
1058 proportionally (log) spaced. There are a lot of these bins
1059 (128). This may look excessive, but works very well in
1060 practice. All procedures maintain the invariant that no
1061 consolidated chunk physically borders another one. Chunks in
1062 bins are kept in size order, with ties going to the
1063 approximately least recently used chunk.
1065 The chunks in each bin are maintained in decreasing sorted order by
1066 size. This is irrelevant for the small bins, which all contain
1067 the same-sized chunks, but facilitates best-fit allocation for
1068 larger chunks. (These lists are just sequential. Keeping them in
1069 order almost never requires enough traversal to warrant using
1070 fancier ordered data structures.) Chunks of the same size are
1071 linked with the most recently freed at the front, and allocations
1072 are taken from the back. This results in LRU or FIFO allocation
1073 order, which tends to give each chunk an equal opportunity to be
1074 consolidated with adjacent freed chunks, resulting in larger free
1075 chunks and less fragmentation.
1077 * `top': The top-most available chunk (i.e., the one bordering the
1078 end of available memory) is treated specially. It is never
1079 included in any bin, is used only if no other chunk is
1080 available, and is released back to the system if it is very
1081 large (see M_TRIM_THRESHOLD).
1083 * `last_remainder': A bin holding only the remainder of the
1084 most recently split (non-top) chunk. This bin is checked
1085 before other non-fitting chunks, so as to provide better
1086 locality for runs of sequentially allocated chunks.
1088 * Implicitly, through the host system's memory mapping tables.
1089 If supported, requests greater than a threshold are usually
1090 serviced via calls to mmap, and then later released via munmap.
1097 The bins are an array of pairs of pointers serving as the
1098 heads of (initially empty) doubly-linked lists of chunks, laid out
1099 in a way so that each pair can be treated as if it were in a
1100 malloc_chunk. (This way, the fd/bk offsets for linking bin heads
1101 and chunks are the same).
1103 Bins for sizes < 512 bytes contain chunks of all the same size, spaced
1104 8 bytes apart. Larger bins are approximately logarithmically
1105 spaced. (See the table below.)
1113 4 bins of size 32768
1114 2 bins of size 262144
1115 1 bin of size what's left
1117 There is actually a little bit of slop in the numbers in bin_index
1118 for the sake of speed. This makes no difference elsewhere.
1120 The special chunks `top' and `last_remainder' get their own bins,
1121 (this is implemented via yet more trickery with the av array),
1122 although `top' is never properly linked to its bin since it is
1123 always handled specially.
1127 #define NAV 128 /* number of bins */
1129 typedef struct malloc_chunk* mbinptr;
1131 /* An arena is a configuration of malloc_chunks together with an array
1132 of bins. With multiple threads, it must be locked via a mutex
1133 before changing its data structures. One or more `heaps' are
1134 associated with each arena, except for the main_arena, which is
1135 associated only with the `main heap', i.e. the conventional free
1136 store obtained with calls to MORECORE() (usually sbrk). The `av'
1137 array is never mentioned directly in the code, but instead used via
1138 bin access macros. */
1140 typedef struct _arena {
1141 mbinptr av[2*NAV + 2];
1142 struct _arena *next;
1145 long stat_lock_direct, stat_lock_loop, stat_lock_wait;
1151 /* A heap is a single contiguous memory region holding (coalesceable)
1152 malloc_chunks. It is allocated with mmap() and always starts at an
1153 address aligned to HEAP_MAX_SIZE. Not used unless compiling for
1154 multiple threads. */
1156 typedef struct _heap_info {
1157 arena *ar_ptr; /* Arena for this heap. */
1158 struct _heap_info *prev; /* Previous heap. */
1159 size_t size; /* Current size in bytes. */
1160 size_t pad; /* Make sure the following data is properly aligned. */
1165 Static functions (forward declarations)
1170 static void chunk_free(arena *ar_ptr, mchunkptr p);
1171 static mchunkptr chunk_alloc(arena *ar_ptr, INTERNAL_SIZE_T size);
1172 static mchunkptr chunk_realloc(arena *ar_ptr, mchunkptr oldp,
1173 INTERNAL_SIZE_T oldsize, INTERNAL_SIZE_T nb);
1174 static mchunkptr chunk_align(arena *ar_ptr, INTERNAL_SIZE_T nb,
1176 static int main_trim(size_t pad);
1178 static int heap_trim(heap_info *heap, size_t pad);
1180 #if defined(_LIBC) || defined(MALLOC_HOOKS)
1181 static Void_t* malloc_check(size_t sz);
1182 static void free_check(Void_t* mem);
1183 static Void_t* realloc_check(Void_t* oldmem, size_t bytes);
1184 static Void_t* memalign_check(size_t alignment, size_t bytes);
1185 static Void_t* malloc_starter(size_t sz);
1186 static void free_starter(Void_t* mem);
1191 static void chunk_free();
1192 static mchunkptr chunk_alloc();
1193 static mchunkptr chunk_realloc();
1194 static mchunkptr chunk_align();
1195 static int main_trim();
1197 static int heap_trim();
1199 #if defined(_LIBC) || defined(MALLOC_HOOKS)
1200 static Void_t* malloc_check();
1201 static void free_check();
1202 static Void_t* realloc_check();
1203 static Void_t* memalign_check();
1204 static Void_t* malloc_starter();
1205 static void free_starter();
1212 /* sizes, alignments */
1214 #define SIZE_SZ (sizeof(INTERNAL_SIZE_T))
1215 #define MALLOC_ALIGNMENT (SIZE_SZ + SIZE_SZ)
1216 #define MALLOC_ALIGN_MASK (MALLOC_ALIGNMENT - 1)
1217 #define MINSIZE (sizeof(struct malloc_chunk))
1219 /* conversion from malloc headers to user pointers, and back */
1221 #define chunk2mem(p) ((Void_t*)((char*)(p) + 2*SIZE_SZ))
1222 #define mem2chunk(mem) ((mchunkptr)((char*)(mem) - 2*SIZE_SZ))
1224 /* pad request bytes into a usable size */
1226 #define request2size(req) \
1227 (((long)((req) + (SIZE_SZ + MALLOC_ALIGN_MASK)) < \
1228 (long)(MINSIZE + MALLOC_ALIGN_MASK)) ? MINSIZE : \
1229 (((req) + (SIZE_SZ + MALLOC_ALIGN_MASK)) & ~(MALLOC_ALIGN_MASK)))
1231 /* Check if m has acceptable alignment */
1233 #define aligned_OK(m) (((unsigned long)((m)) & (MALLOC_ALIGN_MASK)) == 0)
1239 Physical chunk operations
1243 /* size field is or'ed with PREV_INUSE when previous adjacent chunk in use */
1245 #define PREV_INUSE 0x1
1247 /* size field is or'ed with IS_MMAPPED if the chunk was obtained with mmap() */
1249 #define IS_MMAPPED 0x2
1251 /* Bits to mask off when extracting size */
1253 #define SIZE_BITS (PREV_INUSE|IS_MMAPPED)
1256 /* Ptr to next physical malloc_chunk. */
1258 #define next_chunk(p) ((mchunkptr)( ((char*)(p)) + ((p)->size & ~PREV_INUSE) ))
1260 /* Ptr to previous physical malloc_chunk */
1262 #define prev_chunk(p) ((mchunkptr)( ((char*)(p)) - ((p)->prev_size) ))
1265 /* Treat space at ptr + offset as a chunk */
1267 #define chunk_at_offset(p, s) ((mchunkptr)(((char*)(p)) + (s)))
1273 Dealing with use bits
1276 /* extract p's inuse bit */
1279 ((((mchunkptr)(((char*)(p))+((p)->size & ~PREV_INUSE)))->size) & PREV_INUSE)
1281 /* extract inuse bit of previous chunk */
1283 #define prev_inuse(p) ((p)->size & PREV_INUSE)
1285 /* check for mmap()'ed chunk */
1287 #define chunk_is_mmapped(p) ((p)->size & IS_MMAPPED)
1289 /* set/clear chunk as in use without otherwise disturbing */
1291 #define set_inuse(p) \
1292 ((mchunkptr)(((char*)(p)) + ((p)->size & ~PREV_INUSE)))->size |= PREV_INUSE
1294 #define clear_inuse(p) \
1295 ((mchunkptr)(((char*)(p)) + ((p)->size & ~PREV_INUSE)))->size &= ~(PREV_INUSE)
1297 /* check/set/clear inuse bits in known places */
1299 #define inuse_bit_at_offset(p, s)\
1300 (((mchunkptr)(((char*)(p)) + (s)))->size & PREV_INUSE)
1302 #define set_inuse_bit_at_offset(p, s)\
1303 (((mchunkptr)(((char*)(p)) + (s)))->size |= PREV_INUSE)
1305 #define clear_inuse_bit_at_offset(p, s)\
1306 (((mchunkptr)(((char*)(p)) + (s)))->size &= ~(PREV_INUSE))
1312 Dealing with size fields
1315 /* Get size, ignoring use bits */
1317 #define chunksize(p) ((p)->size & ~(SIZE_BITS))
1319 /* Set size at head, without disturbing its use bit */
1321 #define set_head_size(p, s) ((p)->size = (((p)->size & PREV_INUSE) | (s)))
1323 /* Set size/use ignoring previous bits in header */
1325 #define set_head(p, s) ((p)->size = (s))
1327 /* Set size at footer (only when chunk is not in use) */
1329 #define set_foot(p, s) (((mchunkptr)((char*)(p) + (s)))->prev_size = (s))
1337 #define bin_at(a, i) ((mbinptr)((char*)&(((a)->av)[2*(i) + 2]) - 2*SIZE_SZ))
1338 #define init_bin(a, i) ((a)->av[2*i+2] = (a)->av[2*i+3] = bin_at((a), i))
1339 #define next_bin(b) ((mbinptr)((char*)(b) + 2 * sizeof(mbinptr)))
1340 #define prev_bin(b) ((mbinptr)((char*)(b) - 2 * sizeof(mbinptr)))
1343 The first 2 bins are never indexed. The corresponding av cells are instead
1344 used for bookkeeping. This is not to save space, but to simplify
1345 indexing, maintain locality, and avoid some initialization tests.
1348 #define binblocks(a) (bin_at(a,0)->size)/* bitvector of nonempty blocks */
1349 #define top(a) (bin_at(a,0)->fd) /* The topmost chunk */
1350 #define last_remainder(a) (bin_at(a,1)) /* remainder from last split */
1353 Because top initially points to its own bin with initial
1354 zero size, thus forcing extension on the first malloc request,
1355 we avoid having any special code in malloc to check whether
1356 it even exists yet. But we still need to in malloc_extend_top.
1359 #define initial_top(a) ((mchunkptr)bin_at(a, 0))
1363 /* field-extraction macros */
1365 #define first(b) ((b)->fd)
1366 #define last(b) ((b)->bk)
1372 #define bin_index(sz) \
1373 (((((unsigned long)(sz)) >> 9) == 0) ? (((unsigned long)(sz)) >> 3): \
1374 ((((unsigned long)(sz)) >> 9) <= 4) ? 56 + (((unsigned long)(sz)) >> 6): \
1375 ((((unsigned long)(sz)) >> 9) <= 20) ? 91 + (((unsigned long)(sz)) >> 9): \
1376 ((((unsigned long)(sz)) >> 9) <= 84) ? 110 + (((unsigned long)(sz)) >> 12): \
1377 ((((unsigned long)(sz)) >> 9) <= 340) ? 119 + (((unsigned long)(sz)) >> 15): \
1378 ((((unsigned long)(sz)) >> 9) <= 1364) ? 124 + (((unsigned long)(sz)) >> 18): \
1381 bins for chunks < 512 are all spaced 8 bytes apart, and hold
1382 identically sized chunks. This is exploited in malloc.
1385 #define MAX_SMALLBIN 63
1386 #define MAX_SMALLBIN_SIZE 512
1387 #define SMALLBIN_WIDTH 8
1389 #define smallbin_index(sz) (((unsigned long)(sz)) >> 3)
1392 Requests are `small' if both the corresponding and the next bin are small
1395 #define is_small_request(nb) ((nb) < MAX_SMALLBIN_SIZE - SMALLBIN_WIDTH)
1400 To help compensate for the large number of bins, a one-level index
1401 structure is used for bin-by-bin searching. `binblocks' is a
1402 one-word bitvector recording whether groups of BINBLOCKWIDTH bins
1403 have any (possibly) non-empty bins, so they can be skipped over
1404 all at once during during traversals. The bits are NOT always
1405 cleared as soon as all bins in a block are empty, but instead only
1406 when all are noticed to be empty during traversal in malloc.
1409 #define BINBLOCKWIDTH 4 /* bins per block */
1411 /* bin<->block macros */
1413 #define idx2binblock(ix) ((unsigned)1 << ((ix) / BINBLOCKWIDTH))
1414 #define mark_binblock(a, ii) (binblocks(a) |= idx2binblock(ii))
1415 #define clear_binblock(a, ii) (binblocks(a) &= ~(idx2binblock(ii)))
1420 /* Static bookkeeping data */
1422 /* Helper macro to initialize bins */
1423 #define IAV(i) bin_at(&main_arena, i), bin_at(&main_arena, i)
1425 static arena main_arena = {
1428 IAV(0), IAV(1), IAV(2), IAV(3), IAV(4), IAV(5), IAV(6), IAV(7),
1429 IAV(8), IAV(9), IAV(10), IAV(11), IAV(12), IAV(13), IAV(14), IAV(15),
1430 IAV(16), IAV(17), IAV(18), IAV(19), IAV(20), IAV(21), IAV(22), IAV(23),
1431 IAV(24), IAV(25), IAV(26), IAV(27), IAV(28), IAV(29), IAV(30), IAV(31),
1432 IAV(32), IAV(33), IAV(34), IAV(35), IAV(36), IAV(37), IAV(38), IAV(39),
1433 IAV(40), IAV(41), IAV(42), IAV(43), IAV(44), IAV(45), IAV(46), IAV(47),
1434 IAV(48), IAV(49), IAV(50), IAV(51), IAV(52), IAV(53), IAV(54), IAV(55),
1435 IAV(56), IAV(57), IAV(58), IAV(59), IAV(60), IAV(61), IAV(62), IAV(63),
1436 IAV(64), IAV(65), IAV(66), IAV(67), IAV(68), IAV(69), IAV(70), IAV(71),
1437 IAV(72), IAV(73), IAV(74), IAV(75), IAV(76), IAV(77), IAV(78), IAV(79),
1438 IAV(80), IAV(81), IAV(82), IAV(83), IAV(84), IAV(85), IAV(86), IAV(87),
1439 IAV(88), IAV(89), IAV(90), IAV(91), IAV(92), IAV(93), IAV(94), IAV(95),
1440 IAV(96), IAV(97), IAV(98), IAV(99), IAV(100), IAV(101), IAV(102), IAV(103),
1441 IAV(104), IAV(105), IAV(106), IAV(107), IAV(108), IAV(109), IAV(110), IAV(111),
1442 IAV(112), IAV(113), IAV(114), IAV(115), IAV(116), IAV(117), IAV(118), IAV(119),
1443 IAV(120), IAV(121), IAV(122), IAV(123), IAV(124), IAV(125), IAV(126), IAV(127)
1445 &main_arena, /* next */
1448 0, 0, 0, /* stat_lock_direct, stat_lock_loop, stat_lock_wait */
1450 MUTEX_INITIALIZER /* mutex */
1455 /* Thread specific data */
1458 static tsd_key_t arena_key;
1459 static mutex_t list_lock = MUTEX_INITIALIZER;
1463 static int stat_n_heaps = 0;
1464 #define THREAD_STAT(x) x
1466 #define THREAD_STAT(x) do ; while(0)
1469 /* variables holding tunable values */
1471 static unsigned long trim_threshold = DEFAULT_TRIM_THRESHOLD;
1472 static unsigned long top_pad = DEFAULT_TOP_PAD;
1473 static unsigned int n_mmaps_max = DEFAULT_MMAP_MAX;
1474 static unsigned long mmap_threshold = DEFAULT_MMAP_THRESHOLD;
1475 static int check_action = DEFAULT_CHECK_ACTION;
1477 /* The first value returned from sbrk */
1478 static char* sbrk_base = (char*)(-1);
1480 /* The maximum memory obtained from system via sbrk */
1481 static unsigned long max_sbrked_mem = 0;
1483 /* The maximum via either sbrk or mmap (too difficult to track with threads) */
1485 static unsigned long max_total_mem = 0;
1488 /* The total memory obtained from system via sbrk */
1489 #define sbrked_mem (main_arena.size)
1491 /* Tracking mmaps */
1493 static unsigned int n_mmaps = 0;
1494 static unsigned int max_n_mmaps = 0;
1495 static unsigned long mmapped_mem = 0;
1496 static unsigned long max_mmapped_mem = 0;
1501 #define weak_variable
1503 /* In GNU libc we want the hook variables to be weak definitions to
1504 avoid a problem with Emacs. */
1505 #define weak_variable weak_function
1508 /* Already initialized? */
1509 int __malloc_initialized = 0;
1512 /* Initialization routine. */
1515 static void ptmalloc_init __MALLOC_P ((void)) __attribute__ ((constructor));
1519 ptmalloc_init __MALLOC_P((void))
1522 ptmalloc_init __MALLOC_P((void))
1525 #if defined(_LIBC) || defined(MALLOC_HOOKS)
1526 __malloc_ptr_t (*save_malloc_hook) __MALLOC_P ((size_t __size));
1527 void (*save_free_hook) __MALLOC_P ((__malloc_ptr_t __ptr));
1531 if(__malloc_initialized) return;
1532 __malloc_initialized = 1;
1533 #if defined(_LIBC) || defined(MALLOC_HOOKS)
1534 /* With some threads implementations, creating thread-specific data
1535 or initializing a mutex may call malloc() itself. Provide a
1536 simple starter version (realloc() won't work). */
1537 save_malloc_hook = __malloc_hook;
1538 save_free_hook = __free_hook;
1539 __malloc_hook = malloc_starter;
1540 __free_hook = free_starter;
1542 #if defined(_LIBC) && !defined (NO_THREADS)
1543 /* Initialize the pthreads interface. */
1544 if (__pthread_initialize != NULL)
1545 __pthread_initialize();
1548 mutex_init(&main_arena.mutex);
1549 mutex_init(&list_lock);
1550 tsd_key_create(&arena_key, NULL);
1551 tsd_setspecific(arena_key, (Void_t *)&main_arena);
1553 #if defined(_LIBC) || defined(MALLOC_HOOKS)
1554 if((s = getenv("MALLOC_TRIM_THRESHOLD_")))
1555 mALLOPt(M_TRIM_THRESHOLD, atoi(s));
1556 if((s = getenv("MALLOC_TOP_PAD_")))
1557 mALLOPt(M_TOP_PAD, atoi(s));
1558 if((s = getenv("MALLOC_MMAP_THRESHOLD_")))
1559 mALLOPt(M_MMAP_THRESHOLD, atoi(s));
1560 if((s = getenv("MALLOC_MMAP_MAX_")))
1561 mALLOPt(M_MMAP_MAX, atoi(s));
1562 s = getenv("MALLOC_CHECK_");
1563 __malloc_hook = save_malloc_hook;
1564 __free_hook = save_free_hook;
1566 if(s[0]) mALLOPt(M_CHECK_ACTION, (int)(s[0] - '0'));
1567 __malloc_check_init();
1569 if(__malloc_initialize_hook != NULL)
1570 (*__malloc_initialize_hook)();
1574 #if defined(_LIBC) || defined(MALLOC_HOOKS)
1576 /* Hooks for debugging versions. The initial hooks just call the
1577 initialization routine, then do the normal work. */
1581 malloc_hook_ini(size_t sz)
1583 malloc_hook_ini(sz) size_t sz;
1586 __malloc_hook = NULL;
1587 __realloc_hook = NULL;
1588 __memalign_hook = NULL;
1595 realloc_hook_ini(Void_t* ptr, size_t sz)
1597 realloc_hook_ini(ptr, sz) Void_t* ptr; size_t sz;
1600 __malloc_hook = NULL;
1601 __realloc_hook = NULL;
1602 __memalign_hook = NULL;
1604 return rEALLOc(ptr, sz);
1609 memalign_hook_ini(size_t sz, size_t alignment)
1611 memalign_hook_ini(sz, alignment) size_t sz; size_t alignment;
1614 __malloc_hook = NULL;
1615 __realloc_hook = NULL;
1616 __memalign_hook = NULL;
1618 return mEMALIGn(sz, alignment);
1621 void weak_variable (*__malloc_initialize_hook) __MALLOC_P ((void)) = NULL;
1622 void weak_variable (*__free_hook) __MALLOC_P ((__malloc_ptr_t __ptr)) = NULL;
1623 __malloc_ptr_t weak_variable (*__malloc_hook)
1624 __MALLOC_P ((size_t __size)) = malloc_hook_ini;
1625 __malloc_ptr_t weak_variable (*__realloc_hook)
1626 __MALLOC_P ((__malloc_ptr_t __ptr, size_t __size)) = realloc_hook_ini;
1627 __malloc_ptr_t weak_variable (*__memalign_hook)
1628 __MALLOC_P ((size_t __size, size_t __alignment)) = memalign_hook_ini;
1629 void weak_variable (*__after_morecore_hook) __MALLOC_P ((void)) = NULL;
1631 /* Activate a standard set of debugging hooks. */
1633 __malloc_check_init()
1635 __malloc_hook = malloc_check;
1636 __free_hook = free_check;
1637 __realloc_hook = realloc_check;
1638 __memalign_hook = memalign_check;
1639 if(check_action == 1)
1640 fprintf(stderr, "malloc: using debugging hooks\n");
1649 /* Routines dealing with mmap(). */
1653 #ifndef MAP_ANONYMOUS
1655 static int dev_zero_fd = -1; /* Cached file descriptor for /dev/zero. */
1657 #define MMAP(size, prot) ((dev_zero_fd < 0) ? \
1658 (dev_zero_fd = open("/dev/zero", O_RDWR), \
1659 mmap(0, (size), (prot), MAP_PRIVATE, dev_zero_fd, 0)) : \
1660 mmap(0, (size), (prot), MAP_PRIVATE, dev_zero_fd, 0))
1664 #define MMAP(size, prot) \
1665 (mmap(0, (size), (prot), MAP_PRIVATE|MAP_ANONYMOUS, -1, 0))
1670 static mchunkptr mmap_chunk(size_t size)
1672 static mchunkptr mmap_chunk(size) size_t size;
1675 size_t page_mask = malloc_getpagesize - 1;
1678 if(n_mmaps >= n_mmaps_max) return 0; /* too many regions */
1680 /* For mmapped chunks, the overhead is one SIZE_SZ unit larger, because
1681 * there is no following chunk whose prev_size field could be used.
1683 size = (size + SIZE_SZ + page_mask) & ~page_mask;
1685 p = (mchunkptr)MMAP(size, PROT_READ|PROT_WRITE);
1686 if(p == (mchunkptr)-1) return 0;
1689 if (n_mmaps > max_n_mmaps) max_n_mmaps = n_mmaps;
1691 /* We demand that eight bytes into a page must be 8-byte aligned. */
1692 assert(aligned_OK(chunk2mem(p)));
1694 /* The offset to the start of the mmapped region is stored
1695 * in the prev_size field of the chunk; normally it is zero,
1696 * but that can be changed in memalign().
1699 set_head(p, size|IS_MMAPPED);
1701 mmapped_mem += size;
1702 if ((unsigned long)mmapped_mem > (unsigned long)max_mmapped_mem)
1703 max_mmapped_mem = mmapped_mem;
1705 if ((unsigned long)(mmapped_mem + sbrked_mem) > (unsigned long)max_total_mem)
1706 max_total_mem = mmapped_mem + sbrked_mem;
1712 static void munmap_chunk(mchunkptr p)
1714 static void munmap_chunk(p) mchunkptr p;
1717 INTERNAL_SIZE_T size = chunksize(p);
1720 assert (chunk_is_mmapped(p));
1721 assert(! ((char*)p >= sbrk_base && (char*)p < sbrk_base + sbrked_mem));
1722 assert((n_mmaps > 0));
1723 assert(((p->prev_size + size) & (malloc_getpagesize-1)) == 0);
1726 mmapped_mem -= (size + p->prev_size);
1728 ret = munmap((char *)p - p->prev_size, size + p->prev_size);
1730 /* munmap returns non-zero on failure */
1737 static mchunkptr mremap_chunk(mchunkptr p, size_t new_size)
1739 static mchunkptr mremap_chunk(p, new_size) mchunkptr p; size_t new_size;
1742 size_t page_mask = malloc_getpagesize - 1;
1743 INTERNAL_SIZE_T offset = p->prev_size;
1744 INTERNAL_SIZE_T size = chunksize(p);
1747 assert (chunk_is_mmapped(p));
1748 assert(! ((char*)p >= sbrk_base && (char*)p < sbrk_base + sbrked_mem));
1749 assert((n_mmaps > 0));
1750 assert(((size + offset) & (malloc_getpagesize-1)) == 0);
1752 /* Note the extra SIZE_SZ overhead as in mmap_chunk(). */
1753 new_size = (new_size + offset + SIZE_SZ + page_mask) & ~page_mask;
1755 cp = (char *)mremap((char *)p - offset, size + offset, new_size,
1758 if (cp == (char *)-1) return 0;
1760 p = (mchunkptr)(cp + offset);
1762 assert(aligned_OK(chunk2mem(p)));
1764 assert((p->prev_size == offset));
1765 set_head(p, (new_size - offset)|IS_MMAPPED);
1767 mmapped_mem -= size + offset;
1768 mmapped_mem += new_size;
1769 if ((unsigned long)mmapped_mem > (unsigned long)max_mmapped_mem)
1770 max_mmapped_mem = mmapped_mem;
1772 if ((unsigned long)(mmapped_mem + sbrked_mem) > (unsigned long)max_total_mem)
1773 max_total_mem = mmapped_mem + sbrked_mem;
1778 #endif /* HAVE_MREMAP */
1780 #endif /* HAVE_MMAP */
1784 /* Managing heaps and arenas (for concurrent threads) */
1788 /* Create a new heap. size is automatically rounded up to a multiple
1789 of the page size. */
1793 new_heap(size_t size)
1795 new_heap(size) size_t size;
1798 size_t page_mask = malloc_getpagesize - 1;
1803 if(size < HEAP_MIN_SIZE)
1804 size = HEAP_MIN_SIZE;
1805 size = (size + page_mask) & ~page_mask;
1806 if(size > HEAP_MAX_SIZE)
1808 p1 = (char *)MMAP(HEAP_MAX_SIZE<<1, PROT_NONE);
1809 if(p1 == (char *)-1)
1811 p2 = (char *)(((unsigned long)p1 + HEAP_MAX_SIZE) & ~(HEAP_MAX_SIZE-1));
1814 munmap(p2 + HEAP_MAX_SIZE, HEAP_MAX_SIZE - ul);
1815 if(mprotect(p2, size, PROT_READ|PROT_WRITE) != 0) {
1816 munmap(p2, HEAP_MAX_SIZE);
1819 h = (heap_info *)p2;
1821 THREAD_STAT(stat_n_heaps++);
1825 /* Grow or shrink a heap. size is automatically rounded up to a
1826 multiple of the page size if it is positive. */
1830 grow_heap(heap_info *h, long diff)
1832 grow_heap(h, diff) heap_info *h; long diff;
1835 size_t page_mask = malloc_getpagesize - 1;
1839 diff = (diff + page_mask) & ~page_mask;
1840 new_size = (long)h->size + diff;
1841 if(new_size > HEAP_MAX_SIZE)
1843 if(mprotect((char *)h + h->size, diff, PROT_READ|PROT_WRITE) != 0)
1846 new_size = (long)h->size + diff;
1847 if(new_size < (long)sizeof(*h))
1849 if(mprotect((char *)h + new_size, -diff, PROT_NONE) != 0)
1856 /* Delete a heap. */
1858 #define delete_heap(heap) munmap((char*)(heap), HEAP_MAX_SIZE)
1860 /* arena_get() acquires an arena and locks the corresponding mutex.
1861 First, try the one last locked successfully by this thread. (This
1862 is the common case and handled with a macro for speed.) Then, loop
1863 once over the circularly linked list of arenas. If no arena is
1864 readily available, create a new one. */
1866 #define arena_get(ptr, size) do { \
1867 Void_t *vptr = NULL; \
1868 ptr = (arena *)tsd_getspecific(arena_key, vptr); \
1869 if(ptr && !mutex_trylock(&ptr->mutex)) { \
1870 THREAD_STAT(++(ptr->stat_lock_direct)); \
1872 ptr = arena_get2(ptr, (size)); \
1877 arena_get2(arena *a_tsd, size_t size)
1879 arena_get2(a_tsd, size) arena *a_tsd; size_t size;
1886 unsigned long misalign;
1889 a = a_tsd = &main_arena;
1893 /* This can only happen while initializing the new arena. */
1894 (void)mutex_lock(&main_arena.mutex);
1895 THREAD_STAT(++(main_arena.stat_lock_wait));
1900 /* Check the global, circularly linked list for available arenas. */
1902 if(!mutex_trylock(&a->mutex)) {
1903 THREAD_STAT(++(a->stat_lock_loop));
1904 tsd_setspecific(arena_key, (Void_t *)a);
1908 } while(a != a_tsd);
1910 /* Nothing immediately available, so generate a new arena. */
1911 h = new_heap(size + (sizeof(*h) + sizeof(*a) + MALLOC_ALIGNMENT));
1914 a = h->ar_ptr = (arena *)(h+1);
1915 for(i=0; i<NAV; i++)
1919 tsd_setspecific(arena_key, (Void_t *)a);
1920 mutex_init(&a->mutex);
1921 i = mutex_lock(&a->mutex); /* remember result */
1923 /* Set up the top chunk, with proper alignment. */
1924 ptr = (char *)(a + 1);
1925 misalign = (unsigned long)chunk2mem(ptr) & MALLOC_ALIGN_MASK;
1927 ptr += MALLOC_ALIGNMENT - misalign;
1928 top(a) = (mchunkptr)ptr;
1929 set_head(top(a), (((char*)h + h->size) - ptr) | PREV_INUSE);
1931 /* Add the new arena to the list. */
1932 (void)mutex_lock(&list_lock);
1933 a->next = main_arena.next;
1934 main_arena.next = a;
1935 (void)mutex_unlock(&list_lock);
1937 if(i) /* locking failed; keep arena for further attempts later */
1940 THREAD_STAT(++(a->stat_lock_loop));
1944 /* find the heap and corresponding arena for a given ptr */
1946 #define heap_for_ptr(ptr) \
1947 ((heap_info *)((unsigned long)(ptr) & ~(HEAP_MAX_SIZE-1)))
1948 #define arena_for_ptr(ptr) \
1949 (((mchunkptr)(ptr) < top(&main_arena) && (char *)(ptr) >= sbrk_base) ? \
1950 &main_arena : heap_for_ptr(ptr)->ar_ptr)
1952 #else /* defined(NO_THREADS) */
1954 /* Without concurrent threads, there is only one arena. */
1956 #define arena_get(ptr, sz) (ptr = &main_arena)
1957 #define arena_for_ptr(ptr) (&main_arena)
1959 #endif /* !defined(NO_THREADS) */
1971 These routines make a number of assertions about the states
1972 of data structures that should be true at all times. If any
1973 are not true, it's very likely that a user program has somehow
1974 trashed memory. (It's also possible that there is a coding error
1975 in malloc. In which case, please report it!)
1979 static void do_check_chunk(arena *ar_ptr, mchunkptr p)
1981 static void do_check_chunk(ar_ptr, p) arena *ar_ptr; mchunkptr p;
1984 INTERNAL_SIZE_T sz = p->size & ~PREV_INUSE;
1986 /* No checkable chunk is mmapped */
1987 assert(!chunk_is_mmapped(p));
1990 if(ar_ptr != &main_arena) {
1991 heap_info *heap = heap_for_ptr(p);
1992 assert(heap->ar_ptr == ar_ptr);
1993 assert((char *)p + sz <= (char *)heap + heap->size);
1998 /* Check for legal address ... */
1999 assert((char*)p >= sbrk_base);
2000 if (p != top(ar_ptr))
2001 assert((char*)p + sz <= (char*)top(ar_ptr));
2003 assert((char*)p + sz <= sbrk_base + sbrked_mem);
2009 static void do_check_free_chunk(arena *ar_ptr, mchunkptr p)
2011 static void do_check_free_chunk(ar_ptr, p) arena *ar_ptr; mchunkptr p;
2014 INTERNAL_SIZE_T sz = p->size & ~PREV_INUSE;
2015 mchunkptr next = chunk_at_offset(p, sz);
2017 do_check_chunk(ar_ptr, p);
2019 /* Check whether it claims to be free ... */
2022 /* Must have OK size and fields */
2023 assert((long)sz >= (long)MINSIZE);
2024 assert((sz & MALLOC_ALIGN_MASK) == 0);
2025 assert(aligned_OK(chunk2mem(p)));
2026 /* ... matching footer field */
2027 assert(next->prev_size == sz);
2028 /* ... and is fully consolidated */
2029 assert(prev_inuse(p));
2030 assert (next == top(ar_ptr) || inuse(next));
2032 /* ... and has minimally sane links */
2033 assert(p->fd->bk == p);
2034 assert(p->bk->fd == p);
2038 static void do_check_inuse_chunk(arena *ar_ptr, mchunkptr p)
2040 static void do_check_inuse_chunk(ar_ptr, p) arena *ar_ptr; mchunkptr p;
2043 mchunkptr next = next_chunk(p);
2044 do_check_chunk(ar_ptr, p);
2046 /* Check whether it claims to be in use ... */
2049 /* ... whether its size is OK (it might be a fencepost) ... */
2050 assert(chunksize(p) >= MINSIZE || next->size == (0|PREV_INUSE));
2052 /* ... and is surrounded by OK chunks.
2053 Since more things can be checked with free chunks than inuse ones,
2054 if an inuse chunk borders them and debug is on, it's worth doing them.
2058 mchunkptr prv = prev_chunk(p);
2059 assert(next_chunk(prv) == p);
2060 do_check_free_chunk(ar_ptr, prv);
2062 if (next == top(ar_ptr))
2064 assert(prev_inuse(next));
2065 assert(chunksize(next) >= MINSIZE);
2067 else if (!inuse(next))
2068 do_check_free_chunk(ar_ptr, next);
2073 static void do_check_malloced_chunk(arena *ar_ptr,
2074 mchunkptr p, INTERNAL_SIZE_T s)
2076 static void do_check_malloced_chunk(ar_ptr, p, s)
2077 arena *ar_ptr; mchunkptr p; INTERNAL_SIZE_T s;
2080 INTERNAL_SIZE_T sz = p->size & ~PREV_INUSE;
2083 do_check_inuse_chunk(ar_ptr, p);
2085 /* Legal size ... */
2086 assert((long)sz >= (long)MINSIZE);
2087 assert((sz & MALLOC_ALIGN_MASK) == 0);
2089 assert(room < (long)MINSIZE);
2091 /* ... and alignment */
2092 assert(aligned_OK(chunk2mem(p)));
2095 /* ... and was allocated at front of an available chunk */
2096 assert(prev_inuse(p));
2101 #define check_free_chunk(A,P) do_check_free_chunk(A,P)
2102 #define check_inuse_chunk(A,P) do_check_inuse_chunk(A,P)
2103 #define check_chunk(A,P) do_check_chunk(A,P)
2104 #define check_malloced_chunk(A,P,N) do_check_malloced_chunk(A,P,N)
2106 #define check_free_chunk(A,P)
2107 #define check_inuse_chunk(A,P)
2108 #define check_chunk(A,P)
2109 #define check_malloced_chunk(A,P,N)
2115 Macro-based internal utilities
2120 Linking chunks in bin lists.
2121 Call these only with variables, not arbitrary expressions, as arguments.
2125 Place chunk p of size s in its bin, in size order,
2126 putting it ahead of others of same size.
2130 #define frontlink(A, P, S, IDX, BK, FD) \
2132 if (S < MAX_SMALLBIN_SIZE) \
2134 IDX = smallbin_index(S); \
2135 mark_binblock(A, IDX); \
2136 BK = bin_at(A, IDX); \
2140 FD->bk = BK->fd = P; \
2144 IDX = bin_index(S); \
2145 BK = bin_at(A, IDX); \
2147 if (FD == BK) mark_binblock(A, IDX); \
2150 while (FD != BK && S < chunksize(FD)) FD = FD->fd; \
2155 FD->bk = BK->fd = P; \
2160 /* take a chunk off a list */
2162 #define unlink(P, BK, FD) \
2170 /* Place p as the last remainder */
2172 #define link_last_remainder(A, P) \
2174 last_remainder(A)->fd = last_remainder(A)->bk = P; \
2175 P->fd = P->bk = last_remainder(A); \
2178 /* Clear the last_remainder bin */
2180 #define clear_last_remainder(A) \
2181 (last_remainder(A)->fd = last_remainder(A)->bk = last_remainder(A))
2188 Extend the top-most chunk by obtaining memory from system.
2189 Main interface to sbrk (but see also malloc_trim).
2193 static void malloc_extend_top(arena *ar_ptr, INTERNAL_SIZE_T nb)
2195 static void malloc_extend_top(ar_ptr, nb) arena *ar_ptr; INTERNAL_SIZE_T nb;
2198 unsigned long pagesz = malloc_getpagesize;
2199 mchunkptr old_top = top(ar_ptr); /* Record state of old top */
2200 INTERNAL_SIZE_T old_top_size = chunksize(old_top);
2201 INTERNAL_SIZE_T top_size; /* new size of top chunk */
2204 if(ar_ptr == &main_arena) {
2207 char* brk; /* return value from sbrk */
2208 INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of sbrked space */
2209 INTERNAL_SIZE_T correction; /* bytes for 2nd sbrk call */
2210 char* new_brk; /* return of 2nd sbrk call */
2211 char* old_end = (char*)(chunk_at_offset(old_top, old_top_size));
2213 /* Pad request with top_pad plus minimal overhead */
2214 INTERNAL_SIZE_T sbrk_size = nb + top_pad + MINSIZE;
2216 /* If not the first time through, round to preserve page boundary */
2217 /* Otherwise, we need to correct to a page size below anyway. */
2218 /* (We also correct below if an intervening foreign sbrk call.) */
2220 if (sbrk_base != (char*)(-1))
2221 sbrk_size = (sbrk_size + (pagesz - 1)) & ~(pagesz - 1);
2223 brk = (char*)(MORECORE (sbrk_size));
2225 /* Fail if sbrk failed or if a foreign sbrk call killed our space */
2226 if (brk == (char*)(MORECORE_FAILURE) ||
2227 (brk < old_end && old_top != initial_top(&main_arena)))
2230 /* Call the `morecore' hook if necessary. */
2231 if (__after_morecore_hook)
2232 (*__after_morecore_hook) ();
2234 sbrked_mem += sbrk_size;
2236 if (brk == old_end) { /* can just add bytes to current top */
2237 top_size = sbrk_size + old_top_size;
2238 set_head(old_top, top_size | PREV_INUSE);
2239 old_top = 0; /* don't free below */
2241 if (sbrk_base == (char*)(-1)) /* First time through. Record base */
2244 /* Someone else called sbrk(). Count those bytes as sbrked_mem. */
2245 sbrked_mem += brk - (char*)old_end;
2247 /* Guarantee alignment of first new chunk made from this space */
2248 front_misalign = (unsigned long)chunk2mem(brk) & MALLOC_ALIGN_MASK;
2249 if (front_misalign > 0) {
2250 correction = (MALLOC_ALIGNMENT) - front_misalign;
2255 /* Guarantee the next brk will be at a page boundary */
2256 correction += pagesz - ((unsigned long)(brk + sbrk_size) & (pagesz - 1));
2258 /* Allocate correction */
2259 new_brk = (char*)(MORECORE (correction));
2260 if (new_brk == (char*)(MORECORE_FAILURE)) return;
2262 /* Call the `morecore' hook if necessary. */
2263 if (__after_morecore_hook)
2264 (*__after_morecore_hook) ();
2266 sbrked_mem += correction;
2268 top(&main_arena) = (mchunkptr)brk;
2269 top_size = new_brk - brk + correction;
2270 set_head(top(&main_arena), top_size | PREV_INUSE);
2272 if (old_top == initial_top(&main_arena))
2273 old_top = 0; /* don't free below */
2276 if ((unsigned long)sbrked_mem > (unsigned long)max_sbrked_mem)
2277 max_sbrked_mem = sbrked_mem;
2279 if ((unsigned long)(mmapped_mem + sbrked_mem) >
2280 (unsigned long)max_total_mem)
2281 max_total_mem = mmapped_mem + sbrked_mem;
2285 } else { /* ar_ptr != &main_arena */
2286 heap_info *old_heap, *heap;
2287 size_t old_heap_size;
2289 if(old_top_size < MINSIZE) /* this should never happen */
2292 /* First try to extend the current heap. */
2293 if(MINSIZE + nb <= old_top_size)
2295 old_heap = heap_for_ptr(old_top);
2296 old_heap_size = old_heap->size;
2297 if(grow_heap(old_heap, MINSIZE + nb - old_top_size) == 0) {
2298 ar_ptr->size += old_heap->size - old_heap_size;
2299 top_size = ((char *)old_heap + old_heap->size) - (char *)old_top;
2300 set_head(old_top, top_size | PREV_INUSE);
2304 /* A new heap must be created. */
2305 heap = new_heap(nb + top_pad + (MINSIZE + sizeof(*heap)));
2308 heap->ar_ptr = ar_ptr;
2309 heap->prev = old_heap;
2310 ar_ptr->size += heap->size;
2312 /* Set up the new top, so we can safely use chunk_free() below. */
2313 top(ar_ptr) = chunk_at_offset(heap, sizeof(*heap));
2314 top_size = heap->size - sizeof(*heap);
2315 set_head(top(ar_ptr), top_size | PREV_INUSE);
2317 #endif /* !defined(NO_THREADS) */
2319 /* We always land on a page boundary */
2320 assert(((unsigned long)((char*)top(ar_ptr) + top_size) & (pagesz-1)) == 0);
2322 /* Setup fencepost and free the old top chunk. */
2324 /* The fencepost takes at least MINSIZE bytes, because it might
2325 become the top chunk again later. Note that a footer is set
2326 up, too, although the chunk is marked in use. */
2327 old_top_size -= MINSIZE;
2328 set_head(chunk_at_offset(old_top, old_top_size + 2*SIZE_SZ), 0|PREV_INUSE);
2329 if(old_top_size >= MINSIZE) {
2330 set_head(chunk_at_offset(old_top, old_top_size), (2*SIZE_SZ)|PREV_INUSE);
2331 set_foot(chunk_at_offset(old_top, old_top_size), (2*SIZE_SZ));
2332 set_head_size(old_top, old_top_size);
2333 chunk_free(ar_ptr, old_top);
2335 set_head(old_top, (old_top_size + 2*SIZE_SZ)|PREV_INUSE);
2336 set_foot(old_top, (old_top_size + 2*SIZE_SZ));
2344 /* Main public routines */
2350 The requested size is first converted into a usable form, `nb'.
2351 This currently means to add 4 bytes overhead plus possibly more to
2352 obtain 8-byte alignment and/or to obtain a size of at least
2353 MINSIZE (currently 16, 24, or 32 bytes), the smallest allocatable
2354 size. (All fits are considered `exact' if they are within MINSIZE
2357 From there, the first successful of the following steps is taken:
2359 1. The bin corresponding to the request size is scanned, and if
2360 a chunk of exactly the right size is found, it is taken.
2362 2. The most recently remaindered chunk is used if it is big
2363 enough. This is a form of (roving) first fit, used only in
2364 the absence of exact fits. Runs of consecutive requests use
2365 the remainder of the chunk used for the previous such request
2366 whenever possible. This limited use of a first-fit style
2367 allocation strategy tends to give contiguous chunks
2368 coextensive lifetimes, which improves locality and can reduce
2369 fragmentation in the long run.
2371 3. Other bins are scanned in increasing size order, using a
2372 chunk big enough to fulfill the request, and splitting off
2373 any remainder. This search is strictly by best-fit; i.e.,
2374 the smallest (with ties going to approximately the least
2375 recently used) chunk that fits is selected.
2377 4. If large enough, the chunk bordering the end of memory
2378 (`top') is split off. (This use of `top' is in accord with
2379 the best-fit search rule. In effect, `top' is treated as
2380 larger (and thus less well fitting) than any other available
2381 chunk since it can be extended to be as large as necessary
2382 (up to system limitations).
2384 5. If the request size meets the mmap threshold and the
2385 system supports mmap, and there are few enough currently
2386 allocated mmapped regions, and a call to mmap succeeds,
2387 the request is allocated via direct memory mapping.
2389 6. Otherwise, the top of memory is extended by
2390 obtaining more space from the system (normally using sbrk,
2391 but definable to anything else via the MORECORE macro).
2392 Memory is gathered from the system (in system page-sized
2393 units) in a way that allows chunks obtained across different
2394 sbrk calls to be consolidated, but does not require
2395 contiguous memory. Thus, it should be safe to intersperse
2396 mallocs with other sbrk calls.
2399 All allocations are made from the the `lowest' part of any found
2400 chunk. (The implementation invariant is that prev_inuse is
2401 always true of any allocated chunk; i.e., that each allocated
2402 chunk borders either a previously allocated and still in-use chunk,
2403 or the base of its memory arena.)
2408 Void_t* mALLOc(size_t bytes)
2410 Void_t* mALLOc(bytes) size_t bytes;
2414 INTERNAL_SIZE_T nb; /* padded request size */
2417 #if defined(_LIBC) || defined(MALLOC_HOOKS)
2418 if (__malloc_hook != NULL) {
2421 result = (*__malloc_hook)(bytes);
2426 nb = request2size(bytes);
2427 arena_get(ar_ptr, nb + top_pad);
2430 victim = chunk_alloc(ar_ptr, nb);
2431 (void)mutex_unlock(&ar_ptr->mutex);
2432 return victim ? chunk2mem(victim) : 0;
2437 chunk_alloc(arena *ar_ptr, INTERNAL_SIZE_T nb)
2439 chunk_alloc(ar_ptr, nb) arena *ar_ptr; INTERNAL_SIZE_T nb;
2442 mchunkptr victim; /* inspected/selected chunk */
2443 INTERNAL_SIZE_T victim_size; /* its size */
2444 int idx; /* index for bin traversal */
2445 mbinptr bin; /* associated bin */
2446 mchunkptr remainder; /* remainder from a split */
2447 long remainder_size; /* its size */
2448 int remainder_index; /* its bin index */
2449 unsigned long block; /* block traverser bit */
2450 int startidx; /* first bin of a traversed block */
2451 mchunkptr fwd; /* misc temp for linking */
2452 mchunkptr bck; /* misc temp for linking */
2453 mbinptr q; /* misc temp */
2456 /* Check for exact match in a bin */
2458 if (is_small_request(nb)) /* Faster version for small requests */
2460 idx = smallbin_index(nb);
2462 /* No traversal or size check necessary for small bins. */
2464 q = bin_at(ar_ptr, idx);
2467 /* Also scan the next one, since it would have a remainder < MINSIZE */
2475 victim_size = chunksize(victim);
2476 unlink(victim, bck, fwd);
2477 set_inuse_bit_at_offset(victim, victim_size);
2478 check_malloced_chunk(ar_ptr, victim, nb);
2482 idx += 2; /* Set for bin scan below. We've already scanned 2 bins. */
2487 idx = bin_index(nb);
2488 bin = bin_at(ar_ptr, idx);
2490 for (victim = last(bin); victim != bin; victim = victim->bk)
2492 victim_size = chunksize(victim);
2493 remainder_size = victim_size - nb;
2495 if (remainder_size >= (long)MINSIZE) /* too big */
2497 --idx; /* adjust to rescan below after checking last remainder */
2501 else if (remainder_size >= 0) /* exact fit */
2503 unlink(victim, bck, fwd);
2504 set_inuse_bit_at_offset(victim, victim_size);
2505 check_malloced_chunk(ar_ptr, victim, nb);
2514 /* Try to use the last split-off remainder */
2516 if ( (victim = last_remainder(ar_ptr)->fd) != last_remainder(ar_ptr))
2518 victim_size = chunksize(victim);
2519 remainder_size = victim_size - nb;
2521 if (remainder_size >= (long)MINSIZE) /* re-split */
2523 remainder = chunk_at_offset(victim, nb);
2524 set_head(victim, nb | PREV_INUSE);
2525 link_last_remainder(ar_ptr, remainder);
2526 set_head(remainder, remainder_size | PREV_INUSE);
2527 set_foot(remainder, remainder_size);
2528 check_malloced_chunk(ar_ptr, victim, nb);
2532 clear_last_remainder(ar_ptr);
2534 if (remainder_size >= 0) /* exhaust */
2536 set_inuse_bit_at_offset(victim, victim_size);
2537 check_malloced_chunk(ar_ptr, victim, nb);
2541 /* Else place in bin */
2543 frontlink(ar_ptr, victim, victim_size, remainder_index, bck, fwd);
2547 If there are any possibly nonempty big-enough blocks,
2548 search for best fitting chunk by scanning bins in blockwidth units.
2551 if ( (block = idx2binblock(idx)) <= binblocks(ar_ptr))
2554 /* Get to the first marked block */
2556 if ( (block & binblocks(ar_ptr)) == 0)
2558 /* force to an even block boundary */
2559 idx = (idx & ~(BINBLOCKWIDTH - 1)) + BINBLOCKWIDTH;
2561 while ((block & binblocks(ar_ptr)) == 0)
2563 idx += BINBLOCKWIDTH;
2568 /* For each possibly nonempty block ... */
2571 startidx = idx; /* (track incomplete blocks) */
2572 q = bin = bin_at(ar_ptr, idx);
2574 /* For each bin in this block ... */
2577 /* Find and use first big enough chunk ... */
2579 for (victim = last(bin); victim != bin; victim = victim->bk)
2581 victim_size = chunksize(victim);
2582 remainder_size = victim_size - nb;
2584 if (remainder_size >= (long)MINSIZE) /* split */
2586 remainder = chunk_at_offset(victim, nb);
2587 set_head(victim, nb | PREV_INUSE);
2588 unlink(victim, bck, fwd);
2589 link_last_remainder(ar_ptr, remainder);
2590 set_head(remainder, remainder_size | PREV_INUSE);
2591 set_foot(remainder, remainder_size);
2592 check_malloced_chunk(ar_ptr, victim, nb);
2596 else if (remainder_size >= 0) /* take */
2598 set_inuse_bit_at_offset(victim, victim_size);
2599 unlink(victim, bck, fwd);
2600 check_malloced_chunk(ar_ptr, victim, nb);
2606 bin = next_bin(bin);
2608 } while ((++idx & (BINBLOCKWIDTH - 1)) != 0);
2610 /* Clear out the block bit. */
2612 do /* Possibly backtrack to try to clear a partial block */
2614 if ((startidx & (BINBLOCKWIDTH - 1)) == 0)
2616 binblocks(ar_ptr) &= ~block;
2621 } while (first(q) == q);
2623 /* Get to the next possibly nonempty block */
2625 if ( (block <<= 1) <= binblocks(ar_ptr) && (block != 0) )
2627 while ((block & binblocks(ar_ptr)) == 0)
2629 idx += BINBLOCKWIDTH;
2639 /* Try to use top chunk */
2641 /* Require that there be a remainder, ensuring top always exists */
2642 if ( (remainder_size = chunksize(top(ar_ptr)) - nb) < (long)MINSIZE)
2646 /* If big and would otherwise need to extend, try to use mmap instead */
2647 if ((unsigned long)nb >= (unsigned long)mmap_threshold &&
2648 (victim = mmap_chunk(nb)) != 0)
2653 malloc_extend_top(ar_ptr, nb);
2654 if ((remainder_size = chunksize(top(ar_ptr)) - nb) < (long)MINSIZE)
2655 return 0; /* propagate failure */
2658 victim = top(ar_ptr);
2659 set_head(victim, nb | PREV_INUSE);
2660 top(ar_ptr) = chunk_at_offset(victim, nb);
2661 set_head(top(ar_ptr), remainder_size | PREV_INUSE);
2662 check_malloced_chunk(ar_ptr, victim, nb);
2676 1. free(0) has no effect.
2678 2. If the chunk was allocated via mmap, it is released via munmap().
2680 3. If a returned chunk borders the current high end of memory,
2681 it is consolidated into the top, and if the total unused
2682 topmost memory exceeds the trim threshold, malloc_trim is
2685 4. Other chunks are consolidated as they arrive, and
2686 placed in corresponding bins. (This includes the case of
2687 consolidating with the current `last_remainder').
2693 void fREe(Void_t* mem)
2695 void fREe(mem) Void_t* mem;
2699 mchunkptr p; /* chunk corresponding to mem */
2701 #if defined(_LIBC) || defined(MALLOC_HOOKS)
2702 if (__free_hook != NULL) {
2703 (*__free_hook)(mem);
2708 if (mem == 0) /* free(0) has no effect */
2714 if (chunk_is_mmapped(p)) /* release mmapped memory. */
2721 ar_ptr = arena_for_ptr(p);
2723 if(!mutex_trylock(&ar_ptr->mutex))
2724 ++(ar_ptr->stat_lock_direct);
2726 (void)mutex_lock(&ar_ptr->mutex);
2727 ++(ar_ptr->stat_lock_wait);
2730 (void)mutex_lock(&ar_ptr->mutex);
2732 chunk_free(ar_ptr, p);
2733 (void)mutex_unlock(&ar_ptr->mutex);
2738 chunk_free(arena *ar_ptr, mchunkptr p)
2740 chunk_free(ar_ptr, p) arena *ar_ptr; mchunkptr p;
2743 INTERNAL_SIZE_T hd = p->size; /* its head field */
2744 INTERNAL_SIZE_T sz; /* its size */
2745 int idx; /* its bin index */
2746 mchunkptr next; /* next contiguous chunk */
2747 INTERNAL_SIZE_T nextsz; /* its size */
2748 INTERNAL_SIZE_T prevsz; /* size of previous contiguous chunk */
2749 mchunkptr bck; /* misc temp for linking */
2750 mchunkptr fwd; /* misc temp for linking */
2751 int islr; /* track whether merging with last_remainder */
2753 check_inuse_chunk(ar_ptr, p);
2755 sz = hd & ~PREV_INUSE;
2756 next = chunk_at_offset(p, sz);
2757 nextsz = chunksize(next);
2759 if (next == top(ar_ptr)) /* merge with top */
2763 if (!(hd & PREV_INUSE)) /* consolidate backward */
2765 prevsz = p->prev_size;
2766 p = chunk_at_offset(p, -prevsz);
2768 unlink(p, bck, fwd);
2771 set_head(p, sz | PREV_INUSE);
2775 if(ar_ptr == &main_arena) {
2777 if ((unsigned long)(sz) >= (unsigned long)trim_threshold)
2781 heap_info *heap = heap_for_ptr(p);
2783 assert(heap->ar_ptr == ar_ptr);
2785 /* Try to get rid of completely empty heaps, if possible. */
2786 if((unsigned long)(sz) >= (unsigned long)trim_threshold ||
2787 p == chunk_at_offset(heap, sizeof(*heap)))
2788 heap_trim(heap, top_pad);
2794 set_head(next, nextsz); /* clear inuse bit */
2798 if (!(hd & PREV_INUSE)) /* consolidate backward */
2800 prevsz = p->prev_size;
2801 p = chunk_at_offset(p, -prevsz);
2804 if (p->fd == last_remainder(ar_ptr)) /* keep as last_remainder */
2807 unlink(p, bck, fwd);
2810 if (!(inuse_bit_at_offset(next, nextsz))) /* consolidate forward */
2814 if (!islr && next->fd == last_remainder(ar_ptr))
2815 /* re-insert last_remainder */
2818 link_last_remainder(ar_ptr, p);
2821 unlink(next, bck, fwd);
2824 set_head(p, sz | PREV_INUSE);
2827 frontlink(ar_ptr, p, sz, idx, bck, fwd);
2838 Chunks that were obtained via mmap cannot be extended or shrunk
2839 unless HAVE_MREMAP is defined, in which case mremap is used.
2840 Otherwise, if their reallocation is for additional space, they are
2841 copied. If for less, they are just left alone.
2843 Otherwise, if the reallocation is for additional space, and the
2844 chunk can be extended, it is, else a malloc-copy-free sequence is
2845 taken. There are several different ways that a chunk could be
2846 extended. All are tried:
2848 * Extending forward into following adjacent free chunk.
2849 * Shifting backwards, joining preceding adjacent space
2850 * Both shifting backwards and extending forward.
2851 * Extending into newly sbrked space
2853 Unless the #define REALLOC_ZERO_BYTES_FREES is set, realloc with a
2854 size argument of zero (re)allocates a minimum-sized chunk.
2856 If the reallocation is for less space, and the new request is for
2857 a `small' (<512 bytes) size, then the newly unused space is lopped
2860 The old unix realloc convention of allowing the last-free'd chunk
2861 to be used as an argument to realloc is no longer supported.
2862 I don't know of any programs still relying on this feature,
2863 and allowing it would also allow too many other incorrect
2864 usages of realloc to be sensible.
2871 Void_t* rEALLOc(Void_t* oldmem, size_t bytes)
2873 Void_t* rEALLOc(oldmem, bytes) Void_t* oldmem; size_t bytes;
2877 INTERNAL_SIZE_T nb; /* padded request size */
2879 mchunkptr oldp; /* chunk corresponding to oldmem */
2880 INTERNAL_SIZE_T oldsize; /* its size */
2882 mchunkptr newp; /* chunk to return */
2884 #if defined(_LIBC) || defined(MALLOC_HOOKS)
2885 if (__realloc_hook != NULL) {
2888 result = (*__realloc_hook)(oldmem, bytes);
2893 #ifdef REALLOC_ZERO_BYTES_FREES
2894 if (bytes == 0) { fREe(oldmem); return 0; }
2897 /* realloc of null is supposed to be same as malloc */
2898 if (oldmem == 0) return mALLOc(bytes);
2900 oldp = mem2chunk(oldmem);
2901 oldsize = chunksize(oldp);
2903 nb = request2size(bytes);
2906 if (chunk_is_mmapped(oldp))
2911 newp = mremap_chunk(oldp, nb);
2912 if(newp) return chunk2mem(newp);
2914 /* Note the extra SIZE_SZ overhead. */
2915 if(oldsize - SIZE_SZ >= nb) return oldmem; /* do nothing */
2916 /* Must alloc, copy, free. */
2917 newmem = mALLOc(bytes);
2918 if (newmem == 0) return 0; /* propagate failure */
2919 MALLOC_COPY(newmem, oldmem, oldsize - 2*SIZE_SZ);
2925 ar_ptr = arena_for_ptr(oldp);
2927 if(!mutex_trylock(&ar_ptr->mutex))
2928 ++(ar_ptr->stat_lock_direct);
2930 (void)mutex_lock(&ar_ptr->mutex);
2931 ++(ar_ptr->stat_lock_wait);
2934 (void)mutex_lock(&ar_ptr->mutex);
2938 /* As in malloc(), remember this arena for the next allocation. */
2939 tsd_setspecific(arena_key, (Void_t *)ar_ptr);
2942 newp = chunk_realloc(ar_ptr, oldp, oldsize, nb);
2944 (void)mutex_unlock(&ar_ptr->mutex);
2945 return newp ? chunk2mem(newp) : NULL;
2950 chunk_realloc(arena* ar_ptr, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
2953 chunk_realloc(ar_ptr, oldp, oldsize, nb)
2954 arena* ar_ptr; mchunkptr oldp; INTERNAL_SIZE_T oldsize, nb;
2957 mchunkptr newp = oldp; /* chunk to return */
2958 INTERNAL_SIZE_T newsize = oldsize; /* its size */
2960 mchunkptr next; /* next contiguous chunk after oldp */
2961 INTERNAL_SIZE_T nextsize; /* its size */
2963 mchunkptr prev; /* previous contiguous chunk before oldp */
2964 INTERNAL_SIZE_T prevsize; /* its size */
2966 mchunkptr remainder; /* holds split off extra space from newp */
2967 INTERNAL_SIZE_T remainder_size; /* its size */
2969 mchunkptr bck; /* misc temp for linking */
2970 mchunkptr fwd; /* misc temp for linking */
2972 check_inuse_chunk(ar_ptr, oldp);
2974 if ((long)(oldsize) < (long)(nb))
2977 /* Try expanding forward */
2979 next = chunk_at_offset(oldp, oldsize);
2980 if (next == top(ar_ptr) || !inuse(next))
2982 nextsize = chunksize(next);
2984 /* Forward into top only if a remainder */
2985 if (next == top(ar_ptr))
2987 if ((long)(nextsize + newsize) >= (long)(nb + MINSIZE))
2989 newsize += nextsize;
2990 top(ar_ptr) = chunk_at_offset(oldp, nb);
2991 set_head(top(ar_ptr), (newsize - nb) | PREV_INUSE);
2992 set_head_size(oldp, nb);
2997 /* Forward into next chunk */
2998 else if (((long)(nextsize + newsize) >= (long)(nb)))
3000 unlink(next, bck, fwd);
3001 newsize += nextsize;
3011 /* Try shifting backwards. */
3013 if (!prev_inuse(oldp))
3015 prev = prev_chunk(oldp);
3016 prevsize = chunksize(prev);
3018 /* try forward + backward first to save a later consolidation */
3023 if (next == top(ar_ptr))
3025 if ((long)(nextsize + prevsize + newsize) >= (long)(nb + MINSIZE))
3027 unlink(prev, bck, fwd);
3029 newsize += prevsize + nextsize;
3030 MALLOC_COPY(chunk2mem(newp), chunk2mem(oldp), oldsize - SIZE_SZ);
3031 top(ar_ptr) = chunk_at_offset(newp, nb);
3032 set_head(top(ar_ptr), (newsize - nb) | PREV_INUSE);
3033 set_head_size(newp, nb);
3038 /* into next chunk */
3039 else if (((long)(nextsize + prevsize + newsize) >= (long)(nb)))
3041 unlink(next, bck, fwd);
3042 unlink(prev, bck, fwd);
3044 newsize += nextsize + prevsize;
3045 MALLOC_COPY(chunk2mem(newp), chunk2mem(oldp), oldsize - SIZE_SZ);
3051 if (prev != 0 && (long)(prevsize + newsize) >= (long)nb)
3053 unlink(prev, bck, fwd);
3055 newsize += prevsize;
3056 MALLOC_COPY(chunk2mem(newp), chunk2mem(oldp), oldsize - SIZE_SZ);
3063 newp = chunk_alloc (ar_ptr, nb);
3065 if (newp == 0) /* propagate failure */
3068 /* Avoid copy if newp is next chunk after oldp. */
3069 /* (This can only happen when new chunk is sbrk'ed.) */
3071 if ( newp == next_chunk(oldp))
3073 newsize += chunksize(newp);
3078 /* Otherwise copy, free, and exit */
3079 MALLOC_COPY(chunk2mem(newp), chunk2mem(oldp), oldsize - SIZE_SZ);
3080 chunk_free(ar_ptr, oldp);
3085 split: /* split off extra room in old or expanded chunk */
3087 if (newsize - nb >= MINSIZE) /* split off remainder */
3089 remainder = chunk_at_offset(newp, nb);
3090 remainder_size = newsize - nb;
3091 set_head_size(newp, nb);
3092 set_head(remainder, remainder_size | PREV_INUSE);
3093 set_inuse_bit_at_offset(remainder, remainder_size);
3094 chunk_free(ar_ptr, remainder);
3098 set_head_size(newp, newsize);
3099 set_inuse_bit_at_offset(newp, newsize);
3102 check_inuse_chunk(ar_ptr, newp);
3113 memalign requests more than enough space from malloc, finds a spot
3114 within that chunk that meets the alignment request, and then
3115 possibly frees the leading and trailing space.
3117 The alignment argument must be a power of two. This property is not
3118 checked by memalign, so misuse may result in random runtime errors.
3120 8-byte alignment is guaranteed by normal malloc calls, so don't
3121 bother calling memalign with an argument of 8 or less.
3123 Overreliance on memalign is a sure way to fragment space.
3129 Void_t* mEMALIGn(size_t alignment, size_t bytes)
3131 Void_t* mEMALIGn(alignment, bytes) size_t alignment; size_t bytes;
3135 INTERNAL_SIZE_T nb; /* padded request size */
3138 #if defined(_LIBC) || defined(MALLOC_HOOKS)
3139 if (__memalign_hook != NULL) {
3142 result = (*__memalign_hook)(alignment, bytes);
3147 /* If need less alignment than we give anyway, just relay to malloc */
3149 if (alignment <= MALLOC_ALIGNMENT) return mALLOc(bytes);
3151 /* Otherwise, ensure that it is at least a minimum chunk size */
3153 if (alignment < MINSIZE) alignment = MINSIZE;
3155 nb = request2size(bytes);
3156 arena_get(ar_ptr, nb + alignment + MINSIZE);
3159 p = chunk_align(ar_ptr, nb, alignment);
3160 (void)mutex_unlock(&ar_ptr->mutex);
3161 return p ? chunk2mem(p) : NULL;
3166 chunk_align(arena* ar_ptr, INTERNAL_SIZE_T nb, size_t alignment)
3168 chunk_align(ar_ptr, nb, alignment)
3169 arena* ar_ptr; INTERNAL_SIZE_T nb; size_t alignment;
3172 char* m; /* memory returned by malloc call */
3173 mchunkptr p; /* corresponding chunk */
3174 char* brk; /* alignment point within p */
3175 mchunkptr newp; /* chunk to return */
3176 INTERNAL_SIZE_T newsize; /* its size */
3177 INTERNAL_SIZE_T leadsize; /* leading space befor alignment point */
3178 mchunkptr remainder; /* spare room at end to split off */
3179 long remainder_size; /* its size */
3181 /* Call chunk_alloc with worst case padding to hit alignment. */
3182 p = chunk_alloc(ar_ptr, nb + alignment + MINSIZE);
3184 return 0; /* propagate failure */
3188 if ((((unsigned long)(m)) % alignment) == 0) /* aligned */
3191 if(chunk_is_mmapped(p)) {
3192 return p; /* nothing more to do */
3196 else /* misaligned */
3199 Find an aligned spot inside chunk.
3200 Since we need to give back leading space in a chunk of at
3201 least MINSIZE, if the first calculation places us at
3202 a spot with less than MINSIZE leader, we can move to the
3203 next aligned spot -- we've allocated enough total room so that
3204 this is always possible.
3207 brk = (char*)mem2chunk(((unsigned long)(m + alignment - 1)) & -alignment);
3208 if ((long)(brk - (char*)(p)) < (long)MINSIZE) brk += alignment;
3210 newp = (mchunkptr)brk;
3211 leadsize = brk - (char*)(p);
3212 newsize = chunksize(p) - leadsize;
3215 if(chunk_is_mmapped(p))
3217 newp->prev_size = p->prev_size + leadsize;
3218 set_head(newp, newsize|IS_MMAPPED);
3223 /* give back leader, use the rest */
3225 set_head(newp, newsize | PREV_INUSE);
3226 set_inuse_bit_at_offset(newp, newsize);
3227 set_head_size(p, leadsize);
3228 chunk_free(ar_ptr, p);
3231 assert (newsize>=nb && (((unsigned long)(chunk2mem(p))) % alignment) == 0);
3234 /* Also give back spare room at the end */
3236 remainder_size = chunksize(p) - nb;
3238 if (remainder_size >= (long)MINSIZE)
3240 remainder = chunk_at_offset(p, nb);
3241 set_head(remainder, remainder_size | PREV_INUSE);
3242 set_head_size(p, nb);
3243 chunk_free(ar_ptr, remainder);
3246 check_inuse_chunk(ar_ptr, p);
3254 valloc just invokes memalign with alignment argument equal
3255 to the page size of the system (or as near to this as can
3256 be figured out from all the includes/defines above.)
3260 Void_t* vALLOc(size_t bytes)
3262 Void_t* vALLOc(bytes) size_t bytes;
3265 return mEMALIGn (malloc_getpagesize, bytes);
3269 pvalloc just invokes valloc for the nearest pagesize
3270 that will accommodate request
3275 Void_t* pvALLOc(size_t bytes)
3277 Void_t* pvALLOc(bytes) size_t bytes;
3280 size_t pagesize = malloc_getpagesize;
3281 return mEMALIGn (pagesize, (bytes + pagesize - 1) & ~(pagesize - 1));
3286 calloc calls chunk_alloc, then zeroes out the allocated chunk.
3291 Void_t* cALLOc(size_t n, size_t elem_size)
3293 Void_t* cALLOc(n, elem_size) size_t n; size_t elem_size;
3297 mchunkptr p, oldtop;
3298 INTERNAL_SIZE_T sz, csz, oldtopsize;
3301 #if defined(_LIBC) || defined(MALLOC_HOOKS)
3302 if (__malloc_hook != NULL) {
3304 mem = (*__malloc_hook)(sz);
3310 while(sz > 0) ((char*)mem)[--sz] = 0; /* rather inefficient */
3316 sz = request2size(n * elem_size);
3317 arena_get(ar_ptr, sz);
3321 /* check if expand_top called, in which case don't need to clear */
3323 oldtop = top(ar_ptr);
3324 oldtopsize = chunksize(top(ar_ptr));
3326 p = chunk_alloc (ar_ptr, sz);
3328 /* Only clearing follows, so we can unlock early. */
3329 (void)mutex_unlock(&ar_ptr->mutex);
3337 /* Two optional cases in which clearing not necessary */
3340 if (chunk_is_mmapped(p)) return mem;
3346 if (p == oldtop && csz > oldtopsize)
3348 /* clear only the bytes from non-freshly-sbrked memory */
3353 MALLOC_ZERO(mem, csz - SIZE_SZ);
3360 cfree just calls free. It is needed/defined on some systems
3361 that pair it with calloc, presumably for odd historical reasons.
3367 void cfree(Void_t *mem)
3369 void cfree(mem) Void_t *mem;
3380 Malloc_trim gives memory back to the system (via negative
3381 arguments to sbrk) if there is unused memory at the `high' end of
3382 the malloc pool. You can call this after freeing large blocks of
3383 memory to potentially reduce the system-level memory requirements
3384 of a program. However, it cannot guarantee to reduce memory. Under
3385 some allocation patterns, some large free blocks of memory will be
3386 locked between two used chunks, so they cannot be given back to
3389 The `pad' argument to malloc_trim represents the amount of free
3390 trailing space to leave untrimmed. If this argument is zero,
3391 only the minimum amount of memory to maintain internal data
3392 structures will be left (one page or less). Non-zero arguments
3393 can be supplied to maintain enough trailing space to service
3394 future expected allocations without having to re-obtain memory
3397 Malloc_trim returns 1 if it actually released any memory, else 0.
3402 int mALLOC_TRIm(size_t pad)
3404 int mALLOC_TRIm(pad) size_t pad;
3409 (void)mutex_lock(&main_arena.mutex);
3410 res = main_trim(pad);
3411 (void)mutex_unlock(&main_arena.mutex);
3415 /* Trim the main arena. */
3419 main_trim(size_t pad)
3421 main_trim(pad) size_t pad;
3424 mchunkptr top_chunk; /* The current top chunk */
3425 long top_size; /* Amount of top-most memory */
3426 long extra; /* Amount to release */
3427 char* current_brk; /* address returned by pre-check sbrk call */
3428 char* new_brk; /* address returned by negative sbrk call */
3430 unsigned long pagesz = malloc_getpagesize;
3432 top_chunk = top(&main_arena);
3433 top_size = chunksize(top_chunk);
3434 extra = ((top_size - pad - MINSIZE + (pagesz-1)) / pagesz - 1) * pagesz;
3436 if (extra < (long)pagesz) /* Not enough memory to release */
3439 /* Test to make sure no one else called sbrk */
3440 current_brk = (char*)(MORECORE (0));
3441 if (current_brk != (char*)(top_chunk) + top_size)
3442 return 0; /* Apparently we don't own memory; must fail */
3444 new_brk = (char*)(MORECORE (-extra));
3446 /* Call the `morecore' hook if necessary. */
3447 if (__after_morecore_hook)
3448 (*__after_morecore_hook) ();
3450 if (new_brk == (char*)(MORECORE_FAILURE)) { /* sbrk failed? */
3451 /* Try to figure out what we have */
3452 current_brk = (char*)(MORECORE (0));
3453 top_size = current_brk - (char*)top_chunk;
3454 if (top_size >= (long)MINSIZE) /* if not, we are very very dead! */
3456 sbrked_mem = current_brk - sbrk_base;
3457 set_head(top_chunk, top_size | PREV_INUSE);
3459 check_chunk(&main_arena, top_chunk);
3462 sbrked_mem -= extra;
3464 /* Success. Adjust top accordingly. */
3465 set_head(top_chunk, (top_size - extra) | PREV_INUSE);
3466 check_chunk(&main_arena, top_chunk);
3474 heap_trim(heap_info *heap, size_t pad)
3476 heap_trim(heap, pad) heap_info *heap; size_t pad;
3479 unsigned long pagesz = malloc_getpagesize;
3480 arena *ar_ptr = heap->ar_ptr;
3481 mchunkptr top_chunk = top(ar_ptr), p, bck, fwd;
3482 heap_info *prev_heap;
3483 long new_size, top_size, extra;
3485 /* Can this heap go away completely ? */
3486 while(top_chunk == chunk_at_offset(heap, sizeof(*heap))) {
3487 prev_heap = heap->prev;
3488 p = chunk_at_offset(prev_heap, prev_heap->size - (MINSIZE-2*SIZE_SZ));
3489 assert(p->size == (0|PREV_INUSE)); /* must be fencepost */
3491 new_size = chunksize(p) + (MINSIZE-2*SIZE_SZ);
3492 assert(new_size>0 && new_size<(long)(2*MINSIZE));
3494 new_size += p->prev_size;
3495 assert(new_size>0 && new_size<HEAP_MAX_SIZE);
3496 if(new_size + (HEAP_MAX_SIZE - prev_heap->size) < pad + MINSIZE + pagesz)
3498 ar_ptr->size -= heap->size;
3501 if(!prev_inuse(p)) { /* consolidate backward */
3503 unlink(p, bck, fwd);
3505 assert(((unsigned long)((char*)p + new_size) & (pagesz-1)) == 0);
3506 assert( ((char*)p + new_size) == ((char*)heap + heap->size) );
3507 top(ar_ptr) = top_chunk = p;
3508 set_head(top_chunk, new_size | PREV_INUSE);
3509 check_chunk(ar_ptr, top_chunk);
3511 top_size = chunksize(top_chunk);
3512 extra = ((top_size - pad - MINSIZE + (pagesz-1))/pagesz - 1) * pagesz;
3513 if(extra < (long)pagesz)
3515 /* Try to shrink. */
3516 if(grow_heap(heap, -extra) != 0)
3518 ar_ptr->size -= extra;
3520 /* Success. Adjust top accordingly. */
3521 set_head(top_chunk, (top_size - extra) | PREV_INUSE);
3522 check_chunk(ar_ptr, top_chunk);
3533 This routine tells you how many bytes you can actually use in an
3534 allocated chunk, which may be more than you requested (although
3535 often not). You can use this many bytes without worrying about
3536 overwriting other allocated objects. Not a particularly great
3537 programming practice, but still sometimes useful.
3542 size_t mALLOC_USABLE_SIZe(Void_t* mem)
3544 size_t mALLOC_USABLE_SIZe(mem) Void_t* mem;
3554 if(!chunk_is_mmapped(p))
3556 if (!inuse(p)) return 0;
3557 check_inuse_chunk(arena_for_ptr(mem), p);
3558 return chunksize(p) - SIZE_SZ;
3560 return chunksize(p) - 2*SIZE_SZ;
3567 /* Utility to update mallinfo for malloc_stats() and mallinfo() */
3571 malloc_update_mallinfo(arena *ar_ptr, struct mallinfo *mi)
3573 malloc_update_mallinfo(ar_ptr, mi) arena *ar_ptr; struct mallinfo *mi;
3582 INTERNAL_SIZE_T avail;
3584 (void)mutex_lock(&ar_ptr->mutex);
3585 avail = chunksize(top(ar_ptr));
3586 navail = ((long)(avail) >= (long)MINSIZE)? 1 : 0;
3588 for (i = 1; i < NAV; ++i)
3590 b = bin_at(ar_ptr, i);
3591 for (p = last(b); p != b; p = p->bk)
3594 check_free_chunk(ar_ptr, p);
3595 for (q = next_chunk(p);
3596 q != top(ar_ptr) && inuse(q) && (long)chunksize(q) > 0;
3598 check_inuse_chunk(ar_ptr, q);
3600 avail += chunksize(p);
3605 mi->arena = ar_ptr->size;
3606 mi->ordblks = navail;
3607 mi->uordblks = ar_ptr->size - avail;
3608 mi->fordblks = avail;
3609 mi->hblks = n_mmaps;
3610 mi->hblkhd = mmapped_mem;
3611 mi->keepcost = chunksize(top(ar_ptr));
3613 (void)mutex_unlock(&ar_ptr->mutex);
3616 #if !defined(NO_THREADS) && MALLOC_DEBUG > 1
3618 /* Print the complete contents of a single heap to stderr. */
3622 dump_heap(heap_info *heap)
3624 dump_heap(heap) heap_info *heap;
3630 fprintf(stderr, "Heap %p, size %10lx:\n", heap, (long)heap->size);
3631 ptr = (heap->ar_ptr != (arena*)(heap+1)) ?
3632 (char*)(heap + 1) : (char*)(heap + 1) + sizeof(arena);
3633 p = (mchunkptr)(((unsigned long)ptr + MALLOC_ALIGN_MASK) &
3634 ~MALLOC_ALIGN_MASK);
3636 fprintf(stderr, "chunk %p size %10lx", p, (long)p->size);
3637 if(p == top(heap->ar_ptr)) {
3638 fprintf(stderr, " (top)\n");
3640 } else if(p->size == (0|PREV_INUSE)) {
3641 fprintf(stderr, " (fence)\n");
3644 fprintf(stderr, "\n");
3657 For all arenas separately and in total, prints on stderr the
3658 amount of space obtained from the system, and the current number
3659 of bytes allocated via malloc (or realloc, etc) but not yet
3660 freed. (Note that this is the number of bytes allocated, not the
3661 number requested. It will be larger than the number requested
3662 because of alignment and bookkeeping overhead.) When not compiled
3663 for multiple threads, the maximum amount of allocated memory
3664 (which may be more than current if malloc_trim and/or munmap got
3665 called) is also reported. When using mmap(), prints the maximum
3666 number of simultaneous mmap regions used, too.
3675 unsigned int in_use_b = mmapped_mem, system_b = in_use_b;
3677 long stat_lock_direct = 0, stat_lock_loop = 0, stat_lock_wait = 0;
3680 for(i=0, ar_ptr = &main_arena;; i++) {
3681 malloc_update_mallinfo(ar_ptr, &mi);
3682 fprintf(stderr, "Arena %d:\n", i);
3683 fprintf(stderr, "system bytes = %10u\n", (unsigned int)mi.arena);
3684 fprintf(stderr, "in use bytes = %10u\n", (unsigned int)mi.uordblks);
3685 system_b += mi.arena;
3686 in_use_b += mi.uordblks;
3688 stat_lock_direct += ar_ptr->stat_lock_direct;
3689 stat_lock_loop += ar_ptr->stat_lock_loop;
3690 stat_lock_wait += ar_ptr->stat_lock_wait;
3692 #if !defined(NO_THREADS) && MALLOC_DEBUG > 1
3693 if(ar_ptr != &main_arena) {
3694 (void)mutex_lock(&ar_ptr->mutex);
3695 heap_info *heap = heap_for_ptr(top(ar_ptr));
3696 while(heap) { dump_heap(heap); heap = heap->prev; }
3697 (void)mutex_unlock(&ar_ptr->mutex);
3700 ar_ptr = ar_ptr->next;
3701 if(ar_ptr == &main_arena) break;
3703 fprintf(stderr, "Total (incl. mmap):\n");
3704 fprintf(stderr, "system bytes = %10u\n", system_b);
3705 fprintf(stderr, "in use bytes = %10u\n", in_use_b);
3707 fprintf(stderr, "max system bytes = %10u\n", (unsigned int)max_total_mem);
3710 fprintf(stderr, "max mmap regions = %10u\n", (unsigned int)max_n_mmaps);
3713 fprintf(stderr, "heaps created = %10d\n", stat_n_heaps);
3714 fprintf(stderr, "locked directly = %10ld\n", stat_lock_direct);
3715 fprintf(stderr, "locked in loop = %10ld\n", stat_lock_loop);
3716 fprintf(stderr, "locked waiting = %10ld\n", stat_lock_wait);
3717 fprintf(stderr, "locked total = %10ld\n",
3718 stat_lock_direct + stat_lock_loop + stat_lock_wait);
3723 mallinfo returns a copy of updated current mallinfo.
3724 The information reported is for the arena last used by the thread.
3727 struct mallinfo mALLINFo()
3730 Void_t *vptr = NULL;
3733 tsd_getspecific(arena_key, vptr);
3735 malloc_update_mallinfo((vptr ? (arena*)vptr : &main_arena), &mi);
3745 mallopt is the general SVID/XPG interface to tunable parameters.
3746 The format is to provide a (parameter-number, parameter-value) pair.
3747 mallopt then sets the corresponding parameter to the argument
3748 value if it can (i.e., so long as the value is meaningful),
3749 and returns 1 if successful else 0.
3751 See descriptions of tunable parameters above.
3756 int mALLOPt(int param_number, int value)
3758 int mALLOPt(param_number, value) int param_number; int value;
3761 switch(param_number)
3763 case M_TRIM_THRESHOLD:
3764 trim_threshold = value; return 1;
3766 top_pad = value; return 1;
3767 case M_MMAP_THRESHOLD:
3769 /* Forbid setting the threshold too high. */
3770 if((unsigned long)value > HEAP_MAX_SIZE/2) return 0;
3772 mmap_threshold = value; return 1;
3775 n_mmaps_max = value; return 1;
3777 if (value != 0) return 0; else n_mmaps_max = value; return 1;
3779 case M_CHECK_ACTION:
3780 check_action = value; return 1;
3789 /* Get/set state: malloc_get_state() records the current state of all
3790 malloc variables (_except_ for the actual heap contents and `hook'
3791 function pointers) in a system dependent, opaque data structure.
3792 This data structure is dynamically allocated and can be free()d
3793 after use. malloc_set_state() restores the state of all malloc
3794 variables to the previously obtained state. This is especially
3795 useful when using this malloc as part of a shared library, and when
3796 the heap contents are saved/restored via some other method. The
3797 primary example for this is GNU Emacs with its `dumping' procedure.
3798 `Hook' function pointers are never saved or restored by these
3801 #define MALLOC_STATE_MAGIC 0x444c4541l
3802 #define MALLOC_STATE_VERSION (0*0x100l + 0l) /* major*0x100 + minor */
3804 struct malloc_state {
3807 mbinptr av[NAV * 2 + 2];
3809 int sbrked_mem_bytes;
3810 unsigned long trim_threshold;
3811 unsigned long top_pad;
3812 unsigned int n_mmaps_max;
3813 unsigned long mmap_threshold;
3815 unsigned long max_sbrked_mem;
3816 unsigned long max_total_mem;
3817 unsigned int n_mmaps;
3818 unsigned int max_n_mmaps;
3819 unsigned long mmapped_mem;
3820 unsigned long max_mmapped_mem;
3827 struct malloc_state* ms;
3832 (void)mutex_lock(&main_arena.mutex);
3833 victim = chunk_alloc(&main_arena, request2size(sizeof(*ms)));
3835 (void)mutex_unlock(&main_arena.mutex);
3838 ms = (struct malloc_state*)chunk2mem(victim);
3839 ms->magic = MALLOC_STATE_MAGIC;
3840 ms->version = MALLOC_STATE_VERSION;
3841 ms->av[0] = main_arena.av[0];
3842 ms->av[1] = main_arena.av[1];
3843 for(i=0; i<NAV; i++) {
3844 b = bin_at(&main_arena, i);
3846 ms->av[2*i+2] = ms->av[2*i+3] = 0; /* empty bin (or initial top) */
3848 ms->av[2*i+2] = first(b);
3849 ms->av[2*i+3] = last(b);
3852 ms->sbrk_base = sbrk_base;
3853 ms->sbrked_mem_bytes = sbrked_mem;
3854 ms->trim_threshold = trim_threshold;
3855 ms->top_pad = top_pad;
3856 ms->n_mmaps_max = n_mmaps_max;
3857 ms->mmap_threshold = mmap_threshold;
3858 ms->check_action = check_action;
3859 ms->max_sbrked_mem = max_sbrked_mem;
3861 ms->max_total_mem = max_total_mem;
3863 ms->max_total_mem = 0;
3865 ms->n_mmaps = n_mmaps;
3866 ms->max_n_mmaps = max_n_mmaps;
3867 ms->mmapped_mem = mmapped_mem;
3868 ms->max_mmapped_mem = max_mmapped_mem;
3869 (void)mutex_unlock(&main_arena.mutex);
3875 mALLOC_SET_STATe(Void_t* msptr)
3877 mALLOC_SET_STATe(msptr) Void_t* msptr;
3880 struct malloc_state* ms = (struct malloc_state*)msptr;
3885 if(ms->magic != MALLOC_STATE_MAGIC) return -1;
3886 /* Must fail if the major version is too high. */
3887 if((ms->version & ~0xffl) > (MALLOC_STATE_VERSION & ~0xffl)) return -2;
3888 (void)mutex_lock(&main_arena.mutex);
3889 main_arena.av[0] = ms->av[0];
3890 main_arena.av[1] = ms->av[1];
3891 for(i=0; i<NAV; i++) {
3892 b = bin_at(&main_arena, i);
3893 if(ms->av[2*i+2] == 0)
3894 first(b) = last(b) = b;
3896 first(b) = ms->av[2*i+2];
3897 last(b) = ms->av[2*i+3];
3899 /* Make sure the links to the `av'-bins in the heap are correct. */
3905 sbrk_base = ms->sbrk_base;
3906 sbrked_mem = ms->sbrked_mem_bytes;
3907 trim_threshold = ms->trim_threshold;
3908 top_pad = ms->top_pad;
3909 n_mmaps_max = ms->n_mmaps_max;
3910 mmap_threshold = ms->mmap_threshold;
3911 check_action = ms->check_action;
3912 max_sbrked_mem = ms->max_sbrked_mem;
3914 max_total_mem = ms->max_total_mem;
3916 n_mmaps = ms->n_mmaps;
3917 max_n_mmaps = ms->max_n_mmaps;
3918 mmapped_mem = ms->mmapped_mem;
3919 max_mmapped_mem = ms->max_mmapped_mem;
3920 /* add version-dependent code here */
3921 (void)mutex_unlock(&main_arena.mutex);
3927 #if defined(_LIBC) || defined(MALLOC_HOOKS)
3929 /* A simple, standard set of debugging hooks. Overhead is `only' one
3930 byte per chunk; still this will catch most cases of double frees or
3933 #define MAGICBYTE(p) ( ( ((size_t)p >> 3) ^ ((size_t)p >> 11)) & 0xFF )
3935 /* Convert a pointer to be free()d or realloc()ed to a valid chunk
3936 pointer. If the provided pointer is not valid, return NULL. The
3937 goal here is to avoid crashes, unlike in the MALLOC_DEBUG code. */
3941 mem2chunk_check(Void_t* mem)
3943 mem2chunk_check(mem) Void_t* mem;
3950 if(!aligned_OK(p)) return NULL;
3951 if( (char*)p>=sbrk_base && (char*)p<(sbrk_base+sbrked_mem) ) {
3952 /* Must be a chunk in conventional heap memory. */
3953 if(chunk_is_mmapped(p) ||
3954 ( (sz = chunksize(p)), ((char*)p + sz)>=(sbrk_base+sbrked_mem) ) ||
3955 sz<MINSIZE || sz&MALLOC_ALIGN_MASK || !inuse(p) ||
3956 ( !prev_inuse(p) && (p->prev_size&MALLOC_ALIGN_MASK ||
3957 (long)prev_chunk(p)<(long)sbrk_base ||
3958 next_chunk(prev_chunk(p))!=p) ))
3960 if(*((unsigned char*)p + sz + (SIZE_SZ-1)) != MAGICBYTE(p))
3962 *((unsigned char*)p + sz + (SIZE_SZ-1)) ^= 0xFF;
3964 unsigned long offset, page_mask = malloc_getpagesize-1;
3966 /* mmap()ed chunks have MALLOC_ALIGNMENT or higher power-of-two
3967 alignment relative to the beginning of a page. Check this
3969 offset = (unsigned long)mem & page_mask;
3970 if((offset!=MALLOC_ALIGNMENT && offset!=0 && offset!=0x10 &&
3971 offset!=0x20 && offset!=0x40 && offset!=0x80 && offset!=0x100 &&
3972 offset!=0x200 && offset!=0x400 && offset!=0x800 && offset!=0x1000 &&
3974 !chunk_is_mmapped(p) || (p->size & PREV_INUSE) ||
3975 ( (((unsigned long)p - p->prev_size) & page_mask) != 0 ) ||
3976 ( (sz = chunksize(p)), ((p->prev_size + sz) & page_mask) != 0 ) )
3978 if(*((unsigned char*)p + sz - 1) != MAGICBYTE(p))
3980 *((unsigned char*)p + sz - 1) ^= 0xFF;
3987 malloc_check(size_t sz)
3989 malloc_check(sz) size_t sz;
3993 INTERNAL_SIZE_T nb = request2size(sz + 1);
3995 (void)mutex_lock(&main_arena.mutex);
3996 victim = chunk_alloc(&main_arena, nb);
3997 (void)mutex_unlock(&main_arena.mutex);
3998 if(!victim) return NULL;
3999 nb = chunksize(victim);
4000 if(chunk_is_mmapped(victim))
4004 *((unsigned char*)victim + nb) = MAGICBYTE(victim);
4005 return chunk2mem(victim);
4010 free_check(Void_t* mem)
4012 free_check(mem) Void_t* mem;
4018 (void)mutex_lock(&main_arena.mutex);
4019 p = mem2chunk_check(mem);
4021 (void)mutex_unlock(&main_arena.mutex);
4022 switch(check_action) {
4024 fprintf(stderr, "free(): invalid pointer %lx!\n", (long)(mem));
4032 if (chunk_is_mmapped(p)) {
4033 (void)mutex_unlock(&main_arena.mutex);
4038 #if 0 /* Erase freed memory. */
4039 memset(mem, 0, chunksize(p) - (SIZE_SZ+1));
4041 chunk_free(&main_arena, p);
4042 (void)mutex_unlock(&main_arena.mutex);
4047 realloc_check(Void_t* oldmem, size_t bytes)
4049 realloc_check(oldmem, bytes) Void_t* oldmem; size_t bytes;
4052 mchunkptr oldp, newp;
4053 INTERNAL_SIZE_T nb, oldsize;
4055 if (oldmem == 0) return malloc_check(bytes);
4056 (void)mutex_lock(&main_arena.mutex);
4057 oldp = mem2chunk_check(oldmem);
4059 (void)mutex_unlock(&main_arena.mutex);
4060 switch(check_action) {
4062 fprintf(stderr, "realloc(): invalid pointer %lx!\n", (long)(oldmem));
4067 return malloc_check(bytes);
4069 oldsize = chunksize(oldp);
4071 nb = request2size(bytes+1);
4074 if (chunk_is_mmapped(oldp)) {
4076 newp = mremap_chunk(oldp, nb);
4079 /* Note the extra SIZE_SZ overhead. */
4080 if(oldsize - SIZE_SZ >= nb) newp = oldp; /* do nothing */
4082 /* Must alloc, copy, free. */
4083 newp = chunk_alloc(&main_arena, nb);
4085 MALLOC_COPY(chunk2mem(newp), oldmem, oldsize - 2*SIZE_SZ);
4093 #endif /* HAVE_MMAP */
4094 newp = chunk_realloc(&main_arena, oldp, oldsize, nb);
4095 #if 0 /* Erase freed memory. */
4096 nb = chunksize(newp);
4097 if(oldp<newp || oldp>=chunk_at_offset(newp, nb)) {
4098 memset((char*)oldmem + 2*sizeof(mbinptr), 0,
4099 oldsize - (2*sizeof(mbinptr)+2*SIZE_SZ+1));
4100 } else if(nb > oldsize+SIZE_SZ) {
4101 memset((char*)chunk2mem(newp) + oldsize, 0, nb - (oldsize+SIZE_SZ));
4107 (void)mutex_unlock(&main_arena.mutex);
4109 if(!newp) return NULL;
4110 nb = chunksize(newp);
4111 if(chunk_is_mmapped(newp))
4115 *((unsigned char*)newp + nb) = MAGICBYTE(newp);
4116 return chunk2mem(newp);
4121 memalign_check(size_t alignment, size_t bytes)
4123 memalign_check(alignment, bytes) size_t alignment; size_t bytes;
4129 if (alignment <= MALLOC_ALIGNMENT) return malloc_check(bytes);
4130 if (alignment < MINSIZE) alignment = MINSIZE;
4132 nb = request2size(bytes+1);
4133 (void)mutex_lock(&main_arena.mutex);
4134 p = chunk_align(&main_arena, nb, alignment);
4135 (void)mutex_unlock(&main_arena.mutex);
4138 if(chunk_is_mmapped(p))
4142 *((unsigned char*)p + nb) = MAGICBYTE(p);
4143 return chunk2mem(p);
4146 /* The following hooks are used when the global initialization in
4147 ptmalloc_init() hasn't completed yet. */
4151 malloc_starter(size_t sz)
4153 malloc_starter(sz) size_t sz;
4156 mchunkptr victim = chunk_alloc(&main_arena, request2size(sz));
4158 return victim ? chunk2mem(victim) : 0;
4163 free_starter(Void_t* mem)
4165 free_starter(mem) Void_t* mem;
4173 if (chunk_is_mmapped(p)) {
4178 chunk_free(&main_arena, p);
4181 #endif /* defined(_LIBC) || defined(MALLOC_HOOKS) */
4186 weak_alias (__libc_calloc, __calloc) weak_alias (__libc_calloc, calloc)
4187 weak_alias (__libc_free, __cfree) weak_alias (__libc_free, cfree)
4188 weak_alias (__libc_free, __free) weak_alias (__libc_free, free)
4189 weak_alias (__libc_malloc, __malloc) weak_alias (__libc_malloc, malloc)
4190 weak_alias (__libc_memalign, __memalign) weak_alias (__libc_memalign, memalign)
4191 weak_alias (__libc_realloc, __realloc) weak_alias (__libc_realloc, realloc)
4192 weak_alias (__libc_valloc, __valloc) weak_alias (__libc_valloc, valloc)
4193 weak_alias (__libc_pvalloc, __pvalloc) weak_alias (__libc_pvalloc, pvalloc)
4194 weak_alias (__libc_mallinfo, __mallinfo) weak_alias (__libc_mallinfo, mallinfo)
4195 weak_alias (__libc_mallopt, __mallopt) weak_alias (__libc_mallopt, mallopt)
4197 weak_alias (__malloc_stats, malloc_stats)
4198 weak_alias (__malloc_usable_size, malloc_usable_size)
4199 weak_alias (__malloc_trim, malloc_trim)
4200 weak_alias (__malloc_get_state, malloc_get_state)
4201 weak_alias (__malloc_set_state, malloc_set_state)
4208 V2.6.4-pt3 Thu Feb 20 1997 Wolfram Gloger (wmglo@dent.med.uni-muenchen.de)
4209 * Added malloc_get/set_state() (mainly for use in GNU emacs),
4210 using interface from Marcus Daniels
4211 * All parameters are now adjustable via environment variables
4213 V2.6.4-pt2 Sat Dec 14 1996 Wolfram Gloger (wmglo@dent.med.uni-muenchen.de)
4214 * Added debugging hooks
4215 * Fixed possible deadlock in realloc() when out of memory
4216 * Don't pollute namespace in glibc: use __getpagesize, __mmap, etc.
4218 V2.6.4-pt Wed Dec 4 1996 Wolfram Gloger (wmglo@dent.med.uni-muenchen.de)
4219 * Very minor updates from the released 2.6.4 version.
4220 * Trimmed include file down to exported data structures.
4221 * Changes from H.J. Lu for glibc-2.0.
4223 V2.6.3i-pt Sep 16 1996 Wolfram Gloger (wmglo@dent.med.uni-muenchen.de)
4224 * Many changes for multiple threads
4225 * Introduced arenas and heaps
4227 V2.6.3 Sun May 19 08:17:58 1996 Doug Lea (dl at gee)
4228 * Added pvalloc, as recommended by H.J. Liu
4229 * Added 64bit pointer support mainly from Wolfram Gloger
4230 * Added anonymously donated WIN32 sbrk emulation
4231 * Malloc, calloc, getpagesize: add optimizations from Raymond Nijssen
4232 * malloc_extend_top: fix mask error that caused wastage after
4234 * Add linux mremap support code from HJ Liu
4236 V2.6.2 Tue Dec 5 06:52:55 1995 Doug Lea (dl at gee)
4237 * Integrated most documentation with the code.
4238 * Add support for mmap, with help from
4239 Wolfram Gloger (Gloger@lrz.uni-muenchen.de).
4240 * Use last_remainder in more cases.
4241 * Pack bins using idea from colin@nyx10.cs.du.edu
4242 * Use ordered bins instead of best-fit threshold
4243 * Eliminate block-local decls to simplify tracing and debugging.
4244 * Support another case of realloc via move into top
4245 * Fix error occurring when initial sbrk_base not word-aligned.
4246 * Rely on page size for units instead of SBRK_UNIT to
4247 avoid surprises about sbrk alignment conventions.
4248 * Add mallinfo, mallopt. Thanks to Raymond Nijssen
4249 (raymond@es.ele.tue.nl) for the suggestion.
4250 * Add `pad' argument to malloc_trim and top_pad mallopt parameter.
4251 * More precautions for cases where other routines call sbrk,
4252 courtesy of Wolfram Gloger (Gloger@lrz.uni-muenchen.de).
4253 * Added macros etc., allowing use in linux libc from
4254 H.J. Lu (hjl@gnu.ai.mit.edu)
4255 * Inverted this history list
4257 V2.6.1 Sat Dec 2 14:10:57 1995 Doug Lea (dl at gee)
4258 * Re-tuned and fixed to behave more nicely with V2.6.0 changes.
4259 * Removed all preallocation code since under current scheme
4260 the work required to undo bad preallocations exceeds
4261 the work saved in good cases for most test programs.
4262 * No longer use return list or unconsolidated bins since
4263 no scheme using them consistently outperforms those that don't
4264 given above changes.
4265 * Use best fit for very large chunks to prevent some worst-cases.
4266 * Added some support for debugging
4268 V2.6.0 Sat Nov 4 07:05:23 1995 Doug Lea (dl at gee)
4269 * Removed footers when chunks are in use. Thanks to
4270 Paul Wilson (wilson@cs.texas.edu) for the suggestion.
4272 V2.5.4 Wed Nov 1 07:54:51 1995 Doug Lea (dl at gee)
4273 * Added malloc_trim, with help from Wolfram Gloger
4274 (wmglo@Dent.MED.Uni-Muenchen.DE).
4276 V2.5.3 Tue Apr 26 10:16:01 1994 Doug Lea (dl at g)
4278 V2.5.2 Tue Apr 5 16:20:40 1994 Doug Lea (dl at g)
4279 * realloc: try to expand in both directions
4280 * malloc: swap order of clean-bin strategy;
4281 * realloc: only conditionally expand backwards
4282 * Try not to scavenge used bins
4283 * Use bin counts as a guide to preallocation
4284 * Occasionally bin return list chunks in first scan
4285 * Add a few optimizations from colin@nyx10.cs.du.edu
4287 V2.5.1 Sat Aug 14 15:40:43 1993 Doug Lea (dl at g)
4288 * faster bin computation & slightly different binning
4289 * merged all consolidations to one part of malloc proper
4290 (eliminating old malloc_find_space & malloc_clean_bin)
4291 * Scan 2 returns chunks (not just 1)
4292 * Propagate failure in realloc if malloc returns 0
4293 * Add stuff to allow compilation on non-ANSI compilers
4294 from kpv@research.att.com
4296 V2.5 Sat Aug 7 07:41:59 1993 Doug Lea (dl at g.oswego.edu)
4297 * removed potential for odd address access in prev_chunk
4298 * removed dependency on getpagesize.h
4299 * misc cosmetics and a bit more internal documentation
4300 * anticosmetics: mangled names in macros to evade debugger strangeness
4301 * tested on sparc, hp-700, dec-mips, rs6000
4302 with gcc & native cc (hp, dec only) allowing
4303 Detlefs & Zorn comparison study (in SIGPLAN Notices.)
4305 Trial version Fri Aug 28 13:14:29 1992 Doug Lea (dl at g.oswego.edu)
4306 * Based loosely on libg++-1.2X malloc. (It retains some of the overall
4307 structure of old version, but most details differ.)
projects / kopensolaris-gnu / glibc.git / blob