1265 lines
63 KiB
C++
1265 lines
63 KiB
C++
#ifndef COSMOPOLITAN_LIBC_MEM_DLMALLOC_H_
|
|
#define COSMOPOLITAN_LIBC_MEM_DLMALLOC_H_
|
|
#ifndef __STRICT_ANSI__
|
|
#include "libc/assert.h"
|
|
#include "libc/bits/bits.h"
|
|
#include "libc/calls/calls.h"
|
|
#include "libc/dce.h"
|
|
#include "libc/runtime/runtime.h"
|
|
#if !(__ASSEMBLER__ + __LINKER__ + 0)
|
|
COSMOPOLITAN_C_START_
|
|
#if 0
|
|
/**
|
|
* @fileoverview Internal header for Doug Lea's malloc.
|
|
*/
|
|
#endif
|
|
|
|
#define DLMALLOC_VERSION 20806
|
|
|
|
#ifndef FOOTERS
|
|
#define FOOTERS !IsTrustworthy()
|
|
#endif
|
|
|
|
#define HAVE_MMAP 1
|
|
#define HAVE_MREMAP 0 /* IsLinux() */
|
|
#define MMAP_CLEARS 1
|
|
#define MALLOC_ALIGNMENT __BIGGEST_ALIGNMENT__
|
|
#define NO_SEGMENT_TRAVERSAL 1
|
|
#define MAX_RELEASE_CHECK_RATE 128
|
|
#define MALLOC_ABORT abort()
|
|
#define DEFAULT_GRANULARITY (64UL * 1024UL)
|
|
#define DEFAULT_TRIM_THRESHOLD (10UL * 1024UL * 1024UL)
|
|
#define DEFAULT_MMAP_THRESHOLD (256UL * 1024UL)
|
|
#define USE_LOCKS 0
|
|
#define USE_SPIN_LOCKS 0
|
|
#define LOCK_AT_FORK 0
|
|
#define NSMALLBINS (32u)
|
|
#define NTREEBINS (32u)
|
|
#define SMALLBIN_SHIFT (3u)
|
|
#define SMALLBIN_WIDTH (SIZE_T_ONE << SMALLBIN_SHIFT)
|
|
#define TREEBIN_SHIFT (8u)
|
|
#define MIN_LARGE_SIZE (SIZE_T_ONE << TREEBIN_SHIFT)
|
|
#define MAX_SMALL_SIZE (MIN_LARGE_SIZE - SIZE_T_ONE)
|
|
#define MAX_SMALL_REQUEST (MAX_SMALL_SIZE - CHUNK_ALIGN_MASK - CHUNK_OVERHEAD)
|
|
#define M_TRIM_THRESHOLD (-1)
|
|
#define M_GRANULARITY (-2)
|
|
#define M_MMAP_THRESHOLD (-3)
|
|
|
|
/* ─────────────────── size_t and alignment properties ──────────────────── */
|
|
|
|
#define MALLINFO_FIELD_TYPE size_t
|
|
|
|
/* The byte and bit size of a size_t */
|
|
#define SIZE_T_SIZE (sizeof(size_t))
|
|
#define SIZE_T_BITSIZE (sizeof(size_t) << 3)
|
|
|
|
/* Some constants coerced to size_t */
|
|
/* Annoying but necessary to avoid errors on some platforms */
|
|
#define SIZE_T_ZERO 0UL
|
|
#define SIZE_T_ONE 1UL
|
|
#define SIZE_T_TWO 2UL
|
|
#define SIZE_T_FOUR 4UL
|
|
#define TWO_SIZE_T_SIZES (SIZE_T_SIZE << 1)
|
|
#define FOUR_SIZE_T_SIZES (SIZE_T_SIZE << 2)
|
|
#define SIX_SIZE_T_SIZES (FOUR_SIZE_T_SIZES + TWO_SIZE_T_SIZES)
|
|
#define HALF_SIZE_MAX (__SIZE_MAX__ / 2U)
|
|
|
|
/* The bit mask value corresponding to MALLOC_ALIGNMENT */
|
|
#define CHUNK_ALIGN_MASK (MALLOC_ALIGNMENT - SIZE_T_ONE)
|
|
|
|
/* True if address a has acceptable alignment */
|
|
#define is_aligned(A) (((size_t)((A)) & (CHUNK_ALIGN_MASK)) == 0)
|
|
|
|
/* the number of bytes to offset an address to align it */
|
|
#define align_offset(A) \
|
|
((((size_t)(A)&CHUNK_ALIGN_MASK) == 0) \
|
|
? 0 \
|
|
: ((MALLOC_ALIGNMENT - ((size_t)(A)&CHUNK_ALIGN_MASK)) & \
|
|
CHUNK_ALIGN_MASK))
|
|
|
|
/* ────────────────────────── MMAP preliminaries ───────────────────────── */
|
|
|
|
#define MFAIL MAP_FAILED
|
|
#define CMFAIL ((char *)MAP_FAILED)
|
|
#define MMAP_DEFAULT(s) dlmalloc_requires_more_vespene_gas(s)
|
|
#define MUNMAP_DEFAULT(a, s) munmap(a, s)
|
|
#define MMAP_PROT (PROT_READ | PROT_WRITE)
|
|
#define DIRECT_MMAP_DEFAULT(s) MMAP_DEFAULT(s)
|
|
#define USE_MMAP_BIT (SIZE_T_ONE)
|
|
#define CALL_MMAP(s) MMAP_DEFAULT(s)
|
|
#define CALL_MUNMAP(a, s) MUNMAP_DEFAULT((a), (s))
|
|
#define CALL_DIRECT_MMAP(s) DIRECT_MMAP_DEFAULT(s)
|
|
#define CALL_MREMAP(addr, osz, nsz, mv) MREMAP((addr), (osz), (nsz), (mv))
|
|
#define USE_NONCONTIGUOUS_BIT (4U)
|
|
#define EXTERN_BIT (8U)
|
|
|
|
/* ─────────────────────────── Lock preliminaries ──────────────────────── */
|
|
|
|
/*
|
|
When locks are defined, there is one global lock, plus
|
|
one per-mspace lock.
|
|
|
|
The global lock_ensures that mparams.magic and other unique
|
|
mparams values are initialized only once. It also protects
|
|
sequences of calls to MORECORE. In many cases sys_alloc requires
|
|
two calls, that should not be interleaved with calls by other
|
|
threads. This does not protect against direct calls to MORECORE
|
|
by other threads not using this lock, so there is still code to
|
|
cope the best we can on interference.
|
|
|
|
Per-mspace locks surround calls to malloc, free, etc.
|
|
By default, locks are simple non-reentrant mutexes.
|
|
|
|
Because lock-protected regions generally have bounded times, it is
|
|
OK to use the supplied simple spinlocks. Spinlocks are likely to
|
|
improve performance for lightly contended applications, but worsen
|
|
performance under heavy contention.
|
|
|
|
If USE_LOCKS is > 1, the definitions of lock routines here are
|
|
bypassed, in which case you will need to define the type MLOCK_T,
|
|
and at least INITIAL_LOCK, DESTROY_LOCK, ACQUIRE_LOCK, RELEASE_LOCK
|
|
and TRY_LOCK. You must also declare a
|
|
static MLOCK_T malloc_global_mutex = { initialization values };.
|
|
*/
|
|
|
|
#define USE_LOCK_BIT (0U)
|
|
#define INITIAL_LOCK(l) (0)
|
|
#define DESTROY_LOCK(l) (0)
|
|
#define ACQUIRE_MALLOC_GLOBAL_LOCK()
|
|
#define RELEASE_MALLOC_GLOBAL_LOCK()
|
|
|
|
/* ─────────────────────── Chunk representations ──────────────────────── */
|
|
|
|
/*
|
|
(The following includes lightly edited explanations by Colin Plumb.)
|
|
|
|
The malloc_chunk declaration below is misleading (but accurate and
|
|
necessary). It declares a "view" into memory allowing access to
|
|
necessary fields at known offsets from a given base.
|
|
|
|
Chunks of memory are maintained using a `boundary tag' method as
|
|
originally described by Knuth. (See the paper by Paul Wilson
|
|
ftp://ftp.cs.utexas.edu/pub/garbage/allocsrv.ps for a survey of such
|
|
techniques.) Sizes of free chunks are stored both in the front of
|
|
each chunk and at the end. This makes consolidating fragmented
|
|
chunks into bigger chunks fast. The head fields also hold bits
|
|
representing whether chunks are free or in use.
|
|
|
|
Here are some pictures to make it clearer. They are "exploded" to
|
|
show that the state of a chunk can be thought of as extending from
|
|
the high 31 bits of the head field of its header through the
|
|
prev_foot and PINUSE_BIT bit of the following chunk header.
|
|
|
|
A chunk that's in use looks like:
|
|
|
|
chunk→ ┌───────────────────────────────────────────────────────────────┐
|
|
│ Size of previous chunk (if P = 0) │
|
|
└─────────────────────────────────────────────────────────────┬─┤
|
|
┌─────────────────────────────────────────────────────────────┐ │P│
|
|
│ Size of this chunk 1│ └─┘
|
|
mem→ ├───────────────────────────────────────────────────────────────┐
|
|
│ │
|
|
├─ ─┤
|
|
│ │
|
|
├─ ─┤
|
|
│ :
|
|
├─ size - sizeof(size_t) available payload bytes ─┤
|
|
: │
|
|
chunk→ ├─ ─┤
|
|
│ │
|
|
└───────────────────────────────────────────────────────────────┤
|
|
┌─────────────────────────────────────────────────────────────┐ |1│
|
|
│ Size of next chunk (may or may not be in use) │ ├─┘
|
|
mem→ └───────────────────────────────────────────────────────────────┘
|
|
|
|
And if it's free, it looks like this:
|
|
|
|
chunk→ ┌─ ─┐
|
|
│ User payload (must be in use, or we would have merged!) │
|
|
└───────────────────────────────────────────────────────────────┤
|
|
┌─────────────────────────────────────────────────────────────┐ │P│
|
|
│ Size of this chunk 0│ │─┘
|
|
mem→ ├───────────────────────────────────────────────────────────────┤
|
|
│ Next pointer │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
│ Prev pointer │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
│ :
|
|
├─ size - sizeof(struct chunk) unused bytes ─┤
|
|
: │
|
|
chunk→ ├───────────────────────────────────────────────────────────────┤
|
|
│ Size of this chunk │
|
|
└───────────────────────────────────────────────────────────────┤
|
|
┌───────────────────────────────────────────────────────────────│0│
|
|
│ Size of next chunk (must be in use, or we would have merged)| │─┘
|
|
mem→ ├───────────────────────────────────────────────────────────────┤
|
|
│ :
|
|
├─ User payload ─┤
|
|
: │
|
|
└───────────────────────────────────────────────────────────────┤
|
|
│0│
|
|
└─┘
|
|
Note that since we always merge adjacent free chunks, the chunks
|
|
adjacent to a free chunk must be in use.
|
|
|
|
Given a pointer to a chunk (which can be derived trivially from the
|
|
payload pointer) we can, in O(1) time, find out whether the adjacent
|
|
chunks are free, and if so, unlink them from the lists that they
|
|
are on and merge them with the current chunk.
|
|
|
|
Chunks always begin on even word boundaries, so the mem portion
|
|
(which is returned to the user) is also on an even word boundary, and
|
|
thus at least double-word aligned.
|
|
|
|
The P (PINUSE_BIT) bit, stored in the unused low-order bit of the
|
|
chunk size (which is always a multiple of two words), is an in-use
|
|
bit for the *previous* chunk. If that bit is *clear*, then the
|
|
word before the current chunk size contains the previous chunk
|
|
size, and can be used to find the front of the previous chunk.
|
|
The very first chunk allocated always has this bit set, preventing
|
|
access to non-existent (or non-owned) memory. If pinuse is set for
|
|
any given chunk, then you CANNOT determine the size of the
|
|
previous chunk, and might even get a memory addressing fault when
|
|
trying to do so.
|
|
|
|
The C (CINUSE_BIT) bit, stored in the unused second-lowest bit of
|
|
the chunk size redundantly records whether the current chunk is
|
|
inuse (unless the chunk is mmapped). This redundancy enables usage
|
|
checks within free and realloc, and reduces indirection when freeing
|
|
and consolidating chunks.
|
|
|
|
Each freshly allocated chunk must have both cinuse and pinuse set.
|
|
That is, each allocated chunk borders either a previously allocated
|
|
and still in-use chunk, or the base of its memory arena. This is
|
|
ensured by making all allocations from the `lowest' part of any
|
|
found chunk. Further, no free chunk physically borders another one,
|
|
so each free chunk is known to be preceded and followed by either
|
|
inuse chunks or the ends of memory.
|
|
|
|
Note that the `foot' of the current chunk is actually represented
|
|
as the prev_foot of the NEXT chunk. This makes it easier to
|
|
deal with alignments etc but can be very confusing when trying
|
|
to extend or adapt this code.
|
|
|
|
The exceptions to all this are
|
|
|
|
1. The special chunk `top' is the top-most available chunk (i.e.,
|
|
the one bordering the end of available memory). It is treated
|
|
specially. Top is never included in any bin, is used only if
|
|
no other chunk is available, and is released back to the
|
|
system if it is very large (see M_TRIM_THRESHOLD). In effect,
|
|
the top chunk is treated as larger (and thus less well
|
|
fitting) than any other available chunk. The top chunk
|
|
doesn't update its trailing size field since there is no next
|
|
contiguous chunk that would have to index off it. However,
|
|
space is still allocated for it (TOP_FOOT_SIZE) to enable
|
|
separation or merging when space is extended.
|
|
|
|
3. Chunks allocated via mmap, have both cinuse and pinuse bits
|
|
cleared in their head fields. Because they are allocated
|
|
one-by-one, each must carry its own prev_foot field, which is
|
|
also used to hold the offset this chunk has within its mmapped
|
|
region, which is needed to preserve alignment. Each mmapped
|
|
chunk is trailed by the first two fields of a fake next-chunk
|
|
for sake of usage checks.
|
|
|
|
*/
|
|
|
|
struct malloc_chunk {
|
|
size_t prev_foot; /* Size of previous chunk (if free). */
|
|
size_t head; /* Size and inuse bits. */
|
|
struct malloc_chunk *fd; /* double links -- used only if free. */
|
|
struct malloc_chunk *bk;
|
|
};
|
|
|
|
typedef struct malloc_chunk mchunk;
|
|
typedef struct malloc_chunk *mchunkptr;
|
|
typedef struct malloc_chunk *sbinptr; /* The type of bins of chunks */
|
|
typedef unsigned int bindex_t; /* Described below */
|
|
typedef unsigned int binmap_t; /* Described below */
|
|
typedef unsigned int flag_t; /* The type of various bit flag sets */
|
|
|
|
/* ─────────────────── Chunks sizes and alignments ─────────────────────── */
|
|
|
|
#define MCHUNK_SIZE (sizeof(mchunk))
|
|
|
|
#define CHUNK_OVERHEAD (TWO_SIZE_T_SIZES)
|
|
|
|
/* MMapped chunks need a second word of overhead ... */
|
|
#define MMAP_CHUNK_OVERHEAD (TWO_SIZE_T_SIZES)
|
|
/* ... and additional padding for fake next-chunk at foot */
|
|
#define MMAP_FOOT_PAD (FOUR_SIZE_T_SIZES)
|
|
|
|
/* The smallest size we can malloc is an aligned minimal chunk */
|
|
#define MIN_CHUNK_SIZE ((MCHUNK_SIZE + CHUNK_ALIGN_MASK) & ~CHUNK_ALIGN_MASK)
|
|
|
|
/* conversion from malloc headers to user pointers, and back */
|
|
#define chunk2mem(p) ((void *)((char *)(p) + TWO_SIZE_T_SIZES))
|
|
#define mem2chunk(mem) ((mchunkptr)((char *)(mem)-TWO_SIZE_T_SIZES))
|
|
/* chunk associated with aligned address A */
|
|
#define align_as_chunk(A) (mchunkptr)((A) + align_offset(chunk2mem(A)))
|
|
|
|
/* Bounds on request (not chunk) sizes. */
|
|
#define MAX_REQUEST ((-MIN_CHUNK_SIZE) << 2)
|
|
#define MIN_REQUEST (MIN_CHUNK_SIZE - CHUNK_OVERHEAD - SIZE_T_ONE)
|
|
|
|
/* pad request bytes into a usable size */
|
|
#define pad_request(req) \
|
|
(((req) + CHUNK_OVERHEAD + CHUNK_ALIGN_MASK) & ~CHUNK_ALIGN_MASK)
|
|
|
|
/* pad request, checking for minimum (but not maximum) */
|
|
#define request2size(req) \
|
|
(((req) < MIN_REQUEST) ? MIN_CHUNK_SIZE : pad_request(req))
|
|
|
|
/* ────────────────── Operations on head and foot fields ───────────────── */
|
|
|
|
/*
|
|
The head field of a chunk is or'ed with PINUSE_BIT when previous
|
|
adjacent chunk in use, and or'ed with CINUSE_BIT if this chunk is in
|
|
use, unless mmapped, in which case both bits are cleared.
|
|
|
|
FLAG4_BIT is not used by this malloc, but might be useful in extensions.
|
|
*/
|
|
|
|
#define PINUSE_BIT (SIZE_T_ONE)
|
|
#define CINUSE_BIT (SIZE_T_TWO)
|
|
#define FLAG4_BIT (SIZE_T_FOUR)
|
|
#define INUSE_BITS (PINUSE_BIT | CINUSE_BIT)
|
|
#define FLAG_BITS (PINUSE_BIT | CINUSE_BIT | FLAG4_BIT)
|
|
|
|
/* Head value for fenceposts */
|
|
#define FENCEPOST_HEAD (INUSE_BITS | SIZE_T_SIZE)
|
|
|
|
/* extraction of fields from head words */
|
|
#define cinuse(p) ((p)->head & CINUSE_BIT)
|
|
#define pinuse(p) ((p)->head & PINUSE_BIT)
|
|
#define flag4inuse(p) ((p)->head & FLAG4_BIT)
|
|
#define is_inuse(p) (((p)->head & INUSE_BITS) != PINUSE_BIT)
|
|
#define is_mmapped(p) (((p)->head & INUSE_BITS) == 0)
|
|
|
|
#define chunksize(p) ((p)->head & ~(FLAG_BITS))
|
|
|
|
#define clear_pinuse(p) ((p)->head &= ~PINUSE_BIT)
|
|
#define set_flag4(p) ((p)->head |= FLAG4_BIT)
|
|
#define clear_flag4(p) ((p)->head &= ~FLAG4_BIT)
|
|
|
|
/* Treat space at ptr +/- offset as a chunk */
|
|
#define chunk_plus_offset(p, s) ((mchunkptr)(((char *)(p)) + (s)))
|
|
#define chunk_minus_offset(p, s) ((mchunkptr)(((char *)(p)) - (s)))
|
|
|
|
/* Ptr to next or previous physical malloc_chunk. */
|
|
#define next_chunk(p) ((mchunkptr)(((char *)(p)) + ((p)->head & ~FLAG_BITS)))
|
|
#define prev_chunk(p) ((mchunkptr)(((char *)(p)) - ((p)->prev_foot)))
|
|
|
|
/* extract next chunk's pinuse bit */
|
|
#define next_pinuse(p) ((next_chunk(p)->head) & PINUSE_BIT)
|
|
|
|
/* Get/set size at footer */
|
|
#define get_foot(p, s) (((mchunkptr)((char *)(p) + (s)))->prev_foot)
|
|
#define set_foot(p, s) (((mchunkptr)((char *)(p) + (s)))->prev_foot = (s))
|
|
|
|
/* Set size, pinuse bit, and foot */
|
|
#define set_size_and_pinuse_of_free_chunk(p, s) \
|
|
((p)->head = (s | PINUSE_BIT), set_foot(p, s))
|
|
|
|
/* Set size, pinuse bit, foot, and clear next pinuse */
|
|
#define set_free_with_pinuse(p, s, n) \
|
|
(clear_pinuse(n), set_size_and_pinuse_of_free_chunk(p, s))
|
|
|
|
/* Get the internal overhead associated with chunk p */
|
|
#define overhead_for(p) (is_mmapped(p) ? MMAP_CHUNK_OVERHEAD : CHUNK_OVERHEAD)
|
|
|
|
/* Return true if malloced space is not necessarily cleared */
|
|
|
|
#define calloc_must_clear(p) (!is_mmapped(p))
|
|
|
|
/* ────────────────────── Overlaid data structures ─────────────────────── */
|
|
|
|
/*
|
|
When chunks are not in use, they are treated as nodes of either
|
|
lists or trees.
|
|
|
|
"Small" chunks are stored in circular doubly-linked lists, and look
|
|
like this:
|
|
|
|
chunk→ ┌───────────────────────────────────────────────────────────────┐
|
|
│ Size of previous chunk │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
`head:' │ Size of chunk, in bytes |P│
|
|
mem→ ├───────────────────────────────────────────────────────────────┤
|
|
│ Forward pointer to next chunk in list │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
│ Back pointer to previous chunk in list │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
. Unused space (may be 0 bytes long) .
|
|
. .
|
|
│ │
|
|
nextchunk→ ├───────────────────────────────────────────────────────────────┤
|
|
`foot:' │ Size of chunk, in bytes │
|
|
└───────────────────────────────────────────────────────────────┘
|
|
|
|
Larger chunks are kept in a form of bitwise digital trees (aka
|
|
tries) keyed on chunksizes. Because malloc_tree_chunks are only for
|
|
free chunks greater than 256 bytes, their size doesn't impose any
|
|
constraints on user chunk sizes. Each node looks like:
|
|
|
|
chunk→ ┌───────────────────────────────────────────────────────────────┐
|
|
│ Size of previous chunk │
|
|
├─────────────────────────────────────────────────────────────┬─┤
|
|
`head:' │ Size of chunk, in bytes │P│
|
|
mem→ ├─────────────────────────────────────────────────────────────┴─┤
|
|
│ Forward pointer to next chunk of same size │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
│ Back pointer to previous chunk of same size │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
│ Pointer to left child (child[0]) │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
│ Pointer to right child (child[1]) │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
│ Pointer to parent │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
│ bin index of this chunk │
|
|
├───────────────────────────────────────────────────────────────┤
|
|
│ Unused space .
|
|
. │
|
|
nextchunk→ ├───────────────────────────────────────────────────────────────┤
|
|
`foot:' │ Size of chunk, in bytes │
|
|
└───────────────────────────────────────────────────────────────┘
|
|
|
|
Each tree holding treenodes is a tree of unique chunk sizes. Chunks
|
|
of the same size are arranged in a circularly-linked list, with only
|
|
the oldest chunk (the next to be used, in our FIFO ordering)
|
|
actually in the tree. (Tree members are distinguished by a non-null
|
|
parent pointer.) If a chunk with the same size an an existing node
|
|
is inserted, it is linked off the existing node using pointers that
|
|
work in the same way as fd/bk pointers of small chunks.
|
|
|
|
Each tree contains a power of 2 sized range of chunk sizes (the
|
|
smallest is 0x100 <= x < 0x180), which is is divided in half at each
|
|
tree level, with the chunks in the smaller half of the range (0x100
|
|
<= x < 0x140 for the top nose) in the left subtree and the larger
|
|
half (0x140 <= x < 0x180) in the right subtree. This is, of course,
|
|
done by inspecting individual bits.
|
|
|
|
Using these rules, each node's left subtree contains all smaller
|
|
sizes than its right subtree. However, the node at the root of each
|
|
subtree has no particular ordering relationship to either. (The
|
|
dividing line between the subtree sizes is based on trie relation.)
|
|
If we remove the last chunk of a given size from the interior of the
|
|
tree, we need to replace it with a leaf node. The tree ordering
|
|
rules permit a node to be replaced by any leaf below it.
|
|
|
|
The smallest chunk in a tree (a common operation in a best-fit
|
|
allocator) can be found by walking a path to the leftmost leaf in
|
|
the tree. Unlike a usual binary tree, where we follow left child
|
|
pointers until we reach a null, here we follow the right child
|
|
pointer any time the left one is null, until we reach a leaf with
|
|
both child pointers null. The smallest chunk in the tree will be
|
|
somewhere along that path.
|
|
|
|
The worst case number of steps to add, find, or remove a node is
|
|
bounded by the number of bits differentiating chunks within
|
|
bins. Under current bin calculations, this ranges from 6 up to 21
|
|
(for 32 bit sizes) or up to 53 (for 64 bit sizes). The typical case
|
|
is of course much better.
|
|
*/
|
|
|
|
struct malloc_tree_chunk {
|
|
/* The first four fields must be compatible with malloc_chunk */
|
|
size_t prev_foot;
|
|
size_t head;
|
|
struct malloc_tree_chunk *fd;
|
|
struct malloc_tree_chunk *bk;
|
|
|
|
struct malloc_tree_chunk *child[2];
|
|
struct malloc_tree_chunk *parent;
|
|
bindex_t index;
|
|
};
|
|
|
|
typedef struct malloc_tree_chunk tchunk;
|
|
typedef struct malloc_tree_chunk *tchunkptr;
|
|
typedef struct malloc_tree_chunk *tbinptr; /* The type of bins of trees */
|
|
|
|
/* A little helper macro for trees */
|
|
#define leftmost_child(t) ((t)->child[0] != 0 ? (t)->child[0] : (t)->child[1])
|
|
|
|
/* ───────────────────────────── Segments ──────────────────────────────── */
|
|
|
|
/*
|
|
Each malloc space may include non-contiguous segments, held in a
|
|
list headed by an embedded malloc_segment record representing the
|
|
top-most space. Segments also include flags holding properties of
|
|
the space. Large chunks that are directly allocated by mmap are not
|
|
included in this list. They are instead independently created and
|
|
destroyed without otherwise keeping track of them.
|
|
|
|
Segment management mainly comes into play for spaces allocated by
|
|
MMAP. Any call to MMAP might or might not return memory that is
|
|
adjacent to an existing segment. MORECORE normally contiguously
|
|
extends the current space, so this space is almost always adjacent,
|
|
which is simpler and faster to deal with. (This is why MORECORE is
|
|
used preferentially to MMAP when both are available -- see
|
|
sys_alloc.) When allocating using MMAP, we don't use any of the
|
|
hinting mechanisms (inconsistently) supported in various
|
|
implementations of unix mmap, or distinguish reserving from
|
|
committing memory. Instead, we just ask for space, and exploit
|
|
contiguity when we get it. It is probably possible to do
|
|
better than this on some systems, but no general scheme seems
|
|
to be significantly better.
|
|
|
|
Management entails a simpler variant of the consolidation scheme
|
|
used for chunks to reduce fragmentation -- new adjacent memory is
|
|
normally prepended or appended to an existing segment. However,
|
|
there are limitations compared to chunk consolidation that mostly
|
|
reflect the fact that segment processing is relatively infrequent
|
|
(occurring only when getting memory from system) and that we
|
|
don't expect to have huge numbers of segments:
|
|
|
|
* Segments are not indexed, so traversal requires linear scans. (It
|
|
would be possible to index these, but is not worth the extra
|
|
overhead and complexity for most programs on most platforms.)
|
|
* New segments are only appended to old ones when holding top-most
|
|
memory; if they cannot be prepended to others, they are held in
|
|
different segments.
|
|
|
|
Except for the top-most segment of an mstate, each segment record
|
|
is kept at the tail of its segment. Segments are added by pushing
|
|
segment records onto the list headed by &mstate.seg for the
|
|
containing mstate.
|
|
|
|
Segment flags control allocation/merge/deallocation policies:
|
|
* If EXTERN_BIT set, then we did not allocate this segment,
|
|
and so should not try to deallocate or merge with others.
|
|
(This currently holds only for the initial segment passed
|
|
into create_mspace_with_base.)
|
|
* If USE_MMAP_BIT set, the segment may be merged with
|
|
other surrounding mmapped segments and trimmed/de-allocated
|
|
using munmap.
|
|
* If neither bit is set, then the segment was obtained using
|
|
MORECORE so can be merged with surrounding MORECORE'd segments
|
|
and deallocated/trimmed using MORECORE with negative arguments.
|
|
*/
|
|
|
|
struct malloc_segment {
|
|
char *base; /* base address */
|
|
size_t size; /* allocated size */
|
|
struct malloc_segment *next; /* ptr to next segment */
|
|
flag_t sflags; /* mmap and extern flag */
|
|
};
|
|
|
|
#define is_mmapped_segment(S) ((S)->sflags & USE_MMAP_BIT)
|
|
#define is_extern_segment(S) ((S)->sflags & EXTERN_BIT)
|
|
|
|
typedef struct malloc_segment msegment;
|
|
typedef struct malloc_segment *msegmentptr;
|
|
|
|
/* ──────────────────────────── MallocState ───────────────────────────── */
|
|
|
|
/*
|
|
A MallocState holds all of the bookkeeping for a space.
|
|
The main fields are:
|
|
|
|
Top
|
|
The topmost chunk of the currently active segment. Its size is
|
|
cached in topsize. The actual size of topmost space is
|
|
topsize+TOP_FOOT_SIZE, which includes space reserved for adding
|
|
fenceposts and segment records if necessary when getting more
|
|
space from the system. The size at which to autotrim top is
|
|
cached from mparams in trim_check, except that it is disabled if
|
|
an autotrim fails.
|
|
|
|
Designated victim (dv)
|
|
This is the preferred chunk for servicing small requests that
|
|
don't have exact fits. It is normally the chunk split off most
|
|
recently to service another small request. Its size is cached in
|
|
dvsize. The link fields of this chunk are not maintained since it
|
|
is not kept in a bin.
|
|
|
|
SmallBins
|
|
An array of bin headers for free chunks. These bins hold chunks
|
|
with sizes less than MIN_LARGE_SIZE bytes. Each bin contains
|
|
chunks of all the same size, spaced 8 bytes apart. To simplify
|
|
use in double-linked lists, each bin header acts as a malloc_chunk
|
|
pointing to the real first node, if it exists (else pointing to
|
|
itself). This avoids special-casing for headers. But to avoid
|
|
waste, we allocate only the fd/bk pointers of bins, and then use
|
|
repositioning tricks to treat these as the fields of a chunk.
|
|
|
|
TreeBins
|
|
Treebins are pointers to the roots of trees holding a range of
|
|
sizes. There are 2 equally spaced treebins for each power of two
|
|
from TREE_SHIFT to TREE_SHIFT+16. The last bin holds anything
|
|
larger.
|
|
|
|
Bin maps
|
|
There is one bit map for small bins ("smallmap") and one for
|
|
treebins ("treemap). Each bin sets its bit when non-empty, and
|
|
clears the bit when empty. Bit operations are then used to avoid
|
|
bin-by-bin searching -- nearly all "search" is done without ever
|
|
looking at bins that won't be selected. The bit maps
|
|
conservatively use 32 bits per map word, even if on 64bit system.
|
|
For a good description of some of the bit-based techniques used
|
|
here, see Henry S. Warren Jr's book "Hacker's Delight" (and
|
|
supplement at http://hackersdelight.org/). Many of these are
|
|
intended to reduce the branchiness of paths through malloc etc, as
|
|
well as to reduce the number of memory locations read or written.
|
|
|
|
Segments
|
|
A list of segments headed by an embedded malloc_segment record
|
|
representing the initial space.
|
|
|
|
Address check support
|
|
The least_addr field is the least address ever obtained from
|
|
MORECORE or MMAP. Attempted frees and reallocs of any address less
|
|
than this are trapped (unless INSECURE is defined).
|
|
|
|
Magic tag
|
|
A cross-check field that should always hold same value as mparams.magic.
|
|
|
|
Max allowed footprint
|
|
The maximum allowed bytes to allocate from system (zero means no limit)
|
|
|
|
Flags
|
|
Bits recording whether to use MMAP, locks, or contiguous MORECORE
|
|
|
|
Statistics
|
|
Each space keeps track of current and maximum system memory
|
|
obtained via MORECORE or MMAP.
|
|
|
|
Trim support
|
|
Fields holding the amount of unused topmost memory that should trigger
|
|
trimming, and a counter to force periodic scanning to release unused
|
|
non-topmost segments.
|
|
|
|
Locking
|
|
If USE_LOCKS is defined, the "mutex" lock is acquired and released
|
|
around every public call using this mspace.
|
|
|
|
Extension support
|
|
A void* pointer and a size_t field that can be used to help implement
|
|
extensions to this malloc.
|
|
*/
|
|
|
|
struct MallocState {
|
|
binmap_t smallmap;
|
|
binmap_t treemap;
|
|
size_t dvsize;
|
|
size_t topsize;
|
|
char *least_addr;
|
|
mchunkptr dv;
|
|
mchunkptr top;
|
|
size_t trim_check;
|
|
size_t release_checks;
|
|
size_t magic;
|
|
mchunkptr smallbins[(NSMALLBINS + 1) * 2];
|
|
tbinptr treebins[NTREEBINS];
|
|
size_t footprint;
|
|
size_t max_footprint;
|
|
size_t footprint_limit; /* zero means no limit */
|
|
flag_t mflags;
|
|
msegment seg;
|
|
void *extp; /* Unused but available for extensions */
|
|
size_t exts;
|
|
};
|
|
|
|
struct MallocStats {
|
|
size_t maxfp;
|
|
size_t fp;
|
|
size_t used;
|
|
};
|
|
|
|
typedef struct MallocState *mstate;
|
|
|
|
extern struct MallocState g_dlmalloc[1];
|
|
|
|
/* ─────────────────────────────── Hooks ──────────────────────────────── */
|
|
|
|
#ifdef MTRACE /* TODO(jart): Add --mtrace flag for this */
|
|
void *AddressBirthAction(void *);
|
|
void *AddressDeathAction(void *);
|
|
#define ADDRESS_BIRTH_ACTION(A) AddressBirthAction(A)
|
|
#define ADDRESS_DEATH_ACTION(A) AddressDeathAction(A)
|
|
#else
|
|
#define ADDRESS_BIRTH_ACTION(A) (A)
|
|
#define ADDRESS_DEATH_ACTION(A) (A)
|
|
#endif
|
|
|
|
/*
|
|
PREACTION should be defined to return 0 on success, and nonzero on
|
|
failure. If you are not using locking, you can redefine these to do
|
|
anything you like.
|
|
*/
|
|
|
|
#define PREACTION(M) (0)
|
|
#define POSTACTION(M)
|
|
|
|
/*
|
|
CORRUPTION_ERROR_ACTION is triggered upon detected bad addresses.
|
|
USAGE_ERROR_ACTION is triggered on detected bad frees and
|
|
reallocs. The argument p is an address that might have triggered the
|
|
fault. It is ignored by the two predefined actions, but might be
|
|
useful in custom actions that try to help diagnose errors.
|
|
*/
|
|
|
|
#define CORRUPTION_ERROR_ACTION(m) MALLOC_ABORT
|
|
#define USAGE_ERROR_ACTION(m, p) MALLOC_ABORT
|
|
|
|
/* True if segment S holds address A */
|
|
#define segment_holds(S, A) \
|
|
((char *)(A) >= S->base && (char *)(A) < S->base + S->size)
|
|
|
|
/*
|
|
TOP_FOOT_SIZE is padding at the end of a segment, including space
|
|
that may be needed to place segment records and fenceposts when new
|
|
noncontiguous segments are added.
|
|
*/
|
|
#define TOP_FOOT_SIZE \
|
|
(align_offset(chunk2mem(0)) + pad_request(sizeof(struct malloc_segment)) + \
|
|
MIN_CHUNK_SIZE)
|
|
|
|
/* ───────────── Global MallocState and MallocParams ─────────────────── */
|
|
|
|
/*
|
|
MallocParams holds global properties, including those that can be
|
|
dynamically set using mallopt. There is a single instance, mparams,
|
|
initialized in init_mparams. Note that the non-zeroness of "magic"
|
|
also serves as an initialization flag.
|
|
*/
|
|
|
|
struct MallocParams {
|
|
size_t magic;
|
|
size_t page_size;
|
|
size_t granularity;
|
|
size_t mmap_threshold;
|
|
size_t trim_threshold;
|
|
flag_t default_mflags;
|
|
};
|
|
|
|
extern struct MallocParams g_mparams;
|
|
|
|
#define ensure_initialization() \
|
|
/* we use a constructor [jart] */ \
|
|
assert(g_mparams.magic != 0)
|
|
/* (void)(g_mparams.magic != 0 || init_mparams()) */
|
|
|
|
#define is_initialized(M) ((M)->top != 0)
|
|
#define is_page_aligned(S) \
|
|
(((size_t)(S) & (g_mparams.page_size - SIZE_T_ONE)) == 0)
|
|
#define is_granularity_aligned(S) \
|
|
(((size_t)(S) & (g_mparams.granularity - SIZE_T_ONE)) == 0)
|
|
|
|
/* ────────────────────────── system alloc setup ───────────────────────── */
|
|
|
|
/* Operations on mflags */
|
|
|
|
#define use_lock(M) ((M)->mflags & USE_LOCK_BIT)
|
|
#define enable_lock(M) ((M)->mflags |= USE_LOCK_BIT)
|
|
#if USE_LOCKS
|
|
#define disable_lock(M) ((M)->mflags &= ~USE_LOCK_BIT)
|
|
#else
|
|
#define disable_lock(M)
|
|
#endif
|
|
|
|
#define use_mmap(M) ((M)->mflags & USE_MMAP_BIT)
|
|
#define enable_mmap(M) ((M)->mflags |= USE_MMAP_BIT)
|
|
#if HAVE_MMAP
|
|
#define disable_mmap(M) ((M)->mflags &= ~USE_MMAP_BIT)
|
|
#else
|
|
#define disable_mmap(M)
|
|
#endif
|
|
|
|
#define use_noncontiguous(M) ((M)->mflags & USE_NONCONTIGUOUS_BIT)
|
|
#define disable_contiguous(M) ((M)->mflags |= USE_NONCONTIGUOUS_BIT)
|
|
|
|
#define set_lock(M, L) \
|
|
((M)->mflags = \
|
|
(L) ? ((M)->mflags | USE_LOCK_BIT) : ((M)->mflags & ~USE_LOCK_BIT))
|
|
|
|
/* page-align a size */
|
|
#define page_align(S) \
|
|
(((S) + (g_mparams.page_size - SIZE_T_ONE)) & \
|
|
~(g_mparams.page_size - SIZE_T_ONE))
|
|
|
|
/* granularity-align a size */
|
|
#define granularity_align(S) \
|
|
(((S) + (g_mparams.granularity - SIZE_T_ONE)) & \
|
|
~(g_mparams.granularity - SIZE_T_ONE))
|
|
|
|
#define mmap_align(s) granularity_align((size_t)(s))
|
|
|
|
/* ──────────────────────── Operations on bin maps ─────────────────────── */
|
|
|
|
#define idx2bit(i) ((binmap_t)(1) << (i))
|
|
#define mark_smallmap(M, i) ((M)->smallmap |= idx2bit(i))
|
|
#define clear_smallmap(M, i) ((M)->smallmap &= ~idx2bit(i))
|
|
#define smallmap_is_marked(M, i) ((M)->smallmap & idx2bit(i))
|
|
#define mark_treemap(M, i) ((M)->treemap |= idx2bit(i))
|
|
#define clear_treemap(M, i) ((M)->treemap &= ~idx2bit(i))
|
|
#define treemap_is_marked(M, i) ((M)->treemap & idx2bit(i))
|
|
#define least_bit(x) ((x) & -(x))
|
|
#define left_bits(x) ((x << 1) | -(x << 1))
|
|
#define same_or_left_bits(x) ((x) | -(x))
|
|
#define compute_bit2idx(X, I) \
|
|
{ \
|
|
unsigned int J; \
|
|
J = __builtin_ctz(X); \
|
|
I = (bindex_t)J; \
|
|
}
|
|
|
|
/* ──────────────────────────── Indexing Bins ──────────────────────────── */
|
|
|
|
#define is_small(s) (((s) >> SMALLBIN_SHIFT) < NSMALLBINS)
|
|
#define small_index(s) (bindex_t)((s) >> SMALLBIN_SHIFT)
|
|
#define small_index2size(i) ((i) << SMALLBIN_SHIFT)
|
|
#define MIN_SMALL_INDEX (small_index(MIN_CHUNK_SIZE))
|
|
|
|
/* addressing by index. See above about smallbin repositioning */
|
|
#define smallbin_at(M, i) ((sbinptr)((char *)&((M)->smallbins[(i) << 1])))
|
|
#define treebin_at(M, i) (&((M)->treebins[i]))
|
|
|
|
/* assign tree index for size S to variable I. */
|
|
#define compute_tree_index(S, I) \
|
|
{ \
|
|
unsigned int X = S >> TREEBIN_SHIFT; \
|
|
if (X == 0) \
|
|
I = 0; \
|
|
else if (X > 0xFFFF) \
|
|
I = NTREEBINS - 1; \
|
|
else { \
|
|
unsigned int K = \
|
|
(unsigned)sizeof(X) * __CHAR_BIT__ - 1 - (unsigned)__builtin_clz(X); \
|
|
I = (bindex_t)((K << 1) + ((S >> (K + (TREEBIN_SHIFT - 1)) & 1))); \
|
|
} \
|
|
}
|
|
|
|
/* Bit representing maximum resolved size in a treebin at i */
|
|
#define bit_for_tree_index(i) \
|
|
(i == NTREEBINS - 1) ? (SIZE_T_BITSIZE - 1) : (((i) >> 1) + TREEBIN_SHIFT - 2)
|
|
|
|
/* Shift placing maximum resolved bit in a treebin at i as sign bit */
|
|
#define leftshift_for_tree_index(i) \
|
|
((i == NTREEBINS - 1) \
|
|
? 0 \
|
|
: ((SIZE_T_BITSIZE - SIZE_T_ONE) - (((i) >> 1) + TREEBIN_SHIFT - 2)))
|
|
|
|
/* The size of the smallest chunk held in bin with index i */
|
|
#define minsize_for_tree_index(i) \
|
|
((SIZE_T_ONE << (((i) >> 1) + TREEBIN_SHIFT)) | \
|
|
(((size_t)((i)&SIZE_T_ONE)) << (((i) >> 1) + TREEBIN_SHIFT - 1)))
|
|
|
|
/* ─────────────────────── Runtime Check Support ───────────────────────── */
|
|
|
|
/*
|
|
For security, the main invariant is that malloc/free/etc never
|
|
writes to a static address other than MallocState, unless static
|
|
MallocState itself has been corrupted, which cannot occur via
|
|
malloc (because of these checks). In essence this means that we
|
|
believe all pointers, sizes, maps etc held in MallocState, but
|
|
check all of those linked or offsetted from other embedded data
|
|
structures. These checks are interspersed with main code in a way
|
|
that tends to minimize their run-time cost.
|
|
|
|
When FOOTERS is defined, in addition to range checking, we also
|
|
verify footer fields of inuse chunks, which can be used guarantee
|
|
that the mstate controlling malloc/free is intact. This is a
|
|
streamlined version of the approach described by William Robertson
|
|
et al in "Run-time Detection of Heap-based Overflows" LISA'03
|
|
http://www.usenix.org/events/lisa03/tech/robertson.html The footer
|
|
of an inuse chunk holds the xor of its mstate and a random seed,
|
|
that is checked upon calls to free() and realloc(). This is
|
|
(probabalistically) unguessable from outside the program, but can be
|
|
computed by any code successfully malloc'ing any chunk, so does not
|
|
itself provide protection against code that has already broken
|
|
security through some other means. Unlike Robertson et al, we
|
|
always dynamically check addresses of all offset chunks (previous,
|
|
next, etc). This turns out to be cheaper than relying on hashes.
|
|
*/
|
|
|
|
#if !IsTrustworthy()
|
|
/* Check if address a is at least as high as any from MORECORE or MMAP */
|
|
#define ok_address(M, a) ((char *)(a) >= (M)->least_addr)
|
|
/* Check if address of next chunk n is higher than base chunk p */
|
|
#define ok_next(p, n) ((char *)(p) < (char *)(n))
|
|
/* Check if p has inuse status */
|
|
#define ok_inuse(p) is_inuse(p)
|
|
/* Check if p has its pinuse bit on */
|
|
#define ok_pinuse(p) pinuse(p)
|
|
|
|
#else /* !IsTrustworthy() */
|
|
#define ok_address(M, a) (1)
|
|
#define ok_next(b, n) (1)
|
|
#define ok_inuse(p) (1)
|
|
#define ok_pinuse(p) (1)
|
|
#endif /* !IsTrustworthy() */
|
|
|
|
#if (FOOTERS && !IsTrustworthy())
|
|
/* Check if (alleged) mstate m has expected magic field */
|
|
#define ok_magic(M) \
|
|
((uintptr_t)(M) <= 0x00007ffffffffffful && (M)->magic == g_mparams.magic)
|
|
#else /* (FOOTERS && !IsTrustworthy()) */
|
|
#define ok_magic(M) (1)
|
|
#endif /* (FOOTERS && !IsTrustworthy()) */
|
|
|
|
/* In gcc, use __builtin_expect to minimize impact of checks */
|
|
#if !IsTrustworthy()
|
|
#if defined(__GNUC__) && __GNUC__ >= 3
|
|
#define RTCHECK(e) __builtin_expect(e, 1)
|
|
#else /* GNUC */
|
|
#define RTCHECK(e) (e)
|
|
#endif /* GNUC */
|
|
#else /* !IsTrustworthy() */
|
|
#define RTCHECK(e) (1)
|
|
#endif /* !IsTrustworthy() */
|
|
|
|
/* macros to set up inuse chunks with or without footers */
|
|
|
|
#if !FOOTERS
|
|
|
|
#define mark_inuse_foot(M, p, s)
|
|
|
|
/* Macros for setting head/foot of non-mmapped chunks */
|
|
|
|
/* Set cinuse bit and pinuse bit of next chunk */
|
|
#define set_inuse(M, p, s) \
|
|
((p)->head = (((p)->head & PINUSE_BIT) | s | CINUSE_BIT), \
|
|
((mchunkptr)(((char *)(p)) + (s)))->head |= PINUSE_BIT)
|
|
|
|
/* Set cinuse and pinuse of this chunk and pinuse of next chunk */
|
|
#define set_inuse_and_pinuse(M, p, s) \
|
|
((p)->head = (s | PINUSE_BIT | CINUSE_BIT), \
|
|
((mchunkptr)(((char *)(p)) + (s)))->head |= PINUSE_BIT)
|
|
|
|
/* Set size, cinuse and pinuse bit of this chunk */
|
|
#define set_size_and_pinuse_of_inuse_chunk(M, p, s) \
|
|
((p)->head = (s | PINUSE_BIT | CINUSE_BIT))
|
|
|
|
#else /* FOOTERS */
|
|
|
|
/* Set foot of inuse chunk to be xor of mstate and seed */
|
|
#define mark_inuse_foot(M, p, s) \
|
|
(((mchunkptr)((char *)(p) + (s)))->prev_foot = \
|
|
((size_t)(M) ^ g_mparams.magic))
|
|
|
|
#define get_mstate_for(p) \
|
|
((mstate)(((mchunkptr)((char *)(p) + (chunksize(p))))->prev_foot ^ \
|
|
g_mparams.magic))
|
|
|
|
#define set_inuse(M, p, s) \
|
|
((p)->head = (((p)->head & PINUSE_BIT) | s | CINUSE_BIT), \
|
|
(((mchunkptr)(((char *)(p)) + (s)))->head |= PINUSE_BIT), \
|
|
mark_inuse_foot(M, p, s))
|
|
|
|
#define set_inuse_and_pinuse(M, p, s) \
|
|
((p)->head = (s | PINUSE_BIT | CINUSE_BIT), \
|
|
(((mchunkptr)(((char *)(p)) + (s)))->head |= PINUSE_BIT), \
|
|
mark_inuse_foot(M, p, s))
|
|
|
|
#define set_size_and_pinuse_of_inuse_chunk(M, p, s) \
|
|
((p)->head = (s | PINUSE_BIT | CINUSE_BIT), mark_inuse_foot(M, p, s))
|
|
|
|
#endif /* !FOOTERS */
|
|
|
|
/* Return segment holding given address */
|
|
forceinline msegmentptr segment_holding(mstate m, char *addr) {
|
|
msegmentptr sp = &m->seg;
|
|
for (;;) {
|
|
if (addr >= sp->base && addr < sp->base + sp->size) return sp;
|
|
if ((sp = sp->next) == 0) return 0;
|
|
}
|
|
}
|
|
|
|
/* ─────────────────────── Operations on smallbins ─────────────────────── */
|
|
|
|
/*
|
|
Various forms of linking and unlinking are defined as macros. Even
|
|
the ones for trees, which are very long but have very short typical
|
|
paths. This is ugly but reduces reliance on inlining support of
|
|
compilers.
|
|
*/
|
|
|
|
/* Link a free chunk into a smallbin */
|
|
#define insert_small_chunk(M, P, S) \
|
|
{ \
|
|
bindex_t I = small_index(S); \
|
|
mchunkptr B = smallbin_at(M, I); \
|
|
mchunkptr F = B; \
|
|
assert(S >= MIN_CHUNK_SIZE); \
|
|
if (!smallmap_is_marked(M, I)) \
|
|
mark_smallmap(M, I); \
|
|
else if (RTCHECK(ok_address(M, B->fd))) \
|
|
F = B->fd; \
|
|
else { \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
} \
|
|
B->fd = P; \
|
|
F->bk = P; \
|
|
P->fd = F; \
|
|
P->bk = B; \
|
|
}
|
|
|
|
/* Unlink a chunk from a smallbin */
|
|
#define unlink_small_chunk(M, P, S) \
|
|
{ \
|
|
mchunkptr F = P->fd; \
|
|
mchunkptr B = P->bk; \
|
|
bindex_t I = small_index(S); \
|
|
assert(P != B); \
|
|
assert(P != F); \
|
|
assert(chunksize(P) == small_index2size(I)); \
|
|
if (RTCHECK(F == smallbin_at(M, I) || (ok_address(M, F) && F->bk == P))) { \
|
|
if (B == F) { \
|
|
clear_smallmap(M, I); \
|
|
} else if (RTCHECK(B == smallbin_at(M, I) || \
|
|
(ok_address(M, B) && B->fd == P))) { \
|
|
F->bk = B; \
|
|
B->fd = F; \
|
|
} else { \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
} \
|
|
} else { \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
} \
|
|
}
|
|
|
|
/* Unlink the first chunk from a smallbin */
|
|
#define unlink_first_small_chunk(M, B, P, I) \
|
|
{ \
|
|
mchunkptr F = P->fd; \
|
|
assert(P != B); \
|
|
assert(P != F); \
|
|
assert(chunksize(P) == small_index2size(I)); \
|
|
if (B == F) { \
|
|
clear_smallmap(M, I); \
|
|
} else if (RTCHECK(ok_address(M, F) && F->bk == P)) { \
|
|
F->bk = B; \
|
|
B->fd = F; \
|
|
} else { \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
} \
|
|
}
|
|
|
|
/* Replace dv node, binning the old one */
|
|
/* Used only when dvsize known to be small */
|
|
#define replace_dv(M, P, S) \
|
|
{ \
|
|
size_t DVS = M->dvsize; \
|
|
assert(is_small(DVS)); \
|
|
if (DVS != 0) { \
|
|
mchunkptr DV = M->dv; \
|
|
insert_small_chunk(M, DV, DVS); \
|
|
} \
|
|
M->dvsize = S; \
|
|
M->dv = P; \
|
|
}
|
|
|
|
/* ───────────────────────── Operations on trees ───────────────────────── */
|
|
|
|
/* Insert chunk into tree */
|
|
#define insert_large_chunk(M, X, S) \
|
|
{ \
|
|
tbinptr *H; \
|
|
bindex_t I; \
|
|
compute_tree_index(S, I); \
|
|
H = treebin_at(M, I); \
|
|
X->index = I; \
|
|
X->child[0] = X->child[1] = 0; \
|
|
if (!treemap_is_marked(M, I)) { \
|
|
mark_treemap(M, I); \
|
|
*H = X; \
|
|
X->parent = (tchunkptr)H; \
|
|
X->fd = X->bk = X; \
|
|
} else { \
|
|
tchunkptr T = *H; \
|
|
size_t K = S << leftshift_for_tree_index(I); \
|
|
for (;;) { \
|
|
if (chunksize(T) != S) { \
|
|
tchunkptr *C = \
|
|
&(T->child[(K >> (SIZE_T_BITSIZE - SIZE_T_ONE)) & 1]); \
|
|
K <<= 1; \
|
|
if (*C != 0) \
|
|
T = *C; \
|
|
else if (RTCHECK(ok_address(M, C))) { \
|
|
*C = X; \
|
|
X->parent = T; \
|
|
X->fd = X->bk = X; \
|
|
break; \
|
|
} else { \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
break; \
|
|
} \
|
|
} else { \
|
|
tchunkptr F = T->fd; \
|
|
if (RTCHECK(ok_address(M, T) && ok_address(M, F))) { \
|
|
T->fd = F->bk = X; \
|
|
X->fd = F; \
|
|
X->bk = T; \
|
|
X->parent = 0; \
|
|
break; \
|
|
} else { \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
break; \
|
|
} \
|
|
} \
|
|
} \
|
|
} \
|
|
}
|
|
|
|
/*
|
|
Unlink steps:
|
|
|
|
1. If x is a chained node, unlink it from its same-sized fd/bk links
|
|
and choose its bk node as its replacement.
|
|
2. If x was the last node of its size, but not a leaf node, it must
|
|
be replaced with a leaf node (not merely one with an open left or
|
|
right), to make sure that lefts and rights of descendents
|
|
correspond properly to bit masks. We use the rightmost descendent
|
|
of x. We could use any other leaf, but this is easy to locate and
|
|
tends to counteract removal of leftmosts elsewhere, and so keeps
|
|
paths shorter than minimally guaranteed. This doesn't loop much
|
|
because on average a node in a tree is near the bottom.
|
|
3. If x is the base of a chain (i.e., has parent links) relink
|
|
x's parent and children to x's replacement (or null if none).
|
|
*/
|
|
|
|
#define unlink_large_chunk(M, X) \
|
|
{ \
|
|
tchunkptr XP = X->parent; \
|
|
tchunkptr R; \
|
|
if (X->bk != X) { \
|
|
tchunkptr F = X->fd; \
|
|
R = X->bk; \
|
|
if (RTCHECK(ok_address(M, F) && F->bk == X && R->fd == X)) { \
|
|
F->bk = R; \
|
|
R->fd = F; \
|
|
} else { \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
} \
|
|
} else { \
|
|
tchunkptr *RP; \
|
|
if (((R = *(RP = &(X->child[1]))) != 0) || \
|
|
((R = *(RP = &(X->child[0]))) != 0)) { \
|
|
tchunkptr *CP; \
|
|
while ((*(CP = &(R->child[1])) != 0) || \
|
|
(*(CP = &(R->child[0])) != 0)) { \
|
|
R = *(RP = CP); \
|
|
} \
|
|
if (RTCHECK(ok_address(M, RP))) \
|
|
*RP = 0; \
|
|
else { \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
} \
|
|
} \
|
|
} \
|
|
if (XP != 0) { \
|
|
tbinptr *H = treebin_at(M, X->index); \
|
|
if (X == *H) { \
|
|
if ((*H = R) == 0) clear_treemap(M, X->index); \
|
|
} else if (RTCHECK(ok_address(M, XP))) { \
|
|
if (XP->child[0] == X) \
|
|
XP->child[0] = R; \
|
|
else \
|
|
XP->child[1] = R; \
|
|
} else \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
if (R != 0) { \
|
|
if (RTCHECK(ok_address(M, R))) { \
|
|
tchunkptr C0, C1; \
|
|
R->parent = XP; \
|
|
if ((C0 = X->child[0]) != 0) { \
|
|
if (RTCHECK(ok_address(M, C0))) { \
|
|
R->child[0] = C0; \
|
|
C0->parent = R; \
|
|
} else \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
} \
|
|
if ((C1 = X->child[1]) != 0) { \
|
|
if (RTCHECK(ok_address(M, C1))) { \
|
|
R->child[1] = C1; \
|
|
C1->parent = R; \
|
|
} else \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
} \
|
|
} else \
|
|
CORRUPTION_ERROR_ACTION(M); \
|
|
} \
|
|
} \
|
|
}
|
|
|
|
/* Relays to large vs small bin operations */
|
|
#define insert_chunk(M, P, S) \
|
|
if (is_small(S)) insert_small_chunk(M, P, S) else { \
|
|
tchunkptr TP = (tchunkptr)(P); \
|
|
insert_large_chunk(M, TP, S); \
|
|
}
|
|
#define unlink_chunk(M, P, S) \
|
|
if (is_small(S)) unlink_small_chunk(M, P, S) else { \
|
|
tchunkptr TP = (tchunkptr)(P); \
|
|
unlink_large_chunk(M, TP); \
|
|
}
|
|
|
|
#ifndef MORECORE_CANNOT_TRIM
|
|
#define should_trim(M, s) ((s) > (M)->trim_check)
|
|
#else /* MORECORE_CANNOT_TRIM */
|
|
#define should_trim(M, s) (0)
|
|
#endif /* MORECORE_CANNOT_TRIM */
|
|
|
|
/*
|
|
TOP_FOOT_SIZE is padding at the end of a segment, including space
|
|
that may be needed to place segment records and fenceposts when new
|
|
noncontiguous segments are added.
|
|
*/
|
|
#define TOP_FOOT_SIZE \
|
|
(align_offset(chunk2mem(0)) + pad_request(sizeof(struct malloc_segment)) + \
|
|
MIN_CHUNK_SIZE)
|
|
|
|
/* ────────────────────────── Debugging setup ──────────────────────────── */
|
|
|
|
#if !(DEBUG + MODE_DBG + 0)
|
|
#define check_free_chunk(M, P)
|
|
#define check_inuse_chunk(M, P)
|
|
#define check_malloced_chunk(M, P, N)
|
|
#define check_mmapped_chunk(M, P)
|
|
#define check_malloc_state(M)
|
|
#define check_top_chunk(M, P)
|
|
#else /* DEBUG */
|
|
#define check_free_chunk(M, P) do_check_free_chunk(M, P)
|
|
#define check_inuse_chunk(M, P) do_check_inuse_chunk(M, P)
|
|
#define check_top_chunk(M, P) do_check_top_chunk(M, P)
|
|
#define check_malloced_chunk(M, P, N) do_check_malloced_chunk(M, P, N)
|
|
#define check_mmapped_chunk(M, P) do_check_mmapped_chunk(M, P)
|
|
#define check_malloc_state(M) do_check_malloc_state(M)
|
|
#endif /* DEBUG */
|
|
|
|
void do_check_free_chunk(mstate m, mchunkptr p) hidden;
|
|
void do_check_inuse_chunk(mstate m, mchunkptr p) hidden;
|
|
void do_check_top_chunk(mstate m, mchunkptr p) hidden;
|
|
void do_check_malloced_chunk(mstate m, void *mem, size_t s) hidden;
|
|
void do_check_mmapped_chunk(mstate m, mchunkptr p) hidden;
|
|
void do_check_malloc_state(mstate m) hidden;
|
|
|
|
/* ─────────────────────────── prototypes ──────────────────────────────── */
|
|
|
|
void *dlmalloc(size_t) hidden;
|
|
void *dlcalloc(size_t, size_t) hidden;
|
|
void dlfree(void *) nothrow nocallback hidden;
|
|
void *dlmemalign$impl(mstate, size_t, size_t) hidden;
|
|
void *dlrealloc(void *, size_t) hidden;
|
|
void *dlrealloc_in_place(void *, size_t) hidden;
|
|
void *dlvalloc(size_t) hidden;
|
|
void *dlpvalloc(size_t) hidden;
|
|
void *dlmemalign(size_t, size_t) hidden;
|
|
int dlmalloc_trim(size_t) hidden;
|
|
size_t dlmalloc_usable_size(const void *) hidden;
|
|
int dlposix_memalign(void **, size_t, size_t) hidden;
|
|
void **dlindependent_calloc(size_t, size_t, void *[]) hidden;
|
|
void **dlindependent_comalloc(size_t, size_t[], void *[]) hidden;
|
|
struct MallocStats dlmalloc_stats(mstate) hidden;
|
|
int dlmalloc_sys_trim(mstate, size_t) hidden;
|
|
void dlmalloc_dispose_chunk(mstate, mchunkptr, size_t) hidden;
|
|
mchunkptr dlmalloc_try_realloc_chunk(mstate, mchunkptr, size_t, int) hidden;
|
|
|
|
COSMOPOLITAN_C_END_
|
|
#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
|
|
#endif /* !ANSI */
|
|
#endif /* COSMOPOLITAN_LIBC_MEM_DLMALLOC_H_ */
|