Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 9ed821d7e5d875a3395740a9cc2545671fa429b7 / . / ap / build / uClibc / libc / stdlib / malloc-standard / malloc.c
blob: 3253ebda67548f0e2568e6b86da4116acde18a71 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame^]1/*
2 This is a version (aka dlmalloc) of malloc/free/realloc written by
3 Doug Lea and released to the public domain. Use, modify, and
4 redistribute this code without permission or acknowledgement in any
5 way you wish. Send questions, comments, complaints, performance
6 data, etc to dl@cs.oswego.edu
7
8 VERSION 2.7.2 Sat Aug 17 09:07:30 2002 Doug Lea (dl at gee)
9
10 Note: There may be an updated version of this malloc obtainable at
11 ftp://gee.cs.oswego.edu/pub/misc/malloc.c
12 Check before installing!
13
14 Hacked up for uClibc by Erik Andersen <andersen@codepoet.org>
15*/
16
17#include "malloc.h"
18
19
20__UCLIBC_MUTEX_INIT(__malloc_lock, PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP);
21
22/*
23 There is exactly one instance of this struct in this malloc.
24 If you are adapting this malloc in a way that does NOT use a static
25 malloc_state, you MUST explicitly zero-fill it before using. This
26 malloc relies on the property that malloc_state is initialized to
27 all zeroes (as is true of C statics).
28*/
29struct malloc_state __malloc_state; /* never directly referenced */
30
31/* forward declaration */
32static int __malloc_largebin_index(unsigned int sz);
33
34#ifdef __UCLIBC_MALLOC_DEBUGGING__
35
36/*
37 Debugging support
38
39 Because freed chunks may be overwritten with bookkeeping fields, this
40 malloc will often die when freed memory is overwritten by user
41 programs. This can be very effective (albeit in an annoying way)
42 in helping track down dangling pointers.
43
44 If you compile with __UCLIBC_MALLOC_DEBUGGING__, a number of assertion checks are
45 enabled that will catch more memory errors. You probably won't be
46 able to make much sense of the actual assertion errors, but they
47 should help you locate incorrectly overwritten memory. The
48 checking is fairly extensive, and will slow down execution
49 noticeably. Calling malloc_stats or mallinfo with __UCLIBC_MALLOC_DEBUGGING__ set will
50 attempt to check every non-mmapped allocated and free chunk in the
51 course of computing the summmaries. (By nature, mmapped regions
52 cannot be checked very much automatically.)
53
54 Setting __UCLIBC_MALLOC_DEBUGGING__ may also be helpful if you are trying to modify
55 this code. The assertions in the check routines spell out in more
56 detail the assumptions and invariants underlying the algorithms.
57
58 Setting __UCLIBC_MALLOC_DEBUGGING__ does NOT provide an automated mechanism for checking
59 that all accesses to malloced memory stay within their
60 bounds. However, there are several add-ons and adaptations of this
61 or other mallocs available that do this.
62*/
63
64/* Properties of all chunks */
65void __do_check_chunk(mchunkptr p)
66{
67 mstate av = get_malloc_state();
68#ifdef __DOASSERTS__
69 /* min and max possible addresses assuming contiguous allocation */
70 char* max_address = (char*)(av->top) + chunksize(av->top);
71 char* min_address = max_address - av->sbrked_mem;
72 unsigned long sz = chunksize(p);
73#endif
74
75 if (!chunk_is_mmapped(p)) {
76
77 /* Has legal address ... */
78 if (p != av->top) {
79 if (contiguous(av)) {
80 assert(((char*)p) >= min_address);
81 assert(((char*)p + sz) <= ((char*)(av->top)));
82 }
83 }
84 else {
85 /* top size is always at least MINSIZE */
86 assert((unsigned long)(sz) >= MINSIZE);
87 /* top predecessor always marked inuse */
88 assert(prev_inuse(p));
89 }
90
91 }
92 else {
93 /* address is outside main heap */
94 if (contiguous(av) && av->top != initial_top(av)) {
95 assert(((char*)p) < min_address || ((char*)p) > max_address);
96 }
97 /* chunk is page-aligned */
98 assert(((p->prev_size + sz) & (av->pagesize-1)) == 0);
99 /* mem is aligned */
100 assert(aligned_OK(chunk2mem(p)));
101 }
102}
103
104/* Properties of free chunks */
105void __do_check_free_chunk(mchunkptr p)
106{
107 size_t sz = p->size & ~PREV_INUSE;
108#ifdef __DOASSERTS__
109 mstate av = get_malloc_state();
110 mchunkptr next = chunk_at_offset(p, sz);
111#endif
112
113 __do_check_chunk(p);
114
115 /* Chunk must claim to be free ... */
116 assert(!inuse(p));
117 assert (!chunk_is_mmapped(p));
118
119 /* Unless a special marker, must have OK fields */
120 if ((unsigned long)(sz) >= MINSIZE)
121 {
122 assert((sz & MALLOC_ALIGN_MASK) == 0);
123 assert(aligned_OK(chunk2mem(p)));
124 /* ... matching footer field */
125 assert(next->prev_size == sz);
126 /* ... and is fully consolidated */
127 assert(prev_inuse(p));
128 assert (next == av->top || inuse(next));
129
130 /* ... and has minimally sane links */
131 assert(p->fd->bk == p);
132 assert(p->bk->fd == p);
133 }
134 else /* markers are always of size (sizeof(size_t)) */
135 assert(sz == (sizeof(size_t)));
136}
137
138/* Properties of inuse chunks */
139void __do_check_inuse_chunk(mchunkptr p)
140{
141 mstate av = get_malloc_state();
142 mchunkptr next;
143 __do_check_chunk(p);
144
145 if (chunk_is_mmapped(p))
146 return; /* mmapped chunks have no next/prev */
147
148 /* Check whether it claims to be in use ... */
149 assert(inuse(p));
150
151 next = next_chunk(p);
152
153 /* ... and is surrounded by OK chunks.
154 Since more things can be checked with free chunks than inuse ones,
155 if an inuse chunk borders them and debug is on, it's worth doing them.
156 */
157 if (!prev_inuse(p)) {
158 /* Note that we cannot even look at prev unless it is not inuse */
159 mchunkptr prv = prev_chunk(p);
160 assert(next_chunk(prv) == p);
161 __do_check_free_chunk(prv);
162 }
163
164 if (next == av->top) {
165 assert(prev_inuse(next));
166 assert(chunksize(next) >= MINSIZE);
167 }
168 else if (!inuse(next))
169 __do_check_free_chunk(next);
170}
171
172/* Properties of chunks recycled from fastbins */
173void __do_check_remalloced_chunk(mchunkptr p, size_t s)
174{
175#ifdef __DOASSERTS__
176 size_t sz = p->size & ~PREV_INUSE;
177#endif
178
179 __do_check_inuse_chunk(p);
180
181 /* Legal size ... */
182 assert((sz & MALLOC_ALIGN_MASK) == 0);
183 assert((unsigned long)(sz) >= MINSIZE);
184 /* ... and alignment */
185 assert(aligned_OK(chunk2mem(p)));
186 /* chunk is less than MINSIZE more than request */
187 assert((long)(sz) - (long)(s) >= 0);
188 assert((long)(sz) - (long)(s + MINSIZE) < 0);
189}
190
191/* Properties of nonrecycled chunks at the point they are malloced */
192void __do_check_malloced_chunk(mchunkptr p, size_t s)
193{
194 /* same as recycled case ... */
195 __do_check_remalloced_chunk(p, s);
196
197 /*
198 ... plus, must obey implementation invariant that prev_inuse is
199 always true of any allocated chunk; i.e., that each allocated
200 chunk borders either a previously allocated and still in-use
201 chunk, or the base of its memory arena. This is ensured
202 by making all allocations from the the `lowest' part of any found
203 chunk. This does not necessarily hold however for chunks
204 recycled via fastbins.
205 */
206
207 assert(prev_inuse(p));
208}
209
210
211/*
212 Properties of malloc_state.
213
214 This may be useful for debugging malloc, as well as detecting user
215 programmer errors that somehow write into malloc_state.
216
217 If you are extending or experimenting with this malloc, you can
218 probably figure out how to hack this routine to print out or
219 display chunk addresses, sizes, bins, and other instrumentation.
220*/
221void __do_check_malloc_state(void)
222{
223 mstate av = get_malloc_state();
224 int i;
225 mchunkptr p;
226 mchunkptr q;
227 mbinptr b;
228 unsigned int binbit;
229 int empty;
230 unsigned int idx;
231 size_t size;
232 unsigned long total = 0;
233 int max_fast_bin;
234
235 /* internal size_t must be no wider than pointer type */
236 assert(sizeof(size_t) <= sizeof(char*));
237
238 /* alignment is a power of 2 */
239 assert((MALLOC_ALIGNMENT & (MALLOC_ALIGNMENT-1)) == 0);
240
241 /* cannot run remaining checks until fully initialized */
242 if (av->top == 0 || av->top == initial_top(av))
243 return;
244
245 /* pagesize is a power of 2 */
246 assert((av->pagesize & (av->pagesize-1)) == 0);
247
248 /* properties of fastbins */
249
250 /* max_fast is in allowed range */
251 assert(get_max_fast(av) <= request2size(MAX_FAST_SIZE));
252
253 max_fast_bin = fastbin_index(av->max_fast);
254
255 for (i = 0; i < NFASTBINS; ++i) {
256 p = av->fastbins[i];
257
258 /* all bins past max_fast are empty */
259 if (i > max_fast_bin)
260 assert(p == 0);
261
262 while (p != 0) {
263 /* each chunk claims to be inuse */
264 __do_check_inuse_chunk(p);
265 total += chunksize(p);
266 /* chunk belongs in this bin */
267 assert(fastbin_index(chunksize(p)) == i);
268 p = p->fd;
269 }
270 }
271
272 if (total != 0)
273 assert(have_fastchunks(av));
274 else if (!have_fastchunks(av))
275 assert(total == 0);
276
277 /* check normal bins */
278 for (i = 1; i < NBINS; ++i) {
279 b = bin_at(av,i);
280
281 /* binmap is accurate (except for bin 1 == unsorted_chunks) */
282 if (i >= 2) {
283 binbit = get_binmap(av,i);
284 empty = last(b) == b;
285 if (!binbit)
286 assert(empty);
287 else if (!empty)
288 assert(binbit);
289 }
290
291 for (p = last(b); p != b; p = p->bk) {
292 /* each chunk claims to be free */
293 __do_check_free_chunk(p);
294 size = chunksize(p);
295 total += size;
296 if (i >= 2) {
297 /* chunk belongs in bin */
298 idx = bin_index(size);
299 assert(idx == i);
300 /* lists are sorted */
301 if ((unsigned long) size >= (unsigned long)(FIRST_SORTED_BIN_SIZE)) {
302 assert(p->bk == b ||
303 (unsigned long)chunksize(p->bk) >=
304 (unsigned long)chunksize(p));
305 }
306 }
307 /* chunk is followed by a legal chain of inuse chunks */
308 for (q = next_chunk(p);
309 (q != av->top && inuse(q) &&
310 (unsigned long)(chunksize(q)) >= MINSIZE);
311 q = next_chunk(q))
312 __do_check_inuse_chunk(q);
313 }
314 }
315
316 /* top chunk is OK */
317 __do_check_chunk(av->top);
318
319 /* sanity checks for statistics */
320
321 assert(total <= (unsigned long)(av->max_total_mem));
322 assert(av->n_mmaps >= 0);
323 assert(av->n_mmaps <= av->max_n_mmaps);
324
325 assert((unsigned long)(av->sbrked_mem) <=
326 (unsigned long)(av->max_sbrked_mem));
327
328 assert((unsigned long)(av->mmapped_mem) <=
329 (unsigned long)(av->max_mmapped_mem));
330
331 assert((unsigned long)(av->max_total_mem) >=
332 (unsigned long)(av->mmapped_mem) + (unsigned long)(av->sbrked_mem));
333}
334#endif
335
336
337/* ----------- Routines dealing with system allocation -------------- */
338
339/*
340 sysmalloc handles malloc cases requiring more memory from the system.
341 On entry, it is assumed that av->top does not have enough
342 space to service request for nb bytes, thus requiring that av->top
343 be extended or replaced.
344*/
345static void* __malloc_alloc(size_t nb, mstate av)
346{
347 mchunkptr old_top; /* incoming value of av->top */
348 size_t old_size; /* its size */
349 char* old_end; /* its end address */
350
351 long size; /* arg to first MORECORE or mmap call */
352 char* fst_brk; /* return value from MORECORE */
353
354 long correction; /* arg to 2nd MORECORE call */
355 char* snd_brk; /* 2nd return val */
356
357 size_t front_misalign; /* unusable bytes at front of new space */
358 size_t end_misalign; /* partial page left at end of new space */
359 char* aligned_brk; /* aligned offset into brk */
360
361 mchunkptr p; /* the allocated/returned chunk */
362 mchunkptr remainder; /* remainder from allocation */
363 unsigned long remainder_size; /* its size */
364
365 unsigned long sum; /* for updating stats */
366
367 size_t pagemask = av->pagesize - 1;
368
369 /*
370 If there is space available in fastbins, consolidate and retry
371 malloc from scratch rather than getting memory from system. This
372 can occur only if nb is in smallbin range so we didn't consolidate
373 upon entry to malloc. It is much easier to handle this case here
374 than in malloc proper.
375 */
376
377 if (have_fastchunks(av)) {
378 assert(in_smallbin_range(nb));
379 __malloc_consolidate(av);
380 return malloc(nb - MALLOC_ALIGN_MASK);
381 }
382
383
384 /*
385 If have mmap, and the request size meets the mmap threshold, and
386 the system supports mmap, and there are few enough currently
387 allocated mmapped regions, try to directly map this request
388 rather than expanding top.
389 */
390
391 if ((unsigned long)(nb) >= (unsigned long)(av->mmap_threshold) &&
392 (av->n_mmaps < av->n_mmaps_max)) {
393
394 char* mm; /* return value from mmap call*/
395
396 /*
397 Round up size to nearest page. For mmapped chunks, the overhead
398 is one (sizeof(size_t)) unit larger than for normal chunks, because there
399 is no following chunk whose prev_size field could be used.
400 */
401 size = (nb + (sizeof(size_t)) + MALLOC_ALIGN_MASK + pagemask) & ~pagemask;
402
403 /* Don't try if size wraps around 0 */
404 if ((unsigned long)(size) > (unsigned long)(nb)) {
405
406 mm = (char*)(MMAP(0, size, PROT_READ|PROT_WRITE));
407
408 if (mm != (char*)(MORECORE_FAILURE)) {
409
410 /*
411 The offset to the start of the mmapped region is stored
412 in the prev_size field of the chunk. This allows us to adjust
413 returned start address to meet alignment requirements here
414 and in memalign(), and still be able to compute proper
415 address argument for later munmap in free() and realloc().
416 */
417
418 front_misalign = (size_t)chunk2mem(mm) & MALLOC_ALIGN_MASK;
419 if (front_misalign > 0) {
420 correction = MALLOC_ALIGNMENT - front_misalign;
421 p = (mchunkptr)(mm + correction);
422 p->prev_size = correction;
423 set_head(p, (size - correction) |IS_MMAPPED);
424 }
425 else {
426 p = (mchunkptr)mm;
427 p->prev_size = 0;
428 set_head(p, size|IS_MMAPPED);
429 }
430
431 /* update statistics */
432
433 if (++av->n_mmaps > av->max_n_mmaps)
434 av->max_n_mmaps = av->n_mmaps;
435
436 sum = av->mmapped_mem += size;
437 if (sum > (unsigned long)(av->max_mmapped_mem))
438 av->max_mmapped_mem = sum;
439 sum += av->sbrked_mem;
440 if (sum > (unsigned long)(av->max_total_mem))
441 av->max_total_mem = sum;
442
443 check_chunk(p);
444
445 return chunk2mem(p);
446 }
447 }
448 }
449
450 /* Record incoming configuration of top */
451
452 old_top = av->top;
453 old_size = chunksize(old_top);
454 old_end = (char*)(chunk_at_offset(old_top, old_size));
455
456 fst_brk = snd_brk = (char*)(MORECORE_FAILURE);
457
458 /* If not the first time through, we require old_size to
459 * be at least MINSIZE and to have prev_inuse set. */
460
461 assert((old_top == initial_top(av) && old_size == 0) ||
462 ((unsigned long) (old_size) >= MINSIZE &&
463 prev_inuse(old_top)));
464
465 /* Precondition: not enough current space to satisfy nb request */
466 assert((unsigned long)(old_size) < (unsigned long)(nb + MINSIZE));
467
468 /* Precondition: all fastbins are consolidated */
469 assert(!have_fastchunks(av));
470
471
472 /* Request enough space for nb + pad + overhead */
473
474 size = nb + av->top_pad + MINSIZE;
475
476 /*
477 If contiguous, we can subtract out existing space that we hope to
478 combine with new space. We add it back later only if
479 we don't actually get contiguous space.
480 */
481
482 if (contiguous(av))
483 size -= old_size;
484
485 /*
486 Round to a multiple of page size.
487 If MORECORE is not contiguous, this ensures that we only call it
488 with whole-page arguments. And if MORECORE is contiguous and
489 this is not first time through, this preserves page-alignment of
490 previous calls. Otherwise, we correct to page-align below.
491 */
492
493 size = (size + pagemask) & ~pagemask;
494
495 /*
496 Don't try to call MORECORE if argument is so big as to appear
497 negative. Note that since mmap takes size_t arg, it may succeed
498 below even if we cannot call MORECORE.
499 */
500
501 if (size > 0)
502 fst_brk = (char*)(MORECORE(size));
503
504 /*
505 If have mmap, try using it as a backup when MORECORE fails or
506 cannot be used. This is worth doing on systems that have "holes" in
507 address space, so sbrk cannot extend to give contiguous space, but
508 space is available elsewhere. Note that we ignore mmap max count
509 and threshold limits, since the space will not be used as a
510 segregated mmap region.
511 */
512
513 if (fst_brk == (char*)(MORECORE_FAILURE)) {
514
515 /* Cannot merge with old top, so add its size back in */
516 if (contiguous(av))
517 size = (size + old_size + pagemask) & ~pagemask;
518
519 /* If we are relying on mmap as backup, then use larger units */
520 if ((unsigned long)(size) < (unsigned long)(MMAP_AS_MORECORE_SIZE))
521 size = MMAP_AS_MORECORE_SIZE;
522
523 /* Don't try if size wraps around 0 */
524 if ((unsigned long)(size) > (unsigned long)(nb)) {
525
526 fst_brk = (char*)(MMAP(0, size, PROT_READ|PROT_WRITE));
527
528 if (fst_brk != (char*)(MORECORE_FAILURE)) {
529
530 /* We do not need, and cannot use, another sbrk call to find end */
531 snd_brk = fst_brk + size;
532
533 /* Record that we no longer have a contiguous sbrk region.
534 After the first time mmap is used as backup, we do not
535 ever rely on contiguous space since this could incorrectly
536 bridge regions.
537 */
538 set_noncontiguous(av);
539 }
540 }
541 }
542
543 if (fst_brk != (char*)(MORECORE_FAILURE)) {
544 av->sbrked_mem += size;
545
546 /*
547 If MORECORE extends previous space, we can likewise extend top size.
548 */
549
550 if (fst_brk == old_end && snd_brk == (char*)(MORECORE_FAILURE)) {
551 set_head(old_top, (size + old_size) | PREV_INUSE);
552 }
553
554 /*
555 Otherwise, make adjustments:
556
557 * If the first time through or noncontiguous, we need to call sbrk
558 just to find out where the end of memory lies.
559
560 * We need to ensure that all returned chunks from malloc will meet
561 MALLOC_ALIGNMENT
562
563 * If there was an intervening foreign sbrk, we need to adjust sbrk
564 request size to account for fact that we will not be able to
565 combine new space with existing space in old_top.
566
567 * Almost all systems internally allocate whole pages at a time, in
568 which case we might as well use the whole last page of request.
569 So we allocate enough more memory to hit a page boundary now,
570 which in turn causes future contiguous calls to page-align.
571 */
572
573 else {
574 front_misalign = 0;
575 end_misalign = 0;
576 correction = 0;
577 aligned_brk = fst_brk;
578
579 /*
580 If MORECORE returns an address lower than we have seen before,
581 we know it isn't really contiguous. This and some subsequent
582 checks help cope with non-conforming MORECORE functions and
583 the presence of "foreign" calls to MORECORE from outside of
584 malloc or by other threads. We cannot guarantee to detect
585 these in all cases, but cope with the ones we do detect.
586 */
587 if (contiguous(av) && old_size != 0 && fst_brk < old_end) {
588 set_noncontiguous(av);
589 }
590
591 /* handle contiguous cases */
592 if (contiguous(av)) {
593
594 /* We can tolerate forward non-contiguities here (usually due
595 to foreign calls) but treat them as part of our space for
596 stats reporting. */
597 if (old_size != 0)
598 av->sbrked_mem += fst_brk - old_end;
599
600 /* Guarantee alignment of first new chunk made from this space */
601
602 front_misalign = (size_t)chunk2mem(fst_brk) & MALLOC_ALIGN_MASK;
603 if (front_misalign > 0) {
604
605 /*
606 Skip over some bytes to arrive at an aligned position.
607 We don't need to specially mark these wasted front bytes.
608 They will never be accessed anyway because
609 prev_inuse of av->top (and any chunk created from its start)
610 is always true after initialization.
611 */
612
613 correction = MALLOC_ALIGNMENT - front_misalign;
614 aligned_brk += correction;
615 }
616
617 /*
618 If this isn't adjacent to existing space, then we will not
619 be able to merge with old_top space, so must add to 2nd request.
620 */
621
622 correction += old_size;
623
624 /* Extend the end address to hit a page boundary */
625 end_misalign = (size_t)(fst_brk + size + correction);
626 correction += ((end_misalign + pagemask) & ~pagemask) - end_misalign;
627
628 assert(correction >= 0);
629 snd_brk = (char*)(MORECORE(correction));
630
631 if (snd_brk == (char*)(MORECORE_FAILURE)) {
632 /*
633 If can't allocate correction, try to at least find out current
634 brk. It might be enough to proceed without failing.
635 */
636 correction = 0;
637 snd_brk = (char*)(MORECORE(0));
638 }
639 else if (snd_brk < fst_brk) {
640 /*
641 If the second call gives noncontiguous space even though
642 it says it won't, the only course of action is to ignore
643 results of second call, and conservatively estimate where
644 the first call left us. Also set noncontiguous, so this
645 won't happen again, leaving at most one hole.
646
647 Note that this check is intrinsically incomplete. Because
648 MORECORE is allowed to give more space than we ask for,
649 there is no reliable way to detect a noncontiguity
650 producing a forward gap for the second call.
651 */
652 snd_brk = fst_brk + size;
653 correction = 0;
654 set_noncontiguous(av);
655 }
656
657 }
658
659 /* handle non-contiguous cases */
660 else {
661 /* MORECORE/mmap must correctly align */
662 assert(aligned_OK(chunk2mem(fst_brk)));
663
664 /* Find out current end of memory */
665 if (snd_brk == (char*)(MORECORE_FAILURE)) {
666 snd_brk = (char*)(MORECORE(0));
667 av->sbrked_mem += snd_brk - fst_brk - size;
668 }
669 }
670
671 /* Adjust top based on results of second sbrk */
672 if (snd_brk != (char*)(MORECORE_FAILURE)) {
673 av->top = (mchunkptr)aligned_brk;
674 set_head(av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE);
675 av->sbrked_mem += correction;
676
677 /*
678 If not the first time through, we either have a
679 gap due to foreign sbrk or a non-contiguous region. Insert a
680 double fencepost at old_top to prevent consolidation with space
681 we don't own. These fenceposts are artificial chunks that are
682 marked as inuse and are in any case too small to use. We need
683 two to make sizes and alignments work out.
684 */
685
686 if (old_size != 0) {
687 /* Shrink old_top to insert fenceposts, keeping size a
688 multiple of MALLOC_ALIGNMENT. We know there is at least
689 enough space in old_top to do this.
690 */
691 old_size = (old_size - 3*(sizeof(size_t))) & ~MALLOC_ALIGN_MASK;
692 set_head(old_top, old_size | PREV_INUSE);
693
694 /*
695 Note that the following assignments completely overwrite
696 old_top when old_size was previously MINSIZE. This is
697 intentional. We need the fencepost, even if old_top otherwise gets
698 lost.
699 */
700 chunk_at_offset(old_top, old_size )->size =
701 (sizeof(size_t))|PREV_INUSE;
702
703 chunk_at_offset(old_top, old_size + (sizeof(size_t)))->size =
704 (sizeof(size_t))|PREV_INUSE;
705
706 /* If possible, release the rest, suppressing trimming. */
707 if (old_size >= MINSIZE) {
708 size_t tt = av->trim_threshold;
709 av->trim_threshold = (size_t)(-1);
710 free(chunk2mem(old_top));
711 av->trim_threshold = tt;
712 }
713 }
714 }
715 }
716
717 /* Update statistics */
718 sum = av->sbrked_mem;
719 if (sum > (unsigned long)(av->max_sbrked_mem))
720 av->max_sbrked_mem = sum;
721
722 sum += av->mmapped_mem;
723 if (sum > (unsigned long)(av->max_total_mem))
724 av->max_total_mem = sum;
725
726 check_malloc_state();
727
728 /* finally, do the allocation */
729
730 p = av->top;
731 size = chunksize(p);
732
733 /* check that one of the above allocation paths succeeded */
734 if ((unsigned long)(size) >= (unsigned long)(nb + MINSIZE)) {
735 remainder_size = size - nb;
736 remainder = chunk_at_offset(p, nb);
737 av->top = remainder;
738 set_head(p, nb | PREV_INUSE);
739 set_head(remainder, remainder_size | PREV_INUSE);
740 check_malloced_chunk(p, nb);
741 return chunk2mem(p);
742 }
743
744 }
745
746 /* catch all failure paths */
747 errno = ENOMEM;
748 return 0;
749}
750
751
752/*
753 Compute index for size. We expect this to be inlined when
754 compiled with optimization, else not, which works out well.
755*/
756static int __malloc_largebin_index(unsigned int sz)
757{
758 unsigned int x = sz >> SMALLBIN_WIDTH;
759 unsigned int m; /* bit position of highest set bit of m */
760
761 if (x >= 0x10000) return NBINS-1;
762
763 /* On intel, use BSRL instruction to find highest bit */
764#if defined(__GNUC__) && defined(i386)
765
766 __asm__("bsrl %1,%0\n\t"
767 : "=r" (m)
768 : "g" (x));
769
770#else
771 {
772 /*
773 Based on branch-free nlz algorithm in chapter 5 of Henry
774 S. Warren Jr's book "Hacker's Delight".
775 */
776
777 unsigned int n = ((x - 0x100) >> 16) & 8;
778 x <<= n;
779 m = ((x - 0x1000) >> 16) & 4;
780 n += m;
781 x <<= m;
782 m = ((x - 0x4000) >> 16) & 2;
783 n += m;
784 x = (x << m) >> 14;
785 m = 13 - n + (x & ~(x>>1));
786 }
787#endif
788
789 /* Use next 2 bits to create finer-granularity bins */
790 return NSMALLBINS + (m << 2) + ((sz >> (m + 6)) & 3);
791}
792
793
794
795/* ----------------------------------------------------------------------
796 *
797 * PUBLIC STUFF
798 *
799 * ----------------------------------------------------------------------*/
800
801
802/* ------------------------------ malloc ------------------------------ */
803void* malloc(size_t bytes)
804{
805 mstate av;
806
807 size_t nb; /* normalized request size */
808 unsigned int idx; /* associated bin index */
809 mbinptr bin; /* associated bin */
810 mfastbinptr* fb; /* associated fastbin */
811
812 mchunkptr victim; /* inspected/selected chunk */
813 size_t size; /* its size */
814 int victim_index; /* its bin index */
815
816 mchunkptr remainder; /* remainder from a split */
817 unsigned long remainder_size; /* its size */
818
819 unsigned int block; /* bit map traverser */
820 unsigned int bit; /* bit map traverser */
821 unsigned int map; /* current word of binmap */
822
823 mchunkptr fwd; /* misc temp for linking */
824 mchunkptr bck; /* misc temp for linking */
825 void * sysmem;
826 void * retval;
827
828#if !defined(__MALLOC_GLIBC_COMPAT__)
829 if (!bytes) {
830 __set_errno(ENOMEM);
831 return NULL;
832 }
833#endif
834
835 __MALLOC_LOCK;
836 av = get_malloc_state();
837 /*
838 Convert request size to internal form by adding (sizeof(size_t)) bytes
839 overhead plus possibly more to obtain necessary alignment and/or
840 to obtain a size of at least MINSIZE, the smallest allocatable
841 size. Also, checked_request2size traps (returning 0) request sizes
842 that are so large that they wrap around zero when padded and
843 aligned.
844 */
845
846 checked_request2size(bytes, nb);
847
848 /*
849 Bypass search if no frees yet
850 */
851 if (!have_anychunks(av)) {
852 if (av->max_fast == 0) /* initialization check */
853 __malloc_consolidate(av);
854 goto use_top;
855 }
856
857 /*
858 If the size qualifies as a fastbin, first check corresponding bin.
859 */
860
861 if ((unsigned long)(nb) <= (unsigned long)(av->max_fast)) {
862 fb = &(av->fastbins[(fastbin_index(nb))]);
863 if ( (victim = *fb) != 0) {
864 *fb = victim->fd;
865 check_remalloced_chunk(victim, nb);
866 retval = chunk2mem(victim);
867 goto DONE;
868 }
869 }
870
871 /*
872 If a small request, check regular bin. Since these "smallbins"
873 hold one size each, no searching within bins is necessary.
874 (For a large request, we need to wait until unsorted chunks are
875 processed to find best fit. But for small ones, fits are exact
876 anyway, so we can check now, which is faster.)
877 */
878
879 if (in_smallbin_range(nb)) {
880 idx = smallbin_index(nb);
881 bin = bin_at(av,idx);
882
883 if ( (victim = last(bin)) != bin) {
884 bck = victim->bk;
885 set_inuse_bit_at_offset(victim, nb);
886 bin->bk = bck;
887 bck->fd = bin;
888
889 check_malloced_chunk(victim, nb);
890 retval = chunk2mem(victim);
891 goto DONE;
892 }
893 }
894
895 /* If this is a large request, consolidate fastbins before continuing.
896 While it might look excessive to kill all fastbins before
897 even seeing if there is space available, this avoids
898 fragmentation problems normally associated with fastbins.
899 Also, in practice, programs tend to have runs of either small or
900 large requests, but less often mixtures, so consolidation is not
901 invoked all that often in most programs. And the programs that
902 it is called frequently in otherwise tend to fragment.
903 */
904
905 else {
906 idx = __malloc_largebin_index(nb);
907 if (have_fastchunks(av))
908 __malloc_consolidate(av);
909 }
910
911 /*
912 Process recently freed or remaindered chunks, taking one only if
913 it is exact fit, or, if this a small request, the chunk is remainder from
914 the most recent non-exact fit. Place other traversed chunks in
915 bins. Note that this step is the only place in any routine where
916 chunks are placed in bins.
917 */
918
919 while ( (victim = unsorted_chunks(av)->bk) != unsorted_chunks(av)) {
920 bck = victim->bk;
921 size = chunksize(victim);
922
923 /* If a small request, try to use last remainder if it is the
924 only chunk in unsorted bin. This helps promote locality for
925 runs of consecutive small requests. This is the only
926 exception to best-fit, and applies only when there is
927 no exact fit for a small chunk.
928 */
929
930 if (in_smallbin_range(nb) &&
931 bck == unsorted_chunks(av) &&
932 victim == av->last_remainder &&
933 (unsigned long)(size) > (unsigned long)(nb + MINSIZE)) {
934
935 /* split and reattach remainder */
936 remainder_size = size - nb;
937 remainder = chunk_at_offset(victim, nb);
938 unsorted_chunks(av)->bk = unsorted_chunks(av)->fd = remainder;
939 av->last_remainder = remainder;
940 remainder->bk = remainder->fd = unsorted_chunks(av);
941
942 set_head(victim, nb | PREV_INUSE);
943 set_head(remainder, remainder_size | PREV_INUSE);
944 set_foot(remainder, remainder_size);
945
946 check_malloced_chunk(victim, nb);
947 retval = chunk2mem(victim);
948 goto DONE;
949 }
950
951 /* remove from unsorted list */
952 unsorted_chunks(av)->bk = bck;
953 bck->fd = unsorted_chunks(av);
954
955 /* Take now instead of binning if exact fit */
956
957 if (size == nb) {
958 set_inuse_bit_at_offset(victim, size);
959 check_malloced_chunk(victim, nb);
960 retval = chunk2mem(victim);
961 goto DONE;
962 }
963
964 /* place chunk in bin */
965
966 if (in_smallbin_range(size)) {
967 victim_index = smallbin_index(size);
968 bck = bin_at(av, victim_index);
969 fwd = bck->fd;
970 }
971 else {
972 victim_index = __malloc_largebin_index(size);
973 bck = bin_at(av, victim_index);
974 fwd = bck->fd;
975
976 if (fwd != bck) {
977 /* if smaller than smallest, place first */
978 if ((unsigned long)(size) < (unsigned long)(bck->bk->size)) {
979 fwd = bck;
980 bck = bck->bk;
981 }
982 else if ((unsigned long)(size) >=
983 (unsigned long)(FIRST_SORTED_BIN_SIZE)) {
984
985 /* maintain large bins in sorted order */
986 size |= PREV_INUSE; /* Or with inuse bit to speed comparisons */
987 while ((unsigned long)(size) < (unsigned long)(fwd->size))
988 fwd = fwd->fd;
989 bck = fwd->bk;
990 }
991 }
992 }
993
994 mark_bin(av, victim_index);
995 victim->bk = bck;
996 victim->fd = fwd;
997 fwd->bk = victim;
998 bck->fd = victim;
999 }
1000
1001 /*
1002 If a large request, scan through the chunks of current bin to
1003 find one that fits. (This will be the smallest that fits unless
1004 FIRST_SORTED_BIN_SIZE has been changed from default.) This is
1005 the only step where an unbounded number of chunks might be
1006 scanned without doing anything useful with them. However the
1007 lists tend to be short.
1008 */
1009
1010 if (!in_smallbin_range(nb)) {
1011 bin = bin_at(av, idx);
1012
1013 for (victim = last(bin); victim != bin; victim = victim->bk) {
1014 size = chunksize(victim);
1015
1016 if ((unsigned long)(size) >= (unsigned long)(nb)) {
1017 remainder_size = size - nb;
1018 unlink(victim, bck, fwd);
1019
1020 /* Exhaust */
1021 if (remainder_size < MINSIZE) {
1022 set_inuse_bit_at_offset(victim, size);
1023 check_malloced_chunk(victim, nb);
1024 retval = chunk2mem(victim);
1025 goto DONE;
1026 }
1027 /* Split */
1028 else {
1029 remainder = chunk_at_offset(victim, nb);
1030 unsorted_chunks(av)->bk = unsorted_chunks(av)->fd = remainder;
1031 remainder->bk = remainder->fd = unsorted_chunks(av);
1032 set_head(victim, nb | PREV_INUSE);
1033 set_head(remainder, remainder_size | PREV_INUSE);
1034 set_foot(remainder, remainder_size);
1035 check_malloced_chunk(victim, nb);
1036 retval = chunk2mem(victim);
1037 goto DONE;
1038 }
1039 }
1040 }
1041 }
1042
1043 /*
1044 Search for a chunk by scanning bins, starting with next largest
1045 bin. This search is strictly by best-fit; i.e., the smallest
1046 (with ties going to approximately the least recently used) chunk
1047 that fits is selected.
1048
1049 The bitmap avoids needing to check that most blocks are nonempty.
1050 */
1051
1052 ++idx;
1053 bin = bin_at(av,idx);
1054 block = idx2block(idx);
1055 map = av->binmap[block];
1056 bit = idx2bit(idx);
1057
1058 for (;;) {
1059
1060 /* Skip rest of block if there are no more set bits in this block. */
1061 if (bit > map || bit == 0) {
1062 do {
1063 if (++block >= BINMAPSIZE) /* out of bins */
1064 goto use_top;
1065 } while ( (map = av->binmap[block]) == 0);
1066
1067 bin = bin_at(av, (block << BINMAPSHIFT));
1068 bit = 1;
1069 }
1070
1071 /* Advance to bin with set bit. There must be one. */
1072 while ((bit & map) == 0) {
1073 bin = next_bin(bin);
1074 bit <<= 1;
1075 assert(bit != 0);
1076 }
1077
1078 /* Inspect the bin. It is likely to be non-empty */
1079 victim = last(bin);
1080
1081 /* If a false alarm (empty bin), clear the bit. */
1082 if (victim == bin) {
1083 av->binmap[block] = map &= ~bit; /* Write through */
1084 bin = next_bin(bin);
1085 bit <<= 1;
1086 }
1087
1088 else {
1089 size = chunksize(victim);
1090
1091 /* We know the first chunk in this bin is big enough to use. */
1092 assert((unsigned long)(size) >= (unsigned long)(nb));
1093
1094 remainder_size = size - nb;
1095
1096 /* unlink */
1097 bck = victim->bk;
1098 bin->bk = bck;
1099 bck->fd = bin;
1100
1101 /* Exhaust */
1102 if (remainder_size < MINSIZE) {
1103 set_inuse_bit_at_offset(victim, size);
1104 check_malloced_chunk(victim, nb);
1105 retval = chunk2mem(victim);
1106 goto DONE;
1107 }
1108
1109 /* Split */
1110 else {
1111 remainder = chunk_at_offset(victim, nb);
1112
1113 unsorted_chunks(av)->bk = unsorted_chunks(av)->fd = remainder;
1114 remainder->bk = remainder->fd = unsorted_chunks(av);
1115 /* advertise as last remainder */
1116 if (in_smallbin_range(nb))
1117 av->last_remainder = remainder;
1118
1119 set_head(victim, nb | PREV_INUSE);
1120 set_head(remainder, remainder_size | PREV_INUSE);
1121 set_foot(remainder, remainder_size);
1122 check_malloced_chunk(victim, nb);
1123 retval = chunk2mem(victim);
1124 goto DONE;
1125 }
1126 }
1127 }
1128
1129use_top:
1130 /*
1131 If large enough, split off the chunk bordering the end of memory
1132 (held in av->top). Note that this is in accord with the best-fit
1133 search rule. In effect, av->top is treated as larger (and thus
1134 less well fitting) than any other available chunk since it can
1135 be extended to be as large as necessary (up to system
1136 limitations).
1137
1138 We require that av->top always exists (i.e., has size >=
1139 MINSIZE) after initialization, so if it would otherwise be
1140 exhuasted by current request, it is replenished. (The main
1141 reason for ensuring it exists is that we may need MINSIZE space
1142 to put in fenceposts in sysmalloc.)
1143 */
1144
1145 victim = av->top;
1146 size = chunksize(victim);
1147
1148 if ((unsigned long)(size) >= (unsigned long)(nb + MINSIZE)) {
1149 remainder_size = size - nb;
1150 remainder = chunk_at_offset(victim, nb);
1151 av->top = remainder;
1152 set_head(victim, nb | PREV_INUSE);
1153 set_head(remainder, remainder_size | PREV_INUSE);
1154
1155 check_malloced_chunk(victim, nb);
1156 retval = chunk2mem(victim);
1157 goto DONE;
1158 }
1159
1160 /* If no space in top, relay to handle system-dependent cases */
1161 sysmem = __malloc_alloc(nb, av);
1162 retval = sysmem;
1163DONE:
1164 __MALLOC_UNLOCK;
1165 return retval;
1166}
1167