summaryrefslogtreecommitdiff
path: root/lib/libc/stdlib
diff options
context:
space:
mode:
authorOtto Moerbeek <otto@cvs.openbsd.org>2008-07-28 04:56:39 +0000
committerOtto Moerbeek <otto@cvs.openbsd.org>2008-07-28 04:56:39 +0000
commit6e5c831ce5bd6e902101633ab3c25781c364d94f (patch)
treeedb5eac26e07e3206fb9e815b7d4b8d5c70b1b17 /lib/libc/stdlib
parent71c1fe9b61de632f0081d549a4d32ec8d8b18f83 (diff)
Almost complete rewrite of malloc, to have a more efficient data
structure of tracking pages returned by mmap(). Lots of testing by lots of people, thanks to you all. ok djm@ (for a slighly earlier version) deraadt@
Diffstat (limited to 'lib/libc/stdlib')
-rw-r--r--lib/libc/stdlib/malloc.c2278
1 files changed, 835 insertions, 1443 deletions
diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c
index 6042e47e690..ae8cd8157ba 100644
--- a/lib/libc/stdlib/malloc.c
+++ b/lib/libc/stdlib/malloc.c
@@ -1,471 +1,324 @@
-/* $OpenBSD: malloc.c,v 1.91 2008/06/13 21:18:42 otto Exp $ */
+/* $OpenBSD: malloc.c,v 1.92 2008/07/28 04:56:38 otto Exp $ */
+/*
+ * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
/*
+ * Parts of this code, mainly the sub page sized chunk management code is
+ * derived from the malloc implementation with the following license:
+ */
+/*
* ----------------------------------------------------------------------------
* "THE BEER-WARE LICENSE" (Revision 42):
* <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you think
- * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
+ * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
* ----------------------------------------------------------------------------
*/
-/*
- * Defining MALLOC_EXTRA_SANITY will enable extra checks which are
- * related to internal conditions and consistency in malloc.c. This has
- * a noticeable runtime performance hit, and generally will not do you
- * any good unless you fiddle with the internals of malloc or want
- * to catch random pointer corruption as early as possible.
- */
-#ifndef MALLOC_EXTRA_SANITY
-#undef MALLOC_EXTRA_SANITY
-#endif
-
-/*
- * Defining MALLOC_STATS will enable you to call malloc_dump() and set
- * the [dD] options in the MALLOC_OPTIONS environment variable.
- * It has no run-time performance hit, but does pull in stdio...
- */
-#ifndef MALLOC_STATS
-#undef MALLOC_STATS
-#endif
-
-/*
- * What to use for Junk. This is the byte value we use to fill with
- * when the 'J' option is enabled.
- */
-#define SOME_JUNK 0xd0 /* as in "Duh" :-) */
+/* #define MALLOC_STATS */
#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
#include <sys/param.h>
#include <sys/mman.h>
#include <sys/uio.h>
-#include <stdio.h>
+#include <errno.h>
+#include <stdint.h>
#include <stdlib.h>
#include <string.h>
+#include <stdio.h>
#include <unistd.h>
+
+#ifdef MALLOC_STATS
#include <fcntl.h>
-#include <limits.h>
-#include <errno.h>
-#include <err.h>
+#endif
#include "thread_private.h"
-/*
- * The basic parameters you can tweak.
- *
- * malloc_pageshift pagesize = 1 << malloc_pageshift
- * It's probably best if this is the native
- * page size, but it shouldn't have to be.
- *
- * malloc_minsize minimum size of an allocation in bytes.
- * If this is too small it's too much work
- * to manage them. This is also the smallest
- * unit of alignment used for the storage
- * returned by malloc/realloc.
- *
- */
-
-#if defined(__sparc__)
-#define malloc_pageshift 13U
-#endif /* __sparc__ */
-
-#ifndef malloc_pageshift
-#define malloc_pageshift (PGSHIFT)
-#endif
+#define MALLOC_MINSHIFT 4
+#define MALLOC_MAXSHIFT 16
-#ifndef malloc_minsize
-#define malloc_minsize 16UL
+#if defined(__sparc__) && !defined(__sparcv9__)
+#define MALLOC_PAGESHIFT (13U)
+#else
+#define MALLOC_PAGESHIFT (PGSHIFT)
#endif
-#if !defined(malloc_pagesize)
-#define malloc_pagesize (1UL<<malloc_pageshift)
-#endif
+#define MALLOC_PAGESIZE (1UL << MALLOC_PAGESHIFT)
+#define MALLOC_MINSIZE (1UL << MALLOC_MINSHIFT)
+#define MALLOC_PAGEMASK (MALLOC_PAGESIZE - 1)
+#define MASK_POINTER(p) ((void *)(((uintptr_t)(p)) & ~MALLOC_PAGEMASK))
-/* How many bits per u_long in the bitmap */
-#define MALLOC_BITS (NBBY * sizeof(u_long))
+#define MALLOC_MAXCHUNK (1 << (MALLOC_PAGESHIFT-1))
+#define MALLOC_MAXCACHE 256
+#define MALLOC_DELAYED_CHUNKS 16 /* should be power of 2 */
+#define PAGEROUND(x) (((x) + (MALLOC_PAGEMASK)) & ~MALLOC_PAGEMASK)
/*
- * No user serviceable parts behind this point.
- *
- * This structure describes a page worth of chunks.
- */
-struct pginfo {
- struct pginfo *next; /* next on the free list */
- void *page; /* Pointer to the page */
- u_short size; /* size of this page's chunks */
- u_short shift; /* How far to shift for this size chunks */
- u_short free; /* How many free chunks */
- u_short total; /* How many chunk */
- u_long bits[(malloc_pagesize / malloc_minsize) / MALLOC_BITS];/* Which chunks are free */
-};
-
-/*
- * This structure describes a number of free pages.
- */
-struct pgfree {
- struct pgfree *next; /* next run of free pages */
- struct pgfree *prev; /* prev run of free pages */
- void *page; /* pointer to free pages */
- void *pdir; /* pointer to the base page's dir */
- size_t size; /* number of bytes free */
-};
-
-/*
- * Magic values to put in the page_directory
+ * What to use for Junk. This is the byte value we use to fill with
+ * when the 'J' option is enabled. Use SOME_JUNK right after alloc,
+ * and SOME_FREEJUNK right before free.
*/
-#define MALLOC_NOT_MINE ((struct pginfo*) 0)
-#define MALLOC_FREE ((struct pginfo*) 1)
-#define MALLOC_FIRST ((struct pginfo*) 2)
-#define MALLOC_FOLLOW ((struct pginfo*) 3)
-#define MALLOC_MAGIC ((struct pginfo*) 4)
-
-#if ((1UL<<malloc_pageshift) != malloc_pagesize)
-#error "(1UL<<malloc_pageshift) != malloc_pagesize"
-#endif
-
-#ifndef malloc_maxsize
-#define malloc_maxsize ((malloc_pagesize)>>1)
-#endif
-
-/* A mask for the offset inside a page. */
-#define malloc_pagemask ((malloc_pagesize)-1)
-
-#define pageround(foo) (((foo) + (malloc_pagemask)) & ~malloc_pagemask)
-#define ptr2index(foo) (((u_long)(foo) >> malloc_pageshift)+malloc_pageshift)
-#define index2ptr(idx) ((void*)(((idx)-malloc_pageshift)<<malloc_pageshift))
+#define SOME_JUNK 0xd0 /* as in "Duh" :-) */
+#define SOME_FREEJUNK 0xdf
-/* Set when initialization has been done */
-static unsigned int malloc_started;
+#define MMAP(sz) mmap(NULL, (size_t)(sz), PROT_READ | PROT_WRITE, \
+ MAP_ANON | MAP_PRIVATE, -1, (off_t) 0)
-/* Number of free pages we cache */
-static unsigned int malloc_cache = 16;
-
-/* Structure used for linking discrete directory pages. */
-struct pdinfo {
- struct pginfo **base;
- struct pdinfo *prev;
- struct pdinfo *next;
- u_long dirnum;
+struct region_info {
+ void *p; /* page; low bits used to mark chunks */
+ uintptr_t size; /* size for pages, or chunk_info pointer */
};
-static struct pdinfo *last_dir; /* Caches to the last and previous */
-static struct pdinfo *prev_dir; /* referenced directory pages. */
-
-static size_t pdi_off;
-static u_long pdi_mod;
-#define PD_IDX(num) ((num) / (malloc_pagesize/sizeof(struct pginfo *)))
-#define PD_OFF(num) ((num) & ((malloc_pagesize/sizeof(struct pginfo *))-1))
-#define PI_IDX(index) ((index) / pdi_mod)
-#define PI_OFF(index) ((index) % pdi_mod)
-
-/* The last index in the page directory we care about */
-static u_long last_index;
-
-/* Pointer to page directory. Allocated "as if with" malloc */
-static struct pginfo **page_dir;
-
-/* Free pages line up here */
-static struct pgfree free_list;
-
-/* Abort(), user doesn't handle problems. */
-static int malloc_abort = 2;
-
-/* Are we trying to die ? */
-static int suicide;
+struct dir_info {
+ u_int32_t canary1;
+ struct region_info *r; /* region slots */
+ size_t regions_total; /* number of region slots */
+ size_t regions_bits; /* log2 of total */
+ size_t regions_free; /* number of free slots */
+ /* list of free chunk info structs */
+ struct chunk_info *chunk_info_list;
+ /* lists of chunks with free slots */
+ struct chunk_info *chunk_dir[MALLOC_MAXSHIFT];
+ size_t free_regions_size; /* free pages cached */
+ /* free pages cache */
+ struct region_info free_regions[MALLOC_MAXCACHE];
+ /* delayed free chunk slots */
+ void *delayed_chunks[MALLOC_DELAYED_CHUNKS];
#ifdef MALLOC_STATS
-/* dump statistics */
-static int malloc_stats;
-#endif
-
-/* avoid outputting warnings? */
-static int malloc_silent;
-
-/* always realloc ? */
-static int malloc_realloc;
-
-/* mprotect free pages PROT_NONE? */
-static int malloc_freeprot;
-
-/* use guard pages after allocations? */
-static size_t malloc_guard = 0;
-static size_t malloc_guarded;
-/* align pointers to end of page? */
-static int malloc_ptrguard;
-
-static int malloc_hint;
-
-/* xmalloc behaviour ? */
-static int malloc_xmalloc;
-
-/* zero fill ? */
-static int malloc_zero;
-
-/* junk fill ? */
-static int malloc_junk;
+ size_t inserts;
+ size_t insert_collisions;
+ size_t finds;
+ size_t find_collisions;
+ size_t deletes;
+ size_t delete_moves;
+#define STATS_INC(x) ((x)++)
+#define STATS_ZERO(x) ((x) = 0)
+#else
+#define STATS_INC(x) /* nothing */
+#define STATS_ZERO(x) /* nothing */
+#endif /* MALLOC_STATS */
+ u_int32_t canary2;
+};
-#ifdef __FreeBSD__
-/* utrace ? */
-static int malloc_utrace;
-struct ut {
- void *p;
- size_t s;
- void *r;
+/*
+ * This structure describes a page worth of chunks.
+ *
+ * How many bits per u_long in the bitmap
+ */
+#define MALLOC_BITS (NBBY * sizeof(u_long))
+struct chunk_info {
+ struct chunk_info *next; /* next on the free list */
+ void *page; /* pointer to the page */
+ u_int32_t canary;
+ u_short size; /* size of this page's chunks */
+ u_short shift; /* how far to shift for this size */
+ u_short free; /* how many free chunks */
+ u_short total; /* how many chunk */
+ /* which chunks are free */
+ u_long bits[(MALLOC_PAGESIZE / MALLOC_MINSIZE) / MALLOC_BITS];
};
-void utrace(struct ut *, int);
+static struct dir_info g_pool;
+static char *malloc_func; /* current function */
+char *malloc_options; /* compile-time options */
+
+static int malloc_abort = 1; /* abort() on error */
+static int malloc_active; /* status of malloc */
+static int malloc_freeprot; /* mprotect free pages PROT_NONE? */
+static int malloc_hint; /* call madvice on free pages? */
+static int malloc_junk; /* junk fill? */
+static int malloc_move; /* move allocations to end of page? */
+static int malloc_realloc; /* always realloc? */
+static int malloc_silent; /* avoid outputting warnings? */
+static int malloc_xmalloc; /* xmalloc behaviour? */
+static int malloc_zero; /* zero fill? */
+static size_t malloc_guard; /* use guard pages after allocations? */
+
+static u_int malloc_cache = 64; /* free pages we cache */
+static size_t malloc_guarded; /* bytes used for guards */
+static size_t malloc_used; /* bytes allocated */
-#define UTRACE(a, b, c) \
- if (malloc_utrace) \
- {struct ut u; u.p=a; u.s = b; u.r=c; utrace(&u, sizeof u);}
-#else /* !__FreeBSD__ */
-#define UTRACE(a,b,c)
+#ifdef MALLOC_STATS
+static int malloc_stats; /* dump statistics at end */
#endif
-/* Status of malloc. */
-static int malloc_active;
-
-/* Allocated memory. */
-static size_t malloc_used;
-
-/* My last break. */
-static caddr_t malloc_brk;
+static size_t rbytesused; /* random bytes used */
+static u_char rbytes[4096]; /* random bytes */
+static u_char getrbyte(void);
-/* One location cache for free-list holders. */
-static struct pgfree *px;
-
-/* Compile-time options. */
-char *malloc_options;
-
-/* Name of the current public function. */
-static char *malloc_func;
-
-#define MMAP(size) \
- mmap((void *)0, (size), PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, \
- -1, (off_t)0)
+extern char *__progname;
-/*
- * Necessary function declarations.
+/* low bits of r->p determine size: 0 means >= page size and p->size holding
+ * real size, otherwise r->size is a shift count, or 1 for malloc(0)
*/
-static void *imalloc(size_t size);
-static void ifree(void *ptr);
-static void *irealloc(void *ptr, size_t size);
-static void *malloc_bytes(size_t size);
-
-static struct pginfo *pginfo_list;
+#define REALSIZE(sz, r) \
+ (sz) = (uintptr_t)(r)->p & MALLOC_PAGEMASK, \
+ (sz) = ((sz) == 0 ? (r)->size : ((sz) == 1 ? 0 : (1 << ((sz)-1))))
-static struct pgfree *pgfree_list;
+static inline size_t
+hash(void *p)
+{
+ size_t sum;
+ union {
+ uintptr_t p;
+ unsigned short a[sizeof(void *) / sizeof(short)];
+ } u;
+ u.p = (uintptr_t)p >> MALLOC_PAGESHIFT;
+ sum = u.a[0];
+ sum = (sum << 7) - sum + u.a[1];
+#ifdef __LP64__
+ sum = (sum << 7) - sum + u.a[2];
+ sum = (sum << 7) - sum + u.a[3];
+#endif
+ return sum;
+}
-static struct pgfree *
-alloc_pgfree(void)
+#ifdef MALLOC_STATS
+static void
+dump_chunk(int fd, struct chunk_info *p, int fromfreelist)
{
- struct pgfree *p;
- int i;
+ char buf[64];
- if (pgfree_list == NULL) {
- p = MMAP(malloc_pagesize);
- if (p == MAP_FAILED)
- return NULL;
- for (i = 0; i < malloc_pagesize / sizeof(*p); i++) {
- p[i].next = pgfree_list;
- pgfree_list = &p[i];
+ while (p) {
+ snprintf(buf, sizeof(buf), "chunk %d %d/%d %p\n", p->size,
+ p->free, p->total, p->page);
+ write(fd, buf, strlen(buf));
+ if (!fromfreelist)
+ break;
+ p = p->next;
+ if (p != NULL) {
+ snprintf(buf, sizeof(buf), " ");
+ write(fd, buf, strlen(buf));
}
}
- p = pgfree_list;
- pgfree_list = p->next;
- memset(p, 0, sizeof *p);
- return p;
}
-static struct pginfo *
-alloc_pginfo(void)
+static void
+dump_free_chunk_info(int fd, struct dir_info *d)
{
- struct pginfo *p;
+ char buf[64];
int i;
- if (pginfo_list == NULL) {
- p = MMAP(malloc_pagesize);
- if (p == MAP_FAILED)
- return NULL;
- for (i = 0; i < malloc_pagesize / sizeof(*p); i++) {
- p[i].next = pginfo_list;
- pginfo_list = &p[i];
+ snprintf(buf, sizeof(buf), "Free chunk structs:\n");
+ write(fd, buf, strlen(buf));
+ for (i = 0; i < MALLOC_MAXSHIFT; i++) {
+ struct chunk_info *p = d->chunk_dir[i];
+ if (p != NULL) {
+ snprintf(buf, sizeof(buf), "%2d) ", i);
+ write(fd, buf, strlen(buf));
+ dump_chunk(fd, p, 1);
}
}
- p = pginfo_list;
- pginfo_list = p->next;
- memset(p, 0, sizeof *p);
- return p;
-}
-static void
-put_pgfree(struct pgfree *p)
-{
- p->next = pgfree_list;
- pgfree_list = p;
}
static void
-put_pginfo(struct pginfo *p)
-{
- p->next = pginfo_list;
- pginfo_list = p;
-}
-
-/*
- * Function for page directory lookup.
- */
-static int
-pdir_lookup(u_long index, struct pdinfo ** pdi)
+dump_free_page_info(int fd, struct dir_info *d)
{
- struct pdinfo *spi;
- u_long pidx = PI_IDX(index);
-
- if (last_dir != NULL && PD_IDX(last_dir->dirnum) == pidx)
- *pdi = last_dir;
- else if (prev_dir != NULL && PD_IDX(prev_dir->dirnum) == pidx)
- *pdi = prev_dir;
- else if (last_dir != NULL && prev_dir != NULL) {
- if ((PD_IDX(last_dir->dirnum) > pidx) ?
- (PD_IDX(last_dir->dirnum) - pidx) :
- (pidx - PD_IDX(last_dir->dirnum))
- < (PD_IDX(prev_dir->dirnum) > pidx) ?
- (PD_IDX(prev_dir->dirnum) - pidx) :
- (pidx - PD_IDX(prev_dir->dirnum)))
- *pdi = last_dir;
- else
- *pdi = prev_dir;
-
- if (PD_IDX((*pdi)->dirnum) > pidx) {
- for (spi = (*pdi)->prev;
- spi != NULL && PD_IDX(spi->dirnum) > pidx;
- spi = spi->prev)
- *pdi = spi;
- if (spi != NULL)
- *pdi = spi;
- } else
- for (spi = (*pdi)->next;
- spi != NULL && PD_IDX(spi->dirnum) <= pidx;
- spi = spi->next)
- *pdi = spi;
- } else {
- *pdi = (struct pdinfo *) ((caddr_t) page_dir + pdi_off);
- for (spi = *pdi;
- spi != NULL && PD_IDX(spi->dirnum) <= pidx;
- spi = spi->next)
- *pdi = spi;
- }
-
- return ((PD_IDX((*pdi)->dirnum) == pidx) ? 0 :
- (PD_IDX((*pdi)->dirnum) > pidx) ? 1 : -1);
-}
+ char buf[64];
+ int i;
-#ifdef MALLOC_STATS
-void
-malloc_dump(int fd)
-{
- char buf[1024];
- struct pginfo **pd;
- struct pgfree *pf;
- struct pdinfo *pi;
- u_long j;
-
- pd = page_dir;
- pi = (struct pdinfo *) ((caddr_t) pd + pdi_off);
-
- /* print out all the pages */
- for (j = 0; j <= last_index;) {
- snprintf(buf, sizeof buf, "%08lx %5lu ", j << malloc_pageshift, j);
- write(fd, buf, strlen(buf));
- if (pd[PI_OFF(j)] == MALLOC_NOT_MINE) {
- for (j++; j <= last_index && pd[PI_OFF(j)] == MALLOC_NOT_MINE;) {
- if (!PI_OFF(++j)) {
- if ((pi = pi->next) == NULL ||
- PD_IDX(pi->dirnum) != PI_IDX(j))
- break;
- pd = pi->base;
- j += pdi_mod;
- }
- }
- j--;
- snprintf(buf, sizeof buf, ".. %5lu not mine\n", j);
- write(fd, buf, strlen(buf));
- } else if (pd[PI_OFF(j)] == MALLOC_FREE) {
- for (j++; j <= last_index && pd[PI_OFF(j)] == MALLOC_FREE;) {
- if (!PI_OFF(++j)) {
- if ((pi = pi->next) == NULL ||
- PD_IDX(pi->dirnum) != PI_IDX(j))
- break;
- pd = pi->base;
- j += pdi_mod;
- }
- }
- j--;
- snprintf(buf, sizeof buf, ".. %5lu free\n", j);
- write(fd, buf, strlen(buf));
- } else if (pd[PI_OFF(j)] == MALLOC_FIRST) {
- for (j++; j <= last_index && pd[PI_OFF(j)] == MALLOC_FOLLOW;) {
- if (!PI_OFF(++j)) {
- if ((pi = pi->next) == NULL ||
- PD_IDX(pi->dirnum) != PI_IDX(j))
- break;
- pd = pi->base;
- j += pdi_mod;
- }
- }
- j--;
- snprintf(buf, sizeof buf, ".. %5lu in use\n", j);
- write(fd, buf, strlen(buf));
- } else if (pd[PI_OFF(j)] < MALLOC_MAGIC) {
- snprintf(buf, sizeof buf, "(%p)\n", pd[PI_OFF(j)]);
+ snprintf(buf, sizeof(buf), "Free pages cached: %zu\n",
+ d->free_regions_size);
+ write(fd, buf, strlen(buf));
+ for (i = 0; i < malloc_cache; i++) {
+ if (d->free_regions[i].p != NULL) {
+ snprintf(buf, sizeof(buf), "%2d) ", i);
write(fd, buf, strlen(buf));
- } else {
- snprintf(buf, sizeof buf, "%p %d (of %d) x %d @ %p --> %p\n",
- pd[PI_OFF(j)], pd[PI_OFF(j)]->free,
- pd[PI_OFF(j)]->total, pd[PI_OFF(j)]->size,
- pd[PI_OFF(j)]->page, pd[PI_OFF(j)]->next);
+ snprintf(buf, sizeof(buf), "free at %p: %zu\n",
+ d->free_regions[i].p, d->free_regions[i].size);
write(fd, buf, strlen(buf));
}
- if (!PI_OFF(++j)) {
- if ((pi = pi->next) == NULL)
- break;
- pd = pi->base;
- j += (1 + PD_IDX(pi->dirnum) - PI_IDX(j)) * pdi_mod;
- }
}
+}
- for (pf = free_list.next; pf; pf = pf->next) {
- snprintf(buf, sizeof buf, "Free: @%p [%p...%p[ %ld ->%p <-%p\n",
- pf, pf->page, (char *)pf->page + pf->size,
- pf->size, pf->prev, pf->next);
- write(fd, buf, strlen(buf));
- if (pf == pf->next) {
- snprintf(buf, sizeof buf, "Free_list loops\n");
- write(fd, buf, strlen(buf));
- break;
- }
- }
+static void
+malloc_dump1(int fd, struct dir_info *d)
+{
+ char buf[64];
+ size_t i, realsize;
- /* print out various info */
- snprintf(buf, sizeof buf, "Minsize\t%lu\n", malloc_minsize);
+ snprintf(buf, sizeof(buf), "Malloc dir of %s at %p\n", __progname, d);
write(fd, buf, strlen(buf));
- snprintf(buf, sizeof buf, "Maxsize\t%lu\n", malloc_maxsize);
+ snprintf(buf, sizeof(buf), "Regions slots %zu\n", d->regions_total);
write(fd, buf, strlen(buf));
- snprintf(buf, sizeof buf, "Pagesize\t%lu\n", malloc_pagesize);
+ snprintf(buf, sizeof(buf), "Finds %zu/%zu %f\n", d->finds,
+ d->find_collisions,
+ 1.0 + (double)d->find_collisions / d->finds);
write(fd, buf, strlen(buf));
- snprintf(buf, sizeof buf, "Pageshift\t%u\n", malloc_pageshift);
+ snprintf(buf, sizeof(buf), "Inserts %zu/%zu %f\n", d->inserts,
+ d->insert_collisions,
+ 1.0 + (double)d->insert_collisions / d->inserts);
write(fd, buf, strlen(buf));
- snprintf(buf, sizeof buf, "In use\t%lu\n", (u_long) malloc_used);
+ snprintf(buf, sizeof(buf), "Deletes %zu/%zu\n", d->deletes,
+ d->delete_moves);
write(fd, buf, strlen(buf));
- snprintf(buf, sizeof buf, "Guarded\t%lu\n", (u_long) malloc_guarded);
+ snprintf(buf, sizeof(buf), "Regions slots free %zu\n", d->regions_free);
+ write(fd, buf, strlen(buf));
+ for (i = 0; i < d->regions_total; i++) {
+ if (d->r[i].p != NULL) {
+ size_t h = hash(d->r[i].p) &
+ (d->regions_total - 1);
+ snprintf(buf, sizeof(buf), "%4zx) #%zx %zd ",
+ i, h, h - i);
+ write(fd, buf, strlen(buf));
+ REALSIZE(realsize, &d->r[i]);
+ if (realsize > MALLOC_MAXCHUNK) {
+ snprintf(buf, sizeof(buf),
+ "%p: %zu\n", d->r[i].p, realsize);
+ write(fd, buf, strlen(buf));
+ } else
+ dump_chunk(fd,
+ (struct chunk_info *)d->r[i].size, 0);
+ }
+ }
+ dump_free_chunk_info(fd, d);
+ dump_free_page_info(fd, d);
+ snprintf(buf, sizeof(buf), "In use %zu\n", malloc_used);
+ write(fd, buf, strlen(buf));
+ snprintf(buf, sizeof(buf), "Guarded %zu\n", malloc_guarded);
write(fd, buf, strlen(buf));
}
+
+
+void
+malloc_dump(int fd)
+{
+ malloc_dump1(fd, &g_pool);
+}
+
+static void
+malloc_exit(void)
+{
+ char *q = "malloc() warning: Couldn't dump stats\n";
+ int save_errno = errno, fd;
+
+ fd = open("malloc.out", O_RDWR|O_APPEND);
+ if (fd != -1) {
+ malloc_dump(fd);
+ close(fd);
+ } else
+ write(STDERR_FILENO, q, strlen(q));
+ errno = save_errno;
+}
#endif /* MALLOC_STATS */
-extern char *__progname;
+
static void
wrterror(char *p)
@@ -485,12 +338,11 @@ wrterror(char *p)
iov[4].iov_len = 1;
writev(STDERR_FILENO, iov, 5);
- suicide = 1;
#ifdef MALLOC_STATS
if (malloc_stats)
malloc_dump(STDERR_FILENO);
#endif /* MALLOC_STATS */
- malloc_active--;
+ //malloc_active--;
if (malloc_abort)
abort();
}
@@ -520,145 +372,153 @@ wrtwarning(char *p)
writev(STDERR_FILENO, iov, 5);
}
-#ifdef MALLOC_STATS
-static void
-malloc_exit(void)
-{
- char *q = "malloc() warning: Couldn't dump stats\n";
- int save_errno = errno, fd;
-
- fd = open("malloc.out", O_RDWR|O_APPEND);
- if (fd != -1) {
- malloc_dump(fd);
- close(fd);
- } else
- write(STDERR_FILENO, q, strlen(q));
- errno = save_errno;
-}
-#endif /* MALLOC_STATS */
-
/*
- * Allocate a number of pages from the OS
+ * Cache maintenance. We keep at most malloc_cache pages cached.
+ * If the cache is becoming full, unmap pages in the cache for real,
+ * and then add the region to the cache
+ * Opposed to the regular region data structure, the sizes in the
+ * cache are in MALLOC_PAGESIZE units.
*/
-static void *
-map_pages(size_t pages)
+static void
+unmap(struct dir_info *d, void *p, size_t sz)
{
- struct pdinfo *pi, *spi;
- struct pginfo **pd;
- u_long idx, pidx, lidx;
- caddr_t result, tail;
- u_long index, lindex;
- void *pdregion = NULL;
- size_t dirs, cnt;
-
- pages <<= malloc_pageshift;
- result = MMAP(pages + malloc_guard);
- if (result == MAP_FAILED) {
-#ifdef MALLOC_EXTRA_SANITY
- wrtwarning("(ES): map_pages fails");
-#endif /* MALLOC_EXTRA_SANITY */
- errno = ENOMEM;
- return (NULL);
- }
- index = ptr2index(result);
- tail = result + pages + malloc_guard;
- lindex = ptr2index(tail) - 1;
- if (malloc_guard)
- mprotect(result + pages, malloc_guard, PROT_NONE);
-
- pidx = PI_IDX(index);
- lidx = PI_IDX(lindex);
-
- if (tail > malloc_brk) {
- malloc_brk = tail;
- last_index = lindex;
- }
-
- dirs = lidx - pidx;
-
- /* Insert directory pages, if needed. */
- if (pdir_lookup(index, &pi) != 0)
- dirs++;
-
- if (dirs > 0) {
- pdregion = MMAP(malloc_pagesize * dirs);
- if (pdregion == MAP_FAILED) {
- munmap(result, tail - result);
-#ifdef MALLOC_EXTRA_SANITY
- wrtwarning("(ES): map_pages fails");
-#endif
- errno = ENOMEM;
- return (NULL);
- }
+ size_t psz = PAGEROUND(sz) >> MALLOC_PAGESHIFT;
+ size_t rsz, tounmap;
+ struct region_info *r;
+ u_int i, offset;
+
+ if (psz > malloc_cache) {
+ if (munmap(p, sz))
+ wrterror("unmap");
+ malloc_used -= sz;
+ return;
}
-
- cnt = 0;
- for (idx = pidx, spi = pi; idx <= lidx; idx++) {
- if (pi == NULL || PD_IDX(pi->dirnum) != idx) {
- pd = (struct pginfo **)((char *)pdregion +
- cnt * malloc_pagesize);
- cnt++;
- memset(pd, 0, malloc_pagesize);
- pi = (struct pdinfo *) ((caddr_t) pd + pdi_off);
- pi->base = pd;
- pi->prev = spi;
- pi->next = spi->next;
- pi->dirnum = idx * (malloc_pagesize /
- sizeof(struct pginfo *));
-
- if (spi->next != NULL)
- spi->next->prev = pi;
- spi->next = pi;
- }
- if (idx > pidx && idx < lidx) {
- pi->dirnum += pdi_mod;
- } else if (idx == pidx) {
- if (pidx == lidx) {
- pi->dirnum += (u_long)(tail - result) >>
- malloc_pageshift;
+ tounmap = 0;
+ rsz = malloc_cache - d->free_regions_size;
+ if (psz > rsz)
+ tounmap = psz - rsz;
+ d->free_regions_size -= tounmap;
+ offset = getrbyte();
+ for (i = 0; tounmap > 0 && i < malloc_cache; i++) {
+ r = &d->free_regions[(i + offset) & (malloc_cache - 1)];
+ if (r->p != NULL) {
+ if (r->size <= tounmap) {
+ rsz = r->size << MALLOC_PAGESHIFT;
+ if (munmap(r->p, rsz))
+ wrterror("munmap");
+ tounmap -= r->size;
+ r->p = NULL;
+ r->size = 0;
+ malloc_used -= rsz;
} else {
- pi->dirnum += pdi_mod - PI_OFF(index);
+ rsz = tounmap << MALLOC_PAGESHIFT;
+ if (munmap((char *)r->p + ((r->size - tounmap)
+ << MALLOC_PAGESHIFT), rsz))
+ wrterror("munmap");
+ r->size -= tounmap ;
+ tounmap = 0;
+ malloc_used -= rsz;
}
- } else {
- pi->dirnum += PI_OFF(ptr2index(tail - 1)) + 1;
}
-#ifdef MALLOC_EXTRA_SANITY
- if (PD_OFF(pi->dirnum) > pdi_mod || PD_IDX(pi->dirnum) > idx) {
- wrterror("(ES): pages directory overflow");
- errno = EFAULT;
- return (NULL);
+ }
+ if (tounmap > 0)
+ wrtwarning("malloc cache underflow");
+ for (i = 0; i < malloc_cache; i++) {
+ r = &d->free_regions[i];
+ if (r->p == NULL) {
+ if (malloc_hint)
+ madvise(p, sz, MADV_FREE);
+ if (malloc_freeprot)
+ mprotect(p, sz, PROT_NONE);
+ r->p = p;
+ r->size = psz;
+ d->free_regions_size += psz;
+ break;
}
-#endif /* MALLOC_EXTRA_SANITY */
- if (idx == pidx && pi != last_dir) {
- prev_dir = last_dir;
- last_dir = pi;
+ }
+ if (i == malloc_cache)
+ wrtwarning("malloc free slot lost");
+ if (d->free_regions_size > malloc_cache)
+ wrtwarning("malloc cache overflow");
+}
+
+static void *
+map(struct dir_info *d, size_t sz)
+{
+ size_t psz = PAGEROUND(sz) >> MALLOC_PAGESHIFT;
+ struct region_info *r, *big = NULL;
+ u_int i, offset;
+ void *p;
+
+ if (psz > d->free_regions_size) {
+ p = MMAP(sz);
+ if (p != MAP_FAILED)
+ malloc_used += sz;
+ return p;
+ }
+ offset = getrbyte();
+ for (i = 0; i < malloc_cache; i++) {
+ r = &d->free_regions[(i + offset) & (malloc_cache - 1)];
+ if (r->p != NULL) {
+ if (r->size == psz) {
+ p = r->p;
+ if (malloc_freeprot)
+ mprotect(p, sz, PROT_READ | PROT_WRITE);
+ if (malloc_hint)
+ madvise(p, sz, MADV_NORMAL);
+ r->p = NULL;
+ r->size = 0;
+ d->free_regions_size -= psz;
+ return p;
+ } else if (r->size > psz)
+ big = r;
}
- spi = pi;
- pi = spi->next;
}
-#ifdef MALLOC_EXTRA_SANITY
- if (cnt > dirs)
- wrtwarning("(ES): cnt > dirs");
-#endif /* MALLOC_EXTRA_SANITY */
- if (cnt < dirs)
- munmap((char *)pdregion + cnt * malloc_pagesize,
- (dirs - cnt) * malloc_pagesize);
-
- return (result);
+ if (big != NULL) {
+ r = big;
+ p = (char *)r->p + ((r->size - psz) << MALLOC_PAGESHIFT);
+ if (malloc_freeprot)
+ mprotect(p, sz, PROT_READ | PROT_WRITE);
+ if (malloc_hint)
+ madvise(p, sz, MADV_NORMAL);
+ r->size -= psz;
+ d->free_regions_size -= psz;
+ return p;
+ }
+ p = MMAP(sz);
+ if (p != MAP_FAILED)
+ malloc_used += sz;
+ if (d->free_regions_size > malloc_cache)
+ wrtwarning("malloc cache");
+ return p;
+}
+
+static void
+rbytes_init(void)
+{
+ arc4random_buf(rbytes, sizeof(rbytes));
+ rbytesused = 0;
+}
+
+static u_char
+getrbyte(void)
+{
+ if (rbytesused >= sizeof(rbytes))
+ rbytes_init();
+ return rbytes[rbytesused++];
}
/*
- * Initialize the world
+ * Initialize a dir_info, which should have been cleared by caller
*/
-static void
-malloc_init(void)
+static int
+omalloc_init(struct dir_info *d)
{
- char *p, b[64];
- int i, j, save_errno = errno;
+ char *p, b[64];
+ int i, j, save_errno = errno;
+ size_t regioninfo_size;
-#ifdef MALLOC_EXTRA_SANITY
- malloc_junk = 1;
-#endif /* MALLOC_EXTRA_SANITY */
+ rbytes_init();
for (i = 0; i < 3; i++) {
switch (i) {
@@ -686,6 +546,8 @@ malloc_init(void)
switch (*p) {
case '>':
malloc_cache <<= 1;
+ if (malloc_cache > MALLOC_MAXCACHE)
+ malloc_cache = MALLOC_MAXCACHE;
break;
case '<':
malloc_cache >>= 1;
@@ -714,7 +576,7 @@ malloc_init(void)
malloc_guard = 0;
break;
case 'G':
- malloc_guard = malloc_pagesize;
+ malloc_guard = MALLOC_PAGESIZE;
break;
case 'h':
malloc_hint = 0;
@@ -735,10 +597,10 @@ malloc_init(void)
malloc_silent = 1;
break;
case 'p':
- malloc_ptrguard = 0;
+ malloc_move = 0;
break;
case 'P':
- malloc_ptrguard = 1;
+ malloc_move = 1;
break;
case 'r':
malloc_realloc = 0;
@@ -746,14 +608,6 @@ malloc_init(void)
case 'R':
malloc_realloc = 1;
break;
-#ifdef __FreeBSD__
- case 'u':
- malloc_utrace = 0;
- break;
- case 'U':
- malloc_utrace = 1;
- break;
-#endif /* __FreeBSD__ */
case 'x':
malloc_xmalloc = 0;
break;
@@ -776,8 +630,6 @@ malloc_init(void)
}
}
- UTRACE(0, 0, 0);
-
/*
* We want junk in the entire allocation, and zero only in the part
* the user asked for.
@@ -791,271 +643,228 @@ malloc_init(void)
" Will not be able to dump malloc stats on exit");
#endif /* MALLOC_STATS */
- /* Allocate one page for the page directory. */
- page_dir = (struct pginfo **)MMAP(malloc_pagesize);
+ errno = save_errno;
- if (page_dir == MAP_FAILED) {
- wrterror("mmap(2) failed, check limits");
- errno = ENOMEM;
- return;
+ d->regions_bits = 9;
+ d->regions_free = d->regions_total = 1 << d->regions_bits;
+ regioninfo_size = d->regions_total * sizeof(struct region_info);
+ d->r = MMAP(regioninfo_size);
+ if (d->r == MAP_FAILED) {
+ wrterror("malloc init mmap failed");
+ d->regions_total = 0;
+ return 1;
}
- pdi_off = (malloc_pagesize - sizeof(struct pdinfo)) & ~(malloc_minsize - 1);
- pdi_mod = pdi_off / sizeof(struct pginfo *);
-
- last_dir = (struct pdinfo *) ((caddr_t) page_dir + pdi_off);
- last_dir->base = page_dir;
- last_dir->prev = last_dir->next = NULL;
- last_dir->dirnum = malloc_pageshift;
-
- /* Been here, done that. */
- malloc_started++;
-
- /* Recalculate the cache size in bytes, and make sure it's nonzero. */
- if (!malloc_cache)
- malloc_cache++;
- malloc_cache <<= malloc_pageshift;
- errno = save_errno;
+ malloc_used += regioninfo_size;
+ memset(d->r, 0, regioninfo_size);
+ d->canary1 = arc4random();
+ d->canary2 = ~d->canary1;
+ return 0;
}
-/*
- * Allocate a number of complete pages
- */
-static void *
-malloc_pages(size_t size)
+static int
+omalloc_grow(struct dir_info *d)
{
- void *p, *tp;
- int i;
- struct pginfo **pd;
- struct pdinfo *pi;
- u_long pidx, index;
- struct pgfree *pf, *delay_free = NULL;
-
- size = pageround(size) + malloc_guard;
-
- p = NULL;
- /* Look for free pages before asking for more */
- for (pf = free_list.next; pf; pf = pf->next) {
-
-#ifdef MALLOC_EXTRA_SANITY
- if (pf->size & malloc_pagemask) {
- wrterror("(ES): junk length entry on free_list");
- errno = EFAULT;
- return (NULL);
- }
- if (!pf->size) {
- wrterror("(ES): zero length entry on free_list");
- errno = EFAULT;
- return (NULL);
- }
- if (pf->page > (pf->page + pf->size)) {
- wrterror("(ES): sick entry on free_list");
- errno = EFAULT;
- return (NULL);
- }
- if ((pi = pf->pdir) == NULL) {
- wrterror("(ES): invalid page directory on free-list");
- errno = EFAULT;
- return (NULL);
- }
- if ((pidx = PI_IDX(ptr2index(pf->page))) != PD_IDX(pi->dirnum)) {
- wrterror("(ES): directory index mismatch on free-list");
- errno = EFAULT;
- return (NULL);
- }
- pd = pi->base;
- if (pd[PI_OFF(ptr2index(pf->page))] != MALLOC_FREE) {
- wrterror("(ES): non-free first page on free-list");
- errno = EFAULT;
- return (NULL);
- }
- pidx = PI_IDX(ptr2index((pf->page) + (pf->size)) - 1);
- for (pi = pf->pdir; pi != NULL && PD_IDX(pi->dirnum) < pidx;
- pi = pi->next)
- ;
- if (pi == NULL || PD_IDX(pi->dirnum) != pidx) {
- wrterror("(ES): last page not referenced in page directory");
- errno = EFAULT;
- return (NULL);
- }
- pd = pi->base;
- if (pd[PI_OFF(ptr2index((pf->page) + (pf->size)) - 1)] != MALLOC_FREE) {
- wrterror("(ES): non-free last page on free-list");
- errno = EFAULT;
- return (NULL);
- }
-#endif /* MALLOC_EXTRA_SANITY */
-
- if (pf->size < size)
- continue;
-
- if (pf->size == size) {
- p = pf->page;
- pi = pf->pdir;
- if (pf->next != NULL)
- pf->next->prev = pf->prev;
- pf->prev->next = pf->next;
- delay_free = pf;
- break;
+ size_t newbits;
+ size_t newtotal;
+ size_t newsize;
+ size_t mask;
+ size_t i;
+ struct region_info *p;
+
+ if (d->regions_total > SIZE_MAX / sizeof(struct region_info) / 2 )
+ return 1;
+
+ newbits = d->regions_bits + 1;
+ newtotal = d->regions_total * 2;
+ newsize = newtotal * sizeof(struct region_info);
+ mask = newtotal - 1;
+
+ p = MMAP(newsize);
+ if (p == MAP_FAILED)
+ return 1;
+
+ malloc_used += newsize;
+ memset(p, 0, newsize);
+ STATS_ZERO(d->inserts);
+ STATS_ZERO(d->insert_collisions);
+ for (i = 0; i < d->regions_total; i++) {
+ void *q = d->r[i].p;
+ if (q != NULL) {
+ size_t index = hash(q) & mask;
+ STATS_INC(d->inserts);
+ while (p[index].p != NULL) {
+ index = (index - 1) & mask;
+ STATS_INC(d->insert_collisions);
+ }
+ p[index] = d->r[i];
}
- p = pf->page;
- pf->page = (char *) pf->page + size;
- pf->size -= size;
- pidx = PI_IDX(ptr2index(pf->page));
- for (pi = pf->pdir; pi != NULL && PD_IDX(pi->dirnum) < pidx;
- pi = pi->next)
- ;
- if (pi == NULL || PD_IDX(pi->dirnum) != pidx) {
- wrterror("(ES): hole in directories");
- errno = EFAULT;
- return (NULL);
+ }
+ /* avoid pages containing meta info to end up in cache */
+ if (munmap(d->r, d->regions_total * sizeof(struct region_info)))
+ wrterror("omalloc_grow munmap");
+ else
+ malloc_used -= d->regions_total * sizeof(struct region_info);
+ d->regions_free = d->regions_free + d->regions_total;
+ d->regions_total = newtotal;
+ d->regions_bits = newbits;
+ d->r = p;
+ return 0;
+}
+
+static struct chunk_info *
+alloc_chunk_info(struct dir_info *d)
+{
+ struct chunk_info *p;
+ int i;
+
+ if (d->chunk_info_list == NULL) {
+ p = MMAP(MALLOC_PAGESIZE);
+ if (p == MAP_FAILED)
+ return NULL;
+ malloc_used += MALLOC_PAGESIZE;
+ for (i = 0; i < MALLOC_PAGESIZE / sizeof(*p); i++) {
+ p[i].next = d->chunk_info_list;
+ d->chunk_info_list = &p[i];
}
- tp = pf->pdir;
- pf->pdir = pi;
- pi = tp;
- break;
}
+ p = d->chunk_info_list;
+ d->chunk_info_list = p->next;
+ memset(p, 0, sizeof *p);
+ p->canary = d->canary1;
+ return p;
+}
+
- size -= malloc_guard;
+static void
+put_chunk_info(struct dir_info *d, struct chunk_info *p)
+{
+ p->next = d->chunk_info_list;
+ d->chunk_info_list = p;
+}
-#ifdef MALLOC_EXTRA_SANITY
- if (p != NULL && pi != NULL) {
- pidx = PD_IDX(pi->dirnum);
- pd = pi->base;
+static int
+insert(struct dir_info *d, void *p, size_t sz)
+{
+ size_t index;
+ size_t mask;
+ void *q;
+
+ if (d->regions_free * 4 < d->regions_total) {
+ if (omalloc_grow(d))
+ return 1;
}
- if (p != NULL && pd[PI_OFF(ptr2index(p))] != MALLOC_FREE) {
- wrterror("(ES): allocated non-free page on free-list");
- errno = EFAULT;
- return (NULL);
+ mask = d->regions_total - 1;
+ index = hash(p) & mask;
+ q = d->r[index].p;
+ STATS_INC(d->inserts);
+ while (q != NULL) {
+ index = (index - 1) & mask;
+ q = d->r[index].p;
+ STATS_INC(d->insert_collisions);
}
-#endif /* MALLOC_EXTRA_SANITY */
-
- if (p != NULL && (malloc_guard || malloc_freeprot))
- mprotect(p, size, PROT_READ | PROT_WRITE);
+ d->r[index].p = p;
+ d->r[index].size = sz;
+ d->regions_free--;
+ return 0;
+}
- size >>= malloc_pageshift;
+static struct region_info *
+find(struct dir_info *d, void *p)
+{
+ size_t index;
+ size_t mask = d->regions_total - 1;
+ void *q, *r;
+
+ if (d->canary1 != ~d->canary2)
+ wrterror("internal struct corrupt");
+ p = MASK_POINTER(p);
+ index = hash(p) & mask;
+ r = d->r[index].p;
+ q = MASK_POINTER(r);
+ STATS_INC(d->finds);
+ while (q != p && r != NULL) {
+ index = (index - 1) & mask;
+ r = d->r[index].p;
+ q = MASK_POINTER(r);
+ STATS_INC(d->find_collisions);
+ }
+ return q == p ? &d->r[index] : NULL;
+}
- /* Map new pages */
- if (p == NULL)
- p = map_pages(size);
-
- if (p != NULL) {
- index = ptr2index(p);
- pidx = PI_IDX(index);
- pdir_lookup(index, &pi);
-#ifdef MALLOC_EXTRA_SANITY
- if (pi == NULL || PD_IDX(pi->dirnum) != pidx) {
- wrterror("(ES): mapped pages not found in directory");
- errno = EFAULT;
- return (NULL);
- }
-#endif /* MALLOC_EXTRA_SANITY */
- if (pi != last_dir) {
- prev_dir = last_dir;
- last_dir = pi;
- }
- pd = pi->base;
- pd[PI_OFF(index)] = MALLOC_FIRST;
- for (i = 1; i < size; i++) {
- if (!PI_OFF(index + i)) {
- pidx++;
- pi = pi->next;
-#ifdef MALLOC_EXTRA_SANITY
- if (pi == NULL || PD_IDX(pi->dirnum) != pidx) {
- wrterror("(ES): hole in mapped pages directory");
- errno = EFAULT;
- return (NULL);
- }
-#endif /* MALLOC_EXTRA_SANITY */
- pd = pi->base;
- }
- pd[PI_OFF(index + i)] = MALLOC_FOLLOW;
- }
- if (malloc_guard) {
- if (!PI_OFF(index + i)) {
- pidx++;
- pi = pi->next;
-#ifdef MALLOC_EXTRA_SANITY
- if (pi == NULL || PD_IDX(pi->dirnum) != pidx) {
- wrterror("(ES): hole in mapped pages directory");
- errno = EFAULT;
- return (NULL);
- }
-#endif /* MALLOC_EXTRA_SANITY */
- pd = pi->base;
- }
- pd[PI_OFF(index + i)] = MALLOC_FIRST;
+static void
+delete(struct dir_info *d, struct region_info *ri)
+{
+ /* algorithm R, Knuth Vol III section 6.4 */
+ size_t mask = d->regions_total - 1;
+ size_t i, j, r;
+
+ if (d->regions_total & (d->regions_total - 1))
+ wrterror("regions_total not 2^x");
+ d->regions_free++;
+ STATS_INC(g_pool.deletes);
+
+ i = ri - d->r;
+ for (;;) {
+ d->r[i].p = NULL;
+ d->r[i].size = 0;
+ j = i;
+ for (;;) {
+ i = (i - 1) & mask;
+ if (d->r[i].p == NULL)
+ return;
+ r = hash(d->r[i].p) & mask;
+ if ((i <= r && r < j) || (r < j && j < i) ||
+ (j < i && i <= r))
+ continue;
+ d->r[j] = d->r[i];
+ STATS_INC(g_pool.delete_moves);
+ break;
}
- malloc_used += size << malloc_pageshift;
- malloc_guarded += malloc_guard;
- if (malloc_junk)
- memset(p, SOME_JUNK, size << malloc_pageshift);
}
- if (delay_free) {
- if (px == NULL)
- px = delay_free;
- else
- put_pgfree(delay_free);
- }
- return (p);
}
-
+
/*
- * Allocate a page of fragments
+ * Allocate a page of chunks
*/
-
-static int
-malloc_make_chunks(int bits)
+static struct chunk_info *
+omalloc_make_chunks(struct dir_info *d, int bits)
{
- struct pginfo *bp, **pd;
- struct pdinfo *pi;
-#ifdef MALLOC_EXTRA_SANITY
- u_long pidx;
-#endif /* MALLOC_EXTRA_SANITY */
+ struct chunk_info *bp;
void *pp;
long i, k;
/* Allocate a new bucket */
- pp = malloc_pages((size_t)malloc_pagesize);
- if (pp == NULL)
- return (0);
+ pp = map(d, MALLOC_PAGESIZE);
+ if (pp == MAP_FAILED)
+ return NULL;
- /* Find length of admin structure */
-
- /* Don't waste more than two chunks on this */
-
- /*
- * If we are to allocate a memory protected page for the malloc(0)
- * case (when bits=0), it must be from a different page than the
- * pginfo page.
- * --> Treat it like the big chunk alloc, get a second data page.
- */
- bp = alloc_pginfo();
+ bp = alloc_chunk_info(d);
if (bp == NULL) {
- ifree(pp);
- return (0);
+ unmap(d, pp, MALLOC_PAGESIZE);
+ return NULL;
}
/* memory protect the page allocated in the malloc(0) case */
if (bits == 0) {
bp->size = 0;
bp->shift = 1;
- i = malloc_minsize - 1;
+ i = MALLOC_MINSIZE - 1;
while (i >>= 1)
bp->shift++;
- bp->total = bp->free = malloc_pagesize >> bp->shift;
+ bp->total = bp->free = MALLOC_PAGESIZE >> bp->shift;
bp->page = pp;
- k = mprotect(pp, malloc_pagesize, PROT_NONE);
+ k = mprotect(pp, MALLOC_PAGESIZE, PROT_NONE);
if (k < 0) {
- ifree(pp);
- put_pginfo(bp);
- return (0);
+ unmap(d, pp, MALLOC_PAGESIZE);
+ put_chunk_info(d, bp);
+ return NULL;
}
} else {
bp->size = (1UL << bits);
bp->shift = bits;
- bp->total = bp->free = malloc_pagesize >> bits;
+ bp->total = bp->free = MALLOC_PAGESIZE >> bits;
bp->page = pp;
}
@@ -1070,63 +879,54 @@ malloc_make_chunks(int bits)
for (; i < k; i++)
bp->bits[i / MALLOC_BITS] |= 1UL << (i % MALLOC_BITS);
- pdir_lookup(ptr2index(pp), &pi);
-#ifdef MALLOC_EXTRA_SANITY
- pidx = PI_IDX(ptr2index(pp));
- if (pi == NULL || PD_IDX(pi->dirnum) != pidx) {
- wrterror("(ES): mapped pages not found in directory");
- errno = EFAULT;
- return (0);
- }
-#endif /* MALLOC_EXTRA_SANITY */
- if (pi != last_dir) {
- prev_dir = last_dir;
- last_dir = pi;
- }
- pd = pi->base;
- pd[PI_OFF(ptr2index(pp))] = bp;
+ bp->next = d->chunk_dir[bits];
+ d->chunk_dir[bits] = bp;
- bp->next = page_dir[bits];
- page_dir[bits] = bp;
+ bits++;
+ if ((uintptr_t)pp & bits)
+ wrterror("pp & bits");
- /* MALLOC_UNLOCK */
- return (1);
+ insert(d, (void *)((uintptr_t)pp | bits), (uintptr_t)bp);
+ return bp;
}
+
/*
- * Allocate a fragment
+ * Allocate a chunk
*/
static void *
-malloc_bytes(size_t size)
+malloc_bytes(struct dir_info *d, size_t size)
{
int i, j;
size_t k;
u_long u, *lp;
- struct pginfo *bp;
+ struct chunk_info *bp;
/* Don't bother with anything less than this */
/* unless we have a malloc(0) requests */
- if (size != 0 && size < malloc_minsize)
- size = malloc_minsize;
+ if (size != 0 && size < MALLOC_MINSIZE)
+ size = MALLOC_MINSIZE;
/* Find the right bucket */
if (size == 0)
j = 0;
else {
- j = 1;
- i = size - 1;
+ j = MALLOC_MINSHIFT;
+ i = (size - 1) >> (MALLOC_MINSHIFT - 1);
while (i >>= 1)
j++;
}
/* If it's empty, make a page more of that size chunks */
- if (page_dir[j] == NULL && !malloc_make_chunks(j))
- return (NULL);
-
- bp = page_dir[j];
+ bp = d->chunk_dir[j];
+ if (bp == NULL && (bp = omalloc_make_chunks(d, j)) == NULL)
+ return NULL;
+ if (bp->canary != d->canary1)
+ wrterror("chunk info corrupted");
/* Find first word of bitmap which isn't empty */
- for (lp = bp->bits; !*lp; lp++);
+ for (lp = bp->bits; !*lp; lp++)
+ /* EMPTY */;
/* Find that bit, and tweak it */
u = 1;
@@ -1136,578 +936,59 @@ malloc_bytes(size_t size)
k++;
}
- if (malloc_guard) {
- /* Walk to a random position. */
- i = arc4random_uniform(bp->free);
- while (i > 0) {
- u += u;
- k++;
- if (k >= MALLOC_BITS) {
- lp++;
- u = 1;
- k = 0;
- }
-#ifdef MALLOC_EXTRA_SANITY
- if (lp - bp->bits > (bp->total - 1) / MALLOC_BITS) {
- wrterror("chunk overflow");
- errno = EFAULT;
- return (NULL);
- }
-#endif /* MALLOC_EXTRA_SANITY */
- if (*lp & u)
- i--;
+ /* advance a random # of positions */
+ i = (getrbyte() & (MALLOC_DELAYED_CHUNKS - 1)) % bp->free;
+ while (i > 0) {
+ u += u;
+ k++;
+ if (k >= MALLOC_BITS) {
+ lp++;
+ u = 1;
+ k = 0;
+ }
+ if (lp - bp->bits > (bp->total - 1) / MALLOC_BITS) {
+ wrterror("chunk overflow");
+ errno = EFAULT;
+ return (NULL);
}
+ if (*lp & u)
+ i--;
}
+
*lp ^= u;
/* If there are no more free, remove from free-list */
if (!--bp->free) {
- page_dir[j] = bp->next;
+ d->chunk_dir[j] = bp->next;
bp->next = NULL;
}
/* Adjust to the real offset of that chunk */
k += (lp - bp->bits) * MALLOC_BITS;
k <<= bp->shift;
- if (malloc_junk && bp->size != 0)
- memset((char *)bp->page + k, SOME_JUNK, (size_t)bp->size);
-
- return ((u_char *) bp->page + k);
+ if (malloc_junk && bp->size > 0)
+ memset((char *)bp->page + k, SOME_JUNK, bp->size);
+ return ((char *)bp->page + k);
}
-/*
- * Magic so that malloc(sizeof(ptr)) is near the end of the page.
- */
-#define PTR_GAP (malloc_pagesize - sizeof(void *))
-#define PTR_SIZE (sizeof(void *))
-#define PTR_ALIGNED(p) (((unsigned long)p & malloc_pagemask) == PTR_GAP)
-
-/*
- * Allocate a piece of memory
- */
-static void *
-imalloc(size_t size)
-{
- void *result;
- int ptralloc = 0;
-
- if (!malloc_started)
- malloc_init();
-
- if (suicide)
- abort();
-
- /* does not matter if alloc_pgfree() fails */
- if (px == NULL)
- px = alloc_pgfree();
-
- if (malloc_ptrguard && size == PTR_SIZE) {
- ptralloc = 1;
- size = malloc_pagesize;
- }
- if ((size + malloc_pagesize) < size) { /* Check for overflow */
- result = NULL;
- errno = ENOMEM;
- } else if (size <= malloc_maxsize)
- result = malloc_bytes(size);
- else
- result = malloc_pages(size);
-
- if (malloc_abort == 1 && result == NULL)
- wrterror("allocation failed");
-
- if (malloc_zero && result != NULL)
- memset(result, 0, size);
-
- if (result && ptralloc)
- return ((char *) result + PTR_GAP);
- return (result);
-}
-
-/*
- * Change the size of an allocation.
- */
-static void *
-irealloc(void *ptr, size_t size)
-{
- void *p;
- size_t osize;
- u_long index, i;
- struct pginfo **mp;
- struct pginfo **pd;
- struct pdinfo *pi;
-#ifdef MALLOC_EXTRA_SANITY
- u_long pidx;
-#endif /* MALLOC_EXTRA_SANITY */
-
- if (suicide)
- abort();
-
- if (!malloc_started) {
- wrtwarning("malloc() has never been called");
- return (NULL);
- }
- if (malloc_ptrguard && PTR_ALIGNED(ptr)) {
- if (size <= PTR_SIZE)
- return (ptr);
-
- p = imalloc(size);
- if (p)
- memcpy(p, ptr, PTR_SIZE);
- ifree(ptr);
- return (p);
- }
- index = ptr2index(ptr);
-
- if (index < malloc_pageshift) {
- wrtwarning("junk pointer, too low to make sense");
- return (NULL);
- }
- if (index > last_index) {
- wrtwarning("junk pointer, too high to make sense");
- return (NULL);
- }
- pdir_lookup(index, &pi);
-#ifdef MALLOC_EXTRA_SANITY
- pidx = PI_IDX(index);
- if (pi == NULL || PD_IDX(pi->dirnum) != pidx) {
- wrterror("(ES): mapped pages not found in directory");
- errno = EFAULT;
- return (NULL);
- }
-#endif /* MALLOC_EXTRA_SANITY */
- if (pi != last_dir) {
- prev_dir = last_dir;
- last_dir = pi;
- }
- pd = pi->base;
- mp = &pd[PI_OFF(index)];
-
- if (*mp == MALLOC_FIRST) { /* Page allocation */
-
- /* Check the pointer */
- if ((u_long) ptr & malloc_pagemask) {
- wrtwarning("modified (page-) pointer");
- return (NULL);
- }
- /* Find the size in bytes */
- i = index;
- if (!PI_OFF(++i)) {
- pi = pi->next;
- if (pi != NULL && PD_IDX(pi->dirnum) != PI_IDX(i))
- pi = NULL;
- if (pi != NULL)
- pd = pi->base;
- }
- for (osize = malloc_pagesize;
- pi != NULL && pd[PI_OFF(i)] == MALLOC_FOLLOW;) {
- osize += malloc_pagesize;
- if (!PI_OFF(++i)) {
- pi = pi->next;
- if (pi != NULL && PD_IDX(pi->dirnum) != PI_IDX(i))
- pi = NULL;
- if (pi != NULL)
- pd = pi->base;
- }
- }
-
- if (!malloc_realloc && size <= osize &&
- size > osize - malloc_pagesize) {
- if (malloc_junk)
- memset((char *)ptr + size, SOME_JUNK, osize - size);
- return (ptr); /* ..don't do anything else. */
- }
- } else if (*mp >= MALLOC_MAGIC) { /* Chunk allocation */
-
- /* Check the pointer for sane values */
- if ((u_long) ptr & ((1UL << ((*mp)->shift)) - 1)) {
- wrtwarning("modified (chunk-) pointer");
- return (NULL);
- }
- /* Find the chunk index in the page */
- i = ((u_long) ptr & malloc_pagemask) >> (*mp)->shift;
-
- /* Verify that it isn't a free chunk already */
- if ((*mp)->bits[i / MALLOC_BITS] & (1UL << (i % MALLOC_BITS))) {
- wrtwarning("chunk is already free");
- return (NULL);
- }
- osize = (*mp)->size;
-
- if (!malloc_realloc && size <= osize &&
- (size > osize / 2 || osize == malloc_minsize)) {
- if (malloc_junk)
- memset((char *) ptr + size, SOME_JUNK, osize - size);
- return (ptr); /* ..don't do anything else. */
- }
- } else {
- wrtwarning("irealloc: pointer to wrong page");
- return (NULL);
- }
-
- p = imalloc(size);
-
- if (p != NULL) {
- /* copy the lesser of the two sizes, and free the old one */
- /* Don't move from/to 0 sized region !!! */
- if (osize != 0 && size != 0) {
- if (osize < size)
- memcpy(p, ptr, osize);
- else
- memcpy(p, ptr, size);
- }
- ifree(ptr);
- }
- return (p);
-}
-
-/*
- * Free a sequence of pages
- */
-static void
-free_pages(void *ptr, u_long index, struct pginfo * info)
-{
- u_long i, pidx, lidx;
- size_t l, cachesize = 0;
- struct pginfo **pd;
- struct pdinfo *pi, *spi;
- struct pgfree *pf, *pt = NULL;
- caddr_t tail;
-
- if (info == MALLOC_FREE) {
- wrtwarning("page is already free");
- return;
- }
- if (info != MALLOC_FIRST) {
- wrtwarning("free_pages: pointer to wrong page");
- return;
- }
- if ((u_long) ptr & malloc_pagemask) {
- wrtwarning("modified (page-) pointer");
- return;
- }
- /* Count how many pages and mark them free at the same time */
- pidx = PI_IDX(index);
- pdir_lookup(index, &pi);
-#ifdef MALLOC_EXTRA_SANITY
- if (pi == NULL || PD_IDX(pi->dirnum) != pidx) {
- wrterror("(ES): mapped pages not found in directory");
- errno = EFAULT;
- return;
- }
-#endif /* MALLOC_EXTRA_SANITY */
-
- spi = pi; /* Save page index for start of region. */
-
- pd = pi->base;
- pd[PI_OFF(index)] = MALLOC_FREE;
- i = 1;
- if (!PI_OFF(index + i)) {
- pi = pi->next;
- if (pi == NULL || PD_IDX(pi->dirnum) != PI_IDX(index + i))
- pi = NULL;
- else
- pd = pi->base;
- }
- while (pi != NULL && pd[PI_OFF(index + i)] == MALLOC_FOLLOW) {
- pd[PI_OFF(index + i)] = MALLOC_FREE;
- i++;
- if (!PI_OFF(index + i)) {
- if ((pi = pi->next) == NULL ||
- PD_IDX(pi->dirnum) != PI_IDX(index + i))
- pi = NULL;
- else
- pd = pi->base;
- }
- }
-
- l = i << malloc_pageshift;
-
- if (malloc_junk)
- memset(ptr, SOME_JUNK, l);
-
- malloc_used -= l;
- malloc_guarded -= malloc_guard;
- if (malloc_guard) {
-#ifdef MALLOC_EXTRA_SANITY
- if (pi == NULL || PD_IDX(pi->dirnum) != PI_IDX(index + i)) {
- wrterror("(ES): hole in mapped pages directory");
- errno = EFAULT;
- return;
- }
-#endif /* MALLOC_EXTRA_SANITY */
- pd[PI_OFF(index + i)] = MALLOC_FREE;
- l += malloc_guard;
- }
- tail = (caddr_t)ptr + l;
-
- if (malloc_hint)
- madvise(ptr, l, MADV_FREE);
-
- if (malloc_freeprot)
- mprotect(ptr, l, PROT_NONE);
-
- /* Add to free-list. */
- if (px == NULL && (px = alloc_pgfree()) == NULL)
- goto not_return;
- px->page = ptr;
- px->pdir = spi;
- px->size = l;
-
- if (free_list.next == NULL) {
- /* Nothing on free list, put this at head. */
- px->next = NULL;
- px->prev = &free_list;
- free_list.next = px;
- pf = px;
- px = NULL;
- } else {
- /*
- * Find the right spot, leave pf pointing to the modified
- * entry.
- */
-
- /* Race ahead here, while calculating cache size. */
- for (pf = free_list.next;
- (caddr_t)ptr > ((caddr_t)pf->page + pf->size)
- && pf->next != NULL;
- pf = pf->next)
- cachesize += pf->size;
-
- /* Finish cache size calculation. */
- pt = pf;
- while (pt) {
- cachesize += pt->size;
- pt = pt->next;
- }
-
- if ((caddr_t)pf->page > tail) {
- /* Insert before entry */
- px->next = pf;
- px->prev = pf->prev;
- pf->prev = px;
- px->prev->next = px;
- pf = px;
- px = NULL;
- } else if (((caddr_t)pf->page + pf->size) == ptr) {
- /* Append to the previous entry. */
- cachesize -= pf->size;
- pf->size += l;
- if (pf->next != NULL &&
- pf->next->page == ((caddr_t)pf->page + pf->size)) {
- /* And collapse the next too. */
- pt = pf->next;
- pf->size += pt->size;
- pf->next = pt->next;
- if (pf->next != NULL)
- pf->next->prev = pf;
- }
- } else if (pf->page == tail) {
- /* Prepend to entry. */
- cachesize -= pf->size;
- pf->size += l;
- pf->page = ptr;
- pf->pdir = spi;
- } else if (pf->next == NULL) {
- /* Append at tail of chain. */
- px->next = NULL;
- px->prev = pf;
- pf->next = px;
- pf = px;
- px = NULL;
- } else {
- wrterror("freelist is destroyed");
- errno = EFAULT;
- return;
- }
- }
-
- if (pf->pdir != last_dir) {
- prev_dir = last_dir;
- last_dir = pf->pdir;
- }
-
- /* Return something to OS ? */
- if (pf->size > (malloc_cache - cachesize)) {
-
- /*
- * Keep the cache intact. Notice that the '>' above guarantees that
- * the pf will always have at least one page afterwards.
- */
- if (munmap((char *) pf->page + (malloc_cache - cachesize),
- pf->size - (malloc_cache - cachesize)) != 0)
- goto not_return;
- tail = (caddr_t)pf->page + pf->size;
- lidx = ptr2index(tail) - 1;
- pf->size = malloc_cache - cachesize;
-
- index = ptr2index((caddr_t)pf->page + pf->size);
-
- pidx = PI_IDX(index);
- if (prev_dir != NULL && PD_IDX(prev_dir->dirnum) >= pidx)
- prev_dir = NULL; /* Will be wiped out below ! */
-
- for (pi = pf->pdir; pi != NULL && PD_IDX(pi->dirnum) < pidx;
- pi = pi->next)
- ;
-
- spi = pi;
- if (pi != NULL && PD_IDX(pi->dirnum) == pidx) {
- pd = pi->base;
-
- for (i = index; i <= lidx;) {
- if (pd[PI_OFF(i)] != MALLOC_NOT_MINE) {
- pd[PI_OFF(i)] = MALLOC_NOT_MINE;
-#ifdef MALLOC_EXTRA_SANITY
- if (!PD_OFF(pi->dirnum)) {
- wrterror("(ES): pages directory underflow");
- errno = EFAULT;
- return;
- }
-#endif /* MALLOC_EXTRA_SANITY */
- pi->dirnum--;
- }
-#ifdef MALLOC_EXTRA_SANITY
- else
- wrtwarning("(ES): page already unmapped");
-#endif /* MALLOC_EXTRA_SANITY */
- i++;
- if (!PI_OFF(i)) {
- /*
- * If no page in that dir, free
- * directory page.
- */
- if (!PD_OFF(pi->dirnum)) {
- /* Remove from list. */
- if (spi == pi)
- spi = pi->prev;
- if (pi->prev != NULL)
- pi->prev->next = pi->next;
- if (pi->next != NULL)
- pi->next->prev = pi->prev;
- pi = pi->next;
- munmap(pd, malloc_pagesize);
- } else
- pi = pi->next;
- if (pi == NULL ||
- PD_IDX(pi->dirnum) != PI_IDX(i))
- break;
- pd = pi->base;
- }
- }
- if (pi && !PD_OFF(pi->dirnum)) {
- /* Resulting page dir is now empty. */
- /* Remove from list. */
- if (spi == pi) /* Update spi only if first. */
- spi = pi->prev;
- if (pi->prev != NULL)
- pi->prev->next = pi->next;
- if (pi->next != NULL)
- pi->next->prev = pi->prev;
- pi = pi->next;
- munmap(pd, malloc_pagesize);
- }
- }
- if (pi == NULL && malloc_brk == tail) {
- /* Resize down the malloc upper boundary. */
- last_index = index - 1;
- malloc_brk = index2ptr(index);
- }
-
- /* XXX: We could realloc/shrink the pagedir here I guess. */
- if (pf->size == 0) { /* Remove from free-list as well. */
- if (px)
- put_pgfree(px);
- if ((px = pf->prev) != &free_list) {
- if (pi == NULL && last_index == (index - 1)) {
- if (spi == NULL) {
- malloc_brk = NULL;
- i = 11;
- } else {
- pd = spi->base;
- if (PD_IDX(spi->dirnum) < pidx)
- index =
- ((PD_IDX(spi->dirnum) + 1) *
- pdi_mod) - 1;
- for (pi = spi, i = index;
- pd[PI_OFF(i)] == MALLOC_NOT_MINE;
- i--) {
-#ifdef MALLOC_EXTRA_SANITY
- if (!PI_OFF(i)) {
- pi = pi->prev;
- if (pi == NULL || i == 0)
- break;
- pd = pi->base;
- i = (PD_IDX(pi->dirnum) + 1) * pdi_mod;
- }
-#endif /* MALLOC_EXTRA_SANITY */
- }
- malloc_brk = index2ptr(i + 1);
- }
- last_index = i;
- }
- if ((px->next = pf->next) != NULL)
- px->next->prev = px;
- } else {
- if ((free_list.next = pf->next) != NULL)
- free_list.next->prev = &free_list;
- }
- px = pf;
- last_dir = prev_dir;
- prev_dir = NULL;
- }
- }
-not_return:
- if (pt != NULL)
- put_pgfree(pt);
-}
/*
* Free a chunk, and possibly the page it's on, if the page becomes empty.
*/
-
-/* ARGSUSED */
static void
-free_bytes(void *ptr)
+free_bytes(struct dir_info *d, struct region_info *r, void *ptr)
{
- u_int8_t __arc4_getbyte(void);
- struct pginfo **mp, **pd, *info;
- struct pdinfo *pi;
-#ifdef MALLOC_EXTRA_SANITY
- u_long pidx;
-#endif /* MALLOC_EXTRA_SANITY */
- u_long index;
- void *vp;
- long i;
- void *tmpptr;
- unsigned int tmpidx;
- /* pointers that we will want to free at some future time */
- static void *chunk_buffer[16];
-
-
- /* delay return, returning a random something from before instead */
- tmpidx = __arc4_getbyte() % 16;
- tmpptr = chunk_buffer[tmpidx];
- chunk_buffer[tmpidx] = ptr;
- ptr = tmpptr;
- if (!ptr)
- return;
-
- index = ptr2index(ptr);
-
- pdir_lookup(index, &pi);
- if (pi != last_dir) {
- prev_dir = last_dir;
- last_dir = pi;
- }
- pd = pi->base;
- info = pd[PI_OFF(index)];
+ struct chunk_info *info, **mp;
+ long i;
+ info = (struct chunk_info *)r->size;
+ if (info->canary != d->canary1)
+ wrterror("chunk info corrupted");
/* Find the chunk number on the page */
- i = ((u_long) ptr & malloc_pagemask) >> info->shift;
+ i = ((uintptr_t)ptr & MALLOC_PAGEMASK) >> info->shift;
- if ((u_long) ptr & ((1UL << (info->shift)) - 1)) {
+ if ((uintptr_t)ptr & ((1UL << (info->shift)) - 1)) {
wrtwarning("modified (chunk-) pointer");
return;
}
@@ -1715,16 +996,14 @@ free_bytes(void *ptr)
wrtwarning("chunk is already free");
return;
}
- if (malloc_junk && info->size != 0)
- memset(ptr, SOME_JUNK, (size_t)info->size);
info->bits[i / MALLOC_BITS] |= 1UL << (i % MALLOC_BITS);
info->free++;
if (info->size != 0)
- mp = page_dir + info->shift;
+ mp = d->chunk_dir + info->shift;
else
- mp = page_dir;
+ mp = d->chunk_dir;
if (info->free == 1) {
/* Page became non-full */
@@ -1743,102 +1022,71 @@ free_bytes(void *ptr)
/* Find & remove this page in the queue */
while (*mp != info) {
mp = &((*mp)->next);
-#ifdef MALLOC_EXTRA_SANITY
if (!*mp) {
- wrterror("(ES): Not on queue");
+ wrterror("not on queue");
errno = EFAULT;
return;
}
-#endif /* MALLOC_EXTRA_SANITY */
}
*mp = info->next;
- /* Free the page & the info structure if need be */
- pdir_lookup(ptr2index(info->page), &pi);
-#ifdef MALLOC_EXTRA_SANITY
- pidx = PI_IDX(ptr2index(info->page));
- if (pi == NULL || PD_IDX(pi->dirnum) != pidx) {
- wrterror("(ES): mapped pages not found in directory");
- errno = EFAULT;
- return;
- }
-#endif /* MALLOC_EXTRA_SANITY */
- if (pi != last_dir) {
- prev_dir = last_dir;
- last_dir = pi;
- }
- pd = pi->base;
- pd[PI_OFF(ptr2index(info->page))] = MALLOC_FIRST;
-
- /* If the page was mprotected, unprotect it before releasing it */
- if (info->size == 0)
- mprotect(info->page, malloc_pagesize, PROT_READ | PROT_WRITE);
+ if (info->size == 0 && !malloc_freeprot)
+ mprotect(info->page, MALLOC_PAGESIZE, PROT_READ | PROT_WRITE);
+ unmap(d, info->page, MALLOC_PAGESIZE);
- vp = info->page;
- put_pginfo(info);
- ifree(vp);
+ delete(d, r);
+ put_chunk_info(d, info);
}
-static void
-ifree(void *ptr)
-{
- struct pginfo *info, **pd;
- u_long index;
-#ifdef MALLOC_EXTRA_SANITY
- u_long pidx;
-#endif /* MALLOC_EXTRA_SANITY */
- struct pdinfo *pi;
-
- if (!malloc_started) {
- wrtwarning("malloc() has never been called");
- return;
- }
- /* If we're already sinking, don't make matters any worse. */
- if (suicide)
- return;
-
- if (malloc_ptrguard && PTR_ALIGNED(ptr))
- ptr = (char *)ptr - PTR_GAP;
- index = ptr2index(ptr);
- if (index < malloc_pageshift) {
- warnx("(%p)", ptr);
- wrtwarning("ifree: junk pointer, too low to make sense");
- return;
- }
- if (index > last_index) {
- warnx("(%p)", ptr);
- wrtwarning("ifree: junk pointer, too high to make sense");
- return;
- }
+static void *
+omalloc(size_t sz, int zero_fill)
+{
+ void *p;
+ size_t psz;
- pdir_lookup(index, &pi);
-#ifdef MALLOC_EXTRA_SANITY
- pidx = PI_IDX(index);
- if (pi == NULL || PD_IDX(pi->dirnum) != pidx) {
- wrterror("(ES): mapped pages not found in directory");
- errno = EFAULT;
- return;
- }
-#endif /* MALLOC_EXTRA_SANITY */
- if (pi != last_dir) {
- prev_dir = last_dir;
- last_dir = pi;
+ if (sz > MALLOC_MAXCHUNK) {
+ if (sz >= SIZE_MAX - malloc_guard - MALLOC_PAGESIZE) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ sz += malloc_guard;
+ psz = PAGEROUND(sz);
+ p = map(&g_pool, psz);
+ if (p == MAP_FAILED) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ if (insert(&g_pool, p, sz)) {
+ unmap(&g_pool, p, sz);
+ errno = ENOMEM;
+ return NULL;
+ }
+ if (malloc_guard) {
+ if (mprotect((char *)p + psz - malloc_guard,
+ malloc_guard, PROT_NONE))
+ wrterror("mprotect");
+ malloc_guarded += malloc_guard;
+ }
+ if (malloc_junk)
+ memset(p, SOME_JUNK, psz - malloc_guard);
+
+ /* shift towards the end */
+ if (malloc_move &&
+ sz - malloc_guard < MALLOC_PAGESIZE - MALLOC_MINSIZE)
+ p = ((char *)p) + ((MALLOC_PAGESIZE - MALLOC_MINSIZE -
+ (sz - malloc_guard)) & ~(MALLOC_MINSIZE-1));
+ if (zero_fill)
+ memset(p, 0, sz - malloc_guard);
+ } else {
+ /* takes care of SOME_JUNK */
+ p = malloc_bytes(&g_pool, sz);
+ if (zero_fill && p != NULL && sz > 0)
+ memset(p, 0, sz);
}
- pd = pi->base;
- info = pd[PI_OFF(index)];
-
- if (info < MALLOC_MAGIC)
- free_pages(ptr, index, info);
- else
- free_bytes(ptr);
-
- /* does not matter if alloc_pgfree fails */
- if (px == NULL)
- px = alloc_pgfree();
- return;
+ return p;
}
/*
@@ -1846,10 +1094,10 @@ ifree(void *ptr)
* print the error message once, to avoid making the problem
* potentially worse.
*/
-static void
+static void
malloc_recurse(void)
{
- static int noprint;
+ static int noprint;
if (noprint == 0) {
noprint = 1;
@@ -1860,74 +1108,218 @@ malloc_recurse(void)
errno = EDEADLK;
}
-/*
- * These are the public exported interface routines.
- */
void *
malloc(size_t size)
{
- void *r;
+ void *r;
_MALLOC_LOCK();
malloc_func = " in malloc():";
+ if (!g_pool.regions_total) {
+ if (omalloc_init(&g_pool)) {
+ _MALLOC_UNLOCK();
+ if (malloc_xmalloc)
+ wrterror("out of memory");
+ errno = ENOMEM;
+ return NULL;
+ }
+ }
if (malloc_active++) {
malloc_recurse();
- return (NULL);
+ return NULL;
}
- r = imalloc(size);
- UTRACE(0, size, r);
+ r = omalloc(size, malloc_zero);
malloc_active--;
_MALLOC_UNLOCK();
- if (malloc_xmalloc && r == NULL) {
+ if (r == NULL && malloc_xmalloc) {
wrterror("out of memory");
errno = ENOMEM;
}
- return (r);
+ return r;
+}
+
+static void
+ofree(void *p)
+{
+ struct region_info *r;
+ size_t sz;
+
+ r = find(&g_pool, p);
+ if (r == NULL) {
+ wrtwarning("bogus pointer (double free?)");
+ return;
+ }
+ REALSIZE(sz, r);
+ if (sz > MALLOC_MAXCHUNK) {
+ if (sz - malloc_guard >= MALLOC_PAGESIZE - MALLOC_MINSIZE) {
+ if (r->p != p)
+ wrtwarning("bogus pointer");
+ } else {
+#if notyetbecause_of_realloc
+ /* shifted towards the end */
+ if (p != ((char *)r->p) + ((MALLOC_PAGESIZE -
+ MALLOC_MINSIZE - sz - malloc_guard) &
+ ~(MALLOC_MINSIZE-1))) {
+ }
+#endif
+ p = r->p;
+ }
+ if (malloc_guard) {
+ if (sz < malloc_guard)
+ wrtwarning("guard size");
+ if (!malloc_freeprot) {
+ if (mprotect((char *)p + PAGEROUND(sz) -
+ malloc_guard, malloc_guard,
+ PROT_READ | PROT_WRITE))
+ wrterror("mprotect");
+ }
+ malloc_guarded -= malloc_guard;
+ }
+ if (malloc_junk)
+ memset(p, SOME_FREEJUNK, PAGEROUND(sz) - malloc_guard);
+ unmap(&g_pool, p, sz);
+ delete(&g_pool, r);
+ } else {
+ void *tmp;
+ int i;
+
+ if (malloc_junk && sz > 0)
+ memset(p, SOME_FREEJUNK, sz);
+ i = getrbyte() & (MALLOC_DELAYED_CHUNKS - 1);
+ tmp = p;
+ p = g_pool.delayed_chunks[i];
+ g_pool.delayed_chunks[i] = tmp;
+ if (p != NULL) {
+ r = find(&g_pool, p);
+ if (r == NULL) {
+ wrtwarning("bogus pointer (double free?)");
+ return;
+ }
+ free_bytes(&g_pool, r, p);
+ }
+ }
}
void
free(void *ptr)
{
- /* This is legal. XXX quick path */
+ /* This is legal. */
if (ptr == NULL)
return;
_MALLOC_LOCK();
- malloc_func = " in free():";
+ malloc_func = " in free():";
if (malloc_active++) {
malloc_recurse();
return;
}
- ifree(ptr);
- UTRACE(ptr, 0, 0);
+ ofree(ptr);
malloc_active--;
_MALLOC_UNLOCK();
- return;
+}
+
+
+static void *
+orealloc(void *p, size_t newsz)
+{
+ struct region_info *r;
+ size_t oldsz, goldsz, gnewsz;
+ void *q;
+
+ if (p == NULL)
+ return omalloc(newsz, 0);
+
+ r = find(&g_pool, p);
+ if (r == NULL) {
+ wrtwarning("bogus pointer (double free?)");
+ return NULL;
+ }
+ if (newsz >= SIZE_MAX - malloc_guard - MALLOC_PAGESIZE) {
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ REALSIZE(oldsz, r);
+ goldsz = oldsz;
+ if (oldsz > MALLOC_MAXCHUNK) {
+ if (oldsz < malloc_guard)
+ wrtwarning("guard size");
+ oldsz -= malloc_guard;
+ }
+
+ gnewsz = newsz;
+ if (gnewsz > MALLOC_MAXCHUNK)
+ gnewsz += malloc_guard;
+
+ if (newsz > MALLOC_MAXCHUNK && oldsz > MALLOC_MAXCHUNK && p == r->p &&
+ !malloc_realloc) {
+ size_t roldsz = PAGEROUND(goldsz);
+ size_t rnewsz = PAGEROUND(gnewsz);
+
+ if (rnewsz < roldsz) {
+ if (malloc_guard) {
+ if (mprotect((char *)p + roldsz - malloc_guard,
+ malloc_guard, PROT_READ | PROT_WRITE))
+ wrterror("mprotect");
+ if (mprotect((char *)p + rnewsz - malloc_guard,
+ malloc_guard, PROT_NONE))
+ wrterror("mprotect");
+ }
+ unmap(&g_pool, (char *)p + rnewsz, roldsz - rnewsz);
+ r->size = gnewsz;
+ return p;
+ } else if (rnewsz == roldsz) {
+ if (newsz > oldsz && malloc_junk)
+ memset((char *)p + newsz, SOME_JUNK,
+ rnewsz - malloc_guard - newsz);
+ r->size = gnewsz;
+ return p;
+ }
+ }
+ if (newsz <= oldsz && newsz > oldsz / 2 && !malloc_realloc) {
+ if (malloc_junk && newsz > 0)
+ memset((char *)p + newsz, SOME_JUNK, oldsz - newsz);
+ return p;
+ } else if (newsz != oldsz || malloc_realloc) {
+ q = omalloc(newsz, 0);
+ if (q == NULL)
+ return NULL;
+ if (newsz != 0 && oldsz != 0)
+ memcpy(q, p, oldsz < newsz ? oldsz : newsz);
+ ofree(p);
+ return q;
+ } else
+ return p;
}
void *
realloc(void *ptr, size_t size)
{
- void *r;
-
+ void *r;
+
_MALLOC_LOCK();
- malloc_func = " in realloc():";
+ malloc_func = " in realloc():";
+ if (!g_pool.regions_total) {
+ if (omalloc_init(&g_pool)) {
+ _MALLOC_UNLOCK();
+ if (malloc_xmalloc)
+ wrterror("out of memory");
+ errno = ENOMEM;
+ return NULL;
+ }
+ }
if (malloc_active++) {
malloc_recurse();
- return (NULL);
+ return NULL;
}
- if (ptr == NULL)
- r = imalloc(size);
- else
- r = irealloc(ptr, size);
-
- UTRACE(ptr, size, r);
+ r = orealloc(ptr, size);
+
malloc_active--;
_MALLOC_UNLOCK();
- if (malloc_xmalloc && r == NULL) {
+ if (r == NULL && malloc_xmalloc) {
wrterror("out of memory");
errno = ENOMEM;
}
- return (r);
+ return r;
}