1/* 2 This is a version (aka dlmalloc) of malloc/free/realloc written by 3 Doug Lea and released to the public domain, as explained at 4 http://creativecommons.org/licenses/publicdomain. Send questions, 5 comments, complaints, performance data, etc to dl@cs.oswego.edu 6 7* Version pre-2.8.4 Mon Nov 27 11:22:37 2006 (dl at gee) 8 9 Note: There may be an updated version of this malloc obtainable at 10 ftp://gee.cs.oswego.edu/pub/misc/malloc.c 11 Check before installing! 12 13* Quickstart 14 15 This library is all in one file to simplify the most common usage: 16 ftp it, compile it (-O3), and link it into another program. All of 17 the compile-time options default to reasonable values for use on 18 most platforms. You might later want to step through various 19 compile-time and dynamic tuning options. 20 21 For convenience, an include file for code using this malloc is at: 22 ftp://gee.cs.oswego.edu/pub/misc/malloc-2.8.4.h 23 You don't really need this .h file unless you call functions not 24 defined in your system include files. The .h file contains only the 25 excerpts from this file needed for using this malloc on ANSI C/C++ 26 systems, so long as you haven't changed compile-time options about 27 naming and tuning parameters. If you do, then you can create your 28 own malloc.h that does include all settings by cutting at the point 29 indicated below. Note that you may already by default be using a C 30 library containing a malloc that is based on some version of this 31 malloc (for example in linux). You might still want to use the one 32 in this file to customize settings or to avoid overheads associated 33 with library versions. 34 35* Vital statistics: 36 37 Supported pointer/size_t representation: 4 or 8 bytes 38 size_t MUST be an unsigned type of the same width as 39 pointers. (If you are using an ancient system that declares 40 size_t as a signed type, or need it to be a different width 41 than pointers, you can use a previous release of this malloc 42 (e.g. 2.7.2) supporting these.) 43 44 Alignment: 8 bytes (default) 45 This suffices for nearly all current machines and C compilers. 46 However, you can define MALLOC_ALIGNMENT to be wider than this 47 if necessary (up to 128bytes), at the expense of using more space. 48 49 Minimum overhead per allocated chunk: 4 or 8 bytes (if 4byte sizes) 50 8 or 16 bytes (if 8byte sizes) 51 Each malloced chunk has a hidden word of overhead holding size 52 and status information, and additional cross-check word 53 if FOOTERS is defined. 54 55 Minimum allocated size: 4-byte ptrs: 16 bytes (including overhead) 56 8-byte ptrs: 32 bytes (including overhead) 57 58 Even a request for zero bytes (i.e., malloc(0)) returns a 59 pointer to something of the minimum allocatable size. 60 The maximum overhead wastage (i.e., number of extra bytes 61 allocated than were requested in malloc) is less than or equal 62 to the minimum size, except for requests >= mmap_threshold that 63 are serviced via mmap(), where the worst case wastage is about 64 32 bytes plus the remainder from a system page (the minimal 65 mmap unit); typically 4096 or 8192 bytes. 66 67 Security: static-safe; optionally more or less 68 The "security" of malloc refers to the ability of malicious 69 code to accentuate the effects of errors (for example, freeing 70 space that is not currently malloc'ed or overwriting past the 71 ends of chunks) in code that calls malloc. This malloc 72 guarantees not to modify any memory locations below the base of 73 heap, i.e., static variables, even in the presence of usage 74 errors. The routines additionally detect most improper frees 75 and reallocs. All this holds as long as the static bookkeeping 76 for malloc itself is not corrupted by some other means. This 77 is only one aspect of security -- these checks do not, and 78 cannot, detect all possible programming errors. 79 80 If FOOTERS is defined nonzero, then each allocated chunk 81 carries an additional check word to verify that it was malloced 82 from its space. These check words are the same within each 83 execution of a program using malloc, but differ across 84 executions, so externally crafted fake chunks cannot be 85 freed. This improves security by rejecting frees/reallocs that 86 could corrupt heap memory, in addition to the checks preventing 87 writes to statics that are always on. This may further improve 88 security at the expense of time and space overhead. (Note that 89 FOOTERS may also be worth using with MSPACES.) 90 91 By default detected errors cause the program to abort (calling 92 "abort()"). You can override this to instead proceed past 93 errors by defining PROCEED_ON_ERROR. In this case, a bad free 94 has no effect, and a malloc that encounters a bad address 95 caused by user overwrites will ignore the bad address by 96 dropping pointers and indices to all known memory. This may 97 be appropriate for programs that should continue if at all 98 possible in the face of programming errors, although they may 99 run out of memory because dropped memory is never reclaimed. 100 101 If you don't like either of these options, you can define 102 CORRUPTION_ERROR_ACTION and USAGE_ERROR_ACTION to do anything 103 else. And if you are sure that your program using malloc has 104 no errors or vulnerabilities, you can define INSECURE to 1, 105 which might (or might not) provide a small performance improvement. 106 107 Thread-safety: NOT thread-safe unless USE_LOCKS defined 108 When USE_LOCKS is defined, each public call to malloc, free, 109 etc is surrounded with either a pthread mutex or a win32 110 spinlock (depending on WIN32). This is not especially fast, and 111 can be a major bottleneck. It is designed only to provide 112 minimal protection in concurrent environments, and to provide a 113 basis for extensions. If you are using malloc in a concurrent 114 program, consider instead using nedmalloc 115 (http://www.nedprod.com/programs/portable/nedmalloc/) or 116 ptmalloc (See http://www.malloc.de), which are derived 117 from versions of this malloc. 118 119 System requirements: Any combination of MORECORE and/or MMAP/MUNMAP 120 This malloc can use unix sbrk or any emulation (invoked using 121 the CALL_MORECORE macro) and/or mmap/munmap or any emulation 122 (invoked using CALL_MMAP/CALL_MUNMAP) to get and release system 123 memory. On most unix systems, it tends to work best if both 124 MORECORE and MMAP are enabled. On Win32, it uses emulations 125 based on VirtualAlloc. It also uses common C library functions 126 like memset. 127 128 Compliance: I believe it is compliant with the Single Unix Specification 129 (See http://www.unix.org). Also SVID/XPG, ANSI C, and probably 130 others as well. 131 132* Overview of algorithms 133 134 This is not the fastest, most space-conserving, most portable, or 135 most tunable malloc ever written. However it is among the fastest 136 while also being among the most space-conserving, portable and 137 tunable. Consistent balance across these factors results in a good 138 general-purpose allocator for malloc-intensive programs. 139 140 In most ways, this malloc is a best-fit allocator. Generally, it 141 chooses the best-fitting existing chunk for a request, with ties 142 broken in approximately least-recently-used order. (This strategy 143 normally maintains low fragmentation.) However, for requests less 144 than 256bytes, it deviates from best-fit when there is not an 145 exactly fitting available chunk by preferring to use space adjacent 146 to that used for the previous small request, as well as by breaking 147 ties in approximately most-recently-used order. (These enhance 148 locality of series of small allocations.) And for very large requests 149 (>= 256Kb by default), it relies on system memory mapping 150 facilities, if supported. (This helps avoid carrying around and 151 possibly fragmenting memory used only for large chunks.) 152 153 All operations (except malloc_stats and mallinfo) have execution 154 times that are bounded by a constant factor of the number of bits in 155 a size_t, not counting any clearing in calloc or copying in realloc, 156 or actions surrounding MORECORE and MMAP that have times 157 proportional to the number of non-contiguous regions returned by 158 system allocation routines, which is often just 1. In real-time 159 applications, you can optionally suppress segment traversals using 160 NO_SEGMENT_TRAVERSAL, which assures bounded execution even when 161 system allocators return non-contiguous spaces, at the typical 162 expense of carrying around more memory and increased fragmentation. 163 164 The implementation is not very modular and seriously overuses 165 macros. Perhaps someday all C compilers will do as good a job 166 inlining modular code as can now be done by brute-force expansion, 167 but now, enough of them seem not to. 168 169 Some compilers issue a lot of warnings about code that is 170 dead/unreachable only on some platforms, and also about intentional 171 uses of negation on unsigned types. All known cases of each can be 172 ignored. 173 174 For a longer but out of date high-level description, see 175 http://gee.cs.oswego.edu/dl/html/malloc.html 176 177* MSPACES 178 If MSPACES is defined, then in addition to malloc, free, etc., 179 this file also defines mspace_malloc, mspace_free, etc. These 180 are versions of malloc routines that take an "mspace" argument 181 obtained using create_mspace, to control all internal bookkeeping. 182 If ONLY_MSPACES is defined, only these versions are compiled. 183 So if you would like to use this allocator for only some allocations, 184 and your system malloc for others, you can compile with 185 ONLY_MSPACES and then do something like... 186 static mspace mymspace = create_mspace(0,0); // for example 187 #define mymalloc(bytes) mspace_malloc(mymspace, bytes) 188 189 (Note: If you only need one instance of an mspace, you can instead 190 use "USE_DL_PREFIX" to relabel the global malloc.) 191 192 You can similarly create thread-local allocators by storing 193 mspaces as thread-locals. For example: 194 static __thread mspace tlms = 0; 195 void* tlmalloc(size_t bytes) { 196 if (tlms == 0) tlms = create_mspace(0, 0); 197 return mspace_malloc(tlms, bytes); 198 } 199 void tlfree(void* mem) { mspace_free(tlms, mem); } 200 201 Unless FOOTERS is defined, each mspace is completely independent. 202 You cannot allocate from one and free to another (although 203 conformance is only weakly checked, so usage errors are not always 204 caught). If FOOTERS is defined, then each chunk carries around a tag 205 indicating its originating mspace, and frees are directed to their 206 originating spaces. 207 208 ------------------------- Compile-time options --------------------------- 209 210Be careful in setting #define values for numerical constants of type 211size_t. On some systems, literal values are not automatically extended 212to size_t precision unless they are explicitly casted. You can also 213use the symbolic values MAX_SIZE_T, SIZE_T_ONE, etc below. 214 215WIN32 default: defined if _WIN32 defined 216 Defining WIN32 sets up defaults for MS environment and compilers. 217 Otherwise defaults are for unix. Beware that there seem to be some 218 cases where this malloc might not be a pure drop-in replacement for 219 Win32 malloc: Random-looking failures from Win32 GDI API's (eg; 220 SetDIBits()) may be due to bugs in some video driver implementations 221 when pixel buffers are malloc()ed, and the region spans more than 222 one VirtualAlloc()ed region. Because dlmalloc uses a small (64Kb) 223 default granularity, pixel buffers may straddle virtual allocation 224 regions more often than when using the Microsoft allocator. You can 225 avoid this by using VirtualAlloc() and VirtualFree() for all pixel 226 buffers rather than using malloc(). If this is not possible, 227 recompile this malloc with a larger DEFAULT_GRANULARITY. 228 229MALLOC_ALIGNMENT default: (size_t)8 230 Controls the minimum alignment for malloc'ed chunks. It must be a 231 power of two and at least 8, even on machines for which smaller 232 alignments would suffice. It may be defined as larger than this 233 though. Note however that code and data structures are optimized for 234 the case of 8-byte alignment. 235 236MSPACES default: 0 (false) 237 If true, compile in support for independent allocation spaces. 238 This is only supported if HAVE_MMAP is true. 239 240ONLY_MSPACES default: 0 (false) 241 If true, only compile in mspace versions, not regular versions. 242 243USE_LOCKS default: 0 (false) 244 Causes each call to each public routine to be surrounded with 245 pthread or WIN32 mutex lock/unlock. (If set true, this can be 246 overridden on a per-mspace basis for mspace versions.) If set to a 247 non-zero value other than 1, locks are used, but their 248 implementation is left out, so lock functions must be supplied manually. 249 250USE_SPIN_LOCKS default: 1 iff USE_LOCKS and on x86 using gcc or MSC 251 If true, uses custom spin locks for locking. This is currently 252 supported only for x86 platforms using gcc or recent MS compilers. 253 Otherwise, posix locks or win32 critical sections are used. 254 255FOOTERS default: 0 256 If true, provide extra checking and dispatching by placing 257 information in the footers of allocated chunks. This adds 258 space and time overhead. 259 260INSECURE default: 0 261 If true, omit checks for usage errors and heap space overwrites. 262 263USE_DL_PREFIX default: NOT defined 264 Causes compiler to prefix all public routines with the string 'dl'. 265 This can be useful when you only want to use this malloc in one part 266 of a program, using your regular system malloc elsewhere. 267 268ABORT default: defined as abort() 269 Defines how to abort on failed checks. On most systems, a failed 270 check cannot die with an "assert" or even print an informative 271 message, because the underlying print routines in turn call malloc, 272 which will fail again. Generally, the best policy is to simply call 273 abort(). It's not very useful to do more than this because many 274 errors due to overwriting will show up as address faults (null, odd 275 addresses etc) rather than malloc-triggered checks, so will also 276 abort. Also, most compilers know that abort() does not return, so 277 can better optimize code conditionally calling it. 278 279PROCEED_ON_ERROR default: defined as 0 (false) 280 Controls whether detected bad addresses cause them to bypassed 281 rather than aborting. If set, detected bad arguments to free and 282 realloc are ignored. And all bookkeeping information is zeroed out 283 upon a detected overwrite of freed heap space, thus losing the 284 ability to ever return it from malloc again, but enabling the 285 application to proceed. If PROCEED_ON_ERROR is defined, the 286 static variable malloc_corruption_error_count is compiled in 287 and can be examined to see if errors have occurred. This option 288 generates slower code than the default abort policy. 289 290DEBUG default: NOT defined 291 The DEBUG setting is mainly intended for people trying to modify 292 this code or diagnose problems when porting to new platforms. 293 However, it may also be able to better isolate user errors than just 294 using runtime checks. The assertions in the check routines spell 295 out in more detail the assumptions and invariants underlying the 296 algorithms. The checking is fairly extensive, and will slow down 297 execution noticeably. Calling malloc_stats or mallinfo with DEBUG 298 set will attempt to check every non-mmapped allocated and free chunk 299 in the course of computing the summaries. 300 301ABORT_ON_ASSERT_FAILURE default: defined as 1 (true) 302 Debugging assertion failures can be nearly impossible if your 303 version of the assert macro causes malloc to be called, which will 304 lead to a cascade of further failures, blowing the runtime stack. 305 ABORT_ON_ASSERT_FAILURE cause assertions failures to call abort(), 306 which will usually make debugging easier. 307 308MALLOC_FAILURE_ACTION default: sets errno to ENOMEM, or no-op on win32 309 The action to take before "return 0" when malloc fails to be able to 310 return memory because there is none available. 311 312HAVE_MORECORE default: 1 (true) unless win32 or ONLY_MSPACES 313 True if this system supports sbrk or an emulation of it. 314 315MORECORE default: sbrk 316 The name of the sbrk-style system routine to call to obtain more 317 memory. See below for guidance on writing custom MORECORE 318 functions. The type of the argument to sbrk/MORECORE varies across 319 systems. It cannot be size_t, because it supports negative 320 arguments, so it is normally the signed type of the same width as 321 size_t (sometimes declared as "intptr_t"). It doesn't much matter 322 though. Internally, we only call it with arguments less than half 323 the max value of a size_t, which should work across all reasonable 324 possibilities, although sometimes generating compiler warnings. 325 326MORECORE_CONTIGUOUS default: 1 (true) if HAVE_MORECORE 327 If true, take advantage of fact that consecutive calls to MORECORE 328 with positive arguments always return contiguous increasing 329 addresses. This is true of unix sbrk. It does not hurt too much to 330 set it true anyway, since malloc copes with non-contiguities. 331 Setting it false when definitely non-contiguous saves time 332 and possibly wasted space it would take to discover this though. 333 334MORECORE_CANNOT_TRIM default: NOT defined 335 True if MORECORE cannot release space back to the system when given 336 negative arguments. This is generally necessary only if you are 337 using a hand-crafted MORECORE function that cannot handle negative 338 arguments. 339 340NO_SEGMENT_TRAVERSAL default: 0 341 If non-zero, suppresses traversals of memory segments 342 returned by either MORECORE or CALL_MMAP. This disables 343 merging of segments that are contiguous, and selectively 344 releasing them to the OS if unused, but bounds execution times. 345 346HAVE_MMAP default: 1 (true) 347 True if this system supports mmap or an emulation of it. If so, and 348 HAVE_MORECORE is not true, MMAP is used for all system 349 allocation. If set and HAVE_MORECORE is true as well, MMAP is 350 primarily used to directly allocate very large blocks. It is also 351 used as a backup strategy in cases where MORECORE fails to provide 352 space from system. Note: A single call to MUNMAP is assumed to be 353 able to unmap memory that may have be allocated using multiple calls 354 to MMAP, so long as they are adjacent. 355 356HAVE_MREMAP default: 1 on linux, else 0 357 If true realloc() uses mremap() to re-allocate large blocks and 358 extend or shrink allocation spaces. 359 360MMAP_CLEARS default: 1 except on WINCE. 361 True if mmap clears memory so calloc doesn't need to. This is true 362 for standard unix mmap using /dev/zero and on WIN32 except for WINCE. 363 364USE_BUILTIN_FFS default: 0 (i.e., not used) 365 Causes malloc to use the builtin ffs() function to compute indices. 366 Some compilers may recognize and intrinsify ffs to be faster than the 367 supplied C version. Also, the case of x86 using gcc is special-cased 368 to an asm instruction, so is already as fast as it can be, and so 369 this setting has no effect. Similarly for Win32 under recent MS compilers. 370 (On most x86s, the asm version is only slightly faster than the C version.) 371 372malloc_getpagesize default: derive from system includes, or 4096. 373 The system page size. To the extent possible, this malloc manages 374 memory from the system in page-size units. This may be (and 375 usually is) a function rather than a constant. This is ignored 376 if WIN32, where page size is determined using getSystemInfo during 377 initialization. 378 379USE_DEV_RANDOM default: 0 (i.e., not used) 380 Causes malloc to use /dev/random to initialize secure magic seed for 381 stamping footers. Otherwise, the current time is used. 382 383NO_MALLINFO default: 0 384 If defined, don't compile "mallinfo". This can be a simple way 385 of dealing with mismatches between system declarations and 386 those in this file. 387 388MALLINFO_FIELD_TYPE default: size_t 389 The type of the fields in the mallinfo struct. This was originally 390 defined as "int" in SVID etc, but is more usefully defined as 391 size_t. The value is used only if HAVE_USR_INCLUDE_MALLOC_H is not set 392 393REALLOC_ZERO_BYTES_FREES default: not defined 394 This should be set if a call to realloc with zero bytes should 395 be the same as a call to free. Some people think it should. Otherwise, 396 since this malloc returns a unique pointer for malloc(0), so does 397 realloc(p, 0). 398 399LACKS_UNISTD_H, LACKS_FCNTL_H, LACKS_SYS_PARAM_H, LACKS_SYS_MMAN_H 400LACKS_STRINGS_H, LACKS_STRING_H, LACKS_SYS_TYPES_H, LACKS_ERRNO_H 401LACKS_STDLIB_H default: NOT defined unless on WIN32 402 Define these if your system does not have these header files. 403 You might need to manually insert some of the declarations they provide. 404 405DEFAULT_GRANULARITY default: page size if MORECORE_CONTIGUOUS, 406 system_info.dwAllocationGranularity in WIN32, 407 otherwise 64K. 408 Also settable using mallopt(M_GRANULARITY, x) 409 The unit for allocating and deallocating memory from the system. On 410 most systems with contiguous MORECORE, there is no reason to 411 make this more than a page. However, systems with MMAP tend to 412 either require or encourage larger granularities. You can increase 413 this value to prevent system allocation functions to be called so 414 often, especially if they are slow. The value must be at least one 415 page and must be a power of two. Setting to 0 causes initialization 416 to either page size or win32 region size. (Note: In previous 417 versions of malloc, the equivalent of this option was called 418 "TOP_PAD") 419 420DEFAULT_TRIM_THRESHOLD default: 2MB 421 Also settable using mallopt(M_TRIM_THRESHOLD, x) 422 The maximum amount of unused top-most memory to keep before 423 releasing via malloc_trim in free(). Automatic trimming is mainly 424 useful in long-lived programs using contiguous MORECORE. Because 425 trimming via sbrk can be slow on some systems, and can sometimes be 426 wasteful (in cases where programs immediately afterward allocate 427 more large chunks) the value should be high enough so that your 428 overall system performance would improve by releasing this much 429 memory. As a rough guide, you might set to a value close to the 430 average size of a process (program) running on your system. 431 Releasing this much memory would allow such a process to run in 432 memory. Generally, it is worth tuning trim thresholds when a 433 program undergoes phases where several large chunks are allocated 434 and released in ways that can reuse each other's storage, perhaps 435 mixed with phases where there are no such chunks at all. The trim 436 value must be greater than page size to have any useful effect. To 437 disable trimming completely, you can set to MAX_SIZE_T. Note that the trick 438 some people use of mallocing a huge space and then freeing it at 439 program startup, in an attempt to reserve system memory, doesn't 440 have the intended effect under automatic trimming, since that memory 441 will immediately be returned to the system. 442 443DEFAULT_MMAP_THRESHOLD default: 256K 444 Also settable using mallopt(M_MMAP_THRESHOLD, x) 445 The request size threshold for using MMAP to directly service a 446 request. Requests of at least this size that cannot be allocated 447 using already-existing space will be serviced via mmap. (If enough 448 normal freed space already exists it is used instead.) Using mmap 449 segregates relatively large chunks of memory so that they can be 450 individually obtained and released from the host system. A request 451 serviced through mmap is never reused by any other request (at least 452 not directly; the system may just so happen to remap successive 453 requests to the same locations). Segregating space in this way has 454 the benefits that: Mmapped space can always be individually released 455 back to the system, which helps keep the system level memory demands 456 of a long-lived program low. Also, mapped memory doesn't become 457 `locked' between other chunks, as can happen with normally allocated 458 chunks, which means that even trimming via malloc_trim would not 459 release them. However, it has the disadvantage that the space 460 cannot be reclaimed, consolidated, and then used to service later 461 requests, as happens with normal chunks. The advantages of mmap 462 nearly always outweigh disadvantages for "large" chunks, but the 463 value of "large" may vary across systems. The default is an 464 empirically derived value that works well in most systems. You can 465 disable mmap by setting to MAX_SIZE_T. 466 467MAX_RELEASE_CHECK_RATE default: 4095 unless not HAVE_MMAP 468 The number of consolidated frees between checks to release 469 unused segments when freeing. When using non-contiguous segments, 470 especially with multiple mspaces, checking only for topmost space 471 doesn't always suffice to trigger trimming. To compensate for this, 472 free() will, with a period of MAX_RELEASE_CHECK_RATE (or the 473 current number of segments, if greater) try to release unused 474 segments to the OS when freeing chunks that result in 475 consolidation. The best value for this parameter is a compromise 476 between slowing down frees with relatively costly checks that 477 rarely trigger versus holding on to unused memory. To effectively 478 disable, set to MAX_SIZE_T. This may lead to a very slight speed 479 improvement at the expense of carrying around more memory. 480*/ 481 482/* Version identifier to allow people to support multiple versions */ 483#ifndef DLMALLOC_VERSION 484#define DLMALLOC_VERSION 20804 485#endif/* DLMALLOC_VERSION */ 486 487#if defined(linux) 488#define _GNU_SOURCE 1 489#endif 490 491#ifndef WIN32 492#ifdef _WIN32 493#define WIN32 1 494#endif/* _WIN32 */ 495#ifdef _WIN32_WCE 496#define LACKS_FCNTL_H 497#define WIN32 1 498#endif/* _WIN32_WCE */ 499#endif/* WIN32 */ 500#ifdef WIN32 501#define WIN32_LEAN_AND_MEAN 502#ifndef _WIN32_WINNT 503#define _WIN32_WINNT 0x403 504#endif 505#include <windows.h> 506#define HAVE_MMAP 1 507#define HAVE_MORECORE 0 508#define LACKS_UNISTD_H 509#define LACKS_SYS_PARAM_H 510#define LACKS_SYS_MMAN_H 511#define LACKS_STRING_H 512#define LACKS_STRINGS_H 513#define LACKS_SYS_TYPES_H 514#define LACKS_ERRNO_H 515#ifndef MALLOC_FAILURE_ACTION 516#define MALLOC_FAILURE_ACTION 517#endif/* MALLOC_FAILURE_ACTION */ 518#ifdef _WIN32_WCE/* WINCE reportedly does not clear */ 519#define MMAP_CLEARS 0 520#else 521#define MMAP_CLEARS 1 522#endif/* _WIN32_WCE */ 523#endif/* WIN32 */ 524 525#if defined(DARWIN) || defined(_DARWIN) 526/* Mac OSX docs advise not to use sbrk; it seems better to use mmap */ 527#ifndef HAVE_MORECORE 528#define HAVE_MORECORE 0 529#define HAVE_MMAP 1 530/* OSX allocators provide 16 byte alignment */ 531#ifndef MALLOC_ALIGNMENT 532#define MALLOC_ALIGNMENT ((size_t)16U) 533#endif 534#endif/* HAVE_MORECORE */ 535#endif/* DARWIN */ 536 537#ifndef LACKS_SYS_TYPES_H 538#include <sys/types.h>/* For size_t */ 539#endif/* LACKS_SYS_TYPES_H */ 540 541/* The maximum possible size_t value has all bits set */ 542#define MAX_SIZE_T (~(size_t)0) 543 544#ifndef ONLY_MSPACES 545#define ONLY_MSPACES 0/* define to a value */ 546#else 547#define ONLY_MSPACES 1 548#endif/* ONLY_MSPACES */ 549#ifndef MSPACES 550#if ONLY_MSPACES 551#define MSPACES 1 552#else/* ONLY_MSPACES */ 553#define MSPACES 0 554#endif/* ONLY_MSPACES */ 555#endif/* MSPACES */ 556#ifndef MALLOC_ALIGNMENT 557#define MALLOC_ALIGNMENT ((size_t)8U) 558#endif/* MALLOC_ALIGNMENT */ 559#ifndef FOOTERS 560#define FOOTERS 0 561#endif/* FOOTERS */ 562#ifndef ABORT 563#define ABORT abort() 564#endif/* ABORT */ 565#ifndef ABORT_ON_ASSERT_FAILURE 566#define ABORT_ON_ASSERT_FAILURE 1 567#endif/* ABORT_ON_ASSERT_FAILURE */ 568#ifndef PROCEED_ON_ERROR 569#define PROCEED_ON_ERROR 0 570#endif/* PROCEED_ON_ERROR */ 571#ifndef USE_LOCKS 572#define USE_LOCKS 0 573#endif/* USE_LOCKS */ 574#ifndef USE_SPIN_LOCKS 575#if USE_LOCKS && (defined(__GNUC__) && ((defined(__i386__) || defined(__x86_64__)))) || (defined(_MSC_VER) && _MSC_VER>=1310) 576#define USE_SPIN_LOCKS 1 577#else 578#define USE_SPIN_LOCKS 0 579#endif/* USE_LOCKS && ... */ 580#endif/* USE_SPIN_LOCKS */ 581#ifndef INSECURE 582#define INSECURE 0 583#endif/* INSECURE */ 584#ifndef HAVE_MMAP 585#define HAVE_MMAP 1 586#endif/* HAVE_MMAP */ 587#ifndef MMAP_CLEARS 588#define MMAP_CLEARS 1 589#endif/* MMAP_CLEARS */ 590#ifndef HAVE_MREMAP 591#ifdef linux 592#define HAVE_MREMAP 1 593#else/* linux */ 594#define HAVE_MREMAP 0 595#endif/* linux */ 596#endif/* HAVE_MREMAP */ 597#ifndef MALLOC_FAILURE_ACTION 598#define MALLOC_FAILURE_ACTION errno = ENOMEM; 599#endif/* MALLOC_FAILURE_ACTION */ 600#ifndef HAVE_MORECORE 601#if ONLY_MSPACES 602#define HAVE_MORECORE 0 603#else/* ONLY_MSPACES */ 604#define HAVE_MORECORE 1 605#endif/* ONLY_MSPACES */ 606#endif/* HAVE_MORECORE */ 607#if !HAVE_MORECORE 608#define MORECORE_CONTIGUOUS 0 609#else/* !HAVE_MORECORE */ 610#define MORECORE_DEFAULT sbrk 611#ifndef MORECORE_CONTIGUOUS 612#define MORECORE_CONTIGUOUS 1 613#endif/* MORECORE_CONTIGUOUS */ 614#endif/* HAVE_MORECORE */ 615#ifndef DEFAULT_GRANULARITY 616#if (MORECORE_CONTIGUOUS || defined(WIN32)) 617#define DEFAULT_GRANULARITY (0)/* 0 means to compute in init_mparams */ 618#else/* MORECORE_CONTIGUOUS */ 619#define DEFAULT_GRANULARITY ((size_t)64U * (size_t)1024U) 620#endif/* MORECORE_CONTIGUOUS */ 621#endif/* DEFAULT_GRANULARITY */ 622#ifndef DEFAULT_TRIM_THRESHOLD 623#ifndef MORECORE_CANNOT_TRIM 624#define DEFAULT_TRIM_THRESHOLD ((size_t)2U * (size_t)1024U * (size_t)1024U) 625#else/* MORECORE_CANNOT_TRIM */ 626#define DEFAULT_TRIM_THRESHOLD MAX_SIZE_T 627#endif/* MORECORE_CANNOT_TRIM */ 628#endif/* DEFAULT_TRIM_THRESHOLD */ 629#ifndef DEFAULT_MMAP_THRESHOLD 630#if HAVE_MMAP 631#define DEFAULT_MMAP_THRESHOLD ((size_t)256U * (size_t)1024U) 632#else/* HAVE_MMAP */ 633#define DEFAULT_MMAP_THRESHOLD MAX_SIZE_T 634#endif/* HAVE_MMAP */ 635#endif/* DEFAULT_MMAP_THRESHOLD */ 636#ifndef MAX_RELEASE_CHECK_RATE 637#if HAVE_MMAP 638#define MAX_RELEASE_CHECK_RATE 4095 639#else 640#define MAX_RELEASE_CHECK_RATE MAX_SIZE_T 641#endif/* HAVE_MMAP */ 642#endif/* MAX_RELEASE_CHECK_RATE */ 643#ifndef USE_BUILTIN_FFS 644#define USE_BUILTIN_FFS 0 645#endif/* USE_BUILTIN_FFS */ 646#ifndef USE_DEV_RANDOM 647#define USE_DEV_RANDOM 0 648#endif/* USE_DEV_RANDOM */ 649#ifndef NO_MALLINFO 650#define NO_MALLINFO 0 651#endif/* NO_MALLINFO */ 652#ifndef MALLINFO_FIELD_TYPE 653#define MALLINFO_FIELD_TYPE size_t 654#endif/* MALLINFO_FIELD_TYPE */ 655#ifndef NO_SEGMENT_TRAVERSAL 656#define NO_SEGMENT_TRAVERSAL 0 657#endif/* NO_SEGMENT_TRAVERSAL */ 658 659/* 660 mallopt tuning options. SVID/XPG defines four standard parameter 661 numbers for mallopt, normally defined in malloc.h. None of these 662 are used in this malloc, so setting them has no effect. But this 663 malloc does support the following options. 664*/ 665 666#define M_TRIM_THRESHOLD (-1) 667#define M_GRANULARITY (-2) 668#define M_MMAP_THRESHOLD (-3) 669 670/* ------------------------ Mallinfo declarations ------------------------ */ 671 672#if !NO_MALLINFO 673/* 674 This version of malloc supports the standard SVID/XPG mallinfo 675 routine that returns a struct containing usage properties and 676 statistics. It should work on any system that has a 677 /usr/include/malloc.h defining struct mallinfo. The main 678 declaration needed is the mallinfo struct that is returned (by-copy) 679 by mallinfo(). The malloinfo struct contains a bunch of fields that 680 are not even meaningful in this version of malloc. These fields are 681 are instead filled by mallinfo() with other numbers that might be of 682 interest. 683 684 HAVE_USR_INCLUDE_MALLOC_H should be set if you have a 685 /usr/include/malloc.h file that includes a declaration of struct 686 mallinfo. If so, it is included; else a compliant version is 687 declared below. These must be precisely the same for mallinfo() to 688 work. The original SVID version of this struct, defined on most 689 systems with mallinfo, declares all fields as ints. But some others 690 define as unsigned long. If your system defines the fields using a 691 type of different width than listed here, you MUST #include your 692 system version and #define HAVE_USR_INCLUDE_MALLOC_H. 693*/ 694 695/* #define HAVE_USR_INCLUDE_MALLOC_H */ 696 697#ifdef HAVE_USR_INCLUDE_MALLOC_H 698#include"/usr/include/malloc.h" 699#else/* HAVE_USR_INCLUDE_MALLOC_H */ 700#ifndef STRUCT_MALLINFO_DECLARED 701#define STRUCT_MALLINFO_DECLARED 1 702struct mallinfo { 703 MALLINFO_FIELD_TYPE arena;/* non-mmapped space allocated from system */ 704 MALLINFO_FIELD_TYPE ordblks;/* number of free chunks */ 705 MALLINFO_FIELD_TYPE smblks;/* always 0 */ 706 MALLINFO_FIELD_TYPE hblks;/* always 0 */ 707 MALLINFO_FIELD_TYPE hblkhd;/* space in mmapped regions */ 708 MALLINFO_FIELD_TYPE usmblks;/* maximum total allocated space */ 709 MALLINFO_FIELD_TYPE fsmblks;/* always 0 */ 710 MALLINFO_FIELD_TYPE uordblks;/* total allocated space */ 711 MALLINFO_FIELD_TYPE fordblks;/* total free space */ 712 MALLINFO_FIELD_TYPE keepcost;/* releasable (via malloc_trim) space */ 713}; 714#endif/* STRUCT_MALLINFO_DECLARED */ 715#endif/* HAVE_USR_INCLUDE_MALLOC_H */ 716#endif/* NO_MALLINFO */ 717 718/* 719 Try to persuade compilers to inline. The most critical functions for 720 inlining are defined as macros, so these aren't used for them. 721*/ 722 723#ifdef __MINGW64_VERSION_MAJOR 724#undef FORCEINLINE 725#endif 726#ifndef FORCEINLINE 727#if defined(__GNUC__) 728#define FORCEINLINE __inline __attribute__ ((always_inline)) 729#elif defined(_MSC_VER) 730#define FORCEINLINE __forceinline 731#endif 732#endif 733#ifndef NOINLINE 734#if defined(__GNUC__) 735#define NOINLINE __attribute__ ((noinline)) 736#elif defined(_MSC_VER) 737#define NOINLINE __declspec(noinline) 738#else 739#define NOINLINE 740#endif 741#endif 742 743#ifdef __cplusplus 744extern"C"{ 745#ifndef FORCEINLINE 746#define FORCEINLINE inline 747#endif 748#endif/* __cplusplus */ 749#ifndef FORCEINLINE 750#define FORCEINLINE 751#endif 752 753#if !ONLY_MSPACES 754 755/* ------------------- Declarations of public routines ------------------- */ 756 757#ifndef USE_DL_PREFIX 758#define dlcalloc calloc 759#define dlfree free 760#define dlmalloc malloc 761#define dlmemalign memalign 762#define dlrealloc realloc 763#define dlvalloc valloc 764#define dlpvalloc pvalloc 765#define dlmallinfo mallinfo 766#define dlmallopt mallopt 767#define dlmalloc_trim malloc_trim 768#define dlmalloc_stats malloc_stats 769#define dlmalloc_usable_size malloc_usable_size 770#define dlmalloc_footprint malloc_footprint 771#define dlmalloc_max_footprint malloc_max_footprint 772#define dlindependent_calloc independent_calloc 773#define dlindependent_comalloc independent_comalloc 774#endif/* USE_DL_PREFIX */ 775 776 777/* 778 malloc(size_t n) 779 Returns a pointer to a newly allocated chunk of at least n bytes, or 780 null if no space is available, in which case errno is set to ENOMEM 781 on ANSI C systems. 782 783 If n is zero, malloc returns a minimum-sized chunk. (The minimum 784 size is 16 bytes on most 32bit systems, and 32 bytes on 64bit 785 systems.) Note that size_t is an unsigned type, so calls with 786 arguments that would be negative if signed are interpreted as 787 requests for huge amounts of space, which will often fail. The 788 maximum supported value of n differs across systems, but is in all 789 cases less than the maximum representable value of a size_t. 790*/ 791void*dlmalloc(size_t); 792 793/* 794 free(void* p) 795 Releases the chunk of memory pointed to by p, that had been previously 796 allocated using malloc or a related routine such as realloc. 797 It has no effect if p is null. If p was not malloced or already 798 freed, free(p) will by default cause the current program to abort. 799*/ 800voiddlfree(void*); 801 802/* 803 calloc(size_t n_elements, size_t element_size); 804 Returns a pointer to n_elements * element_size bytes, with all locations 805 set to zero. 806*/ 807void*dlcalloc(size_t,size_t); 808 809/* 810 realloc(void* p, size_t n) 811 Returns a pointer to a chunk of size n that contains the same data 812 as does chunk p up to the minimum of (n, p's size) bytes, or null 813 if no space is available. 814 815 The returned pointer may or may not be the same as p. The algorithm 816 prefers extending p in most cases when possible, otherwise it 817 employs the equivalent of a malloc-copy-free sequence. 818 819 If p is null, realloc is equivalent to malloc. 820 821 If space is not available, realloc returns null, errno is set (if on 822 ANSI) and p is NOT freed. 823 824 if n is for fewer bytes than already held by p, the newly unused 825 space is lopped off and freed if possible. realloc with a size 826 argument of zero (re)allocates a minimum-sized chunk. 827 828 The old unix realloc convention of allowing the last-free'd chunk 829 to be used as an argument to realloc is not supported. 830*/ 831 832void*dlrealloc(void*,size_t); 833 834/* 835 memalign(size_t alignment, size_t n); 836 Returns a pointer to a newly allocated chunk of n bytes, aligned 837 in accord with the alignment argument. 838 839 The alignment argument should be a power of two. If the argument is 840 not a power of two, the nearest greater power is used. 841 8-byte alignment is guaranteed by normal malloc calls, so don't 842 bother calling memalign with an argument of 8 or less. 843 844 Overreliance on memalign is a sure way to fragment space. 845*/ 846void*dlmemalign(size_t,size_t); 847 848/* 849 valloc(size_t n); 850 Equivalent to memalign(pagesize, n), where pagesize is the page 851 size of the system. If the pagesize is unknown, 4096 is used. 852*/ 853void*dlvalloc(size_t); 854 855/* 856 mallopt(int parameter_number, int parameter_value) 857 Sets tunable parameters The format is to provide a 858 (parameter-number, parameter-value) pair. mallopt then sets the 859 corresponding parameter to the argument value if it can (i.e., so 860 long as the value is meaningful), and returns 1 if successful else 861 0. To workaround the fact that mallopt is specified to use int, 862 not size_t parameters, the value -1 is specially treated as the 863 maximum unsigned size_t value. 864 865 SVID/XPG/ANSI defines four standard param numbers for mallopt, 866 normally defined in malloc.h. None of these are use in this malloc, 867 so setting them has no effect. But this malloc also supports other 868 options in mallopt. See below for details. Briefly, supported 869 parameters are as follows (listed defaults are for "typical" 870 configurations). 871 872 Symbol param # default allowed param values 873 M_TRIM_THRESHOLD -1 2*1024*1024 any (-1 disables) 874 M_GRANULARITY -2 page size any power of 2 >= page size 875 M_MMAP_THRESHOLD -3 256*1024 any (or 0 if no MMAP support) 876*/ 877intdlmallopt(int,int); 878 879/* 880 malloc_footprint(); 881 Returns the number of bytes obtained from the system. The total 882 number of bytes allocated by malloc, realloc etc., is less than this 883 value. Unlike mallinfo, this function returns only a precomputed 884 result, so can be called frequently to monitor memory consumption. 885 Even if locks are otherwise defined, this function does not use them, 886 so results might not be up to date. 887*/ 888size_tdlmalloc_footprint(void); 889 890/* 891 malloc_max_footprint(); 892 Returns the maximum number of bytes obtained from the system. This 893 value will be greater than current footprint if deallocated space 894 has been reclaimed by the system. The peak number of bytes allocated 895 by malloc, realloc etc., is less than this value. Unlike mallinfo, 896 this function returns only a precomputed result, so can be called 897 frequently to monitor memory consumption. Even if locks are 898 otherwise defined, this function does not use them, so results might 899 not be up to date. 900*/ 901size_tdlmalloc_max_footprint(void); 902 903#if !NO_MALLINFO 904/* 905 mallinfo() 906 Returns (by copy) a struct containing various summary statistics: 907 908 arena: current total non-mmapped bytes allocated from system 909 ordblks: the number of free chunks 910 smblks: always zero. 911 hblks: current number of mmapped regions 912 hblkhd: total bytes held in mmapped regions 913 usmblks: the maximum total allocated space. This will be greater 914 than current total if trimming has occurred. 915 fsmblks: always zero 916 uordblks: current total allocated space (normal or mmapped) 917 fordblks: total free space 918 keepcost: the maximum number of bytes that could ideally be released 919 back to system via malloc_trim. ("ideally" means that 920 it ignores page restrictions etc.) 921 922 Because these fields are ints, but internal bookkeeping may 923 be kept as longs, the reported values may wrap around zero and 924 thus be inaccurate. 925*/ 926struct mallinfo dlmallinfo(void); 927#endif/* NO_MALLINFO */ 928 929/* 930 independent_calloc(size_t n_elements, size_t element_size, void* chunks[]); 931 932 independent_calloc is similar to calloc, but instead of returning a 933 single cleared space, it returns an array of pointers to n_elements 934 independent elements that can hold contents of size elem_size, each 935 of which starts out cleared, and can be independently freed, 936 realloc'ed etc. The elements are guaranteed to be adjacently 937 allocated (this is not guaranteed to occur with multiple callocs or 938 mallocs), which may also improve cache locality in some 939 applications. 940 941 The "chunks" argument is optional (i.e., may be null, which is 942 probably the most typical usage). If it is null, the returned array 943 is itself dynamically allocated and should also be freed when it is 944 no longer needed. Otherwise, the chunks array must be of at least 945 n_elements in length. It is filled in with the pointers to the 946 chunks. 947 948 In either case, independent_calloc returns this pointer array, or 949 null if the allocation failed. If n_elements is zero and "chunks" 950 is null, it returns a chunk representing an array with zero elements 951 (which should be freed if not wanted). 952 953 Each element must be individually freed when it is no longer 954 needed. If you'd like to instead be able to free all at once, you 955 should instead use regular calloc and assign pointers into this 956 space to represent elements. (In this case though, you cannot 957 independently free elements.) 958 959 independent_calloc simplifies and speeds up implementations of many 960 kinds of pools. It may also be useful when constructing large data 961 structures that initially have a fixed number of fixed-sized nodes, 962 but the number is not known at compile time, and some of the nodes 963 may later need to be freed. For example: 964 965 struct Node { int item; struct Node* next; }; 966 967 struct Node* build_list() { 968 struct Node** pool; 969 int n = read_number_of_nodes_needed(); 970 if (n <= 0) return 0; 971 pool = (struct Node**)(independent_calloc(n, sizeof(struct Node), 0); 972 if (pool == 0) die(); 973 // organize into a linked list... 974 struct Node* first = pool[0]; 975 for (i = 0; i < n-1; ++i) 976 pool[i]->next = pool[i+1]; 977 free(pool); // Can now free the array (or not, if it is needed later) 978 return first; 979 } 980*/ 981void**dlindependent_calloc(size_t,size_t,void**); 982 983/* 984 independent_comalloc(size_t n_elements, size_t sizes[], void* chunks[]); 985 986 independent_comalloc allocates, all at once, a set of n_elements 987 chunks with sizes indicated in the "sizes" array. It returns 988 an array of pointers to these elements, each of which can be 989 independently freed, realloc'ed etc. The elements are guaranteed to 990 be adjacently allocated (this is not guaranteed to occur with 991 multiple callocs or mallocs), which may also improve cache locality 992 in some applications. 993 994 The "chunks" argument is optional (i.e., may be null). If it is null 995 the returned array is itself dynamically allocated and should also 996 be freed when it is no longer needed. Otherwise, the chunks array 997 must be of at least n_elements in length. It is filled in with the 998 pointers to the chunks. 9991000 In either case, independent_comalloc returns this pointer array, or1001 null if the allocation failed. If n_elements is zero and chunks is1002 null, it returns a chunk representing an array with zero elements1003 (which should be freed if not wanted).10041005 Each element must be individually freed when it is no longer1006 needed. If you'd like to instead be able to free all at once, you1007 should instead use a single regular malloc, and assign pointers at1008 particular offsets in the aggregate space. (In this case though, you1009 cannot independently free elements.)10101011 independent_comallac differs from independent_calloc in that each1012 element may have a different size, and also that it does not1013 automatically clear elements.10141015 independent_comalloc can be used to speed up allocation in cases1016 where several structs or objects must always be allocated at the1017 same time. For example:10181019 struct Head { ... }1020 struct Foot { ... }10211022 void send_message(char* msg) {1023 int msglen = strlen(msg);1024 size_t sizes[3] = { sizeof(struct Head), msglen, sizeof(struct Foot) };1025 void* chunks[3];1026 if (independent_comalloc(3, sizes, chunks) == 0)1027 die();1028 struct Head* head = (struct Head*)(chunks[0]);1029 char* body = (char*)(chunks[1]);1030 struct Foot* foot = (struct Foot*)(chunks[2]);1031 // ...1032 }10331034 In general though, independent_comalloc is worth using only for1035 larger values of n_elements. For small values, you probably won't1036 detect enough difference from series of malloc calls to bother.10371038 Overuse of independent_comalloc can increase overall memory usage,1039 since it cannot reuse existing noncontiguous small chunks that1040 might be available for some of the elements.1041*/1042void**dlindependent_comalloc(size_t,size_t*,void**);104310441045/*1046 pvalloc(size_t n);1047 Equivalent to valloc(minimum-page-that-holds(n)), that is,1048 round up n to nearest pagesize.1049 */1050void*dlpvalloc(size_t);10511052/*1053 malloc_trim(size_t pad);10541055 If possible, gives memory back to the system (via negative arguments1056 to sbrk) if there is unused memory at the `high' end of the malloc1057 pool or in unused MMAP segments. You can call this after freeing1058 large blocks of memory to potentially reduce the system-level memory1059 requirements of a program. However, it cannot guarantee to reduce1060 memory. Under some allocation patterns, some large free blocks of1061 memory will be locked between two used chunks, so they cannot be1062 given back to the system.10631064 The `pad' argument to malloc_trim represents the amount of free1065 trailing space to leave untrimmed. If this argument is zero, only1066 the minimum amount of memory to maintain internal data structures1067 will be left. Non-zero arguments can be supplied to maintain enough1068 trailing space to service future expected allocations without having1069 to re-obtain memory from the system.10701071 Malloc_trim returns 1 if it actually released any memory, else 0.1072*/1073intdlmalloc_trim(size_t);10741075/*1076 malloc_stats();1077 Prints on stderr the amount of space obtained from the system (both1078 via sbrk and mmap), the maximum amount (which may be more than1079 current if malloc_trim and/or munmap got called), and the current1080 number of bytes allocated via malloc (or realloc, etc) but not yet1081 freed. Note that this is the number of bytes allocated, not the1082 number requested. It will be larger than the number requested1083 because of alignment and bookkeeping overhead. Because it includes1084 alignment wastage as being in use, this figure may be greater than1085 zero even when no user-level chunks are allocated.10861087 The reported current and maximum system memory can be inaccurate if1088 a program makes other calls to system memory allocation functions1089 (normally sbrk) outside of malloc.10901091 malloc_stats prints only the most commonly interesting statistics.1092 More information can be obtained by calling mallinfo.1093*/1094voiddlmalloc_stats(void);10951096#endif/* ONLY_MSPACES */10971098/*1099 malloc_usable_size(void* p);11001101 Returns the number of bytes you can actually use in1102 an allocated chunk, which may be more than you requested (although1103 often not) due to alignment and minimum size constraints.1104 You can use this many bytes without worrying about1105 overwriting other allocated objects. This is not a particularly great1106 programming practice. malloc_usable_size can be more useful in1107 debugging and assertions, for example:11081109 p = malloc(n);1110 assert(malloc_usable_size(p) >= 256);1111*/1112size_tdlmalloc_usable_size(void*);111311141115#if MSPACES11161117/*1118 mspace is an opaque type representing an independent1119 region of space that supports mspace_malloc, etc.1120*/1121typedefvoid* mspace;11221123/*1124 create_mspace creates and returns a new independent space with the1125 given initial capacity, or, if 0, the default granularity size. It1126 returns null if there is no system memory available to create the1127 space. If argument locked is non-zero, the space uses a separate1128 lock to control access. The capacity of the space will grow1129 dynamically as needed to service mspace_malloc requests. You can1130 control the sizes of incremental increases of this space by1131 compiling with a different DEFAULT_GRANULARITY or dynamically1132 setting with mallopt(M_GRANULARITY, value).1133*/1134mspace create_mspace(size_t capacity,int locked);11351136/*1137 destroy_mspace destroys the given space, and attempts to return all1138 of its memory back to the system, returning the total number of1139 bytes freed. After destruction, the results of access to all memory1140 used by the space become undefined.1141*/1142size_tdestroy_mspace(mspace msp);11431144/*1145 create_mspace_with_base uses the memory supplied as the initial base1146 of a new mspace. Part (less than 128*sizeof(size_t) bytes) of this1147 space is used for bookkeeping, so the capacity must be at least this1148 large. (Otherwise 0 is returned.) When this initial space is1149 exhausted, additional memory will be obtained from the system.1150 Destroying this space will deallocate all additionally allocated1151 space (if possible) but not the initial base.1152*/1153mspace create_mspace_with_base(void* base,size_t capacity,int locked);11541155/*1156 mspace_mmap_large_chunks controls whether requests for large chunks1157 are allocated in their own mmapped regions, separate from others in1158 this mspace. By default this is enabled, which reduces1159 fragmentation. However, such chunks are not necessarily released to1160 the system upon destroy_mspace. Disabling by setting to false may1161 increase fragmentation, but avoids leakage when relying on1162 destroy_mspace to release all memory allocated using this space.1163*/1164intmspace_mmap_large_chunks(mspace msp,int enable);116511661167/*1168 mspace_malloc behaves as malloc, but operates within1169 the given space.1170*/1171void*mspace_malloc(mspace msp,size_t bytes);11721173/*1174 mspace_free behaves as free, but operates within1175 the given space.11761177 If compiled with FOOTERS==1, mspace_free is not actually needed.1178 free may be called instead of mspace_free because freed chunks from1179 any space are handled by their originating spaces.1180*/1181voidmspace_free(mspace msp,void* mem);11821183/*1184 mspace_realloc behaves as realloc, but operates within1185 the given space.11861187 If compiled with FOOTERS==1, mspace_realloc is not actually1188 needed. realloc may be called instead of mspace_realloc because1189 realloced chunks from any space are handled by their originating1190 spaces.1191*/1192void*mspace_realloc(mspace msp,void* mem,size_t newsize);11931194/*1195 mspace_calloc behaves as calloc, but operates within1196 the given space.1197*/1198void*mspace_calloc(mspace msp,size_t n_elements,size_t elem_size);11991200/*1201 mspace_memalign behaves as memalign, but operates within1202 the given space.1203*/1204void*mspace_memalign(mspace msp,size_t alignment,size_t bytes);12051206/*1207 mspace_independent_calloc behaves as independent_calloc, but1208 operates within the given space.1209*/1210void**mspace_independent_calloc(mspace msp,size_t n_elements,1211size_t elem_size,void* chunks[]);12121213/*1214 mspace_independent_comalloc behaves as independent_comalloc, but1215 operates within the given space.1216*/1217void**mspace_independent_comalloc(mspace msp,size_t n_elements,1218size_t sizes[],void* chunks[]);12191220/*1221 mspace_footprint() returns the number of bytes obtained from the1222 system for this space.1223*/1224size_tmspace_footprint(mspace msp);12251226/*1227 mspace_max_footprint() returns the peak number of bytes obtained from the1228 system for this space.1229*/1230size_tmspace_max_footprint(mspace msp);123112321233#if !NO_MALLINFO1234/*1235 mspace_mallinfo behaves as mallinfo, but reports properties of1236 the given space.1237*/1238struct mallinfo mspace_mallinfo(mspace msp);1239#endif/* NO_MALLINFO */12401241/*1242 malloc_usable_size(void* p) behaves the same as malloc_usable_size;1243*/1244size_tmspace_usable_size(void* mem);12451246/*1247 mspace_malloc_stats behaves as malloc_stats, but reports1248 properties of the given space.1249*/1250voidmspace_malloc_stats(mspace msp);12511252/*1253 mspace_trim behaves as malloc_trim, but1254 operates within the given space.1255*/1256intmspace_trim(mspace msp,size_t pad);12571258/*1259 An alias for mallopt.1260*/1261intmspace_mallopt(int,int);12621263#endif/* MSPACES */12641265#ifdef __cplusplus1266};/* end of extern "C" */1267#endif/* __cplusplus */12681269/*1270 ========================================================================1271 To make a fully customizable malloc.h header file, cut everything1272 above this line, put into file malloc.h, edit to suit, and #include it1273 on the next line, as well as in programs that use this malloc.1274 ========================================================================1275*/12761277/* #include "malloc.h" */12781279/*------------------------------ internal #includes ---------------------- */12801281#ifdef WIN321282#ifndef __GNUC__1283#pragma warning( disable : 4146 )/* no "unsigned" warnings */1284#endif1285#endif/* WIN32 */12861287#include <stdio.h>/* for printing in malloc_stats */12881289#ifndef LACKS_ERRNO_H1290#include <errno.h>/* for MALLOC_FAILURE_ACTION */1291#endif/* LACKS_ERRNO_H */1292#if FOOTERS1293#include <time.h>/* for magic initialization */1294#endif/* FOOTERS */1295#ifndef LACKS_STDLIB_H1296#include <stdlib.h>/* for abort() */1297#endif/* LACKS_STDLIB_H */1298#ifdef DEBUG1299#if ABORT_ON_ASSERT_FAILURE1300#define assert(x) if(!(x)) ABORT1301#else/* ABORT_ON_ASSERT_FAILURE */1302#include <assert.h>1303#endif/* ABORT_ON_ASSERT_FAILURE */1304#else/* DEBUG */1305#ifndef assert1306#define assert(x)1307#endif1308#define DEBUG 01309#endif/* DEBUG */1310#ifndef LACKS_STRING_H1311#include <string.h>/* for memset etc */1312#endif/* LACKS_STRING_H */1313#if USE_BUILTIN_FFS1314#ifndef LACKS_STRINGS_H1315#include <strings.h>/* for ffs */1316#endif/* LACKS_STRINGS_H */1317#endif/* USE_BUILTIN_FFS */1318#if HAVE_MMAP1319#ifndef LACKS_SYS_MMAN_H1320#include <sys/mman.h>/* for mmap */1321#endif/* LACKS_SYS_MMAN_H */1322#ifndef LACKS_FCNTL_H1323#include <fcntl.h>1324#endif/* LACKS_FCNTL_H */1325#endif/* HAVE_MMAP */1326#ifndef LACKS_UNISTD_H1327#include <unistd.h>/* for sbrk, sysconf */1328#else/* LACKS_UNISTD_H */1329#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__)1330externvoid*sbrk(ptrdiff_t);1331#endif/* FreeBSD etc */1332#endif/* LACKS_UNISTD_H */13331334/* Declarations for locking */1335#if USE_LOCKS1336#ifndef WIN321337#include <pthread.h>1338#if defined (__SVR4) && defined (__sun)/* solaris */1339#include <thread.h>1340#endif/* solaris */1341#else1342#ifndef _M_AMD641343/* These are already defined on AMD64 builds */1344#ifdef __cplusplus1345extern"C"{1346#endif/* __cplusplus */1347#ifndef __MINGW32__1348LONG __cdecl _InterlockedCompareExchange(LONG volatile*Dest, LONG Exchange, LONG Comp);1349LONG __cdecl _InterlockedExchange(LONG volatile*Target, LONG Value);1350#endif1351#ifdef __cplusplus1352}1353#endif/* __cplusplus */1354#endif/* _M_AMD64 */1355#ifndef __MINGW32__1356#pragma intrinsic (_InterlockedCompareExchange)1357#pragma intrinsic (_InterlockedExchange)1358#else1359/* --[ start GCC compatibility ]----------------------------------------------1360 * Compatibility <intrin_x86.h> header for GCC -- GCC equivalents of intrinsic1361 * Microsoft Visual C++ functions. Originally developed for the ReactOS1362 * (<http://www.reactos.org/>) and TinyKrnl (<http://www.tinykrnl.org/>)1363 * projects.1364 *1365 * Copyright (c) 2006 KJK::Hyperion <hackbunny@reactos.com>1366 *1367 * Permission is hereby granted, free of charge, to any person obtaining a1368 * copy of this software and associated documentation files (the "Software"),1369 * to deal in the Software without restriction, including without limitation1370 * the rights to use, copy, modify, merge, publish, distribute, sublicense,1371 * and/or sell copies of the Software, and to permit persons to whom the1372 * Software is furnished to do so, subject to the following conditions:1373 *1374 * The above copyright notice and this permission notice shall be included in1375 * all copies or substantial portions of the Software.1376 *1377 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR1378 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,1379 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE1380 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER1381 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING1382 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER1383 * DEALINGS IN THE SOFTWARE.1384 */13851386/*** Atomic operations ***/1387#if (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) > 401001388#undef _ReadWriteBarrier1389#define _ReadWriteBarrier() __sync_synchronize()1390#else1391static __inline__ __attribute__((always_inline))long__sync_lock_test_and_set(volatilelong*const Target,const long Value)1392{1393long res;1394 __asm__ __volatile__("xchg%z0%2,%0":"=g"(*(Target)),"=r"(res) :"1"(Value));1395return res;1396}1397static void __inline__ __attribute__((always_inline))_MemoryBarrier(void)1398{1399 __asm__ __volatile__("": : :"memory");1400}1401#define _ReadWriteBarrier() _MemoryBarrier()1402#endif1403/* BUGBUG: GCC only supports full barriers */1404static __inline__ __attribute__((always_inline))long_InterlockedExchange(volatilelong*const Target,const long Value)1405{1406/* NOTE: __sync_lock_test_and_set would be an acquire barrier, so we force a full barrier */1407_ReadWriteBarrier();1408return__sync_lock_test_and_set(Target, Value);1409}1410/* --[ end GCC compatibility ]---------------------------------------------- */1411#endif1412#define interlockedcompareexchange _InterlockedCompareExchange1413#define interlockedexchange _InterlockedExchange1414#endif/* Win32 */1415#endif/* USE_LOCKS */14161417/* Declarations for bit scanning on win32 */1418#if defined(_MSC_VER) && _MSC_VER>=13001419#ifndef BitScanForward/* Try to avoid pulling in WinNT.h */1420#ifdef __cplusplus1421extern"C"{1422#endif/* __cplusplus */1423unsigned char_BitScanForward(unsigned long*index,unsigned long mask);1424unsigned char_BitScanReverse(unsigned long*index,unsigned long mask);1425#ifdef __cplusplus1426}1427#endif/* __cplusplus */14281429#define BitScanForward _BitScanForward1430#define BitScanReverse _BitScanReverse1431#pragma intrinsic(_BitScanForward)1432#pragma intrinsic(_BitScanReverse)1433#endif/* BitScanForward */1434#endif/* defined(_MSC_VER) && _MSC_VER>=1300 */14351436#ifndef WIN321437#ifndef malloc_getpagesize1438# ifdef _SC_PAGESIZE/* some SVR4 systems omit an underscore */1439# ifndef _SC_PAGE_SIZE1440# define _SC_PAGE_SIZE _SC_PAGESIZE1441# endif1442# endif1443# ifdef _SC_PAGE_SIZE1444# define malloc_getpagesize sysconf(_SC_PAGE_SIZE)1445# else1446# if defined(BSD) || defined(DGUX) || defined(HAVE_GETPAGESIZE)1447externsize_tgetpagesize();1448# define malloc_getpagesize getpagesize()1449# else1450# ifdef WIN32/* use supplied emulation of getpagesize */1451# define malloc_getpagesize getpagesize()1452# else1453# ifndef LACKS_SYS_PARAM_H1454# include <sys/param.h>1455# endif1456# ifdef EXEC_PAGESIZE1457# define malloc_getpagesize EXEC_PAGESIZE1458# else1459# ifdef NBPG1460# ifndef CLSIZE1461# define malloc_getpagesize NBPG1462# else1463# define malloc_getpagesize (NBPG * CLSIZE)1464# endif1465# else1466# ifdef NBPC1467# define malloc_getpagesize NBPC1468# else1469# ifdef PAGESIZE1470# define malloc_getpagesize PAGESIZE1471# else/* just guess */1472# define malloc_getpagesize ((size_t)4096U)1473# endif1474# endif1475# endif1476# endif1477# endif1478# endif1479# endif1480#endif1481#endif1482148314841485/* ------------------- size_t and alignment properties -------------------- */14861487/* The byte and bit size of a size_t */1488#define SIZE_T_SIZE (sizeof(size_t))1489#define SIZE_T_BITSIZE (sizeof(size_t) << 3)14901491/* Some constants coerced to size_t */1492/* Annoying but necessary to avoid errors on some platforms */1493#define SIZE_T_ZERO ((size_t)0)1494#define SIZE_T_ONE ((size_t)1)1495#define SIZE_T_TWO ((size_t)2)1496#define SIZE_T_FOUR ((size_t)4)1497#define TWO_SIZE_T_SIZES (SIZE_T_SIZE<<1)1498#define FOUR_SIZE_T_SIZES (SIZE_T_SIZE<<2)1499#define SIX_SIZE_T_SIZES (FOUR_SIZE_T_SIZES+TWO_SIZE_T_SIZES)1500#define HALF_MAX_SIZE_T (MAX_SIZE_T / 2U)15011502/* The bit mask value corresponding to MALLOC_ALIGNMENT */1503#define CHUNK_ALIGN_MASK (MALLOC_ALIGNMENT - SIZE_T_ONE)15041505/* True if address a has acceptable alignment */1506#define is_aligned(A) (((size_t)((A)) & (CHUNK_ALIGN_MASK)) == 0)15071508/* the number of bytes to offset an address to align it */1509#define align_offset(A)\1510 ((((size_t)(A) & CHUNK_ALIGN_MASK) == 0)? 0 :\1511 ((MALLOC_ALIGNMENT - ((size_t)(A) & CHUNK_ALIGN_MASK)) & CHUNK_ALIGN_MASK))15121513/* -------------------------- MMAP preliminaries ------------------------- */15141515/*1516 If HAVE_MORECORE or HAVE_MMAP are false, we just define calls and1517 checks to fail so compiler optimizer can delete code rather than1518 using so many "#if"s.1519*/152015211522/* MORECORE and MMAP must return MFAIL on failure */1523#define MFAIL ((void*)(MAX_SIZE_T))1524#define CMFAIL ((char*)(MFAIL))/* defined for convenience */15251526#if HAVE_MMAP15271528#ifndef WIN321529#define MUNMAP_DEFAULT(a, s) munmap((a), (s))1530#define MMAP_PROT (PROT_READ|PROT_WRITE)1531#if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)1532#define MAP_ANONYMOUS MAP_ANON1533#endif/* MAP_ANON */1534#ifdef MAP_ANONYMOUS1535#define MMAP_FLAGS (MAP_PRIVATE|MAP_ANONYMOUS)1536#define MMAP_DEFAULT(s) mmap(0, (s), MMAP_PROT, MMAP_FLAGS, -1, 0)1537#else/* MAP_ANONYMOUS */1538/*1539 Nearly all versions of mmap support MAP_ANONYMOUS, so the following1540 is unlikely to be needed, but is supplied just in case.1541*/1542#define MMAP_FLAGS (MAP_PRIVATE)1543static int dev_zero_fd = -1;/* Cached file descriptor for /dev/zero. */1544#define MMAP_DEFAULT(s) ((dev_zero_fd < 0) ? \1545 (dev_zero_fd = open("/dev/zero", O_RDWR), \1546 mmap(0, (s), MMAP_PROT, MMAP_FLAGS, dev_zero_fd, 0)) : \1547 mmap(0, (s), MMAP_PROT, MMAP_FLAGS, dev_zero_fd, 0))1548#endif/* MAP_ANONYMOUS */15491550#define DIRECT_MMAP_DEFAULT(s) MMAP_DEFAULT(s)15511552#else/* WIN32 */15531554/* Win32 MMAP via VirtualAlloc */1555static FORCEINLINE void*win32mmap(size_t size) {1556void* ptr =VirtualAlloc(0, size, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);1557return(ptr !=0)? ptr: MFAIL;1558}15591560/* For direct MMAP, use MEM_TOP_DOWN to minimize interference */1561static FORCEINLINE void*win32direct_mmap(size_t size) {1562void* ptr =VirtualAlloc(0, size, MEM_RESERVE|MEM_COMMIT|MEM_TOP_DOWN,1563 PAGE_READWRITE);1564return(ptr !=0)? ptr: MFAIL;1565}15661567/* This function supports releasing coalesed segments */1568static FORCEINLINE intwin32munmap(void* ptr,size_t size) {1569 MEMORY_BASIC_INFORMATION minfo;1570char* cptr = (char*)ptr;1571while(size) {1572if(VirtualQuery(cptr, &minfo,sizeof(minfo)) ==0)1573return-1;1574if(minfo.BaseAddress != cptr || minfo.AllocationBase != cptr ||1575 minfo.State != MEM_COMMIT || minfo.RegionSize > size)1576return-1;1577if(VirtualFree(cptr,0, MEM_RELEASE) ==0)1578return-1;1579 cptr += minfo.RegionSize;1580 size -= minfo.RegionSize;1581}1582return0;1583}15841585#define MMAP_DEFAULT(s) win32mmap(s)1586#define MUNMAP_DEFAULT(a, s) win32munmap((a), (s))1587#define DIRECT_MMAP_DEFAULT(s) win32direct_mmap(s)1588#endif/* WIN32 */1589#endif/* HAVE_MMAP */15901591#if HAVE_MREMAP1592#ifndef WIN321593#define MREMAP_DEFAULT(addr, osz, nsz, mv) mremap((addr), (osz), (nsz), (mv))1594#endif/* WIN32 */1595#endif/* HAVE_MREMAP */159615971598/**1599 * Define CALL_MORECORE1600 */1601#if HAVE_MORECORE1602#ifdef MORECORE1603#define CALL_MORECORE(S) MORECORE(S)1604#else/* MORECORE */1605#define CALL_MORECORE(S) MORECORE_DEFAULT(S)1606#endif/* MORECORE */1607#else/* HAVE_MORECORE */1608#define CALL_MORECORE(S) MFAIL1609#endif/* HAVE_MORECORE */16101611/**1612 * Define CALL_MMAP/CALL_MUNMAP/CALL_DIRECT_MMAP1613 */1614#if HAVE_MMAP1615#define IS_MMAPPED_BIT (SIZE_T_ONE)1616#define USE_MMAP_BIT (SIZE_T_ONE)16171618#ifdef MMAP1619#define CALL_MMAP(s) MMAP(s)1620#else/* MMAP */1621#define CALL_MMAP(s) MMAP_DEFAULT(s)1622#endif/* MMAP */1623#ifdef MUNMAP1624#define CALL_MUNMAP(a, s) MUNMAP((a), (s))1625#else/* MUNMAP */1626#define CALL_MUNMAP(a, s) MUNMAP_DEFAULT((a), (s))1627#endif/* MUNMAP */1628#ifdef DIRECT_MMAP1629#define CALL_DIRECT_MMAP(s) DIRECT_MMAP(s)1630#else/* DIRECT_MMAP */1631#define CALL_DIRECT_MMAP(s) DIRECT_MMAP_DEFAULT(s)1632#endif/* DIRECT_MMAP */1633#else/* HAVE_MMAP */1634#define IS_MMAPPED_BIT (SIZE_T_ZERO)1635#define USE_MMAP_BIT (SIZE_T_ZERO)16361637#define MMAP(s) MFAIL1638#define MUNMAP(a, s) (-1)1639#define DIRECT_MMAP(s) MFAIL1640#define CALL_DIRECT_MMAP(s) DIRECT_MMAP(s)1641#define CALL_MMAP(s) MMAP(s)1642#define CALL_MUNMAP(a, s) MUNMAP((a), (s))1643#endif/* HAVE_MMAP */16441645/**1646 * Define CALL_MREMAP1647 */1648#if HAVE_MMAP && HAVE_MREMAP1649#ifdef MREMAP1650#define CALL_MREMAP(addr, osz, nsz, mv) MREMAP((addr), (osz), (nsz), (mv))1651#else/* MREMAP */1652#define CALL_MREMAP(addr, osz, nsz, mv) MREMAP_DEFAULT((addr), (osz), (nsz), (mv))1653#endif/* MREMAP */1654#else/* HAVE_MMAP && HAVE_MREMAP */1655#define CALL_MREMAP(addr, osz, nsz, mv) MFAIL1656#endif/* HAVE_MMAP && HAVE_MREMAP */16571658/* mstate bit set if continguous morecore disabled or failed */1659#define USE_NONCONTIGUOUS_BIT (4U)16601661/* segment bit set in create_mspace_with_base */1662#define EXTERN_BIT (8U)166316641665/* --------------------------- Lock preliminaries ------------------------ */16661667/*1668 When locks are defined, there is one global lock, plus1669 one per-mspace lock.16701671 The global lock_ensures that mparams.magic and other unique1672 mparams values are initialized only once. It also protects1673 sequences of calls to MORECORE. In many cases sys_alloc requires1674 two calls, that should not be interleaved with calls by other1675 threads. This does not protect against direct calls to MORECORE1676 by other threads not using this lock, so there is still code to1677 cope the best we can on interference.16781679 Per-mspace locks surround calls to malloc, free, etc. To enable use1680 in layered extensions, per-mspace locks are reentrant.16811682 Because lock-protected regions generally have bounded times, it is1683 OK to use the supplied simple spinlocks in the custom versions for1684 x86.16851686 If USE_LOCKS is > 1, the definitions of lock routines here are1687 bypassed, in which case you will need to define at least1688 INITIAL_LOCK, ACQUIRE_LOCK, RELEASE_LOCK and possibly TRY_LOCK1689 (which is not used in this malloc, but commonly needed in1690 extensions.)1691*/16921693#if USE_LOCKS == 116941695#if USE_SPIN_LOCKS1696#ifndef WIN3216971698/* Custom pthread-style spin locks on x86 and x64 for gcc */1699struct pthread_mlock_t {1700volatileunsigned int l;1701volatileunsigned int c;1702volatile pthread_t threadid;1703};1704#define MLOCK_T struct pthread_mlock_t1705#define CURRENT_THREAD pthread_self()1706#define INITIAL_LOCK(sl) (memset(sl, 0, sizeof(MLOCK_T)), 0)1707#define ACQUIRE_LOCK(sl) pthread_acquire_lock(sl)1708#define RELEASE_LOCK(sl) pthread_release_lock(sl)1709#define TRY_LOCK(sl) pthread_try_lock(sl)1710#define SPINS_PER_YIELD 6317111712static MLOCK_T malloc_global_mutex = {0,0,0};17131714static FORCEINLINE intpthread_acquire_lock(MLOCK_T *sl) {1715int spins =0;1716volatileunsigned int* lp = &sl->l;1717for(;;) {1718if(*lp !=0) {1719if(sl->threadid == CURRENT_THREAD) {1720++sl->c;1721return0;1722}1723}1724else{1725/* place args to cmpxchgl in locals to evade oddities in some gccs */1726int cmp =0;1727int val =1;1728int ret;1729 __asm__ __volatile__("lock; cmpxchgl%1,%2"1730:"=a"(ret)1731:"r"(val),"m"(*(lp)),"0"(cmp)1732:"memory","cc");1733if(!ret) {1734assert(!sl->threadid);1735 sl->c =1;1736 sl->threadid = CURRENT_THREAD;1737return0;1738}1739if((++spins & SPINS_PER_YIELD) ==0) {1740#if defined (__SVR4) && defined (__sun)/* solaris */1741thr_yield();1742#else1743#if defined(__linux__) || defined(__FreeBSD__) || defined(__APPLE__)1744sched_yield();1745#else/* no-op yield on unknown systems */1746;1747#endif/* __linux__ || __FreeBSD__ || __APPLE__ */1748#endif/* solaris */1749}1750}1751}1752}17531754static FORCEINLINE voidpthread_release_lock(MLOCK_T *sl) {1755assert(sl->l !=0);1756assert(sl->threadid == CURRENT_THREAD);1757if(--sl->c ==0) {1758 sl->threadid =0;1759volatileunsigned int* lp = &sl->l;1760int prev =0;1761int ret;1762 __asm__ __volatile__("lock; xchgl%0,%1"1763:"=r"(ret)1764:"m"(*(lp)),"0"(prev)1765:"memory");1766}1767}17681769static FORCEINLINE intpthread_try_lock(MLOCK_T *sl) {1770volatileunsigned int* lp = &sl->l;1771if(*lp !=0) {1772if(sl->threadid == CURRENT_THREAD) {1773++sl->c;1774return1;1775}1776}1777else{1778int cmp =0;1779int val =1;1780int ret;1781 __asm__ __volatile__("lock; cmpxchgl%1,%2"1782:"=a"(ret)1783:"r"(val),"m"(*(lp)),"0"(cmp)1784:"memory","cc");1785if(!ret) {1786assert(!sl->threadid);1787 sl->c =1;1788 sl->threadid = CURRENT_THREAD;1789return1;1790}1791}1792return0;1793}179417951796#else/* WIN32 */1797/* Custom win32-style spin locks on x86 and x64 for MSC */1798struct win32_mlock_t1799{1800volatilelong l;1801volatileunsigned int c;1802volatilelong threadid;1803};18041805#define MLOCK_T struct win32_mlock_t1806#define CURRENT_THREAD win32_getcurrentthreadid()1807#define INITIAL_LOCK(sl) (memset(sl, 0, sizeof(MLOCK_T)), 0)1808#define ACQUIRE_LOCK(sl) win32_acquire_lock(sl)1809#define RELEASE_LOCK(sl) win32_release_lock(sl)1810#define TRY_LOCK(sl) win32_try_lock(sl)1811#define SPINS_PER_YIELD 6318121813static MLOCK_T malloc_global_mutex = {0,0,0};18141815static FORCEINLINE longwin32_getcurrentthreadid(void) {1816#ifdef _MSC_VER1817#if defined(_M_IX86)1818long*threadstruct=(long*)__readfsdword(0x18);1819long threadid=threadstruct[0x24/sizeof(long)];1820return threadid;1821#elif defined(_M_X64)1822/* todo */1823returnGetCurrentThreadId();1824#else1825returnGetCurrentThreadId();1826#endif1827#else1828returnGetCurrentThreadId();1829#endif1830}18311832static FORCEINLINE intwin32_acquire_lock(MLOCK_T *sl) {1833int spins =0;1834for(;;) {1835if(sl->l !=0) {1836if(sl->threadid == CURRENT_THREAD) {1837++sl->c;1838return0;1839}1840}1841else{1842if(!interlockedexchange(&sl->l,1)) {1843assert(!sl->threadid);1844 sl->c=CURRENT_THREAD;1845 sl->threadid = CURRENT_THREAD;1846 sl->c =1;1847return0;1848}1849}1850if((++spins & SPINS_PER_YIELD) ==0)1851SleepEx(0, FALSE);1852}1853}18541855static FORCEINLINE voidwin32_release_lock(MLOCK_T *sl) {1856assert(sl->threadid == CURRENT_THREAD);1857assert(sl->l !=0);1858if(--sl->c ==0) {1859 sl->threadid =0;1860interlockedexchange(&sl->l,0);1861}1862}18631864static FORCEINLINE intwin32_try_lock(MLOCK_T *sl) {1865if(sl->l !=0) {1866if(sl->threadid == CURRENT_THREAD) {1867++sl->c;1868return1;1869}1870}1871else{1872if(!interlockedexchange(&sl->l,1)){1873assert(!sl->threadid);1874 sl->threadid = CURRENT_THREAD;1875 sl->c =1;1876return1;1877}1878}1879return0;1880}18811882#endif/* WIN32 */1883#else/* USE_SPIN_LOCKS */18841885#ifndef WIN321886/* pthreads-based locks */18871888#define MLOCK_T pthread_mutex_t1889#define CURRENT_THREAD pthread_self()1890#define INITIAL_LOCK(sl) pthread_init_lock(sl)1891#define ACQUIRE_LOCK(sl) pthread_mutex_lock(sl)1892#define RELEASE_LOCK(sl) pthread_mutex_unlock(sl)1893#define TRY_LOCK(sl) (!pthread_mutex_trylock(sl))18941895static MLOCK_T malloc_global_mutex = PTHREAD_MUTEX_INITIALIZER;18961897/* Cope with old-style linux recursive lock initialization by adding */1898/* skipped internal declaration from pthread.h */1899#ifdef linux1900#ifndef PTHREAD_MUTEX_RECURSIVE1901externint pthread_mutexattr_setkind_np __P((pthread_mutexattr_t *__attr,1902int __kind));1903#define PTHREAD_MUTEX_RECURSIVE PTHREAD_MUTEX_RECURSIVE_NP1904#define pthread_mutexattr_settype(x,y) pthread_mutexattr_setkind_np(x,y)1905#endif1906#endif19071908static intpthread_init_lock(MLOCK_T *sl) {1909 pthread_mutexattr_t attr;1910if(pthread_mutexattr_init(&attr))return1;1911if(pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE))return1;1912if(pthread_mutex_init(sl, &attr))return1;1913if(pthread_mutexattr_destroy(&attr))return1;1914return0;1915}19161917#else/* WIN32 */1918/* Win32 critical sections */1919#define MLOCK_T CRITICAL_SECTION1920#define CURRENT_THREAD GetCurrentThreadId()1921#define INITIAL_LOCK(s) (!InitializeCriticalSectionAndSpinCount((s), 0x80000000|4000))1922#define ACQUIRE_LOCK(s) (EnterCriticalSection(s), 0)1923#define RELEASE_LOCK(s) LeaveCriticalSection(s)1924#define TRY_LOCK(s) TryEnterCriticalSection(s)1925#define NEED_GLOBAL_LOCK_INIT19261927static MLOCK_T malloc_global_mutex;1928staticvolatilelong malloc_global_mutex_status;19291930/* Use spin loop to initialize global lock */1931static voidinit_malloc_global_mutex() {1932for(;;) {1933long stat = malloc_global_mutex_status;1934if(stat >0)1935return;1936/* transition to < 0 while initializing, then to > 0) */1937if(stat ==0&&1938interlockedcompareexchange(&malloc_global_mutex_status, -1,0) ==0) {1939InitializeCriticalSection(&malloc_global_mutex);1940interlockedexchange(&malloc_global_mutex_status,1);1941return;1942}1943SleepEx(0, FALSE);1944}1945}19461947#endif/* WIN32 */1948#endif/* USE_SPIN_LOCKS */1949#endif/* USE_LOCKS == 1 */19501951/* ----------------------- User-defined locks ------------------------ */19521953#if USE_LOCKS > 11954/* Define your own lock implementation here */1955/* #define INITIAL_LOCK(sl) ... */1956/* #define ACQUIRE_LOCK(sl) ... */1957/* #define RELEASE_LOCK(sl) ... */1958/* #define TRY_LOCK(sl) ... */1959/* static MLOCK_T malloc_global_mutex = ... */1960#endif/* USE_LOCKS > 1 */19611962/* ----------------------- Lock-based state ------------------------ */19631964#if USE_LOCKS1965#define USE_LOCK_BIT (2U)1966#else/* USE_LOCKS */1967#define USE_LOCK_BIT (0U)1968#define INITIAL_LOCK(l)1969#endif/* USE_LOCKS */19701971#if USE_LOCKS1972#define ACQUIRE_MALLOC_GLOBAL_LOCK() ACQUIRE_LOCK(&malloc_global_mutex);1973#define RELEASE_MALLOC_GLOBAL_LOCK() RELEASE_LOCK(&malloc_global_mutex);1974#else/* USE_LOCKS */1975#define ACQUIRE_MALLOC_GLOBAL_LOCK()1976#define RELEASE_MALLOC_GLOBAL_LOCK()1977#endif/* USE_LOCKS */197819791980/* ----------------------- Chunk representations ------------------------ */19811982/*1983 (The following includes lightly edited explanations by Colin Plumb.)19841985 The malloc_chunk declaration below is misleading (but accurate and1986 necessary). It declares a "view" into memory allowing access to1987 necessary fields at known offsets from a given base.19881989 Chunks of memory are maintained using a `boundary tag' method as1990 originally described by Knuth. (See the paper by Paul Wilson1991 ftp://ftp.cs.utexas.edu/pub/garbage/allocsrv.ps for a survey of such1992 techniques.) Sizes of free chunks are stored both in the front of1993 each chunk and at the end. This makes consolidating fragmented1994 chunks into bigger chunks fast. The head fields also hold bits1995 representing whether chunks are free or in use.19961997 Here are some pictures to make it clearer. They are "exploded" to1998 show that the state of a chunk can be thought of as extending from1999 the high 31 bits of the head field of its header through the2000 prev_foot and PINUSE_BIT bit of the following chunk header.20012002 A chunk that's in use looks like:20032004 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2005 | Size of previous chunk (if P = 0) |2006 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2007 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |P|2008 | Size of this chunk 1| +-+2009 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2010 | |2011 +- -+2012 | |2013 +- -+2014 | :2015 +- size - sizeof(size_t) available payload bytes -+2016 : |2017 chunk-> +- -+2018 | |2019 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2020 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |1|2021 | Size of next chunk (may or may not be in use) | +-+2022 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+20232024 And if it's free, it looks like this:20252026 chunk-> +- -+2027 | User payload (must be in use, or we would have merged!) |2028 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2029 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |P|2030 | Size of this chunk 0| +-+2031 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2032 | Next pointer |2033 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2034 | Prev pointer |2035 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2036 | :2037 +- size - sizeof(struct chunk) unused bytes -+2038 : |2039 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2040 | Size of this chunk |2041 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2042 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0|2043 | Size of next chunk (must be in use, or we would have merged)| +-+2044 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2045 | :2046 +- User payload -+2047 : |2048 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2049 |0|2050 +-+2051 Note that since we always merge adjacent free chunks, the chunks2052 adjacent to a free chunk must be in use.20532054 Given a pointer to a chunk (which can be derived trivially from the2055 payload pointer) we can, in O(1) time, find out whether the adjacent2056 chunks are free, and if so, unlink them from the lists that they2057 are on and merge them with the current chunk.20582059 Chunks always begin on even word boundaries, so the mem portion2060 (which is returned to the user) is also on an even word boundary, and2061 thus at least double-word aligned.20622063 The P (PINUSE_BIT) bit, stored in the unused low-order bit of the2064 chunk size (which is always a multiple of two words), is an in-use2065 bit for the *previous* chunk. If that bit is *clear*, then the2066 word before the current chunk size contains the previous chunk2067 size, and can be used to find the front of the previous chunk.2068 The very first chunk allocated always has this bit set, preventing2069 access to non-existent (or non-owned) memory. If pinuse is set for2070 any given chunk, then you CANNOT determine the size of the2071 previous chunk, and might even get a memory addressing fault when2072 trying to do so.20732074 The C (CINUSE_BIT) bit, stored in the unused second-lowest bit of2075 the chunk size redundantly records whether the current chunk is2076 inuse. This redundancy enables usage checks within free and realloc,2077 and reduces indirection when freeing and consolidating chunks.20782079 Each freshly allocated chunk must have both cinuse and pinuse set.2080 That is, each allocated chunk borders either a previously allocated2081 and still in-use chunk, or the base of its memory arena. This is2082 ensured by making all allocations from the `lowest' part of any2083 found chunk. Further, no free chunk physically borders another one,2084 so each free chunk is known to be preceded and followed by either2085 inuse chunks or the ends of memory.20862087 Note that the `foot' of the current chunk is actually represented2088 as the prev_foot of the NEXT chunk. This makes it easier to2089 deal with alignments etc but can be very confusing when trying2090 to extend or adapt this code.20912092 The exceptions to all this are20932094 1. The special chunk `top' is the top-most available chunk (i.e.,2095 the one bordering the end of available memory). It is treated2096 specially. Top is never included in any bin, is used only if2097 no other chunk is available, and is released back to the2098 system if it is very large (see M_TRIM_THRESHOLD). In effect,2099 the top chunk is treated as larger (and thus less well2100 fitting) than any other available chunk. The top chunk2101 doesn't update its trailing size field since there is no next2102 contiguous chunk that would have to index off it. However,2103 space is still allocated for it (TOP_FOOT_SIZE) to enable2104 separation or merging when space is extended.21052106 3. Chunks allocated via mmap, which have the lowest-order bit2107 (IS_MMAPPED_BIT) set in their prev_foot fields, and do not set2108 PINUSE_BIT in their head fields. Because they are allocated2109 one-by-one, each must carry its own prev_foot field, which is2110 also used to hold the offset this chunk has within its mmapped2111 region, which is needed to preserve alignment. Each mmapped2112 chunk is trailed by the first two fields of a fake next-chunk2113 for sake of usage checks.21142115*/21162117struct malloc_chunk {2118size_t prev_foot;/* Size of previous chunk (if free). */2119size_t head;/* Size and inuse bits. */2120struct malloc_chunk* fd;/* double links -- used only if free. */2121struct malloc_chunk* bk;2122};21232124typedefstruct malloc_chunk mchunk;2125typedefstruct malloc_chunk* mchunkptr;2126typedefstruct malloc_chunk* sbinptr;/* The type of bins of chunks */2127typedefunsigned int bindex_t;/* Described below */2128typedefunsigned int binmap_t;/* Described below */2129typedefunsigned int flag_t;/* The type of various bit flag sets */21302131/* ------------------- Chunks sizes and alignments ----------------------- */21322133#define MCHUNK_SIZE (sizeof(mchunk))21342135#if FOOTERS2136#define CHUNK_OVERHEAD (TWO_SIZE_T_SIZES)2137#else/* FOOTERS */2138#define CHUNK_OVERHEAD (SIZE_T_SIZE)2139#endif/* FOOTERS */21402141/* MMapped chunks need a second word of overhead ... */2142#define MMAP_CHUNK_OVERHEAD (TWO_SIZE_T_SIZES)2143/* ... and additional padding for fake next-chunk at foot */2144#define MMAP_FOOT_PAD (FOUR_SIZE_T_SIZES)21452146/* The smallest size we can malloc is an aligned minimal chunk */2147#define MIN_CHUNK_SIZE\2148 ((MCHUNK_SIZE + CHUNK_ALIGN_MASK) & ~CHUNK_ALIGN_MASK)21492150/* conversion from malloc headers to user pointers, and back */2151#define chunk2mem(p) ((void*)((char*)(p) + TWO_SIZE_T_SIZES))2152#define mem2chunk(mem) ((mchunkptr)((char*)(mem) - TWO_SIZE_T_SIZES))2153/* chunk associated with aligned address A */2154#define align_as_chunk(A) (mchunkptr)((A) + align_offset(chunk2mem(A)))21552156/* Bounds on request (not chunk) sizes. */2157#define MAX_REQUEST ((-MIN_CHUNK_SIZE) << 2)2158#define MIN_REQUEST (MIN_CHUNK_SIZE - CHUNK_OVERHEAD - SIZE_T_ONE)21592160/* pad request bytes into a usable size */2161#define pad_request(req) \2162 (((req) + CHUNK_OVERHEAD + CHUNK_ALIGN_MASK) & ~CHUNK_ALIGN_MASK)21632164/* pad request, checking for minimum (but not maximum) */2165#define request2size(req) \2166 (((req) < MIN_REQUEST)? MIN_CHUNK_SIZE : pad_request(req))216721682169/* ------------------ Operations on head and foot fields ----------------- */21702171/*2172 The head field of a chunk is or'ed with PINUSE_BIT when previous2173 adjacent chunk in use, and or'ed with CINUSE_BIT if this chunk is in2174 use. If the chunk was obtained with mmap, the prev_foot field has2175 IS_MMAPPED_BIT set, otherwise holding the offset of the base of the2176 mmapped region to the base of the chunk.21772178 FLAG4_BIT is not used by this malloc, but might be useful in extensions.2179*/21802181#define PINUSE_BIT (SIZE_T_ONE)2182#define CINUSE_BIT (SIZE_T_TWO)2183#define FLAG4_BIT (SIZE_T_FOUR)2184#define INUSE_BITS (PINUSE_BIT|CINUSE_BIT)2185#define FLAG_BITS (PINUSE_BIT|CINUSE_BIT|FLAG4_BIT)21862187/* Head value for fenceposts */2188#define FENCEPOST_HEAD (INUSE_BITS|SIZE_T_SIZE)21892190/* extraction of fields from head words */2191#define cinuse(p) ((p)->head & CINUSE_BIT)2192#define pinuse(p) ((p)->head & PINUSE_BIT)2193#define chunksize(p) ((p)->head & ~(FLAG_BITS))21942195#define clear_pinuse(p) ((p)->head &= ~PINUSE_BIT)2196#define clear_cinuse(p) ((p)->head &= ~CINUSE_BIT)21972198/* Treat space at ptr +/- offset as a chunk */2199#define chunk_plus_offset(p, s) ((mchunkptr)(((char*)(p)) + (s)))2200#define chunk_minus_offset(p, s) ((mchunkptr)(((char*)(p)) - (s)))22012202/* Ptr to next or previous physical malloc_chunk. */2203#define next_chunk(p) ((mchunkptr)( ((char*)(p)) + ((p)->head & ~FLAG_BITS)))2204#define prev_chunk(p) ((mchunkptr)( ((char*)(p)) - ((p)->prev_foot) ))22052206/* extract next chunk's pinuse bit */2207#define next_pinuse(p) ((next_chunk(p)->head) & PINUSE_BIT)22082209/* Get/set size at footer */2210#define get_foot(p, s) (((mchunkptr)((char*)(p) + (s)))->prev_foot)2211#define set_foot(p, s) (((mchunkptr)((char*)(p) + (s)))->prev_foot = (s))22122213/* Set size, pinuse bit, and foot */2214#define set_size_and_pinuse_of_free_chunk(p, s)\2215 ((p)->head = (s|PINUSE_BIT), set_foot(p, s))22162217/* Set size, pinuse bit, foot, and clear next pinuse */2218#define set_free_with_pinuse(p, s, n)\2219 (clear_pinuse(n), set_size_and_pinuse_of_free_chunk(p, s))22202221#define is_mmapped(p)\2222 (!((p)->head & PINUSE_BIT) && ((p)->prev_foot & IS_MMAPPED_BIT))22232224/* Get the internal overhead associated with chunk p */2225#define overhead_for(p)\2226 (is_mmapped(p)? MMAP_CHUNK_OVERHEAD : CHUNK_OVERHEAD)22272228/* Return true if malloced space is not necessarily cleared */2229#if MMAP_CLEARS2230#define calloc_must_clear(p) (!is_mmapped(p))2231#else/* MMAP_CLEARS */2232#define calloc_must_clear(p) (1)2233#endif/* MMAP_CLEARS */22342235/* ---------------------- Overlaid data structures ----------------------- */22362237/*2238 When chunks are not in use, they are treated as nodes of either2239 lists or trees.22402241 "Small" chunks are stored in circular doubly-linked lists, and look2242 like this:22432244 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2245 | Size of previous chunk |2246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2247 `head:' | Size of chunk, in bytes |P|2248 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2249 | Forward pointer to next chunk in list |2250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2251 | Back pointer to previous chunk in list |2252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2253 | Unused space (may be 0 bytes long) .2254 . .2255 . |2256nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2257 `foot:' | Size of chunk, in bytes |2258 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+22592260 Larger chunks are kept in a form of bitwise digital trees (aka2261 tries) keyed on chunksizes. Because malloc_tree_chunks are only for2262 free chunks greater than 256 bytes, their size doesn't impose any2263 constraints on user chunk sizes. Each node looks like:22642265 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2266 | Size of previous chunk |2267 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2268 `head:' | Size of chunk, in bytes |P|2269 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2270 | Forward pointer to next chunk of same size |2271 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2272 | Back pointer to previous chunk of same size |2273 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2274 | Pointer to left child (child[0]) |2275 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2276 | Pointer to right child (child[1]) |2277 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2278 | Pointer to parent |2279 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2280 | bin index of this chunk |2281 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2282 | Unused space .2283 . |2284nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2285 `foot:' | Size of chunk, in bytes |2286 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+22872288 Each tree holding treenodes is a tree of unique chunk sizes. Chunks2289 of the same size are arranged in a circularly-linked list, with only2290 the oldest chunk (the next to be used, in our FIFO ordering)2291 actually in the tree. (Tree members are distinguished by a non-null2292 parent pointer.) If a chunk with the same size as an existing node2293 is inserted, it is linked off the existing node using pointers that2294 work in the same way as fd/bk pointers of small chunks.22952296 Each tree contains a power of 2 sized range of chunk sizes (the2297 smallest is 0x100 <= x < 0x180), which is divided in half at each2298 tree level, with the chunks in the smaller half of the range (0x1002299 <= x < 0x140 for the top nose) in the left subtree and the larger2300 half (0x140 <= x < 0x180) in the right subtree. This is, of course,2301 done by inspecting individual bits.23022303 Using these rules, each node's left subtree contains all smaller2304 sizes than its right subtree. However, the node at the root of each2305 subtree has no particular ordering relationship to either. (The2306 dividing line between the subtree sizes is based on trie relation.)2307 If we remove the last chunk of a given size from the interior of the2308 tree, we need to replace it with a leaf node. The tree ordering2309 rules permit a node to be replaced by any leaf below it.23102311 The smallest chunk in a tree (a common operation in a best-fit2312 allocator) can be found by walking a path to the leftmost leaf in2313 the tree. Unlike a usual binary tree, where we follow left child2314 pointers until we reach a null, here we follow the right child2315 pointer any time the left one is null, until we reach a leaf with2316 both child pointers null. The smallest chunk in the tree will be2317 somewhere along that path.23182319 The worst case number of steps to add, find, or remove a node is2320 bounded by the number of bits differentiating chunks within2321 bins. Under current bin calculations, this ranges from 6 up to 212322 (for 32 bit sizes) or up to 53 (for 64 bit sizes). The typical case2323 is of course much better.2324*/23252326struct malloc_tree_chunk {2327/* The first four fields must be compatible with malloc_chunk */2328size_t prev_foot;2329size_t head;2330struct malloc_tree_chunk* fd;2331struct malloc_tree_chunk* bk;23322333struct malloc_tree_chunk* child[2];2334struct malloc_tree_chunk* parent;2335 bindex_t index;2336};23372338typedefstruct malloc_tree_chunk tchunk;2339typedefstruct malloc_tree_chunk* tchunkptr;2340typedefstruct malloc_tree_chunk* tbinptr;/* The type of bins of trees */23412342/* A little helper macro for trees */2343#define leftmost_child(t) ((t)->child[0] != 0? (t)->child[0] : (t)->child[1])23442345/* ----------------------------- Segments -------------------------------- */23462347/*2348 Each malloc space may include non-contiguous segments, held in a2349 list headed by an embedded malloc_segment record representing the2350 top-most space. Segments also include flags holding properties of2351 the space. Large chunks that are directly allocated by mmap are not2352 included in this list. They are instead independently created and2353 destroyed without otherwise keeping track of them.23542355 Segment management mainly comes into play for spaces allocated by2356 MMAP. Any call to MMAP might or might not return memory that is2357 adjacent to an existing segment. MORECORE normally contiguously2358 extends the current space, so this space is almost always adjacent,2359 which is simpler and faster to deal with. (This is why MORECORE is2360 used preferentially to MMAP when both are available -- see2361 sys_alloc.) When allocating using MMAP, we don't use any of the2362 hinting mechanisms (inconsistently) supported in various2363 implementations of unix mmap, or distinguish reserving from2364 committing memory. Instead, we just ask for space, and exploit2365 contiguity when we get it. It is probably possible to do2366 better than this on some systems, but no general scheme seems2367 to be significantly better.23682369 Management entails a simpler variant of the consolidation scheme2370 used for chunks to reduce fragmentation -- new adjacent memory is2371 normally prepended or appended to an existing segment. However,2372 there are limitations compared to chunk consolidation that mostly2373 reflect the fact that segment processing is relatively infrequent2374 (occurring only when getting memory from system) and that we2375 don't expect to have huge numbers of segments:23762377 * Segments are not indexed, so traversal requires linear scans. (It2378 would be possible to index these, but is not worth the extra2379 overhead and complexity for most programs on most platforms.)2380 * New segments are only appended to old ones when holding top-most2381 memory; if they cannot be prepended to others, they are held in2382 different segments.23832384 Except for the top-most segment of an mstate, each segment record2385 is kept at the tail of its segment. Segments are added by pushing2386 segment records onto the list headed by &mstate.seg for the2387 containing mstate.23882389 Segment flags control allocation/merge/deallocation policies:2390 * If EXTERN_BIT set, then we did not allocate this segment,2391 and so should not try to deallocate or merge with others.2392 (This currently holds only for the initial segment passed2393 into create_mspace_with_base.)2394 * If IS_MMAPPED_BIT set, the segment may be merged with2395 other surrounding mmapped segments and trimmed/de-allocated2396 using munmap.2397 * If neither bit is set, then the segment was obtained using2398 MORECORE so can be merged with surrounding MORECORE'd segments2399 and deallocated/trimmed using MORECORE with negative arguments.2400*/24012402struct malloc_segment {2403char* base;/* base address */2404size_t size;/* allocated size */2405struct malloc_segment* next;/* ptr to next segment */2406 flag_t sflags;/* mmap and extern flag */2407};24082409#define is_mmapped_segment(S) ((S)->sflags & IS_MMAPPED_BIT)2410#define is_extern_segment(S) ((S)->sflags & EXTERN_BIT)24112412typedefstruct malloc_segment msegment;2413typedefstruct malloc_segment* msegmentptr;24142415/* ---------------------------- malloc_state ----------------------------- */24162417/*2418 A malloc_state holds all of the bookkeeping for a space.2419 The main fields are:24202421 Top2422 The topmost chunk of the currently active segment. Its size is2423 cached in topsize. The actual size of topmost space is2424 topsize+TOP_FOOT_SIZE, which includes space reserved for adding2425 fenceposts and segment records if necessary when getting more2426 space from the system. The size at which to autotrim top is2427 cached from mparams in trim_check, except that it is disabled if2428 an autotrim fails.24292430 Designated victim (dv)2431 This is the preferred chunk for servicing small requests that2432 don't have exact fits. It is normally the chunk split off most2433 recently to service another small request. Its size is cached in2434 dvsize. The link fields of this chunk are not maintained since it2435 is not kept in a bin.24362437 SmallBins2438 An array of bin headers for free chunks. These bins hold chunks2439 with sizes less than MIN_LARGE_SIZE bytes. Each bin contains2440 chunks of all the same size, spaced 8 bytes apart. To simplify2441 use in double-linked lists, each bin header acts as a malloc_chunk2442 pointing to the real first node, if it exists (else pointing to2443 itself). This avoids special-casing for headers. But to avoid2444 waste, we allocate only the fd/bk pointers of bins, and then use2445 repositioning tricks to treat these as the fields of a chunk.24462447 TreeBins2448 Treebins are pointers to the roots of trees holding a range of2449 sizes. There are 2 equally spaced treebins for each power of two2450 from TREE_SHIFT to TREE_SHIFT+16. The last bin holds anything2451 larger.24522453 Bin maps2454 There is one bit map for small bins ("smallmap") and one for2455 treebins ("treemap). Each bin sets its bit when non-empty, and2456 clears the bit when empty. Bit operations are then used to avoid2457 bin-by-bin searching -- nearly all "search" is done without ever2458 looking at bins that won't be selected. The bit maps2459 conservatively use 32 bits per map word, even if on 64bit system.2460 For a good description of some of the bit-based techniques used2461 here, see Henry S. Warren Jr's book "Hacker's Delight" (and2462 supplement at http://hackersdelight.org/). Many of these are2463 intended to reduce the branchiness of paths through malloc etc, as2464 well as to reduce the number of memory locations read or written.24652466 Segments2467 A list of segments headed by an embedded malloc_segment record2468 representing the initial space.24692470 Address check support2471 The least_addr field is the least address ever obtained from2472 MORECORE or MMAP. Attempted frees and reallocs of any address less2473 than this are trapped (unless INSECURE is defined).24742475 Magic tag2476 A cross-check field that should always hold same value as mparams.magic.24772478 Flags2479 Bits recording whether to use MMAP, locks, or contiguous MORECORE24802481 Statistics2482 Each space keeps track of current and maximum system memory2483 obtained via MORECORE or MMAP.24842485 Trim support2486 Fields holding the amount of unused topmost memory that should trigger2487 timming, and a counter to force periodic scanning to release unused2488 non-topmost segments.24892490 Locking2491 If USE_LOCKS is defined, the "mutex" lock is acquired and released2492 around every public call using this mspace.24932494 Extension support2495 A void* pointer and a size_t field that can be used to help implement2496 extensions to this malloc.2497*/24982499/* Bin types, widths and sizes */2500#define NSMALLBINS (32U)2501#define NTREEBINS (32U)2502#define SMALLBIN_SHIFT (3U)2503#define SMALLBIN_WIDTH (SIZE_T_ONE << SMALLBIN_SHIFT)2504#define TREEBIN_SHIFT (8U)2505#define MIN_LARGE_SIZE (SIZE_T_ONE << TREEBIN_SHIFT)2506#define MAX_SMALL_SIZE (MIN_LARGE_SIZE - SIZE_T_ONE)2507#define MAX_SMALL_REQUEST (MAX_SMALL_SIZE - CHUNK_ALIGN_MASK - CHUNK_OVERHEAD)25082509struct malloc_state {2510 binmap_t smallmap;2511 binmap_t treemap;2512size_t dvsize;2513size_t topsize;2514char* least_addr;2515 mchunkptr dv;2516 mchunkptr top;2517size_t trim_check;2518size_t release_checks;2519size_t magic;2520 mchunkptr smallbins[(NSMALLBINS+1)*2];2521 tbinptr treebins[NTREEBINS];2522size_t footprint;2523size_t max_footprint;2524 flag_t mflags;2525#if USE_LOCKS2526 MLOCK_T mutex;/* locate lock among fields that rarely change */2527#endif/* USE_LOCKS */2528 msegment seg;2529void* extp;/* Unused but available for extensions */2530size_t exts;2531};25322533typedefstruct malloc_state* mstate;25342535/* ------------- Global malloc_state and malloc_params ------------------- */25362537/*2538 malloc_params holds global properties, including those that can be2539 dynamically set using mallopt. There is a single instance, mparams,2540 initialized in init_mparams. Note that the non-zeroness of "magic"2541 also serves as an initialization flag.2542*/25432544struct malloc_params {2545volatilesize_t magic;2546size_t page_size;2547size_t granularity;2548size_t mmap_threshold;2549size_t trim_threshold;2550 flag_t default_mflags;2551};25522553static struct malloc_params mparams;25542555/* Ensure mparams initialized */2556#define ensure_initialization() ((void)(mparams.magic != 0 || init_mparams()))25572558#if !ONLY_MSPACES25592560/* The global malloc_state used for all non-"mspace" calls */2561static struct malloc_state _gm_;2562#define gm (&_gm_)2563#define is_global(M) ((M) == &_gm_)25642565#endif/* !ONLY_MSPACES */25662567#define is_initialized(M) ((M)->top != 0)25682569/* -------------------------- system alloc setup ------------------------- */25702571/* Operations on mflags */25722573#define use_lock(M) ((M)->mflags & USE_LOCK_BIT)2574#define enable_lock(M) ((M)->mflags |= USE_LOCK_BIT)2575#define disable_lock(M) ((M)->mflags &= ~USE_LOCK_BIT)25762577#define use_mmap(M) ((M)->mflags & USE_MMAP_BIT)2578#define enable_mmap(M) ((M)->mflags |= USE_MMAP_BIT)2579#define disable_mmap(M) ((M)->mflags &= ~USE_MMAP_BIT)25802581#define use_noncontiguous(M) ((M)->mflags & USE_NONCONTIGUOUS_BIT)2582#define disable_contiguous(M) ((M)->mflags |= USE_NONCONTIGUOUS_BIT)25832584#define set_lock(M,L)\2585 ((M)->mflags = (L)?\2586 ((M)->mflags | USE_LOCK_BIT) :\2587 ((M)->mflags & ~USE_LOCK_BIT))25882589/* page-align a size */2590#define page_align(S)\2591 (((S) + (mparams.page_size - SIZE_T_ONE)) & ~(mparams.page_size - SIZE_T_ONE))25922593/* granularity-align a size */2594#define granularity_align(S)\2595 (((S) + (mparams.granularity - SIZE_T_ONE))\2596 & ~(mparams.granularity - SIZE_T_ONE))259725982599/* For mmap, use granularity alignment on windows, else page-align */2600#ifdef WIN322601#define mmap_align(S) granularity_align(S)2602#else2603#define mmap_align(S) page_align(S)2604#endif26052606/* For sys_alloc, enough padding to ensure can malloc request on success */2607#define SYS_ALLOC_PADDING (TOP_FOOT_SIZE + MALLOC_ALIGNMENT)26082609#define is_page_aligned(S)\2610 (((size_t)(S) & (mparams.page_size - SIZE_T_ONE)) == 0)2611#define is_granularity_aligned(S)\2612 (((size_t)(S) & (mparams.granularity - SIZE_T_ONE)) == 0)26132614/* True if segment S holds address A */2615#define segment_holds(S, A)\2616 ((char*)(A) >= S->base && (char*)(A) < S->base + S->size)26172618/* Return segment holding given address */2619static msegmentptr segment_holding(mstate m,char* addr) {2620 msegmentptr sp = &m->seg;2621for(;;) {2622if(addr >= sp->base && addr < sp->base + sp->size)2623return sp;2624if((sp = sp->next) ==0)2625return0;2626}2627}26282629/* Return true if segment contains a segment link */2630static inthas_segment_link(mstate m, msegmentptr ss) {2631 msegmentptr sp = &m->seg;2632for(;;) {2633if((char*)sp >= ss->base && (char*)sp < ss->base + ss->size)2634return1;2635if((sp = sp->next) ==0)2636return0;2637}2638}26392640#ifndef MORECORE_CANNOT_TRIM2641#define should_trim(M,s) ((s) > (M)->trim_check)2642#else/* MORECORE_CANNOT_TRIM */2643#define should_trim(M,s) (0)2644#endif/* MORECORE_CANNOT_TRIM */26452646/*2647 TOP_FOOT_SIZE is padding at the end of a segment, including space2648 that may be needed to place segment records and fenceposts when new2649 noncontiguous segments are added.2650*/2651#define TOP_FOOT_SIZE\2652 (align_offset(chunk2mem(0))+pad_request(sizeof(struct malloc_segment))+MIN_CHUNK_SIZE)265326542655/* ------------------------------- Hooks -------------------------------- */26562657/*2658 PREACTION should be defined to return 0 on success, and nonzero on2659 failure. If you are not using locking, you can redefine these to do2660 anything you like.2661*/26622663#if USE_LOCKS26642665#define PREACTION(M) ((use_lock(M))? ACQUIRE_LOCK(&(M)->mutex) : 0)2666#define POSTACTION(M) { if (use_lock(M)) RELEASE_LOCK(&(M)->mutex); }2667#else/* USE_LOCKS */26682669#ifndef PREACTION2670#define PREACTION(M) (0)2671#endif/* PREACTION */26722673#ifndef POSTACTION2674#define POSTACTION(M)2675#endif/* POSTACTION */26762677#endif/* USE_LOCKS */26782679/*2680 CORRUPTION_ERROR_ACTION is triggered upon detected bad addresses.2681 USAGE_ERROR_ACTION is triggered on detected bad frees and2682 reallocs. The argument p is an address that might have triggered the2683 fault. It is ignored by the two predefined actions, but might be2684 useful in custom actions that try to help diagnose errors.2685*/26862687#if PROCEED_ON_ERROR26882689/* A count of the number of corruption errors causing resets */2690int malloc_corruption_error_count;26912692/* default corruption action */2693static voidreset_on_error(mstate m);26942695#define CORRUPTION_ERROR_ACTION(m) reset_on_error(m)2696#define USAGE_ERROR_ACTION(m, p)26972698#else/* PROCEED_ON_ERROR */26992700#ifndef CORRUPTION_ERROR_ACTION2701#define CORRUPTION_ERROR_ACTION(m) ABORT2702#endif/* CORRUPTION_ERROR_ACTION */27032704#ifndef USAGE_ERROR_ACTION2705#define USAGE_ERROR_ACTION(m,p) ABORT2706#endif/* USAGE_ERROR_ACTION */27072708#endif/* PROCEED_ON_ERROR */27092710/* -------------------------- Debugging setup ---------------------------- */27112712#if ! DEBUG27132714#define check_free_chunk(M,P)2715#define check_inuse_chunk(M,P)2716#define check_malloced_chunk(M,P,N)2717#define check_mmapped_chunk(M,P)2718#define check_malloc_state(M)2719#define check_top_chunk(M,P)27202721#else/* DEBUG */2722#define check_free_chunk(M,P) do_check_free_chunk(M,P)2723#define check_inuse_chunk(M,P) do_check_inuse_chunk(M,P)2724#define check_top_chunk(M,P) do_check_top_chunk(M,P)2725#define check_malloced_chunk(M,P,N) do_check_malloced_chunk(M,P,N)2726#define check_mmapped_chunk(M,P) do_check_mmapped_chunk(M,P)2727#define check_malloc_state(M) do_check_malloc_state(M)27282729static voiddo_check_any_chunk(mstate m, mchunkptr p);2730static voiddo_check_top_chunk(mstate m, mchunkptr p);2731static voiddo_check_mmapped_chunk(mstate m, mchunkptr p);2732static voiddo_check_inuse_chunk(mstate m, mchunkptr p);2733static voiddo_check_free_chunk(mstate m, mchunkptr p);2734static voiddo_check_malloced_chunk(mstate m,void* mem,size_t s);2735static voiddo_check_tree(mstate m, tchunkptr t);2736static voiddo_check_treebin(mstate m, bindex_t i);2737static voiddo_check_smallbin(mstate m, bindex_t i);2738static voiddo_check_malloc_state(mstate m);2739static intbin_find(mstate m, mchunkptr x);2740static size_ttraverse_and_check(mstate m);2741#endif/* DEBUG */27422743/* ---------------------------- Indexing Bins ---------------------------- */27442745#define is_small(s) (((s) >> SMALLBIN_SHIFT) < NSMALLBINS)2746#define small_index(s) ((s) >> SMALLBIN_SHIFT)2747#define small_index2size(i) ((i) << SMALLBIN_SHIFT)2748#define MIN_SMALL_INDEX (small_index(MIN_CHUNK_SIZE))27492750/* addressing by index. See above about smallbin repositioning */2751#define smallbin_at(M, i) ((sbinptr)((char*)&((M)->smallbins[(i)<<1])))2752#define treebin_at(M,i) (&((M)->treebins[i]))27532754/* assign tree index for size S to variable I. Use x86 asm if possible */2755#if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))2756#define compute_tree_index(S, I)\2757{\2758 unsigned int X = S >> TREEBIN_SHIFT;\2759 if (X == 0)\2760 I = 0;\2761 else if (X > 0xFFFF)\2762 I = NTREEBINS-1;\2763 else {\2764 unsigned int K;\2765 __asm__("bsrl\t%1,%0\n\t" :"=r" (K) :"rm" (X));\2766 I = (bindex_t)((K << 1) + ((S >> (K + (TREEBIN_SHIFT-1)) & 1)));\2767 }\2768}27692770#elif defined (__INTEL_COMPILER)2771#define compute_tree_index(S, I)\2772{\2773 size_t X = S >> TREEBIN_SHIFT;\2774 if (X == 0)\2775 I = 0;\2776 else if (X > 0xFFFF)\2777 I = NTREEBINS-1;\2778 else {\2779 unsigned int K = _bit_scan_reverse (X); \2780 I = (bindex_t)((K << 1) + ((S >> (K + (TREEBIN_SHIFT-1)) & 1)));\2781 }\2782}27832784#elif defined(_MSC_VER) && _MSC_VER>=13002785#define compute_tree_index(S, I)\2786{\2787 size_t X = S >> TREEBIN_SHIFT;\2788 if (X == 0)\2789 I = 0;\2790 else if (X > 0xFFFF)\2791 I = NTREEBINS-1;\2792 else {\2793 unsigned int K;\2794 _BitScanReverse((DWORD *) &K, X);\2795 I = (bindex_t)((K << 1) + ((S >> (K + (TREEBIN_SHIFT-1)) & 1)));\2796 }\2797}27982799#else/* GNUC */2800#define compute_tree_index(S, I)\2801{\2802 size_t X = S >> TREEBIN_SHIFT;\2803 if (X == 0)\2804 I = 0;\2805 else if (X > 0xFFFF)\2806 I = NTREEBINS-1;\2807 else {\2808 unsigned int Y = (unsigned int)X;\2809 unsigned int N = ((Y - 0x100) >> 16) & 8;\2810 unsigned int K = (((Y <<= N) - 0x1000) >> 16) & 4;\2811 N += K;\2812 N += K = (((Y <<= K) - 0x4000) >> 16) & 2;\2813 K = 14 - N + ((Y <<= K) >> 15);\2814 I = (K << 1) + ((S >> (K + (TREEBIN_SHIFT-1)) & 1));\2815 }\2816}2817#endif/* GNUC */28182819/* Bit representing maximum resolved size in a treebin at i */2820#define bit_for_tree_index(i) \2821 (i == NTREEBINS-1)? (SIZE_T_BITSIZE-1) : (((i) >> 1) + TREEBIN_SHIFT - 2)28222823/* Shift placing maximum resolved bit in a treebin at i as sign bit */2824#define leftshift_for_tree_index(i) \2825 ((i == NTREEBINS-1)? 0 : \2826 ((SIZE_T_BITSIZE-SIZE_T_ONE) - (((i) >> 1) + TREEBIN_SHIFT - 2)))28272828/* The size of the smallest chunk held in bin with index i */2829#define minsize_for_tree_index(i) \2830 ((SIZE_T_ONE << (((i) >> 1) + TREEBIN_SHIFT)) | \2831 (((size_t)((i) & SIZE_T_ONE)) << (((i) >> 1) + TREEBIN_SHIFT - 1)))283228332834/* ------------------------ Operations on bin maps ----------------------- */28352836/* bit corresponding to given index */2837#define idx2bit(i) ((binmap_t)(1) << (i))28382839/* Mark/Clear bits with given index */2840#define mark_smallmap(M,i) ((M)->smallmap |= idx2bit(i))2841#define clear_smallmap(M,i) ((M)->smallmap &= ~idx2bit(i))2842#define smallmap_is_marked(M,i) ((M)->smallmap & idx2bit(i))28432844#define mark_treemap(M,i) ((M)->treemap |= idx2bit(i))2845#define clear_treemap(M,i) ((M)->treemap &= ~idx2bit(i))2846#define treemap_is_marked(M,i) ((M)->treemap & idx2bit(i))28472848/* isolate the least set bit of a bitmap */2849#define least_bit(x) ((x) & -(x))28502851/* mask with all bits to left of least bit of x on */2852#define left_bits(x) ((x<<1) | -(x<<1))28532854/* mask with all bits to left of or equal to least bit of x on */2855#define same_or_left_bits(x) ((x) | -(x))28562857/* index corresponding to given bit. Use x86 asm if possible */28582859#if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))2860#define compute_bit2idx(X, I)\2861{\2862 unsigned int J;\2863 __asm__("bsfl\t%1,%0\n\t" :"=r" (J) :"rm" (X));\2864 I = (bindex_t)J;\2865}28662867#elif defined (__INTEL_COMPILER)2868#define compute_bit2idx(X, I)\2869{\2870 unsigned int J;\2871 J = _bit_scan_forward (X); \2872 I = (bindex_t)J;\2873}28742875#elif defined(_MSC_VER) && _MSC_VER>=13002876#define compute_bit2idx(X, I)\2877{\2878 unsigned int J;\2879 _BitScanForward((DWORD *) &J, X);\2880 I = (bindex_t)J;\2881}28822883#elif USE_BUILTIN_FFS2884#define compute_bit2idx(X, I) I = ffs(X)-128852886#else2887#define compute_bit2idx(X, I)\2888{\2889 unsigned int Y = X - 1;\2890 unsigned int K = Y >> (16-4) & 16;\2891 unsigned int N = K; Y >>= K;\2892 N += K = Y >> (8-3) & 8; Y >>= K;\2893 N += K = Y >> (4-2) & 4; Y >>= K;\2894 N += K = Y >> (2-1) & 2; Y >>= K;\2895 N += K = Y >> (1-0) & 1; Y >>= K;\2896 I = (bindex_t)(N + Y);\2897}2898#endif/* GNUC */289929002901/* ----------------------- Runtime Check Support ------------------------- */29022903/*2904 For security, the main invariant is that malloc/free/etc never2905 writes to a static address other than malloc_state, unless static2906 malloc_state itself has been corrupted, which cannot occur via2907 malloc (because of these checks). In essence this means that we2908 believe all pointers, sizes, maps etc held in malloc_state, but2909 check all of those linked or offsetted from other embedded data2910 structures. These checks are interspersed with main code in a way2911 that tends to minimize their run-time cost.29122913 When FOOTERS is defined, in addition to range checking, we also2914 verify footer fields of inuse chunks, which can be used guarantee2915 that the mstate controlling malloc/free is intact. This is a2916 streamlined version of the approach described by William Robertson2917 et al in "Run-time Detection of Heap-based Overflows" LISA'032918 http://www.usenix.org/events/lisa03/tech/robertson.html The footer2919 of an inuse chunk holds the xor of its mstate and a random seed,2920 that is checked upon calls to free() and realloc(). This is2921 (probablistically) unguessable from outside the program, but can be2922 computed by any code successfully malloc'ing any chunk, so does not2923 itself provide protection against code that has already broken2924 security through some other means. Unlike Robertson et al, we2925 always dynamically check addresses of all offset chunks (previous,2926 next, etc). This turns out to be cheaper than relying on hashes.2927*/29282929#if !INSECURE2930/* Check if address a is at least as high as any from MORECORE or MMAP */2931#define ok_address(M, a) ((char*)(a) >= (M)->least_addr)2932/* Check if address of next chunk n is higher than base chunk p */2933#define ok_next(p, n) ((char*)(p) < (char*)(n))2934/* Check if p has its cinuse bit on */2935#define ok_cinuse(p) cinuse(p)2936/* Check if p has its pinuse bit on */2937#define ok_pinuse(p) pinuse(p)29382939#else/* !INSECURE */2940#define ok_address(M, a) (1)2941#define ok_next(b, n) (1)2942#define ok_cinuse(p) (1)2943#define ok_pinuse(p) (1)2944#endif/* !INSECURE */29452946#if (FOOTERS && !INSECURE)2947/* Check if (alleged) mstate m has expected magic field */2948#define ok_magic(M) ((M)->magic == mparams.magic)2949#else/* (FOOTERS && !INSECURE) */2950#define ok_magic(M) (1)2951#endif/* (FOOTERS && !INSECURE) */295229532954/* In gcc, use __builtin_expect to minimize impact of checks */2955#if !INSECURE2956#if defined(__GNUC__) && __GNUC__ >= 32957#define RTCHECK(e) __builtin_expect(e, 1)2958#else/* GNUC */2959#define RTCHECK(e) (e)2960#endif/* GNUC */2961#else/* !INSECURE */2962#define RTCHECK(e) (1)2963#endif/* !INSECURE */29642965/* macros to set up inuse chunks with or without footers */29662967#if !FOOTERS29682969#define mark_inuse_foot(M,p,s)29702971/* Set cinuse bit and pinuse bit of next chunk */2972#define set_inuse(M,p,s)\2973 ((p)->head = (((p)->head & PINUSE_BIT)|s|CINUSE_BIT),\2974 ((mchunkptr)(((char*)(p)) + (s)))->head |= PINUSE_BIT)29752976/* Set cinuse and pinuse of this chunk and pinuse of next chunk */2977#define set_inuse_and_pinuse(M,p,s)\2978 ((p)->head = (s|PINUSE_BIT|CINUSE_BIT),\2979 ((mchunkptr)(((char*)(p)) + (s)))->head |= PINUSE_BIT)29802981/* Set size, cinuse and pinuse bit of this chunk */2982#define set_size_and_pinuse_of_inuse_chunk(M, p, s)\2983 ((p)->head = (s|PINUSE_BIT|CINUSE_BIT))29842985#else/* FOOTERS */29862987/* Set foot of inuse chunk to be xor of mstate and seed */2988#define mark_inuse_foot(M,p,s)\2989 (((mchunkptr)((char*)(p) + (s)))->prev_foot = ((size_t)(M) ^ mparams.magic))29902991#define get_mstate_for(p)\2992 ((mstate)(((mchunkptr)((char*)(p) +\2993 (chunksize(p))))->prev_foot ^ mparams.magic))29942995#define set_inuse(M,p,s)\2996 ((p)->head = (((p)->head & PINUSE_BIT)|s|CINUSE_BIT),\2997 (((mchunkptr)(((char*)(p)) + (s)))->head |= PINUSE_BIT), \2998 mark_inuse_foot(M,p,s))29993000#define set_inuse_and_pinuse(M,p,s)\3001 ((p)->head = (s|PINUSE_BIT|CINUSE_BIT),\3002 (((mchunkptr)(((char*)(p)) + (s)))->head |= PINUSE_BIT),\3003 mark_inuse_foot(M,p,s))30043005#define set_size_and_pinuse_of_inuse_chunk(M, p, s)\3006 ((p)->head = (s|PINUSE_BIT|CINUSE_BIT),\3007 mark_inuse_foot(M, p, s))30083009#endif/* !FOOTERS */30103011/* ---------------------------- setting mparams -------------------------- */30123013/* Initialize mparams */3014static intinit_mparams(void) {3015#ifdef NEED_GLOBAL_LOCK_INIT3016if(malloc_global_mutex_status <=0)3017init_malloc_global_mutex();3018#endif30193020ACQUIRE_MALLOC_GLOBAL_LOCK();3021if(mparams.magic ==0) {3022size_t magic;3023size_t psize;3024size_t gsize;30253026#ifndef WIN323027 psize = malloc_getpagesize;3028 gsize = ((DEFAULT_GRANULARITY !=0)? DEFAULT_GRANULARITY : psize);3029#else/* WIN32 */3030{3031 SYSTEM_INFO system_info;3032GetSystemInfo(&system_info);3033 psize = system_info.dwPageSize;3034 gsize = ((DEFAULT_GRANULARITY !=0)?3035 DEFAULT_GRANULARITY : system_info.dwAllocationGranularity);3036}3037#endif/* WIN32 */30383039/* Sanity-check configuration:3040 size_t must be unsigned and as wide as pointer type.3041 ints must be at least 4 bytes.3042 alignment must be at least 8.3043 Alignment, min chunk size, and page size must all be powers of 2.3044 */3045if((sizeof(size_t) !=sizeof(char*)) ||3046(MAX_SIZE_T < MIN_CHUNK_SIZE) ||3047(sizeof(int) <4) ||3048(MALLOC_ALIGNMENT < (size_t)8U) ||3049((MALLOC_ALIGNMENT & (MALLOC_ALIGNMENT-SIZE_T_ONE)) !=0) ||3050((MCHUNK_SIZE & (MCHUNK_SIZE-SIZE_T_ONE)) !=0) ||3051((gsize & (gsize-SIZE_T_ONE)) !=0) ||3052((psize & (psize-SIZE_T_ONE)) !=0))3053 ABORT;30543055 mparams.granularity = gsize;3056 mparams.page_size = psize;3057 mparams.mmap_threshold = DEFAULT_MMAP_THRESHOLD;3058 mparams.trim_threshold = DEFAULT_TRIM_THRESHOLD;3059#if MORECORE_CONTIGUOUS3060 mparams.default_mflags = USE_LOCK_BIT|USE_MMAP_BIT;3061#else/* MORECORE_CONTIGUOUS */3062 mparams.default_mflags = USE_LOCK_BIT|USE_MMAP_BIT|USE_NONCONTIGUOUS_BIT;3063#endif/* MORECORE_CONTIGUOUS */30643065#if !ONLY_MSPACES3066/* Set up lock for main malloc area */3067 gm->mflags = mparams.default_mflags;3068INITIAL_LOCK(&gm->mutex);3069#endif30703071#if (FOOTERS && !INSECURE)3072{3073#if USE_DEV_RANDOM3074int fd;3075unsigned char buf[sizeof(size_t)];3076/* Try to use /dev/urandom, else fall back on using time */3077if((fd =open("/dev/urandom", O_RDONLY)) >=0&&3078read(fd, buf,sizeof(buf)) ==sizeof(buf)) {3079 magic = *((size_t*) buf);3080close(fd);3081}3082else3083#endif/* USE_DEV_RANDOM */3084#ifdef WIN323085 magic = (size_t)(GetTickCount() ^ (size_t)0x55555555U);3086#else3087 magic = (size_t)(time(0) ^ (size_t)0x55555555U);3088#endif3089 magic |= (size_t)8U;/* ensure nonzero */3090 magic &= ~(size_t)7U;/* improve chances of fault for bad values */3091}3092#else/* (FOOTERS && !INSECURE) */3093 magic = (size_t)0x58585858U;3094#endif/* (FOOTERS && !INSECURE) */30953096 mparams.magic = magic;3097}30983099RELEASE_MALLOC_GLOBAL_LOCK();3100return1;3101}31023103/* support for mallopt */3104static intchange_mparam(int param_number,int value) {3105size_t val = (value == -1)? MAX_SIZE_T : (size_t)value;3106ensure_initialization();3107switch(param_number) {3108case M_TRIM_THRESHOLD:3109 mparams.trim_threshold = val;3110return1;3111case M_GRANULARITY:3112if(val >= mparams.page_size && ((val & (val-1)) ==0)) {3113 mparams.granularity = val;3114return1;3115}3116else3117return0;3118case M_MMAP_THRESHOLD:3119 mparams.mmap_threshold = val;3120return1;3121default:3122return0;3123}3124}31253126#if DEBUG3127/* ------------------------- Debugging Support --------------------------- */31283129/* Check properties of any chunk, whether free, inuse, mmapped etc */3130static voiddo_check_any_chunk(mstate m, mchunkptr p) {3131assert((is_aligned(chunk2mem(p))) || (p->head == FENCEPOST_HEAD));3132assert(ok_address(m, p));3133}31343135/* Check properties of top chunk */3136static voiddo_check_top_chunk(mstate m, mchunkptr p) {3137 msegmentptr sp =segment_holding(m, (char*)p);3138size_t sz = p->head & ~INUSE_BITS;/* third-lowest bit can be set! */3139assert(sp !=0);3140assert((is_aligned(chunk2mem(p))) || (p->head == FENCEPOST_HEAD));3141assert(ok_address(m, p));3142assert(sz == m->topsize);3143assert(sz >0);3144assert(sz == ((sp->base + sp->size) - (char*)p) - TOP_FOOT_SIZE);3145assert(pinuse(p));3146assert(!pinuse(chunk_plus_offset(p, sz)));3147}31483149/* Check properties of (inuse) mmapped chunks */3150static voiddo_check_mmapped_chunk(mstate m, mchunkptr p) {3151size_t sz =chunksize(p);3152size_t len = (sz + (p->prev_foot & ~IS_MMAPPED_BIT) + MMAP_FOOT_PAD);3153assert(is_mmapped(p));3154assert(use_mmap(m));3155assert((is_aligned(chunk2mem(p))) || (p->head == FENCEPOST_HEAD));3156assert(ok_address(m, p));3157assert(!is_small(sz));3158assert((len & (mparams.page_size-SIZE_T_ONE)) ==0);3159assert(chunk_plus_offset(p, sz)->head == FENCEPOST_HEAD);3160assert(chunk_plus_offset(p, sz+SIZE_T_SIZE)->head ==0);3161}31623163/* Check properties of inuse chunks */3164static voiddo_check_inuse_chunk(mstate m, mchunkptr p) {3165do_check_any_chunk(m, p);3166assert(cinuse(p));3167assert(next_pinuse(p));3168/* If not pinuse and not mmapped, previous chunk has OK offset */3169assert(is_mmapped(p) ||pinuse(p) ||next_chunk(prev_chunk(p)) == p);3170if(is_mmapped(p))3171do_check_mmapped_chunk(m, p);3172}31733174/* Check properties of free chunks */3175static voiddo_check_free_chunk(mstate m, mchunkptr p) {3176size_t sz =chunksize(p);3177 mchunkptr next =chunk_plus_offset(p, sz);3178do_check_any_chunk(m, p);3179assert(!cinuse(p));3180assert(!next_pinuse(p));3181assert(!is_mmapped(p));3182if(p != m->dv && p != m->top) {3183if(sz >= MIN_CHUNK_SIZE) {3184assert((sz & CHUNK_ALIGN_MASK) ==0);3185assert(is_aligned(chunk2mem(p)));3186assert(next->prev_foot == sz);3187assert(pinuse(p));3188assert(next == m->top ||cinuse(next));3189assert(p->fd->bk == p);3190assert(p->bk->fd == p);3191}3192else/* markers are always of size SIZE_T_SIZE */3193assert(sz == SIZE_T_SIZE);3194}3195}31963197/* Check properties of malloced chunks at the point they are malloced */3198static voiddo_check_malloced_chunk(mstate m,void* mem,size_t s) {3199if(mem !=0) {3200 mchunkptr p =mem2chunk(mem);3201size_t sz = p->head & ~(PINUSE_BIT|CINUSE_BIT);3202do_check_inuse_chunk(m, p);3203assert((sz & CHUNK_ALIGN_MASK) ==0);3204assert(sz >= MIN_CHUNK_SIZE);3205assert(sz >= s);3206/* unless mmapped, size is less than MIN_CHUNK_SIZE more than request */3207assert(is_mmapped(p) || sz < (s + MIN_CHUNK_SIZE));3208}3209}32103211/* Check a tree and its subtrees. */3212static voiddo_check_tree(mstate m, tchunkptr t) {3213 tchunkptr head =0;3214 tchunkptr u = t;3215 bindex_t tindex = t->index;3216size_t tsize =chunksize(t);3217 bindex_t idx;3218compute_tree_index(tsize, idx);3219assert(tindex == idx);3220assert(tsize >= MIN_LARGE_SIZE);3221assert(tsize >=minsize_for_tree_index(idx));3222assert((idx == NTREEBINS-1) || (tsize <minsize_for_tree_index((idx+1))));32233224do{/* traverse through chain of same-sized nodes */3225do_check_any_chunk(m, ((mchunkptr)u));3226assert(u->index == tindex);3227assert(chunksize(u) == tsize);3228assert(!cinuse(u));3229assert(!next_pinuse(u));3230assert(u->fd->bk == u);3231assert(u->bk->fd == u);3232if(u->parent ==0) {3233assert(u->child[0] ==0);3234assert(u->child[1] ==0);3235}3236else{3237assert(head ==0);/* only one node on chain has parent */3238 head = u;3239assert(u->parent != u);3240assert(u->parent->child[0] == u ||3241 u->parent->child[1] == u ||3242*((tbinptr*)(u->parent)) == u);3243if(u->child[0] !=0) {3244assert(u->child[0]->parent == u);3245assert(u->child[0] != u);3246do_check_tree(m, u->child[0]);3247}3248if(u->child[1] !=0) {3249assert(u->child[1]->parent == u);3250assert(u->child[1] != u);3251do_check_tree(m, u->child[1]);3252}3253if(u->child[0] !=0&& u->child[1] !=0) {3254assert(chunksize(u->child[0]) <chunksize(u->child[1]));3255}3256}3257 u = u->fd;3258}while(u != t);3259assert(head !=0);3260}32613262/* Check all the chunks in a treebin. */3263static voiddo_check_treebin(mstate m, bindex_t i) {3264 tbinptr* tb =treebin_at(m, i);3265 tchunkptr t = *tb;3266int empty = (m->treemap & (1U<< i)) ==0;3267if(t ==0)3268assert(empty);3269if(!empty)3270do_check_tree(m, t);3271}32723273/* Check all the chunks in a smallbin. */3274static voiddo_check_smallbin(mstate m, bindex_t i) {3275 sbinptr b =smallbin_at(m, i);3276 mchunkptr p = b->bk;3277unsigned int empty = (m->smallmap & (1U<< i)) ==0;3278if(p == b)3279assert(empty);3280if(!empty) {3281for(; p != b; p = p->bk) {3282size_t size =chunksize(p);3283 mchunkptr q;3284/* each chunk claims to be free */3285do_check_free_chunk(m, p);3286/* chunk belongs in bin */3287assert(small_index(size) == i);3288assert(p->bk == b ||chunksize(p->bk) ==chunksize(p));3289/* chunk is followed by an inuse chunk */3290 q =next_chunk(p);3291if(q->head != FENCEPOST_HEAD)3292do_check_inuse_chunk(m, q);3293}3294}3295}32963297/* Find x in a bin. Used in other check functions. */3298static intbin_find(mstate m, mchunkptr x) {3299size_t size =chunksize(x);3300if(is_small(size)) {3301 bindex_t sidx =small_index(size);3302 sbinptr b =smallbin_at(m, sidx);3303if(smallmap_is_marked(m, sidx)) {3304 mchunkptr p = b;3305do{3306if(p == x)3307return1;3308}while((p = p->fd) != b);3309}3310}3311else{3312 bindex_t tidx;3313compute_tree_index(size, tidx);3314if(treemap_is_marked(m, tidx)) {3315 tchunkptr t = *treebin_at(m, tidx);3316size_t sizebits = size <<leftshift_for_tree_index(tidx);3317while(t !=0&&chunksize(t) != size) {3318 t = t->child[(sizebits >> (SIZE_T_BITSIZE-SIZE_T_ONE)) &1];3319 sizebits <<=1;3320}3321if(t !=0) {3322 tchunkptr u = t;3323do{3324if(u == (tchunkptr)x)3325return1;3326}while((u = u->fd) != t);3327}3328}3329}3330return0;3331}33323333/* Traverse each chunk and check it; return total */3334static size_ttraverse_and_check(mstate m) {3335size_t sum =0;3336if(is_initialized(m)) {3337 msegmentptr s = &m->seg;3338 sum += m->topsize + TOP_FOOT_SIZE;3339while(s !=0) {3340 mchunkptr q =align_as_chunk(s->base);3341 mchunkptr lastq =0;3342assert(pinuse(q));3343while(segment_holds(s, q) &&3344 q != m->top && q->head != FENCEPOST_HEAD) {3345 sum +=chunksize(q);3346if(cinuse(q)) {3347assert(!bin_find(m, q));3348do_check_inuse_chunk(m, q);3349}3350else{3351assert(q == m->dv ||bin_find(m, q));3352assert(lastq ==0||cinuse(lastq));/* Not 2 consecutive free */3353do_check_free_chunk(m, q);3354}3355 lastq = q;3356 q =next_chunk(q);3357}3358 s = s->next;3359}3360}3361return sum;3362}33633364/* Check all properties of malloc_state. */3365static voiddo_check_malloc_state(mstate m) {3366 bindex_t i;3367size_t total;3368/* check bins */3369for(i =0; i < NSMALLBINS; ++i)3370do_check_smallbin(m, i);3371for(i =0; i < NTREEBINS; ++i)3372do_check_treebin(m, i);33733374if(m->dvsize !=0) {/* check dv chunk */3375do_check_any_chunk(m, m->dv);3376assert(m->dvsize ==chunksize(m->dv));3377assert(m->dvsize >= MIN_CHUNK_SIZE);3378assert(bin_find(m, m->dv) ==0);3379}33803381if(m->top !=0) {/* check top chunk */3382do_check_top_chunk(m, m->top);3383/*assert(m->topsize == chunksize(m->top)); redundant */3384assert(m->topsize >0);3385assert(bin_find(m, m->top) ==0);3386}33873388 total =traverse_and_check(m);3389assert(total <= m->footprint);3390assert(m->footprint <= m->max_footprint);3391}3392#endif/* DEBUG */33933394/* ----------------------------- statistics ------------------------------ */33953396#if !NO_MALLINFO3397static struct mallinfo internal_mallinfo(mstate m) {3398struct mallinfo nm = {0,0,0,0,0,0,0,0,0,0};3399ensure_initialization();3400if(!PREACTION(m)) {3401check_malloc_state(m);3402if(is_initialized(m)) {3403size_t nfree = SIZE_T_ONE;/* top always free */3404size_t mfree = m->topsize + TOP_FOOT_SIZE;3405size_t sum = mfree;3406 msegmentptr s = &m->seg;3407while(s !=0) {3408 mchunkptr q =align_as_chunk(s->base);3409while(segment_holds(s, q) &&3410 q != m->top && q->head != FENCEPOST_HEAD) {3411size_t sz =chunksize(q);3412 sum += sz;3413if(!cinuse(q)) {3414 mfree += sz;3415++nfree;3416}3417 q =next_chunk(q);3418}3419 s = s->next;3420}34213422 nm.arena = sum;3423 nm.ordblks = nfree;3424 nm.hblkhd = m->footprint - sum;3425 nm.usmblks = m->max_footprint;3426 nm.uordblks = m->footprint - mfree;3427 nm.fordblks = mfree;3428 nm.keepcost = m->topsize;3429}34303431POSTACTION(m);3432}3433return nm;3434}3435#endif/* !NO_MALLINFO */34363437static voidinternal_malloc_stats(mstate m) {3438ensure_initialization();3439if(!PREACTION(m)) {3440size_t maxfp =0;3441size_t fp =0;3442size_t used =0;3443check_malloc_state(m);3444if(is_initialized(m)) {3445 msegmentptr s = &m->seg;3446 maxfp = m->max_footprint;3447 fp = m->footprint;3448 used = fp - (m->topsize + TOP_FOOT_SIZE);34493450while(s !=0) {3451 mchunkptr q =align_as_chunk(s->base);3452while(segment_holds(s, q) &&3453 q != m->top && q->head != FENCEPOST_HEAD) {3454if(!cinuse(q))3455 used -=chunksize(q);3456 q =next_chunk(q);3457}3458 s = s->next;3459}3460}34613462fprintf(stderr,"max system bytes =%10lu\n", (unsigned long)(maxfp));3463fprintf(stderr,"system bytes =%10lu\n", (unsigned long)(fp));3464fprintf(stderr,"in use bytes =%10lu\n", (unsigned long)(used));34653466POSTACTION(m);3467}3468}34693470/* ----------------------- Operations on smallbins ----------------------- */34713472/*3473 Various forms of linking and unlinking are defined as macros. Even3474 the ones for trees, which are very long but have very short typical3475 paths. This is ugly but reduces reliance on inlining support of3476 compilers.3477*/34783479/* Link a free chunk into a smallbin */3480#define insert_small_chunk(M, P, S) {\3481 bindex_t I = small_index(S);\3482 mchunkptr B = smallbin_at(M, I);\3483 mchunkptr F = B;\3484 assert(S >= MIN_CHUNK_SIZE);\3485 if (!smallmap_is_marked(M, I))\3486 mark_smallmap(M, I);\3487 else if (RTCHECK(ok_address(M, B->fd)))\3488 F = B->fd;\3489 else {\3490 CORRUPTION_ERROR_ACTION(M);\3491 }\3492 B->fd = P;\3493 F->bk = P;\3494 P->fd = F;\3495 P->bk = B;\3496}34973498/* Unlink a chunk from a smallbin */3499#define unlink_small_chunk(M, P, S) {\3500 mchunkptr F = P->fd;\3501 mchunkptr B = P->bk;\3502 bindex_t I = small_index(S);\3503 assert(P != B);\3504 assert(P != F);\3505 assert(chunksize(P) == small_index2size(I));\3506 if (F == B)\3507 clear_smallmap(M, I);\3508 else if (RTCHECK((F == smallbin_at(M,I) || ok_address(M, F)) &&\3509 (B == smallbin_at(M,I) || ok_address(M, B)))) {\3510 F->bk = B;\3511 B->fd = F;\3512 }\3513 else {\3514 CORRUPTION_ERROR_ACTION(M);\3515 }\3516}35173518/* Unlink the first chunk from a smallbin */3519#define unlink_first_small_chunk(M, B, P, I) {\3520 mchunkptr F = P->fd;\3521 assert(P != B);\3522 assert(P != F);\3523 assert(chunksize(P) == small_index2size(I));\3524 if (B == F)\3525 clear_smallmap(M, I);\3526 else if (RTCHECK(ok_address(M, F))) {\3527 B->fd = F;\3528 F->bk = B;\3529 }\3530 else {\3531 CORRUPTION_ERROR_ACTION(M);\3532 }\3533}3534353535363537/* Replace dv node, binning the old one */3538/* Used only when dvsize known to be small */3539#define replace_dv(M, P, S) {\3540 size_t DVS = M->dvsize;\3541 if (DVS != 0) {\3542 mchunkptr DV = M->dv;\3543 assert(is_small(DVS));\3544 insert_small_chunk(M, DV, DVS);\3545 }\3546 M->dvsize = S;\3547 M->dv = P;\3548}35493550/* ------------------------- Operations on trees ------------------------- */35513552/* Insert chunk into tree */3553#define insert_large_chunk(M, X, S) {\3554 tbinptr* H;\3555 bindex_t I;\3556 compute_tree_index(S, I);\3557 H = treebin_at(M, I);\3558 X->index = I;\3559 X->child[0] = X->child[1] = 0;\3560 if (!treemap_is_marked(M, I)) {\3561 mark_treemap(M, I);\3562 *H = X;\3563 X->parent = (tchunkptr)H;\3564 X->fd = X->bk = X;\3565 }\3566 else {\3567 tchunkptr T = *H;\3568 size_t K = S << leftshift_for_tree_index(I);\3569 for (;;) {\3570 if (chunksize(T) != S) {\3571 tchunkptr* C = &(T->child[(K >> (SIZE_T_BITSIZE-SIZE_T_ONE)) & 1]);\3572 K <<= 1;\3573 if (*C != 0)\3574 T = *C;\3575 else if (RTCHECK(ok_address(M, C))) {\3576 *C = X;\3577 X->parent = T;\3578 X->fd = X->bk = X;\3579 break;\3580 }\3581 else {\3582 CORRUPTION_ERROR_ACTION(M);\3583 break;\3584 }\3585 }\3586 else {\3587 tchunkptr F = T->fd;\3588 if (RTCHECK(ok_address(M, T) && ok_address(M, F))) {\3589 T->fd = F->bk = X;\3590 X->fd = F;\3591 X->bk = T;\3592 X->parent = 0;\3593 break;\3594 }\3595 else {\3596 CORRUPTION_ERROR_ACTION(M);\3597 break;\3598 }\3599 }\3600 }\3601 }\3602}36033604/*3605 Unlink steps:36063607 1. If x is a chained node, unlink it from its same-sized fd/bk links3608 and choose its bk node as its replacement.3609 2. If x was the last node of its size, but not a leaf node, it must3610 be replaced with a leaf node (not merely one with an open left or3611 right), to make sure that lefts and rights of descendants3612 correspond properly to bit masks. We use the rightmost descendant3613 of x. We could use any other leaf, but this is easy to locate and3614 tends to counteract removal of leftmosts elsewhere, and so keeps3615 paths shorter than minimally guaranteed. This doesn't loop much3616 because on average a node in a tree is near the bottom.3617 3. If x is the base of a chain (i.e., has parent links) relink3618 x's parent and children to x's replacement (or null if none).3619*/36203621#define unlink_large_chunk(M, X) {\3622 tchunkptr XP = X->parent;\3623 tchunkptr R;\3624 if (X->bk != X) {\3625 tchunkptr F = X->fd;\3626 R = X->bk;\3627 if (RTCHECK(ok_address(M, F))) {\3628 F->bk = R;\3629 R->fd = F;\3630 }\3631 else {\3632 CORRUPTION_ERROR_ACTION(M);\3633 }\3634 }\3635 else {\3636 tchunkptr* RP;\3637 if (((R = *(RP = &(X->child[1]))) != 0) ||\3638 ((R = *(RP = &(X->child[0]))) != 0)) {\3639 tchunkptr* CP;\3640 while ((*(CP = &(R->child[1])) != 0) ||\3641 (*(CP = &(R->child[0])) != 0)) {\3642 R = *(RP = CP);\3643 }\3644 if (RTCHECK(ok_address(M, RP)))\3645 *RP = 0;\3646 else {\3647 CORRUPTION_ERROR_ACTION(M);\3648 }\3649 }\3650 }\3651 if (XP != 0) {\3652 tbinptr* H = treebin_at(M, X->index);\3653 if (X == *H) {\3654 if ((*H = R) == 0) \3655 clear_treemap(M, X->index);\3656 }\3657 else if (RTCHECK(ok_address(M, XP))) {\3658 if (XP->child[0] == X) \3659 XP->child[0] = R;\3660 else \3661 XP->child[1] = R;\3662 }\3663 else\3664 CORRUPTION_ERROR_ACTION(M);\3665 if (R != 0) {\3666 if (RTCHECK(ok_address(M, R))) {\3667 tchunkptr C0, C1;\3668 R->parent = XP;\3669 if ((C0 = X->child[0]) != 0) {\3670 if (RTCHECK(ok_address(M, C0))) {\3671 R->child[0] = C0;\3672 C0->parent = R;\3673 }\3674 else\3675 CORRUPTION_ERROR_ACTION(M);\3676 }\3677 if ((C1 = X->child[1]) != 0) {\3678 if (RTCHECK(ok_address(M, C1))) {\3679 R->child[1] = C1;\3680 C1->parent = R;\3681 }\3682 else\3683 CORRUPTION_ERROR_ACTION(M);\3684 }\3685 }\3686 else\3687 CORRUPTION_ERROR_ACTION(M);\3688 }\3689 }\3690}36913692/* Relays to large vs small bin operations */36933694#define insert_chunk(M, P, S)\3695 if (is_small(S)) insert_small_chunk(M, P, S)\3696 else { tchunkptr TP = (tchunkptr)(P); insert_large_chunk(M, TP, S); }36973698#define unlink_chunk(M, P, S)\3699 if (is_small(S)) unlink_small_chunk(M, P, S)\3700 else { tchunkptr TP = (tchunkptr)(P); unlink_large_chunk(M, TP); }370137023703/* Relays to internal calls to malloc/free from realloc, memalign etc */37043705#if ONLY_MSPACES3706#define internal_malloc(m, b) mspace_malloc(m, b)3707#define internal_free(m, mem) mspace_free(m,mem);3708#else/* ONLY_MSPACES */3709#if MSPACES3710#define internal_malloc(m, b)\3711 (m == gm)? dlmalloc(b) : mspace_malloc(m, b)3712#define internal_free(m, mem)\3713 if (m == gm) dlfree(mem); else mspace_free(m,mem);3714#else/* MSPACES */3715#define internal_malloc(m, b) dlmalloc(b)3716#define internal_free(m, mem) dlfree(mem)3717#endif/* MSPACES */3718#endif/* ONLY_MSPACES */37193720/* ----------------------- Direct-mmapping chunks ----------------------- */37213722/*3723 Directly mmapped chunks are set up with an offset to the start of3724 the mmapped region stored in the prev_foot field of the chunk. This3725 allows reconstruction of the required argument to MUNMAP when freed,3726 and also allows adjustment of the returned chunk to meet alignment3727 requirements (especially in memalign). There is also enough space3728 allocated to hold a fake next chunk of size SIZE_T_SIZE to maintain3729 the PINUSE bit so frees can be checked.3730*/37313732/* Malloc using mmap */3733static void*mmap_alloc(mstate m,size_t nb) {3734size_t mmsize =mmap_align(nb + SIX_SIZE_T_SIZES + CHUNK_ALIGN_MASK);3735if(mmsize > nb) {/* Check for wrap around 0 */3736char* mm = (char*)(CALL_DIRECT_MMAP(mmsize));3737if(mm != CMFAIL) {3738size_t offset =align_offset(chunk2mem(mm));3739size_t psize = mmsize - offset - MMAP_FOOT_PAD;3740 mchunkptr p = (mchunkptr)(mm + offset);3741 p->prev_foot = offset | IS_MMAPPED_BIT;3742(p)->head = (psize|CINUSE_BIT);3743mark_inuse_foot(m, p, psize);3744chunk_plus_offset(p, psize)->head = FENCEPOST_HEAD;3745chunk_plus_offset(p, psize+SIZE_T_SIZE)->head =0;37463747if(mm < m->least_addr)3748 m->least_addr = mm;3749if((m->footprint += mmsize) > m->max_footprint)3750 m->max_footprint = m->footprint;3751assert(is_aligned(chunk2mem(p)));3752check_mmapped_chunk(m, p);3753returnchunk2mem(p);3754}3755}3756return0;3757}37583759/* Realloc using mmap */3760static mchunkptr mmap_resize(mstate m, mchunkptr oldp,size_t nb) {3761size_t oldsize =chunksize(oldp);3762if(is_small(nb))/* Can't shrink mmap regions below small size */3763return0;3764/* Keep old chunk if big enough but not too big */3765if(oldsize >= nb + SIZE_T_SIZE &&3766(oldsize - nb) <= (mparams.granularity <<1))3767return oldp;3768else{3769size_t offset = oldp->prev_foot & ~IS_MMAPPED_BIT;3770size_t oldmmsize = oldsize + offset + MMAP_FOOT_PAD;3771size_t newmmsize =mmap_align(nb + SIX_SIZE_T_SIZES + CHUNK_ALIGN_MASK);3772char* cp = (char*)CALL_MREMAP((char*)oldp - offset,3773 oldmmsize, newmmsize,1);3774if(cp != CMFAIL) {3775 mchunkptr newp = (mchunkptr)(cp + offset);3776size_t psize = newmmsize - offset - MMAP_FOOT_PAD;3777 newp->head = (psize|CINUSE_BIT);3778mark_inuse_foot(m, newp, psize);3779chunk_plus_offset(newp, psize)->head = FENCEPOST_HEAD;3780chunk_plus_offset(newp, psize+SIZE_T_SIZE)->head =0;37813782if(cp < m->least_addr)3783 m->least_addr = cp;3784if((m->footprint += newmmsize - oldmmsize) > m->max_footprint)3785 m->max_footprint = m->footprint;3786check_mmapped_chunk(m, newp);3787return newp;3788}3789}3790return0;3791}37923793/* -------------------------- mspace management -------------------------- */37943795/* Initialize top chunk and its size */3796static voidinit_top(mstate m, mchunkptr p,size_t psize) {3797/* Ensure alignment */3798size_t offset =align_offset(chunk2mem(p));3799 p = (mchunkptr)((char*)p + offset);3800 psize -= offset;38013802 m->top = p;3803 m->topsize = psize;3804 p->head = psize | PINUSE_BIT;3805/* set size of fake trailing chunk holding overhead space only once */3806chunk_plus_offset(p, psize)->head = TOP_FOOT_SIZE;3807 m->trim_check = mparams.trim_threshold;/* reset on each update */3808}38093810/* Initialize bins for a new mstate that is otherwise zeroed out */3811static voidinit_bins(mstate m) {3812/* Establish circular links for smallbins */3813 bindex_t i;3814for(i =0; i < NSMALLBINS; ++i) {3815 sbinptr bin =smallbin_at(m,i);3816 bin->fd = bin->bk = bin;3817}3818}38193820#if PROCEED_ON_ERROR38213822/* default corruption action */3823static voidreset_on_error(mstate m) {3824int i;3825++malloc_corruption_error_count;3826/* Reinitialize fields to forget about all memory */3827 m->smallbins = m->treebins =0;3828 m->dvsize = m->topsize =0;3829 m->seg.base =0;3830 m->seg.size =0;3831 m->seg.next =0;3832 m->top = m->dv =0;3833for(i =0; i < NTREEBINS; ++i)3834*treebin_at(m, i) =0;3835init_bins(m);3836}3837#endif/* PROCEED_ON_ERROR */38383839/* Allocate chunk and prepend remainder with chunk in successor base. */3840static void*prepend_alloc(mstate m,char* newbase,char* oldbase,3841size_t nb) {3842 mchunkptr p =align_as_chunk(newbase);3843 mchunkptr oldfirst =align_as_chunk(oldbase);3844size_t psize = (char*)oldfirst - (char*)p;3845 mchunkptr q =chunk_plus_offset(p, nb);3846size_t qsize = psize - nb;3847set_size_and_pinuse_of_inuse_chunk(m, p, nb);38483849assert((char*)oldfirst > (char*)q);3850assert(pinuse(oldfirst));3851assert(qsize >= MIN_CHUNK_SIZE);38523853/* consolidate remainder with first chunk of old base */3854if(oldfirst == m->top) {3855size_t tsize = m->topsize += qsize;3856 m->top = q;3857 q->head = tsize | PINUSE_BIT;3858check_top_chunk(m, q);3859}3860else if(oldfirst == m->dv) {3861size_t dsize = m->dvsize += qsize;3862 m->dv = q;3863set_size_and_pinuse_of_free_chunk(q, dsize);3864}3865else{3866if(!cinuse(oldfirst)) {3867size_t nsize =chunksize(oldfirst);3868unlink_chunk(m, oldfirst, nsize);3869 oldfirst =chunk_plus_offset(oldfirst, nsize);3870 qsize += nsize;3871}3872set_free_with_pinuse(q, qsize, oldfirst);3873insert_chunk(m, q, qsize);3874check_free_chunk(m, q);3875}38763877check_malloced_chunk(m,chunk2mem(p), nb);3878returnchunk2mem(p);3879}38803881/* Add a segment to hold a new noncontiguous region */3882static voidadd_segment(mstate m,char* tbase,size_t tsize, flag_t mmapped) {3883/* Determine locations and sizes of segment, fenceposts, old top */3884char* old_top = (char*)m->top;3885 msegmentptr oldsp =segment_holding(m, old_top);3886char* old_end = oldsp->base + oldsp->size;3887size_t ssize =pad_request(sizeof(struct malloc_segment));3888char* rawsp = old_end - (ssize + FOUR_SIZE_T_SIZES + CHUNK_ALIGN_MASK);3889size_t offset =align_offset(chunk2mem(rawsp));3890char* asp = rawsp + offset;3891char* csp = (asp < (old_top + MIN_CHUNK_SIZE))? old_top : asp;3892 mchunkptr sp = (mchunkptr)csp;3893 msegmentptr ss = (msegmentptr)(chunk2mem(sp));3894 mchunkptr tnext =chunk_plus_offset(sp, ssize);3895 mchunkptr p = tnext;3896int nfences =0;38973898/* reset top to new space */3899init_top(m, (mchunkptr)tbase, tsize - TOP_FOOT_SIZE);39003901/* Set up segment record */3902assert(is_aligned(ss));3903set_size_and_pinuse_of_inuse_chunk(m, sp, ssize);3904*ss = m->seg;/* Push current record */3905 m->seg.base = tbase;3906 m->seg.size = tsize;3907 m->seg.sflags = mmapped;3908 m->seg.next = ss;39093910/* Insert trailing fenceposts */3911for(;;) {3912 mchunkptr nextp =chunk_plus_offset(p, SIZE_T_SIZE);3913 p->head = FENCEPOST_HEAD;3914++nfences;3915if((char*)(&(nextp->head)) < old_end)3916 p = nextp;3917else3918break;3919}3920assert(nfences >=2);39213922/* Insert the rest of old top into a bin as an ordinary free chunk */3923if(csp != old_top) {3924 mchunkptr q = (mchunkptr)old_top;3925size_t psize = csp - old_top;3926 mchunkptr tn =chunk_plus_offset(q, psize);3927set_free_with_pinuse(q, psize, tn);3928insert_chunk(m, q, psize);3929}39303931check_top_chunk(m, m->top);3932}39333934/* -------------------------- System allocation -------------------------- */39353936/* Get memory from system using MORECORE or MMAP */3937static void*sys_alloc(mstate m,size_t nb) {3938char* tbase = CMFAIL;3939size_t tsize =0;3940 flag_t mmap_flag =0;39413942ensure_initialization();39433944/* Directly map large chunks */3945if(use_mmap(m) && nb >= mparams.mmap_threshold) {3946void* mem =mmap_alloc(m, nb);3947if(mem !=0)3948return mem;3949}39503951/*3952 Try getting memory in any of three ways (in most-preferred to3953 least-preferred order):3954 1. A call to MORECORE that can normally contiguously extend memory.3955 (disabled if not MORECORE_CONTIGUOUS or not HAVE_MORECORE or3956 main space is mmapped or a previous contiguous call failed)3957 2. A call to MMAP new space (disabled if not HAVE_MMAP).3958 Note that under the default settings, if MORECORE is unable to3959 fulfill a request, and HAVE_MMAP is true, then mmap is3960 used as a noncontiguous system allocator. This is a useful backup3961 strategy for systems with holes in address spaces -- in this case3962 sbrk cannot contiguously expand the heap, but mmap may be able to3963 find space.3964 3. A call to MORECORE that cannot usually contiguously extend memory.3965 (disabled if not HAVE_MORECORE)39663967 In all cases, we need to request enough bytes from system to ensure3968 we can malloc nb bytes upon success, so pad with enough space for3969 top_foot, plus alignment-pad to make sure we don't lose bytes if3970 not on boundary, and round this up to a granularity unit.3971 */39723973if(MORECORE_CONTIGUOUS && !use_noncontiguous(m)) {3974char* br = CMFAIL;3975 msegmentptr ss = (m->top ==0)?0:segment_holding(m, (char*)m->top);3976size_t asize =0;3977ACQUIRE_MALLOC_GLOBAL_LOCK();39783979if(ss ==0) {/* First time through or recovery */3980char* base = (char*)CALL_MORECORE(0);3981if(base != CMFAIL) {3982 asize =granularity_align(nb + SYS_ALLOC_PADDING);3983/* Adjust to end on a page boundary */3984if(!is_page_aligned(base))3985 asize += (page_align((size_t)base) - (size_t)base);3986/* Can't call MORECORE if size is negative when treated as signed */3987if(asize < HALF_MAX_SIZE_T &&3988(br = (char*)(CALL_MORECORE(asize))) == base) {3989 tbase = base;3990 tsize = asize;3991}3992}3993}3994else{3995/* Subtract out existing available top space from MORECORE request. */3996 asize =granularity_align(nb - m->topsize + SYS_ALLOC_PADDING);3997/* Use mem here only if it did continuously extend old space */3998if(asize < HALF_MAX_SIZE_T &&3999(br = (char*)(CALL_MORECORE(asize))) == ss->base+ss->size) {4000 tbase = br;4001 tsize = asize;4002}4003}40044005if(tbase == CMFAIL) {/* Cope with partial failure */4006if(br != CMFAIL) {/* Try to use/extend the space we did get */4007if(asize < HALF_MAX_SIZE_T &&4008 asize < nb + SYS_ALLOC_PADDING) {4009size_t esize =granularity_align(nb + SYS_ALLOC_PADDING - asize);4010if(esize < HALF_MAX_SIZE_T) {4011char* end = (char*)CALL_MORECORE(esize);4012if(end != CMFAIL)4013 asize += esize;4014else{/* Can't use; try to release */4015(void)CALL_MORECORE(-asize);4016 br = CMFAIL;4017}4018}4019}4020}4021if(br != CMFAIL) {/* Use the space we did get */4022 tbase = br;4023 tsize = asize;4024}4025else4026disable_contiguous(m);/* Don't try contiguous path in the future */4027}40284029RELEASE_MALLOC_GLOBAL_LOCK();4030}40314032if(HAVE_MMAP && tbase == CMFAIL) {/* Try MMAP */4033size_t rsize =granularity_align(nb + SYS_ALLOC_PADDING);4034if(rsize > nb) {/* Fail if wraps around zero */4035char* mp = (char*)(CALL_MMAP(rsize));4036if(mp != CMFAIL) {4037 tbase = mp;4038 tsize = rsize;4039 mmap_flag = IS_MMAPPED_BIT;4040}4041}4042}40434044if(HAVE_MORECORE && tbase == CMFAIL) {/* Try noncontiguous MORECORE */4045size_t asize =granularity_align(nb + SYS_ALLOC_PADDING);4046if(asize < HALF_MAX_SIZE_T) {4047char* br = CMFAIL;4048char* end = CMFAIL;4049ACQUIRE_MALLOC_GLOBAL_LOCK();4050 br = (char*)(CALL_MORECORE(asize));4051 end = (char*)(CALL_MORECORE(0));4052RELEASE_MALLOC_GLOBAL_LOCK();4053if(br != CMFAIL && end != CMFAIL && br < end) {4054size_t ssize = end - br;4055if(ssize > nb + TOP_FOOT_SIZE) {4056 tbase = br;4057 tsize = ssize;4058}4059}4060}4061}40624063if(tbase != CMFAIL) {40644065if((m->footprint += tsize) > m->max_footprint)4066 m->max_footprint = m->footprint;40674068if(!is_initialized(m)) {/* first-time initialization */4069 m->seg.base = m->least_addr = tbase;4070 m->seg.size = tsize;4071 m->seg.sflags = mmap_flag;4072 m->magic = mparams.magic;4073 m->release_checks = MAX_RELEASE_CHECK_RATE;4074init_bins(m);4075#if !ONLY_MSPACES4076if(is_global(m))4077init_top(m, (mchunkptr)tbase, tsize - TOP_FOOT_SIZE);4078else4079#endif4080{4081/* Offset top by embedded malloc_state */4082 mchunkptr mn =next_chunk(mem2chunk(m));4083init_top(m, mn, (size_t)((tbase + tsize) - (char*)mn) -TOP_FOOT_SIZE);4084}4085}40864087else{4088/* Try to merge with an existing segment */4089 msegmentptr sp = &m->seg;4090/* Only consider most recent segment if traversal suppressed */4091while(sp !=0&& tbase != sp->base + sp->size)4092 sp = (NO_SEGMENT_TRAVERSAL) ?0: sp->next;4093if(sp !=0&&4094!is_extern_segment(sp) &&4095(sp->sflags & IS_MMAPPED_BIT) == mmap_flag &&4096segment_holds(sp, m->top)) {/* append */4097 sp->size += tsize;4098init_top(m, m->top, m->topsize + tsize);4099}4100else{4101if(tbase < m->least_addr)4102 m->least_addr = tbase;4103 sp = &m->seg;4104while(sp !=0&& sp->base != tbase + tsize)4105 sp = (NO_SEGMENT_TRAVERSAL) ?0: sp->next;4106if(sp !=0&&4107!is_extern_segment(sp) &&4108(sp->sflags & IS_MMAPPED_BIT) == mmap_flag) {4109char* oldbase = sp->base;4110 sp->base = tbase;4111 sp->size += tsize;4112returnprepend_alloc(m, tbase, oldbase, nb);4113}4114else4115add_segment(m, tbase, tsize, mmap_flag);4116}4117}41184119if(nb < m->topsize) {/* Allocate from new or extended top space */4120size_t rsize = m->topsize -= nb;4121 mchunkptr p = m->top;4122 mchunkptr r = m->top =chunk_plus_offset(p, nb);4123 r->head = rsize | PINUSE_BIT;4124set_size_and_pinuse_of_inuse_chunk(m, p, nb);4125check_top_chunk(m, m->top);4126check_malloced_chunk(m,chunk2mem(p), nb);4127returnchunk2mem(p);4128}4129}41304131 MALLOC_FAILURE_ACTION;4132return0;4133}41344135/* ----------------------- system deallocation -------------------------- */41364137/* Unmap and unlink any mmapped segments that don't contain used chunks */4138static size_trelease_unused_segments(mstate m) {4139size_t released =0;4140int nsegs =0;4141 msegmentptr pred = &m->seg;4142 msegmentptr sp = pred->next;4143while(sp !=0) {4144char* base = sp->base;4145size_t size = sp->size;4146 msegmentptr next = sp->next;4147++nsegs;4148if(is_mmapped_segment(sp) && !is_extern_segment(sp)) {4149 mchunkptr p =align_as_chunk(base);4150size_t psize =chunksize(p);4151/* Can unmap if first chunk holds entire segment and not pinned */4152if(!cinuse(p) && (char*)p + psize >= base + size - TOP_FOOT_SIZE) {4153 tchunkptr tp = (tchunkptr)p;4154assert(segment_holds(sp, (char*)sp));4155if(p == m->dv) {4156 m->dv =0;4157 m->dvsize =0;4158}4159else{4160unlink_large_chunk(m, tp);4161}4162if(CALL_MUNMAP(base, size) ==0) {4163 released += size;4164 m->footprint -= size;4165/* unlink obsoleted record */4166 sp = pred;4167 sp->next = next;4168}4169else{/* back out if cannot unmap */4170insert_large_chunk(m, tp, psize);4171}4172}4173}4174if(NO_SEGMENT_TRAVERSAL)/* scan only first segment */4175break;4176 pred = sp;4177 sp = next;4178}4179/* Reset check counter */4180 m->release_checks = ((nsegs > MAX_RELEASE_CHECK_RATE)?4181 nsegs : MAX_RELEASE_CHECK_RATE);4182return released;4183}41844185static intsys_trim(mstate m,size_t pad) {4186size_t released =0;4187ensure_initialization();4188if(pad < MAX_REQUEST &&is_initialized(m)) {4189 pad += TOP_FOOT_SIZE;/* ensure enough room for segment overhead */41904191if(m->topsize > pad) {4192/* Shrink top space in granularity-size units, keeping at least one */4193size_t unit = mparams.granularity;4194size_t extra = ((m->topsize - pad + (unit - SIZE_T_ONE)) / unit -4195 SIZE_T_ONE) * unit;4196 msegmentptr sp =segment_holding(m, (char*)m->top);41974198if(!is_extern_segment(sp)) {4199if(is_mmapped_segment(sp)) {4200if(HAVE_MMAP &&4201 sp->size >= extra &&4202!has_segment_link(m, sp)) {/* can't shrink if pinned */4203size_t newsize = sp->size - extra;4204/* Prefer mremap, fall back to munmap */4205if((CALL_MREMAP(sp->base, sp->size, newsize,0) != MFAIL) ||4206(CALL_MUNMAP(sp->base + newsize, extra) ==0)) {4207 released = extra;4208}4209}4210}4211else if(HAVE_MORECORE) {4212if(extra >= HALF_MAX_SIZE_T)/* Avoid wrapping negative */4213 extra = (HALF_MAX_SIZE_T) + SIZE_T_ONE - unit;4214ACQUIRE_MALLOC_GLOBAL_LOCK();4215{4216/* Make sure end of memory is where we last set it. */4217char* old_br = (char*)(CALL_MORECORE(0));4218if(old_br == sp->base + sp->size) {4219char* rel_br = (char*)(CALL_MORECORE(-extra));4220char* new_br = (char*)(CALL_MORECORE(0));4221if(rel_br != CMFAIL && new_br < old_br)4222 released = old_br - new_br;4223}4224}4225RELEASE_MALLOC_GLOBAL_LOCK();4226}4227}42284229if(released !=0) {4230 sp->size -= released;4231 m->footprint -= released;4232init_top(m, m->top, m->topsize - released);4233check_top_chunk(m, m->top);4234}4235}42364237/* Unmap any unused mmapped segments */4238if(HAVE_MMAP)4239 released +=release_unused_segments(m);42404241/* On failure, disable autotrim to avoid repeated failed future calls */4242if(released ==0&& m->topsize > m->trim_check)4243 m->trim_check = MAX_SIZE_T;4244}42454246return(released !=0)?1:0;4247}424842494250/* ---------------------------- malloc support --------------------------- */42514252/* allocate a large request from the best fitting chunk in a treebin */4253static void*tmalloc_large(mstate m,size_t nb) {4254 tchunkptr v =0;4255size_t rsize = -nb;/* Unsigned negation */4256 tchunkptr t;4257 bindex_t idx;4258compute_tree_index(nb, idx);4259if((t = *treebin_at(m, idx)) !=0) {4260/* Traverse tree for this bin looking for node with size == nb */4261size_t sizebits = nb <<leftshift_for_tree_index(idx);4262 tchunkptr rst =0;/* The deepest untaken right subtree */4263for(;;) {4264 tchunkptr rt;4265size_t trem =chunksize(t) - nb;4266if(trem < rsize) {4267 v = t;4268if((rsize = trem) ==0)4269break;4270}4271 rt = t->child[1];4272 t = t->child[(sizebits >> (SIZE_T_BITSIZE-SIZE_T_ONE)) &1];4273if(rt !=0&& rt != t)4274 rst = rt;4275if(t ==0) {4276 t = rst;/* set t to least subtree holding sizes > nb */4277break;4278}4279 sizebits <<=1;4280}4281}4282if(t ==0&& v ==0) {/* set t to root of next non-empty treebin */4283 binmap_t leftbits =left_bits(idx2bit(idx)) & m->treemap;4284if(leftbits !=0) {4285 bindex_t i;4286 binmap_t leastbit =least_bit(leftbits);4287compute_bit2idx(leastbit, i);4288 t = *treebin_at(m, i);4289}4290}42914292while(t !=0) {/* find smallest of tree or subtree */4293size_t trem =chunksize(t) - nb;4294if(trem < rsize) {4295 rsize = trem;4296 v = t;4297}4298 t =leftmost_child(t);4299}43004301/* If dv is a better fit, return 0 so malloc will use it */4302if(v !=0&& rsize < (size_t)(m->dvsize - nb)) {4303if(RTCHECK(ok_address(m, v))) {/* split */4304 mchunkptr r =chunk_plus_offset(v, nb);4305assert(chunksize(v) == rsize + nb);4306if(RTCHECK(ok_next(v, r))) {4307unlink_large_chunk(m, v);4308if(rsize < MIN_CHUNK_SIZE)4309set_inuse_and_pinuse(m, v, (rsize + nb));4310else{4311set_size_and_pinuse_of_inuse_chunk(m, v, nb);4312set_size_and_pinuse_of_free_chunk(r, rsize);4313insert_chunk(m, r, rsize);4314}4315returnchunk2mem(v);4316}4317}4318CORRUPTION_ERROR_ACTION(m);4319}4320return0;4321}43224323/* allocate a small request from the best fitting chunk in a treebin */4324static void*tmalloc_small(mstate m,size_t nb) {4325 tchunkptr t, v;4326size_t rsize;4327 bindex_t i;4328 binmap_t leastbit =least_bit(m->treemap);4329compute_bit2idx(leastbit, i);4330 v = t = *treebin_at(m, i);4331 rsize =chunksize(t) - nb;43324333while((t =leftmost_child(t)) !=0) {4334size_t trem =chunksize(t) - nb;4335if(trem < rsize) {4336 rsize = trem;4337 v = t;4338}4339}43404341if(RTCHECK(ok_address(m, v))) {4342 mchunkptr r =chunk_plus_offset(v, nb);4343assert(chunksize(v) == rsize + nb);4344if(RTCHECK(ok_next(v, r))) {4345unlink_large_chunk(m, v);4346if(rsize < MIN_CHUNK_SIZE)4347set_inuse_and_pinuse(m, v, (rsize + nb));4348else{4349set_size_and_pinuse_of_inuse_chunk(m, v, nb);4350set_size_and_pinuse_of_free_chunk(r, rsize);4351replace_dv(m, r, rsize);4352}4353returnchunk2mem(v);4354}4355}43564357CORRUPTION_ERROR_ACTION(m);4358return0;4359}43604361/* --------------------------- realloc support --------------------------- */43624363static void*internal_realloc(mstate m,void* oldmem,size_t bytes) {4364if(bytes >= MAX_REQUEST) {4365 MALLOC_FAILURE_ACTION;4366return0;4367}4368if(!PREACTION(m)) {4369 mchunkptr oldp =mem2chunk(oldmem);4370size_t oldsize =chunksize(oldp);4371 mchunkptr next =chunk_plus_offset(oldp, oldsize);4372 mchunkptr newp =0;4373void* extra =0;43744375/* Try to either shrink or extend into top. Else malloc-copy-free */43764377if(RTCHECK(ok_address(m, oldp) &&ok_cinuse(oldp) &&4378ok_next(oldp, next) &&ok_pinuse(next))) {4379size_t nb =request2size(bytes);4380if(is_mmapped(oldp))4381 newp =mmap_resize(m, oldp, nb);4382else if(oldsize >= nb) {/* already big enough */4383size_t rsize = oldsize - nb;4384 newp = oldp;4385if(rsize >= MIN_CHUNK_SIZE) {4386 mchunkptr remainder =chunk_plus_offset(newp, nb);4387set_inuse(m, newp, nb);4388set_inuse(m, remainder, rsize);4389 extra =chunk2mem(remainder);4390}4391}4392else if(next == m->top && oldsize + m->topsize > nb) {4393/* Expand into top */4394size_t newsize = oldsize + m->topsize;4395size_t newtopsize = newsize - nb;4396 mchunkptr newtop =chunk_plus_offset(oldp, nb);4397set_inuse(m, oldp, nb);4398 newtop->head = newtopsize |PINUSE_BIT;4399 m->top = newtop;4400 m->topsize = newtopsize;4401 newp = oldp;4402}4403}4404else{4405USAGE_ERROR_ACTION(m, oldmem);4406POSTACTION(m);4407return0;4408}44094410POSTACTION(m);44114412if(newp !=0) {4413if(extra !=0) {4414internal_free(m, extra);4415}4416check_inuse_chunk(m, newp);4417returnchunk2mem(newp);4418}4419else{4420void* newmem =internal_malloc(m, bytes);4421if(newmem !=0) {4422size_t oc = oldsize -overhead_for(oldp);4423memcpy(newmem, oldmem, (oc < bytes)? oc : bytes);4424internal_free(m, oldmem);4425}4426return newmem;4427}4428}4429return0;4430}44314432/* --------------------------- memalign support -------------------------- */44334434static void*internal_memalign(mstate m,size_t alignment,size_t bytes) {4435if(alignment <= MALLOC_ALIGNMENT)/* Can just use malloc */4436returninternal_malloc(m, bytes);4437if(alignment < MIN_CHUNK_SIZE)/* must be at least a minimum chunk size */4438 alignment = MIN_CHUNK_SIZE;4439if((alignment & (alignment-SIZE_T_ONE)) !=0) {/* Ensure a power of 2 */4440size_t a = MALLOC_ALIGNMENT <<1;4441while(a < alignment) a <<=1;4442 alignment = a;4443}44444445if(bytes >= MAX_REQUEST - alignment) {4446if(m !=0) {/* Test isn't needed but avoids compiler warning */4447 MALLOC_FAILURE_ACTION;4448}4449}4450else{4451size_t nb =request2size(bytes);4452size_t req = nb + alignment + MIN_CHUNK_SIZE - CHUNK_OVERHEAD;4453char* mem = (char*)internal_malloc(m, req);4454if(mem !=0) {4455void* leader =0;4456void* trailer =0;4457 mchunkptr p =mem2chunk(mem);44584459if(PREACTION(m))return0;4460if((((size_t)(mem)) % alignment) !=0) {/* misaligned */4461/*4462 Find an aligned spot inside chunk. Since we need to give4463 back leading space in a chunk of at least MIN_CHUNK_SIZE, if4464 the first calculation places us at a spot with less than4465 MIN_CHUNK_SIZE leader, we can move to the next aligned spot.4466 We've allocated enough total room so that this is always4467 possible.4468 */4469char* br = (char*)mem2chunk((size_t)(((size_t)(mem +4470 alignment -4471 SIZE_T_ONE)) &4472-alignment));4473char* pos = ((size_t)(br - (char*)(p)) >= MIN_CHUNK_SIZE)?4474 br : br+alignment;4475 mchunkptr newp = (mchunkptr)pos;4476size_t leadsize = pos - (char*)(p);4477size_t newsize =chunksize(p) - leadsize;44784479if(is_mmapped(p)) {/* For mmapped chunks, just adjust offset */4480 newp->prev_foot = p->prev_foot + leadsize;4481 newp->head = (newsize|CINUSE_BIT);4482}4483else{/* Otherwise, give back leader, use the rest */4484set_inuse(m, newp, newsize);4485set_inuse(m, p, leadsize);4486 leader =chunk2mem(p);4487}4488 p = newp;4489}44904491/* Give back spare room at the end */4492if(!is_mmapped(p)) {4493size_t size =chunksize(p);4494if(size > nb + MIN_CHUNK_SIZE) {4495size_t remainder_size = size - nb;4496 mchunkptr remainder =chunk_plus_offset(p, nb);4497set_inuse(m, p, nb);4498set_inuse(m, remainder, remainder_size);4499 trailer =chunk2mem(remainder);4500}4501}45024503assert(chunksize(p) >= nb);4504assert((((size_t)(chunk2mem(p))) % alignment) ==0);4505check_inuse_chunk(m, p);4506POSTACTION(m);4507if(leader !=0) {4508internal_free(m, leader);4509}4510if(trailer !=0) {4511internal_free(m, trailer);4512}4513returnchunk2mem(p);4514}4515}4516return0;4517}45184519/* ------------------------ comalloc/coalloc support --------------------- */45204521static void**ialloc(mstate m,4522size_t n_elements,4523size_t* sizes,4524int opts,4525void* chunks[]) {4526/*4527 This provides common support for independent_X routines, handling4528 all of the combinations that can result.45294530 The opts arg has:4531 bit 0 set if all elements are same size (using sizes[0])4532 bit 1 set if elements should be zeroed4533 */45344535size_t element_size;/* chunksize of each element, if all same */4536size_t contents_size;/* total size of elements */4537size_t array_size;/* request size of pointer array */4538void* mem;/* malloced aggregate space */4539 mchunkptr p;/* corresponding chunk */4540size_t remainder_size;/* remaining bytes while splitting */4541void** marray;/* either "chunks" or malloced ptr array */4542 mchunkptr array_chunk;/* chunk for malloced ptr array */4543 flag_t was_enabled;/* to disable mmap */4544size_t size;4545size_t i;45464547ensure_initialization();4548/* compute array length, if needed */4549if(chunks !=0) {4550if(n_elements ==0)4551return chunks;/* nothing to do */4552 marray = chunks;4553 array_size =0;4554}4555else{4556/* if empty req, must still return chunk representing empty array */4557if(n_elements ==0)4558return(void**)internal_malloc(m,0);4559 marray =0;4560 array_size =request2size(n_elements * (sizeof(void*)));4561}45624563/* compute total element size */4564if(opts &0x1) {/* all-same-size */4565 element_size =request2size(*sizes);4566 contents_size = n_elements * element_size;4567}4568else{/* add up all the sizes */4569 element_size =0;4570 contents_size =0;4571for(i =0; i != n_elements; ++i)4572 contents_size +=request2size(sizes[i]);4573}45744575 size = contents_size + array_size;45764577/*4578 Allocate the aggregate chunk. First disable direct-mmapping so4579 malloc won't use it, since we would not be able to later4580 free/realloc space internal to a segregated mmap region.4581 */4582 was_enabled =use_mmap(m);4583disable_mmap(m);4584 mem =internal_malloc(m, size - CHUNK_OVERHEAD);4585if(was_enabled)4586enable_mmap(m);4587if(mem ==0)4588return0;45894590if(PREACTION(m))return0;4591 p =mem2chunk(mem);4592 remainder_size =chunksize(p);45934594assert(!is_mmapped(p));45954596if(opts &0x2) {/* optionally clear the elements */4597memset((size_t*)mem,0, remainder_size - SIZE_T_SIZE - array_size);4598}45994600/* If not provided, allocate the pointer array as final part of chunk */4601if(marray ==0) {4602size_t array_chunk_size;4603 array_chunk =chunk_plus_offset(p, contents_size);4604 array_chunk_size = remainder_size - contents_size;4605 marray = (void**) (chunk2mem(array_chunk));4606set_size_and_pinuse_of_inuse_chunk(m, array_chunk, array_chunk_size);4607 remainder_size = contents_size;4608}46094610/* split out elements */4611for(i =0; ; ++i) {4612 marray[i] =chunk2mem(p);4613if(i != n_elements-1) {4614if(element_size !=0)4615 size = element_size;4616else4617 size =request2size(sizes[i]);4618 remainder_size -= size;4619set_size_and_pinuse_of_inuse_chunk(m, p, size);4620 p =chunk_plus_offset(p, size);4621}4622else{/* the final element absorbs any overallocation slop */4623set_size_and_pinuse_of_inuse_chunk(m, p, remainder_size);4624break;4625}4626}46274628#if DEBUG4629if(marray != chunks) {4630/* final element must have exactly exhausted chunk */4631if(element_size !=0) {4632assert(remainder_size == element_size);4633}4634else{4635assert(remainder_size ==request2size(sizes[i]));4636}4637check_inuse_chunk(m,mem2chunk(marray));4638}4639for(i =0; i != n_elements; ++i)4640check_inuse_chunk(m,mem2chunk(marray[i]));46414642#endif/* DEBUG */46434644POSTACTION(m);4645return marray;4646}464746484649/* -------------------------- public routines ---------------------------- */46504651#if !ONLY_MSPACES46524653void*dlmalloc(size_t bytes) {4654/*4655 Basic algorithm:4656 If a small request (< 256 bytes minus per-chunk overhead):4657 1. If one exists, use a remainderless chunk in associated smallbin.4658 (Remainderless means that there are too few excess bytes to4659 represent as a chunk.)4660 2. If it is big enough, use the dv chunk, which is normally the4661 chunk adjacent to the one used for the most recent small request.4662 3. If one exists, split the smallest available chunk in a bin,4663 saving remainder in dv.4664 4. If it is big enough, use the top chunk.4665 5. If available, get memory from system and use it4666 Otherwise, for a large request:4667 1. Find the smallest available binned chunk that fits, and use it4668 if it is better fitting than dv chunk, splitting if necessary.4669 2. If better fitting than any binned chunk, use the dv chunk.4670 3. If it is big enough, use the top chunk.4671 4. If request size >= mmap threshold, try to directly mmap this chunk.4672 5. If available, get memory from system and use it46734674 The ugly goto's here ensure that postaction occurs along all paths.4675 */46764677#if USE_LOCKS4678ensure_initialization();/* initialize in sys_alloc if not using locks */4679#endif46804681if(!PREACTION(gm)) {4682void* mem;4683size_t nb;4684if(bytes <= MAX_SMALL_REQUEST) {4685 bindex_t idx;4686 binmap_t smallbits;4687 nb = (bytes < MIN_REQUEST)? MIN_CHUNK_SIZE :pad_request(bytes);4688 idx =small_index(nb);4689 smallbits = gm->smallmap >> idx;46904691if((smallbits &0x3U) !=0) {/* Remainderless fit to a smallbin. */4692 mchunkptr b, p;4693 idx += ~smallbits &1;/* Uses next bin if idx empty */4694 b =smallbin_at(gm, idx);4695 p = b->fd;4696assert(chunksize(p) ==small_index2size(idx));4697unlink_first_small_chunk(gm, b, p, idx);4698set_inuse_and_pinuse(gm, p,small_index2size(idx));4699 mem =chunk2mem(p);4700check_malloced_chunk(gm, mem, nb);4701goto postaction;4702}47034704else if(nb > gm->dvsize) {4705if(smallbits !=0) {/* Use chunk in next nonempty smallbin */4706 mchunkptr b, p, r;4707size_t rsize;4708 bindex_t i;4709 binmap_t leftbits = (smallbits << idx) &left_bits(idx2bit(idx));4710 binmap_t leastbit =least_bit(leftbits);4711compute_bit2idx(leastbit, i);4712 b =smallbin_at(gm, i);4713 p = b->fd;4714assert(chunksize(p) ==small_index2size(i));4715unlink_first_small_chunk(gm, b, p, i);4716 rsize =small_index2size(i) - nb;4717/* Fit here cannot be remainderless if 4byte sizes */4718if(SIZE_T_SIZE !=4&& rsize < MIN_CHUNK_SIZE)4719set_inuse_and_pinuse(gm, p,small_index2size(i));4720else{4721set_size_and_pinuse_of_inuse_chunk(gm, p, nb);4722 r =chunk_plus_offset(p, nb);4723set_size_and_pinuse_of_free_chunk(r, rsize);4724replace_dv(gm, r, rsize);4725}4726 mem =chunk2mem(p);4727check_malloced_chunk(gm, mem, nb);4728goto postaction;4729}47304731else if(gm->treemap !=0&& (mem =tmalloc_small(gm, nb)) !=0) {4732check_malloced_chunk(gm, mem, nb);4733goto postaction;4734}4735}4736}4737else if(bytes >= MAX_REQUEST)4738 nb = MAX_SIZE_T;/* Too big to allocate. Force failure (in sys alloc) */4739else{4740 nb =pad_request(bytes);4741if(gm->treemap !=0&& (mem =tmalloc_large(gm, nb)) !=0) {4742check_malloced_chunk(gm, mem, nb);4743goto postaction;4744}4745}47464747if(nb <= gm->dvsize) {4748size_t rsize = gm->dvsize - nb;4749 mchunkptr p = gm->dv;4750if(rsize >= MIN_CHUNK_SIZE) {/* split dv */4751 mchunkptr r = gm->dv =chunk_plus_offset(p, nb);4752 gm->dvsize = rsize;4753set_size_and_pinuse_of_free_chunk(r, rsize);4754set_size_and_pinuse_of_inuse_chunk(gm, p, nb);4755}4756else{/* exhaust dv */4757size_t dvs = gm->dvsize;4758 gm->dvsize =0;4759 gm->dv =0;4760set_inuse_and_pinuse(gm, p, dvs);4761}4762 mem =chunk2mem(p);4763check_malloced_chunk(gm, mem, nb);4764goto postaction;4765}47664767else if(nb < gm->topsize) {/* Split top */4768size_t rsize = gm->topsize -= nb;4769 mchunkptr p = gm->top;4770 mchunkptr r = gm->top =chunk_plus_offset(p, nb);4771 r->head = rsize | PINUSE_BIT;4772set_size_and_pinuse_of_inuse_chunk(gm, p, nb);4773 mem =chunk2mem(p);4774check_top_chunk(gm, gm->top);4775check_malloced_chunk(gm, mem, nb);4776goto postaction;4777}47784779 mem =sys_alloc(gm, nb);47804781 postaction:4782POSTACTION(gm);4783return mem;4784}47854786return0;4787}47884789voiddlfree(void* mem) {4790/*4791 Consolidate freed chunks with preceding or succeeding bordering4792 free chunks, if they exist, and then place in a bin. Intermixed4793 with special cases for top, dv, mmapped chunks, and usage errors.4794 */47954796if(mem !=0) {4797 mchunkptr p =mem2chunk(mem);4798#if FOOTERS4799 mstate fm =get_mstate_for(p);4800if(!ok_magic(fm)) {4801USAGE_ERROR_ACTION(fm, p);4802return;4803}4804#else/* FOOTERS */4805#define fm gm4806#endif/* FOOTERS */4807if(!PREACTION(fm)) {4808check_inuse_chunk(fm, p);4809if(RTCHECK(ok_address(fm, p) &&ok_cinuse(p))) {4810size_t psize =chunksize(p);4811 mchunkptr next =chunk_plus_offset(p, psize);4812if(!pinuse(p)) {4813size_t prevsize = p->prev_foot;4814if((prevsize & IS_MMAPPED_BIT) !=0) {4815 prevsize &= ~IS_MMAPPED_BIT;4816 psize += prevsize + MMAP_FOOT_PAD;4817if(CALL_MUNMAP((char*)p - prevsize, psize) ==0)4818 fm->footprint -= psize;4819goto postaction;4820}4821else{4822 mchunkptr prev =chunk_minus_offset(p, prevsize);4823 psize += prevsize;4824 p = prev;4825if(RTCHECK(ok_address(fm, prev))) {/* consolidate backward */4826if(p != fm->dv) {4827unlink_chunk(fm, p, prevsize);4828}4829else if((next->head & INUSE_BITS) == INUSE_BITS) {4830 fm->dvsize = psize;4831set_free_with_pinuse(p, psize, next);4832goto postaction;4833}4834}4835else4836goto erroraction;4837}4838}48394840if(RTCHECK(ok_next(p, next) &&ok_pinuse(next))) {4841if(!cinuse(next)) {/* consolidate forward */4842if(next == fm->top) {4843size_t tsize = fm->topsize += psize;4844 fm->top = p;4845 p->head = tsize | PINUSE_BIT;4846if(p == fm->dv) {4847 fm->dv =0;4848 fm->dvsize =0;4849}4850if(should_trim(fm, tsize))4851sys_trim(fm,0);4852goto postaction;4853}4854else if(next == fm->dv) {4855size_t dsize = fm->dvsize += psize;4856 fm->dv = p;4857set_size_and_pinuse_of_free_chunk(p, dsize);4858goto postaction;4859}4860else{4861size_t nsize =chunksize(next);4862 psize += nsize;4863unlink_chunk(fm, next, nsize);4864set_size_and_pinuse_of_free_chunk(p, psize);4865if(p == fm->dv) {4866 fm->dvsize = psize;4867goto postaction;4868}4869}4870}4871else4872set_free_with_pinuse(p, psize, next);48734874if(is_small(psize)) {4875insert_small_chunk(fm, p, psize);4876check_free_chunk(fm, p);4877}4878else{4879 tchunkptr tp = (tchunkptr)p;4880insert_large_chunk(fm, tp, psize);4881check_free_chunk(fm, p);4882if(--fm->release_checks ==0)4883release_unused_segments(fm);4884}4885goto postaction;4886}4887}4888 erroraction:4889USAGE_ERROR_ACTION(fm, p);4890 postaction:4891POSTACTION(fm);4892}4893}4894#if !FOOTERS4895#undef fm4896#endif/* FOOTERS */4897}48984899void*dlcalloc(size_t n_elements,size_t elem_size) {4900void* mem;4901size_t req =0;4902if(n_elements !=0) {4903 req = n_elements * elem_size;4904if(((n_elements | elem_size) & ~(size_t)0xffff) &&4905(req / n_elements != elem_size))4906 req = MAX_SIZE_T;/* force downstream failure on overflow */4907}4908 mem =dlmalloc(req);4909if(mem !=0&&calloc_must_clear(mem2chunk(mem)))4910memset(mem,0, req);4911return mem;4912}49134914void*dlrealloc(void* oldmem,size_t bytes) {4915if(oldmem ==0)4916returndlmalloc(bytes);4917#ifdef REALLOC_ZERO_BYTES_FREES4918if(bytes ==0) {4919dlfree(oldmem);4920return0;4921}4922#endif/* REALLOC_ZERO_BYTES_FREES */4923else{4924#if ! FOOTERS4925 mstate m = gm;4926#else/* FOOTERS */4927 mstate m =get_mstate_for(mem2chunk(oldmem));4928if(!ok_magic(m)) {4929USAGE_ERROR_ACTION(m, oldmem);4930return0;4931}4932#endif/* FOOTERS */4933returninternal_realloc(m, oldmem, bytes);4934}4935}49364937void*dlmemalign(size_t alignment,size_t bytes) {4938returninternal_memalign(gm, alignment, bytes);4939}49404941void**dlindependent_calloc(size_t n_elements,size_t elem_size,4942void* chunks[]) {4943size_t sz = elem_size;/* serves as 1-element array */4944returnialloc(gm, n_elements, &sz,3, chunks);4945}49464947void**dlindependent_comalloc(size_t n_elements,size_t sizes[],4948void* chunks[]) {4949returnialloc(gm, n_elements, sizes,0, chunks);4950}49514952void*dlvalloc(size_t bytes) {4953size_t pagesz;4954ensure_initialization();4955 pagesz = mparams.page_size;4956returndlmemalign(pagesz, bytes);4957}49584959void*dlpvalloc(size_t bytes) {4960size_t pagesz;4961ensure_initialization();4962 pagesz = mparams.page_size;4963returndlmemalign(pagesz, (bytes + pagesz - SIZE_T_ONE) & ~(pagesz - SIZE_T_ONE));4964}49654966intdlmalloc_trim(size_t pad) {4967ensure_initialization();4968int result =0;4969if(!PREACTION(gm)) {4970 result =sys_trim(gm, pad);4971POSTACTION(gm);4972}4973return result;4974}49754976size_tdlmalloc_footprint(void) {4977return gm->footprint;4978}49794980size_tdlmalloc_max_footprint(void) {4981return gm->max_footprint;4982}49834984#if !NO_MALLINFO4985struct mallinfo dlmallinfo(void) {4986returninternal_mallinfo(gm);4987}4988#endif/* NO_MALLINFO */49894990voiddlmalloc_stats() {4991internal_malloc_stats(gm);4992}49934994intdlmallopt(int param_number,int value) {4995returnchange_mparam(param_number, value);4996}49974998#endif/* !ONLY_MSPACES */49995000size_tdlmalloc_usable_size(void* mem) {5001if(mem !=0) {5002 mchunkptr p =mem2chunk(mem);5003if(cinuse(p))5004returnchunksize(p) -overhead_for(p);5005}5006return0;5007}50085009/* ----------------------------- user mspaces ---------------------------- */50105011#if MSPACES50125013static mstate init_user_mstate(char* tbase,size_t tsize) {5014size_t msize =pad_request(sizeof(struct malloc_state));5015 mchunkptr mn;5016 mchunkptr msp =align_as_chunk(tbase);5017 mstate m = (mstate)(chunk2mem(msp));5018memset(m,0, msize);5019INITIAL_LOCK(&m->mutex);5020 msp->head = (msize|PINUSE_BIT|CINUSE_BIT);5021 m->seg.base = m->least_addr = tbase;5022 m->seg.size = m->footprint = m->max_footprint = tsize;5023 m->magic = mparams.magic;5024 m->release_checks = MAX_RELEASE_CHECK_RATE;5025 m->mflags = mparams.default_mflags;5026 m->extp =0;5027 m->exts =0;5028disable_contiguous(m);5029init_bins(m);5030 mn =next_chunk(mem2chunk(m));5031init_top(m, mn, (size_t)((tbase + tsize) - (char*)mn) - TOP_FOOT_SIZE);5032check_top_chunk(m, m->top);5033return m;5034}50355036mspace create_mspace(size_t capacity,int locked) {5037 mstate m =0;5038size_t msize;5039ensure_initialization();5040 msize =pad_request(sizeof(struct malloc_state));5041if(capacity < (size_t) -(msize + TOP_FOOT_SIZE + mparams.page_size)) {5042size_t rs = ((capacity ==0)? mparams.granularity :5043(capacity + TOP_FOOT_SIZE + msize));5044size_t tsize =granularity_align(rs);5045char* tbase = (char*)(CALL_MMAP(tsize));5046if(tbase != CMFAIL) {5047 m =init_user_mstate(tbase, tsize);5048 m->seg.sflags = IS_MMAPPED_BIT;5049set_lock(m, locked);5050}5051}5052return(mspace)m;5053}50545055mspace create_mspace_with_base(void* base,size_t capacity,int locked) {5056 mstate m =0;5057size_t msize;5058ensure_initialization();5059 msize =pad_request(sizeof(struct malloc_state));5060if(capacity > msize + TOP_FOOT_SIZE &&5061 capacity < (size_t) -(msize + TOP_FOOT_SIZE + mparams.page_size)) {5062 m =init_user_mstate((char*)base, capacity);5063 m->seg.sflags = EXTERN_BIT;5064set_lock(m, locked);5065}5066return(mspace)m;5067}50685069intmspace_mmap_large_chunks(mspace msp,int enable) {5070int ret =0;5071 mstate ms = (mstate)msp;5072if(!PREACTION(ms)) {5073if(use_mmap(ms))5074 ret =1;5075if(enable)5076enable_mmap(ms);5077else5078disable_mmap(ms);5079POSTACTION(ms);5080}5081return ret;5082}50835084size_tdestroy_mspace(mspace msp) {5085size_t freed =0;5086 mstate ms = (mstate)msp;5087if(ok_magic(ms)) {5088 msegmentptr sp = &ms->seg;5089while(sp !=0) {5090char* base = sp->base;5091size_t size = sp->size;5092 flag_t flag = sp->sflags;5093 sp = sp->next;5094if((flag & IS_MMAPPED_BIT) && !(flag & EXTERN_BIT) &&5095CALL_MUNMAP(base, size) ==0)5096 freed += size;5097}5098}5099else{5100USAGE_ERROR_ACTION(ms,ms);5101}5102return freed;5103}51045105/*5106 mspace versions of routines are near-clones of the global5107 versions. This is not so nice but better than the alternatives.5108*/510951105111void*mspace_malloc(mspace msp,size_t bytes) {5112 mstate ms = (mstate)msp;5113if(!ok_magic(ms)) {5114USAGE_ERROR_ACTION(ms,ms);5115return0;5116}5117if(!PREACTION(ms)) {5118void* mem;5119size_t nb;5120if(bytes <= MAX_SMALL_REQUEST) {5121 bindex_t idx;5122 binmap_t smallbits;5123 nb = (bytes < MIN_REQUEST)? MIN_CHUNK_SIZE :pad_request(bytes);5124 idx =small_index(nb);5125 smallbits = ms->smallmap >> idx;51265127if((smallbits &0x3U) !=0) {/* Remainderless fit to a smallbin. */5128 mchunkptr b, p;5129 idx += ~smallbits &1;/* Uses next bin if idx empty */5130 b =smallbin_at(ms, idx);5131 p = b->fd;5132assert(chunksize(p) ==small_index2size(idx));5133unlink_first_small_chunk(ms, b, p, idx);5134set_inuse_and_pinuse(ms, p,small_index2size(idx));5135 mem =chunk2mem(p);5136check_malloced_chunk(ms, mem, nb);5137goto postaction;5138}51395140else if(nb > ms->dvsize) {5141if(smallbits !=0) {/* Use chunk in next nonempty smallbin */5142 mchunkptr b, p, r;5143size_t rsize;5144 bindex_t i;5145 binmap_t leftbits = (smallbits << idx) &left_bits(idx2bit(idx));5146 binmap_t leastbit =least_bit(leftbits);5147compute_bit2idx(leastbit, i);5148 b =smallbin_at(ms, i);5149 p = b->fd;5150assert(chunksize(p) ==small_index2size(i));5151unlink_first_small_chunk(ms, b, p, i);5152 rsize =small_index2size(i) - nb;5153/* Fit here cannot be remainderless if 4byte sizes */5154if(SIZE_T_SIZE !=4&& rsize < MIN_CHUNK_SIZE)5155set_inuse_and_pinuse(ms, p,small_index2size(i));5156else{5157set_size_and_pinuse_of_inuse_chunk(ms, p, nb);5158 r =chunk_plus_offset(p, nb);5159set_size_and_pinuse_of_free_chunk(r, rsize);5160replace_dv(ms, r, rsize);5161}5162 mem =chunk2mem(p);5163check_malloced_chunk(ms, mem, nb);5164goto postaction;5165}51665167else if(ms->treemap !=0&& (mem =tmalloc_small(ms, nb)) !=0) {5168check_malloced_chunk(ms, mem, nb);5169goto postaction;5170}5171}5172}5173else if(bytes >= MAX_REQUEST)5174 nb = MAX_SIZE_T;/* Too big to allocate. Force failure (in sys alloc) */5175else{5176 nb =pad_request(bytes);5177if(ms->treemap !=0&& (mem =tmalloc_large(ms, nb)) !=0) {5178check_malloced_chunk(ms, mem, nb);5179goto postaction;5180}5181}51825183if(nb <= ms->dvsize) {5184size_t rsize = ms->dvsize - nb;5185 mchunkptr p = ms->dv;5186if(rsize >= MIN_CHUNK_SIZE) {/* split dv */5187 mchunkptr r = ms->dv =chunk_plus_offset(p, nb);5188 ms->dvsize = rsize;5189set_size_and_pinuse_of_free_chunk(r, rsize);5190set_size_and_pinuse_of_inuse_chunk(ms, p, nb);5191}5192else{/* exhaust dv */5193size_t dvs = ms->dvsize;5194 ms->dvsize =0;5195 ms->dv =0;5196set_inuse_and_pinuse(ms, p, dvs);5197}5198 mem =chunk2mem(p);5199check_malloced_chunk(ms, mem, nb);5200goto postaction;5201}52025203else if(nb < ms->topsize) {/* Split top */5204size_t rsize = ms->topsize -= nb;5205 mchunkptr p = ms->top;5206 mchunkptr r = ms->top =chunk_plus_offset(p, nb);5207 r->head = rsize | PINUSE_BIT;5208set_size_and_pinuse_of_inuse_chunk(ms, p, nb);5209 mem =chunk2mem(p);5210check_top_chunk(ms, ms->top);5211check_malloced_chunk(ms, mem, nb);5212goto postaction;5213}52145215 mem =sys_alloc(ms, nb);52165217 postaction:5218POSTACTION(ms);5219return mem;5220}52215222return0;5223}52245225voidmspace_free(mspace msp,void* mem) {5226if(mem !=0) {5227 mchunkptr p =mem2chunk(mem);5228#if FOOTERS5229 mstate fm =get_mstate_for(p);5230#else/* FOOTERS */5231 mstate fm = (mstate)msp;5232#endif/* FOOTERS */5233if(!ok_magic(fm)) {5234USAGE_ERROR_ACTION(fm, p);5235return;5236}5237if(!PREACTION(fm)) {5238check_inuse_chunk(fm, p);5239if(RTCHECK(ok_address(fm, p) &&ok_cinuse(p))) {5240size_t psize =chunksize(p);5241 mchunkptr next =chunk_plus_offset(p, psize);5242if(!pinuse(p)) {5243size_t prevsize = p->prev_foot;5244if((prevsize & IS_MMAPPED_BIT) !=0) {5245 prevsize &= ~IS_MMAPPED_BIT;5246 psize += prevsize + MMAP_FOOT_PAD;5247if(CALL_MUNMAP((char*)p - prevsize, psize) ==0)5248 fm->footprint -= psize;5249goto postaction;5250}5251else{5252 mchunkptr prev =chunk_minus_offset(p, prevsize);5253 psize += prevsize;5254 p = prev;5255if(RTCHECK(ok_address(fm, prev))) {/* consolidate backward */5256if(p != fm->dv) {5257unlink_chunk(fm, p, prevsize);5258}5259else if((next->head & INUSE_BITS) == INUSE_BITS) {5260 fm->dvsize = psize;5261set_free_with_pinuse(p, psize, next);5262goto postaction;5263}5264}5265else5266goto erroraction;5267}5268}52695270if(RTCHECK(ok_next(p, next) &&ok_pinuse(next))) {5271if(!cinuse(next)) {/* consolidate forward */5272if(next == fm->top) {5273size_t tsize = fm->topsize += psize;5274 fm->top = p;5275 p->head = tsize | PINUSE_BIT;5276if(p == fm->dv) {5277 fm->dv =0;5278 fm->dvsize =0;5279}5280if(should_trim(fm, tsize))5281sys_trim(fm,0);5282goto postaction;5283}5284else if(next == fm->dv) {5285size_t dsize = fm->dvsize += psize;5286 fm->dv = p;5287set_size_and_pinuse_of_free_chunk(p, dsize);5288goto postaction;5289}5290else{5291size_t nsize =chunksize(next);5292 psize += nsize;5293unlink_chunk(fm, next, nsize);5294set_size_and_pinuse_of_free_chunk(p, psize);5295if(p == fm->dv) {5296 fm->dvsize = psize;5297goto postaction;5298}5299}5300}5301else5302set_free_with_pinuse(p, psize, next);53035304if(is_small(psize)) {5305insert_small_chunk(fm, p, psize);5306check_free_chunk(fm, p);5307}5308else{5309 tchunkptr tp = (tchunkptr)p;5310insert_large_chunk(fm, tp, psize);5311check_free_chunk(fm, p);5312if(--fm->release_checks ==0)5313release_unused_segments(fm);5314}5315goto postaction;5316}5317}5318 erroraction:5319USAGE_ERROR_ACTION(fm, p);5320 postaction:5321POSTACTION(fm);5322}5323}5324}53255326void*mspace_calloc(mspace msp,size_t n_elements,size_t elem_size) {5327void* mem;5328size_t req =0;5329 mstate ms = (mstate)msp;5330if(!ok_magic(ms)) {5331USAGE_ERROR_ACTION(ms,ms);5332return0;5333}5334if(n_elements !=0) {5335 req = n_elements * elem_size;5336if(((n_elements | elem_size) & ~(size_t)0xffff) &&5337(req / n_elements != elem_size))5338 req = MAX_SIZE_T;/* force downstream failure on overflow */5339}5340 mem =internal_malloc(ms, req);5341if(mem !=0&&calloc_must_clear(mem2chunk(mem)))5342memset(mem,0, req);5343return mem;5344}53455346void*mspace_realloc(mspace msp,void* oldmem,size_t bytes) {5347if(oldmem ==0)5348returnmspace_malloc(msp, bytes);5349#ifdef REALLOC_ZERO_BYTES_FREES5350if(bytes ==0) {5351mspace_free(msp, oldmem);5352return0;5353}5354#endif/* REALLOC_ZERO_BYTES_FREES */5355else{5356#if FOOTERS5357 mchunkptr p =mem2chunk(oldmem);5358 mstate ms =get_mstate_for(p);5359#else/* FOOTERS */5360 mstate ms = (mstate)msp;5361#endif/* FOOTERS */5362if(!ok_magic(ms)) {5363USAGE_ERROR_ACTION(ms,ms);5364return0;5365}5366returninternal_realloc(ms, oldmem, bytes);5367}5368}53695370void*mspace_memalign(mspace msp,size_t alignment,size_t bytes) {5371 mstate ms = (mstate)msp;5372if(!ok_magic(ms)) {5373USAGE_ERROR_ACTION(ms,ms);5374return0;5375}5376returninternal_memalign(ms, alignment, bytes);5377}53785379void**mspace_independent_calloc(mspace msp,size_t n_elements,5380size_t elem_size,void* chunks[]) {5381size_t sz = elem_size;/* serves as 1-element array */5382 mstate ms = (mstate)msp;5383if(!ok_magic(ms)) {5384USAGE_ERROR_ACTION(ms,ms);5385return0;5386}5387returnialloc(ms, n_elements, &sz,3, chunks);5388}53895390void**mspace_independent_comalloc(mspace msp,size_t n_elements,5391size_t sizes[],void* chunks[]) {5392 mstate ms = (mstate)msp;5393if(!ok_magic(ms)) {5394USAGE_ERROR_ACTION(ms,ms);5395return0;5396}5397returnialloc(ms, n_elements, sizes,0, chunks);5398}53995400intmspace_trim(mspace msp,size_t pad) {5401int result =0;5402 mstate ms = (mstate)msp;5403if(ok_magic(ms)) {5404if(!PREACTION(ms)) {5405 result =sys_trim(ms, pad);5406POSTACTION(ms);5407}5408}5409else{5410USAGE_ERROR_ACTION(ms,ms);5411}5412return result;5413}54145415voidmspace_malloc_stats(mspace msp) {5416 mstate ms = (mstate)msp;5417if(ok_magic(ms)) {5418internal_malloc_stats(ms);5419}5420else{5421USAGE_ERROR_ACTION(ms,ms);5422}5423}54245425size_tmspace_footprint(mspace msp) {5426size_t result =0;5427 mstate ms = (mstate)msp;5428if(ok_magic(ms)) {5429 result = ms->footprint;5430}5431else{5432USAGE_ERROR_ACTION(ms,ms);5433}5434return result;5435}543654375438size_tmspace_max_footprint(mspace msp) {5439size_t result =0;5440 mstate ms = (mstate)msp;5441if(ok_magic(ms)) {5442 result = ms->max_footprint;5443}5444else{5445USAGE_ERROR_ACTION(ms,ms);5446}5447return result;5448}544954505451#if !NO_MALLINFO5452struct mallinfo mspace_mallinfo(mspace msp) {5453 mstate ms = (mstate)msp;5454if(!ok_magic(ms)) {5455USAGE_ERROR_ACTION(ms,ms);5456}5457returninternal_mallinfo(ms);5458}5459#endif/* NO_MALLINFO */54605461size_tmspace_usable_size(void* mem) {5462if(mem !=0) {5463 mchunkptr p =mem2chunk(mem);5464if(cinuse(p))5465returnchunksize(p) -overhead_for(p);5466}5467return0;5468}54695470intmspace_mallopt(int param_number,int value) {5471returnchange_mparam(param_number, value);5472}54735474#endif/* MSPACES */54755476/* -------------------- Alternative MORECORE functions ------------------- */54775478/*5479 Guidelines for creating a custom version of MORECORE:54805481 * For best performance, MORECORE should allocate in multiples of pagesize.5482 * MORECORE may allocate more memory than requested. (Or even less,5483 but this will usually result in a malloc failure.)5484 * MORECORE must not allocate memory when given argument zero, but5485 instead return one past the end address of memory from previous5486 nonzero call.5487 * For best performance, consecutive calls to MORECORE with positive5488 arguments should return increasing addresses, indicating that5489 space has been contiguously extended.5490 * Even though consecutive calls to MORECORE need not return contiguous5491 addresses, it must be OK for malloc'ed chunks to span multiple5492 regions in those cases where they do happen to be contiguous.5493 * MORECORE need not handle negative arguments -- it may instead5494 just return MFAIL when given negative arguments.5495 Negative arguments are always multiples of pagesize. MORECORE5496 must not misinterpret negative args as large positive unsigned5497 args. You can suppress all such calls from even occurring by defining5498 MORECORE_CANNOT_TRIM,54995500 As an example alternative MORECORE, here is a custom allocator5501 kindly contributed for pre-OSX macOS. It uses virtually but not5502 necessarily physically contiguous non-paged memory (locked in,5503 present and won't get swapped out). You can use it by uncommenting5504 this section, adding some #includes, and setting up the appropriate5505 defines above:55065507 #define MORECORE osMoreCore55085509 There is also a shutdown routine that should somehow be called for5510 cleanup upon program exit.55115512 #define MAX_POOL_ENTRIES 1005513 #define MINIMUM_MORECORE_SIZE (64 * 1024U)5514 static int next_os_pool;5515 void *our_os_pools[MAX_POOL_ENTRIES];55165517 void *osMoreCore(int size)5518 {5519 void *ptr = 0;5520 static void *sbrk_top = 0;55215522 if (size > 0)5523 {5524 if (size < MINIMUM_MORECORE_SIZE)5525 size = MINIMUM_MORECORE_SIZE;5526 if (CurrentExecutionLevel() == kTaskLevel)5527 ptr = PoolAllocateResident(size + RM_PAGE_SIZE, 0);5528 if (ptr == 0)5529 {5530 return (void *) MFAIL;5531 }5532 // save ptrs so they can be freed during cleanup5533 our_os_pools[next_os_pool] = ptr;5534 next_os_pool++;5535 ptr = (void *) ((((size_t) ptr) + RM_PAGE_MASK) & ~RM_PAGE_MASK);5536 sbrk_top = (char *) ptr + size;5537 return ptr;5538 }5539 else if (size < 0)5540 {5541 // we don't currently support shrink behavior5542 return (void *) MFAIL;5543 }5544 else5545 {5546 return sbrk_top;5547 }5548 }55495550 // cleanup any allocated memory pools5551 // called as last thing before shutting down driver55525553 void osCleanupMem(void)5554 {5555 void **ptr;55565557 for (ptr = our_os_pools; ptr < &our_os_pools[MAX_POOL_ENTRIES]; ptr++)5558 if (*ptr)5559 {5560 PoolDeallocate(*ptr);5561 *ptr = 0;5562 }5563 }55645565*/556655675568/* -----------------------------------------------------------------------5569History:5570 V2.8.4 (not yet released)5571 * Add mspace_mmap_large_chunks; thanks to Jean Brouwers5572 * Fix insufficient sys_alloc padding when using 16byte alignment5573 * Fix bad error check in mspace_footprint5574 * Adaptations for ptmalloc, courtesy of Wolfram Gloger.5575 * Reentrant spin locks, courtesy of Earl Chew and others5576 * Win32 improvements, courtesy of Niall Douglas and Earl Chew5577 * Add NO_SEGMENT_TRAVERSAL and MAX_RELEASE_CHECK_RATE options5578 * Extension hook in malloc_state5579 * Various small adjustments to reduce warnings on some compilers5580 * Various configuration extensions/changes for more platforms. Thanks5581 to all who contributed these.55825583 V2.8.3 Thu Sep 22 11:16:32 2005 Doug Lea (dl at gee)5584 * Add max_footprint functions5585 * Ensure all appropriate literals are size_t5586 * Fix conditional compilation problem for some #define settings5587 * Avoid concatenating segments with the one provided5588 in create_mspace_with_base5589 * Rename some variables to avoid compiler shadowing warnings5590 * Use explicit lock initialization.5591 * Better handling of sbrk interference.5592 * Simplify and fix segment insertion, trimming and mspace_destroy5593 * Reinstate REALLOC_ZERO_BYTES_FREES option from 2.7.x5594 * Thanks especially to Dennis Flanagan for help on these.55955596 V2.8.2 Sun Jun 12 16:01:10 2005 Doug Lea (dl at gee)5597 * Fix memalign brace error.55985599 V2.8.1 Wed Jun 8 16:11:46 2005 Doug Lea (dl at gee)5600 * Fix improper #endif nesting in C++5601 * Add explicit casts needed for C++56025603 V2.8.0 Mon May 30 14:09:02 2005 Doug Lea (dl at gee)5604 * Use trees for large bins5605 * Support mspaces5606 * Use segments to unify sbrk-based and mmap-based system allocation,5607 removing need for emulation on most platforms without sbrk.5608 * Default safety checks5609 * Optional footer checks. Thanks to William Robertson for the idea.5610 * Internal code refactoring5611 * Incorporate suggestions and platform-specific changes.5612 Thanks to Dennis Flanagan, Colin Plumb, Niall Douglas,5613 Aaron Bachmann, Emery Berger, and others.5614 * Speed up non-fastbin processing enough to remove fastbins.5615 * Remove useless cfree() to avoid conflicts with other apps.5616 * Remove internal memcpy, memset. Compilers handle builtins better.5617 * Remove some options that no one ever used and rename others.56185619 V2.7.2 Sat Aug 17 09:07:30 2002 Doug Lea (dl at gee)5620 * Fix malloc_state bitmap array misdeclaration56215622 V2.7.1 Thu Jul 25 10:58:03 2002 Doug Lea (dl at gee)5623 * Allow tuning of FIRST_SORTED_BIN_SIZE5624 * Use PTR_UINT as type for all ptr->int casts. Thanks to John Belmonte.5625 * Better detection and support for non-contiguousness of MORECORE.5626 Thanks to Andreas Mueller, Conal Walsh, and Wolfram Gloger5627 * Bypass most of malloc if no frees. Thanks To Emery Berger.5628 * Fix freeing of old top non-contiguous chunk im sysmalloc.5629 * Raised default trim and map thresholds to 256K.5630 * Fix mmap-related #defines. Thanks to Lubos Lunak.5631 * Fix copy macros; added LACKS_FCNTL_H. Thanks to Neal Walfield.5632 * Branch-free bin calculation5633 * Default trim and mmap thresholds now 256K.56345635 V2.7.0 Sun Mar 11 14:14:06 2001 Doug Lea (dl at gee)5636 * Introduce independent_comalloc and independent_calloc.5637 Thanks to Michael Pachos for motivation and help.5638 * Make optional .h file available5639 * Allow > 2GB requests on 32bit systems.5640 * new WIN32 sbrk, mmap, munmap, lock code from <Walter@GeNeSys-e.de>.5641 Thanks also to Andreas Mueller <a.mueller at paradatec.de>,5642 and Anonymous.5643 * Allow override of MALLOC_ALIGNMENT (Thanks to Ruud Waij for5644 helping test this.)5645 * memalign: check alignment arg5646 * realloc: don't try to shift chunks backwards, since this5647 leads to more fragmentation in some programs and doesn't5648 seem to help in any others.5649 * Collect all cases in malloc requiring system memory into sysmalloc5650 * Use mmap as backup to sbrk5651 * Place all internal state in malloc_state5652 * Introduce fastbins (although similar to 2.5.1)5653 * Many minor tunings and cosmetic improvements5654 * Introduce USE_PUBLIC_MALLOC_WRAPPERS, USE_MALLOC_LOCK5655 * Introduce MALLOC_FAILURE_ACTION, MORECORE_CONTIGUOUS5656 Thanks to Tony E. Bennett <tbennett@nvidia.com> and others.5657 * Include errno.h to support default failure action.56585659 V2.6.6 Sun Dec 5 07:42:19 1999 Doug Lea (dl at gee)5660 * return null for negative arguments5661 * Added Several WIN32 cleanups from Martin C. Fong <mcfong at yahoo.com>5662 * Add 'LACKS_SYS_PARAM_H' for those systems without 'sys/param.h'5663 (e.g. WIN32 platforms)5664 * Cleanup header file inclusion for WIN32 platforms5665 * Cleanup code to avoid Microsoft Visual C++ compiler complaints5666 * Add 'USE_DL_PREFIX' to quickly allow co-existence with existing5667 memory allocation routines5668 * Set 'malloc_getpagesize' for WIN32 platforms (needs more work)5669 * Use 'assert' rather than 'ASSERT' in WIN32 code to conform to5670 usage of 'assert' in non-WIN32 code5671 * Improve WIN32 'sbrk()' emulation's 'findRegion()' routine to5672 avoid infinite loop5673 * Always call 'fREe()' rather than 'free()'56745675 V2.6.5 Wed Jun 17 15:57:31 1998 Doug Lea (dl at gee)5676 * Fixed ordering problem with boundary-stamping56775678 V2.6.3 Sun May 19 08:17:58 1996 Doug Lea (dl at gee)5679 * Added pvalloc, as recommended by H.J. Liu5680 * Added 64bit pointer support mainly from Wolfram Gloger5681 * Added anonymously donated WIN32 sbrk emulation5682 * Malloc, calloc, getpagesize: add optimizations from Raymond Nijssen5683 * malloc_extend_top: fix mask error that caused wastage after5684 foreign sbrks5685 * Add linux mremap support code from HJ Liu56865687 V2.6.2 Tue Dec 5 06:52:55 1995 Doug Lea (dl at gee)5688 * Integrated most documentation with the code.5689 * Add support for mmap, with help from5690 Wolfram Gloger (Gloger@lrz.uni-muenchen.de).5691 * Use last_remainder in more cases.5692 * Pack bins using idea from colin@nyx10.cs.du.edu5693 * Use ordered bins instead of best-fit threshold5694 * Eliminate block-local decls to simplify tracing and debugging.5695 * Support another case of realloc via move into top5696 * Fix error occurring when initial sbrk_base not word-aligned.5697 * Rely on page size for units instead of SBRK_UNIT to5698 avoid surprises about sbrk alignment conventions.5699 * Add mallinfo, mallopt. Thanks to Raymond Nijssen5700 (raymond@es.ele.tue.nl) for the suggestion.5701 * Add `pad' argument to malloc_trim and top_pad mallopt parameter.5702 * More precautions for cases where other routines call sbrk,5703 courtesy of Wolfram Gloger (Gloger@lrz.uni-muenchen.de).5704 * Added macros etc., allowing use in linux libc from5705 H.J. Lu (hjl@gnu.ai.mit.edu)5706 * Inverted this history list57075708 V2.6.1 Sat Dec 2 14:10:57 1995 Doug Lea (dl at gee)5709 * Re-tuned and fixed to behave more nicely with V2.6.0 changes.5710 * Removed all preallocation code since under current scheme5711 the work required to undo bad preallocations exceeds5712 the work saved in good cases for most test programs.5713 * No longer use return list or unconsolidated bins since5714 no scheme using them consistently outperforms those that don't5715 given above changes.5716 * Use best fit for very large chunks to prevent some worst-cases.5717 * Added some support for debugging57185719 V2.6.0 Sat Nov 4 07:05:23 1995 Doug Lea (dl at gee)5720 * Removed footers when chunks are in use. Thanks to5721 Paul Wilson (wilson@cs.texas.edu) for the suggestion.57225723 V2.5.4 Wed Nov 1 07:54:51 1995 Doug Lea (dl at gee)5724 * Added malloc_trim, with help from Wolfram Gloger5725 (wmglo@Dent.MED.Uni-Muenchen.DE).57265727 V2.5.3 Tue Apr 26 10:16:01 1994 Doug Lea (dl at g)57285729 V2.5.2 Tue Apr 5 16:20:40 1994 Doug Lea (dl at g)5730 * realloc: try to expand in both directions5731 * malloc: swap order of clean-bin strategy;5732 * realloc: only conditionally expand backwards5733 * Try not to scavenge used bins5734 * Use bin counts as a guide to preallocation5735 * Occasionally bin return list chunks in first scan5736 * Add a few optimizations from colin@nyx10.cs.du.edu57375738 V2.5.1 Sat Aug 14 15:40:43 1993 Doug Lea (dl at g)5739 * faster bin computation & slightly different binning5740 * merged all consolidations to one part of malloc proper5741 (eliminating old malloc_find_space & malloc_clean_bin)5742 * Scan 2 returns chunks (not just 1)5743 * Propagate failure in realloc if malloc returns 05744 * Add stuff to allow compilation on non-ANSI compilers5745 from kpv@research.att.com57465747 V2.5 Sat Aug 7 07:41:59 1993 Doug Lea (dl at g.oswego.edu)5748 * removed potential for odd address access in prev_chunk5749 * removed dependency on getpagesize.h5750 * misc cosmetics and a bit more internal documentation5751 * anticosmetics: mangled names in macros to evade debugger strangeness5752 * tested on sparc, hp-700, dec-mips, rs60005753 with gcc & native cc (hp, dec only) allowing5754 Detlefs & Zorn comparison study (in SIGPLAN Notices.)57555756 Trial version Fri Aug 28 13:14:29 1992 Doug Lea (dl at g.oswego.edu)5757 * Based loosely on libg++-1.2X malloc. (It retains some of the overall5758 structure of old version, but most details differ.)57595760*/