mirror of
				https://github.com/smaeul/u-boot.git
				synced 2025-10-26 01:28:14 +00:00 
			
		
		
		
	Since U-Boot does not support memory overcommit we can enforce that the allocation size is within the malloc area. This is a simple and efficient hardening measure to mitigate further integer overflows in dlmalloc. Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Simon Glass <sjg@chromium.org>
		
			
				
	
	
		
			2610 lines
		
	
	
		
			76 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			2610 lines
		
	
	
		
			76 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| // SPDX-License-Identifier: GPL-2.0+
 | |
| /*
 | |
|  * This code is based on a version (aka dlmalloc) of malloc/free/realloc written
 | |
|  * by Doug Lea and released to the public domain, as explained at
 | |
|  * http://creativecommons.org/publicdomain/zero/1.0/-
 | |
|  *
 | |
|  * The original code is available at http://gee.cs.oswego.edu/pub/misc/
 | |
|  * as file malloc-2.6.6.c.
 | |
|  */
 | |
| 
 | |
| #if CONFIG_IS_ENABLED(UNIT_TEST)
 | |
| #define DEBUG
 | |
| #endif
 | |
| 
 | |
| #include <log.h>
 | |
| #include <asm/global_data.h>
 | |
| 
 | |
| #include <malloc.h>
 | |
| #include <asm/io.h>
 | |
| #include <valgrind/memcheck.h>
 | |
| 
 | |
| #ifdef DEBUG
 | |
| #if __STD_C
 | |
| static void malloc_update_mallinfo (void);
 | |
| void malloc_stats (void);
 | |
| #else
 | |
| static void malloc_update_mallinfo ();
 | |
| void malloc_stats();
 | |
| #endif
 | |
| #endif	/* DEBUG */
 | |
| 
 | |
| DECLARE_GLOBAL_DATA_PTR;
 | |
| 
 | |
| #ifdef MCHECK_HEAP_PROTECTION
 | |
|  #define STATIC_IF_MCHECK static
 | |
|  #undef MALLOC_COPY
 | |
|  #undef MALLOC_ZERO
 | |
| static inline void MALLOC_ZERO(void *p, size_t sz) { memset(p, 0, sz); }
 | |
| static inline void MALLOC_COPY(void *dest, const void *src, size_t sz) { memcpy(dest, src, sz); }
 | |
| #else
 | |
|  #define STATIC_IF_MCHECK
 | |
|  #define mALLOc_impl mALLOc
 | |
|  #define fREe_impl fREe
 | |
|  #define rEALLOc_impl rEALLOc
 | |
|  #define mEMALIGn_impl mEMALIGn
 | |
|  #define cALLOc_impl cALLOc
 | |
| #endif
 | |
| 
 | |
| /*
 | |
|   Emulation of sbrk for WIN32
 | |
|   All code within the ifdef WIN32 is untested by me.
 | |
| 
 | |
|   Thanks to Martin Fong and others for supplying this.
 | |
| */
 | |
| 
 | |
| #ifdef WIN32
 | |
| 
 | |
| #define AlignPage(add) (((add) + (malloc_getpagesize-1)) & \
 | |
| ~(malloc_getpagesize-1))
 | |
| #define AlignPage64K(add) (((add) + (0x10000 - 1)) & ~(0x10000 - 1))
 | |
| 
 | |
| /* resrve 64MB to insure large contiguous space */
 | |
| #define RESERVED_SIZE (1024*1024*64)
 | |
| #define NEXT_SIZE (2048*1024)
 | |
| #define TOP_MEMORY ((unsigned long)2*1024*1024*1024)
 | |
| 
 | |
| struct GmListElement;
 | |
| typedef struct GmListElement GmListElement;
 | |
| 
 | |
| struct GmListElement
 | |
| {
 | |
| 	GmListElement* next;
 | |
| 	void* base;
 | |
| };
 | |
| 
 | |
| static GmListElement* head = 0;
 | |
| static unsigned int gNextAddress = 0;
 | |
| static unsigned int gAddressBase = 0;
 | |
| static unsigned int gAllocatedSize = 0;
 | |
| 
 | |
| static
 | |
| GmListElement* makeGmListElement (void* bas)
 | |
| {
 | |
| 	GmListElement* this;
 | |
| 	this = (GmListElement*)(void*)LocalAlloc (0, sizeof (GmListElement));
 | |
| 	assert (this);
 | |
| 	if (this)
 | |
| 	{
 | |
| 		this->base = bas;
 | |
| 		this->next = head;
 | |
| 		head = this;
 | |
| 	}
 | |
| 	return this;
 | |
| }
 | |
| 
 | |
| void gcleanup (void)
 | |
| {
 | |
| 	BOOL rval;
 | |
| 	assert ( (head == NULL) || (head->base == (void*)gAddressBase));
 | |
| 	if (gAddressBase && (gNextAddress - gAddressBase))
 | |
| 	{
 | |
| 		rval = VirtualFree ((void*)gAddressBase,
 | |
| 							gNextAddress - gAddressBase,
 | |
| 							MEM_DECOMMIT);
 | |
| 	assert (rval);
 | |
| 	}
 | |
| 	while (head)
 | |
| 	{
 | |
| 		GmListElement* next = head->next;
 | |
| 		rval = VirtualFree (head->base, 0, MEM_RELEASE);
 | |
| 		assert (rval);
 | |
| 		LocalFree (head);
 | |
| 		head = next;
 | |
| 	}
 | |
| }
 | |
| 
 | |
| static
 | |
| void* findRegion (void* start_address, unsigned long size)
 | |
| {
 | |
| 	MEMORY_BASIC_INFORMATION info;
 | |
| 	if (size >= TOP_MEMORY) return NULL;
 | |
| 
 | |
| 	while ((unsigned long)start_address + size < TOP_MEMORY)
 | |
| 	{
 | |
| 		VirtualQuery (start_address, &info, sizeof (info));
 | |
| 		if ((info.State == MEM_FREE) && (info.RegionSize >= size))
 | |
| 			return start_address;
 | |
| 		else
 | |
| 		{
 | |
| 			/* Requested region is not available so see if the */
 | |
| 			/* next region is available.  Set 'start_address' */
 | |
| 			/* to the next region and call 'VirtualQuery()' */
 | |
| 			/* again. */
 | |
| 
 | |
| 			start_address = (char*)info.BaseAddress + info.RegionSize;
 | |
| 
 | |
| 			/* Make sure we start looking for the next region */
 | |
| 			/* on the *next* 64K boundary.  Otherwise, even if */
 | |
| 			/* the new region is free according to */
 | |
| 			/* 'VirtualQuery()', the subsequent call to */
 | |
| 			/* 'VirtualAlloc()' (which follows the call to */
 | |
| 			/* this routine in 'wsbrk()') will round *down* */
 | |
| 			/* the requested address to a 64K boundary which */
 | |
| 			/* we already know is an address in the */
 | |
| 			/* unavailable region.  Thus, the subsequent call */
 | |
| 			/* to 'VirtualAlloc()' will fail and bring us back */
 | |
| 			/* here, causing us to go into an infinite loop. */
 | |
| 
 | |
| 			start_address =
 | |
| 				(void *) AlignPage64K((unsigned long) start_address);
 | |
| 		}
 | |
| 	}
 | |
| 	return NULL;
 | |
| 
 | |
| }
 | |
| 
 | |
| void* wsbrk (long size)
 | |
| {
 | |
| 	void* tmp;
 | |
| 	if (size > 0)
 | |
| 	{
 | |
| 		if (gAddressBase == 0)
 | |
| 		{
 | |
| 			gAllocatedSize = max (RESERVED_SIZE, AlignPage (size));
 | |
| 			gNextAddress = gAddressBase =
 | |
| 				(unsigned int)VirtualAlloc (NULL, gAllocatedSize,
 | |
| 											MEM_RESERVE, PAGE_NOACCESS);
 | |
| 		} else if (AlignPage (gNextAddress + size) > (gAddressBase +
 | |
| gAllocatedSize))
 | |
| 		{
 | |
| 			long new_size = max (NEXT_SIZE, AlignPage (size));
 | |
| 			void* new_address = (void*)(gAddressBase+gAllocatedSize);
 | |
| 			do
 | |
| 			{
 | |
| 				new_address = findRegion (new_address, new_size);
 | |
| 
 | |
| 				if (!new_address)
 | |
| 					return (void*)-1;
 | |
| 
 | |
| 				gAddressBase = gNextAddress =
 | |
| 					(unsigned int)VirtualAlloc (new_address, new_size,
 | |
| 												MEM_RESERVE, PAGE_NOACCESS);
 | |
| 				/* repeat in case of race condition */
 | |
| 				/* The region that we found has been snagged */
 | |
| 				/* by another thread */
 | |
| 			}
 | |
| 			while (gAddressBase == 0);
 | |
| 
 | |
| 			assert (new_address == (void*)gAddressBase);
 | |
| 
 | |
| 			gAllocatedSize = new_size;
 | |
| 
 | |
| 			if (!makeGmListElement ((void*)gAddressBase))
 | |
| 				return (void*)-1;
 | |
| 		}
 | |
| 		if ((size + gNextAddress) > AlignPage (gNextAddress))
 | |
| 		{
 | |
| 			void* res;
 | |
| 			res = VirtualAlloc ((void*)AlignPage (gNextAddress),
 | |
| 								(size + gNextAddress -
 | |
| 								 AlignPage (gNextAddress)),
 | |
| 								MEM_COMMIT, PAGE_READWRITE);
 | |
| 			if (!res)
 | |
| 				return (void*)-1;
 | |
| 		}
 | |
| 		tmp = (void*)gNextAddress;
 | |
| 		gNextAddress = (unsigned int)tmp + size;
 | |
| 		return tmp;
 | |
| 	}
 | |
| 	else if (size < 0)
 | |
| 	{
 | |
| 		unsigned int alignedGoal = AlignPage (gNextAddress + size);
 | |
| 		/* Trim by releasing the virtual memory */
 | |
| 		if (alignedGoal >= gAddressBase)
 | |
| 		{
 | |
| 			VirtualFree ((void*)alignedGoal, gNextAddress - alignedGoal,
 | |
| 						 MEM_DECOMMIT);
 | |
| 			gNextAddress = gNextAddress + size;
 | |
| 			return (void*)gNextAddress;
 | |
| 		}
 | |
| 		else
 | |
| 		{
 | |
| 			VirtualFree ((void*)gAddressBase, gNextAddress - gAddressBase,
 | |
| 						 MEM_DECOMMIT);
 | |
| 			gNextAddress = gAddressBase;
 | |
| 			return (void*)-1;
 | |
| 		}
 | |
| 	}
 | |
| 	else
 | |
| 	{
 | |
| 		return (void*)gNextAddress;
 | |
| 	}
 | |
| }
 | |
| 
 | |
| #endif
 | |
| 
 | |
| /*
 | |
|   Type declarations
 | |
| */
 | |
| 
 | |
| struct malloc_chunk
 | |
| {
 | |
|   INTERNAL_SIZE_T prev_size; /* Size of previous chunk (if free). */
 | |
|   INTERNAL_SIZE_T size;      /* Size in bytes, including overhead. */
 | |
|   struct malloc_chunk* fd;   /* double links -- used only if free. */
 | |
|   struct malloc_chunk* bk;
 | |
| } __attribute__((__may_alias__)) ;
 | |
| 
 | |
| typedef struct malloc_chunk* mchunkptr;
 | |
| 
 | |
| /*
 | |
| 
 | |
|    malloc_chunk details:
 | |
| 
 | |
|     (The following includes lightly edited explanations by Colin Plumb.)
 | |
| 
 | |
|     Chunks of memory are maintained using a `boundary tag' method as
 | |
|     described in e.g., Knuth or Standish.  (See the paper by Paul
 | |
|     Wilson ftp://ftp.cs.utexas.edu/pub/garbage/allocsrv.ps for a
 | |
|     survey of such techniques.)  Sizes of free chunks are stored both
 | |
|     in the front of each chunk and at the end.  This makes
 | |
|     consolidating fragmented chunks into bigger chunks very fast.  The
 | |
|     size fields also hold bits representing whether chunks are free or
 | |
|     in use.
 | |
| 
 | |
|     An allocated chunk looks like this:
 | |
| 
 | |
|     chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
| 	    |             Size of previous chunk, if allocated            | |
 | |
| 	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
| 	    |             Size of chunk, in bytes                         |P|
 | |
|       mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
| 	    |             User data starts here...                          .
 | |
| 	    .                                                               .
 | |
| 	    .             (malloc_usable_space() bytes)                     .
 | |
| 	    .                                                               |
 | |
| nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
| 	    |             Size of chunk                                     |
 | |
| 	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
| 
 | |
|     Where "chunk" is the front of the chunk for the purpose of most of
 | |
|     the malloc code, but "mem" is the pointer that is returned to the
 | |
|     user.  "Nextchunk" is the beginning of the next contiguous chunk.
 | |
| 
 | |
|     Chunks always begin on even word boundries, so the mem portion
 | |
|     (which is returned to the user) is also on an even word boundary, and
 | |
|     thus double-word aligned.
 | |
| 
 | |
|     Free chunks are stored in circular doubly-linked lists, and look like this:
 | |
| 
 | |
|     chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
| 	    |             Size of previous chunk                            |
 | |
| 	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
|     `head:' |             Size of chunk, in bytes                         |P|
 | |
|       mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
| 	    |             Forward pointer to next chunk in list             |
 | |
| 	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
| 	    |             Back pointer to previous chunk in list            |
 | |
| 	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
| 	    |             Unused space (may be 0 bytes long)                .
 | |
| 	    .                                                               .
 | |
| 	    .                                                               |
 | |
| 
 | |
| nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
|     `foot:' |             Size of chunk, in bytes                           |
 | |
| 	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 | |
| 
 | |
|     The P (PREV_INUSE) bit, stored in the unused low-order bit of the
 | |
|     chunk size (which is always a multiple of two words), is an in-use
 | |
|     bit for the *previous* chunk.  If that bit is *clear*, then the
 | |
|     word before the current chunk size contains the previous chunk
 | |
|     size, and can be used to find the front of the previous chunk.
 | |
|     (The very first chunk allocated always has this bit set,
 | |
|     preventing access to non-existent (or non-owned) memory.)
 | |
| 
 | |
|     Note that the `foot' of the current chunk is actually represented
 | |
|     as the prev_size of the NEXT chunk. (This makes it easier to
 | |
|     deal with alignments etc).
 | |
| 
 | |
|     The two exceptions to all this are
 | |
| 
 | |
|      1. The special chunk `top', which doesn't bother using the
 | |
| 	trailing size field since there is no
 | |
| 	next contiguous chunk that would have to index off it. (After
 | |
| 	initialization, `top' is forced to always exist.  If it would
 | |
| 	become less than MINSIZE bytes long, it is replenished via
 | |
| 	malloc_extend_top.)
 | |
| 
 | |
|      2. Chunks allocated via mmap, which have the second-lowest-order
 | |
| 	bit (IS_MMAPPED) set in their size fields.  Because they are
 | |
| 	never merged or traversed from any other chunk, they have no
 | |
| 	foot size or inuse information.
 | |
| 
 | |
|     Available chunks are kept in any of several places (all declared below):
 | |
| 
 | |
|     * `av': An array of chunks serving as bin headers for consolidated
 | |
|        chunks. Each bin is doubly linked.  The bins are approximately
 | |
|        proportionally (log) spaced.  There are a lot of these bins
 | |
|        (128). This may look excessive, but works very well in
 | |
|        practice.  All procedures maintain the invariant that no
 | |
|        consolidated chunk physically borders another one. Chunks in
 | |
|        bins are kept in size order, with ties going to the
 | |
|        approximately least recently used chunk.
 | |
| 
 | |
|        The chunks in each bin are maintained in decreasing sorted order by
 | |
|        size.  This is irrelevant for the small bins, which all contain
 | |
|        the same-sized chunks, but facilitates best-fit allocation for
 | |
|        larger chunks. (These lists are just sequential. Keeping them in
 | |
|        order almost never requires enough traversal to warrant using
 | |
|        fancier ordered data structures.)  Chunks of the same size are
 | |
|        linked with the most recently freed at the front, and allocations
 | |
|        are taken from the back.  This results in LRU or FIFO allocation
 | |
|        order, which tends to give each chunk an equal opportunity to be
 | |
|        consolidated with adjacent freed chunks, resulting in larger free
 | |
|        chunks and less fragmentation.
 | |
| 
 | |
|     * `top': The top-most available chunk (i.e., the one bordering the
 | |
|        end of available memory) is treated specially. It is never
 | |
|        included in any bin, is used only if no other chunk is
 | |
|        available, and is released back to the system if it is very
 | |
|        large (see M_TRIM_THRESHOLD).
 | |
| 
 | |
|     * `last_remainder': A bin holding only the remainder of the
 | |
|        most recently split (non-top) chunk. This bin is checked
 | |
|        before other non-fitting chunks, so as to provide better
 | |
|        locality for runs of sequentially allocated chunks.
 | |
| 
 | |
|     *  Implicitly, through the host system's memory mapping tables.
 | |
|        If supported, requests greater than a threshold are usually
 | |
|        serviced via calls to mmap, and then later released via munmap.
 | |
| 
 | |
| */
 | |
| 
 | |
| /*  sizes, alignments */
 | |
| 
 | |
| #define SIZE_SZ                (sizeof(INTERNAL_SIZE_T))
 | |
| #define MALLOC_ALIGNMENT       (SIZE_SZ + SIZE_SZ)
 | |
| #define MALLOC_ALIGN_MASK      (MALLOC_ALIGNMENT - 1)
 | |
| #define MINSIZE                (sizeof(struct malloc_chunk))
 | |
| 
 | |
| /* conversion from malloc headers to user pointers, and back */
 | |
| 
 | |
| #define chunk2mem(p)   ((Void_t*)((char*)(p) + 2*SIZE_SZ))
 | |
| #define mem2chunk(mem) ((mchunkptr)((char*)(mem) - 2*SIZE_SZ))
 | |
| 
 | |
| /* pad request bytes into a usable size */
 | |
| 
 | |
| #define request2size(req) \
 | |
|  ((((req) + (SIZE_SZ + MALLOC_ALIGN_MASK)) < \
 | |
|   (MINSIZE + MALLOC_ALIGN_MASK)) ? MINSIZE : \
 | |
|    (((req) + (SIZE_SZ + MALLOC_ALIGN_MASK)) & ~(MALLOC_ALIGN_MASK)))
 | |
| 
 | |
| /* Check if m has acceptable alignment */
 | |
| 
 | |
| #define aligned_OK(m)    (((unsigned long)((m)) & (MALLOC_ALIGN_MASK)) == 0)
 | |
| 
 | |
| /*
 | |
|   Physical chunk operations
 | |
| */
 | |
| 
 | |
| /* size field is or'ed with PREV_INUSE when previous adjacent chunk in use */
 | |
| 
 | |
| #define PREV_INUSE 0x1
 | |
| 
 | |
| /* size field is or'ed with IS_MMAPPED if the chunk was obtained with mmap() */
 | |
| 
 | |
| #define IS_MMAPPED 0x2
 | |
| 
 | |
| /* Bits to mask off when extracting size */
 | |
| 
 | |
| #define SIZE_BITS (PREV_INUSE|IS_MMAPPED)
 | |
| 
 | |
| /* Ptr to next physical malloc_chunk. */
 | |
| 
 | |
| #define next_chunk(p) ((mchunkptr)( ((char*)(p)) + ((p)->size & ~PREV_INUSE) ))
 | |
| 
 | |
| /* Ptr to previous physical malloc_chunk */
 | |
| 
 | |
| #define prev_chunk(p)\
 | |
|    ((mchunkptr)( ((char*)(p)) - ((p)->prev_size) ))
 | |
| 
 | |
| /* Treat space at ptr + offset as a chunk */
 | |
| 
 | |
| #define chunk_at_offset(p, s)  ((mchunkptr)(((char*)(p)) + (s)))
 | |
| 
 | |
| /*
 | |
|   Dealing with use bits
 | |
| */
 | |
| 
 | |
| /* extract p's inuse bit */
 | |
| 
 | |
| #define inuse(p)\
 | |
| ((((mchunkptr)(((char*)(p))+((p)->size & ~PREV_INUSE)))->size) & PREV_INUSE)
 | |
| 
 | |
| /* extract inuse bit of previous chunk */
 | |
| 
 | |
| #define prev_inuse(p)  ((p)->size & PREV_INUSE)
 | |
| 
 | |
| /* check for mmap()'ed chunk */
 | |
| 
 | |
| #define chunk_is_mmapped(p) ((p)->size & IS_MMAPPED)
 | |
| 
 | |
| /* set/clear chunk as in use without otherwise disturbing */
 | |
| 
 | |
| #define set_inuse(p)\
 | |
| ((mchunkptr)(((char*)(p)) + ((p)->size & ~PREV_INUSE)))->size |= PREV_INUSE
 | |
| 
 | |
| #define clear_inuse(p)\
 | |
| ((mchunkptr)(((char*)(p)) + ((p)->size & ~PREV_INUSE)))->size &= ~(PREV_INUSE)
 | |
| 
 | |
| /* check/set/clear inuse bits in known places */
 | |
| 
 | |
| #define inuse_bit_at_offset(p, s)\
 | |
|  (((mchunkptr)(((char*)(p)) + (s)))->size & PREV_INUSE)
 | |
| 
 | |
| #define set_inuse_bit_at_offset(p, s)\
 | |
|  (((mchunkptr)(((char*)(p)) + (s)))->size |= PREV_INUSE)
 | |
| 
 | |
| #define clear_inuse_bit_at_offset(p, s)\
 | |
|  (((mchunkptr)(((char*)(p)) + (s)))->size &= ~(PREV_INUSE))
 | |
| 
 | |
| /*
 | |
|   Dealing with size fields
 | |
| */
 | |
| 
 | |
| /* Get size, ignoring use bits */
 | |
| 
 | |
| #define chunksize(p)          ((p)->size & ~(SIZE_BITS))
 | |
| 
 | |
| /* Set size at head, without disturbing its use bit */
 | |
| 
 | |
| #define set_head_size(p, s)   ((p)->size = (((p)->size & PREV_INUSE) | (s)))
 | |
| 
 | |
| /* Set size/use ignoring previous bits in header */
 | |
| 
 | |
| #define set_head(p, s)        ((p)->size = (s))
 | |
| 
 | |
| /* Set size at footer (only when chunk is not in use) */
 | |
| 
 | |
| #define set_foot(p, s)   (((mchunkptr)((char*)(p) + (s)))->prev_size = (s))
 | |
| 
 | |
| /*
 | |
|    Bins
 | |
| 
 | |
|     The bins, `av_' are an array of pairs of pointers serving as the
 | |
|     heads of (initially empty) doubly-linked lists of chunks, laid out
 | |
|     in a way so that each pair can be treated as if it were in a
 | |
|     malloc_chunk. (This way, the fd/bk offsets for linking bin heads
 | |
|     and chunks are the same).
 | |
| 
 | |
|     Bins for sizes < 512 bytes contain chunks of all the same size, spaced
 | |
|     8 bytes apart. Larger bins are approximately logarithmically
 | |
|     spaced. (See the table below.) The `av_' array is never mentioned
 | |
|     directly in the code, but instead via bin access macros.
 | |
| 
 | |
|     Bin layout:
 | |
| 
 | |
|     64 bins of size       8
 | |
|     32 bins of size      64
 | |
|     16 bins of size     512
 | |
|      8 bins of size    4096
 | |
|      4 bins of size   32768
 | |
|      2 bins of size  262144
 | |
|      1 bin  of size what's left
 | |
| 
 | |
|     There is actually a little bit of slop in the numbers in bin_index
 | |
|     for the sake of speed. This makes no difference elsewhere.
 | |
| 
 | |
|     The special chunks `top' and `last_remainder' get their own bins,
 | |
|     (this is implemented via yet more trickery with the av_ array),
 | |
|     although `top' is never properly linked to its bin since it is
 | |
|     always handled specially.
 | |
| 
 | |
| */
 | |
| 
 | |
| #define NAV             128   /* number of bins */
 | |
| 
 | |
| typedef struct malloc_chunk* mbinptr;
 | |
| 
 | |
| /* access macros */
 | |
| 
 | |
| #define bin_at(i)      ((mbinptr)((char*)&(av_[2*(i) + 2]) - 2*SIZE_SZ))
 | |
| #define next_bin(b)    ((mbinptr)((char*)(b) + 2 * sizeof(mbinptr)))
 | |
| #define prev_bin(b)    ((mbinptr)((char*)(b) - 2 * sizeof(mbinptr)))
 | |
| 
 | |
| /*
 | |
|    The first 2 bins are never indexed. The corresponding av_ cells are instead
 | |
|    used for bookkeeping. This is not to save space, but to simplify
 | |
|    indexing, maintain locality, and avoid some initialization tests.
 | |
| */
 | |
| 
 | |
| #define top            (av_[2])          /* The topmost chunk */
 | |
| #define last_remainder (bin_at(1))       /* remainder from last split */
 | |
| 
 | |
| /*
 | |
|    Because top initially points to its own bin with initial
 | |
|    zero size, thus forcing extension on the first malloc request,
 | |
|    we avoid having any special code in malloc to check whether
 | |
|    it even exists yet. But we still need to in malloc_extend_top.
 | |
| */
 | |
| 
 | |
| #define initial_top    ((mchunkptr)(bin_at(0)))
 | |
| 
 | |
| /* Helper macro to initialize bins */
 | |
| 
 | |
| #define IAV(i)  bin_at(i), bin_at(i)
 | |
| 
 | |
| static mbinptr av_[NAV * 2 + 2] = {
 | |
|  NULL, NULL,
 | |
|  IAV(0),   IAV(1),   IAV(2),   IAV(3),   IAV(4),   IAV(5),   IAV(6),   IAV(7),
 | |
|  IAV(8),   IAV(9),   IAV(10),  IAV(11),  IAV(12),  IAV(13),  IAV(14),  IAV(15),
 | |
|  IAV(16),  IAV(17),  IAV(18),  IAV(19),  IAV(20),  IAV(21),  IAV(22),  IAV(23),
 | |
|  IAV(24),  IAV(25),  IAV(26),  IAV(27),  IAV(28),  IAV(29),  IAV(30),  IAV(31),
 | |
|  IAV(32),  IAV(33),  IAV(34),  IAV(35),  IAV(36),  IAV(37),  IAV(38),  IAV(39),
 | |
|  IAV(40),  IAV(41),  IAV(42),  IAV(43),  IAV(44),  IAV(45),  IAV(46),  IAV(47),
 | |
|  IAV(48),  IAV(49),  IAV(50),  IAV(51),  IAV(52),  IAV(53),  IAV(54),  IAV(55),
 | |
|  IAV(56),  IAV(57),  IAV(58),  IAV(59),  IAV(60),  IAV(61),  IAV(62),  IAV(63),
 | |
|  IAV(64),  IAV(65),  IAV(66),  IAV(67),  IAV(68),  IAV(69),  IAV(70),  IAV(71),
 | |
|  IAV(72),  IAV(73),  IAV(74),  IAV(75),  IAV(76),  IAV(77),  IAV(78),  IAV(79),
 | |
|  IAV(80),  IAV(81),  IAV(82),  IAV(83),  IAV(84),  IAV(85),  IAV(86),  IAV(87),
 | |
|  IAV(88),  IAV(89),  IAV(90),  IAV(91),  IAV(92),  IAV(93),  IAV(94),  IAV(95),
 | |
|  IAV(96),  IAV(97),  IAV(98),  IAV(99),  IAV(100), IAV(101), IAV(102), IAV(103),
 | |
|  IAV(104), IAV(105), IAV(106), IAV(107), IAV(108), IAV(109), IAV(110), IAV(111),
 | |
|  IAV(112), IAV(113), IAV(114), IAV(115), IAV(116), IAV(117), IAV(118), IAV(119),
 | |
|  IAV(120), IAV(121), IAV(122), IAV(123), IAV(124), IAV(125), IAV(126), IAV(127)
 | |
| };
 | |
| 
 | |
| #ifdef CONFIG_SYS_MALLOC_DEFAULT_TO_INIT
 | |
| static void malloc_init(void);
 | |
| #endif
 | |
| 
 | |
| ulong mem_malloc_start = 0;
 | |
| ulong mem_malloc_end = 0;
 | |
| ulong mem_malloc_brk = 0;
 | |
| 
 | |
| static bool malloc_testing;	/* enable test mode */
 | |
| static int malloc_max_allocs;	/* return NULL after this many calls to malloc() */
 | |
| 
 | |
| void *sbrk(ptrdiff_t increment)
 | |
| {
 | |
| 	ulong old = mem_malloc_brk;
 | |
| 	ulong new = old + increment;
 | |
| 
 | |
| 	if ((new < mem_malloc_start) || (new > mem_malloc_end))
 | |
| 		return (void *)MORECORE_FAILURE;
 | |
| 
 | |
| 	/*
 | |
| 	 * if we are giving memory back make sure we clear it out since
 | |
| 	 * we set MORECORE_CLEARS to 1
 | |
| 	 */
 | |
| 	if (increment < 0)
 | |
| 		memset((void *)new, 0, -increment);
 | |
| 
 | |
| 	mem_malloc_brk = new;
 | |
| 
 | |
| 	return (void *)old;
 | |
| }
 | |
| 
 | |
| void mem_malloc_init(ulong start, ulong size)
 | |
| {
 | |
| 	mem_malloc_start = start;
 | |
| 	mem_malloc_end = start + size;
 | |
| 	mem_malloc_brk = start;
 | |
| 
 | |
| #ifdef CONFIG_SYS_MALLOC_DEFAULT_TO_INIT
 | |
| 	malloc_init();
 | |
| #endif
 | |
| 
 | |
| 	debug("using memory %#lx-%#lx for malloc()\n", mem_malloc_start,
 | |
| 	      mem_malloc_end);
 | |
| #if CONFIG_IS_ENABLED(SYS_MALLOC_CLEAR_ON_INIT)
 | |
| 	memset((void *)mem_malloc_start, 0x0, size);
 | |
| #endif
 | |
| }
 | |
| 
 | |
| /* field-extraction macros */
 | |
| 
 | |
| #define first(b) ((b)->fd)
 | |
| #define last(b)  ((b)->bk)
 | |
| 
 | |
| /*
 | |
|   Indexing into bins
 | |
| */
 | |
| 
 | |
| #define bin_index(sz)                                                          \
 | |
| (((((unsigned long)(sz)) >> 9) ==    0) ?       (((unsigned long)(sz)) >>  3): \
 | |
|  ((((unsigned long)(sz)) >> 9) <=    4) ?  56 + (((unsigned long)(sz)) >>  6): \
 | |
|  ((((unsigned long)(sz)) >> 9) <=   20) ?  91 + (((unsigned long)(sz)) >>  9): \
 | |
|  ((((unsigned long)(sz)) >> 9) <=   84) ? 110 + (((unsigned long)(sz)) >> 12): \
 | |
|  ((((unsigned long)(sz)) >> 9) <=  340) ? 119 + (((unsigned long)(sz)) >> 15): \
 | |
|  ((((unsigned long)(sz)) >> 9) <= 1364) ? 124 + (((unsigned long)(sz)) >> 18): \
 | |
| 					  126)
 | |
| /*
 | |
|   bins for chunks < 512 are all spaced 8 bytes apart, and hold
 | |
|   identically sized chunks. This is exploited in malloc.
 | |
| */
 | |
| 
 | |
| #define MAX_SMALLBIN         63
 | |
| #define MAX_SMALLBIN_SIZE   512
 | |
| #define SMALLBIN_WIDTH        8
 | |
| 
 | |
| #define smallbin_index(sz)  (((unsigned long)(sz)) >> 3)
 | |
| 
 | |
| /*
 | |
|    Requests are `small' if both the corresponding and the next bin are small
 | |
| */
 | |
| 
 | |
| #define is_small_request(nb) (nb < MAX_SMALLBIN_SIZE - SMALLBIN_WIDTH)
 | |
| 
 | |
| /*
 | |
|     To help compensate for the large number of bins, a one-level index
 | |
|     structure is used for bin-by-bin searching.  `binblocks' is a
 | |
|     one-word bitvector recording whether groups of BINBLOCKWIDTH bins
 | |
|     have any (possibly) non-empty bins, so they can be skipped over
 | |
|     all at once during during traversals. The bits are NOT always
 | |
|     cleared as soon as all bins in a block are empty, but instead only
 | |
|     when all are noticed to be empty during traversal in malloc.
 | |
| */
 | |
| 
 | |
| #define BINBLOCKWIDTH     4   /* bins per block */
 | |
| 
 | |
| #define binblocks_r     ((INTERNAL_SIZE_T)av_[1]) /* bitvector of nonempty blocks */
 | |
| #define binblocks_w     (av_[1])
 | |
| 
 | |
| /* bin<->block macros */
 | |
| 
 | |
| #define idx2binblock(ix)    ((unsigned)1 << (ix / BINBLOCKWIDTH))
 | |
| #define mark_binblock(ii)   (binblocks_w = (mbinptr)(binblocks_r | idx2binblock(ii)))
 | |
| #define clear_binblock(ii)  (binblocks_w = (mbinptr)(binblocks_r & ~(idx2binblock(ii))))
 | |
| 
 | |
| /*  Other static bookkeeping data */
 | |
| 
 | |
| /* variables holding tunable values */
 | |
| 
 | |
| static unsigned long trim_threshold   = DEFAULT_TRIM_THRESHOLD;
 | |
| static unsigned long top_pad          = DEFAULT_TOP_PAD;
 | |
| static unsigned int  n_mmaps_max      = DEFAULT_MMAP_MAX;
 | |
| static unsigned long mmap_threshold   = DEFAULT_MMAP_THRESHOLD;
 | |
| 
 | |
| /* The first value returned from sbrk */
 | |
| static char* sbrk_base = (char*)(-1);
 | |
| 
 | |
| /* The maximum memory obtained from system via sbrk */
 | |
| static unsigned long max_sbrked_mem = 0;
 | |
| 
 | |
| /* The maximum via either sbrk or mmap */
 | |
| static unsigned long max_total_mem = 0;
 | |
| 
 | |
| /* internal working copy of mallinfo */
 | |
| static struct mallinfo current_mallinfo = {  0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
 | |
| 
 | |
| /* The total memory obtained from system via sbrk */
 | |
| #define sbrked_mem  (current_mallinfo.arena)
 | |
| 
 | |
| /* Tracking mmaps */
 | |
| 
 | |
| #ifdef DEBUG
 | |
| static unsigned int n_mmaps = 0;
 | |
| #endif	/* DEBUG */
 | |
| static unsigned long mmapped_mem = 0;
 | |
| #if HAVE_MMAP
 | |
| static unsigned int max_n_mmaps = 0;
 | |
| static unsigned long max_mmapped_mem = 0;
 | |
| #endif
 | |
| 
 | |
| #ifdef CONFIG_SYS_MALLOC_DEFAULT_TO_INIT
 | |
| static void malloc_init(void)
 | |
| {
 | |
| 	int i, j;
 | |
| 
 | |
| 	debug("bins (av_ array) are at %p\n", (void *)av_);
 | |
| 
 | |
| 	av_[0] = NULL; av_[1] = NULL;
 | |
| 	for (i = 2, j = 2; i < NAV * 2 + 2; i += 2, j++) {
 | |
| 		av_[i] = bin_at(j - 2);
 | |
| 		av_[i + 1] = bin_at(j - 2);
 | |
| 
 | |
| 		/* Just print the first few bins so that
 | |
| 		 * we can see there are alright.
 | |
| 		 */
 | |
| 		if (i < 10)
 | |
| 			debug("av_[%d]=%lx av_[%d]=%lx\n",
 | |
| 			      i, (ulong)av_[i],
 | |
| 			      i + 1, (ulong)av_[i + 1]);
 | |
| 	}
 | |
| 
 | |
| 	/* Init the static bookkeeping as well */
 | |
| 	sbrk_base = (char *)(-1);
 | |
| 	max_sbrked_mem = 0;
 | |
| 	max_total_mem = 0;
 | |
| #ifdef DEBUG
 | |
| 	memset((void *)¤t_mallinfo, 0, sizeof(struct mallinfo));
 | |
| #endif
 | |
| }
 | |
| #endif
 | |
| 
 | |
| /*
 | |
|   Debugging support
 | |
| */
 | |
| 
 | |
| #ifdef DEBUG
 | |
| 
 | |
| /*
 | |
|   These routines make a number of assertions about the states
 | |
|   of data structures that should be true at all times. If any
 | |
|   are not true, it's very likely that a user program has somehow
 | |
|   trashed memory. (It's also possible that there is a coding error
 | |
|   in malloc. In which case, please report it!)
 | |
| */
 | |
| 
 | |
| #if __STD_C
 | |
| static void do_check_chunk(mchunkptr p)
 | |
| #else
 | |
| static void do_check_chunk(p) mchunkptr p;
 | |
| #endif
 | |
| {
 | |
|   INTERNAL_SIZE_T sz = p->size & ~PREV_INUSE;
 | |
| 
 | |
|   /* No checkable chunk is mmapped */
 | |
|   assert(!chunk_is_mmapped(p));
 | |
| 
 | |
|   /* Check for legal address ... */
 | |
|   assert((char*)p >= sbrk_base);
 | |
|   if (p != top)
 | |
|     assert((char*)p + sz <= (char*)top);
 | |
|   else
 | |
|     assert((char*)p + sz <= sbrk_base + sbrked_mem);
 | |
| 
 | |
| }
 | |
| 
 | |
| #if __STD_C
 | |
| static void do_check_free_chunk(mchunkptr p)
 | |
| #else
 | |
| static void do_check_free_chunk(p) mchunkptr p;
 | |
| #endif
 | |
| {
 | |
|   INTERNAL_SIZE_T sz = p->size & ~PREV_INUSE;
 | |
|   mchunkptr next = chunk_at_offset(p, sz);
 | |
| 
 | |
|   do_check_chunk(p);
 | |
| 
 | |
|   /* Check whether it claims to be free ... */
 | |
|   assert(!inuse(p));
 | |
| 
 | |
|   /* Unless a special marker, must have OK fields */
 | |
|   if ((long)sz >= (long)MINSIZE)
 | |
|   {
 | |
|     assert((sz & MALLOC_ALIGN_MASK) == 0);
 | |
|     assert(aligned_OK(chunk2mem(p)));
 | |
|     /* ... matching footer field */
 | |
|     assert(next->prev_size == sz);
 | |
|     /* ... and is fully consolidated */
 | |
|     assert(prev_inuse(p));
 | |
|     assert (next == top || inuse(next));
 | |
| 
 | |
|     /* ... and has minimally sane links */
 | |
|     assert(p->fd->bk == p);
 | |
|     assert(p->bk->fd == p);
 | |
|   }
 | |
|   else /* markers are always of size SIZE_SZ */
 | |
|     assert(sz == SIZE_SZ);
 | |
| }
 | |
| 
 | |
| #if __STD_C
 | |
| static void do_check_inuse_chunk(mchunkptr p)
 | |
| #else
 | |
| static void do_check_inuse_chunk(p) mchunkptr p;
 | |
| #endif
 | |
| {
 | |
|   mchunkptr next = next_chunk(p);
 | |
|   do_check_chunk(p);
 | |
| 
 | |
|   /* Check whether it claims to be in use ... */
 | |
|   assert(inuse(p));
 | |
| 
 | |
|   /* ... and is surrounded by OK chunks.
 | |
|     Since more things can be checked with free chunks than inuse ones,
 | |
|     if an inuse chunk borders them and debug is on, it's worth doing them.
 | |
|   */
 | |
|   if (!prev_inuse(p))
 | |
|   {
 | |
|     mchunkptr prv = prev_chunk(p);
 | |
|     assert(next_chunk(prv) == p);
 | |
|     do_check_free_chunk(prv);
 | |
|   }
 | |
|   if (next == top)
 | |
|   {
 | |
|     assert(prev_inuse(next));
 | |
|     assert(chunksize(next) >= MINSIZE);
 | |
|   }
 | |
|   else if (!inuse(next))
 | |
|     do_check_free_chunk(next);
 | |
| 
 | |
| }
 | |
| 
 | |
| #if __STD_C
 | |
| static void do_check_malloced_chunk(mchunkptr p, INTERNAL_SIZE_T s)
 | |
| #else
 | |
| static void do_check_malloced_chunk(p, s) mchunkptr p; INTERNAL_SIZE_T s;
 | |
| #endif
 | |
| {
 | |
|   INTERNAL_SIZE_T sz = p->size & ~PREV_INUSE;
 | |
|   long room = sz - s;
 | |
| 
 | |
|   do_check_inuse_chunk(p);
 | |
| 
 | |
|   /* Legal size ... */
 | |
|   assert((long)sz >= (long)MINSIZE);
 | |
|   assert((sz & MALLOC_ALIGN_MASK) == 0);
 | |
|   assert(room >= 0);
 | |
|   assert(room < (long)MINSIZE);
 | |
| 
 | |
|   /* ... and alignment */
 | |
|   assert(aligned_OK(chunk2mem(p)));
 | |
| 
 | |
|   /* ... and was allocated at front of an available chunk */
 | |
|   assert(prev_inuse(p));
 | |
| 
 | |
| }
 | |
| 
 | |
| #define check_free_chunk(P)  do_check_free_chunk(P)
 | |
| #define check_inuse_chunk(P) do_check_inuse_chunk(P)
 | |
| #define check_chunk(P) do_check_chunk(P)
 | |
| #define check_malloced_chunk(P,N) do_check_malloced_chunk(P,N)
 | |
| #else
 | |
| #define check_free_chunk(P)
 | |
| #define check_inuse_chunk(P)
 | |
| #define check_chunk(P)
 | |
| #define check_malloced_chunk(P,N)
 | |
| #endif
 | |
| 
 | |
| /*
 | |
|   Macro-based internal utilities
 | |
| */
 | |
| 
 | |
| /*
 | |
|   Linking chunks in bin lists.
 | |
|   Call these only with variables, not arbitrary expressions, as arguments.
 | |
| */
 | |
| 
 | |
| /*
 | |
|   Place chunk p of size s in its bin, in size order,
 | |
|   putting it ahead of others of same size.
 | |
| */
 | |
| 
 | |
| #define frontlink(P, S, IDX, BK, FD)                                          \
 | |
| {                                                                             \
 | |
|   if (S < MAX_SMALLBIN_SIZE)                                                  \
 | |
|   {                                                                           \
 | |
|     IDX = smallbin_index(S);                                                  \
 | |
|     mark_binblock(IDX);                                                       \
 | |
|     BK = bin_at(IDX);                                                         \
 | |
|     FD = BK->fd;                                                              \
 | |
|     P->bk = BK;                                                               \
 | |
|     P->fd = FD;                                                               \
 | |
|     FD->bk = BK->fd = P;                                                      \
 | |
|   }                                                                           \
 | |
|   else                                                                        \
 | |
|   {                                                                           \
 | |
|     IDX = bin_index(S);                                                       \
 | |
|     BK = bin_at(IDX);                                                         \
 | |
|     FD = BK->fd;                                                              \
 | |
|     if (FD == BK) mark_binblock(IDX);                                         \
 | |
|     else                                                                      \
 | |
|     {                                                                         \
 | |
|       while (FD != BK && S < chunksize(FD)) FD = FD->fd;                      \
 | |
|       BK = FD->bk;                                                            \
 | |
|     }                                                                         \
 | |
|     P->bk = BK;                                                               \
 | |
|     P->fd = FD;                                                               \
 | |
|     FD->bk = BK->fd = P;                                                      \
 | |
|   }                                                                           \
 | |
| }
 | |
| 
 | |
| /* take a chunk off a list */
 | |
| 
 | |
| #define unlink(P, BK, FD)                                                     \
 | |
| {                                                                             \
 | |
|   BK = P->bk;                                                                 \
 | |
|   FD = P->fd;                                                                 \
 | |
|   FD->bk = BK;                                                                \
 | |
|   BK->fd = FD;                                                                \
 | |
| }                                                                             \
 | |
| 
 | |
| /* Place p as the last remainder */
 | |
| 
 | |
| #define link_last_remainder(P)                                                \
 | |
| {                                                                             \
 | |
|   last_remainder->fd = last_remainder->bk =  P;                               \
 | |
|   P->fd = P->bk = last_remainder;                                             \
 | |
| }
 | |
| 
 | |
| /* Clear the last_remainder bin */
 | |
| 
 | |
| #define clear_last_remainder \
 | |
|   (last_remainder->fd = last_remainder->bk = last_remainder)
 | |
| 
 | |
| /* Routines dealing with mmap(). */
 | |
| 
 | |
| #if HAVE_MMAP
 | |
| 
 | |
| #if __STD_C
 | |
| static mchunkptr mmap_chunk(size_t size)
 | |
| #else
 | |
| static mchunkptr mmap_chunk(size) size_t size;
 | |
| #endif
 | |
| {
 | |
|   size_t page_mask = malloc_getpagesize - 1;
 | |
|   mchunkptr p;
 | |
| 
 | |
| #ifndef MAP_ANONYMOUS
 | |
|   static int fd = -1;
 | |
| #endif
 | |
| 
 | |
|   if(n_mmaps >= n_mmaps_max) return 0; /* too many regions */
 | |
| 
 | |
|   /* For mmapped chunks, the overhead is one SIZE_SZ unit larger, because
 | |
|    * there is no following chunk whose prev_size field could be used.
 | |
|    */
 | |
|   size = (size + SIZE_SZ + page_mask) & ~page_mask;
 | |
| 
 | |
| #ifdef MAP_ANONYMOUS
 | |
|   p = (mchunkptr)mmap(0, size, PROT_READ|PROT_WRITE,
 | |
| 		      MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
 | |
| #else /* !MAP_ANONYMOUS */
 | |
|   if (fd < 0)
 | |
|   {
 | |
|     fd = open("/dev/zero", O_RDWR);
 | |
|     if(fd < 0) return 0;
 | |
|   }
 | |
|   p = (mchunkptr)mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
 | |
| #endif
 | |
| 
 | |
|   if(p == (mchunkptr)-1) return 0;
 | |
| 
 | |
|   n_mmaps++;
 | |
|   if (n_mmaps > max_n_mmaps) max_n_mmaps = n_mmaps;
 | |
| 
 | |
|   /* We demand that eight bytes into a page must be 8-byte aligned. */
 | |
|   assert(aligned_OK(chunk2mem(p)));
 | |
| 
 | |
|   /* The offset to the start of the mmapped region is stored
 | |
|    * in the prev_size field of the chunk; normally it is zero,
 | |
|    * but that can be changed in memalign().
 | |
|    */
 | |
|   p->prev_size = 0;
 | |
|   set_head(p, size|IS_MMAPPED);
 | |
| 
 | |
|   mmapped_mem += size;
 | |
|   if ((unsigned long)mmapped_mem > (unsigned long)max_mmapped_mem)
 | |
|     max_mmapped_mem = mmapped_mem;
 | |
|   if ((unsigned long)(mmapped_mem + sbrked_mem) > (unsigned long)max_total_mem)
 | |
|     max_total_mem = mmapped_mem + sbrked_mem;
 | |
|   return p;
 | |
| }
 | |
| 
 | |
| #if __STD_C
 | |
| static void munmap_chunk(mchunkptr p)
 | |
| #else
 | |
| static void munmap_chunk(p) mchunkptr p;
 | |
| #endif
 | |
| {
 | |
|   INTERNAL_SIZE_T size = chunksize(p);
 | |
|   int ret;
 | |
| 
 | |
|   assert (chunk_is_mmapped(p));
 | |
|   assert(! ((char*)p >= sbrk_base && (char*)p < sbrk_base + sbrked_mem));
 | |
|   assert((n_mmaps > 0));
 | |
|   assert(((p->prev_size + size) & (malloc_getpagesize-1)) == 0);
 | |
| 
 | |
|   n_mmaps--;
 | |
|   mmapped_mem -= (size + p->prev_size);
 | |
| 
 | |
|   ret = munmap((char *)p - p->prev_size, size + p->prev_size);
 | |
| 
 | |
|   /* munmap returns non-zero on failure */
 | |
|   assert(ret == 0);
 | |
| }
 | |
| 
 | |
| #if HAVE_MREMAP
 | |
| 
 | |
| #if __STD_C
 | |
| static mchunkptr mremap_chunk(mchunkptr p, size_t new_size)
 | |
| #else
 | |
| static mchunkptr mremap_chunk(p, new_size) mchunkptr p; size_t new_size;
 | |
| #endif
 | |
| {
 | |
|   size_t page_mask = malloc_getpagesize - 1;
 | |
|   INTERNAL_SIZE_T offset = p->prev_size;
 | |
|   INTERNAL_SIZE_T size = chunksize(p);
 | |
|   char *cp;
 | |
| 
 | |
|   assert (chunk_is_mmapped(p));
 | |
|   assert(! ((char*)p >= sbrk_base && (char*)p < sbrk_base + sbrked_mem));
 | |
|   assert((n_mmaps > 0));
 | |
|   assert(((size + offset) & (malloc_getpagesize-1)) == 0);
 | |
| 
 | |
|   /* Note the extra SIZE_SZ overhead as in mmap_chunk(). */
 | |
|   new_size = (new_size + offset + SIZE_SZ + page_mask) & ~page_mask;
 | |
| 
 | |
|   cp = (char *)mremap((char *)p - offset, size + offset, new_size, 1);
 | |
| 
 | |
|   if (cp == (char *)-1) return 0;
 | |
| 
 | |
|   p = (mchunkptr)(cp + offset);
 | |
| 
 | |
|   assert(aligned_OK(chunk2mem(p)));
 | |
| 
 | |
|   assert((p->prev_size == offset));
 | |
|   set_head(p, (new_size - offset)|IS_MMAPPED);
 | |
| 
 | |
|   mmapped_mem -= size + offset;
 | |
|   mmapped_mem += new_size;
 | |
|   if ((unsigned long)mmapped_mem > (unsigned long)max_mmapped_mem)
 | |
|     max_mmapped_mem = mmapped_mem;
 | |
|   if ((unsigned long)(mmapped_mem + sbrked_mem) > (unsigned long)max_total_mem)
 | |
|     max_total_mem = mmapped_mem + sbrked_mem;
 | |
|   return p;
 | |
| }
 | |
| 
 | |
| #endif /* HAVE_MREMAP */
 | |
| 
 | |
| #endif /* HAVE_MMAP */
 | |
| 
 | |
| /*
 | |
|   Extend the top-most chunk by obtaining memory from system.
 | |
|   Main interface to sbrk (but see also malloc_trim).
 | |
| */
 | |
| 
 | |
| #if __STD_C
 | |
| static void malloc_extend_top(INTERNAL_SIZE_T nb)
 | |
| #else
 | |
| static void malloc_extend_top(nb) INTERNAL_SIZE_T nb;
 | |
| #endif
 | |
| {
 | |
|   char*     brk;                  /* return value from sbrk */
 | |
|   INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of sbrked space */
 | |
|   INTERNAL_SIZE_T correction;     /* bytes for 2nd sbrk call */
 | |
|   char*     new_brk;              /* return of 2nd sbrk call */
 | |
|   INTERNAL_SIZE_T top_size;       /* new size of top chunk */
 | |
| 
 | |
|   mchunkptr old_top     = top;  /* Record state of old top */
 | |
|   INTERNAL_SIZE_T old_top_size = chunksize(old_top);
 | |
|   char*     old_end      = (char*)(chunk_at_offset(old_top, old_top_size));
 | |
| 
 | |
|   /* Pad request with top_pad plus minimal overhead */
 | |
| 
 | |
|   INTERNAL_SIZE_T    sbrk_size     = nb + top_pad + MINSIZE;
 | |
|   unsigned long pagesz    = malloc_getpagesize;
 | |
| 
 | |
|   /* If not the first time through, round to preserve page boundary */
 | |
|   /* Otherwise, we need to correct to a page size below anyway. */
 | |
|   /* (We also correct below if an intervening foreign sbrk call.) */
 | |
| 
 | |
|   if (sbrk_base != (char*)(-1))
 | |
|     sbrk_size = (sbrk_size + (pagesz - 1)) & ~(pagesz - 1);
 | |
| 
 | |
|   brk = (char*)(MORECORE (sbrk_size));
 | |
| 
 | |
|   /* Fail if sbrk failed or if a foreign sbrk call killed our space */
 | |
|   if (brk == (char*)(MORECORE_FAILURE) ||
 | |
|       (brk < old_end && old_top != initial_top))
 | |
|     return;
 | |
| 
 | |
|   sbrked_mem += sbrk_size;
 | |
| 
 | |
|   if (brk == old_end) /* can just add bytes to current top */
 | |
|   {
 | |
|     top_size = sbrk_size + old_top_size;
 | |
|     set_head(top, top_size | PREV_INUSE);
 | |
|   }
 | |
|   else
 | |
|   {
 | |
|     if (sbrk_base == (char*)(-1))  /* First time through. Record base */
 | |
|       sbrk_base = brk;
 | |
|     else  /* Someone else called sbrk().  Count those bytes as sbrked_mem. */
 | |
|       sbrked_mem += brk - (char*)old_end;
 | |
| 
 | |
|     /* Guarantee alignment of first new chunk made from this space */
 | |
|     front_misalign = (unsigned long)chunk2mem(brk) & MALLOC_ALIGN_MASK;
 | |
|     if (front_misalign > 0)
 | |
|     {
 | |
|       correction = (MALLOC_ALIGNMENT) - front_misalign;
 | |
|       brk += correction;
 | |
|     }
 | |
|     else
 | |
|       correction = 0;
 | |
| 
 | |
|     /* Guarantee the next brk will be at a page boundary */
 | |
| 
 | |
|     correction += ((((unsigned long)(brk + sbrk_size))+(pagesz-1)) &
 | |
| 		   ~(pagesz - 1)) - ((unsigned long)(brk + sbrk_size));
 | |
| 
 | |
|     /* Allocate correction */
 | |
|     new_brk = (char*)(MORECORE (correction));
 | |
|     if (new_brk == (char*)(MORECORE_FAILURE)) return;
 | |
| 
 | |
|     sbrked_mem += correction;
 | |
| 
 | |
|     top = (mchunkptr)brk;
 | |
|     top_size = new_brk - brk + correction;
 | |
|     set_head(top, top_size | PREV_INUSE);
 | |
| 
 | |
|     if (old_top != initial_top)
 | |
|     {
 | |
| 
 | |
|       /* There must have been an intervening foreign sbrk call. */
 | |
|       /* A double fencepost is necessary to prevent consolidation */
 | |
| 
 | |
|       /* If not enough space to do this, then user did something very wrong */
 | |
|       if (old_top_size < MINSIZE)
 | |
|       {
 | |
| 	set_head(top, PREV_INUSE); /* will force null return from malloc */
 | |
| 	return;
 | |
|       }
 | |
| 
 | |
|       /* Also keep size a multiple of MALLOC_ALIGNMENT */
 | |
|       old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
 | |
|       set_head_size(old_top, old_top_size);
 | |
|       chunk_at_offset(old_top, old_top_size          )->size =
 | |
| 	SIZE_SZ|PREV_INUSE;
 | |
|       chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
 | |
| 	SIZE_SZ|PREV_INUSE;
 | |
|       /* If possible, release the rest. */
 | |
|       if (old_top_size >= MINSIZE)
 | |
| 	fREe(chunk2mem(old_top));
 | |
|     }
 | |
|   }
 | |
| 
 | |
|   if ((unsigned long)sbrked_mem > (unsigned long)max_sbrked_mem)
 | |
|     max_sbrked_mem = sbrked_mem;
 | |
|   if ((unsigned long)(mmapped_mem + sbrked_mem) > (unsigned long)max_total_mem)
 | |
|     max_total_mem = mmapped_mem + sbrked_mem;
 | |
| 
 | |
|   /* We always land on a page boundary */
 | |
|   assert(((unsigned long)((char*)top + top_size) & (pagesz - 1)) == 0);
 | |
| }
 | |
| 
 | |
| /* Main public routines */
 | |
| 
 | |
| /*
 | |
|   Malloc Algorthim:
 | |
| 
 | |
|     The requested size is first converted into a usable form, `nb'.
 | |
|     This currently means to add 4 bytes overhead plus possibly more to
 | |
|     obtain 8-byte alignment and/or to obtain a size of at least
 | |
|     MINSIZE (currently 16 bytes), the smallest allocatable size.
 | |
|     (All fits are considered `exact' if they are within MINSIZE bytes.)
 | |
| 
 | |
|     From there, the first successful of the following steps is taken:
 | |
| 
 | |
|       1. The bin corresponding to the request size is scanned, and if
 | |
| 	 a chunk of exactly the right size is found, it is taken.
 | |
| 
 | |
|       2. The most recently remaindered chunk is used if it is big
 | |
| 	 enough.  This is a form of (roving) first fit, used only in
 | |
| 	 the absence of exact fits. Runs of consecutive requests use
 | |
| 	 the remainder of the chunk used for the previous such request
 | |
| 	 whenever possible. This limited use of a first-fit style
 | |
| 	 allocation strategy tends to give contiguous chunks
 | |
| 	 coextensive lifetimes, which improves locality and can reduce
 | |
| 	 fragmentation in the long run.
 | |
| 
 | |
|       3. Other bins are scanned in increasing size order, using a
 | |
| 	 chunk big enough to fulfill the request, and splitting off
 | |
| 	 any remainder.  This search is strictly by best-fit; i.e.,
 | |
| 	 the smallest (with ties going to approximately the least
 | |
| 	 recently used) chunk that fits is selected.
 | |
| 
 | |
|       4. If large enough, the chunk bordering the end of memory
 | |
| 	 (`top') is split off. (This use of `top' is in accord with
 | |
| 	 the best-fit search rule.  In effect, `top' is treated as
 | |
| 	 larger (and thus less well fitting) than any other available
 | |
| 	 chunk since it can be extended to be as large as necessary
 | |
| 	 (up to system limitations).
 | |
| 
 | |
|       5. If the request size meets the mmap threshold and the
 | |
| 	 system supports mmap, and there are few enough currently
 | |
| 	 allocated mmapped regions, and a call to mmap succeeds,
 | |
| 	 the request is allocated via direct memory mapping.
 | |
| 
 | |
|       6. Otherwise, the top of memory is extended by
 | |
| 	 obtaining more space from the system (normally using sbrk,
 | |
| 	 but definable to anything else via the MORECORE macro).
 | |
| 	 Memory is gathered from the system (in system page-sized
 | |
| 	 units) in a way that allows chunks obtained across different
 | |
| 	 sbrk calls to be consolidated, but does not require
 | |
| 	 contiguous memory. Thus, it should be safe to intersperse
 | |
| 	 mallocs with other sbrk calls.
 | |
| 
 | |
|       All allocations are made from the the `lowest' part of any found
 | |
|       chunk. (The implementation invariant is that prev_inuse is
 | |
|       always true of any allocated chunk; i.e., that each allocated
 | |
|       chunk borders either a previously allocated and still in-use chunk,
 | |
|       or the base of its memory arena.)
 | |
| 
 | |
| */
 | |
| 
 | |
| STATIC_IF_MCHECK
 | |
| #if __STD_C
 | |
| Void_t* mALLOc_impl(size_t bytes)
 | |
| #else
 | |
| Void_t* mALLOc_impl(bytes) size_t bytes;
 | |
| #endif
 | |
| {
 | |
|   mchunkptr victim;                  /* inspected/selected chunk */
 | |
|   INTERNAL_SIZE_T victim_size;       /* its size */
 | |
|   int       idx;                     /* index for bin traversal */
 | |
|   mbinptr   bin;                     /* associated bin */
 | |
|   mchunkptr remainder;               /* remainder from a split */
 | |
|   long      remainder_size;          /* its size */
 | |
|   int       remainder_index;         /* its bin index */
 | |
|   unsigned long block;               /* block traverser bit */
 | |
|   int       startidx;                /* first bin of a traversed block */
 | |
|   mchunkptr fwd;                     /* misc temp for linking */
 | |
|   mchunkptr bck;                     /* misc temp for linking */
 | |
|   mbinptr q;                         /* misc temp */
 | |
| 
 | |
|   INTERNAL_SIZE_T nb;
 | |
| 
 | |
| #if CONFIG_IS_ENABLED(SYS_MALLOC_F)
 | |
| 	if (!(gd->flags & GD_FLG_FULL_MALLOC_INIT))
 | |
| 		return malloc_simple(bytes);
 | |
| #endif
 | |
| 
 | |
|   if (CONFIG_IS_ENABLED(UNIT_TEST) && malloc_testing) {
 | |
|     if (--malloc_max_allocs < 0)
 | |
|       return NULL;
 | |
|   }
 | |
| 
 | |
|   /* check if mem_malloc_init() was run */
 | |
|   if ((mem_malloc_start == 0) && (mem_malloc_end == 0)) {
 | |
|     /* not initialized yet */
 | |
|     return NULL;
 | |
|   }
 | |
| 
 | |
|   if (bytes > CONFIG_SYS_MALLOC_LEN || (long)bytes < 0)
 | |
|      return NULL;
 | |
| 
 | |
|   nb = request2size(bytes);  /* padded request size; */
 | |
| 
 | |
|   /* Check for exact match in a bin */
 | |
| 
 | |
|   if (is_small_request(nb))  /* Faster version for small requests */
 | |
|   {
 | |
|     idx = smallbin_index(nb);
 | |
| 
 | |
|     /* No traversal or size check necessary for small bins.  */
 | |
| 
 | |
|     q = bin_at(idx);
 | |
|     victim = last(q);
 | |
| 
 | |
|     /* Also scan the next one, since it would have a remainder < MINSIZE */
 | |
|     if (victim == q)
 | |
|     {
 | |
|       q = next_bin(q);
 | |
|       victim = last(q);
 | |
|     }
 | |
|     if (victim != q)
 | |
|     {
 | |
|       victim_size = chunksize(victim);
 | |
|       unlink(victim, bck, fwd);
 | |
|       set_inuse_bit_at_offset(victim, victim_size);
 | |
|       check_malloced_chunk(victim, nb);
 | |
|       VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(victim), bytes, SIZE_SZ, false);
 | |
|       return chunk2mem(victim);
 | |
|     }
 | |
| 
 | |
|     idx += 2; /* Set for bin scan below. We've already scanned 2 bins. */
 | |
| 
 | |
|   }
 | |
|   else
 | |
|   {
 | |
|     idx = bin_index(nb);
 | |
|     bin = bin_at(idx);
 | |
| 
 | |
|     for (victim = last(bin); victim != bin; victim = victim->bk)
 | |
|     {
 | |
|       victim_size = chunksize(victim);
 | |
|       remainder_size = victim_size - nb;
 | |
| 
 | |
|       if (remainder_size >= (long)MINSIZE) /* too big */
 | |
|       {
 | |
| 	--idx; /* adjust to rescan below after checking last remainder */
 | |
| 	break;
 | |
|       }
 | |
| 
 | |
|       else if (remainder_size >= 0) /* exact fit */
 | |
|       {
 | |
| 	unlink(victim, bck, fwd);
 | |
| 	set_inuse_bit_at_offset(victim, victim_size);
 | |
| 	check_malloced_chunk(victim, nb);
 | |
|         VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(victim), bytes, SIZE_SZ, false);
 | |
| 	return chunk2mem(victim);
 | |
|       }
 | |
|     }
 | |
| 
 | |
|     ++idx;
 | |
| 
 | |
|   }
 | |
| 
 | |
|   /* Try to use the last split-off remainder */
 | |
| 
 | |
|   if ( (victim = last_remainder->fd) != last_remainder)
 | |
|   {
 | |
|     victim_size = chunksize(victim);
 | |
|     remainder_size = victim_size - nb;
 | |
| 
 | |
|     if (remainder_size >= (long)MINSIZE) /* re-split */
 | |
|     {
 | |
|       remainder = chunk_at_offset(victim, nb);
 | |
|       set_head(victim, nb | PREV_INUSE);
 | |
|       link_last_remainder(remainder);
 | |
|       set_head(remainder, remainder_size | PREV_INUSE);
 | |
|       set_foot(remainder, remainder_size);
 | |
|       check_malloced_chunk(victim, nb);
 | |
|       VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(victim), bytes, SIZE_SZ, false);
 | |
|       return chunk2mem(victim);
 | |
|     }
 | |
| 
 | |
|     clear_last_remainder;
 | |
| 
 | |
|     if (remainder_size >= 0)  /* exhaust */
 | |
|     {
 | |
|       set_inuse_bit_at_offset(victim, victim_size);
 | |
|       check_malloced_chunk(victim, nb);
 | |
|       VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(victim), bytes, SIZE_SZ, false);
 | |
|       return chunk2mem(victim);
 | |
|     }
 | |
| 
 | |
|     /* Else place in bin */
 | |
| 
 | |
|     frontlink(victim, victim_size, remainder_index, bck, fwd);
 | |
|   }
 | |
| 
 | |
|   /*
 | |
|      If there are any possibly nonempty big-enough blocks,
 | |
|      search for best fitting chunk by scanning bins in blockwidth units.
 | |
|   */
 | |
| 
 | |
|   if ( (block = idx2binblock(idx)) <= binblocks_r)
 | |
|   {
 | |
| 
 | |
|     /* Get to the first marked block */
 | |
| 
 | |
|     if ( (block & binblocks_r) == 0)
 | |
|     {
 | |
|       /* force to an even block boundary */
 | |
|       idx = (idx & ~(BINBLOCKWIDTH - 1)) + BINBLOCKWIDTH;
 | |
|       block <<= 1;
 | |
|       while ((block & binblocks_r) == 0)
 | |
|       {
 | |
| 	idx += BINBLOCKWIDTH;
 | |
| 	block <<= 1;
 | |
|       }
 | |
|     }
 | |
| 
 | |
|     /* For each possibly nonempty block ... */
 | |
|     for (;;)
 | |
|     {
 | |
|       startidx = idx;          /* (track incomplete blocks) */
 | |
|       q = bin = bin_at(idx);
 | |
| 
 | |
|       /* For each bin in this block ... */
 | |
|       do
 | |
|       {
 | |
| 	/* Find and use first big enough chunk ... */
 | |
| 
 | |
| 	for (victim = last(bin); victim != bin; victim = victim->bk)
 | |
| 	{
 | |
| 	  victim_size = chunksize(victim);
 | |
| 	  remainder_size = victim_size - nb;
 | |
| 
 | |
| 	  if (remainder_size >= (long)MINSIZE) /* split */
 | |
| 	  {
 | |
| 	    remainder = chunk_at_offset(victim, nb);
 | |
| 	    set_head(victim, nb | PREV_INUSE);
 | |
| 	    unlink(victim, bck, fwd);
 | |
| 	    link_last_remainder(remainder);
 | |
| 	    set_head(remainder, remainder_size | PREV_INUSE);
 | |
| 	    set_foot(remainder, remainder_size);
 | |
| 	    check_malloced_chunk(victim, nb);
 | |
| 	    VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(victim), bytes, SIZE_SZ, false);
 | |
| 	    return chunk2mem(victim);
 | |
| 	  }
 | |
| 
 | |
| 	  else if (remainder_size >= 0)  /* take */
 | |
| 	  {
 | |
| 	    set_inuse_bit_at_offset(victim, victim_size);
 | |
| 	    unlink(victim, bck, fwd);
 | |
| 	    check_malloced_chunk(victim, nb);
 | |
| 	    VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(victim), bytes, SIZE_SZ, false);
 | |
| 	    return chunk2mem(victim);
 | |
| 	  }
 | |
| 
 | |
| 	}
 | |
| 
 | |
|        bin = next_bin(bin);
 | |
| 
 | |
|       } while ((++idx & (BINBLOCKWIDTH - 1)) != 0);
 | |
| 
 | |
|       /* Clear out the block bit. */
 | |
| 
 | |
|       do   /* Possibly backtrack to try to clear a partial block */
 | |
|       {
 | |
| 	if ((startidx & (BINBLOCKWIDTH - 1)) == 0)
 | |
| 	{
 | |
| 	  av_[1] = (mbinptr)(binblocks_r & ~block);
 | |
| 	  break;
 | |
| 	}
 | |
| 	--startidx;
 | |
|        q = prev_bin(q);
 | |
|       } while (first(q) == q);
 | |
| 
 | |
|       /* Get to the next possibly nonempty block */
 | |
| 
 | |
|       if ( (block <<= 1) <= binblocks_r && (block != 0) )
 | |
|       {
 | |
| 	while ((block & binblocks_r) == 0)
 | |
| 	{
 | |
| 	  idx += BINBLOCKWIDTH;
 | |
| 	  block <<= 1;
 | |
| 	}
 | |
|       }
 | |
|       else
 | |
| 	break;
 | |
|     }
 | |
|   }
 | |
| 
 | |
|   /* Try to use top chunk */
 | |
| 
 | |
|   /* Require that there be a remainder, ensuring top always exists  */
 | |
|   if ( (remainder_size = chunksize(top) - nb) < (long)MINSIZE)
 | |
|   {
 | |
| 
 | |
| #if HAVE_MMAP
 | |
|     /* If big and would otherwise need to extend, try to use mmap instead */
 | |
|     if ((unsigned long)nb >= (unsigned long)mmap_threshold &&
 | |
| 	(victim = mmap_chunk(nb)))
 | |
|       VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(victim), bytes, SIZE_SZ, false);
 | |
|       return chunk2mem(victim);
 | |
| #endif
 | |
| 
 | |
|     /* Try to extend */
 | |
|     malloc_extend_top(nb);
 | |
|     if ( (remainder_size = chunksize(top) - nb) < (long)MINSIZE)
 | |
|       return NULL; /* propagate failure */
 | |
|   }
 | |
| 
 | |
|   victim = top;
 | |
|   set_head(victim, nb | PREV_INUSE);
 | |
|   top = chunk_at_offset(victim, nb);
 | |
|   set_head(top, remainder_size | PREV_INUSE);
 | |
|   check_malloced_chunk(victim, nb);
 | |
|   VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(victim), bytes, SIZE_SZ, false);
 | |
|   return chunk2mem(victim);
 | |
| 
 | |
| }
 | |
| 
 | |
| /*
 | |
| 
 | |
|   free() algorithm :
 | |
| 
 | |
|     cases:
 | |
| 
 | |
|        1. free(0) has no effect.
 | |
| 
 | |
|        2. If the chunk was allocated via mmap, it is release via munmap().
 | |
| 
 | |
|        3. If a returned chunk borders the current high end of memory,
 | |
| 	  it is consolidated into the top, and if the total unused
 | |
| 	  topmost memory exceeds the trim threshold, malloc_trim is
 | |
| 	  called.
 | |
| 
 | |
|        4. Other chunks are consolidated as they arrive, and
 | |
| 	  placed in corresponding bins. (This includes the case of
 | |
| 	  consolidating with the current `last_remainder').
 | |
| 
 | |
| */
 | |
| 
 | |
| STATIC_IF_MCHECK
 | |
| #if __STD_C
 | |
| void fREe_impl(Void_t* mem)
 | |
| #else
 | |
| void fREe_impl(mem) Void_t* mem;
 | |
| #endif
 | |
| {
 | |
|   mchunkptr p;         /* chunk corresponding to mem */
 | |
|   INTERNAL_SIZE_T hd;  /* its head field */
 | |
|   INTERNAL_SIZE_T sz;  /* its size */
 | |
|   int       idx;       /* its bin index */
 | |
|   mchunkptr next;      /* next contiguous chunk */
 | |
|   INTERNAL_SIZE_T nextsz; /* its size */
 | |
|   INTERNAL_SIZE_T prevsz; /* size of previous contiguous chunk */
 | |
|   mchunkptr bck;       /* misc temp for linking */
 | |
|   mchunkptr fwd;       /* misc temp for linking */
 | |
|   int       islr;      /* track whether merging with last_remainder */
 | |
| 
 | |
| #if CONFIG_IS_ENABLED(SYS_MALLOC_F)
 | |
| 	/* free() is a no-op - all the memory will be freed on relocation */
 | |
| 	if (!(gd->flags & GD_FLG_FULL_MALLOC_INIT)) {
 | |
| 		VALGRIND_FREELIKE_BLOCK(mem, SIZE_SZ);
 | |
| 		return;
 | |
| 	}
 | |
| #endif
 | |
| 
 | |
|   if (mem == NULL)                              /* free(0) has no effect */
 | |
|     return;
 | |
| 
 | |
|   p = mem2chunk(mem);
 | |
|   hd = p->size;
 | |
| 
 | |
| #if HAVE_MMAP
 | |
|   if (hd & IS_MMAPPED)                       /* release mmapped memory. */
 | |
|   {
 | |
|     munmap_chunk(p);
 | |
|     return;
 | |
|   }
 | |
| #endif
 | |
| 
 | |
|   check_inuse_chunk(p);
 | |
| 
 | |
|   sz = hd & ~PREV_INUSE;
 | |
|   next = chunk_at_offset(p, sz);
 | |
|   nextsz = chunksize(next);
 | |
|   VALGRIND_FREELIKE_BLOCK(mem, SIZE_SZ);
 | |
| 
 | |
|   if (next == top)                            /* merge with top */
 | |
|   {
 | |
|     sz += nextsz;
 | |
| 
 | |
|     if (!(hd & PREV_INUSE))                    /* consolidate backward */
 | |
|     {
 | |
|       prevsz = p->prev_size;
 | |
|       p = chunk_at_offset(p, -((long) prevsz));
 | |
|       sz += prevsz;
 | |
|       unlink(p, bck, fwd);
 | |
|     }
 | |
| 
 | |
|     set_head(p, sz | PREV_INUSE);
 | |
|     top = p;
 | |
|     if ((unsigned long)(sz) >= (unsigned long)trim_threshold)
 | |
|       malloc_trim(top_pad);
 | |
|     return;
 | |
|   }
 | |
| 
 | |
|   set_head(next, nextsz);                    /* clear inuse bit */
 | |
| 
 | |
|   islr = 0;
 | |
| 
 | |
|   if (!(hd & PREV_INUSE))                    /* consolidate backward */
 | |
|   {
 | |
|     prevsz = p->prev_size;
 | |
|     p = chunk_at_offset(p, -((long) prevsz));
 | |
|     sz += prevsz;
 | |
| 
 | |
|     if (p->fd == last_remainder)             /* keep as last_remainder */
 | |
|       islr = 1;
 | |
|     else
 | |
|       unlink(p, bck, fwd);
 | |
|   }
 | |
| 
 | |
|   if (!(inuse_bit_at_offset(next, nextsz)))   /* consolidate forward */
 | |
|   {
 | |
|     sz += nextsz;
 | |
| 
 | |
|     if (!islr && next->fd == last_remainder)  /* re-insert last_remainder */
 | |
|     {
 | |
|       islr = 1;
 | |
|       link_last_remainder(p);
 | |
|     }
 | |
|     else
 | |
|       unlink(next, bck, fwd);
 | |
|   }
 | |
| 
 | |
|   set_head(p, sz | PREV_INUSE);
 | |
|   set_foot(p, sz);
 | |
|   if (!islr)
 | |
|     frontlink(p, sz, idx, bck, fwd);
 | |
| }
 | |
| 
 | |
| /*
 | |
| 
 | |
|   Realloc algorithm:
 | |
| 
 | |
|     Chunks that were obtained via mmap cannot be extended or shrunk
 | |
|     unless HAVE_MREMAP is defined, in which case mremap is used.
 | |
|     Otherwise, if their reallocation is for additional space, they are
 | |
|     copied.  If for less, they are just left alone.
 | |
| 
 | |
|     Otherwise, if the reallocation is for additional space, and the
 | |
|     chunk can be extended, it is, else a malloc-copy-free sequence is
 | |
|     taken.  There are several different ways that a chunk could be
 | |
|     extended. All are tried:
 | |
| 
 | |
|        * Extending forward into following adjacent free chunk.
 | |
|        * Shifting backwards, joining preceding adjacent space
 | |
|        * Both shifting backwards and extending forward.
 | |
|        * Extending into newly sbrked space
 | |
| 
 | |
|     Unless the #define REALLOC_ZERO_BYTES_FREES is set, realloc with a
 | |
|     size argument of zero (re)allocates a minimum-sized chunk.
 | |
| 
 | |
|     If the reallocation is for less space, and the new request is for
 | |
|     a `small' (<512 bytes) size, then the newly unused space is lopped
 | |
|     off and freed.
 | |
| 
 | |
|     The old unix realloc convention of allowing the last-free'd chunk
 | |
|     to be used as an argument to realloc is no longer supported.
 | |
|     I don't know of any programs still relying on this feature,
 | |
|     and allowing it would also allow too many other incorrect
 | |
|     usages of realloc to be sensible.
 | |
| 
 | |
| */
 | |
| 
 | |
| STATIC_IF_MCHECK
 | |
| #if __STD_C
 | |
| Void_t* rEALLOc_impl(Void_t* oldmem, size_t bytes)
 | |
| #else
 | |
| Void_t* rEALLOc_impl(oldmem, bytes) Void_t* oldmem; size_t bytes;
 | |
| #endif
 | |
| {
 | |
|   INTERNAL_SIZE_T    nb;      /* padded request size */
 | |
| 
 | |
|   mchunkptr oldp;             /* chunk corresponding to oldmem */
 | |
|   INTERNAL_SIZE_T    oldsize; /* its size */
 | |
| 
 | |
|   mchunkptr newp;             /* chunk to return */
 | |
|   INTERNAL_SIZE_T    newsize; /* its size */
 | |
|   Void_t*   newmem;           /* corresponding user mem */
 | |
| 
 | |
|   mchunkptr next;             /* next contiguous chunk after oldp */
 | |
|   INTERNAL_SIZE_T  nextsize;  /* its size */
 | |
| 
 | |
|   mchunkptr prev;             /* previous contiguous chunk before oldp */
 | |
|   INTERNAL_SIZE_T  prevsize;  /* its size */
 | |
| 
 | |
|   mchunkptr remainder;        /* holds split off extra space from newp */
 | |
|   INTERNAL_SIZE_T  remainder_size;   /* its size */
 | |
| 
 | |
|   mchunkptr bck;              /* misc temp for linking */
 | |
|   mchunkptr fwd;              /* misc temp for linking */
 | |
| 
 | |
| #ifdef REALLOC_ZERO_BYTES_FREES
 | |
|   if (!bytes) {
 | |
| 	fREe_impl(oldmem);
 | |
| 	return NULL;
 | |
|   }
 | |
| #endif
 | |
| 
 | |
|   if (bytes > CONFIG_SYS_MALLOC_LEN || (long)bytes < 0)
 | |
|      return NULL;
 | |
| 
 | |
|   /* realloc of null is supposed to be same as malloc */
 | |
|   if (oldmem == NULL) return mALLOc_impl(bytes);
 | |
| 
 | |
| #if CONFIG_IS_ENABLED(SYS_MALLOC_F)
 | |
| 	if (!(gd->flags & GD_FLG_FULL_MALLOC_INIT)) {
 | |
| 		/* This is harder to support and should not be needed */
 | |
| 		panic("pre-reloc realloc() is not supported");
 | |
| 	}
 | |
| #endif
 | |
|   if (CONFIG_IS_ENABLED(UNIT_TEST) && malloc_testing) {
 | |
|     if (--malloc_max_allocs < 0)
 | |
|       return NULL;
 | |
|   }
 | |
| 
 | |
|   newp    = oldp    = mem2chunk(oldmem);
 | |
|   newsize = oldsize = chunksize(oldp);
 | |
| 
 | |
|   nb = request2size(bytes);
 | |
| 
 | |
| #if HAVE_MMAP
 | |
|   if (chunk_is_mmapped(oldp))
 | |
|   {
 | |
| #if HAVE_MREMAP
 | |
|     newp = mremap_chunk(oldp, nb);
 | |
|     if(newp) return chunk2mem(newp);
 | |
| #endif
 | |
|     /* Note the extra SIZE_SZ overhead. */
 | |
|     if(oldsize - SIZE_SZ >= nb) return oldmem; /* do nothing */
 | |
|     /* Must alloc, copy, free. */
 | |
|     newmem = mALLOc_impl(bytes);
 | |
|     if (!newmem)
 | |
| 	return NULL; /* propagate failure */
 | |
|     MALLOC_COPY(newmem, oldmem, oldsize - 2*SIZE_SZ);
 | |
|     munmap_chunk(oldp);
 | |
|     return newmem;
 | |
|   }
 | |
| #endif
 | |
| 
 | |
|   check_inuse_chunk(oldp);
 | |
| 
 | |
|   if ((long)(oldsize) < (long)(nb))
 | |
|   {
 | |
| 
 | |
|     /* Try expanding forward */
 | |
| 
 | |
|     next = chunk_at_offset(oldp, oldsize);
 | |
|     if (next == top || !inuse(next))
 | |
|     {
 | |
|       nextsize = chunksize(next);
 | |
| 
 | |
|       /* Forward into top only if a remainder */
 | |
|       if (next == top)
 | |
|       {
 | |
| 	if ((long)(nextsize + newsize) >= (long)(nb + MINSIZE))
 | |
| 	{
 | |
| 	  newsize += nextsize;
 | |
| 	  top = chunk_at_offset(oldp, nb);
 | |
| 	  set_head(top, (newsize - nb) | PREV_INUSE);
 | |
| 	  set_head_size(oldp, nb);
 | |
| 	  VALGRIND_RESIZEINPLACE_BLOCK(chunk2mem(oldp), 0, bytes, SIZE_SZ);
 | |
| 	  VALGRIND_MAKE_MEM_DEFINED(chunk2mem(oldp), bytes);
 | |
| 	  return chunk2mem(oldp);
 | |
| 	}
 | |
|       }
 | |
| 
 | |
|       /* Forward into next chunk */
 | |
|       else if (((long)(nextsize + newsize) >= (long)(nb)))
 | |
|       {
 | |
| 	unlink(next, bck, fwd);
 | |
| 	newsize  += nextsize;
 | |
| 	VALGRIND_RESIZEINPLACE_BLOCK(chunk2mem(oldp), 0, bytes, SIZE_SZ);
 | |
| 	VALGRIND_MAKE_MEM_DEFINED(chunk2mem(oldp), bytes);
 | |
| 	goto split;
 | |
|       }
 | |
|     }
 | |
|     else
 | |
|     {
 | |
|       next = NULL;
 | |
|       nextsize = 0;
 | |
|     }
 | |
| 
 | |
|     /* Try shifting backwards. */
 | |
| 
 | |
|     if (!prev_inuse(oldp))
 | |
|     {
 | |
|       prev = prev_chunk(oldp);
 | |
|       prevsize = chunksize(prev);
 | |
| 
 | |
|       /* try forward + backward first to save a later consolidation */
 | |
| 
 | |
|       if (next != NULL)
 | |
|       {
 | |
| 	/* into top */
 | |
| 	if (next == top)
 | |
| 	{
 | |
| 	  if ((long)(nextsize + prevsize + newsize) >= (long)(nb + MINSIZE))
 | |
| 	  {
 | |
| 	    unlink(prev, bck, fwd);
 | |
| 	    newp = prev;
 | |
| 	    newsize += prevsize + nextsize;
 | |
| 	    newmem = chunk2mem(newp);
 | |
| 	    VALGRIND_MALLOCLIKE_BLOCK(newmem, bytes, SIZE_SZ, false);
 | |
| 	    MALLOC_COPY(newmem, oldmem, oldsize - SIZE_SZ);
 | |
| 	    top = chunk_at_offset(newp, nb);
 | |
| 	    set_head(top, (newsize - nb) | PREV_INUSE);
 | |
| 	    set_head_size(newp, nb);
 | |
| 	    VALGRIND_FREELIKE_BLOCK(oldmem, SIZE_SZ);
 | |
| 	    return newmem;
 | |
| 	  }
 | |
| 	}
 | |
| 
 | |
| 	/* into next chunk */
 | |
| 	else if (((long)(nextsize + prevsize + newsize) >= (long)(nb)))
 | |
| 	{
 | |
| 	  unlink(next, bck, fwd);
 | |
| 	  unlink(prev, bck, fwd);
 | |
| 	  newp = prev;
 | |
| 	  newsize += nextsize + prevsize;
 | |
| 	  newmem = chunk2mem(newp);
 | |
| 	  VALGRIND_MALLOCLIKE_BLOCK(newmem, bytes, SIZE_SZ, false);
 | |
| 	  MALLOC_COPY(newmem, oldmem, oldsize - SIZE_SZ);
 | |
| 	  goto split;
 | |
| 	}
 | |
|       }
 | |
| 
 | |
|       /* backward only */
 | |
|       if (prev != NULL && (long)(prevsize + newsize) >= (long)nb)
 | |
|       {
 | |
| 	unlink(prev, bck, fwd);
 | |
| 	newp = prev;
 | |
| 	newsize += prevsize;
 | |
| 	newmem = chunk2mem(newp);
 | |
| 	VALGRIND_MALLOCLIKE_BLOCK(newmem, bytes, SIZE_SZ, false);
 | |
| 	MALLOC_COPY(newmem, oldmem, oldsize - SIZE_SZ);
 | |
| 	goto split;
 | |
|       }
 | |
|     }
 | |
| 
 | |
|     /* Must allocate */
 | |
| 
 | |
|     newmem = mALLOc_impl (bytes);
 | |
| 
 | |
|     if (newmem == NULL)  /* propagate failure */
 | |
|       return NULL;
 | |
| 
 | |
|     /* Avoid copy if newp is next chunk after oldp. */
 | |
|     /* (This can only happen when new chunk is sbrk'ed.) */
 | |
| 
 | |
|     if ( (newp = mem2chunk(newmem)) == next_chunk(oldp))
 | |
|     {
 | |
|       newsize += chunksize(newp);
 | |
|       newp = oldp;
 | |
|       goto split;
 | |
|     }
 | |
| 
 | |
|     /* Otherwise copy, free, and exit */
 | |
|     MALLOC_COPY(newmem, oldmem, oldsize - SIZE_SZ);
 | |
|     fREe_impl(oldmem);
 | |
|     return newmem;
 | |
|   } else {
 | |
|     VALGRIND_RESIZEINPLACE_BLOCK(oldmem, 0, bytes, SIZE_SZ);
 | |
|     VALGRIND_MAKE_MEM_DEFINED(oldmem, bytes);
 | |
|   }
 | |
| 
 | |
|  split:  /* split off extra room in old or expanded chunk */
 | |
| 
 | |
|   if (newsize - nb >= MINSIZE) /* split off remainder */
 | |
|   {
 | |
|     remainder = chunk_at_offset(newp, nb);
 | |
|     remainder_size = newsize - nb;
 | |
|     set_head_size(newp, nb);
 | |
|     set_head(remainder, remainder_size | PREV_INUSE);
 | |
|     set_inuse_bit_at_offset(remainder, remainder_size);
 | |
|     VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(remainder), remainder_size, SIZE_SZ,
 | |
| 			      false);
 | |
|     fREe_impl(chunk2mem(remainder)); /* let free() deal with it */
 | |
|   }
 | |
|   else
 | |
|   {
 | |
|     set_head_size(newp, newsize);
 | |
|     set_inuse_bit_at_offset(newp, newsize);
 | |
|   }
 | |
| 
 | |
|   check_inuse_chunk(newp);
 | |
|   return chunk2mem(newp);
 | |
| }
 | |
| 
 | |
| /*
 | |
| 
 | |
|   memalign algorithm:
 | |
| 
 | |
|     memalign requests more than enough space from malloc, finds a spot
 | |
|     within that chunk that meets the alignment request, and then
 | |
|     possibly frees the leading and trailing space.
 | |
| 
 | |
|     The alignment argument must be a power of two. This property is not
 | |
|     checked by memalign, so misuse may result in random runtime errors.
 | |
| 
 | |
|     8-byte alignment is guaranteed by normal malloc calls, so don't
 | |
|     bother calling memalign with an argument of 8 or less.
 | |
| 
 | |
|     Overreliance on memalign is a sure way to fragment space.
 | |
| 
 | |
| */
 | |
| 
 | |
| STATIC_IF_MCHECK
 | |
| #if __STD_C
 | |
| Void_t* mEMALIGn_impl(size_t alignment, size_t bytes)
 | |
| #else
 | |
| Void_t* mEMALIGn_impl(alignment, bytes) size_t alignment; size_t bytes;
 | |
| #endif
 | |
| {
 | |
|   INTERNAL_SIZE_T    nb;      /* padded  request size */
 | |
|   char*     m;                /* memory returned by malloc call */
 | |
|   mchunkptr p;                /* corresponding chunk */
 | |
|   char*     brk;              /* alignment point within p */
 | |
|   mchunkptr newp;             /* chunk to return */
 | |
|   INTERNAL_SIZE_T  newsize;   /* its size */
 | |
|   INTERNAL_SIZE_T  leadsize;  /* leading space befor alignment point */
 | |
|   mchunkptr remainder;        /* spare room at end to split off */
 | |
|   long      remainder_size;   /* its size */
 | |
| 
 | |
|   if (bytes > CONFIG_SYS_MALLOC_LEN || (long)bytes < 0)
 | |
|      return NULL;
 | |
| 
 | |
| #if CONFIG_IS_ENABLED(SYS_MALLOC_F)
 | |
| 	if (!(gd->flags & GD_FLG_FULL_MALLOC_INIT)) {
 | |
| 		return memalign_simple(alignment, bytes);
 | |
| 	}
 | |
| #endif
 | |
| 
 | |
|   /* If need less alignment than we give anyway, just relay to malloc */
 | |
| 
 | |
|   if (alignment <= MALLOC_ALIGNMENT) return mALLOc_impl(bytes);
 | |
| 
 | |
|   /* Otherwise, ensure that it is at least a minimum chunk size */
 | |
| 
 | |
|   if (alignment <  MINSIZE) alignment = MINSIZE;
 | |
| 
 | |
|   /* Call malloc with worst case padding to hit alignment. */
 | |
| 
 | |
|   nb = request2size(bytes);
 | |
|   m  = (char*)(mALLOc_impl(nb + alignment + MINSIZE));
 | |
| 
 | |
|   /*
 | |
|   * The attempt to over-allocate (with a size large enough to guarantee the
 | |
|   * ability to find an aligned region within allocated memory) failed.
 | |
|   *
 | |
|   * Try again, this time only allocating exactly the size the user wants. If
 | |
|   * the allocation now succeeds and just happens to be aligned, we can still
 | |
|   * fulfill the user's request.
 | |
|   */
 | |
|   if (m == NULL) {
 | |
|     size_t extra, extra2;
 | |
|     /*
 | |
|      * Use bytes not nb, since mALLOc internally calls request2size too, and
 | |
|      * each call increases the size to allocate, to account for the header.
 | |
|      */
 | |
|     m  = (char*)(mALLOc_impl(bytes));
 | |
|     /* Aligned -> return it */
 | |
|     if ((((unsigned long)(m)) % alignment) == 0)
 | |
|       return m;
 | |
|     /*
 | |
|      * Otherwise, try again, requesting enough extra space to be able to
 | |
|      * acquire alignment.
 | |
|      */
 | |
|     fREe_impl(m);
 | |
|     /* Add in extra bytes to match misalignment of unexpanded allocation */
 | |
|     extra = alignment - (((unsigned long)(m)) % alignment);
 | |
|     m  = (char*)(mALLOc_impl(bytes + extra));
 | |
|     /*
 | |
|      * m might not be the same as before. Validate that the previous value of
 | |
|      * extra still works for the current value of m.
 | |
|      * If (!m), extra2=alignment so 
 | |
|      */
 | |
|     if (m) {
 | |
|       extra2 = alignment - (((unsigned long)(m)) % alignment);
 | |
|       if (extra2 > extra) {
 | |
|         fREe_impl(m);
 | |
|         m = NULL;
 | |
|       }
 | |
|     }
 | |
|     /* Fall through to original NULL check and chunk splitting logic */
 | |
|   }
 | |
| 
 | |
|   if (m == NULL) return NULL; /* propagate failure */
 | |
| 
 | |
|   p = mem2chunk(m);
 | |
| 
 | |
|   if ((((unsigned long)(m)) % alignment) == 0) /* aligned */
 | |
|   {
 | |
| #if HAVE_MMAP
 | |
|     if(chunk_is_mmapped(p))
 | |
|       return chunk2mem(p); /* nothing more to do */
 | |
| #endif
 | |
|   }
 | |
|   else /* misaligned */
 | |
|   {
 | |
|     /*
 | |
|       Find an aligned spot inside chunk.
 | |
|       Since we need to give back leading space in a chunk of at
 | |
|       least MINSIZE, if the first calculation places us at
 | |
|       a spot with less than MINSIZE leader, we can move to the
 | |
|       next aligned spot -- we've allocated enough total room so that
 | |
|       this is always possible.
 | |
|     */
 | |
| 
 | |
|     brk = (char*)mem2chunk(((unsigned long)(m + alignment - 1)) & -((signed) alignment));
 | |
|     if ((long)(brk - (char*)(p)) < MINSIZE) brk = brk + alignment;
 | |
| 
 | |
|     newp = (mchunkptr)brk;
 | |
|     leadsize = brk - (char*)(p);
 | |
|     newsize = chunksize(p) - leadsize;
 | |
| 
 | |
| #if HAVE_MMAP
 | |
|     if(chunk_is_mmapped(p))
 | |
|     {
 | |
|       newp->prev_size = p->prev_size + leadsize;
 | |
|       set_head(newp, newsize|IS_MMAPPED);
 | |
|       return chunk2mem(newp);
 | |
|     }
 | |
| #endif
 | |
| 
 | |
|     /* give back leader, use the rest */
 | |
| 
 | |
|     set_head(newp, newsize | PREV_INUSE);
 | |
|     set_inuse_bit_at_offset(newp, newsize);
 | |
|     set_head_size(p, leadsize);
 | |
|     fREe_impl(chunk2mem(p));
 | |
|     p = newp;
 | |
|     VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(p), bytes, SIZE_SZ, false);
 | |
| 
 | |
|     assert (newsize >= nb && (((unsigned long)(chunk2mem(p))) % alignment) == 0);
 | |
|   }
 | |
| 
 | |
|   /* Also give back spare room at the end */
 | |
| 
 | |
|   remainder_size = chunksize(p) - nb;
 | |
| 
 | |
|   if (remainder_size >= (long)MINSIZE)
 | |
|   {
 | |
|     remainder = chunk_at_offset(p, nb);
 | |
|     set_head(remainder, remainder_size | PREV_INUSE);
 | |
|     set_head_size(p, nb);
 | |
|     VALGRIND_MALLOCLIKE_BLOCK(chunk2mem(remainder), remainder_size, SIZE_SZ,
 | |
| 			      false);
 | |
|     fREe_impl(chunk2mem(remainder));
 | |
|   }
 | |
| 
 | |
|   check_inuse_chunk(p);
 | |
|   return chunk2mem(p);
 | |
| 
 | |
| }
 | |
| 
 | |
| /*
 | |
|     valloc just invokes memalign with alignment argument equal
 | |
|     to the page size of the system (or as near to this as can
 | |
|     be figured out from all the includes/defines above.)
 | |
| */
 | |
| 
 | |
| #if __STD_C
 | |
| Void_t* vALLOc(size_t bytes)
 | |
| #else
 | |
| Void_t* vALLOc(bytes) size_t bytes;
 | |
| #endif
 | |
| {
 | |
|   return mEMALIGn (malloc_getpagesize, bytes);
 | |
| }
 | |
| 
 | |
| /*
 | |
|   pvalloc just invokes valloc for the nearest pagesize
 | |
|   that will accommodate request
 | |
| */
 | |
| 
 | |
| #if __STD_C
 | |
| Void_t* pvALLOc(size_t bytes)
 | |
| #else
 | |
| Void_t* pvALLOc(bytes) size_t bytes;
 | |
| #endif
 | |
| {
 | |
|   size_t pagesize = malloc_getpagesize;
 | |
|   return mEMALIGn (pagesize, (bytes + pagesize - 1) & ~(pagesize - 1));
 | |
| }
 | |
| 
 | |
| /*
 | |
| 
 | |
|   calloc calls malloc, then zeroes out the allocated chunk.
 | |
| 
 | |
| */
 | |
| 
 | |
| STATIC_IF_MCHECK
 | |
| #if __STD_C
 | |
| Void_t* cALLOc_impl(size_t n, size_t elem_size)
 | |
| #else
 | |
| Void_t* cALLOc_impl(n, elem_size) size_t n; size_t elem_size;
 | |
| #endif
 | |
| {
 | |
|   mchunkptr p;
 | |
|   INTERNAL_SIZE_T csz;
 | |
| 
 | |
|   INTERNAL_SIZE_T sz = n * elem_size;
 | |
| 
 | |
|   /* check if expand_top called, in which case don't need to clear */
 | |
| #if CONFIG_IS_ENABLED(SYS_MALLOC_CLEAR_ON_INIT)
 | |
| #if MORECORE_CLEARS
 | |
|   mchunkptr oldtop = top;
 | |
|   INTERNAL_SIZE_T oldtopsize = chunksize(top);
 | |
| #endif
 | |
| #endif
 | |
|   Void_t* mem = mALLOc_impl (sz);
 | |
| 
 | |
|   if ((long)n < 0) return NULL;
 | |
| 
 | |
|   if (mem == NULL)
 | |
|     return NULL;
 | |
|   else
 | |
|   {
 | |
| #if CONFIG_IS_ENABLED(SYS_MALLOC_F)
 | |
| 	if (!(gd->flags & GD_FLG_FULL_MALLOC_INIT)) {
 | |
| 		memset(mem, 0, sz);
 | |
| 		return mem;
 | |
| 	}
 | |
| #endif
 | |
|     p = mem2chunk(mem);
 | |
| 
 | |
|     /* Two optional cases in which clearing not necessary */
 | |
| 
 | |
| #if HAVE_MMAP
 | |
|     if (chunk_is_mmapped(p)) return mem;
 | |
| #endif
 | |
| 
 | |
|     csz = chunksize(p);
 | |
| 
 | |
| #if CONFIG_IS_ENABLED(SYS_MALLOC_CLEAR_ON_INIT)
 | |
| #if MORECORE_CLEARS
 | |
|     if (p == oldtop && csz > oldtopsize)
 | |
|     {
 | |
|       /* clear only the bytes from non-freshly-sbrked memory */
 | |
|       csz = oldtopsize;
 | |
|     }
 | |
| #endif
 | |
| #endif
 | |
| 
 | |
|     MALLOC_ZERO(mem, csz - SIZE_SZ);
 | |
|     VALGRIND_MAKE_MEM_DEFINED(mem, sz);
 | |
|     return mem;
 | |
|   }
 | |
| }
 | |
| 
 | |
| /*
 | |
| 
 | |
|   cfree just calls free. It is needed/defined on some systems
 | |
|   that pair it with calloc, presumably for odd historical reasons.
 | |
| 
 | |
| */
 | |
| 
 | |
| #if !defined(INTERNAL_LINUX_C_LIB) || !defined(__ELF__)
 | |
| #if __STD_C
 | |
| void cfree(Void_t *mem)
 | |
| #else
 | |
| void cfree(mem) Void_t *mem;
 | |
| #endif
 | |
| {
 | |
|   fREe(mem);
 | |
| }
 | |
| #endif
 | |
| 
 | |
| #ifdef MCHECK_HEAP_PROTECTION
 | |
|  #include "mcheck_core.inc.h"
 | |
|  #if !__STD_C
 | |
|   #error "must have __STD_C"
 | |
|  #endif
 | |
| 
 | |
| Void_t *mALLOc(size_t bytes)
 | |
| {
 | |
| 	mcheck_pedantic_prehook();
 | |
| 	size_t fullsz = mcheck_alloc_prehook(bytes);
 | |
| 	void *p = mALLOc_impl(fullsz);
 | |
| 
 | |
| 	if (!p)
 | |
| 		return p;
 | |
| 	return mcheck_alloc_posthook(p, bytes);
 | |
| }
 | |
| 
 | |
| void fREe(Void_t *mem) { fREe_impl(mcheck_free_prehook(mem)); }
 | |
| 
 | |
| Void_t *rEALLOc(Void_t *oldmem, size_t bytes)
 | |
| {
 | |
| 	mcheck_pedantic_prehook();
 | |
| 	if (bytes == 0) {
 | |
| 		if (oldmem)
 | |
| 			fREe(oldmem);
 | |
| 		return NULL;
 | |
| 	}
 | |
| 
 | |
| 	if (oldmem == NULL)
 | |
| 		return mALLOc(bytes);
 | |
| 
 | |
| 	void *p = mcheck_reallocfree_prehook(oldmem);
 | |
| 	size_t newsz = mcheck_alloc_prehook(bytes);
 | |
| 
 | |
| 	p = rEALLOc_impl(p, newsz);
 | |
| 	if (!p)
 | |
| 		return p;
 | |
| 	return mcheck_alloc_noclean_posthook(p, bytes);
 | |
| }
 | |
| 
 | |
| Void_t *mEMALIGn(size_t alignment, size_t bytes)
 | |
| {
 | |
| 	mcheck_pedantic_prehook();
 | |
| 	size_t fullsz = mcheck_memalign_prehook(alignment, bytes);
 | |
| 	void *p = mEMALIGn_impl(alignment, fullsz);
 | |
| 
 | |
| 	if (!p)
 | |
| 		return p;
 | |
| 	return mcheck_memalign_posthook(alignment, p, bytes);
 | |
| }
 | |
| 
 | |
| // pvALLOc, vALLOc - redirect to mEMALIGn, defined here, so they need no wrapping.
 | |
| 
 | |
| Void_t *cALLOc(size_t n, size_t elem_size)
 | |
| {
 | |
| 	mcheck_pedantic_prehook();
 | |
| 	// NB: here is no overflow check.
 | |
| 	size_t fullsz = mcheck_alloc_prehook(n * elem_size);
 | |
| 	void *p = cALLOc_impl(1, fullsz);
 | |
| 
 | |
| 	if (!p)
 | |
| 		return p;
 | |
| 	return mcheck_alloc_noclean_posthook(p, n * elem_size);
 | |
| }
 | |
| 
 | |
| // mcheck API {
 | |
| int mcheck_pedantic(mcheck_abortfunc_t f)
 | |
| {
 | |
| 	mcheck_initialize(f, 1);
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| int mcheck(mcheck_abortfunc_t f)
 | |
| {
 | |
| 	mcheck_initialize(f, 0);
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| void mcheck_check_all(void) { mcheck_pedantic_check(); }
 | |
| 
 | |
| enum mcheck_status mprobe(void *__ptr) { return mcheck_mprobe(__ptr); }
 | |
| // mcheck API }
 | |
| #endif
 | |
| 
 | |
| /*
 | |
| 
 | |
|     Malloc_trim gives memory back to the system (via negative
 | |
|     arguments to sbrk) if there is unused memory at the `high' end of
 | |
|     the malloc pool. You can call this after freeing large blocks of
 | |
|     memory to potentially reduce the system-level memory requirements
 | |
|     of a program. However, it cannot guarantee to reduce memory. Under
 | |
|     some allocation patterns, some large free blocks of memory will be
 | |
|     locked between two used chunks, so they cannot be given back to
 | |
|     the system.
 | |
| 
 | |
|     The `pad' argument to malloc_trim represents the amount of free
 | |
|     trailing space to leave untrimmed. If this argument is zero,
 | |
|     only the minimum amount of memory to maintain internal data
 | |
|     structures will be left (one page or less). Non-zero arguments
 | |
|     can be supplied to maintain enough trailing space to service
 | |
|     future expected allocations without having to re-obtain memory
 | |
|     from the system.
 | |
| 
 | |
|     Malloc_trim returns 1 if it actually released any memory, else 0.
 | |
| 
 | |
| */
 | |
| 
 | |
| #if __STD_C
 | |
| int malloc_trim(size_t pad)
 | |
| #else
 | |
| int malloc_trim(pad) size_t pad;
 | |
| #endif
 | |
| {
 | |
|   long  top_size;        /* Amount of top-most memory */
 | |
|   long  extra;           /* Amount to release */
 | |
|   char* current_brk;     /* address returned by pre-check sbrk call */
 | |
|   char* new_brk;         /* address returned by negative sbrk call */
 | |
| 
 | |
|   unsigned long pagesz = malloc_getpagesize;
 | |
| 
 | |
|   top_size = chunksize(top);
 | |
|   extra = ((top_size - pad - MINSIZE + (pagesz-1)) / pagesz - 1) * pagesz;
 | |
| 
 | |
|   if (extra < (long)pagesz)  /* Not enough memory to release */
 | |
|     return 0;
 | |
| 
 | |
|   else
 | |
|   {
 | |
|     /* Test to make sure no one else called sbrk */
 | |
|     current_brk = (char*)(MORECORE (0));
 | |
|     if (current_brk != (char*)(top) + top_size)
 | |
|       return 0;     /* Apparently we don't own memory; must fail */
 | |
| 
 | |
|     else
 | |
|     {
 | |
|       new_brk = (char*)(MORECORE (-extra));
 | |
| 
 | |
|       if (new_brk == (char*)(MORECORE_FAILURE)) /* sbrk failed? */
 | |
|       {
 | |
| 	/* Try to figure out what we have */
 | |
| 	current_brk = (char*)(MORECORE (0));
 | |
| 	top_size = current_brk - (char*)top;
 | |
| 	if (top_size >= (long)MINSIZE) /* if not, we are very very dead! */
 | |
| 	{
 | |
| 	  sbrked_mem = current_brk - sbrk_base;
 | |
| 	  set_head(top, top_size | PREV_INUSE);
 | |
| 	}
 | |
| 	check_chunk(top);
 | |
| 	return 0;
 | |
|       }
 | |
| 
 | |
|       else
 | |
|       {
 | |
| 	/* Success. Adjust top accordingly. */
 | |
| 	set_head(top, (top_size - extra) | PREV_INUSE);
 | |
| 	sbrked_mem -= extra;
 | |
| 	check_chunk(top);
 | |
| 	return 1;
 | |
|       }
 | |
|     }
 | |
|   }
 | |
| }
 | |
| 
 | |
| /*
 | |
|   malloc_usable_size:
 | |
| 
 | |
|     This routine tells you how many bytes you can actually use in an
 | |
|     allocated chunk, which may be more than you requested (although
 | |
|     often not). You can use this many bytes without worrying about
 | |
|     overwriting other allocated objects. Not a particularly great
 | |
|     programming practice, but still sometimes useful.
 | |
| 
 | |
| */
 | |
| 
 | |
| #if __STD_C
 | |
| size_t malloc_usable_size(Void_t* mem)
 | |
| #else
 | |
| size_t malloc_usable_size(mem) Void_t* mem;
 | |
| #endif
 | |
| {
 | |
|   mchunkptr p;
 | |
|   if (mem == NULL)
 | |
|     return 0;
 | |
|   else
 | |
|   {
 | |
|     p = mem2chunk(mem);
 | |
|     if(!chunk_is_mmapped(p))
 | |
|     {
 | |
|       if (!inuse(p)) return 0;
 | |
|       check_inuse_chunk(p);
 | |
|       return chunksize(p) - SIZE_SZ;
 | |
|     }
 | |
|     return chunksize(p) - 2*SIZE_SZ;
 | |
|   }
 | |
| }
 | |
| 
 | |
| /* Utility to update current_mallinfo for malloc_stats and mallinfo() */
 | |
| 
 | |
| #ifdef DEBUG
 | |
| static void malloc_update_mallinfo(void)
 | |
| {
 | |
|   int i;
 | |
|   mbinptr b;
 | |
|   mchunkptr p;
 | |
| #ifdef DEBUG
 | |
|   mchunkptr q;
 | |
| #endif
 | |
| 
 | |
|   INTERNAL_SIZE_T avail = chunksize(top);
 | |
|   int   navail = ((long)(avail) >= (long)MINSIZE)? 1 : 0;
 | |
| 
 | |
|   for (i = 1; i < NAV; ++i)
 | |
|   {
 | |
|     b = bin_at(i);
 | |
|     for (p = last(b); p != b; p = p->bk)
 | |
|     {
 | |
| #ifdef DEBUG
 | |
|       check_free_chunk(p);
 | |
|       for (q = next_chunk(p);
 | |
| 	   q < top && inuse(q) && (long)(chunksize(q)) >= (long)MINSIZE;
 | |
| 	   q = next_chunk(q))
 | |
| 	check_inuse_chunk(q);
 | |
| #endif
 | |
|       avail += chunksize(p);
 | |
|       navail++;
 | |
|     }
 | |
|   }
 | |
| 
 | |
|   current_mallinfo.ordblks = navail;
 | |
|   current_mallinfo.uordblks = sbrked_mem - avail;
 | |
|   current_mallinfo.fordblks = avail;
 | |
|   current_mallinfo.hblks = n_mmaps;
 | |
|   current_mallinfo.hblkhd = mmapped_mem;
 | |
|   current_mallinfo.keepcost = chunksize(top);
 | |
| 
 | |
| }
 | |
| #endif	/* DEBUG */
 | |
| 
 | |
| /*
 | |
| 
 | |
|   malloc_stats:
 | |
| 
 | |
|     Prints on the amount of space obtain from the system (both
 | |
|     via sbrk and mmap), the maximum amount (which may be more than
 | |
|     current if malloc_trim and/or munmap got called), the maximum
 | |
|     number of simultaneous mmap regions used, and the current number
 | |
|     of bytes allocated via malloc (or realloc, etc) but not yet
 | |
|     freed. (Note that this is the number of bytes allocated, not the
 | |
|     number requested. It will be larger than the number requested
 | |
|     because of alignment and bookkeeping overhead.)
 | |
| 
 | |
| */
 | |
| 
 | |
| #ifdef DEBUG
 | |
| void malloc_stats(void)
 | |
| {
 | |
|   malloc_update_mallinfo();
 | |
|   printf("max system bytes = %10u\n",
 | |
| 	  (unsigned int)(max_total_mem));
 | |
|   printf("system bytes     = %10u\n",
 | |
| 	  (unsigned int)(sbrked_mem + mmapped_mem));
 | |
|   printf("in use bytes     = %10u\n",
 | |
| 	  (unsigned int)(current_mallinfo.uordblks + mmapped_mem));
 | |
| #if HAVE_MMAP
 | |
|   printf("max mmap regions = %10u\n",
 | |
| 	  (unsigned int)max_n_mmaps);
 | |
| #endif
 | |
| }
 | |
| #endif	/* DEBUG */
 | |
| 
 | |
| /*
 | |
|   mallinfo returns a copy of updated current mallinfo.
 | |
| */
 | |
| 
 | |
| #ifdef DEBUG
 | |
| struct mallinfo mALLINFo(void)
 | |
| {
 | |
|   malloc_update_mallinfo();
 | |
|   return current_mallinfo;
 | |
| }
 | |
| #endif	/* DEBUG */
 | |
| 
 | |
| /*
 | |
|   mallopt:
 | |
| 
 | |
|     mallopt is the general SVID/XPG interface to tunable parameters.
 | |
|     The format is to provide a (parameter-number, parameter-value) pair.
 | |
|     mallopt then sets the corresponding parameter to the argument
 | |
|     value if it can (i.e., so long as the value is meaningful),
 | |
|     and returns 1 if successful else 0.
 | |
| 
 | |
|     See descriptions of tunable parameters above.
 | |
| 
 | |
| */
 | |
| 
 | |
| #if __STD_C
 | |
| int mALLOPt(int param_number, int value)
 | |
| #else
 | |
| int mALLOPt(param_number, value) int param_number; int value;
 | |
| #endif
 | |
| {
 | |
|   switch(param_number)
 | |
|   {
 | |
|     case M_TRIM_THRESHOLD:
 | |
|       trim_threshold = value; return 1;
 | |
|     case M_TOP_PAD:
 | |
|       top_pad = value; return 1;
 | |
|     case M_MMAP_THRESHOLD:
 | |
|       mmap_threshold = value; return 1;
 | |
|     case M_MMAP_MAX:
 | |
| #if HAVE_MMAP
 | |
|       n_mmaps_max = value; return 1;
 | |
| #else
 | |
|       if (value != 0) return 0; else  n_mmaps_max = value; return 1;
 | |
| #endif
 | |
| 
 | |
|     default:
 | |
|       return 0;
 | |
|   }
 | |
| }
 | |
| 
 | |
| int initf_malloc(void)
 | |
| {
 | |
| #if CONFIG_IS_ENABLED(SYS_MALLOC_F)
 | |
| 	assert(gd->malloc_base);	/* Set up by crt0.S */
 | |
| 	gd->malloc_limit = CONFIG_VAL(SYS_MALLOC_F_LEN);
 | |
| 	gd->malloc_ptr = 0;
 | |
| #endif
 | |
| 
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| void malloc_enable_testing(int max_allocs)
 | |
| {
 | |
| 	malloc_testing = true;
 | |
| 	malloc_max_allocs = max_allocs;
 | |
| }
 | |
| 
 | |
| void malloc_disable_testing(void)
 | |
| {
 | |
| 	malloc_testing = false;
 | |
| }
 | |
| 
 | |
| /*
 | |
| 
 | |
| History:
 | |
| 
 | |
|     V2.6.6 Sun Dec  5 07:42:19 1999  Doug Lea  (dl at gee)
 | |
|       * return null for negative arguments
 | |
|       * Added Several WIN32 cleanups from Martin C. Fong <mcfong@yahoo.com>
 | |
| 	 * Add 'LACKS_SYS_PARAM_H' for those systems without 'sys/param.h'
 | |
| 	  (e.g. WIN32 platforms)
 | |
| 	 * Cleanup up header file inclusion for WIN32 platforms
 | |
| 	 * Cleanup code to avoid Microsoft Visual C++ compiler complaints
 | |
| 	 * Add 'USE_DL_PREFIX' to quickly allow co-existence with existing
 | |
| 	   memory allocation routines
 | |
| 	 * Set 'malloc_getpagesize' for WIN32 platforms (needs more work)
 | |
| 	 * Use 'assert' rather than 'ASSERT' in WIN32 code to conform to
 | |
| 	   usage of 'assert' in non-WIN32 code
 | |
| 	 * Improve WIN32 'sbrk()' emulation's 'findRegion()' routine to
 | |
| 	   avoid infinite loop
 | |
|       * Always call 'fREe()' rather than 'free()'
 | |
| 
 | |
|     V2.6.5 Wed Jun 17 15:57:31 1998  Doug Lea  (dl at gee)
 | |
|       * Fixed ordering problem with boundary-stamping
 | |
| 
 | |
|     V2.6.3 Sun May 19 08:17:58 1996  Doug Lea  (dl at gee)
 | |
|       * Added pvalloc, as recommended by H.J. Liu
 | |
|       * Added 64bit pointer support mainly from Wolfram Gloger
 | |
|       * Added anonymously donated WIN32 sbrk emulation
 | |
|       * Malloc, calloc, getpagesize: add optimizations from Raymond Nijssen
 | |
|       * malloc_extend_top: fix mask error that caused wastage after
 | |
| 	foreign sbrks
 | |
|       * Add linux mremap support code from HJ Liu
 | |
| 
 | |
|     V2.6.2 Tue Dec  5 06:52:55 1995  Doug Lea  (dl at gee)
 | |
|       * Integrated most documentation with the code.
 | |
|       * Add support for mmap, with help from
 | |
| 	Wolfram Gloger (Gloger@lrz.uni-muenchen.de).
 | |
|       * Use last_remainder in more cases.
 | |
|       * Pack bins using idea from  colin@nyx10.cs.du.edu
 | |
|       * Use ordered bins instead of best-fit threshhold
 | |
|       * Eliminate block-local decls to simplify tracing and debugging.
 | |
|       * Support another case of realloc via move into top
 | |
|       * Fix error occuring when initial sbrk_base not word-aligned.
 | |
|       * Rely on page size for units instead of SBRK_UNIT to
 | |
| 	avoid surprises about sbrk alignment conventions.
 | |
|       * Add mallinfo, mallopt. Thanks to Raymond Nijssen
 | |
| 	(raymond@es.ele.tue.nl) for the suggestion.
 | |
|       * Add `pad' argument to malloc_trim and top_pad mallopt parameter.
 | |
|       * More precautions for cases where other routines call sbrk,
 | |
| 	courtesy of Wolfram Gloger (Gloger@lrz.uni-muenchen.de).
 | |
|       * Added macros etc., allowing use in linux libc from
 | |
| 	H.J. Lu (hjl@gnu.ai.mit.edu)
 | |
|       * Inverted this history list
 | |
| 
 | |
|     V2.6.1 Sat Dec  2 14:10:57 1995  Doug Lea  (dl at gee)
 | |
|       * Re-tuned and fixed to behave more nicely with V2.6.0 changes.
 | |
|       * Removed all preallocation code since under current scheme
 | |
| 	the work required to undo bad preallocations exceeds
 | |
| 	the work saved in good cases for most test programs.
 | |
|       * No longer use return list or unconsolidated bins since
 | |
| 	no scheme using them consistently outperforms those that don't
 | |
| 	given above changes.
 | |
|       * Use best fit for very large chunks to prevent some worst-cases.
 | |
|       * Added some support for debugging
 | |
| 
 | |
|     V2.6.0 Sat Nov  4 07:05:23 1995  Doug Lea  (dl at gee)
 | |
|       * Removed footers when chunks are in use. Thanks to
 | |
| 	Paul Wilson (wilson@cs.texas.edu) for the suggestion.
 | |
| 
 | |
|     V2.5.4 Wed Nov  1 07:54:51 1995  Doug Lea  (dl at gee)
 | |
|       * Added malloc_trim, with help from Wolfram Gloger
 | |
| 	(wmglo@Dent.MED.Uni-Muenchen.DE).
 | |
| 
 | |
|     V2.5.3 Tue Apr 26 10:16:01 1994  Doug Lea  (dl at g)
 | |
| 
 | |
|     V2.5.2 Tue Apr  5 16:20:40 1994  Doug Lea  (dl at g)
 | |
|       * realloc: try to expand in both directions
 | |
|       * malloc: swap order of clean-bin strategy;
 | |
|       * realloc: only conditionally expand backwards
 | |
|       * Try not to scavenge used bins
 | |
|       * Use bin counts as a guide to preallocation
 | |
|       * Occasionally bin return list chunks in first scan
 | |
|       * Add a few optimizations from colin@nyx10.cs.du.edu
 | |
| 
 | |
|     V2.5.1 Sat Aug 14 15:40:43 1993  Doug Lea  (dl at g)
 | |
|       * faster bin computation & slightly different binning
 | |
|       * merged all consolidations to one part of malloc proper
 | |
| 	 (eliminating old malloc_find_space & malloc_clean_bin)
 | |
|       * Scan 2 returns chunks (not just 1)
 | |
|       * Propagate failure in realloc if malloc returns 0
 | |
|       * Add stuff to allow compilation on non-ANSI compilers
 | |
| 	  from kpv@research.att.com
 | |
| 
 | |
|     V2.5 Sat Aug  7 07:41:59 1993  Doug Lea  (dl at g.oswego.edu)
 | |
|       * removed potential for odd address access in prev_chunk
 | |
|       * removed dependency on getpagesize.h
 | |
|       * misc cosmetics and a bit more internal documentation
 | |
|       * anticosmetics: mangled names in macros to evade debugger strangeness
 | |
|       * tested on sparc, hp-700, dec-mips, rs6000
 | |
| 	  with gcc & native cc (hp, dec only) allowing
 | |
| 	  Detlefs & Zorn comparison study (in SIGPLAN Notices.)
 | |
| 
 | |
|     Trial version Fri Aug 28 13:14:29 1992  Doug Lea  (dl at g.oswego.edu)
 | |
|       * Based loosely on libg++-1.2X malloc. (It retains some of the overall
 | |
| 	 structure of old version,  but most details differ.)
 | |
| 
 | |
| */
 |