| 1 | /*- |
| 2 | * Copyright (c) 1983 Regents of the University of California. |
| 3 | * All rights reserved. |
| 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions |
| 7 | * are met: |
| 8 | * 1. Redistributions of source code must retain the above copyright |
| 9 | * notice, this list of conditions and the following disclaimer. |
| 10 | * 2. Redistributions in binary form must reproduce the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer in the |
| 12 | * documentation and/or other materials provided with the distribution. |
| 13 | * 3. All advertising materials mentioning features or use of this software |
| 14 | * must display the following acknowledgement: |
| 15 | * This product includes software developed by the University of |
| 16 | * California, Berkeley and its contributors. |
| 17 | * 4. Neither the name of the University nor the names of its contributors |
| 18 | * may be used to endorse or promote products derived from this software |
| 19 | * without specific prior written permission. |
| 20 | * |
| 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 31 | * SUCH DAMAGE. |
| 32 | */ |
| 33 | |
| 34 | /* |
| 35 | * malloc.c (Caltech) 2/21/82 |
| 36 | * Chris Kingsley, kingsley@cit-20. |
| 37 | * |
| 38 | * This is a very fast storage allocator. It allocates blocks of a small |
| 39 | * number of different sizes, and keeps free lists of each size. Blocks that |
| 40 | * don't exactly fit are passed up to the next larger size. In this |
| 41 | * implementation, the available sizes are 2^n-4 (or 2^n-10) bytes long. |
| 42 | * This is designed for use in a virtual memory environment. |
| 43 | */ |
| 44 | |
| 45 | #include <sys/types.h> |
| 46 | #include <paths.h> |
| 47 | #include <stdarg.h> |
| 48 | #include <stdio.h> |
| 49 | #include <stdlib.h> |
| 50 | #include <string.h> |
| 51 | #include <unistd.h> |
| 52 | #include <sys/param.h> |
| 53 | #include <sys/mman.h> |
| 54 | #include "rtld_printf.h" |
| 55 | |
| 56 | static void morecore(); |
| 57 | static int findbucket(); |
| 58 | |
| 59 | /* |
| 60 | * Pre-allocate mmap'ed pages |
| 61 | */ |
| 62 | #define NPOOLPAGES (32*1024/pagesz) |
| 63 | static caddr_t pagepool_start, pagepool_end; |
| 64 | static int morepages(); |
| 65 | |
| 66 | /* |
| 67 | * The overhead on a block is at least 4 bytes. When free, this space |
| 68 | * contains a pointer to the next free block, and the bottom two bits must |
| 69 | * be zero. When in use, the first byte is set to MAGIC, and the second |
| 70 | * byte is the size index. The remaining bytes are for alignment. |
| 71 | * If range checking is enabled then a second word holds the size of the |
| 72 | * requested block, less 1, rounded up to a multiple of sizeof(RMAGIC). |
| 73 | * The order of elements is critical: ov_magic must overlay the low order |
| 74 | * bits of ov_next, and ov_magic can not be a valid ov_next bit pattern. |
| 75 | */ |
| 76 | union overhead { |
| 77 | union overhead *ov_next; /* when free */ |
| 78 | struct { |
| 79 | u_char ovu_magic; /* magic number */ |
| 80 | u_char ovu_index; /* bucket # */ |
| 81 | #ifdef RCHECK |
| 82 | u_short ovu_rmagic; /* range magic number */ |
| 83 | u_int ovu_size; /* actual block size */ |
| 84 | #endif |
| 85 | } ovu; |
| 86 | #define ov_magic ovu.ovu_magic |
| 87 | #define ov_index ovu.ovu_index |
| 88 | #define ov_rmagic ovu.ovu_rmagic |
| 89 | #define ov_size ovu.ovu_size |
| 90 | }; |
| 91 | |
| 92 | #define MAGIC 0xef /* magic # on accounting info */ |
| 93 | #define RMAGIC 0x5555 /* magic # on range info */ |
| 94 | |
| 95 | #ifdef RCHECK |
| 96 | #define RSLOP sizeof (u_short) |
| 97 | #else |
| 98 | #define RSLOP 0 |
| 99 | #endif |
| 100 | |
| 101 | /* |
| 102 | * nextf[i] is the pointer to the next free block of size 2^(i+3). The |
| 103 | * smallest allocatable block is 8 bytes. The overhead information |
| 104 | * precedes the data area returned to the user. |
| 105 | */ |
| 106 | #define NBUCKETS 30 |
| 107 | static union overhead *nextf[NBUCKETS]; |
| 108 | |
| 109 | static int pagesz; /* page size */ |
| 110 | static int pagebucket; /* page size bucket */ |
| 111 | |
| 112 | #ifdef MSTATS |
| 113 | /* |
| 114 | * nmalloc[i] is the difference between the number of mallocs and frees |
| 115 | * for a given block size. |
| 116 | */ |
| 117 | static u_int nmalloc[NBUCKETS]; |
| 118 | #include <stdio.h> |
| 119 | #endif |
| 120 | |
| 121 | #if defined(MALLOC_DEBUG) || defined(RCHECK) |
| 122 | #define ASSERT(p) if (!(p)) botch("p") |
| 123 | #include <stdio.h> |
| 124 | static void |
| 125 | botch(char *s) |
| 126 | { |
| 127 | fprintf(stderr, "\r\nassertion botched: %s\r\n", s); |
| 128 | (void) fflush(stderr); /* just in case user buffered it */ |
| 129 | abort(); |
| 130 | } |
| 131 | #else |
| 132 | #define ASSERT(p) |
| 133 | #endif |
| 134 | |
| 135 | /* Debugging stuff */ |
| 136 | #define TRACE() rtld_printf("TRACE %s:%d\n", __FILE__, __LINE__) |
| 137 | |
| 138 | void * |
| 139 | malloc(size_t nbytes) |
| 140 | { |
| 141 | register union overhead *op; |
| 142 | register int bucket; |
| 143 | register long n; |
| 144 | register unsigned amt; |
| 145 | |
| 146 | /* |
| 147 | * First time malloc is called, setup page size and |
| 148 | * align break pointer so all data will be page aligned. |
| 149 | */ |
| 150 | if (pagesz == 0) { |
| 151 | pagesz = n = getpagesize(); |
| 152 | if (morepages(NPOOLPAGES) == 0) |
| 153 | return NULL; |
| 154 | op = (union overhead *)(pagepool_start); |
| 155 | n = n - sizeof (*op) - ((long)op & (n - 1)); |
| 156 | if (n < 0) |
| 157 | n += pagesz; |
| 158 | if (n) { |
| 159 | pagepool_start += n; |
| 160 | } |
| 161 | bucket = 0; |
| 162 | amt = 8; |
| 163 | while ((unsigned)pagesz > amt) { |
| 164 | amt <<= 1; |
| 165 | bucket++; |
| 166 | } |
| 167 | pagebucket = bucket; |
| 168 | } |
| 169 | /* |
| 170 | * Convert amount of memory requested into closest block size |
| 171 | * stored in hash buckets which satisfies request. |
| 172 | * Account for space used per block for accounting. |
| 173 | */ |
| 174 | if (nbytes <= (unsigned long)(n = pagesz - sizeof (*op) - RSLOP)) { |
| 175 | #ifndef RCHECK |
| 176 | amt = 8; /* size of first bucket */ |
| 177 | bucket = 0; |
| 178 | #else |
| 179 | amt = 16; /* size of first bucket */ |
| 180 | bucket = 1; |
| 181 | #endif |
| 182 | n = -(sizeof (*op) + RSLOP); |
| 183 | } else { |
| 184 | amt = pagesz; |
| 185 | bucket = pagebucket; |
| 186 | } |
| 187 | while (nbytes > amt + n) { |
| 188 | amt <<= 1; |
| 189 | if (amt == 0) |
| 190 | return (NULL); |
| 191 | bucket++; |
| 192 | } |
| 193 | /* |
| 194 | * If nothing in hash bucket right now, |
| 195 | * request more memory from the system. |
| 196 | */ |
| 197 | if ((op = nextf[bucket]) == NULL) { |
| 198 | morecore(bucket); |
| 199 | if ((op = nextf[bucket]) == NULL) |
| 200 | return (NULL); |
| 201 | } |
| 202 | /* remove from linked list */ |
| 203 | nextf[bucket] = op->ov_next; |
| 204 | op->ov_magic = MAGIC; |
| 205 | op->ov_index = bucket; |
| 206 | #ifdef MSTATS |
| 207 | nmalloc[bucket]++; |
| 208 | #endif |
| 209 | #ifdef RCHECK |
| 210 | /* |
| 211 | * Record allocated size of block and |
| 212 | * bound space with magic numbers. |
| 213 | */ |
| 214 | op->ov_size = (nbytes + RSLOP - 1) & ~(RSLOP - 1); |
| 215 | op->ov_rmagic = RMAGIC; |
| 216 | *(u_short *)((caddr_t)(op + 1) + op->ov_size) = RMAGIC; |
| 217 | #endif |
| 218 | return ((char *)(op + 1)); |
| 219 | } |
| 220 | |
| 221 | /* |
| 222 | * Used by rtld.c, if we don't override it here the calloc from |
| 223 | * libc may try to pull in the malloc/realloc/free from libc too. |
| 224 | */ |
| 225 | void * |
| 226 | calloc(size_t num, size_t size) |
| 227 | { |
| 228 | void *p; |
| 229 | |
| 230 | size *= num; |
| 231 | if ((p = malloc(size)) != NULL) |
| 232 | bzero(p, size); |
| 233 | return(p); |
| 234 | } |
| 235 | |
| 236 | /* |
| 237 | * Allocate more memory to the indicated bucket. |
| 238 | */ |
| 239 | static void |
| 240 | morecore(int bucket) |
| 241 | { |
| 242 | register union overhead *op; |
| 243 | register int sz; /* size of desired block */ |
| 244 | int amt; /* amount to allocate */ |
| 245 | int nblks; /* how many blocks we get */ |
| 246 | |
| 247 | /* |
| 248 | * sbrk_size <= 0 only for big, FLUFFY, requests (about |
| 249 | * 2^30 bytes on a VAX, I think) or for a negative arg. |
| 250 | */ |
| 251 | sz = 1 << (bucket + 3); |
| 252 | #ifdef MALLOC_DEBUG |
| 253 | ASSERT(sz > 0); |
| 254 | #else |
| 255 | if (sz <= 0) |
| 256 | return; |
| 257 | #endif |
| 258 | if (sz < pagesz) { |
| 259 | amt = pagesz; |
| 260 | nblks = amt / sz; |
| 261 | } else { |
| 262 | amt = sz + pagesz; |
| 263 | nblks = 1; |
| 264 | } |
| 265 | if (amt > pagepool_end - pagepool_start) |
| 266 | if (morepages(amt/pagesz + NPOOLPAGES) == 0) |
| 267 | return; |
| 268 | op = (union overhead *)pagepool_start; |
| 269 | pagepool_start += amt; |
| 270 | |
| 271 | /* |
| 272 | * Add new memory allocated to that on |
| 273 | * free list for this hash bucket. |
| 274 | */ |
| 275 | nextf[bucket] = op; |
| 276 | while (--nblks > 0) { |
| 277 | op->ov_next = (union overhead *)((caddr_t)op + sz); |
| 278 | op = (union overhead *)((caddr_t)op + sz); |
| 279 | } |
| 280 | } |
| 281 | |
| 282 | void |
| 283 | free(void *cp) |
| 284 | { |
| 285 | register int size; |
| 286 | register union overhead *op; |
| 287 | |
| 288 | if (cp == NULL) |
| 289 | return; |
| 290 | op = (union overhead *)((caddr_t)cp - sizeof (union overhead)); |
| 291 | #ifdef MALLOC_DEBUG |
| 292 | ASSERT(op->ov_magic == MAGIC); /* make sure it was in use */ |
| 293 | #else |
| 294 | if (op->ov_magic != MAGIC) |
| 295 | return; /* sanity */ |
| 296 | #endif |
| 297 | #ifdef RCHECK |
| 298 | ASSERT(op->ov_rmagic == RMAGIC); |
| 299 | ASSERT(*(u_short *)((caddr_t)(op + 1) + op->ov_size) == RMAGIC); |
| 300 | #endif |
| 301 | size = op->ov_index; |
| 302 | ASSERT(size < NBUCKETS); |
| 303 | op->ov_next = nextf[size]; /* also clobbers ov_magic */ |
| 304 | nextf[size] = op; |
| 305 | #ifdef MSTATS |
| 306 | nmalloc[size]--; |
| 307 | #endif |
| 308 | } |
| 309 | |
| 310 | /* |
| 311 | * When a program attempts "storage compaction" as mentioned in the |
| 312 | * old malloc man page, it realloc's an already freed block. Usually |
| 313 | * this is the last block it freed; occasionally it might be farther |
| 314 | * back. We have to search all the free lists for the block in order |
| 315 | * to determine its bucket: 1st we make one pass thru the lists |
| 316 | * checking only the first block in each; if that fails we search |
| 317 | * ``realloc_srchlen'' blocks in each list for a match (the variable |
| 318 | * is extern so the caller can modify it). If that fails we just copy |
| 319 | * however many bytes was given to realloc() and hope it's not huge. |
| 320 | */ |
| 321 | int realloc_srchlen = 4; /* 4 should be plenty, -1 =>'s whole list */ |
| 322 | |
| 323 | void * |
| 324 | realloc(void *cp, size_t nbytes) |
| 325 | { |
| 326 | register u_int onb; |
| 327 | register int i; |
| 328 | union overhead *op; |
| 329 | char *res; |
| 330 | int was_alloced = 0; |
| 331 | |
| 332 | if (cp == NULL) |
| 333 | return (malloc(nbytes)); |
| 334 | op = (union overhead *)((caddr_t)cp - sizeof (union overhead)); |
| 335 | if (op->ov_magic == MAGIC) { |
| 336 | was_alloced++; |
| 337 | i = op->ov_index; |
| 338 | } else { |
| 339 | /* |
| 340 | * Already free, doing "compaction". |
| 341 | * |
| 342 | * Search for the old block of memory on the |
| 343 | * free list. First, check the most common |
| 344 | * case (last element free'd), then (this failing) |
| 345 | * the last ``realloc_srchlen'' items free'd. |
| 346 | * If all lookups fail, then assume the size of |
| 347 | * the memory block being realloc'd is the |
| 348 | * largest possible (so that all "nbytes" of new |
| 349 | * memory are copied into). Note that this could cause |
| 350 | * a memory fault if the old area was tiny, and the moon |
| 351 | * is gibbous. However, that is very unlikely. |
| 352 | */ |
| 353 | if ((i = findbucket(op, 1)) < 0 && |
| 354 | (i = findbucket(op, realloc_srchlen)) < 0) |
| 355 | i = NBUCKETS; |
| 356 | } |
| 357 | onb = 1 << (i + 3); |
| 358 | if (onb < (u_int)pagesz) |
| 359 | onb -= sizeof (*op) + RSLOP; |
| 360 | else |
| 361 | onb += pagesz - sizeof (*op) - RSLOP; |
| 362 | /* avoid the copy if same size block */ |
| 363 | if (was_alloced) { |
| 364 | if (i) { |
| 365 | i = 1 << (i + 2); |
| 366 | if (i < pagesz) |
| 367 | i -= sizeof (*op) + RSLOP; |
| 368 | else |
| 369 | i += pagesz - sizeof (*op) - RSLOP; |
| 370 | } |
| 371 | if (nbytes <= onb && nbytes > (size_t)i) { |
| 372 | #ifdef RCHECK |
| 373 | op->ov_size = (nbytes + RSLOP - 1) & ~(RSLOP - 1); |
| 374 | *(u_short *)((caddr_t)(op + 1) + op->ov_size) = RMAGIC; |
| 375 | #endif |
| 376 | return(cp); |
| 377 | } else |
| 378 | free(cp); |
| 379 | } |
| 380 | if ((res = malloc(nbytes)) == NULL) |
| 381 | return (NULL); |
| 382 | if (cp != res) /* common optimization if "compacting" */ |
| 383 | bcopy(cp, res, (nbytes < onb) ? nbytes : onb); |
| 384 | return (res); |
| 385 | } |
| 386 | |
| 387 | /* |
| 388 | * Search ``srchlen'' elements of each free list for a block whose |
| 389 | * header starts at ``freep''. If srchlen is -1 search the whole list. |
| 390 | * Return bucket number, or -1 if not found. |
| 391 | */ |
| 392 | static int |
| 393 | findbucket(union overhead *freep, int srchlen) |
| 394 | { |
| 395 | register union overhead *p; |
| 396 | register int i, j; |
| 397 | |
| 398 | for (i = 0; i < NBUCKETS; i++) { |
| 399 | j = 0; |
| 400 | for (p = nextf[i]; p && j != srchlen; p = p->ov_next) { |
| 401 | if (p == freep) |
| 402 | return (i); |
| 403 | j++; |
| 404 | } |
| 405 | } |
| 406 | return (-1); |
| 407 | } |
| 408 | |
| 409 | #ifdef MSTATS |
| 410 | /* |
| 411 | * mstats - print out statistics about malloc |
| 412 | * |
| 413 | * Prints two lines of numbers, one showing the length of the free list |
| 414 | * for each size category, the second showing the number of mallocs - |
| 415 | * frees for each size category. |
| 416 | */ |
| 417 | void |
| 418 | mstats(char *s) |
| 419 | { |
| 420 | register int i, j; |
| 421 | register union overhead *p; |
| 422 | int totfree = 0, |
| 423 | totused = 0; |
| 424 | |
| 425 | fprintf(stderr, "Memory allocation statistics %s\nfree:\t", s); |
| 426 | for (i = 0; i < NBUCKETS; i++) { |
| 427 | for (j = 0, p = nextf[i]; p; p = p->ov_next, j++) |
| 428 | ; |
| 429 | fprintf(stderr, " %d", j); |
| 430 | totfree += j * (1 << (i + 3)); |
| 431 | } |
| 432 | fprintf(stderr, "\nused:\t"); |
| 433 | for (i = 0; i < NBUCKETS; i++) { |
| 434 | fprintf(stderr, " %d", nmalloc[i]); |
| 435 | totused += nmalloc[i] * (1 << (i + 3)); |
| 436 | } |
| 437 | fprintf(stderr, "\n\tTotal in use: %d, total free: %d\n", |
| 438 | totused, totfree); |
| 439 | } |
| 440 | #endif |
| 441 | |
| 442 | |
| 443 | static int |
| 444 | morepages(int n) |
| 445 | { |
| 446 | int fd = -1; |
| 447 | int offset; |
| 448 | |
| 449 | if (pagepool_end - pagepool_start > pagesz) { |
| 450 | caddr_t addr = (caddr_t) |
| 451 | (((long)pagepool_start + pagesz - 1) & ~(pagesz - 1)); |
| 452 | if (munmap(addr, pagepool_end - addr) != 0) |
| 453 | rtld_fdprintf(STDERR_FILENO, "morepages: munmap %p", |
| 454 | addr); |
| 455 | } |
| 456 | |
| 457 | offset = (long)pagepool_start - ((long)pagepool_start & ~(pagesz - 1)); |
| 458 | |
| 459 | if ((pagepool_start = mmap(0, n * pagesz, |
| 460 | PROT_READ|PROT_WRITE, |
| 461 | MAP_ANON|MAP_COPY, fd, 0)) == (caddr_t)-1) { |
| 462 | rtld_printf("Cannot map anonymous memory\n"); |
| 463 | return 0; |
| 464 | } |
| 465 | pagepool_end = pagepool_start + n * pagesz; |
| 466 | pagepool_start += offset; |
| 467 | |
| 468 | return n; |
| 469 | } |