diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c index 612759d9..38938f96 100644 --- a/src/lib/libc/stdlib/malloc.c +++ b/src/lib/libc/stdlib/malloc.c @@ -1,430 +1,1223 @@ -/* $NetBSD: malloc.c,v 1.6 1996/01/17 02:45:25 jtc Exp $ */ - /* - * Copyright (c) 1983 Regents of the University of California. - * All rights reserved. + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * ---------------------------------------------------------------------------- * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * $Id: malloc.c,v 1.4 1996/08/02 18:08:09 tholo Exp $ * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char *sccsid = "from: @(#)malloc.c 5.11 (Berkeley) 2/23/91"; -#else -static char *rcsid = "$NetBSD: malloc.c,v 1.6 1996/01/17 02:45:25 jtc Exp $"; + */ + +/* + * Defining EXTRA_SANITY will enable some checks which are related + * to internal conditions and consistency in malloc.c + */ +#undef EXTRA_SANITY + +/* + * Defining MALLOC_STATS will enable you to call malloc_dump() and set + * the [dD] options in the MALLOC_OPTIONS environment variable. + * It has no run-time performance hit. + */ +#define MALLOC_STATS + +#if defined(EXTRA_SANITY) && !defined(MALLOC_STATS) +# define MALLOC_STATS /* required for EXTRA_SANITY */ #endif -#endif /* LIBC_SCCS and not lint */ /* - * malloc.c (Caltech) 2/21/82 - * Chris Kingsley, kingsley@cit-20. - * - * This is a very fast storage allocator. It allocates blocks of a small - * number of different sizes, and keeps free lists of each size. Blocks that - * don't exactly fit are passed up to the next larger size. In this - * implementation, the available sizes are 2^n-4 (or 2^n-10) bytes long. - * This is designed for use in a virtual memory environment. + * What to use for Junk */ +#define SOME_JUNK 0xd0 /* as in "Duh" :-) */ -#include +#include #include -#include #include - -#define NULL 0 - -/* - * The overhead on a block is at least 4 bytes. When free, this space - * contains a pointer to the next free block, and the bottom two bits must - * be zero. When in use, the first byte is set to MAGIC, and the second - * byte is the size index. The remaining bytes are for alignment. - * If range checking is enabled then a second word holds the size of the - * requested block, less 1, rounded up to a multiple of sizeof(RMAGIC). - * The order of elements is critical: ov_magic must overlay the low order - * bits of ov_next, and ov_magic can not be a valid ov_next bit pattern. - */ -union overhead { - union overhead *ov_next; /* when free */ - struct { - u_char ovu_magic; /* magic number */ - u_char ovu_index; /* bucket # */ -#ifdef RCHECK - u_short ovu_rmagic; /* range magic number */ - u_long ovu_size; /* actual block size */ +#include +#include +#include +#include +#include +#include +#ifdef _THREAD_SAFE +#include +#include "pthread_private.h" #endif - } ovu; -#define ov_magic ovu.ovu_magic -#define ov_index ovu.ovu_index -#define ov_rmagic ovu.ovu_rmagic -#define ov_size ovu.ovu_size -}; -static void morecore __P((int)); -static int findbucket __P((union overhead *, int)); +/* + * If these weren't defined here, they would be calculated on the fly, + * at a considerable cost in performance. + */ +#ifdef __OpenBSD__ +# if defined(__alpha__) || defined(__m68k__) || defined(__mips__) || \ + defined(__i386__) || defined(__m88k__) || defined(__ns32k__) || \ + defined(__vax__) +# define malloc_pagesize (NBPG) +# define malloc_pageshift (PGSHIFT) +# define malloc_maxsize (malloc_pagesize >> 1) +# define malloc_minsize 16U +# endif /* __i386__ */ +#endif /* __OpenBSD__ */ -#define MAGIC 0xef /* magic # on accounting info */ -#define RMAGIC 0x5555 /* magic # on range info */ +/* + * This structure describes a page worth of chunks. + */ -#ifdef RCHECK -#define RSLOP sizeof (u_short) -#else -#define RSLOP 0 -#endif +struct pginfo { + struct pginfo *next; /* next on the free list */ + void *page; /* Pointer to the page */ + u_short size; /* size of this page's chunks */ + u_short shift; /* How far to shift for this size chunks */ + u_short free; /* How many free chunks */ + u_short total; /* How many chunk */ + u_long bits[1]; /* Which chunks are free */ +}; /* - * nextf[i] is the pointer to the next free block of size 2^(i+3). The - * smallest allocatable block is 8 bytes. The overhead information - * precedes the data area returned to the user. + * This structure describes a number of free pages. */ -#define NBUCKETS 30 -static union overhead *nextf[NBUCKETS]; -extern char *sbrk(); -static int pagesz; /* page size */ -static int pagebucket; /* page size bucket */ +struct pgfree { + struct pgfree *next; /* next run of free pages */ + struct pgfree *prev; /* prev run of free pages */ + void *page; /* pointer to free pages */ + void *end; /* pointer to end of free pages */ + u_long size; /* number of bytes free */ +}; -#ifdef MSTATS /* - * nmalloc[i] is the difference between the number of mallocs and frees - * for a given block size. + * How many bits per u_long in the bitmap. + * Change only if not 8 bits/byte */ -static u_int nmalloc[NBUCKETS]; -#include -#endif +#define MALLOC_BITS (8*sizeof(u_long)) -#if defined(DEBUG) || defined(RCHECK) -#define ASSERT(p) if (!(p)) botch("p") -#include -static -botch(s) - char *s; +/* + * Magic values to put in the page_directory + */ +#define MALLOC_NOT_MINE ((struct pginfo*) 0) +#define MALLOC_FREE ((struct pginfo*) 1) +#define MALLOC_FIRST ((struct pginfo*) 2) +#define MALLOC_FOLLOW ((struct pginfo*) 3) +#define MALLOC_MAGIC ((struct pginfo*) 4) + +/* + * The i386 architecture has some very convenient instructions. + * We might as well use them. There are C-language backups, but + * they are considerably slower. + */ +#ifdef __i386__ +#define ffs _ffs +static __inline int +_ffs(unsigned input) { - fprintf(stderr, "\r\nassertion botched: %s\r\n", s); - (void) fflush(stderr); /* just in case user buffered it */ - abort(); + int result; + asm("bsfl %1,%0" : "=r" (result) : "r" (input)); + return result+1; } -#else -#define ASSERT(p) -#endif -void * -malloc(nbytes) - size_t nbytes; +#define fls _fls +static __inline int +_fls(unsigned input) +{ + int result; + asm("bsrl %1,%0" : "=r" (result) : "r" (input)); + return result+1; +} + +#define set_bit _set_bit +static __inline void +_set_bit(struct pginfo *pi, int bit) { - register union overhead *op; - register long bucket, n; - register unsigned amt; + asm("btsl %0,(%1)" : + : "r" (bit & (MALLOC_BITS-1)), "r" (pi->bits+(bit/MALLOC_BITS))); +} - /* - * First time malloc is called, setup page size and - * align break pointer so all data will be page aligned. - */ - if (pagesz == 0) { - pagesz = n = getpagesize(); - op = (union overhead *)sbrk(0); - n = n - sizeof (*op) - ((long)op & (n - 1)); - if (n < 0) - n += pagesz; - if (n) { - if (sbrk(n) == (char *)-1) - return (NULL); - } - bucket = 0; - amt = 8; - while (pagesz > amt) { - amt <<= 1; - bucket++; - } - pagebucket = bucket; - } - /* - * Convert amount of memory requested into closest block size - * stored in hash buckets which satisfies request. - * Account for space used per block for accounting. - */ - if (nbytes <= (n = pagesz - sizeof (*op) - RSLOP)) { -#ifndef RCHECK - amt = 8; /* size of first bucket */ - bucket = 0; -#else - amt = 16; /* size of first bucket */ - bucket = 1; -#endif - n = -((long)sizeof (*op) + RSLOP); +#define clr_bit _clr_bit +static __inline void +_clr_bit(struct pginfo *pi, int bit) +{ + asm("btcl %0,(%1)" : + : "r" (bit & (MALLOC_BITS-1)), "r" (pi->bits+(bit/MALLOC_BITS))); +} + +#endif /* __i386__ */ + +/* + * Set to one when malloc_init has been called + */ +static unsigned initialized; + +/* + * The size of a page. + * Must be a integral multiplum of the granularity of mmap(2). + * Your toes will curl if it isn't a power of two + */ +#ifndef malloc_pagesize +static unsigned malloc_pagesize; +#endif /* malloc_pagesize */ + +/* + * A mask for the offset inside a page. + */ +#define malloc_pagemask ((malloc_pagesize)-1) + +#define pageround(foo) (((foo) + (malloc_pagemask))&(~(malloc_pagemask))) +#define ptr2index(foo) (((u_long)(foo) >> malloc_pageshift)-malloc_origo) + +/* + * malloc_pagesize == 1 << malloc_pageshift + */ +#ifndef malloc_pageshift +static unsigned malloc_pageshift; +#endif /* malloc_pageshift */ + +/* + * The smallest allocation we bother about. + * Must be power of two + */ +#ifndef malloc_minsize +static unsigned malloc_minsize; +#endif /* malloc_minsize */ + +/* + * The largest chunk we care about. + * Must be smaller than pagesize + * Must be power of two + */ +#ifndef malloc_maxsize +static unsigned malloc_maxsize; +#endif /* malloc_maxsize */ + +/* + * The minimum size (in bytes) of the free page cache. + */ +#ifndef malloc_cache +static unsigned malloc_cache; +#endif /* malloc_cache */ + +/* + * The offset from pagenumber to index into the page directory + */ +static u_long malloc_origo; + +/* + * The last index in the page directory we care about + */ +static u_long last_index; + +/* + * Pointer to page directory. + * Allocated "as if with" malloc + */ +static struct pginfo **page_dir; + +/* + * How many slots in the page directory + */ +static unsigned malloc_ninfo; + +/* + * Free pages line up here + */ +static struct pgfree free_list; + +/* + * Abort() if we fail to get VM ? + */ +static int malloc_abort; + +/* + * Are we trying to die ? + */ +static int suicide; + +#ifdef MALLOC_STATS +/* + * dump statistics + */ +static int malloc_stats; +#endif /* MALLOC_STATS */ + +/* + * always realloc ? + */ +static int malloc_realloc; + +/* + * zero fill ? + */ +static int malloc_zero; + +/* + * junk fill ? + */ +static int malloc_junk; + +/* + * my last break. + */ +static void *malloc_brk; + +/* + * one location cache for free-list holders + */ +static struct pgfree *px; + +/* + * Necessary function declarations + */ +static int extend_pgdir(u_long index); + +#ifdef MALLOC_STATS +void +malloc_dump(FILE *fd) +{ + struct pginfo **pd; + struct pgfree *pf; + int j; + + pd = page_dir; + + /* print out all the pages */ + for(j=0;j<=last_index;j++) { + fprintf(fd,"%08lx %5d ",(j+malloc_origo) << malloc_pageshift,j); + if (pd[j] == MALLOC_NOT_MINE) { + for(j++;j<=last_index && pd[j] == MALLOC_NOT_MINE;j++) + ; + j--; + fprintf(fd,".. %5d not mine\n", j); + } else if (pd[j] == MALLOC_FREE) { + for(j++;j<=last_index && pd[j] == MALLOC_FREE;j++) + ; + j--; + fprintf(fd,".. %5d free\n", j); + } else if (pd[j] == MALLOC_FIRST) { + for(j++;j<=last_index && pd[j] == MALLOC_FOLLOW;j++) + ; + j--; + fprintf(fd,".. %5d in use\n", j); + } else if (pd[j] < MALLOC_MAGIC) { + fprintf(fd,"(%p)\n", pd[j]); } else { - amt = pagesz; - bucket = pagebucket; - } - while (nbytes > amt + n) { - amt <<= 1; - if (amt == 0) - return (NULL); - bucket++; + fprintf(fd,"%p %d (of %d) x %d @ %p --> %p\n", + pd[j],pd[j]->free, pd[j]->total, + pd[j]->size, pd[j]->page, pd[j]->next); } - /* - * If nothing in hash bucket right now, - * request more memory from the system. - */ - if ((op = nextf[bucket]) == NULL) { - morecore(bucket); - if ((op = nextf[bucket]) == NULL) - return (NULL); + } + + for(pf=free_list.next; pf; pf=pf->next) { + fprintf(fd,"Free: @%p [%p...%p[ %ld ->%p <-%p\n", + pf,pf->page,pf->end,pf->size,pf->prev,pf->next); + if (pf == pf->next) { + fprintf(fd,"Free_list loops.\n"); + break; } - /* remove from linked list */ - nextf[bucket] = op->ov_next; - op->ov_magic = MAGIC; - op->ov_index = bucket; -#ifdef MSTATS - nmalloc[bucket]++; -#endif -#ifdef RCHECK - /* - * Record allocated size of block and - * bound space with magic numbers. - */ - op->ov_size = (nbytes + RSLOP - 1) & ~(RSLOP - 1); - op->ov_rmagic = RMAGIC; - *(u_short *)((caddr_t)(op + 1) + op->ov_size) = RMAGIC; -#endif - return ((char *)(op + 1)); + } + + /* print out various info */ + fprintf(fd,"Minsize\t%d\n",malloc_minsize); + fprintf(fd,"Maxsize\t%d\n",malloc_maxsize); + fprintf(fd,"Pagesize\t%d\n",malloc_pagesize); + fprintf(fd,"Pageshift\t%d\n",malloc_pageshift); + fprintf(fd,"FirstPage\t%ld\n",malloc_origo); + fprintf(fd,"LastPage\t%ld %lx\n",last_index+malloc_pageshift, + (last_index + malloc_pageshift) << malloc_pageshift); + fprintf(fd,"Break\t%ld\n",(u_long)sbrk(0) >> malloc_pageshift); +} +#endif /* MALLOC_STATS */ + +static void +wrterror(char *p) +{ + char *q = "Malloc error: "; + suicide = 1; + write(2,q,strlen(q)); + write(2,p,strlen(p)); +#ifdef MALLOC_STATS + if (malloc_stats) + malloc_dump(stderr); +#endif /* MALLOC_STATS */ + abort(); +} + +static void +wrtwarning(char *p) +{ + char *q = "Malloc warning: "; + if (malloc_abort) + wrterror(p); + write(2,q,strlen(q)); + write(2,p,strlen(p)); +} + +#ifdef EXTRA_SANITY +static void +malloc_exit() +{ + FILE *fd = fopen("malloc.out","a"); + char *q = "malloc() warning: Couldn't dump stats.\n"; + if (fd) { + malloc_dump(fd); + fclose(fd); + } else + write(2,q,strlen(q)); +} +#endif /* EXTRA_SANITY */ + + +/* + * Allocate a number of pages from the OS + */ +static caddr_t +map_pages(int pages) +{ + caddr_t result,tail; + + result = (caddr_t)pageround((u_long)sbrk(0)); + tail = result + (pages << malloc_pageshift); + + if (brk(tail)) { +#ifdef EXTRA_SANITY + wrterror("(internal): map_pages fails\n"); +#endif /* EXTRA_SANITY */ + return 0; + } + + last_index = ptr2index(tail) - 1; + malloc_brk = tail; + + if ((last_index+1) >= malloc_ninfo && !extend_pgdir(last_index)) + return 0;; + + return result; +} + +/* + * Set a bit in the bitmap + */ +#ifndef set_bit +static __inline void +set_bit(struct pginfo *pi, int bit) +{ + pi->bits[bit/MALLOC_BITS] |= 1<<(bit%MALLOC_BITS); +} +#endif /* set_bit */ + +/* + * Clear a bit in the bitmap + */ +#ifndef clr_bit +static __inline void +clr_bit(struct pginfo *pi, int bit) +{ + pi->bits[bit/MALLOC_BITS] &= ~(1<<(bit%MALLOC_BITS)); +} +#endif /* clr_bit */ + +#ifndef tst_bit +/* + * Test a bit in the bitmap + */ +static __inline int +tst_bit(struct pginfo *pi, int bit) +{ + return pi->bits[bit/MALLOC_BITS] & (1<<(bit%MALLOC_BITS)); +} +#endif /* tst_bit */ + +/* + * Find last bit + */ +#ifndef fls +static __inline int +fls(int size) +{ + int i = 1; + while (size >>= 1) + i++; + return i; } +#endif /* fls */ /* - * Allocate more memory to the indicated bucket. + * Extend page directory + */ +static int +extend_pgdir(u_long index) +{ + struct pginfo **new,**old; + int i, oldlen; + + /* Make it this many pages */ + i = index * sizeof *page_dir; + i /= malloc_pagesize; + i += 2; + + /* remember the old mapping size */ + oldlen = malloc_ninfo * sizeof *page_dir; + + /* + * NOTE: we allocate new pages and copy the directory rather than tempt + * fate by trying to "grow" the region.. There is nothing to prevent + * us from accidently re-mapping space that's been allocated by our caller + * via dlopen() or other mmap(). + * + * The copy problem is not too bad, as there is 4K of page index per + * 4MB of malloc arena. + * + * We can totally avoid the copy if we open a file descriptor to associate + * the anon mappings with. Then, when we remap the pages at the new + * address, the old pages will be "magically" remapped.. But this means + * keeping open a "secret" file descriptor..... + */ + + /* Get new pages */ + new = (struct pginfo**) mmap(0, i * malloc_pagesize, PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0); + if (new == (struct pginfo **)-1) + return 0; + + /* Copy the old stuff */ + memcpy(new, page_dir, + malloc_ninfo * sizeof *page_dir); + + /* register the new size */ + malloc_ninfo = i * malloc_pagesize / sizeof *page_dir; + + /* swap the pointers */ + old = page_dir; + page_dir = new; + + /* Now free the old stuff */ + munmap((caddr_t)old, oldlen); + return 1; +} + +/* + * Initialize the world */ static void -morecore(bucket) - int bucket; +malloc_init () { - register union overhead *op; - register long sz; /* size of desired block */ - long amt; /* amount to allocate */ - int nblks; /* how many blocks we get */ + char *p; - /* - * sbrk_size <= 0 only for big, FLUFFY, requests (about - * 2^30 bytes on a VAX, I think) or for a negative arg. - */ - sz = 1 << (bucket + 3); -#ifdef DEBUG - ASSERT(sz > 0); -#else - if (sz <= 0) - return; -#endif - if (sz < pagesz) { - amt = pagesz; - nblks = amt / sz; - } else { - amt = sz + pagesz; - nblks = 1; +#ifdef EXTRA_SANITY + malloc_junk = 1; +#endif /* EXTRA_SANITY */ + + for (p=getenv("MALLOC_OPTIONS"); p && *p; p++) { + switch (*p) { + case 'a': malloc_abort = 0; break; + case 'A': malloc_abort = 1; break; +#ifdef MALLOC_STATS + case 'd': malloc_stats = 0; break; + case 'D': malloc_stats = 1; break; +#endif /* MALLOC_STATS */ + case 'r': malloc_realloc = 0; break; + case 'R': malloc_realloc = 1; break; + case 'j': malloc_junk = 0; break; + case 'J': malloc_junk = 1; break; + case 'z': malloc_zero = 0; break; + case 'Z': malloc_zero = 1; break; + default: + wrtwarning("(Init): Unknown char in MALLOC_OPTIONS\n"); + p = 0; + break; } - op = (union overhead *)sbrk(amt); - /* no more room! */ - if ((long)op == -1) - return; - /* - * Add new memory allocated to that on - * free list for this hash bucket. - */ - nextf[bucket] = op; - while (--nblks > 0) { - op->ov_next = (union overhead *)((caddr_t)op + sz); - op = (union overhead *)((caddr_t)op + sz); - } + } + + /* + * We want junk in the entire allocation, and zero only in the part + * the user asked for. + */ + if (malloc_zero) + malloc_junk=1; + +#ifdef EXTRA_SANITY + if (malloc_stats) + atexit(malloc_exit); +#endif /* EXTRA_SANITY */ + +#ifndef malloc_pagesize + /* determine our pagesize */ + malloc_pagesize = getpagesize(); +#endif /* malloc_pagesize */ + +#ifndef malloc_maxsize + malloc_maxsize = malloc_pagesize >> 1; +#endif /* malloc_maxsize */ + +#ifndef malloc_pageshift + { + int i; + /* determine how much we shift by to get there */ + for (i = malloc_pagesize; i > 1; i >>= 1) + malloc_pageshift++; + } +#endif /* malloc_pageshift */ + +#ifndef malloc_cache + malloc_cache = 100 << malloc_pageshift; +#endif /* malloc_cache */ + +#ifndef malloc_minsize + { + int i; + /* + * find the smallest size allocation we will bother about. + * this is determined as the smallest allocation that can hold + * it's own pginfo; + */ + i = 2; + for(;;) { + int j; + + /* Figure out the size of the bits */ + j = malloc_pagesize/i; + j /= 8; + if (j < sizeof(u_long)) + j = sizeof (u_long); + if (sizeof(struct pginfo) + j - sizeof (u_long) <= i) + break; + i += i; + } + malloc_minsize = i; + } +#endif /* malloc_minsize */ + + /* Allocate one page for the page directory */ + page_dir = (struct pginfo **) mmap(0, malloc_pagesize, PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0); + if (page_dir == (struct pginfo **) -1) + wrterror("(Init) my first mmap failed. (check limits ?)\n"); + + /* + * We need a maximum of malloc_pageshift buckets, steal these from the + * front of the page_directory; + */ + malloc_origo = ((u_long)pageround((u_long)sbrk(0))) >> malloc_pageshift; + malloc_origo -= malloc_pageshift; + + malloc_ninfo = malloc_pagesize / sizeof *page_dir; + + /* Been here, done that */ + initialized++; + + /* + * This is a nice hack from Kaleb Keithly (kaleb@x.org). + * We can sbrk(2) further back when we keep this on a low address. + */ + px = (struct pgfree *) malloc (sizeof *px); } -void -free(cp) - void *cp; -{ - register long size; - register union overhead *op; - - if (cp == NULL) - return; - op = (union overhead *)((caddr_t)cp - sizeof (union overhead)); -#ifdef DEBUG - ASSERT(op->ov_magic == MAGIC); /* make sure it was in use */ -#else - if (op->ov_magic != MAGIC) - return; /* sanity */ +/* + * Allocate a number of complete pages + */ +void * +malloc_pages(size_t size) +{ + void *p,*delay_free = 0; + int i; + struct pgfree *pf; + u_long index; + + size = pageround(size); + + p = 0; + /* Look for free pages before asking for more */ + for(pf = free_list.next; pf; pf = pf->next) { + +#ifdef EXTRA_SANITY + if (pf->size & malloc_pagemask) + wrterror("(ES): junk length entry on free_list\n"); + if (!pf->size) + wrterror("(ES): zero length entry on free_list\n"); + if (pf->page == pf->end) + wrterror("(ES): zero entry on free_list\n"); + if (pf->page > pf->end) + wrterror("(ES): sick entry on free_list\n"); + if ((void*)pf->page >= (void*)sbrk(0)) + wrterror("(ES): entry on free_list past brk\n"); + if (page_dir[ptr2index(pf->page)] != MALLOC_FREE) + wrterror("(ES): non-free first page on free-list\n"); + if (page_dir[ptr2index(pf->end)-1] != MALLOC_FREE) + wrterror("(ES): non-free last page on free-list\n"); +#endif /* EXTRA_SANITY */ + + if (pf->size < size) + continue; + + if (pf->size == size) { + p = pf->page; + if (pf->next) + pf->next->prev = pf->prev; + pf->prev->next = pf->next; + delay_free = pf; + break; + } + + p = pf->page; + pf->page += size; + pf->size -= size; + break; + } + +#ifdef EXTRA_SANITY + if (p && page_dir[ptr2index(p)] != MALLOC_FREE) + wrterror("(ES): allocated non-free page on free-list\n"); +#endif /* EXTRA_SANITY */ + + size >>= malloc_pageshift; + + /* Map new pages */ + if (!p) + p = map_pages(size); + + if (p) { + + index = ptr2index(p); + page_dir[index] = MALLOC_FIRST; + for (i=1;i> bits)+MALLOC_BITS-1) / MALLOC_BITS); + + /* Don't waste more than two chunks on this */ + if ((1<<(bits)) <= l+l) { + bp = (struct pginfo *)pp; + } else { + bp = (struct pginfo *)malloc(l); + if (!bp) + return 0; + } + + bp->size = (1<shift = bits; + bp->total = bp->free = malloc_pagesize >> bits; + bp->page = pp; + + page_dir[ptr2index(pp)] = bp; + + bp->next = page_dir[bits]; + page_dir[bits] = bp; + + /* set all valid bits in the bits */ + k = bp->total; + i = 0; + + /* Do a bunch at a time */ + for(;k-i >= MALLOC_BITS; i += MALLOC_BITS) + bp->bits[i / MALLOC_BITS] = ~0; + + for(; i < k; i++) + set_bit(bp,i); + + if (bp == bp->page) { + /* Mark the ones we stole for ourselves */ + for(i=0;l > 0;i++) { + clr_bit(bp,i); + bp->free--; + bp->total--; + l -= (1 << bits); + } + } + + return 1; +} + +/* + * Allocate a fragment + */ +static void * +malloc_bytes(size_t size) +{ + int j; + struct pginfo *bp; + int k; + u_long *lp; + + /* Don't bother with anything less than this */ + if (size < malloc_minsize) + size = malloc_minsize; + + /* Find the right bucket */ + j = fls((size)-1); + + /* If it's empty, make a page more of that size chunks */ + if (!page_dir[j] && !malloc_make_chunks(j)) + return 0; + + bp = page_dir[j]; + + /* Find first word of bitmap which isn't empty */ + for (lp = bp->bits; !*lp; lp++) + ; + + /* Find that bit, and tweak it */ + k = ffs(*lp) - 1; + *lp ^= 1<free) { + page_dir[j] = bp->next; + bp->next = 0; + } + + /* Adjust to the real offset of that chunk */ + k += (lp-bp->bits)*MALLOC_BITS; + k <<= bp->shift; + + if (malloc_junk) + memset(bp->page + k, SOME_JUNK, bp->size); + + return bp->page + k; +} + +/* + * Allocate a piece of memory + */ +void * +malloc(size_t size) +{ + void *result; +#ifdef _THREAD_SAFE + int status; #endif -#ifdef RCHECK - ASSERT(op->ov_rmagic == RMAGIC); - ASSERT(*(u_short *)((caddr_t)(op + 1) + op->ov_size) == RMAGIC); + + if (!initialized) + malloc_init(); + + if (suicide) + abort(); + +#ifdef _THREAD_SAFE + _thread_kern_sig_block(&status); #endif - size = op->ov_index; - ASSERT(size < NBUCKETS); - op->ov_next = nextf[size]; /* also clobbers ov_magic */ - nextf[size] = op; -#ifdef MSTATS - nmalloc[size]--; + if (size <= malloc_maxsize) + result = malloc_bytes(size); + else + result = malloc_pages(size); + + if (malloc_abort && !result) + wrterror("malloc(): returns NULL\n"); + + if (malloc_zero) + memset(result,0,size); + +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); #endif + return result; } /* - * When a program attempts "storage compaction" as mentioned in the - * old malloc man page, it realloc's an already freed block. Usually - * this is the last block it freed; occasionally it might be farther - * back. We have to search all the free lists for the block in order - * to determine its bucket: 1st we make one pass thru the lists - * checking only the first block in each; if that fails we search - * ``realloc_srchlen'' blocks in each list for a match (the variable - * is extern so the caller can modify it). If that fails we just copy - * however many bytes was given to realloc() and hope it's not huge. + * Change the size of an allocation. */ -int realloc_srchlen = 4; /* 4 should be plenty, -1 =>'s whole list */ - void * -realloc(cp, nbytes) - void *cp; - size_t nbytes; -{ - register u_long onb; - register long i; - union overhead *op; - char *res; - int was_alloced = 0; - - if (cp == NULL) - return (malloc(nbytes)); - if (nbytes == 0) { - free (cp); - return NULL; +realloc(void *ptr, size_t size) +{ + void *p; + u_long osize,index; + struct pginfo **mp; + int i; +#ifdef _THREAD_SAFE + int status; +#endif + + if (suicide) + return 0; + + if (!ptr) /* Bounce to malloc() */ + return malloc(size); + + if (!initialized) { + wrtwarning("realloc(): malloc() never got called.\n"); + return 0; + } + + if (ptr && !size) { /* Bounce to free() */ + free(ptr); + return 0; + } + +#ifdef _THREAD_SAFE + _thread_kern_sig_block(&status); +#endif + index = ptr2index(ptr); + + if (index < malloc_pageshift) { + wrtwarning("realloc(): junk pointer (too low)\n"); +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return 0; + } + + if (index > last_index) { + wrtwarning("realloc(): junk pointer (too high)\n"); +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return 0; + } + + mp = &page_dir[index]; + + if (*mp == MALLOC_FIRST) { /* Page allocation */ + + /* Check the pointer */ + if ((u_long)ptr & malloc_pagemask) { + wrtwarning("realloc(): modified page pointer.\n"); +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return 0; } - op = (union overhead *)((caddr_t)cp - sizeof (union overhead)); - if (op->ov_magic == MAGIC) { - was_alloced++; - i = op->ov_index; - } else { - /* - * Already free, doing "compaction". - * - * Search for the old block of memory on the - * free list. First, check the most common - * case (last element free'd), then (this failing) - * the last ``realloc_srchlen'' items free'd. - * If all lookups fail, then assume the size of - * the memory block being realloc'd is the - * largest possible (so that all "nbytes" of new - * memory are copied into). Note that this could cause - * a memory fault if the old area was tiny, and the moon - * is gibbous. However, that is very unlikely. - */ - if ((i = findbucket(op, 1)) < 0 && - (i = findbucket(op, realloc_srchlen)) < 0) - i = NBUCKETS; + + /* Find the size in bytes */ + for (osize = malloc_pagesize; *++mp == MALLOC_FOLLOW;) + osize += malloc_pagesize; + + if (!malloc_realloc && /* unless we have to, */ + size <= osize && /* .. or are too small, */ + size > (osize - malloc_pagesize)) { /* .. or can free a page, */ +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return ptr; /* don't do anything. */ } - onb = 1 << (i + 3); - if (onb < pagesz) - onb -= sizeof (*op) + RSLOP; - else - onb += pagesz - sizeof (*op) - RSLOP; - /* avoid the copy if same size block */ - if (was_alloced) { - if (i) { - i = 1 << (i + 2); - if (i < pagesz) - i -= sizeof (*op) + RSLOP; - else - i += pagesz - sizeof (*op) - RSLOP; - } - if (nbytes <= onb && nbytes > i) { -#ifdef RCHECK - op->ov_size = (nbytes + RSLOP - 1) & ~(RSLOP - 1); - *(u_short *)((caddr_t)(op + 1) + op->ov_size) = RMAGIC; + + } else if (*mp >= MALLOC_MAGIC) { /* Chunk allocation */ + + /* Check the pointer for sane values */ + if (((u_long)ptr & ((*mp)->size-1))) { + wrtwarning("realloc(): modified chunk pointer.\n"); +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return 0; + } + + /* Find the chunk index in the page */ + i = ((u_long)ptr & malloc_pagemask) >> (*mp)->shift; + + /* Verify that it isn't a free chunk already */ + if (tst_bit(*mp,i)) { + wrtwarning("realloc(): already free chunk.\n"); +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return 0; + } + + osize = (*mp)->size; + + if (!malloc_realloc && /* Unless we have to, */ + size < osize && /* ..or are too small, */ + (size > osize/2 || /* ..or could use a smaller size, */ + osize == malloc_minsize)) { /* ..(if there is one) */ +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); #endif - return(cp); - } else - free(cp); + return ptr; /* ..Don't do anything */ } - if ((res = malloc(nbytes)) == NULL) - return (NULL); - if (cp != res) /* common optimization if "compacting" */ - bcopy(cp, res, (nbytes < onb) ? nbytes : onb); - return (res); + + } else { + wrtwarning("realloc(): wrong page pointer.\n"); +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return 0; + } + + p = malloc(size); + + if (p) { + /* copy the lesser of the two sizes, and free the old one */ + if (osize < size) + memcpy(p,ptr,osize); + else + memcpy(p,ptr,size); + free(ptr); + } +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return p; } /* - * Search ``srchlen'' elements of each free list for a block whose - * header starts at ``freep''. If srchlen is -1 search the whole list. - * Return bucket number, or -1 if not found. + * Free a sequence of pages */ -static -findbucket(freep, srchlen) - union overhead *freep; - int srchlen; + +static __inline void +free_pages(void *ptr, int index, struct pginfo *info) { - register union overhead *p; - register int i, j; - - for (i = 0; i < NBUCKETS; i++) { - j = 0; - for (p = nextf[i]; p && j != srchlen; p = p->ov_next) { - if (p == freep) - return (i); - j++; - } + int i; + struct pgfree *pf,*pt; + u_long l; + void *tail; + + if (info == MALLOC_FREE) { + wrtwarning("free(): already free page.\n"); + return; + } + + if (info != MALLOC_FIRST) { + wrtwarning("free(): freeing wrong page.\n"); + return; + } + + if ((u_long)ptr & malloc_pagemask) { + wrtwarning("free(): modified page pointer.\n"); + return; + } + + /* Count how many pages and mark them free at the same time */ + page_dir[index] = MALLOC_FREE; + for (i = 1; page_dir[index+i] == MALLOC_FOLLOW; i++) + page_dir[index + i] = MALLOC_FREE; + + l = i << malloc_pageshift; + + tail = ptr+l; + + /* add to free-list */ + if (!px) + px = malloc(sizeof *pt); /* This cannot fail... */ + px->page = ptr; + px->end = tail; + px->size = l; + if (!free_list.next) { + + /* Nothing on free list, put this at head */ + px->next = free_list.next; + px->prev = &free_list; + free_list.next = px; + pf = px; + px = 0; + + } else { + + /* Find the right spot, leave pf pointing to the modified entry. */ + tail = ptr+l; + + for(pf = free_list.next; pf->end < ptr && pf->next; pf = pf->next) + ; /* Race ahead here */ + + if (pf->page > tail) { + /* Insert before entry */ + px->next = pf; + px->prev = pf->prev; + pf->prev = px; + px->prev->next = px; + pf = px; + px = 0; + } else if (pf->end == ptr ) { + /* Append to the previous entry */ + pf->end += l; + pf->size += l; + if (pf->next && pf->end == pf->next->page ) { + /* And collapse the next too. */ + pt = pf->next; + pf->end = pt->end; + pf->size += pt->size; + pf->next = pt->next; + if (pf->next) + pf->next->prev = pf; + free(pt); + } + } else if (pf->page == tail) { + /* Prepend to entry */ + pf->size += l; + pf->page = ptr; + } else if (!pf->next) { + /* Append at tail of chain */ + px->next = 0; + px->prev = pf; + pf->next = px; + pf = px; + px = 0; + } else { + wrterror("messed up free list"); } - return (-1); + } + + /* Return something to OS ? */ + if (!pf->next && /* If we're the last one, */ + pf->size > malloc_cache && /* ..and the cache is full, */ + pf->end == malloc_brk && /* ..and none behind us, */ + malloc_brk == sbrk(0)) { /* ..and it's OK to do... */ + + /* + * Keep the cache intact. Notice that the '>' above guarantees that + * the pf will always have at least one page afterwards. + */ + pf->end = pf->page + malloc_cache; + pf->size = malloc_cache; + + brk(pf->end); + malloc_brk = pf->end; + + index = ptr2index(pf->end); + last_index = index - 1; + + for(i=index;i <= last_index;) + page_dir[i++] = MALLOC_NOT_MINE; + + /* XXX: We could realloc/shrink the pagedir here I guess. */ + } } -#ifdef MSTATS /* - * mstats - print out statistics about malloc - * - * Prints two lines of numbers, one showing the length of the free list - * for each size category, the second showing the number of mallocs - - * frees for each size category. + * Free a chunk, and possibly the page it's on, if the page becomes empty. */ -mstats(s) - char *s; + +static __inline void +free_bytes(void *ptr, int index, struct pginfo *info) { - register int i, j; - register union overhead *p; - int totfree = 0, - totused = 0; - - fprintf(stderr, "Memory allocation statistics %s\nfree:\t", s); - for (i = 0; i < NBUCKETS; i++) { - for (j = 0, p = nextf[i]; p; p = p->ov_next, j++) - ; - fprintf(stderr, " %d", j); - totfree += j * (1 << (i + 3)); - } - fprintf(stderr, "\nused:\t"); - for (i = 0; i < NBUCKETS; i++) { - fprintf(stderr, " %d", nmalloc[i]); - totused += nmalloc[i] * (1 << (i + 3)); - } - fprintf(stderr, "\n\tTotal in use: %d, total free: %d\n", - totused, totfree); + int i; + struct pginfo **mp; + void *vp; + + /* Find the chunk number on the page */ + i = ((u_long)ptr & malloc_pagemask) >> info->shift; + + if (((u_long)ptr & (info->size-1))) { + wrtwarning("free(): modified pointer.\n"); + return; + } + + if (tst_bit(info,i)) { + wrtwarning("free(): already free chunk.\n"); + return; + } + + set_bit(info,i); + info->free++; + + mp = page_dir + info->shift; + + if (info->free == 1) { + + /* Page became non-full */ + + mp = page_dir + info->shift; + /* Insert in address order */ + while (*mp && (*mp)->next && (*mp)->next->page < info->page) + mp = &(*mp)->next; + info->next = *mp; + *mp = info; + return; + } + + if (info->free != info->total) + return; + + /* Find & remove this page in the queue */ + while (*mp != info) { + mp = &((*mp)->next); +#ifdef EXTRA_SANITY + if (!*mp) + wrterror("(ES): Not on queue\n"); +#endif /* EXTRA_SANITY */ + } + *mp = info->next; + + /* Free the page & the info structure if need be */ + page_dir[ptr2index(info->page)] = MALLOC_FIRST; + vp = info->page; /* Order is important ! */ + if(vp != (void*)info) + free(info); + free(vp); } + +void +free(void *ptr) +{ + struct pginfo *info; + int index; +#ifdef _THREAD_SAFE + int status; +#endif + + /* This is legal */ + if (!ptr) + return; + + if (!initialized) { + wrtwarning("free(): malloc() never got called.\n"); + return; + } + + /* If we're already sinking, don't make matters any worse. */ + if (suicide) + return; + +#ifdef _THREAD_SAFE + _thread_kern_sig_block(&status); #endif + index = ptr2index(ptr); + + if (index < malloc_pageshift) { + wrtwarning("free(): junk pointer (too low)\n"); +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return; + } + + if (index > last_index) { + wrtwarning("free(): junk pointer (too high)\n"); +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return; + } + + info = page_dir[index]; + + if (info < MALLOC_MAGIC) + free_pages(ptr,index,info); + else + free_bytes(ptr,index,info); +#ifdef _THREAD_SAFE + _thread_kern_sig_unblock(status); +#endif + return; +}