1
2 /*--------------------------------------------------------------------*/
3 /*--- An implementation of malloc/free which doesn't use sbrk. ---*/
4 /*--- m_mallocfree.c ---*/
5 /*--------------------------------------------------------------------*/
6
7 /*
8 This file is part of Valgrind, a dynamic binary instrumentation
9 framework.
10
11 Copyright (C) 2000-2010 Julian Seward
12 jseward@acm.org
13
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
18
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
23
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, write to the Free Software
26 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
27 02111-1307, USA.
28
29 The GNU General Public License is contained in the file COPYING.
30 */
31
32 #include "pub_core_basics.h"
33 #include "pub_core_vki.h"
34 #include "pub_core_debuglog.h"
35 #include "pub_core_libcbase.h"
36 #include "pub_core_aspacemgr.h"
37 #include "pub_core_libcassert.h"
38 #include "pub_core_libcfile.h"
39 #include "pub_core_libcprint.h"
40 #include "pub_core_mallocfree.h"
41 #include "pub_core_options.h"
42 #include "pub_core_threadstate.h" // For VG_INVALID_THREADID
43 #include "pub_core_tooliface.h"
44 #include "valgrind.h"
45
46 //zz#include "memcheck/memcheck.h"
47
48 // #define DEBUG_MALLOC // turn on heavyweight debugging machinery
49 // #define VERBOSE_MALLOC // make verbose, esp. in debugging machinery
50
51 /* Number and total size of blocks in free queue. Used by mallinfo(). */
52 Long VG_(free_queue_volume) = 0;
53 Long VG_(free_queue_length) = 0;
54
55 static void cc_analyse_alloc_arena ( ArenaId aid ); /* fwds */
56
57 /*------------------------------------------------------------*/
58 /*--- Main types ---*/
59 /*------------------------------------------------------------*/
60
61 #define N_MALLOC_LISTS 112 // do not change this
62
63 // The amount you can ask for is limited only by sizeof(SizeT)...
64 #define MAX_PSZB (~((SizeT)0x0))
65
66 // Each arena has a sorted array of superblocks, which expands
67 // dynamically. This is its initial size.
68 #define SBLOCKS_SIZE_INITIAL 50
69
70 typedef UChar UByte;
71
72 /* Layout of an in-use block:
73
74 cost center (OPTIONAL) (VG_MIN_MALLOC_SZB bytes, only when h-p enabled)
75 this block total szB (sizeof(SizeT) bytes)
76 red zone bytes (depends on Arena.rz_szB, but >= sizeof(void*))
77 (payload bytes)
78 red zone bytes (depends on Arena.rz_szB, but >= sizeof(void*))
79 this block total szB (sizeof(SizeT) bytes)
80
81 Layout of a block on the free list:
82
83 cost center (OPTIONAL) (VG_MIN_MALLOC_SZB bytes, only when h-p enabled)
84 this block total szB (sizeof(SizeT) bytes)
85 freelist previous ptr (sizeof(void*) bytes)
86 excess red zone bytes (if Arena.rz_szB > sizeof(void*))
87 (payload bytes)
88 excess red zone bytes (if Arena.rz_szB > sizeof(void*))
89 freelist next ptr (sizeof(void*) bytes)
90 this block total szB (sizeof(SizeT) bytes)
91
92 Total size in bytes (bszB) and payload size in bytes (pszB)
93 are related by:
94
95 bszB == pszB + 2*sizeof(SizeT) + 2*a->rz_szB
96
97 when heap profiling is not enabled, and
98
99 bszB == pszB + 2*sizeof(SizeT) + 2*a->rz_szB + VG_MIN_MALLOC_SZB
100
101 when it is enabled. It follows that the minimum overhead per heap
102 block for arenas used by the core is:
103
104 32-bit platforms: 2*4 + 2*4 == 16 bytes
105 64-bit platforms: 2*8 + 2*8 == 32 bytes
106
107 when heap profiling is not enabled, and
108
109 32-bit platforms: 2*4 + 2*4 + 8 == 24 bytes
110 64-bit platforms: 2*8 + 2*8 + 16 == 48 bytes
111
112 when it is enabled. In all cases, extra overhead may be incurred
113 when rounding the payload size up to VG_MIN_MALLOC_SZB.
114
115 Furthermore, both size fields in the block have their least-significant
116 bit set if the block is not in use, and unset if it is in use.
117 (The bottom 3 or so bits are always free for this because of alignment.)
118 A block size of zero is not possible, because a block always has at
119 least two SizeTs and two pointers of overhead.
120
121 Nb: All Block payloads must be VG_MIN_MALLOC_SZB-aligned. This is
122 achieved by ensuring that Superblocks are VG_MIN_MALLOC_SZB-aligned
123 (see newSuperblock() for how), and that the lengths of the following
124 things are a multiple of VG_MIN_MALLOC_SZB:
125 - Superblock admin section lengths (due to elastic padding)
126 - Block admin section (low and high) lengths (due to elastic redzones)
127 - Block payload lengths (due to req_pszB rounding up)
128
129 The heap-profile cost-center field is 8 bytes even on 32 bit
130 platforms. This is so as to keep the payload field 8-aligned. On
131 a 64-bit platform, this cc-field contains a pointer to a const
132 HChar*, which is the cost center name. On 32-bit platforms, the
133 pointer lives in the lower-addressed half of the field, regardless
134 of the endianness of the host.
135 */
136 typedef
137 struct {
138 // No fields are actually used in this struct, because a Block has
139 // many variable sized fields and so can't be accessed
140 // meaningfully with normal fields. So we use access functions all
141 // the time. This struct gives us a type to use, though. Also, we
142 // make sizeof(Block) 1 byte so that we can do arithmetic with the
143 // Block* type in increments of 1!
144 UByte dummy;
145 }
146 Block;
147
148 // A superblock. 'padding' is never used, it just ensures that if the
149 // entire Superblock is aligned to VG_MIN_MALLOC_SZB, then payload_bytes[]
150 // will be too. It can add small amounts of padding unnecessarily -- eg.
151 // 8-bytes on 32-bit machines with an 8-byte VG_MIN_MALLOC_SZB -- because
152 // it's too hard to make a constant expression that works perfectly in all
153 // cases.
154 // payload_bytes[] is made a single big Block when the Superblock is
155 // created, and then can be split and the splittings remerged, but Blocks
156 // always cover its entire length -- there's never any unused bytes at the
157 // end, for example.
158 typedef
159 struct _Superblock {
160 SizeT n_payload_bytes;
161 void* padding2;
162 UByte padding[ VG_MIN_MALLOC_SZB -
163 ((sizeof(struct _Superblock*) + sizeof(SizeT)) %
164 VG_MIN_MALLOC_SZB) ];
165 UByte payload_bytes[0];
166 }
167 Superblock;
168
169 // An arena. 'freelist' is a circular, doubly-linked list. 'rz_szB' is
170 // elastic, in that it can be bigger than asked-for to ensure alignment.
171 typedef
172 struct {
173 Char* name;
174 Bool clientmem; // Allocates in the client address space?
175 SizeT rz_szB; // Red zone size in bytes
176 SizeT min_sblock_szB; // Minimum superblock size in bytes
177 Block* freelist[N_MALLOC_LISTS];
178 // A dynamically expanding, ordered array of (pointers to)
179 // superblocks in the arena. If this array is expanded, which
180 // is rare, the previous space it occupies is simply abandoned.
181 // To avoid having to get yet another block from m_aspacemgr for
182 // the first incarnation of this array, the first allocation of
183 // it is within this struct. If it has to be expanded then the
184 // new space is acquired from m_aspacemgr as you would expect.
185 Superblock** sblocks;
186 SizeT sblocks_size;
187 SizeT sblocks_used;
188 Superblock* sblocks_initial[SBLOCKS_SIZE_INITIAL];
189 // Stats only.
190 SizeT bytes_on_loan;
191 SizeT bytes_mmaped;
192 SizeT bytes_on_loan_max;
193 SizeT next_profile_at;
194 }
195 Arena;
196
197
198 /*------------------------------------------------------------*/
199 /*--- Low-level functions for working with Blocks. ---*/
200 /*------------------------------------------------------------*/
201
202 #define SIZE_T_0x1 ((SizeT)0x1)
203
204 static char* probably_your_fault =
205 "This is probably caused by your program erroneously writing past the\n"
206 "end of a heap block and corrupting heap metadata. If you fix any\n"
207 "invalid writes reported by Memcheck, this assertion failure will\n"
208 "probably go away. Please try that before reporting this as a bug.\n";
209
210 // Mark a bszB as in-use, and not in-use, and remove the in-use attribute.
211 static __inline__
mk_inuse_bszB(SizeT bszB)212 SizeT mk_inuse_bszB ( SizeT bszB )
213 {
214 vg_assert2(bszB != 0, probably_your_fault);
215 return bszB & (~SIZE_T_0x1);
216 }
217 static __inline__
mk_free_bszB(SizeT bszB)218 SizeT mk_free_bszB ( SizeT bszB )
219 {
220 vg_assert2(bszB != 0, probably_your_fault);
221 return bszB | SIZE_T_0x1;
222 }
223 static __inline__
mk_plain_bszB(SizeT bszB)224 SizeT mk_plain_bszB ( SizeT bszB )
225 {
226 vg_assert2(bszB != 0, probably_your_fault);
227 return bszB & (~SIZE_T_0x1);
228 }
229
230 // return either 0 or sizeof(ULong) depending on whether or not
231 // heap profiling is engaged
232 static __inline__
hp_overhead_szB(void)233 SizeT hp_overhead_szB ( void )
234 {
235 return VG_(clo_profile_heap) ? VG_MIN_MALLOC_SZB : 0;
236 }
237
238 //---------------------------------------------------------------------------
239
240 // Get a block's size as stored, ie with the in-use/free attribute.
241 static __inline__
get_bszB_as_is(Block * b)242 SizeT get_bszB_as_is ( Block* b )
243 {
244 UByte* b2 = (UByte*)b;
245 SizeT bszB_lo = *(SizeT*)&b2[0 + hp_overhead_szB()];
246 SizeT bszB_hi = *(SizeT*)&b2[mk_plain_bszB(bszB_lo) - sizeof(SizeT)];
247 vg_assert2(bszB_lo == bszB_hi,
248 "Heap block lo/hi size mismatch: lo = %llu, hi = %llu.\n%s",
249 (ULong)bszB_lo, (ULong)bszB_hi, probably_your_fault);
250 return bszB_lo;
251 }
252
253 // Get a block's plain size, ie. remove the in-use/free attribute.
254 static __inline__
get_bszB(Block * b)255 SizeT get_bszB ( Block* b )
256 {
257 return mk_plain_bszB(get_bszB_as_is(b));
258 }
259
260 // Set the size fields of a block. bszB may have the in-use/free attribute.
261 static __inline__
set_bszB(Block * b,SizeT bszB)262 void set_bszB ( Block* b, SizeT bszB )
263 {
264 UByte* b2 = (UByte*)b;
265 *(SizeT*)&b2[0 + hp_overhead_szB()] = bszB;
266 *(SizeT*)&b2[mk_plain_bszB(bszB) - sizeof(SizeT)] = bszB;
267 }
268
269 //---------------------------------------------------------------------------
270
271 // Does this block have the in-use attribute?
272 static __inline__
is_inuse_block(Block * b)273 Bool is_inuse_block ( Block* b )
274 {
275 SizeT bszB = get_bszB_as_is(b);
276 vg_assert2(bszB != 0, probably_your_fault);
277 return (0 != (bszB & SIZE_T_0x1)) ? False : True;
278 }
279
280 //---------------------------------------------------------------------------
281
282 // Return the lower, upper and total overhead in bytes for a block.
283 // These are determined purely by which arena the block lives in.
284 static __inline__
overhead_szB_lo(Arena * a)285 SizeT overhead_szB_lo ( Arena* a )
286 {
287 return hp_overhead_szB() + sizeof(SizeT) + a->rz_szB;
288 }
289 static __inline__
overhead_szB_hi(Arena * a)290 SizeT overhead_szB_hi ( Arena* a )
291 {
292 return a->rz_szB + sizeof(SizeT);
293 }
294 static __inline__
overhead_szB(Arena * a)295 SizeT overhead_szB ( Arena* a )
296 {
297 return overhead_szB_lo(a) + overhead_szB_hi(a);
298 }
299
300 //---------------------------------------------------------------------------
301
302 // Return the minimum bszB for a block in this arena. Can have zero-length
303 // payloads, so it's the size of the admin bytes.
304 static __inline__
min_useful_bszB(Arena * a)305 SizeT min_useful_bszB ( Arena* a )
306 {
307 return overhead_szB(a);
308 }
309
310 //---------------------------------------------------------------------------
311
312 // Convert payload size <--> block size (both in bytes).
313 static __inline__
pszB_to_bszB(Arena * a,SizeT pszB)314 SizeT pszB_to_bszB ( Arena* a, SizeT pszB )
315 {
316 return pszB + overhead_szB(a);
317 }
318 static __inline__
bszB_to_pszB(Arena * a,SizeT bszB)319 SizeT bszB_to_pszB ( Arena* a, SizeT bszB )
320 {
321 vg_assert2(bszB >= overhead_szB(a), probably_your_fault);
322 return bszB - overhead_szB(a);
323 }
324
325 //---------------------------------------------------------------------------
326
327 // Get a block's payload size.
328 static __inline__
get_pszB(Arena * a,Block * b)329 SizeT get_pszB ( Arena* a, Block* b )
330 {
331 return bszB_to_pszB(a, get_bszB(b));
332 }
333
334 //---------------------------------------------------------------------------
335
336 // Given the addr of a block, return the addr of its payload, and vice versa.
337 static __inline__
get_block_payload(Arena * a,Block * b)338 UByte* get_block_payload ( Arena* a, Block* b )
339 {
340 UByte* b2 = (UByte*)b;
341 return & b2[ overhead_szB_lo(a) ];
342 }
343 // Given the addr of a block's payload, return the addr of the block itself.
344 static __inline__
get_payload_block(Arena * a,UByte * payload)345 Block* get_payload_block ( Arena* a, UByte* payload )
346 {
347 return (Block*)&payload[ -overhead_szB_lo(a) ];
348 }
349
350 //---------------------------------------------------------------------------
351
352 // Set and get the next and previous link fields of a block.
353 static __inline__
set_prev_b(Block * b,Block * prev_p)354 void set_prev_b ( Block* b, Block* prev_p )
355 {
356 UByte* b2 = (UByte*)b;
357 *(Block**)&b2[hp_overhead_szB() + sizeof(SizeT)] = prev_p;
358 }
359 static __inline__
set_next_b(Block * b,Block * next_p)360 void set_next_b ( Block* b, Block* next_p )
361 {
362 UByte* b2 = (UByte*)b;
363 *(Block**)&b2[get_bszB(b) - sizeof(SizeT) - sizeof(void*)] = next_p;
364 }
365 static __inline__
get_prev_b(Block * b)366 Block* get_prev_b ( Block* b )
367 {
368 UByte* b2 = (UByte*)b;
369 return *(Block**)&b2[hp_overhead_szB() + sizeof(SizeT)];
370 }
371 static __inline__
get_next_b(Block * b)372 Block* get_next_b ( Block* b )
373 {
374 UByte* b2 = (UByte*)b;
375 return *(Block**)&b2[get_bszB(b) - sizeof(SizeT) - sizeof(void*)];
376 }
377
378 //---------------------------------------------------------------------------
379
380 // Set and get the cost-center field of a block.
381 static __inline__
set_cc(Block * b,HChar * cc)382 void set_cc ( Block* b, HChar* cc )
383 {
384 UByte* b2 = (UByte*)b;
385 vg_assert( VG_(clo_profile_heap) );
386 *(HChar**)&b2[0] = cc;
387 }
388 static __inline__
get_cc(Block * b)389 HChar* get_cc ( Block* b )
390 {
391 UByte* b2 = (UByte*)b;
392 vg_assert( VG_(clo_profile_heap) );
393 return *(HChar**)&b2[0];
394 }
395
396 //---------------------------------------------------------------------------
397
398 // Get the block immediately preceding this one in the Superblock.
399 static __inline__
get_predecessor_block(Block * b)400 Block* get_predecessor_block ( Block* b )
401 {
402 UByte* b2 = (UByte*)b;
403 SizeT bszB = mk_plain_bszB( (*(SizeT*)&b2[-sizeof(SizeT)]) );
404 return (Block*)&b2[-bszB];
405 }
406
407 //---------------------------------------------------------------------------
408
409 // Read and write the lower and upper red-zone bytes of a block.
410 static __inline__
set_rz_lo_byte(Block * b,UInt rz_byteno,UByte v)411 void set_rz_lo_byte ( Block* b, UInt rz_byteno, UByte v )
412 {
413 UByte* b2 = (UByte*)b;
414 b2[hp_overhead_szB() + sizeof(SizeT) + rz_byteno] = v;
415 }
416 static __inline__
set_rz_hi_byte(Block * b,UInt rz_byteno,UByte v)417 void set_rz_hi_byte ( Block* b, UInt rz_byteno, UByte v )
418 {
419 UByte* b2 = (UByte*)b;
420 b2[get_bszB(b) - sizeof(SizeT) - rz_byteno - 1] = v;
421 }
422 static __inline__
get_rz_lo_byte(Block * b,UInt rz_byteno)423 UByte get_rz_lo_byte ( Block* b, UInt rz_byteno )
424 {
425 UByte* b2 = (UByte*)b;
426 return b2[hp_overhead_szB() + sizeof(SizeT) + rz_byteno];
427 }
428 static __inline__
get_rz_hi_byte(Block * b,UInt rz_byteno)429 UByte get_rz_hi_byte ( Block* b, UInt rz_byteno )
430 {
431 UByte* b2 = (UByte*)b;
432 return b2[get_bszB(b) - sizeof(SizeT) - rz_byteno - 1];
433 }
434
435
436 /*------------------------------------------------------------*/
437 /*--- Arena management ---*/
438 /*------------------------------------------------------------*/
439
440 #define CORE_ARENA_MIN_SZB 1048576
441
442 // The arena structures themselves.
443 static Arena vg_arena[VG_N_ARENAS];
444
445 // Functions external to this module identify arenas using ArenaIds,
446 // not Arena*s. This fn converts the former to the latter.
arenaId_to_ArenaP(ArenaId arena)447 static Arena* arenaId_to_ArenaP ( ArenaId arena )
448 {
449 vg_assert(arena >= 0 && arena < VG_N_ARENAS);
450 return & vg_arena[arena];
451 }
452
453 // Initialise an arena. rz_szB is the minimum redzone size; it might be
454 // made bigger to ensure that VG_MIN_MALLOC_SZB is observed.
455 static
arena_init(ArenaId aid,Char * name,SizeT rz_szB,SizeT min_sblock_szB)456 void arena_init ( ArenaId aid, Char* name, SizeT rz_szB, SizeT min_sblock_szB )
457 {
458 SizeT i;
459 Arena* a = arenaId_to_ArenaP(aid);
460
461 // Ensure redzones are a reasonable size. They must always be at least
462 // the size of a pointer, for holding the prev/next pointer (see the layout
463 // details at the top of this file).
464 vg_assert(rz_szB < 128);
465 if (rz_szB < sizeof(void*)) rz_szB = sizeof(void*);
466
467 vg_assert((min_sblock_szB % VKI_PAGE_SIZE) == 0);
468 a->name = name;
469 a->clientmem = ( VG_AR_CLIENT == aid ? True : False );
470
471 // The size of the low and high admin sections in a block must be a
472 // multiple of VG_MIN_MALLOC_SZB. So we round up the asked-for
473 // redzone size if necessary to achieve this.
474 a->rz_szB = rz_szB;
475 while (0 != overhead_szB_lo(a) % VG_MIN_MALLOC_SZB) a->rz_szB++;
476 vg_assert(overhead_szB_lo(a) - hp_overhead_szB() == overhead_szB_hi(a));
477
478 a->min_sblock_szB = min_sblock_szB;
479 for (i = 0; i < N_MALLOC_LISTS; i++) a->freelist[i] = NULL;
480
481 a->sblocks = & a->sblocks_initial[0];
482 a->sblocks_size = SBLOCKS_SIZE_INITIAL;
483 a->sblocks_used = 0;
484 a->bytes_on_loan = 0;
485 a->bytes_mmaped = 0;
486 a->bytes_on_loan_max = 0;
487 a->next_profile_at = 25 * 1000 * 1000;
488 vg_assert(sizeof(a->sblocks_initial)
489 == SBLOCKS_SIZE_INITIAL * sizeof(Superblock*));
490 }
491
492 /* Print vital stats for an arena. */
VG_(print_all_arena_stats)493 void VG_(print_all_arena_stats) ( void )
494 {
495 UInt i;
496 for (i = 0; i < VG_N_ARENAS; i++) {
497 Arena* a = arenaId_to_ArenaP(i);
498 VG_(message)(Vg_DebugMsg,
499 "%8s: %8ld mmap'd, %8ld/%8ld max/curr\n",
500 a->name, a->bytes_mmaped, a->bytes_on_loan_max, a->bytes_on_loan
501 );
502 }
503 }
504
VG_(print_arena_cc_analysis)505 void VG_(print_arena_cc_analysis) ( void )
506 {
507 UInt i;
508 vg_assert( VG_(clo_profile_heap) );
509 for (i = 0; i < VG_N_ARENAS; i++) {
510 cc_analyse_alloc_arena(i);
511 }
512 }
513
514
515 /* This library is self-initialising, as it makes this more self-contained,
516 less coupled with the outside world. Hence VG_(arena_malloc)() and
517 VG_(arena_free)() below always call ensure_mm_init() to ensure things are
518 correctly initialised.
519
520 We initialise the client arena separately (and later) because the core
521 must do non-client allocation before the tool has a chance to set the
522 client arena's redzone size.
523 */
524 static Bool client_inited = False;
525 static Bool nonclient_inited = False;
526
527 static
ensure_mm_init(ArenaId aid)528 void ensure_mm_init ( ArenaId aid )
529 {
530 static SizeT client_rz_szB = 8; // default: be paranoid
531
532 /* We use checked red zones (of various sizes) for our internal stuff,
533 and an unchecked zone of arbitrary size for the client. Of
534 course the client's red zone can be checked by the tool, eg.
535 by using addressibility maps, but not by the mechanism implemented
536 here, which merely checks at the time of freeing that the red
537 zone bytes are unchanged.
538
539 Nb: redzone sizes are *minimums*; they could be made bigger to ensure
540 alignment. Eg. with 8 byte alignment, on 32-bit machines 4 stays as
541 4, but 16 becomes 20; but on 64-bit machines 4 becomes 8, and 16
542 stays as 16 --- the extra 4 bytes in both are accounted for by the
543 larger prev/next ptr.
544 */
545 if (VG_AR_CLIENT == aid) {
546 Int ar_client_sbszB;
547 if (client_inited) {
548 // This assertion ensures that a tool cannot try to change the client
549 // redzone size with VG_(needs_malloc_replacement)() after this module
550 // has done its first allocation from the client arena.
551 if (VG_(needs).malloc_replacement)
552 vg_assert(client_rz_szB == VG_(tdict).tool_client_redzone_szB);
553 return;
554 }
555
556 // Check and set the client arena redzone size
557 if (VG_(needs).malloc_replacement) {
558 client_rz_szB = VG_(tdict).tool_client_redzone_szB;
559 // 128 is no special figure, just something not too big
560 if (client_rz_szB > 128) {
561 VG_(printf)( "\nTool error:\n"
562 " specified redzone size is too big (%llu)\n",
563 (ULong)client_rz_szB);
564 VG_(exit)(1);
565 }
566 }
567 // Initialise the client arena. On AIX it's important to have
568 // relatively large client blocks so as not to cause excessively
569 // fine-grained interleaving of V and C address space. On Linux
570 // this is irrelevant since aspacem can keep the two spaces
571 // well apart, but not so on AIX. On all platforms though,
572 // increasing the superblock size reduces the number of superblocks
573 // in the client arena, which makes findSb cheaper.
574 # if defined(VGO_aix5)
575 ar_client_sbszB = 16777216;
576 # else
577 ar_client_sbszB = 4194304;
578 # endif
579 arena_init ( VG_AR_CLIENT, "client", client_rz_szB, ar_client_sbszB );
580 client_inited = True;
581
582 } else {
583 if (nonclient_inited) {
584 return;
585 }
586 // Initialise the non-client arenas
587 arena_init ( VG_AR_CORE, "core", 4, 1048576 );
588 arena_init ( VG_AR_TOOL, "tool", 4, 4194304 );
589 arena_init ( VG_AR_DINFO, "dinfo", 4, 1048576 );
590 arena_init ( VG_AR_DEMANGLE, "demangle", 4, 65536 );
591 arena_init ( VG_AR_EXECTXT, "exectxt", 4, 1048576 );
592 arena_init ( VG_AR_ERRORS, "errors", 4, 65536 );
593 arena_init ( VG_AR_TTAUX, "ttaux", 4, 65536 );
594 nonclient_inited = True;
595 }
596
597 # ifdef DEBUG_MALLOC
598 VG_(printf)("ZZZ1\n");
599 VG_(sanity_check_malloc_all)();
600 VG_(printf)("ZZZ2\n");
601 # endif
602 }
603
604
605 /*------------------------------------------------------------*/
606 /*--- Superblock management ---*/
607 /*------------------------------------------------------------*/
608
609 __attribute__((noreturn))
VG_(out_of_memory_NORETURN)610 void VG_(out_of_memory_NORETURN) ( HChar* who, SizeT szB )
611 {
612 static Bool alreadyCrashing = False;
613 ULong tot_alloc = VG_(am_get_anonsize_total)();
614 Char* s1 =
615 "\n"
616 " Valgrind's memory management: out of memory:\n"
617 " %s's request for %llu bytes failed.\n"
618 " %llu bytes have already been allocated.\n"
619 " Valgrind cannot continue. Sorry.\n\n"
620 " There are several possible reasons for this.\n"
621 " - You have some kind of memory limit in place. Look at the\n"
622 " output of 'ulimit -a'. Is there a limit on the size of\n"
623 " virtual memory or address space?\n"
624 " - You have run out of swap space.\n"
625 " - Valgrind has a bug. If you think this is the case or you are\n"
626 " not sure, please let us know and we'll try to fix it.\n"
627 " Please note that programs can take substantially more memory than\n"
628 " normal when running under Valgrind tools, eg. up to twice or\n"
629 " more, depending on the tool. On a 64-bit machine, Valgrind\n"
630 " should be able to make use of up 32GB memory. On a 32-bit\n"
631 " machine, Valgrind should be able to use all the memory available\n"
632 " to a single process, up to 4GB if that's how you have your\n"
633 " kernel configured. Most 32-bit Linux setups allow a maximum of\n"
634 " 3GB per process.\n\n"
635 " Whatever the reason, Valgrind cannot continue. Sorry.\n";
636
637 if (!alreadyCrashing) {
638 alreadyCrashing = True;
639 VG_(message)(Vg_UserMsg, s1, who, (ULong)szB, tot_alloc);
640 } else {
641 VG_(debugLog)(0,"mallocfree", s1, who, (ULong)szB, tot_alloc);
642 }
643
644 VG_(exit)(1);
645 }
646
647
648 // Align ptr p upwards to an align-sized boundary.
649 static
align_upwards(void * p,SizeT align)650 void* align_upwards ( void* p, SizeT align )
651 {
652 Addr a = (Addr)p;
653 if ((a % align) == 0) return (void*)a;
654 return (void*)(a - (a % align) + align);
655 }
656
657 // Support for memfs (tmpfs or hugetlbfs) allocation.
658 // The code is tcmalloc memfs allocator does a similar thing:
659 // http://code.google.com/p/google-perftools/source/browse/trunk/src/memfs_malloc.cc
660
661 static int memfs_fd = -1;
662 static SizeT memfs_base = 0;
663 static SizeT memfs_page_size = 0;
664
MemfsOpen(void)665 static void MemfsOpen(void) {
666 if (VG_(clo_memfs_malloc_path) && memfs_fd == -1) {
667 VG_(printf)("MemfsOpen: attempting to open memfs mount: %s; "
668 "memfs page size=%d ", VG_(clo_memfs_malloc_path),
669 VG_(clo_memfs_page_size));
670 SysRes sres = VG_(open)(VG_(clo_memfs_malloc_path),
671 VKI_O_RDWR | VKI_O_CREAT | VKI_O_TRUNC, 0666);
672 if (!sr_isError(sres)) {
673 memfs_fd = sr_Res(sres);
674 tl_assert(memfs_fd >= 0);
675 VG_(printf)("... ok\n");
676 memfs_page_size = VG_(clo_memfs_page_size) * 1024;
677 } else {
678 VG_(clo_memfs_malloc_path) = NULL;
679 VG_(printf)("... failed\n");
680 }
681 }
682 }
683
MemfsRoundUp(SizeT size)684 static SizeT MemfsRoundUp(SizeT size) {
685 SizeT new_size = size;
686 if (memfs_page_size != 0) {
687 new_size = ((size + memfs_page_size - 1) / memfs_page_size)
688 * memfs_page_size;
689 }
690 return new_size;
691 }
692
MemfsAlloc(SizeT size)693 static SysRes MemfsAlloc(SizeT size) {
694 VG_(printf)("MemfsAlloc: size=%ld base=%ld ", size, memfs_base);
695
696 /* Make sure the file is large enough.
697 Not needed for hugetlbfs, but needed for tmpfs and regular files. */
698 VG_(ftruncate)(memfs_fd, memfs_base + size);
699
700 SysRes sres = VG_(am_mmap_file_float_valgrind_with_flags)
701 (size, VKI_PROT_WRITE|VKI_PROT_READ, VKI_MAP_SHARED, memfs_fd, memfs_base);
702
703 memfs_base += size;
704
705 // try to access mem to fail early if something is wrong.
706 char *mem = (char*)sr_Res(sres);
707 mem[0] = 0;
708 mem[size / 2] = 0;
709 mem[size - 1] = 0;
710
711 if (sr_isError(sres)) {
712 VG_(printf)("... failed\n");
713 } else {
714 VG_(printf)("... ok; res=%p\n", (void*)sr_Res(sres));
715 }
716 return sres;
717 }
718
719 // If not enough memory available, either aborts (for non-client memory)
720 // or returns 0 (for client memory).
721 static
newSuperblock(Arena * a,SizeT cszB)722 Superblock* newSuperblock ( Arena* a, SizeT cszB )
723 {
724 Superblock* sb;
725 SysRes sres;
726
727 // Take into account admin bytes in the Superblock.
728 cszB += sizeof(Superblock);
729
730 if (cszB < a->min_sblock_szB) cszB = a->min_sblock_szB;
731 cszB = VG_PGROUNDUP(cszB);
732
733 MemfsOpen();
734 cszB = MemfsRoundUp(cszB);
735
736 if (a->clientmem) {
737 // client allocation -- return 0 to client if it fails
738 if (memfs_fd >= 0) {
739 sres = MemfsAlloc(cszB);
740 } else {
741 sres = VG_(am_sbrk_anon_float_client)
742 ( cszB, VKI_PROT_READ|VKI_PROT_WRITE|VKI_PROT_EXEC );
743 }
744 if (sr_isError(sres))
745 return 0;
746 sb = (Superblock*)(AddrH)sr_Res(sres);
747 // Mark this segment as containing client heap. The leak
748 // checker needs to be able to identify such segments so as not
749 // to use them as sources of roots during leak checks.
750 VG_(am_set_segment_isCH_if_SkAnonC)(
751 (NSegment*) VG_(am_find_nsegment)( (Addr)sb )
752 );
753 } else {
754 // non-client allocation -- abort if it fails
755 if (memfs_fd >= 0) {
756 sres = MemfsAlloc(cszB);
757 } else {
758 sres = VG_(am_sbrk_anon_float_valgrind)( cszB );
759 }
760 if (sr_isError(sres)) {
761 VG_(out_of_memory_NORETURN)("newSuperblock", cszB);
762 /* NOTREACHED */
763 sb = NULL; /* keep gcc happy */
764 } else {
765 sb = (Superblock*)(AddrH)sr_Res(sres);
766 }
767 }
768 vg_assert(NULL != sb);
769 //zzVALGRIND_MAKE_MEM_UNDEFINED(sb, cszB);
770 vg_assert(0 == (Addr)sb % VG_MIN_MALLOC_SZB);
771 sb->n_payload_bytes = cszB - sizeof(Superblock);
772 a->bytes_mmaped += cszB;
773 VG_(debugLog)(1, "mallocfree",
774 "newSuperblock at %p (pszB %7ld) owner %s/%s\n",
775 sb, sb->n_payload_bytes,
776 a->clientmem ? "CLIENT" : "VALGRIND", a->name );
777 return sb;
778 }
779
780 // Find the superblock containing the given chunk.
781 static
findSb(Arena * a,Block * b)782 Superblock* findSb ( Arena* a, Block* b )
783 {
784 SizeT min = 0;
785 SizeT max = a->sblocks_used;
786
787 while (min <= max) {
788 Superblock * sb;
789 SizeT pos = min + (max - min)/2;
790
791 vg_assert(pos >= 0 && pos < a->sblocks_used);
792 sb = a->sblocks[pos];
793 if ((Block*)&sb->payload_bytes[0] <= b
794 && b < (Block*)&sb->payload_bytes[sb->n_payload_bytes])
795 {
796 return sb;
797 } else if ((Block*)&sb->payload_bytes[0] <= b) {
798 min = pos + 1;
799 } else {
800 max = pos - 1;
801 }
802 }
803 VG_(printf)("findSb: can't find pointer %p in arena '%s'\n",
804 b, a->name );
805 VG_(core_panic)("findSb: VG_(arena_free)() in wrong arena?");
806 return NULL; /*NOTREACHED*/
807 }
808
809
810 /*------------------------------------------------------------*/
811 /*--- Functions for working with freelists. ---*/
812 /*------------------------------------------------------------*/
813
814 // Nb: Determination of which freelist a block lives on is based on the
815 // payload size, not block size.
816
817 // Convert a payload size in bytes to a freelist number.
818 static
pszB_to_listNo(SizeT pszB)819 UInt pszB_to_listNo ( SizeT pszB )
820 {
821 SizeT n = pszB / VG_MIN_MALLOC_SZB;
822 vg_assert(0 == pszB % VG_MIN_MALLOC_SZB);
823
824 // The first 64 lists hold blocks of size VG_MIN_MALLOC_SZB * list_num.
825 // The final 48 hold bigger blocks.
826 if (n < 64) return (UInt)n;
827 /* Exponential slope up, factor 1.05 */
828 if (n < 67) return 64;
829 if (n < 70) return 65;
830 if (n < 74) return 66;
831 if (n < 77) return 67;
832 if (n < 81) return 68;
833 if (n < 85) return 69;
834 if (n < 90) return 70;
835 if (n < 94) return 71;
836 if (n < 99) return 72;
837 if (n < 104) return 73;
838 if (n < 109) return 74;
839 if (n < 114) return 75;
840 if (n < 120) return 76;
841 if (n < 126) return 77;
842 if (n < 133) return 78;
843 if (n < 139) return 79;
844 /* Exponential slope up, factor 1.10 */
845 if (n < 153) return 80;
846 if (n < 169) return 81;
847 if (n < 185) return 82;
848 if (n < 204) return 83;
849 if (n < 224) return 84;
850 if (n < 247) return 85;
851 if (n < 272) return 86;
852 if (n < 299) return 87;
853 if (n < 329) return 88;
854 if (n < 362) return 89;
855 if (n < 398) return 90;
856 if (n < 438) return 91;
857 if (n < 482) return 92;
858 if (n < 530) return 93;
859 if (n < 583) return 94;
860 if (n < 641) return 95;
861 /* Exponential slope up, factor 1.20 */
862 if (n < 770) return 96;
863 if (n < 924) return 97;
864 if (n < 1109) return 98;
865 if (n < 1331) return 99;
866 if (n < 1597) return 100;
867 if (n < 1916) return 101;
868 if (n < 2300) return 102;
869 if (n < 2760) return 103;
870 if (n < 3312) return 104;
871 if (n < 3974) return 105;
872 if (n < 4769) return 106;
873 if (n < 5723) return 107;
874 if (n < 6868) return 108;
875 if (n < 8241) return 109;
876 if (n < 9890) return 110;
877 return 111;
878 }
879
880 // What is the minimum payload size for a given list?
881 static
listNo_to_pszB_min(UInt listNo)882 SizeT listNo_to_pszB_min ( UInt listNo )
883 {
884 /* Repeatedly computing this function at every request is
885 expensive. Hence at the first call just cache the result for
886 every possible argument. */
887 static SizeT cache[N_MALLOC_LISTS];
888 static Bool cache_valid = False;
889 if (!cache_valid) {
890 UInt i;
891 for (i = 0; i < N_MALLOC_LISTS; i++) {
892 SizeT pszB = 0;
893 while (pszB_to_listNo(pszB) < i)
894 pszB += VG_MIN_MALLOC_SZB;
895 cache[i] = pszB;
896 }
897 cache_valid = True;
898 }
899 /* Returned cached answer. */
900 vg_assert(listNo <= N_MALLOC_LISTS);
901 return cache[listNo];
902 }
903
904 // What is the maximum payload size for a given list?
905 static
listNo_to_pszB_max(UInt listNo)906 SizeT listNo_to_pszB_max ( UInt listNo )
907 {
908 vg_assert(listNo <= N_MALLOC_LISTS);
909 if (listNo == N_MALLOC_LISTS-1) {
910 return MAX_PSZB;
911 } else {
912 return listNo_to_pszB_min(listNo+1) - 1;
913 }
914 }
915
916
917 /* A nasty hack to try and reduce fragmentation. Try and replace
918 a->freelist[lno] with another block on the same list but with a
919 lower address, with the idea of attempting to recycle the same
920 blocks rather than cruise through the address space. */
921 static
swizzle(Arena * a,UInt lno)922 void swizzle ( Arena* a, UInt lno )
923 {
924 Block* p_best;
925 Block* pp;
926 Block* pn;
927 UInt i;
928
929 p_best = a->freelist[lno];
930 if (p_best == NULL) return;
931
932 pn = pp = p_best;
933
934 // This loop bound was 20 for a long time, but experiments showed that
935 // reducing it to 10 gave the same result in all the tests, and 5 got the
936 // same result in 85--100% of cases. And it's called often enough to be
937 // noticeable in programs that allocated a lot.
938 for (i = 0; i < 5; i++) {
939 pn = get_next_b(pn);
940 pp = get_prev_b(pp);
941 if (pn < p_best) p_best = pn;
942 if (pp < p_best) p_best = pp;
943 }
944 if (p_best < a->freelist[lno]) {
945 # ifdef VERBOSE_MALLOC
946 VG_(printf)("retreat by %ld\n", (Word)(a->freelist[lno] - p_best));
947 # endif
948 a->freelist[lno] = p_best;
949 }
950 }
951
952
953 /*------------------------------------------------------------*/
954 /*--- Sanity-check/debugging machinery. ---*/
955 /*------------------------------------------------------------*/
956
957 #define REDZONE_LO_MASK 0x31
958 #define REDZONE_HI_MASK 0x7c
959
960 // Do some crude sanity checks on a Block.
961 static
blockSane(Arena * a,Block * b)962 Bool blockSane ( Arena* a, Block* b )
963 {
964 # define BLEAT(str) VG_(printf)("blockSane: fail -- %s\n",str)
965 UInt i;
966 // The lo and hi size fields will be checked (indirectly) by the call
967 // to get_rz_hi_byte().
968 if (!a->clientmem && is_inuse_block(b)) {
969 for (i = 0; i < a->rz_szB; i++) {
970 if (get_rz_lo_byte(b, i) !=
971 (UByte)(((Addr)b&0xff) ^ REDZONE_LO_MASK))
972 {BLEAT("redzone-lo");return False;}
973 if (get_rz_hi_byte(b, i) !=
974 (UByte)(((Addr)b&0xff) ^ REDZONE_HI_MASK))
975 {BLEAT("redzone-hi");return False;}
976 }
977 }
978 return True;
979 # undef BLEAT
980 }
981
982 // Print superblocks (only for debugging).
983 static
ppSuperblocks(Arena * a)984 void ppSuperblocks ( Arena* a )
985 {
986 UInt i, j, blockno = 1;
987 SizeT b_bszB;
988
989 for (j = 0; j < a->sblocks_used; ++j) {
990 Superblock * sb = a->sblocks[j];
991
992 VG_(printf)( "\n" );
993 VG_(printf)( "superblock %d at %p, sb->n_pl_bs = %lu\n",
994 blockno++, sb, sb->n_payload_bytes);
995 for (i = 0; i < sb->n_payload_bytes; i += b_bszB) {
996 Block* b = (Block*)&sb->payload_bytes[i];
997 b_bszB = get_bszB(b);
998 VG_(printf)( " block at %d, bszB %lu: ", i, b_bszB );
999 VG_(printf)( "%s, ", is_inuse_block(b) ? "inuse" : "free");
1000 VG_(printf)( "%s\n", blockSane(a, b) ? "ok" : "BAD" );
1001 }
1002 vg_assert(i == sb->n_payload_bytes); // no overshoot at end of Sb
1003 }
1004 VG_(printf)( "end of superblocks\n\n" );
1005 }
1006
1007 // Sanity check both the superblocks and the chains.
sanity_check_malloc_arena(ArenaId aid)1008 static void sanity_check_malloc_arena ( ArenaId aid )
1009 {
1010 UInt i, j, superblockctr, blockctr_sb, blockctr_li;
1011 UInt blockctr_sb_free, listno;
1012 SizeT b_bszB, b_pszB, list_min_pszB, list_max_pszB;
1013 Bool thisFree, lastWasFree, sblockarrOK;
1014 Block* b;
1015 Block* b_prev;
1016 SizeT arena_bytes_on_loan;
1017 Arena* a;
1018
1019 # define BOMB VG_(core_panic)("sanity_check_malloc_arena")
1020
1021 a = arenaId_to_ArenaP(aid);
1022
1023 // Check the superblock array.
1024 sblockarrOK
1025 = a->sblocks != NULL
1026 && a->sblocks_size >= SBLOCKS_SIZE_INITIAL
1027 && a->sblocks_used <= a->sblocks_size
1028 && (a->sblocks_size == SBLOCKS_SIZE_INITIAL
1029 ? (a->sblocks == &a->sblocks_initial[0])
1030 : (a->sblocks != &a->sblocks_initial[0]));
1031 if (!sblockarrOK) {
1032 VG_(printf)("sanity_check_malloc_arena: sblock array BAD\n");
1033 BOMB;
1034 }
1035
1036 // First, traverse all the superblocks, inspecting the Blocks in each.
1037 superblockctr = blockctr_sb = blockctr_sb_free = 0;
1038 arena_bytes_on_loan = 0;
1039 for (j = 0; j < a->sblocks_used; ++j) {
1040 Superblock * sb = a->sblocks[j];
1041 lastWasFree = False;
1042 superblockctr++;
1043 for (i = 0; i < sb->n_payload_bytes; i += mk_plain_bszB(b_bszB)) {
1044 blockctr_sb++;
1045 b = (Block*)&sb->payload_bytes[i];
1046 b_bszB = get_bszB_as_is(b);
1047 if (!blockSane(a, b)) {
1048 VG_(printf)("sanity_check_malloc_arena: sb %p, block %d "
1049 "(bszB %lu): BAD\n", sb, i, b_bszB );
1050 BOMB;
1051 }
1052 thisFree = !is_inuse_block(b);
1053 if (thisFree && lastWasFree) {
1054 VG_(printf)("sanity_check_malloc_arena: sb %p, block %d "
1055 "(bszB %lu): UNMERGED FREES\n", sb, i, b_bszB );
1056 BOMB;
1057 }
1058 if (thisFree) blockctr_sb_free++;
1059 if (!thisFree)
1060 arena_bytes_on_loan += bszB_to_pszB(a, b_bszB);
1061 lastWasFree = thisFree;
1062 }
1063 if (i > sb->n_payload_bytes) {
1064 VG_(printf)( "sanity_check_malloc_arena: sb %p: last block "
1065 "overshoots end\n", sb);
1066 BOMB;
1067 }
1068 }
1069
1070 if (arena_bytes_on_loan != a->bytes_on_loan) {
1071 # ifdef VERBOSE_MALLOC
1072 VG_(printf)( "sanity_check_malloc_arena: a->bytes_on_loan %ld, "
1073 "arena_bytes_on_loan %ld: "
1074 "MISMATCH\n", a->bytes_on_loan, arena_bytes_on_loan);
1075 # endif
1076 ppSuperblocks(a);
1077 BOMB;
1078 }
1079
1080 /* Second, traverse each list, checking that the back pointers make
1081 sense, counting blocks encountered, and checking that each block
1082 is an appropriate size for this list. */
1083 blockctr_li = 0;
1084 for (listno = 0; listno < N_MALLOC_LISTS; listno++) {
1085 list_min_pszB = listNo_to_pszB_min(listno);
1086 list_max_pszB = listNo_to_pszB_max(listno);
1087 b = a->freelist[listno];
1088 if (b == NULL) continue;
1089 while (True) {
1090 b_prev = b;
1091 b = get_next_b(b);
1092 if (get_prev_b(b) != b_prev) {
1093 VG_(printf)( "sanity_check_malloc_arena: list %d at %p: "
1094 "BAD LINKAGE\n",
1095 listno, b );
1096 BOMB;
1097 }
1098 b_pszB = get_pszB(a, b);
1099 if (b_pszB < list_min_pszB || b_pszB > list_max_pszB) {
1100 VG_(printf)(
1101 "sanity_check_malloc_arena: list %d at %p: "
1102 "WRONG CHAIN SIZE %luB (%luB, %luB)\n",
1103 listno, b, b_pszB, list_min_pszB, list_max_pszB );
1104 BOMB;
1105 }
1106 blockctr_li++;
1107 if (b == a->freelist[listno]) break;
1108 }
1109 }
1110
1111 if (blockctr_sb_free != blockctr_li) {
1112 # ifdef VERBOSE_MALLOC
1113 VG_(printf)( "sanity_check_malloc_arena: BLOCK COUNT MISMATCH "
1114 "(via sbs %d, via lists %d)\n",
1115 blockctr_sb_free, blockctr_li );
1116 # endif
1117 ppSuperblocks(a);
1118 BOMB;
1119 }
1120
1121 if (VG_(clo_verbosity) > 2)
1122 VG_(message)(Vg_DebugMsg,
1123 "%8s: %2d sbs, %5d bs, %2d/%-2d free bs, "
1124 "%7ld mmap, %7ld loan\n",
1125 a->name,
1126 superblockctr,
1127 blockctr_sb, blockctr_sb_free, blockctr_li,
1128 a->bytes_mmaped, a->bytes_on_loan);
1129 # undef BOMB
1130 }
1131
1132
1133 #define N_AN_CCS 1000
1134
1135 typedef struct { ULong nBytes; ULong nBlocks; HChar* cc; } AnCC;
1136
1137 static AnCC anCCs[N_AN_CCS];
1138
cmp_AnCC_by_vol(void * v1,void * v2)1139 static Int cmp_AnCC_by_vol ( void* v1, void* v2 ) {
1140 AnCC* ancc1 = (AnCC*)v1;
1141 AnCC* ancc2 = (AnCC*)v2;
1142 if (ancc1->nBytes < ancc2->nBytes) return -1;
1143 if (ancc1->nBytes > ancc2->nBytes) return 1;
1144 return 0;
1145 }
1146
cc_analyse_alloc_arena(ArenaId aid)1147 static void cc_analyse_alloc_arena ( ArenaId aid )
1148 {
1149 Word i, j, k;
1150 Arena* a;
1151 Block* b;
1152 Bool thisFree, lastWasFree;
1153 SizeT b_bszB;
1154
1155 HChar* cc;
1156 UInt n_ccs = 0;
1157 //return;
1158 a = arenaId_to_ArenaP(aid);
1159 if (a->name == NULL) {
1160 /* arena is not in use, is not initialised and will fail the
1161 sanity check that follows. */
1162 return;
1163 }
1164
1165 sanity_check_malloc_arena(aid);
1166
1167 VG_(printf)(
1168 "-------- Arena \"%s\": %ld mmap'd, %ld/%ld max/curr --------\n",
1169 a->name, a->bytes_mmaped, a->bytes_on_loan_max, a->bytes_on_loan
1170 );
1171
1172 for (j = 0; j < a->sblocks_used; ++j) {
1173 Superblock * sb = a->sblocks[j];
1174 lastWasFree = False;
1175 for (i = 0; i < sb->n_payload_bytes; i += mk_plain_bszB(b_bszB)) {
1176 b = (Block*)&sb->payload_bytes[i];
1177 b_bszB = get_bszB_as_is(b);
1178 if (!blockSane(a, b)) {
1179 VG_(printf)("sanity_check_malloc_arena: sb %p, block %ld "
1180 "(bszB %lu): BAD\n", sb, i, b_bszB );
1181 tl_assert(0);
1182 }
1183 thisFree = !is_inuse_block(b);
1184 if (thisFree && lastWasFree) {
1185 VG_(printf)("sanity_check_malloc_arena: sb %p, block %ld "
1186 "(bszB %lu): UNMERGED FREES\n", sb, i, b_bszB );
1187 tl_assert(0);
1188 }
1189 lastWasFree = thisFree;
1190
1191 if (thisFree) continue;
1192
1193 if (0)
1194 VG_(printf)("block: inUse=%d pszB=%d cc=%s\n",
1195 (Int)(!thisFree),
1196 (Int)bszB_to_pszB(a, b_bszB),
1197 get_cc(b));
1198 cc = get_cc(b);
1199 tl_assert(cc);
1200 for (k = 0; k < n_ccs; k++) {
1201 tl_assert(anCCs[k].cc);
1202 if (0 == VG_(strcmp)(cc, anCCs[k].cc))
1203 break;
1204 }
1205 tl_assert(k >= 0 && k <= n_ccs);
1206
1207 if (k == n_ccs) {
1208 tl_assert(n_ccs < N_AN_CCS-1);
1209 n_ccs++;
1210 anCCs[k].nBytes = 0;
1211 anCCs[k].nBlocks = 0;
1212 anCCs[k].cc = cc;
1213 }
1214
1215 tl_assert(k >= 0 && k < n_ccs && k < N_AN_CCS);
1216 anCCs[k].nBytes += (ULong)bszB_to_pszB(a, b_bszB);
1217 anCCs[k].nBlocks++;
1218 }
1219 if (i > sb->n_payload_bytes) {
1220 VG_(printf)( "sanity_check_malloc_arena: sb %p: last block "
1221 "overshoots end\n", sb);
1222 tl_assert(0);
1223 }
1224 }
1225
1226 VG_(ssort)( &anCCs[0], n_ccs, sizeof(anCCs[0]), cmp_AnCC_by_vol );
1227
1228 for (k = 0; k < n_ccs; k++) {
1229 VG_(printf)("%'13llu in %'9llu: %s\n",
1230 anCCs[k].nBytes, anCCs[k].nBlocks, anCCs[k].cc );
1231 }
1232
1233 VG_(printf)("\n");
1234 }
1235
1236
VG_(sanity_check_malloc_all)1237 void VG_(sanity_check_malloc_all) ( void )
1238 {
1239 UInt i;
1240 for (i = 0; i < VG_N_ARENAS; i++) {
1241 if (i == VG_AR_CLIENT && !client_inited)
1242 continue;
1243 sanity_check_malloc_arena ( i );
1244 }
1245 }
1246
1247
1248 /*------------------------------------------------------------*/
1249 /*--- Creating and deleting blocks. ---*/
1250 /*------------------------------------------------------------*/
1251
1252 // Mark the bytes at b .. b+bszB-1 as not in use, and add them to the
1253 // relevant free list.
1254
1255 static
mkFreeBlock(Arena * a,Block * b,SizeT bszB,UInt b_lno)1256 void mkFreeBlock ( Arena* a, Block* b, SizeT bszB, UInt b_lno )
1257 {
1258 SizeT pszB = bszB_to_pszB(a, bszB);
1259 vg_assert(b_lno == pszB_to_listNo(pszB));
1260 //zzVALGRIND_MAKE_MEM_UNDEFINED(b, bszB);
1261 // Set the size fields and indicate not-in-use.
1262 set_bszB(b, mk_free_bszB(bszB));
1263
1264 // Add to the relevant list.
1265 if (a->freelist[b_lno] == NULL) {
1266 set_prev_b(b, b);
1267 set_next_b(b, b);
1268 a->freelist[b_lno] = b;
1269 } else {
1270 Block* b_prev = get_prev_b(a->freelist[b_lno]);
1271 Block* b_next = a->freelist[b_lno];
1272 set_next_b(b_prev, b);
1273 set_prev_b(b_next, b);
1274 set_next_b(b, b_next);
1275 set_prev_b(b, b_prev);
1276 }
1277 # ifdef DEBUG_MALLOC
1278 (void)blockSane(a,b);
1279 # endif
1280 }
1281
1282 // Mark the bytes at b .. b+bszB-1 as in use, and set up the block
1283 // appropriately.
1284 static
mkInuseBlock(Arena * a,Block * b,SizeT bszB)1285 void mkInuseBlock ( Arena* a, Block* b, SizeT bszB )
1286 {
1287 UInt i;
1288 vg_assert(bszB >= min_useful_bszB(a));
1289 //zzVALGRIND_MAKE_MEM_UNDEFINED(b, bszB);
1290 set_bszB(b, mk_inuse_bszB(bszB));
1291 set_prev_b(b, NULL); // Take off freelist
1292 set_next_b(b, NULL); // ditto
1293 if (!a->clientmem) {
1294 for (i = 0; i < a->rz_szB; i++) {
1295 set_rz_lo_byte(b, i, (UByte)(((Addr)b&0xff) ^ REDZONE_LO_MASK));
1296 set_rz_hi_byte(b, i, (UByte)(((Addr)b&0xff) ^ REDZONE_HI_MASK));
1297 }
1298 }
1299 # ifdef DEBUG_MALLOC
1300 (void)blockSane(a,b);
1301 # endif
1302 }
1303
1304 // Remove a block from a given list. Does no sanity checking.
1305 static
unlinkBlock(Arena * a,Block * b,UInt listno)1306 void unlinkBlock ( Arena* a, Block* b, UInt listno )
1307 {
1308 vg_assert(listno < N_MALLOC_LISTS);
1309 if (get_prev_b(b) == b) {
1310 // Only one element in the list; treat it specially.
1311 vg_assert(get_next_b(b) == b);
1312 a->freelist[listno] = NULL;
1313 } else {
1314 Block* b_prev = get_prev_b(b);
1315 Block* b_next = get_next_b(b);
1316 a->freelist[listno] = b_prev;
1317 set_next_b(b_prev, b_next);
1318 set_prev_b(b_next, b_prev);
1319 swizzle ( a, listno );
1320 }
1321 set_prev_b(b, NULL);
1322 set_next_b(b, NULL);
1323 }
1324
1325
1326 /*------------------------------------------------------------*/
1327 /*--- Core-visible functions. ---*/
1328 /*------------------------------------------------------------*/
1329
1330 // Align the request size.
1331 static __inline__
align_req_pszB(SizeT req_pszB)1332 SizeT align_req_pszB ( SizeT req_pszB )
1333 {
1334 SizeT n = VG_MIN_MALLOC_SZB-1;
1335 return ((req_pszB + n) & (~n));
1336 }
1337
VG_(arena_malloc)1338 void* VG_(arena_malloc) ( ArenaId aid, HChar* cc, SizeT req_pszB )
1339 {
1340 SizeT req_bszB, frag_bszB, b_bszB;
1341 UInt lno, i;
1342 Superblock* new_sb;
1343 Block* b = NULL;
1344 Arena* a;
1345 void* v;
1346
1347 ensure_mm_init(aid);
1348 a = arenaId_to_ArenaP(aid);
1349
1350 vg_assert(req_pszB < MAX_PSZB);
1351 req_pszB = align_req_pszB(req_pszB);
1352 req_bszB = pszB_to_bszB(a, req_pszB);
1353
1354 // You must provide a cost-center name against which to charge
1355 // this allocation; it isn't optional.
1356 vg_assert(cc);
1357
1358 // Scan through all the big-enough freelists for a block.
1359 //
1360 // Nb: this scanning might be expensive in some cases. Eg. if you
1361 // allocate lots of small objects without freeing them, but no
1362 // medium-sized objects, it will repeatedly scanning through the whole
1363 // list, and each time not find any free blocks until the last element.
1364 //
1365 // If this becomes a noticeable problem... the loop answers the question
1366 // "where is the first nonempty list above me?" And most of the time,
1367 // you ask the same question and get the same answer. So it would be
1368 // good to somehow cache the results of previous searches.
1369 // One possibility is an array (with N_MALLOC_LISTS elements) of
1370 // shortcuts. shortcut[i] would give the index number of the nearest
1371 // larger list above list i which is non-empty. Then this loop isn't
1372 // necessary. However, we'd have to modify some section [ .. i-1] of the
1373 // shortcut array every time a list [i] changes from empty to nonempty or
1374 // back. This would require care to avoid pathological worst-case
1375 // behaviour.
1376 //
1377 for (lno = pszB_to_listNo(req_pszB); lno < N_MALLOC_LISTS; lno++) {
1378 b = a->freelist[lno];
1379 if (NULL == b) continue; // If this list is empty, try the next one.
1380 while (True) {
1381 b_bszB = get_bszB(b);
1382 if (b_bszB >= req_bszB) goto obtained_block; // success!
1383 b = get_next_b(b);
1384 if (b == a->freelist[lno]) break; // traversed entire freelist
1385 }
1386 }
1387
1388 // If we reach here, no suitable block found, allocate a new superblock
1389 vg_assert(lno == N_MALLOC_LISTS);
1390 new_sb = newSuperblock(a, req_bszB);
1391 if (NULL == new_sb) {
1392 // Should only fail if for client, otherwise, should have aborted
1393 // already.
1394 vg_assert(VG_AR_CLIENT == aid);
1395 return NULL;
1396 }
1397
1398 vg_assert(a->sblocks_used <= a->sblocks_size);
1399 if (a->sblocks_used == a->sblocks_size) {
1400 Superblock ** array;
1401 SysRes sres = VG_(am_sbrk_anon_float_valgrind)(sizeof(Superblock *) *
1402 a->sblocks_size * 2);
1403 if (sr_isError(sres)) {
1404 VG_(out_of_memory_NORETURN)("arena_init", sizeof(Superblock *) *
1405 a->sblocks_size * 2);
1406 /* NOTREACHED */
1407 }
1408 array = (Superblock**)(AddrH)sr_Res(sres);
1409 for (i = 0; i < a->sblocks_used; ++i) array[i] = a->sblocks[i];
1410
1411 a->sblocks_size *= 2;
1412 a->sblocks = array;
1413 VG_(debugLog)(1, "mallocfree",
1414 "sblock array for arena `%s' resized to %ld\n",
1415 a->name, a->sblocks_size);
1416 }
1417
1418 vg_assert(a->sblocks_used < a->sblocks_size);
1419
1420 i = a->sblocks_used;
1421 while (i > 0) {
1422 if (a->sblocks[i-1] > new_sb) {
1423 a->sblocks[i] = a->sblocks[i-1];
1424 } else {
1425 break;
1426 }
1427 --i;
1428 }
1429 a->sblocks[i] = new_sb;
1430 a->sblocks_used++;
1431
1432 b = (Block*)&new_sb->payload_bytes[0];
1433 lno = pszB_to_listNo(bszB_to_pszB(a, new_sb->n_payload_bytes));
1434 mkFreeBlock ( a, b, new_sb->n_payload_bytes, lno);
1435 if (VG_(clo_profile_heap))
1436 set_cc(b, "admin.free-new-sb-1");
1437 // fall through
1438
1439 obtained_block:
1440 // Ok, we can allocate from b, which lives in list lno.
1441 vg_assert(b != NULL);
1442 vg_assert(lno < N_MALLOC_LISTS);
1443 vg_assert(a->freelist[lno] != NULL);
1444 b_bszB = get_bszB(b);
1445 // req_bszB is the size of the block we are after. b_bszB is the
1446 // size of what we've actually got. */
1447 vg_assert(b_bszB >= req_bszB);
1448
1449 // Could we split this block and still get a useful fragment?
1450 frag_bszB = b_bszB - req_bszB;
1451 if (frag_bszB >= min_useful_bszB(a)) {
1452 // Yes, split block in two, put the fragment on the appropriate free
1453 // list, and update b_bszB accordingly.
1454 // printf( "split %dB into %dB and %dB\n", b_bszB, req_bszB, frag_bszB );
1455 unlinkBlock(a, b, lno);
1456 mkInuseBlock(a, b, req_bszB);
1457 if (VG_(clo_profile_heap))
1458 set_cc(b, cc);
1459 mkFreeBlock(a, &b[req_bszB], frag_bszB,
1460 pszB_to_listNo(bszB_to_pszB(a, frag_bszB)));
1461 if (VG_(clo_profile_heap))
1462 set_cc(&b[req_bszB], "admin.fragmentation-1");
1463 b_bszB = get_bszB(b);
1464 } else {
1465 // No, mark as in use and use as-is.
1466 unlinkBlock(a, b, lno);
1467 mkInuseBlock(a, b, b_bszB);
1468 if (VG_(clo_profile_heap))
1469 set_cc(b, cc);
1470 }
1471
1472 // Update stats
1473 a->bytes_on_loan += bszB_to_pszB(a, b_bszB);
1474 if (a->bytes_on_loan > a->bytes_on_loan_max) {
1475 a->bytes_on_loan_max = a->bytes_on_loan;
1476 if (a->bytes_on_loan_max >= a->next_profile_at) {
1477 /* next profile after 10% more growth */
1478 a->next_profile_at
1479 = (SizeT)(
1480 (((ULong)a->bytes_on_loan_max) * 110ULL) / 100ULL );
1481 if (VG_(clo_profile_heap))
1482 cc_analyse_alloc_arena(aid);
1483 }
1484 }
1485
1486 # ifdef DEBUG_MALLOC
1487 sanity_check_malloc_arena(aid);
1488 # endif
1489
1490 v = get_block_payload(a, b);
1491 vg_assert( (((Addr)v) & (VG_MIN_MALLOC_SZB-1)) == 0 );
1492
1493 /* VALGRIND_MALLOCLIKE_BLOCK(v, req_pszB, 0, False); */
1494
1495 /* For debugging/testing purposes, fill the newly allocated area
1496 with a definite value in an attempt to shake out any
1497 uninitialised uses of the data (by V core / V tools, not by the
1498 client). Testing on 25 Nov 07 with the values 0x00, 0xFF, 0x55,
1499 0xAA showed no differences in the regression tests on
1500 amd64-linux. Note, is disabled by default. */
1501 if (0 && aid != VG_AR_CLIENT)
1502 VG_(memset)(v, 0xAA, (SizeT)req_pszB);
1503
1504 return v;
1505 }
1506
1507
VG_(arena_free)1508 void VG_(arena_free) ( ArenaId aid, void* ptr )
1509 {
1510 Superblock* sb;
1511 UByte* sb_start;
1512 UByte* sb_end;
1513 Block* other_b;
1514 Block* b;
1515 SizeT b_bszB, b_pszB, other_bszB;
1516 UInt b_listno;
1517 Arena* a;
1518
1519 ensure_mm_init(aid);
1520 a = arenaId_to_ArenaP(aid);
1521
1522 if (ptr == NULL) {
1523 return;
1524 }
1525
1526 b = get_payload_block(a, ptr);
1527
1528 /* If this is one of V's areas, check carefully the block we're
1529 getting back. This picks up simple block-end overruns. */
1530 if (aid != VG_AR_CLIENT)
1531 vg_assert(blockSane(a, b));
1532
1533 b_bszB = get_bszB(b);
1534 b_pszB = bszB_to_pszB(a, b_bszB);
1535 sb = findSb( a, b );
1536 sb_start = &sb->payload_bytes[0];
1537 sb_end = &sb->payload_bytes[sb->n_payload_bytes - 1];
1538
1539 a->bytes_on_loan -= b_pszB;
1540
1541 /* If this is one of V's areas, fill it up with junk to enhance the
1542 chances of catching any later reads of it. Note, 0xDD is
1543 carefully chosen junk :-), in that: (1) 0xDDDDDDDD is an invalid
1544 and non-word-aligned address on most systems, and (2) 0xDD is a
1545 value which is unlikely to be generated by the new compressed
1546 Vbits representation for memcheck. */
1547 if (aid != VG_AR_CLIENT)
1548 VG_(memset)(ptr, 0xDD, (SizeT)b_pszB);
1549
1550 // Put this chunk back on a list somewhere.
1551 b_listno = pszB_to_listNo(b_pszB);
1552 mkFreeBlock( a, b, b_bszB, b_listno );
1553 if (VG_(clo_profile_heap))
1554 set_cc(b, "admin.free-1");
1555
1556 // See if this block can be merged with its successor.
1557 // First test if we're far enough before the superblock's end to possibly
1558 // have a successor.
1559 other_b = b + b_bszB;
1560 if (other_b+min_useful_bszB(a)-1 <= (Block*)sb_end) {
1561 // Ok, we have a successor, merge if it's not in use.
1562 other_bszB = get_bszB(other_b);
1563 if (!is_inuse_block(other_b)) {
1564 // VG_(printf)( "merge-successor\n");
1565 # ifdef DEBUG_MALLOC
1566 vg_assert(blockSane(a, other_b));
1567 # endif
1568 unlinkBlock( a, b, b_listno );
1569 unlinkBlock( a, other_b, pszB_to_listNo(bszB_to_pszB(a,other_bszB)) );
1570 b_bszB += other_bszB;
1571 b_listno = pszB_to_listNo(bszB_to_pszB(a, b_bszB));
1572 mkFreeBlock( a, b, b_bszB, b_listno );
1573 if (VG_(clo_profile_heap))
1574 set_cc(b, "admin.free-2");
1575 }
1576 } else {
1577 // Not enough space for successor: check that b is the last block
1578 // ie. there are no unused bytes at the end of the Superblock.
1579 vg_assert(other_b-1 == (Block*)sb_end);
1580 }
1581
1582 // Then see if this block can be merged with its predecessor.
1583 // First test if we're far enough after the superblock's start to possibly
1584 // have a predecessor.
1585 if (b >= (Block*)sb_start + min_useful_bszB(a)) {
1586 // Ok, we have a predecessor, merge if it's not in use.
1587 other_b = get_predecessor_block( b );
1588 other_bszB = get_bszB(other_b);
1589 if (!is_inuse_block(other_b)) {
1590 // VG_(printf)( "merge-predecessor\n");
1591 unlinkBlock( a, b, b_listno );
1592 unlinkBlock( a, other_b, pszB_to_listNo(bszB_to_pszB(a, other_bszB)) );
1593 b = other_b;
1594 b_bszB += other_bszB;
1595 b_listno = pszB_to_listNo(bszB_to_pszB(a, b_bszB));
1596 mkFreeBlock( a, b, b_bszB, b_listno );
1597 if (VG_(clo_profile_heap))
1598 set_cc(b, "admin.free-3");
1599 }
1600 } else {
1601 // Not enough space for predecessor: check that b is the first block,
1602 // ie. there are no unused bytes at the start of the Superblock.
1603 vg_assert((Block*)sb_start == b);
1604 }
1605
1606 # ifdef DEBUG_MALLOC
1607 sanity_check_malloc_arena(aid);
1608 # endif
1609
1610 //zzVALGRIND_FREELIKE_BLOCK(ptr, 0);
1611 }
1612
1613
1614 /*
1615 The idea for malloc_aligned() is to allocate a big block, base, and
1616 then split it into two parts: frag, which is returned to the the
1617 free pool, and align, which is the bit we're really after. Here's
1618 a picture. L and H denote the block lower and upper overheads, in
1619 bytes. The details are gruesome. Note it is slightly complicated
1620 because the initial request to generate base may return a bigger
1621 block than we asked for, so it is important to distinguish the base
1622 request size and the base actual size.
1623
1624 frag_b align_b
1625 | |
1626 | frag_p | align_p
1627 | | | |
1628 v v v v
1629
1630 +---+ +---+---+ +---+
1631 | L |----------------| H | L |---------------| H |
1632 +---+ +---+---+ +---+
1633
1634 ^ ^ ^
1635 | | :
1636 | base_p this addr must be aligned
1637 |
1638 base_b
1639
1640 . . . . . . .
1641 <------ frag_bszB -------> . . .
1642 . <------------- base_pszB_act -----------> .
1643 . . . . . . .
1644
1645 */
VG_(arena_memalign)1646 void* VG_(arena_memalign) ( ArenaId aid, HChar* cc,
1647 SizeT req_alignB, SizeT req_pszB )
1648 {
1649 SizeT base_pszB_req, base_pszB_act, frag_bszB;
1650 Block *base_b, *align_b;
1651 UByte *base_p, *align_p;
1652 SizeT saved_bytes_on_loan;
1653 Arena* a;
1654
1655 ensure_mm_init(aid);
1656 a = arenaId_to_ArenaP(aid);
1657
1658 vg_assert(req_pszB < MAX_PSZB);
1659
1660 // You must provide a cost-center name against which to charge
1661 // this allocation; it isn't optional.
1662 vg_assert(cc);
1663
1664 // Check that the requested alignment seems reasonable; that is, is
1665 // a power of 2.
1666 if (req_alignB < VG_MIN_MALLOC_SZB
1667 || req_alignB > 1048576
1668 || VG_(log2)( req_alignB ) == -1 /* not a power of 2 */) {
1669 VG_(printf)("VG_(arena_memalign)(%p, %lu, %lu)\n"
1670 "bad alignment value %lu\n"
1671 "(it is too small, too big, or not a power of two)",
1672 a, req_alignB, req_pszB, req_alignB );
1673 VG_(core_panic)("VG_(arena_memalign)");
1674 /*NOTREACHED*/
1675 }
1676 // Paranoid
1677 vg_assert(req_alignB % VG_MIN_MALLOC_SZB == 0);
1678
1679 /* Required payload size for the aligned chunk. */
1680 req_pszB = align_req_pszB(req_pszB);
1681
1682 /* Payload size to request for the big block that we will split up. */
1683 base_pszB_req = req_pszB + min_useful_bszB(a) + req_alignB;
1684
1685 /* Payload ptr for the block we are going to split. Note this
1686 changes a->bytes_on_loan; we save and restore it ourselves. */
1687 saved_bytes_on_loan = a->bytes_on_loan;
1688 base_p = VG_(arena_malloc) ( aid, cc, base_pszB_req );
1689 a->bytes_on_loan = saved_bytes_on_loan;
1690
1691 /* Give up if we couldn't allocate enough space */
1692 if (base_p == 0)
1693 return 0;
1694
1695 /* Block ptr for the block we are going to split. */
1696 base_b = get_payload_block ( a, base_p );
1697
1698 /* Pointer to the payload of the aligned block we are going to
1699 return. This has to be suitably aligned. */
1700 align_p = align_upwards ( base_b + 2 * overhead_szB_lo(a)
1701 + overhead_szB_hi(a),
1702 req_alignB );
1703 align_b = get_payload_block(a, align_p);
1704
1705 /* The block size of the fragment we will create. This must be big
1706 enough to actually create a fragment. */
1707 frag_bszB = align_b - base_b;
1708
1709 vg_assert(frag_bszB >= min_useful_bszB(a));
1710
1711 /* The actual payload size of the block we are going to split. */
1712 base_pszB_act = get_pszB(a, base_b);
1713
1714 /* Create the fragment block, and put it back on the relevant free list. */
1715 mkFreeBlock ( a, base_b, frag_bszB,
1716 pszB_to_listNo(bszB_to_pszB(a, frag_bszB)) );
1717 if (VG_(clo_profile_heap))
1718 set_cc(base_b, "admin.frag-memalign-1");
1719
1720 /* Create the aligned block. */
1721 mkInuseBlock ( a, align_b,
1722 base_p + base_pszB_act
1723 + overhead_szB_hi(a) - (UByte*)align_b );
1724 if (VG_(clo_profile_heap))
1725 set_cc(align_b, cc);
1726
1727 /* Final sanity checks. */
1728 vg_assert( is_inuse_block(get_payload_block(a, align_p)) );
1729
1730 vg_assert(req_pszB <= get_pszB(a, get_payload_block(a, align_p)));
1731
1732 a->bytes_on_loan += get_pszB(a, get_payload_block(a, align_p));
1733 if (a->bytes_on_loan > a->bytes_on_loan_max)
1734 a->bytes_on_loan_max = a->bytes_on_loan;
1735
1736 # ifdef DEBUG_MALLOC
1737 sanity_check_malloc_arena(aid);
1738 # endif
1739
1740 vg_assert( (((Addr)align_p) % req_alignB) == 0 );
1741
1742 //zzVALGRIND_MALLOCLIKE_BLOCK(align_p, req_pszB, 0, False);
1743
1744 return align_p;
1745 }
1746
1747
VG_(arena_malloc_usable_size)1748 SizeT VG_(arena_malloc_usable_size) ( ArenaId aid, void* ptr )
1749 {
1750 Arena* a = arenaId_to_ArenaP(aid);
1751 Block* b = get_payload_block(a, ptr);
1752 return get_pszB(a, b);
1753 }
1754
1755
1756 // Implementation of mallinfo(). There is no recent standard that defines
1757 // the behavior of mallinfo(). The meaning of the fields in struct mallinfo
1758 // is as follows:
1759 //
1760 // struct mallinfo {
1761 // int arena; /* total space in arena */
1762 // int ordblks; /* number of ordinary blocks */
1763 // int smblks; /* number of small blocks */
1764 // int hblks; /* number of holding blocks */
1765 // int hblkhd; /* space in holding block headers */
1766 // int usmblks; /* space in small blocks in use */
1767 // int fsmblks; /* space in free small blocks */
1768 // int uordblks; /* space in ordinary blocks in use */
1769 // int fordblks; /* space in free ordinary blocks */
1770 // int keepcost; /* space penalty if keep option */
1771 // /* is used */
1772 // };
1773 //
1774 // The glibc documentation about mallinfo (which is somewhat outdated) can
1775 // be found here:
1776 // http://www.gnu.org/software/libtool/manual/libc/Statistics-of-Malloc.html
1777 //
1778 // See also http://bugs.kde.org/show_bug.cgi?id=160956.
1779 //
1780 // Regarding the implementation of VG_(mallinfo)(): we cannot return the
1781 // whole struct as the library function does, because this is called by a
1782 // client request. So instead we use a pointer to do call by reference.
VG_(mallinfo)1783 void VG_(mallinfo) ( ThreadId tid, struct vg_mallinfo* mi )
1784 {
1785 UWord i, free_blocks, free_blocks_size;
1786 Arena* a = arenaId_to_ArenaP(VG_AR_CLIENT);
1787
1788 // Traverse free list and calculate free blocks statistics.
1789 // This may seem slow but glibc works the same way.
1790 free_blocks_size = free_blocks = 0;
1791 for (i = 0; i < N_MALLOC_LISTS; i++) {
1792 Block* b = a->freelist[i];
1793 if (b == NULL) continue;
1794 for (;;) {
1795 free_blocks++;
1796 free_blocks_size += (UWord)get_pszB(a, b);
1797 b = get_next_b(b);
1798 if (b == a->freelist[i]) break;
1799 }
1800 }
1801
1802 // We don't have fastbins so smblks & fsmblks are always 0. Also we don't
1803 // have a separate mmap allocator so set hblks & hblkhd to 0.
1804 mi->arena = a->bytes_mmaped;
1805 mi->ordblks = free_blocks + VG_(free_queue_length);
1806 mi->smblks = 0;
1807 mi->hblks = 0;
1808 mi->hblkhd = 0;
1809 mi->usmblks = 0;
1810 mi->fsmblks = 0;
1811 mi->uordblks = a->bytes_on_loan - VG_(free_queue_volume);
1812 mi->fordblks = free_blocks_size + VG_(free_queue_volume);
1813 mi->keepcost = 0; // may want some value in here
1814 }
1815
1816
1817 /*------------------------------------------------------------*/
1818 /*--- Services layered on top of malloc/free. ---*/
1819 /*------------------------------------------------------------*/
1820
VG_(arena_calloc)1821 void* VG_(arena_calloc) ( ArenaId aid, HChar* cc,
1822 SizeT nmemb, SizeT bytes_per_memb )
1823 {
1824 SizeT size;
1825 UChar* p;
1826
1827 size = nmemb * bytes_per_memb;
1828 vg_assert(size >= nmemb && size >= bytes_per_memb);// check against overflow
1829
1830 p = VG_(arena_malloc) ( aid, cc, size );
1831
1832 VG_(memset)(p, 0, size);
1833
1834 //zzVALGRIND_MALLOCLIKE_BLOCK(p, size, 0, True);
1835
1836 return p;
1837 }
1838
1839
VG_(arena_realloc)1840 void* VG_(arena_realloc) ( ArenaId aid, HChar* cc,
1841 void* ptr, SizeT req_pszB )
1842 {
1843 Arena* a;
1844 SizeT old_pszB;
1845 UChar *p_new;
1846 Block* b;
1847
1848 ensure_mm_init(aid);
1849 a = arenaId_to_ArenaP(aid);
1850
1851 vg_assert(req_pszB < MAX_PSZB);
1852
1853 if (NULL == ptr) {
1854 return VG_(arena_malloc)(aid, cc, req_pszB);
1855 }
1856
1857 if (req_pszB == 0) {
1858 VG_(arena_free)(aid, ptr);
1859 return NULL;
1860 }
1861
1862 b = get_payload_block(a, ptr);
1863 vg_assert(blockSane(a, b));
1864
1865 vg_assert(is_inuse_block(b));
1866 old_pszB = get_pszB(a, b);
1867
1868 if (req_pszB <= old_pszB) {
1869 return ptr;
1870 }
1871
1872 p_new = VG_(arena_malloc) ( aid, cc, req_pszB );
1873
1874 VG_(memcpy)(p_new, ptr, old_pszB);
1875
1876 VG_(arena_free)(aid, ptr);
1877
1878 return p_new;
1879 }
1880
1881
1882 /* Inline just for the wrapper VG_(strdup) below */
VG_(arena_strdup)1883 __inline__ Char* VG_(arena_strdup) ( ArenaId aid, HChar* cc,
1884 const Char* s )
1885 {
1886 Int i;
1887 Int len;
1888 Char* res;
1889
1890 if (s == NULL)
1891 return NULL;
1892
1893 len = VG_(strlen)(s) + 1;
1894 res = VG_(arena_malloc) (aid, cc, len);
1895
1896 for (i = 0; i < len; i++)
1897 res[i] = s[i];
1898 return res;
1899 }
1900
1901
1902 /*------------------------------------------------------------*/
1903 /*--- Tool-visible functions. ---*/
1904 /*------------------------------------------------------------*/
1905
1906 // All just wrappers to avoid exposing arenas to tools.
1907
VG_(malloc)1908 void* VG_(malloc) ( HChar* cc, SizeT nbytes )
1909 {
1910 return VG_(arena_malloc) ( VG_AR_TOOL, cc, nbytes );
1911 }
1912
VG_(free)1913 void VG_(free) ( void* ptr )
1914 {
1915 VG_(arena_free) ( VG_AR_TOOL, ptr );
1916 }
1917
VG_(calloc)1918 void* VG_(calloc) ( HChar* cc, SizeT nmemb, SizeT bytes_per_memb )
1919 {
1920 return VG_(arena_calloc) ( VG_AR_TOOL, cc, nmemb, bytes_per_memb );
1921 }
1922
VG_(realloc)1923 void* VG_(realloc) ( HChar* cc, void* ptr, SizeT size )
1924 {
1925 return VG_(arena_realloc) ( VG_AR_TOOL, cc, ptr, size );
1926 }
1927
VG_(strdup)1928 Char* VG_(strdup) ( HChar* cc, const Char* s )
1929 {
1930 return VG_(arena_strdup) ( VG_AR_TOOL, cc, s );
1931 }
1932
1933 // Useful for querying user blocks.
VG_(malloc_usable_size)1934 SizeT VG_(malloc_usable_size) ( void* p )
1935 {
1936 return VG_(arena_malloc_usable_size)(VG_AR_CLIENT, p);
1937 }
1938
1939
1940 /*--------------------------------------------------------------------*/
1941 /*--- end ---*/
1942 /*--------------------------------------------------------------------*/
1943