1 /*
2 * tc.alloc.c (Caltech) 2/21/82
3 * Chris Kingsley, kingsley@cit-20.
4 *
5 * This is a very fast storage allocator. It allocates blocks of a small
6 * number of different sizes, and keeps free lists of each size. Blocks that
7 * don't exactly fit are passed up to the next larger size. In this
8 * implementation, the available sizes are 2^n-4 (or 2^n-12) bytes long.
9 * This is designed for use in a program that uses vast quantities of memory,
10 * but bombs when it runs out.
11 */
12 /*-
13 * Copyright (c) 1980, 1991 The Regents of the University of California.
14 * All rights reserved.
15 *
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions
18 * are met:
19 * 1. Redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in the
23 * documentation and/or other materials provided with the distribution.
24 * 3. Neither the name of the University nor the names of its contributors
25 * may be used to endorse or promote products derived from this software
26 * without specific prior written permission.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * SUCH DAMAGE.
39 */
40 #include "sh.h"
41 #ifdef HAVE_MALLINFO
42 #include <malloc.h>
43 #endif
44 #if defined(HAVE_SBRK) && !defined(__APPLE__)
45 #define USE_SBRK
46 #endif
47
48 #define RCHECK
49 #define DEBUG
50
51 static char *memtop = NULL; /* PWP: top of current memory */
52 static char *membot = NULL; /* PWP: bottom of allocatable memory */
53
54 int dont_free = 0;
55
56 #ifdef WINNT_NATIVE
57 # define malloc fmalloc
58 # define free ffree
59 # define calloc fcalloc
60 # define realloc frealloc
61 #endif /* WINNT_NATIVE */
62
63 #if !defined(DEBUG) || defined(SYSMALLOC)
64 static void
out_of_memory(void)65 out_of_memory (void)
66 {
67 static const char msg[] = "Out of memory\n";
68
69 TCSH_IGNORE(write(didfds ? 2 : SHDIAG, msg, strlen(msg)));
70 _exit(1);
71 }
72 #endif
73
74 #ifndef SYSMALLOC
75
76 #ifdef SX
77 extern void* sbrk();
78 #endif
79 /*
80 * Lots of os routines are busted and try to free invalid pointers.
81 * Although our free routine is smart enough and it will pick bad
82 * pointers most of the time, in cases where we know we are going to get
83 * a bad pointer, we'd rather leak.
84 */
85
86 #ifndef NULL
87 #define NULL 0
88 #endif
89
90 typedef unsigned char U_char; /* we don't really have signed chars */
91 typedef unsigned int U_int;
92 typedef unsigned short U_short;
93 typedef unsigned long U_long;
94
95
96 /*
97 * The overhead on a block is at least 4 bytes. When free, this space
98 * contains a pointer to the next free block, and the bottom two bits must
99 * be zero. When in use, the first byte is set to MAGIC, and the second
100 * byte is the size index. The remaining bytes are for alignment.
101 * If range checking is enabled and the size of the block fits
102 * in two bytes, then the top two bytes hold the size of the requested block
103 * plus the range checking words, and the header word MINUS ONE.
104 */
105
106
107 #define MEMALIGN(a) (((a) + ROUNDUP) & ~ROUNDUP)
108
109 union overhead {
110 union overhead *ov_next; /* when free */
111 struct {
112 U_char ovu_magic; /* magic number */
113 U_char ovu_index; /* bucket # */
114 #ifdef RCHECK
115 U_short ovu_size; /* actual block size */
116 U_int ovu_rmagic; /* range magic number */
117 #endif
118 } ovu;
119 #define ov_magic ovu.ovu_magic
120 #define ov_index ovu.ovu_index
121 #define ov_size ovu.ovu_size
122 #define ov_rmagic ovu.ovu_rmagic
123 };
124
125 #define MAGIC 0xfd /* magic # on accounting info */
126 #define RMAGIC 0x55555555 /* magic # on range info */
127 #ifdef RCHECK
128 #define RSLOP sizeof (U_int)
129 #else
130 #define RSLOP 0
131 #endif
132
133
134 #ifdef _LP64
135 #define ROUNDUP 15
136 #else
137 #define ROUNDUP 7
138 #endif
139
140 /*
141 * nextf[i] is the pointer to the next free block of size 2^(i+3). The
142 * smallest allocatable block is 8 bytes. The overhead information
143 * precedes the data area returned to the user.
144 */
145 #define NBUCKETS ((sizeof(long) << 3) - 3)
146 static union overhead *nextf[NBUCKETS] IZERO_STRUCT;
147
148 /*
149 * nmalloc[i] is the difference between the number of mallocs and frees
150 * for a given block size.
151 */
152 static U_int nmalloc[NBUCKETS] IZERO_STRUCT;
153
154 #ifndef lint
155 static int findbucket (union overhead *, int);
156 static void morecore (int);
157 #endif
158
159
160 #ifdef DEBUG
161 # define CHECK(a, str, p) \
162 if (a) { \
163 xprintf(str, p); \
164 xprintf(" (memtop = %p membot = %p)\n", memtop, membot); \
165 abort(); \
166 }
167 #else
168 # define CHECK(a, str, p) \
169 if (a) { \
170 xprintf(str, p); \
171 xprintf(" (memtop = %p membot = %p)\n", memtop, membot); \
172 return; \
173 }
174 #endif
175
176 memalign_t
malloc(size_t nbytes)177 malloc(size_t nbytes)
178 {
179 #ifndef lint
180 union overhead *p;
181 int bucket = 0;
182 unsigned shiftr;
183
184 /*
185 * Convert amount of memory requested into closest block size stored in
186 * hash buckets which satisfies request. Account for space used per block
187 * for accounting.
188 */
189 #ifdef SUNOS4
190 /*
191 * SunOS localtime() overwrites the 9th byte on an 8 byte malloc()....
192 * so we get one more...
193 * From Michael Schroeder: This is not true. It depends on the
194 * timezone string. In Europe it can overwrite the 13th byte on a
195 * 12 byte malloc.
196 * So we punt and we always allocate an extra byte.
197 */
198 nbytes++;
199 #endif
200
201 nbytes = MEMALIGN(MEMALIGN(sizeof(union overhead)) + nbytes + RSLOP);
202 shiftr = (nbytes - 1) >> 2;
203
204 /* apart from this loop, this is O(1) */
205 while ((shiftr >>= 1) != 0)
206 bucket++;
207 /*
208 * If nothing in hash bucket right now, request more memory from the
209 * system.
210 */
211 if (nextf[bucket] == NULL)
212 morecore(bucket);
213 if ((p = nextf[bucket]) == NULL) {
214 child++;
215 #ifndef DEBUG
216 out_of_memory();
217 #else
218 showall(NULL, NULL);
219 xprintf(CGETS(19, 1, "nbytes=%zu: Out of memory\n"), nbytes);
220 abort();
221 #endif
222 /* fool lint */
223 return ((memalign_t) 0);
224 }
225 /* remove from linked list */
226 nextf[bucket] = nextf[bucket]->ov_next;
227 p->ov_magic = MAGIC;
228 p->ov_index = bucket;
229 nmalloc[bucket]++;
230 #ifdef RCHECK
231 /*
232 * Record allocated size of block and bound space with magic numbers.
233 */
234 p->ov_size = (p->ov_index <= 13) ? (U_short)nbytes - 1 : 0;
235 p->ov_rmagic = RMAGIC;
236 *((U_int *) (((caddr_t) p) + nbytes - RSLOP)) = RMAGIC;
237 #endif
238 return ((memalign_t) (((caddr_t) p) + MEMALIGN(sizeof(union overhead))));
239 #else
240 if (nbytes)
241 return ((memalign_t) 0);
242 else
243 return ((memalign_t) 0);
244 #endif /* !lint */
245 }
246
247 #ifndef lint
248 /*
249 * Allocate more memory to the indicated bucket.
250 */
251 static void
morecore(int bucket)252 morecore(int bucket)
253 {
254 union overhead *op;
255 int rnu; /* 2^rnu bytes will be requested */
256 int nblks; /* become nblks blocks of the desired size */
257 int siz;
258
259 if (nextf[bucket])
260 return;
261 /*
262 * Insure memory is allocated on a page boundary. Should make getpageize
263 * call?
264 */
265 op = (union overhead *) sbrk(0);
266 memtop = (char *) op;
267 if (membot == NULL)
268 membot = memtop;
269 if ((long) op & 0x3ff) {
270 memtop = sbrk((int) (1024 - ((long) op & 0x3ff)));
271 memtop += (long) (1024 - ((long) op & 0x3ff));
272 }
273
274 /* take 2k unless the block is bigger than that */
275 rnu = (bucket <= 8) ? 11 : bucket + 3;
276 nblks = 1 << (rnu - (bucket + 3)); /* how many blocks to get */
277 memtop = sbrk(1 << rnu); /* PWP */
278 op = (union overhead *) memtop;
279 /* no more room! */
280 if ((long) op == -1)
281 return;
282 memtop += (long) (1 << rnu);
283 /*
284 * Round up to minimum allocation size boundary and deduct from block count
285 * to reflect.
286 */
287 if (((U_long) op) & ROUNDUP) {
288 op = (union overhead *) (((U_long) op + (ROUNDUP + 1)) & ~ROUNDUP);
289 nblks--;
290 }
291 /*
292 * Add new memory allocated to that on free list for this hash bucket.
293 */
294 nextf[bucket] = op;
295 siz = 1 << (bucket + 3);
296 while (--nblks > 0) {
297 op->ov_next = (union overhead *) (((caddr_t) op) + siz);
298 op = (union overhead *) (((caddr_t) op) + siz);
299 }
300 op->ov_next = NULL;
301 }
302
303 #endif
304
305 void
free(ptr_t cp)306 free(ptr_t cp)
307 {
308 #ifndef lint
309 int size;
310 union overhead *op;
311
312 /*
313 * the don't free flag is there so that we avoid os bugs in routines
314 * that free invalid pointers!
315 */
316 if (cp == NULL || dont_free)
317 return;
318 CHECK(!memtop || !membot,
319 CGETS(19, 2, "free(%p) called before any allocations."), cp);
320 CHECK(cp > (ptr_t) memtop,
321 CGETS(19, 3, "free(%p) above top of memory."), cp);
322 CHECK(cp < (ptr_t) membot,
323 CGETS(19, 4, "free(%p) below bottom of memory."), cp);
324 op = (union overhead *) (((caddr_t) cp) - MEMALIGN(sizeof(union overhead)));
325 CHECK(op->ov_magic != MAGIC,
326 CGETS(19, 5, "free(%p) bad block."), cp);
327
328 #ifdef RCHECK
329 if (op->ov_index <= 13)
330 CHECK(*(U_int *) ((caddr_t) op + op->ov_size + 1 - RSLOP) != RMAGIC,
331 CGETS(19, 6, "free(%p) bad range check."), cp);
332 #endif
333 CHECK(op->ov_index >= NBUCKETS,
334 CGETS(19, 7, "free(%p) bad block index."), cp);
335 size = op->ov_index;
336 op->ov_next = nextf[size];
337 nextf[size] = op;
338
339 nmalloc[size]--;
340
341 #else
342 if (cp == NULL)
343 return;
344 #endif
345 }
346
347 memalign_t
calloc(size_t i,size_t j)348 calloc(size_t i, size_t j)
349 {
350 #ifndef lint
351 char *cp;
352 volatile size_t k;
353
354 i *= j;
355 cp = xmalloc(i);
356 /* Stop gcc 5.x from optimizing malloc+memset = calloc */
357 k = i;
358 memset(cp, 0, k);
359
360 return ((memalign_t) cp);
361 #else
362 if (i && j)
363 return ((memalign_t) 0);
364 else
365 return ((memalign_t) 0);
366 #endif
367 }
368
369 /*
370 * When a program attempts "storage compaction" as mentioned in the
371 * old malloc man page, it realloc's an already freed block. Usually
372 * this is the last block it freed; occasionally it might be farther
373 * back. We have to search all the free lists for the block in order
374 * to determine its bucket: 1st we make one pass thru the lists
375 * checking only the first block in each; if that fails we search
376 * ``realloc_srchlen'' blocks in each list for a match (the variable
377 * is extern so the caller can modify it). If that fails we just copy
378 * however many bytes was given to realloc() and hope it's not huge.
379 */
380 #ifndef lint
381 /* 4 should be plenty, -1 =>'s whole list */
382 static int realloc_srchlen = 4;
383 #endif /* lint */
384
385 memalign_t
realloc(ptr_t cp,size_t nbytes)386 realloc(ptr_t cp, size_t nbytes)
387 {
388 #ifndef lint
389 U_int onb;
390 union overhead *op;
391 ptr_t res;
392 int i;
393 int was_alloced = 0;
394
395 if (cp == NULL)
396 return (malloc(nbytes));
397 op = (union overhead *) (((caddr_t) cp) - MEMALIGN(sizeof(union overhead)));
398 if (op->ov_magic == MAGIC) {
399 was_alloced++;
400 i = op->ov_index;
401 }
402 else
403 /*
404 * Already free, doing "compaction".
405 *
406 * Search for the old block of memory on the free list. First, check the
407 * most common case (last element free'd), then (this failing) the last
408 * ``realloc_srchlen'' items free'd. If all lookups fail, then assume
409 * the size of the memory block being realloc'd is the smallest
410 * possible.
411 */
412 if ((i = findbucket(op, 1)) < 0 &&
413 (i = findbucket(op, realloc_srchlen)) < 0)
414 i = 0;
415
416 onb = MEMALIGN(nbytes + MEMALIGN(sizeof(union overhead)) + RSLOP);
417
418 /* avoid the copy if same size block */
419 if (was_alloced && (onb <= (U_int) (1 << (i + 3))) &&
420 (onb > (U_int) (1 << (i + 2)))) {
421 #ifdef RCHECK
422 /* JMR: formerly this wasn't updated ! */
423 nbytes = MEMALIGN(MEMALIGN(sizeof(union overhead))+nbytes+RSLOP);
424 *((U_int *) (((caddr_t) op) + nbytes - RSLOP)) = RMAGIC;
425 op->ov_rmagic = RMAGIC;
426 op->ov_size = (op->ov_index <= 13) ? (U_short)nbytes - 1 : 0;
427 #endif
428 return ((memalign_t) cp);
429 }
430 if ((res = malloc(nbytes)) == NULL)
431 return ((memalign_t) NULL);
432 if (cp != res) { /* common optimization */
433 /*
434 * christos: this used to copy nbytes! It should copy the
435 * smaller of the old and new size
436 */
437 onb = (1 << (i + 3)) - MEMALIGN(sizeof(union overhead)) - RSLOP;
438 (void) memmove(res, cp, onb < nbytes ? onb : nbytes);
439 }
440 if (was_alloced)
441 free(cp);
442 return ((memalign_t) res);
443 #else
444 if (cp && nbytes)
445 return ((memalign_t) 0);
446 else
447 return ((memalign_t) 0);
448 #endif /* !lint */
449 }
450
451 /*
452 * On linux, _nss_nis_setnetgrent() calls this function to determine
453 * the usable size of the pointer passed, but this is not a portable
454 * API, so we cannot use our malloc replacement without providing one.
455 * Thanks a lot glibc!
456 */
457 #ifdef __linux__
458 #define M_U_S_CONST
459 #elif defined(__DragonFly__)
460 #define M_U_S_CONST const
461 #else
462 #define M_U_S_CONST
463 #endif
464 size_t malloc_usable_size(M_U_S_CONST void *);
465 size_t
malloc_usable_size(M_U_S_CONST void * ptr)466 malloc_usable_size(M_U_S_CONST void *ptr)
467 {
468 const union overhead *op = (const union overhead *)
469 (((const char *) ptr) - MEMALIGN(sizeof(*op)));
470 if (op->ov_magic == MAGIC)
471 return 1 << (op->ov_index + 3);
472 else
473 return 0;
474 }
475
476
477 #ifndef lint
478 /*
479 * Search ``srchlen'' elements of each free list for a block whose
480 * header starts at ``freep''. If srchlen is -1 search the whole list.
481 * Return bucket number, or -1 if not found.
482 */
483 static int
findbucket(union overhead * freep,int srchlen)484 findbucket(union overhead *freep, int srchlen)
485 {
486 union overhead *p;
487 size_t i;
488 int j;
489
490 for (i = 0; i < NBUCKETS; i++) {
491 j = 0;
492 for (p = nextf[i]; p && j != srchlen; p = p->ov_next) {
493 if (p == freep)
494 return (i);
495 j++;
496 }
497 }
498 return (-1);
499 }
500
501 #endif
502
503
504 #else /* SYSMALLOC */
505
506 /**
507 ** ``Protected versions'' of malloc, realloc, calloc, and free
508 **
509 ** On many systems:
510 **
511 ** 1. malloc(0) is bad
512 ** 2. free(0) is bad
513 ** 3. realloc(0, n) is bad
514 ** 4. realloc(n, 0) is bad
515 **
516 ** Also we call our error routine if we run out of memory.
517 **/
518 memalign_t
smalloc(size_t n)519 smalloc(size_t n)
520 {
521 ptr_t ptr;
522
523 n = n ? n : 1;
524
525 #ifdef USE_SBRK
526 if (membot == NULL)
527 membot = sbrk(0);
528 #endif /* USE_SBRK */
529
530 if ((ptr = malloc(n)) == NULL)
531 out_of_memory();
532 #ifndef USE_SBRK
533 if (memtop < ((char *) ptr) + n)
534 memtop = ((char *) ptr) + n;
535 if (membot == NULL)
536 membot = ptr;
537 #endif /* !USE_SBRK */
538 return ((memalign_t) ptr);
539 }
540
541 memalign_t
srealloc(ptr_t p,size_t n)542 srealloc(ptr_t p, size_t n)
543 {
544 ptr_t ptr;
545
546 n = n ? n : 1;
547
548 #ifdef USE_SBRK
549 if (membot == NULL)
550 membot = sbrk(0);
551 #endif /* USE_SBRK */
552
553 if ((ptr = (p ? realloc(p, n) : malloc(n))) == NULL)
554 out_of_memory();
555 #ifndef USE_SBRK
556 if (memtop < ((char *) ptr) + n)
557 memtop = ((char *) ptr) + n;
558 if (membot == NULL)
559 membot = ptr;
560 #endif /* !USE_SBRK */
561 return ((memalign_t) ptr);
562 }
563
564 memalign_t
scalloc(size_t s,size_t n)565 scalloc(size_t s, size_t n)
566 {
567 ptr_t ptr;
568
569 n *= s;
570 n = n ? n : 1;
571
572 #ifdef USE_SBRK
573 if (membot == NULL)
574 membot = sbrk(0);
575 #endif /* USE_SBRK */
576
577 if ((ptr = malloc(n)) == NULL)
578 out_of_memory();
579
580 memset (ptr, 0, n);
581
582 #ifndef USE_SBRK
583 if (memtop < ((char *) ptr) + n)
584 memtop = ((char *) ptr) + n;
585 if (membot == NULL)
586 membot = ptr;
587 #endif /* !USE_SBRK */
588
589 return ((memalign_t) ptr);
590 }
591
592 void
sfree(ptr_t p)593 sfree(ptr_t p)
594 {
595 if (p && !dont_free)
596 free(p);
597 }
598
599 #endif /* SYSMALLOC */
600
601 /*
602 * mstats - print out statistics about malloc
603 *
604 * Prints two lines of numbers, one showing the length of the free list
605 * for each size category, the second showing the number of mallocs -
606 * frees for each size category.
607 */
608 /*ARGSUSED*/
609 void
showall(Char ** v,struct command * c)610 showall(Char **v, struct command *c)
611 {
612 #ifndef SYSMALLOC
613 size_t i, j;
614 union overhead *p;
615 int totfree = 0, totused = 0;
616
617 xprintf(CGETS(19, 8, "%s current memory allocation:\nfree:\t"), progname);
618 for (i = 0; i < NBUCKETS; i++) {
619 for (j = 0, p = nextf[i]; p; p = p->ov_next, j++)
620 continue;
621 xprintf(" %4zd", j);
622 totfree += j * (1 << (i + 3));
623 }
624 xprintf("\n%s:\t", CGETS(19, 9, "used"));
625 for (i = 0; i < NBUCKETS; i++) {
626 xprintf(" %4d", nmalloc[i]);
627 totused += nmalloc[i] * (1 << (i + 3));
628 }
629 xprintf(CGETS(19, 10, "\n\tTotal in use: %d, total free: %d\n"),
630 totused, totfree);
631 xprintf(CGETS(19, 11,
632 "\tAllocated memory from 0x%lx to 0x%lx. Real top at 0x%lx\n"),
633 (unsigned long) membot, (unsigned long) memtop,
634 (unsigned long) sbrk(0));
635 #else /* SYSMALLOC */
636 #if !defined(HAVE_MALLINFO) && !defined(HAVE_MALLINFO2)
637 #ifdef USE_SBRK
638 memtop = sbrk(0);
639 #endif /* USE_SBRK */
640 xprintf(CGETS(19, 12, "Allocated memory from 0x%lx to 0x%lx (%ld).\n"),
641 (unsigned long) membot, (unsigned long) memtop,
642 (unsigned long) (memtop - membot));
643 #else
644 # if defined(HAVE_MALLINFO2)
645 struct mallinfo2 mi;
646
647 mi = mallinfo2();
648 # else
649 struct mallinfo mi;
650
651 mi = mallinfo();
652 # endif
653 xprintf(CGETS(19, 13, "%s current memory allocation:\n"), progname);
654 xprintf(CGETS(19, 14, "Total space allocated from system: %zu\n"),
655 (size_t)mi.arena);
656 xprintf(CGETS(19, 15, "Number of non-inuse chunks: %zu\n"),
657 (size_t)mi.ordblks);
658 xprintf(CGETS(19, 16, "Number of mmapped regions: %zu\n"),
659 (size_t)mi.hblks);
660 xprintf(CGETS(19, 17, "Total space in mmapped regions: %zu\n"),
661 (size_t)mi.hblkhd);
662 xprintf(CGETS(19, 18, "Total allocated space: %zu\n"),
663 (size_t)mi.uordblks);
664 xprintf(CGETS(19, 19, "Total non-inuse space: %zu\n"),
665 (size_t)mi.fordblks);
666 xprintf(CGETS(19, 20, "Top-most, releasable space: %zu\n"),
667 (size_t)mi.keepcost);
668 #endif /* HAVE_MALLINFO || HAVE_MALLINFO2 */
669 #endif /* SYSMALLOC */
670 USE(c);
671 USE(v);
672 }
673
674 #ifndef SYSMALLOC
675 /* jemalloc defines these */
676 void _malloc_prefork(void);
677 void _malloc_postfork(void);
678 void _malloc_postfork_child(void);
_malloc_prefork(void)679 void _malloc_prefork(void) {}
_malloc_postfork(void)680 void _malloc_postfork(void) {}
_malloc_postfork_child(void)681 void _malloc_postfork_child(void) {}
682 #endif
683