1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
3 * You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #ifndef MOZ_MEMORY
6 # error Should not compile this file when MOZ_MEMORY is not set
7 #endif
8
9 #ifndef MOZ_REPLACE_MALLOC
10 # error Should not compile this file when replace-malloc is disabled
11 #endif
12
13 #ifdef MOZ_SYSTEM_JEMALLOC
14 # error Should not compile this file when we want to use native jemalloc
15 #endif
16
17 #include "mozmemory_wrap.h"
18
19 /* Declare all je_* functions */
20 #define MALLOC_DECL(name, return_type, ...) \
21 return_type je_ ## name(__VA_ARGS__);
22 #include "malloc_decls.h"
23
24 #include "mozilla/Likely.h"
25
26 /*
27 * Windows doesn't come with weak imports as they are possible with
28 * LD_PRELOAD or DYLD_INSERT_LIBRARIES on Linux/OSX. On this platform,
29 * the replacement functions are defined as variable pointers to the
30 * function resolved with GetProcAddress() instead of weak definitions
31 * of functions. On Android, the same needs to happen as well, because
32 * the Android linker doesn't handle weak linking with non LD_PRELOADed
33 * libraries, but LD_PRELOADing is not very convenient on Android, with
34 * the zygote.
35 */
36 #ifdef XP_DARWIN
37 # define MOZ_REPLACE_WEAK __attribute__((weak_import))
38 #elif defined(XP_WIN) || defined(MOZ_WIDGET_ANDROID)
39 # define MOZ_NO_REPLACE_FUNC_DECL
40 #elif defined(__GNUC__)
41 # define MOZ_REPLACE_WEAK __attribute__((weak))
42 #endif
43
44 #include "replace_malloc.h"
45
46 #define MALLOC_DECL(name, return_type, ...) \
47 je_ ## name,
48
49 static const malloc_table_t malloc_table = {
50 #include "malloc_decls.h"
51 };
52
53 #ifdef MOZ_NO_REPLACE_FUNC_DECL
54 # define MALLOC_DECL(name, return_type, ...) \
55 typedef return_type (replace_ ## name ## _impl_t)(__VA_ARGS__); \
56 replace_ ## name ## _impl_t *replace_ ## name = NULL;
57 # define MALLOC_FUNCS MALLOC_FUNCS_ALL
58 # include "malloc_decls.h"
59
60 # ifdef XP_WIN
61 # include <windows.h>
62 static void
replace_malloc_init_funcs()63 replace_malloc_init_funcs()
64 {
65 char replace_malloc_lib[1024];
66 if (GetEnvironmentVariableA("MOZ_REPLACE_MALLOC_LIB", (LPSTR)&replace_malloc_lib,
67 sizeof(replace_malloc_lib)) > 0) {
68 HMODULE handle = LoadLibraryA(replace_malloc_lib);
69 if (handle) {
70 #define MALLOC_DECL(name, ...) \
71 replace_ ## name = (replace_ ## name ## _impl_t *) GetProcAddress(handle, "replace_" # name);
72
73 # define MALLOC_FUNCS MALLOC_FUNCS_ALL
74 #include "malloc_decls.h"
75 }
76 }
77 }
78 # elif defined(MOZ_WIDGET_ANDROID)
79 # include <dlfcn.h>
80 # include <stdlib.h>
81 static void
replace_malloc_init_funcs()82 replace_malloc_init_funcs()
83 {
84 const char *replace_malloc_lib = getenv("MOZ_REPLACE_MALLOC_LIB");
85 if (replace_malloc_lib && *replace_malloc_lib) {
86 void *handle = dlopen(replace_malloc_lib, RTLD_LAZY);
87 if (handle) {
88 #define MALLOC_DECL(name, ...) \
89 replace_ ## name = (replace_ ## name ## _impl_t *) dlsym(handle, "replace_" # name);
90
91 # define MALLOC_FUNCS MALLOC_FUNCS_ALL
92 #include "malloc_decls.h"
93 }
94 }
95 }
96 # else
97 # error No implementation for replace_malloc_init_funcs()
98 # endif
99
100 #endif /* MOZ_NO_REPLACE_FUNC_DECL */
101
102 /*
103 * Below is the malloc implementation overriding jemalloc and calling the
104 * replacement functions if they exist.
105 */
106
107 /*
108 * Malloc implementation functions are MOZ_MEMORY_API, and jemalloc
109 * specific functions MOZ_JEMALLOC_API; see mozmemory_wrap.h
110 */
111 #define MALLOC_DECL(name, return_type, ...) \
112 MOZ_MEMORY_API return_type name ## _impl(__VA_ARGS__);
113 #define MALLOC_FUNCS MALLOC_FUNCS_MALLOC
114 #include "malloc_decls.h"
115
116 #define MALLOC_DECL(name, return_type, ...) \
117 MOZ_JEMALLOC_API return_type name ## _impl(__VA_ARGS__);
118 #define MALLOC_FUNCS MALLOC_FUNCS_JEMALLOC
119 #include "malloc_decls.h"
120
121 static int replace_malloc_initialized = 0;
122 static void
init()123 init()
124 {
125 #ifdef MOZ_NO_REPLACE_FUNC_DECL
126 replace_malloc_init_funcs();
127 #endif
128 // Set this *before* calling replace_init, otherwise if replace_init calls
129 // malloc() we'll get an infinite loop.
130 replace_malloc_initialized = 1;
131 if (replace_init)
132 replace_init(&malloc_table);
133 }
134
135 MFBT_API struct ReplaceMallocBridge*
get_bridge(void)136 get_bridge(void)
137 {
138 if (MOZ_UNLIKELY(!replace_malloc_initialized))
139 init();
140 if (MOZ_LIKELY(!replace_get_bridge))
141 return NULL;
142 return replace_get_bridge();
143 }
144
145 void*
malloc_impl(size_t size)146 malloc_impl(size_t size)
147 {
148 if (MOZ_UNLIKELY(!replace_malloc_initialized))
149 init();
150 if (MOZ_LIKELY(!replace_malloc))
151 return je_malloc(size);
152 return replace_malloc(size);
153 }
154
155 int
posix_memalign_impl(void ** memptr,size_t alignment,size_t size)156 posix_memalign_impl(void **memptr, size_t alignment, size_t size)
157 {
158 if (MOZ_UNLIKELY(!replace_malloc_initialized))
159 init();
160 if (MOZ_LIKELY(!replace_posix_memalign))
161 return je_posix_memalign(memptr, alignment, size);
162 return replace_posix_memalign(memptr, alignment, size);
163 }
164
165 void*
aligned_alloc_impl(size_t alignment,size_t size)166 aligned_alloc_impl(size_t alignment, size_t size)
167 {
168 if (MOZ_UNLIKELY(!replace_malloc_initialized))
169 init();
170 if (MOZ_LIKELY(!replace_aligned_alloc))
171 return je_aligned_alloc(alignment, size);
172 return replace_aligned_alloc(alignment, size);
173 }
174
175 void*
calloc_impl(size_t num,size_t size)176 calloc_impl(size_t num, size_t size)
177 {
178 if (MOZ_UNLIKELY(!replace_malloc_initialized))
179 init();
180 if (MOZ_LIKELY(!replace_calloc))
181 return je_calloc(num, size);
182 return replace_calloc(num, size);
183 }
184
185 void*
realloc_impl(void * ptr,size_t size)186 realloc_impl(void *ptr, size_t size)
187 {
188 if (MOZ_UNLIKELY(!replace_malloc_initialized))
189 init();
190 if (MOZ_LIKELY(!replace_realloc))
191 return je_realloc(ptr, size);
192 return replace_realloc(ptr, size);
193 }
194
195 void
free_impl(void * ptr)196 free_impl(void *ptr)
197 {
198 if (MOZ_UNLIKELY(!replace_malloc_initialized))
199 init();
200 if (MOZ_LIKELY(!replace_free))
201 je_free(ptr);
202 else
203 replace_free(ptr);
204 }
205
206 void*
memalign_impl(size_t alignment,size_t size)207 memalign_impl(size_t alignment, size_t size)
208 {
209 if (MOZ_UNLIKELY(!replace_malloc_initialized))
210 init();
211 if (MOZ_LIKELY(!replace_memalign))
212 return je_memalign(alignment, size);
213 return replace_memalign(alignment, size);
214 }
215
216 void*
valloc_impl(size_t size)217 valloc_impl(size_t size)
218 {
219 if (MOZ_UNLIKELY(!replace_malloc_initialized))
220 init();
221 if (MOZ_LIKELY(!replace_valloc))
222 return je_valloc(size);
223 return replace_valloc(size);
224 }
225
226 size_t
malloc_usable_size_impl(usable_ptr_t ptr)227 malloc_usable_size_impl(usable_ptr_t ptr)
228 {
229 if (MOZ_UNLIKELY(!replace_malloc_initialized))
230 init();
231 if (MOZ_LIKELY(!replace_malloc_usable_size))
232 return je_malloc_usable_size(ptr);
233 return replace_malloc_usable_size(ptr);
234 }
235
236 size_t
malloc_good_size_impl(size_t size)237 malloc_good_size_impl(size_t size)
238 {
239 if (MOZ_UNLIKELY(!replace_malloc_initialized))
240 init();
241 if (MOZ_LIKELY(!replace_malloc_good_size))
242 return je_malloc_good_size(size);
243 return replace_malloc_good_size(size);
244 }
245
246 void
jemalloc_stats_impl(jemalloc_stats_t * stats)247 jemalloc_stats_impl(jemalloc_stats_t *stats)
248 {
249 if (MOZ_UNLIKELY(!replace_malloc_initialized))
250 init();
251 if (MOZ_LIKELY(!replace_jemalloc_stats))
252 je_jemalloc_stats(stats);
253 else
254 replace_jemalloc_stats(stats);
255 }
256
257 void
jemalloc_purge_freed_pages_impl()258 jemalloc_purge_freed_pages_impl()
259 {
260 if (MOZ_UNLIKELY(!replace_malloc_initialized))
261 init();
262 if (MOZ_LIKELY(!replace_jemalloc_purge_freed_pages))
263 je_jemalloc_purge_freed_pages();
264 else
265 replace_jemalloc_purge_freed_pages();
266 }
267
268 void
jemalloc_free_dirty_pages_impl()269 jemalloc_free_dirty_pages_impl()
270 {
271 if (MOZ_UNLIKELY(!replace_malloc_initialized))
272 init();
273 if (MOZ_LIKELY(!replace_jemalloc_free_dirty_pages))
274 je_jemalloc_free_dirty_pages();
275 else
276 replace_jemalloc_free_dirty_pages();
277 }
278
279 /* The following comment and definitions are from jemalloc.c: */
280 #if defined(__GLIBC__) && !defined(__UCLIBC__)
281
282 /*
283 * glibc provides the RTLD_DEEPBIND flag for dlopen which can make it possible
284 * to inconsistently reference libc's malloc(3)-compatible functions
285 * (https://bugzilla.mozilla.org/show_bug.cgi?id=493541).
286 *
287 * These definitions interpose hooks in glibc. The functions are actually
288 * passed an extra argument for the caller return address, which will be
289 * ignored.
290 */
291
292 typedef void (* __free_hook_type)(void *ptr);
293 typedef void *(* __malloc_hook_type)(size_t size);
294 typedef void *(* __realloc_hook_type)(void *ptr, size_t size);
295 typedef void *(* __memalign_hook_type)(size_t alignment, size_t size);
296
297 MOZ_MEMORY_API __free_hook_type __free_hook = free_impl;
298 MOZ_MEMORY_API __malloc_hook_type __malloc_hook = malloc_impl;
299 MOZ_MEMORY_API __realloc_hook_type __realloc_hook = realloc_impl;
300 MOZ_MEMORY_API __memalign_hook_type __memalign_hook = memalign_impl;
301
302 #endif
303
304 /*
305 * The following is a OSX zone allocator implementation.
306 * /!\ WARNING. It assumes the underlying malloc implementation's
307 * malloc_usable_size returns 0 when the given pointer is not owned by
308 * the allocator. Sadly, OSX does call zone_size with pointers not
309 * owned by the allocator.
310 */
311
312 #ifdef XP_DARWIN
313 #include <stdlib.h>
314 #include <malloc/malloc.h>
315 #include "mozilla/Assertions.h"
316
317 static size_t
zone_size(malloc_zone_t * zone,void * ptr)318 zone_size(malloc_zone_t *zone, void *ptr)
319 {
320 return malloc_usable_size_impl(ptr);
321 }
322
323 static void *
zone_malloc(malloc_zone_t * zone,size_t size)324 zone_malloc(malloc_zone_t *zone, size_t size)
325 {
326 return malloc_impl(size);
327 }
328
329 static void *
zone_calloc(malloc_zone_t * zone,size_t num,size_t size)330 zone_calloc(malloc_zone_t *zone, size_t num, size_t size)
331 {
332 return calloc_impl(num, size);
333 }
334
335 static void *
zone_realloc(malloc_zone_t * zone,void * ptr,size_t size)336 zone_realloc(malloc_zone_t *zone, void *ptr, size_t size)
337 {
338 if (malloc_usable_size_impl(ptr))
339 return realloc_impl(ptr, size);
340 return realloc(ptr, size);
341 }
342
343 static void
zone_free(malloc_zone_t * zone,void * ptr)344 zone_free(malloc_zone_t *zone, void *ptr)
345 {
346 if (malloc_usable_size_impl(ptr)) {
347 free_impl(ptr);
348 return;
349 }
350 free(ptr);
351 }
352
353 static void
zone_free_definite_size(malloc_zone_t * zone,void * ptr,size_t size)354 zone_free_definite_size(malloc_zone_t *zone, void *ptr, size_t size)
355 {
356 size_t current_size = malloc_usable_size_impl(ptr);
357 if (current_size) {
358 MOZ_ASSERT(current_size == size);
359 free_impl(ptr);
360 return;
361 }
362 free(ptr);
363 }
364
365 static void *
zone_memalign(malloc_zone_t * zone,size_t alignment,size_t size)366 zone_memalign(malloc_zone_t *zone, size_t alignment, size_t size)
367 {
368 void *ptr;
369 if (posix_memalign_impl(&ptr, alignment, size) == 0)
370 return ptr;
371 return NULL;
372 }
373
374 static void *
zone_valloc(malloc_zone_t * zone,size_t size)375 zone_valloc(malloc_zone_t *zone, size_t size)
376 {
377 return valloc_impl(size);
378 }
379
380 static void *
zone_destroy(malloc_zone_t * zone)381 zone_destroy(malloc_zone_t *zone)
382 {
383 /* This function should never be called. */
384 MOZ_CRASH();
385 }
386
387 static size_t
zone_good_size(malloc_zone_t * zone,size_t size)388 zone_good_size(malloc_zone_t *zone, size_t size)
389 {
390 return malloc_good_size_impl(size);
391 }
392
393 #ifdef MOZ_JEMALLOC
394
395 #include "jemalloc/internal/jemalloc_internal.h"
396
397 static void
zone_force_lock(malloc_zone_t * zone)398 zone_force_lock(malloc_zone_t *zone)
399 {
400 /* /!\ This calls into jemalloc. It works because we're linked in the
401 * same library. Stolen from jemalloc's zone.c. */
402 if (isthreaded)
403 jemalloc_prefork();
404 }
405
406 static void
zone_force_unlock(malloc_zone_t * zone)407 zone_force_unlock(malloc_zone_t *zone)
408 {
409 /* /!\ This calls into jemalloc. It works because we're linked in the
410 * same library. Stolen from jemalloc's zone.c. */
411 if (isthreaded)
412 jemalloc_postfork_parent();
413 }
414
415 #else
416
417 #define JEMALLOC_ZONE_VERSION 6
418
419 /* Empty implementations are needed, because fork() calls zone->force_(un)lock
420 * unconditionally. */
421 static void
zone_force_lock(malloc_zone_t * zone)422 zone_force_lock(malloc_zone_t *zone)
423 {
424 }
425
426 static void
zone_force_unlock(malloc_zone_t * zone)427 zone_force_unlock(malloc_zone_t *zone)
428 {
429 }
430
431 #endif
432
433 static malloc_zone_t zone;
434 static struct malloc_introspection_t zone_introspect;
435
get_default_zone()436 static malloc_zone_t *get_default_zone()
437 {
438 malloc_zone_t **zones = NULL;
439 unsigned int num_zones = 0;
440
441 /*
442 * On OSX 10.12, malloc_default_zone returns a special zone that is not
443 * present in the list of registered zones. That zone uses a "lite zone"
444 * if one is present (apparently enabled when malloc stack logging is
445 * enabled), or the first registered zone otherwise. In practice this
446 * means unless malloc stack logging is enabled, the first registered
447 * zone is the default.
448 * So get the list of zones to get the first one, instead of relying on
449 * malloc_default_zone.
450 */
451 if (KERN_SUCCESS != malloc_get_all_zones(0, NULL, (vm_address_t**) &zones,
452 &num_zones)) {
453 /* Reset the value in case the failure happened after it was set. */
454 num_zones = 0;
455 }
456 if (num_zones) {
457 return zones[0];
458 }
459 return malloc_default_zone();
460 }
461
462
463 __attribute__((constructor)) void
register_zone(void)464 register_zone(void)
465 {
466 malloc_zone_t *default_zone = get_default_zone();
467
468 zone.size = (void *)zone_size;
469 zone.malloc = (void *)zone_malloc;
470 zone.calloc = (void *)zone_calloc;
471 zone.valloc = (void *)zone_valloc;
472 zone.free = (void *)zone_free;
473 zone.realloc = (void *)zone_realloc;
474 zone.destroy = (void *)zone_destroy;
475 zone.zone_name = "replace_malloc_zone";
476 zone.batch_malloc = NULL;
477 zone.batch_free = NULL;
478 zone.introspect = &zone_introspect;
479 zone.version = JEMALLOC_ZONE_VERSION;
480 zone.memalign = zone_memalign;
481 zone.free_definite_size = zone_free_definite_size;
482 #if (JEMALLOC_ZONE_VERSION >= 8)
483 zone.pressure_relief = NULL;
484 #endif
485 zone_introspect.enumerator = NULL;
486 zone_introspect.good_size = (void *)zone_good_size;
487 zone_introspect.check = NULL;
488 zone_introspect.print = NULL;
489 zone_introspect.log = NULL;
490 zone_introspect.force_lock = (void *)zone_force_lock;
491 zone_introspect.force_unlock = (void *)zone_force_unlock;
492 zone_introspect.statistics = NULL;
493 zone_introspect.zone_locked = NULL;
494 #if (JEMALLOC_ZONE_VERSION >= 7)
495 zone_introspect.enable_discharge_checking = NULL;
496 zone_introspect.disable_discharge_checking = NULL;
497 zone_introspect.discharge = NULL;
498 #ifdef __BLOCKS__
499 zone_introspect.enumerate_discharged_pointers = NULL;
500 #else
501 zone_introspect.enumerate_unavailable_without_blocks = NULL;
502 #endif
503 #endif
504
505 /*
506 * The default purgeable zone is created lazily by OSX's libc. It uses
507 * the default zone when it is created for "small" allocations
508 * (< 15 KiB), but assumes the default zone is a scalable_zone. This
509 * obviously fails when the default zone is the jemalloc zone, so
510 * malloc_default_purgeable_zone is called beforehand so that the
511 * default purgeable zone is created when the default zone is still
512 * a scalable_zone.
513 */
514 malloc_zone_t *purgeable_zone = malloc_default_purgeable_zone();
515
516 // There is a problem related to the above with the system nano zone, which
517 // is hard to work around from here, and that is instead worked around by
518 // disabling the nano zone through an environment variable
519 // (MallocNanoZone=0). In Firefox, we do that through
520 // browser/app/macbuild/Contents/Info.plist.in.
521
522 /* Register the custom zone. At this point it won't be the default. */
523 malloc_zone_register(&zone);
524
525 do {
526 /*
527 * Unregister and reregister the default zone. On OSX >= 10.6,
528 * unregistering takes the last registered zone and places it at the
529 * location of the specified zone. Unregistering the default zone thus
530 * makes the last registered one the default. On OSX < 10.6,
531 * unregistering shifts all registered zones. The first registered zone
532 * then becomes the default.
533 */
534 malloc_zone_unregister(default_zone);
535 malloc_zone_register(default_zone);
536 /*
537 * On OSX 10.6, having the default purgeable zone appear before the default
538 * zone makes some things crash because it thinks it owns the default
539 * zone allocated pointers. We thus unregister/re-register it in order to
540 * ensure it's always after the default zone. On OSX < 10.6, as
541 * unregistering shifts registered zones, this simply removes the purgeable
542 * zone from the list and adds it back at the end, after the default zone.
543 * On OSX >= 10.6, unregistering replaces the purgeable zone with the last
544 * registered zone above, i.e the default zone. Registering it again then
545 * puts it at the end, obviously after the default zone.
546 */
547 malloc_zone_unregister(purgeable_zone);
548 malloc_zone_register(purgeable_zone);
549 default_zone = get_default_zone();
550 } while (default_zone != &zone);
551 }
552 #endif
553