diff options
Diffstat (limited to 'system/memory')
59 files changed, 13225 insertions, 0 deletions
diff --git a/system/memory/build/jemalloc_config.cpp b/system/memory/build/jemalloc_config.cpp new file mode 100644 index 000000000..0b734d804 --- /dev/null +++ b/system/memory/build/jemalloc_config.cpp @@ -0,0 +1,10 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <mozilla/Assertions.h> + +/* Provide an abort function for use in jemalloc code */ +extern "C" void moz_abort() { + MOZ_CRASH(); +} diff --git a/system/memory/build/malloc_decls.h b/system/memory/build/malloc_decls.h new file mode 100644 index 000000000..f3f9570ac --- /dev/null +++ b/system/memory/build/malloc_decls.h @@ -0,0 +1,70 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Helper header to declare all the supported malloc functions. + * MALLOC_DECL arguments are: + * - function name + * - return type + * - argument types + */ + +#ifndef malloc_decls_h +# define malloc_decls_h + +# include "jemalloc_types.h" + +#ifndef MALLOC_USABLE_SIZE_CONST_PTR +#define MALLOC_USABLE_SIZE_CONST_PTR const +#endif + +typedef MALLOC_USABLE_SIZE_CONST_PTR void * usable_ptr_t; + +# define MALLOC_FUNCS_MALLOC 1 +# define MALLOC_FUNCS_JEMALLOC 2 +# define MALLOC_FUNCS_INIT 4 +# define MALLOC_FUNCS_BRIDGE 8 +# define MALLOC_FUNCS_ALL (MALLOC_FUNCS_INIT | MALLOC_FUNCS_BRIDGE | \ + MALLOC_FUNCS_MALLOC | MALLOC_FUNCS_JEMALLOC) + +#endif /* malloc_decls_h */ + +#ifndef MALLOC_FUNCS +# define MALLOC_FUNCS (MALLOC_FUNCS_MALLOC | MALLOC_FUNCS_JEMALLOC) +#endif + +#ifdef MALLOC_DECL +# ifndef MALLOC_DECL_VOID +# define MALLOC_DECL_VOID(func, ...) MALLOC_DECL(func, void, __VA_ARGS__) +# endif + +# if MALLOC_FUNCS & MALLOC_FUNCS_INIT +MALLOC_DECL(init, void, const malloc_table_t *) +# endif +# if MALLOC_FUNCS & MALLOC_FUNCS_BRIDGE +MALLOC_DECL(get_bridge, struct ReplaceMallocBridge*, void) +# endif +# if MALLOC_FUNCS & MALLOC_FUNCS_MALLOC +MALLOC_DECL(malloc, void *, size_t) +MALLOC_DECL(posix_memalign, int, void **, size_t, size_t) +MALLOC_DECL(aligned_alloc, void *, size_t, size_t) +MALLOC_DECL(calloc, void *, size_t, size_t) +MALLOC_DECL(realloc, void *, void *, size_t) +MALLOC_DECL_VOID(free, void *) +MALLOC_DECL(memalign, void *, size_t, size_t) +MALLOC_DECL(valloc, void *, size_t) +MALLOC_DECL(malloc_usable_size, size_t, usable_ptr_t) +MALLOC_DECL(malloc_good_size, size_t, size_t) +# endif +# if MALLOC_FUNCS & MALLOC_FUNCS_JEMALLOC +MALLOC_DECL_VOID(jemalloc_stats, jemalloc_stats_t *) +MALLOC_DECL_VOID(jemalloc_purge_freed_pages, void) +MALLOC_DECL_VOID(jemalloc_free_dirty_pages, void) +# endif + +# undef MALLOC_DECL_VOID +#endif /* MALLOC_DECL */ + +#undef MALLOC_DECL +#undef MALLOC_FUNCS diff --git a/system/memory/build/moz.build b/system/memory/build/moz.build new file mode 100644 index 000000000..9d6c08b43 --- /dev/null +++ b/system/memory/build/moz.build @@ -0,0 +1,40 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +EXPORTS += [ + 'mozmemory.h', + 'mozmemory_wrap.h', +] + +LIBRARY_DEFINES['MOZ_HAS_MOZGLUE'] = True +DEFINES['MOZ_MEMORY_IMPL'] = True + +if CONFIG['MOZ_REPLACE_MALLOC']: + EXPORTS += [ + 'malloc_decls.h', + 'replace_malloc.h', + 'replace_malloc_bridge.h', + ] + +SOURCES += [ + 'jemalloc_config.cpp', + 'mozmemory_wrap.c', +] + +if CONFIG['MOZ_REPLACE_MALLOC']: + SOURCES += [ + 'replace_malloc.c', + ] + +Library('memory') + +if CONFIG['MOZ_GLUE_IN_PROGRAM']: + SDK_LIBRARY = True + DIST_INSTALL = True + +# Keep jemalloc separated when mozglue is statically linked +if CONFIG['MOZ_MEMORY'] and CONFIG['OS_TARGET'] in ('WINNT', 'Darwin'): + FINAL_LIBRARY = 'mozglue' + diff --git a/system/memory/build/mozmemory.h b/system/memory/build/mozmemory.h new file mode 100644 index 000000000..2ed63b9e1 --- /dev/null +++ b/system/memory/build/mozmemory.h @@ -0,0 +1,84 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozmemory_h +#define mozmemory_h + +/* + * This header is meant to be used when the following functions are + * necessary: + * - malloc_good_size (used to be called je_malloc_usable_in_advance) + * - jemalloc_stats + * - jemalloc_purge_freed_pages + * - jemalloc_free_dirty_pages + */ + +#ifndef MOZ_MEMORY +# error Should not include mozmemory.h when MOZ_MEMORY is not set +#endif + +#include "mozmemory_wrap.h" +#include "mozilla/Attributes.h" +#include "mozilla/Types.h" +#include "jemalloc_types.h" + +MOZ_BEGIN_EXTERN_C + +MOZ_MEMORY_API size_t malloc_good_size_impl(size_t size); + +/* Note: the MOZ_GLUE_IN_PROGRAM ifdef below is there to avoid -Werror turning + * the protective if into errors. MOZ_GLUE_IN_PROGRAM is what triggers MFBT_API + * to use weak imports. */ + +static inline size_t _malloc_good_size(size_t size) { +#if defined(MOZ_GLUE_IN_PROGRAM) && !defined(IMPL_MFBT) + if (!malloc_good_size) + return size; +#endif + return malloc_good_size_impl(size); +} + +#define malloc_good_size _malloc_good_size + + +MOZ_JEMALLOC_API void jemalloc_stats(jemalloc_stats_t *stats); + +/* + * On some operating systems (Mac), we use madvise(MADV_FREE) to hand pages + * back to the operating system. On Mac, the operating system doesn't take + * this memory back immediately; instead, the OS takes it back only when the + * machine is running out of physical memory. + * + * This is great from the standpoint of efficiency, but it makes measuring our + * actual RSS difficult, because pages which we've MADV_FREE'd shouldn't count + * against our RSS. + * + * This function explicitly purges any MADV_FREE'd pages from physical memory, + * causing our reported RSS match the amount of memory we're actually using. + * + * Note that this call is expensive in two ways. First, it may be slow to + * execute, because it may make a number of slow syscalls to free memory. This + * function holds the big jemalloc locks, so basically all threads are blocked + * while this function runs. + * + * This function is also expensive in that the next time we go to access a page + * which we've just explicitly decommitted, the operating system has to attach + * to it a physical page! If we hadn't run this function, the OS would have + * less work to do. + * + * If MALLOC_DOUBLE_PURGE is not defined, this function does nothing. + */ +MOZ_JEMALLOC_API void jemalloc_purge_freed_pages(); + +/* + * Free all unused dirty pages in all arenas. Calling this function will slow + * down subsequent allocations so it is recommended to use it only when + * memory needs to be reclaimed at all costs (see bug 805855). This function + * provides functionality similar to mallctl("arenas.purge") in jemalloc 3. + */ +MOZ_JEMALLOC_API void jemalloc_free_dirty_pages(); + +MOZ_END_EXTERN_C + +#endif /* mozmemory_h */ diff --git a/system/memory/build/mozmemory_wrap.c b/system/memory/build/mozmemory_wrap.c new file mode 100644 index 000000000..409b39da2 --- /dev/null +++ b/system/memory/build/mozmemory_wrap.c @@ -0,0 +1,122 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <string.h> +#include "mozmemory_wrap.h" +#include "mozilla/Types.h" + +/* Declare malloc implementation functions with the right return and + * argument types. */ +#define MALLOC_DECL(name, return_type, ...) \ + MOZ_MEMORY_API return_type name ## _impl(__VA_ARGS__); +#include "malloc_decls.h" + +#ifdef MOZ_WRAP_NEW_DELETE +/* operator new(unsigned int) */ +MOZ_MEMORY_API void * +mozmem_malloc_impl(_Znwj)(unsigned int size) +{ + return malloc_impl(size); +} +/* operator new[](unsigned int) */ +MOZ_MEMORY_API void * +mozmem_malloc_impl(_Znaj)(unsigned int size) +{ + return malloc_impl(size); +} +/* operator delete(void*) */ +MOZ_MEMORY_API void +mozmem_malloc_impl(_ZdlPv)(void *ptr) +{ + free_impl(ptr); +} +/* operator delete[](void*) */ +MOZ_MEMORY_API void +mozmem_malloc_impl(_ZdaPv)(void *ptr) +{ + free_impl(ptr); +} +/*operator new(unsigned int, std::nothrow_t const&)*/ +MOZ_MEMORY_API void * +mozmem_malloc_impl(_ZnwjRKSt9nothrow_t)(unsigned int size) +{ + return malloc_impl(size); +} +/*operator new[](unsigned int, std::nothrow_t const&)*/ +MOZ_MEMORY_API void * +mozmem_malloc_impl(_ZnajRKSt9nothrow_t)(unsigned int size) +{ + return malloc_impl(size); +} +/* operator delete(void*, std::nothrow_t const&) */ +MOZ_MEMORY_API void +mozmem_malloc_impl(_ZdlPvRKSt9nothrow_t)(void *ptr) +{ + free_impl(ptr); +} +/* operator delete[](void*, std::nothrow_t const&) */ +MOZ_MEMORY_API void +mozmem_malloc_impl(_ZdaPvRKSt9nothrow_t)(void *ptr) +{ + free_impl(ptr); +} +#endif + +/* strndup and strdup may be defined as macros in string.h, which would + * clash with the definitions below. */ +#undef strndup +#undef strdup + +MOZ_MEMORY_API char * +strndup_impl(const char *src, size_t len) +{ + char* dst = (char*) malloc_impl(len + 1); + if (dst) { + strncpy(dst, src, len); + dst[len] = '\0'; + } + return dst; +} + +MOZ_MEMORY_API char * +strdup_impl(const char *src) +{ + size_t len = strlen(src); + return strndup_impl(src, len); +} + +#ifdef XP_WIN +/* + * There's a fun allocator mismatch in (at least) the VS 2010 CRT + * (see the giant comment in $(topsrcdir)/mozglue/build/Makefile.in) + * that gets redirected here to avoid a crash on shutdown. + */ +void +dumb_free_thunk(void *ptr) +{ + return; /* shutdown leaks that we don't care about */ +} + +#include <wchar.h> + +/* + * We also need to provide our own impl of wcsdup so that we don't ask + * the CRT for memory from its heap (which will then be unfreeable). + */ +wchar_t * +wcsdup_impl(const wchar_t *src) +{ + size_t len = wcslen(src); + wchar_t *dst = (wchar_t*) malloc_impl((len + 1) * sizeof(wchar_t)); + if (dst) + wcsncpy(dst, src, len + 1); + return dst; +} + +void * +_aligned_malloc(size_t size, size_t alignment) +{ + return memalign_impl(alignment, size); +} +#endif /* XP_WIN */ diff --git a/system/memory/build/mozmemory_wrap.h b/system/memory/build/mozmemory_wrap.h new file mode 100644 index 000000000..aa305588d --- /dev/null +++ b/system/memory/build/mozmemory_wrap.h @@ -0,0 +1,176 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozmemory_wrap_h +#define mozmemory_wrap_h + +/* + * This header contains #defines which tweak the names of various memory + * allocation functions. + * + * There are several types of functions related to memory allocation + * that are meant to be used publicly by the Gecko codebase: + * + * - malloc implementation functions: + * - malloc + * - posix_memalign + * - aligned_alloc + * - calloc + * - realloc + * - free + * - memalign + * - valloc + * - malloc_usable_size + * - malloc_good_size + * Some of these functions are specific to some systems, but for + * convenience, they are treated as being cross-platform, and available + * as such. + * + * - duplication functions: + * - strndup + * - strdup + * - wcsdup (Windows only) + * + * - jemalloc specific functions: + * - jemalloc_stats + * - jemalloc_purge_freed_pages + * - jemalloc_free_dirty_pages + * (these functions are native to mozjemalloc) + * + * These functions are all exported as part of libmozglue (see + * $(topsrcdir)/mozglue/build/Makefile.in), with a few implementation + * peculiarities: + * + * - On Windows, the malloc implementation functions are all prefixed with + * "je_", the duplication functions are prefixed with "wrap_", and jemalloc + * specific functions are left unprefixed. All these functions are however + * aliased when exporting them, such that the resulting mozglue.dll exports + * them unprefixed (see $(topsrcdir)/mozglue/build/mozglue.def.in). The + * prefixed malloc implementation and duplication functions are not + * exported. + * + * - On MacOSX, the system libc has a zone allocator, which allows us to + * hook custom malloc implementation functions without exporting them. + * The malloc implementation functions are all prefixed with "je_" and used + * this way from the custom zone allocator. They are not exported. + * Duplication functions are not included, since they will call the custom + * zone allocator anyways. Jemalloc-specific functions are also left + * unprefixed. + * + * - On other systems (mostly Linux), all functions are left unprefixed. + * + * + * Proper exporting of the various functions is done with the MOZ_MEMORY_API + * and MOZ_JEMALLOC_API macros. MOZ_MEMORY_API is meant to be used for malloc + * implementation and duplication functions, while MOZ_JEMALLOC_API is + * dedicated to jemalloc specific functions. + * + * + * Within libmozglue (when MOZ_MEMORY_IMPL is defined), all the functions + * should be suffixed with "_impl" both for declarations and use. + * That is, the implementation declaration for e.g. strdup would look like: + * char* strdup_impl(const char *) + * That implementation would call malloc by using "malloc_impl". + * + * + * When building with replace-malloc support, the above still holds, but + * the malloc implementation and jemalloc specific functions are the + * replace-malloc functions from replace_malloc.c. + * + * The actual mozjemalloc implementation is prefixed with "je_". + * + * Thus, when MOZ_REPLACE_MALLOC is defined, the "_impl" suffixed macros + * expand to "je_" prefixed function when building mozjemalloc, where + * MOZ_JEMALLOC_IMPL is defined. + * + * In other cases, the "_impl" suffixed macros follow the original scheme, + * except on Windows and MacOSX, where they would expand to "je_" prefixed + * functions. Instead, they are left unmodified (malloc_impl expands to + * malloc_impl). + */ + +#ifndef MOZ_MEMORY +# error Should only include mozmemory_wrap.h when MOZ_MEMORY is set. +#endif + +#if defined(MOZ_JEMALLOC_IMPL) && !defined(MOZ_MEMORY_IMPL) +# define MOZ_MEMORY_IMPL +#endif +#if defined(MOZ_MEMORY_IMPL) && !defined(IMPL_MFBT) +# ifdef MFBT_API /* mozilla/Types.h was already included */ +# error mozmemory_wrap.h has to be included before mozilla/Types.h when MOZ_MEMORY_IMPL is set and IMPL_MFBT is not. +# endif +# define IMPL_MFBT +#endif + +#include "mozilla/Types.h" + +#ifdef MOZ_MEMORY_IMPL +# if defined(MOZ_JEMALLOC_IMPL) && defined(MOZ_REPLACE_MALLOC) +# define mozmem_malloc_impl(a) je_ ## a +# define mozmem_jemalloc_impl(a) je_ ## a +# else +# define MOZ_JEMALLOC_API MFBT_API +# if defined(XP_WIN) +# if defined(MOZ_REPLACE_MALLOC) +# define mozmem_malloc_impl(a) a ## _impl +# else +# define mozmem_malloc_impl(a) je_ ## a +# endif +# else +# define MOZ_MEMORY_API MFBT_API +# endif +# endif +# ifdef XP_WIN +# define mozmem_dup_impl(a) wrap_ ## a +# endif +#endif + +#if !defined(MOZ_MEMORY_IMPL) +# define MOZ_MEMORY_API MFBT_API +# define MOZ_JEMALLOC_API MFBT_API +#endif + +#ifndef MOZ_MEMORY_API +# define MOZ_MEMORY_API +#endif +#ifndef MOZ_JEMALLOC_API +# define MOZ_JEMALLOC_API +#endif + +#ifndef mozmem_malloc_impl +# define mozmem_malloc_impl(a) a +#endif +#ifndef mozmem_dup_impl +# define mozmem_dup_impl(a) a +#endif +#ifndef mozmem_jemalloc_impl +# define mozmem_jemalloc_impl(a) a +#endif + +/* Malloc implementation functions */ +#define malloc_impl mozmem_malloc_impl(malloc) +#define posix_memalign_impl mozmem_malloc_impl(posix_memalign) +#define aligned_alloc_impl mozmem_malloc_impl(aligned_alloc) +#define calloc_impl mozmem_malloc_impl(calloc) +#define realloc_impl mozmem_malloc_impl(realloc) +#define free_impl mozmem_malloc_impl(free) +#define memalign_impl mozmem_malloc_impl(memalign) +#define valloc_impl mozmem_malloc_impl(valloc) +#define malloc_usable_size_impl mozmem_malloc_impl(malloc_usable_size) +#define malloc_good_size_impl mozmem_malloc_impl(malloc_good_size) + +/* Duplication functions */ +#define strndup_impl mozmem_dup_impl(strndup) +#define strdup_impl mozmem_dup_impl(strdup) +#ifdef XP_WIN +# define wcsdup_impl mozmem_dup_impl(wcsdup) +#endif + +/* Jemalloc specific function */ +#define jemalloc_stats_impl mozmem_jemalloc_impl(jemalloc_stats) +#define jemalloc_purge_freed_pages_impl mozmem_jemalloc_impl(jemalloc_purge_freed_pages) +#define jemalloc_free_dirty_pages_impl mozmem_jemalloc_impl(jemalloc_free_dirty_pages) + +#endif /* mozmemory_wrap_h */ diff --git a/system/memory/build/replace_malloc.c b/system/memory/build/replace_malloc.c new file mode 100644 index 000000000..cfa9e5a5f --- /dev/null +++ b/system/memory/build/replace_malloc.c @@ -0,0 +1,419 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef MOZ_MEMORY +# error Should not compile this file when MOZ_MEMORY is not set +#endif + +#ifndef MOZ_REPLACE_MALLOC +# error Should not compile this file when replace-malloc is disabled +#endif + +#include "mozmemory_wrap.h" + +/* Declare all je_* functions */ +#define MALLOC_DECL(name, return_type, ...) \ + return_type je_ ## name(__VA_ARGS__); +#include "malloc_decls.h" + +#include "mozilla/Likely.h" + +/* + * Windows doesn't come with weak imports as they are possible with + * LD_PRELOAD or DYLD_INSERT_LIBRARIES on Linux/OSX. On this platform, + * the replacement functions are defined as variable pointers to the + * function resolved with GetProcAddress() instead of weak definitions + * of functions. + */ +#if defined(XP_WIN) +# define MOZ_NO_REPLACE_FUNC_DECL +#elif defined(__GNUC__) +# define MOZ_REPLACE_WEAK __attribute__((weak)) +#endif + +#include "replace_malloc.h" + +#define MALLOC_DECL(name, return_type, ...) \ + je_ ## name, + +static const malloc_table_t malloc_table = { +#include "malloc_decls.h" +}; + +#ifdef MOZ_NO_REPLACE_FUNC_DECL +# define MALLOC_DECL(name, return_type, ...) \ + typedef return_type (replace_ ## name ## _impl_t)(__VA_ARGS__); \ + replace_ ## name ## _impl_t *replace_ ## name = NULL; +# define MALLOC_FUNCS MALLOC_FUNCS_ALL +# include "malloc_decls.h" + +# ifdef XP_WIN +# include <windows.h> +static void +replace_malloc_init_funcs() +{ + char replace_malloc_lib[1024]; + if (GetEnvironmentVariableA("MOZ_REPLACE_MALLOC_LIB", (LPSTR)&replace_malloc_lib, + sizeof(replace_malloc_lib)) > 0) { + HMODULE handle = LoadLibraryA(replace_malloc_lib); + if (handle) { +#define MALLOC_DECL(name, ...) \ + replace_ ## name = (replace_ ## name ## _impl_t *) GetProcAddress(handle, "replace_" # name); + +# define MALLOC_FUNCS MALLOC_FUNCS_ALL +#include "malloc_decls.h" + } + } +} +# else +# error No implementation for replace_malloc_init_funcs() +# endif + +#endif /* MOZ_NO_REPLACE_FUNC_DECL */ + +/* + * Below is the malloc implementation overriding jemalloc and calling the + * replacement functions if they exist. + */ + +/* + * Malloc implementation functions are MOZ_MEMORY_API, and jemalloc + * specific functions MOZ_JEMALLOC_API; see mozmemory_wrap.h + */ +#define MALLOC_DECL(name, return_type, ...) \ + MOZ_MEMORY_API return_type name ## _impl(__VA_ARGS__); +#define MALLOC_FUNCS MALLOC_FUNCS_MALLOC +#include "malloc_decls.h" + +#define MALLOC_DECL(name, return_type, ...) \ + MOZ_JEMALLOC_API return_type name ## _impl(__VA_ARGS__); +#define MALLOC_FUNCS MALLOC_FUNCS_JEMALLOC +#include "malloc_decls.h" + +static int replace_malloc_initialized = 0; +static void +init() +{ +#ifdef MOZ_NO_REPLACE_FUNC_DECL + replace_malloc_init_funcs(); +#endif + // Set this *before* calling replace_init, otherwise if replace_init calls + // malloc() we'll get an infinite loop. + replace_malloc_initialized = 1; + if (replace_init) + replace_init(&malloc_table); +} + +MFBT_API struct ReplaceMallocBridge* +get_bridge(void) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_get_bridge)) + return NULL; + return replace_get_bridge(); +} + +void* +malloc_impl(size_t size) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_malloc)) + return je_malloc(size); + return replace_malloc(size); +} + +int +posix_memalign_impl(void **memptr, size_t alignment, size_t size) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_posix_memalign)) + return je_posix_memalign(memptr, alignment, size); + return replace_posix_memalign(memptr, alignment, size); +} + +void* +aligned_alloc_impl(size_t alignment, size_t size) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_aligned_alloc)) + return je_aligned_alloc(alignment, size); + return replace_aligned_alloc(alignment, size); +} + +void* +calloc_impl(size_t num, size_t size) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_calloc)) + return je_calloc(num, size); + return replace_calloc(num, size); +} + +void* +realloc_impl(void *ptr, size_t size) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_realloc)) + return je_realloc(ptr, size); + return replace_realloc(ptr, size); +} + +void +free_impl(void *ptr) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_free)) + je_free(ptr); + else + replace_free(ptr); +} + +void* +memalign_impl(size_t alignment, size_t size) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_memalign)) + return je_memalign(alignment, size); + return replace_memalign(alignment, size); +} + +void* +valloc_impl(size_t size) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_valloc)) + return je_valloc(size); + return replace_valloc(size); +} + +size_t +malloc_usable_size_impl(usable_ptr_t ptr) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_malloc_usable_size)) + return je_malloc_usable_size(ptr); + return replace_malloc_usable_size(ptr); +} + +size_t +malloc_good_size_impl(size_t size) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_malloc_good_size)) + return je_malloc_good_size(size); + return replace_malloc_good_size(size); +} + +void +jemalloc_stats_impl(jemalloc_stats_t *stats) +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_jemalloc_stats)) + je_jemalloc_stats(stats); + else + replace_jemalloc_stats(stats); +} + +void +jemalloc_purge_freed_pages_impl() +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_jemalloc_purge_freed_pages)) + je_jemalloc_purge_freed_pages(); + else + replace_jemalloc_purge_freed_pages(); +} + +void +jemalloc_free_dirty_pages_impl() +{ + if (MOZ_UNLIKELY(!replace_malloc_initialized)) + init(); + if (MOZ_LIKELY(!replace_jemalloc_free_dirty_pages)) + je_jemalloc_free_dirty_pages(); + else + replace_jemalloc_free_dirty_pages(); +} + +/* The following comment and definitions are from jemalloc.c: */ +#if defined(__GLIBC__) && !defined(__UCLIBC__) + +/* + * glibc provides the RTLD_DEEPBIND flag for dlopen which can make it possible + * to inconsistently reference libc's malloc(3)-compatible functions + * (https://bugzilla.mozilla.org/show_bug.cgi?id=493541). + * + * These definitions interpose hooks in glibc. The functions are actually + * passed an extra argument for the caller return address, which will be + * ignored. + */ + +typedef void (* __free_hook_type)(void *ptr); +typedef void *(* __malloc_hook_type)(size_t size); +typedef void *(* __realloc_hook_type)(void *ptr, size_t size); +typedef void *(* __memalign_hook_type)(size_t alignment, size_t size); + +MOZ_MEMORY_API __free_hook_type __free_hook = free_impl; +MOZ_MEMORY_API __malloc_hook_type __malloc_hook = malloc_impl; +MOZ_MEMORY_API __realloc_hook_type __realloc_hook = realloc_impl; +MOZ_MEMORY_API __memalign_hook_type __memalign_hook = memalign_impl; + +#endif + +/* + * The following is a OSX zone allocator implementation. + * /!\ WARNING. It assumes the underlying malloc implementation's + * malloc_usable_size returns 0 when the given pointer is not owned by + * the allocator. Sadly, OSX does call zone_size with pointers not + * owned by the allocator. + */ + +#define JEMALLOC_ZONE_VERSION 6 + +/* Empty implementations are needed, because fork() calls zone->force_(un)lock + * unconditionally. */ +static void +zone_force_lock(malloc_zone_t *zone) +{ +} + +static void +zone_force_unlock(malloc_zone_t *zone) +{ +} + +/* --- */ + +static malloc_zone_t zone; +static struct malloc_introspection_t zone_introspect; + +static malloc_zone_t *get_default_zone() +{ + malloc_zone_t **zones = NULL; + unsigned int num_zones = 0; + + /* + * On OSX 10.12, malloc_default_zone returns a special zone that is not + * present in the list of registered zones. That zone uses a "lite zone" + * if one is present (apparently enabled when malloc stack logging is + * enabled), or the first registered zone otherwise. In practice this + * means unless malloc stack logging is enabled, the first registered + * zone is the default. + * So get the list of zones to get the first one, instead of relying on + * malloc_default_zone. + */ + if (KERN_SUCCESS != malloc_get_all_zones(0, NULL, (vm_address_t**) &zones, + &num_zones)) { + /* Reset the value in case the failure happened after it was set. */ + num_zones = 0; + } + if (num_zones) { + return zones[0]; + } + return malloc_default_zone(); +} + + +__attribute__((constructor)) void +register_zone(void) +{ + malloc_zone_t *default_zone = get_default_zone(); + + zone.size = (void *)zone_size; + zone.malloc = (void *)zone_malloc; + zone.calloc = (void *)zone_calloc; + zone.valloc = (void *)zone_valloc; + zone.free = (void *)zone_free; + zone.realloc = (void *)zone_realloc; + zone.destroy = (void *)zone_destroy; + zone.zone_name = "replace_malloc_zone"; + zone.batch_malloc = NULL; + zone.batch_free = NULL; + zone.introspect = &zone_introspect; + zone.version = JEMALLOC_ZONE_VERSION; + zone.memalign = zone_memalign; + zone.free_definite_size = zone_free_definite_size; +#if (JEMALLOC_ZONE_VERSION >= 8) + zone.pressure_relief = NULL; +#endif + zone_introspect.enumerator = NULL; + zone_introspect.good_size = (void *)zone_good_size; + zone_introspect.check = NULL; + zone_introspect.print = NULL; + zone_introspect.log = NULL; + zone_introspect.force_lock = (void *)zone_force_lock; + zone_introspect.force_unlock = (void *)zone_force_unlock; + zone_introspect.statistics = NULL; + zone_introspect.zone_locked = NULL; +#if (JEMALLOC_ZONE_VERSION >= 7) + zone_introspect.enable_discharge_checking = NULL; + zone_introspect.disable_discharge_checking = NULL; + zone_introspect.discharge = NULL; +#ifdef __BLOCKS__ + zone_introspect.enumerate_discharged_pointers = NULL; +#else + zone_introspect.enumerate_unavailable_without_blocks = NULL; +#endif +#endif + + /* + * The default purgeable zone is created lazily by OSX's libc. It uses + * the default zone when it is created for "small" allocations + * (< 15 KiB), but assumes the default zone is a scalable_zone. This + * obviously fails when the default zone is the jemalloc zone, so + * malloc_default_purgeable_zone is called beforehand so that the + * default purgeable zone is created when the default zone is still + * a scalable_zone. + */ + malloc_zone_t *purgeable_zone = malloc_default_purgeable_zone(); + + // There is a problem related to the above with the system nano zone, which + // is hard to work around from here, and that is instead worked around by + // disabling the nano zone through an environment variable + // (MallocNanoZone=0). + + /* Register the custom zone. At this point it won't be the default. */ + malloc_zone_register(&zone); + + do { + /* + * Unregister and reregister the default zone. On OSX >= 10.6, + * unregistering takes the last registered zone and places it at the + * location of the specified zone. Unregistering the default zone thus + * makes the last registered one the default. On OSX < 10.6, + * unregistering shifts all registered zones. The first registered zone + * then becomes the default. + */ + malloc_zone_unregister(default_zone); + malloc_zone_register(default_zone); + /* + * On OSX 10.6, having the default purgeable zone appear before the default + * zone makes some things crash because it thinks it owns the default + * zone allocated pointers. We thus unregister/re-register it in order to + * ensure it's always after the default zone. On OSX < 10.6, as + * unregistering shifts registered zones, this simply removes the purgeable + * zone from the list and adds it back at the end, after the default zone. + * On OSX >= 10.6, unregistering replaces the purgeable zone with the last + * registered zone above, i.e the default zone. Registering it again then + * puts it at the end, obviously after the default zone. + */ + malloc_zone_unregister(purgeable_zone); + malloc_zone_register(purgeable_zone); + default_zone = get_default_zone(); + } while (default_zone != &zone); +} +#endif diff --git a/system/memory/build/replace_malloc.h b/system/memory/build/replace_malloc.h new file mode 100644 index 000000000..3e592749a --- /dev/null +++ b/system/memory/build/replace_malloc.h @@ -0,0 +1,133 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef replace_malloc_h +#define replace_malloc_h + +/* + * The replace_malloc facility allows an external library to replace or + * supplement the jemalloc implementation. + * + * The external library may be hooked by setting one of the following + * environment variables to the library path: + * - LD_PRELOAD on Linux, + * - DYLD_INSERT_LIBRARIES on OSX, + * - MOZ_REPLACE_MALLOC_LIB on Windows. + * + * An initialization function is called before any malloc replacement + * function, and has the following declaration: + * + * void replace_init(const malloc_table_t *) + * + * The const malloc_table_t pointer given to that function is a table + * containing pointers to the original jemalloc implementation, so that + * replacement functions can call them back if they need to. The pointer + * itself can safely be kept around (no need to copy the table itself). + * + * The functions to be implemented in the external library are of the form: + * + * void *replace_malloc(size_t size) + * { + * // Fiddle with the size if necessary. + * // orig->malloc doesn't have to be called if the external library + * // provides its own allocator, but in this case it will have to + * // implement all functions. + * void *ptr = orig->malloc(size); + * // Do whatever you want with the ptr. + * return ptr; + * } + * + * where "orig" is the pointer obtained from replace_init. + * + * See malloc_decls.h for a list of functions that can be replaced this + * way. The implementations are all in the form: + * return_type replace_name(arguments [,...]) + * + * They don't all need to be provided. + * + * Building a replace-malloc library is like rocket science. It can end up + * with things blowing up, especially when trying to use complex types, and + * even more especially when these types come from XPCOM or other parts of the + * Mozilla codebase. + * It is recommended to add the following to a replace-malloc implementation's + * moz.build: + * DISABLE_STL_WRAPPING = True # Avoid STL wrapping + * + * If your replace-malloc implementation lives under memory/replace, these + * are taken care of by memory/replace/defs.mk. + */ + +#ifdef replace_malloc_bridge_h +#error Do not include replace_malloc_bridge.h before replace_malloc.h. \ + In fact, you only need the latter. +#endif + +#define REPLACE_MALLOC_IMPL + +#include "replace_malloc_bridge.h" + +/* Implementing a replace-malloc library is incompatible with using mozalloc. */ +#define MOZ_NO_MOZALLOC 1 + +#include "mozilla/Types.h" + +MOZ_BEGIN_EXTERN_C + +/* MOZ_NO_REPLACE_FUNC_DECL and MOZ_REPLACE_WEAK are only defined in + * replace_malloc.c. Normally including this header will add function + * definitions. */ +#ifndef MOZ_NO_REPLACE_FUNC_DECL + +# ifndef MOZ_REPLACE_WEAK +# define MOZ_REPLACE_WEAK +# endif + +# define MALLOC_DECL(name, return_type, ...) \ + MOZ_EXPORT return_type replace_ ## name(__VA_ARGS__) MOZ_REPLACE_WEAK; + +# define MALLOC_FUNCS MALLOC_FUNCS_ALL +# include "malloc_decls.h" + +#endif /* MOZ_NO_REPLACE_FUNC_DECL */ + +/* + * posix_memalign, aligned_alloc, memalign and valloc all implement some + * kind of aligned memory allocation. For convenience, replace_posix_memalign, + * replace_aligned_alloc and replace_valloc can be automatically derived from + * memalign when MOZ_REPLACE_ONLY_MEMALIGN is defined before including this + * header. PAGE_SIZE also needs to be defined to the appropriate expression. + */ +#ifdef MOZ_REPLACE_ONLY_MEMALIGN +#include <errno.h> + +int replace_posix_memalign(void **ptr, size_t alignment, size_t size) +{ + if (size == 0) { + *ptr = NULL; + return 0; + } + /* alignment must be a power of two and a multiple of sizeof(void *) */ + if (((alignment - 1) & alignment) != 0 || (alignment % sizeof(void *))) + return EINVAL; + *ptr = replace_memalign(alignment, size); + return *ptr ? 0 : ENOMEM; +} + +void *replace_aligned_alloc(size_t alignment, size_t size) +{ + /* size should be a multiple of alignment */ + if (size % alignment) + return NULL; + return replace_memalign(alignment, size); +} + +void *replace_valloc(size_t size) +{ + return replace_memalign(PAGE_SIZE, size); +} +#endif + +MOZ_END_EXTERN_C + +#endif /* replace_malloc_h */ diff --git a/system/memory/build/replace_malloc_bridge.h b/system/memory/build/replace_malloc_bridge.h new file mode 100644 index 000000000..567e27afd --- /dev/null +++ b/system/memory/build/replace_malloc_bridge.h @@ -0,0 +1,201 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef replace_malloc_bridge_h +#define replace_malloc_bridge_h + +/* + * The replace-malloc bridge allows bidirectional method calls between + * a program and the replace-malloc library that has been loaded for it. + * In Firefox, this is used to allow method calls between code in libxul + * and code in the replace-malloc library, without libxul needing to link + * against that library or vice-versa. + * + * Subsystems can add methods for their own need. Replace-malloc libraries + * can decide to implement those methods or not. + * + * Replace-malloc libraries can provide such a bridge by implementing + * a ReplaceMallocBridge-derived class, and a replace_get_bridge function + * returning an instance of that class. The default methods in + * ReplaceMallocBridge are expected to return values that callers would + * understand as "the bridge doesn't implement this method", so that a + * replace-malloc library doesn't have to implement all methods. + * + * The ReplaceMallocBridge class contains definitions for methods for + * all replace-malloc libraries. Each library picks the methods it wants + * to reply to in its ReplaceMallocBridge-derived class instance. + * All methods of ReplaceMallocBridge must be virtual. Similarly, + * anything passed as an argument to those methods must be plain data, or + * an instance of a class with only virtual methods. + * + * Binary compatibility is expected to be maintained, such that a newer + * Firefox can be used with an old replace-malloc library, or an old + * Firefox can be used with a newer replace-malloc library. As such, only + * new virtual methods should be added to ReplaceMallocBridge, and + * each change should have a corresponding bump of the mVersion value. + * At the same time, each virtual method should have a corresponding + * wrapper calling the virtual method on the instance from + * ReplaceMallocBridge::Get(), giving it the version the virtual method + * was added. + * + * Parts that are not relevant to the replace-malloc library end of the + * bridge are hidden when REPLACE_MALLOC_IMPL is not defined, which is + * the case when including replace_malloc.h. + */ + +struct ReplaceMallocBridge; + +#include "mozilla/Types.h" + +MOZ_BEGIN_EXTERN_C + +#ifndef REPLACE_MALLOC_IMPL +/* Returns the replace-malloc bridge if there is one to be returned. */ +MFBT_API ReplaceMallocBridge* get_bridge(); +#endif + +/* Table of malloc functions. + * e.g. void* (*malloc)(size_t), etc. + */ +#define MALLOC_DECL(name, return_type, ...) \ + typedef return_type(name ## _impl_t)(__VA_ARGS__); + +#include "malloc_decls.h" + +#define MALLOC_DECL(name, return_type, ...) \ + name ## _impl_t * name; + +typedef struct { +#include "malloc_decls.h" +} malloc_table_t; + + +/* Table of malloc hook functions. + * Those functions are called with the arguments and results of malloc + * functions after they are called. + * e.g. void* (*malloc_hook)(void*, size_t), etc. + * They can either return the result they're given, or alter it before + * returning it. + * The hooks corresponding to functions, like free(void*), that return no + * value, don't take an extra argument. + * The table must at least contain a pointer for malloc_hook and free_hook + * functions. They will be used as fallback if no pointer is given for + * other allocation functions, like calloc_hook. + */ +#define MALLOC_DECL(name, return_type, ...) \ + return_type (*name ## _hook)(return_type, __VA_ARGS__); +#define MALLOC_DECL_VOID(name, ...) \ + void (*name ## _hook)(__VA_ARGS__); + +typedef struct { +#include "malloc_decls.h" + /* Like free_hook, but called before realloc_hook. free_hook is called + * instead of not given. */ + void (*realloc_hook_before)(void* aPtr); +} malloc_hook_table_t; + +MOZ_END_EXTERN_C + +#ifdef __cplusplus + +namespace mozilla { +namespace dmd { +struct DMDFuncs; +} // namespace dmd + +/* Callbacks to register debug file handles for Poison IO interpose. + * See Mozilla(|Un)RegisterDebugHandle in xpcom/build/PoisonIOInterposer.h */ +struct DebugFdRegistry +{ + virtual void RegisterHandle(intptr_t aFd); + + virtual void UnRegisterHandle(intptr_t aFd); +}; + +} // namespace mozilla + +struct ReplaceMallocBridge +{ + ReplaceMallocBridge() : mVersion(3) {} + + /* This method was added in version 1 of the bridge. */ + virtual mozilla::dmd::DMDFuncs* GetDMDFuncs() { return nullptr; } + + /* Send a DebugFdRegistry instance to the replace-malloc library so that + * it can register/unregister file descriptors whenever needed. The + * instance is valid until the process dies. + * This method was added in version 2 of the bridge. */ + virtual void InitDebugFd(mozilla::DebugFdRegistry&) {} + + /* Register a list of malloc functions and hook functions to the + * replace-malloc library so that it can choose to dispatch to them + * when needed. The details of what is dispatched when is left to the + * replace-malloc library. + * Passing a nullptr for either table will unregister a previously + * registered table under the same name. + * Returns nullptr if registration failed. + * If registration succeeded, a table of "pure" malloc functions is + * returned. Those "pure" malloc functions won't call hooks. + * /!\ Do not rely on registration/unregistration to be instantaneous. + * Functions from a previously registered table may still be called for + * a brief time after RegisterHook returns. + * This method was added in version 3 of the bridge. */ + virtual const malloc_table_t* + RegisterHook(const char* aName, const malloc_table_t* aTable, + const malloc_hook_table_t* aHookTable) { return nullptr; } + +#ifndef REPLACE_MALLOC_IMPL + /* Returns the replace-malloc bridge if its version is at least the + * requested one. */ + static ReplaceMallocBridge* Get(int aMinimumVersion) { + static ReplaceMallocBridge* sSingleton = get_bridge(); + return (sSingleton && sSingleton->mVersion >= aMinimumVersion) + ? sSingleton : nullptr; + } +#endif + +protected: + const int mVersion; +}; + +#ifndef REPLACE_MALLOC_IMPL +/* Class containing wrappers for calls to ReplaceMallocBridge methods. + * Those wrappers need to be static methods in a class because compilers + * complain about unused static global functions, and linkers complain + * about multiple definitions of non-static global functions. + * Using a separate class from ReplaceMallocBridge allows the function + * names to be identical. */ +struct ReplaceMalloc +{ + /* Don't call this method from performance critical code. Use + * mozilla::dmd::DMDFuncs::Get() instead, it has less overhead. */ + static mozilla::dmd::DMDFuncs* GetDMDFuncs() + { + auto singleton = ReplaceMallocBridge::Get(/* minimumVersion */ 1); + return singleton ? singleton->GetDMDFuncs() : nullptr; + } + + static void InitDebugFd(mozilla::DebugFdRegistry& aRegistry) + { + auto singleton = ReplaceMallocBridge::Get(/* minimumVersion */ 2); + if (singleton) { + singleton->InitDebugFd(aRegistry); + } + } + + static const malloc_table_t* + RegisterHook(const char* aName, const malloc_table_t* aTable, + const malloc_hook_table_t* aHookTable) + { + auto singleton = ReplaceMallocBridge::Get(/* minimumVersion */ 3); + return singleton ? singleton->RegisterHook(aName, aTable, aHookTable) + : nullptr; + } +}; +#endif + +#endif /* __cplusplus */ + +#endif /* replace_malloc_bridge_h */ diff --git a/system/memory/fallible/fallible.cpp b/system/memory/fallible/fallible.cpp new file mode 100644 index 000000000..5a449bc80 --- /dev/null +++ b/system/memory/fallible/fallible.cpp @@ -0,0 +1,11 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "fallible.h" + +namespace mozilla { + +const fallible_t fallible = {}; + +} // namespace mozilla diff --git a/system/memory/fallible/fallible.h b/system/memory/fallible/fallible.h new file mode 100644 index 000000000..c028360b1 --- /dev/null +++ b/system/memory/fallible/fallible.h @@ -0,0 +1,68 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_fallible_h +#define mozilla_fallible_h + +#if defined(__cplusplus) + +/* Explicit fallible allocation + * + * Memory allocation (normally) defaults to abort in case of failed + * allocation. That is, it never returns NULL, and crashes instead. + * + * Code can explicitely request for fallible memory allocation thanks + * to the declarations below. + * + * The typical use of the mozilla::fallible const is with placement new, + * like the following: + * + * foo = new (mozilla::fallible) Foo(); + * + * The following forms, or derivatives, are also possible but deprecated: + * + * foo = new ((mozilla::fallible_t())) Foo(); + * + * const mozilla::fallible_t fallible = mozilla::fallible_t(); + * bar = new (f) Bar(); + * + * It is also possible to declare method overloads with fallible allocation + * alternatives, like so: + * + * class Foo { + * public: + * void Method(void *); + * void Method(void *, const mozilla::fallible_t&); + * }; + * + * Foo foo; + * foo.Method(nullptr, mozilla::fallible); + * + * If that last method call is in a method that itself takes a const + * fallible_t& argument, it is recommended to propagate that argument + * instead of using mozilla::fallible: + * + * void Func(Foo &foo, const mozilla::fallible_t& aFallible) { + * foo.Method(nullptr, aFallible); + * } + * + */ +namespace mozilla { + +struct fallible_t { }; + +/* This symbol is kept unexported, such that in corner cases where the + * compiler can't remove its use (essentially, cross compilation-unit + * calls), the smallest machine code is used. + * Depending how the linker packs symbols, it will consume between 1 and + * 8 bytes of read-only data in each executable or shared library, but + * only in those where it's actually not optimized out by the compiler. + */ +extern const fallible_t fallible; + +} // namespace mozilla + +#endif + +#endif // mozilla_fallible_h diff --git a/system/memory/fallible/moz.build b/system/memory/fallible/moz.build new file mode 100644 index 000000000..0439e1a18 --- /dev/null +++ b/system/memory/fallible/moz.build @@ -0,0 +1,33 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +EXPORTS.mozilla += [ + 'fallible.h', +] + +Library('fallible') + +SOURCES += [ + 'fallible.cpp', +] + +if CONFIG['_MSC_VER']: + # MSVC normally adds linker directives relative to the CRT in a .drectve + # section in .obj files. Then, when linking objects, it adds those + # directives as if they were given as command line arguments. This can + # lead to trying to include link CRTs because different objects are + # compiled with different CRT options (i.e. -MT vs. -MD), and failing. + # The only source in this directory doesn't expose anything that depends + # on a CRT, so it doesn't need to be bound to a specific one. + # Adding the -Zl option makes MSVC not store linker directives in the + # object. This allows to link fallible.obj to binaries independently of + # the CRT they use. + CXXFLAGS += [ + '-Zl', + ] + + # This further prevents the CRT name from getting into the .obj file, + # by avoiding pulling in a bunch of string code that uses the CRT. + DEFINES['mozilla_Char16_h'] = True diff --git a/system/memory/gtest/TestJemalloc.cpp b/system/memory/gtest/TestJemalloc.cpp new file mode 100644 index 000000000..f37c57376 --- /dev/null +++ b/system/memory/gtest/TestJemalloc.cpp @@ -0,0 +1,51 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2; -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/mozalloc.h" +#include "mozmemory.h" + +#include "gtest/gtest.h" + +static inline void +TestOne(size_t size) +{ + size_t req = size; + size_t adv = malloc_good_size(req); + char* p = (char*)malloc(req); + size_t usable = moz_malloc_usable_size(p); + // NB: Using EXPECT here so that we still free the memory on failure. + EXPECT_EQ(adv, usable) << + "malloc_good_size(" << req << ") --> " << adv << "; " + "malloc_usable_size(" << req << ") --> " << usable; + free(p); +} + +static inline void +TestThree(size_t size) +{ + ASSERT_NO_FATAL_FAILURE(TestOne(size - 1)); + ASSERT_NO_FATAL_FAILURE(TestOne(size)); + ASSERT_NO_FATAL_FAILURE(TestOne(size + 1)); +} + +TEST(Jemalloc, UsableSizeInAdvance) +{ + #define K * 1024 + #define M * 1024 * 1024 + + /* + * Test every size up to a certain point, then (N-1, N, N+1) triplets for a + * various sizes beyond that. + */ + + for (size_t n = 0; n < 16 K; n++) + ASSERT_NO_FATAL_FAILURE(TestOne(n)); + + for (size_t n = 16 K; n < 1 M; n += 4 K) + ASSERT_NO_FATAL_FAILURE(TestThree(n)); + + for (size_t n = 1 M; n < 8 M; n += 128 K) + ASSERT_NO_FATAL_FAILURE(TestThree(n)); +} diff --git a/system/memory/gtest/moz.build b/system/memory/gtest/moz.build new file mode 100644 index 000000000..4067ccf53 --- /dev/null +++ b/system/memory/gtest/moz.build @@ -0,0 +1,10 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +UNIFIED_SOURCES += [ + 'TestJemalloc.cpp', +] + +FINAL_LIBRARY = 'xul-gtest' diff --git a/system/memory/moz.build b/system/memory/moz.build new file mode 100644 index 000000000..18a35fe0e --- /dev/null +++ b/system/memory/moz.build @@ -0,0 +1,23 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +DIRS += [ + 'mozalloc', + 'fallible', +] + +if not CONFIG['JS_STANDALONE']: + DIRS += ['volatile'] + +if CONFIG['MOZ_MEMORY']: + # NB: gtest dir is included in toolkit/toolkit.build due to its dependency + # on libxul. + DIRS += [ + 'build', + 'mozjemalloc', + ] + + if CONFIG['MOZ_REPLACE_MALLOC']: + DIRS += ['replace'] diff --git a/system/memory/mozalloc/moz.build b/system/memory/mozalloc/moz.build new file mode 100644 index 000000000..fc69438ac --- /dev/null +++ b/system/memory/mozalloc/moz.build @@ -0,0 +1,56 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +NO_VISIBILITY_FLAGS = True + +EXPORTS.mozilla += [ + 'mozalloc.h', + 'mozalloc_abort.h', + 'mozalloc_oom.h', +] + +if CONFIG['WRAP_STL_INCLUDES']: + if CONFIG['GNU_CXX']: + EXPORTS.mozilla += ['throw_gcc.h'] + elif CONFIG['_MSC_VER']: + DEFINES['_HAS_EXCEPTIONS'] = 0 + if CONFIG['MOZ_MSVC_STL_WRAP_RAISE']: + EXPORTS.mozilla += [ + 'msvc_raise_wrappers.h', + 'throw_msvc.h', + ] + SOURCES += [ + 'msvc_raise_wrappers.cpp', + ] + +if CONFIG['OS_TARGET'] == 'WINNT': + # Keep this file separate to avoid #include'ing windows.h everywhere. + SOURCES += [ + 'winheap.cpp', + ] + +UNIFIED_SOURCES += [ + 'mozalloc.cpp', + 'mozalloc_abort.cpp', + 'mozalloc_oom.cpp', +] + +FINAL_LIBRARY = 'mozglue' + +# The strndup declaration in string.h is in an ifdef __USE_GNU section +DEFINES['_GNU_SOURCE'] = True + +DISABLE_STL_WRAPPING = True + +DEFINES['IMPL_MFBT'] = True + +if CONFIG['_MSC_VER']: + DIRS += ['staticruntime'] + +LOCAL_INCLUDES += [ + '!/xpcom', + '../build', +] + +DIST_INSTALL = True diff --git a/system/memory/mozalloc/mozalloc.cpp b/system/memory/mozalloc/mozalloc.cpp new file mode 100644 index 000000000..1ae071ea0 --- /dev/null +++ b/system/memory/mozalloc/mozalloc.cpp @@ -0,0 +1,204 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: sw=4 ts=4 et : + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <stddef.h> // for size_t + +// Building with USE_STATIC_LIBS = True sets -MT instead of -MD. -MT sets _MT, +// while -MD sets _MT and _DLL. +#if defined(_MT) && !defined(_DLL) +#define MOZ_STATIC_RUNTIME +#endif + +#if defined(MOZ_MEMORY) && !defined(MOZ_STATIC_RUNTIME) +// mozalloc.cpp is part of the same library as mozmemory, thus MOZ_MEMORY_IMPL +// is needed. +#define MOZ_MEMORY_IMPL +#include "mozmemory_wrap.h" + +// See mozmemory_wrap.h for more details. This file is part of libmozglue, so +// it needs to use _impl suffixes. However, with libmozglue growing, this is +// becoming cumbersome, so we will likely use a malloc.h wrapper of some sort +// and allow the use of the functions without a _impl suffix. +#define MALLOC_DECL(name, return_type, ...) \ + extern "C" MOZ_MEMORY_API return_type name ## _impl(__VA_ARGS__); +#define MALLOC_FUNCS MALLOC_FUNCS_MALLOC +#include "malloc_decls.h" + +extern "C" MOZ_MEMORY_API char *strdup_impl(const char *); +extern "C" MOZ_MEMORY_API char *strndup_impl(const char *, size_t); + +#else +// When jemalloc is disabled, or when building the static runtime variant, +// we need not to use the suffixes. + +#if defined(MALLOC_H) +# include MALLOC_H // for memalign, valloc, malloc_size, malloc_us +#endif // if defined(MALLOC_H) +#include <stdlib.h> // for malloc, free +#if defined(XP_UNIX) +# include <unistd.h> // for valloc on *BSD +#endif //if defined(XP_UNIX) + +#define malloc_impl malloc +#define posix_memalign_impl posix_memalign +#define calloc_impl calloc +#define realloc_impl realloc +#define free_impl free +#define memalign_impl memalign +#define valloc_impl valloc +#define malloc_usable_size_impl malloc_usable_size +#define strdup_impl strdup +#define strndup_impl strndup + +#endif + +#include <errno.h> +#include <new> // for std::bad_alloc +#include <string.h> + +#include <sys/types.h> + +#include "mozilla/mozalloc.h" +#include "mozilla/mozalloc_oom.h" // for mozalloc_handle_oom + +#ifdef __GNUC__ +#define LIKELY(x) (__builtin_expect(!!(x), 1)) +#define UNLIKELY(x) (__builtin_expect(!!(x), 0)) +#else +#define LIKELY(x) (x) +#define UNLIKELY(x) (x) +#endif + +void* +moz_xmalloc(size_t size) +{ + void* ptr = malloc_impl(size); + if (UNLIKELY(!ptr && size)) { + mozalloc_handle_oom(size); + return moz_xmalloc(size); + } + return ptr; +} + +void* +moz_xcalloc(size_t nmemb, size_t size) +{ + void* ptr = calloc_impl(nmemb, size); + if (UNLIKELY(!ptr && nmemb && size)) { + mozalloc_handle_oom(size); + return moz_xcalloc(nmemb, size); + } + return ptr; +} + +void* +moz_xrealloc(void* ptr, size_t size) +{ + void* newptr = realloc_impl(ptr, size); + if (UNLIKELY(!newptr && size)) { + mozalloc_handle_oom(size); + return moz_xrealloc(ptr, size); + } + return newptr; +} + +char* +moz_xstrdup(const char* str) +{ + char* dup = strdup_impl(str); + if (UNLIKELY(!dup)) { + mozalloc_handle_oom(0); + return moz_xstrdup(str); + } + return dup; +} + +#if defined(HAVE_STRNDUP) +char* +moz_xstrndup(const char* str, size_t strsize) +{ + char* dup = strndup_impl(str, strsize); + if (UNLIKELY(!dup)) { + mozalloc_handle_oom(strsize); + return moz_xstrndup(str, strsize); + } + return dup; +} +#endif // if defined(HAVE_STRNDUP) + +#if defined(HAVE_POSIX_MEMALIGN) +int +moz_xposix_memalign(void **ptr, size_t alignment, size_t size) +{ + int err = posix_memalign_impl(ptr, alignment, size); + if (UNLIKELY(err && ENOMEM == err)) { + mozalloc_handle_oom(size); + return moz_xposix_memalign(ptr, alignment, size); + } + // else: (0 == err) or (EINVAL == err) + return err; +} +int +moz_posix_memalign(void **ptr, size_t alignment, size_t size) +{ + int code = posix_memalign_impl(ptr, alignment, size); + if (code) + return code; + + return code; + +} +#endif // if defined(HAVE_POSIX_MEMALIGN) + +#if defined(HAVE_MEMALIGN) +void* +moz_xmemalign(size_t boundary, size_t size) +{ + void* ptr = memalign_impl(boundary, size); + if (UNLIKELY(!ptr && EINVAL != errno)) { + mozalloc_handle_oom(size); + return moz_xmemalign(boundary, size); + } + // non-NULL ptr or errno == EINVAL + return ptr; +} +#endif // if defined(HAVE_MEMALIGN) + +#if defined(HAVE_VALLOC) +void* +moz_xvalloc(size_t size) +{ + void* ptr = valloc_impl(size); + if (UNLIKELY(!ptr)) { + mozalloc_handle_oom(size); + return moz_xvalloc(size); + } + return ptr; +} +#endif // if defined(HAVE_VALLOC) + +#ifndef MOZ_STATIC_RUNTIME +size_t +moz_malloc_usable_size(void *ptr) +{ + if (!ptr) + return 0; + +#if defined(HAVE_MALLOC_USABLE_SIZE) || defined(MOZ_MEMORY) + return malloc_usable_size_impl(ptr); +#elif defined(XP_WIN) + return _msize(ptr); +#else + return 0; +#endif +} + +size_t moz_malloc_size_of(const void *ptr) +{ + return moz_malloc_usable_size((void *)ptr); +} +#endif diff --git a/system/memory/mozalloc/mozalloc.h b/system/memory/mozalloc/mozalloc.h new file mode 100644 index 000000000..50dc53e5c --- /dev/null +++ b/system/memory/mozalloc/mozalloc.h @@ -0,0 +1,352 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_mozalloc_h +#define mozilla_mozalloc_h + +/* + * https://bugzilla.mozilla.org/show_bug.cgi?id=427099 + */ + +#if defined(__cplusplus) +# include <new> +// Since libstdc++ 6, including the C headers (e.g. stdlib.h) instead of the +// corresponding C++ header (e.g. cstdlib) can cause confusion in C++ code +// using things defined there. Specifically, with stdlib.h, the use of abs() +// in gfx/graphite2/src/inc/UtfCodec.h somehow ends up picking the wrong abs() +# include <cstdlib> +# include <cstring> +#else +# include <stdlib.h> +# include <string.h> +#endif + +#if defined(__cplusplus) +#include "mozilla/fallible.h" +#include "mozilla/mozalloc_abort.h" +#include "mozilla/TemplateLib.h" +#endif +#include "mozilla/Attributes.h" +#include "mozilla/Types.h" + +#define MOZALLOC_HAVE_XMALLOC + +#if defined(MOZ_ALWAYS_INLINE_EVEN_DEBUG) +# define MOZALLOC_INLINE MOZ_ALWAYS_INLINE_EVEN_DEBUG +#elif defined(HAVE_FORCEINLINE) +# define MOZALLOC_INLINE __forceinline +#else +# define MOZALLOC_INLINE inline +#endif + +/* Workaround build problem with Sun Studio 12 */ +#if defined(__SUNPRO_C) || defined(__SUNPRO_CC) +# undef MOZ_MUST_USE +# define MOZ_MUST_USE +# undef MOZ_ALLOCATOR +# define MOZ_ALLOCATOR +#endif + +#if defined(__cplusplus) +extern "C" { +#endif /* ifdef __cplusplus */ + +/* + * We need to use malloc_impl and free_impl in this file when they are + * defined, because of how mozglue.dll is linked on Windows, where using + * malloc/free would end up using the symbols from the MSVCRT instead of + * ours. + */ +#ifndef free_impl +#define free_impl free +#define free_impl_ +#endif +#ifndef malloc_impl +#define malloc_impl malloc +#define malloc_impl_ +#endif + +/* + * Each declaration below is analogous to a "standard" allocation + * function, except that the out-of-memory handling is made explicit. + * The |moz_x| versions will never return a NULL pointer; if memory + * is exhausted, they abort. The |moz_| versions may return NULL + * pointers if memory is exhausted: their return value must be checked. + * + * All these allocation functions are *guaranteed* to return a pointer + * to memory allocated in such a way that that memory can be freed by + * passing that pointer to |free()|. + */ + +MFBT_API void* moz_xmalloc(size_t size) + MOZ_ALLOCATOR; + +MFBT_API void* moz_xcalloc(size_t nmemb, size_t size) + MOZ_ALLOCATOR; + +MFBT_API void* moz_xrealloc(void* ptr, size_t size) + MOZ_ALLOCATOR; + +MFBT_API char* moz_xstrdup(const char* str) + MOZ_ALLOCATOR; + +MFBT_API size_t moz_malloc_usable_size(void *ptr); + +MFBT_API size_t moz_malloc_size_of(const void *ptr); + +#if defined(HAVE_STRNDUP) +MFBT_API char* moz_xstrndup(const char* str, size_t strsize) + MOZ_ALLOCATOR; +#endif /* if defined(HAVE_STRNDUP) */ + + +#if defined(HAVE_POSIX_MEMALIGN) +MFBT_API MOZ_MUST_USE +int moz_xposix_memalign(void **ptr, size_t alignment, size_t size); + +MFBT_API MOZ_MUST_USE +int moz_posix_memalign(void **ptr, size_t alignment, size_t size); +#endif /* if defined(HAVE_POSIX_MEMALIGN) */ + + +#if defined(HAVE_MEMALIGN) +MFBT_API void* moz_xmemalign(size_t boundary, size_t size) + MOZ_ALLOCATOR; +#endif /* if defined(HAVE_MEMALIGN) */ + + +#if defined(HAVE_VALLOC) +MFBT_API void* moz_xvalloc(size_t size) + MOZ_ALLOCATOR; +#endif /* if defined(HAVE_VALLOC) */ + + +#ifdef __cplusplus +} /* extern "C" */ +#endif /* ifdef __cplusplus */ + + +#ifdef __cplusplus + +/* + * We implement the default operators new/delete as part of + * libmozalloc, replacing their definitions in libstdc++. The + * operator new* definitions in libmozalloc will never return a NULL + * pointer. + * + * Each operator new immediately below returns a pointer to memory + * that can be delete'd by any of + * + * (1) the matching infallible operator delete immediately below + * (2) the matching "fallible" operator delete further below + * (3) the matching system |operator delete(void*, std::nothrow)| + * (4) the matching system |operator delete(void*) throw(std::bad_alloc)| + * + * NB: these are declared |throw(std::bad_alloc)|, though they will never + * throw that exception. This declaration is consistent with the rule + * that |::operator new() throw(std::bad_alloc)| will never return NULL. + */ + +/* NB: This is defined just to silence vacuous warnings about symbol + * visibility on gcc. These symbols are force-inline and not exported. + */ +#define MOZALLOC_EXPORT_NEW + +#if defined(_MSC_VER) +/* + * Suppress build warning spam (bug 578546). + */ +#define MOZALLOC_THROW_IF_HAS_EXCEPTIONS +#define MOZALLOC_THROW_BAD_ALLOC_IF_HAS_EXCEPTIONS +#elif __cplusplus >= 201103 +/* + * C++11 has deprecated exception-specifications in favour of |noexcept|. + */ +#define MOZALLOC_THROW_IF_HAS_EXCEPTIONS noexcept(true) +#define MOZALLOC_THROW_BAD_ALLOC_IF_HAS_EXCEPTIONS noexcept(false) +#else +#define MOZALLOC_THROW_IF_HAS_EXCEPTIONS throw() +#define MOZALLOC_THROW_BAD_ALLOC_IF_HAS_EXCEPTIONS throw(std::bad_alloc) +#endif + +#define MOZALLOC_THROW_BAD_ALLOC MOZALLOC_THROW_BAD_ALLOC_IF_HAS_EXCEPTIONS + +MOZALLOC_EXPORT_NEW +#if defined(__GNUC__) && !defined(__clang__) && defined(__SANITIZE_ADDRESS__) +/* gcc's asan somehow doesn't like always_inline on this function. */ +__attribute__((gnu_inline)) inline +#else +MOZALLOC_INLINE +#endif +void* operator new(size_t size) MOZALLOC_THROW_BAD_ALLOC +{ + return moz_xmalloc(size); +} + +MOZALLOC_EXPORT_NEW MOZALLOC_INLINE +void* operator new(size_t size, const std::nothrow_t&) MOZALLOC_THROW_IF_HAS_EXCEPTIONS +{ + return malloc_impl(size); +} + +MOZALLOC_EXPORT_NEW MOZALLOC_INLINE +void* operator new[](size_t size) MOZALLOC_THROW_BAD_ALLOC +{ + return moz_xmalloc(size); +} + +MOZALLOC_EXPORT_NEW MOZALLOC_INLINE +void* operator new[](size_t size, const std::nothrow_t&) MOZALLOC_THROW_IF_HAS_EXCEPTIONS +{ + return malloc_impl(size); +} + +MOZALLOC_EXPORT_NEW MOZALLOC_INLINE +void operator delete(void* ptr) MOZALLOC_THROW_IF_HAS_EXCEPTIONS +{ + return free_impl(ptr); +} + +MOZALLOC_EXPORT_NEW MOZALLOC_INLINE +void operator delete(void* ptr, const std::nothrow_t&) MOZALLOC_THROW_IF_HAS_EXCEPTIONS +{ + return free_impl(ptr); +} + +MOZALLOC_EXPORT_NEW MOZALLOC_INLINE +void operator delete[](void* ptr) MOZALLOC_THROW_IF_HAS_EXCEPTIONS +{ + return free_impl(ptr); +} + +MOZALLOC_EXPORT_NEW MOZALLOC_INLINE +void operator delete[](void* ptr, const std::nothrow_t&) MOZALLOC_THROW_IF_HAS_EXCEPTIONS +{ + return free_impl(ptr); +} + + +/* + * We also add a new allocator variant: "fallible operator new." + * Unlike libmozalloc's implementations of the standard nofail + * allocators, this allocator is allowed to return NULL. It can be used + * as follows + * + * Foo* f = new (mozilla::fallible) Foo(...); + * + * operator delete(fallible) is defined for completeness only. + * + * Each operator new below returns a pointer to memory that can be + * delete'd by any of + * + * (1) the matching "fallible" operator delete below + * (2) the matching infallible operator delete above + * (3) the matching system |operator delete(void*, std::nothrow)| + * (4) the matching system |operator delete(void*) throw(std::bad_alloc)| + */ + +MOZALLOC_INLINE +void* operator new(size_t size, const mozilla::fallible_t&) MOZALLOC_THROW_IF_HAS_EXCEPTIONS +{ + return malloc_impl(size); +} + +MOZALLOC_INLINE +void* operator new[](size_t size, const mozilla::fallible_t&) MOZALLOC_THROW_IF_HAS_EXCEPTIONS +{ + return malloc_impl(size); +} + +MOZALLOC_INLINE +void operator delete(void* ptr, const mozilla::fallible_t&) MOZALLOC_THROW_IF_HAS_EXCEPTIONS +{ + free_impl(ptr); +} + +MOZALLOC_INLINE +void operator delete[](void* ptr, const mozilla::fallible_t&) MOZALLOC_THROW_IF_HAS_EXCEPTIONS +{ + free_impl(ptr); +} + + +/* + * This policy is identical to MallocAllocPolicy, except it uses + * moz_xmalloc/moz_xcalloc/moz_xrealloc instead of + * malloc/calloc/realloc. + */ +class InfallibleAllocPolicy +{ +public: + template <typename T> + T* maybe_pod_malloc(size_t aNumElems) + { + return pod_malloc<T>(aNumElems); + } + + template <typename T> + T* maybe_pod_calloc(size_t aNumElems) + { + return pod_calloc<T>(aNumElems); + } + + template <typename T> + T* maybe_pod_realloc(T* aPtr, size_t aOldSize, size_t aNewSize) + { + return pod_realloc<T>(aPtr, aOldSize, aNewSize); + } + + template <typename T> + T* pod_malloc(size_t aNumElems) + { + if (aNumElems & mozilla::tl::MulOverflowMask<sizeof(T)>::value) { + reportAllocOverflow(); + } + return static_cast<T*>(moz_xmalloc(aNumElems * sizeof(T))); + } + + template <typename T> + T* pod_calloc(size_t aNumElems) + { + return static_cast<T*>(moz_xcalloc(aNumElems, sizeof(T))); + } + + template <typename T> + T* pod_realloc(T* aPtr, size_t aOldSize, size_t aNewSize) + { + if (aNewSize & mozilla::tl::MulOverflowMask<sizeof(T)>::value) { + reportAllocOverflow(); + } + return static_cast<T*>(moz_xrealloc(aPtr, aNewSize * sizeof(T))); + } + + void free_(void* aPtr) + { + free_impl(aPtr); + } + + void reportAllocOverflow() const + { + mozalloc_abort("alloc overflow"); + } + + bool checkSimulatedOOM() const + { + return true; + } +}; + +#endif /* ifdef __cplusplus */ + +#ifdef malloc_impl_ +#undef malloc_impl_ +#undef malloc_impl +#endif +#ifdef free_impl_ +#undef free_impl_ +#undef free_impl +#endif + +#endif /* ifndef mozilla_mozalloc_h */ diff --git a/system/memory/mozalloc/mozalloc_abort.cpp b/system/memory/mozalloc/mozalloc_abort.cpp new file mode 100644 index 000000000..8db569655 --- /dev/null +++ b/system/memory/mozalloc/mozalloc_abort.cpp @@ -0,0 +1,48 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: sw=4 ts=4 et : + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/mozalloc_abort.h" + +#include <stdio.h> + +#include "mozilla/Assertions.h" + +void +mozalloc_abort(const char* const msg) +{ + fputs(msg, stderr); + fputs("\n", stderr); + MOZ_CRASH(); +} + +#if defined(XP_UNIX) && !defined(MOZ_ASAN) +// Define abort() here, so that it is used instead of the system abort(). This +// lets us control the behavior when aborting, in order to get better results +// on *NIX platforms. See mozalloc_abort for details. +// +// For AddressSanitizer, we must not redefine system abort because the ASan +// option "abort_on_error=1" calls abort() and therefore causes the following +// call chain with our redefined abort: +// +// ASan -> abort() -> moz_abort() -> MOZ_CRASH() -> Segmentation fault +// +// That segmentation fault will be interpreted as another bug by ASan and as a +// result, ASan will just exit(1) instead of aborting. +extern "C" void abort(void) +{ + const char* const msg = "Redirecting call to abort() to mozalloc_abort\n"; + + mozalloc_abort(msg); + + // We won't reach here because mozalloc_abort() is MOZ_NORETURN. But that + // annotation isn't used on ARM (see mozalloc_abort.h for why) so we add a + // redundant MOZ_CRASH() here to avoid a "'noreturn' function does return" + // warning. + MOZ_CRASH(); +} +#endif + diff --git a/system/memory/mozalloc/mozalloc_abort.h b/system/memory/mozalloc/mozalloc_abort.h new file mode 100644 index 000000000..065cebcb3 --- /dev/null +++ b/system/memory/mozalloc/mozalloc_abort.h @@ -0,0 +1,28 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: sw=4 ts=4 et : + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_mozalloc_abort_h +#define mozilla_mozalloc_abort_h + +#include "mozilla/Attributes.h" +#include "mozilla/Types.h" + +/** + * Terminate this process in such a way that breakpad is triggered, if + * at all possible. + * + * Note: MOZ_NORETURN seems to break crash stacks on ARM, so we don't + * use that annotation there. + */ +MFBT_API +#if !defined(__arm__) + MOZ_NORETURN +#endif + void mozalloc_abort(const char* const msg); + + +#endif /* ifndef mozilla_mozalloc_abort_h */ diff --git a/system/memory/mozalloc/mozalloc_oom.cpp b/system/memory/mozalloc/mozalloc_oom.cpp new file mode 100644 index 000000000..820888cdb --- /dev/null +++ b/system/memory/mozalloc/mozalloc_oom.cpp @@ -0,0 +1,53 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: sw=4 ts=4 et : + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/mozalloc_abort.h" +#include "mozilla/mozalloc_oom.h" +#include "mozilla/Assertions.h" + +static mozalloc_oom_abort_handler gAbortHandler; + +#define OOM_MSG_LEADER "out of memory: 0x" +#define OOM_MSG_DIGITS "0000000000000000" // large enough for 2^64 +#define OOM_MSG_TRAILER " bytes requested" +#define OOM_MSG_FIRST_DIGIT_OFFSET sizeof(OOM_MSG_LEADER) - 1 +#define OOM_MSG_LAST_DIGIT_OFFSET sizeof(OOM_MSG_LEADER) + \ + sizeof(OOM_MSG_DIGITS) - 3 + +static const char *hex = "0123456789ABCDEF"; + +void +mozalloc_handle_oom(size_t size) +{ + char oomMsg[] = OOM_MSG_LEADER OOM_MSG_DIGITS OOM_MSG_TRAILER; + size_t i; + + // NB: this is handle_oom() stage 1, which simply aborts on OOM. + // we might proceed to a stage 2 in which an attempt is made to + // reclaim memory + + if (gAbortHandler) + gAbortHandler(size); + + static_assert(OOM_MSG_FIRST_DIGIT_OFFSET > 0, + "Loop below will never terminate (i can't go below 0)"); + + // Insert size into the diagnostic message using only primitive operations + for (i = OOM_MSG_LAST_DIGIT_OFFSET; + size && i >= OOM_MSG_FIRST_DIGIT_OFFSET; i--) { + oomMsg[i] = hex[size % 16]; + size /= 16; + } + + mozalloc_abort(oomMsg); +} + +void +mozalloc_set_oom_abort_handler(mozalloc_oom_abort_handler handler) +{ + gAbortHandler = handler; +} diff --git a/system/memory/mozalloc/mozalloc_oom.h b/system/memory/mozalloc/mozalloc_oom.h new file mode 100644 index 000000000..35bb9acc8 --- /dev/null +++ b/system/memory/mozalloc/mozalloc_oom.h @@ -0,0 +1,31 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: sw=4 ts=4 et : + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_mozalloc_oom_h +#define mozilla_mozalloc_oom_h + +#include "mozalloc.h" + +/** + * Called when memory is critically low. Returns iff it was able to + * remedy the critical memory situation; if not, it will abort(). + */ +MFBT_API void mozalloc_handle_oom(size_t requestedSize); + +/** + * Called by embedders (specifically Mozilla breakpad) which wants to be + * notified of an intentional abort, to annotate any crash report with + * the size of the allocation on which we aborted. + */ +typedef void (*mozalloc_oom_abort_handler)(size_t size); +MFBT_API void mozalloc_set_oom_abort_handler(mozalloc_oom_abort_handler handler); + +/* TODO: functions to query system memory usage and register + * critical-memory handlers. */ + + +#endif /* ifndef mozilla_mozalloc_oom_h */ diff --git a/system/memory/mozalloc/msvc_raise_wrappers.cpp b/system/memory/mozalloc/msvc_raise_wrappers.cpp new file mode 100644 index 000000000..820663f63 --- /dev/null +++ b/system/memory/mozalloc/msvc_raise_wrappers.cpp @@ -0,0 +1,63 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: sw=4 ts=4 et : + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <stdio.h> + +#include "mozalloc_abort.h" + +__declspec(noreturn) static void abort_from_exception(const char* const which, + const char* const what); +static void +abort_from_exception(const char* const which, const char* const what) +{ + fprintf(stderr, "fatal: STL threw %s: ", which); + mozalloc_abort(what); +} + +namespace std { + +// NB: user code is not supposed to touch the std:: namespace. We're +// doing this after careful review because we want to define our own +// exception throwing semantics. Don't try this at home! + +MFBT_API __declspec(noreturn) void +moz_Xinvalid_argument(const char* what) +{ + abort_from_exception("invalid_argument", what); +} + +MFBT_API __declspec(noreturn) void +moz_Xlength_error(const char* what) +{ + abort_from_exception("length_error", what); +} + +MFBT_API __declspec(noreturn) void +moz_Xout_of_range(const char* what) +{ + abort_from_exception("out_of_range", what); +} + +MFBT_API __declspec(noreturn) void +moz_Xoverflow_error(const char* what) +{ + abort_from_exception("overflow_error", what); +} + +MFBT_API __declspec(noreturn) void +moz_Xruntime_error(const char* what) +{ + abort_from_exception("runtime_error", what); +} + +MFBT_API __declspec(noreturn) void +moz_Xbad_function_call() +{ + abort_from_exception("bad_function_call", "bad function call"); +} + +} // namespace std diff --git a/system/memory/mozalloc/msvc_raise_wrappers.h b/system/memory/mozalloc/msvc_raise_wrappers.h new file mode 100644 index 000000000..91b77f453 --- /dev/null +++ b/system/memory/mozalloc/msvc_raise_wrappers.h @@ -0,0 +1,41 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: sw=4 ts=4 et : + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_msvc_raise_wrappers_h +#define mozilla_msvc_raise_wrappers_h + +#ifdef _XSTDDEF_ +# error "Unable to wrap _RAISE(); CRT _RAISE() already defined" +#endif +#ifdef _XUTILITY_ +# error "Unable to wrap _X[exception](); CRT versions already declared" +#endif +#ifdef _FUNCTIONAL_ +# error "Unable to wrap _Xbad_function_call(); CRT version already declared" +#endif + +#include "mozilla/mozalloc_abort.h" + +// xutility will declare the following functions in the std namespace. +// We #define them to be named differently so we can ensure the exception +// throwing semantics of these functions work exactly the way we want, by +// defining our own versions in msvc_raise_wrappers.cpp. +# define _Xinvalid_argument moz_Xinvalid_argument +# define _Xlength_error moz_Xlength_error +# define _Xout_of_range moz_Xout_of_range +# define _Xoverflow_error moz_Xoverflow_error +# define _Xruntime_error moz_Xruntime_error +// used by <functional> +# define _Xbad_function_call moz_Xbad_function_call + +# include <xstddef> +# include <xutility> + +# undef _RAISE +# define _RAISE(x) mozalloc_abort((x).what()) + +#endif // ifndef mozilla_msvc_raise_wrappers_h diff --git a/system/memory/mozalloc/staticruntime/moz.build b/system/memory/mozalloc/staticruntime/moz.build new file mode 100644 index 000000000..0a3dd7f7a --- /dev/null +++ b/system/memory/mozalloc/staticruntime/moz.build @@ -0,0 +1,34 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +NO_VISIBILITY_FLAGS = True + +if CONFIG['WRAP_STL_INCLUDES']: + DEFINES['_HAS_EXCEPTIONS'] = 0 + if CONFIG['MOZ_MSVC_STL_WRAP_RAISE']: + SOURCES += [ + '../msvc_raise_wrappers.cpp', + ] + +UNIFIED_SOURCES += [ + '../mozalloc.cpp', + '../mozalloc_abort.cpp', + '../mozalloc_oom.cpp', +] + +# Keep this file separate to avoid #include'ing windows.h everywhere. +SOURCES += [ + '../winheap.cpp', +] + +LOCAL_INCLUDES += ['!/xpcom'] + +DISABLE_STL_WRAPPING = True + +DEFINES['IMPL_MFBT'] = True + +USE_STATIC_LIBS = True + +Library('mozalloc_staticruntime') diff --git a/system/memory/mozalloc/throw_gcc.h b/system/memory/mozalloc/throw_gcc.h new file mode 100644 index 000000000..4264df63d --- /dev/null +++ b/system/memory/mozalloc/throw_gcc.h @@ -0,0 +1,145 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: sw=4 ts=4 et : + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_throw_gcc_h +#define mozilla_throw_gcc_h + +#include "mozilla/Attributes.h" + +#include <stdio.h> // snprintf +#include <string.h> // strerror + +// For gcc, we define these inline to abort so that we're absolutely +// certain that (i) no exceptions are thrown from Gecko; (ii) these +// errors are always terminal and caught by breakpad. + +#include "mozilla/mozalloc_abort.h" + +// libc++ 4.0.0 and higher use C++11 [[noreturn]] attributes for the functions +// below, and since clang does not allow mixing __attribute__((noreturn)) and +// [[noreturn]], we have to explicitly use the latter here. See bug 1329520. +#if defined(__clang__) +# if __has_feature(cxx_attributes) && \ + defined(_LIBCPP_VERSION) && _LIBCPP_VERSION >= 4000 +# define MOZ_THROW_NORETURN [[noreturn]] +# endif +#endif +#ifndef MOZ_THROW_NORETURN +# define MOZ_THROW_NORETURN MOZ_NORETURN +#endif + +namespace std { + +// NB: user code is not supposed to touch the std:: namespace. We're +// doing this after careful review because we want to define our own +// exception throwing semantics. Don't try this at home! + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_bad_exception(void) +{ + mozalloc_abort("fatal: STL threw bad_exception"); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_bad_alloc(void) +{ + mozalloc_abort("fatal: STL threw bad_alloc"); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_bad_cast(void) +{ + mozalloc_abort("fatal: STL threw bad_cast"); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_bad_typeid(void) +{ + mozalloc_abort("fatal: STL threw bad_typeid"); +} + +// used by <functional> +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_bad_function_call(void) +{ + mozalloc_abort("fatal: STL threw bad_function_call"); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_logic_error(const char* msg) +{ + mozalloc_abort(msg); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_domain_error(const char* msg) +{ + mozalloc_abort(msg); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_invalid_argument(const char* msg) +{ + mozalloc_abort(msg); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_length_error(const char* msg) +{ + mozalloc_abort(msg); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_out_of_range(const char* msg) +{ + mozalloc_abort(msg); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_runtime_error(const char* msg) +{ + mozalloc_abort(msg); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_range_error(const char* msg) +{ + mozalloc_abort(msg); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_overflow_error(const char* msg) +{ + mozalloc_abort(msg); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_underflow_error(const char* msg) +{ + mozalloc_abort(msg); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_ios_failure(const char* msg) +{ + mozalloc_abort(msg); +} + +MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void +__throw_system_error(int err) +{ + char error[128]; + snprintf(error, sizeof(error)-1, + "fatal: STL threw system_error: %s (%d)", strerror(err), err); + mozalloc_abort(error); +} + +} // namespace std + +#undef MOZ_THROW_NORETURN + +#endif // mozilla_throw_gcc_h diff --git a/system/memory/mozalloc/throw_msvc.h b/system/memory/mozalloc/throw_msvc.h new file mode 100644 index 000000000..e6ebf46dc --- /dev/null +++ b/system/memory/mozalloc/throw_msvc.h @@ -0,0 +1,17 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: sw=4 ts=4 et : + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_throw_msvc_h +#define mozilla_throw_msvc_h + +#if defined(MOZ_MSVC_STL_WRAP_RAISE) +# include "msvc_raise_wrappers.h" +#else +# error "Unknown STL wrapper tactic" +#endif + +#endif // mozilla_throw_msvc_h diff --git a/system/memory/mozalloc/winheap.cpp b/system/memory/mozalloc/winheap.cpp new file mode 100644 index 000000000..79ff35fff --- /dev/null +++ b/system/memory/mozalloc/winheap.cpp @@ -0,0 +1,74 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: sw=4 ts=4 et : + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/Types.h" +#include <windows.h> + +// Building with USE_STATIC_LIBS = True sets -MT instead of -MD. -MT sets _MT, +// while -MD sets _MT and _DLL. +#if defined(_MT) && !defined(_DLL) +#define MOZ_STATIC_RUNTIME +#endif + +#if defined(MOZ_MEMORY) && !defined(MOZ_STATIC_RUNTIME) +// mozalloc.cpp is part of the same library as mozmemory, thus MOZ_MEMORY_IMPL +// is needed. +#define MOZ_MEMORY_IMPL +#include "mozmemory_wrap.h" + +// See mozmemory_wrap.h for more details. This file is part of libmozglue, so +// it needs to use _impl suffixes. However, with libmozglue growing, this is +// becoming cumbersome, so we will likely use a malloc.h wrapper of some sort +// and allow the use of the functions without a _impl suffix. +#define MALLOC_DECL(name, return_type, ...) \ + extern "C" MOZ_MEMORY_API return_type name ## _impl(__VA_ARGS__); +#define MALLOC_FUNCS MALLOC_FUNCS_MALLOC +#include "malloc_decls.h" + +// Warning: C4273: 'HeapAlloc': inconsistent dll linkage +// The Windows headers define HeapAlloc as dllimport, but we define it as +// dllexport, which is a voluntary inconsistency. +#pragma warning(disable: 4273) + +MFBT_API +LPVOID WINAPI HeapAlloc(_In_ HANDLE hHeap, _In_ DWORD dwFlags, + _In_ SIZE_T dwBytes) +{ + if (dwFlags & HEAP_ZERO_MEMORY) { + return calloc_impl(1, dwBytes); + } + return malloc_impl(dwBytes); +} + +MFBT_API +LPVOID WINAPI HeapReAlloc(_In_ HANDLE hHeap, _In_ DWORD dwFlags, + _In_ LPVOID lpMem, _In_ SIZE_T dwBytes) +{ + // The HeapReAlloc contract is that failures preserve the existing + // allocation. We can't try to realloc in-place without possibly + // freeing the original allocation, breaking the contract. + // We also can't guarantee we zero all the memory from the end of + // the original allocation to the end of the new one because of the + // difference between the originally requested size and what + // malloc_usable_size would return us. + // So for both cases, just tell the caller we can't do what they + // requested. + if (dwFlags & (HEAP_REALLOC_IN_PLACE_ONLY | HEAP_ZERO_MEMORY)) { + return NULL; + } + return realloc_impl(lpMem, dwBytes); +} + +MFBT_API +BOOL WINAPI HeapFree(_In_ HANDLE hHeap, _In_ DWORD dwFlags, + _In_ LPVOID lpMem) +{ + free_impl(lpMem); + return true; +} + +#endif diff --git a/system/memory/mozjemalloc/Makefile.in b/system/memory/mozjemalloc/Makefile.in new file mode 100644 index 000000000..f02b315ec --- /dev/null +++ b/system/memory/mozjemalloc/Makefile.in @@ -0,0 +1,11 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Force optimize mozjemalloc on --disable-optimize builds. +# This works around the issue that the Android NDK's definition of ffs is +# broken when compiling without optimization, while avoiding to add yet another +# configure test. +MOZ_OPTIMIZE = 1 + diff --git a/system/memory/mozjemalloc/jemalloc.c b/system/memory/mozjemalloc/jemalloc.c new file mode 100644 index 000000000..02e771a09 --- /dev/null +++ b/system/memory/mozjemalloc/jemalloc.c @@ -0,0 +1,6799 @@ +/* -*- Mode: C; tab-width: 8; c-basic-offset: 8; indent-tabs-mode: t -*- */ +/* vim:set softtabstop=8 shiftwidth=8 noet: */ +/*- + * Copyright (C) 2006-2008 Jason Evans <jasone@FreeBSD.org>. + * Copyright (C) 2015-2019 Mark Straver <moonchild@palemoon.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice(s), this list of conditions and the following disclaimer as + * the first lines of this file unmodified other than the possible + * addition of one or more copyright notices. + * 2. Redistributions in binary form must reproduce the above copyright + * notice(s), this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + ******************************************************************************* + * + * This allocator implementation is designed to provide scalable performance + * for multi-threaded programs on multi-processor systems. The following + * features are included for this purpose: + * + * + Multiple arenas are used if there are multiple CPUs, which reduces lock + * contention and cache sloshing. + * + * + Cache line sharing between arenas is avoided for internal data + * structures. + * + * + Memory is managed in chunks and runs (chunks can be split into runs), + * rather than as individual pages. This provides a constant-time + * mechanism for associating allocations with particular arenas. + * + * Allocation requests are rounded up to the nearest size class, and no record + * of the original request size is maintained. Allocations are broken into + * categories according to size class. Assuming runtime defaults, 4 kB pages + * and a 16 byte quantum on a 32-bit system, the size classes in each category + * are as follows: + * + * |=====================================| + * | Category | Subcategory | Size | + * |=====================================| + * | Small | Tiny | 2 | + * | | | 4 | + * | | | 8 | + * | |----------------+---------| + * | | Quantum-spaced | 16 | + * | | | 32 | + * | | | 48 | + * | | | ... | + * | | | 480 | + * | | | 496 | + * | | | 512 | + * | |----------------+---------| + * | | Sub-page | 1 kB | + * | | | 2 kB | + * |=====================================| + * | Large | 4 kB | + * | | 8 kB | + * | | 12 kB | + * | | ... | + * | | 1012 kB | + * | | 1016 kB | + * | | 1020 kB | + * |=====================================| + * | Huge | 1 MB | + * | | 2 MB | + * | | 3 MB | + * | | ... | + * |=====================================| + * + * NOTE: Due to Mozilla bug 691003, we cannot reserve less than one word for an + * allocation on Linux or Mac. So on 32-bit *nix, the smallest bucket size is + * 4 bytes, and on 64-bit, the smallest bucket size is 8 bytes. + * + * A different mechanism is used for each category: + * + * Small : Each size class is segregated into its own set of runs. Each run + * maintains a bitmap of which regions are free/allocated. + * + * Large : Each allocation is backed by a dedicated run. Metadata are stored + * in the associated arena chunk header maps. + * + * Huge : Each allocation is backed by a dedicated contiguous set of chunks. + * Metadata are stored in a separate red-black tree. + * + ******************************************************************************* + */ + +/* + * On Linux, we use madvise(MADV_DONTNEED) to release memory back to the + * operating system. If we release 1MB of live pages with MADV_DONTNEED, our + * RSS will decrease by 1MB (almost) immediately. + * + * On Mac, we use madvise(MADV_FREE). Unlike MADV_DONTNEED on Linux, MADV_FREE + * on Mac doesn't cause the OS to release the specified pages immediately; the + * OS keeps them in our process until the machine comes under memory pressure. + * + * It's therefore difficult to measure the process's RSS on Mac, since, in the + * absence of memory pressure, the contribution from the heap to RSS will not + * decrease due to our madvise calls. + * + * We therefore define MALLOC_DOUBLE_PURGE on Mac. This causes jemalloc to + * track which pages have been MADV_FREE'd. You can then call + * jemalloc_purge_freed_pages(), which will force the OS to release those + * MADV_FREE'd pages, making the process's RSS reflect its true memory usage. + * + * The jemalloc_purge_freed_pages definition in memory/build/mozmemory.h needs + * to be adjusted if MALLOC_DOUBLE_PURGE is ever enabled on Linux. + */ +#ifdef MOZ_MEMORY_DARWIN +#define MALLOC_DOUBLE_PURGE +#endif + +/* + * MALLOC_PRODUCTION disables assertions and statistics gathering. It also + * defaults the A and J runtime options to off. These settings are appropriate + * for production systems. + */ +#ifndef MOZ_MEMORY_DEBUG +# define MALLOC_PRODUCTION +#endif + +/* + * Uncomment this to use only one arena by default. + */ +// #define MOZ_MEMORY_NARENAS_DEFAULT_ONE + +/* + * Pass this set of options to jemalloc as its default. It does not override + * the options passed via the MALLOC_OPTIONS environment variable but is + * applied in addition to them. + */ +# define MOZ_MALLOC_OPTIONS "" + +/* + * MALLOC_STATS enables statistics calculation, and is required for + * jemalloc_stats(). + */ +#define MALLOC_STATS + +/* Memory filling (junk/poison/zero). */ +#define MALLOC_FILL + +#ifndef MALLOC_PRODUCTION + /* + * MALLOC_DEBUG enables assertions and other sanity checks, and disables + * inline functions. + */ +# define MALLOC_DEBUG + + /* Support optional abort() on OOM. */ +# define MALLOC_XMALLOC + + /* Support SYSV semantics. */ +# define MALLOC_SYSV +#endif + +#ifdef MOZ_MEMORY_LINUX +#define _GNU_SOURCE /* For mremap(2). */ +#endif + +#include <sys/types.h> +#ifdef MOZ_MEMORY_BSD +#include <sys/sysctl.h> +#endif + +#include <errno.h> +#include <stdlib.h> +#include <limits.h> +#include <stdarg.h> +#include <stdio.h> +#include <string.h> + +#ifdef MOZ_MEMORY_WINDOWS + +#include <io.h> +#include <windows.h> +#include <intrin.h> + +#pragma warning( disable: 4267 4996 4146 ) + +#define bool BOOL +#define false FALSE +#define true TRUE +#define inline __inline +#define SIZE_T_MAX SIZE_MAX +#define STDERR_FILENO 2 +#define PATH_MAX MAX_PATH +#define vsnprintf _vsnprintf + +#ifndef NO_TLS +static unsigned long tlsIndex = 0xffffffff; +#endif + +#define __thread +#define _pthread_self() __threadid() + +/* use MSVC intrinsics */ +#pragma intrinsic(_BitScanForward) +static __forceinline int +ffs(int x) +{ + unsigned long i; + + if (_BitScanForward(&i, x) != 0) + return (i + 1); + + return (0); +} + +/* Implement getenv without using malloc */ +static char mozillaMallocOptionsBuf[64]; + +#define getenv xgetenv +static char * +getenv(const char *name) +{ + + if (GetEnvironmentVariableA(name, (LPSTR)&mozillaMallocOptionsBuf, + sizeof(mozillaMallocOptionsBuf)) > 0) + return (mozillaMallocOptionsBuf); + + return (NULL); +} + +typedef unsigned char uint8_t; +typedef unsigned uint32_t; +typedef unsigned long long uint64_t; +typedef unsigned long long uintmax_t; +#if defined(_WIN64) +typedef long long ssize_t; +#else +typedef long ssize_t; +#endif + +#define MALLOC_DECOMMIT +#endif + +/* + * Allow unmapping pages on all platforms. Note that if this is disabled, + * jemalloc will never unmap anything, instead recycling pages for later use. + */ +#define JEMALLOC_MUNMAP + +/* + * Enable limited chunk recycling on all platforms. Note that when + * JEMALLOC_MUNMAP is not defined, all chunks will be recycled unconditionally. + */ +#define JEMALLOC_RECYCLE + +#ifndef MOZ_MEMORY_WINDOWS +#ifndef MOZ_MEMORY_SOLARIS +#include <sys/cdefs.h> +#endif +#ifndef __DECONST +# define __DECONST(type, var) ((type)(uintptr_t)(const void *)(var)) +#endif +#include <sys/mman.h> +#ifndef MADV_FREE +# define MADV_FREE MADV_DONTNEED +#endif +#ifndef MAP_NOSYNC +# define MAP_NOSYNC 0 +#endif +#include <sys/param.h> +#include <sys/time.h> +#include <sys/types.h> +#include <sys/uio.h> + +#include <errno.h> +#include <limits.h> +#ifndef SIZE_T_MAX +# define SIZE_T_MAX SIZE_MAX +#endif +#include <pthread.h> +#include <sched.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <strings.h> +#include <unistd.h> + +#endif + +#include "jemalloc_types.h" +#include "linkedlist.h" +#include "mozmemory_wrap.h" + +/* Some tools, such as /dev/dsp wrappers, LD_PRELOAD libraries that + * happen to override mmap() and call dlsym() from their overridden + * mmap(). The problem is that dlsym() calls malloc(), and this ends + * up in a dead lock in jemalloc. + * On these systems, we prefer to directly use the system call. + * We do that for Linux systems and kfreebsd with GNU userland. + * Note sanity checks are not done (alignment of offset, ...) because + * the uses of mmap are pretty limited, in jemalloc. + * + * On Alpha, glibc has a bug that prevents syscall() to work for system + * calls with 6 arguments + */ +#if (defined(MOZ_MEMORY_LINUX) && !defined(__alpha__)) || \ + (defined(MOZ_MEMORY_BSD) && defined(__GLIBC__)) +#include <sys/syscall.h> +#if defined(SYS_mmap) || defined(SYS_mmap2) +static inline +void *_mmap(void *addr, size_t length, int prot, int flags, + int fd, off_t offset) +{ +/* S390 only passes one argument to the mmap system call, which is a + * pointer to a structure containing the arguments */ +#ifdef __s390__ + struct { + void *addr; + size_t length; + long prot; + long flags; + long fd; + off_t offset; + } args = { addr, length, prot, flags, fd, offset }; + return (void *) syscall(SYS_mmap, &args); +#else +#ifdef SYS_mmap2 + return (void *) syscall(SYS_mmap2, addr, length, prot, flags, + fd, offset >> 12); +#else + return (void *) syscall(SYS_mmap, addr, length, prot, flags, + fd, offset); +#endif +#endif +} +#define mmap _mmap +#define munmap(a, l) syscall(SYS_munmap, a, l) +#endif +#endif + +#ifndef __DECONST +#define __DECONST(type, var) ((type)(uintptr_t)(const void *)(var)) +#endif + +#include "rb.h" + +#ifdef MALLOC_DEBUG + /* Disable inlining to make debugging easier. */ +#ifdef inline +#undef inline +#endif + +# define inline +#endif + +/* Size of stack-allocated buffer passed to strerror_r(). */ +#define STRERROR_BUF 64 + +/* Minimum alignment of non-tiny allocations is 2^QUANTUM_2POW_MIN bytes. */ +# define QUANTUM_2POW_MIN 4 +#if defined(_WIN64) || defined(__LP64__) +# define SIZEOF_PTR_2POW 3 +#else +# define SIZEOF_PTR_2POW 2 +#endif +#define PIC +#ifdef MOZ_MEMORY_DARWIN +# define NO_TLS +#endif + +#define SIZEOF_PTR (1U << SIZEOF_PTR_2POW) + +/* sizeof(int) == (1U << SIZEOF_INT_2POW). */ +#ifndef SIZEOF_INT_2POW +# define SIZEOF_INT_2POW 2 +#endif + +/* We can't use TLS in non-PIC programs, since TLS relies on loader magic. */ +#if (!defined(PIC) && !defined(NO_TLS)) +# define NO_TLS +#endif + +/* + * Size and alignment of memory chunks that are allocated by the OS's virtual + * memory system. + */ +#define CHUNK_2POW_DEFAULT 20 +/* Maximum number of dirty pages per arena. */ +#define DIRTY_MAX_DEFAULT (1U << 8) + +/* + * Maximum size of L1 cache line. This is used to avoid cache line aliasing, + * so over-estimates are okay (up to a point), but under-estimates will + * negatively affect performance. + */ +#define CACHELINE_2POW 6 +#define CACHELINE ((size_t)(1U << CACHELINE_2POW)) + +/* + * Smallest size class to support. On Windows the smallest allocation size + * must be 8 bytes on 32-bit, 16 bytes on 64-bit. On Linux and Mac, even + * malloc(1) must reserve a word's worth of memory (see Mozilla bug 691003). + */ +#ifdef MOZ_MEMORY_WINDOWS +#define TINY_MIN_2POW (sizeof(void*) == 8 ? 4 : 3) +#else +#define TINY_MIN_2POW (sizeof(void*) == 8 ? 3 : 2) +#endif + +/* + * Maximum size class that is a multiple of the quantum, but not (necessarily) + * a power of 2. Above this size, allocations are rounded up to the nearest + * power of 2. + */ +#define SMALL_MAX_2POW_DEFAULT 9 +#define SMALL_MAX_DEFAULT (1U << SMALL_MAX_2POW_DEFAULT) + +/* + * RUN_MAX_OVRHD indicates maximum desired run header overhead. Runs are sized + * as small as possible such that this setting is still honored, without + * violating other constraints. The goal is to make runs as small as possible + * without exceeding a per run external fragmentation threshold. + * + * We use binary fixed point math for overhead computations, where the binary + * point is implicitly RUN_BFP bits to the left. + * + * Note that it is possible to set RUN_MAX_OVRHD low enough that it cannot be + * honored for some/all object sizes, since there is one bit of header overhead + * per object (plus a constant). This constraint is relaxed (ignored) for runs + * that are so small that the per-region overhead is greater than: + * + * (RUN_MAX_OVRHD / (reg_size << (3+RUN_BFP)) + */ +#define RUN_BFP 12 +/* \/ Implicit binary fixed point. */ +#define RUN_MAX_OVRHD 0x0000003dU +#define RUN_MAX_OVRHD_RELAX 0x00001800U + +/******************************************************************************/ + +/* MALLOC_DECOMMIT and MALLOC_DOUBLE_PURGE are mutually exclusive. */ +#if defined(MALLOC_DECOMMIT) && defined(MALLOC_DOUBLE_PURGE) +#error MALLOC_DECOMMIT and MALLOC_DOUBLE_PURGE are mutually exclusive. +#endif + +/* + * Mutexes based on spinlocks. We can't use normal pthread spinlocks in all + * places, because they require malloc()ed memory, which causes bootstrapping + * issues in some cases. + */ +#if defined(MOZ_MEMORY_WINDOWS) +#define malloc_mutex_t SRWLOCK +#define malloc_spinlock_t SRWLOCK +#elif defined(MOZ_MEMORY_DARWIN) +typedef struct { + OSSpinLock lock; +} malloc_mutex_t; +typedef struct { + OSSpinLock lock; +} malloc_spinlock_t; +#else +typedef pthread_mutex_t malloc_mutex_t; +typedef pthread_mutex_t malloc_spinlock_t; +#endif + +/* Set to true once the allocator has been initialized. */ +static volatile bool malloc_initialized = false; + +#if defined(MOZ_MEMORY_WINDOWS) || defined(__FreeBSD__) +/* No init lock for Windows nor FreeBSD. */ +#elif defined(MOZ_MEMORY_DARWIN) +static malloc_mutex_t init_lock = {OS_SPINLOCK_INIT}; +#elif defined(MOZ_MEMORY_LINUX) +static malloc_mutex_t init_lock = PTHREAD_ADAPTIVE_MUTEX_INITIALIZER_NP; +#else +static malloc_mutex_t init_lock = PTHREAD_MUTEX_INITIALIZER; +#endif + +/******************************************************************************/ +/* + * Statistics data structures. + */ + +#ifdef MALLOC_STATS + +typedef struct malloc_bin_stats_s malloc_bin_stats_t; +struct malloc_bin_stats_s { + /* + * Number of allocation requests that corresponded to the size of this + * bin. + */ + uint64_t nrequests; + + /* Total number of runs created for this bin's size class. */ + uint64_t nruns; + + /* + * Total number of runs reused by extracting them from the runs tree for + * this bin's size class. + */ + uint64_t reruns; + + /* High-water mark for this bin. */ + unsigned long highruns; + + /* Current number of runs in this bin. */ + unsigned long curruns; +}; + +typedef struct arena_stats_s arena_stats_t; +struct arena_stats_s { + /* Number of bytes currently mapped. */ + size_t mapped; + + /* + * Total number of purge sweeps, total number of madvise calls made, + * and total pages purged in order to keep dirty unused memory under + * control. + */ + uint64_t npurge; + uint64_t nmadvise; + uint64_t purged; +#ifdef MALLOC_DECOMMIT + /* + * Total number of decommit/commit operations, and total number of + * pages decommitted. + */ + uint64_t ndecommit; + uint64_t ncommit; + uint64_t decommitted; +#endif + + /* Current number of committed pages. */ + size_t committed; + + /* Per-size-category statistics. */ + size_t allocated_small; + uint64_t nmalloc_small; + uint64_t ndalloc_small; + + size_t allocated_large; + uint64_t nmalloc_large; + uint64_t ndalloc_large; +}; + +#endif /* #ifdef MALLOC_STATS */ + +/******************************************************************************/ +/* + * Extent data structures. + */ + +/* Tree of extents. */ +typedef struct extent_node_s extent_node_t; +struct extent_node_s { + /* Linkage for the size/address-ordered tree. */ + rb_node(extent_node_t) link_szad; + + /* Linkage for the address-ordered tree. */ + rb_node(extent_node_t) link_ad; + + /* Pointer to the extent that this tree node is responsible for. */ + void *addr; + + /* Total region size. */ + size_t size; + + /* True if zero-filled; used by chunk recycling code. */ + bool zeroed; +}; +typedef rb_tree(extent_node_t) extent_tree_t; + +/******************************************************************************/ +/* + * Radix tree data structures. + */ + +/* + * Size of each radix tree node (must be a power of 2). This impacts tree + * depth. + */ +#if (SIZEOF_PTR == 4) +#define MALLOC_RTREE_NODESIZE (1U << 14) +#else +#define MALLOC_RTREE_NODESIZE CACHELINE +#endif + +typedef struct malloc_rtree_s malloc_rtree_t; +struct malloc_rtree_s { + malloc_spinlock_t lock; + void **root; + unsigned height; + unsigned level2bits[1]; /* Dynamically sized. */ +}; + +/******************************************************************************/ +/* + * Arena data structures. + */ + +typedef struct arena_s arena_t; +typedef struct arena_bin_s arena_bin_t; + +/* Each element of the chunk map corresponds to one page within the chunk. */ +typedef struct arena_chunk_map_s arena_chunk_map_t; +struct arena_chunk_map_s { + /* + * Linkage for run trees. There are two disjoint uses: + * + * 1) arena_t's runs_avail tree. + * 2) arena_run_t conceptually uses this linkage for in-use non-full + * runs, rather than directly embedding linkage. + */ + rb_node(arena_chunk_map_t) link; + + /* + * Run address (or size) and various flags are stored together. The bit + * layout looks like (assuming 32-bit system): + * + * ???????? ???????? ????---- -mckdzla + * + * ? : Unallocated: Run address for first/last pages, unset for internal + * pages. + * Small: Run address. + * Large: Run size for first page, unset for trailing pages. + * - : Unused. + * m : MADV_FREE/MADV_DONTNEED'ed? + * c : decommitted? + * k : key? + * d : dirty? + * z : zeroed? + * l : large? + * a : allocated? + * + * Following are example bit patterns for the three types of runs. + * + * r : run address + * s : run size + * x : don't care + * - : 0 + * [cdzla] : bit set + * + * Unallocated: + * ssssssss ssssssss ssss---- --c----- + * xxxxxxxx xxxxxxxx xxxx---- ----d--- + * ssssssss ssssssss ssss---- -----z-- + * + * Small: + * rrrrrrrr rrrrrrrr rrrr---- -------a + * rrrrrrrr rrrrrrrr rrrr---- -------a + * rrrrrrrr rrrrrrrr rrrr---- -------a + * + * Large: + * ssssssss ssssssss ssss---- ------la + * -------- -------- -------- ------la + * -------- -------- -------- ------la + */ + size_t bits; + +/* Note that CHUNK_MAP_DECOMMITTED's meaning varies depending on whether + * MALLOC_DECOMMIT and MALLOC_DOUBLE_PURGE are defined. + * + * If MALLOC_DECOMMIT is defined, a page which is CHUNK_MAP_DECOMMITTED must be + * re-committed with pages_commit() before it may be touched. If + * MALLOC_DECOMMIT is defined, MALLOC_DOUBLE_PURGE may not be defined. + * + * If neither MALLOC_DECOMMIT nor MALLOC_DOUBLE_PURGE is defined, pages which + * are madvised (with either MADV_DONTNEED or MADV_FREE) are marked with + * CHUNK_MAP_MADVISED. + * + * Otherwise, if MALLOC_DECOMMIT is not defined and MALLOC_DOUBLE_PURGE is + * defined, then a page which is madvised is marked as CHUNK_MAP_MADVISED. + * When it's finally freed with jemalloc_purge_freed_pages, the page is marked + * as CHUNK_MAP_DECOMMITTED. + */ +#if defined(MALLOC_DECOMMIT) || defined(MALLOC_STATS) || defined(MALLOC_DOUBLE_PURGE) +#define CHUNK_MAP_MADVISED ((size_t)0x40U) +#define CHUNK_MAP_DECOMMITTED ((size_t)0x20U) +#define CHUNK_MAP_MADVISED_OR_DECOMMITTED (CHUNK_MAP_MADVISED | CHUNK_MAP_DECOMMITTED) +#endif +#define CHUNK_MAP_KEY ((size_t)0x10U) +#define CHUNK_MAP_DIRTY ((size_t)0x08U) +#define CHUNK_MAP_ZEROED ((size_t)0x04U) +#define CHUNK_MAP_LARGE ((size_t)0x02U) +#define CHUNK_MAP_ALLOCATED ((size_t)0x01U) +}; +typedef rb_tree(arena_chunk_map_t) arena_avail_tree_t; +typedef rb_tree(arena_chunk_map_t) arena_run_tree_t; + +/* Arena chunk header. */ +typedef struct arena_chunk_s arena_chunk_t; +struct arena_chunk_s { + /* Arena that owns the chunk. */ + arena_t *arena; + + /* Linkage for the arena's chunks_dirty tree. */ + rb_node(arena_chunk_t) link_dirty; + +#ifdef MALLOC_DOUBLE_PURGE + /* If we're double-purging, we maintain a linked list of chunks which + * have pages which have been madvise(MADV_FREE)'d but not explicitly + * purged. + * + * We're currently lazy and don't remove a chunk from this list when + * all its madvised pages are recommitted. */ + LinkedList chunks_madvised_elem; +#endif + + /* Number of dirty pages. */ + size_t ndirty; + + /* Map of pages within chunk that keeps track of free/large/small. */ + arena_chunk_map_t map[1]; /* Dynamically sized. */ +}; +typedef rb_tree(arena_chunk_t) arena_chunk_tree_t; + +typedef struct arena_run_s arena_run_t; +struct arena_run_s { +#if defined(MALLOC_DEBUG) || defined(MOZ_JEMALLOC_HARD_ASSERTS) + uint32_t magic; +# define ARENA_RUN_MAGIC 0x384adf93 +#endif + + /* Bin this run is associated with. */ + arena_bin_t *bin; + + /* Index of first element that might have a free region. */ + unsigned regs_minelm; + + /* Number of free regions in run. */ + unsigned nfree; + + /* Bitmask of in-use regions (0: in use, 1: free). */ + unsigned regs_mask[1]; /* Dynamically sized. */ +}; + +struct arena_bin_s { + /* + * Current run being used to service allocations of this bin's size + * class. + */ + arena_run_t *runcur; + + /* + * Tree of non-full runs. This tree is used when looking for an + * existing run when runcur is no longer usable. We choose the + * non-full run that is lowest in memory; this policy tends to keep + * objects packed well, and it can also help reduce the number of + * almost-empty chunks. + */ + arena_run_tree_t runs; + + /* Size of regions in a run for this bin's size class. */ + size_t reg_size; + + /* Total size of a run for this bin's size class. */ + size_t run_size; + + /* Total number of regions in a run for this bin's size class. */ + uint32_t nregs; + + /* Number of elements in a run's regs_mask for this bin's size class. */ + uint32_t regs_mask_nelms; + + /* Offset of first region in a run for this bin's size class. */ + uint32_t reg0_offset; + +#ifdef MALLOC_STATS + /* Bin statistics. */ + malloc_bin_stats_t stats; +#endif +}; + +struct arena_s { +#if defined(MALLOC_DEBUG) || defined(MOZ_JEMALLOC_HARD_ASSERTS) + uint32_t magic; +# define ARENA_MAGIC 0x947d3d24 +#endif + + /* All operations on this arena require that lock be locked. */ + malloc_spinlock_t lock; + +#ifdef MALLOC_STATS + arena_stats_t stats; +#endif + + /* Tree of dirty-page-containing chunks this arena manages. */ + arena_chunk_tree_t chunks_dirty; + +#ifdef MALLOC_DOUBLE_PURGE + /* Head of a linked list of MADV_FREE'd-page-containing chunks this + * arena manages. */ + LinkedList chunks_madvised; +#endif + + /* + * In order to avoid rapid chunk allocation/deallocation when an arena + * oscillates right on the cusp of needing a new chunk, cache the most + * recently freed chunk. The spare is left in the arena's chunk trees + * until it is deleted. + * + * There is one spare chunk per arena, rather than one spare total, in + * order to avoid interactions between multiple threads that could make + * a single spare inadequate. + */ + arena_chunk_t *spare; + + /* + * Current count of pages within unused runs that are potentially + * dirty, and for which madvise(... MADV_FREE) has not been called. By + * tracking this, we can institute a limit on how much dirty unused + * memory is mapped for each arena. + */ + size_t ndirty; + + /* + * Size/address-ordered tree of this arena's available runs. This tree + * is used for first-best-fit run allocation. + */ + arena_avail_tree_t runs_avail; + + /* + * bins is used to store rings of free regions of the following sizes, + * assuming a 16-byte quantum, 4kB pagesize, and default MALLOC_OPTIONS. + * + * bins[i] | size | + * --------+------+ + * 0 | 2 | + * 1 | 4 | + * 2 | 8 | + * --------+------+ + * 3 | 16 | + * 4 | 32 | + * 5 | 48 | + * 6 | 64 | + * : : + * : : + * 33 | 496 | + * 34 | 512 | + * --------+------+ + * 35 | 1024 | + * 36 | 2048 | + * --------+------+ + */ + arena_bin_t bins[1]; /* Dynamically sized. */ +}; + +/******************************************************************************/ +/* + * Data. + */ + +#ifndef MOZ_MEMORY_NARENAS_DEFAULT_ONE +/* Number of CPUs. */ +static unsigned ncpus; +#endif + +#ifdef JEMALLOC_MUNMAP +static const bool config_munmap = true; +#else +static const bool config_munmap = false; +#endif + +#ifdef JEMALLOC_RECYCLE +static const bool config_recycle = true; +#else +static const bool config_recycle = false; +#endif + +/* + * When MALLOC_STATIC_SIZES is defined most of the parameters + * controlling the malloc behavior are defined as compile-time constants + * for best performance and cannot be altered at runtime. + */ +#if !defined(__ia64__) && !defined(__sparc__) && !defined(__mips__) && !defined(__aarch64__) +#define MALLOC_STATIC_SIZES 1 +#endif + +#ifdef MALLOC_STATIC_SIZES + +/* + * VM page size. It must divide the runtime CPU page size or the code + * will abort. + * Platform specific page size conditions copied from js/public/HeapAPI.h + */ +#if (defined(SOLARIS) || defined(__FreeBSD__)) && \ + (defined(__sparc) || defined(__sparcv9) || defined(__ia64)) +#define pagesize_2pow ((size_t) 13) +#elif defined(__powerpc64__) +#define pagesize_2pow ((size_t) 16) +#else +#define pagesize_2pow ((size_t) 12) +#endif +#define pagesize ((size_t) 1 << pagesize_2pow) +#define pagesize_mask (pagesize - 1) + +/* Various quantum-related settings. */ + +#define QUANTUM_DEFAULT ((size_t) 1 << QUANTUM_2POW_MIN) +static const size_t quantum = QUANTUM_DEFAULT; +static const size_t quantum_mask = QUANTUM_DEFAULT - 1; + +/* Various bin-related settings. */ + +static const size_t small_min = (QUANTUM_DEFAULT >> 1) + 1; +static const size_t small_max = (size_t) SMALL_MAX_DEFAULT; + +/* Max size class for bins. */ +static const size_t bin_maxclass = pagesize >> 1; + + /* Number of (2^n)-spaced tiny bins. */ +static const unsigned ntbins = (unsigned) + (QUANTUM_2POW_MIN - TINY_MIN_2POW); + + /* Number of quantum-spaced bins. */ +static const unsigned nqbins = (unsigned) + (SMALL_MAX_DEFAULT >> QUANTUM_2POW_MIN); + +/* Number of (2^n)-spaced sub-page bins. */ +static const unsigned nsbins = (unsigned) + (pagesize_2pow - + SMALL_MAX_2POW_DEFAULT - 1); + +#else /* !MALLOC_STATIC_SIZES */ + +/* VM page size. */ +static size_t pagesize; +static size_t pagesize_mask; +static size_t pagesize_2pow; + +/* Various bin-related settings. */ +static size_t bin_maxclass; /* Max size class for bins. */ +static unsigned ntbins; /* Number of (2^n)-spaced tiny bins. */ +static unsigned nqbins; /* Number of quantum-spaced bins. */ +static unsigned nsbins; /* Number of (2^n)-spaced sub-page bins. */ +static size_t small_min; +static size_t small_max; + +/* Various quantum-related settings. */ +static size_t quantum; +static size_t quantum_mask; /* (quantum - 1). */ + +#endif + +/* Various chunk-related settings. */ + +/* + * Compute the header size such that it is large enough to contain the page map + * and enough nodes for the worst case: one node per non-header page plus one + * extra for situations where we briefly have one more node allocated than we + * will need. + */ +#define calculate_arena_header_size() \ + (sizeof(arena_chunk_t) + sizeof(arena_chunk_map_t) * (chunk_npages - 1)) + +#define calculate_arena_header_pages() \ + ((calculate_arena_header_size() >> pagesize_2pow) + \ + ((calculate_arena_header_size() & pagesize_mask) ? 1 : 0)) + +/* Max size class for arenas. */ +#define calculate_arena_maxclass() \ + (chunksize - (arena_chunk_header_npages << pagesize_2pow)) + +/* + * Recycle at most 128 chunks. With 1 MiB chunks, this means we retain at most + * 6.25% of the process address space on a 32-bit OS for later use. + */ +#define CHUNK_RECYCLE_LIMIT 128 + +#ifdef MALLOC_STATIC_SIZES +#define CHUNKSIZE_DEFAULT ((size_t) 1 << CHUNK_2POW_DEFAULT) +static const size_t chunksize = CHUNKSIZE_DEFAULT; +static const size_t chunksize_mask =CHUNKSIZE_DEFAULT - 1; +static const size_t chunk_npages = CHUNKSIZE_DEFAULT >> pagesize_2pow; +#define arena_chunk_header_npages calculate_arena_header_pages() +#define arena_maxclass calculate_arena_maxclass() +static const size_t recycle_limit = CHUNK_RECYCLE_LIMIT * CHUNKSIZE_DEFAULT; +#else +static size_t chunksize; +static size_t chunksize_mask; /* (chunksize - 1). */ +static size_t chunk_npages; +static size_t arena_chunk_header_npages; +static size_t arena_maxclass; /* Max size class for arenas. */ +static size_t recycle_limit; +#endif + +/* The current amount of recycled bytes, updated atomically. */ +static size_t recycled_size; + +/********/ +/* + * Chunks. + */ + +static malloc_rtree_t *chunk_rtree; + +/* Protects chunk-related data structures. */ +static malloc_mutex_t chunks_mtx; + +/* + * Trees of chunks that were previously allocated (trees differ only in node + * ordering). These are used when allocating chunks, in an attempt to re-use + * address space. Depending on function, different tree orderings are needed, + * which is why there are two trees with the same contents. + */ +static extent_tree_t chunks_szad_mmap; +static extent_tree_t chunks_ad_mmap; + +/* Protects huge allocation-related data structures. */ +static malloc_mutex_t huge_mtx; + +/* Tree of chunks that are stand-alone huge allocations. */ +static extent_tree_t huge; + +#ifdef MALLOC_STATS +/* Huge allocation statistics. */ +static uint64_t huge_nmalloc; +static uint64_t huge_ndalloc; +static size_t huge_allocated; +static size_t huge_mapped; +#endif + +/****************************/ +/* + * base (internal allocation). + */ + +/* + * Current pages that are being used for internal memory allocations. These + * pages are carved up in cacheline-size quanta, so that there is no chance of + * false cache line sharing. + */ +static void *base_pages; +static void *base_next_addr; +#if defined(MALLOC_DECOMMIT) || defined(MALLOC_STATS) +static void *base_next_decommitted; +#endif +static void *base_past_addr; /* Addr immediately past base_pages. */ +static extent_node_t *base_nodes; +static malloc_mutex_t base_mtx; +#ifdef MALLOC_STATS +static size_t base_mapped; +static size_t base_committed; +#endif + +/********/ +/* + * Arenas. + */ + +/* + * Arenas that are used to service external requests. Not all elements of the + * arenas array are necessarily used; arenas are created lazily as needed. + */ +static arena_t **arenas; +static unsigned narenas; +#ifndef NO_TLS +static unsigned next_arena; +#endif +static malloc_spinlock_t arenas_lock; /* Protects arenas initialization. */ + +#ifndef NO_TLS +/* + * Map of pthread_self() --> arenas[???], used for selecting an arena to use + * for allocations. + */ +#ifndef MOZ_MEMORY_WINDOWS +static __thread arena_t *arenas_map; +#endif +#endif + +/*******************************/ +/* + * Runtime configuration options. + */ +MOZ_JEMALLOC_API +const char *_malloc_options = MOZ_MALLOC_OPTIONS; + +#ifndef MALLOC_PRODUCTION +static bool opt_abort = true; +#ifdef MALLOC_FILL +static bool opt_junk = true; +static bool opt_poison = true; +static bool opt_zero = false; +#endif +#else +static bool opt_abort = false; +#ifdef MALLOC_FILL +static const bool opt_junk = false; +static const bool opt_poison = true; +static const bool opt_zero = false; +#endif +#endif + +static size_t opt_dirty_max = DIRTY_MAX_DEFAULT; +static bool opt_print_stats = false; +#ifdef MALLOC_STATIC_SIZES +#define opt_quantum_2pow QUANTUM_2POW_MIN +#define opt_small_max_2pow SMALL_MAX_2POW_DEFAULT +#define opt_chunk_2pow CHUNK_2POW_DEFAULT +#else +static size_t opt_quantum_2pow = QUANTUM_2POW_MIN; +static size_t opt_small_max_2pow = SMALL_MAX_2POW_DEFAULT; +static size_t opt_chunk_2pow = CHUNK_2POW_DEFAULT; +#endif +#ifdef MALLOC_SYSV +static bool opt_sysv = false; +#endif +#ifdef MALLOC_XMALLOC +static bool opt_xmalloc = false; +#endif +static int opt_narenas_lshift = 0; + +/******************************************************************************/ +/* + * Begin function prototypes for non-inline static functions. + */ + +static char *umax2s(uintmax_t x, unsigned base, char *s); +static bool malloc_mutex_init(malloc_mutex_t *mutex); +static bool malloc_spin_init(malloc_spinlock_t *lock); +static void wrtmessage(const char *p1, const char *p2, const char *p3, + const char *p4); +#ifdef MALLOC_STATS +#ifdef MOZ_MEMORY_DARWIN +/* Avoid namespace collision with OS X's malloc APIs. */ +#define malloc_printf moz_malloc_printf +#endif +static void malloc_printf(const char *format, ...); +#endif +static bool base_pages_alloc(size_t minsize); +static void *base_alloc(size_t size); +static void *base_calloc(size_t number, size_t size); +static extent_node_t *base_node_alloc(void); +static void base_node_dealloc(extent_node_t *node); +#ifdef MALLOC_STATS +static void stats_print(arena_t *arena); +#endif +static void *pages_map(void *addr, size_t size); +static void pages_unmap(void *addr, size_t size); +static void *chunk_alloc_mmap(size_t size, size_t alignment); +static void *chunk_recycle(extent_tree_t *chunks_szad, + extent_tree_t *chunks_ad, size_t size, + size_t alignment, bool base, bool *zero); +static void *chunk_alloc(size_t size, size_t alignment, bool base, bool zero); +static void chunk_record(extent_tree_t *chunks_szad, + extent_tree_t *chunks_ad, void *chunk, size_t size); +static bool chunk_dalloc_mmap(void *chunk, size_t size); +static void chunk_dealloc(void *chunk, size_t size); +#ifndef NO_TLS +static arena_t *choose_arena_hard(void); +#endif +static void arena_run_split(arena_t *arena, arena_run_t *run, size_t size, + bool large, bool zero); +static void arena_chunk_init(arena_t *arena, arena_chunk_t *chunk); +static void arena_chunk_dealloc(arena_t *arena, arena_chunk_t *chunk); +static arena_run_t *arena_run_alloc(arena_t *arena, arena_bin_t *bin, + size_t size, bool large, bool zero); +static void arena_purge(arena_t *arena, bool all); +static void arena_run_dalloc(arena_t *arena, arena_run_t *run, bool dirty); +static void arena_run_trim_head(arena_t *arena, arena_chunk_t *chunk, + arena_run_t *run, size_t oldsize, size_t newsize); +static void arena_run_trim_tail(arena_t *arena, arena_chunk_t *chunk, + arena_run_t *run, size_t oldsize, size_t newsize, bool dirty); +static arena_run_t *arena_bin_nonfull_run_get(arena_t *arena, arena_bin_t *bin); +static void *arena_bin_malloc_hard(arena_t *arena, arena_bin_t *bin); +static size_t arena_bin_run_size_calc(arena_bin_t *bin, size_t min_run_size); +static void *arena_malloc_large(arena_t *arena, size_t size, bool zero); +static void *arena_palloc(arena_t *arena, size_t alignment, size_t size, + size_t alloc_size); +static size_t arena_salloc(const void *ptr); +static void arena_dalloc_large(arena_t *arena, arena_chunk_t *chunk, + void *ptr); +static void arena_ralloc_large_shrink(arena_t *arena, arena_chunk_t *chunk, + void *ptr, size_t size, size_t oldsize); +static bool arena_ralloc_large_grow(arena_t *arena, arena_chunk_t *chunk, + void *ptr, size_t size, size_t oldsize); +static bool arena_ralloc_large(void *ptr, size_t size, size_t oldsize); +static void *arena_ralloc(void *ptr, size_t size, size_t oldsize); +static bool arena_new(arena_t *arena); +static arena_t *arenas_extend(unsigned ind); +static void *huge_malloc(size_t size, bool zero); +static void *huge_palloc(size_t size, size_t alignment, bool zero); +static void *huge_ralloc(void *ptr, size_t size, size_t oldsize); +static void huge_dalloc(void *ptr); +static void malloc_print_stats(void); +#ifndef MOZ_MEMORY_WINDOWS +static +#endif +bool malloc_init_hard(void); + +static void _malloc_prefork(void); +static void _malloc_postfork(void); + +#ifdef MOZ_MEMORY_DARWIN +/* + * MALLOC_ZONE_T_NOTE + * + * On Darwin, we hook into the memory allocator using a malloc_zone_t struct. + * We must be very careful around this struct because of different behaviour on + * different versions of OSX. + * + * Each of OSX 10.5, 10.6 and 10.7 use different versions of the struct + * (with version numbers 3, 6 and 8 respectively). The binary we use on each of + * these platforms will not necessarily be built using the correct SDK [1]. + * This means we need to statically know the correct struct size to use on all + * OSX releases, and have a fallback for unknown future versions. The struct + * sizes defined in osx_zone_types.h. + * + * For OSX 10.8 and later, we may expect the malloc_zone_t struct to change + * again, and need to dynamically account for this. By simply leaving + * malloc_zone_t alone, we don't quite deal with the problem, because there + * remain calls to jemalloc through the mozalloc interface. We check this + * dynamically on each allocation, using the CHECK_DARWIN macro and + * osx_use_jemalloc. + * + * + * [1] Mozilla is built as a universal binary on Mac, supporting i386 and + * x86_64. The i386 target is built using the 10.5 SDK, even if it runs on + * 10.6. The x86_64 target is built using the 10.6 SDK, even if it runs on + * 10.7 or later, or 10.5. + * + * FIXME: + * When later versions of OSX come out (10.8 and up), we need to check their + * malloc_zone_t versions. If they're greater than 8, we need a new version + * of malloc_zone_t adapted into osx_zone_types.h. + */ + +#ifndef MOZ_REPLACE_MALLOC +#include "osx_zone_types.h" + +#define LEOPARD_MALLOC_ZONE_T_VERSION 3 +#define SNOW_LEOPARD_MALLOC_ZONE_T_VERSION 6 +#define LION_MALLOC_ZONE_T_VERSION 8 + +static bool osx_use_jemalloc = false; + + +static lion_malloc_zone l_szone; +static malloc_zone_t * szone = (malloc_zone_t*)(&l_szone); + +static lion_malloc_introspection l_ozone_introspect; +static malloc_introspection_t * const ozone_introspect = + (malloc_introspection_t*)(&l_ozone_introspect); +static void szone2ozone(malloc_zone_t *zone, size_t size); +static size_t zone_version_size(int version); +#else +static const bool osx_use_jemalloc = true; +#endif + +#endif + +/* + * End function prototypes. + */ +/******************************************************************************/ + +static inline size_t +load_acquire_z(size_t *p) +{ + volatile size_t result = *p; +# ifdef MOZ_MEMORY_WINDOWS + /* + * We use InterlockedExchange with a dummy value to insert a memory + * barrier. This has been confirmed to generate the right instruction + * and is also used by MinGW. + */ + volatile long dummy = 0; + InterlockedExchange(&dummy, 1); +# else + __sync_synchronize(); +# endif + return result; +} + +/* + * umax2s() provides minimal integer printing functionality, which is + * especially useful for situations where allocation in vsnprintf() calls would + * potentially cause deadlock. + */ +#define UMAX2S_BUFSIZE 65 +char * +umax2s(uintmax_t x, unsigned base, char *s) +{ + unsigned i; + + i = UMAX2S_BUFSIZE - 1; + s[i] = '\0'; + switch (base) { + case 10: + do { + i--; + s[i] = "0123456789"[x % 10]; + x /= 10; + } while (x > 0); + break; + case 16: + do { + i--; + s[i] = "0123456789abcdef"[x & 0xf]; + x >>= 4; + } while (x > 0); + break; + default: + do { + i--; + s[i] = "0123456789abcdefghijklmnopqrstuvwxyz"[x % base]; + x /= base; + } while (x > 0); + } + + return (&s[i]); +} + +static void +wrtmessage(const char *p1, const char *p2, const char *p3, const char *p4) +{ +#if !defined(MOZ_MEMORY_WINDOWS) +#define _write write +#endif + // Pretend to check _write() errors to suppress gcc warnings about + // warn_unused_result annotations in some versions of glibc headers. + if (_write(STDERR_FILENO, p1, (unsigned int) strlen(p1)) < 0) + return; + if (_write(STDERR_FILENO, p2, (unsigned int) strlen(p2)) < 0) + return; + if (_write(STDERR_FILENO, p3, (unsigned int) strlen(p3)) < 0) + return; + if (_write(STDERR_FILENO, p4, (unsigned int) strlen(p4)) < 0) + return; +} + +MOZ_JEMALLOC_API +void (*_malloc_message)(const char *p1, const char *p2, const char *p3, + const char *p4) = wrtmessage; + +#include "mozilla/Assertions.h" +#include "mozilla/Attributes.h" +#include "mozilla/TaggedAnonymousMemory.h" +// Note: MozTaggedAnonymousMmap() could call an LD_PRELOADed mmap +// instead of the one defined here; use only MozTagAnonymousMemory(). + +#ifdef MALLOC_DEBUG +# define assert(e) MOZ_ASSERT(e) +#else +# define assert(e) +#endif + +#if defined(MOZ_JEMALLOC_HARD_ASSERTS) +# define RELEASE_ASSERT(assertion) do { \ + if (!(assertion)) { \ + MOZ_CRASH_UNSAFE_OOL(#assertion); \ + } \ +} while (0) +#else +# define RELEASE_ASSERT(assertion) assert(assertion) +#endif + +/******************************************************************************/ +/* + * Begin mutex. We can't use normal pthread mutexes in all places, because + * they require malloc()ed memory, which causes bootstrapping issues in some + * cases. + */ + +#ifdef __FreeBSD__ +// If true, memory calls must be diverted to the bootstrap allocator +static __thread bool in_mutex_init = false; +#endif + +static bool +malloc_mutex_init(malloc_mutex_t *mutex) +{ +#if defined(MOZ_MEMORY_WINDOWS) + InitializeSRWLock(mutex); +#elif defined(MOZ_MEMORY_DARWIN) + mutex->lock = OS_SPINLOCK_INIT; +#elif defined(MOZ_MEMORY_LINUX) + pthread_mutexattr_t attr; + if (pthread_mutexattr_init(&attr) != 0) + return (true); + pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ADAPTIVE_NP); + if (pthread_mutex_init(mutex, &attr) != 0) { + pthread_mutexattr_destroy(&attr); + return (true); + } + pthread_mutexattr_destroy(&attr); +#elif defined(__FreeBSD__) + in_mutex_init = true; + + *mutex = PTHREAD_ADAPTIVE_MUTEX_INITIALIZER_NP; + + // Make sure necessary mutex memory is allocated right now, with + // 'in_mutex_init' set to true (allocations to be diverted to the + // bootstrap allocator). Also force multi-thread initialization in + // libthr (checked and performed in 'pthread_mutex_lock'). + pthread_mutex_lock(mutex); + pthread_mutex_unlock(mutex); + + in_mutex_init = false; +#else + if (pthread_mutex_init(mutex, NULL) != 0) + return (true); +#endif + return (false); +} + +static inline void +malloc_mutex_lock(malloc_mutex_t *mutex) +{ + +#if defined(MOZ_MEMORY_WINDOWS) + AcquireSRWLockExclusive(mutex); +#elif defined(MOZ_MEMORY_DARWIN) + OSSpinLockLock(&mutex->lock); +#else + pthread_mutex_lock(mutex); +#endif +} + +static inline void +malloc_mutex_unlock(malloc_mutex_t *mutex) +{ + +#if defined(MOZ_MEMORY_WINDOWS) + ReleaseSRWLockExclusive(mutex); +#elif defined(MOZ_MEMORY_DARWIN) + OSSpinLockUnlock(&mutex->lock); +#else + pthread_mutex_unlock(mutex); +#endif +} + +#if (defined(__GNUC__)) +__attribute__((unused)) +# endif +static bool +malloc_spin_init(malloc_spinlock_t *lock) +{ +#if defined(MOZ_MEMORY_WINDOWS) + InitializeSRWLock(lock); +#elif defined(MOZ_MEMORY_DARWIN) + lock->lock = OS_SPINLOCK_INIT; +#elif defined(MOZ_MEMORY_LINUX) + pthread_mutexattr_t attr; + if (pthread_mutexattr_init(&attr) != 0) + return (true); + pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ADAPTIVE_NP); + if (pthread_mutex_init(lock, &attr) != 0) { + pthread_mutexattr_destroy(&attr); + return (true); + } + pthread_mutexattr_destroy(&attr); +#elif defined(__FreeBSD__) + malloc_lock_init(lock); +#else + if (pthread_mutex_init(lock, NULL) != 0) + return (true); +#endif + return (false); +} + +static inline void +malloc_spin_lock(malloc_spinlock_t *lock) +{ + +#if defined(MOZ_MEMORY_WINDOWS) + AcquireSRWLockExclusive(lock); +#elif defined(MOZ_MEMORY_DARWIN) + OSSpinLockLock(&lock->lock); +#else + pthread_mutex_lock(lock); +#endif +} + +static inline void +malloc_spin_unlock(malloc_spinlock_t *lock) +{ +#if defined(MOZ_MEMORY_WINDOWS) + ReleaseSRWLockExclusive(lock); +#elif defined(MOZ_MEMORY_DARWIN) + OSSpinLockUnlock(&lock->lock); +#else + pthread_mutex_unlock(lock); +#endif +} + +/* + * End mutex. + */ +/******************************************************************************/ +/* + * Begin spin lock. Spin locks here are actually adaptive mutexes that block + * after a period of spinning, because unbounded spinning would allow for + * priority inversion. + */ + +#if !defined(MOZ_MEMORY_DARWIN) +# define malloc_spin_init malloc_mutex_init +# define malloc_spin_lock malloc_mutex_lock +# define malloc_spin_unlock malloc_mutex_unlock +#endif + +/* + * End spin lock. + */ +/******************************************************************************/ +/* + * Begin Utility functions/macros. + */ + +/* Return the chunk address for allocation address a. */ +#define CHUNK_ADDR2BASE(a) \ + ((void *)((uintptr_t)(a) & ~chunksize_mask)) + +/* Return the chunk offset of address a. */ +#define CHUNK_ADDR2OFFSET(a) \ + ((size_t)((uintptr_t)(a) & chunksize_mask)) + +/* Return the smallest chunk multiple that is >= s. */ +#define CHUNK_CEILING(s) \ + (((s) + chunksize_mask) & ~chunksize_mask) + +/* Return the smallest cacheline multiple that is >= s. */ +#define CACHELINE_CEILING(s) \ + (((s) + (CACHELINE - 1)) & ~(CACHELINE - 1)) + +/* Return the smallest quantum multiple that is >= a. */ +#define QUANTUM_CEILING(a) \ + (((a) + quantum_mask) & ~quantum_mask) + +/* Return the smallest pagesize multiple that is >= s. */ +#define PAGE_CEILING(s) \ + (((s) + pagesize_mask) & ~pagesize_mask) + +/* Compute the smallest power of 2 that is >= x. */ +static inline size_t +pow2_ceil(size_t x) +{ + + x--; + x |= x >> 1; + x |= x >> 2; + x |= x >> 4; + x |= x >> 8; + x |= x >> 16; +#if (SIZEOF_PTR == 8) + x |= x >> 32; +#endif + x++; + return (x); +} + +static inline const char * +_getprogname(void) +{ + + return ("<jemalloc>"); +} + +#ifdef MALLOC_STATS +/* + * Print to stderr in such a way as to (hopefully) avoid memory allocation. + */ +static void +malloc_printf(const char *format, ...) +{ + char buf[4096]; + va_list ap; + + va_start(ap, format); + vsnprintf(buf, sizeof(buf), format, ap); + va_end(ap); + _malloc_message(buf, "", "", ""); +} +#endif + +/******************************************************************************/ + +static inline void +pages_decommit(void *addr, size_t size) +{ + +#ifdef MOZ_MEMORY_WINDOWS + /* + * The region starting at addr may have been allocated in multiple calls + * to VirtualAlloc and recycled, so decommitting the entire region in one + * go may not be valid. However, since we allocate at least a chunk at a + * time, we may touch any region in chunksized increments. + */ + size_t pages_size = min(size, chunksize - + CHUNK_ADDR2OFFSET((uintptr_t)addr)); + while (size > 0) { + if (!VirtualFree(addr, pages_size, MEM_DECOMMIT)) + abort(); + addr = (void *)((uintptr_t)addr + pages_size); + size -= pages_size; + pages_size = min(size, chunksize); + } +#else + if (mmap(addr, size, PROT_NONE, MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, + 0) == MAP_FAILED) + abort(); + MozTagAnonymousMemory(addr, size, "jemalloc-decommitted"); +#endif +} + +static inline void +pages_commit(void *addr, size_t size) +{ + +# ifdef MOZ_MEMORY_WINDOWS + /* + * The region starting at addr may have been allocated in multiple calls + * to VirtualAlloc and recycled, so committing the entire region in one + * go may not be valid. However, since we allocate at least a chunk at a + * time, we may touch any region in chunksized increments. + */ + size_t pages_size = min(size, chunksize - + CHUNK_ADDR2OFFSET((uintptr_t)addr)); + while (size > 0) { + if (!VirtualAlloc(addr, pages_size, MEM_COMMIT, PAGE_READWRITE)) + abort(); + addr = (void *)((uintptr_t)addr + pages_size); + size -= pages_size; + pages_size = min(size, chunksize); + } +# else + if (mmap(addr, size, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_PRIVATE | + MAP_ANON, -1, 0) == MAP_FAILED) + abort(); + MozTagAnonymousMemory(addr, size, "jemalloc"); +# endif +} + +static bool +base_pages_alloc(size_t minsize) +{ + size_t csize; +#if defined(MALLOC_DECOMMIT) || defined(MALLOC_STATS) + size_t pminsize; +#endif + + assert(minsize != 0); + csize = CHUNK_CEILING(minsize); + base_pages = chunk_alloc(csize, chunksize, true, false); + if (base_pages == NULL) + return (true); + base_next_addr = base_pages; + base_past_addr = (void *)((uintptr_t)base_pages + csize); +#if defined(MALLOC_DECOMMIT) || defined(MALLOC_STATS) + /* + * Leave enough pages for minsize committed, since otherwise they would + * have to be immediately recommitted. + */ + pminsize = PAGE_CEILING(minsize); + base_next_decommitted = (void *)((uintptr_t)base_pages + pminsize); +# if defined(MALLOC_DECOMMIT) + if (pminsize < csize) + pages_decommit(base_next_decommitted, csize - pminsize); +# endif +# ifdef MALLOC_STATS + base_mapped += csize; + base_committed += pminsize; +# endif +#endif + + return (false); +} + +static void * +base_alloc(size_t size) +{ + void *ret; + size_t csize; + + /* Round size up to nearest multiple of the cacheline size. */ + csize = CACHELINE_CEILING(size); + + malloc_mutex_lock(&base_mtx); + /* Make sure there's enough space for the allocation. */ + if ((uintptr_t)base_next_addr + csize > (uintptr_t)base_past_addr) { + if (base_pages_alloc(csize)) { + malloc_mutex_unlock(&base_mtx); + return (NULL); + } + } + /* Allocate. */ + ret = base_next_addr; + base_next_addr = (void *)((uintptr_t)base_next_addr + csize); +#if defined(MALLOC_DECOMMIT) || defined(MALLOC_STATS) + /* Make sure enough pages are committed for the new allocation. */ + if ((uintptr_t)base_next_addr > (uintptr_t)base_next_decommitted) { + void *pbase_next_addr = + (void *)(PAGE_CEILING((uintptr_t)base_next_addr)); + +# ifdef MALLOC_DECOMMIT + pages_commit(base_next_decommitted, (uintptr_t)pbase_next_addr - + (uintptr_t)base_next_decommitted); +# endif + base_next_decommitted = pbase_next_addr; +# ifdef MALLOC_STATS + base_committed += (uintptr_t)pbase_next_addr - + (uintptr_t)base_next_decommitted; +# endif + } +#endif + malloc_mutex_unlock(&base_mtx); + + return (ret); +} + +static void * +base_calloc(size_t number, size_t size) +{ + void *ret; + + ret = base_alloc(number * size); + memset(ret, 0, number * size); + + return (ret); +} + +static extent_node_t * +base_node_alloc(void) +{ + extent_node_t *ret; + + malloc_mutex_lock(&base_mtx); + if (base_nodes != NULL) { + ret = base_nodes; + base_nodes = *(extent_node_t **)ret; + malloc_mutex_unlock(&base_mtx); + } else { + malloc_mutex_unlock(&base_mtx); + ret = (extent_node_t *)base_alloc(sizeof(extent_node_t)); + } + + return (ret); +} + +static void +base_node_dealloc(extent_node_t *node) +{ + + malloc_mutex_lock(&base_mtx); + *(extent_node_t **)node = base_nodes; + base_nodes = node; + malloc_mutex_unlock(&base_mtx); +} + +/******************************************************************************/ + +#ifdef MALLOC_STATS +static void +stats_print(arena_t *arena) +{ + unsigned i, gap_start; + +#ifdef MOZ_MEMORY_WINDOWS + malloc_printf("dirty: %Iu page%s dirty, %I64u sweep%s," + " %I64u madvise%s, %I64u page%s purged\n", + arena->ndirty, arena->ndirty == 1 ? "" : "s", + arena->stats.npurge, arena->stats.npurge == 1 ? "" : "s", + arena->stats.nmadvise, arena->stats.nmadvise == 1 ? "" : "s", + arena->stats.purged, arena->stats.purged == 1 ? "" : "s"); +# ifdef MALLOC_DECOMMIT + malloc_printf("decommit: %I64u decommit%s, %I64u commit%s," + " %I64u page%s decommitted\n", + arena->stats.ndecommit, (arena->stats.ndecommit == 1) ? "" : "s", + arena->stats.ncommit, (arena->stats.ncommit == 1) ? "" : "s", + arena->stats.decommitted, + (arena->stats.decommitted == 1) ? "" : "s"); +# endif + + malloc_printf(" allocated nmalloc ndalloc\n"); + malloc_printf("small: %12Iu %12I64u %12I64u\n", + arena->stats.allocated_small, arena->stats.nmalloc_small, + arena->stats.ndalloc_small); + malloc_printf("large: %12Iu %12I64u %12I64u\n", + arena->stats.allocated_large, arena->stats.nmalloc_large, + arena->stats.ndalloc_large); + malloc_printf("total: %12Iu %12I64u %12I64u\n", + arena->stats.allocated_small + arena->stats.allocated_large, + arena->stats.nmalloc_small + arena->stats.nmalloc_large, + arena->stats.ndalloc_small + arena->stats.ndalloc_large); + malloc_printf("mapped: %12Iu\n", arena->stats.mapped); +#else + malloc_printf("dirty: %zu page%s dirty, %llu sweep%s," + " %llu madvise%s, %llu page%s purged\n", + arena->ndirty, arena->ndirty == 1 ? "" : "s", + arena->stats.npurge, arena->stats.npurge == 1 ? "" : "s", + arena->stats.nmadvise, arena->stats.nmadvise == 1 ? "" : "s", + arena->stats.purged, arena->stats.purged == 1 ? "" : "s"); +# ifdef MALLOC_DECOMMIT + malloc_printf("decommit: %llu decommit%s, %llu commit%s," + " %llu page%s decommitted\n", + arena->stats.ndecommit, (arena->stats.ndecommit == 1) ? "" : "s", + arena->stats.ncommit, (arena->stats.ncommit == 1) ? "" : "s", + arena->stats.decommitted, + (arena->stats.decommitted == 1) ? "" : "s"); +# endif + + malloc_printf(" allocated nmalloc ndalloc\n"); + malloc_printf("small: %12zu %12llu %12llu\n", + arena->stats.allocated_small, arena->stats.nmalloc_small, + arena->stats.ndalloc_small); + malloc_printf("large: %12zu %12llu %12llu\n", + arena->stats.allocated_large, arena->stats.nmalloc_large, + arena->stats.ndalloc_large); + malloc_printf("total: %12zu %12llu %12llu\n", + arena->stats.allocated_small + arena->stats.allocated_large, + arena->stats.nmalloc_small + arena->stats.nmalloc_large, + arena->stats.ndalloc_small + arena->stats.ndalloc_large); + malloc_printf("mapped: %12zu\n", arena->stats.mapped); +#endif + malloc_printf("bins: bin size regs pgs requests newruns" + " reruns maxruns curruns\n"); + for (i = 0, gap_start = UINT_MAX; i < ntbins + nqbins + nsbins; i++) { + if (arena->bins[i].stats.nrequests == 0) { + if (gap_start == UINT_MAX) + gap_start = i; + } else { + if (gap_start != UINT_MAX) { + if (i > gap_start + 1) { + /* Gap of more than one size class. */ + malloc_printf("[%u..%u]\n", + gap_start, i - 1); + } else { + /* Gap of one size class. */ + malloc_printf("[%u]\n", gap_start); + } + gap_start = UINT_MAX; + } + malloc_printf( +#if defined(MOZ_MEMORY_WINDOWS) + "%13u %1s %4u %4u %3u %9I64u %9I64u" + " %9I64u %7u %7u\n", +#else + "%13u %1s %4u %4u %3u %9llu %9llu" + " %9llu %7lu %7lu\n", +#endif + i, + i < ntbins ? "T" : i < ntbins + nqbins ? "Q" : "S", + arena->bins[i].reg_size, + arena->bins[i].nregs, + arena->bins[i].run_size >> pagesize_2pow, + arena->bins[i].stats.nrequests, + arena->bins[i].stats.nruns, + arena->bins[i].stats.reruns, + arena->bins[i].stats.highruns, + arena->bins[i].stats.curruns); + } + } + if (gap_start != UINT_MAX) { + if (i > gap_start + 1) { + /* Gap of more than one size class. */ + malloc_printf("[%u..%u]\n", gap_start, i - 1); + } else { + /* Gap of one size class. */ + malloc_printf("[%u]\n", gap_start); + } + } +} +#endif + +/* + * End Utility functions/macros. + */ +/******************************************************************************/ +/* + * Begin extent tree code. + */ + +static inline int +extent_szad_comp(extent_node_t *a, extent_node_t *b) +{ + int ret; + size_t a_size = a->size; + size_t b_size = b->size; + + ret = (a_size > b_size) - (a_size < b_size); + if (ret == 0) { + uintptr_t a_addr = (uintptr_t)a->addr; + uintptr_t b_addr = (uintptr_t)b->addr; + + ret = (a_addr > b_addr) - (a_addr < b_addr); + } + + return (ret); +} + +/* Wrap red-black tree macros in functions. */ +rb_wrap(static, extent_tree_szad_, extent_tree_t, extent_node_t, + link_szad, extent_szad_comp) + +static inline int +extent_ad_comp(extent_node_t *a, extent_node_t *b) +{ + uintptr_t a_addr = (uintptr_t)a->addr; + uintptr_t b_addr = (uintptr_t)b->addr; + + return ((a_addr > b_addr) - (a_addr < b_addr)); +} + +/* Wrap red-black tree macros in functions. */ +rb_wrap(static, extent_tree_ad_, extent_tree_t, extent_node_t, link_ad, + extent_ad_comp) + +/* + * End extent tree code. + */ +/******************************************************************************/ +/* + * Begin chunk management functions. + */ + +#ifdef MOZ_MEMORY_WINDOWS + +static void * +pages_map(void *addr, size_t size) +{ + void *ret = NULL; + ret = VirtualAlloc(addr, size, MEM_COMMIT | MEM_RESERVE, + PAGE_READWRITE); + return (ret); +} + +static void +pages_unmap(void *addr, size_t size) +{ + if (VirtualFree(addr, 0, MEM_RELEASE) == 0) { + _malloc_message(_getprogname(), + ": (malloc) Error in VirtualFree()\n", "", ""); + if (opt_abort) + abort(); + } +} +#else + +static void * +pages_map(void *addr, size_t size) +{ + void *ret; +#if defined(__ia64__) || (defined(__sparc__) && defined(__arch64__) && defined(__linux__)) || (defined(__sun) && defined(__x86_64__)) + /* + * The JS engine assumes that all allocated pointers have their high 17 bits clear, + * which ia64's mmap doesn't support directly. However, we can emulate it by passing + * mmap an "addr" parameter with those bits clear. The mmap will return that address, + * or the nearest available memory above that address, providing a near-guarantee + * that those bits are clear. If they are not, we return NULL below to indicate + * out-of-memory. + * + * The addr is chosen as 0x0000070000000000, which still allows about 120TB of virtual + * address space. + * + * See Bug 589735 for more information. + */ + bool check_placement = true; + if (addr == NULL) { + addr = (void*)0x0000070000000000; + check_placement = false; + } +#endif + +#if defined(__sparc__) && defined(__arch64__) && defined(__linux__) || (defined(__sun) && defined(__x86_64__)) + const uintptr_t start = 0x0000070000000000ULL; + const uintptr_t end = 0x0000800000000000ULL; + + /* Copied from js/src/gc/Memory.cpp and adapted for this source */ + + uintptr_t hint; + void* region = MAP_FAILED; + for (hint = start; region == MAP_FAILED && hint + size <= end; hint += chunksize) { + region = mmap((void*)hint, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); + if (region != MAP_FAILED) { + if (((size_t) region + (size - 1)) & 0xffff800000000000) { + if (munmap(region, size)) { + MOZ_ASSERT(errno == ENOMEM); + } + region = MAP_FAILED; + } + } + } + ret = region; +#else + + /* + * We don't use MAP_FIXED here, because it can cause the *replacement* + * of existing mappings, and we only want to create new mappings. + */ + ret = mmap(addr, size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON, -1, 0); + assert(ret != NULL); + +#endif + if (ret == MAP_FAILED) { + ret = NULL; + } +#if defined(__ia64__) || (defined(__sparc__) && defined(__arch64__) && defined(__linux__)) || (defined(__sun) && defined(__x86_64__)) + /* + * If the allocated memory doesn't have its upper 17 bits clear, consider it + * as out of memory. + */ + else if ((long long)ret & 0xffff800000000000) { + munmap(ret, size); + ret = NULL; + } + /* If the caller requested a specific memory location, verify that's what mmap returned. */ + else if (check_placement && ret != addr) { +#else + else if (addr != NULL && ret != addr) { +#endif + /* + * We succeeded in mapping memory, but not in the right place. + */ + if (munmap(ret, size) == -1) { + char buf[STRERROR_BUF]; + + if (strerror_r(errno, buf, sizeof(buf)) == 0) { + _malloc_message(_getprogname(), + ": (malloc) Error in munmap(): ", buf, "\n"); + } + if (opt_abort) + abort(); + } + ret = NULL; + } + if (ret != NULL) { + MozTagAnonymousMemory(ret, size, "jemalloc"); + } + +#if defined(__ia64__) || (defined(__sparc__) && defined(__arch64__) && defined(__linux__)) || (defined(__sun) && defined(__x86_64__)) + assert(ret == NULL || (!check_placement && ret != NULL) + || (check_placement && ret == addr)); +#else + assert(ret == NULL || (addr == NULL && ret != addr) + || (addr != NULL && ret == addr)); +#endif + return (ret); +} + +static void +pages_unmap(void *addr, size_t size) +{ + + if (munmap(addr, size) == -1) { + char buf[STRERROR_BUF]; + + if (strerror_r(errno, buf, sizeof(buf)) == 0) { + _malloc_message(_getprogname(), + ": (malloc) Error in munmap(): ", buf, "\n"); + } + if (opt_abort) + abort(); + } +} +#endif + +#ifdef MOZ_MEMORY_DARWIN +#define VM_COPY_MIN (pagesize << 5) +static inline void +pages_copy(void *dest, const void *src, size_t n) +{ + + assert((void *)((uintptr_t)dest & ~pagesize_mask) == dest); + assert(n >= VM_COPY_MIN); + assert((void *)((uintptr_t)src & ~pagesize_mask) == src); + + vm_copy(mach_task_self(), (vm_address_t)src, (vm_size_t)n, + (vm_address_t)dest); +} +#endif + +static inline malloc_rtree_t * +malloc_rtree_new(unsigned bits) +{ + malloc_rtree_t *ret; + unsigned bits_per_level, height, i; + + bits_per_level = ffs(pow2_ceil((MALLOC_RTREE_NODESIZE / + sizeof(void *)))) - 1; + height = bits / bits_per_level; + if (height * bits_per_level != bits) + height++; + RELEASE_ASSERT(height * bits_per_level >= bits); + + ret = (malloc_rtree_t*)base_calloc(1, sizeof(malloc_rtree_t) + + (sizeof(unsigned) * (height - 1))); + if (ret == NULL) + return (NULL); + + malloc_spin_init(&ret->lock); + ret->height = height; + if (bits_per_level * height > bits) + ret->level2bits[0] = bits % bits_per_level; + else + ret->level2bits[0] = bits_per_level; + for (i = 1; i < height; i++) + ret->level2bits[i] = bits_per_level; + + ret->root = (void**)base_calloc(1, sizeof(void *) << ret->level2bits[0]); + if (ret->root == NULL) { + /* + * We leak the rtree here, since there's no generic base + * deallocation. + */ + return (NULL); + } + + return (ret); +} + +#define MALLOC_RTREE_GET_GENERATE(f) \ +/* The least significant bits of the key are ignored. */ \ +static inline void * \ +f(malloc_rtree_t *rtree, uintptr_t key) \ +{ \ + void *ret; \ + uintptr_t subkey; \ + unsigned i, lshift, height, bits; \ + void **node, **child; \ + \ + MALLOC_RTREE_LOCK(&rtree->lock); \ + for (i = lshift = 0, height = rtree->height, node = rtree->root;\ + i < height - 1; \ + i++, lshift += bits, node = child) { \ + bits = rtree->level2bits[i]; \ + subkey = (key << lshift) >> ((SIZEOF_PTR << 3) - bits); \ + child = (void**)node[subkey]; \ + if (child == NULL) { \ + MALLOC_RTREE_UNLOCK(&rtree->lock); \ + return (NULL); \ + } \ + } \ + \ + /* \ + * node is a leaf, so it contains values rather than node \ + * pointers. \ + */ \ + bits = rtree->level2bits[i]; \ + subkey = (key << lshift) >> ((SIZEOF_PTR << 3) - bits); \ + ret = node[subkey]; \ + MALLOC_RTREE_UNLOCK(&rtree->lock); \ + \ + MALLOC_RTREE_GET_VALIDATE \ + return (ret); \ +} + +#ifdef MALLOC_DEBUG +# define MALLOC_RTREE_LOCK(l) malloc_spin_lock(l) +# define MALLOC_RTREE_UNLOCK(l) malloc_spin_unlock(l) +# define MALLOC_RTREE_GET_VALIDATE +MALLOC_RTREE_GET_GENERATE(malloc_rtree_get_locked) +# undef MALLOC_RTREE_LOCK +# undef MALLOC_RTREE_UNLOCK +# undef MALLOC_RTREE_GET_VALIDATE +#endif + +#define MALLOC_RTREE_LOCK(l) +#define MALLOC_RTREE_UNLOCK(l) +#ifdef MALLOC_DEBUG + /* + * Suppose that it were possible for a jemalloc-allocated chunk to be + * munmap()ped, followed by a different allocator in another thread re-using + * overlapping virtual memory, all without invalidating the cached rtree + * value. The result would be a false positive (the rtree would claim that + * jemalloc owns memory that it had actually discarded). I don't think this + * scenario is possible, but the following assertion is a prudent sanity + * check. + */ +# define MALLOC_RTREE_GET_VALIDATE \ + assert(malloc_rtree_get_locked(rtree, key) == ret); +#else +# define MALLOC_RTREE_GET_VALIDATE +#endif +MALLOC_RTREE_GET_GENERATE(malloc_rtree_get) +#undef MALLOC_RTREE_LOCK +#undef MALLOC_RTREE_UNLOCK +#undef MALLOC_RTREE_GET_VALIDATE + +static inline bool +malloc_rtree_set(malloc_rtree_t *rtree, uintptr_t key, void *val) +{ + uintptr_t subkey; + unsigned i, lshift, height, bits; + void **node, **child; + + malloc_spin_lock(&rtree->lock); + for (i = lshift = 0, height = rtree->height, node = rtree->root; + i < height - 1; + i++, lshift += bits, node = child) { + bits = rtree->level2bits[i]; + subkey = (key << lshift) >> ((SIZEOF_PTR << 3) - bits); + child = (void**)node[subkey]; + if (child == NULL) { + child = (void**)base_calloc(1, sizeof(void *) << + rtree->level2bits[i+1]); + if (child == NULL) { + malloc_spin_unlock(&rtree->lock); + return (true); + } + node[subkey] = child; + } + } + + /* node is a leaf, so it contains values rather than node pointers. */ + bits = rtree->level2bits[i]; + subkey = (key << lshift) >> ((SIZEOF_PTR << 3) - bits); + node[subkey] = val; + malloc_spin_unlock(&rtree->lock); + + return (false); +} + +/* pages_trim, chunk_alloc_mmap_slow and chunk_alloc_mmap were cherry-picked + * from upstream jemalloc 3.4.1 to fix Mozilla bug 956501. */ + +/* Return the offset between a and the nearest aligned address at or below a. */ +#define ALIGNMENT_ADDR2OFFSET(a, alignment) \ + ((size_t)((uintptr_t)(a) & (alignment - 1))) + +/* Return the smallest alignment multiple that is >= s. */ +#define ALIGNMENT_CEILING(s, alignment) \ + (((s) + (alignment - 1)) & (-(alignment))) + +static void * +pages_trim(void *addr, size_t alloc_size, size_t leadsize, size_t size) +{ + void *ret = (void *)((uintptr_t)addr + leadsize); + + assert(alloc_size >= leadsize + size); +#ifdef MOZ_MEMORY_WINDOWS + { + void *new_addr; + + pages_unmap(addr, alloc_size); + new_addr = pages_map(ret, size); + if (new_addr == ret) + return (ret); + if (new_addr) + pages_unmap(new_addr, size); + return (NULL); + } +#else + { + size_t trailsize = alloc_size - leadsize - size; + + if (leadsize != 0) + pages_unmap(addr, leadsize); + if (trailsize != 0) + pages_unmap((void *)((uintptr_t)ret + size), trailsize); + return (ret); + } +#endif +} + +static void * +chunk_alloc_mmap_slow(size_t size, size_t alignment) +{ + void *ret, *pages; + size_t alloc_size, leadsize; + + alloc_size = size + alignment - pagesize; + /* Beware size_t wrap-around. */ + if (alloc_size < size) + return (NULL); + do { + pages = pages_map(NULL, alloc_size); + if (pages == NULL) + return (NULL); + leadsize = ALIGNMENT_CEILING((uintptr_t)pages, alignment) - + (uintptr_t)pages; + ret = pages_trim(pages, alloc_size, leadsize, size); + } while (ret == NULL); + + assert(ret != NULL); + return (ret); +} + +static void * +chunk_alloc_mmap(size_t size, size_t alignment) +{ + void *ret; + size_t offset; + + /* + * Ideally, there would be a way to specify alignment to mmap() (like + * NetBSD has), but in the absence of such a feature, we have to work + * hard to efficiently create aligned mappings. The reliable, but + * slow method is to create a mapping that is over-sized, then trim the + * excess. However, that always results in one or two calls to + * pages_unmap(). + * + * Optimistically try mapping precisely the right amount before falling + * back to the slow method, with the expectation that the optimistic + * approach works most of the time. + */ + + ret = pages_map(NULL, size); + if (ret == NULL) + return (NULL); + offset = ALIGNMENT_ADDR2OFFSET(ret, alignment); + if (offset != 0) { + pages_unmap(ret, size); + return (chunk_alloc_mmap_slow(size, alignment)); + } + + assert(ret != NULL); + return (ret); +} + +bool +pages_purge(void *addr, size_t length) +{ + bool unzeroed; + +#ifdef MALLOC_DECOMMIT + pages_decommit(addr, length); + unzeroed = false; +#else +# ifdef MOZ_MEMORY_WINDOWS + /* + * The region starting at addr may have been allocated in multiple calls + * to VirtualAlloc and recycled, so resetting the entire region in one + * go may not be valid. However, since we allocate at least a chunk at a + * time, we may touch any region in chunksized increments. + */ + size_t pages_size = min(length, chunksize - + CHUNK_ADDR2OFFSET((uintptr_t)addr)); + while (length > 0) { + VirtualAlloc(addr, pages_size, MEM_RESET, PAGE_READWRITE); + addr = (void *)((uintptr_t)addr + pages_size); + length -= pages_size; + pages_size = min(length, chunksize); + } + unzeroed = true; +# else +# ifdef MOZ_MEMORY_LINUX +# define JEMALLOC_MADV_PURGE MADV_DONTNEED +# define JEMALLOC_MADV_ZEROS true +# else /* FreeBSD and Darwin. */ +# define JEMALLOC_MADV_PURGE MADV_FREE +# define JEMALLOC_MADV_ZEROS false +# endif +#ifdef MOZ_MEMORY_SOLARIS + int err = posix_madvise(addr, length, JEMALLOC_MADV_PURGE); + unzeroed = (JEMALLOC_MADV_ZEROS == false || err != 0); +#else + int err = madvise(addr, length, JEMALLOC_MADV_PURGE); + unzeroed = (JEMALLOC_MADV_ZEROS == false || err != 0); +#endif +# undef JEMALLOC_MADV_PURGE +# undef JEMALLOC_MADV_ZEROS +# endif +#endif + return (unzeroed); +} + +static void * +chunk_recycle(extent_tree_t *chunks_szad, extent_tree_t *chunks_ad, size_t size, + size_t alignment, bool base, bool *zero) +{ + void *ret; + extent_node_t *node; + extent_node_t key; + size_t alloc_size, leadsize, trailsize; + bool zeroed; + + if (base) { + /* + * This function may need to call base_node_{,de}alloc(), but + * the current chunk allocation request is on behalf of the + * base allocator. Avoid deadlock (and if that weren't an + * issue, potential for infinite recursion) by returning NULL. + */ + return (NULL); + } + + alloc_size = size + alignment - chunksize; + /* Beware size_t wrap-around. */ + if (alloc_size < size) + return (NULL); + key.addr = NULL; + key.size = alloc_size; + malloc_mutex_lock(&chunks_mtx); + node = extent_tree_szad_nsearch(chunks_szad, &key); + if (node == NULL) { + malloc_mutex_unlock(&chunks_mtx); + return (NULL); + } + leadsize = ALIGNMENT_CEILING((uintptr_t)node->addr, alignment) - + (uintptr_t)node->addr; + assert(node->size >= leadsize + size); + trailsize = node->size - leadsize - size; + ret = (void *)((uintptr_t)node->addr + leadsize); + zeroed = node->zeroed; + if (zeroed) + *zero = true; + /* Remove node from the tree. */ + extent_tree_szad_remove(chunks_szad, node); + extent_tree_ad_remove(chunks_ad, node); + if (leadsize != 0) { + /* Insert the leading space as a smaller chunk. */ + node->size = leadsize; + extent_tree_szad_insert(chunks_szad, node); + extent_tree_ad_insert(chunks_ad, node); + node = NULL; + } + if (trailsize != 0) { + /* Insert the trailing space as a smaller chunk. */ + if (node == NULL) { + /* + * An additional node is required, but + * base_node_alloc() can cause a new base chunk to be + * allocated. Drop chunks_mtx in order to avoid + * deadlock, and if node allocation fails, deallocate + * the result before returning an error. + */ + malloc_mutex_unlock(&chunks_mtx); + node = base_node_alloc(); + if (node == NULL) { + chunk_dealloc(ret, size); + return (NULL); + } + malloc_mutex_lock(&chunks_mtx); + } + node->addr = (void *)((uintptr_t)(ret) + size); + node->size = trailsize; + node->zeroed = zeroed; + extent_tree_szad_insert(chunks_szad, node); + extent_tree_ad_insert(chunks_ad, node); + node = NULL; + } + + if (config_munmap && config_recycle) + recycled_size -= size; + + malloc_mutex_unlock(&chunks_mtx); + + if (node != NULL) + base_node_dealloc(node); +#ifdef MALLOC_DECOMMIT + pages_commit(ret, size); +#endif + if (*zero) { + if (zeroed == false) + memset(ret, 0, size); +#ifdef DEBUG + else { + size_t i; + size_t *p = (size_t *)(uintptr_t)ret; + + for (i = 0; i < size / sizeof(size_t); i++) + assert(p[i] == 0); + } +#endif + } + return (ret); +} + +#ifdef MOZ_MEMORY_WINDOWS +/* + * On Windows, calls to VirtualAlloc and VirtualFree must be matched, making it + * awkward to recycle allocations of varying sizes. Therefore we only allow + * recycling when the size equals the chunksize, unless deallocation is entirely + * disabled. + */ +#define CAN_RECYCLE(size) (size == chunksize) +#else +#define CAN_RECYCLE(size) true +#endif + +static void * +chunk_alloc(size_t size, size_t alignment, bool base, bool zero) +{ + void *ret; + + assert(size != 0); + assert((size & chunksize_mask) == 0); + assert(alignment != 0); + assert((alignment & chunksize_mask) == 0); + + if (!config_munmap || (config_recycle && CAN_RECYCLE(size))) { + ret = chunk_recycle(&chunks_szad_mmap, &chunks_ad_mmap, + size, alignment, base, &zero); + if (ret != NULL) + goto RETURN; + } + ret = chunk_alloc_mmap(size, alignment); + if (ret != NULL) { + goto RETURN; + } + + /* All strategies for allocation failed. */ + ret = NULL; +RETURN: + + if (ret != NULL && base == false) { + if (malloc_rtree_set(chunk_rtree, (uintptr_t)ret, ret)) { + chunk_dealloc(ret, size); + return (NULL); + } + } + + assert(CHUNK_ADDR2BASE(ret) == ret); + return (ret); +} + +static void +chunk_record(extent_tree_t *chunks_szad, extent_tree_t *chunks_ad, void *chunk, + size_t size) +{ + bool unzeroed; + extent_node_t *xnode, *node, *prev, *xprev, key; + + unzeroed = pages_purge(chunk, size); + + /* + * Allocate a node before acquiring chunks_mtx even though it might not + * be needed, because base_node_alloc() may cause a new base chunk to + * be allocated, which could cause deadlock if chunks_mtx were already + * held. + */ + xnode = base_node_alloc(); + /* Use xprev to implement conditional deferred deallocation of prev. */ + xprev = NULL; + + malloc_mutex_lock(&chunks_mtx); + key.addr = (void *)((uintptr_t)chunk + size); + node = extent_tree_ad_nsearch(chunks_ad, &key); + /* Try to coalesce forward. */ + if (node != NULL && node->addr == key.addr) { + /* + * Coalesce chunk with the following address range. This does + * not change the position within chunks_ad, so only + * remove/insert from/into chunks_szad. + */ + extent_tree_szad_remove(chunks_szad, node); + node->addr = chunk; + node->size += size; + node->zeroed = (node->zeroed && (unzeroed == false)); + extent_tree_szad_insert(chunks_szad, node); + } else { + /* Coalescing forward failed, so insert a new node. */ + if (xnode == NULL) { + /* + * base_node_alloc() failed, which is an exceedingly + * unlikely failure. Leak chunk; its pages have + * already been purged, so this is only a virtual + * memory leak. + */ + goto label_return; + } + node = xnode; + xnode = NULL; /* Prevent deallocation below. */ + node->addr = chunk; + node->size = size; + node->zeroed = (unzeroed == false); + extent_tree_ad_insert(chunks_ad, node); + extent_tree_szad_insert(chunks_szad, node); + } + + /* Try to coalesce backward. */ + prev = extent_tree_ad_prev(chunks_ad, node); + if (prev != NULL && (void *)((uintptr_t)prev->addr + prev->size) == + chunk) { + /* + * Coalesce chunk with the previous address range. This does + * not change the position within chunks_ad, so only + * remove/insert node from/into chunks_szad. + */ + extent_tree_szad_remove(chunks_szad, prev); + extent_tree_ad_remove(chunks_ad, prev); + + extent_tree_szad_remove(chunks_szad, node); + node->addr = prev->addr; + node->size += prev->size; + node->zeroed = (node->zeroed && prev->zeroed); + extent_tree_szad_insert(chunks_szad, node); + + xprev = prev; + } + + if (config_munmap && config_recycle) + recycled_size += size; + +label_return: + malloc_mutex_unlock(&chunks_mtx); + /* + * Deallocate xnode and/or xprev after unlocking chunks_mtx in order to + * avoid potential deadlock. + */ + if (xnode != NULL) + base_node_dealloc(xnode); + if (xprev != NULL) + base_node_dealloc(xprev); +} + +static bool +chunk_dalloc_mmap(void *chunk, size_t size) +{ + if (!config_munmap || (config_recycle && CAN_RECYCLE(size) && + load_acquire_z(&recycled_size) < recycle_limit)) + return true; + + pages_unmap(chunk, size); + return false; +} + +#undef CAN_RECYCLE + +static void +chunk_dealloc(void *chunk, size_t size) +{ + + assert(chunk != NULL); + assert(CHUNK_ADDR2BASE(chunk) == chunk); + assert(size != 0); + assert((size & chunksize_mask) == 0); + + malloc_rtree_set(chunk_rtree, (uintptr_t)chunk, NULL); + + if (chunk_dalloc_mmap(chunk, size)) + chunk_record(&chunks_szad_mmap, &chunks_ad_mmap, chunk, size); +} + +/* + * End chunk management functions. + */ +/******************************************************************************/ +/* + * Begin arena. + */ + +/* + * Choose an arena based on a per-thread value (fast-path code, calls slow-path + * code if necessary). + */ +static inline arena_t * +choose_arena(void) +{ + arena_t *ret; + + /* + * We can only use TLS if this is a PIC library, since for the static + * library version, libc's malloc is used by TLS allocation, which + * introduces a bootstrapping issue. + */ +#ifndef NO_TLS + +# ifdef MOZ_MEMORY_WINDOWS + ret = (arena_t*)TlsGetValue(tlsIndex); +# else + ret = arenas_map; +# endif + + if (ret == NULL) { + ret = choose_arena_hard(); + RELEASE_ASSERT(ret != NULL); + } +#else + if (narenas > 1) { + unsigned long ind; + + /* + * Hash _pthread_self() to one of the arenas. There is a prime + * number of arenas, so this has a reasonable chance of + * working. Even so, the hashing can be easily thwarted by + * inconvenient _pthread_self() values. Without specific + * knowledge of how _pthread_self() calculates values, we can't + * easily do much better than this. + */ + ind = (unsigned long) _pthread_self() % narenas; + + /* + * Optimistially assume that arenas[ind] has been initialized. + * At worst, we find out that some other thread has already + * done so, after acquiring the lock in preparation. Note that + * this lazy locking also has the effect of lazily forcing + * cache coherency; without the lock acquisition, there's no + * guarantee that modification of arenas[ind] by another thread + * would be seen on this CPU for an arbitrary amount of time. + * + * In general, this approach to modifying a synchronized value + * isn't a good idea, but in this case we only ever modify the + * value once, so things work out well. + */ + ret = arenas[ind]; + if (ret == NULL) { + /* + * Avoid races with another thread that may have already + * initialized arenas[ind]. + */ + malloc_spin_lock(&arenas_lock); + if (arenas[ind] == NULL) + ret = arenas_extend((unsigned)ind); + else + ret = arenas[ind]; + malloc_spin_unlock(&arenas_lock); + } + } else + ret = arenas[0]; +#endif + + RELEASE_ASSERT(ret != NULL); + return (ret); +} + +#ifndef NO_TLS +/* + * Choose an arena based on a per-thread value (slow-path code only, called + * only by choose_arena()). + */ +static arena_t * +choose_arena_hard(void) +{ + arena_t *ret; + + if (narenas > 1) { + malloc_spin_lock(&arenas_lock); + if ((ret = arenas[next_arena]) == NULL) + ret = arenas_extend(next_arena); + next_arena = (next_arena + 1) % narenas; + malloc_spin_unlock(&arenas_lock); + } else + ret = arenas[0]; + +#ifdef MOZ_MEMORY_WINDOWS + TlsSetValue(tlsIndex, ret); +#else + arenas_map = ret; +#endif + + return (ret); +} +#endif + +static inline int +arena_chunk_comp(arena_chunk_t *a, arena_chunk_t *b) +{ + uintptr_t a_chunk = (uintptr_t)a; + uintptr_t b_chunk = (uintptr_t)b; + + assert(a != NULL); + assert(b != NULL); + + return ((a_chunk > b_chunk) - (a_chunk < b_chunk)); +} + +/* Wrap red-black tree macros in functions. */ +rb_wrap(static, arena_chunk_tree_dirty_, arena_chunk_tree_t, + arena_chunk_t, link_dirty, arena_chunk_comp) + +static inline int +arena_run_comp(arena_chunk_map_t *a, arena_chunk_map_t *b) +{ + uintptr_t a_mapelm = (uintptr_t)a; + uintptr_t b_mapelm = (uintptr_t)b; + + assert(a != NULL); + assert(b != NULL); + + return ((a_mapelm > b_mapelm) - (a_mapelm < b_mapelm)); +} + +/* Wrap red-black tree macros in functions. */ +rb_wrap(static, arena_run_tree_, arena_run_tree_t, arena_chunk_map_t, link, + arena_run_comp) + +static inline int +arena_avail_comp(arena_chunk_map_t *a, arena_chunk_map_t *b) +{ + int ret; + size_t a_size = a->bits & ~pagesize_mask; + size_t b_size = b->bits & ~pagesize_mask; + + ret = (a_size > b_size) - (a_size < b_size); + if (ret == 0) { + uintptr_t a_mapelm, b_mapelm; + + if ((a->bits & CHUNK_MAP_KEY) == 0) + a_mapelm = (uintptr_t)a; + else { + /* + * Treat keys as though they are lower than anything + * else. + */ + a_mapelm = 0; + } + b_mapelm = (uintptr_t)b; + + ret = (a_mapelm > b_mapelm) - (a_mapelm < b_mapelm); + } + + return (ret); +} + +/* Wrap red-black tree macros in functions. */ +rb_wrap(static, arena_avail_tree_, arena_avail_tree_t, arena_chunk_map_t, link, + arena_avail_comp) + +static inline void * +arena_run_reg_alloc(arena_run_t *run, arena_bin_t *bin) +{ + void *ret; + unsigned i, mask, bit, regind; + + assert(run->magic == ARENA_RUN_MAGIC); + assert(run->regs_minelm < bin->regs_mask_nelms); + + /* + * Move the first check outside the loop, so that run->regs_minelm can + * be updated unconditionally, without the possibility of updating it + * multiple times. + */ + i = run->regs_minelm; + mask = run->regs_mask[i]; + if (mask != 0) { + /* Usable allocation found. */ + bit = ffs((int)mask) - 1; + + regind = ((i << (SIZEOF_INT_2POW + 3)) + bit); + assert(regind < bin->nregs); + ret = (void *)(((uintptr_t)run) + bin->reg0_offset + + (bin->reg_size * regind)); + + /* Clear bit. */ + mask ^= (1U << bit); + run->regs_mask[i] = mask; + + return (ret); + } + + for (i++; i < bin->regs_mask_nelms; i++) { + mask = run->regs_mask[i]; + if (mask != 0) { + /* Usable allocation found. */ + bit = ffs((int)mask) - 1; + + regind = ((i << (SIZEOF_INT_2POW + 3)) + bit); + assert(regind < bin->nregs); + ret = (void *)(((uintptr_t)run) + bin->reg0_offset + + (bin->reg_size * regind)); + + /* Clear bit. */ + mask ^= (1U << bit); + run->regs_mask[i] = mask; + + /* + * Make a note that nothing before this element + * contains a free region. + */ + run->regs_minelm = i; /* Low payoff: + (mask == 0); */ + + return (ret); + } + } + /* Not reached. */ + RELEASE_ASSERT(0); + return (NULL); +} + +static inline void +arena_run_reg_dalloc(arena_run_t *run, arena_bin_t *bin, void *ptr, size_t size) +{ + /* + * To divide by a number D that is not a power of two we multiply + * by (2^21 / D) and then right shift by 21 positions. + * + * X / D + * + * becomes + * + * (X * size_invs[(D >> QUANTUM_2POW_MIN) - 3]) >> SIZE_INV_SHIFT + */ +#define SIZE_INV_SHIFT 21 +#define SIZE_INV(s) (((1U << SIZE_INV_SHIFT) / (s << QUANTUM_2POW_MIN)) + 1) + static const unsigned size_invs[] = { + SIZE_INV(3), + SIZE_INV(4), SIZE_INV(5), SIZE_INV(6), SIZE_INV(7), + SIZE_INV(8), SIZE_INV(9), SIZE_INV(10), SIZE_INV(11), + SIZE_INV(12),SIZE_INV(13), SIZE_INV(14), SIZE_INV(15), + SIZE_INV(16),SIZE_INV(17), SIZE_INV(18), SIZE_INV(19), + SIZE_INV(20),SIZE_INV(21), SIZE_INV(22), SIZE_INV(23), + SIZE_INV(24),SIZE_INV(25), SIZE_INV(26), SIZE_INV(27), + SIZE_INV(28),SIZE_INV(29), SIZE_INV(30), SIZE_INV(31) +#if (QUANTUM_2POW_MIN < 4) + , + SIZE_INV(32), SIZE_INV(33), SIZE_INV(34), SIZE_INV(35), + SIZE_INV(36), SIZE_INV(37), SIZE_INV(38), SIZE_INV(39), + SIZE_INV(40), SIZE_INV(41), SIZE_INV(42), SIZE_INV(43), + SIZE_INV(44), SIZE_INV(45), SIZE_INV(46), SIZE_INV(47), + SIZE_INV(48), SIZE_INV(49), SIZE_INV(50), SIZE_INV(51), + SIZE_INV(52), SIZE_INV(53), SIZE_INV(54), SIZE_INV(55), + SIZE_INV(56), SIZE_INV(57), SIZE_INV(58), SIZE_INV(59), + SIZE_INV(60), SIZE_INV(61), SIZE_INV(62), SIZE_INV(63) +#endif + }; + unsigned diff, regind, elm, bit; + + assert(run->magic == ARENA_RUN_MAGIC); + assert(((sizeof(size_invs)) / sizeof(unsigned)) + 3 + >= (SMALL_MAX_DEFAULT >> QUANTUM_2POW_MIN)); + + /* + * Avoid doing division with a variable divisor if possible. Using + * actual division here can reduce allocator throughput by over 20%! + */ + diff = (unsigned)((uintptr_t)ptr - (uintptr_t)run - bin->reg0_offset); + if ((size & (size - 1)) == 0) { + /* + * log2_table allows fast division of a power of two in the + * [1..128] range. + * + * (x / divisor) becomes (x >> log2_table[divisor - 1]). + */ + static const unsigned char log2_table[] = { + 0, 1, 0, 2, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 4, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7 + }; + + if (size <= 128) + regind = (diff >> log2_table[size - 1]); + else if (size <= 32768) + regind = diff >> (8 + log2_table[(size >> 8) - 1]); + else { + /* + * The run size is too large for us to use the lookup + * table. Use real division. + */ + regind = diff / size; + } + } else if (size <= ((sizeof(size_invs) / sizeof(unsigned)) + << QUANTUM_2POW_MIN) + 2) { + regind = size_invs[(size >> QUANTUM_2POW_MIN) - 3] * diff; + regind >>= SIZE_INV_SHIFT; + } else { + /* + * size_invs isn't large enough to handle this size class, so + * calculate regind using actual division. This only happens + * if the user increases small_max via the 'S' runtime + * configuration option. + */ + regind = diff / size; + }; + RELEASE_ASSERT(diff == regind * size); + RELEASE_ASSERT(regind < bin->nregs); + + elm = regind >> (SIZEOF_INT_2POW + 3); + if (elm < run->regs_minelm) + run->regs_minelm = elm; + bit = regind - (elm << (SIZEOF_INT_2POW + 3)); + RELEASE_ASSERT((run->regs_mask[elm] & (1U << bit)) == 0); + run->regs_mask[elm] |= (1U << bit); +#undef SIZE_INV +#undef SIZE_INV_SHIFT +} + +static void +arena_run_split(arena_t *arena, arena_run_t *run, size_t size, bool large, + bool zero) +{ + arena_chunk_t *chunk; + size_t old_ndirty, run_ind, total_pages, need_pages, rem_pages, i; + + chunk = (arena_chunk_t *)CHUNK_ADDR2BASE(run); + old_ndirty = chunk->ndirty; + run_ind = (unsigned)(((uintptr_t)run - (uintptr_t)chunk) + >> pagesize_2pow); + total_pages = (chunk->map[run_ind].bits & ~pagesize_mask) >> + pagesize_2pow; + need_pages = (size >> pagesize_2pow); + assert(need_pages > 0); + assert(need_pages <= total_pages); + rem_pages = total_pages - need_pages; + + arena_avail_tree_remove(&arena->runs_avail, &chunk->map[run_ind]); + + /* Keep track of trailing unused pages for later use. */ + if (rem_pages > 0) { + chunk->map[run_ind+need_pages].bits = (rem_pages << + pagesize_2pow) | (chunk->map[run_ind+need_pages].bits & + pagesize_mask); + chunk->map[run_ind+total_pages-1].bits = (rem_pages << + pagesize_2pow) | (chunk->map[run_ind+total_pages-1].bits & + pagesize_mask); + arena_avail_tree_insert(&arena->runs_avail, + &chunk->map[run_ind+need_pages]); + } + + for (i = 0; i < need_pages; i++) { +#if defined(MALLOC_DECOMMIT) || defined(MALLOC_STATS) || defined(MALLOC_DOUBLE_PURGE) + /* + * Commit decommitted pages if necessary. If a decommitted + * page is encountered, commit all needed adjacent decommitted + * pages in one operation, in order to reduce system call + * overhead. + */ + if (chunk->map[run_ind + i].bits & CHUNK_MAP_MADVISED_OR_DECOMMITTED) { + size_t j; + + /* + * Advance i+j to just past the index of the last page + * to commit. Clear CHUNK_MAP_DECOMMITTED and + * CHUNK_MAP_MADVISED along the way. + */ + for (j = 0; i + j < need_pages && (chunk->map[run_ind + + i + j].bits & CHUNK_MAP_MADVISED_OR_DECOMMITTED); j++) { + /* DECOMMITTED and MADVISED are mutually exclusive. */ + assert(!(chunk->map[run_ind + i + j].bits & CHUNK_MAP_DECOMMITTED && + chunk->map[run_ind + i + j].bits & CHUNK_MAP_MADVISED)); + + chunk->map[run_ind + i + j].bits &= + ~CHUNK_MAP_MADVISED_OR_DECOMMITTED; + } + +# ifdef MALLOC_DECOMMIT + pages_commit((void *)((uintptr_t)chunk + ((run_ind + i) + << pagesize_2pow)), (j << pagesize_2pow)); +# ifdef MALLOC_STATS + arena->stats.ncommit++; +# endif +# endif + +# ifdef MALLOC_STATS + arena->stats.committed += j; +# endif + +# ifndef MALLOC_DECOMMIT + } +# else + } else /* No need to zero since commit zeros. */ +# endif + +#endif + + /* Zero if necessary. */ + if (zero) { + if ((chunk->map[run_ind + i].bits & CHUNK_MAP_ZEROED) + == 0) { + memset((void *)((uintptr_t)chunk + ((run_ind + + i) << pagesize_2pow)), 0, pagesize); + /* CHUNK_MAP_ZEROED is cleared below. */ + } + } + + /* Update dirty page accounting. */ + if (chunk->map[run_ind + i].bits & CHUNK_MAP_DIRTY) { + chunk->ndirty--; + arena->ndirty--; + /* CHUNK_MAP_DIRTY is cleared below. */ + } + + /* Initialize the chunk map. */ + if (large) { + chunk->map[run_ind + i].bits = CHUNK_MAP_LARGE + | CHUNK_MAP_ALLOCATED; + } else { + chunk->map[run_ind + i].bits = (size_t)run + | CHUNK_MAP_ALLOCATED; + } + } + + /* + * Set the run size only in the first element for large runs. This is + * primarily a debugging aid, since the lack of size info for trailing + * pages only matters if the application tries to operate on an + * interior pointer. + */ + if (large) + chunk->map[run_ind].bits |= size; + + if (chunk->ndirty == 0 && old_ndirty > 0) + arena_chunk_tree_dirty_remove(&arena->chunks_dirty, chunk); +} + +static void +arena_chunk_init(arena_t *arena, arena_chunk_t *chunk) +{ + arena_run_t *run; + size_t i; + +#ifdef MALLOC_STATS + arena->stats.mapped += chunksize; +#endif + + chunk->arena = arena; + + /* + * Claim that no pages are in use, since the header is merely overhead. + */ + chunk->ndirty = 0; + + /* Initialize the map to contain one maximal free untouched run. */ + run = (arena_run_t *)((uintptr_t)chunk + (arena_chunk_header_npages << + pagesize_2pow)); + for (i = 0; i < arena_chunk_header_npages; i++) + chunk->map[i].bits = 0; + chunk->map[i].bits = arena_maxclass | CHUNK_MAP_DECOMMITTED | CHUNK_MAP_ZEROED; + for (i++; i < chunk_npages-1; i++) { + chunk->map[i].bits = CHUNK_MAP_DECOMMITTED | CHUNK_MAP_ZEROED; + } + chunk->map[chunk_npages-1].bits = arena_maxclass | CHUNK_MAP_DECOMMITTED | CHUNK_MAP_ZEROED; + +#ifdef MALLOC_DECOMMIT + /* + * Start out decommitted, in order to force a closer correspondence + * between dirty pages and committed untouched pages. + */ + pages_decommit(run, arena_maxclass); +# ifdef MALLOC_STATS + arena->stats.ndecommit++; + arena->stats.decommitted += (chunk_npages - arena_chunk_header_npages); +# endif +#endif +#ifdef MALLOC_STATS + arena->stats.committed += arena_chunk_header_npages; +#endif + + /* Insert the run into the runs_avail tree. */ + arena_avail_tree_insert(&arena->runs_avail, + &chunk->map[arena_chunk_header_npages]); + +#ifdef MALLOC_DOUBLE_PURGE + LinkedList_Init(&chunk->chunks_madvised_elem); +#endif +} + +static void +arena_chunk_dealloc(arena_t *arena, arena_chunk_t *chunk) +{ + + if (arena->spare != NULL) { + if (arena->spare->ndirty > 0) { + arena_chunk_tree_dirty_remove( + &chunk->arena->chunks_dirty, arena->spare); + arena->ndirty -= arena->spare->ndirty; +#ifdef MALLOC_STATS + arena->stats.committed -= arena->spare->ndirty; +#endif + } + +#ifdef MALLOC_DOUBLE_PURGE + /* This is safe to do even if arena->spare is not in the list. */ + LinkedList_Remove(&arena->spare->chunks_madvised_elem); +#endif + + chunk_dealloc((void *)arena->spare, chunksize); +#ifdef MALLOC_STATS + arena->stats.mapped -= chunksize; + arena->stats.committed -= arena_chunk_header_npages; +#endif + } + + /* + * Remove run from runs_avail, so that the arena does not use it. + * Dirty page flushing only uses the chunks_dirty tree, so leaving this + * chunk in the chunks_* trees is sufficient for that purpose. + */ + arena_avail_tree_remove(&arena->runs_avail, + &chunk->map[arena_chunk_header_npages]); + + arena->spare = chunk; +} + +static arena_run_t * +arena_run_alloc(arena_t *arena, arena_bin_t *bin, size_t size, bool large, + bool zero) +{ + arena_run_t *run; + arena_chunk_map_t *mapelm, key; + + assert(size <= arena_maxclass); + assert((size & pagesize_mask) == 0); + + /* Search the arena's chunks for the lowest best fit. */ + key.bits = size | CHUNK_MAP_KEY; + mapelm = arena_avail_tree_nsearch(&arena->runs_avail, &key); + if (mapelm != NULL) { + arena_chunk_t *chunk = + (arena_chunk_t*)CHUNK_ADDR2BASE(mapelm); + size_t pageind = ((uintptr_t)mapelm - + (uintptr_t)chunk->map) / + sizeof(arena_chunk_map_t); + + run = (arena_run_t *)((uintptr_t)chunk + (pageind + << pagesize_2pow)); + arena_run_split(arena, run, size, large, zero); + return (run); + } + + if (arena->spare != NULL) { + /* Use the spare. */ + arena_chunk_t *chunk = arena->spare; + arena->spare = NULL; + run = (arena_run_t *)((uintptr_t)chunk + + (arena_chunk_header_npages << pagesize_2pow)); + /* Insert the run into the runs_avail tree. */ + arena_avail_tree_insert(&arena->runs_avail, + &chunk->map[arena_chunk_header_npages]); + arena_run_split(arena, run, size, large, zero); + return (run); + } + + /* + * No usable runs. Create a new chunk from which to allocate + * the run. + */ + { + arena_chunk_t *chunk = (arena_chunk_t *) + chunk_alloc(chunksize, chunksize, false, true); + if (chunk == NULL) + return (NULL); + + arena_chunk_init(arena, chunk); + run = (arena_run_t *)((uintptr_t)chunk + + (arena_chunk_header_npages << pagesize_2pow)); + } + /* Update page map. */ + arena_run_split(arena, run, size, large, zero); + return (run); +} + +static void +arena_purge(arena_t *arena, bool all) +{ + arena_chunk_t *chunk; + size_t i, npages; + /* If all is set purge all dirty pages. */ + size_t dirty_max = all ? 1 : opt_dirty_max; +#ifdef MALLOC_DEBUG + size_t ndirty = 0; + rb_foreach_begin(arena_chunk_t, link_dirty, &arena->chunks_dirty, + chunk) { + ndirty += chunk->ndirty; + } rb_foreach_end(arena_chunk_t, link_dirty, &arena->chunks_dirty, chunk) + assert(ndirty == arena->ndirty); +#endif + RELEASE_ASSERT(all || (arena->ndirty > opt_dirty_max)); + +#ifdef MALLOC_STATS + arena->stats.npurge++; +#endif + + /* + * Iterate downward through chunks until enough dirty memory has been + * purged. Terminate as soon as possible in order to minimize the + * number of system calls, even if a chunk has only been partially + * purged. + */ + while (arena->ndirty > (dirty_max >> 1)) { +#ifdef MALLOC_DOUBLE_PURGE + bool madvised = false; +#endif + chunk = arena_chunk_tree_dirty_last(&arena->chunks_dirty); + RELEASE_ASSERT(chunk != NULL); + + for (i = chunk_npages - 1; chunk->ndirty > 0; i--) { + RELEASE_ASSERT(i >= arena_chunk_header_npages); + + if (chunk->map[i].bits & CHUNK_MAP_DIRTY) { +#ifdef MALLOC_DECOMMIT + const size_t free_operation = CHUNK_MAP_DECOMMITTED; +#else + const size_t free_operation = CHUNK_MAP_MADVISED; +#endif + assert((chunk->map[i].bits & + CHUNK_MAP_MADVISED_OR_DECOMMITTED) == 0); + chunk->map[i].bits ^= free_operation | CHUNK_MAP_DIRTY; + /* Find adjacent dirty run(s). */ + for (npages = 1; + i > arena_chunk_header_npages && + (chunk->map[i - 1].bits & CHUNK_MAP_DIRTY); + npages++) { + i--; + assert((chunk->map[i].bits & + CHUNK_MAP_MADVISED_OR_DECOMMITTED) == 0); + chunk->map[i].bits ^= free_operation | CHUNK_MAP_DIRTY; + } + chunk->ndirty -= npages; + arena->ndirty -= npages; + +#ifdef MALLOC_DECOMMIT + pages_decommit((void *)((uintptr_t) + chunk + (i << pagesize_2pow)), + (npages << pagesize_2pow)); +# ifdef MALLOC_STATS + arena->stats.ndecommit++; + arena->stats.decommitted += npages; +# endif +#endif +#ifdef MALLOC_STATS + arena->stats.committed -= npages; +#endif + +#ifndef MALLOC_DECOMMIT +#ifdef MOZ_MEMORY_SOLARIS + posix_madvise((void*)((uintptr_t)chunk + (i << pagesize_2pow)), + (npages << pagesize_2pow),MADV_FREE); +#else + madvise((void *)((uintptr_t)chunk + (i << + pagesize_2pow)), (npages << pagesize_2pow), + MADV_FREE); +#endif +# ifdef MALLOC_DOUBLE_PURGE + madvised = true; +# endif +#endif +#ifdef MALLOC_STATS + arena->stats.nmadvise++; + arena->stats.purged += npages; +#endif + if (arena->ndirty <= (dirty_max >> 1)) + break; + } + } + + if (chunk->ndirty == 0) { + arena_chunk_tree_dirty_remove(&arena->chunks_dirty, + chunk); + } +#ifdef MALLOC_DOUBLE_PURGE + if (madvised) { + /* The chunk might already be in the list, but this + * makes sure it's at the front. */ + LinkedList_Remove(&chunk->chunks_madvised_elem); + LinkedList_InsertHead(&arena->chunks_madvised, &chunk->chunks_madvised_elem); + } +#endif + } +} + +static void +arena_run_dalloc(arena_t *arena, arena_run_t *run, bool dirty) +{ + arena_chunk_t *chunk; + size_t size, run_ind, run_pages; + + chunk = (arena_chunk_t *)CHUNK_ADDR2BASE(run); + run_ind = (size_t)(((uintptr_t)run - (uintptr_t)chunk) + >> pagesize_2pow); + RELEASE_ASSERT(run_ind >= arena_chunk_header_npages); + RELEASE_ASSERT(run_ind < chunk_npages); + if ((chunk->map[run_ind].bits & CHUNK_MAP_LARGE) != 0) + size = chunk->map[run_ind].bits & ~pagesize_mask; + else + size = run->bin->run_size; + run_pages = (size >> pagesize_2pow); + + /* Mark pages as unallocated in the chunk map. */ + if (dirty) { + size_t i; + + for (i = 0; i < run_pages; i++) { + RELEASE_ASSERT((chunk->map[run_ind + i].bits & CHUNK_MAP_DIRTY) + == 0); + chunk->map[run_ind + i].bits = CHUNK_MAP_DIRTY; + } + + if (chunk->ndirty == 0) { + arena_chunk_tree_dirty_insert(&arena->chunks_dirty, + chunk); + } + chunk->ndirty += run_pages; + arena->ndirty += run_pages; + } else { + size_t i; + + for (i = 0; i < run_pages; i++) { + chunk->map[run_ind + i].bits &= ~(CHUNK_MAP_LARGE | + CHUNK_MAP_ALLOCATED); + } + } + chunk->map[run_ind].bits = size | (chunk->map[run_ind].bits & + pagesize_mask); + chunk->map[run_ind+run_pages-1].bits = size | + (chunk->map[run_ind+run_pages-1].bits & pagesize_mask); + + /* Try to coalesce forward. */ + if (run_ind + run_pages < chunk_npages && + (chunk->map[run_ind+run_pages].bits & CHUNK_MAP_ALLOCATED) == 0) { + size_t nrun_size = chunk->map[run_ind+run_pages].bits & + ~pagesize_mask; + + /* + * Remove successor from runs_avail; the coalesced run is + * inserted later. + */ + arena_avail_tree_remove(&arena->runs_avail, + &chunk->map[run_ind+run_pages]); + + size += nrun_size; + run_pages = size >> pagesize_2pow; + + RELEASE_ASSERT((chunk->map[run_ind+run_pages-1].bits & ~pagesize_mask) + == nrun_size); + chunk->map[run_ind].bits = size | (chunk->map[run_ind].bits & + pagesize_mask); + chunk->map[run_ind+run_pages-1].bits = size | + (chunk->map[run_ind+run_pages-1].bits & pagesize_mask); + } + + /* Try to coalesce backward. */ + if (run_ind > arena_chunk_header_npages && (chunk->map[run_ind-1].bits & + CHUNK_MAP_ALLOCATED) == 0) { + size_t prun_size = chunk->map[run_ind-1].bits & ~pagesize_mask; + + run_ind -= prun_size >> pagesize_2pow; + + /* + * Remove predecessor from runs_avail; the coalesced run is + * inserted later. + */ + arena_avail_tree_remove(&arena->runs_avail, + &chunk->map[run_ind]); + + size += prun_size; + run_pages = size >> pagesize_2pow; + + RELEASE_ASSERT((chunk->map[run_ind].bits & ~pagesize_mask) == + prun_size); + chunk->map[run_ind].bits = size | (chunk->map[run_ind].bits & + pagesize_mask); + chunk->map[run_ind+run_pages-1].bits = size | + (chunk->map[run_ind+run_pages-1].bits & pagesize_mask); + } + + /* Insert into runs_avail, now that coalescing is complete. */ + arena_avail_tree_insert(&arena->runs_avail, &chunk->map[run_ind]); + + /* Deallocate chunk if it is now completely unused. */ + if ((chunk->map[arena_chunk_header_npages].bits & (~pagesize_mask | + CHUNK_MAP_ALLOCATED)) == arena_maxclass) + arena_chunk_dealloc(arena, chunk); + + /* Enforce opt_dirty_max. */ + if (arena->ndirty > opt_dirty_max) + arena_purge(arena, false); +} + +static void +arena_run_trim_head(arena_t *arena, arena_chunk_t *chunk, arena_run_t *run, + size_t oldsize, size_t newsize) +{ + size_t pageind = ((uintptr_t)run - (uintptr_t)chunk) >> pagesize_2pow; + size_t head_npages = (oldsize - newsize) >> pagesize_2pow; + + assert(oldsize > newsize); + + /* + * Update the chunk map so that arena_run_dalloc() can treat the + * leading run as separately allocated. + */ + chunk->map[pageind].bits = (oldsize - newsize) | CHUNK_MAP_LARGE | + CHUNK_MAP_ALLOCATED; + chunk->map[pageind+head_npages].bits = newsize | CHUNK_MAP_LARGE | + CHUNK_MAP_ALLOCATED; + + arena_run_dalloc(arena, run, false); +} + +static void +arena_run_trim_tail(arena_t *arena, arena_chunk_t *chunk, arena_run_t *run, + size_t oldsize, size_t newsize, bool dirty) +{ + size_t pageind = ((uintptr_t)run - (uintptr_t)chunk) >> pagesize_2pow; + size_t npages = newsize >> pagesize_2pow; + + assert(oldsize > newsize); + + /* + * Update the chunk map so that arena_run_dalloc() can treat the + * trailing run as separately allocated. + */ + chunk->map[pageind].bits = newsize | CHUNK_MAP_LARGE | + CHUNK_MAP_ALLOCATED; + chunk->map[pageind+npages].bits = (oldsize - newsize) | CHUNK_MAP_LARGE + | CHUNK_MAP_ALLOCATED; + + arena_run_dalloc(arena, (arena_run_t *)((uintptr_t)run + newsize), + dirty); +} + +static arena_run_t * +arena_bin_nonfull_run_get(arena_t *arena, arena_bin_t *bin) +{ + arena_chunk_map_t *mapelm; + arena_run_t *run; + unsigned i, remainder; + + /* Look for a usable run. */ + mapelm = arena_run_tree_first(&bin->runs); + if (mapelm != NULL) { + /* run is guaranteed to have available space. */ + arena_run_tree_remove(&bin->runs, mapelm); + run = (arena_run_t *)(mapelm->bits & ~pagesize_mask); +#ifdef MALLOC_STATS + bin->stats.reruns++; +#endif + return (run); + } + /* No existing runs have any space available. */ + + /* Allocate a new run. */ + run = arena_run_alloc(arena, bin, bin->run_size, false, false); + if (run == NULL) + return (NULL); + /* + * Don't initialize if a race in arena_run_alloc() allowed an existing + * run to become usable. + */ + if (run == bin->runcur) + return (run); + + /* Initialize run internals. */ + run->bin = bin; + + for (i = 0; i < bin->regs_mask_nelms - 1; i++) + run->regs_mask[i] = UINT_MAX; + remainder = bin->nregs & ((1U << (SIZEOF_INT_2POW + 3)) - 1); + if (remainder == 0) + run->regs_mask[i] = UINT_MAX; + else { + /* The last element has spare bits that need to be unset. */ + run->regs_mask[i] = (UINT_MAX >> ((1U << (SIZEOF_INT_2POW + 3)) + - remainder)); + } + + run->regs_minelm = 0; + + run->nfree = bin->nregs; +#if defined(MALLOC_DEBUG) || defined(MOZ_JEMALLOC_HARD_ASSERTS) + run->magic = ARENA_RUN_MAGIC; +#endif + +#ifdef MALLOC_STATS + bin->stats.nruns++; + bin->stats.curruns++; + if (bin->stats.curruns > bin->stats.highruns) + bin->stats.highruns = bin->stats.curruns; +#endif + return (run); +} + +/* bin->runcur must have space available before this function is called. */ +static inline void * +arena_bin_malloc_easy(arena_t *arena, arena_bin_t *bin, arena_run_t *run) +{ + void *ret; + + RELEASE_ASSERT(run->magic == ARENA_RUN_MAGIC); + RELEASE_ASSERT(run->nfree > 0); + + ret = arena_run_reg_alloc(run, bin); + RELEASE_ASSERT(ret != NULL); + run->nfree--; + + return (ret); +} + +/* Re-fill bin->runcur, then call arena_bin_malloc_easy(). */ +static void * +arena_bin_malloc_hard(arena_t *arena, arena_bin_t *bin) +{ + + bin->runcur = arena_bin_nonfull_run_get(arena, bin); + if (bin->runcur == NULL) + return (NULL); + RELEASE_ASSERT(bin->runcur->magic == ARENA_RUN_MAGIC); + RELEASE_ASSERT(bin->runcur->nfree > 0); + + return (arena_bin_malloc_easy(arena, bin, bin->runcur)); +} + +/* + * Calculate bin->run_size such that it meets the following constraints: + * + * *) bin->run_size >= min_run_size + * *) bin->run_size <= arena_maxclass + * *) bin->run_size <= RUN_MAX_SMALL + * *) run header overhead <= RUN_MAX_OVRHD (or header overhead relaxed). + * + * bin->nregs, bin->regs_mask_nelms, and bin->reg0_offset are + * also calculated here, since these settings are all interdependent. + */ +static size_t +arena_bin_run_size_calc(arena_bin_t *bin, size_t min_run_size) +{ + size_t try_run_size, good_run_size; + unsigned good_nregs, good_mask_nelms, good_reg0_offset; + unsigned try_nregs, try_mask_nelms, try_reg0_offset; + + assert(min_run_size >= pagesize); + assert(min_run_size <= arena_maxclass); + + /* + * Calculate known-valid settings before entering the run_size + * expansion loop, so that the first part of the loop always copies + * valid settings. + * + * The do..while loop iteratively reduces the number of regions until + * the run header and the regions no longer overlap. A closed formula + * would be quite messy, since there is an interdependency between the + * header's mask length and the number of regions. + */ + try_run_size = min_run_size; + try_nregs = ((try_run_size - sizeof(arena_run_t)) / bin->reg_size) + + 1; /* Counter-act try_nregs-- in loop. */ + do { + try_nregs--; + try_mask_nelms = (try_nregs >> (SIZEOF_INT_2POW + 3)) + + ((try_nregs & ((1U << (SIZEOF_INT_2POW + 3)) - 1)) ? 1 : 0); + try_reg0_offset = try_run_size - (try_nregs * bin->reg_size); + } while (sizeof(arena_run_t) + (sizeof(unsigned) * (try_mask_nelms - 1)) + > try_reg0_offset); + + /* run_size expansion loop. */ + do { + /* + * Copy valid settings before trying more aggressive settings. + */ + good_run_size = try_run_size; + good_nregs = try_nregs; + good_mask_nelms = try_mask_nelms; + good_reg0_offset = try_reg0_offset; + + /* Try more aggressive settings. */ + try_run_size += pagesize; + try_nregs = ((try_run_size - sizeof(arena_run_t)) / + bin->reg_size) + 1; /* Counter-act try_nregs-- in loop. */ + do { + try_nregs--; + try_mask_nelms = (try_nregs >> (SIZEOF_INT_2POW + 3)) + + ((try_nregs & ((1U << (SIZEOF_INT_2POW + 3)) - 1)) ? + 1 : 0); + try_reg0_offset = try_run_size - (try_nregs * + bin->reg_size); + } while (sizeof(arena_run_t) + (sizeof(unsigned) * + (try_mask_nelms - 1)) > try_reg0_offset); + } while (try_run_size <= arena_maxclass + && RUN_MAX_OVRHD * (bin->reg_size << 3) > RUN_MAX_OVRHD_RELAX + && (try_reg0_offset << RUN_BFP) > RUN_MAX_OVRHD * try_run_size); + + assert(sizeof(arena_run_t) + (sizeof(unsigned) * (good_mask_nelms - 1)) + <= good_reg0_offset); + assert((good_mask_nelms << (SIZEOF_INT_2POW + 3)) >= good_nregs); + + /* Copy final settings. */ + bin->run_size = good_run_size; + bin->nregs = good_nregs; + bin->regs_mask_nelms = good_mask_nelms; + bin->reg0_offset = good_reg0_offset; + + return (good_run_size); +} + +static inline void * +arena_malloc_small(arena_t *arena, size_t size, bool zero) +{ + void *ret; + arena_bin_t *bin; + arena_run_t *run; + + if (size < small_min) { + /* Tiny. */ + size = pow2_ceil(size); + bin = &arena->bins[ffs((int)(size >> (TINY_MIN_2POW + + 1)))]; +#if (!defined(NDEBUG) || defined(MALLOC_STATS)) + /* + * Bin calculation is always correct, but we may need + * to fix size for the purposes of assertions and/or + * stats accuracy. + */ + if (size < (1U << TINY_MIN_2POW)) + size = (1U << TINY_MIN_2POW); +#endif + } else if (size <= small_max) { + /* Quantum-spaced. */ + size = QUANTUM_CEILING(size); + bin = &arena->bins[ntbins + (size >> opt_quantum_2pow) + - 1]; + } else { + /* Sub-page. */ + size = pow2_ceil(size); + bin = &arena->bins[ntbins + nqbins + + (ffs((int)(size >> opt_small_max_2pow)) - 2)]; + } + RELEASE_ASSERT(size == bin->reg_size); + + malloc_spin_lock(&arena->lock); + + if ((run = bin->runcur) != NULL && run->nfree > 0) + ret = arena_bin_malloc_easy(arena, bin, run); + else + ret = arena_bin_malloc_hard(arena, bin); + + if (ret == NULL) { + malloc_spin_unlock(&arena->lock); + return (NULL); + } + +#ifdef MALLOC_STATS + bin->stats.nrequests++; + arena->stats.nmalloc_small++; + arena->stats.allocated_small += size; +#endif + malloc_spin_unlock(&arena->lock); + + if (zero == false) { +#ifdef MALLOC_FILL + if (opt_junk) + memset(ret, 0xe4, size); + else if (opt_zero) + memset(ret, 0, size); +#endif + } else + memset(ret, 0, size); + + return (ret); +} + +static void * +arena_malloc_large(arena_t *arena, size_t size, bool zero) +{ + void *ret; + + /* Large allocation. */ + size = PAGE_CEILING(size); + malloc_spin_lock(&arena->lock); + ret = (void *)arena_run_alloc(arena, NULL, size, true, zero); + if (ret == NULL) { + malloc_spin_unlock(&arena->lock); + return (NULL); + } +#ifdef MALLOC_STATS + arena->stats.nmalloc_large++; + arena->stats.allocated_large += size; +#endif + malloc_spin_unlock(&arena->lock); + + if (zero == false) { +#ifdef MALLOC_FILL + if (opt_junk) + memset(ret, 0xe4, size); + else if (opt_zero) + memset(ret, 0, size); +#endif + } + + return (ret); +} + +static inline void * +arena_malloc(arena_t *arena, size_t size, bool zero) +{ + + assert(arena != NULL); + RELEASE_ASSERT(arena->magic == ARENA_MAGIC); + assert(size != 0); + assert(QUANTUM_CEILING(size) <= arena_maxclass); + + if (size <= bin_maxclass) { + return (arena_malloc_small(arena, size, zero)); + } else + return (arena_malloc_large(arena, size, zero)); +} + +static inline void * +imalloc(size_t size) +{ + + assert(size != 0); + + if (size <= arena_maxclass) + return (arena_malloc(choose_arena(), size, false)); + else + return (huge_malloc(size, false)); +} + +static inline void * +icalloc(size_t size) +{ + + if (size <= arena_maxclass) + return (arena_malloc(choose_arena(), size, true)); + else + return (huge_malloc(size, true)); +} + +/* Only handles large allocations that require more than page alignment. */ +static void * +arena_palloc(arena_t *arena, size_t alignment, size_t size, size_t alloc_size) +{ + void *ret; + size_t offset; + arena_chunk_t *chunk; + + assert((size & pagesize_mask) == 0); + assert((alignment & pagesize_mask) == 0); + + malloc_spin_lock(&arena->lock); + + ret = (void *)arena_run_alloc(arena, NULL, alloc_size, true, false); + if (ret == NULL) { + malloc_spin_unlock(&arena->lock); + return (NULL); + } + + chunk = (arena_chunk_t *)CHUNK_ADDR2BASE(ret); + + offset = (uintptr_t)ret & (alignment - 1); + assert((offset & pagesize_mask) == 0); + assert(offset < alloc_size); + if (offset == 0) + arena_run_trim_tail(arena, chunk, (arena_run_t*)ret, alloc_size, size, false); + else { + size_t leadsize, trailsize; + + leadsize = alignment - offset; + if (leadsize > 0) { + arena_run_trim_head(arena, chunk, (arena_run_t*)ret, alloc_size, + alloc_size - leadsize); + ret = (void *)((uintptr_t)ret + leadsize); + } + + trailsize = alloc_size - leadsize - size; + if (trailsize != 0) { + /* Trim trailing space. */ + assert(trailsize < alloc_size); + arena_run_trim_tail(arena, chunk, (arena_run_t*)ret, size + trailsize, + size, false); + } + } + +#ifdef MALLOC_STATS + arena->stats.nmalloc_large++; + arena->stats.allocated_large += size; +#endif + malloc_spin_unlock(&arena->lock); + +#ifdef MALLOC_FILL + if (opt_junk) + memset(ret, 0xe4, size); + else if (opt_zero) + memset(ret, 0, size); +#endif + return (ret); +} + +static inline void * +ipalloc(size_t alignment, size_t size) +{ + void *ret; + size_t ceil_size; + + /* + * Round size up to the nearest multiple of alignment. + * + * This done, we can take advantage of the fact that for each small + * size class, every object is aligned at the smallest power of two + * that is non-zero in the base two representation of the size. For + * example: + * + * Size | Base 2 | Minimum alignment + * -----+----------+------------------ + * 96 | 1100000 | 32 + * 144 | 10100000 | 32 + * 192 | 11000000 | 64 + * + * Depending on runtime settings, it is possible that arena_malloc() + * will further round up to a power of two, but that never causes + * correctness issues. + */ + ceil_size = (size + (alignment - 1)) & (-alignment); + /* + * (ceil_size < size) protects against the combination of maximal + * alignment and size greater than maximal alignment. + */ + if (ceil_size < size) { + /* size_t overflow. */ + return (NULL); + } + + if (ceil_size <= pagesize || (alignment <= pagesize + && ceil_size <= arena_maxclass)) + ret = arena_malloc(choose_arena(), ceil_size, false); + else { + size_t run_size; + + /* + * We can't achieve sub-page alignment, so round up alignment + * permanently; it makes later calculations simpler. + */ + alignment = PAGE_CEILING(alignment); + ceil_size = PAGE_CEILING(size); + /* + * (ceil_size < size) protects against very large sizes within + * pagesize of SIZE_T_MAX. + * + * (ceil_size + alignment < ceil_size) protects against the + * combination of maximal alignment and ceil_size large enough + * to cause overflow. This is similar to the first overflow + * check above, but it needs to be repeated due to the new + * ceil_size value, which may now be *equal* to maximal + * alignment, whereas before we only detected overflow if the + * original size was *greater* than maximal alignment. + */ + if (ceil_size < size || ceil_size + alignment < ceil_size) { + /* size_t overflow. */ + return (NULL); + } + + /* + * Calculate the size of the over-size run that arena_palloc() + * would need to allocate in order to guarantee the alignment. + */ + if (ceil_size >= alignment) + run_size = ceil_size + alignment - pagesize; + else { + /* + * It is possible that (alignment << 1) will cause + * overflow, but it doesn't matter because we also + * subtract pagesize, which in the case of overflow + * leaves us with a very large run_size. That causes + * the first conditional below to fail, which means + * that the bogus run_size value never gets used for + * anything important. + */ + run_size = (alignment << 1) - pagesize; + } + + if (run_size <= arena_maxclass) { + ret = arena_palloc(choose_arena(), alignment, ceil_size, + run_size); + } else if (alignment <= chunksize) + ret = huge_malloc(ceil_size, false); + else + ret = huge_palloc(ceil_size, alignment, false); + } + + assert(((uintptr_t)ret & (alignment - 1)) == 0); + return (ret); +} + +/* Return the size of the allocation pointed to by ptr. */ +static size_t +arena_salloc(const void *ptr) +{ + size_t ret; + arena_chunk_t *chunk; + size_t pageind, mapbits; + + assert(ptr != NULL); + assert(CHUNK_ADDR2BASE(ptr) != ptr); + + chunk = (arena_chunk_t *)CHUNK_ADDR2BASE(ptr); + pageind = (((uintptr_t)ptr - (uintptr_t)chunk) >> pagesize_2pow); + mapbits = chunk->map[pageind].bits; + RELEASE_ASSERT((mapbits & CHUNK_MAP_ALLOCATED) != 0); + if ((mapbits & CHUNK_MAP_LARGE) == 0) { + arena_run_t *run = (arena_run_t *)(mapbits & ~pagesize_mask); + RELEASE_ASSERT(run->magic == ARENA_RUN_MAGIC); + ret = run->bin->reg_size; + } else { + ret = mapbits & ~pagesize_mask; + RELEASE_ASSERT(ret != 0); + } + + return (ret); +} + +/* + * Validate ptr before assuming that it points to an allocation. Currently, + * the following validation is performed: + * + * + Check that ptr is not NULL. + * + * + Check that ptr lies within a mapped chunk. + */ +static inline size_t +isalloc_validate(const void *ptr) +{ + arena_chunk_t *chunk; + + chunk = (arena_chunk_t *)CHUNK_ADDR2BASE(ptr); + if (chunk == NULL) + return (0); + + if (malloc_rtree_get(chunk_rtree, (uintptr_t)chunk) == NULL) + return (0); + + if (chunk != ptr) { + RELEASE_ASSERT(chunk->arena->magic == ARENA_MAGIC); + return (arena_salloc(ptr)); + } else { + size_t ret; + extent_node_t *node; + extent_node_t key; + + /* Chunk. */ + key.addr = (void *)chunk; + malloc_mutex_lock(&huge_mtx); + node = extent_tree_ad_search(&huge, &key); + if (node != NULL) + ret = node->size; + else + ret = 0; + malloc_mutex_unlock(&huge_mtx); + return (ret); + } +} + +static inline size_t +isalloc(const void *ptr) +{ + size_t ret; + arena_chunk_t *chunk; + + assert(ptr != NULL); + + chunk = (arena_chunk_t *)CHUNK_ADDR2BASE(ptr); + if (chunk != ptr) { + /* Region. */ + assert(chunk->arena->magic == ARENA_MAGIC); + + ret = arena_salloc(ptr); + } else { + extent_node_t *node, key; + + /* Chunk (huge allocation). */ + + malloc_mutex_lock(&huge_mtx); + + /* Extract from tree of huge allocations. */ + key.addr = __DECONST(void *, ptr); + node = extent_tree_ad_search(&huge, &key); + RELEASE_ASSERT(node != NULL); + + ret = node->size; + + malloc_mutex_unlock(&huge_mtx); + } + + return (ret); +} + +static inline void +arena_dalloc_small(arena_t *arena, arena_chunk_t *chunk, void *ptr, + arena_chunk_map_t *mapelm) +{ + arena_run_t *run; + arena_bin_t *bin; + size_t size; + + run = (arena_run_t *)(mapelm->bits & ~pagesize_mask); + RELEASE_ASSERT(run->magic == ARENA_RUN_MAGIC); + bin = run->bin; + size = bin->reg_size; + +#ifdef MALLOC_FILL + if (opt_poison) + memset(ptr, 0xe5, size); +#endif + + arena_run_reg_dalloc(run, bin, ptr, size); + run->nfree++; + + if (run->nfree == bin->nregs) { + /* Deallocate run. */ + if (run == bin->runcur) + bin->runcur = NULL; + else if (bin->nregs != 1) { + size_t run_pageind = (((uintptr_t)run - + (uintptr_t)chunk)) >> pagesize_2pow; + arena_chunk_map_t *run_mapelm = + &chunk->map[run_pageind]; + /* + * This block's conditional is necessary because if the + * run only contains one region, then it never gets + * inserted into the non-full runs tree. + */ + RELEASE_ASSERT(arena_run_tree_search(&bin->runs, run_mapelm) == + run_mapelm); + arena_run_tree_remove(&bin->runs, run_mapelm); + } +#if defined(MALLOC_DEBUG) || defined(MOZ_JEMALLOC_HARD_ASSERTS) + run->magic = 0; +#endif + arena_run_dalloc(arena, run, true); +#ifdef MALLOC_STATS + bin->stats.curruns--; +#endif + } else if (run->nfree == 1 && run != bin->runcur) { + /* + * Make sure that bin->runcur always refers to the lowest + * non-full run, if one exists. + */ + if (bin->runcur == NULL) + bin->runcur = run; + else if ((uintptr_t)run < (uintptr_t)bin->runcur) { + /* Switch runcur. */ + if (bin->runcur->nfree > 0) { + arena_chunk_t *runcur_chunk = + (arena_chunk_t*)CHUNK_ADDR2BASE(bin->runcur); + size_t runcur_pageind = + (((uintptr_t)bin->runcur - + (uintptr_t)runcur_chunk)) >> pagesize_2pow; + arena_chunk_map_t *runcur_mapelm = + &runcur_chunk->map[runcur_pageind]; + + /* Insert runcur. */ + RELEASE_ASSERT(arena_run_tree_search(&bin->runs, + runcur_mapelm) == NULL); + arena_run_tree_insert(&bin->runs, + runcur_mapelm); + } + bin->runcur = run; + } else { + size_t run_pageind = (((uintptr_t)run - + (uintptr_t)chunk)) >> pagesize_2pow; + arena_chunk_map_t *run_mapelm = + &chunk->map[run_pageind]; + + RELEASE_ASSERT(arena_run_tree_search(&bin->runs, run_mapelm) == + NULL); + arena_run_tree_insert(&bin->runs, run_mapelm); + } + } +#ifdef MALLOC_STATS + arena->stats.allocated_small -= size; + arena->stats.ndalloc_small++; +#endif +} + +static void +arena_dalloc_large(arena_t *arena, arena_chunk_t *chunk, void *ptr) +{ + /* Large allocation. */ + malloc_spin_lock(&arena->lock); + +#ifdef MALLOC_FILL +#ifndef MALLOC_STATS + if (opt_poison) +#endif +#endif + { + size_t pageind = ((uintptr_t)ptr - (uintptr_t)chunk) >> + pagesize_2pow; + size_t size = chunk->map[pageind].bits & ~pagesize_mask; + +#ifdef MALLOC_FILL +#ifdef MALLOC_STATS + if (opt_poison) +#endif + memset(ptr, 0xe5, size); +#endif +#ifdef MALLOC_STATS + arena->stats.allocated_large -= size; +#endif + } +#ifdef MALLOC_STATS + arena->stats.ndalloc_large++; +#endif + + arena_run_dalloc(arena, (arena_run_t *)ptr, true); + malloc_spin_unlock(&arena->lock); +} + +static inline void +arena_dalloc(void *ptr, size_t offset) +{ + arena_chunk_t *chunk; + arena_t *arena; + size_t pageind; + arena_chunk_map_t *mapelm; + + assert(ptr != NULL); + assert(offset != 0); + assert(CHUNK_ADDR2OFFSET(ptr) == offset); + + chunk = (arena_chunk_t *) ((uintptr_t)ptr - offset); + arena = chunk->arena; + assert(arena != NULL); + RELEASE_ASSERT(arena->magic == ARENA_MAGIC); + + pageind = offset >> pagesize_2pow; + mapelm = &chunk->map[pageind]; + RELEASE_ASSERT((mapelm->bits & CHUNK_MAP_ALLOCATED) != 0); + if ((mapelm->bits & CHUNK_MAP_LARGE) == 0) { + /* Small allocation. */ + malloc_spin_lock(&arena->lock); + arena_dalloc_small(arena, chunk, ptr, mapelm); + malloc_spin_unlock(&arena->lock); + } else + arena_dalloc_large(arena, chunk, ptr); +} + +static inline void +idalloc(void *ptr) +{ + size_t offset; + + assert(ptr != NULL); + + offset = CHUNK_ADDR2OFFSET(ptr); + if (offset != 0) + arena_dalloc(ptr, offset); + else + huge_dalloc(ptr); +} + +static void +arena_ralloc_large_shrink(arena_t *arena, arena_chunk_t *chunk, void *ptr, + size_t size, size_t oldsize) +{ + + assert(size < oldsize); + + /* + * Shrink the run, and make trailing pages available for other + * allocations. + */ + malloc_spin_lock(&arena->lock); + arena_run_trim_tail(arena, chunk, (arena_run_t *)ptr, oldsize, size, + true); +#ifdef MALLOC_STATS + arena->stats.allocated_large -= oldsize - size; +#endif + malloc_spin_unlock(&arena->lock); +} + +static bool +arena_ralloc_large_grow(arena_t *arena, arena_chunk_t *chunk, void *ptr, + size_t size, size_t oldsize) +{ + size_t pageind = ((uintptr_t)ptr - (uintptr_t)chunk) >> pagesize_2pow; + size_t npages = oldsize >> pagesize_2pow; + + RELEASE_ASSERT(oldsize == (chunk->map[pageind].bits & ~pagesize_mask)); + + /* Try to extend the run. */ + assert(size > oldsize); + malloc_spin_lock(&arena->lock); + if (pageind + npages < chunk_npages && (chunk->map[pageind+npages].bits + & CHUNK_MAP_ALLOCATED) == 0 && (chunk->map[pageind+npages].bits & + ~pagesize_mask) >= size - oldsize) { + /* + * The next run is available and sufficiently large. Split the + * following run, then merge the first part with the existing + * allocation. + */ + arena_run_split(arena, (arena_run_t *)((uintptr_t)chunk + + ((pageind+npages) << pagesize_2pow)), size - oldsize, true, + false); + + chunk->map[pageind].bits = size | CHUNK_MAP_LARGE | + CHUNK_MAP_ALLOCATED; + chunk->map[pageind+npages].bits = CHUNK_MAP_LARGE | + CHUNK_MAP_ALLOCATED; + +#ifdef MALLOC_STATS + arena->stats.allocated_large += size - oldsize; +#endif + malloc_spin_unlock(&arena->lock); + return (false); + } + malloc_spin_unlock(&arena->lock); + + return (true); +} + +/* + * Try to resize a large allocation, in order to avoid copying. This will + * always fail if growing an object, and the following run is already in use. + */ +static bool +arena_ralloc_large(void *ptr, size_t size, size_t oldsize) +{ + size_t psize; + + psize = PAGE_CEILING(size); + if (psize == oldsize) { + /* Same size class. */ +#ifdef MALLOC_FILL + if (opt_poison && size < oldsize) { + memset((void *)((uintptr_t)ptr + size), 0xe5, oldsize - + size); + } +#endif + return (false); + } else { + arena_chunk_t *chunk; + arena_t *arena; + + chunk = (arena_chunk_t *)CHUNK_ADDR2BASE(ptr); + arena = chunk->arena; + RELEASE_ASSERT(arena->magic == ARENA_MAGIC); + + if (psize < oldsize) { +#ifdef MALLOC_FILL + /* Fill before shrinking in order avoid a race. */ + if (opt_poison) { + memset((void *)((uintptr_t)ptr + size), 0xe5, + oldsize - size); + } +#endif + arena_ralloc_large_shrink(arena, chunk, ptr, psize, + oldsize); + return (false); + } else { + bool ret = arena_ralloc_large_grow(arena, chunk, ptr, + psize, oldsize); +#ifdef MALLOC_FILL + if (ret == false && opt_zero) { + memset((void *)((uintptr_t)ptr + oldsize), 0, + size - oldsize); + } +#endif + return (ret); + } + } +} + +static void * +arena_ralloc(void *ptr, size_t size, size_t oldsize) +{ + void *ret; + size_t copysize; + + /* Try to avoid moving the allocation. */ + if (size < small_min) { + if (oldsize < small_min && + ffs((int)(pow2_ceil(size) >> (TINY_MIN_2POW + 1))) + == ffs((int)(pow2_ceil(oldsize) >> (TINY_MIN_2POW + 1)))) + goto IN_PLACE; /* Same size class. */ + } else if (size <= small_max) { + if (oldsize >= small_min && oldsize <= small_max && + (QUANTUM_CEILING(size) >> opt_quantum_2pow) + == (QUANTUM_CEILING(oldsize) >> opt_quantum_2pow)) + goto IN_PLACE; /* Same size class. */ + } else if (size <= bin_maxclass) { + if (oldsize > small_max && oldsize <= bin_maxclass && + pow2_ceil(size) == pow2_ceil(oldsize)) + goto IN_PLACE; /* Same size class. */ + } else if (oldsize > bin_maxclass && oldsize <= arena_maxclass) { + assert(size > bin_maxclass); + if (arena_ralloc_large(ptr, size, oldsize) == false) + return (ptr); + } + + /* + * If we get here, then size and oldsize are different enough that we + * need to move the object. In that case, fall back to allocating new + * space and copying. + */ + ret = arena_malloc(choose_arena(), size, false); + if (ret == NULL) + return (NULL); + + /* Junk/zero-filling were already done by arena_malloc(). */ + copysize = (size < oldsize) ? size : oldsize; +#ifdef VM_COPY_MIN + if (copysize >= VM_COPY_MIN) + pages_copy(ret, ptr, copysize); + else +#endif + memcpy(ret, ptr, copysize); + idalloc(ptr); + return (ret); +IN_PLACE: +#ifdef MALLOC_FILL + if (opt_poison && size < oldsize) + memset((void *)((uintptr_t)ptr + size), 0xe5, oldsize - size); + else if (opt_zero && size > oldsize) + memset((void *)((uintptr_t)ptr + oldsize), 0, size - oldsize); +#endif + return (ptr); +} + +static inline void * +iralloc(void *ptr, size_t size) +{ + size_t oldsize; + + assert(ptr != NULL); + assert(size != 0); + + oldsize = isalloc(ptr); + + if (size <= arena_maxclass) + return (arena_ralloc(ptr, size, oldsize)); + else + return (huge_ralloc(ptr, size, oldsize)); +} + +static bool +arena_new(arena_t *arena) +{ + unsigned i; + arena_bin_t *bin; + size_t pow2_size, prev_run_size; + + if (malloc_spin_init(&arena->lock)) + return (true); + +#ifdef MALLOC_STATS + memset(&arena->stats, 0, sizeof(arena_stats_t)); +#endif + + /* Initialize chunks. */ + arena_chunk_tree_dirty_new(&arena->chunks_dirty); +#ifdef MALLOC_DOUBLE_PURGE + LinkedList_Init(&arena->chunks_madvised); +#endif + arena->spare = NULL; + + arena->ndirty = 0; + + arena_avail_tree_new(&arena->runs_avail); + + /* Initialize bins. */ + prev_run_size = pagesize; + + /* (2^n)-spaced tiny bins. */ + for (i = 0; i < ntbins; i++) { + bin = &arena->bins[i]; + bin->runcur = NULL; + arena_run_tree_new(&bin->runs); + + bin->reg_size = (1ULL << (TINY_MIN_2POW + i)); + + prev_run_size = arena_bin_run_size_calc(bin, prev_run_size); + +#ifdef MALLOC_STATS + memset(&bin->stats, 0, sizeof(malloc_bin_stats_t)); +#endif + } + + /* Quantum-spaced bins. */ + for (; i < ntbins + nqbins; i++) { + bin = &arena->bins[i]; + bin->runcur = NULL; + arena_run_tree_new(&bin->runs); + + bin->reg_size = quantum * (i - ntbins + 1); + + pow2_size = pow2_ceil(quantum * (i - ntbins + 1)); + prev_run_size = arena_bin_run_size_calc(bin, prev_run_size); + +#ifdef MALLOC_STATS + memset(&bin->stats, 0, sizeof(malloc_bin_stats_t)); +#endif + } + + /* (2^n)-spaced sub-page bins. */ + for (; i < ntbins + nqbins + nsbins; i++) { + bin = &arena->bins[i]; + bin->runcur = NULL; + arena_run_tree_new(&bin->runs); + + bin->reg_size = (small_max << (i - (ntbins + nqbins) + 1)); + + prev_run_size = arena_bin_run_size_calc(bin, prev_run_size); + +#ifdef MALLOC_STATS + memset(&bin->stats, 0, sizeof(malloc_bin_stats_t)); +#endif + } + +#if defined(MALLOC_DEBUG) || defined(MOZ_JEMALLOC_HARD_ASSERTS) + arena->magic = ARENA_MAGIC; +#endif + + return (false); +} + +/* Create a new arena and insert it into the arenas array at index ind. */ +static arena_t * +arenas_extend(unsigned ind) +{ + arena_t *ret; + + /* Allocate enough space for trailing bins. */ + ret = (arena_t *)base_alloc(sizeof(arena_t) + + (sizeof(arena_bin_t) * (ntbins + nqbins + nsbins - 1))); + if (ret != NULL && arena_new(ret) == false) { + arenas[ind] = ret; + return (ret); + } + /* Only reached if there is an OOM error. */ + + /* + * OOM here is quite inconvenient to propagate, since dealing with it + * would require a check for failure in the fast path. Instead, punt + * by using arenas[0]. In practice, this is an extremely unlikely + * failure. + */ + _malloc_message(_getprogname(), + ": (malloc) Error initializing arena\n", "", ""); + if (opt_abort) + abort(); + + return (arenas[0]); +} + +/* + * End arena. + */ +/******************************************************************************/ +/* + * Begin general internal functions. + */ + +static void * +huge_malloc(size_t size, bool zero) +{ + return huge_palloc(size, chunksize, zero); +} + +static void * +huge_palloc(size_t size, size_t alignment, bool zero) +{ + void *ret; + size_t csize; + size_t psize; + extent_node_t *node; + + /* Allocate one or more contiguous chunks for this request. */ + + csize = CHUNK_CEILING(size); + if (csize == 0) { + /* size is large enough to cause size_t wrap-around. */ + return (NULL); + } + + /* Allocate an extent node with which to track the chunk. */ + node = base_node_alloc(); + if (node == NULL) + return (NULL); + + ret = chunk_alloc(csize, alignment, false, zero); + if (ret == NULL) { + base_node_dealloc(node); + return (NULL); + } + + /* Insert node into huge. */ + node->addr = ret; + psize = PAGE_CEILING(size); + node->size = psize; + + malloc_mutex_lock(&huge_mtx); + extent_tree_ad_insert(&huge, node); +#ifdef MALLOC_STATS + huge_nmalloc++; + + /* Although we allocated space for csize bytes, we indicate that we've + * allocated only psize bytes. + * + * If DECOMMIT is defined, this is a reasonable thing to do, since + * we'll explicitly decommit the bytes in excess of psize. + * + * If DECOMMIT is not defined, then we're relying on the OS to be lazy + * about how it allocates physical pages to mappings. If we never + * touch the pages in excess of psize, the OS won't allocate a physical + * page, and we won't use more than psize bytes of physical memory. + * + * A correct program will only touch memory in excess of how much it + * requested if it first calls malloc_usable_size and finds out how + * much space it has to play with. But because we set node->size = + * psize above, malloc_usable_size will return psize, not csize, and + * the program will (hopefully) never touch bytes in excess of psize. + * Thus those bytes won't take up space in physical memory, and we can + * reasonably claim we never "allocated" them in the first place. */ + huge_allocated += psize; + huge_mapped += csize; +#endif + malloc_mutex_unlock(&huge_mtx); + +#ifdef MALLOC_DECOMMIT + if (csize - psize > 0) + pages_decommit((void *)((uintptr_t)ret + psize), csize - psize); +#endif + +#ifdef MALLOC_FILL + if (zero == false) { + if (opt_junk) +# ifdef MALLOC_DECOMMIT + memset(ret, 0xe4, psize); +# else + memset(ret, 0xe4, csize); +# endif + else if (opt_zero) +# ifdef MALLOC_DECOMMIT + memset(ret, 0, psize); +# else + memset(ret, 0, csize); +# endif + } +#endif + + return (ret); +} + +static void * +huge_ralloc(void *ptr, size_t size, size_t oldsize) +{ + void *ret; + size_t copysize; + + /* Avoid moving the allocation if the size class would not change. */ + + if (oldsize > arena_maxclass && + CHUNK_CEILING(size) == CHUNK_CEILING(oldsize)) { + size_t psize = PAGE_CEILING(size); +#ifdef MALLOC_FILL + if (opt_poison && size < oldsize) { + memset((void *)((uintptr_t)ptr + size), 0xe5, oldsize + - size); + } +#endif +#ifdef MALLOC_DECOMMIT + if (psize < oldsize) { + extent_node_t *node, key; + + pages_decommit((void *)((uintptr_t)ptr + psize), + oldsize - psize); + + /* Update recorded size. */ + malloc_mutex_lock(&huge_mtx); + key.addr = __DECONST(void *, ptr); + node = extent_tree_ad_search(&huge, &key); + assert(node != NULL); + assert(node->size == oldsize); +# ifdef MALLOC_STATS + huge_allocated -= oldsize - psize; + /* No need to change huge_mapped, because we didn't + * (un)map anything. */ +# endif + node->size = psize; + malloc_mutex_unlock(&huge_mtx); + } else if (psize > oldsize) { + pages_commit((void *)((uintptr_t)ptr + oldsize), + psize - oldsize); + } +#endif + + /* Although we don't have to commit or decommit anything if + * DECOMMIT is not defined and the size class didn't change, we + * do need to update the recorded size if the size increased, + * so malloc_usable_size doesn't return a value smaller than + * what was requested via realloc(). */ + + if (psize > oldsize) { + /* Update recorded size. */ + extent_node_t *node, key; + malloc_mutex_lock(&huge_mtx); + key.addr = __DECONST(void *, ptr); + node = extent_tree_ad_search(&huge, &key); + assert(node != NULL); + assert(node->size == oldsize); +# ifdef MALLOC_STATS + huge_allocated += psize - oldsize; + /* No need to change huge_mapped, because we didn't + * (un)map anything. */ +# endif + node->size = psize; + malloc_mutex_unlock(&huge_mtx); + } + +#ifdef MALLOC_FILL + if (opt_zero && size > oldsize) { + memset((void *)((uintptr_t)ptr + oldsize), 0, size + - oldsize); + } +#endif + return (ptr); + } + + /* + * If we get here, then size and oldsize are different enough that we + * need to use a different size class. In that case, fall back to + * allocating new space and copying. + */ + ret = huge_malloc(size, false); + if (ret == NULL) + return (NULL); + + copysize = (size < oldsize) ? size : oldsize; +#ifdef VM_COPY_MIN + if (copysize >= VM_COPY_MIN) + pages_copy(ret, ptr, copysize); + else +#endif + memcpy(ret, ptr, copysize); + idalloc(ptr); + return (ret); +} + +static void +huge_dalloc(void *ptr) +{ + extent_node_t *node, key; + + malloc_mutex_lock(&huge_mtx); + + /* Extract from tree of huge allocations. */ + key.addr = ptr; + node = extent_tree_ad_search(&huge, &key); + assert(node != NULL); + assert(node->addr == ptr); + extent_tree_ad_remove(&huge, node); + +#ifdef MALLOC_STATS + huge_ndalloc++; + huge_allocated -= node->size; + huge_mapped -= CHUNK_CEILING(node->size); +#endif + + malloc_mutex_unlock(&huge_mtx); + + /* Unmap chunk. */ + chunk_dealloc(node->addr, CHUNK_CEILING(node->size)); + + base_node_dealloc(node); +} + +/* + * Platform-specific methods to determine the number of CPUs in a system. + * This will be used to determine the desired number of arenas. + */ +#if (defined(MOZ_MEMORY_LINUX)) +#include <fcntl.h> + +static inline unsigned +malloc_ncpus(void) +{ + unsigned ret; + int fd, nread, column; + char buf[1024]; + static const char matchstr[] = "processor\t:"; + int i; + + /* + * sysconf(3) would be the preferred method for determining the number + * of CPUs, but it uses malloc internally, which causes untennable + * recursion during malloc initialization. + */ + fd = open("/proc/cpuinfo", O_RDONLY); + if (fd == -1) + return (1); /* Error. */ + /* + * Count the number of occurrences of matchstr at the beginnings of + * lines. This treats hyperthreaded CPUs as multiple processors. + */ + column = 0; + ret = 0; + while (true) { + nread = read(fd, &buf, sizeof(buf)); + if (nread <= 0) + break; /* EOF or error. */ + for (i = 0;i < nread;i++) { + char c = buf[i]; + if (c == '\n') + column = 0; + else if (column != -1) { + if (c == matchstr[column]) { + column++; + if (column == sizeof(matchstr) - 1) { + column = -1; + ret++; + } + } else + column = -1; + } + } + } + + if (ret == 0) + ret = 1; /* Something went wrong in the parser. */ + close(fd); + + return (ret); +} +#elif (defined(MOZ_MEMORY_DARWIN)) +#include <mach/mach_init.h> +#include <mach/mach_host.h> + +static inline unsigned +malloc_ncpus(void) +{ + kern_return_t error; + natural_t n; + processor_info_array_t pinfo; + mach_msg_type_number_t pinfocnt; + + error = host_processor_info(mach_host_self(), PROCESSOR_BASIC_INFO, + &n, &pinfo, &pinfocnt); + if (error != KERN_SUCCESS) + return (1); /* Error. */ + else + return (n); +} +#elif (defined(MOZ_MEMORY_SOLARIS) || defined(MOZ_MEMORY_BSD)) +static inline unsigned +malloc_ncpus(void) +{ + return sysconf(_SC_NPROCESSORS_ONLN); +} +#elif (defined(MOZ_MEMORY_WINDOWS)) +static inline unsigned +malloc_ncpus(void) +{ + SYSTEM_INFO info; + + GetSystemInfo(&info); + return (info.dwNumberOfProcessors); +} +#else +static inline unsigned +malloc_ncpus(void) +{ + /* + * We lack a way to determine the number of CPUs on this platform, so + * assume 1 CPU. + */ + return (1); +} +#endif + +static void +malloc_print_stats(void) +{ + + if (opt_print_stats) { + char s[UMAX2S_BUFSIZE]; + _malloc_message("___ Begin malloc statistics ___\n", "", "", + ""); + _malloc_message("Assertions ", +#ifdef NDEBUG + "disabled", +#else + "enabled", +#endif + "\n", ""); + _malloc_message("Boolean MALLOC_OPTIONS: ", + opt_abort ? "A" : "a", "", ""); +#ifdef MALLOC_FILL + _malloc_message(opt_poison ? "C" : "c", "", "", ""); + _malloc_message(opt_junk ? "J" : "j", "", "", ""); +#endif + _malloc_message("P", "", "", ""); +#ifdef MALLOC_SYSV + _malloc_message(opt_sysv ? "V" : "v", "", "", ""); +#endif +#ifdef MALLOC_XMALLOC + _malloc_message(opt_xmalloc ? "X" : "x", "", "", ""); +#endif +#ifdef MALLOC_FILL + _malloc_message(opt_zero ? "Z" : "z", "", "", ""); +#endif + _malloc_message("\n", "", "", ""); + +#ifndef MOZ_MEMORY_NARENAS_DEFAULT_ONE + _malloc_message("CPUs: ", umax2s(ncpus, 10, s), "\n", ""); +#endif + _malloc_message("Max arenas: ", umax2s(narenas, 10, s), "\n", + ""); + _malloc_message("Pointer size: ", umax2s(sizeof(void *), 10, s), + "\n", ""); + _malloc_message("Quantum size: ", umax2s(quantum, 10, s), "\n", + ""); + _malloc_message("Max small size: ", umax2s(small_max, 10, s), + "\n", ""); + _malloc_message("Max dirty pages per arena: ", + umax2s(opt_dirty_max, 10, s), "\n", ""); + + _malloc_message("Chunk size: ", umax2s(chunksize, 10, s), "", + ""); + _malloc_message(" (2^", umax2s(opt_chunk_2pow, 10, s), ")\n", + ""); + +#ifdef MALLOC_STATS + { + size_t allocated, mapped = 0; + unsigned i; + arena_t *arena; + + /* Calculate and print allocated/mapped stats. */ + + /* arenas. */ + for (i = 0, allocated = 0; i < narenas; i++) { + if (arenas[i] != NULL) { + malloc_spin_lock(&arenas[i]->lock); + allocated += + arenas[i]->stats.allocated_small; + allocated += + arenas[i]->stats.allocated_large; + mapped += arenas[i]->stats.mapped; + malloc_spin_unlock(&arenas[i]->lock); + } + } + + /* huge/base. */ + malloc_mutex_lock(&huge_mtx); + allocated += huge_allocated; + mapped += huge_mapped; + malloc_mutex_unlock(&huge_mtx); + + malloc_mutex_lock(&base_mtx); + mapped += base_mapped; + malloc_mutex_unlock(&base_mtx); + +#ifdef MOZ_MEMORY_WINDOWS + malloc_printf("Allocated: %lu, mapped: %lu\n", + allocated, mapped); +#else + malloc_printf("Allocated: %zu, mapped: %zu\n", + allocated, mapped); +#endif + + /* Print chunk stats. */ + malloc_printf( + "huge: nmalloc ndalloc allocated\n"); +#ifdef MOZ_MEMORY_WINDOWS + malloc_printf(" %12llu %12llu %12lu\n", + huge_nmalloc, huge_ndalloc, huge_allocated); +#else + malloc_printf(" %12llu %12llu %12zu\n", + huge_nmalloc, huge_ndalloc, huge_allocated); +#endif + /* Print stats for each arena. */ + for (i = 0; i < narenas; i++) { + arena = arenas[i]; + if (arena != NULL) { + malloc_printf( + "\narenas[%u]:\n", i); + malloc_spin_lock(&arena->lock); + stats_print(arena); + malloc_spin_unlock(&arena->lock); + } + } + } +#endif /* #ifdef MALLOC_STATS */ + _malloc_message("--- End malloc statistics ---\n", "", "", ""); + } +} + + +#if (defined(MOZ_MEMORY_WINDOWS) || defined(MOZ_MEMORY_DARWIN)) +#define malloc_init() false +#else +static inline bool +malloc_init(void) +{ + if (malloc_initialized == false) + return (malloc_init_hard()); + + return (false); +} +#endif + + +#ifdef __FreeBSD__ +// There are several problematic interactions between FreeBSD's libthr and this +// jemalloc. +// +// 1. This malloc calls pthread_mutex_init at init, but in libthr this triggers +// an allocation, causing an infinite recursion. +// 2. Actually, this malloc assumes that lock initialization never triggers a +// memory allocation, even after initialization (see 'arena_new'). +// 3. First use of a lock routine ('pthread_mutex_lock') in libthr triggers +// initialization of the process as a multi-threaded process. Unfortunately, +// libthr calls regular malloc as part of this bootstrap process. +// +// If there was no problem 3, we could have resolved this easily by using +// constant mutex initializers, since then libthr's uses its own internal +// allocator instead of regular malloc (this appears to have been the case for +// years now). However, problem 3 requires this malloc to provide some memory +// at places where it is not able to, so we need a way to divert standard +// allocator functions to some simple bootstrap allocator. And once we have +// done this, using constant mutex initializers looses most of its appeal, +// because allocations for problems 1 & 2 can be fulfilled by the simple +// allocator as well, without the drawback of being dependent on libthr's +// specific behavior. +// +// Since the init lock controls the 'malloc_initialized' flag, it is not +// possible to reliably check whether jemalloc is initialized in the case of +// multiple threads with the given tools (pthread cannot be used yet, but +// mutual exclusion is required). One solution would be to code simple +// user-space locks for this (e.g., spinlocks using GCC's builtins). But an +// even "simpler" solution is in fact to just remove the lock, on the ground +// that there must be some memory allocation before multithreading is enabled, +// so jemalloc is in fact always initialized before that point. And if there +// is not, we'll provoke it. +// +// At some point, I implemented a solution using __constructor__, as +// 'jemalloc_darwin_init', and tweaked the build so that it is included in +// executables (in platform/build/gecko_templates.mozbuild). But this was not +// enough: Clearly it could happen that some other library would be initialized +// before jemalloc, calling malloc in its contructor. Could have tried to work +// around this with constructor priorities, but this seemed fragile as well. So +// in the end, I kept the calls to 'malloc_init' from the interface's +// functions, and had to introduce 'malloc_initializing' to know when (part of +// the) calls should be diverted. I finally kept the constructor as well, just +// to absolutely guarantee that jemalloc is initialized during executable load, +// that is to say, before multi-threading happens, in case initialization in +// libthr or glib is removed at some point. It just doesn't call +// 'malloc_init_hard', contrary to Darwin's, but 'malloc_init' (because +// jemalloc normally has already been initialized at this point). +// +// During lock initialization, malloc is temporarily diverted to the bootstrap +// allocator to avoid harmful recursion. This is achieved using a flag +// indicating whether lock initialization is under way (in order to work also +// after malloc_init_hard() has completed). The flag *must* be per-thread, +// because creation of new arenas, which causes creation of new locks, can +// happen at unpredictable moments after multi-threading has been enabled (and +// malloc has been initialized), which means concurrent allocation requests can +// occur, and must not all be diverted. With this flag in place, and an +// additional change to ensure that libthr's multi-thread init is indeed done +// during mutex init (through 'pthread_lock_mutex'), there was no need to keep +// the 'malloc_initializing' flag (see previous paragraph). +// +// The most likely change this whole architecture is not immune to would be if +// jemalloc starts initializing new locks after malloc_init_hard() has finished +// but not under an existing lock (new arena's lock is currently initialized +// under the arenas lock), because bootstrap allocator functions are not +// thread-safe per se. If this happens, then a very simple spinlock +// implementation on top of GCC's atomics will be in order. But I don't think +// this is very likely to happen. + +// Diverts key (de)allocation functions when jemalloc's mutexes are +// initializing (malloc_init_hard(), but also arena_new() and +// malloc_rtree_new(), as of this writing). +#define BA_DIVERT(code) \ + do { \ + if (in_mutex_init) { \ + code; \ + } \ + } while (0) + + +// Bootstrap allocator +// +// It is not FreeBSD-specific, and could be used by any POSIX-compliant +// platform if needed. +// +// Allocates one page at a time (relies on 'pagesize' as defined above in this +// file), and returns memory from it. Does not accept allocations larger than a +// single page (minus alignment). Will waste space at end of pages. Never frees +// memory. +// +// All these constraints are not a problem, since this allocator is meant to +// serve only some requests at initialization (no more than a few kB). + +// Number of really allocated bytes +static size_t ba_allocated_bn = 0; + +// Number of requested bytes +static size_t ba_requested_bn = 0; + +// Current address we are allocating from, or NULL if a new page has to be +// allocated. +static void *ba_cur_free = NULL; + + +static void ba_alloc_new_page() +{ + ba_cur_free = mmap(NULL, pagesize, PROT_READ | PROT_WRITE, + MAP_ANON | MAP_PRIVATE, -1, 0); + if (ba_cur_free == MAP_FAILED) + abort(); + + ba_allocated_bn += pagesize; +} + +// Returns the offset to point to have point a multiple of alignment +static size_t +ba_offset_to_aligned(uintptr_t point, size_t alignment) { + if (alignment != 0) { + size_t rest = point % alignment; + + if (rest != 0) + return alignment - rest; + } + + return 0; +} + +static void * ba_memalign(size_t alignment, size_t size) +{ + // We don't care about alignment being a power of 2, nor pagesize. Code + // below supports everything, provided that alignment divides the page + // size. + + // Impose cache-line size minimum alignment, so that there is no cache + // trashing between fundamental structures. + if (alignment < CACHELINE) + alignment = CACHELINE; + + if (size > pagesize || + alignment > pagesize || + size + alignment > pagesize || + pagesize % alignment != 0) + abort(); + + // Address to be returned + uintptr_t cur_free; + + // Allocate a new page if no current page (startup or previous one was + // exhausted) or there is not enough remaining space in it. + + if (ba_cur_free == NULL) { + // No current page + ba_alloc_new_page(); + cur_free = (uintptr_t)ba_cur_free; + } else { + cur_free = (uintptr_t)ba_cur_free; + + uintptr_t off = cur_free % pagesize; + uintptr_t al_off = ba_offset_to_aligned(off, alignment); + + if (off + al_off + size > pagesize) { + // Not enough room. Need a new page. + ba_alloc_new_page(); + cur_free = (uintptr_t)ba_cur_free; + } else + // Account for alignment + cur_free += al_off; + } + + // Compute the next free address + uintptr_t next_free = cur_free + size; + if (next_free % pagesize == 0 && size != 0) + next_free = 0; + + // Set it + ba_cur_free = (void *)next_free; + + // Stats + ba_requested_bn += size; + + // Done + return (void *)cur_free; +} + +static void * ba_malloc(size_t size) +{ + // 64-bit alignment by default. ba_memalign imposes an even greater + // alignment anyway. + return ba_memalign(8, size); +} + +static void * ba_calloc(size_t number, size_t size) +{ + size_t const bn = number * size; + + if ((bn < number || bn < size) && bn != 0) + // Overflow + abort(); + + void * const res = ba_malloc(bn); + memset(res, 0, bn); + return res; +} + +static void ba_free(void * ptr) { +#ifdef MALLOC_DEBUG + malloc_printf("Bootstrap allocator: Request to free at %p\n", ptr); +#endif + + // Do nothing + return; +} + +#ifdef MALLOC_STATS +static void ba_print_stats() { + malloc_printf("Bootstrap allocator: %zu bytes requested, " + "%zu allocated\n", + ba_requested_bn, ba_allocated_bn); +} +#endif + + +__attribute__((constructor)) +void +jemalloc_FreeBSD_init(void) +{ + if (malloc_init()) + abort(); +} +#endif // #ifdef __FreeBSD__ + + +#if !defined(MOZ_MEMORY_WINDOWS) +static +#endif +bool +malloc_init_hard(void) +{ + unsigned i; + char buf[PATH_MAX + 1]; + const char *opts; + long result; +#ifndef MOZ_MEMORY_WINDOWS + int linklen; +#endif +#ifdef MOZ_MEMORY_DARWIN + malloc_zone_t* default_zone; +#endif + +#if !(defined(MOZ_MEMORY_WINDOWS) || defined(__FreeBSD__)) + malloc_mutex_lock(&init_lock); +#endif + + if (malloc_initialized) { + /* + * Another thread initialized the allocator before this one + * acquired init_lock. + */ +#if !(defined(MOZ_MEMORY_WINDOWS) || defined(__FreeBSD__)) + malloc_mutex_unlock(&init_lock); +#endif + return (false); + } + +#ifdef MOZ_MEMORY_WINDOWS + /* get a thread local storage index */ + tlsIndex = TlsAlloc(); +#endif + + /* Get page size and number of CPUs */ +#ifdef MOZ_MEMORY_WINDOWS + { + SYSTEM_INFO info; + + GetSystemInfo(&info); + result = info.dwPageSize; + } +#else + result = sysconf(_SC_PAGESIZE); + assert(result != -1); +#endif + +#ifndef MOZ_MEMORY_NARENAS_DEFAULT_ONE + ncpus = malloc_ncpus(); +#endif + + /* We assume that the page size is a power of 2. */ + assert(((result - 1) & result) == 0); +#ifdef MALLOC_STATIC_SIZES + if (pagesize % (size_t) result) { + _malloc_message(_getprogname(), + "Compile-time page size does not divide the runtime one.\n", + "", ""); + abort(); + } +#else + pagesize = (size_t) result; + pagesize_mask = (size_t) result - 1; + pagesize_2pow = ffs((int)result) - 1; +#endif + + for (i = 0; i < 3; i++) { + unsigned j; + + /* Get runtime configuration. */ + switch (i) { + case 0: +#ifndef MOZ_MEMORY_WINDOWS + if ((linklen = readlink("/etc/malloc.conf", buf, + sizeof(buf) - 1)) != -1) { + /* + * Use the contents of the "/etc/malloc.conf" + * symbolic link's name. + */ + buf[linklen] = '\0'; + opts = buf; + } else +#endif + { + /* No configuration specified. */ + buf[0] = '\0'; + opts = buf; + } + break; + case 1: + if ((opts = getenv("MALLOC_OPTIONS")) != NULL) { + /* + * Do nothing; opts is already initialized to + * the value of the MALLOC_OPTIONS environment + * variable. + */ + } else { + /* No configuration specified. */ + buf[0] = '\0'; + opts = buf; + } + break; + case 2: + if (_malloc_options != NULL) { + /* + * Use options that were compiled into the + * program. + */ + opts = _malloc_options; + } else { + /* No configuration specified. */ + buf[0] = '\0'; + opts = buf; + } + break; + default: + /* NOTREACHED */ + buf[0] = '\0'; + opts = buf; + assert(false); + } + + for (j = 0; opts[j] != '\0'; j++) { + unsigned k, nreps; + bool nseen; + + /* Parse repetition count, if any. */ + for (nreps = 0, nseen = false;; j++, nseen = true) { + switch (opts[j]) { + case '0': case '1': case '2': case '3': + case '4': case '5': case '6': case '7': + case '8': case '9': + nreps *= 10; + nreps += opts[j] - '0'; + break; + default: + goto MALLOC_OUT; + } + } +MALLOC_OUT: + if (nseen == false) + nreps = 1; + + for (k = 0; k < nreps; k++) { + switch (opts[j]) { + case 'a': + opt_abort = false; + break; + case 'A': + opt_abort = true; + break; + case 'b': + case 'B': + // Balancing option is ignored + break; +#ifdef MALLOC_FILL +#ifndef MALLOC_PRODUCTION + case 'c': + opt_poison = false; + break; + case 'C': + opt_poison = true; + break; +#endif +#endif + case 'f': + opt_dirty_max >>= 1; + break; + case 'F': + if (opt_dirty_max == 0) + opt_dirty_max = 1; + else if ((opt_dirty_max << 1) != 0) + opt_dirty_max <<= 1; + break; +#ifdef MALLOC_FILL +#ifndef MALLOC_PRODUCTION + case 'j': + opt_junk = false; + break; + case 'J': + opt_junk = true; + break; +#endif +#endif +#ifndef MALLOC_STATIC_SIZES + case 'k': + /* + * Chunks always require at least one + * header page, so chunks can never be + * smaller than two pages. + */ + if (opt_chunk_2pow > pagesize_2pow + 1) + opt_chunk_2pow--; + break; + case 'K': + if (opt_chunk_2pow + 1 < + (sizeof(size_t) << 3)) + opt_chunk_2pow++; + break; +#endif + case 'n': + opt_narenas_lshift--; + break; + case 'N': + opt_narenas_lshift++; + break; + case 'p': + opt_print_stats = false; + break; + case 'P': + opt_print_stats = true; + break; +#ifndef MALLOC_STATIC_SIZES + case 'q': + if (opt_quantum_2pow > QUANTUM_2POW_MIN) + opt_quantum_2pow--; + break; + case 'Q': + if (opt_quantum_2pow < pagesize_2pow - + 1) + opt_quantum_2pow++; + break; + case 's': + if (opt_small_max_2pow > + QUANTUM_2POW_MIN) + opt_small_max_2pow--; + break; + case 'S': + if (opt_small_max_2pow < pagesize_2pow + - 1) + opt_small_max_2pow++; + break; +#endif +#ifdef MALLOC_SYSV + case 'v': + opt_sysv = false; + break; + case 'V': + opt_sysv = true; + break; +#endif +#ifdef MALLOC_XMALLOC + case 'x': + opt_xmalloc = false; + break; + case 'X': + opt_xmalloc = true; + break; +#endif +#ifdef MALLOC_FILL +#ifndef MALLOC_PRODUCTION + case 'z': + opt_zero = false; + break; + case 'Z': + opt_zero = true; + break; +#endif +#endif + default: { + char cbuf[2]; + + cbuf[0] = opts[j]; + cbuf[1] = '\0'; + _malloc_message(_getprogname(), + ": (malloc) Unsupported character " + "in malloc options: '", cbuf, + "'\n"); + } + } + } + } + } + + /* Take care to call atexit() only once. */ + if (opt_print_stats) { +#ifndef MOZ_MEMORY_WINDOWS + /* Print statistics at exit. */ + atexit(malloc_print_stats); +#endif + } + +#ifndef MALLOC_STATIC_SIZES + /* Set variables according to the value of opt_small_max_2pow. */ + if (opt_small_max_2pow < opt_quantum_2pow) + opt_small_max_2pow = opt_quantum_2pow; + small_max = (1U << opt_small_max_2pow); + + /* Set bin-related variables. */ + bin_maxclass = (pagesize >> 1); + assert(opt_quantum_2pow >= TINY_MIN_2POW); + ntbins = opt_quantum_2pow - TINY_MIN_2POW; + assert(ntbins <= opt_quantum_2pow); + nqbins = (small_max >> opt_quantum_2pow); + nsbins = pagesize_2pow - opt_small_max_2pow - 1; + + /* Set variables according to the value of opt_quantum_2pow. */ + quantum = (1U << opt_quantum_2pow); + quantum_mask = quantum - 1; + if (ntbins > 0) + small_min = (quantum >> 1) + 1; + else + small_min = 1; + assert(small_min <= quantum); + + /* Set variables according to the value of opt_chunk_2pow. */ + chunksize = (1LU << opt_chunk_2pow); + chunksize_mask = chunksize - 1; + chunk_npages = (chunksize >> pagesize_2pow); + + arena_chunk_header_npages = calculate_arena_header_pages(); + arena_maxclass = calculate_arena_maxclass(); + + recycle_limit = CHUNK_RECYCLE_LIMIT * chunksize; +#endif + + recycled_size = 0; + + /* Various sanity checks that regard configuration. */ + assert(quantum >= sizeof(void *)); + assert(quantum <= pagesize); + assert(chunksize >= pagesize); + assert(quantum * 4 <= chunksize); + + /* Initialize chunks data. */ + malloc_mutex_init(&chunks_mtx); + extent_tree_szad_new(&chunks_szad_mmap); + extent_tree_ad_new(&chunks_ad_mmap); + + /* Initialize huge allocation data. */ + malloc_mutex_init(&huge_mtx); + extent_tree_ad_new(&huge); +#ifdef MALLOC_STATS + huge_nmalloc = 0; + huge_ndalloc = 0; + huge_allocated = 0; + huge_mapped = 0; +#endif + + /* Initialize base allocation data structures. */ +#ifdef MALLOC_STATS + base_mapped = 0; + base_committed = 0; +#endif + base_nodes = NULL; + malloc_mutex_init(&base_mtx); + +#ifdef MOZ_MEMORY_NARENAS_DEFAULT_ONE + narenas = 1; +#else + if (ncpus > 1) { + /* + * For SMP systems, create four times as many arenas as there + * are CPUs by default. + */ + opt_narenas_lshift += 2; + } + + /* Determine how many arenas to use. */ + narenas = ncpus; +#endif + if (opt_narenas_lshift > 0) { + if ((narenas << opt_narenas_lshift) > narenas) + narenas <<= opt_narenas_lshift; + /* + * Make sure not to exceed the limits of what base_alloc() can + * handle. + */ + if (narenas * sizeof(arena_t *) > chunksize) + narenas = chunksize / sizeof(arena_t *); + } else if (opt_narenas_lshift < 0) { + if ((narenas >> -opt_narenas_lshift) < narenas) + narenas >>= -opt_narenas_lshift; + /* Make sure there is at least one arena. */ + if (narenas == 0) + narenas = 1; + } + +#ifdef NO_TLS + if (narenas > 1) { + static const unsigned primes[] = {1, 3, 5, 7, 11, 13, 17, 19, + 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, + 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, + 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, + 223, 227, 229, 233, 239, 241, 251, 257, 263}; + unsigned nprimes, parenas; + + /* + * Pick a prime number of hash arenas that is more than narenas + * so that direct hashing of pthread_self() pointers tends to + * spread allocations evenly among the arenas. + */ + assert((narenas & 1) == 0); /* narenas must be even. */ + nprimes = (sizeof(primes) >> SIZEOF_INT_2POW); + parenas = primes[nprimes - 1]; /* In case not enough primes. */ + for (i = 1; i < nprimes; i++) { + if (primes[i] > narenas) { + parenas = primes[i]; + break; + } + } + narenas = parenas; + } +#endif + +#ifndef NO_TLS + next_arena = 0; +#endif + + /* Allocate and initialize arenas. */ + arenas = (arena_t **)base_alloc(sizeof(arena_t *) * narenas); + if (arenas == NULL) { +#if !(defined(MOZ_MEMORY_WINDOWS) || defined(__FreeBSD__)) + malloc_mutex_unlock(&init_lock); +#endif + return (true); + } + /* + * Zero the array. In practice, this should always be pre-zeroed, + * since it was just mmap()ed, but let's be sure. + */ + memset(arenas, 0, sizeof(arena_t *) * narenas); + + /* + * Initialize one arena here. The rest are lazily created in + * choose_arena_hard(). + */ + arenas_extend(0); + if (arenas[0] == NULL) { +#if !(defined(MOZ_MEMORY_WINDOWS) || defined(__FreeBSD__)) + malloc_mutex_unlock(&init_lock); +#endif + return (true); + } +#ifndef NO_TLS + /* + * Assign the initial arena to the initial thread, in order to avoid + * spurious creation of an extra arena if the application switches to + * threaded mode. + */ +#ifdef MOZ_MEMORY_WINDOWS + TlsSetValue(tlsIndex, arenas[0]); +#else + arenas_map = arenas[0]; +#endif +#endif + + malloc_spin_init(&arenas_lock); + + chunk_rtree = malloc_rtree_new((SIZEOF_PTR << 3) - opt_chunk_2pow); + if (chunk_rtree == NULL) + return (true); + + malloc_initialized = true; + +#if !defined(MOZ_MEMORY_WINDOWS) && !defined(MOZ_MEMORY_DARWIN) + /* Prevent potential deadlock on malloc locks after fork. */ + pthread_atfork(_malloc_prefork, _malloc_postfork, _malloc_postfork); +#endif + +#if defined(MOZ_MEMORY_DARWIN) && !defined(MOZ_REPLACE_MALLOC) + /* + * Overwrite the default memory allocator to use jemalloc everywhere. + */ + default_zone = malloc_default_zone(); + + /* + * We only use jemalloc with MacOS 10.6 and 10.7. jemalloc is disabled + * on 32-bit builds (10.5 and 32-bit 10.6) due to bug 702250, an + * apparent MacOS bug. In fact, this code isn't even compiled on + * 32-bit builds. + * + * We'll have to update our code to work with newer versions, because + * the malloc zone layout is likely to change. + */ + + osx_use_jemalloc = (default_zone->version == SNOW_LEOPARD_MALLOC_ZONE_T_VERSION || + default_zone->version == LION_MALLOC_ZONE_T_VERSION); + + /* Allow us dynamically turn off jemalloc for testing. */ + if (getenv("NO_MAC_JEMALLOC")) { + osx_use_jemalloc = false; +#ifdef __i386__ + malloc_printf("Warning: NO_MAC_JEMALLOC has no effect on " + "i386 machines (such as this one).\n"); +#endif + } + + if (osx_use_jemalloc) { + /* + * Convert the default szone to an "overlay zone" that is capable + * of deallocating szone-allocated objects, but allocating new + * objects from jemalloc. + */ + size_t size = zone_version_size(default_zone->version); + szone2ozone(default_zone, size); + } + else { + szone = default_zone; + } +#endif + +#if defined(__FreeBSD__) && defined(MALLOC_STATS) + malloc_printf("Bootstrap allocator: malloc_init_hard stats:\n"); + ba_print_stats(); +#endif + +#if !(defined(MOZ_MEMORY_WINDOWS) || defined(__FreeBSD__)) + malloc_mutex_unlock(&init_lock); +#endif + + return (false); +} + +/* XXX Why not just expose malloc_print_stats()? */ +#ifdef MOZ_MEMORY_WINDOWS +void +malloc_shutdown() +{ + + malloc_print_stats(); +} +#endif + +/* + * End general internal functions. + */ +/******************************************************************************/ +/* + * Begin malloc(3)-compatible functions. + */ + +/* + * Even though we compile with MOZ_MEMORY, we may have to dynamically decide + * not to use jemalloc, as discussed above. However, we call jemalloc + * functions directly from mozalloc. Since it's pretty dangerous to mix the + * allocators, we need to call the OSX allocators from the functions below, + * when osx_use_jemalloc is not (dynamically) set. + * + * Note that we assume jemalloc is enabled on i386. This is safe because the + * only i386 versions of MacOS are 10.5 and 10.6, which we support. We have to + * do this because madvise isn't in the malloc zone struct for 10.5. + * + * This means that NO_MAC_JEMALLOC doesn't work on i386. + */ +#if defined(MOZ_MEMORY_DARWIN) && !defined(__i386__) && !defined(MOZ_REPLACE_MALLOC) +#define DARWIN_ONLY(A) if (!osx_use_jemalloc) { A; } +#else +#define DARWIN_ONLY(A) +#endif + +#ifdef __FreeBSD__ +#define FREEBSD_ONLY(code) code +#else +#define FREEBSD_ONLY(code) +#endif + + +MOZ_MEMORY_API void * +malloc_impl(size_t size) +{ + DARWIN_ONLY(return (szone->malloc)(szone, size)); + + FREEBSD_ONLY(BA_DIVERT(return ba_malloc(size))); + + void *ret; + + if (malloc_init()) { + ret = NULL; + goto RETURN; + } + + if (size == 0) { +#ifdef MALLOC_SYSV + if (opt_sysv == false) +#endif + size = 1; +#ifdef MALLOC_SYSV + else { + ret = NULL; + goto RETURN; + } +#endif + } + + ret = imalloc(size); + +RETURN: + if (ret == NULL) { +#ifdef MALLOC_XMALLOC + if (opt_xmalloc) { + _malloc_message(_getprogname(), + ": (malloc) Error in malloc(): out of memory\n", "", + ""); + abort(); + } +#endif + errno = ENOMEM; + } + + return (ret); +} + +/* + * In ELF systems the default visibility allows symbols to be preempted at + * runtime. This in turn prevents the uses of memalign in this file from being + * optimized. What we do in here is define two aliasing symbols (they point to + * the same code): memalign and memalign_internal. The internal version has + * hidden visibility and is used in every reference from this file. + * + * For more information on this technique, see section 2.2.7 (Avoid Using + * Exported Symbols) in http://www.akkadia.org/drepper/dsohowto.pdf. + */ + +#ifndef MOZ_REPLACE_MALLOC +#if defined(__GNUC__) && !defined(MOZ_MEMORY_DARWIN) +#define MOZ_MEMORY_ELF +#endif + +#ifdef MOZ_MEMORY_SOLARIS +# if (defined(__GNUC__)) +__attribute__((noinline)) +# endif +#else +#if (defined(MOZ_MEMORY_ELF)) +__attribute__((visibility ("hidden"))) +#endif +#endif +#endif /* MOZ_REPLACE_MALLOC */ + +#ifdef MOZ_MEMORY_ELF +#define MEMALIGN memalign_internal +#else +#define MEMALIGN memalign_impl +#endif + +#ifndef MOZ_MEMORY_ELF +MOZ_MEMORY_API +#endif +void * +MEMALIGN(size_t alignment, size_t size) +{ + DARWIN_ONLY(return (szone->memalign)(szone, alignment, size)); + + FREEBSD_ONLY(BA_DIVERT(return ba_memalign(alignment, size))); + + void *ret; + + assert(((alignment - 1) & alignment) == 0); + + if (malloc_init()) { + ret = NULL; + goto RETURN; + } + + if (size == 0) { +#ifdef MALLOC_SYSV + if (opt_sysv == false) +#endif + size = 1; +#ifdef MALLOC_SYSV + else { + ret = NULL; + goto RETURN; + } +#endif + } + + alignment = alignment < sizeof(void*) ? sizeof(void*) : alignment; + ret = ipalloc(alignment, size); + +RETURN: +#ifdef MALLOC_XMALLOC + if (opt_xmalloc && ret == NULL) { + _malloc_message(_getprogname(), + ": (malloc) Error in memalign(): out of memory\n", "", ""); + abort(); + } +#endif + return (ret); +} + +#ifdef MOZ_MEMORY_ELF +extern void * +memalign_impl(size_t alignment, size_t size) __attribute__((alias ("memalign_internal"), visibility ("default"))); +#endif + +MOZ_MEMORY_API int +posix_memalign_impl(void **memptr, size_t alignment, size_t size) +{ + void *result; + + /* Make sure that alignment is a large enough power of 2. */ + if (((alignment - 1) & alignment) != 0 || alignment < sizeof(void *)) { +#ifdef MALLOC_XMALLOC + if (opt_xmalloc) { + _malloc_message(_getprogname(), + ": (malloc) Error in posix_memalign(): " + "invalid alignment\n", "", ""); + abort(); + } +#endif + return (EINVAL); + } + + /* The 0-->1 size promotion is done in the memalign() call below */ + + result = MEMALIGN(alignment, size); + + if (result == NULL) + return (ENOMEM); + + *memptr = result; + return (0); +} + +MOZ_MEMORY_API void * +aligned_alloc_impl(size_t alignment, size_t size) +{ + if (size % alignment) { +#ifdef MALLOC_XMALLOC + if (opt_xmalloc) { + _malloc_message(_getprogname(), + ": (malloc) Error in aligned_alloc(): " + "size is not multiple of alignment\n", "", ""); + abort(); + } +#endif + return (NULL); + } + return MEMALIGN(alignment, size); +} + +MOZ_MEMORY_API void * +valloc_impl(size_t size) +{ + return (MEMALIGN(pagesize, size)); +} + +MOZ_MEMORY_API void * +calloc_impl(size_t num, size_t size) +{ + DARWIN_ONLY(return (szone->calloc)(szone, num, size)); + + FREEBSD_ONLY(BA_DIVERT(return ba_calloc(num, size))); + + void *ret; + size_t num_size; + + if (malloc_init()) { + num_size = 0; + ret = NULL; + goto RETURN; + } + + num_size = num * size; + if (num_size == 0) { +#ifdef MALLOC_SYSV + if ((opt_sysv == false) && ((num == 0) || (size == 0))) +#endif + num_size = 1; +#ifdef MALLOC_SYSV + else { + ret = NULL; + goto RETURN; + } +#endif + /* + * Try to avoid division here. We know that it isn't possible to + * overflow during multiplication if neither operand uses any of the + * most significant half of the bits in a size_t. + */ + } else if (((num | size) & (SIZE_T_MAX << (sizeof(size_t) << 2))) + && (num_size / size != num)) { + /* size_t overflow. */ + ret = NULL; + goto RETURN; + } + + ret = icalloc(num_size); + +RETURN: + if (ret == NULL) { +#ifdef MALLOC_XMALLOC + if (opt_xmalloc) { + _malloc_message(_getprogname(), + ": (malloc) Error in calloc(): out of memory\n", "", + ""); + abort(); + } +#endif + errno = ENOMEM; + } + + return (ret); +} + +MOZ_MEMORY_API void * +realloc_impl(void *ptr, size_t size) +{ + void *ret; + + DARWIN_ONLY(return (szone->realloc)(szone, ptr, size)); + + if (size == 0) { +#ifdef MALLOC_SYSV + if (opt_sysv == false) +#endif + size = 1; +#ifdef MALLOC_SYSV + else { + if (ptr != NULL) + idalloc(ptr); + ret = NULL; + goto RETURN; + } +#endif + } + + if (ptr != NULL) { + assert(malloc_initialized); + + ret = iralloc(ptr, size); + + if (ret == NULL) { +#ifdef MALLOC_XMALLOC + if (opt_xmalloc) { + _malloc_message(_getprogname(), + ": (malloc) Error in realloc(): out of " + "memory\n", "", ""); + abort(); + } +#endif + errno = ENOMEM; + } + } else { + if (malloc_init()) + ret = NULL; + else + ret = imalloc(size); + + if (ret == NULL) { +#ifdef MALLOC_XMALLOC + if (opt_xmalloc) { + _malloc_message(_getprogname(), + ": (malloc) Error in realloc(): out of " + "memory\n", "", ""); + abort(); + } +#endif + errno = ENOMEM; + } + } + +#ifdef MALLOC_SYSV +RETURN: +#endif + return (ret); +} + +MOZ_MEMORY_API void +free_impl(void *ptr) +{ + DARWIN_ONLY((szone->free)(szone, ptr); return); + + FREEBSD_ONLY(BA_DIVERT(return ba_free(ptr))); + + size_t offset; + + /* + * A version of idalloc that checks for NULL pointer but only for + * huge allocations assuming that CHUNK_ADDR2OFFSET(NULL) == 0. + */ + assert(CHUNK_ADDR2OFFSET(NULL) == 0); + offset = CHUNK_ADDR2OFFSET(ptr); + if (offset != 0) + arena_dalloc(ptr, offset); + else if (ptr != NULL) + huge_dalloc(ptr); +} + +/* + * End malloc(3)-compatible functions. + */ +/******************************************************************************/ +/* + * Begin non-standard functions. + */ + +/* This was added by Mozilla for use by SQLite. */ +#if defined(MOZ_MEMORY_DARWIN) && !defined(MOZ_REPLACE_MALLOC) +static +#else +MOZ_MEMORY_API +#endif +size_t +malloc_good_size_impl(size_t size) +{ + /* + * This duplicates the logic in imalloc(), arena_malloc() and + * arena_malloc_small(). + */ + if (size < small_min) { + /* Small (tiny). */ + size = pow2_ceil(size); + /* + * We omit the #ifdefs from arena_malloc_small() -- + * it can be inaccurate with its size in some cases, but this + * function must be accurate. + */ + if (size < (1U << TINY_MIN_2POW)) + size = (1U << TINY_MIN_2POW); + } else if (size <= small_max) { + /* Small (quantum-spaced). */ + size = QUANTUM_CEILING(size); + } else if (size <= bin_maxclass) { + /* Small (sub-page). */ + size = pow2_ceil(size); + } else if (size <= arena_maxclass) { + /* Large. */ + size = PAGE_CEILING(size); + } else { + /* + * Huge. We use PAGE_CEILING to get psize, instead of using + * CHUNK_CEILING to get csize. This ensures that this + * malloc_usable_size(malloc(n)) always matches + * malloc_good_size(n). + */ + size = PAGE_CEILING(size); + } + return size; +} + + +MOZ_MEMORY_API size_t +malloc_usable_size_impl(MALLOC_USABLE_SIZE_CONST_PTR void *ptr) +{ + DARWIN_ONLY(return (szone->size)(szone, ptr)); + + return (isalloc_validate(ptr)); +} + +#ifdef MALLOC_STATS +MOZ_JEMALLOC_API void +jemalloc_stats_impl(jemalloc_stats_t *stats) +{ + size_t i, non_arena_mapped, chunk_header_size; + + assert(stats != NULL); + + /* + * Gather runtime settings. + */ + stats->opt_abort = opt_abort; + stats->opt_junk = +#ifdef MALLOC_FILL + opt_junk ? true : +#endif + false; + stats->opt_poison = +#ifdef MALLOC_FILL + opt_poison ? true : +#endif + false; + stats->opt_sysv = +#ifdef MALLOC_SYSV + opt_sysv ? true : +#endif + false; + stats->opt_xmalloc = +#ifdef MALLOC_XMALLOC + opt_xmalloc ? true : +#endif + false; + stats->opt_zero = +#ifdef MALLOC_FILL + opt_zero ? true : +#endif + false; + stats->narenas = narenas; + stats->balance_threshold = SIZE_T_MAX; + stats->quantum = quantum; + stats->small_max = small_max; + stats->large_max = arena_maxclass; + stats->chunksize = chunksize; + stats->dirty_max = opt_dirty_max; + + /* + * Gather current memory usage statistics. + */ + stats->mapped = 0; + stats->allocated = 0; + stats->waste = 0; + stats->page_cache = 0; + stats->bookkeeping = 0; + stats->bin_unused = 0; + + non_arena_mapped = 0; + + /* Get huge mapped/allocated. */ + malloc_mutex_lock(&huge_mtx); + non_arena_mapped += huge_mapped; + stats->allocated += huge_allocated; + assert(huge_mapped >= huge_allocated); + malloc_mutex_unlock(&huge_mtx); + + /* Get base mapped/allocated. */ + malloc_mutex_lock(&base_mtx); + non_arena_mapped += base_mapped; + stats->bookkeeping += base_committed; + assert(base_mapped >= base_committed); + malloc_mutex_unlock(&base_mtx); + + /* Iterate over arenas. */ + for (i = 0; i < narenas; i++) { + arena_t *arena = arenas[i]; + size_t arena_mapped, arena_allocated, arena_committed, arena_dirty, j, + arena_unused, arena_headers; + arena_run_t* run; + arena_chunk_map_t* mapelm; + + if (arena == NULL) { + continue; + } + + arena_headers = 0; + arena_unused = 0; + + malloc_spin_lock(&arena->lock); + + arena_mapped = arena->stats.mapped; + + /* "committed" counts dirty and allocated memory. */ + arena_committed = arena->stats.committed << pagesize_2pow; + + arena_allocated = arena->stats.allocated_small + + arena->stats.allocated_large; + + arena_dirty = arena->ndirty << pagesize_2pow; + + for (j = 0; j < ntbins + nqbins + nsbins; j++) { + arena_bin_t* bin = &arena->bins[j]; + size_t bin_unused = 0; + + rb_foreach_begin(arena_chunk_map_t, link, &bin->runs, mapelm) { + run = (arena_run_t *)(mapelm->bits & ~pagesize_mask); + bin_unused += run->nfree * bin->reg_size; + } rb_foreach_end(arena_chunk_map_t, link, &bin->runs, mapelm) + + if (bin->runcur) { + bin_unused += bin->runcur->nfree * bin->reg_size; + } + + arena_unused += bin_unused; + arena_headers += bin->stats.curruns * bin->reg0_offset; + } + + malloc_spin_unlock(&arena->lock); + + assert(arena_mapped >= arena_committed); + assert(arena_committed >= arena_allocated + arena_dirty); + + /* "waste" is committed memory that is neither dirty nor + * allocated. */ + stats->mapped += arena_mapped; + stats->allocated += arena_allocated; + stats->page_cache += arena_dirty; + stats->waste += arena_committed - + arena_allocated - arena_dirty - arena_unused - arena_headers; + stats->bin_unused += arena_unused; + stats->bookkeeping += arena_headers; + } + + /* Account for arena chunk headers in bookkeeping rather than waste. */ + chunk_header_size = + ((stats->mapped / stats->chunksize) * arena_chunk_header_npages) << + pagesize_2pow; + + stats->mapped += non_arena_mapped; + stats->bookkeeping += chunk_header_size; + stats->waste -= chunk_header_size; + + assert(stats->mapped >= stats->allocated + stats->waste + + stats->page_cache + stats->bookkeeping); +} +#endif // MALLOC_STATS +#ifdef MALLOC_DOUBLE_PURGE + +/* Explicitly remove all of this chunk's MADV_FREE'd pages from memory. */ +static void +hard_purge_chunk(arena_chunk_t *chunk) +{ + /* See similar logic in arena_purge(). */ + + size_t i; + for (i = arena_chunk_header_npages; i < chunk_npages; i++) { + /* Find all adjacent pages with CHUNK_MAP_MADVISED set. */ + size_t npages; + for (npages = 0; + chunk->map[i + npages].bits & CHUNK_MAP_MADVISED && i + npages < chunk_npages; + npages++) { + /* Turn off the chunk's MADV_FREED bit and turn on its + * DECOMMITTED bit. */ + RELEASE_ASSERT(!(chunk->map[i + npages].bits & CHUNK_MAP_DECOMMITTED)); + chunk->map[i + npages].bits ^= CHUNK_MAP_MADVISED_OR_DECOMMITTED; + } + + /* We could use mincore to find out which pages are actually + * present, but it's not clear that's better. */ + if (npages > 0) { + pages_decommit(((char*)chunk) + (i << pagesize_2pow), npages << pagesize_2pow); + pages_commit(((char*)chunk) + (i << pagesize_2pow), npages << pagesize_2pow); + } + i += npages; + } +} + +/* Explicitly remove all of this arena's MADV_FREE'd pages from memory. */ +static void +hard_purge_arena(arena_t *arena) +{ + malloc_spin_lock(&arena->lock); + + while (!LinkedList_IsEmpty(&arena->chunks_madvised)) { + LinkedList* next = arena->chunks_madvised.next; + arena_chunk_t *chunk = + LinkedList_Get(arena->chunks_madvised.next, + arena_chunk_t, chunks_madvised_elem); + hard_purge_chunk(chunk); + LinkedList_Remove(&chunk->chunks_madvised_elem); + } + + malloc_spin_unlock(&arena->lock); +} + +MOZ_JEMALLOC_API void +jemalloc_purge_freed_pages_impl() +{ + size_t i; + for (i = 0; i < narenas; i++) { + arena_t *arena = arenas[i]; + if (arena != NULL) + hard_purge_arena(arena); + } + if (!config_munmap || config_recycle) { + malloc_mutex_lock(&chunks_mtx); + extent_node_t *node = extent_tree_szad_first(&chunks_szad_mmap); + while (node) { + pages_decommit(node->addr, node->size); + pages_commit(node->addr, node->size); + node->zeroed = true; + node = extent_tree_szad_next(&chunks_szad_mmap, node); + } + malloc_mutex_unlock(&chunks_mtx); + } +} + +#else /* !defined MALLOC_DOUBLE_PURGE */ + +MOZ_JEMALLOC_API void +jemalloc_purge_freed_pages_impl() +{ + /* Do nothing. */ +} + +#endif /* defined MALLOC_DOUBLE_PURGE */ + + + +#ifdef MOZ_MEMORY_WINDOWS +void* +_recalloc(void *ptr, size_t count, size_t size) +{ + size_t oldsize = (ptr != NULL) ? isalloc(ptr) : 0; + size_t newsize = count * size; + + /* + * In order for all trailing bytes to be zeroed, the caller needs to + * use calloc(), followed by recalloc(). However, the current calloc() + * implementation only zeros the bytes requested, so if recalloc() is + * to work 100% correctly, calloc() will need to change to zero + * trailing bytes. + */ + + ptr = realloc_impl(ptr, newsize); + if (ptr != NULL && oldsize < newsize) { + memset((void *)((uintptr_t)ptr + oldsize), 0, newsize - + oldsize); + } + + return ptr; +} + +/* + * This impl of _expand doesn't ever actually expand or shrink blocks: it + * simply replies that you may continue using a shrunk block. + */ +void* +_expand(void *ptr, size_t newsize) +{ + if (isalloc(ptr) >= newsize) + return ptr; + + return NULL; +} + +size_t +_msize(void *ptr) +{ + + return malloc_usable_size_impl(ptr); +} +#endif + +MOZ_JEMALLOC_API void +jemalloc_free_dirty_pages_impl(void) +{ + size_t i; + for (i = 0; i < narenas; i++) { + arena_t *arena = arenas[i]; + + if (arena != NULL) { + malloc_spin_lock(&arena->lock); + arena_purge(arena, true); + malloc_spin_unlock(&arena->lock); + } + } +} + +/* + * End non-standard functions. + */ +/******************************************************************************/ +/* + * Begin library-private functions, used by threading libraries for protection + * of malloc during fork(). These functions are only called if the program is + * running in threaded mode, so there is no need to check whether the program + * is threaded here. + */ + +static void +_malloc_prefork(void) +{ + unsigned i; + + /* Acquire all mutexes in a safe order. */ + + malloc_spin_lock(&arenas_lock); + for (i = 0; i < narenas; i++) { + if (arenas[i] != NULL) + malloc_spin_lock(&arenas[i]->lock); + } + + malloc_mutex_lock(&base_mtx); + + malloc_mutex_lock(&huge_mtx); +} + +static void +_malloc_postfork(void) +{ + unsigned i; + + /* Release all mutexes, now that fork() has completed. */ + + malloc_mutex_unlock(&huge_mtx); + + malloc_mutex_unlock(&base_mtx); + + for (i = 0; i < narenas; i++) { + if (arenas[i] != NULL) + malloc_spin_unlock(&arenas[i]->lock); + } + malloc_spin_unlock(&arenas_lock); +} + +/* + * End library-private functions. + */ +/******************************************************************************/ + +#ifdef HAVE_DLOPEN +# include <dlfcn.h> +#endif + +#if defined(MOZ_MEMORY_DARWIN) + +#if !defined(MOZ_REPLACE_MALLOC) +static void * +zone_malloc(malloc_zone_t *zone, size_t size) +{ + + return (malloc_impl(size)); +} + +static void * +zone_calloc(malloc_zone_t *zone, size_t num, size_t size) +{ + + return (calloc_impl(num, size)); +} + +static void * +zone_valloc(malloc_zone_t *zone, size_t size) +{ + void *ret = NULL; /* Assignment avoids useless compiler warning. */ + + posix_memalign_impl(&ret, pagesize, size); + + return (ret); +} + +static void * +zone_memalign(malloc_zone_t *zone, size_t alignment, size_t size) +{ + return (memalign_impl(alignment, size)); +} + +static void * +zone_destroy(malloc_zone_t *zone) +{ + + /* This function should never be called. */ + assert(false); + return (NULL); +} + +static size_t +zone_good_size(malloc_zone_t *zone, size_t size) +{ + return malloc_good_size_impl(size); +} + +static size_t +ozone_size(malloc_zone_t *zone, void *ptr) +{ + size_t ret = isalloc_validate(ptr); + if (ret == 0) + ret = szone->size(zone, ptr); + + return ret; +} + +static void +ozone_free(malloc_zone_t *zone, void *ptr) +{ + if (isalloc_validate(ptr) != 0) + free_impl(ptr); + else { + size_t size = szone->size(zone, ptr); + if (size != 0) + (szone->free)(zone, ptr); + /* Otherwise we leak. */ + } +} + +static void * +ozone_realloc(malloc_zone_t *zone, void *ptr, size_t size) +{ + size_t oldsize; + if (ptr == NULL) + return (malloc_impl(size)); + + oldsize = isalloc_validate(ptr); + if (oldsize != 0) + return (realloc_impl(ptr, size)); + else { + oldsize = szone->size(zone, ptr); + if (oldsize == 0) + return (malloc_impl(size)); + else { + void *ret = malloc_impl(size); + if (ret != NULL) { + memcpy(ret, ptr, (oldsize < size) ? oldsize : + size); + (szone->free)(zone, ptr); + } + return (ret); + } + } +} + +static unsigned +ozone_batch_malloc(malloc_zone_t *zone, size_t size, void **results, + unsigned num_requested) +{ + /* Don't bother implementing this interface, since it isn't required. */ + return 0; +} + +static void +ozone_batch_free(malloc_zone_t *zone, void **to_be_freed, unsigned num) +{ + unsigned i; + + for (i = 0; i < num; i++) + ozone_free(zone, to_be_freed[i]); +} + +static void +ozone_free_definite_size(malloc_zone_t *zone, void *ptr, size_t size) +{ + if (isalloc_validate(ptr) != 0) { + assert(isalloc_validate(ptr) == size); + free_impl(ptr); + } else { + assert(size == szone->size(zone, ptr)); + l_szone.m16(zone, ptr, size); + } +} + +static void +ozone_force_lock(malloc_zone_t *zone) +{ + _malloc_prefork(); + szone->introspect->force_lock(zone); +} + +static void +ozone_force_unlock(malloc_zone_t *zone) +{ + szone->introspect->force_unlock(zone); + _malloc_postfork(); +} + +static size_t +zone_version_size(int version) +{ + switch (version) + { + case SNOW_LEOPARD_MALLOC_ZONE_T_VERSION: + return sizeof(snow_leopard_malloc_zone); + case LEOPARD_MALLOC_ZONE_T_VERSION: + return sizeof(leopard_malloc_zone); + default: + case LION_MALLOC_ZONE_T_VERSION: + return sizeof(lion_malloc_zone); + } +} + +/* + * Overlay the default scalable zone (szone) such that existing allocations are + * drained, and further allocations come from jemalloc. This is necessary + * because Core Foundation directly accesses and uses the szone before the + * jemalloc library is even loaded. + */ +static void +szone2ozone(malloc_zone_t *default_zone, size_t size) +{ + lion_malloc_zone *l_zone; + assert(malloc_initialized); + + /* + * Stash a copy of the original szone so that we can call its + * functions as needed. Note that internally, the szone stores its + * bookkeeping data structures immediately following the malloc_zone_t + * header, so when calling szone functions, we need to pass a pointer to + * the original zone structure. + */ + memcpy(szone, default_zone, size); + + /* OSX 10.7 allocates the default zone in protected memory. */ + if (default_zone->version >= LION_MALLOC_ZONE_T_VERSION) { + void* start_of_page = (void*)((size_t)(default_zone) & ~pagesize_mask); + mprotect (start_of_page, size, PROT_READ | PROT_WRITE); + } + + default_zone->size = (void *)ozone_size; + default_zone->malloc = (void *)zone_malloc; + default_zone->calloc = (void *)zone_calloc; + default_zone->valloc = (void *)zone_valloc; + default_zone->free = (void *)ozone_free; + default_zone->realloc = (void *)ozone_realloc; + default_zone->destroy = (void *)zone_destroy; + default_zone->batch_malloc = NULL; + default_zone->batch_free = ozone_batch_free; + default_zone->introspect = ozone_introspect; + + /* Don't modify default_zone->zone_name; Mac libc may rely on the name + * being unchanged. See Mozilla bug 694896. */ + + ozone_introspect->enumerator = NULL; + ozone_introspect->good_size = (void *)zone_good_size; + ozone_introspect->check = NULL; + ozone_introspect->print = NULL; + ozone_introspect->log = NULL; + ozone_introspect->force_lock = (void *)ozone_force_lock; + ozone_introspect->force_unlock = (void *)ozone_force_unlock; + ozone_introspect->statistics = NULL; + + /* Platform-dependent structs */ + l_zone = (lion_malloc_zone*)(default_zone); + + if (default_zone->version >= SNOW_LEOPARD_MALLOC_ZONE_T_VERSION) { + l_zone->m15 = (void (*)())zone_memalign; + l_zone->m16 = (void (*)())ozone_free_definite_size; + l_ozone_introspect.m9 = NULL; + } + + if (default_zone->version >= LION_MALLOC_ZONE_T_VERSION) { + l_zone->m17 = NULL; + l_ozone_introspect.m10 = NULL; + l_ozone_introspect.m11 = NULL; + l_ozone_introspect.m12 = NULL; + l_ozone_introspect.m13 = NULL; + } +} +#endif + +__attribute__((constructor)) +void +jemalloc_darwin_init(void) +{ + if (malloc_init_hard()) + abort(); +} + +#endif + +/* + * is_malloc(malloc_impl) is some macro magic to detect if malloc_impl is + * defined as "malloc" in mozmemory_wrap.h + */ +#define malloc_is_malloc 1 +#define is_malloc_(a) malloc_is_ ## a +#define is_malloc(a) is_malloc_(a) + +#if !(defined(MOZ_MEMORY_DARWIN) || defined(MOZ_MEMORY_BSD)) && \ + (is_malloc(malloc_impl) == 1) +# if defined(__GLIBC__) && !defined(__UCLIBC__) +/* + * glibc provides the RTLD_DEEPBIND flag for dlopen which can make it possible + * to inconsistently reference libc's malloc(3)-compatible functions + * (bug 493541). + * + * These definitions interpose hooks in glibc. The functions are actually + * passed an extra argument for the caller return address, which will be + * ignored. + */ +MOZ_MEMORY_API void (*__free_hook)(void *ptr) = free_impl; +MOZ_MEMORY_API void *(*__malloc_hook)(size_t size) = malloc_impl; +MOZ_MEMORY_API void *(*__realloc_hook)(void *ptr, size_t size) = realloc_impl; +MOZ_MEMORY_API void *(*__memalign_hook)(size_t alignment, size_t size) = MEMALIGN; + +# elif defined(RTLD_DEEPBIND) +/* + * XXX On systems that support RTLD_GROUP or DF_1_GROUP, do their + * implementations permit similar inconsistencies? Should STV_SINGLETON + * visibility be used for interposition where available? + */ +# error "Interposing malloc is unsafe on this system without libc malloc hooks." +# endif +#endif + +#ifdef MOZ_MEMORY_WINDOWS +/* + * In the new style jemalloc integration jemalloc is built as a separate + * shared library. Since we're no longer hooking into the CRT binary, + * we need to initialize the heap at the first opportunity we get. + * DLL_PROCESS_ATTACH in DllMain is that opportunity. + */ +BOOL APIENTRY DllMain(HINSTANCE hModule, + DWORD reason, + LPVOID lpReserved) +{ + switch (reason) { + case DLL_PROCESS_ATTACH: + /* Don't force the system to page DllMain back in every time + * we create/destroy a thread */ + DisableThreadLibraryCalls(hModule); + /* Initialize the heap */ + malloc_init_hard(); + break; + + case DLL_PROCESS_DETACH: + break; + + } + + return TRUE; +} +#endif diff --git a/system/memory/mozjemalloc/jemalloc_types.h b/system/memory/mozjemalloc/jemalloc_types.h new file mode 100644 index 000000000..dc778ae0a --- /dev/null +++ b/system/memory/mozjemalloc/jemalloc_types.h @@ -0,0 +1,90 @@ +/* -*- Mode: C; tab-width: 8; c-basic-offset: 8 -*- */ +/* vim:set softtabstop=8 shiftwidth=8: */ +/*- + * Copyright (C) 2006-2008 Jason Evans <jasone@FreeBSD.org>. + * Copyright (C) 2015-2019 Mark Straver <moonchild@palemoon.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice(s), this list of conditions and the following disclaimer as + * the first lines of this file unmodified other than the possible + * addition of one or more copyright notices. + * 2. Redistributions in binary form must reproduce the above copyright + * notice(s), this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _JEMALLOC_TYPES_H_ +#define _JEMALLOC_TYPES_H_ + +/* grab size_t */ +#ifdef _MSC_VER +#include <crtdefs.h> +#else +#include <stddef.h> +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef unsigned char jemalloc_bool; + +/* + * jemalloc_stats() is not a stable interface. When using jemalloc_stats_t, be + * sure that the compiled results of jemalloc.c are in sync with this header + * file. + */ +typedef struct { + /* + * Run-time configuration settings. + */ + jemalloc_bool opt_abort; /* abort(3) on error? */ + jemalloc_bool opt_junk; /* Fill allocated memory with 0xe4? */ + jemalloc_bool opt_poison; /* Fill free memory with 0xe5? */ + jemalloc_bool opt_sysv; /* SysV semantics? */ + jemalloc_bool opt_xmalloc; /* abort(3) on OOM? */ + jemalloc_bool opt_zero; /* Fill allocated memory with 0x0? */ + size_t narenas; /* Number of arenas. */ + size_t balance_threshold; /* Arena contention rebalance threshold. */ + size_t quantum; /* Allocation quantum. */ + size_t small_max; /* Max quantum-spaced allocation size. */ + size_t large_max; /* Max sub-chunksize allocation size. */ + size_t chunksize; /* Size of each virtual memory mapping. */ + size_t dirty_max; /* Max dirty pages per arena. */ + + /* + * Current memory usage statistics. + */ + size_t mapped; /* Bytes mapped (not necessarily committed). */ + size_t allocated; /* Bytes allocated (committed, in use by application). */ + size_t waste; /* Bytes committed, not in use by the + application, and not intentionally left + unused (i.e., not dirty). */ + size_t page_cache; /* Committed, unused pages kept around as a + cache. (jemalloc calls these "dirty".) */ + size_t bookkeeping; /* Committed bytes used internally by the + allocator. */ + size_t bin_unused; /* Bytes committed to a bin but currently unused. */ +} jemalloc_stats_t; + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* _JEMALLOC_TYPES_H_ */ diff --git a/system/memory/mozjemalloc/linkedlist.h b/system/memory/mozjemalloc/linkedlist.h new file mode 100644 index 000000000..acb10e56d --- /dev/null +++ b/system/memory/mozjemalloc/linkedlist.h @@ -0,0 +1,77 @@ +/* -*- Mode: C; tab-width: 8; c-basic-offset: 8; indent-tabs-mode: t -*- */ +/* vim:set softtabstop=8 shiftwidth=8 noet: */ +/*- + * Copyright (C) the Mozilla Foundation. + * Copyright (C) 2015-2018 Mark Straver <moonchild@palemoon.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice(s), this list of conditions and the following disclaimer as + * the first lines of this file unmodified other than the possible + * addition of one or more copyright notices. + * 2. Redistributions in binary form must reproduce the above copyright + * notice(s), this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + *******************************************************************************/ + +#ifndef linkedlist_h__ +#define linkedlist_h__ + +#include <stddef.h> + +typedef struct LinkedList_s LinkedList; + +struct LinkedList_s { + LinkedList *next; + LinkedList *prev; +}; + +/* Convert from LinkedList* to foo*. */ +#define LinkedList_Get(e, type, prop) \ + (type*)((char*)(e) - offsetof(type, prop)) + +/* Insert |e| at the beginning of |l|. */ +void LinkedList_InsertHead(LinkedList *l, LinkedList *e) +{ + e->next = l; + e->prev = l->prev; + e->next->prev = e; + e->prev->next = e; +} + +void LinkedList_Remove(LinkedList *e) +{ + e->prev->next = e->next; + e->next->prev = e->prev; + e->next = e; + e->prev = e; +} + +bool LinkedList_IsEmpty(LinkedList *e) +{ + return e->next == e; +} + +void LinkedList_Init(LinkedList *e) +{ + e->next = e; + e->prev = e; +} + +#endif diff --git a/system/memory/mozjemalloc/moz.build b/system/memory/mozjemalloc/moz.build new file mode 100644 index 000000000..8ac0a62ff --- /dev/null +++ b/system/memory/mozjemalloc/moz.build @@ -0,0 +1,40 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +EXPORTS += [ + 'jemalloc_types.h', +] + +SOURCES += [ + 'jemalloc.c', +] +FINAL_LIBRARY = 'memory' + +# For non release/esr builds, enable (some) fatal jemalloc assertions. This +# helps us catch memory errors. +if CONFIG['MOZ_UPDATE_CHANNEL'] not in ('release', 'esr'): + DEFINES['MOZ_JEMALLOC_HARD_ASSERTS'] = True + +DEFINES['abort'] = 'moz_abort' + +DEFINES['MOZ_JEMALLOC_IMPL'] = True + +#XXX: PGO on Linux causes problems here +# See bug 419470 +if CONFIG['OS_TARGET'] == 'Linux': + NO_PGO = True + +LOCAL_INCLUDES += [ + '../build', +] + +if CONFIG['GNU_CC']: + # too many annoying warnings from mfbt/ headers + # also too many false positives from functions generated through rb_wrab from rb.h. + CFLAGS += ['-Wno-unused', + '-Wno-uninitialized'] + +if CONFIG['_MSC_VER']: + CFLAGS += ['-wd4273'] # inconsistent dll linkage (bug 558163) diff --git a/system/memory/mozjemalloc/osx_zone_types.h b/system/memory/mozjemalloc/osx_zone_types.h new file mode 100644 index 000000000..603649dbc --- /dev/null +++ b/system/memory/mozjemalloc/osx_zone_types.h @@ -0,0 +1,147 @@ +/* -*- Mode: C; tab-width: 8; c-basic-offset: 8 -*- */ +/* vim:set softtabstop=8 shiftwidth=8: */ +/*- + * Copyright (C) 2006-2008 Jason Evans <jasone@FreeBSD.org>. + * Copyright (C) 2015-2018 Mark Straver <moonchild@palemoon.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice(s), this list of conditions and the following disclaimer as + * the first lines of this file unmodified other than the possible + * addition of one or more copyright notices. + * 2. Redistributions in binary form must reproduce the above copyright + * notice(s), this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * The purpose of these structs is described in jemalloc.c, in the comment + * marked MALLOC_ZONE_T_NOTE. + * + * We need access to some structs that come with a specific version of OSX + * but can't copy them here because of licensing restrictions (see bug + * 603655). The structs below are equivalent in that they'll always be + * compiled to the same representation on all platforms. + * + * `void*` and `void (*)()` may not be the same size on weird platforms, but + * the size of a function pointer shouldn't vary according to its parameters + * or return type. + * + * Apple's version of these structures, complete with member names and + * comments, is available online at + * + * http://www.opensource.apple.com/source/Libc/Libc-763.12/include/malloc/malloc.h + * + */ + +/* + * OSX 10.5 - Leopard + */ +typedef struct _leopard_malloc_zone { + void *m1; + void *m2; + void (*m3)(); + void (*m4)(); + void (*m5)(); + void (*m6)(); + void (*m7)(); + void (*m8)(); + void (*m9)(); + void *m10; + void (*m11)(); + void (*m12)(); + void *m13; + unsigned m14; +} leopard_malloc_zone; + +/* + * OSX 10.6 - Snow Leopard + */ +typedef struct _snow_leopard_malloc_zone { + void *m1; + void *m2; + void (*m3)(); + void (*m4)(); + void (*m5)(); + void (*m6)(); + void (*m7)(); + void (*m8)(); + void (*m9)(); + void *m10; + void (*m11)(); + void (*m12)(); + void *m13; + unsigned m14; + void (*m15)(); // this member added in 10.6 + void (*m16)(); // this member added in 10.6 +} snow_leopard_malloc_zone; + +typedef struct _snow_leopard_malloc_introspection { + void (*m1)(); + void (*m2)(); + void (*m3)(); + void (*m4)(); + void (*m5)(); + void (*m6)(); + void (*m7)(); + void (*m8)(); + void (*m9)(); // this member added in 10.6 +} snow_leopard_malloc_introspection; + +/* + * OSX 10.7 - Lion + */ +typedef struct _lion_malloc_zone { + void *m1; + void *m2; + void (*m3)(); + void (*m4)(); + void (*m5)(); + void (*m6)(); + void (*m7)(); + void (*m8)(); + void (*m9)(); + void *m10; + void (*m11)(); + void (*m12)(); + void *m13; + unsigned m14; + void (*m15)(); + void (*m16)(); + void (*m17)(); // this member added in 10.7 +} lion_malloc_zone; + +typedef struct _lion_malloc_introspection { + void (*m1)(); + void (*m2)(); + void (*m3)(); + void (*m4)(); + void (*m5)(); + void (*m6)(); + void (*m7)(); + void (*m8)(); + void (*m9)(); + void (*m10)(); // this member added in 10.7 + void (*m11)(); // this member added in 10.7 + void (*m12)(); // this member added in 10.7 +#ifdef __BLOCKS__ + void (*m13)(); // this member added in 10.7 +#else + void *m13; // this member added in 10.7 +#endif +} lion_malloc_introspection; diff --git a/system/memory/mozjemalloc/ql.h b/system/memory/mozjemalloc/ql.h new file mode 100644 index 000000000..2fdb2d40c --- /dev/null +++ b/system/memory/mozjemalloc/ql.h @@ -0,0 +1,114 @@ +/****************************************************************************** + * + * Copyright (C) 2002 Jason Evans <jasone@canonware.com>. + * Copyright (C) 2015-2018 Mark Straver <moonchild@palemoon.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice(s), this list of conditions and the following disclaimer + * unmodified other than the allowable addition of one or more + * copyright notices. + * 2. Redistributions in binary form must reproduce the above copyright + * notice(s), this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + ******************************************************************************/ + +/* + * List definitions. + */ +#define ql_head(a_type) \ +struct { \ + a_type *qlh_first; \ +} + +#define ql_head_initializer(a_head) {NULL} + +#define ql_elm(a_type) qr(a_type) + +/* List functions. */ +#define ql_new(a_head) do { \ + (a_head)->qlh_first = NULL; \ +} while (0) + +#define ql_elm_new(a_elm, a_field) qr_new((a_elm), a_field) + +#define ql_first(a_head) ((a_head)->qlh_first) + +#define ql_last(a_head, a_field) \ + ((ql_first(a_head) != NULL) \ + ? qr_prev(ql_first(a_head), a_field) : NULL) + +#define ql_next(a_head, a_elm, a_field) \ + ((ql_last(a_head, a_field) != (a_elm)) \ + ? qr_next((a_elm), a_field) : NULL) + +#define ql_prev(a_head, a_elm, a_field) \ + ((ql_first(a_head) != (a_elm)) ? qr_prev((a_elm), a_field) \ + : NULL) + +#define ql_before_insert(a_head, a_qlelm, a_elm, a_field) do { \ + qr_before_insert((a_qlelm), (a_elm), a_field); \ + if (ql_first(a_head) == (a_qlelm)) { \ + ql_first(a_head) = (a_elm); \ + } \ +} while (0) + +#define ql_after_insert(a_qlelm, a_elm, a_field) \ + qr_after_insert((a_qlelm), (a_elm), a_field) + +#define ql_head_insert(a_head, a_elm, a_field) do { \ + if (ql_first(a_head) != NULL) { \ + qr_before_insert(ql_first(a_head), (a_elm), a_field); \ + } \ + ql_first(a_head) = (a_elm); \ +} while (0) + +#define ql_tail_insert(a_head, a_elm, a_field) do { \ + if (ql_first(a_head) != NULL) { \ + qr_before_insert(ql_first(a_head), (a_elm), a_field); \ + } \ + ql_first(a_head) = qr_next((a_elm), a_field); \ +} while (0) + +#define ql_remove(a_head, a_elm, a_field) do { \ + if (ql_first(a_head) == (a_elm)) { \ + ql_first(a_head) = qr_next(ql_first(a_head), a_field); \ + } \ + if (ql_first(a_head) != (a_elm)) { \ + qr_remove((a_elm), a_field); \ + } else { \ + ql_first(a_head) = NULL; \ + } \ +} while (0) + +#define ql_head_remove(a_head, a_type, a_field) do { \ + a_type *t = ql_first(a_head); \ + ql_remove((a_head), t, a_field); \ +} while (0) + +#define ql_tail_remove(a_head, a_type, a_field) do { \ + a_type *t = ql_last(a_head, a_field); \ + ql_remove((a_head), t, a_field); \ +} while (0) + +#define ql_foreach(a_var, a_head, a_field) \ + qr_foreach((a_var), ql_first(a_head), a_field) + +#define ql_reverse_foreach(a_var, a_head, a_field) \ + qr_reverse_foreach((a_var), ql_first(a_head), a_field) diff --git a/system/memory/mozjemalloc/qr.h b/system/memory/mozjemalloc/qr.h new file mode 100644 index 000000000..03891664b --- /dev/null +++ b/system/memory/mozjemalloc/qr.h @@ -0,0 +1,98 @@ +/****************************************************************************** + * + * Copyright (C) 2002 Jason Evans <jasone@canonware.com>. + * Copyright (C) 2015-2018 Mark Straver <moonchild@palemoon.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice(s), this list of conditions and the following disclaimer + * unmodified other than the allowable addition of one or more + * copyright notices. + * 2. Redistributions in binary form must reproduce the above copyright + * notice(s), this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + ******************************************************************************/ + +/* Ring definitions. */ +#define qr(a_type) \ +struct { \ + a_type *qre_next; \ + a_type *qre_prev; \ +} + +/* Ring functions. */ +#define qr_new(a_qr, a_field) do { \ + (a_qr)->a_field.qre_next = (a_qr); \ + (a_qr)->a_field.qre_prev = (a_qr); \ +} while (0) + +#define qr_next(a_qr, a_field) ((a_qr)->a_field.qre_next) + +#define qr_prev(a_qr, a_field) ((a_qr)->a_field.qre_prev) + +#define qr_before_insert(a_qrelm, a_qr, a_field) do { \ + (a_qr)->a_field.qre_prev = (a_qrelm)->a_field.qre_prev; \ + (a_qr)->a_field.qre_next = (a_qrelm); \ + (a_qr)->a_field.qre_prev->a_field.qre_next = (a_qr); \ + (a_qrelm)->a_field.qre_prev = (a_qr); \ +} while (0) + +#define qr_after_insert(a_qrelm, a_qr, a_field) \ + do \ + { \ + (a_qr)->a_field.qre_next = (a_qrelm)->a_field.qre_next; \ + (a_qr)->a_field.qre_prev = (a_qrelm); \ + (a_qr)->a_field.qre_next->a_field.qre_prev = (a_qr); \ + (a_qrelm)->a_field.qre_next = (a_qr); \ + } while (0) + +#define qr_meld(a_qr_a, a_qr_b, a_field) do { \ + void *t; \ + (a_qr_a)->a_field.qre_prev->a_field.qre_next = (a_qr_b); \ + (a_qr_b)->a_field.qre_prev->a_field.qre_next = (a_qr_a); \ + t = (a_qr_a)->a_field.qre_prev; \ + (a_qr_a)->a_field.qre_prev = (a_qr_b)->a_field.qre_prev; \ + (a_qr_b)->a_field.qre_prev = t; \ +} while (0) + +/* qr_meld() and qr_split() are functionally equivalent, so there's no need to + * have two copies of the code. */ +#define qr_split(a_qr_a, a_qr_b, a_field) \ + qr_meld((a_qr_a), (a_qr_b), a_field) + +#define qr_remove(a_qr, a_field) do { \ + (a_qr)->a_field.qre_prev->a_field.qre_next \ + = (a_qr)->a_field.qre_next; \ + (a_qr)->a_field.qre_next->a_field.qre_prev \ + = (a_qr)->a_field.qre_prev; \ + (a_qr)->a_field.qre_next = (a_qr); \ + (a_qr)->a_field.qre_prev = (a_qr); \ +} while (0) + +#define qr_foreach(var, a_qr, a_field) \ + for ((var) = (a_qr); \ + (var) != NULL; \ + (var) = (((var)->a_field.qre_next != (a_qr)) \ + ? (var)->a_field.qre_next : NULL)) + +#define qr_reverse_foreach(var, a_qr, a_field) \ + for ((var) = ((a_qr) != NULL) ? qr_prev(a_qr, a_field) : NULL; \ + (var) != NULL; \ + (var) = (((var) != (a_qr)) \ + ? (var)->a_field.qre_prev : NULL)) diff --git a/system/memory/mozjemalloc/rb.h b/system/memory/mozjemalloc/rb.h new file mode 100644 index 000000000..a1b08973b --- /dev/null +++ b/system/memory/mozjemalloc/rb.h @@ -0,0 +1,963 @@ +/****************************************************************************** + * + * Copyright (C) 2008 Jason Evans <jasone@FreeBSD.org>. + * Copyright (C) 2015-2019 Mark Straver <moonchild@palemoon.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice(s), this list of conditions and the following disclaimer + * unmodified other than the allowable addition of one or more + * copyright notices. + * 2. Redistributions in binary form must reproduce the above copyright + * notice(s), this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + ****************************************************************************** + * + * cpp macro implementation of left-leaning red-black trees. + * + * Usage: + * + * (Optional.) + * #define SIZEOF_PTR ... + * #define SIZEOF_PTR_2POW ... + * + * (Optional, see assert(3).) + * #define NDEBUG + * + * (Required.) + * #include <assert.h> + * #include <rb.h> + * ... + * + * All operations are done non-recursively. Parent pointers are not used, and + * color bits are stored in the least significant bit of right-child pointers, + * thus making node linkage as compact as is possible for red-black trees. + * + * Some macros use a comparison function pointer, which is expected to have the + * following prototype: + * + * int (a_cmp *)(a_type *a_node, a_type *a_other); + * ^^^^^^ + * or a_key + * + * Interpretation of comparision function return values: + * + * -1 : a_node < a_other + * 0 : a_node == a_other + * 1 : a_node > a_other + * + * In all cases, the a_node or a_key macro argument is the first argument to the + * comparison function, which makes it possible to write comparison functions + * that treat the first argument specially. + * + ******************************************************************************/ + +#ifndef RB_H_ +#define RB_H_ + +/* Node structure. */ +#define rb_node(a_type) \ +struct { \ + a_type *rbn_left; \ + a_type *rbn_right_red; \ +} + +/* Root structure. */ +#define rb_tree(a_type) \ +struct { \ + a_type *rbt_root; \ + a_type rbt_nil; \ +} + +/* Left accessors. */ +#define rbp_left_get(a_type, a_field, a_node) \ + ((a_node)->a_field.rbn_left) +#define rbp_left_set(a_type, a_field, a_node, a_left) do { \ + (a_node)->a_field.rbn_left = a_left; \ +} while (0) + +/* Right accessors. */ +#define rbp_right_get(a_type, a_field, a_node) \ + ((a_type *) (((intptr_t) (a_node)->a_field.rbn_right_red) \ + & ((ssize_t)-2))) +#define rbp_right_set(a_type, a_field, a_node, a_right) do { \ + (a_node)->a_field.rbn_right_red = (a_type *) (((uintptr_t) a_right) \ + | (((uintptr_t) (a_node)->a_field.rbn_right_red) & ((size_t)1))); \ +} while (0) + +/* Color accessors. */ +#define rbp_red_get(a_type, a_field, a_node) \ + ((bool) (((uintptr_t) (a_node)->a_field.rbn_right_red) \ + & ((size_t)1))) +#define rbp_color_set(a_type, a_field, a_node, a_red) do { \ + (a_node)->a_field.rbn_right_red = (a_type *) ((((intptr_t) \ + (a_node)->a_field.rbn_right_red) & ((ssize_t)-2)) \ + | ((ssize_t)a_red)); \ +} while (0) +#define rbp_red_set(a_type, a_field, a_node) do { \ + (a_node)->a_field.rbn_right_red = (a_type *) (((uintptr_t) \ + (a_node)->a_field.rbn_right_red) | ((size_t)1)); \ +} while (0) +#define rbp_black_set(a_type, a_field, a_node) do { \ + (a_node)->a_field.rbn_right_red = (a_type *) (((intptr_t) \ + (a_node)->a_field.rbn_right_red) & ((ssize_t)-2)); \ +} while (0) + +/* Node initializer. */ +#define rbp_node_new(a_type, a_field, a_tree, a_node) do { \ + rbp_left_set(a_type, a_field, (a_node), &(a_tree)->rbt_nil); \ + rbp_right_set(a_type, a_field, (a_node), &(a_tree)->rbt_nil); \ + rbp_red_set(a_type, a_field, (a_node)); \ +} while (0) + +/* Tree initializer. */ +#define rb_new(a_type, a_field, a_tree) do { \ + (a_tree)->rbt_root = &(a_tree)->rbt_nil; \ + rbp_node_new(a_type, a_field, a_tree, &(a_tree)->rbt_nil); \ + rbp_black_set(a_type, a_field, &(a_tree)->rbt_nil); \ +} while (0) + +/* Tree operations. */ +#define rbp_black_height(a_type, a_field, a_tree, r_height) do { \ + a_type *rbp_bh_t; \ + for (rbp_bh_t = (a_tree)->rbt_root, (r_height) = 0; \ + rbp_bh_t != &(a_tree)->rbt_nil; \ + rbp_bh_t = rbp_left_get(a_type, a_field, rbp_bh_t)) { \ + if (rbp_red_get(a_type, a_field, rbp_bh_t) == false) { \ + (r_height)++; \ + } \ + } \ +} while (0) + +#define rbp_first(a_type, a_field, a_tree, a_root, r_node) do { \ + for ((r_node) = (a_root); \ + rbp_left_get(a_type, a_field, (r_node)) != &(a_tree)->rbt_nil; \ + (r_node) = rbp_left_get(a_type, a_field, (r_node))) { \ + } \ +} while (0) + +#define rbp_last(a_type, a_field, a_tree, a_root, r_node) do { \ + for ((r_node) = (a_root); \ + rbp_right_get(a_type, a_field, (r_node)) != &(a_tree)->rbt_nil; \ + (r_node) = rbp_right_get(a_type, a_field, (r_node))) { \ + } \ +} while (0) + +#define rbp_next(a_type, a_field, a_cmp, a_tree, a_node, r_node) do { \ + if (rbp_right_get(a_type, a_field, (a_node)) \ + != &(a_tree)->rbt_nil) { \ + rbp_first(a_type, a_field, a_tree, rbp_right_get(a_type, \ + a_field, (a_node)), (r_node)); \ + } else { \ + a_type *rbp_n_t = (a_tree)->rbt_root; \ + assert(rbp_n_t != &(a_tree)->rbt_nil); \ + (r_node) = &(a_tree)->rbt_nil; \ + while (true) { \ + int rbp_n_cmp = (a_cmp)((a_node), rbp_n_t); \ + if (rbp_n_cmp < 0) { \ + (r_node) = rbp_n_t; \ + rbp_n_t = rbp_left_get(a_type, a_field, rbp_n_t); \ + } else if (rbp_n_cmp > 0) { \ + rbp_n_t = rbp_right_get(a_type, a_field, rbp_n_t); \ + } else { \ + break; \ + } \ + assert(rbp_n_t != &(a_tree)->rbt_nil); \ + } \ + } \ +} while (0) + +#define rbp_prev(a_type, a_field, a_cmp, a_tree, a_node, r_node) do { \ + if (rbp_left_get(a_type, a_field, (a_node)) != &(a_tree)->rbt_nil) {\ + rbp_last(a_type, a_field, a_tree, rbp_left_get(a_type, \ + a_field, (a_node)), (r_node)); \ + } else { \ + a_type *rbp_p_t = (a_tree)->rbt_root; \ + assert(rbp_p_t != &(a_tree)->rbt_nil); \ + (r_node) = &(a_tree)->rbt_nil; \ + while (true) { \ + int rbp_p_cmp = (a_cmp)((a_node), rbp_p_t); \ + if (rbp_p_cmp < 0) { \ + rbp_p_t = rbp_left_get(a_type, a_field, rbp_p_t); \ + } else if (rbp_p_cmp > 0) { \ + (r_node) = rbp_p_t; \ + rbp_p_t = rbp_right_get(a_type, a_field, rbp_p_t); \ + } else { \ + break; \ + } \ + assert(rbp_p_t != &(a_tree)->rbt_nil); \ + } \ + } \ +} while (0) + +#define rb_first(a_type, a_field, a_tree, r_node) do { \ + rbp_first(a_type, a_field, a_tree, (a_tree)->rbt_root, (r_node)); \ + if ((r_node) == &(a_tree)->rbt_nil) { \ + (r_node) = NULL; \ + } \ +} while (0) + +#define rb_last(a_type, a_field, a_tree, r_node) do { \ + rbp_last(a_type, a_field, a_tree, (a_tree)->rbt_root, r_node); \ + if ((r_node) == &(a_tree)->rbt_nil) { \ + (r_node) = NULL; \ + } \ +} while (0) + +#define rb_next(a_type, a_field, a_cmp, a_tree, a_node, r_node) do { \ + rbp_next(a_type, a_field, a_cmp, a_tree, (a_node), (r_node)); \ + if ((r_node) == &(a_tree)->rbt_nil) { \ + (r_node) = NULL; \ + } \ +} while (0) + +#define rb_prev(a_type, a_field, a_cmp, a_tree, a_node, r_node) do { \ + rbp_prev(a_type, a_field, a_cmp, a_tree, (a_node), (r_node)); \ + if ((r_node) == &(a_tree)->rbt_nil) { \ + (r_node) = NULL; \ + } \ +} while (0) + +#define rb_search(a_type, a_field, a_cmp, a_tree, a_key, r_node) do { \ + int rbp_se_cmp; \ + (r_node) = (a_tree)->rbt_root; \ + while ((r_node) != &(a_tree)->rbt_nil \ + && (rbp_se_cmp = (a_cmp)((a_key), (r_node))) != 0) { \ + if (rbp_se_cmp < 0) { \ + (r_node) = rbp_left_get(a_type, a_field, (r_node)); \ + } else { \ + (r_node) = rbp_right_get(a_type, a_field, (r_node)); \ + } \ + } \ + if ((r_node) == &(a_tree)->rbt_nil) { \ + (r_node) = NULL; \ + } \ +} while (0) + +/* + * Find a match if it exists. Otherwise, find the next greater node, if one + * exists. + */ +#define rb_nsearch(a_type, a_field, a_cmp, a_tree, a_key, r_node) do { \ + a_type *rbp_ns_t = (a_tree)->rbt_root; \ + (r_node) = NULL; \ + while (rbp_ns_t != &(a_tree)->rbt_nil) { \ + int rbp_ns_cmp = (a_cmp)((a_key), rbp_ns_t); \ + if (rbp_ns_cmp < 0) { \ + (r_node) = rbp_ns_t; \ + rbp_ns_t = rbp_left_get(a_type, a_field, rbp_ns_t); \ + } else if (rbp_ns_cmp > 0) { \ + rbp_ns_t = rbp_right_get(a_type, a_field, rbp_ns_t); \ + } else { \ + (r_node) = rbp_ns_t; \ + break; \ + } \ + } \ +} while (0) + +/* + * Find a match if it exists. Otherwise, find the previous lesser node, if one + * exists. + */ +#define rb_psearch(a_type, a_field, a_cmp, a_tree, a_key, r_node) do { \ + a_type *rbp_ps_t = (a_tree)->rbt_root; \ + (r_node) = NULL; \ + while (rbp_ps_t != &(a_tree)->rbt_nil) { \ + int rbp_ps_cmp = (a_cmp)((a_key), rbp_ps_t); \ + if (rbp_ps_cmp < 0) { \ + rbp_ps_t = rbp_left_get(a_type, a_field, rbp_ps_t); \ + } else if (rbp_ps_cmp > 0) { \ + (r_node) = rbp_ps_t; \ + rbp_ps_t = rbp_right_get(a_type, a_field, rbp_ps_t); \ + } else { \ + (r_node) = rbp_ps_t; \ + break; \ + } \ + } \ +} while (0) + +#define rbp_rotate_left(a_type, a_field, a_node, r_node) do { \ + (r_node) = rbp_right_get(a_type, a_field, (a_node)); \ + rbp_right_set(a_type, a_field, (a_node), \ + rbp_left_get(a_type, a_field, (r_node))); \ + rbp_left_set(a_type, a_field, (r_node), (a_node)); \ +} while (0) + +#define rbp_rotate_right(a_type, a_field, a_node, r_node) do { \ + (r_node) = rbp_left_get(a_type, a_field, (a_node)); \ + rbp_left_set(a_type, a_field, (a_node), \ + rbp_right_get(a_type, a_field, (r_node))); \ + rbp_right_set(a_type, a_field, (r_node), (a_node)); \ +} while (0) + +#define rbp_lean_left(a_type, a_field, a_node, r_node) do { \ + bool rbp_ll_red; \ + rbp_rotate_left(a_type, a_field, (a_node), (r_node)); \ + rbp_ll_red = rbp_red_get(a_type, a_field, (a_node)); \ + rbp_color_set(a_type, a_field, (r_node), rbp_ll_red); \ + rbp_red_set(a_type, a_field, (a_node)); \ +} while (0) + +#define rbp_lean_right(a_type, a_field, a_node, r_node) do { \ + bool rbp_lr_red; \ + rbp_rotate_right(a_type, a_field, (a_node), (r_node)); \ + rbp_lr_red = rbp_red_get(a_type, a_field, (a_node)); \ + rbp_color_set(a_type, a_field, (r_node), rbp_lr_red); \ + rbp_red_set(a_type, a_field, (a_node)); \ +} while (0) + +#define rbp_move_red_left(a_type, a_field, a_node, r_node) do { \ + a_type *rbp_mrl_t, *rbp_mrl_u; \ + rbp_mrl_t = rbp_left_get(a_type, a_field, (a_node)); \ + rbp_red_set(a_type, a_field, rbp_mrl_t); \ + rbp_mrl_t = rbp_right_get(a_type, a_field, (a_node)); \ + rbp_mrl_u = rbp_left_get(a_type, a_field, rbp_mrl_t); \ + if (rbp_red_get(a_type, a_field, rbp_mrl_u)) { \ + rbp_rotate_right(a_type, a_field, rbp_mrl_t, rbp_mrl_u); \ + rbp_right_set(a_type, a_field, (a_node), rbp_mrl_u); \ + rbp_rotate_left(a_type, a_field, (a_node), (r_node)); \ + rbp_mrl_t = rbp_right_get(a_type, a_field, (a_node)); \ + if (rbp_red_get(a_type, a_field, rbp_mrl_t)) { \ + rbp_black_set(a_type, a_field, rbp_mrl_t); \ + rbp_red_set(a_type, a_field, (a_node)); \ + rbp_rotate_left(a_type, a_field, (a_node), rbp_mrl_t); \ + rbp_left_set(a_type, a_field, (r_node), rbp_mrl_t); \ + } else { \ + rbp_black_set(a_type, a_field, (a_node)); \ + } \ + } else { \ + rbp_red_set(a_type, a_field, (a_node)); \ + rbp_rotate_left(a_type, a_field, (a_node), (r_node)); \ + } \ +} while (0) + +#define rbp_move_red_right(a_type, a_field, a_node, r_node) do { \ + a_type *rbp_mrr_t; \ + rbp_mrr_t = rbp_left_get(a_type, a_field, (a_node)); \ + if (rbp_red_get(a_type, a_field, rbp_mrr_t)) { \ + a_type *rbp_mrr_u, *rbp_mrr_v; \ + rbp_mrr_u = rbp_right_get(a_type, a_field, rbp_mrr_t); \ + rbp_mrr_v = rbp_left_get(a_type, a_field, rbp_mrr_u); \ + if (rbp_red_get(a_type, a_field, rbp_mrr_v)) { \ + rbp_color_set(a_type, a_field, rbp_mrr_u, \ + rbp_red_get(a_type, a_field, (a_node))); \ + rbp_black_set(a_type, a_field, rbp_mrr_v); \ + rbp_rotate_left(a_type, a_field, rbp_mrr_t, rbp_mrr_u); \ + rbp_left_set(a_type, a_field, (a_node), rbp_mrr_u); \ + rbp_rotate_right(a_type, a_field, (a_node), (r_node)); \ + rbp_rotate_left(a_type, a_field, (a_node), rbp_mrr_t); \ + rbp_right_set(a_type, a_field, (r_node), rbp_mrr_t); \ + } else { \ + rbp_color_set(a_type, a_field, rbp_mrr_t, \ + rbp_red_get(a_type, a_field, (a_node))); \ + rbp_red_set(a_type, a_field, rbp_mrr_u); \ + rbp_rotate_right(a_type, a_field, (a_node), (r_node)); \ + rbp_rotate_left(a_type, a_field, (a_node), rbp_mrr_t); \ + rbp_right_set(a_type, a_field, (r_node), rbp_mrr_t); \ + } \ + rbp_red_set(a_type, a_field, (a_node)); \ + } else { \ + rbp_red_set(a_type, a_field, rbp_mrr_t); \ + rbp_mrr_t = rbp_left_get(a_type, a_field, rbp_mrr_t); \ + if (rbp_red_get(a_type, a_field, rbp_mrr_t)) { \ + rbp_black_set(a_type, a_field, rbp_mrr_t); \ + rbp_rotate_right(a_type, a_field, (a_node), (r_node)); \ + rbp_rotate_left(a_type, a_field, (a_node), rbp_mrr_t); \ + rbp_right_set(a_type, a_field, (r_node), rbp_mrr_t); \ + } else { \ + rbp_rotate_left(a_type, a_field, (a_node), (r_node)); \ + } \ + } \ +} while (0) + +#define rb_insert(a_type, a_field, a_cmp, a_tree, a_node) do { \ + a_type rbp_i_s; \ + a_type *rbp_i_g, *rbp_i_p, *rbp_i_c, *rbp_i_t, *rbp_i_u; \ + int rbp_i_cmp = 0; \ + rbp_i_g = &(a_tree)->rbt_nil; \ + rbp_left_set(a_type, a_field, &rbp_i_s, (a_tree)->rbt_root); \ + rbp_right_set(a_type, a_field, &rbp_i_s, &(a_tree)->rbt_nil); \ + rbp_black_set(a_type, a_field, &rbp_i_s); \ + rbp_i_p = &rbp_i_s; \ + rbp_i_c = (a_tree)->rbt_root; \ + /* Iteratively search down the tree for the insertion point, */\ + /* splitting 4-nodes as they are encountered. At the end of each */\ + /* iteration, rbp_i_g->rbp_i_p->rbp_i_c is a 3-level path down */\ + /* the tree, assuming a sufficiently deep tree. */\ + while (rbp_i_c != &(a_tree)->rbt_nil) { \ + rbp_i_t = rbp_left_get(a_type, a_field, rbp_i_c); \ + rbp_i_u = rbp_left_get(a_type, a_field, rbp_i_t); \ + if (rbp_red_get(a_type, a_field, rbp_i_t) \ + && rbp_red_get(a_type, a_field, rbp_i_u)) { \ + /* rbp_i_c is the top of a logical 4-node, so split it. */\ + /* This iteration does not move down the tree, due to the */\ + /* disruptiveness of node splitting. */\ + /* */\ + /* Rotate right. */\ + rbp_rotate_right(a_type, a_field, rbp_i_c, rbp_i_t); \ + /* Pass red links up one level. */\ + rbp_i_u = rbp_left_get(a_type, a_field, rbp_i_t); \ + rbp_black_set(a_type, a_field, rbp_i_u); \ + if (rbp_left_get(a_type, a_field, rbp_i_p) == rbp_i_c) { \ + rbp_left_set(a_type, a_field, rbp_i_p, rbp_i_t); \ + rbp_i_c = rbp_i_t; \ + } else { \ + /* rbp_i_c was the right child of rbp_i_p, so rotate */\ + /* left in order to maintain the left-leaning */\ + /* invariant. */\ + assert(rbp_right_get(a_type, a_field, rbp_i_p) \ + == rbp_i_c); \ + rbp_right_set(a_type, a_field, rbp_i_p, rbp_i_t); \ + rbp_lean_left(a_type, a_field, rbp_i_p, rbp_i_u); \ + if (rbp_left_get(a_type, a_field, rbp_i_g) == rbp_i_p) {\ + rbp_left_set(a_type, a_field, rbp_i_g, rbp_i_u); \ + } else { \ + assert(rbp_right_get(a_type, a_field, rbp_i_g) \ + == rbp_i_p); \ + rbp_right_set(a_type, a_field, rbp_i_g, rbp_i_u); \ + } \ + rbp_i_p = rbp_i_u; \ + rbp_i_cmp = (a_cmp)((a_node), rbp_i_p); \ + if (rbp_i_cmp < 0) { \ + rbp_i_c = rbp_left_get(a_type, a_field, rbp_i_p); \ + } else { \ + assert(rbp_i_cmp > 0); \ + rbp_i_c = rbp_right_get(a_type, a_field, rbp_i_p); \ + } \ + continue; \ + } \ + } \ + rbp_i_g = rbp_i_p; \ + rbp_i_p = rbp_i_c; \ + rbp_i_cmp = (a_cmp)((a_node), rbp_i_c); \ + if (rbp_i_cmp < 0) { \ + rbp_i_c = rbp_left_get(a_type, a_field, rbp_i_c); \ + } else { \ + assert(rbp_i_cmp > 0); \ + rbp_i_c = rbp_right_get(a_type, a_field, rbp_i_c); \ + } \ + } \ + /* rbp_i_p now refers to the node under which to insert. */\ + rbp_node_new(a_type, a_field, a_tree, (a_node)); \ + if (rbp_i_cmp > 0) { \ + rbp_right_set(a_type, a_field, rbp_i_p, (a_node)); \ + rbp_lean_left(a_type, a_field, rbp_i_p, rbp_i_t); \ + if (rbp_left_get(a_type, a_field, rbp_i_g) == rbp_i_p) { \ + rbp_left_set(a_type, a_field, rbp_i_g, rbp_i_t); \ + } else if (rbp_right_get(a_type, a_field, rbp_i_g) == rbp_i_p) {\ + rbp_right_set(a_type, a_field, rbp_i_g, rbp_i_t); \ + } \ + } else { \ + rbp_left_set(a_type, a_field, rbp_i_p, (a_node)); \ + } \ + /* Update the root and make sure that it is black. */\ + (a_tree)->rbt_root = rbp_left_get(a_type, a_field, &rbp_i_s); \ + rbp_black_set(a_type, a_field, (a_tree)->rbt_root); \ +} while (0) + +#define rb_remove(a_type, a_field, a_cmp, a_tree, a_node) do { \ + a_type rbp_r_s; \ + a_type *rbp_r_p, *rbp_r_c, *rbp_r_xp, *rbp_r_t, *rbp_r_u; \ + int rbp_r_cmp; \ + rbp_left_set(a_type, a_field, &rbp_r_s, (a_tree)->rbt_root); \ + rbp_right_set(a_type, a_field, &rbp_r_s, &(a_tree)->rbt_nil); \ + rbp_black_set(a_type, a_field, &rbp_r_s); \ + rbp_r_p = &rbp_r_s; \ + rbp_r_c = (a_tree)->rbt_root; \ + rbp_r_xp = &(a_tree)->rbt_nil; \ + /* Iterate down the tree, but always transform 2-nodes to 3- or */\ + /* 4-nodes in order to maintain the invariant that the current */\ + /* node is not a 2-node. This allows simple deletion once a leaf */\ + /* is reached. Handle the root specially though, since there may */\ + /* be no way to convert it from a 2-node to a 3-node. */\ + rbp_r_cmp = (a_cmp)((a_node), rbp_r_c); \ + if (rbp_r_cmp < 0) { \ + rbp_r_t = rbp_left_get(a_type, a_field, rbp_r_c); \ + rbp_r_u = rbp_left_get(a_type, a_field, rbp_r_t); \ + if (rbp_red_get(a_type, a_field, rbp_r_t) == false \ + && rbp_red_get(a_type, a_field, rbp_r_u) == false) { \ + /* Apply standard transform to prepare for left move. */\ + rbp_move_red_left(a_type, a_field, rbp_r_c, rbp_r_t); \ + rbp_black_set(a_type, a_field, rbp_r_t); \ + rbp_left_set(a_type, a_field, rbp_r_p, rbp_r_t); \ + rbp_r_c = rbp_r_t; \ + } else { \ + /* Move left. */\ + rbp_r_p = rbp_r_c; \ + rbp_r_c = rbp_left_get(a_type, a_field, rbp_r_c); \ + } \ + } else { \ + if (rbp_r_cmp == 0) { \ + assert((a_node) == rbp_r_c); \ + if (rbp_right_get(a_type, a_field, rbp_r_c) \ + == &(a_tree)->rbt_nil) { \ + /* Delete root node (which is also a leaf node). */\ + if (rbp_left_get(a_type, a_field, rbp_r_c) \ + != &(a_tree)->rbt_nil) { \ + rbp_lean_right(a_type, a_field, rbp_r_c, rbp_r_t); \ + rbp_right_set(a_type, a_field, rbp_r_t, \ + &(a_tree)->rbt_nil); \ + } else { \ + rbp_r_t = &(a_tree)->rbt_nil; \ + } \ + rbp_left_set(a_type, a_field, rbp_r_p, rbp_r_t); \ + } else { \ + /* This is the node we want to delete, but we will */\ + /* instead swap it with its successor and delete the */\ + /* successor. Record enough information to do the */\ + /* swap later. rbp_r_xp is the a_node's parent. */\ + rbp_r_xp = rbp_r_p; \ + rbp_r_cmp = 1; /* Note that deletion is incomplete. */\ + } \ + } \ + if (rbp_r_cmp == 1) { \ + if (rbp_red_get(a_type, a_field, rbp_left_get(a_type, \ + a_field, rbp_right_get(a_type, a_field, rbp_r_c))) \ + == false) { \ + rbp_r_t = rbp_left_get(a_type, a_field, rbp_r_c); \ + if (rbp_red_get(a_type, a_field, rbp_r_t)) { \ + /* Standard transform. */\ + rbp_move_red_right(a_type, a_field, rbp_r_c, \ + rbp_r_t); \ + } else { \ + /* Root-specific transform. */\ + rbp_red_set(a_type, a_field, rbp_r_c); \ + rbp_r_u = rbp_left_get(a_type, a_field, rbp_r_t); \ + if (rbp_red_get(a_type, a_field, rbp_r_u)) { \ + rbp_black_set(a_type, a_field, rbp_r_u); \ + rbp_rotate_right(a_type, a_field, rbp_r_c, \ + rbp_r_t); \ + rbp_rotate_left(a_type, a_field, rbp_r_c, \ + rbp_r_u); \ + rbp_right_set(a_type, a_field, rbp_r_t, \ + rbp_r_u); \ + } else { \ + rbp_red_set(a_type, a_field, rbp_r_t); \ + rbp_rotate_left(a_type, a_field, rbp_r_c, \ + rbp_r_t); \ + } \ + } \ + rbp_left_set(a_type, a_field, rbp_r_p, rbp_r_t); \ + rbp_r_c = rbp_r_t; \ + } else { \ + /* Move right. */\ + rbp_r_p = rbp_r_c; \ + rbp_r_c = rbp_right_get(a_type, a_field, rbp_r_c); \ + } \ + } \ + } \ + if (rbp_r_cmp != 0) { \ + while (true) { \ + assert(rbp_r_p != &(a_tree)->rbt_nil); \ + rbp_r_cmp = (a_cmp)((a_node), rbp_r_c); \ + if (rbp_r_cmp < 0) { \ + rbp_r_t = rbp_left_get(a_type, a_field, rbp_r_c); \ + if (rbp_r_t == &(a_tree)->rbt_nil) { \ + /* rbp_r_c now refers to the successor node to */\ + /* relocate, and rbp_r_xp/a_node refer to the */\ + /* context for the relocation. */\ + if (rbp_left_get(a_type, a_field, rbp_r_xp) \ + == (a_node)) { \ + rbp_left_set(a_type, a_field, rbp_r_xp, \ + rbp_r_c); \ + } else { \ + assert(rbp_right_get(a_type, a_field, \ + rbp_r_xp) == (a_node)); \ + rbp_right_set(a_type, a_field, rbp_r_xp, \ + rbp_r_c); \ + } \ + rbp_left_set(a_type, a_field, rbp_r_c, \ + rbp_left_get(a_type, a_field, (a_node))); \ + rbp_right_set(a_type, a_field, rbp_r_c, \ + rbp_right_get(a_type, a_field, (a_node))); \ + rbp_color_set(a_type, a_field, rbp_r_c, \ + rbp_red_get(a_type, a_field, (a_node))); \ + if (rbp_left_get(a_type, a_field, rbp_r_p) \ + == rbp_r_c) { \ + rbp_left_set(a_type, a_field, rbp_r_p, \ + &(a_tree)->rbt_nil); \ + } else { \ + assert(rbp_right_get(a_type, a_field, rbp_r_p) \ + == rbp_r_c); \ + rbp_right_set(a_type, a_field, rbp_r_p, \ + &(a_tree)->rbt_nil); \ + } \ + break; \ + } \ + rbp_r_u = rbp_left_get(a_type, a_field, rbp_r_t); \ + if (rbp_red_get(a_type, a_field, rbp_r_t) == false \ + && rbp_red_get(a_type, a_field, rbp_r_u) == false) { \ + rbp_move_red_left(a_type, a_field, rbp_r_c, \ + rbp_r_t); \ + if (rbp_left_get(a_type, a_field, rbp_r_p) \ + == rbp_r_c) { \ + rbp_left_set(a_type, a_field, rbp_r_p, rbp_r_t);\ + } else { \ + rbp_right_set(a_type, a_field, rbp_r_p, \ + rbp_r_t); \ + } \ + rbp_r_c = rbp_r_t; \ + } else { \ + rbp_r_p = rbp_r_c; \ + rbp_r_c = rbp_left_get(a_type, a_field, rbp_r_c); \ + } \ + } else { \ + /* Check whether to delete this node (it has to be */\ + /* the correct node and a leaf node). */\ + if (rbp_r_cmp == 0) { \ + assert((a_node) == rbp_r_c); \ + if (rbp_right_get(a_type, a_field, rbp_r_c) \ + == &(a_tree)->rbt_nil) { \ + /* Delete leaf node. */\ + if (rbp_left_get(a_type, a_field, rbp_r_c) \ + != &(a_tree)->rbt_nil) { \ + rbp_lean_right(a_type, a_field, rbp_r_c, \ + rbp_r_t); \ + rbp_right_set(a_type, a_field, rbp_r_t, \ + &(a_tree)->rbt_nil); \ + } else { \ + rbp_r_t = &(a_tree)->rbt_nil; \ + } \ + if (rbp_left_get(a_type, a_field, rbp_r_p) \ + == rbp_r_c) { \ + rbp_left_set(a_type, a_field, rbp_r_p, \ + rbp_r_t); \ + } else { \ + rbp_right_set(a_type, a_field, rbp_r_p, \ + rbp_r_t); \ + } \ + break; \ + } else { \ + /* This is the node we want to delete, but we */\ + /* will instead swap it with its successor */\ + /* and delete the successor. Record enough */\ + /* information to do the swap later. */\ + /* rbp_r_xp is a_node's parent. */\ + rbp_r_xp = rbp_r_p; \ + } \ + } \ + rbp_r_t = rbp_right_get(a_type, a_field, rbp_r_c); \ + rbp_r_u = rbp_left_get(a_type, a_field, rbp_r_t); \ + if (rbp_red_get(a_type, a_field, rbp_r_u) == false) { \ + rbp_move_red_right(a_type, a_field, rbp_r_c, \ + rbp_r_t); \ + if (rbp_left_get(a_type, a_field, rbp_r_p) \ + == rbp_r_c) { \ + rbp_left_set(a_type, a_field, rbp_r_p, rbp_r_t);\ + } else { \ + rbp_right_set(a_type, a_field, rbp_r_p, \ + rbp_r_t); \ + } \ + rbp_r_c = rbp_r_t; \ + } else { \ + rbp_r_p = rbp_r_c; \ + rbp_r_c = rbp_right_get(a_type, a_field, rbp_r_c); \ + } \ + } \ + } \ + } \ + /* Update root. */\ + (a_tree)->rbt_root = rbp_left_get(a_type, a_field, &rbp_r_s); \ +} while (0) + +/* + * The rb_wrap() macro provides a convenient way to wrap functions around the + * cpp macros. The main benefits of wrapping are that 1) repeated macro + * expansion can cause code bloat, especially for rb_{insert,remove)(), and + * 2) type, linkage, comparison functions, etc. need not be specified at every + * call point. + */ + +#define rb_wrap(a_attr, a_prefix, a_tree_type, a_type, a_field, a_cmp) \ +a_attr void \ +a_prefix##new(a_tree_type *tree) { \ + rb_new(a_type, a_field, tree); \ +} \ +a_attr a_type * \ +a_prefix##first(a_tree_type *tree) { \ + a_type *ret; \ + rb_first(a_type, a_field, tree, ret); \ + return (ret); \ +} \ +a_attr a_type * \ +a_prefix##last(a_tree_type *tree) { \ + a_type *ret; \ + rb_last(a_type, a_field, tree, ret); \ + return (ret); \ +} \ +a_attr a_type * \ +a_prefix##next(a_tree_type *tree, a_type *node) { \ + a_type *ret; \ + rb_next(a_type, a_field, a_cmp, tree, node, ret); \ + return (ret); \ +} \ +a_attr a_type * \ +a_prefix##prev(a_tree_type *tree, a_type *node) { \ + a_type *ret; \ + rb_prev(a_type, a_field, a_cmp, tree, node, ret); \ + return (ret); \ +} \ +a_attr a_type * \ +a_prefix##search(a_tree_type *tree, a_type *key) { \ + a_type *ret; \ + rb_search(a_type, a_field, a_cmp, tree, key, ret); \ + return (ret); \ +} \ +a_attr a_type * \ +a_prefix##nsearch(a_tree_type *tree, a_type *key) { \ + a_type *ret; \ + rb_nsearch(a_type, a_field, a_cmp, tree, key, ret); \ + return (ret); \ +} \ +a_attr a_type * \ +a_prefix##psearch(a_tree_type *tree, a_type *key) { \ + a_type *ret; \ + rb_psearch(a_type, a_field, a_cmp, tree, key, ret); \ + return (ret); \ +} \ +a_attr void \ +a_prefix##insert(a_tree_type *tree, a_type *node) { \ + rb_insert(a_type, a_field, a_cmp, tree, node); \ +} \ +a_attr void \ +a_prefix##remove(a_tree_type *tree, a_type *node) { \ + rb_remove(a_type, a_field, a_cmp, tree, node); \ +} + +/* + * The iterators simulate recursion via an array of pointers that store the + * current path. This is critical to performance, since a series of calls to + * rb_{next,prev}() would require time proportional to (n lg n), whereas this + * implementation only requires time proportional to (n). + * + * Since the iterators cache a path down the tree, any tree modification may + * cause the cached path to become invalid. In order to continue iteration, + * use something like the following sequence: + * + * { + * a_type *node, *tnode; + * + * rb_foreach_begin(a_type, a_field, a_tree, node) { + * ... + * rb_next(a_type, a_field, a_cmp, a_tree, node, tnode); + * rb_remove(a_type, a_field, a_cmp, a_tree, node); + * rb_foreach_next(a_type, a_field, a_cmp, a_tree, tnode); + * ... + * } rb_foreach_end(a_type, a_field, a_tree, node) + * } + * + * Note that this idiom is not advised if every iteration modifies the tree, + * since in that case there is no algorithmic complexity improvement over a + * series of rb_{next,prev}() calls, thus making the setup overhead wasted + * effort. + */ + +/* + * Avoid using variable-length arrays. + * Size the path arrays such that they are always large enough, even if a + * tree consumes all of memory. Since each node must contain a minimum of + * two pointers, there can never be more nodes than: + * + * 1 << ((SIZEOF_PTR<<3) - (SIZEOF_PTR_2POW+1)) + * + * Since the depth of a tree is limited to 3*lg(#nodes), the maximum depth + * is: + * + * (3 * ((SIZEOF_PTR<<3) - (SIZEOF_PTR_2POW+1))) + * + * This works out to a maximum depth of 87 and 180 for 32- and 64-bit + * systems, respectively (approximatly 348 and 1440 bytes, respectively). + */ +#define rbp_compute_f_height(a_type, a_field, a_tree) +#define rbp_f_height (3 * ((SIZEOF_PTR<<3) - (SIZEOF_PTR_2POW+1))) +#define rbp_compute_fr_height(a_type, a_field, a_tree) +#define rbp_fr_height (3 * ((SIZEOF_PTR<<3) - (SIZEOF_PTR_2POW+1))) + +#define rb_foreach_begin(a_type, a_field, a_tree, a_var) { \ + rbp_compute_f_height(a_type, a_field, a_tree) \ + { \ + /* Initialize the path to contain the left spine. */\ + a_type *rbp_f_path[rbp_f_height]; \ + a_type *rbp_f_node; \ + bool rbp_f_synced = false; \ + unsigned rbp_f_depth = 0; \ + if ((a_tree)->rbt_root != &(a_tree)->rbt_nil) { \ + rbp_f_path[rbp_f_depth] = (a_tree)->rbt_root; \ + rbp_f_depth++; \ + while ((rbp_f_node = rbp_left_get(a_type, a_field, \ + rbp_f_path[rbp_f_depth-1])) != &(a_tree)->rbt_nil) { \ + rbp_f_path[rbp_f_depth] = rbp_f_node; \ + rbp_f_depth++; \ + } \ + } \ + /* While the path is non-empty, iterate. */\ + while (rbp_f_depth > 0) { \ + (a_var) = rbp_f_path[rbp_f_depth-1]; + +/* Only use if modifying the tree during iteration. */ +#define rb_foreach_next(a_type, a_field, a_cmp, a_tree, a_node) \ + /* Re-initialize the path to contain the path to a_node. */\ + rbp_f_depth = 0; \ + if (a_node != NULL) { \ + if ((a_tree)->rbt_root != &(a_tree)->rbt_nil) { \ + rbp_f_path[rbp_f_depth] = (a_tree)->rbt_root; \ + rbp_f_depth++; \ + rbp_f_node = rbp_f_path[0]; \ + while (true) { \ + int rbp_f_cmp = (a_cmp)((a_node), \ + rbp_f_path[rbp_f_depth-1]); \ + if (rbp_f_cmp < 0) { \ + rbp_f_node = rbp_left_get(a_type, a_field, \ + rbp_f_path[rbp_f_depth-1]); \ + } else if (rbp_f_cmp > 0) { \ + rbp_f_node = rbp_right_get(a_type, a_field, \ + rbp_f_path[rbp_f_depth-1]); \ + } else { \ + break; \ + } \ + assert(rbp_f_node != &(a_tree)->rbt_nil); \ + rbp_f_path[rbp_f_depth] = rbp_f_node; \ + rbp_f_depth++; \ + } \ + } \ + } \ + rbp_f_synced = true; + +#define rb_foreach_end(a_type, a_field, a_tree, a_var) \ + if (rbp_f_synced) { \ + rbp_f_synced = false; \ + continue; \ + } \ + /* Find the successor. */\ + if ((rbp_f_node = rbp_right_get(a_type, a_field, \ + rbp_f_path[rbp_f_depth-1])) != &(a_tree)->rbt_nil) { \ + /* The successor is the left-most node in the right */\ + /* subtree. */\ + rbp_f_path[rbp_f_depth] = rbp_f_node; \ + rbp_f_depth++; \ + while ((rbp_f_node = rbp_left_get(a_type, a_field, \ + rbp_f_path[rbp_f_depth-1])) != &(a_tree)->rbt_nil) { \ + rbp_f_path[rbp_f_depth] = rbp_f_node; \ + rbp_f_depth++; \ + } \ + } else { \ + /* The successor is above the current node. Unwind */\ + /* until a left-leaning edge is removed from the */\ + /* path, or the path is empty. */\ + for (rbp_f_depth--; rbp_f_depth > 0; rbp_f_depth--) { \ + if (rbp_left_get(a_type, a_field, \ + rbp_f_path[rbp_f_depth-1]) \ + == rbp_f_path[rbp_f_depth]) { \ + break; \ + } \ + } \ + } \ + } \ + } \ +} + +#define rb_foreach_reverse_begin(a_type, a_field, a_tree, a_var) { \ + rbp_compute_fr_height(a_type, a_field, a_tree) \ + { \ + /* Initialize the path to contain the right spine. */\ + a_type *rbp_fr_path[rbp_fr_height]; \ + a_type *rbp_fr_node; \ + bool rbp_fr_synced = false; \ + unsigned rbp_fr_depth = 0; \ + if ((a_tree)->rbt_root != &(a_tree)->rbt_nil) { \ + rbp_fr_path[rbp_fr_depth] = (a_tree)->rbt_root; \ + rbp_fr_depth++; \ + while ((rbp_fr_node = rbp_right_get(a_type, a_field, \ + rbp_fr_path[rbp_fr_depth-1])) != &(a_tree)->rbt_nil) { \ + rbp_fr_path[rbp_fr_depth] = rbp_fr_node; \ + rbp_fr_depth++; \ + } \ + } \ + /* While the path is non-empty, iterate. */\ + while (rbp_fr_depth > 0) { \ + (a_var) = rbp_fr_path[rbp_fr_depth-1]; + +/* Only use if modifying the tree during iteration. */ +#define rb_foreach_reverse_prev(a_type, a_field, a_cmp, a_tree, a_node) \ + /* Re-initialize the path to contain the path to a_node. */\ + rbp_fr_depth = 0; \ + if (a_node != NULL) { \ + if ((a_tree)->rbt_root != &(a_tree)->rbt_nil) { \ + rbp_fr_path[rbp_fr_depth] = (a_tree)->rbt_root; \ + rbp_fr_depth++; \ + rbp_fr_node = rbp_fr_path[0]; \ + while (true) { \ + int rbp_fr_cmp = (a_cmp)((a_node), \ + rbp_fr_path[rbp_fr_depth-1]); \ + if (rbp_fr_cmp < 0) { \ + rbp_fr_node = rbp_left_get(a_type, a_field, \ + rbp_fr_path[rbp_fr_depth-1]); \ + } else if (rbp_fr_cmp > 0) { \ + rbp_fr_node = rbp_right_get(a_type, a_field,\ + rbp_fr_path[rbp_fr_depth-1]); \ + } else { \ + break; \ + } \ + assert(rbp_fr_node != &(a_tree)->rbt_nil); \ + rbp_fr_path[rbp_fr_depth] = rbp_fr_node; \ + rbp_fr_depth++; \ + } \ + } \ + } \ + rbp_fr_synced = true; + +#define rb_foreach_reverse_end(a_type, a_field, a_tree, a_var) \ + if (rbp_fr_synced) { \ + rbp_fr_synced = false; \ + continue; \ + } \ + if (rbp_fr_depth == 0) { \ + /* rb_foreach_reverse_sync() was called with a NULL */\ + /* a_node. */\ + break; \ + } \ + /* Find the predecessor. */\ + if ((rbp_fr_node = rbp_left_get(a_type, a_field, \ + rbp_fr_path[rbp_fr_depth-1])) != &(a_tree)->rbt_nil) { \ + /* The predecessor is the right-most node in the left */\ + /* subtree. */\ + rbp_fr_path[rbp_fr_depth] = rbp_fr_node; \ + rbp_fr_depth++; \ + while ((rbp_fr_node = rbp_right_get(a_type, a_field, \ + rbp_fr_path[rbp_fr_depth-1])) != &(a_tree)->rbt_nil) {\ + rbp_fr_path[rbp_fr_depth] = rbp_fr_node; \ + rbp_fr_depth++; \ + } \ + } else { \ + /* The predecessor is above the current node. Unwind */\ + /* until a right-leaning edge is removed from the */\ + /* path, or the path is empty. */\ + for (rbp_fr_depth--; rbp_fr_depth > 0; rbp_fr_depth--) {\ + if (rbp_right_get(a_type, a_field, \ + rbp_fr_path[rbp_fr_depth-1]) \ + == rbp_fr_path[rbp_fr_depth]) { \ + break; \ + } \ + } \ + } \ + } \ + } \ +} + +#endif /* RB_H_ */ diff --git a/system/memory/replace/dummy/dummy_replace_malloc.c b/system/memory/replace/dummy/dummy_replace_malloc.c new file mode 100644 index 000000000..e2f703826 --- /dev/null +++ b/system/memory/replace/dummy/dummy_replace_malloc.c @@ -0,0 +1,15 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/Types.h" + +/* + * Dummy functions for linking purpose on OSX with older XCode. + * See details in configure.in, under "Replace-malloc Mac linkage quirks" + */ +#define MALLOC_FUNCS MALLOC_FUNCS_ALL +#define MALLOC_DECL(name, ...) \ + MOZ_EXPORT void replace_ ## name() { } + +#include "malloc_decls.h" diff --git a/system/memory/replace/dummy/moz.build b/system/memory/replace/dummy/moz.build new file mode 100644 index 000000000..329016803 --- /dev/null +++ b/system/memory/replace/dummy/moz.build @@ -0,0 +1,13 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +DIST_INSTALL = False + +SOURCES += [ + 'dummy_replace_malloc.c', +] + +SharedLibrary('dummy_replace_malloc') + +DISABLE_STL_WRAPPING = True diff --git a/system/memory/replace/logalloc/FdPrintf.cpp b/system/memory/replace/logalloc/FdPrintf.cpp new file mode 100644 index 000000000..3c32743d8 --- /dev/null +++ b/system/memory/replace/logalloc/FdPrintf.cpp @@ -0,0 +1,131 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <cstdarg> + +#ifdef _WIN32 +#include <windows.h> +#else +#include <unistd.h> +#endif +#include <cstring> +#include "mozilla/Assertions.h" +#include "mozilla/Unused.h" + +/* Template class allowing a limited number of increments on a value */ +template <typename T> +class CheckedIncrement +{ +public: + CheckedIncrement(T aValue, size_t aMaxIncrement) + : mValue(aValue), mMaxIncrement(aMaxIncrement) + {} + + T operator ++(int) + { + if (!mMaxIncrement) { + MOZ_CRASH("overflow detected"); + } + mMaxIncrement--; + return mValue++; + } + + T& operator ++() + { + (*this)++; + return mValue; + } + + operator T() { return mValue; } + +private: + T mValue; + size_t mMaxIncrement; +}; + +void +FdPrintf(intptr_t aFd, const char* aFormat, ...) +{ + if (aFd == 0) { + return; + } + char buf[256]; + CheckedIncrement<char*> b(buf, sizeof(buf)); + CheckedIncrement<const char*> f(aFormat, strlen(aFormat) + 1); + va_list ap; + va_start(ap, aFormat); + while (true) { + switch (*f) { + case '\0': + goto out; + + case '%': + switch (*++f) { + case 'z': { + if (*(++f) == 'u') { + size_t i = va_arg(ap, size_t); + size_t x = 1; + // Compute the number of digits. + while (x <= i / 10) { + x *= 10; + } + // Write the digits into the buffer. + do { + *(b++) = "0123456789"[(i / x) % 10]; + x /= 10; + } while (x > 0); + } else { + // Write out the format specifier if it's unknown. + *(b++) = '%'; + *(b++) = 'z'; + *(b++) = *f; + } + break; + } + + case 'p': { + intptr_t ptr = va_arg(ap, intptr_t); + *(b++) = '0'; + *(b++) = 'x'; + int x = sizeof(intptr_t) * 8; + bool wrote_msb = false; + do { + x -= 4; + size_t hex_digit = ptr >> x & 0xf; + if (hex_digit || wrote_msb) { + *(b++) = "0123456789abcdef"[hex_digit]; + wrote_msb = true; + } + } while (x > 0); + if (!wrote_msb) { + *(b++) = '0'; + } + break; + } + + default: + // Write out the format specifier if it's unknown. + *(b++) = '%'; + *(b++) = *f; + break; + } + break; + + default: + *(b++) = *f; + break; + } + f++; + } +out: +#ifdef _WIN32 + // See comment in FdPrintf.h as to why WriteFile is used. + DWORD written; + WriteFile(reinterpret_cast<HANDLE>(aFd), buf, b - buf, &written, nullptr); +#else + MOZ_UNUSED(write(aFd, buf, b - buf)); +#endif + va_end(ap); +} diff --git a/system/memory/replace/logalloc/FdPrintf.h b/system/memory/replace/logalloc/FdPrintf.h new file mode 100644 index 000000000..552db2b64 --- /dev/null +++ b/system/memory/replace/logalloc/FdPrintf.h @@ -0,0 +1,25 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __FdPrintf_h__ +#define __FdPrintf_h__ + +/* We can't use libc's (f)printf because it would reenter in replace_malloc, + * So use a custom and simplified version. + * Only %p and %z are supported. + * /!\ This function used a fixed-size internal buffer. The caller is + * expected to not use a format string that may overflow. + * The aFd argument is a file descriptor on UNIX and a native win32 file + * handle on Windows (from CreateFile). We can't use the windows POSIX + * APIs is that they don't support O_APPEND in a multi-process-safe way, + * while CreateFile does. + */ +extern void FdPrintf(intptr_t aFd, const char* aFormat, ...) +#ifdef __GNUC__ +__attribute__((format(printf, 2, 3))) +#endif +; + +#endif /* __FdPrintf_h__ */ diff --git a/system/memory/replace/logalloc/LogAlloc.cpp b/system/memory/replace/logalloc/LogAlloc.cpp new file mode 100644 index 000000000..f475db409 --- /dev/null +++ b/system/memory/replace/logalloc/LogAlloc.cpp @@ -0,0 +1,265 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <cstdlib> +#include <cstdio> +#include <fcntl.h> + +#ifdef _WIN32 +#include <windows.h> +#include <io.h> +#include <process.h> +#else +#include <unistd.h> +#include <pthread.h> +#endif + +#include "replace_malloc.h" +#include "FdPrintf.h" + +#include "base/lock.h" + +static const malloc_table_t* sFuncs = nullptr; +static intptr_t sFd = 0; +static bool sStdoutOrStderr = false; + +static Lock sLock; + +static void +prefork() { + sLock.Acquire(); +} + +static void +postfork() { + sLock.Release(); +} + +static size_t +GetPid() +{ + return size_t(getpid()); +} + +static size_t +GetTid() +{ +#if defined(_WIN32) + return size_t(GetCurrentThreadId()); +#else + return size_t(pthread_self()); +#endif +} + +class LogAllocBridge : public ReplaceMallocBridge +{ + virtual void InitDebugFd(mozilla::DebugFdRegistry& aRegistry) override { + if (!sStdoutOrStderr) { + aRegistry.RegisterHandle(sFd); + } + } +}; + +void +replace_init(const malloc_table_t* aTable) +{ + sFuncs = aTable; + +#ifndef _WIN32 + /* When another thread has acquired a lock before forking, the child + * process will inherit the lock state but the thread, being nonexistent + * in the child process, will never release it, leading to a dead-lock + * whenever the child process gets the lock. We thus need to ensure no + * other thread is holding the lock before forking, by acquiring it + * ourselves, and releasing it after forking, both in the parent and child + * processes. + * Windows doesn't have this problem since there is no fork(). + * The real allocator, however, might be doing the same thing (jemalloc + * does). But pthread_atfork `prepare` handlers (first argument) are + * processed in reverse order they were established. But replace_init + * runs before the real allocator has had any chance to initialize and + * call pthread_atfork itself. This leads to its prefork running before + * ours. This leads to a race condition that can lead to a deadlock like + * the following: + * - thread A forks. + * - libc calls real allocator's prefork, so thread A holds the real + * allocator lock. + * - thread B calls malloc, which calls our replace_malloc. + * - consequently, thread B holds our lock. + * - thread B then proceeds to call the real allocator's malloc, and + * waits for the real allocator's lock, which thread A holds. + * - libc calls our prefork, so thread A waits for our lock, which + * thread B holds. + * To avoid this race condition, the real allocator's prefork must be + * called after ours, which means it needs to be registered before ours. + * So trick the real allocator into initializing itself without more side + * effects by calling malloc with a size it can't possibly allocate. */ + sFuncs->malloc(-1); + pthread_atfork(prefork, postfork, postfork); +#endif + + /* Initialize output file descriptor from the MALLOC_LOG environment + * variable. Numbers up to 9999 are considered as a preopened file + * descriptor number. Other values are considered as a file name. */ + char* log = getenv("MALLOC_LOG"); + if (log && *log) { + int fd = 0; + const char *fd_num = log; + while (*fd_num) { + /* Reject non digits. */ + if (*fd_num < '0' || *fd_num > '9') { + fd = -1; + break; + } + fd = fd * 10 + (*fd_num - '0'); + /* Reject values >= 10000. */ + if (fd >= 10000) { + fd = -1; + break; + } + fd_num++; + } + if (fd == 1 || fd == 2) { + sStdoutOrStderr = true; + } +#ifdef _WIN32 + // See comment in FdPrintf.h as to why CreateFile is used. + HANDLE handle; + if (fd > 0) { + handle = reinterpret_cast<HANDLE>(_get_osfhandle(fd)); + } else { + handle = CreateFileA(log, FILE_APPEND_DATA, FILE_SHARE_READ | + FILE_SHARE_WRITE, nullptr, OPEN_ALWAYS, + FILE_ATTRIBUTE_NORMAL, nullptr); + } + if (handle != INVALID_HANDLE_VALUE) { + sFd = reinterpret_cast<intptr_t>(handle); + } +#else + if (fd == -1) { + fd = open(log, O_WRONLY | O_CREAT | O_APPEND, 0644); + } + if (fd > 0) { + sFd = fd; + } +#endif + } +} + +ReplaceMallocBridge* +replace_get_bridge() +{ + static LogAllocBridge bridge; + return &bridge; +} + +/* Do a simple, text-form, log of all calls to replace-malloc functions. + * Use locking to guarantee that an allocation that did happen is logged + * before any other allocation/free happens. + * TODO: Add a thread id to the log: different allocators, or even different + * configurations of jemalloc behave differently when allocations are coming + * from different threads. Reproducing those multi-threaded workloads would be + * useful to test those differences. + */ + +void* +replace_malloc(size_t aSize) +{ + AutoLock lock(sLock); + void* ptr = sFuncs->malloc(aSize); + if (ptr) { + FdPrintf(sFd, "%zu %zu malloc(%zu)=%p\n", GetPid(), GetTid(), aSize, ptr); + } + return ptr; +} + +int +replace_posix_memalign(void** aPtr, size_t aAlignment, size_t aSize) +{ + AutoLock lock(sLock); + int ret = sFuncs->posix_memalign(aPtr, aAlignment, aSize); + if (ret == 0) { + FdPrintf(sFd, "%zu %zu posix_memalign(%zu,%zu)=%p\n", GetPid(), GetTid(), + aAlignment, aSize, *aPtr); + } + return ret; +} + +void* +replace_aligned_alloc(size_t aAlignment, size_t aSize) +{ + AutoLock lock(sLock); + void* ptr = sFuncs->aligned_alloc(aAlignment, aSize); + if (ptr) { + FdPrintf(sFd, "%zu %zu aligned_alloc(%zu,%zu)=%p\n", GetPid(), GetTid(), + aAlignment, aSize, ptr); + } + return ptr; +} + +void* +replace_calloc(size_t aNum, size_t aSize) +{ + AutoLock lock(sLock); + void* ptr = sFuncs->calloc(aNum, aSize); + if (ptr) { + FdPrintf(sFd, "%zu %zu calloc(%zu,%zu)=%p\n", GetPid(), GetTid(), aNum, + aSize, ptr); + } + return ptr; +} + +void* +replace_realloc(void* aPtr, size_t aSize) +{ + AutoLock lock(sLock); + void* new_ptr = sFuncs->realloc(aPtr, aSize); + if (new_ptr || !aSize) { + FdPrintf(sFd, "%zu %zu realloc(%p,%zu)=%p\n", GetPid(), GetTid(), aPtr, + aSize, new_ptr); + } + return new_ptr; +} + +void +replace_free(void* aPtr) +{ + AutoLock lock(sLock); + if (aPtr) { + FdPrintf(sFd, "%zu %zu free(%p)\n", GetPid(), GetTid(), aPtr); + } + sFuncs->free(aPtr); +} + +void* +replace_memalign(size_t aAlignment, size_t aSize) +{ + AutoLock lock(sLock); + void* ptr = sFuncs->memalign(aAlignment, aSize); + if (ptr) { + FdPrintf(sFd, "%zu %zu memalign(%zu,%zu)=%p\n", GetPid(), GetTid(), + aAlignment, aSize, ptr); + } + return ptr; +} + +void* +replace_valloc(size_t aSize) +{ + AutoLock lock(sLock); + void* ptr = sFuncs->valloc(aSize); + if (ptr) { + FdPrintf(sFd, "%zu %zu valloc(%zu)=%p\n", GetPid(), GetTid(), aSize, ptr); + } + return ptr; +} + +void +replace_jemalloc_stats(jemalloc_stats_t* aStats) +{ + AutoLock lock(sLock); + sFuncs->jemalloc_stats(aStats); + FdPrintf(sFd, "%zu %zu jemalloc_stats()\n", GetPid(), GetTid()); +} diff --git a/system/memory/replace/logalloc/README b/system/memory/replace/logalloc/README new file mode 100644 index 000000000..ce0d82be8 --- /dev/null +++ b/system/memory/replace/logalloc/README @@ -0,0 +1,107 @@ +Logalloc is a replace-malloc library for Firefox (see +memory/build/replace_malloc.h) that dumps a log of memory allocations to a +given file descriptor or file name. That log can then be replayed against +Firefox's default memory allocator independently or through another +replace-malloc library, allowing the testing of other allocators under the +exact same workload. + +To get an allocation log the following environment variables need to be set +when starting Firefox: +- on Linux: + LD_PRELOAD=/path/to/liblogalloc.so +- on Mac OSX: + DYLD_INSERT_LIBRARIES=/path/to/liblogalloc.dylib +- on Windows: + MOZ_REPLACE_MALLOC_LIB=/path/to/logalloc.dll +- on Android: + MOZ_REPLACE_MALLOC_LIB=/path/to/liblogalloc.so + (see https://wiki.mozilla.org/Mobile/Fennec/Android#Arguments_and_Environment_Variables + for how to pass environment variables to Firefox for Android) + +- on all platforms: + MALLOC_LOG=/path/to/log-file + or + MALLOC_LOG=number + +When MALLOC_LOG is a number below 10000, it is considered as a file +descriptor number that is fed to Firefox when it is started. Otherwise, +it is considered as a file name. + +As those allocation logs can grow large quite quickly, it can be useful +to pipe the output to a compression tool. + +MALLOC_LOG=1 would send to Firefox's stdout, MALLOC_LOG=2 would send to +its stderr. Since in both cases that could be mixed with other output +from Firefox, it is usually better to use another file descriptor +by shell redirections, such as: + + MALLOC_LOG=3 firefox 3>&1 1>&2 | gzip -c > log.gz + +(3>&1 copies the `| gzip` pipe file descriptor to file descriptor #3, 1>&2 +then copies stderr to stdout. This leads to: fd1 and fd2 sending to stderr +of the parent process (the shell), and fd3 sending to gzip.) + +Each line of the allocations log is formatted as follows: + <pid> <tid> <function>([<args>])[=<result>] +where <args> is a comma separated list of values. The number of <args> and +the presence of <result> depend on the <function>. + +Example log: + 18545 18545 malloc(32)=0x7f90495120e0 + 18545 18545 calloc(1,148)=0x7f9049537480 + 18545 18545 realloc(0x7f90495120e0,64)=0x7f9049536680 + 18545 18545 posix_memalign(256,240)=0x7f9049583300 + 18545 18545 jemalloc_stats() + 18545 18545 free(0x7f9049536680) + +This log can be replayed with the logalloc-replay tool in +memory/replace/logalloc/replay. However, as the goal of that tool is to +reproduce the recorded memory allocations, it needs to avoid as much as +possible doing its own allocations for bookkeeping. Reading the logs as +they are would require data structures and memory allocations. As a +consequence, the logs need to be preprocessed beforehand. + +The logalloc_munge.py script is responsible for that preprocessing. It simply +takes a raw log on its stdin, and outputs the preprocessed log on its stdout. +It replaces pointer addresses with indexes the logalloc-replay tool can use +in a large (almost) linear array of allocation tracking slots (prefixed with +'#'). It also replaces the pids with numbers starting from 1 (such as the +first seen pid number is 1, the second is 2, etc.). + +The above example log would become the following, once preprocessed: + 1 1 malloc(32)=#1 + 1 1 calloc(1,148)=#2 + 1 1 realloc(#1,64)=#1 + 1 1 posix_memalign(256,240)=#3 + 1 1 jemalloc_stats() + 1 1 free(#1) + +The logalloc-replay tool then takes the preprocessed log on its stdin and +replays the allocations printed there, but will only replay those with the +same process id as the first line (which normally is 1). + +As the log files are simple text files, though, it is easy to separate out +the different processes log with e.g. grep, and feed the separate processes +logs to logalloc-replay. + +The logalloc-replay program won't output anything unless jemalloc_stats +records appears in the log. You can expect those to be recorded when going +to about:memory in Firefox, but they can also be added after preprocessing. + +Here is an example of what one can do: + + gunzip -c log.gz | python logalloc_munge.py | \ + awk '$1 == "2" { print $0 } !(NR % 10000) { print "2 1 jemalloc_stats()" }' | \ + ./logalloc-replay + +The above command replays the allocations of process #2, with some stats +output every 10000 records. + +The logalloc-replay tool itself being hooked with replace-malloc, it is possible +to set LD_PRELOAD/DYLD_INSERT_LIBRARIES/MOZ_REPLACE_MALLOC_LIB and replay a log +through a different allocator. For example: + + LD_PRELOAD=libreplace_jemalloc.so logalloc-replay < log + +Will replay the log against jemalloc4 (which is, as of writing, what +libreplace_jemalloc.so contains). diff --git a/system/memory/replace/logalloc/moz.build b/system/memory/replace/logalloc/moz.build new file mode 100644 index 000000000..2aea7a388 --- /dev/null +++ b/system/memory/replace/logalloc/moz.build @@ -0,0 +1,28 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SharedLibrary('logalloc') + +SOURCES += [ + 'FdPrintf.cpp', + 'LogAlloc.cpp', +] + +DISABLE_STL_WRAPPING = True +USE_STATIC_LIBS = True +DEFINES['MOZ_NO_MOZALLOC'] = True +# Avoid Lock_impl code depending on mozilla::Logger. +DEFINES['NDEBUG'] = True +DEFINES['DEBUG'] = False + +# Use locking code from the chromium stack. +if CONFIG['OS_TARGET'] == 'WINNT': + SOURCES += ['../../../ipc/chromium/src/base/lock_impl_win.cc'] +else: + SOURCES += ['../../../ipc/chromium/src/base/lock_impl_posix.cc'] + +include('/ipc/chromium/chromium-config.mozbuild') + +DIRS += ['replay'] diff --git a/system/memory/replace/logalloc/replay/Makefile.in b/system/memory/replace/logalloc/replay/Makefile.in new file mode 100644 index 000000000..33f6578ec --- /dev/null +++ b/system/memory/replace/logalloc/replay/Makefile.in @@ -0,0 +1,32 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +include $(topsrcdir)/system/utils/build/replace_malloc.mk + +ifndef CROSS_COMPILE + +ifeq ($(OS_TARGET),WINNT) +LOGALLOC = MOZ_REPLACE_MALLOC_LIB=$(CURDIR)/../logalloc.dll +else +ifeq ($(OS_TARGET),Darwin) +LOGALLOC = DYLD_INSERT_LIBRARIES=$(CURDIR)/../liblogalloc.dylib +else +LOGALLOC = LD_PRELOAD=$(CURDIR)/../$(DLL_PREFIX)logalloc$(DLL_SUFFIX) +endif +endif + +expected_output.log: $(srcdir)/replay.log +# The logalloc-replay program will only replay entries from the first pid, +# so the expected output only contains entries beginning with "1 " + grep "^1 " $< > $@ + +check:: $(srcdir)/replay.log expected_output.log +# Test with MALLOC_LOG as a file descriptor number + MALLOC_LOG=1 $(LOGALLOC) ./$(PROGRAM) < $< | $(PYTHON) $(srcdir)/logalloc_munge.py | diff -w - expected_output.log +# Test with MALLOC_LOG as a file name + $(RM) test_output.log + MALLOC_LOG=test_output.log $(LOGALLOC) ./$(PROGRAM) < $< + $(PYTHON) $(srcdir)/logalloc_munge.py < test_output.log | diff -w - expected_output.log + +endif diff --git a/system/memory/replace/logalloc/replay/Replay.cpp b/system/memory/replace/logalloc/replay/Replay.cpp new file mode 100644 index 000000000..1eb0fac57 --- /dev/null +++ b/system/memory/replace/logalloc/replay/Replay.cpp @@ -0,0 +1,540 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#define MOZ_MEMORY_IMPL +#include "mozmemory_wrap.h" + +#ifdef _WIN32 +#include <windows.h> +#include <io.h> +typedef int ssize_t; +#else +#include <sys/mman.h> +#include <unistd.h> +#endif +#include <algorithm> +#include <cstdio> +#include <cstring> + +#include "mozilla/Assertions.h" +#include "FdPrintf.h" + +static void +die(const char* message) +{ + /* Here, it doesn't matter that fprintf may allocate memory. */ + fprintf(stderr, "%s\n", message); + exit(1); +} + +/* We don't want to be using malloc() to allocate our internal tracking + * data, because that would change the parameters of what is being measured, + * so we want to use data types that directly use mmap/VirtualAlloc. */ +template <typename T, size_t Len> +class MappedArray +{ +public: + MappedArray(): mPtr(nullptr) {} + + ~MappedArray() + { + if (mPtr) { +#ifdef _WIN32 + VirtualFree(mPtr, sizeof(T) * Len, MEM_RELEASE); +#else + munmap(mPtr, sizeof(T) * Len); +#endif + } + } + + T& operator[] (size_t aIndex) const + { + if (mPtr) { + return mPtr[aIndex]; + } + +#ifdef _WIN32 + mPtr = reinterpret_cast<T*>(VirtualAlloc(nullptr, sizeof(T) * Len, + MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE)); + if (mPtr == nullptr) { + die("VirtualAlloc error"); + } +#else + mPtr = reinterpret_cast<T*>(mmap(nullptr, sizeof(T) * Len, + PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, -1, 0)); + if (mPtr == MAP_FAILED) { + die("Mmap error"); + } +#endif + return mPtr[aIndex]; + } + +private: + mutable T* mPtr; +}; + +/* Type for records of allocations. */ +struct MemSlot +{ + void* mPtr; + size_t mSize; +}; + +/* An almost infinite list of slots. + * In essence, this is a linked list of arrays of groups of slots. + * Each group is 1MB. On 64-bits, one group allows to store 64k allocations. + * Each MemSlotList instance can store 1023 such groups, which means more + * than 65M allocations. In case more would be needed, we chain to another + * MemSlotList, and so on. + * Using 1023 groups makes the MemSlotList itself page sized on 32-bits + * and 2 pages-sized on 64-bits. + */ +class MemSlotList +{ + static const size_t kGroups = 1024 - 1; + static const size_t kGroupSize = (1024 * 1024) / sizeof(MemSlot); + + MappedArray<MemSlot, kGroupSize> mSlots[kGroups]; + MappedArray<MemSlotList, 1> mNext; + +public: + MemSlot& operator[] (size_t aIndex) const + { + if (aIndex < kGroupSize * kGroups) { + return mSlots[aIndex / kGroupSize][aIndex % kGroupSize]; + } + aIndex -= kGroupSize * kGroups; + return mNext[0][aIndex]; + } +}; + +/* Helper class for memory buffers */ +class Buffer +{ +public: + Buffer() : mBuf(nullptr), mLength(0) {} + + Buffer(const void* aBuf, size_t aLength) + : mBuf(reinterpret_cast<const char*>(aBuf)), mLength(aLength) + {} + + /* Constructor for string literals. */ + template <size_t Size> + explicit Buffer(const char (&aStr)[Size]) + : mBuf(aStr), mLength(Size - 1) + {} + + /* Returns a sub-buffer up-to but not including the given aNeedle character. + * The "parent" buffer itself is altered to begin after the aNeedle + * character. + * If the aNeedle character is not found, return the entire buffer, and empty + * the "parent" buffer. */ + Buffer SplitChar(char aNeedle) + { + char* buf = const_cast<char*>(mBuf); + char* c = reinterpret_cast<char*>(memchr(buf, aNeedle, mLength)); + if (!c) { + return Split(mLength); + } + + Buffer result = Split(c - buf); + // Remove the aNeedle character itself. + Split(1); + return result; + } + + /* Returns a sub-buffer of at most aLength characters. The "parent" buffer is + * amputated of those aLength characters. If the "parent" buffer is smaller + * than aLength, then its length is used instead. */ + Buffer Split(size_t aLength) + { + Buffer result(mBuf, std::min(aLength, mLength)); + mLength -= result.mLength; + mBuf += result.mLength; + return result; + } + + /* Move the buffer (including its content) to the memory address of the aOther + * buffer. */ + void Slide(Buffer aOther) + { + memmove(const_cast<char*>(aOther.mBuf), mBuf, mLength); + mBuf = aOther.mBuf; + } + + /* Returns whether the two involved buffers have the same content. */ + bool operator ==(Buffer aOther) + { + return mLength == aOther.mLength && (mBuf == aOther.mBuf || + !strncmp(mBuf, aOther.mBuf, mLength)); + } + + /* Returns whether the buffer is empty. */ + explicit operator bool() { return mLength; } + + /* Returns the memory location of the buffer. */ + const char* get() { return mBuf; } + + /* Returns the memory location of the end of the buffer (technically, the + * first byte after the buffer). */ + const char* GetEnd() { return mBuf + mLength; } + + /* Extend the buffer over the content of the other buffer, assuming it is + * adjacent. */ + void Extend(Buffer aOther) + { + MOZ_ASSERT(aOther.mBuf == GetEnd()); + mLength += aOther.mLength; + } + +private: + const char* mBuf; + size_t mLength; +}; + +/* Helper class to read from a file descriptor line by line. */ +class FdReader { +public: + explicit FdReader(int aFd) + : mFd(aFd) + , mData(&mRawBuf, 0) + , mBuf(&mRawBuf, sizeof(mRawBuf)) + {} + + /* Read a line from the file descriptor and returns it as a Buffer instance */ + Buffer ReadLine() + { + while (true) { + Buffer result = mData.SplitChar('\n'); + + /* There are essentially three different cases here: + * - '\n' was found "early". In this case, the end of the result buffer + * is before the beginning of the mData buffer (since SplitChar + * amputated it). + * - '\n' was found as the last character of mData. In this case, mData + * is empty, but still points at the end of mBuf. result points to what + * used to be in mData, without the last character. + * - '\n' was not found. In this case too, mData is empty and points at + * the end of mBuf. But result points to the entire buffer that used to + * be pointed by mData. + * Only in the latter case do both result and mData's end match, and it's + * the only case where we need to refill the buffer. + */ + if (result.GetEnd() != mData.GetEnd()) { + return result; + } + + /* Since SplitChar emptied mData, make it point to what it had before. */ + mData = result; + + /* And move it to the beginning of the read buffer. */ + mData.Slide(mBuf); + + FillBuffer(); + + if (!mData) { + return Buffer(); + } + } + } + +private: + /* Fill the read buffer. */ + void FillBuffer() + { + size_t size = mBuf.GetEnd() - mData.GetEnd(); + Buffer remainder(mData.GetEnd(), size); + + ssize_t len = 1; + while (remainder && len > 0) { + len = ::read(mFd, const_cast<char*>(remainder.get()), size); + if (len < 0) { + die("Read error"); + } + size -= len; + mData.Extend(remainder.Split(len)); + } + } + + /* File descriptor to read from. */ + int mFd; + /* Part of data that was read from the file descriptor but not returned with + * ReadLine yet. */ + Buffer mData; + /* Buffer representation of mRawBuf */ + Buffer mBuf; + /* read() buffer */ + char mRawBuf[4096]; +}; + +MOZ_BEGIN_EXTERN_C + +/* Function declarations for all the replace_malloc _impl functions. + * See memory/build/replace_malloc.c */ +#define MALLOC_DECL(name, return_type, ...) \ + return_type name ## _impl(__VA_ARGS__); +#define MALLOC_FUNCS MALLOC_FUNCS_MALLOC +#include "malloc_decls.h" + +#define MALLOC_DECL(name, return_type, ...) \ + return_type name ## _impl(__VA_ARGS__); +#define MALLOC_FUNCS MALLOC_FUNCS_JEMALLOC +#include "malloc_decls.h" + +/* mozjemalloc relies on DllMain to initialize, but DllMain is not invoked + * for executables, so manually invoke mozjemalloc initialization. */ +#if defined(_WIN32) +void malloc_init_hard(void); +#endif + +MOZ_END_EXTERN_C + +size_t parseNumber(Buffer aBuf) +{ + if (!aBuf) { + die("Malformed input"); + } + + size_t result = 0; + for (const char* c = aBuf.get(), *end = aBuf.GetEnd(); c < end; c++) { + if (*c < '0' || *c > '9') { + die("Malformed input"); + } + result *= 10; + result += *c - '0'; + } + return result; +} + +/* Class to handle dispatching the replay function calls to replace-malloc. */ +class Replay +{ +public: + Replay(): mOps(0) { +#ifdef _WIN32 + // See comment in FdPrintf.h as to why native win32 handles are used. + mStdErr = reinterpret_cast<intptr_t>(GetStdHandle(STD_ERROR_HANDLE)); +#else + mStdErr = fileno(stderr); +#endif + } + + MemSlot& operator[] (size_t index) const + { + return mSlots[index]; + } + + void malloc(MemSlot& aSlot, Buffer& aArgs) + { + mOps++; + size_t size = parseNumber(aArgs); + aSlot.mPtr = ::malloc_impl(size); + aSlot.mSize = size; + Commit(aSlot); + } + + void posix_memalign(MemSlot& aSlot, Buffer& aArgs) + { + mOps++; + size_t alignment = parseNumber(aArgs.SplitChar(',')); + size_t size = parseNumber(aArgs); + void* ptr; + if (::posix_memalign_impl(&ptr, alignment, size) == 0) { + aSlot.mPtr = ptr; + aSlot.mSize = size; + } else { + aSlot.mPtr = nullptr; + aSlot.mSize = 0; + } + Commit(aSlot); + } + + void aligned_alloc(MemSlot& aSlot, Buffer& aArgs) + { + mOps++; + size_t alignment = parseNumber(aArgs.SplitChar(',')); + size_t size = parseNumber(aArgs); + aSlot.mPtr = ::aligned_alloc_impl(alignment, size); + aSlot.mSize = size; + Commit(aSlot); + } + + void calloc(MemSlot& aSlot, Buffer& aArgs) + { + mOps++; + size_t num = parseNumber(aArgs.SplitChar(',')); + size_t size = parseNumber(aArgs); + aSlot.mPtr = ::calloc_impl(num, size); + aSlot.mSize = size * num; + Commit(aSlot); + } + + void realloc(MemSlot& aSlot, Buffer& aArgs) + { + mOps++; + Buffer dummy = aArgs.SplitChar('#'); + if (dummy) { + die("Malformed input"); + } + size_t slot_id = parseNumber(aArgs.SplitChar(',')); + size_t size = parseNumber(aArgs); + MemSlot& old_slot = (*this)[slot_id]; + void* old_ptr = old_slot.mPtr; + old_slot.mPtr = nullptr; + old_slot.mSize = 0; + aSlot.mPtr = ::realloc_impl(old_ptr, size); + aSlot.mSize = size; + Commit(aSlot); + } + + void free(Buffer& aArgs) + { + mOps++; + Buffer dummy = aArgs.SplitChar('#'); + if (dummy) { + die("Malformed input"); + } + size_t slot_id = parseNumber(aArgs); + MemSlot& slot = (*this)[slot_id]; + ::free_impl(slot.mPtr); + slot.mPtr = nullptr; + slot.mSize = 0; + } + + void memalign(MemSlot& aSlot, Buffer& aArgs) + { + mOps++; + size_t alignment = parseNumber(aArgs.SplitChar(',')); + size_t size = parseNumber(aArgs); + aSlot.mPtr = ::memalign_impl(alignment, size); + aSlot.mSize = size; + Commit(aSlot); + } + + void valloc(MemSlot& aSlot, Buffer& aArgs) + { + mOps++; + size_t size = parseNumber(aArgs); + aSlot.mPtr = ::valloc_impl(size); + aSlot.mSize = size; + Commit(aSlot); + } + + void jemalloc_stats(Buffer& aArgs) + { + if (aArgs) { + die("Malformed input"); + } + jemalloc_stats_t stats; + ::jemalloc_stats_impl(&stats); + FdPrintf(mStdErr, + "#%zu mapped: %zu; allocated: %zu; waste: %zu; dirty: %zu; " + "bookkeep: %zu; binunused: %zu\n", mOps, stats.mapped, + stats.allocated, stats.waste, stats.page_cache, + stats.bookkeeping, stats.bin_unused); + /* TODO: Add more data, like actual RSS as measured by OS, but compensated + * for the replay internal data. */ + } + +private: + void Commit(MemSlot& aSlot) + { + memset(aSlot.mPtr, 0x5a, aSlot.mSize); + } + + intptr_t mStdErr; + size_t mOps; + MemSlotList mSlots; +}; + + +int +main() +{ + size_t first_pid = 0; + FdReader reader(0); + Replay replay; + +#if defined(_WIN32) + malloc_init_hard(); +#endif + + /* Read log from stdin and dispatch function calls to the Replay instance. + * The log format is essentially: + * <pid> <function>([<args>])[=<result>] + * <args> is a comma separated list of arguments. + * + * The logs are expected to be preprocessed so that allocations are + * attributed a tracking slot. The input is trusted not to have crazy + * values for these slot numbers. + * + * <result>, as well as some of the args to some of the function calls are + * such slot numbers. + */ + while (true) { + Buffer line = reader.ReadLine(); + + if (!line) { + break; + } + + size_t pid = parseNumber(line.SplitChar(' ')); + if (!first_pid) { + first_pid = pid; + } + + /* The log may contain data for several processes, only entries for the + * very first that appears are treated. */ + if (first_pid != pid) { + continue; + } + + /* The log contains thread ids for manual analysis, but we just ignore them + * for now. */ + parseNumber(line.SplitChar(' ')); + + Buffer func = line.SplitChar('('); + Buffer args = line.SplitChar(')'); + + /* jemalloc_stats and free are functions with no result. */ + if (func == Buffer("jemalloc_stats")) { + replay.jemalloc_stats(args); + continue; + } else if (func == Buffer("free")) { + replay.free(args); + continue; + } + + /* Parse result value and get the corresponding slot. */ + Buffer dummy = line.SplitChar('='); + Buffer dummy2 = line.SplitChar('#'); + if (dummy || dummy2) { + die("Malformed input"); + } + + size_t slot_id = parseNumber(line); + MemSlot& slot = replay[slot_id]; + + if (func == Buffer("malloc")) { + replay.malloc(slot, args); + } else if (func == Buffer("posix_memalign")) { + replay.posix_memalign(slot, args); + } else if (func == Buffer("aligned_alloc")) { + replay.aligned_alloc(slot, args); + } else if (func == Buffer("calloc")) { + replay.calloc(slot, args); + } else if (func == Buffer("realloc")) { + replay.realloc(slot, args); + } else if (func == Buffer("memalign")) { + replay.memalign(slot, args); + } else if (func == Buffer("valloc")) { + replay.valloc(slot, args); + } else { + die("Malformed input"); + } + } + + return 0; +} diff --git a/system/memory/replace/logalloc/replay/logalloc_munge.py b/system/memory/replace/logalloc/replay/logalloc_munge.py new file mode 100644 index 000000000..a244c3c3d --- /dev/null +++ b/system/memory/replace/logalloc/replay/logalloc_munge.py @@ -0,0 +1,147 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +""" +This script takes a log from the replace-malloc logalloc library on stdin +and munges it so that it can be used with the logalloc-replay tool. + +Given the following output: + 13663 malloc(42)=0x7f0c33502040 + 13663 malloc(24)=0x7f0c33503040 + 13663 free(0x7f0c33502040) +The resulting output is: + 1 malloc(42)=#1 + 1 malloc(24)=#2 + 1 free(#1) + +See README for more details. +""" + +from __future__ import print_function +import sys +from collections import ( + defaultdict, + deque, +) + +class IdMapping(object): + """Class to map values to ids. + + Each value is associated to an increasing id, starting from 1. + When a value is removed, its id is recycled and will be reused for + subsequent values. + """ + def __init__(self): + self.id = 1 + self._values = {} + self._recycle = deque() + + def __getitem__(self, value): + if value not in self._values: + if self._recycle: + self._values[value] = self._recycle.popleft() + else: + self._values[value] = self.id + self.id += 1 + return self._values[value] + + def __delitem__(self, value): + if value == 0: + return + self._recycle.append(self._values[value]) + del self._values[value] + + def __contains__(self, value): + return value == 0 or value in self._values + + +class Ignored(Exception): pass + + +def split_log_line(line): + try: + # The format for each line is: + # <pid> [<tid>] <function>([<args>])[=<result>] + # + # The original format didn't include the tid, so we try to parse + # lines whether they have one or not. + pid, func_call = line.split(' ', 1) + call, result = func_call.split(')') + func, args = call.split('(') + args = args.split(',') if args else [] + if result: + if result[0] != '=': + raise Ignored('Malformed input') + result = result[1:] + if ' ' in func: + tid, func = func.split(' ', 1) + else: + tid = pid + return pid, tid, func, args, result + except: + raise Ignored('Malformed input') + + +NUM_ARGUMENTS = { + 'jemalloc_stats': 0, + 'free': 1, + 'malloc': 1, + 'posix_memalign': 2, + 'aligned_alloc': 2, + 'calloc': 2, + 'realloc': 2, + 'memalign': 2, + 'valloc': 1, +} + + +def main(): + pids = IdMapping() + processes = defaultdict(lambda: { 'pointers': IdMapping(), + 'tids': IdMapping() }) + for line in sys.stdin: + line = line.strip() + + try: + pid, tid, func, args, result = split_log_line(line) + + # Replace pid with an id. + pid = pids[int(pid)] + + process = processes[pid] + tid = process['tids'][int(tid)] + + pointers = process['pointers'] + + if func not in NUM_ARGUMENTS: + raise Ignored('Unknown function') + + if len(args) != NUM_ARGUMENTS[func]: + raise Ignored('Malformed input') + + if func in ('jemalloc_stats', 'free') and result: + raise Ignored('Malformed input') + + if func in ('free', 'realloc'): + ptr = int(args[0], 16) + if ptr and ptr not in pointers: + raise Ignored('Did not see an alloc for pointer') + args[0] = "#%d" % pointers[ptr] + del pointers[ptr] + + if result: + result = int(result, 16) + if not result: + raise Ignored('Result is NULL') + result = "#%d" % pointers[result] + + print('%d %d %s(%s)%s' % (pid, tid, func, ','.join(args), + '=%s' % result if result else '')) + + except Exception as e: + print('Ignored "%s": %s' % (line, e.message), file=sys.stderr) + + +if __name__ == '__main__': + main() diff --git a/system/memory/replace/logalloc/replay/moz.build b/system/memory/replace/logalloc/replay/moz.build new file mode 100644 index 000000000..03123058a --- /dev/null +++ b/system/memory/replace/logalloc/replay/moz.build @@ -0,0 +1,26 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Program('logalloc-replay') + +SOURCES += [ + '../FdPrintf.cpp', + '/system/framework/Assertions.cpp', + 'Replay.cpp', +] + +LOCAL_INCLUDES += [ + '..', +] + +# Link replace-malloc and the default allocator. +USE_LIBS += [ + 'memory', +] + +# The memory library defines this, so it's needed here too. +DEFINES['IMPL_MFBT'] = True + +DISABLE_STL_WRAPPING = True diff --git a/system/memory/replace/logalloc/replay/replay.log b/system/memory/replace/logalloc/replay/replay.log new file mode 100644 index 000000000..c56dfab12 --- /dev/null +++ b/system/memory/replace/logalloc/replay/replay.log @@ -0,0 +1,17 @@ +1 1 malloc(42)=#1 +1 1 malloc(24)=#2 +2 2 malloc(42)=#1 +1 1 free(#1) +1 1 posix_memalign(4096,1024)=#1 +1 1 calloc(4,42)=#3 +1 1 free(#2) +1 1 realloc(#3,84)=#2 +1 1 aligned_alloc(512,1024)=#3 +1 1 memalign(512,1024)=#4 +1 1 valloc(1024)=#5 +1 1 jemalloc_stats() +1 1 free(#5) +1 1 free(#4) +1 1 free(#3) +1 1 free(#2) +1 1 free(#1) diff --git a/system/memory/replace/moz.build b/system/memory/replace/moz.build new file mode 100644 index 000000000..fd6da449d --- /dev/null +++ b/system/memory/replace/moz.build @@ -0,0 +1,13 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +DIRS += [ + 'logalloc', + 'replace', +] + +if CONFIG['MOZ_REPLACE_MALLOC_LINKAGE'] == 'dummy library': + DIRS += ['dummy'] + diff --git a/system/memory/replace/replace/ReplaceMalloc.cpp b/system/memory/replace/replace/ReplaceMalloc.cpp new file mode 100644 index 000000000..baa72d576 --- /dev/null +++ b/system/memory/replace/replace/ReplaceMalloc.cpp @@ -0,0 +1,252 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "replace_malloc.h" +#include <errno.h> +#include "mozilla/CheckedInt.h" +#include "mozilla/Atomics.h" + +/* Replace-malloc library allowing different kinds of dispatch. + * The long term goal is to allow multiple replace-malloc libraries + * to be loaded and coexist properly. + * This is however a limited version to fulfil more immediate needs. + */ +static const malloc_table_t* gFuncs = nullptr; +static mozilla::Atomic<const malloc_hook_table_t*> gHookTable(nullptr); + +class GenericReplaceMallocBridge : public ReplaceMallocBridge +{ + virtual const malloc_table_t* + RegisterHook(const char* aName, const malloc_table_t* aTable, + const malloc_hook_table_t* aHookTable) override + { + // Can't register a hook before replace_init is called. + if (!gFuncs) { + return nullptr; + } + + // Expect a name to be given. + if (!aName) { + return nullptr; + } + + // Giving a malloc_table_t is not supported yet. + if (aTable) { + return nullptr; + } + + if (aHookTable) { + // Expect at least a malloc and a free hook. + if (!aHookTable->malloc_hook || !aHookTable->free_hook) { + return nullptr; + } + gHookTable = const_cast<malloc_hook_table_t*>(aHookTable); + return gFuncs; + } + gHookTable = nullptr; + + return nullptr; + } +}; + +void +replace_init(const malloc_table_t* aTable) +{ + gFuncs = aTable; +} + +ReplaceMallocBridge* +replace_get_bridge() +{ + static GenericReplaceMallocBridge bridge; + return &bridge; +} + +void* +replace_malloc(size_t aSize) +{ + void* ptr = gFuncs->malloc(aSize); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table) { + return hook_table->malloc_hook(ptr, aSize); + } + return ptr; +} + +int +replace_posix_memalign(void** aPtr, size_t aAlignment, size_t aSize) +{ + int ret = gFuncs->posix_memalign(aPtr, aAlignment, aSize); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table) { + if (hook_table->posix_memalign_hook) { + return hook_table->posix_memalign_hook(ret, aPtr, aAlignment, aSize); + } + void* ptr = hook_table->malloc_hook(*aPtr, aSize); + if (!ptr && *aPtr) { + *aPtr = ptr; + ret = ENOMEM; + } + } + return ret; +} + +void* +replace_aligned_alloc(size_t aAlignment, size_t aSize) +{ + void* ptr = gFuncs->aligned_alloc(aAlignment, aSize); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table) { + if (hook_table->aligned_alloc_hook) { + return hook_table->aligned_alloc_hook(ptr, aAlignment, aSize); + } + return hook_table->malloc_hook(ptr, aSize); + } + return ptr; +} + +void* +replace_calloc(size_t aNum, size_t aSize) +{ + void* ptr = gFuncs->calloc(aNum, aSize); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table) { + if (hook_table->calloc_hook) { + return hook_table->calloc_hook(ptr, aNum, aSize); + } + mozilla::CheckedInt<size_t> size = mozilla::CheckedInt<size_t>(aNum) * aSize; + if (size.isValid()) { + return hook_table->malloc_hook(ptr, size.value()); + } + /* If the multiplication above overflows, calloc will have failed, so ptr + * is null. But the hook might still be interested in knowing about the + * allocation attempt. The choice made is to indicate the overflow with + * the biggest value of a size_t, which is not that bad an indicator: + * there are only 5 prime factors to 2^32 - 1 and 7 prime factors to + * 2^64 - 1 and none of them is going to come directly out of sizeof(). + * IOW, the likelyhood of aNum * aSize being exactly SIZE_MAX is low + * enough, and SIZE_MAX still conveys that the attempted allocation was + * too big anyways. */ + return hook_table->malloc_hook(ptr, SIZE_MAX); + } + return ptr; +} + +void* +replace_realloc(void* aPtr, size_t aSize) +{ + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table) { + if (hook_table->realloc_hook_before) { + hook_table->realloc_hook_before(aPtr); + } else { + hook_table->free_hook(aPtr); + } + } + void* new_ptr = gFuncs->realloc(aPtr, aSize); + /* The hook table might have changed since before realloc was called, + * either because of unregistration or registration of a new table. + * We however go with consistency and use the same hook table as the + * one that was used before the call to realloc. */ + if (hook_table) { + if (hook_table->realloc_hook) { + /* aPtr is likely invalid when reaching here, it is only given for + * tracking purposes, and should not be dereferenced. */ + return hook_table->realloc_hook(new_ptr, aPtr, aSize); + } + return hook_table->malloc_hook(new_ptr, aSize); + } + return new_ptr; +} + +void +replace_free(void* aPtr) +{ + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table) { + hook_table->free_hook(aPtr); + } + gFuncs->free(aPtr); +} + +void* +replace_memalign(size_t aAlignment, size_t aSize) +{ + void* ptr = gFuncs->memalign(aAlignment, aSize); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table) { + if (hook_table->memalign_hook) { + return hook_table->memalign_hook(ptr, aAlignment, aSize); + } + return hook_table->malloc_hook(ptr, aSize); + } + return ptr; +} + +void* +replace_valloc(size_t aSize) +{ + void* ptr = gFuncs->valloc(aSize); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table) { + if (hook_table->valloc_hook) { + return hook_table->valloc_hook(ptr, aSize); + } + return hook_table->malloc_hook(ptr, aSize); + } + return ptr; +} + +size_t +replace_malloc_usable_size(usable_ptr_t aPtr) +{ + size_t ret = gFuncs->malloc_usable_size(aPtr); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table && hook_table->malloc_usable_size_hook) { + return hook_table->malloc_usable_size_hook(ret, aPtr); + } + return ret; +} + +size_t +replace_malloc_good_size(size_t aSize) +{ + size_t ret = gFuncs->malloc_good_size(aSize); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table && hook_table->malloc_good_size_hook) { + return hook_table->malloc_good_size_hook(ret, aSize); + } + return ret; +} + +void +replace_jemalloc_stats(jemalloc_stats_t* aStats) +{ + gFuncs->jemalloc_stats(aStats); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table && hook_table->jemalloc_stats_hook) { + hook_table->jemalloc_stats_hook(aStats); + } +} + +void +replace_jemalloc_purge_freed_pages(void) +{ + gFuncs->jemalloc_purge_freed_pages(); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table && hook_table->jemalloc_purge_freed_pages_hook) { + hook_table->jemalloc_purge_freed_pages_hook(); + } +} + +void +replace_jemalloc_free_dirty_pages(void) +{ + gFuncs->jemalloc_free_dirty_pages(); + const malloc_hook_table_t* hook_table = gHookTable; + if (hook_table && hook_table->jemalloc_free_dirty_pages_hook) { + hook_table->jemalloc_free_dirty_pages_hook(); + } +} diff --git a/system/memory/replace/replace/moz.build b/system/memory/replace/replace/moz.build new file mode 100644 index 000000000..6ab8628cd --- /dev/null +++ b/system/memory/replace/replace/moz.build @@ -0,0 +1,12 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SharedLibrary('replace_malloc') + +SOURCES += [ + 'ReplaceMalloc.cpp', +] + +DISABLE_STL_WRAPPING = True diff --git a/system/memory/volatile/VolatileBuffer.h b/system/memory/volatile/VolatileBuffer.h new file mode 100644 index 000000000..19aeb9df2 --- /dev/null +++ b/system/memory/volatile/VolatileBuffer.h @@ -0,0 +1,169 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozalloc_VolatileBuffer_h +#define mozalloc_VolatileBuffer_h + +#include "mozilla/mozalloc.h" +#include "mozilla/Mutex.h" +#include "mozilla/RefPtr.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/RefCounted.h" + +/* VolatileBuffer + * + * This class represents a piece of memory that can potentially be reclaimed + * by the OS when not in use. As long as there are one or more + * VolatileBufferPtrs holding on to a VolatileBuffer, the memory will remain + * available. However, when there are no VolatileBufferPtrs holding a + * VolatileBuffer, the OS can purge the pages if it wants to. The OS can make + * better decisions about what pages to purge than we can. + * + * VolatileBuffers may not always be volatile - if the allocation is too small, + * or if the OS doesn't support the feature, or if the OS doesn't want to, + * the buffer will be allocated on heap. + * + * VolatileBuffer allocations are fallible. They are intended for uses where + * one may allocate large buffers for caching data. Init() must be called + * exactly once. + * + * After getting a reference to VolatileBuffer using VolatileBufferPtr, + * WasPurged() can be used to check if the OS purged any pages in the buffer. + * The OS cannot purge a buffer immediately after a VolatileBuffer is + * initialized. At least one VolatileBufferPtr must be created before the + * buffer can be purged, so the first use of VolatileBufferPtr does not need + * to check WasPurged(). + * + * When a buffer is purged, some or all of the buffer is zeroed out. This + * API cannot tell which parts of the buffer were lost. + * + * VolatileBuffer and VolatileBufferPtr are threadsafe. + */ + +namespace mozilla { + +class VolatileBuffer +{ + friend class VolatileBufferPtr_base; +public: + MOZ_DECLARE_REFCOUNTED_TYPENAME(VolatileBuffer) + NS_INLINE_DECL_THREADSAFE_REFCOUNTING(VolatileBuffer) + + VolatileBuffer(); + + /* aAlignment must be a multiple of the pointer size */ + bool Init(size_t aSize, size_t aAlignment = sizeof(void*)); + + size_t HeapSizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const; + size_t NonHeapSizeOfExcludingThis() const; + bool OnHeap() const; + +protected: + bool Lock(void** aBuf); + void Unlock(); + +private: + ~VolatileBuffer(); + + /** + * Protects mLockCount, mFirstLock, and changes to the volatility of our + * buffer. Other member variables are read-only except in Init() and the + * destructor. + */ + Mutex mMutex; + + void* mBuf; + size_t mSize; + int mLockCount; +#if defined(XP_WIN) + bool mHeap; + bool mFirstLock; +#endif +}; + +class VolatileBufferPtr_base { +public: + explicit VolatileBufferPtr_base(VolatileBuffer* vbuf) + : mVBuf(vbuf) + , mMapping(nullptr) + , mPurged(false) + { + Lock(); + } + + ~VolatileBufferPtr_base() { + Unlock(); + } + + bool WasBufferPurged() const { + return mPurged; + } + +protected: + RefPtr<VolatileBuffer> mVBuf; + void* mMapping; + + void Set(VolatileBuffer* vbuf) { + Unlock(); + mVBuf = vbuf; + Lock(); + } + +private: + bool mPurged; + + void Lock() { + if (mVBuf) { + mPurged = !mVBuf->Lock(&mMapping); + } else { + mMapping = nullptr; + mPurged = false; + } + } + + void Unlock() { + if (mVBuf) { + mVBuf->Unlock(); + } + } +}; + +template <class T> +class VolatileBufferPtr : public VolatileBufferPtr_base +{ +public: + explicit VolatileBufferPtr(VolatileBuffer* vbuf) : VolatileBufferPtr_base(vbuf) {} + VolatileBufferPtr() : VolatileBufferPtr_base(nullptr) {} + + VolatileBufferPtr(VolatileBufferPtr&& aOther) + : VolatileBufferPtr_base(aOther.mVBuf) + { + aOther.Set(nullptr); + } + + operator T*() const { + return (T*) mMapping; + } + + VolatileBufferPtr& operator=(VolatileBuffer* aVBuf) + { + Set(aVBuf); + return *this; + } + + VolatileBufferPtr& operator=(VolatileBufferPtr&& aOther) + { + MOZ_ASSERT(this != &aOther, "Self-moves are prohibited"); + Set(aOther.mVBuf); + aOther.Set(nullptr); + return *this; + } + +private: + VolatileBufferPtr(VolatileBufferPtr const& vbufptr) = delete; +}; + +} // namespace mozilla + +#endif /* mozalloc_VolatileBuffer_h */ diff --git a/system/memory/volatile/VolatileBufferFallback.cpp b/system/memory/volatile/VolatileBufferFallback.cpp new file mode 100644 index 000000000..f4bfe39c6 --- /dev/null +++ b/system/memory/volatile/VolatileBufferFallback.cpp @@ -0,0 +1,91 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "VolatileBuffer.h" +#include "mozilla/Assertions.h" +#include "mozilla/mozalloc.h" + +#ifdef MOZ_MEMORY +int posix_memalign(void** memptr, size_t alignment, size_t size); +#endif + +namespace mozilla { + +VolatileBuffer::VolatileBuffer() + : mMutex("VolatileBuffer") + , mBuf(nullptr) + , mSize(0) + , mLockCount(0) +{ +} + +bool VolatileBuffer::Init(size_t aSize, size_t aAlignment) +{ + MOZ_ASSERT(!mSize && !mBuf, "Init called twice"); + MOZ_ASSERT(!(aAlignment % sizeof(void *)), + "Alignment must be multiple of pointer size"); + + mSize = aSize; +#if defined(MOZ_MEMORY) + if (posix_memalign(&mBuf, aAlignment, aSize) != 0) { + return false; + } +#elif defined(HAVE_POSIX_MEMALIGN) + if (moz_posix_memalign(&mBuf, aAlignment, aSize) != 0) { + return false; + } +#else +#error "No memalign implementation found" +#endif + return !!mBuf; +} + +VolatileBuffer::~VolatileBuffer() +{ + MOZ_ASSERT(mLockCount == 0, "Being destroyed with non-zero lock count?"); + + free(mBuf); +} + +bool +VolatileBuffer::Lock(void** aBuf) +{ + MutexAutoLock lock(mMutex); + + MOZ_ASSERT(mBuf, "Attempting to lock an uninitialized VolatileBuffer"); + + *aBuf = mBuf; + mLockCount++; + + return true; +} + +void +VolatileBuffer::Unlock() +{ + MutexAutoLock lock(mMutex); + + mLockCount--; + MOZ_ASSERT(mLockCount >= 0, "VolatileBuffer unlocked too many times!"); +} + +bool +VolatileBuffer::OnHeap() const +{ + return true; +} + +size_t +VolatileBuffer::HeapSizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const +{ + return aMallocSizeOf(mBuf); +} + +size_t +VolatileBuffer::NonHeapSizeOfExcludingThis() const +{ + return 0; +} + +} // namespace mozilla diff --git a/system/memory/volatile/VolatileBufferOSX.cpp b/system/memory/volatile/VolatileBufferOSX.cpp new file mode 100644 index 000000000..af39bcae1 --- /dev/null +++ b/system/memory/volatile/VolatileBufferOSX.cpp @@ -0,0 +1,129 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "VolatileBuffer.h" +#include "mozilla/Assertions.h" +#include "mozilla/DebugOnly.h" +#include "mozilla/mozalloc.h" + +#include <mach/mach.h> +#include <sys/mman.h> +#include <unistd.h> + +#define MIN_VOLATILE_ALLOC_SIZE 8192 + +namespace mozilla { + +VolatileBuffer::VolatileBuffer() + : mMutex("VolatileBuffer") + , mBuf(nullptr) + , mSize(0) + , mLockCount(0) + , mHeap(false) +{ +} + +bool +VolatileBuffer::Init(size_t aSize, size_t aAlignment) +{ + MOZ_ASSERT(!mSize && !mBuf, "Init called twice"); + MOZ_ASSERT(!(aAlignment % sizeof(void *)), + "Alignment must be multiple of pointer size"); + + mSize = aSize; + + kern_return_t ret = 0; + if (aSize < MIN_VOLATILE_ALLOC_SIZE) { + goto heap_alloc; + } + + ret = vm_allocate(mach_task_self(), + (vm_address_t*)&mBuf, + mSize, + VM_FLAGS_PURGABLE | VM_FLAGS_ANYWHERE); + if (ret == KERN_SUCCESS) { + return true; + } + +heap_alloc: + (void)moz_posix_memalign(&mBuf, aAlignment, aSize); + mHeap = true; + return !!mBuf; +} + +VolatileBuffer::~VolatileBuffer() +{ + MOZ_ASSERT(mLockCount == 0, "Being destroyed with non-zero lock count?"); + + if (OnHeap()) { + free(mBuf); + } else { + vm_deallocate(mach_task_self(), (vm_address_t)mBuf, mSize); + } +} + +bool +VolatileBuffer::Lock(void** aBuf) +{ + MutexAutoLock lock(mMutex); + + MOZ_ASSERT(mBuf, "Attempting to lock an uninitialized VolatileBuffer"); + + *aBuf = mBuf; + if (++mLockCount > 1 || OnHeap()) { + return true; + } + + int state = VM_PURGABLE_NONVOLATILE; + kern_return_t ret = + vm_purgable_control(mach_task_self(), + (vm_address_t)mBuf, + VM_PURGABLE_SET_STATE, + &state); + return ret == KERN_SUCCESS && !(state & VM_PURGABLE_EMPTY); +} + +void +VolatileBuffer::Unlock() +{ + MutexAutoLock lock(mMutex); + + MOZ_ASSERT(mLockCount > 0, "VolatileBuffer unlocked too many times!"); + if (--mLockCount || OnHeap()) { + return; + } + + int state = VM_PURGABLE_VOLATILE | VM_VOLATILE_GROUP_DEFAULT; + DebugOnly<kern_return_t> ret = + vm_purgable_control(mach_task_self(), + (vm_address_t)mBuf, + VM_PURGABLE_SET_STATE, + &state); + MOZ_ASSERT(ret == KERN_SUCCESS, "Failed to set buffer as purgable"); +} + +bool +VolatileBuffer::OnHeap() const +{ + return mHeap; +} + +size_t +VolatileBuffer::HeapSizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const +{ + return OnHeap() ? aMallocSizeOf(mBuf) : 0; +} + +size_t +VolatileBuffer::NonHeapSizeOfExcludingThis() const +{ + if (OnHeap()) { + return 0; + } + + unsigned long pagemask = getpagesize() - 1; + return (mSize + pagemask) & ~pagemask; +} + +} // namespace mozilla diff --git a/system/memory/volatile/VolatileBufferWindows.cpp b/system/memory/volatile/VolatileBufferWindows.cpp new file mode 100644 index 000000000..b12e0eccb --- /dev/null +++ b/system/memory/volatile/VolatileBufferWindows.cpp @@ -0,0 +1,160 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "VolatileBuffer.h" +#include "mozilla/Assertions.h" +#include "mozilla/mozalloc.h" +#include "mozilla/WindowsVersion.h" + +#include <windows.h> + +#ifdef MOZ_MEMORY +extern "C" int posix_memalign(void** memptr, size_t alignment, size_t size); +#endif + +#ifndef MEM_RESET_UNDO +#define MEM_RESET_UNDO 0x1000000 +#endif + +#define MIN_VOLATILE_ALLOC_SIZE 8192 + +namespace mozilla { + +VolatileBuffer::VolatileBuffer() + : mMutex("VolatileBuffer") + , mBuf(nullptr) + , mSize(0) + , mLockCount(0) + , mHeap(false) + , mFirstLock(true) +{ +} + +bool +VolatileBuffer::Init(size_t aSize, size_t aAlignment) +{ + MOZ_ASSERT(!mSize && !mBuf, "Init called twice"); + MOZ_ASSERT(!(aAlignment % sizeof(void *)), + "Alignment must be multiple of pointer size"); + + mSize = aSize; + if (aSize < MIN_VOLATILE_ALLOC_SIZE) { + goto heap_alloc; + } + + static bool sUndoSupported = IsWin8OrLater(); + if (!sUndoSupported) { + goto heap_alloc; + } + + mBuf = VirtualAllocEx(GetCurrentProcess(), + nullptr, + mSize, + MEM_COMMIT | MEM_RESERVE, + PAGE_READWRITE); + if (mBuf) { + return true; + } + +heap_alloc: +#ifdef MOZ_MEMORY + posix_memalign(&mBuf, aAlignment, aSize); +#else + mBuf = _aligned_malloc(aSize, aAlignment); +#endif + mHeap = true; + return !!mBuf; +} + +VolatileBuffer::~VolatileBuffer() +{ + MOZ_ASSERT(mLockCount == 0, "Being destroyed with non-zero lock count?"); + + if (OnHeap()) { +#ifdef MOZ_MEMORY + free(mBuf); +#else + _aligned_free(mBuf); +#endif + } else { + VirtualFreeEx(GetCurrentProcess(), mBuf, 0, MEM_RELEASE); + } +} + +bool +VolatileBuffer::Lock(void** aBuf) +{ + MutexAutoLock lock(mMutex); + + MOZ_ASSERT(mBuf, "Attempting to lock an uninitialized VolatileBuffer"); + + *aBuf = mBuf; + if (++mLockCount > 1 || OnHeap()) { + return true; + } + + // MEM_RESET_UNDO's behavior is undefined when called on memory that + // hasn't been MEM_RESET. + if (mFirstLock) { + mFirstLock = false; + return true; + } + + void* addr = VirtualAllocEx(GetCurrentProcess(), + mBuf, + mSize, + MEM_RESET_UNDO, + PAGE_READWRITE); + return !!addr; +} + +void +VolatileBuffer::Unlock() +{ + MutexAutoLock lock(mMutex); + + MOZ_ASSERT(mLockCount > 0, "VolatileBuffer unlocked too many times!"); + if (--mLockCount || OnHeap()) { + return; + } + + void* addr = VirtualAllocEx(GetCurrentProcess(), + mBuf, + mSize, + MEM_RESET, + PAGE_READWRITE); + MOZ_ASSERT(addr, "Failed to MEM_RESET"); +} + +bool +VolatileBuffer::OnHeap() const +{ + return mHeap; +} + +size_t +VolatileBuffer::HeapSizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const +{ + if (OnHeap()) { +#ifdef MOZ_MEMORY + return aMallocSizeOf(mBuf); +#else + return mSize; +#endif + } + + return 0; +} + +size_t +VolatileBuffer::NonHeapSizeOfExcludingThis() const +{ + if (OnHeap()) { + return 0; + } + + return (mSize + 4095) & ~4095; +} + +} // namespace mozilla diff --git a/system/memory/volatile/moz.build b/system/memory/volatile/moz.build new file mode 100644 index 000000000..2fafbc13b --- /dev/null +++ b/system/memory/volatile/moz.build @@ -0,0 +1,18 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +NO_VISIBILITY_FLAGS = True + +EXPORTS.mozilla += ['VolatileBuffer.h'] + +if CONFIG['OS_TARGET'] == 'Darwin': + UNIFIED_SOURCES += ['VolatileBufferOSX.cpp'] +elif CONFIG['OS_TARGET'] == 'WINNT': + UNIFIED_SOURCES += ['VolatileBufferWindows.cpp'] +else: + UNIFIED_SOURCES += ['VolatileBufferFallback.cpp'] + +FINAL_LIBRARY = 'xul' + +TEST_DIRS += ['tests'] diff --git a/system/memory/volatile/tests/TestVolatileBuffer.cpp b/system/memory/volatile/tests/TestVolatileBuffer.cpp new file mode 100644 index 000000000..7d21236a4 --- /dev/null +++ b/system/memory/volatile/tests/TestVolatileBuffer.cpp @@ -0,0 +1,89 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" +#include "mozilla/VolatileBuffer.h" +#include <string.h> + +#ifdef XP_DARWIN +#include <mach/mach.h> +#endif + +using namespace mozilla; + +TEST(VolatileBufferTest, HeapVolatileBuffersWork) +{ + RefPtr<VolatileBuffer> heapbuf = new VolatileBuffer(); + + ASSERT_TRUE(heapbuf) << "Failed to create VolatileBuffer"; + ASSERT_TRUE(heapbuf->Init(512)) << "Failed to initialize VolatileBuffer"; + + VolatileBufferPtr<char> ptr(heapbuf); + + EXPECT_FALSE(ptr.WasBufferPurged()) + << "Buffer should not be purged immediately after initialization"; + EXPECT_TRUE(ptr) << "Couldn't get pointer from VolatileBufferPtr"; +} + +TEST(VolatileBufferTest, RealVolatileBuffersWork) +{ + RefPtr<VolatileBuffer> buf = new VolatileBuffer(); + + ASSERT_TRUE(buf) << "Failed to create VolatileBuffer"; + ASSERT_TRUE(buf->Init(16384)) << "Failed to initialize VolatileBuffer"; + + const char teststr[] = "foobar"; + + { + VolatileBufferPtr<char> ptr(buf); + + EXPECT_FALSE(ptr.WasBufferPurged()) + << "Buffer should not be purged immediately after initialization"; + EXPECT_TRUE(ptr) << "Couldn't get pointer from VolatileBufferPtr"; + + { + VolatileBufferPtr<char> ptr2(buf); + + EXPECT_FALSE(ptr.WasBufferPurged()) + << "Failed to lock buffer again while currently locked"; + ASSERT_TRUE(ptr2) << "Didn't get a pointer on the second lock"; + + strcpy(ptr2, teststr); + } + } + + { + VolatileBufferPtr<char> ptr(buf); + + EXPECT_FALSE(ptr.WasBufferPurged()) + << "Buffer was immediately purged after unlock"; + EXPECT_STREQ(ptr, teststr) << "Buffer failed to retain data after unlock"; + } + + // Test purging if we know how to +#if defined(XP_DARWIN) + int state; + vm_purgable_control(mach_task_self(), (vm_address_t)NULL, + VM_PURGABLE_PURGE_ALL, &state); +#else + return; +#endif + + EXPECT_GT(buf->NonHeapSizeOfExcludingThis(), 0ul) + << "Buffer should not be allocated on heap"; + + { + VolatileBufferPtr<char> ptr(buf); + + EXPECT_TRUE(ptr.WasBufferPurged()) + << "Buffer should not be unpurged after forced purge"; + EXPECT_STRNE(ptr, teststr) << "Purge did not actually purge data"; + } + + { + VolatileBufferPtr<char> ptr(buf); + + EXPECT_FALSE(ptr.WasBufferPurged()) << "Buffer still purged after lock"; + } +} diff --git a/system/memory/volatile/tests/moz.build b/system/memory/volatile/tests/moz.build new file mode 100644 index 000000000..59c0f7c87 --- /dev/null +++ b/system/memory/volatile/tests/moz.build @@ -0,0 +1,10 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +UNIFIED_SOURCES = [ + 'TestVolatileBuffer.cpp', +] + +FINAL_LIBRARY = 'xul-gtest' |