Commit Graph

774 Commits

Author SHA1 Message Date
Marius Strobl
1e01d8915a Change sparc64 to use the initial exec TLS model, too. This avoids random
assertion failures in _malloc_thread_cleanup().
2011-06-21 19:15:23 +00:00
Marcel Moolenaar
a8d044f390 Don't add sigwait.c to MISRCS here when sigwait.c lives under ../sys and
it's already added to SRCS there.
2011-03-17 04:30:43 +00:00
Marius Strobl
77ccab511d Now that TLS generally is available on sparc64 since r219534 turn on
support for it. Note that while sparc64 also supports the static TLS
model and thus tls_model("initial-exec"), using the default model
turned out to yield slightly better buildstone performance.
2011-03-11 21:35:38 +00:00
Ryan Stone
f88f24de4d Correct a typo in the malloc(3) manpage. Malloc options are set in the
MALLOC_OPTIONS environment variable, not JEMALLOC_OPTIONS.

Reviewed by:	jasone
Approved by:	emaste (mentor)
2011-03-07 15:19:17 +00:00
Dimitry Andric
6882fd36bf Put in a temporary workaround for ctfmerge hanging on processing
kernel.debug (or possibly other files), when WITH_CTF is active.

This is caused by a bug in clang's integrated assembler, causing malloc
to sometimes hang during initialization in statically linked executables
that use threading, such as the copy of ctfmerge that is built during
the bootstrap stage of buildworld.  The bug has been submitted upstream:

  http://llvm.org/bugs/show_bug.cgi?id=9352

Note that you might have to rebuild and install libc first, to get your
kernel build to finish, because the ctfmerge binary built during
bootstrap is linked with your base system's copy of libc.a, which might
already contain a bad copy of malloc.o.
2011-03-01 17:15:44 +00:00
Konstantin Belousov
4e738f5a8d Fix some style(9) issues.
Do not use strlcpy() where simple assignment is enough.

Noted by:	bde (long time ago)
MFC after:	1 week
2011-01-08 11:04:30 +00:00
Benedict Reuschling
a10502a58b Revert to r214147, errno is not clobbered as originally
thought.
2010-10-22 08:51:49 +00:00
Benedict Reuschling
a8af8b783a Document strtonum()s behavior of setting errno to 0 when no error is found.
PR:             docs/143330
Submitted by:   Efstratios Karatzas (gpf dot kira at gmail dot com)
Discussed with: ru@
MFC after:      7 days
2010-10-21 18:30:48 +00:00
Benedict Reuschling
e9e38bc2e7 Sync with OpenBSD rev. 1.13:
strtonum does not require limits.h

Obtained from:  OpenBSD
Discussed with: ru@
MFC after:      5 days
2010-10-21 18:21:19 +00:00
Ulrich Spörlein
0d9deed52c mdoc: drop redundant .Pp and .LP calls
They have no effect when coming in pairs, or before .Bl/.Bd
2010-10-08 12:40:16 +00:00
Konstantin Belousov
3ac535965a Missed space.
Submitted by:	brueffer
MFC after:	1 week
2010-10-06 09:24:33 +00:00
Konstantin Belousov
866dcc9462 Add cross-references to lrand48(3) and arc4random(3) from rand(3)
and random(3).

Submitted by:	Valentin Nechayev <netch netch kiev ua>
MFC after:	1 week
2010-10-06 09:05:47 +00:00
Rebecca Cran
5512804bb8 Revert changes of 'assure' to 'ensure' made in r211936.
Approved by: rrs (mentor)
2010-09-11 10:49:56 +00:00
David Xu
83c9e0893f Because POSIX does not allow EINTR to be returned from sigwait(),
add a wrapper for it in libc and rework the code in libthr, the
system call still can return EINTR, we keep this feature.

Discussed on: thread
Reviewed by:  jilles
2010-09-10 01:47:37 +00:00
Rebecca Cran
e7f8dd75b3 Fix incorrect usage of 'assure' and 'insure'.
Approved by: rrs (mentor)
2010-08-28 16:32:01 +00:00
Konstantin Belousov
3eaca8526c Do not call __pthread_cxa_finalize with invalid struct dl_phdr_info.
Reported and tested by:	Fabian Keil <freebsd-listen fabiankeil de>
MFC after:	17 days
2010-08-27 19:57:17 +00:00
Warner Losh
2c0959ae6b Powerpc is special here. powerpc and powerpc64 use different ABIs, so
their implementations aren't in the same files.  Introduce LIBC_ARCH
and use that in preference to MACHINE_CPUARCH.  Tested by amd64 and
powerpc64 builds (thanks nathanw@)
2010-08-24 20:54:43 +00:00
Warner Losh
25faff346c MFtbemd:
Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.
2010-08-23 22:24:11 +00:00
Konstantin Belousov
ea246b6369 On shared object unload, in __cxa_finalize, call and clear all installed
atexit and __cxa_atexit handlers that are either installed by unloaded
dso, or points to the functions provided by the dso.

Use _rtld_addr_phdr to locate segment information from the address of
private variable belonging to the dso, supplied by crtstuff.c. Provide
utility function __elf_phdr_match_addr to do the match of address against
dso executable segment.

Call back into libthr from __cxa_finalize using weak
__pthread_cxa_finalize symbol to remove any atfork handler which
function points into unloaded object.

The rtld needs private __pthread_cxa_finalize symbol to not require
resolution of the weak undefined symbol at initialization time. This
cannot work, since rtld is relocated before sym_zero is set up.

Idea by:	kan
Reviewed by:	kan (previous version)
MFC after:	3 weeks
2010-08-23 15:38:02 +00:00
Konstantin Belousov
aeaffd647e Style.
MFC after:	3 days
2010-08-23 15:18:35 +00:00
Konstantin Belousov
2793b01844 Use aux vector to get values for SSP canary, pagesize, pagesizes array,
number of host CPUs and osreldate.

This eliminates the last sysctl(2) calls from the dynamically linked image
startup.

No objections from:	kan
Tested by:	marius (sparc64)
MFC after:	1 month
2010-08-17 09:13:26 +00:00
Joel Dahl
c2025a7660 Fix typos, spelling, formatting and mdoc mistakes found by Nobuyuki while
translating these manual pages.  Minor corrections by me.

Submitted by:	Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp>
2010-08-16 15:18:30 +00:00
Joel Dahl
f6ac23919b Fix typos and spelling mistakes. 2010-08-06 14:33:42 +00:00
Andrey A. Chernov
01e14bff35 Comment out IEEE Std 1003.1-2001 conformance proclaimed too early,
see problems described in the comment to:
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/128933
2010-08-05 01:39:25 +00:00
Ulrich Spörlein
3d05ebbcf8 mdoc: remove unbalanced quotes 2010-08-02 13:11:41 +00:00
Nathan Whitehorn
840b91cc52 Provide 64-bit PowerPC support in libc.
Obtained from:	projects/ppc64
2010-07-10 14:45:03 +00:00
Colin Percival
ff847ecb82 In threaded processes, destroy the mutex atexit_mutex when we've
finished using it.  This allows the mutex's allocated memory to be
freed.

This is one sense a rather silly change, since at this point we're
less than a microsecond away from calling _exit; but fixing this
memory leak is likely to make life easier for anyone trying to
track down other memory leaks.
2010-06-13 01:13:36 +00:00
Ulrich Spörlein
0afc94c17a mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the
bottom of the manpages and order them consistently.

GNU groff doesn't care about the ordering, and doesn't even mention
CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put
them.

Found by:	mdocml lint run
Reviewed by:	ru
2010-05-13 12:07:55 +00:00
Christian Brueffer
e91cb7f003 The previous revision actually removed the bug being hinted at, so
go ahead and remove the hint.

PR:		143944
Submitted by:	Jeremy Huddleston <jeremyhu@apple.com>
MFC after:	1 week
2010-05-12 01:13:49 +00:00
Konstantin Belousov
431c9bf2d5 C language does not has references, it provides pointers.
Suggested by:	bde
MFC after:	2 weeks
2010-04-21 19:35:56 +00:00
Konstantin Belousov
7e36a19d51 Add standards section, improve wording, taking into account the handling
of NULL and changed type in declaration.

Suggested by:	bde
MFC after:	2 weeks
2010-04-21 16:41:02 +00:00
Konstantin Belousov
655c8a600b Free() is not allowed to modify errno, remove safety brackets around it [1].
Add small optimization, do not copy a string to the buffer that is
to be freed immediately after.

Noted by:	jh [1]
Reviewed by:	jh
MFC after:	2 weeks
2010-04-20 14:22:29 +00:00
Konstantin Belousov
9d79ec20fb Slightly modernize realpath(3).
SUSv4 requires that implementation returns EINVAL if supplied path is NULL,
and ENOENT if path is empty string [1].
Bring prototype in conformance with SUSv4, adding restrict keywords.
Allow the resolved path buffer pointer be NULL, in which case realpath(3)
allocates storage with malloc().

PR:	kern/121897 [1]
MFC after:	2 weeks
2010-04-20 10:16:44 +00:00
Ulrich Spörlein
aa12cea2cc mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by:	ru
Approved by:	philip, ed (mentors)
2010-04-14 19:08:06 +00:00
Jaakko Heinonen
967e82cae0 In reallocf(3), free the memory only when size != 0. Otherwise, when the
System V compatibility option (malloc "V" flag) is in effect a zero sized
reallocf() could cause a double free.

PR:		bin/141753
Submitted by:	Dan Lukes
2010-03-03 15:43:26 +00:00
Jason Evans
15f8d49756 Rewrite red-black trees to do lazy balance fixup. This improves
insert/remove speed by ~30%.
2010-02-28 22:57:13 +00:00
Marcel Moolenaar
a6c79196a7 Define TLS_MODEL for PowerPC as well. Since PowerPC uses variant I,
like ia64, leave it empty (default model).
2010-02-16 20:46:22 +00:00
Marcel Moolenaar
066d438476 Unbreak ia64: tls_model("initial-exec") is invalid, because it assumes
the static TLS model, which is fundamentally different from the dynamic
TLS model. The consequence was data corruption. Limit the attribute to
i386 and amd64.
2010-02-16 06:47:00 +00:00
Martin Cracauer
3a921aa75d Fix PR
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/143350
Empty string test gone wrong.

Testing this requires that you have a locale that has the sign string
unset but has int_n_sign_posn set (the default locale falls through to
use "()" around negative numbers which is probably another bug).

I created that setup by hand and indeed without this fix negative
numbers are put out as positive numbers (doesn't fall through to use
"-" as default indicator).

Unfixed example in nl_NL.ISO8859-1 with lc->negative_sign set to empty
string:
  strfmon(buf, sizeof(buf), "%-8i", -42.0);
==>
example2: 'EUR  42,00' 'Eu 42,00'

Fixed:
example2: 'EUR  42,00-' 'Eu 42,00-'

This file and suggested fix are identical in at least freebsd-8.
Backport might be appropriate but some expert on locales should
probably have a look at us defaulting to negative numbers in
parenthesis when LC_* is default.  That doesn't look right and is not
what other OSes are doing.

PR:		143350
Submitted by:	Corinna Vinschen
Reviewed by:	bug reporter submitted, tested by me
2010-02-10 00:02:09 +00:00
Jason Evans
d227440524 Fix bugs:
* Fix a race in chunk_dealloc_dss().

  * Check for allocation failure before zeroing memory in base_calloc().

Merge enhancements from a divergent version of jemalloc:

  * Convert thread-specific caching from magazines to an algorithm that is
    more tunable, and implement incremental GC.

  * Add support for medium size classes, [4KiB..32KiB], 2KiB apart by
    default.

  * Add dirty page tracking for pages within active small/medium object
    runs.  This allows malloc to track precisely which pages are in active
    use, which makes dirty page purging more effective.

  * Base maximum dirty page count on proportion of active memory.

  * Use optional zeroing in arena_chunk_alloc() to avoid needless zeroing
    of chunks.  This is useful in the context of DSS allocation, since a
    long-lived application may commonly recycle chunks.

  * Increase the default chunk size from 1MiB to 4MiB.

Remove feature:

  * Remove the dynamic rebalancing code, since thread caching reduces its
    utility.
2010-01-31 23:16:10 +00:00
Ed Maste
648050dfd0 Add missing return, in a rare case where we can't allocate memory in
deallocate.

Submitted by:	Ryan Stone (rysto32 at gmail dot com)
Approved by:	jasone
2010-01-27 16:47:02 +00:00
Jason Evans
5f2b1ed91b Simplify arena_run_reg_dalloc(), and remove a bug that was due to incorrect
initialization of ssize_invs.
2009-12-10 02:51:40 +00:00
Jason Evans
2354bdcf94 Fix the posix_memalign() changes in r196861 to actually return a NULL pointer
as intended.

PR:		standards/138307
2009-12-10 00:16:11 +00:00
Sean Farley
f959b43fd0 Revert behavior change to setenv(), unsetenv() and putenv() until a more
thorough security review has been completed.
2009-12-07 00:22:10 +00:00
Sean Farley
ef6ccfb52a Update the getenv(3) man page to reflect the recent change to the behavior
of setenv(), putenv() and unsetenv() when dealing with corrupt entries in
environ.  They now output a warning and complete their task without error.

MFC after:	1 week
2009-12-06 23:51:27 +00:00
Sean Farley
ca7520fe57 Change the behavior of setenv(), putenv() and unsetenv() to continue parsing
instead of returning an error if a corrupt (not a "name=value" string) entry
in the environ array is detected when (re)-building the internal
environment.  This should prevent applications or libraries from
experiencing issues arising from the expectation that these calls will
complete even with corrupt entries.  The behavior is now as it was prior to
7.0.

Reviewed by:	jilles
MFC after:	1 week
2009-12-06 23:27:24 +00:00
Sean Farley
6da7f71cd4 Improve the comment within getenv() explaining the search order it takes to
find a variable.  Include a note that it must not cause the internal
environment to be generated since malloc() depends upon getenv().  To call
malloc() would create a circular dependency.

Recommended by:	green
Approved by:	jilles
MFC after:	1 week
2009-12-06 23:05:17 +00:00
Ed Schouten
2c201a9afe Fix many "function declaration isn't a prototype" warnings in libc.
I've only fixed code that seems to be written by `us'. There are still
many warnings like this present in resolv/, rpc/, stdtime/ and yp/.
2009-12-05 19:31:38 +00:00
Brian Feldman
56a3273e0b Temporarily revert the previous change because the linker has been
modified so that it will abort when the environment is bad.
2009-12-01 06:42:47 +00:00
Brian Feldman
20f492f0eb Do not gratuitously fail *env(3) operations due to corrupt ('='-less)
**environ entries.  This puts non-getenv(3) operations in line with
getenv(3) in that bad environ entries do not cause all operations to
fail.  There is still some inconsistency in that getenv(3) in the
absence of any environment-modifying operation does not emit corrupt
environ entry warnings.

I also fixed another inconsistency in getenv(3) where updating the
global environ pointer would not be reflected in the return values.
It would have taken an intermediary setenv(3)/putenv(3)/unsetenv(3)
in order to see the change.
2009-12-01 05:04:31 +00:00
Colin Percival
8a7f1847b7 Change the utrace log entry for malloc_init from (0, 0, 0) to (-1, 0, 0)
in order to distinguish it from free(NULL), which is logged as (0, 0, 0).

Reviewed by:	jhb
2009-11-14 09:31:47 +00:00
Alan Cox
b8947edcb6 Make malloc(3) superpage aware. Specifically, if getpagesizes(3) returns
a large page size that is greater than malloc(3)'s default chunk size but
less than or equal to 4 MB, then increase the chunk size to match the large
page size.

Most often, using a chunk size that is less than the large page size is not
a problem.  However, consider a long-running application that allocates and
frees significant amounts of memory.  In particular, it frees enough memory
at times that some of that memory is munmap()ed.  Up until the first
munmap(), a 1MB chunk size is just fine; it's not a problem for the virtual
memory system.  Two adjacent 1MB chunks that are aligned on a 2MB boundary
will be promoted automatically to a superpage even though they were
allocated at different times.  The trouble begins with the munmap(),
releasing a 1MB chunk will trigger the demotion of the containing superpage,
leaving behind a half-used 2MB reservation.  Now comes the real problem.
Unfortunately, when the application needs to allocate more memory, and it
recycles the previously munmap()ed address range, the implementation of
mmap() won't be able to reuse the reservation.  Basically, the coalescing
rules in the virtual memory system don't allow this new range to combine
with its neighbor.  The effect being that superpage promotion will not
reoccur for this range of addresses until both 1MB chunks are freed at some
point in the future.

Reviewed by:	jasone
MFC after:	3 weeks
2009-09-26 18:20:40 +00:00
Konstantin Belousov
1ecc75dfe3 Handle zero size for posix_memalign. Return NULL or unique address
according to the 'V' option.

PR:	standards/138307
MFC after:	1 week
2009-09-05 13:32:05 +00:00
Ed Schouten
00ee13a0af Our implementation of granpt(3) could be valid in the future.
When I wrote the pseudo-terminal driver for the MPSAFE TTY code, Robert
Watson and I agreed the best way to implement this, would be to let
posix_openpt() create a pseudo-terminal with proper permissions in place
and let grantpt() and unlockpt() be no-ops.

This isn't valid behaviour when looking at the spec. Because I thought
it was an elegant solution, I filed a bug report at the Austin Group
about this. In their last teleconference, they agreed on this subject.
This means that future revisions of POSIX may allow grantpt() and
unlockpt() to be no-ops if an open() on /dev/ptmx (if the implementation
has such a device) and posix_openpt() already do the right thing.

I'd rather put this in the manpage, because simply mentioning we don't
comply to any standard makes it look worse than it is. Right now we
don't, but at least we took care of it.

Approved by:	re (kib)
MFC after:	3 days
2009-08-24 11:16:44 +00:00
Ed Schouten
87fbd35f4f Simplify. We can just use .sinclude here.
Submitted by:	Christoph Mallon
2009-06-23 14:10:46 +00:00
Ed Schouten
98669c791d Our grantpt(3) and unlockpt(3) don't comply with POSIX. 2009-05-04 18:14:45 +00:00
Xin LI
00d949789a "-isoC-99" should be spelled without 'c'. 2009-03-01 05:44:28 +00:00
Ed Schouten
26d4f5e969 Add two new routines: fdevname() and fdevname_r().
A more elegant way of obtaining a name of a character device by its file
descriptor on FreeBSD, is to use the FIODGNAME ioctl. Because a valid
file descriptor implies a file descriptor is visible in /dev, it will
always resolve a valid device name.

I'm adding a more friendly wrapper for this ioctl, called fdevname(). It
is a lot easier to use than devname() and also has better error
handling. When a device name cannot be resolved, it will just return
NULL instead of a generated device name that makes no sense.

Discussed with:	kib
2009-02-11 20:24:59 +00:00
Giorgos Keramidas
0bc4c01d56 Fix language on atol(3) manpage. Add a COMPATIBILITY section
stating that in FreeBSD the atol() and atoll() functions affect
errno in the same way as strtol() and stroll().

PR:		docs/126487
Submitted by:	edwin
Reviewed by:	trhodes, gabor
MFC after:	1 week
2009-02-08 08:26:58 +00:00
Jason Evans
d7ba3e423a Fix a lock order reversal bug that could cause deadlock during fork(2).
Reported by:	kib
2008-12-01 10:20:59 +00:00
Jason Evans
17daa728ae Adjust an assertion to handle the case where a lock is contested, but
spinning is avoided due to running on a single-CPU system.

Reported by:	stefanf
2008-11-30 19:30:31 +00:00
Jason Evans
93e34865fa Do not spin when trying to lock on a single-CPU system.
Reported by:	davidxu
2008-11-30 05:55:24 +00:00
Jason Evans
b74d3e0c37 Revert to preferring mmap(2) over sbrk(2) when mapping memory, due to
potential extreme contention in the kernel for multi-threaded applications
on SMP systems.

Reported by:	kris
2008-11-03 21:17:18 +00:00
Alexander Leidinger
1455fd2638 MTC r183949:
Allow to define MALLOC_PRODUCTION with a make variable instead of polluting
 the global CFLAGS.

Reviewed by:	jasone
2008-10-17 08:30:20 +00:00
Jason Evans
bf5b19279d Use PAGE_{SIZE,MASK,SHIFT} from machine/param.h rather than hard-coding
page size and using sysconf(3).

Suggested by:	marcel
2008-09-10 14:27:34 +00:00
Marcel Moolenaar
93bf4a8436 Unbreak ia64: pges are 8KB. 2008-09-06 05:26:31 +00:00
Jason Evans
d6742bfbd3 Add thread-specific caching for small size classes, based on magazines.
This caching allows for completely lock-free allocation/deallocation in the
steady state, at the expense of likely increased memory use and
fragmentation.

Reduce the default number of arenas to 2*ncpus, since thread-specific
caching typically reduces arena contention.

Modify size class spacing to include ranges of 2^n-spaced, quantum-spaced,
cacheline-spaced, and subpage-spaced size classes.  The advantages are:
fewer size classes, reduced false cacheline sharing, and reduced internal
fragmentation for allocations that are slightly over 512, 1024, etc.

Increase RUN_MAX_SMALL, in order to limit fragmentation for the
subpage-spaced size classes.

Add a size-->bin lookup table for small sizes to simplify translating sizes
to size classes.  Include a hard-coded constant table that is used unless
custom size class spacing is specified at run time.

Add the ability to disable tiny size classes at compile time via
MALLOC_TINY.
2008-08-27 02:00:53 +00:00
Ed Schouten
f0c96ff802 Remove grantpt.c, which should have been deleted in the MPSAFE TTY commit.
The routines in grantpt.c have been moved to ptsname.c in the MPSAFE TTY
layer, because grantpt() is now effectively a no-op. I forgot to remove
the corresponding source file from libc.
2008-08-20 09:43:46 +00:00
Ed Schouten
bc093719ca Integrate the new MPSAFE TTY layer to the FreeBSD operating system.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:

- Improved driver model:

  The old TTY layer has a driver model that is not abstract enough to
  make it friendly to use. A good example is the output path, where the
  device drivers directly access the output buffers. This means that an
  in-kernel PPP implementation must always convert network buffers into
  TTY buffers.

  If a PPP implementation would be built on top of the new TTY layer
  (still needs a hooks layer, though), it would allow the PPP
  implementation to directly hand the data to the TTY driver.

- Improved hotplugging:

  With the old TTY layer, it isn't entirely safe to destroy TTY's from
  the system. This implementation has a two-step destructing design,
  where the driver first abandons the TTY. After all threads have left
  the TTY, the TTY layer calls a routine in the driver, which can be
  used to free resources (unit numbers, etc).

  The pts(4) driver also implements this feature, which means
  posix_openpt() will now return PTY's that are created on the fly.

- Improved performance:

  One of the major improvements is the per-TTY mutex, which is expected
  to improve scalability when compared to the old Giant locking.
  Another change is the unbuffered copying to userspace, which is both
  used on TTY device nodes and PTY masters.

Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.

Obtained from:		//depot/projects/mpsafetty/...
Approved by:		philip (ex-mentor)
Discussed:		on the lists, at BSDCan, at the DevSummit
Sponsored by:		Snow B.V., the Netherlands
dcons(4) fixed by:	kan
2008-08-20 08:31:58 +00:00
Jason Evans
6f14f9b656 Move CPU_SPINWAIT into the innermost spin loop, in order to allow faster
preemption while busy-waiting.

Submitted by:	Mike Schuster <schuster@adobe.com>
2008-08-14 17:31:42 +00:00
Jason Evans
52d7a117c0 Re-order the terms of an expression in arena_run_reg_dalloc() to correctly
detect whether the integer division table is large enough to handle the
divisor.  Before this change, the last two table elements were never used,
thus causing the slow path to be used for those divisors.
2008-08-14 17:03:29 +00:00
Colin Percival
c123de30b6 Remove variables which are assigned values and never used thereafter.
Found by:	LLVM/Clang Static Checker
Approved by:	jasone
2008-08-08 20:42:42 +00:00
Sean Farley
ee2889cb98 Restructure and use different variables in the tests that involve
environ[0] to be more obvious that environ is not NULL before environ[0]
is tested.  Although I believe the previous code worked, this change
improves code maintainability.

Reviewed by:	ache
MFC after:	3 days
2008-08-03 22:47:23 +00:00
Sean Farley
3522c38bbe Detect if the application has cleared the environ variable by setting
the first value (environ[0]) to NULL.  This is in addition to the
current detection of environ being replaced, which includes being set to
NULL.  Without this fix, the environment is not truly wiped, but appears
to be by getenv() until an *env() call is made to alter the enviroment.

This change is necessary to support those applications that use this
method for clearing environ such as Dovecot and Postfix.  Applications
such as Sendmail and the base system's env replace environ (already
detected).  While neither of these methods are defined by SUSv3, it is
best to support them due to historic reasons and in lieu of a clean,
defined method.

Add extra units tests for clearing environ using four different methods:
1. Set environ to NULL pointer.
2. Set environ[0] to NULL pointer.
3. Set environ to calloc()'d NULL-terminated array.
4. Set environ to static NULL-terminated array.

Noticed by:	Timo Sirainen

MFC after:	3 days
2008-08-02 02:34:35 +00:00
Jason Evans
2bb0f7ba54 Enhance arena_chunk_map_t to directly support run coalescing, and use
the chunk map instead of red-black trees where possible.  Remove the
red-black trees and node objects that are obsoleted by this change.  The
net result is a ~1-2% memory savings, and a substantial allocation speed
improvement.
2008-07-18 19:35:44 +00:00
Daniel Gerzo
5fd5badfa9 - This code was intially obtained from NetBSD, but it's missing licence
statement. Add the one from the current NetBSD version.
- Also bump a date to reflect my content changes I have done in previous
  revision

Approved by:	imp
MFC after:	3 days
2008-07-06 17:03:37 +00:00
Daniel Gerzo
6d05da1dc9 - Add description about a missing return value
PR:		docs/75995
Submitted by:	Tarc <tarc@po.cs.msu.su>
MFC after:	3 days
2008-07-06 12:17:53 +00:00
Daniel Gerzo
408425ce37 - remove superfluous word
- remove contractions

MFC after:	3 days
2008-07-06 11:31:20 +00:00
Daniel Gerzo
91bc389e54 Mark the section describing return values with an appropriate section flag.
PR:		docs/122818
MFC after:	3 days
2008-06-26 08:24:59 +00:00
Ed Schouten
e3580e9d91 Don't export the unused __use_pts() routine.
The __use_pts() routine was once probably used by libutil to determine
if we are using BSD or UNIX98 style PTY device names. It doesn't seem to
be used outside grantpt.c, which means we can make it static and remove
it from the Symbol.map.

Reviewed by:	cognet, kib
Approved by:	philip (mentor)
2008-06-17 14:05:03 +00:00
Jason Evans
b1c8b30f55 In the error path through base_alloc(), release base_mtx [1].
Fix bit vector initialization for run headers.

Submitted by:	[1] Mike Schuster <schuster@adobe.com>
2008-06-10 15:46:18 +00:00
Jason Evans
2e78350530 Clean up cpp logic and comments. 2008-05-14 18:33:13 +00:00
Jason Evans
4788234366 Fix a comment. 2008-05-03 17:49:16 +00:00
Jason Evans
9007109030 Add a separate tree to track arena chunks that contain dirty pages.
This substantially improves worst case allocation performance, since
O(lg n) tree search can be used instead of O(n) tree iteration.

Use rb_wrap() instead of directly calling rb_*() macros.
2008-05-01 17:25:55 +00:00
Jason Evans
21162484ae Add rb_wrap(), which creates C function wrappers for most rb_*()
macros.

Add rb_foreach_next() and rb_foreach_reverse_prev(), which make it
possible to re-synchronize tree iteration after the tree has been
modified.

Rename rb_tree_new() to rb_new().
2008-05-01 17:24:37 +00:00
Oleksandr Tymoshenko
00fb5362ba Set QUANTUM_2POW_MIN and SIZEOF_PTR_2POW parameters for MIPS
Approved by: imp
2008-04-29 22:56:05 +00:00
Jason Evans
e3085308be Check for integer overflow before calling sbrk(2), since it uses a
signed increment argument, but the size is an unsigned integer.
2008-04-29 01:32:42 +00:00
Ruslan Ermilov
eff93c8073 Stricter check for integer overflow. 2008-04-24 07:49:00 +00:00
Jason Evans
e5bf0d71c9 Implement red-black trees without using parent pointers, and store the
color bit in the least significant bit of the right child pointer, in
order to reduce red-black tree linkage overhead by ~2X as compared to
sys/tree.h.

Use the new red-black tree implementation in malloc, which drops
memory usage by ~0.5 or ~1%, for 32- and 64-bit systems, respectively.
2008-04-23 16:09:18 +00:00
Ruslan Ermilov
5b30d6ca77 Don't forget to free() currency_symbol and asciivalue when multiple
conversion specifiers for them are present.

Submitted by:	Maxim Dounin <mdounin@mdounin.ru>
Obtained from:	NetBSD (partially)
MFC after:	3 days
2008-04-19 07:22:58 +00:00
Ruslan Ermilov
3890416f9c Better strfmon(3) conversion specifiers sanity checking.
There were no checks for left and right precisions at all, and
a check for field width had integer overflow bug.

Reported by:	Maksymilian Arciemowicz
Security:	http://securityreason.com/achievement_securityalert/53
Submitted by:	Maxim Dounin <mdounin@mdounin.ru>
MFC after:	3 days
2008-04-19 07:18:22 +00:00
Xin LI
92226c92f3 Use calloc() instaed of zeroing memory ourselves. 2008-04-13 08:05:08 +00:00
Jason Evans
f2ec9c0c86 Remove stale #include <machine/atomic.h>, which as needed by lazy
deallocation.
2008-03-07 16:54:03 +00:00
Sean Farley
7f08f0dd77 Replace the use of warnx() with direct output to stderr using _write().
This reduces the size of a statically-linked binary by approximately 100KB
in a trivial "return (0)" test application.  readelf -S was used to verify
that the .text section was reduced and that using strlen() saved a few
more bytes over using sizeof().  Since the section of code is only called
when environ is corrupt (program bug), I went with fewer bytes over fewer
cycles.

I made minor edits to the submitted patch to make the output resemble
warnx().

Submitted by:	kib bz
Approved by:	wes (mentor)
MFC after:	5 days
2008-02-28 04:09:08 +00:00
Jason Evans
1945c7bd47 Fix a race condition in arena_ralloc() for shrinking in-place large
reallocation, when junk filling is enabled.  Junk filling must occur
prior to shrinking, since any deallocated trailing pages are immediately
available for use by other threads.

Reported by:	Mats Palmgren <mats.palmgren@bredband.net>
2008-02-17 18:34:17 +00:00
Jason Evans
196d0d4b59 Remove support for lazy deallocation. Benchmarks across a wide range of
allocation patterns, number of CPUs, and MALLOC_OPTIONS settings indicate
that lazy deallocation has the potential to worsen throughput dramatically.
Performance degradation occurs when multiple threads try to clear the lazy
free cache simultaneously.  Various experiments to avoid this bottleneck
failed to completely solve this problem, while adding yet more complexity.
2008-02-17 17:09:24 +00:00
Jason Evans
157d89fe25 Fix a bug in lazy deallocation that was introduced when
arena_dalloc_lazy_hard() was split out of arena_dalloc_lazy() in revision
1.162.

Reduce thundering herd problems in lazy deallocation by randomly varying
how many probes a thread does before taking the slow path.
2008-02-08 08:02:34 +00:00
Jason Evans
97091a2dd7 Clean up manipulation of chunk page map elements to remove some tenuous
assumptions about whether bits are set at various times.  This makes
adding other flags safe.

Reorganize functions in order to inline i{m,c,p,s,re}alloc().  This
allows the entire fast-path call chains for malloc() and free() to be
inlined. [1]

Suggested by:	[1] Stuart Parmenter <stuart@mozilla.com>
2008-02-08 00:35:56 +00:00
Jason Evans
baad859d16 Track dirty unused pages so that they can be purged if they exceed a
threshold, according to the 'F' MALLOC_OPTIONS flag.  This obsoletes the
'H' flag.

Try to realloc() large objects in place.  This substantially speeds up
incremental large reallocations in the common case.

Fix a bug in arena_ralloc() that caused relocation of sub-page objects
even if the old and new sizes were in the same size class.

Maintain trees of runs and simplify the per-chunk page map.  This allows
logarithmic-time searching for sufficiently large runs in
arena_run_alloc(), whereas the previous algorithm required linear time
in the worst case.

Break various large functions into smaller sub-functions, and inline
only the functions that are in the fast path for small object
allocation/deallocation.

Remove an unnecessary check in base_pages_alloc_mmap().

Avoid integer division in choose_arena() for the NO_TLS case on
single-CPU systems.
2008-02-06 02:59:54 +00:00
John Baldwin
c7716170ef Remove some now-unused macros.
MFC after:	1 week
2008-01-15 18:55:52 +00:00
John Baldwin
c50897c392 Put back the openpty(3) and ptsname(3) fixes but don't disable ptsname(3)
on pts(4) devices this time.  This fixes the issues while leaving pts(4)
enabled on HEAD.
2008-01-15 15:36:23 +00:00
Colin Percival
d3f576839b Back out last commit, since it accidentally broke pts.
The security fix will be re-committed soon, hopefully without breaking
anything.
2008-01-15 13:59:13 +00:00
Colin Percival
160e76972a Fix issues which allow snooping on ptys. [08:01]
Fix an off-by-one error in inet_network(3). [08:02]

Security: FreeBSD-SA-08:01.pty
Security: FreeBSD-SA-08:02.libc
2008-01-14 22:56:05 +00:00
David Schultz
ac48ad2e5e Changing 'r' to a size_t in the previous commit turned quicksort
into slowsort for some sequences because different parts of the
code used 'r' to store two different things, one of which was
signed. Clean things up by splitting 'r' into two variables, and
use a more meaningful name.
2008-01-14 09:21:34 +00:00
David Schultz
badf97cd55 Use size_t to avoid overflow when sorting arrays larger than 2 GB.
PR:		111085
MFC after:	2 weeks
2008-01-13 02:11:10 +00:00
Jason Evans
f38512f4af Enable both sbrk(2)- and mmap(2)-based memory acquisition methods by
default.  This has the disadvantage of rendering the datasize resource
limit irrelevant, but without this change, legitimate uses of more
memory than will fit in the data segment are thwarted by default.

Fix chunk_alloc_mmap() to work correctly if initial mapping is not
chunk-aligned and mapping extension fails.
2008-01-03 23:22:13 +00:00
Jason Evans
36ac4cc502 Fix a major chunk-related memory leak in chunk_dealloc_dss_record(). [1]
Clean up DSS-related locking and protect all pertinent variables with
dss_mtx (remove dss_chunks_mtx).  This fixes race conditions that could
cause chunk leaks.

Reported by:	[1] kris
2007-12-31 06:19:48 +00:00
Jason Evans
07aa172f11 Fix a bug related to sbrk() calls that could cause address space leaks.
This is a long-standing bug, but until recent changes it was difficult
to trigger, and even then its impact was non-catastrophic, with the
exception of revision 1.157.

Optimize chunk_alloc_mmap() to avoid the need for unmapping pages in the
common case.  Thanks go to Kris Kennaway for a patch that inspired this
change.

Do not maintain a record of previously mmap'ed chunk address ranges.
The original intent was to avoid the extra system call overhead in
chunk_alloc_mmap(), which is no longer a concern.  This also allows some
simplifications for the tree of unused DSS chunks.

Introduce huge_mtx and dss_chunks_mtx to replace chunks_mtx.  There was
no compelling reason to use the same mutex for these disjoint purposes.

Avoid memset() for huge allocations when possible.

Maintain two trees instead of one for tracking unused DSS address
ranges.  This allows scalable allocation of multi-chunk huge objects in
the DSS.  Previously, multi-chunk huge allocation requests failed if the
DSS could not be extended.
2007-12-31 00:59:16 +00:00
Jason Evans
14a7e7b5e1 Back out premature commit of previous version. 2007-12-28 09:21:12 +00:00
Jason Evans
03947063d0 Maintain two trees instead of one (old_chunks --> old_chunks_{ad,szad}) in
order to support re-use of multi-chunk unused regions within the DSS for
huge allocations.  This generalization is important to correct function
when mmap-based allocation is disabled.

Avoid zeroing re-used memory in the DSS unless it really needs to be
zeroed.
2007-12-28 07:24:19 +00:00
Jason Evans
3762647250 Release chunks_mtx for all paths through chunk_dealloc().
Reported by:	kris
2007-12-28 02:15:08 +00:00
Jason Evans
ebc87e7e0b Add the 'D' and 'M' run time options, and use them to control whether
memory is acquired from the system via sbrk(2) and/or mmap(2).  By default,
use sbrk(2) only, in order to support traditional use of resource limits.
Additionally, when both options are enabled, prefer the data segment to
anonymous mappings, in order to coexist better with large file mappings
in applications on 32-bit platforms.  This change has the potential to
increase memory fragmentation due to the linear nature of the data
segment, but from a performance perspective this is mitigated by the use
of madvise(2). [1]

Add the ability to interpret integer prefixes in MALLOC_OPTIONS
processing.  For example, MALLOC_OPTIONS=lllllllll can now be specified as
MALLOC_OPTIONS=9l.

Reported by:	[1] rwatson
Design review:	[1] alc, peter, rwatson
2007-12-27 23:29:44 +00:00
John Baldwin
d32324f64f Clean up some of the pts(4) vs pty(4) stuff in grantpt(3) and friends:
- Use PTY* for all pty(4) related constants.
- Use PTMX* for all pts(4) related constants.
- Consistently use _PATH_DEV PTMX rather than "/dev/ptmx".
- Revert 1.7 and properly fix it by using the correct prefix string for
  pts(4) masters.

MFC after:	3 days
2007-12-21 21:26:08 +00:00
Jason Evans
a0a474aed6 Use fixed point integer math instead of floating point math when
calculating run sizes.  Use of the floating point unit was a potential
pessimization to context switching for applications that do not otherwise
use floating point math. [1]

Reformat cpp macro-related comments to improve consistency.

Submitted by:	das
2007-12-18 05:27:57 +00:00
Jason Evans
d55bd6236f Refactor features a bit in order to make it possible to disable lazy
deallocation and dynamic load balancing via the MALLOC_LAZY_FREE and
MALLOC_BALANCE knobs.  This is a non-functional change, since these
features are still enabled when possible.

Clean up a few things that more pedantic compiler settings would cause
complaints over.
2007-12-17 01:20:04 +00:00
David Schultz
4b6b574455 Implement and document nan(), nanf(), and nanl(). This commit
adds two new directories in msun: ld80 and ld128. These are for
long double functions specific to the 80-bit long double format
used on x86-derived architectures, and the 128-bit format used on
sparc64, respectively.
2007-12-16 21:19:28 +00:00
John Baldwin
ca81364fb1 Update posix_openpt(3) to handle 512 ptys. This was missed in the earlier
pty(4) changes.

MFC after:	3 days
2007-12-13 00:08:59 +00:00
Andrey A. Chernov
192b5193c7 Fix typo in the comment 2007-12-11 20:39:32 +00:00
Jason Evans
7e42e29b9b Only zero large allocations when necessary (for calloc()). 2007-11-28 00:17:34 +00:00
Jason Evans
77cfb3fec2 Document the B and L MALLOC_OPTIONS. 2007-11-27 03:18:26 +00:00
Jason Evans
5ea8413d0a Implement dynamic load balancing of thread-->arena mapping, based on lock
contention.  The intent is to dynamically adjust to load imbalances, which
can cause severe contention.

Use pthread mutexes where possible instead of libc "spinlocks" (they aren't
actually spin locks).  Conceptually, this change is meant only to support
the dynamic load balancing code by enabling the use of spin locks, but it
has the added apparent benefit of substantially improving performance due to
reduced context switches when there is moderate arena lock contention.

Proper tuning parameter configuration for this change is a finicky business,
and it is very much machine-dependent.  One seemingly promising solution
would be to run a tuning program during operating system installation that
computes appropriate settings for load balancing.  (The pthreads adaptive
spin locks should probably be similarly tuned.)
2007-11-27 03:17:30 +00:00
Jason Evans
26b5e3a18e Implement lazy deallocation of small objects. For each arena, maintain a
vector of slots for lazily freed objects.  For each deallocation, before
doing the hard work of locking the arena and deallocating, try several times
to randomly insert the object into the vector using atomic operations.

This approach is particularly effective at reducing contention for
multi-threaded applications that use the producer-consumer model, wherein
one producer thread allocates objects, then multiple consumer threads
deallocate those objects.
2007-11-27 03:13:15 +00:00
Jason Evans
bcd3523138 Avoid re-zeroing memory in calloc() when possible. 2007-11-27 03:12:15 +00:00
Jason Evans
1bbd1b8613 Fix stats printing of the amount of memory currently consumed by huge
allocations. [1]

Fix calculation of the number of arenas when 'n' is specified via
MALLOC_OPTIONS.

Clean up various style inconsistencies.

Obtained from:	[1] NetBSD
2007-11-27 03:09:23 +00:00
David Xu
c5081fcd35 Remove out of date notes, the atoi code is thread-safe and async-cancel
safe.

Discussed with: desichen
2007-10-19 06:23:39 +00:00
Sean Farley
8e5b20fa9c The precision for a string argument in a call to warnx() needs to be cast
to an int to remove the warning from using a size_t variable on 64-bit
platforms.

Submitted by:	Xin LI <delphij@FreeBSD.org>
Approved by:	wes
Approved by:	re (kensmith)
2007-09-22 02:30:44 +00:00
Sean Farley
21c376969a Skip rebuilding environ in setenv() only upon reuse of an active variable;
inactive variables should cause a rebuild of environ, otherwise, exec()'d
processes will be missing a variable in environ that has been unset then
set.

Submitted by:	Taku Yamamoto <taku@tackymt.homeip.net>
Reviewed by:	ache
Approved by:	wes (mentor)
Approved by:	re (kensmith)
2007-09-15 21:48:54 +00:00
Sean Farley
9bab236702 Added environ-replacement detection. For programs that "clean" (i.e., su)
or replace (i.e., zdump) the environment after a call to setenv(), putenv()
or unsetenv() has been made, a few changes were made.
  - getenv() will return the value from the new environ array.
  - setenv() was split into two functions:  __setenv() which is most of the
    previous setenv() without checks on the name and setenv() which
    contains the checks before calling __setenv().
  - setenv(), putenv() and unsetenv() will unset all previous values and
    call __setenv() on all entries in the new environ array which in turn
    adds them to the end of the envVars array.  Calling __setenv() instead
    of setenv() is done to avoid the temporary replacement of the '=' in a
    string with a NUL byte.  Some strings may be read-only data.

Added more regression checks for clearing the environment array.

Replaced gettimeofday() with getrusage() in timing regression check for
better accuracy.

Fixed an off-by-one bug in __remove_putenv() in the use of memmove().  This
went unnoticed due to the allocation of double the number of environ
entries when building envVars.

Fixed a few spelling mistakes in the comments.

Reviewed by:	ache
Approved by:	wes
Approved by:	re (kensmith)
2007-07-20 23:30:13 +00:00
Sean Farley
2966d28c32 Significantly reduce the memory leak as noted in BUGS section for
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.

Convert all calls to POSIX from historic BSD API:
 - unsetenv returns an int.
 - putenv takes a char * instead of const char *.
 - putenv no longer makes a copy of the input string.
 - errno is set appropriately for POSIX.  Exceptions involve bad environ
   variable and internal initialization code.  These both set errno to
   EFAULT.

Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit.  A few I re-wrote to use setenv()
instead of putenv().

New regression module for tools/regression/environ to test these
functions.  It also can be used to test the performance.

Bump __FreeBSD_version to 700050 due to API change.

PR:		kern/99826
Approved by:	wes
Approved by:	re (kensmith)
2007-07-04 00:00:41 +00:00
Jason Evans
0061e03d7f Add information about the implications of using mmap(2) instead of sbrk(2).
Submitted by:	bmah, jhb
2007-06-15 22:32:33 +00:00
Jason Evans
76507741ab Fix junk/zero filling for realloc(). Junk filling was missing in one case,
and zero filling was broken in a way that could cause memory corruption.

Update comments.
2007-06-15 22:00:16 +00:00
Jonathan Chen
959496efbf Backout 1.5 as requested by deischen 2007-05-22 05:28:40 +00:00
Jonathan Chen
81d8304713 __cleanup() is needed for ports/devel/valgrind, export it. 2007-05-22 03:03:28 +00:00
Andrey A. Chernov
ba174a5e38 Back out all POSIXified *env() changes.
Not because I admit they are technically wrong and not because of bug
reports (I receive nothing). But because I surprisingly meets so
strong opposition and resistance so lost any desire to continue that.

Anyone who interested in POSIX can dig out what changes and how
through cvs diffs.
2007-05-01 16:02:44 +00:00
Andrey A. Chernov
fad6917924 Bump .Dd
Suggested by: Henrik Brix Andersen <henrik@brixandersen.dk>
2007-04-30 19:37:10 +00:00
Andrey A. Chernov
a7b27253d0 Add phrase
"so altering the argument shall change the environment."
into putenv description.
2007-04-30 18:01:51 +00:00
Andrey A. Chernov
15fdb055e5 Make putenv() fully conforms to Open Group specs Issue 6
(also IEEE Std 1003.1-2001)

The specs explicitly says that altering passed string
should change the environment, i.e. putenv() directly puts its arg
into environment (unlike setenv() which just copies it there).
It means that putenv() can't be implemented via setenv()
(like we have before) at all. Putenv() value lives (allows modifying)
up to the next putenv() or setenv() call.
2007-04-30 16:56:18 +00:00
Andrey A. Chernov
00f8652278 Remove special case skipping initial '=' of the setenv() value "for
compatibility with the different environment conventions" (man page).
With the standards, we don't have them different anymore and
IEEE Std 1003.1-2001 says that

"The values that the environment variables may be assigned are not
restricted except that they are considered to end with a null byte"
2007-04-30 03:47:31 +00:00
Andrey A. Chernov
bdda893471 Make setenv, putenv, getenv and unsetenv conforming to Open Group specs
Issue 6 (also IEEE Std 1003.1-2001) in following areas:
args, return, errors.

Putenv still needs rewriting because specs explicitly says that
altering passed string later should change the environment (currently we
copy the string so can't provide that).
2007-04-30 02:25:02 +00:00
Daniel Eischen
5f864214bb Use C comments since we now preprocess these files with CPP. 2007-04-29 14:05:22 +00:00
Ruslan Ermilov
41e0cfabe9 Swap "underflow"/"overflow" in the table header.
Submitted by:	Ricardo Nabinger Sanchez
MFC after:	3 days
2007-04-10 11:17:00 +00:00
Jason Evans
d33f4690ba Use size_t instead of unsigned for pagesize-related values, in order to
avoid downcasting issues.  In particular, this change fixes
posix_memalign(3) for alignments greater than 2^31 on LP64 systems.

Make sure that NDEBUG is always set to be compatible with MALLOC_DEBUG. [1]

Reported by:	[1] Lee Hyo geol <hyogeollee@gmail.com>
2007-03-29 21:07:17 +00:00
Jason Evans
eaf8d73212 Remove the run promotion/demotion machinery. Replace it with red-black
trees that track all non-full runs for each bin.  Use the red-black
trees to be able to guarantee that each new allocation is placed in the
lowest address available in any non-full run.  This change completes the
transition to allocating from low addresses in order to reduce the
retention of sparsely used chunks.

If the run in current use by a bin becomes empty, deallocate the run
rather than retaining it for later use.  The previous behavior had the
tendency to spread empty runs across multiple chunks, thus preventing
the release of chunks that were completely unused.

Generalize base_chunk_alloc() (and rename it to base_pages_alloc()) to
handle allocation sizes larger than the chunk size, so that it is
possible to support chunk sizes that are smaller than an arena object.

Reduce the minimum chunk size from 64kB to 8kB.

Optimize tracking of addresses for deleted chunks.

Fix a statistics bug for huge allocations.
2007-03-28 19:55:07 +00:00
Jason Evans
0a19939042 Update the IMPLEMENTATION NOTES section to reflect recent malloc
enhancements.
2007-03-28 04:34:19 +00:00
Jason Evans
cec95ce278 Add a HISTORY section. 2007-03-28 04:32:51 +00:00
Jason Evans
12fbf47cfb Fix some subtle bugs for posix_memalign() having to do with integer
rounding and overflow.  Carefully document what the various overflow
tests actually detect.

The bugs mostly canceled out, such that the worst possible failure
cases resulted in non-fatal over-allocations.
2007-03-24 20:44:06 +00:00
Jason Evans
e3da012f00 Fix posix_memalign() for large objects. Now that runs are extents rather
than binary buddies, the alignment guarantees are weaker, which requires
a more complex aligned allocation algorithm, similar to that used for
alignment greater than the chunk size.

Reported by:	matteo
2007-03-23 22:58:15 +00:00
Jason Evans
bb99793a2b Use extents rather than binary buddies to track free pages within
chunks.  This allows runs to be any multiple of the page size.  The
primary advantage is that large objects are no longer constrained to be
2^n pages, which can dramatically decrease internal fragmentation for
large objects.  This also allows the sizes for runs that back small
objects to be more finely tuned.

Free runs are searched for linearly using the chunk page map (with the
help of some heuristic optimizations).  This changes the allocation
policy from "first best fit" to "first fit".  A prototype red-black tree
implementation for tracking free runs that implemented "first best fit"
did not cause a measurable speed or memory usage difference for
realistic chunk sizes (though of course it is possible to construct
benchmarks that favor one allocation policy over another).

Refine the handling of fullness constraints for small runs to be more
tunable.

Restructure the per chunk page map to contain only two fields per entry,
rather than four.  Also, increase each entry from 4 to 8 bytes, since it
allows for 32-bit integers, without increasing the number of chunk
header pages.

Relax the maximum chunk size constraint.  This is of no practical
interest; it is merely fallout from the chunk page map restructuring.

Revamp statistics gathering and reporting to be faster, clearer and more
informative.  Statistics gathering is fast enough now to have little
to no impact on application speed, but it still requires approximately
two extra pages of memory per arena (per process).  This memory overhead
may be acceptable for most systems, but we still need to leave
statistics gathering disabled by default in RELENG branches.

Rename NO_MALLOC_EXTRAS to MALLOC_PRODUCTION in order to make its intent
clearer (i.e. it should be defined in RELENG branches).
2007-03-23 05:05:48 +00:00
Jason Evans
c9f0c8fd74 Avoid using vsnprintf(3) unless MALLOC_STATS is defined, in order to
avoid substantial potential bloat for static binaries that do not
otherwise use any printf(3)-family functions. [1]

Rearrange arena_run_t so that the region bitmask can be minimally sized
according to constraints related to each bin's size class.  Previously,
the region bitmask was the same size for all run headers, which wasted
a measurable amount of memory.

Rather than making runs for small objects as large as possible, make
runs as small as possible such that header overhead stays below a
certain bound.  There are two exceptions that override the header
overhead bound:

	1) If the bound is impossible to honor, it is relaxed on a
	   per-size-class basis.  Since there is one bit of header
	   overhead per object (plus a constant), it is impossible to
	   achieve a header overhead less than or equal to 1/(# of bits
	   per object).  For the current setting of maximum 0.5% header
	   overhead, this relaxation comes into play for {2, 4, 8,
	   16}-byte objects, for which header overhead is (on 64-bit
	   systems) {7.1, 4.3, 2.2, 1.2}%, respectively.

	2) There is still a cap on small run size, still set to 64kB.
	   This comes into play for {1024, 2048}-byte objects, for which
	   header overhead is {1.6, 3.1}%, respectively.

In practice, this reduces the run sizes, which makes worst case
low-water memory usage due to fragmentation less bad.  It also reduces
worst case high-water run fragmentation due to non-full runs, but this
is only a constant improvement (most important to small short-lived
processes).

Reduce the default chunk size from 2MB to 1MB.  Benchmarks indicate that
the external fragmentation reduction makes 1MB the new sweet spot (as
small as possible without adversely affecting performance).

Reported by:	[1] kientzle
2007-03-20 03:44:10 +00:00
Jason Evans
a326064e24 Modify chunk_alloc() to prefer mmap()ed memory over sbrk()ed memory.
This has no impact unless USE_BRK is defined (32-bit platforms), in
which case user allocations are allocated via mmap() if at all possible,
in order to avoid the possibility of unreclaimable chunks in the data
segment.

Fix an obscure bug in base_alloc() that could have allowed undefined
behavior if an application were to use sbrk() in conjunction with a
USE_BRK-enabled malloc.
2007-02-22 19:10:30 +00:00