]> git.saurik.com Git - apple/libc.git/blob - gen/malloc.c
projects / apple / libc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Libc-763.13.tar.gz
[apple/libc.git] / gen / malloc.c
1 /*
2 * Copyright (c) 1999, 2006-2008 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include <pthread_internals.h>
25 #include "magmallocProvider.h"
26 #include <mach-o/dyld.h> /* for NSVersionOfLinkTimeLibrary() */
27
28 #import <stdlib.h>
29 #import <stdio.h>
30 #import <string.h>
31 #import <unistd.h>
32 #import <malloc/malloc.h>
33 #import <fcntl.h>
34 #import <crt_externs.h>
35 #import <errno.h>
36 #import <pthread_internals.h>
37 #import <limits.h>
38 #import <dlfcn.h>
39 #import <mach/mach_vm.h>
40 #import <mach/mach_init.h>
41 #import <sys/mman.h>
42
43 #import "scalable_malloc.h"
44 #import "stack_logging.h"
45 #import "malloc_printf.h"
46 #import "_simple.h"
47 #import "CrashReporterClient.h"
48
49 /*
50 * MALLOC_ABSOLUTE_MAX_SIZE - There are many instances of addition to a
51 * user-specified size_t, which can cause overflow (and subsequent crashes)
52 * for values near SIZE_T_MAX. Rather than add extra "if" checks everywhere
53 * this occurs, it is easier to just set an absolute maximum request size,
54 * and immediately return an error if the requested size exceeds this maximum.
55 * Of course, values less than this absolute max can fail later if the value
56 * is still too large for the available memory. The largest value added
57 * seems to be PAGE_SIZE (in the macro round_page()), so to be safe, we set
58 * the maximum to be 2 * PAGE_SIZE less than SIZE_T_MAX.
59 */
60 #define MALLOC_ABSOLUTE_MAX_SIZE (SIZE_T_MAX - (2 * PAGE_SIZE))
61
62 #define USE_SLEEP_RATHER_THAN_ABORT 0
63
64 typedef void (malloc_logger_t)(uint32_t type, uintptr_t arg1, uintptr_t arg2, uintptr_t arg3, uintptr_t result, uint32_t num_hot_frames_to_skip);
65
66 __private_extern__ pthread_lock_t _malloc_lock = 0; // initialized in __libc_init
67
68 /* The following variables are exported for the benefit of performance tools
69 *
70 * It should always be safe to first read malloc_num_zones, then read
71 * malloc_zones without taking the lock, if only iteration is required and
72 * provided that when malloc_destroy_zone is called all prior operations on that
73 * zone are complete and no further calls referencing that zone can be made.
74 */
75 unsigned malloc_num_zones = 0;
76 unsigned malloc_num_zones_allocated = 0;
77 malloc_zone_t **malloc_zones = 0;
78 malloc_logger_t *malloc_logger = NULL;
79
80 unsigned malloc_debug_flags = 0;
81
82 unsigned malloc_check_start = 0; // 0 means don't check
83 unsigned malloc_check_counter = 0;
84 unsigned malloc_check_each = 1000;
85
86 /* global flag to suppress ASL logging e.g. for syslogd */
87 int _malloc_no_asl_log = 0;
88
89 static int malloc_check_sleep = 100; // default 100 second sleep
90 static int malloc_check_abort = 0; // default is to sleep, not abort
91
92 static int malloc_debug_file = STDERR_FILENO;
93 /*
94 * State indicated by malloc_def_zone_state
95 * 0 - the default zone has not yet been created
96 * 1 - a Malloc* environment variable has been set
97 * 2 - the default zone has been created and an environment variable scan done
98 * 3 - a new default zone has been created and another environment variable scan
99 */
100 __private_extern__ int malloc_def_zone_state = 0;
101 __private_extern__ malloc_zone_t *__zone0 = NULL;
102
103 static const char Malloc_Facility[] = "com.apple.Libsystem.malloc";
104
105 #define MALLOC_LOCK() LOCK(_malloc_lock)
106 #define MALLOC_UNLOCK() UNLOCK(_malloc_lock)
107
108 /*
109 * Counters that coordinate zone destruction (in malloc_zone_unregister) with
110 * find_registered_zone (here abbreviated as FRZ).
111 */
112 static int counterAlice = 0, counterBob = 0;
113 static int *pFRZCounterLive= &counterAlice, *pFRZCounterDrain = &counterBob;
114
115 #define MALLOC_LOG_TYPE_ALLOCATE stack_logging_type_alloc
116 #define MALLOC_LOG_TYPE_DEALLOCATE stack_logging_type_dealloc
117 #define MALLOC_LOG_TYPE_HAS_ZONE stack_logging_flag_zone
118 #define MALLOC_LOG_TYPE_CLEARED stack_logging_flag_cleared
119
120 /********* Utilities ************/
121 __private_extern__ uint64_t malloc_entropy[2] = {0, 0};
122
123 void __malloc_entropy_setup(const char *apple[]) __attribute__ ((visibility ("hidden")));
124
125 static int
126 __entropy_from_kernel(const char *str)
127 {
128 unsigned long long val;
129 char tmp[20], *p;
130 int idx = 0;
131
132 /* Skip over key to the first value */
133 str = strchr(str, '=');
134 if (str == NULL)
135 return 0;
136 str++;
137
138 while (str && idx < sizeof(malloc_entropy)/sizeof(malloc_entropy[0])) {
139 strlcpy(tmp, str, 20);
140 p = strchr(tmp, ',');
141 if (p) *p = '\0';
142 val = strtoull(tmp, NULL, 0);
143 malloc_entropy[idx] = (uint64_t)val;
144 idx++;
145 if ((str = strchr(str, ',')) != NULL)
146 str++;
147 }
148 return idx;
149 }
150
151 void
152 __malloc_entropy_setup(const char *apple[])
153 {
154 const char **p;
155 for (p = apple; p && *p; p++) {
156 if (strstr(*p, "malloc_entropy") == *p) {
157 if (sizeof(malloc_entropy)/sizeof(malloc_entropy[0]) == __entropy_from_kernel(*p))
158 return;
159 else
160 break;
161 }
162 }
163
164 malloc_entropy[0] = ((uint64_t)arc4random()) << 32 | ((uint64_t)arc4random());
165 malloc_entropy[1] = ((uint64_t)arc4random()) << 32 | ((uint64_t)arc4random());
166 return;
167 }
168
169 static inline malloc_zone_t * find_registered_zone(const void *, size_t *) __attribute__((always_inline));
170 static inline malloc_zone_t *
171 find_registered_zone(const void *ptr, size_t *returned_size) {
172 // Returns a zone which contains ptr, else NULL
173
174 if (0 == malloc_num_zones) {
175 if (returned_size) *returned_size = 0;
176 return NULL;
177 }
178
179 // The default zone is registered in malloc_zones[0]. There's no danger that it will ever be unregistered.
180 // So don't advance the FRZ counter yet.
181 malloc_zone_t *zone = malloc_zones[0];
182 size_t size = zone->size(zone, ptr);
183 if (size) { // Claimed by this zone?
184 if (returned_size) *returned_size = size;
185 return zone;
186 }
187
188 int *pFRZCounter = pFRZCounterLive; // Capture pointer to the counter of the moment
189 __sync_fetch_and_add(pFRZCounter, 1); // Advance this counter -- our thread is in FRZ
190
191 unsigned index;
192 unsigned limit = malloc_num_zones;
193 malloc_zone_t **zones = &malloc_zones[1];
194
195 for (index = 1; index < limit; ++index, ++zones) {
196 zone = *zones;
197 size = zone->size(zone, ptr);
198 if (size) { // Claimed by this zone?
199 if (returned_size) *returned_size = size;
200 __sync_fetch_and_sub(pFRZCounter, 1); // our thread is leaving FRZ
201 return zone;
202 }
203 }
204 // Unclaimed by any zone.
205 if (returned_size) *returned_size = 0;
206 __sync_fetch_and_sub(pFRZCounter, 1); // our thread is leaving FRZ
207 return NULL;
208 }
209
210 __private_extern__ __attribute__((noinline)) void
211 malloc_error_break(void) {
212 // Provides a non-inlined place for various malloc error procedures to call
213 // that will be called after an error message appears. It does not make
214 // sense for developers to call this function, so it is marked
215 // __private_extern__ to prevent it from becoming API.
216 MAGMALLOC_MALLOCERRORBREAK(); // DTrace USDT probe
217 }
218
219 __private_extern__ boolean_t __stack_logging_locked();
220
221 __private_extern__ __attribute__((noinline)) int
222 malloc_gdb_po_unsafe(void) {
223 // In order to implement "po" other data formatters in gdb, the debugger
224 // calls functions that call malloc. The debugger will only run one thread
225 // of the program in this case, so if another thread is holding a zone lock,
226 // gdb may deadlock in this case.
227 //
228 // Iterate over the zones in malloc_zones, and call "trylock" on the zone
229 // lock. If trylock succeeds, unlock it, otherwise return "locked". Returns
230 // 0 == safe, 1 == locked/unsafe.
231
232 if (__stack_logging_locked())
233 return 1;
234
235 malloc_zone_t **zones = malloc_zones;
236 unsigned i, e = malloc_num_zones;
237
238 for (i = 0; i != e; ++i) {
239 malloc_zone_t *zone = zones[i];
240
241 // Version must be >= 5 to look at the new introspection field.
242 if (zone->version < 5)
243 continue;
244
245 if (zone->introspect->zone_locked && zone->introspect->zone_locked(zone))
246 return 1;
247 }
248 return 0;
249 }
250
251 /********* Creation and destruction ************/
252
253 static void set_flags_from_environment(void);
254
255 static void
256 malloc_zone_register_while_locked(malloc_zone_t *zone) {
257 size_t protect_size;
258 unsigned i;
259
260 /* scan the list of zones, to see if this zone is already registered. If
261 * so, print an error message and return. */
262 for (i = 0; i != malloc_num_zones; ++i)
263 if (zone == malloc_zones[i]) {
264 _malloc_printf(ASL_LEVEL_ERR, "Attempted to register zone more than once: %p\n", zone);
265 return;
266 }
267
268 if (malloc_num_zones == malloc_num_zones_allocated) {
269 size_t malloc_zones_size = malloc_num_zones * sizeof(malloc_zone_t *);
270 size_t alloc_size = malloc_zones_size + vm_page_size;
271
272 malloc_zone_t **new_zones = mmap(0, alloc_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, VM_MAKE_TAG(VM_MEMORY_MALLOC), 0);
273
274 /* If there were previously allocated malloc zones, we need to copy them
275 * out of the previous array and into the new zones array */
276 if (malloc_zones)
277 memcpy(new_zones, malloc_zones, malloc_zones_size);
278
279 /* Update the malloc_zones pointer, which we leak if it was previously
280 * allocated, and the number of zones allocated */
281 protect_size = alloc_size;
282 malloc_zones = new_zones;
283 malloc_num_zones_allocated = alloc_size / sizeof(malloc_zone_t *);
284 } else {
285 /* If we don't need to reallocate zones, we need to briefly change the
286 * page protection the malloc zones to allow writes */
287 protect_size = malloc_num_zones_allocated * sizeof(malloc_zone_t *);
288 mprotect(malloc_zones, protect_size, PROT_READ | PROT_WRITE);
289 }
290 malloc_zones[malloc_num_zones++] = zone;
291
292 /* Finally, now that the zone is registered, disallow write access to the
293 * malloc_zones array */
294 mprotect(malloc_zones, protect_size, PROT_READ);
295 //_malloc_printf(ASL_LEVEL_INFO, "Registered malloc_zone %p in malloc_zones %p [%u zones, %u bytes]\n", zone, malloc_zones, malloc_num_zones, protect_size);
296 }
297
298 static void
299 _malloc_initialize(void) {
300 MALLOC_LOCK();
301 if (malloc_def_zone_state < 2) {
302 unsigned n;
303 malloc_zone_t *zone;
304
305 malloc_def_zone_state += 2;
306 set_flags_from_environment(); // will only set flags up to two times
307 n = malloc_num_zones;
308 zone = create_scalable_zone(0, malloc_debug_flags);
309 malloc_zone_register_while_locked(zone);
310 malloc_set_zone_name(zone, "DefaultMallocZone");
311 if (n != 0) { // make the default first, for efficiency
312 unsigned protect_size = malloc_num_zones_allocated * sizeof(malloc_zone_t *);
313 malloc_zone_t *hold = malloc_zones[0];
314
315 if(hold->zone_name && strcmp(hold->zone_name, "DefaultMallocZone") == 0) {
316 malloc_set_zone_name(hold, NULL);
317 }
318
319 mprotect(malloc_zones, protect_size, PROT_READ | PROT_WRITE);
320 malloc_zones[0] = malloc_zones[n];
321 malloc_zones[n] = hold;
322 mprotect(malloc_zones, protect_size, PROT_READ);
323 }
324 // _malloc_printf(ASL_LEVEL_INFO, "%d registered zones\n", malloc_num_zones);
325 // _malloc_printf(ASL_LEVEL_INFO, "malloc_zones is at %p; malloc_num_zones is at %p\n", (unsigned)&malloc_zones, (unsigned)&malloc_num_zones);
326 }
327 MALLOC_UNLOCK();
328 }
329
330 static inline malloc_zone_t *inline_malloc_default_zone(void) __attribute__((always_inline));
331 static inline malloc_zone_t *
332 inline_malloc_default_zone(void) {
333 if (malloc_def_zone_state < 2) _malloc_initialize();
334 // _malloc_printf(ASL_LEVEL_INFO, "In inline_malloc_default_zone with %d %d\n", malloc_num_zones, malloc_has_debug_zone);
335 return malloc_zones[0];
336 }
337
338 malloc_zone_t *
339 malloc_default_zone(void) {
340 return inline_malloc_default_zone();
341 }
342
343 static inline malloc_zone_t *inline_malloc_default_scalable_zone(void) __attribute__((always_inline));
344 static inline malloc_zone_t *
345 inline_malloc_default_scalable_zone(void) {
346 unsigned index;
347
348 if (malloc_def_zone_state < 2) _malloc_initialize();
349 // _malloc_printf(ASL_LEVEL_INFO, "In inline_malloc_default_scalable_zone with %d %d\n", malloc_num_zones, malloc_has_debug_zone);
350
351 MALLOC_LOCK();
352 for (index = 0; index < malloc_num_zones; ++index) {
353 malloc_zone_t *z = malloc_zones[index];
354
355 if(z->zone_name && strcmp(z->zone_name, "DefaultMallocZone") == 0) {
356 MALLOC_UNLOCK();
357 return z;
358 }
359 }
360 MALLOC_UNLOCK();
361
362 malloc_printf("*** malloc_default_scalable_zone() failed to find 'DefaultMallocZone'\n");
363 return NULL; // FIXME: abort() instead?
364 }
365
366 malloc_zone_t *
367 malloc_default_purgeable_zone(void) {
368 static malloc_zone_t *dpz;
369
370 if (!dpz) {
371 //
372 // PR_7288598: Must pass a *scalable* zone (szone) as the helper for create_purgeable_zone().
373 // Take care that the zone so obtained is not subject to interposing.
374 //
375 malloc_zone_t *tmp = create_purgeable_zone(0, inline_malloc_default_scalable_zone(), malloc_debug_flags);
376 malloc_zone_register(tmp);
377 malloc_set_zone_name(tmp, "DefaultPurgeableMallocZone");
378 if (!__sync_bool_compare_and_swap(&dpz, NULL, tmp))
379 malloc_destroy_zone(tmp);
380 }
381 return dpz;
382 }
383
384 // For debugging, allow stack logging to both memory and disk to compare their results.
385 static void
386 stack_logging_log_stack_debug(uint32_t type_flags, uintptr_t zone_ptr, uintptr_t size, uintptr_t ptr_arg, uintptr_t return_val, uint32_t num_hot_to_skip)
387 {
388 __disk_stack_logging_log_stack(type_flags, zone_ptr, size, ptr_arg, return_val, num_hot_to_skip);
389 stack_logging_log_stack(type_flags, zone_ptr, size, ptr_arg, return_val, num_hot_to_skip);
390 }
391
392 static void
393 set_flags_from_environment(void) {
394 const char *flag;
395 int fd;
396 char **env = * _NSGetEnviron();
397 char **p;
398 char *c;
399
400 if (malloc_debug_file != STDERR_FILENO) {
401 close(malloc_debug_file);
402 malloc_debug_file = STDERR_FILENO;
403 }
404 #if __LP64__
405 malloc_debug_flags = SCALABLE_MALLOC_ABORT_ON_CORRUPTION; // Set always on 64-bit processes
406 #else
407 int libSystemVersion = NSVersionOfLinkTimeLibrary("System");
408 if ((-1 != libSystemVersion) && ((libSystemVersion >> 16) < 126))
409 malloc_debug_flags = 0;
410 else
411 malloc_debug_flags = SCALABLE_MALLOC_ABORT_ON_CORRUPTION;
412 #endif
413 stack_logging_enable_logging = 0;
414 stack_logging_dontcompact = 0;
415 malloc_logger = NULL;
416 malloc_check_start = 0;
417 malloc_check_each = 1000;
418 malloc_check_abort = 0;
419 malloc_check_sleep = 100;
420 /*
421 * Given that all environment variables start with "Malloc" we optimize by scanning quickly
422 * first the environment, therefore avoiding repeated calls to getenv().
423 * If we are setu/gid these flags are ignored to prevent a malicious invoker from changing
424 * our behaviour.
425 */
426 for (p = env; (c = *p) != NULL; ++p) {
427 if (!strncmp(c, "Malloc", 6)) {
428 if (issetugid())
429 return;
430 break;
431 }
432 }
433 if (c == NULL)
434 return;
435 flag = getenv("MallocLogFile");
436 if (flag) {
437 fd = open(flag, O_WRONLY|O_APPEND|O_CREAT, 0644);
438 if (fd >= 0) {
439 malloc_debug_file = fd;
440 fcntl(fd, F_SETFD, 0); // clear close-on-exec flag XXX why?
441 } else {
442 malloc_printf("Could not open %s, using stderr\n", flag);
443 }
444 }
445 if (getenv("MallocGuardEdges")) {
446 malloc_debug_flags |= SCALABLE_MALLOC_ADD_GUARD_PAGES;
447 _malloc_printf(ASL_LEVEL_INFO, "protecting edges\n");
448 if (getenv("MallocDoNotProtectPrelude")) {
449 malloc_debug_flags |= SCALABLE_MALLOC_DONT_PROTECT_PRELUDE;
450 _malloc_printf(ASL_LEVEL_INFO, "... but not protecting prelude guard page\n");
451 }
452 if (getenv("MallocDoNotProtectPostlude")) {
453 malloc_debug_flags |= SCALABLE_MALLOC_DONT_PROTECT_POSTLUDE;
454 _malloc_printf(ASL_LEVEL_INFO, "... but not protecting postlude guard page\n");
455 }
456 }
457 flag = getenv("MallocStackLogging");
458 if (!flag) {
459 flag = getenv("MallocStackLoggingNoCompact");
460 stack_logging_dontcompact = 1;
461 }
462 // For debugging, the MallocStackLogging or MallocStackLoggingNoCompact environment variables can be set to
463 // values of "memory", "disk", or "both" to control which stack logging mechanism to use. Those strings appear
464 // in the flag variable, and the strtoul() call below will return 0, so then we can do string comparison on the
465 // value of flag. The default stack logging now is disk stack logging, since memory stack logging is not 64-bit-aware.
466 if (flag) {
467 unsigned long val = strtoul(flag, NULL, 0);
468 if (val == 1) val = 0;
469 if (val == -1) val = 0;
470 if (val) {
471 malloc_logger = (void *)val;
472 _malloc_printf(ASL_LEVEL_INFO, "recording stacks using recorder %p\n", malloc_logger);
473 } else if (strcmp(flag,"memory") == 0) {
474 malloc_logger = (malloc_logger_t *)stack_logging_log_stack;
475 _malloc_printf(ASL_LEVEL_INFO, "recording malloc stacks in memory using standard recorder\n");
476 } else if (strcmp(flag,"both") == 0) {
477 malloc_logger = stack_logging_log_stack_debug;
478 _malloc_printf(ASL_LEVEL_INFO, "recording malloc stacks to both memory and disk for comparison debugging\n");
479 } else { // the default is to log to disk
480 malloc_logger = __disk_stack_logging_log_stack;
481 _malloc_printf(ASL_LEVEL_INFO, "recording malloc stacks to disk using standard recorder\n");
482 }
483 stack_logging_enable_logging = 1;
484 if (stack_logging_dontcompact) {
485 if (malloc_logger == __disk_stack_logging_log_stack) {
486 _malloc_printf(ASL_LEVEL_INFO, "stack logging compaction turned off; size of log files on disk can increase rapidly\n");
487 } else {
488 _malloc_printf(ASL_LEVEL_INFO, "stack logging compaction turned off; VM can increase rapidly\n");
489 }
490 }
491 }
492 if (getenv("MallocScribble")) {
493 malloc_debug_flags |= SCALABLE_MALLOC_DO_SCRIBBLE;
494 _malloc_printf(ASL_LEVEL_INFO, "enabling scribbling to detect mods to free blocks\n");
495 }
496 if (getenv("MallocErrorAbort")) {
497 malloc_debug_flags |= SCALABLE_MALLOC_ABORT_ON_ERROR;
498 _malloc_printf(ASL_LEVEL_INFO, "enabling abort() on bad malloc or free\n");
499 }
500 #if __LP64__
501 /* initialization above forces SCALABLE_MALLOC_ABORT_ON_CORRUPTION of 64-bit processes */
502 #else
503 flag = getenv("MallocCorruptionAbort");
504 if (flag && (flag[0] == '0')) { // Set from an environment variable in 32-bit processes
505 malloc_debug_flags &= ~SCALABLE_MALLOC_ABORT_ON_CORRUPTION;
506 } else if (flag) {
507 malloc_debug_flags |= SCALABLE_MALLOC_ABORT_ON_CORRUPTION;
508 }
509 #endif
510 flag = getenv("MallocCheckHeapStart");
511 if (flag) {
512 malloc_check_start = strtoul(flag, NULL, 0);
513 if (malloc_check_start == 0) malloc_check_start = 1;
514 if (malloc_check_start == -1) malloc_check_start = 1;
515 flag = getenv("MallocCheckHeapEach");
516 if (flag) {
517 malloc_check_each = strtoul(flag, NULL, 0);
518 if (malloc_check_each == 0) malloc_check_each = 1;
519 if (malloc_check_each == -1) malloc_check_each = 1;
520 }
521 _malloc_printf(ASL_LEVEL_INFO, "checks heap after %dth operation and each %d operations\n", malloc_check_start, malloc_check_each);
522 flag = getenv("MallocCheckHeapAbort");
523 if (flag)
524 malloc_check_abort = strtol(flag, NULL, 0);
525 if (malloc_check_abort)
526 _malloc_printf(ASL_LEVEL_INFO, "will abort on heap corruption\n");
527 else {
528 flag = getenv("MallocCheckHeapSleep");
529 if (flag)
530 malloc_check_sleep = strtol(flag, NULL, 0);
531 if (malloc_check_sleep > 0)
532 _malloc_printf(ASL_LEVEL_INFO, "will sleep for %d seconds on heap corruption\n", malloc_check_sleep);
533 else if (malloc_check_sleep < 0)
534 _malloc_printf(ASL_LEVEL_INFO, "will sleep once for %d seconds on heap corruption\n", -malloc_check_sleep);
535 else
536 _malloc_printf(ASL_LEVEL_INFO, "no sleep on heap corruption\n");
537 }
538 }
539 if (getenv("MallocHelp")) {
540 _malloc_printf(ASL_LEVEL_INFO,
541 "environment variables that can be set for debug:\n"
542 "- MallocLogFile <f> to create/append messages to file <f> instead of stderr\n"
543 "- MallocGuardEdges to add 2 guard pages for each large block\n"
544 "- MallocDoNotProtectPrelude to disable protection (when previous flag set)\n"
545 "- MallocDoNotProtectPostlude to disable protection (when previous flag set)\n"
546 "- MallocStackLogging to record all stacks. Tools like leaks can then be applied\n"
547 "- MallocStackLoggingNoCompact to record all stacks. Needed for malloc_history\n"
548 "- MallocStackLoggingDirectory to set location of stack logs, which can grow large; default is /tmp\n"
549 "- MallocScribble to detect writing on free blocks and missing initializers:\n"
550 " 0x55 is written upon free and 0xaa is written on allocation\n"
551 "- MallocCheckHeapStart <n> to start checking the heap after <n> operations\n"
552 "- MallocCheckHeapEach <s> to repeat the checking of the heap after <s> operations\n"
553 "- MallocCheckHeapSleep <t> to sleep <t> seconds on heap corruption\n"
554 "- MallocCheckHeapAbort <b> to abort on heap corruption if <b> is non-zero\n"
555 "- MallocCorruptionAbort to abort on malloc errors, but not on out of memory for 32-bit processes\n"
556 " MallocCorruptionAbort is always set on 64-bit processes\n"
557 "- MallocErrorAbort to abort on any malloc error, including out of memory\n"
558 "- MallocHelp - this help!\n");
559 }
560 }
561
562 malloc_zone_t *
563 malloc_create_zone(vm_size_t start_size, unsigned flags)
564 {
565 malloc_zone_t *zone;
566
567 /* start_size doesn't seemed to actually be used, but we test anyways */
568 if (start_size > MALLOC_ABSOLUTE_MAX_SIZE) {
569 return NULL;
570 }
571 if (malloc_def_zone_state < 2) _malloc_initialize();
572 zone = create_scalable_zone(start_size, flags | malloc_debug_flags);
573 malloc_zone_register(zone);
574 return zone;
575 }
576
577 /*
578 * For use by CheckFix: establish a new default zone whose behavior is, apart from
579 * the use of death-row and per-CPU magazines, that of Leopard.
580 */
581 void
582 malloc_create_legacy_default_zone(void)
583 {
584 malloc_zone_t *zone;
585 int i;
586
587 if (malloc_def_zone_state < 2) _malloc_initialize();
588 zone = create_legacy_scalable_zone(0, malloc_debug_flags);
589
590 MALLOC_LOCK();
591 malloc_zone_register_while_locked(zone);
592
593 //
594 // Establish the legacy scalable zone just created as the default zone.
595 //
596 malloc_zone_t *hold = malloc_zones[0];
597 if(hold->zone_name && strcmp(hold->zone_name, "DefaultMallocZone") == 0) {
598 malloc_set_zone_name(hold, NULL);
599 }
600 malloc_set_zone_name(zone, "DefaultMallocZone");
601
602 unsigned protect_size = malloc_num_zones_allocated * sizeof(malloc_zone_t *);
603 mprotect(malloc_zones, protect_size, PROT_READ | PROT_WRITE);
604
605 // assert(zone == malloc_zones[malloc_num_zones - 1];
606 for (i = malloc_num_zones - 1; i > 0; --i) {
607 malloc_zones[i] = malloc_zones[i - 1];
608 }
609 malloc_zones[0] = zone;
610
611 mprotect(malloc_zones, protect_size, PROT_READ);
612 MALLOC_UNLOCK();
613 }
614
615 void
616 malloc_destroy_zone(malloc_zone_t *zone) {
617 malloc_set_zone_name(zone, NULL); // Deallocate zone name wherever it may reside PR_7701095
618 malloc_zone_unregister(zone);
619 zone->destroy(zone);
620 }
621
622 /* called from the {put,set,unset}env routine */
623 __private_extern__ void
624 __malloc_check_env_name(const char *name)
625 {
626 MALLOC_LOCK();
627 /*
628 *
629 * 2. malloc will no longer take notice of *programmatic* changes to the MALLOC_* environment variables
630 * (i.e. calls to putenv() or setenv() that manipulate these environment variables.)
631 *
632 */
633 #if 0
634 if(malloc_def_zone_state == 2 && strncmp(name, "Malloc", 6) == 0)
635 malloc_def_zone_state = 1;
636 #endif
637 MALLOC_UNLOCK();
638 }
639
640 /********* Block creation and manipulation ************/
641
642 static void
643 internal_check(void) {
644 static vm_address_t *frames = NULL;
645 static unsigned num_frames;
646 if (malloc_zone_check(NULL)) {
647 if (!frames) vm_allocate(mach_task_self(), (void *)&frames, vm_page_size, 1);
648 thread_stack_pcs(frames, vm_page_size/sizeof(vm_address_t) - 1, &num_frames);
649 } else {
650 _SIMPLE_STRING b = _simple_salloc();
651 if (b)
652 _simple_sprintf(b, "*** MallocCheckHeap: FAILED check at %dth operation\n", malloc_check_counter-1);
653 else
654 _malloc_printf(MALLOC_PRINTF_NOLOG, "*** MallocCheckHeap: FAILED check at %dth operation\n", malloc_check_counter-1);
655 malloc_printf("*** MallocCheckHeap: FAILED check at %dth operation\n", malloc_check_counter-1);
656 if (frames) {
657 unsigned index = 1;
658 if (b) {
659 _simple_sappend(b, "Stack for last operation where the malloc check succeeded: ");
660 while (index < num_frames) _simple_sprintf(b, "%p ", frames[index++]);
661 malloc_printf("%s\n(Use 'atos' for a symbolic stack)\n", _simple_string(b));
662 } else {
663 /*
664 * Should only get here if vm_allocate() can't get a single page of
665 * memory, implying _simple_asl_log() would also fail. So we just
666 * print to the file descriptor.
667 */
668 _malloc_printf(MALLOC_PRINTF_NOLOG, "Stack for last operation where the malloc check succeeded: ");
669 while (index < num_frames) _malloc_printf(MALLOC_PRINTF_NOLOG, "%p ", frames[index++]);
670 _malloc_printf(MALLOC_PRINTF_NOLOG, "\n(Use 'atos' for a symbolic stack)\n");
671 }
672 }
673 if (malloc_check_each > 1) {
674 unsigned recomm_each = (malloc_check_each > 10) ? malloc_check_each/10 : 1;
675 unsigned recomm_start = (malloc_check_counter > malloc_check_each+1) ? malloc_check_counter-1-malloc_check_each : 1;
676 malloc_printf("*** Recommend using 'setenv MallocCheckHeapStart %d; setenv MallocCheckHeapEach %d' to narrow down failure\n", recomm_start, recomm_each);
677 }
678 if (malloc_check_abort) {
679 CRSetCrashLogMessage(b ? _simple_string(b) : "*** MallocCheckHeap: FAILED check");
680 abort();
681 } else if (b)
682 _simple_sfree(b);
683 if (malloc_check_sleep > 0) {
684 _malloc_printf(ASL_LEVEL_NOTICE, "*** Sleeping for %d seconds to leave time to attach\n",
685 malloc_check_sleep);
686 sleep(malloc_check_sleep);
687 } else if (malloc_check_sleep < 0) {
688 _malloc_printf(ASL_LEVEL_NOTICE, "*** Sleeping once for %d seconds to leave time to attach\n",
689 -malloc_check_sleep);
690 sleep(-malloc_check_sleep);
691 malloc_check_sleep = 0;
692 }
693 }
694 malloc_check_start += malloc_check_each;
695 }
696
697 void *
698 malloc_zone_malloc(malloc_zone_t *zone, size_t size) {
699 void *ptr;
700 if (malloc_check_start && (malloc_check_counter++ >= malloc_check_start)) {
701 internal_check();
702 }
703 if (size > MALLOC_ABSOLUTE_MAX_SIZE) {
704 return NULL;
705 }
706 ptr = zone->malloc(zone, size);
707 if (malloc_logger)
708 malloc_logger(MALLOC_LOG_TYPE_ALLOCATE | MALLOC_LOG_TYPE_HAS_ZONE, (uintptr_t)zone, (uintptr_t)size, 0, (uintptr_t)ptr, 0);
709 return ptr;
710 }
711
712 void *
713 malloc_zone_calloc(malloc_zone_t *zone, size_t num_items, size_t size) {
714 void *ptr;
715 if (malloc_check_start && (malloc_check_counter++ >= malloc_check_start)) {
716 internal_check();
717 }
718 if (size > MALLOC_ABSOLUTE_MAX_SIZE) {
719 return NULL;
720 }
721 ptr = zone->calloc(zone, num_items, size);
722 if (malloc_logger)
723 malloc_logger(MALLOC_LOG_TYPE_ALLOCATE | MALLOC_LOG_TYPE_HAS_ZONE | MALLOC_LOG_TYPE_CLEARED, (uintptr_t)zone, (uintptr_t)(num_items * size), 0,
724 (uintptr_t)ptr, 0);
725 return ptr;
726 }
727
728 void *
729 malloc_zone_valloc(malloc_zone_t *zone, size_t size) {
730 void *ptr;
731 if (malloc_check_start && (malloc_check_counter++ >= malloc_check_start)) {
732 internal_check();
733 }
734 if (size > MALLOC_ABSOLUTE_MAX_SIZE) {
735 return NULL;
736 }
737 ptr = zone->valloc(zone, size);
738 if (malloc_logger)
739 malloc_logger(MALLOC_LOG_TYPE_ALLOCATE | MALLOC_LOG_TYPE_HAS_ZONE, (uintptr_t)zone, (uintptr_t)size, 0, (uintptr_t)ptr, 0);
740 return ptr;
741 }
742
743 void *
744 malloc_zone_realloc(malloc_zone_t *zone, void *ptr, size_t size) {
745 void *new_ptr;
746 if (malloc_check_start && (malloc_check_counter++ >= malloc_check_start)) {
747 internal_check();
748 }
749 if (size > MALLOC_ABSOLUTE_MAX_SIZE) {
750 return NULL;
751 }
752 new_ptr = zone->realloc(zone, ptr, size);
753 if (malloc_logger)
754 malloc_logger(MALLOC_LOG_TYPE_ALLOCATE | MALLOC_LOG_TYPE_DEALLOCATE | MALLOC_LOG_TYPE_HAS_ZONE, (uintptr_t)zone, (uintptr_t)ptr, (uintptr_t)size,
755 (uintptr_t)new_ptr, 0);
756 return new_ptr;
757 }
758
759 void
760 malloc_zone_free(malloc_zone_t *zone, void *ptr) {
761 if (malloc_logger)
762 malloc_logger(MALLOC_LOG_TYPE_DEALLOCATE | MALLOC_LOG_TYPE_HAS_ZONE, (uintptr_t)zone, (uintptr_t)ptr, 0, 0, 0);
763 if (malloc_check_start && (malloc_check_counter++ >= malloc_check_start)) {
764 internal_check();
765 }
766 zone->free(zone, ptr);
767 }
768
769 static void
770 malloc_zone_free_definite_size(malloc_zone_t *zone, void *ptr, size_t size) {
771 if (malloc_logger)
772 malloc_logger(MALLOC_LOG_TYPE_DEALLOCATE | MALLOC_LOG_TYPE_HAS_ZONE, (uintptr_t)zone, (uintptr_t)ptr, 0, 0, 0);
773 if (malloc_check_start && (malloc_check_counter++ >= malloc_check_start)) {
774 internal_check();
775 }
776 zone->free_definite_size(zone, ptr, size);
777 }
778
779 malloc_zone_t *
780 malloc_zone_from_ptr(const void *ptr) {
781 if (!ptr)
782 return NULL;
783 else
784 return find_registered_zone(ptr, NULL);
785 }
786
787 void *
788 malloc_zone_memalign(malloc_zone_t *zone, size_t alignment, size_t size) {
789 void *ptr;
790 if (zone->version < 5) // Version must be >= 5 to look at the new memalign field.
791 return NULL;
792 if (!(zone->memalign))
793 return NULL;
794 if (malloc_check_start && (malloc_check_counter++ >= malloc_check_start)) {
795 internal_check();
796 }
797 if (size > MALLOC_ABSOLUTE_MAX_SIZE) {
798 return NULL;
799 }
800 if (alignment < sizeof( void *) || // excludes 0 == alignment
801 0 != (alignment & (alignment - 1))) { // relies on sizeof(void *) being a power of two.
802 return NULL;
803 }
804 ptr = zone->memalign(zone, alignment, size);
805 if (malloc_logger)
806 malloc_logger(MALLOC_LOG_TYPE_ALLOCATE | MALLOC_LOG_TYPE_HAS_ZONE, (uintptr_t)zone, (uintptr_t)size, 0, (uintptr_t)ptr, 0);
807 return ptr;
808 }
809
810 /********* Functions for zone implementors ************/
811
812 void
813 malloc_zone_register(malloc_zone_t *zone) {
814 MALLOC_LOCK();
815 malloc_zone_register_while_locked(zone);
816 MALLOC_UNLOCK();
817 }
818
819 void
820 malloc_zone_unregister(malloc_zone_t *z) {
821 unsigned index;
822
823 if (malloc_num_zones == 0)
824 return;
825
826 MALLOC_LOCK();
827 for (index = 0; index < malloc_num_zones; ++index) {
828 if (z != malloc_zones[index])
829 continue;
830
831 // Modify the page to be allow write access, so that we can update the
832 // malloc_zones array.
833 size_t protect_size = malloc_num_zones_allocated * sizeof(malloc_zone_t *);
834 mprotect(malloc_zones, protect_size, PROT_READ | PROT_WRITE);
835
836 // If we found a match, replace it with the entry at the end of the list, shrink the list,
837 // and leave the end of the list intact to avoid racing with find_registered_zone().
838
839 malloc_zones[index] = malloc_zones[malloc_num_zones - 1];
840 --malloc_num_zones;
841
842 mprotect(malloc_zones, protect_size, PROT_READ);
843
844 // Exchange the roles of the FRZ counters. The counter that has captured the number of threads presently
845 // executing *inside* find_regiatered_zone is swapped with the counter drained to zero last time through.
846 // The former is then allowed to drain to zero while this thread yields.
847 int *p = pFRZCounterLive;
848 pFRZCounterLive = pFRZCounterDrain;
849 pFRZCounterDrain = p;
850 __sync_synchronize(); // Full memory barrier
851
852 while (0 != *pFRZCounterDrain) { pthread_yield_np(); }
853
854 MALLOC_UNLOCK();
855
856 return;
857 }
858 MALLOC_UNLOCK();
859 malloc_printf("*** malloc_zone_unregister() failed for %p\n", z);
860 }
861
862 void
863 malloc_set_zone_name(malloc_zone_t *z, const char *name) {
864 char *newName;
865
866 mprotect(z, sizeof(malloc_zone_t), PROT_READ | PROT_WRITE);
867 if (z->zone_name) {
868 free((char *)z->zone_name);
869 z->zone_name = NULL;
870 }
871 if (name) {
872 size_t buflen = strlen(name) + 1;
873 newName = malloc_zone_malloc(z, buflen);
874 if (newName) {
875 strlcpy(newName, name, buflen);
876 z->zone_name = (const char *)newName;
877 } else {
878 z->zone_name = NULL;
879 }
880 }
881 mprotect(z, sizeof(malloc_zone_t), PROT_READ);
882 }
883
884 const char *
885 malloc_get_zone_name(malloc_zone_t *zone) {
886 return zone->zone_name;
887 }
888
889 /*
890 * XXX malloc_printf now uses _simple_*printf. It only deals with a
891 * subset of printf format specifiers, but it doesn't call malloc.
892 */
893
894 __private_extern__ void
895 _malloc_vprintf(int flags, const char *format, va_list ap)
896 {
897 _SIMPLE_STRING b;
898
899 if (_malloc_no_asl_log || (flags & MALLOC_PRINTF_NOLOG) || (b = _simple_salloc()) == NULL) {
900 if (!(flags & MALLOC_PRINTF_NOPREFIX)) {
901 if (__is_threaded) {
902 /* XXX somewhat rude 'knowing' that pthread_t is a pointer */
903 _simple_dprintf(malloc_debug_file, "%s(%d,%p) malloc: ", getprogname(), getpid(), (void *)pthread_self());
904 } else {
905 _simple_dprintf(malloc_debug_file, "%s(%d) malloc: ", getprogname(), getpid());
906 }
907 }
908 _simple_vdprintf(malloc_debug_file, format, ap);
909 return;
910 }
911 if (!(flags & MALLOC_PRINTF_NOPREFIX)) {
912 if (__is_threaded) {
913 /* XXX somewhat rude 'knowing' that pthread_t is a pointer */
914 _simple_sprintf(b, "%s(%d,%p) malloc: ", getprogname(), getpid(), (void *)pthread_self());
915 } else {
916 _simple_sprintf(b, "%s(%d) malloc: ", getprogname(), getpid());
917 }
918 }
919 _simple_vsprintf(b, format, ap);
920 _simple_put(b, malloc_debug_file);
921 _simple_asl_log(flags & MALLOC_PRINTF_LEVEL_MASK, Malloc_Facility, _simple_string(b));
922 _simple_sfree(b);
923 }
924
925 __private_extern__ void
926 _malloc_printf(int flags, const char *format, ...)
927 {
928 va_list ap;
929
930 va_start(ap, format);
931 _malloc_vprintf(flags, format, ap);
932 va_end(ap);
933 }
934
935 void
936 malloc_printf(const char *format, ...)
937 {
938 va_list ap;
939
940 va_start(ap, format);
941 _malloc_vprintf(ASL_LEVEL_ERR, format, ap);
942 va_end(ap);
943 }
944
945 /********* Generic ANSI callouts ************/
946
947 void *
948 malloc(size_t size) {
949 void *retval;
950 retval = malloc_zone_malloc(inline_malloc_default_zone(), size);
951 if (retval == NULL) {
952 errno = ENOMEM;
953 }
954 return retval;
955 }
956
957 void *
958 calloc(size_t num_items, size_t size) {
959 void *retval;
960 retval = malloc_zone_calloc(inline_malloc_default_zone(), num_items, size);
961 if (retval == NULL) {
962 errno = ENOMEM;
963 }
964 return retval;
965 }
966
967 void
968 free(void *ptr) {
969 malloc_zone_t *zone;
970 size_t size;
971 if (!ptr)
972 return;
973 zone = find_registered_zone(ptr, &size);
974 if (!zone) {
975 malloc_printf("*** error for object %p: pointer being freed was not allocated\n"
976 "*** set a breakpoint in malloc_error_break to debug\n", ptr);
977 malloc_error_break();
978 if ((malloc_debug_flags & (SCALABLE_MALLOC_ABORT_ON_CORRUPTION|SCALABLE_MALLOC_ABORT_ON_ERROR))) {
979 _SIMPLE_STRING b = _simple_salloc();
980 if (b) {
981 _simple_sprintf(b, "*** error for object %p: pointer being freed was not allocated\n", ptr);
982 CRSetCrashLogMessage(_simple_string(b));
983 } else {
984 CRSetCrashLogMessage("*** error: pointer being freed was not allocated\n");
985 }
986 abort();
987 }
988 } else if (zone->version >= 6 && zone->free_definite_size)
989 malloc_zone_free_definite_size(zone, ptr, size);
990 else
991 malloc_zone_free(zone, ptr);
992 }
993
994 void *
995 realloc(void *in_ptr, size_t new_size) {
996 void *retval = NULL;
997 void *old_ptr;
998 malloc_zone_t *zone;
999 size_t old_size = 0;
1000
1001 // SUSv3: "If size is 0 and ptr is not a null pointer, the object
1002 // pointed to is freed. If the space cannot be allocated, the object
1003 // shall remain unchanged." Also "If size is 0, either a null pointer
1004 // or a unique pointer that can be successfully passed to free() shall
1005 // be returned." We choose to allocate a minimum size object by calling
1006 // malloc_zone_malloc with zero size, which matches "If ptr is a null
1007 // pointer, realloc() shall be equivalent to malloc() for the specified
1008 // size." So we only free the original memory if the allocation succeeds.
1009 old_ptr = (new_size == 0) ? NULL : in_ptr;
1010 if (!old_ptr) {
1011 retval = malloc_zone_malloc(inline_malloc_default_zone(), new_size);
1012 } else {
1013 zone = find_registered_zone(old_ptr, &old_size);
1014 if (!zone) {
1015 malloc_printf("*** error for object %p: pointer being realloc'd was not allocated\n"
1016 "*** set a breakpoint in malloc_error_break to debug\n", old_ptr);
1017 malloc_error_break();
1018 if ((malloc_debug_flags & (SCALABLE_MALLOC_ABORT_ON_CORRUPTION|SCALABLE_MALLOC_ABORT_ON_ERROR))) {
1019 _SIMPLE_STRING b = _simple_salloc();
1020 if (b) {
1021 _simple_sprintf(b, "*** error for object %p: pointer being realloc'd was not allocated\n", old_ptr);
1022 CRSetCrashLogMessage(_simple_string(b));
1023 } else {
1024 CRSetCrashLogMessage("*** error: pointer being realloc'd was not allocated\n");
1025 }
1026 abort();
1027 }
1028 } else {
1029 retval = malloc_zone_realloc(zone, old_ptr, new_size);
1030 }
1031 }
1032 if (retval == NULL) {
1033 errno = ENOMEM;
1034 } else if (new_size == 0) {
1035 free(in_ptr);
1036 }
1037 return retval;
1038 }
1039
1040 void *
1041 valloc(size_t size) {
1042 void *retval;
1043 malloc_zone_t *zone = inline_malloc_default_zone();
1044 retval = malloc_zone_valloc(zone, size);
1045 if (retval == NULL) {
1046 errno = ENOMEM;
1047 }
1048 return retval;
1049 }
1050
1051 extern void
1052 vfree(void *ptr) {
1053 free(ptr);
1054 }
1055
1056 size_t
1057 malloc_size(const void *ptr) {
1058 size_t size = 0;
1059
1060 if (!ptr)
1061 return size;
1062
1063 (void)find_registered_zone(ptr, &size);
1064 return size;
1065 }
1066
1067 size_t
1068 malloc_good_size (size_t size) {
1069 malloc_zone_t *zone = inline_malloc_default_zone();
1070 return zone->introspect->good_size(zone, size);
1071 }
1072
1073 /*
1074 * The posix_memalign() function shall allocate size bytes aligned on a boundary specified by alignment,
1075 * and shall return a pointer to the allocated memory in memptr.
1076 * The value of alignment shall be a multiple of sizeof( void *), that is also a power of two.
1077 * Upon successful completion, the value pointed to by memptr shall be a multiple of alignment.
1078 *
1079 * Upon successful completion, posix_memalign() shall return zero; otherwise,
1080 * an error number shall be returned to indicate the error.
1081 *
1082 * The posix_memalign() function shall fail if:
1083 * EINVAL
1084 * The value of the alignment parameter is not a power of two multiple of sizeof( void *).
1085 * ENOMEM
1086 * There is insufficient memory available with the requested alignment.
1087 */
1088
1089 int
1090 posix_memalign(void **memptr, size_t alignment, size_t size)
1091 {
1092 void *retval;
1093
1094 /* POSIX is silent on NULL == memptr !?! */
1095
1096 retval = malloc_zone_memalign(inline_malloc_default_zone(), alignment, size);
1097 if (retval == NULL) {
1098 // To avoid testing the alignment constraints redundantly, we'll rely on the
1099 // test made in malloc_zone_memalign to vet each request. Only if that test fails
1100 // and returns NULL, do we arrive here to detect the bogus alignment and give the
1101 // required EINVAL return.
1102 if (alignment < sizeof( void *) || // excludes 0 == alignment
1103 0 != (alignment & (alignment - 1))) { // relies on sizeof(void *) being a power of two.
1104 return EINVAL;
1105 }
1106 return ENOMEM;
1107 } else {
1108 *memptr = retval; // Set iff allocation succeeded
1109 return 0;
1110 }
1111 }
1112
1113 static malloc_zone_t *
1114 find_registered_purgeable_zone(void *ptr) {
1115 if (!ptr)
1116 return NULL;
1117
1118 /*
1119 * Look for a zone which contains ptr. If that zone does not have the purgeable malloc flag
1120 * set, or the allocation is too small, do nothing. Otherwise, set the allocation volatile.
1121 * FIXME: for performance reasons, we should probably keep a separate list of purgeable zones
1122 * and only search those.
1123 */
1124 size_t size = 0;
1125 malloc_zone_t *zone = find_registered_zone(ptr, &size);
1126
1127 /* FIXME: would really like a zone->introspect->flags->purgeable check, but haven't determined
1128 * binary compatibility impact of changing the introspect struct yet. */
1129 if (!zone)
1130 return NULL;
1131
1132 /* Check to make sure pointer is page aligned and size is multiple of page size */
1133 if ((size < vm_page_size) || ((size % vm_page_size) != 0))
1134 return NULL;
1135
1136 return zone;
1137 }
1138
1139 void
1140 malloc_make_purgeable(void *ptr) {
1141 malloc_zone_t *zone = find_registered_purgeable_zone(ptr);
1142 if (!zone)
1143 return;
1144
1145 int state = VM_PURGABLE_VOLATILE;
1146 vm_purgable_control(mach_task_self(), (vm_address_t)ptr, VM_PURGABLE_SET_STATE, &state);
1147 return;
1148 }
1149
1150 /* Returns true if ptr is valid. Ignore the return value from vm_purgeable_control and only report
1151 * state. */
1152 int
1153 malloc_make_nonpurgeable(void *ptr) {
1154 malloc_zone_t *zone = find_registered_purgeable_zone(ptr);
1155 if (!zone)
1156 return 0;
1157
1158 int state = VM_PURGABLE_NONVOLATILE;
1159 vm_purgable_control(mach_task_self(), (vm_address_t)ptr, VM_PURGABLE_SET_STATE, &state);
1160
1161 if (state == VM_PURGABLE_EMPTY)
1162 return EFAULT;
1163
1164 return 0;
1165 }
1166
1167 size_t malloc_zone_pressure_relief(malloc_zone_t *zone, size_t goal)
1168 {
1169 if (!zone) {
1170 unsigned index = 0;
1171 size_t total = 0;
1172
1173 // Take lock to defend against malloc_destroy_zone()
1174 MALLOC_LOCK();
1175 while (index < malloc_num_zones) {
1176 zone = malloc_zones[index++];
1177 if (zone->version < 8)
1178 continue;
1179 if (NULL == zone->pressure_relief)
1180 continue;
1181 if (0 == goal) /* Greedy */
1182 total += zone->pressure_relief(zone, 0);
1183 else if (goal > total)
1184 total += zone->pressure_relief(zone, goal - total);
1185 else /* total >= goal */
1186 break;
1187 }
1188 MALLOC_UNLOCK();
1189 return total;
1190 } else {
1191 // Assumes zone is not destroyed for the duration of this call
1192 if (zone->version < 8)
1193 return 0;
1194 if (NULL == zone->pressure_relief)
1195 return 0;
1196 return zone->pressure_relief(zone, goal);
1197 }
1198 }
1199
1200 /********* Batch methods ************/
1201
1202 unsigned
1203 malloc_zone_batch_malloc(malloc_zone_t *zone, size_t size, void **results, unsigned num_requested) {
1204 unsigned (*batch_malloc)(malloc_zone_t *, size_t, void **, unsigned) = zone-> batch_malloc;
1205 if (! batch_malloc)
1206 return 0;
1207 if (malloc_check_start && (malloc_check_counter++ >= malloc_check_start)) {
1208 internal_check();
1209 }
1210 unsigned batched = batch_malloc(zone, size, results, num_requested);
1211 if (malloc_logger) {
1212 unsigned index = 0;
1213 while (index < batched) {
1214 malloc_logger(MALLOC_LOG_TYPE_ALLOCATE | MALLOC_LOG_TYPE_HAS_ZONE, (uintptr_t)zone, (uintptr_t)size, 0, (uintptr_t)results[index], 0);
1215 index++;
1216 }
1217 }
1218 return batched;
1219 }
1220
1221 void
1222 malloc_zone_batch_free(malloc_zone_t *zone, void **to_be_freed, unsigned num) {
1223 if (malloc_check_start && (malloc_check_counter++ >= malloc_check_start)) {
1224 internal_check();
1225 }
1226 if (malloc_logger) {
1227 unsigned index = 0;
1228 while (index < num) {
1229 malloc_logger(MALLOC_LOG_TYPE_DEALLOCATE | MALLOC_LOG_TYPE_HAS_ZONE, (uintptr_t)zone, (uintptr_t)to_be_freed[index], 0, 0, 0);
1230 index++;
1231 }
1232 }
1233 void (*batch_free)(malloc_zone_t *, void **, unsigned) = zone-> batch_free;
1234 if (batch_free) {
1235 batch_free(zone, to_be_freed, num);
1236 } else {
1237 void (*free_fun)(malloc_zone_t *, void *) = zone->free;
1238 while (num--) {
1239 void *ptr = *to_be_freed++;
1240 free_fun(zone, ptr);
1241 }
1242 }
1243 }
1244
1245 /********* Functions for performance tools ************/
1246
1247 static kern_return_t
1248 _malloc_default_reader(task_t task, vm_address_t address, vm_size_t size, void **ptr) {
1249 *ptr = (void *)address;
1250 return 0;
1251 }
1252
1253 kern_return_t
1254 malloc_get_all_zones(task_t task, memory_reader_t reader, vm_address_t **addresses, unsigned *count) {
1255 // Note that the 2 following addresses are not correct if the address of the target is different from your own. This notably occurs if the address of System.framework is slid (e.g. different than at B & I )
1256 vm_address_t remote_malloc_zones = (vm_address_t)&malloc_zones;
1257 vm_address_t remote_malloc_num_zones = (vm_address_t)&malloc_num_zones;
1258 kern_return_t err;
1259 vm_address_t zones_address;
1260 vm_address_t *zones_address_ref;
1261 unsigned num_zones;
1262 unsigned *num_zones_ref;
1263 if (!reader) reader = _malloc_default_reader;
1264 // printf("Read malloc_zones at address %p should be %p\n", &malloc_zones, malloc_zones);
1265 err = reader(task, remote_malloc_zones, sizeof(void *), (void **)&zones_address_ref);
1266 // printf("Read malloc_zones[%p]=%p\n", remote_malloc_zones, *zones_address_ref);
1267 if (err) {
1268 malloc_printf("*** malloc_get_all_zones: error reading zones_address at %p\n", (unsigned)remote_malloc_zones);
1269 return err;
1270 }
1271 zones_address = *zones_address_ref;
1272 // printf("Reading num_zones at address %p\n", remote_malloc_num_zones);
1273 err = reader(task, remote_malloc_num_zones, sizeof(unsigned), (void **)&num_zones_ref);
1274 if (err) {
1275 malloc_printf("*** malloc_get_all_zones: error reading num_zones at %p\n", (unsigned)remote_malloc_num_zones);
1276 return err;
1277 }
1278 num_zones = *num_zones_ref;
1279 // printf("Read malloc_num_zones[%p]=%d\n", remote_malloc_num_zones, num_zones);
1280 *count = num_zones;
1281 // printf("malloc_get_all_zones succesfully found %d zones\n", num_zones);
1282 err = reader(task, zones_address, sizeof(malloc_zone_t *) * num_zones, (void **)addresses);
1283 if (err) {
1284 malloc_printf("*** malloc_get_all_zones: error reading zones at %p\n", &zones_address);
1285 return err;
1286 }
1287 // printf("malloc_get_all_zones succesfully read %d zones\n", num_zones);
1288 return err;
1289 }
1290
1291 /********* Debug helpers ************/
1292
1293 void
1294 malloc_zone_print_ptr_info(void *ptr) {
1295 malloc_zone_t *zone;
1296 if (!ptr) return;
1297 zone = malloc_zone_from_ptr(ptr);
1298 if (zone) {
1299 printf("ptr %p in registered zone %p\n", ptr, zone);
1300 } else {
1301 printf("ptr %p not in heap\n", ptr);
1302 }
1303 }
1304
1305 boolean_t
1306 malloc_zone_check(malloc_zone_t *zone) {
1307 boolean_t ok = 1;
1308 if (!zone) {
1309 unsigned index = 0;
1310 while (index < malloc_num_zones) {
1311 zone = malloc_zones[index++];
1312 if (!zone->introspect->check(zone)) ok = 0;
1313 }
1314 } else {
1315 ok = zone->introspect->check(zone);
1316 }
1317 return ok;
1318 }
1319
1320 void
1321 malloc_zone_print(malloc_zone_t *zone, boolean_t verbose) {
1322 if (!zone) {
1323 unsigned index = 0;
1324 while (index < malloc_num_zones) {
1325 zone = malloc_zones[index++];
1326 zone->introspect->print(zone, verbose);
1327 }
1328 } else {
1329 zone->introspect->print(zone, verbose);
1330 }
1331 }
1332
1333 void
1334 malloc_zone_statistics(malloc_zone_t *zone, malloc_statistics_t *stats) {
1335 if (!zone) {
1336 memset(stats, 0, sizeof(*stats));
1337 unsigned index = 0;
1338 while (index < malloc_num_zones) {
1339 zone = malloc_zones[index++];
1340 malloc_statistics_t this_stats;
1341 zone->introspect->statistics(zone, &this_stats);
1342 stats->blocks_in_use += this_stats.blocks_in_use;
1343 stats->size_in_use += this_stats.size_in_use;
1344 stats->max_size_in_use += this_stats.max_size_in_use;
1345 stats->size_allocated += this_stats.size_allocated;
1346 }
1347 } else {
1348 zone->introspect->statistics(zone, stats);
1349 }
1350 }
1351
1352 void
1353 malloc_zone_log(malloc_zone_t *zone, void *address) {
1354 if (!zone) {
1355 unsigned index = 0;
1356 while (index < malloc_num_zones) {
1357 zone = malloc_zones[index++];
1358 zone->introspect->log(zone, address);
1359 }
1360 } else {
1361 zone->introspect->log(zone, address);
1362 }
1363 }
1364
1365 /********* Misc other entry points ************/
1366
1367 static void
1368 DefaultMallocError(int x) {
1369 #if USE_SLEEP_RATHER_THAN_ABORT
1370 malloc_printf("*** error %d\n", x);
1371 sleep(3600);
1372 #else
1373 _SIMPLE_STRING b = _simple_salloc();
1374 if (b) {
1375 _simple_sprintf(b, "*** error %d", x);
1376 malloc_printf("%s\n", _simple_string(b));
1377 CRSetCrashLogMessage(_simple_string(b));
1378 } else {
1379 _malloc_printf(MALLOC_PRINTF_NOLOG, "*** error %d", x);
1380 CRSetCrashLogMessage("*** DefaultMallocError called");
1381 }
1382 abort();
1383 #endif
1384 }
1385
1386 void (*
1387 malloc_error(void (*func)(int)))(int) {
1388 return DefaultMallocError;
1389 }
1390
1391 /* Stack logging fork-handling prototypes */
1392 extern void __stack_logging_fork_prepare();
1393 extern void __stack_logging_fork_parent();
1394 extern void __stack_logging_fork_child();
1395
1396 void
1397 _malloc_fork_prepare() {
1398 /* Prepare the malloc module for a fork by insuring that no thread is in a malloc critical section */
1399 unsigned index = 0;
1400 MALLOC_LOCK();
1401 while (index < malloc_num_zones) {
1402 malloc_zone_t *zone = malloc_zones[index++];
1403 zone->introspect->force_lock(zone);
1404 }
1405 __stack_logging_fork_prepare();
1406 }
1407
1408 void
1409 _malloc_fork_parent() {
1410 /* Called in the parent process after a fork() to resume normal operation. */
1411 unsigned index = 0;
1412 __stack_logging_fork_parent();
1413 MALLOC_UNLOCK();
1414 while (index < malloc_num_zones) {
1415 malloc_zone_t *zone = malloc_zones[index++];
1416 zone->introspect->force_unlock(zone);
1417 }
1418 }
1419
1420 void
1421 _malloc_fork_child() {
1422 /* Called in the child process after a fork() to resume normal operation. In the MTASK case we also have to change memory inheritance so that the child does not share memory with the parent. */
1423 unsigned index = 0;
1424 __stack_logging_fork_child();
1425 MALLOC_UNLOCK();
1426 while (index < malloc_num_zones) {
1427 malloc_zone_t *zone = malloc_zones[index++];
1428 zone->introspect->force_unlock(zone);
1429 }
1430 }
1431
1432 /*
1433 * A Glibc-like mstats() interface.
1434 *
1435 * Note that this interface really isn't very good, as it doesn't understand
1436 * that we may have multiple allocators running at once. We just massage
1437 * the result from malloc_zone_statistics in any case.
1438 */
1439 struct mstats
1440 mstats(void)
1441 {
1442 malloc_statistics_t s;
1443 struct mstats m;
1444
1445 malloc_zone_statistics(NULL, &s);
1446 m.bytes_total = s.size_allocated;
1447 m.chunks_used = s.blocks_in_use;
1448 m.bytes_used = s.size_in_use;
1449 m.chunks_free = 0;
1450 m.bytes_free = m.bytes_total - m.bytes_used; /* isn't this somewhat obvious? */
1451
1452 return(m);
1453 }
1454
1455 boolean_t
1456 malloc_zone_enable_discharge_checking(malloc_zone_t *zone)
1457 {
1458 if (zone->version < 7) // Version must be >= 7 to look at the new discharge checking fields.
1459 return FALSE;
1460 if (NULL == zone->introspect->enable_discharge_checking)
1461 return FALSE;
1462 return zone->introspect->enable_discharge_checking(zone);
1463 }
1464
1465 void
1466 malloc_zone_disable_discharge_checking(malloc_zone_t *zone)
1467 {
1468 if (zone->version < 7) // Version must be >= 7 to look at the new discharge checking fields.
1469 return;
1470 if (NULL == zone->introspect->disable_discharge_checking)
1471 return;
1472 zone->introspect->disable_discharge_checking(zone);
1473 }
1474
1475 void
1476 malloc_zone_discharge(malloc_zone_t *zone, void *memory)
1477 {
1478 if (NULL == zone)
1479 zone = malloc_zone_from_ptr(memory);
1480 if (NULL == zone)
1481 return;
1482 if (zone->version < 7) // Version must be >= 7 to look at the new discharge checking fields.
1483 return;
1484 if (NULL == zone->introspect->discharge)
1485 return;
1486 zone->introspect->discharge(zone, memory);
1487 }
1488
1489 void
1490 malloc_zone_enumerate_discharged_pointers(malloc_zone_t *zone, void (^report_discharged)(void *memory, void *info))
1491 {
1492 if (!zone) {
1493 unsigned index = 0;
1494 while (index < malloc_num_zones) {
1495 zone = malloc_zones[index++];
1496 if (zone->version < 7)
1497 continue;
1498 if (NULL == zone->introspect->enumerate_discharged_pointers)
1499 continue;
1500 zone->introspect->enumerate_discharged_pointers(zone, report_discharged);
1501 }
1502 } else {
1503 if (zone->version < 7)
1504 return;
1505 if (NULL == zone->introspect->enumerate_discharged_pointers)
1506 return;
1507 zone->introspect->enumerate_discharged_pointers(zone, report_discharged);
1508 }
1509 }
1510
1511 /***************** OBSOLETE ENTRY POINTS ********************/
1512
1513 #if PHASE_OUT_OLD_MALLOC
1514 #error PHASE OUT THE FOLLOWING FUNCTIONS
1515 #else
1516 #warning PHASE OUT THE FOLLOWING FUNCTIONS
1517 #endif
1518
1519 void
1520 set_malloc_singlethreaded(boolean_t single) {
1521 static boolean_t warned = 0;
1522 if (!warned) {
1523 #if PHASE_OUT_OLD_MALLOC
1524 malloc_printf("*** OBSOLETE: set_malloc_singlethreaded(%d)\n", single);
1525 #endif
1526 warned = 1;
1527 }
1528 }
1529
1530 void
1531 malloc_singlethreaded() {
1532 static boolean_t warned = 0;
1533 if (!warned) {
1534 malloc_printf("*** OBSOLETE: malloc_singlethreaded()\n");
1535 warned = 1;
1536 }
1537 }
1538
1539 int
1540 malloc_debug(int level) {
1541 malloc_printf("*** OBSOLETE: malloc_debug()\n");
1542 return 0;
1543 }
mirror of libc