//===-- primary64.h ---------------------------------------------*- C++ -*-===// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// #ifndef SCUDO_PRIMARY64_H_ #define SCUDO_PRIMARY64_H_ #include "bytemap.h" #include "common.h" #include "list.h" #include "local_cache.h" #include "mem_map.h" #include "memtag.h" #include "options.h" #include "release.h" #include "stats.h" #include "string_utils.h" #include "thread_annotations.h" namespace scudo { // SizeClassAllocator64 is an allocator tuned for 64-bit address space. // // It starts by reserving NumClasses * 2^RegionSizeLog bytes, equally divided in // Regions, specific to each size class. Note that the base of that mapping is // random (based to the platform specific map() capabilities). If // PrimaryEnableRandomOffset is set, each Region actually starts at a random // offset from its base. // // Regions are mapped incrementally on demand to fulfill allocation requests, // those mappings being split into equally sized Blocks based on the size class // they belong to. The Blocks created are shuffled to prevent predictable // address patterns (the predictability increases with the size of the Blocks). // // The 1st Region (for size class 0) holds the TransferBatches. This is a // structure used to transfer arrays of available pointers from the class size // freelist to the thread specific freelist, and back. // // The memory used by this allocator is never unmapped, but can be partially // released if the platform allows for it. template class SizeClassAllocator64 { public: typedef typename Config::Primary::CompactPtrT CompactPtrT; typedef typename Config::Primary::SizeClassMap SizeClassMap; static const uptr CompactPtrScale = Config::Primary::CompactPtrScale; static const uptr GroupSizeLog = Config::Primary::GroupSizeLog; static const uptr GroupScale = GroupSizeLog - CompactPtrScale; typedef SizeClassAllocator64 ThisT; typedef SizeClassAllocatorLocalCache CacheT; typedef typename CacheT::TransferBatch TransferBatch; typedef typename CacheT::BatchGroup BatchGroup; static uptr getSizeByClassId(uptr ClassId) { return (ClassId == SizeClassMap::BatchClassId) ? roundUp(sizeof(TransferBatch), 1U << CompactPtrScale) : SizeClassMap::getSizeByClassId(ClassId); } static bool canAllocate(uptr Size) { return Size <= SizeClassMap::MaxSize; } void init(s32 ReleaseToOsInterval) NO_THREAD_SAFETY_ANALYSIS { DCHECK(isAligned(reinterpret_cast(this), alignof(ThisT))); const uptr PageSize = getPageSizeCached(); const uptr GroupSize = (1U << GroupSizeLog); const uptr PagesInGroup = GroupSize / PageSize; const uptr MinSizeClass = getSizeByClassId(1); // When trying to release pages back to memory, visiting smaller size // classes is expensive. Therefore, we only try to release smaller size // classes when the amount of free blocks goes over a certain threshold (See // the comment in releaseToOSMaybe() for more details). For example, for // size class 32, we only do the release when the size of free blocks is // greater than 97% of pages in a group. However, this may introduce another // issue that if the number of free blocks is bouncing between 97% ~ 100%. // Which means we may try many page releases but only release very few of // them (less than 3% in a group). Even though we have // `&ReleaseToOsIntervalMs` which slightly reduce the frequency of these // calls but it will be better to have another guard to mitigate this issue. // // Here we add another constraint on the minimum size requirement. The // constraint is determined by the size of in-use blocks in the minimal size // class. Take size class 32 as an example, // // +- one memory group -+ // +----------------------+------+ // | 97% of free blocks | | // +----------------------+------+ // \ / // 3% in-use blocks // // * The release size threshold is 97%. // // The 3% size in a group is about 7 pages. For two consecutive // releaseToOSMaybe(), we require the difference between `PushedBlocks` // should be greater than 7 pages. This mitigates the page releasing // thrashing which is caused by memory usage bouncing around the threshold. // The smallest size class takes longest time to do the page release so we // use its size of in-use blocks as a heuristic. SmallerBlockReleasePageDelta = PagesInGroup * (1 + MinSizeClass / 16U) / 100; // Reserve the space required for the Primary. CHECK(ReservedMemory.create(/*Addr=*/0U, PrimarySize, "scudo:primary_reserve")); PrimaryBase = ReservedMemory.getBase(); DCHECK_NE(PrimaryBase, 0U); u32 Seed; const u64 Time = getMonotonicTimeFast(); if (!getRandom(reinterpret_cast(&Seed), sizeof(Seed))) Seed = static_cast(Time ^ (PrimaryBase >> 12)); for (uptr I = 0; I < NumClasses; I++) { RegionInfo *Region = getRegionInfo(I); // The actual start of a region is offset by a random number of pages // when PrimaryEnableRandomOffset is set. Region->RegionBeg = (PrimaryBase + (I << Config::Primary::RegionSizeLog)) + (Config::Primary::EnableRandomOffset ? ((getRandomModN(&Seed, 16) + 1) * PageSize) : 0); Region->RandState = getRandomU32(&Seed); // Releasing small blocks is expensive, set a higher threshold to avoid // frequent page releases. if (isSmallBlock(getSizeByClassId(I))) Region->TryReleaseThreshold = PageSize * SmallerBlockReleasePageDelta; else Region->TryReleaseThreshold = PageSize; Region->ReleaseInfo.LastReleaseAtNs = Time; Region->MemMapInfo.MemMap = ReservedMemory.dispatch( PrimaryBase + (I << Config::Primary::RegionSizeLog), RegionSize); CHECK(Region->MemMapInfo.MemMap.isAllocated()); } shuffle(RegionInfoArray, NumClasses, &Seed); setOption(Option::ReleaseInterval, static_cast(ReleaseToOsInterval)); } void unmapTestOnly() NO_THREAD_SAFETY_ANALYSIS { for (uptr I = 0; I < NumClasses; I++) { RegionInfo *Region = getRegionInfo(I); *Region = {}; } if (PrimaryBase) ReservedMemory.release(); PrimaryBase = 0U; } // When all blocks are freed, it has to be the same size as `AllocatedUser`. void verifyAllBlocksAreReleasedTestOnly() { // `BatchGroup` and `TransferBatch` also use the blocks from BatchClass. uptr BatchClassUsedInFreeLists = 0; for (uptr I = 0; I < NumClasses; I++) { // We have to count BatchClassUsedInFreeLists in other regions first. if (I == SizeClassMap::BatchClassId) continue; RegionInfo *Region = getRegionInfo(I); ScopedLock ML(Region->MMLock); ScopedLock FL(Region->FLLock); const uptr BlockSize = getSizeByClassId(I); uptr TotalBlocks = 0; for (BatchGroup &BG : Region->FreeListInfo.BlockList) { // `BG::Batches` are `TransferBatches`. +1 for `BatchGroup`. BatchClassUsedInFreeLists += BG.Batches.size() + 1; for (const auto &It : BG.Batches) TotalBlocks += It.getCount(); } DCHECK_EQ(TotalBlocks, Region->MemMapInfo.AllocatedUser / BlockSize); DCHECK_EQ(Region->FreeListInfo.PushedBlocks, Region->FreeListInfo.PoppedBlocks); } RegionInfo *Region = getRegionInfo(SizeClassMap::BatchClassId); ScopedLock ML(Region->MMLock); ScopedLock FL(Region->FLLock); const uptr BlockSize = getSizeByClassId(SizeClassMap::BatchClassId); uptr TotalBlocks = 0; for (BatchGroup &BG : Region->FreeListInfo.BlockList) { if (LIKELY(!BG.Batches.empty())) { for (const auto &It : BG.Batches) TotalBlocks += It.getCount(); } else { // `BatchGroup` with empty freelist doesn't have `TransferBatch` record // itself. ++TotalBlocks; } } DCHECK_EQ(TotalBlocks + BatchClassUsedInFreeLists, Region->MemMapInfo.AllocatedUser / BlockSize); DCHECK_GE(Region->FreeListInfo.PoppedBlocks, Region->FreeListInfo.PushedBlocks); const uptr BlocksInUse = Region->FreeListInfo.PoppedBlocks - Region->FreeListInfo.PushedBlocks; DCHECK_EQ(BlocksInUse, BatchClassUsedInFreeLists); } TransferBatch *popBatch(CacheT *C, uptr ClassId) { DCHECK_LT(ClassId, NumClasses); RegionInfo *Region = getRegionInfo(ClassId); { ScopedLock L(Region->FLLock); TransferBatch *B = popBatchImpl(C, ClassId, Region); if (LIKELY(B)) return B; } bool PrintStats = false; TransferBatch *B = nullptr; while (true) { // When two threads compete for `Region->MMLock`, we only want one of them // does the populateFreeListAndPopBatch(). To avoid both of them doing // that, always check the freelist before mapping new pages. // // TODO(chiahungduan): Use a condition variable so that we don't need to // hold `Region->MMLock` here. ScopedLock ML(Region->MMLock); { ScopedLock FL(Region->FLLock); B = popBatchImpl(C, ClassId, Region); if (LIKELY(B)) return B; } const bool RegionIsExhausted = Region->Exhausted; if (!RegionIsExhausted) B = populateFreeListAndPopBatch(C, ClassId, Region); PrintStats = !RegionIsExhausted && Region->Exhausted; break; } // Note that `getStats()` requires locking each region so we can't call it // while locking the Region->Mutex in the above. if (UNLIKELY(PrintStats)) { ScopedString Str; getStats(&Str); Str.append( "Scudo OOM: The process has exhausted %zuM for size class %zu.\n", RegionSize >> 20, getSizeByClassId(ClassId)); Str.output(); // Theoretically, BatchClass shouldn't be used up. Abort immediately when // it happens. if (ClassId == SizeClassMap::BatchClassId) reportOutOfBatchClass(); } return B; } // Push the array of free blocks to the designated batch group. void pushBlocks(CacheT *C, uptr ClassId, CompactPtrT *Array, u32 Size) { DCHECK_LT(ClassId, NumClasses); DCHECK_GT(Size, 0); RegionInfo *Region = getRegionInfo(ClassId); if (ClassId == SizeClassMap::BatchClassId) { ScopedLock L(Region->FLLock); pushBatchClassBlocks(Region, Array, Size); return; } // TODO(chiahungduan): Consider not doing grouping if the group size is not // greater than the block size with a certain scale. // Sort the blocks so that blocks belonging to the same group can be pushed // together. bool SameGroup = true; for (u32 I = 1; I < Size; ++I) { if (compactPtrGroup(Array[I - 1]) != compactPtrGroup(Array[I])) SameGroup = false; CompactPtrT Cur = Array[I]; u32 J = I; while (J > 0 && compactPtrGroup(Cur) < compactPtrGroup(Array[J - 1])) { Array[J] = Array[J - 1]; --J; } Array[J] = Cur; } { ScopedLock L(Region->FLLock); pushBlocksImpl(C, ClassId, Region, Array, Size, SameGroup); } } void disable() NO_THREAD_SAFETY_ANALYSIS { // The BatchClassId must be locked last since other classes can use it. for (sptr I = static_cast(NumClasses) - 1; I >= 0; I--) { if (static_cast(I) == SizeClassMap::BatchClassId) continue; getRegionInfo(static_cast(I))->MMLock.lock(); getRegionInfo(static_cast(I))->FLLock.lock(); } getRegionInfo(SizeClassMap::BatchClassId)->MMLock.lock(); getRegionInfo(SizeClassMap::BatchClassId)->FLLock.lock(); } void enable() NO_THREAD_SAFETY_ANALYSIS { getRegionInfo(SizeClassMap::BatchClassId)->FLLock.unlock(); getRegionInfo(SizeClassMap::BatchClassId)->MMLock.unlock(); for (uptr I = 0; I < NumClasses; I++) { if (I == SizeClassMap::BatchClassId) continue; getRegionInfo(I)->FLLock.unlock(); getRegionInfo(I)->MMLock.unlock(); } } template void iterateOverBlocks(F Callback) { for (uptr I = 0; I < NumClasses; I++) { if (I == SizeClassMap::BatchClassId) continue; RegionInfo *Region = getRegionInfo(I); // TODO: The call of `iterateOverBlocks` requires disabling // SizeClassAllocator64. We may consider locking each region on demand // only. Region->FLLock.assertHeld(); Region->MMLock.assertHeld(); const uptr BlockSize = getSizeByClassId(I); const uptr From = Region->RegionBeg; const uptr To = From + Region->MemMapInfo.AllocatedUser; for (uptr Block = From; Block < To; Block += BlockSize) Callback(Block); } } void getStats(ScopedString *Str) { // TODO(kostyak): get the RSS per region. uptr TotalMapped = 0; uptr PoppedBlocks = 0; uptr PushedBlocks = 0; for (uptr I = 0; I < NumClasses; I++) { RegionInfo *Region = getRegionInfo(I); { ScopedLock L(Region->MMLock); TotalMapped += Region->MemMapInfo.MappedUser; } { ScopedLock L(Region->FLLock); PoppedBlocks += Region->FreeListInfo.PoppedBlocks; PushedBlocks += Region->FreeListInfo.PushedBlocks; } } Str->append("Stats: SizeClassAllocator64: %zuM mapped (%uM rss) in %zu " "allocations; remains %zu\n", TotalMapped >> 20, 0U, PoppedBlocks, PoppedBlocks - PushedBlocks); for (uptr I = 0; I < NumClasses; I++) { RegionInfo *Region = getRegionInfo(I); ScopedLock L1(Region->MMLock); ScopedLock L2(Region->FLLock); getStats(Str, I, Region); } } bool setOption(Option O, sptr Value) { if (O == Option::ReleaseInterval) { const s32 Interval = Max(Min(static_cast(Value), Config::Primary::MaxReleaseToOsIntervalMs), Config::Primary::MinReleaseToOsIntervalMs); atomic_store_relaxed(&ReleaseToOsIntervalMs, Interval); return true; } // Not supported by the Primary, but not an error either. return true; } uptr tryReleaseToOS(uptr ClassId, ReleaseToOS ReleaseType) { RegionInfo *Region = getRegionInfo(ClassId); // Note that the tryLock() may fail spuriously, given that it should rarely // happen and page releasing is fine to skip, we don't take certain // approaches to ensure one page release is done. if (Region->MMLock.tryLock()) { uptr BytesReleased = releaseToOSMaybe(Region, ClassId, ReleaseType); Region->MMLock.unlock(); return BytesReleased; } return 0; } uptr releaseToOS(ReleaseToOS ReleaseType) { uptr TotalReleasedBytes = 0; for (uptr I = 0; I < NumClasses; I++) { if (I == SizeClassMap::BatchClassId) continue; RegionInfo *Region = getRegionInfo(I); ScopedLock L(Region->MMLock); TotalReleasedBytes += releaseToOSMaybe(Region, I, ReleaseType); } return TotalReleasedBytes; } const char *getRegionInfoArrayAddress() const { return reinterpret_cast(RegionInfoArray); } static uptr getRegionInfoArraySize() { return sizeof(RegionInfoArray); } uptr getCompactPtrBaseByClassId(uptr ClassId) { return getRegionInfo(ClassId)->RegionBeg; } CompactPtrT compactPtr(uptr ClassId, uptr Ptr) { DCHECK_LE(ClassId, SizeClassMap::LargestClassId); return compactPtrInternal(getCompactPtrBaseByClassId(ClassId), Ptr); } void *decompactPtr(uptr ClassId, CompactPtrT CompactPtr) { DCHECK_LE(ClassId, SizeClassMap::LargestClassId); return reinterpret_cast( decompactPtrInternal(getCompactPtrBaseByClassId(ClassId), CompactPtr)); } static BlockInfo findNearestBlock(const char *RegionInfoData, uptr Ptr) NO_THREAD_SAFETY_ANALYSIS { const RegionInfo *RegionInfoArray = reinterpret_cast(RegionInfoData); uptr ClassId; uptr MinDistance = -1UL; for (uptr I = 0; I != NumClasses; ++I) { if (I == SizeClassMap::BatchClassId) continue; uptr Begin = RegionInfoArray[I].RegionBeg; // TODO(chiahungduan): In fact, We need to lock the RegionInfo::MMLock. // However, the RegionInfoData is passed with const qualifier and lock the // mutex requires modifying RegionInfoData, which means we need to remove // the const qualifier. This may lead to another undefined behavior (The // first one is accessing `AllocatedUser` without locking. It's better to // pass `RegionInfoData` as `void *` then we can lock the mutex properly. uptr End = Begin + RegionInfoArray[I].MemMapInfo.AllocatedUser; if (Begin > End || End - Begin < SizeClassMap::getSizeByClassId(I)) continue; uptr RegionDistance; if (Begin <= Ptr) { if (Ptr < End) RegionDistance = 0; else RegionDistance = Ptr - End; } else { RegionDistance = Begin - Ptr; } if (RegionDistance < MinDistance) { MinDistance = RegionDistance; ClassId = I; } } BlockInfo B = {}; if (MinDistance <= 8192) { B.RegionBegin = RegionInfoArray[ClassId].RegionBeg; B.RegionEnd = B.RegionBegin + RegionInfoArray[ClassId].MemMapInfo.AllocatedUser; B.BlockSize = SizeClassMap::getSizeByClassId(ClassId); B.BlockBegin = B.RegionBegin + uptr(sptr(Ptr - B.RegionBegin) / sptr(B.BlockSize) * sptr(B.BlockSize)); while (B.BlockBegin < B.RegionBegin) B.BlockBegin += B.BlockSize; while (B.RegionEnd < B.BlockBegin + B.BlockSize) B.BlockBegin -= B.BlockSize; } return B; } AtomicOptions Options; private: static const uptr RegionSize = 1UL << Config::Primary::RegionSizeLog; static const uptr NumClasses = SizeClassMap::NumClasses; static const uptr PrimarySize = RegionSize * NumClasses; static const uptr MapSizeIncrement = Config::Primary::MapSizeIncrement; // Fill at most this number of batches from the newly map'd memory. static const u32 MaxNumBatches = SCUDO_ANDROID ? 4U : 8U; struct ReleaseToOsInfo { uptr BytesInFreeListAtLastCheckpoint; uptr RangesReleased; uptr LastReleasedBytes; u64 LastReleaseAtNs; }; struct BlocksInfo { SinglyLinkedList BlockList = {}; uptr PoppedBlocks = 0; uptr PushedBlocks = 0; }; struct PagesInfo { MemMapT MemMap = {}; // Bytes mapped for user memory. uptr MappedUser = 0; // Bytes allocated for user memory. uptr AllocatedUser = 0; }; struct UnpaddedRegionInfo { // Mutex for operations on freelist HybridMutex FLLock; // Mutex for memmap operations HybridMutex MMLock ACQUIRED_BEFORE(FLLock); // `RegionBeg` is initialized before thread creation and won't be changed. uptr RegionBeg = 0; u32 RandState GUARDED_BY(MMLock) = 0; BlocksInfo FreeListInfo GUARDED_BY(FLLock); PagesInfo MemMapInfo GUARDED_BY(MMLock); // The minimum size of pushed blocks to trigger page release. uptr TryReleaseThreshold GUARDED_BY(MMLock) = 0; ReleaseToOsInfo ReleaseInfo GUARDED_BY(MMLock) = {}; bool Exhausted GUARDED_BY(MMLock) = false; }; struct RegionInfo : UnpaddedRegionInfo { char Padding[SCUDO_CACHE_LINE_SIZE - (sizeof(UnpaddedRegionInfo) % SCUDO_CACHE_LINE_SIZE)] = {}; }; static_assert(sizeof(RegionInfo) % SCUDO_CACHE_LINE_SIZE == 0, ""); RegionInfo *getRegionInfo(uptr ClassId) { DCHECK_LT(ClassId, NumClasses); return &RegionInfoArray[ClassId]; } uptr getRegionBaseByClassId(uptr ClassId) { return roundDown(getRegionInfo(ClassId)->RegionBeg - PrimaryBase, RegionSize) + PrimaryBase; } static CompactPtrT compactPtrInternal(uptr Base, uptr Ptr) { return static_cast((Ptr - Base) >> CompactPtrScale); } static uptr decompactPtrInternal(uptr Base, CompactPtrT CompactPtr) { return Base + (static_cast(CompactPtr) << CompactPtrScale); } static uptr compactPtrGroup(CompactPtrT CompactPtr) { const uptr Mask = (static_cast(1) << GroupScale) - 1; return static_cast(CompactPtr) & ~Mask; } static uptr decompactGroupBase(uptr Base, uptr CompactPtrGroupBase) { DCHECK_EQ(CompactPtrGroupBase % (static_cast(1) << (GroupScale)), 0U); return Base + (CompactPtrGroupBase << CompactPtrScale); } ALWAYS_INLINE static bool isSmallBlock(uptr BlockSize) { const uptr PageSize = getPageSizeCached(); return BlockSize < PageSize / 16U; } ALWAYS_INLINE static bool isLargeBlock(uptr BlockSize) { const uptr PageSize = getPageSizeCached(); return BlockSize > PageSize; } void pushBatchClassBlocks(RegionInfo *Region, CompactPtrT *Array, u32 Size) REQUIRES(Region->FLLock) { DCHECK_EQ(Region, getRegionInfo(SizeClassMap::BatchClassId)); // Free blocks are recorded by TransferBatch in freelist for all // size-classes. In addition, TransferBatch is allocated from BatchClassId. // In order not to use additional block to record the free blocks in // BatchClassId, they are self-contained. I.e., A TransferBatch records the // block address of itself. See the figure below: // // TransferBatch at 0xABCD // +----------------------------+ // | Free blocks' addr | // | +------+------+------+ | // | |0xABCD|... |... | | // | +------+------+------+ | // +----------------------------+ // // When we allocate all the free blocks in the TransferBatch, the block used // by TransferBatch is also free for use. We don't need to recycle the // TransferBatch. Note that the correctness is maintained by the invariant, // // The unit of each popBatch() request is entire TransferBatch. Return // part of the blocks in a TransferBatch is invalid. // // This ensures that TransferBatch won't leak the address itself while it's // still holding other valid data. // // Besides, BatchGroup is also allocated from BatchClassId and has its // address recorded in the TransferBatch too. To maintain the correctness, // // The address of BatchGroup is always recorded in the last TransferBatch // in the freelist (also imply that the freelist should only be // updated with push_front). Once the last TransferBatch is popped, // the block used by BatchGroup is also free for use. // // With this approach, the blocks used by BatchGroup and TransferBatch are // reusable and don't need additional space for them. Region->FreeListInfo.PushedBlocks += Size; BatchGroup *BG = Region->FreeListInfo.BlockList.front(); if (BG == nullptr) { // Construct `BatchGroup` on the last element. BG = reinterpret_cast( decompactPtr(SizeClassMap::BatchClassId, Array[Size - 1])); --Size; BG->Batches.clear(); // BatchClass hasn't enabled memory group. Use `0` to indicate there's no // memory group here. BG->CompactPtrGroupBase = 0; // `BG` is also the block of BatchClassId. Note that this is different // from `CreateGroup` in `pushBlocksImpl` BG->PushedBlocks = 1; BG->BytesInBGAtLastCheckpoint = 0; BG->MaxCachedPerBatch = TransferBatch::getMaxCached( getSizeByClassId(SizeClassMap::BatchClassId)); Region->FreeListInfo.BlockList.push_front(BG); } if (UNLIKELY(Size == 0)) return; // This happens under 2 cases. // 1. just allocated a new `BatchGroup`. // 2. Only 1 block is pushed when the freelist is empty. if (BG->Batches.empty()) { // Construct the `TransferBatch` on the last element. TransferBatch *TB = reinterpret_cast( decompactPtr(SizeClassMap::BatchClassId, Array[Size - 1])); TB->clear(); // As mentioned above, addresses of `TransferBatch` and `BatchGroup` are // recorded in the TransferBatch. TB->add(Array[Size - 1]); TB->add( compactPtr(SizeClassMap::BatchClassId, reinterpret_cast(BG))); --Size; DCHECK_EQ(BG->PushedBlocks, 1U); // `TB` is also the block of BatchClassId. BG->PushedBlocks += 1; BG->Batches.push_front(TB); } TransferBatch *CurBatch = BG->Batches.front(); DCHECK_NE(CurBatch, nullptr); for (u32 I = 0; I < Size;) { u16 UnusedSlots = static_cast(BG->MaxCachedPerBatch - CurBatch->getCount()); if (UnusedSlots == 0) { CurBatch = reinterpret_cast( decompactPtr(SizeClassMap::BatchClassId, Array[I])); CurBatch->clear(); // Self-contained CurBatch->add(Array[I]); ++I; // TODO(chiahungduan): Avoid the use of push_back() in `Batches` of // BatchClassId. BG->Batches.push_front(CurBatch); UnusedSlots = static_cast(BG->MaxCachedPerBatch - 1); } // `UnusedSlots` is u16 so the result will be also fit in u16. const u16 AppendSize = static_cast(Min(UnusedSlots, Size - I)); CurBatch->appendFromArray(&Array[I], AppendSize); I += AppendSize; } BG->PushedBlocks += Size; } // Push the blocks to their batch group. The layout will be like, // // FreeListInfo.BlockList - > BG -> BG -> BG // | | | // v v v // TB TB TB // | // v // TB // // Each BlockGroup(BG) will associate with unique group id and the free blocks // are managed by a list of TransferBatch(TB). To reduce the time of inserting // blocks, BGs are sorted and the input `Array` are supposed to be sorted so // that we can get better performance of maintaining sorted property. // Use `SameGroup=true` to indicate that all blocks in the array are from the // same group then we will skip checking the group id of each block. void pushBlocksImpl(CacheT *C, uptr ClassId, RegionInfo *Region, CompactPtrT *Array, u32 Size, bool SameGroup = false) REQUIRES(Region->FLLock) { DCHECK_NE(ClassId, SizeClassMap::BatchClassId); DCHECK_GT(Size, 0U); auto CreateGroup = [&](uptr CompactPtrGroupBase) { BatchGroup *BG = C->createGroup(); BG->Batches.clear(); TransferBatch *TB = C->createBatch(ClassId, nullptr); TB->clear(); BG->CompactPtrGroupBase = CompactPtrGroupBase; BG->Batches.push_front(TB); BG->PushedBlocks = 0; BG->BytesInBGAtLastCheckpoint = 0; BG->MaxCachedPerBatch = TransferBatch::getMaxCached(getSizeByClassId(ClassId)); return BG; }; auto InsertBlocks = [&](BatchGroup *BG, CompactPtrT *Array, u32 Size) { SinglyLinkedList &Batches = BG->Batches; TransferBatch *CurBatch = Batches.front(); DCHECK_NE(CurBatch, nullptr); for (u32 I = 0; I < Size;) { DCHECK_GE(BG->MaxCachedPerBatch, CurBatch->getCount()); u16 UnusedSlots = static_cast(BG->MaxCachedPerBatch - CurBatch->getCount()); if (UnusedSlots == 0) { CurBatch = C->createBatch( ClassId, reinterpret_cast(decompactPtr(ClassId, Array[I]))); CurBatch->clear(); Batches.push_front(CurBatch); UnusedSlots = BG->MaxCachedPerBatch; } // `UnusedSlots` is u16 so the result will be also fit in u16. u16 AppendSize = static_cast(Min(UnusedSlots, Size - I)); CurBatch->appendFromArray(&Array[I], AppendSize); I += AppendSize; } BG->PushedBlocks += Size; }; Region->FreeListInfo.PushedBlocks += Size; BatchGroup *Cur = Region->FreeListInfo.BlockList.front(); if (ClassId == SizeClassMap::BatchClassId) { if (Cur == nullptr) { // Don't need to classify BatchClassId. Cur = CreateGroup(/*CompactPtrGroupBase=*/0); Region->FreeListInfo.BlockList.push_front(Cur); } InsertBlocks(Cur, Array, Size); return; } // In the following, `Cur` always points to the BatchGroup for blocks that // will be pushed next. `Prev` is the element right before `Cur`. BatchGroup *Prev = nullptr; while (Cur != nullptr && compactPtrGroup(Array[0]) > Cur->CompactPtrGroupBase) { Prev = Cur; Cur = Cur->Next; } if (Cur == nullptr || compactPtrGroup(Array[0]) != Cur->CompactPtrGroupBase) { Cur = CreateGroup(compactPtrGroup(Array[0])); if (Prev == nullptr) Region->FreeListInfo.BlockList.push_front(Cur); else Region->FreeListInfo.BlockList.insert(Prev, Cur); } // All the blocks are from the same group, just push without checking group // id. if (SameGroup) { for (u32 I = 0; I < Size; ++I) DCHECK_EQ(compactPtrGroup(Array[I]), Cur->CompactPtrGroupBase); InsertBlocks(Cur, Array, Size); return; } // The blocks are sorted by group id. Determine the segment of group and // push them to their group together. u32 Count = 1; for (u32 I = 1; I < Size; ++I) { if (compactPtrGroup(Array[I - 1]) != compactPtrGroup(Array[I])) { DCHECK_EQ(compactPtrGroup(Array[I - 1]), Cur->CompactPtrGroupBase); InsertBlocks(Cur, Array + I - Count, Count); while (Cur != nullptr && compactPtrGroup(Array[I]) > Cur->CompactPtrGroupBase) { Prev = Cur; Cur = Cur->Next; } if (Cur == nullptr || compactPtrGroup(Array[I]) != Cur->CompactPtrGroupBase) { Cur = CreateGroup(compactPtrGroup(Array[I])); DCHECK_NE(Prev, nullptr); Region->FreeListInfo.BlockList.insert(Prev, Cur); } Count = 1; } else { ++Count; } } InsertBlocks(Cur, Array + Size - Count, Count); } // Pop one TransferBatch from a BatchGroup. The BatchGroup with the smallest // group id will be considered first. // // The region mutex needs to be held while calling this method. TransferBatch *popBatchImpl(CacheT *C, uptr ClassId, RegionInfo *Region) REQUIRES(Region->FLLock) { if (Region->FreeListInfo.BlockList.empty()) return nullptr; SinglyLinkedList &Batches = Region->FreeListInfo.BlockList.front()->Batches; if (Batches.empty()) { DCHECK_EQ(ClassId, SizeClassMap::BatchClassId); BatchGroup *BG = Region->FreeListInfo.BlockList.front(); Region->FreeListInfo.BlockList.pop_front(); // Block used by `BatchGroup` is from BatchClassId. Turn the block into // `TransferBatch` with single block. TransferBatch *TB = reinterpret_cast(BG); TB->clear(); TB->add( compactPtr(SizeClassMap::BatchClassId, reinterpret_cast(TB))); Region->FreeListInfo.PoppedBlocks += 1; return TB; } TransferBatch *B = Batches.front(); Batches.pop_front(); DCHECK_NE(B, nullptr); DCHECK_GT(B->getCount(), 0U); if (Batches.empty()) { BatchGroup *BG = Region->FreeListInfo.BlockList.front(); Region->FreeListInfo.BlockList.pop_front(); // We don't keep BatchGroup with zero blocks to avoid empty-checking while // allocating. Note that block used by constructing BatchGroup is recorded // as free blocks in the last element of BatchGroup::Batches. Which means, // once we pop the last TransferBatch, the block is implicitly // deallocated. if (ClassId != SizeClassMap::BatchClassId) C->deallocate(SizeClassMap::BatchClassId, BG); } Region->FreeListInfo.PoppedBlocks += B->getCount(); return B; } // Refill the freelist and return one batch. NOINLINE TransferBatch *populateFreeListAndPopBatch(CacheT *C, uptr ClassId, RegionInfo *Region) REQUIRES(Region->MMLock) EXCLUDES(Region->FLLock) { const uptr Size = getSizeByClassId(ClassId); const u16 MaxCount = TransferBatch::getMaxCached(Size); const uptr RegionBeg = Region->RegionBeg; const uptr MappedUser = Region->MemMapInfo.MappedUser; const uptr TotalUserBytes = Region->MemMapInfo.AllocatedUser + MaxCount * Size; // Map more space for blocks, if necessary. if (TotalUserBytes > MappedUser) { // Do the mmap for the user memory. const uptr MapSize = roundUp(TotalUserBytes - MappedUser, MapSizeIncrement); const uptr RegionBase = RegionBeg - getRegionBaseByClassId(ClassId); if (UNLIKELY(RegionBase + MappedUser + MapSize > RegionSize)) { Region->Exhausted = true; return nullptr; } if (UNLIKELY(!Region->MemMapInfo.MemMap.remap( RegionBeg + MappedUser, MapSize, "scudo:primary", MAP_ALLOWNOMEM | MAP_RESIZABLE | (useMemoryTagging(Options.load()) ? MAP_MEMTAG : 0)))) { return nullptr; } Region->MemMapInfo.MappedUser += MapSize; C->getStats().add(StatMapped, MapSize); } const u32 NumberOfBlocks = Min(MaxNumBatches * MaxCount, static_cast((Region->MemMapInfo.MappedUser - Region->MemMapInfo.AllocatedUser) / Size)); DCHECK_GT(NumberOfBlocks, 0); constexpr u32 ShuffleArraySize = MaxNumBatches * TransferBatch::MaxNumCached; CompactPtrT ShuffleArray[ShuffleArraySize]; DCHECK_LE(NumberOfBlocks, ShuffleArraySize); const uptr CompactPtrBase = getCompactPtrBaseByClassId(ClassId); uptr P = RegionBeg + Region->MemMapInfo.AllocatedUser; for (u32 I = 0; I < NumberOfBlocks; I++, P += Size) ShuffleArray[I] = compactPtrInternal(CompactPtrBase, P); ScopedLock L(Region->FLLock); if (ClassId != SizeClassMap::BatchClassId) { u32 N = 1; uptr CurGroup = compactPtrGroup(ShuffleArray[0]); for (u32 I = 1; I < NumberOfBlocks; I++) { if (UNLIKELY(compactPtrGroup(ShuffleArray[I]) != CurGroup)) { shuffle(ShuffleArray + I - N, N, &Region->RandState); pushBlocksImpl(C, ClassId, Region, ShuffleArray + I - N, N, /*SameGroup=*/true); N = 1; CurGroup = compactPtrGroup(ShuffleArray[I]); } else { ++N; } } shuffle(ShuffleArray + NumberOfBlocks - N, N, &Region->RandState); pushBlocksImpl(C, ClassId, Region, &ShuffleArray[NumberOfBlocks - N], N, /*SameGroup=*/true); } else { pushBatchClassBlocks(Region, ShuffleArray, NumberOfBlocks); } TransferBatch *B = popBatchImpl(C, ClassId, Region); DCHECK_NE(B, nullptr); // Note that `PushedBlocks` and `PoppedBlocks` are supposed to only record // the requests from `PushBlocks` and `PopBatch` which are external // interfaces. `populateFreeListAndPopBatch` is the internal interface so we // should set the values back to avoid incorrectly setting the stats. Region->FreeListInfo.PushedBlocks -= NumberOfBlocks; const uptr AllocatedUser = Size * NumberOfBlocks; C->getStats().add(StatFree, AllocatedUser); Region->MemMapInfo.AllocatedUser += AllocatedUser; return B; } void getStats(ScopedString *Str, uptr ClassId, RegionInfo *Region) REQUIRES(Region->MMLock, Region->FLLock) { if (Region->MemMapInfo.MappedUser == 0) return; const uptr BlockSize = getSizeByClassId(ClassId); const uptr InUse = Region->FreeListInfo.PoppedBlocks - Region->FreeListInfo.PushedBlocks; const uptr BytesInFreeList = Region->MemMapInfo.AllocatedUser - InUse * BlockSize; uptr RegionPushedBytesDelta = 0; if (BytesInFreeList >= Region->ReleaseInfo.BytesInFreeListAtLastCheckpoint) { RegionPushedBytesDelta = BytesInFreeList - Region->ReleaseInfo.BytesInFreeListAtLastCheckpoint; } const uptr TotalChunks = Region->MemMapInfo.AllocatedUser / BlockSize; Str->append( "%s %02zu (%6zu): mapped: %6zuK popped: %7zu pushed: %7zu " "inuse: %6zu total: %6zu releases: %6zu last " "released: %6zuK latest pushed bytes: %6zuK region: 0x%zx (0x%zx)\n", Region->Exhausted ? "F" : " ", ClassId, getSizeByClassId(ClassId), Region->MemMapInfo.MappedUser >> 10, Region->FreeListInfo.PoppedBlocks, Region->FreeListInfo.PushedBlocks, InUse, TotalChunks, Region->ReleaseInfo.RangesReleased, Region->ReleaseInfo.LastReleasedBytes >> 10, RegionPushedBytesDelta >> 10, Region->RegionBeg, getRegionBaseByClassId(ClassId)); } NOINLINE uptr releaseToOSMaybe(RegionInfo *Region, uptr ClassId, ReleaseToOS ReleaseType = ReleaseToOS::Normal) REQUIRES(Region->MMLock) EXCLUDES(Region->FLLock) { ScopedLock L(Region->FLLock); const uptr BlockSize = getSizeByClassId(ClassId); const uptr BytesInFreeList = Region->MemMapInfo.AllocatedUser - (Region->FreeListInfo.PoppedBlocks - Region->FreeListInfo.PushedBlocks) * BlockSize; if (UNLIKELY(BytesInFreeList == 0)) return false; const uptr AllocatedUserEnd = Region->MemMapInfo.AllocatedUser + Region->RegionBeg; const uptr CompactPtrBase = getCompactPtrBaseByClassId(ClassId); // ====================================================================== // // 1. Check if we have enough free blocks and if it's worth doing a page // release. // ====================================================================== // if (ReleaseType != ReleaseToOS::ForceAll && !hasChanceToReleasePages(Region, BlockSize, BytesInFreeList, ReleaseType)) { return 0; } // ====================================================================== // // 2. Determine which groups can release the pages. Use a heuristic to // gather groups that are candidates for doing a release. // ====================================================================== // SinglyLinkedList GroupsToRelease; if (ReleaseType == ReleaseToOS::ForceAll) { GroupsToRelease = Region->FreeListInfo.BlockList; Region->FreeListInfo.BlockList.clear(); } else { GroupsToRelease = collectGroupsToRelease( Region, BlockSize, AllocatedUserEnd, CompactPtrBase); } if (GroupsToRelease.empty()) return 0; // Ideally, we should use a class like `ScopedUnlock`. However, this form of // unlocking is not supported by the thread-safety analysis. See // https://clang.llvm.org/docs/ThreadSafetyAnalysis.html#no-alias-analysis // for more details. // Put it as local class so that we can mark the ctor/dtor with proper // annotations associated to the target lock. Note that accessing the // function variable in local class only works in thread-safety annotations. // TODO: Implement general `ScopedUnlock` when it's supported. class FLLockScopedUnlock { public: FLLockScopedUnlock(RegionInfo *Region) RELEASE(Region->FLLock) : R(Region) { R->FLLock.assertHeld(); R->FLLock.unlock(); } ~FLLockScopedUnlock() ACQUIRE(Region->FLLock) { R->FLLock.lock(); } private: RegionInfo *R; }; // Note that we have extracted the `GroupsToRelease` from region freelist. // It's safe to let pushBlocks()/popBatches() access the remaining region // freelist. In the steps 3 and 4, we will temporarily release the FLLock // and lock it again before step 5. uptr ReleasedBytes = 0; { FLLockScopedUnlock UL(Region); // ==================================================================== // // 3. Mark the free blocks in `GroupsToRelease` in the // `PageReleaseContext`. Then we can tell which pages are in-use by // querying `PageReleaseContext`. // ==================================================================== // PageReleaseContext Context = markFreeBlocks( Region, BlockSize, AllocatedUserEnd, CompactPtrBase, GroupsToRelease); if (UNLIKELY(!Context.hasBlockMarked())) { ScopedLock L(Region->FLLock); mergeGroupsToReleaseBack(Region, GroupsToRelease); return 0; } // ==================================================================== // // 4. Release the unused physical pages back to the OS. // ==================================================================== // RegionReleaseRecorder Recorder(&Region->MemMapInfo.MemMap, Region->RegionBeg, Context.getReleaseOffset()); auto SkipRegion = [](UNUSED uptr RegionIndex) { return false; }; releaseFreeMemoryToOS(Context, Recorder, SkipRegion); if (Recorder.getReleasedRangesCount() > 0) { Region->ReleaseInfo.BytesInFreeListAtLastCheckpoint = BytesInFreeList; Region->ReleaseInfo.RangesReleased += Recorder.getReleasedRangesCount(); Region->ReleaseInfo.LastReleasedBytes = Recorder.getReleasedBytes(); } Region->ReleaseInfo.LastReleaseAtNs = getMonotonicTimeFast(); ReleasedBytes = Recorder.getReleasedBytes(); } // ====================================================================== // // 5. Merge the `GroupsToRelease` back to the freelist. // ====================================================================== // mergeGroupsToReleaseBack(Region, GroupsToRelease); return ReleasedBytes; } bool hasChanceToReleasePages(RegionInfo *Region, uptr BlockSize, uptr BytesInFreeList, ReleaseToOS ReleaseType) REQUIRES(Region->MMLock, Region->FLLock) { DCHECK_GE(Region->FreeListInfo.PoppedBlocks, Region->FreeListInfo.PushedBlocks); const uptr PageSize = getPageSizeCached(); // Always update `BytesInFreeListAtLastCheckpoint` with the smallest value // so that we won't underestimate the releasable pages. For example, the // following is the region usage, // // BytesInFreeListAtLastCheckpoint AllocatedUser // v v // |---------------------------------------> // ^ ^ // BytesInFreeList ReleaseThreshold // // In general, if we have collected enough bytes and the amount of free // bytes meets the ReleaseThreshold, we will try to do page release. If we // don't update `BytesInFreeListAtLastCheckpoint` when the current // `BytesInFreeList` is smaller, we may take longer time to wait for enough // freed blocks because we miss the bytes between // (BytesInFreeListAtLastCheckpoint - BytesInFreeList). if (BytesInFreeList <= Region->ReleaseInfo.BytesInFreeListAtLastCheckpoint) { Region->ReleaseInfo.BytesInFreeListAtLastCheckpoint = BytesInFreeList; } const uptr RegionPushedBytesDelta = BytesInFreeList - Region->ReleaseInfo.BytesInFreeListAtLastCheckpoint; if (RegionPushedBytesDelta < PageSize) return false; // Releasing smaller blocks is expensive, so we want to make sure that a // significant amount of bytes are free, and that there has been a good // amount of batches pushed to the freelist before attempting to release. if (isSmallBlock(BlockSize) && ReleaseType == ReleaseToOS::Normal) if (RegionPushedBytesDelta < Region->TryReleaseThreshold) return false; if (ReleaseType == ReleaseToOS::Normal) { const s32 IntervalMs = atomic_load_relaxed(&ReleaseToOsIntervalMs); if (IntervalMs < 0) return false; // The constant 8 here is selected from profiling some apps and the number // of unreleased pages in the large size classes is around 16 pages or // more. Choose half of it as a heuristic and which also avoids page // release every time for every pushBlocks() attempt by large blocks. const bool ByPassReleaseInterval = isLargeBlock(BlockSize) && RegionPushedBytesDelta > 8 * PageSize; if (!ByPassReleaseInterval) { if (Region->ReleaseInfo.LastReleaseAtNs + static_cast(IntervalMs) * 1000000 > getMonotonicTimeFast()) { // Memory was returned recently. return false; } } } // if (ReleaseType == ReleaseToOS::Normal) return true; } SinglyLinkedList collectGroupsToRelease(RegionInfo *Region, const uptr BlockSize, const uptr AllocatedUserEnd, const uptr CompactPtrBase) REQUIRES(Region->MMLock, Region->FLLock) { const uptr GroupSize = (1U << GroupSizeLog); const uptr PageSize = getPageSizeCached(); SinglyLinkedList GroupsToRelease; // We are examining each group and will take the minimum distance to the // release threshold as the next Region::TryReleaseThreshold(). Note that if // the size of free blocks has reached the release threshold, the distance // to the next release will be PageSize * SmallerBlockReleasePageDelta. See // the comment on `SmallerBlockReleasePageDelta` for more details. uptr MinDistToThreshold = GroupSize; for (BatchGroup *BG = Region->FreeListInfo.BlockList.front(), *Prev = nullptr; BG != nullptr;) { // Group boundary is always GroupSize-aligned from CompactPtr base. The // layout of memory groups is like, // // (CompactPtrBase) // #1 CompactPtrGroupBase #2 CompactPtrGroupBase ... // | | | // v v v // +-----------------------+-----------------------+ // \ / \ / // --- GroupSize --- --- GroupSize --- // // After decompacting the CompactPtrGroupBase, we expect the alignment // property is held as well. const uptr BatchGroupBase = decompactGroupBase(CompactPtrBase, BG->CompactPtrGroupBase); DCHECK_LE(Region->RegionBeg, BatchGroupBase); DCHECK_GE(AllocatedUserEnd, BatchGroupBase); DCHECK_EQ((Region->RegionBeg - BatchGroupBase) % GroupSize, 0U); // TransferBatches are pushed in front of BG.Batches. The first one may // not have all caches used. const uptr NumBlocks = (BG->Batches.size() - 1) * BG->MaxCachedPerBatch + BG->Batches.front()->getCount(); const uptr BytesInBG = NumBlocks * BlockSize; if (BytesInBG <= BG->BytesInBGAtLastCheckpoint) { BG->BytesInBGAtLastCheckpoint = BytesInBG; Prev = BG; BG = BG->Next; continue; } const uptr PushedBytesDelta = BG->BytesInBGAtLastCheckpoint - BytesInBG; // Given the randomness property, we try to release the pages only if the // bytes used by free blocks exceed certain proportion of group size. Note // that this heuristic only applies when all the spaces in a BatchGroup // are allocated. if (isSmallBlock(BlockSize)) { const uptr BatchGroupEnd = BatchGroupBase + GroupSize; const uptr AllocatedGroupSize = AllocatedUserEnd >= BatchGroupEnd ? GroupSize : AllocatedUserEnd - BatchGroupBase; const uptr ReleaseThreshold = (AllocatedGroupSize * (100 - 1U - BlockSize / 16U)) / 100U; const bool HighDensity = BytesInBG >= ReleaseThreshold; const bool MayHaveReleasedAll = NumBlocks >= (GroupSize / BlockSize); // If all blocks in the group are released, we will do range marking // which is fast. Otherwise, we will wait until we have accumulated // a certain amount of free memory. const bool ReachReleaseDelta = MayHaveReleasedAll ? true : PushedBytesDelta >= PageSize * SmallerBlockReleasePageDelta; if (!HighDensity) { DCHECK_LE(BytesInBG, ReleaseThreshold); // The following is the usage of a memroy group, // // BytesInBG ReleaseThreshold // / \ v // +---+---------------------------+-----+ // | | | | | // +---+---------------------------+-----+ // \ / ^ // PushedBytesDelta GroupEnd MinDistToThreshold = Min(MinDistToThreshold, ReleaseThreshold - BytesInBG + PushedBytesDelta); } else { // If it reaches high density at this round, the next time we will try // to release is based on SmallerBlockReleasePageDelta MinDistToThreshold = Min(MinDistToThreshold, PageSize * SmallerBlockReleasePageDelta); } if (!HighDensity || !ReachReleaseDelta) { Prev = BG; BG = BG->Next; continue; } } // If `BG` is the first BatchGroup in the list, we only need to advance // `BG` and call FreeListInfo.BlockList::pop_front(). No update is needed // for `Prev`. // // (BG) (BG->Next) // Prev Cur BG // | | | // v v v // nil +--+ +--+ // |X | -> | | -> ... // +--+ +--+ // // Otherwise, `Prev` will be used to extract the `Cur` from the // `FreeListInfo.BlockList`. // // (BG) (BG->Next) // Prev Cur BG // | | | // v v v // +--+ +--+ +--+ // | | -> |X | -> | | -> ... // +--+ +--+ +--+ // // After FreeListInfo.BlockList::extract(), // // Prev Cur BG // | | | // v v v // +--+ +--+ +--+ // | |-+ |X | +->| | -> ... // +--+ | +--+ | +--+ // +--------+ // // Note that we need to advance before pushing this BatchGroup to // GroupsToRelease because it's a destructive operation. BatchGroup *Cur = BG; BG = BG->Next; // Ideally, we may want to update this only after successful release. // However, for smaller blocks, each block marking is a costly operation. // Therefore, we update it earlier. // TODO: Consider updating this after releasing pages if `ReleaseRecorder` // can tell the released bytes in each group. Cur->BytesInBGAtLastCheckpoint = BytesInBG; if (Prev != nullptr) Region->FreeListInfo.BlockList.extract(Prev, Cur); else Region->FreeListInfo.BlockList.pop_front(); GroupsToRelease.push_back(Cur); } // Only small blocks have the adaptive `TryReleaseThreshold`. if (isSmallBlock(BlockSize)) { // If the MinDistToThreshold is not updated, that means each memory group // may have only pushed less than a page size. In that case, just set it // back to normal. if (MinDistToThreshold == GroupSize) MinDistToThreshold = PageSize * SmallerBlockReleasePageDelta; Region->TryReleaseThreshold = MinDistToThreshold; } return GroupsToRelease; } PageReleaseContext markFreeBlocks(RegionInfo *Region, const uptr BlockSize, const uptr AllocatedUserEnd, const uptr CompactPtrBase, SinglyLinkedList &GroupsToRelease) REQUIRES(Region->MMLock) EXCLUDES(Region->FLLock) { const uptr GroupSize = (1U << GroupSizeLog); auto DecompactPtr = [CompactPtrBase](CompactPtrT CompactPtr) { return decompactPtrInternal(CompactPtrBase, CompactPtr); }; const uptr ReleaseBase = decompactGroupBase( CompactPtrBase, GroupsToRelease.front()->CompactPtrGroupBase); const uptr LastGroupEnd = Min(decompactGroupBase(CompactPtrBase, GroupsToRelease.back()->CompactPtrGroupBase) + GroupSize, AllocatedUserEnd); // The last block may straddle the group boundary. Rounding up to BlockSize // to get the exact range. const uptr ReleaseEnd = roundUpSlow(LastGroupEnd - Region->RegionBeg, BlockSize) + Region->RegionBeg; const uptr ReleaseRangeSize = ReleaseEnd - ReleaseBase; const uptr ReleaseOffset = ReleaseBase - Region->RegionBeg; PageReleaseContext Context(BlockSize, /*NumberOfRegions=*/1U, ReleaseRangeSize, ReleaseOffset); // We may not be able to do the page release in a rare case that we may // fail on PageMap allocation. if (UNLIKELY(!Context.ensurePageMapAllocated())) return Context; for (BatchGroup &BG : GroupsToRelease) { const uptr BatchGroupBase = decompactGroupBase(CompactPtrBase, BG.CompactPtrGroupBase); const uptr BatchGroupEnd = BatchGroupBase + GroupSize; const uptr AllocatedGroupSize = AllocatedUserEnd >= BatchGroupEnd ? GroupSize : AllocatedUserEnd - BatchGroupBase; const uptr BatchGroupUsedEnd = BatchGroupBase + AllocatedGroupSize; const bool MayContainLastBlockInRegion = BatchGroupUsedEnd == AllocatedUserEnd; const bool BlockAlignedWithUsedEnd = (BatchGroupUsedEnd - Region->RegionBeg) % BlockSize == 0; uptr MaxContainedBlocks = AllocatedGroupSize / BlockSize; if (!BlockAlignedWithUsedEnd) ++MaxContainedBlocks; const uptr NumBlocks = (BG.Batches.size() - 1) * BG.MaxCachedPerBatch + BG.Batches.front()->getCount(); if (NumBlocks == MaxContainedBlocks) { for (const auto &It : BG.Batches) { if (&It != BG.Batches.front()) DCHECK_EQ(It.getCount(), BG.MaxCachedPerBatch); for (u16 I = 0; I < It.getCount(); ++I) DCHECK_EQ(compactPtrGroup(It.get(I)), BG.CompactPtrGroupBase); } Context.markRangeAsAllCounted(BatchGroupBase, BatchGroupUsedEnd, Region->RegionBeg, /*RegionIndex=*/0, Region->MemMapInfo.AllocatedUser); } else { DCHECK_LT(NumBlocks, MaxContainedBlocks); // Note that we don't always visit blocks in each BatchGroup so that we // may miss the chance of releasing certain pages that cross // BatchGroups. Context.markFreeBlocksInRegion( BG.Batches, DecompactPtr, Region->RegionBeg, /*RegionIndex=*/0, Region->MemMapInfo.AllocatedUser, MayContainLastBlockInRegion); } } DCHECK(Context.hasBlockMarked()); return Context; } void mergeGroupsToReleaseBack(RegionInfo *Region, SinglyLinkedList &GroupsToRelease) REQUIRES(Region->MMLock, Region->FLLock) { // After merging two freelists, we may have redundant `BatchGroup`s that // need to be recycled. The number of unused `BatchGroup`s is expected to be // small. Pick a constant which is inferred from real programs. constexpr uptr MaxUnusedSize = 8; CompactPtrT Blocks[MaxUnusedSize]; u32 Idx = 0; RegionInfo *BatchClassRegion = getRegionInfo(SizeClassMap::BatchClassId); // We can't call pushBatchClassBlocks() to recycle the unused `BatchGroup`s // when we are manipulating the freelist of `BatchClassRegion`. Instead, we // should just push it back to the freelist when we merge two `BatchGroup`s. // This logic hasn't been implemented because we haven't supported releasing // pages in `BatchClassRegion`. DCHECK_NE(BatchClassRegion, Region); // Merge GroupsToRelease back to the Region::FreeListInfo.BlockList. Note // that both `Region->FreeListInfo.BlockList` and `GroupsToRelease` are // sorted. for (BatchGroup *BG = Region->FreeListInfo.BlockList.front(), *Prev = nullptr; ;) { if (BG == nullptr || GroupsToRelease.empty()) { if (!GroupsToRelease.empty()) Region->FreeListInfo.BlockList.append_back(&GroupsToRelease); break; } DCHECK(!BG->Batches.empty()); if (BG->CompactPtrGroupBase < GroupsToRelease.front()->CompactPtrGroupBase) { Prev = BG; BG = BG->Next; continue; } BatchGroup *Cur = GroupsToRelease.front(); TransferBatch *UnusedTransferBatch = nullptr; GroupsToRelease.pop_front(); if (BG->CompactPtrGroupBase == Cur->CompactPtrGroupBase) { BG->PushedBlocks += Cur->PushedBlocks; // We have updated `BatchGroup::BytesInBGAtLastCheckpoint` while // collecting the `GroupsToRelease`. BG->BytesInBGAtLastCheckpoint = Cur->BytesInBGAtLastCheckpoint; const uptr MaxCachedPerBatch = BG->MaxCachedPerBatch; // Note that the first TransferBatches in both `Batches` may not be // full and only the first TransferBatch can have non-full blocks. Thus // we have to merge them before appending one to another. if (Cur->Batches.front()->getCount() == MaxCachedPerBatch) { BG->Batches.append_back(&Cur->Batches); } else { TransferBatch *NonFullBatch = Cur->Batches.front(); Cur->Batches.pop_front(); const u16 NonFullBatchCount = NonFullBatch->getCount(); // The remaining Batches in `Cur` are full. BG->Batches.append_back(&Cur->Batches); if (BG->Batches.front()->getCount() == MaxCachedPerBatch) { // Only 1 non-full TransferBatch, push it to the front. BG->Batches.push_front(NonFullBatch); } else { const u16 NumBlocksToMove = static_cast( Min(static_cast(MaxCachedPerBatch - BG->Batches.front()->getCount()), NonFullBatchCount)); BG->Batches.front()->appendFromTransferBatch(NonFullBatch, NumBlocksToMove); if (NonFullBatch->isEmpty()) UnusedTransferBatch = NonFullBatch; else BG->Batches.push_front(NonFullBatch); } } const u32 NeededSlots = UnusedTransferBatch == nullptr ? 1U : 2U; if (UNLIKELY(Idx + NeededSlots > MaxUnusedSize)) { ScopedLock L(BatchClassRegion->FLLock); pushBatchClassBlocks(BatchClassRegion, Blocks, Idx); Idx = 0; } Blocks[Idx++] = compactPtr(SizeClassMap::BatchClassId, reinterpret_cast(Cur)); if (UnusedTransferBatch) { Blocks[Idx++] = compactPtr(SizeClassMap::BatchClassId, reinterpret_cast(UnusedTransferBatch)); } Prev = BG; BG = BG->Next; continue; } // At here, the `BG` is the first BatchGroup with CompactPtrGroupBase // larger than the first element in `GroupsToRelease`. We need to insert // `GroupsToRelease::front()` (which is `Cur` below) before `BG`. // // 1. If `Prev` is nullptr, we simply push `Cur` to the front of // FreeListInfo.BlockList. // 2. Otherwise, use `insert()` which inserts an element next to `Prev`. // // Afterwards, we don't need to advance `BG` because the order between // `BG` and the new `GroupsToRelease::front()` hasn't been checked. if (Prev == nullptr) Region->FreeListInfo.BlockList.push_front(Cur); else Region->FreeListInfo.BlockList.insert(Prev, Cur); DCHECK_EQ(Cur->Next, BG); Prev = Cur; } if (Idx != 0) { ScopedLock L(BatchClassRegion->FLLock); pushBatchClassBlocks(BatchClassRegion, Blocks, Idx); } if (SCUDO_DEBUG) { BatchGroup *Prev = Region->FreeListInfo.BlockList.front(); for (BatchGroup *Cur = Prev->Next; Cur != nullptr; Prev = Cur, Cur = Cur->Next) { CHECK_LT(Prev->CompactPtrGroupBase, Cur->CompactPtrGroupBase); } } } // TODO: `PrimaryBase` can be obtained from ReservedMemory. This needs to be // deprecated. uptr PrimaryBase = 0; ReservedMemoryT ReservedMemory = {}; // The minimum size of pushed blocks that we will try to release the pages in // that size class. uptr SmallerBlockReleasePageDelta = 0; atomic_s32 ReleaseToOsIntervalMs = {}; alignas(SCUDO_CACHE_LINE_SIZE) RegionInfo RegionInfoArray[NumClasses]; }; } // namespace scudo #endif // SCUDO_PRIMARY64_H_