1 /*
2  * tc.alloc.c (Caltech) 2/21/82
3  * Chris Kingsley, kingsley@cit-20.
4  *
5  * This is a very fast storage allocator.  It allocates blocks of a small
6  * number of different sizes, and keeps free lists of each size.  Blocks that
7  * don't exactly fit are passed up to the next larger size.  In this
8  * implementation, the available sizes are 2^n-4 (or 2^n-12) bytes long.
9  * This is designed for use in a program that uses vast quantities of memory,
10  * but bombs when it runs out.
11  */
12 /*-
13  * Copyright (c) 1980, 1991 The Regents of the University of California.
14  * All rights reserved.
15  *
16  * Redistribution and use in source and binary forms, with or without
17  * modification, are permitted provided that the following conditions
18  * are met:
19  * 1. Redistributions of source code must retain the above copyright
20  *    notice, this list of conditions and the following disclaimer.
21  * 2. Redistributions in binary form must reproduce the above copyright
22  *    notice, this list of conditions and the following disclaimer in the
23  *    documentation and/or other materials provided with the distribution.
24  * 3. Neither the name of the University nor the names of its contributors
25  *    may be used to endorse or promote products derived from this software
26  *    without specific prior written permission.
27  *
28  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38  * SUCH DAMAGE.
39  */
40 #include "sh.h"
41 #ifdef HAVE_MALLINFO
42 #include <malloc.h>
43 #endif
44 #if defined(HAVE_SBRK) && !defined(__APPLE__)
45 #define USE_SBRK
46 #endif
47 
48 #define RCHECK
49 #define DEBUG
50 
51 static char   *memtop = NULL;		/* PWP: top of current memory */
52 static char   *membot = NULL;		/* PWP: bottom of allocatable memory */
53 
54 int dont_free = 0;
55 
56 #ifdef WINNT_NATIVE
57 # define malloc		fmalloc
58 # define free		ffree
59 # define calloc		fcalloc
60 # define realloc	frealloc
61 #endif /* WINNT_NATIVE */
62 
63 #if !defined(DEBUG) || defined(SYSMALLOC)
64 static void
out_of_memory(void)65 out_of_memory (void)
66 {
67     static const char msg[] = "Out of memory\n";
68 
69     TCSH_IGNORE(write(didfds ? 2 : SHDIAG, msg, strlen(msg)));
70     _exit(1);
71 }
72 #endif
73 
74 #ifndef SYSMALLOC
75 
76 #ifdef SX
77 extern void* sbrk();
78 #endif
79 /*
80  * Lots of os routines are busted and try to free invalid pointers.
81  * Although our free routine is smart enough and it will pick bad
82  * pointers most of the time, in cases where we know we are going to get
83  * a bad pointer, we'd rather leak.
84  */
85 
86 #ifndef NULL
87 #define	NULL 0
88 #endif
89 
90 typedef unsigned char U_char;	/* we don't really have signed chars */
91 typedef unsigned int U_int;
92 typedef unsigned short U_short;
93 typedef unsigned long U_long;
94 
95 
96 /*
97  * The overhead on a block is at least 4 bytes.  When free, this space
98  * contains a pointer to the next free block, and the bottom two bits must
99  * be zero.  When in use, the first byte is set to MAGIC, and the second
100  * byte is the size index.  The remaining bytes are for alignment.
101  * If range checking is enabled and the size of the block fits
102  * in two bytes, then the top two bytes hold the size of the requested block
103  * plus the range checking words, and the header word MINUS ONE.
104  */
105 
106 
107 #define MEMALIGN(a) (((a) + ROUNDUP) & ~ROUNDUP)
108 
109 union overhead {
110     union overhead *ov_next;	/* when free */
111     struct {
112 	U_char  ovu_magic;	/* magic number */
113 	U_char  ovu_index;	/* bucket # */
114 #ifdef RCHECK
115 	U_short ovu_size;	/* actual block size */
116 	U_int   ovu_rmagic;	/* range magic number */
117 #endif
118     }       ovu;
119 #define	ov_magic	ovu.ovu_magic
120 #define	ov_index	ovu.ovu_index
121 #define	ov_size		ovu.ovu_size
122 #define	ov_rmagic	ovu.ovu_rmagic
123 };
124 
125 #define	MAGIC		0xfd	/* magic # on accounting info */
126 #define RMAGIC		0x55555555	/* magic # on range info */
127 #ifdef RCHECK
128 #define	RSLOP		sizeof (U_int)
129 #else
130 #define	RSLOP		0
131 #endif
132 
133 
134 #ifdef _LP64
135 #define ROUNDUP	15
136 #else
137 #define ROUNDUP	7
138 #endif
139 
140 /*
141  * nextf[i] is the pointer to the next free block of size 2^(i+3).  The
142  * smallest allocatable block is 8 bytes.  The overhead information
143  * precedes the data area returned to the user.
144  */
145 #define	NBUCKETS ((sizeof(long) << 3) - 3)
146 static union overhead *nextf[NBUCKETS] IZERO_STRUCT;
147 
148 /*
149  * nmalloc[i] is the difference between the number of mallocs and frees
150  * for a given block size.
151  */
152 static U_int nmalloc[NBUCKETS] IZERO_STRUCT;
153 
154 #ifndef lint
155 static	int	findbucket	(union overhead *, int);
156 static	void	morecore	(int);
157 #endif
158 
159 
160 #ifdef DEBUG
161 # define CHECK(a, str, p) \
162     if (a) { \
163 	xprintf(str, p);	\
164 	xprintf(" (memtop = %p membot = %p)\n", memtop, membot);	\
165 	abort(); \
166     }
167 #else
168 # define CHECK(a, str, p) \
169     if (a) { \
170 	xprintf(str, p);	\
171 	xprintf(" (memtop = %p membot = %p)\n", memtop, membot);	\
172 	return; \
173     }
174 #endif
175 
176 memalign_t
malloc(size_t nbytes)177 malloc(size_t nbytes)
178 {
179 #ifndef lint
180     union overhead *p;
181     int bucket = 0;
182     unsigned shiftr;
183 
184     /*
185      * Convert amount of memory requested into closest block size stored in
186      * hash buckets which satisfies request.  Account for space used per block
187      * for accounting.
188      */
189 #ifdef SUNOS4
190     /*
191      * SunOS localtime() overwrites the 9th byte on an 8 byte malloc()....
192      * so we get one more...
193      * From Michael Schroeder: This is not true. It depends on the
194      * timezone string. In Europe it can overwrite the 13th byte on a
195      * 12 byte malloc.
196      * So we punt and we always allocate an extra byte.
197      */
198     nbytes++;
199 #endif
200 
201     nbytes = MEMALIGN(MEMALIGN(sizeof(union overhead)) + nbytes + RSLOP);
202     shiftr = (nbytes - 1) >> 2;
203 
204     /* apart from this loop, this is O(1) */
205     while ((shiftr >>= 1) != 0)
206 	bucket++;
207     /*
208      * If nothing in hash bucket right now, request more memory from the
209      * system.
210      */
211     if (nextf[bucket] == NULL)
212 	morecore(bucket);
213     if ((p = nextf[bucket]) == NULL) {
214 	child++;
215 #ifndef DEBUG
216 	out_of_memory();
217 #else
218 	showall(NULL, NULL);
219 	xprintf(CGETS(19, 1, "nbytes=%zu: Out of memory\n"), nbytes);
220 	abort();
221 #endif
222 	/* fool lint */
223 	return ((memalign_t) 0);
224     }
225     /* remove from linked list */
226     nextf[bucket] = nextf[bucket]->ov_next;
227     p->ov_magic = MAGIC;
228     p->ov_index = bucket;
229     nmalloc[bucket]++;
230 #ifdef RCHECK
231     /*
232      * Record allocated size of block and bound space with magic numbers.
233      */
234     p->ov_size = (p->ov_index <= 13) ? (U_short)nbytes - 1 : 0;
235     p->ov_rmagic = RMAGIC;
236     *((U_int *) (((caddr_t) p) + nbytes - RSLOP)) = RMAGIC;
237 #endif
238     return ((memalign_t) (((caddr_t) p) + MEMALIGN(sizeof(union overhead))));
239 #else
240     if (nbytes)
241 	return ((memalign_t) 0);
242     else
243 	return ((memalign_t) 0);
244 #endif /* !lint */
245 }
246 
247 #ifndef lint
248 /*
249  * Allocate more memory to the indicated bucket.
250  */
251 static void
morecore(int bucket)252 morecore(int bucket)
253 {
254     union overhead *op;
255     int rnu;		/* 2^rnu bytes will be requested */
256     int nblks;		/* become nblks blocks of the desired size */
257     int siz;
258 
259     if (nextf[bucket])
260 	return;
261     /*
262      * Insure memory is allocated on a page boundary.  Should make getpageize
263      * call?
264      */
265     op = (union overhead *) sbrk(0);
266     memtop = (char *) op;
267     if (membot == NULL)
268 	membot = memtop;
269     if ((long) op & 0x3ff) {
270 	memtop = sbrk((int) (1024 - ((long) op & 0x3ff)));
271 	memtop += (long) (1024 - ((long) op & 0x3ff));
272     }
273 
274     /* take 2k unless the block is bigger than that */
275     rnu = (bucket <= 8) ? 11 : bucket + 3;
276     nblks = 1 << (rnu - (bucket + 3));	/* how many blocks to get */
277     memtop = sbrk(1 << rnu);	/* PWP */
278     op = (union overhead *) memtop;
279     /* no more room! */
280     if ((long) op == -1)
281 	return;
282     memtop += (long) (1 << rnu);
283     /*
284      * Round up to minimum allocation size boundary and deduct from block count
285      * to reflect.
286      */
287     if (((U_long) op) & ROUNDUP) {
288 	op = (union overhead *) (((U_long) op + (ROUNDUP + 1)) & ~ROUNDUP);
289 	nblks--;
290     }
291     /*
292      * Add new memory allocated to that on free list for this hash bucket.
293      */
294     nextf[bucket] = op;
295     siz = 1 << (bucket + 3);
296     while (--nblks > 0) {
297 	op->ov_next = (union overhead *) (((caddr_t) op) + siz);
298 	op = (union overhead *) (((caddr_t) op) + siz);
299     }
300     op->ov_next = NULL;
301 }
302 
303 #endif
304 
305 void
free(ptr_t cp)306 free(ptr_t cp)
307 {
308 #ifndef lint
309     int size;
310     union overhead *op;
311 
312     /*
313      * the don't free flag is there so that we avoid os bugs in routines
314      * that free invalid pointers!
315      */
316     if (cp == NULL || dont_free)
317 	return;
318     CHECK(!memtop || !membot,
319 	  CGETS(19, 2, "free(%p) called before any allocations."), cp);
320     CHECK(cp > (ptr_t) memtop,
321 	  CGETS(19, 3, "free(%p) above top of memory."), cp);
322     CHECK(cp < (ptr_t) membot,
323 	  CGETS(19, 4, "free(%p) below bottom of memory."), cp);
324     op = (union overhead *) (((caddr_t) cp) - MEMALIGN(sizeof(union overhead)));
325     CHECK(op->ov_magic != MAGIC,
326 	  CGETS(19, 5, "free(%p) bad block."), cp);
327 
328 #ifdef RCHECK
329     if (op->ov_index <= 13)
330 	CHECK(*(U_int *) ((caddr_t) op + op->ov_size + 1 - RSLOP) != RMAGIC,
331 	      CGETS(19, 6, "free(%p) bad range check."), cp);
332 #endif
333     CHECK(op->ov_index >= NBUCKETS,
334 	  CGETS(19, 7, "free(%p) bad block index."), cp);
335     size = op->ov_index;
336     op->ov_next = nextf[size];
337     nextf[size] = op;
338 
339     nmalloc[size]--;
340 
341 #else
342     if (cp == NULL)
343 	return;
344 #endif
345 }
346 
347 memalign_t
calloc(size_t i,size_t j)348 calloc(size_t i, size_t j)
349 {
350 #ifndef lint
351     char *cp;
352     volatile size_t k;
353 
354     i *= j;
355     cp = xmalloc(i);
356     /* Stop gcc 5.x from optimizing malloc+memset = calloc */
357     k = i;
358     memset(cp, 0, k);
359 
360     return ((memalign_t) cp);
361 #else
362     if (i && j)
363 	return ((memalign_t) 0);
364     else
365 	return ((memalign_t) 0);
366 #endif
367 }
368 
369 /*
370  * When a program attempts "storage compaction" as mentioned in the
371  * old malloc man page, it realloc's an already freed block.  Usually
372  * this is the last block it freed; occasionally it might be farther
373  * back.  We have to search all the free lists for the block in order
374  * to determine its bucket: 1st we make one pass thru the lists
375  * checking only the first block in each; if that fails we search
376  * ``realloc_srchlen'' blocks in each list for a match (the variable
377  * is extern so the caller can modify it).  If that fails we just copy
378  * however many bytes was given to realloc() and hope it's not huge.
379  */
380 #ifndef lint
381 /* 4 should be plenty, -1 =>'s whole list */
382 static int     realloc_srchlen = 4;
383 #endif /* lint */
384 
385 memalign_t
realloc(ptr_t cp,size_t nbytes)386 realloc(ptr_t cp, size_t nbytes)
387 {
388 #ifndef lint
389     U_int onb;
390     union overhead *op;
391     ptr_t res;
392     int i;
393     int     was_alloced = 0;
394 
395     if (cp == NULL)
396 	return (malloc(nbytes));
397     op = (union overhead *) (((caddr_t) cp) - MEMALIGN(sizeof(union overhead)));
398     if (op->ov_magic == MAGIC) {
399 	was_alloced++;
400 	i = op->ov_index;
401     }
402     else
403 	/*
404 	 * Already free, doing "compaction".
405 	 *
406 	 * Search for the old block of memory on the free list.  First, check the
407 	 * most common case (last element free'd), then (this failing) the last
408 	 * ``realloc_srchlen'' items free'd. If all lookups fail, then assume
409 	 * the size of the memory block being realloc'd is the smallest
410 	 * possible.
411 	 */
412 	if ((i = findbucket(op, 1)) < 0 &&
413 	    (i = findbucket(op, realloc_srchlen)) < 0)
414 	    i = 0;
415 
416     onb = MEMALIGN(nbytes + MEMALIGN(sizeof(union overhead)) + RSLOP);
417 
418     /* avoid the copy if same size block */
419     if (was_alloced && (onb <= (U_int) (1 << (i + 3))) &&
420 	(onb > (U_int) (1 << (i + 2)))) {
421 #ifdef RCHECK
422 	/* JMR: formerly this wasn't updated ! */
423 	nbytes = MEMALIGN(MEMALIGN(sizeof(union overhead))+nbytes+RSLOP);
424 	*((U_int *) (((caddr_t) op) + nbytes - RSLOP)) = RMAGIC;
425 	op->ov_rmagic = RMAGIC;
426 	op->ov_size = (op->ov_index <= 13) ? (U_short)nbytes - 1 : 0;
427 #endif
428 	return ((memalign_t) cp);
429     }
430     if ((res = malloc(nbytes)) == NULL)
431 	return ((memalign_t) NULL);
432     if (cp != res) {		/* common optimization */
433 	/*
434 	 * christos: this used to copy nbytes! It should copy the
435 	 * smaller of the old and new size
436 	 */
437 	onb = (1 << (i + 3)) - MEMALIGN(sizeof(union overhead)) - RSLOP;
438 	(void) memmove(res, cp, onb < nbytes ? onb : nbytes);
439     }
440     if (was_alloced)
441 	free(cp);
442     return ((memalign_t) res);
443 #else
444     if (cp && nbytes)
445 	return ((memalign_t) 0);
446     else
447 	return ((memalign_t) 0);
448 #endif /* !lint */
449 }
450 
451 /*
452  * On linux, _nss_nis_setnetgrent() calls this function to determine
453  * the usable size of the pointer passed, but this is not a portable
454  * API, so we cannot use our malloc replacement without providing one.
455  * Thanks a lot glibc!
456  */
457 #ifdef __linux__
458 #define M_U_S_CONST
459 #else
460 #define M_U_S_CONST
461 #endif
462 size_t malloc_usable_size(M_U_S_CONST void *);
463 size_t
malloc_usable_size(M_U_S_CONST void * ptr)464 malloc_usable_size(M_U_S_CONST void *ptr)
465 {
466     const union overhead *op = (const union overhead *)
467 	(((const char *) ptr) - MEMALIGN(sizeof(*op)));
468     if (op->ov_magic == MAGIC)
469 	    return 1 << (op->ov_index + 3);
470     else
471 	    return 0;
472 }
473 
474 
475 #ifndef lint
476 /*
477  * Search ``srchlen'' elements of each free list for a block whose
478  * header starts at ``freep''.  If srchlen is -1 search the whole list.
479  * Return bucket number, or -1 if not found.
480  */
481 static int
findbucket(union overhead * freep,int srchlen)482 findbucket(union overhead *freep, int srchlen)
483 {
484     union overhead *p;
485     size_t i;
486     int j;
487 
488     for (i = 0; i < NBUCKETS; i++) {
489 	j = 0;
490 	for (p = nextf[i]; p && j != srchlen; p = p->ov_next) {
491 	    if (p == freep)
492 		return (i);
493 	    j++;
494 	}
495     }
496     return (-1);
497 }
498 
499 #endif
500 
501 
502 #else				/* SYSMALLOC */
503 
504 /**
505  ** ``Protected versions'' of malloc, realloc, calloc, and free
506  **
507  ** On many systems:
508  **
509  ** 1. malloc(0) is bad
510  ** 2. free(0) is bad
511  ** 3. realloc(0, n) is bad
512  ** 4. realloc(n, 0) is bad
513  **
514  ** Also we call our error routine if we run out of memory.
515  **/
516 memalign_t
smalloc(size_t n)517 smalloc(size_t n)
518 {
519     ptr_t   ptr;
520 
521     n = n ? n : 1;
522 
523 #ifdef USE_SBRK
524     if (membot == NULL)
525 	membot = sbrk(0);
526 #endif /* USE_SBRK */
527 
528     if ((ptr = malloc(n)) == NULL)
529 	out_of_memory();
530 #ifndef USE_SBRK
531     if (memtop < ((char *) ptr) + n)
532 	memtop = ((char *) ptr) + n;
533     if (membot == NULL)
534 	membot = ptr;
535 #endif /* !USE_SBRK */
536     return ((memalign_t) ptr);
537 }
538 
539 memalign_t
srealloc(ptr_t p,size_t n)540 srealloc(ptr_t p, size_t n)
541 {
542     ptr_t   ptr;
543 
544     n = n ? n : 1;
545 
546 #ifdef USE_SBRK
547     if (membot == NULL)
548 	membot = sbrk(0);
549 #endif /* USE_SBRK */
550 
551     if ((ptr = (p ? realloc(p, n) : malloc(n))) == NULL)
552 	out_of_memory();
553 #ifndef USE_SBRK
554     if (memtop < ((char *) ptr) + n)
555 	memtop = ((char *) ptr) + n;
556     if (membot == NULL)
557 	membot = ptr;
558 #endif /* !USE_SBRK */
559     return ((memalign_t) ptr);
560 }
561 
562 memalign_t
scalloc(size_t s,size_t n)563 scalloc(size_t s, size_t n)
564 {
565     ptr_t   ptr;
566 
567     n *= s;
568     n = n ? n : 1;
569 
570 #ifdef USE_SBRK
571     if (membot == NULL)
572 	membot = sbrk(0);
573 #endif /* USE_SBRK */
574 
575     if ((ptr = malloc(n)) == NULL)
576 	out_of_memory();
577 
578     memset (ptr, 0, n);
579 
580 #ifndef USE_SBRK
581     if (memtop < ((char *) ptr) + n)
582 	memtop = ((char *) ptr) + n;
583     if (membot == NULL)
584 	membot = ptr;
585 #endif /* !USE_SBRK */
586 
587     return ((memalign_t) ptr);
588 }
589 
590 void
sfree(ptr_t p)591 sfree(ptr_t p)
592 {
593     if (p && !dont_free)
594 	free(p);
595 }
596 
597 #endif /* SYSMALLOC */
598 
599 /*
600  * mstats - print out statistics about malloc
601  *
602  * Prints two lines of numbers, one showing the length of the free list
603  * for each size category, the second showing the number of mallocs -
604  * frees for each size category.
605  */
606 /*ARGSUSED*/
607 void
showall(Char ** v,struct command * c)608 showall(Char **v, struct command *c)
609 {
610 #ifndef SYSMALLOC
611     size_t i, j;
612     union overhead *p;
613     int     totfree = 0, totused = 0;
614 
615     xprintf(CGETS(19, 8, "%s current memory allocation:\nfree:\t"), progname);
616     for (i = 0; i < NBUCKETS; i++) {
617 	for (j = 0, p = nextf[i]; p; p = p->ov_next, j++)
618 	    continue;
619 	xprintf(" %4zd", j);
620 	totfree += j * (1 << (i + 3));
621     }
622     xprintf("\n%s:\t", CGETS(19, 9, "used"));
623     for (i = 0; i < NBUCKETS; i++) {
624 	xprintf(" %4d", nmalloc[i]);
625 	totused += nmalloc[i] * (1 << (i + 3));
626     }
627     xprintf(CGETS(19, 10, "\n\tTotal in use: %d, total free: %d\n"),
628 	    totused, totfree);
629     xprintf(CGETS(19, 11,
630 	    "\tAllocated memory from 0x%lx to 0x%lx.  Real top at 0x%lx\n"),
631 	    (unsigned long) membot, (unsigned long) memtop,
632 	    (unsigned long) sbrk(0));
633 #else /* SYSMALLOC */
634 #ifndef HAVE_MALLINFO
635 #ifdef USE_SBRK
636     memtop = sbrk(0);
637 #endif /* USE_SBRK */
638     xprintf(CGETS(19, 12, "Allocated memory from 0x%lx to 0x%lx (%ld).\n"),
639 	    (unsigned long) membot, (unsigned long) memtop,
640 	    (unsigned long) (memtop - membot));
641 #else /* HAVE_MALLINFO */
642     struct mallinfo mi;
643 
644     mi = mallinfo();
645     xprintf(CGETS(19, 13, "%s current memory allocation:\n"), progname);
646     xprintf(CGETS(19, 14, "Total space allocated from system: %d\n"), mi.arena);
647     xprintf(CGETS(19, 15, "Number of non-inuse chunks: %d\n"), mi.ordblks);
648     xprintf(CGETS(19, 16, "Number of mmapped regions: %d\n"), mi.hblks);
649     xprintf(CGETS(19, 17, "Total space in mmapped regions: %d\n"), mi.hblkhd);
650     xprintf(CGETS(19, 18, "Total allocated space: %d\n"), mi.uordblks);
651     xprintf(CGETS(19, 19, "Total non-inuse space: %d\n"), mi.fordblks);
652     xprintf(CGETS(19, 20, "Top-most, releasable space: %d\n"), mi.keepcost);
653 #endif /* HAVE_MALLINFO */
654 #endif /* SYSMALLOC */
655     USE(c);
656     USE(v);
657 }
658 
659 #ifndef SYSMALLOC
660 /* jemalloc defines these */
661 void _malloc_prefork(void);
662 void _malloc_postfork(void);
663 void _malloc_postfork_child(void);
_malloc_prefork(void)664 void _malloc_prefork(void) {}
_malloc_postfork(void)665 void _malloc_postfork(void) {}
_malloc_postfork_child(void)666 void _malloc_postfork_child(void) {}
667 #endif
668