musl/src/malloc, branch master musl - an implementation of the standard library for Linux-based systems mallocng: prevent stray ';' at top-level 2026-03-11T02:48:21+00:00 Michael Forney mforney@mforney.org 2024-04-15T10:26:17+00:00 5c26c890ede40b5649d2ea23c51ea3ef34216486 The LOCK_OBJ_DEF macro is used with a trailing semicolon. However, since the macro definition ends with the closing brace of a function definition, the ISO C grammar does not allow an extra semicolon. To fix this, swap the order of the two definitions, and drop the semicolon from the __malloc_lock declaration. 
The LOCK_OBJ_DEF macro is used with a trailing semicolon. However,
since the macro definition ends with the closing brace of a function
definition, the ISO C grammar does not allow an extra semicolon.

To fix this, swap the order of the two definitions, and drop the
semicolon from the __malloc_lock declaration.
disable MADV_FREE usage in mallocng 2022-10-19T18:01:31+00:00 Rich Felker dalias@aerifal.cx 2022-09-28T12:33:05+00:00 e6e8213244a816511e95e14fb99176442922abac the entire intent of using madvise/MADV_FREE on freed slots is to improve system performance by avoiding evicting cache of useful data, or swapping useless data to disk, by marking any whole pages in the freed slot as discardable by the kernel. in particular, unlike unmapping the memory or replacing it with a PROT_NONE region, use of MADV_FREE does not make any difference to memory accounting for commit charge purposes, and so does not increase the memory available to other processes in a non-overcommitted environment. however, various measurements have shown that inordinate amounts of time are spent performing madvise syscalls in processes which frequently allocate and free medium sized objects in the size range roughly between PAGESIZE and MMAP_THRESHOLD, to the point that the net effect is almost surely significant performance degredation. so, turn it off. the code, which has some nontrivial logic for efficiently determining whether there is a whole-page range to apply madvise to, is left in place so that it can easily be re-enabled if desired, or later tuned to only apply to certain sizes or to use additional heuristics. 
the entire intent of using madvise/MADV_FREE on freed slots is to
improve system performance by avoiding evicting cache of useful data,
or swapping useless data to disk, by marking any whole pages in the
freed slot as discardable by the kernel. in particular, unlike
unmapping the memory or replacing it with a PROT_NONE region, use of
MADV_FREE does not make any difference to memory accounting for commit
charge purposes, and so does not increase the memory available to
other processes in a non-overcommitted environment.

however, various measurements have shown that inordinate amounts of
time are spent performing madvise syscalls in processes which
frequently allocate and free medium sized objects in the size range
roughly between PAGESIZE and MMAP_THRESHOLD, to the point that the net
effect is almost surely significant performance degredation. so, turn
it off.

the code, which has some nontrivial logic for efficiently determining
whether there is a whole-page range to apply madvise to, is left in
place so that it can easily be re-enabled if desired, or later tuned
to only apply to certain sizes or to use additional heuristics.
remove return with expression in void function 2021-04-27T23:31:48+00:00 Michael Forney mforney@mforney.org 2021-04-27T22:59:55+00:00 d8cb888db9329d0e1b41060ec953c586c99a4a9f 






mallocng/aligned_alloc: check for malloc failure
2021-04-16T14:17:25+00:00

Dominic Chen
d.c.ddcc@gmail.com

2021-03-25T22:20:14+00:00

95a540e176b3ebd57d6033fd23cf9fec8a5ddbe8

With mallocng, calling posix_memalign() or aligned_alloc() will
SIGSEGV if the internal malloc() call returns NULL. This does not
occur with oldmalloc, which explicitly checks for allocation failure.





With mallocng, calling posix_memalign() or aligned_alloc() will
SIGSEGV if the internal malloc() call returns NULL. This does not
occur with oldmalloc, which explicitly checks for allocation failure.







oldmalloc: preserve errno across free
2021-01-30T22:28:08+00:00

Rich Felker
dalias@aerifal.cx

2021-01-30T22:28:08+00:00

9b77aaca86b53c367f23505c24dd3c02e240efad

as an outcome of Austin Group issue #385, future versions of the
standard will require free not to alter the value of errno. save and
restore it individually around the calls to madvise and munmap so that
the cost is not imposed on calls to free that do not result in any
syscall.





as an outcome of Austin Group issue #385, future versions of the
standard will require free not to alter the value of errno. save and
restore it individually around the calls to madvise and munmap so that
the cost is not imposed on calls to free that do not result in any
syscall.







fix build regression in oldmalloc
2021-01-30T22:26:34+00:00

Rich Felker
dalias@aerifal.cx

2021-01-30T22:26:34+00:00

98b9df994c85dcb6a8a5a9099495dd44c7cf2bce

commit 8d37958d58cf36f53d5fcc7a8aa6d633da6071b2 inadvertently broke
oldmalloc by having it implement __libc_malloc rather than
__libc_malloc_impl.





commit 8d37958d58cf36f53d5fcc7a8aa6d633da6071b2 inadvertently broke
oldmalloc by having it implement __libc_malloc rather than
__libc_malloc_impl.







preserve errno across free
2021-01-30T22:14:20+00:00

Rich Felker
dalias@aerifal.cx

2021-01-30T22:14:20+00:00

2010df0d64570db4ce29cc7df0e31f81aa26ae4a

as an outcome of Austin Group issue #385, future versions of the
standard will require free not to alter the value of errno. save and
restore it individually around the calls to madvise and munmap so that
the cost is not imposed on calls to free that do not result in any
syscall.





as an outcome of Austin Group issue #385, future versions of the
standard will require free not to alter the value of errno. save and
restore it individually around the calls to madvise and munmap so that
the cost is not imposed on calls to free that do not result in any
syscall.







implement reallocarray
2020-11-30T21:49:58+00:00

Ariadne Conill
ariadne@dereferenced.org

2020-08-01T14:26:35+00:00

821083ac7b54eaa040d5a8ddc67c6206a175e0ca

reallocarray is an extension introduced by OpenBSD, which introduces
calloc overflow checking to realloc.

glibc 2.28 introduced support for this function behind _GNU_SOURCE,
while glibc 2.29 allows its usage in _DEFAULT_SOURCE.





reallocarray is an extension introduced by OpenBSD, which introduces
calloc overflow checking to realloc.

glibc 2.28 introduced support for this function behind _GNU_SOURCE,
while glibc 2.29 allows its usage in _DEFAULT_SOURCE.







fix mallocng regression in malloc_usable_size with null argument
2020-11-29T06:07:05+00:00

Dominic Chen
d.c.ddcc@gmail.com

2020-11-25T07:53:16+00:00

5d464f524ba5447e2a8fc77560b98c1ad9a83570

commit d1507646975cbf6c3e511ba07b193f27f032d108 added support for null
argument in oldmalloc and was overlooked when switching to mallocng.





commit d1507646975cbf6c3e511ba07b193f27f032d108 added support for null
argument in oldmalloc and was overlooked when switching to mallocng.







lift child restrictions after multi-threaded fork
2020-11-11T20:55:30+00:00

Rich Felker
dalias@aerifal.cx

2020-11-11T18:37:33+00:00

167390f05564e0a4d3fcb4329377fd7743267560

as the outcome of Austin Group tracker issue #62, future editions of
POSIX have dropped the requirement that fork be AS-safe. this allows
but does not require implementations to synchronize fork with internal
locks and give forked children of multithreaded parents a partly or
fully unrestricted execution environment where they can continue to
use the standard library (per POSIX, they can only portably use
AS-safe functions).

up until recently, taking this allowance did not seem desirable.
however, commit 8ed2bd8bfcb4ea6448afb55a941f4b5b2b0398c0 exposed the
extent to which applications and libraries are depending on the
ability to use malloc and other non-AS-safe interfaces in MT-forked
children, by converting latent very-low-probability catastrophic state
corruption into predictable deadlock. dealing with the fallout has
been a huge burden for users/distros.

while it looks like most of the non-portable usage in applications
could be fixed given sufficient effort, at least some of it seems to
occur in language runtimes which are exposing the ability to run
unrestricted code in the child as part of the contract with the
programmer. any attempt at fixing such contracts is not just a
technical problem but a social one, and is probably not tractable.

this patch extends the fork function to take locks for all libc
singletons in the parent, and release or reset those locks in the
child, so that when the underlying fork operation takes place, the
state protected by these locks is consistent and ready for the child
to use. locking is skipped in the case where the parent is
single-threaded so as not to interfere with legacy AS-safety property
of fork in single-threaded programs. lock order is mostly arbitrary,
but the malloc locks (including bump allocator in case it's used) must
be taken after the locks on any subsystems that might use malloc, and
non-AS-safe locks cannot be taken while the thread list lock is held,
imposing a requirement that it be taken last.





as the outcome of Austin Group tracker issue #62, future editions of
POSIX have dropped the requirement that fork be AS-safe. this allows
but does not require implementations to synchronize fork with internal
locks and give forked children of multithreaded parents a partly or
fully unrestricted execution environment where they can continue to
use the standard library (per POSIX, they can only portably use
AS-safe functions).

up until recently, taking this allowance did not seem desirable.
however, commit 8ed2bd8bfcb4ea6448afb55a941f4b5b2b0398c0 exposed the
extent to which applications and libraries are depending on the
ability to use malloc and other non-AS-safe interfaces in MT-forked
children, by converting latent very-low-probability catastrophic state
corruption into predictable deadlock. dealing with the fallout has
been a huge burden for users/distros.

while it looks like most of the non-portable usage in applications
could be fixed given sufficient effort, at least some of it seems to
occur in language runtimes which are exposing the ability to run
unrestricted code in the child as part of the contract with the
programmer. any attempt at fixing such contracts is not just a
technical problem but a social one, and is probably not tractable.

this patch extends the fork function to take locks for all libc
singletons in the parent, and release or reset those locks in the
child, so that when the underlying fork operation takes place, the
state protected by these locks is consistent and ready for the child
to use. locking is skipped in the case where the parent is
single-threaded so as not to interfere with legacy AS-safety property
of fork in single-threaded programs. lock order is mostly arbitrary,
but the malloc locks (including bump allocator in case it's used) must
be taken after the locks on any subsystems that might use malloc, and
non-AS-safe locks cannot be taken while the thread list lock is held,
imposing a requirement that it be taken last.