musl/src/malloc, branch v0.8.4 musl - an implementation of the standard library for Linux-based systems fix issue with excessive mremap syscalls on realloc 2011-11-17T04:59:28+00:00 Rich Felker dalias@aerifal.cx 2011-11-17T04:59:28+00:00 e5d78fe8df9bd61940abcd98ad07ed69b7da4350 CHUNK_SIZE macro was defined incorrectly and shaving off at least one significant bit in the size of mmapped chunks, resulting in the test for oldlen==newlen always failing and incurring a syscall. fortunately i don't think this issue caused any other observable behavior; the definition worked correctly for all non-mmapped chunks where its correctness matters more, since their lengths are always multiples of the alignment. 
CHUNK_SIZE macro was defined incorrectly and shaving off at least one
significant bit in the size of mmapped chunks, resulting in the test
for oldlen==newlen always failing and incurring a syscall. fortunately
i don't think this issue caused any other observable behavior; the
definition worked correctly for all non-mmapped chunks where its
correctness matters more, since their lengths are always multiples of
the alignment.
use new a_crash() asm to optimize double-free handler. 2011-08-23T13:43:45+00:00 Rich Felker dalias@aerifal.cx 2011-08-23T13:43:45+00:00 1c8bead345eca58ddc5177a121142b527937adee gcc generates extremely bad code (7 byte immediate mov) for the old null pointer write approach. it should be generating something like "xor %eax,%eax ; mov %al,(%eax)". in any case, using a dedicated crashing opcode accomplishes the same thing in one byte. 
gcc generates extremely bad code (7 byte immediate mov) for the old
null pointer write approach. it should be generating something like
"xor %eax,%eax ; mov %al,(%eax)". in any case, using a dedicated
crashing opcode accomplishes the same thing in one byte.
simplify and improve double-free check 2011-08-15T05:59:15+00:00 Rich Felker dalias@aerifal.cx 2011-08-15T05:59:15+00:00 ce7c6341d38ecd3af4d1e01032e9ea8b4078aa97 a valid mmapped block will have an even (actually aligned) "extra" field, whereas a freed chunk on the heap will always have an in-use neighbor. this fixes a potential bug if mmap ever allocated memory below the main program/brk (in which case it would be wrongly-detected as a double-free by the old code) and allows the double-free check to work for donated memory outside of the brk area (or, in the future, secondary heap zones if support for their creation is added). 
a valid mmapped block will have an even (actually aligned) "extra"
field, whereas a freed chunk on the heap will always have an in-use
neighbor.

this fixes a potential bug if mmap ever allocated memory below the
main program/brk (in which case it would be wrongly-detected as a
double-free by the old code) and allows the double-free check to work
for donated memory outside of the brk area (or, in the future,
secondary heap zones if support for their creation is added).
posix_memalign should fail if size is not a multiple of sizeof(void *) 2011-06-29T23:26:30+00:00 Rich Felker dalias@aerifal.cx 2011-06-29T23:26:30+00:00 f9ed11f3e1337d6bac6298db1d66d4f27bb59f6b 






eliminate OOB array hacks in malloc
2011-06-26T20:12:43+00:00

Rich Felker
dalias@aerifal.cx

2011-06-26T20:12:43+00:00

5d0965cb56f92e24b36b98882543f8ee1e03b5ff












malloc: cast size down to int in bin_index functions
2011-06-12T14:53:42+00:00

Rich Felker
dalias@aerifal.cx

2011-06-12T14:53:42+00:00

2afebbbcd16e8bfc5e008a40b2faf3bd8cf14e88

even if size_t was 32-bit already, the fact that the value was
unsigned and that gcc is too stupid to figure out it would be positive
as a signed quantity (due to the immediately-prior arithmetic and
conditionals) results in gcc compiling the integer-to-float conversion
as zero extension to 64 bits followed by an "fildll" (64 bit)
instruction rather than a simple "fildl" (32 bit) instruction on x86.
reportedly fildll is very slow on certain p4-class machines; even if
not, the new code is slightly smaller.





even if size_t was 32-bit already, the fact that the value was
unsigned and that gcc is too stupid to figure out it would be positive
as a signed quantity (due to the immediately-prior arithmetic and
conditionals) results in gcc compiling the integer-to-float conversion
as zero extension to 64 bits followed by an "fildll" (64 bit)
instruction rather than a simple "fildl" (32 bit) instruction on x86.
reportedly fildll is very slow on certain p4-class machines; even if
not, the new code is slightly smaller.







use volatile pointers for intentional-crash code.
2011-06-06T22:10:43+00:00

Rich Felker
dalias@aerifal.cx

2011-06-06T22:10:43+00:00

71a80c5767aa4e6b7cbc2b58feef3cfca76e29fe












namespace fixes for sys/mman.h
2011-04-20T19:55:58+00:00

Rich Felker
dalias@aerifal.cx

2011-04-20T19:55:58+00:00

b052f13cd1215cf444f16ccf14c96e32f61f73e0












fix rare but nasty under-allocation bug in malloc with large requests
2011-04-04T21:26:41+00:00

Rich Felker
dalias@aerifal.cx

2011-04-04T21:26:41+00:00

b761bd19aa1ae0f95dd2146397b7f39b44a471b6

the bug appeared only with requests roughly 2*sizeof(size_t) to
4*sizeof(size_t) bytes smaller than a multiple of the page size, and
only for requests large enough to be serviced by mmap instead of the
normal heap. it was only ever observed on 64-bit machines but
presumably could also affect 32-bit (albeit with a smaller window of
opportunity).





the bug appeared only with requests roughly 2*sizeof(size_t) to
4*sizeof(size_t) bytes smaller than a multiple of the page size, and
only for requests large enough to be serviced by mmap instead of the
normal heap. it was only ever observed on 64-bit machines but
presumably could also affect 32-bit (albeit with a smaller window of
opportunity).







avoid over-allocation of brk on first malloc
2011-04-02T03:07:03+00:00

Rich Felker
dalias@aerifal.cx

2011-04-02T03:07:03+00:00

bf8785825ac57371c268f54866923d6f89231639

if init_malloc returns positive (successful first init), malloc will
retry getting a chunk from the free bins rather than expanding the
heap again. also pass init_malloc a hint for the size of the initial
allocation.





if init_malloc returns positive (successful first init), malloc will
retry getting a chunk from the free bins rather than expanding the
heap again. also pass init_malloc a hint for the size of the initial
allocation.