| blob | cccaf982b3115451b97e1e9bcbbae4e2c2216e74 |
1 // Copyright (c) 2000, Google Inc.
2 // All rights reserved.
3 //
4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are
6 // met:
7 //
8 // * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer.
10 // * Redistributions in binary form must reproduce the above
11 // copyright notice, this list of conditions and the following disclaimer
12 // in the documentation and/or other materials provided with the
13 // distribution.
14 // * Neither the name of Google Inc. nor the names of its
15 // contributors may be used to endorse or promote products derived from
16 // this software without specific prior written permission.
17 //
18 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 // ---
31 // Author: Urs Holzle <opensource@google.com>
34 #include <errno.h>
35 #ifdef HAVE_FCNTL_H
36 #include <fcntl.h>
37 #endif
38 #ifdef HAVE_INTTYPES_H
39 #include <inttypes.h>
40 #endif
41 // We only need malloc.h for struct mallinfo.
42 #ifdef HAVE_STRUCT_MALLINFO
43 // Malloc can be in several places on older versions of OS X.
44 # if defined(HAVE_MALLOC_H)
45 # include <malloc.h>
46 # elif defined(HAVE_MALLOC_MALLOC_H)
47 # include <malloc/malloc.h>
48 # elif defined(HAVE_SYS_MALLOC_H)
49 # include <sys/malloc.h>
50 # endif
51 #endif
52 #ifdef HAVE_PTHREAD
53 #include <pthread.h>
54 #endif
55 #include <stdarg.h>
56 #include <stdio.h>
57 #include <string.h>
58 #ifdef HAVE_MMAP
59 #include <sys/mman.h>
60 #endif
61 #include <sys/stat.h>
62 #include <sys/types.h>
63 #ifdef HAVE_UNISTD_H
64 #include <unistd.h>
65 #endif
67 #include <gperftools/malloc_extension.h>
68 #include <gperftools/malloc_hook.h>
69 #include <gperftools/stacktrace.h>
79 #define TCMALLOC_USING_DEBUGALLOCATION
82 // __THROW is defined in glibc systems. It means, counter-intuitively,
83 // "This function will never throw an exception." It's an optional
84 // optimization tool, but we may need to use it to match glibc prototypes.
87 #endif
89 // On systems (like freebsd) that don't define MAP_ANONYMOUS, use the old
90 // form of the name instead.
91 #ifndef MAP_ANONYMOUS
92 # define MAP_ANONYMOUS MAP_ANON
93 #endif
95 // ========================================================================= //
100 #ifdef HAVE_MMAP
103 "Enables putting of memory allocations at page boundaries "
104 "with a guard page following the allocation (to catch buffer "
108 "Enables making the virtual address space inaccessible "
110 #else
113 #endif
116 "If set to false, we never return memory to malloc "
117 "when an object is deallocated. This ensures that all "
121 "If greater than 0, keep freed blocks in a queue instead of "
122 "releasing them to the allocator immediately. Release them when "
123 "the total size of all blocks in the queue would otherwise exceed "
130 // If we are LD_PRELOAD-ed against a non-pthreads app, then
131 // pthread_once won't be defined. We declare it here, for that
132 // case (with weak linkage) which will cause the non-definition to
133 // resolve to NULL. We can then check for NULL or not in Instance.
135 ATTRIBUTE_WEAK;
137 // ========================================================================= //
139 // A safe version of printf() that does not do any allocation and
140 // uses very little stack space.
144 // The do_* functions are defined in tcmalloc/tcmalloc.cc,
145 // which is included before this file
146 // when TCMALLOC_FOR_DEBUGALLOCATION is defined
147 // TODO(csilvers): get rid of these now that we are tied to tcmalloc.
148 #define BASE_MALLOC_NEW do_malloc
149 #define BASE_MALLOC do_malloc
150 #define BASE_FREE do_free
151 #define BASE_MALLOC_STATS do_malloc_stats
152 #define BASE_MALLOPT do_mallopt
153 #define BASE_MALLINFO do_mallinfo
155 // ========================================================================= //
159 // A circular buffer to hold freed blocks of memory. MallocBlock::Deallocate
160 // (below) pushes blocks into this queue instead of returning them to the
161 // underlying allocator immediately. See MallocBlock::Deallocate for more
162 // information.
163 //
164 // We can't use an STL class for this because we need to be careful not to
165 // perform any heap de-allocations in any of the code in this class, since the
166 // code in MallocBlock::Deallocate is not re-entrant.
174 }
179 }
186 }
190 }
193 // Maximum number of blocks kept in the free queue before being freed.
199 };
206 // Adjust the number of frames to skip (4) if you change the
207 // location of this call.
208 num_deleter_pcs =
215 // Zero is an illegal pthread id by my reading of the pthread
216 // implementation:
218 }
219 }
224 // When deleted and put in the free queue, we (flag-controlled)
225 // record the stack so that if corruption is later found, we can
226 // print the deleter's stack. (These three vars add 144 bytes of
227 // overhead under the LP64 data model.)
230 pthread_t deleter_threadid;
231 };
236 // Different allocation types we distinguish.
237 // Note: The lower 4 bits are not random: we index kAllocName array
238 // by these values masked with kAllocTypeMask;
239 // the rest are "random" magic bits to help catch memory corruption.
246 // A mask used on alloc types above to get to 0, 1, 2
248 // An additional bit to set in AllocType constants
249 // to mark now deallocated regions.
252 // For better memory debugging, we initialize all storage to known
253 // values, and overwrite the storage when it's deallocated:
254 // Byte that fills uninitialized storage.
256 // Byte that fills deallocated storage.
257 // NOTE: tcmalloc.cc depends on the value of kMagicDeletedByte
258 // to work around a bug in the pthread library.
260 // A size_t (type of alloc_type_ below) in a deallocated storage
261 // filled with kMagicDeletedByte.
264 // Initializer works for 32 and 64 bit size_ts;
265 // "<< 16 << 16" is to fool gcc from issuing a warning
266 // when size_ts are 32 bits.
268 // NOTE: on Linux, you can enable malloc debugging support in libc by
269 // setting the environment variable MALLOC_CHECK_ to 1 before you
270 // start the program (see man malloc).
272 // We use either BASE_MALLOC or mmap to make the actual allocation. In
273 // order to remember which one of the two was used for any block, we store an
274 // appropriate magic word next to the block.
278 // This array will be filled with 0xCD, for use with memcmp.
285 // The four fields size1_,offset_,magic1_,alloc_type_
286 // should together occupy a multiple of 16 bytes. (At the
287 // moment, sizeof(size_t) == 4 or 8 depending on piii vs
288 // k8, and 4 of those sum to 16 or 32 bytes).
289 // This, combined with BASE_MALLOC's alignment guarantees,
290 // ensures that SSE types can be stored into the returned
291 // block, at &size2_.
294 // see comments in memalign() and FromRawPointer().
297 // here comes the actual data (variable length)
298 // ...
299 // then come the size2_ and magic2_, or a full page of mprotect-ed memory
300 // if the malloc_page_fence feature is enabled.
306 // Allocation map: stores the allocation type for each allocated object,
307 // or the type or'ed with kDeallocatedTypeBit
308 // for each formerly allocated object.
311 // This protects alloc_map_ and consistent state of metadata
312 // for each still-allocated object in it.
313 // We use spin locks instead of pthread_mutex_t locks
314 // to prevent crashes via calls to pthread_mutex_(un)lock
315 // for the (de)allocations coming from pthreads initialization itself.
318 // A queue of freed blocks. Instead of releasing blocks to the allocator
319 // immediately, we put them in a queue, freeing them only when necessary
320 // to keep the total size of all the freed blocks below the limit set by
321 // FLAGS_max_free_queue_size.
325 // protects free_queue_ and free_queue_size_
328 // Names of allocation types (kMallocType, kNewType, kArrayNewType)
330 // Names of corresponding deallocation types
335 }
339 }
347 }
351 }
354 }
358 }
360 // NOTE: if the block is mmapped (that is, we're using the
361 // malloc_page_fence option) then there's no size2 or magic2
362 // (instead, the guard page begins where size2 would be).
367 }
376 // record us as allocated in the map
381 }
383 // initialize us
390 }
396 }
397 }
404 }
405 // record us as deallocated in the map
408 // clear us
412 }
423 }
428 }
431 "has been corrupted; or else the object has been already "
434 }
437 "has been corrupted; "
438 "or else our memory map has been corrupted and this is a "
441 }
446 }
450 }
451 }
458 }
462 }
465 "allocation at %p made with %s "
468 }
469 }
485 // Prevent an integer overflow / crash with large allocation sizes.
486 // TODO - Note that for a e.g. 64-bit size_t, max_size_t may not actually
487 // be the maximum value, depending on how the compiler treats ~0. The worst
488 // practical effect is that allocations are limited to 4Gb or so, even if
489 // the address space could take more.
494 }
497 #ifdef HAVE_MMAP
499 // Put the block towards the end of the page and make the next page
500 // inaccessible. This will catch buffer overrun right when it happens.
507 // If the allocation fails, abort rather than returning NULL to
508 // malloc. This is because in most cases, the program will run out
509 // of memory in this mode due to tremendous amount of wastage. There
510 // is no point in propagating the error elsewhere.
513 }
514 // Mark the page after the block inaccessible
517 }
523 }
524 #else
528 #endif
530 // It would be nice to output a diagnostic on allocation failure
531 // here, but logging (other than FATAL) requires allocating
532 // memory, which could trigger a nasty recursion. Instead, preserve
533 // malloc semantics and return NULL on failure.
537 }
539 }
543 #ifdef HAVE_MMAP
554 }
555 #endif
559 // Instead of freeing the block immediately, push it onto a queue of
560 // recently freed blocks. Free only enough blocks to keep from
561 // exceeding the capacity of the queue or causing the total amount of
562 // un-released memory in the queue from exceeding
563 // FLAGS_max_free_queue_size.
565 }
566 }
567 }
572 }
576 // MallocBlockQueueEntry are about 144 in size, so we can only
577 // use a small array of them on the stack.
589 }
591 // Free blocks until the total size of unfreed blocks no longer exceeds
592 // max_free_queue_size, and the free queue has at least one free
593 // space in it.
597 free_queue_size_ -=
599 num_entries++;
601 // The queue will not be full at this point, so it is ok to
602 // release the lock. The queue may still contain more than
603 // max_free_queue_size, but this is not a strict invariant.
608 }
611 }
612 }
618 }
619 }
624 }
627 // Initialize the buffer if necessary.
631 // This will be the case on systems that don't link in pthreads,
632 // including on FreeBSD where pthread_once has a non-zero address
633 // (but doesn't do anything) even when pthreads isn't linked in.
635 }
648 }
650 }
658 }
661 "Found a corrupted memory buffer in MallocBlock (may be offset "
662 "from user ptr): buffer index: %zd, buffer ptr: %p, size of "
665 // The magic deleted buffer should only be 1024 bytes, but in case
666 // this changes, let's put an upper limit on the number of debug
667 // lines we'll output:
673 }
674 }
677 }
686 // We don't want to allocate or deallocate memory here, so we use
687 // placement-new. It's ok that we don't destroy this, since we're
688 // just going to error-exit below anyway. Union is for alignment.
692 // Symbolizes the previous address of pc because pc may be in the
693 // next function. This may happen when the function ends with
694 // a call to a function annotated noreturn (e.g. CHECK).
697 }
704 }
707 "Skipping the printing of the deleter's stack! Its stack was "
708 "not found; either the corruption occurred too early in "
709 "execution to obtain a stack trace or --max_free_queue_size was "
711 }
714 "Memory was written to after being freed. MallocBlock: %p, user "
715 "ptr: %p, size: %zd. If you can't find the source of the error, "
716 "try using ASan (http://code.google.com/p/address-sanitizer/), "
717 "Valgrind, or Purify, or study the "
720 }
724 // Find the header just before client's memory.
727 // If mb->alloc_type_ is kMagicDeletedSizeT, we're not an ok pointer.
730 " deallocated; or else a word before the object has been"
732 }
733 // If mb->offset_ is zero (common case), mb is the real header. If
734 // mb->offset_ is non-zero, this block was allocated by memalign, and
735 // mb->offset_ is the distance backwards to the real header from mb,
736 // which is a fake header. The following subtraction works for both zero
737 // and non-zero values.
740 }
742 // const-safe version: we just cast about
744 }
746 // Return whether p points to memory returned by memalign.
747 // Requires that p be non-zero and has been checked for sanity with
748 // FromRawPointer().
752 // If the offset is non-zero, the block was allocated by memalign
753 // (see FromRawPointer above).
755 }
761 }
768 }
782 }
789 }
790 }
792 // Accumulation variables for StatsCallback protected by alloc_map_lock_
808 }
810 "kMallocHistogramSize should be at least as large as log2 "
813 }
814 }
815 };
818 // Clear out the remaining free queue to check for dangling writes.
820 }
822 // ========================================================================= //
842 NULL,
843 };
849 NULL,
850 };
856 // ========================================================================= //
858 // The following cut-down version of printf() avoids
859 // using stdio or ostreams.
860 // This is to guarantee no recursive calls into
861 // the allocator and to bound the stack space consumed. (The pthread
862 // manager thread in linuxthreads has a very small stack,
863 // so fprintf can't be called.)
882 p++;
886 p++;
890 p++;
905 }
906 p++;
919 }
920 }
923 }
928 }
930 }
931 }
934 }
936 }
938 // Return the file descriptor we're writing a log to
947 }
948 // Add a header to the log.
953 }
955 }
957 // Print the hex stack dump on a single line. PCs are separated by tabs.
963 }
964 }
966 // This protects MALLOC_TRACE, to make sure its info is atomically written.
969 #define MALLOC_TRACE(name, size, addr) \
970 do { \
971 if (FLAGS_malloctrace) { \
972 SpinLockHolder l(&malloc_trace_lock); \
974 name, size, addr, PRINTABLE_PTHREAD(pthread_self())); \
975 TraceStack(); \
977 } \
978 } while (0)
980 // ========================================================================= //
982 // Write the characters buf[0, ..., size-1] to
983 // the malloc trace buffer.
984 // This function is intended for debugging,
985 // and is not declared in any header file.
986 // You must insert a declaration of it by hand when you need
987 // to use it.
991 }
992 }
994 // ========================================================================= //
996 // General debug allocation/deallocation
1003 }
1008 ptr);
1010 }
1012 // ========================================================================= //
1014 // The following functions may be called via MallocExtension::instance()
1015 // for memory verification and statistics.
1021 // Subtract bytes kept in the free queue
1025 }
1026 }
1028 }
1033 }
1038 }
1043 }
1047 }
1052 }
1056 }
1063 }
1065 }
1071 }
1073 }
1086 }
1088 };
1093 // Either we or valgrind will control memory management. We
1094 // register our extension if we're the winner. Otherwise let
1095 // Valgrind use its own malloc (so don't register our extension).
1098 }
1099 });
1103 // When the program exits, check all blocks still in the free
1104 // queue for corruption.
1106 }
1107 });
1109 // ========================================================================= //
1111 // This is mostly the same a cpp_alloc in tcmalloc.cc.
1112 // TODO(csilvers): change Allocate() above to call cpp_alloc, so we
1113 // don't have to reproduce the logic here. To make tc_new_mode work
1114 // properly, I think we'll need to separate out the logic of throwing
1115 // from the logic of calling the new-handler.
1119 #ifdef PREANSINEW
1121 #else
1123 // Get the current new handler. NB: this function is not
1124 // thread-safe. We make a feeble stab at making it so here, but
1125 // this lock only protects against tcmalloc interfering with
1126 // itself, not with other libraries calling set_new_handler.
1128 {
1132 }
1133 #if (defined(__GNUC__) && !defined(__EXCEPTIONS)) || (defined(_HAS_EXCEPTIONS) && !_HAS_EXCEPTIONS)
1135 // Since exceptions are disabled, we don't really know if new_handler
1136 // failed. Assume it will abort if it fails.
1139 }
1141 #else
1142 // If no new_handler is established, the allocation failed.
1146 }
1147 // Otherwise, try the new_handler. If it returns, retry the
1148 // allocation. If it throws std::bad_alloc, fail the allocation.
1149 // if it throws something else, don't interfere.
1155 }
1156 #endif // (defined(__GNUC__) && !defined(__EXCEPTIONS)) || (defined(_HAS_EXCEPTIONS) && !_HAS_EXCEPTIONS)
1159 }
1161 }
1162 }
1167 }
1169 // Exported routines
1175 }
1180 }
1183 // Overflow check
1191 }
1196 }
1203 }
1208 "non-NULL pointers passed to realloc must be obtained "
1210 }
1215 }
1218 // If realloc fails we are to leave the old block untouched and
1219 // return null
1229 }
1236 }
1238 }
1240 extern "C" PERFTOOLS_DLL_DECL void* tc_new_nothrow(size_t size, const std::nothrow_t&) __THROW {
1244 }
1249 }
1251 // Some STL implementations explicitly invoke this.
1252 // It is completely equivalent to a normal delete (delete never throws).
1256 }
1263 }
1265 }
1268 __THROW {
1272 }
1277 }
1279 // Some STL implementations explicitly invoke this.
1280 // It is completely equivalent to a normal delete (delete never throws).
1281 extern "C" PERFTOOLS_DLL_DECL void tc_deletearray_nothrow(void* p, const std::nothrow_t&) __THROW {
1284 }
1286 // Round "value" up to next "alignment" boundary.
1287 // Requires that "alignment" be a power of two.
1290 }
1292 // This is mostly the same as do_memalign in tcmalloc.cc.
1294 // Allocate >= size bytes aligned on "alignment" boundary
1295 // "alignment" is a power of two.
1299 // Allocate "alignment-1" extra bytes to ensure alignment is possible, and
1300 // a further data_offset bytes for an additional fake header.
1306 // Leave data_offset bytes for fake header, and round up to meet
1307 // alignment.
1309 // Create a fake header block with an offset_ that points back to the
1310 // real header. FromRawPointer uses this value.
1313 // offset_ is distance between real and fake headers.
1314 // p is now end of fake header (beginning of client area),
1315 // and orig_p is the end of the real header, so offset_
1316 // is their difference.
1318 }
1320 }
1322 // This is mostly the same as cpp_memalign in tcmalloc.cc.
1326 #ifdef PREANSINEW
1328 #else
1330 // Get the current new handler. NB: this function is not
1331 // thread-safe. We make a feeble stab at making it so here, but
1332 // this lock only protects against tcmalloc interfering with
1333 // itself, not with other libraries calling set_new_handler.
1335 {
1339 }
1340 #if (defined(__GNUC__) && !defined(__EXCEPTIONS)) || (defined(_HAS_EXCEPTIONS) && !_HAS_EXCEPTIONS)
1342 // Since exceptions are disabled, we don't really know if new_handler
1343 // failed. Assume it will abort if it fails.
1346 }
1348 #else
1349 // If no new_handler is established, the allocation failed.
1353 // Otherwise, try the new_handler. If it returns, retry the
1354 // allocation. If it throws std::bad_alloc, fail the allocation.
1355 // if it throws something else, don't interfere.
1360 }
1361 #endif // (defined(__GNUC__) && !defined(__EXCEPTIONS)) || (defined(_HAS_EXCEPTIONS) && !_HAS_EXCEPTIONS)
1364 }
1366 }
1367 }
1373 }
1379 }
1381 // Implementation taken from tcmalloc/tcmalloc.cc
1382 extern "C" PERFTOOLS_DLL_DECL int tc_posix_memalign(void** result_ptr, size_t align, size_t size)
1383 __THROW {
1388 }
1397 }
1398 }
1401 // Allocate >= size bytes starting on a page boundary
1405 }
1408 // Round size up to a multiple of pages
1409 // then allocate memory on a page boundary
1414 }
1418 }
1420 // malloc_stats just falls through to the base implementation.
1423 }
1427 }
1429 #ifdef HAVE_STRUCT_MALLINFO
1432 }
1433 #endif
1437 }