NetBSD/lib/libc/stdlib/malloc.3

507 lines
14 KiB
Groff

.\" $NetBSD: malloc.3,v 1.18 2002/10/01 17:29:23 wiz Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" This code is derived from software contributed to Berkeley by
.\" the American National Standards Committee X3, on Information
.\" Processing Systems.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)malloc.3 8.1 (Berkeley) 6/4/93
.\" From FreeBSD: Id: malloc.3,v 1.18 1999/03/28 14:16:04 phk Exp
.\"
.Dd August 11, 2002
.Dt MALLOC 3
.Os
.Sh NAME
.Nm malloc ,
.Nm calloc ,
.Nm realloc ,
.Nm free
.\"XXX",
.\"XXX".Nm reallocf
.Nd general purpose memory allocation functions
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.Fd #include \*[Lt]stdlib.h\*[Gt]
.Ft void *
.Fn malloc "size_t size"
.Ft void *
.Fn calloc "size_t number" "size_t size"
.Ft void *
.Fn realloc "void *ptr" "size_t size"
.\"XXX".Ft void *
.\"XXX".Fn reallocf "void *ptr" "size_t size"
.Ft void
.Fn free "void *ptr"
.Ft char *
.Va malloc_options ;
.Sh DESCRIPTION
The
.Fn malloc
function allocates
.Fa size
bytes of memory.
The allocated space is suitably aligned (after possible pointer coercion)
for storage of any type of object.
If the space is at least
.Em pagesize
bytes in length (see
.Xr getpagesize 3 ) ,
the returned memory will be page boundary aligned as well.
If
.Fn malloc
fails, a
.Dv NULL
pointer is returned, and the errno variable is set to
.Er ENOMEM .
.Pp
The
.Fn calloc
function allocates space for
.Fa number
objects,
each
.Fa size
bytes in length.
The result is identical to calling
.Fn malloc
with an argument of
.Dq "number * size" ,
with the exception that the allocated memory is initialized to all bits zero.
.Pp
The
.Fn realloc
function changes the size of the previously allocated memory referenced by
.Fa ptr
to
.Fa size
bytes and returns a pointer to the (possibly moved) object.
The contents of the memory are unchanged up to the lesser of the new and
old sizes.
If the new size is larger,
the value of the newly allocated portion of the memory is undefined.
If the requested memory cannot be allocated,
.Dv NULL
is returned and the memory referenced by
.Fa ptr
is valid and unchanged.
If
.Fa ptr
is
.Dv NULL ,
the
.Fn realloc
function behaves identically to
.Fn malloc
for the specified size.
.Pp
When using
.Fn realloc
one must be careful to avoid the following idiom:
.Pp
.Bd -literal -offset indent
if ((p = realloc(p, nsize)) == NULL)
return NULL;
.Ed
.Pp
In most cases, this will result in a leak of memory.
As stated earlier, a return value of
.Dv NULL
indicates that the old object still remains allocated.
Better code looks like this:
.Bd -literal -offset indent
if ((p2 = realloc(p, nsize)) == NULL) {
if (p)
free(p);
p = NULL;
return NULL;
}
p = p2;
.Ed
.\"XXX".Pp
.\"XXX"The
.\"XXX".Fn reallocf
.\"XXX"function call is identical to the realloc function call, except that it
.\"XXX"will free the passed pointer when the requested memory cannot be allocated.
.\"XXX"This is a FreeBSD
.\"XXX"specific API designed to ease the problems with traditional coding styles
.\"XXX"for realloc causing memory leaks in libraries.
.Pp
The
.Fn free
function causes the allocated memory referenced by
.Fa ptr
to be made available for future allocations.
If
.Fa ptr
is
.Dv NULL ,
no action occurs.
.Sh TUNING
Once, when the first call is made to one of these memory allocation
routines, various flags will be set or reset, which affect the
workings of this allocation implementation.
.Pp
The ``name'' of the file referenced by the symbolic link named
.Pa /etc/malloc.conf ,
the value of the environment variable
.Ev MALLOC_OPTIONS ,
and the string pointed to by the global variable
.Va malloc_options
will be interpreted, in that order, character by character as flags.
.Pp
Most flags are single letters,
where uppercase indicates that the behavior is set, or on,
and lowercase means that the behavior is not set, or off.
.Bl -tag -width indent
.It A
All warnings (except for the warning about unknown
flags being set), and failure to allocate memory become fatal.
The process will call
.Fn abort 3
in these cases.
.It J
Each byte of new memory allocated by
.\"XXX".Fn malloc ,
.\"XXX".Fn realloc
.\"XXX"or
.\"XXX".Fn reallocf
.Fn malloc
or
.Fn realloc
as well as all memory returned by
.\"XXX".Fn free ,
.\"XXX".Fn realloc
.\"XXX"or
.\"XXX"Fn reallocf
.Fn free
or
.Fn realloc
will be initialized to 0xd0.
This options also sets the
.Dq R
option.
This is intended for debugging and will impact performance negatively.
.It H
Pass a hint to the kernel about pages unused by the allocation functions.
This will help performance if the system is paging excessively.
This option is off by default.
.It R
Causes the
.Fn realloc
.\"XXX"and
.\"XXX".Fn reallocf
.\"XXX"functions
function
to always reallocate memory even if the initial allocation was
sufficiently large.
This can substantially aid in compacting memory.
.It U
Generate
.Dq utrace
entries for
.Xr ktrace 1 ,
for all operations.
Consult the source for details on this option.
.It V
Attempting to allocate zero bytes will return a
.Dv NULL
pointer instead of a valid pointer.
(The default behavior is to make a minimal allocation and return a
pointer to it.)
This option is provided for System V compatibility.
.It X
Rather than return failure for any allocation function,
display a diagnostic message on stderr and cause the program to drop
core (using
.Fn abort 3 ) .
This option should be set at compile time by including the following in
the source code:
.Bd -literal -offset indent
extern char *malloc_options;
malloc_options = "X";
.Ed
.It Z
This option implicitly sets the
.Dq J
and
.Dq R
options, and then zeros out the bytes that were requested.
This is intended for debugging and will impact performance negatively.
.It \*[Lt]
Reduce the size of the cache by a factor of two.
The default cache size is 16 pages.
This option can be specified multiple times.
.It \*[Gt]
Double the size of the cache by a factor of two.
The default cache size is 16 pages.
This option can be specified multiple times.
.El
.Pp
The
.Dq J
and
.Dq Z
options are intended for testing and debugging.
An application which changes its behavior when these options are used
is flawed.
.Sh RETURN VALUES
The
.Fn malloc
and
.Fn calloc
functions return a pointer to the allocated memory if successful; otherwise a
.Dv NULL
pointer is returned and
.Va errno
is set to
.Er ENOMEM .
.Pp
The
.Fn realloc
.\"XXX"and
.\"XXX".Fn reallocf
.\"XXX"functions return
function returns
a pointer, possibly identical to
.Fa ptr ,
to the allocated memory if successful; otherwise a
.Dv NULL
pointer is returned and
.Va errno
is set to
.Er ENOMEM ,
in which case the
memory referenced by
.Fa ptr
is still available and intact.
.Pp
The
.Fn free
function returns no value.
.Sh ENVIRONMENT
The following environment variables affect the execution of the allocation
functions:
.Bl -tag -width MMM
.It Ev MALLOC_OPTIONS
If the environment variable
.Ev MALLOC_OPTIONS
is set, the characters it contains will be interpreted as flags to the
allocation functions.
.El
.Sh FILES
.Bl -tag -width "/etc/malloc.conf"
.It Pa /etc/malloc.conf
symbolic link to filename containing option flags
.El
.Sh EXAMPLES
To set a systemwide reduction of cache size, and to dump core whenever
a problem occurs:
.Pp
.Bd -literal -offset indent
ln -s 'A\*[Lt]' /etc/malloc.conf
.Ed
.Pp
To specify in the source that a program does no return value checking
on calls to these functions:
.Bd -literal -offset indent
extern char *malloc_options;
malloc_options = "X";
.Ed
.Sh DEBUGGING MALLOC PROBLEMS
The major difference between this implementation and other allocation
implementations is that the free pages are not accessed unless allocated,
and are aggressively returned to the kernel for reuse.
.Bd -filled -offset indent
Most allocation implementations will store a data structure containing a
linked list in the free chunks of memory,
used to tie all the free memory together.
That can be suboptimal,
as every time the free-list is traversed,
the otherwise unused, and likely paged out,
pages are faulted into primary memory.
On systems which are paging,
this can result in a factor of five increase in the number of page-faults
done by a process.
.Ed
.Pp
A side effect of this architecture is that many minor transgressions on
the interface which would traditionally not be detected are in fact detected.
As a result, programs that have been running happily for
years may suddenly start to complain loudly, when linked with this
allocation implementation.
.Pp
The first and most important thing to do is to set the
.Dq A
option.
This option forces a coredump (if possible) at the first sign of trouble,
rather than the normal policy of trying to continue if at all possible.
.Pp
It is probably also a good idea to recompile the program with suitable
options and symbols for debugger support.
.Pp
If the program starts to give unusual results, coredump or generally behave
differently without emitting any of the messages listed in the next section,
it is likely because it depends on the storage being filled with nul bytes.
Try running it with
.Dq Z
option set;
if that improves the situation, this diagnosis has been confirmed.
If the program still misbehaves,
the likely problem is accessing memory outside the allocated area,
more likely after than before the allocated area.
.Pp
Alternatively, if the symptoms are not easy to reproduce, setting the
.Dq J
option may help provoke the problem.
.Pp
In truly difficult cases, the
.Dq U
option, if supported by the kernel, can provide a detailed trace of
all calls made to these functions.
.Pp
Unfortunately this implementation does not provide much detail about
the problems it detects, the performance impact for storing such information
would be prohibitive.
There are a number of allocation implementations available on the 'Net
which focus on detecting and pinpointing problems by trading performance
for extra sanity checks and detailed diagnostics.
.Sh DIAGNOSTIC MESSAGES
If
.Fn malloc ,
.Fn calloc ,
.Fn realloc
or
.Fn free
detect an error or warning condition,
a message will be printed to file descriptor STDERR_FILENO.
Errors will result in the process dumping core.
If the
.Dq A
option is set, all warnings are treated as errors.
.Pp
The following is a brief description of possible error messages and
their meanings:
.Pp
.Bl -tag -width indent
.It "(ES): mumble mumble mumble
The allocation functions were compiled with
.Dq EXTRA_SANITY
defined, and an error was found during the additional error checking.
Consult the source code for further information.
.It "allocation failed
If the
.Dq A
option is specified it is a fatal error for an allocation function to fail.
.It "mmap(2) failed, check limits
This most likely means that the system is dangerously overloaded or that
the process' limits are incorrectly specified.
.It "freelist is destroyed
The internal free-list has been corrupted.
.El
.Pp
.Bl -tag -width indent
The following is a brief description of possible warning messages and
their meanings:
.Pp
.It "chunk/page is already free
The process attempted to
.Fn free
memory which had already been freed.
.It "junk pointer ...
A pointer specified to one of the allocation functions points outside the
bounds of the memory of which they are aware.
.It "malloc() has never been called
No memory has been allocated,
yet something is being freed or
realloc'ed.
.It "modified (chunk-/page-) pointer
The pointer passed to
.Fn free
or
.Fn realloc
has been modified.
.It "pointer to wrong page
The pointer that
.Fn malloc
or
.Fn calloc
is trying to free does not reference a possible page.
.It "recursive call
A process has attempted to call an allocation function recursively.
This is not permitted.
In particular, signal handlers should not attempt to allocate memory.
.It "out of memory
The
.Dq X
option was specified and an allocation of memory failed.
.It "unknown char in MALLOC_OPTIONS
An unknown option was specified.
Even with the
.Dq A
option set, this warning is still only a warning.
.El
.Sh SEE ALSO
.Xr brk 2 ,
.Xr alloca 3 ,
.Xr getpagesize 3 ,
.Xr memory 3
.\"XXX" .Pa /usr/share/doc/papers/malloc.ascii.gz
.Sh STANDARDS
The
.Fn malloc ,
.Fn calloc ,
.Fn realloc
and
.Fn free
functions conform to
.St -ansiC .
.Sh HISTORY
The present allocation implementation started out as a filesystem for a
drum attached to a 20bit binary challenged computer which was built
with discrete germanium transistors.
It has since graduated to handle primary storage rather than secondary.
It first appeared in its new shape and ability in
.Fx 2.2 , and then in
.Nx 1.5 .
.Sh BUGS
The messages printed in case of problems provide no detail about the
actual values.
.Pp
It can be argued that returning a null pointer when asked to
allocate zero bytes is a silly response to a silly question.
.Pp
This implementation was authored by Poul-Henning Kamp.
Please report any problems to him at
.Aq phk@FreeBSD.org .