zone.c 13.5 KB
Newer Older
1
2
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3
/* This Source Code Form is subject to the terms of the Mozilla Public
4
5
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
8
9

#include "mozmemory_wrap.h"

#include <stdlib.h>
10
#include <mach/mach_types.h>
11
12
#include "mozilla/Assertions.h"

13
14
15
// Malloc implementation functions are MOZ_MEMORY_API, and jemalloc
// specific functions MOZ_JEMALLOC_API; see mozmemory_wrap.h

16
17
#define MALLOC_DECL(name, return_type, ...)                                    \
  MOZ_MEMORY_API return_type name##_impl(__VA_ARGS__);
18
19
20
#define MALLOC_FUNCS MALLOC_FUNCS_MALLOC
#include "malloc_decls.h"

21
22
#define MALLOC_DECL(name, return_type, ...)                                    \
  MOZ_JEMALLOC_API return_type name##_impl(__VA_ARGS__);
23
24
25
#define MALLOC_FUNCS MALLOC_FUNCS_JEMALLOC
#include "malloc_decls.h"

26
27
28
29
// Definitions of the following structs in malloc/malloc.h might be too old
// for the built binary to run on newer versions of OSX. So use the newest
// possible version of those structs.

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
typedef struct _malloc_zone_t
{
  void* reserved1;
  void* reserved2;
  size_t (*size)(struct _malloc_zone_t*, const void*);
  void* (*malloc)(struct _malloc_zone_t*, size_t);
  void* (*calloc)(struct _malloc_zone_t*, size_t, size_t);
  void* (*valloc)(struct _malloc_zone_t*, size_t);
  void (*free)(struct _malloc_zone_t*, void*);
  void* (*realloc)(struct _malloc_zone_t*, void*, size_t);
  void (*destroy)(struct _malloc_zone_t*);
  const char* zone_name;
  unsigned (*batch_malloc)(struct _malloc_zone_t*, size_t, void**, unsigned);
  void (*batch_free)(struct _malloc_zone_t*, void**, unsigned);
  struct malloc_introspection_t* introspect;
45
  unsigned version;
46
47
48
  void* (*memalign)(struct _malloc_zone_t*, size_t, size_t);
  void (*free_definite_size)(struct _malloc_zone_t*, void*, size_t);
  size_t (*pressure_relief)(struct _malloc_zone_t*, size_t);
49
50
} malloc_zone_t;

51
52
typedef struct
{
53
54
55
56
  vm_address_t address;
  vm_size_t size;
} vm_range_t;

57
58
typedef struct malloc_statistics_t
{
59
60
61
62
63
64
  unsigned blocks_in_use;
  size_t size_in_use;
  size_t max_size_in_use;
  size_t size_allocated;
} malloc_statistics_t;

65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
typedef kern_return_t
memory_reader_t(task_t, vm_address_t, vm_size_t, void**);

typedef void
vm_range_recorder_t(task_t, void*, unsigned type, vm_range_t*, unsigned);

typedef struct malloc_introspection_t
{
  kern_return_t (*enumerator)(task_t,
                              void*,
                              unsigned,
                              vm_address_t,
                              memory_reader_t,
                              vm_range_recorder_t);
  size_t (*good_size)(malloc_zone_t*, size_t);
  boolean_t (*check)(malloc_zone_t*);
  void (*print)(malloc_zone_t*, boolean_t);
  void (*log)(malloc_zone_t*, void*);
  void (*force_lock)(malloc_zone_t*);
  void (*force_unlock)(malloc_zone_t*);
  void (*statistics)(malloc_zone_t*, malloc_statistics_t*);
  boolean_t (*zone_locked)(malloc_zone_t*);
  boolean_t (*enable_discharge_checking)(malloc_zone_t*);
  boolean_t (*disable_discharge_checking)(malloc_zone_t*);
  void (*discharge)(malloc_zone_t*, void*);
90
#ifdef __BLOCKS__
91
  void (*enumerate_discharged_pointers)(malloc_zone_t*, void (^)(void*, void*));
92
#else
93
  void* enumerate_unavailable_without_blocks;
94
#endif
95
  void (*reinit_lock)(malloc_zone_t*);
96
97
} malloc_introspection_t;

98
99
extern kern_return_t
malloc_get_all_zones(task_t, memory_reader_t, vm_address_t**, unsigned*);
100

101
102
extern malloc_zone_t*
malloc_default_zone(void);
103

104
105
extern void
malloc_zone_register(malloc_zone_t* zone);
106

107
108
extern void
malloc_zone_unregister(malloc_zone_t* zone);
109

110
111
extern malloc_zone_t*
malloc_default_purgeable_zone(void);
112

113
114
extern malloc_zone_t*
malloc_zone_from_ptr(const void* ptr);
115

116
117
extern void
malloc_zone_free(malloc_zone_t* zone, void* ptr);
118

119
120
extern void*
malloc_zone_realloc(malloc_zone_t* zone, void* ptr, size_t size);
121

122
123
124
125
126
// The following is a OSX zone allocator implementation.
// /!\ WARNING. It assumes the underlying malloc implementation's
// malloc_usable_size returns 0 when the given pointer is not owned by
// the allocator. Sadly, OSX does call zone_size with pointers not
// owned by the allocator.
127
128

static size_t
129
zone_size(malloc_zone_t* zone, const void* ptr)
130
131
132
133
{
  return malloc_usable_size_impl(ptr);
}

134
135
static void*
zone_malloc(malloc_zone_t* zone, size_t size)
136
137
138
139
{
  return malloc_impl(size);
}

140
141
static void*
zone_calloc(malloc_zone_t* zone, size_t num, size_t size)
142
143
144
145
{
  return calloc_impl(num, size);
}

146
147
static void*
zone_realloc(malloc_zone_t* zone, void* ptr, size_t size)
148
149
150
{
  if (malloc_usable_size_impl(ptr))
    return realloc_impl(ptr, size);
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

  // Sometimes, system libraries call malloc_zone_* functions with the wrong
  // zone (e.g. CoreFoundation does). In that case, we need to find the real
  // one. We can't call libSystem's realloc directly because we're exporting
  // realloc from libmozglue and we'd pick that one, so we manually find the
  // right zone and realloc with it.
  malloc_zone_t* real_zone = malloc_zone_from_ptr(ptr);
  // The system allocator crashes voluntarily by default when a pointer can't
  // be traced back to a zone. Do the same.
  MOZ_RELEASE_ASSERT(real_zone);
  MOZ_RELEASE_ASSERT(real_zone != zone);
  return malloc_zone_realloc(real_zone, ptr, size);
}

static void
other_zone_free(malloc_zone_t* original_zone, void* ptr)
{
  // Sometimes, system libraries call malloc_zone_* functions with the wrong
  // zone (e.g. CoreFoundation does). In that case, we need to find the real
  // one. We can't call libSystem's free directly because we're exporting
  // free from libmozglue and we'd pick that one, so we manually find the
  // right zone and free with it.
173
174
175
  if (!ptr) {
    return;
  }
176
177
178
179
180
181
  malloc_zone_t* zone = malloc_zone_from_ptr(ptr);
  // The system allocator crashes voluntarily by default when a pointer can't
  // be traced back to a zone. Do the same.
  MOZ_RELEASE_ASSERT(zone);
  MOZ_RELEASE_ASSERT(zone != original_zone);
  return malloc_zone_free(zone, ptr);
182
183
184
}

static void
185
zone_free(malloc_zone_t* zone, void* ptr)
186
187
188
189
190
{
  if (malloc_usable_size_impl(ptr)) {
    free_impl(ptr);
    return;
  }
191
  other_zone_free(zone, ptr);
192
193
194
}

static void
195
zone_free_definite_size(malloc_zone_t* zone, void* ptr, size_t size)
196
197
198
199
200
201
202
{
  size_t current_size = malloc_usable_size_impl(ptr);
  if (current_size) {
    MOZ_ASSERT(current_size == size);
    free_impl(ptr);
    return;
  }
203
  other_zone_free(zone, ptr);
204
205
}

206
207
static void*
zone_memalign(malloc_zone_t* zone, size_t alignment, size_t size)
208
{
209
  void* ptr;
210
211
212
213
214
  if (posix_memalign_impl(&ptr, alignment, size) == 0)
    return ptr;
  return NULL;
}

215
216
static void*
zone_valloc(malloc_zone_t* zone, size_t size)
217
218
219
220
{
  return valloc_impl(size);
}

221
static void
222
zone_destroy(malloc_zone_t* zone)
223
{
224
  // This function should never be called.
225
226
227
  MOZ_CRASH();
}

228
static unsigned
229
230
231
232
zone_batch_malloc(malloc_zone_t* zone,
                  size_t size,
                  void** results,
                  unsigned num_requested)
233
234
235
236
237
238
239
240
241
242
243
244
245
{
  unsigned i;

  for (i = 0; i < num_requested; i++) {
    results[i] = malloc_impl(size);
    if (!results[i])
      break;
  }

  return i;
}

static void
246
247
248
zone_batch_free(malloc_zone_t* zone,
                void** to_be_freed,
                unsigned num_to_be_freed)
249
250
251
252
253
254
255
256
257
258
{
  unsigned i;

  for (i = 0; i < num_to_be_freed; i++) {
    zone_free(zone, to_be_freed[i]);
    to_be_freed[i] = NULL;
  }
}

static size_t
259
zone_pressure_relief(malloc_zone_t* zone, size_t goal)
260
261
262
263
{
  return 0;
}

264
static size_t
265
zone_good_size(malloc_zone_t* zone, size_t size)
266
267
268
269
{
  return malloc_good_size_impl(size);
}

270
static kern_return_t
271
272
273
274
275
276
zone_enumerator(task_t task,
                void* data,
                unsigned type_mask,
                vm_address_t zone_address,
                memory_reader_t reader,
                vm_range_recorder_t recorder)
277
278
279
280
281
{
  return KERN_SUCCESS;
}

static boolean_t
282
zone_check(malloc_zone_t* zone)
283
284
285
286
287
{
  return true;
}

static void
288
zone_print(malloc_zone_t* zone, boolean_t verbose)
289
290
291
292
{
}

static void
293
zone_log(malloc_zone_t* zone, void* address)
294
295
296
{
}

297
298
299
300
extern void
_malloc_prefork(void);
extern void
_malloc_postfork_child(void);
301
302

static void
303
zone_force_lock(malloc_zone_t* zone)
304
{
305
306
  // /!\ This calls into mozjemalloc. It works because we're linked in the
  // same library.
307
308
309
310
  _malloc_prefork();
}

static void
311
zone_force_unlock(malloc_zone_t* zone)
312
{
313
314
  // /!\ This calls into mozjemalloc. It works because we're linked in the
  // same library.
315
  _malloc_postfork_child();
316
317
}

318
static void
319
zone_statistics(malloc_zone_t* zone, malloc_statistics_t* stats)
320
{
321
  // We make no effort to actually fill the values
322
323
324
325
326
327
328
  stats->blocks_in_use = 0;
  stats->size_in_use = 0;
  stats->max_size_in_use = 0;
  stats->size_allocated = 0;
}

static boolean_t
329
zone_locked(malloc_zone_t* zone)
330
{
331
  // Pretend no lock is being held
332
333
334
335
  return false;
}

static void
336
zone_reinit_lock(malloc_zone_t* zone)
337
{
338
339
  // As of OSX 10.12, this function is only used when force_unlock would
  // be used if the zone version were < 9. So just use force_unlock.
340
341
342
  zone_force_unlock(zone);
}

343
344
345
static malloc_zone_t zone;
static struct malloc_introspection_t zone_introspect;

346
347
static malloc_zone_t*
get_default_zone()
348
{
349
  malloc_zone_t** zones = NULL;
350
351
  unsigned int num_zones = 0;

352
353
354
355
356
357
358
359
  // On OSX 10.12, malloc_default_zone returns a special zone that is not
  // present in the list of registered zones. That zone uses a "lite zone"
  // if one is present (apparently enabled when malloc stack logging is
  // enabled), or the first registered zone otherwise. In practice this
  // means unless malloc stack logging is enabled, the first registered
  // zone is the default.
  // So get the list of zones to get the first one, instead of relying on
  // malloc_default_zone.
360
361
  if (KERN_SUCCESS !=
      malloc_get_all_zones(0, NULL, (vm_address_t**)&zones, &num_zones)) {
362
    // Reset the value in case the failure happened after it was set.
363
364
365
366
367
368
369
370
    num_zones = 0;
  }
  if (num_zones) {
    return zones[0];
  }
  return malloc_default_zone();
}

371
__attribute__((constructor)) static void
372
373
register_zone(void)
{
374
  malloc_zone_t* default_zone = get_default_zone();
375

376
377
378
379
380
381
382
  zone.size = zone_size;
  zone.malloc = zone_malloc;
  zone.calloc = zone_calloc;
  zone.valloc = zone_valloc;
  zone.free = zone_free;
  zone.realloc = zone_realloc;
  zone.destroy = zone_destroy;
383
#ifdef MOZ_REPLACE_MALLOC
384
  zone.zone_name = "replace_malloc_zone";
385
386
387
#else
  zone.zone_name = "jemalloc_zone";
#endif
388
389
  zone.batch_malloc = zone_batch_malloc;
  zone.batch_free = zone_batch_free;
390
  zone.introspect = &zone_introspect;
391
  zone.version = 9;
392
393
  zone.memalign = zone_memalign;
  zone.free_definite_size = zone_free_definite_size;
394
395
  zone.pressure_relief = zone_pressure_relief;
  zone_introspect.enumerator = zone_enumerator;
396
  zone_introspect.good_size = zone_good_size;
397
398
399
  zone_introspect.check = zone_check;
  zone_introspect.print = zone_print;
  zone_introspect.log = zone_log;
400
401
  zone_introspect.force_lock = zone_force_lock;
  zone_introspect.force_unlock = zone_force_unlock;
402
403
  zone_introspect.statistics = zone_statistics;
  zone_introspect.zone_locked = zone_locked;
404
405
406
407
408
409
410
411
  zone_introspect.enable_discharge_checking = NULL;
  zone_introspect.disable_discharge_checking = NULL;
  zone_introspect.discharge = NULL;
#ifdef __BLOCKS__
  zone_introspect.enumerate_discharged_pointers = NULL;
#else
  zone_introspect.enumerate_unavailable_without_blocks = NULL;
#endif
412
  zone_introspect.reinit_lock = zone_reinit_lock;
413

414
415
416
417
418
419
420
  // The default purgeable zone is created lazily by OSX's libc.  It uses
  // the default zone when it is created for "small" allocations
  // (< 15 KiB), but assumes the default zone is a scalable_zone.  This
  // obviously fails when the default zone is the jemalloc zone, so
  // malloc_default_purgeable_zone is called beforehand so that the
  // default purgeable zone is created when the default zone is still
  // a scalable_zone.
421
  malloc_zone_t* purgeable_zone = malloc_default_purgeable_zone();
422

423
424
425
426
427
428
  // There is a problem related to the above with the system nano zone, which
  // is hard to work around from here, and that is instead worked around by
  // disabling the nano zone through an environment variable
  // (MallocNanoZone=0). In Firefox, we do that through
  // browser/app/macbuild/Contents/Info.plist.in.

429
  // Register the custom zone.  At this point it won't be the default.
430
431
432
  malloc_zone_register(&zone);

  do {
433
434
435
436
437
438
    // Unregister and reregister the default zone.  On OSX >= 10.6,
    // unregistering takes the last registered zone and places it at the
    // location of the specified zone.  Unregistering the default zone thus
    // makes the last registered one the default.  On OSX < 10.6,
    // unregistering shifts all registered zones.  The first registered zone
    // then becomes the default.
439
440
    malloc_zone_unregister(default_zone);
    malloc_zone_register(default_zone);
441
442
443
444
445
446
447
448
449
450

    // On OSX 10.6, having the default purgeable zone appear before the default
    // zone makes some things crash because it thinks it owns the default
    // zone allocated pointers. We thus unregister/re-register it in order to
    // ensure it's always after the default zone. On OSX < 10.6, as
    // unregistering shifts registered zones, this simply removes the purgeable
    // zone from the list and adds it back at the end, after the default zone.
    // On OSX >= 10.6, unregistering replaces the purgeable zone with the last
    // registered zone above, i.e the default zone. Registering it again then
    // puts it at the end, obviously after the default zone.
451
452
453
454
455
    malloc_zone_unregister(purgeable_zone);
    malloc_zone_register(purgeable_zone);
    default_zone = get_default_zone();
  } while (default_zone != &zone);
}