//static void void pos_int_free(char *name, mstate av, mchunkptr p, int flag) { INTERNAL_SIZE_T size; mfastbinptr* fb; mchunkptr prevchunk; INTERNAL_SIZE_T prevsize; mchunkptr nextchunk; INTERNAL_SIZE_T nextsize; int nextinuse; mchunkptr bck; mchunkptr fwd; //const char *errstr = NULL; size = chunksize(p); /*if ((uintptr_t) p > (uintptr_t) -size || misaligned_chunk (p)) { errstr = "free(): invalid pointer"; errout: //malloc_printerr (check_action, errstr, chunk2mem(p)); return; }*/ /*if (size < MINSIZE) { errstr = "free(): invalid size"; goto errout; }*/ //check_inuse_chunk(av, p); // fastbin if (flag==1 && (unsigned long)(size) <= (unsigned long)(get_max_fast ())) { /*if (chunk_at_offset (p, size)->size <= 2 * SIZE_SZ || chunksize (chunk_at_offset (p, size)) >= av->system_mem) { errstr = "free(): invalid next size (fast)"; goto errout; }*/ #if CONSISTENCY == 1 set_fastchunks_log(name, av); #else set_fastchunks(av); #endif fb = &fastbin(av, fastbin_index(size)); if (*fb == p) { //errstr = "double free or corruption (fasttop)"; //goto errout; return ; } #if CONSISTENCY == 1 POS_WRITE_VAUE(name, (unsigned long *)&p->fd, (unsigned long)*fb); POS_WRITE_VAUE(name, (unsigned long *)fb, (unsigned long)p); #else p->fd = *fb; *fb = p; #endif return ; } // 1. First chunk if (chunk_is_first(p)) { nextchunk = next_chunk(p); nextsize = chunksize(nextchunk); // 1-1. (free F), free L if (chunk_is_last(nextchunk) && !inuse(nextchunk)) { //if (av < p && p < (char *)(av+PAGESIZE)){ if ((char*)av+sizeof(struct malloc_state) == (char*)p) { #if CONSISTENCY == 1 insert_to_unsorted_log(name, av, p, bck, fwd, size); set_foot_log(name, p, size); clear_inuse_bit_at_offset_log(name, p, size); #else insert_to_unsorted(av, p, bck, fwd, size); set_foot(p, size); clear_inuse_bit_at_offset(p, size); #endif goto out; } else { #if CONSISTENCY == 1 unlink_log(name, nextchunk, bck, fwd); size = size + nextsize + 2*SIZE_SZ; pos_log_insert_malloc_free(name, (unsigned long)p, size); //pos_seg_free(name, (void *)p, size); // Delayed pos_seg_free POS_WRITE_VAUE(name, (unsigned long *)&av->system_mem, (unsigned long)(av->system_mem-size)); #else unlink(nextchunk, bck, fwd); size = size + nextsize + 2*SIZE_SZ; /*if (size%PAGESIZE != 0) { errstr = "free(): unmmap size is not page size"; goto errout; }*/ //FREE((char*)p, size); pos_seg_free(name, (void *)p, size); av->system_mem -= size; #endif goto out; } } // 1-3. (free F), free M else if (!inuse(nextchunk)) { #if CONSISTENCY == 1 unlink_log(name, nextchunk, bck, fwd); size += nextsize; insert_to_unsorted_log(name, av, p, bck, fwd, size); set_head_log(name, p, size | FIRST_CHUNK | PREV_INUSE); set_foot_log(name, p, size); #else unlink(nextchunk, bck, fwd); size += nextsize; insert_to_unsorted(av, p, bck, fwd, size); set_head(p, size | FIRST_CHUNK | PREV_INUSE); set_foot(p, size); #endif goto out; } // 1-2. (free F), inuse L & 1-4. (free F), inuse M else { #if CONSISTENCY == 1 insert_to_unsorted_log(name, av, p, bck, fwd, size); set_foot_log(name, p, size); clear_inuse_bit_at_offset_log(name, p, size); #else insert_to_unsorted(av, p, bck, fwd, size); set_foot(p, size); clear_inuse_bit_at_offset(p, size); #endif goto out; } } // 2. Last chunk else if (chunk_is_last(p)) { if (!prev_inuse(p)) { prevchunk = prev_chunk(p); prevsize = chunksize(prevchunk); // 2-1. free F, (free L) if (chunk_is_first(prevchunk)) { //if (av < prevchunk && prevchunk < av+PAGESIZE){ if((char*)av+sizeof(struct malloc_state) == (char*)prevchunk) { #if CONSISTENCY == 1 insert_to_unsorted_log(name, av, p, bck, fwd, size); set_foot_log(name, p, size); clear_inuse_bit_at_offset_log(name, p, size); #else insert_to_unsorted(av, p, bck, fwd, size); set_foot(p, size); clear_inuse_bit_at_offset(p, size); #endif goto out; } else { #if CONSISTENCY == 1 unlink_log(name, prevchunk, bck, fwd); size = prevsize+size+2*SIZE_SZ; //pos_seg_free(name, (void *)p, size); pos_log_insert_malloc_free(name, (unsigned long)p, size); POS_WRITE_VAUE(name, (unsigned long *)&av->system_mem, (unsigned long)(av->system_mem-size)); #else unlink(prevchunk, bck, fwd); size = prevsize+size+2*SIZE_SZ; /*if (size%PAGESIZE != 0) { errstr = "free(): unmmap size is not page size"; goto errout; }*/ //FREE((char*)p, size); pos_seg_free(name, (void *)p, size); av->system_mem -= size; #endif goto out; } } // 2-3. free M, (free L) else { #if CONSISTENCY == 1 unlink_log(name, prevchunk, bck, fwd); size += prevsize; p = chunk_at_offset(p, -((long) prevsize)); insert_to_unsorted_log(name, av, p, bck, fwd, size); set_head_log(name, p, size | LAST_CHUNK | PREV_INUSE); set_foot_log(name, p, size); clear_inuse_bit_at_offset_log(name, p, size); #else unlink(prevchunk, bck, fwd); size += prevsize; p = chunk_at_offset(p, -((long) prevsize)); insert_to_unsorted(av, p, bck, fwd, size); set_head(p, size | LAST_CHUNK | PREV_INUSE); set_foot(p, size); clear_inuse_bit_at_offset(p, size); #endif goto out; } } // 2-2. inuse F, (free L) & 2-4. inuse M, (free L) else { #if CONSISTENCY == 1 insert_to_unsorted_log(name, av, p, bck, fwd, size); set_foot_log(name, p, size); clear_inuse_bit_at_offset_log(name, p, size); #else insert_to_unsorted(av, p, bck, fwd, size); set_foot(p, size); clear_inuse_bit_at_offset(p, size); #endif goto out; } } // 3. Middle chunk else { nextchunk = next_chunk(p); nextsize = chunksize(nextchunk); if (!prev_inuse(p)) { prevchunk = prev_chunk(p); prevsize = chunksize(prevchunk); // 3-1. free F, (free M), free L if (chunk_is_first(prevchunk) && chunk_is_last(nextchunk) && !inuse(nextchunk) ) { //if (av < prevchunk && prevchunk < av+PAGESIZE){ if((char*)av+sizeof(struct malloc_state) == (char*)prevchunk) { #if CONSISTENCY == 1 unlink_log(name, prevchunk, bck, fwd); size += prevsize; p = chunk_at_offset(p, -((long) prevsize)); insert_to_unsorted_log(name, av, p, bck, fwd, size); set_head_log(name, p, size | FIRST_CHUNK | PREV_INUSE); set_foot_log(name, p, size); clear_inuse_bit_at_offset_log(name, p, size); #else unlink(prevchunk, bck, fwd); size += prevsize; p = chunk_at_offset(p, -((long) prevsize)); insert_to_unsorted(av, p, bck, fwd, size); set_head(p, size | FIRST_CHUNK | PREV_INUSE); set_foot(p, size); clear_inuse_bit_at_offset(p, size); #endif goto out; } else { #if CONSISTENCY == 1 unlink_log(name, prevchunk, bck, fwd); unlink_log(name, nextchunk, bck, fwd); p = chunk_at_offset(p, -((long) prevsize)); size = prevsize+size+nextsize+2*SIZE_SZ; pos_log_insert_malloc_free(name, (unsigned long)p, size); //pos_seg_free(name, (void *)p, size); POS_WRITE_VAUE(name, (unsigned long *)&av->system_mem, (unsigned long)(av->system_mem-size)); #else unlink(prevchunk, bck, fwd); unlink(nextchunk, bck, fwd); p = chunk_at_offset(p, -((long) prevsize)); size = prevsize+size+nextsize+2*SIZE_SZ; /*if (size%PAGESIZE != 0) { errstr = "free(): unmmap size is not page size"; goto errout; }*/ //FREE((char*)p, size); pos_seg_free(name, (void *)p, size); av->system_mem -= size; #endif goto out; } } #if CONSISTENCY == 1 unlink_log(name, prevchunk, bck, fwd); #else unlink(prevchunk, bck, fwd); #endif size += prevsize; p = chunk_at_offset(p, -((long) prevsize)); if (chunk_is_first(prevchunk)) { #if CONSISTENCY == 1 set_head_log(name, p, size | FIRST_CHUNK | PREV_INUSE); #else set_head(p, size | FIRST_CHUNK | PREV_INUSE); //set_foot(p, size); //clear_inuse_bit_at_offset(p, size); #endif } } nextinuse = inuse_bit_at_offset(nextchunk, nextsize); if (!nextinuse) { #if CONSISTENCY == 1 unlink_log(name, nextchunk, bck, fwd); #else unlink(nextchunk, bck, fwd); #endif size += nextsize; } #if CONSISTENCY == 1 insert_to_unsorted_log(name, av, p, bck, fwd, size); if (chunk_is_first(p)) { set_head_log(name, p, size | FIRST_CHUNK | PREV_INUSE); } else if (chunk_is_last(nextchunk)&&!nextinuse) { set_head_log(name, p, size | LAST_CHUNK | PREV_INUSE); } else { set_head_log(name, p, size | PREV_INUSE); } set_foot_log(name, p, size); clear_inuse_bit_at_offset_log(name, p, size); #else //else //clear_inuse_bit_at_offset(nextchunk, 0); insert_to_unsorted(av, p, bck, fwd, size); if (chunk_is_first(p)) { set_head(p, size | FIRST_CHUNK | PREV_INUSE); } else if (chunk_is_last(nextchunk)&&!nextinuse) { set_head(p, size | LAST_CHUNK | PREV_INUSE); } else { set_head(p, size | PREV_INUSE); } set_foot(p, size); clear_inuse_bit_at_offset(p, size); //check_free_chunk(av, p); #endif } out: if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD && have_fastchunks(av)) { pos_malloc_consolidate(name, av); } }
/* ------------------------------ free ------------------------------ */ void free(void* mem) { mstate av; mchunkptr p; /* chunk corresponding to mem */ size_t size; /* its size */ mfastbinptr* fb; /* associated fastbin */ mchunkptr nextchunk; /* next contiguous chunk */ size_t nextsize; /* its size */ int nextinuse; /* true if nextchunk is used */ size_t prevsize; /* size of previous contiguous chunk */ mchunkptr bck; /* misc temp for linking */ mchunkptr fwd; /* misc temp for linking */ /* free(0) has no effect */ if (mem == NULL) return; __MALLOC_LOCK; av = get_malloc_state(); p = mem2chunk(mem); size = chunksize(p); check_inuse_chunk(p); /* If eligible, place chunk on a fastbin so it can be found and used quickly in malloc. */ if ((unsigned long)(size) <= (unsigned long)(av->max_fast) #if TRIM_FASTBINS /* If TRIM_FASTBINS set, don't place chunks bordering top into fastbins */ && (chunk_at_offset(p, size) != av->top) #endif ) { set_fastchunks(av); fb = &(av->fastbins[fastbin_index(size)]); p->fd = *fb; *fb = p; } /* Consolidate other non-mmapped chunks as they arrive. */ else if (!chunk_is_mmapped(p)) { set_anychunks(av); nextchunk = chunk_at_offset(p, size); nextsize = chunksize(nextchunk); /* consolidate backward */ if (!prev_inuse(p)) { prevsize = p->prev_size; size += prevsize; p = chunk_at_offset(p, -((long) prevsize)); unlink(p, bck, fwd); } if (nextchunk != av->top) { /* get and clear inuse bit */ nextinuse = inuse_bit_at_offset(nextchunk, nextsize); set_head(nextchunk, nextsize); /* consolidate forward */ if (!nextinuse) { unlink(nextchunk, bck, fwd); size += nextsize; } /* Place the chunk in unsorted chunk list. Chunks are not placed into regular bins until after they have been given one chance to be used in malloc. */ bck = unsorted_chunks(av); fwd = bck->fd; p->bk = bck; p->fd = fwd; bck->fd = p; fwd->bk = p; set_head(p, size | PREV_INUSE); set_foot(p, size); check_free_chunk(p); } /* If the chunk borders the current high end of memory, consolidate into top */ else { size += nextsize; set_head(p, size | PREV_INUSE); av->top = p; check_chunk(p); } /* If freeing a large space, consolidate possibly-surrounding chunks. Then, if the total unused topmost memory exceeds trim threshold, ask malloc_trim to reduce top. Unless max_fast is 0, we don't know if there are fastbins bordering top, so we cannot tell for sure whether threshold has been reached unless fastbins are consolidated. But we don't want to consolidate on each free. As a compromise, consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD is reached. */ if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) { if (have_fastchunks(av)) __malloc_consolidate(av); if ((unsigned long)(chunksize(av->top)) >= (unsigned long)(av->trim_threshold)) __malloc_trim(av->top_pad, av); } } /* If the chunk was allocated via mmap, release via munmap() Note that if HAVE_MMAP is false but chunk_is_mmapped is true, then user must have overwritten memory. There's nothing we can do to catch this error unless DEBUG is set, in which case check_inuse_chunk (above) will have triggered error. */ else { size_t offset = p->prev_size; av->n_mmaps--; av->mmapped_mem -= (size + offset); munmap((char*)p - offset, size + offset); } __MALLOC_UNLOCK; }