2015-01-07 22:16 GMT+08:00 cee1 <fykcee1@gmail.com>:
Hi all,
http://www.opensource.apple.com/source/libmalloc/libmalloc-53.1.1/src/magazi..., in function tiny_free_no_lock():
""" size_t free_header_size = sizeof(free_list_t) + sizeof(msize_t); uintptr_t safe_ptr = (uintptr_t)ptr + free_header_size; uintptr_t round_safe = round_page_quanta(safe_ptr);
// Calcuate the last page in the coalesced block that would be safe to mark MADV_FREE size_t free_tail_size = sizeof(msize_t); uintptr_t safe_extent = (uintptr_t)ptr + TINY_BYTES_FOR_MSIZE(msize) - free_tail_size; uintptr_t trunc_extent = trunc_page_quanta(safe_extent);
// The newly freed block may complete a span of bytes that cover a page. Mark it with MADV_FREE. if (round_safe < trunc_extent) { // Coalesced area covers a page (perhaps many) // Extend the freed block by the free region header and tail sizes to include pages // we may have coalesced that no longer host free region tails and headers. // This may extend over in-use ranges, but the MIN/MAX clamping below will fix that up. uintptr_t lo = trunc_page_quanta((uintptr_t)original_ptr - free_tail_size); uintptr_t hi = round_page_quanta((uintptr_t)original_ptr + original_size + free_header_size);
uintptr_t free_lo = MAX(round_safe, lo); uintptr_t free_hi = MIN(trunc_extent, hi); """
Here 'ptr' == previous_free_block_if_exists + 'original_ptr' + next_free_block_if_exists, hence a possible bigger block. IMHO, MADV_FREE pages within this block(except the header and tail) should be ok, why we need to shrink the range with MAX and MIN? Also it should always be lo >= round_safe, trunc_extent >= hi?
Besides that, I find it will skip `free_header_size=sizeof(free_list_t) + sizeof(msize_t)` while doing MADV_FREE in small_free_no_lock(), IMHO, msize is already stored in `small_meta_words`, so the actual size needs to skip is `free_header_size=sizeof(free_list_t)`. (small_meta_header_set_is_free() even does not store a valid value in the space behind free_list_t) Also, in small_free_no_lock() (line 4450, src/magazine_malloc.c), the invocation of small_meta_header_set_is_free can be eliminated, since it is called indirectly in the next line: `small_free_list_add_ptr(...)`. -- Regards, - cee1 _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.app... This email sent to site_archiver@lists.apple.com