MALLOC(3) OpenBSD Programmer's Manual MALLOC(3) NAME malloc, - general memory allocation function free, cfree - free up memory allocated with malloc, calloc or realloc realloc - reallocation of memory function SYNOPSIS #include <stdlib.h> void * malloc(size_t size); void free(void *ptr); void cfree(void *ptr); void * realloc(void *ptr, size_t size); char * malloc_options DESCRIPTION The malloc() function allocates uninitialized space for an object whose size is specified by size. The malloc() function maintains multiple lists of free blocks according to size, allocating space from the appropriate list. The allocated space is suitably aligned (after possible pointer coercion) for storage of any type of object. If the space is of pagesize or larger, the memory returned will be page-aligned. Allocation of a zero size object returns a pointer to a zero size object. The free() function causes the space pointed to by ptr to be deallocated, that is, at least made available for further allocation, but if possible, it will passed back to the kernel with sbrk(2). If ptr is a null point- er, no action occurs. A cfree() function is also provided for compatibility with old systems and other malloc libraries; it is simply an alias for free(). The realloc() function changes the size of the object pointed to by ptr to size bytes and returns a pointer to the (possibly moved) object. The contents of the object are unchanged up to the lesser of the new and old sizes. If the new size is larger, the value of the newly allocated por- tion of the object is indeterminate and uninitialized. If ptr is a null pointer, the realloc() function behaves like the malloc() function for the specified size. If the space cannot be allocated, the object pointed to by ptr is unchanged. If size is zero and ptr is not a null pointer, the object it points to is freed and a new zero size object is returned. When using realloc() one must be careful to avoid the following idiom: if ((p = realloc(p, nsize)) == NULL) return NULL; In most cases, this will result in a leak of memory. As stated earlier, a return value of NULL indicates that the old object still remains allo- cated. Better code looks like this: if ((p2 = realloc(p, nsize)) == NULL) { if (p) free(p); p = NULL; return NULL; } p = p2; Malloc will first look for a symbolic link called /etc/malloc.conf and next check the environment for a variable called MALLOC_OPTIONS and fi- nally for the global variable malloc_options and scan them for flags in that order. Flags are single letters, uppercase means on, lowercase means off. A ``abort'' malloc will coredump the process, rather than tolerate failure. This is a very handy debugging aid, since the core file will represent the time of failure, rather than when the NULL pointer was accessed. D ``dump'' malloc will dump statistics in a file called ``mal- loc.out'' at exit. This option requires the library to have been compiled with -DMALLOC_STATS in order to have any effect. J ``junk'' fill some junk into the area allocated. Currently junk is bytes of 0xd0, this is pronounced ``Duh'' :-) H ``hint'' pass a hint to the kernel about pages we don't use. If the machine is paging a lot this may help a bit. N Do not output warning messages when encountering possible corrup- tion or bad pointers. R ``realloc'' always reallocate when realloc() is called, even if the initial allocation was big enough. This can substantially aid in compacting memory. U ``utrace'' generate entries for ktrace(1) for all operations. Consult the source for this one. X ``xmalloc'' rather than return failure, abort(3) the program with a diagnostic message on stderr. It is the intention that this option be set at compile time by including in the source: extern char *malloc_options; malloc_options = "X"; Z ``zero'' fill some junk into the area allocated (see ``J''), ex- cept for the exact length the user asked for, which is zeroed. < ``Half the cache size'' Reduce the size of the cache by a factor of two. > ``Double the cache size'' Double the size of the cache by a fac- tor of two. So to set a systemwide reduction of cache size and coredumps on problems one would: ln -s 'A<' /etc/malloc.conf The ``J'' and ``Z'' is mostly for testing and debugging, if a program changes behavior if either of these options are used, it is buggy. The default cache size is 16 pages. ENVIRONMENT See above. RETURN VALUES The malloc() function returns a pointer to the allocated space if suc- cessful; otherwise a null pointer is returned. The free() function returns no value. The realloc() function a pointer to the possibly moved allocated space; otherwise a null pointer is returned. MESSAGES If malloc(), free() or realloc() detects an error or warning condition, a message will be printed to filedescriptor 2 (not using stdio). Errors will always result in the process being abort(2)'ed, If the ``A'' option has been specified, also warnings will abort(2) the process. Here is a brief description of the error messages and what they mean: ``(ES): mumble mumble mumble'': malloc have been compiled with -DEX- TRA_SANITY and something looks fishy in there. Consult sources and or wizards. ``allocation failed'' if the ``A'' option is specified it is an error for malloc() or realloc() to return NULL. ``mmap(2) failed, check limits.'' This is a rather weird condition that is most likely to mean that the system is seriously overloaded or that your ulimits are sick. ``freelist is destroyed.'' mallocs internal freelist has been stomped on. Here is a brief description of the warning messages and what they mean: ``chunk/page is already free.'' A pointer to a free chunk is attempted freed again. ``junk pointer, too high to make sense.'' The pointer doesn't make sense. It's above the area of memory that malloc knows something about. This could be a pointer from some mmap(2)'ed memory. ``junk pointer, too low to make sense.'' The pointer doesn't make sense. It's below the area of memory that malloc knows something about. This pointer probably came from your data or bss segments. ``malloc() has never been called.'' Nothing has ever been allocated, yet something is being freed or realloc'ed. ``modified (chunk-/page-) pointer.'' The pointer passed to free or real- loc has been modified. ``pointer to wrong page.'' The pointer that malloc is trying to free is not pointing to a sensible page. ``recursive call.'' You have tried to call recursively into these func- tions. I can only imagine this as happening if you call one of these functions from a signal function, which happens to be called while you're already in here. Well, sorry to say: that's not supported. If this is a problem for you I'd like to hear about it. It would be possible to add a sigblock() around this package, but it would have a performance penalty that is not acceptable as the default. ``unknown char in MALLOC_OPTIONS'' we found something we didn't under- stand. FILES /etc/malloc.conf symbolic link to file containing option flags SEE ALSO brk(2), alloca(3), calloc(3), getpagesize(3), memory(3) /usr/share/doc/papers/malloc.ascii.gz STANDARDS The malloc() function conforms to ANSI X3.159-1989 (``ANSI C''). HISTORY The present implementation of malloc started out as a filesystem on a drum attached to a 20bit binary challenged computer built with discrete germanium transistors, and it has since graduated to handle primary stor- age rather than secondary. The main difference from other malloc implementations are believed to be that the free pages are not accessed until allocated. Most malloc imple- mentations will store a data structure containing a, possibly double-, linked list in the free chunks of memory, used to tie all the free memory together. That is a quite suboptimal thing to do. Every time the free- list is traversed, all the otherwise unused, and very likely paged out, pages get faulted into primary memory, just to see what lies after them in the list. On systems which are paging, this can make a factor five in difference on the page-faults of a process. OpenBSD August 27, 1996 4