X-Authentication-Warning: delorie.com: mailnull set sender to djgpp-workers-bounces using -f
Message-ID: <3C845F9E.A3E6D470@yahoo.com>
Date: Tue, 05 Mar 2002 01:03:10 -0500
From: CBFalconer <cbfalconer AT yahoo DOT com>
Organization: Ched Research
X-Mailer: Mozilla 4.75 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: djgpp-workers AT delorie DOT com
Subject: Re: Malloc/free DJGPP code
References: <Pine DOT SUN DOT 3 DOT 91 DOT 1020304081707 DOT 6398F-100000 AT is> <3C8359F4 DOT FC5CEE88 AT yahoo DOT com> <9003-Mon04Mar2002211704+0200-eliz AT is DOT elta DOT co DOT il>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Reply-To: djgpp-workers AT delorie DOT com

Eli Zaretskii wrote:
> 
> > Date: Mon, 04 Mar 2002 06:26:44 -0500
> > From: CBFalconer <cbfalconer AT yahoo DOT com>
> >
> > It allows full access to the quiescent status, including the free
> > memory chains.  From any allocated memory it can follow the chains
> > to all contiguous memory (which are broken by any unexpected
> > sbrk).  It does NOT allow inserting 'callbacks' in the malloc,
> > free, realloc calls, although I can conceive of that being
> > feasible.  Any such would involve additional overhead.
> 
> The calls to such hooks could be via function pointers, only if they
> are non-NULL.  If they are set to NULL by default, the overhead is
> just a simple test.

Here is a run (last part only) showing the debug capabilities. 
This did 441 mallocs and frees of random sizes in the range 0 to
9999 bytes, retaining the last 10 mallocs, and finally freeing all
and triggering an abort by freeing an already freed item.  The
detailed dumps of the free tables and the blocks within were done
by the external debug system, always available.  The internal
sequential details are turned off by NDEBUG. 

Note that freeblock[0] is actually the lastsbrk block.

Note also that freeing does no searching, it combines (or not)
with possible higher and lower free blocks.

> [1] c:\c\malloc>tnmalloc 3 441 > junk
> free: memory fouled
> Exiting due to signal SIGABRT
> Raised at eip=00006d86
> eax=fd4c0e44 ebx=00000120 ecx=00000000 edx=0000000a esi=00000054 edi=fd4c0fac
> ebp=fd4c0ef0 esp=fd4c0e40 program=C:\C\MALLOC\TNMALLOC.EXE
> cs: sel=00a7  base=86676000  limit=fd4d0fff
> ds: sel=00af  base=86676000  limit=fd4d0fff
> es: sel=00af  base=86676000  limit=fd4d0fff
> fs: sel=0087  base=0000b600  limit=0000ffff
> gs: sel=00bf  base=00000000  limit=0010ffff
> ss: sel=00af  base=86676000  limit=fd4d0fff
> App stack: [fd4c1000..fd441000]  Exceptn stack: [0014078c..0013e84c]
> 
> Call frame traceback EIPs:
>   0x00006ca4 ___djgpp_traceback_exit+48
>   0x00006d86 _raise+94
>   0x00002e80 _dumpfree+1328
>   0x00003d8f _nfree+155
>   0x00001f32 _test03+670
>   0x00002503 _main+267
>   0x00005ac2 ___crt1_startup+178
> 
> [1] c:\c\malloc>symify tnmalloc.exe
> 
> [1] c:\c\malloc>addr2line -e tnmalloc.exe 2380
> c:/c/malloc/tnmalloc.c:249

which is:

   if (n & 1) {
      printf("\nDeliberately refreeing pointer, should
abort\n\n");
      fflush(stdout);
      nfree(m[0]);
   }

and this portion is the last section of 'junk', showing the gory
details.  Notice how at the end all memory has been collected into
three blocks, which are separated because of the artificially
inserted anomalies in sbrk.  Two of the blocks have odd sizes
because the following 'healing' sbrk call returned an unexpected
value, or was never needed.

> 439: free(17af8)  17ae0 sz=7800 nxt=19958 prv=171c0 nxtf=0 prvf=0 
>   extractfree blk 171c0 sz=2336 nxt=17ae0 prv=15028 nxtf=22588 prvf=NONE
>   freehdrs 12 is blk 22588 sz=2408 nxt=0 prv=20d00 nxtf=11c18 prvf=NONE
>   mv2freelist 14 blk 171c0 sz=10136 nxt=19958 prv=15028 nxtf=22588 prvf=0
> 439: malloc(  809) [  840] 
>   lastsbrk 27470 sz=741 nxt=0 prv=25058 nxtf=0 prvf=0
>   freelist search from bucket 10, using 12
>   rmvfromfree 12 blk 22588 sz=2408 nxt=0 prv=20d00 nxtf=11c18 prvf=NONE
>   freehdrs 12 is blk 11c18 sz=3273 nxt=0 prv=111b0 nxtf=NONE prvf=NONE 
>   split returns 22588 sz=840 nxt=228d0 prv=20d00 nxtf=0 prvf=0
>   mv2freelist 11 blk 228d0 sz=1568 nxt=0 prv=22588 nxtf=0 prvf=0
> returns 225a0(816)
> 
>  0: 27470(741)->0 
>       27470 sz=741 nxt=0 prv=25058 nxtf=0 prvf=0
> 11: 228d0(1568)->0 
>       228d0 sz=1568 nxt=0 prv=22588 nxtf=NONE prvf=NONE
> 12: 11c18(3273)->0 
>       11c18 sz=3273 nxt=0 prv=111b0 nxtf=NONE prvf=NONE
> 13: 13940(5864)->1cb10(6920)->0 
>       13940 sz=5864 nxt=15028 prv=128e8 nxtf=1cb10 prvf=NONE 
>       1cb10 sz=6920 nxt=1e618 prv=1b3c8 nxtf=NONE prvf=13940
> 14: 171c0(10136)->0 
>       171c0 sz=10136 nxt=19958 prv=15028 nxtf=NONE prvf=NONE
> 
> 440: free(111c8)  111b0 sz=2664 nxt=11c18 prv=0 nxtf=0 prvf=0 
>   extractfree blk 11c18 sz=3273 nxt=0 prv=111b0 nxtf=NONE prvf=NONE
>   freehdrs 12 is blk NULL
>   mv2freelist 13 blk 111b0 sz=5937 nxt=0 prv=0 nxtf=NONE prvf=NONE
> 440: malloc( 4601) [ 4632] 
>   lastsbrk 27470 sz=741 nxt=0 prv=25058 nxtf=0 prvf=0
>   freelist search from bucket 13, using 13
>   rmvfromfree 13 blk 111b0 sz=5937 nxt=0 prv=0 nxtf=13940 prvf=NONE
>   freehdrs 13 is blk 13940 sz=5864 nxt=15028 prv=128e8 nxtf=1cb10 prvf=NONE
>   split returns 111b0 sz=4632 nxt=123c8 prv=0 nxtf=0 prvf=0
>   mv2freelist 11 blk 123c8 sz=1305 nxt=0 prv=111b0 nxtf=0 prvf=0
> returns 111c8(4608)
> 000: free(111c8)  111b0 sz=4632 nxt=123c8 prv=0 nxtf=0 prvf=0 
>   extractfree blk 123c8 sz=1305 nxt=0 prv=111b0 nxtf=228d0 prvf=NONE
>   freehdrs 11 is blk 228d0 sz=1568 nxt=0 prv=22588 nxtf=NONE prvf=NONE
>   mv2freelist 13 blk 111b0 sz=5937 nxt=0 prv=0 nxtf=NONE prvf=NONE
> 001: free(1e630)  1e618 sz=9960 nxt=20d00 prv=1cb10 nxtf=0 prvf=0 
>   extractfree blk 1cb10 sz=6920 nxt=1e618 prv=1b3c8 nxtf=NONE prvf=13940
>   freehdrs 13 is blk 111b0 sz=5937 nxt=0 prv=0 nxtf=13940 prvf=NONE
>   mv2freelist 15 blk 1cb10 sz=16880 nxt=20d00 prv=1b3c8 nxtf=0 prvf=13940
> 002: free(20d18)  20d00 sz=6280 nxt=22588 prv=1cb10 nxtf=0 prvf=0 
>   extractfree blk 1cb10 sz=16880 nxt=20d00 prv=1b3c8 nxtf=NONE prvf=NONE
>   freehdrs 15 is blk NULL
>   mv2freelist 15 blk 1cb10 sz=23160 nxt=22588 prv=1b3c8 nxtf=0 prvf=0
> 003: free(15040)  15028 sz=8600 nxt=171c0 prv=13940 nxtf=0 prvf=0 
>   extractfree blk 171c0 sz=10136 nxt=19958 prv=15028 nxtf=NONE prvf=NONE
>   freehdrs 14 is blk NULL 
>   extractfree blk 13940 sz=5864 nxt=15028 prv=128e8 nxtf=NONE prvf=111b0
>   freehdrs 13 is blk 111b0 sz=5937 nxt=0 prv=0 nxtf=NONE prvf=NONE
>   mv2freelist 15 blk 13940 sz=24600 nxt=19958 prv=128e8 nxtf=0 prvf=111b0
> 004: free(19970)  19958 sz=6768 nxt=1b3c8 prv=13940 nxtf=0 prvf=0 
>   extractfree blk 13940 sz=24600 nxt=19958 prv=128e8 nxtf=1cb10 prvf=NONE
>   freehdrs 15 is blk 1cb10 sz=23160 nxt=22588 prv=1b3c8 nxtf=NONE prvf=NONE
>   mv2freelist 15 blk 13940 sz=31368 nxt=1b3c8 prv=128e8 nxtf=1cb10 prvf=0
> 005: free(22f10)  22ef8 sz=8544 nxt=25058 prv=0 nxtf=0 prvf=0
>   mv2freelist 14 blk 22ef8 sz=8544 nxt=25058 prv=0 nxtf=NONE prvf=NONE
> 006: free(12900)  128e8 sz=4184 nxt=13940 prv=0 nxtf=0 prvf=0 
>   extractfree blk 13940 sz=31368 nxt=1b3c8 prv=128e8 nxtf=1cb10 prvf=NONE
>   freehdrs 15 is blk 1cb10 sz=23160 nxt=22588 prv=1b3c8 nxtf=NONE prvf=NONE
>   mv2freelist 16 blk 128e8 sz=35552 nxt=1b3c8 prv=0 nxtf=NONE prvf=NONE
> 007: free(1b3e0)  1b3c8 sz=5960 nxt=1cb10 prv=128e8 nxtf=0 prvf=0 
>   extractfree blk 1cb10 sz=23160 nxt=22588 prv=1b3c8 nxtf=NONE prvf=NONE
>   freehdrs 15 is blk NULL 
>   extractfree blk 128e8 sz=35552 nxt=1b3c8 prv=0 nxtf=NONE prvf=NONE
>   freehdrs 16 is blk NULL
>   mv2freelist 16 blk 128e8 sz=64672 nxt=22588 prv=0 nxtf=0 prvf=0
> 008: free(25070)  25058 sz=9240 nxt=27470 prv=22ef8 nxtf=0 prvf=0 
>   extractfree blk 22ef8 sz=8544 nxt=25058 prv=0 nxtf=NONE prvf=NONE
>   freehdrs 14 is blk NULL 
>   Combine with lastsbrk 27470 sz=741 nxt=0 prv=22ef8 nxtf=0 prvf=0 
>   Resulting in lastsbrk 22ef8 sz=18525 nxt=0 prv=0 nxtf=0 prvf=0
> 009: free(225a0)  22588 sz=840 nxt=228d0 prv=128e8 nxtf=0 prvf=0 
>   extractfree blk 228d0 sz=1568 nxt=0 prv=22588 nxtf=NONE prvf=NONE
>   freehdrs 11 is blk NULL 
>   extractfree blk 128e8 sz=64672 nxt=22588 prv=0 nxtf=NONE prvf=NONE
>   freehdrs 16 is blk NULL
>   mv2freelist 17 blk 128e8 sz=67080 nxt=0 prv=0 nxtf=0 prvf=0
> 
>  0: 22ef8(18525)->0 
>       22ef8 sz=18525 nxt=0 prv=0 nxtf=0 prvf=0
> 13: 111b0(5937)->0 
>       111b0 sz=5937 nxt=0 prv=0 nxtf=NONE prvf=NONE
> 17: 128e8(67080)->0 
>       128e8 sz=67080 nxt=0 prv=0 nxtf=NONE prvf=NONE
> 
> 
> Deliberately refreeing pointer, should abort

-- 
Chuck F (cbfalconer AT yahoo DOT com) (cbfalconer AT XXXXworldnet DOT att DOT net)
   Available for consulting/temporary embedded and systems.
   (Remove "XXXX" from reply address. yahoo works unmodified)
   mailto:uce AT ftc DOT gov  (for spambots to harvest)