Memory management: when running under the testsuite, check every string variable...
[exim.git] / src / src / store.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
80fea873 5/* Copyright (c) University of Cambridge 1995 - 2016 */
059ec3d9
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8/* Exim gets and frees all its store through these functions. In the original
9implementation there was a lot of mallocing and freeing of small bits of store.
10The philosophy has now changed to a scheme which includes the concept of
11"stacking pools" of store. For the short-lived processes, there isn't any real
12need to do any garbage collection, but the stack concept allows quick resetting
13in places where this seems sensible.
14
15Obviously the long-running processes (the daemon, the queue runner, and eximon)
16must take care not to eat store.
17
18The following different types of store are recognized:
19
20. Long-lived, large blocks: This is implemented by retaining the original
21 malloc/free functions, and it used for permanent working buffers and for
22 getting blocks to cut up for the other types.
23
24. Long-lived, small blocks: This is used for blocks that have to survive until
25 the process exits. It is implemented as a stacking pool (POOL_PERM). This is
26 functionally the same as store_malloc(), except that the store can't be
27 freed, but I expect it to be more efficient for handling small blocks.
28
29. Short-lived, short blocks: Most of the dynamic store falls into this
30 category. It is implemented as a stacking pool (POOL_MAIN) which is reset
31 after accepting a message when multiple messages are received by a single
32 process. Resetting happens at some other times as well, usually fairly
33 locally after some specific processing that needs working store.
34
35. There is a separate pool (POOL_SEARCH) that is used only for lookup storage.
36 This means it can be freed when search_tidyup() is called to close down all
37 the lookup caching.
38*/
39
40
41#include "exim.h"
438257ba
PP
42/* keep config.h before memcheck.h, for NVALGRIND */
43#include "config.h"
44
7f36d675 45#include "memcheck.h"
059ec3d9
PH
46
47
48/* We need to know how to align blocks of data for general use. I'm not sure
49how to get an alignment factor in general. In the current world, a value of 8
50is probably right, and this is sizeof(double) on some systems and sizeof(void
51*) on others, so take the larger of those. Since everything in this expression
52is a constant, the compiler should optimize it to a simple constant wherever it
53appears (I checked that gcc does do this). */
54
55#define alignment \
56 ((sizeof(void *) > sizeof(double))? sizeof(void *) : sizeof(double))
57
58/* Size of block to get from malloc to carve up into smaller ones. This
59must be a multiple of the alignment. We assume that 8192 is going to be
60suitably aligned. */
61
62#define STORE_BLOCK_SIZE 8192
63
64/* store_reset() will not free the following block if the last used block has
65less than this much left in it. */
66
67#define STOREPOOL_MIN_SIZE 256
68
69/* Structure describing the beginning of each big block. */
70
71typedef struct storeblock {
72 struct storeblock *next;
73 size_t length;
74} storeblock;
75
76/* Just in case we find ourselves on a system where the structure above has a
77length that is not a multiple of the alignment, set up a macro for the padded
78length. */
79
80#define ALIGNED_SIZEOF_STOREBLOCK \
81 (((sizeof(storeblock) + alignment - 1) / alignment) * alignment)
82
83/* Variables holding data for the local pools of store. The current pool number
84is held in store_pool, which is global so that it can be changed from outside.
85Setting the initial length values to -1 forces a malloc for the first call,
86even if the length is zero (which is used for getting a point to reset to). */
87
88int store_pool = POOL_PERM;
89
90static storeblock *chainbase[3] = { NULL, NULL, NULL };
91static storeblock *current_block[3] = { NULL, NULL, NULL };
92static void *next_yield[3] = { NULL, NULL, NULL };
93static int yield_length[3] = { -1, -1, -1 };
94
95/* pool_malloc holds the amount of memory used by the store pools; this goes up
96and down as store is reset or released. nonpool_malloc is the total got by
97malloc from other calls; this doesn't go down because it is just freed by
98pointer. */
99
100static int pool_malloc = 0;
101static int nonpool_malloc = 0;
102
103/* This variable is set by store_get() to its yield, and by store_reset() to
104NULL. This enables string_cat() to optimize its store handling for very long
105strings. That's why the variable is global. */
106
107void *store_last_get[3] = { NULL, NULL, NULL };
108
109
110
111/*************************************************
112* Get a block from the current pool *
113*************************************************/
114
115/* Running out of store is a total disaster. This function is called via the
116macro store_get(). It passes back a block of store within the current big
117block, getting a new one if necessary. The address is saved in
118store_last_was_get.
119
120Arguments:
121 size amount wanted
122 filename source file from which called
123 linenumber line number in source file.
124
125Returns: pointer to store (panic on malloc failure)
126*/
127
128void *
129store_get_3(int size, const char *filename, int linenumber)
130{
131/* Round up the size to a multiple of the alignment. Although this looks a
132messy statement, because "alignment" is a constant expression, the compiler can
133do a reasonable job of optimizing, especially if the value of "alignment" is a
134power of two. I checked this with -O2, and gcc did very well, compiling it to 4
135instructions on a Sparc (alignment = 8). */
136
137if (size % alignment != 0) size += alignment - (size % alignment);
138
139/* If there isn't room in the current block, get a new one. The minimum
140size is STORE_BLOCK_SIZE, and we would expect this to be the norm, since
141these functions are mostly called for small amounts of store. */
142
143if (size > yield_length[store_pool])
144 {
145 int length = (size <= STORE_BLOCK_SIZE)? STORE_BLOCK_SIZE : size;
146 int mlength = length + ALIGNED_SIZEOF_STOREBLOCK;
147 storeblock *newblock = NULL;
148
149 /* Sometimes store_reset() may leave a block for us; check if we can use it */
150
151 if (current_block[store_pool] != NULL &&
152 current_block[store_pool]->next != NULL)
153 {
154 newblock = current_block[store_pool]->next;
155 if (newblock->length < length)
156 {
157 /* Give up on this block, because it's too small */
158 store_free(newblock);
159 newblock = NULL;
160 }
161 }
162
163 /* If there was no free block, get a new one */
164
165 if (newblock == NULL)
166 {
167 pool_malloc += mlength; /* Used in pools */
168 nonpool_malloc -= mlength; /* Exclude from overall total */
169 newblock = store_malloc(mlength);
170 newblock->next = NULL;
171 newblock->length = length;
172 if (chainbase[store_pool] == NULL) chainbase[store_pool] = newblock;
173 else current_block[store_pool]->next = newblock;
174 }
175
176 current_block[store_pool] = newblock;
177 yield_length[store_pool] = newblock->length;
178 next_yield[store_pool] =
179 (void *)((char *)current_block[store_pool] + ALIGNED_SIZEOF_STOREBLOCK);
4d8bb202 180 (void) VALGRIND_MAKE_MEM_NOACCESS(next_yield[store_pool], yield_length[store_pool]);
059ec3d9
PH
181 }
182
183/* There's (now) enough room in the current block; the yield is the next
184pointer. */
185
186store_last_get[store_pool] = next_yield[store_pool];
187
188/* Cut out the debugging stuff for utilities, but stop picky compilers from
189giving warnings. */
190
191#ifdef COMPILE_UTILITY
192filename = filename;
193linenumber = linenumber;
194#else
195DEBUG(D_memory)
196 {
197 if (running_in_test_harness)
198 debug_printf("---%d Get %5d\n", store_pool, size);
199 else
200 debug_printf("---%d Get %6p %5d %-14s %4d\n", store_pool,
201 store_last_get[store_pool], size, filename, linenumber);
202 }
203#endif /* COMPILE_UTILITY */
204
4d8bb202 205(void) VALGRIND_MAKE_MEM_UNDEFINED(store_last_get[store_pool], size);
059ec3d9
PH
206/* Update next pointer and number of bytes left in the current block. */
207
208next_yield[store_pool] = (void *)((char *)next_yield[store_pool] + size);
209yield_length[store_pool] -= size;
210
211return store_last_get[store_pool];
212}
213
214
215
216/*************************************************
217* Get a block from the PERM pool *
218*************************************************/
219
220/* This is just a convenience function, useful when just a single block is to
221be obtained.
222
223Arguments:
224 size amount wanted
225 filename source file from which called
226 linenumber line number in source file.
227
228Returns: pointer to store (panic on malloc failure)
229*/
230
231void *
232store_get_perm_3(int size, const char *filename, int linenumber)
233{
234void *yield;
235int old_pool = store_pool;
236store_pool = POOL_PERM;
237yield = store_get_3(size, filename, linenumber);
238store_pool = old_pool;
239return yield;
240}
241
242
243
244/*************************************************
245* Extend a block if it is at the top *
246*************************************************/
247
248/* While reading strings of unknown length, it is often the case that the
249string is being read into the block at the top of the stack. If it needs to be
250extended, it is more efficient just to extend the top block rather than
251allocate a new block and then have to copy the data. This function is provided
252for the use of string_cat(), but of course can be used elsewhere too.
253
254Arguments:
255 ptr pointer to store block
256 oldsize current size of the block, as requested by user
257 newsize new size required
258 filename source file from which called
259 linenumber line number in source file
260
261Returns: TRUE if the block is at the top of the stack and has been
262 extended; FALSE if it isn't at the top of the stack, or cannot
263 be extended
264*/
265
266BOOL
267store_extend_3(void *ptr, int oldsize, int newsize, const char *filename,
268 int linenumber)
269{
270int inc = newsize - oldsize;
271int rounded_oldsize = oldsize;
272
273if (rounded_oldsize % alignment != 0)
274 rounded_oldsize += alignment - (rounded_oldsize % alignment);
275
276if ((char *)ptr + rounded_oldsize != (char *)(next_yield[store_pool]) ||
277 inc > yield_length[store_pool] + rounded_oldsize - oldsize)
278 return FALSE;
279
280/* Cut out the debugging stuff for utilities, but stop picky compilers from
281giving warnings. */
282
283#ifdef COMPILE_UTILITY
284filename = filename;
285linenumber = linenumber;
286#else
287DEBUG(D_memory)
288 {
289 if (running_in_test_harness)
290 debug_printf("---%d Ext %5d\n", store_pool, newsize);
291 else
292 debug_printf("---%d Ext %6p %5d %-14s %4d\n", store_pool, ptr, newsize,
293 filename, linenumber);
294 }
295#endif /* COMPILE_UTILITY */
296
297if (newsize % alignment != 0) newsize += alignment - (newsize % alignment);
298next_yield[store_pool] = (char *)ptr + newsize;
299yield_length[store_pool] -= newsize - rounded_oldsize;
4d8bb202 300(void) VALGRIND_MAKE_MEM_UNDEFINED(ptr + oldsize, inc);
059ec3d9
PH
301return TRUE;
302}
303
304
305
306
307/*************************************************
308* Back up to a previous point on the stack *
309*************************************************/
310
311/* This function resets the next pointer, freeing any subsequent whole blocks
312that are now unused. Normally it is given a pointer that was the yield of a
313call to store_get, and is therefore aligned, but it may be given an offset
314after such a pointer in order to release the end of a block and anything that
315follows.
316
317Arguments:
318 ptr place to back up to
319 filename source file from which called
320 linenumber line number in source file
321
322Returns: nothing
323*/
324
325void
326store_reset_3(void *ptr, const char *filename, int linenumber)
327{
cf0812d5
JH
328storeblock * bb;
329storeblock * b = current_block[store_pool];
330char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
059ec3d9
PH
331int newlength;
332
333/* Last store operation was not a get */
334
335store_last_get[store_pool] = NULL;
336
337/* See if the place is in the current block - as it often will be. Otherwise,
338search for the block in which it lies. */
339
cf0812d5 340if (CS ptr < bc || CS ptr > bc + b->length)
059ec3d9 341 {
cf0812d5 342 for (b = chainbase[store_pool]; b; b = b->next)
059ec3d9 343 {
cf0812d5
JH
344 bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
345 if (CS ptr >= bc && CS ptr <= bc + b->length) break;
059ec3d9 346 }
cf0812d5 347 if (!b)
438257ba 348 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "internal error: store_reset(%p) "
059ec3d9
PH
349 "failed: pool=%d %-14s %4d", ptr, store_pool, filename, linenumber);
350 }
351
352/* Back up, rounding to the alignment if necessary. When testing, flatten
353the released memory. */
354
cf0812d5 355newlength = bc + b->length - CS ptr;
059ec3d9 356#ifndef COMPILE_UTILITY
2c9f7ff8
JH
357if (running_in_test_harness)
358 {
cf0812d5 359 assert_no_variables(ptr, newlength, filename, linenumber);
2c9f7ff8
JH
360 (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength);
361 memset(ptr, 0xF0, newlength);
362 }
059ec3d9 363#endif
4d8bb202 364(void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength);
059ec3d9 365yield_length[store_pool] = newlength - (newlength % alignment);
cf0812d5 366next_yield[store_pool] = CS ptr + (newlength % alignment);
059ec3d9
PH
367current_block[store_pool] = b;
368
369/* Free any subsequent block. Do NOT free the first successor, if our
370current block has less than 256 bytes left. This should prevent us from
371flapping memory. However, keep this block only when it has the default size. */
372
373if (yield_length[store_pool] < STOREPOOL_MIN_SIZE &&
cf0812d5 374 b->next &&
059ec3d9 375 b->next->length == STORE_BLOCK_SIZE)
7f36d675 376 {
059ec3d9 377 b = b->next;
cf0812d5
JH
378#ifndef COMPILE_UTILITY
379 if (running_in_test_harness)
380 assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK,
381 filename, linenumber);
382#endif
383 (void) VALGRIND_MAKE_MEM_NOACCESS(CS b + ALIGNED_SIZEOF_STOREBLOCK,
4d8bb202 384 b->length - ALIGNED_SIZEOF_STOREBLOCK);
7f36d675 385 }
059ec3d9
PH
386
387bb = b->next;
388b->next = NULL;
389
cf0812d5 390while ((b = bb))
059ec3d9 391 {
cf0812d5
JH
392#ifndef COMPILE_UTILITY
393 if (running_in_test_harness)
394 assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK,
395 filename, linenumber);
396#endif
059ec3d9
PH
397 bb = bb->next;
398 pool_malloc -= b->length + ALIGNED_SIZEOF_STOREBLOCK;
399 store_free_3(b, filename, linenumber);
400 }
401
402/* Cut out the debugging stuff for utilities, but stop picky compilers from
403giving warnings. */
404
405#ifdef COMPILE_UTILITY
406filename = filename;
407linenumber = linenumber;
408#else
409DEBUG(D_memory)
410 {
411 if (running_in_test_harness)
412 debug_printf("---%d Rst ** %d\n", store_pool, pool_malloc);
413 else
414 debug_printf("---%d Rst %6p ** %-14s %4d %d\n", store_pool, ptr,
415 filename, linenumber, pool_malloc);
416 }
417#endif /* COMPILE_UTILITY */
418}
419
420
421
422
423
424/************************************************
425* Release store *
426************************************************/
427
428/* This function is specifically provided for use when reading very
429long strings, e.g. header lines. When the string gets longer than a
430complete block, it gets copied to a new block. It is helpful to free
431the old block iff the previous copy of the string is at its start,
432and therefore the only thing in it. Otherwise, for very long strings,
433dead store can pile up somewhat disastrously. This function checks that
434the pointer it is given is the first thing in a block, and if so,
435releases that block.
436
437Arguments:
438 block block of store to consider
439 filename source file from which called
440 linenumber line number in source file
441
442Returns: nothing
443*/
444
445void
446store_release_3(void *block, const char *filename, int linenumber)
447{
448storeblock *b;
449
450/* It will never be the first block, so no need to check that. */
451
452for (b = chainbase[store_pool]; b != NULL; b = b->next)
453 {
454 storeblock *bb = b->next;
455 if (bb != NULL && (char *)block == (char *)bb + ALIGNED_SIZEOF_STOREBLOCK)
456 {
457 b->next = bb->next;
458 pool_malloc -= bb->length + ALIGNED_SIZEOF_STOREBLOCK;
459
460 /* Cut out the debugging stuff for utilities, but stop picky compilers
461 from giving warnings. */
462
463 #ifdef COMPILE_UTILITY
464 filename = filename;
465 linenumber = linenumber;
466 #else
467 DEBUG(D_memory)
468 {
469 if (running_in_test_harness)
470 debug_printf("-Release %d\n", pool_malloc);
471 else
472 debug_printf("-Release %6p %-20s %4d %d\n", (void *)bb, filename,
473 linenumber, pool_malloc);
474 }
475 if (running_in_test_harness)
476 memset(bb, 0xF0, bb->length+ALIGNED_SIZEOF_STOREBLOCK);
477 #endif /* COMPILE_UTILITY */
478
479 free(bb);
480 return;
481 }
482 }
483}
484
485
486
487
488/*************************************************
489* Malloc store *
490*************************************************/
491
492/* Running out of store is a total disaster for exim. Some malloc functions
493do not run happily on very small sizes, nor do they document this fact. This
494function is called via the macro store_malloc().
495
496Arguments:
497 size amount of store wanted
498 filename source file from which called
499 linenumber line number in source file
500
501Returns: pointer to gotten store (panic on failure)
502*/
503
504void *
505store_malloc_3(int size, const char *filename, int linenumber)
506{
507void *yield;
508
509if (size < 16) size = 16;
059ec3d9 510
40c90bca 511if (!(yield = malloc((size_t)size)))
059ec3d9
PH
512 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: "
513 "called from line %d of %s", size, linenumber, filename);
514
515nonpool_malloc += size;
516
517/* Cut out the debugging stuff for utilities, but stop picky compilers from
518giving warnings. */
519
520#ifdef COMPILE_UTILITY
521filename = filename;
522linenumber = linenumber;
523#else
524
525/* If running in test harness, spend time making sure all the new store
526is not filled with zeros so as to catch problems. */
527
528if (running_in_test_harness)
529 {
530 memset(yield, 0xF0, (size_t)size);
531 DEBUG(D_memory) debug_printf("--Malloc %5d %d %d\n", size, pool_malloc,
532 nonpool_malloc);
533 }
534else
535 {
536 DEBUG(D_memory) debug_printf("--Malloc %6p %5d %-14s %4d %d %d\n", yield,
537 size, filename, linenumber, pool_malloc, nonpool_malloc);
538 }
539#endif /* COMPILE_UTILITY */
540
541return yield;
542}
543
544
545/************************************************
546* Free store *
547************************************************/
548
549/* This function is called by the macro store_free().
550
551Arguments:
552 block block of store to free
553 filename source file from which called
554 linenumber line number in source file
555
556Returns: nothing
557*/
558
559void
560store_free_3(void *block, const char *filename, int linenumber)
561{
562#ifdef COMPILE_UTILITY
563filename = filename;
564linenumber = linenumber;
565#else
566DEBUG(D_memory)
567 {
568 if (running_in_test_harness)
569 debug_printf("----Free\n");
570 else
571 debug_printf("----Free %6p %-20s %4d\n", block, filename, linenumber);
572 }
573#endif /* COMPILE_UTILITY */
574free(block);
575}
576
577/* End of store.c */