* Add posix_memalign().
* Move calloc() from calloc.c to malloc.c. Add a calloc() implementation in
rtld-elf in order to make the loader happy (even though calloc() isn't
used in rtld-elf).
* Add _malloc_prefork() and _malloc_postfork(), and use them instead of
directly manipulating __malloc_lock.
Approved by: phk, markm (mentor)
between a 32-bit integer and a radix-64 ASCII string. The l64a_r() function
is a NetBSD addition.
PR: 51209 (based on submission, but very different)
Reviewed by: bde, ru
a tty device instead of the legacy minor number approach. This is known to
fix gnome-vfs' sftp module as well as kio_sftp and kdesu on -CURRENT.
Thanks to scottl for the snprintf() approach idea.
Reviewed by: phk
Tested by: pav
mich
Approved by: re (scottl)
surrounding the undef'ing it. It does not seem necessary to
undef some symbol that is not exist, and gcc does not complain
about whether a symbol is exist before #undef'ing it out.
Spotted by: mingyanguo via ChinaUnix.net forum
Reviewed by: phk
really so.
"If the value of base is 16, the characters 0x or 0X may optionally
precede the sequence of letters and digits, following the sign if
present."
Found by: joerg
seed, the random number generator rand(3) still sucks and is unlikely
sufficient for crypto use. Correct what appears to be a cut and paste
error from the srandomdev() man page.
Submitted by: Ben Mesander
example. The externs haven't been needed in about 10 years, so
there's no reason to have them other than for hysterical raisins. And
the California Rasins haven't been around for a long time...
under the RETURN VALUES section so it is consistent with others.
Cleanup the return value text for getenv(3) a little while I am here.
PR: docs/58033
MFC after: 3 days
cleanups, handling 'ls -l-', handling '--*'
Note this is in the same time back out of our v1.3
"Don't print an error message if the bad option is '?'"
because it directly violates POSIX.
through a realloc like function.
Make the malloc_active variable a local static to this new function.
Don't warn about recursion more than once per base call.
constify malloc_func.
has been hit, this makes it cover more cases.
Call the message function directly rather than fiddle with flag-saving
when we find an unknown character in our options.
The 'A' flag should not trigger on legal out of memory conditions.
These files had tags after the copyright notice,
inside the comment block (incorrect, removed),
and outside the comment block (correct).
Approved by: rwatson (mentor)
This results in no functional change, aside from fixing a data
corruption bug on LP64 platforms. The code here could still use a
significant amount of cleanup.
PR: 56502
Submitted by: hrs (earlier version)
ó++ ABI document at http://www.codesourcery.com/cxx-abi/abi.html#dso-dtor
The ABI was initially defined for ia64, but GCC3 and Intel compilers
have adopted it on other platforms.
This is the patch from PR bin/59552 with a number of changes by
me.
PR: bin/59552
Submitted by: Bradley T Hughes (bhughes at trolltech dot com)
C++ ABI document at http://www.codesourcery.com/cxx-abi/abi.html#dso-dtor
The ABI was initially defined for ia64, but GCC3 and Intel compilers
have adopted it on other platforms.
This is the patch from PR bin/59552 with a number of changes by
me.
PR: bin/59552
Submitted by: Bradley T Hughes (bhughes at trolltech dot com)
initialization overhead, there's a problem in that we never call
imalloc() and thus malloc_init() for zero-sized allocations. As a
result, malloc(0) returns NULL when it's the first or only malloc in
the program. Any non-zero allocation will initialize the malloc code
with the side-effect that subsequent zero-sized allocations return a
non-NULL pointer. This is because the pointer we return for zero-
sized allocations is calculated from malloc_pageshift, which needs
to be initialized at runtime on ia64.
The result of the inconsistent behaviour described above is that
configure scripts failed the test for a GNU compatible malloc. This
resulted in a lot of broken ports.
Other, even simpler, solutions were possible as well:
1. initialize malloc_pageshift with some non-zero value (say 13 for
8KB pages) and keep the runtime adjustment.
2. Stop using malloc_pageshift to calculate ZEROSIZEPTR.
Removal of the runtime adjustment was chosen because then ia64 is the
same as any other platform. It is not to say that using a page size
obtained at runtime is bad per se. It's that there's currently a high
level of gratuity for its existence and the moment it causes problems
is the moment you need to get rid of it. Hence, it's not unthinkable
that this commit is (partially) reverted some time in the future when
we do have a good reason for it and a good way to achieve it.
Approved by: re@ (rwatson)
Reported by: kris (portmgr@) -- may the ports be with you
sorting strings with common prefixes by noting
when all the strings land in just one bin.
Testing shows significant speedups (on the order of
30%) on strings with common prefixes and no slowdowns on any
of my test cases.
Submitted by: Markus Bjartveit Kruger <markusk@pvv.ntnu.no>
PR: 58860
Approved by: gordon (mentor)
it around an application's fork() call. Our new thread libraries
(libthr, libpthread) can now have threads running while another
thread calls fork(). In this case, it is possible for malloc
to be left in an inconsistent state in the child. Our thread
libraries, libpthread in particular, need to use malloc internally
after a fork (in the child).
Reviewed by: davidxu
send strhash(3) off to sleep with the fishes. Nothing in our tree uses it.
It has no documentation. It is nonstandard and in spite of the filename
strhash.c and strhash.h, it lives in application namespace by providing
compulsory global symbols hash_create()/hash_destroy()/hash_search()/
hash_traverse()/hash_purge()/hash_stats() regardless of whether you
#include <strhash.h> or not. If it turns out that there is a huge
application for this after all, I can repocopy it somewhere safer and
we can revive it elsewhere. But please, not in libc!
technique) so that we don't wind up calling into an application's
version if the application defines them.
Inspired by: qpopper's interfering and buggy version of strlcpy
package, a more recent, generalized set of routines. Among the
changes:
- Declare strtof() and strtold() in stdlib.h.
- Add glue to libc to support these routines for all kinds
of ``long double''.
- Update printf() to reflect the fact that dtoa works slightly
differently now.
As soon as I see that nothing has blown up, I will kill
src/lib/libc/stdlib/strtod.c. Soon printf() will be able
to use the new routines to output long doubles without loss
of precision, but numerous bugs in the existing code must
be addressed first.
Reviewed by: bde (briefly), mike (mentor), obrien
seed->first value correlation. It breaks rand_r()... Other possible methods
like shuffling inside aray will breaks rand_r() too, because it assumes
only one word state, i.e. nothing extra can be added after seed assignment
in srand().
BTW, for old formulae seed->first value correlation is not so monotonically
increased as with other Linear Congruential Generators of this type only
becase arithmetic overflow happens. But overflow affects distribution
and lower bits very badly, as many articles says, such type of overflow
not improves PRNG.
So, monotonically increased seed->first value correlation problem remains...
to remove part of seed -> 1st value correlation. Correlation still remains
because of algorithm limits. Note that old algorithm have even stronger
correlation, especially in the lower bits area, but not eye-visible, as
current one.
at 0 as designed. Its BSD adaptation tries to fight it by mapping 0 to
2147483647 after calculation, but this method not works since 2147483647
seed returns to 0 again on the next interation. Instead of after calculation
mapping, map 0 to another value _before_ calculation, so it never stucks.
to be called on first sight of trouble.
"sensitive" is somewhat arbitrarily defined as "setuid, setgid, uid == root
or gid == wheel".
The 'A' option carries no performance penalty.
It is not possible to override this setting: fix the program instead.
Absentmindedly nodded OK to by: various
to Solaris, it is in /usr/libexec) to perform the handing over of tty nodes
to the user being granted the pty.
Submitted by: Ryan Younce <ryany@pobox.com>
Reviewed by: security-officer@, standards@, mike@
architecture, mainly to avoid getting a SIGFPE signal sent
when calling strtod(3) with certain input.
The SIGFPE has been sent because the code was not aware that
a Gradual Underflow is handled in software via traps on the
Alpha architecture, but is not implemented in our Alpha kernel
layer.
With `Sudden_Underflow' defined, strtod(3) should not depend
on Gradual Underflow and adjust its calculations accordingly,
which means that other, more subtle errors than the sending of
SIGFPE could be solved by this.
Discussed with: bde
PR: alpha/12623
PR: alpha/17032
PR: alpha/43567
MFC after: 7 days
the compatibility library libcompat.
- Add new implementations of lsearch() and lfind() which conform to
IEEE Std 1003.1-2001 to libc. Add a new manual page for them and
add them to the makefile.
- Add function prototypes for lsearch() and lfind() to the search.h
header.
page from the compatibility library.
- Add new implementations of insque() and remque() which conform to
IEEE Std 1003.1-2001 to libc. Add a new manual page for them and
connect them to the build.
- Add the prototypes of insque() and remque() to the search.h
header.
(at least the French ones), a memory leak upon successful termination, a
pointer arithmetic error causing heap corruption, and an off-by-one bug
causing incorrect amounts of padding at the right of the value.
definitions of the functions that convert strings to numbers
and are defined by IEEE Std 1003-1.2001.
- Use ANSI-C function definitions for all of the functions
mentioned above plus strtouq and strtoq.
- Update the prototypes in the manual pages.
to cause bugs when gcc is more aggressively optimising things.
There are still problems with dtoa mentioned in the PR - maybe
Dan could suggest a patch.
PR: 40209
Submitted by: Dan Lukes <dan@obluda.cz>
Approved by: bde
MFC after: 2 weeks
Hopefully, now it is more clear that the memory referenced by the
ptr argument of realloc(ptr,size) is freed and only the return value
of realloc() points to a valid memory area upon successful completion.
Submitted by: Martin Faxer <gmh003532@brfmasthugget.se>
Also, make an internal _getprogname() that is used only inside
libc. For libc, getprogname(3) is a weak symbol in case a
function of the same name is defined in userland.
be serialized. A mutex is used to protect the critical regions.
sbrk() and brk() are not thread safe. Replace use of sbrk() with
a call to malloc to avoid race when one thread calls atexit
while another thread calls malloc.
Reviewed by: deischen
According to C99:
"The functions atof, atoi, atol, and atoll need not
affect the value of the integer expression errno on an
error. If the value of the result cannot be represented,
the behavior is undefined."
removing it from our source tree in order to have one version
of strtod() for all arches. netbsd_strtod.c still left in source
tree until alpha folks make sure that our native strtod() works
as well as NetBSD's one.
Reviewed by: peter, bde (some time ago)
The definition of character class digit requires that only ten characters
-the ones defining digits- can be specified; alternate digits (for
example, Hindi or Kanji) cannot be specified here. However, the encoding
may vary if an implementation supports more than one encoding.
The definition of character class xdigit requires that the characters
included in character class digit are included here also and allows for
different symbols for the hexadecimal digits 10 through 15.
the netbsd_strtod.c file we have does not. More still should be done
here, but this works happily on my Alpha. I have not (yet?) changed
the Makefile.inc to use this.
If zero bytes are allocated, return pointer to the middle of page-zero
(which is protected) so that the program will crash if it dereferences
this illgotten pointer.
Inspired & Urged by: Theo de Raadt <deraadt@cvs.openbsd.org>
is interrupted by saving the pid.
The old code would assign the return value to pid which would trash
it, to fix the problem save a copy of the pid to be used as the
paramter to wait4().
Submitted by: Toshihiko ARAI <toshi@jp.FreeBSD.org>
Note our implementation is not thread nor async-cancel safe.
Explicitely note atof() does not check nor report errors.
Note that strtod() should be used instead.
Also add C99 conformity status plus clarification that C99 leaves the
flushing of unwritten data, closure of open streams, and removal of
temporary files to the implementation.
This is a first cut, but enough to help people interested in using it
further than before.
More text coming to illustrate use and provide more details.
Based on standards' text.
my last version of this work due to HDD crash, but this version cleanly
passed all POSIX and SuSv2 tests. I am working on testing scripts which
should test this implementation against all locales and surely more fixes
will come soon.
Reviewed by: ache, silence at -audit & -developers
'locale not used' statement from comments and BUGS section of manpage.
strtol(): fix non-portable 'cutoff' calculation using the same method as
in strtoll().
Cleanup 'cutoff' calculation, remove unneded casts. Misc. cleanup to
make all functions looks the same.
Implement EINVAL reaction per POSIX, document it in manpage, corresponding
POSIX example quotes here:
------------------------------------------------
If the subject sequence is empty or does not have the expected form, no
conversion is performed; the value of str is stored in the object pointed
to by endptr, provided that endptr is not a null pointer.
If no conversion could be performed, 0 shall be returned and errno may be
set to [EINVAL].
[EINVAL] The value of base is not supported.
Since 0, {LONG_MIN} or {LLONG_MIN}, and {LONG_MAX} or {LLONG_MAX} are
returned on error and are also valid returns on success, an application
wishing to check for error situations should set errno to 0, then call
strtol( ) or strtoll ( ), then check errno.
-----------------------------------------------------
Backout previous revision. We should not expand plain text xrefs if
they appear in the literal text, e.g. in the error or warning message
of the library function. (Submitted by: bde)
Moved "out of memory" from warning to errors section.
Even better formula from random() could not be intetgrated because rand_r()
supposed to store its state in the single variable (but table needed for
random() algorithm integration).
Change __dtoa to not free the string it allocated the previous time it was
called. The caller now frees the string after usage if appropiate.
PR: 15070
Reviewed by: deischen
Change __dtoa to not free the string it allocated the previous time it was
called. The caller now frees the string after usage if appropiate.
PR: 15070
to be the same as -ragged in the current implementation) to
-ragged. With mdocNG, -filled displays produce the correct
output, formatted and justified to both margins.
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will pulled in.
Use the following convention for system calls wrapped by the
threads library:
__sys_foo - actual system call
_foo - weak definition to __sys_foo
foo - weak definition to __sys_foo
Change all libc uses of system calls wrapped by the threads
library from foo to _foo. In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde). All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes. <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.
Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE. We have recursive mutexes, but would like to avoid
using them if possible.
Remove uneeded includes of <errno.h> from a few files.
Add $FreeBSD$ to a few files in order to pass commitprep.
Approved by: -arch
stderr in case of warnings and errors.
Rename malloc_options to have a leading underscore, I belive I have been
told that is more correct namespace wise.
The recent problems with sshd were due to sshd reassigning
`environ' when setenv() thinks it owns it. setenv() subsequently
realloc()s the new version of environ and *boom*
in my tree for a long time. bde reviewed this once upon a time and
said it was OK, iirc. This also obviates the need to put ? in the
optstring argument to preclude the extra warning message which some
people think confuses users. When I made my getopt cleanups of a long
time ago, this was the compromise reached. I just neglected to commit
it until now.
just use _foo() <-- foo(). In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate. In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().
Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().
Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().
Make thread cancellation fully POSIX-compliant.
Suggested by: deischen
o Do not override `environ' if realloc() fails, leave it intact.
o Set `alloced' only when memory is actually allocated.
PR: bin/5604 (2nd part)
Reviewed by: bde
points. For library functions, the pattern is __sleep() <--
_libc_sleep() <-- sleep(). The arrows represent weak aliases. For
system calls, the pattern is _read() <-- _libc_read() <-- read().
- Sort xrefs
- FreeBSD.ORG -> FreeBSD.org
- Be consistent with section names as outlines in mdoc(7)
- Other misc mdoc cleanup.
PR: doc/13144
Submitted by: Alexy M. Zelkin <phantom@cris.net>
track.
The $Id$ line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;
.\" $Id$
.\"
If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.
Approved by: bde
changes have made this too expensive. This gains about 1.25% on
worldstone on my SMP machine.
Swap-less machines, for instance PicoBSDs, and machines which experience
page-out trafic, check with top(1), will probably want to reenable this
with:
ln -s H /etc/malloc.conf
Suggested by: alc (&dyson ?)
realloc functions check for recursion within the malloc code itself. In
a thread-safe library, the single spinlock ensures that no two threads
go inside the protected code at the same time. The thread implementation
is responsible for ensuring that the spinlock does in fact protect malloc.
There was a window of opportunity in which this was not the case. I'll fix
that with a commit RSN.
Our spinlock implementation allows a particular thread to obtain a lock
multiple times, but release the lock with a single unlock call. Since
we're detecting recursion, we know the lock is already owned by the
current thread in a previous call and must not be released in the
current call. This is really far too dependent on this particular
spinlock implementation, so I've added commented out calls to
THREAD_UNLOCK in the appropriate places. We can activate this code when
spinlock is taught to count each lock operation.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x). Per ANSI-C, this is
guaranteed to be the same thing.
I've been running these on my system here w/o ill effects for some
time. However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes. Shouldn't impact anything, but...
when it returns NULL to indicate failure, it will also free the memory
that was passed to it, if that was non-null.
This does not change the semantics of realloc.
A second commit will be done to commit the conversion of those places in
the code that can safely use this to avoid memory leaks when confronted
with low memory situations.
Beaten-to-death-but-finally-approved-in: -current
but also assumes that they are 32-bits. This is one place where I don't
think it is appropriate to change 'long' to 'int'. I don't see why the
code couldn't be fixed so that using natural long variables does the
right thing. It's spaggetti code so it'll take some effort. Obviously
NetBSD thought so too because they change 'long' to 'int32_t' etc
and left it at that. As a temporary measure FreeBSD/Alpha can use the
NetBSD code and put this on the list of things to fix.
libc to determine if locking is required. This is needed in libc
for use with kernel threads, but until a thread is created, we don't
really want to bother locking things. The variable was added here
because the crt code calls exit(main()) so all programs will get the
variable.
a malloc. The signal handler creates a thread which requires a malloc...
For now, the only thing to do is to block signals. When we move user
pthreads to use the kernel threads, mutexes will be implemented in kernel
space and then malloc can revert.
This fixes bugs in the manual handling. abs.[cS] was handled too
specially and the wrong (.c) variant for each of div.[cS], labs.[cS]
and ldiv.[cS] was added to SRCS. This caused the .c variant to be
used if `depend' was made and the .S version to be used otherwise.
Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
Various cleanup from Keith Bostic
Reinstate calloc() as a separate funtion, in its own source/object file.
leave the manpage integrated with malloc.3 and friends. Too many things
were broken in this respect.
PR: 4002
Reviewed by: phk
Submitted by: Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
Submitted by: Keith Bostic <bostic@bostic.com>
Various portability and stylistic cleanups.
Kill MALLOC_STATS & the 'D' option.
Fix the 'V' option.
Major overhaul of the man-page.
You milage should not vary.
Reviewed by: Keith Bostic <bostic@bostic.com>
Submitted by: Keith Bostic <bostic@bostic.com>
implement (better) falback code inside srandomdev() itself.
Change return type from int to void (binary compatibility surprisely
achieved). Userland code will be changed soon.
Malloc cannot use pthread_mutex_init() to initialize a mutex because
the mutex initialization process does a malloc!
libc_r internals skip the malloc and assign an initializer to a static
structure and point the opaque type (pthread_mutex_t in this case) to
that structure. This is done on the assumption that the mutex will never
be destroyed. This style of initialization is only valid inside libc_r
because the structure that is assigned is opaque to the user.
This fix allows a simple program to get to main() again. 8-)
so that all these makefiles can be used to build libc_r too.
Added .if ${LIB} == "c" tests to restrict man page builds to libc
to avoid needlessly building them with libc_r too.
Split libc Makefile into Makefile and Makefile.inc to allow the
libc_r Makefile to include Makefile.inc too.
Back out a dubious Lite2 change to "optimise" getcwd() to look at $PWD
because it's potentially dangerous (think: symlink races). Move
realpath() back to it's original location, and remove getcwd_physical()
by renaming it back to getcwd() and zapping the original getcwd wrapper.
Noticed by: bde
The following commits already happened but the log message got lost:
Modified Files:
gen/Makefile.inc gen/getcwd.c stdlib/Makefile.inc
Removed Files:
gen/realpath.3
because it's potentially dangerous (think: symlink races). Move
realpath() back to it's original location, and remove getcwd_physical()
by renaming it back to getcwd() and zapping the original getcwd wrapper.
Noticed by: bde
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
Add progname to warning/error message layout. (joerg)
Remove inline assembler, no speed impact, not need for the obfuscation (bde)
Remove on the fly calculation of parameters, no longer critical.
Make D & U flags valid even if we don't support them.
Don't call imalloc until we're done initializing.
Zap contents on free() if we have "Junk" set. [*]
Various nitpicking.
[*] As a sideeffect of this change, if you are worried about
sensitive data lingering in memory, you can use the 'Junk' option
now to make sure phkmalloc zaps memory when it is returned. add
char * malloc_options = "J";
to your source. Obviously there is a performance impact.
Various neat features added. More documentation in the manpage.
If your machine has very little RAM, I guess that would be < 16M
these days :-(, you may want to try this:
ln -fs 'H<' /etc/malloc.conf
check the manpage.
as done after a quasi-recursive call to free() had modified what we
thought we knew about the last chunk of pages.
This bug manifested itself when I did a "make obj" from src/usr.sbin/lpr,
then make would coredump in the lpd directory.
in a bunch of man pages.
Use the correct .Bx (BSD UNIX) or .At (AT&T UNIX) macros
instead of explicitly specifying the version in the text
in a bunch of man pages.
by W.Richard Ste vens. EINTR handling suggested by bde@freebsd.org).
Code cleanup:
1. Add missing return type.
2. Replace 'union wait' by int.
3. Use Posix-style signal handling instead of signal().
4. Use fork() instead of deprecated vfork().
5. Block signals before fork()'ing, instead of after.
6. Return -1 if fork() fails, instead of 0.
7. Add EINTR handling for waitpid() call.
Also add claim of Posix conformance to man page.
in the main text of various man pages.
Thanks to Warner Losh for adding an option to manck to allow
it to scan the entire man page looking for bogus xrefs, instead
of just checking the SEE ALSO section.
via mmap() up around the shared library area. Previously the directory
was allocated from space from it's own memory pool. Because of the way it
was being extended on processes with large malloced data segments (ie: inn)
once the page directory was extended for some reason, it was not possible
to lower the heap size any more to return pages to the OS.
(If my understanding is correct, page directory expansion occurs at 4MB,
12MB, 20MB, 28MB, etc.) I was seeing INN allocate a large amount of short
term memory, pushing it over the 28MB mark, and once it's transient demands
hit 28MB, it never freed it's pages and swap space again.)
I've been running this in my libc for about a month...
Also, seperate MALLOC_STATS from EXTRA_SANITY.. I found it useful to call
malloc_dump() from within INN from a ctlinnd command to see where the hell
all the memory was going.. :-) I've left MALLOC_STATS enabled, as it has
no run-time or data storage cost.
Reviewed by: phk
Performance is comparable to gnumalloc if you have sufficient RAM, and
it screams around it if you don't.
Compiled with "EXTRA_SANITY" until further notice.
see malloc.3 for more details.
like 38400<any 8bit char, isalpha> it not detect this stuff and
produce very big number instead. Fixed by operating with unsigned char
and checking for isascii. (secure/telnetd hits by it f.e.)
Grrr. If the dbhash routines weren't grossly overengineered I wouldn't
even need to do this! :-(
Also now export the hash_stats routine. Manpage coming RSN - I promise.
