| /* |
| * Copyright (C) 2012 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #pragma once |
| |
| /** |
| * @file malloc.h |
| * @brief Heap memory allocation. |
| * |
| * [Debugging Native Memory Use](https://source.android.com/devices/tech/debug/native-memory) |
| * is the canonical source for documentation on Android's heap debugging |
| * features. |
| */ |
| |
| #include <sys/cdefs.h> |
| #include <stddef.h> |
| #include <stdio.h> |
| |
| __BEGIN_DECLS |
| |
| #define __BIONIC_ALLOC_SIZE(...) __attribute__((__alloc_size__(__VA_ARGS__))) |
| |
| /** |
| * [malloc(3)](https://man7.org/linux/man-pages/man3/malloc.3.html) allocates |
| * memory on the heap. |
| * |
| * Returns a pointer to the allocated memory on success and returns a null |
| * pointer and sets `errno` on failure. |
| * |
| * Note that Android (like most Unix systems) allows "overcommit". This |
| * allows processes to allocate more memory than the system has, provided |
| * they don't use it all. This works because only "dirty" pages that have |
| * been written to actually require physical memory. In practice, this |
| * means that it's rare to see memory allocation functions return a null |
| * pointer, and that a non-null pointer does not mean that you actually |
| * have all of the memory you asked for. |
| * |
| * Note also that the Linux Out Of Memory (OOM) killer behaves differently |
| * for code run via `adb shell`. The assumption is that if you ran |
| * something via `adb shell` you're a developer who actually wants the |
| * device to do what you're asking it to do _even if_ that means killing |
| * other processes. Obviously this is not the case for apps, which will |
| * be killed in preference to killing other processes. |
| */ |
| __nodiscard void* _Nullable malloc(size_t __byte_count) __mallocfunc __BIONIC_ALLOC_SIZE(1); |
| |
| /** |
| * [calloc(3)](https://man7.org/linux/man-pages/man3/calloc.3.html) allocates |
| * and clears memory on the heap. |
| * |
| * Returns a pointer to the allocated memory on success and returns a null |
| * pointer and sets `errno` on failure (but see the notes for malloc()). |
| */ |
| __nodiscard void* _Nullable calloc(size_t __item_count, size_t __item_size) __mallocfunc __BIONIC_ALLOC_SIZE(1,2); |
| |
| /** |
| * [realloc(3)](https://man7.org/linux/man-pages/man3/realloc.3.html) resizes |
| * allocated memory on the heap. |
| * |
| * Returns a pointer (which may be different from `__ptr`) to the resized |
| * memory on success and returns a null pointer and sets `errno` on failure |
| * (but see the notes for malloc()). |
| */ |
| __nodiscard void* _Nullable realloc(void* _Nullable __ptr, size_t __byte_count) __BIONIC_ALLOC_SIZE(2); |
| |
| /** |
| * [reallocarray(3)](https://man7.org/linux/man-pages/man3/reallocarray.3.html) |
| * resizes allocated memory on the heap. |
| * |
| * Equivalent to `realloc(__ptr, __item_count * __item_size)` but fails if the |
| * multiplication overflows. |
| * |
| * Returns a pointer (which may be different from `__ptr`) to the resized |
| * memory on success and returns a null pointer and sets `errno` on failure |
| * (but see the notes for malloc()). |
| */ |
| #if __ANDROID_API__ >= 29 |
| __nodiscard void* _Nullable reallocarray(void* _Nullable __ptr, size_t __item_count, size_t __item_size) __BIONIC_ALLOC_SIZE(2, 3) __INTRODUCED_IN(29); |
| #elif defined(__ANDROID_UNAVAILABLE_SYMBOLS_ARE_WEAK__) |
| #include <errno.h> |
| static __inline __nodiscard void* _Nullable reallocarray(void* _Nullable __ptr, size_t __item_count, size_t __item_size) __BIONIC_ALLOC_SIZE(2, 3) { |
| size_t __new_size; |
| if (__builtin_mul_overflow(__item_count, __item_size, &__new_size)) { |
| errno = ENOMEM; |
| return NULL; |
| } |
| return realloc(__ptr, __new_size); |
| } |
| #endif |
| |
| /** |
| * [free(3)](https://man7.org/linux/man-pages/man3/free.3.html) deallocates |
| * memory on the heap. |
| */ |
| void free(void* _Nullable __ptr); |
| |
| /** |
| * [memalign(3)](https://man7.org/linux/man-pages/man3/memalign.3.html) allocates |
| * memory on the heap with the required alignment. |
| * |
| * Returns a pointer to the allocated memory on success and returns a null |
| * pointer and sets `errno` on failure (but see the notes for malloc()). |
| * |
| * See also posix_memalign(). |
| */ |
| __nodiscard void* _Nullable memalign(size_t __alignment, size_t __byte_count) __mallocfunc __BIONIC_ALLOC_SIZE(2); |
| |
| /** |
| * [malloc_usable_size(3)](https://man7.org/linux/man-pages/man3/malloc_usable_size.3.html) |
| * returns the actual size of the given heap block. |
| */ |
| __nodiscard size_t malloc_usable_size(const void* _Nullable __ptr); |
| |
| #define __MALLINFO_BODY \ |
| /** Total number of non-mmapped bytes currently allocated from OS. */ \ |
| size_t arena; \ |
| /** Number of free chunks. */ \ |
| size_t ordblks; \ |
| /** (Unused.) */ \ |
| size_t smblks; \ |
| /** (Unused.) */ \ |
| size_t hblks; \ |
| /** Total number of bytes in mmapped regions. */ \ |
| size_t hblkhd; \ |
| /** Maximum total allocated space; greater than total if trimming has occurred. */ \ |
| size_t usmblks; \ |
| /** (Unused.) */ \ |
| size_t fsmblks; \ |
| /** Total allocated space (normal or mmapped.) */ \ |
| size_t uordblks; \ |
| /** Total free space. */ \ |
| size_t fordblks; \ |
| /** Upper bound on number of bytes releasable by a trim operation. */ \ |
| size_t keepcost; |
| |
| #ifndef STRUCT_MALLINFO_DECLARED |
| #define STRUCT_MALLINFO_DECLARED 1 |
| struct mallinfo { __MALLINFO_BODY }; |
| #endif |
| |
| /** |
| * [mallinfo(3)](https://man7.org/linux/man-pages/man3/mallinfo.3.html) returns |
| * information about the current state of the heap. Note that mallinfo() is |
| * inherently unreliable and consider using malloc_info() instead. |
| */ |
| struct mallinfo mallinfo(void); |
| |
| /** |
| * On Android the struct mallinfo and struct mallinfo2 are the same. |
| */ |
| struct mallinfo2 { __MALLINFO_BODY }; |
| |
| /** |
| * [mallinfo2(3)](https://man7.org/linux/man-pages/man3/mallinfo2.3.html) returns |
| * information about the current state of the heap. Note that mallinfo2() is |
| * inherently unreliable and consider using malloc_info() instead. |
| */ |
| struct mallinfo2 mallinfo2(void) __RENAME(mallinfo); |
| |
| /** |
| * [malloc_info(3)](https://man7.org/linux/man-pages/man3/malloc_info.3.html) |
| * writes information about the current state of the heap to the given stream. |
| * |
| * The XML structure for malloc_info() is as follows: |
| * ``` |
| * <malloc version="jemalloc-1"> |
| * <heap nr="INT"> |
| * <allocated-large>INT</allocated-large> |
| * <allocated-huge>INT</allocated-huge> |
| * <allocated-bins>INT</allocated-bins> |
| * <bins-total>INT</bins-total> |
| * <bin nr="INT"> |
| * <allocated>INT</allocated> |
| * <nmalloc>INT</nmalloc> |
| * <ndalloc>INT</ndalloc> |
| * </bin> |
| * <!-- more bins --> |
| * </heap> |
| * <!-- more heaps --> |
| * </malloc> |
| * ``` |
| * |
| * Available since API level 23. |
| */ |
| |
| #if __BIONIC_AVAILABILITY_GUARD(23) |
| int malloc_info(int __must_be_zero, FILE* _Nonnull __fp) __INTRODUCED_IN(23); |
| #endif /* __BIONIC_AVAILABILITY_GUARD(23) */ |
| |
| |
| /** |
| * mallopt() option to set the decay time. Valid values are -1, 0 and 1. |
| * -1 : Disable the releasing of unused pages. This value is available since |
| * API level 35. |
| * 0 : Release the unused pages immediately. |
| * 1 : Release the unused pages at a device-specific interval. |
| * |
| * Available since API level 27. |
| */ |
| #define M_DECAY_TIME (-100) |
| /** |
| * mallopt() option to immediately purge any memory not in use. This |
| * will release the memory back to the kernel. The value is ignored. |
| * |
| * Available since API level 28. |
| */ |
| #define M_PURGE (-101) |
| /** |
| * mallopt() option to immediately purge all possible memory back to |
| * the kernel. This call can take longer than a normal purge since it |
| * examines everything. In some cases, it can take more than twice the |
| * time of a M_PURGE call. The value is ignored. |
| * |
| * Available since API level 34. |
| */ |
| #define M_PURGE_ALL (-104) |
| |
| /** |
| * mallopt() option to tune the allocator's choice of memory tags to |
| * make it more likely that a certain class of memory errors will be |
| * detected. This is only relevant if MTE is enabled in this process |
| * and ignored otherwise. The value argument should be one of the |
| * M_MEMTAG_TUNING_* flags. |
| * NOTE: This is only available in scudo. |
| * |
| * Available since API level 31. |
| */ |
| #define M_MEMTAG_TUNING (-102) |
| |
| /** |
| * When passed as a value of M_MEMTAG_TUNING mallopt() call, enables |
| * deterministic detection of linear buffer overflow and underflow |
| * bugs by assigning distinct tag values to adjacent allocations. This |
| * mode has a slightly reduced chance to detect use-after-free bugs |
| * because only half of the possible tag values are available for each |
| * memory location. |
| * |
| * Please keep in mind that MTE can not detect overflow within the |
| * same tag granule (16-byte aligned chunk), and can miss small |
| * overflows even in this mode. Such overflow can not be the cause of |
| * a memory corruption, because the memory within one granule is never |
| * used for multiple allocations. |
| */ |
| #define M_MEMTAG_TUNING_BUFFER_OVERFLOW 0 |
| |
| /** |
| * When passed as a value of M_MEMTAG_TUNING mallopt() call, enables |
| * independently randomized tags for uniform ~93% probability of |
| * detecting both spatial (buffer overflow) and temporal (use after |
| * free) bugs. |
| */ |
| #define M_MEMTAG_TUNING_UAF 1 |
| |
| /** |
| * mallopt() option for per-thread memory initialization tuning. |
| * The value argument should be one of: |
| * 1: Disable automatic heap initialization on this thread only. |
| * If memory tagging is enabled, disable as much as possible of the |
| * memory tagging initialization for this thread. |
| * 0: Normal behavior. |
| * |
| * Available since API level 31. |
| */ |
| #define M_THREAD_DISABLE_MEM_INIT (-103) |
| /** |
| * mallopt() option to set the maximum number of items in the secondary |
| * cache of the scudo allocator. |
| * |
| * Available since API level 31. |
| */ |
| #define M_CACHE_COUNT_MAX (-200) |
| /** |
| * mallopt() option to set the maximum size in bytes of a cacheable item in |
| * the secondary cache of the scudo allocator. |
| * |
| * Available since API level 31. |
| */ |
| #define M_CACHE_SIZE_MAX (-201) |
| /** |
| * mallopt() option to increase the maximum number of shared thread-specific |
| * data structures that can be created. This number cannot be decreased, |
| * only increased and only applies to the scudo allocator. |
| * |
| * Available since API level 31. |
| */ |
| #define M_TSDS_COUNT_MAX (-202) |
| |
| /** |
| * mallopt() option to decide whether heap memory is zero-initialized on |
| * allocation across the whole process. May be called at any time, including |
| * when multiple threads are running. An argument of zero indicates memory |
| * should not be zero-initialized, any other value indicates to initialize heap |
| * memory to zero. |
| * |
| * Note that this memory mitigation is only implemented in scudo and therefore |
| * this will have no effect when using another allocator (such as jemalloc on |
| * Android Go devices). |
| * |
| * Available since API level 31. |
| */ |
| #define M_BIONIC_ZERO_INIT (-203) |
| |
| /** |
| * mallopt() option to change the heap tagging state. May be called at any |
| * time, including when multiple threads are running. |
| * The value must be one of the M_HEAP_TAGGING_LEVEL_ constants. |
| * NOTE: This is only available in scudo. |
| * |
| * Available since API level 31. |
| */ |
| #define M_BIONIC_SET_HEAP_TAGGING_LEVEL (-204) |
| |
| /** |
| * Constants for use with the M_BIONIC_SET_HEAP_TAGGING_LEVEL mallopt() option. |
| */ |
| enum HeapTaggingLevel { |
| /** |
| * Disable heap tagging and memory tag checks (if supported). |
| * Heap tagging may not be re-enabled after being disabled. |
| */ |
| M_HEAP_TAGGING_LEVEL_NONE = 0, |
| #define M_HEAP_TAGGING_LEVEL_NONE M_HEAP_TAGGING_LEVEL_NONE |
| /** |
| * Address-only tagging. Heap pointers have a non-zero tag in the |
| * most significant ("top") byte which is checked in free(). Memory |
| * accesses ignore the tag using arm64's Top Byte Ignore (TBI) feature. |
| */ |
| M_HEAP_TAGGING_LEVEL_TBI = 1, |
| #define M_HEAP_TAGGING_LEVEL_TBI M_HEAP_TAGGING_LEVEL_TBI |
| /** |
| * Enable heap tagging and asynchronous memory tag checks (if supported). |
| * Disable stack trace collection. |
| */ |
| M_HEAP_TAGGING_LEVEL_ASYNC = 2, |
| #define M_HEAP_TAGGING_LEVEL_ASYNC M_HEAP_TAGGING_LEVEL_ASYNC |
| /** |
| * Enable heap tagging and synchronous memory tag checks (if supported). |
| * Enable stack trace collection. |
| */ |
| M_HEAP_TAGGING_LEVEL_SYNC = 3, |
| #define M_HEAP_TAGGING_LEVEL_SYNC M_HEAP_TAGGING_LEVEL_SYNC |
| }; |
| |
| /** |
| * mallopt() option to print human readable statistics about the memory |
| * allocator to the log. There is no format for this data, each allocator |
| * can use a different format, and the data that is printed can |
| * change at any time. This is expected to be used as a debugging aid. |
| * |
| * Available since API level 35. |
| */ |
| #define M_LOG_STATS (-205) |
| |
| /** |
| * [mallopt(3)](https://man7.org/linux/man-pages/man3/mallopt.3.html) modifies |
| * heap behavior. Values of `__option` are the `M_` constants from this header. |
| * |
| * Returns 1 on success, 0 on error. |
| * |
| * Available since API level 26. |
| */ |
| |
| #if __BIONIC_AVAILABILITY_GUARD(26) |
| int mallopt(int __option, int __value) __INTRODUCED_IN(26); |
| #endif /* __BIONIC_AVAILABILITY_GUARD(26) */ |
| |
| |
| /** |
| * [__malloc_hook(3)](https://man7.org/linux/man-pages/man3/__malloc_hook.3.html) |
| * is called to implement malloc(). By default this points to the system's |
| * implementation. |
| * |
| * Available since API level 28. |
| * |
| * See also: [extra documentation](https://android.googlesource.com/platform/bionic/+/main/libc/malloc_hooks/README.md) |
| */ |
| |
| #if __BIONIC_AVAILABILITY_GUARD(28) |
| extern void* _Nonnull (*volatile _Nonnull __malloc_hook)(size_t __byte_count, const void* _Nonnull __caller) __INTRODUCED_IN(28); |
| |
| /** |
| * [__realloc_hook(3)](https://man7.org/linux/man-pages/man3/__realloc_hook.3.html) |
| * is called to implement realloc(). By default this points to the system's |
| * implementation. |
| * |
| * Available since API level 28. |
| * |
| * See also: [extra documentation](https://android.googlesource.com/platform/bionic/+/main/libc/malloc_hooks/README.md) |
| */ |
| extern void* _Nonnull (*volatile _Nonnull __realloc_hook)(void* _Nullable __ptr, size_t __byte_count, const void* _Nonnull __caller) __INTRODUCED_IN(28); |
| |
| /** |
| * [__free_hook(3)](https://man7.org/linux/man-pages/man3/__free_hook.3.html) |
| * is called to implement free(). By default this points to the system's |
| * implementation. |
| * |
| * Available since API level 28. |
| * |
| * See also: [extra documentation](https://android.googlesource.com/platform/bionic/+/main/libc/malloc_hooks/README.md) |
| */ |
| extern void (*volatile _Nonnull __free_hook)(void* _Nullable __ptr, const void* _Nonnull __caller) __INTRODUCED_IN(28); |
| |
| /** |
| * [__memalign_hook(3)](https://man7.org/linux/man-pages/man3/__memalign_hook.3.html) |
| * is called to implement memalign(). By default this points to the system's |
| * implementation. |
| * |
| * Available since API level 28. |
| * |
| * See also: [extra documentation](https://android.googlesource.com/platform/bionic/+/main/libc/malloc_hooks/README.md) |
| */ |
| extern void* _Nonnull (*volatile _Nonnull __memalign_hook)(size_t __alignment, size_t __byte_count, const void* _Nonnull __caller) __INTRODUCED_IN(28); |
| #endif /* __BIONIC_AVAILABILITY_GUARD(28) */ |
| |
| |
| __END_DECLS |