Analysis of malloc mechanism in Uclibc

Uclibc is the most used c lib library in embedded Linux system. Recently, I have been learning about the memory management of the Linux kernel. After I finished learning, I have been confused about the memory management of the user space. I have looked at the malloc part of the code in libc for a bit of research. Special summary into this article. The structure of this document: First, the preparation of knowledge 2: heap space management structure three: heap space initialization four: FA structure operation five: malloc implementation six: free implementation seven: summary one: preparation knowledge: user space, often It calls malloc and free for memory management, which allocates memory in the heap space of the process. As shown below:

Second: Management structure of heap space: data structure represented by heap space struct heap{//Representation structure of heap space free area struct heap_free_area *free_areas;//Used to lock protection in a multi-threaded environment #ifdef HEAP_USE_LOCKINGpthread_mutex_t lock; #endif}; heap_free_area structure in the code is called FA structure by the code author. Its definition is as follows: struct heap_free_area{//size of the free area size_t size; //used to construct the circular list struct heap_free_area *next, *prev;}; Note: in the FA structure does not define a pointer to the free area, this Because the FA structure is just behind the free area.

Three: heap space initialization: The global variable __malloc_heap represents the entire stack space. Its initialization process shown as follows: struct heap __malloc_heap = HEAP_INIT_WITH_FA (initial_fa); HEAP_INIT_WITH_FA defined as follows: #ifdef HEAP_USE_LOCKING # define HEAP_INIT {0, PTHREAD_MUTEX_INITIALIZER} # define HEAP_INIT_WITH_FA (fa) {& fa._fa, PTHREAD_MUTEX_INITIALIZER} # else # define HEAP_INIT {0} # define HEAP_INIT_WITH_FA (fa) {& fa._fa} #endif initial_fa variables initialized as follows: HEAP_DECLARE_STATIC_FREE_AREA (initial_fa, 256); # define HEAP_DECLARE_STATIC_FREE_AREA (name, size) \\ static struct \\ {\\ char space [( size) - sizeof (struct heap_free_area)]; \\ struct heap_free_area _fa; \\} name = {" ", {(size), 0, 0}} thus it can be seen heap initialization is 256 bytes. As you can see from the above initialization, an array space is statically defined in front of the FA structure. This also confirms the above said "FA structure just placed behind the free area" four: FA structure operation: 1: #define HEAP_FREE_AREA_SIZE (fa) ((fa)-> size) FA represents the free area Size, this size already contains the space occupied by the FA itself: #define HEAP_FREE_AREA_START(fa) ((void *)((char *)(fa + 1) - (fa)->size)) The free area represented by the FA starting point. Fa+1 reaches the end of the free area. The pointer then moves down the size unit, which is the starting position of the free area. 3: #define HEAP_FREE_AREA_END(fa) ((void *)(fa + 1)) Returns the end of the free area indicated by FA. It can be seen from the structure indicated by FA. Moves the size of a FA from the address of the FA, just to the end of the idle 4: #define HEAP_MIN_FREE_AREA_SIZE \\HEAP_ADJUST_SIZE (sizeof (struct heap_free_area) + 32) The minimum free area size. The free area must be able to store at least one heap_free_area size, in addition to 32 bytes of idle, which is considered from the efficiency. When Malloc allocates memory, sometimes it divides a FA into two segments. If the remaining memory is less than HEAP_MIN_FREE_AREA_SIZE, it is better to allocate the memory. Because maintaining free memory needs to affect efficiency. This can be seen from the malloc and free analysis behind us 5: __heap_delete (struct heap *heap, struct heap_free_area *fa) This function removes fa from the heap, its implementation is as follows: extern inline void__heap_delete (struct heap *heap , struct heap_free_area *fa){if (fa->next)fa->next->prev = fa->prev;if (fa->prev)fa->prev->next = fa ->next;elseheap->free_areas = fa->next; //If the deletion is its first node} is just a simple linked list operation, disconnecting fa from the circular list. 6: __heap_link_free_area (struct heap * heap, struct heap_free_area * fa, struct heap_free_area * prev, struct heap_free_area * next) code annotations from the point of view of the function refers to the prev and next between Fa merged together. In fact it just inserts an item between prev and next. To achieve the following: extern inline void__heap_link_free_area (struct heap * heap, struct heap_free_area * fa, struct heap_free_area * prev, struct heap_free_area * next) {fa- & gt; next = next; fa- & gt; prev = prev; if (prev) prev- & gt; next = fa; elseheap- & gt; free_areas = fa; //inserted node as the ingress node of the case if (next) next- & gt; prev = fa;} 7: __ heap_link_free_area_after (struct heap * heap, struct heap_free_area * fa, struct Heap_free_area *prev)