1 // Copyright 2014 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
7 // This was originally based on tcmalloc, but has diverged quite a bit.
8 // http://goog-perftools.sourceforge.net/doc/tcmalloc.html
10 // The main allocator works in runs of pages.
11 // Small allocation sizes (up to and including 32 kB) are
12 // rounded to one of about 70 size classes, each of which
13 // has its own free set of objects of exactly that size.
14 // Any free page of memory can be split into a set of objects
15 // of one size class, which are then managed using a free bitmap.
17 // The allocator's data structures are:
19 // fixalloc: a free-list allocator for fixed-size off-heap objects,
20 // used to manage storage used by the allocator.
21 // mheap: the malloc heap, managed at page (8192-byte) granularity.
22 // mspan: a run of in-use pages managed by the mheap.
23 // mcentral: collects all spans of a given size class.
24 // mcache: a per-P cache of mspans with free space.
25 // mstats: allocation statistics.
27 // Allocating a small object proceeds up a hierarchy of caches:
29 // 1. Round the size up to one of the small size classes
30 // and look in the corresponding mspan in this P's mcache.
31 // Scan the mspan's free bitmap to find a free slot.
32 // If there is a free slot, allocate it.
33 // This can all be done without acquiring a lock.
35 // 2. If the mspan has no free slots, obtain a new mspan
36 // from the mcentral's list of mspans of the required size
37 // class that have free space.
38 // Obtaining a whole span amortizes the cost of locking
41 // 3. If the mcentral's mspan list is empty, obtain a run
42 // of pages from the mheap to use for the mspan.
44 // 4. If the mheap is empty or has no page runs large enough,
45 // allocate a new group of pages (at least 1MB) from the
46 // operating system. Allocating a large run of pages
47 // amortizes the cost of talking to the operating system.
49 // Sweeping an mspan and freeing objects on it proceeds up a similar
52 // 1. If the mspan is being swept in response to allocation, it
53 // is returned to the mcache to satisfy the allocation.
55 // 2. Otherwise, if the mspan still has allocated objects in it,
56 // it is placed on the mcentral free list for the mspan's size
59 // 3. Otherwise, if all objects in the mspan are free, the mspan's
60 // pages are returned to the mheap and the mspan is now dead.
62 // Allocating and freeing a large object uses the mheap
63 // directly, bypassing the mcache and mcentral.
65 // If mspan.needzero is false, then free object slots in the mspan are
66 // already zeroed. Otherwise if needzero is true, objects are zeroed as
67 // they are allocated. There are various benefits to delaying zeroing
70 // 1. Stack frame allocation can avoid zeroing altogether.
72 // 2. It exhibits better temporal locality, since the program is
73 // probably about to write to the memory.
75 // 3. We don't zero pages that never get reused.
77 // Virtual memory layout
79 // The heap consists of a set of arenas, which are 64MB on 64-bit and
80 // 4MB on 32-bit (heapArenaBytes). Each arena's start address is also
81 // aligned to the arena size.
83 // Each arena has an associated heapArena object that stores the
84 // metadata for that arena: the heap bitmap for all words in the arena
85 // and the span map for all pages in the arena. heapArena objects are
86 // themselves allocated off-heap.
88 // Since arenas are aligned, the address space can be viewed as a
89 // series of arena frames. The arena map (mheap_.arenas) maps from
90 // arena frame number to *heapArena, or nil for parts of the address
91 // space not backed by the Go heap. The arena map is structured as a
92 // two-level array consisting of a "L1" arena map and many "L2" arena
93 // maps; however, since arenas are large, on many architectures, the
94 // arena map consists of a single, large L2 map.
96 // The arena map covers the entire possible address space, allowing
97 // the Go heap to use any part of the address space. The allocator
98 // attempts to keep arenas contiguous so that large spans (and hence
99 // large objects) can cross arenas.
106 "runtime/internal/atomic"
107 "runtime/internal/math"
108 "runtime/internal/sys"
115 maxTinySize = _TinySize
116 tinySizeClass = _TinySizeClass
117 maxSmallSize = _MaxSmallSize
119 pageShift = _PageShift
122 // By construction, single page spans of the smallest object class
123 // have the most objects per span.
124 maxObjsPerSpan = pageSize / 8
126 concurrentSweep = _ConcurrentSweep
128 _PageSize = 1 << _PageShift
129 _PageMask = _PageSize - 1
131 // _64bit = 1 on 64-bit systems, 0 on 32-bit systems
132 _64bit = 1 << (^uintptr(0) >> 63) / 2
134 // Tiny allocator parameters, see "Tiny allocator" comment in malloc.go.
136 _TinySizeClass = int8(2)
138 _FixAllocChunk = 16 << 10 // Chunk size for FixAlloc
140 // Per-P, per order stack segment cache size.
141 _StackCacheSize = 32 * 1024
143 // Number of orders that get caching. Order 0 is FixedStack
144 // and each successive order is twice as large.
145 // We want to cache 2KB, 4KB, 8KB, and 16KB stacks. Larger stacks
146 // will be allocated directly.
147 // Since FixedStack is different on different systems, we
148 // must vary NumStackOrders to keep the same maximum cached size.
149 // OS | FixedStack | NumStackOrders
150 // -----------------+------------+---------------
151 // linux/darwin/bsd | 2KB | 4
152 // windows/32 | 4KB | 3
153 // windows/64 | 8KB | 2
155 _NumStackOrders = 4 - goarch.PtrSize/4*goos.IsWindows - 1*goos.IsPlan9
157 // heapAddrBits is the number of bits in a heap address. On
158 // amd64, addresses are sign-extended beyond heapAddrBits. On
159 // other arches, they are zero-extended.
161 // On most 64-bit platforms, we limit this to 48 bits based on a
162 // combination of hardware and OS limitations.
164 // amd64 hardware limits addresses to 48 bits, sign-extended
165 // to 64 bits. Addresses where the top 16 bits are not either
166 // all 0 or all 1 are "non-canonical" and invalid. Because of
167 // these "negative" addresses, we offset addresses by 1<<47
168 // (arenaBaseOffset) on amd64 before computing indexes into
169 // the heap arenas index. In 2017, amd64 hardware added
170 // support for 57 bit addresses; however, currently only Linux
171 // supports this extension and the kernel will never choose an
172 // address above 1<<47 unless mmap is called with a hint
173 // address above 1<<47 (which we never do).
175 // arm64 hardware (as of ARMv8) limits user addresses to 48
176 // bits, in the range [0, 1<<48).
178 // ppc64, mips64, and s390x support arbitrary 64 bit addresses
179 // in hardware. On Linux, Go leans on stricter OS limits. Based
180 // on Linux's processor.h, the user address space is limited as
181 // follows on 64-bit architectures:
183 // Architecture Name Maximum Value (exclusive)
184 // ---------------------------------------------------------------------
185 // amd64 TASK_SIZE_MAX 0x007ffffffff000 (47 bit addresses)
186 // arm64 TASK_SIZE_64 0x01000000000000 (48 bit addresses)
187 // ppc64{,le} TASK_SIZE_USER64 0x00400000000000 (46 bit addresses)
188 // mips64{,le} TASK_SIZE64 0x00010000000000 (40 bit addresses)
189 // s390x TASK_SIZE 1<<64 (64 bit addresses)
191 // These limits may increase over time, but are currently at
192 // most 48 bits except on s390x. On all architectures, Linux
193 // starts placing mmap'd regions at addresses that are
194 // significantly below 48 bits, so even if it's possible to
195 // exceed Go's 48 bit limit, it's extremely unlikely in
198 // On 32-bit platforms, we accept the full 32-bit address
199 // space because doing so is cheap.
200 // mips32 only has access to the low 2GB of virtual memory, so
201 // we further limit it to 31 bits.
203 // On ios/arm64, although 64-bit pointers are presumably
204 // available, pointers are truncated to 33 bits in iOS <14.
205 // Furthermore, only the top 4 GiB of the address space are
206 // actually available to the application. In iOS >=14, more
207 // of the address space is available, and the OS can now
208 // provide addresses outside of those 33 bits. Pick 40 bits
209 // as a reasonable balance between address space usage by the
210 // page allocator, and flexibility for what mmap'd regions
211 // we'll accept for the heap. We can't just move to the full
212 // 48 bits because this uses too much address space for older
214 // TODO(mknyszek): Once iOS <14 is deprecated, promote ios/arm64
215 // to a 48-bit address space like every other arm64 platform.
217 // WebAssembly currently has a limit of 4GB linear memory.
218 heapAddrBits = (_64bit*(1-goarch.IsWasm)*(1-goos.IsIos*goarch.IsArm64))*48 + (1-_64bit+goarch.IsWasm)*(32-(goarch.IsMips+goarch.IsMipsle)) + 40*goos.IsIos*goarch.IsArm64
220 // maxAlloc is the maximum size of an allocation. On 64-bit,
221 // it's theoretically possible to allocate 1<<heapAddrBits bytes. On
222 // 32-bit, however, this is one less than 1<<32 because the
223 // number of bytes in the address space doesn't actually fit
225 maxAlloc = (1 << heapAddrBits) - (1-_64bit)*1
227 // The number of bits in a heap address, the size of heap
228 // arenas, and the L1 and L2 arena map sizes are related by
230 // (1 << addr bits) = arena size * L1 entries * L2 entries
232 // Currently, we balance these as follows:
234 // Platform Addr bits Arena size L1 entries L2 entries
235 // -------------- --------- ---------- ---------- -----------
236 // */64-bit 48 64MB 1 4M (32MB)
237 // windows/64-bit 48 4MB 64 1M (8MB)
238 // ios/arm64 33 4MB 1 2048 (8KB)
239 // */32-bit 32 4MB 1 1024 (4KB)
240 // */mips(le) 31 4MB 1 512 (2KB)
242 // heapArenaBytes is the size of a heap arena. The heap
243 // consists of mappings of size heapArenaBytes, aligned to
244 // heapArenaBytes. The initial heap mapping is one arena.
246 // This is currently 64MB on 64-bit non-Windows and 4MB on
247 // 32-bit and on Windows. We use smaller arenas on Windows
248 // because all committed memory is charged to the process,
249 // even if it's not touched. Hence, for processes with small
250 // heaps, the mapped arena space needs to be commensurate.
251 // This is particularly important with the race detector,
252 // since it significantly amplifies the cost of committed
254 heapArenaBytes = 1 << logHeapArenaBytes
256 // logHeapArenaBytes is log_2 of heapArenaBytes. For clarity,
257 // prefer using heapArenaBytes where possible (we need the
258 // constant to compute some other constants).
259 logHeapArenaBytes = (6+20)*(_64bit*(1-goos.IsWindows)*(1-goarch.IsWasm)*(1-goos.IsIos*goarch.IsArm64)) + (2+20)*(_64bit*goos.IsWindows) + (2+20)*(1-_64bit) + (2+20)*goarch.IsWasm + (2+20)*goos.IsIos*goarch.IsArm64
261 // heapArenaBitmapBytes is the size of each heap arena's bitmap.
262 heapArenaBitmapBytes = heapArenaBytes / (goarch.PtrSize * 8 / 2)
264 pagesPerArena = heapArenaBytes / pageSize
266 // arenaL1Bits is the number of bits of the arena number
267 // covered by the first level arena map.
269 // This number should be small, since the first level arena
270 // map requires PtrSize*(1<<arenaL1Bits) of space in the
271 // binary's BSS. It can be zero, in which case the first level
272 // index is effectively unused. There is a performance benefit
273 // to this, since the generated code can be more efficient,
274 // but comes at the cost of having a large L2 mapping.
276 // We use the L1 map on 64-bit Windows because the arena size
277 // is small, but the address space is still 48 bits, and
278 // there's a high cost to having a large L2.
279 arenaL1Bits = 6 * (_64bit * goos.IsWindows)
281 // arenaL2Bits is the number of bits of the arena number
282 // covered by the second level arena index.
284 // The size of each arena map allocation is proportional to
285 // 1<<arenaL2Bits, so it's important that this not be too
286 // large. 48 bits leads to 32MB arena index allocations, which
287 // is about the practical threshold.
288 arenaL2Bits = heapAddrBits - logHeapArenaBytes - arenaL1Bits
290 // arenaL1Shift is the number of bits to shift an arena frame
291 // number by to compute an index into the first level arena map.
292 arenaL1Shift = arenaL2Bits
294 // arenaBits is the total bits in a combined arena map index.
295 // This is split between the index into the L1 arena map and
297 arenaBits = arenaL1Bits + arenaL2Bits
299 // arenaBaseOffset is the pointer value that corresponds to
300 // index 0 in the heap arena map.
302 // On amd64, the address space is 48 bits, sign extended to 64
303 // bits. This offset lets us handle "negative" addresses (or
304 // high addresses if viewed as unsigned).
306 // On aix/ppc64, this offset allows to keep the heapAddrBits to
307 // 48. Otherwise, it would be 60 in order to handle mmap addresses
308 // (in range 0x0a00000000000000 - 0x0afffffffffffff). But in this
309 // case, the memory reserved in (s *pageAlloc).init for chunks
310 // is causing important slowdowns.
312 // On other platforms, the user address space is contiguous
313 // and starts at 0, so no offset is necessary.
314 arenaBaseOffset = 0xffff800000000000*goarch.IsAmd64 + 0x0a00000000000000*goos.IsAix
315 // A typed version of this constant that will make it into DWARF (for viewcore).
316 arenaBaseOffsetUintptr = uintptr(arenaBaseOffset)
318 // Max number of threads to run garbage collection.
319 // 2, 3, and 4 are all plausible maximums depending
320 // on the hardware details of the machine. The garbage
321 // collector scales well to 32 cpus.
324 // minLegalPointer is the smallest possible legal pointer.
325 // This is the smallest possible architectural page size,
326 // since we assume that the first page is never mapped.
328 // This should agree with minZeroPage in the compiler.
329 minLegalPointer uintptr = 4096
332 // physPageSize is the size in bytes of the OS's physical pages.
333 // Mapping and unmapping operations must be done at multiples of
336 // This must be set by the OS init code (typically in osinit) before
338 var physPageSize uintptr
340 // physHugePageSize is the size in bytes of the OS's default physical huge
341 // page size whose allocation is opaque to the application. It is assumed
342 // and verified to be a power of two.
344 // If set, this must be set by the OS init code (typically in osinit) before
345 // mallocinit. However, setting it at all is optional, and leaving the default
346 // value is always safe (though potentially less efficient).
348 // Since physHugePageSize is always assumed to be a power of two,
349 // physHugePageShift is defined as physHugePageSize == 1 << physHugePageShift.
350 // The purpose of physHugePageShift is to avoid doing divisions in
351 // performance critical functions.
353 physHugePageSize uintptr
354 physHugePageShift uint
358 if class_to_size[_TinySizeClass] != _TinySize {
359 throw("bad TinySizeClass")
362 if heapArenaBitmapBytes&(heapArenaBitmapBytes-1) != 0 {
363 // heapBits expects modular arithmetic on bitmap
364 // addresses to work.
365 throw("heapArenaBitmapBytes not a power of 2")
368 // Check physPageSize.
369 if physPageSize == 0 {
370 // The OS init code failed to fetch the physical page size.
371 throw("failed to get system page size")
373 if physPageSize > maxPhysPageSize {
374 print("system page size (", physPageSize, ") is larger than maximum page size (", maxPhysPageSize, ")\n")
375 throw("bad system page size")
377 if physPageSize < minPhysPageSize {
378 print("system page size (", physPageSize, ") is smaller than minimum page size (", minPhysPageSize, ")\n")
379 throw("bad system page size")
381 if physPageSize&(physPageSize-1) != 0 {
382 print("system page size (", physPageSize, ") must be a power of 2\n")
383 throw("bad system page size")
385 if physHugePageSize&(physHugePageSize-1) != 0 {
386 print("system huge page size (", physHugePageSize, ") must be a power of 2\n")
387 throw("bad system huge page size")
389 if physHugePageSize > maxPhysHugePageSize {
390 // physHugePageSize is greater than the maximum supported huge page size.
391 // Don't throw here, like in the other cases, since a system configured
392 // in this way isn't wrong, we just don't have the code to support them.
393 // Instead, silently set the huge page size to zero.
396 if physHugePageSize != 0 {
397 // Since physHugePageSize is a power of 2, it suffices to increase
398 // physHugePageShift until 1<<physHugePageShift == physHugePageSize.
399 for 1<<physHugePageShift != physHugePageSize {
403 if pagesPerArena%pagesPerSpanRoot != 0 {
404 print("pagesPerArena (", pagesPerArena, ") is not divisible by pagesPerSpanRoot (", pagesPerSpanRoot, ")\n")
405 throw("bad pagesPerSpanRoot")
407 if pagesPerArena%pagesPerReclaimerChunk != 0 {
408 print("pagesPerArena (", pagesPerArena, ") is not divisible by pagesPerReclaimerChunk (", pagesPerReclaimerChunk, ")\n")
409 throw("bad pagesPerReclaimerChunk")
412 // Initialize the heap.
414 mcache0 = allocmcache()
415 lockInit(&gcBitsArenas.lock, lockRankGcBitsArenas)
416 lockInit(&proflock, lockRankProf)
417 lockInit(&globalAlloc.mutex, lockRankGlobalAlloc)
419 // Create initial arena growth hints.
420 if goarch.PtrSize == 8 {
421 // On a 64-bit machine, we pick the following hints
424 // 1. Starting from the middle of the address space
425 // makes it easier to grow out a contiguous range
426 // without running in to some other mapping.
428 // 2. This makes Go heap addresses more easily
429 // recognizable when debugging.
431 // 3. Stack scanning in gccgo is still conservative,
432 // so it's important that addresses be distinguishable
435 // Starting at 0x00c0 means that the valid memory addresses
436 // will begin 0x00c0, 0x00c1, ...
437 // In little-endian, that's c0 00, c1 00, ... None of those are valid
438 // UTF-8 sequences, and they are otherwise as far away from
439 // ff (likely a common byte) as possible. If that fails, we try other 0xXXc0
440 // addresses. An earlier attempt to use 0x11f8 caused out of memory errors
441 // on OS X during thread allocations. 0x00c0 causes conflicts with
442 // AddressSanitizer which reserves all memory up to 0x0100.
443 // These choices reduce the odds of a conservative garbage collector
444 // not collecting memory because some non-pointer block of memory
445 // had a bit pattern that matched a memory address.
447 // However, on arm64, we ignore all this advice above and slam the
448 // allocation at 0x40 << 32 because when using 4k pages with 3-level
449 // translation buffers, the user address space is limited to 39 bits
450 // On ios/arm64, the address space is even smaller.
452 // On AIX, mmaps starts at 0x0A00000000000000 for 64-bit.
454 for i := 0x7f; i >= 0; i-- {
458 // The TSAN runtime requires the heap
459 // to be in the range [0x00c000000000,
461 p = uintptr(i)<<32 | uintptrMask&(0x00c0<<32)
462 if p >= uintptrMask&0x00e000000000 {
465 case GOARCH == "arm64" && GOOS == "ios":
466 p = uintptr(i)<<40 | uintptrMask&(0x0013<<28)
467 case GOARCH == "arm64":
468 p = uintptr(i)<<40 | uintptrMask&(0x0040<<32)
471 // We don't use addresses directly after 0x0A00000000000000
472 // to avoid collisions with others mmaps done by non-go programs.
475 p = uintptr(i)<<40 | uintptrMask&(0xa0<<52)
477 p = uintptr(i)<<40 | uintptrMask&(0x00c0<<32)
479 hint := (*arenaHint)(mheap_.arenaHintAlloc.alloc())
481 hint.next, mheap_.arenaHints = mheap_.arenaHints, hint
484 // On a 32-bit machine, we're much more concerned
485 // about keeping the usable heap contiguous.
488 // 1. We reserve space for all heapArenas up front so
489 // they don't get interleaved with the heap. They're
490 // ~258MB, so this isn't too bad. (We could reserve a
491 // smaller amount of space up front if this is a
494 // 2. We hint the heap to start right above the end of
495 // the binary so we have the best chance of keeping it
498 // 3. We try to stake out a reasonably large initial
501 const arenaMetaSize = (1 << arenaBits) * unsafe.Sizeof(heapArena{})
502 meta := uintptr(sysReserve(nil, arenaMetaSize))
504 mheap_.heapArenaAlloc.init(meta, arenaMetaSize, true)
507 // We want to start the arena low, but if we're linked
508 // against C code, it's possible global constructors
509 // have called malloc and adjusted the process' brk.
510 // Query the brk so we can avoid trying to map the
511 // region over it (which will cause the kernel to put
512 // the region somewhere else, likely at a high
516 // If we ask for the end of the data segment but the
517 // operating system requires a little more space
518 // before we can start allocating, it will give out a
519 // slightly higher pointer. Except QEMU, which is
520 // buggy, as usual: it won't adjust the pointer
521 // upward. So adjust it upward a little bit ourselves:
522 // 1/4 MB to get away from the running binary image.
523 p := firstmoduledata.end
527 if mheap_.heapArenaAlloc.next <= p && p < mheap_.heapArenaAlloc.end {
528 p = mheap_.heapArenaAlloc.end
530 p = alignUp(p+(256<<10), heapArenaBytes)
531 // Because we're worried about fragmentation on
532 // 32-bit, we try to make a large initial reservation.
533 arenaSizes := []uintptr{
538 for _, arenaSize := range arenaSizes {
539 a, size := sysReserveAligned(unsafe.Pointer(p), arenaSize, heapArenaBytes)
541 mheap_.arena.init(uintptr(a), size, false)
542 p = mheap_.arena.end // For hint below
546 hint := (*arenaHint)(mheap_.arenaHintAlloc.alloc())
548 hint.next, mheap_.arenaHints = mheap_.arenaHints, hint
552 // sysAlloc allocates heap arena space for at least n bytes. The
553 // returned pointer is always heapArenaBytes-aligned and backed by
554 // h.arenas metadata. The returned size is always a multiple of
555 // heapArenaBytes. sysAlloc returns nil on failure.
556 // There is no corresponding free function.
558 // sysAlloc returns a memory region in the Reserved state. This region must
559 // be transitioned to Prepared and then Ready before use.
562 func (h *mheap) sysAlloc(n uintptr) (v unsafe.Pointer, size uintptr) {
563 assertLockHeld(&h.lock)
565 n = alignUp(n, heapArenaBytes)
567 // First, try the arena pre-reservation.
568 v = h.arena.alloc(n, heapArenaBytes, &memstats.heap_sys)
574 // Try to grow the heap at a hint address.
575 for h.arenaHints != nil {
582 // We can't use this, so don't ask.
584 } else if arenaIndex(p+n-1) >= 1<<arenaBits {
585 // Outside addressable heap. Can't use.
588 v = sysReserve(unsafe.Pointer(p), n)
591 // Success. Update the hint.
599 // Failed. Discard this hint and try the next.
601 // TODO: This would be cleaner if sysReserve could be
602 // told to only return the requested address. In
603 // particular, this is already how Windows behaves, so
604 // it would simplify things there.
608 h.arenaHints = hint.next
609 h.arenaHintAlloc.free(unsafe.Pointer(hint))
614 // The race detector assumes the heap lives in
615 // [0x00c000000000, 0x00e000000000), but we
616 // just ran out of hints in this region. Give
618 throw("too many address space collisions for -race mode")
621 // All of the hints failed, so we'll take any
622 // (sufficiently aligned) address the kernel will give
624 v, size = sysReserveAligned(nil, n, heapArenaBytes)
629 // Create new hints for extending this region.
630 hint := (*arenaHint)(h.arenaHintAlloc.alloc())
631 hint.addr, hint.down = uintptr(v), true
632 hint.next, mheap_.arenaHints = mheap_.arenaHints, hint
633 hint = (*arenaHint)(h.arenaHintAlloc.alloc())
634 hint.addr = uintptr(v) + size
635 hint.next, mheap_.arenaHints = mheap_.arenaHints, hint
638 // Check for bad pointers or pointers we can't use.
643 bad = "region exceeds uintptr range"
644 } else if arenaIndex(p) >= 1<<arenaBits {
645 bad = "base outside usable address space"
646 } else if arenaIndex(p+size-1) >= 1<<arenaBits {
647 bad = "end outside usable address space"
650 // This should be impossible on most architectures,
651 // but it would be really confusing to debug.
652 print("runtime: memory allocated by OS [", hex(p), ", ", hex(p+size), ") not in usable address space: ", bad, "\n")
653 throw("memory reservation exceeds address space limit")
657 if uintptr(v)&(heapArenaBytes-1) != 0 {
658 throw("misrounded allocation in sysAlloc")
662 // Create arena metadata.
663 for ri := arenaIndex(uintptr(v)); ri <= arenaIndex(uintptr(v)+size-1); ri++ {
664 l2 := h.arenas[ri.l1()]
666 // Allocate an L2 arena map.
668 // Use sysAllocOS instead of sysAlloc or persistentalloc because there's no
669 // statistic we can comfortably account for this space in. With this structure,
670 // we rely on demand paging to avoid large overheads, but tracking which memory
671 // is paged in is too expensive. Trying to account for the whole region means
672 // that it will appear like an enormous memory overhead in statistics, even though
674 l2 = (*[1 << arenaL2Bits]*heapArena)(sysAllocOS(unsafe.Sizeof(*l2)))
676 throw("out of memory allocating heap arena map")
678 atomic.StorepNoWB(unsafe.Pointer(&h.arenas[ri.l1()]), unsafe.Pointer(l2))
681 if l2[ri.l2()] != nil {
682 throw("arena already initialized")
685 r = (*heapArena)(h.heapArenaAlloc.alloc(unsafe.Sizeof(*r), goarch.PtrSize, &memstats.gcMiscSys))
687 r = (*heapArena)(persistentalloc(unsafe.Sizeof(*r), goarch.PtrSize, &memstats.gcMiscSys))
689 throw("out of memory allocating heap arena metadata")
693 // Add the arena to the arenas list.
694 if len(h.allArenas) == cap(h.allArenas) {
695 size := 2 * uintptr(cap(h.allArenas)) * goarch.PtrSize
699 newArray := (*notInHeap)(persistentalloc(size, goarch.PtrSize, &memstats.gcMiscSys))
701 throw("out of memory allocating allArenas")
703 oldSlice := h.allArenas
704 *(*notInHeapSlice)(unsafe.Pointer(&h.allArenas)) = notInHeapSlice{newArray, len(h.allArenas), int(size / goarch.PtrSize)}
705 copy(h.allArenas, oldSlice)
706 // Do not free the old backing array because
707 // there may be concurrent readers. Since we
708 // double the array each time, this can lead
709 // to at most 2x waste.
711 h.allArenas = h.allArenas[:len(h.allArenas)+1]
712 h.allArenas[len(h.allArenas)-1] = ri
714 // Store atomically just in case an object from the
715 // new heap arena becomes visible before the heap lock
716 // is released (which shouldn't happen, but there's
717 // little downside to this).
718 atomic.StorepNoWB(unsafe.Pointer(&l2[ri.l2()]), unsafe.Pointer(r))
721 // Tell the race detector about the new heap memory.
723 racemapshadow(v, size)
729 // sysReserveAligned is like sysReserve, but the returned pointer is
730 // aligned to align bytes. It may reserve either n or n+align bytes,
731 // so it returns the size that was reserved.
732 func sysReserveAligned(v unsafe.Pointer, size, align uintptr) (unsafe.Pointer, uintptr) {
733 // Since the alignment is rather large in uses of this
734 // function, we're not likely to get it by chance, so we ask
735 // for a larger region and remove the parts we don't need.
738 p := uintptr(sysReserve(v, size+align))
742 case p&(align-1) == 0:
743 // We got lucky and got an aligned region, so we can
744 // use the whole thing.
745 return unsafe.Pointer(p), size + align
746 case GOOS == "windows":
747 // On Windows we can't release pieces of a
748 // reservation, so we release the whole thing and
749 // re-reserve the aligned sub-region. This may race,
750 // so we may have to try again.
751 sysFreeOS(unsafe.Pointer(p), size+align)
752 p = alignUp(p, align)
753 p2 := sysReserve(unsafe.Pointer(p), size)
754 if p != uintptr(p2) {
755 // Must have raced. Try again.
757 if retries++; retries == 100 {
758 throw("failed to allocate aligned heap memory; too many retries")
765 // Trim off the unaligned parts.
766 pAligned := alignUp(p, align)
767 sysFreeOS(unsafe.Pointer(p), pAligned-p)
768 end := pAligned + size
769 endLen := (p + size + align) - end
771 sysFreeOS(unsafe.Pointer(end), endLen)
773 return unsafe.Pointer(pAligned), size
777 // base address for all 0-byte allocations
780 // nextFreeFast returns the next free object if one is quickly available.
781 // Otherwise it returns 0.
782 func nextFreeFast(s *mspan) gclinkptr {
783 theBit := sys.Ctz64(s.allocCache) // Is there a free object in the allocCache?
785 result := s.freeindex + uintptr(theBit)
786 if result < s.nelems {
787 freeidx := result + 1
788 if freeidx%64 == 0 && freeidx != s.nelems {
791 s.allocCache >>= uint(theBit + 1)
792 s.freeindex = freeidx
794 return gclinkptr(result*s.elemsize + s.base())
800 // nextFree returns the next free object from the cached span if one is available.
801 // Otherwise it refills the cache with a span with an available object and
802 // returns that object along with a flag indicating that this was a heavy
803 // weight allocation. If it is a heavy weight allocation the caller must
804 // determine whether a new GC cycle needs to be started or if the GC is active
805 // whether this goroutine needs to assist the GC.
807 // Must run in a non-preemptible context since otherwise the owner of
809 func (c *mcache) nextFree(spc spanClass) (v gclinkptr, s *mspan, shouldhelpgc bool) {
812 freeIndex := s.nextFreeIndex()
813 if freeIndex == s.nelems {
815 if uintptr(s.allocCount) != s.nelems {
816 println("runtime: s.allocCount=", s.allocCount, "s.nelems=", s.nelems)
817 throw("s.allocCount != s.nelems && freeIndex == s.nelems")
823 freeIndex = s.nextFreeIndex()
826 if freeIndex >= s.nelems {
827 throw("freeIndex is not valid")
830 v = gclinkptr(freeIndex*s.elemsize + s.base())
832 if uintptr(s.allocCount) > s.nelems {
833 println("s.allocCount=", s.allocCount, "s.nelems=", s.nelems)
834 throw("s.allocCount > s.nelems")
839 // Allocate an object of size bytes.
840 // Small objects are allocated from the per-P cache's free lists.
841 // Large objects (> 32 kB) are allocated straight from the heap.
842 func mallocgc(size uintptr, typ *_type, needzero bool) unsafe.Pointer {
843 if gcphase == _GCmarktermination {
844 throw("mallocgc called with gcphase == _GCmarktermination")
848 return unsafe.Pointer(&zerobase)
852 // Refer to ASAN runtime library, the malloc() function allocates extra memory,
853 // the redzone, around the user requested memory region. And the redzones are marked
854 // as unaddressable. We perform the same operations in Go to detect the overflows or
856 size += computeRZlog(size)
863 // TODO(austin): This should be just
864 // align = uintptr(typ.align)
865 // but that's only 4 on 32-bit platforms,
866 // even if there's a uint64 field in typ (see #599).
867 // This causes 64-bit atomic accesses to panic.
868 // Hence, we use stricter alignment that matches
869 // the normal allocator better.
872 } else if size&3 == 0 {
874 } else if size&1 == 0 {
880 return persistentalloc(size, align, &memstats.other_sys)
883 if inittrace.active && inittrace.id == getg().goid {
884 // Init functions are executed sequentially in a single goroutine.
885 inittrace.allocs += 1
889 // assistG is the G to charge for this allocation, or nil if
890 // GC is not currently active.
892 if gcBlackenEnabled != 0 {
893 // Charge the current user G for this allocation.
895 if assistG.m.curg != nil {
896 assistG = assistG.m.curg
898 // Charge the allocation against the G. We'll account
899 // for internal fragmentation at the end of mallocgc.
900 assistG.gcAssistBytes -= int64(size)
902 if assistG.gcAssistBytes < 0 {
903 // This G is in debt. Assist the GC to correct
904 // this before allocating. This must happen
905 // before disabling preemption.
906 gcAssistAlloc(assistG)
910 // Set mp.mallocing to keep from being preempted by GC.
912 if mp.mallocing != 0 {
913 throw("malloc deadlock")
915 if mp.gsignal == getg() {
916 throw("malloc during signal")
920 shouldhelpgc := false
924 throw("mallocgc called without a P or outside bootstrapping")
928 noscan := typ == nil || typ.ptrdata == 0
929 // In some cases block zeroing can profitably (for latency reduction purposes)
930 // be delayed till preemption is possible; delayedZeroing tracks that state.
931 delayedZeroing := false
932 if size <= maxSmallSize {
933 if noscan && size < maxTinySize {
936 // Tiny allocator combines several tiny allocation requests
937 // into a single memory block. The resulting memory block
938 // is freed when all subobjects are unreachable. The subobjects
939 // must be noscan (don't have pointers), this ensures that
940 // the amount of potentially wasted memory is bounded.
942 // Size of the memory block used for combining (maxTinySize) is tunable.
943 // Current setting is 16 bytes, which relates to 2x worst case memory
944 // wastage (when all but one subobjects are unreachable).
945 // 8 bytes would result in no wastage at all, but provides less
946 // opportunities for combining.
947 // 32 bytes provides more opportunities for combining,
948 // but can lead to 4x worst case wastage.
949 // The best case winning is 8x regardless of block size.
951 // Objects obtained from tiny allocator must not be freed explicitly.
952 // So when an object will be freed explicitly, we ensure that
953 // its size >= maxTinySize.
955 // SetFinalizer has a special case for objects potentially coming
956 // from tiny allocator, it such case it allows to set finalizers
957 // for an inner byte of a memory block.
959 // The main targets of tiny allocator are small strings and
960 // standalone escaping variables. On a json benchmark
961 // the allocator reduces number of allocations by ~12% and
962 // reduces heap size by ~20%.
964 // Align tiny pointer for required (conservative) alignment.
966 off = alignUp(off, 8)
967 } else if goarch.PtrSize == 4 && size == 12 {
968 // Conservatively align 12-byte objects to 8 bytes on 32-bit
969 // systems so that objects whose first field is a 64-bit
970 // value is aligned to 8 bytes and does not cause a fault on
971 // atomic access. See issue 37262.
972 // TODO(mknyszek): Remove this workaround if/when issue 36606
974 off = alignUp(off, 8)
975 } else if size&3 == 0 {
976 off = alignUp(off, 4)
977 } else if size&1 == 0 {
978 off = alignUp(off, 2)
980 if off+size <= maxTinySize && c.tiny != 0 {
981 // The object fits into existing tiny block.
982 x = unsafe.Pointer(c.tiny + off)
983 c.tinyoffset = off + size
989 // Allocate a new maxTinySize block.
990 span = c.alloc[tinySpanClass]
991 v := nextFreeFast(span)
993 v, span, shouldhelpgc = c.nextFree(tinySpanClass)
995 x = unsafe.Pointer(v)
996 (*[2]uint64)(x)[0] = 0
997 (*[2]uint64)(x)[1] = 0
998 // See if we need to replace the existing tiny block with the new one
999 // based on amount of remaining free space.
1000 if !raceenabled && (size < c.tinyoffset || c.tiny == 0) {
1001 // Note: disabled when race detector is on, see comment near end of this function.
1008 if size <= smallSizeMax-8 {
1009 sizeclass = size_to_class8[divRoundUp(size, smallSizeDiv)]
1011 sizeclass = size_to_class128[divRoundUp(size-smallSizeMax, largeSizeDiv)]
1013 size = uintptr(class_to_size[sizeclass])
1014 spc := makeSpanClass(sizeclass, noscan)
1016 v := nextFreeFast(span)
1018 v, span, shouldhelpgc = c.nextFree(spc)
1020 x = unsafe.Pointer(v)
1021 if needzero && span.needzero != 0 {
1022 memclrNoHeapPointers(unsafe.Pointer(v), size)
1027 // For large allocations, keep track of zeroed state so that
1028 // bulk zeroing can be happen later in a preemptible context.
1029 span = c.allocLarge(size, noscan)
1032 size = span.elemsize
1033 x = unsafe.Pointer(span.base())
1034 if needzero && span.needzero != 0 {
1036 delayedZeroing = true
1038 memclrNoHeapPointers(x, size)
1039 // We've in theory cleared almost the whole span here,
1040 // and could take the extra step of actually clearing
1041 // the whole thing. However, don't. Any GC bits for the
1042 // uncleared parts will be zero, and it's just going to
1043 // be needzero = 1 once freed anyway.
1048 var scanSize uintptr
1050 heapBitsSetType(uintptr(x), size, dataSize, typ)
1051 if dataSize > typ.size {
1052 // Array allocation. If there are any
1053 // pointers, GC has to scan to the last
1055 if typ.ptrdata != 0 {
1056 scanSize = dataSize - typ.size + typ.ptrdata
1059 scanSize = typ.ptrdata
1061 c.scanAlloc += scanSize
1064 // Ensure that the stores above that initialize x to
1065 // type-safe memory and set the heap bits occur before
1066 // the caller can make x observable to the garbage
1067 // collector. Otherwise, on weakly ordered machines,
1068 // the garbage collector could follow a pointer to x,
1069 // but see uninitialized memory or stale heap bits.
1070 publicationBarrier()
1072 // Allocate black during GC.
1073 // All slots hold nil so no scanning is needed.
1074 // This may be racing with GC so do it atomically if there can be
1075 // a race marking the bit.
1076 if gcphase != _GCoff {
1077 gcmarknewobject(span, uintptr(x), size, scanSize)
1089 // We should only read/write the memory with the size asked by the user.
1090 // The rest of the allocated memory should be poisoned, so that we can report
1091 // errors when accessing poisoned memory.
1092 // The allocated memory is larger than required userSize, it will also include
1093 // redzone and some other padding bytes.
1094 rzBeg := unsafe.Add(x, userSize)
1095 asanpoison(rzBeg, size-userSize)
1096 asanunpoison(x, userSize)
1099 if rate := MemProfileRate; rate > 0 {
1100 // Note cache c only valid while m acquired; see #47302
1101 if rate != 1 && size < c.nextSample {
1102 c.nextSample -= size
1104 profilealloc(mp, x, size)
1110 // Pointerfree data can be zeroed late in a context where preemption can occur.
1111 // x will keep the memory alive.
1114 throw("delayed zeroing on data that may contain pointers")
1116 memclrNoHeapPointersChunked(size, x) // This is a possible preemption point: see #47302
1120 if debug.allocfreetrace != 0 {
1121 tracealloc(x, size, typ)
1124 if inittrace.active && inittrace.id == getg().goid {
1125 // Init functions are executed sequentially in a single goroutine.
1126 inittrace.bytes += uint64(size)
1131 // Account for internal fragmentation in the assist
1132 // debt now that we know it.
1133 assistG.gcAssistBytes -= int64(size - dataSize)
1137 if t := (gcTrigger{kind: gcTriggerHeap}); t.test() {
1142 if raceenabled && noscan && dataSize < maxTinySize {
1143 // Pad tinysize allocations so they are aligned with the end
1144 // of the tinyalloc region. This ensures that any arithmetic
1145 // that goes off the top end of the object will be detectable
1146 // by checkptr (issue 38872).
1147 // Note that we disable tinyalloc when raceenabled for this to work.
1148 // TODO: This padding is only performed when the race detector
1149 // is enabled. It would be nice to enable it if any package
1150 // was compiled with checkptr, but there's no easy way to
1151 // detect that (especially at compile time).
1152 // TODO: enable this padding for all allocations, not just
1153 // tinyalloc ones. It's tricky because of pointer maps.
1154 // Maybe just all noscan objects?
1155 x = add(x, size-dataSize)
1161 // memclrNoHeapPointersChunked repeatedly calls memclrNoHeapPointers
1162 // on chunks of the buffer to be zeroed, with opportunities for preemption
1163 // along the way. memclrNoHeapPointers contains no safepoints and also
1164 // cannot be preemptively scheduled, so this provides a still-efficient
1165 // block copy that can also be preempted on a reasonable granularity.
1167 // Use this with care; if the data being cleared is tagged to contain
1168 // pointers, this allows the GC to run before it is all cleared.
1169 func memclrNoHeapPointersChunked(size uintptr, x unsafe.Pointer) {
1171 // got this from benchmarking. 128k is too small, 512k is too large.
1172 const chunkBytes = 256 * 1024
1174 for voff := v; voff < vsize; voff = voff + chunkBytes {
1176 // may hold locks, e.g., profiling
1179 // clear min(avail, lump) bytes
1184 memclrNoHeapPointers(unsafe.Pointer(voff), n)
1188 // implementation of new builtin
1189 // compiler (both frontend and SSA backend) knows the signature
1191 func newobject(typ *_type) unsafe.Pointer {
1192 return mallocgc(typ.size, typ, true)
1195 //go:linkname reflect_unsafe_New reflect.unsafe_New
1196 func reflect_unsafe_New(typ *_type) unsafe.Pointer {
1197 return mallocgc(typ.size, typ, true)
1200 //go:linkname reflectlite_unsafe_New internal/reflectlite.unsafe_New
1201 func reflectlite_unsafe_New(typ *_type) unsafe.Pointer {
1202 return mallocgc(typ.size, typ, true)
1205 // newarray allocates an array of n elements of type typ.
1206 func newarray(typ *_type, n int) unsafe.Pointer {
1208 return mallocgc(typ.size, typ, true)
1210 mem, overflow := math.MulUintptr(typ.size, uintptr(n))
1211 if overflow || mem > maxAlloc || n < 0 {
1212 panic(plainError("runtime: allocation size out of range"))
1214 return mallocgc(mem, typ, true)
1217 //go:linkname reflect_unsafe_NewArray reflect.unsafe_NewArray
1218 func reflect_unsafe_NewArray(typ *_type, n int) unsafe.Pointer {
1219 return newarray(typ, n)
1222 func profilealloc(mp *m, x unsafe.Pointer, size uintptr) {
1225 throw("profilealloc called without a P or outside bootstrapping")
1227 c.nextSample = nextSample()
1228 mProf_Malloc(x, size)
1231 // nextSample returns the next sampling point for heap profiling. The goal is
1232 // to sample allocations on average every MemProfileRate bytes, but with a
1233 // completely random distribution over the allocation timeline; this
1234 // corresponds to a Poisson process with parameter MemProfileRate. In Poisson
1235 // processes, the distance between two samples follows the exponential
1236 // distribution (exp(MemProfileRate)), so the best return value is a random
1237 // number taken from an exponential distribution whose mean is MemProfileRate.
1238 func nextSample() uintptr {
1239 if MemProfileRate == 1 {
1240 // Callers assign our return value to
1241 // mcache.next_sample, but next_sample is not used
1242 // when the rate is 1. So avoid the math below and
1243 // just return something.
1246 if GOOS == "plan9" {
1247 // Plan 9 doesn't support floating point in note handler.
1248 if g := getg(); g == g.m.gsignal {
1249 return nextSampleNoFP()
1253 return uintptr(fastexprand(MemProfileRate))
1256 // fastexprand returns a random number from an exponential distribution with
1257 // the specified mean.
1258 func fastexprand(mean int) int32 {
1259 // Avoid overflow. Maximum possible step is
1260 // -ln(1/(1<<randomBitCount)) * mean, approximately 20 * mean.
1262 case mean > 0x7000000:
1268 // Take a random sample of the exponential distribution exp(-mean*x).
1269 // The probability distribution function is mean*exp(-mean*x), so the CDF is
1270 // p = 1 - exp(-mean*x), so
1271 // q = 1 - p == exp(-mean*x)
1272 // log_e(q) = -mean*x
1273 // -log_e(q)/mean = x
1274 // x = -log_e(q) * mean
1275 // x = log_2(q) * (-log_e(2)) * mean ; Using log_2 for efficiency
1276 const randomBitCount = 26
1277 q := fastrandn(1<<randomBitCount) + 1
1278 qlog := fastlog2(float64(q)) - randomBitCount
1282 const minusLog2 = -0.6931471805599453 // -ln(2)
1283 return int32(qlog*(minusLog2*float64(mean))) + 1
1286 // nextSampleNoFP is similar to nextSample, but uses older,
1287 // simpler code to avoid floating point.
1288 func nextSampleNoFP() uintptr {
1289 // Set first allocation sample size.
1290 rate := MemProfileRate
1291 if rate > 0x3fffffff { // make 2*rate not overflow
1295 return uintptr(fastrandn(uint32(2 * rate)))
1300 type persistentAlloc struct {
1305 var globalAlloc struct {
1310 // persistentChunkSize is the number of bytes we allocate when we grow
1311 // a persistentAlloc.
1312 const persistentChunkSize = 256 << 10
1314 // persistentChunks is a list of all the persistent chunks we have
1315 // allocated. The list is maintained through the first word in the
1316 // persistent chunk. This is updated atomically.
1317 var persistentChunks *notInHeap
1319 // Wrapper around sysAlloc that can allocate small chunks.
1320 // There is no associated free operation.
1321 // Intended for things like function/type/debug-related persistent data.
1322 // If align is 0, uses default align (currently 8).
1323 // The returned memory will be zeroed.
1324 // sysStat must be non-nil.
1326 // Consider marking persistentalloc'd types go:notinheap.
1327 func persistentalloc(size, align uintptr, sysStat *sysMemStat) unsafe.Pointer {
1329 systemstack(func() {
1330 p = persistentalloc1(size, align, sysStat)
1332 return unsafe.Pointer(p)
1335 // Must run on system stack because stack growth can (re)invoke it.
1339 func persistentalloc1(size, align uintptr, sysStat *sysMemStat) *notInHeap {
1341 maxBlock = 64 << 10 // VM reservation granularity is 64K on windows
1345 throw("persistentalloc: size == 0")
1348 if align&(align-1) != 0 {
1349 throw("persistentalloc: align is not a power of 2")
1351 if align > _PageSize {
1352 throw("persistentalloc: align is too large")
1358 if size >= maxBlock {
1359 return (*notInHeap)(sysAlloc(size, sysStat))
1363 var persistent *persistentAlloc
1364 if mp != nil && mp.p != 0 {
1365 persistent = &mp.p.ptr().palloc
1367 lock(&globalAlloc.mutex)
1368 persistent = &globalAlloc.persistentAlloc
1370 persistent.off = alignUp(persistent.off, align)
1371 if persistent.off+size > persistentChunkSize || persistent.base == nil {
1372 persistent.base = (*notInHeap)(sysAlloc(persistentChunkSize, &memstats.other_sys))
1373 if persistent.base == nil {
1374 if persistent == &globalAlloc.persistentAlloc {
1375 unlock(&globalAlloc.mutex)
1377 throw("runtime: cannot allocate memory")
1380 // Add the new chunk to the persistentChunks list.
1382 chunks := uintptr(unsafe.Pointer(persistentChunks))
1383 *(*uintptr)(unsafe.Pointer(persistent.base)) = chunks
1384 if atomic.Casuintptr((*uintptr)(unsafe.Pointer(&persistentChunks)), chunks, uintptr(unsafe.Pointer(persistent.base))) {
1388 persistent.off = alignUp(goarch.PtrSize, align)
1390 p := persistent.base.add(persistent.off)
1391 persistent.off += size
1393 if persistent == &globalAlloc.persistentAlloc {
1394 unlock(&globalAlloc.mutex)
1397 if sysStat != &memstats.other_sys {
1398 sysStat.add(int64(size))
1399 memstats.other_sys.add(-int64(size))
1404 // inPersistentAlloc reports whether p points to memory allocated by
1405 // persistentalloc. This must be nosplit because it is called by the
1406 // cgo checker code, which is called by the write barrier code.
1409 func inPersistentAlloc(p uintptr) bool {
1410 chunk := atomic.Loaduintptr((*uintptr)(unsafe.Pointer(&persistentChunks)))
1412 if p >= chunk && p < chunk+persistentChunkSize {
1415 chunk = *(*uintptr)(unsafe.Pointer(chunk))
1420 // linearAlloc is a simple linear allocator that pre-reserves a region
1421 // of memory and then optionally maps that region into the Ready state
1424 // The caller is responsible for locking.
1425 type linearAlloc struct {
1426 next uintptr // next free byte
1427 mapped uintptr // one byte past end of mapped space
1428 end uintptr // end of reserved space
1430 mapMemory bool // transition memory from Reserved to Ready if true
1433 func (l *linearAlloc) init(base, size uintptr, mapMemory bool) {
1434 if base+size < base {
1435 // Chop off the last byte. The runtime isn't prepared
1436 // to deal with situations where the bounds could overflow.
1437 // Leave that memory reserved, though, so we don't map it
1441 l.next, l.mapped = base, base
1443 l.mapMemory = mapMemory
1446 func (l *linearAlloc) alloc(size, align uintptr, sysStat *sysMemStat) unsafe.Pointer {
1447 p := alignUp(l.next, align)
1452 if pEnd := alignUp(l.next-1, physPageSize); pEnd > l.mapped {
1454 // Transition from Reserved to Prepared to Ready.
1455 n := pEnd - l.mapped
1456 sysMap(unsafe.Pointer(l.mapped), n, sysStat)
1457 sysUsed(unsafe.Pointer(l.mapped), n, n)
1461 return unsafe.Pointer(p)
1464 // notInHeap is off-heap memory allocated by a lower-level allocator
1465 // like sysAlloc or persistentAlloc.
1467 // In general, it's better to use real types marked as go:notinheap,
1468 // but this serves as a generic type for situations where that isn't
1469 // possible (like in the allocators).
1471 // TODO: Use this as the return type of sysAlloc, persistentAlloc, etc?
1474 type notInHeap struct{}
1476 func (p *notInHeap) add(bytes uintptr) *notInHeap {
1477 return (*notInHeap)(unsafe.Pointer(uintptr(unsafe.Pointer(p)) + bytes))
1480 // computeRZlog computes the size of the redzone.
1481 // Refer to the implementation of the compiler-rt.
1482 func computeRZlog(userSize uintptr) uintptr {
1484 case userSize <= (64 - 16):
1486 case userSize <= (128 - 32):
1488 case userSize <= (512 - 64):
1490 case userSize <= (4096 - 128):
1492 case userSize <= (1<<14)-256:
1494 case userSize <= (1<<15)-512:
1496 case userSize <= (1<<16)-1024: