POOL(2)                                                   POOL(2)

     NAME
          poolalloc, poolfree, poolmsize, poolrealloc, poolcompact,
          poolcheck, poolblockcheck, pooldump - general memory
          management routines

     SYNOPSIS
          #include <u.h>

          #include <libc.h>

          #include <pool.h>

          void*     poolalloc(Pool* pool, ulong size)

          void poolfree(Pool* pool, void* ptr)

          ulong     poolmsize(Pool* pool, void* ptr)

          void*     poolrealloc(Pool* pool, void* ptr, ulong size)

          void poolcompact(Pool* pool)

          void poolcheck(Pool *pool)

          void poolblockcheck(Pool *pool, void *ptr)

          void pooldump(Pool *pool);

     DESCRIPTION
          These routines provide a general memory management facility.
          Memory is retrieved from a coarser allocator (e.g. sbrk or
          the kernel's xalloc) and then allocated to callers.  The
          routines are locked and thus may safely be used in multipro-
          cess programs.

          Poolalloc attempts to allocate a block of size size; it
          returns a pointer to the block when successful and nil oth-
          erwise.  The call poolalloc(0) returns a non-nil pointer.
          Poolfree returns an allocated block to the pool.  It is an
          error to free a block more than once or to free a pointer
          not returned by poolalloc. The call poolfree(nil) is legal
          and is a no-op.  Poolrealloc attempts to resize to nsize
          bytes the block associated with ptr, which must have been
          previously returned by poolalloc or poolrealloc. If the
          block's size can be adjusted, a (possibly different) pointer
          to the new block is returned.  The contents up to the lesser
          of the old and new sizes are unchanged.  After a successful
          call to poolrealloc, the return value should be used rather
          than ptr to access the block.  If the request cannot be sat-
          isfied, poolrealloc returns nil, and the old pointer remains

     Page 1                       Plan 9            (printed 11/23/24)

     POOL(2)                                                   POOL(2)

          valid.

          When blocks are allocated, there is often some extra space
          left at the end that would usually go unused.  Poolmsize
          grows the block to encompass this extra space and returns
          the new size.

          The poolblockcheck and poolcheck routines validate a single
          allocated block or the entire pool, respectively.  They call
          panic (see below) if corruption is detected.  Pooldump
          prints a summary line for every block in the pool, using the
          print function (see below).

          The Pool structure itself provides much of the setup inter-
          face.

               typedef struct Pool Pool;
               struct Pool {
                   char* name;
                   ulong maxsize;      /* of entire Pool */
                   ulong cursize;      /* of Pool */
                   ulong curfree;      /* total free bytes in Pool */
                   ulong curalloc;     /* total allocated bytes in Pool */
                   ulong minarena;     /* smallest size of new arena */
                   ulong quantum;      /* allocated blocks should be multiple of */
                   ulong minblock;     /* smallest newly allocated block */
                   int   flags;
                   int   nfree;        /* number of calls to free */
                   int   lastcompact;  /* nfree at time of last poolcompact */
                   void* (*alloc)(ulong);
                   int   (*merge)(void*, void*);
                   void  (*move)(void* from, void* to);
                   void  (*lock)(Pool*);
                   void  (*unlock)(Pool*);
                   void  (*print)(Pool*, char*, ...);
                   void  (*panic)(Pool*, char*, ...);
                   void  (*logstack)(Pool*);
                   void* private;
               };
               enum {  /* flags */
                   POOL_ANTAGONISM = 1<<0,
                   POOL_PARANOIA   = 1<<1,
                   POOL_VERBOSITY  = 1<<2,
                   POOL_DEBUGGING  = 1<<3,
                   POOL_LOGGING    = 1<<4,
                   POOL_TOLERANCE  = 1<<5,
               };

          The pool obtains arenas of memory to manage by calling the
          the given alloc routine.  The total number of requested
          bytes will not exceed maxsize.  Each allocation request will
          be for at least minarena bytes.

     Page 2                       Plan 9            (printed 11/23/24)

     POOL(2)                                                   POOL(2)

          When a new arena is allocated, the pool routines try to
          merge it with the surrounding arenas, in an attempt to com-
          bat fragmentation.  If merge is non-nil, it is called with
          the addresses of two blocks from alloc that the pool rou-
          tines suspect might be adjacent.  If they are not mergeable,
          merge must return zero.  If they are mergeable, merge should
          merge them into one block in its own bookkeeping and return
          non-zero.

          To ease fragmentation and make block reuse easier, the sizes
          requested of the pool routines are rounded up to a multiple
          of quantum before the carrying out requests.  If, after
          rounding, the block size is still less than minblock bytes,
          minblock will be used as the block size.

          Poolcompact defragments the pool, moving blocks in order to
          aggregate the free space.  Each time it moves a block, it
          notifies the move routine that the contents have moved.  At
          the time that move is called, the contents have already
          moved, so from should never be dereferenced.  If no move
          routine is supplied (i.e. it is nil), then calling
          poolcompact is a no-op.

          When the pool routines need to allocate a new arena but can-
          not, either because alloc has returned nil or because doing
          so would use more than maxsize bytes, poolcompact is called
          once to defragment the memory and the request is retried.

          Pools are protected by the pool routines calling lock (when
          non-nil) before modifying the pool, and calling unlock when
          finished.

          When internal corruption is detected, panic is called with a
          print(2) style argument that specifies what happened.  It is
          assumed that panic never returns.  When the pool routines
          wish to convey a message to the caller (usually because log-
          ging is turned on; see below), print is called, also with a
          print(2) style argument.

          Flags is a bit vector that tweaks the behavior of the pool
          routines in various ways.  Most are useful for debugging in
          one way or another.  When POOL_ANTAGONISM is set, poolalloc
          fills blocks with non-zero garbage before releasing them to
          the user, and poolfree fills the blocks on receipt.  This
          tickles both user programs and the innards of the allocator.
          Specifically, each 32-bit word of the memory is marked with
          a pointer value exclusive-or'ed with a constant.  The
          pointer value is the pointer to the beginning of the allo-
          cated block and the constant varies in order to distinguish
          different markings.  Freed blocks use the constant
          0xF7000000, newly allocated blocks 0xF9000000, and newly
          created unallocated blocks 0xF1000000.  For example, if

     Page 3                       Plan 9            (printed 11/23/24)

     POOL(2)                                                   POOL(2)

          POOL_ANTAGONISM is set and poolalloc returns a block start-
          ing at 0x00012345, each word of the block will contain the
          value 0xF90012345.  Recognizing these numbers in memory-
          related crashes can help diagnose things like double-frees
          or dangling pointers.

          Setting POOL_PARANOIA causes the allocator to walk the
          entire pool whenever locking or unlocking itself, looking
          for corruption.  This slows runtime by a few orders of mag-
          nitude when many blocks are in use.  If POOL_VERBOSITY is
          set, the entire pool structure is printed (via print) each
          time the pool is locked or unlocked.  POOL_DEBUGGING enables
          internal debugging output, whose format is unspecified and
          volatile.  It should not be used by most programs.  When
          POOL_LOGGING is set, a single line is printed via print at
          the beginning and end of each pool call.  If logstack is not
          nil, it will be called as well.  This provides a mechanism
          for external programs to search for leaks.  (See
          debugmalloc(2) for one such mechanism.)

          The pool routines are strict about the amount of space call-
          ers use.  If even a single byte is written past the end of
          the allotted space of a block, they will notice when that
          block is next used in a call to poolrealloc or free (or at
          the next entry into the allocator, when POOL_PARANOIA is
          set), and panic will be called.  Since forgetting to allo-
          cate space for the terminating NUL on strings is such a com-
          mon error, if POOL_TOLERANCE is set and a single NUL is
          found written past the end of a block, print will be called
          with a notification, but panic will not be.

     EXAMPLE
          A complete example follows.

               static void*    sbrkalloc(ulong);
               static int  sbrkmerge(void*, void*);
               static void plock(Pool*);
               static void punlock(Pool*);
               static void pprint(Pool*, char*, ...);
               static void ppanic(Pool*, char*, ...);
               typedef struct Private  Private;
               struct Private {
                   Lock;
                   int fd;
               };
               static Private sbrkpriv;
               Pool sbrkmem = {
                   .name=  "sbrkmem",
                   .maxsize=   2*1024*1024*1024,
                   .minarena=  4*1024,
                   .quantum=   32,
                   .alloc= sbrkalloc,

     Page 4                       Plan 9            (printed 11/23/24)

     POOL(2)                                                   POOL(2)

                   .merge= sbrkmerge,
                   .flags= 0,

                   .lock=  plock,
                   .unlock=    punlock,
                   .print= pprint,
                   .panic= ppanic,
                   .private=   &sbrkpriv,
               };

               /* sbrk with minimal bookkeeping so we can handle merge calls */
               static void*
               sbrkalloc(ulong n)
               {
                   long *x;

                   n += 8; /* two longs for us */
                   x = sbrk(n);
                   if((int)x == -1)
                       x = nil;
                   x[0] = (n+7)&~7;    /* sbrk rounds size up to mult. of 8 */
                   x[1] = 0xDeadBeef;
                   return x+2;
               }

               static int
               sbrkmerge(void *x, void *y)
               {
                   long *lx, *ly;

                   lx = x;
                   if(lx[-1] != 0xDeadBeef)
                       abort();

                   if((uchar*)lx+lx[-2] == (uchar*)y) {
                       ly = y;
                       lx[-2] += ly[-2];
                       return 1;
                   }
                   return 0;
               }

               static void
               plock(Pool *p)
               {
                   Private *priv = p->private;
                   lock(priv);
               }

               static void
               punlock(Pool *p)
               {

     Page 5                       Plan 9            (printed 11/23/24)

     POOL(2)                                                   POOL(2)

                   Private *priv = p->private;
                   unlock(priv);
               }

               static void
               pprint(Pool *p, char *fmt, ...)
               {
                   Private *priv = p->private;
                   int n;
                   va_list v;
                   char buf[128];

                   va_start(v, fmt);
                   n = doprint(buf, buf+sizeof buf, fmt, v)-buf;
                   va_end(v);
                   write(priv->fd, buf, n);
               }

               static void
               ppanic(Pool*, char *fmt, ...)
               {
                   va_list v;
                   int n;
                   char buf[128];

                   va_start(v, fmt);
                   n = doprint(buf, buf+sizeof buf, fmt, v)-buf;
                   va_end(v);
                   write(2, "panic: ", 7);
                   write(2, buf, n);
                   write(2, "0, 1);
                   abort();
               }

               void*
               malloc(ulong size)
               {
                   return poolalloc(&sbrkmem, size);
               }

     SOURCE
          /sys/src/libc/port/pool.c

     SEE ALSO
          debugmalloc(2), malloc(2), brk(2)

     BUGS
          The implementation of POOL_TOLERANCE is slightly incomplete
          - there exists one case in which the pool is still not tol-
          erant of NUL bytes.

          Errstr is not always set.

     Page 6                       Plan 9            (printed 11/23/24)

     POOL(2)                                                   POOL(2)

          The example is too long.

     Page 7                       Plan 9            (printed 11/23/24)