On Dec 3, 2014, at 6:17 AM, cee1 <[email protected]> wrote: > I'm learning the code of jemalloc 3.6.0, I find in arena_run_dalloc() > """ > if (size == arena_maxclass) > arena_chunk_dealloc(arena, chunk); > """ > > And in arena_chunk_dealloc(): > """ > if (arena->spare != NULL) { > arena_chunk_t *spare = arena->spare; > > arena->spare = chunk; > malloc_mutex_unlock(&arena->lock); > > chunk_dealloc((void *)spare, chunksize, true); > > malloc_mutex_lock(&arena->lock); > """ > > Here the old spare chunk is replaced by the new one and dealloced. > > The deallocating process is done without the lock protection. In this > lockless period, is it possible another arena_chunk_dealloc running in > another thread replaces and deallocates ** our new spare chunk ** ? > Which is still in the chunks_dirty tree and will be accessed by the > purge process later.
The chunk being passed to chunk_dealloc() has been completely dissociated from the arena prior to the malloc_mutex_unlock() call, so there's no way for it to be accessed by the arena again. If another thread concurrently calls into arena_chunk_dealloc() to deallocate the current spare, then the same logic holds for that chunk deallocation. Jason _______________________________________________ jemalloc-discuss mailing list [email protected] http://www.canonware.com/mailman/listinfo/jemalloc-discuss
