Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLSF memory allocator. Less free flash, moar free ram. #3572

Merged
merged 26 commits into from
May 15, 2024
Merged

TLSF memory allocator. Less free flash, moar free ram. #3572

merged 26 commits into from
May 15, 2024

Conversation

DrZlo13
Copy link
Member

@DrZlo13 DrZlo13 commented Apr 4, 2024
edited

What's new

  • Heap4 allocator is replaced by tlsf.
  • Moar free heap, less free flash.
  • Updater: properly read large update file.

Verification

  • Run unit_tests.
  • In general, everything is affected.
  • Update from any previous version to this one compiled with LIB_DEBUG=1 will not work (updater bug, see cab517f)
  • Update from this version to this one compiled with LIB_DEBUG=1 will work

Checklist (For Reviewer)

  • PR has description of feature/bug or link to Confluence/Jira task
  • Description contains actions to verify feature/bugfix
  • I've built this code, uploaded it to the device and verified feature/bugfix

@DrZlo13 DrZlo13 marked this pull request as draft April 4, 2024 20:59
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 4, 2024
edited

PVS-Studio report for commit 3a4bff82:

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 4, 2024
edited

Compiled f7 firmware for commit cab517fb:

@DrZlo13 DrZlo13 self-assigned this Apr 8, 2024
@DrZlo13 DrZlo13 changed the title TLSF TLSF memory allocator. Less free flash, moar free ram. Apr 8, 2024
@DrZlo13 DrZlo13 mentioned this pull request Apr 8, 2024
Open
@CookiePLMonster
Copy link
Contributor

CookiePLMonster commented Apr 9, 2024
edited

Could maybe aligned_malloc be removed in favour of aligned_alloc while you're breaking API anyway? Less symbols and coincidentally also better conformance with the C standard, especially now that non-standard aligned_free is gone:
https://en.cppreference.com/w/c/memory/aligned_alloc

Or does definining standard C symbols come with other gotchas?

EDIT:
The order of parameters is swapped between the two, that's nasty 😑

@Willy-JL
Copy link
Contributor

Willy-JL commented Apr 9, 2024

perhaps as suggested in #3574 and on discord contributor chat, could have along malloc() also a malloc_nothrow() that does not crash on size=0 or out of memory? i get wanting to keep strict standards to make sure things dont go wrong due to the nature of embedded systems, but also maybe it should be availableas an option. not the default, but available if necessary

@CookiePLMonster
Copy link
Contributor

perhaps as suggested in #3574 and on discord contributor chat, could have along malloc() also a malloc_nothrow() that does not crash on size=0 or out of memory? i get wanting to keep strict standards to make sure things dont go wrong due to the nature of embedded systems, but also maybe it should be availableas an option. not the default, but available if necessary

Ever since we discussed it, I had a realization. Realistically, this would only work for very temporary allocations, maybe even with the scheduler disabled, for a simple reason - if the OS is so close to OOM so a nothrow allocator fails (gracefully), one of the two can happen:

  1. nothrow allocator succeeds, but now we're near OOM, and something else in the firmware is likely going to try allocate memory soon-ish and crash.
  2. nothrow allocator doesn't succeed because we're past OOM. The same scenario happens - something else in the firmware is likely going to crash soon, and the nothrow allocator has only bought us some time.

Or am I missing some scenario, or overestimating how many "random" allocations the firmware is doing when doing its thing?

@CookiePLMonster
Copy link
Contributor

CookiePLMonster commented Apr 9, 2024
edited

Max heap size check is prone to a race though, unless the program checks the heap size and mallocs with the memory manager locked. A nothrow alloc abstracts this detail away from the program.

That said, if the program needs to be memory-layout-aware enough to check for the max heap size, it can also just lock the heap for this operation, especially since the heap lock is recursive, so allocating with a held lock is OK.

EDIT: Nevermind, heap lock/unlock are not public symbols.

@DrZlo13
Copy link
Member Author

DrZlo13 commented Apr 10, 2024

@Willy-JL @CookiePLMonster
First of all, I personally don't see how malloc_nothrow can be used at all. Iterate with decreasing size until it succeeds?
Second, I don't understand how it can be used safely. You need to leave something around 20k for the OS.
Third, we prefer not to give a loaded gun to anyone who is not smart enough to make and load it themselves.

(Hint: you can use block_walk and malloc while the kernel is stopped and even inside the critical section. Do not forget to start the kernel back, or exit from critical section to properly shoot your own leg off).

@CookiePLMonster
Copy link
Contributor

(Hint: you can use block_walk and malloc while the kernel is stopped and even inside the critical section. Do not forget to start the kernel back, or exit from critical section to properly shoot your own leg off).

Yeah, that's what I meant by locking the heap, as memmgr_lock and _unlock are effectively that. Suspending/resuming tasks is re-entrant so it's safe to suspend it twice (once from the user code, then again from malloc).

@DrZlo13 DrZlo13 marked this pull request as ready for review April 10, 2024 19:14
@Willy-JL Willy-JL mentioned this pull request Apr 17, 2024
Open
8 tasks
@hedger hedger added the Core+Services HAL, furi & core system services label May 8, 2024
skotopes
skotopes previously approved these changes May 15, 2024
View reviewed changes
@skotopes skotopes dismissed their stale review May 15, 2024 11:50

Broken update

@skotopes skotopes marked this pull request as draft May 15, 2024 11:53
@DrZlo13 DrZlo13 marked this pull request as ready for review May 15, 2024 15:08
@skotopes skotopes merged commit 1d17206 into dev May 15, 2024
11 checks passed
@skotopes skotopes deleted the zlo/allocator-playground branch May 15, 2024 15:47
@Sameesunkaria
Copy link
Contributor

💛

RogueMaster pushed a commit to RogueMaster/flipperzero-firmware-wPlugins that referenced this pull request May 16, 2024
@DrZlo13 @skotopes @xMasterX
TLSF memory allocator. Less free flash, moar free ram. (flipperdevice…
5dddb07 
…s#3572)

* add tlsf as submodule
* libs: tlsf
* Furi: tlsf as allocator
* Furi: heap walker
* shmal fixshesh
* f18: tlsf
* PVS: ignore tlsf
* I like to moving
* merge upcoming changes
* memmgr: alloc aligned, realloc
* Furi: distinct name for auxiliary memory pool
* Furi: put idle and timer thread to mem2
* Furi: fix smal things in allocator
* Furi: remove aligned_free. Use free instead.
* aligned_malloc -> aligned_alloc
* aligned_alloc, parameters order
* aligned_alloc: check that alignment is correct
* unit test: malloc
* unit tests: realloc and test with memory fragmentation
* unit tests: aligned_alloc
* update api
* updater: properly read large update file

Co-authored-by: Aleksandr Kutuzov <alleteam@gmail.com>
skotopes added a commit that referenced this pull request May 16, 2024
@skotopes
Revert "TLSF memory allocator. Less free flash, moar free ram. (#3572)"
0fc40a3 
This reverts commit 1d17206.
hedger added a commit that referenced this pull request May 16, 2024
@skotopes @hedger
Revert "TLSF memory allocator. Less free flash, moar free ram. (#3572)…
7c63bf7 
…" (#3651)

* Revert "TLSF memory allocator. Less free flash, moar free ram. (#3572)"

This reverts commit 1d17206.

* Fix PVS warnings

* github: logging for ticket number checks to stdout

* memgr: removed offending todo

---------

Co-authored-by: hedger <hedger@nanode.su>
DrZlo13 added a commit that referenced this pull request May 16, 2024
@DrZlo13 @skotopes
TLSF memory allocator. Less free flash, moar free ram. (#3572)
e90dc38 
* add tlsf as submodule
* libs: tlsf
* Furi: tlsf as allocator
* Furi: heap walker
* shmal fixshesh
* f18: tlsf
* PVS: ignore tlsf
* I like to moving
* merge upcoming changes
* memmgr: alloc aligned, realloc
* Furi: distinct name for auxiliary memory pool
* Furi: put idle and timer thread to mem2
* Furi: fix smal things in allocator
* Furi: remove aligned_free. Use free instead.
* aligned_malloc -> aligned_alloc
* aligned_alloc, parameters order
* aligned_alloc: check that alignment is correct
* unit test: malloc
* unit tests: realloc and test with memory fragmentation
* unit tests: aligned_alloc
* update api
* updater: properly read large update file

Co-authored-by: Aleksandr Kutuzov <alleteam@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skotopes skotopes skotopes approved these changes

@hedger hedger Awaiting requested review from hedger hedger is a code owner

@gsurkov gsurkov Awaiting requested review from gsurkov gsurkov is a code owner

@nminaylov nminaylov Awaiting requested review from nminaylov nminaylov is a code owner

@gornekich gornekich Awaiting requested review from gornekich gornekich is a code owner

@Astrrra Astrrra Awaiting requested review from Astrrra Astrrra is a code owner

@Skorpionm Skorpionm Awaiting requested review from Skorpionm Skorpionm is a code owner

Assignees

@DrZlo13 DrZlo13

Labels
Core+Services HAL, furi & core system services
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@DrZlo13 @CookiePLMonster @Willy-JL @Sameesunkaria @skotopes @hedger