{"id":1066,"date":"2026-05-21T14:00:01","date_gmt":"2026-05-21T06:00:01","guid":{"rendered":"http:\/\/lycoreco.cn\/?p=1066"},"modified":"2026-05-21T14:02:55","modified_gmt":"2026-05-21T06:02:55","slug":"%e5%a0%86%e7%9b%b8%e5%85%b3%e6%95%b0%e6%8d%ae%e7%bb%93%e6%9e%84","status":"publish","type":"post","link":"http:\/\/lycoreco.cn\/index.php\/2026\/05\/21\/%e5%a0%86%e7%9b%b8%e5%85%b3%e6%95%b0%e6%8d%ae%e7%bb%93%e6%9e%84\/","title":{"rendered":"\u5806\u76f8\u5173\u6570\u636e\u7ed3\u6784"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">\u524d\u8a00<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u770b\u96ea\u7b14\u8bb0\uff0c\u5e0c\u671b\u5bf9\u4f60\u6709\u5e2e\u52a9\uff0cOrz<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">malloc_par<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728 ptmalloc \u4e2d\u4f7f\u7528 <code>malloc_par<\/code> \u7ed3\u6784\u4f53\u6765\u8bb0\u5f55\u5806\u7ba1\u7406\u5668\u7684\u76f8\u5173\u53c2\u6570\uff0c\u8be5\u7ed3\u6784\u4f53\u5b9a\u4e49\u4e8e <code>malloc.c<\/code> \u4e2d\uff0c\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>struct malloc_par\n{\n  \/* Tunable parameters *\/\n  unsigned long trim_threshold;\n  INTERNAL_SIZE_T top_pad;\n  INTERNAL_SIZE_T mmap_threshold;\n  INTERNAL_SIZE_T arena_test;\n  INTERNAL_SIZE_T arena_max;\n \n  \/* Memory map support *\/\n  int n_mmaps;\n  int n_mmaps_max;\n  int max_n_mmaps;\n  \/* the mmap_threshold is dynamic, until the user sets\n     it manually, at which point we need to disable any\n     dynamic behavior. *\/\n  int no_dyn_threshold;\n \n  \/* Statistics *\/\n  INTERNAL_SIZE_T mmapped_mem;\n  \/*INTERNAL_SIZE_T  sbrked_mem;*\/\n  \/*INTERNAL_SIZE_T  max_sbrked_mem;*\/\n  INTERNAL_SIZE_T max_mmapped_mem;\n  INTERNAL_SIZE_T max_total_mem;  \/* only kept for NO_THREADS *\/\n \n  \/* First address handed out by MORECORE\/sbrk.  *\/\n  char *sbrk_base;\n};<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u4e3b\u8981\u662f\u5b9a\u4e49\u4e86\u548c <code>mmap<\/code> \u548c <code>arena<\/code> \u76f8\u5173\u7684\u4e00\u4e9b\u53c2\u6570\uff08\u5982\u6570\u91cf\u4e0a\u9650\u7b49\uff09\uff0c\u4ee5\u53ca <code>sbrk<\/code> \u7684\u57fa\u5740\uff0c\u5176\u4e2d\u91cd\u8981\u7684\u53c2\u6570\u89e3\u91ca\u5982\u4e0b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>top_pad<\/code>\uff1a\u521d\u59cb\u5316\u6216\u6269\u5c55\u5806\u7684\u65f6\u5019\u9700\u8981\u591a\u7533\u8bf7\u7684\u5185\u5b58\u5927\u5c0f\u3002<\/li>\n\n\n\n<li><code>mmap_threshold<\/code>\uff1a\u51b3\u5b9a <code>sysmalloc<\/code> \u662f\u901a\u8fc7 <code>mmap<\/code> \u8fd8\u662f <code>sbrk<\/code> \u5206\u914d\u5185\u5b58\u7684\u754c\u9650\uff0c\u5373\u5982\u679c\u7533\u8bf7\u7684\u5185\u5b58\u5927\u5c0f\u4e0d\u5c0f\u4e8e\u8be5\u503c\u5219\u91c7\u7528 <code>mmap<\/code> \u5206\u914d\uff0c\u5426\u5219\u91c7\u7528 <code>sbrk<\/code> \u6269\u5c55 <code>heap<\/code> \u533a\u57df\u5206\u914d\u3002\u5e76\u4e14\u8fd9\u4e2a\u503c\u662f\u52a8\u6001\u8c03\u6574\u7684\uff0c\u5982\u679c\u91ca\u653e\u7684\u5185\u5b58\u662f\u901a\u8fc7 <code>mmap<\/code> \u5f97\u5230\u7684\u5219 <code>mmap_threshold<\/code> \u4e0e\u8be5\u5185\u5b58\u5927\u5c0f\u53d6 <code>max<\/code> \u3002\u5e76\u4e14 <code>mmap_threshold<\/code> \u6700\u5927\u4e0d\u80fd\u8d85\u8fc7 <code>DEFAULT_MMAP_THRESHOLD_MAX<\/code> \uff0c\u5373 0x2000000 \u3002<\/li>\n\n\n\n<li><code>trim_threshold<\/code>\uff1a\u7528\u4e8e <code>main_arena<\/code> \u4e2d\u4fdd\u7559\u5185\u5b58\u91cf\u7684\u63a7\u5236\u3002\u5f53\u91ca\u653e\u7684 <code>chunk<\/code> \u4e3a <code>mmap<\/code> \u83b7\u5f97\u7684\uff0c\u540c\u65f6\u5927\u5c0f\u5927\u4e8e <code>mmap_threshold<\/code> \uff0c\u5219\u9664\u4e86\u66f4\u65b0 <code>mmap_threshold<\/code> \u5916\u8fd8\u4f1a\u5c06 <code>trim_threshold<\/code> \u4e58 2 \u3002\u5f53\u91ca\u653e\u7684 <code>chunk<\/code> \u5927\u5c0f\u4e0d\u5728 fast bin \u8303\u56f4\u5408\u5e76\u5b8c <code>size<\/code> \u5927\u4e8e <code>FASTBIN_CONSOLIDATION_THRESHOLD<\/code> \u5373 0x10000 \uff0c\u4f1a\u6839\u636e\u8be5\u5b57\u6bb5\u7f29\u5c0f top chunk \u3002<\/li>\n\n\n\n<li><code>n_mmaps<\/code>\uff1a<code>mmap<\/code> \u7684\u5185\u5b58\u6570\u91cf\uff0c\u5373 ptmalloc \u6bcf\u6b21\u6210\u529f <code>mmap<\/code> \u5219 <code>n_mmaps<\/code> \u52a0 1\uff0cptmalloc \u6bcf\u6b21\u6210\u529f <code>munmap<\/code> \u5219 <code>n_mmaps<\/code> \u51cf 1 \u3002<\/li>\n\n\n\n<li><code>n_mmaps_max<\/code>\uff1a<code>n_mmaps<\/code> \u7684\u4e0a\u9650\uff0c\u5373\u6700\u591a\u80fd <code>mmap<\/code> \u7684\u5185\u5b58\u6570\u91cf\u3002<\/li>\n\n\n\n<li><code>max_n_mmaps<\/code>\uff1a<code>n_mmaps<\/code> \u8fbe\u5230\u8fc7\u7684\u6700\u5927\u503c\u3002<\/li>\n\n\n\n<li><code>mmapped_mem<\/code>\uff1a\u5f53\u524d <code>mmap<\/code> \u7684\u5185\u5b58\u5927\u5c0f\u603b\u548c\u3002<\/li>\n\n\n\n<li><code>max_mmapped_mem<\/code>\uff1a<code>mmap<\/code> \u7684\u5185\u5b58\u5927\u5c0f\u603b\u548c\u8fbe\u5230\u8fc7\u7684\u6700\u5927\u503c\u3002<\/li>\n\n\n\n<li><code>sbrk_base<\/code>\uff1a\u8868\u793a\u901a\u8fc7 <code>brk<\/code> \u7cfb\u7edf\u8c03\u7528\u7533\u8bf7\u7684 <code>heap<\/code> \u533a\u57df\u7684\u8d77\u59cb\u5730\u5740\u3002<\/li>\n\n\n\n<li><code>no_dyn_threshold<\/code>\uff1a\u8868\u793a\u662f\u5426\u7981\u7528 <code>heap<\/code> \u52a8\u6001\u8c03\u6574\u4fdd\u7559\u5185\u5b58\u7684\u5927\u5c0f\uff0c\u9ed8\u8ba4\u4e3a 0 \u3002<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u8be5\u7ed3\u6784\u4f53\u7c7b\u578b\u7684\u5b9e\u4f8b <code>mp_<\/code> \u7528\u4ee5\u8bb0\u5f55 ptmalloc \u76f8\u5173\u53c2\u6570\uff0c\u540c\u6837\u5b9a\u4e49\u4e8e <code>malloc.c<\/code> \u4e2d\uff0c\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># define DEFAULT_TOP_PAD 131072 \/\/ 0x20000\n#define DEFAULT_MMAP_MAX       (65536) \/\/ 0x10000\n#define DEFAULT_MMAP_THRESHOLD_MIN (128 * 1024)\n#define DEFAULT_MMAP_THRESHOLD DEFAULT_MMAP_THRESHOLD_MIN \/\/ 0x20000\n#define DEFAULT_TRIM_THRESHOLD (128 * 1024) \/\/ 0x20000\n \nstatic struct malloc_par mp_ =\n{\n  .top_pad = DEFAULT_TOP_PAD,\n  .n_mmaps_max = DEFAULT_MMAP_MAX,\n  .mmap_threshold = DEFAULT_MMAP_THRESHOLD,\n  .trim_threshold = DEFAULT_TRIM_THRESHOLD,\n#define NARENAS_FROM_NCORES(n) ((n) * (sizeof (long) == 4 ? 2 : 8))\n  .arena_test = NARENAS_FROM_NCORES (1)\n};<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><code>heap_info<\/code> \u4f4d\u4e8e\u4e00\u4e2a <code>heap<\/code> \u5757\u7684\u5f00\u5934\uff0c\u7528\u4ee5\u8bb0\u5f55\u901a\u8fc7 <code>mmap<\/code> \u7cfb\u7edf\u8c03\u7528\u4ece Memory Mapping Segment \u5904\u7533\u8bf7\u5230\u7684\u5185\u5b58\u5757\u7684\u4fe1\u606f\u3002\u5b9a\u4e49\u4e8e <code>arena.c<\/code> \u4e2d\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/* A heap is a single contiguous memory region holding (coalesceable)\n   malloc_chunks.  It is allocated with mmap() and always starts at an\n   address aligned to HEAP_MAX_SIZE.  *\/\n \ntypedef struct _heap_info\n{\n  mstate ar_ptr; \/* Arena for this heap. *\/\n  struct _heap_info *prev; \/* Previous heap. *\/\n  size_t size;   \/* Current size in bytes. *\/\n  size_t mprotect_size; \/* Size in bytes that has been mprotected\n                           PROT_READ|PROT_WRITE.  *\/\n  \/* Make sure the following data is properly aligned, particularly\n     that sizeof (heap_info) + 2 * SIZE_SZ is a multiple of\n     MALLOC_ALIGNMENT. *\/\n  char pad&#91;-6 * SIZE_SZ &amp; MALLOC_ALIGN_MASK];\n} heap_info;<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><code>heap_info<\/code> \u7ed3\u6784\u4f53\u7684\u6210\u5458\u5982\u4e0b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>ar_ptr<\/code>\uff1a\u6307\u5411\u7ba1\u7406\u8be5\u5806\u5757\u7684 arena<\/li>\n\n\n\n<li><code>prev<\/code>\uff1a\u8be5heap_info\u6240\u94fe\u63a5\u7684\u4e0a\u4e00\u4e2a heap_info<\/li>\n\n\n\n<li><code>size<\/code>\uff1a\u8bb0\u5f55\u8be5\u5806\u5757\u7684\u5927\u5c0f<\/li>\n\n\n\n<li><code>mprotect_size<\/code>\uff1a\u8bb0\u5f55\u8be5\u5806\u5757\u4e2d\u88ab\u4fdd\u62a4\uff08<code>mprotected<\/code>\uff09\u7684\u5927\u5c0f<\/li>\n\n\n\n<li><code>pad<\/code>\uff1a\u5373 <code>padding<\/code> \uff0c\u7528\u4ee5\u5728 <code>SIZE_SZ<\/code> \u4e0d\u6b63\u5e38\u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u586b\u5145\u4ee5\u8ba9\u5185\u5b58\u5bf9\u9f50\uff0c\u6b63\u5e38\u60c5\u51b5\u4e0b <code>pad<\/code> \u6240\u5360\u7528\u7a7a\u95f4\u5e94\u4e3a 0 \u5b57\u8282<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">arena<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u5927\u90e8\u5206\u60c5\u51b5\u4e0b\u5bf9\u4e8e\u6bcf\u4e2a\u7ebf\u7a0b\u800c\u8a00\u5176\u90fd\u4f1a\u5355\u72ec\u6709\u7740\u4e00\u4e2a <code>arena<\/code> \u5b9e\u4f8b\u7528\u4ee5\u7ba1\u7406\u5c5e\u4e8e\u8be5\u7ebf\u7a0b\u7684\u5806\u5185\u5b58\u533a\u57df\u3002<code>ptmalloc<\/code> \u5185\u90e8\u7684\u5185\u5b58\u6c60\u7ed3\u6784\u662f\u7531 <code>malloc_state<\/code> \u7ed3\u6784\u4f53\u8fdb\u884c\u5b9a\u4e49\u7684\uff0c\u5373 <code>arena<\/code> \u672c\u8eab\u4fbf\u4e3a <code>malloc_state<\/code> \u7684\u4e00\u4e2a\u5b9e\u4f8b\u5bf9\u8c61\u3002<br><code>malloc_state<\/code> \u7ed3\u6784\u4f53\u5b9a\u4e49\u4e8e<code>malloc\/malloc.c<\/code> \u4e2d\uff0c\u4ee3\u7801\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>struct malloc_state\n{\n  \/* Serialize access.  *\/\n  mutex_t mutex;\n \n  \/* Flags (formerly in max_fast).  *\/\n  int flags;\n \n  \/* Fastbins *\/\n  mfastbinptr fastbinsY&#91;NFASTBINS];\n \n  \/* Base of the topmost chunk -- not otherwise kept in a bin *\/\n  mchunkptr top;\n \n  \/* The remainder from the most recent split of a small request *\/\n  mchunkptr last_remainder;\n \n  \/* Normal bins packed as described above *\/\n  mchunkptr bins&#91;NBINS * 2 - 2];\n \n  \/* Bitmap of bins *\/\n  unsigned int binmap&#91;BINMAPSIZE];\n \n  \/* Linked list *\/\n  struct malloc_state *next;\n \n  \/* Linked list for free arenas.  Access to this field is serialized\n     by free_list_lock in arena.c.  *\/\n  struct malloc_state *next_free;\n \n  \/* Number of threads attached to this arena.  0 if the arena is on\n     the free list.  Access to this field is serialized by\n     free_list_lock in arena.c.  *\/\n  INTERNAL_SIZE_T attached_threads;\n \n  \/* Memory allocated from the system in this arena.  *\/\n  INTERNAL_SIZE_T system_mem;\n  INTERNAL_SIZE_T max_system_mem;\n};<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><code>malloc_state<\/code> \u7ed3\u6784\u4f53\u7684\u6210\u5458\u5982\u4e0b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>mutex<\/code>\uff1a<code>mutex<\/code> \u53d8\u91cf\u5373\u4e3a\u591a\u7ebf\u7a0b\u4e92\u65a5\u9501\uff0c\u7528\u4ee5\u4fdd\u8bc1\u7ebf\u7a0b\u5b89\u5168\u3002<\/li>\n\n\n\n<li><code>flags<\/code>\uff1a\u6807\u5fd7\u4f4d\uff0c\u7528\u4ee5\u8868\u793a <code>arena<\/code> \u7684\u4e00\u4e9b\u72b6\u6001\uff0c\u5982\uff1a\u662f\u5426\u6709 <code>fastbin<\/code> \u3001\u5185\u5b58\u662f\u5426\u8fde\u7eed\u7b49\u3002<\/li>\n\n\n\n<li><code>fastbinY<\/code>\uff1a\u5b58\u653e fastbin chunk \u7684\u6570\u7ec4\u3002<\/li>\n\n\n\n<li><code>top<\/code>\uff1a\u6307\u5411 Top Chunk \u7684\u6307\u9488\u3002<\/li>\n\n\n\n<li><code>last_remainder<\/code>\uff1a<code>chunk<\/code> \u5207\u5272\u4e2d\u7684\u5269\u4f59\u90e8\u5206\u3002<code>malloc<\/code> \u5728\u5206\u914d <code>chunk<\/code> \u65f6\u82e5\u662f\u6ca1\u627e\u5230 <code>size<\/code> \u5408\u9002\u7684 <code>chunk<\/code> \u800c\u662f\u627e\u5230\u4e86\u4e00\u4e2a <code>size<\/code> \u66f4\u5927\u7684 <code>chunk<\/code> \uff0c\u5219\u4f1a\u4ece\u5927 <code>chunk<\/code> \u4e2d\u5207\u5272\u6389\u4e00\u5757\u8fd4\u56de\u7ed9\u7528\u6237\uff0c\u5269\u4e0b\u7684\u90a3\u4e00\u5757\u4fbf\u662f <code>last_remainder<\/code> \uff0c\u5176\u968f\u540e\u4f1a\u88ab\u653e\u5165 unsorted bin \u4e2d\u3002<\/li>\n\n\n\n<li><code>bins<\/code>\uff1a\u5b58\u653e\u95f2\u7f6e <code>chunk<\/code> \u7684\u6570\u7ec4\u3002<code>bins<\/code> \u5305\u62ec large bin\uff0csmall bin \u548c unsorted bin \u3002<\/li>\n\n\n\n<li><code>binmap<\/code>\uff1a\u8bb0\u5f55 <code>bin<\/code> \u662f\u5426\u4e3a\u7a7a\u7684 <code>bitset<\/code> \u3002\u9700\u8981\u6ce8\u610f\u7684\u662f <code>chunk<\/code> \u88ab\u53d6\u51fa\u540e\u82e5\u4e00\u4e2a <code>bin<\/code> \u7a7a\u4e86\u5e76\u4e0d\u4f1a\u7acb\u5373\u88ab\u7f6e 0 \uff0c\u800c\u4f1a\u5728\u4e0b\u4e00\u6b21\u904d\u5386\u5230\u65f6\u91cd\u65b0\u7f6e\u4f4d\u3002<\/li>\n\n\n\n<li><code>next<\/code>\uff1a\u6307\u5411\u4e0b\u4e00\u4e2a <code>arena<\/code> \u7684\u6307\u9488\u3002\u4e00\u4e2a\u8fdb\u7a0b\u5185\u6240\u6709\u7684 <code>arena<\/code> \u4e32\u6210\u4e86\u4e00\u6761\u5faa\u73af\u5355\u5411\u94fe\u8868\uff0c<code>malloc_state<\/code> \u4e2d\u7684 <code>next<\/code> \u6307\u9488\u4fbf\u662f\u7528\u4ee5\u6307\u5411\u4e0b\u4e00\u4e2a <code>arena<\/code> \uff0c\u65b9\u4fbf\u540e\u7eed\u7684\u904d\u5386 <code>arena<\/code> \u7684\u64cd\u4f5c\uff08\u56e0\u4e3a\u4e0d\u662f\u6240\u6709\u7684\u7ebf\u7a0b\u90fd\u6709\u81ea\u5df1\u72ec\u7acb\u7684 <code>arena<\/code> \uff09\u3002<\/li>\n\n\n\n<li><code>next_free<\/code>\uff1a\u6307\u5411\u4e0b\u4e00\u4e2a\u7a7a\u95f2\u7684 <code>arena<\/code> \u7684\u6307\u9488\u3002\u4e0e <code>next<\/code> \u6307\u9488\u7c7b\u4f3c\uff0c\u53ea\u4e0d\u8fc7\u6307\u5411\u7684\u662f\u7a7a\u95f2\u7684 <code>arena<\/code>\uff08\u5373\u6ca1\u6709\u88ab\u4efb\u4e00\u7ebf\u7a0b\u6240\u5360\u7528\uff09\u3002<\/li>\n\n\n\n<li><code>attached_threads<\/code>\uff1a\u4e0e\u8be5 <code>arena<\/code> \u76f8\u5173\u8054\u7684\u7ebf\u7a0b\u6570\u3002\u8be5\u53d8\u91cf\u7528\u4ee5\u8868\u793a\u6709\u591a\u5c11\u4e2a\u7ebf\u7a0b\u4e0e\u8be5<code>arena<\/code> \u76f8\u5173\u8054\uff0c\u8fd9\u662f\u56e0\u4e3a <code>aerna<\/code> \u7684\u6570\u91cf\u662f\u6709\u9650\u7684\uff0c\u5e76\u975e\u6bcf\u4e00\u4e2a\u7ebf\u7a0b\u90fd\u6709\u673a\u4f1a\u5206\u914d\u5230\u4e00\u4e2a<code>arena<\/code>\uff0c\u5728\u7ebf\u7a0b\u6570\u91cf\u8f83\u5927\u7684\u60c5\u51b5\u4e0b\u4f1a\u5b58\u5728\u7740\u591a\u4e2a\u7ebf\u7a0b\u5171\u7528\u4e00\u4e2a <code>arena<\/code> \u7684\u60c5\u51b5\u3002<\/li>\n\n\n\n<li><code>system_mem<\/code>\uff1a\u8bb0\u5f55\u5f53\u524d <code>arena<\/code> \u5728\u5806\u533a\u4e2d\u6240\u5206\u914d\u5230\u7684\u5185\u5b58\u7684\u603b\u5927\u5c0f\u3002<\/li>\n\n\n\n<li><code>max_system_mem<\/code>\uff1a\u5f53\u64cd\u4f5c\u7cfb\u7edf\u4e88\u8fdb\u7a0b\u4ee5\u5185\u5b58\u65f6\uff0c<code>system_mem<\/code> \u4f1a\u968f\u4e4b\u589e\u5927\uff0c\u5f53\u5185\u5b58\u88ab\u8fd4\u8fd8\u7ed9\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c<code>sysyetm_mem<\/code> \u4f1a\u968f\u4e4b\u51cf\u5c0f\uff0c<code>max_system_mem<\/code> \u53d8\u91cf\u4fbf\u662f\u7528\u6765\u8bb0\u5f55\u5728\u8fd9\u4e2a\u8fc7\u7a0b\u5f53\u4e2d <code>system_mem<\/code> \u7684\u5cf0\u503c\u3002<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><code>main_arena<\/code> \u4e3a\u4e00\u4e2a\u5b9a\u4e49\u4e8e <code>malloc.c<\/code> \u4e2d\u7684\u9759\u6001\u7684 <code>malloc_state<\/code> \u7ed3\u6784\u4f53\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>static struct malloc_state main_arena =\n{\n  .mutex = _LIBC_LOCK_INITIALIZER,\n  .next = &amp;main_arena,\n  .attached_threads = 1\n};<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u7531\u4e8e\u5176\u4e3a libc \u4e2d\u7684\u9759\u6001\u53d8\u91cf\uff0c\u8be5 <code>arena<\/code> \u4f1a\u88ab\u968f\u7740 libc \u6587\u4ef6\u4e00\u540c\u52a0\u8f7d\u5230 Memory Mapping Segment\u3002\u56e0\u6b64\u5728\u5806\u9898\u4e2d\u901a\u5e38\u901a\u8fc7\u6cc4\u9732 <code>arena<\/code> \u7684\u5730\u5740\u4ee5\u83b7\u5f97 libc \u5728\u5185\u5b58\u4e2d\u7684\u57fa\u5730\u5740\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">chunk<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728\u7a0b\u5e8f\u7684\u6267\u884c\u8fc7\u7a0b\u4e2d\uff0c\u6211\u4eec\u79f0\u7531 <code>malloc<\/code> \u7533\u8bf7\u7684\u5185\u5b58\u4e3a <code>chunk<\/code> \u3002\u8fd9\u5757\u5185\u5b58\u5728 <code>ptmalloc<\/code> \u5185\u90e8\u7528 <code>malloc_chunk<\/code> \u7ed3\u6784\u4f53\u6765\u8868\u793a\u3002\u5f53\u7a0b\u5e8f\u7533\u8bf7\u7684 <code>chunk<\/code> \u88ab <code>free<\/code> \u540e\uff0c\u4f1a\u88ab\u52a0\u5165\u5230\u76f8\u5e94\u7684\u7a7a\u95f2\u7ba1\u7406\u5217\u8868\u4e2d\u3002<br><code>malloc_chunk<\/code> \u5b9a\u4e49\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>struct malloc_chunk {\n \n  INTERNAL_SIZE_T      prev_size;  \/* Size of previous chunk (if free).  *\/\n  INTERNAL_SIZE_T      size;       \/* Size in bytes, including overhead. *\/\n \n  struct malloc_chunk* fd;         \/* double links -- used only if free. *\/\n  struct malloc_chunk* bk;\n \n  \/* Only used for large blocks: pointer to next larger size.  *\/\n  struct malloc_chunk* fd_nextsize; \/* double links -- used only if free. *\/\n  struct malloc_chunk* bk_nextsize;\n};<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u6bcf\u4e2a\u5b57\u6bb5\u7684\u5177\u4f53\u7684\u89e3\u91ca\u5982\u4e0b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>prev_size<\/code>\uff1a\u5982\u679c\u7269\u7406\u76f8\u90bb\u7684\u524d\u4e00\u5730\u5740 <code>chunk<\/code> \u662f\u7a7a\u95f2\u7684\u8bdd\uff0c\u90a3\u8be5\u5b57\u6bb5\u8bb0\u5f55\u7684\u662f\u524d\u4e00\u4e2a <code>chunk<\/code> \u7684\u5927\u5c0f (\u5305\u62ec <code>chunk<\/code> \u5934)\u3002\u5426\u5219\uff0c\u8be5\u5b57\u6bb5\u53ef\u4ee5\u7528\u6765\u5b58\u50a8\u7269\u7406\u76f8\u90bb\u7684\u524d\u4e00\u4e2a <code>chunk<\/code> \u7684\u6570\u636e\u3002<\/li>\n\n\n\n<li><code>size<\/code>\uff1a\u8be5 <code>chunk<\/code> \u7684\u5927\u5c0f\uff0c\u5927\u5c0f\u5fc5\u987b\u662f <code>2 * SIZE_SZ<\/code> \u7684\u6574\u6570\u500d\u3002\u8be5\u5b57\u6bb5\u7684\u4f4e\u4e09\u4e2a\u6bd4\u7279\u4f4d\u5bf9 <code>chunk<\/code> \u7684\u5927\u5c0f\u6ca1\u6709\u5f71\u54cd\uff0c\u5b83\u4eec\u4ece\u9ad8\u5230\u4f4e\u5206\u522b\u8868\u793a\u4e3a\uff1a<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>NON_MAIN_ARENA<\/code>\uff0c\u8bb0\u5f55\u5f53\u524d <code>chunk<\/code> \u662f\u5426\u4e0d\u5c5e\u4e8e\u4e3b\u7ebf\u7a0b\uff0c1 \u8868\u793a\u4e0d\u5c5e\u4e8e\uff0c0 \u8868\u793a\u5c5e\u4e8e\u3002<\/li>\n\n\n\n<li><code>IS_MAPPED<\/code>\uff0c\u8bb0\u5f55\u5f53\u524d <code>chunk<\/code> \u662f\u5426\u662f\u7531 <code>mmap<\/code> \u5206\u914d\u7684\u3002<\/li>\n\n\n\n<li><code>PREV_INUSE<\/code>\uff0c\u8bb0\u5f55\u524d\u4e00\u4e2a <code>chunk<\/code> \u5757\u662f\u5426\u88ab\u5206\u914d\u3002\u4e00\u822c\u6765\u8bf4\uff0c\u5806\u4e2d\u7b2c\u4e00\u4e2a\u88ab\u5206\u914d\u7684\u5185\u5b58\u5757\u7684 <code>size<\/code> \u5b57\u6bb5\u7684 <code>P<\/code> \u4f4d\u90fd\u4f1a\u88ab\u8bbe\u7f6e\u4e3a 1\uff0c\u4ee5\u4fbf\u4e8e\u9632\u6b62\u8bbf\u95ee\u524d\u9762\u7684\u975e\u6cd5\u5185\u5b58\u3002\u5f53\u4e00\u4e2a <code>chunk<\/code> \u7684 <code>size<\/code> \u7684 <code>P<\/code> \u4f4d\u4e3a 0 \u65f6\uff0c\u6211\u4eec\u80fd\u901a\u8fc7 <code>prev_size<\/code> \u5b57\u6bb5\u6765\u83b7\u53d6\u4e0a\u4e00\u4e2a <code>chunk<\/code> \u7684\u5927\u5c0f\u4ee5\u53ca\u5730\u5740\u3002\u8fd9\u4e5f\u65b9\u4fbf\u8fdb\u884c\u7a7a\u95f2 <code>chunk<\/code> \u4e4b\u95f4\u7684\u5408\u5e76\u3002<\/li>\n\n\n\n<li><code>fd<\/code>\uff0c<code>bk<\/code>\u3002 <code>chunk<\/code> \u5904\u4e8e\u5206\u914d\u72b6\u6001\u65f6\uff0c\u4ece <code>fd<\/code> \u5b57\u6bb5\u5f00\u59cb\u662f\u7528\u6237\u7684\u6570\u636e\u3002<code>chunk<\/code> \u7a7a\u95f2\u65f6\uff0c\u4f1a\u88ab\u6dfb\u52a0\u5230\u5bf9\u5e94\u7684\u7a7a\u95f2\u7ba1\u7406\u94fe\u8868\u4e2d\uff0c\u5176\u5b57\u6bb5\u7684\u542b\u4e49\u5982\u4e0b<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>fd<\/code> \u6307\u5411\u4e0b\u4e00\u4e2a\uff08\u975e\u7269\u7406\u76f8\u90bb\uff09\u7a7a\u95f2\u7684 <code>chunk<\/code><\/li>\n\n\n\n<li><code>bk<\/code> \u6307\u5411\u4e0a\u4e00\u4e2a\uff08\u975e\u7269\u7406\u76f8\u90bb\uff09\u7a7a\u95f2\u7684 <code>chunk<\/code><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u901a\u8fc7 <code>fd<\/code> \u548c <code>bk<\/code> \u53ef\u4ee5\u5c06\u7a7a\u95f2\u7684 <code>chunk<\/code> \u5757\u52a0\u5165\u5230\u7a7a\u95f2\u7684 <code>chunk<\/code> \u5757\u94fe\u8868\u8fdb\u884c\u7edf\u4e00\u7ba1\u7406<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>fd_nextsize<\/code>\uff0c <code>bk_nextsize<\/code>\uff0c\u4e5f\u662f\u53ea\u6709 <code>chunk<\/code> \u7a7a\u95f2\u7684\u65f6\u5019\u624d\u4f7f\u7528\uff0c\u4e0d\u8fc7\u5176\u7528\u4e8e\u8f83\u5927\u7684 <code>chunk<\/code>\uff08large chunk\uff09\u3002<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>fd_nextsize<\/code> \u6307\u5411\u524d\u4e00\u4e2a\u4e0e\u5f53\u524d <code>chunk<\/code> \u5927\u5c0f\u4e0d\u540c\u7684\u7b2c\u4e00\u4e2a\u7a7a\u95f2\u5757\uff0c\u4e0d\u5305\u542b <code>bin<\/code> \u7684\u5934\u6307\u9488\u3002<\/li>\n\n\n\n<li><code>bk_nextsize<\/code> \u6307\u5411\u540e\u4e00\u4e2a\u4e0e\u5f53\u524d <code>chunk<\/code> \u5927\u5c0f\u4e0d\u540c\u7684\u7b2c\u4e00\u4e2a\u7a7a\u95f2\u5757\uff0c\u4e0d\u5305\u542b bin \u7684\u5934\u6307\u9488\u3002<\/li>\n\n\n\n<li>\u4e00\u822c\u7a7a\u95f2\u7684 large chunk \u5728 <code>fd<\/code> \u7684\u904d\u5386\u987a\u5e8f\u4e2d\uff0c\u6309\u7167\u7531\u5927\u5230\u5c0f\u7684\u987a\u5e8f\u6392\u5217\u3002\u8fd9\u6837\u505a\u53ef\u4ee5\u907f\u514d\u5728\u5bfb\u627e\u5408\u9002 <code>chunk<\/code> \u65f6\u6328\u4e2a\u904d\u5386\u3002\uff08<s>\u597d\u5728 large bin \u9650\u5236\u4e86\u503c\u57df\u8303\u56f4\uff0c\u4e0d\u7136\u4e5f\u4f1a\u5f88\u6162<\/s> \uff09<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><code>chunk<\/code> \u7684\u7ed3\u6784\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003360100-282cb85c-36ff-4488-b659-21028482477b.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003360100-282cb85c-36ff-4488-b659-21028482477b.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">bins<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u6211\u4eec\u66fe\u7ecf\u8bf4\u8fc7\uff0c\u7528\u6237\u91ca\u653e\u6389\u7684 <code>chunk<\/code> \u4e0d\u4f1a\u9a6c\u4e0a\u5f52\u8fd8\u7ed9\u7cfb\u7edf\uff0cptmalloc \u4f1a\u7edf\u4e00\u7ba1\u7406 <code>heap<\/code> \u548c <code>mmap<\/code> \u6620\u5c04\u533a\u57df\u4e2d\u7684\u7a7a\u95f2\u7684 <code>chunk<\/code>\u3002\u5f53\u7528\u6237\u518d\u4e00\u6b21\u8bf7\u6c42\u5206\u914d\u5185\u5b58\u65f6\uff0c<code>ptmalloc<\/code> \u5206\u914d\u5668\u4f1a\u8bd5\u56fe\u5728\u7a7a\u95f2\u7684 <code>chunk<\/code> \u4e2d\u6311\u9009\u4e00\u5757\u5408\u9002\u7684\u7ed9\u7528\u6237\u3002\u8fd9\u6837\u53ef\u4ee5\u907f\u514d\u9891\u7e41\u7684\u7cfb\u7edf\u8c03\u7528\uff0c\u964d\u4f4e\u5185\u5b58\u5206\u914d\u7684\u5f00\u9500\u3002<br>\u5728\u5177\u4f53\u7684\u5b9e\u73b0\u4e2d\uff0cptmalloc \u91c7\u7528\u5206\u7bb1\u5f0f\u65b9\u6cd5\u5bf9\u7a7a\u95f2\u7684 <code>chunk<\/code> \u8fdb\u884c\u7ba1\u7406\u3002\u9996\u5148\uff0c\u5b83\u4f1a\u6839\u636e\u7a7a\u95f2\u7684 <code>chunk<\/code> \u7684\u5927\u5c0f\u4ee5\u53ca\u4f7f\u7528\u72b6\u6001\u5c06 <code>chunk<\/code> \u521d\u6b65\u5206\u4e3a 4 \u7c7b\uff1afast bins\uff0csmall bins\uff0clarge bins\uff0cunsorted bin \u3002\u5bf9\u4e8e libc2.26 \u4ee5\u4e0a\u7248\u672c\u8fd8\u6709 <code>tcache<\/code> \u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6982\u8ff0<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u5bf9\u4e8e small bins\uff0clarge bins\uff0cunsorted bin \u6765\u8bf4\uff0cptmalloc \u5c06\u5b83\u4eec\u7ef4\u62a4\u5728\u4e00\u4e2a <code>bins<\/code> \u6570\u7ec4\u4e2d\u3002\u8fd9\u4e9b <code>bin<\/code> \u5bf9\u5e94\u7684\u6570\u636e\u7ed3\u6784\u5728 <code>malloc_state<\/code> \u4e2d\uff0c\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#define NBINS 128\n\/* Normal bins packed as described above *\/\nmchunkptr bins&#91; NBINS * 2 - 2 ];<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><code>bins<\/code> \u6570\u7ec4\u5b9e\u9645\u4e0a\u53ef\u4ee5\u770b\u505a\u662f\u4ee5 <code>chunk<\/code> \u4e3a\u5355\u4f4d\uff0c\u53ea\u4e0d\u8fc7\u91c7\u7528\u7a7a\u95f4\u590d\u7528\u7b56\u7565\uff0c\u56e0\u4e3a\u5b9e\u9645\u7528\u5230\u7684\u53ea\u6709 <code>fd<\/code> \u548c <code>bk<\/code><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/* addressing -- note that bin_at(0) does not exist *\/\n#define bin_at(m, i) \\\n  (mbinptr) (((char *) &amp;((m)-&gt;bins&#91;((i) - 1) * 2]))                \\\n             - offsetof (struct malloc_chunk, fd))<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003360339-ee7cd57b-d7f0-45b7-9cb8-aa2716c94a18.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003360339-ee7cd57b-d7f0-45b7-9cb8-aa2716c94a18.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u7531\u4e8e\u662f\u53cc\u94fe\u8868\u7ed3\u6784 <code>bins<\/code> \u6570\u7ec4\u6bcf\u8fde\u7eed\u4e24\u4e2a <code>chunk<\/code> \u6307\u9488\u7ef4\u62a4\u4e00\u4e2a <code>bin<\/code>\uff08\u5373 <code>fd<\/code> \u548c <code>bk<\/code> \uff09\uff0c\u5176\u7ed3\u6784\u5982\u4e0b\u56fe\u6240\u793a\uff0864\u4f4d\uff09\u3002\u5176\u4e2d small bins \u4e2d <code>chunk<\/code> \u5927\u5c0f\u5df2\u7ed9\u51fa\u3002large bins \u7684\u6bcf\u4e2a <code>bin<\/code> \u4e2d\u7684 <code>chunk<\/code> \u5927\u5c0f\u5728\u4e00\u4e2a\u8303\u56f4\u5185\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003360310-ca106caa-f80a-4f4d-bd63-efaac01b42dd.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003360310-ca106caa-f80a-4f4d-bd63-efaac01b42dd.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">large bin \u7684 <code>chunk<\/code> \u8303\u56f4\u5982\u4e0b\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>\u7f16\u53f7<\/td><td>64\u4f4d\u6700\u5c0f<\/td><td>64\u4f4d\u6700\u5927<\/td><td>64\u4f4d\u516c\u5dee<\/td><td>32\u4f4d\u6700\u5c0f<\/td><td>32\u4f4d\u6700\u5927<\/td><td>32\u4f4d\u516c\u5dee<\/td><\/tr><tr><td>64<\/td><td>0x400<\/td><td>0x430<\/td><td>0x40<\/td><td>0x200<\/td><td>0x238<\/td><td>0x40<\/td><\/tr><tr><td>65<\/td><td>0x440<\/td><td>0x470<\/td><td>0x40<\/td><td>0x240<\/td><td>0x278<\/td><td>0x40<\/td><\/tr><tr><td>66<\/td><td>0x480<\/td><td>0x4b0<\/td><td>0x40<\/td><td>0x280<\/td><td>0x2b8<\/td><td>0x40<\/td><\/tr><tr><td>67<\/td><td>0x4c0<\/td><td>0x4f0<\/td><td>0x40<\/td><td>0x2c0<\/td><td>0x2f8<\/td><td>0x40<\/td><\/tr><tr><td>68<\/td><td>0x500<\/td><td>0x530<\/td><td>0x40<\/td><td>0x300<\/td><td>0x338<\/td><td>0x40<\/td><\/tr><tr><td>69<\/td><td>0x540<\/td><td>0x570<\/td><td>0x40<\/td><td>0x340<\/td><td>0x378<\/td><td>0x40<\/td><\/tr><tr><td>70<\/td><td>0x580<\/td><td>0x5b0<\/td><td>0x40<\/td><td>0x380<\/td><td>0x3b8<\/td><td>0x40<\/td><\/tr><tr><td>71<\/td><td>0x5c0<\/td><td>0x5f0<\/td><td>0x40<\/td><td>0x3c0<\/td><td>0x3f8<\/td><td>0x40<\/td><\/tr><tr><td>72<\/td><td>0x600<\/td><td>0x630<\/td><td>0x40<\/td><td>0x400<\/td><td>0x438<\/td><td>0x40<\/td><\/tr><tr><td>73<\/td><td>0x640<\/td><td>0x670<\/td><td>0x40<\/td><td>0x440<\/td><td>0x478<\/td><td>0x40<\/td><\/tr><tr><td>74<\/td><td>0x680<\/td><td>0x6b0<\/td><td>0x40<\/td><td>0x480<\/td><td>0x4b8<\/td><td>0x40<\/td><\/tr><tr><td>75<\/td><td>0x6c0<\/td><td>0x6f0<\/td><td>0x40<\/td><td>0x4c0<\/td><td>0x4f8<\/td><td>0x40<\/td><\/tr><tr><td>76<\/td><td>0x700<\/td><td>0x730<\/td><td>0x40<\/td><td>0x500<\/td><td>0x538<\/td><td>0x40<\/td><\/tr><tr><td>77<\/td><td>0x740<\/td><td>0x770<\/td><td>0x40<\/td><td>0x540<\/td><td>0x578<\/td><td>0x40<\/td><\/tr><tr><td>78<\/td><td>0x780<\/td><td>0x7b0<\/td><td>0x40<\/td><td>0x580<\/td><td>0x5b8<\/td><td>0x40<\/td><\/tr><tr><td>79<\/td><td>0x7c0<\/td><td>0x7f0<\/td><td>0x40<\/td><td>0x5c0<\/td><td>0x5f8<\/td><td>0x40<\/td><\/tr><tr><td>80<\/td><td>0x800<\/td><td>0x830<\/td><td>0x40<\/td><td>0x600<\/td><td>0x638<\/td><td>0x40<\/td><\/tr><tr><td>81<\/td><td>0x840<\/td><td>0x870<\/td><td>0x40<\/td><td>0x640<\/td><td>0x678<\/td><td>0x40<\/td><\/tr><tr><td>82<\/td><td>0x880<\/td><td>0x8b0<\/td><td>0x40<\/td><td>0x680<\/td><td>0x6b8<\/td><td>0x40<\/td><\/tr><tr><td>83<\/td><td>0x8c0<\/td><td>0x8f0<\/td><td>0x40<\/td><td>0x6c0<\/td><td>0x6f8<\/td><td>0x40<\/td><\/tr><tr><td>84<\/td><td>0x900<\/td><td>0x930<\/td><td>0x40<\/td><td>0x700<\/td><td>0x738<\/td><td>0x40<\/td><\/tr><tr><td>85<\/td><td>0x940<\/td><td>0x970<\/td><td>0x40<\/td><td>0x740<\/td><td>0x778<\/td><td>0x40<\/td><\/tr><tr><td>86<\/td><td>0x980<\/td><td>0x9b0<\/td><td>0x40<\/td><td>0x780<\/td><td>0x7b8<\/td><td>0x40<\/td><\/tr><tr><td>87<\/td><td>0x9c0<\/td><td>0x9f0<\/td><td>0x40<\/td><td>0x7c0<\/td><td>0x7f8<\/td><td>0x40<\/td><\/tr><tr><td>88<\/td><td>0xa00<\/td><td>0xa30<\/td><td>0x40<\/td><td>0x800<\/td><td>0x838<\/td><td>0x40<\/td><\/tr><tr><td>89<\/td><td>0xa40<\/td><td>0xa70<\/td><td>0x40<\/td><td>0x840<\/td><td>0x878<\/td><td>0x40<\/td><\/tr><tr><td>90<\/td><td>0xa80<\/td><td>0xab0<\/td><td>0x40<\/td><td>0x880<\/td><td>0x8b8<\/td><td>0x40<\/td><\/tr><tr><td>91<\/td><td>0xac0<\/td><td>0xaf0<\/td><td>0x40<\/td><td>0x8c0<\/td><td>0x8f8<\/td><td>0x40<\/td><\/tr><tr><td>92<\/td><td>0xb00<\/td><td>0xb30<\/td><td>0x40<\/td><td>0x900<\/td><td>0x938<\/td><td>0x40<\/td><\/tr><tr><td>93<\/td><td>0xb40<\/td><td>0xb70<\/td><td>0x40<\/td><td>0x940<\/td><td>0x978<\/td><td>0x40<\/td><\/tr><tr><td>94<\/td><td>0xb80<\/td><td>0xbb0<\/td><td>0x40<\/td><td>0x980<\/td><td>0x9b8<\/td><td>0x40<\/td><\/tr><tr><td>95<\/td><td>0xbc0<\/td><td>0xbf0<\/td><td>0x40<\/td><td>0x9c0<\/td><td>0x9f8<\/td><td>0x40<\/td><\/tr><tr><td>96<\/td><td>0xc00<\/td><td>0xc30<\/td><td>0x40<\/td><td>0xa00<\/td><td>0xbf8<\/td><td>0x200<\/td><\/tr><tr><td>97<\/td><td>0xc40<\/td><td>0xdf0<\/td><td>0x1c0<\/td><td>0xc00<\/td><td>0xdf8<\/td><td>0x200<\/td><\/tr><tr><td>98<\/td><td>0xe00<\/td><td>0xff0<\/td><td>0x200<\/td><td>0xe00<\/td><td>0xff8<\/td><td>0x200<\/td><\/tr><tr><td>99<\/td><td>0x1000<\/td><td>0x11f0<\/td><td>0x200<\/td><td>0x1000<\/td><td>0x11f8<\/td><td>0x200<\/td><\/tr><tr><td>100<\/td><td>0x1200<\/td><td>0x13f0<\/td><td>0x200<\/td><td>0x1200<\/td><td>0x13f8<\/td><td>0x200<\/td><\/tr><tr><td>101<\/td><td>0x1400<\/td><td>0x15f0<\/td><td>0x200<\/td><td>0x1400<\/td><td>0x15f8<\/td><td>0x200<\/td><\/tr><tr><td>102<\/td><td>0x1600<\/td><td>0x17f0<\/td><td>0x200<\/td><td>0x1600<\/td><td>0x17f8<\/td><td>0x200<\/td><\/tr><tr><td>103<\/td><td>0x1800<\/td><td>0x19f0<\/td><td>0x200<\/td><td>0x1800<\/td><td>0x19f8<\/td><td>0x200<\/td><\/tr><tr><td>104<\/td><td>0x1a00<\/td><td>0x1bf0<\/td><td>0x200<\/td><td>0x1a00<\/td><td>0x1bf8<\/td><td>0x200<\/td><\/tr><tr><td>105<\/td><td>0x1c00<\/td><td>0x1df0<\/td><td>0x200<\/td><td>0x1c00<\/td><td>0x1df8<\/td><td>0x200<\/td><\/tr><tr><td>106<\/td><td>0x1e00<\/td><td>0x1ff0<\/td><td>0x200<\/td><td>0x1e00<\/td><td>0x1ff8<\/td><td>0x200<\/td><\/tr><tr><td>107<\/td><td>0x2000<\/td><td>0x21f0<\/td><td>0x200<\/td><td>0x2000<\/td><td>0x21f8<\/td><td>0x200<\/td><\/tr><tr><td>108<\/td><td>0x2200<\/td><td>0x23f0<\/td><td>0x200<\/td><td>0x2200<\/td><td>0x23f8<\/td><td>0x200<\/td><\/tr><tr><td>109<\/td><td>0x2400<\/td><td>0x25f0<\/td><td>0x200<\/td><td>0x2400<\/td><td>0x25f8<\/td><td>0x200<\/td><\/tr><tr><td>110<\/td><td>0x2600<\/td><td>0x27f0<\/td><td>0x200<\/td><td>0x2600<\/td><td>0x27f8<\/td><td>0x200<\/td><\/tr><tr><td>111<\/td><td>0x2800<\/td><td>0x29f0<\/td><td>0x200<\/td><td>0x2800<\/td><td>0x29f8<\/td><td>0x200<\/td><\/tr><tr><td>112<\/td><td>0x2a00<\/td><td>0x2ff0<\/td><td>0x600<\/td><td>0x2a00<\/td><td>0x2ff8<\/td><td>0x600<\/td><\/tr><tr><td>113<\/td><td>0x3000<\/td><td>0x3ff0<\/td><td>0x1000<\/td><td>0x3000<\/td><td>0x3ff8<\/td><td>0x1000<\/td><\/tr><tr><td>114<\/td><td>0x4000<\/td><td>0x4ff0<\/td><td>0x1000<\/td><td>0x4000<\/td><td>0x4ff8<\/td><td>0x1000<\/td><\/tr><tr><td>115<\/td><td>0x5000<\/td><td>0x5ff0<\/td><td>0x1000<\/td><td>0x5000<\/td><td>0x5ff8<\/td><td>0x1000<\/td><\/tr><tr><td>116<\/td><td>0x6000<\/td><td>0x6ff0<\/td><td>0x1000<\/td><td>0x6000<\/td><td>0x6ff8<\/td><td>0x1000<\/td><\/tr><tr><td>117<\/td><td>0x7000<\/td><td>0x7ff0<\/td><td>0x1000<\/td><td>0x7000<\/td><td>0x7ff8<\/td><td>0x1000<\/td><\/tr><tr><td>118<\/td><td>0x8000<\/td><td>0x8ff0<\/td><td>0x1000<\/td><td>0x8000<\/td><td>0x8ff8<\/td><td>0x1000<\/td><\/tr><tr><td>119<\/td><td>0x9000<\/td><td>0x9ff0<\/td><td>0x1000<\/td><td>0x9000<\/td><td>0x9ff8<\/td><td>0x1000<\/td><\/tr><tr><td>120<\/td><td>0xa000<\/td><td>0xfff0<\/td><td>0x6000<\/td><td>0xa000<\/td><td>0xfff8<\/td><td>0x6000<\/td><\/tr><tr><td>121<\/td><td>0x10000<\/td><td>0x17ff0<\/td><td>0x8000<\/td><td>0x10000<\/td><td>0x17ff8<\/td><td>0x8000<\/td><\/tr><tr><td>122<\/td><td>0x18000<\/td><td>0x1fff0<\/td><td>0x8000<\/td><td>0x18000<\/td><td>0x1fff8<\/td><td>0x8000<\/td><\/tr><tr><td>123<\/td><td>0x20000<\/td><td>0x27ff0<\/td><td>0x8000<\/td><td>0x20000<\/td><td>0x27ff8<\/td><td>0x8000<\/td><\/tr><tr><td>124<\/td><td>0x28000<\/td><td>0x3fff0<\/td><td>0x18000<\/td><td>0x28000<\/td><td>0x3fff8<\/td><td>0x18000<\/td><\/tr><tr><td>125<\/td><td>0x40000<\/td><td>0x7fff0<\/td><td>0x40000<\/td><td>0x40000<\/td><td>0x7fff8<\/td><td>0x40000<\/td><\/tr><tr><td>126<\/td><td>0x80000<\/td><td>inf<\/td><td><\/td><td>0x80000<\/td><td>inf<\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u5bf9\u4e8e fast bin \uff0c\u5728 <code>malloc_state<\/code> \u53c8\u5355\u72ec\u5b9a\u4e49\u4e86\u4e00\u4e2a <code>fastbinsY<\/code> \u7684\u7ed3\u6784\u7ef4\u62a4<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>typedef struct malloc_chunk *mfastbinptr;\n \n\/*\n    This is in malloc_state.\n    \/* Fastbins *\/\n    mfastbinptr fastbinsY&#91; NFASTBINS ];\n*\/<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u7531\u4e8e fast bin \u4e3a\u5355\u94fe\u8868\u7ed3\u6784\uff0c\u56e0\u6b64\u6570\u7ec4\u4e2d\u4e00\u4e2a\u6307\u9488\u5c31\u53ef\u4ee5\u7ef4\u62a4\u4e00\u4e2a <code>bin<\/code> \u3002\u7ed3\u6784\u5982\u56fe\u6240\u793a\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003360170-679fa0e1-1071-4fdd-9a5a-01e3b3270f9f.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003360170-679fa0e1-1071-4fdd-9a5a-01e3b3270f9f.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Fast Bin<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u4e3a\u4e86\u907f\u514d\u5927\u90e8\u5206\u65f6\u95f4\u82b1\u5728\u4e86\u5408\u5e76\u3001\u5206\u5272\u4ee5\u53ca\u4e2d\u95f4\u68c0\u67e5\u7684\u8fc7\u7a0b\u4e2d\u5f71\u54cd\u6548\u7387\uff0c\u56e0\u6b64 ptmalloc \u4e2d\u4e13\u95e8\u8bbe\u8ba1\u4e86 fast bin\u3002<br>fast bin \u91c7\u7528\u5355\u94fe\u8868\u5f62\u5f0f\uff0c\u7ed3\u6784\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003365905-97d4ff75-7911-454e-962a-c09742d617b7.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003365905-97d4ff75-7911-454e-962a-c09742d617b7.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">fast bin \u6709\u5982\u4e0b\u6027\u8d28\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u7531\u4e8e\u91c7\u7528\u5355\u94fe\u8868\u7ed3\u6784\uff0cfast bin \u91c7\u53d6 LIFO \u7b56\u7565\u3002<\/li>\n\n\n\n<li>\u6bcf\u4e2a fast bin \u4e2d\u7ef4\u62a4\u7684 chunk \u5927\u5c0f\u786e\u5b9a\uff0c\u5e76\u4e14 fast bin \u7ef4\u62a4\u7684\u6700\u5927\u7684 <code>chunk<\/code> \u4e3a 128 \u5b57\u8282\uff0864\u4f4d\uff09\uff0c\u56e0\u6b64\u4e0d\u8d85\u8fc7 0x80\uff08<code>chunk<\/code> \u5927\u5c0f\uff09\u7684\u5185\u5b58\u91ca\u653e\u4f1a\u8fdb\u5165 fast bin \u3002<\/li>\n\n\n\n<li>fast bin \u8303\u56f4\u7684 <code>chunk<\/code> <strong>\u4e0b\u4e00\u4e2a\u76f8\u90bb<\/strong><strong> <\/strong><code><strong>chunk<\/strong><\/code> \u7684 <code>PREV_INUSE<\/code> \u59cb\u7ec8\u88ab\u7f6e\u4e3a 1\u3002\u56e0\u6b64\u5b83\u4eec\u4e0d\u4f1a\u548c\u5176\u5b83\u88ab\u91ca\u653e\u7684 <code>chunk<\/code> \u5408\u5e76\u3002\u9664\u975e\u8c03\u7528 <code>malloc_consolidate<\/code> \u51fd\u6570\u3002<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u5b89\u5168\u68c0\u67e5\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>size<\/code>\uff1a\u5728 <code>malloc()<\/code> \u51fd\u6570\u5206\u914d fastbin size \u8303\u56f4\u7684 <code>chunk<\/code> \u65f6\uff0c\u82e5\u662f\u5bf9\u5e94\u7684 <code>fastbin<\/code> \u4e2d\u6709\u7a7a\u95f2 <code>chunk<\/code>\uff0c\u5728\u53d6\u51fa\u524d\u4f1a\u68c0\u67e5\u5176 <code>size<\/code> \u57df\u4e0e\u5bf9\u5e94\u4e0b\u6807\u662f\u5426\u4e00\u81f4\uff0c\u4e0d\u4f1a\u68c0\u67e5\u6807\u5fd7\u4f4d\uff0c\u82e5\u5426\u4fbf\u4f1a\u89e6\u53d1<code>abort<\/code> \u3002<\/li>\n\n\n\n<li>double free\uff1a\u5728 <code>free()<\/code> \u51fd\u6570\u4e2d\u4f1a\u5bf9 fast bin \u94fe\u8868\u7684\u5934\u7ed3\u70b9\u8fdb\u884c\u68c0\u67e5\uff0c\u82e5\u5c06\u8981\u88ab\u653e\u5165 fast bin \u4e2d\u7684 <code>chunk<\/code> \u4e0e\u5bf9\u5e94\u4e0b\u6807\u7684\u94fe\u8868\u7684\u5934\u7ed3\u70b9\u4e3a\u540c\u4e00 <code>chunk<\/code>\uff0c\u5219\u4f1a\u89e6\u53d1 <code>abort<\/code> \u3002<\/li>\n\n\n\n<li>Safe linking \u673a\u5236\uff08only glibc2.32 and up\uff09\uff1a\u81ea glibc 2.32 \u8d77\u5f15\u5165\u4e86 safe-linking \u673a\u5236\uff0c\u5176\u6838\u5fc3\u601d\u60f3\u662f\u5728\u94fe\u8868\u4e0a\u7684 <code>chunk<\/code> \u4e2d\u5e76\u4e0d\u76f4\u63a5\u5b58\u653e\u5176\u6240\u8fde\u63a5\u7684\u4e0b\u4e00\u4e2a <code>chunk<\/code> \u7684\u5730\u5740\uff0c\u800c\u662f\u5b58\u653e\u4e0b\u4e00\u4e2a <code>chunk<\/code> \u7684\u5730\u5740\u4e0e\u3010 <code>fd<\/code> \u6307\u9488\u81ea\u8eab\u5730\u5740\u53f3\u79fb 12\u4f4d\u3011\u6240\u5f02\u6216\u5f97\u7684\u503c\uff0c\u4f7f\u5f97\u653b\u51fb\u8005\u5728\u5f97\u77e5\u8be5 <code>chunk<\/code> \u7684\u5730\u5740\u4e4b\u524d\u65e0\u6cd5\u76f4\u63a5\u5229\u7528\u5176\u6784\u9020\u4efb\u610f\u5730\u5740\u5199<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>#define PROTECT_PTR(pos, ptr) \\\n  ((__typeof (ptr)) ((((size_t) pos) &gt;&gt; 12) ^ ((size_t) ptr)))\n#define REVEAL_PTR(ptr)  PROTECT_PTR (&amp;ptr, ptr)<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u9700\u8981\u6ce8\u610f\u7684\u662f fast bin \u7684\u5165\u53e3\u8282\u70b9\u5b58\u653e\u7684\u4ecd\u662f\u672a\u7ecf\u5f02\u6216\u7684 <code>chunk<\/code> \u5730\u5740\u3002<br>\u53e6\u5916\u7b2c\u4e00\u4e2a\u52a0\u5165 fast bin \u7684 <code>chunk<\/code> \u7684 <code>fd<\/code> \u5b57\u6bb5\u53ef\u4ee5\u6cc4\u9732\u5806\u5730\u5740\uff08\u53f3\u79fb 12 \u4f4d\uff09\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>unsigned int idx = fastbin_index(size);\n  fb = &amp;fastbin (av, idx);\n  mchunkptr old = *fb, old2;\n  ...\np-&gt;fd = PROTECT_PTR (&amp;p-&gt;fd, old);\n*fb = p;<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Small Bin<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">small bin \u91c7\u7528\u53cc\u5411\u94fe\u8868\uff0c\u7ed3\u6784\u5982\u4e0b\u56fe\u6240\u793a\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003361986-cd6dafee-96e5-4972-9956-061362a8fc21.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003361986-cd6dafee-96e5-4972-9956-061362a8fc21.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">small bin \u6709\u5982\u4e0b\u6027\u8d28\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>small bins \u4e2d\u6bcf\u4e2a <code>bin<\/code> \u5bf9\u5e94\u7684\u94fe\u8868\u91c7\u7528 FIFO \u7684\u89c4\u5219\u3002<\/li>\n\n\n\n<li>\u6bcf\u4e2a small bin \u7ef4\u62a4\u7684 <code>chunk<\/code> \u5927\u5c0f\u786e\u5b9a\uff0c\u5e76\u4e14 small bin \u7ef4\u62a4\u7684\u6700\u5927\u7684 <code>chunk<\/code> \u4e3a 1008 \u5b57\u8282\uff0864\u4f4d\uff09\uff0c\u5373 0x3f0 \u7684 <code>chunk<\/code> \u5927\u5c0f\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Large Bin<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">large bins \u4e2d\u4e00\u5171\u5305\u62ec 63 \u4e2a <code>bin<\/code>\uff0c\u6bcf\u4e2a <code>bin<\/code> \u4e2d\u7684 <code>chunk<\/code> \u7684\u5927\u5c0f\u4e0d\u4e00\u81f4\uff0c\u800c\u662f\u5904\u4e8e\u4e00\u5b9a\u533a\u95f4\u8303\u56f4\u5185\u3002large bin \u7684\u7ed3\u6784\u5982\u4e0b\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003362119-03527704-c2f4-4420-872d-6b644528e110.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003362119-03527704-c2f4-4420-872d-6b644528e110.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u5173\u4e8e <code>fd_nextsize<\/code> \u548c <code>bk_nextsize<\/code> \u7684\u673a\u5236\uff0c\u8fd9\u91cc\u4ee5 <code>fd_nextsize<\/code> \u4e3a\u4f8b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>fd_nextsize<\/code> \u548c <code>bk_nextsize<\/code> \u4e0e <code>bins<\/code> \u6570\u7ec4\u6ca1\u6709\u8fde\u63a5\u5173\u7cfb\uff08\u8fd9\u5c31\u89e3\u91ca\u4e86\u4e3a\u4ec0\u4e48 <code>bins<\/code> \u4e0a \u6ca1\u6709\u4f53\u73b0 <code>fd_nextsize<\/code> \u548c <code>bk_nextsize<\/code> \u7ed3\u6784\uff09\u3002<\/li>\n\n\n\n<li>large bin \u91cc\u7684 <code>chunk<\/code> \u5728 <code>fd<\/code> \u6307\u9488\u6307\u5411\u7684\u65b9\u5411\u4e0a\u6309\u7167 <code>chunk<\/code> \u5927\u5c0f\u964d\u5e8f\u6392\u5e8f\u3002<\/li>\n\n\n\n<li>\u5f53 large bin \u91cc\u6709\u4e00\u4e2a <code>chunk<\/code> \u65f6\uff0c <code>fd_nextsize<\/code> \u548c <code>bk_nextsize<\/code> \u6307\u5411\u81ea\u5df1\uff08\u5982\u4e0a\u9762 large bin \u7684\u7ed3\u6784\u56fe\u6240\u793a\uff09\u3002<\/li>\n\n\n\n<li>\u5f53 large bin \u91cc\u540c\u4e00\u5927\u5c0f\u7684 <code>chunk<\/code> \u6709\u591a\u4e2a\u65f6\uff0c\u53ea\u6709\u76f8\u540c\u5927\u5c0f <code>chunk<\/code> \u4e2d\u7684\u7b2c\u4e00\u4e2a\u7684 <code>fd_nextsize<\/code> \u548c <code>bk_nextsize<\/code> \u6307\u9488\u6709\u6548\uff0c\u5176\u4f59\u7684 <code>chunk<\/code> \u7684 <code>fd_nextsize<\/code> \u548c <code>bk_nextsize<\/code> \u8bbe\u4e3a NULL \u3002<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003362194-1f8c51d3-ef22-439f-8b98-92d34f6d8af5.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003362194-1f8c51d3-ef22-439f-8b98-92d34f6d8af5.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>large bin \u4e2d\u6709\u591a\u4e2a\u4e0d\u540c\u5927\u5c0f\u7684 <code>chunk<\/code> \u65f6 <code>fd_nextsize<\/code> \u8fde\u63a5\u6bd4\u5b83\u5c0f\u7684\u7b2c\u4e00\u4e2a <code>chunk<\/code> \uff0c<code>bk_nextsize<\/code> \u5c31\u662f\u628a <code>fd_nextsize<\/code> \u53cd\u8fc7\u6765\u8fde\u5230\u5bf9\u5e94\u7ed3\u6784\u4e0a\u3002<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003362479-9e532084-5685-4f38-970c-89ffe59847ed.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003362479-9e532084-5685-4f38-970c-89ffe59847ed.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>large bin \u6700\u5c0f\u7684\u4e00\u7ec4 <code>chunk<\/code> \u4e2d\u7684\u7b2c\u4e00\u4e2a <code>chunk<\/code> \u7684 <code>fd_nextsize<\/code> \u8fde\u63a5\u7684\u662f\u6700\u5927\u7684 <code>chunk<\/code>\uff0c\u6700\u5927\u7684 <code>chunk<\/code> \u7684 <code>bk_nextsize<\/code> \u76f8\u53cd\u3002<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003365915-f53fbce5-8cf3-4e6c-b6e4-ff84382decdd.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003365915-f53fbce5-8cf3-4e6c-b6e4-ff84382decdd.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Unsorted Bin<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">unsorted bin \u53ef\u4ee5\u89c6\u4e3a\u7a7a\u95f2 <code>chunk<\/code> \u56de\u5f52\u5176\u6240\u5c5e <code>bin<\/code> \u4e4b\u524d\u7684\u7f13\u51b2\u533a\u3002\u50cf small bin \u4e00\u6837\u91c7\u7528\u53cc\u5411\u94fe\u8868\u7ef4\u62a4\u3002<code>chunk<\/code> \u5927\u5c0f\u4e71\u5e8f\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Top Chunk<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u7a0b\u5e8f\u7b2c\u4e00\u6b21\u8fdb\u884c <code>malloc<\/code> \u7684\u65f6\u5019\uff0c<code>heap<\/code> \u4f1a\u88ab\u5206\u4e3a\u4e24\u5757\uff0c\u4e00\u5757\u7ed9\u7528\u6237\uff0c\u5269\u4e0b\u7684\u90a3\u5757\u5c31\u662f top chunk\u3002\u5176\u5b9e\uff0c\u6240\u8c13\u7684 top chunk \u5c31\u662f\u5904\u4e8e\u5f53\u524d\u5806\u7684\u7269\u7406\u5730\u5740\u6700\u9ad8\u7684 <code>chunk<\/code> \u3002\u8fd9\u4e2a <code>chunk<\/code> \u4e0d\u5c5e\u4e8e\u4efb\u4f55\u4e00\u4e2a <code>bin<\/code> \uff0c\u5b83\u7684\u4f5c\u7528\u5728\u4e8e\u5f53\u6240\u6709\u7684 <code>bin<\/code> \u90fd\u65e0\u6cd5\u6ee1\u8db3\u7528\u6237\u8bf7\u6c42\u7684\u5927\u5c0f\u65f6\uff0c\u5982\u679c\u5176\u5927\u5c0f\u4e0d\u5c0f\u4e8e\u6307\u5b9a\u7684\u5927\u5c0f\uff0c\u5c31\u8fdb\u884c\u5206\u914d\uff0c\u5e76\u5c06\u5269\u4e0b\u7684\u90e8\u5206\u4f5c\u4e3a\u65b0\u7684 top chunk\u3002\u5426\u5219\uff0c\u5c31\u5bf9 <code>heap<\/code> \u8fdb\u884c\u6269\u5c55\u540e\u518d\u8fdb\u884c\u5206\u914d\u3002\u5728 <code>main_arena<\/code> \u4e2d\u901a\u8fc7 <code>sbrk<\/code> \u6269\u5c55 <code>heap<\/code>\uff0c\u800c\u5728 <code>thread arena<\/code> \u4e2d\u901a\u8fc7 <code>mmap<\/code> \u5206\u914d\u65b0\u7684 <code>heap <\/code>\u3002<br>\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0ctop chunk \u7684 <code>prev_inuse<\/code> \u6bd4\u7279\u4f4d\u59cb\u7ec8\u4e3a 1\uff0c\u5426\u5219\u5176\u524d\u9762\u7684 <code>chunk<\/code> \u5c31\u4f1a\u88ab\u5408\u5e76\u5230 top chunk \u4e2d\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">last remainder<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728\u7528\u6237\u4f7f\u7528 <code>malloc<\/code> \u8bf7\u6c42\u5206\u914d\u5185\u5b58\u65f6\uff0cptmalloc2 \u627e\u5230\u7684 <code>chunk<\/code> \u53ef\u80fd\u5e76\u4e0d\u548c\u7533\u8bf7\u7684\u5185\u5b58\u5927\u5c0f\u4e00\u81f4\uff0c\u8fd9\u65f6\u5019\u5c31\u5c06\u5206\u5272\u4e4b\u540e\u7684\u5269\u4f59\u90e8\u5206\u79f0\u4e4b\u4e3a last remainder chunk \uff0cunsort bin \u4e5f\u4f1a\u5b58\u8fd9\u4e00\u5757\u3002top chunk \u5206\u5272\u5269\u4e0b\u7684\u90e8\u5206\u4e0d\u4f1a\u4f5c\u4e3a <code>last_remainder<\/code> \u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">tcache<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><code>tcache<\/code> \u662f glibc 2.26 (ubuntu 17.10) \u4e4b\u540e\u5f15\u5165\u7684\u4e00\u79cd\u6280\u672f\uff0c\u76ee\u7684\u662f\u63d0\u5347\u5806\u7ba1\u7406\u7684\u6027\u80fd\uff0c\u4e0e fast bin \u7c7b\u4f3c\u3002<code>tcache<\/code> \u5f15\u5165\u4e86\u4e24\u4e2a\u65b0\u7684\u7ed3\u6784\u4f53\uff0c<code>tcache_entry<\/code> \u548c <code>tcache_perthread_struct<\/code> \u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>tcache_entry<\/code> \u5b9a\u4e49\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>typedef struct tcache_entry\n{\n  struct tcache_entry *next;\n} tcache_entry;<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><code>tcache_entry<\/code> \u7528\u4e8e\u94fe\u63a5\u7a7a\u95f2\u7684 <code>chunk<\/code> \u7ed3\u6784\u4f53\uff0c\u5176\u4e2d\u7684 <code>next<\/code> \u6307\u9488\u6307\u5411\u4e0b\u4e00\u4e2a\u5927\u5c0f\u76f8\u540c\u7684 chunk\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\u8fd9\u91cc\u7684 <code>next<\/code> \u6307\u5411 <code>chunk<\/code> \u7684 user data\uff0c\u800c fast bin \u7684 <code>fd<\/code> \u6307\u5411 <code>chunk<\/code> \u5f00\u5934\u7684\u5730\u5740\u3002\u800c\u4e14\uff0c<code>tcache_entry<\/code> \u4f1a\u590d\u7528\u7a7a\u95f2 <code>chunk<\/code> \u7684 user data \u90e8\u5206\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>tcache_perthread_struct<\/code> \u5b9a\u4e49\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>typedef struct tcache_perthread_struct\n{\n  char counts&#91;TCACHE_MAX_BINS];\n  tcache_entry *entries&#91;TCACHE_MAX_BINS];\n} tcache_perthread_struct;\n \n# define TCACHE_MAX_BINS                64\n \nstatic __thread tcache_perthread_struct *tcache = NULL;<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u5bf9\u5e94\u7ed3\u6784\u5982\u4e0b<\/p>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003365584-28b140d9-f484-4cd2-b617-35619cceae70.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003365584-28b140d9-f484-4cd2-b617-35619cceae70.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u6bcf\u4e2a thread \u90fd\u4f1a\u7ef4\u62a4\u4e00\u4e2a <code>tcache_perthread_struct<\/code> \uff0c\u5b83\u662f\u6574\u4e2a <code>tcache<\/code> \u7684\u7ba1\u7406\u7ed3\u6784\uff0c\u4e00\u5171\u6709 <code>TCACHE_MAX_BINS<\/code> \u4e2a\u8ba1\u6570\u5668\u548c <code>TCACHE_MAX_BINS<\/code> \u9879 <code>tcache_entry<\/code>\u3002\u8fd9\u4e2a\u7ed3\u6784\u5728 <code>tcache_init<\/code> \u51fd\u6570\u4e2d\u88ab\u521d\u59cb\u5316\u5728\u5806\u4e0a\uff0c\u5927\u5c0f\u4e3a 0x250\uff08\u9ad8\u7248\u672c\u4e3a 0x290\uff09\u3002\u5176\u4e2d\u6570\u636e\u90e8\u5206\u524d 0x40 \u4e3a <code>counts<\/code> \uff0c\u5269\u4e0b\u7684\u4e3a <code>entries<\/code> \u7ed3\u6784\u3002\u5982\u679c\u80fd\u63a7\u5236\u8fd9\u4e2a\u5806\u5757\u5c31\u53ef\u4ee5\u63a7\u5236\u6574\u4e2a <code>tcache<\/code> \u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>static void\ntcache_init(void)\n{\n  mstate ar_ptr;\n  void *victim = 0;\n  const size_t bytes = sizeof (tcache_perthread_struct);\n \n  if (tcache_shutting_down)\n    return;\n \n  arena_get (ar_ptr, bytes);\n  victim = _int_malloc (ar_ptr, bytes);\n  if (!victim &amp;&amp; ar_ptr != NULL)\n    {\n      ar_ptr = arena_get_retry (ar_ptr, bytes);\n      victim = _int_malloc (ar_ptr, bytes);\n    }\n \n \n  if (ar_ptr != NULL)\n    __libc_lock_unlock (ar_ptr-&gt;mutex);\n \n  \/* In a low memory situation, we may not be able to allocate memory\n     - in which case, we just keep trying later.  However, we\n     typically do this very early, so either there is sufficient\n     memory, or there isn't enough memory to do non-trivial\n     allocations anyway.  *\/\n  if (victim)\n    {\n      tcache = (tcache_perthread_struct *) victim;\n      memset (tcache, 0, sizeof (tcache_perthread_struct));\n    }\n \n}<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><code>tcache_perthread_struct<\/code> \u4e2d\u7684 <code>tcache_entry<\/code> \u7528\u5355\u5411\u94fe\u8868\u7684\u65b9\u5f0f\u94fe\u63a5\u4e86\u76f8\u540c\u5927\u5c0f\u7684\u5904\u4e8e\u7a7a\u95f2\u72b6\u6001\uff08<code>free<\/code> \u540e\uff09\u7684 <code>chunk<\/code>\uff0c\u8fd9\u4e00\u70b9\u4e0a\u548c fast bin \u5f88\u50cf\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u53e6\u5916\u4e0e fast bin \u76f8\u540c\u7684\u662f\u91ca\u653e\u8fdb\u5165 <code>tcache<\/code> \u7684 <code>chunk<\/code> \u7684\u4e0b\u4e00\u4e2a\u76f8\u90bb <code>chunk<\/code> \u7684 <code>PREV_INUSE<\/code> \u4f4d\u4e0d\u6e05\u96f6\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>counts<\/code> \u8bb0\u5f55\u4e86 <code>tcache_entry<\/code> \u94fe\u4e0a\u7a7a\u95f2 <code>chunk<\/code> \u7684\u6570\u76ee\uff0c\u6bcf\u6761\u94fe\u4e0a\u6700\u591a\u53ef\u4ee5\u6709 7 \u4e2a <code>chunk<\/code> \u3002\u6ce8\u610f\u6307\u9488\u6307\u5411\u7684\u4f4d\u7f6e\u662f <code>fd<\/code> \u6307\u9488\uff0c\u8fd9\u4e00\u70b9\u4e0e fast bin \u4e0d\u540c\u3002<br>\u7ed3\u6784\u5982\u4e0b\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003366253-40949d28-42ce-44af-832f-0b8e0dcec8cd.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/58781746\/1779003366253-40949d28-42ce-44af-832f-0b8e0dcec8cd.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" title=\"\"\/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">stash \u673a\u5236\uff1a<br>\u5f53\u7533\u8bf7\u7684\u5927\u5c0f\u5728 <code>tcache<\/code> \u8303\u56f4\u7684 <code>chunk<\/code> \u5728 <code>tcache<\/code> \u4e2d\u6ca1\u6709\uff0c\u6b64\u65f6 ptmalloc \u4f1a\u5728\u5176\u4ed6 <code>bin<\/code> \u91cc\u9762\u627e\uff0c\u5982\u679c\u627e\u5230\u4e86\u4f1a\u5c06\u8be5 <code>chunk<\/code> \u653e\u5230 <code>tcache<\/code> \u4e2d\uff0c\u76f4\u5230 <code>tcache<\/code> \u586b\u6ee1\uff0c\u6700\u540e\u76f4\u63a5\u8fd4\u56de\u627e\u5230\u7684 <code>chunk<\/code> \u6216\u662f\u4ece <code>tcache<\/code> \u4e2d\u53d6\u51fa\u5e76\u8fd4\u56de\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u5b89\u5168\u68c0\u67e5\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>tcache key\uff08only libc2.29 and up\uff09\uff1a\u81ea glibc2.29 \u7248\u672c\u8d77 <code>tcache<\/code> \u65b0\u589e\u4e86\u4e00\u4e2a key \u5b57\u6bb5\uff0c\u8be5\u5b57\u6bb5\u4f4d\u4e8e <code>chunk<\/code> \u7684 bk \u5b57\u6bb5\uff0c\u503c\u4e3a <code>tcache<\/code> \u7ed3\u6784\u4f53\u7684\u5730\u5740\uff0c\u82e5 <code>free()<\/code> \u68c0\u6d4b\u5230 <code>chunk->bk == tcache<\/code> \u5219\u4f1a\u904d\u5386 <code>tcache<\/code> \u67e5\u627e\u5bf9\u5e94\u94fe\u8868\u4e2d\u662f\u5426\u6709\u8be5 <code>chunk<\/code><br>\u6700\u65b0\u7248\u672c\u7684\u4e00\u4e9b\u8001 glibc \uff08\u5982\u65b0\u72482.27\u7b49\uff09\u4e5f\u5f15\u5165\u4e86\u8be5\u9632\u62a4\u673a\u5236<\/li>\n\n\n\n<li>Safe linking \u673a\u5236\uff08only glibc2.32 and up\uff09\uff1a\u4e0e fast bin \u7c7b\u4f3c\u3002<br>\u7ed5\u8fc7\u65b9\u6cd5\uff1a<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5728 <code>tcache<\/code> \u7684\u4e00\u4e2a <code>entry<\/code> \u4e2d\u653e\u5165\u7b2c\u4e00\u4e2a <code>chunk<\/code> \u65f6\uff0c\u5176\u540c\u6837\u4f1a\u5bf9\u8be5 <code>entry<\/code> \u4e2d\u7684 \u201c<code>chunk<\/code>\u201d \uff08NULL\uff09\u8fdb\u884c\u5f02\u6216\u8fd0\u7b97\u540e\u5199\u5165\u5230\u5c06\u653e\u5165 <code>tcache<\/code> \u4e2d\u7684 <code>chunk<\/code> \u7684 <code>fd<\/code> \u5b57\u6bb5\uff0c\u82e5\u662f\u6211\u4eec\u80fd\u591f\u6253\u5370\u8be5 free chunk \u7684 <code>fd<\/code> \u5b57\u6bb5\uff0c\u4fbf\u80fd\u591f\u76f4\u63a5\u83b7\u5f97\u672a\u7ecf\u5f02\u6216\u8fd0\u7b97\u7684\u5806\u4e0a\u76f8\u5173\u5730\u5740\uff08\u53f3\u79fb 12 \u4f4d\uff09<\/li>\n\n\n\n<li>\u5728 <code>tcache->entry<\/code> \u4e2d\u5b58\u653e\u7684\u4ecd\u662f\u672a\u7ecf\u52a0\u5bc6\u8fc7\u7684\u5730\u5740\uff0c\u82e5\u662f\u6211\u4eec\u80fd\u591f\u63a7\u5236 <code>tcache<\/code> \u7ba1\u7406\u5668\u5219\u4ecd\u53ef\u4ee5\u5728\u4e0d\u77e5\u9053\u5806\u76f8\u5173\u5730\u5740\u65f6\u8fdb\u884c\u4efb\u610f\u5730\u5740\u5199\u3002<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u524d\u8a00 \u770b\u96ea\u7b14\u8bb0\uff0c\u5e0c\u671b\u5bf9\u4f60\u6709\u5e2e\u52a9\uff0cOrz malloc_par \u5728 ptmalloc \u4e2d\u4f7f\u7528 malloc_pa [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1060,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,1],"tags":[4,6],"class_list":["post-1066","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-14","category-learn","tag-pwn","tag-6"],"_links":{"self":[{"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/posts\/1066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1066"}],"version-history":[{"count":3,"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/posts\/1066\/revisions"}],"predecessor-version":[{"id":1081,"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/posts\/1066\/revisions\/1081"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/media\/1060"}],"wp:attachment":[{"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1066"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/lycoreco.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}