Breaking the crt1.o -> atexit() -> malloc() dependency
brde at optusnet.com.au
Fri Mar 7 22:08:26 PST 2008
On Thu, 6 Mar 2008, Kostik Belousov wrote:
> On Wed, Mar 05, 2008 at 05:12:32PM -0800, Tim Kientzle wrote:
>> There was some recent discussion on the commit mailing
>> list about how to disentangle crt1.o from malloc().
>> Here's a design that I think addresses all of the
>> issues people raised, including the POSIX requirement
>> that atexit() always be able to support 32 registrations.
>> It does it without using sbrk() or mmap(), either.
>> The basic idea is to lift the malloc() call up into
>> atexit() and have atexit_register() use statically-allocated
>> storage if atexit() didn't provide dynamically-allocated
>> /* 32 required by POSIX plus a few for crt1.o */
>> static struct atexit pool;
Could it use a few for crt1 only, with dynamic allocation for everything
except crt1 and maybe stdio? This might simplify the frees.
I don't agree with the argument that static allocation is needed or useful
for satisfying the requirement for 32 atexits to succeed. malloc() can't
fail :-), and if it does then you have worse problems than atexit failures
>> Avoiding free() from the low-level code is a little trickier
>> but I think it can be done by having the low-level code
>> put (dynamically-allocated) blocks back onto a free list
>> and having the higher-level atexit() release that list
>> on the next registration. This should handle the case
>> of a dynamic library being repeatedly loaded and unloaded.
>> Of course, it's unnecessary to release the atexit storage
>> on program exit.
With separate storage for crt1, everything for crt1 except the
calls to the registered functions could be independent of atexit()
- just call the entries in the separate storage last at exit time.
stdio's rotting __cleanup hook works like this. __cleanup's
reason for existence is to provide an atexit-like hook for stdio
without the full bloat of atexit, but this is defeated by always
calling atexit() from crt1. This hook costs 1 pointer and one
statement in exit() when it is not used. exit() still calls
__cleanup last (iff __cleanup is not null. Thus __cleanup
effectively extends the static atexit table by 1 entry (the
>> In particular, crt1.o can then call atexit_register(f, NULL)
>> to register its exit functions without creating a dependency on
Or it could do __cleanupN = functionN for a few small values of N
like stdio does for __cleanup. Then it wouldn't have any dependency
on atexit either, but the ugliness in exit.c for __cleanup would need
to be duplicated for each __cleanupN. At most 3 values of N need to
be supported (same for all arches I think):
for function cleanup = get_rtld_cleanup(); /* dynamic only */
for function _mcleanup /* profiling only */
for function _fini /* always */
Better, make all these atexit calls implicit. The conditions for them
don't depend on the startup code, so __cxa_finalize() can call them
directly (except it needs a pointer for get_rtld_cleanup()). __cxa_finalize
can also handle __cleanup (move the call though __cleanup from exit.c
I think this works so simply and machine-indepependently mainly because
most of the details are in _fini. _fini calls __do_global_dtors_aux
on at least i386. Any number of magically ordered cleanups can be hidden
>> This does require that atexit() and atexit_register() be in
>> separate source files, but I think it addresses all of the other
>> concerns people have raised.
> I mostly agree with proposal, but there is also __cxa_atexit().
More bloat to remove :-). It seems to be only for C++, but all
executables have it. Before it existed, exit() looped over the atexit
table where it now calls __cxa_atexit(), and the order of the atexit
finalizations relative to the __cleanup was clearer.
> And, besides the issue of the size of the static linked executables,
> there is more exposed problem of atexit() memory leaks. See
This problem seems to only affect C++. But how does the C dlclose() work
without calling __cxa_atexit()?
More information about the freebsd-current