Update emmalloc

[juj]

This PR updates our emmalloc implementation. The basic idea is the same as original dlmalloc/emmalloc, i.e. memory is grouped into adjacent regions where each region is traversable back and forth, and free regions go into arrays of linked lists for quick lookup.

What is different compared to original emmalloc:

• instead of grouping free memory regions to power-of-2 buckets, rely heavily on clz/ctz instructions to generate a bucket distribution that favors more buckets to small memory regions.
• uses 64 buckets instead of 32, and uses 64-bit arithmetic if targeting only wasm to compute the buckets. When doing a dual wasm+js build or a js build, use 32-bit arithmetic only.
• an allocation takes a constant number of operations in the regular case. Only when memory is getting really scarce, there is a linear behavior (w.r.t # free regions) in allocation speed.
• multithreading capable (using a global lock - more finegrained locking would be possible to implement, but it is unclear whether that is faster, would need good test cases for both contended and uncontended cases to warrant investigation)
• adds support for Emscripten tracing builds
• emmalloc is now aware/compliant that other sources may call to sbrk(). If nobody else does, emmalloc still does the optimal unfragmenting thing.
• adds a new header <emscripten/emmalloc.h> which provides an expanded memory allocation API:
  • in particular functions emmalloc_realloc_try(), emmalloc_realloc_uninitialized() and emmalloc_aligned_realloc_uninitialized() which enable much more efficient C++ STL container implementation than standard std::vector/std::list etc can do.
  • in addition to implementing mallinfo(), provides functions emmalloc_free_dynamic_memory(), emmalloc_unclaimed_heap_memory(), emmalloc_dynamic_heap_size() and emmalloc_compute_free_dynamic_memory_fragmentation_map() to get more precise allocation statistics.
  • supports memory freeing via malloc_trim()

Comparisons:

• New emmalloc is a hair bit smaller compared to old emmalloc according to benchmark.test_havlak, dlmalloc was 37022 bytes, old emmalloc was 31394 bytes, and new emmalloc is 31180 bytes.
• New emmalloc is about ~+30% faster than old emmalloc, and ~+1.5% faster than dlmalloc in benchmark.test_havlak:

dlmalloc:
Node.js: mean: 3.427 (+-0.045) secs median: 3.437 range: 3.362-3.487 (noise: 1.304%) (5 runs)
size: 37022, compressed: 3543

old emmalloc:
Node.js: mean: 4.414 (+-0.143) secs median: 4.348 range: 4.295-4.689 (noise: 3.237%) (5 runs)
size: 31394, compressed: 3560

new emmalloc:
Node.js: mean: 3.376 (+-0.032) secs median: 3.391 range: 3.338-3.419 (noise: 0.939%) (5 runs)
size: 31180, compressed: 3602

• Changing benchmark.test_havlak to multithreaded build with -s USE_PTHREADS=1 so that locking is in place, the now multithreaded emmalloc is ~+7.1% faster than multithreaded dlmalloc:

mt emmalloc:
Node.js: mean: 3.728 (+-0.049) secs median: 3.728 range: 3.642-3.792 (noise: 1.324%) (5 runs)
size: 62711, compressed: 9664

mt dlmalloc:
Node.js: mean: 3.994 (+-0.067) secs median: 3.966 range: 3.915-4.106 (noise: 1.665%) (5 runs)
size: 70338, compressed: 9602

The multithreaded benchmark.test_havlak still runs in a single thread, so the above stresses a noncontended case.

• According to tests/malloc_bench.cpp (em++ tests\malloc_bench.cpp -o a.html -O3), new emmalloc has less overhead (12.16 vs 12.20) than dlmalloc:

new emmalloc:
checksum: 316dd259
allocations: 4200847
mean alloc size: 31.51
max allocated: 699744
allocations #max 22209.92
sbrk chng: 969720
sbrk chng/allocs: 43.66
overhead: 12.16
sbrk top now: 0x5ede68

dlmalloc:
checksum: 32788815
allocations: 4200847
mean alloc size: 31.51
max allocated: 699744
allocations #max 22209.92
sbrk chng: 970720
sbrk chng/allocs: 43.71
overhead: 12.20
sbrk top now: 0x5ee000

and considerably less overhead than old emmalloc (12.16 vs 15.23):

old emmalloc:
checksum: 362013f1
allocations: 4200847
mean alloc size: 31.51
max allocated: 699744
allocations #max 22209.92
sbrk chng: 1037968
sbrk chng/allocs: 46.73
overhead: 15.23
sbrk top now: 0x5fe540

In summary, it is faster, smaller and has less overhead than dlmalloc and old emmalloc, when tested against benchmark.test_havlak and tests/malloc_bench.cpp.

There is https://github.com/daanx/mimalloc-bench that contains some benchmarks. Looks like most of them would require a bit of porting, but cfrac built quite easily, and

cfrac: dlmalloc is +17% faster than new emmalloc, but new emmalloc is +16.2% faster than old emmalloc.

In this PR src/settings.js is changed to default MALLOC setting from 'dlmalloc' to 'emmalloc' to have the bots run the whole suite through it, to verify that the new emmalloc is a feature complete replacement to dlmalloc. But to land should change back to default to dlmalloc instead.

[juj]

Restored dlmalloc in this PR after checking through the suite for everything to pass.

[sbc100]

Split out this change along with src/deps_info.json? Seems unrelated but maybe I'm wrong?

[juj]

It only started failing in this branch because of the deps structure changing.

[sbc100]

Do we need to re-declare all the POSIX names here? Would it be better to use the ones from stdlib.h and only declare the specific emmalloc symbols in this header?

[juj]

I think it's more documentative to re-declare them here. No harm in doing so, in fact, if there ever were a change in signature of one of the names, then this would loudly complain, and it'd trigger to change the signature of the corresponding emmalloc_ name as well.

[sbc100]

I'm unclear about heap growth vs growing the underlying wasm memory. Are they always the same thing?

Does emscripten_resize_heap above also require ALLOW_MEMORY_GROWTH? I'm a little confused a bout the use of the term "realloc" which normally implies the buffer could be moved. Maybe there could be a better name for this function? Is it basically like emscripten_resize_heap bug taking an absolute size?

[sbc100]

Since this function doesn't seem very well named perhaps we can avoid exposing it and keep it as an implementation detail. I see its only used in test code anyway. Could the test be modified to not depend on the this currently internal function?

[juj]

The intent is to be able to use emscripten_realloc_buffer in public code to resize the heap. In JS code we can use that to actually shrink the heap and release memory back to the browser.

emscripten_resize_heap only grows the heap with geometric/linear overgrowth, suitable for sbrk()-like allocators. emscripten_realloc_buffer is suitable for someone who is implementing their own malloc() that does not use sbrk().

[sbc100]

The current emscripten_resize_heap seems to take an absolute number of bytes not an increment. The fact that it can't shrink is a current implementation detail isn't it? With wasm IIUC there it is never possible to shrink memory I doubt that will ever change.

You are renaming the parameter to requested_growth_bytes but I don't see the implementation changing.

I think the terms heap and buffer and realloc are all a little confusing. IIUC what is really being resized here is the webassembly memory which hold static data, stack and heap.

Maybe we can come up with better names for these and some documentation. Do we really need two different memory resize functions? If we do shouldn't they be called something like:

• emscripten_memory_grow
• emscripten_memory_resize

?

[juj]

You are renaming the parameter to requested_growth_bytes but I don't see the implementation changing.

Thanks, good catch, when doing a documentation pass I misremembered the function argument behavior. Updated.

Do we really need two different memory resize functions?

Yes - while the automatic overgrowing is useful for some applications, for others it gets in the way if they don't want to do sbrk() or similar. I like the names emscripten_memory_grow() and emscripten_memory_resize, let's go with those. @kripken wdyt?

[juj]

Actually, on another thought, I don't want to grow this PR and start renaming functions here, that should be for later. Note that the implementation here does not add any new heap resize/grow functionality, but just exposes the function that has already existed for a long time.

[sbc100]

This also looks like it just used in tests. Is it worth added this JS library just for sake of a test case? Maybe there is some way to avoid it?

[juj]

The intent is to expose that function to public API for users of emmalloc, hence testing that it works in that test.

[sbc100]

But isn't that function internal-only right now? So the fact that it has a bad name is currently not an issue?

[sbc100]

I agree that this should be split out into a separate PR btw. Although I'm still not convinced about the need to shrink memory (since its not possible with wasm).

[sbc100]

I'm seeing local failures and some CI failures in wasm0.test_emmalloc_memory_statistics.

Locally:

$ ./tests/runner.py wasm0.test_emmalloc_memory_statistics
./tests/runner.py:WARNING: use EMTEST_ALL_ENGINES=1 in the env to run against all JS engines, which is slower but provides more coverage
Test suites:
['test_core']
Running test_core: (1 tests)
(checking sanity from test runner)
shared:INFO: (Emscripten: Running sanity checks)
test_emmalloc_memory_statistics (test_core.wasm0) ... (test did not pass in JS engine: ['/usr/bin/nodejs'])
FAIL

======================================================================
FAIL: test_emmalloc_memory_statistics (test_core.wasm0)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/local/google/home/sbc/dev/wasm/emscripten/tests/runner.py", line 116, in decorated
    func(self, *args, **kwargs)
  File "/usr/local/google/home/sbc/dev/wasm/emscripten/tests/test_core.py", line 194, in decorated
    func(self)
  File "/usr/local/google/home/sbc/dev/wasm/emscripten/tests/runner.py", line 116, in decorated
    func(self, *args, **kwargs)
  File "/usr/local/google/home/sbc/dev/wasm/emscripten/tests/test_core.py", line 931, in test_emmalloc_memory_statistics
    self.do_run_in_out_file_test('tests', 'core', 'test_emmalloc_memory_statistics')
  File "/usr/local/google/home/sbc/dev/wasm/emscripten/tests/test_core.py", line 276, in do_run_in_out_file_test
    self.do_run_from_file(src, output, **kwargs)
  File "/usr/local/google/home/sbc/dev/wasm/emscripten/tests/runner.py", line 1120, in do_run_from_file
    self.do_run(open(src).read(), open(expected_output).read(), *args, **kwargs)
  File "/usr/local/google/home/sbc/dev/wasm/emscripten/tests/runner.py", line 1174, in do_run
    self.assertContained(expected_output, js_output, check_all=assert_all)
  File "/usr/local/google/home/sbc/dev/wasm/emscripten/tests/runner.py", line 856, in assertContained
    additional_info
AssertionError: Expected to find '1
0
106971424
4210892
3
0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 
21997632
' in '1
0
106971424
4210892
3
0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 
21997584
', diff:

--- expected
+++ actual
@@ -4,5 +4,5 @@
 4210892
 3
 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0
-21997632
+21997584

CI: https://app.circleci.com/jobs/github/emscripten-core/emscripten/227658

Its strange because the CI for this change seems to have passed ..

[kripken]

This breaks the use case of sbrk(0) being used to find the current break point, I think?

[kripken]

Oh no wait, it's still zero then, nm...

[kripken]

why was this changed?

[Akaricchi]

Changing MALLOC_ALIGNMENT (and ALLOCATION_UNIT in the test) to 16 makes this assertion fail:

assert(size_t(third) == size_t(first) + ((100 + ALLOCATION_UNIT - 1)&(-ALLOCATION_UNIT)) + ALLOCATION_UNIT); // allocation units are multiples of ALLOCATION_UNIT

third - first is still 112, as if ALLOCATION_UNIT == 8. The pointers seem appropriately aligned, however. I'm not sure I understand the purpose of this test.

[Akaricchi]

Seems like ALLOCATION_UNIT is no longer equal to alignment, but to SMALLEST_ALLOCATION_SIZE (which was equal to alignment in the previous implementation). I've changed the test like this:

diff --git a/system/lib/emmalloc.cpp b/system/lib/emmalloc.cpp
index 417ae3f33..27d35dd39 100644
--- a/system/lib/emmalloc.cpp
+++ b/system/lib/emmalloc.cpp
@@ -40,6 +40,7 @@
  *    malloc.
  */
 
+#include <stddef.h>
 #include <stdint.h>
 #include <unistd.h>
 #include <memory.h>
@@ -61,7 +62,7 @@ extern "C"
 
 // Configuration: specifies the minimum alignment that malloc()ed memory outputs. Allocation requests with smaller alignment
 // than this will yield an allocation with this much alignment.
-#define MALLOC_ALIGNMENT 8
+#define MALLOC_ALIGNMENT __alignof__(max_align_t)
 
 // Configuration: If EMMALLOC_USE_64BIT_OPS is specified, emmalloc uses 64 buckets for free memory regions instead of just 32.
 // When building to target asm.js/wasm2js, 64-bit ops are disabled, but in Wasm builds, 64-bit ops are enabled. (this is
diff --git a/tests/core/test_emmalloc.cpp b/tests/core/test_emmalloc.cpp
index 4f86f2f25..9730bb1a2 100644
--- a/tests/core/test_emmalloc.cpp
+++ b/tests/core/test_emmalloc.cpp
@@ -38,7 +38,7 @@ void stage(const char* name) {
   }, name);
 }
 
-const size_t ALLOCATION_UNIT = 8;
+#define ALLOCATION_UNIT SMALLEST_ALLOCATION_SIZE
 
 void basics() {
   stage("basics");
@@ -58,7 +58,7 @@ void basics() {
   assert(size_t(third) == size_t(first) + ((100 + ALLOCATION_UNIT - 1)&(-ALLOCATION_UNIT)) + ALLOCATION_UNIT); // allocation units are multiples of ALLOCATION_UNIT
   stage("allocate 10 more");
   void* four = malloc(10);
-  assert(size_t(four) == size_t(third) + (2*ALLOCATION_UNIT) + ALLOCATION_UNIT); // payload (10 = 2 allocation units) and metadata
+  assert(size_t(four) == size_t(ALIGN_UP((char*)(third) + (2*ALLOCATION_UNIT) + REGION_HEADER_SIZE, MALLOC_ALIGNMENT))); // payload (10 = 2 allocation units) and metadata
   stage("free the first");
   free(second);
   stage("several temp alloc/frees");

However, the min_alloc test fails now. Overall the test seems to conflate REGION_HEADER_SIZE, SMALLEST_ALLOCATION_SIZE, and MALLOC_ALIGNMENT. They all just happen to be 8 by default, so it "works". I don't understand the details enough to unravel this in a reasonable amount of time. Please fix the test to work with arbitrary valid MALLOC_ALIGNMENTs.

[sbc100]

This is currently breaking the auto-roller:
https://chromium-review.googlesource.com/c/emscripten-releases/+/1994406
https://logs.chromium.org/logs/emscripten-releases/buildbucket/cr-buildbucket.appspot.com/8891696412123708400/+/steps/Emscripten_testsuite__upstream__wasm0_/0/stdout

Can we revert and reland after investigation?

[juj]

#10183 should resolve the builder issues. I am not sure why, but the dynamic top sizes end up being slightly different for different systems. Perhaps static data section sizes end up being different on different runs(?)

[sbc100]

Thanks for the quick fix! The non-determinism there is pretty strange. Did you ever see it locally, or is it just between different machines? Is it worth opening a bug and trying to track it down?

[juj]

I only saw it on the CI - my first suspect would be \r\n vs \n line endings, so --output-eol might help diagnose there. Though not completely sure. It might be worth a bug entry.

Btw, do you know what would need to be done to make emmalloc compatible with ASan or LSan? That would be quite interesting I think.

[juj]

@Akaricchi : dropped that whole part of the test, it was testing invariants that were specific to previous emmalloc version and no longer hold with the updated emmalloc, so that code was good to go away.