Open Radar

 
Summary:
The attachMethodLists call, invoked when attaching category methods to an Objective-C class during dlopen, reallocs wastefully, potentially allocating a lot more space than it needs:
0x00007fff833512c5  <+0074>  lea    0x0(,%rax,8),%r13
0x00007fff833512cd  <+0082>  callq  0x7fff83359170 <dyld_stub_malloc_size>
0x00007fff833512d2  <+0087>  mov    %rax,%r12
0x00007fff833512d5  <+0090>  mov    -0x38(%rbp),%rax
0x00007fff833512d9  <+0094>  mov    0x20(%rax),%rbx
0x00007fff833512dd  <+0098>  lea    (%r12,%r13,1),%rsi
0x00007fff833512e1  <+0102>  mov    0x10(%rbx),%rdi
0x00007fff833512e5  <+0106>  callq  0x7fff8334426a <_realloc_internal>

malloc_size is documented to report the size of the entire block occupied by the memory, which is guaranteed to be at least the size requested when it was allocated.  However, it could be more.  In the case that it is more and there was enough space for the new entry, attachMethodLists is forcing a reallocation and potential copy when none was needed.  attachMethodLists should invoke realloc with the size of the structure plus whatever space it needs, not the size of the memory block the structure occupies plus the space it needs.

(This particular problem was uncovered because Google's tcmalloc aggressively increases the amount it reallocs per call on a given piece of memory, returning 1.25x the requested amount each time.  The result is a method list for NSObject that balloons upwards of 500MB!)

Steps to Reproduce:
dlopen a library containing objective-c categories.

Expected Results:
attachMethodLists should invoke realloc with the size of the previous method list structure plus whatever space it needs.

Actual Results:
attachMethodLists invokes realloc with the size of the memory block the structure occupies plus the space it needs.  This may be significantly more than it could possibly want.  In the case of tcmalloc, it causes huge problems.

Regression:

Notes: