Newmalloc Improvements (Revised)

[Lightning11wins]

Improves the developer experience when using the NewMalloc system by using a cleaner code structure with comments to enable faster speed-reading. This new code intends to make it easy for readers to quickly skim code without getting lost in irrelevant logic for features that might not even be enabled.

This branch also introduces some improvements in the final commit, the largest of which is adding nmSysGetSize(), which I anticipate will be very useful in some scenarios. (I already have at least one place I want to use it.)

I recommend that Greg take ownership of the first commit so that we can avoid having me get git blamed for reformatting most of the file with very minimal changes to any of the logic.

[Lightning11wins]

This PR is the revised version of #82, which will now be closed.

Similarly, merging this PR closes #81.

[greptile-apps]

Greptile Summary

This PR refactors the NewMalloc memory management subsystem for improved readability, adding extensive comments, consistent formatting, and modernized C idioms (bool, size_t, stdbool.h). It also changes counter types from int to unsigned long long int, changes size parameters from int to size_t, adds a new nmSysGetSize() function, and introduces strtcpy() for safe string copies.

Key issues found:

• Broken BUFFER_OVERFLOW_CHECKING mode: The MemStruct.size field was changed from int to size_t, but the EXTRA_MEM, MEMDATA, MEMDATATOSTRUCT, and ENDMAGIC macros still use hardcoded sizeof(int) offsets. On 64-bit systems this causes incorrect pointer arithmetic, memory corruption, and broken overflow detection.
• Compilation error in nmSysRealloc(): The variable size is referenced at line 884 but never declared in that function scope, causing a build failure when both NM_USE_SYSMALLOC and SIZED_BLK_COUNTING are defined.
• Memory leak in nmSysMalloc(): When size > UINT_MAX, memory allocated at line 788 is never freed before returning NULL.
• Format specifier mismatches: %d used for size_t in nmFree (line 554), and %lld used for unsigned long long in nmDebug (line 680).

Confidence Score: 1/5

• This PR has critical bugs that will cause memory corruption and compilation failures in certain build configurations.
• The MemStruct/macro mismatch will silently corrupt memory in BUFFER_OVERFLOW_CHECKING builds, the undeclared variable in nmSysRealloc will prevent compilation with SIZED_BLK_COUNTING + NM_USE_SYSMALLOC, and the memory leak in nmSysMalloc loses allocated memory on the error path. These issues must be resolved before merging.
• centrallix-lib/src/newmalloc.c requires significant attention — the MemStruct macro definitions (lines 75-87), nmSysRealloc (lines 860-893), and nmSysMalloc (lines 780-814) all have critical bugs.

Important Files Changed

Filename	Overview
centrallix-lib/src/newmalloc.c	Major refactoring of the memory management module. Contains several issues: broken BUFFER_OVERFLOW_CHECKING macros due to MemStruct size change, undeclared variable in nmSysRealloc, memory leak in nmSysMalloc, and format specifier mismatches.
centrallix-lib/include/newmalloc.h	Header updated with int-to-size_t type changes for function signatures, new nmSysGetSize() and nmPrintNames() declarations, and MAX_SIZE changed to unsigned long literal. Changes are largely correct.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    subgraph "nmMalloc(size)"
        A[nmMalloc called] --> B{MIN_SIZE ≤ size ≤ MAX_SIZE?}
        B -- Yes --> C{Cache hit?}
        C -- Yes --> D[Pop from lists cache]
        C -- No --> E[nmDebugMalloc]
        B -- No --> F[nmDebugMalloc]
        D --> G[Set OVERLAY Magic]
        E --> G
        F --> G
    end

    subgraph "nmFree(ptr, size)"
        H[nmFree called] --> I{Cacheable size?}
        I -- Yes, NO_BLK_CACHE off --> J[Add to lists cache, set ptr=NULL]
        I -- No --> K{ptr != NULL?}
        J --> K
        K -- Yes --> L[nmDebugFree]
        K -- No --> M[Done]
        L --> M
    end

    subgraph "nmSysMalloc(size) — NM_USE_SYSMALLOC"
        N[nmSysMalloc called] --> O["nmDebugMalloc(sizeof(uint) + size)"]
        O --> P{size > UINT_MAX?}
        P -- Yes --> Q["⚠️ return NULL (LEAK: ptr not freed)"]
        P -- No --> R[Store size as uint prefix]
        R --> S[Return ptr + sizeof uint]
    end

    subgraph "nmSysRealloc — NM_USE_SYSMALLOC"
        T[nmSysRealloc called] --> U{ptr == NULL?}
        U -- Yes --> V[nmSysMalloc]
        U -- No --> W{Size unchanged?}
        W -- Yes --> X[Return ptr]
        W -- No --> Y["nmDebugRealloc(buffer, new_size + uint)"]
        Y --> Z[Update size prefix]
        Z --> AA["⚠️ SIZED_BLK_COUNTING uses undeclared 'size'"]
    end

Loading

_{Last reviewed commit: c40fc8d}

[greptile-apps]

_{2 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}

[Lightning11wins]

@greptileai This new commit should resolve your comments.

[greptile-apps]

Greptile Summary

This PR refactors the NewMalloc memory management subsystem for improved readability, adding extensive comments, consistent formatting, and cleaner control flow. It also introduces two new functions: nmPrintNames() (extracted from nmDebug/nmDeltas) and nmSysGetSize() for retrieving the size of nmSys-allocated buffers. The strcpy call in nmRegister was replaced with strtcpy per project coding standards, and nmFree was restructured to avoid complex #ifdef nesting by using a ptr = NULL sentinel pattern.

• Build-breaking issue: strtcpy() is used in nmRegister() but #include "strtcpy.h" is missing, which will cause a compilation failure.
• Type mismatch: nmSysGetSize() assigns a char* expression to an int* without a cast.
• Signed overflow risk: nmDeltas() accumulates size_t * int products into an int variable, which can overflow when block sizes approach MAX_SIZE (8192).
• The temporary min/max macro definitions use GCC statement expressions (__typeof__, ({...})), which are non-portable. The TODO notes this is temporary pending the dups branch merge.

Confidence Score: 2/5

• This PR has a build-breaking missing include and a compiler type error that need to be fixed before merging.
• Score of 2 reflects a missing #include "strtcpy.h" that will prevent compilation, a type mismatch in nmSysGetSize that will produce compiler warnings/errors, and a signed overflow risk in nmDeltas. The refactoring itself is sound and the new functions are reasonable additions, but the build issues must be resolved first.
• centrallix-lib/src/newmalloc.c needs the missing include and type cast fixes before this PR can be merged.

Important Files Changed

Filename	Overview
centrallix-lib/include/newmalloc.h	Header updated with formatting improvements, new nmPrintNames() and nmSysGetSize() declarations, and minor comment/spacing fixes. Changes are straightforward with no logical issues.
centrallix-lib/src/newmalloc.c	Major refactor with improved comments, code structure, new nmPrintNames() and nmSysGetSize() functions, and strtcpy usage. Has a build-breaking missing include (strtcpy.h), a type mismatch in nmSysGetSize, and a potential signed overflow in nmDeltas.

Flowchart

flowchart TD
    A[nmSysMalloc] -->|"allocates size+sizeof(int)"| B[nmDebugMalloc]
    C[nmSysFree] -->|"frees ptr-sizeof(int)"| D[nmDebugFree]
    E[nmSysRealloc] -->|"same size? early return"| F{size == new_size?}
    F -->|Yes| G[return ptr unchanged]
    F -->|No| H[nmDebugRealloc]
    I["nmSysGetSize (NEW)"] -->|"reads *(ptr - sizeof(int))"| J[return stored size]
    K[nmSysStrdup] -->|"strlen + nmSysMalloc + memcpy"| A
    
    B --> L{BUFFER_OVERFLOW_CHECKING?}
    L -->|Yes| M["malloc with magic guards"]
    L -->|No| N["plain malloc"]
    
    D --> O{BUFFER_OVERFLOW_CHECKING?}
    O -->|Yes| P["check magic + unlink + free"]
    O -->|No| Q["plain free"]

Loading

_{Last reviewed commit: 6940889}

[greptile-apps]

_{2 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[Lightning11wins]

@greptileai Sorry for that mess! This type overhaul should resolve all of your previous concerns.

[greptile-apps]

_{2 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

centrallix-lib/src/newmalloc.c
BUFFER_OVERFLOW_CHECKING macros out of sync with struct

The size field was changed from int to size_t, but the EXTRA_MEM, MEMDATA, MEMDATATOSTRUCT, and ENDMAGIC macros all still use hardcoded sizeof(int) calculations that assume the old struct layout.

On a 64-bit system:

• Old struct: int size (4) + _mem *next (8) + int magic_start (4) = 16 bytes
• New struct: size_t size (8) + _mem *next (8) + int magic_start (4) + padding (4) = 24 bytes
• MEMDATA(x) calculates offset as sizeof(int)*2 + sizeof(void*) = 16, which no longer matches sizeof(MemStruct) (24)

This means MEMDATA() will point into the middle of the struct instead of past it, causing nmDebugMalloc to return a pointer that overlaps with magic_start. Similarly MEMDATATOSTRUCT() will compute the wrong base address, and ENDMAGIC() will read/write the end-magic sentinel at the wrong location. All buffer overflow detection in BUFFER_OVERFLOW_CHECKING mode will be broken, and memory corruption will occur.

These macros should be updated to use sizeof(MemStruct) (or at least account for the new size_t field) instead of the hardcoded sizeof(int)*2 + sizeof(void*).

[greptile-apps]

No, there's no code outside the newmalloc module that depends on the int at the start of the nmSys block or on it being four bytes long.

All access to nmSys blocks goes through the public API functions (nmSysMalloc(), nmSysFree(), nmSysRealloc(), nmSysStrdup(), nmSysGetSize()), which encapsulate the internal structure. The implementation details are completely hidden from external code.

You're free to change the size or type of that field as long as you update all internal references within newmalloc.c consistently.

[Lightning11wins]

@greptileai This new commit should resolve your previous concerns. Do you have any other comments?

[greptile-apps]

The code looks good! All my previous concerns have been addressed:

• ✅ Type safety improved with size_t used consistently throughout
• ✅ Format specifiers corrected (%zu, %llu)
• ✅ Buffer overflow in nmDebugRealloc() fixed
• ✅ Missing include (strtcpy.h) added
• ✅ The size variable issue in nmSysRealloc() resolved by capturing size before reallocation
• ✅ All pointer arithmetic and type casting corrected

The refactoring improves code readability significantly while maintaining correctness. Nice work!