+
+/** @brief Snapshotting malloc, for use by model-checker (not user progs) */
+void * snapshot_malloc(size_t size)
+{
+ void *tmp = mspace_malloc(model_snapshot_space, size);
+ ASSERT(tmp);
+ return tmp;
+}
+
+/** @brief Snapshotting calloc, for use by model-checker (not user progs) */
+void * snapshot_calloc(size_t count, size_t size)
+{
+ void *tmp = mspace_calloc(model_snapshot_space, count, size);
+ ASSERT(tmp);
+ return tmp;
+}
+
+/** @brief Snapshotting realloc, for use by model-checker (not user progs) */
+void *snapshot_realloc(void *ptr, size_t size)
+{
+ void *tmp = mspace_realloc(model_snapshot_space, ptr, size);
+ ASSERT(tmp);
+ return tmp;
+}
+
+/** @brief Snapshotting free, for use by model-checker (not user progs) */
+void snapshot_free(void *ptr)
+{
+ mspace_free(model_snapshot_space, ptr);
+}
+
+/** Non-snapshotting free for our use. */
+void model_free(void *ptr)
+{
+#if USE_MPROTECT_SNAPSHOT
+ static void (*freep)(void *);
+ char *error;
+
+ /* get address of libc free */
+ if (!freep) {
+ freep = (void (*)(void *))dlsym(RTLD_NEXT, "free");
+ if ((error = dlerror()) != NULL) {
+ fputs(error, stderr);
+ exit(EXIT_FAILURE);
+ }
+ }
+ freep(ptr);
+#else
+ mspace_free(sStaticSpace, ptr);
+#endif
+}
+
+/** Bootstrap allocation. Problem is that the dynamic linker calls require
+ * calloc to work and calloc requires the dynamic linker to work. */
+
+#define BOOTSTRAPBYTES 4096
+char bootstrapmemory[BOOTSTRAPBYTES];
+size_t offset = 0;
+
+void * HandleEarlyAllocationRequest(size_t sz)
+{
+ /* Align to 8 byte boundary */
+ sz = (sz + 7) & ~7;
+
+ if (sz > (BOOTSTRAPBYTES-offset)) {
+ model_print("OUT OF BOOTSTRAP MEMORY\n");
+ exit(EXIT_FAILURE);
+ }
+
+ void *pointer = (void *)&bootstrapmemory[offset];
+ offset += sz;
+ return pointer;
+}
+
+/** @brief Global mspace reference for the model-checker's snapshotting heap */
+mspace model_snapshot_space = NULL;
+
+#if USE_MPROTECT_SNAPSHOT
+
+/** @brief Global mspace reference for the user's snapshotting heap */
+mspace user_snapshot_space = NULL;
+
+/** Check whether this is bootstrapped memory that we should not free */
+static bool DontFree(void *ptr)
+{
+ return (ptr >= (&bootstrapmemory[0]) && ptr < (&bootstrapmemory[BOOTSTRAPBYTES]));
+}
+
+/**
+ * @brief The allocator function for "user" allocation
+ *
+ * Should only be used for allocations which will not disturb the allocation
+ * patterns of a user thread.
+ */
+static void * user_malloc(size_t size)
+{
+ void *tmp = mspace_malloc(user_snapshot_space, size);
+ ASSERT(tmp);
+ return tmp;
+}
+
+/**
+ * @brief Snapshotting malloc implementation for user programs
+ *
+ * Do NOT call this function from a model-checker context. Doing so may disrupt
+ * the allocation patterns of a user thread.
+ */
+void *malloc(size_t size)
+{
+ if (user_snapshot_space) {
+ /* Only perform user allocations from user context */
+ ASSERT(!model || thread_current());
+ return user_malloc(size);
+ } else
+ return HandleEarlyAllocationRequest(size);
+}
+
+/** @brief Snapshotting free implementation for user programs */
+void free(void * ptr)
+{
+ if (!DontFree(ptr))
+ mspace_free(user_snapshot_space, ptr);