Post on 10-Apr-2018
transcript
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 1/42
Advanced C - Workshop
Version: <1.3>
Date: < 23/10/2006>
By
Madheswaran D
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 2/42
Wipro confidential 2
Introduction
P re-requisitesBasic C knowledge (Not covered here)Familiarity with Unix environment (basic unix commands, user knowledge on Vi or Emacs editors). (Not covered here)
Alignment & P adding issues.Good understanding about pointers.Good understanding about bitwise operators
Advanced Topics
H andy Expressions involving bit wise operationsStack frames What happens during function callsVariable arguments H ow is it implemented?Dynamic memory allocation A sample design of malloc/free
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 3/42
Wipro confidential 3
Alignment & P adding
For today¶s session, assume following sizes and study the following program
Char: 1 byteInt: 4 bytesShort: 2 bytes
typedef struct {
char name[30];int empno;
int salary; } EmpRec, * EmpRecPtr;
main(){
int x = 1;char y = 2;
int z = 3;EmpRec abc;EmpRecPtr empr = &abc;
printf(³Sizes: int=%d, char=%d, EmpRec=%d, EmpRecPtr=%d\n´, sizeof(x), sizeof(y),sizeof(abc), sizeof(empr));
printf(³Address: &x=%p, &y=%p, &z=%p, &abc=%p, &empr=%p\n´, &x, &y, &z, &abc,&empr); printf("Address: &abc.name=%p, &abc.empno=%p, &abc.salary=%p\n", &abc.name,&abc.empno, &abc.salary); }
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 4/42
Wipro confidential 4
Alignment & P adding
For today¶s session, assume following sizes and study the following program
Char: 1 byteInt: 4 bytesShort: 2 bytes
typedef struct {
char name[30];int empno;int salary;
} EmpRec, * EmpRecPtr;
main(){
int x = 1;char y = 2;int z = 3;EmpRec abc;EmpRecPtr empr = &abc;
printf(³Sizes: int=%d, char=%d, EmpRec=%d, EmpRecPtr=%d\n´, sizeof(x), sizeof(y),sizeof(abc), sizeof(empr));
printf(³Address: &x=%p, &y=%p, &z=%p, &abc=%p, &empr=%p\n´, &x, &y, &z, &abc,&empr); printf("Address: &abc.name=%p, &abc.empno=%p, &abc.salary=%p\n", &abc.name,&abc.empno, &abc.salary);}
S izes: int=4, char=1, EmpRec=40, EmpRecPtr=4 Address: &x=0xbffffb3c, &y=0xbffffb3b, &z=0xbffffb34,&abc=0xbffffb00, &empr=0xbffffafc
Address: &abc.name=0xbffff b00 ,&abc.empno=0xbffffb20, &abc.salary=0xbffffb24
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 5/42
Wipro confidential 5
typedef struct{
char name[30];int empno;int salary;
} EmpRec, *EmpRec P tr;
main(){
int x = 1;char y = 2;int z = 3;EmpRec abc;EmpRec P tr empr = &abc;
printf("Sizes: int=%d, char=%d, EmpRec=%d,EmpRec P tr=%d\n", sizeof(x), sizeof(y),
sizeof(abc), sizeof(empr));printf("Address: &x=%p, &y=%p, &z=%p,&abc=%p, &empr=%p\n", &x, &y, &z, &abc,&empr);printf("Address: &abc.name=%p,&abc.empno=%p, &abc.salary=%p\n",&abc.name, &abc.empno, &abc.salary);
}
Memory view
Stack grows
this way
Lower Memory
H igher Memory
1 | 0 | 0 | 0b3c b3f p | p | p | 2b383 | 0 | 0 | 0
b3bb37b34
p | p | p | p
p | p | p | pp | p | p | p
| | | b27b28b24
| | |b20| | p | p
&(abc.empno)
| | |
| | |
&(abc.salary)
| | |
| | |
| | || | |
b00
b1f
&(abc.name)
&x&z &y
| | |
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 6/42
Wipro confidential 6
Alignment & P adding
Memory address of a variable will align with their size.In some architectures, unaligned access can result in SIGBUS.
In some cases, the memory access will be split
This is applicable for global variables, local variables,
arguments passed to function and structure/union as well.To ensure address is correctly aligned, padding is done. Keepthis in mind:
To calculate the size of structure/unionBeware if this is mapped to a set of registers.
Assembly/C intermixing ± Suitable mask & shifting may neededBit fields doesn¶t have such alignment requirements
Compiler generates code with masks & shifts to handle this.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 7/42
Wipro confidential 7
main(){
char x = 10;char y = 20;int *p = &y;
printf(³&y=%p &p=%p\n´, &y, &p);printf(³%d\n´, (*p) & 0xff); /* SIGBUS or unaligned split access */}
SIGBUS or S P LIT ACCESS EXAM P LE
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 8/42
Wipro confidential 8
Alignment & P adding
Assume aH /W device is memory mapped on the system busO ccupies a address space of 16 bytes where 8 registers are located
Three 32 bit Registers(CNTL1, CNTL2, CNTL3, in that order)Four 8 bit Registers(STAT1, STAT2, STAT3, and ERR in that order)Assume it is located at 0x2000 in the memory map
A structure can be defined to map thisstruct hw_device {
unsigned int cntl1;unsigned int cntl2;unsigned int cntl3;unsigned char stat1;unsigned char stat2;unsigned char stat3;unsigned char err;
} *my_hw_device;
my_hw_device_ptr = (struct hw_device *) (0x2000);The registers can be accessed as my_hw_device->cntl1, my_hw_device->err and so on.S implifies access to device registers, useful to device driver writers, O S developers .
Should be careful about any padding for alignment restrictions
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 9/42
Wipro confidential 9
Example ± Where padding causes trouble
Register sequence:Two 32 bit Registers(CNTL1, CNTL2, in that order)Three 8 bit Registers(STAT1, STAT2, STAT3, in that order)O ne 32 bit register CNTL3O ne 8 bit register ERRBad structure that can cause trouble:
typedef struct hw_device {unsigned int cntl1;unsigned int cntl2;unsigned char stat1;unsigned char stat2;unsigned char stat3;unsigned int cntl3;unsigned char err;
} MYDEVICE, *MYDEVICE_ P TR;
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 10/42
Wipro confidential 10
P ointers ± Basics
P ointer holds address of a variable.int x = 10;int *p = &x;printf(³&x=%p, p=%p, x=%d, *p=%d\n´, &x, p, x, *p);
O utput:&x=0x22cce4, p=0x22cce4, x=10, *p=10
Then why do you need a pointer?& cannot be used as a ³lvalue´&x = p; /* this is not a legal statement */
Even const pointers doesn¶t have lvalueInt * const p = x;p = p + 1; /* illegal statement */
const int *p = x;*p = 10; /* illegal statement */
Arrays and P ointerschar a[10]=³ H ello´;char *str = a;int b[10];Int *intp = b;printf(³%s %s\n´, a, str);printf(³%c %c %c %c\n´, a[1], str[1], 1[str], 1[a]);printf(³%p %p %p %p\n´, a, str, &a[1], str+1);printf(³%p %p %p %p\n´, b, intp, &b[1], intp+1);O utput:
H ello H elloe e e e0x22ccd0 0x22ccd0 0x22ccd1 0x22ccd1
Then pointers and arrays be interchangeably used? Yes and No.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 11/42
Wipro confidential 11
P ointers ± Basics
Arrays and P ointerschar a[10]=³ H ello´;char *str = a;printf(³%d %d %d\n´, sizeof(a), sizeof(str), strlen(a));
O utput:10 4 5
Double Dimension arrays and double pointersmain(){
char a[5][10]={"One", "Two", "Three", "Four", "Five" };char **str = a;char *b[5]={"One", "Two", "Three", "Four", "Five" };char **str1 = b;
printf("%d %d %d %d\n", sizeof(a), sizeof(str), sizeof(b), sizeof(str1)); printf("%p %p %p %p %p %p\n", a, str, &a[1], &str[1], &a[1][1], &str[1][1]); printf("%p %p %p %p %p %p\n", b, str1, &b[1], &str1[1], &b[1][1], &str1[1][1]);
}O utput:
50 4 20 40x22cca0 0x22cca0 0x22ccaa 0x22cca4 0x22ccab 0x10x22cc60 0x22cc60 0x22cc64 0x22cc64 0x403005 0x403005
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 12/42
Wipro confidential 12
Arrays and Pointerschar a[10]=³Hello ;́char *str = a;
printf(³%d %d %d\n´, sizeof(a),sizeof(str), strlen(a));
Output:10 4 5
D ouble D imension arrays and double pointersmain(){
char a[5][10]={"One", "Two", "Three", "Four", "Five" };char **str = a;char *b[5]={"One", "Two", "Three", "Four", "Five" };char **str1 = b;
printf("%d %d %d %d\n", sizeof(a), sizeof(str), sizeof(b), sizeof(str1)); printf("%p %p %p %p %p %p\n", a, str, &a[1], &str[1], &a[1][1], &str[1][1]);
printf("%p %p %p %p %p %p\n", b, str1, &b[1], &str1[1],&b[1][1], &str1[1][1]); }
O utput:50 4 20 40x22cca0 0x22cca0 0x22ccaa 0x22cca4 0x22ccab 0x10x22cc60 0x22cc60 0x22cc64 0x22cc64 0x403005 0x403005
P ointers ± Basics
20:because itis array of 5 pointers
S tr points to apointer.&str[1] isstr+1 and since
size of a pointer is4 bytes, str + 1
translates to0x22cca0 + 4
a[1]: S econddimension size of ais 10 and hence 10
is added.
Add 1 to a[1]
&str[1][1] translate to&(*(*(str+4) + 1)), i.e
&(*(*(0x22cca4) + 1))).
This is equal to
&(*(0 + 1)) and isequal to 1 and str[1][1]
will be a junk value
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 13/42
Wipro confidential 13
P ointer Basics
a
One\0
Two\0
Three\0
Four\0
Five\0
b[0]
b[1]
b[2]
b[3]
b[4]
O n e \0
T w o \0
0 1 2 3 4 5 6 7 8 9
T h r e e \0
F o u r \0
F i v e \0
a[0]
a[1]
a[2]
a[3]
a[4]
b
&str[0][0]
&str1[0][0]
str1[1]=*(s
tr1 +4byte)
str1[1][0]=
*(*(str1+4bytes)+0) = T
&str[1][1] translates to&(*(*(str+4byte) + 1)),i.e &(*(*(0x22cca4) +1))). This is equal to
&(*(0 + 1)) and is equalto 1. S o str[1][1] will be
a junk value
str1[1][1]
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 14/42
Wipro confidential 14
P ointer Basics
One\0
Two\0
Three\0
Four\0
Five\0
b[0]
b[1]
b[2]
b[3]
b[4]
O n e \0
T w o \0
0 1 2 3 4 5 6 7 8 9
T h r e e \0
F o u r \0
F i v e \0
a[0]
a[1]
a[2]
a[3]
a[4]
a b
char *temp = ³junk´;a[0]=temp;
char *temp= ³junk´;b[2] = temp;
Junk\0
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 15/42
Wipro confidential 15
P ointers ± Arithmetic & Casting
typedef struct
{int day;int month;int year;
} Date;
int abc=0xdeadbeef;int def=0xc0ffee;char ghi[6]=³abcde´;int jkl = 0xdeafca1f;short mno = 0xcade;Date pqr = { 1, 1, 2006 };
main(){
int *ip = &abc;short *sp = (short *)&abc;char *cp = (char *) &abc;Date *dp = (Date *) &abc;
««..}
Note: Little endian architecture assumed
ef be ad de ee ff c0 00 µa¶ µb¶ µc¶ µd¶ µe¶ 0 0 1f ca af de de ca 0 0 1 0 00
all
cp+1 sp+1 ip+1cp+5 sp+3 ip+2 dp+1
ip + 3
sp + 8cp + 12
dp+2
ip + 6
sp + 16cp + 24
When a pointer is incremented by 1, depending uponthe type, number of bytes moved will defer.
When casting from one type to another
Take care alignment issues ( SIGBUS )
Keep in mind that number of bytes that will movefor every increment/decrement will change.
0
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 16/42
Wipro confidential 16
P ointers ± Function pointers
P ointers can point to functions as well in addition to variables.Declaration example: int (*f1)(int,char **) -> P ointer to a function that returns int and takesone integer and one char double pointer as arguments.Assignment example: f1=main;
All the pointer arithmetic, casting, etc is applicable function pointers also.void * fast_algo(int size);void * mid_algo(int size);void * slow_algo(int size);typedef enum { HIGHSPEE D _HIGHMEM, MI D SPEE D _MI D MEM, LOWSPEE D _LOWMEM } ALGO_CLASS;
ALGO_CLASS x;void* (*MemAllocAlgo[3])(int) = { fast_algo, mid_algo, slow_algo};void* (*MyAlloc)(int);void AssignAllocator(ALGO_CLASS user_choice){
void* (**TempMyAlloc)(int);TempMyAlloc = MemAllocAlgo;
MyAlloc = MemAllocAlgo[user_choice]; /* Alternate1: MyAlloc= TempMyAlloc[user_choice] Alternate 2: MyAlloc = *(TempMyAlloc + user_choice) */
}
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 17/42
Wipro confidential 17
Volatile pointers
Volatile keywords informs compiler that optimisations must be disabled for that variable.The following code has a problem. Compiler will not generate code for disabling interrupt.
#define BASE_ADDRESS 0x 8 08 08 000#define INTERRU P T_REGISTER_ O FFSET 0x10CriticalSection(){
int *intr_reg = (BASE_ADDRESS + INTERRU P T_REGISTER_ O FFSET);*(intr_reg) = 1; /* disables interrupt */
/* critical code, interrupt must be disabled here */««.««.
/* critical code is executed, interrupt can be enabled here */*(intr_reg) = 0; /* enables interrupt */
}
The problem can be solved simply by defining intr_reg as volatile:volatile int *intr_reg = (BASE_ADDRESS + INTERRU P T_REGISTER_ O FFSET);
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 18/42
Wipro confidential 18
Think about this ± Volatile & Constant together
Can constant and volatile be used together during adeclaration?Example:
volatile int * const p = 0xc 8 000000;
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 19/42
Wipro confidential 19
Bit Manipulations
main(){
int x = -10;printf(³%d\n´, ~x+1);
}
main(){
unsigned int x = 5 ;while(--x >= 0){
printf(³H
ello World\n´);}}
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 20/42
Wipro confidential 20
Bit Manipulations
main(){
int x = -10;printf(³%d\n´, ~x+1);
}
main(){
unsigned int x = 5 ;while(--x >= 0){
printf(³H
ello World\n´);}}
O utput: 10~x represents one¶s compliment of x.~x+1 represents two¶s compliment of x. (i.enegative of x)
H elloWorld is printed infinitely.X becomes MAXINT when it is decrementedwhile it is having a value of 0.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 21/42
Wipro confidential 21
Arithmetic and Logical Shifts
main(){
int x = 0x 8 0000000;printf(³%x\n´, x >> 1);
}
main(){
unsigned int x = 0x 8 0000000;
printf(³%x\n´, x >> 1);}
O utput: 0xC0000000Signed number, ³sign extension´ happensfor right shift. (Arithmetic shift)
O utput: 0x40000000Unsigned number, ³sign extension´doesn¶t happen for right shift. (Logical shift)
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 22/42
Wipro confidential 22
Advanced Topics
H andy Bitwise ExpressionsStack frames What happens during function callsVariable arguments H ow is it implemented?Dynamic memory allocation H ow can it be implemented?
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 23/42
Wipro confidential 23
H andy Bitwise Expressions
ExpressionP
urpose Remarks1 X & 1 Check whether number
is odd or evenAll numbers are interms of 0¶s and 1¶s andhence it is sufficient check the last bit
2 X << 1 Multiply by 2
3 X >> 1 Divide by 2
4 ~X+1 Negative the number Negative numbers are represented by twocomplement. (one¶s complement +1)
5 X ̂ all¶ones Bit toggling (equivalentto ~)
6 X >> 31 To find out the sign of the number of X
Result is 0 or -1 based on the sign.
7 Mask = X >> 31Result = (~Mask & X) | (Mask & (-X))
ABS(X) without usingcomparisions
Mask contains all zeros if X is positive andall ones if X is negative.
8 Mask = (X-Y) >> 31Result = (Mask & X) | (~Mask & Y)
Min(X, Y) without usingcomparisions
Mask contains all zeros if Y is less than or equal to X and all ones if X is less than Y.
9 Mask = (X-Y) >> 31Result = (Mask & Y) | (~Mask & X)
Max(X, Y) without usingcomparisions
Mask contains all zeros if X is greater thanor equal to Y and all ones if Y is greater than X.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 24/42
Wipro confidential 24
Exercise 1: P ower of 2.
Come up with an ³handy´ expression that can be used todetect whether the given number is a power of 2.Clue: All number that is a power of 2 will have just one bit set.
Examples:
1 ± 000000012 ± 000000104 ± 000001008 ± 0000100016- 0001000032 -00100000
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 25/42
Wipro confidential 25
X8 6 Stack view during function calls in C
Sample program:
/* assuming EB P as a integer pointer */int f2(int x1, int y1) /* x1 is *(EB P +2), y1 *(EB P + 3) */{
int l 5 = 110; /* l 5 is *(EB P ± 1), l6 is *(EB P -2) */int l6 = 120;
return (0)
}
int f1(int x, int y){
int l3 = 5 0;int l4 = 60;return f2(l3 + x, l4 + y);
/* right most argument pushed to stack first */
}main(){
int l1 = 10;int l2 = 20;int l3 = f1(l1 + 20, l2 + 20);
}
ES P
EB P
Stack grows
this way
y
Lower Memory
H igher Memory
xRet addr in main
P rev Frame P tr l3
Saved regs in f1y1
x1Ret addr in f1
P rev Frame P tr l5l6
Saved regs in f2
Saved regs in mainl3l2
P rev Frame P tr
l4
l1
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 26/42
Wipro confidential 26
Scope ± Check your understanding now
Is scope of global and static variables clear?Following code is sequence is perfectly legal. H ow is it handled?
f1(int x, int y){
int abc = 0xdeadbeef;
printf(³%x\n´, abc);
{int abc = 0xc0ffee;
int x = 0x100;printf(³%x\, %xn´, abc, x);
}}(Clue: Local variables can get into stack or register)
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 27/42
Wipro confidential 27
Function Arguments ± Check your understandingnow
A new function named ³File1Func1´ is implemented in file1P rototype of the function is as follows
Int File1Func1();In file1, the function is implemented as follows:
Int File1Func1(int x, int y)
{ «..
}
In file2, this function is called as follows.
File1Func1(10,20,30);File1Func1 is called with 3 arguments, while theimplementation takes only two arguments. What will happennow?
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 28/42
Wipro confidential 28
Exercise 2: Stack tracing
You have a.o file and have a.h and b.ha.h contents are:
extern int func1(int x, int y);extern int func2(int x, int y);
b.h contents areextern int func3(int x, int y);
Given that calling sequence is:Main->func1->func2->func3
You got to implement b.c that has function func3func3 should print value of x passed to func1.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 29/42
Wipro confidential 29
Security issue ± Buffer O verflow on stack
main(int argc, char *argv[])
{ int flag;char filename[16];
if (argc != 2){
fprintf(stderr, "Usage: %s filename\n", argv[0]);exit(1);
}
«.flag = check_permission();
strcpy(filename, argv[1]); /* D epending upon argv[1], the return address could get corrupted */ ........if (flag == 0xdeadbeef){
/* execute the as root or deposit million dollars in a bank account */ }else{
/* execute the program as normal user, deduct $10 from an account */. }
} /* clever hacker will manage the argv[1] such that return address is changed to a desired location. Or he can change the value of flag
*/ /* typically entire binary program of ³undesired program´ is also passed as an argument, along with return address change */
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 30/42
Wipro confidential 30
Variable arguments in C
va_start(ap, num_args) Typically implemented as macro, justinitializes ap such that it points to first un-named argument. (Itwill use frame pointer + offset of second argument from fp toiniatialize ap)va_arg(ap, type) Returns an argument & updates apva_end(ap) Implementation specific cleanups.
Number of arguments should be known directly or indirectlymain: argc is the first argument that will tell number of argumentsP rintf: number of arguments are indirectly found from number of %in format argument
Type of the arguments should be knownmain: Strings (char *argv[])printf: character following % tells the argument type
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 31/42
Wipro confidential 31
Exercise 3: My P rintf Implementation
Implement myprintf(char *fmt, «) functionH andle %d, %x, %c and %s types in fmt string.
You can use putchar function to output a character on to thescreen.
If you use any other C library function, you must implementthem as well.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 32/42
Wipro confidential 32
Dynamic Memory allocation -- Internals
Dynamic memory allocation
Memory allocated from heapIn unix,heap typically comes after BSS areaBrk call is used to change the ³data segment´ memory allocated to a process
Each memory allocation needs additional overhead memory that is also takenfrom heap.Typical implementation, each allocation preceded by MCB (Memory controlBlocks)MCB structure
s truct MCB{
int i s_ava il ab le;int s ize;
};
Many approaches are there. Serious research topic.Space efficiency: Requested vs Allocated, Number of chunksSpeed: H ow quickly malloc/free can be executed. Critical in RT O S.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 33/42
Wipro confidential 33
Dynamic Memory Allocation
Main()
{
char *ptr1 = malloc(100);
char *ptr2 = malloc(200);
««.
free(ptr1);
«.
ptr1 = malloc(300);
«.
free(ptr1)
«.
ptr1 = malloc(50);«.
free(ptr1);
free(ptr2);
}
C ontrol
MC B 1: 0, 108 Allocation 1
MC B 2: 0, 208 Allocation 2Free Memory
Heap S tart
Heap End
Last allocation
ptr1
ptr2
Note:
When 100 bytes are requested, actually 100 bytes +sizeof(M C B ) has been utilized. M C B is the overhead.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 34/42
Wipro confidential 34
Dynamic Memory Allocation
Main()
{
char *ptr1 = malloc(100);
char *ptr2 = malloc(200);
««.
free(ptr1);
«.
ptr1 = malloc(300);
«.
free(ptr1)
«.
ptr1 = malloc(50);«.
free(ptr1);
free(ptr2);
}
C ontrol
MC B 1: 1, 108 Allocation 1
MC B 2: 0, 208 Allocation 2
Free Memory
Heap S tart
Heap End
Last allocation
ptr2
ptr1MC B 3: 0, 308
Allocation 3
Note:
free doesn¶t take size as the the argument. It iscalculated by accessing *(ptr1 ± sizeof(M C B ) +sizeof(int))
MC B 1 & allocation 1 remains intact even though it isnot allotted.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 35/42
Wipro confidential 35
Dynamic Memory Allocation
Main()
{
char *ptr1 = malloc(100);
char *ptr2 = malloc(200);
««.
free(ptr1);
«.
ptr1 = malloc(300);
«.
free(ptr1)
«.
ptr1 = malloc(50);«.
free(ptr1);
free(ptr2);
}
C ontrol
MC B 1: 0, 108 Allocation 1
MC B 2: 0, 208 Allocation 2
Free Memory
Heap S tart
Heap End
Last allocation
ptr2
ptr1
MC B 3: 1, 308
Allocation 3
Note:
First allocation is re-utilised. That is 100 bytes areallocated, when 50 bytes are requested.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 36/42
Wipro confidential 36
Dynamic Memory Allocation
Main()
{
char *ptr1 = malloc(100);
char *ptr2 = malloc(200);
««.
free(ptr1);
«.
ptr1 = malloc(300);
«.
free(ptr1)
«.
ptr1 = malloc(50);«.
free(ptr1);
free(ptr2);
}
C ontrol
MC B 1: 1, 108 Allocation 1
MC B 2: 1, 208 Allocation 2
Free Memory
Heap S tart
Heap End
Last allocation MC B 3: 1, 308
Allocation 3
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 37/42
Wipro confidential 37
P ros & cons of MCB approach
Simple and Very fastMCB overhead per allocationAllocation based on first match, rather than best match. (100bytes allocated, instead of 5 0 bytes)
ptr1=malloc(1024 * 1024); free(ptr1), ptr1=malloc(10); we would
allocate 1MB for 10 bytes.Improvements: free space could divided into chunks of fixed size.(typically in power of 2). This would limit the wastage.
In case of alignment issues, attach the excess bytes toprevious MCB.
Doesn¶t create new chunks, unless all previous allocatedchunks are used. Less fragmentation.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 38/42
Wipro confidential 38
Rainy day scenarios ± What happens now?
1. Lost memory ptr1=malloc(100); ptr1=malloc(200);2. D ouble free
ptr1=malloc(100);
free(ptr1);free(ptr1);3. Accessing memory after free
ptr1=malloc(10);free(ptr1)*(ptr1+9) = µ\0¶¶;4. Out of range access
ptr1=malloc(10);*(ptr1+10) = µ\0¶;
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 40/42
Wipro confidential 40
Security issue ± buffer overflow on heap
main(int argc, char *argv[]){
char *filename_p;
if (argc != 2){
fprintf(stderr, "Usage: %s filename\n", argv[0]);exit(1);
}filename_p = malloc(1024);
strcpy(filename, argv[1]); /* D epending upon argv[1], MCBs or even other areas canget corrupted */
.... }
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 41/42
Wipro confidential 41
Security issues ± Be aware
We need to write defensive program to escape security attacksKnow length of a string before you copy.A defence mechanism needed before using any size relatedinformation coming across network.Beware of D O S attacks.
If you write a server program, beware not to accept too manyconnections from same client in a short period.
8/8/2019 Advanced C v2
http://slidepdf.com/reader/full/advanced-c-v2 42/42
Wi fid ti l 42
Thank you.
Information contained and transmitted by this presentation is proprietary to Wipro Limited and is intended for use only by the individual or entity to which it is addressed,and contains information that is privileged, confidential or exempt from disclosure under applicable law.