University of Washington Today - … · University of Washington ... C: malloc() and ... Implicit:...

UniversityofWashington

Today

  Dynamicmemoryalloca7on  Sizeofdatastructuresmayonlybeknownatrun6me

  Needtoallocatespaceontheheap  Needtode‐allocate(free)unusedmemorysoitcanbere‐allocated

  Implementa7on  Implicitfreelists

  Explicitfreelists–subjectofnextprogrammingassignment  Segregatedfreelists

  Garbagecollec7on

  Commonmemory‐relatedbugsinCprograms

CSE351‐InauguralEdi7on‐Spring2010 1


ProcessMemoryImagekernelvirtualmemory

run‐7meheap(viamalloc)

programtext(.text)

ini7alizeddata(.data)

unini7alizeddata(.bss)

stack

0

%esp

memoryprotectedfromusercode

the“brk”ptr

Allocatorsrequestaddi7onalheapmemoryfromthekernelusingthesbrk()func7on:

error = sbrk(amt_more)



DynamicMemoryAlloca7on  Memoryallocator?

  VMhardwareandkernelallocatepages  Applica6onobjectsaretypicallysmaller  Allocatormanagesobjectswithinpages

  Explicitvs.ImplicitMemoryAllocator  Explicit:applica6onallocatesandfreesspace

  InC:malloc()andfree()

  Implicit:applica6onallocates,butdoesnotfreespace  InJava,ML,Lisp:garbagecollec6on

  Alloca7on  Amemoryallocatordolesoutmemoryblockstoapplica6on  A“block”isacon6guousrangeofbytesoftheappropriatesize

Applica7on

DynamicMemoryAllocator

HeapMemory



MallocPackage  #include <stdlib.h>

  void *malloc(size_t size)   Successful:

  Returnsapointertoamemoryblockofatleastsizebytes(typically)alignedto8‐byteboundary

  Ifsize == 0,returnsNULL  Unsuccessful:returnsNULL(0)andsetserrno(aglobalvariable)

  void free(void *p)   Returnstheblockpointedatbyptothepoolofavailablememory

  pmustcomefromapreviouscalltomalloc orrealloc

  void *realloc(void *p, size_t size)   Changessizeofblockpandreturnspointertonewblock  Contentsofnewblockunchangeduptominofoldandnewsize

  Oldblockhasbeenfree'd(logically,ifnew!=old)CSE351‐InauguralEdi7on‐Spring2010 4


MallocExamplevoid foo(int n, int m) { int i, *p;

/* allocate a block of n ints */ p = (int *)malloc(n * sizeof(int)); if (p == NULL) { perror("malloc"); exit(0); } for (i=0; i<n; i++) p[i] = i;

/* add m bytes to end of p block */ if ((p = (int *)realloc(p, (n+m) * sizeof(int))) == NULL) { perror("realloc"); exit(0); } for (i=n; i < n+m; i++) p[i] = i;

/* print new array */ for (i=0; i<n+m; i++) printf("%d\n", p[i]);

free(p); /* return p to available memory pool */ }



Assump7onsMadeinThisLecture

  Memoryiswordaddressed(eachwordcanholdapointer)

Allocatedblock(4words)

Freeblock(3words) Freeword

Allocatedword



Alloca7onExample

p1 = malloc(4)

p2 = malloc(5)

p3 = malloc(6)

free(p2)

p4 = malloc(2)



Constraints  Applica7ons

  Canissuearbitrarysequenceofmalloc()andfree()requests

  free()requestsmustbetoamalloc()’dblock

  Allocators  Can’tcontrolnumberorsizeofallocatedblocks

  Mustrespondimmediatelytomalloc()requests  i.e.,can’treorderorbufferrequests

  Mustallocateblocksfromfreememory

  i.e.,canonlyplaceallocatedblocksinfreememory

  Mustalignblockssotheysa6sfyallalignmentrequirements

  8bytealignmentforGNUmalloc(libcmalloc)onLinuxboxes  Canmanipulateandmodifyonlyfreememory

  Can’tmovetheallocatedblocksoncetheyaremalloc()’d

  i.e.,compac6onisnotallowedCSE351‐InauguralEdi7on‐Spring2010 8


PerformanceGoal:Throughput

  Givensomesequenceofmallocandfreerequests:  R0,R1,...,Rk,...,Rn‐1

  Goals:maximizethroughputandpeakmemoryu7liza7on  Thesegoalsareo\enconflic6ng

  Throughput:  Numberofcompletedrequestsperunit6me  Example:

  5,000malloc()callsand5,000free()callsin10seconds  Throughputis1,000opera6ons/second

  Howtodomalloc()andfree()inO(1)?What’stheproblem?



PerformanceGoal:PeakMemoryU7liza7on  Givensomesequenceofmallocandfreerequests:

  R0,R1,...,Rk,...,Rn‐1

  Def:AggregatepayloadPk  malloc(p)resultsinablockwithapayloadofpbytes  A\errequestRkhascompleted,theaggregatepayloadPkisthesumof

currentlyallocatedpayloads  allmalloc()’dstuffminusallfree()’dstuff

  Def:Currentheapsize=Hk  AssumeHkismonotonicallynondecreasing

  Allocatorcanincreasesizeofheapusingsbrk()

  Def:PeakmemoryuIlizaIonaJerkrequests  Uk=(maxi<kPi)/Hk



Fragmenta7on

  Poormemoryu7liza7oncausedbyfragmentaIon  internalfragmenta6on  externalfragmenta6on



InternalFragmenta7on  Foragivenblock,internalfragmentaIonoccursifpayloadis

smallerthanblocksize

  Causedby  overheadofmaintainingheapdatastructures  paddingforalignmentpurposes  explicitpolicydecisions

(e.g.,toreturnabigblocktosa6sfyasmallrequest)

  Dependsonlyonthepaêrnofpreviousrequests  thus,easytomeasure

payloadInternalfragmenta7on

block

Internalfragmenta7on



ExternalFragmenta7on

  Occurswhenthereisenoughaggregateheapmemory,butnosinglefreeblockislargeenough

  Dependsonthepaêrnoffuturerequests  Thus,difficulttomeasure

p1 = malloc(4)

p2 = malloc(5)

p3 = malloc(6)

free(p2)

p4 = malloc(6) Oops!(whatwouldhappennow?)



Implementa7onIssues

  Howtoknowhowmuchmemoryisbeingfree()’dwhenitisgivenonlyapointer(andnolength)?

  Howtokeeptrackofthefreeblocks?

  Whattodowithextraspacewhenalloca7ngablockthatissmallerthanthefreeblockitisplacedin?

  Howtopickablocktouseforalloca7on—manymightfit?

  Howtoreinsertafreedblockintotheheap?



KnowingHowMuchtoFree

  Standardmethod  Keepthelengthofablockinthewordprecedingtheblock.

  Thiswordiso\encalledtheheaderfieldorheader  Requiresanextrawordforeveryallocatedblock

free(p0)

p0 = malloc(4)

p0

blocksize data

5



KeepingTrackofFreeBlocks  Method1:Implicitlistusinglength—linksallblocks

  Method2:Explicitlistamongthefreeblocksusingpointers

  Method3:Segregatedfreelist  Differentfreelistsfordifferentsizeclasses

  Method4:Blockssortedbysize  Canuseabalancedbinarytree(e.g.red‐blacktree)withpointers

withineachfreeblock,andthelengthusedasakey

5 4 26

5 4 26



ImplicitList  Foreachblockweneed:length,is‐allocated?

  Couldstorethisinforma6onintwowords:wasteful!

  Standardtrick  Ifblocksarealigned,somelow‐orderaddressbitsarealways0

  Insteadofstoringanalways‐0bit,useitasaallocated/freeflag  Whenreadingsizeword,mustmaskoutthisbit

size

1word

Formatofallocatedandfreeblocks

payload

a=1:allocatedblocka=0:freeblock

size:blocksize

payload:applica7ondata(allocatedblocksonly)

a

op7onalpadding



Example

  8‐bytealignment  Mayrequireini6alunusedword

  Causessomeinternalfragmenta6on

  Oneword(0/1)tomarkendoflist

  Here:blocksizeinwordsforsimplicity

2/0 4/1 8/0 4/1 0/1

Freeword

Allocatedword

Allocatedwordunused

Startofheap

8bytes=2wordalignment

Sequenceofblocksinheap:2/0,4/1,8/0,4/1



ImplicitList:FindingaFreeBlock  Firstfit:

  Searchlistfrombeginning,choosefirstfreeblockthatfits:(Cost?)

  Cantakelinear6meintotalnumberofblocks(allocatedandfree)  Inprac6ceitcancause“splinters”atbeginningoflist

  Nextfit:  Likefirst‐fit,butsearchliststar6ngwhereprevioussearchfinished  Shouldo\enbefasterthanfirst‐fit:avoidsre‐scanningunhelpfulblocks  Someresearchsuggeststhatfragmenta6onisworse

  Bestfit:  Searchthelist,choosethebestfreeblock:fits,withfewestbytesle\over  Keepsfragmentssmall—usuallyhelpsfragmenta6on  Willtypicallyrunslowerthanfirst‐fit

p = start; while ((p < end) && \\ not passed end ((*p & 1) || \\ already allocated (*p <= len))) \\ too small p = p + (*p & -2); \\ goto next block (word addressed)



ImplicitList:Alloca7nginFreeBlock  Alloca7nginafreeblock:spliUng

  Sinceallocatedspacemightbesmallerthanfreespace,wemightwanttosplittheblock

void addblock(ptr p, int len) { int newsize = ((len + 1) >> 1) << 1; // round up to even int oldsize = *p & -2; // mask out low bit *p = newsize | 1; // set new length if (newsize < oldsize) *(p+newsize) = oldsize - newsize; // set length in remaining } // part of block

4 4 26

4 24

p

24

addblock(p, 4)



ImplicitList:Alloca7nginFreeBlock  Alloca7nginafreeblock:spliUng

  Sinceallocatedspacemightbesmallerthanfreespace,wemightwanttosplittheblock

void addblock(ptr p, int len) { int newsize = ((len + 1) >> 1) << 1; // round up to even int oldsize = *p & -2; // mask out low bit *p = newsize | 1; // set new length if (newsize < oldsize) *(p+newsize) = oldsize - newsize; // set length in remaining } // part of block

4 4 26

4 24

p

24

addblock(p, 4)



ImplicitList:FreeingaBlock  Simplestimplementa7on:

  Needonlyclearthe“allocated”flag void free_block(ptr p) { *p = *p & -2 }

  Butcanleadto“falsefragmenta6on”

Thereisenoughfreespace,buttheallocatorwon’tbeabletofindit

4 24 2

free(p) p

4 4 2

4

4 2

malloc(5) Oops!



ImplicitList:Coalescing  Join(coalesce)withnext/previousblocks,iftheyarefree

  Coalescingwithnextblock

  Buthowdowecoalescewithpreviousblock?

void free_block(ptr p) { *p = *p & -2; // clear allocated flag next = p + *p; // find next block if ((*next & 1) == 0) *p = *p + *next; // add to this block if } // not allocated

4 24 2

free(p) p

4 4 2

4

6 2

logicallygone



ImplicitList:Bidirec7onalCoalescing  Boundarytags[Knuth73]

  Replicatesize/allocatedwordat“booom”(end)offreeblocks  Allowsustotraversethe“list”backwards,butrequiresextraspace  Importantandgeneraltechnique!

size

Formatofallocatedandfreeblocks

payloadandpadding

a=1:allocatedblocka=0:freeblock

size:totalblocksize

payload:applica7ondata(allocatedblocksonly)

a

size aBoundarytag(footer)

4 4 4 4 6 46 4

Header



ConstantTimeCoalescing

allocated

allocated

allocated

free

free

allocated

free

free

blockbeingfreed

Case1 Case2 Case3 Case4



ConstantTimeCoalescingm1 1

m1 1n 1

n 1m2 1

m2 1

m1 1

m1 1n 0

n 0m2 1

m2 1


m1 1

m1 1n+m2 0

n+m2 0

m1 1

m1 1n 1

n 1m2 0

m2 0

m1 0

m1 0n 1

n 1m2 1

m2 1

n+m1 0

n+m1 0m2 1

m2 1

m1 0

m1 0n 1

n 1m2 0

m2 0

n+m1+m2 0

n+m1+m2 0


ImplicitLists:Summary  Implementa7on:verysimple  Allocatecost:

  linear6meworstcase  Freecost:

  constant6meworstcase  evenwithcoalescing

  Memoryusage:  willdependonplacementpolicy  First‐fit,next‐fitorbest‐fit

  Notusedinprac7ceformalloc()/free()becauseoflinear‐7mealloca7on  usedinmanyspecialpurposeapplica6ons

  Theconceptsofsplijngandboundarytagcoalescingaregeneraltoallallocators



KeepingTrackofFreeBlocks  Method1:Implicitfreelistusinglength—linksallblocks

  Method2:Explicitfreelistamongthefreeblocksusingpointers


  Method4:Blockssortedbysize  Canuseabalancedtree(e.g.Red‐Blacktree)withpointerswithineach

freeblock,andthelengthusedasakey

5 4 26

5 4 26



ExplicitFreeLists

  Maintainlist(s)offreeblocks,notallblocks  The“next”freeblockcouldbeanywhere

  Soweneedtostoreforward/backpointers,notjustsizes  S6llneedboundarytagsforcoalescing  Luckilywetrackonlyfreeblocks,sowecanusepayloadarea

size

payloadandpadding

a

size a

size a

size a

next

prev

Allocated(asbefore) Free



ExplicitFreeLists  Logically(doubly‐linkedlists):

  Physically:blockscanbeinanyorder

A B C

4 4 4 4 66 44 4 4

Forward(next)links

Back(prev)links

A B

C



Alloca7ngFromExplicitFreeLists

Before

AJer

= malloc(…)

(withspliUng)

conceptualgraphic



FreeingWithExplicitFreeLists  InserIonpolicy:Whereinthefreelistdoyouputanewly

freedblock?  LIFO(last‐in‐first‐out)policy

  Insertfreedblockatthebeginningofthefreelist

  Pro:simpleandconstant6me

  Con:studiessuggestfragmenta6onisworsethanaddressordered

  Address‐orderedpolicy  Insertfreedblockssothatfreelistblocksarealwaysinaddressorder:

addr(prev)<addr(curr)<addr(next)

  Con:requiressearch

  Pro:studiessuggestfragmenta6onislowerthanLIFO



FreeingWithaLIFOPolicy(Case1)

  Insertthefreedblockattherootofthelist

free( )

Root

Root

Before

AJer

conceptualgraphic




  Spliceoutpredecessorblock,coalescebothmemoryblocks,andinsertthenewblockattherootofthelist

free( )

Root

Root

Before

AJer

conceptualgraphic




  Spliceoutsuccessorblock,coalescebothmemoryblocksandinsertthenewblockattherootofthelist

free( )

Root

Root

Before

AJer

conceptualgraphic




  Spliceoutpredecessorandsuccessorblocks,coalesceall3memoryblocksandinsertthenewblockattherootofthelist

free( )

Root

Root

Before

AJer

conceptualgraphic



ExplicitListSummary  Comparisontoimplicitlist:

  Allocateislinear6meinnumberoffreeblocksinsteadofallblocks

  Muchfasterwhenmostofthememoryisfull

  Slightlymorecomplicatedallocateandfreesinceneedstospliceblocksinandoutofthelist

  Someextraspaceforthelinks(2extrawordsneededforeachblock)

  Doesthisincreaseinternalfragmenta6on?

  Mostcommonuseoflinkedlistsisinconjunc7onwithsegregatedfreelists  Keepmul6plelinkedlistsofdifferentsizeclasses,orpossiblyfor

differenttypesofobjects



KeepingTrackofFreeBlocks  Method1:Implicitlistusinglength—linksallblocks

  Method2:Explicitlistamongthefreeblocksusingpointers


  Method4:Blockssortedbysize  Canuseabalancedtree(e.g.Red‐Blacktree)withpointerswithineach

freeblock,andthelengthusedasakey

5 4 26

5 4 26



SegregatedList(Seglist)Allocators  Eachsizeclassofblockshasitsownfreelist

  Omenhaveseparateclassesforeachsmallsize  Forlargersizes:Oneclassforeachtwo‐powersize

1‐2

3

4

5‐8

9‐inf



SeglistAllocator  Givenanarrayoffreelists,eachoneforsomesizeclass

  Toallocateablockofsizen:  Searchappropriatefreelistforblockofsizem>n  Ifanappropriateblockisfound:

  Splitblockandplacefragmentonappropriatelist(op6onal)  Ifnoblockisfound,trynextlargerclass  Repeatun6lblockisfound

  Ifnoblockisfound:  Requestaddi6onalheapmemoryfromOS(usingsbrk())  Allocateblockofnbytesfromthisnewmemory  Placeremainderasasinglefreeblockinlargestsizeclass



SeglistAllocator(cont.)  Tofreeablock:

  Coalesceandplaceonappropriatelist(op6onal)

  Advantagesofseglistallocators  Higherthroughput

  log6meforpower‐of‐twosizeclasses  Beoermemoryu6liza6on

  First‐fitsearchofsegregatedfreelistapproximatesabest‐fitsearchofen6reheap.

  Extremecase:Givingeachblockitsownsizeclassisequivalenttobest‐fit.



SummaryofKeyAllocatorPolicies  Placementpolicy:

  First‐fit,next‐fit,best‐fit,etc.  Tradesofflowerthroughputforlessfragmenta6on   InteresIngobservaIon:segregatedfreelistsapproximateabestfit

placementpolicywithouthavingtosearchen6refreelist

  Splijngpolicy:  Whendowegoaheadandsplitfreeblocks?  Howmuchinternalfragmenta6onarewewillingtotolerate?

  Coalescingpolicy:  Immediatecoalescing:coalesceeach6mefree()iscalled  Deferredcoalescing:trytoimproveperformanceoffree()by

deferringcoalescingun6lneeded.Examples:  Coalesceasyouscanthefreelistformalloc()  Coalescewhentheamountofexternalfragmenta6onreachessomethreshold



ImplicitMemoryManagement:GarbageCollec7on  GarbagecollecIon:automa7creclama7onofheap‐allocated

storage—applica7onneverhastofree

  Commoninfunc7onallanguages,scrip7nglanguages,andmodernobjectorientedlanguages:  Lisp,ML,Java,Perl,Mathema6ca

  Variants(“conserva7ve”garbagecollectors)existforCandC++  However,cannotnecessarilycollectallgarbage

void foo() { int *p = malloc(128); return; /* p block is now garbage */ }



GarbageCollec7on

  Howdoesthememorymanagerknowwhenmemorycanbefreed?  Ingeneral,wecannotknowwhatisgoingtobeusedinthefuturesinceit

dependsoncondi6onals  But,wecantellthatcertainblockscannotbeusedifthereareno

pointerstothem

  Mustmakecertainassump7onsaboutpointers  Memorymanagercandis6nguishpointersfromnon‐pointers  Allpointerspointtothestartofablockintheheap  Cannothidepointers

(e.g.,bycas6ng(coercing)themtoanint,andthenbackagain)



ClassicalGCAlgorithms  Mark‐and‐sweepcollec7on(McCarthy,1960)

  Doesnotmoveblocks(unlessyoualso“compact”)

  Referencecoun7ng(Collins,1960)  Doesnotmoveblocks(notdiscussed)

  Copyingcollec7on(Minsky,1963)  Movesblocks(notdiscussed)

  Genera7onalCollectors(LiebermanandHewi^,1983)  Collec6onbasedonlife6mes

  Mostalloca6onsbecomegarbageverysoon

  Sofocusreclama6onworkonzonesofmemoryrecentlyallocated

  Formoreinforma7on:JonesandLin,“GarbageCollecIon:AlgorithmsforAutomaIcDynamicMemory”,JohnWiley&Sons,1996.



MemoryasaGraph  Weviewmemoryasadirectedgraph

  Eachblockisanodeinthegraph  Eachpointerisanedgeinthegraph  Loca6onsnotintheheapthatcontainpointersintotheheaparecalled

rootnodes(e.g.registers,loca6onsonthestack,globalvariables)

Rootnodes

Heapnodes

Not‐reachable(garbage)

reachable

Anode(block)isreachableifthereisapathfromanyroottothatnode

Non‐reachablenodesaregarbage(cannotbeneededbytheapplica7on)CSE351‐InauguralEdi7on‐Spring2010 46


MarkandSweepCollec7ng  Canbuildontopofmalloc/freepackage

  Allocateusingmallocun6lyou“runoutofspace”

  Whenoutofspace:  Useextramarkbitintheheadofeachblock

  Mark:Startatrootsandsetmarkbitoneachreachableblock

  Sweep:Scanallblocksandfreeblocksthatarenotmarked

Beforemark

root

AJermark

AJersweep free

Markbitset

free



Assump7onsForaSimpleImplementa7on  Applica7on

  new(n):returnspointertonewblockwithallloca6onscleared  read(b,i):readloca6oniofblockbintoregister  write(b,i,v): writevintoloca6oniofblockb

  Eachblockwillhaveaheaderword  Addressedasb[-1],forablockb

  Instruc7onsusedbytheGarbageCollector  is_ptr(p):determineswhetherpisapointer  length(b):returnsthelengthofblockb,notincludingtheheader  get_roots():returnsalltheroots



MarkandSweep(cont.)

ptr mark(ptr p) { if (!is_ptr(p)) return; // do nothing if not pointer if (markBitSet(p)) return; // check if already marked setMarkBit(p); // set the mark bit for (i=0; i < length(p); i++) // recursively call mark on mark(p[i]); // all words in the block return; }

Markusingdepth‐firsttraversalofthememorygraph

Sweepusinglengthstofindnextblockptr sweep(ptr p, ptr end) { while (p < end) { if markBitSet(p) clearMarkBit(); else if (allocateBitSet(p)) free(p); p += length(p); }



Conserva7veMark&SweepinC  A“conserva7vegarbagecollector”forCprograms

  is_ptr()determinesifawordisapointerbycheckingifitpointstoanallocatedblockofmemory

  But,inCpointerscanpointtothemiddleofablock

  Sohowtofindthebeginningoftheblock?  Canuseabalancedbinarytreetokeeptrackofallallocatedblocks

(keyisstart‐of‐block)

  Balanced‐treepointerscanbestoredinheader(usetwoaddi6onalwords)

header

ptr

head data

lem right

sizeLem:smalleraddressesRight:largeraddresses



Memory‐RelatedPerilsandPipalls  Dereferencingbadpointers  Readingunini7alizedmemory  Overwri7ngmemory  Referencingnonexistentvariables  Freeingblocksmul7ple7mes  Referencingfreedblocks  Failingtofreeblocks



DereferencingBadPointers  Theclassicscanfbug

int val;

...

scanf(“%d”, val);



ReadingUnini7alizedMemory  Assumingthatheapdataisini7alizedtozero

/* return y = Ax */ int *matvec(int **A, int *x) { int *y = malloc( N * sizeof(int) ); int i, j;

for (i=0; i<N; i++) for (j=0; j<N; j++) y[i] += A[i][j] * x[j]; return y; }



Overwri7ngMemory  Alloca7ngthe(possibly)wrongsizedobject

int **p;

p = malloc( N * sizeof(int) );

for (i=0; i<N; i++) { p[i] = malloc( M * sizeof(int) ); }



Overwri7ngMemory  Off‐by‐oneerror

int **p;

p = malloc( N * sizeof(int *) );

for (i=0; i<=N; i++) { p[i] = malloc( M * sizeof(int) ); }



Overwri7ngMemory  Notcheckingthemaxstringsize

  Basisforclassicbufferoverflowaâcks  Yourlastassignment

char s[8]; int i;

gets(s); /* reads “123456789” from stdin */



Overwri7ngMemory  Misunderstandingpointerarithme7c

int *search(int *p, int val) {

while (*p && *p != val) p += sizeof(int);

return p; }



ReferencingNonexistentVariables  Forgejngthatlocalvariablesdisappearwhenafunc7on

returns

int *foo () { int val;

return &val; }



FreeingBlocksMul7pleTimes  Nasty!

  Whatdoesthefreelistlooklike?

x = malloc( N * sizeof(int) ); <manipulate x> free(x);

y = malloc( M * sizeof(int) ); <manipulate y> free(x);


x = malloc( N * sizeof(int) ); <manipulate x> free(x); free(x);


ReferencingFreedBlocks  Evil!

x = malloc( N * sizeof(int) ); <manipulate x> free(x); ... y = malloc( M * sizeof(int) ); for (i=0; i<M; i++) y[i] = x[i]++;



FailingtoFreeBlocks(MemoryLeaks)  Slow,silent,long‐termkiller!

foo() { int *x = malloc(N*sizeof(int)); ... return; }



Toomuchisreachable

  Markprocedureisrecursive  Willwehaveenoughstackspace?

  Wearegarbagecollec7ngbecausewearerunningoutofmemory,right?



FailingtoFreeBlocks(MemoryLeaks)  Freeingonlypartofadatastructure

struct list { int val; struct list *next; };

foo() { struct list *head = malloc( sizeof(struct list) ); head->val = 0; head->next = NULL; <create and manipulate the rest of the list> ... free(head); return; }



Overwri7ngMemory  Referencingapointerinsteadoftheobjectitpointsto

int *getPacket(int **packets, int *size) { int *packet; packet = packets[0]; packets[0] = packets[*size - 1]; *size--; // what is happening here? reorderPackets(packets, *size, 0); return(packet); }



DealingWithMemoryBugs  Conven7onaldebugger(gdb)

  Goodforfindingbadpointerdereferences  Hardtodetecttheothermemorybugs

  Debuggingmalloc(UTorontoCSRImalloc)  Wrapperaroundconven6onalmalloc   Detectsmemorybugsatmallocandfree boundaries

  Memoryoverwritesthatcorruptheapstructures  Someinstancesoffreeingblocksmul6ple6mes  Memoryleaks

  Cannotdetectallmemorybugs  Overwritesintothemiddleofallocatedblocks  Freeingblocktwicethathasbeenreallocatedintheinterim  Referencingfreedblocks


Date post:	06-Sep-2018
Category:	Documents
Upload:	voliem
View:	213 times
Download:	0 times

University of Washington Today - … · University of Washington ... C: malloc() and ... Implicit:...

Documents