university of washington today - … · university of washington ... c: malloc() and ... implicit:...
TRANSCRIPT
UniversityofWashington
Today
Dynamicmemoryalloca7on Sizeofdatastructuresmayonlybeknownatrun6me
Needtoallocatespaceontheheap Needtode‐allocate(free)unusedmemorysoitcanbere‐allocated
Implementa7on Implicitfreelists
Explicitfreelists–subjectofnextprogrammingassignment Segregatedfreelists
Garbagecollec7on
Commonmemory‐relatedbugsinCprograms
CSE351‐InauguralEdi7on‐Spring2010 1
UniversityofWashington
ProcessMemoryImagekernelvirtualmemory
run‐7meheap(viamalloc)
programtext(.text)
ini7alizeddata(.data)
unini7alizeddata(.bss)
stack
0
%esp
memoryprotectedfromusercode
the“brk”ptr
Allocatorsrequestaddi7onalheapmemoryfromthekernelusingthesbrk()func7on:
error = sbrk(amt_more)
CSE351‐InauguralEdi7on‐Spring2010 2
UniversityofWashington
DynamicMemoryAlloca7on Memoryallocator?
VMhardwareandkernelallocatepages Applica6onobjectsaretypicallysmaller Allocatormanagesobjectswithinpages
Explicitvs.ImplicitMemoryAllocator Explicit:applica6onallocatesandfreesspace
InC:malloc()andfree()
Implicit:applica6onallocates,butdoesnotfreespace InJava,ML,Lisp:garbagecollec6on
Alloca7on Amemoryallocatordolesoutmemoryblockstoapplica6on A“block”isacon6guousrangeofbytesoftheappropriatesize
Applica7on
DynamicMemoryAllocator
HeapMemory
CSE351‐InauguralEdi7on‐Spring2010 3
UniversityofWashington
MallocPackage #include <stdlib.h>
void *malloc(size_t size) Successful:
Returnsapointertoamemoryblockofatleastsizebytes(typically)alignedto8‐byteboundary
Ifsize == 0,returnsNULL Unsuccessful:returnsNULL(0)andsetserrno(aglobalvariable)
void free(void *p) Returnstheblockpointedatbyptothepoolofavailablememory
pmustcomefromapreviouscalltomalloc orrealloc
void *realloc(void *p, size_t size) Changessizeofblockpandreturnspointertonewblock Contentsofnewblockunchangeduptominofoldandnewsize
Oldblockhasbeenfree'd(logically,ifnew!=old)CSE351‐InauguralEdi7on‐Spring2010 4
UniversityofWashington
MallocExamplevoid foo(int n, int m) { int i, *p;
/* allocate a block of n ints */ p = (int *)malloc(n * sizeof(int)); if (p == NULL) { perror("malloc"); exit(0); } for (i=0; i<n; i++) p[i] = i;
/* add m bytes to end of p block */ if ((p = (int *)realloc(p, (n+m) * sizeof(int))) == NULL) { perror("realloc"); exit(0); } for (i=n; i < n+m; i++) p[i] = i;
/* print new array */ for (i=0; i<n+m; i++) printf("%d\n", p[i]);
free(p); /* return p to available memory pool */ }
CSE351‐InauguralEdi7on‐Spring2010 5
UniversityofWashington
Assump7onsMadeinThisLecture
Memoryiswordaddressed(eachwordcanholdapointer)
Allocatedblock(4words)
Freeblock(3words) Freeword
Allocatedword
CSE351‐InauguralEdi7on‐Spring2010 6
UniversityofWashington
Alloca7onExample
p1 = malloc(4)
p2 = malloc(5)
p3 = malloc(6)
free(p2)
p4 = malloc(2)
CSE351‐InauguralEdi7on‐Spring2010 7
UniversityofWashington
Constraints Applica7ons
Canissuearbitrarysequenceofmalloc()andfree()requests
free()requestsmustbetoamalloc()’dblock
Allocators Can’tcontrolnumberorsizeofallocatedblocks
Mustrespondimmediatelytomalloc()requests i.e.,can’treorderorbufferrequests
Mustallocateblocksfromfreememory
i.e.,canonlyplaceallocatedblocksinfreememory
Mustalignblockssotheysa6sfyallalignmentrequirements
8bytealignmentforGNUmalloc(libcmalloc)onLinuxboxes Canmanipulateandmodifyonlyfreememory
Can’tmovetheallocatedblocksoncetheyaremalloc()’d
i.e.,compac6onisnotallowedCSE351‐InauguralEdi7on‐Spring2010 8
UniversityofWashington
PerformanceGoal:Throughput
Givensomesequenceofmallocandfreerequests: R0,R1,...,Rk,...,Rn‐1
Goals:maximizethroughputandpeakmemoryu7liza7on Thesegoalsareo\enconflic6ng
Throughput: Numberofcompletedrequestsperunit6me Example:
5,000malloc()callsand5,000free()callsin10seconds Throughputis1,000opera6ons/second
Howtodomalloc()andfree()inO(1)?What’stheproblem?
CSE351‐InauguralEdi7on‐Spring2010 9
UniversityofWashington
PerformanceGoal:PeakMemoryU7liza7on Givensomesequenceofmallocandfreerequests:
R0,R1,...,Rk,...,Rn‐1
Def:AggregatepayloadPk malloc(p)resultsinablockwithapayloadofpbytes A\errequestRkhascompleted,theaggregatepayloadPkisthesumof
currentlyallocatedpayloads allmalloc()’dstuffminusallfree()’dstuff
Def:Currentheapsize=Hk AssumeHkismonotonicallynondecreasing
Allocatorcanincreasesizeofheapusingsbrk()
Def:PeakmemoryuIlizaIonaJerkrequests Uk=(maxi<kPi)/Hk
CSE351‐InauguralEdi7on‐Spring2010 10
UniversityofWashington
Fragmenta7on
Poormemoryu7liza7oncausedbyfragmentaIon internalfragmenta6on externalfragmenta6on
CSE351‐InauguralEdi7on‐Spring2010 11
UniversityofWashington
InternalFragmenta7on Foragivenblock,internalfragmentaIonoccursifpayloadis
smallerthanblocksize
Causedby overheadofmaintainingheapdatastructures paddingforalignmentpurposes explicitpolicydecisions
(e.g.,toreturnabigblocktosa6sfyasmallrequest)
Dependsonlyonthepa^ernofpreviousrequests thus,easytomeasure
payloadInternalfragmenta7on
block
Internalfragmenta7on
CSE351‐InauguralEdi7on‐Spring2010 12
UniversityofWashington
ExternalFragmenta7on
Occurswhenthereisenoughaggregateheapmemory,butnosinglefreeblockislargeenough
Dependsonthepa^ernoffuturerequests Thus,difficulttomeasure
p1 = malloc(4)
p2 = malloc(5)
p3 = malloc(6)
free(p2)
p4 = malloc(6) Oops!(whatwouldhappennow?)
CSE351‐InauguralEdi7on‐Spring2010 13
UniversityofWashington
Implementa7onIssues
Howtoknowhowmuchmemoryisbeingfree()’dwhenitisgivenonlyapointer(andnolength)?
Howtokeeptrackofthefreeblocks?
Whattodowithextraspacewhenalloca7ngablockthatissmallerthanthefreeblockitisplacedin?
Howtopickablocktouseforalloca7on—manymightfit?
Howtoreinsertafreedblockintotheheap?
CSE351‐InauguralEdi7on‐Spring2010 14
UniversityofWashington
KnowingHowMuchtoFree
Standardmethod Keepthelengthofablockinthewordprecedingtheblock.
Thiswordiso\encalledtheheaderfieldorheader Requiresanextrawordforeveryallocatedblock
free(p0)
p0 = malloc(4)
p0
blocksize data
5
CSE351‐InauguralEdi7on‐Spring2010 15
UniversityofWashington
KeepingTrackofFreeBlocks Method1:Implicitlistusinglength—linksallblocks
Method2:Explicitlistamongthefreeblocksusingpointers
Method3:Segregatedfreelist Differentfreelistsfordifferentsizeclasses
Method4:Blockssortedbysize Canuseabalancedbinarytree(e.g.red‐blacktree)withpointers
withineachfreeblock,andthelengthusedasakey
5 4 26
5 4 26
CSE351‐InauguralEdi7on‐Spring2010 16
UniversityofWashington
ImplicitList Foreachblockweneed:length,is‐allocated?
Couldstorethisinforma6onintwowords:wasteful!
Standardtrick Ifblocksarealigned,somelow‐orderaddressbitsarealways0
Insteadofstoringanalways‐0bit,useitasaallocated/freeflag Whenreadingsizeword,mustmaskoutthisbit
size
1word
Formatofallocatedandfreeblocks
payload
a=1:allocatedblocka=0:freeblock
size:blocksize
payload:applica7ondata(allocatedblocksonly)
a
op7onalpadding
CSE351‐InauguralEdi7on‐Spring2010 17
UniversityofWashington
Example
8‐bytealignment Mayrequireini6alunusedword
Causessomeinternalfragmenta6on
Oneword(0/1)tomarkendoflist
Here:blocksizeinwordsforsimplicity
2/0 4/1 8/0 4/1 0/1
Freeword
Allocatedword
Allocatedwordunused
Startofheap
8bytes=2wordalignment
Sequenceofblocksinheap:2/0,4/1,8/0,4/1
CSE351‐InauguralEdi7on‐Spring2010 18
UniversityofWashington
ImplicitList:FindingaFreeBlock Firstfit:
Searchlistfrombeginning,choosefirstfreeblockthatfits:(Cost?)
Cantakelinear6meintotalnumberofblocks(allocatedandfree) Inprac6ceitcancause“splinters”atbeginningoflist
Nextfit: Likefirst‐fit,butsearchliststar6ngwhereprevioussearchfinished Shouldo\enbefasterthanfirst‐fit:avoidsre‐scanningunhelpfulblocks Someresearchsuggeststhatfragmenta6onisworse
Bestfit: Searchthelist,choosethebestfreeblock:fits,withfewestbytesle\over Keepsfragmentssmall—usuallyhelpsfragmenta6on Willtypicallyrunslowerthanfirst‐fit
p = start; while ((p < end) && \\ not passed end ((*p & 1) || \\ already allocated (*p <= len))) \\ too small p = p + (*p & -2); \\ goto next block (word addressed)
CSE351‐InauguralEdi7on‐Spring2010 19
UniversityofWashington
ImplicitList:Alloca7nginFreeBlock Alloca7nginafreeblock:spliUng
Sinceallocatedspacemightbesmallerthanfreespace,wemightwanttosplittheblock
void addblock(ptr p, int len) { int newsize = ((len + 1) >> 1) << 1; // round up to even int oldsize = *p & -2; // mask out low bit *p = newsize | 1; // set new length if (newsize < oldsize) *(p+newsize) = oldsize - newsize; // set length in remaining } // part of block
4 4 26
4 24
p
24
addblock(p, 4)
CSE351‐InauguralEdi7on‐Spring2010 20
UniversityofWashington
ImplicitList:Alloca7nginFreeBlock Alloca7nginafreeblock:spliUng
Sinceallocatedspacemightbesmallerthanfreespace,wemightwanttosplittheblock
void addblock(ptr p, int len) { int newsize = ((len + 1) >> 1) << 1; // round up to even int oldsize = *p & -2; // mask out low bit *p = newsize | 1; // set new length if (newsize < oldsize) *(p+newsize) = oldsize - newsize; // set length in remaining } // part of block
4 4 26
4 24
p
24
addblock(p, 4)
CSE351‐InauguralEdi7on‐Spring2010 21
UniversityofWashington
ImplicitList:FreeingaBlock Simplestimplementa7on:
Needonlyclearthe“allocated”flag void free_block(ptr p) { *p = *p & -2 }
Butcanleadto“falsefragmenta6on”
Thereisenoughfreespace,buttheallocatorwon’tbeabletofindit
4 24 2
free(p) p
4 4 2
4
4 2
malloc(5) Oops!
CSE351‐InauguralEdi7on‐Spring2010 22
UniversityofWashington
ImplicitList:Coalescing Join(coalesce)withnext/previousblocks,iftheyarefree
Coalescingwithnextblock
Buthowdowecoalescewithpreviousblock?
void free_block(ptr p) { *p = *p & -2; // clear allocated flag next = p + *p; // find next block if ((*next & 1) == 0) *p = *p + *next; // add to this block if } // not allocated
4 24 2
free(p) p
4 4 2
4
6 2
logicallygone
CSE351‐InauguralEdi7on‐Spring2010 23
UniversityofWashington
ImplicitList:Bidirec7onalCoalescing Boundarytags[Knuth73]
Replicatesize/allocatedwordat“booom”(end)offreeblocks Allowsustotraversethe“list”backwards,butrequiresextraspace Importantandgeneraltechnique!
size
Formatofallocatedandfreeblocks
payloadandpadding
a=1:allocatedblocka=0:freeblock
size:totalblocksize
payload:applica7ondata(allocatedblocksonly)
a
size aBoundarytag(footer)
4 4 4 4 6 46 4
Header
CSE351‐InauguralEdi7on‐Spring2010 24
UniversityofWashington
ConstantTimeCoalescing
allocated
allocated
allocated
free
free
allocated
free
free
blockbeingfreed
Case1 Case2 Case3 Case4
CSE351‐InauguralEdi7on‐Spring2010 25
UniversityofWashington
ConstantTimeCoalescingm1 1
m1 1n 1
n 1m2 1
m2 1
m1 1
m1 1n 0
n 0m2 1
m2 1
CSE351‐InauguralEdi7on‐Spring2010 26
m1 1
m1 1n+m2 0
n+m2 0
m1 1
m1 1n 1
n 1m2 0
m2 0
m1 0
m1 0n 1
n 1m2 1
m2 1
n+m1 0
n+m1 0m2 1
m2 1
m1 0
m1 0n 1
n 1m2 0
m2 0
n+m1+m2 0
n+m1+m2 0
UniversityofWashington
ImplicitLists:Summary Implementa7on:verysimple Allocatecost:
linear6meworstcase Freecost:
constant6meworstcase evenwithcoalescing
Memoryusage: willdependonplacementpolicy First‐fit,next‐fitorbest‐fit
Notusedinprac7ceformalloc()/free()becauseoflinear‐7mealloca7on usedinmanyspecialpurposeapplica6ons
Theconceptsofsplijngandboundarytagcoalescingaregeneraltoallallocators
CSE351‐InauguralEdi7on‐Spring2010 27
UniversityofWashington
KeepingTrackofFreeBlocks Method1:Implicitfreelistusinglength—linksallblocks
Method2:Explicitfreelistamongthefreeblocksusingpointers
Method3:Segregatedfreelist Differentfreelistsfordifferentsizeclasses
Method4:Blockssortedbysize Canuseabalancedtree(e.g.Red‐Blacktree)withpointerswithineach
freeblock,andthelengthusedasakey
5 4 26
5 4 26
CSE351‐InauguralEdi7on‐Spring2010 28
UniversityofWashington
ExplicitFreeLists
Maintainlist(s)offreeblocks,notallblocks The“next”freeblockcouldbeanywhere
Soweneedtostoreforward/backpointers,notjustsizes S6llneedboundarytagsforcoalescing Luckilywetrackonlyfreeblocks,sowecanusepayloadarea
size
payloadandpadding
a
size a
size a
size a
next
prev
Allocated(asbefore) Free
CSE351‐InauguralEdi7on‐Spring2010 29
UniversityofWashington
ExplicitFreeLists Logically(doubly‐linkedlists):
Physically:blockscanbeinanyorder
A B C
4 4 4 4 66 44 4 4
Forward(next)links
Back(prev)links
A B
C
CSE351‐InauguralEdi7on‐Spring2010 30
UniversityofWashington
Alloca7ngFromExplicitFreeLists
Before
AJer
= malloc(…)
(withspliUng)
conceptualgraphic
CSE351‐InauguralEdi7on‐Spring2010 31
UniversityofWashington
FreeingWithExplicitFreeLists InserIonpolicy:Whereinthefreelistdoyouputanewly
freedblock? LIFO(last‐in‐first‐out)policy
Insertfreedblockatthebeginningofthefreelist
Pro:simpleandconstant6me
Con:studiessuggestfragmenta6onisworsethanaddressordered
Address‐orderedpolicy Insertfreedblockssothatfreelistblocksarealwaysinaddressorder:
addr(prev)<addr(curr)<addr(next)
Con:requiressearch
Pro:studiessuggestfragmenta6onislowerthanLIFO
CSE351‐InauguralEdi7on‐Spring2010 32
UniversityofWashington
FreeingWithaLIFOPolicy(Case1)
Insertthefreedblockattherootofthelist
free( )
Root
Root
Before
AJer
conceptualgraphic
CSE351‐InauguralEdi7on‐Spring2010 33
UniversityofWashington
FreeingWithaLIFOPolicy(Case2)
Spliceoutpredecessorblock,coalescebothmemoryblocks,andinsertthenewblockattherootofthelist
free( )
Root
Root
Before
AJer
conceptualgraphic
CSE351‐InauguralEdi7on‐Spring2010 34
UniversityofWashington
FreeingWithaLIFOPolicy(Case3)
Spliceoutsuccessorblock,coalescebothmemoryblocksandinsertthenewblockattherootofthelist
free( )
Root
Root
Before
AJer
conceptualgraphic
CSE351‐InauguralEdi7on‐Spring2010 35
UniversityofWashington
FreeingWithaLIFOPolicy(Case4)
Spliceoutpredecessorandsuccessorblocks,coalesceall3memoryblocksandinsertthenewblockattherootofthelist
free( )
Root
Root
Before
AJer
conceptualgraphic
CSE351‐InauguralEdi7on‐Spring2010 36
UniversityofWashington
ExplicitListSummary Comparisontoimplicitlist:
Allocateislinear6meinnumberoffreeblocksinsteadofallblocks
Muchfasterwhenmostofthememoryisfull
Slightlymorecomplicatedallocateandfreesinceneedstospliceblocksinandoutofthelist
Someextraspaceforthelinks(2extrawordsneededforeachblock)
Doesthisincreaseinternalfragmenta6on?
Mostcommonuseoflinkedlistsisinconjunc7onwithsegregatedfreelists Keepmul6plelinkedlistsofdifferentsizeclasses,orpossiblyfor
differenttypesofobjects
CSE351‐InauguralEdi7on‐Spring2010 37
UniversityofWashington
KeepingTrackofFreeBlocks Method1:Implicitlistusinglength—linksallblocks
Method2:Explicitlistamongthefreeblocksusingpointers
Method3:Segregatedfreelist Differentfreelistsfordifferentsizeclasses
Method4:Blockssortedbysize Canuseabalancedtree(e.g.Red‐Blacktree)withpointerswithineach
freeblock,andthelengthusedasakey
5 4 26
5 4 26
CSE351‐InauguralEdi7on‐Spring2010 38
UniversityofWashington
SegregatedList(Seglist)Allocators Eachsizeclassofblockshasitsownfreelist
Omenhaveseparateclassesforeachsmallsize Forlargersizes:Oneclassforeachtwo‐powersize
1‐2
3
4
5‐8
9‐inf
CSE351‐InauguralEdi7on‐Spring2010 39
UniversityofWashington
SeglistAllocator Givenanarrayoffreelists,eachoneforsomesizeclass
Toallocateablockofsizen: Searchappropriatefreelistforblockofsizem>n Ifanappropriateblockisfound:
Splitblockandplacefragmentonappropriatelist(op6onal) Ifnoblockisfound,trynextlargerclass Repeatun6lblockisfound
Ifnoblockisfound: Requestaddi6onalheapmemoryfromOS(usingsbrk()) Allocateblockofnbytesfromthisnewmemory Placeremainderasasinglefreeblockinlargestsizeclass
CSE351‐InauguralEdi7on‐Spring2010 40
UniversityofWashington
SeglistAllocator(cont.) Tofreeablock:
Coalesceandplaceonappropriatelist(op6onal)
Advantagesofseglistallocators Higherthroughput
log6meforpower‐of‐twosizeclasses Beoermemoryu6liza6on
First‐fitsearchofsegregatedfreelistapproximatesabest‐fitsearchofen6reheap.
Extremecase:Givingeachblockitsownsizeclassisequivalenttobest‐fit.
CSE351‐InauguralEdi7on‐Spring2010 41
UniversityofWashington
SummaryofKeyAllocatorPolicies Placementpolicy:
First‐fit,next‐fit,best‐fit,etc. Tradesofflowerthroughputforlessfragmenta6on InteresIngobservaIon:segregatedfreelistsapproximateabestfit
placementpolicywithouthavingtosearchen6refreelist
Splijngpolicy: Whendowegoaheadandsplitfreeblocks? Howmuchinternalfragmenta6onarewewillingtotolerate?
Coalescingpolicy: Immediatecoalescing:coalesceeach6mefree()iscalled Deferredcoalescing:trytoimproveperformanceoffree()by
deferringcoalescingun6lneeded.Examples: Coalesceasyouscanthefreelistformalloc() Coalescewhentheamountofexternalfragmenta6onreachessomethreshold
CSE351‐InauguralEdi7on‐Spring2010 42
UniversityofWashington
ImplicitMemoryManagement:GarbageCollec7on GarbagecollecIon:automa7creclama7onofheap‐allocated
storage—applica7onneverhastofree
Commoninfunc7onallanguages,scrip7nglanguages,andmodernobjectorientedlanguages: Lisp,ML,Java,Perl,Mathema6ca
Variants(“conserva7ve”garbagecollectors)existforCandC++ However,cannotnecessarilycollectallgarbage
void foo() { int *p = malloc(128); return; /* p block is now garbage */ }
CSE351‐InauguralEdi7on‐Spring2010 43
UniversityofWashington
GarbageCollec7on
Howdoesthememorymanagerknowwhenmemorycanbefreed? Ingeneral,wecannotknowwhatisgoingtobeusedinthefuturesinceit
dependsoncondi6onals But,wecantellthatcertainblockscannotbeusedifthereareno
pointerstothem
Mustmakecertainassump7onsaboutpointers Memorymanagercandis6nguishpointersfromnon‐pointers Allpointerspointtothestartofablockintheheap Cannothidepointers
(e.g.,bycas6ng(coercing)themtoanint,andthenbackagain)
CSE351‐InauguralEdi7on‐Spring2010 44
UniversityofWashington
ClassicalGCAlgorithms Mark‐and‐sweepcollec7on(McCarthy,1960)
Doesnotmoveblocks(unlessyoualso“compact”)
Referencecoun7ng(Collins,1960) Doesnotmoveblocks(notdiscussed)
Copyingcollec7on(Minsky,1963) Movesblocks(notdiscussed)
Genera7onalCollectors(LiebermanandHewi^,1983) Collec6onbasedonlife6mes
Mostalloca6onsbecomegarbageverysoon
Sofocusreclama6onworkonzonesofmemoryrecentlyallocated
Formoreinforma7on:JonesandLin,“GarbageCollecIon:AlgorithmsforAutomaIcDynamicMemory”,JohnWiley&Sons,1996.
CSE351‐InauguralEdi7on‐Spring2010 45
UniversityofWashington
MemoryasaGraph Weviewmemoryasadirectedgraph
Eachblockisanodeinthegraph Eachpointerisanedgeinthegraph Loca6onsnotintheheapthatcontainpointersintotheheaparecalled
rootnodes(e.g.registers,loca6onsonthestack,globalvariables)
Rootnodes
Heapnodes
Not‐reachable(garbage)
reachable
Anode(block)isreachableifthereisapathfromanyroottothatnode
Non‐reachablenodesaregarbage(cannotbeneededbytheapplica7on)CSE351‐InauguralEdi7on‐Spring2010 46
UniversityofWashington
MarkandSweepCollec7ng Canbuildontopofmalloc/freepackage
Allocateusingmallocun6lyou“runoutofspace”
Whenoutofspace: Useextramarkbitintheheadofeachblock
Mark:Startatrootsandsetmarkbitoneachreachableblock
Sweep:Scanallblocksandfreeblocksthatarenotmarked
Beforemark
root
AJermark
AJersweep free
Markbitset
free
CSE351‐InauguralEdi7on‐Spring2010 47
UniversityofWashington
Assump7onsForaSimpleImplementa7on Applica7on
new(n):returnspointertonewblockwithallloca6onscleared read(b,i):readloca6oniofblockbintoregister write(b,i,v): writevintoloca6oniofblockb
Eachblockwillhaveaheaderword Addressedasb[-1],forablockb
Instruc7onsusedbytheGarbageCollector is_ptr(p):determineswhetherpisapointer length(b):returnsthelengthofblockb,notincludingtheheader get_roots():returnsalltheroots
CSE351‐InauguralEdi7on‐Spring2010 48
UniversityofWashington
MarkandSweep(cont.)
ptr mark(ptr p) { if (!is_ptr(p)) return; // do nothing if not pointer if (markBitSet(p)) return; // check if already marked setMarkBit(p); // set the mark bit for (i=0; i < length(p); i++) // recursively call mark on mark(p[i]); // all words in the block return; }
Markusingdepth‐firsttraversalofthememorygraph
Sweepusinglengthstofindnextblockptr sweep(ptr p, ptr end) { while (p < end) { if markBitSet(p) clearMarkBit(); else if (allocateBitSet(p)) free(p); p += length(p); }
CSE351‐InauguralEdi7on‐Spring2010 49
UniversityofWashington
Conserva7veMark&SweepinC A“conserva7vegarbagecollector”forCprograms
is_ptr()determinesifawordisapointerbycheckingifitpointstoanallocatedblockofmemory
But,inCpointerscanpointtothemiddleofablock
Sohowtofindthebeginningoftheblock? Canuseabalancedbinarytreetokeeptrackofallallocatedblocks
(keyisstart‐of‐block)
Balanced‐treepointerscanbestoredinheader(usetwoaddi6onalwords)
header
ptr
head data
lem right
sizeLem:smalleraddressesRight:largeraddresses
CSE351‐InauguralEdi7on‐Spring2010 50
UniversityofWashington
Memory‐RelatedPerilsandPipalls Dereferencingbadpointers Readingunini7alizedmemory Overwri7ngmemory Referencingnonexistentvariables Freeingblocksmul7ple7mes Referencingfreedblocks Failingtofreeblocks
CSE351‐InauguralEdi7on‐Spring2010 51
UniversityofWashington
DereferencingBadPointers Theclassicscanfbug
int val;
...
scanf(“%d”, val);
CSE351‐InauguralEdi7on‐Spring2010 52
UniversityofWashington
ReadingUnini7alizedMemory Assumingthatheapdataisini7alizedtozero
/* return y = Ax */ int *matvec(int **A, int *x) { int *y = malloc( N * sizeof(int) ); int i, j;
for (i=0; i<N; i++) for (j=0; j<N; j++) y[i] += A[i][j] * x[j]; return y; }
CSE351‐InauguralEdi7on‐Spring2010 53
UniversityofWashington
Overwri7ngMemory Alloca7ngthe(possibly)wrongsizedobject
int **p;
p = malloc( N * sizeof(int) );
for (i=0; i<N; i++) { p[i] = malloc( M * sizeof(int) ); }
CSE351‐InauguralEdi7on‐Spring2010 54
UniversityofWashington
Overwri7ngMemory Off‐by‐oneerror
int **p;
p = malloc( N * sizeof(int *) );
for (i=0; i<=N; i++) { p[i] = malloc( M * sizeof(int) ); }
CSE351‐InauguralEdi7on‐Spring2010 55
UniversityofWashington
Overwri7ngMemory Notcheckingthemaxstringsize
Basisforclassicbufferoverflowa^acks Yourlastassignment
char s[8]; int i;
gets(s); /* reads “123456789” from stdin */
CSE351‐InauguralEdi7on‐Spring2010 56
UniversityofWashington
Overwri7ngMemory Misunderstandingpointerarithme7c
int *search(int *p, int val) {
while (*p && *p != val) p += sizeof(int);
return p; }
CSE351‐InauguralEdi7on‐Spring2010 57
UniversityofWashington
ReferencingNonexistentVariables Forgejngthatlocalvariablesdisappearwhenafunc7on
returns
int *foo () { int val;
return &val; }
CSE351‐InauguralEdi7on‐Spring2010 58
UniversityofWashington
FreeingBlocksMul7pleTimes Nasty!
Whatdoesthefreelistlooklike?
x = malloc( N * sizeof(int) ); <manipulate x> free(x);
y = malloc( M * sizeof(int) ); <manipulate y> free(x);
CSE351‐InauguralEdi7on‐Spring2010 59
x = malloc( N * sizeof(int) ); <manipulate x> free(x); free(x);
UniversityofWashington
ReferencingFreedBlocks Evil!
x = malloc( N * sizeof(int) ); <manipulate x> free(x); ... y = malloc( M * sizeof(int) ); for (i=0; i<M; i++) y[i] = x[i]++;
CSE351‐InauguralEdi7on‐Spring2010 60
UniversityofWashington
FailingtoFreeBlocks(MemoryLeaks) Slow,silent,long‐termkiller!
foo() { int *x = malloc(N*sizeof(int)); ... return; }
CSE351‐InauguralEdi7on‐Spring2010 61
UniversityofWashington
Toomuchisreachable
Markprocedureisrecursive Willwehaveenoughstackspace?
Wearegarbagecollec7ngbecausewearerunningoutofmemory,right?
CSE351‐InauguralEdi7on‐Spring2010 62
UniversityofWashington
FailingtoFreeBlocks(MemoryLeaks) Freeingonlypartofadatastructure
struct list { int val; struct list *next; };
foo() { struct list *head = malloc( sizeof(struct list) ); head->val = 0; head->next = NULL; <create and manipulate the rest of the list> ... free(head); return; }
CSE351‐InauguralEdi7on‐Spring2010 63
UniversityofWashington
Overwri7ngMemory Referencingapointerinsteadoftheobjectitpointsto
int *getPacket(int **packets, int *size) { int *packet; packet = packets[0]; packets[0] = packets[*size - 1]; *size--; // what is happening here? reorderPackets(packets, *size, 0); return(packet); }
CSE351‐InauguralEdi7on‐Spring2010 64
UniversityofWashington
DealingWithMemoryBugs Conven7onaldebugger(gdb)
Goodforfindingbadpointerdereferences Hardtodetecttheothermemorybugs
Debuggingmalloc(UTorontoCSRImalloc) Wrapperaroundconven6onalmalloc Detectsmemorybugsatmallocandfree boundaries
Memoryoverwritesthatcorruptheapstructures Someinstancesoffreeingblocksmul6ple6mes Memoryleaks
Cannotdetectallmemorybugs Overwritesintothemiddleofallocatedblocks Freeingblocktwicethathasbeenreallocatedintheinterim Referencingfreedblocks
CSE351‐InauguralEdi7on‐Spring2010 65