Re: memory allocation with malloc
At 01:16 AM 8/5/2008, Shyamal Shukla wrote:
Hi All,
I am trying to validate my understanding of how malloc works by means
of the below C program which tries to corrupt essential information
maintained by malloc for free() operation.
The program allocates 4, 12 byte blocks (internally 16 bytes are allocated
for each 12 byte block). Hence the total allocated space was 48 bytes.
As malloc maintains the (length of allocated block + 1), 4 bytes before the
returned pointer (from malloc), I have manipulated this length for the first
block and set it to 49 with the goal that a single free shall release all
these 4 blocks and a subsequent malloc of 15 bytes shall be from the address
of first block.
However, this does not happen. Can someone please correct my understanding
and provide me with a reference to the working of malloc() and free()?
#include
int main(void)
{
char * ptr,* ptr1, *ptr2, * ptr3, * ptr4;
int * i;
int n,q,p;
int loop = 0;
ptr1 = (char *)malloc(12);
i = (int *)(ptr1 - 4);
printf("\n ptr1 = %p,%d \n",ptr1,*i);
printf("\n %d:%d:%d:%d\n",ptr1[-4],ptr1[-3],ptr1[-2],ptr1[-1]);
printf("\n %d:%d:%d:%d\n",ptr1[0],ptr1[1],ptr1[2],ptr1[3]);
printf("\n %d:%d:%d:%d\n",ptr1[4],ptr1[5],ptr1[6],ptr1[7]);
printf("\n %d:%d:%d:%d\n",ptr1[8],ptr1[9],ptr1[10],ptr1[11]);
*i = 49;
ptr2 = (char *)malloc(12);
i = (int *)(ptr2 - 4);
printf("\n ptr2 = %p,%d \n",ptr2,*i);
printf("\n %d:%d:%d:%d\n",ptr2[-4],ptr2[-3],ptr2[-2],ptr2[-1]);
ptr3 = (char *)malloc(12);
i = (int *)(ptr3 - 4);
printf("\n ptr3 = %p,%d \n",ptr3,*i);
printf("\n %d:%d:%d:%d\n",ptr3[-4],ptr3[-3],ptr3[-2],ptr3[-1]);
ptr4 = (char *)malloc(12);
i = (int *)(ptr4 - 4);
printf("\n ptr4 = %p,%d \n",ptr4,*i);
printf("\n %d:%d:%d:%d\n",ptr4[-4],ptr4[-3],ptr4[-2],ptr4[-1]);
free(ptr1);
printf("\n ANALYZE-\n");
printf("\n %d:%d:%d:%d\n",ptr1[-4],ptr1[-3],ptr1[-2],ptr1[-1]);
printf("\n %d:%d:%d:%d\n",ptr1[0],ptr1[1],ptr1[2],ptr1[3]);
printf("\n %d:%d:%d:%d\n",ptr1[4],ptr1[5],ptr1[6],ptr1[7]);
printf("\n %d:%d:%d:%d\n",ptr1[8],ptr1[9],ptr1[10],ptr1[11]);
ptr = (char *)malloc(15);
i = (int *)(ptr - 4);
printf("\n ptr = %p,%d \n",ptr,*i);
return;
}
Thanks and Regards,
Shyamal
I'm not quite sure what it is you want to accomplish with this
program. However, malloc and free work on the program's given data
area. This data area can be increased should there be a need for more
memory.
You should NEVER assume that memory blocks are contiguous. There are many
reasons why they would not be contiguous among them compiler
optimizations. If you really want to delve into how a program is executed,
have the compiler output the assembler code and look at that. The
assembler code will show exactly how and where the variables are
allocated. With such small amount of data used in your program, it is
possible the variables are all just on the stack.
You may want to check out the brk and sbrk man pages as they will give you
some information into how memory management was originally done as these
functions are lower-level than malloc and free.
-Derek
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: memory allocation with malloc
On Tue, 05 Aug 2008 09:58:40 +0300, Giorgos Keramidas <[EMAIL PROTECTED]> wrote: > On Tue, 5 Aug 2008 11:46:06 +0530, "Shyamal Shukla" <[EMAIL PROTECTED]> wrote: >> However, this does not happen. Can someone please correct my >> understanding and provide me with a reference to the working of >> malloc() and free()? > > That's because the original assumption is false. [...] I forgot to attach the link to the jemalloc paper, apologies. Here it is: http://people.freebsd.org/~jasone/jemalloc/bsdcan2006/jemalloc.pdf This describes how jemalloc works. This isn't a detailed line by line walk-through of the source, but it should provide a good starting point. Then you can always read the source of BSD malloc() at: http://svn.freebsd.org/viewvc/base/head/lib/libc/stdlib/malloc.c?view=log HTH, Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: memory allocation with malloc
On Tue, 5 Aug 2008 11:46:06 +0530, "Shyamal Shukla" <[EMAIL PROTECTED]> wrote: > Hi All, > > I am trying to validate my understanding of how malloc works by means > of the below C program which tries to corrupt essential information > maintained by malloc for free() operation. > > The program allocates 4, 12 byte blocks (internally 16 bytes are allocated > for each 12 byte block). Hence the total allocated space was 48 bytes. > > As malloc maintains the (length of allocated block + 1), 4 bytes before the > returned pointer (from malloc), I have manipulated this length for the first > block and set it to 49 with the goal that a single free shall release all > these 4 blocks and a subsequent malloc of 15 bytes shall be from the address > of first block. > > However, this does not happen. Can someone please correct my understanding > and provide me with a reference to the working of malloc() and free()? That's because the original assumption is false. You wrote that "malloc maintains the (length of allocated block + 1), 4 bytes before the returned pointer (from malloc)". But that is not really true for all malloc() implementations, and it certainly isn't true for the `jemalloc' implementation that FreeBSD 7.X and 8.0-CURRENT use. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
memory allocation with malloc
Hi All,
I am trying to validate my understanding of how malloc works by means
of the below C program which tries to corrupt essential information
maintained by malloc for free() operation.
The program allocates 4, 12 byte blocks (internally 16 bytes are allocated
for each 12 byte block). Hence the total allocated space was 48 bytes.
As malloc maintains the (length of allocated block + 1), 4 bytes before the
returned pointer (from malloc), I have manipulated this length for the first
block and set it to 49 with the goal that a single free shall release all
these 4 blocks and a subsequent malloc of 15 bytes shall be from the address
of first block.
However, this does not happen. Can someone please correct my understanding
and provide me with a reference to the working of malloc() and free()?
#include
int main(void)
{
char * ptr,* ptr1, *ptr2, * ptr3, * ptr4;
int * i;
int n,q,p;
int loop = 0;
ptr1 = (char *)malloc(12);
i = (int *)(ptr1 - 4);
printf("\n ptr1 = %p,%d \n",ptr1,*i);
printf("\n %d:%d:%d:%d\n",ptr1[-4],ptr1[-3],ptr1[-2],ptr1[-1]);
printf("\n %d:%d:%d:%d\n",ptr1[0],ptr1[1],ptr1[2],ptr1[3]);
printf("\n %d:%d:%d:%d\n",ptr1[4],ptr1[5],ptr1[6],ptr1[7]);
printf("\n %d:%d:%d:%d\n",ptr1[8],ptr1[9],ptr1[10],ptr1[11]);
*i = 49;
ptr2 = (char *)malloc(12);
i = (int *)(ptr2 - 4);
printf("\n ptr2 = %p,%d \n",ptr2,*i);
printf("\n %d:%d:%d:%d\n",ptr2[-4],ptr2[-3],ptr2[-2],ptr2[-1]);
ptr3 = (char *)malloc(12);
i = (int *)(ptr3 - 4);
printf("\n ptr3 = %p,%d \n",ptr3,*i);
printf("\n %d:%d:%d:%d\n",ptr3[-4],ptr3[-3],ptr3[-2],ptr3[-1]);
ptr4 = (char *)malloc(12);
i = (int *)(ptr4 - 4);
printf("\n ptr4 = %p,%d \n",ptr4,*i);
printf("\n %d:%d:%d:%d\n",ptr4[-4],ptr4[-3],ptr4[-2],ptr4[-1]);
free(ptr1);
printf("\n ANALYZE-\n");
printf("\n %d:%d:%d:%d\n",ptr1[-4],ptr1[-3],ptr1[-2],ptr1[-1]);
printf("\n %d:%d:%d:%d\n",ptr1[0],ptr1[1],ptr1[2],ptr1[3]);
printf("\n %d:%d:%d:%d\n",ptr1[4],ptr1[5],ptr1[6],ptr1[7]);
printf("\n %d:%d:%d:%d\n",ptr1[8],ptr1[9],ptr1[10],ptr1[11]);
ptr = (char *)malloc(15);
i = (int *)(ptr - 4);
printf("\n ptr = %p,%d \n",ptr,*i);
return;
}
Thanks and Regards,
Shyamal
--
Linux - because life is too short for reboots...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
