Dynamic Memory Allocation

Similar documents
Dynamic Memory Allocation II October 22, 2008

Dynamic Memory Allocation: Advanced Concepts

Today. Dynamic Memory Allocation: Advanced Concepts. Explicit Free Lists. Keeping Track of Free Blocks. Allocating From Explicit Free Lists

Dynamic Memory Alloca/on: Advanced Concepts

Internal Fragmentation

Memory Allocation III

Memory Allocation III CSE 351 Spring (original source unknown)

Dynamic Memory Allocation: Advanced Concepts

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING

Memory Allocation III

Dynamic Memory Allocation: Advanced Concepts

Dynamic Memory Allocation

Memory Allocation III

Dynamic Memory Allocation

Memory Allocation III

Dynamic Memory Allocation

Foundations of Computer Systems

NEXT SET OF SLIDES FROM DENNIS FREY S FALL 2011 CMSC313.

CS61, Fall 2012 Section 2 Notes

CS 33. Intro to Storage Allocation. CS33 Intro to Computer Systems XXVI 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.

Memory Allocation II. CSE 351 Autumn Instructor: Justin Hsia

Process s Address Space. Dynamic Memory. Backing the Heap. Dynamic memory allocation 3/29/2013. When a process starts the heap is empty

Dynamic Memory Alloca/on: Advanced Concepts

Dynamic Memory Allocation

Recitation #11 Malloc Lab. November 7th, 2017

CSCI-UA /2. Computer Systems Organization Lecture 19: Dynamic Memory Allocation: Basics

Run-time Environments - 3

Today. Dynamic Memory Allocation: Basic Concepts. Dynamic Memory Allocation. Dynamic Memory Allocation. malloc Example. The malloc Package

CS 153 Design of Operating Systems

Today. Dynamic Memory Allocation: Basic Concepts. Dynamic Memory Allocation. Dynamic Memory Allocation. malloc Example. The malloc Package

CS61 Section Notes. Section 5 (Fall 2011) Topics to be covered Common Memory Errors Dynamic Memory Allocation Assignment 3: Malloc

Run-time Environments -Part 3

Runtime. The optimized program is ready to run What sorts of facilities are available at runtime

Dynamic Memory Allocation I Nov 5, 2002

Dynamic Memory Allocation. Gerson Robboy Portland State University. class20.ppt

Introduction to Computer Systems /18 243, fall th Lecture, Oct. 22 th

Dynamic Memory Allocation I

Recitation #12 Malloc Lab - Part 2. November 14th, 2017

Compiler Construction

CMSC 330: Organization of Programming Languages. Memory Management and Garbage Collection

Dynamic Memory Allocation: Basic Concepts

Dynamic Memory Management

Motivation for Dynamic Memory. Dynamic Memory Allocation. Stack Organization. Stack Discussion. Questions answered in this lecture:

CMSC 330: Organization of Programming Languages

CMSC 330: Organization of Programming Languages

Dynamic Memory Management! Goals of this Lecture!

Compiler Construction

Dynamic Memory Allocation: Basic Concepts

Dynamic Memory Management

Class Information ANNOUCEMENTS

ANITA S SUPER AWESOME RECITATION SLIDES

Programming Language Implementation

ECE 598 Advanced Operating Systems Lecture 10

Intrusion Detection and Malware Analysis

CS 241 Honors Memory

6.172 Performance Engineering of Software Systems Spring Lecture 9. P after. Figure 1: A diagram of the stack (Image by MIT OpenCourseWare.

Princeton University. Computer Science 217: Introduction to Programming Systems. Dynamic Memory Management

In Java we have the keyword null, which is the value of an uninitialized reference type

Lecture 13: Garbage Collection

CS 33. Storage Allocation. CS33 Intro to Computer Systems XXVII 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.

Dynamic Memory Allocation. Basic Concepts. Computer Organization 4/3/2012. CSC252 - Spring The malloc Package. Kai Shen

Acknowledgements These slides are based on Kathryn McKinley s slides on garbage collection as well as E Christopher Lewis s slides

CS61C : Machine Structures

Lecture Notes on Garbage Collection

Dynamic Memory Allocation. Zhaoguo Wang

Run-Time Environments/Garbage Collection

Malloc Lab & Midterm Solutions. Recitation 11: Tuesday: 11/08/2016

Heap Management. Heap Allocation

Lecture 8 Dynamic Memory Allocation

10.1. CS356 Unit 10. Memory Allocation & Heap Management

Optimizing Dynamic Memory Management

A.Arpaci-Dusseau. Mapping from logical address space to physical address space. CS 537:Operating Systems lecture12.fm.2

Review! Lecture 5 C Memory Management !

Dynamic Storage Allocation

CS61C : Machine Structures

Memory management. Johan Montelius KTH

ECE 598 Advanced Operating Systems Lecture 12

Sustainable Memory Use Allocation & (Implicit) Deallocation (mostly in Java)

Limitations of the stack

Last week. Data on the stack is allocated automatically when we do a function call, and removed when we return

One-Slide Summary. Lecture Outine. Automatic Memory Management #1. Why Automatic Memory Management? Garbage Collection.

G Programming Languages - Fall 2012

Lecture Notes on Garbage Collection

2/9/18. Secure Coding. CYSE 411/AIT681 Secure Software Engineering. Agenda. Dynamic Memory Interface. Dynamic Memory Interface

CS 536 Introduction to Programming Languages and Compilers Charles N. Fischer Lecture 11

Memory Allocation. Copyright : University of Illinois CS 241 Staff 1

Secure Coding in C and C++ Dynamic Memory Management Lecture 5 Jan 29, 2013

CSCI-1200 Data Structures Spring 2016 Lecture 6 Pointers & Dynamic Memory

Habanero Extreme Scale Software Research Project

Secure Coding in C and C++

CS Computer Systems. Lecture 8: Free Memory Management

Algorithms for Dynamic Memory Management (236780) Lecture 4. Lecturer: Erez Petrank

Garbage Collection. Steven R. Bagley

CS 31: Intro to Systems Pointers and Memory. Kevin Webb Swarthmore College October 2, 2018

CSE 127 Computer Security

Deallocation Mechanisms. User-controlled Deallocation. Automatic Garbage Collection

CS 31: Intro to Systems Pointers and Memory. Martin Gagne Swarthmore College February 16, 2016

Princeton University Computer Science 217: Introduction to Programming Systems. Dynamic Memory Management

Computer Systems A Programmer s Perspective 1 (Beta Draft)

CS153: Compilers Lecture 9: Data Representation and Memory Management

Transcription:

Dynamic Memory Allocation CS61, Lecture 11 Prof. Stephen Chong October 6, 2011

Announcements 1/2 Reminder: No section on Monday Monday sections have been rescheduled See website for details Please attend whichever section you can make Homework 3 (Buffer bomb) due today Homework 4 (malloc) released Design checkpoint due Thursday 13 October, 10pm Final submission due Thursday 20 October, 11:59pm Stephen Chong, Harvard University 2

Announcements 2/2 Interested in concentrating in CS? Don t wait until last minute! Sophomores must declare concentration by Nov 16 Prof. Harry Lewis is the Computer Science DUS Office hours posted on his website He is happy to talk about the concentration, or sign you up! Fill in departmental study plan http://studyplan.seas.harvard.edu/ug/ Going through exercise will help you understand requirements Can always revise it later To actually enter concentration, need to fill out a form on Registrar s website, and get Prof. Lewis signature Stephen Chong, Harvard University 3

Today Free block list management Implicit free list Explicit free list Segregated lists Tradeoffs Alignment issues Example allocator implementation: dlmalloc Common memory problems Garbage collection Mark and sweep Generational GC Reference counting Stephen Chong, Harvard University 4

Explicit Free Lists Use an explicit data structure to track the free blocks In this case, a doubly-linked free list Pointers for list just live in the payload Payload is unused for free blocks! A B C Forward links 4 4 4 4 6 6 4 4 4 4 Back links Stephen Chong, Harvard University 5

Segregated List (seglist) Allocators Use a different free list for blocks of different sizes! 1-2 3 4 5-8 9-inf Often have separate size class for every small size (4,5,6, ) For larger sizes typically have a size class for each power of 2 Stephen Chong, Harvard University 6

Seglist Allocator To allocate a block of size n: Determine correct free list to use Search that free list for block of size m n If an appropriate block is found: Split block and place fragment on appropriate list If no block is found, try next larger class Repeat until block is found If no free block is found: Request additional heap memory from OS (using sbrk() system call) Allocate block of n bytes from this new memory Place remainder as a single free block in largest size class. Stephen Chong, Harvard University 7

Freeing with Seglist To free a block: Mark block as free Coalesce (if needed) Place free block on appropriate sized list Stephen Chong, Harvard University 8

Seglist advantages Advantages of seglist allocators Higher throughput Faster to find appropriate sized block: Look in the right list. Better memory utilization First-fit search of segregated free list approximates a best-fit search of entire heap. Extreme case: Giving each size its own segregated list is equivalent to best-fit. Stephen Chong, Harvard University 9

Allocation Policy Tradeoffs Data structure for free lists Implicit lists, explicit lists, segregated lists Other structures possible, e.g.explicit free blocks in binary tree, sorted by size Placement policy: First fit, next fit, or best fit Best fit has higher overhead, but less fragmentation. Splitting policy: When do we split free blocks? Splitting leads to more internal fragmentation, since each block needs its own header. Coalescing policy: When do we coalesce free blocks? Immediate coalescing: Coalesce each time free is called Deferred coalescing: Improve free performance by deferring coalescing until needed. E.g., While scanning the free list for malloc(), or when external fragmentation reaches some threshold. Stephen Chong, Harvard University 10

Today Free block list management Implicit free list Explicit free list Segregated lists Tradeoffs Alignment issues Example allocator implementation: dlmalloc Common memory problems Garbage collection Mark and sweep Generational GC Reference counting Stephen Chong, Harvard University 11

Alignment issues Most malloc() implementations ensure that the returned pointer is aligned to an 8-byte boundary. This is to ensure that if the pointer is used to store a struct, it will be properly aligned. struct mystruct *foo; void *p; p = malloc(sizeof(struct mystruct)); foo = (struct mystruct *)p; Stephen Chong, Harvard University 12

Alignment issues Implication: malloc() may have to pad the block that it allocates Padding p1 = malloc(3) p2 = malloc(4) Padding Padding can often be recycled as header, boundary tags, etc. (Not shown in the above example.) Key is that the payload of the buffer is appropriately aligned. Stephen Chong, Harvard University 13

Doug Lea allocator dlmalloc Fast and efficient general purpose allocator Basis of glibc allocator Since 1992 Essentially best-fit Ties are broken in least-recently-used order Reduces fragmentation Deviates for requests less than 256 bytes Prefer space adjacent to previous small request Break ties in most-recently-used order Increase locality of series of small allocations All operations bounded by constant factor (in # bits of size_t) Stephen Chong, Harvard University 14

Doug Lea allocator Uses blocks (aka chunks ) with boundary tags 8 byte alignment Free chunks have header and footer Allocated chunks have only header A chunk is at least 16 bytes (4 for header + 4 for footer + 8 byte alignment requirement) Allocated chunk Free chunk Is this chunk in use? Is prev chunk in use? Stephen Chong, Harvard University Size 1 P Header Size 0 1 Payload Footer Next pointer Prev pointer Unused Size Prev chunk of a free block must be in use, otherwise we would have coalesced! 15

Bins Segregated lists Bins for small (fixed size) chunks Chunks stored in circular doubly linked list Bins for large chunks (> 256 bytes) Chunks stored as special kind of binary tree Chunks of same size stored as doubly linked list off node Fixed size bins Larger bins 16 24 32 248 256 256-512 1K-2K 16M-...... 16 24 32 248 256 360 16 24 256 300 448 448 448 Stephen Chong, Harvard University 24 384 512 16

Allocation in dlmalloc Find an appropriate size bin Look through the structure for the best fit. Lists are arranged so that bins for small chunks are in most-recently-used order To increase locality lists for large chunks of same size are in least-recently-used order To decrease fragmentation Fixed size bins Larger bins 16 24 32 248 256 256-512 1K-2K 16M-...... 16 24 32 248 256 360 16 24 256 300 448 448 448 Stephen Chong, Harvard University 24 384 512 17

Allocation in dlmalloc Algorithm a bit more complicated Some other heuristics used for allocation e.g., maintain a designated victim, the remainder from the last split, and use it for small requests if possible Last free block of heap treated specially Fixed size bins Larger bins 16 24 32 248 256 256-512 1K-2K 16M-...... 16 24 32 248 256 360 16 24 256 300 448 448 448 Stephen Chong, Harvard University 24 384 512 18

Free in dlmalloc Always coalesce on free Fixed size bins Larger bins 16 24 32 248 256 256-512 1K-2K 16M-...... 16 24 32 248 256 360 16 24 256 300 448 448 448 Stephen Chong, Harvard University 24 384 512 19

Today Free block list management Implicit free list Explicit free list Segregated lists Tradeoffs Alignment issues Example allocator implementation: dlmalloc Common memory problems Garbage collection Mark and sweep Generational GC Reference counting Stephen Chong, Harvard University 20

Memory-Related Perils and Pitfalls Dereferencing bad pointers Reading uninitialized memory Overwriting memory Referencing nonexistent variables Freeing blocks multiple times Referencing freed blocks Failing to free blocks Stephen Chong, Harvard University 21

Dereferencing Bad Pointers The classic scanf bug int val; scanf( %d, val); Not a pointer! Stephen Chong, Harvard University 22

Reading Uninitialized Memory Assuming that heap data is initialized to zero /* return y = Ax */ int *matvec(int **A, int *x) { int *y = malloc(n*sizeof(int)); int i, j; } for (i=0; i<n; i++) for (j=0; j<n; j++) y[i] += A[i][j]*x[j]; return y; y[i] not necessarily initialized to zero Stephen Chong, Harvard University 23

Overwriting Memory Off-by-one error int **p; p = malloc(n*sizeof(int *)); for (i=0; i<= N; i++) { p[i] = malloc(m*sizeof(int)); } Goes through loop N+1 times! Stephen Chong, Harvard University 24

Overwriting Memory Not checking the max string size char s[8]; gets(s); Buffer overflow vulnerability! Stephen Chong, Harvard University 25

Overwriting Memory Misunderstanding pointer arithmetic int *search(int *p, int val) { while (*p && *p!= val) p += sizeof(int); } return p; Should be p++! Incorrectly reads every fourth element in array Stephen Chong, Harvard University 26

Overwriting Memory Referencing a pointer instead of the object pointed to void trim(char *s, int *length) { if (*length > 0) { if (s[(*length)-1] == \n ) { *length--; s[*length] = 0; } } } Should be (*length)--! *length-- is *(length--), which modifies pointer. Stephen Chong, Harvard University 27

Referencing Nonexistent Variables Forgetting that local variables disappear when a function returns int *foo () { int val; } return &val; Pointer into stack frame. Valid memory address, but may point to another function s stack frame. Stephen Chong, Harvard University 28

Freeing Blocks Multiple Times Nasty! x = malloc(n*sizeof(int));...manipulate x... free(x); y = malloc(m*sizeof(int));...manipulate y... free(x); Free same pointer twice! What would this do to an explicit free list? Can lead to security vulnerabilities where attacker controls some region of the heap! Stephen Chong, Harvard University 29

Referencing Freed Blocks Evil! x = malloc(n*sizeof(int));...manipulate x... free(x);... y = malloc(m*sizeof(int)); for (i=0; i<m; i++) y[i] = x[i]++; Accessing a pointer that has already been freed! Stephen Chong, Harvard University 30

Failing to Free Blocks (Memory Leaks) Slow, long-term killer! foo() { int *x = malloc(n*sizeof(int));... return; } Object can t be accessed ever again, but is not freed. Stephen Chong, Harvard University 31

Failing to Free Blocks (Memory Leaks) Freeing only part of a data structure struct list { int val; struct list *next; }; foo() { struct list *head = malloc(sizeof(struct list)); head->val = 0; head->next = NULL;...create and manipulate the rest of the list... free(head); return; } Only head free, not rest of structure. Stephen Chong, Harvard University 32

Dealing With Memory Bugs Conventional debugger (gdb) Good for finding bad pointer dereferences Hard to detect the other memory bugs Debugging malloc (CSRI UToronto malloc) Wrapper around conventional malloc Detects memory bugs at malloc and free boundaries Memory overwrites that corrupt heap structures Some instances of freeing blocks multiple times Memory leaks Cannot detect all memory bugs Overwrites into the middle of allocated blocks Freeing block twice that has been reallocated in the interim Referencing freed blocks Stephen Chong, Harvard University 33

Dealing With Memory Bugs (cont.) Binary translator: valgrind, Purify Powerful debugging and analysis technique Rewrites text section of executable object file Can detect all errors as debugging malloc Can also check each individual reference at runtime Bad pointers Overwriting Referencing outside of allocated block Use a different language Some languages present a different model of memory to programmer Avoid some-to-all of the common memory problems described here Stephen Chong, Harvard University 34

Today Free block list management Implicit free list Explicit free list Segregated lists Tradeoffs Alignment issues Example allocator implementation: dlmalloc Common memory problems Garbage collection Mark and sweep Generational GC Reference counting Stephen Chong, Harvard University 35

Implicit Memory Management: Garbage Collection Garbage collection: automatic reclamation of heapallocated storage Application never has to explicitly free memory! void foo() { int *p = malloc(128); return; /* p block is now garbage */ } Common in functional languages, scripting languages, and modern object oriented languages: Lisp, ML, Java, Perl, Python, etc. Variants (conservative garbage collectors) also exist for C and C++ These do not generally manage to collect all garbage though. Stephen Chong, Harvard University 36

Garbage collection concepts Global vars struct mylist *q; Stack Root nodes int *p; Live objects Heap Garbage Stephen Chong, Harvard University 37

Garbage collection concepts A block of memory is reachable if there is some path from a root node to the block. If a block is reachable, it's live and should not be reclaimed. If a block is not reachable, it's garbage. Global vars Stack Root nodes struct mylist *q; int *p; Live objects Heap Garbage Stephen Chong, Harvard University 38

Garbage collection to the rescue Solves some of common memory problems Double free, access after free, some memory leaks,... Say we have a block that is reachable, but never used by the program. What happens? Memory leak! Global vars Stack Root nodes struct mylist *q; Garbage collectors int *p; assume all reachable Live objects Heap objects can be used in the future. Garbage Stephen Chong, Harvard University 39

Challenges Challenge: How do we know where the pointers are? Global vars are easy: We know the type at compile time. What about the stack? GC needs to know which slots on the stack are pointers, and which are not. Depends on call chain of functions at runtime, and how each function stores local vars on the stack. What about pointers between blocks of memory? Linked lists, trees, etc. GC needs to know where the pointers are internal to each block! Stephen Chong, Harvard University 40

Fake pointers In C, you can create a pointer directly from an integer But type of i is int! How do we know it is used as a pointer? int i = 0x40b0cdf; *(int *)i = 42; Conservative garbage collectors treat all bit patterns in memory that could be pointers as pointers. If contents of location could be memory address in heap, assume it is Problem: Leads to false memory leaks If int i = 0x40b0cdf really is just an integer value, not a pointer, memory at location 0x40b0cdf will not be reclaimed! Stephen Chong, Harvard University 41

Fake pointers In C, you can create a pointer directly from an integer int i = 0x40b0cdf; *(int *)i = 42; Solution: Don't let program create pointers from ints. Java (and other languages) never let you forge pointers like this. Allows for precise garbage collection: GC always knows where pointers are, since pointers are special. Stephen Chong, Harvard University 42

Garbage collection techniques We ll consider three techniques Mark-and-sweep Generational garbage collection Reference counting Stephen Chong, Harvard University 43

Mark and Sweep Collecting Idea: Use a mark bit in the header of each block GC scans all memory objects (starting at roots), and sets mark bit on each reachable memory block. Sweeping: Scan over all memory blocks. Any block without the mark bit set is freed Before mark root Mark bit set Mark bit clear After mark After sweep free free Stephen Chong, Harvard University 44

Mark and Sweep Advantages Easily handles cycles Low overhead Disadvantages Need to scan all objects Slow if large object set Observation: Most objects have short lifespans Most objects created since the last garbage collection If an object survives a few garbage collection cycles, it is likely to survive longer. Stephen Chong, Harvard University 45

Generational Garbage Collection Key idea: divide objects into generations, and garbage collect newer generation more frequently than older generations Takes advantage that most objects do not live long Used in Java and.net Stephen Chong, Harvard University 46

Generational GC Algorithm Divide objects into generations (Gen0, Gen1...) New objects go in Gen0 Garbage collect younger generations aggressively Perform GC on Gen(n) mark and sweep, or something else Promote surviving objects of Gen(n) to Gen(n+1) May occasionally need a full GC What does promotion mean? Some implementations assign regions of memory to generations Promotion to older generation means copy the object to a different region of memory This is difficult in C. Why? Stephen Chong, Harvard University 47

Generational Garbage Collection Roots... A We start executing New object go in Gen0 B C Gen 0 Gen 1 Stephen Chong, Harvard University 48

Generational Garbage Collection Roots... A Some objects become garbage B C Gen 0 Gen 1 Stephen Chong, Harvard University 49

Generational Garbage Collection Roots... A We garbage collect Gen0. B Gen 0 Gen 1 Stephen Chong, Harvard University 50

Generational Garbage Collection Roots... A Promote surviving objects from Gen0 to Gen1 B Gen 0 Gen 1 Stephen Chong, Harvard University 51

Generational Garbage Collection Roots... E D A Program continues to execute. Many short lived objects. F B G H I Gen 0 Gen 1 Stephen Chong, Harvard University 52

Generational Garbage Collection Roots... A We garbage collect Gen0. B H Gen 0 Gen 1 Stephen Chong, Harvard University 53

Generational Garbage Collection Roots... A Promote surviving objects from Gen0 to Gen1 B H Gen 0 Gen 1 Stephen Chong, Harvard University 54

Today Free block list management Implicit free list Explicit free list Segregated lists Tradeoffs Alignment issues Example allocator implementation: dlmalloc Common memory problems Garbage collection Mark and sweep Generational GC Reference counting Stephen Chong, Harvard University 55

Reference Counting An object is garbage if it is not reachable from a root. If nothing points to an object (i.e., object is not referenced), then it is garbage. Problem: How do we decide if an object is no longer referenced? Solution: Keep track of number of active references to every object As soon as reference hits 0, can immediately GC object Used in: Python, Microsoft COM, Apple Cocoa, etc. Many C hash table implementations use ref. counting to keep track of active entries Stephen Chong, Harvard University 56

Reference counting example Roots... A C Refs: 1 B Refs: 2 Refs: 0 Garbage! D E Refs: 1 Refs: 1 Problems Changing pointers (including a variable going out of scope) requires updating reference counts. Can be expensive What about cycles? (e.g., D and E) Stephen Chong, Harvard University 57

Next lecture Memory and storage technologies Stephen Chong, Harvard University 58

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback