0% found this document useful (0 votes)

16 views

0019 Lecture6 Mem Alloc

This document provides an overview of dynamic memory allocation in C using malloc() and free(). It discusses the properties and design of malloc() and free(), including how they are used to acquire and return memory from the heap. The document also introduces some common errors that can occur with dynamic memory allocation in C and defines key goals for allocators like throughput and peak memory utilization. It explains the concepts of internal and external fragmentation that can reduce memory utilization.

Uploaded by

FikriZain

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

16 views

0019 Lecture6 Mem Alloc

Uploaded by

FikriZain

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 96

Dynamic Memory Allocation

in C
Brad Karp
UCL Computer Science

CS 0019
29th January 2019

(lecture notes derived from material from Phil Gibbons, Randy

Bryant, and Dave O’Hallaron)

1
Dynamic Heap Memory Allocation in
C
¢ Properties of malloc()/free()
§ N.B. not the design of cs0019_{malloc(),free()}!
Rather, the design of the underlying system software’s
malloc() and free()
¢ Simple Design: Implicit Free Lists
¢ Menagerie of malloc() and free() programming
errors (and undefined behaviors!)

2
Dynamic Memory Allocation: Context

Application
Dynamic Memory Allocator
Heap

¢ Programmers use dynamic

memory allocators (such as
malloc) to acquire virtual
memory (VM) at run time.
§ for data structures whose
size is only known at runtime
¢ Dynamic memory allocators
manage an area of process
VM known as the heap.

3
Dynamic Memory Allocation: Context
Memory
invisible to
Application Kernel virtual memory
user code
User stack
Dynamic Memory Allocator (created at runtime)
%rsp
Heap (stack
pointer)
¢ Programmers use dynamic Memory-mapped region for
memory allocators (such as shared libraries
malloc) to acquire virtual
memory (VM) at run time.
brk
§ for data structures whose Run-time heap
size is only known at runtime (created by malloc)
¢ Dynamic memory allocators Read/write segment Loaded
manage an area of process (.data, .bss) from
the
VM known as the heap. Read-only segment executable
(.init, .text, .rodata) file
0x400000
Unused
0 4
Styles of Dynamic Memory Allocation

¢ Allocator maintains heap as collection of variable sized

blocks, which are either allocated or free
¢ Types of allocators
§ Explicit allocator: application allocates and frees space
§ E.g., malloc() and free() in C
§ Implicit allocator: application allocates, but does not free
space
§ E.g., new and garbage collection in Java

¢ Will discuss simple explicit memory allocation today

5
malloc Standard C Library Allocator
#include <stdlib.h>
void *malloc(size_t size)
§ Successful:
§Returns pointer to memory block of at least size bytes
aligned to a 16-byte boundary (on x86-64)
§ If size == 0, returns NULL
§ Unsuccessful: returns NULL (0) and sets errno to ENOMEM
void free(void *p)
§ Returns the block pointed to by p to pool of available memory
§ p must come from a previous call to malloc() or realloc()
Other functions
§ calloc(): version of malloc() that initializes allocated block to
contain zero bytes
§ realloc(): changes the size of a previously allocated block
§ sbrk(): used internally by allocators to grow or shrink the heap
6
malloc Example
#include <stdio.h>
#include <stdlib.h>

void foo(int n) {
int i, *p;

/* Allocate a block of n ints */

p = (int *) malloc(n * sizeof(int));
if (p == NULL) {
perror("malloc");
exit(0);
}

/* Initialize allocated block */

for (i=0; i<n; i++)
p[i] = i;

/* Return allocated block to the heap */

free(p);
}

7
Simplifying Assumptions Made in This
Lecture
¢ Memory is word-addressed
¢ Words are int-sized
¢ Allocations are double-word aligned

Allocated block Free block

(4 words) (2 words) Free word
Allocated word

8
Allocation Example #define SIZ sizeof(int)

p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

p4 = malloc(2*SIZ)

9
Allocation Example #define SIZ sizeof(int)

p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

p4 = malloc(2*SIZ)

10
Allocation Example #define SIZ sizeof(int)

p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

p4 = malloc(2*SIZ)

11
Allocation Example #define SIZ sizeof(int)

p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

p4 = malloc(2*SIZ)

12
Allocation Example #define SIZ sizeof(int)

p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

p4 = malloc(2*SIZ)

13
Constraints
¢ Applications
§ Can issue arbitrary sequence of malloc() and free() requests
§ free() request must be to a malloc()’d block

¢ Explicit Allocators
§ Can’t control number or size of allocated blocks
§ Must respond immediately to malloc() requests
§ i.e., can’t reorder or buffer requests
§ Must allocate blocks from free memory
§ i.e., can only place allocated blocks in free memory
§ Must align blocks so they satisfy all alignment requirements
§16-byte (x86-64) alignment on Linux boxes
§ Can manipulate and modify only free memory
§ Can’t move the allocated blocks once they are malloc()’d
§ i.e., compaction is not allowed. Why not?
14
Performance Goal: Throughput
¢ Given some sequence of malloc() and free() requests:
§ R0, R1, ..., Rk, ... , Rn-1

¢ Goals: maximize throughput and peak memory utilization

§ These goals are often conflicting

¢ Throughput:
§ Number of completed requests per unit time
§ Example:
§ 5,000 malloc() calls and 5,000 free() calls in 10 seconds
§ Throughput is 1,000 operations/second

15
Performance Goal: Peak Memory
Utilization
¢ Given some sequence of malloc() and free()
requests:
§ R0, R1, ..., Rk, ... , Rn-1
¢ Def: Aggregate payload Pk
§ malloc(p) results in a block with a payload of p bytes
§ After request Rk has completed, the aggregate payload Pk is the
sum of currently allocated payloads

¢ Def: Current heap size Hk

§ Assume Hk is monotonically nondecreasing
§ i.e., heap only grows when allocator uses sbrk()

¢ Def: Peak memory utilization after k+1 requests

§ Uk = ( maxi≤k Pi ) / Hk

16
Fragmentation
¢ Poor memory utilization caused by fragmentation
§ internal fragmentation
§ external fragmentation

17
Internal Fragmentation
¢ For a given block, internal fragmentation occurs if payload is
smaller than block size

Block

Internal Internal
Payload
fragmentation fragmentation

¢ Caused by
§ Overhead of maintaining heap data structures
§ Padding for alignment purposes
§ Explicit policy decisions
(e.g., to return a big block to satisfy a small request)

¢ Depends only on the pattern of previous requests

§ Thus, easy to measure
18
External Fragmentation
#define SIZ sizeof(int)

¢ Occurs when there is enough aggregate heap

memory, but no single free block is large enough
p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

19
External Fragmentation
#define SIZ sizeof(int)

¢ Occurs when there is enough aggregate heap

memory, but no single free block is large enough
p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

20
External Fragmentation
#define SIZ sizeof(int)

¢ Occurs when there is enough aggregate heap

memory, but no single free block is large enough
p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

21
External Fragmentation
#define SIZ sizeof(int)

¢ Occurs when there is enough aggregate heap

memory, but no single free block is large enough
p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

22
External Fragmentation
#define SIZ sizeof(int)

¢ Occurs when there is enough aggregate heap

memory, but no single free block is large enough
p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

p4 = malloc(7*SIZ)

23
External Fragmentation
#define SIZ sizeof(int)

¢ Occurs when there is enough aggregate heap

memory, but no single free block is large enough
p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

p4 = malloc(7*SIZ) Yikes! (what would happen now?)

24
External Fragmentation
#define SIZ sizeof(int)

¢ Occurs when there is enough aggregate heap

memory, but no single free block is large enough
p1 = malloc(4*SIZ)

p2 = malloc(5*SIZ)

p3 = malloc(6*SIZ)

free(p2)

p4 = malloc(7*SIZ) Yikes! (what would happen now?)

¢ Amount of external fragmentation

depends on the pattern of future requests
§ Thus, difficult to measure
25
Design Challenges
¢ How do we know how much memory to free given
just a pointer?

¢ How do we keep track of the free blocks?

¢ What do we do with the extra space when allocating a

structure that is smaller than the free block it is placed
in?

¢ How do we pick a block to use for allocation? Many

might fit.

¢ How do we reclaim a freed block for later reuse? 26

Knowing How Much to Free
¢ Standard method
§ Keep the length of a block in the word preceding the block.
§ This word is often called the header field or header
§ Requires an extra word for every allocated block

p0
p0 = malloc(4*SIZ)
5

block size Payload

(aligned)

27
Knowing How Much to Free
¢ Standard method
§ Keep the length of a block in the word preceding the block.
§ This word is often called the header field or header
§ Requires an extra word for every allocated block

p0
p0 = malloc(4*SIZ)
5

block size Payload

(aligned)
free(p0)

28
Keeping Track of Free Blocks
¢ Method 1: Implicit list using length—links all blocks
Need to tag
Unused
each block as
4 6 4 2
allocated/free

29
Keeping Track of Free Blocks
¢ Method 1: Implicit list using length—links all blocks
Need to tag
Unused
each block as
4 6 4 2
allocated/free

¢ Method 2: Explicit list among the free blocks using

pointers
Need space
4 6 4 2
for pointers

30
Keeping Track of Free Blocks
¢ Method 1: Implicit list using length—links all blocks
Need to tag
Unused
each block as
4 6 4 2
allocated/free

¢ Method 2: Explicit list among the free blocks using

pointers
Need space
4 6 4 2
for pointers

¢ Method 3: Segregated free list

§ Different free lists for different size classes

31
Keeping Track of Free Blocks
¢ Method 1: Implicit list using length—links all blocks
Need to tag
Unused
each block as
4 6 4 2
allocated/free

¢ Method 2: Explicit list among the free blocks using

pointers
Need space
4 6 4 2
for pointers

¢ Method 3: Segregated free list

§ Different free lists for different size classes

¢ Method 4: Blocks sorted by size

§ Can use a balanced tree (e.g. Red-Black tree) with pointers
within each free block, and the length used as a key
32
Keeping Track of Free Blocks
¢ Method 1: Implicit list using length—links all blocks
Need to tag
Unused
each block as
4 6 4 2
allocated/free

¢ Method 2: Explicit list among the free blocks using

pointers
Need space
4 6 4 2
for pointers

¢ Method 3: Segregated free list

§ Different free lists for different size classes

¢ Method 4: Blocks sorted by size

§ Can use a balanced tree (e.g. Red-Black tree) with pointers
within each free block, and the length used as a key
33
Dynamic Heap Memory Allocation in
C
¢ Properties of malloc()/free()
¢ Simple Design: Implicit Free Lists
¢ Menagerie of malloc() and free() programming
errors (and undefined behaviors!)

34
Simple Design: Implicit Free List
¢ For each block we need both size and allocation status
§ Could store this information in two words, but that’d be wasteful
¢ Standard trick
§ When blocks are aligned, some low-order address bits are always 0
§ Instead of storing an always-0 bit, use it as an allocated/free flag
§ When reading the Size word, must mask out this bit

1 word

Size a a = 1: Allocated block

a = 0: Free block
Format of
allocated and Payload
Size: block size
free blocks
Payload: application data
(allocated blocks only)
Optional
padding
35
Detailed Implicit Free List Example

End
Unused Block
Start
of 2/0 4/1 8/0 4/1 0/1
heap

Double-word Allocated blocks: shaded

aligned Free blocks: unshaded
Headers: labeled with “size in words/allocated bit”

36
Implicit List: Finding a Free Block
¢ First fit:
§ Search list from beginning, choose first free block that fits:
p = start;
while ((p < end) && \\ not passed end
((*p & 1) || \\ already allocated
(*p <= len))) \\ too small
p = p + (*p & -2); \\ goto next block (word addressed)

§ Can take linear time in total number of blocks (allocated and free)
§ In practice it can cause “splinters” at beginning of list

37
Implicit List: Finding a Free Block
¢ First fit:
§ Search list from beginning, choose first free block that fits:
p = start;
while ((p < end) && \\ not passed end
((*p & 1) || \\ already allocated
(*p <= len))) \\ too small
p = p + (*p & -2); \\ goto next block (word addressed)

38
Implicit List: Finding a Free Block
¢ First fit:
§ Search list from beginning, choose first free block that fits:
p = start;
while ((p < end) && \\ not passed end
((*p & 1) || \\ already allocated
(*p <= len))) \\ too small
p = p + (*p & -2); \\ goto next block (word addressed)

§ Can take linear time in total number of blocks (allocated and free)
§ In practice it can cause “splinters” at beginning of list
¢ Next fit:
§ Like first fit, but search list starting where previous search finished
§ Should often be faster than first fit: avoids re-scanning unhelpful blocks
§ Some research suggests that fragmentation is worse
¢ Best fit:
§ Search the list, choose the best free block: fits, with fewest bytes left
over
§ Keeps fragments small—usually improves memory utilization
§ Will typically run slower than first fit
39
Implicit List: Allocating in Free Block
¢ Allocating within a free block: splitting
§ Since allocated space might be smaller than free space, we might
want to split the block

4 4 6 2 0

addblock(p, 4)

4 4 4 2 2 0

void addblock(ptr p, int len) {

int newsize = ((len + 1) >> 1) << 1; // round up to even
int oldsize = *p & -2; // mask out low bit
*p = newsize | 1; // set new length
if (newsize < oldsize)
*(p+newsize) = oldsize - newsize; // set length in remaining
} // part of block
40
Implicit List: Allocating in Free Block
¢ Allocating within a free block: splitting
§ Since allocated space might be smaller than free space, we might
want to split the block

4 4 6 2 0

addblock(p, 4)

4 4 4 2 2 0

void addblock(ptr p, int len) {

int newsize = ((len + 1) >> 1) << 1; // round up to even
int oldsize = *p & -2; // mask out low bit
*p = newsize | 1; // set new length
if (newsize < oldsize)
*(p+newsize) = oldsize - newsize; // set length in remaining
} // part of block
41
Implicit List: Allocating in Free Block
¢ Allocating within a free block: splitting
§ Since allocated space might be smaller than free space, we might
want to split the block

4 4 6 2 0

addblock(p, 4)

4 4 4 2 2 0

void addblock(ptr p, int len) {

int newsize = ((len + 1) >> 1) << 1; // round up to even
int oldsize = *p & -2; // mask out low bit
*p = newsize | 1; // set new length
if (newsize < oldsize)
*(p+newsize) = oldsize - newsize; // set length in remaining
} // part of block
42
Implicit List: Allocating in Free Block
¢ Allocating within a free block: splitting
§ Since allocated space might be smaller than free space, we might
want to split the block

4 4 6 2 0

addblock(p, 4)

4 4 4 2 2 0

void addblock(ptr p, int len) {

int newsize = ((len + 1) >> 1) << 1; // round up to even
int oldsize = *p & -2; // mask out low bit
*p = newsize | 1; // set new length
if (newsize < oldsize)
*(p+newsize) = oldsize - newsize; // set length in remaining
} // part of block
43
Implicit List: Freeing a Block
¢ Simplest implementation:
§ Need only clear the “allocated” flag
void free_block(ptr p) { *p = *p & -2 }

§ But can lead to “false fragmentation”

4 4 4 2 2 0

44
Implicit List: Freeing a Block
¢ Simplest implementation:
§ Need only clear the “allocated” flag
void free_block(ptr p) { *p = *p & -2 }

§ But can lead to “false fragmentation”

4 4 4 2 2 0

free(p) p

4 4 4 2 2 0

45
Implicit List: Freeing a Block
¢ Simplest implementation:
§ Need only clear the “allocated” flag
void free_block(ptr p) { *p = *p & -2 }

§ But can lead to “false fragmentation”

4 4 4 2 2 0

free(p) p

4 4 4 2 2 0

malloc(5*SIZ)

46
Implicit List: Freeing a Block
¢ Simplest implementation:
§ Need only clear the “allocated” flag
void free_block(ptr p) { *p = *p & -2 }

§ But can lead to “false fragmentation”

4 4 4 2 2 0

free(p) p

4 4 4 2 2 0

malloc(5*SIZ) Yikes!

47
Implicit List: Freeing a Block
¢ Simplest implementation:
§ Need only clear the “allocated” flag
void free_block(ptr p) { *p = *p & -2 }

§ But can lead to “false fragmentation”

4 4 4 2 2 0

free(p) p

4 4 4 2 2 0

malloc(5*SIZ) Yikes!
There is enough contiguous
free space, but the allocator
won’t be able to find it

48
Implicit List: Coalescing
¢ Join (coalesce) with next/previous blocks, if they are free
§ Coalescing with next block

4 4 4 2 2 0
logically
p
free(p) gone
4 4 6 2 2 0

void free_block(ptr p) {
*p = *p & -2; // clear allocated flag
next = p + *p; // find next block
if ((*next & 1) == 0)
*p = *p + *next; // add to this block if
} // not allocated

§ But how do we coalesce with previous block?

49
Implicit List: Bidirectional Coalescing
¢ Boundary tags [Knuth73]
§ Replicate size/allocated word at “bottom” (end) of free blocks
§ Allows us to traverse the “list” backwards, but requires extra space
§ Important and general technique!

0 4 4 4 4 6 6 4 4 0

50
Implicit List: Bidirectional Coalescing
¢ Boundary tags [Knuth73]
§ Replicate size/allocated word at “bottom” (end) of free blocks
§ Allows us to traverse the “list” backwards, but requires extra space
§ Important and general technique!

0 4 4 4 4 6 6 4 4 0

Header Size a a = 1: Allocated block

a = 0: Free block
Format of
Size: Total block size
allocated and Payload and
free blocks padding
Payload: Application data
(allocated blocks only)
Boundary tag Size a
(footer)
51
Constant Time Coalescing

Case 1 Case 2 Case 3 Case 4

Allocated Allocated Free Free

Block being
freed
Allocated Free Allocated Free

52
Constant Time Coalescing (Case 1)

m1 1

m1 1
n 1

n 1
m2 1

m2 1

53
Constant Time Coalescing (Case 1)

m1 1 m1 1

m1 1 m1 1
n 1 n 0

n 1 n 0
m2 1 m2 1

m2 1 m2 1

54
Constant Time Coalescing (Case 2)

m1 1

m1 1
n 1

n 1
m2 0

m2 0

55
Constant Time Coalescing (Case 2)

m1 1 m1 1

m1 1 m1 1
n 1 n+m2 0

n 1
m2 0

m2 0 n+m2 0

56
Constant Time Coalescing (Case 3)

m1 0

m1 0
n 1

n 1
m2 1

m2 1

57
Constant Time Coalescing (Case 3)

m1 0 n+m1 0

m1 0
n 1

n 1 n+m1 0
m2 1 m2 1

m2 1 m2 1

58
Constant Time Coalescing (Case 4)

m1 0

m1 0
n 1

n 1
m2 0

m2 0

59
Constant Time Coalescing (Case 4)

m1 0 n+m1+m2 0

m1 0
n 1

n 1
m2 0

m2 0 n+m1+m2 0

60
Disadvantages of Boundary Tags
¢ Internal fragmentation
Size a
¢ Can it be optimized?
§ Which blocks need the footer tag? Payload and
padding
§ How can we exploit this?

Size a

61
No Boundary Tag Needed in Allocated
Blocks!
¢ Boundary tag needed only for free blocks
¢ When allocation sizes are multiples of 4 or more, have 2+
spare bits
1 word 1 word

Size b1 a = 1: Allocated block Size b0

a = 0: Free block
b = 1: Previous block is allocated
b = 0: Previous block is free
Payload
Unallocated
Size: block size

Optional Payload: application data

padding Size b0

Allocated Free
Block Block
62
No Boundary Tag for Allocated Blocks
(Case 1)
m1 ?1
previous
block

block n 11
being
freed
m2 11
next
block