Need info on malloc trace

cgccmallocmemory

When I try the below code I am not clearly able to analyze malloc api internal calls.What I am not clear is about the system call mmap is called only once for 2 or more malloc calls.If I am assigning more then 4069 bytes also it is calling only one mmap internally(trace is identified by using strace -p processid ).

#include<stdio.h>
#include<stdlib.h>

main()
{
int *p,*q;
sleep(20);
p=malloc(5096);
printf("p=%p\n",p);
q=malloc(4096);
printf("q=%p\n",q);
sleep(2);
return 0;
}

strace OUTPUT:

root@TEST:/home/harish# strace  -p 6109
Process 6109 attached
restart_syscall(<... resuming interrupted call ...>
) = 0
brk(0)                                  = 0xeca000
brk(0xeec000)                           = 0xeec000
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 14), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10b7bc7000
write(1, "p=0xeca010\n", 11)            = 11
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({20, 0},
0x7ffc34a51790)      = 0
write(1, "q=0xecb020\n", 11)            = 11
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7ffc34a51790)       = 0
exit_group(0)                           = ?
+++ exited with 0 +++

What I am looking is ,if malloc is used more then once will it call more then one mmap since memory is exceeding in two malloc's beyond 4096

Best Answer

If you really want to understand malloc internals, look into the source code. On Linux systems it is likely to be in GNU libc but there are other implementations of the C standard library (the musl-libc source code is nice to read) and of malloc (e.g. tcmalloc). Here is a very fast and simple malloc, but completely useless since always failing.

Grossly speaking, malloc is always built above operating system primitives (i.e. system calls, for Linux listed in syscalls(2)) modifying the virtual address space. Concretely that means mostly mmap(2) & munmap(2) (and perhaps also the obsolete sbrk(2), etc...) on Linux.

The OS kernel is managing the virtual address space by pages (often 4Kbytes on x86) using the MMU. Hence the page size is defined by the hardware.

The implementation of malloc & free can be tricky. First, it obviously won't mmap an entire page of 4Kbytes for every small malloc (of e.g. 24 or 32 bytes), since that would waste space. So it would call mmap once in a while, and organize the obtained pages wisely. Then, it probably would mmap a large segment (of many consecutive pages) for large allocations (e.g. some malloc of two megabytes). It also tries to reuse previously free-d memory zones, because calling mmap is much slower than an ordinary function call.

So most malloc-s handles at least differently small zones and larges ones, and some malloc-s are even more clever. The lib would for example manage a linked list of small zones of same size, and to get the initial space for that it might mmap one or several consecutive pages. Then, free-ing such small zones is adding the free-d zone to that linked list. So most small malloc-s won't use mmap but simply get an element for such lists. For large zones the implementation might mmap and munmap each of them. Some implementations of malloc are keeping the size of the zone in some word just before the zone.

In the details, the implementation is doing considerably more tricky things (i.e. don't use lists, but tries, use several regions or arenas, could allocate tiny mallocs of two words in specific address ranges, etc...). You can find many research papers on malloc (because there are many trade-offs to consider), and several tutorials, e.g. this. Read also about fragmentation & garbage collection (sometimes using the Boehm conservative GC is worthwhile in C programs: you would use GC_MALLOC instead of malloc and you won't care about calling free), e.g. read the GC handbook.

GNU libc provides mallinfo(3), malloc_info(3), mallopt(3), mcheck(3) etc. The valgrind program is very useful to hunt memory leaks and corruptions.

BTW, you might use strace(1) (and perhaps also ltrace(1) ...) directly:

strace ./yourprog

^{PS. My answer is focused on Linux. On other OSes the details are different.}

Related Solutions

Array or Malloc

The main difference is that VLAs (variable length arrays) provide no mechanism for detecting allocation failures.

If you declare

char result[len];

and len exceeds the amount of available stack space, your program's behavior is undefined. There is no language mechanism either for determining in advance whether the allocation will succeed, or for determining after the fact whether it succeeded.

On the other hand, if you write:

char *result = malloc(len);
if (result == NULL) {
    /* allocation failed, abort or take corrective action */
}

then you can handle failures gracefully, or at least guarantee that your program won't try to continue to execute after a failure.

(Well, mostly. On Linux systems, malloc() can allocate a chunk of address space even if there's no corresponding storage available; later attempts to use that space can invoke the OOM Killer. But checking for malloc() failure is still good practice.)

Another issue, on many systems, is that there's more space (possibly a lot more space) available for malloc() than for automatic objects like VLAs.

And as Philip's answer already mentioned, VLAs were added in C99 (Microsoft in particular doesn't support them).

And VLAs were made optional in C11. Probably most C11 compilers will support them, but you can't count on it.

C – How Many `malloc` Calls Are Too Many?

The usual answer for this thing is to wait until you can measure if there's a problem.

My experience has been that malloc() is rarely an issue, but perhaps I also do more CPU-intensive work than you do, so malloc() isn't in the critical path.

Definitely some people are constrained by the malloc performance. See, for example, https://github.com/blog/1422-tcmalloc-and-mysql , where github switched to using TCMalloc for MySQL and got a 30% performance improvement. There's more discussion at http://www.reddit.com/r/programming/comments/18zija/github_got_30_better_performance_using_tcmalloc/ .

TCMalloc is one of several malloc replacements. Another is jemalloc, and a third is nedmalloc.

So, if you think it's a problem (eg, because profiling shows that you're stuck in malloc/free often) then try one of those out and see if it improves things.

If it's a concern now, then perhaps you can think about how your code is structured. The biggest improvement is to realize that you don't need to think of "one structure = one malloc."

For example, I once wrote a parser for a tab-separated document. While I could have turned each row and field into its own string, it was faster to scan the document, count the number of rows and columns, and do a single malloc for the row/field pointers. Then in the second step, scan the document again, assign the correct pointers to the head of each field, and replace the tabs and newlines with a NUL to get proper NUL-terminated strings for the field.

This meant that my parser now "owned" the document string, which was acceptable. And it reduced the complexity of the code, even if the malloc performance wasn't critical.

Best Answer

Related Solutions

Array or Malloc

C – How Many `malloc` Calls Are Too Many?

Related Topic