malloc & free
2022 May 07
See all posts
malloc & free
malloc & free
The post does walkthrough of a basic malloc/free implementation. It
won't contain all the optimizations and concerns which the excellent Douglas
Lea's Malloc aka dlmalloc covers. But the aim is to
highlight the underlying system calls and internal
structures which drives these memory management APIs.
brk and sbrk system calls
Resizing
the heap (for allocating or freeing memory) is all about getting the
kernel to adjust its idea of the process's program
break – which is essentially the current limit of the heap.
brk() and sbrk() system calls allow to
manipulate the program break, thereby creating or freeing space on the
heap.
#include <unistd.h>
void *
brk(const void *addr);
void *
sbrk(int incr);
In short, brk() sets the program break to the input
addr. sbrk() accepts offset and increments the current
program break by incr. It returns the location of the last
program break i.e. start of the incremented heap segment.
You can get the current program break by using sbrk(0) –
something we'll be using in the discussed implementation below.
How malloc & free works
With the brk/sbrk introduced, we can now start thinking about what
else is needed for a malloc/free implementation. For this, let's start
with their APIs:
void *
malloc(size_t size);
void
free(void *ptr);
A naive implementation
Let's start with malloc – it returns a pointer to a block of memory
of size bytes. A naive implementation just increments the
program break.
void *malloc(size_t size) {
return sbrk(size);
}
This as you can imagine is horribly inefficient, as the program break
always goes up and is never reset to lower positions. As the process
proceeds, there will be heap segments (between &end and
program break) that gets freed up (holes). But the naive implementation
above makes no use of those holes. In fact, a free() here
doesn't make any sense, as the malloc never utilises the space freed
up.
Free list
It makes sense for the free() to capture the deallocated
memory chunks for subsequent use by the malloc(). The
chunks can be of different sizes, and we can find a chunk which fits the
requested size.
malloc'ing a free chunk means it's not available for further allocation
requests, until it is freed again. We define the following doubly linked
list struct which resolves these requirements (calling it free
list):
typedef struct free_l {
size_t chunk_size;
struct free_l* previous;
struct free_l* next;
} free_l;
free_l* head = NULL;
A malloc'ed segment looks like:
note that,
(actual) memory size allocated =
memory size requested (argument of `malloc`) + sizeof(size_t)
When the allocated segment is freed, the "memory size requested"
portion is used to store the previous and next
free list entries.
Extending further on how this might work. Say we have a free list
entry f_entry which is suitable to serve the malloc
request, we need to do the following: - remove the f_entry
from the free list - return &(f_entry->previous),
which is the memory addr at which chunk_size ends and can
be used by user.
The Implementation
Let's look at the malloc implementation. This section breakdowns the
code. If you prefer to just read the complete code, have
a look at the gist
Starting with the case when free list is empty:
static const size_t CHUNK_SIZE_SIZE = sizeof(size_t);
// size needed for bookeeping requirement via free list entry
static const size_t FREE_L_SIZE = CHUNK_SIZE_SIZE + 2 * sizeof(void*);
void* malloc(size_t size) {
// blob = free list entry 'header' + requested memory
size_t blob_size = size + FREE_L_SIZE;
if (head == NULL) {
// free list is empty
free_l* entry = sbrk(blob_size);
if (entry == NULL) {
return NULL;
}
entry->chunk_size = blob_size - CHUNK_SIZE_SIZE;
entry->previous = entry->next = NULL;
return &entry->previous; // skip 'chunk_size'
}
// rest of the code is left for brevity
}
Notice the two static variables there. CHUNK_SIZE_SIZE
is what it takes to store the chunk_size; While in a free
list, the size taken for the record keeping is two pointers + 1
size_t variable, which reflects in
FREE_L_SIZE.
The rest of the code is about adjusting the page break, setting the
values in free list entry and returning the address for the user.
Next we look at the case when the free list has some entries, and can
use be used to allocate the memory. This would involve traversing the
free list and finding the chunk which best fits the request. This is
called best-fit. Other algorithms like
first-fit can also be used.
// best fit strategy
free_l* best_candidate = NULL;
long int best_gap = LONG_MAX;
for (free_l* curr = head; curr != NULL; curr = curr->next) {
int hole_sz = curr->chunk_size - size;
if (hole_sz < best_gap && hole_sz >= 0) {
best_gap = hole_sz;
best_candidate = curr;
}
}
If we found a best_candidate here, we pop it off the
free list, and return the &best_candidate->previous
as the address from which the requested size is allocated.
When there's no candidate found to serve the request (e.g. the requested
size doesn't fit any free chunk), we need to increment the current heap
limit (via brk/sbrk), and return the appropriate address.
if (best_candidate == NULL) {
// no slot available big enough to fit `size`. Adjust brk
free_l* new_slot = sbrk(blob_size);
if (new_slot == NULL) {
return NULL;
}
new_slot->chunk_size = blob_size - CHUNK_SIZE_SIZE;
return &new_slot->previous;
}
pop_from_free_list(best_candidate);
return &best_candidate->previous;
The implementation for pop_from_free_list is given:
void pop_from_free_list(free_l* entry) {
if (entry->previous == NULL) {
// entry is first in the list, adjust the head to next entry
head = entry->next;
} else {
entry->previous->next = entry->next;
}
if (entry->next != NULL) {
entry->next->previous = entry->previous;
}
}
The following is the implementation for free(). It does
a couple of things: - return the chunk to the free list - if the freed
memory corresponds to program break, it can be adjusted.
void free(void* ptr) {
if (ptr == NULL) {
return;
}
// return slot to the free list
ptr -= CHUNK_SIZE_SIZE;
free_l* entry_ptr = (free_l*)ptr;
printf("entry location to free: %10p\n", ptr);
entry_ptr->previous = NULL;
entry_ptr->next = head;
head = entry_ptr;
}
The full
gist has an additional optimization in free() to lower
the program break if memory is freed from the top of heap.
Conclusion
Here are some notable optimizations/concerns
dlmalloc has (over the naive implementation above): -
it differentiates between large requests (>=512 bytes) and small
requests (<=64 bytes), and has various optimizations around it.
Example: The free list entry additionally maintains a pair of pointers
to navigate to the previous/next "large size" chunk. Or having a caching
allocator (which maintains pools of quickly recycled chunks) for serving
small requests. - memory tagging to differentiate between
allocated/de-allocated chunks, which is for debugging purposes. -
free() coalesces consecutive chunks into a single free list
entry. - when utilizing an entry, malloc() serves the
request with the exact memory required and creates a new/modified entry
for the leftover memory space.
Resources
malloc & free
2022 May 07 See all postsmalloc & free
The post does walkthrough of a basic malloc/free implementation. It won't contain all the optimizations and concerns which the excellent Douglas Lea's Malloc aka dlmalloc covers. But the aim is to highlight the underlying system calls and internal structures which drives these memory management APIs.
brk and sbrk system calls
Resizing the heap (for allocating or freeing memory) is all about getting the kernel to adjust its idea of the process's program break – which is essentially the current limit of the heap.
brk()andsbrk()system calls allow to manipulate the program break, thereby creating or freeing space on the heap.In short,
brk()sets the program break to the input addr.sbrk()accepts offset and increments the current program break byincr. It returns the location of the last program break i.e. start of the incremented heap segment.You can get the current program break by using
sbrk(0)– something we'll be using in the discussed implementation below.How malloc & free works
With the brk/sbrk introduced, we can now start thinking about what else is needed for a malloc/free implementation. For this, let's start with their APIs:
A naive implementation
Let's start with malloc – it returns a pointer to a block of memory of
sizebytes. A naive implementation just increments the program break.This as you can imagine is horribly inefficient, as the program break always goes up and is never reset to lower positions. As the process proceeds, there will be heap segments (between
&endand program break) that gets freed up (holes). But the naive implementation above makes no use of those holes. In fact, afree()here doesn't make any sense, as the malloc never utilises the space freed up.Free list
It makes sense for the
free()to capture the deallocated memory chunks for subsequent use by themalloc(). The chunks can be of different sizes, and we can find a chunk which fits the requested size.malloc'ing a free chunk means it's not available for further allocation requests, until it is freed again. We define the following doubly linked list struct which resolves these requirements (calling it free list):
A malloc'ed segment looks like:
note that,
When the allocated segment is freed, the "memory size requested" portion is used to store the
previousandnextfree list entries.Extending further on how this might work. Say we have a free list entry
f_entrywhich is suitable to serve the malloc request, we need to do the following: - remove thef_entryfrom the free list - return&(f_entry->previous), which is the memory addr at whichchunk_sizeends and can be used by user.The Implementation
Let's look at the malloc implementation. This section breakdowns the code. If you prefer to just read the complete code, have a look at the gist
Starting with the case when free list is empty:
Notice the two static variables there.
CHUNK_SIZE_SIZEis what it takes to store thechunk_size; While in a free list, the size taken for the record keeping is two pointers + 1size_tvariable, which reflects inFREE_L_SIZE.The rest of the code is about adjusting the page break, setting the values in free list entry and returning the address for the user.
Next we look at the case when the free list has some entries, and can use be used to allocate the memory. This would involve traversing the free list and finding the chunk which best fits the request. This is called best-fit. Other algorithms like first-fit can also be used.
If we found a
best_candidatehere, we pop it off the free list, and return the&best_candidate->previousas the address from which the requested size is allocated.When there's no candidate found to serve the request (e.g. the requested size doesn't fit any free chunk), we need to increment the current heap limit (via brk/sbrk), and return the appropriate address.
The implementation for
pop_from_free_listis given:The following is the implementation for
free(). It does a couple of things: - return the chunk to the free list - if the freed memory corresponds to program break, it can be adjusted.The full gist has an additional optimization in
free()to lower the program break if memory is freed from the top of heap.Conclusion
Here are some notable optimizations/concerns dlmalloc has (over the naive implementation above): - it differentiates between large requests (>=512 bytes) and small requests (<=64 bytes), and has various optimizations around it. Example: The free list entry additionally maintains a pair of pointers to navigate to the previous/next "large size" chunk. Or having a caching allocator (which maintains pools of quickly recycled chunks) for serving small requests. - memory tagging to differentiate between allocated/de-allocated chunks, which is for debugging purposes. -
free()coalesces consecutive chunks into a single free list entry. - when utilizing an entry,malloc()serves the request with the exact memory required and creates a new/modified entry for the leftover memory space.Resources