Courses/Computer Science/CPSC 457.F2013/Lecture Notes/UserMem

From wiki.ucalgary.ca
< Courses‎ | Computer Science‎ | CPSC 457.F2013‎ | Lecture Notes
Revision as of 16:18, 22 October 2014 by Locasto (talk | contribs) (User--level Memory Management)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

User--level Memory Management

  • The API
  • Algorithms for Memory Management
  • Questions
    • Is there a difference in system call behavior between malloc(small) and malloc(large) ?
    • Trace the control flow of malloc, mmap, sbrk, brk

Notes

We ended class by starting to look at the implementation of the brk(2) system call:

(we will pick up reading those next class)

The llist program and a .txt link for those of you, who, like me, have a lame browser.

Notes on manipulating the user-level memory manager: "Once Upon a free()" http://phrack.org/issues/57/9.html#article

The running program's output:

(eye@mordor user)$ strace -o llist.strace -e trace=mmap2,brk ./llist 
my pid = 8134
size of struct node is 12
[M,-1,0x9b79008]->[M,0,/]
[M,-1,0x9b79008]->[M,0,0x9b79018]->[M,1,/]
[M,-1,0x9b79008]->[M,0,0x9b79018]->[M,1,0x9b79028]->[M,2,/]
[M,-1,0x9b79008]->[M,0,0x9b79018]->[M,1,0x9b79028]->[M,2,0x9b79038]->[M,3,/]
[M,-1,0x9b79008]->[M,0,0x9b79018]->[M,1,0x9b79028]->[M,2,0x9b79038]->[M,3,0x9b79048]->[M,4,/]
[M,-1,0x9b79008]->[M,0,0x9b79018]->[M,1,0x9b79028]->[M,2,0x9b79038]->[M,3,0x9b79048]->[M,4,0x9b79058]->[M,5,/]
[M,-1,0x9b79008]->[M,0,0x9b79018]->[M,1,0x9b79028]->[M,2,0x9b79038]->[M,3,0x9b79048]->[M,4,0x9b79058]->[M,5,0x9b79068]->[M,6,/]
[M,-1,0x9b79008]->[M,0,0x9b79018]->[M,1,0x9b79028]->[M,2,0x9b79038]->[M,3,0x9b79048]->[M,4,0x9b79058]->[M,5,0x9b79068]->[M,6,0x9b79078]->[M,7,/]
[M,-1,0x9b79008]->[M,0,0x9b79018]->[M,1,0x9b79028]->[M,2,0x9b79038]->[M,3,0x9b79048]->[M,4,0x9b79058]->[M,5,0x9b79068]->[M,6,0x9b79078]->[M,7,0x9b79088]->[M,8,/]
[M,-1,0x9b79008]->[M,0,0x9b79018]->[M,1,0x9b79028]->[M,2,0x9b79038]->[M,3,0x9b79048]->[M,4,0x9b79058]->[M,5,0x9b79068]->[M,6,0x9b79078]->[M,7,0x9b79088]->[M,8,0x9b79098]->[M,9,/]
...
^C
(eye@mordor user)$ 

A glimpse of the PAS for this process (note the values of the heap's virtual address range, and cross-reference with the two calls to brk() in the strace below)

(eye@mordor user)$ cat /proc/8134/maps
001f3000-001f4000 r-xp 00000000 00:00 0          [vdso]
0058c000-005aa000 r-xp 00000000 08:03 404092     /lib/ld-2.12.so
005aa000-005ab000 r--p 0001d000 08:03 404092     /lib/ld-2.12.so
005ab000-005ac000 rw-p 0001e000 08:03 404092     /lib/ld-2.12.so
005b2000-00742000 r-xp 00000000 08:03 404104     /lib/libc-2.12.so
00742000-00743000 ---p 00190000 08:03 404104     /lib/libc-2.12.so
00743000-00745000 r--p 00190000 08:03 404104     /lib/libc-2.12.so
00745000-00746000 rw-p 00192000 08:03 404104     /lib/libc-2.12.so
00746000-00749000 rw-p 00000000 00:00 0 
08048000-08049000 r-xp 00000000 08:03 403230     /home/eye/457/lectures/memory/user/llist
08049000-0804a000 rw-p 00000000 08:03 403230     /home/eye/457/lectures/memory/user/llist
09b79000-09b9a000 rw-p 00000000 00:00 0          [heap]
b777f000-b7780000 rw-p 00000000 00:00 0 
b778c000-b778e000 rw-p 00000000 00:00 0 
bf7f7000-bf80c000 rw-p 00000000 00:00 0          [stack]

The strace of the memory-related system calls of the program.

(eye@mordor user)$ cat llist.strace 
brk(0)                                  = 0x9b79000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb778d000
mmap2(NULL, 52522, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7780000
mmap2(0x5b2000, 1665416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x5b2000
mmap2(0x743000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x190) = 0x743000
mmap2(0x746000, 10632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x746000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb777f000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb778c000
brk(0)                                  = 0x9b79000
brk(0x9b9a000)                          = 0x9b9a000
--- SIGINT (Interrupt) @ 0 (0) ---
+++ killed by SIGINT +++
(eye@mordor user)$ 


  • Parking Lot
    • adjustments to memory address scheme
    • page frame replacement simulations