tips of malloc free
play

Tips of malloc & free Making your own malloc library for - PowerPoint PPT Presentation

Jan 31, 2024 •131 likes •648 views

Tips of malloc & free Making your own malloc library for troubleshooting 2013.2.22 Embedded Linux Conference Tetsuyuki Kobayashi 1 The latest version of this slide will be available from here

  1. Tips of malloc & free Making your own malloc library for troubleshooting 2013.2.22 Embedded Linux Conference Tetsuyuki Kobayashi 1

  2.  The latest version of this slide will be available from here  http://www.slideshare.net/tetsu.koba/presentations 2

  3. Who am I?  20+ years involved in embedded systems  10 years in real time OS, such as iTRON  10 years in embedded Java Virtual Machine  Now GCC, Linux, QEMU, Android, …  Blogs  http://d.hatena.ne.jp/embedded/ (Personal)  http://blog.kmckk.com/ (Corporate)  http://kobablog.wordpress.com/(English)  Twitter  @tetsu_koba 3

  4. Today's topics  Prologue: Making your own malloc library for troubleshooting  System calls to allocate memory in user space  Tips of glibc's malloc  How to hook and replace malloc (and pitfalls I fell)  dlmalloc 4

  5. Prologue: Making your own malloc library for troubleshooting 5

  6. Typical troubles of heap memory  Corruption  crashed by SEGV at malloc or free. looks malloc bug, but NOT  Who actually destroy heap?  Leaking  malloc'ed but not free'ed  damages silently  You want additional checking and logging in malloc/free 6

  7. Wrapping macro/fuction  #define malloc(x) debug_malloc(x)  Useful. But you can't cover all malloc calling because ... 7

  8. Explicit call for malloc  many standard library functions use malloc internally  example) sprintf  C++ new operator uses malloc internelly 8

  9. Modify glibc(libc.so) directly?  libc source package is quite large  If you replace libc.so, it affects whole system  not only for the debugee process 9

  10. So I did was  making my own malloc library  easy to modify  use this only for the debugee process 10

  11. System calls to allocate memory in user space 11

  12. System calls to allocate memory in user space  You need system call to allocate in user space when you make your own malloc library  There are 2 types of them  brk/sbrk  mmap/munmap/mremap 12

  13. brk/sbrk  exists from ancient Unix  before virtual memory system  extends data segment  standard malloc library use these system calls  You should not use these system calls if your own malloc library co-exist with standard malloc library 13

  14. brk/sbrk extends data segment Memory map of user process on old simple UNIX Text Read Only etext Data edata Bss Read Write Zero cleared end Heap At modern OS start address of heap Extends by brk(2)/sbrk(2) is randomized Grows down automatically Stack 14

  15. cat /proc/self/maps You see memory map of 'cat /proc/self/maps' itself This is heap area $ cat /proc/self/maps 00400000-0040d000 r-xp 00000000 08:01 1048675 /bin/cat 0060d000-0060e000 r--p 0000d000 08:01 1048675 /bin/cat 0060e000-0060f000 rw-p 0000e000 08:01 1048675 /bin/cat 01a7a000-01a9b000 rw-p 00000000 00:00 0 [heap] 7f10f05d0000-7f10f074d000 r-xp 00000000 08:01 316763 /lib/libc-2.11.1.so 7f10f074d000-7f10f094c000 ---p 0017d000 08:01 316763 /lib/libc-2.11.1.so 7f10f094c000-7f10f0950000 r--p 0017c000 08:01 316763 /lib/libc-2.11.1.so 7f10f0950000-7f10f0951000 rw-p 00180000 08:01 316763 /lib/libc-2.11.1.so 7f10f0951000-7f10f0956000 rw-p 00000000 00:00 0 7f10f0956000-7f10f0976000 r-xp 00000000 08:01 272407 /lib/ld-2.11.1.so 7f10f09fa000-7f10f0a39000 r--p 00000000 08:01 1580725 /usr/lib/locale/en_US.utf8/LC_CTYPE 7f10f0a39000-7f10f0b57000 r--p 00000000 08:01 1580503 /usr/lib/locale/en_US.utf8/LC_COLLATE 7f10f0b57000-7f10f0b5a000 rw-p 00000000 00:00 0 7f10f0b62000-7f10f0b63000 r--p 00000000 08:01 1580587 /usr/lib/locale/en_US.utf8/LC_NUMERIC 7f10f0b63000-7f10f0b64000 r--p 00000000 08:01 1583228 /usr/lib/locale/en_US.utf8/LC_TIME 7f10f0b64000-7f10f0b65000 r--p 00000000 08:01 1583229 /usr/lib/locale/en_US.utf8/LC_MONETARY 7f10f0b65000-7f10f0b66000 r--p 00000000 08:01 1583230 /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES 7f10f0b66000-7f10f0b67000 r--p 00000000 08:01 1580575 /usr/lib/locale/en_US.utf8/LC_PAPER 7f10f0b67000-7f10f0b68000 r--p 00000000 08:01 1580573 /usr/lib/locale/en_US.utf8/LC_NAME 7f10f0b68000-7f10f0b69000 r--p 00000000 08:01 1583231 /usr/lib/locale/en_US.utf8/LC_ADDRESS 7f10f0b69000-7f10f0b6a000 r--p 00000000 08:01 1583232 /usr/lib/locale/en_US.utf8/LC_TELEPHONE 7f10f0b6a000-7f10f0b6b000 r--p 00000000 08:01 1580571 /usr/lib/locale/en_US.utf8/LC_MEASUREMENT 7f10f0b6b000-7f10f0b72000 r--s 00000000 08:01 1623537 /usr/lib/gconv/gconv-modules.cache 7f10f0b72000-7f10f0b73000 r--p 00000000 08:01 1583233 /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION 7f10f0b73000-7f10f0b75000 rw-p 00000000 00:00 0 7f10f0b75000-7f10f0b76000 r--p 0001f000 08:01 272407 /lib/ld-2.11.1.so 7f10f0b76000-7f10f0b77000 rw-p 00020000 08:01 272407 /lib/ld-2.11.1.so 7f10f0b77000-7f10f0b78000 rw-p 00000000 00:00 0 7fff80929000-7fff8093e000 rw-p 00000000 00:00 0 [stack] 7fff809ff000-7fff80a00000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] 15

  16. mmap/munmap/mremap  newer system calls than brk/sbrk  integrate memory and file mapping  Glibc's malloc also use these when large chunk (>= 128KB: default) required  Use these when you implement your own malloc library 16

  17. Usage of mmap(2) addr = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); if (MAP_FAILED == addr) { perror("mmap"); abort(); } You don't have to specify address. (set NULL) Then kernel allocate memory from free space. 17

  18. alloca(3) By the way,  allocates memory in caller's stack frame  frees automatically when the function that called alloca() returns  same as local variables  machine and compiler dependent  be careful when stack size is small  especially multi-thread 18

  19. Tips of glibc's malloc 19

  20. mallopt  int mallopt(int param, int value)  configures glibc malloc such as  M_CHECK_ACTION  M_MMAP_THRESHOLD  M_TOP_PAD  M_TRIM_THRESHOLD  see man 3 mallopt 20

  21. malloc_stats  void malloc_stats(void)  prints (on standard error) statistics about heap like this Arena 0: system bytes = 135168 in use bytes = 128 Total (incl. mmap): system bytes = 139264 in use bytes = 4224 max mmap regions = 1 max mmap bytes = 569344 21

  22. malloc_usable_size  size_t malloc_usable_size(void *__ptr)  reports the number of usable allocated bytes associated with allocated chunk __ptr  This size may be a bit bigger than the size specified at malloc()  because of alignment of next data  This is useful when counting allocated total size  increment size in hooked malloc  decrement size in hooked free 22

  23. MALLOC_CHECK_  easy way to enable additional checking in glibc malloc  with some overhead  environment variable MALLOC_CHECK_  0: no check at all (no overhead)  1: check and print message if error  2: check and abort if error 23

  24. __malloc_hook  glibc's malloc has its own hook mechanism  global variables of function pointers  __malloc_hook  __realloc_hook  __memalign_hook  __free_hook  __malloc_initialize_hook  man malloc_hook for detail 24

  25. mtrace  easy way to enable logging in glibc malloc  see man 3 mtrace  There is tool to check log and find leaking memory  see man 1 mtrace  implemented using __malloc_hook  This seems not thread safe 25

  26. How to hook and replace malloc 26

  27. Hook and replace malloc  2 methods to hook malloc  LD_PRELOAD & dlsym  __malloc_hook  These do not require to recompile other program and libraries 27

  28. Using LD_PRELOAD & dlsym to hook malloc  Use dynamic link mechanism  can not use when static linking  Make your own malloc dynamic link library and set it to environment variable LD_PRELOAD  Then your malloc is used prior to glibc's malloc  You can get glibc's malloc address by dlsym(3) 28

  29. Usual call for malloc glibc executable executable malloc malloc /libraries /libraries 29

  30. Hooking malloc by LD_PRELOAD preload by LD_PRELOAD your own library get address by dlsym(RTLD_NEXT, “malloc”) malloc malloc glibc executable executable malloc malloc /libraries /libraries output log or record size ... 30

  31. minimum sample code static void __attribute__((constructor)) init(void) { callocp = (void *(*) (size_t, size_t)) dlsym (RTLD_NEXT, "calloc"); mallocp = (void *(*) (size_t)) dlsym (RTLD_NEXT, "malloc"); reallocp = (void *(*) (void *, size_t)) dlsym (RTLD_NEXT, "realloc"); memalignp = (void *(*)(size_t, size_t)) dlsym (RTLD_NEXT, "memalign"); freep = (void (*) (void *)) dlsym (RTLD_NEXT, "free"); void *malloc (size_t len) { void *ret; ret = (*mallocp)(len); return ret; } 31

  32. Pitfall #1  If you use printf to output logs, it causes recursive call of malloc. Because printf uses malloc internally. 32

Recommend

CS 241 Data Organization malloc and free March 20, 2018 <stdlib.h>: malloc() void

CS 241 Data Organization malloc and free March 20, 2018 <stdlib.h>: malloc() void

CS 241 Data Organization malloc and free March 20, 2018 <stdlib.h>: malloc() void *malloc(size_t byteSize) The malloc function allocates unused space for an object whose size in bytes is specified by byteSize . The order and

377 views • 15 slides
1 2 3 4 5 6 7 $ sed -n 22,27p glibc/malloc/malloc.c This is a version (aka ptmalloc2) of

1 2 3 4 5 6 7 $ sed -n 22,27p glibc/malloc/malloc.c This is a version (aka ptmalloc2) of

1 2 3 4 5 6 7 $ sed -n 22,27p glibc/malloc/malloc.c This is a version (aka ptmalloc2) of malloc/free/realloc written by Doug Lea and adapted to multiple threads/arenas by Wolfram Gloger. There have been substantial changes made after the

734 views • 47 slides
TOS Arno Puder 1 Objectives Enhance TOS: Add malloc(), free() Overlapping windows

TOS Arno Puder 1 Objectives Enhance TOS: Add malloc(), free() Overlapping windows

TOS Arno Puder 1 Objectives Enhance TOS: Add malloc(), free() Overlapping windows Window Manager Keyboard support TOS shell Running TOS on real hardware 2 Accessing High Memory So far, TOS only uses the first MB

421 views • 23 slides
Malloc & VM Malloc & VM By sseshadr Agenda Agenda Administration d st at o

Malloc & VM Malloc & VM By sseshadr Agenda Agenda Administration d st at o

Malloc & VM Malloc & VM By sseshadr Agenda Agenda Administration d st at o Process lab code will be inked by Thursday (pick up in ECE hub) Malloc due soon (Thursday, November 4 th ) Exam 2 in a week (Tuesday, November 9

559 views • 18 slides
Dynamic Memory Allocation in the Heap (malloc and free) Explicit allocators (a.k.a. manual memory

Dynamic Memory Allocation in the Heap (malloc and free) Explicit allocators (a.k.a. manual memory

Dynamic Memory Allocation in the Heap (malloc and free) Explicit allocators (a.k.a. manual memory management) Heap Allocation Addr Perm Contents Managed by Initialized Stack 2 N -1 RW Procedure context Compiler Run-time Programmer,

565 views • 31 slides
Agenda Virtual Memory Final Review Assembly Calling Conventions Malloc/Free

Agenda Virtual Memory Final Review Assembly Calling Conventions Malloc/Free

Agenda Virtual Memory Final Review Assembly Calling Conventions Malloc/Free Caching Questions, Evaluations Virtual Memory Used for 3 things Efficient use of main memory (RAM) Use RAM as cache for parts of

499 views • 18 slides
CS415: Systems programming Memory management (malloc, calloc, free, realloc, memset, memcpy,

CS415: Systems programming Memory management (malloc, calloc, free, realloc, memset, memcpy,

CS415: Systems programming Memory management (malloc, calloc, free, realloc, memset, memcpy, strcpy) 1 Most of the slides in this lecture are either from or adapted from the slides provided by Dr. Ahmad Barghash Memory allocation There are

463 views • 34 slides
Dynamic Memory Allocation in the Heap (malloc and free) Now: Explicit allocators (a.k.a. manual

Dynamic Memory Allocation in the Heap (malloc and free) Now: Explicit allocators (a.k.a. manual

Dynamic Memory Allocation in the Heap (malloc and free) Now: Explicit allocators (a.k.a. manual memory management) Later: implicit allocators (a.k.a. automatic memory management) Heap Allocation Addr Perm Contents Managed by Initialized

420 views • 31 slides
CPSC 213 New to C, Understanding Pointers, The malloc and free Functions, Why Dynamic Memory

CPSC 213 New to C, Understanding Pointers, The malloc and free Functions, Why Dynamic Memory

Reading Textbook CPSC 213 New to C, Understanding Pointers, The malloc and free Functions, Why Dynamic Memory Allocation 2ed: "New to C" sidebar of 3.4, 3.10, 9.9.1-9.9.2 1ed: "New to C" sidebar of 3.4,

610 views • 7 slides
Section 8 2/22/12 Agenda Malloc/Free Process Memory Image memory protected kernel virtual

Section 8 2/22/12 Agenda Malloc/Free Process Memory Image memory protected kernel virtual

CSE 351 Section 8 2/22/12 Agenda Malloc/Free Process Memory Image memory protected kernel virtual memory from user code stack %rsp What is the heap for? How do we use it? run-time heap uninitialized data (. bss ) initialized data (.

714 views • 26 slides
Heap Exploitation Heap Primitives malloc free calloc Organization of chunks Bins

Heap Exploitation Heap Primitives malloc free calloc Organization of chunks Bins

Heap Exploitation Heap Primitives malloc free calloc Organization of chunks Bins Fast Singly linked list 16, 24, 32, 40, 48, 56, 64, 72, 80 and 88 bytes Small Doubly linked list 16, 24, ... , 504 bytes

406 views • 19 slides
CS356 : Discussion #11 Dynamic Memory, Allocation Lab and Linking Illustrations from CS:APP3e

CS356 : Discussion #11 Dynamic Memory, Allocation Lab and Linking Illustrations from CS:APP3e

CS356 : Discussion #11 Dynamic Memory, Allocation Lab and Linking Illustrations from CS:APP3e textbook malloc and free in action Each square represents 4 bytes. malloc returns addresses at multiples of 8 bytes (64 bit). If there is a problem,

460 views • 34 slides
Email Marketing Tips From M R K Development Free downloads and templates for BC Free downloads

Email Marketing Tips From M R K Development Free downloads and templates for BC Free downloads

Email Marketing Tips From M R K Development Free downloads and templates for BC Free downloads and templates for BC Stats - Average 3.5 percent click through is average across al industries Open rates between 20% and 25% Some

612 views • 42 slides
Implementing malloc CS 351: Systems Programming Michael Saelee <lee@iit.edu> 1 Computer

Implementing malloc CS 351: Systems Programming Michael Saelee <lee@iit.edu> 1 Computer

Implementing malloc CS 351: Systems Programming Michael Saelee <lee@iit.edu> 1 Computer Science Science the API: void *malloc(size_t size); void free(void *ptr); void *realloc(void *ptr, size_t size); 2 Computer Science Science

1.09k views • 74 slides
A Scalable Concurrent malloc(3) Implementation for FreeBSD Jason Evans <jasone@FreeBSD.org>

A Scalable Concurrent malloc(3) Implementation for FreeBSD Jason Evans <jasone@FreeBSD.org>

A Scalable Concurrent malloc(3) Implementation for FreeBSD Jason Evans <jasone@FreeBSD.org> Overview What is malloc(3) ? Previous allocators jemalloc algorithms and data structures Benchmarks Fragmentation

873 views • 52 slides
Memory Management Tips, Tricks & Techniques Stephen Jones, SpaceX, GTC 2015 Conclusion 1.

Memory Management Tips, Tricks & Techniques Stephen Jones, SpaceX, GTC 2015 Conclusion 1.

Memory Management Tips, Tricks & Techniques Stephen Jones, SpaceX, GTC 2015 Conclusion 1. Wrap malloc/cudaMalloc with your own allocator Non-Blockin, Host/Device Data Leak Detection, High Performance Management Debugging &

1.14k views • 82 slides
4845 US Hwy 271 North | Pittsburg, TX 75686 www.tips-usa.com 866-839-8477 tips@tips-usa.com

4845 US Hwy 271 North | Pittsburg, TX 75686 www.tips-usa.com 866-839-8477 tips@tips-usa.com

4845 US Hwy 271 North | Pittsburg, TX 75686 www.tips-usa.com 866-839-8477 tips@tips-usa.com December 18,2017 CCS Presentation Systems Ben Pickrel 20212 Hempstead Rd, Bldg 1 Houston, TX 77065 RE: TIPS Awarded Contract Audio Visual

42 views • 3 slides
Allocator Basics Pages too coarse-grained for allocating individual objects. Instead:

Allocator Basics Pages too coarse-grained for allocating individual objects. Instead:

Allocator Basics Pages too coarse-grained for allocating individual objects. Instead: flexible-sized, word-aligned blocks. Dynamic Memory Allocation in the Heap Free word (malloc and free) Allocated word Allocated block Free block (4 words)

96 views • 6 slides
Cutting the cord: tips for computer-free presentation skills Article October 2017 CITATIONS

Cutting the cord: tips for computer-free presentation skills Article October 2017 CITATIONS

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/320596180 Cutting the cord: tips for computer-free presentation skills Article October 2017 CITATIONS READS 0 271 3 authors ,

562 views • 8 slides
A vulnerable program #include <stdlib.h> int main() { void *p = malloc(100); } 2

A vulnerable program #include <stdlib.h> int main() { void *p = malloc(100); } 2

I AGO A TTACKS : W HY THE S YSTEM C ALL API IS A B AD U NTRUSTED RPC I NTERFACE Stephen Checkoway and Hovav Shacham March 19, 2013 1 Monday, April 22, 13 1 A vulnerable program #include <stdlib.h> int main() { void *p = malloc(100);

670 views • 45 slides
Garbage Collection CS 351: Systems Programming Michael Saelee <lee@iit.edu> Computer

Garbage Collection CS 351: Systems Programming Michael Saelee <lee@iit.edu> Computer

Garbage Collection CS 351: Systems Programming Michael Saelee <lee@iit.edu> Computer Science Science = automatic deallocation i.e., malloc, but no free ! Computer Science Science system must track status of allocated blocks free

1.18k views • 51 slides
TIPS 2015-2016 What is TIPS? Talent Identification Program 3 Programs: 1) Sixth Grade Duke

TIPS 2015-2016 What is TIPS? Talent Identification Program 3 Programs: 1) Sixth Grade Duke

TIPS 2015-2016 What is TIPS? Talent Identification Program 3 Programs: 1) Sixth Grade Duke TIPS 2) Seventh Grade Duke TIPS 3) Seventh Grade Orange TIPS Who Participates in TIPS? Congratulations are in order! Students scoring at the

711 views • 24 slides
TIPS SEO TIPS How to Make Search Engines Work For You: The

TIPS SEO TIPS How to Make Search Engines Work For You: The

MUST DO NOW TIPS SEO TIPS How to Make Search Engines Work For You: The Beginners Fast Track Features Presenter: Jon Rognerud SEO Advisor, Author www.jonrognerud.com

426 views • 40 slides
Memory Management eg C: { double* A = malloc(sizeof(double)*M*N); Mingsheng Hong for(int i

Memory Management eg C: { double* A = malloc(sizeof(double)*M*N); Mingsheng Hong for(int i

2/11/2008 Motivation Recall unmanaged code Memory Management eg C: { double* A = malloc(sizeof(double)*M*N); Mingsheng Hong for(int i = 0; i < M*N; i++) { A[i] = i; CS 215, Spring 2008 } } Whats wrong? memory leak:

443 views • 5 slides

More recommend