1. Programare și securitate la nivelul arhitecturii x86
Prof. dr. ing. Gheorghe Sebestyen
Cursul 8 Managementul memoriei heap

2. Spatiul de memorie al unui calculator
Spatiul fizic de memorie
Spatiul memoriei interne operative (RAM, DRAM)
Cod
Sistem de operare
Programe utilizator
Date
Separate sau nu de cod
Stiva
Unica sau multipla
Poate fi separata de memoria operativa (ex. microcontroloare)
Spatiul memoriei nevolatile (BIOS, incarcator)
Contine incarcatorul SO sau
Programul de aplicatie (ex. microcontroloare)
Spatiul de memorie al unor interfete/dispozitive
Memoria video – parte din spatiul de adresare al procesorului
Memorii tampon (ex. HDD) – accesibile prin operatii de interfata

3. Harta memoriei la un calculator personal - Modele de memorie MS-DOS
ROM-BIOS
FFFFF
ROM-Drivere
C0000
Memoria EMS
B0000
A0000
Memoria video
Modul real si protejat
80000
Memoria Conventionala
Extensii ale memoriei conventionale:
Expanded memory system EMS – comutare de blocuri pe o felie libera
Extended memory system – care depaseste spatiul de 1MB
HMA – high memory area – 386KB
UMA – Upper memory area
Tabela de intreruperi
Modul real

4. Spatiul de memorie - abordarea logica -
Intr-un SO multitasking fiecare proces are un spatiu de memorie propriu (spatiu logic)!!
Variabile locale, parametrii de apel, adrese de revenire
BIOS
Stiva
Spatiu alocat dinamic (in timpul executiei)
Heap
Program 2
Date
Spatiu alocat static, (Variabile globale)
Program 1
Cod
Sistemul de operare
Codurile instructiunilor din program
Spatiul de adresare al unui proces
Tabela de intreruperi

5. Memoria Heap – elemente de baza -
Heap = gramada, movila, adunatura
Memoria gestionata dinamic de catre utilizator in timpul executiei programului (run-time)
Alocarea memoriei in functie de necesitatile concrete ale programului
Operatii de baza:
Alocare memoriei – void* malloc(longn)
Dealocare/eliberare memorie – void free(void*adr)
Moduri de utilizare
Explicit – ex. C, C++ - malloc(), free()
Implicit – ex. Java – instantiere de obiecte, garbage collection

6. Managementul memoriei Heap
Se tine o lista cu blocurile libere (freelist)
Malloc() cauta un bloc liber in lista care corespunde ca dimensiune
Daca gaseste va aloca blocul si il va scoate din lista
Daca nu va genera o eroare de alocare
Free() elibereaza un bloc si il pune in lista de blocuri libere
Optional – rearanjarea blocurilor pentru eliminarea unor blocuri mici greu de reutilizat

7. Memoria Heap - avantaje/dezavantaje -
Utilizarea mai eficienta a spatiului de memorie - se foloseste doar cat este necesar din spatiul de memorie disponibil – specific pentru tehnicile de programare dinamice
Se pot solutiona probleme care nu se pot aborda prin alocarea statica a memoriei – ar necesita prea mult spatiu de memorie
Zonele de memorie sunt reutilizate in diferite scopuri in timpul executiei programului
Dezavantaje –
erori neprevazute (greu de detectat) cand cererea este mai mare decat spatiul disponibil
programul poate sa esueze la executie chiar daca logic este corect
Duce la fragmentarea in timp a spatiului de memorie
Overhead suplimentar pentru operatii de alocare/dealocare

8. Managementul automat al memoriei Heap
Ideea initiala provine din limbajul LISP
Acum folosit implicit in Java
Operatii de baza:
Alocarea spatiului de memorie – la instantierea de noi obiecte
Eliberarea spatiului – garbage collection – se lanseaza cand nu mai este spatiu liber
Opreste executia programului curent
Elibereaza spatiul care nu mai este cerut (adresat, poantat) de nici o componenta a programului
Se tine o evidenta a referintelor active in program

9. Probleme legate de managementul automat al memoriei Heap
Overhead suplimentar pt. managementul memoriei
Timpi de intrerupere necontrolati pentru colectarea blocurilor neutilizate
Principiul “stop the world” la lansarea garbage collection
Pt. aplicatii de timp-real – timp limitat pentru garbage collection
Obiecte de dimensiuni diferite – face dificila realocarea eficienta a blocurilor eliberate
Afecteaza localitatea datelor –
datele inrudite nu sunt puse in locatii apropiate
tehnicile de management a memoriei care se bazeaza pe localitatea datelor sunt afectate (ex. memoria cache, paginarea) – isi scad eficienta

10. Identificarea obiectelor neutilizate - numararea referintelor catre obiecte -
Obiectele cu 0 referinte pot fi eliberate – cele verzi
obiectele mov au un nr. de referinte > 0
Unele au referinte reale – nu pot fi eliberate - cele mov
altele au referinte false:
referinte circulare
referinte dinspre obiecte nefolosite (nereferite) – cu rosu
Stiva
ref1
ref2 2 1
Nota: ce se intampla cand ref1 dispare?

11. Tehnici de colectare a rezidurilor (garbage collection)
Colectarea spatiilor libere incepe cand nu se poate satisface o noua cerere de alocare
Colectarea continua pana la eliberarea tuturor spatiilor nefolosite
Spatiu nefolosit – care nu are cel putin o referinta (pointer) activa catre el
Metode:
Marcheaza si culege - Mark & sweep
Marcheaza si compacteaza - Mark & compact
Colectare in mai multe generatii

12. Marcheaza si culege - Mark & sweep
Principiul de lucru:
Se mentine o lista cu blocurile libere care pot fi alocate
Daca nu se poate satisface o noua cerere de alocare se lanseaza colectorul de reziduri (garbage collector)
Parcurge toate referintele (pointerii) din stiva, zona de date sin din registre si marcheaza toate blocurile care sunt accesibile prin aceste referinte
Parcurge si colecteaza blocurile heap nemarcate si le pune in lista de blocuri libere; pe cat posibil blocurile sunt concatenate
Se parcurge dinnou si se demarcheaza toate blocurile
Probleme
identificarea referintelor active in program este dificila
Trebuie sa se aloce un bit pe fiecare obiect pentru marcare
Operatia de colectare presupune oprirea programului (nu se poate face in regim concurent sau paralel)
Timpul de oprire nu poate fi estimat

13. Marcheaza si compacteaza
Principiul de lucru:
Se mentine o lista cu blocurile libere care pot fi alocate
Daca nu se poate satisface o noua cerere de alocare se lanseaza colectorul de reziduri (garbage collector)
Parcurge toate referintele (pointerii) din stiva, zona de date si din registre si marcheaza toate blocurile care sunt accesibile prin aceste referinte
Parcurge blocurile marcate si calculeaza o noua adresa pentru fiecare astfel incat sa ocupe un spatiu continuu de memorie
Muta blocurile in noile locatii si actualizeaza orice poantor intern din heap; actualizeaza referintele din program si din stiva conform noilor adrese.

14. Colectarea in mai multe generatii
Ideea de baza
“Obiectele mor tinere”
Un obiect care a “scapat” la o trecere a garbage collector-ului are sanse mari sa ramana o perioada lunga in memorie

15. Colectarea in mai multe generatii
Principiul de lucru:
Memoria este impartita in N partitii
Obiectele noi sunt alocate in partitia 0
Cand partitia 0 se umple se lanseaza garbage collector-ul pe partitie. Orice obiect care supravietuieste este mutat in partitia 1 si se elibereaza partitia 0
In acest mod daca partitia “i” (i>0) se umple se lanseaza garbage collector-ul si obiectele care se pastreaza se muta in partitia i+1

16. Implementarea unui manager de memorie heap
Probleme:
Evidenta blocurilor libere si ocupate
Printr-un header atasat fiecarui bloc care sa contina:
Dimensiunea
Poantor la blocul precedent
Poantor la blocul urmator
Implementarea unei functii de alocare (my_malloc())
Implementarea unei functii de eliberare (my_mfree())
Solicitarea de spatiu virtual din partea sistemului de operare – printr-un apel de functie sistem (ex. sys_mmap sau sys_brk)

17. Implementarea unui manager de memorie heap
Principiul de lucru:
Se solicita un spatiu virtual liber de la SO (ex. apel sbrk)
Initial lista de blocuri libere va contine un singur bloc care are dimensiunea spatiului alocat
La solicitarea unui bloc nou se apeleaza my_malloc care cauta in lista un bloc potrivit la dimensiune (mai mare sau egal cu ce s-a solicitat); blocul se imparte in doua: unul va fi alocat iar celalalt plasat in lista de blocuri libere
La eliberarea unui bloc se pune in lista de blocuri libere:
In capul listei
In interiorul listei astfel incat blocurile din lista sa aiba adrese in ordine crescatoare
se incearca concatenarea blocurilor adiacente din lista:
Se verifica daca 2 blocuri consecutive din lista ordonata sunt adiacente si se concateneaza in caz afirmativ
Operatia se poate apela doar cand nu sunt blocuri suficient de mari pentru alocare sau la anumite intervale de timp

18. Functii apelabile pentru managementul memoriei heap
Windows API: (
HeapAlloc(), HeapFree() – similar cu malloc, dar numai pentru Windows
GlobalAlloc(), GlobalFree()
LocalAlloc(), LocalFree()
malloc(), free() – modul “C” de alocare a memoriei - utilizabila si in Linux
new, delete – modul C++ de alocare/dealocare a memoriei;crearea unei noi instante
VirtualAlloc() - alocare de memorie cu granularitate de 1 pagina

19. Functii apelabile pentru managementul memoriei heap
Pentru Linux:
Biblioteca GNU C library – glibc
void *malloc(size_t, size) si void free (void *ptr)
void * calloc (size_t count, size_t element_size)
Alocarea a “count” elemente de marime “element_size”
Exemplu: alocarea de spatiu pentru un sir de caractere
char *ptr; …
ptr = (char *) malloc (length + 1); length lungimea sirului de caractere +1pentru caracterul de terminare a sirului

20. Managementul memoriei

21. Memory Management Memory Areas and their use Memory Manager Tasks:
acquire
release
Free List Implementations
Singly Linked List
Doubly Linked List
Buddy Systems

22. Memory Management
Memory areas: In languages like C or Java, the memory used by a program can be allocated from three different areas:
Static: laid out at compilation time, and allocated when the program starts.
Used for Global variables and constants
Stack: memory is allocated and freed dynamically, in LIFO order.
Used for Local variables and parameters
Heap: memory is allocated and freed dynamically, in any order.
Used for data outliving the method which created them. In Java all objects are stored in the heap
The memory management techniques we discuss in this lecture apply exclusively to the management of the heap.

23. Memory Manager The memory manager is part of the Operating System.
It must keep track of which parts of the heap are free, and which are allocated.
A memory manager supports the following operations:
acquire: allocates memory needed by programs
release: deallocates memory no longer needed by programs
It also defragments memory when needed

24. Problems faced in memory allocation
Memory fragmentation:
External fragmentation: Memory wasted outside allocated blocks
Internal fragmentation: Memory wasted inside allocated block. Results when memory allocated is larger than memory requested.
Overhead: Additional memory that must be allocated, above and beyond that requested by programs, in order to provide for the management of the heap.

25. Free List
Memory manager uses a free list data structure that keeps track of free memory blocks in a scheme for dynamic memory allocation.
Common implementations for free list:
Singly-linked list
Doubly-linked list
Buddy systems: an array of doubly-linked lists
Allocation Policies:
First fit chooses the first block in the free list big enough to satisfy the request, and split it.
Next fit is like first fit, except that the search for a fitting block will start where the last one stopped, instead of at the beginning of the free list.
Best fit chooses the smallest block bigger than the requested one.
Worst fit chooses the biggest, with the aim of avoiding the creation of too many small fragments – but doesn’t work well in practice.

26. Singly-linked list implementation of free-list
Each node represents a free block of memory
Nodes must be sorted according to start addresses of free blocks so that adjacent free memory blocks can be combined.
acquire( ) and release( ) operations are O(n); where n is the number of blocks in the heap.
In order to acquire a block, a node is searched following one of the allocation policy. If the block is bigger than requested, it is divided into two. One part is allocated and one remains in the list.
In order to release a block,
a new node must be inserted (if the adjacent block is not on the free list)
or a node, which contains the adjacent free block, must be modified.
Searching for the place of the new or existing node has complexity O(n).

27. Doubly-linked list implementation of free-list
In this implementation
Nodes are not sorted according to start addresses of free blocks.
All memory blocks have boundary tags between them. The tag has information about the size and status (allocated/free)
Each node in the doubly linked list represents a free block. It keeps size & start address of the free block and start addresses & sizes of the previous and next memory blocks. The adjacent blocks may be or may not be free
The release operation does not combine adjacent free blocks. It simply prepends a node corresponding to a released block at the front of the free list. This operation is thus O(1). Adjacent free blocks are combined by acquire().
The acquire operation traverses the free list in order to find a free area of a suitable size. As it does so it also combines adjacent free blocks.

28. Doubly Linked List Example
Node structure:
Initial state of memory (shaded=allocated, grayed=boundary tags)
The corresponding free list

29. Doubly Linked List Example (Cont.)
The operation release(400, 4000) will result in:
The node corresponding to the freed block is appended at the front of the free-list. The nodes x, y, and z correspond to the three free blocks that have not yet been combined.

30. Doubly Linked List Example (Cont.)
The operation acquire(600) using the first-fit allocation policy will first result in the combination of the three adjacent free blocks:
At this point the corresponding free list is:

31. Doubly Linked List Example (Cont.)
The required 600 bytes are then allocated, resulting in:
The corresponding free list is:

32. Buddy Systems implementation of free-list
Instead of having a single free list, it has an array of free lists; each element of the array holding blocks of the same size. One type of buddy systems is the binary buddy system.
For a memory of size m, there are free-lists of size 20, 21, 22, , 2k, where m  2k
The heap is viewed as one large block which can be split into two equal smaller blocks, called buddies. Each of these smaller blocks can again be split into two equal smaller buddies, and so on. Each memory block has its “buddy”. The “buddy” of a block of size 2k that starts at address x is the block of size 2k that start at address y = complementBit_k(x), where the address bits are numbered from right to left starting with 0.

33. Buddies
If each block is of size 8 bytes (i.e., 23 bytes); then the buddy of a block is obtained by complementing bit 3 of its starting address. If each block is of size 4 bytes (i.e., 22 bytes); then the buddy of a block is obtained by complementing bit 2 of its starting address.
Example: What is the starting address of the buddy of a block that starts at address if each block is 16 bytes?
Solution: 16 = 24; the starting address of the buddy is obtained by complementing bit 4:

34. Binary Buddy System implementation of free-list
Each array element is a list of free blocks of same size. The size of each block is a power of 2.

35. Binary Buddy System Algorithms
acquire(x): x <= 2k, the corresponding free list is searched
If there is a block in this list, it is allocated;
otherwise a block of size 2k+1, 2k+2, and so on is searched and taken off the free list. The block is divided into two buddies. One buddy is put on the free list for the next lower size and the other is either allocated or further splinted if needed.
release(x): The block is placed back in the free list of its size, and
if its buddy is also free they are combined to form a free block of size 2k+1. This block is then moved to the corresponding free list.
If its buddy is free they are combined to form a free block of size 2k+2, which is then moved to the appropriate free list and so on.

36. Buddy Systems Advantages/Disadvantages
Both acquire( ) and release( ) operations are fast.
Disadvantages:
Only memory of size that is a power of 2 can be allocated  internal fragmentation if memory request is not a power of 2.
When a block is released, its buddy may not be free, resulting in external fragmentation.