473,840 Members | 1,444 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Does malloc() reuse addresses?

Hi all,

my question is:

if i allocate some memory with malloc() and later free it (using
free()), is there a possibility that a consequent malloc() will
allocate memort at the same starting address and will return the same
pointer as the previous malloc(). I would like to have confirmation on
whether this is practically a concern when pointers are used to
uniquely identify data structure instances - like in this example:

int isInstanceValid (myStrict* inst)
{
int i;
for (i=0; i<instCount; ++i)
if (instances[i] == inst)
return 1;

return 0;
}

In this example, if an instance is freed, and a pointer to it becomes
non-valid, and later a new structure is allocated in the list, the
function will return that the pointer is valid, although it is actually
not the instance that was originally referred.

Jul 14 '06
48 5864
avasilev wrote:
Hi all,

my question is:

if i allocate some memory with malloc() and later free it (using
free()), is there a possibility that a consequent malloc() will
allocate memort at the same starting address and will return the same
pointer as the previous malloc(). I would like to have confirmation on
whether this is practically a concern when pointers are used to
uniquely identify data structure instances - like in this example:

int isInstanceValid (myStrict* inst)
{
int i;
for (i=0; i<instCount; ++i)
if (instances[i] == inst)
return 1;

return 0;
}

In this example, if an instance is freed, and a pointer to it becomes
non-valid, and later a new structure is allocated in the list, the
function will return that the pointer is valid, although it is actually
not the instance that was originally referred.
Aside from everything else that's already been said: don't do this.

There is no way to detect whether a pointer is valid (in any sense of the
word) in portable C, and in most cases it's not feasible to do it in
unportable C either.

If you concerned about not deallocating things before their time is up, use
a garbage collector, like http://www.hpl.hp.com/personal/Hans_Boehm/gc/.

If you're concerned about sloppy programmers (possibly including yourself as
a culprit), then audit your code more closely, using tools like valgrind
(http://valgrind.org/) and Electric Fence
(http://perens.com/FreeSoftware/ElectricFence/).

If you want a unique identifier for an object, come up with one yourself,
and don't make it depend (exclusively) on its address. This is what the
concept of a handle is all about, although handles are subject to mistakes
like these too. You may be able to devise a handle allocation scheme that
will maximimze the time before reuse and hence increase the chance of
detecting an invalid handle.

The best even most external tools can do is increase the likelihood of
detecting an allocation bug. They cannot convince you there aren't any.

S.
Jul 14 '06 #21

Dann Corbit wrote:
"Kenneth Brody" <ke******@spamc op.netwrote in message
news:44******** *******@spamcop .net...
avasilev wrote:
[...]
Ok I will clarify this a bit, sice some people did not get it properly.
I have a list of instance pointers. Every allocated instance is added
to this list and every freed instance is immediately removed from
there. The problem is that copies of these pointers need to be passed
around, and it may happen that when such a copy has to be used, the
instance it points to may be already gone. So a way to validate the
pointer is needed - and this pointer comparison approach was chosen -
not by me, I am kindof revising the thing. So my question was to
confirm how reliable is the current verification mechanism. My opinion
is that it is not, since pointer values for different instances (in
time) may conicide.
Well, I'm sure that many people will (rightly so) tell you that if
you free memory, that you should make sure that no pointers to it
will ever be used again.

Short of never free()ing any of your instances (a very bad idea),
or making sure to never reference a free()ed instance (a very good
idea), the only semi-bad solution I see would be to keep track of
all previously-allocated-but-now-freed addresses, and have your
allocate routine check if malloc returned one of them. If so,
keep malloc'ing until a non-previously-used address is returned,
and use that one. (And then free all of the "bad" ones, to keep
from having a memory leak.)

Of course, that "solution" just says "eww, yuck!" to me.

It sounds a little to me like the data structure is upside down, or
disconnected.

Can the list of pointers to objects manage the links to external references?

I would like to know more about the problem. Why do the external objects
have pointers to a list of things that may disappear? What do they do with
the pointers? Why are the external objects not members of the structs in
the pointer list (e.g as a linked list or something).

I think that the tracking homework is strangely designed and I think that
good answers to the questions will depend on why these foreign objects have
addresses of potentially disappearing objects. Do multiple external items
point to the same list object address? What do they use this address for?

How can an external object from the list tell the difference between a
pointer to an object originally allocated to them verses a pointer to a
similar object (allocated with the same address) but allocated for a
different set of external objects?
Er, what do you understand by external objects? If you mean the global
variable instList, this is the pointer to the whole list. When an
instance is to be freed, it is first removed from the list, and then
free()-d (see code). So all pointers in the list are always valid.
Unfortunately I cannot keep track of all copies of these pointers that
fly around in the application. Thats why the whole problem arises.

Jul 14 '06 #22

Keith Thompson wrote:
"avasilev" <al********@gma il.comwrites:
Dann Corbit wrote:
[...]
The simple act of examining the contents of the pointer that is storing
0xdeadbeef invokes undefined behavior. Your computer could dump core, or
Scott Nudds could come flying out of your left nostril. Really, it's
practically in the standard. At least comp.std.c made a similar remark
concerning demons some time ago.
No no, Im no examining the moemory that hte pointer points to, I am
simply comparing the values of the pointers themselves, i.e. I am
comparing the addresses, not the contents of the memory that is pointed
to.

Understood, but just examining the pointer value itself, without
dereferencing it, invokes undefined behavior.

Concretely:

#include <stdio.h>
#include <stdlib.h>
int main(void)
{
void *ptr;
ptr = malloc(42);
printf("ptr = %p\n", ptr);
free(ptr);
printf("ptr = %p\n", ptr);
return 0;
}

The second printf call invokes UB (assuming the malloc() succeeded).

In real life, this is unlikely to cause any problems, but strictly
speaking a pointer to an object becomes indeterminate when the object
reaches the end of its lifetime.
Hmm, ok this means that the compiler may try to do something "hidden"
with this pointer, i.e. try to dereference it somehow? At the assembly
level a pointer is just a register value which can be manupulated just
as any other value, as long as no attempts are made to dereference it.
So do you mean that the C standard states that accessing the value of a
pointer to a freed object causes undefined behaviour?

Jul 14 '06 #23
"avasilev" <al********@gma il.comwrote in message
news:11******** **************@ h48g2000cwc.goo glegroups.com.. .
[snip]
Unfortunately I cannot keep track of all copies of these pointers that
fly around in the application. Thats why the whole problem arises.
That is the gist of the problem, I think.

You need to devise a way so that you *can* track all of the copies of the
pointers that are flying around. Without that, you have a dangerous design.

IMO-YMMV.
Jul 14 '06 #24

Dann Corbit wrote:
"avasilev" <al********@gma il.comwrote in message
news:11******** **************@ h48g2000cwc.goo glegroups.com.. .
[snip]
Unfortunately I cannot keep track of all copies of these pointers that
fly around in the application. Thats why the whole problem arises.

That is the gist of the problem, I think.

You need to devise a way so that you *can* track all of the copies of the
pointers that are flying around. Without that, you have a dangerous design.

IMO-YMMV.
The design is of an already written application (not by me) and I have
to live with it. I just want to eveluate what i can expect from this
approach. If I had to implement it, I would use unique ID-s.

Jul 14 '06 #25

Skarmander wrote:
avasilev wrote:
Hi all,

my question is:

if i allocate some memory with malloc() and later free it (using
free()), is there a possibility that a consequent malloc() will
allocate memort at the same starting address and will return the same
pointer as the previous malloc(). I would like to have confirmation on
whether this is practically a concern when pointers are used to
uniquely identify data structure instances - like in this example:

int isInstanceValid (myStrict* inst)
{
int i;
for (i=0; i<instCount; ++i)
if (instances[i] == inst)
return 1;

return 0;
}

In this example, if an instance is freed, and a pointer to it becomes
non-valid, and later a new structure is allocated in the list, the
function will return that the pointer is valid, although it is actually
not the instance that was originally referred.
Aside from everything else that's already been said: don't do this.

There is no way to detect whether a pointer is valid (in any sense of the
word) in portable C, and in most cases it's not feasible to do it in
unportable C either.

If you concerned about not deallocating things before their time is up, use
a garbage collector, like http://www.hpl.hp.com/personal/Hans_Boehm/gc/.

If you're concerned about sloppy programmers (possibly including yourself as
a culprit), then audit your code more closely, using tools like valgrind
(http://valgrind.org/) and Electric Fence
(http://perens.com/FreeSoftware/ElectricFence/).

If you want a unique identifier for an object, come up with one yourself,
and don't make it depend (exclusively) on its address. This is what the
concept of a handle is all about, although handles are subject to mistakes
like these too. You may be able to devise a handle allocation scheme that
will maximimze the time before reuse and hence increase the chance of
detecting an invalid handle.

The best even most external tools can do is increase the likelihood of
detecting an allocation bug. They cannot convince you there aren't any.

S.
Yes, I would use some sort of UID-s if I had to design it, but it is
already done, so I need to evaluate the current situation.

Jul 14 '06 #26


avasilev wrote On 07/14/06 16:56,:
[...]

//this is how we free an instance and remove it form the list
int delInst(myStruc t* inst)
{
myStruct* cur = instList;
while (cur)
{
if (inst == cur)
{
/ /some code to remove from linked list goes here
free(cur);
return 1;
}
cur = cur->next;
}
return 0;
}
The only 100% reliable way to make this scheme work
is to remove the call to free() above. Others have pointed
out that any use of a free'd pointer, even a mere comparison,
produces undefined behavior -- and while this is correct, it
is mostly a "theoretica l" concern. However, a "practical"
concern is that malloc() can and usually does re-use free'd
memory; malloc() can return the same non-NULL value N times.
(Because of the "theoretica l" U.B., there is no safe way for
a program to detect this reliably, but as a "practical" matter
it does happen, and quite commonly.)

So: The only way to be sure malloc() never returns the
same value twice is never to free() anything. Of course,
this may have unwelcome consequences ...

--
Er*********@sun .com

Jul 14 '06 #27
"avasilev" <al********@gma il.comwrote in message
news:11******** **************@ m79g2000cwm.goo glegroups.com.. .
>
Dann Corbit wrote:
>"avasilev" <al********@gma il.comwrote in message
news:11******* *************** @h48g2000cwc.go oglegroups.com. ..
[snip]
Unfortunately I cannot keep track of all copies of these pointers that
fly around in the application. Thats why the whole problem arises.

That is the gist of the problem, I think.

You need to devise a way so that you *can* track all of the copies of the
pointers that are flying around. Without that, you have a dangerous
design.

IMO-YMMV.

The design is of an already written application (not by me) and I have
to live with it. I just want to eveluate what i can expect from this
approach. If I had to implement it, I would use unique ID-s.
Perhaps it can be repaired.

If you can create a data structure that knows about both the object list and
all the objects that refer to it, you can do things like:
tag the non-list objects that use a particular list objects as invalid when
free() is called for that particular list object.

You could implement a reference counting scheme to know if someone is still
using an object so that it should not be freed.
Jul 14 '06 #28

Eric Sosman wrote:
avasilev wrote On 07/14/06 16:56,:
[...]

//this is how we free an instance and remove it form the list
int delInst(myStruc t* inst)
{
myStruct* cur = instList;
while (cur)
{
if (inst == cur)
{
/ /some code to remove from linked list goes here
free(cur);
return 1;
}
cur = cur->next;
}
return 0;
}

The only 100% reliable way to make this scheme work
is to remove the call to free() above. Others have pointed
out that any use of a free'd pointer, even a mere comparison,
produces undefined behavior -- and while this is correct, it
is mostly a "theoretica l" concern. However, a "practical"
concern is that malloc() can and usually does re-use free'd
memory; malloc() can return the same non-NULL value N times.
(Because of the "theoretica l" U.B., there is no safe way for
a program to detect this reliably, but as a "practical" matter
it does happen, and quite commonly.)

So: The only way to be sure malloc() never returns the
same value twice is never to free() anything. Of course,
this may have unwelcome consequences ...

--
Er*********@sun .com

Hm, thats the strange thing here - the code is part of a widely used
open source cross-patform library, which supports a huge diversity of
compilers and platforms. And this code works on all... So, as you say
it seems that the problem with reading a pointer to free-d memory
should be theoretical. But it is really interesting that nobody has
complained so far about this.

Jul 14 '06 #29

Dann Corbit wrote:
"avasilev" <al********@gma il.comwrote in message
news:11******** **************@ m79g2000cwm.goo glegroups.com.. .

Dann Corbit wrote:
"avasilev" <al********@gma il.comwrote in message
news:11******** **************@ h48g2000cwc.goo glegroups.com.. .
[snip]
Unfortunately I cannot keep track of all copies of these pointers that
fly around in the application. Thats why the whole problem arises.

That is the gist of the problem, I think.

You need to devise a way so that you *can* track all of the copies of the
pointers that are flying around. Without that, you have a dangerous
design.

IMO-YMMV.
The design is of an already written application (not by me) and I have
to live with it. I just want to eveluate what i can expect from this
approach. If I had to implement it, I would use unique ID-s.

Perhaps it can be repaired.

If you can create a data structure that knows about both the object list and
all the objects that refer to it, you can do things like:
tag the non-list objects that use a particular list objects as invalid when
free() is called for that particular list object.

You could implement a reference counting scheme to know if someone is still
using an object so that it should not be freed.

Yes, your idea is good. However this mechanism is deeply in the core of
the library, and changing it wil lrequire a lot of efforts. Strangely
this has been working on numerous platforms and compilers - the code is
part of an opensource crosspatform library.

Jul 14 '06 #30

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

33
2735
by: Chris Fogelklou | last post by:
What is wrong with the above? Don't worry, I already know (learned my lesson last week.) It is for the benefit of our resident compiler guru who seems to think you need the cast. I thought it too, up until I started posting here! Thanks, Chris
24
3835
by: David Mathog | last post by:
If this: int i,sum; int *array; for(sum=0, i=0; i<len; i++){ sum += array; } is converted to this (never mind why for the moment):
4
1826
by: Manu | last post by:
Hello, Can we say that the return addresses from the various malloc function calls, in a program, will always be in a predefined order (increasing or decreasing, depeding on how the heap is managed) ? regards Manu
41
3360
by: jacob navia | last post by:
In the C tutorial for lcc-win32, I have a small chapter about a debugging implementation of malloc. Here is the code, and the explanations that go with it. I would appreciate your feedback both about the code and the associated explanations. ---------------------------------------------------------------------
6
3376
by: itsolution | last post by:
Hi folks, Could you shed some light on this issue? my program is running on Freebsd as a daemon. When user sends a request, it forks itself and lets its child process handles the request. And its main role is just to read a big xml file and save each object into its embedded DB(such as gdbm).
0
9856
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9698
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10916
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
10657
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9436
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5684
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5872
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
4071
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3136
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.