Master-Master-Memory Model
Learn Linux's memory model, may not allow you to significantly improve programming capabilities, but as a basic knowledge point should be familiar. When you take a train out, you are so knowing that you will not know about the place along the way and you can still reach the target. But you are very clear about the whole road, every time you know where you are, know the local customs, compare what you want, the journey may be more interesting.
Similarly, understanding Linux memory models, you know what kind of location per memory, each variable is in the system. This will also make you feel happy, know this, sometimes it will make your life more loose. Look at the address of the variable, you can get roughly whether this is a valid address. A variable is destroyed, you can roughly infer whom is a suspect.
Linux's memory model, generally:
Address Dog Description> = 0xC000 0000 Core Virtual Memory User Code Inaso Area <0xc000 0000 Stack (User Stack) ESP Pointing to Stack Top
↓
↑
Free memory> = 0x4000 0000 file mapping area
<0x4000 0000
↑
Idle memory
HEAP (Runtime Heap) Expands the heap up through the BRK / SBRK system.
.data, .BSS (readout) Load from the executable> = 0x0804 8000 .init, .text, .RODATA (read-only) Load <0x0804 8000 reserved area from the executable
Many books have similar descriptions, this map is taken from "in-depth understanding of computer system" P603, and makes a slight change. This picture is more likely to understand, but there is still two shortcomings. The following additions:
1. The first point is about running.
To illustrate this problem, let's run a test program and observe the results:
#include
Int main (int Argc, char * argv [])
{
INT first = 0;
INT * p0 = malloc (1024);
INT * p1 = malloc (1024 * 1024);
INT * P2 = Malloc (512 * 1024 * 1024);
INT * P3 = Malloc (1024 * 1024 * 1024);
Printf ("Main =% P Print =% P / N", Main, Printf;
Printf ("first =% p / n", & first);
Printf ("P0 =% P P1 =% P P2 =% P p3 =% P / N", P0, P1, P2, P3);
GetChar ();
Return 0;
}
After running, the output is:
Main = 0x8048404 print = 0x8048324
First = 0xBFCD1264
P0 = 0x9253008 P1 = 0xB7EC0008 P2 = 0x97ebf008 P3 = 0x57ebe008
l Main and Print two functions are code segments (.Text), their address meets the description of the table.
l First is the first temporary variable. Since there are some environment variables before first, its value is not 0xBFFFFFF, but 0xBFCD1264, which is normal.
l P0 is allocated in the heap, its address is less than 0x4000 0000, which is normal. L but P1 and P2 are also allocated in the heap, and its address is greater than 0x4000 0000, which does not match the table one.
The reason is that the position of the running pile is related to the memory management algorithm, that is, the implementation of Malloc. With regard to the memory management algorithm, we have a detailed description in the subsequent article, which is only a brief description. In the memory management algorithm implemented in the Glibc, Malloc small block memory is allocated in memory less than 0x4000 0000, and expands through BRK / SBRK, and allocates large block memory, MalloC calls MMAP implementation, allocated addresses In the file mapping area, its address is greater than 0x4000 000 0000.
See a little clear from the MAPS file:
00514000-00515000 R-XP 00514000 00:00 0 00624000-0063E000 R-XP 00000000 03:01 718192 /Lib/LD-2.3.5.SO 0063E000-0063F000 R-XP 00019000 03:01 718192 /Lib/LD-2.3. 5.so 0063F000-00640000 RWXP 0001A000 03:01 718192 /Lib/LD-2.3.5.SO 00642000-00766000 r-xp 00000000 03:01 718193 /Lib/Libc-2.3.5.so 0076000-00768000 r-xp 00124000 03:01 718193 /lib/libc-2.3.5.so 00768000-0076A000 rwxp 00126000 03:01 718193 /Lib/Libc-2.3.5.SO 0076A000-0076C000 rwxp 0076a000 00:00 08048000-08049000 r-xp 00000000 03 : 01 1307138 / ROOT/test/Mem/t.exe 08049000-0804A000 RW-P 00000000 03:01 1307138 / ROOT/Test/Mem/t.exe 09f5d000-09f7e000 RW-P 09F5D000 00:00 0 [HEAP]
57E2F000-B7F35000 RW-P 57E2F000 00:00 0 B7F44000-B7F45000 RW-P B7F44000 00:00 0 bfb2f000-bfb45000 rw-P bfb2f000 00:00 0 [stack]
2. The second is about multithreading.
The current application, multi-threaded. The model described in Table cannot be applied to a multi-threaded environment. According to the table, the program has the most stack space on G, in fact, in the case of multi-thread, the stack space that can be used is very limited. To illustrate this problem, we look at another test:
#include
#include
Void * thread_proc (void * param)
{
INT first = 0;
INT * p0 = malloc (1024);
INT * p1 = malloc (1024 * 1024);
Printf ("(0x% x): first =% p / n", pthread_self (), & first);
Printf ("(0x% x): p0 =% p p1 =% p / n", pthread_self (), p0, p1);
Return 0;}
#define n 5
Int main (int Argc, char * argv [])
{
INT first = 0;
INT i = 0;
Void * Ret = NULL;
PTHREAD_T TID [N] = {0};
Printf ("first =% p / n", & first);
For (i = 0; i { Pthread_create (TID I, NULL, Thread_Proc, NULL); } For (i = 0; i { Pthread_join (TID [I], & RET); } Return 0; } After running, the output is: First = 0xBFD3D35C (0xB7F2CBB0): first = 0xB7F2C454 (0xB7F2CBB0): P0 = 0x84D52D8 P1 = 0xB4C27008 (0xB752BBB0): first = 0xB752B454 (0xB752BBB0): P0 = 0x84d56e0 p1 = 0xB4B26008 (0xB6B2ABB0): first = 0xB6B2A454 (0xB6B2ABB0): P0 = 0x84D5AE8 P1 = 0xB4A25008 (0xB6129BB0): first = 0xB6129454 (0xB6129BB0): P0 = 0x84d5ef0 p1 = 0xB4924008 (0xB5728BB0): first = 0xB5728454 (0xB5728BB0): P0 = 0x84D62F8 P1 = 0xB7E2C008 Let's take a look: The distance between the main thread and the heap of the first thread: 0xBFD3D35C - 0xB7F2C454 = 0x7e10f08 = 126m The distance between the first thread and the second thread: 0xB7F2C454 - 0xB752B454 = 0xA01000 = 10m The distance between several other threads is 10m. That is, the main thread has a maximum of 126m, while the stack space of the normal thread is only 10m, and the range will cause a stack overflow. The consequences of the stack are more serious, or the segmentation fault errors, or inexplicable errors.
