Linux Address Space(The range of virtual addresses that the operating system assigns to a user or separately running program

is called an address space. This is the area of contiguous virtual addresses available for executing instructions and storing data.) Without memory for storing data, it's impossible for a program to get any work done !eal"world programs can't afford to rely on fixed"si#e buffers or arrays of data structures $hey ha%e to be able to handle inputs of %arying si#es, from small to large $his in turn leads to the use of dynamically allocated memory&memory allocated at runtime

A process is a running program $his means that the operating system has loaded the executable file for the program into memory, has arranged for it to ha%e access to its command"line arguments and en%ironment %ariables, and has started it running A process has fi%e conceptually different areas of memory allocated to it' (ode )nitiali#ed data *ero"initiali#ed data +eap Stack
1

 (ode ,ften referred to as the text segment this is the area in which the executable instructions reside

Linux arrange things so that multiple running instances of the same program share their code if possible $he portion of the executable file containing the text segment is the text section. )nitiali#ed data Statically allocated and global data that are initiali#ed with non#ero %alues li%e in the data segment -ach process running the same program has its own data segment $he portion of the executable file containing the data segment is the data section *ero"initiali#ed data .lobal and statically allocated data that are initiali#ed to #ero by default are kept in what is collo/uially called the BSS area of the process -ach process running the same program has its own 0SS area When running, the 0SS data are placed in the data segment
2

 )n the executable file, they are stored in the BSS section $he format of a Linux12nix executable is such that only %ariables that are initiali#ed to a non#ero %alue occupy space in the executable's disk file $hus, a large array declared 'static char somebuf3456789', which is automatically #ero"filled, does not take up 4 :0 worth of disk space

+eap $he heap is where dynamic memory (obtained by malloc() and friends) comes from As memory is allocated on the heap, the process's address space grows Although it is possible to gi%e memory back to the system and shrink a process's address space, this is almost ne%er done We distinguish between releasing no longer" needed dynamic memory and shrinking the address space )t is typical for the heap to ;grow upward ; $his means that successi%e items that are added to the heap are added at addresses that are numerically greater than pre%ious items )t is also typical for the heap to start immediately after the 0SS area of the data segment Stack
3

 $he stack segment is where local %ariables are allocated Local %ariables are all %ariables declared inside the opening left brace of a function body that aren't defined as static )t is the use of a stack for function parameters and return %alues that makes it con%enient to write recursive functions <ariables stored on the stack ;disappear; when the function containing them returns $he space on the stack is reused for subse/uent function calls ,n most modern architectures, the stack ;grows downward,; meaning that items deeper in the call chain are at numerically lower addresses When a program is running, the initiali#ed data, 0SS, and heap areas are usually placed into a single contiguous area' the data segment $he stack segment and code segment are separate from the data segment and from each other $he different memory areas can ha%e different hardware memory protection assigned to them =or example, the text segment might be marked ;execute only,; whereas the data and stack segments would ha%e execute permission disabled

 $his practice can pre%ent certain kinds of security attacks =inally, we'll mention that threads represent multiple threads of execution within a single address space $ypically, each thread has its own stack, and a way to get thread local data, that is, dynamically allocated data for pri%ate use by the thread >emory Allocation Library (alls System (alls Library (alls malloc() calloc() realloc() free() ?ynamic memory is allocated by either the malloc() or calloc() functions $hese functions return pointers to the allocated memory ,nce you ha%e a block of memory of a certain initial si#e, you can change its si#e with the realloc() function ?ynamic memory is released with the free() function
5

 %oid @calloc(si#eAt nmemb, si#eAt si#e) $he calloc function allocates space for an array of nmemb obBects, each of whose si#e is si#e $he space is initiali#ed to all bits #ero Allocate and zero fill %oid @malloc(si#eAt si#e) $he malloc function allocates space for an obBect whose si#e is specified by si#e and whose %alue is indeterminate Allocate raw memory %oid free(%oid @ptr) Release memory %oid @realloc(%oid @ptr, si#eAt si#e) Change size of existing allocation $he allocation functions all return type %oid @ $his is a typeless or generic pointer. $he type si#eAt is an unsigned integral type that represents amounts of memory )t is used for dynamic memory allocation %oid @malloc(si#eAt si#e) )nitially Allocating >emory >emory is allocated initially with malloc() $he %alue passed in is the total number of bytes re/uested
6

 $he return %alue is a pointer to the newly allocated memory or C2LL if memory could not be allocated $he memory returned by malloc() is not initiali#ed )t can contain any random garbage Dou should immediately initiali#e the memory with %alid data or at least with #eros !eleasing >emory %oid free(%oid @ptr) When you're done using the memory, you ;gi%e it back; by using the free() function $he single argument is a pointer pre%iously obtained from one of the other allocation routines )t is safe (although useless) to pass a null pointer to free() (hanging Si#e %oid @realloc(%oid @ptr, si#eAt si#e) )t is possible to change the si#e of a dynamically allocated memory area (hanging the si#e is handled with realloc() Allocating and *ero"filling %oid @calloc(si#eAt nmemb, si#eAt si#e) $he calloc() function is a straightforward wrapper around malloc()
7

 )ts primary ad%antage is that it #eros the dynamically allocated memory )t also performs the si#e calculation for you by taking as parameters the number of items and the si#e of each System (alls brk() sbrk()

int brk(%oid @endAdataAsegment) $he brk() system call actually changes the process's address space $he address is a pointer representing the end of the data segment )ts argument is an absolute logical address representing the new end of the address space )t returns 5 on success or "E on failure

%oid @sbrk(ptrdiffAt increment) $he sbrk() function is easier to use )ts argument is the increment in bytes by which to change the address space 0y calling it with an increment of 5, you can determine where the address space currently ends
8

$he mlock =amily' Locking Fhysical >emory

$he mlock family of system calls allows a program to lock some or all of its address space into physical memory $his pre%ents Linux from paging this memory to swap space, e%en if the program hasnGt accessed it for a while A time"critical program might lock physical memory because the time delay of paging memory out and back may be too long or too unpredictable +igh"security applications may also want to pre%ent sensiti%e data from being written out to a swap file, where they might be reco%ered by an intruder after the program terminates Locking a region of memory is as simple as calling mlock with a pointer to the start of the region and the regionGs length Linux di%ides memory into pages and can lock only entire pages at a time9 each page that contains part of the memory region specified to mlock is locked $he getpagesi#e function returns the systemGs page si#e, which is 6:0 on x7H Linux =or example, to allocate I4>0 of address space and lock it into !A>, you would use this code' const int allocAsi#e J I4 @ E546 @ E5469 char@ memory J malloc (allocAsi#e)9 mlock (memory, allocAsi#e)9 Cote that simply allocating a page of memory and locking it with mlock doesnGt reser%e physical memory for the calling process because the pages may be copy"onwrite

$herefore, you should write a dummy %alue to each page as well' si#eAt i9 si#eAt pageAsi#e J getpagesi#e ()9 for (i J 59 i K allocAsi#e9 i LJ pageAsi#e) memory3i8 J 59 $he write to each page forces Linux to assign a uni/ue, unshared memory page to the process for that page $o unlock a region, call munlock, which takes the same arguments as mlock )f you want your programGs entire address space locked into physical memory, call mlockall $his system call takes a single flag argument' >(LA(2!!-C$ locks all currently allocated memory, but future allocations are not locked9 >(LA=2$2!- locks all pages that are allocated after the call 2se >(LA(2!!-C$M>(LA=2$2!- to lock into memory both current and subse/uent allocations $he munlockall call unlocks all memory locked by the current process, including memory locked with mlock and mlockall

10