Does malloc() use brk() or mmap()?

Asked 30/5, 2015 at 4:56 Answered 31/1, 2019 at 7:57

Solved c memory-management malloc mmap sbrk

c code:

// program break mechanism
// TLPI exercise 7-1

#include <stdio.h>
#include <stdlib.h>

void program_break_test() {
    printf("%10p\n", sbrk(0));

    char *bl = malloc(1024 * 1024);
    printf("%x\n", sbrk(0));

    free(bl);
    printf("%x\n", sbrk(0));

}

int main(int argc, char **argv) {
    program_break_test();
    return 0;
}

When compiling following code:

 printf("%10p\n", sbrk(0));

I get warning tip:

format ‘%p’ expects argument of type ‘void *’, but argument 2 has type ‘int’

Question 1: Why is that?

And after I malloc(1024 * 1024), it seems the program break didn't change.

Here is the output:

9b12000
9b12000
9b12000

Question 2: Does the process allocate memory on heap when start for future use? Or the compiler change the time point to allocate? Otherwise, why?

[update] Summary: brk() or mmap()

After reviewing TLPI and check man page (with help from author of TLPI), now I understand how malloc() decide to use brk() or mmap(), as following:

mallopt() could set parameters to control behavior of malloc(), and there is a parameter named M_MMAP_THRESHOLD, in general:

If requested memory is less than it, brk() will be used;
If requested memory is larger than or equals to it, mmap() will be used;

The default value of the parameter is 128kb (on my system), but in my testing program I used 1Mb, so mmap() was chosen, when I changed requested memory to 32kb, I saw brk() would be used.

The book mentioned that in TLPI page 147 and 1035, but I didn't read carefully of that part.

Detailed info of the parameter could be found in man page for mallopt().

Illuviation answered 30/5, 2015 at 4:56 Comment(7)

#include <unistd.h>? – Predominance 30/5, 2015 at 5:3

@Predominance Yes, that solved the issue, can you give an explaination, I am new to linux programming... – Illuviation 30/5, 2015 at 5:5

You need the prototype for sbrk() which is in unistd.h. Without a prototype, the compiler assumes that unknown functions return int. – Predominance 30/5, 2015 at 5:6

@Predominance Yeah, I thought sbrk() was declared in stdlib.h, thank you! – Illuviation 30/5, 2015 at 5:8

@Predominance I am wondering, shouldn't it give compile error, since I missed the header? But it didn't ... – Illuviation 30/5, 2015 at 5:17

@EricWang: It would give a warning if you compiled with -Wall (assuming you're using gcc or clang). You should always compile with -Wall. – Ferreous 30/5, 2015 at 5:24

@Ferreous Yes, I just try to compile with -Wall, and I see the warning warning: implicit declaration of function ‘sbrk’, nice tip! – Illuviation 30/5, 2015 at 5:26

If we change the program to see where the malloc'd memory is:

#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>

void program_break_test() {
  printf("%10p\n", sbrk(0));

  char *bl = malloc(1024 * 1024);
  printf("%10p\n", sbrk(0));
  printf("malloc'd at: %10p\n", bl);

  free(bl);
  printf("%10p\n", sbrk(0));

}

int main(int argc, char **argv) {
  program_break_test();
  return 0;
}

It's perhaps a bit clearer that sbrk wouldn't change. The memory given to us by malloc is being mapped into a wildly different location.

You could also use strace on Linux to see what system calls are made, and find out that malloc is using mmap to perform the allocation.

Flagwaving answered 30/5, 2015 at 5:41 Comment(1)

I found that there is a THRESHOLD to control whether use brk() or mmap(), I updated that in the question. – Illuviation 3/6, 2015 at 16:58

malloc is not limited to using sbrk to allocate memory. It might, for example, use mmap to map a large MAP_ANONYMOUS block of memory; normally mmap will assign a virtual address well away from the data segment.

There are other possibilities, too. In particular, malloc, being a core part of the standard library, is not itself limited to standard library functions; it can make use of operating-system-specific interfaces.

Ferreous answered 30/5, 2015 at 5:39 Comment(3)

Are you saying that mmap can allocate more memory than sbrk? If so where does sbrk allocate memory, and where does mmap allocate memory? +1 -- good answer. – Barometrograph 29/5, 2020 at 20:9

sbrk allocates memory at a specific location; each time you call sbrk you get the a chunk of memory contiguous with the previous call. Historically, this was the frontier between the heap and the stack (with the heap growing up from the data segment and the stack growing down from the end of the process's address space). mmap cannot normally allocate more memory, but it definitely can allocate it with a different address and with a lot more options (memory protection flags, backing store, huge virtual blocks (to reduce page table size), etc.) – Ferreous 30/5, 2020 at 0:4

@petercordes: Yep, pretty sure I did mean that. Thanks. – Ferreous 24/9, 2020 at 4:11

If you use malloc in your code, it will call brk() at the beginning, allocated 0x21000 bytes from the heap, that's the address you printed, so the Question 1: the following mallocs requirements can be meet from the pre-allocated space, so these mallocs actually didn't call brk, it is a optimization in malloc. If next time you want to malloc size beyond that boundary, a new brk will be called (if not large than the mmap threshold).

Valvular answered 31/1, 2019 at 7:57 Comment(0)

Recommended topics

Hot tags