Memory Management

1
Memory Management

• COSC319
• Software Engineering Concepts

2
Memory Errors

• When memory is corrupted
• Data is overwritten and results are incorrect
• Program code is overwritten and program crashes
• Memory references outside of application space
• Who/What did it?
• My own application did it to itself
• Another concurrent application
• The Operating System (OS)
• The machine did it!

3
Who does what?
Run-time Library
Application
Memory Management
Processor
Operating System
Everybody helps
4
The Big Lie
Run-time Library
Application
Memory Management
Processor
Operating System
Good abstraction for novice programmers
5
The conclusion
Run-time Library
Application
Memory Management
Processor
Your application does most of the damage
Operating System
6
Run-time Library
Application
Memory Management
Processor
Operating System
7
What if the Program is Too Big

• Some machines wont let you run the program
• Original DOS

RAM
0x3fff
00011010011100001010100101011001101001110000
10101001010110011010011100001010100101011101
011
Was not that long ago
Early workaround was program overlays which were
programmer controlled.
0x0000
8
Virtual Memory

• Let the OS/processor manage our virtual memory!
• What is virtual memory?
• Technique that allows execution of a program that
  
• can reside in discontiguous memory
• does not have to completely reside in memory
  (RAM)
• Allows the computer to fake a program into
  believing that its
• memory is contiguous
• memory space is larger than physical RAM
• the only thing residing in memory
• Why is VM important?
• Cheap - no longer have to buy lots of RAM
• Removes burden of memory resource management from
  the programmer

9
How Does VM Work

• Two memory spaces
• Virtual memory space - what the program sees
• Physical memory space - what the program runs in
  (size of RAM)
• On program startup
• OS copies program into RAM
• If there is not enough RAM, OS stops copying
  program starts running the program with some
  portion of the program loaded in RAM
• When the program touches a part of the program
  not in physical memory (RAM), OS copies that part
  of the program from disk into RAM
• In order to copy some of the program from disk
  to RAM, OS must evict parts of the program
  already in RAM
• OS copies the evicted parts of the program back
  to diskif the pages are dirty (i.e. the data has
  been changed)

10
Virtual vs. Physical Space
Virtual Address Space
Physical Address Space
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
0x00 0x04 0x08 0x0C
Some memory in physical memory and some on disk
11
Example
Virtual Address Space
Physical Address Space
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5 bne 0x00 add r10,r1,r2 sub r3,r4,r1 sw
r5,0x0C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5
0x00 0x04 0x08 0x0C
12
Example (cont)
Virtual Address Space
Physical Address Space
VA -gt PA
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5 bne 0x00 add r10,r1,r2 sub r3,r4,r1 sw
r5,0x0C
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
0x00 0x04 0x08 0x0C Disk Disk Disk Disk
0x00 0x04 0x08 0x0C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5
13
Example (cont)
Virtual Address Space
Physical Address Space
VA -gt PA
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5 bne 0x00 add r10,r1,r2 sub r3,r4,r1 sw
r5,0x0C
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
Disk 0x04 0x08 0x0C Disk Disk Disk Disk
0x00 0x04 0x08 0x0C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5
14
Basic VM Algorithm

• Program presents virtual address (load, store,
  instruction fetch)
• Computer translates virtual addr. (VA) to
  physical addr. (PA)
• Computer reads RAM using PA, returning the data
  to program

VA -gt PA
RAM
0x00 0x04 0x08 0x0C 0x10
0x00 0x04 0x08 0x0C Disk
Virtual Address
Processor (running program)
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5
0x00 0x04 0x08 0x0C
15
Page Tables

• Table which holds VA -gt PA translations is the
  page table
• In our current scheme, each word is translated
  from a virtual address (VA) to a physical address
  (PA)

VA -gt PA
RAM
0x00 0x04 0x08 0x0C 0x10
0x00 0x04 0x08 0x0C Disk
Virtual Address
Processor (running program)
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5
0x00 0x04 0x08 0x0C
Instructions (or data)
16
Page Tables (cont)

• Instead of the fine-grained VM where any word in
  VM can map to any RAM word location, we
  partition memory into chunks called pages
• Typical page size today is 4 or 8 KBytes
• Reduces the number of VA-gt PA translation entries
• Only one translation per page
• For 4 KByte page, thats one VA-gt PA translation
  for every 1,024 words
• Within a page, the virtual address physical
  address

31
12
0
11
Virtual Address
Virtual Page Number
Page Offset
Translation
24
0
12
11
Physical Address
Physical Page Number
Page Offset
17
Page Table
31
12
0
11
Virtual Address
Virtual Page Number
Page Offset
Each entry in the page table is called a Page
Table Entry (PTE)
The processor has been doing all of this work so
far.
23
12
0
11
Physical Address
Physical Page Number
Page Offset
of bits in page offset Log2(Page Size) of
bits in physical address Log2( RAM Bytes)
18
Run-time Library
Application
Memory Management
Processor
Operating System
19
What Happens If Page Is Not in RAM?

• How do we know its not in RAM?
• PTEs (page table entry) valid bit is set to
  INVALID (DISK)
• What do we do?
• Hardware asks OS to fetch the page from disk
• We call this a page fault
• Before page is read from disk, OS must evict a
  page from RAM (if RAM is full)
• The page to be evicted is called the victim page
• If the page to be evicted is dirty, write the
  page back to disk
• Only data pages can be dirty
• OS then reads the requested page from disk
• OS changes the page tables to reflect the new
  mapping
• Hardware restarts at the faulting virtual address

20
Which Page Should We Evict

• Optimal solution evict a page that wont be
  referenced (used) again
• If all pages will be used again, then evict the
  page that will not be used for the longest period
  of time (Belady)
• Guarantees the lowest possible page fault rate (
  of faults per second)
• Cant be done unless we can tell the future
• Other page replacement algorithms
• First-in, First-out (FIFO)
• Least Recently Used (LRU)

This is the core of the OS contribution to memory
management
21
Another App
Run-time Library
Application
Memory Management
Processor
Operating System
22
Multiprogramming and Protection

• Most machines run multiple processes
• The processes share RAM
• Example simultaneously running emacs, verilog
  and X-window system OR word, excel, and explorer.
• Need some mechanism to protect the memory of each
  process
• Avoid one process reading or writing the memory
  of another process

23
Back to Protection

• Simplest approach
• Provide pair of registers that checks every
  address to make sure the address falls between
  the two limits
• Example, when running Job 3, the two
  registerswould point to the bottom and top of
  Job 3smemory range
• Base lt Address lt Bound
• User process should not beallowed to alter the
  base andbound registers
• Only OS can do this
• Processor provides at least two modes
• User and system (OS)
• System mode is a privileged mode
• Code running in system mode can access parts of
  the machine (registers)that user mode cannot
  access (modify)

24
Protection (cont)

• Finer-grained protection is accomplished by
  protecting each page
• Give each user process its own page table
• Because of hardware virtual memory support, the
  process can only access physical pages listed in
  its page table
• In the example below, the process can only access
  physical pages (1, 3, 4, 5, 8)

0
11
31
12
Virtual Page Number
Page Offset
Virtual Address
0x00004
0x100
valid bit
Physical page number
0x00000 0x00001 0x00002 0x00003 0x00004
0x001 0x005 0x003 0x004 0x008
25
Protection (cont)

• Separate page tables (per process) provide
  page-level protection
• OS creates and manages page tables so that no
  user-level process can alter any processs page
  table
• Page tables are mapped into kernel memory where
  only the OS can read or write

26
Protection (cont)

• Notice that both processes (1 and 2) use the same
  virtual addresses
• Notice that the physical addresses are never the
  same (between the two processes)

27
Run-time Library
Application
Memory Management
Processor
Operating System
28
The Runtime Library is Part of Our Application
Source File
Object File
Object File
Object File
Executable
Linker
Compiler
Library
Librarian
29
The Java System Objects are Part of Our
Application
System objects are no different than our own
application objects
java.net
java.io
foo
bar
JVM
30
Static Memory

• Global variables
• Includes user variables and runtime library
  variables
• Executable code
• Includes user code and runtime code
• Constants remember the object file!
• Layout of static memory done by the linker.
• Remember in virtual memory we assume we have one
  big virtual address space all to ourselves.

Static Memory items are found in the object file.

31
What is in the Runtime System

• Code for the routines used
• Printing
• Mathematical functions
• File manipulation
• Dynamic memory management
• Any global variables needed by those routines
• errno is a runtime global variable
• Memory for the stack and heap

32
Our Application Memory Space
Static
Runtime Code and Data
Stack
Heap
The PCB is our applications metadata and is
stored in OS memory.
33
Stack and Heap Layout
Stack
Heap
Static
The stack and heap is just memory specified to be
set aside for use by the runtime system. It is
just like your own global memory.
This is unused memory
34
Alternative Stack and Heap Layout
Stack ?
? Heap

• Typical for embedded systems
• Uses up whatever memory you have left

35
Stack Memory

• LIFO last in first out
• Better said last subprogram to run is the first
  to exit.
• Used with subprogramming
• We separate the code from the instance (data) of
  the subprogram
• One copy of the code and N copies of the data
• Each subprogram places an activation record on
  the stack which is the memory that the local
  subprogram uses

36
Compiler-inserted Code for Stack Management

• bar(int b)
• printf (d\n, b)
• foo(int g)
• int f 4
• bar(gf)
• main()
• int m 3
• foo(m)

g is located on the stack
Push m on the stack (Set aside space for it)
Push m on the stack Then call foo
Pop the stack to remove m
37
Compiler-inserted Code for Stack Management

• bar(int b)
• printf (d\n, b)
• foo(int g)
• int f 4
• bar(gf)
• main()
• int m 3
• foo(m)

d\n
b
gf
f
m
m
38
REMEMBER Clearing Memory

• Part of the process of laying out the program
  into memory is the act of clearing memory.
• In a multi-processing system, this keeps one
  process from looking at the old state of a
  program that just ended.
• An uninitialized global variable would be a zero.
• At least thats what the C and C standards say.
• Should this happen with an embedded system or a
  single user system such as a handheld device?
• Where did the original code come from?
• Local variables do not have the same guarantee.
• If a sub-module was actually a former stand-alone
  program the global (now local) variables may not
  be initialized.

Uninitialized local variables have the previous
memory contents
39
Heap Memory

• Managed by the runtime system which is linked in
  with the application.
• A malloc/new traverses a list of memory blocks to
  find an amount of memory that will be suitable.
• A free/delete returns the memory to heap.

null
s
t
v
free
Plus one word for the size
40
Garbage Collection

• Explicit dynamic memory release
• malloc free ?C
• new delete ? C
• Implicit dynamic memory release
• New ignoring the data ? Java
• p new x
• p null

When nothing references the memory, the memory is
reclaimed
p
41
Heap Compaction
delete (t)

• When memory is reclaimed (free, delete, or via
  garbage collection) the heap is compacted to make
  larger blocks

null
s
v
free
42
Replacing the Heap Runtime System

• The process of compaction is expensive
• If malloc/free same sized blocks, no need for
  compaction
• Do not replace malloc/free, but simple augment
  with additional my_malloc and my_free routines.

43
Run-time Library
Application
Memory Management
Processor
Operating System
44
Pointers Aside

• Contain an address a virtual address specific
  to our own application.
• If the pointer is 32bits then it can access
  memory from 0 to 232-1

All of this is ours to access
corrupt
0
232-1
45
References Aside

• They also contain an address. Yes, even Java
  references can contain an address.
• The COMPILER prevents you from doing arithmetic
  on these data types.
• Remember how we could actually access the private
  data of a class even when we werent supposed to.
• Bad people will often misuse this and get
  around the compiler-enforced rules.
• And we still have a backdoor using JNI to corrupt
  Java objects

46
Data vs Executable
0x123456
All based on context

• 1001000100010

Executable PC 0x123456 Fetch
instruction Execute instruction
Data int i i 0x123456 i 12
47
Lack of Memory Protection

• Static
• Global variables
• Should not be executed
• Executable Code
• Should not be written
• Data
• Heap/Stack
• Should not be executed
• Constants
• Should not be written

The Big Lie hides this
Lack of runtime protection but there is compiler
enforcement.
48
StackGuard for Stack Protection

• Stack guard makes stack instance data
  unexecutable
• Stack execution is exploited with a buffer
  overflow attack

10001010001010001111000101010001010
Allocated Buffer
Try to get this extra data to be executed
49
Purify for Heap Debugging

• Purify checking for using memory that you
  already released.
• X (int )malloc(sizeof(int))
• free (X)
• X 12

We may (not) reassign the old X memory
When a problem arises, the program crashes.
Typically used during debugging.
50
Add a Print Statement
Stack
Heap
Static
Bad pointer
Stack
Heap
Static
Bad, but a harmless pointer