Title: Memory Management
1Memory Management
- COSC319
- Software Engineering Concepts
2Memory Errors
- When memory is corrupted
- Data is overwritten and results are incorrect
- Program code is overwritten and program crashes
- Memory references outside of application space
- Who/What did it?
- My own application did it to itself
- Another concurrent application
- The Operating System (OS)
- The machine did it!
3Who does what?
Run-time Library
Application
Memory Management
Processor
Operating System
Everybody helps
4The Big Lie
Run-time Library
Application
Memory Management
Processor
Operating System
Good abstraction for novice programmers
5The conclusion
Run-time Library
Application
Memory Management
Processor
Your application does most of the damage
Operating System
6Run-time Library
Application
Memory Management
Processor
Operating System
7What if the Program is Too Big
- Some machines wont let you run the program
- Original DOS
RAM
0x3fff
00011010011100001010100101011001101001110000
10101001010110011010011100001010100101011101
011
Was not that long ago
Early workaround was program overlays which were
programmer controlled.
0x0000
8Virtual Memory
- Let the OS/processor manage our virtual memory!
- What is virtual memory?
- Technique that allows execution of a program that
- can reside in discontiguous memory
- does not have to completely reside in memory
(RAM) - Allows the computer to fake a program into
believing that its - memory is contiguous
- memory space is larger than physical RAM
- the only thing residing in memory
- Why is VM important?
- Cheap - no longer have to buy lots of RAM
- Removes burden of memory resource management from
the programmer
9How Does VM Work
- Two memory spaces
- Virtual memory space - what the program sees
- Physical memory space - what the program runs in
(size of RAM) - On program startup
- OS copies program into RAM
- If there is not enough RAM, OS stops copying
program starts running the program with some
portion of the program loaded in RAM - When the program touches a part of the program
not in physical memory (RAM), OS copies that part
of the program from disk into RAM - In order to copy some of the program from disk
to RAM, OS must evict parts of the program
already in RAM - OS copies the evicted parts of the program back
to diskif the pages are dirty (i.e. the data has
been changed)
10Virtual vs. Physical Space
Virtual Address Space
Physical Address Space
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
0x00 0x04 0x08 0x0C
Some memory in physical memory and some on disk
11Example
Virtual Address Space
Physical Address Space
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5 bne 0x00 add r10,r1,r2 sub r3,r4,r1 sw
r5,0x0C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5
0x00 0x04 0x08 0x0C
12Example (cont)
Virtual Address Space
Physical Address Space
VA -gt PA
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5 bne 0x00 add r10,r1,r2 sub r3,r4,r1 sw
r5,0x0C
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
0x00 0x04 0x08 0x0C Disk Disk Disk Disk
0x00 0x04 0x08 0x0C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5
13Example (cont)
Virtual Address Space
Physical Address Space
VA -gt PA
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5 bne 0x00 add r10,r1,r2 sub r3,r4,r1 sw
r5,0x0C
0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C
Disk 0x04 0x08 0x0C Disk Disk Disk Disk
0x00 0x04 0x08 0x0C
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5
14Basic VM Algorithm
- Program presents virtual address (load, store,
instruction fetch) - Computer translates virtual addr. (VA) to
physical addr. (PA) - Computer reads RAM using PA, returning the data
to program
VA -gt PA
RAM
0x00 0x04 0x08 0x0C 0x10
0x00 0x04 0x08 0x0C Disk
Virtual Address
Processor (running program)
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5
0x00 0x04 0x08 0x0C
15Page Tables
- Table which holds VA -gt PA translations is the
page table - In our current scheme, each word is translated
from a virtual address (VA) to a physical address
(PA)
VA -gt PA
RAM
0x00 0x04 0x08 0x0C 0x10
0x00 0x04 0x08 0x0C Disk
Virtual Address
Processor (running program)
add r1,r2,r3 sub r2,r3,r4 lw r2,0x04 mult
r3,r4,r5
0x00 0x04 0x08 0x0C
Instructions (or data)
16Page Tables (cont)
- Instead of the fine-grained VM where any word in
VM can map to any RAM word location, we
partition memory into chunks called pages - Typical page size today is 4 or 8 KBytes
- Reduces the number of VA-gt PA translation entries
- Only one translation per page
- For 4 KByte page, thats one VA-gt PA translation
for every 1,024 words - Within a page, the virtual address physical
address
31
12
0
11
Virtual Address
Virtual Page Number
Page Offset
Translation
24
0
12
11
Physical Address
Physical Page Number
Page Offset
17Page Table
31
12
0
11
Virtual Address
Virtual Page Number
Page Offset
Each entry in the page table is called a Page
Table Entry (PTE)
The processor has been doing all of this work so
far.
23
12
0
11
Physical Address
Physical Page Number
Page Offset
of bits in page offset Log2(Page Size) of
bits in physical address Log2( RAM Bytes)
18Run-time Library
Application
Memory Management
Processor
Operating System
19What Happens If Page Is Not in RAM?
- How do we know its not in RAM?
- PTEs (page table entry) valid bit is set to
INVALID (DISK) - What do we do?
- Hardware asks OS to fetch the page from disk
- We call this a page fault
- Before page is read from disk, OS must evict a
page from RAM (if RAM is full) - The page to be evicted is called the victim page
- If the page to be evicted is dirty, write the
page back to disk - Only data pages can be dirty
- OS then reads the requested page from disk
- OS changes the page tables to reflect the new
mapping - Hardware restarts at the faulting virtual address
20Which Page Should We Evict
- Optimal solution evict a page that wont be
referenced (used) again - If all pages will be used again, then evict the
page that will not be used for the longest period
of time (Belady) - Guarantees the lowest possible page fault rate (
of faults per second) - Cant be done unless we can tell the future
- Other page replacement algorithms
- First-in, First-out (FIFO)
- Least Recently Used (LRU)
This is the core of the OS contribution to memory
management
21Another App
Run-time Library
Application
Memory Management
Processor
Operating System
22Multiprogramming and Protection
- Most machines run multiple processes
- The processes share RAM
- Example simultaneously running emacs, verilog
and X-window system OR word, excel, and explorer. - Need some mechanism to protect the memory of each
process - Avoid one process reading or writing the memory
of another process
23Back to Protection
- Simplest approach
- Provide pair of registers that checks every
address to make sure the address falls between
the two limits - Example, when running Job 3, the two
registerswould point to the bottom and top of
Job 3smemory range - Base lt Address lt Bound
- User process should not beallowed to alter the
base andbound registers - Only OS can do this
- Processor provides at least two modes
- User and system (OS)
- System mode is a privileged mode
- Code running in system mode can access parts of
the machine (registers)that user mode cannot
access (modify)
24Protection (cont)
- Finer-grained protection is accomplished by
protecting each page - Give each user process its own page table
- Because of hardware virtual memory support, the
process can only access physical pages listed in
its page table - In the example below, the process can only access
physical pages (1, 3, 4, 5, 8)
0
11
31
12
Virtual Page Number
Page Offset
Virtual Address
0x00004
0x100
valid bit
Physical page number
0x00000 0x00001 0x00002 0x00003 0x00004
0x001 0x005 0x003 0x004 0x008
25Protection (cont)
- Separate page tables (per process) provide
page-level protection - OS creates and manages page tables so that no
user-level process can alter any processs page
table - Page tables are mapped into kernel memory where
only the OS can read or write
26Protection (cont)
- Notice that both processes (1 and 2) use the same
virtual addresses - Notice that the physical addresses are never the
same (between the two processes)
27Run-time Library
Application
Memory Management
Processor
Operating System
28The Runtime Library is Part of Our Application
Source File
Object File
Object File
Object File
Executable
Linker
Compiler
Library
Librarian
29The Java System Objects are Part of Our
Application
System objects are no different than our own
application objects
java.net
java.io
foo
bar
JVM
30Static Memory
- Global variables
- Includes user variables and runtime library
variables - Executable code
- Includes user code and runtime code
- Constants remember the object file!
- Layout of static memory done by the linker.
- Remember in virtual memory we assume we have one
big virtual address space all to ourselves.
Static Memory items are found in the object file.
31What is in the Runtime System
- Code for the routines used
- Printing
- Mathematical functions
- File manipulation
- Dynamic memory management
- Any global variables needed by those routines
- errno is a runtime global variable
- Memory for the stack and heap
32Our Application Memory Space
Static
Runtime Code and Data
Stack
Heap
The PCB is our applications metadata and is
stored in OS memory.
33Stack and Heap Layout
Stack
Heap
Static
The stack and heap is just memory specified to be
set aside for use by the runtime system. It is
just like your own global memory.
This is unused memory
34Alternative Stack and Heap Layout
Stack ?
? Heap
- Typical for embedded systems
- Uses up whatever memory you have left
35Stack Memory
- LIFO last in first out
- Better said last subprogram to run is the first
to exit. - Used with subprogramming
- We separate the code from the instance (data) of
the subprogram - One copy of the code and N copies of the data
- Each subprogram places an activation record on
the stack which is the memory that the local
subprogram uses
36Compiler-inserted Code for Stack Management
- bar(int b)
- printf (d\n, b)
-
- foo(int g)
- int f 4
- bar(gf)
-
- main()
- int m 3
- foo(m)
g is located on the stack
Push m on the stack (Set aside space for it)
Push m on the stack Then call foo
Pop the stack to remove m
37Compiler-inserted Code for Stack Management
- bar(int b)
- printf (d\n, b)
-
- foo(int g)
- int f 4
- bar(gf)
-
- main()
- int m 3
- foo(m)
d\n
b
gf
f
m
m
38REMEMBER Clearing Memory
- Part of the process of laying out the program
into memory is the act of clearing memory. - In a multi-processing system, this keeps one
process from looking at the old state of a
program that just ended. - An uninitialized global variable would be a zero.
- At least thats what the C and C standards say.
- Should this happen with an embedded system or a
single user system such as a handheld device? - Where did the original code come from?
- Local variables do not have the same guarantee.
- If a sub-module was actually a former stand-alone
program the global (now local) variables may not
be initialized.
Uninitialized local variables have the previous
memory contents
39Heap Memory
- Managed by the runtime system which is linked in
with the application. - A malloc/new traverses a list of memory blocks to
find an amount of memory that will be suitable. - A free/delete returns the memory to heap.
null
s
t
v
free
Plus one word for the size
40Garbage Collection
- Explicit dynamic memory release
- malloc free ?C
- new delete ? C
- Implicit dynamic memory release
- New ignoring the data ? Java
- p new x
- p null
When nothing references the memory, the memory is
reclaimed
p
41Heap Compaction
delete (t)
- When memory is reclaimed (free, delete, or via
garbage collection) the heap is compacted to make
larger blocks
null
s
v
free
42Replacing the Heap Runtime System
- The process of compaction is expensive
- If malloc/free same sized blocks, no need for
compaction - Do not replace malloc/free, but simple augment
with additional my_malloc and my_free routines.
43Run-time Library
Application
Memory Management
Processor
Operating System
44Pointers Aside
- Contain an address a virtual address specific
to our own application. - If the pointer is 32bits then it can access
memory from 0 to 232-1
All of this is ours to access
corrupt
0
232-1
45References Aside
- They also contain an address. Yes, even Java
references can contain an address. - The COMPILER prevents you from doing arithmetic
on these data types. - Remember how we could actually access the private
data of a class even when we werent supposed to. - Bad people will often misuse this and get
around the compiler-enforced rules. - And we still have a backdoor using JNI to corrupt
Java objects
46Data vs Executable
0x123456
All based on context
Executable PC 0x123456 Fetch
instruction Execute instruction
Data int i i 0x123456 i 12
47Lack of Memory Protection
- Static
- Global variables
- Should not be executed
- Executable Code
- Should not be written
- Data
- Heap/Stack
- Should not be executed
- Constants
- Should not be written
The Big Lie hides this
Lack of runtime protection but there is compiler
enforcement.
48StackGuard for Stack Protection
- Stack guard makes stack instance data
unexecutable - Stack execution is exploited with a buffer
overflow attack
10001010001010001111000101010001010
Allocated Buffer
Try to get this extra data to be executed
49Purify for Heap Debugging
- Purify checking for using memory that you
already released. - X (int )malloc(sizeof(int))
- free (X)
- X 12
We may (not) reassign the old X memory
When a problem arises, the program crashes.
Typically used during debugging.
50Add a Print Statement
Stack
Heap
Static
Bad pointer
Stack
Heap
Static
Bad, but a harmless pointer