File: malloc.dox

package info (click to toggle)
avr-libc 1%3A1.6.2.cvs20080610-2
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 14,848 kB
  • ctags: 55,619
  • sloc: ansic: 92,267; asm: 6,692; sh: 4,131; makefile: 2,481; python: 976; pascal: 426; perl: 116
file content (235 lines) | stat: -rw-r--r-- 11,933 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
/* Copyright (c) 2002, Joerg Wunsch
   All rights reserved.

   Redistribution and use in source and binary forms, with or without
   modification, are permitted provided that the following conditions are met:

   * Redistributions of source code must retain the above copyright
     notice, this list of conditions and the following disclaimer.
   * Redistributions in binary form must reproduce the above copyright
     notice, this list of conditions and the following disclaimer in
     the documentation and/or other materials provided with the
     distribution.

  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  POSSIBILITY OF SUCH DAMAGE. */

/* $Id: malloc.dox,v 1.11 2007/04/06 00:29:38 arcanum Exp $ */

/** \page malloc Memory Areas and Using malloc()

\section malloc_intro Introduction

Many of the devices that are possible targets of avr-libc have a minimal
amount of RAM.  The smallest parts supported by the C environment come
with 128 bytes of RAM.  This needs to be shared between initialized
and uninitialized variables (\ref mem_sections "sections" \c .data and
\c .bss), the dynamic memory allocator, and the stack that is used for
calling subroutines and storing local (automatic) variables.

Also, unlike larger architectures, there is no hardware-supported
memory management which could help in separating the mentioned RAM
regions from being overwritten by each other.

The standard RAM layout is to place \c .data variables first, from the
beginning of the internal RAM, followed by \c .bss.  The stack is
started from the top of internal RAM, growing downwards.  The
so-called "heap" available for the dynamic memory allocator will be
placed beyond the end of \c .bss.  Thus, there's no risk that dynamic
memory will ever collide with the RAM variables (unless there were
bugs in the implementation of the allocator). There is still a risk that
the heap and stack could collide if there are large requirements for 
either dynamic memory or stack space.  The former can
even happen if the allocations aren't all that large but
dynamic memory allocations get fragmented over time such that new requests
don't quite fit into the "holes" of previously freed regions.  Large
stack space requirements can arise in a C function containing large and/or
numerous local variables or when recursively calling function.

\note
The pictures shown in this document represent typical situations where the
RAM locations refer to an ATmega128.
The memory addresses used are not displayed in a linear scale.

\image html malloc-std.png "RAM map of a device with internal RAM"
\image latex malloc-std.eps "RAM map of a device with internal RAM" width=7.5cm

On a simple device like a microcontroller it is a challenge to implement a
dynamic memory allocator that is simple enough so the code size requirements 
will remain low, yet powerful enough to avoid unnecessary memory fragmentation 
and to get it all done with reasonably few CPU cycles. Microcontrollers
are often low on space and also run at much lower speeds than the typical PC 
these days.

The memory allocator implemented in avr-libc tries to cope with all of
these constraints, and offers some tuning options that can be used if
there are more resources available than in the default configuration.

\section malloc_where Internal vs. external RAM

Obviously, the constraints are much harder to satisfy in the default
configuration where only internal RAM is available.  Extreme care must
be taken to avoid a stack-heap collision, both by making sure
functions aren't nesting too deeply, and don't require too much stack
space for local variables, as well as by being cautious with
allocating too much dynamic memory.

If external RAM is available, it is strongly recommended to move the
heap into the external RAM, regardless of whether or not the variables from
the \c .data and \c .bss sections are also going to be located there.
The stack should always be kept in internal RAM.  Some devices
even require this, and in general, internal RAM can be accessed
faster since no extra wait states are required.  When using dynamic memory
allocation and stack and heap are separated in distinct memory areas, this is the safest way to avoid a
stack-heap collision.

\section malloc_tunables Tunables for malloc()

There are a number of variables that can be tuned to adapt the
behavior of malloc() to the expected requirements and constraints
of the application.  Any changes to these tunables should be made
before the very first call to malloc().  Note that some library
functions might also use dynamic memory (notably those from the
\ref avr_stdio), so make sure the changes will be done early enough in the
startup sequence.

The variables \c __malloc_heap_start and \c __malloc_heap_end can be
used to restrict the malloc() function to a certain memory region.
These variables are statically initialized to point to \c __heap_start
and \c __heap_end, respectively, where \c __heap_start is filled in by
the linker to point just beyond \c .bss, and \c __heap_end is set to 0
which makes malloc() assume the heap is below the stack.

If the heap is going to be moved to external RAM, \c __malloc_heap_end
\e must be adjusted accordingly.  This can either be done at run-time,
by writing directly to this variable, or it can be done automatically at
link-time, by adjusting the value of the symbol \c __heap_end.

\anchor malloc_extram
The following example shows a linker command to relocate the entire \c .data 
and \c .bss segments, and the heap to location 0x1100 in external RAM.  The
heap will extend up to address 0xffff.

\code
avr-gcc ... -Wl,-Tdata=0x801100,--defsym=__heap_end=0x80ffff ...
\endcode

\note
See \ref harvard_arch "explanation" for offset 0x800000.
See the chapter about \ref gcc_minusW "using gcc" for the \c -Wl
options.

\image html malloc-x1.png "Internal RAM: stack only, external RAM: variables and heap"
\image latex malloc-x1.eps "Internal RAM: stack only, external RAM: variables and heap" width=12cm

If dynamic memory should be placed in external RAM, while keeping
the variables in internal RAM, something like the following could be
used.  Note that for demonstration purposes, the assignment of the
various regions has not been made adjacent in this example, so there
are "holes" below and above the heap in external RAM that remain
completely unaccessible by regular variables or dynamic memory
allocations (shown in light bisque color in the picture below).

\code
avr-gcc ... -Wl,--defsym=__heap_start=0x802000,--defsym=__heap_end=0x803fff ...
\endcode

\image html malloc-x2.png "Internal RAM: variables and stack, external RAM: heap"
\image latex malloc-x2.eps "Internal RAM: variables and stack, external RAM: heap" width=12cm

If \c __malloc_heap_end is 0, the allocator attempts to detect the
bottom of stack in order to prevent a stack-heap collision when
extending the actual size of the heap to gain more space for dynamic
memory.  It will not try to go beyond the current stack limit,
decreased by \c __malloc_margin bytes.  Thus, all possible stack
frames of interrupt routines that could interrupt the current
function, plus all further nested function calls must not require more
stack space, or they will risk colliding with the data segment.

The default value of \c __malloc_margin is set to 32.

\section malloc_impl Implementation details

Dynamic memory allocation requests will be returned with a two-byte
header prepended that records the size of the allocation.  This is
later used by free().  The returned address points just beyond that
header.  Thus, if the application accidentally writes before the
returned memory region, the internal consistency of the memory
allocator is compromised.

The implementation maintains a simple freelist that accounts for
memory blocks that have been returned in previous calls to free().
Note that all of this memory is considered to be successfully added to
the heap already, so no further checks against stack-heap collisions
are done when recycling memory from the freelist.

The freelist itself is not maintained as a separate data structure,
but rather by modifying the contents of the freed memory to contain
pointers chaining the pieces together.  That way, no additional memory
is reqired to maintain this list except for a variable that keeps track
of the lowest memory segment available for reallocation.  Since both,
a chain pointer and the size of the chunk need to be recorded in each
chunk, the minimum chunk size on the freelist is four bytes.

When allocating memory, first the freelist is walked to see if it
could satisfy the request.  If there's a chunk available on the
freelist that will fit the request exactly, it will be taken,
disconnected from the freelist, and returned to the caller.  If no
exact match could be found, the closest match that would just satisfy
the request will be used.  The chunk will normally be split up into
one to be returned to the caller, and another (smaller) one that will
remain on the freelist.  In case this chunk was only up to two bytes
larger than the request, the request will simply be altered internally
to also account for these additional bytes since no separate freelist
entry could be split off in that case.

If nothing could be found on the freelist, heap extension is
attempted.  This is where \c __malloc_margin will be considered if the
heap is operating below the stack, or where \c __malloc_heap_end will
be verified otherwise.

If the remaining memory is insufficient to satisfy the request,
\c NULL will eventually be returned to the caller.

When calling free(), a new freelist entry will be prepared.  An
attempt is then made to aggregate the new entry with possible adjacent
entries, yielding a single larger entry available for further
allocations.  That way, the potential for heap fragmentation is hopefully
reduced.

A call to realloc() first determines whether the operation is about to
grow or shrink the current allocation.  When shrinking, the case is
easy: the existing chunk is split, and the tail of the region that is
no longer to be used is passed to the standard free() function for
insertion into the freelist.  Checks are first made whether the tail
chunk is large enough to hold a chunk of its own at all, otherwise
realloc() will simply do nothing, and return the original region.

When growing the region, it is first checked whether the existing
allocation can be extended in-place.  If so, this is done, and the
original pointer is returned without copying any data contents.  As a
side-effect, this check will also record the size of the largest chunk
on the freelist.

If the region cannot be extended in-place, but the old chunk is at the
top of heap, and the above freelist walk did not reveal a large enough
chunk on the freelist to satisfy the new request, an attempt is made
to quickly extend this topmost chunk (and thus the heap), so no need
arises to copy over the existing data.  If there's no more space
available in the heap (same check is done as in malloc()), the entire
request will fail.

Otherwise, malloc() will be called with the new request size, the
existing data will be copied over, and free() will be called on the
old region.

*/