understanding sbrk(0)
Ash
I have a very simple program in C
main()
{
long *p;
p = sbrk(0);
printf("p = %p\n", p);
}
Everytime I run this, it gives a different value of p. My questions
are:
1) What does sbrk(0) do? Man page says that it gives a location of
program break. What does "program break" mean?
2) If p is the location where the heap part of the process address
space points, then shouldnt it be the same everytime? (to my poor
knowledge)
3) If I do cat /proc/<pid of this process>/maps the region mappings
given are the same everytime except for one section which is equal to
the value of p in the program? What does that mean?
Thanks in advance
Ash
Paul Pluzhnikov
> Everytime I run this, it gives a different value of p. My questions
> are:
You need to specify your system: on my system that program gives
*the same* value for "p" every time.
> 1) What does sbrk(0) do? Man page says that it gives a location of
> program break. What does "program break" mean?
http://docs.sun.com/db/doc/802-1954/6i5v01d57?a=view
> 2) If p is the location where the heap part of the process address
> space points, then shouldnt it be the same everytime? (to my poor
> knowledge)
It should be, except you are probably running on a recent Linux
system with 'exec-shield' enabled.
Disable it with (as root): 'echo 0 > /proc/sys/kernel/exec-shield'
and try again.
Read more about exec-shield here:
http://people.redhat.com/mingo/exec-shield/ANNOUNCE-exec-shield
Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.
Ash
do with the sbrk(0) value?
Paul Pluzhnikov <ppluzhn...@charter.net> wrote in message news:<m3sm80n...@salmon.parasoft.com>...
Paul Pluzhnikov
A. Because doing so makes the conversation harder to read.
Q. Why should I not top-post?
Please do not top post. Rest of the message re-ordered.
> Paul Pluzhnikov <ppluzhn...@charter.net> wrote:
> > It should be, except you are probably running on a recent Linux
> > system with 'exec-shield' enabled.
> > Disable it with (as root): 'echo 0 > /proc/sys/kernel/exec-shield'
> > and try again.
> You are right, it works. but didnt understand what exec shield has to
> do with the sbrk(0) value?
Have you read the article on exec-shield? It appears not ...
Exec-shield attempts to randomize placement of the executable. Since
the value of sbrk(0) at startup has a fixed relationship to the
executable load address, exec-shield also randomizes the value
returned by sbrk(0).
Ash
> amu...@yahoo.com (Ash) writes:
>
> A. Because doing so makes the conversation harder to read.
> Q. Why should I not top-post?
>
> Please do not top post. Rest of the message re-ordered.
>
> > Paul Pluzhnikov <ppluzhn...@charter.net> wrote:
> > > It should be, except you are probably running on a recent Linux
> > > system with 'exec-shield' enabled.
> > > Disable it with (as root): 'echo 0 > /proc/sys/kernel/exec-shield'
> > > and try again.
>
> > You are right, it works. but didnt understand what exec shield has to
> > do with the sbrk(0) value?
>
> Have you read the article on exec-shield? It appears not ...
>
> Exec-shield attempts to randomize placement of the executable. Since
> the value of sbrk(0) at startup has a fixed relationship to the
> executable load address, exec-shield also randomizes the value
> returned by sbrk(0).
>
> Cheers,
Here is another problem that I face: Consider the following program
main()
{
int fd, n;
char *p, buf[5 * PAGE_SIZE];
unsigned long brk;
brk = (long) sbrk(0);
printf("brk = %p\n", brk);
/**********************/
p = (char *)malloc(10);
/**********************/
fd = open("/proc/self/maps", O_RDONLY);
p = buf;
while (n = read(fd, p, PAGE_SIZE)) {
p += n;
}
printf("%s\n", buf);
}
This simple program is trying to print process break value and the
process address space mappings.
If the highlighed line is included in the program then brk value
corresponds to the one of the addresses printed in the mappings
If the highlighted line is removed in this program then brk value is
some arbitrary value that doesnt exist in the address space mappings.
why?
You can easily understand the problem if you compile and run this
program.
>>>PS I had read the exec-shield note but didnt understand much out of
it. Thanks
Paul Pluzhnikov
> Here is another problem that I face: Consider the following program
You clearly still do not understand what "the break" value is.
Perhaps the figure "A simplified view of the address space of a
UNIX process" here: http://www.memorymanagement.org/glossary/full.html
will make it clearer for you.
> If the highlighed line is included in the program then brk value
> corresponds to the one of the addresses printed in the mappings
The malloc(10) performed brk() call "behind the scenes" to increment
the break value [1], and the kernel reflected this fact in the
/proc/self/maps.
[1] You can see that by running your program under 'strace', and
you'll do well to study strace's output.
> If the highlighted line is removed in this program then brk value is
> some arbitrary value that doesnt exist in the address space mappings.
It is not at all arbitrary. It is "just past" the program data segment.
Jonathan Adams
Paul Pluzhnikov <ppluzhn...@charter.net> wrote:
> amu...@yahoo.com (Ash) writes:
> > If the highlighed line is included in the program then brk value
> > corresponds to the one of the addresses printed in the mappings
>
> The malloc(10) performed brk() call "behind the scenes" to increment
> the break value [1], and the kernel reflected this fact in the
> /proc/self/maps.
>
> [1] You can see that by running your program under 'strace', and
> you'll do well to study strace's output.
>
> > If the highlighted line is removed in this program then brk value is
> > some arbitrary value that doesnt exist in the address space mappings.
>
> It is not at all arbitrary. It is "just past" the program data segment.
Not always -- the various mapping-randomization patches for Linux will
randomize it as well, for example.
- jonathan