Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > malloc and maximum size

Reply
Thread Tools

malloc and maximum size

 
 
Kaz Kylheku
Guest
Posts: n/a
 
      01-25-2012
On 2012-01-25, Tim Rentsch <(E-Mail Removed)> wrote:
> Keith Thompson <(E-Mail Removed)> writes:
>
>> James Kuyper <(E-Mail Removed)> writes:
>> [...]
>>> Not even sizeof(char[3500000000])? For an implementation where
>>> (size_t)(-1) is 4294967295, what gives that implementation permission to
>>> do anything with that expression other than yield a value of
>>> (size_t)3500000000? The implementation is free to issue a diagnostic, of
>>> course, but not to reject the code.

>>
>> Interesting. For the following program:
>>
>> #include <stdio.h>
>> int main(void) {
>> printf("%zu\n", sizeof (char[(size_t)-1]));
>> return 0;
>> }
>>
>> "gcc -std=c99" rejects it with an error message:
>>
>> c.c: In function 'main':
>> c.c:3:5: error: size of unnamed array is too large
>>
>> Change the array size to (size_t)-1/2 and it compiles and prints
>> "2147483647". Change it to (size_t)-1/2+1 and it rejects it with the
>> same error message.
>>
>> Does this make "gcc -std=c99" non-conforming?

>
> No, because there is no requirement that this program
> be accepted.


If for every feature of the above program, we can deduce what the behavior
should be (and thus in doing so we must find that it does not violate any
limit, or invoke any UB) then we can deduce that this program must be accepted,
or else it represents a test case that shows the implementation to be
nonconforming.

I don't believe that it violates any limits or invokes any UB, which leads me
to conclude that it does show the above gcc installation to be nonconforming.

This all follows from the software engineering sense of what it means to have a
test case, what requirements are, and what it means for a test case to fail.

It might be a test case that is considered "degenerate", which is a code word
for "something that the users probably won't run into or care about".
Or that it's not a "showstopper bug".

But that sort of negotation or classification of defects is outside of the
standard.

Now if you make a program which stresses each of the limists and gcc chokes on
it, then you have not proven a nonconformity. This is because 5.4.2.1
has the effect of excusing the implementors from handling /all/ such programs.
They have to handle only one, and it can be any program from that set;
not restricted to one that is chosen by the users of the implementation.

If you change your program so that it does not exercise all of the limits
(maybe by scaling back just one of them) and if you can still reproduce the
failure, then you have found a nonconformance.
 
Reply With Quote
 
 
 
 
Shao Miller
Guest
Posts: n/a
 
      01-25-2012
On 10/14/2011 09:31, V.Subramanian, India wrote:
> This question is only for understanding purpose.
>
>[...]
>
> What is the reason for allocating this much less memory while the
> parameter type of malloc is size_t ?
>
> Normally what factor drives the maximum size of a single chunk of
> memory allocated by malloc ?
>
> Please explain.


I believe it's up to the implementation to a large extent. An
implementation might have 'size_t' sufficient to represent all of memory
with a flat memory model. It might then allow you to create a pointer
that points anywhere in memory like this:

unsigned char * byte_at_some_address = (unsigned char *) (size_t) XXX;

Or to represent an arbitrary pointer as an unsigned integer:

size_t address = (size_t) (void *) some_ptr;

If you want to test some limits, you could try this:

/* For use with C89 */

#include <stddef.h>
#include <stdlib.h>

static void * biggest_buf(void);

int main(void) {
char * foo;
char * bar;
char * baz;

foo = biggest_buf();
bar = biggest_buf();
baz = biggest_buf();
free(foo);
free(bar);
free(baz);
return EXIT_SUCCESS;
}

static void * biggest_buf(void) {
char * big_buf;
size_t max_size, big_size, test_size, highest_test;

/* Find the maximum size_t */
max_size = 0;
--max_size;

switch (1) while (1) {
/* big_size <= test_size <= highest_test */
big_buf = malloc(test_size);
if (!big_buf) {
if (test_size == big_size) {
/* Maximum allocation has changed. Start over */
default:
test_size = highest_test = max_size;
big_size = 0;
continue;
}
/*
* We couldn't allocate a bigger buffer than last time.
* Split the difference and try a smaller allocation
*/
highest_test = test_size;
test_size = (test_size - big_size) / 2 + big_size;
continue;
}

/* Check if we've found the biggest allocation */
if (test_size == big_size) {
/* All done */
break;
}

/* Otherwise, we might be able to allocate more */
free(big_buf);
big_size = test_size;
test_size = (highest_test - big_size) / 2 + big_size;
continue;
}
return big_buf;
}

--
"The stationery store has moved. Aaargh!"
 
Reply With Quote
 
 
 
 
Shao Miller
Guest
Posts: n/a
 
      01-25-2012
On 1/24/2012 23:49, Shao Miller wrote:
> On 10/14/2011 09:31, V.Subramanian, India wrote:
>> This question is only for understanding purpose.
>>
>> [...]
>>
>> What is the reason for allocating this much less memory while the
>> parameter type of malloc is size_t ?
>>
>> Normally what factor drives the maximum size of a single chunk of
>> memory allocated by malloc ?
>>
>> Please explain.

>


Oh and just in case nobody else mentioned it yet, 'malloc' is supposed
to return a contiguous range of memory. So if you have 4 GiB of RAM (or
whatever), you might expect that there's going to be some stuff
occupying some of it, and the maximum _contiguous_ chunk won't even be
equal to the amount of available/unused RAM, as there'll probably be
some fragmentation.
 
Reply With Quote
 
Keith Thompson
Guest
Posts: n/a
 
      01-25-2012
Tim Rentsch <(E-Mail Removed)> writes:
[...]
> Only strictly conforming programs are Standard-ly required to be
> accepted. Any other programs (which this example presuably was on
> the implementation in question) don't have to be.


I think C99 4p3 contradicts that:

A program that is correct in all other aspects, operating on
correct data, containing unspecified behavior shall be a correct
program and act in accordance with 5.1.2.3.

--
Keith Thompson (The_Other_Keith) http://www.velocityreviews.com/forums/(E-Mail Removed) <http://www.ghoti.net/~kst>
Will write code for food.
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
 
Reply With Quote
 
Tim Rentsch
Guest
Posts: n/a
 
      02-01-2012
Kaz Kylheku <(E-Mail Removed)> writes:

> On 2012-01-25, Tim Rentsch <(E-Mail Removed)> wrote:
>> James Kuyper <(E-Mail Removed)> writes:
>>> As I'm sure you're already aware, 5.2.4.1 is one of my least favorite
>>> clauses in the standard. Taking it's words literally, what it fails to
>>> promise renders virtually the entire rest of the standard meaningless;
>>> [snip]

>>
>> I'm sure that's true for some, but most people who read
>> the Standard have no real problem with it. Show of hands,
>> anyone?

>
> 5.2.4.1 simply gives a set of requirements in such a way that it is clear
> that all of the limits are independent. An implementation should be able to
> translate a program which exercises each of the limits /simultaneously/.
> That is the point. The implementation canot assert that, oops, since you
> declared an object of 65535 bytes, you can only have 63 nesting of blocks, and
> not the required 127. [snip some elaboration of that]
>
> There is clearly no intent there that conformance is hinged to a single test
> case which exercises some limits. [snip]


5.2.4.1 simply establishes a lower bound, and in my opinion a
fairly reasonable one. Everything above the 5.2.4.1 lower bound
is therefore relegated to QOI, which I think makes a lot of
sense, and certainly more sense than going to the other extreme.
The purpose of the Standard is to define the language (albeit
indirectly, by giving requirements for implementations of the
language); it is not to establish what constitutes a minimally
"acceptable" implementation, which is better left to some other
arena.
 
Reply With Quote
 
Tim Rentsch
Guest
Posts: n/a
 
      02-01-2012
Kaz Kylheku <(E-Mail Removed)> writes:

> On 2012-01-25, Tim Rentsch <(E-Mail Removed)> wrote:
>> Keith Thompson <(E-Mail Removed)> writes:
>>
>>> James Kuyper <(E-Mail Removed)> writes:
>>> [...]
>>>> Not even sizeof(char[3500000000])? For an implementation where
>>>> (size_t)(-1) is 4294967295, what gives that implementation permission to
>>>> do anything with that expression other than yield a value of
>>>> (size_t)3500000000? The implementation is free to issue a diagnostic, of
>>>> course, but not to reject the code.
>>>
>>> Interesting. For the following program:
>>>
>>> #include <stdio.h>
>>> int main(void) {
>>> printf("%zu\n", sizeof (char[(size_t)-1]));
>>> return 0;
>>> }
>>>
>>> "gcc -std=c99" rejects it with an error message:
>>>
>>> c.c: In function 'main':
>>> c.c:3:5: error: size of unnamed array is too large
>>>
>>> Change the array size to (size_t)-1/2 and it compiles and prints
>>> "2147483647". Change it to (size_t)-1/2+1 and it rejects it with the
>>> same error message.
>>>
>>> Does this make "gcc -std=c99" non-conforming?

>>
>> No, because there is no requirement that this program
>> be accepted.

>
> If for every feature of the above program, we can deduce what the behavior
> should be (and thus in doing so we must find that it does not violate any
> limit, or invoke any UB) then we can deduce that this program must be accepted,
> or else it represents a test case that shows the implementation to be
> nonconforming. [snip elaboration]


I don't find any support for this conclusion in the Standard. The
Standard _does_ require that implementations accept any strictly
conforming program, but the program given above is not strictly
conforming. I'm not aware of any requirement in the Standard
that any program other than strictly conforming ones be accepted.
There is the one distinguished program (of each implementation's
choosing) that must accepted and executed successfully, but the
program above cannot be that.

In the absence of a requirement to accept a particular program, I
believe implementations are not required to accept it, especially
since for some programs there is such a requirement.
 
Reply With Quote
 
Tim Rentsch
Guest
Posts: n/a
 
      02-01-2012
Keith Thompson <(E-Mail Removed)> writes:

> Tim Rentsch <(E-Mail Removed)> writes:
> [...]
>> Only strictly conforming programs are Standard-ly required to be
>> accepted. Any other programs (which this example presuably was on
>> the implementation in question) don't have to be.

>
> I think C99 4p3 contradicts that:
>
> A program that is correct in all other aspects, operating on
> correct data, containing unspecified behavior shall be a correct
> program and act in accordance with 5.1.2.3.


You bring up a good point. I suppose one could argue that a
non-strictly conforming program that an implemention chooses
not to accept is not "correct in all other aspects", but
certainly the issue is open to debate.

However, even if we grant this exception, it is very narrow.
It speaks only to the possibility of unspecified behavior,
and not (for example) a program exceeding some minimum level
of required implementation limit, so 4p3 doesn't apply to
the program (not shown) under discussion.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating the maximum number of menus and maximum number of stills rossco DVD Video 2 11-24-2005 09:33 PM
the maximum memory size allowed in malloc Jerry C Programming 19 01-27-2005 12:12 AM
free'ing malloc'd structure with malloc'd members John C Programming 13 08-02-2004 11:45 AM
The number name 'System.Web.UI.WebControls' contains more than the maximum number of prefixes. The maximum is 3. mayur ASP .Net Web Controls 2 07-16-2004 05:14 PM
The number name 'System.Web.UI.WebControls' contains more than the maximum number of prefixes. The maximum is 3. mayur ASP .Net 2 07-02-2004 10:35 AM



Advertisments