Is malloc deterministic? Say If I have a forked process, that is, a replica of another process, and at some point both of them call the malloc function. Would the address allocated be the same in both processes? Assuming that other parts of execution are also deterministic.
Note: Here, I'm only talking about virtual memory, not physical one.
Dynamic memory allocation tends to be non-deterministic; the time taken to allocate memory may not be predictable and the memory pool may become fragmented, resulting in unexpected allocation failures. This article details the problems and an approach to deterministic dynamic memory allocation.
There are a number of reasons why malloc() is not generally recommended for embedded applications: The function is commonly not re-entrant (thread friendly), so using it with a real-time operating system may be challenging.
There is no reason at all for it to be deterministic, in fact there can be some benefit to it not being deterministic, for example increasing the complexity of exploiting bugs (see also this paper).
This randomness can be helpful at making exploits harder to write. To successfully exploit a buffer overflow you typically need to do two things:
If the memory location is unpredictable making that jump can become quite a lot harder.
The relevant quote from the standard §7.20.3.3/2:
The malloc function allocates space for an object whose size is specified by size and whose value is indeterminate
If it were the intention to make it deterministic then that would be clearly stated as such.
Even if it looks deterministic today I wouldn't bet on it remaining so with a newer kernel or a newer libc/GCC version.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With