tags:

views:

302

answers:

3
+2  Q: 

Is there a need to check for NULL after allocating memory, when kernel uses overcommit memory

It is general practice to check for NULL (whether memory is successfully allocated) after a malloc, some thing like

void *ptr = malloc(10);
if (ptr)
{
// do some thing usefull
}
else
{
// no memory. safely return/throw ...
}

with memory overcommit enabled in kernel, is there a chance of getting NULL. Should i follow the practice of religiously checking NULL for each allocation? Will malloc return NULL inspite of aggresive overcommit mechanism (i guess value 1)?

As a matter of fact Android kernel uses memory overcommit (not sure about the value, would love to know it(overcommit value) and its significance). Some of the frame work source(C/C++) code in android(might be 3rd party) doesn't check for NULL nor catch bad_alloc after allocations. Am i missing something?

There are some threads in SO regarding overcommit memory, but none of them resolved my confusion.

EDIT: If aggressive overcommit is being employed NULL wont be returned(assumption 1). When there is no physical memory available and up on trying to access the allocated memory (write in to the memory allocated), OOM will kill some process and allocates memory for the application till it gets killed in turn(assumption 2). In either case i dont see any need for cheking null (memory getting allocated or process getting killed). am i right in my assumptions?
Portability is not a concern for this question.

A: 

You must check return value for NULL every time. Any library function can fail. Even fclose() do (on disconnected NFS share, and error from fclose of NFS file means, that data was not saved).

The most of software is badly written and doesn't contain all checks.

malloc can't return something other than NULL or pointer. All-or-nothing. You can't get 1 byte from malloc if you ask for 10.

osgx  2010-02-15 15:01:08
my question is not with implementation of malloc, but usage of malloc. with memory overcommit enabled , there is very less chance of getting NULL(theoretically) and it is evident in some of the android c/c++ framework sources - which doesn't do this check after allocations.
FL4SOF  2010-02-16 20:17:07
With overcommit mallic will fail farther. http://opsmonkey.blogspot.com/2007/01/linux-memory-overcommit.htmlGenerally, malloc will not fail, when memory is available and ulimit is not reached
osgx  2010-02-16 23:21:54
"With overcommit malloc will fail farther." I believe this is wrong assumption, please look into the link you mentioned.It says demo1: malloc memory and do not use it: Allocated 1.4TB, killed by OOM killerdemo2: malloc memory and use it right away: Allocated 7.8GB, killed by OOM killer (process killed by OOM killer and not a case of malloc fail).
FL4SOF  2010-02-17 04:44:47
demo1 - allocates memory and dont use _this allocated memory_ - so overcommit will work, pages will not really allocated.demo2 - allocates memory and _`memset` it to 0_ (this will remap this memory from write-protected zeropage filled with 0 to real memory, so it DISABLES overcommiting)It there swap enabled on typical Android box?
osgx  2010-02-17 09:57:46
A: 

It would be advisable to check for NULL religiously across all functions calls that may return NULL, regardless of whether the kernel has over-committable memory or not.

This following code segment below shows how to check if the call to malloc worked or not...

void *ptr = malloc(10);
if (ptr != NULL){
   /* Do something here with ptr */
}else{
   /* Do something here if it fails */
}

File operations, memory operations to name but a few will return a NULL upon failure.

Hope this helps, Best regards, Tom.

tommieb75  2010-02-16 20:34:36
'code segment is a dangerous assumption' can you explain?'Android middle ware' sorry for being so generic, 'some of the frame work source(C/C++) code in android' i should say. I will edit my question.
FL4SOF  2010-02-17 04:25:04
@FL4SOF: Please see the edited answer...
tommieb75  2010-02-17 11:38:25
+4  A: 

Yes, you should still check for failures returned by malloc. In an environment that overcommits memory you will not be able to detect and recover from failures due to the environment running out of physical storage required when you write to parts of the address space that have been allocated to your program by a previous call to malloc.

However, this is not the only problem that would cause a malloc to fail in a traditional environment. A request for a particularly large block of memory when the address space of your program has become fragmented may fail even if there is potentially enough total physical memory to satisfy the request. Because there is no contiguous range of free address space malloc must fail. This type of failure must be signaled by malloc returning NULL, whether or not the environment is overcommitting memory.

Charles Bailey  2010-02-17 11:56:53
+1 for pointing out 'fragmentation'.
FL4SOF  2010-02-17 16:47:20

related questions

CLR Profiler - Attaching to existing process
What's the maximum amount of RAM I can use in a Windows box?
.Net 2.0 - How efficient are Generic Lists?
Process Memory Size - Different Counters
C++ Memory management
Using MySQLi - which is better for closing queries
How Does A Stack Overflow Occur and How Do You Prevent It?
C Memory Management
How does .net managed memory handle value types inside objects?
FLVPlayback component memory issues
memset() causing data abort
Is Visual C++ memory managed by the Dot Net framework
Preventing Memory Leaks with Attached Behaviours
How to dispose a class in .net?
best way to persist data in .NET Web Service
Reading Other Process' Memory in Mac OS / BSD
Replicating load related crashes in non-production environments
Secure Memory Allocator in C++
Best way to wrap rsync progress in a gui?
Some kind of task manager for JavaScript in Firefox 3?
Of Memory Management, Heap Corruption, and C++
Understanding reference counting with Cocoa / Objective C
Setting Objects to Null/Nothing after use in .NET
Heap corruption under Win32; how to locate?
Anatomy of a "Memory Leak"