disable the randomness in malloc

Question

I'm running this following simple C program:

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char** argv){
  void *p = malloc(4);
  fprintf (stderr, "p==%p\n", p);
  return 0;
}

Different runs give different results:

p==0x101c010

then: p==0x1ad9010

then: p==0xe77010

and so.

As I remember, in the past malloc was fully deterministic. So probably from some version, some randomness was added to malloc. I am using now gcc-4.6.3 on Ubuntu.

Is there a way to eliminite that randomness ?

Answer 1

If the variation is caused by address space layout randomization, then, according to this page, you can disable it with:

echo 0 | sudo tee /proc/sys/kernel/randomize_va_space

This should be done only temporarily for debugging purposes.

This is a good paper on interposing functions: Intercepting Arbitrary Functions on Windows, UNIX, and Macintosh OS X Platforms by Daniel S. Myers and Adam L. Bazinet. This would allow you to replace the malloc behavior with a completely controlled implementation.

Answer 2

Given precisely the same conditions, the result of malloc() will always be the same. (Like anything in computing, there's no such thing as true randomness.) However, the determining conditions extend beyond your program's state or control.

It should never matter though. Unless you're attempting some very weird form of memory mapping, there's really no reason to care where an allocation takes place.

Answer 3

It's perfectly possible for a given malloc implementation to be deterministic in response (generally when talking about whether an implementation of malloc is or isn't "deterministic" it's in terms of time taken that people care, as in whether it could be used in RT programming). It would depend on the virtual memory system in use, the code itself, and how deterministic the question of calls to it or an underlying memory manager by other code in the same process space was, but given the right conditions for all of those, you can have a deterministic malloc.

All that said though, there's no reason why it should be. After all, any code that was depending on particular addresses being used could just ignore malloc and write the the memory directly - it knows it's free to use, after all!

As such, since there's zero value in maintaining such deterministic behaviour, if it does happen it's purely an accident of several different implementation choices, and while they would be a bit interesting (it would be interesting to know just how such an implementation ended up being deterministic) they certainly aren't what one would expect.

Answer 4

A direct answer to your question: no. The C standard for malloc says nothing about it being deterministic, so the implentors are free to write it any way they think will make it most efficient.

Answer 5

Malloc obtains memory from the operating system, which assigns memory that is not in use.

Which addresses that will be returned will depend heavily on the prior use of the computer.

Answer 6

First of all, there is absolutely no guarantee of memory manager determinism in C. You cannot rely on it even if you see it, period.

Second of all, nowadays a lot of environments employ address layout randomization primarily to ensure that exploits of various buffer overflows cannot rely on a deterministic addresses and thus use them to execute arbitrary code.