Malloc behaviour explanation

Question

I'm testing malloc to understand it behavior, and I have found something strange after some manipulation.

I have made 3 different tests with the same var.

First, I have alloc and free my 3 var one by one :

char  * a = malloc(10 * sizeof(char));
printf("\na = %p\n", a);
free(a);
char  * b = malloc(10 * sizeof(char));
printf("b = %p\n", b);
free(b);
char  * c = malloc(10 * sizeof(char));
printf("c = %p\n\n", c);
free(c);

this display :

a = 0xd34010
b = 0xd34010
c = 0xd34010

Logical, it display the same address, memory space is recycled.

Then, I have malloc my 3 var, and then free :

printf("Alloc 3 times and then free :\n");
a = malloc(10 * sizeof(char));
printf("\na = %p\n", a);
b = malloc(10 * sizeof(char));
printf("b = %p\n", b);
c = malloc(10 * sizeof(char));
printf("c = %p\n\n", c);
free(a); free(b); free(c);

It display me :

a = 0xd34010
b = 0xd34030
c = 0xd34050

a is logical because the last c variable had been free'ed, so the memory space is re-used. Addresses of b and c are logical too because a and b are not free'ed so addresses increase.

And now, It become really strange. I malloc a, then b, free a, malloc c and free b and c :

printf("Alloc, free, alloc :\n\n");
a = malloc(10 * sizeof(char));
printf("a = %p\n", a);
b = malloc(10 * sizeof(char));
printf("b = %p\n", b);
free(a);
c = malloc(10 * sizeof(char));
printf("c = %p\n", c);
free(b); free(c);

the result is :

a = 0xd34050
b = 0xd34030
c = 0xd34050

My questions are : Why is a equal to 0xd34050 and not to 0xd34010 ? And why is the address of b lower than the address of a ?

Answer 1

I suspect you are performing these tests in one program and the malloc implementation you are using maintains a stack of some recently-freed blocks.

Thus, in the first test:

• The first malloc, needs new space, so 0xd34010 is given.
• 0xd34010 is freed.
• The second malloc is satisfied by providing the most recently freed block, 0xd34010.
• 0xd34010 is freed.
• The third malloc is satisfied by providing the most recently freed block, 0xd34010.
• 0xd34010 is freed.

Then, in the second test:

• The first malloc is satisfied by providing the most recently freed block, 0xd34010.
• The second malloc needs new space, so 0xd34030 is given.
• The third malloc needs new space, so 0xd34050 is given.
• 0xd34010 is freed.
• 0xd34030 is freed.
• 0xd34050 is freed.

Then, in the third test:

• The first malloc is satisfied by providing the most recently freed block, 0xd34050.
• The second malloc is satisfied by providing the most recently freed (and still free) block, 0xd34030.
• 0xd34050 is freed.
• The third malloc is satisfied by providing the most recently freed block, 0xd34050.
• 0xd34030 is freed.
• 0xd34050 is freed.

Of course, such behavior is not guaranteed by the C standard. This is merely a potential explanation of what you happen to observe in this particular instance.

Answer 2

1. It is machine dependent. Your Compiler's book keeping routine does it that way. It may be due to memory constraints given to it.

2. Since you used malloc, it uses Heap memory

Answer 3

The reason might be

Why is a equal to 0xd34050 and not to 0xd34010 ?

Some other process in your machine already occupied the address 0xd34010, so your compiler gives you the next free memory.

And so far I know, depends on the compiler the memory may allocated in the ascending order or descending order. it is not necessarily to be in the ascending order.

Answer 4

You do know that printf also calls malloc to allocate stream buffers? And those buffers are not necessarily cleared until you close stdout.

Try saving all your pointers separately before printing them.

Answer 5

Because that's how memory allocation is implemented in the particular environment you are using. That may sound flip, but the whole point of having such routines is so that they can take care of the bookkeeping for you; you've got more important things to do!