Application and release of heap memory in Windows

Copyright. For more information, see the source. Thank you!
Http://blog.csdn.net/walkinginthewind/article/details/7069176

We all know that in C language, to dynamically apply for memory, we need to call the malloc function. To release dynamic memory, we need to call the free function. The application and release of memory are performed on heap. Of course, the so-called memory is virtual memory.

In C language, malloc and free are mainly implemented through heapalloc and heapfree in windows.
During initialization, each process calls the rtlprocessheap () function to construct the heap object of the process. This object is used to manage the heap memory of the process.
When we use malloc to apply for a piece of memory, we need to specify the size, but when we use free release, we only need to specify the starting address of the memory to be released.
For example:
Int * P = (int *) malloc (100 * sizeof (INT); // apply for a memory segment of 100 int sizes
... // Other operations
Free (p); // release the memory pointed to by P
Then we will surely have questions: How does the system know or record the dynamic memory size pointed to by a given pointer?
The implementation scheme of Windows is very simple, that is, to save the memory size and other related information in the upper part of each dynamic memory. This shows that when we use the heap memory, there will be additional system overhead, in Windows, the following struct is used to save relevant information:
(The wrk definition is tested in XP and win7. The definition in Win2000 source code is different)

Typedef struct _ rtl_heap_entry {size_t size; // indicates the memory size of the segment ushort flags; ushort allocatorbacktraceindex; Union {struct {size_t settable; ulong tag;} S1; // all other heap entries struct {size_t committedsize; pvoid firstblock;} S2; // rtl_segment} U;} rtl_heap_entry, * prtl_heap_entry;

Because free releases memory depends on the information in this struct, the content of this struct is generally incorrect for addresses that are not returned by malloc or addresses that have been released, this is the cause of free errors.
For example:
Int * P = (int *) malloc (100 * sizeof (INT); // apply for a memory segment of 100 int sizes
... // Other operations
Free (p); // release the memory pointed to by P
Free (p); // an error occurs when the released memory is released again because the rtl_heap_entry is no longer valid.
So when we release the dynamic memory referred to by the pointer, we 'd better assign the pointer to null, because free is a null address and there will be no errors.
Another example is:
Int * P = (int *) malloc (100 * sizeof (INT); // apply for a memory segment of 100 int sizes
... // Other operations
// For example, we want to release some memory
Int * q = P + 20;
Free (Q); // release the memory pointed to by Q. An error occurs because the rtl_heap_entry struct information corresponding to address Q is invalid.
Therefore, free can only release valid addresses returned by malloc.
The following is a program verification:

#include<stdio.h>#include<windows.h>typedef struct _RTL_HEAP_ENTRY {    SIZE_T Size;    USHORT Flags;    USHORT AllocatorBackTraceIndex;    union {        struct {            SIZE_T Settable;            ULONG Tag;        } s1;        struct {            SIZE_T CommittedSize;            PVOID FirstBlock;        } s2;    } u;} RTL_HEAP_ENTRY, *PRTL_HEAP_ENTRY;int main(){PRTL_HEAP_ENTRY pHeapEntry;int *p;for(int i = 0; i < 1000; i++){p=(int*)malloc(i);pHeapEntry=(PRTL_HEAP_ENTRY(p)-1);printf("i: %d, size: %d\n", i, pHeapEntry->Size);free(p);}return 0;}

The output result is:
I: 0, size: 0
I: 1, size: 1
I: 2, size: 2
...
I: 999, size: 999

Summary: Based on the Windows source code, this article briefly analyzes how Windows records the memory size information in the implementation of C-library function free.