首页 技术 正文
技术 2022年11月23日
0 收藏 837 点赞 4,509 浏览 5411 个字

http://www.iar.com/Global/Resources/Developers_Toolbox/Building_and_debugging/Mastering_stack_and_heap_for_system_reliability.pdf

Mastering stack and heap for system reliability

1. Introduction

The stack and the heap are fundamental to an embedded system. Setting up the stack and the heap
properly is essential to system stability and reliability. Incorrectly used, they may cause your system to
wreak havoc in the strangest ways. Stack and heap memory must be allocated statically by the
programmer. Calculating the stack space is notoriously difficult for all but the smallest embedded
systems, and underestimating stack usage can lead to serious runtime errors which can be difficult to
find. On the other hand, overestimating stack usage means a waste of memory resources. Worst case
maximum stack depth is very useful information in most embedded projects, as it greatly simplifies
estimates of how much stack an application will need. Heap memory overflows gracefully but this is of
no real comfort as few embedded applications are able to recover in such extreme out-of-memory
conditions.

2. A short introduction to stack and heap

2.1 Scope

The focus in this article is on reliable stack and heap design, and how to minimize stack and heap in a
safe way.

Desktop systems and embedded systems share some common stack and heap design errors and
considerations, but differ completely in many other aspects. One example of a difference between these
environments is the available memory. Windows and Linux default to 1 and 8 Mbytes of stack space; a
number that can be increased even more. Heap space is only limited by the available physical memory
and/or page file size. Embedded systems, on the other hand, have very limited memory resources
especially when it comes to RAM space. There is clearly a need to minimize stack and heap in this
restricted memory environment. Common to small embedded systems is that there is no virtual memory
mechanism; allocation of stack, heap and global data (i.e. variables, TCP/IP, USB buffers, etc) is static
and performed at the time when the application is built.

We will address the special issues that arise in small embedded systems. We will not cover how to
protect the stack and heap against attacks. This is a hot topic on desktop and mobile devices and is
likely to be a threat to embedded systems as well in the future, if it isn’t already.

2.2 Stretching the limits

Stretching the limits in everyday life can sometimes be rewarding but can also put you in trouble.
Stretching the limits in programming when it comes to allocated data will definitely put you in trouble.
Luckily, the trouble may hit you directly or during system testing, but it might also manifest itself when it
is too late and the product has been delivered to thousands of customers or deployed in a remote
environment.

Overflowing allocated data can occur in all three storage areas; global, stack and heap memory. Writing
to arrays or pointer references can cause accesses outside of the memory allocated to the object.
Some array accesses can be validated by static analysis, for example by the compiler itself or a MISRA
C checker:

int array[];
array[] = 0x1234;

When the array index is a variable expression, static analysis can no longer find all problems. Pointer
references are also hard to trace by static analysis:

int* p = malloc( * sizeof(int));
p += ;
*p = 0x1234;

Runtime methods to catch object overflow errors have been available for desktop systems for a long
time, Purify, Insure++, and Valgrind, to name a few. These tools work by instrumenting the application
code to validate memory references at runtime. This comes at the price of slowing down application
execution speed dramatically and increasing code size, and has thus not become a usable method for
small embedded systems.

2.3 Stack

The stack is the memory area where a program stores, for example:

• local variables
• return addresses
• function arguments
• compiler temporaries
• interrupt contexts
The life span of variables on the stack is limited to the duration of the
function. As soon as the function returns, the used stack memory will be free
for use by subsequent function calls.

Stack memory has to be allocated statically by the programmer. The stack
usually grows downwards in memory and if the memory area allocated for
the stack isn’t large enough, the executing code writes to the area allocated
below the stack and an overflow situation occurs. The area written to is
usually the area where global and static variables are stored. So,
underestimated stack usage can lead to serious runtime errors like
overwritten variables, wild pointers, and corrupted return addresses. All of
these errors can be very difficult to find. On the other hand, overestimating
stack usage means a waste of memory resources.

We will highlight some methods that can be used to reliably calculate the
required stack size and detect stack related problems.

2.4 Heap

The heap is where the dynamic memory of the system is located. Dynamic memory and the heap can in
many cases be considered optional in small embedded systems. Dynamic memory makes memory
sharing possible between different pieces of a program. When one module does not need its allocated
memory anymore, it simply returns it to the memory allocator to be reused by some other module.

Some examples of data that is placed on the heap include:

• Transient data objects
• C++ new/delete
• C++ STL containers
• C++ exceptions
Calculating heap space ranges from difficult to impossible in larger systems, because of the dynamic
behavior of the application. Moreover there is not much tool support in the embedded world for
measuring heap utilization, but we will discuss some methods.

It is important to maintain heap integrity. Allocated data space is typically interspersed with critical
memory allocator housekeeping data. Bad use of allocated data space will not only risk the corruption of
other data space but may also corrupt the entire memory allocator and most likely crash the application.
We will discuss some methods to aid checking for heap integrity.

Another aspect to consider is that the real-time performance of the heap is not deterministic. Memory
allocation time depends on such factors as previous use and the requested data space size. This is
hardly on the wish list for the cycle-driven embedded developer.

Even if the heap is a ccore topic in this article, the general guideline is to minimize heap usage in small embedded systems.

微信扫一扫

支付宝扫一扫

本文网址:https://www.zhankr.net/141594.html

相关推荐
python开发_常用的python模块及安装方法
adodb:我们领导推荐的数据库连接组件bsddb3:BerkeleyDB的连接组件Cheetah-1.0:我比较喜欢这个版本的cheeta…
日期:2022-11-24 点赞:875 阅读:4,994
Educational Codeforces Round 11 C. Hard Process 二分
C. Hard Process题目连接:http://www.codeforces.com/contest/660/problem/CDes…
日期:2022-11-24 点赞:806 阅读:3,472
下载Ubuntn 17.04 内核源代码
zengkefu@server1:/usr/src$ uname -aLinux server1 4.10.0-19-generic #21…
日期:2022-11-24 点赞:565 阅读:4,281
可用Active Desktop Calendar V7.86 注册码序列号
可用Active Desktop Calendar V7.86 注册码序列号Name: www.greendown.cn Code: &nb…
日期:2022-11-24 点赞:730 阅读:4,282
Android调用系统相机、自定义相机、处理大图片
Android调用系统相机和自定义相机实例本博文主要是介绍了android上使用相机进行拍照并显示的两种方式,并且由于涉及到要把拍到的照片显…
日期:2022-11-24 点赞:512 阅读:4,840
Struts的使用
一、Struts2的获取  Struts的官方网站为:http://struts.apache.org/  下载完Struts2的jar包,…
日期:2022-11-24 点赞:671 阅读:3,072
发表评论
暂无评论

还没有评论呢,快来抢沙发~

助力内容变现

将您的收入提升到一个新的水平

点击联系客服

在线时间:8:00-16:00

客服电话

400-888-8888

客服邮箱

ceotheme@ceo.com

扫描二维码

关注微信公众号

扫描二维码

手机访问本站