malloc(0)時程序會返回什么？

時間：2021-12-13 13:50:43

關(guān)鍵字： POINTER RETURN SPACE SYSTEMS

手機(jī)看文章

掃描二維碼
隨時隨地手機(jī)看文章

[導(dǎo)讀]來自：知乎，作者：Name1e5s鏈接：https://zhuanlan.zhihu.com/p/40490357故事要從前兩天交流群中一位同學(xué)提到的這個問題開始這個問題看起來十分刁鉆，不過稍有常識的人都知道，制定C標(biāo)準(zhǔn)的那幫語言律師也不是吃白飯的，對這種奇奇怪怪的問題一定會有定...

來自：知乎，作者：Name1e5s

鏈接：https://zhuanlan.zhihu.com/p/40490357

故事要從前兩天交流群中一位同學(xué)提到的這個問題開始這個問題看起來十分刁鉆，不過稍有常識的人都知道，制定 C 標(biāo)準(zhǔn)的那幫語言律師也不是吃白飯的，對這種奇奇怪怪的問題一定會有定義。翻閱C17 標(biāo)準(zhǔn) 草案 N2176，在?

7.22.3?節(jié)里，有如下說法：The order and contiguity of storage allocated by successive calls to the aligned_alloc, calloc, malloc, and realloc functions is unspecified. The pointer returned if the allocation succeeds is suitably aligned so that it may be assigned to a pointer to any type of object with a fundamental alignment requirement and then used to access such an object or an array of such objects in the space allocated (until the space is explicitly deallocated). The lifetime of an allocated object extends from the allocation until the deallocation. Each such allocation shall yield a pointer to an object disjoint from any other object. The pointer returned points to the start (lowest byte address) of the allocated space. If the space cannot be allocated, a null pointer is returned. If the size of the space requested is zero, the behavior is implementation-defined: either a null pointer is returned to indicate an error, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object.在這里，標(biāo)準(zhǔn)委員會明確規(guī)定了：當(dāng)?

malloc?接到的參數(shù)為 0 時，其行為是由實現(xiàn)定義的（implementation-defined）。由實現(xiàn)定義的行為這個詞就提醒我們，在實際編程時如果要考慮到程序在多個運行環(huán)境下進(jìn)行運行時，不能對?

malloc?返回的數(shù)值進(jìn)行任何假設(shè)。換言之，沒事兒不要吃飽了撐的在實際編程中寫下?

malloc(0)?這種天怒人怨的代碼。但是，這個無意義的問題吸引了我的興趣。因此我開始查閱?

glibc?的源代碼，依此了解在?

glibc?下，

mallloc(0)?的行為。在?

glibc2.27/malloc/malloc.c?中，有如下注釋：/*
??malloc(size_t?n)
??Returns?a?pointer?to?a?newly?allocated?chunk?of?at?least?n?bytes,?or?null
??if?no?space?is?available.?Additionally,?on?failure,?errno?is
??set?to?ENOMEM?on?ANSI?C?systems.

??If?n?is?zero,?malloc?returns?a?minumum-sized?chunk.?(The?minimum
??size?is?16?bytes?on?most?32bit?systems,?and?24?or?32?bytes?on?64bit
??systems.)??On?most?systems,?size_t?is?an?unsigned?type,?so?calls
??with?negative?arguments?are?interpreted?as?requests?for?huge?amounts
??of?space,?which?will?often?fail.?The?maximum?supported?value?of?n
??differs?across?systems,?but?is?in?all?cases?less?than?the?maximum
??representable?value?of?a?size_t.
*/
注釋已經(jīng)說的很清楚了，當(dāng)我們執(zhí)行?

malloc(0)?時，我們實際會拿到一個指向一小塊內(nèi)存的指針，這個指針指向的（分配給我們的）內(nèi)存的大小是由機(jī)器決定的。細(xì)讀代碼，可以發(fā)現(xiàn)，將讀入的內(nèi)存大小進(jìn)行轉(zhuǎn)換是由宏?

checked_request2size?實現(xiàn)的。相關(guān)的宏定義如下：/*?pad?request?bytes?into?a?usable?size?--?internal?version?*/
#define?request2size(req)?????????????????????????????????????????\
??(((req)? ?SIZE_SZ? ?MALLOC_ALIGN_MASK?