4

I would like to write a program that could parse the output of /proc/<pid>/maps in order to classify them into different categories:

  • Image : the page is either a mapping of the binary or one of it's required libraries
  • Mapped file : the page maps a specific file like a font for example
  • Stack
  • Heap
  • Private data
  • Shareable

As you might have guessed, the main idea is to develop an equivalent of sysinternals's vmmap tool for Linux.

I'm using the pathname field to determine in which category a page could be associated with.

If pathname is the same path as /proc/<pid>/exe symlink, or if it is a dependency, therefore it goes to Image.

If pathname is a file and isn't part of the Image, then it is a Mapped File.

If pathname is matching a pattern like [stack:<tid>] or [heap], then the page is respectively a Stack or a Heap.

While I was looking for some information about /proc/<pid>/maps, I came accross this stackoverflow post missing-heap-section-in-proc-pid-maps , where I discovered that if you were calling malloc with the size parameter above a certain threshold, a private anonymous mapping was created instead of increasing the size of the Heap.

  1. How can I know if an anonymous mapping is an independant heap, or something else ?
  2. Should I treat all anonymous mapping as [heap] ? If not, how to classify them ?
  3. What page could fit into the Private Data, and Shareable categories ?

Thanks !

Community
  • 1
  • 1
Wenzel
  • 147
  • 1
  • 14
  • `anonymous mapping` could be done by `mmap` with `MAP_ANONYMOUS` flag, and it's not `[heap]`. – Chris Tsui Feb 22 '16 at 14:56
  • 2
    The thing is that heap is anonymous mapping too. There are file-backed mappings and anonymous mappings, that is all. Stack, heap - they are anonymous memory, they have separate names because of their special role or special API for handling them (sbrk) – Alex Hoppus Feb 23 '16 at 07:32
  • @ChrisTsui thanks ! I learned from [http://stackoverflow.com/questions/21816232/output-of-linux-proc-pid-maps-in-detail] that an anonymous mapping may represent a `BSS` segment for example and therefore not a `Heap`. @AlexHoppus Do you have any idea how I could achieve the same work as `vmmap` is doing on Windows ? Is seems that I can't rely on `/proc//maps`. – Wenzel Feb 23 '16 at 12:54

0 Answers0