I am implementing the insert function of a binary search tree in C and I am encountering a problem with malloc.
First of all, I have a Tree and Node struct
typedef struct Node {
double value;
struct Node *parent;
struct Node *right_child;
struct Node *left_child;
} Node;
typedef struct Tree {
struct Node *root;
} Tree;
And here is my insert function to insert a value into the tree.
void insert(Tree *t, double v) {
Node *n = malloc(sizeof(Node));
n->left_child = malloc(sizeof(Node));
n->right_child = malloc(sizeof(Node));
n->parent = malloc(sizeof(Node));
n->value=v;
Node *x = t->root, *y = NULL;
//follow tree down until we reach a leaf of the tree
while (x) {
//save last non-NULL value. We will insert node n as a child to this leaf.
y = x;
if (n->value < x->value) {
x = x->left_child;
} else {
x = x->right_child;
}
}
//The parent of the node to insert is the leaf we reached
n->parent = y;
//If n is greater than y then it is its right child and vice-versa.
if (n->value > y->value) {
y->right_child = n;
} else {
y->left_child = n;
}
}
And my main method
int main(void) {
Node n1;
n1.value = 4;
n1.parent = NULL;
n1.left_child = NULL;
n1.right_child = NULL;
Tree t;
t.root = &n1;
insert(&t,2.0);
printf("In order traversal\n");
inOrderTraversalNode(t.root);
return EXIT_SUCCESS;
}
When I print the in-order traveral code I get undefined behavior (eg: 26815615859885194199148049996411692254958731641184786755447122887443528060147093953603748596333806855380063716372972101707507765623893139892867298012168192.000000) instead of the correct traversal.
I am pretty sure the problem is the Node creation in the insert method. I assume the problem is that the new node exists on the stack which is then being destroyed when the insert function exits - which is what is causing the undefined behaviour during the traversal. However, I thought that malloc stores the variable on the heap and makes it available globally. Or perhaps the node is on the heap but the pointer is on the stack? Could someone show me where I am going wrong here?
The initial contents in the memory allocated via malloc is undefined.
Firstly, remove n->parent = malloc(sizeof(Node));, which causes memory leak.
Secondly, change
n->left_child = malloc(sizeof(Node));
n->right_child = malloc(sizeof(Node));
to
n->left_child = NULL;
n->right_child = NULL;
so that the program can correctly recognize the leaf.
Try using calloc instead of malloc. The problem is that malloc doesn't initialize values to zero, it only allocates the space. calloc zeros out the space you're requesting. So, you're getting jumped to a random part of memory occasionally when you get to a pointer that isn't valid, but isn't NULL either.
malloc and friends definitely allocate on the heap, you've got that thinking right; what they return is a pointer to a space in memory of at least the size you requested that is definitely safe to read from and write to. However, since the value isn't zeroed out to begin with when you use malloc, you aren't able to guarantee that the pointer stored in your struct is actually to a valid location.
EDIT: also, other poster is right: there is definitely a memory leak with what you're doing. Didn't catch that.
Related
I am trying to create a function which returns the mirrored copy of a binary tree.
By "mirrored" I mean a tree with each left node as its right node and vice versa.
The one on the left gets copied to resemble the one on the right. This is the code of the function, with the definition of the binary nodes and "insert node" function that I use:
typedef struct bNode {
int data;
struct bNode *left;
struct bNode *right;
} bNode;
// =============================================================
bNode* reverse_tree (bNode **tree) {
bNode *copy = malloc(sizeof(bNode));
copy->data = (*tree)->data;
if (!((*tree)->right) && !((*tree)->left)){
return copy;
}
copy->left = reverse_tree(&(*tree)->right);
copy->right = reverse_tree(&(*tree)->left);
return copy;
}
// =============================================================
void insert(bNode **tree, int data) {
bNode *temp, *previous, *current;
if (*tree == NULL) {
temp = (bNode *) malloc(sizeof (bNode));
temp->data = data;
temp->left = NULL;
temp->right = NULL;
*tree = temp;
return;
}
if (data < (*tree)->data) {
insert(&(*tree)->left, data);
} else if (data > (*tree)->data) {
insert(&(*tree)->right, data);
}
}
After some troubleshooting, one single layer of recursion works fine, but after that, the pointers break (that is, they point to an inaccessible part of memory), and the program receives a SIGSEGV Segmentation fault.
Why do I receive this SIGSEGV and how do I avoid it?
P.S I am quite inexperienced with pointers; I hope it's not too bad.
(The one on the left gets copied to resemble the one on the right)
At least the function reverse_tree has a bug.
The sub-statement of this if statement:
if (!((*tree)->right) && !((*tree)->left)){
return copy;
}
gets the control when the both pointers, right and left, are null pointers.
So this code snippet:
copy->left = reverse_tree(&(*tree)->right);
copy->right = reverse_tree(&(*tree)->left);
can get the control when only one of the pointers is a null pointer.
In this case in the next recursive call of the function this statement:
copy->data = (*tree)->data;
invokes undefined behavior for the passed null pointer.
I have written a piece of code that takes several integers (as many as 100 000 int) as input from a file and stores them in a "recursive" struct.
As long as I run this code on my PC everything is fine.
Here is the code:
typedef struct node{
int data;
struct node* next;
} node;
...
node* create(void){
node* list = (node*)malloc(sizeof(node));
return list;
}
node* insert(node* list, int temp){
if(list == NULL){
list = create();
list->data = temp;
list->next = NULL;
return list;
}
list->next = insert(list->next, temp);
return list;
}
int main(void){
...
node* list = NULL;
while(there is still data to input){
list = insert(list, data);
}
}
However, when I try to run this code on my Android phone, I get a
malloc stack overflow error
(I know that the stack space reserved on a phone is less then the one on a PC).
The problem is that, to my knowledge, this program should use a lot of stack memory.
This is what I think is happening inside my program (please correct me if I am wrong):
1). node* list = NULL ==> Space for a pointer (8 byte) is allocated on the stack;
2). list = insert(list, temp) ==> Goes to the end of data stream.
3). list = create() ==> The create() function is called;
4). node* list = (node*)malloc(sizeof(node)) ==> Space for a pointer is allocated on the stack (8 byte) and space for the struct is allocated on the heap (16 byte);
5). return list ==> create() function is closed, therefore the variable node* list on the stack is "freed" while the space allocated on the heap remains.
So my program should be using a lot of heap memory, but just 8 byte of stack memory (the ones needed for the first pointer in main ==> node* list = NULL), how is it possible that I get error:
malloc stack overflow
?
Thank you
Lorenzo
P.s. Sorry guys but I was trying to make my code shorter, but what I had written was no sense. I fixed it now (or I hope so).
You are overusing the variable list.
You need to retain a pointer your current node instead of overwriting it with the line:
list = create();
consider the following or similar:
int main(void){
...
node* list = NULL;
node* current = NULL;
node* next = NULL;
while(...){
...
next = create();
if(list == NULL) //list empty case
{
list = next;
current = next;
}
current->next = next;
next->next = NULL;
current = next;
}
}
I encourage you to wrap some of this logic in a function separate from main().
The actual cause of the segmentation fault is not in the code you showed, but in your current code when every you try to use list it is NULL, which is probably your undefined behavior.
I'm trying to build a max heap in VC++ using Visual Studio 2008 v9.0.30729.1 SP.
In the tree, each node looks like:
typedef struct node{
struct data_t *data;
struct node_t *left;
struct node_t *right;
}node_t;
A single node creation logic goes like this:
node_t* createNode(int id, int pID, float probability)
{
node_t *temp = (node_t *)malloc(sizeof(node_t));
data_t *data = (data_t *)malloc(sizeof(data_t));
data->id = id;
data->pID = pID;
data->probability = probability;
temp->data = data;
temp->left = 0;
temp->right = 0;
return temp;
}
I have managed to create and insert elements in the tree (insertion logic working fine). I'm stuck with the logic of removing a node (a leaf, to be precise) from this tree.
I've tried four different approaches for the same:
node_t* deleteLeaf(node_t* heap)
{
node_t* leaf;
if((heap->left==0) && (heap->right==0))
{
//heap = 0; //APROACH 1
//heap->data = 0; //APROACH 2
return heap;
}
else if((heap->left!=0) && (heap->right==0))
{
leaf = deleteLeaf(heap->left);
}
else
{
leaf = deleteLeaf(heap->right);
}
//leaf = 0; //APROACH 3
//free(leaf); //APROACH 4
return leaf;
}
(Uncomment APPROACH 1/2/3/4 for the desired effect).
None of this seems to work. I need to assign a zero/null value to the left/right pointer of the previous node.
How to make this work? Please help.
To delete a node in a tree you need to
free the memory and do the cleanup for the node
fix the pointer you used to reach the node, making it NULL
the part 2 can be solved in two ways:
A) the parent does the fixing
B) the deletion routine receives the address of the address of the node (extra level of indirection).
For solution A the code is simply
void deleteNodeA(Node *p) {
if (p) {
// Here we don't really need part 2 because
// we're going to destroy the whole node containing
// the pointers anyway.
deleteNodeA(p->left); // add p->left = NULL if you like
deleteNodeA(p->right); // add p->right = NULL if you like
free(p->data);
free(p);
}
}
but the caller needs to fix the pointer used to reach the node. For example like
Node *p = root, *parent = NULL;
while (p && (p->left || p->right)) {
// Not a leaf... go left if possible o right otherwise
parent = p;
p = p->left ? p->left : p->right;
}
// 2: Fix the pointer in parent
if (parent) {
if (p == parent->left) {
parent->left = NULL;
} else {
parent->right = NULL;
}
} else {
// No parent... this was the root of the tree
root = NULL;
}
deleteNodeA(p);
The solution B looks like:
void deleteNodeB(Node **p) { // Note the double pointer
if (*p) {
deleteNode(&((*p)->left)); // Note the &
deleteNode(&((*p)->right)); // Note the &
free((*p)->data);
free(*p);
*p = NULL; // (2): fixing the pointer
}
}
and for example code deleting a leaf of the tree is
Node **p = &root;
while ((*p) && ((*p)->left || (*p)->right)) {
// Not a leaf... go left if possible o right otherwise
p = ((*p)->left) ? &((*p)->left) : &((*p)->right));
}
deleteNodeB(p);
Instead of writing 4 random lines of code and calling them "approaches", try actually specifying a function that does something meaningful. A function that takes a heap as an argument should be called DeleteHeap, not DeleteLeaf. Since it deletes a heap, there's nothing for it to return. So, how do you delete a heap? Well, if the heap is a leaf (it has no left or right subtree), delete that, else delete the subtrees by calling DeleteHeap recursively. Code that and you're done.
Edit:
You left a comment:
deleteLeaf is supposed to delete the last element of the tree at the
last level. The value returned should be the data contained in the
deleted leaf.
Well, that's news. We aren't mind-readers. Your question didn't say this, and the function name and signature are wrong for this, too.
Let's start with the name -- DeleteRightmostLeaf. And the return type ... data_t*. Even the argument type is wrong ... it should be heap_t**, because we have to store a NULL into the pointer.
So, DeleteRightmostLeaf takes a pointer to a pointer to a heap. If that heap is a leaf node, store NULL in the pointer to it, extract its data pointer, free the node (in that order ... otherwise you're accessing deleted memory, which isn't allowed), and return the data pointer.
If the heap isn't a leaf node, then call DeleteRightmostLeaf recursively on the pointer to its rightmost subtree -- the right subtree if that's not NULL, else the left subtree. Voila, you're done.
Note that, in both cases, it's very easy to come up with the answer if one just thinks clearly about what they need to do.
As a bonus, here's an iterative solution. I haven't tested or even compiled this.
data_t* DeleteRightmostLeaf(node_t** pheap)
{
node_t* pnode = *pheap;
if (!pnode)
return NULL; // empty heap
while (pnode->left || pnode->right)
{
pheap = pnode->right ? &pnode->right : &pnode->left;
pnode = *pheap;
}
*pheap = NULL;
data_t* pdata = pnode->data;
free(pnode);
return pdata;
}
Try this modification of your method:
node_t* deleteLeaf(node_t* heap)
{
if (!heap)
return 0;
if (heap->left!=0)
deleteLeaf(heap->left);
if (heap->right!=0)
deleteLeaf(heap->right);
if (heap->data)
free(heap->data); // free data
free(heap); // free leaf
heap = 0;
return heap;
}
One question: which value should be returned by this function? (now it always returns 0).
It is hard to understand what you are trying to do (we haven't description of the function, examples of expected results and so on). So, I suspect, that code above is not solution. But it might be first step in understanding of the problem.
I'm writing a simple linked list implementation for the sake of learning. My linked list consists of node structures that contain an int value and a pointer to the next node. When I run my code, it loops endlessly even though it should terminate when it reaches a NULL pointer. What am I doing wrong?
#include <stdio.h>
struct node {
int value;
struct node *next_node;
};
struct node * add_node(struct node *parent, int value)
{
struct node child;
child.value = value;
child.next_node = NULL;
parent->next_node = &child;
return parent->next_node;
}
void print_all(struct node *root)
{
struct node *current = root;
while (current != NULL) {
printf("%d\n", current->value);
sleep(1);
current = current->next_node;
}
}
int main()
{
struct node root;
root.value = 3;
struct node *one;
one = add_node(&root, 5);
print_all(&root);
}
Your program exhibits undefined behavior: you are setting a pointer to a locally allocated struct here:
struct node child;
child.value = value;
child.next_node = NULL;
parent->next_node = &child;
return parent->next_node;
Since child is on the stack, returning a parent pointing to it leads to undefined behavior.
You need to allocate child dynamically to make it work:
struct node *pchild = malloc(sizeof(struct node));
// In production code you check malloc result here...
pchild->value = value;
pchild->next_node = NULL;
parent->next_node = pchild;
return parent->next_node;
Now that you have dynamically allocated memory, do not forget to call free on each of the dynamically allocated nodes of your linked list to prevent memory leaks.
add_node returns a pointer to a local variable which immediately goes out of scope and may be reused by other functions. Attempting to access this in print_all results in undefined behaviour. In your case, it appears the address is reused by the current pointer, leaving root->next_node pointing to root.
To fix this, you should allocate memory for the new node in add_node
struct node * add_node(struct node *parent, int value)
{
struct node* child = malloc(sizeof(*child));
if (child == NULL) {
return NULL;
}
child->value = value;
child->next_node = NULL;
parent->next_node = child;
return child;
}
Since this allocates memory dynamically, you'll need to call free later. Remember not to try to free root unless you change it to be allocated using malloc too.
Here is the code for freeing the whole linked list
void free_list(RecordType *list)
{
RecordType *tempNode; /* temporary Node to hold on the value of previous node */
while(list != NULL) /* as long as the listnode doesn't point to null */
{
tempNode = list; /* let tempNode be listNode in order to free the node */
list = list->next; /* let list be the next list (iteration) */
free(tempNode); /* free the node! */
}
}
I think this code itself is working ok (?), but I have no idea how to check.
I only applied the theory (e.g. # of frees must = to the # of mallocs)
So here are some questions that I'm wondering...
Does this method work?
Do I need to malloc tempNode?
I initialized tempNode before while loop... but after I free, tempNode still works... I don't really get that part
The theory that I used:
# of free() == # of malloc()
You need a temporary node to hold the current node
Let the current node equal to the next node
Free the current node by using the temporary node
If any of my theory sounds wrong, please explain!
Thanks!
Does this method work?
Yes, assuming the list nodes were all dynamically allocated and haven't been previously freed
Do I need to malloc tempNode?
You don't need to allocate any memory inside free_list but all list elements must have been dynamically allocated previously. You can only call free on memory that was allocated using malloc (or calloc)
I initialized tempNode before while loop... but after I free, tempNode
still works... I don't really get that part
Calling free returns ownership of memory to the system. It may choose to reuse this memory immediately or may leave it untouched for some time. There's nothing to stop you accessing the memory again but the results of reading or writing it are undefined.
If you want to make it harder for client code to accidentally access freed memory, you could change free_list to NULL their pointer
void free_list(RecordType **list)
{
RecordType *tempNode;
while(*list != NULL) {
tempNode = *list;
list = tempNode->next;
free(tempNode);
}
*list = NULL;
}
If you also want to check that you really have freed all memory, look into using valgrind. This will report any memory leaks and also flags some types of invalid memory access.
The method certainly works - but it should be mallocd first before freeing. Otherwise it is undefined behavior.
You don't need to malloc() tempNode only if list has been previously malloc()d.
The third part is undefined behavior. After free() the data may still exist, but is flagged for being overwritten. You cannot rely on the node once it is free()d
The best way to check your code is interactive tracing by means of Debugger. Gdb in KDevelop on Linux or MS Visual Studio's debugger on MS Windows are perfect. I'll use the later for this demonstration.
This code defines a uni-directed list of integers with three functions: ListPush() adds an integer to the list, ListPrint() displays the list contents and ListDestroy() destroys the list. In main() I insert 3 integers into the list, print them and destroy the list.
#include <malloc.h>
#include <stdlib.h>
#include <stdio.h>
typedef struct Node NODE, *PNODE;
typedef struct Node {
int item;
PNODE next;
};
PNODE ListPush(PNODE head, int item) {
PNODE p;
PNODE n = (PNODE) malloc(sizeof(NODE));
if ( !n ) exit(1);
n->next = 0;
n->item = item;
if (!head) {
head = n;
}
else {
for ( p=head; p->next != 0; p=p->next );
p->next = n;
}
return head;
}
void ListPrint(PNODE head) {
PNODE p;
printf("List contents:\n\n");
for (p=head; p!=0; p=p->next) {
printf("%d ", p->item );
}
}
void ListDestroy( PNODE head ) {
PNODE n, c = head;
if ( !head ) return;
do {
n = c->next;
free(c);
c = n;
} while (c );
}
int main() {
int i;
int a[3] = {1,2,3};
PNODE head = 0;
for ( i = 0; i<3; ++i ) {
head = ListPush(head, a[i]);
}
ListPrint(head);
ListDestroy(head);
return 0;
}
Three attached images illustrate 2 stages of the program (MSVS2012 Debugger).
The first shows state of relevant local vars after for() cycle finishes. Look at head variable and proceed on the tree. You can see three nodes with their contents: integers 1,2 and 3 respectively.
The second image shows the variables inside ListDestroy() after first call to free(). You can see that head points to freed memory (red circles) and pointer in variable c points to the next node being destroyed on the next loop.