Valgrind-memory debugging and code anatomy tools in Linux

Valgrind is a GPL software used for memory debugging and code analysis of Linux (for x86, amd64 and ppc32) programs. You can run your program in its environment to monitor memory usage, such as malloc and free in C or new and delete in C ++. With the valgrind toolkit, You can automatically detect many memory management and thread bugs, avoiding spending too much time searching for bugs, making your program more stable.

Valgrind's main functions

The valgrind toolkit contains multiple tools, such as memcheck, cachegrind, helgrind, callgrind, and massif. The functions of the tools are described as follows:

Memcheck mainly checks the following program errors:

• Use uninitialized memory (use of uninitialised memory)
• Use the released memory (reading/writing memory after it has been free 'd)
• Use the memory space that exceeds the malloc allocation (reading/writing off the end of malloc 'd blocks)
• Unauthorized stack access (reading/writing inappropriate areas on the stack)
• Whether the requested space is released (memory leaks-where pointers to malloc 'd blocks are lost forever)
• Match malloc/free/New/Delete request and released memory (mismatched use of malloc/New/new [] vs free/delete/Delete [])
• Overlapping SRC and DST pointers in memcpy () and related functions)

Callgrind

Callgrind collects some data, function call relationships, and other information during the running of the program. It can also selectively simulate cache. At the end of the operation, it will write the analysis data into a file. Callgrind_annotate can convert the content of this file into a readable form.

Cachegrind

It simulates the level-1 cache I1, D1, and L2 level-2 cache in the CPU, and can accurately point out the cache loss and hit in the program. If needed, it can also provide us with the number of cache loss, memory reference times, and the number of commands generated by each code line, each function, each module, and the entire program. This is of great help to the optimization program.

Helgrind

It is mainly used to check competition problems in multi-threaded programs. Helgrind looks for areas in the memory that are accessed by multiple threads but are not always locked. These areas are often the places where synchronization is lost between threads and lead to undiscovered errors. Helgrind implements the competition detection algorithm named "eraser" and makes further improvements to reduce the number of errors reported.

Massif

Stack analyzer, which can measure the memory used by the program in the stack, tells us the heap block, heap management block and stack size. Massif can help us reduce memory usage. In modern systems with virtual memory, it can also accelerate the running of our programs and reduce the chance that programs stay in the SWAp zone.

Install valgrind

1, to www.valgrind.orgdownload the latest version valgrind-3.2.3.tar.bz2, unzip the installation package: tar-jxvf valgrind-3.2.3.tar.bz23, decompress the generated directory valgrind-3.2.3 4, CD valgrind-3.2.35,./configure6, make; make install

Use valgrind

Usage: valgrind [Options] prog-and-ARGs [Options]: common options for all valgrind tools

1. -Tool = <Name> the most common options. Run the tool named toolname in valgrind. The default value is memcheck.
2. H-Help displays help information.
3. -Version: the version of the valgrind kernel. Each tool has its own version.
4. Q-Quiet runs quietly and only prints error messages.
5. V-verbose provides more detailed information and increases the number of errors.
6. -Trace-Children = No | Yes trace sub-thread? [No]
7. -Track-FDS = No | Yes trace the description of opened files? [No]
8. -Time-stamp = No | Yes, which increases the timestamp to log information? [No]
9. -Log-FD = <number> output log to descriptor file [2 = stderr]
10. -Log-file = <File> writes the output information to the file filename. PID. The PID is the ID of the running program.
11. -Log-file-exactly = <File> output log information to file
12. -Log-file-qualifier = <var> obtains the environmental variable value as the output file name. [None]
13. -Log-socket = ipaddr: Port: Output log to socket, ipaddr: Port

Log information output

1. -Xml = yes: the information is output in XML format, and only memcheck is available.
2. -Num-callers = <number> show <number> callers in stack traces [12]
3. -Error-Limit = No | yes. If there are too many errors, the system stops displaying new errors? [Yes]
4. -Error-exitcode = <number> if an error is found, the error code [0 = Disable] is returned.
5. -Db-Attach = No | yes. When an error occurs, valgrind automatically starts the Debugger GDB. [No]
6. -Db-command = <command> command line option for starting the debugger [GDB-NW % F % P]

Related options for memcheck:

1. -Leak-check = No | summary | what is the leak details required for full? [Summary]
2. -Leak-resolution = low | med | high how much BT merging in leak check [low]
3. -Show-reachable = No | Yes show reachable blocks in leak check? [No]

Example of valgrind

Below is a piece of problematic C program code test. c

# Include <stdlib. h> void F (void) {int * x = malloc (10 * sizeof (INT); X [10] = 0; // Question 1: array subscript out of bounds} // problem 2: the memory is not released

int main(void){   f();   return 0; }

1. Compile the program test. CGCC-wall test. c-g-o Test2. Use the valgrind check program bugvalgrind -- tool = memcheck -- leak-check = full. /test3. debug information = 3908 = memcheck, a memory error detector. = 3908 = copyright (c) 2002-2007, and gnu gpl 'd, by Julian Seward et al. = 3908 = Using libvex rev 1732, a library for Dynamic Binary Translation. = 3908 = copyright (c) 2004-2007, and gnu gpl 'd, by openworks LLP. = 3908 = Using valgrind-3.2.3, a dynamic binary instrumentation framework. = 3908 = copyright (c) 2000-2007, and gnu gpl 'd, by Julian Seward et al. = 3908 = For more details, Rerun with:-V = 3908 = -- 3908 -- dwarf2 CFI reader: unhandled CFI instruction 0: 50 -- 3908 -- dwarf2 CFI reader: unhandled CFI instruction 0: 50/* array out-of-bounds Error */= 3908 = Invalid write of size 4 = 3908 = at 0x8048384: F (test. c: 6) = 3908 = by 0x80483ac: Main (test. c: 11) = 3908 = address 0x400c050 is 0 bytes after a block of size 40 alloc 'd = 3908 = at 0x40046f2: malloc (vg_replace_malloc.c: 149) = 3908 = by 0x8048377: F (test. c: 5) = 3908 = by 0x80483ac: Main (test. c: 11) = 3908 = 3908 = Error Summary: 1 errors from 1 contexts (suppressed: 14 from 1) = 3908 = malloc/free: in use at Exit: 40 bytes in 1 blocks. = 3908 = malloc/free: 1 allocs, 0 frees, 40 bytes allocated. = 3908 = for counts of detected errors, Rerun with:-V == 3908 = searching for pointers to 1 not-freed blocks. = 3908 = checked 59,124 bytes. = 3908 = 3908 =/* memory space not released */= 3908 = 40 bytes in 1 blocks are definitely lost in loss record 1 of 1 = 3908 = at 0x40046f2: malloc (vg_replace_malloc.c: 149) = 3908 = by 0x8048377: F (test. c: 5) = 3908 = by 0x80483ac: Main (test. c: 11) = 3908 = 3908 = leak Summary: = 3908 = definitely lost: 40 bytes in 1 blocks. ==3908 = possibly lost: 0 bytes in 0 blocks. = 3908 = still reachable: 0 bytes in 0 blocks. = 3908 = suppressed: 0 bytes in 0 blocks