Overview of using Linux under Valgrind

Valgrind Introduction:

Valgrind is the framework for dynamic analysis tools. There are many Valgrind tools that can automatically detect many memory management and multi-process/thread bugs to dissect your program in detail. You can also use the Valgrind framework to implement your own tools.

Valgrind typically consists of 6 tools: A Memory error detection tool, two thread error detection tools, cache and branch predictive analysis tools, and heap analysis tools.

The use of Valgrind is related to both the CPU OS and the compiler and C libraries. The following platforms are currently supported:

-X86/linux

-Amd64/linux

-Ppc32/linux

-Ppc64/linux

-Arm/linux

-X86/macosx

-Amd64/macosx

Valgrind is open source software under GNU v2 and you can download the latest source code from http://valgrind.org.

Installation of Valgrind:

1. Download the latest valgrind-3.7.0.tar.bz2d from http://valgrind.org and unzip the installation package with TAR-XFVALGRIND-3.7.0.TAR.BZ2.

2. Perform the./configure and check the configuration of the installation requirements.

3. Execute make.

4. Execute make install, preferably with root permission.

5. Try Valgrind ls-l to check if it is working properly.

Overview of Valgrind:

A framework for creating dynamic analysis tools when valgrind. It has a series of tools for debugging analysis. Valgrind's architecture is modular, so it's easy to add new tools without affecting the current structure.

The following tools are the standard configuration at the time of installation:

Memcheck: Used to detect memory errors. It helps the C and C + + programs be more correct.

Cachegrind: Used to analyze cache and branch predictions. It helps the program to execute faster.

Callgrind: Parsing for function calls.

Helgrind: Used to analyze multithreading.

DRD: Also used to analyze multithreading. Similar to Helgrind, but with different analytical techniques, different problems can be detected.

Massif: For the analysis heap. It helps the program streamline the use of memory.

Sgcheck: An experimental tool for detecting stacks and global array overflows, which is used in complementary with Memcheck.

Use of Valgrind:

1. Prepare the program:

Compile the program with-G, so that the compiled file contains debugging information, the Memcheck analysis information contains the correct line number. It is best to use-o0 's optimization level, which may be problematic when used with-o2 and above.

2. Run the program under Memcheck:

If your program performs the following:

Myprog arg1 arg2

Then use the following:

Valgrind--leak-check=yes Myprog arg1 arg2

Memcheck is the default tool. --leak-check Open the details of the memory leak detection.

Running the program in the command above makes the program run slowly and consumes a lot of memory. The Memcheck displays memory errors and detected memory leaks.

3. How to view the output of the Memcheck:

Here is an instance of C code (A.C) with a memory error and a memory leak.

#include <stdlib.h>

void f (void)

{

int*x = (int *) malloc (* sizeof (int));

x[10]= 0;

Problem 1:heap Block overrun

}//problem 2:memory Leak--X not freed

int main (void)

{

f ();

Return0;

}

Run as follows:

[Email protected]:~/nfs/valg/test$ valgrind--leak-check=yes/A

==24780== Memcheck, a memory error detector

==24780== Copyright (C) 2002-2011, and GNUGPL ' d, by Julian Seward et al.

==24780== Using Valgrind-3.7.0 and Libvex;rerun with-h for copyright info

==24780== Command:./A

==24780==

==24780== Invalid Write of size 4

==24780== at 0x80484df:f () (A.c:5)

==24780== by 0x80484f1:main (a.c:11)

==24780== Address 0x42d3050 is 0 bytes after a block of size alloc ' d

==24780== at 0x4026444:malloc (vg_replace_malloc.c:263)

==24780== by 0x80484d5:f () (A.c:4)

==24780== by 0x80484f1:main (a.c:11)

==24780==

==24780==

==24780== HEAP SUMMARY:

==24780== in with exit:40 bytes in 1 blocks

==24780== Total heap Usage:1 allocs, 0 frees, Bytes allocated

==24780==

==24780== bytes in 1 blocks aredefinitely lost in loss record 1 of 1

==24780== at 0x4026444:malloc (vg_replace_malloc.c:263)

==24780== by 0x80484d5:f () (A.c:4)

==24780== by 0x80484f1:main (a.c:11)

==24780==

==24780== LEAK SUMMARY:

==24780== definitely lost:40 bytes in 1 blocks

==24780== indirectly lost:0 bytes in 0 blocks

==24780== possibly lost:0 bytes in 0 blocks

==24780== still reachable:0 bytes in 0 blocks

==24780== suppressed:0 bytes in 0 blocks

==24780==

==24780== for counts of detected andsuppressed errors, rerun with:-V

==24780== ERROR summary:2 errors from 2contexts (suppressed:17 from 6)

How to read this output:

==24780== Memcheck, a memory error detector

==24780== Copyright (C) 2002-2011, and GNUGPL ' d, by Julian Seward et al.

==24780== Using Valgrind-3.7.0 and Libvex;rerun with-h for copyright info

==24780== Command:./A

This section shows the tools used and the version information. Where 24780 is the process ID.

==24780== Invalid Write of size 4

==24780== at 0x80484df:f () (A.c:5)

==24780== by 0x80484f1:main (a.c:11)

==24780== Address 0x42d3050 is 0 bytes after a block of size alloc ' d

==24780== at 0x4026444:malloc (vg_replace_malloc.c:263)

==24780== by 0x80484d5:f () (A.c:4)

==24780== by 0x80484f1:main (a.c:11)

This section points out the error: Invalid write. The following lines show the function stack.

==24780== HEAP SUMMARY:

==24780== in with exit:40 bytes in 1 blocks

==24780== Total heap Usage:1 allocs, 0 frees, Bytes allocated

==24780==

==24780== bytes in 1 blocks aredefinitely lost in loss record 1 of 1

==24780== at 0x4026444:malloc (vg_replace_malloc.c:263)

==24780== by 0x80484d5:f () (A.c:4)

==24780== by 0x80484f1:main (a.c:11)

==24780==

==24780== LEAK SUMMARY:

==24780== definitely lost:40 bytes in 1 blocks

==24780== indirectly lost:0 bytes in 0 blocks

==24780== possibly lost:0 bytes in 0 blocks

==24780== still reachable:0 bytes in 0 blocks

==24780== suppressed:0 bytes in 0 blocks

This part is a summary of the heap and the leak, and you can see the error of the memory leak.

==24780== for counts of detected andsuppressed errors, rerun with:-V

==24780== ERROR summary:2 errors from 2contexts (suppressed:17 from 6)

This section is a summary of all errors detected by the heap. Two errors in the code are detected.

Helgrind: Thread Error Detection Tool

If you use this tool, add--tool=helgrind to the Valgrind command.

Helgrind a thread synchronization error for a program that uses posixpthreads under C,c++.

Helgrind can detect the following three types of errors:

Incorrect use of the 1.POSIX pthreads API

2. Potential deadlock caused by lock and unlock sequence

3. Data race--access to memory without a lock or synchronization mechanism

Take the data race as an example to illustrate the use of Helgrind:

Without the use of a suitable lock or other synchronization mechanism to guarantee single-threaded access, two or more threads accessing the same piece of memory can cause data race.

An example of a simple data race:

#include <pthread.h>

int var = 0;

void* child_fn (void* Arg) {

var++;/* unprotected relative to Parent */* This was line 6 */

Returnnull;

}

int main (void) {

Pthread_tchild;

Pthread_create (&child,null, CHILD_FN, NULL);

var++;/* unprotected relative to child */* This was line 13 */

Pthread_join (Child,null);

Return0;

}

Run as follows:

[Email protected]:~/nfs/valg/test$ valgrind--tool=helgrind./b

==25449== Helgrind, a thread error detector

==25449== Copyright (C) 2007-2011, and GNUGPL ' d, by Openworks LLP et al.

==25449== Using Valgrind-3.7.0 and Libvex;rerun with-h for copyright info

==25449== Command:./b

==25449==

==25449==---thread-announcement------------------------------------------

==25449==

==25449== Thread #1 is the program ' s Rootthread

==25449==

==25449==---thread-announcement------------------------------------------

==25449==

==25449== Thread #2 was created

==25449== at 0x4123a38:clone (in/lib/tls/i686/cmov/libc-2.11.1.so)

==25449== by 0x40430ea: [email protected] @GLIBC_2.1 (in/lib/tls/i686/cmov/libpthread-2.11.1.so)

==25449== by 0x402a9ad:pthread_create_wrk (hg_intercepts.c:255)

==25449== by 0x402aa85: [Email protected]* (hg_intercepts.c:286)

==25449== by 0x80484e1:main (b.c:11)

==25449==

==25449==----------------------------------------------------------------

==25449==

==25449== Possible Data Race during read Ofsize 4 at 0x804a020 by thread #1

==25449== Locks Held:none

==25449== at 0x80484e2:main (b.c:12)

==25449==

==25449== This conflicts with a previouswrite of size 4 by thread #2

==25449== Locks Held:none

==25449== at 0X80484A7:CHILD_FN (b.c:6)

==25449== by 0x402ab04:mythread_wrapper (hg_intercepts.c:219)

==25449== by 0x404296d:start_thread (in/lib/tls/i686/cmov/libpthread-2.11.1.so)

==25449== by 0x4123a4d:clone (in/lib/tls/i686/cmov/libc-2.11.1.so)

==25449==

==25449==----------------------------------------------------------------

==25449==

==25449== Possible Data Race during writeof size 4 at 0x804a020 by thread #1

==25449== Locks Held:none

==25449== at 0x80484e2:main (b.c:12)

==25449==

==25449== This conflicts with a previouswrite of size 4 by thread #2

==25449== Locks Held:none

==25449== at 0X80484A7:CHILD_FN (b.c:6)

==25449== by 0x402ab04:mythread_wrapper (hg_intercepts.c:219)

==25449== by 0x404296d:start_thread (in/lib/tls/i686/cmov/libpthread-2.11.1.so)

==25449== by 0x4123a4d:clone (in/lib/tls/i686/cmov/libc-2.11.1.so)

==25449==

==25449==

==25449== for counts of detected andsuppressed errors, rerun with:-V

==25449== use--history-level=approx Or=none-gain increased speed, at

==25449== the cost of reduced accuracy ofconflicting-access information

==25449== ERROR summary:2 errors from 2contexts (suppressed:0 from 0)

Error message from "Possible data race during write of size 4 at 0x804a020 by thread #1

"At the beginning, this message you can see the address and size of the race access, as well as the stack information of the call.

The second call stack is from "This conflicts with a previous write of size 4 by thread #2

"At the beginning, this indicates that there is a race with the first call stack.

Once you have found two call stacks, how to find the source of the race:

The code is checked first through each call stack, and they all show access to the same location or variable.

Now consider how to correct to make multithreaded access secure:

1. Use locks or other synchronization mechanisms to ensure that only independent access is available at the same time.

2. Use methods such as condition variables to determine the order of multiple accesses.

This article introduces the architecture of Valgrind and highlights its most widely used tools: Memcheck and Helgrind. The basic use methods of Memcheck and Helgrind are expounded. Discovering memory issues and multi-process synchronization issues early in the project can greatly improve development efficiency, and Valgrind is a great tool to help you achieve this goal.