zoukankan      html  css  js  c++  java
  • Valgrind学习笔记(一)

    一、Memcheck-tools

        1.    可查找的错误类型:
                1) Illegal read or write errors
                --read-var-info=<yes|no> [default:no],如果这个选项被打开,应用程序将运行的更慢,但是能够给出能多的错误细节。如下:
       
                --read-var-info=no
                ==15516== Uninitialised byte(s) found during client check request
                ==15516==    at 0x400633: croak (varinfo1.c:28)
                ==15516==    by 0x4006B2: main (varinfo1.c:55)
                ==15516==  Address 0x60103b is 7 bytes inside data symbol "global_i2"
                ==15516==
                ==15516== Uninitialised byte(s) found during client check request
                ==15516==    at 0x400633: croak (varinfo1.c:28)
                ==15516==    by 0x4006BC: main (varinfo1.c:56)
                ==15516==  Address 0x7fefffefc is on thread 1's stack
               
                --read-var-info=yes:
                ==15522== Uninitialised byte(s) found during client check request
                ==15522==    at 0x400633: croak (varinfo1.c:28)
                ==15522==    by 0x4006B2: main (varinfo1.c:55)
                ==15522==  Location 0x60103b is 0 bytes inside global_i2[7],
                ==15522==  a global variable declared at varinfo1.c:41
                ==15522==
                ==15522== Uninitialised byte(s) found during client check request
                ==15522==    at 0x400633: croak (varinfo1.c:28)
                ==15522==    by 0x4006BC: main (varinfo1.c:56)
                ==15522==  Location 0x7fefffefc is 0 bytes inside local var "local"
                ==15522==  declared at varinfo1.c:46, in frame #1 of thread 1

                2) Use of uninitialized values
                --track-origins=yes 可以得到更为详细的错误信息(特别针对使用未初始化的变量时)
               
                3) Use of uninitialized or unaddressable values in system calls
                Code example:           
                int main( void )
                {
                        char* arr  = malloc(10);
                        int*  arr2 = malloc(sizeof(int));
                        write( 1 /* stdout */, arr, 10 );
                        exit(arr2[0]);
                }

                Valgrind给出的信息:
                Syscall param write(buf) points to uninitialised byte(s)
                at 0x25A48723: __write_nocancel (in /lib/tls/libc-2.3.3.so)
                by 0x259AFAD3: __libc_start_main (in /lib/tls/libc-2.3.3.so)
                by 0x8048348: (within /auto/homes/njn25/grind/head4/a.out)
                Address 0x25AB8028 is 0 bytes inside a block of size 10 alloc'd
                at 0x259852B0: malloc (vg_replace_malloc.c:130)
                by 0x80483F1: main (a.c:5)
           
                Syscall param exit(error_code) contains uninitialised byte(s)
                at 0x25A21B44: __GI__exit (in /lib/tls/libc-2.3.3.so)
                by 0x8048426: main (a.c:8)

                4) Illegal frees
                Valgrind将会跟踪program通过malloc/new分配的内存,因此他可以确切的指导当前的free/delete操作是否合法。以下是重复free的一个例子。
                Invalid free()
                    at 0x4004FFDF: free (vg_clientmalloc.c:577)
                    by 0x80484C7: main (tests/doublefree.c:10)
                Address 0x3807F7B4 is 0 bytes inside a block of size 177 free'd
                    at 0x4004FFDF: free (vg_clientmalloc.c:577)
                    by 0x80484C7: main (tests/doublefree.c:10)
                   
                5) When a heap block is freed with an inappropriate deallocation function
                下面是一个用new[]分配但是用free释放的code example
                Mismatched free() / delete / delete []
                    at 0x40043249: free (vg_clientfuncs.c:171)
                    by 0x4102BB4E: QGArray::~QGArray(void) (tools/qgarray.cpp:149)
                    by 0x4C261C41: PptDoc::~PptDoc(void) (include/qmemarray.h:60)
                    by 0x4C261F0E: PptXml::~PptXml(void) (pptxml.cc:44)
                Address 0x4BB292A8 is 0 bytes inside a block of size 64 alloc'd
                    at 0x4004318C: operator new[](unsigned int) (vg_clientfuncs.c:152)
                    by 0x4C21BC15: KLaola::readSBStream(int) const (klaola.cc:314)
                    by 0x4C21C155: KLaola::stream(KLaola::OLENode const *) (klaola.cc:416)
                    by 0x4C21788F: OLEFilter::convert(QCString const &) (olefilter.cc:272)

                6)Overlapping source and destination blocks
                ==27492== Source and destination overlap in memcpy(0xbffff294, 0xbffff280, 21)
                ==27492==    at 0x40026CDC: memcpy (mc_replace_strmem.c:71)
                ==27492==    by 0x804865A: main (overlap.c:40)
       
                7)Memory leak detection
                Pointer chain            AAA Category    BBB Category
                -------------            ------------    ------------
                (1)  RRR ------------> BBB                    DR
                (2)  RRR ---> AAA ---> BBB    DR              IR
                (3)  RRR               BBB                    DL
                (4)  RRR      AAA ---> BBB    DL              IL
                (5)  RRR ------?-----> BBB                    (y)DR, (n)DL
                (6)  RRR ---> AAA -?-> BBB    DR              (y)IR, (n)DL
                (7)  RRR -?-> AAA ---> BBB    (y)DR, (n)DL    (y)IR, (n)IL
                (8)  RRR -?-> AAA -?-> BBB    (y)DR, (n)DL    (y,y)IR, (n,y)IL, (_,n)DL
                (9)  RRR      AAA -?-> BBB    DL              (y)IL, (n)DL
               
                Pointer chain legend:
                - RRR: a root set node or DR block
                - AAA, BBB: heap blocks
                - --->: a start-pointer
                - -?->: an interior-pointer
               
                Category legend:
                - DR: Directly reachable
                - IR: Indirectly reachable
                - DL: Directly lost
                - IL: Indirectly lost
                - (y)XY: it's XY if the interior-pointer is a real pointer
                - (n)XY: it's XY if the interior-pointer is not a real pointer
                - (_)XY: it's XY in either case
               
                --show-reachable=yes如果这样设置,cases 1,2,4 and 9 才会被定位。
                --leak-check=full,memcheck将针对definitely lost or probably lost给出更为详细的信息,甚至包括分配的地点。
               
        2.    Memcheck命令行选项:
               1)    --leak-check=<no|summary|yes|full> [default: summary]
                      如果是summary,则只是给出最后leak的汇总,如果是yes或者是full的话,将会给出比较详细的leak信息。
                       
               2)    --leak-resolution=<low|med|high> [default: high]
                      用于合并leak信息来源的backtraces,如果low,当有两层匹配的时候就可以合并,mid是四层,high要求必须完全比配。该选项不会影响Memcheck查找leak的能力,只会影响结果的显示方式。
               
               3)    --show-reachable=<yes|no> [default: no]
                      如果设置为yes,将获取全部的内存分配状况。
                       
               4)    --track-origins=<yes|no> [default: no]
                      如果设置为yes,对于为初始化的变量(from heap or stack)能够非常好的定位到错误源,但是这也将导致程序的整体运行速度变慢和更大的内存开销。
                       
               5)    --freelist-vol=<number> [default: 20000000]
                      <number>是按照byte来计算的,这个数字越大,检测出对已释放内存的无效访问的可能性越高。
               
  • 相关阅读:
    FreeMarker中<#include>和<#import>标签的区别
    freemarker自定义标签(与java合用)
    JSP页面中验证码的调用方法
    js关闭或者刷新页面后执行事件
    动态生成能够局部刷新的验证码【AJAX技术】---看了不懂赔你钱
    Delphi中Indy 10的安装和老版本的卸载
    在Delphi中关于UDP协议的实现
    Easy smart REST with kbmMW
    Delphi事件的广播
    js调用跨域
  • 原文地址:https://www.cnblogs.com/orangeform/p/2073338.html
Copyright © 2011-2022 走看看