mc-manual.html

memory checking tool 源代码valgrind-3.2.1.tar.gz 这是英文使用手册

<html xmlns:cf="http://docbook.sourceforge.net/xmlns/chunkfast/1.0">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>3.燤emcheck: a heavyweight memory checker</title>
<link rel="stylesheet" href="vg_basic.css" type="text/css">
<meta name="generator" content="DocBook XSL Stylesheets V1.69.0">
<link rel="start" href="index.html" title="Valgrind Documentation">
<link rel="up" href="manual.html" title="Valgrind User Manual">
<link rel="prev" href="manual-core.html" title="2.燯sing and understanding the Valgrind core">
<link rel="next" href="cg-manual.html" title="4.燙achegrind: a cache profiler">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div><table class="nav" width="100%" cellspacing="3" cellpadding="3" border="0" summary="Navigation header"><tr>
<td width="22px" align="center" valign="middle"><a accesskey="p" href="manual-core.html"><img src="images/prev.png" width="18" height="21" border="0" alt="Prev"></a></td>
<td width="25px" align="center" valign="middle"><a accesskey="u" href="manual.html"><img src="images/up.png" width="21" height="18" border="0" alt="Up"></a></td>
<td width="31px" align="center" valign="middle"><a accesskey="h" href="index.html"><img src="images/home.png" width="27" height="20" border="0" alt="Up"></a></td>
<th align="center" valign="middle">Valgrind User Manual</th>
<td width="22px" align="center" valign="middle"><a accesskey="n" href="cg-manual.html"><img src="images/next.png" width="18" height="21" border="0" alt="Next"></a></td>
</tr></table></div>
<div class="chapter" lang="en">
<div class="titlepage"><div><div><h2 class="title">
<a name="mc-manual"></a>3.燤emcheck: a heavyweight memory checker</h2></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="mc-manual.html#mc-manual.bugs">3.1. Kinds of bugs that Memcheck can find</a></span></dt>
<dt><span class="sect1"><a href="mc-manual.html#mc-manual.flags">3.2. Command-line flags specific to Memcheck</a></span></dt>
<dt><span class="sect1"><a href="mc-manual.html#mc-manual.errormsgs">3.3. Explanation of error messages from Memcheck</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="mc-manual.html#mc-manual.badrw">3.3.1. Illegal read / Illegal write errors</a></span></dt>
<dt><span class="sect2"><a href="mc-manual.html#mc-manual.uninitvals">3.3.2. Use of uninitialised values</a></span></dt>
<dt><span class="sect2"><a href="mc-manual.html#mc-manual.badfrees">3.3.3. Illegal frees</a></span></dt>
<dt><span class="sect2"><a href="mc-manual.html#mc-manual.rudefn">3.3.4. When a block is freed with an inappropriate deallocation
function</a></span></dt>
<dt><span class="sect2"><a href="mc-manual.html#mc-manual.badperm">3.3.5. Passing system call parameters with inadequate read/write
permissions</a></span></dt>
<dt><span class="sect2"><a href="mc-manual.html#mc-manual.overlap">3.3.6. Overlapping source and destination blocks</a></span></dt>
<dt><span class="sect2"><a href="mc-manual.html#mc-manual.leaks">3.3.7. Memory leak detection</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="mc-manual.html#mc-manual.suppfiles">3.4. Writing suppression files</a></span></dt>
<dt><span class="sect1"><a href="mc-manual.html#mc-manual.machine">3.5. Details of Memcheck's checking machinery</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="mc-manual.html#mc-manual.value">3.5.1. Valid-value (V) bits</a></span></dt>
<dt><span class="sect2"><a href="mc-manual.html#mc-manual.vaddress">3.5.2. Valid-address (A) bits</a></span></dt>
<dt><span class="sect2"><a href="mc-manual.html#mc-manual.together">3.5.3. Putting it all together</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="mc-manual.html#mc-manual.clientreqs">3.6. Client Requests</a></span></dt>
</dl>
</div>
<p>To use this tool, you may specify <code class="option">--tool=memcheck</code>
on the Valgrind command line.  You don't have to, though, since Memcheck
is the default tool.</p>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="mc-manual.bugs"></a>3.1.燢inds of bugs that Memcheck can find</h2></div></div></div>
<p>Memcheck is Valgrind's heavyweight memory checking tool.  All
reads and writes of memory are checked, and calls to
malloc/new/free/delete are intercepted. As a result, Memcheck can detect
the following problems:</p>
<div class="itemizedlist"><ul type="disc">
<li><p>Use of uninitialised memory</p></li>
<li><p>Reading/writing memory after it has been free'd</p></li>
<li><p>Reading/writing off the end of malloc'd blocks</p></li>
<li><p>Reading/writing inappropriate areas on the stack</p></li>
<li><p>Memory leaks - where pointers to malloc'd blocks are
   lost forever</p></li>
<li><p>Mismatched use of malloc/new/new [] vs
    free/delete/delete []</p></li>
<li><p>Overlapping <code class="computeroutput">src</code> and
    <code class="computeroutput">dst</code> pointers in
    <code class="function">memcpy()</code> and related
    functions</p></li>
</ul></div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="mc-manual.flags"></a>3.2.燙ommand-line flags specific to Memcheck</h2></div></div></div>
<div class="variablelist">
<a name="mc.opts.list"></a><dl>
<dt>
<a name="opt.leak-check"></a><span class="term">
      <code class="option">--leak-check=&lt;no|summary|yes|full&gt; [default: summary] </code>
    </span>
</dt>
<dd><p>When enabled, search for memory leaks when the client
      program finishes.  A memory leak means a malloc'd block, which has
      not yet been free'd, but to which no pointer can be found.  Such a
      block can never be free'd by the program, since no pointer to it
      exists.  If set to <code class="varname">summary</code>, it says how many
      leaks occurred.  If set to <code class="varname">full</code> or
      <code class="varname">yes</code>, it gives details of each individual
      leak.</p></dd>
<dt>
<a name="opt.show-reachable"></a><span class="term">
      <code class="option">--show-reachable=&lt;yes|no&gt; [default: no] </code>
    </span>
</dt>
<dd><p>When disabled, the memory leak detector only shows blocks
      for which it cannot find a pointer to at all, or it can only find
      a pointer to the middle of.  These blocks are prime candidates for
      memory leaks.  When enabled, the leak detector also reports on
      blocks which it could find a pointer to.  Your program could, at
      least in principle, have freed such blocks before exit.  Contrast
      this to blocks for which no pointer, or only an interior pointer
      could be found: they are more likely to indicate memory leaks,
      because you do not actually have a pointer to the start of the
      block which you can hand to <code class="function">free</code>, even if you
      wanted to.</p></dd>
<dt>
<a name="opt.leak-resolution"></a><span class="term">
      <code class="option">--leak-resolution=&lt;low|med|high&gt; [default: low] </code>
    </span>
</dt>
<dd>
<p>When doing leak checking, determines how willing
      <code class="constant">memcheck</code> is to consider different backtraces to
      be the same.  When set to <code class="varname">low</code>, only the first
      two entries need match.  When <code class="varname">med</code>, four entries
      have to match.  When <code class="varname">high</code>, all entries need to
      match.</p>
<p>For hardcore leak debugging, you probably want to use
      <code class="option">--leak-resolution=high</code> together with
      <code class="option">--num-callers=40</code> or some such large number.  Note
      however that this can give an overwhelming amount of information,
      which is why the defaults are 4 callers and low-resolution
      matching.</p>
<p>Note that the <code class="option">--leak-resolution=</code> setting
      does not affect <code class="constant">memcheck's</code> ability to find
      leaks.  It only changes how the results are presented.</p>
</dd>
<dt>
<a name="opt.freelist-vol"></a><span class="term">
      <code class="option">--freelist-vol=&lt;number&gt; [default: 5000000] </code>
    </span>
</dt>
<dd>
<p>When the client program releases memory using
      <code class="function">free</code> (in <code class="literal">C</code>) or delete
      (<code class="literal">C++</code>), that memory is not immediately made
      available for re-allocation.  Instead, it is marked inaccessible
      and placed in a queue of freed blocks.  The purpose is to defer as
      long as possible the point at which freed-up memory comes back
      into circulation.  This increases the chance that
      <code class="constant">memcheck</code> will be able to detect invalid
      accesses to blocks for some significant period of time after they
      have been freed.</p>
<p>This flag specifies the maximum total size, in bytes, of the
      blocks in the queue.  The default value is five million bytes.
      Increasing this increases the total amount of memory used by
      <code class="constant">memcheck</code> but may detect invalid uses of freed
      blocks which would otherwise go undetected.</p>
</dd>
<dt>
<a name="opt.workaround-gcc296-bugs"></a><span class="term">
      <code class="option">--workaround-gcc296-bugs=&lt;yes|no&gt; [default: no] </code>
    </span>
</dt>
<dd><p>When enabled, assume that reads and writes some small
      distance below the stack pointer are due to bugs in gcc 2.96, and
      does not report them.  The "small distance" is 256 bytes by
      default.  Note that gcc 2.96 is the default compiler on some older
      Linux distributions (RedHat 7.X) and so you may need to use this
      flag.  Do not use it if you do not have to, as it can cause real
      errors to be overlooked.  A better alternative is to use a more
      recent gcc/g++ in which this bug is fixed.</p></dd>
<dt>
<a name="opt.partial-loads-ok"></a><span class="term">
      <code class="option">--partial-loads-ok=&lt;yes|no&gt; [default: no] </code>
    </span>
</dt>
<dd>
<p>Controls how <code class="constant">memcheck</code> handles word-sized,
      word-aligned loads from addresses for which some bytes are
      addressible and others are not.  When <code class="varname">yes</code>, such
      loads do not elicit an address error.  Instead, the loaded V bytes
      corresponding to the illegal addresses indicate Undefined, and
      those corresponding to legal addresses are loaded from shadow
      memory, as usual.</p>
<p>When <code class="varname">no</code>, loads from partially invalid
      addresses are treated the same as loads from completely invalid
      addresses: an illegal-address error is issued, and the resulting V
      bytes indicate valid data.</p>
<p>Note that code that behaves in this way is in violation of
      the the ISO C/C++ standards, and should be considered broken.  If
      at all possible, such code should be fixed.  This flag should be
      used only as a last resort.</p>
</dd>
<dt>
<a name="opt.undef-value-errors"></a><span class="term">
      <code class="option">--undef-value-errors=&lt;yes|no&gt; [default: yes] </code>
    </span>
</dt>
<dd><p>Controls whether <code class="constant">memcheck</code> detects
      dangerous uses of undefined value errors.  When
      <code class="varname">yes</code>, Memcheck behaves like Addrcheck, a lightweight
      memory-checking tool that used to be part of Valgrind, which didn't
      detect undefined value errors.  Use this option if you don't like
      seeing undefined value errors.
      </p></dd>
</dl>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="mc-manual.errormsgs"></a>3.3.燛xplanation of error messages from Memcheck</h2></div></div></div>
<p>Despite considerable sophistication under the hood, Memcheck can
only really detect two kinds of errors: use of illegal addresses, and
use of undefined values.  Nevertheless, this is enough to help you
discover all sorts of memory-management nasties in your code.  This
section presents a quick summary of what error messages mean.  The
precise behaviour of the error-checking machinery is described in 
<a href="mc-manual.html#mc-manual.machine">Details of Memcheck's checking machinery</a>.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="mc-manual.badrw"></a>3.3.1.營llegal read / Illegal write errors</h3></div></div></div>
<p>For example:</p>
<pre class="programlisting">
Invalid read of size 4
   at 0x40F6BBCC: (within /usr/lib/libpng.so.2.1.0.9)
   by 0x40F6B804: (within /usr/lib/libpng.so.2.1.0.9)
   by 0x40B07FF4: read_png_image__FP8QImageIO (kernel/qpngio.cpp:326)
   by 0x40AC751B: QImageIO::read() (kernel/qimage.cpp:3621)
 Address 0xBFFFF0E0 is not stack'd, malloc'd or free'd
</pre>
<p>This happens when your program reads or writes memory at a place
which Memcheck reckons it shouldn't.  In this example, the program did a
4-byte read at address 0xBFFFF0E0, somewhere within the system-supplied
library libpng.so.2.1.0.9, which was called from somewhere else in the
same library, called from line 326 of <code class="filename">qpngio.cpp</code>,
and so on.</p>
<p>Memcheck tries to establish what the illegal address might relate
to, since that's often useful.  So, if it points into a block of memory
which has already been freed, you'll be informed of this, and also where
the block was free'd at.  Likewise, if it should turn out to be just off
the end of a malloc'd block, a common result of off-by-one-errors in
array subscripting, you'll be informed of this fact, and also where the
block was malloc'd.</p>
<p>In this example, Memcheck can't identify the address.  Actually
the address is on the stack, but, for some reason, this is not a valid
stack address -- it is below the stack pointer and that isn't allowed.
In this particular case it's probably caused by gcc generating invalid
code, a known bug in some ancient versions of gcc.</p>
<p>Note that Memcheck only tells you that your program is about to
access memory at an illegal address.  It can't stop the access from
happening.  So, if your program makes an access which normally would
result in a segmentation fault, you program will still suffer the same
fate -- but you will get a message from Memcheck immediately prior to
this.  In this particular example, reading junk on the stack is
non-fatal, and the program stays alive.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="mc-manual.uninitvals"></a>3.3.2.燯se of uninitialised values</h3></div></div></div>
<p>For example:</p>
<pre class="programlisting">
Conditional jump or move depends on uninitialised value(s)
   at 0x402DFA94: _IO_vfprintf (_itoa.h:49)
   by 0x402E8476: _IO_printf (printf.c:36)
   by 0x8048472: main (tests/manuel1.c:8)
</pre>
<p>An uninitialised-value use error is reported when your program
uses a value which hasn't been initialised -- in other words, is
undefined.  Here, the undefined value is used somewhere inside the
printf() machinery of the C library.  This error was reported when
running the following small program:</p>
<pre class="programlisting">
int main()
{
  int x;
  printf ("x = %d\n", x);
}</pre>
<p>It is important to understand that your program can copy around
junk (uninitialised) data as much as it likes.  Memcheck observes this
and keeps track of the data, but does not complain.  A complaint is
issued only when your program attempts to make use of uninitialised
data.  In this example, x is uninitialised.  Memcheck observes the value
being passed to <code class="literal">_IO_printf</code> and thence to
<code class="literal">_IO_vfprintf</code>, but makes no comment.  However,
_IO_vfprintf has to examine the value of x so it can turn it into the
corresponding ASCII string, and it is at this point that Memcheck
complains.</p>