Valgrind is a multipurpose code profiling and memory debugging tool for Linux on both the x86 and, as of version 3, AMD64, architectures. It allows you to run your program in Valgrind's own environment that monitors memory usage such as calls to malloc and free (or new and delete in C++). If you use uninitialized memory, write off the end of an array, or forget to free a pointer, Valgrind can detect it. Since these are particularly common problems, this tutorial will focus mainly on using Valgrind to find these types of simple memory problems.
For Windows users: if you don't have access to a Linux machine, or if you want to develop Windows-specific software, you might be interested in IBM's Purify, which has features similar to Valgrind for finding memory leaks and invalid memory accesses. A trial download is available.
Getting Valgrind
If you're running Linux and you don't have a copy already, you can get Valgrind from the Valgrind download page.Installation should be as simple as decompressing and untarring using bzip2 (XYZ is the version number in the below examples)
bzip2 -d valgrind-XYZ.tar.bz2 tar -xf valgrind-XYZ.tar
which will create a directory called valgrind-XYZ; change into that directory and run
./configure make make installNow that you have Valgrind installed, let's look at how to use it.
Finding Memory Leaks With Valgrind
Memory leaks are among the most difficult bugs to detect because they don't cause any outward problems until you've run out of memory and your call to malloc suddenly fails. In fact, when working with a language like C or C++ that doesn't have garbage collection, almost half your time might be spent handling correctly freeing memory. And even one mistake can be costly if your program runs for long enough and follows that branch of code.When you run your code, you'll need to specify the tool you want to use; simply running valgrind will give you the current list. We'll focus mainly on the memcheck tool for this tutorial as running valgrind with the memcheck tool will allow us to check correct memory usage. With no other arguments, Valgrind presents a summary of calls to free and malloc: (Note that 18490 is the process id on my system; it will differ between runs.)
% valgrind --tool=memcheck program_name ... =18515== malloc/free: in use at exit: 0 bytes in 0 blocks. ==18515== malloc/free: 1 allocs, 1 frees, 10 bytes allocated. ==18515== For a detailed leak analysis, rerun with: --leak-check=yes
If you have a memory leak, then the number of allocs and the number of frees will differ (you can't use one free to release the memory belonging to more than one alloc). We'll come back to the error summary later, but for now, notice that some errors might be suppressed -- this is because some errors will be from standard library routines rather than your own code.
Finding Invalid Pointer Use With Valgrind
Valgrind can also find the use of invalid heap memory using the memcheck tool. For instance, if you allocate an array with malloc or new and then try to access a location past the end of the array:char *x = malloc(10); x[10] = 'a';Valgrind will detect it. For instance, running the following program, example2, through Valgrind
#include <stdlib.h>
int main()
{
char *x = malloc(10);
x[10] = 'a';
return 0;
}
withvalgrind --tool=memcheck --leak-check=yes example2results in the following warning
==9814== Invalid write of size 1 ==9814== at 0x804841E: main (example2.c:6) ==9814== Address 0x1BA3607A is 0 bytes after a block of size 10 alloc'd ==9814== at 0x1B900DD0: malloc (vg_replace_malloc.c:131) ==9814== by 0x804840F: main (example2.c:5)What this tell us is that we're using a pointer allocated room for 10 bytes, outside that range -- consequently, we have an 'Invalid write'. If we were to try to read from that memory, we'd be alerted to an 'Invalid read of size X', where X is the amount of memory we try to read. (For a char, it'll be one, and for an int, it would be either 2 or 4, depending on your system.) As usual, Valgrind prints the stack trace of function calls so that we know exactly where the error occurs.
No comments:
Post a Comment