Valgrind
Valgrind
Valgrind
1memcheck
2callgrind
3cachegrind CPU cache
4helgrind
5massif
6lackey
7nulgrind
valgrand --tool=name tool
--tool=memcheck
Valgrind
1.Memcheck
mallocfreenewdelete
1
2/
3/ malloc
4/
5
6 malloc/free new/delete
7memcpy() dst src
C/C++Memcheck
1.
#include <stdlib.h>
2.
#include <malloc.h>
3.
#include <string.h>
4.
5.
void test()
6.
7.
8.
9.
ptr[10] = 7; //
10.
11.
12.
13.
14.
free(ptr);
15.
free(ptr);//
16.
17.
int *p1;
18.
*p1 = 1; //
19. }
20.
21. int main(void)
22. {
23.
test();
24.
return 0;
25. }
valgrind --leak-check=full ./
1.
2.
==4832== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
3.
==4832== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
4.
5.
==4832==
6.
7.
==4832==
8.
==4832==
//
)
9.
10. ==4832==
11. ==4832==
12. ==4832==
)
13. ==4832==
14. ==4832== Source and destination overlap in memcpy(0x41a602c, 0x41a6028, 5)
//
15. ==4832==
16. ==4832==
17. ==4832==
)
18. ==4832==
19. ==4832== Invalid free() / delete / delete[] //
20. ==4832==
21. ==4832==
22. ==4832==
)
23. ==4832== Address 0x41a6028 is 0 bytes inside a block of size 40 free'd
24. ==4832==
25. ==4832==
26. ==4832==
)
27. ==4832==
28. ==4832== Use of uninitialised value of size 4 //
29. ==4832==
30. ==4832==
)
31. ==4832==
32. ==4832==
33. ==4832== Process terminating with default action of signal 11 (SIGSEGV) //
36. ==4832==
)
37. ==4832==
38. ==4832== HEAP SUMMARY:
39. ==4832==
44. ==4832== For counts of detected and suppressed errors, rerun with: -v
45. ==4832== Use --track-origins=yes to see where uninitialised values come from
46. ==4832== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 11 from 6)
47. Segmentation fault
valgrind
2.Callgrind
gprof gprof
Callgrind
cache
callgrind_annotate
gprof2dot
http://http://jrfonseca.googlecode.com/svn/trunk/gprof2dot/gprof2dot.py
python chmod +7 gprof2dot.py
$PATH /usr/bin
gprof2dot.py
Callgrind gnu
gprof-pg
1.
#include <stdio.h>
2.
#include <malloc.h>
3.
void test()
4.
5.
sleep(1);
6.
7.
void f()
8.
9.
int i;
10.
11.
test();
12. }
13. int main()
14. {
15.
f();
16.
printf("process is over!\n");
17.
return 0;
18. }
gcc -pg -o tmp tmp.c./tmp
gmon.out gprof
gprof ./tmp | gprof2dot.py |dot -Tpng -o report.png report.png
test 5 test
Callgrind valgrind --tool=callgrind ./tmp
"callgrind.out.XXX"callgrind_annotate
callgrind.out.XXX gprof2dot.py -f callgrind callgrind.out.XXX |dot
-Tpng -o report.png :
3.Cachegrind
valgrind 25%-30%kde
team valgrind kde
valgrind --tool=cachegrind
4.Helgrind
Helgrind
Helgrind
EraserHelgrind
1.
#include <stdio.h>
2.
#include <pthread.h>
3.
#define NLOOP 50
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
pthread_join(tid1, NULL);
19.
pthread_join(tid2, NULL);
20.
pthread_join(tid3, NULL);
21.
22.
23.
return 0;
24. }
25.
26. void *threadfn(void *vptr)
27. {
28.
int i, val;
29.
30.
val = counter;
31.
32.
counter = val+1;
33.
34.
return NULL;
35. }
30~32 3 50
150 Helgrind
gcc -o test thread.c -lpthread :valgrind
--tool=helgrind ./test :
49c0b70:
49c0b70:
==4666==
Thread
==4666==
==4666==
==4666==
==4666==
at
by
0x40494B5:
by
by
#3
0x412E9D8:
was
clone
pthread_create@@GLIBC_2.1
0x4026E2D:
0x4026F8B:
created
(clone.S:111)
(createthread.c:256)
pthread_create_WRK
(hg_intercepts.c:257)
pthread_create@*
(hg_intercepts.c:288)
==4666==
==4666==
==4666==
Thread
==4666==
==4666==
by
==4666==
0x4026F8B:
created
clone
(clone.S:111)
pthread_create@@GLIBC_2.1
0x4026E2D:
by
was
0x412E9D8:
0x40494B5:
by
==4666==
==4666==
#2
at
(createthread.c:256)
pthread_create_WRK
(hg_intercepts.c:257)
pthread_create@*
(hg_intercepts.c:288)
==4666==
==4666== Possible data race during read of size 4 at 0x804a028 by thread #3
==4666==
==4666==
by
==4666==
0x4026F60:
by
==4666==
mythread_wrapper
0x4048E98:
by
start_thread
0x412E9ED:
This
previous
0x4026F60:
by
==4666==
of
size
mythread_wrapper
0x4048E98:
by
write
(clone.S:130)
==4666==
==4666==
with
(pthread_create.c:304)
clone
==4666==
==4666==
conflicts
(hg_intercepts.c:221)
by
thread
#2
(hg_intercepts.c:221)
start_thread
0x412E9ED:
(pthread_create.c:304)
clone
(clone.S:130)
==4666==
==4666== Possible data race during write of size 4 at 0x804a028 by thread #2
==4666==
==4666==
by
==4666==
0x4026F60:
by
==4666==
mythread_wrapper
0x4048E98:
by
0x412E9ED:
by
==4666==
previous
of
size
mythread_wrapper
0x4048E98:
by
read
(clone.S:130)
==4666==
==4666==
clone
This
by
with
(pthread_create.c:304)
==4666==
==4666==
conflicts
(hg_intercepts.c:221)
start_thread
by
thread
#3
(hg_intercepts.c:221)
start_thread
0x412E9ED:
(pthread_create.c:304)
clone
(clone.S:130)
==4666==
49c0b70:
......
55c1b70:
51
==4666==
==4666==
For
counts
of
==4666==
Use
--history-level=approx
==4666==
the
cost
of
detected
reduced
and
or
suppressed
=none
accuracy
of
to
errors,
gain
rerun
increased
conflicting-access
with:
-v
speed,
at
information
Massif profile
C++ C++
lackey nulgrind Lackey Nulgrind
Valgrind
Valgrind
memcheck
valgrind
valgrind [valgrind-options] your-prog [your-prog options]
-h --help
--version
valgrind
-q --quiet
-v --verbose
--tool=<toolname> [default:
memcheck]
valgrind toolname
memcheck
--db-attach=<yes|no>
[default: no]
Valgrind
1. www.valgrind.org valgrind-3.2.3.tar.bz2
2. tar jxvf valgrind-3.2.3.tar.bz2
3. valgrind-3.2.3
4. cd valgrind-3.2.3
5. ./autogen.sh autoconf
6. ./configure; Valgrind MakeFile INSTALL -prefix=/where/you/want/it/installed
7. Make Valgrind
8. make install Valgrind
Valgrind
Valgrind :memcheckaddrcheckcachegrindMassifhelgrind Callgrind
Valgrind , memcheck
1memcheck
memcheck /
malloc/new/free/delete memcheck
1
2/
3/
4/
5
6 malloc/new/new[] free/delete/delete[]
7src dst
2cachegrind
cachegrind cache CPU L1, D1 L2 cache
cache cache cache
3helgrind
helgrind helgrind
Helgrind
Helgrind
Eraser
4Callgrind
Callgrind cache
callgrind_annotate
:
$valgrind --tool=callgrind ./sec_infod
callgrind.out.[pid], ,
$killall callgrind
6lackey
lackey
Valgrind
: valgrind [options] prog-and-args [options]: Valgrind
--tool=<name>
--version
valgrind
-q --quiet
--verbose
--trace-children=<yes|no>
? [default: no]
--track-fds=<yes|no>
[default: no]
--time-stamp=<yes|no>
LOG ? [default: no]
--log-fd=<number>
LOG [2=stderr]
--log-file=<file>
filename.PID PID ID
--log-file-exactly=<file>
LOG file
LOG
--xml=yes
xml memcheck
--num-callers=<number>
show <number> callers in stack traces [12]
--error-exitcode=<number>
[0=disable]
--db-attach=<yes|no>
valgrind gdb[default: no]
--db-command=<command>
[gdb -nw %f %p]
Memcheck
--leak-check=<no|summary|full>
leak ? Leak
summary malloc free full
leaks malloc/free [default: summary]
--show-reachable=<yes|no>
no leaks malloc leaks [default: no]
A
Valgrind
gcc -g
valgrind valgrind
valgrind
C++ -fno-inline
C++ memcheck openoffice
valgrind
(-O2 ) memcheck
valgrind
--trace-children=yes
memcheck sample.c
sample.c, gcc
2
10297 Process ID
valgrind
valgrind
l 4 bytes
l
l
40 bytes
Valgrind
1
#include <stdio.h>
int main()
{
int x;
if(x == 0)
{
printf("X is zero");
}
return 0;
}
Valgrind
==14222== Conditional jump or move depends on uninitialised value(s)
==14222== at 0x400484: main (sample2.c:6)
X is zero==14222==
==14222== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 5 from 1)
==14222== malloc/free: in use at exit: 0 bytes in 0 blocks.
==14222== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==14222== For counts of detected errors, rerun with: -v
==14222== All heap blocks were freed -- no leaks are possible.
#include <stdlib.h>
#include <stdio.h>
int main(int argc,char *argv[])
{
int len=5;
int i;
int *pt=(int*)malloc(len*sizeof(int));
int *p=pt;
for(i=0;i<len;i++)
{p++;}
*p=5;
printf(%d,*p);
return;
}
Valgrind
==23045== Invalid write of size 4
==23045== at 0x40050A: main (sample2.c:11)
==23045== Address 0x4C2E044 is 0 bytes after a block of size 20 alloc'd
==23045== at 0x4A05809: malloc (vg_replace_malloc.c:149)
==23045== by 0x4004DF: main (sample2.c:7)
==23045==
3src dst
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int main(int argc,char *argv[])
{ char x[50];
int i;
for(i=0;i<50;i++)
{x[i]=i;}
strncpy(x+20,x,20); //Good
strncpy(x+20,x,21); //Overlap
x[39]=\0;
strcpy(x,x+20); //Good
x[39]=40;
x[40]=\0;
strcpy(x,x+20); //Overlap
return 0;
}
Valgrind
==24139== Source and destination overlap in strncpy(0x7FEFFFC09, 0x7FEFFFBF5, 21)
==24139== at 0x4A0724F: strncpy (mc_replace_strmem.c:116)
==24139== by 0x400527: main (sample3.c:10)
==24139==
==24139== Source and destination overlap in strcpy(0x7FEFFFBE0, 0x7FEFFFBF4)
==24139== at 0x4A06E47: strcpy (mc_replace_strmem.c:106)
==24139== by 0x400555: main (sample3.c:15)
==24139==
==24139== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 5 from 1)
==24139== malloc/free: in use at exit: 0 bytes in 0 blocks.
==24139== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==24139== For counts of detected errors, rerun with: -v
==24139== All heap blocks were freed -- no leaks are possible.
4
l
C++ C C C++ C++
C C C++
C++ malloc/alloc/realloc free new
delete malloc delete
p pt
l
16
#include <stdlib.h>
#include <stdio.h>
int main(int argc,char *argv[])
{ char *p=(char*)malloc(10);
char *pt=p;
int i;
for(i=0;i<10;i++)
{p[i]=z;}
delete p;
p[1]=a;
free(pt);
return 0;
}
Valgrind
==25811== Mismatched free() / delete / delete []
==25811== at 0x4A05130: operator delete(void*) (vg_replace_malloc.c:244)
==25811== by 0x400654: main (sample4.c:9)
==25811== Address 0x4C2F030 is 0 bytes inside a block of size 10 alloc'd
==25811== at 0x4A05809: malloc (vg_replace_malloc.c:149)
==25811== by 0x400620: main (sample4.c:4)
==25811==
==25811== Invalid write of size 1
==25811== at 0x40065D: main (sample4.c:10)
==25811== Address 0x4C2F031 is 1 bytes inside a block of size 10 free'd
==25811== at 0x4A05130: operator delete(void*) (vg_replace_malloc.c:244)
==25811== by 0x400654: main (sample4.c:9)
==25811==
==25811== Invalid free() / delete / delete[]
==25811== at 0x4A0541E: free (vg_replace_malloc.c:233)
==25811== by 0x400668: main (sample4.c:11)
==25811== Address 0x4C2F030 is 0 bytes inside a block of size 10 free'd
#include <stdlib.h>
int main()
{
char *x = (char*)malloc(20);
char *y = (char*)malloc(20);
x=y;
free(x);
free(y);
return 0;
}
Valgrind
==19013== Invalid free() / delete / delete[]
==19013== at 0x4A0541E: free (vg_replace_malloc.c:233)
int main()
{
int i, *x;
x = (int *)malloc(10*sizeof(int));
for (i=0; i<11; i++)
x[i] = i;
free(x);
}
Valgrind
==21483== Invalid write of size 4
==21483== at 0x4004EA: main (sample6.c:6)
==21483== Address 0x4C2E058 is 0 bytes after a block of size 40 alloc'd
==21483== at 0x4A05809: malloc (vg_replace_malloc.c:149)
==21483== by 0x4004C9: main (sample6.c:4)
==21483==
==21483== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 5 from 1)
==21483== malloc/free: in use at exit: 0 bytes in 0 blocks.
==21483== malloc/free: 1 allocs, 1 frees, 40 bytes allocated.
==21483== For counts of detected errors, rerun with: -v
==21483== All heap blocks were freed -- no leaks are possible.
7
#include <stdlib.h>
int main()
{
char *x = malloc(10);
x[10] = 'a';
free(x);
return 0;
}
Valgrind
==15262== Invalid write of size 1
==15262== at 0x4004D6: main (sample7.c:5)
==15262== Address 0x4C2E03A is 0 bytes after a block of size 10 alloc'd
==15262== at 0x4A05809: malloc (vg_replace_malloc.c:149)
==15262== by 0x4004C9: main (sample7.c:4)
==15262==
==15262== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 5 from 1)
==15262== malloc/free: in use at exit: 0 bytes in 0 blocks.
==15262== malloc/free: 1 allocs, 1 frees, 10 bytes allocated.
==15262== For counts of detected errors, rerun with: -v
==15262== All heap blocks were freed -- no leaks are possible.
8
#include <stdlib.h>
int main()
{
char *x = malloc(10);
free(x);
free(x);
return 0;
}
Valgrind
==15005== Invalid free() / delete / delete[]
==15005== at 0x4A0541E: free (vg_replace_malloc.c:233)
==15005== by 0x4004DF: main (sample8.c:6)
==15005== Address 0x4C2E030 is 0 bytes inside a block of size 10 free'd
==15005== at 0x4A0541E: free (vg_replace_malloc.c:233)
==15005== by 0x4004D6: main (sample8.c:5)
==15005==
==15005== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 5 from 1)
==15005== malloc/free: in use at exit: 0 bytes in 0 blocks.
==15005== malloc/free: 1 allocs, 2 frees, 10 bytes allocated.
==15005== For counts of detected errors, rerun with: -v
==15005== All heap blocks were freed -- no leaks are possible.
Valgrind
l Valgrind ():
int main()
{
char x[10];
x[11] = 'a';
}
Valgrind
l Valgrind -- Valgrind
Valgrind
Valgrind --Valgrind
-h --help
--help-debug
--help Valgrind
--version
Valgrind
-q --quiet
-v --verbose
-d
Valgrind Valgrind
bug -v -v -d -d
--tool=<toolname> [default: memcheck]
toolname ValgrindMemcheck, Addrcheck, Cachegrind,
--log-file-qualifier=<VAR>
--log-file $VAR MPI
2.3 ""
--log-socket=<ip-address:port-number>
Valgrind IP 1500
Valgrind (stderr) Valgrind
2.3 ""
Memcheck, Cachegrind
--error-exitcode=<number> [default: 0]
Valgrind ()
Valgrind Valgrind
Valgrind
Valgrind Valgrind
--show-below-main=<yes|no> [default: no]
main()( glibc __libc_start_main()
main()) C main()
Valgrind (
)<>;
-v
--db-attach=<yes|no> [default: no]
Valgrind ---- Attach to debugger ? --[Return/N/n/Y/y/C/c] ---- , NnValgrind
Y yValgrind
C cValgrind
--db-attach=yes --trace-children=yes
Valgrind
2002.05:
2002.11:
--db-command=<command> [default: gdb -nw %f %p]
--db-attach gdb. Valgrind
%f %p ID
Valgrind GDB ,
/usr/bin/gdb.
%p %f %p PID
%f
--input-fd=<number> [default: 0, stdin]
--db-attach=yes --gen-suppressions=yes Valgrind
Valgrind
valgrind
Valgrind Memcheck
Memcheck
Valgrind
Memcheck
MALLOC():
malloc() ( Memcheck massif)
--alignment=<number> [default: 8]
Valgrind malloc(),realloc(), 8
malloc() 16 8 4096
2
Valgrind core
--run-libc-freeres=<yes|no> [default: yes]
GNU C (libc.so)
-- Linux
glibc Valgrind glibc
__libc_freeres() glibc
Memcheck __libc_freeres() glibc
__libc_freeres bug Red Hat 7.1
__libc_freeres Valgrind
--run-libc-freeres=no libc.so
--sim-hints=hint1,hint2,...
Valgrind
l lax-ioctls: ioctl
ioctl
l enable-inner: Valgrind
--kernel-variant=variant1,variant2,...
ioctls
ioctls
l bproc: X86 sys_broc BProc Linux
all ( none
)
VALGRIND
Valgrind
--help-debug
memcheck low
med high
hardcore --leak-resolution=high --num-callers=40
--leak-resolution= memcheck
--freelist-vol=<number> [default: 5000000]
free(C ) delete(C++)
memcheck
5000000
memcheck
--workaround-gcc296-bugs=<yes|no> [default: no]
gcc 2.96 bug
256 gcc 2.96 Linux (RedHat 7.X)
bug gcc/g++
--partial-loads-ok=<yes|no> [default: no]
memcheck
yes V
no
V ISO
C/C++
CACHEGRIND
I1/D1/L2
valgrind --tool=cachegrind --I1=65535,2,64 I1/D1/L2
( CPUID )
--I1=<size>,<associativity>,<line size>
--D1=<size>,<associativity>,<line size>
--L2=<size>,<associativity>,<line size>
CALLGRIND
--heap=<yes|no> [default: yes]
massif.pid.txt massif.pid.html
--heap-admin=<number> [default: 8]
glibc
4~15 massif
--stacks=<yes|no> [default: yes]
--depth=<number> [default: 3]
massif
massif.pid.txt massif.pid.hp
--alloc-fn=<name>
malloc()
()
malloc()
--format=<text|html> [default: text]
text HTML .txt .html
HELGRIND
--private-stacks=<yes|no> [default: no]
--show-last-access=<yes|some|no> [default: no]
LACKEY
--fnname=<name> [default: _dl_runtime_resolve()]
<name>
--detailed-counts=<no|yes> [default: no]
alu
1.
valgrind
make
tar