1.valgrind功能简介
程序崩溃的 coredump文件, 通过gdb 能定位非法地址访问位置问题,
但对于内存泄漏, 内存越界访问, 无有效的提示.
valgrind 功能强大, 可以调试定位常见内存问题:
- 非法地址访问
- 内存泄漏
- 内存越界读写
命令
调试内存问题 : valgrind --leak-check=full
更新详细的显示: valgrind --leak-check=full --show-leak-kinds=all
2.valgrind提示信息汇总
- 内存泄漏 lost in loss record 丢失记录 , 内存泄漏实例[[#2.内存泄漏--不完全释放内存|实例链接]]
- 段错误 Process terminating with default action of signal 11 (SIGSEGV)
- 越界访问
- 栈越界读 --无异常
- 栈越界写 实例[[#2.栈越界写]]
- Jump to the invalid address stated on the next line
- reachable in loss record
- still reachable:
测试代码链接: gitee-51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c
3.实例
1.无内存泄漏--完全释放内存
shell
#include <stdio.h>
#include <stdlib.h>
void full_calloc_free(void)
{
printf("申请3次内存,并释放\n");
int * p_data[3];
p_data[0] = malloc(sizeof(int));
p_data[1] = malloc(sizeof(int)*3);
p_data[2] = malloc(sizeof(int)*5);
free(p_data[0]);
free(p_data[1]);
free(p_data[2]);
}
valgrind --leak-check=full ./52_valgrind_内存泄漏提示.out
2921 Command: ./52_valgrind___.out
申请3次内存,并释放
2921
2921 HEAP SUMMARY:
2921 in use at exit: 0 bytes in 0 blocks
2921 total heap usage: 4 allocs, 4 frees , 1,060 bytes allocated -->申请4次,释放4次
2921
2921 All heap blocks were freed -- no leaks are possible -->无内存泄漏可能性
2921
2921 For lists of detected and suppressed errors, rerun with: -s
2921 ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
总结:
无内存泄漏的程序, 运行结束, 应该提示无内存泄漏
2.内存泄漏--不完全释放内存
c
void manual_leak_mem(void)
{
printf("申请3次内存,少释放一次,主动触发 内存泄漏\n");
int *p_data[3];
p_data[0] = malloc(sizeof(int));
p_data[1] = malloc(sizeof(int) * 3);
p_data[2] = malloc(sizeof(int) * 5);
free(p_data[0]);
free(p_data[1]);
// free(p_data[2]);
}
valgrind --leak-check=full ./52_valgrind_内存泄漏提示.out 1
申请3次内存,少释放一次,主动触发 内存泄漏
2981 HEAP SUMMARY:
2981 in use at exit: 20 bytes in 1 blocks
2981 total heap usage: 4 allocs, 3 frees, 1,060 bytes allocated -->4次申请,3次释放,少一次free
2981
2981 20 bytes in 1 blocks are definitely lost in loss record 1 of 1
2981 at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
2981 by 0x1092A7: manual_leak_mem (52_valgrind_内存泄漏提示.c:23) -->内存泄漏提示行
2981 by 0x109318: main (52_valgrind_内存泄漏提示.c:37)
2981
2981 LEAK SUMMARY:
2981 definitely lost: 20 bytes in 1 blocks
2981 indirectly lost: 0 bytes in 0 blocks
2981 possibly lost: 0 bytes in 0 blocks
2981 still reachable: 0 bytes in 0 blocks
2981 suppressed: 0 bytes in 0 blocks
2981
2981 For lists of detected and suppressed errors, rerun with: -s
2981 ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
总结:
lost in loss record 丢失记录 --> 内存泄漏
3.非法地址访问
3.1非法地址读
c
// 2.非法地址访问
void invalid_address_access(void)
{
// uint8_t *p = 0x12345678; # 非法地址
uint8_t *p = NULL;
printf("val = %d\n", *p);
}
valgrind --leak-check=full ./51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out 2
13358 Command: ./51_mem_valgrind__.out 3
13358
13358 Invalid read of size 1 无效读地址
13358 at 0x109234: invalid_address_access (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:18) 提示错误行
13358 by 0x109312: main (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:47)
13358 Address 0x0 is not stack'd, malloc'd or (recently) free'd
13358
13358
13358 Process terminating with default action of signal 11 (SIGSEGV) SIGSEGV非法地址访问
13358 Access not within mapped region at address 0x0
13358 at 0x109234: invalid_address_access (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:18)
13358 by 0x109312: main (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:47)
13358 If you believe this happened as a result of a stack
13358 overflow in your program's main thread (unlikely but
13358 possible), you can try to increase the size of the
13358 main thread stack using the --main-stacksize= flag.
13358 The main thread stack size used in this run was 8388608.
13358
13358 HEAP SUMMARY:
13358 in use at exit: 0 bytes in 0 blocks
13358 total heap usage: 0 allocs, 0 frees, 0 bytes allocated
13358
13358 All heap blocks were freed -- no leaks are possible
13358
13358 For lists of detected and suppressed errors, rerun with: -s
13358 ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
3.1非法地址写
c
// 2.非法地址访写
void invalid_address_write(void)
{
// uint8_t *p = 0x12345678; # 非法地址
uint8_t *p = NULL;
*p = 0x12;
}
valgrind --leak-check=full ./51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out 3
17929 Invalid write of size 1 非法地址写
17929 at 0x109267: invalid_address_write (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:26)
17929 by 0x10933F: main (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:56)
17929 Address 0x0 is not stack'd, malloc'd or (recently) free'd
17929
17929
17929 Process terminating with default action of signal 11 (SIGSEGV) 段错误
17929 Access not within mapped region at address 0x0
17929 at 0x109267: invalid_address_write (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:26) 提示行
17929 by 0x10933F: main (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:56)
17929 If you believe this happened as a result of a stack
17929 overflow in your program's main thread (unlikely but
17929 possible), you can try to increase the size of the
17929 main thread stack using the --main-stacksize= flag.
17929 The main thread stack size used in this run was 8388608.
17929
17929 HEAP SUMMARY:
17929 in use at exit: 0 bytes in 0 blocks
17929 total heap usage: 0 allocs, 0 frees, 0 bytes allocated
17929
17929 All heap blocks were freed -- no leaks are possible
17929
17929 For lists of detected and suppressed errors, rerun with: -s
17929 ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault 段错误
4.内存越界
1.栈越界读
c
// 4.越界 读写
void corss_border_read_write(void)
{
uint32_t a = 0x10;
uint32_t *p = &a + 0x8;
// 越界读 -- 程序不崩溃,可能导致逻辑错误
printf("cross border address read %x\n", *p);
// 越界写 -- 程序错误
*p = 0x12345678;
//printf("cross border address write %x\n", *p);
}
运行无错误提示
valgrind --leak-check=full --show-leak-kinds=all ./51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out 4
2.栈越界写
c
// 4.越界 读写
void corss_border_read_write(void)
{
uint32_t a = 0x10;
uint32_t *p = &a + 0x8;
// 越界读 -- 程序不崩溃,可能导致逻辑错误
// printf("cross border address read %x\n", *p);
// 越界写 -- 程序错误
*p = 0x12345678;
printf("cross border address write %x\n", *p);
}
valgrind --leak-check=full ./51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out 4
cross border address read 0
cross border address write 12345678
23861 Jump to the invalid address stated on the next line 非法地址
23861 at 0x123456780010935C: ???
23861 by 0x48A1D8F: (below main) (libc_start_call_main.h:58)
23861 Address 0x123456780010935c is not stack'd , malloc'd or (recently) free'd
23861
23861
23861 Process terminating with default action of signal 11 (SIGSEGV) 触发段错误
23861 Bad permissions for mapped region at address 0x123456780010935C
23861 at 0x123456780010935C: ???
23861 by 0x48A1D8F: (below main) (libc_start_call_main.h:58)
23861
23861 HEAP SUMMARY:
23861 in use at exit: 1,024 bytes in 1 blocks
23861 total heap usage: 1 allocs, 0 frees, 1,024 bytes allocated
23861
23861 LEAK SUMMARY:
23861 definitely lost: 0 bytes in 0 blocks
23861 indirectly lost: 0 bytes in 0 blocks
23861 possibly lost: 0 bytes in 0 blocks
23861 still reachable: 1,024 bytes in 1 blocks
23861 suppressed: 0 bytes in 0 blocks
23861 Reachable blocks (those to which a pointer was found) are not shown.
23861 To see them, rerun with: --leak-check=full --show-leak-kinds=all
23861
23861 For lists of detected and suppressed errors, rerun with: -s
23861 ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault
更详细的显示
valgrind --leak-check=full --show-leak-kinds=all ./51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out 4
cross border address write 12345678
25992 Jump to the invalid address stated on the next line
25992 at 0x1234567800109340: ???
25992 by 0x48A1D8F: (below main) (libc_start_call_main.h:58)
25992 Address 0x1234567800109340 is not stack'd, malloc'd or (recently) free'd
25992
25992
25992 Process terminating with default action of signal 11 (SIGSEGV)
25992 Bad permissions for mapped region at address 0x1234567800109340
25992 at 0x1234567800109340: ???
25992 by 0x48A1D8F: (below main) (libc_start_call_main.h:58)
25992
25992 HEAP SUMMARY:
25992 in use at exit: 1,024 bytes in 1 blocks
25992 total heap usage: 1 allocs, 0 frees, 1,024 bytes allocated
25992
25992 1,024 bytes in 1 blocks are still reachable in loss record 1 of 1 ==到达 丢失的记录 ==
25992 at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
25992 by 0x48D879E: printf (printf.c:33)
25992 by 0x1092C0: corss_border_read_write (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:40)
25992 by 0x123456780010933F: ???
25992 by 0x48A1D8F: (below main) (libc_start_call_main.h:58)
25992
25992 LEAK SUMMARY:
25992 definitely lost: 0 bytes in 0 blocks
25992 indirectly lost: 0 bytes in 0 blocks
25992 possibly lost: 0 bytes in 0 blocks
25992 still reachable: 1,024 bytes in 1 blocks
25992 suppressed: 0 bytes in 0 blocks
25992
25992 For lists of detected and suppressed errors, rerun with: -s
25992 ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault
5.手动ctrl+c停止进程, 查看内存泄漏
c
// 5.内存泄漏 ctrl+c结束进程提示
void manual_leak_mem(void)
{
printf("申请3次内存,少释放一次,主动触发 内存泄漏\n");
int *p_data[3];
p_data[0] = malloc(sizeof(int));
p_data[1] = malloc(sizeof(int) * 3);
p_data[2] = malloc(sizeof(int) * 5);
free(p_data[0]);
free(p_data[1]);
// free(p_data[2]);
}
void test5_mem_leak_stop_by_ctrl_c()
{
// manual_leak_mem(); // 1.只内存泄漏 1次
while(1)
{
manual_leak_mem(); // 2.内存泄漏 多次
printf("process running\n");
sleep(1);
}
}
valgrind --leak-check=full --show-leak-kinds=all ./51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out 5
申请3次内存,少释放一次,主动触发 内存泄漏
process running
申请3次内存,少释放一次,主动触发 内存泄漏
process running
申请3次内存,少释放一次,主动触发 内存泄漏
process running
^C ----ctrl+c 停止进程----4658 Process terminating with default action of signal 2 (SIGINT)
4658 at 0x49641B4: clock_nanosleep@@GLIBC_2.17 (clock_nanosleep.c:78)
4658 by 0x4969EC6: nanosleep (nanosleep.c:27)
4658 by 0x4969DFD: sleep (sleep.c:55)
4658 by 0x1093CD: test5_mem_leak_stop_by_ctrl_c (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:65)
4658 by 0x109449: main (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:84)
4658
4658 HEAP SUMMARY:
4658 in use at exit: 140 bytes in 7 blocks
4658 total heap usage: 22 allocs, 15 frees , 1,276 bytes allocated 有7个内存数据未free()释放
4658
4658 140 bytes in 7 blocks are definitely lost in loss record 1 of 1 7个数据丢失记录位置
4658 at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
4658 by 0x109377: manual_leak_mem (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:51) 提示代码行
4658 by 0x1093B7: test5_mem_leak_stop_by_ctrl_c (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:63)
4658 by 0x109449: main (51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c:84)
4658
4658 LEAK SUMMARY:
4658 definitely lost: 140 bytes in 7 blocks 总结: 肯定丢失7个内存数据
4658 indirectly lost: 0 bytes in 0 blocks
4658 possibly lost: 0 bytes in 0 blocks
4658 still reachable: 0 bytes in 0 blocks
4658 suppressed: 0 bytes in 0 blocks
4658
4658 For lists of detected and suppressed errors, rerun with: -s
4658 ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
总结
- 开发功能除了功能实现, 也要对自己编写的代码安全,稳定负责, 个人编写c/c++代码程序之后,
- 自测试功能完成, 无明显逻辑问题, 程序崩溃现象
cppcheck
检查代码可能潜在的风险valgrind
检测程序是否有内存安全问题top , perf, \time
查看程序占用cpu,mem,上下文资源是否合理