科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网软件频道基础软件防内存泄露 Linux系统用Valgrind做检查 (2)

防内存泄露 Linux系统用Valgrind做检查 (2)

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

防内存泄露 Linux系统用Valgrind做检查

作者:sixth 来源:赛迪网 2007年10月29日

关键字: Valgrind Linux

  • 评论
  • 分享微博
  • 分享邮件

三、现在开始

首先,在编译程序的时候打开调试模式(gcc编译器的-g选项)。如果没有调试信息,即使最好的valgrind工具也将中能够猜测特定的代码是属于哪一个函数。打开调试选项进行编译后再用valgrind检查,valgrind将会给你的个详细的报告,比如哪一行代码出现了内存泄漏。

当检查的是C++程序的时候,还应该考虑另一个选项 -fno-inline。它使得函数调用链很清晰,这样可以减少你在浏览大型C++程序时的混乱。比如在使用这个选项的时候,用memcheck检查openoffice就很容易。当然,你可能不会做这项工作,但是使用这一选项使得valgrind生成更精确的错误报告和减少混乱。

一些编译优化选项(比如-O2或者更高的优化选项),可能会使得memcheck提交错误的未初始化报告,因此,为了使得valgrind的报告更精确,在编译的时候最好不要使用优化选项。

如果程序是通过脚本启动的,可以修改脚本里启动程序的代码,或者使用--trace-children=yes选项来运行脚本。

下面是用memcheck检查ls -l命令的输出报告,在终端下执行下面的命令

valgrind --tool=memcheck ls -l

程序会打印出ls -l命令的结果,最后是valgrind的检查报告如下:

==4187==

==4187== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 19 from 2)

==4187== malloc/free: in use at exit: 15,154 bytes in 105 blocks.

==4187== malloc/free: 310 allocs, 205 frees, 60,093 bytes allocated.

==4187== For counts of detected errors, rerun with: -v

==4187== searching for pointers to 105 not-freed blocks.

==4187== checked 145,292 bytes.

==4187==

==4187== LEAK SUMMARY:

==4187== definitely lost: 0 bytes in 0 blocks.

==4187== possibly lost: 0 bytes in 0 blocks.

==4187== still reachable: 15,154 bytes in 105 blocks.

==4187== suppressed: 0 bytes in 0 blocks.

==4187== Reachable blocks (those to which a pointer was found) are not shown.

==4187== To see them, rerun with: --show-reachable=yes

这里的“4187”指的是执行ls -l的进程ID,这有利于区别不同进程的报告。memcheck会给出报告,分配置和释放了多少内存,有多少内存泄漏了,还有多少内存的访问是可达的,检查了多少字节的内存。

下面举两个用valgrind做内存检查的例子:

例子一 (test.c):

#include 

int main(int argc, char *argv[])
{
char *ptr;

ptr = (char*) malloc(10);
strcpy(ptr, "01234567890");

return 0;
}

编译程序

gcc -g -o test test.c

用valgrind执行命令

valgrind --tool=memcheck --leak-check=yes ./test

报告如下

==4270== Memcheck, a memory error detector. 

==4270== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al. 

==4270== Using LibVEX rev 1606, a library for dynamic binary translation. 

==4270== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP. 

==4270== Using valgrind-3.2.0, a dynamic binary instrumentation framework. 

==4270== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al. 

==4270== For more details, rerun with: -v 

==4270== 

==4270== Invalid write of size 1 

==4270== at 0x4006190: strcpy (mc_replace_strmem.c:271) 

==4270== by 0x80483DB: main (test.c:8) 

==4270== Address 0x4023032 is 0 bytes after a block of size 10 alloc'd 

==4270== at 0x40044F6: malloc (vg_replace_malloc.c:149) 

==4270== by 0x80483C5: main (test.c:7) 

==4270== 

==4270== Invalid write of size 1 

==4270== at 0x400619C: strcpy (mc_replace_strmem.c:271) 

==4270== by 0x80483DB: main (test.c:8) 

==4270== Address 0x4023033 is 1 bytes after a block of size 10 alloc'd 

==4270== at 0x40044F6: malloc (vg_replace_malloc.c:149) 

==4270== by 0x80483C5: main (test.c:7) 

==4270== 

==4270== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 12 from 1) 

==4270== malloc/free: in use at exit: 10 bytes in 1 blocks. 

==4270== malloc/free: 1 allocs, 0 frees, 10 bytes allocated. 

==4270== For counts of detected errors, rerun with: -v 

==4270== searching for pointers to 1 not-freed blocks. 

==4270== checked 51,496 bytes. 

==4270== 

==4270== 

==4270== 10 bytes in 1 blocks are definitely lost in loss record 1 of 1 

==4270== at 0x40044F6: malloc (vg_replace_malloc.c:149) 

==4270== by 0x80483C5: main (test.c:7) 

==4270== 

==4270== LEAK SUMMARY: 

==4270== definitely lost: 10 bytes in 1 blocks. 

==4270== possibly lost: 0 bytes in 0 blocks. 

==4270== still reachable: 0 bytes in 0 blocks. 

==4270== suppressed: 0 bytes in 0 blocks. 

==4270== Reachable blocks (those to which a pointer was found) are not shown. 

==4270== To see them, rerun with: --show-reachable=yes

从这份报告可以看出,进程号是4270,test.c的第8行写内存越界了,引起写内存越界的是strcpy函数,

第7行泄漏了10个字节的内存,引起内存泄漏的是malloc函数。

例子二(test2.c)

#include 

int foo(int x)
{
if (x < 0) {
printf("%d ", x);
}

return 0;
}

int main(int argc, char *argv[])
{
int x;

foo(x);

return 0;
}

编译程序

gcc -g -o test2 test2.c

用valgrind做内存检查

valgrind --tool=memcheck ./test2

输出报告如下

==4285== Memcheck, a memory error detector. 

==4285== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al. 

==4285== Using LibVEX rev 1606, a library for dynamic binary translation. 

==4285== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP. 

==4285== Using valgrind-3.2.0, a dynamic binary instrumentation framework. 

==4285== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al. 

==4285== For more details, rerun with: -v 

==4285== 

==4285== Conditional jump or move depends on uninitialised value(s) 

==4285== at 0x8048372: foo (test2.c:5) 

==4285== by 0x80483B4: main (test2.c:16) 

==4285==p p 

==4285== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 12 from 1) 

==4285== malloc/free: in use at exit: 0 bytes in 0 blocks. 

==4285== malloc/free: 0 allocs, 0 frees, 0 bytes allocated. 

==4285== For counts of detected errors, rerun with: -v 

==4285== All heap blocks were freed -- no leaks are possible.

从这份报告可以看出进程PID是4285,test2.c文件的第16行调用了foo函数,在test2.c文件的第5行foo函数使用了一个未初始化的变量。

valgrind还有很多使用选项,具体可以查看valgrind的man手册页和valgrind官方网站的在线文档。

查看本文来源
    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章