Linux下SegmentFault（double free）分析方法（三）valgrind

Linux下SegmentFault（double free）分析方法（三）valgrind

一、valgrind 简介

Valgrind是一款用于内存调试、内存泄漏检测以及性能分析的软件开发工具，主要包含以下工具：

1、memcheck：检查程序中的内存问题，如泄漏、越界、非法指针等。

2、callgrind：检测程序代码的运行时间和调用过程，以及分析程序性能。

3、cachegrind：分析CPU的cache命中率、丢失率，用于进行代码优化。

4、helgrind：用于检查多线程程序的竞态条件。

5、massif：堆栈分析器，指示程序中使用了多少堆内存等信息。

6、lackey：

7、nulgrind：

这几个工具的使用是通过命令：

valgrand --tool=name

程序名来分别调用的，当不指定tool参数时默认是

--tool=memcheck

此外valgrind官网：http://valgrind.org
文档官网：http://valgrind.org/docs/

二、valgrind 安装

1、利用Ubuntu的工具进行安装（最简单）

在Ubuntu系统下，并且设备可以连接外网，则可以通过Ubuntu的工具进行安装

root@ubuntu:~# apt-get install valgrind
Reading package lists... Done
Building dependency tree       
Reading state information... Done
valgrind is already the newest version (1:3.11.0-1ubuntu4.2).
0 upgraded, 0 newly installed, 0 to remove and 116 not upgraded.
root@ubuntu:~# val
valgrind            valgrind.bin        valgrind-di-server  valgrind-listener   validlocale         
root@ubuntu:~# val
valgrind            valgrind.bin        valgrind-di-server  valgrind-listener   validlocale         
root@ubuntu:~# valgrind --version
valgrind-3.11.0
root@ubuntu:~# 

2、利用源码安装

源码下载地址：http://valgrind.org/downloads/

root@ubuntu:/Deepinfar/tools# ls
valgrind-3.14.0.tar.bz2
root@ubuntu:/Deepinfar/tools# tar   -jxvf    valgrind-3.14.0.tar.bz2
...//省去解压过程
root@ubuntu:/Deepinfar/tools# ls
valgrind-3.14.0  valgrind-3.14.0.tar.bz2
root@ubuntu:/Deepinfar/tools# cd valgrind-3.14.0/
root@ubuntu:/Deepinfar/tools/valgrind-3.14.0# ./autogen.sh 
running: aclocal
running: autoheader
running: automake -a
running: autoconf
root@ubuntu:/Deepinfar/tools/valgrind-3.14.0# ./configure 
root@ubuntu:/Deepinfar/tools/valgrind-3.14.0# make 
root@ubuntu:/Deepinfar/tools/valgrind-3.14.0# make install

//至此安装成功

3、交叉编译为某些嵌入式板子提供相应的工具支持

//暂时没有进行实验

二、valgrind 进行解决double free问题

编译好相关的文件
运行下面命令

root@ubuntu:/Deepinfar/FlyInCoding/c++/vs/double_free# valgrind --tool=memcheck --leak-check=full --show-reachable=yes --trace-children=yes ./double_free_main

其中–leak-check=full 指的是完全检查内存泄漏，

–show-reachable=yes是显示内存泄漏的地点，

–trace-children=yes是跟入子进程。

当程序正常退出的时候valgrind自然会输出内存泄漏的信息原理：

==14168== Memcheck, a memory error detector
==14168== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==14168== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==14168== Command: ./double_free_main
==14168== 
==14168== Invalid free() / delete / delete[] / realloc()
==14168==    at 0x402D7B8: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==14168==    by 0x804966C: __gnu_cxx::new_allocator<unsigned char>::deallocate(unsigned char*, unsigned int) (new_allocator.h:110)
==14168==    by 0x8049162: std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_deallocate(unsigned char*, unsigned int) (stl_vector.h:174)
==14168==    by 0x80492CE: std::_Vector_base<unsigned char, std::allocator<unsigned char> >::~_Vector_base() (stl_vector.h:160)
==14168==    by 0x8048ED9: std::vector<unsigned char, std::allocator<unsigned char> >::~vector() (stl_vector.h:416)
==14168==    by 0x8048ADB: MyTest2() (double_free_main.cpp:61)
==14168==    by 0x8048B17: main (double_free_main.cpp:67)
==14168==  Address 0x43f2ac8 is 0 bytes inside a block of size 4 free'd
==14168==    at 0x402D7B8: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==14168==    by 0x804966C: __gnu_cxx::new_allocator<unsigned char>::deallocate(unsigned char*, unsigned int) (new_allocator.h:110)
==14168==    by 0x8049162: std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_deallocate(unsigned char*, unsigned int) (stl_vector.h:174)
==14168==    by 0x80492CE: std::_Vector_base<unsigned char, std::allocator<unsigned char> >::~_Vector_base() (stl_vector.h:160)
==14168==    by 0x8048ED9: std::vector<unsigned char, std::allocator<unsigned char> >::~vector() (stl_vector.h:416)
==14168==    by 0x8048AD0: MyTest2() (double_free_main.cpp:56)
==14168==    by 0x8048B17: main (double_free_main.cpp:67)
==14168==  Block was alloc'd at
==14168==    at 0x402C6BC: operator new(unsigned int) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==14168==    by 0x8049D82: __gnu_cxx::new_allocator<unsigned char>::allocate(unsigned int, void const*) (new_allocator.h:104)
==14168==    by 0x8049617: std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_allocate(unsigned int) (in /Deepinfar/FlyInCoding/c++/vs/double_free/double_free_main)
==14168==    by 0x804944A: std::vector<unsigned char, std::allocator<unsigned char> >::_M_insert_aux(__gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned char, std::allocator<unsigned char> > >, unsigned char const&) (vector.tcc:345)
==14168==    by 0x8049016: std::vector<unsigned char, std::allocator<unsigned char> >::push_back(unsigned char const&) (stl_vector.h:913)
==14168==    by 0x8048A82: MyTest2() (double_free_main.cpp:59)
==14168==    by 0x8048B17: main (double_free_main.cpp:67)
==14168== 
main(68)  sizeof(Test) 43
MyCopy(29)  sizeof(Test) 43
==14168== 
==14168== HEAP SUMMARY:
==14168==     in use at exit: 18,947 bytes in 2 blocks
==14168==   total heap usage: 8 allocs, 7 frees, 21,002 bytes allocated
==14168== 
==14168== 3 bytes in 1 blocks are definitely lost in loss record 1 of 2
==14168==    at 0x402C6BC: operator new(unsigned int) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==14168==    by 0x8049D82: __gnu_cxx::new_allocator<unsigned char>::allocate(unsigned int, void const*) (new_allocator.h:104)
==14168==    by 0x8049617: std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_allocate(unsigned int) (in /Deepinfar/FlyInCoding/c++/vs/double_free/double_free_main)
==14168==    by 0x8049A09: std::vector<unsigned char, std::allocator<unsigned char> >::_M_fill_insert(__gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned char, std::allocator<unsigned char> > >, unsigned int, unsigned char const&) (vector.tcc:483)
==14168==    by 0x8049301: std::vector<unsigned char, std::allocator<unsigned char> >::insert(__gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned char, std::allocator<unsigned char> > >, unsigned int, unsigned char const&) (stl_vector.h:1024)
==14168==    by 0x8048F5F: std::vector<unsigned char, std::allocator<unsigned char> >::resize(unsigned int, unsigned char) (stl_vector.h:707)
==14168==    by 0x8048AA4: MyTest2() (double_free_main.cpp:60)
==14168==    by 0x8048B17: main (double_free_main.cpp:67)
==14168== 
==14168== 18,944 bytes in 1 blocks are still reachable in loss record 2 of 2
==14168==    at 0x402C17C: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==14168==    by 0x40B85BA: ??? (in /usr/lib/i386-linux-gnu/libstdc++.so.6.0.21)
==14168==    by 0x400F464: call_init.part.0 (dl-init.c:72)
==14168==    by 0x400F58D: call_init (dl-init.c:30)
==14168==    by 0x400F58D: _dl_init (dl-init.c:120)
==14168==    by 0x4000A5E: ??? (in /lib/i386-linux-gnu/ld-2.23.so)
==14168== 
==14168== LEAK SUMMARY:
==14168==    definitely lost: 3 bytes in 1 blocks
==14168==    indirectly lost: 0 bytes in 0 blocks
==14168==      possibly lost: 0 bytes in 0 blocks
==14168==    still reachable: 18,944 bytes in 1 blocks
==14168==         suppressed: 0 bytes in 0 blocks
==14168== 
==14168== For counts of detected and suppressed errors, rerun with: -v
==14168== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
root@ubuntu:/Deepinfar/FlyInCoding/c++/vs/double_free#