C / C ++ and other languages at the bottom while providing the power and performance of its flexible memory access has also brought a variety of tangled problem. If the crash is the place where memory usage wrong place, indicating that you are a good character. If the crash is clearly not consistent local memory, or memory management information it has been destroyed, and is still random, then more trouble. Of course, naked see code is a way to play log, but its efficiency is not too high, especially at high operating costs or reproduce the low probability of the situation. Further, also a type of static checking methods, there are many tools (lint, cppcheck, klockwork, splint, o, etc.). But the drawback is a lot of false positives, are not suitable for specific questions. In addition the general also money good point. Finally, there is a dynamic inspection tool. Here are the main run-time memory checking tool under several Linux platform. The vast majority are free and open source x86 and ARM platforms.
First of all, the more common memory problems are the following categories:
- • memory overrun: write memory bounds
- • double free: with the release of a block of memory twice
- • use after free: after the release of memory use
- • wild free: free memory parameter value is illegal
- • access uninitialized memory: An uninitialized memory access
- • read invalid memory: reading invalid memory, the cross-border nature also belong memory
- • memory leak: memory leaks
- • use after return: caller to access a pointer that points into the callee stack memory
- • stack overflow: stack overflow
For the above issues, mainly in the following ways:
- 1. In order to detect illegal use of memory, and memory allocation operation requires hook functions. The hook may be a method using C-preprocessor, may be defined directly (as in Glibc malloc / free other functions are weak symbol), or used in LD_PRELOAD link library. Further, by hook strcpy (), memmove () function and the like can be detected if they cause buffer overflow.
- 2. In order to check illegal memory access, the need for bookkeeping program memory, and then intercepted each memory access operations and detect whether or not legal. bookkeeping in much the same way, the main idea is to use shadow memory to verify the legitimacy of a block of memory. As for the method of a variety of instrumentation. There are run-time, such as by the program running in a virtual machine or run by the binary translator; or compile-time and at compile time when the memory access instruction joined check operation. Further also possible to add before or after allocation of memory inaccessible guard page, so you can use hardware (MMU) to trigger SIGSEGV, thereby increasing speed.
- 3. In order to detect problems stack, generally provided on the stack canary, i.e., random values or magic number written on the stack when the function call, and then check to be rewritten when the function returns. May additionally () provided at the top guard page stack by mprotect, this will cause a stack overflow SIGSEGV does not destroy the data.
The above method is stronger than some function, some wins in performance, some are very easy to use, in short, has its advantages. Here are a few common tools results in Linux x86_64 platform, pay attention to other platforms may be the result of differences. There is also probably due to too old version, compiling environmental differences, position does not, in short, for various reasons resulting in omission, please understand if ~
| Tool\Problem | memory overrun | double free | use after free | wild free | access uninited | read invalid memory | memory leak | use after return | stack overflow |
|---|---|---|---|---|---|---|---|---|---|
| Memory checking tools in Glibc | Yes | Yes | Yes | Yes(if use memcpy, strcpy, etc) | |||||
| TCMalloc(Gperftools) | Yes | ||||||||
| Valgrind | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Address Sanitizer(ASan) | Yes | Yes | Yes | Yes | (Memory Sanitizer) | Yes | Yes | Yes | Yes |
| Memwatch | Yes | Yes | Yes | ||||||
| Dr.Memory | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
| Electric Fence | Yes | Yes | Yes | Yes | |||||
| Dmalloc | Yes | Yes | Yes | Yes | Yes | ||||
| mtrace | Yes |
