Better Embedded 2013 - Detecting Memory Leaks with Valgrind

Detecting Memory Leaks
with Valgrind
by Rigels Gordani

Rigels Gordani
Computer Engineer
Intecs S.p.A
Automotive Unit
- In Vehicle Infotainment,
- Linux Embedded,
- AUTOSAR
Products Unit
- Porting Linux
applications to Windows
About me

Detecting Memory Leaks with Valgrind
Memory errors lead to faults like segmentation faults,
which are very common while dealing with pointers
in C/C++ programming.
Identifying and fixing compilation errors is quite easy,
but the task of fixing segmentation faults and
memory leaks is very tedious.

Valgrind is a memory checker, it is designed to be as
non-intrusive as possible.
It works directly with existing executables.
You don’t need to recompile, relink,
or otherwise modify the program to be checked.

Latest stable version as speaking of Valgrind is 3.8.x.
The following platforms support Valgrind:
- x86 and x86_64 Linux
- ARM Linux and ARM Android ( >= 2.3.x)
- PPC32 and PPC64 Linux
- S390X Linux
- MIPS Linux
- x86 Android (>= 4.0)
- x86 and AMD64 Darwin

In this presentation we will explore how to use Valgrind
to detect memory errors in a program written in C/C++
using MemCheck tool.
Apart from MemCheck tool, Valgrind also includes:
- thread error detectors,
- a cache and branch-prediction profiler,
- a call-graph generating cache
- and branch-prediction profiler,
- a heap profiler and other experimental tools.

What kind of problems can be detected with Valgrind 's
memcheck:
1. Not releasing acquired memory using delete/free.
2. Writing into an array with an index that's out of bounds
3. Trying to reference/dereference a pointer that is not yet initialized.

4. Trying to dereference a pointer that is already freed.
5. Passing system call parameters with inadequate buffers for
read/write; i.e., if your program makes a system call passing an
invalid buffer.
6. Uses of undefined variable values.

All the previous situations can give rise to memory
errors, causing the program to terminate abruptly.
This is particularly dangerous in safety and
mission-critical systems, where such abrupt program
termination can have catastrophic consequences.
Hence, it is necessary to detect and resolve such errors
that can lead to segmentation faults.

All the previous situations can give rise to memory
The Valgrind open source tool can be used to detect
some of these errors by dynamically executing the
program.
Memory faults may not cause significant damages in
small programs, but can be extremely dangerous in
safety-critical applications and can have disastrous
consequences; for instance, a segmentation fault in a
medical application may lead to loss of lives.

Let's illustrate the usage of Valgrind through the
following scenarios:
1. Valgrind command line tool.
2. QtCreator integration of Valgrind.
3. Eclipse integration of Valgrind using LinuxTools.

Compile the C or C++ source file with debugging option:
$ g++ -g example1.cpp -o example1 // for a C++ file
$ gcc -g example1.c -o example1 // for a C file
With -g option, you’ll get messages which point directly
to the relevant source code lines. Omitting -g options,
you'll get only functions name.

To analyse the program compiled using Valgrind, run
the following command:
$ valgrind --tool=memcheck --leak-check=yes ./example1

$ gcc -g example1.c -o example1
$ valgrind --tool=memcheck --leak-check=yes ./example1
Out of bounds access, C
compiler doesn't complain
Memory leak

==6287== Memcheck, a memory error detector
==6287== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==6287== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==6287== Command: ./example1
==6287==
==6287== Invalid write of size 4
==6287== at 0x400567: main (prova.c:14)
==6287== Address 0x51f1068 is 0 bytes after a block of size 40 alloc'd
==6287== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6287== by 0x400534: main (prova.c:8)
==6287==
==6287==
==6287== HEAP SUMMARY:
==6287== in use at exit: 40 bytes in 1 blocks
==6287== total heap usage: 1 allocs, 0 frees, 40 bytes allocated
==6287==
==6287== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1
==6287== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6287== by 0x400534: main (prova.c:8)
==6287==

(continues...)
==6287== LEAK SUMMARY:
==6287== definitely lost: 40 bytes in 1 blocks
==6287== indirectly lost: 0 bytes in 0 blocks
==6287== possibly lost: 0 bytes in 0 blocks
==6287== still reachable: 0 bytes in 0 blocks
==6287== suppressed: 0 bytes in 0 blocks
==6287==
==6287== For counts of detected and suppressed errors, rerun with: -v
==6287== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2)

Open QtCreator.

Create a C application project.

Edit the C source file

Compile in Debug Mode

Analyze-> Run Valgrind Memory Analyzer

Advantages of a GUI solution are obvious here:

Very quick problem identification

Click on the error sends to the line of code with the error

No need to run Valgrind from command line, QtCreator does it

3. Eclipse integration of Valgrind
using LinuxTools.
Need to install LinuxTools from Eclipse components.
After installing LinuxTools:

Open Eclipse

Create a new C++ Project.

Edit the C++ file.

Build in Debug Mode

Profile with Valgrind.

3. Eclipse integration of Valgrind
using LinuxTools.

Using C++11 smart pointers like unique_ptr<...>
They allow you to write code that automatically prevents memory or
resource leaks with exception handling.
Smart pointer objects are allocated on the stack and whenever the
smart pointer object is destroyed, it frees the underlying resource.

$ valgrind --tool=memcheck --leak-check=full ./example_uniq
==30755== Memcheck, a memory error detector
==30755== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==30755== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==30755== Command: ./example_uniq
==30755==
main()
print()
==30755==
==30755== HEAP SUMMARY:
==30755== in use at exit: 0 bytes in 0 blocks
==30755== total heap usage: 1 allocs, 1 frees, 24 bytes allocated
==30755==
==30755== All heap blocks were freed -- no leaks are possible
==30755==
==30755== For counts of detected and suppressed errors, rerun with: -v
==30755== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)

Valgrind usage in identifying software security problems
Valgrind can identify many of the “Top 25 Most Dangerous Software
Errors” listed in http://cwe.mitre.org/top25/#CWE-676
[4]: Buffer Copy without Checking Size of Input
('Classic Buffer Overflow')
[20]: Incorrect Calculation of Buffer Size

Bibliography:
1. www.valgrind.org
2. GNU Linux Application Programming 2ed, Chapter 34
3. The developers guide to debugging , Spinger ,Holtmann,
Chapter 4, Fixing memory problems
4. Professional C++, Wiley, ISBN 0470932449
5. Valgrind Advanced Debugging and Profiling for GNU/Linux
applications ISBN: 0-9546120-5-1

Thank you
Rigels Gordani rigels_gordani
rigels.gordani

Better Embedded 2013 - Detecting Memory Leaks with Valgrind

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (6)

Similaire à Better Embedded 2013 - Detecting Memory Leaks with Valgrind

Similaire à Better Embedded 2013 - Detecting Memory Leaks with Valgrind (20)

Dernier

Dernier (20)

Better Embedded 2013 - Detecting Memory Leaks with Valgrind