|
From: Sébastien de M. <sde...@ho...> - 2004-01-14 12:50:56
|
Hi, I have a problem when detecting the faulty memory access in
#define N 16
main()
{
int a[N];
// int *a = new int[N];
int i;
for(i=0; i<=N+10; i++)
a[i] = 0;
return (0);
}
The error message is cryptic:
==5749== Memcheck, a memory error detector for x86-linux.
==5749== Copyright (C) 2002-2003, and GNU GPL'd, by Julian Seward.
==5749== Using valgrind-2.1.0, a program supervision framework for
x86-linux.
==5749== Copyright (C) 2000-2003, and GNU GPL'd, by Julian Seward.
==5749== Estimated CPU clock rate is 2004 MHz
==5749== For more details, rerun with: -v
==5749==
==5749== Jump to the invalid address stated on the next line
==5749== at 0x0: ???
==5749== Address 0x0 is not stack'd, malloc'd or free'd
==5749==
==5749== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==5749== Address not mapped to object at address 0x0
==5749== at 0x0: ???
==5749==
==5749== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==5749== malloc/free: in use at exit: 0 bytes in 0 blocks.
==5749== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==5749== For a detailed leak analysis, rerun with: --leak-check=yes
==5749== For counts of detected errors, rerun with: -v
If I change the line
for(i=0; i<=N+10; i++)
by
for(i=0; i<=N; i++)
it does not detect the error.
If I allocate the memory dynamically,i.e.
// int a[N];
int *a = new int[N];
Valgrind detects correctly the error.
Does it mean that valgrind is unable to check the stack allocated memory ?
Thank you
Sebastien
_________________________________________________________________
|
|
From: David E. <tw...@us...> - 2004-01-14 13:45:22
|
On Wed, 2004-01-14 at 13:50, S=E9bastien de Menten wrote:
> Hi, I have a problem when detecting the faulty memory access in
>=20
> #define N 16
> main()
> {
> int a[N];
> // int *a =3D new int[N];
> int i;
> for(i=3D0; i<=3DN+10; i++)
> a[i] =3D 0;
> return (0);
> }
>=20
> The error message is cryptic:
> =3D=3D5749=3D=3D Memcheck, a memory error detector for x86-linux.
> =3D=3D5749=3D=3D Copyright (C) 2002-2003, and GNU GPL'd, by Julian Sewa=
rd.
> =3D=3D5749=3D=3D Using valgrind-2.1.0, a program supervision framework =
for=20
> x86-linux.
> =3D=3D5749=3D=3D Copyright (C) 2000-2003, and GNU GPL'd, by Julian Sewa=
rd.
> =3D=3D5749=3D=3D Estimated CPU clock rate is 2004 MHz
> =3D=3D5749=3D=3D For more details, rerun with: -v
> =3D=3D5749=3D=3D
> =3D=3D5749=3D=3D Jump to the invalid address stated on the next line
> =3D=3D5749=3D=3D at 0x0: ???
> =3D=3D5749=3D=3D Address 0x0 is not stack'd, malloc'd or free'd
> =3D=3D5749=3D=3D
> =3D=3D5749=3D=3D Process terminating with default action of signal 11 (=
SIGSEGV):=20
> dumping core
> =3D=3D5749=3D=3D Address not mapped to object at address 0x0
> =3D=3D5749=3D=3D at 0x0: ???
> =3D=3D5749=3D=3D
> =3D=3D5749=3D=3D ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0=
from 0)
> =3D=3D5749=3D=3D malloc/free: in use at exit: 0 bytes in 0 blocks.
> =3D=3D5749=3D=3D malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
> =3D=3D5749=3D=3D For a detailed leak analysis, rerun with: --leak-chec=
k=3Dyes
> =3D=3D5749=3D=3D For counts of detected errors, rerun with: -v
>=20
> If I change the line
> for(i=3D0; i<=3DN+10; i++)
> by
> for(i=3D0; i<=3DN; i++)
> it does not detect the error.
>=20
> If I allocate the memory dynamically,i.e.
> // int a[N];
> int *a =3D new int[N];
> Valgrind detects correctly the error.
>=20
> Does it mean that valgrind is unable to check the stack allocated memor=
y ?
Yes.
--=20
Regards,
-\- David Eriksson -/-
SynCE - http://synce.sourceforge.net
CalcEm - http://calcem.sourceforge.net
Desquirr - http://desquirr.sourceforge.net
SetiWrapper - http://setiwrapper.sourceforge.net
|
|
From: Paul P. <pa...@pa...> - 2004-01-14 16:20:45
|
>>>>> On Wed, 14 Jan 2004 13:50:50 +0100, "S=E9bastien de Menten" <sdem=
en...@ho...> said:
> Does it mean that valgrind is unable to check the stack
> allocated memory ?
Insure++ from ParaSoft in source-instrumentation mode is about the
only current tool that can detect stack and globals overflow errors
in C and C++.
Cheers,
[Speaking for ParaSoft].
|
|
From: Nicholas N. <nj...@ca...> - 2004-01-17 15:26:03
|
On Wed, 14 Jan 2004, Paul Pluzhnikov wrote: > Insure++ from ParaSoft in source-instrumentation mode is about the > only current tool that can detect stack and globals overflow errors > in C and C++. I'm aware of the following other tools that can do stack and/or static array/pointer checking: - Purify on Solaris can detect global overflows, and has a limited form of stack checking (detecting stack frame overflows) - There are patches to add bounds-checking to GCC (sourceforge.net/projects/boundschecking/) - CCured (manju.cs.berkeley.edu/ccured/) is a tool that combines static analysis with runtime checks to check all pointer use is ok in C. - MicroQuill's HeapAgent documentation indicates that it does some kind of stack checking, eg. see www.microquill.com/heapagent/ha_comp.htm. - The documentation for BoundsChecker (www.compuware.com/products/devpartner/bounds.htm) seems to indicate it can do stack and static checking. - I have an experimental tool called Annelid (see www.cl.cam.ac.uk/~njn25/valgrind.html) that can do checking of static arrays (global and local) if debug info is present in the binary. It doesn't do stack checking, unfortunately. I haven't useed any of these but the last; my information is based on accompanying documentation, or comments from people who have used them. I'd be interested to hear about any other tools that can do stack/static checking. N |
|
From: Nicholas N. <nj...@ca...> - 2004-01-17 14:02:32
|
On Wed, 14 Jan 2004, S=E9bastien de Menten wrote:
> #define N 16
> main()
> {
> int a[N];
> // int *a =3D new int[N];
> int i;
> for(i=3D0; i<=3DN+10; i++)
> a[i] =3D 0;
> return (0);
> }
>
> The error message is cryptic:
> =3D=3D5749=3D=3D Jump to the invalid address stated on the next line
> =3D=3D5749=3D=3D at 0x0: ???
> =3D=3D5749=3D=3D Address 0x0 is not stack'd, malloc'd or free'd
>
> If I change the line
> for(i=3D0; i<=3DN+10; i++)
> by
> for(i=3D0; i<=3DN; i++)
> it does not detect the error.
>
> If I allocate the memory dynamically,i.e.
> // int a[N];
> int *a =3D new int[N];
> Valgrind detects correctly the error.
>
> Does it mean that valgrind is unable to check the stack allocated memory =
?
That's right. The cryptic error message is occurring because the array
overrun would be clobbering the return address on the stack, so when the
function returns it tries to jump to 0x0.
N
|