|
From: Matthias S. <zz...@ge...> - 2013-02-12 06:13:20
Attachments:
0001-mempool-Print-callstack-of-re-allocation.patch
|
Hi there! Currently the valgrind-message for use-after-free for a memory pool consists of the execution callstack and the callstack, where the superblock was allocated. To better diagnose it I wanted to get also the callstack of the place where MEMPOOL_FREE was called. The attached patch uses the new fields added for use-after-free messages that show two callstacks. It is just a proof of concept. How could it be improved? Regards Matthias |
|
From: Paul M. <pau...@us...> - 2013-02-12 09:12:50
Attachments:
signature.asc
|
Dear Matthias, I am new to Valgrind too. Reading the Mailing Lists and IRC Web page [1] there is also a developer list, where your patch might get more attention. Am Dienstag, den 12.02.2013, 07:13 +0100 schrieb Matthias Schwarzott: > Currently the valgrind-message for use-after-free for a memory pool > consists of the execution callstack and the callstack, where the > superblock was allocated. To better diagnose it I wanted to get also the > callstack of the place where MEMPOOL_FREE was called. Sounds like a nice idea to me. > The attached patch uses the new fields added for use-after-free messages > that show two callstacks. > It is just a proof of concept. > How could it be improved? Could you show a trace without and with your patch applied? Thanks, Paul [1] http://valgrind.org/support/ |
|
From: Matthias S. <zz...@ge...> - 2013-02-14 06:21:34
|
On 12.02.2013 10:12, Paul Menzel wrote: > Dear Matthias, > > > I am new to Valgrind too. Reading the Mailing Lists and IRC Web page [1] > there is also a developer list, where your patch might get more > attention. > > > Am Dienstag, den 12.02.2013, 07:13 +0100 schrieb Matthias Schwarzott: > >> Currently the valgrind-message for use-after-free for a memory pool >> consists of the execution callstack and the callstack, where the >> superblock was allocated. To better diagnose it I wanted to get also the >> callstack of the place where MEMPOOL_FREE was called. > Sounds like a nice idea to me. > >> The attached patch uses the new fields added for use-after-free messages >> that show two callstacks. >> It is just a proof of concept. >> How could it be improved? > Could you show a trace without and with your patch applied? > testcase memcheck/test/clireq_nofill before: *s=0x5 after MEMPOOL_ALLOC ==21626== Invalid read of size 1 ==21626== at 0x400A52: main (clireq_nofill.c:23) ==21626== Address 0x4c58040 is 0 bytes inside a recently re-allocated block of size 40 alloc'd ==21626== at 0x4A091AD: malloc (vg_replace_malloc.c:270) ==21626== by 0x40091A: main (clireq_nofill.c:16) ==21626== *s=0x5 after MEMPOOL_FREE *s=0x5 after second MEMPOOL_ALLOC *s=0x5 after MALLOCLIKE_BLOCK ==21626== Invalid read of size 1 ==21626== at 0x400C9B: main (clireq_nofill.c:36) ==21626== Address 0x4c580b0 is 0 bytes inside a recently re-allocated block of size 40 alloc'd ==21626== at 0x4A091AD: malloc (vg_replace_malloc.c:270) ==21626== by 0x400B65: main (clireq_nofill.c:29) ==21626== *s=0x5 after FREELIKE_BLOCK after: *s=0x5 after MEMPOOL_ALLOC ==24145== Invalid read of size 1 ==24145== at 0x400A52: main (clireq_nofill.c:23) ==24145== Address 0x4c57040 is 0 bytes inside a recently re-allocated block of size 40 alloc'd ==24145== at 0x4A08C8F: malloc (vg_replace_malloc.c:270) ==24145== by 0x40091A: main (clireq_nofill.c:16) ==24145== block was re-alloced at ==24145== at 0x400A43: main (clireq_nofill.c:22) ==24145== *s=0x5 after MEMPOOL_FREE *s=0x5 after second MEMPOOL_ALLOC *s=0x5 after MALLOCLIKE_BLOCK ==24145== Invalid read of size 1 ==24145== at 0x400C9B: main (clireq_nofill.c:36) ==24145== Address 0x4c570b0 is 0 bytes inside a recently re-allocated block of size 40 alloc'd ==24145== at 0x4A08C8F: malloc (vg_replace_malloc.c:270) ==24145== by 0x400B65: main (clireq_nofill.c:29) ==24145== block was re-alloced at ==24145== at 0x400C8C: main (clireq_nofill.c:35) ==24145== *s=0x5 after FREELIKE_BLOCK *s=0x5 after second MALLOCLIKE_BLOCK I wonder if this will work in all cases. And maybe the text for the third callstack could be changed to "block was freed at". I will create a bug ticket to track this. Regards Matthias |
|
From: Philippe W. <phi...@sk...> - 2013-02-18 20:45:03
|
On Thu, 2013-02-14 at 07:21 +0100, Matthias Schwarzott wrote: > I will create a bug ticket to track this. No time for the moment to look at your patch, but it is a good idea to enter a bug in bugzilla with the patch and the "before/after" diffs for the test. Philippe |