|
From: Pawel K <paw...@ya...> - 2007-11-28 15:25:16
|
> There is no heap corruption in this program :(
> You only rewrite m_country field.
> I think that such errors can be detected only if the
> program is compiled
> with some special instrumentation code.
>
> If you program did 'strcpy ( m_sName,
> "SECNMZZZZZZZZZZZZZZZ" );' valgrind
> would have detected it...
> valgrind will also detect this bug if you exchange
> m_sName and m_country in
> your class definition.
> >
> > class Human
> > {
> > char m_name[3];
> > char m_sName[3];
> > char *m_country;
> >
> > public:
> >
> > void SetDefNames ( void )
> > {
> > strcpy ( m_name, "NM" );
> > m_country = "ID";
> > strcpy ( m_sName, "SECNM" ); // !!! corrupts
> > m_country pointer !!!
> > }
> > };
> >
> > int main ( void )
> > {
> > Human *human = new Human;
> > human -> SetDefNames ();
> > return 0;
> > }
What instrumentation code do you mean ?
Could you give me some indications please.
I thought it would be great to force Valgrind to
generate the log of all write operations (in
particular in a heap).
Each entry could consist of the address (symbol) and
lengths of written data.
After the program crash one could find when the
variable/poiter was overwritten.
Is it possible to write such a tool in Valgrind ?
Is it difficult to do that ?
thank you for an answer
____________________________________________________________________________________
Get easy, one-click access to your favorites.
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs
|
|
From: Nicholas N. <nj...@cs...> - 2007-11-28 21:11:53
|
On Wed, 28 Nov 2007, Pawel K wrote: > I thought it would be great to force Valgrind to generate the log of all > write operations (in particular in a heap). Each entry could consist of > the address (symbol) and lengths of written data. > > After the program crash one could find when the variable/poiter was > overwritten. > > Is it possible to write such a tool in Valgrind ? > Is it difficult to do that ? It's not hard. Run "valgrind --tool=lackey --trace-mem=yes <prog>". You get a huge amount of output, though. Nick |
|
From: Pawel K <paw...@ya...> - 2007-12-03 12:47:08
|
> > I thought it would be great to force Valgrind to
> generate the log of all
> > write operations (in particular in a heap). Each
> entry could consist of
> > the address (symbol) and lengths of written data.
> >
> > After the program crash one could find when the
> variable/poiter was
> > overwritten.
> >
> > Is it possible to write such a tool in Valgrind ?
> > Is it difficult to do that ?
>
> It's not hard. Run "valgrind --tool=lackey
> --trace-mem=yes <prog>". You
> get a huge amount of output, though.
Unfortunately it's got 2 serious drawbacks:
- it generates huge log of machine operations
- it is not related to higher level language: C/C++
I would like it to display only the write instructions
in a following format:
C/C++ instruction; line number in C/C++ file; starting
address of the written block; lengths of the written
block.
It would be much smaller in size.
Is it possible to write such a tool in Valgrind ?
Does it seem to be difficult to implement it ?
thank You for help.
____________________________________________________________________________________
Get easy, one-click access to your favorites.
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs
|
|
From: Nicholas N. <nj...@cs...> - 2007-12-03 21:20:12
|
On Mon, 3 Dec 2007, Pawel K wrote: >> It's not hard. Run "valgrind --tool=lackey >> --trace-mem=yes <prog>". You >> get a huge amount of output, though. > > Unfortunately it's got 2 serious drawbacks: > - it generates huge log of machine operations > - it is not related to higher level language: C/C++ > > I would like it to display only the write instructions > in a following format: > > C/C++ instruction; line number in C/C++ file; starting > address of the written block; lengths of the written > block. What's a C/C++ instruction? Do you mean "C/C++ statement"? > It would be much smaller in size. The Lackey command I gave you was an example. It doesn't do exactly what you want. You can modify Lackey pretty easily to show just the stores. > Is it possible to write such a tool in Valgrind ? > Does it seem to be difficult to implement it ? Valgrind works with binaries. You can map information at the binary level back to the source level to some extent using debug information. The main thing you can do is map instruction addresses back to source code lines easily. But in this case, I don't think there's that much difference between the writes being done at the binary level vs. those being done conceptually at the C/C++ level. So maybe it'll be straightforward. Nick |