|
From: luo z. <luo...@gm...> - 2010-04-22 15:29:19
|
I use private anonymous mmap to allocate memory in my code, but when I use
valgrind to check memory leak. I got following error. I don't think there is
any memory error in the code.Thanks for help!
the command:
valgrind --tool=memcheck ./a.out
the error:
==2309== Memcheck, a memory error detector
==2309== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==2309== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==2309== Command: ./a.out
==2309==
==2309== Invalid write of size 1
==2309== at 0x8048751: main (test.cpp:15)
==2309== Address 0xffffffff is not stack'd, malloc'd or (recently) free'd
==2309==
==2309==
==2309== Process terminating with default action of signal 11 (SIGSEGV)
==2309== Access not within mapped region at address 0xFFFFFFFF
==2309== at 0x8048751: main (test.cpp:15)
==2309== If you believe this happened as a result of a stack
==2309== overflow in your program's main thread (unlikely but
==2309== possible), you can try to increase the size of the
==2309== main thread stack using the --main-stacksize= flag.
==2309== The main thread stack size used in this run was 8388608.
==2309==
==2309== HEAP SUMMARY:
==2309== in use at exit: 1,264 bytes in 1 blocks
==2309== total heap usage: 2 allocs, 1 frees, 1,616 bytes allocated
==2309==
==2309== LEAK SUMMARY:
==2309== definitely lost: 0 bytes in 0 blocks
==2309== indirectly lost: 0 bytes in 0 blocks
==2309== possibly lost: 0 bytes in 0 blocks
==2309== still reachable: 1,264 bytes in 1 blocks
==2309== suppressed: 0 bytes in 0 blocks
==2309== Rerun with --leak-check=full to see details of leaked memory
==2309==
==2309== For counts of detected and suppressed errors, rerun with: -v
==2309== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 8)
the code:
#include <stdio.h>
#include <sys/mman.h>
#include <errno.h>
#include <string.h>
const size_t PAGE_SIZE = 1 << 12;
int main()
{
unsigned start = 0;
char* p =(char*)
mmap(&start,PAGE_SIZE,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0);
*p = 1;
munmap(p,PAGE_SIZE);
}
--
|
|
From: Christoph B. <bar...@or...> - 2010-04-22 15:57:25
|
Am Donnerstag, 22. April 2010 schrieb luo zhiyuan: > ous mmap to allocate memory in my code, but when I use > valgrind to check memory leak. I got following error. I don't think there > is any memory error in t > You do not check the return code of mmap. |
|
From: John R. <jr...@bi...> - 2010-04-22 16:13:11
|
> char* p =(char*) > mmap(&start,PAGE_SIZE,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0); > *p = 1; This code is bad because it does not check for failure of the system call. -- |
|
From: John R. <jr...@bi...> - 2010-04-23 05:14:19
|
On 04/22/2010 07:08 PM, luozhiyuan wrote:
> 于 2010-4-23 0:12, John Reiser 写道:
>>> char* p =(char*)
>>> mmap(&start,PAGE_SIZE,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0);
>>>
>>> *p = 1;
>> This code is bad because it does not check for failure of the system
>> call.
>>
> It's OK to just run the program,
The program succeeds "by accident". The kernel is allowed to return MAP_FAILED
(with EINVAL) for such an mmap, and sometimes it does! Read the manual page
that is displayed by running the shell command "man mmap":
EINVAL We don’t like addr, length, or offset (e.g., they are too large,
or not aligned on a page boundary).
> But it will fail to run with valgrind.
> Why?
memcheck has done you a favor by pointing out that the code is wrong.
In fact there are *TWO* bugs: the code does not check for MAP_FAILED,
and the code does not align the address with the offset.
> You can try the code.
> I trace the syscalls when use valgrind,sys_mmap2 seems to fail:
> [[snip]]
> SYSCALL[22210,1](192) sys_mmap2 ( 0xBECDE76C, 4096, 3, 34, -1, 0 ) --> [pre-fail] Failure(0x16)
Notice the "[pre-fail]". That means that memcheck never asked the kernel
to try the mmap. Instead, memcheck noticed that (0 != (0xfff & (addr ^ offset)))
which is a legitimate reason for mmap to fail with EINVAL, and therefore
memcheck returned MAP_FAILED "early". You may argue that it doesn't matter
because of MAP_ANONYMOUS, but it is perfectly legal for memcheck to complain,
because the kernel is not required to check MAP_ANONYMOUS before checking
the address against the offset. The code is incorrect, in two ways.
Fix both of them.
> ==22210== Invalid write of size 1
> ==22210== at 0x8048475: main (valgrind_test.cpp:13)
> ==22210== Address 0xffffffff is not stack'd, malloc'd or (recently) free'd
0xffffffff==MAP_FAILED on a 32-bit machine.
--
|
|
From: tom f. <tf...@al...> - 2010-04-29 23:49:45
|
"Osman, Ahmed" <ahm...@me...> writes: > I'm trying to run valgrind 3.5 on my code with these options "--log-file=resu > lts/valgrind_%p.log --num-callers=50 --child-silent-after-fork=yes --gen-supp > ressions=yes" > > I'm seeing the following in the log files: > ==4630== Memcheck, a memory error detector [snip] > ==4630== ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ---- ==4630== ---- > Print suppression ? --- [Return/N/n/Y/y/C/c] ---- ==4630== Conditional jump > or move depends on uninitialised value(s) > > Please advise ... What advice are you looking for? As you're seeing, gen-suppressions=yes is hard to use with log-file, but that's to be expected: you're asking valgrind to interactively prompt you, but you're telling it not to display any output on your terminal. If that wasn't your question, please elaborate. -tom |
|
From: Osman, A. <ahm...@me...> - 2010-04-27 19:28:03
|
Hi All, I'm trying to run valgrind 3.5 on my code with these options "--log-file=results/valgrind_%p.log --num-callers=50 --child-silent-after-fork=yes --gen-suppressions=yes" I'm seeing the following in the log files: ==4630== Memcheck, a memory error detector ==4630== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==4630== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==4630== Command: /u/bata_root/rhino/valgrind/modeltech/linux/vsimk -valgrind -port 45523 -stdoutfilename /tmp/VSOUTatOZ9z -c -do test.do ==4630== Parent PID: 4589 ==4630== ==4630== Syscall param socketcall.send(msg) points to uninitialised byte(s) ==4630== at 0x954EF8: send (in /lib/tls/libc-2.3.4.so) ==4630== by 0x985100: __nscd_get_map_ref (in /lib/tls/libc-2.3.4.so) ==4630== by 0x9830B3: nscd_getpw_r (in /lib/tls/libc-2.3.4.so) ==4630== by 0x9833F6: __nscd_getpwuid_r (in /lib/tls/libc-2.3.4.so) ==4630== by 0x915C49: getpwuid_r@@GLIBC_2.1.2 (in /lib/tls/libc-2.3.4.so) ==4630== by 0x8C4E0C: cuserid (in /lib/tls/libc-2.3.4.so) ==4630== by 0x86AE56F: ucdbvsim_TestData_update (ucdbvsim.c:395) ==4630== by 0x869E4AA: vl_ucdb_browse_hierarchy (ucdbsavevsim.c:8195) ==4630== by 0x85E175B: ucdbSave (ucdbcmds.c:632) ==4630== by 0x85E1A88: tclprim_cover (ucdbcmds.c:699) ==4630== by 0x8A33A5B: TclInvokeStringCommand (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) ==4630== by 0x8A3520D: TclEvalObjvInternal (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) ==4630== by 0x8A366A1: Tcl_EvalEx (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) ==4630== by 0x8A36AE4: Tcl_Eval (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) ==4630== by 0x8A374CE: Tcl_GlobalEval (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) ==4630== by 0x8859AAB: mti_DoIt (tclrpc.c:810) ==4630== by 0x8A6D83F: Tcl_NotifyChannel (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) ==4630== by 0x8A9C372: FileHandlerEventProc (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) ==4630== by 0x8A7CCA4: Tcl_ServiceEvent (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) ==4630== by 0x8A7CFA2: Tcl_DoOneEvent (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) ==4630== by 0x89F25E7: mti_DoOneEvent (tclext.c:329) ==4630== by 0x854A9BA: bg_execute_commands (bgcmd.c:819) ==4630== by 0x84657EC: mti_main (main.c:2731) ==4630== by 0x805DD05: main (mti_main.c:76) ==4630== Address 0xfeff8e93 is on thread 1's stack ==4630== ==4630== ==4630== ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ---- ==4630== ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ---- ==4630== Conditional jump or move depends on uninitialised value(s) Please advise ... - Ahmed |
|
From: Bart V. A. <bar...@gm...> - 2010-04-30 05:43:50
|
On Tue, Apr 27, 2010 at 9:27 PM, Osman, Ahmed <ahm...@me...> wrote: > > I'm trying to run valgrind 3.5 on my code with these options "--log-file=results/valgrind_%p.log --num-callers=50 --child-silent-after-fork=yes --gen-suppressions=yes" > > I'm seeing the following in the log files: > ==4630== Memcheck, a memory error detector > ==4630== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. > ==4630== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info > ==4630== Command: /u/bata_root/rhino/valgrind/modeltech/linux/vsimk -valgrind -port 45523 -stdoutfilename /tmp/VSOUTatOZ9z -c -do test.do > ==4630== Parent PID: 4589 > ==4630== > ==4630== Syscall param socketcall.send(msg) points to uninitialised byte(s) > ==4630== at 0x954EF8: send (in /lib/tls/libc-2.3.4.so) > ==4630== by 0x985100: __nscd_get_map_ref (in /lib/tls/libc-2.3.4.so) > ==4630== by 0x9830B3: nscd_getpw_r (in /lib/tls/libc-2.3.4.so) > ==4630== by 0x9833F6: __nscd_getpwuid_r (in /lib/tls/libc-2.3.4.so) > ==4630== by 0x915C49: getpwuid_r@@GLIBC_2.1.2 (in /lib/tls/libc-2.3.4.so) > ==4630== by 0x8C4E0C: cuserid (in /lib/tls/libc-2.3.4.so) > ==4630== by 0x86AE56F: ucdbvsim_TestData_update (ucdbvsim.c:395) > ==4630== by 0x869E4AA: vl_ucdb_browse_hierarchy (ucdbsavevsim.c:8195) > ==4630== by 0x85E175B: ucdbSave (ucdbcmds.c:632) > ==4630== by 0x85E1A88: tclprim_cover (ucdbcmds.c:699) > ==4630== by 0x8A33A5B: TclInvokeStringCommand (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) > ==4630== by 0x8A3520D: TclEvalObjvInternal (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) > ==4630== by 0x8A366A1: Tcl_EvalEx (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) > ==4630== by 0x8A36AE4: Tcl_Eval (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) > ==4630== by 0x8A374CE: Tcl_GlobalEval (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) > ==4630== by 0x8859AAB: mti_DoIt (tclrpc.c:810) > ==4630== by 0x8A6D83F: Tcl_NotifyChannel (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) > ==4630== by 0x8A9C372: FileHandlerEventProc (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) > ==4630== by 0x8A7CCA4: Tcl_ServiceEvent (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) > ==4630== by 0x8A7CFA2: Tcl_DoOneEvent (in /u/bata_root/rhino/valgrind/modeltech/linux/vsimk) > ==4630== by 0x89F25E7: mti_DoOneEvent (tclext.c:329) > ==4630== by 0x854A9BA: bg_execute_commands (bgcmd.c:819) > ==4630== by 0x84657EC: mti_main (main.c:2731) > ==4630== by 0x805DD05: main (mti_main.c:76) > ==4630== Address 0xfeff8e93 is on thread 1's stack > ==4630== > ==4630== > ==4630== ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ---- ==4630== ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ---- ==4630== Conditional jump or move depends on uninitialised value(s) > > > Please advise ... Have you already tried to change --gen-suppressions=yes into --gen-suppressions=all ? Bart. |