| njn | 3e986b2 | 2004-11-30 10:43:45 +0000 | [diff] [blame^] | 1 | <?xml version="1.0"?> <!-- -*- sgml -*- --> |
| 2 | <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
| 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| 4 | |
| 5 | <chapter id="manual-intro" xreflabel="Introduction"> |
| 6 | <title>Introduction</title> |
| 7 | |
| 8 | <sect1 id="manual-intro.overview" xreflabel="An Overview of Valgrind"> |
| 9 | <title>An Overview of Valgrind</title> |
| 10 | |
| 11 | <para>Valgrind is a flexible system for debugging and profiling |
| 12 | Linux-x86 executables. The system consists of a core, which |
| 13 | provides a synthetic x86 CPU in software, and a series of tools, |
| 14 | each of which performs some kind of debugging, profiling, or |
| 15 | similar task. The architecture is modular, so that new tools can |
| 16 | be created easily and without disturbing the existing |
| 17 | structure.</para> |
| 18 | |
| 19 | <para>A number of useful tools are supplied as standard. In |
| 20 | summary, these are:</para> |
| 21 | |
| 22 | <orderedlist> |
| 23 | |
| 24 | <listitem> |
| 25 | <para><command>Memcheck</command> detects memory-management |
| 26 | problems in your programs. All reads and writes of memory |
| 27 | are checked, and calls to malloc/new/free/delete are |
| 28 | intercepted. As a result, Memcheck can detect the following |
| 29 | problems:</para> |
| 30 | |
| 31 | <itemizedlist> |
| 32 | <listitem> |
| 33 | <para>Use of uninitialised memory</para> |
| 34 | </listitem> |
| 35 | <listitem> |
| 36 | <para>Reading/writing memory after it has been |
| 37 | free'd</para> |
| 38 | </listitem> |
| 39 | <listitem> |
| 40 | <para>Reading/writing off the end of malloc'd |
| 41 | blocks</para> |
| 42 | </listitem> |
| 43 | <listitem> |
| 44 | <para>Reading/writing inappropriate areas on the |
| 45 | stack</para> |
| 46 | </listitem> |
| 47 | <listitem> |
| 48 | <para>Memory leaks -- where pointers to malloc'd |
| 49 | blocks are lost forever</para> |
| 50 | </listitem> |
| 51 | <listitem> |
| 52 | <para>Mismatched use of malloc/new/new [] vs |
| 53 | free/delete/delete []</para> |
| 54 | </listitem> |
| 55 | <listitem> |
| 56 | <para>Overlapping <computeroutput>src</computeroutput> and |
| 57 | <computeroutput>dst</computeroutput> pointers in |
| 58 | <computeroutput>memcpy()</computeroutput> and related |
| 59 | functions</para></listitem> <listitem><para>Some misuses of |
| 60 | the POSIX pthreads API</para> |
| 61 | </listitem> |
| 62 | </itemizedlist> |
| 63 | |
| 64 | <para>Problems like these can be difficult to find by other |
| 65 | means, often lying undetected for long periods, then causing |
| 66 | occasional, difficult-to-diagnose crashes.</para> |
| 67 | </listitem> |
| 68 | |
| 69 | <listitem> |
| 70 | <para><command>Addrcheck</command> is a lightweight version |
| 71 | of Memcheck. It is identical to Memcheck except for the |
| 72 | single detail that it does not do any uninitialised-value |
| 73 | checks. All of the other checks -- primarily the |
| 74 | fine-grained address checking -- are still done. The |
| 75 | downside of this is that you don't catch the |
| 76 | uninitialised-value errors that Memcheck can find.</para> |
| 77 | |
| 78 | <para>But the upside is significant: programs run about twice |
| 79 | as fast as they do on Memcheck, and a lot less memory is |
| 80 | used. It still finds reads/writes of freed memory, memory |
| 81 | off the end of blocks and in other invalid places, bugs which |
| 82 | you really want to find before release!</para> |
| 83 | |
| 84 | <para>Because Addrcheck is lighter and faster than Memcheck, |
| 85 | you can run more programs for longer, and so you may be able |
| 86 | to cover more test scenarios. Addrcheck was created because |
| 87 | one of us (Julian) wanted to be able to run a complete KDE |
| 88 | desktop session with checking. As of early November 2002, we |
| 89 | have been able to run KDE-3.0.3 on a 1.7 GHz P4 with 512 MB |
| 90 | of memory, using Addrcheck. Although the result is not |
| 91 | stellar, it's quite usable, and it seems plausible to run KDE |
| 92 | for long periods at a time like this, collecting up all the |
| 93 | addressing errors that appear.</para> |
| 94 | </listitem> |
| 95 | |
| 96 | <listitem> |
| 97 | <para><command>Cachegrind</command> is a cache profiler. It |
| 98 | performs detailed simulation of the I1, D1 and L2 caches in |
| 99 | your CPU and so can accurately pinpoint the sources of cache |
| 100 | misses in your code. If you desire, it will show the number |
| 101 | of cache misses, memory references and instructions accruing |
| 102 | to each line of source code, with per-function, per-module |
| 103 | and whole-program summaries. If you ask really nicely it |
| 104 | will even show counts for each individual x86 |
| 105 | instruction.</para> |
| 106 | |
| 107 | <para>Cachegrind auto-detects your machine's cache |
| 108 | configuration using the |
| 109 | <computeroutput>CPUID</computeroutput> instruction, and so |
| 110 | needs no further configuration info, in most cases.</para> |
| 111 | |
| 112 | <para>Cachegrind is nicely complemented by Josef |
| 113 | Weidendorfer's amazing KCacheGrind visualisation tool |
| 114 | (<ulink url="http://kcachegrind.sourceforge.net">http://kcachegrind.sourceforge.net</ulink>), |
| 115 | a KDE application which presents these profiling results in a |
| 116 | graphical and easier-to-understand form.</para> |
| 117 | </listitem> |
| 118 | |
| 119 | <listitem> |
| 120 | <para><command>Helgrind</command> finds data races in |
| 121 | multithreaded programs. Helgrind looks for memory locations |
| 122 | which are accessed by more than one (POSIX p-)thread, but for |
| 123 | which no consistently used (pthread_mutex_)lock can be found. |
| 124 | Such locations are indicative of missing synchronisation |
| 125 | between threads, and could cause hard-to-find |
| 126 | timing-dependent problems.</para> |
| 127 | |
| 128 | <para>Helgrind ("Hell's Gate", in Norse mythology) implements |
| 129 | the so-called "Eraser" data-race-detection algorithm, along |
| 130 | with various refinements (thread-segment lifetimes) which |
| 131 | reduce the number of false errors it reports. It is as yet |
| 132 | somewhat of an experimental tool, so your feedback is |
| 133 | especially welcomed here.</para> |
| 134 | |
| 135 | <para>Helgrind has been hacked on extensively by Jeremy |
| 136 | Fitzhardinge, and we have him to thank for getting it to a |
| 137 | releasable state.</para> |
| 138 | </listitem> |
| 139 | |
| 140 | </orderedlist> |
| 141 | |
| 142 | |
| 143 | <para>A number of minor tools (<command>Corecheck</command>, |
| 144 | <command>Lackey</command> and <command>Nulgrind</command>) are |
| 145 | also supplied. These aren't particularly useful -- they exist to |
| 146 | illustrate how to create simple tools and to help the valgrind |
| 147 | developers in various ways.</para> |
| 148 | |
| 149 | <para>Valgrind is closely tied to details of the CPU, operating |
| 150 | system and to a less extent, compiler and basic C libraries. This |
| 151 | makes it difficult to make it portable, so we have chosen at the |
| 152 | outset to concentrate on what we believe to be a widely used |
| 153 | platform: Linux on x86s. Valgrind uses the standard Unix |
| 154 | <computeroutput>./configure</computeroutput>, |
| 155 | <computeroutput>make</computeroutput>, <computeroutput>make |
| 156 | install</computeroutput> mechanism, and we have attempted to |
| 157 | ensure that it works on machines with kernel 2.2 or 2.4 and glibc |
| 158 | 2.1.X, 2.2.X or 2.3.1. This should cover the vast majority of |
| 159 | modern Linux installations. Note that glibc-2.3.2+, with the |
| 160 | NPTL (Native Posix Threads Library) package won't work. We hope |
| 161 | to be able to fix this, but it won't be easy.</para> |
| 162 | |
| 163 | <para>Valgrind is licensed under the <xref linkend="license.gpl"/>, |
| 164 | version 2. Some of the PThreads test cases, |
| 165 | <computeroutput>pth_*.c</computeroutput>, are taken from |
| 166 | "Pthreads Programming" by Bradford Nichols, Dick Buttlar & |
| 167 | Jacqueline Proulx Farrell, ISBN 1-56592-115-1, published by |
| 168 | O'Reilly & Associates, Inc.</para> |
| 169 | |
| 170 | </sect1> |
| 171 | |
| 172 | |
| 173 | <sect1 id="manual-intro.navigation" xreflabel="How to navigate this manual"> |
| 174 | <title>How to navigate this manual</title> |
| 175 | |
| 176 | <para>The Valgrind distribution consists of the Valgrind core, |
| 177 | upon which are built Valgrind tools, which do different kinds of |
| 178 | debugging and profiling. This manual is structured |
| 179 | similarly.</para> |
| 180 | |
| 181 | <para>First, we describe the Valgrind core, how to use it, and |
| 182 | the flags it supports. Then, each tool has its own chapter in |
| 183 | this manual. You only need to read the documentation for the |
| 184 | core and for the tool(s) you actually use, although you may find |
| 185 | it helpful to be at least a little bit familar with what all |
| 186 | tools do. If you're new to all this, you probably want to run |
| 187 | the Memcheck tool. If you want to write a new tool, read |
| 188 | <xref linkend="writing-tools"/>.</para> |
| 189 | |
| 190 | <para>Be aware that the core understands some command line flags, |
| 191 | and the tools have their own flags which they know about. This |
| 192 | means there is no central place describing all the flags that are |
| 193 | accepted -- you have to read the flags documentation both for |
| 194 | <xref linkend="manual-core"/> and for the tool you want to |
| 195 | use.</para> |
| 196 | |
| 197 | </sect1> |
| 198 | |
| 199 | </chapter> |