| njn | 76c5bfa | 2005-03-11 04:33:29 +0000 | [diff] [blame] | 1 | <?xml version="1.0"?> <!-- -*- sgml -*- --> |
| 2 | <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
| 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" |
| 4 | [ <!ENTITY % vg-entities SYSTEM "vg-entities.xml"> %vg-entities; ]> |
| 5 | |
| 6 | <book id="quick-start" xreflabel="Valgrind Quick Start Guide"> |
| 7 | |
| 8 | <bookinfo> |
| 9 | <title>Valgrind Quick Start Guide</title> |
| 10 | </bookinfo> |
| 11 | |
| 12 | |
| 13 | <title>Valgrind Quick Start Guide</title> |
| 14 | |
| 15 | <para>The Valgrind distribution has multiple tools. The memory checking |
| 16 | tool (called Memcheck) can detect many common memory errors such as: |
| 17 | </para> |
| 18 | |
| 19 | <itemizedlist> |
| 20 | <listitem><para>touching memory you shouldn't (eg. overrunning heap block |
| 21 | boundaries);</para> |
| 22 | </listitem> |
| 23 | <listitem><para>using values before they have been initialized;</para> |
| 24 | </listitem> |
| 25 | <listitem><para>incorrect freeing of memory, such as double-freeing heap |
| 26 | blocks;</para> |
| 27 | </listitem> |
| 28 | <listitem><para>memory leaks;</para> |
| 29 | </listitem> |
| 30 | </itemizedlist> |
| 31 | |
| 32 | <para>What follows is the minimum information you need to start detecting |
| 33 | memory errors in your program with Memcheck. Note that this guide applies |
| 34 | to Valgrind version 2.4.0; some of the information is not quite right for |
| 35 | earlier versions.</para> |
| 36 | |
| 37 | <sect1> |
| 38 | <title>Preparing your program</title> |
| 39 | <para>Compile your program with <computeroutput>-g</computeroutput> to include |
| 40 | debugging information so that Memcheck's error messages include exact line |
| 41 | numbers.</para> |
| 42 | </sect1> |
| 43 | |
| 44 | <sect1> |
| 45 | <title>Running your program under Memcheck</title> |
| 46 | <para>If you normally run your program like this: |
| 47 | |
| 48 | <programlisting> |
| 49 | myprog arg1 arg2 |
| 50 | </programlisting> |
| 51 | |
| 52 | Use this command line: |
| 53 | |
| 54 | <programlisting> |
| 55 | valgrind --leak-check=yes myprog arg1 arg2 |
| 56 | </programlisting> |
| 57 | |
| 58 | Memcheck is the default tool. The |
| 59 | <computeroutput>--leak-check</computeroutput> option turns on the memory |
| 60 | leak detector.</para> |
| 61 | |
| 62 | <para>Your program will run much slower (eg. 20 to 30 times) than normal, |
| 63 | and use a lot more memory. Memcheck will issue messages about memory errors |
| 64 | and leaks that it detects.</para> |
| 65 | </sect1> |
| 66 | |
| 67 | <sect1> |
| 68 | <title>Interpreting Memcheck's output</title> |
| 69 | <para>Here's an example C program with a memory error and a memory leak. |
| 70 | |
| 71 | <programlisting> |
| 72 | #include <stdlib.h> |
| 73 | |
| 74 | void f(void) |
| 75 | { |
| 76 | int* x = malloc(10 * sizeof(int)); |
| 77 | x[10] = 0; // problem 1: heap block overrun |
| 78 | } // problem 2: memory leak -- x not freed |
| 79 | |
| 80 | int main(void) |
| 81 | { |
| 82 | f(); |
| 83 | return 0; |
| 84 | } |
| 85 | </programlisting> |
| 86 | |
| 87 | Most error messages look like the following, which describes problem 1, the |
| 88 | heap block overrun: |
| 89 | |
| 90 | <programlisting> |
| 91 | ==19182== Invalid write of size 4 |
| 92 | ==19182== at 0x804838F: f (example.c:6) |
| 93 | ==19182== by 0x80483AB: main (example.c:11) |
| 94 | ==19182== Address 0x1BA45050 is 0 bytes after a block of size 40 alloc'd |
| 95 | ==19182== at 0x1B8FF5CD: malloc (vg_replace_malloc.c:130) |
| 96 | ==19182== by 0x8048385: f (example.c:5) |
| 97 | ==19182== by 0x80483AB: main (example.c:11) |
| 98 | </programlisting> |
| 99 | |
| 100 | Things to notice: |
| 101 | |
| 102 | <itemizedlist> |
| 103 | <listitem> |
| 104 | <para>There is a lot of information in each error message; read it |
| 105 | carefully.</para> |
| 106 | </listitem> |
| 107 | |
| 108 | <listitem> |
| 109 | <para>The 19182 is the process ID; it's usually unimportant.</para> |
| 110 | </listitem> |
| 111 | |
| 112 | <listitem> |
| 113 | <para>The first line ("Invalid write...") tells you what kind of error it |
| 114 | is. Here, the program wrote to some memory it should not have due to a |
| 115 | heap block overrun.</para> |
| 116 | </listitem> |
| 117 | |
| 118 | <listitem> |
| 119 | <para>Below the first line is a stack trace telling you where the problem |
| 120 | occurred. Stack traces can get quite large, and be confusing, especially |
| 121 | if you are using the C++ STL. Reading them from the bottom up can help. |
| 122 | If the stack trace is not big enough, use the |
| 123 | <computeroutput>--num-callers</computeroutput> option to make it |
| 124 | bigger.</para> |
| 125 | </listitem> |
| 126 | |
| 127 | <listitem> |
| 128 | <para>The addresses (eg. 0x804838F) are usually unimportant, but occasionally |
| 129 | crucial for tracking down weirder bugs.</para> |
| 130 | </listitem> |
| 131 | |
| 132 | <listitem> |
| 133 | <para>Some error messages have a second component which describes the memory |
| 134 | address involved. This one shows that the written memory is just past |
| 135 | the end of a block allocated with malloc() on line 7 of example.c.</para> |
| 136 | </listitem> |
| 137 | </itemizedlist> |
| 138 | |
| 139 | It's worth fixing errors in the order they are reported, as later |
| 140 | errors can be caused by earlier errors.</para> |
| 141 | |
| 142 | <para>Memory leak messages look like this: |
| 143 | |
| 144 | <programlisting> |
| 145 | ==19182== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1 |
| 146 | ==19182== at 0x1B8FF5CD: malloc (vg_replace_malloc.c:130) |
| 147 | ==19182== by 0x8048385: f (a.c:7) |
| 148 | ==19182== by 0x80483AB: main (a.c:14) |
| 149 | </programlisting> |
| 150 | |
| 151 | The stack trace tells you where the leaked memory was allocated. |
| 152 | Memcheck cannot tell you why the memory leaked, unfortunately. (Ignore the |
| 153 | "vg_replace_malloc.c", that's an implementation detail.)</para> |
| 154 | |
| 155 | <para>There are several kinds of leaks; the two most important categories are: |
| 156 | |
| 157 | <itemizedlist> |
| 158 | <listitem><para>"definitely lost": your program is leaking memory -- fix |
| 159 | it!</para> |
| 160 | </listitem> |
| 161 | |
| 162 | <listitem><para>"probably lost": your program is leaking memory, unless |
| 163 | you're doing funny things with pointers (such as moving them to point to |
| 164 | the middle of a heap block).</para> |
| 165 | </listitem> |
| 166 | </itemizedlist> |
| 167 | |
| 168 | If you don't understand an error message, please consult |
| 169 | <xref linkend="mc-manual.flags"/> in the <xref linkend="manual"/> which has |
| 170 | examples of all the error messages Memcheck produces.</para> |
| 171 | </sect1> |
| 172 | |
| 173 | <sect1> |
| 174 | <title>Caveats</title> |
| 175 | <para>Memcheck is not perfect; it occasionally produces false positives, |
| 176 | and there are mechanisms for suppressing these (see |
| 177 | <xref linkend="manual-core.suppress"/> in the <xref linkend="manual"/>). |
| 178 | However, it is typically right 99% of the time, so you should be wary of |
| 179 | ignoring its error messages. After all, you wouldn't ignore warning |
| 180 | messages produced by a compiler, right?</para> |
| 181 | |
| 182 | <para>Memcheck also cannot detect every memory error your program has. For |
| 183 | example, it can't detect if you overrun the bounds of an array that is |
| 184 | allocated statically or on the stack.</para> |
| 185 | </sect1> |
| 186 | |
| 187 | <sect1> |
| 188 | <title>More information</title> |
| 189 | <para>Please consult the <xref linkend="FAQ"/> and the |
| 190 | <xref linkend="manual"/>, which have much more information. Note that the |
| 191 | other tools in the Valgrind distribution can be invoked with the |
| 192 | <computeroutput>--tool</computeroutput> option.</para> |
| 193 | </sect1> |
| 194 | |
| 195 | </book> |