Elliott Hughes | a0664b9 | 2017-04-18 17:46:52 -0700 | [diff] [blame^] | 1 | <html> |
| 2 | <head> |
| 3 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |
| 4 | <title>2. Using and understanding the Valgrind core</title> |
| 5 | <link rel="stylesheet" type="text/css" href="vg_basic.css"> |
| 6 | <meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> |
| 7 | <link rel="home" href="index.html" title="Valgrind Documentation"> |
| 8 | <link rel="up" href="manual.html" title="Valgrind User Manual"> |
| 9 | <link rel="prev" href="manual-intro.html" title="1. Introduction"> |
| 10 | <link rel="next" href="manual-core-adv.html" title="3. Using and understanding the Valgrind core: Advanced Topics"> |
| 11 | </head> |
| 12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> |
| 13 | <div><table class="nav" width="100%" cellspacing="3" cellpadding="3" border="0" summary="Navigation header"><tr> |
| 14 | <td width="22px" align="center" valign="middle"><a accesskey="p" href="manual-intro.html"><img src="images/prev.png" width="18" height="21" border="0" alt="Prev"></a></td> |
| 15 | <td width="25px" align="center" valign="middle"><a accesskey="u" href="manual.html"><img src="images/up.png" width="21" height="18" border="0" alt="Up"></a></td> |
| 16 | <td width="31px" align="center" valign="middle"><a accesskey="h" href="index.html"><img src="images/home.png" width="27" height="20" border="0" alt="Up"></a></td> |
| 17 | <th align="center" valign="middle">Valgrind User Manual</th> |
| 18 | <td width="22px" align="center" valign="middle"><a accesskey="n" href="manual-core-adv.html"><img src="images/next.png" width="18" height="21" border="0" alt="Next"></a></td> |
| 19 | </tr></table></div> |
| 20 | <div class="chapter"> |
| 21 | <div class="titlepage"><div><div><h1 class="title"> |
| 22 | <a name="manual-core"></a>2. Using and understanding the Valgrind core</h1></div></div></div> |
| 23 | <div class="toc"> |
| 24 | <p><b>Table of Contents</b></p> |
| 25 | <dl class="toc"> |
| 26 | <dt><span class="sect1"><a href="manual-core.html#manual-core.whatdoes">2.1. What Valgrind does with your program</a></span></dt> |
| 27 | <dt><span class="sect1"><a href="manual-core.html#manual-core.started">2.2. Getting started</a></span></dt> |
| 28 | <dt><span class="sect1"><a href="manual-core.html#manual-core.comment">2.3. The Commentary</a></span></dt> |
| 29 | <dt><span class="sect1"><a href="manual-core.html#manual-core.report">2.4. Reporting of errors</a></span></dt> |
| 30 | <dt><span class="sect1"><a href="manual-core.html#manual-core.suppress">2.5. Suppressing errors</a></span></dt> |
| 31 | <dt><span class="sect1"><a href="manual-core.html#manual-core.options">2.6. Core Command-line Options</a></span></dt> |
| 32 | <dd><dl> |
| 33 | <dt><span class="sect2"><a href="manual-core.html#manual-core.toolopts">2.6.1. Tool-selection Option</a></span></dt> |
| 34 | <dt><span class="sect2"><a href="manual-core.html#manual-core.basicopts">2.6.2. Basic Options</a></span></dt> |
| 35 | <dt><span class="sect2"><a href="manual-core.html#manual-core.erropts">2.6.3. Error-related Options</a></span></dt> |
| 36 | <dt><span class="sect2"><a href="manual-core.html#manual-core.mallocopts">2.6.4. malloc-related Options</a></span></dt> |
| 37 | <dt><span class="sect2"><a href="manual-core.html#manual-core.rareopts">2.6.5. Uncommon Options</a></span></dt> |
| 38 | <dt><span class="sect2"><a href="manual-core.html#manual-core.debugopts">2.6.6. Debugging Options</a></span></dt> |
| 39 | <dt><span class="sect2"><a href="manual-core.html#manual-core.defopts">2.6.7. Setting Default Options</a></span></dt> |
| 40 | </dl></dd> |
| 41 | <dt><span class="sect1"><a href="manual-core.html#manual-core.pthreads">2.7. Support for Threads</a></span></dt> |
| 42 | <dd><dl><dt><span class="sect2"><a href="manual-core.html#manual-core.pthreads_perf_sched">2.7.1. Scheduling and Multi-Thread Performance</a></span></dt></dl></dd> |
| 43 | <dt><span class="sect1"><a href="manual-core.html#manual-core.signals">2.8. Handling of Signals</a></span></dt> |
| 44 | <dt><span class="sect1"><a href="manual-core.html#manual-core.install">2.9. Building and Installing Valgrind</a></span></dt> |
| 45 | <dt><span class="sect1"><a href="manual-core.html#manual-core.problems">2.10. If You Have Problems</a></span></dt> |
| 46 | <dt><span class="sect1"><a href="manual-core.html#manual-core.limits">2.11. Limitations</a></span></dt> |
| 47 | <dt><span class="sect1"><a href="manual-core.html#manual-core.example">2.12. An Example Run</a></span></dt> |
| 48 | <dt><span class="sect1"><a href="manual-core.html#manual-core.warnings">2.13. Warning Messages You Might See</a></span></dt> |
| 49 | </dl> |
| 50 | </div> |
| 51 | <p>This chapter describes the Valgrind core services, command-line |
| 52 | options and behaviours. That means it is relevant regardless of what |
| 53 | particular tool you are using. The information should be sufficient for you |
| 54 | to make effective day-to-day use of Valgrind. Advanced topics related to |
| 55 | the Valgrind core are described in <a class="xref" href="manual-core-adv.html" title="3. Using and understanding the Valgrind core: Advanced Topics">Valgrind's core: advanced topics</a>. |
| 56 | </p> |
| 57 | <p> |
| 58 | A point of terminology: most references to "Valgrind" in this chapter |
| 59 | refer to the Valgrind core services. </p> |
| 60 | <div class="sect1"> |
| 61 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 62 | <a name="manual-core.whatdoes"></a>2.1. What Valgrind does with your program</h2></div></div></div> |
| 63 | <p>Valgrind is designed to be as non-intrusive as possible. It works |
| 64 | directly with existing executables. You don't need to recompile, relink, |
| 65 | or otherwise modify the program to be checked.</p> |
| 66 | <p>You invoke Valgrind like this:</p> |
| 67 | <pre class="programlisting"> |
| 68 | valgrind [valgrind-options] your-prog [your-prog-options]</pre> |
| 69 | <p>The most important option is <code class="option">--tool</code> which dictates |
| 70 | which Valgrind tool to run. For example, if want to run the command |
| 71 | <code class="computeroutput">ls -l</code> using the memory-checking tool |
| 72 | Memcheck, issue this command:</p> |
| 73 | <pre class="programlisting"> |
| 74 | valgrind --tool=memcheck ls -l</pre> |
| 75 | <p>However, Memcheck is the default, so if you want to use it you can |
| 76 | omit the <code class="option">--tool</code> option.</p> |
| 77 | <p>Regardless of which tool is in use, Valgrind takes control of your |
| 78 | program before it starts. Debugging information is read from the |
| 79 | executable and associated libraries, so that error messages and other |
| 80 | outputs can be phrased in terms of source code locations, when |
| 81 | appropriate.</p> |
| 82 | <p>Your program is then run on a synthetic CPU provided by the |
| 83 | Valgrind core. As new code is executed for the first time, the core |
| 84 | hands the code to the selected tool. The tool adds its own |
| 85 | instrumentation code to this and hands the result back to the core, |
| 86 | which coordinates the continued execution of this instrumented |
| 87 | code.</p> |
| 88 | <p>The amount of instrumentation code added varies widely between |
| 89 | tools. At one end of the scale, Memcheck adds code to check every |
| 90 | memory access and every value computed, |
| 91 | making it run 10-50 times slower than natively. |
| 92 | At the other end of the spectrum, the minimal tool, called Nulgrind, |
| 93 | adds no instrumentation at all and causes in total "only" about a 4 times |
| 94 | slowdown.</p> |
| 95 | <p>Valgrind simulates every single instruction your program executes. |
| 96 | Because of this, the active tool checks, or profiles, not only the code |
| 97 | in your application but also in all supporting dynamically-linked libraries, |
| 98 | including the C library, graphical libraries, and so on.</p> |
| 99 | <p>If you're using an error-detection tool, Valgrind may |
| 100 | detect errors in system libraries, for example the GNU C or X11 |
| 101 | libraries, which you have to use. You might not be interested in these |
| 102 | errors, since you probably have no control over that code. Therefore, |
| 103 | Valgrind allows you to selectively suppress errors, by recording them in |
| 104 | a suppressions file which is read when Valgrind starts up. The build |
| 105 | mechanism selects default suppressions which give reasonable |
| 106 | behaviour for the OS and libraries detected on your machine. |
| 107 | To make it easier to write suppressions, you can use the |
| 108 | <code class="option">--gen-suppressions=yes</code> option. This tells Valgrind to |
| 109 | print out a suppression for each reported error, which you can then |
| 110 | copy into a suppressions file.</p> |
| 111 | <p>Different error-checking tools report different kinds of errors. |
| 112 | The suppression mechanism therefore allows you to say which tool or |
| 113 | tool(s) each suppression applies to.</p> |
| 114 | </div> |
| 115 | <div class="sect1"> |
| 116 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 117 | <a name="manual-core.started"></a>2.2. Getting started</h2></div></div></div> |
| 118 | <p>First off, consider whether it might be beneficial to recompile |
| 119 | your application and supporting libraries with debugging info enabled |
| 120 | (the <code class="option">-g</code> option). Without debugging info, the best |
| 121 | Valgrind tools will be able to do is guess which function a particular |
| 122 | piece of code belongs to, which makes both error messages and profiling |
| 123 | output nearly useless. With <code class="option">-g</code>, you'll get |
| 124 | messages which point directly to the relevant source code lines.</p> |
| 125 | <p>Another option you might like to consider, if you are working with |
| 126 | C++, is <code class="option">-fno-inline</code>. That makes it easier to see the |
| 127 | function-call chain, which can help reduce confusion when navigating |
| 128 | around large C++ apps. For example, debugging |
| 129 | OpenOffice.org with Memcheck is a bit easier when using this option. You |
| 130 | don't have to do this, but doing so helps Valgrind produce more accurate |
| 131 | and less confusing error reports. Chances are you're set up like this |
| 132 | already, if you intended to debug your program with GNU GDB, or some |
| 133 | other debugger. Alternatively, the Valgrind option |
| 134 | <code class="option">--read-inline-info=yes</code> instructs Valgrind to read |
| 135 | the debug information describing inlining information. With this, |
| 136 | function call chain will be properly shown, even when your application |
| 137 | is compiled with inlining. </p> |
| 138 | <p>If you are planning to use Memcheck: On rare |
| 139 | occasions, compiler optimisations (at <code class="option">-O2</code> |
| 140 | and above, and sometimes <code class="option">-O1</code>) have been |
| 141 | observed to generate code which fools Memcheck into wrongly reporting |
| 142 | uninitialised value errors, or missing uninitialised value errors. We have |
| 143 | looked in detail into fixing this, and unfortunately the result is that |
| 144 | doing so would give a further significant slowdown in what is already a slow |
| 145 | tool. So the best solution is to turn off optimisation altogether. Since |
| 146 | this often makes things unmanageably slow, a reasonable compromise is to use |
| 147 | <code class="option">-O</code>. This gets you the majority of the |
| 148 | benefits of higher optimisation levels whilst keeping relatively small the |
| 149 | chances of false positives or false negatives from Memcheck. Also, you |
| 150 | should compile your code with <code class="option">-Wall</code> because |
| 151 | it can identify some or all of the problems that Valgrind can miss at the |
| 152 | higher optimisation levels. (Using <code class="option">-Wall</code> |
| 153 | is also a good idea in general.) All other tools (as far as we know) are |
| 154 | unaffected by optimisation level, and for profiling tools like Cachegrind it |
| 155 | is better to compile your program at its normal optimisation level.</p> |
| 156 | <p>Valgrind understands the DWARF2/3/4 formats used by GCC 3.1 and |
| 157 | later. The reader for "stabs" debugging format (used by GCC versions |
| 158 | prior to 3.1) has been disabled in Valgrind 3.9.0.</p> |
| 159 | <p>When you're ready to roll, run Valgrind as described above. |
| 160 | Note that you should run the real |
| 161 | (machine-code) executable here. If your application is started by, for |
| 162 | example, a shell or Perl script, you'll need to modify it to invoke |
| 163 | Valgrind on the real executables. Running such scripts directly under |
| 164 | Valgrind will result in you getting error reports pertaining to |
| 165 | <code class="filename">/bin/sh</code>, |
| 166 | <code class="filename">/usr/bin/perl</code>, or whatever interpreter |
| 167 | you're using. This may not be what you want and can be confusing. You |
| 168 | can force the issue by giving the option |
| 169 | <code class="option">--trace-children=yes</code>, but confusion is still |
| 170 | likely.</p> |
| 171 | </div> |
| 172 | <div class="sect1"> |
| 173 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 174 | <a name="manual-core.comment"></a>2.3. The Commentary</h2></div></div></div> |
| 175 | <p>Valgrind tools write a commentary, a stream of text, detailing |
| 176 | error reports and other significant events. All lines in the commentary |
| 177 | have following form: |
| 178 | |
| 179 | </p> |
| 180 | <pre class="programlisting"> |
| 181 | ==12345== some-message-from-Valgrind</pre> |
| 182 | <p> |
| 183 | </p> |
| 184 | <p>The <code class="computeroutput">12345</code> is the process ID. |
| 185 | This scheme makes it easy to distinguish program output from Valgrind |
| 186 | commentary, and also easy to differentiate commentaries from different |
| 187 | processes which have become merged together, for whatever reason.</p> |
| 188 | <p>By default, Valgrind tools write only essential messages to the |
| 189 | commentary, so as to avoid flooding you with information of secondary |
| 190 | importance. If you want more information about what is happening, |
| 191 | re-run, passing the <code class="option">-v</code> option to Valgrind. A second |
| 192 | <code class="option">-v</code> gives yet more detail. |
| 193 | </p> |
| 194 | <p>You can direct the commentary to three different places:</p> |
| 195 | <div class="orderedlist"><ol class="orderedlist" type="1"> |
| 196 | <li class="listitem"> |
| 197 | <p><a name="manual-core.out2fd"></a>The default: send it to a file descriptor, which is by default |
| 198 | 2 (stderr). So, if you give the core no options, it will write |
| 199 | commentary to the standard error stream. If you want to send it to |
| 200 | some other file descriptor, for example number 9, you can specify |
| 201 | <code class="option">--log-fd=9</code>.</p> |
| 202 | <p>This is the simplest and most common arrangement, but can |
| 203 | cause problems when Valgrinding entire trees of processes which |
| 204 | expect specific file descriptors, particularly stdin/stdout/stderr, |
| 205 | to be available for their own use.</p> |
| 206 | </li> |
| 207 | <li class="listitem"><p><a name="manual-core.out2file"></a>A less intrusive |
| 208 | option is to write the commentary to a file, which you specify by |
| 209 | <code class="option">--log-file=filename</code>. There are special format |
| 210 | specifiers that can be used to use a process ID or an environment |
| 211 | variable name in the log file name. These are useful/necessary if your |
| 212 | program invokes multiple processes (especially for MPI programs). |
| 213 | See the <a class="link" href="manual-core.html#manual-core.basicopts" title="2.6.2. Basic Options">basic options section</a> |
| 214 | for more details.</p></li> |
| 215 | <li class="listitem"> |
| 216 | <p><a name="manual-core.out2socket"></a>The |
| 217 | least intrusive option is to send the commentary to a network |
| 218 | socket. The socket is specified as an IP address and port number |
| 219 | pair, like this: <code class="option">--log-socket=192.168.0.1:12345</code> if |
| 220 | you want to send the output to host IP 192.168.0.1 port 12345 |
| 221 | (note: we |
| 222 | have no idea if 12345 is a port of pre-existing significance). You |
| 223 | can also omit the port number: |
| 224 | <code class="option">--log-socket=192.168.0.1</code>, in which case a default |
| 225 | port of 1500 is used. This default is defined by the constant |
| 226 | <code class="computeroutput">VG_CLO_DEFAULT_LOGPORT</code> in the |
| 227 | sources.</p> |
| 228 | <p>Note, unfortunately, that you have to use an IP address here, |
| 229 | rather than a hostname.</p> |
| 230 | <p>Writing to a network socket is pointless if you don't |
| 231 | have something listening at the other end. We provide a simple |
| 232 | listener program, |
| 233 | <code class="computeroutput">valgrind-listener</code>, which accepts |
| 234 | connections on the specified port and copies whatever it is sent to |
| 235 | stdout. Probably someone will tell us this is a horrible security |
| 236 | risk. It seems likely that people will write more sophisticated |
| 237 | listeners in the fullness of time.</p> |
| 238 | <p><code class="computeroutput">valgrind-listener</code> can accept |
| 239 | simultaneous connections from up to 50 Valgrinded processes. In front |
| 240 | of each line of output it prints the current number of active |
| 241 | connections in round brackets.</p> |
| 242 | <p><code class="computeroutput">valgrind-listener</code> accepts three |
| 243 | command-line options:</p> |
| 244 | <div class="variablelist"> |
| 245 | <a name="listener.opts.list"></a><dl class="variablelist"> |
| 246 | <dt><span class="term"><code class="option">-e --exit-at-zero</code></span></dt> |
| 247 | <dd><p>When the number of connected processes falls back to zero, |
| 248 | exit. Without this, it will run forever, that is, until you |
| 249 | send it Control-C.</p></dd> |
| 250 | <dt><span class="term"><code class="option">--max-connect=INTEGER</code></span></dt> |
| 251 | <dd><p>By default, the listener can connect to up to 50 processes. |
| 252 | Occasionally, that number is too small. Use this option to |
| 253 | provide a different limit. E.g. |
| 254 | <code class="computeroutput">--max-connect=100</code>. |
| 255 | </p></dd> |
| 256 | <dt><span class="term"><code class="option">portnumber</code></span></dt> |
| 257 | <dd><p>Changes the port it listens on from the default (1500). |
| 258 | The specified port must be in the range 1024 to 65535. |
| 259 | The same restriction applies to port numbers specified by a |
| 260 | <code class="option">--log-socket</code> to Valgrind itself.</p></dd> |
| 261 | </dl> |
| 262 | </div> |
| 263 | <p>If a Valgrinded process fails to connect to a listener, for |
| 264 | whatever reason (the listener isn't running, invalid or unreachable |
| 265 | host or port, etc), Valgrind switches back to writing the commentary |
| 266 | to stderr. The same goes for any process which loses an established |
| 267 | connection to a listener. In other words, killing the listener |
| 268 | doesn't kill the processes sending data to it.</p> |
| 269 | </li> |
| 270 | </ol></div> |
| 271 | <p>Here is an important point about the relationship between the |
| 272 | commentary and profiling output from tools. The commentary contains a |
| 273 | mix of messages from the Valgrind core and the selected tool. If the |
| 274 | tool reports errors, it will report them to the commentary. However, if |
| 275 | the tool does profiling, the profile data will be written to a file of |
| 276 | some kind, depending on the tool, and independent of what |
| 277 | <code class="option">--log-*</code> options are in force. The commentary is |
| 278 | intended to be a low-bandwidth, human-readable channel. Profiling data, |
| 279 | on the other hand, is usually voluminous and not meaningful without |
| 280 | further processing, which is why we have chosen this arrangement.</p> |
| 281 | </div> |
| 282 | <div class="sect1"> |
| 283 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 284 | <a name="manual-core.report"></a>2.4. Reporting of errors</h2></div></div></div> |
| 285 | <p>When an error-checking tool |
| 286 | detects something bad happening in the program, an error |
| 287 | message is written to the commentary. Here's an example from Memcheck:</p> |
| 288 | <pre class="programlisting"> |
| 289 | ==25832== Invalid read of size 4 |
| 290 | ==25832== at 0x8048724: BandMatrix::ReSize(int, int, int) (bogon.cpp:45) |
| 291 | ==25832== by 0x80487AF: main (bogon.cpp:66) |
| 292 | ==25832== Address 0xBFFFF74C is not stack'd, malloc'd or free'd</pre> |
| 293 | <p>This message says that the program did an illegal 4-byte read of |
| 294 | address 0xBFFFF74C, which, as far as Memcheck can tell, is not a valid |
| 295 | stack address, nor corresponds to any current heap blocks or recently freed |
| 296 | heap blocks. The read is happening at line 45 of |
| 297 | <code class="filename">bogon.cpp</code>, called from line 66 of the same file, |
| 298 | etc. For errors associated with an identified (current or freed) heap block, |
| 299 | for example reading freed memory, Valgrind reports not only the |
| 300 | location where the error happened, but also where the associated heap block |
| 301 | was allocated/freed.</p> |
| 302 | <p>Valgrind remembers all error reports. When an error is detected, |
| 303 | it is compared against old reports, to see if it is a duplicate. If so, |
| 304 | the error is noted, but no further commentary is emitted. This avoids |
| 305 | you being swamped with bazillions of duplicate error reports.</p> |
| 306 | <p>If you want to know how many times each error occurred, run with |
| 307 | the <code class="option">-v</code> option. When execution finishes, all the |
| 308 | reports are printed out, along with, and sorted by, their occurrence |
| 309 | counts. This makes it easy to see which errors have occurred most |
| 310 | frequently.</p> |
| 311 | <p>Errors are reported before the associated operation actually |
| 312 | happens. For example, if you're using Memcheck and your program attempts to |
| 313 | read from address zero, Memcheck will emit a message to this effect, and |
| 314 | your program will then likely die with a segmentation fault.</p> |
| 315 | <p>In general, you should try and fix errors in the order that they |
| 316 | are reported. Not doing so can be confusing. For example, a program |
| 317 | which copies uninitialised values to several memory locations, and later |
| 318 | uses them, will generate several error messages, when run on Memcheck. |
| 319 | The first such error message may well give the most direct clue to the |
| 320 | root cause of the problem.</p> |
| 321 | <p>The process of detecting duplicate errors is quite an |
| 322 | expensive one and can become a significant performance overhead |
| 323 | if your program generates huge quantities of errors. To avoid |
| 324 | serious problems, Valgrind will simply stop collecting |
| 325 | errors after 1,000 different errors have been seen, or 10,000,000 errors |
| 326 | in total have been seen. In this situation you might as well |
| 327 | stop your program and fix it, because Valgrind won't tell you |
| 328 | anything else useful after this. Note that the 1,000/10,000,000 limits |
| 329 | apply after suppressed errors are removed. These limits are |
| 330 | defined in <code class="filename">m_errormgr.c</code> and can be increased |
| 331 | if necessary.</p> |
| 332 | <p>To avoid this cutoff you can use the |
| 333 | <code class="option">--error-limit=no</code> option. Then Valgrind will always show |
| 334 | errors, regardless of how many there are. Use this option carefully, |
| 335 | since it may have a bad effect on performance.</p> |
| 336 | </div> |
| 337 | <div class="sect1"> |
| 338 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 339 | <a name="manual-core.suppress"></a>2.5. Suppressing errors</h2></div></div></div> |
| 340 | <p>The error-checking tools detect numerous problems in the system |
| 341 | libraries, such as the C library, |
| 342 | which come pre-installed with your OS. You can't easily fix |
| 343 | these, but you don't want to see these errors (and yes, there are many!) |
| 344 | So Valgrind reads a list of errors to suppress at startup. A default |
| 345 | suppression file is created by the |
| 346 | <code class="computeroutput">./configure</code> script when the system is |
| 347 | built.</p> |
| 348 | <p>You can modify and add to the suppressions file at your leisure, |
| 349 | or, better, write your own. Multiple suppression files are allowed. |
| 350 | This is useful if part of your project contains errors you can't or |
| 351 | don't want to fix, yet you don't want to continuously be reminded of |
| 352 | them.</p> |
| 353 | <p><b>Note: </b>By far the easiest way to add |
| 354 | suppressions is to use the <code class="option">--gen-suppressions=yes</code> option |
| 355 | described in <a class="xref" href="manual-core.html#manual-core.options" title="2.6. Core Command-line Options">Core Command-line Options</a>. This generates |
| 356 | suppressions automatically. For best results, |
| 357 | though, you may want to edit the output |
| 358 | of <code class="option">--gen-suppressions=yes</code> by hand, in which |
| 359 | case it would be advisable to read through this section. |
| 360 | </p> |
| 361 | <p>Each error to be suppressed is described very specifically, to |
| 362 | minimise the possibility that a suppression-directive inadvertently |
| 363 | suppresses a bunch of similar errors which you did want to see. The |
| 364 | suppression mechanism is designed to allow precise yet flexible |
| 365 | specification of errors to suppress.</p> |
| 366 | <p>If you use the <code class="option">-v</code> option, at the end of execution, |
| 367 | Valgrind prints out one line for each used suppression, giving the number of times |
| 368 | it got used, its name and the filename and line number where the suppression is |
| 369 | defined. Depending on the suppression kind, the filename and line number are optionally |
| 370 | followed by additional information (such as the number of blocks and bytes suppressed |
| 371 | by a memcheck leak suppression). Here's the suppressions used by a |
| 372 | run of <code class="computeroutput">valgrind -v --tool=memcheck ls -l</code>:</p> |
| 373 | <pre class="programlisting"> |
| 374 | --1610-- used_suppression: 2 dl-hack3-cond-1 /usr/lib/valgrind/default.supp:1234 |
| 375 | --1610-- used_suppression: 2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a /usr/lib/valgrind/default.supp:1234 |
| 376 | </pre> |
| 377 | <p>Multiple suppressions files are allowed. Valgrind loads suppression |
| 378 | patterns from <code class="filename">$PREFIX/lib/valgrind/default.supp</code> unless |
| 379 | <code class="option">--default-suppressions=no</code> has been specified. You can |
| 380 | ask to add suppressions from additional files by specifying |
| 381 | <code class="option">--suppressions=/path/to/file.supp</code> one or more times. |
| 382 | </p> |
| 383 | <p>If you want to understand more about suppressions, look at an |
| 384 | existing suppressions file whilst reading the following documentation. |
| 385 | The file <code class="filename">glibc-2.3.supp</code>, in the source |
| 386 | distribution, provides some good examples.</p> |
| 387 | <p>Each suppression has the following components:</p> |
| 388 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> |
| 389 | <li class="listitem"><p>First line: its name. This merely gives a handy name to the |
| 390 | suppression, by which it is referred to in the summary of used |
| 391 | suppressions printed out when a program finishes. It's not |
| 392 | important what the name is; any identifying string will do.</p></li> |
| 393 | <li class="listitem"> |
| 394 | <p>Second line: name of the tool(s) that the suppression is for |
| 395 | (if more than one, comma-separated), and the name of the suppression |
| 396 | itself, separated by a colon (n.b.: no spaces are allowed), eg:</p> |
| 397 | <pre class="programlisting"> |
| 398 | tool_name1,tool_name2:suppression_name</pre> |
| 399 | <p>Recall that Valgrind is a modular system, in which |
| 400 | different instrumentation tools can observe your program whilst it |
| 401 | is running. Since different tools detect different kinds of errors, |
| 402 | it is necessary to say which tool(s) the suppression is meaningful |
| 403 | to.</p> |
| 404 | <p>Tools will complain, at startup, if a tool does not understand |
| 405 | any suppression directed to it. Tools ignore suppressions which are |
| 406 | not directed to them. As a result, it is quite practical to put |
| 407 | suppressions for all tools into the same suppression file.</p> |
| 408 | </li> |
| 409 | <li class="listitem"><p>Next line: a small number of suppression types have extra |
| 410 | information after the second line (eg. the <code class="varname">Param</code> |
| 411 | suppression for Memcheck)</p></li> |
| 412 | <li class="listitem"> |
| 413 | <p>Remaining lines: This is the calling context for the error -- |
| 414 | the chain of function calls that led to it. There can be up to 24 |
| 415 | of these lines.</p> |
| 416 | <p>Locations may be names of either shared objects or |
| 417 | functions. They begin |
| 418 | <code class="computeroutput">obj:</code> and |
| 419 | <code class="computeroutput">fun:</code> respectively. Function and |
| 420 | object names to match against may use the wildcard characters |
| 421 | <code class="computeroutput">*</code> and |
| 422 | <code class="computeroutput">?</code>.</p> |
| 423 | <p><span class="command"><strong>Important note: </strong></span> C++ function names must be |
| 424 | <span class="command"><strong>mangled</strong></span>. If you are writing suppressions by |
| 425 | hand, use the <code class="option">--demangle=no</code> option to get the |
| 426 | mangled names in your error messages. An example of a mangled |
| 427 | C++ name is <code class="computeroutput">_ZN9QListView4showEv</code>. |
| 428 | This is the form that the GNU C++ compiler uses internally, and |
| 429 | the form that must be used in suppression files. The equivalent |
| 430 | demangled name, <code class="computeroutput">QListView::show()</code>, |
| 431 | is what you see at the C++ source code level. |
| 432 | </p> |
| 433 | <p>A location line may also be |
| 434 | simply "<code class="computeroutput">...</code>" (three dots). This is |
| 435 | a frame-level wildcard, which matches zero or more frames. Frame |
| 436 | level wildcards are useful because they make it easy to ignore |
| 437 | varying numbers of uninteresting frames in between frames of |
| 438 | interest. That is often important when writing suppressions which |
| 439 | are intended to be robust against variations in the amount of |
| 440 | function inlining done by compilers.</p> |
| 441 | </li> |
| 442 | <li class="listitem"><p>Finally, the entire suppression must be between curly |
| 443 | braces. Each brace must be the first character on its own |
| 444 | line.</p></li> |
| 445 | </ul></div> |
| 446 | <p>A suppression only suppresses an error when the error matches all |
| 447 | the details in the suppression. Here's an example:</p> |
| 448 | <pre class="programlisting"> |
| 449 | { |
| 450 | __gconv_transform_ascii_internal/__mbrtowc/mbtowc |
| 451 | Memcheck:Value4 |
| 452 | fun:__gconv_transform_ascii_internal |
| 453 | fun:__mbr*toc |
| 454 | fun:mbtowc |
| 455 | }</pre> |
| 456 | <p>What it means is: for Memcheck only, suppress a |
| 457 | use-of-uninitialised-value error, when the data size is 4, when it |
| 458 | occurs in the function |
| 459 | <code class="computeroutput">__gconv_transform_ascii_internal</code>, when |
| 460 | that is called from any function of name matching |
| 461 | <code class="computeroutput">__mbr*toc</code>, when that is called from |
| 462 | <code class="computeroutput">mbtowc</code>. It doesn't apply under any |
| 463 | other circumstances. The string by which this suppression is identified |
| 464 | to the user is |
| 465 | <code class="computeroutput">__gconv_transform_ascii_internal/__mbrtowc/mbtowc</code>.</p> |
| 466 | <p>(See <a class="xref" href="mc-manual.html#mc-manual.suppfiles" title="4.4. Writing suppression files">Writing suppression files</a> for more details |
| 467 | on the specifics of Memcheck's suppression kinds.)</p> |
| 468 | <p>Another example, again for the Memcheck tool:</p> |
| 469 | <pre class="programlisting"> |
| 470 | { |
| 471 | libX11.so.6.2/libX11.so.6.2/libXaw.so.7.0 |
| 472 | Memcheck:Value4 |
| 473 | obj:/usr/X11R6/lib/libX11.so.6.2 |
| 474 | obj:/usr/X11R6/lib/libX11.so.6.2 |
| 475 | obj:/usr/X11R6/lib/libXaw.so.7.0 |
| 476 | }</pre> |
| 477 | <p>This suppresses any size 4 uninitialised-value error which occurs |
| 478 | anywhere in <code class="filename">libX11.so.6.2</code>, when called from |
| 479 | anywhere in the same library, when called from anywhere in |
| 480 | <code class="filename">libXaw.so.7.0</code>. The inexact specification of |
| 481 | locations is regrettable, but is about all you can hope for, given that |
| 482 | the X11 libraries shipped on the Linux distro on which this example |
| 483 | was made have had their symbol tables removed.</p> |
| 484 | <p>Although the above two examples do not make this clear, you can |
| 485 | freely mix <code class="computeroutput">obj:</code> and |
| 486 | <code class="computeroutput">fun:</code> lines in a suppression.</p> |
| 487 | <p>Finally, here's an example using three frame-level wildcards:</p> |
| 488 | <pre class="programlisting"> |
| 489 | { |
| 490 | a-contrived-example |
| 491 | Memcheck:Leak |
| 492 | fun:malloc |
| 493 | ... |
| 494 | fun:ddd |
| 495 | ... |
| 496 | fun:ccc |
| 497 | ... |
| 498 | fun:main |
| 499 | } |
| 500 | </pre> |
| 501 | This suppresses Memcheck memory-leak errors, in the case where |
| 502 | the allocation was done by <code class="computeroutput">main</code> |
| 503 | calling (though any number of intermediaries, including zero) |
| 504 | <code class="computeroutput">ccc</code>, |
| 505 | calling onwards via |
| 506 | <code class="computeroutput">ddd</code> and eventually |
| 507 | to <code class="computeroutput">malloc.</code>. |
| 508 | </div> |
| 509 | <div class="sect1"> |
| 510 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 511 | <a name="manual-core.options"></a>2.6. Core Command-line Options</h2></div></div></div> |
| 512 | <p>As mentioned above, Valgrind's core accepts a common set of options. |
| 513 | The tools also accept tool-specific options, which are documented |
| 514 | separately for each tool.</p> |
| 515 | <p>Valgrind's default settings succeed in giving reasonable behaviour |
| 516 | in most cases. We group the available options by rough categories.</p> |
| 517 | <div class="sect2"> |
| 518 | <div class="titlepage"><div><div><h3 class="title"> |
| 519 | <a name="manual-core.toolopts"></a>2.6.1. Tool-selection Option</h3></div></div></div> |
| 520 | <p><a name="tool.opts.para"></a>The single most important option.</p> |
| 521 | <div class="variablelist"> |
| 522 | <a name="tool.opts.list"></a><dl class="variablelist"> |
| 523 | <dt> |
| 524 | <a name="tool_name"></a><span class="term"> |
| 525 | <code class="option">--tool=<toolname> [default: memcheck] </code> |
| 526 | </span> |
| 527 | </dt> |
| 528 | <dd><p>Run the Valgrind tool called <code class="varname">toolname</code>, |
| 529 | e.g. memcheck, cachegrind, callgrind, helgrind, drd, massif, |
| 530 | lackey, none, exp-sgcheck, exp-bbv, exp-dhat, etc.</p></dd> |
| 531 | </dl> |
| 532 | </div> |
| 533 | </div> |
| 534 | <div class="sect2"> |
| 535 | <div class="titlepage"><div><div><h3 class="title"> |
| 536 | <a name="manual-core.basicopts"></a>2.6.2. Basic Options</h3></div></div></div> |
| 537 | <p><a name="basic.opts.para"></a>These options work with all tools.</p> |
| 538 | <div class="variablelist"> |
| 539 | <a name="basic.opts.list"></a><dl class="variablelist"> |
| 540 | <dt> |
| 541 | <a name="opt.help"></a><span class="term"><code class="option">-h --help</code></span> |
| 542 | </dt> |
| 543 | <dd><p>Show help for all options, both for the core and for the |
| 544 | selected tool. If the option is repeated it is equivalent to giving |
| 545 | <code class="option">--help-debug</code>.</p></dd> |
| 546 | <dt> |
| 547 | <a name="opt.help-debug"></a><span class="term"><code class="option">--help-debug</code></span> |
| 548 | </dt> |
| 549 | <dd><p>Same as <code class="option">--help</code>, but also lists debugging |
| 550 | options which usually are only of use to Valgrind's |
| 551 | developers.</p></dd> |
| 552 | <dt> |
| 553 | <a name="opt.version"></a><span class="term"><code class="option">--version</code></span> |
| 554 | </dt> |
| 555 | <dd><p>Show the version number of the Valgrind core. Tools can have |
| 556 | their own version numbers. There is a scheme in place to ensure |
| 557 | that tools only execute when the core version is one they are |
| 558 | known to work with. This was done to minimise the chances of |
| 559 | strange problems arising from tool-vs-core version |
| 560 | incompatibilities.</p></dd> |
| 561 | <dt> |
| 562 | <a name="opt.quiet"></a><span class="term"><code class="option">-q</code>, <code class="option">--quiet</code></span> |
| 563 | </dt> |
| 564 | <dd><p>Run silently, and only print error messages. Useful if you |
| 565 | are running regression tests or have some other automated test |
| 566 | machinery.</p></dd> |
| 567 | <dt> |
| 568 | <a name="opt.verbose"></a><span class="term"><code class="option">-v</code>, <code class="option">--verbose</code></span> |
| 569 | </dt> |
| 570 | <dd><p>Be more verbose. Gives extra information on various aspects |
| 571 | of your program, such as: the shared objects loaded, the |
| 572 | suppressions used, the progress of the instrumentation and |
| 573 | execution engines, and warnings about unusual behaviour. Repeating |
| 574 | the option increases the verbosity level.</p></dd> |
| 575 | <dt> |
| 576 | <a name="opt.trace-children"></a><span class="term"> |
| 577 | <code class="option">--trace-children=<yes|no> [default: no] </code> |
| 578 | </span> |
| 579 | </dt> |
| 580 | <dd> |
| 581 | <p>When enabled, Valgrind will trace into sub-processes |
| 582 | initiated via the <code class="varname">exec</code> system call. This is |
| 583 | necessary for multi-process programs. |
| 584 | </p> |
| 585 | <p>Note that Valgrind does trace into the child of a |
| 586 | <code class="varname">fork</code> (it would be difficult not to, since |
| 587 | <code class="varname">fork</code> makes an identical copy of a process), so this |
| 588 | option is arguably badly named. However, most children of |
| 589 | <code class="varname">fork</code> calls immediately call <code class="varname">exec</code> |
| 590 | anyway. |
| 591 | </p> |
| 592 | </dd> |
| 593 | <dt> |
| 594 | <a name="opt.trace-children-skip"></a><span class="term"> |
| 595 | <code class="option">--trace-children-skip=patt1,patt2,... </code> |
| 596 | </span> |
| 597 | </dt> |
| 598 | <dd> |
| 599 | <p>This option only has an effect when |
| 600 | <code class="option">--trace-children=yes</code> is specified. It allows |
| 601 | for some children to be skipped. The option takes a comma |
| 602 | separated list of patterns for the names of child executables |
| 603 | that Valgrind should not trace into. Patterns may include the |
| 604 | metacharacters <code class="computeroutput">?</code> |
| 605 | and <code class="computeroutput">*</code>, which have the usual |
| 606 | meaning.</p> |
| 607 | <p> |
| 608 | This can be useful for pruning uninteresting branches from a |
| 609 | tree of processes being run on Valgrind. But you should be |
| 610 | careful when using it. When Valgrind skips tracing into an |
| 611 | executable, it doesn't just skip tracing that executable, it |
| 612 | also skips tracing any of that executable's child processes. |
| 613 | In other words, the flag doesn't merely cause tracing to stop |
| 614 | at the specified executables -- it skips tracing of entire |
| 615 | process subtrees rooted at any of the specified |
| 616 | executables.</p> |
| 617 | </dd> |
| 618 | <dt> |
| 619 | <a name="opt.trace-children-skip-by-arg"></a><span class="term"> |
| 620 | <code class="option">--trace-children-skip-by-arg=patt1,patt2,... </code> |
| 621 | </span> |
| 622 | </dt> |
| 623 | <dd><p>This is the same as |
| 624 | <code class="option">--trace-children-skip</code>, with one difference: |
| 625 | the decision as to whether to trace into a child process is |
| 626 | made by examining the arguments to the child process, rather |
| 627 | than the name of its executable.</p></dd> |
| 628 | <dt> |
| 629 | <a name="opt.child-silent-after-fork"></a><span class="term"> |
| 630 | <code class="option">--child-silent-after-fork=<yes|no> [default: no] </code> |
| 631 | </span> |
| 632 | </dt> |
| 633 | <dd><p>When enabled, Valgrind will not show any debugging or |
| 634 | logging output for the child process resulting from |
| 635 | a <code class="varname">fork</code> call. This can make the output less |
| 636 | confusing (although more misleading) when dealing with processes |
| 637 | that create children. It is particularly useful in conjunction |
| 638 | with <code class="varname">--trace-children=</code>. Use of this option is also |
| 639 | strongly recommended if you are requesting XML output |
| 640 | (<code class="varname">--xml=yes</code>), since otherwise the XML from child and |
| 641 | parent may become mixed up, which usually makes it useless. |
| 642 | </p></dd> |
| 643 | <dt> |
| 644 | <a name="opt.vgdb"></a><span class="term"> |
| 645 | <code class="option">--vgdb=<no|yes|full> [default: yes] </code> |
| 646 | </span> |
| 647 | </dt> |
| 648 | <dd> |
| 649 | <p>Valgrind will provide "gdbserver" functionality when |
| 650 | <code class="option">--vgdb=yes</code> or <code class="option">--vgdb=full</code> is |
| 651 | specified. This allows an external GNU GDB debugger to control |
| 652 | and debug your program when it runs on Valgrind. |
| 653 | <code class="option">--vgdb=full</code> incurs significant performance |
| 654 | overheads, but provides more precise breakpoints and |
| 655 | watchpoints. See <a class="xref" href="manual-core-adv.html#manual-core-adv.gdbserver" title="3.2. Debugging your program using Valgrind gdbserver and GDB">Debugging your program using Valgrind's gdbserver and GDB</a> for |
| 656 | a detailed description. |
| 657 | </p> |
| 658 | <p> If the embedded gdbserver is enabled but no gdb is |
| 659 | currently being used, the <a class="xref" href="manual-core-adv.html#manual-core-adv.vgdb" title="3.2.9. vgdb command line options">vgdb</a> |
| 660 | command line utility can send "monitor commands" to Valgrind |
| 661 | from a shell. The Valgrind core provides a set of |
| 662 | <a class="xref" href="manual-core-adv.html#manual-core-adv.valgrind-monitor-commands" title="3.2.10. Valgrind monitor commands">Valgrind monitor commands</a>. A tool |
| 663 | can optionally provide tool specific monitor commands, which are |
| 664 | documented in the tool specific chapter. |
| 665 | </p> |
| 666 | </dd> |
| 667 | <dt> |
| 668 | <a name="opt.vgdb-error"></a><span class="term"> |
| 669 | <code class="option">--vgdb-error=<number> [default: 999999999] </code> |
| 670 | </span> |
| 671 | </dt> |
| 672 | <dd><p> Use this option when the Valgrind gdbserver is enabled with |
| 673 | <code class="option">--vgdb=yes</code> or <code class="option">--vgdb=full</code>. |
| 674 | Tools that report errors will wait |
| 675 | for "<code class="computeroutput">number</code>" errors to be |
| 676 | reported before freezing the program and waiting for you to |
| 677 | connect with GDB. It follows that a value of zero will cause |
| 678 | the gdbserver to be started before your program is executed. |
| 679 | This is typically used to insert GDB breakpoints before |
| 680 | execution, and also works with tools that do not report |
| 681 | errors, such as Massif. |
| 682 | </p></dd> |
| 683 | <dt> |
| 684 | <a name="opt.vgdb-stop-at"></a><span class="term"> |
| 685 | <code class="option">--vgdb-stop-at=<set> [default: none] </code> |
| 686 | </span> |
| 687 | </dt> |
| 688 | <dd> |
| 689 | <p> Use this option when the Valgrind gdbserver is enabled with |
| 690 | <code class="option">--vgdb=yes</code> or <code class="option">--vgdb=full</code>. |
| 691 | The Valgrind gdbserver will be invoked for each error after |
| 692 | <code class="option">--vgdb-error</code> have been reported. |
| 693 | You can additionally ask the Valgrind gdbserver to be invoked |
| 694 | for other events, specified in one of the following ways: </p> |
| 695 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> |
| 696 | <li class="listitem"> |
| 697 | <p>a comma separated list of one or more of |
| 698 | <code class="option">startup exit valgrindabexit</code>.</p> |
| 699 | <p>The values <code class="option">startup</code> <code class="option">exit</code> |
| 700 | <code class="option">valgrindabexit</code> respectively indicate to |
| 701 | invoke gdbserver before your program is executed, after the |
| 702 | last instruction of your program, on Valgrind abnormal exit |
| 703 | (e.g. internal error, out of memory, ...).</p> |
| 704 | <p>Note: <code class="option">startup</code> and |
| 705 | <code class="option">--vgdb-error=0</code> will both cause Valgrind |
| 706 | gdbserver to be invoked before your program is executed. The |
| 707 | <code class="option">--vgdb-error=0</code> will in addition cause your |
| 708 | program to stop on all subsequent errors.</p> |
| 709 | </li> |
| 710 | <li class="listitem"><p><code class="option">all</code> to specify the complete set. |
| 711 | It is equivalent to |
| 712 | <code class="option">--vgdb-stop-at=startup,exit,valgrindabexit</code>.</p></li> |
| 713 | <li class="listitem"><p><code class="option">none</code> for the empty set.</p></li> |
| 714 | </ul></div> |
| 715 | </dd> |
| 716 | <dt> |
| 717 | <a name="opt.track-fds"></a><span class="term"> |
| 718 | <code class="option">--track-fds=<yes|no> [default: no] </code> |
| 719 | </span> |
| 720 | </dt> |
| 721 | <dd><p>When enabled, Valgrind will print out a list of open file |
| 722 | descriptors on exit or on request, via the gdbserver monitor |
| 723 | command <code class="varname">v.info open_fds</code>. Along with each |
| 724 | file descriptor is printed a stack backtrace of where the file |
| 725 | was opened and any details relating to the file descriptor such |
| 726 | as the file name or socket details.</p></dd> |
| 727 | <dt> |
| 728 | <a name="opt.time-stamp"></a><span class="term"> |
| 729 | <code class="option">--time-stamp=<yes|no> [default: no] </code> |
| 730 | </span> |
| 731 | </dt> |
| 732 | <dd><p>When enabled, each message is preceded with an indication of |
| 733 | the elapsed wallclock time since startup, expressed as days, |
| 734 | hours, minutes, seconds and milliseconds.</p></dd> |
| 735 | <dt> |
| 736 | <a name="opt.log-fd"></a><span class="term"> |
| 737 | <code class="option">--log-fd=<number> [default: 2, stderr] </code> |
| 738 | </span> |
| 739 | </dt> |
| 740 | <dd><p>Specifies that Valgrind should send all of its messages to |
| 741 | the specified file descriptor. The default, 2, is the standard |
| 742 | error channel (stderr). Note that this may interfere with the |
| 743 | client's own use of stderr, as Valgrind's output will be |
| 744 | interleaved with any output that the client sends to |
| 745 | stderr.</p></dd> |
| 746 | <dt> |
| 747 | <a name="opt.log-file"></a><span class="term"> |
| 748 | <code class="option">--log-file=<filename> </code> |
| 749 | </span> |
| 750 | </dt> |
| 751 | <dd> |
| 752 | <p>Specifies that Valgrind should send all of its messages to |
| 753 | the specified file. If the file name is empty, it causes an abort. |
| 754 | There are three special format specifiers that can be used in the file |
| 755 | name.</p> |
| 756 | <p><code class="option">%p</code> is replaced with the current process ID. |
| 757 | This is very useful for program that invoke multiple processes. |
| 758 | WARNING: If you use <code class="option">--trace-children=yes</code> and your |
| 759 | program invokes multiple processes OR your program forks without |
| 760 | calling exec afterwards, and you don't use this specifier |
| 761 | (or the <code class="option">%q</code> specifier below), the Valgrind output from |
| 762 | all those processes will go into one file, possibly jumbled up, and |
| 763 | possibly incomplete.</p> |
| 764 | <p><code class="option">%q{FOO}</code> is replaced with the contents of the |
| 765 | environment variable <code class="varname">FOO</code>. If the |
| 766 | <code class="option">{FOO}</code> part is malformed, it causes an abort. This |
| 767 | specifier is rarely needed, but very useful in certain circumstances |
| 768 | (eg. when running MPI programs). The idea is that you specify a |
| 769 | variable which will be set differently for each process in the job, |
| 770 | for example <code class="computeroutput">BPROC_RANK</code> or whatever is |
| 771 | applicable in your MPI setup. If the named environment variable is not |
| 772 | set, it causes an abort. Note that in some shells, the |
| 773 | <code class="option">{</code> and <code class="option">}</code> characters may need to be |
| 774 | escaped with a backslash.</p> |
| 775 | <p><code class="option">%%</code> is replaced with <code class="option">%</code>.</p> |
| 776 | <p>If an <code class="option">%</code> is followed by any other character, it |
| 777 | causes an abort.</p> |
| 778 | <p>If the file name specifies a relative file name, it is put |
| 779 | in the program's initial working directory : this is the current |
| 780 | directory when the program started its execution after the fork |
| 781 | or after the exec. If it specifies an absolute file name (ie. |
| 782 | starts with '/') then it is put there. |
| 783 | </p> |
| 784 | </dd> |
| 785 | <dt> |
| 786 | <a name="opt.log-socket"></a><span class="term"> |
| 787 | <code class="option">--log-socket=<ip-address:port-number> </code> |
| 788 | </span> |
| 789 | </dt> |
| 790 | <dd><p>Specifies that Valgrind should send all of its messages to |
| 791 | the specified port at the specified IP address. The port may be |
| 792 | omitted, in which case port 1500 is used. If a connection cannot |
| 793 | be made to the specified socket, Valgrind falls back to writing |
| 794 | output to the standard error (stderr). This option is intended to |
| 795 | be used in conjunction with the |
| 796 | <code class="computeroutput">valgrind-listener</code> program. For |
| 797 | further details, see |
| 798 | <a class="link" href="manual-core.html#manual-core.comment" title="2.3. The Commentary">the commentary</a> |
| 799 | in the manual.</p></dd> |
| 800 | </dl> |
| 801 | </div> |
| 802 | </div> |
| 803 | <div class="sect2"> |
| 804 | <div class="titlepage"><div><div><h3 class="title"> |
| 805 | <a name="manual-core.erropts"></a>2.6.3. Error-related Options</h3></div></div></div> |
| 806 | <p><a name="error-related.opts.para"></a>These options are used by all tools |
| 807 | that can report errors, e.g. Memcheck, but not Cachegrind.</p> |
| 808 | <div class="variablelist"> |
| 809 | <a name="error-related.opts.list"></a><dl class="variablelist"> |
| 810 | <dt> |
| 811 | <a name="opt.xml"></a><span class="term"> |
| 812 | <code class="option">--xml=<yes|no> [default: no] </code> |
| 813 | </span> |
| 814 | </dt> |
| 815 | <dd> |
| 816 | <p>When enabled, the important parts of the output (e.g. tool error |
| 817 | messages) will be in XML format rather than plain text. Furthermore, |
| 818 | the XML output will be sent to a different output channel than the |
| 819 | plain text output. Therefore, you also must use one of |
| 820 | <code class="option">--xml-fd</code>, <code class="option">--xml-file</code> or |
| 821 | <code class="option">--xml-socket</code> to specify where the XML is to be sent. |
| 822 | </p> |
| 823 | <p>Less important messages will still be printed in plain text, but |
| 824 | because the XML output and plain text output are sent to different |
| 825 | output channels (the destination of the plain text output is still |
| 826 | controlled by <code class="option">--log-fd</code>, <code class="option">--log-file</code> |
| 827 | and <code class="option">--log-socket</code>) this should not cause problems. |
| 828 | </p> |
| 829 | <p>This option is aimed at making life easier for tools that consume |
| 830 | Valgrind's output as input, such as GUI front ends. Currently this |
| 831 | option works with Memcheck, Helgrind, DRD and SGcheck. The output |
| 832 | format is specified in the file |
| 833 | <code class="computeroutput">docs/internals/xml-output-protocol4.txt</code> |
| 834 | in the source tree for Valgrind 3.5.0 or later.</p> |
| 835 | <p>The recommended options for a GUI to pass, when requesting |
| 836 | XML output, are: <code class="option">--xml=yes</code> to enable XML output, |
| 837 | <code class="option">--xml-file</code> to send the XML output to a (presumably |
| 838 | GUI-selected) file, <code class="option">--log-file</code> to send the plain |
| 839 | text output to a second GUI-selected file, |
| 840 | <code class="option">--child-silent-after-fork=yes</code>, and |
| 841 | <code class="option">-q</code> to restrict the plain text output to critical |
| 842 | error messages created by Valgrind itself. For example, failure to |
| 843 | read a specified suppressions file counts as a critical error message. |
| 844 | In this way, for a successful run the text output file will be empty. |
| 845 | But if it isn't empty, then it will contain important information |
| 846 | which the GUI user should be made aware |
| 847 | of.</p> |
| 848 | </dd> |
| 849 | <dt> |
| 850 | <a name="opt.xml-fd"></a><span class="term"> |
| 851 | <code class="option">--xml-fd=<number> [default: -1, disabled] </code> |
| 852 | </span> |
| 853 | </dt> |
| 854 | <dd><p>Specifies that Valgrind should send its XML output to the |
| 855 | specified file descriptor. It must be used in conjunction with |
| 856 | <code class="option">--xml=yes</code>.</p></dd> |
| 857 | <dt> |
| 858 | <a name="opt.xml-file"></a><span class="term"> |
| 859 | <code class="option">--xml-file=<filename> </code> |
| 860 | </span> |
| 861 | </dt> |
| 862 | <dd><p>Specifies that Valgrind should send its XML output |
| 863 | to the specified file. It must be used in conjunction with |
| 864 | <code class="option">--xml=yes</code>. Any <code class="option">%p</code> or |
| 865 | <code class="option">%q</code> sequences appearing in the filename are expanded |
| 866 | in exactly the same way as they are for <code class="option">--log-file</code>. |
| 867 | See the description of <code class="option">--log-file</code> for details. |
| 868 | </p></dd> |
| 869 | <dt> |
| 870 | <a name="opt.xml-socket"></a><span class="term"> |
| 871 | <code class="option">--xml-socket=<ip-address:port-number> </code> |
| 872 | </span> |
| 873 | </dt> |
| 874 | <dd><p>Specifies that Valgrind should send its XML output the |
| 875 | specified port at the specified IP address. It must be used in |
| 876 | conjunction with <code class="option">--xml=yes</code>. The form of the argument |
| 877 | is the same as that used by <code class="option">--log-socket</code>. |
| 878 | See the description of <code class="option">--log-socket</code> |
| 879 | for further details.</p></dd> |
| 880 | <dt> |
| 881 | <a name="opt.xml-user-comment"></a><span class="term"> |
| 882 | <code class="option">--xml-user-comment=<string> </code> |
| 883 | </span> |
| 884 | </dt> |
| 885 | <dd><p>Embeds an extra user comment string at the start of the XML |
| 886 | output. Only works when <code class="option">--xml=yes</code> is specified; |
| 887 | ignored otherwise.</p></dd> |
| 888 | <dt> |
| 889 | <a name="opt.demangle"></a><span class="term"> |
| 890 | <code class="option">--demangle=<yes|no> [default: yes] </code> |
| 891 | </span> |
| 892 | </dt> |
| 893 | <dd> |
| 894 | <p>Enable/disable automatic demangling (decoding) of C++ names. |
| 895 | Enabled by default. When enabled, Valgrind will attempt to |
| 896 | translate encoded C++ names back to something approaching the |
| 897 | original. The demangler handles symbols mangled by g++ versions |
| 898 | 2.X, 3.X and 4.X.</p> |
| 899 | <p>An important fact about demangling is that function names |
| 900 | mentioned in suppressions files should be in their mangled form. |
| 901 | Valgrind does not demangle function names when searching for |
| 902 | applicable suppressions, because to do otherwise would make |
| 903 | suppression file contents dependent on the state of Valgrind's |
| 904 | demangling machinery, and also slow down suppression matching.</p> |
| 905 | </dd> |
| 906 | <dt> |
| 907 | <a name="opt.num-callers"></a><span class="term"> |
| 908 | <code class="option">--num-callers=<number> [default: 12] </code> |
| 909 | </span> |
| 910 | </dt> |
| 911 | <dd> |
| 912 | <p>Specifies the maximum number of entries shown in stack traces |
| 913 | that identify program locations. Note that errors are commoned up |
| 914 | using only the top four function locations (the place in the current |
| 915 | function, and that of its three immediate callers). So this doesn't |
| 916 | affect the total number of errors reported.</p> |
| 917 | <p>The maximum value for this is 500. Note that higher settings |
| 918 | will make Valgrind run a bit more slowly and take a bit more |
| 919 | memory, but can be useful when working with programs with |
| 920 | deeply-nested call chains.</p> |
| 921 | </dd> |
| 922 | <dt> |
| 923 | <a name="opt.unw-stack-scan-thresh"></a><span class="term"> |
| 924 | <code class="option">--unw-stack-scan-thresh=<number> [default: 0] </code> |
| 925 | , </span><span class="term"> |
| 926 | <code class="option">--unw-stack-scan-frames=<number> [default: 5] </code> |
| 927 | </span> |
| 928 | </dt> |
| 929 | <dd> |
| 930 | <p>Stack-scanning support is available only on ARM |
| 931 | targets.</p> |
| 932 | <p>These flags enable and control stack unwinding by stack |
| 933 | scanning. When the normal stack unwinding mechanisms -- usage |
| 934 | of Dwarf CFI records, and frame-pointer following -- fail, stack |
| 935 | scanning may be able to recover a stack trace.</p> |
| 936 | <p>Note that stack scanning is an imprecise, heuristic |
| 937 | mechanism that may give very misleading results, or none at all. |
| 938 | It should be used only in emergencies, when normal unwinding |
| 939 | fails, and it is important to nevertheless have stack |
| 940 | traces.</p> |
| 941 | <p>Stack scanning is a simple technique: the unwinder reads |
| 942 | words from the stack, and tries to guess which of them might be |
| 943 | return addresses, by checking to see if they point just after |
| 944 | ARM or Thumb call instructions. If so, the word is added to the |
| 945 | backtrace.</p> |
| 946 | <p>The main danger occurs when a function call returns, |
| 947 | leaving its return address exposed, and a new function is |
| 948 | called, but the new function does not overwrite the old address. |
| 949 | The result of this is that the backtrace may contain entries for |
| 950 | functions which have already returned, and so be very |
| 951 | confusing.</p> |
| 952 | <p>A second limitation of this implementation is that it will |
| 953 | scan only the page (4KB, normally) containing the starting stack |
| 954 | pointer. If the stack frames are large, this may result in only |
| 955 | a few (or not even any) being present in the trace. Also, if |
| 956 | you are unlucky and have an initial stack pointer near the end |
| 957 | of its containing page, the scan may miss all interesting |
| 958 | frames.</p> |
| 959 | <p>By default stack scanning is disabled. The normal use |
| 960 | case is to ask for it when a stack trace would otherwise be very |
| 961 | short. So, to enable it, |
| 962 | use <code class="computeroutput">--unw-stack-scan-thresh=number</code>. |
| 963 | This requests Valgrind to try using stack scanning to "extend" |
| 964 | stack traces which contain fewer |
| 965 | than <code class="computeroutput">number</code> frames.</p> |
| 966 | <p>If stack scanning does take place, it will only generate |
| 967 | at most the number of frames specified |
| 968 | by <code class="computeroutput">--unw-stack-scan-frames</code>. |
| 969 | Typically, stack scanning generates so many garbage entries that |
| 970 | this value is set to a low value (5) by default. In no case |
| 971 | will a stack trace larger than the value specified |
| 972 | by <code class="computeroutput">--num-callers</code> be |
| 973 | created.</p> |
| 974 | </dd> |
| 975 | <dt> |
| 976 | <a name="opt.error-limit"></a><span class="term"> |
| 977 | <code class="option">--error-limit=<yes|no> [default: yes] </code> |
| 978 | </span> |
| 979 | </dt> |
| 980 | <dd><p>When enabled, Valgrind stops reporting errors after 10,000,000 |
| 981 | in total, or 1,000 different ones, have been seen. This is to |
| 982 | stop the error tracking machinery from becoming a huge performance |
| 983 | overhead in programs with many errors.</p></dd> |
| 984 | <dt> |
| 985 | <a name="opt.error-exitcode"></a><span class="term"> |
| 986 | <code class="option">--error-exitcode=<number> [default: 0] </code> |
| 987 | </span> |
| 988 | </dt> |
| 989 | <dd><p>Specifies an alternative exit code to return if Valgrind |
| 990 | reported any errors in the run. When set to the default value |
| 991 | (zero), the return value from Valgrind will always be the return |
| 992 | value of the process being simulated. When set to a nonzero value, |
| 993 | that value is returned instead, if Valgrind detects any errors. |
| 994 | This is useful for using Valgrind as part of an automated test |
| 995 | suite, since it makes it easy to detect test cases for which |
| 996 | Valgrind has reported errors, just by inspecting return codes.</p></dd> |
| 997 | <dt> |
| 998 | <a name="opt.error-markers"></a><span class="term"> |
| 999 | <code class="option">--error-markers=<begin>,<end> [default: none]</code> |
| 1000 | </span> |
| 1001 | </dt> |
| 1002 | <dd> |
| 1003 | <p>When errors are output as plain text (i.e. XML not used), |
| 1004 | <code class="option">--error-markers</code> instructs to output a line |
| 1005 | containing the <code class="option">begin</code> (<code class="option">end</code>) |
| 1006 | string before (after) each error. </p> |
| 1007 | <p> Such marker lines facilitate searching for errors and/or |
| 1008 | extracting errors in an output file that contain valgrind errors mixed |
| 1009 | with the program output. </p> |
| 1010 | <p> Note that empty markers are accepted. So, only using a begin |
| 1011 | (or an end) marker is possible.</p> |
| 1012 | </dd> |
| 1013 | <dt> |
| 1014 | <a name="opt.sigill-diagnostics"></a><span class="term"> |
| 1015 | <code class="option">--sigill-diagnostics=<yes|no> [default: yes] </code> |
| 1016 | </span> |
| 1017 | </dt> |
| 1018 | <dd> |
| 1019 | <p>Enable/disable printing of illegal instruction diagnostics. |
| 1020 | Enabled by default, but defaults to disabled when |
| 1021 | <code class="option">--quiet</code> is given. The default can always be explicitly |
| 1022 | overridden by giving this option.</p> |
| 1023 | <p>When enabled, a warning message will be printed, along with some |
| 1024 | diagnostics, whenever an instruction is encountered that Valgrind |
| 1025 | cannot decode or translate, before the program is given a SIGILL signal. |
| 1026 | Often an illegal instruction indicates a bug in the program or missing |
| 1027 | support for the particular instruction in Valgrind. But some programs |
| 1028 | do deliberately try to execute an instruction that might be missing |
| 1029 | and trap the SIGILL signal to detect processor features. Using |
| 1030 | this flag makes it possible to avoid the diagnostic output |
| 1031 | that you would otherwise get in such cases.</p> |
| 1032 | </dd> |
| 1033 | <dt> |
| 1034 | <a name="opt.show-below-main"></a><span class="term"> |
| 1035 | <code class="option">--show-below-main=<yes|no> [default: no] </code> |
| 1036 | </span> |
| 1037 | </dt> |
| 1038 | <dd> |
| 1039 | <p>By default, stack traces for errors do not show any |
| 1040 | functions that appear beneath <code class="function">main</code> because |
| 1041 | most of the time it's uninteresting C library stuff and/or |
| 1042 | gobbledygook. Alternatively, if <code class="function">main</code> is not |
| 1043 | present in the stack trace, stack traces will not show any functions |
| 1044 | below <code class="function">main</code>-like functions such as glibc's |
| 1045 | <code class="function">__libc_start_main</code>. Furthermore, if |
| 1046 | <code class="function">main</code>-like functions are present in the trace, |
| 1047 | they are normalised as <code class="function">(below main)</code>, in order to |
| 1048 | make the output more deterministic.</p> |
| 1049 | <p>If this option is enabled, all stack trace entries will be |
| 1050 | shown and <code class="function">main</code>-like functions will not be |
| 1051 | normalised.</p> |
| 1052 | </dd> |
| 1053 | <dt> |
| 1054 | <a name="opt.fullpath-after"></a><span class="term"> |
| 1055 | <code class="option">--fullpath-after=<string> |
| 1056 | [default: don't show source paths] </code> |
| 1057 | </span> |
| 1058 | </dt> |
| 1059 | <dd> |
| 1060 | <p>By default Valgrind only shows the filenames in stack |
| 1061 | traces, but not full paths to source files. When using Valgrind |
| 1062 | in large projects where the sources reside in multiple different |
| 1063 | directories, this can be inconvenient. |
| 1064 | <code class="option">--fullpath-after</code> provides a flexible solution |
| 1065 | to this problem. When this option is present, the path to each |
| 1066 | source file is shown, with the following all-important caveat: |
| 1067 | if <code class="option">string</code> is found in the path, then the path |
| 1068 | up to and including <code class="option">string</code> is omitted, else the |
| 1069 | path is shown unmodified. Note that <code class="option">string</code> is |
| 1070 | not required to be a prefix of the path.</p> |
| 1071 | <p>For example, consider a file named |
| 1072 | <code class="computeroutput">/home/janedoe/blah/src/foo/bar/xyzzy.c</code>. |
| 1073 | Specifying <code class="option">--fullpath-after=/home/janedoe/blah/src/</code> |
| 1074 | will cause Valgrind to show the name |
| 1075 | as <code class="computeroutput">foo/bar/xyzzy.c</code>.</p> |
| 1076 | <p>Because the string is not required to be a prefix, |
| 1077 | <code class="option">--fullpath-after=src/</code> will produce the same |
| 1078 | output. This is useful when the path contains arbitrary |
| 1079 | machine-generated characters. For example, the |
| 1080 | path |
| 1081 | <code class="computeroutput">/my/build/dir/C32A1B47/blah/src/foo/xyzzy</code> |
| 1082 | can be pruned to <code class="computeroutput">foo/xyzzy</code> |
| 1083 | using |
| 1084 | <code class="option">--fullpath-after=/blah/src/</code>.</p> |
| 1085 | <p>If you simply want to see the full path, just specify an |
| 1086 | empty string: <code class="option">--fullpath-after=</code>. This isn't a |
| 1087 | special case, merely a logical consequence of the above rules.</p> |
| 1088 | <p>Finally, you can use <code class="option">--fullpath-after</code> |
| 1089 | multiple times. Any appearance of it causes Valgrind to switch |
| 1090 | to producing full paths and applying the above filtering rule. |
| 1091 | Each produced path is compared against all |
| 1092 | the <code class="option">--fullpath-after</code>-specified strings, in the |
| 1093 | order specified. The first string to match causes the path to |
| 1094 | be truncated as described above. If none match, the full path |
| 1095 | is shown. This facilitates chopping off prefixes when the |
| 1096 | sources are drawn from a number of unrelated directories. |
| 1097 | </p> |
| 1098 | </dd> |
| 1099 | <dt> |
| 1100 | <a name="opt.extra-debuginfo-path"></a><span class="term"> |
| 1101 | <code class="option">--extra-debuginfo-path=<path> [default: undefined and unused] </code> |
| 1102 | </span> |
| 1103 | </dt> |
| 1104 | <dd> |
| 1105 | <p>By default Valgrind searches in several well-known paths |
| 1106 | for debug objects, such |
| 1107 | as <code class="computeroutput">/usr/lib/debug/</code>.</p> |
| 1108 | <p>However, there may be scenarios where you may wish to put |
| 1109 | debug objects at an arbitrary location, such as external storage |
| 1110 | when running Valgrind on a mobile device with limited local |
| 1111 | storage. Another example might be a situation where you do not |
| 1112 | have permission to install debug object packages on the system |
| 1113 | where you are running Valgrind.</p> |
| 1114 | <p>In these scenarios, you may provide an absolute path as an extra, |
| 1115 | final place for Valgrind to search for debug objects by specifying |
| 1116 | <code class="option">--extra-debuginfo-path=/path/to/debug/objects</code>. |
| 1117 | The given path will be prepended to the absolute path name of |
| 1118 | the searched-for object. For example, if Valgrind is looking |
| 1119 | for the debuginfo |
| 1120 | for <code class="computeroutput">/w/x/y/zz.so</code> |
| 1121 | and <code class="option">--extra-debuginfo-path=/a/b/c</code> is specified, |
| 1122 | it will look for a debug object at |
| 1123 | <code class="computeroutput">/a/b/c/w/x/y/zz.so</code>.</p> |
| 1124 | <p>This flag should only be specified once. If it is |
| 1125 | specified multiple times, only the last instance is |
| 1126 | honoured.</p> |
| 1127 | </dd> |
| 1128 | <dt> |
| 1129 | <a name="opt.debuginfo-server"></a><span class="term"> |
| 1130 | <code class="option">--debuginfo-server=ipaddr:port [default: undefined and unused]</code> |
| 1131 | </span> |
| 1132 | </dt> |
| 1133 | <dd> |
| 1134 | <p>This is a new, experimental, feature introduced in version |
| 1135 | 3.9.0.</p> |
| 1136 | <p>In some scenarios it may be convenient to read debuginfo |
| 1137 | from objects stored on a different machine. With this flag, |
| 1138 | Valgrind will query a debuginfo server running |
| 1139 | on <code class="computeroutput">ipaddr</code> and listening on |
| 1140 | port <code class="computeroutput">port</code>, if it cannot find |
| 1141 | the debuginfo object in the local filesystem.</p> |
| 1142 | <p>The debuginfo server must accept TCP connections on |
| 1143 | port <code class="computeroutput">port</code>. The debuginfo |
| 1144 | server is contained in the source |
| 1145 | file <code class="computeroutput">auxprogs/valgrind-di-server.c</code>. |
| 1146 | It will only serve from the directory it is started |
| 1147 | in. <code class="computeroutput">port</code> defaults to 1500 in |
| 1148 | both client and server if not specified.</p> |
| 1149 | <p>If Valgrind looks for the debuginfo for |
| 1150 | <code class="computeroutput">/w/x/y/zz.so</code> by using the |
| 1151 | debuginfo server, it will strip the pathname components and |
| 1152 | merely request <code class="computeroutput">zz.so</code> on the |
| 1153 | server. That in turn will look only in its current working |
| 1154 | directory for a matching debuginfo object.</p> |
| 1155 | <p>The debuginfo data is transmitted in small fragments (8 |
| 1156 | KB) as requested by Valgrind. Each block is compressed using |
| 1157 | LZO to reduce transmission time. The implementation has been |
| 1158 | tuned for best performance over a single-stage 802.11g (WiFi) |
| 1159 | network link.</p> |
| 1160 | <p>Note that checks for matching primary vs debug objects, |
| 1161 | using GNU debuglink CRC scheme, are performed even when using |
| 1162 | the debuginfo server. To disable such checking, you need to |
| 1163 | also specify |
| 1164 | <code class="computeroutput">--allow-mismatched-debuginfo=yes</code>. |
| 1165 | </p> |
| 1166 | <p>By default the Valgrind build system will |
| 1167 | build <code class="computeroutput">valgrind-di-server</code> for |
| 1168 | the target platform, which is almost certainly not what you |
| 1169 | want. So far we have been unable to find out how to get |
| 1170 | automake/autoconf to build it for the build platform. If |
| 1171 | you want to use it, you will have to recompile it by hand using |
| 1172 | the command shown at the top |
| 1173 | of <code class="computeroutput">auxprogs/valgrind-di-server.c</code>.</p> |
| 1174 | </dd> |
| 1175 | <dt> |
| 1176 | <a name="opt.allow-mismatched-debuginfo"></a><span class="term"> |
| 1177 | <code class="option">--allow-mismatched-debuginfo=no|yes [no] </code> |
| 1178 | </span> |
| 1179 | </dt> |
| 1180 | <dd> |
| 1181 | <p>When reading debuginfo from separate debuginfo objects, |
| 1182 | Valgrind will by default check that the main and debuginfo |
| 1183 | objects match, using the GNU debuglink mechanism. This |
| 1184 | guarantees that it does not read debuginfo from out of date |
| 1185 | debuginfo objects, and also ensures that Valgrind can't crash as |
| 1186 | a result of mismatches.</p> |
| 1187 | <p>This check can be overridden using |
| 1188 | <code class="computeroutput">--allow-mismatched-debuginfo=yes</code>. |
| 1189 | This may be useful when the debuginfo and main objects have not |
| 1190 | been split in the proper way. Be careful when using this, |
| 1191 | though: it disables all consistency checking, and Valgrind has |
| 1192 | been observed to crash when the main and debuginfo objects don't |
| 1193 | match.</p> |
| 1194 | </dd> |
| 1195 | <dt> |
| 1196 | <a name="opt.suppressions"></a><span class="term"> |
| 1197 | <code class="option">--suppressions=<filename> [default: $PREFIX/lib/valgrind/default.supp] </code> |
| 1198 | </span> |
| 1199 | </dt> |
| 1200 | <dd><p>Specifies an extra file from which to read descriptions of |
| 1201 | errors to suppress. You may use up to 100 extra suppression |
| 1202 | files.</p></dd> |
| 1203 | <dt> |
| 1204 | <a name="opt.gen-suppressions"></a><span class="term"> |
| 1205 | <code class="option">--gen-suppressions=<yes|no|all> [default: no] </code> |
| 1206 | </span> |
| 1207 | </dt> |
| 1208 | <dd> |
| 1209 | <p>When set to <code class="varname">yes</code>, Valgrind will pause |
| 1210 | after every error shown and print the line: |
| 1211 | </p> |
| 1212 | <div class="literallayout"><p><code class="computeroutput"> ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ----</code></p></div> |
| 1213 | <p> |
| 1214 | |
| 1215 | Pressing <code class="varname">Ret</code>, or <code class="varname">N Ret</code> or |
| 1216 | <code class="varname">n Ret</code>, causes Valgrind continue execution without |
| 1217 | printing a suppression for this error.</p> |
| 1218 | <p>Pressing <code class="varname">Y Ret</code> or |
| 1219 | <code class="varname">y Ret</code> causes Valgrind to write a suppression |
| 1220 | for this error. You can then cut and paste it into a suppression file |
| 1221 | if you don't want to hear about the error in the future.</p> |
| 1222 | <p>When set to <code class="varname">all</code>, Valgrind will print a |
| 1223 | suppression for every reported error, without querying the |
| 1224 | user.</p> |
| 1225 | <p>This option is particularly useful with C++ programs, as it |
| 1226 | prints out the suppressions with mangled names, as |
| 1227 | required.</p> |
| 1228 | <p>Note that the suppressions printed are as specific as |
| 1229 | possible. You may want to common up similar ones, by adding |
| 1230 | wildcards to function names, and by using frame-level wildcards. |
| 1231 | The wildcarding facilities are powerful yet flexible, and with a |
| 1232 | bit of careful editing, you may be able to suppress a whole |
| 1233 | family of related errors with only a few suppressions. |
| 1234 | |
| 1235 | </p> |
| 1236 | <p>Sometimes two different errors |
| 1237 | are suppressed by the same suppression, in which case Valgrind |
| 1238 | will output the suppression more than once, but you only need to |
| 1239 | have one copy in your suppression file (but having more than one |
| 1240 | won't cause problems). Also, the suppression name is given as |
| 1241 | <code class="computeroutput"><insert a suppression name |
| 1242 | here></code>; the name doesn't really matter, it's |
| 1243 | only used with the <code class="option">-v</code> option which prints out all |
| 1244 | used suppression records.</p> |
| 1245 | </dd> |
| 1246 | <dt> |
| 1247 | <a name="opt.input-fd"></a><span class="term"> |
| 1248 | <code class="option">--input-fd=<number> [default: 0, stdin] </code> |
| 1249 | </span> |
| 1250 | </dt> |
| 1251 | <dd><p>When using |
| 1252 | <code class="option">--gen-suppressions=yes</code>, Valgrind will stop so as |
| 1253 | to read keyboard input from you when each error occurs. By |
| 1254 | default it reads from the standard input (stdin), which is |
| 1255 | problematic for programs which close stdin. This option allows |
| 1256 | you to specify an alternative file descriptor from which to read |
| 1257 | input.</p></dd> |
| 1258 | <dt> |
| 1259 | <a name="opt.dsymutil"></a><span class="term"> |
| 1260 | <code class="option">--dsymutil=no|yes [yes] </code> |
| 1261 | </span> |
| 1262 | </dt> |
| 1263 | <dd> |
| 1264 | <p>This option is only relevant when running Valgrind on |
| 1265 | Mac OS X.</p> |
| 1266 | <p>Mac OS X uses a deferred debug information (debuginfo) |
| 1267 | linking scheme. When object files containing debuginfo are |
| 1268 | linked into a <code class="computeroutput">.dylib</code> or an |
| 1269 | executable, the debuginfo is not copied into the final file. |
| 1270 | Instead, the debuginfo must be linked manually by |
| 1271 | running <code class="computeroutput">dsymutil</code>, a |
| 1272 | system-provided utility, on the executable |
| 1273 | or <code class="computeroutput">.dylib</code>. The resulting |
| 1274 | combined debuginfo is placed in a directory alongside the |
| 1275 | executable or <code class="computeroutput">.dylib</code>, but with |
| 1276 | the extension <code class="computeroutput">.dSYM</code>.</p> |
| 1277 | <p>With <code class="option">--dsymutil=no</code>, Valgrind |
| 1278 | will detect cases where the |
| 1279 | <code class="computeroutput">.dSYM</code> directory is either |
| 1280 | missing, or is present but does not appear to match the |
| 1281 | associated executable or <code class="computeroutput">.dylib</code>, |
| 1282 | most likely because it is out of date. In these cases, Valgrind |
| 1283 | will print a warning message but take no further action.</p> |
| 1284 | <p>With <code class="option">--dsymutil=yes</code>, Valgrind |
| 1285 | will, in such cases, automatically |
| 1286 | run <code class="computeroutput">dsymutil</code> as necessary to |
| 1287 | bring the debuginfo up to date. For all practical purposes, if |
| 1288 | you always use <code class="option">--dsymutil=yes</code>, then |
| 1289 | there is never any need to |
| 1290 | run <code class="computeroutput">dsymutil</code> manually or as part |
| 1291 | of your applications's build system, since Valgrind will run it |
| 1292 | as necessary.</p> |
| 1293 | <p>Valgrind will not attempt to |
| 1294 | run <code class="computeroutput">dsymutil</code> on any |
| 1295 | executable or library in |
| 1296 | <code class="computeroutput">/usr/</code>, |
| 1297 | <code class="computeroutput">/bin/</code>, |
| 1298 | <code class="computeroutput">/sbin/</code>, |
| 1299 | <code class="computeroutput">/opt/</code>, |
| 1300 | <code class="computeroutput">/sw/</code>, |
| 1301 | <code class="computeroutput">/System/</code>, |
| 1302 | <code class="computeroutput">/Library/</code> or |
| 1303 | <code class="computeroutput">/Applications/</code> |
| 1304 | since <code class="computeroutput">dsymutil</code> will always fail |
| 1305 | in such situations. It fails both because the debuginfo for |
| 1306 | such pre-installed system components is not available anywhere, |
| 1307 | and also because it would require write privileges in those |
| 1308 | directories.</p> |
| 1309 | <p>Be careful when |
| 1310 | using <code class="option">--dsymutil=yes</code>, since it will |
| 1311 | cause pre-existing <code class="computeroutput">.dSYM</code> |
| 1312 | directories to be silently deleted and re-created. Also note that |
| 1313 | <code class="computeroutput">dsymutil</code> is quite slow, sometimes |
| 1314 | excessively so.</p> |
| 1315 | </dd> |
| 1316 | <dt> |
| 1317 | <a name="opt.max-stackframe"></a><span class="term"> |
| 1318 | <code class="option">--max-stackframe=<number> [default: 2000000] </code> |
| 1319 | </span> |
| 1320 | </dt> |
| 1321 | <dd> |
| 1322 | <p>The maximum size of a stack frame. If the stack pointer moves by |
| 1323 | more than this amount then Valgrind will assume that |
| 1324 | the program is switching to a different stack.</p> |
| 1325 | <p>You may need to use this option if your program has large |
| 1326 | stack-allocated arrays. Valgrind keeps track of your program's |
| 1327 | stack pointer. If it changes by more than the threshold amount, |
| 1328 | Valgrind assumes your program is switching to a different stack, |
| 1329 | and Memcheck behaves differently than it would for a stack pointer |
| 1330 | change smaller than the threshold. Usually this heuristic works |
| 1331 | well. However, if your program allocates large structures on the |
| 1332 | stack, this heuristic will be fooled, and Memcheck will |
| 1333 | subsequently report large numbers of invalid stack accesses. This |
| 1334 | option allows you to change the threshold to a different |
| 1335 | value.</p> |
| 1336 | <p>You should only consider use of this option if Valgrind's |
| 1337 | debug output directs you to do so. In that case it will tell you |
| 1338 | the new threshold you should specify.</p> |
| 1339 | <p>In general, allocating large structures on the stack is a |
| 1340 | bad idea, because you can easily run out of stack space, |
| 1341 | especially on systems with limited memory or which expect to |
| 1342 | support large numbers of threads each with a small stack, and also |
| 1343 | because the error checking performed by Memcheck is more effective |
| 1344 | for heap-allocated data than for stack-allocated data. If you |
| 1345 | have to use this option, you may wish to consider rewriting your |
| 1346 | code to allocate on the heap rather than on the stack.</p> |
| 1347 | </dd> |
| 1348 | <dt> |
| 1349 | <a name="opt.main-stacksize"></a><span class="term"> |
| 1350 | <code class="option">--main-stacksize=<number> |
| 1351 | [default: use current 'ulimit' value] </code> |
| 1352 | </span> |
| 1353 | </dt> |
| 1354 | <dd> |
| 1355 | <p>Specifies the size of the main thread's stack.</p> |
| 1356 | <p>To simplify its memory management, Valgrind reserves all |
| 1357 | required space for the main thread's stack at startup. That |
| 1358 | means it needs to know the required stack size at |
| 1359 | startup.</p> |
| 1360 | <p>By default, Valgrind uses the current "ulimit" value for |
| 1361 | the stack size, or 16 MB, whichever is lower. In many cases |
| 1362 | this gives a stack size in the range 8 to 16 MB, which almost |
| 1363 | never overflows for most applications.</p> |
| 1364 | <p>If you need a larger total stack size, |
| 1365 | use <code class="option">--main-stacksize</code> to specify it. Only set |
| 1366 | it as high as you need, since reserving far more space than you |
| 1367 | need (that is, hundreds of megabytes more than you need) |
| 1368 | constrains Valgrind's memory allocators and may reduce the total |
| 1369 | amount of memory that Valgrind can use. This is only really of |
| 1370 | significance on 32-bit machines.</p> |
| 1371 | <p>On Linux, you may request a stack of size up to 2GB. |
| 1372 | Valgrind will stop with a diagnostic message if the stack cannot |
| 1373 | be allocated.</p> |
| 1374 | <p><code class="option">--main-stacksize</code> only affects the stack |
| 1375 | size for the program's initial thread. It has no bearing on the |
| 1376 | size of thread stacks, as Valgrind does not allocate |
| 1377 | those.</p> |
| 1378 | <p>You may need to use both <code class="option">--main-stacksize</code> |
| 1379 | and <code class="option">--max-stackframe</code> together. It is important |
| 1380 | to understand that <code class="option">--main-stacksize</code> sets the |
| 1381 | maximum total stack size, |
| 1382 | whilst <code class="option">--max-stackframe</code> specifies the largest |
| 1383 | size of any one stack frame. You will have to work out |
| 1384 | the <code class="option">--main-stacksize</code> value for yourself |
| 1385 | (usually, if your applications segfaults). But Valgrind will |
| 1386 | tell you the needed <code class="option">--max-stackframe</code> size, if |
| 1387 | necessary.</p> |
| 1388 | <p>As discussed further in the description |
| 1389 | of <code class="option">--max-stackframe</code>, a requirement for a large |
| 1390 | stack is a sign of potential portability problems. You are best |
| 1391 | advised to place all large data in heap-allocated memory.</p> |
| 1392 | </dd> |
| 1393 | <dt> |
| 1394 | <a name="opt.max-threads"></a><span class="term"> |
| 1395 | <code class="option">--max-threads=<number> [default: 500] </code> |
| 1396 | </span> |
| 1397 | </dt> |
| 1398 | <dd><p>By default, Valgrind can handle to up to 500 threads. |
| 1399 | Occasionally, that number is too small. Use this option to |
| 1400 | provide a different limit. E.g. |
| 1401 | <code class="computeroutput">--max-threads=3000</code>. |
| 1402 | </p></dd> |
| 1403 | </dl> |
| 1404 | </div> |
| 1405 | </div> |
| 1406 | <div class="sect2"> |
| 1407 | <div class="titlepage"><div><div><h3 class="title"> |
| 1408 | <a name="manual-core.mallocopts"></a>2.6.4. malloc-related Options</h3></div></div></div> |
| 1409 | <p><a name="malloc-related.opts.para"></a>For tools that use their own version of |
| 1410 | <code class="computeroutput">malloc</code> (e.g. Memcheck, |
| 1411 | Massif, Helgrind, DRD), the following options apply.</p> |
| 1412 | <div class="variablelist"> |
| 1413 | <a name="malloc-related.opts.list"></a><dl class="variablelist"> |
| 1414 | <dt> |
| 1415 | <a name="opt.alignment"></a><span class="term"> |
| 1416 | <code class="option">--alignment=<number> [default: 8 or 16, depending on the platform] </code> |
| 1417 | </span> |
| 1418 | </dt> |
| 1419 | <dd><p>By default Valgrind's <code class="function">malloc</code>, |
| 1420 | <code class="function">realloc</code>, etc, return a block whose starting |
| 1421 | address is 8-byte aligned or 16-byte aligned (the value depends on the |
| 1422 | platform and matches the platform default). This option allows you to |
| 1423 | specify a different alignment. The supplied value must be greater |
| 1424 | than or equal to the default, less than or equal to 4096, and must be |
| 1425 | a power of two.</p></dd> |
| 1426 | <dt> |
| 1427 | <a name="opt.redzone-size"></a><span class="term"> |
| 1428 | <code class="option">--redzone-size=<number> [default: depends on the tool] </code> |
| 1429 | </span> |
| 1430 | </dt> |
| 1431 | <dd> |
| 1432 | <p> Valgrind's <code class="function">malloc, realloc,</code> etc, add |
| 1433 | padding blocks before and after each heap block allocated by the |
| 1434 | program being run. Such padding blocks are called redzones. The |
| 1435 | default value for the redzone size depends on the tool. For |
| 1436 | example, Memcheck adds and protects a minimum of 16 bytes before |
| 1437 | and after each block allocated by the client. This allows it to |
| 1438 | detect block underruns or overruns of up to 16 bytes. |
| 1439 | </p> |
| 1440 | <p>Increasing the redzone size makes it possible to detect |
| 1441 | overruns of larger distances, but increases the amount of memory |
| 1442 | used by Valgrind. Decreasing the redzone size will reduce the |
| 1443 | memory needed by Valgrind but also reduces the chances of |
| 1444 | detecting over/underruns, so is not recommended.</p> |
| 1445 | </dd> |
| 1446 | </dl> |
| 1447 | </div> |
| 1448 | </div> |
| 1449 | <div class="sect2"> |
| 1450 | <div class="titlepage"><div><div><h3 class="title"> |
| 1451 | <a name="manual-core.rareopts"></a>2.6.5. Uncommon Options</h3></div></div></div> |
| 1452 | <p><a name="uncommon.opts.para"></a>These options apply to all tools, as they |
| 1453 | affect certain obscure workings of the Valgrind core. Most people won't |
| 1454 | need to use them.</p> |
| 1455 | <div class="variablelist"> |
| 1456 | <a name="uncommon.opts.list"></a><dl class="variablelist"> |
| 1457 | <dt> |
| 1458 | <a name="opt.smc-check"></a><span class="term"> |
| 1459 | <code class="option">--smc-check=<none|stack|all|all-non-file> |
| 1460 | [default: all-non-file for x86/amd64/s390x, stack for other archs] </code> |
| 1461 | </span> |
| 1462 | </dt> |
| 1463 | <dd> |
| 1464 | <p>This option controls Valgrind's detection of self-modifying |
| 1465 | code. If no checking is done, when a program executes some code, then |
| 1466 | overwrites it with new code, and executes the new code, Valgrind will |
| 1467 | continue to execute the translations it made for the old code. This |
| 1468 | will likely lead to incorrect behaviour and/or crashes.</p> |
| 1469 | <p>For "modern" architectures -- anything that's not x86, |
| 1470 | amd64 or s390x -- the default is <code class="varname">stack</code>. |
| 1471 | This is because a correct program must take explicit action |
| 1472 | to reestablish D-I cache coherence following code |
| 1473 | modification. Valgrind observes and honours such actions, |
| 1474 | with the result that self-modifying code is transparently |
| 1475 | handled with zero extra cost.</p> |
| 1476 | <p>For x86, amd64 and s390x, the program is not required to |
| 1477 | notify the hardware of required D-I coherence syncing. Hence |
| 1478 | the default is <code class="varname">all-non-file</code>, which covers |
| 1479 | the normal case of generating code into an anonymous |
| 1480 | (non-file-backed) mmap'd area.</p> |
| 1481 | <p>The meanings of the four available settings are as |
| 1482 | follows. No detection (<code class="varname">none</code>), |
| 1483 | detect self-modifying code |
| 1484 | on the stack (which is used by GCC to implement nested |
| 1485 | functions) (<code class="varname">stack</code>), detect self-modifying code |
| 1486 | everywhere (<code class="varname">all</code>), and detect |
| 1487 | self-modifying code everywhere except in file-backed |
| 1488 | mappings (<code class="varname">all-non-file</code>).</p> |
| 1489 | <p>Running with <code class="varname">all</code> will slow Valgrind |
| 1490 | down noticeably. Running with <code class="varname">none</code> will |
| 1491 | rarely speed things up, since very little code gets |
| 1492 | dynamically generated in most programs. The |
| 1493 | <code class="function">VALGRIND_DISCARD_TRANSLATIONS</code> client |
| 1494 | request is an alternative to <code class="option">--smc-check=all</code> |
| 1495 | and <code class="option">--smc-check=all-non-file</code> |
| 1496 | that requires more programmer effort but allows Valgrind to run |
| 1497 | your program faster, by telling it precisely when translations |
| 1498 | need to be re-made. |
| 1499 | |
| 1500 | </p> |
| 1501 | <p><code class="option">--smc-check=all-non-file</code> provides a |
| 1502 | cheaper but more limited version |
| 1503 | of <code class="option">--smc-check=all</code>. It adds checks to any |
| 1504 | translations that do not originate from file-backed memory |
| 1505 | mappings. Typical applications that generate code, for example |
| 1506 | JITs in web browsers, generate code into anonymous mmaped areas, |
| 1507 | whereas the "fixed" code of the browser always lives in |
| 1508 | file-backed mappings. <code class="option">--smc-check=all-non-file</code> |
| 1509 | takes advantage of this observation, limiting the overhead of |
| 1510 | checking to code which is likely to be JIT generated.</p> |
| 1511 | </dd> |
| 1512 | <dt> |
| 1513 | <a name="opt.read-inline-info"></a><span class="term"> |
| 1514 | <code class="option">--read-inline-info=<yes|no> [default: see below] </code> |
| 1515 | </span> |
| 1516 | </dt> |
| 1517 | <dd> |
| 1518 | <p>When enabled, Valgrind will read information about inlined |
| 1519 | function calls from DWARF3 debug info. This slows Valgrind |
| 1520 | startup and makes it use more memory (typically for each inlined |
| 1521 | piece of code, 6 words and space for the function name), but it |
| 1522 | results in more descriptive stacktraces. For the 3.10.0 |
| 1523 | release, this functionality is enabled by default only for Linux, |
| 1524 | Android and Solaris targets and only for the tools Memcheck, Helgrind |
| 1525 | and DRD. Here is an example of some stacktraces with |
| 1526 | <code class="option">--read-inline-info=no</code>: |
| 1527 | </p> |
| 1528 | <pre class="programlisting"> |
| 1529 | ==15380== Conditional jump or move depends on uninitialised value(s) |
| 1530 | ==15380== at 0x80484EA: main (inlinfo.c:6) |
| 1531 | ==15380== |
| 1532 | ==15380== Conditional jump or move depends on uninitialised value(s) |
| 1533 | ==15380== at 0x8048550: fun_noninline (inlinfo.c:6) |
| 1534 | ==15380== by 0x804850E: main (inlinfo.c:34) |
| 1535 | ==15380== |
| 1536 | ==15380== Conditional jump or move depends on uninitialised value(s) |
| 1537 | ==15380== at 0x8048520: main (inlinfo.c:6) |
| 1538 | </pre> |
| 1539 | <p>And here are the same errors with |
| 1540 | <code class="option">--read-inline-info=yes</code>:</p> |
| 1541 | <pre class="programlisting"> |
| 1542 | ==15377== Conditional jump or move depends on uninitialised value(s) |
| 1543 | ==15377== at 0x80484EA: fun_d (inlinfo.c:6) |
| 1544 | ==15377== by 0x80484EA: fun_c (inlinfo.c:14) |
| 1545 | ==15377== by 0x80484EA: fun_b (inlinfo.c:20) |
| 1546 | ==15377== by 0x80484EA: fun_a (inlinfo.c:26) |
| 1547 | ==15377== by 0x80484EA: main (inlinfo.c:33) |
| 1548 | ==15377== |
| 1549 | ==15377== Conditional jump or move depends on uninitialised value(s) |
| 1550 | ==15377== at 0x8048550: fun_d (inlinfo.c:6) |
| 1551 | ==15377== by 0x8048550: fun_noninline (inlinfo.c:41) |
| 1552 | ==15377== by 0x804850E: main (inlinfo.c:34) |
| 1553 | ==15377== |
| 1554 | ==15377== Conditional jump or move depends on uninitialised value(s) |
| 1555 | ==15377== at 0x8048520: fun_d (inlinfo.c:6) |
| 1556 | ==15377== by 0x8048520: main (inlinfo.c:35) |
| 1557 | </pre> |
| 1558 | </dd> |
| 1559 | <dt> |
| 1560 | <a name="opt.read-var-info"></a><span class="term"> |
| 1561 | <code class="option">--read-var-info=<yes|no> [default: no] </code> |
| 1562 | </span> |
| 1563 | </dt> |
| 1564 | <dd> |
| 1565 | <p>When enabled, Valgrind will read information about |
| 1566 | variable types and locations from DWARF3 debug info. |
| 1567 | This slows Valgrind startup significantly and makes it use significantly |
| 1568 | more memory, but for the tools that can take advantage of it (Memcheck, |
| 1569 | Helgrind, DRD) it can result in more precise error messages. For example, |
| 1570 | here are some standard errors issued by Memcheck:</p> |
| 1571 | <pre class="programlisting"> |
| 1572 | ==15363== Uninitialised byte(s) found during client check request |
| 1573 | ==15363== at 0x80484A9: croak (varinfo1.c:28) |
| 1574 | ==15363== by 0x8048544: main (varinfo1.c:55) |
| 1575 | ==15363== Address 0x80497f7 is 7 bytes inside data symbol "global_i2" |
| 1576 | ==15363== |
| 1577 | ==15363== Uninitialised byte(s) found during client check request |
| 1578 | ==15363== at 0x80484A9: croak (varinfo1.c:28) |
| 1579 | ==15363== by 0x8048550: main (varinfo1.c:56) |
| 1580 | ==15363== Address 0xbea0d0cc is on thread 1's stack |
| 1581 | ==15363== in frame #1, created by main (varinfo1.c:45) |
| 1582 | </pre> |
| 1583 | <p>And here are the same errors with |
| 1584 | <code class="option">--read-var-info=yes</code>:</p> |
| 1585 | <pre class="programlisting"> |
| 1586 | ==15370== Uninitialised byte(s) found during client check request |
| 1587 | ==15370== at 0x80484A9: croak (varinfo1.c:28) |
| 1588 | ==15370== by 0x8048544: main (varinfo1.c:55) |
| 1589 | ==15370== Location 0x80497f7 is 0 bytes inside global_i2[7], |
| 1590 | ==15370== a global variable declared at varinfo1.c:41 |
| 1591 | ==15370== |
| 1592 | ==15370== Uninitialised byte(s) found during client check request |
| 1593 | ==15370== at 0x80484A9: croak (varinfo1.c:28) |
| 1594 | ==15370== by 0x8048550: main (varinfo1.c:56) |
| 1595 | ==15370== Location 0xbeb4a0cc is 0 bytes inside local var "local" |
| 1596 | ==15370== declared at varinfo1.c:46, in frame #1 of thread 1 |
| 1597 | </pre> |
| 1598 | </dd> |
| 1599 | <dt> |
| 1600 | <a name="opt.vgdb-poll"></a><span class="term"> |
| 1601 | <code class="option">--vgdb-poll=<number> [default: 5000] </code> |
| 1602 | </span> |
| 1603 | </dt> |
| 1604 | <dd><p> As part of its main loop, the Valgrind scheduler will |
| 1605 | poll to check if some activity (such as an external command or |
| 1606 | some input from a gdb) has to be handled by gdbserver. This |
| 1607 | activity poll will be done after having run the given number of |
| 1608 | basic blocks (or slightly more than the given number of basic |
| 1609 | blocks). This poll is quite cheap so the default value is set |
| 1610 | relatively low. You might further decrease this value if vgdb |
| 1611 | cannot use ptrace system call to interrupt Valgrind if all |
| 1612 | threads are (most of the time) blocked in a system call. |
| 1613 | </p></dd> |
| 1614 | <dt> |
| 1615 | <a name="opt.vgdb-shadow-registers"></a><span class="term"> |
| 1616 | <code class="option">--vgdb-shadow-registers=no|yes [default: no] </code> |
| 1617 | </span> |
| 1618 | </dt> |
| 1619 | <dd><p> When activated, gdbserver will expose the Valgrind shadow registers |
| 1620 | to GDB. With this, the value of the Valgrind shadow registers can be examined |
| 1621 | or changed using GDB. Exposing shadow registers only works with GDB version |
| 1622 | 7.1 or later. |
| 1623 | </p></dd> |
| 1624 | <dt> |
| 1625 | <a name="opt.vgdb-prefix"></a><span class="term"> |
| 1626 | <code class="option">--vgdb-prefix=<prefix> [default: /tmp/vgdb-pipe] </code> |
| 1627 | </span> |
| 1628 | </dt> |
| 1629 | <dd><p> To communicate with gdb/vgdb, the Valgrind gdbserver |
| 1630 | creates 3 files (2 named FIFOs and a mmap shared memory |
| 1631 | file). The prefix option controls the directory and prefix for |
| 1632 | the creation of these files. |
| 1633 | </p></dd> |
| 1634 | <dt> |
| 1635 | <a name="opt.run-libc-freeres"></a><span class="term"> |
| 1636 | <code class="option">--run-libc-freeres=<yes|no> [default: yes] </code> |
| 1637 | </span> |
| 1638 | </dt> |
| 1639 | <dd> |
| 1640 | <p>This option is only relevant when running Valgrind on Linux.</p> |
| 1641 | <p>The GNU C library (<code class="function">libc.so</code>), which is |
| 1642 | used by all programs, may allocate memory for its own uses. |
| 1643 | Usually it doesn't bother to free that memory when the program |
| 1644 | ends—there would be no point, since the Linux kernel reclaims |
| 1645 | all process resources when a process exits anyway, so it would |
| 1646 | just slow things down.</p> |
| 1647 | <p>The glibc authors realised that this behaviour causes leak |
| 1648 | checkers, such as Valgrind, to falsely report leaks in glibc, when |
| 1649 | a leak check is done at exit. In order to avoid this, they |
| 1650 | provided a routine called <code class="function">__libc_freeres</code> |
| 1651 | specifically to make glibc release all memory it has allocated. |
| 1652 | Memcheck therefore tries to run |
| 1653 | <code class="function">__libc_freeres</code> at exit.</p> |
| 1654 | <p>Unfortunately, in some very old versions of glibc, |
| 1655 | <code class="function">__libc_freeres</code> is sufficiently buggy to cause |
| 1656 | segmentation faults. This was particularly noticeable on Red Hat |
| 1657 | 7.1. So this option is provided in order to inhibit the run of |
| 1658 | <code class="function">__libc_freeres</code>. If your program seems to run |
| 1659 | fine on Valgrind, but segfaults at exit, you may find that |
| 1660 | <code class="option">--run-libc-freeres=no</code> fixes that, although at the |
| 1661 | cost of possibly falsely reporting space leaks in |
| 1662 | <code class="filename">libc.so</code>.</p> |
| 1663 | </dd> |
| 1664 | <dt> |
| 1665 | <a name="opt.run-cxx-freeres"></a><span class="term"> |
| 1666 | <code class="option">--run-cxx-freeres=<yes|no> [default: yes] </code> |
| 1667 | </span> |
| 1668 | </dt> |
| 1669 | <dd> |
| 1670 | <p>This option is only relevant when running Valgrind on Linux |
| 1671 | or Solaris C++ programs.</p> |
| 1672 | <p>The GNU Standard C++ library (<code class="function">libstdc++.so</code>), |
| 1673 | which is used by all C++ programs compiled with g++, may allocate memory |
| 1674 | for its own uses. Usually it doesn't bother to free that memory when |
| 1675 | the program ends—there would be no point, since the kernel reclaims |
| 1676 | all process resources when a process exits anyway, so it would |
| 1677 | just slow things down.</p> |
| 1678 | <p>The gcc authors realised that this behaviour causes leak |
| 1679 | checkers, such as Valgrind, to falsely report leaks in libstdc++, when |
| 1680 | a leak check is done at exit. In order to avoid this, they |
| 1681 | provided a routine called <code class="function">__gnu_cxx::__freeres</code> |
| 1682 | specifically to make libstdc++ release all memory it has allocated. |
| 1683 | Memcheck therefore tries to run |
| 1684 | <code class="function">__gnu_cxx::__freeres</code> at exit.</p> |
| 1685 | <p>For the sake of flexibility and unforeseen problems with |
| 1686 | <code class="function">__gnu_cxx::__freeres</code>, option |
| 1687 | <code class="option">--run-cxx-freeres=no</code> exists, |
| 1688 | although at the cost of possibly falsely reporting space leaks in |
| 1689 | <code class="filename">libstdc++.so</code>.</p> |
| 1690 | </dd> |
| 1691 | <dt> |
| 1692 | <a name="opt.sim-hints"></a><span class="term"> |
| 1693 | <code class="option">--sim-hints=hint1,hint2,... </code> |
| 1694 | </span> |
| 1695 | </dt> |
| 1696 | <dd> |
| 1697 | <p>Pass miscellaneous hints to Valgrind which slightly modify |
| 1698 | the simulated behaviour in nonstandard or dangerous ways, possibly |
| 1699 | to help the simulation of strange features. By default no hints |
| 1700 | are enabled. Use with caution! Currently known hints are:</p> |
| 1701 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> |
| 1702 | <li class="listitem"><p><code class="option">lax-ioctls: </code> Be very lax about ioctl |
| 1703 | handling; the only assumption is that the size is |
| 1704 | correct. Doesn't require the full buffer to be initialised |
| 1705 | when writing. Without this, using some device drivers with a |
| 1706 | large number of strange ioctl commands becomes very |
| 1707 | tiresome.</p></li> |
| 1708 | <li class="listitem"><p><code class="option">fuse-compatible: </code> Enable special |
| 1709 | handling for certain system calls that may block in a FUSE |
| 1710 | file-system. This may be necessary when running Valgrind |
| 1711 | on a multi-threaded program that uses one thread to manage |
| 1712 | a FUSE file-system and another thread to access that |
| 1713 | file-system. |
| 1714 | </p></li> |
| 1715 | <li class="listitem"><p><code class="option">enable-outer: </code> Enable some special |
| 1716 | magic needed when the program being run is itself |
| 1717 | Valgrind.</p></li> |
| 1718 | <li class="listitem"><p><code class="option">no-inner-prefix: </code> Disable printing |
| 1719 | a prefix <code class="option">></code> in front of each stdout or |
| 1720 | stderr output line in an inner Valgrind being run by an |
| 1721 | outer Valgrind. This is useful when running Valgrind |
| 1722 | regression tests in an outer/inner setup. Note that the |
| 1723 | prefix <code class="option">></code> will always be printed in |
| 1724 | front of the inner debug logging lines.</p></li> |
| 1725 | <li class="listitem"> |
| 1726 | <p><code class="option">no-nptl-pthread-stackcache: </code> |
| 1727 | This hint is only relevant when running Valgrind on Linux.</p> |
| 1728 | <p>The GNU glibc pthread library |
| 1729 | (<code class="function">libpthread.so</code>), which is used by |
| 1730 | pthread programs, maintains a cache of pthread stacks. |
| 1731 | When a pthread terminates, the memory used for the pthread |
| 1732 | stack and some thread local storage related data structure |
| 1733 | are not always directly released. This memory is kept in |
| 1734 | a cache (up to a certain size), and is re-used if a new |
| 1735 | thread is started.</p> |
| 1736 | <p>This cache causes the helgrind tool to report some |
| 1737 | false positive race condition errors on this cached |
| 1738 | memory, as helgrind does not understand the internal glibc |
| 1739 | cache synchronisation primitives. So, when using helgrind, |
| 1740 | disabling the cache helps to avoid false positive race |
| 1741 | conditions, in particular when using thread local storage |
| 1742 | variables (e.g. variables using the |
| 1743 | <code class="function">__thread</code> qualifier).</p> |
| 1744 | <p>When using the memcheck tool, disabling the cache |
| 1745 | ensures the memory used by glibc to handle __thread |
| 1746 | variables is directly released when a thread |
| 1747 | terminates.</p> |
| 1748 | <p>Note: Valgrind disables the cache using some internal |
| 1749 | knowledge of the glibc stack cache implementation and by |
| 1750 | examining the debug information of the pthread |
| 1751 | library. This technique is thus somewhat fragile and might |
| 1752 | not work for all glibc versions. This has been succesfully |
| 1753 | tested with various glibc versions (e.g. 2.11, 2.16, 2.18) |
| 1754 | on various platforms.</p> |
| 1755 | </li> |
| 1756 | <li class="listitem"><p><code class="option">lax-doors: </code> (Solaris only) Be very lax |
| 1757 | about door syscall handling over unrecognised door file |
| 1758 | descriptors. Does not require that full buffer is initialised |
| 1759 | when writing. Without this, programs using libdoor(3LIB) |
| 1760 | functionality with completely proprietary semantics may report |
| 1761 | large number of false positives.</p></li> |
| 1762 | </ul></div> |
| 1763 | </dd> |
| 1764 | <dt> |
| 1765 | <a name="opt.fair-sched"></a><span class="term"> |
| 1766 | <code class="option">--fair-sched=<no|yes|try> [default: no] </code> |
| 1767 | </span> |
| 1768 | </dt> |
| 1769 | <dd> |
| 1770 | <p>The <code class="option">--fair-sched</code> option controls |
| 1771 | the locking mechanism used by Valgrind to serialise thread |
| 1772 | execution. The locking mechanism controls the way the threads |
| 1773 | are scheduled, and different settings give different trade-offs |
| 1774 | between fairness and performance. For more details about the |
| 1775 | Valgrind thread serialisation scheme and its impact on |
| 1776 | performance and thread scheduling, see |
| 1777 | <a class="xref" href="manual-core.html#manual-core.pthreads_perf_sched" title="2.7.1. Scheduling and Multi-Thread Performance">Scheduling and Multi-Thread Performance</a>.</p> |
| 1778 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> |
| 1779 | <li class="listitem"> |
| 1780 | <p>The value <code class="option">--fair-sched=yes</code> |
| 1781 | activates a fair scheduler. In short, if multiple threads are |
| 1782 | ready to run, the threads will be scheduled in a round robin |
| 1783 | fashion. This mechanism is not available on all platforms or |
| 1784 | Linux versions. If not available, |
| 1785 | using <code class="option">--fair-sched=yes</code> will cause Valgrind to |
| 1786 | terminate with an error.</p> |
| 1787 | <p>You may find this setting improves overall |
| 1788 | responsiveness if you are running an interactive |
| 1789 | multithreaded program, for example a web browser, on |
| 1790 | Valgrind.</p> |
| 1791 | </li> |
| 1792 | <li class="listitem"><p>The value <code class="option">--fair-sched=try</code> |
| 1793 | activates fair scheduling if available on the |
| 1794 | platform. Otherwise, it will automatically fall back |
| 1795 | to <code class="option">--fair-sched=no</code>.</p></li> |
| 1796 | <li class="listitem"><p>The value <code class="option">--fair-sched=no</code> activates |
| 1797 | a scheduler which does not guarantee fairness |
| 1798 | between threads ready to run, but which in general gives the |
| 1799 | highest performance.</p></li> |
| 1800 | </ul></div> |
| 1801 | </dd> |
| 1802 | <dt> |
| 1803 | <a name="opt.kernel-variant"></a><span class="term"> |
| 1804 | <code class="option">--kernel-variant=variant1,variant2,...</code> |
| 1805 | </span> |
| 1806 | </dt> |
| 1807 | <dd> |
| 1808 | <p>Handle system calls and ioctls arising from minor variants |
| 1809 | of the default kernel for this platform. This is useful for |
| 1810 | running on hacked kernels or with kernel modules which support |
| 1811 | nonstandard ioctls, for example. Use with caution. If you don't |
| 1812 | understand what this option does then you almost certainly don't |
| 1813 | need it. Currently known variants are:</p> |
| 1814 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> |
| 1815 | <li class="listitem"><p><code class="option">bproc</code>: support the |
| 1816 | <code class="function">sys_broc</code> system call on x86. This is for |
| 1817 | running on BProc, which is a minor variant of standard Linux which |
| 1818 | is sometimes used for building clusters. |
| 1819 | </p></li> |
| 1820 | <li class="listitem"><p><code class="option">android-no-hw-tls</code>: some |
| 1821 | versions of the Android emulator for ARM do not provide a |
| 1822 | hardware TLS (thread-local state) register, and Valgrind |
| 1823 | crashes at startup. Use this variant to select software |
| 1824 | support for TLS. |
| 1825 | </p></li> |
| 1826 | <li class="listitem"><p><code class="option">android-gpu-sgx5xx</code>: use this to |
| 1827 | support handling of proprietary ioctls for the PowerVR SGX |
| 1828 | 5XX series of GPUs on Android devices. Failure to select |
| 1829 | this does not cause stability problems, but may cause |
| 1830 | Memcheck to report false errors after the program performs |
| 1831 | GPU-specific ioctls. |
| 1832 | </p></li> |
| 1833 | <li class="listitem"><p><code class="option">android-gpu-adreno3xx</code>: similarly, use |
| 1834 | this to support handling of proprietary ioctls for the |
| 1835 | Qualcomm Adreno 3XX series of GPUs on Android devices. |
| 1836 | </p></li> |
| 1837 | </ul></div> |
| 1838 | </dd> |
| 1839 | <dt> |
| 1840 | <a name="opt.merge-recursive-frames"></a><span class="term"> |
| 1841 | <code class="option">--merge-recursive-frames=<number> [default: 0] </code> |
| 1842 | </span> |
| 1843 | </dt> |
| 1844 | <dd> |
| 1845 | <p>Some recursive algorithms, for example balanced binary |
| 1846 | tree implementations, create many different stack traces, each |
| 1847 | containing cycles of calls. A cycle is defined as two identical |
| 1848 | program counter values separated by zero or more other program |
| 1849 | counter values. Valgrind may then use a lot of memory to store |
| 1850 | all these stack traces. This is a poor use of memory |
| 1851 | considering that such stack traces contain repeated |
| 1852 | uninteresting recursive calls instead of more interesting |
| 1853 | information such as the function that has initiated the |
| 1854 | recursive call. |
| 1855 | </p> |
| 1856 | <p>The option <code class="option">--merge-recursive-frames=<number></code> |
| 1857 | instructs Valgrind to detect and merge recursive call cycles |
| 1858 | having a size of up to <code class="option"><number></code> |
| 1859 | frames. When such a cycle is detected, Valgrind records the |
| 1860 | cycle in the stack trace as a unique program counter. |
| 1861 | </p> |
| 1862 | <p> |
| 1863 | The value 0 (the default) causes no recursive call merging. |
| 1864 | A value of 1 will cause stack traces of simple recursive algorithms |
| 1865 | (for example, a factorial implementation) to be collapsed. |
| 1866 | A value of 2 will usually be needed to collapse stack traces produced |
| 1867 | by recursive algorithms such as binary trees, quick sort, etc. |
| 1868 | Higher values might be needed for more complex recursive algorithms. |
| 1869 | </p> |
| 1870 | <p>Note: recursive calls are detected by analysis of program |
| 1871 | counter values. They are not detected by looking at function |
| 1872 | names.</p> |
| 1873 | </dd> |
| 1874 | <dt> |
| 1875 | <a name="opt.num-transtab-sectors"></a><span class="term"> |
| 1876 | <code class="option">--num-transtab-sectors=<number> [default: 6 |
| 1877 | for Android platforms, 16 for all others] </code> |
| 1878 | </span> |
| 1879 | </dt> |
| 1880 | <dd><p>Valgrind translates and instruments your program's machine |
| 1881 | code in small fragments (basic blocks). The translations are stored in a |
| 1882 | translation cache that is divided into a number of sections |
| 1883 | (sectors). If the cache is full, the sector containing the |
| 1884 | oldest translations is emptied and reused. If these old |
| 1885 | translations are needed again, Valgrind must re-translate and |
| 1886 | re-instrument the corresponding machine code, which is |
| 1887 | expensive. If the "executed instructions" working set of a |
| 1888 | program is big, increasing the number of sectors may improve |
| 1889 | performance by reducing the number of re-translations needed. |
| 1890 | Sectors are allocated on demand. Once allocated, a sector can |
| 1891 | never be freed, and occupies considerable space, depending on the tool |
| 1892 | and the value of <code class="option">--avg-transtab-entry-size</code> |
| 1893 | (about 40 MB per sector for Memcheck). Use the |
| 1894 | option <code class="option">--stats=yes</code> to obtain precise |
| 1895 | information about the memory used by a sector and the allocation |
| 1896 | and recycling of sectors.</p></dd> |
| 1897 | <dt> |
| 1898 | <a name="opt.avg-transtab-entry-size"></a><span class="term"> |
| 1899 | <code class="option">--avg-transtab-entry-size=<number> [default: 0, |
| 1900 | meaning use tool provided default] </code> |
| 1901 | </span> |
| 1902 | </dt> |
| 1903 | <dd><p>Average size of translated basic block. This average size |
| 1904 | is used to dimension the size of a sector. |
| 1905 | Each tool provides a default value to be used. |
| 1906 | If this default value is too small, the translation sectors |
| 1907 | will become full too quickly. If this default value is too big, |
| 1908 | a significant part of the translation sector memory will be unused. |
| 1909 | Note that the average size of a basic block translation depends |
| 1910 | on the tool, and might depend on tool options. For example, |
| 1911 | the memcheck option <code class="option">--track-origins=yes</code> |
| 1912 | increases the size of the basic block translations. |
| 1913 | Use <code class="option">--avg-transtab-entry-size</code> to tune the size of the |
| 1914 | sectors, either to gain memory or to avoid too many retranslations. |
| 1915 | </p></dd> |
| 1916 | <dt> |
| 1917 | <a name="opt.aspace-minaddr"></a><span class="term"> |
| 1918 | <code class="option">--aspace-minaddr=<address> [default: depends |
| 1919 | on the platform] </code> |
| 1920 | </span> |
| 1921 | </dt> |
| 1922 | <dd><p>To avoid potential conflicts with some system libraries, |
| 1923 | Valgrind does not use the address space |
| 1924 | below <code class="option">--aspace-minaddr</code> value, keeping it |
| 1925 | reserved in case a library specifically requests memory in this |
| 1926 | region. So, some "pessimistic" value is guessed by Valgrind |
| 1927 | depending on the platform. On linux, by default, Valgrind avoids |
| 1928 | using the first 64MB even if typically there is no conflict in |
| 1929 | this complete zone. You can use the |
| 1930 | option <code class="option">--aspace-minaddr</code> to have your memory |
| 1931 | hungry application benefitting from more of this lower memory. |
| 1932 | On the other hand, if you encounter a conflict, increasing |
| 1933 | aspace-minaddr value might solve it. Conflicts will typically |
| 1934 | manifest themselves with mmap failures in the low range of the |
| 1935 | address space. The |
| 1936 | provided <code class="computeroutput">address</code> must be page |
| 1937 | aligned and must be equal or bigger to 0x1000 (4KB). To find the |
| 1938 | default value on your platform, do something such as |
| 1939 | <code class="computeroutput">valgrind -d -d date 2>&1 | grep -i minaddr</code>. |
| 1940 | Values lower than 0x10000 (64KB) are known to create problems |
| 1941 | on some distributions. |
| 1942 | </p></dd> |
| 1943 | <dt> |
| 1944 | <a name="opt.valgrind-stacksize"></a><span class="term"> |
| 1945 | <code class="option">--valgrind-stacksize=<number> [default: 1MB] </code> |
| 1946 | </span> |
| 1947 | </dt> |
| 1948 | <dd> |
| 1949 | <p>For each thread, Valgrind needs its own 'private' stack. |
| 1950 | The default size for these stacks is largely dimensioned, and so |
| 1951 | should be sufficient in most cases. In case the size is too small, |
| 1952 | Valgrind will segfault. Before segfaulting, a warning might be produced |
| 1953 | by Valgrind when approaching the limit. |
| 1954 | </p> |
| 1955 | <p> |
| 1956 | Use the option <code class="option">--valgrind-stacksize</code> if such an (unlikely) |
| 1957 | warning is produced, or Valgrind dies due to a segmentation violation. |
| 1958 | Such segmentation violations have been seen when demangling huge C++ |
| 1959 | symbols. |
| 1960 | </p> |
| 1961 | <p>If your application uses many threads and needs a lot of memory, you can |
| 1962 | gain some memory by reducing the size of these Valgrind stacks using |
| 1963 | the option <code class="option">--valgrind-stacksize</code>. |
| 1964 | </p> |
| 1965 | </dd> |
| 1966 | <dt> |
| 1967 | <a name="opt.show-emwarns"></a><span class="term"> |
| 1968 | <code class="option">--show-emwarns=<yes|no> [default: no] </code> |
| 1969 | </span> |
| 1970 | </dt> |
| 1971 | <dd><p>When enabled, Valgrind will emit warnings about its CPU |
| 1972 | emulation in certain cases. These are usually not |
| 1973 | interesting.</p></dd> |
| 1974 | <dt> |
| 1975 | <a name="opt.require-text-symbol"></a><span class="term"> |
| 1976 | <code class="option">--require-text-symbol=:sonamepatt:fnnamepatt</code> |
| 1977 | </span> |
| 1978 | </dt> |
| 1979 | <dd> |
| 1980 | <p>When a shared object whose soname |
| 1981 | matches <code class="varname">sonamepatt</code> is loaded into the |
| 1982 | process, examine all the text symbols it exports. If none of |
| 1983 | those match <code class="varname">fnnamepatt</code>, print an error |
| 1984 | message and abandon the run. This makes it possible to ensure |
| 1985 | that the run does not continue unless a given shared object |
| 1986 | contains a particular function name. |
| 1987 | </p> |
| 1988 | <p> |
| 1989 | Both <code class="varname">sonamepatt</code> and |
| 1990 | <code class="varname">fnnamepatt</code> can be written using the usual |
| 1991 | <code class="varname">?</code> and <code class="varname">*</code> wildcards. For |
| 1992 | example: <code class="varname">":*libc.so*:foo?bar"</code>. You may use |
| 1993 | characters other than a colon to separate the two patterns. It |
| 1994 | is only important that the first character and the separator |
| 1995 | character are the same. For example, the above example could |
| 1996 | also be written <code class="varname">"Q*libc.so*Qfoo?bar"</code>. |
| 1997 | Multiple <code class="varname"> --require-text-symbol</code> flags are |
| 1998 | allowed, in which case shared objects that are loaded into |
| 1999 | the process will be checked against all of them. |
| 2000 | </p> |
| 2001 | <p> |
| 2002 | The purpose of this is to support reliable usage of marked-up |
| 2003 | libraries. For example, suppose we have a version of GCC's |
| 2004 | <code class="varname">libgomp.so</code> which has been marked up with |
| 2005 | annotations to support Helgrind. It is only too easy and |
| 2006 | confusing to load the wrong, un-annotated |
| 2007 | <code class="varname">libgomp.so</code> into the application. So the idea |
| 2008 | is: add a text symbol in the marked-up library, for |
| 2009 | example <code class="varname">annotated_for_helgrind_3_6</code>, and then |
| 2010 | give the flag |
| 2011 | <code class="varname">--require-text-symbol=:*libgomp*so*:annotated_for_helgrind_3_6</code> |
| 2012 | so that when <code class="varname">libgomp.so</code> is loaded, Valgrind |
| 2013 | scans its symbol table, and if the symbol isn't present the run |
| 2014 | is aborted, rather than continuing silently with the |
| 2015 | un-marked-up library. Note that you should put the entire flag |
| 2016 | in quotes to stop shells expanding up the <code class="varname">*</code> |
| 2017 | and <code class="varname">?</code> wildcards. |
| 2018 | </p> |
| 2019 | </dd> |
| 2020 | <dt> |
| 2021 | <a name="opt.soname-synonyms"></a><span class="term"> |
| 2022 | <code class="option">--soname-synonyms=syn1=pattern1,syn2=pattern2,...</code> |
| 2023 | </span> |
| 2024 | </dt> |
| 2025 | <dd> |
| 2026 | <p>When a shared library is loaded, Valgrind checks for |
| 2027 | functions in the library that must be replaced or wrapped. For |
| 2028 | example, Memcheck replaces some string and memory functions |
| 2029 | (strchr, strlen, strcpy, memchr, memcpy, memmove, etc.) with its |
| 2030 | own versions. Such replacements are normally done only in shared |
| 2031 | libraries whose soname matches a predefined soname pattern (e.g. |
| 2032 | <code class="varname">libc.so*</code> on linux). By default, no |
| 2033 | replacement is done for a statically linked binary or for |
| 2034 | alternative libraries, except for the allocation functions |
| 2035 | (malloc, free, calloc, memalign, realloc, operator new, operator |
| 2036 | delete, etc.) Such allocation functions are intercepted by |
| 2037 | default in any shared library or in the executable if they are |
| 2038 | exported as global symbols. This means that if a replacement |
| 2039 | allocation library such as tcmalloc is found, its functions are |
| 2040 | also intercepted by default. |
| 2041 | |
| 2042 | In some cases, the replacements allow |
| 2043 | <code class="option">--soname-synonyms</code> to specify one additional |
| 2044 | synonym pattern, giving flexibility in the replacement. Or to |
| 2045 | prevent interception of all public allocation symbols.</p> |
| 2046 | <p>Currently, this flexibility is only allowed for the |
| 2047 | malloc related functions, using the |
| 2048 | synonym <code class="varname">somalloc</code>. This synonym is usable for |
| 2049 | all tools doing standard replacement of malloc related functions |
| 2050 | (e.g. memcheck, massif, drd, helgrind, exp-dhat, exp-sgcheck). |
| 2051 | </p> |
| 2052 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> |
| 2053 | <li class="listitem"> |
| 2054 | <p>Alternate malloc library: to replace the malloc |
| 2055 | related functions in a specific alternate library with |
| 2056 | soname <code class="varname">mymalloclib.so</code> (and not in any |
| 2057 | others), give the |
| 2058 | option <code class="option">--soname-synonyms=somalloc=mymalloclib.so</code>. |
| 2059 | A pattern can be used to match multiple libraries sonames. |
| 2060 | For |
| 2061 | example, <code class="option">--soname-synonyms=somalloc=*tcmalloc*</code> |
| 2062 | will match the soname of all variants of the tcmalloc |
| 2063 | library (native, debug, profiled, ... tcmalloc |
| 2064 | variants). </p> |
| 2065 | <p>Note: the soname of a elf shared library can be |
| 2066 | retrieved using the readelf utility. </p> |
| 2067 | </li> |
| 2068 | <li class="listitem"><p>Replacements in a statically linked library are done |
| 2069 | by using the <code class="varname">NONE</code> pattern. For example, |
| 2070 | if you link with <code class="varname">libtcmalloc.a</code>, and only |
| 2071 | want to intercept the malloc related functions in the |
| 2072 | executable (and standard libraries) themselves, but not any |
| 2073 | other shared libraries, you can give the |
| 2074 | option <code class="option">--soname-synonyms=somalloc=NONE</code>. |
| 2075 | Note that a NONE pattern will match the main executable and |
| 2076 | any shared library having no soname. </p></li> |
| 2077 | <li class="listitem"><p>To run a "default" Firefox build for Linux, in which |
| 2078 | JEMalloc is linked in to the main executable, |
| 2079 | use <code class="option">--soname-synonyms=somalloc=NONE</code>. |
| 2080 | </p></li> |
| 2081 | <li class="listitem"><p>To only intercept allocation symbols in the default |
| 2082 | system libraries, but not in any other shared library or the |
| 2083 | executable defining public malloc or operator new related |
| 2084 | functions use a non-existing library name |
| 2085 | like <code class="option">--soname-synonyms=somalloc=nouserintercepts</code> |
| 2086 | (where <code class="varname">nouserintercepts</code> can be any |
| 2087 | non-existing library name). |
| 2088 | </p></li> |
| 2089 | <li class="listitem"><p>Shared library of the dynamic (runtime) linker is excluded from |
| 2090 | searching for global public symbols, such as those for the malloc |
| 2091 | related functions (identified by <code class="varname">somalloc</code> synonym). |
| 2092 | </p></li> |
| 2093 | </ul></div> |
| 2094 | </dd> |
| 2095 | </dl> |
| 2096 | </div> |
| 2097 | </div> |
| 2098 | <div class="sect2"> |
| 2099 | <div class="titlepage"><div><div><h3 class="title"> |
| 2100 | <a name="manual-core.debugopts"></a>2.6.6. Debugging Options</h3></div></div></div> |
| 2101 | <p><a name="debug.opts.para"></a>There are also some options for debugging |
| 2102 | Valgrind itself. You shouldn't need to use them in the normal run of |
| 2103 | things. If you wish to see the list, use the |
| 2104 | <code class="option">--help-debug</code> option.</p> |
| 2105 | <p>If you wish to debug your program rather than debugging |
| 2106 | Valgrind itself, then you should use the options |
| 2107 | <code class="option">--vgdb=yes</code> or <code class="option">--vgdb=full</code>. |
| 2108 | </p> |
| 2109 | </div> |
| 2110 | <div class="sect2"> |
| 2111 | <div class="titlepage"><div><div><h3 class="title"> |
| 2112 | <a name="manual-core.defopts"></a>2.6.7. Setting Default Options</h3></div></div></div> |
| 2113 | <p>Note that Valgrind also reads options from three places:</p> |
| 2114 | <div class="orderedlist"><ol class="orderedlist" type="1"> |
| 2115 | <li class="listitem"><p>The file <code class="computeroutput">~/.valgrindrc</code></p></li> |
| 2116 | <li class="listitem"><p>The environment variable |
| 2117 | <code class="computeroutput">$VALGRIND_OPTS</code></p></li> |
| 2118 | <li class="listitem"><p>The file <code class="computeroutput">./.valgrindrc</code></p></li> |
| 2119 | </ol></div> |
| 2120 | <p>These are processed in the given order, before the |
| 2121 | command-line options. Options processed later override those |
| 2122 | processed earlier; for example, options in |
| 2123 | <code class="computeroutput">./.valgrindrc</code> will take |
| 2124 | precedence over those in |
| 2125 | <code class="computeroutput">~/.valgrindrc</code>. |
| 2126 | </p> |
| 2127 | <p>Please note that the <code class="computeroutput">./.valgrindrc</code> |
| 2128 | file is ignored if it is marked as world writeable or not owned |
| 2129 | by the current user. This is because the |
| 2130 | <code class="computeroutput">./.valgrindrc</code> can contain options that are |
| 2131 | potentially harmful or can be used by a local attacker to execute code under |
| 2132 | your user account. |
| 2133 | </p> |
| 2134 | <p>Any tool-specific options put in |
| 2135 | <code class="computeroutput">$VALGRIND_OPTS</code> or the |
| 2136 | <code class="computeroutput">.valgrindrc</code> files should be |
| 2137 | prefixed with the tool name and a colon. For example, if you |
| 2138 | want Memcheck to always do leak checking, you can put the |
| 2139 | following entry in <code class="literal">~/.valgrindrc</code>:</p> |
| 2140 | <pre class="programlisting"> |
| 2141 | --memcheck:leak-check=yes</pre> |
| 2142 | <p>This will be ignored if any tool other than Memcheck is |
| 2143 | run. Without the <code class="computeroutput">memcheck:</code> |
| 2144 | part, this will cause problems if you select other tools that |
| 2145 | don't understand |
| 2146 | <code class="option">--leak-check=yes</code>.</p> |
| 2147 | </div> |
| 2148 | </div> |
| 2149 | <div class="sect1"> |
| 2150 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 2151 | <a name="manual-core.pthreads"></a>2.7. Support for Threads</h2></div></div></div> |
| 2152 | <p>Threaded programs are fully supported.</p> |
| 2153 | <p>The main thing to point out with respect to threaded programs is |
| 2154 | that your program will use the native threading library, but Valgrind |
| 2155 | serialises execution so that only one (kernel) thread is running at a |
| 2156 | time. This approach avoids the horrible implementation problems of |
| 2157 | implementing a truly multithreaded version of Valgrind, but it does |
| 2158 | mean that threaded apps never use more than one CPU simultaneously, |
| 2159 | even if you have a multiprocessor or multicore machine.</p> |
| 2160 | <p>Valgrind doesn't schedule the threads itself. It merely ensures |
| 2161 | that only one thread runs at once, using a simple locking scheme. The |
| 2162 | actual thread scheduling remains under control of the OS kernel. What |
| 2163 | this does mean, though, is that your program will see very different |
| 2164 | scheduling when run on Valgrind than it does when running normally. |
| 2165 | This is both because Valgrind is serialising the threads, and because |
| 2166 | the code runs so much slower than normal.</p> |
| 2167 | <p>This difference in scheduling may cause your program to behave |
| 2168 | differently, if you have some kind of concurrency, critical race, |
| 2169 | locking, or similar, bugs. In that case you might consider using the |
| 2170 | tools Helgrind and/or DRD to track them down.</p> |
| 2171 | <p>On Linux, Valgrind also supports direct use of the |
| 2172 | <code class="computeroutput">clone</code> system call, |
| 2173 | <code class="computeroutput">futex</code> and so on. |
| 2174 | <code class="computeroutput">clone</code> is supported where either |
| 2175 | everything is shared (a thread) or nothing is shared (fork-like); partial |
| 2176 | sharing will fail. |
| 2177 | </p> |
| 2178 | <div class="sect2"> |
| 2179 | <div class="titlepage"><div><div><h3 class="title"> |
| 2180 | <a name="manual-core.pthreads_perf_sched"></a>2.7.1. Scheduling and Multi-Thread Performance</h3></div></div></div> |
| 2181 | <p>A thread executes code only when it holds the abovementioned |
| 2182 | lock. After executing some number of instructions, the running thread |
| 2183 | will release the lock. All threads ready to run will then compete to |
| 2184 | acquire the lock.</p> |
| 2185 | <p>The <code class="option">--fair-sched</code> option controls the locking mechanism |
| 2186 | used to serialise thread execution.</p> |
| 2187 | <p>The default pipe based locking mechanism |
| 2188 | (<code class="option">--fair-sched=no</code>) is available on all |
| 2189 | platforms. Pipe based locking does not guarantee fairness between |
| 2190 | threads: it is quite likely that a thread that has just released the |
| 2191 | lock reacquires it immediately, even though other threads are ready to |
| 2192 | run. When using pipe based locking, different runs of the same |
| 2193 | multithreaded application might give very different thread |
| 2194 | scheduling.</p> |
| 2195 | <p>An alternative locking mechanism, based on futexes, is available |
| 2196 | on some platforms. If available, it is activated |
| 2197 | by <code class="option">--fair-sched=yes</code> or |
| 2198 | <code class="option">--fair-sched=try</code>. Futex based locking ensures |
| 2199 | fairness (round-robin scheduling) between threads: if multiple threads |
| 2200 | are ready to run, the lock will be given to the thread which first |
| 2201 | requested the lock. Note that a thread which is blocked in a system |
| 2202 | call (e.g. in a blocking read system call) has not (yet) requested the |
| 2203 | lock: such a thread requests the lock only after the system call is |
| 2204 | finished.</p> |
| 2205 | <p> The fairness of the futex based locking produces better |
| 2206 | reproducibility of thread scheduling for different executions of a |
| 2207 | multithreaded application. This better reproducibility is particularly |
| 2208 | helpful when using Helgrind or DRD.</p> |
| 2209 | <p>Valgrind's use of thread serialisation implies that only one |
| 2210 | thread at a time may run. On a multiprocessor/multicore system, the |
| 2211 | running thread is assigned to one of the CPUs by the OS kernel |
| 2212 | scheduler. When a thread acquires the lock, sometimes the thread will |
| 2213 | be assigned to the same CPU as the thread that just released the |
| 2214 | lock. Sometimes, the thread will be assigned to another CPU. When |
| 2215 | using pipe based locking, the thread that just acquired the lock |
| 2216 | will usually be scheduled on the same CPU as the thread that just |
| 2217 | released the lock. With the futex based mechanism, the thread that |
| 2218 | just acquired the lock will more often be scheduled on another |
| 2219 | CPU.</p> |
| 2220 | <p>Valgrind's thread serialisation and CPU assignment by the OS |
| 2221 | kernel scheduler can interact badly with the CPU frequency scaling |
| 2222 | available on many modern CPUs. To decrease power consumption, the |
| 2223 | frequency of a CPU or core is automatically decreased if the CPU/core |
| 2224 | has not been used recently. If the OS kernel often assigns the thread |
| 2225 | which just acquired the lock to another CPU/core, it is quite likely |
| 2226 | that this CPU/core is currently at a low frequency. The frequency of |
| 2227 | this CPU will be increased after some time. However, during this |
| 2228 | time, the (only) running thread will have run at the low frequency. |
| 2229 | Once this thread has run for some time, it will release the lock. |
| 2230 | Another thread will acquire this lock, and might be scheduled again on |
| 2231 | another CPU whose clock frequency was decreased in the |
| 2232 | meantime.</p> |
| 2233 | <p>The futex based locking causes threads to change CPUs/cores more |
| 2234 | often. So, if CPU frequency scaling is activated, the futex based |
| 2235 | locking might decrease significantly the performance of a |
| 2236 | multithreaded app running under Valgrind. Performance losses of up to |
| 2237 | 50% degradation have been observed, as compared to running on a |
| 2238 | machine for which CPU frequency scaling has been disabled. The pipe |
| 2239 | based locking locking scheme also interacts badly with CPU frequency |
| 2240 | scaling, with performance losses in the range 10..20% having been |
| 2241 | observed.</p> |
| 2242 | <p>To avoid such performance degradation, you should indicate to |
| 2243 | the kernel that all CPUs/cores should always run at maximum clock |
| 2244 | speed. Depending on your Linux distribution, CPU frequency scaling |
| 2245 | may be controlled using a graphical interface or using command line |
| 2246 | such as |
| 2247 | <code class="computeroutput">cpufreq-selector</code> or |
| 2248 | <code class="computeroutput">cpufreq-set</code>. |
| 2249 | </p> |
| 2250 | <p>An alternative way to avoid these problems is to tell the |
| 2251 | OS scheduler to tie a Valgrind process to a specific (fixed) CPU using the |
| 2252 | <code class="computeroutput">taskset</code> command. This should ensure |
| 2253 | that the selected CPU does not fall below its maximum frequency |
| 2254 | setting so long as any thread of the program has work to do. |
| 2255 | </p> |
| 2256 | </div> |
| 2257 | </div> |
| 2258 | <div class="sect1"> |
| 2259 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 2260 | <a name="manual-core.signals"></a>2.8. Handling of Signals</h2></div></div></div> |
| 2261 | <p>Valgrind has a fairly complete signal implementation. It should be |
| 2262 | able to cope with any POSIX-compliant use of signals.</p> |
| 2263 | <p>If you're using signals in clever ways (for example, catching |
| 2264 | SIGSEGV, modifying page state and restarting the instruction), you're |
| 2265 | probably relying on precise exceptions. In this case, you will need |
| 2266 | to use <code class="option">--vex-iropt-register-updates=allregs-at-mem-access</code> |
| 2267 | or <code class="option">--vex-iropt-register-updates=allregs-at-each-insn</code>. |
| 2268 | </p> |
| 2269 | <p>If your program dies as a result of a fatal core-dumping signal, |
| 2270 | Valgrind will generate its own core file |
| 2271 | (<code class="computeroutput">vgcore.NNNNN</code>) containing your program's |
| 2272 | state. You may use this core file for post-mortem debugging with GDB or |
| 2273 | similar. (Note: it will not generate a core if your core dump size limit is |
| 2274 | 0.) At the time of writing the core dumps do not include all the floating |
| 2275 | point register information.</p> |
| 2276 | <p>In the unlikely event that Valgrind itself crashes, the operating system |
| 2277 | will create a core dump in the usual way.</p> |
| 2278 | </div> |
| 2279 | <div class="sect1"> |
| 2280 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 2281 | <a name="manual-core.install"></a>2.9. Building and Installing Valgrind</h2></div></div></div> |
| 2282 | <p>We use the standard Unix |
| 2283 | <code class="computeroutput">./configure</code>, |
| 2284 | <code class="computeroutput">make</code>, <code class="computeroutput">make |
| 2285 | install</code> mechanism. Once you have completed |
| 2286 | <code class="computeroutput">make install</code> you may then want |
| 2287 | to run the regression tests |
| 2288 | with <code class="computeroutput">make regtest</code>. |
| 2289 | </p> |
| 2290 | <p>In addition to the usual |
| 2291 | <code class="option">--prefix=/path/to/install/tree</code>, there are three |
| 2292 | options which affect how Valgrind is built: |
| 2293 | </p> |
| 2294 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> |
| 2295 | <li class="listitem"> |
| 2296 | <p><code class="option">--enable-inner</code></p> |
| 2297 | <p>This builds Valgrind with some special magic hacks which make |
| 2298 | it possible to run it on a standard build of Valgrind (what the |
| 2299 | developers call "self-hosting"). Ordinarily you should not use |
| 2300 | this option as various kinds of safety checks are disabled. |
| 2301 | </p> |
| 2302 | </li> |
| 2303 | <li class="listitem"> |
| 2304 | <p><code class="option">--enable-only64bit</code></p> |
| 2305 | <p><code class="option">--enable-only32bit</code></p> |
| 2306 | <p>On 64-bit platforms (amd64-linux, ppc64-linux, |
| 2307 | amd64-darwin), Valgrind is by default built in such a way that |
| 2308 | both 32-bit and 64-bit executables can be run. Sometimes this |
| 2309 | cleverness is a problem for a variety of reasons. These two |
| 2310 | options allow for single-target builds in this situation. If you |
| 2311 | issue both, the configure script will complain. Note they are |
| 2312 | ignored on 32-bit-only platforms (x86-linux, ppc32-linux, |
| 2313 | arm-linux, x86-darwin). |
| 2314 | </p> |
| 2315 | </li> |
| 2316 | </ul></div> |
| 2317 | <p> |
| 2318 | </p> |
| 2319 | <p>The <code class="computeroutput">configure</code> script tests |
| 2320 | the version of the X server currently indicated by the current |
| 2321 | <code class="computeroutput">$DISPLAY</code>. This is a known bug. |
| 2322 | The intention was to detect the version of the current X |
| 2323 | client libraries, so that correct suppressions could be selected |
| 2324 | for them, but instead the test checks the server version. This |
| 2325 | is just plain wrong.</p> |
| 2326 | <p>If you are building a binary package of Valgrind for |
| 2327 | distribution, please read <code class="literal">README_PACKAGERS</code> |
| 2328 | <a class="xref" href="dist.readme-packagers.html" title="7. README_PACKAGERS">Readme Packagers</a>. It contains some |
| 2329 | important information.</p> |
| 2330 | <p>Apart from that, there's not much excitement here. Let us |
| 2331 | know if you have build problems.</p> |
| 2332 | </div> |
| 2333 | <div class="sect1"> |
| 2334 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 2335 | <a name="manual-core.problems"></a>2.10. If You Have Problems</h2></div></div></div> |
| 2336 | <p>Contact us at <a class="ulink" href="http://www.valgrind.org/" target="_top">http://www.valgrind.org/</a>.</p> |
| 2337 | <p>See <a class="xref" href="manual-core.html#manual-core.limits" title="2.11. Limitations">Limitations</a> for the known |
| 2338 | limitations of Valgrind, and for a list of programs which are |
| 2339 | known not to work on it.</p> |
| 2340 | <p>All parts of the system make heavy use of assertions and |
| 2341 | internal self-checks. They are permanently enabled, and we have no |
| 2342 | plans to disable them. If one of them breaks, please mail us!</p> |
| 2343 | <p>If you get an assertion failure |
| 2344 | in <code class="filename">m_mallocfree.c</code>, this may have happened because |
| 2345 | your program wrote off the end of a heap block, or before its |
| 2346 | beginning, thus corrupting heap metadata. Valgrind hopefully will have |
| 2347 | emitted a message to that effect before dying in this way.</p> |
| 2348 | <p>Read the <a class="xref" href="FAQ.html" title="Valgrind FAQ">Valgrind FAQ</a> for more advice about common problems, |
| 2349 | crashes, etc.</p> |
| 2350 | </div> |
| 2351 | <div class="sect1"> |
| 2352 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 2353 | <a name="manual-core.limits"></a>2.11. Limitations</h2></div></div></div> |
| 2354 | <p>The following list of limitations seems long. However, most |
| 2355 | programs actually work fine.</p> |
| 2356 | <p>Valgrind will run programs on the supported platforms |
| 2357 | subject to the following constraints:</p> |
| 2358 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> |
| 2359 | <li class="listitem"><p>On Linux, Valgrind determines at startup the size of the 'brk |
| 2360 | segment' using the RLIMIT_DATA rlim_cur, with a minimum of 1 MB and |
| 2361 | a maximum of 8 MB. Valgrind outputs a message each time a program |
| 2362 | tries to extend the brk segment beyond the size determined at |
| 2363 | startup. Most programs will work properly with this limit, |
| 2364 | typically by switching to the use of mmap to get more memory. |
| 2365 | If your program really needs a big brk segment, you must change |
| 2366 | the 8 MB hardcoded limit and recompile Valgrind. |
| 2367 | </p></li> |
| 2368 | <li class="listitem"><p>On x86 and amd64, there is no support for 3DNow! |
| 2369 | instructions. If the translator encounters these, Valgrind will |
| 2370 | generate a SIGILL when the instruction is executed. Apart from |
| 2371 | that, on x86 and amd64, essentially all instructions are supported, |
| 2372 | up to and including AVX and AES in 64-bit mode and SSSE3 in 32-bit |
| 2373 | mode. 32-bit mode does in fact support the bare minimum SSE4 |
| 2374 | instructions needed to run programs on MacOSX 10.6 on 32-bit |
| 2375 | targets. |
| 2376 | </p></li> |
| 2377 | <li class="listitem"><p>On ppc32 and ppc64, almost all integer, floating point and |
| 2378 | Altivec instructions are supported. Specifically: integer and FP |
| 2379 | insns that are mandatory for PowerPC, the "General-purpose |
| 2380 | optional" group (fsqrt, fsqrts, stfiwx), the "Graphics optional" |
| 2381 | group (fre, fres, frsqrte, frsqrtes), and the Altivec (also known |
| 2382 | as VMX) SIMD instruction set, are supported. Also, instructions |
| 2383 | from the Power ISA 2.05 specification, as present in POWER6 CPUs, |
| 2384 | are supported.</p></li> |
| 2385 | <li class="listitem"><p>On ARM, essentially the entire ARMv7-A instruction set |
| 2386 | is supported, in both ARM and Thumb mode. ThumbEE and Jazelle are |
| 2387 | not supported. NEON, VFPv3 and ARMv6 media support is fairly |
| 2388 | complete. |
| 2389 | </p></li> |
| 2390 | <li class="listitem"><p>If your program does its own memory management, rather than |
| 2391 | using malloc/new/free/delete, it should still work, but Memcheck's |
| 2392 | error checking won't be so effective. If you describe your |
| 2393 | program's memory management scheme using "client requests" (see |
| 2394 | <a class="xref" href="manual-core-adv.html#manual-core-adv.clientreq" title="3.1. The Client Request mechanism">The Client Request mechanism</a>), Memcheck can do |
| 2395 | better. Nevertheless, using malloc/new and free/delete is still |
| 2396 | the best approach.</p></li> |
| 2397 | <li class="listitem"><p>Valgrind's signal simulation is not as robust as it could be. |
| 2398 | Basic POSIX-compliant sigaction and sigprocmask functionality is |
| 2399 | supplied, but it's conceivable that things could go badly awry if you |
| 2400 | do weird things with signals. Workaround: don't. Programs that do |
| 2401 | non-POSIX signal tricks are in any case inherently unportable, so |
| 2402 | should be avoided if possible.</p></li> |
| 2403 | <li class="listitem"><p>Machine instructions, and system calls, have been implemented |
| 2404 | on demand. So it's possible, although unlikely, that a program will |
| 2405 | fall over with a message to that effect. If this happens, please |
| 2406 | report all the details printed out, so we can try and implement the |
| 2407 | missing feature.</p></li> |
| 2408 | <li class="listitem"><p>Memory consumption of your program is majorly increased |
| 2409 | whilst running under Valgrind's Memcheck tool. This is due to the |
| 2410 | large amount of administrative information maintained behind the |
| 2411 | scenes. Another cause is that Valgrind dynamically translates the |
| 2412 | original executable. Translated, instrumented code is 12-18 times |
| 2413 | larger than the original so you can easily end up with 150+ MB of |
| 2414 | translations when running (eg) a web browser.</p></li> |
| 2415 | <li class="listitem"> |
| 2416 | <p>Valgrind can handle dynamically-generated code just fine. If |
| 2417 | you regenerate code over the top of old code (ie. at the same |
| 2418 | memory addresses), if the code is on the stack Valgrind will |
| 2419 | realise the code has changed, and work correctly. This is |
| 2420 | necessary to handle the trampolines GCC uses to implemented nested |
| 2421 | functions. If you regenerate code somewhere other than the stack, |
| 2422 | and you are running on an 32- or 64-bit x86 CPU, you will need to |
| 2423 | use the <code class="option">--smc-check=all</code> option, and Valgrind will |
| 2424 | run more slowly than normal. Or you can add client requests that |
| 2425 | tell Valgrind when your program has overwritten code. |
| 2426 | </p> |
| 2427 | <p> On other platforms (ARM, PowerPC) Valgrind observes and |
| 2428 | honours the cache invalidation hints that programs are obliged to |
| 2429 | emit to notify new code, and so self-modifying-code support should |
| 2430 | work automatically, without the need |
| 2431 | for <code class="option">--smc-check=all</code>.</p> |
| 2432 | </li> |
| 2433 | <li class="listitem"> |
| 2434 | <p>Valgrind has the following limitations |
| 2435 | in its implementation of x86/AMD64 floating point relative to |
| 2436 | IEEE754.</p> |
| 2437 | <p>Precision: There is no support for 80 bit arithmetic. |
| 2438 | Internally, Valgrind represents all such "long double" numbers in 64 |
| 2439 | bits, and so there may be some differences in results. Whether or |
| 2440 | not this is critical remains to be seen. Note, the x86/amd64 |
| 2441 | fldt/fstpt instructions (read/write 80-bit numbers) are correctly |
| 2442 | simulated, using conversions to/from 64 bits, so that in-memory |
| 2443 | images of 80-bit numbers look correct if anyone wants to see.</p> |
| 2444 | <p>The impression observed from many FP regression tests is that |
| 2445 | the accuracy differences aren't significant. Generally speaking, if |
| 2446 | a program relies on 80-bit precision, there may be difficulties |
| 2447 | porting it to non x86/amd64 platforms which only support 64-bit FP |
| 2448 | precision. Even on x86/amd64, the program may get different results |
| 2449 | depending on whether it is compiled to use SSE2 instructions (64-bits |
| 2450 | only), or x87 instructions (80-bit). The net effect is to make FP |
| 2451 | programs behave as if they had been run on a machine with 64-bit IEEE |
| 2452 | floats, for example PowerPC. On amd64 FP arithmetic is done by |
| 2453 | default on SSE2, so amd64 looks more like PowerPC than x86 from an FP |
| 2454 | perspective, and there are far fewer noticeable accuracy differences |
| 2455 | than with x86.</p> |
| 2456 | <p>Rounding: Valgrind does observe the 4 IEEE-mandated rounding |
| 2457 | modes (to nearest, to +infinity, to -infinity, to zero) for the |
| 2458 | following conversions: float to integer, integer to float where |
| 2459 | there is a possibility of loss of precision, and float-to-float |
| 2460 | rounding. For all other FP operations, only the IEEE default mode |
| 2461 | (round to nearest) is supported.</p> |
| 2462 | <p>Numeric exceptions in FP code: IEEE754 defines five types of |
| 2463 | numeric exception that can happen: invalid operation (sqrt of |
| 2464 | negative number, etc), division by zero, overflow, underflow, |
| 2465 | inexact (loss of precision).</p> |
| 2466 | <p>For each exception, two courses of action are defined by IEEE754: |
| 2467 | either (1) a user-defined exception handler may be called, or (2) a |
| 2468 | default action is defined, which "fixes things up" and allows the |
| 2469 | computation to proceed without throwing an exception.</p> |
| 2470 | <p>Currently Valgrind only supports the default fixup actions. |
| 2471 | Again, feedback on the importance of exception support would be |
| 2472 | appreciated.</p> |
| 2473 | <p>When Valgrind detects that the program is trying to exceed any |
| 2474 | of these limitations (setting exception handlers, rounding mode, or |
| 2475 | precision control), it can print a message giving a traceback of |
| 2476 | where this has happened, and continue execution. This behaviour used |
| 2477 | to be the default, but the messages are annoying and so showing them |
| 2478 | is now disabled by default. Use <code class="option">--show-emwarns=yes</code> to see |
| 2479 | them.</p> |
| 2480 | <p>The above limitations define precisely the IEEE754 'default' |
| 2481 | behaviour: default fixup on all exceptions, round-to-nearest |
| 2482 | operations, and 64-bit precision.</p> |
| 2483 | </li> |
| 2484 | <li class="listitem"> |
| 2485 | <p>Valgrind has the following limitations in |
| 2486 | its implementation of x86/AMD64 SSE2 FP arithmetic, relative to |
| 2487 | IEEE754.</p> |
| 2488 | <p>Essentially the same: no exceptions, and limited observance of |
| 2489 | rounding mode. Also, SSE2 has control bits which make it treat |
| 2490 | denormalised numbers as zero (DAZ) and a related action, flush |
| 2491 | denormals to zero (FTZ). Both of these cause SSE2 arithmetic to be |
| 2492 | less accurate than IEEE requires. Valgrind detects, ignores, and can |
| 2493 | warn about, attempts to enable either mode.</p> |
| 2494 | </li> |
| 2495 | <li class="listitem"> |
| 2496 | <p>Valgrind has the following limitations in |
| 2497 | its implementation of ARM VFPv3 arithmetic, relative to |
| 2498 | IEEE754.</p> |
| 2499 | <p>Essentially the same: no exceptions, and limited observance |
| 2500 | of rounding mode. Also, switching the VFP unit into vector mode |
| 2501 | will cause Valgrind to abort the program -- it has no way to |
| 2502 | emulate vector uses of VFP at a reasonable performance level. This |
| 2503 | is no big deal given that non-scalar uses of VFP instructions are |
| 2504 | in any case deprecated.</p> |
| 2505 | </li> |
| 2506 | <li class="listitem"> |
| 2507 | <p>Valgrind has the following limitations |
| 2508 | in its implementation of PPC32 and PPC64 floating point |
| 2509 | arithmetic, relative to IEEE754.</p> |
| 2510 | <p>Scalar (non-Altivec): Valgrind provides a bit-exact emulation of |
| 2511 | all floating point instructions, except for "fre" and "fres", which are |
| 2512 | done more precisely than required by the PowerPC architecture specification. |
| 2513 | All floating point operations observe the current rounding mode. |
| 2514 | </p> |
| 2515 | <p>However, fpscr[FPRF] is not set after each operation. That could |
| 2516 | be done but would give measurable performance overheads, and so far |
| 2517 | no need for it has been found.</p> |
| 2518 | <p>As on x86/AMD64, IEEE754 exceptions are not supported: all floating |
| 2519 | point exceptions are handled using the default IEEE fixup actions. |
| 2520 | Valgrind detects, ignores, and can warn about, attempts to unmask |
| 2521 | the 5 IEEE FP exception kinds by writing to the floating-point status |
| 2522 | and control register (fpscr). |
| 2523 | </p> |
| 2524 | <p>Vector (Altivec, VMX): essentially as with x86/AMD64 SSE/SSE2: |
| 2525 | no exceptions, and limited observance of rounding mode. |
| 2526 | For Altivec, FP arithmetic |
| 2527 | is done in IEEE/Java mode, which is more accurate than the Linux default |
| 2528 | setting. "More accurate" means that denormals are handled properly, |
| 2529 | rather than simply being flushed to zero.</p> |
| 2530 | </li> |
| 2531 | </ul></div> |
| 2532 | <p>Programs which are known not to work are:</p> |
| 2533 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>emacs starts up but immediately concludes it is out of |
| 2534 | memory and aborts. It may be that Memcheck does not provide |
| 2535 | a good enough emulation of the |
| 2536 | <code class="computeroutput">mallinfo</code> function. |
| 2537 | Emacs works fine if you build it to use |
| 2538 | the standard malloc/free routines.</p></li></ul></div> |
| 2539 | </div> |
| 2540 | <div class="sect1"> |
| 2541 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 2542 | <a name="manual-core.example"></a>2.12. An Example Run</h2></div></div></div> |
| 2543 | <p>This is the log for a run of a small program using Memcheck. |
| 2544 | The program is in fact correct, and the reported error is as the |
| 2545 | result of a potentially serious code generation bug in GNU g++ |
| 2546 | (snapshot 20010527).</p> |
| 2547 | <pre class="programlisting"> |
| 2548 | sewardj@phoenix:~/newmat10$ ~/Valgrind-6/valgrind -v ./bogon |
| 2549 | ==25832== Valgrind 0.10, a memory error detector for x86 RedHat 7.1. |
| 2550 | ==25832== Copyright (C) 2000-2001, and GNU GPL'd, by Julian Seward. |
| 2551 | ==25832== Startup, with flags: |
| 2552 | ==25832== --suppressions=/home/sewardj/Valgrind/redhat71.supp |
| 2553 | ==25832== reading syms from /lib/ld-linux.so.2 |
| 2554 | ==25832== reading syms from /lib/libc.so.6 |
| 2555 | ==25832== reading syms from /mnt/pima/jrs/Inst/lib/libgcc_s.so.0 |
| 2556 | ==25832== reading syms from /lib/libm.so.6 |
| 2557 | ==25832== reading syms from /mnt/pima/jrs/Inst/lib/libstdc++.so.3 |
| 2558 | ==25832== reading syms from /home/sewardj/Valgrind/valgrind.so |
| 2559 | ==25832== reading syms from /proc/self/exe |
| 2560 | ==25832== |
| 2561 | ==25832== Invalid read of size 4 |
| 2562 | ==25832== at 0x8048724: BandMatrix::ReSize(int,int,int) (bogon.cpp:45) |
| 2563 | ==25832== by 0x80487AF: main (bogon.cpp:66) |
| 2564 | ==25832== Address 0xBFFFF74C is not stack'd, malloc'd or free'd |
| 2565 | ==25832== |
| 2566 | ==25832== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) |
| 2567 | ==25832== malloc/free: in use at exit: 0 bytes in 0 blocks. |
| 2568 | ==25832== malloc/free: 0 allocs, 0 frees, 0 bytes allocated. |
| 2569 | ==25832== For a detailed leak analysis, rerun with: --leak-check=yes |
| 2570 | </pre> |
| 2571 | <p>The GCC folks fixed this about a week before GCC 3.0 |
| 2572 | shipped.</p> |
| 2573 | </div> |
| 2574 | <div class="sect1"> |
| 2575 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
| 2576 | <a name="manual-core.warnings"></a>2.13. Warning Messages You Might See</h2></div></div></div> |
| 2577 | <p>Some of these only appear if you run in verbose mode |
| 2578 | (enabled by <code class="option">-v</code>):</p> |
| 2579 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> |
| 2580 | <li class="listitem"> |
| 2581 | <p><code class="computeroutput">More than 100 errors detected. Subsequent |
| 2582 | errors will still be recorded, but in less detail than |
| 2583 | before.</code></p> |
| 2584 | <p>After 100 different errors have been shown, Valgrind becomes |
| 2585 | more conservative about collecting them. It then requires only the |
| 2586 | program counters in the top two stack frames to match when deciding |
| 2587 | whether or not two errors are really the same one. Prior to this |
| 2588 | point, the PCs in the top four frames are required to match. This |
| 2589 | hack has the effect of slowing down the appearance of new errors |
| 2590 | after the first 100. The 100 constant can be changed by recompiling |
| 2591 | Valgrind.</p> |
| 2592 | </li> |
| 2593 | <li class="listitem"> |
| 2594 | <p><code class="computeroutput">More than 1000 errors detected. I'm not |
| 2595 | reporting any more. Final error counts may be inaccurate. Go fix |
| 2596 | your program!</code></p> |
| 2597 | <p>After 1000 different errors have been detected, Valgrind |
| 2598 | ignores any more. It seems unlikely that collecting even more |
| 2599 | different ones would be of practical help to anybody, and it avoids |
| 2600 | the danger that Valgrind spends more and more of its time comparing |
| 2601 | new errors against an ever-growing collection. As above, the 1000 |
| 2602 | number is a compile-time constant.</p> |
| 2603 | </li> |
| 2604 | <li class="listitem"> |
| 2605 | <p><code class="computeroutput">Warning: client switching stacks?</code></p> |
| 2606 | <p>Valgrind spotted such a large change in the stack pointer |
| 2607 | that it guesses the client is switching to a different stack. At |
| 2608 | this point it makes a kludgey guess where the base of the new |
| 2609 | stack is, and sets memory permissions accordingly. At the moment |
| 2610 | "large change" is defined as a change of more that 2000000 in the |
| 2611 | value of the stack pointer register. If Valgrind guesses wrong, |
| 2612 | you may get many bogus error messages following this and/or have |
| 2613 | crashes in the stack trace recording code. You might avoid these |
| 2614 | problems by informing Valgrind about the stack bounds using |
| 2615 | VALGRIND_STACK_REGISTER client request. </p> |
| 2616 | </li> |
| 2617 | <li class="listitem"> |
| 2618 | <p><code class="computeroutput">Warning: client attempted to close Valgrind's |
| 2619 | logfile fd <number></code></p> |
| 2620 | <p>Valgrind doesn't allow the client to close the logfile, |
| 2621 | because you'd never see any diagnostic information after that point. |
| 2622 | If you see this message, you may want to use the |
| 2623 | <code class="option">--log-fd=<number></code> option to specify a |
| 2624 | different logfile file-descriptor number.</p> |
| 2625 | </li> |
| 2626 | <li class="listitem"> |
| 2627 | <p><code class="computeroutput">Warning: noted but unhandled ioctl |
| 2628 | <number></code></p> |
| 2629 | <p>Valgrind observed a call to one of the vast family of |
| 2630 | <code class="computeroutput">ioctl</code> system calls, but did not |
| 2631 | modify its memory status info (because nobody has yet written a |
| 2632 | suitable wrapper). The call will still have gone through, but you may get |
| 2633 | spurious errors after this as a result of the non-update of the |
| 2634 | memory info.</p> |
| 2635 | </li> |
| 2636 | <li class="listitem"> |
| 2637 | <p><code class="computeroutput">Warning: set address range perms: large range |
| 2638 | <number></code></p> |
| 2639 | <p>Diagnostic message, mostly for benefit of the Valgrind |
| 2640 | developers, to do with memory permissions.</p> |
| 2641 | </li> |
| 2642 | </ul></div> |
| 2643 | </div> |
| 2644 | </div> |
| 2645 | <div> |
| 2646 | <br><table class="nav" width="100%" cellspacing="3" cellpadding="2" border="0" summary="Navigation footer"> |
| 2647 | <tr> |
| 2648 | <td rowspan="2" width="40%" align="left"> |
| 2649 | <a accesskey="p" href="manual-intro.html"><< 1. Introduction</a> </td> |
| 2650 | <td width="20%" align="center"><a accesskey="u" href="manual.html">Up</a></td> |
| 2651 | <td rowspan="2" width="40%" align="right"> <a accesskey="n" href="manual-core-adv.html">3. Using and understanding the Valgrind core: Advanced Topics >></a> |
| 2652 | </td> |
| 2653 | </tr> |
| 2654 | <tr><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td></tr> |
| 2655 | </table> |
| 2656 | </div> |
| 2657 | </body> |
| 2658 | </html> |