valgrind 内存泄露检测

1、Valgrind是一款用于内存调试、内存泄漏检测以及性能分析的软件开发工具。

2、Valgrind包括如下一些工具:

  • Memcheck。这是valgrind应用最广泛的工具,一个重量级的内存检查器,能够发现开发中绝大多数内存错误使用情况,比如:使用未初始化的内存,使用已经释放了的内存,内存访问越界等。这也是本文将重点介绍的部分。
  • Callgrind。它主要用来检查程序中函数调用过程中出现的问题。
  • Cachegrind。它主要用来检查程序中缓存使用出现的问题。
  • Helgrind。它主要用来检查多线程程序中出现的竞争问题。
  • Massif。它主要用来检查程序中堆栈使用中出现的问题。
  • Extension。可以利用core提供的功能,自己编写特定的内存调试工具。

3、Memcheck 工具主要检查下面的程序错误:

  • 使用未初始化的内存 (Use of uninitialised memory)
  • 使用已经释放了的内存 (Reading/writing memory after it has been free’d)
  • 使用超过 malloc分配的内存空间(Reading/writing off the end of malloc’d blocks)
  • 对堆栈的非法访问 (Reading/writing inappropriate areas on the stack)
  • 申请的空间是否有释放 (Memory leaks – where pointers to malloc’d blocks are lost forever)
  • malloc/free/new/delete申请和释放内存的匹配(Mismatched use of malloc/new/new [] vs free/delete/delete [])
  • src和dst的重叠(Overlapping src and dst pointers in memcpy() and related functions)

4、内存泄露检测主要通过Memcheck工具,具体为valgrind开启选项: --tool=memcheck --leak-check=full;其检测结果针对不同的泄露情况分为下面几类(via):

  • "definitely lost" means your program is leaking memory -- fix those leaks!
  • "indirectly lost" means your program is leaking memory in a pointer-based structure. (E.g. if the root node of a binary tree is "definitely lost", all the children will be "indirectly lost".) If you fix the "definitely lost" leaks, the "indirectly lost" leaks should go away.
  • "possibly lost" means your program is leaking memory, unless you're doing unusual things with pointers that could cause them to point into the middle of an allocated block; see the user manual for some possible causes. Use --show-possibly-lost=no if you don't want to see these reports.
  • "still reachable" means your program is probably ok -- it didn't free some memory it could have. This is quite common and often reasonable. Don't use --show-reachable=yes if you don't want to see these reports.
  • "suppressed" means that a leak error has been suppressed. There are some suppressions in the default suppression files. You can ignore suppressed errors.

5、Definitely lost 重现:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
/*vg_test.cpp*/
#include <iostream>
#include <string>
using namespace std;
 
void vg_test( char * p, const bool need)
{
     if (need)
     {
         p = new char [10];
     }
}
 
int main( int argc, char * argv[])
{
     char * p = NULL;
     vg_test(p, true );
     if (p) delete [] p;
 
     return 0;
}

编译:

g++ vg_test.cpp  -o vg

内存泄露检测:

valgrind --tool=memcheck --leak-check=full --show-reachable=yes --trace-children=yes ./vg

结果:

1
2
3
4
5
6
7
8
9
10
==28842== 10 bytes in 1 blocks are definitely lost in loss record 1 of 1
==28842==    at 0x4A05CB9: operator new[](unsigned long) (vg_replace_malloc.c:199)
==28842==    by 0x4007F3: vg_test(char*, bool) ( in /home/amadeuzou/Work/vg )
==28842==    by 0x40081E: main ( in /home/amadeuzou/Work/vg )
==28842==
==28842== LEAK SUMMARY:
==28842==    definitely lost: 10 bytes in 1 blocks.
==28842==      possibly lost: 0 bytes in 0 blocks.
==28842==    still reachable: 0 bytes in 0 blocks.
==28842==         suppressed: 0 bytes in 0 blocks.

6、Still reachable 重现:

1
2
3
4
5
6
7
8
9
10
11
#include <iostream>
#include <string>
using namespace std;
 
void ** ptr;
int main( int argc, char * argv[])
{
     ptr = ( void **) malloc ( sizeof ( void *));
 
     return 0;
}

编译:

g++ vg_test.cpp  -o vg

内存泄露检测:

valgrind --tool=memcheck --leak-check=full --show-reachable=yes --trace-children=yes ./vg

结果:

1
2
3
4
5
6
7
8
9
==29535== 8 bytes in 1 blocks are still reachable in loss record 1 of 1
==29535==    at 0x4A05809: malloc (vg_replace_malloc.c:149)
==29535==    by 0x40071C: main ( in /home/amadeuzou/Work/vg )
==29535==
==29535== LEAK SUMMARY:
==29535==    definitely lost: 0 bytes in 0 blocks.
==29535==      possibly lost: 0 bytes in 0 blocks.
==29535==    still reachable: 8 bytes in 1 blocks.
==29535==         suppressed: 0 bytes in 0 blocks.

7、其他用法或选项:

用法: valgrind [options] prog-and-args [options]: 常用选项,适用于所有Valgrind工具

  • -tool=<name> 最常用的选项。运行 valgrind中名为toolname的工具。默认memcheck。
  • h –help 显示帮助信息。
  • -version 显示valgrind内核的版本,每个工具都有各自的版本。
  • q –quiet 安静地运行,只打印错误信息。
  • v –verbose 更详细的信息, 增加错误数统计。
  • -trace-children=no|yes 跟踪子线程? [no]
  • -track-fds=no|yes 跟踪打开的文件描述?[no]
  • -time-stamp=no|yes 增加时间戳到LOG信息? [no]
  • -log-fd=<number> 输出LOG到描述符文件 [2=stderr]
  • -log-file=<file> 将输出的信息写入到filename.PID的文件里,PID是运行程序的进行ID
  • -log-file-exactly=<file> 输出LOG信息到 file
  • -log-file-qualifier=<VAR> 取得环境变量的值来做为输出信息的文件名。 [none]
  • -log-socket=ipaddr:port 输出LOG到socket ,ipaddr:port

LOG信息输出:

  • -xml=yes 将信息以xml格式输出,只有memcheck可用
  • -num-callers=<number> show <number> callers in stack traces [12]
  • -error-limit=no|yes 如果太多错误,则停止显示新错误? [yes]
  • -error-exitcode=<number> 如果发现错误则返回错误代码 [0=disable]
  • -db-attach=no|yes 当出现错误,valgrind会自动启动调试器gdb。[no]
  • -db-command=<command> 启动调试器的命令行选项[gdb -nw %f %p]

适用于Memcheck工具的相关选项:

  • -leak-check=no|summary|full 要求对leak给出详细信息? [summary]
  • -leak-resolution=low|med|high how much bt merging in leak check [low]
  • -show-reachable=no|yes show reachable blocks in leak check? [no]

8、参考:
应用 Valgrind 发现 Linux 程序的内存问题
调用opencv的grabcut函数采用valgrind检测时出现疑似内存泄漏的问题讨论

你可能感兴趣的:(valgrind 内存泄露检测)