Better Embedded 2013 - Detecting Memory Leaks with Valgrind

Detecting Memory Leaks with Valgrind

by Rigels Gordani

Rigels GordaniComputer EngineerIntecs S.p.A

Automotive Unit- In Vehicle Infotainment, - Linux Embedded, - AUTOSAR

Products Unit- Porting Linux applications to Windows

About me

Collaborated with


Memory errors lead to faults like segmentation faults,which are very common while dealing with pointersin C/C++ programming.

Identifying and fixing compilation errors is quite easy,but the task of fixing segmentation faults and memory leaks is very tedious.


Valgrind is a memory checker, it is designed to be as non-intrusive as possible.

It works directly with existing executables.You don’t need to recompile, relink,or otherwise modify the program to be checked.


Latest stable version as speaking of Valgrind is 3.8.x.The following platforms support Valgrind:

- x86 and x86_64 Linux - ARM Linux and ARM Android ( >= 2.3.x) - PPC32 and PPC64 Linux - S390X Linux - MIPS Linux - x86 Android (>= 4.0) - x86 and AMD64 Darwin


In this presentation we will explore how to use Valgrindto detect memory errors in a program written in C/C++using MemCheck tool. Apart from MemCheck tool, Valgrind also includes:

- thread error detectors, - a cache and branch-prediction profiler, - a call-graph generating cache - and branch-prediction profiler, - a heap profiler and other experimental tools.


What kind of problems can be detected with Valgrind 's memcheck:

1. Not releasing acquired memory using delete/free.

2. Writing into an array with an index that's out of bounds

3. Trying to reference/dereference a pointer that is not yet initialized.


4. Trying to dereference a pointer that is already freed.

5. Passing system call parameters with inadequate buffers for read/write; i.e., if your program makes a system call passing an invalid buffer.

6. Uses of undefined variable values.


All the previous situations can give rise to memory errors, causing the program to terminate abruptly.

This is particularly dangerous in safety and mission-critical systems, where such abrupt program termination can have catastrophic consequences.

Hence, it is necessary to detect and resolve such errors that can lead to segmentation faults.


All the previous situations can give rise to memory The Valgrind open source tool can be used to detect some of these errors by dynamically executing the program.

Memory faults may not cause significant damages insmall programs, but can be extremely dangerous in safety-critical applications and can have disastrous consequences; for instance, a segmentation fault in a medical application may lead to loss of lives.


Let's illustrate the usage of Valgrind through the following scenarios:

1. Valgrind command line tool.

2. QtCreator integration of Valgrind.

3. Eclipse integration of Valgrind using LinuxTools.



Compile the C or C++ source file with debugging option:

$ g++ -g example1.cpp -o example1 // for a C++ file$ gcc -g example1.c -o example1 // for a C file

With -g option, you’ll get messages which point directly to the relevant source code lines. Omitting -g options, you'll get only functions name.



To analyse the program compiled using Valgrind, run the following command:

$ valgrind --tool=memcheck --leak-check=yes ./example1



$ gcc -g example1.c -o example1$ valgrind --tool=memcheck --leak-check=yes ./example1

Out of bounds access, C compiler doesn't complain

Memory leak



==6287== Memcheck, a memory error detector==6287== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.==6287== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info==6287== Command: ./example1==6287== ==6287== Invalid write of size 4==6287== at 0x400567: main (prova.c:14)==6287== Address 0x51f1068 is 0 bytes after a block of size 40 alloc'd==6287== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)==6287== by 0x400534: main (prova.c:8)==6287== ==6287== ==6287== HEAP SUMMARY:==6287== in use at exit: 40 bytes in 1 blocks==6287== total heap usage: 1 allocs, 0 frees, 40 bytes allocated==6287== ==6287== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1==6287== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)==6287== by 0x400534: main (prova.c:8)==6287==


1. Valgrind command line tool.(continues...)

==6287== LEAK SUMMARY:==6287== definitely lost: 40 bytes in 1 blocks==6287== indirectly lost: 0 bytes in 0 blocks==6287== possibly lost: 0 bytes in 0 blocks==6287== still reachable: 0 bytes in 0 blocks==6287== suppressed: 0 bytes in 0 blocks==6287== ==6287== For counts of detected and suppressed errors, rerun with: -v==6287== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2)



Open QtCreator.

Create a C application project. Edit the C source file Compile in Debug Mode Analyze-> Run Valgrind Memory Analyzer



Advantages of a GUI solution are obvious here:

Very quick problem identification Click on the error sends to the line of code with the error No need to run Valgrind from command line, QtCreator does it



Need to install LinuxTools from Eclipse components.

After installing LinuxTools:

Open Eclipse Create a new C++ Project. Edit the C++ file. Build in Debug Mode Profile with Valgrind.


Using C++11 smart pointers like unique_ptr<...>

They allow you to write code that automatically prevents memory or resource leaks with exception handling.

Smart pointer objects are allocated on the stack and whenever the smart pointer object is destroyed, it frees the underlying resource.



$ valgrind --tool=memcheck --leak-check=full ./example_uniq==30755== Memcheck, a memory error detector==30755== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.==30755== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info==30755== Command: ./example_uniq==30755== main()print()==30755== ==30755== HEAP SUMMARY:==30755== in use at exit: 0 bytes in 0 blocks==30755== total heap usage: 1 allocs, 1 frees, 24 bytes allocated==30755== ==30755== All heap blocks were freed -- no leaks are possible==30755== ==30755== For counts of detected and suppressed errors, rerun with: -v==30755== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)


Valgrind usage in identifying software security problems Valgrind can identify many of the “Top 25 Most Dangerous Software Errors” listed in http://cwe.mitre.org/top25/#CWE-676

[4]: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

[20]: Incorrect Calculation of Buffer Size

http://cwe.mitre.org/top25/#CWE-676


Bibliography:

1. www.valgrind.org 2. GNU Linux Application Programming 2ed, Chapter 34

3. The developers guide to debugging , Spinger ,Holtmann, Chapter 4, Fixing memory problems

4. Professional C++, Wiley, ISBN 0470932449

5. Valgrind Advanced Debugging and Profiling for GNU/Linux applications ISBN: 0-9546120-5-1

http://www.valgrind.org/


Thank you

Rigels Gordanirigels_gordani

rigels.gordani

Better Embedded 2013 - Detecting Memory Leaks with Valgrind

Technology

Transcript of Better Embedded 2013 - Detecting Memory Leaks with Valgrind