- DL manuals
- Valgrind
- Software
- Software
- Quick Start Manual
Valgrind Software Quick Start Manual
Valgrind Documentation
Release 3.8.0 10 August 2012
Copyright © 2000-2012
AUTHORS
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation
License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with
no Front-Cover Texts, and with no Back-Cover Texts.
A copy of the license is included in the section entitled
The
GNU Free Documentation License
.
This is the top level of Valgrind’s documentation tree. The documentation is contained in six logically separate
documents, as listed in the following Table of Contents. To get started quickly, read the Valgrind Quick Start Guide.
For full documentation on Valgrind, read the Valgrind User Manual.
Summary of Software
Page 1
Valgrind documentation release 3.8.0 10 august 2012 copyright © 2000-2012 authors permission is granted to copy, distribute and/or modify this document under the terms of the gnu free documentation license, version 1.2 or any later version published by the free software foundation; with no invariant...
Page 2: Table Of Contents
Valgrind documentation table of contents the valgrind quick start guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 valgrind user manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 3
The valgrind quick start guide release 3.8.0 10 august 2012 copyright © 2000-2012 valgrind developers email: valgrind@valgrind.Org.
Page 4: Table Of Contents
The valgrind quick start guide table of contents the valgrind quick start guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...
Page 5: 1. Introduction
The valgrind quick start guide the valgrind quick start guide 1. Introduction the valgrind tool suite provides a number of debugging and profiling tools that help you make your programs faster and more correct. The most popular of these tools is called memcheck. It can detect many memory-related err...
Page 6
The valgrind quick start guide #include void f(void) { int* x = malloc(10 * sizeof(int)); x[10] = 0; // problem 1: heap block overrun } // problem 2: memory leak -- x not freed int main(void) { f(); return 0; } most error messages look like the following, which describes problem 1, the heap block ov...
Page 7: 5. Caveats
The valgrind quick start guide it’s worth fixing errors in the order they are reported, as later errors can be caused by earlier errors. Failing to do this is a common cause of difficulty with memcheck. Memory leak messages look like this: ==19182== 40 bytes in 1 blocks are definitely lost in loss r...
Page 8: Valgrind User Manual
Valgrind user manual release 3.8.0 10 august 2012 copyright © 2000-2012 valgrind developers email: valgrind@valgrind.Org.
Page 9: Table Of Contents
Valgrind user manual table of contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1. An overview of valgrind . . . . . . . . . . . . . . . . . . . . . . . . ...
Page 10
Valgrind user manual 4.2.4. Illegal frees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 4.2.5. When a heap block is freed with an inappropriate deallocation function . . . . . . . . . ....
Page 11
Valgrind user manual 6.2.3. Counting global bus events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 6.2.4. Avoiding cycles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 12
Valgrind user manual 9.2.1. An example program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 9.2.2. Running massif . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 13: 1. Introduction
1. Introduction 1.1. An overview of valgrind valgrind is an instrumentation framework for building dynamic analysis tools. It comes with a set of tools each of which performs some kind of debugging, profiling, or similar task that helps you improve your programs. Valgrind’s architecture is modular, ...
Page 14
Introduction 1.2. How to navigate this manual this manual’s structure reflects the structure of valgrind itself. First, we describe the valgrind core, how to use it, and the options it supports. Then, each tool has its own chapter in this manual. You only need to read the documentation for the core ...
Page 15: Valgrind Core
2. Using and understanding the valgrind core this chapter describes the valgrind core services, command-line options and behaviours. That means it is relevant regardless of what particular tool you are using. The information should be sufficient for you to make effective day-to-day use of valgrind. ...
Page 16: 2.2. Getting Started
Using and understanding the valgrind core different error-checking tools report different kinds of errors. The suppression mechanism therefore allows you to say which tool or tool(s) each suppression applies to. 2.2. Getting started first off, consider whether it might be beneficial to recompile you...
Page 17
Using and understanding the valgrind core you can direct the commentary to three different places: 1. The default: send it to a file descriptor, which is by default 2 (stderr). So, if you give the core no options, it will write commentary to the standard error stream. If you want to send it to some ...
Page 18: 2.4. Reporting Of Errors
Using and understanding the valgrind core here is an important point about the relationship between the commentary and profiling output from tools. The commentary contains a mix of messages from the valgrind core and the selected tool. If the tool reports errors, it will report them to the commentar...
Page 19
Using and understanding the valgrind core the error-checking tools detect numerous problems in the system libraries, such as the c library, which come pre- installed with your os. You can’t easily fix these, but you don’t want to see these errors (and yes, there are many!) so valgrind reads a list o...
Page 20
Using and understanding the valgrind core • next line: a small number of suppression types have extra information after the second line (eg. The param suppression for memcheck) • remaining lines: this is the calling context for the error -- the chain of function calls that led to it. There can be up...
Page 21: 2.6.2. Basic Options
Using and understanding the valgrind core locations is regrettable, but is about all you can hope for, given that the x11 libraries shipped on the linux distro on which this example was made have had their symbol tables removed. Although the above two examples do not make this clear, you can freely ...
Page 22
Using and understanding the valgrind core --version show the version number of the valgrind core. Tools can have their own version numbers. There is a scheme in place to ensure that tools only execute when the core version is one they are known to work with. This was done to minimise the chances of ...
Page 23
Using and understanding the valgrind core --vgdb-error= [default: 999999999] use this option when the valgrind gdbserver is enabled with --vgdb=yes or --vgdb=full. Tools that report errors will wait for "number" errors to be reported before freezing the program and waiting for you to connect with gd...
Page 24
Using and understanding the valgrind core --xml= [default: no] when enabled, the important parts of the output (e.G. Tool error messages) will be in xml format rather than plain text. Furthermore, the xml output will be sent to a different output channel than the plain text output. Therefore, you al...
Page 25
Using and understanding the valgrind core --error-limit= [default: yes] when enabled, valgrind stops reporting errors after 10,000,000 in total, or 1,000 different ones, have been seen. This is to stop the error tracking machinery from becoming a huge performance overhead in programs with many error...
Page 26
Using and understanding the valgrind core --gen-suppressions= [default: no] when set to yes, valgrind will pause after every error shown and print the line: ---- print suppression ? --- [return/n/n/y/y/c/c] ---- the prompt’s behaviour is the same as for the --db-attach option (see below). If you cho...
Page 27
Using and understanding the valgrind core --input-fd= [default: 0, stdin] when using --db-attach=yes or --gen-suppressions=yes, valgrind will stop so as to read keyboard input from you when each error occurs. By default it reads from the standard input (stdin), which is problematic for programs whic...
Page 28: 2.6.5. Uncommon Options
Using and understanding the valgrind core --main-stacksize= [default: use current ’ulimit’ value] specifies the size of the main thread’s stack. To simplify its memory management, valgrind reserves all required space for the main thread’s stack at startup. That means it needs to know the required st...
Page 29
Using and understanding the valgrind core --smc-check= [default: stack] this option controls valgrind’s detection of self-modifying code. If no checking is done, if a program executes some code, then overwrites it with new code, and executes the new code, valgrind will continue to execute the transl...
Page 30
Using and understanding the valgrind core ==15522== uninitialised byte(s) found during client check request ==15522== at 0x400633: croak (varinfo1.C:28) ==15522== by 0x4006b2: main (varinfo1.C:55) ==15522== location 0x60103b is 0 bytes inside global_i2[7], ==15522== a global variable declared at var...
Page 31
Using and understanding the valgrind core --sim-hints=hint1,hint2,... Pass miscellaneous hints to valgrind which slightly modify the simulated behaviour in nonstandard or dangerous ways, possibly to help the simulation of strange features. By default no hints are enabled. Use with caution! Currently...
Page 32
Using and understanding the valgrind core --require-text-symbol=:sonamepatt:fnnamepatt when a shared object whose soname matches sonamepatt is loaded into the process, examine all the text symbols it exports. If none of those match fnnamepatt, print an error message and abandon the run. This makes i...
Page 33: 2.6.6. Debugging Options
Using and understanding the valgrind core 2.6.6. Debugging options there are also some options for debugging valgrind itself. You shouldn’t need to use them in the normal run of things. If you wish to see the list, use the --help-debug option. If you wish to debug your program rather than debugging ...
Page 34
Using and understanding the valgrind core on linux, valgrind also supports direct use of the clone system call, futex and so on. Clone is supported where either everything is shared (a thread) or nothing is shared (fork-like); partial sharing will fail. 2.7.1. Scheduling and multi-thread performance...
Page 35: 2.8. Handling Of Signals
Using and understanding the valgrind core 2.8. Handling of signals valgrind has a fairly complete signal implementation. It should be able to cope with any posix-compliant use of signals. If you’re using signals in clever ways (for example, catching sigsegv, modifying page state and restarting the i...
Page 36: 2.11. Limitations
Using and understanding the valgrind core the configure script tests the version of the x server currently indicated by the current $display. This is a known bug. The intention was to detect the version of the current x client libraries, so that correct suppressions could be selected for them, but i...
Page 37
Using and understanding the valgrind core • machine instructions, and system calls, have been implemented on demand. So it’s possible, although unlikely, that a program will fall over with a message to that effect. If this happens, please report all the details printed out, so we can try and impleme...
Page 38: 2.12. An Example Run
Using and understanding the valgrind core • valgrind has the following limitations in its implementation of x86/amd64 sse2 fp arithmetic, relative to ieee754. Essentially the same: no exceptions, and limited observance of rounding mode. Also, sse2 has control bits which make it treat denormalised nu...
Page 39
Using and understanding the valgrind core sewardj@phoenix:~/newmat10$ ~/valgrind-6/valgrind -v ./bogon ==25832== valgrind 0.10, a memory error detector for x86 redhat 7.1. ==25832== copyright (c) 2000-2001, and gnu gpl’d, by julian seward. ==25832== startup, with flags: ==25832== --suppressions=/hom...
Page 40
Using and understanding the valgrind core • warning: client switching stacks? Valgrind spotted such a large change in the stack pointer that it guesses the client is switching to a different stack. At this point it makes a kludgey guess where the base of the new stack is, and sets memory permissions...
Page 41
3. Using and understanding the valgrind core: advanced topics this chapter describes advanced aspects of the valgrind core services, which are mostly of interest to power users who wish to customise and modify valgrind’s default behaviours in certain useful ways. The subjects covered are: • the "cli...
Page 42
Using and understanding the valgrind core: advanced topics valgrind_discard_translations : discards translations of code in the specified address range. Useful if you are debugging a jit compiler or some other dynamic code generation system. After this call, attempts to execute code in the invalidat...
Page 43: Gdbserver And Gdb
Using and understanding the valgrind core: advanced topics valgrind_stack_register(start, end) : registers a new stack. Informs valgrind that the memory range between start and end is a unique stack. Returns a stack identifier that can be used with other valgrind_stack_* calls. Valgrind will use thi...
Page 45
Using and understanding the valgrind core: advanced topics ==2418== memcheck, a memory error detector ==2418== copyright (c) 2002-2010, and gnu gpl’d, by julian seward et al. ==2418== using valgrind-3.7.0.Svn and libvex; rerun with -h for copyright info ==2418== command: ./prog ==2418== ==2418== (ac...
Page 47: Gdbserver
Using and understanding the valgrind core: advanced topics adb forward tcp:1234 tcp:1234 gdb prog (gdb) target remote :1234 gdb will use a local tcp/ip connection to connect to the android adb forwarder. Adb will establish a relay connection between the host system and the android target system. Be ...
Page 48
Using and understanding the valgrind core: advanced topics an example of a tool specific monitor command is the memcheck monitor command leak_check full reachable any . This requests a full reporting of the allocated memory blocks. To have this leak check executed, use the gdb command: (gdb) monitor...
Page 49: Registers
Using and understanding the valgrind core: advanced topics vgdb --pid=3145 leak_check full reachable any vgdb --pid=3145 l f r a note that the valgrind gdbserver automatically continues the execution of the program after a standalone invocation of vgdb. Monitor commands sent from gdb do not cause th...
Page 50
Using and understanding the valgrind core: advanced topics float shadow registers are shown by gdb as unsigned integer values instead of float values, as it is expected that these shadow values are mostly used for memcheck validity bits. Intel/amd64 avx registers ymm0 to ymm15 have also their shadow...
Page 51
Using and understanding the valgrind core: advanced topics note that --vgdb=full (+500%, see above precision of "stop-at" commands) automatically activates --vex-iropt-register-updates=allregs-at-each-insn . • hardware watchpoint support by the valgrind gdbserver. The valgrind gdbserver can simulate...
Page 52
Using and understanding the valgrind core: advanced topics • gdb version needed for arm and ppc32/64. You must use a gdb version which is able to read xml target description sent by a gdbserver. This is the standard setup if gdb was configured and built with the "expat" library. If your gdb was not ...
Page 53
Using and understanding the valgrind core: advanced topics • connecting to or interrupting a valgrind process blocked in a system call. Connecting to or interrupting a valgrind process blocked in a system call requires the "ptrace" system call to be usable. This may be disabled in your kernel for se...
Page 54
Using and understanding the valgrind core: advanced topics • unknown limitations or problems. The combination of gdb, valgrind and the valgrind gdbserver probably has unknown other limitations and problems. If you encounter strange or unexpected behaviour, feel free to report a bug. But first please...
Page 55
Using and understanding the valgrind core: advanced topics • --port= instructs vgdb to use tcp/ip and listen for gdb on the specified port nr rather than to use a pipe to communicate with gdb. Using tcp/ip allows to have gdb running on one computer and debugging a valgrind process running on another...
Page 57: 3.3. Function Wrapping
Using and understanding the valgrind core: advanced topics • v.Translate the given trace flags. The traceflags value bit patterns have similar meaning to valgrind’s --trace-flags option. It can be given in hexadecimal (e.G. 0x20) or decimal (e.G. 32) or in binary 1s and 0s bit (e.G. 0b00100000). The...
Page 58
Using and understanding the valgrind core: advanced topics compiling to a .O and linking it in, or compiling to a .So and ld_preloading it in. The latter is more convenient in that it doesn’t require relinking. All wrappers have approximately the above form. There are three crucial macros: i_wrap_so...
Page 59: 3.3.3. Wrapping Semantics
Using and understanding the valgrind core: advanced topics za encodes * zp + zc : zd . Zu _ zh - zs (space) za @ zz z zl ( # only in valgrind 3.3.0 and later zr ) # only in valgrind 3.3.0 and later hence libpthreadzdsozd0 is an encoding of the soname libpthread.So.0 and pthreadzucreatezaza is an enc...
Page 60: 3.3.4. Debugging
Using and understanding the valgrind core: advanced topics a second possible problem is that of conflicting wrappers. It is easily possible to load two or more wrappers, both of which claim to be wrappers for some third function. In such cases valgrind will complain about conflicting wrappers when t...
Page 61: 3.3.7. Examples
Using and understanding the valgrind core: advanced topics 3.3.6. Limitations - original function signatures as shown in the above example, to call the original you must use a macro of the form call_fn_*. For technical reasons it is impossible to create a single macro to deal with all argument types...
Page 62: 4.1. Overview
4. Memcheck: a memory error detector to use this tool, you may specify --tool=memcheck on the valgrind command line. You don’t have to, though, since memcheck is the default tool. 4.1. Overview memcheck is a memory error detector. It can detect the following problems that are common in c and c++ pro...
Page 63
Memcheck: a memory error detector freed. Likewise, if it should turn out to be just off the end of a heap block, a common result of off-by-one- errors in array subscripting, you’ll be informed of this fact, and also where the block was allocated. If you use the --read-var-info option memcheck will r...
Page 64: System Calls
Memcheck: a memory error detector to see information on the sources of uninitialised data in your program, use the --track-origins=yes option. This makes memcheck run more slowly, but can make it much easier to track down the root causes of uninitialised value errors. 4.2.3. Use of uninitialised or ...
Page 65: 4.2.4. Illegal Frees
Memcheck: a memory error detector 4.2.4. Illegal frees for example: invalid free() at 0x4004ffdf: free (vg_clientmalloc.C:577) by 0x80484c7: main (tests/doublefree.C:10) address 0x3807f7b4 is 0 bytes inside a block of size 177 free’d at 0x4004ffdf: free (vg_clientmalloc.C:577) by 0x80484c7: main (te...
Page 66
Memcheck: a memory error detector the worst thing is that on linux apparently it doesn’t matter if you do mix these up, but the same program may then crash on a different platform, solaris for example. So it’s best to fix it properly. According to the kde folks "it’s amazing how many c++ programmers...
Page 67
Memcheck: a memory error detector • it might be a pointer to an array of c++ objects (which possess destructors) allocated with new[]. In this case, some compilers store a "magic cookie" containing the array length at the start of the allocated block, and return a pointer to just past that magic coo...
Page 68
Memcheck: a memory error detector • "possibly lost". This covers cases 5--8 (for the bbb blocks) above. This means that a chain of one or more pointers to the block has been found, but at least one of the pointers is an interior-pointer. This could just be a random value in memory that happens to po...
Page 69
Memcheck: a memory error detector 64 bytes in 4 blocks are still reachable in loss record 2 of 4 at 0x........: malloc (vg_replace_malloc.C:177) by 0x........: mk (leak-cases.C:52) by 0x........: main (leak-cases.C:74) 32 bytes in 2 blocks are indirectly lost in loss record 1 of 4 at 0x........: mal...
Page 70
Memcheck: a memory error detector --undef-value-errors= [default: yes] controls whether memcheck reports uses of undefined value errors. Set this to no if you don’t want to see undefined value errors. It also has the side effect of speeding up memcheck somewhat. --track-origins= [default: no] contro...
Page 71
Memcheck: a memory error detector --freelist-big-blocks= [default: 1000000] when making blocks from the queue of freed blocks available for re-allocation, memcheck will in priority re-circulate the blocks with a size greater or equal to --freelist-big-blocks. This ensures that freeing big blocks (in...
Page 72
Memcheck: a memory error detector • addr1, addr2, addr4, addr8, addr16, meaning an invalid address during a memory access of 1, 2, 4, 8 or 16 bytes respectively. • jump, meaning an jump to an unaddressable location error. • param, meaning an invalid system call parameter error. • free, meaning an in...
Page 73
Memcheck: a memory error detector int i, j; int a[10], b[10]; for ( i = 0; i j = a[i]; b[i] = j; } memcheck emits no complaints about this, since it merely copies uninitialised values from a[] into b[], and doesn’t use them in a way which could affect the behaviour of the program. However, if the lo...
Page 74
Memcheck: a memory error detector so s1 occupies 8 bytes, yet only 5 of them will be initialised. For the assignment s2 = s1, gcc generates code to copy all 8 bytes wholesale into s2 without regard for their meaning. If memcheck simply checked values as they came out of memory, it would yelp every t...
Page 75
Memcheck: a memory error detector • when memory is read into the cpu’s registers, the relevant v bits are fetched from memory and stored in the simulated cpu. They are not consulted. • when a register is written out to memory, the v bits for that register are written back to memory too. • when value...
Page 76
Memcheck: a memory error detector • get_vbits [] shows the definedness (v) bits for (default 1) bytes starting at . The definedness of each byte in the range is given using two hexadecimal digits. These hexadecimal digits encode the validity of each bit of the corresponding byte, using 0 if the bit ...
Page 78
Memcheck: a memory error detector ==19520== suppressed: 0 (+0) bytes in 0 (+0) blocks ==19520== reachable blocks (those to which a pointer was found) are not shown. ==19520== to see them, add ’reachable any’ args to leak_check ==19520== (gdb) mo l ==19520== leak summary: ==19520== definitely lost: 3...
Page 79
Memcheck: a memory error detector ==19552== 112 (16 direct, 96 indirect) bytes in 1 blocks are definitely lost in loss record 7 of 7 ==19552== at 0x40070b4: malloc (vg_replace_malloc.C:263) ==19552== by 0x80484d5: mk (leak-tree.C:28) ==19552== by 0x80484fc: f (leak-tree.C:41) ==19552== by 0x8048856:...
Page 80: 4.7. Client Requests
Memcheck: a memory error detector (gdb) monitor who_points_at 0x4028028 ==20852== searching for pointers to 0x4028028 ==20852== *0x8049e20 points at 0x4028028 ==20852== location 0x8049e20 is 0 bytes inside global var "t" ==20852== declared at leak-tree.C:35 (gdb) monitor who_points_at 0x40281a8 16 =...
Page 81: With Custom Allocators
Memcheck: a memory error detector • valgrind_count_leaks: fills in the four arguments with the number of bytes of memory found by the previous leak check to be leaked (i.E. The sum of direct leaks and indirect leaks), dubious, reach- able and suppressed. This is useful in test harness code, after ca...
Page 82
Memcheck: a memory error detector keep in mind that the last two points above say "typically": the valgrind mempool client request api is intentionally vague about the exact structure of a mempool. There is no specific mention made of headers or superblocks. Nevertheless, the following picture may h...
Page 83
Memcheck: a memory error detector • valgrind_mempool_alloc(pool, addr, size): this request informs memcheck that a size-byte chunk has been allocated at addr, and associates the chunk with the specified pool. If the pool was created with nonzero rzb redzones, memcheck will mark the rzb bytes before ...
Page 84: Valgrind
Memcheck: a memory error detector 4.9. Debugging mpi parallel programs with valgrind memcheck supports debugging of distributed-memory applications which use the mpi message passing standard. This support consists of a library of wrapper functions for the pmpi_* interface. When incorporated into the...
Page 85: 4.9.2. Getting Started
Memcheck: a memory error detector 4.9.2. Getting started compile your mpi application as usual, taking care to link it using the same mpicc that your valgrind build was configured with. Use the following basic scheme to run your application on valgrind with the wrappers engaged: mpiwrap_debug=[wrapp...
Page 86: 4.9.4. Functions
Memcheck: a memory error detector if you want to use valgrind’s xml output facility (--xml=yes), you should pass quiet in mpiwrap_debug so as to get rid of any extraneous printing from the wrappers. 4.9.4. Functions all mpi2 functions except mpi_wtick, mpi_wtime and mpi_pcontrol have wrappers. The f...
Page 87
Memcheck: a memory error detector mpi-1.1 structured types are supported, and walked exactly. The currently supported combin- ers are mpi_combiner_named , mpi_combiner_contiguous , mpi_combiner_vector , mpi_combiner_hvector mpi_combiner_indexed , mpi_combiner_hindexed and mpi_combiner_struct. This s...
Page 88
Memcheck: a memory error detector a known source of potential false errors are the pmpi_reduce family of functions, when using a custom (user- defined) reduction function. In a reduction operation, each node notionally sends data to a "central point" which uses the specified reduction function to me...
Page 89: Branch-Prediction Profiler
5. Cachegrind: a cache and branch-prediction profiler to use this tool, you must specify --tool=cachegrind on the valgrind command line. 5.1. Overview cachegrind simulates how your program interacts with a machine’s cache hierarchy and (optionally) branch predictor. It simulates a machine with indep...
Page 90: 5.2.1. Running Cachegrind
Cachegrind: a cache and branch-prediction profiler first off, as for normal valgrind use, you probably want to compile with debugging info (the -g option). But by contrast with normal valgrind use, you probably do want to turn optimisation on, since you should profile your program as it will be norm...
Page 91: 5.2.3. Running Cg_Annotate
Cachegrind: a cache and branch-prediction profiler can be changed with the --cachegrind-out-file option. This file is human-readable, but is intended to be interpreted by the accompanying program cg_annotate, described in the next section. The default . Suffix on the output file name serves two purp...
Page 92
Cachegrind: a cache and branch-prediction profiler • event sort order: the sort order in which functions are shown. For example, in this case the functions are sorted from highest ir counts to lowest. If two functions have identical ir counts, they will then be sorted by i1mr counts, and so on. This...
Page 93: 5.2.6. Line-By-Line Counts
Cachegrind: a cache and branch-prediction profiler -------------------------------------------------------------------------------- ir i1mr ilmr dr d1mr dlmr dw d1mw dlmw file:function -------------------------------------------------------------------------------- 8,821,482 5 5 2,242,702 1,621 73 1...
Page 94
Cachegrind: a cache and branch-prediction profiler -------------------------------------------------------------------------------- -- user-annotated source: concord.C -------------------------------------------------------------------------------- ir i1mr ilmr dr d1mr dlmr dw d1mw dlmw . . . . . . ...
Page 95: 5.2.8. Forking Programs
Cachegrind: a cache and branch-prediction profiler (figures and code for line 704) -- line 704 ---------------------------------------- -- line 878 ---------------------------------------- (figures and code for line 878) the amount of context to show around annotated lines is controlled by the --con...
Page 96
Cachegrind: a cache and branch-prediction profiler • if a source file is more recent than the cachegrind.Out. File. This is because the information in cachegrind.Out. Is only recorded with line numbers, so if the line numbers change at all in the source (e.G. Lines added, deleted, swapped), any anno...
Page 97
Cachegrind: a cache and branch-prediction profiler • if you compile some files with -g and some without, some events that take place in a file without debug info could be attributed to the last line of a file with debug info (whichever one gets placed before the non-debug-info file in the executable...
Page 98
Cachegrind: a cache and branch-prediction profiler be negative; this indicates that the counts for the relevant function are fewer in the second version than those in the first version. Cg_diff does not attempt to check that the input files come from runs of the same executable. It will happily merg...
Page 99
Cachegrind: a cache and branch-prediction profiler --cachegrind-out-file= write the profile data to file rather than to the default output file, cachegrind.Out.. The %p and %q format specifiers can be used to embed the process id and/or the contents of an environment variable in the name, as is the ...
Page 100
Cachegrind: a cache and branch-prediction profiler --mod-filename= [default: none] specifies a perl search-and-replace expression that is applied to all filenames. Useful for removing minor differences in paths between two different versions of a program that are sitting in different directories. --...
Page 101: 5.7. Simulation Details
Cachegrind: a cache and branch-prediction profiler enum e { a, b, c }; enum e e; enum e table[] = { 1, 2, 3 }; int i; ... I += table[e]; this is obviously a contrived example, but the basic principle applies in a wide variety of situations. In short, cachegrind can tell you where some of the bottlen...
Page 102: 5.7.3. Accuracy
Cachegrind: a cache and branch-prediction profiler • references that straddle two cache lines are treated as follows: • if both blocks hit --> counted as one hit • if one block hits, the other misses --> counted as one miss. • if both blocks miss --> counted as one miss (not two) • instructions that...
Page 103
Cachegrind: a cache and branch-prediction profiler • it doesn’t account for virtual-to-physical address mappings. Hence the simulation is not a true representation of what’s happening in the cache. Most caches and branch predictors are physically indexed, but cachegrind simulates caches using virtua...
Page 105: 6.1. Overview
6. Callgrind: a call-graph generating cache and branch prediction profiler to use this tool, you must specify --tool=callgrind on the valgrind command line. 6.1. Overview callgrind is a profiling tool that records the call history among functions in a program’s run as a call-graph. By default, the c...
Page 106: 6.1.2. Basic Usage
Callgrind: a call-graph generating cache and branch prediction profiler code. This is because there are no explicit call or return instructions in these instruction sets, so callgrind has to rely on heuristics to detect calls and returns. 6.1.2. Basic usage as with cachegrind, you probably want to c...
Page 107: 6.2. Advanced Usage
Callgrind: a call-graph generating cache and branch prediction profiler use --auto=yes to get annotated source code for all relevant functions for which the source can be found. In addition to source annotation as produced by cg_annotate, you will see the annotated call sites with call counts. For a...
Page 108
Callgrind: a call-graph generating cache and branch prediction profiler • spontaneous, interactive dumping. Use callgrind_control -d [hint [pid/name]] to request the dumping of profile information of the supervised application with pid or name. Hint is an arbitrary string you can optionally specify ...
Page 109: 6.2.4. Avoiding Cycles
Callgrind: a call-graph generating cache and branch prediction profiler misses which would not have happened in reality. If you do not want to see these, start event collection a few million instructions after you have enabled instrumentation. 6.2.3. Counting global bus events for access to shared d...
Page 110: 6.2.5. Forking Programs
Callgrind: a call-graph generating cache and branch prediction profiler quite capable of avoiding cycles, it has to be used carefully to not cause symbol explosion. The latter imposes large memory requirement for callgrind with possible out-of-memory conditions, and big profile data files. A further...
Page 111: 6.3.2. Activity Options
Callgrind: a call-graph generating cache and branch prediction profiler --dump-line= [default: yes] this specifies that event counting should be performed at source line granularity. This allows source annotation for sources which are compiled with debug information (-g). --dump-instr= [default: no]...
Page 112
Callgrind: a call-graph generating cache and branch prediction profiler --instr-atstart= [default: yes] specify if you want callgrind to start simulation and profiling from the beginning of the program. When set to no, callgrind will not be able to collect any information, including calls, but it wi...
Page 113: 6.3.5. Simulation Options
Callgrind: a call-graph generating cache and branch prediction profiler --separate-threads= [default: no] this option specifies whether profile data should be generated separately for every thread. If yes, the file names get "-threadid" appended. --separate-callers= [default: 0] separate contexts by...
Page 114
Callgrind: a call-graph generating cache and branch prediction profiler --simulate-wb= [default: no] specify whether write-back behavior should be simulated, allowing to distinguish ll caches misses with and without write backs. The cache model of cachegrind/callgrind does not specify write-through ...
Page 116
Callgrind: a call-graph generating cache and branch prediction profiler --auto= [default: no] annotate all source files containing functions that helped reach the event count threshold. --context=n [default: 8] print n lines of context before and after annotated lines. --inclusive= [default: no] add...
Page 117
Callgrind: a call-graph generating cache and branch prediction profiler --instr= switch instrumentation mode on or off. If a callgrind run has instrumentation disabled, no simulation is done and no events are counted. This is useful to skip uninteresting program parts, as there is much less slowdown...
Page 118: 7.1. Overview
7. Helgrind: a thread error detector to use this tool, you must specify --tool=helgrind on the valgrind command line. 7.1. Overview helgrind is a valgrind tool for detecting synchronisation errors in c, c++ and fortran programs that use the posix pthreads threading primitives. The main abstractions ...
Page 119: Orderings
Helgrind: a thread error detector • destroying an invalid or a locked mutex • recursively locking a non-recursive mutex • deallocation of memory that contains a locked mutex • passing mutex arguments to functions expecting reader-writer lock arguments, and vice versa • when a posix pthread function ...
Page 120
Helgrind: a thread error detector in this section, and in general, to "acquire" a lock simply means to lock that lock, and to "release" a lock means to unlock it. Helgrind monitors the order in which threads acquire locks. This allows it to detect potential deadlocks which could arise from the forma...
Page 121
Helgrind: a thread error detector thread #6: lock order "0x6010c0 before 0x601160" violated observed (incorrect) order is: acquisition of lock at 0x601160 (stack unavailable) followed by a later acquisition of lock at 0x6010c0 at 0x4c2bc62: pthread_mutex_lock (hg_intercepts.C:494) by 0x4007de: dine ...
Page 122
Helgrind: a thread error detector thread #1 is the program’s root thread thread #2 was created at 0x511c08e: clone (in /lib64/libc-2.8.So) by 0x4e333a4: do_clone (in /lib64/libpthread-2.8.So) by 0x4e33a30: pthread_create@@glibc_2.2.5 (in /lib64/libpthread-2.8.So) by 0x4c299d4: pthread_create@* (hg_i...
Page 123
Helgrind: a thread error detector the following section explains helgrind’s race detection algorithm in more detail. 7.4.2. Helgrind’s race detection algorithm most programmers think about threaded programming in terms of the basic functionality provided by the threading library (posix pthreads): th...
Page 124
Helgrind: a thread error detector parent thread: child thread: int var; // create child thread pthread_create(...) var = 20; // send message to child // wait for message to arrive var = 10; exit // wait for child pthread_join(...) printf("%d", var); now the program reliably prints "10", regardless...
Page 125
Helgrind: a thread error detector • when a condition variable (cv) is signalled on by thread t1 and some other thread t2 is thereby released from a wait on the same cv, then the memory accesses in t1 prior to the signalling must happen-before those in t2 after it returns from the wait. If no thread ...
Page 126
Helgrind: a thread error detector thread #2 was created at 0x511c08e: clone (in /lib64/libc-2.8.So) by 0x4e333a4: do_clone (in /lib64/libpthread-2.8.So) by 0x4e33a30: pthread_create@@glibc_2.2.5 (in /lib64/libpthread-2.8.So) by 0x4c299d4: pthread_create@* (hg_intercepts.C:214) by 0x4008f2: main (tc2...
Page 127
Helgrind: a thread error detector the first thing to do is examine the source locations referred to by each call stack. They should both show an access to the same location, or variable. Now figure out how how that location should have been made thread-safe: • perhaps the location was intended to be...
Page 128
Helgrind: a thread error detector • qt version 4.X. Qt 3.X is harmless in that it only uses posix pthreads primitives. Unfortunately qt 4.X has its own implementation of mutexes (qmutex) and thread reaping. Helgrind 3.4.X contains direct support for qt 4.X threading, which is experimental but is bel...
Page 129
Helgrind: a thread error detector 2. Avoid memory recycling. If you can’t avoid it, you must use tell helgrind what is going on via the valgrind_hg_clean_memory client request (in helgrind.H). Helgrind is aware of standard heap memory allocation and deallocation that occurs via malloc/free/new/delet...
Page 130
Helgrind: a thread error detector 4. Make sure you are using a supported linux distribution. At present, helgrind only properly supports glibc-2.3 or later. This in turn means we only support glibc’s nptl threading implementation. The old linuxthreads implementation is not supported. 5. Round up all...
Page 133: 8.1. Overview
8. Drd: a thread error detector to use this tool, you must specify --tool=drd on the valgrind command line. 8.1. Overview drd is a valgrind tool for detecting errors in multithreaded c and c++ programs. The tool works for any program that uses the posix threading primitives or that uses threading co...
Page 134
Drd: a thread error detector • a shared address space. All threads running within the same process share the same address space. All data, whether shared or not, is identified by its address. • regular load and store operations, which allow to read values from or to write values to the memory shared...
Page 135: 8.2. Using Drd
Drd: a thread error detector 2. Synchronization operations determine certain ordering constraints on memory operations performed by different threads. These ordering constraints are called the synchronization order. The combination of program order and synchronization order is called the happens-bef...
Page 136
Drd: a thread error detector --first-race-only= [default: no] whether to report only the first data race that has been detected on a memory location or all data races that have been detected on a memory location. --free-is-write= [default: no] whether to report races between accessing memory and fre...
Page 137
Drd: a thread error detector --ptrace-addr= none] trace all load and store activity for the specified address and keep doing that even after the memory at that address has been freed and reallocated. --trace-alloc= [default: no] trace all memory allocations and deallocations. May produce a huge amou...
Page 138
Drd: a thread error detector below you can find an example of a message printed by drd when it detects a data race: $ valgrind --tool=drd --read-var-info=yes drd/tests/rwlock_race ... ==9466== thread 3: ==9466== conflicting load by thread 3 at 0x006020b8 size 4 ==9466== at 0x400b6c: thread_func (rwl...
Page 139
Drd: a thread error detector 1. Start at the bottom of both call stacks, and count the number stack frames with identical function name, file name and line number. In the above example the three bottommost frames are identical (clone, start_thread and vg_thread_wrapper). 2. The next higher stack fra...
Page 140: 8.2.5. Client Requests
Drd: a thread error detector • calling pthread_cond_wait on a mutex that is not locked, that is locked by another thread or that has been locked recursively. • associating two different mutexes with a condition variable through pthread_cond_wait. • destruction or deallocation of a condition variable...
Page 141
Drd: a thread error detector • the macro drd_stop_ignoring_var(x) and the corresponding client request vg_userreq__drd_finish_suppression. Tell drd to no longer ignore data races for the address range that was suppressed either via the macro drd_ignore_var(x) or via the client request vg_userreq__dr...
Page 142
Drd: a thread error detector • the macro annotate_barrier_init(barrier, count, reinitialization_allowed) tells drd that a new barrier object at the address barrier has been initialized, that count threads participate in each barrier and also whether or not barrier reinitialization without intervenin...
Page 143
Drd: a thread error detector note: if you compiled valgrind yourself, the header file will have been installed in the directory /usr/include by the command make install. If you obtained valgrind by installing it as a package however, you will probably have to install another package with a name like...
Page 144
Drd: a thread error detector as an example, the test openmp test program drd/tests/omp_matinv triggers a data race when the option -r has been specified on the command line. The data race is triggered by the following code: #pragma omp parallel for private(j) for (j = 0; j { if (i != j) { const elem...
Page 145
Drd: a thread error detector • to know where the scope ends of posix objects that have not been destroyed explicitly. It is e.G. Not required by the posix threads standard to call pthread_mutex_destroy before freeing the memory in which a mutex object resides. • to know where the scope of variables ...
Page 146: 8.3.1. Mutex Types
Drd: a thread error detector • compile with option -o1 instead of -o0. This will reduce the amount of generated code, may reduce the amount of debug info and will speed up drd’s processing of the client program. For more information, see also getting started . • if drd reports any errors on librarie...
Page 147: 8.3.2. Condition Variables
Drd: a thread error detector in complex applications it is not always clear from beforehand which mutex will be locked recursively and which mutex will not be locked recursively. Attempts lock a non-recursive mutex recursively will result in race conditions that are very hard to find without a threa...
Page 148: 9.1. Overview
9. Massif: a heap profiler to use this tool, you must specify --tool=massif on the valgrind command line. 9.1. Overview massif is a heap profiler. It measures how much heap memory your program uses. This includes both the useful space, and the extra bytes allocated for book-keeping and alignment pur...
Page 149: 9.2.2. Running Massif
Massif: a heap profiler 1 #include 2 3 void g(void) 4 { 5 malloc(4000); 6 } 7 8 void f(void) 9 { 10 malloc(2000); 11 g(); 12 } 13 14 int main(void) 15 { 16 int i; 17 int* a[10]; 18 19 for (i = 0; i 20 a[i] = malloc(1000); 21 } 22 23 f(); 24 25 g(); 26 27 for (i = 0; i 28 free(a[i]); 29 } 30 31 retur...
Page 150: 9.2.5. The Output Graph
Massif: a heap profiler ms_print massif.Out.12345 ms_print will produce (a) a graph showing the memory consumption over the program’s execution, and (b) detailed information about the responsible allocation sites at various points in the program, including the point of peak memory allocation. The us...
Page 153
Massif: a heap profiler • peak snapshots are only ever taken after a deallocation happens. This avoids lots of unnecessary peak snapshot recordings (imagine what happens if your program allocates a lot of heap blocks in succession, hitting a new peak every time). But it means that if your program ne...
Page 154
Massif: a heap profiler -------------------------------------------------------------------------------- n time(b) total(b) useful-heap(b) extra-heap(b) stacks(b) -------------------------------------------------------------------------------- 0 0 0 0 0 0 1 1,008 1,008 1,000 8 0 2 2,016 2,016 2,000 ...
Page 155
Massif: a heap profiler the next snapshot is detailed. As well as the basic counts, it gives an allocation tree which indicates exactly which pieces of code were responsible for allocating heap memory: 9 9,072 9,072 9,000 72 0 99.21% (9,000b) (heap allocation functions) malloc/new/new[], --alloc-fns...
Page 156
Massif: a heap profiler distinct stack traces in the tree. In contrast, if b calls a repeatedly from line 15 (e.G. Due to a loop), then each of those calls will be represented by the same stack trace in the tree. Note also that each tree entry with children in the example satisfies an invariant: the...
Page 157: 9.2.7. Forking Programs
Massif: a heap profiler responsible for more than 1% of useful memory bytes, and ms_print likewise only prints the details for code locations responsible for more than 1%. The entries that do not meet this threshold are aggregated. This avoids filling up the output with large numbers of unimportant ...
Page 158
Massif: a heap profiler 9.2.9. Acting on massif’s information massif’s information is generally fairly easy to act upon. The obvious place to start looking is the peak snapshot. It can also be useful to look at the overall shape of the graph, to see if memory usage climbs and falls as you expect; sp...
Page 159
Massif: a heap profiler --alloc-fn= functions specified with this option will be treated as though they were a heap allocation function such as malloc. This is useful for functions that are wrappers to malloc or new, which can fill up the allocation trees with uninteresting information. This option ...
Page 160
Massif: a heap profiler --massif-out-file= [default: massif.Out.%p] write the profile data to file rather than to the default output file, massif.Out.. The %p and %q format specifiers can be used to embed the process id and/or the contents of an environment variable in the name, as is the case for t...
Page 161: 10.1. Overview
10. Dhat: a dynamic heap analysis tool to use this tool, you must specify --tool=exp-dhat on the valgrind command line. 10.1. Overview dhat is a tool for examining how programs use their heap allocations. It tracks the allocated blocks, and inspects every memory access to find which block, if any, i...
Page 162: Fields
Dhat: a dynamic heap analysis tool as with the massif heap profiler, dhat measures program progress by counting instructions, and so presents all age/time related figures as instruction counts. This sounds a little odd at first, but it makes runs repeatable in a way which is not possible if cpu time...
Page 163
Dhat: a dynamic heap analysis tool ======== summary statistics ======== guest_insns: 418,901,537 [...] max-live: 32,512 in 254 blocks tot-alloc: 32,512 in 254 blocks (avg size 128.00) deaths: 254, at avg age 300,467,389 acc-ratios: 0.26 rd, 0.20 wr (8,756 b-read, 6,604 b-written) at 0x4c275b8: mallo...
Page 164: Offset" Data
Dhat: a dynamic heap analysis tool perform such an analysis. We can see that they must have varying sizes since the average block size, 61.13, isn’t a whole number. 10.2.2.2. A more suspicious looking example max-live: 180,224 in 22 blocks tot-alloc: 180,224 in 22 blocks (avg size 8192.00) deaths: n...
Page 165
Dhat: a dynamic heap analysis tool max-live: 317,408 in 5,668 blocks tot-alloc: 317,408 in 5,668 blocks (avg size 56.00) deaths: 5,668, at avg age 622,890,597 acc-ratios: 1.03 rd, 1.28 wr (327,642 b-read, 408,172 b-written) at 0x4c275b8: malloc (vg_replace_malloc.C:236) by 0x5440c16: qdesignerproper...
Page 166
Dhat: a dynamic heap analysis tool --show-top-n= [default: 10] at the end of the run, dhat sorts the accumulated allocation points according to some metric, and shows the highest scoring entries. --show-top-n controls how many entries are shown. The default of 10 is quite small. For realistic applic...
Page 167: 11.1. Overview
11. Sgcheck: an experimental stack and global array overrun detector to use this tool, you must specify --tool=exp-sgcheck on the valgrind command line. 11.1. Overview sgcheck is a tool for finding overruns of stack and global arrays. It works by using a heuristic approach derived from an observatio...
Page 168: 11.5. Limitations
Sgcheck: an experimental stack and global array overrun detector 11.4. Comparison with memcheck sgcheck and memcheck are complementary: their capabilities do not overlap. Memcheck performs bounds checks and use-after-free checks for heap arrays. It also finds uses of uninitialised values created by ...
Page 169
Sgcheck: an experimental stack and global array overrun detector • coverage: stack and global checking is fragile. If a shared object does not have debug information attached, then sgcheck will not be able to determine the bounds of any stack or global arrays defined within that shared object, and s...
Page 170: Vector Generation Tool
12. Bbv: an experimental basic block vector generation tool to use this tool, you must specify --tool=exp-bbv on the valgrind command line. 12.1. Overview a basic block is a linear section of code with one entry point and one exit point. A basic block vector (bbv) is a list of all basic blocks enter...
Page 171
Bbv: an experimental basic block vector generation tool the outputs from the simpoint run are the results.Simpts and results.Weights files. The first holds the 5 most relevant intervals of the program. The seconds holds the weight to scale each interval by when extrapolating full-program behavior. T...
Page 172: 12.5. Implementation
Bbv: an experimental basic block vector generation tool the simpoint program only processes lines that start with a "t". All other lines are ignored. Traditionally comments are indicated by starting a line with a "#" character. Some other bbv generation tools, such as pinpoints, generate lines begin...
Page 173: 12.8. Performance
Bbv: an experimental basic block vector generation tool binary instrumentation to generate multi-platform simpoints: methodology and accuracy" by v.M. Weaver and s.A. Mckee. 12.8. Performance using this program slows down execution by roughly a factor of 40 over native execution. This varies dependi...
Page 174: 13.1. Overview
13. Lackey: an example tool to use this tool, you must specify --tool=lackey on the valgrind command line. 13.1. Overview lackey is a simple valgrind tool that does various kinds of basic program measurement. It adds quite a lot of simple instrumentation to the program’s code. It is primarily intend...
Page 175: 14.1. Overview
14. Nulgrind: the minimal valgrind tool to use this tool, you must specify --tool=none on the valgrind command line. 14.1. Overview nulgrind is the simplest possible valgrind tool. It performs no instrumentation or analysis of a program, just runs it normally. It is mainly of use for valgrind’s deve...
Page 176: Valgrind Faq
Valgrind faq release 3.8.0 10 august 2012 copyright © 2000-2012 valgrind developers email: valgrind@valgrind.Org.
Page 177: Table Of Contents
Valgrind faq table of contents valgrind frequently asked questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 ii.
Page 178: 1. Background
Valgrind frequently asked questions valgrind frequently asked questions 1. Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1. How do you pronounce "valgrind"? . . . . ...
Page 179
Valgrind frequently asked questions from nordic mythology. Originally (before release) the project was named heimdall, after the watchman of the nordic gods. He could "see a hundred miles by day or night, hear the grass growing, see the wool growing on a sheep’s back", etc. This would have been a gr...
Page 180
Valgrind frequently asked questions 3. Valgrind aborts unexpectedly 3.1. Programs run ok on valgrind, but at exit produce a bunch of errors involving __libc_freeres and then die with a segmentation fault. When the program exits, valgrind runs the procedure __libc_freeres in glibc. This is a hook for...
Page 181
Valgrind frequently asked questions valgrind can handle dynamically generated code, so long as none of the generated code is later overwritten by other generated code. If this happens, though, things will go wrong as valgrind will continue running its translations of the old code (this is true on x8...
Page 182
Valgrind frequently asked questions if they’re not long enough, use --num-callers to make them longer. If they’re not detailed enough, make sure you are compiling with -g to add debug information. And don’t strip symbol tables (programs should be unstripped unless you run ’strip’ on them; some libra...
Page 183
Valgrind frequently asked questions • a leak error message involving an unloaded shared object: 84 bytes in 1 blocks are possibly lost in loss record 488 of 713 at 0x1b9036da: operator new(unsigned) (vg_replace_malloc.C:132) by 0x1db63eeb: ??? By 0x1db4b800: ??? By 0x1d65e007: ??? By 0x8049ee6: main...
Page 184: 5. Miscellaneous
Valgrind frequently asked questions second, if your program is statically linked, most valgrind tools won’t work as well, because they won’t be able to replace certain functions, such as malloc, with their own versions. A key indicator of this is if memcheck says: all heap blocks were freed -- no le...
Page 185
Valgrind frequently asked questions • "indirectly lost" means your program is leaking memory in a pointer-based structure. (e.G. If the root node of a binary tree is "definitely lost", all the children will be "indirectly lost".) if you fix the "definitely lost" leaks, the "indirectly lost" leaks sh...
Page 186
Valgrind technical documentation release 3.8.0 10 august 2012 copyright © 2000-2012 valgrind developers email: valgrind@valgrind.Org.
Page 187: Table Of Contents
Valgrind technical documentation table of contents 1. The design and implementation of valgrind . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2. Writing a new valgrind tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 188: Valgrind
1. The design and implementation of valgrind a number of academic publications nicely describe many aspects of valgrind’s design and implementation. Online copies of all of them, and others, are available on the valgrind publications page. The following paper gives a good overview of valgrind, and e...
Page 189: 2.1. Introduction
2. Writing a new valgrind tool so you want to write a valgrind tool? Here are some instructions that may help. 2.1. Introduction the key idea behind valgrind’s architecture is the division between its core and tools. The core provides the common low-level infrastructure to support program instrument...
Page 190: 2.2.4. Writing The Code
Writing a new valgrind tool 5. Copy none/nl_main.C into foobar/, renaming it as fb_main.C. Edit it by changing the details lines in nl_pre_clo_init to something appropriate for the tool. These fields are used in the startup message, except for bug_reports_to which is used if a tool assertion fails. ...
Page 191: 2.2.5. Initialisation
Writing a new valgrind tool in addition, if a tool wants to use some of the optional services provided by the core, it may have to define other functions and tell the core about them. 2.2.5. Initialisation most of the initialisation should be done in pre_clo_init. Only use post_clo_init if a tool pr...
Page 192: 2.3. Advanced Topics
Writing a new valgrind tool the files include/pub_tool_*.H contain all the types, macros, functions, etc. That a tool should (hopefully) need, and are the only .H files a tool should need to #include. They have a reasonable amount of documentation in it that should hopefully be enough to get you goi...
Page 193: 2.3.3. Documentation
Writing a new valgrind tool suppression types have the form tool_name:suppression_name. The tool_name here is the name you specify for the tool during initialisation with vg_(details_name). 2.3.3. Documentation if you are feeling conscientious and want to write some documentation for your tool, plea...
Page 194: 2.3.4. Regression Tests
Writing a new valgrind tool 8. When you have finished, try to generate pdf and postscript output to check all is well, from within docs/: make print-docs check the output .Pdf and .Ps files in docs/print/. Note that the toolchain is even more fragile for the print docs, so don’t feel too bad if you ...
Page 195: 2.4. Final Words
Writing a new valgrind tool 2.4. Final words writing a new valgrind tool is not easy, but the tools you can write with valgrind are among the most powerful programming tools there are. Happy programming! 8.
Page 196: 3.1. Overview
3. Callgrind format specification this chapter describes the callgrind profile format, version 1. A synonymous name is "calltree profile format". These names actually mean the same since callgrind was previously named calltree. The format description is meant for the user to be able to understand th...
Page 197: 3.1.3. Associations
Callgrind format specification line 16 in file file.F, taking 20 cpu cycles. If a cost line specifies less event counts than given in the "events" line, the rest is assumed to be zero. I.E. There was no floating point instruction executed relating to line 16. Note that regular cost lines always give...
Page 198: 3.1.5. Name Compression
Callgrind format specification one can see that in main only code from line 16 is executed where also the other functions are called. Inclusive cost of main is 820, which is the sum of self cost 20 and costs spent in the calls: 400 for the single call to func1 and 400 as sum for the three calls to f...
Page 199
Callgrind format specification events: instructions # define file id mapping fl=(1) file1.C fl=(2) file2.C # define function id mapping fn=(1) main fn=(2) func1 fn=(3) func2 fl=(1) fn=(1) 16 20 ... 3.1.6. Subposition compression if a callgrind data file should hold costs for each assembler instructi...
Page 200: 3.1.7. Miscellaneous
Callgrind format specification remark: for assembler annotation to work, instruction addresses have to be corrected to correspond to addresses found in the original binary. I.E. For relocatable shared objects, often a load offset has to be subtracted. 3.1.7. Miscellaneous 3.1.7.1. Cost summary infor...
Page 203
Callgrind format specification • version: number [callgrind] this is used to distinguish future profile data formats. A major version of 0 or 1 is supposed to be upwards compatible with cachegrind’s format. It is optional; if not appearing, version 1 is supposed. Otherwise, this has to be the first ...
Page 204
Callgrind format specification • summary: costs [callgrind] totals: costs [cachegrind] the value or the total number of events covered by this trace file. Both keys have the same meaning, but the "totals:" line happens to be at the end of the file, while "summary:" appears in the header. This was ad...
Page 205
Callgrind format specification • jump=count target position [callgrind] unconditional jump, executed count times, to the given target position. • jcnd=exe.Count jumpcount target position [callgrind] conditional jump, executed exe.Count times with jumpcount jumps to the given target position. 18.
Page 206
Valgrind distribution documents release 3.8.0 10 august 2012 copyright © 2000-2012 valgrind developers email: valgrind@valgrind.Org.
Page 207: Table Of Contents
Valgrind distribution documents table of contents 1. Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2. News . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 208: 1. Authors
1. Authors julian seward was the original founder, designer and author of valgrind, created the dynamic translation frameworks, wrote memcheck, the 3.X versions of helgrind, sgcheck, dhat, and did lots of other things. Nicholas nethercote did the core/tool generalisation, wrote cachegrind and massif...
Page 209
Authors daniel berlin modified readelf’s dwarf2 source line reader, written by nick clifton, for use in valgrind.O michael matz and simon hausmann modified the gnu binutils demangler(s) for use in valgrind. David woodhouse has helped out with test and build machines over the course of many releases....
Page 210: 2. News
2. News release 3.8.0 (10 august 2012) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3.8.0 is a feature release with many improvements and the usual collection of bug fixes. This release supports x86/linux, amd64/linux, arm/linux, ppc32/linux, ppc64/linux, s390x/linux, mips/linux, arm/android, x86/android, x86/mac...
Page 211
News - the leak_check gdb server monitor command now can control the maximum nr of loss records to output. - reduction of memory use for applications allocating many blocks and/or having many partially defined bytes. - addition of gdb server monitor command ’block_list’ that lists the addresses/size...
Page 212
News and drd. * for tool developers: support to run valgrind on valgrind has been improved. We can now routinely valgrind on helgrind or memcheck. * gdbserver now shows the float shadow registers as integer rather than float values, as the shadow values are mostly used as bit patterns. * increased l...
Page 213
News 281482 memcheck incorrect byte allocation count in realloc() for silly argument 282230 group allocator for small fixed size, use it for mc_chunk/sec vbit 283413 fix wrong sanity check 283671 robustize alignment computation in libvex_alloc 283961 adding support for some hci ioctls 284124 parse_t...
Page 214
News 294185 int 0x44 (and others) not supported on x86 guest, but used by jikes rvm 294190 --vgdb-error=xxx can be out of sync with errors shown to the user 294191 amd64: fnsave/frstor and 0x66 size prefixes on fp instructions 294260 disinstr_amd64: disinstr miscalculated next %rip 294523 --partial-...
Page 215
News 300414 fcom and fcomp unimplemented for amd64 guest 301204 infinite loop in canonicalisesymtab with ifunc symbol 301229 == 203877 (increase to 16mb maximum allowed alignment for memalign etc) 301265 add x86 support to android build 301984 configure script doesn’t detect certain versions of clan...
Page 216
News * preliminary support for macosx 10.7 and xcode 4. Both 32- and 64-bit processes are supported. Some complex threaded applications (firefox) are observed to hang when run as 32 bit applications, whereas 64-bit versions run ok. The cause is unknown. Memcheck will likely report some false errors....
Page 217
News where one thread accesses heap memory but another one frees it, without any coordinating synchronisation event * drd: enabled xml output; added support for delayed thread deletion in order to detect races that occur close to the end of a thread (--join-list-vol); fixed a memory leak triggered b...
Page 218
News mailing the developers (or mailing lists) directly -- bugs that are not entered into bugzilla tend to get forgotten about or ignored. To see details of a given bug, visit https://bugs.Kde.Org/show_bug.Cgi?Id=xxxxxx where xxxxxx is the bug number as listed below. 210935 port valgrind.H (not valg...
Page 219
News 269884 == 250101 (overhead for huge blocks exhausts space too soon) 270082 s390x: make sure to point the psw address to the next address on sigill 270115 s390x: rewrite some testcases 270309 == 267997 (valgrind crash on startup) 270320 add support for linux fioqsize ioctl() call 270326 segfault...
Page 220
News 275339 s390x: fix testcase compile warnings 275517 s390x: provide support for cksm instruction 275710 s390x: get rid of redundant address mode calculation 275815 == 247894 (valgrind doesn’t know about linux readahead(2) syscall) 275852 == 250101 (valgrind uses all swap space and is killed) 2767...
Page 221
News 284305 filter_gdb needs enhancement to work on ppc64 284384 clang 3.1 -wunused-value warnings in valgrind.H, memcheck.H 284472 thumb2 ror.W encoding t2 not implemented 284621 xml-escape process command line in xml output n-i-bz cachegrind/callgrind: handle cpuid information for core ix intel cp...
Page 222
News 257011 (sse4.X) vex amd64->ir: 0x66 0xf 0x3a 0xe 0xfd 0xa0 (pblendw) 257063 (sse4.X) vex amd64->ir: 0x66 0xf 0x3a 0x8 0xc0 0x0 (roundps) 257276 missing case in memcheck --track-origins=yes 258870 (sse4.X) add support for extractps sse 4.1 instruction 261966 (sse4.X) support for crc32b and crc32...
Page 223
News * support for arm/linux. Valgrind now runs on armv7 capable cpus running linux. It is known to work on ubuntu 10.04, ubuntu 10.10, and maemo 5, so you can run valgrind on your nokia n900 if you want. This requires a cpu capable of running the armv7-a instruction set (cortex a5, a8 and a9). Valg...
Page 224
News useful for giving a general idea about a program’s locality. * massif has a new option, --pages-as-heap, which is disabled by default. When enabled, instead of tracking allocations at the level of heap blocks (as allocated with malloc/new/new[]), it instead tracks memory allocations at the leve...
Page 225
News intercepting and wrapping safer and more reliable. * improved support for the valkyrie gui, version 2.0.0. Gui output and control of valgrind is now available for the tools memcheck and helgrind. Xml output from valgrind is available for memcheck, helgrind and exp-ptrcheck. * more reliable stac...
Page 226
News the following bugs have been fixed or resolved. Note that "n-i-bz" stands for "not in bugzilla" -- that is, a bug that was reported to us but never got a bugzilla entry. We encourage you to file bugs in bugzilla (http://bugs.Kde.Org/enter_valgrind_bug.Cgi) rather than mailing the developers (or...
Page 227
News 238679 mq_timedreceive syscall doesn’t flag the reception buffer as "defined" 238696 fcntl command f_dupfd_cloexec not supported 238713 unhandled instruction bytes: 0x66 0xf 0x29 0xc6 238713 unhandled instruction bytes: 0x66 0xf 0x29 0xc6 238745 3.5.0 make fails on ppc altivec opcodes, though c...
Page 228
News 251362 valgrind: arm: attach to debugger either fails or provokes kernel oops 251674 unhandled syscall 294 251818 == 254550 254257 add support for debugfiles found by build-id 254550 [patch] implement dw_ate_utf (dwarf4) 254646 wrapped functions cause stack misalignment on os x (and possibly li...
Page 229
News * valgrind now runs on mac os x. (note that mac os x is sometimes called "darwin" because that is the name of the os core, which is the level that valgrind works at.) supported systems: - it requires os 10.5.X (leopard). Porting to 10.4.X is not planned because it would require work and 10.4 is...
Page 230
News but are directly pointed to by a start-pointer, were previously marked as "still reachable". They are now correctly marked as "possibly lost". - the default value for the --leak-resolution option has been changed from "low" to "high". In general, this means that more leak reports will be produc...
Page 231
News 0x80483bf: really (in ???) 0x80483bf: ??? (in /foo/a.Out) 0x80483bf: ??? (a.C:20) 0x80483bf: ??? Stack traces produced when --xml=yes is specified are different and unchanged. * helgrind and ptrcheck now support xml output, so they can be used from gui tools. Also, the xml output mechanism has ...
Page 232
News itself segfaulting, or failing to read debugging information. Hence, in this scenario, it suffices to check whether or not any output appeared on the text channel. If yes, then it is likely to be a critical error which should be brought to the attention of the user. If no (the text channel prod...
Page 233
News * new features and improvements in drd: - the error messages printed by drd are now easier to interpret. Instead of using two different numbers to identify each thread (valgrind thread id and drd thread id), drd does now identify threads via a single number (the drd thread id). Furthermore "fir...
Page 234
News vince weaver. * modestly improved support for running windows applications under wine. In particular, initial support for reading windows .Pdb debug information has been added. * a new memcheck client request valgrind_count_leak_blocks has been added. It is similar to valgrind_count_leaks but c...
Page 235
News - vex/ is now integrated properly into the build system. This means that dependency tracking within vex/ now works properly, "make install" will work without requiring "make" before it, and parallel builds (ie. ’make -j’) now work (previously a .Notparallel directive was used to serialize build...
Page 236
News 84303 how about a lockcheck tool? 91633 dereference of null ptr in vgplain_st_basetype 97452 valgrind doesn’t report any pthreads problems 100628 leak-check gets assertion failure when using valgrind_malloclike_block on malloc()ed memory 108528 nptl pthread cleanup handlers not called 110126 va...
Page 237
News 185050 exp-ptrcheck: sg_main.C:727 (add_block_to_globaltree): assertion ’!Already_present’ failed. 185359 exp-ptrcheck: unhandled syscall getresuid() 185794 "warning: unhandled syscall: 285" (fallocate) on x86_64 185816 valgrind is unable to handle debug info for files with split debug info tha...
Page 238
News 197227 support aio_* syscalls on darwin 197456 valgrind should reject --suppressions=(directory) 197512 dwarf2 cfi reader: unhandled cfi instruction 0:10 197591 unhandled syscall 27 (mincore) 197793 merge dcas branch to the trunk == 85756, 142103 197794 avoid duplicate filenames in vex 197898 m...
Page 239
News bugzilla entry. We encourage you to file bugs in bugzilla (http://bugs.Kde.Org/enter_valgrind_bug.Cgi) rather than mailing the developers (or mailing lists) directly -- bugs that are not entered into bugzilla tend to get forgotten about or ignored. N-i-bz fix various bugs reading icc-11 generat...
Page 240
News * helgrind’s race detection algorithm has been completely redesigned and reimplemented, to address usability and scalability concerns: - the new algorithm has a lower false-error rate: it is much less likely to report races that do not really exist. - helgrind will display full call stacks for ...
Page 241
News * exp-omega, an experimental instantaneous leak-detecting tool, is no longer built by default, although the code remains in the repository and the tarball. This is due to three factors: a perceived lack of users, a lack of maintenance, and concerns that it may not be possible to achieve reliabl...
Page 242
News 160956 mallinfo implementation, w/ patch 162092 valgrind fails to start gnome-system-monitor 162819 malloc_free_fill test doesn’t pass on glibc2.8 x86 163794 assertion failure with "--track-origins=yes" 163933 sigcontext.Err and .Trapno must be set together 163955 remove constraint !(--db-attac...
Page 243: 3. Older News
3. Older news release 3.3.1 (4 june 2008) ~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3.3.1 fixes a bunch of bugs in 3.3.0, adds support for glibc-2.8 based systems (opensuse 11, fedora core 9), improves the existing glibc-2.7 support, and adds support for the ssse3 (core 2) instruction set. 3.3.1 will likely be th...
Page 244
Older news 161285 patch -- support for eventfd() syscall 161378 illegal opcode in debug libm (fucompp) 160136 ==161378 161487 number of suppressions files is limited to 10 162386 ms_print typo in milliseconds time unit for massif 161036 exp-drd: client allocated memory was never freed 162663 signalf...
Page 245
Older news some people will find them useful, and because exposure to a wider user group provides tool authors with more end-user feedback. These tools have a "exp-" prefix attached to their names to indicate their experimental nature. Currently there are two experimental tools: * exp-omega: an inst...
Page 246
Older news cachegrind, callgrind and massif. They accept the same %p and %q format specifiers that --log-file accepts. --callgrind-out-file replaces callgrind’s old --base option. * cachegrind’s ’cg_annotate’ script no longer uses the -- option to specify the output file. Instead, the first non-opti...
Page 247
Older news n-i-bz x86_linux_redir_for_index() broken n-i-bz guest-amd64/toir.C:2512 (dis_op2_e_g): assertion ‘0’ failed. N-i-bz support x86 int insn (int (0xcd) 0x40 - 0x43) n-i-bz add sys_utimensat system call for linux x86 platform 79844 helgrind complains about race condition which does not exist...
Page 248
Older news 152501 vex x86->ir: 0x27 0x66 0x89 0x45 (daa) 152818 vex x86->ir: 0xf3 0xac 0xfc 0x9c (rep lodsb) developer-visible changes: - the names of some functions and types within the vex ir have changed. Run ’svn log -r1689 vex/pub/libvex_ir.H’ for full details. Any existing standalone tools wil...
Page 249
Older news the fixed bugs are as follows. Note that "n-i-bz" stands for "not in bugzilla" -- that is, a bug that was reported to us but never got a bugzilla entry. We encourage you to file bugs in bugzilla (http://bugs.Kde.Org/enter_valgrind_bug.Cgi) rather than mailing the developers (or mailing li...
Page 250
Older news n-i-bz libmpiwrap.C: fixes for mpich n-i-bz more robust handling of hinted client mmaps 139776 invalid read in unaligned memcpy with intel compiler v9 n-i-bz generate valid xml even for very long fn names n-i-bz don’t prompt about suppressions for unshown reachable leaks 139910 amd64 rcl ...
Page 251
Older news 132813 assertion at priv/guest-x86/toir.C:652 fails 133051 ’cfsi->len > 0 && cfsi->len 132722 valgrind header files are not standard c n-i-bz livelocks entire machine (users list, timothy terriberry) n-i-bz alex bennee mmap problem (9 aug) n-i-bz bartv: don’t print more lines of a stack-t...
Page 252
Older news typically reduced by 15-30%, averaging about 24% for spec cpu2000. The other tools have smaller but noticeable speed improvements. We are interested to hear what improvements users get. Memcheck uses less memory due to the introduction of a compressed representation for shadow memory. The...
Page 253
Older news * it has a new option --trace-mem (off by default) which causes it to print out a trace of all memory accesses performed by a program. It’s a good starting point for building valgrind tools that need to track memory accesses. Read the comments at the top of the file lackey/lk_main.C for d...
Page 254
Older news check_readable --> check_mem_is_defined check_defined --> check_value_is_defined the reason for the change is that the old names are subtly misleading. The old names will still work, but they are deprecated and may be removed in a future release. We also added a new client request: make_m...
Page 255
Older news 126583 amd64->ir: 0x48 0xf 0xa4 0xc2 (shld $1,%rax,%rdx) 126668 amd64->ir: 0x1c 0xff (sbb $0xff,%al) 126696 support for cdromreadraw ioctl and cdromreadtocentry fix 126722 assertion: segment_is_sane at m_aspacemgr/aspacemgr.C:1624 126938 bad checking for syscalls linkat, renameat, symlink...
Page 256
Older news 122067 amd64: fcmovnu (0xdb 0xd9) n-i-bz ppc32: broken signal handling in cpu feature detection n-i-bz ppc32: rounding mode problems (improved, partial fix only) 119482 ppc32: mtfsb1 n-i-bz ppc32: mtocrf/mfocrf (3.1.1: 15 march 2006, vex r1597, valgrind r5771). Release 3.1.0 (25 november ...
Page 257
Older news inconvenience. Other user-visible changes: - the --weird-hacks option has been renamed --sim-hints. - the --time-stamp option no longer gives an absolute date and time. It now prints the time elapsed since the program began. - it should build with gcc-2.96. - valgrind can now run itself (...
Page 258
Older news 110301 ditto 111554 valgrind crashes with cannot allocate memory 111809 memcheck tool doesn’t start java 111901 cross-platform run of cachegrind fails on opteron 113468 (vgplain_mprotect_range): assertion ’r != -1’ failed. 92071 reading debugging info uses too much memory 109744 memcheck ...
Page 259
Older news 113583 == 112501 112538 memalign crash 113190 broken links in docs/html/ 113230 valgrind sys_pipe on x86-64 wrongly thinks file descriptors should be 64bit 113996 vex amd64->ir: fucomp (0xdd 0xe9) 114196 vex x86->ir: out %eax,(%dx) (0xef 0xc9 0xc3 0x90) 114289 memcheck fails to intercept ...
Page 260
Older news n-i-bz updates to memcheck manual n-i-bz fixed broken malloc_usable_size() 110898 opteron instructions missing: btq btsq btrq bsfq 110954 x86->ir: unhandled instruction bytes: 0xe2 0xf6 (loop jb) n-i-bz make suppressions work for "???" lines in stacktraces. 111006 bogus warnings from linu...
Page 261
Older news - valgrind is no longer built by default as a position-independent executable (pie), as this caused too many problems. Without pie enabled, amd64 programs will only be able to access 2gb of address space. We will fix this eventually, but not for the moment. Use --enable-pie at configure-t...
Page 262
Older news are trying something different for 3.0. - small changes in control log file naming which make it easier to use valgrind for debugging mpi-based programs. The relevant new flags are --log-file-exactly= and --log-file-qualifier=. - as part of adding amd64 support, dwarf2 cfi-based stack unw...
Page 263
Older news 106283 pie client programs are loaded at address 0 105831 assertion ‘vgplain_defined_init_shadow_page()’ failed. 105039 long run-times probably due to memory manager 104797 valgrind needs to be aware of blkgetsize64 103594 unhandled instruction: ficom 103320 valgrind 2.4.0 fails to compil...
Page 264
Older news * suppressions can have up to 25 call frame matches, rather than 4. * memcheck and addrcheck use less memory. Under some circumstances, they no longer allocate shadow memory if there are large regions of memory with the same a/v states - such as an mmaped file. * the memory-leak detector ...
Page 265
Older news 89106 the ’impossible’ happened 89139 missing sched_setaffinity & sched_getaffinity 89198 valgrind lacks support for siocspgrp and siocgpgrp 89263 missing ioctl translations for scsi-generic and cd playing 89440 tests/deadlock.C line endings 89481 ‘impossible’ happened: exec failed 89663 ...
Page 266
Older news 98129 failed when open and close file 230000 times using stdio 98175 crashes when using valgrind-2.2.0 with a program using al... 98288 massif broken 98303 unimplemented function pthread_condattr_setpshared 98630 failed--compilation missing warnings.Pm, fails to make he... 98756 cannot va...
Page 267
Older news * massif: a new space profiling tool. Try it! It’s cool, and it’ll tell you in detail where and when your c/c++ code is allocating heap. Draws pretty .Ps pictures of memory use against time. A potentially powerful tool for making sense of your program’s space use. * file descriptor leakag...
Page 268
Older news 70587 add timestamps to valgrind output? (wishlist) 84937 vg_libpthread.C:2505 (se_remap): assertion ‘res == 0’ (fixed prior to 2.1.2) 86317 cannot load libsdl-1.2.So.0 using valgrind 86989 memcpy from mac_replace_strmem.C complains about uninitialized pointers passed when length to copy ...
Page 269
Older news the last stable release, 2.0.0, might also want to try this release. The following bugs, and probably many more, have been fixed. These are listed at http://bugs.Kde.Org. Reporting a bug for valgrind in the http://bugs.Kde.Org is much more likely to get you a fix than mailing developers d...
Page 270
Older news connected to any bug report numbers, afaics: * rearranged address space layout relative to 2.1.1, so that valgrind/tools will run out of memory later than currently in many circumstances. This is good news esp. For calltree. It should be possible for client programs to allocate over 800mb...
Page 271
Older news long-term future. These don’t affect end-users. Most notable user-visible changes are: * greater isolation between valgrind and the program being run, so the program is less likely to inadvertently kill valgrind by doing wild writes. * massif: a new space profiling tool. Try it! It’s cool...
Page 272
Older news 72643 improve support for sse/sse2 instructions 72484 valgrind leaves it’s own signal mask in place when execing 72650 signal handling always seems to restart system calls 72006 the mmap system call turns all errors in enomem 71781 gdb attach is pretty useless 71180 unhandled instruction ...
Page 273
Older news - implemented a few more sse/sse2 instructions. - less crud on the stack when you do ’where’ inside a gdb attach. - fixed the following bugs: 68360: valgrind does not compile against 2.6.0-testx kernels 68525: cvs head doesn’t compile on c90 compilers 68566: pkgconfig support (wishlist) 6...
Page 274
Older news - don’t fail silently if the executable is statically linked, or is setuid/setgid. Print an error message instead. - support for old dwarf-1 format line number info. Snapshot 20031012 (12 october 2003) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ three months worth of bug fixes, roughly. Most sign...
Page 275
Older news - support posix pthread spinlocks. - fixups for clean compilation with gcc-3.3.1. - implemented more opcodes: - push %es - push %ds - pop %es - pop %ds - movntq - sfence - pshufw - pavgb - ucomiss - enter - mov imm32, %esp - all "in" and "out" opcodes - inc/dec %esp - a whole bunch of sse...
Page 276
Older news despite this being a snapshot of the cvs head, it is believed to be quite stable -- at least as stable as 1.9.6 or 1.0.4, if not more so -- and therefore suitable for widespread use. Please let us know asap if it causes problems for you. Two reasons for releasing a snapshot now are: - it’...
Page 277
Older news - fix assertion failure in pthread_once(). - fix this: valgrind: vg_intercept.C:598 (vgallroadsleadtorome_select): assertion ‘ms_end >= ms_now’ failed. - implement pthread_mutexattr_setpshared. - understand pentium 4 branch hints. Also implemented a couple more obscure x86 instructions. -...
Page 278
Older news major changes in 1.9.6: - improved threading support for glibc >= 2.3.2 (suse 8.2, redhat 9, to name but two ...) it turned out that 1.9.5 had problems with threading support on glibc >= 2.3.2, usually manifested by threaded programs deadlocking in system calls, or running unbelievably sl...
Page 279
Older news attempt to mend my errant ways :-) changes in this and future releases will be documented in the news file in the source distribution. Major changes in 1.9.5: - (critical bug fix): fix a bug in the fpu simulation. This was causing some floating point conditional tests not to work right. S...
Page 280
Older news are no plans at all for further releases of the 1.0.X branch. If you want a leading-edge valgrind, consider building the cvs head (from sourceforge), or getting a snapshot of it. Current cool stuff going in includes mmx support (done); sse/sse2 support (in progress), a significant (10-20%...
Page 281: 4. Readme
4. Readme release notes for valgrind ~~~~~~~~~~~~~~~~~~~~~~~~~~ if you are building a binary package of valgrind for distribution, please read readme_packagers. It contains some important information. If you are developing valgrind, please read readme_developers. It contains some useful information....
Page 282
Readme however: if you contribute code, you need to make it available as gpl version 2 or later, and not 2-only. Documentation ~~~~~~~~~~~~~ a comprehensive user guide is supplied. Point your browser at $prefix/share/doc/valgrind/manual.Html, where $prefix is whatever you specified with --prefix= wh...
Page 283
5. Readme_missing_syscall_or_ioctl dealing with missing system call or ioctl wrappers in valgrind ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ you’re probably reading this because valgrind bombed out whilst running your program, and advised you to read this file. The good news is t...
Page 284
Readme_missing_syscall_or_ioctl /* time_t time(time_t *t); */ print("sys_time ( %p )",arg1); pre_reg_read1(long, "time", int *, t); if (arg1 != 0) { pre_mem_write( "time(t)", arg1, sizeof(vki_time_t) ); } } post(sys_time) { if (arg1 != 0) { post_mem_write( arg1, sizeof(vki_time_t) ); } } the first t...
Page 285
Readme_missing_syscall_or_ioctl if valgrind tells you that system call nnn is unimplemented, do the following: 1. Find out the name of the system call: grep nnn /usr/include/asm/unistd*.H this should tell you something like __nr_mysyscallname. Copy this entry to include/vki/vki-scnums-$(vg_platform)...
Page 286
Readme_missing_syscall_or_ioctl note that a common error is to call post_mem_write( ... ) with 0 (null) as the first (address) argument. This usually means your logic is slightly inadequate. It’s a sufficiently common bug that there’s a built-in check for it, and you’ll get a "probably sanity check ...
Page 287: 6. Readme_Developers
6. Readme_developers building and not installing it ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ to run valgrind without having to install it, run coregrind/valgrind with the valgrind_lib environment variable set, where of the source tree (and must be an absolute path). Eg: valgrind_lib=~/grind/head4/.In_place ~/...
Page 288
Readme_developers perl tests/vg_regtest memcheck/tests/badfree running the performance tests ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ to build and run all the performance tests, run "make [--quiet] perf". To run a subset of the performance suite, execute: perl perf/vg_perf where is a directory (all tests withi...
Page 289
Readme_developers (gdb) handle sigill sigsegv nostop noprint (4) set any breakpoints you want and proceed as normal for gdb. The macro vg_(func) is expanded to vgplain_func, so if you want to set a breakpoint vg_(do_exec), you could do like this in gdb: (gdb) b vgplain_do_exec (5) run the tool with ...
Page 290
Readme_developers outer/.../bin/valgrind --sim-hints=enable-outer --trace-children=yes \ --smc-check=all-non-file \ --run-libc-freeres=no --tool=cachegrind -v \ inner/.../bin/valgrind --vgdb-prefix=./inner --tool=none -v prog if you omit the --trace-children=yes, you’ll only monitor inner’s launcher...
Page 291
Readme_developers to run regression tests with another outer tool: perl tests/vg_regtest --outer-valgrind=../outer/.../bin/valgrind \ --outer-tool=helgrind --all --outer-args allows to give specific arguments to the outer tool, replacing the default one provided by vg_regtest. When an outer valgrind...
Page 292
Readme_developers callgrind.Out.Inner_trunk.Me.Many-loss-records.22916 callgrind.Outer.Log.Inner_trunk.Me.Many-loss-records.22916 printing out problematic blocks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ if you want to print out a disassembly of a particular block that causes a crash, do the following. Try ru...
Page 293: 7. Readme_Packagers
7. Readme_packagers greetings, packaging person! This information is aimed at people building binary distributions of valgrind. Thanks for taking the time and effort to make a binary distribution of valgrind. The following notes may save you some trouble. -- do not ship your linux distro with a comp...
Page 294
Readme_packagers address 0x4bb292a8 is 0 bytes inside a block of size 64 alloc’d at 0x4004318c: __builtin_vec_new (vg_clientfuncs.C:152) by 0x4c21bc15: klaola::readsbstream(int) const (klaola.Cc:314) by 0x4c21c155: klaola::stream(klaola::olenode const *) (klaola.Cc:416) by 0x4c21788f: olefilter::con...
Page 295: 8. Readme.S390
8. Readme.S390 requirements ------------ - you need gcc 3.4 or later to compile the s390 port. - a working combination of autotools is required. - to run valgrind a z900 machine or any later model is needed. Limitations ----------- - 31-bit client programs are not supported. - hexadecimal floating p...
Page 296: 9. Readme.Android
9. Readme.Android how to cross-compile for android. These notes were last updated on 17 feb 2012, for valgrind svn revision 12390/2257. This is known to work at least for : arm: android 4.0.3 running on a (rooted, aosp build) nexus s. Android 4.0.3 running on motorola xoom. Android 4.0.3 running on ...
Page 297
Readme.Android # then cd to the root of your valgrind source tree. # cd /path/to/valgrind/source/tree # after this point, you don’t need to modify anything; just copy and # paste the commands below. # set up toolchain paths. # # for arm export ar=$ndkroot/toolchains/arm-linux-androideabi-4.4.3/prebu...
Page 298
Readme.Android # for x86: # platform variant: android # primary -dvgpv string: -dvgpv_x86_linux_android=1 # # if you see anything else at this point, something is wrong, and # either the build will fail, or will succeed but you’ll get something # which won’t work. # build, and park the install tree ...
Page 299: 10. Readme.Android_Emulator
10. Readme.Android_emulator how to install and run an android emulator. Mkdir android # or any other place you prefer cd android # download java jdk # http://www.Oracle.Com/technetwork/java/javase/downloads/index.Html # download android sdk # http://developer.Android.Com/sdk/index.Html # download an...
Page 300
Readme.Android_emulator # compile and make install valgrind, following readme.Android # start your android emulator (it takes some time). # you can use adb shell to get a shell on the device # and see it is working. Note that i usually get # one or two time out from adb shell before it works adb she...
Page 301: 11. Readme.Mips
11. Readme.Mips supported platforms ------------------- - mips32 and mips32r2 platforms are currently supported. - both little-endian and big-endian cores are supported. Building v for mips ------------------- - native build is available for all supported platforms. The build system expects that nat...
Page 302
Readme.Mips based on newer gcc versions, if possible. 95.
Page 303: Gnu Licenses
Gnu licenses.
Page 304: Table Of Contents
Gnu licenses table of contents 1. The gnu general public license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2. The gnu free documentation license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 305
1. The gnu general public license gnu general public license version 2, june 1991 copyright (c) 1989, 1991 free software foundation, inc. 59 temple place, suite 330, boston, ma 02111-1307 usa everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is no...
Page 306
The gnu general public license patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone’s free use or not license...
Page 307
The gnu general public license interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditio...
Page 308
The gnu general public license control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the ...
Page 309
The gnu general public license circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, ...
Page 310
The gnu general public license program prove defective, you assume the cost of all necessary servicing, repair or correction. 12. In no event unless required by applicable law or agreed to in writing will any copyright holder, or any other party who may modify and/or redistribute the program as perm...
Page 311
The gnu general public license the hypothetical commands ‘show w’ and ‘show c’ should show the appropriate parts of the general public license. Of course, the commands you use may be called something other than ‘show w’ and ‘show c’; they could even be mouse-clicks or menu items--whatever suits your...
Page 312: License
2. The gnu free documentation license gnu free documentation license version 1.2, november 2002 copyright (c) 2000,2001,2002 free software foundation, inc. 59 temple place, suite 330, boston, ma 02111-1307 usa everyone is permitted to copy and distribute verbatim copies of this license document, but...
Page 313
The gnu free documentation license modifications and/or translated into another language. A "secondary section" is a named appendix or a front-matter section of the document that deals exclusively with the relationship of the publishers or authors of the document to the document’s overall subject (o...
Page 314
The gnu free documentation license the text near the most prominent appearance of the work’s title, preceding the beginning of the body of the text. A section "entitled xyz" means a named subunit of the document whose title either is precisely xyz or contains xyz in parentheses following text that t...
Page 315
The gnu free documentation license if you publish or distribute opaque copies of the document numbering more than 100, you must either include a machine-readable transparent copy along with each opaque copy, or state in or with each opaque copy a computer-network location from which the general netw...
Page 316
The gnu free documentation license given on its title page, then add an item describing the modified version as stated in the previous sentence. J. Preserve the network location, if any, given in the document for public access to a transparent copy of the document, and likewise the network locations...
Page 317
The gnu free documentation license versions, provided that you include in the combination all of the invariant sections of all of the original documents, unmodified, and list them all as invariant sections of your combined work in its license notice, and that you preserve all their warranty disclaim...
Page 318
The gnu free documentation license 8. Translation translation is considered a kind of modification, so you may distribute translations of the document under the terms of section 4. Replacing invariant sections with translations requires special permission from their copyright holders, but you may in...
Page 319
The gnu free documentation license the license in the document and put the following copyright and license notices just after the title page: copyright (c) year your name. Permission is granted to copy, distribute and/or modify this document under the terms of the gnu free documentation license, ver...