开始尝试使用valgrind

最新推荐文章于 2021-05-17 23:44:52 发布

magicpang

最新推荐文章于 2021-05-17 23:44:52 发布

阅读量1.2k

点赞数

分类专栏：练习记录 Effective Tools 文章标签： float fun thread pointers makefile ubuntu

本文链接：https://blog.csdn.net/magicpang/article/details/4647898

版权

练习记录同时被 2 个专栏收录

10 篇文章 0 订阅

订阅专栏

Effective Tools

7 篇文章 0 订阅

订阅专栏

10/09/09 10:14:23 PM
Magic

刚刚看到csdn上面有个帖子在推荐里面，标题和地址如下:
一段小代码，是否出现了野指针？请大家发表一下对野指针理解！（希望能Show出代码）
http://topic.csdn.net/u/20090208/20/122a108f-b8a0-4dfc-bdea-3206804b0ffb.html?87197如下

于是我在自己的机器上面测试了一下
我的机器配置如下：
Target: i486-linux-gnu
Thread model: posix
gcc version 4.3.3 (Ubuntu 4.3.3-5ubuntu4)
valgrind 3.4.1
gnu make 3.81

/*******************************************************************************
* /file    wildpointer.cc
* /brief   ref the url below
* http://topic.csdn.net/u/20090208/20/122a108f-b8a0-4dfc-bdea-3206804b0ffb.html?87197
* /date    10/09/2009 08:37:59 PM
* /author Magic(CHD-ZYP), magicpang@gmail.com
* /company SECRET
******************************************************************************/

#include    <cstdlib>
#include    <cstdio>

void son_fun(int &num, float **p)
{
    *p = new float[num];
}

void mo_fun(int &num, float **pm, float *pn)
{
    float *m_ptemp;

    *pm = new float[num];
//    *pm = new float[5];
    son_fun(num, &m_ptemp);

    for(int k = 0; k < num; k++)
    {
        *pm[k] = m_ptemp[k];
    }
    delete []m_ptemp;
}

int main ( int argc, char *argv[] )
{
    int     num = 5;
    float   *pf;
    float   *nothing = NULL;

    mo_fun(num, &pf, nothing);

    return EXIT_SUCCESS;
}

Makefile如下

CPP = g++

FLAG = -g -Wall
VALFLAG = --leak-check=full --show-reachable=yes

TARGET = wildpointer

$(TARGET): wildpointer.o
    $(CPP) wildpointer.o -o $(TARGET)

wildpointer.o: wildpointer.cc
    $(CPP) $(FLAG) -c wildpointer.cc

.PHONY: clean

clean:
    @find . -type f -executable | xargs rm
    @rm -f *.o

run: $(TARGET)
    ./$(TARGET)

check: $(TARGET)
    valgrind $(VALFLAG) ./$(TARGET)

运行make check
valgrind给的输出如下
为了把这个输出加到下面用了下面的方法
使用valgrind的选项--log-file=<fname>
cat <fname> >> wildpointer.txt

valgrind --leak-check=full --show-reachable=yes ./wildpointer
==30832== Memcheck, a memory error detector.
==30832== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==30832== Using LibVEX rev 1884, a library for dynamic binary translation.
==30832== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==30832== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework.
==30832== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==30832== For more details, rerun with: -v
==30832==
==30832== My PID = 30832, parent PID = 28002. Prog and args are:
==30832==    ./wildpointer
==30832==
==30832== Invalid write of size 4
==30832==    at 0x8048564: mo_fun(int&, float**, float*) (wildpointer.cc:29)
==30832==    by 0x80485BF: main (wildpointer.cc:41)
==30832== Address 0x5 is not stack'd, malloc'd or (recently) free'd
==30832==
==30832== Process terminating with default action of signal 11 (SIGSEGV)
==30832== Access not within mapped region at address 0x5
==30832==    at 0x8048564: mo_fun(int&, float**, float*) (wildpointer.cc:29)
==30832==    by 0x80485BF: main (wildpointer.cc:41)
==30832== If you believe this happened as a result of a stack overflow in your
==30832== program's main thread (unlikely but possible), you can try to increase
==30832== the size of the main thread stack using the --main-stacksize= flag.
==30832== The main thread stack size used in this run was 8388608.
==30832==
==30832== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 17 from 1)
==30832== malloc/free: in use at exit: 40 bytes in 2 blocks.
==30832== malloc/free: 2 allocs, 0 frees, 40 bytes allocated.
==30832== For counts of detected errors, rerun with: -v
==30832== searching for pointers to 2 not-freed blocks.
==30832== checked 93,252 bytes.
==30832==
==30832==
==30832== 20 bytes in 1 blocks are still reachable in loss record 1 of 2
==30832==    at 0x402630E: operator new[](unsigned int) (vg_replace_malloc.c:268)
==30832==    by 0x8048509: son_fun(int&, float**) (wildpointer.cc:16)
==30832==    by 0x8048541: mo_fun(int&, float**, float*) (wildpointer.cc:25)
==30832==    by 0x80485BF: main (wildpointer.cc:41)
==30832==
==30832==
==30832== 20 bytes in 1 blocks are still reachable in loss record 2 of 2
==30832==    at 0x402630E: operator new[](unsigned int) (vg_replace_malloc.c:268)
==30832==    by 0x8048528: mo_fun(int&, float**, float*) (wildpointer.cc:23)
==30832==    by 0x80485BF: main (wildpointer.cc:41)
==30832==
==30832== LEAK SUMMARY:
==30832==    definitely lost: 0 bytes in 0 blocks.
==30832==      possibly lost: 0 bytes in 0 blocks.
==30832==    still reachable: 40 bytes in 2 blocks.
==30832==         suppressed: 0 bytes in 0 blocks.

第一个错误
==30832== Invalid write of size 4
==30832==    at 0x8048564: mo_fun(int&, float**, float*) (wildpointer.cc:29)
==30832==    by 0x80485BF: main (wildpointer.cc:41)
==30832== Address 0x5 is not stack'd, malloc'd or (recently) free'd
在文档中对这种错误的描述是
This happens when your program reads or writes memory at a place which Memcheck reckons it shouldn't
memcheck可以检测程序读写不属于程序的内存
对应的wildpointer.cc:29
        *pm[k] = m_ptemp[k];
这个就是要理解“指针的指针”,以及＊和［］的优先级了
猜测这个代码的本意是(*pm)[k] = m_ptemp[k]或者写成*(*pm + k) = m_ptemp[k];

修补了上面这个错误之后，再次运行make check,只有一个错误
|| ==31459== 20 bytes in 1 blocks are definitely lost in loss record 1 of 1
|| ==31459==    at 0x402630E: operator new[](unsigned int) (vg_replace_malloc.c:268)
|| ==31459==    by 0x8048528: mo_fun(int&, float**, float*) (wildpointer.cc:23)
|| ==31459==    by 0x80485C2: main (wildpointer.cc:41)

这种错误就是malloc/new之后却没有对应的释放了。