文章目录
应用场景
请想象以下场景:
辛苦了几个星期,新鲜出炉的几K代码,终于运行起来了。开始测试各项功能指标,一顿操作猛如虎,几个小时过去了,正当准备测试最后一项的时候,程序崩溃了。经过一顿定位,查看日志,发现内存申请失败了。
其实,对于程序员来说,这再正常不过的家常便饭了,谁还没写出过bug,谁还没写出过内存泄漏的代码,只是泄漏多与少的问题。不要慌,不要乱,带上你的排坑卫士Valgrind一起跑,等程序运行结束了,就会给出坑位在哪儿的地图,然后再根据地图指示进行快速填坑。
内存泄漏的常见情况
一句话:内存申请使用后,未释放内存。
细分:
malloc/calloc/realloc之后,未使用free释放内存new之后,未使用delete释放内存- 多线程场景下:未做多线程保护,重复为同一个变量申请内存
- 线程未正常退出,资源未释放
内存泄漏检测工具局限性
- 只能检测程序运行过的流程中的内存资源是否存在泄漏,未运行的流程分支,都无法检测。因为未运行,就不涉及内存的申请与释放。因此,需要覆盖完全的话,则需要覆盖所有的分支和流程。
- 如果程序退出时,还与申请内存的变量在同一个作用域范围内,无法检测到内存泄漏
- 仅支持程序的正常退出和信号为
SIGINT(ctrl+c)的程序退出,不支持kill -9程序的操作
工具安装
1. 下载开源软件包
请点击valgrind 3.21.0.tar.bz2下载。或直接在valgrind官网下载最新的版本。
2. 编译安装
解压软件包:
tar -xf valgrind-3.21.0.tar.bz2
编译软件包:
cd valgrind-3.21.0
sudo mkdir -p /home/soft/valgrind
./configure --prefix=/home/soft/valgrind # 软件包安装位置:/home/soft/valgrind
sudo make install
3.配置环境变量
配置环境变量,支持在Linux的任何一个目录,都支持访问valgrind可执行程序.
vim ~/.bashrc
# begin: 以下内存为 ~/.bashrc 文件尾部追加
export PATH=$PATH:/home/soft/valgrind/bin
# end: 以上内存为 ~/.bashrc 文件尾部追加
source ~/.bashrc
4.检查安装结果
valgrind --version # 在Linux的任何一个目录中执行此命令
工具使用
1.编译未优化,且带调试信息版本的可执行程序
g++ Xxxx.cpp -O0 -o Xxxx
2.程序运行
日志文件中%p,代表不同的进程,每次运行避免日志文件被覆盖。
valgrind --tool=memcheck --leak-check=full --log-file=Xxxx%p.log ./Xxxx
3.查看报告结果
找到运行输出的日志文件Xxxx%.log。
definitely lost:表示明确的内存泄漏,必须解决清0indirectly lost:表示间接的内存泄漏,必须解决清0possibly lost:可能内存泄漏,需要再排查一下,是否在进程退出时,内存的泄漏。
常见场景举例
不存在内存泄漏
代码示例:
#include <cstdlib>
void Demo()
{
int* ptr = reinterpret_cast<int*>(malloc(10 * sizeof(int)));
if (ptr != nullptr) {
free(ptr);
}
}
int main()
{
Demo();
return 0;
}
通过工具使用章节,运行后的结果如下:
==273== Memcheck, a memory error detector
==273== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==273== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==273== Command: ./test
==273== Parent PID: 186
==273==
==273==
==273== HEAP SUMMARY:
==273== in use at exit: 0 bytes in 0 blocks
==273== total heap usage: 1 allocs, 1 frees, 40 bytes allocated
==273==
==273== All heap blocks were freed -- no leaks are possible
==273==
==273== For lists of detected and suppressed errors, rerun with: -s
==273== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
malloc内存未free
代码示例:
#include <cstdlib>
void Demo()
{
int* ptr = reinterpret_cast<int*>(malloc(10 * sizeof(int)));
}
int main()
{
Demo();
return 0;
}
通过工具使用章节,运行后的结果如下:
==337== Memcheck, a memory error detector
==337== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==337== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==337== Command: ./test
==337== Parent PID: 186
==337==
==337==
==337== HEAP SUMMARY:
==337== in use at exit: 40 bytes in 1 blocks
==337== total heap usage: 1 allocs, 0 frees, 40 bytes allocated
==337==
==337== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1
==337== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==337== by 0x10915E: Demo() (in /tmp/memleak/test)
==337== by 0x109172: main (in /tmp/memleak/test)
==337==
==337== LEAK SUMMARY:
==337== definitely lost: 40 bytes in 1 blocks
==337== indirectly lost: 0 bytes in 0 blocks
==337== possibly lost: 0 bytes in 0 blocks
==337== still reachable: 0 bytes in 0 blocks
==337== suppressed: 0 bytes in 0 blocks
==337==
==337== For lists of detected and suppressed errors, rerun with: -s
==337== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
解决方案
使用free释放内存
new内存未delete
代码示例:
void Demo()
{
int* ptr = new int[10]();
}
int main()
{
Demo();
return 0;
}
通过工具使用章节,运行后的结果如下:
==392== Memcheck, a memory error detector
==392== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==392== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==392== Command: ./test
==392== Parent PID: 186
==392==
==392==
==392== HEAP SUMMARY:
==392== in use at exit: 40 bytes in 1 blocks
==392== total heap usage: 2 allocs, 1 frees, 72,744 bytes allocated
==392==
==392== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1
==392== at 0x483C583: operator new[](unsigned long) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==392== by 0x10915E: Demo() (in /tmp/memleak/test)
==392== by 0x109192: main (in /tmp/memleak/test)
==392==
==392== LEAK SUMMARY:
==392== definitely lost: 40 bytes in 1 blocks
==392== indirectly lost: 0 bytes in 0 blocks
==392== possibly lost: 0 bytes in 0 blocks
==392== still reachable: 0 bytes in 0 blocks
==392== suppressed: 0 bytes in 0 blocks
==392==
==392== For lists of detected and suppressed errors, rerun with: -s
==392== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
解决方案
使用delete释放内存
new[]内存使用delete
代码示例:
void Demo()
{
int* ptr = new int[10]();
if (ptr != nullptr) {
delete ptr;
}
}
int main()
{
Demo();
return 0;
}
通过工具使用章节,运行后的结果如下:
不存在内存泄漏,但是内存申请和释放不匹配。
==478== Memcheck, a memory error detector
==478== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==478== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==478== Command: ./test
==478== Parent PID: 186
==478==
==478== Mismatched free() / delete / delete []
==478== at 0x483D1CF: operator delete(void*, unsigned long) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==478== by 0x1091BF: Demo() (in /tmp/memleak/test)
==478== by 0x1091CF: main (in /tmp/memleak/test)
==478== Address 0x4db1c80 is 0 bytes inside a block of size 40 alloc'd
==478== at 0x483C583: operator new[](unsigned long) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==478== by 0x10917E: Demo() (in /tmp/memleak/test)
==478== by 0x1091CF: main (in /tmp/memleak/test)
==478==
==478==
==478== HEAP SUMMARY:
==478== in use at exit: 0 bytes in 0 blocks
==478== total heap usage: 2 allocs, 2 frees, 72,744 bytes allocated
==478==
==478== All heap blocks were freed -- no leaks are possible
==478==
==478== For lists of detected and suppressed errors, rerun with: -s
==478== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
解决方案
使用delete[]释放内存
多线程重复申请
代码示例:
#include <thread>
#include <vector>
using namespace std;
int* g_ptr = nullptr;
void Run()
{
g_ptr = new int[10]();
}
void MultiThread()
{
vector<thread> threads;
constexpr int num = 10;
for (int i = 0; i < num; ++i) {
threads.emplace_back(thread(Run));
}
for (auto& th : threads) {
th.join();
}
}
int main()
{
MultiThread();
if (g_ptr != nullptr) {
delete[] g_ptr;
}
return 0;
}
注意:涉及多线程时,编译需要增加 -lpthread 的链接选项。
通过工具使用章节,运行后的结果如下:
==2281== Memcheck, a memory error detector
==2281== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==2281== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==2281== Command: ./test
==2281== Parent PID: 186
==2281==
==2281==
==2281== HEAP SUMMARY:
==2281== in use at exit: 360 bytes in 9 blocks
==2281== total heap usage: 36 allocs, 27 frees, 76,392 bytes allocated
==2281==
==2281== 360 bytes in 9 blocks are definitely lost in loss record 1 of 1
==2281== at 0x483C583: operator new[](unsigned long) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==2281== by 0x10933A: Run() (in /tmp/memleak/test)
==2281== by 0x10B009: void std::__invoke_impl<void, void (*)()>(std::__invoke_other, void (*&&)()) (in /tmp/memleak/test)
==2281== by 0x10AFA1: std::__invoke_result<void (*)()>::type std::__invoke<void (*)()>(void (*&&)()) (in /tmp/memleak/test)
==2281== by 0x10AF33: void std::thread::_Invoker<std::tuple<void (*)()> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) (in /tmp/memleak/test)
==2281== by 0x10AEF0: std::thread::_Invoker<std::tuple<void (*)()> >::operator()() (in /tmp/memleak/test)
==2281== by 0x10AEC1: std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)()> > >::_M_run() (in /tmp/memleak/test)
==2281== by 0x4956DE3: ??? (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28)
==2281== by 0x4865608: start_thread (pthread_create.c:477)
==2281== by 0x4B9C132: clone (clone.S:95)
==2281==
==2281== LEAK SUMMARY:
==2281== definitely lost: 360 bytes in 9 blocks
==2281== indirectly lost: 0 bytes in 0 blocks
==2281== possibly lost: 0 bytes in 0 blocks
==2281== still reachable: 0 bytes in 0 blocks
==2281== suppressed: 0 bytes in 0 blocks
==2281==
==2281== For lists of detected and suppressed errors, rerun with: -s
==2281== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
解决方案
多线程场景下,需要对共同写的变量做互斥保护。
线程运行未结束异常退出
代码示例:
#include <chrono>
#include <thread>
using namespace std;
void Run()
{
this_thread::sleep_for(chrono::seconds(10));
}
void OneThread()
{
thread th(Run);
th.join();
}
int main()
{
OneThread();
return 0;
}
注:该程序,需要在程序未运行结束之前使用ctrl+c终止程序。
通过工具使用章节,运行后的结果如下:
==2526== Memcheck, a memory error detector
==2526== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==2526== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==2526== Command: ./test
==2526== Parent PID: 186
==2526==
==2526==
==2526== Process terminating with default action of signal 2 (SIGINT)
==2526== at 0x4866CD7: __pthread_clockjoin_ex (pthread_join_common.c:145)
==2526== by 0x4957046: std::thread::join() (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28)
==2526== by 0x1092FB: OneThread() (in /tmp/memleak/test)
==2526== by 0x109350: main (in /tmp/memleak/test)
==2526==
==2526== HEAP SUMMARY:
==2526== in use at exit: 304 bytes in 2 blocks
==2526== total heap usage: 3 allocs, 1 frees, 73,008 bytes allocated
==2526==
==2526== 288 bytes in 1 blocks are possibly lost in loss record 2 of 2
==2526== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==2526== by 0x40149DA: allocate_dtv (dl-tls.c:286)
==2526== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
==2526== by 0x4866322: allocate_stack (allocatestack.c:622)
==2526== by 0x4866322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660)
==2526== by 0x49570A8: std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28)
==2526== by 0x109838: std::thread::thread<void (&)(), , void>(void (&)()) (in /tmp/memleak/test)
==2526== by 0x1092EF: OneThread() (in /tmp/memleak/test)
==2526== by 0x109350: main (in /tmp/memleak/test)
==2526==
==2526== LEAK SUMMARY:
==2526== definitely lost: 0 bytes in 0 blocks
==2526== indirectly lost: 0 bytes in 0 blocks
==2526== possibly lost: 288 bytes in 1 blocks
==2526== still reachable: 16 bytes in 1 blocks
==2526== suppressed: 0 bytes in 0 blocks
==2526== Reachable blocks (those to which a pointer was found) are not shown.
==2526== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==2526==
==2526== For lists of detected and suppressed errors, rerun with: -s
==2526== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
解决方案
此种场景主要是程序退出时未正常释放内存资源,出现的可能内存泄漏。让运行的线程能够正常的退出。
memcheck无法检测的场景
此种场景,是无法检测出内存泄漏的。
申请内存在同一个上下文,程序异常退出
代码示例:
#include <thread>
#include <chrono>
using namespace std;
int main()
{
int* ptr = new int[10]();
this_thread::sleep_for(chrono::seconds(10));
return 0;
}
注:该程序,需要在程序未运行结束之前使用ctrl+c终止程序。
通过工具使用章节,运行后的结果如下:
==3189== Memcheck, a memory error detector
==3189== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3189== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==3189== Command: ./test
==3189== Parent PID: 186
==3189==
==3189==
==3189== Process terminating with default action of signal 2 (SIGINT)
==3189== at 0x4B1C1B4: clock_nanosleep@@GLIBC_2.17 (clock_nanosleep.c:78)
==3189== by 0x4B21EC6: nanosleep (nanosleep.c:27)
==3189== by 0x10959D: void std::this_thread::sleep_for<long, std::ratio<1l, 1l> >(std::chrono::duration<long, std::ratio<1l, 1l> > const&) (in /tmp/memleak/test)
==3189== by 0x109217: main (in /tmp/memleak/test)
==3189==
==3189== HEAP SUMMARY:
==3189== in use at exit: 40 bytes in 1 blocks
==3189== total heap usage: 2 allocs, 1 frees, 72,744 bytes allocated
==3189==
==3189== LEAK SUMMARY:
==3189== definitely lost: 0 bytes in 0 blocks
==3189== indirectly lost: 0 bytes in 0 blocks
==3189== possibly lost: 0 bytes in 0 blocks
==3189== still reachable: 40 bytes in 1 blocks
==3189== suppressed: 0 bytes in 0 blocks
==3189== Reachable blocks (those to which a pointer was found) are not shown.
==3189== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==3189==
==3189== For lists of detected and suppressed errors, rerun with: -s
==3189== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
容器或者缓存一直增长
代码示例:
#include <cstdint>
#include <thread>
#include <chrono>
#include <vector>
using namespace std;
vector<uint32_t> g_memPool;
void Fun(uint32_t num)
{
g_memPool.push_back(num);
}
int32_t main()
{
for (uint8_t i = 0; i < 256; ++i) {
Fun(i);
this_thread::sleep_for(chrono::milliseconds(10));
}
return 0;
}
注:该程序,需要在程序未运行结束之前使用ctrl+c终止程序。
通过工具使用章节,运行后的结果如下:
==636== Memcheck, a memory error detector
==636== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==636== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==636== Command: ./test
==636== Parent PID: 383
==636==
==636==
==636== Process terminating with default action of signal 2 (SIGINT)
==636== at 0x4B371B4: clock_nanosleep@@GLIBC_2.17 (clock_nanosleep.c:78)
==636== by 0x4B3CEC6: nanosleep (nanosleep.c:27)
==636== by 0x109908: void std::this_thread::sleep_for<long, std::ratio<1l, 1000l> >(std::chrono::duration<long, std::ratio<1l, 1000l> > const&) (in /tmp/memleak/test)
==636== by 0x10933D: main (in /tmp/memleak/test)
==636==
==636== HEAP SUMMARY:
==636== in use at exit: 32,768 bytes in 1 blocks
==636== total heap usage: 15 allocs, 14 frees, 138,236 bytes allocated
==636==
==636== LEAK SUMMARY:
==636== definitely lost: 0 bytes in 0 blocks
==636== indirectly lost: 0 bytes in 0 blocks
==636== possibly lost: 0 bytes in 0 blocks
==636== still reachable: 32,768 bytes in 1 blocks
==636== suppressed: 0 bytes in 0 blocks
==636== Reachable blocks (those to which a pointer was found) are not shown.
==636== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==636==
==636== For lists of detected and suppressed errors, rerun with: -s
==636== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
question
以上的两种情况该如何通过工具检测出来呢?请看下集内存使用统计工具
2963
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
