Bye Bye Moore

PoCソルジャーな零細事業主が作業メモを残すブログ

Valgrindをつかってメモリ破壊してないかチェックする

実際のところ

まずは公式チュートリアル通りの以下のスクリプトをやってみましょう。
(コメントは日本語してみました)

#include <stdlib.h>

void f(void)
{
    int* x = malloc(10 * sizeof(int));
    x[10] = 0;        // 問題その1: ヒープ領域ぶっちぎってる
}                    // 問題その2: 使い終わったxが解放されてない。

int main(void)
{
   f();
   return 0;
}

では、これをvalgrindにかけてみます。

 $ valgrind --leak-check=yes 

すると、結果がこんな感じ。

$ valgrind --leak-check=yes testscript.o
==9795== Memcheck, a memory error detector
==9795== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==9795== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==9795== Command: testscript.o
==9795== 
--9795-- run: /usr/bin/dsymutil "./testscript.o"
warning: no debug symbols in executable (-arch x86_64)
==9795== Invalid write of size 4
==9795==    at 0x100000F5C: f (in ./testscript.o)
==9795==    by 0x100000F83: main (in ./testscript.o)
==9795==  Address 0x100dea988 is 0 bytes after a block of size 40 alloc'd
==9795==    at 0x1000AC086: malloc (in /usr/local/Cellar/valgrind/3.14.0/lib/valgrind/vgpreload_memcheck-amd64-darwin.so)
==9795==    by 0x100000F53: f (in ./testscript.o)
==9795==    by 0x100000F83: main (in ./testscript.o)
==9795== 
==9795== 
==9795== HEAP SUMMARY:
==9795==     in use at exit: 18,724 bytes in 164 blocks
==9795==   total heap usage: 185 allocs, 21 frees, 27,172 bytes allocated
==9795== 
==9795== 40 bytes in 1 blocks are definitely lost in loss record 15 of 43
==9795==    at 0x1000AC086: malloc (in /usr/local/Cellar/valgrind/3.14.0/lib/valgrind/vgpreload_memcheck-amd64-darwin.so)
==9795==    by 0x100000F53: f (in ./testscript.o)
==9795==    by 0x100000F83: main (in ./testscript.o)
==9795== 
==9795== 72 bytes in 3 blocks are possibly lost in loss record 27 of 43
==9795==    at 0x1000AC6EA: calloc (in /usr/local/Cellar/valgrind/3.14.0/lib/valgrind/vgpreload_memcheck-amd64-darwin.so)
==9795==    by 0x1007567E2: map_images_nolock (in /usr/lib/libobjc.A.dylib)
==9795==    by 0x1007697DA: objc_object::sidetable_retainCount() (in /usr/lib/libobjc.A.dylib)
==9795==    by 0x100007C64: dyld::notifyBatchPartial(dyld_image_states, bool, char const* (*)(dyld_image_states, unsigned int, dyld_image_info const*), bool, bool) (in /usr/lib/dyld)
==9795==    by 0x100007E39: dyld::registerObjCNotifiers(void (*)(unsigned int, char const* const*, mach_header const* const*), void (*)(char const*, mach_header const*), void (*)(char const*, mach_header const*)) (in /usr/lib/dyld)
==9795==    by 0x10022171D: _dyld_objc_notify_register (in /usr/lib/system/libdyld.dylib)
==9795==    by 0x100756075: _objc_init (in /usr/lib/libobjc.A.dylib)
==9795==    by 0x1001ABB34: _os_object_init (in /usr/lib/system/libdispatch.dylib)
==9795==    by 0x1001ABB1B: libdispatch_init (in /usr/lib/system/libdispatch.dylib)
==9795==    by 0x1000BA9C2: libSystem_initializer (in /usr/lib/libSystem.B.dylib)
==9795==    by 0x100019AC5: ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) (in /usr/lib/dyld)
==9795==    by 0x100019CF5: ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) (in /usr/lib/dyld)
==9795== 
==9795== LEAK SUMMARY:
==9795==    definitely lost: 40 bytes in 1 blocks
==9795==    indirectly lost: 0 bytes in 0 blocks
==9795==      possibly lost: 72 bytes in 3 blocks
==9795==    still reachable: 200 bytes in 6 blocks
==9795==         suppressed: 18,412 bytes in 154 blocks
==9795== Reachable blocks (those to which a pointer was found) are not shown.
==9795== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==9795== 
==9795== For counts of detected and suppressed errors, rerun with: -v
==9795== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 12 from 12)

参考もと

valgrind.org
valgrind.org