Valgrind内存泄漏检查及定位利器

1.安装

Ubuntu系统，执行

 

apt-get install valgrind。

 

2.命令介绍

（1）查看所有命令介绍

valgrind --help

 

拷贝部分说明出来

usage: valgrind [options] prog-and-args

 

  tool-selection option, with default in [ ]:

    --tool=<name>      use the Valgrind tool named <name> [memcheck]

 

  basic user options for all Valgrind tools, with defaults in [ ]:

    -h --help      show this message

    --help-debug       show this message, plus debugging options

    --version       show version

    -q --quiet       run silently; only print error msgs

    -v --verbose       be more verbose -- show misc extra info

 

  user options for Valgrind tools that report errors:

    --xml=yes       emit error output in XML (some tools only)

    --xml-fd=<number>       XML output to file descriptor

    --xml-file=<file>       XML output to <file>

    --xml-socket=ipaddr:port  XML output to socket ipaddr:port

 

 user options for Valgrind tools that replace malloc:

    --alignment=<number>      set minimum alignment of heap allocations [8]

    --redzone-size=<number>   set minimum size of redzones added before/after

      heap blocks (in bytes). [16]

 

  uncommon user options for all Valgrind tools:

    --fullpath-after=       (with nothing after the '=')

      show full source paths in call stacks

    --fullpath-after=string   like --fullpath-after=, but only show t

 

 user options for Memcheck:

    --leak-check=no|summary|full     search for memory leaks at exit?  [summary]

    --leak-resolution=low|med|high   differentiation of leak stack traces [high]

    --show-leak-kinds=kind1,kind2,.. which leak kinds to show?

    [definite,possible]

    --errors-for-leak-kinds=kind1,kind2,..  which leak kinds are errors?

    [definite,possible]

where kind is one of:

  definite indirect possible reachable all none

（2）内存泄漏检测命令（一般用法）

 valgrind --tool=memcheck --leak-check=full ./a.out

 -tool指定了memcheck，如果不指定，默认也是memcheck

 a.out是可执行文件

3.实例介绍

（1）源码1.c

#include <stdio.h>#include <string.h>#include <stdlib.h>void func(){int i;if(i){char *p = (char *)malloc(10);p[1100] = 0;}else{char a[10] = {0};a[1100] = 3;}return;}void func2(){char a[3];char b[5];strcpy(a,b);}int main(){func();func2();return 0;}

（2）内存检测结果

先编译 gcc  1.c   -g  -o   a.out  ，注意一定要加上-g，否则内存检测无法显示行号。

执行如下命令

valgrind --tool=memcheck --leak-check=full ./a.out

结果如下：

root@ubuntu:/share# valgrind --tool=memcheck --leak-check=full ./a.out
==18198== Memcheck, a memory error detector
==18198== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==18198== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==18198== Command: ./a.out
==18198== 
==18198== Conditional jump or move depends on uninitialised value(s)
==18198==    at 0x80484B0: func (1.c:8)
==18198==    by 0x804854B: main (1.c:31)
==18198== 
==18198== Invalid write of size 1
==18198==    at 0x80484CA: func (1.c:11)
==18198==    by 0x804854B: main (1.c:31)
==18198==  Address 0x420c474 is 1,036 bytes inside an unallocated block of size 4,194,176 in arena "client"
==18198== 
==18198== Conditional jump or move depends on uninitialised value(s)
==18198==    at 0x402F495: strcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18198==    by 0x804851E: func2 (1.c:26)
==18198==    by 0x8048550: main (1.c:32)
==18198== 
==18198== 
==18198== HEAP SUMMARY:
==18198==     in use at exit: 10 bytes in 1 blocks
==18198==   total heap usage: 1 allocs, 0 frees, 10 bytes allocated
==18198== 
==18198== 10 bytes in 1 blocks are definitely lost in loss record 1 of 1
==18198==    at 0x402C19C: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18198==    by 0x80484BB: func (1.c:10)
==18198==    by 0x804854B: main (1.c:31)
==18198== 
==18198== LEAK SUMMARY:
==18198==    definitely lost: 10 bytes in 1 blocks
==18198==    indirectly lost: 0 bytes in 0 blocks
==18198==      possibly lost: 0 bytes in 0 blocks
==18198==    still reachable: 0 bytes in 0 blocks
==18198==         suppressed: 0 bytes in 0 blocks
==18198== 
==18198== For counts of detected and suppressed errors, rerun with: -v
==18198== Use --track-origins=yes to see where uninitialised values come from
==18198== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
root@ubuntu:/share# 

分析：

指出条件变量未初始化

==18198== Conditional jump or move depends on uninitialised value(s)
==18198==    at 0x80484B0: func (1.c:8)
==18198==    by 0x804854B: main (1.c:31)

，显示了文件名和行号，和函数名。

也可以通过以下命令知道文件名和行号，比如以上这两行

root@ubuntu:/share# addr2line -e a.out 0x80484B0
/share/1.c:8
root@ubuntu:/share# 

root@ubuntu:/share# 
root@ubuntu:/share# addr2line -e a.out 0x804854B
/share/1.c:31
root@ubuntu:/share# 

指出指针越界或者数组越界

=18198== Invalid write of size 1
==18198==    at 0x80484CA: func (1.c:11)
==18198==    by 0x804854B: main (1.c:31)
==18198==  Address 0x420c474 is 1,036 bytes inside an unallocated block of size 4,194,176 in arena "client"

拷贝越界

== Conditional jump or move depends on uninitialised value(s)
==18198==    at 0x402F495: strcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18198==    by 0x804851E: func2 (1.c:26)
==18198==    by 0x8048550: main (1.c:32)

内存泄漏（重要）

==18198== 10 bytes in 1 blocks are definitely lost in loss record 1 of 1
==18198==    at 0x402C19C: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18198==    by 0x80484BB: func (1.c:10)
==18198==    by 0x804854B: main (1.c:31)