valgrind,mudflap检查内存越界

2013年5月31日 由 Creater 留言 »

我一直使用valgrind这个小工具来检测一些内存问题,虽然该工具检测不是那么准确,但是也可以作为指导。今天发现了另外一个内存检测软件mudflap,决定使用使用。但是很遗憾,项目中代码比较庞大,结果使用该工具后导致“吐核”,查了手册,原来只支持“(C and very simple C++ programs)”。

要使用mudflap要求GCC版本不低于4.0, 而且默认的linux分发版本都没有装这个东东, 需要手动安装:
fedora等使用yum的系统安装命令:
yum install libmudflap libmudflap-devel
测试代码mudflap_test.c如下:

#include <stdlib.h>                                                                                                          
#include <stdio.h>
#include <string.h>
#include <sys/time.h>

int main(void) 
{
    printf( "%s:%d ------------------------------------------------\n", __FILE__, __LINE__ );

    //char p1[256];                     //栈越界测试
    char *p1 = (char *) malloc(256);    //堆越界测试
    p1[256] = '0';                      //下地址越界
    sleep(1);
    printf( "\n%s:%d ------------------------------------------------\n", __FILE__, __LINE__ );
    memset( p1, 0, 257 );               //函数赋值长度过长
    sleep(1);
    printf( "\n%s:%d ------------------------------------------------\n", __FILE__, __LINE__ );
    char *pTest1 = p1 + 256;
    *pTest1 = '0';                      //下地址越界
    sleep(1);
    printf( "\n%s:%d ------------------------------------------------\n", __FILE__, __LINE__ );
    char *pTest2 = p1 - 1;              //上地址越界
    *pTest2 = '0';

    printf( "\n%s:%d ------------------------------------------------\n", __FILE__, __LINE__ );
    sleep(10);
    return 0;
} 

编译以及运行代码如下(堆越界和栈越界输出整体类似, 局部有点小差异):

[mgqw@mgqw memtools]$ gcc mudflap_test.c -fmudflap -lmudflap
[mgqw@mgqw memtools]$ ./a.out 
mudflap_test.c:8 ------------------------------------------------
*******
mudflap violation 1 (check/write): time=1338606358.121363 ptr=0x879da48 size=1
pc=0x1182de location=`mudflap_test.c:12:13 (main)'
      /usr/lib/libmudflap.so.0(__mf_check+0x3e) [0x1182de]
      ./a.out(main+0xa7) [0x804883b]
      /usr/lib/libmudflap.so.0(__wrap_main+0x4a) [0x1176da]
Nearby object 1: checked region begins 1B after and ends 1B after
mudflap object 0x879da70: name=`malloc region'
bounds=[0x879d948,0x879da47] size=256 area=heap check=0r/0w liveness=0
alloc time=1338606358.120588 pc=0x11766e
      /usr/lib/libmudflap.so.0(__mf_register+0x3e) [0x11766e]
      /usr/lib/libmudflap.so.0(__wrap_malloc+0xe3) [0x1187e3]
      ./a.out(main+0x42) [0x80487d6]
      /usr/lib/libmudflap.so.0(__wrap_main+0x4a) [0x1176da]
number of nearby objects: 1

mudflap_test.c:14 ------------------------------------------------
*******
mudflap violation 2 (check/write): time=1338606359.122117 ptr=0x879d948 size=257
pc=0x1182de location=`(memset dest)'
      /usr/lib/libmudflap.so.0(__mf_check+0x3e) [0x1182de]
      /usr/lib/libmudflap.so.0(__mfwrap_memset+0xdf) [0x119d4f]
      ./a.out(main+0xfc) [0x8048890]
Nearby object 1: checked region begins 0B into and ends 1B after
mudflap object 0x879da70: name=`malloc region'
number of nearby objects: 1

mudflap_test.c:17 ------------------------------------------------
*******
mudflap violation 3 (check/write): time=1338606360.122456 ptr=0x879da48 size=1
pc=0x1182de location=`mudflap_test.c:19:13 (main)'
      /usr/lib/libmudflap.so.0(__mf_check+0x3e) [0x1182de]
      ./a.out(main+0x183) [0x8048917]
      /usr/lib/libmudflap.so.0(__wrap_main+0x4a) [0x1176da]
Nearby object 1: checked region begins 1B after and ends 1B after
mudflap object 0x879da70: name=`malloc region'
number of nearby objects: 1

mudflap_test.c:21 ------------------------------------------------
*******
mudflap violation 4 (check/write): time=1338606361.123759 ptr=0x879d947 size=1
pc=0x1182de location=`mudflap_test.c:23:13 (main)'
      /usr/lib/libmudflap.so.0(__mf_check+0x3e) [0x1182de]
      ./a.out(main+0x21c) [0x80489b0]
      /usr/lib/libmudflap.so.0(__wrap_main+0x4a) [0x1176da]
Nearby object 1: checked region begins 1B before and ends 1B before
mudflap object 0x879da70: name=`malloc region'
number of nearby objects: 1

mudflap_test.c:25 ------------------------------------------------

不管是堆还是栈, 不管是上行地址越界还是下行地址越界都能准确定位出来.

广告位

发表评论

你必须 登陆 方可发表评论.