C/C++ Valgrind/memcheck not working ?

nicolas_c

New Member


Messages: 1

Hello,

As I wanted to make C code on a FreeBSD development environment, I tried to run valgrind (tool memcheck) to detect memory leaks. However, some problems occurred :
  • valgrind does not detect leaks in my test code - but detects invalid writes ;
  • symbols are not shown.
My test code is the following :
C:
#include <string.h>
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv)
{
  char *test = malloc(10);

  strcpy(test, "dddddd");
  printf("test %s\n", test);

  test = malloc(42);
  strcpy(test, "dddddddddddddddddddd");
  printf("test %s\n", test);
 
  free(test);

  *(char *)0xdeadbeef = 0;
  return 0;
}
Compile command :
cc main.c -O0 -g -o test

Valgrind command (and relevant output parts):
Code:
valgrind --tool=memcheck --leak-check=yes --leak-resolution=high --track-origins=yes --undef-value-errors=yes --show-leak-kinds=all --track-fds=yes --trace-children=no --vgdb=no --show-reachable=yes --verbose --error-exitcode=1 ./test
[...]
--81349-- Reading syms from /root/TEST/test2
--81349-- ELF section outside all mapped regions
[...]
--81349-- Reading syms from /lib/libc.so.7
--81349-- ELF section outside all mapped regions
[...]
==81349== Invalid write of size 1
==81349==    at 0x201376: ??? (in /root/TEST/test2)
==81349==    by 0x20110E: ??? (in /root/TEST/test2)
==81349==    by 0x4828FFF: ???
==81349==  Address 0xdeadbeef is not stack'd, malloc'd or (recently) free'd
[...]
==81349== HEAP SUMMARY:
==81349==     in use at exit: 0 bytes in 0 blocks
==81349==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==81349== 
==81349== All heap blocks were freed -- no leaks are possible
==81349== 
==81349== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Can someone help me to understand :
  • why valgrind does not even show symbol in my test executable (whereas compiled with -g) ?
  • Is valgrind able to detect memory leaks without knowledge of symbols ?
  • Is there some special things to do to use the debug files, especially /usr/lib/debug/lib/libc.so.7.debug ?

Version information :
  • FreeBSD-12
  • valgrind 3.10.1.20160113_7,1 from binary repository (same issue when rebuilding it from port devel/valgrind or devel/valgrind-devel)

I also have a look at clang analyzers (asan and ubsan works, I love it), but lsan (leakSanitizer) has not been ported to FreeBSD. Also in ports I tried ElectricFence, which seems broken (segfault). However, google-perftools with the heap profiler works (but not the leak profiler), but only with code calling tc_malloc explicitly (not my use case).

I looked at jemalloc with MALLOC_CONF=prof_leak:true :
$ MALLOC_CONF=prof_leak:true ./test
<jemalloc>: Invalid conf pair: prof_leak:true
...

It seems that jemalloc included in /usr/src has not been build with --enable-prof.
I also try mprof, it works. But copying all required libraries in the test directory would be annoying with my build environment.

My main question is : is someone succeed in using valgrind/memcheck on FreeBSD 12 ?

Thanks in advance !
 

AlexanderProphet

Active Member

Reaction score: 33
Messages: 152

I also try mprof, it works.
This is the most beautiful thing I've heard in a long time! Thank you. I will take your feedback into account.
Sorry I can't address your particular issue - I was also very surprised to find leaksanitizer not working on FreeBSD.
 

AlexanderProphet

Active Member

Reaction score: 33
Messages: 152

Just re-read your post a little more closely.
I have found valgrind to be very unreliable when it comes to printing backtraces. It almost seems random as to whether you get a list of function names or a list of virtual addresses in hexadecimal. I've never got it to work on FreeBSD, however I have Fedora 29 on my laptop and valgrind backtraces work fine there.
There is no technical reason why a debugger should need DWARF debug symbols in order to detect memory leaks. The usual way to patch malloc and friends is by using the "LD_PRELOAD trick" - forcing the program to load a shared object with alternative implementations of malloc etc. Not only does this not require debug symbols... It doesn't even require C code. You can do it from the shell prompt. (Interestingly, it's possible to cheat at some online games using LD_PRELOAD - for example by replacing a real random number generator with a customised one!) I imagine valgrind uses this trick.
Years ago I used valgrind to debug some programs written in x86-64 assembly so that further corroborates my speculation that debug symbols are not needed.
I think valgrind is just buggy. I've not found much use for it on FreeBSD.
Wish I could help more. Maybe someone else can point you in the right direction.
 
Top