下载http://valgrind.org/downloads/valgrind-3.7.0.tar.bz2,使用ndk toolchain,按照代码中的README.android编译Android版本的valgrind,push到/data分区,这里笔者push到了/data/local/valgrind/,同时把VALGRIND_LIB 环境变量设置为/data/local/valgrind/lib/valgrind
编写一个有很多内存错误的程序:
main()
{
{
int x;
printf ("x = %d\n", x);
}
{
char* arr = malloc(10);
int* arr2 = malloc(sizeof(int));
write( 1 /* stdout */, arr, 10 );
}
{
char a[100];
memcpy(a, a + 20, 40);
}
{
char *q;
q = malloc(1024*1024);
q[1] = 1024;
}
{
char *p;
p = malloc(1024*1024);
p[0] = p[0];
p[1] = 1024;
free(p);
free(p);
}
}
使用valgrind运行之:
/data/local/valgrind/bin/valgrind --leak-check=full --track-origins=yes /data/check
得到如下结果:
==965== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==965== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==965== Command: /data/check ==965== ==965== Conditional jump or move depends on uninitialised value(s) ==965== at 0xAFD1AF6A: vfprintf (in /system/lib/libc.so) ==965== Uninitialised value was created by a stack allocation ==965== at 0x83D8: main (check.c:2) ==965== ==965== Conditional jump or move depends on uninitialised value(s) ==965== at 0xAFD1B3FA: vfprintf (in /system/lib/libc.so) ==965== Uninitialised value was created by a stack allocation ==965== at 0x83D8: main (check.c:2) ==965== ==965== Conditional jump or move depends on uninitialised value(s) ==965== at 0xAFD1B3FE: vfprintf (in /system/lib/libc.so) ==965== Uninitialised value was created by a stack allocation ==965== at 0x83D8: main (check.c:2) ==965== ==965== Conditional jump or move depends on uninitialised value(s) ==965== at 0xAFD1B478: vfprintf (in /system/lib/libc.so) ==965== Uninitialised value was created by a stack allocation ==965== at 0x83D8: main (check.c:2) ==965== ==965== Conditional jump or move depends on uninitialised value(s) ==965== at 0xAFD1B47E: vfprintf (in /system/lib/libc.so) ==965== Uninitialised value was created by a stack allocation ==965== at 0x83D8: main (check.c:2) ==965== ==965== Conditional jump or move depends on uninitialised value(s) ==965== at 0xAFD0FE00: __udivdi3 (in /system/lib/libc.so) ==965== Uninitialised value was created by a stack allocation ==965== at 0x83D8: main (check.c:2) ==965== ==965== Conditional jump or move depends on uninitialised value(s) ==965== at 0xAFD0D230: __udivsi3 (in /system/lib/libc.so) ==965== Uninitialised value was created by a stack allocation ==965== at 0x83D8: main (check.c:2) ==965== ==965== Conditional jump or move depends on uninitialised value(s) ==965== at 0xAFD0D294: __udivsi3 (in /system/lib/libc.so) ==965== Uninitialised value was created by a stack allocation ==965== at 0x83D8: main (check.c:2) ==965== ==965== Conditional jump or move depends on uninitialised value(s) ==965== at 0xAFD0FE5C: __udivdi3 (in /system/lib/libc.so) ==965== Uninitialised value was created by a stack allocation ==965== at 0x83D8: main (check.c:2) ==965== ==965== Conditional jump or move depends on uninitialised value(s) ==965== at 0xAFD0FEAC: __udivdi3 (in /system/lib/libc.so) ==965== Uninitialised value was created by a stack allocation ==965== at 0x83D8: main (check.c:2) ==965== ==965== Syscall param write(buf) points to uninitialised byte(s) ==965== at 0xAFD0B47C: write (in /system/lib/libc.so) ==965== Address 0x480a058 is 0 bytes inside a block of size 10 alloc'd ==965== at 0x80103318: malloc (vg_replace_malloc.c:263) ==965== by 0x83F7: main (check.c:8) ==965== Uninitialised value was created by a heap allocation ==965== at 0x80103318: malloc (vg_replace_malloc.c:263) ==965== by 0x83F7: main (check.c:8) ==965== ==965== Source and destination overlap in memcpy(0xbde6b908, 0xbde6b91c, 40) ==965== at 0x80106A64: memcpy (mc_replace_strmem.c:838) ==965== by 0x843B: main (check.c:14) ==965== ==965== Invalid free() / delete / delete[] / realloc() ==965== at 0x80102E1C: free (vg_replace_malloc.c:427) ==965== by 0x849B: main (check.c:30) ==965== Address 0x490a100 is 0 bytes inside a block of size 1,048,576 free'd ==965== at 0x80102E1C: free (vg_replace_malloc.c:427) ==965== by 0x8493: main (check.c:29) ==965== ==965== ==965== HEAP SUMMARY: ==965== in use at exit: 1,052,686 bytes in 4 blocks ==965== total heap usage: 5 allocs, 2 frees, 2,101,262 bytes allocated ==965== ==965== 4 bytes in 1 blocks are definitely lost in loss record 1 of 4 ==965== at 0x80103318: malloc (vg_replace_malloc.c:263) ==965== by 0x8407: main (check.c:9) ==965== ==965== 10 bytes in 1 blocks are definitely lost in loss record 2 of 4 ==965== at 0x80103318: malloc (vg_replace_malloc.c:263) ==965== by 0x83F7: main (check.c:8) ==965== ==965== 1,048,576 bytes in 1 blocks are definitely lost in loss record 4 of 4 ==965== at 0x80103318: malloc (vg_replace_malloc.c:263) ==965== by 0x8443: main (check.c:18) ==965== ==965== LEAK SUMMARY: ==965== definitely lost: 1,048,590 bytes in 3 blocks ==965== indirectly lost: 0 bytes in 0 blocks ==965== possibly lost: 0 bytes in 0 blocks ==965== still reachable: 4,096 bytes in 1 blocks ==965== suppressed: 0 bytes in 0 blocks ==965== Reachable blocks (those to which a pointer was found) are not shown. ==965== To see them, rerun with: --leak-check=full --show-reachable=yes ==965== ==965== For counts of detected and suppressed errors, rerun with: -v ==965== ERROR SUMMARY: 275 errors from 16 contexts (suppressed: 0 from 0)
这些错误可以分为如下几类:
- Illegal read / Illegal write errors
- Use of uninitialised values
- Use of uninitialised or unaddressable values in system calls
- Illegal frees
- When a heap block is freed with an inappropriate deallocation function
- Overlapping source and destination blocks
- Memory leak detection