Valgrind

From TracingWiki

Jump to: navigation, search

TracingBook : Emulation : Valgrind

Valgrind is a framework for creating dynamic analysis tools. It was released in late february 2002. It consists of a main core and a suite of tools for memory debugging, memory leak detection and cache profiling. It can be used on programs running on the Linux operating system for the x86, amd64 and ppc32 architectures.

Valgrind currently comes with six different tools.

  • Cachegrind is a cache simulator which computes the number of instructions executed per line of code in a program and determines the number of cache misses.
  • Callgrind adds some functionalities on top of cachegrind like annotating threads separately.
  • Helgrind is used to check for potential race conditions.
  • Lackey is a sample tool that helps create other tools.
  • Massif is a heap profiler that determines how much heap memory is allocated by a program.
  • Memcheck is a memory checker tool that is able to detect any access to an uninitialized or freed memory. It can also find memory leaks where pointers to allocated memory areas are lost, or where the amount of freed memory doesn't match with the allocated one.

In addition, a number of contributed tools extend the functionality of Valgrind:

  • The Chronicle Recorder generates a trace of all the memory and register modifications. With this information, debugging tools can retrieve the state of any variable at any point in the program execution.
  • Input and output operations can be recorded and analyzed with iogrind.
  • Kcachegrind provides a nice user interface front-end for the Valgrind tools Callgrind and Cachegrind, as well as for other tools such as Gprof and Oprofile.

The Valgrind core disassembles the client code into an intermediate representation (IR), passes the output to one of the tools for instrumentation, and finally converts the IR code back into machine code. The amount of added instrumentation depends greatly on the tool. For instance, Memcheck multiplies the program size by a factor of 12, and slows down the execution by a factor 25 to 50. It is worth mentioning that Valgrind profiles not only the program code but also all dynamically-linked libraries it uses. The core is incapable of tracing into the kernel; in order for the tools to know which registers and memory addresses were accessed, they can register a callback function to be called each time a system call occurs. If the program is compiled with the debugging information (-g option), Valgrind will be able to pinpoint relevant source code lines.

The output of Valgrind can be redirected to three different places. A file descriptor, (the default is stderr), a logfile or a network socket.

The Memcheck tool is Valgrind's most powerful tool. It uses shadow values to store information about every register and every byte of memory used by the program. One shadow byte per byte of live original memory is needed. These 8 shadow bits indicate if the 8 corresponding bits in the real live byte are defined. An additional shadow bit per memory byte is also saved; it indicates if the represented byte is addressable or not. Any operation that accesses memory should be instrumented in a way that keeps the shadow memory state up-to-date. Memcheck can detect any use of uninitialized memory, any read or write to a memory that was already freed, and memory leaks.

Programs executed under Valgrind usually run 25 to 50 times slower, and consume more memory than the regular program execution. Valgrind can also produce false positives if the code is optimized. Valgrind doesn't support 3DNow! instructions, and atomic instruction sequences are not preserved.

Retrieved from "http://lttng.org/tracingwiki/index.php/Valgrind"
Personal tools