Valgrind 介绍

Valgrind是用于调试和分析Linux程序的系统。凭借其工具套件,可以自动检测许多内存管理和线程错误,避免令人沮丧的bug狩猎的时间,使你的程序更加稳定。您还可以进行详细的分析,以帮助加快您的程序和使用Valgrind的建设新的工具。

该Valgrind的分布目前包括六个生产质量的工具:

它还包括三个实验工具:

Valgrind 主页
Valgrind 源代码版本库

包含在Valgrind里的工具

callgrind_annotate - 由Callgrind的后置处理工具

root@kali:~# callgrind_annotate -h
usage: callgrind_annotate [options] [callgrind-out-file [source-files...]]

  options for the user, with defaults in [ ], are:
    -h --help             show this message
    --version             show version
    --show=A,B,C          only show figures for events A,B,C [all]
    --sort=A,B,C          sort columns by events A,B,C [event column order]
    --threshold=<0--100>  percentage of counts (of primary sort event) we
                          are interested in [99%]
    --auto=yes|no         annotate all source files containing functions
                          that helped reach the event count threshold [no]
    --context=N           print N lines of context before and after
                          annotated lines [8]
    --inclusive=yes|no    add subroutine costs to functions calls [no]
    --tree=none|caller|   print for each function their callers,
           calling|both   the called functions or both [none]
    -I --include=<dir>    add <dir> to list of directories to search for
                          source files

callgrind_control - 由Callgrind观察和控制的运行程序

root@kali:~# callgrind_control -h
Observe the status and control currently active callgrind runs.
(C) 2003-2011, Josef Weidendorfer ()

Usage: callgrind_control [options] [pid|program-name...]

If no pids/names are given, an action is applied to all currently
active Callgrind runs. Default action is printing short information.

Options:
  -h --help         Show this help text
  --version         Show version
  -s --stat         Show statistics
  -b --back         Show stack/back trace
  -e [<A>,...]      Show event counters for <A>,... (default: all)
  --dump[=<s>]      Request a dump optionally using <s> as description
  -z --zero         Zero all event counters
  -k --kill         Kill
  -i --instr=on|off Switch instrumentation state on/off

cg_annotate - 由Callgrind的后置处理工具

root@kali:~# cg_annotate -h
usage: cg_annotate [options] cachegrind-out-file [source-files...]

  options for the user, with defaults in [ ], are:
    -h --help             show this message
    --version             show version
    --show=A,B,C          only show figures for events A,B,C [all]
    --sort=A,B,C          sort columns by events A,B,C [event column order]
    --threshold=<0--20>   a function is shown if it accounts for more than x% of
                          the counts of the primary sort event [0.1]
    --auto=yes|no         annotate all source files containing functions
                          that helped reach the event count threshold [no]
    --context=N           print N lines of context before and after
                          annotated lines [8]
    -I<d> --include=<d>   add <d> to list of directories to search for
                          source files

  cg_annotate is Copyright (C) 2002-2007 Nicholas Nethercote.
  and licensed under the GNU General Public License, version 2.
  Bug reports, feedback, admiration, abuse, etc, to: njn@valgrind.org.

cg_diff – 比较两个cachegrind的文件

root@kali:~# cg_diff -h
usage: cg_diff [options] <cachegrind-out-file1> <cachegrind-out-file2>

  options for the user, with defaults in [ ], are:
    -h --help             show this message
    -v --version          show version
    --mod-filename=<expr> a Perl search-and-replace expression that is applied
                          to filenames, eg. --mod-filename='s/prog[0-9]/projN/'
    --mod-funcname=<expr> like --mod-filename, but applied to function names

  cg_diff is Copyright (C) 2010-2010 Nicholas Nethercote.
  and licensed under the GNU General Public License, version 2.
  Bug reports, feedback, admiration, abuse, etc, to: njn@valgrind.org.

cg_merge – 合并多个cachegrind文件成一个

root@kali:~# cg_merge
cg_merge: Merges multiple cachegrind output files into one
cg_merge: usage: cg_merge [-o outfile] [files-to-merge]

ms_print - 堆后处理工具

root@kali:~# ms_print -h
usage: ms_print [options] massif-out-file

options for the user, with defaults in [ ], are:
-h --help show this message
--version show version
--threshold=<m.n> significance threshold, in percent [1]
--x=<4..1000> graph width, in columns [72]
--y=<4..1000> graph height, in rows [20]

ms_print is Copyright (C) 2007-2007 Nicholas Nethercote.
and licensed under the GNU General Public License, version 2.
Bug reports, feedback, admiration, abuse, etc, to: njn@valgrind.org.

Valgrind - 调试和分析工具套件

root@kali:~# valgrind -h
usage: valgrind [options] prog-and-args

  tool-selection option, with default in [ ]:
    --tool=<name>             use the Valgrind tool named <name> [memcheck]

  basic user options for all Valgrind tools, with defaults in [ ]:
    -h --help                 show this message
    --help-debug              show this message, plus debugging options
    --version                 show version
    -q --quiet                run silently; only print error msgs
    -v --verbose              be more verbose -- show misc extra info
    --trace-children=no|yes   Valgrind-ise child processes (follow execve)? [no]
    --trace-children-skip=patt1,patt2,...    specifies a list of executables
                              that --trace-children=yes should not trace into
    --trace-children-skip-by-arg=patt1,patt2,...   same as --trace-children-skip=
                              but check the argv[] entries for children, rather
                              than the exe name, to make a follow/no-follow decision
    --child-silent-after-fork=no|yes omit child output between fork & exec? [no]
    --vgdb=no|yes|full        activate gdbserver? [yes]
                              full is slower but provides precise watchpoint/step
    --vgdb-error=<number>     invoke gdbserver after <number> errors [999999999]
                              to get started quickly, use --vgdb-error=0
                              and follow the on-screen directions
    --track-fds=no|yes        track open file descriptors? [no]
    --time-stamp=no|yes       add timestamps to log messages? [no]
    --log-fd=<number>         log messages to file descriptor [2=stderr]
    --log-file=<file>         log messages to <file>
    --log-socket=ipaddr:port  log messages to socket ipaddr:port

  user options for Valgrind tools that report errors:
    --xml=yes                 emit error output in XML (some tools only)
    --xml-fd=<number>         XML output to file descriptor
    --xml-file=<file>         XML output to <file>
    --xml-socket=ipaddr:port  XML output to socket ipaddr:port
    --xml-user-comment=STR    copy STR verbatim into XML output
    --demangle=no|yes         automatically demangle C++ names? [yes]
    --num-callers=<number>    show <number> callers in stack traces [12]
    --error-limit=no|yes      stop showing new errors if too many? [yes]
    --error-exitcode=<number> exit code to return if errors found [0=disable]
    --show-below-main=no|yes  continue stack traces below main() [no]
    --suppressions=<filename> suppress errors described in <filename>
    --gen-suppressions=no|yes|all    print suppressions for errors? [no]
    --db-attach=no|yes        start debugger when errors detected? [no]
    --db-command=<command>    command to start debugger [/usr/bin/gdb -nw %f %p]
    --input-fd=<number>       file descriptor for input [0=stdin]
    --dsymutil=no|yes         run dsymutil on Mac OS X when helpful? [no]
    --max-stackframe=<number> assume stack switch for SP changes larger
                              than <number> bytes [2000000]
    --main-stacksize=<number> set size of main thread's stack (in bytes)
                              [use current 'ulimit' value]

  user options for Valgrind tools that replace malloc:
    --alignment=<number>      set minimum alignment of heap allocations [8]
    --redzone-size=<number>   set minimum size of redzones added before/after
                              heap blocks (in bytes). [16]

  uncommon user options for all Valgrind tools:
    --fullpath-after=         (with nothing after the '=')
                              show full source paths in call stacks
    --fullpath-after=string   like --fullpath-after=, but only show the
                              part of the path after 'string'.  Allows removal
                              of path prefixes.  Use this flag multiple times
                              to specify a set of prefixes to remove.
    --smc-check=none|stack|all|all-non-file [stack]
                              checks for self-modifying code: none, only for
                              code found in stacks, for all code, or for all
                              code except that from file-backed mappings
    --read-var-info=yes|no    read debug info on stack and global variables
                              and use it to print better error messages in
                              tools that make use of it (Memcheck, Helgrind,
                              DRD) [no]
    --vgdb-poll=<number>      gdbserver poll max every <number> basic blocks [5000]
    --vgdb-shadow-registers=no|yes   let gdb see the shadow registers [no]
    --vgdb-prefix=<prefix>    prefix for vgdb FIFOs [/tmp/vgdb-pipe]
    --run-libc-freeres=no|yes free up glibc memory at exit on Linux? [yes]
    --sim-hints=hint1,hint2,...  known hints:
                                 lax-ioctls, enable-outer, fuse-compatible [none]
    --fair-sched=no|yes|try   schedule threads fairly on multicore systems [no]
    --kernel-variant=variant1,variant2,...  known variants: bproc [none]
                              handle non-standard kernel variants
    --show-emwarns=no|yes     show warnings about emulation limits? [no]
    --require-text-symbol=:sonamepattern:symbolpattern    abort run if the
                              stated shared object doesn't have the stated
                              text symbol.  Patterns can contain ? and *.
    --soname-synonyms=syn1=pattern1,syn2=pattern2,... synonym soname
              specify patterns for function wrapping or replacement.
              To use a non-libc malloc library that is
                  in the main exe:  --soname-synonyms=somalloc=NONE
                  in libxyzzy.so:   --soname-synonyms=somalloc=libxyzzy.so

  user options for Memcheck:
    --leak-check=no|summary|full     search for memory leaks at exit?  [summary]
    --leak-resolution=low|med|high   differentiation of leak stack traces [high]
    --show-reachable=no|yes          show reachable blocks in leak check? [no]
    --show-possibly-lost=no|yes      show possibly lost blocks in leak check?
                                     [yes]
    --undef-value-errors=no|yes      check for undefined value errors [yes]
    --track-origins=no|yes           show origins of undefined values? [no]
    --partial-loads-ok=no|yes        too hard to explain here; see manual [no]
    --freelist-vol=<number>          volume of freed blocks queue      [20000000]
    --freelist-big-blocks=<number>   releases first blocks with size >= [1000000]
    --workaround-gcc296-bugs=no|yes  self explanatory [no]
    --ignore-ranges=0xPP-0xQQ[,0xRR-0xSS]   assume given addresses are OK
    --malloc-fill=<hexnumber>        fill malloc'd areas with given value
    --free-fill=<hexnumber>          fill free'd areas with given value

  Extra options read from ~/.valgrindrc, $VALGRIND_OPTS, ./.valgrindrc

  Memcheck is Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
  Valgrind is Copyright (C) 2000-2012, and GNU GPL'd, by Julian Seward et al.
  LibVEX is Copyright (C) 2004-2012, and GNU GPL'd, by OpenWorks LLP et al.

  Bug reports, feedback, admiration, abuse, etc, to: www.valgrind.org.

valgrind-listener - 用于Valgrind的日志重定向到一个简单的监听程序

root@kali:~# valgrind-listener -h

usage is:

   valgrind-listener [--exit-at-zero|-e] [port-number]

   where   --exit-at-zero or -e causes the listener to exit
           when the number of connections falls back to zero
           (the default is to keep listening forever)

           port-number is the default port on which to listen for
           connections.  It must be between 1024 and 65535.
           Current default is 1500.

vgdb - 发送监控命令到Valgrind的gdbserver

root@kali:~# vgdb -h
Usage: vgdb [OPTION]... [[-c] COMMAND]...
vgdb (valgrind gdb) has two usages
  1. standalone to send monitor commands to a Valgrind gdbserver.
     The OPTION(s) must be followed by the command to send
     To send more than one command, separate the commands with -c
  2. relay application between gdb and a Valgrind gdbserver.
     Only OPTION(s) can be given.

 OPTIONS are [--pid=<number>] [--vgdb-prefix=<prefix>]
             [--wait=<number>] [--max-invoke-ms=<number>]
             [--port=<portnr>
             [--cmd-time-out=<number>] [-l] [-D] [-d]

  --pid arg must be given if multiple Valgrind gdbservers are found.
  --vgdb-prefix arg must be given to both Valgrind and vgdb utility
      if you want to change the default prefix for the FIFOs communication
      between the Valgrind gdbserver and vgdb.
  --wait (default 0) tells vgdb to check during the specified number
      of seconds if a Valgrind gdbserver can be found.
  --max-invoke-ms (default 100) gives the nr of milli-seconds after which vgdb
      will force the invocation of the Valgrind gdbserver (if the Valgrind
         process is blocked in a system call).
  --port instructs vgdb to listen for gdb on the specified port nr.
  --cmd-time-out (default 99999999) tells vgdb to exit if the found Valgrind
     gdbserver has not processed a command after number seconds
  -l  arg tells to show the list of running Valgrind gdbserver and then exit.
  -D  arg tells to show shared mem status and then exit.
  -d  arg tells to show debug info. Multiple -d args for more debug info

  -h --help shows this message
  To get help from the Valgrind gdbserver, use vgdb help

Valgrind 用法示例

root@kali:~# coming soon