使用valgrind检测Android native程序的内存

使用valgrind检测Android native程序的内存

分类： Android系统架构2012-03-27
17:44 6087人阅读 评论(7) 收藏 举报
androidallocationleakdeletecommandsystem

下载http://valgrind.org/downloads/valgrind-3.7.0.tar.bz2，使用ndk toolchain，按照代码中的README.android编译Android版本的valgrind，push到/data分区，这里笔者push到了/data/local/valgrind/，同时把VALGRIND_LIB 环境变量设置为/data/local/valgrind/lib/valgrind

编写一个有很多内存错误的程序：

[cpp] view
plaincopy

main()

{

{

int x;

printf ("x = %d\n", x);

}

{

char* arr = malloc(10);

int* arr2 = malloc(sizeof(int));

write( 1 /* stdout */, arr, 10 );

}

{

char a[100];

memcpy(a, a + 20, 40);

}

{

char *q;

q = malloc(1024*1024);



q[1] = 1024;

}

{

char *p;

p = malloc(1024*1024);



p[0] = p[0];

p[1] = 1024;



free(p);

free(p);

}

}

使用valgrind运行之：

[cpp] view
plaincopy

/data/local/valgrind/bin/valgrind --leak-check=full --track-origins=yes /data/check

得到如下结果：

[cpp] view
plaincopy

==965== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.

==965== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info

==965== Command: /data/check

==965==

==965== Conditional jump or move depends on uninitialised value(s)

==965== at 0xAFD1AF6A: vfprintf (in /system/lib/libc.so)

==965== Uninitialised value was created by a stack allocation

==965== at 0x83D8: main (check.c:2)

==965==

==965== Conditional jump or move depends on uninitialised value(s)

==965== at 0xAFD1B3FA: vfprintf (in /system/lib/libc.so)

==965== Uninitialised value was created by a stack allocation

==965== at 0x83D8: main (check.c:2)

==965==

==965== Conditional jump or move depends on uninitialised value(s)

==965== at 0xAFD1B3FE: vfprintf (in /system/lib/libc.so)

==965== Uninitialised value was created by a stack allocation

==965== at 0x83D8: main (check.c:2)

==965==

==965== Conditional jump or move depends on uninitialised value(s)

==965== at 0xAFD1B478: vfprintf (in /system/lib/libc.so)

==965== Uninitialised value was created by a stack allocation

==965== at 0x83D8: main (check.c:2)

==965==

==965== Conditional jump or move depends on uninitialised value(s)

==965== at 0xAFD1B47E: vfprintf (in /system/lib/libc.so)

==965== Uninitialised value was created by a stack allocation

==965== at 0x83D8: main (check.c:2)

==965==

==965== Conditional jump or move depends on uninitialised value(s)

==965== at 0xAFD0FE00: __udivdi3 (in /system/lib/libc.so)

==965== Uninitialised value was created by a stack allocation

==965== at 0x83D8: main (check.c:2)

==965==

==965== Conditional jump or move depends on uninitialised value(s)

==965== at 0xAFD0D230: __udivsi3 (in /system/lib/libc.so)

==965== Uninitialised value was created by a stack allocation

==965== at 0x83D8: main (check.c:2)

==965==

==965== Conditional jump or move depends on uninitialised value(s)

==965== at 0xAFD0D294: __udivsi3 (in /system/lib/libc.so)

==965== Uninitialised value was created by a stack allocation

==965== at 0x83D8: main (check.c:2)

==965==

==965== Conditional jump or move depends on uninitialised value(s)

==965== at 0xAFD0FE5C: __udivdi3 (in /system/lib/libc.so)

==965== Uninitialised value was created by a stack allocation

==965== at 0x83D8: main (check.c:2)

==965==

==965== Conditional jump or move depends on uninitialised value(s)

==965== at 0xAFD0FEAC: __udivdi3 (in /system/lib/libc.so)

==965== Uninitialised value was created by a stack allocation

==965== at 0x83D8: main (check.c:2)

==965==

==965== Syscall param write(buf) points to uninitialised byte(s)

==965== at 0xAFD0B47C: write (in /system/lib/libc.so)

==965== Address 0x480a058 is 0 bytes inside a block of size 10 alloc'd

==965== at 0x80103318: malloc (vg_replace_malloc.c:263)

==965== by 0x83F7: main (check.c:8)

==965== Uninitialised value was created by a heap allocation

==965== at 0x80103318: malloc (vg_replace_malloc.c:263)

==965== by 0x83F7: main (check.c:8)

==965==

==965== Source and destination overlap in memcpy(0xbde6b908, 0xbde6b91c, 40)

==965== at 0x80106A64: memcpy (mc_replace_strmem.c:838)

==965== by 0x843B: main (check.c:14)

==965==

==965== Invalid free() / delete / delete[] / realloc()

==965== at 0x80102E1C: free (vg_replace_malloc.c:427)

==965== by 0x849B: main (check.c:30)

==965== Address 0x490a100 is 0 bytes inside a block of size 1,048,576 free'd

==965== at 0x80102E1C: free (vg_replace_malloc.c:427)

==965== by 0x8493: main (check.c:29)

==965==

==965==

==965== HEAP SUMMARY:

==965== in use at exit: 1,052,686 bytes in 4 blocks

==965== total heap usage: 5 allocs, 2 frees, 2,101,262 bytes allocated

==965==

==965== 4 bytes in 1 blocks are definitely lost in loss record 1 of 4

==965== at 0x80103318: malloc (vg_replace_malloc.c:263)

==965== by 0x8407: main (check.c:9)

==965==

==965== 10 bytes in 1 blocks are definitely lost in loss record 2 of 4

==965== at 0x80103318: malloc (vg_replace_malloc.c:263)

==965== by 0x83F7: main (check.c:8)

==965==

==965== 1,048,576 bytes in 1 blocks are definitely lost in loss record 4 of 4

==965== at 0x80103318: malloc (vg_replace_malloc.c:263)

==965== by 0x8443: main (check.c:18)

==965==

==965== LEAK SUMMARY:

==965== definitely lost: 1,048,590 bytes in 3 blocks

==965== indirectly lost: 0 bytes in 0 blocks

==965== possibly lost: 0 bytes in 0 blocks

==965== still reachable: 4,096 bytes in 1 blocks

==965== suppressed: 0 bytes in 0 blocks

==965== Reachable blocks (those to which a pointer was found) are not shown.

==965== To see them, rerun with: --leak-check=full --show-reachable=yes

==965==

==965== For counts of detected and suppressed errors, rerun with: -v

==965== ERROR SUMMARY: 275 errors from 16 contexts (suppressed: 0 from 0)

这些错误可以分为如下几类：

Illegal read / Illegal write errors
Use of uninitialised values
Use of uninitialised or unaddressable values in system calls
Illegal frees
When a heap block is freed with an inappropriate deallocation function
Overlapping source and destination blocks
Memory leak detection