Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does valgrind work?

Tags:

valgrind

Can someone provide a quick top level explanation of how Valgrind works? An example: how does it know when memory is allocated and freed?

like image 355
extraeee Avatar asked Nov 01 '09 02:11

extraeee


People also ask

What is valgrind and how do you use it?

Valgrind is a multipurpose code profiling and memory debugging tool for Linux when on the x86 and, as of version 3, AMD64, architectures. It allows you to run your program in Valgrind's own environment that monitors memory usage such as calls to malloc and free (or new and delete in C++).

Does valgrind detect memory leaks?

Valgrind Memcheck is a tool that detects memory leaks and memory errors. Some of the most difficult C bugs come from mismanagement of memory: allocating the wrong size, using an uninitialized pointer, accessing memory after it was freed, overrunning a buffer, and so on.

Why do we use valgrind?

valgrind is a tool for finding memory access errors to heap memory (memory that is dynamically allocated with new or malloc) in C and C++ programs. Memory access errors are the most difficult bugs to find and to fix.

How do I run valgrind?

Valgrind is installed on the department machines. To invoke it on an executable called a. out, you simply run the command valgrind ./a. out (with any arguments your program might need).


2 Answers

Valgrind basically runs your application in a "sandbox." While running in this sandbox, it is able to insert its own instructions to do advanced debugging and profiling.

From the manual:

Your program is then run on a synthetic CPU provided by the Valgrind core. As new code is executed for the first time, the core hands the code to the selected tool. The tool adds its own instrumentation code to this and hands the result back to the core, which coordinates the continued execution of this instrumented code.

So basically, valgrind provides a virtual processor that executes your application. However, before your application instructions are processed, they are passed to tools (such as memcheck). These tools are kind of like plugins, and they are able to modify your application before it is run on the processor.

The great thing about this approach is that you don't have to modify or relink your program at all to run it in valgrind. It does cause your program to run slower, however valgrind isn't meant to measure performance or run during normal execution of your application, so this isn't really an issue.

like image 162
jheddings Avatar answered Oct 04 '22 06:10

jheddings


Valgrind is a Dynamic Binary Analysis (DPA) tool that uses Dynamic Binary Instrumentation (DPI) framework to check memory allocation, to detect deadlocks and to profile the applications. DPI framework has its own low level memory manager, scheduler, thread handler and signal handler. Valgrind tool suite includes tool like

  1. Memcheck - tracks the memory allocation dynamically and reports memory leaks.
  2. Helgrind - detects and reports dead locks, potential data races and lock reversals.
  3. Cachegrind - simulates how the application interacts with system cache and provides information about cache misses.
  4. Nulgrind - a simple valgrind that never do any analysis. Used by developers for performance benchmark.
  5. Massif - a tool to analyse the heap memory usage of the application.

Valgrind tool uses disassemble and resynthesize mechanism where it loads the application into a process, disassembles the application code, add the instrumentation code for analysis, assembles it back and executes the application. It uses Just Intime Compiler (JIT) to embed the application with the instrumentation code.

             Valgrind Tool = Valgrind Core + Tool Plugin 

Valgrind Core disassembles the application code and passes the code fragment to tool plugin for instrumentation. The tool plugin adds the analysis code and assembles it back. Thus, Valgrind provides the flexibility to write our own tool on top of the Valgrind framework. Valgrind uses shadow registers and shadow memory to instrument read/write instructions, read/write system call, stack and heap allocations.

Valgrind provides wrappers around the system call and registers for pre and post callbacks for every system call to track the memory accessed as part of the system call. Thus, Valgrind is a OS abstraction layer between Linux Operating system and client application.

The diagram illustrates the 8 phases of Valgrind :

8 phases of Valgrind

like image 41
Ashok Vairavan Avatar answered Oct 04 '22 04:10

Ashok Vairavan