Variants and Patches
Several other Valgrind tools have been created. Some of these
can plug directly into an existing Valgrind installation, but
some require downloading a whole Valgrind distribution which
contains a specially modified core. Please note that some of
these are experimental, and may not work 100%.
Back
Nick Nethercote's Tools
- Bounds Checker:
valgrind-annelid (tar.bz2) [722Kb] - Jan 31 2005
-
A version of the Valgrind distribution containing an extra
tool, Annelid, that detects some kinds of pointer
misuse. Valgrind's default tool, Memcheck, can find a lot of
memory errors. In particular, it can find small
overruns/underruns of heap blocks thanks to the redzones with
which it pads heap blocks. But if you overrun by a larger amount,
your access may unluckily fall into a different heap block, which
Memcheck can't detect. It also can't detect static or stack
variable overruns.
Annelid is a tool designed to detect these cases. It tracks
the bounds of every heap block, and pointers to heap blocks are
associated with a particular block. If a pointer is used to
access memory outside of its assigned block, a warning is
given. Like Memcheck, it also warns if a freed heap block is
accessed, but it can detect long-delayed accesses to freed blocks
that Memcheck can't. Also, because Annelid tracks pointers, it
can also find some type errors, such as if you add or multiply
two heap pointers.
I hope to eventually take advantage of debug information to
extend the bounds-checking to static arrays and structs, stack
frames, and possibly stack-allocated arrays and structs. This
would increase the range of errors that Annelid can detect that
Memcheck cannot.
Thanks to Jeremy Fitzhardinge for the original idea and
advice.
- Signal Handler Checker:
valgrind-crocus (tar.bz2) [673Kb] - Jan 31 2005
-
A version of the Valgrind distribution containing an extra
tool, Crocus, that searches for problems in signal
handlers. Because signal handlers can be called at any time, they
shouldn't call any functions that are non-reentrant,
ie. functions that will screw up if they are interrupted by
another call to themselves, usually because some shared or global
data structure could be corrupted or overwritten. Many functions
are non-reentrant, including lots of common ones like
printf() (most standard I/O functions, in fact) and
malloc() . You also aren't supposed to call any
pthread functions from signal handlers, as this can cause
deadlock.
Lots of programs don't get this right; Vim, for example --
look here at all
the non-reentrant functions it calls when you send it a
USR1 signal. Naughty naughty. This kind of problem
can persist for a long time because most programs don't receive
many signals. Some programs, such as daemons, do receive many
signals so this sort of thing is more critical.
Crocus identifies when a program's signal handler calls one of
a number of common non-reentrant functions. It also identifies
when a signal handler doesn't preserve errno as it
should. To run this tool, use the --tool=crocus
option. It's a little bit experimental, but has been tested
reasonably well.
Thanks to Steve Grubb for the original idea and testing it on
a variety of programs.
- Data Flow Tracer:
valgrind-redux (tar.bz2) [836Kb] - Jan 31 2005
-
This (quite old) Valgrind distribution includes the data flow
tracing tool, Redux. Redux is in a very prototypical state,
ie. it crashes frequently. I've heard that using static linking
can help avoid some of the crashes.
I make this code available because a number of people have
asked for it. It is not good quality code, and please don't ask
me for help with it. But it may be instructive if you want to
build a Valgrind tool that does something similar.
- Interactive Mode:
valgrind-interactive (tar.bz2) [640Kb] - Jan 31 2005
-
A version of the distribution that adds support for a GDB-like
debugging interface that lets you set breakpoints, inspect
values, and so on. Run with the --interactive=yes
option at startup. Note that it's quite experimental.
|