Home > Article > System Tutorial > A powerful tool for troubleshooting memory problems under Linux
A powerful tool for troubleshooting memory problems under Linux
- 王林forward
- 2024-02-12 22:20:141022browse
1. Memory leak
Memory Leak means that the dynamically allocated heap memory in the program is not released or cannot be released by the program for some reason, resulting in a waste of system memory, leading to serious consequences such as slowed down program running or even system crash.
Features
- Concealment Because the memory leak occurs because the memory block is not released, it is an omission defect rather than a fault defect
- Cumulative memory leaks usually do not directly produce observable error symptoms, but gradually accumulate, reducing the overall performance of the system, and in extreme cases may cause the system to crash. The most intuitive question is why our program starts running normally and then exits abnormally after a while.
Memory leaks do not mean the physical disappearance of memory, but that after the application allocates a certain segment of memory, due to usage errors, the control of the segment of memory is lost before the segment of memory is released, resulting in The memory is not released and is wasted.
Causes
“
When we use dynamic storage variables during program development, we inevitably face memory management problems. The storage space dynamically allocated in the program needs to be released after the program is executed. Memory leaks caused by not releasing dynamically allocated storage space are the main problems of using dynamic storage variables. Under normal circumstances, developers will often use the basic memory management functions provided by the system, such as
malloc, realloc, calloc, free, etc., to complete the allocation and release of dynamic storage variable storage space. However, when developing programs that use a lot of dynamic storage variables and frequently use function calls, memory management errors often occur.”
2. How to troubleshoot memory leaks
“
We will inevitably encounter memory leaks during our daily development process. This is a common problem. Since a memory leak has occurred, we need to troubleshoot the memory leak problem. I believe that everyone often uses the following tools to troubleshoot memory problems, as follows:
”
- memwatch
- mtrace
- dmalloc
- ccmalloc
- valgrind
- debug_new
“
Today, Mu Rong is not introducing the above troubleshooting tool, but introducing another memory leak troubleshooting tool: AddressSanitizer (ASan). It supports Linux, OS, Android and other platforms. It can not only detect memory leaks, it is a memory error detection tool that can detect many common memory problems.
”
Common memory problem detection:
- Memory leak
- Cross-border access
- Freed memory used
3. AddressSanitizer(ASan) tool
“
Address Sanitizer(ASan) is a fast memory error detection tool. It's very fast, only slowing down the program by about twice (much faster than Valgrind). It includes a compiler instrumentation module and a runtime library that provides malloc()/free() alternatives. Starting with gcc 4.8, AddressSanitizer becomes part of gcc. Of course, to get a better experience, it is best to use version 4.9 and above, because the AddressSanitizer of gcc 4.8 is not perfect yet, and the biggest disadvantage is that there is no symbol information.
”
Instructions:
- Compile and link your program with the -fsanitize=address option.
- Compile with -fno-omit-frame-pointer to get a more understandable stack trace.
- You can choose -O1 or higher optimization level to compile
gcc -fsanitize=address -o main -g main.c
Memory leak
#include
void Fun()
{
char *pM = malloc(10);
}
int main(int argc, char *argv[])
{
Fun();
return 0;
}
Compile output
Memory out of bounds
- Stack memory out of bounds
#include
#include
void Fun()
{
char *pM = malloc(10);
}
int main(int argc, char *argv[])
{
//Fun();
int *array = malloc(10*sizeof(int));
if(array)
{
memset(array, 0, 10*sizeof(int));
}
int res = array[10];
free(array);
return 0;
}
Run output
ubuntu@ubuntu:~/workspace_ex/Linux/ASan$ gcc -fsanitize=address -o main -g main.c ubuntu@ubuntu:~/workspace_ex/Linux/ASan$ ls main main.c ubuntu@ubuntu:~/workspace_ex/Linux/ASan$ ./main ================================================================= ==3234==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400000dff8 at pc 0x000000400854 bp 0x7ffccc9253d0 sp 0x7ffccc9253c0 READ of size 4 at 0x60400000dff8 thread T0 #0 0x400853 in main /home/ubuntu/workspace_ex/Linux/ASan/main.c:16 #1 0x7fafc87a883f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) #2 0x4006f8 in _start (/home/ubuntu/workspace_ex/Linux/ASan/main+0x4006f8) 0x60400000dff8 is located 0 bytes to the right of 40-byte region [0x60400000dfd0,0x60400000dff8) allocated by thread T0 here: #0 0x7fafc8bea602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x4007f7 in main /home/ubuntu/workspace_ex/Linux/ASan/main.c:11 #2 0x7fafc87a883f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/ubuntu/workspace_ex/Linux/ASan/main.c:16 main Shadow bytes around the buggy address: 0x0c087fff9ba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9bb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9bc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c087fff9bf0: fa fa fa fa fa fa fa fa fa fa 00 00 00 00 00[fa] 0x0c087fff9c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==3234==ABORTING
- Global memory out of bounds
#include
#include
int g_nArray[10] = {0};
void Fun()
{
char *pM = malloc(10);
}
int main(int argc, char *argv[])
{
//Fun();
/*
int *array = malloc(10*sizeof(int));
if(array)
{
memset(array, 0, 10*sizeof(int));
}
int res = array[10];
free(array);
*/
int nIndex = g_nArray[10];
return 0;
}
Run output
ubuntu@ubuntu:~/workspace_ex/Linux/ASan$ gcc -fsanitize=address -o main -g main.c ubuntu@ubuntu:~/workspace_ex/Linux/ASan$ ls main main.c ubuntu@ubuntu:~/workspace_ex/Linux/ASan$ ./main ================================================================= ==4196==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000601128 at pc 0x00000040083e bp 0x7ffc8a332540 sp 0x7ffc8a332530 READ of size 4 at 0x000000601128 thread T0 #0 0x40083d in main /home/ubuntu/workspace_ex/Linux/ASan/main.c:26 #1 0x7fda216a583f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) #2 0x400718 in _start (/home/ubuntu/workspace_ex/Linux/ASan/main+0x400718) 0x000000601128 is located 0 bytes to the right of global variable 'g_nArray' defined in 'main.c:4:5' (0x601100) of size 40 SUMMARY: AddressSanitizer: global-buffer-overflow /home/ubuntu/workspace_ex/Linux/ASan/main.c:26 main Shadow bytes around the buggy address: 0x0000800b81d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800b81e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800b81f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800b8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800b8210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0000800b8220: 00 00 00 00 00[f9]f9 f9 f9 f9 f9 f9 00 00 00 00 0x0000800b8230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800b8240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800b8250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800b8260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800b8270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==4196==ABORTING ubuntu@ubuntu:~/workspace_ex/Linux/ASan$
Use freed memory
#include
#include
#include
int g_nArray[10] = {0};
int *p;
void Fun()
{
char *pM = malloc(10);
}
void Fun1()
{
int nVar = 0;
p = &nVar;
}
int main(int argc, char *argv[])
{
//Fun();
int *array = malloc(10*sizeof(int));
if(array)
{
memset(array, 0, 10*sizeof(int));
}
int res = array[10];
free(array);
array[0] = 1;
return 0;
}
Run output
ubuntu@ubuntu:~/workspace_ex/Linux/ASan$ gcc -fsanitize=address -o main -g main.c ubuntu@ubuntu:~/workspace_ex/Linux/ASan$ ./main ================================================================= ==4954==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400000dff8 at pc 0x000000400b68 bp 0x7ffefbe3b170 sp 0x7ffefbe3b160 READ of size 4 at 0x60400000dff8 thread T0 #0 0x400b67 in main /home/ubuntu/workspace_ex/Linux/ASan/main.c:28 #1 0x7f1bbb78983f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) #2 0x400928 in _start (/home/ubuntu/workspace_ex/Linux/ASan/main+0x400928) 0x60400000dff8 is located 0 bytes to the right of 40-byte region [0x60400000dfd0,0x60400000dff8) allocated by thread T0 here: #0 0x7f1bbbbcb602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x400b0b in main /home/ubuntu/workspace_ex/Linux/ASan/main.c:23 #2 0x7f1bbb78983f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/ubuntu/workspace_ex/Linux/ASan/main.c:28 main Shadow bytes around the buggy address: 0x0c087fff9ba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9bb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9bc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c087fff9bf0: fa fa fa fa fa fa fa fa fa fa 00 00 00 00 00[fa] 0x0c087fff9c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c087fff9c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==4954==ABORTING ubuntu@ubuntu:~/workspace_ex/Linux/ASan$
AddressSanitizer能检测的错误类型
| 错误类型 | 错误描述 |
|---|---|
| (heap) Use after free | 访问堆上已被释放的内存 |
| Heap buffer overflow | 堆上缓冲区访问溢出 |
| Stack buffer overflow | 栈上缓冲区访问溢出 |
| Global buffer overflow | 全局缓冲区访问溢出 |
| Use after return | 访问栈上已被释放的内存 |
| Use after scope | 栈对象使用超过定义范围 |
| Initialization order bugs | 初始化命令错误 |
| Memory leaks | 内存泄漏 |
- For more details, please visit the official website
For details, please see Google’s official documentation: https://github.com/google/sanitizers/wiki/AddressSanitizer
Conclusion
“
ASan is a very good tool for detecting memory problems. It does not require configuring the environment and is easy to use. When compiling, you only need -fsanitize=address -g. When running the program, you can choose to add the corresponding ASAN_OPTIONS environment variable to detect There are a lot of memory problems. If something is unclear, you can check the official instructions. Welcome to exchange and learn.
”
The above is the detailed content of A powerful tool for troubleshooting memory problems under Linux. For more information, please follow other related articles on the PHP Chinese website!