Memory Analysis tools

Similar documents
Use Dynamic Analysis Tools on Linux

Memory Allocation in C C Programming and Software Tools. N.C. State Department of Computer Science

Debugging (Part 2) 1

CSCI-1200 Data Structures Spring 2016 Lecture 6 Pointers & Dynamic Memory

TI2725-C, C programming lab, course

DEBUGGING: DYNAMIC PROGRAM ANALYSIS

Intermediate Programming, Spring 2017*

Key C Topics: Tutorial Pointers, Dynamic Memory allocation, Valgrind and Makefile CS370

CSCI-1200 Data Structures Fall 2015 Lecture 6 Pointers & Dynamic Memory

Princeton University Computer Science 217: Introduction to Programming Systems. Data Structures

CSE 333 Midterm Exam Sample Solution 7/28/14

Pointers and Memory Management

The assignment requires solving a matrix access problem using only pointers to access the array elements, and introduces the use of struct data types.

Both parts center on the concept of a "mesa", and make use of the following data type:

Praktische Aspekte der Informatik

ICHEC. Using Valgrind. Using Valgrind :: detecting memory errors. Introduction. Program Compilation TECHNICAL REPORT

Scientific Programming in C IX. Debugging

CSCI-1200 Data Structures Spring 2013 Lecture 7 Templated Classes & Vector Implementation

Announcements. assign0 due tonight. Labs start this week. No late submissions. Very helpful for assign1

valgrind overview: runtime memory checker and a bit more What can we do with it?

CSE 374 Final Exam 3/15/17. Name UW ID#

Projet 0 - Correc,on. Structures de données et algorithmes

The Valgrind Memory Checker. (i.e., Your best friend.)

CSCI-243 Exam 1 Review February 22, 2015 Presented by the RIT Computer Science Community

CSE 374 Final Exam 3/15/17 Sample Solution. Question 1. (8 points) Suppose we have the following two statements in a C program:

The Valgrind Memory Checker. (i.e., Your best friend.)

CMSC 341 Lecture 2 Dynamic Memory and Pointers

CSE 160 Discussion Section. Winter 2017 Week 3

Class Information ANNOUCEMENTS

CptS 360 (System Programming) Unit 4: Debugging

Lecture 07 Debugging Programs with GDB

Programming in C. Lecture 9: Tooling. Dr Neel Krishnaswami. Michaelmas Term

Data and File Structures Laboratory

ch = argv[i][++j]; /* why does ++j but j++ does not? */

A Capacity: 10 Usage: 4 Data:

Introducing the PurifyPlus Family: PurifyPlus for Windows PurifyPlus for UNIX PurifyPlus for Linux PurifyPlus RealTime

CSci 4061 Introduction to Operating Systems. Programs in C/Unix

Last week. Data on the stack is allocated automatically when we do a function call, and removed when we return

CS61, Fall 2012 Section 2 Notes

System Assertions. Andreas Zeller

Memory Corruption 101 From Primitives to Exploit

Recitation: Cache Lab & C

Lecture 14 Notes. Brent Edmunds

C++ development tools for Linux

CS 261 Fall C Introduction. Variables, Memory Model, Pointers, and Debugging. Mike Lam, Professor

CS 314 Principles of Programming Languages. Lecture 11

Enhanced Memory debugging of MPI-parallel Applications in Open MPI

Recitation: C Review. TA s 20 Feb 2017

CS2141 Software Development using C/C++ Debugging

A Novel Approach to Explain the Detection of Memory Errors and Execution on Different Application Using Dr Memory.

An example Request R1 for 100 bytes Request R2 for 1 byte Memory from R1 is freed Request R3 for 50 bytes What if R3 was a request for 101 bytes?

Quiz 0 Review Session. October 13th, 2014

Pointer Accesses to Memory and Bitwise Manipulation

Lecture 8 Dynamic Memory Allocation

6.S096: Introduction to C/C++

C Introduction. Comparison w/ Java, Memory Model, and Pointers

Creating a String Data Type in C

CS 31: Intro to Systems Pointers and Memory. Kevin Webb Swarthmore College October 2, 2018

CSC 1600 Memory Layout for Unix Processes"

Agenda. Peer Instruction Question 1. Peer Instruction Answer 1. Peer Instruction Question 2 6/22/2011

Memory Management. CS449 Fall 2017

CS 61C: Great Ideas in Computer Architecture C Memory Management, Usage Models

C PROGRAMMING Lecture 5. 1st semester

High-performance computing and programming Intro to C on Unix/Linux. Uppsala universitet

Deep C (and C++) by Olve Maudal

CS 61C: Great Ideas in Computer Architecture. Memory Management and Usage

12. Debugging. Overview. COMP1917: Computing 1. Developing Programs. The Programming Cycle. Programming cycle. Do-it-yourself debugging

18-642: Code Style for Compilers

unsigned char memory[] STACK ¼ 0x xC of address space globals function KERNEL code local variables

Memory Management. CSC215 Lecture

CSE 333 Final Exam December 13, 2017 Sample Solution

Lecture 4 September Required reading materials for this class

Memory Allocation. General Questions

Valgrind. Philip Blakely. Laboratory for Scientific Computing, University of Cambridge. Philip Blakely (LSC) Valgrind 1 / 21

CSC C69: OPERATING SYSTEMS

Debugging. Marcelo Ponce SciNet HPC Consortium University of Toronto. July 15, /41 Ontario HPC Summerschool 2016 Central Edition: Toronto

Lecture 19 Notes Data Structures in C

logistics: ROP assignment

CS 241 Data Organization Binary Trees

o Code, executable, and process o Main memory vs. virtual memory

Scientific Programming in C IV. Pointers

INITIALISING POINTER VARIABLES; DYNAMIC VARIABLES; OPERATIONS ON POINTERS

Rational PurifyPlus Rational Purify Rational PureCoverage Rational Quantify

Dynamic Memory CMSC 104 Spring 2014, Section 02, Lecture 24 Jason Tang

System Assertions. Your Submissions. Oral Exams FEBRUARY FEBRUARY FEBRUARY

Deep C by Olve Maudal

CSE 303 Midterm Exam

An Introduction to Runtime Analysis with Rational PurifyPlus

C Tutorial. Pointers, Dynamic Memory allocation, Valgrind, Makefile - Abhishek Yeluri and Yashwant Reddy Virupaksha

Agenda. Pointer Arithmetic. Pointer Arithmetic pointer + number, pointer number 6/23/2011. Pointer Arithmetic: Peer Instruction Question

CSE 333 Midterm Exam 5/10/13

CS C Primer. Tyler Szepesi. January 16, 2013

Memory (Stack and Heap)

Fastbin_dup into stack exploitation

Week 5, continued. This is CS50. Harvard University. Fall Cheng Gong

18-600: Recitation #3

Dr. Memory MEMORY DEBUGGER FOR WINDOWS AND LINUX WGM #47 GUSTAVO ROVELO MARCH 1 ST, 2012

Limitations of the stack

Hacking in C. Pointers. Radboud University, Nijmegen, The Netherlands. Spring 2019

Lecture 20 C s Memory Model

Transcription:

Memory Analysis tools

PURIFY The Necessity TOOL Application behaviour: Crashes intermittently Uses too much memory Runs too slowly Isn t well tested Is about to ship You need something See what your code is really doing Help spend less time finding bugs Develop fast, reliable code

Type of Memory Errors ABR/ABW Array bounds read/write FMR/FMW Freed memory read/write UMR Uninitialized memory read MSE Memory Segment Error MLK Memory Leak NPR/NRW Null Pointer Read FMM Freeing Mismatched Memory

Software Quality Management IBM-Rational Products: A set of runtime analysis tools Increase code quality Purify Detecting Runtime Errors Automatically pinpoints hard-to-find bugs Profiling.NET Managed Code (Memory Profiling) Quantify Application profiler Highlights performance bottlenecks PureCoverage Source code coverage analysis Helps avoid shipping untested code

Features and benefits Who can use it? For everybody Unix, Windows, C, C++, Java,.NET Developers and testers Source Code required? Monitors components with no source code Interesting Features: Rich command line interface and batch mode for automation Integrations with Rational Robot, Rational ClearQuest, Rational ClearCase, and Microsoft Visual Studio.NET Current Version: PurifyPlus

What about static analysis tools Static analysis tools are a great complement to Purify Find errors that you don t exercise in test cases Find richer semantic errors, e.g. type safety Find potential errors if calling patterns change Analyze code sections before you have a working executable

What about static analysis tools Static analysis tools have limitations Only find errors in the code you have source for Not in libraries that you pass bad data too or that are buggy Can miss errors whose cause & effect are distant in time & space Or bury you in possible errors Can take a long time to run

How does Purify work? Take your compiled application apart Find interesting places to insert probes Put your application back together again Run it and play Detecting memory leaks GC-like algorithm Maintain list of all allocated blocks in all heaps And call chain of allocator On demand, scan memory for all in-scope pointers Starting from anchors stack, statics, registers Any block not pointed to is leaked (MLK/PLK) All other blocks are memory in use (MIU)

Technique Track state of each byte in process address space -Red = logically unallocated to app -Yellow = allocated (malloc/new) but not written to yet (uninitialized) -Green = allocated and initialized Add red guard zone to the ends of allocated blocks -To catch buffer overrun errors Monitor every read and write instruction

Purify s memory state tracking

Purify s array bounds detection Inserts guard zones around each block allocated. (Guard zones are colored red. A read or write to red memory triggers an array bounds violation) Uninitialized A read of yellow Read Violation memory triggers???

Valgrind

Case 1: #include <stdio.h> #include <stdlib.h> int main() { int i; int *a = malloc(sizeof(int) * 10); if (!a) return -1; /*malloc failed*/ for (i = 0; i < 11; i++) a[i] = i; } free(a); return 0;

$ gcc -Wall -pedantic -g example1.c -o example $ valgrind./example ==23779== Memcheck, a memory error detector ==23779== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==23779== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==23779== Command:./example ==23779== ==23779== Invalid write of size 4 ==23779== at 0x400548: main (example1.c:9) ==23779== Address 0x4c30068 is 0 bytes after a block of size 40 alloc'd ==23779== at 0x4A05E46: malloc (vg_replace_malloc.c:195) ==23779== by 0x40051C: main (example1.c:6) ==23779== ==23779== ==23779== HEAP SUMMARY: ==23779== in use at exit: 0 bytes in 0 blocks ==23779== total heap usage: 1 allocs, 1 frees, 40 bytes allocated ==23779== ==23779== All heap blocks were freed -- no leaks are possible ==23779== ==23779== For counts of detected and suppressed errors, rerun with: -v ==23779== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 6 from 6)

Case 2: #include <stdio.h> #include <stdlib.h> int main() { int i; int a[10]; for (i = 0; i < 9; i++) a[i] = i; for (i = 0; i < 10; i++) printf("%d ", a[i]); } printf("\n"); return 0;

==24599== Conditional jump or move depends on uninitialised value(s) ==24599== at 0x33A8648196: vfprintf (in /lib64/libc-2.13.so) ==24599== by 0x33A864FB59: printf (in /lib64/libc-2.13.so) ==24599== by 0x400567: main (example2.c:11) ==24599== ==24599== Use of uninitialised value of size 8 ==24599== at 0x33A864484B: _itoa_word (in /lib64/libc-2.13.so) ==24599== by 0x33A8646D50: vfprintf (in /lib64/libc-2.13.so) ==24599== by 0x33A864FB59: printf (in /lib64/libc-2.13.so) ==24599== by 0x400567: main (example2.c:11) ==24599== ==24599== Conditional jump or move depends on uninitialised value(s) ==24599== at 0x33A8644855: _itoa_word (in /lib64/libc-2.13.so) ==24599== by 0x33A8646D50: vfprintf (in /lib64/libc-2.13.so) ==24599== by 0x33A864FB59: printf (in /lib64/libc-2.13.so) ==24599== by 0x400567: main (example2.c:11) ==24599== 0 1 2 3 4 5 6 7 8 7

Case 3: #include <stdio.h> #include <stdlib.h> int main(){ int i; int *a; for (i=0; i < 10; i++){ a = malloc(sizeof(int) * 100); } free(a); return 0; }

What valgrind is not: #include <stdio.h> #include <stdlib.h> int main() { int i; int x = 0; int a[10]; for (i = 0; i < 11; i++) a[i] = i; printf("x is %d\n", x); return 0; }

What valgrind is not: #include <stdio.h> #include <stdlib.h> int main(){ char *str = malloc(10); gets(str); printf("%s\n",str); return 0; }

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback