TI2725-C, C programming lab, course

Similar documents
Intermediate Programming, Spring 2017*

Memory Analysis tools

In Java we have the keyword null, which is the value of an uninitialized reference type

The assignment requires solving a matrix access problem using only pointers to access the array elements, and introduces the use of struct data types.

Both parts center on the concept of a "mesa", and make use of the following data type:

CSE 333 Midterm Exam Sample Solution 7/28/14

18-642: Code Style for Compilers

Memory Management in C (Dynamic Strings) Personal Software Engineering

System Assertions. Andreas Zeller

Praktische Aspekte der Informatik

CS 241 Data Organization Binary Trees

CSCI-243 Exam 1 Review February 22, 2015 Presented by the RIT Computer Science Community

Debugging (Part 2) 1

Key C Topics: Tutorial Pointers, Dynamic Memory allocation, Valgrind and Makefile CS370

Memory Allocation in C C Programming and Software Tools. N.C. State Department of Computer Science

Memory (Stack and Heap)

CSci 4061 Introduction to Operating Systems. Programs in C/Unix

o Code, executable, and process o Main memory vs. virtual memory

COSC Software Engineering. Lecture 16: Managing Memory Managers

The Valgrind Memory Checker. (i.e., Your best friend.)

CSCI-1200 Data Structures Spring 2016 Lecture 6 Pointers & Dynamic Memory

DEBUGGING: DYNAMIC PROGRAM ANALYSIS

Lecture 14 Notes. Brent Edmunds

Kurt Schmidt. October 30, 2018

ECE551 Midterm Version 2

Memory Management. CS449 Fall 2017

Last week. Data on the stack is allocated automatically when we do a function call, and removed when we return

New features in AddressSanitizer. LLVM developer meeting Nov 7, 2013 Alexey Samsonov, Kostya Serebryany

CS61, Fall 2012 Section 2 Notes

Lab Exam 1 D [1 mark] Give an example of a sample input which would make the function

INITIALISING POINTER VARIABLES; DYNAMIC VARIABLES; OPERATIONS ON POINTERS

Princeton University Computer Science 217: Introduction to Programming Systems. Data Structures

The Valgrind Memory Checker. (i.e., Your best friend.)

Binghamton University. CS-211 Fall Dynamic Memory

6.S096: Introduction to C/C++

malloc() is often used to allocate chunk of memory dynamically from the heap region. Each chunk contains a header and free space (the buffer in which

ECE 551D Spring 2018 Midterm Exam

C Programming Basics II

18-642: Code Style for Compilers

CSE 12 Spring 2016 Week One, Lecture Two

CSC 1600 Memory Layout for Unix Processes"

CS 31: Intro to Systems Pointers and Memory. Martin Gagne Swarthmore College February 16, 2016

ECE551 Midterm Version 1

Creating a String Data Type in C

Week 5, continued. This is CS50. Harvard University. Fall Cheng Gong

CMSC 341 Lecture 2 Dynamic Memory and Pointers

Recitation: C Review. TA s 20 Feb 2017

PRINCIPLES OF OPERATING SYSTEMS

DAY 3. CS3600, Northeastern University. Alan Mislove

CSCI-1200 Data Structures Fall 2015 Lecture 6 Pointers & Dynamic Memory

CS 11 C track: lecture 5

Use Dynamic Analysis Tools on Linux

Dynamic Memory Management

advanced data types (2) typedef. today advanced data types (3) enum. mon 23 sep 2002 defining your own types using typedef

Limitations of the stack

CS 103 Lab The Files are *In* the Computer

ICHEC. Using Valgrind. Using Valgrind :: detecting memory errors. Introduction. Program Compilation TECHNICAL REPORT

Pointers and Memory Management

unsigned char memory[] STACK ¼ 0x xC of address space globals function KERNEL code local variables

Pointers & Dynamic Memory Review C Pointers Introduce C++ Pointers

System Assertions. Your Submissions. Oral Exams FEBRUARY FEBRUARY FEBRUARY

CS 322 Operating Systems Practice Midterm Questions

Lecture 14. No in-class files today. Homework 7 (due on Wednesday) and Project 3 (due in 10 days) posted. Questions?

CSE 374 Final Exam 3/15/17. Name UW ID#

Announcements. assign0 due tonight. Labs start this week. No late submissions. Very helpful for assign1

CSC209H Lecture 3. Dan Zingaro. January 21, 2015

Intermediate Programming, Spring 2017*

C PROGRAMMING Lecture 5. 1st semester

Memory Organization. The machine code and data associated with it are in the code segment

valgrind overview: runtime memory checker and a bit more What can we do with it?

Memory Management. a C view. Dr Alun Moon KF5010. Computer Science. Dr Alun Moon (Computer Science) Memory Management KF / 24

Scientific Programming in C IV. Pointers

Dynamic Data Structures. CSCI 112: Programming in C

The output: The address of i is 0xbf85416c. The address of main is 0x80483e4. arrays.c. 1 #include <stdio.h> 3 int main(int argc, char **argv) 4 {

Understanding Pointers

Dynamic Allocation in C

THE GOOD, BAD AND UGLY ABOUT POINTERS. Problem Solving with Computers-I

Secure Coding in C and C++

Signature: ECE 551 Midterm Exam

Dynamic Allocation in C

Midterm Exam Nov 8th, COMS W3157 Advanced Programming Columbia University Fall Instructor: Jae Woo Lee.

EE355 Lab 5 - The Files Are *In* the Computer

When you add a number to a pointer, that number is added, but first it is multiplied by the sizeof the type the pointer points to.

CSE 374 Final Exam 3/15/17 Sample Solution. Question 1. (8 points) Suppose we have the following two statements in a C program:

CS C Primer. Tyler Szepesi. January 16, 2013

Arrays and Pointers. CSE 2031 Fall November 11, 2013

ECE 551D Spring 2018 Midterm Exam

Memory Allocation. General Questions

Dynamic memory. EECS 211 Winter 2019

Memory Leak. C++: Memory Problems. Memory Leak. Memory Leak. Pointer Ownership. Memory Leak

Lecture 9 Assertions and Error Handling CS240

Lecture 8 Dynamic Memory Allocation

ECE551 Midterm Version 1

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 2

ECE551 Midterm. There are 7 questions, with the point values as shown below. You have 75 minutes with a total of 75 points. Pace yourself accordingly.

Memory Management I. two kinds of memory: stack and heap

Memory Corruption 101 From Primitives to Exploit

Dynamic code analysis tools

Arrays and Pointers. Arrays. Arrays: Example. Arrays: Definition and Access. Arrays Stored in Memory. Initialization. EECS 2031 Fall 2014.

Lecture 07 Debugging Programs with GDB

Transcription:

Valgrind tutorial Valgrind is a tool which can find memory leaks in your programs, such as buffer overflows and bad memory management. This document will show per example how Valgrind responds to buggy code and how Valgrind reports these bugs. 1

Dangling pointers 1 # include < stdint.h> 2 uint8_t * allocate_memory (); 4 5 int main ( int argc, char * argv []) { 6 uint8_t * buffer = allocate_memory (); 7 buffer [0] = 0; 8 return 0; 9 } 10 11 /* 12 * Returns a pointer to newly allocated 1 kb memory. 1 */ 14 uint8_t * allocate_memory () { 15 uint8_t memory [1000]; 16 return memory ; 17 } Function allocate_memory has memory, a 1,000 byte array, as a local variable. A pointer to the first element of this array is returned, such that the calling function may use this allocated memory. But, after returning from the function, the stack that was created for the allocate_memory function has been freed along with its local variable memory. In line 7, the main function will write to a place in memory that can be used by other functions, which may lead to unexpected behavior. If you use the GCC compiler, you will see that GCC warns you about the possible bug in your code: > gcc local_pointers.c -o local_pointers local_pointers.c: In function allocate_memory: local_pointers.c:16:2: warning: function returns address of local variable [enabled by default] > valgrind --tool=memcheck./local_pointers Invalid write of size 1 ==6276== at 0x40057D: main (in /../local_pointers) ==6276== Address 0x7fefffc60 is just below the stack ptr. To suppress, use: --workaround-gcc296-bugs=yes 2

Memory leaks 1 # include < stdint.h> 2 # include < stdlib.h> 4 uint8_t * allocate_memory (); 5 6 int main ( int argc, char * argv []) { 7 uint8_t * buffer = allocate_memory (); 8 buffer [0] = 0; 9 return 0; 10 } 11 12 /* 1 * Returns a pointer to newly allocated 1 kb memory. 14 */ 15 uint8_t * allocate_memory () { 16 uint8_t * memory = ( uint8_t *) malloc ( sizeof ( uint8_t ) * 1000) ; 17 return memory ; 18 } Function allocate_memory creates 1kB of space on the heap by a call to function malloc. After the main function is executed, the allocated 1kB will remain unavailable to other processes. So, always use the free function to deallocate the allocated memory so other processes can use it again. Note that GCC does not warn you about this bug. Running Valgrind on the program yields the following output: > valgrind --tool=memcheck./no_free ==1189== HEAP SUMMARY: ==1189== in use at exit: 1,000 bytes in 1 blocks ==1189== total heap usage: 1 allocs, 0 frees, 1,000 bytes allocated ==1189== ==1189== LEAK SUMMARY: ==1189== definitely lost: 1,000 bytes in 1 blocks ==1189== indirectly lost: 0 bytes in 0 blocks... As you can see, Valgrind reports that 1kB of memory on the heap is still in use after the program no_free is done executing.

Actions based on uninitialized data 1 int main ( int argc, char * argv []) { 2 int i; while (i < 10) { 4 // Do something here 5 ++i; 6 } 7 return 0; 8 } Function main creates a variable i, which is never initialized. Based on the value of i, the while-loop will iterate for a certain amount of time. Because the value of i is not known, an unknown number of iterations will occur. > valgrind --tool=memcheck./uninitialized_data ==11650== Conditional jump or move depends on uninitialised value(s) ==11650== at 0x400501: main (in /./uninitialized_data) As you can see, Valgrind warns you that a conditional jump (such as if, switch, for, while statements) or move is based on data with uninitialized values. 4

Writing past the array boundary 1 # include < stdlib.h> 2 # include < string.h> 4 int main ( int argc, char * argv []) { 5 char * course_name = " TI2725 -C"; // " TI2725 -C" + \0 6 7 char course_name_cpy1 [8]; 8 strcpy ( course_name_cpy1, course_name ); 9 10 char * course_name_cpy2 = malloc ( sizeof ( char ) * 8); 11 strcpy ( course_name_cpy2, course_name ); 12 1 free ( course_name_cpy2 ); 14 return 0; 15 } The main function copies the string TI2725-C into two variables, one on the stack and one on the heap. Note that the string consists of 9 characters, as the strings ends with \0, the NULL-terminating character. The array course_name_cpy1 has only allocated memory on the stack for eight characters. When calling the strcpy function, the ninth character of the string will be written in the first byte next to the eight allocated bytes. > valgrind --tool=memcheck./out_of_bounds ==12190== Invalid write of size 1 ==12190== at 0x4C2D812: strcpy (in /./vgpreload_memcheck-amd64-linux.so) ==12190== by 0x400685: main (in /./out_of_bounds) ==12190== Address 0x51fd048 is 0 bytes after a block of size 8 alloc d ==12190== at 0x4C2CD7B: malloc (in /./vgpreload_memcheck-amd64-linux.so) ==12190== by 0x40066E: main (in /./out_of_bounds) ==12190==... You can see that Valgrind warns you about a write of one byte in the function strcpy, which is called by the function main. The ninth character was to be written to location 0x51fd048, which is not allocated and resides in memory just next to the eight bytes that were allocated. You may ask yourself why Valgrind doesn t warn you about the first bug in the code, which copies the string onto too little allocated memory on the stack. The catch is that Valgrind does not perform bounds checking on memory on the stack. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback