

[C++] 用mtrace定位内存泄漏

编程语言 编程语言 发布于:2021-06-29 13:40 | 阅读数:410 | 评论:0

一. 缘起
有的公众号读者,看完我上次写给大学生的查bug方法后,希望我多分享一些查bug的实践经验和具体步骤,比如如何查内存泄漏和core dump问题。所以,就打算写这篇文章。

二. 内存泄漏简介
  后来,我又听说了很多次内存泄漏,查资料后才知道,原来这是一个软件层面的东西。比如,使用了malloc, 但没有使用free, 或者使用了new, 但没有使用delete, 都会造成内存泄漏。
  • 内存泄漏危害性大
  • 内存泄漏潜伏时间长
  • 内存泄漏不容易定位
  有的面试者回答,只有小心配对使用malloc/free和new/delete, 就能避免内存泄漏。显然,这种面试者缺乏基本的工程实践认知,缺乏对敌人的敬畏。

三. mtrace简介
ubuntu@VM-0-15-ubuntu:~$ man mtraceMTRACE(1)                     Linux user manual                     MTRACE(1)NAME     mtrace - interpret the malloc trace logSYNOPSIS     mtrace [option]... [binary] mtracedataDESCRIPTION     mtrace  is a Perl script used to interpret and provide human readable output of the trace log contained in     the file mtracedata, whose contents were produced by mtrace(3).  If binary  is  provided,  the  output  of     mtrace  also  contains  the  source file name with line number information for problem locations (assuming     that binary was compiled with debugging information).     For more information about the mtrace(3) function and mtrace script usage, see mtrace(3).
  显然,mtrace命令是用来分析malloc函数的trace log.
  那么,这个trace log是怎么生成的呢? 且看上面的see mtrace(3). 有的朋友看到这里,不知道怎么敲命令了,以为是:
ubuntu@VM-0-15-ubuntu:~$ man mtrace(3)-bash: syntax error near unexpected token `('ubuntu@VM-0-15-ubuntu:~$
ubuntu@VM-0-15-ubuntu:~$ man 3 mtraceMTRACE(3)                   Linux Programmer's Manual                   MTRACE(3)NAME     mtrace, muntrace - malloc tracingSYNOPSIS     #include <mcheck.h>     void mtrace(void);     void muntrace(void);DESCRIPTION     The  mtrace()  function installs hook functions for the memory-allocation functions (malloc(3), realloc(3)     memalign(3), free(3)).  These hook functions record tracing information about memory allocation and  deal[m     location.   The tracing information can be used to discover memory leaks and attempts to free nonallocated     memory in a program.     The muntrace() function disables the hook functions installed by mtrace(), so that tracing information  is     no  longer recorded for the memory-allocation functions.  If no hook functions were successfully installed     by mtrace(), muntrace() does nothing.     When mtrace() is called, it checks the value of the environment variable MALLOC_TRACE, which  should  con[m     tain  the  pathname of a file in which the tracing information is to be recorded.  If the pathname is suc[m     cessfully opened, it is truncated to zero length.     If MALLOC_TRACE is not set, or the pathname it specifies is invalid or not writable, then  no  hook  func[m     tions  are  installed, and mtrace() has no effect.  In set-user-ID and set-group-ID programs, MALLOC_TRACE     is ignored, and mtrace() has no effect.
  显然,mtrace函数是用来记录malloc的trace log的。
  所以,对于mtrace, 我们有如下的基本认知:
  • mtrace函数记录malloc的trace log
  • mtrace命令分析上述记录的trace log

四. 用mtrace定位内存泄漏
#include <stdio.h>int main(){  setenv("MALLOC_TRACE", "test.log", "1");  mtrace();  int *p = (int *)malloc(2 * sizeof(int));  return 0;}
  • setenv是设置相关环境变量。
  • mtrace函数记录malloc的trace log.
  • malloc函数用于分配堆内存
ubuntu@VM-0-15-ubuntu:~$ gcc -g test.cubuntu@VM-0-15-ubuntu:~$ ubuntu@VM-0-15-ubuntu:~$ ubuntu@VM-0-15-ubuntu:~$ ./a.outubuntu@VM-0-15-ubuntu:~$ ls test.log test.logubuntu@VM-0-15-ubuntu:~$ cat test.log = Start@ ./a.out:[0x4005eb] + 0x1649570 0x8@ /lib/x86_64-linux-gnu/libc.so.6:(clearenv+0x5d)[0x7f1bc48f7e9d] - 0x1649010@ /lib/x86_64-linux-gnu/libc.so.6:(tdestroy+0x4cf)[0x7f1bc49c291f] - 0x16490e0@ /lib/x86_64-linux-gnu/libc.so.6:[0x7f1bc4a3223c] - 0x1649100
  显然,编译运行后,生成了trace log, 即test.log文件。用cat命令查看,貌似也发现不了什么东西,这是因为,姿势错了。
  我们不仅仅要用test.log, 还要结合二进制文件a.out呢,如下:
ubuntu@VM-0-15-ubuntu:~$ mtrace a.out test.log- 0x00000000018ab010 Free 3 was never alloc'd 0x7fb41725fe9d- 0x00000000018ab0e0 Free 4 was never alloc'd 0x7fb41732a91f- 0x00000000018ab100 Free 5 was never alloc'd 0x7fb41739a23cMemory not freed:-----------------       Address   Size   Caller0x00000000018ab570    0x8  at /home/ubuntu/test.c:8ubuntu@VM-0-15-ubuntu:~$
  Oh, nice啊!终于查出是第8行,存在内存泄漏。接下来,我们打算修复代码,并再次验证。

五. 修复后再验证
#include <stdio.h>int main(){  setenv("MALLOC_TRACE", "test.log", "1");  mtrace();  int *p = (int *)malloc(2 * sizeof(int));  free(p);  return 0;}
ubuntu@VM-0-15-ubuntu:~$ gcc -g test.cubuntu@VM-0-15-ubuntu:~$ ubuntu@VM-0-15-ubuntu:~$ ubuntu@VM-0-15-ubuntu:~$ ./a.outubuntu@VM-0-15-ubuntu:~$ mtrace a.out test.log- 0x00000000006ad010 Free 4 was never alloc'd 0x7faa9b044e9d- 0x00000000006ad0e0 Free 5 was never alloc'd 0x7faa9b10f91f- 0x00000000006ad100 Free 6 was never alloc'd 0x7faa9b17f23cNo memory leaks.ubuntu@VM-0-15-ubuntu:~$
  看到No memory leaks后,心情就好了,没有内存泄漏了。

六. 最后的话