Reputation: 96258
What kind of errors is valgrind unable to detect?
I've an application which crashes with SIGSEGV.
--20183-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--20183-- si_code=80; Faulting address: 0x0; sp: 0x409a8de60
valgrind: the 'impossible' happened:
Killed by fatal signal
==20183== at 0x38039981: vgPlain_arena_free (m_mallocfree.c:245)
==20183== by 0x38001E84: die_and_free_mem (mc_malloc_wrappers.c:124)
==20183== by 0x380688C3: vgPlain_scheduler (scheduler.c:1402)
==20183== by 0x380913F4: run_a_thread_NORETURN (syswrap-linux.c:95)
It must some kind of memory corruption which messed up the malloc chain, as the crash happens in random locations - but always when freeing.
Normally you would see a message like:
Invalid write of size 8
which signals the place where I corrupt the memory, but there aren't any messages, just the immediate crash. AFAIK valgrind covers most of the syscalls, so it will report even problems related to those calls, so...
My theoretical(*) question is: what kind of bugs should I look for? What kind of invalid writes is valgrind unable to detect?
(*): Please don't ask for actual code, as I said, this is a theoretical question.
Side-question: are there any other tools to catch the problem?
Upvotes: 2
Views: 4196
Answers (2)
Reputation: 96258
Only allocations on the heap are checked, no check for global/stack variables.
Buffer overruns aren't catched if they end up accessing valid memory (another allocated chunk). For the following example valgrind doesn't report the overrun (of course this all depends on the memory allocator you use...):
int main() {
char* a = malloc(1024);
char* b = malloc(1024);
*(a+1600) = '!';
}
In my case valgrind's ptrcheck tool (--tool=exp-ptrcheck) found the problem.
Upvotes: 3
Reputation: 1604
Unless this has changed recently, Valgrind's Memcheck tool can't detect overwriting stack array bounds. That could cause all sorts of fun problems that Valgrind may not pick up on.
I did some digging and found a user created tool called Annelid which claims to be able to detect stack variable corruption. That might help find such problems.
Most of my experience with Valgrind's internals revolves around its memory checking system, so someone else may be able to elaborate on its other aspects and what it can and can't detect.
Upvotes: 2
Related Questions
- Segmentation fault with valgrind
- Understanding errors in Valgrind
- Errors in valgrind when reading a file - C
- Valgrind results of a "segmentation fault" program
- Segfaulting only without valgrind
- Segmentation fault in valgrind, but not in actual run
- Valgrind Not Catching Segfaults
- valgrind : what does the following summary tells
- Interpreting valgrind error
- How to detect segmentation fault details using Valgrind?