1 <?xml version="1.0"?> <!-- -*- sgml -*- --> 2 <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 4 [ <!ENTITY % vg-entities SYSTEM "vg-entities.xml"> %vg-entities; ]> 5 6 7 <chapter id="manual-core" xreflabel="Valgrind's core"> 8 <title>Using and understanding the Valgrind core</title> 9 10 <para>This chapter describes the Valgrind core services, command-line 11 options and behaviours. That means it is relevant regardless of what 12 particular tool you are using. The information should be sufficient for you 13 to make effective day-to-day use of Valgrind. Advanced topics related to 14 the Valgrind core are described in <xref linkend="manual-core-adv"/>. 15 </para> 16 17 <para> 18 A point of terminology: most references to "Valgrind" in this chapter 19 refer to the Valgrind core services. </para> 20 21 22 23 <sect1 id="manual-core.whatdoes" 24 xreflabel="What Valgrind does with your program"> 25 <title>What Valgrind does with your program</title> 26 27 <para>Valgrind is designed to be as non-intrusive as possible. It works 28 directly with existing executables. You don't need to recompile, relink, 29 or otherwise modify the program to be checked.</para> 30 31 <para>You invoke Valgrind like this:</para> 32 <programlisting><![CDATA[ 33 valgrind [valgrind-options] your-prog [your-prog-options]]]></programlisting> 34 35 <para>The most important option is <option>--tool</option> which dictates 36 which Valgrind tool to run. For example, if want to run the command 37 <computeroutput>ls -l</computeroutput> using the memory-checking tool 38 Memcheck, issue this command:</para> 39 40 <programlisting><![CDATA[ 41 valgrind --tool=memcheck ls -l]]></programlisting> 42 43 <para>However, Memcheck is the default, so if you want to use it you can 44 omit the <option>--tool</option> option.</para> 45 46 <para>Regardless of which tool is in use, Valgrind takes control of your 47 program before it starts. Debugging information is read from the 48 executable and associated libraries, so that error messages and other 49 outputs can be phrased in terms of source code locations, when 50 appropriate.</para> 51 52 <para>Your program is then run on a synthetic CPU provided by the 53 Valgrind core. As new code is executed for the first time, the core 54 hands the code to the selected tool. The tool adds its own 55 instrumentation code to this and hands the result back to the core, 56 which coordinates the continued execution of this instrumented 57 code.</para> 58 59 <para>The amount of instrumentation code added varies widely between 60 tools. At one end of the scale, Memcheck adds code to check every 61 memory access and every value computed, 62 making it run 10-50 times slower than natively. 63 At the other end of the spectrum, the minimal tool, called Nulgrind, 64 adds no instrumentation at all and causes in total "only" about a 4 times 65 slowdown.</para> 66 67 <para>Valgrind simulates every single instruction your program executes. 68 Because of this, the active tool checks, or profiles, not only the code 69 in your application but also in all supporting dynamically-linked libraries, 70 including the C library, graphical libraries, and so on.</para> 71 72 <para>If you're using an error-detection tool, Valgrind may 73 detect errors in system libraries, for example the GNU C or X11 74 libraries, which you have to use. You might not be interested in these 75 errors, since you probably have no control over that code. Therefore, 76 Valgrind allows you to selectively suppress errors, by recording them in 77 a suppressions file which is read when Valgrind starts up. The build 78 mechanism selects default suppressions which give reasonable 79 behaviour for the OS and libraries detected on your machine. 80 To make it easier to write suppressions, you can use the 81 <option>--gen-suppressions=yes</option> option. This tells Valgrind to 82 print out a suppression for each reported error, which you can then 83 copy into a suppressions file.</para> 84 85 <para>Different error-checking tools report different kinds of errors. 86 The suppression mechanism therefore allows you to say which tool or 87 tool(s) each suppression applies to.</para> 88 89 </sect1> 90 91 92 <sect1 id="manual-core.started" xreflabel="Getting started"> 93 <title>Getting started</title> 94 95 <para>First off, consider whether it might be beneficial to recompile 96 your application and supporting libraries with debugging info enabled 97 (the <option>-g</option> option). Without debugging info, the best 98 Valgrind tools will be able to do is guess which function a particular 99 piece of code belongs to, which makes both error messages and profiling 100 output nearly useless. With <option>-g</option>, you'll get 101 messages which point directly to the relevant source code lines.</para> 102 103 <para>Another option you might like to consider, if you are working with 104 C++, is <option>-fno-inline</option>. That makes it easier to see the 105 function-call chain, which can help reduce confusion when navigating 106 around large C++ apps. For example, debugging 107 OpenOffice.org with Memcheck is a bit easier when using this option. You 108 don't have to do this, but doing so helps Valgrind produce more accurate 109 and less confusing error reports. Chances are you're set up like this 110 already, if you intended to debug your program with GNU GDB, or some 111 other debugger.</para> 112 113 <para>If you are planning to use Memcheck: On rare 114 occasions, compiler optimisations (at <option>-O2</option> 115 and above, and sometimes <option>-O1</option>) have been 116 observed to generate code which fools Memcheck into wrongly reporting 117 uninitialised value errors, or missing uninitialised value errors. We have 118 looked in detail into fixing this, and unfortunately the result is that 119 doing so would give a further significant slowdown in what is already a slow 120 tool. So the best solution is to turn off optimisation altogether. Since 121 this often makes things unmanageably slow, a reasonable compromise is to use 122 <option>-O</option>. This gets you the majority of the 123 benefits of higher optimisation levels whilst keeping relatively small the 124 chances of false positives or false negatives from Memcheck. Also, you 125 should compile your code with <option>-Wall</option> because 126 it can identify some or all of the problems that Valgrind can miss at the 127 higher optimisation levels. (Using <option>-Wall</option> 128 is also a good idea in general.) All other tools (as far as we know) are 129 unaffected by optimisation level, and for profiling tools like Cachegrind it 130 is better to compile your program at its normal optimisation level.</para> 131 132 <para>Valgrind understands both the older "stabs" debugging format, used 133 by GCC versions prior to 3.1, and the newer DWARF2/3/4 formats 134 used by GCC 135 3.1 and later. We continue to develop our debug-info readers, 136 although the majority of effort will naturally enough go into the newer 137 DWARF readers.</para> 138 139 <para>When you're ready to roll, run Valgrind as described above. 140 Note that you should run the real 141 (machine-code) executable here. If your application is started by, for 142 example, a shell or Perl script, you'll need to modify it to invoke 143 Valgrind on the real executables. Running such scripts directly under 144 Valgrind will result in you getting error reports pertaining to 145 <filename>/bin/sh</filename>, 146 <filename>/usr/bin/perl</filename>, or whatever interpreter 147 you're using. This may not be what you want and can be confusing. You 148 can force the issue by giving the option 149 <option>--trace-children=yes</option>, but confusion is still 150 likely.</para> 151 152 </sect1> 153 154 155 <!-- Referenced from both the manual and manpage --> 156 <sect1 id="&vg-comment-id;" xreflabel="&vg-comment-label;"> 157 <title>The Commentary</title> 158 159 <para>Valgrind tools write a commentary, a stream of text, detailing 160 error reports and other significant events. All lines in the commentary 161 have following form: 162 163 <programlisting><![CDATA[ 164 ==12345== some-message-from-Valgrind]]></programlisting> 165 </para> 166 167 <para>The <computeroutput>12345</computeroutput> is the process ID. 168 This scheme makes it easy to distinguish program output from Valgrind 169 commentary, and also easy to differentiate commentaries from different 170 processes which have become merged together, for whatever reason.</para> 171 172 <para>By default, Valgrind tools write only essential messages to the 173 commentary, so as to avoid flooding you with information of secondary 174 importance. If you want more information about what is happening, 175 re-run, passing the <option>-v</option> option to Valgrind. A second 176 <option>-v</option> gives yet more detail. 177 </para> 178 179 <para>You can direct the commentary to three different places:</para> 180 181 <orderedlist> 182 183 <listitem id="manual-core.out2fd" xreflabel="Directing output to fd"> 184 <para>The default: send it to a file descriptor, which is by default 185 2 (stderr). So, if you give the core no options, it will write 186 commentary to the standard error stream. If you want to send it to 187 some other file descriptor, for example number 9, you can specify 188 <option>--log-fd=9</option>.</para> 189 190 <para>This is the simplest and most common arrangement, but can 191 cause problems when Valgrinding entire trees of processes which 192 expect specific file descriptors, particularly stdin/stdout/stderr, 193 to be available for their own use.</para> 194 </listitem> 195 196 <listitem id="manual-core.out2file" 197 xreflabel="Directing output to file"> <para>A less intrusive 198 option is to write the commentary to a file, which you specify by 199 <option>--log-file=filename</option>. There are special format 200 specifiers that can be used to use a process ID or an environment 201 variable name in the log file name. These are useful/necessary if your 202 program invokes multiple processes (especially for MPI programs). 203 See the <link linkend="manual-core.basicopts">basic options section</link> 204 for more details.</para> 205 </listitem> 206 207 <listitem id="manual-core.out2socket" 208 xreflabel="Directing output to network socket"> <para>The 209 least intrusive option is to send the commentary to a network 210 socket. The socket is specified as an IP address and port number 211 pair, like this: <option>--log-socket=192.168.0.1:12345</option> if 212 you want to send the output to host IP 192.168.0.1 port 12345 213 (note: we 214 have no idea if 12345 is a port of pre-existing significance). You 215 can also omit the port number: 216 <option>--log-socket=192.168.0.1</option>, in which case a default 217 port of 1500 is used. This default is defined by the constant 218 <computeroutput>VG_CLO_DEFAULT_LOGPORT</computeroutput> in the 219 sources.</para> 220 221 <para>Note, unfortunately, that you have to use an IP address here, 222 rather than a hostname.</para> 223 224 <para>Writing to a network socket is pointless if you don't 225 have something listening at the other end. We provide a simple 226 listener program, 227 <computeroutput>valgrind-listener</computeroutput>, which accepts 228 connections on the specified port and copies whatever it is sent to 229 stdout. Probably someone will tell us this is a horrible security 230 risk. It seems likely that people will write more sophisticated 231 listeners in the fullness of time.</para> 232 233 <para><computeroutput>valgrind-listener</computeroutput> can accept 234 simultaneous connections from up to 50 Valgrinded processes. In front 235 of each line of output it prints the current number of active 236 connections in round brackets.</para> 237 238 <para><computeroutput>valgrind-listener</computeroutput> accepts two 239 command-line options:</para> 240 <!-- start of xi:include in the manpage --> 241 <variablelist id="listener.opts.list"> 242 <varlistentry> 243 <term><option>-e --exit-at-zero</option></term> 244 <listitem> 245 <para>When the number of connected processes falls back to zero, 246 exit. Without this, it will run forever, that is, until you 247 send it Control-C.</para> 248 </listitem> 249 </varlistentry> 250 <varlistentry> 251 <term><option>portnumber</option></term> 252 <listitem> 253 <para>Changes the port it listens on from the default (1500). 254 The specified port must be in the range 1024 to 65535. 255 The same restriction applies to port numbers specified by a 256 <option>--log-socket</option> to Valgrind itself.</para> 257 </listitem> 258 </varlistentry> 259 </variablelist> 260 <!-- end of xi:include in the manpage --> 261 262 <para>If a Valgrinded process fails to connect to a listener, for 263 whatever reason (the listener isn't running, invalid or unreachable 264 host or port, etc), Valgrind switches back to writing the commentary 265 to stderr. The same goes for any process which loses an established 266 connection to a listener. In other words, killing the listener 267 doesn't kill the processes sending data to it.</para> 268 </listitem> 269 270 </orderedlist> 271 272 <para>Here is an important point about the relationship between the 273 commentary and profiling output from tools. The commentary contains a 274 mix of messages from the Valgrind core and the selected tool. If the 275 tool reports errors, it will report them to the commentary. However, if 276 the tool does profiling, the profile data will be written to a file of 277 some kind, depending on the tool, and independent of what 278 <option>--log-*</option> options are in force. The commentary is 279 intended to be a low-bandwidth, human-readable channel. Profiling data, 280 on the other hand, is usually voluminous and not meaningful without 281 further processing, which is why we have chosen this arrangement.</para> 282 283 </sect1> 284 285 286 <sect1 id="manual-core.report" xreflabel="Reporting of errors"> 287 <title>Reporting of errors</title> 288 289 <para>When an error-checking tool 290 detects something bad happening in the program, an error 291 message is written to the commentary. Here's an example from Memcheck:</para> 292 293 <programlisting><![CDATA[ 294 ==25832== Invalid read of size 4 295 ==25832== at 0x8048724: BandMatrix::ReSize(int, int, int) (bogon.cpp:45) 296 ==25832== by 0x80487AF: main (bogon.cpp:66) 297 ==25832== Address 0xBFFFF74C is not stack'd, malloc'd or free'd]]></programlisting> 298 299 <para>This message says that the program did an illegal 4-byte read of 300 address 0xBFFFF74C, which, as far as Memcheck can tell, is not a valid 301 stack address, nor corresponds to any current heap blocks or recently freed 302 heap blocks. The read is happening at line 45 of 303 <filename>bogon.cpp</filename>, called from line 66 of the same file, 304 etc. For errors associated with an identified (current or freed) heap block, 305 for example reading freed memory, Valgrind reports not only the 306 location where the error happened, but also where the associated heap block 307 was allocated/freed.</para> 308 309 <para>Valgrind remembers all error reports. When an error is detected, 310 it is compared against old reports, to see if it is a duplicate. If so, 311 the error is noted, but no further commentary is emitted. This avoids 312 you being swamped with bazillions of duplicate error reports.</para> 313 314 <para>If you want to know how many times each error occurred, run with 315 the <option>-v</option> option. When execution finishes, all the 316 reports are printed out, along with, and sorted by, their occurrence 317 counts. This makes it easy to see which errors have occurred most 318 frequently.</para> 319 320 <para>Errors are reported before the associated operation actually 321 happens. For example, if you're using Memcheck and your program attempts to 322 read from address zero, Memcheck will emit a message to this effect, and 323 your program will then likely die with a segmentation fault.</para> 324 325 <para>In general, you should try and fix errors in the order that they 326 are reported. Not doing so can be confusing. For example, a program 327 which copies uninitialised values to several memory locations, and later 328 uses them, will generate several error messages, when run on Memcheck. 329 The first such error message may well give the most direct clue to the 330 root cause of the problem.</para> 331 332 <para>The process of detecting duplicate errors is quite an 333 expensive one and can become a significant performance overhead 334 if your program generates huge quantities of errors. To avoid 335 serious problems, Valgrind will simply stop collecting 336 errors after 1,000 different errors have been seen, or 10,000,000 errors 337 in total have been seen. In this situation you might as well 338 stop your program and fix it, because Valgrind won't tell you 339 anything else useful after this. Note that the 1,000/10,000,000 limits 340 apply after suppressed errors are removed. These limits are 341 defined in <filename>m_errormgr.c</filename> and can be increased 342 if necessary.</para> 343 344 <para>To avoid this cutoff you can use the 345 <option>--error-limit=no</option> option. Then Valgrind will always show 346 errors, regardless of how many there are. Use this option carefully, 347 since it may have a bad effect on performance.</para> 348 349 </sect1> 350 351 352 <sect1 id="manual-core.suppress" xreflabel="Suppressing errors"> 353 <title>Suppressing errors</title> 354 355 <para>The error-checking tools detect numerous problems in the system 356 libraries, such as the C library, 357 which come pre-installed with your OS. You can't easily fix 358 these, but you don't want to see these errors (and yes, there are many!) 359 So Valgrind reads a list of errors to suppress at startup. A default 360 suppression file is created by the 361 <computeroutput>./configure</computeroutput> script when the system is 362 built.</para> 363 364 <para>You can modify and add to the suppressions file at your leisure, 365 or, better, write your own. Multiple suppression files are allowed. 366 This is useful if part of your project contains errors you can't or 367 don't want to fix, yet you don't want to continuously be reminded of 368 them.</para> 369 370 <formalpara><title>Note:</title> <para>By far the easiest way to add 371 suppressions is to use the <option>--gen-suppressions=yes</option> option 372 described in <xref linkend="manual-core.options"/>. This generates 373 suppressions automatically. For best results, 374 though, you may want to edit the output 375 of <option>--gen-suppressions=yes</option> by hand, in which 376 case it would be advisable to read through this section. 377 </para> 378 </formalpara> 379 380 <para>Each error to be suppressed is described very specifically, to 381 minimise the possibility that a suppression-directive inadvertently 382 suppresses a bunch of similar errors which you did want to see. The 383 suppression mechanism is designed to allow precise yet flexible 384 specification of errors to suppress.</para> 385 386 <para>If you use the <option>-v</option> option, at the end of execution, 387 Valgrind prints out one line for each used suppression, giving the number of times 388 it got used, its name and the filename and line number where the suppression is 389 defined. Depending on the suppression kind, the filename and line number are optionally 390 followed by additional information (such as the number of blocks and bytes suppressed 391 by a memcheck leak suppression). Here's the suppressions used by a 392 run of <computeroutput>valgrind -v --tool=memcheck ls -l</computeroutput>:</para> 393 394 <programlisting><![CDATA[ 395 --1610-- used_suppression: 2 dl-hack3-cond-1 /usr/lib/valgrind/default.supp:1234 396 --1610-- used_suppression: 2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a /usr/lib/valgrind/default.supp:1234 397 ]]></programlisting> 398 399 <para>Multiple suppressions files are allowed. By default, Valgrind 400 uses <filename>$PREFIX/lib/valgrind/default.supp</filename>. You can 401 ask to add suppressions from another file, by specifying 402 <option>--suppressions=/path/to/file.supp</option>. 403 </para> 404 405 <para>If you want to understand more about suppressions, look at an 406 existing suppressions file whilst reading the following documentation. 407 The file <filename>glibc-2.3.supp</filename>, in the source 408 distribution, provides some good examples.</para> 409 410 <para>Each suppression has the following components:</para> 411 412 <itemizedlist> 413 414 <listitem> 415 <para>First line: its name. This merely gives a handy name to the 416 suppression, by which it is referred to in the summary of used 417 suppressions printed out when a program finishes. It's not 418 important what the name is; any identifying string will do.</para> 419 </listitem> 420 421 <listitem> 422 <para>Second line: name of the tool(s) that the suppression is for 423 (if more than one, comma-separated), and the name of the suppression 424 itself, separated by a colon (n.b.: no spaces are allowed), eg:</para> 425 <programlisting><![CDATA[ 426 tool_name1,tool_name2:suppression_name]]></programlisting> 427 428 <para>Recall that Valgrind is a modular system, in which 429 different instrumentation tools can observe your program whilst it 430 is running. Since different tools detect different kinds of errors, 431 it is necessary to say which tool(s) the suppression is meaningful 432 to.</para> 433 434 <para>Tools will complain, at startup, if a tool does not understand 435 any suppression directed to it. Tools ignore suppressions which are 436 not directed to them. As a result, it is quite practical to put 437 suppressions for all tools into the same suppression file.</para> 438 </listitem> 439 440 <listitem> 441 <para>Next line: a small number of suppression types have extra 442 information after the second line (eg. the <varname>Param</varname> 443 suppression for Memcheck)</para> 444 </listitem> 445 446 <listitem> 447 <para>Remaining lines: This is the calling context for the error -- 448 the chain of function calls that led to it. There can be up to 24 449 of these lines.</para> 450 451 <para>Locations may be names of either shared objects or 452 functions. They begin 453 <computeroutput>obj:</computeroutput> and 454 <computeroutput>fun:</computeroutput> respectively. Function and 455 object names to match against may use the wildcard characters 456 <computeroutput>*</computeroutput> and 457 <computeroutput>?</computeroutput>.</para> 458 459 <para><command>Important note: </command> C++ function names must be 460 <command>mangled</command>. If you are writing suppressions by 461 hand, use the <option>--demangle=no</option> option to get the 462 mangled names in your error messages. An example of a mangled 463 C++ name is <computeroutput>_ZN9QListView4showEv</computeroutput>. 464 This is the form that the GNU C++ compiler uses internally, and 465 the form that must be used in suppression files. The equivalent 466 demangled name, <computeroutput>QListView::show()</computeroutput>, 467 is what you see at the C++ source code level. 468 </para> 469 470 <para>A location line may also be 471 simply "<computeroutput>...</computeroutput>" (three dots). This is 472 a frame-level wildcard, which matches zero or more frames. Frame 473 level wildcards are useful because they make it easy to ignore 474 varying numbers of uninteresting frames in between frames of 475 interest. That is often important when writing suppressions which 476 are intended to be robust against variations in the amount of 477 function inlining done by compilers.</para> 478 </listitem> 479 480 <listitem> 481 <para>Finally, the entire suppression must be between curly 482 braces. Each brace must be the first character on its own 483 line.</para> 484 </listitem> 485 486 </itemizedlist> 487 488 <para>A suppression only suppresses an error when the error matches all 489 the details in the suppression. Here's an example:</para> 490 491 <programlisting><![CDATA[ 492 { 493 __gconv_transform_ascii_internal/__mbrtowc/mbtowc 494 Memcheck:Value4 495 fun:__gconv_transform_ascii_internal 496 fun:__mbr*toc 497 fun:mbtowc 498 }]]></programlisting> 499 500 501 <para>What it means is: for Memcheck only, suppress a 502 use-of-uninitialised-value error, when the data size is 4, when it 503 occurs in the function 504 <computeroutput>__gconv_transform_ascii_internal</computeroutput>, when 505 that is called from any function of name matching 506 <computeroutput>__mbr*toc</computeroutput>, when that is called from 507 <computeroutput>mbtowc</computeroutput>. It doesn't apply under any 508 other circumstances. The string by which this suppression is identified 509 to the user is 510 <computeroutput>__gconv_transform_ascii_internal/__mbrtowc/mbtowc</computeroutput>.</para> 511 512 <para>(See <xref linkend="mc-manual.suppfiles"/> for more details 513 on the specifics of Memcheck's suppression kinds.)</para> 514 515 <para>Another example, again for the Memcheck tool:</para> 516 517 <programlisting><![CDATA[ 518 { 519 libX11.so.6.2/libX11.so.6.2/libXaw.so.7.0 520 Memcheck:Value4 521 obj:/usr/X11R6/lib/libX11.so.6.2 522 obj:/usr/X11R6/lib/libX11.so.6.2 523 obj:/usr/X11R6/lib/libXaw.so.7.0 524 }]]></programlisting> 525 526 <para>This suppresses any size 4 uninitialised-value error which occurs 527 anywhere in <filename>libX11.so.6.2</filename>, when called from 528 anywhere in the same library, when called from anywhere in 529 <filename>libXaw.so.7.0</filename>. The inexact specification of 530 locations is regrettable, but is about all you can hope for, given that 531 the X11 libraries shipped on the Linux distro on which this example 532 was made have had their symbol tables removed.</para> 533 534 <para>Although the above two examples do not make this clear, you can 535 freely mix <computeroutput>obj:</computeroutput> and 536 <computeroutput>fun:</computeroutput> lines in a suppression.</para> 537 538 <para>Finally, here's an example using three frame-level wildcards:</para> 539 540 <programlisting><![CDATA[ 541 { 542 a-contrived-example 543 Memcheck:Leak 544 fun:malloc 545 ... 546 fun:ddd 547 ... 548 fun:ccc 549 ... 550 fun:main 551 } 552 ]]></programlisting> 553 This suppresses Memcheck memory-leak errors, in the case where 554 the allocation was done by <computeroutput>main</computeroutput> 555 calling (though any number of intermediaries, including zero) 556 <computeroutput>ccc</computeroutput>, 557 calling onwards via 558 <computeroutput>ddd</computeroutput> and eventually 559 to <computeroutput>malloc.</computeroutput>. 560 </sect1> 561 562 563 <sect1 id="manual-core.options" 564 xreflabel="Core Command-line Options"> 565 <title>Core Command-line Options</title> 566 567 <para>As mentioned above, Valgrind's core accepts a common set of options. 568 The tools also accept tool-specific options, which are documented 569 separately for each tool.</para> 570 571 <para>Valgrind's default settings succeed in giving reasonable behaviour 572 in most cases. We group the available options by rough categories.</para> 573 574 <sect2 id="manual-core.toolopts" xreflabel="Tool-selection Option"> 575 <title>Tool-selection Option</title> 576 577 <para id="tool.opts.para">The single most important option.</para> 578 579 <variablelist id="tool.opts.list"> 580 581 <varlistentry id="tool_name" xreflabel="--tool"> 582 <term> 583 <option><![CDATA[--tool=<toolname> [default: memcheck] ]]></option> 584 </term> 585 <listitem> 586 <para>Run the Valgrind tool called <varname>toolname</varname>, 587 e.g. memcheck, cachegrind, callgrind, helgrind, drd, massif, 588 lackey, none, exp-sgcheck, exp-bbv, exp-dhat, etc.</para> 589 </listitem> 590 </varlistentry> 591 592 </variablelist> 593 594 </sect2> 595 596 597 598 <sect2 id="manual-core.basicopts" xreflabel="Basic Options"> 599 <title>Basic Options</title> 600 601 <!-- start of xi:include in the manpage --> 602 <para id="basic.opts.para">These options work with all tools.</para> 603 604 <variablelist id="basic.opts.list"> 605 606 <varlistentry id="opt.help" xreflabel="--help"> 607 <term><option>-h --help</option></term> 608 <listitem> 609 <para>Show help for all options, both for the core and for the 610 selected tool. If the option is repeated it is equivalent to giving 611 <option>--help-debug</option>.</para> 612 </listitem> 613 </varlistentry> 614 615 <varlistentry id="opt.help-debug" xreflabel="--help-debug"> 616 <term><option>--help-debug</option></term> 617 <listitem> 618 <para>Same as <option>--help</option>, but also lists debugging 619 options which usually are only of use to Valgrind's 620 developers.</para> 621 </listitem> 622 </varlistentry> 623 624 <varlistentry id="opt.version" xreflabel="--version"> 625 <term><option>--version</option></term> 626 <listitem> 627 <para>Show the version number of the Valgrind core. Tools can have 628 their own version numbers. There is a scheme in place to ensure 629 that tools only execute when the core version is one they are 630 known to work with. This was done to minimise the chances of 631 strange problems arising from tool-vs-core version 632 incompatibilities.</para> 633 </listitem> 634 </varlistentry> 635 636 <varlistentry id="opt.quiet" xreflabel="--quiet"> 637 <term><option>-q</option>, <option>--quiet</option></term> 638 <listitem> 639 <para>Run silently, and only print error messages. Useful if you 640 are running regression tests or have some other automated test 641 machinery.</para> 642 </listitem> 643 </varlistentry> 644 645 <varlistentry id="opt.verbose" xreflabel="--verbose"> 646 <term><option>-v</option>, <option>--verbose</option></term> 647 <listitem> 648 <para>Be more verbose. Gives extra information on various aspects 649 of your program, such as: the shared objects loaded, the 650 suppressions used, the progress of the instrumentation and 651 execution engines, and warnings about unusual behaviour. Repeating 652 the option increases the verbosity level.</para> 653 </listitem> 654 </varlistentry> 655 656 <varlistentry id="opt.trace-children" xreflabel="--trace-children"> 657 <term> 658 <option><![CDATA[--trace-children=<yes|no> [default: no] ]]></option> 659 </term> 660 <listitem> 661 <para>When enabled, Valgrind will trace into sub-processes 662 initiated via the <varname>exec</varname> system call. This is 663 necessary for multi-process programs. 664 </para> 665 <para>Note that Valgrind does trace into the child of a 666 <varname>fork</varname> (it would be difficult not to, since 667 <varname>fork</varname> makes an identical copy of a process), so this 668 option is arguably badly named. However, most children of 669 <varname>fork</varname> calls immediately call <varname>exec</varname> 670 anyway. 671 </para> 672 </listitem> 673 </varlistentry> 674 675 <varlistentry id="opt.trace-children-skip" xreflabel="--trace-children-skip"> 676 <term> 677 <option><![CDATA[--trace-children-skip=patt1,patt2,... ]]></option> 678 </term> 679 <listitem> 680 <para>This option only has an effect when 681 <option>--trace-children=yes</option> is specified. It allows 682 for some children to be skipped. The option takes a comma 683 separated list of patterns for the names of child executables 684 that Valgrind should not trace into. Patterns may include the 685 metacharacters <computeroutput>?</computeroutput> 686 and <computeroutput>*</computeroutput>, which have the usual 687 meaning.</para> 688 <para> 689 This can be useful for pruning uninteresting branches from a 690 tree of processes being run on Valgrind. But you should be 691 careful when using it. When Valgrind skips tracing into an 692 executable, it doesn't just skip tracing that executable, it 693 also skips tracing any of that executable's child processes. 694 In other words, the flag doesn't merely cause tracing to stop 695 at the specified executables -- it skips tracing of entire 696 process subtrees rooted at any of the specified 697 executables.</para> 698 </listitem> 699 </varlistentry> 700 701 <varlistentry id="opt.trace-children-skip-by-arg" 702 xreflabel="--trace-children-skip-by-arg"> 703 <term> 704 <option><![CDATA[--trace-children-skip-by-arg=patt1,patt2,... ]]></option> 705 </term> 706 <listitem> 707 <para>This is the same as 708 <option>--trace-children-skip</option>, with one difference: 709 the decision as to whether to trace into a child process is 710 made by examining the arguments to the child process, rather 711 than the name of its executable.</para> 712 </listitem> 713 </varlistentry> 714 715 <varlistentry id="opt.child-silent-after-fork" 716 xreflabel="--child-silent-after-fork"> 717 <term> 718 <option><![CDATA[--child-silent-after-fork=<yes|no> [default: no] ]]></option> 719 </term> 720 <listitem> 721 <para>When enabled, Valgrind will not show any debugging or 722 logging output for the child process resulting from 723 a <varname>fork</varname> call. This can make the output less 724 confusing (although more misleading) when dealing with processes 725 that create children. It is particularly useful in conjunction 726 with <varname>--trace-children=</varname>. Use of this option is also 727 strongly recommended if you are requesting XML output 728 (<varname>--xml=yes</varname>), since otherwise the XML from child and 729 parent may become mixed up, which usually makes it useless. 730 </para> 731 </listitem> 732 </varlistentry> 733 734 <varlistentry id="opt.vgdb" xreflabel="--vgdb"> 735 <term> 736 <option><![CDATA[--vgdb=<no|yes|full> [default: yes] ]]></option> 737 </term> 738 <listitem> 739 740 <para>Valgrind will provide "gdbserver" functionality when 741 <option>--vgdb=yes</option> or <option>--vgdb=full</option> is 742 specified. This allows an external GNU GDB debugger to control 743 and debug your program when it runs on Valgrind. 744 <option>--vgdb=full</option> incurs significant performance 745 overheads, but provides more precise breakpoints and 746 watchpoints. See <xref linkend="manual-core-adv.gdbserver"/> for 747 a detailed description. 748 </para> 749 750 <para> If the embedded gdbserver is enabled but no gdb is 751 currently being used, the <xref linkend="manual-core-adv.vgdb"/> 752 command line utility can send "monitor commands" to Valgrind 753 from a shell. The Valgrind core provides a set of 754 <xref linkend="manual-core-adv.valgrind-monitor-commands"/>. A tool 755 can optionally provide tool specific monitor commands, which are 756 documented in the tool specific chapter. 757 </para> 758 759 </listitem> 760 </varlistentry> 761 762 <varlistentry id="opt.vgdb-error" xreflabel="--vgdb-error"> 763 <term> 764 <option><![CDATA[--vgdb-error=<number> [default: 999999999] ]]></option> 765 </term> 766 <listitem> 767 <para> Use this option when the Valgrind gdbserver is enabled with 768 <option>--vgdb=yes</option> or <option>--vgdb=full</option>. 769 Tools that report errors will wait 770 for "<computeroutput>number</computeroutput>" errors to be 771 reported before freezing the program and waiting for you to 772 connect with GDB. It follows that a value of zero will cause 773 the gdbserver to be started before your program is executed. 774 This is typically used to insert GDB breakpoints before 775 execution, and also works with tools that do not report 776 errors, such as Massif. 777 </para> 778 </listitem> 779 </varlistentry> 780 781 <varlistentry id="opt.vgdb-stop-at" xreflabel="--vgdb-stop-at"> 782 <term> 783 <option><![CDATA[--vgdb-stop-at=<set> [default: none] ]]></option> 784 </term> 785 <listitem> 786 <para> Use this option when the Valgrind gdbserver is enabled with 787 <option>--vgdb=yes</option> or <option>--vgdb=full</option>. 788 The Valgrind gdbserver will be invoked for each error after 789 <option>--vgdb-error</option> have been reported. 790 You can additionally ask the Valgrind gdbserver to be invoked 791 for other events, specified in one of the following ways: </para> 792 <itemizedlist> 793 <listitem><para>a comma separated list of one or more of 794 <option>startup exit valgrindabexit</option>.</para> 795 796 <para>The values <option>startup</option> <option>exit</option> 797 <option>valgrindabexit</option> respectively indicate to 798 invoke gdbserver before your program is executed, after the 799 last instruction of your program, on Valgrind abnormal exit 800 (e.g. internal error, out of memory, ...).</para> 801 802 <para>Note: <option>startup</option> and 803 <option>--vgdb-error=0</option> will both cause Valgrind 804 gdbserver to be invoked before your program is executed. The 805 <option>--vgdb-error=0</option> will in addition cause your 806 program to stop on all subsequent errors.</para> 807 808 </listitem> 809 810 <listitem><para><option>all</option> to specify the complete set. 811 It is equivalent to 812 <option>--vgdb-stop-at=startup,exit,valgrindabexit</option>.</para> 813 </listitem> 814 815 <listitem><para><option>none</option> for the empty set.</para> 816 </listitem> 817 </itemizedlist> 818 </listitem> 819 </varlistentry> 820 821 <varlistentry id="opt.track-fds" xreflabel="--track-fds"> 822 <term> 823 <option><![CDATA[--track-fds=<yes|no> [default: no] ]]></option> 824 </term> 825 <listitem> 826 <para>When enabled, Valgrind will print out a list of open file 827 descriptors on exit or on request, via the gdbserver monitor 828 command <varname>v.info open_fds</varname>. Along with each 829 file descriptor is printed a stack backtrace of where the file 830 was opened and any details relating to the file descriptor such 831 as the file name or socket details.</para> 832 </listitem> 833 </varlistentry> 834 835 <varlistentry id="opt.time-stamp" xreflabel="--time-stamp"> 836 <term> 837 <option><![CDATA[--time-stamp=<yes|no> [default: no] ]]></option> 838 </term> 839 <listitem> 840 <para>When enabled, each message is preceded with an indication of 841 the elapsed wallclock time since startup, expressed as days, 842 hours, minutes, seconds and milliseconds.</para> 843 </listitem> 844 </varlistentry> 845 846 <varlistentry id="opt.log-fd" xreflabel="--log-fd"> 847 <term> 848 <option><![CDATA[--log-fd=<number> [default: 2, stderr] ]]></option> 849 </term> 850 <listitem> 851 <para>Specifies that Valgrind should send all of its messages to 852 the specified file descriptor. The default, 2, is the standard 853 error channel (stderr). Note that this may interfere with the 854 client's own use of stderr, as Valgrind's output will be 855 interleaved with any output that the client sends to 856 stderr.</para> 857 </listitem> 858 </varlistentry> 859 860 <varlistentry id="opt.log-file" xreflabel="--log-file"> 861 <term> 862 <option><![CDATA[--log-file=<filename> ]]></option> 863 </term> 864 <listitem> 865 <para>Specifies that Valgrind should send all of its messages to 866 the specified file. If the file name is empty, it causes an abort. 867 There are three special format specifiers that can be used in the file 868 name.</para> 869 870 <para><option>%p</option> is replaced with the current process ID. 871 This is very useful for program that invoke multiple processes. 872 WARNING: If you use <option>--trace-children=yes</option> and your 873 program invokes multiple processes OR your program forks without 874 calling exec afterwards, and you don't use this specifier 875 (or the <option>%q</option> specifier below), the Valgrind output from 876 all those processes will go into one file, possibly jumbled up, and 877 possibly incomplete.</para> 878 879 <para><option>%q{FOO}</option> is replaced with the contents of the 880 environment variable <varname>FOO</varname>. If the 881 <option>{FOO}</option> part is malformed, it causes an abort. This 882 specifier is rarely needed, but very useful in certain circumstances 883 (eg. when running MPI programs). The idea is that you specify a 884 variable which will be set differently for each process in the job, 885 for example <computeroutput>BPROC_RANK</computeroutput> or whatever is 886 applicable in your MPI setup. If the named environment variable is not 887 set, it causes an abort. Note that in some shells, the 888 <option>{</option> and <option>}</option> characters may need to be 889 escaped with a backslash.</para> 890 891 <para><option>%%</option> is replaced with <option>%</option>.</para> 892 893 <para>If an <option>%</option> is followed by any other character, it 894 causes an abort.</para> 895 896 <para>If the file name specifies a relative file name, it is put 897 in the program's initial working directory : this is the current 898 directory when the program started its execution after the fork 899 or after the exec. If it specifies an absolute file name (ie. 900 starts with '/') then it is put there. 901 </para> 902 </listitem> 903 </varlistentry> 904 905 <varlistentry id="opt.log-socket" xreflabel="--log-socket"> 906 <term> 907 <option><![CDATA[--log-socket=<ip-address:port-number> ]]></option> 908 </term> 909 <listitem> 910 <para>Specifies that Valgrind should send all of its messages to 911 the specified port at the specified IP address. The port may be 912 omitted, in which case port 1500 is used. If a connection cannot 913 be made to the specified socket, Valgrind falls back to writing 914 output to the standard error (stderr). This option is intended to 915 be used in conjunction with the 916 <computeroutput>valgrind-listener</computeroutput> program. For 917 further details, see 918 <link linkend="&vg-comment-id;">the commentary</link> 919 in the manual.</para> 920 </listitem> 921 </varlistentry> 922 923 </variablelist> 924 <!-- end of xi:include in the manpage --> 925 926 </sect2> 927 928 929 <sect2 id="manual-core.erropts" xreflabel="Error-related Options"> 930 <title>Error-related Options</title> 931 932 <!-- start of xi:include in the manpage --> 933 <para id="error-related.opts.para">These options are used by all tools 934 that can report errors, e.g. Memcheck, but not Cachegrind.</para> 935 936 <variablelist id="error-related.opts.list"> 937 938 <varlistentry id="opt.xml" xreflabel="--xml"> 939 <term> 940 <option><![CDATA[--xml=<yes|no> [default: no] ]]></option> 941 </term> 942 <listitem> 943 <para>When enabled, the important parts of the output (e.g. tool error 944 messages) will be in XML format rather than plain text. Furthermore, 945 the XML output will be sent to a different output channel than the 946 plain text output. Therefore, you also must use one of 947 <option>--xml-fd</option>, <option>--xml-file</option> or 948 <option>--xml-socket</option> to specify where the XML is to be sent. 949 </para> 950 951 <para>Less important messages will still be printed in plain text, but 952 because the XML output and plain text output are sent to different 953 output channels (the destination of the plain text output is still 954 controlled by <option>--log-fd</option>, <option>--log-file</option> 955 and <option>--log-socket</option>) this should not cause problems. 956 </para> 957 958 <para>This option is aimed at making life easier for tools that consume 959 Valgrind's output as input, such as GUI front ends. Currently this 960 option works with Memcheck, Helgrind, DRD and SGcheck. The output 961 format is specified in the file 962 <computeroutput>docs/internals/xml-output-protocol4.txt</computeroutput> 963 in the source tree for Valgrind 3.5.0 or later.</para> 964 965 <para>The recommended options for a GUI to pass, when requesting 966 XML output, are: <option>--xml=yes</option> to enable XML output, 967 <option>--xml-file</option> to send the XML output to a (presumably 968 GUI-selected) file, <option>--log-file</option> to send the plain 969 text output to a second GUI-selected file, 970 <option>--child-silent-after-fork=yes</option>, and 971 <option>-q</option> to restrict the plain text output to critical 972 error messages created by Valgrind itself. For example, failure to 973 read a specified suppressions file counts as a critical error message. 974 In this way, for a successful run the text output file will be empty. 975 But if it isn't empty, then it will contain important information 976 which the GUI user should be made aware 977 of.</para> 978 </listitem> 979 </varlistentry> 980 981 <varlistentry id="opt.xml-fd" xreflabel="--xml-fd"> 982 <term> 983 <option><![CDATA[--xml-fd=<number> [default: -1, disabled] ]]></option> 984 </term> 985 <listitem> 986 <para>Specifies that Valgrind should send its XML output to the 987 specified file descriptor. It must be used in conjunction with 988 <option>--xml=yes</option>.</para> 989 </listitem> 990 </varlistentry> 991 992 <varlistentry id="opt.xml-file" xreflabel="--xml-file"> 993 <term> 994 <option><![CDATA[--xml-file=<filename> ]]></option> 995 </term> 996 <listitem> 997 <para>Specifies that Valgrind should send its XML output 998 to the specified file. It must be used in conjunction with 999 <option>--xml=yes</option>. Any <option>%p</option> or 1000 <option>%q</option> sequences appearing in the filename are expanded 1001 in exactly the same way as they are for <option>--log-file</option>. 1002 See the description of <option>--log-file</option> for details. 1003 </para> 1004 </listitem> 1005 </varlistentry> 1006 1007 <varlistentry id="opt.xml-socket" xreflabel="--xml-socket"> 1008 <term> 1009 <option><![CDATA[--xml-socket=<ip-address:port-number> ]]></option> 1010 </term> 1011 <listitem> 1012 <para>Specifies that Valgrind should send its XML output the 1013 specified port at the specified IP address. It must be used in 1014 conjunction with <option>--xml=yes</option>. The form of the argument 1015 is the same as that used by <option>--log-socket</option>. 1016 See the description of <option>--log-socket</option> 1017 for further details.</para> 1018 </listitem> 1019 </varlistentry> 1020 1021 <varlistentry id="opt.xml-user-comment" xreflabel="--xml-user-comment"> 1022 <term> 1023 <option><![CDATA[--xml-user-comment=<string> ]]></option> 1024 </term> 1025 <listitem> 1026 <para>Embeds an extra user comment string at the start of the XML 1027 output. Only works when <option>--xml=yes</option> is specified; 1028 ignored otherwise.</para> 1029 </listitem> 1030 </varlistentry> 1031 1032 <varlistentry id="opt.demangle" xreflabel="--demangle"> 1033 <term> 1034 <option><![CDATA[--demangle=<yes|no> [default: yes] ]]></option> 1035 </term> 1036 <listitem> 1037 <para>Enable/disable automatic demangling (decoding) of C++ names. 1038 Enabled by default. When enabled, Valgrind will attempt to 1039 translate encoded C++ names back to something approaching the 1040 original. The demangler handles symbols mangled by g++ versions 1041 2.X, 3.X and 4.X.</para> 1042 1043 <para>An important fact about demangling is that function names 1044 mentioned in suppressions files should be in their mangled form. 1045 Valgrind does not demangle function names when searching for 1046 applicable suppressions, because to do otherwise would make 1047 suppression file contents dependent on the state of Valgrind's 1048 demangling machinery, and also slow down suppression matching.</para> 1049 </listitem> 1050 </varlistentry> 1051 1052 <varlistentry id="opt.num-callers" xreflabel="--num-callers"> 1053 <term> 1054 <option><![CDATA[--num-callers=<number> [default: 12] ]]></option> 1055 </term> 1056 <listitem> 1057 <para>Specifies the maximum number of entries shown in stack traces 1058 that identify program locations. Note that errors are commoned up 1059 using only the top four function locations (the place in the current 1060 function, and that of its three immediate callers). So this doesn't 1061 affect the total number of errors reported.</para> 1062 1063 <para>The maximum value for this is 500. Note that higher settings 1064 will make Valgrind run a bit more slowly and take a bit more 1065 memory, but can be useful when working with programs with 1066 deeply-nested call chains.</para> 1067 </listitem> 1068 </varlistentry> 1069 1070 <varlistentry id="opt.unw-stack-scan-thresh" 1071 xreflabel="--unw-stack-scan-thresh"> 1072 <term> 1073 <option><![CDATA[--unw-stack-scan-thresh=<number> [default: 0] ]]></option> 1074 </term> 1075 <term> 1076 <option><![CDATA[--unw-stack-scan-frames=<number> [default: 5] ]]></option> 1077 </term> 1078 <listitem> 1079 <para>Stack-scanning support is available only on ARM 1080 targets.</para> 1081 1082 <para>These flags enable and control stack unwinding by stack 1083 scanning. When the normal stack unwinding mechanisms -- usage 1084 of Dwarf CFI records, and frame-pointer following -- fail, stack 1085 scanning may be able to recover a stack trace.</para> 1086 1087 <para>Note that stack scanning is an imprecise, heuristic 1088 mechanism that may give very misleading results, or none at all. 1089 It should be used only in emergencies, when normal unwinding 1090 fails, and it is important to nevertheless have stack 1091 traces.</para> 1092 1093 <para>Stack scanning is a simple technique: the unwinder reads 1094 words from the stack, and tries to guess which of them might be 1095 return addresses, by checking to see if they point just after 1096 ARM or Thumb call instructions. If so, the word is added to the 1097 backtrace.</para> 1098 1099 <para>The main danger occurs when a function call returns, 1100 leaving its return address exposed, and a new function is 1101 called, but the new function does not overwrite the old address. 1102 The result of this is that the backtrace may contain entries for 1103 functions which have already returned, and so be very 1104 confusing.</para> 1105 1106 <para>A second limitation of this implementation is that it will 1107 scan only the page (4KB, normally) containing the starting stack 1108 pointer. If the stack frames are large, this may result in only 1109 a few (or not even any) being present in the trace. Also, if 1110 you are unlucky and have an initial stack pointer near the end 1111 of its containing page, the scan may miss all interesting 1112 frames.</para> 1113 1114 <para>By default stack scanning is disabled. The normal use 1115 case is to ask for it when a stack trace would otherwise be very 1116 short. So, to enable it, 1117 use <computeroutput>--unw-stack-scan-thresh=number</computeroutput>. 1118 This requests Valgrind to try using stack scanning to "extend" 1119 stack traces which contain fewer 1120 than <computeroutput>number</computeroutput> frames.</para> 1121 1122 <para>If stack scanning does take place, it will only generate 1123 at most the number of frames specified 1124 by <computeroutput>--unw-stack-scan-frames</computeroutput>. 1125 Typically, stack scanning generates so many garbage entries that 1126 this value is set to a low value (5) by default. In no case 1127 will a stack trace larger than the value specified 1128 by <computeroutput>--num-callers</computeroutput> be 1129 created.</para> 1130 </listitem> 1131 </varlistentry> 1132 1133 <varlistentry id="opt.error-limit" xreflabel="--error-limit"> 1134 <term> 1135 <option><![CDATA[--error-limit=<yes|no> [default: yes] ]]></option> 1136 </term> 1137 <listitem> 1138 <para>When enabled, Valgrind stops reporting errors after 10,000,000 1139 in total, or 1,000 different ones, have been seen. This is to 1140 stop the error tracking machinery from becoming a huge performance 1141 overhead in programs with many errors.</para> 1142 </listitem> 1143 </varlistentry> 1144 1145 <varlistentry id="opt.error-exitcode" xreflabel="--error-exitcode"> 1146 <term> 1147 <option><![CDATA[--error-exitcode=<number> [default: 0] ]]></option> 1148 </term> 1149 <listitem> 1150 <para>Specifies an alternative exit code to return if Valgrind 1151 reported any errors in the run. When set to the default value 1152 (zero), the return value from Valgrind will always be the return 1153 value of the process being simulated. When set to a nonzero value, 1154 that value is returned instead, if Valgrind detects any errors. 1155 This is useful for using Valgrind as part of an automated test 1156 suite, since it makes it easy to detect test cases for which 1157 Valgrind has reported errors, just by inspecting return codes.</para> 1158 </listitem> 1159 </varlistentry> 1160 1161 <varlistentry id="opt.sigill-diagnostics" xreflabel="--sigill-diagnostics"> 1162 <term> 1163 <option><![CDATA[--sigill-diagnostics=<yes|no> [default: yes] ]]></option> 1164 </term> 1165 <listitem> 1166 <para>Enable/disable printing of illegal instruction diagnostics. 1167 Enabled by default, but defaults to disabled when 1168 <option>--quiet</option> is given. The default can always be explicitly 1169 overridden by giving this option.</para> 1170 1171 <para>When enabled, a warning message will be printed, along with some 1172 diagnostics, whenever an instruction is encountered that Valgrind 1173 cannot decode or translate, before the program is given a SIGILL signal. 1174 Often an illegal instruction indicates a bug in the program or missing 1175 support for the particular instruction in Valgrind. But some programs 1176 do deliberately try to execute an instruction that might be missing 1177 and trap the SIGILL signal to detect processor features. Using 1178 this flag makes it possible to avoid the diagnostic output 1179 that you would otherwise get in such cases.</para> 1180 </listitem> 1181 </varlistentry> 1182 1183 <varlistentry id="opt.show-below-main" xreflabel="--show-below-main"> 1184 <term> 1185 <option><![CDATA[--show-below-main=<yes|no> [default: no] ]]></option> 1186 </term> 1187 <listitem> 1188 <para>By default, stack traces for errors do not show any 1189 functions that appear beneath <function>main</function> because 1190 most of the time it's uninteresting C library stuff and/or 1191 gobbledygook. Alternatively, if <function>main</function> is not 1192 present in the stack trace, stack traces will not show any functions 1193 below <function>main</function>-like functions such as glibc's 1194 <function>__libc_start_main</function>. Furthermore, if 1195 <function>main</function>-like functions are present in the trace, 1196 they are normalised as <function>(below main)</function>, in order to 1197 make the output more deterministic.</para> 1198 1199 <para>If this option is enabled, all stack trace entries will be 1200 shown and <function>main</function>-like functions will not be 1201 normalised.</para> 1202 </listitem> 1203 </varlistentry> 1204 1205 <varlistentry id="opt.fullpath-after" xreflabel="--fullpath-after"> 1206 <term> 1207 <option><![CDATA[--fullpath-after=<string> 1208 [default: don't show source paths] ]]></option> 1209 </term> 1210 <listitem> 1211 <para>By default Valgrind only shows the filenames in stack 1212 traces, but not full paths to source files. When using Valgrind 1213 in large projects where the sources reside in multiple different 1214 directories, this can be inconvenient. 1215 <option>--fullpath-after</option> provides a flexible solution 1216 to this problem. When this option is present, the path to each 1217 source file is shown, with the following all-important caveat: 1218 if <option>string</option> is found in the path, then the path 1219 up to and including <option>string</option> is omitted, else the 1220 path is shown unmodified. Note that <option>string</option> is 1221 not required to be a prefix of the path.</para> 1222 1223 <para>For example, consider a file named 1224 <computeroutput>/home/janedoe/blah/src/foo/bar/xyzzy.c</computeroutput>. 1225 Specifying <option>--fullpath-after=/home/janedoe/blah/src/</option> 1226 will cause Valgrind to show the name 1227 as <computeroutput>foo/bar/xyzzy.c</computeroutput>.</para> 1228 1229 <para>Because the string is not required to be a prefix, 1230 <option>--fullpath-after=src/</option> will produce the same 1231 output. This is useful when the path contains arbitrary 1232 machine-generated characters. For example, the 1233 path 1234 <computeroutput>/my/build/dir/C32A1B47/blah/src/foo/xyzzy</computeroutput> 1235 can be pruned to <computeroutput>foo/xyzzy</computeroutput> 1236 using 1237 <option>--fullpath-after=/blah/src/</option>.</para> 1238 1239 <para>If you simply want to see the full path, just specify an 1240 empty string: <option>--fullpath-after=</option>. This isn't a 1241 special case, merely a logical consequence of the above rules.</para> 1242 1243 <para>Finally, you can use <option>--fullpath-after</option> 1244 multiple times. Any appearance of it causes Valgrind to switch 1245 to producing full paths and applying the above filtering rule. 1246 Each produced path is compared against all 1247 the <option>--fullpath-after</option>-specified strings, in the 1248 order specified. The first string to match causes the path to 1249 be truncated as described above. If none match, the full path 1250 is shown. This facilitates chopping off prefixes when the 1251 sources are drawn from a number of unrelated directories. 1252 </para> 1253 </listitem> 1254 </varlistentry> 1255 1256 <varlistentry id="opt.extra-debuginfo-path" xreflabel="--extra-debuginfo-path"> 1257 <term> 1258 <option><![CDATA[--extra-debuginfo-path=<path> [default: undefined and unused] ]]></option> 1259 </term> 1260 <listitem> 1261 <para>By default Valgrind searches in several well-known paths 1262 for debug objects, such 1263 as <computeroutput>/usr/lib/debug/</computeroutput>.</para> 1264 1265 <para>However, there may be scenarios where you may wish to put 1266 debug objects at an arbitrary location, such as external storage 1267 when running Valgrind on a mobile device with limited local 1268 storage. Another example might be a situation where you do not 1269 have permission to install debug object packages on the system 1270 where you are running Valgrind.</para> 1271 1272 <para>In these scenarios, you may provide an absolute path as an extra, 1273 final place for Valgrind to search for debug objects by specifying 1274 <option>--extra-debuginfo-path=/path/to/debug/objects</option>. 1275 The given path will be prepended to the absolute path name of 1276 the searched-for object. For example, if Valgrind is looking 1277 for the debuginfo 1278 for <computeroutput>/w/x/y/zz.so</computeroutput> 1279 and <option>--extra-debuginfo-path=/a/b/c</option> is specified, 1280 it will look for a debug object at 1281 <computeroutput>/a/b/c/w/x/y/zz.so</computeroutput>.</para> 1282 1283 <para>This flag should only be specified once. If it is 1284 specified multiple times, only the last instance is 1285 honoured.</para> 1286 </listitem> 1287 </varlistentry> 1288 1289 <varlistentry id="opt.debuginfo-server" xreflabel="--debuginfo-server"> 1290 <term> 1291 <option><![CDATA[--debuginfo-server=ipaddr:port [default: undefined and unused]]]></option> 1292 </term> 1293 <listitem> 1294 <para>This is a new, experimental, feature introduced in version 1295 3.9.0.</para> 1296 1297 <para>In some scenarios it may be convenient to read debuginfo 1298 from objects stored on a different machine. With this flag, 1299 Valgrind will query a debuginfo server running 1300 on <computeroutput>ipaddr</computeroutput> and listening on 1301 port <computeroutput>port</computeroutput>, if it cannot find 1302 the debuginfo object in the local filesystem.</para> 1303 1304 <para>The debuginfo server must accept TCP connections on 1305 port <computeroutput>port</computeroutput>. The debuginfo 1306 server is contained in the source 1307 file <computeroutput>auxprogs/valgrind-di-server.c</computeroutput>. 1308 It will only serve from the directory it is started 1309 in. <computeroutput>port</computeroutput> defaults to 1500 in 1310 both client and server if not specified.</para> 1311 1312 <para>If Valgrind looks for the debuginfo for 1313 <computeroutput>/w/x/y/zz.so</computeroutput> by using the 1314 debuginfo server, it will strip the pathname components and 1315 merely request <computeroutput>zz.so</computeroutput> on the 1316 server. That in turn will look only in its current working 1317 directory for a matching debuginfo object.</para> 1318 1319 <para>The debuginfo data is transmitted in small fragments (8 1320 KB) as requested by Valgrind. Each block is compressed using 1321 LZO to reduce transmission time. The implementation has been 1322 tuned for best performance over a single-stage 802.11g (WiFi) 1323 network link.</para> 1324 1325 <para>Note that checks for matching primary vs debug objects, 1326 using GNU debuglink CRC scheme, are performed even when using 1327 the debuginfo server. To disable such checking, you need to 1328 also specify 1329 <computeroutput>--allow-mismatched-debuginfo=yes</computeroutput>. 1330 </para> 1331 1332 <para>By default the Valgrind build system will 1333 build <computeroutput>valgrind-di-server</computeroutput> for 1334 the target platform, which is almost certainly not what you 1335 want. So far we have been unable to find out how to get 1336 automake/autoconf to build it for the build platform. If 1337 you want to use it, you will have to recompile it by hand using 1338 the command shown at the top 1339 of <computeroutput>auxprogs/valgrind-di-server.c</computeroutput>.</para> 1340 </listitem> 1341 </varlistentry> 1342 1343 <varlistentry id="opt.allow-mismatched-debuginfo" 1344 xreflabel="--allow-mismatched-debuginfo"> 1345 <term> 1346 <option><![CDATA[--allow-mismatched-debuginfo=no|yes [no] ]]></option> 1347 </term> 1348 <listitem> 1349 <para>When reading debuginfo from separate debuginfo objects, 1350 Valgrind will by default check that the main and debuginfo 1351 objects match, using the GNU debuglink mechanism. This 1352 guarantees that it does not read debuginfo from out of date 1353 debuginfo objects, and also ensures that Valgrind can't crash as 1354 a result of mismatches.</para> 1355 1356 <para>This check can be overridden using 1357 <computeroutput>--allow-mismatched-debuginfo=yes</computeroutput>. 1358 This may be useful when the debuginfo and main objects have not 1359 been split in the proper way. Be careful when using this, 1360 though: it disables all consistency checking, and Valgrind has 1361 been observed to crash when the main and debuginfo objects don't 1362 match.</para> 1363 </listitem> 1364 </varlistentry> 1365 1366 <varlistentry id="opt.suppressions" xreflabel="--suppressions"> 1367 <term> 1368 <option><![CDATA[--suppressions=<filename> [default: $PREFIX/lib/valgrind/default.supp] ]]></option> 1369 </term> 1370 <listitem> 1371 <para>Specifies an extra file from which to read descriptions of 1372 errors to suppress. You may use up to 100 extra suppression 1373 files.</para> 1374 </listitem> 1375 </varlistentry> 1376 1377 <varlistentry id="opt.gen-suppressions" xreflabel="--gen-suppressions"> 1378 <term> 1379 <option><![CDATA[--gen-suppressions=<yes|no|all> [default: no] ]]></option> 1380 </term> 1381 <listitem> 1382 <para>When set to <varname>yes</varname>, Valgrind will pause 1383 after every error shown and print the line: 1384 <literallayout><computeroutput> ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ----</computeroutput></literallayout> 1385 1386 The prompt's behaviour is the same as for the 1387 <option>--db-attach</option> option (see below).</para> 1388 1389 <para>If you choose to, Valgrind will print out a suppression for 1390 this error. You can then cut and paste it into a suppression file 1391 if you don't want to hear about the error in the future.</para> 1392 1393 <para>When set to <varname>all</varname>, Valgrind will print a 1394 suppression for every reported error, without querying the 1395 user.</para> 1396 1397 <para>This option is particularly useful with C++ programs, as it 1398 prints out the suppressions with mangled names, as 1399 required.</para> 1400 1401 <para>Note that the suppressions printed are as specific as 1402 possible. You may want to common up similar ones, by adding 1403 wildcards to function names, and by using frame-level wildcards. 1404 The wildcarding facilities are powerful yet flexible, and with a 1405 bit of careful editing, you may be able to suppress a whole 1406 family of related errors with only a few suppressions. 1407 <!-- commented out because it causes broken links in the man page 1408 For details on how to do this, see 1409 <xref linkend="manual-core.suppress"/>. 1410 --> 1411 </para> 1412 1413 <para>Sometimes two different errors 1414 are suppressed by the same suppression, in which case Valgrind 1415 will output the suppression more than once, but you only need to 1416 have one copy in your suppression file (but having more than one 1417 won't cause problems). Also, the suppression name is given as 1418 <computeroutput><insert a suppression name 1419 here></computeroutput>; the name doesn't really matter, it's 1420 only used with the <option>-v</option> option which prints out all 1421 used suppression records.</para> 1422 </listitem> 1423 </varlistentry> 1424 1425 <varlistentry id="opt.db-attach" xreflabel="--db-attach"> 1426 <term> 1427 <option><![CDATA[--db-attach=<yes|no> [default: no] ]]></option> 1428 </term> 1429 <listitem> 1430 <para>When enabled, Valgrind will pause after every error shown 1431 and print the line: 1432 <literallayout><computeroutput> ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ----</computeroutput></literallayout> 1433 1434 Pressing <varname>Ret</varname>, or <varname>N Ret</varname> or 1435 <varname>n Ret</varname>, causes Valgrind not to start a debugger 1436 for this error.</para> 1437 1438 <para>Pressing <varname>Y Ret</varname> or 1439 <varname>y Ret</varname> causes Valgrind to start a debugger for 1440 the program at this point. When you have finished with the 1441 debugger, quit from it, and the program will continue. Trying to 1442 continue from inside the debugger doesn't work.</para> 1443 1444 <para> 1445 Note: if you use GDB, more powerful debugging support is 1446 provided by the <option>--vgdb=</option> <varname>yes</varname> 1447 or <varname>full</varname> value. This activates Valgrind's 1448 internal gdbserver, which provides more-or-less full GDB-style 1449 control of the application: insertion of breakpoints, continuing 1450 from inside GDB, inferior function calls, and much more. 1451 </para> 1452 1453 <para><varname>C Ret</varname> or <varname>c Ret</varname> causes 1454 Valgrind not to start a debugger, and not to ask again.</para> 1455 </listitem> 1456 </varlistentry> 1457 1458 <varlistentry id="opt.db-command" xreflabel="--db-command"> 1459 <term> 1460 <option><![CDATA[--db-command=<command> [default: gdb -nw %f %p] ]]></option> 1461 </term> 1462 <listitem> 1463 <para>Specify the debugger to use with the 1464 <option>--db-attach</option> command. The default debugger is 1465 GDB. This option is a template that is expanded by Valgrind at 1466 runtime. <literal>%f</literal> is replaced with the executable's 1467 file name and <literal>%p</literal> is replaced by the process ID 1468 of the executable.</para> 1469 1470 <para>This specifies how Valgrind will invoke the debugger. By 1471 default it will use whatever GDB is detected at build time, which 1472 is usually <computeroutput>/usr/bin/gdb</computeroutput>. Using 1473 this command, you can specify some alternative command to invoke 1474 the debugger you want to use.</para> 1475 1476 <para>The command string given can include one or instances of the 1477 <literal>%p</literal> and <literal>%f</literal> expansions. Each 1478 instance of <literal>%p</literal> expands to the PID of the 1479 process to be debugged and each instance of <literal>%f</literal> 1480 expands to the path to the executable for the process to be 1481 debugged.</para> 1482 1483 <para>Since <computeroutput><command></computeroutput> is likely 1484 to contain spaces, you will need to put this entire option in 1485 quotes to ensure it is correctly handled by the shell.</para> 1486 </listitem> 1487 </varlistentry> 1488 1489 <varlistentry id="opt.input-fd" xreflabel="--input-fd"> 1490 <term> 1491 <option><![CDATA[--input-fd=<number> [default: 0, stdin] ]]></option> 1492 </term> 1493 <listitem> 1494 <para>When using <option>--db-attach=yes</option> or 1495 <option>--gen-suppressions=yes</option>, Valgrind will stop so as 1496 to read keyboard input from you when each error occurs. By 1497 default it reads from the standard input (stdin), which is 1498 problematic for programs which close stdin. This option allows 1499 you to specify an alternative file descriptor from which to read 1500 input.</para> 1501 </listitem> 1502 </varlistentry> 1503 1504 <varlistentry id="opt.dsymutil" xreflabel="--dsymutil"> 1505 <term> 1506 <option><![CDATA[--dsymutil=no|yes [no] ]]></option> 1507 </term> 1508 <listitem> 1509 <para>This option is only relevant when running Valgrind on 1510 Mac OS X.</para> 1511 1512 <para>Mac OS X uses a deferred debug information (debuginfo) 1513 linking scheme. When object files containing debuginfo are 1514 linked into a <computeroutput>.dylib</computeroutput> or an 1515 executable, the debuginfo is not copied into the final file. 1516 Instead, the debuginfo must be linked manually by 1517 running <computeroutput>dsymutil</computeroutput>, a 1518 system-provided utility, on the executable 1519 or <computeroutput>.dylib</computeroutput>. The resulting 1520 combined debuginfo is placed in a directory alongside the 1521 executable or <computeroutput>.dylib</computeroutput>, but with 1522 the extension <computeroutput>.dSYM</computeroutput>.</para> 1523 1524 <para>With <option>--dsymutil=no</option>, Valgrind 1525 will detect cases where the 1526 <computeroutput>.dSYM</computeroutput> directory is either 1527 missing, or is present but does not appear to match the 1528 associated executable or <computeroutput>.dylib</computeroutput>, 1529 most likely because it is out of date. In these cases, Valgrind 1530 will print a warning message but take no further action.</para> 1531 1532 <para>With <option>--dsymutil=yes</option>, Valgrind 1533 will, in such cases, automatically 1534 run <computeroutput>dsymutil</computeroutput> as necessary to 1535 bring the debuginfo up to date. For all practical purposes, if 1536 you always use <option>--dsymutil=yes</option>, then 1537 there is never any need to 1538 run <computeroutput>dsymutil</computeroutput> manually or as part 1539 of your applications's build system, since Valgrind will run it 1540 as necessary.</para> 1541 1542 <para>Valgrind will not attempt to 1543 run <computeroutput>dsymutil</computeroutput> on any 1544 executable or library in 1545 <computeroutput>/usr/</computeroutput>, 1546 <computeroutput>/bin/</computeroutput>, 1547 <computeroutput>/sbin/</computeroutput>, 1548 <computeroutput>/opt/</computeroutput>, 1549 <computeroutput>/sw/</computeroutput>, 1550 <computeroutput>/System/</computeroutput>, 1551 <computeroutput>/Library/</computeroutput> or 1552 <computeroutput>/Applications/</computeroutput> 1553 since <computeroutput>dsymutil</computeroutput> will always fail 1554 in such situations. It fails both because the debuginfo for 1555 such pre-installed system components is not available anywhere, 1556 and also because it would require write privileges in those 1557 directories.</para> 1558 1559 <para>Be careful when 1560 using <option>--dsymutil=yes</option>, since it will 1561 cause pre-existing <computeroutput>.dSYM</computeroutput> 1562 directories to be silently deleted and re-created. Also note that 1563 <computeroutput>dsymutil</computeroutput> is quite slow, sometimes 1564 excessively so.</para> 1565 </listitem> 1566 </varlistentry> 1567 1568 <varlistentry id="opt.max-stackframe" xreflabel="--max-stackframe"> 1569 <term> 1570 <option><![CDATA[--max-stackframe=<number> [default: 2000000] ]]></option> 1571 </term> 1572 <listitem> 1573 <para>The maximum size of a stack frame. If the stack pointer moves by 1574 more than this amount then Valgrind will assume that 1575 the program is switching to a different stack.</para> 1576 1577 <para>You may need to use this option if your program has large 1578 stack-allocated arrays. Valgrind keeps track of your program's 1579 stack pointer. If it changes by more than the threshold amount, 1580 Valgrind assumes your program is switching to a different stack, 1581 and Memcheck behaves differently than it would for a stack pointer 1582 change smaller than the threshold. Usually this heuristic works 1583 well. However, if your program allocates large structures on the 1584 stack, this heuristic will be fooled, and Memcheck will 1585 subsequently report large numbers of invalid stack accesses. This 1586 option allows you to change the threshold to a different 1587 value.</para> 1588 1589 <para>You should only consider use of this option if Valgrind's 1590 debug output directs you to do so. In that case it will tell you 1591 the new threshold you should specify.</para> 1592 1593 <para>In general, allocating large structures on the stack is a 1594 bad idea, because you can easily run out of stack space, 1595 especially on systems with limited memory or which expect to 1596 support large numbers of threads each with a small stack, and also 1597 because the error checking performed by Memcheck is more effective 1598 for heap-allocated data than for stack-allocated data. If you 1599 have to use this option, you may wish to consider rewriting your 1600 code to allocate on the heap rather than on the stack.</para> 1601 </listitem> 1602 </varlistentry> 1603 1604 <varlistentry id="opt.main-stacksize" xreflabel="--main-stacksize"> 1605 <term> 1606 <option><![CDATA[--main-stacksize=<number> 1607 [default: use current 'ulimit' value] ]]></option> 1608 </term> 1609 <listitem> 1610 <para>Specifies the size of the main thread's stack.</para> 1611 1612 <para>To simplify its memory management, Valgrind reserves all 1613 required space for the main thread's stack at startup. That 1614 means it needs to know the required stack size at 1615 startup.</para> 1616 1617 <para>By default, Valgrind uses the current "ulimit" value for 1618 the stack size, or 16 MB, whichever is lower. In many cases 1619 this gives a stack size in the range 8 to 16 MB, which almost 1620 never overflows for most applications.</para> 1621 1622 <para>If you need a larger total stack size, 1623 use <option>--main-stacksize</option> to specify it. Only set 1624 it as high as you need, since reserving far more space than you 1625 need (that is, hundreds of megabytes more than you need) 1626 constrains Valgrind's memory allocators and may reduce the total 1627 amount of memory that Valgrind can use. This is only really of 1628 significance on 32-bit machines.</para> 1629 1630 <para>On Linux, you may request a stack of size up to 2GB. 1631 Valgrind will stop with a diagnostic message if the stack cannot 1632 be allocated.</para> 1633 1634 <para><option>--main-stacksize</option> only affects the stack 1635 size for the program's initial thread. It has no bearing on the 1636 size of thread stacks, as Valgrind does not allocate 1637 those.</para> 1638 1639 <para>You may need to use both <option>--main-stacksize</option> 1640 and <option>--max-stackframe</option> together. It is important 1641 to understand that <option>--main-stacksize</option> sets the 1642 maximum total stack size, 1643 whilst <option>--max-stackframe</option> specifies the largest 1644 size of any one stack frame. You will have to work out 1645 the <option>--main-stacksize</option> value for yourself 1646 (usually, if your applications segfaults). But Valgrind will 1647 tell you the needed <option>--max-stackframe</option> size, if 1648 necessary.</para> 1649 1650 <para>As discussed further in the description 1651 of <option>--max-stackframe</option>, a requirement for a large 1652 stack is a sign of potential portability problems. You are best 1653 advised to place all large data in heap-allocated memory.</para> 1654 </listitem> 1655 </varlistentry> 1656 1657 </variablelist> 1658 <!-- end of xi:include in the manpage --> 1659 1660 </sect2> 1661 1662 1663 <sect2 id="manual-core.mallocopts" xreflabel="malloc-related Options"> 1664 <title>malloc-related Options</title> 1665 1666 <!-- start of xi:include in the manpage --> 1667 <para id="malloc-related.opts.para">For tools that use their own version of 1668 <computeroutput>malloc</computeroutput> (e.g. Memcheck, 1669 Massif, Helgrind, DRD), the following options apply.</para> 1670 1671 <variablelist id="malloc-related.opts.list"> 1672 1673 <varlistentry id="opt.alignment" xreflabel="--alignment"> 1674 <term> 1675 <option><![CDATA[--alignment=<number> [default: 8 or 16, depending on the platform] ]]></option> 1676 </term> 1677 <listitem> 1678 <para>By default Valgrind's <function>malloc</function>, 1679 <function>realloc</function>, etc, return a block whose starting 1680 address is 8-byte aligned or 16-byte aligned (the value depends on the 1681 platform and matches the platform default). This option allows you to 1682 specify a different alignment. The supplied value must be greater 1683 than or equal to the default, less than or equal to 4096, and must be 1684 a power of two.</para> 1685 </listitem> 1686 </varlistentry> 1687 1688 <varlistentry id="opt.redzone-size" xreflabel="--redzone-size"> 1689 <term> 1690 <option><![CDATA[--redzone-size=<number> [default: depends on the tool] ]]></option> 1691 </term> 1692 <listitem> 1693 <para> Valgrind's <function>malloc, realloc,</function> etc, add 1694 padding blocks before and after each heap block allocated by the 1695 program being run. Such padding blocks are called redzones. The 1696 default value for the redzone size depends on the tool. For 1697 example, Memcheck adds and protects a minimum of 16 bytes before 1698 and after each block allocated by the client. This allows it to 1699 detect block underruns or overruns of up to 16 bytes. 1700 </para> 1701 <para>Increasing the redzone size makes it possible to detect 1702 overruns of larger distances, but increases the amount of memory 1703 used by Valgrind. Decreasing the redzone size will reduce the 1704 memory needed by Valgrind but also reduces the chances of 1705 detecting over/underruns, so is not recommended.</para> 1706 </listitem> 1707 </varlistentry> 1708 1709 </variablelist> 1710 <!-- end of xi:include in the manpage --> 1711 1712 </sect2> 1713 1714 1715 <sect2 id="manual-core.rareopts" xreflabel="Uncommon Options"> 1716 <title>Uncommon Options</title> 1717 1718 <!-- start of xi:include in the manpage --> 1719 <para id="uncommon.opts.para">These options apply to all tools, as they 1720 affect certain obscure workings of the Valgrind core. Most people won't 1721 need to use them.</para> 1722 1723 <variablelist id="uncommon.opts.list"> 1724 1725 <varlistentry id="opt.smc-check" xreflabel="--smc-check"> 1726 <term> 1727 <option><![CDATA[--smc-check=<none|stack|all|all-non-file> [default: stack] ]]></option> 1728 </term> 1729 <listitem> 1730 <para>This option controls Valgrind's detection of self-modifying 1731 code. If no checking is done, if a program executes some code, then 1732 overwrites it with new code, and executes the new code, Valgrind will 1733 continue to execute the translations it made for the old code. This 1734 will likely lead to incorrect behaviour and/or crashes.</para> 1735 1736 <para>Valgrind has four levels of self-modifying code detection: 1737 no detection, detect self-modifying code on the stack (which is used by 1738 GCC to implement nested functions), detect self-modifying code 1739 everywhere, and detect self-modifying code everywhere except in 1740 file-backed mappings. 1741 1742 Note that the default option will catch the vast majority 1743 of cases. The main case it will not catch is programs such as JIT 1744 compilers that dynamically generate code <emphasis>and</emphasis> 1745 subsequently overwrite part or all of it. Running with 1746 <varname>all</varname> will slow Valgrind down noticeably. 1747 Running with 1748 <varname>none</varname> will rarely speed things up, since very little 1749 code gets put on the stack for most programs. The 1750 <function>VALGRIND_DISCARD_TRANSLATIONS</function> client 1751 request is an alternative to <option>--smc-check=all</option> 1752 that requires more programmer effort but allows Valgrind to run 1753 your program faster, by telling it precisely when translations 1754 need to be re-made. 1755 <!-- commented out because it causes broken links in the man page 1756 ; see <xref 1757 linkend="manual-core-adv.clientreq"/> for more details. 1758 --> 1759 </para> 1760 1761 <para><option>--smc-check=all-non-file</option> provides a 1762 cheaper but more limited version 1763 of <option>--smc-check=all</option>. It adds checks to any 1764 translations that do not originate from file-backed memory 1765 mappings. Typical applications that generate code, for example 1766 JITs in web browsers, generate code into anonymous mmaped areas, 1767 whereas the "fixed" code of the browser always lives in 1768 file-backed mappings. <option>--smc-check=all-non-file</option> 1769 takes advantage of this observation, limiting the overhead of 1770 checking to code which is likely to be JIT generated.</para> 1771 1772 <para>Some architectures (including ppc32, ppc64, ARM and MIPS) 1773 require programs which create code at runtime to flush the 1774 instruction cache in between code generation and first use. 1775 Valgrind observes and honours such instructions. Hence, on 1776 ppc32/Linux, ppc64/Linux and ARM/Linux, Valgrind always provides 1777 complete, transparent support for self-modifying code. It is 1778 only on platforms such as x86/Linux, AMD64/Linux, x86/Darwin and 1779 AMD64/Darwin that you need to use this option.</para> 1780 </listitem> 1781 </varlistentry> 1782 1783 <varlistentry id="opt.read-var-info" xreflabel="--read-var-info"> 1784 <term> 1785 <option><![CDATA[--read-var-info=<yes|no> [default: no] ]]></option> 1786 </term> 1787 <listitem> 1788 <para>When enabled, Valgrind will read information about 1789 variable types and locations from DWARF3 debug info. 1790 This slows Valgrind down and makes it use more memory, but for 1791 the tools that can take advantage of it (Memcheck, Helgrind, 1792 DRD) it can result in more precise error messages. For example, 1793 here are some standard errors issued by Memcheck:</para> 1794 <programlisting><![CDATA[ 1795 ==15516== Uninitialised byte(s) found during client check request 1796 ==15516== at 0x400633: croak (varinfo1.c:28) 1797 ==15516== by 0x4006B2: main (varinfo1.c:55) 1798 ==15516== Address 0x60103b is 7 bytes inside data symbol "global_i2" 1799 ==15516== 1800 ==15516== Uninitialised byte(s) found during client check request 1801 ==15516== at 0x400633: croak (varinfo1.c:28) 1802 ==15516== by 0x4006BC: main (varinfo1.c:56) 1803 ==15516== Address 0x7fefffefc is on thread 1's stack]]></programlisting> 1804 1805 <para>And here are the same errors with 1806 <option>--read-var-info=yes</option>:</para> 1807 1808 <programlisting><![CDATA[ 1809 ==15522== Uninitialised byte(s) found during client check request 1810 ==15522== at 0x400633: croak (varinfo1.c:28) 1811 ==15522== by 0x4006B2: main (varinfo1.c:55) 1812 ==15522== Location 0x60103b is 0 bytes inside global_i2[7], 1813 ==15522== a global variable declared at varinfo1.c:41 1814 ==15522== 1815 ==15522== Uninitialised byte(s) found during client check request 1816 ==15522== at 0x400633: croak (varinfo1.c:28) 1817 ==15522== by 0x4006BC: main (varinfo1.c:56) 1818 ==15522== Location 0x7fefffefc is 0 bytes inside local var "local" 1819 ==15522== declared at varinfo1.c:46, in frame #1 of thread 1]]></programlisting> 1820 </listitem> 1821 </varlistentry> 1822 1823 <varlistentry id="opt.vgdb-poll" xreflabel="--vgdb-poll"> 1824 <term> 1825 <option><![CDATA[--vgdb-poll=<number> [default: 5000] ]]></option> 1826 </term> 1827 <listitem> 1828 <para> As part of its main loop, the Valgrind scheduler will 1829 poll to check if some activity (such as an external command or 1830 some input from a gdb) has to be handled by gdbserver. This 1831 activity poll will be done after having run the given number of 1832 basic blocks (or slightly more than the given number of basic 1833 blocks). This poll is quite cheap so the default value is set 1834 relatively low. You might further decrease this value if vgdb 1835 cannot use ptrace system call to interrupt Valgrind if all 1836 threads are (most of the time) blocked in a system call. 1837 </para> 1838 </listitem> 1839 </varlistentry> 1840 1841 <varlistentry id="opt.vgdb-shadow-registers" xreflabel="--vgdb-shadow-registers"> 1842 <term> 1843 <option><![CDATA[--vgdb-shadow-registers=no|yes [default: no] ]]></option> 1844 </term> 1845 <listitem> 1846 <para> When activated, gdbserver will expose the Valgrind shadow registers 1847 to GDB. With this, the value of the Valgrind shadow registers can be examined 1848 or changed using GDB. Exposing shadow registers only works with GDB version 1849 7.1 or later. 1850 </para> 1851 </listitem> 1852 </varlistentry> 1853 1854 <varlistentry id="opt.vgdb-prefix" xreflabel="--vgdb-prefix"> 1855 <term> 1856 <option><![CDATA[--vgdb-prefix=<prefix> [default: /tmp/vgdb-pipe] ]]></option> 1857 </term> 1858 <listitem> 1859 <para> To communicate with gdb/vgdb, the Valgrind gdbserver 1860 creates 3 files (2 named FIFOs and a mmap shared memory 1861 file). The prefix option controls the directory and prefix for 1862 the creation of these files. 1863 </para> 1864 </listitem> 1865 </varlistentry> 1866 1867 <varlistentry id="opt.run-libc-freeres" xreflabel="--run-libc-freeres"> 1868 <term> 1869 <option><![CDATA[--run-libc-freeres=<yes|no> [default: yes] ]]></option> 1870 </term> 1871 <listitem> 1872 <para>This option is only relevant when running Valgrind on Linux.</para> 1873 1874 <para>The GNU C library (<function>libc.so</function>), which is 1875 used by all programs, may allocate memory for its own uses. 1876 Usually it doesn't bother to free that memory when the program 1877 ends—there would be no point, since the Linux kernel reclaims 1878 all process resources when a process exits anyway, so it would 1879 just slow things down.</para> 1880 1881 <para>The glibc authors realised that this behaviour causes leak 1882 checkers, such as Valgrind, to falsely report leaks in glibc, when 1883 a leak check is done at exit. In order to avoid this, they 1884 provided a routine called <function>__libc_freeres</function> 1885 specifically to make glibc release all memory it has allocated. 1886 Memcheck therefore tries to run 1887 <function>__libc_freeres</function> at exit.</para> 1888 1889 <para>Unfortunately, in some very old versions of glibc, 1890 <function>__libc_freeres</function> is sufficiently buggy to cause 1891 segmentation faults. This was particularly noticeable on Red Hat 1892 7.1. So this option is provided in order to inhibit the run of 1893 <function>__libc_freeres</function>. If your program seems to run 1894 fine on Valgrind, but segfaults at exit, you may find that 1895 <option>--run-libc-freeres=no</option> fixes that, although at the 1896 cost of possibly falsely reporting space leaks in 1897 <filename>libc.so</filename>.</para> 1898 </listitem> 1899 </varlistentry> 1900 1901 <varlistentry id="opt.sim-hints" xreflabel="--sim-hints"> 1902 <term> 1903 <option><![CDATA[--sim-hints=hint1,hint2,... ]]></option> 1904 </term> 1905 <listitem> 1906 <para>Pass miscellaneous hints to Valgrind which slightly modify 1907 the simulated behaviour in nonstandard or dangerous ways, possibly 1908 to help the simulation of strange features. By default no hints 1909 are enabled. Use with caution! Currently known hints are:</para> 1910 <itemizedlist> 1911 <listitem> 1912 <para><option>lax-ioctls: </option> Be very lax about ioctl 1913 handling; the only assumption is that the size is 1914 correct. Doesn't require the full buffer to be initialized 1915 when writing. Without this, using some device drivers with a 1916 large number of strange ioctl commands becomes very 1917 tiresome.</para> 1918 </listitem> 1919 <listitem> 1920 <para><option>enable-outer: </option> Enable some special 1921 magic needed when the program being run is itself 1922 Valgrind.</para> 1923 </listitem> 1924 <listitem> 1925 <para><option>no-inner-prefix: </option> Disable printing 1926 a prefix <option>></option> in front of each stdout or 1927 stderr output line in an inner Valgrind being run by an 1928 outer Valgrind. This is useful when running Valgrind 1929 regression tests in an outer/inner setup. Note that the 1930 prefix <option>></option> will always be printed in 1931 front of the inner debug logging lines.</para> 1932 </listitem> 1933 <listitem> 1934 <para><option>fuse-compatible: </option> Enable special 1935 handling for certain system calls that may block in a FUSE 1936 file-system. This may be necessary when running Valgrind 1937 on a multi-threaded program that uses one thread to manage 1938 a FUSE file-system and another thread to access that 1939 file-system. 1940 </para> 1941 </listitem> 1942 </itemizedlist> 1943 </listitem> 1944 </varlistentry> 1945 1946 <varlistentry id="opt.fair-sched" xreflabel="--fair-sched"> 1947 <term> 1948 <option><![CDATA[--fair-sched=<no|yes|try> [default: no] ]]></option> 1949 </term> 1950 1951 <listitem> <para>The <option>--fair-sched</option> option controls 1952 the locking mechanism used by Valgrind to serialise thread 1953 execution. The locking mechanism controls the way the threads 1954 are scheduled, and different settings give different trade-offs 1955 between fairness and performance. For more details about the 1956 Valgrind thread serialisation scheme and its impact on 1957 performance and thread scheduling, see 1958 <xref linkend="&vg-pthreads-perf-sched-id;"/>.</para> 1959 1960 <itemizedlist> 1961 <listitem> <para>The value <option>--fair-sched=yes</option> 1962 activates a fair scheduler. In short, if multiple threads are 1963 ready to run, the threads will be scheduled in a round robin 1964 fashion. This mechanism is not available on all platforms or 1965 Linux versions. If not available, 1966 using <option>--fair-sched=yes</option> will cause Valgrind to 1967 terminate with an error.</para> 1968 <para>You may find this setting improves overall 1969 responsiveness if you are running an interactive 1970 multithreaded program, for example a web browser, on 1971 Valgrind.</para> 1972 </listitem> 1973 1974 <listitem> <para>The value <option>--fair-sched=try</option> 1975 activates fair scheduling if available on the 1976 platform. Otherwise, it will automatically fall back 1977 to <option>--fair-sched=no</option>.</para> 1978 </listitem> 1979 1980 <listitem> <para>The value <option>--fair-sched=no</option> activates 1981 a scheduler which does not guarantee fairness 1982 between threads ready to run, but which in general gives the 1983 highest performance.</para> 1984 </listitem> 1985 </itemizedlist> 1986 </listitem> 1987 1988 </varlistentry> 1989 1990 <varlistentry id="opt.kernel-variant" xreflabel="--kernel-variant"> 1991 <term> 1992 <option>--kernel-variant=variant1,variant2,...</option> 1993 </term> 1994 <listitem> 1995 <para>Handle system calls and ioctls arising from minor variants 1996 of the default kernel for this platform. This is useful for 1997 running on hacked kernels or with kernel modules which support 1998 nonstandard ioctls, for example. Use with caution. If you don't 1999 understand what this option does then you almost certainly don't 2000 need it. Currently known variants are:</para> 2001 <itemizedlist> 2002 <listitem> 2003 <para><option>bproc: </option> Support the 2004 <function>sys_broc</function> system call on x86. This is for 2005 running on BProc, which is a minor variant of standard Linux which 2006 is sometimes used for building clusters.</para> 2007 </listitem> 2008 </itemizedlist> 2009 </listitem> 2010 </varlistentry> 2011 2012 <varlistentry id="opt.merge-recursive-frames" xreflabel="--merge-recursive-frames"> 2013 <term> 2014 <option><![CDATA[--merge-recursive-frames=<number> [default: 0] ]]></option> 2015 </term> 2016 <listitem> 2017 <para>Some recursive algorithms, for example balanced binary 2018 tree implementations, create many different stack traces, each 2019 containing cycles of calls. A cycle is defined as two identical 2020 program counter values separated by zero or more other program 2021 counter values. Valgrind may then use a lot of memory to store 2022 all these stack traces. This is a poor use of memory 2023 considering that such stack traces contain repeated 2024 uninteresting recursive calls instead of more interesting 2025 information such as the function that has initiated the 2026 recursive call. 2027 </para> 2028 <para>The option <option>--merge-recursive-frames=<number></option> 2029 instructs Valgrind to detect and merge recursive call cycles 2030 having a size of up to <option><number></option> 2031 frames. When such a cycle is detected, Valgrind records the 2032 cycle in the stack trace as a unique program counter. 2033 </para> 2034 <para> 2035 The value 0 (the default) causes no recursive call merging. 2036 A value of 1 will cause stack traces of simple recursive algorithms 2037 (for example, a factorial implementation) to be collapsed. 2038 A value of 2 will usually be needed to collapse stack traces produced 2039 by recursive algorithms such as binary trees, quick sort, etc. 2040 Higher values might be needed for more complex recursive algorithms. 2041 </para> 2042 <para>Note: recursive calls are detected by analysis of program 2043 counter values. They are not detected by looking at function 2044 names.</para> 2045 </listitem> 2046 </varlistentry> 2047 2048 <varlistentry id="opt.num-transtab-sectors" xreflabel="--num-transtab-sectors"> 2049 <term> 2050 <option><![CDATA[--num-transtab-sectors=<number> [default: 6 2051 for Android platforms, 16 for all others] ]]></option> 2052 </term> 2053 <listitem> 2054 <para>Valgrind translates and instruments your program's machine 2055 code in small fragments. The translations are stored in a 2056 translation cache that is divided into a number of sections 2057 (sectors). If the cache is full, the sector containing the 2058 oldest translations is emptied and reused. If these old 2059 translations are needed again, Valgrind must re-translate and 2060 re-instrument the corresponding machine code, which is 2061 expensive. If the "executed instructions" working set of a 2062 program is big, increasing the number of sectors may improve 2063 performance by reducing the number of re-translations needed. 2064 Sectors are allocated on demand. Once allocated, a sector can 2065 never be freed, and occupies considerable space, depending on the tool 2066 (about 40 MB per sector for Memcheck). Use the 2067 option <option>--stats=yes</option> to obtain precise 2068 information about the memory used by a sector and the allocation 2069 and recycling of sectors.</para> 2070 </listitem> 2071 </varlistentry> 2072 2073 <varlistentry id="opt.aspace-minaddr" xreflabel="----aspace-minaddr"> 2074 <term> 2075 <option><![CDATA[--aspace-minaddr=<address> [default: depends 2076 on the platform] ]]></option> 2077 </term> 2078 <listitem> 2079 <para>To avoid potential conflicts with some system libraries, 2080 Valgrind does not use the address space 2081 below <option>--aspace-minaddr</option> value, keeping it 2082 reserved in case a library specifically requests memory in this 2083 region. So, some "pessimistic" value is guessed by Valgrind 2084 depending on the platform. On linux, by default, Valgrind avoids 2085 using the first 64MB even if typically there is no conflict in 2086 this complete zone. You can use the 2087 option <option>--aspace-minaddr</option> to have your memory 2088 hungry application benefitting from more of this lower memory. 2089 On the other hand, if you encounter a conflict, increasing 2090 aspace-minaddr value might solve it. Conflicts will typically 2091 manifest themselves with mmap failures in the low range of the 2092 address space. The 2093 provided <computeroutput>address</computeroutput> must be page 2094 aligned and must be equal or bigger to 0x1000 (4KB). To find the 2095 default value on your platform, do something such as 2096 <computeroutput>valgrind -d -d date 2>&1 | grep -i minaddr</computeroutput>. Values lower than 0x10000 (64KB) are known to create problems 2097 on some distributions. 2098 </para> 2099 </listitem> 2100 </varlistentry> 2101 2102 <varlistentry id="opt.show-emwarns" xreflabel="--show-emwarns"> 2103 <term> 2104 <option><![CDATA[--show-emwarns=<yes|no> [default: no] ]]></option> 2105 </term> 2106 <listitem> 2107 <para>When enabled, Valgrind will emit warnings about its CPU 2108 emulation in certain cases. These are usually not 2109 interesting.</para> 2110 </listitem> 2111 </varlistentry> 2112 2113 <varlistentry id="opt.require-text-symbol" 2114 xreflabel="--require-text-symbol"> 2115 <term> 2116 <option><![CDATA[--require-text-symbol=:sonamepatt:fnnamepatt]]></option> 2117 </term> 2118 <listitem> 2119 <para>When a shared object whose soname 2120 matches <varname>sonamepatt</varname> is loaded into the 2121 process, examine all the text symbols it exports. If none of 2122 those match <varname>fnnamepatt</varname>, print an error 2123 message and abandon the run. This makes it possible to ensure 2124 that the run does not continue unless a given shared object 2125 contains a particular function name. 2126 </para> 2127 <para> 2128 Both <varname>sonamepatt</varname> and 2129 <varname>fnnamepatt</varname> can be written using the usual 2130 <varname>?</varname> and <varname>*</varname> wildcards. For 2131 example: <varname>":*libc.so*:foo?bar"</varname>. You may use 2132 characters other than a colon to separate the two patterns. It 2133 is only important that the first character and the separator 2134 character are the same. For example, the above example could 2135 also be written <varname>"Q*libc.so*Qfoo?bar"</varname>. 2136 Multiple <varname> --require-text-symbol</varname> flags are 2137 allowed, in which case shared objects that are loaded into 2138 the process will be checked against all of them. 2139 </para> 2140 <para> 2141 The purpose of this is to support reliable usage of marked-up 2142 libraries. For example, suppose we have a version of GCC's 2143 <varname>libgomp.so</varname> which has been marked up with 2144 annotations to support Helgrind. It is only too easy and 2145 confusing to load the wrong, un-annotated 2146 <varname>libgomp.so</varname> into the application. So the idea 2147 is: add a text symbol in the marked-up library, for 2148 example <varname>annotated_for_helgrind_3_6</varname>, and then 2149 give the flag 2150 <varname>--require-text-symbol=:*libgomp*so*:annotated_for_helgrind_3_6</varname> 2151 so that when <varname>libgomp.so</varname> is loaded, Valgrind 2152 scans its symbol table, and if the symbol isn't present the run 2153 is aborted, rather than continuing silently with the 2154 un-marked-up library. Note that you should put the entire flag 2155 in quotes to stop shells expanding up the <varname>*</varname> 2156 and <varname>?</varname> wildcards. 2157 </para> 2158 </listitem> 2159 </varlistentry> 2160 2161 <varlistentry id="opt.soname-synonyms" 2162 xreflabel="--soname-synonyms"> 2163 <term> 2164 <option><![CDATA[--soname-synonyms=syn1=pattern1,syn2=pattern2,...]]></option> 2165 </term> 2166 <listitem> 2167 <para>When a shared library is loaded, Valgrind checks for 2168 functions in the library that must be replaced or wrapped. 2169 For example, Memcheck replaces all malloc related 2170 functions (malloc, free, calloc, ...) with its own versions. 2171 Such replacements are done by default only in shared libraries whose 2172 soname matches a predefined soname pattern (e.g. 2173 <varname>libc.so*</varname> on linux). 2174 By default, no replacement is done for a statically linked 2175 library or for alternative libraries such as tcmalloc. 2176 In some cases, the replacements allow 2177 <option>--soname-synonyms</option> to specify one additional 2178 synonym pattern, giving flexibility in the replacement. </para> 2179 2180 <para>Currently, this flexibility is only allowed for the 2181 malloc related functions, using the 2182 synonym <varname>somalloc</varname>. This synonym is usable for 2183 all tools doing standard replacement of malloc related functions 2184 (e.g. memcheck, massif, drd, helgrind, exp-dhat, exp-sgcheck). 2185 </para> 2186 2187 <itemizedlist> 2188 <listitem> 2189 2190 <para>Alternate malloc library: to replace the malloc 2191 related functions in an alternate library with 2192 soname <varname>mymalloclib.so</varname>, give the 2193 option <option>--soname-synonyms=somalloc=mymalloclib.so</option>. 2194 A pattern can be used to match multiple libraries sonames. 2195 For 2196 example, <option>--soname-synonyms=somalloc=*tcmalloc*</option> 2197 will match the soname of all variants of the tcmalloc library 2198 (native, debug, profiled, ... tcmalloc variants). </para> 2199 <para>Note: the soname of a elf shared library can be 2200 retrieved using the readelf utility. </para> 2201 2202 </listitem> 2203 2204 <listitem> 2205 <para>Replacements in a statically linked library are done by 2206 using the <varname>NONE</varname> pattern. For example, if 2207 you link with <varname>libtcmalloc.a</varname>, memcheck 2208 will properly work when you give the 2209 option <option>--soname-synonyms=somalloc=NONE</option>. Note 2210 that a NONE pattern will match the main executable and any 2211 shared library having no soname. </para> 2212 </listitem> 2213 2214 <listitem> 2215 <para>To run a "default" Firefox build for Linux, in which 2216 JEMalloc is linked in to the main executable, 2217 use <option>--soname-synonyms=somalloc=NONE</option>. 2218 </para> 2219 </listitem> 2220 2221 </itemizedlist> 2222 </listitem> 2223 </varlistentry> 2224 2225 2226 </variablelist> 2227 <!-- end of xi:include in the manpage --> 2228 2229 </sect2> 2230 2231 2232 <sect2 id="manual-core.debugopts" xreflabel="Debugging Options"> 2233 <title>Debugging Options</title> 2234 2235 <!-- start of xi:include in the manpage --> 2236 <para id="debug.opts.para">There are also some options for debugging 2237 Valgrind itself. You shouldn't need to use them in the normal run of 2238 things. If you wish to see the list, use the 2239 <option>--help-debug</option> option.</para> 2240 2241 <para>If you wish to debug your program rather than debugging 2242 Valgrind itself, then you should use the options 2243 <option>--vgdb=yes</option> or <option>--vgdb=full</option> 2244 or <option>--db-attach=yes</option>. 2245 </para> 2246 2247 <!-- end of xi:include in the manpage --> 2248 2249 </sect2> 2250 2251 2252 <sect2 id="manual-core.defopts" xreflabel="Setting Default Options"> 2253 <title>Setting Default Options</title> 2254 2255 <para>Note that Valgrind also reads options from three places:</para> 2256 2257 <orderedlist> 2258 <listitem> 2259 <para>The file <computeroutput>~/.valgrindrc</computeroutput></para> 2260 </listitem> 2261 2262 <listitem> 2263 <para>The environment variable 2264 <computeroutput>$VALGRIND_OPTS</computeroutput></para> 2265 </listitem> 2266 2267 <listitem> 2268 <para>The file <computeroutput>./.valgrindrc</computeroutput></para> 2269 </listitem> 2270 </orderedlist> 2271 2272 <para>These are processed in the given order, before the 2273 command-line options. Options processed later override those 2274 processed earlier; for example, options in 2275 <computeroutput>./.valgrindrc</computeroutput> will take 2276 precedence over those in 2277 <computeroutput>~/.valgrindrc</computeroutput>. 2278 </para> 2279 2280 <para>Please note that the <computeroutput>./.valgrindrc</computeroutput> 2281 file is ignored if it is marked as world writeable or not owned 2282 by the current user. This is because the 2283 <computeroutput>./.valgrindrc</computeroutput> can contain options that are 2284 potentially harmful or can be used by a local attacker to execute code under 2285 your user account. 2286 </para> 2287 2288 <para>Any tool-specific options put in 2289 <computeroutput>$VALGRIND_OPTS</computeroutput> or the 2290 <computeroutput>.valgrindrc</computeroutput> files should be 2291 prefixed with the tool name and a colon. For example, if you 2292 want Memcheck to always do leak checking, you can put the 2293 following entry in <literal>~/.valgrindrc</literal>:</para> 2294 2295 <programlisting><![CDATA[ 2296 --memcheck:leak-check=yes]]></programlisting> 2297 2298 <para>This will be ignored if any tool other than Memcheck is 2299 run. Without the <computeroutput>memcheck:</computeroutput> 2300 part, this will cause problems if you select other tools that 2301 don't understand 2302 <option>--leak-check=yes</option>.</para> 2303 2304 </sect2> 2305 2306 </sect1> 2307 2308 2309 2310 <sect1 id="manual-core.pthreads" xreflabel="Support for Threads"> 2311 <title>Support for Threads</title> 2312 2313 <para>Threaded programs are fully supported.</para> 2314 2315 <para>The main thing to point out with respect to threaded programs is 2316 that your program will use the native threading library, but Valgrind 2317 serialises execution so that only one (kernel) thread is running at a 2318 time. This approach avoids the horrible implementation problems of 2319 implementing a truly multithreaded version of Valgrind, but it does 2320 mean that threaded apps never use more than one CPU simultaneously, 2321 even if you have a multiprocessor or multicore machine.</para> 2322 2323 <para>Valgrind doesn't schedule the threads itself. It merely ensures 2324 that only one thread runs at once, using a simple locking scheme. The 2325 actual thread scheduling remains under control of the OS kernel. What 2326 this does mean, though, is that your program will see very different 2327 scheduling when run on Valgrind than it does when running normally. 2328 This is both because Valgrind is serialising the threads, and because 2329 the code runs so much slower than normal.</para> 2330 2331 <para>This difference in scheduling may cause your program to behave 2332 differently, if you have some kind of concurrency, critical race, 2333 locking, or similar, bugs. In that case you might consider using the 2334 tools Helgrind and/or DRD to track them down.</para> 2335 2336 <para>On Linux, Valgrind also supports direct use of the 2337 <computeroutput>clone</computeroutput> system call, 2338 <computeroutput>futex</computeroutput> and so on. 2339 <computeroutput>clone</computeroutput> is supported where either 2340 everything is shared (a thread) or nothing is shared (fork-like); partial 2341 sharing will fail. 2342 </para> 2343 2344 <!-- Referenced from both the manual and manpage --> 2345 <sect2 id="&vg-pthreads-perf-sched-id;" xreflabel="&vg-pthreads-perf-sched-label;"> 2346 <title>Scheduling and Multi-Thread Performance</title> 2347 2348 <para>A thread executes code only when it holds the abovementioned 2349 lock. After executing some number of instructions, the running thread 2350 will release the lock. All threads ready to run will then compete to 2351 acquire the lock.</para> 2352 2353 <para>The <option>--fair-sched</option> option controls the locking mechanism 2354 used to serialise thread execution.</para> 2355 2356 <para>The default pipe based locking mechanism 2357 (<option>--fair-sched=no</option>) is available on all 2358 platforms. Pipe based locking does not guarantee fairness between 2359 threads: it is quite likely that a thread that has just released the 2360 lock reacquires it immediately, even though other threads are ready to 2361 run. When using pipe based locking, different runs of the same 2362 multithreaded application might give very different thread 2363 scheduling.</para> 2364 2365 <para>An alternative locking mechanism, based on futexes, is available 2366 on some platforms. If available, it is activated 2367 by <option>--fair-sched=yes</option> or 2368 <option>--fair-sched=try</option>. Futex based locking ensures 2369 fairness (round-robin scheduling) between threads: if multiple threads 2370 are ready to run, the lock will be given to the thread which first 2371 requested the lock. Note that a thread which is blocked in a system 2372 call (e.g. in a blocking read system call) has not (yet) requested the 2373 lock: such a thread requests the lock only after the system call is 2374 finished.</para> 2375 2376 <para> The fairness of the futex based locking produces better 2377 reproducibility of thread scheduling for different executions of a 2378 multithreaded application. This better reproducibility is particularly 2379 helpful when using Helgrind or DRD.</para> 2380 2381 <para>Valgrind's use of thread serialisation implies that only one 2382 thread at a time may run. On a multiprocessor/multicore system, the 2383 running thread is assigned to one of the CPUs by the OS kernel 2384 scheduler. When a thread acquires the lock, sometimes the thread will 2385 be assigned to the same CPU as the thread that just released the 2386 lock. Sometimes, the thread will be assigned to another CPU. When 2387 using pipe based locking, the thread that just acquired the lock 2388 will usually be scheduled on the same CPU as the thread that just 2389 released the lock. With the futex based mechanism, the thread that 2390 just acquired the lock will more often be scheduled on another 2391 CPU.</para> 2392 2393 <para>Valgrind's thread serialisation and CPU assignment by the OS 2394 kernel scheduler can interact badly with the CPU frequency scaling 2395 available on many modern CPUs. To decrease power consumption, the 2396 frequency of a CPU or core is automatically decreased if the CPU/core 2397 has not been used recently. If the OS kernel often assigns the thread 2398 which just acquired the lock to another CPU/core, it is quite likely 2399 that this CPU/core is currently at a low frequency. The frequency of 2400 this CPU will be increased after some time. However, during this 2401 time, the (only) running thread will have run at the low frequency. 2402 Once this thread has run for some time, it will release the lock. 2403 Another thread will acquire this lock, and might be scheduled again on 2404 another CPU whose clock frequency was decreased in the 2405 meantime.</para> 2406 2407 <para>The futex based locking causes threads to change CPUs/cores more 2408 often. So, if CPU frequency scaling is activated, the futex based 2409 locking might decrease significantly the performance of a 2410 multithreaded app running under Valgrind. Performance losses of up to 2411 50% degradation have been observed, as compared to running on a 2412 machine for which CPU frequency scaling has been disabled. The pipe 2413 based locking locking scheme also interacts badly with CPU frequency 2414 scaling, with performance losses in the range 10..20% having been 2415 observed.</para> 2416 2417 <para>To avoid such performance degradation, you should indicate to 2418 the kernel that all CPUs/cores should always run at maximum clock 2419 speed. Depending on your Linux distribution, CPU frequency scaling 2420 may be controlled using a graphical interface or using command line 2421 such as 2422 <computeroutput>cpufreq-selector</computeroutput> or 2423 <computeroutput>cpufreq-set</computeroutput>. 2424 </para> 2425 2426 <para>An alternative way to avoid these problems is to tell the 2427 OS scheduler to tie a Valgrind process to a specific (fixed) CPU using the 2428 <computeroutput>taskset</computeroutput> command. This should ensure 2429 that the selected CPU does not fall below its maximum frequency 2430 setting so long as any thread of the program has work to do. 2431 </para> 2432 2433 </sect2> 2434 2435 2436 </sect1> 2437 2438 <sect1 id="manual-core.signals" xreflabel="Handling of Signals"> 2439 <title>Handling of Signals</title> 2440 2441 <para>Valgrind has a fairly complete signal implementation. It should be 2442 able to cope with any POSIX-compliant use of signals.</para> 2443 2444 <para>If you're using signals in clever ways (for example, catching 2445 SIGSEGV, modifying page state and restarting the instruction), you're 2446 probably relying on precise exceptions. In this case, you will need 2447 to use <option>--vex-iropt-register-updates=allregs-at-mem-access</option> 2448 or <option>--vex-iropt-register-updates=allregs-at-each-insn</option>. 2449 </para> 2450 2451 <para>If your program dies as a result of a fatal core-dumping signal, 2452 Valgrind will generate its own core file 2453 (<computeroutput>vgcore.NNNNN</computeroutput>) containing your program's 2454 state. You may use this core file for post-mortem debugging with GDB or 2455 similar. (Note: it will not generate a core if your core dump size limit is 2456 0.) At the time of writing the core dumps do not include all the floating 2457 point register information.</para> 2458 2459 <para>In the unlikely event that Valgrind itself crashes, the operating system 2460 will create a core dump in the usual way.</para> 2461 2462 </sect1> 2463 2464 2465 2466 2467 2468 2469 2470 2471 <sect1 id="manual-core.install" xreflabel="Building and Installing"> 2472 <title>Building and Installing Valgrind</title> 2473 2474 <para>We use the standard Unix 2475 <computeroutput>./configure</computeroutput>, 2476 <computeroutput>make</computeroutput>, <computeroutput>make 2477 install</computeroutput> mechanism. Once you have completed 2478 <computeroutput>make install</computeroutput> you may then want 2479 to run the regression tests 2480 with <computeroutput>make regtest</computeroutput>. 2481 </para> 2482 2483 <para>In addition to the usual 2484 <option>--prefix=/path/to/install/tree</option>, there are three 2485 options which affect how Valgrind is built: 2486 <itemizedlist> 2487 2488 <listitem> 2489 <para><option>--enable-inner</option></para> 2490 <para>This builds Valgrind with some special magic hacks which make 2491 it possible to run it on a standard build of Valgrind (what the 2492 developers call "self-hosting"). Ordinarily you should not use 2493 this option as various kinds of safety checks are disabled. 2494 </para> 2495 </listitem> 2496 2497 <listitem> 2498 <para><option>--enable-only64bit</option></para> 2499 <para><option>--enable-only32bit</option></para> 2500 <para>On 64-bit platforms (amd64-linux, ppc64-linux, 2501 amd64-darwin), Valgrind is by default built in such a way that 2502 both 32-bit and 64-bit executables can be run. Sometimes this 2503 cleverness is a problem for a variety of reasons. These two 2504 options allow for single-target builds in this situation. If you 2505 issue both, the configure script will complain. Note they are 2506 ignored on 32-bit-only platforms (x86-linux, ppc32-linux, 2507 arm-linux, x86-darwin). 2508 </para> 2509 </listitem> 2510 2511 </itemizedlist> 2512 </para> 2513 2514 <para>The <computeroutput>configure</computeroutput> script tests 2515 the version of the X server currently indicated by the current 2516 <computeroutput>$DISPLAY</computeroutput>. This is a known bug. 2517 The intention was to detect the version of the current X 2518 client libraries, so that correct suppressions could be selected 2519 for them, but instead the test checks the server version. This 2520 is just plain wrong.</para> 2521 2522 <para>If you are building a binary package of Valgrind for 2523 distribution, please read <literal>README_PACKAGERS</literal> 2524 <xref linkend="dist.readme-packagers"/>. It contains some 2525 important information.</para> 2526 2527 <para>Apart from that, there's not much excitement here. Let us 2528 know if you have build problems.</para> 2529 2530 </sect1> 2531 2532 2533 2534 <sect1 id="manual-core.problems" xreflabel="If You Have Problems"> 2535 <title>If You Have Problems</title> 2536 2537 <para>Contact us at <ulink url="&vg-url;">&vg-url;</ulink>.</para> 2538 2539 <para>See <xref linkend="manual-core.limits"/> for the known 2540 limitations of Valgrind, and for a list of programs which are 2541 known not to work on it.</para> 2542 2543 <para>All parts of the system make heavy use of assertions and 2544 internal self-checks. They are permanently enabled, and we have no 2545 plans to disable them. If one of them breaks, please mail us!</para> 2546 2547 <para>If you get an assertion failure 2548 in <filename>m_mallocfree.c</filename>, this may have happened because 2549 your program wrote off the end of a heap block, or before its 2550 beginning, thus corrupting heap metadata. Valgrind hopefully will have 2551 emitted a message to that effect before dying in this way.</para> 2552 2553 <para>Read the <xref linkend="FAQ"/> for more advice about common problems, 2554 crashes, etc.</para> 2555 2556 </sect1> 2557 2558 2559 2560 <sect1 id="manual-core.limits" xreflabel="Limitations"> 2561 <title>Limitations</title> 2562 2563 <para>The following list of limitations seems long. However, most 2564 programs actually work fine.</para> 2565 2566 <para>Valgrind will run programs on the supported platforms 2567 subject to the following constraints:</para> 2568 2569 <itemizedlist> 2570 <listitem> 2571 <para>On x86 and amd64, there is no support for 3DNow! 2572 instructions. If the translator encounters these, Valgrind will 2573 generate a SIGILL when the instruction is executed. Apart from 2574 that, on x86 and amd64, essentially all instructions are supported, 2575 up to and including AVX and AES in 64-bit mode and SSSE3 in 32-bit 2576 mode. 32-bit mode does in fact support the bare minimum SSE4 2577 instructions to needed to run programs on MacOSX 10.6 on 32-bit 2578 targets. 2579 </para> 2580 </listitem> 2581 2582 <listitem> 2583 <para>On ppc32 and ppc64, almost all integer, floating point and 2584 Altivec instructions are supported. Specifically: integer and FP 2585 insns that are mandatory for PowerPC, the "General-purpose 2586 optional" group (fsqrt, fsqrts, stfiwx), the "Graphics optional" 2587 group (fre, fres, frsqrte, frsqrtes), and the Altivec (also known 2588 as VMX) SIMD instruction set, are supported. Also, instructions 2589 from the Power ISA 2.05 specification, as present in POWER6 CPUs, 2590 are supported.</para> 2591 </listitem> 2592 2593 <listitem> 2594 <para>On ARM, essentially the entire ARMv7-A instruction set 2595 is supported, in both ARM and Thumb mode. ThumbEE and Jazelle are 2596 not supported. NEON, VFPv3 and ARMv6 media support is fairly 2597 complete. 2598 </para> 2599 </listitem> 2600 2601 <listitem> 2602 <para>If your program does its own memory management, rather than 2603 using malloc/new/free/delete, it should still work, but Memcheck's 2604 error checking won't be so effective. If you describe your 2605 program's memory management scheme using "client requests" (see 2606 <xref linkend="manual-core-adv.clientreq"/>), Memcheck can do 2607 better. Nevertheless, using malloc/new and free/delete is still 2608 the best approach.</para> 2609 </listitem> 2610 2611 <listitem> 2612 <para>Valgrind's signal simulation is not as robust as it could be. 2613 Basic POSIX-compliant sigaction and sigprocmask functionality is 2614 supplied, but it's conceivable that things could go badly awry if you 2615 do weird things with signals. Workaround: don't. Programs that do 2616 non-POSIX signal tricks are in any case inherently unportable, so 2617 should be avoided if possible.</para> 2618 </listitem> 2619 2620 <listitem> 2621 <para>Machine instructions, and system calls, have been implemented 2622 on demand. So it's possible, although unlikely, that a program will 2623 fall over with a message to that effect. If this happens, please 2624 report all the details printed out, so we can try and implement the 2625 missing feature.</para> 2626 </listitem> 2627 2628 <listitem> 2629 <para>Memory consumption of your program is majorly increased 2630 whilst running under Valgrind's Memcheck tool. This is due to the 2631 large amount of administrative information maintained behind the 2632 scenes. Another cause is that Valgrind dynamically translates the 2633 original executable. Translated, instrumented code is 12-18 times 2634 larger than the original so you can easily end up with 150+ MB of 2635 translations when running (eg) a web browser.</para> 2636 </listitem> 2637 2638 <listitem> 2639 <para>Valgrind can handle dynamically-generated code just fine. If 2640 you regenerate code over the top of old code (ie. at the same 2641 memory addresses), if the code is on the stack Valgrind will 2642 realise the code has changed, and work correctly. This is 2643 necessary to handle the trampolines GCC uses to implemented nested 2644 functions. If you regenerate code somewhere other than the stack, 2645 and you are running on an 32- or 64-bit x86 CPU, you will need to 2646 use the <option>--smc-check=all</option> option, and Valgrind will 2647 run more slowly than normal. Or you can add client requests that 2648 tell Valgrind when your program has overwritten code. 2649 </para> 2650 <para> On other platforms (ARM, PowerPC) Valgrind observes and 2651 honours the cache invalidation hints that programs are obliged to 2652 emit to notify new code, and so self-modifying-code support should 2653 work automatically, without the need 2654 for <option>--smc-check=all</option>.</para> 2655 </listitem> 2656 2657 <listitem> 2658 <para>Valgrind has the following limitations 2659 in its implementation of x86/AMD64 floating point relative to 2660 IEEE754.</para> 2661 2662 <para>Precision: There is no support for 80 bit arithmetic. 2663 Internally, Valgrind represents all such "long double" numbers in 64 2664 bits, and so there may be some differences in results. Whether or 2665 not this is critical remains to be seen. Note, the x86/amd64 2666 fldt/fstpt instructions (read/write 80-bit numbers) are correctly 2667 simulated, using conversions to/from 64 bits, so that in-memory 2668 images of 80-bit numbers look correct if anyone wants to see.</para> 2669 2670 <para>The impression observed from many FP regression tests is that 2671 the accuracy differences aren't significant. Generally speaking, if 2672 a program relies on 80-bit precision, there may be difficulties 2673 porting it to non x86/amd64 platforms which only support 64-bit FP 2674 precision. Even on x86/amd64, the program may get different results 2675 depending on whether it is compiled to use SSE2 instructions (64-bits 2676 only), or x87 instructions (80-bit). The net effect is to make FP 2677 programs behave as if they had been run on a machine with 64-bit IEEE 2678 floats, for example PowerPC. On amd64 FP arithmetic is done by 2679 default on SSE2, so amd64 looks more like PowerPC than x86 from an FP 2680 perspective, and there are far fewer noticeable accuracy differences 2681 than with x86.</para> 2682 2683 <para>Rounding: Valgrind does observe the 4 IEEE-mandated rounding 2684 modes (to nearest, to +infinity, to -infinity, to zero) for the 2685 following conversions: float to integer, integer to float where 2686 there is a possibility of loss of precision, and float-to-float 2687 rounding. For all other FP operations, only the IEEE default mode 2688 (round to nearest) is supported.</para> 2689 2690 <para>Numeric exceptions in FP code: IEEE754 defines five types of 2691 numeric exception that can happen: invalid operation (sqrt of 2692 negative number, etc), division by zero, overflow, underflow, 2693 inexact (loss of precision).</para> 2694 2695 <para>For each exception, two courses of action are defined by IEEE754: 2696 either (1) a user-defined exception handler may be called, or (2) a 2697 default action is defined, which "fixes things up" and allows the 2698 computation to proceed without throwing an exception.</para> 2699 2700 <para>Currently Valgrind only supports the default fixup actions. 2701 Again, feedback on the importance of exception support would be 2702 appreciated.</para> 2703 2704 <para>When Valgrind detects that the program is trying to exceed any 2705 of these limitations (setting exception handlers, rounding mode, or 2706 precision control), it can print a message giving a traceback of 2707 where this has happened, and continue execution. This behaviour used 2708 to be the default, but the messages are annoying and so showing them 2709 is now disabled by default. Use <option>--show-emwarns=yes</option> to see 2710 them.</para> 2711 2712 <para>The above limitations define precisely the IEEE754 'default' 2713 behaviour: default fixup on all exceptions, round-to-nearest 2714 operations, and 64-bit precision.</para> 2715 </listitem> 2716 2717 <listitem> 2718 <para>Valgrind has the following limitations in 2719 its implementation of x86/AMD64 SSE2 FP arithmetic, relative to 2720 IEEE754.</para> 2721 2722 <para>Essentially the same: no exceptions, and limited observance of 2723 rounding mode. Also, SSE2 has control bits which make it treat 2724 denormalised numbers as zero (DAZ) and a related action, flush 2725 denormals to zero (FTZ). Both of these cause SSE2 arithmetic to be 2726 less accurate than IEEE requires. Valgrind detects, ignores, and can 2727 warn about, attempts to enable either mode.</para> 2728 </listitem> 2729 2730 <listitem> 2731 <para>Valgrind has the following limitations in 2732 its implementation of ARM VFPv3 arithmetic, relative to 2733 IEEE754.</para> 2734 2735 <para>Essentially the same: no exceptions, and limited observance 2736 of rounding mode. Also, switching the VFP unit into vector mode 2737 will cause Valgrind to abort the program -- it has no way to 2738 emulate vector uses of VFP at a reasonable performance level. This 2739 is no big deal given that non-scalar uses of VFP instructions are 2740 in any case deprecated.</para> 2741 </listitem> 2742 2743 <listitem> 2744 <para>Valgrind has the following limitations 2745 in its implementation of PPC32 and PPC64 floating point 2746 arithmetic, relative to IEEE754.</para> 2747 2748 <para>Scalar (non-Altivec): Valgrind provides a bit-exact emulation of 2749 all floating point instructions, except for "fre" and "fres", which are 2750 done more precisely than required by the PowerPC architecture specification. 2751 All floating point operations observe the current rounding mode. 2752 </para> 2753 2754 <para>However, fpscr[FPRF] is not set after each operation. That could 2755 be done but would give measurable performance overheads, and so far 2756 no need for it has been found.</para> 2757 2758 <para>As on x86/AMD64, IEEE754 exceptions are not supported: all floating 2759 point exceptions are handled using the default IEEE fixup actions. 2760 Valgrind detects, ignores, and can warn about, attempts to unmask 2761 the 5 IEEE FP exception kinds by writing to the floating-point status 2762 and control register (fpscr). 2763 </para> 2764 2765 <para>Vector (Altivec, VMX): essentially as with x86/AMD64 SSE/SSE2: 2766 no exceptions, and limited observance of rounding mode. 2767 For Altivec, FP arithmetic 2768 is done in IEEE/Java mode, which is more accurate than the Linux default 2769 setting. "More accurate" means that denormals are handled properly, 2770 rather than simply being flushed to zero.</para> 2771 </listitem> 2772 </itemizedlist> 2773 2774 <para>Programs which are known not to work are:</para> 2775 <itemizedlist> 2776 <listitem> 2777 <para>emacs starts up but immediately concludes it is out of 2778 memory and aborts. It may be that Memcheck does not provide 2779 a good enough emulation of the 2780 <computeroutput>mallinfo</computeroutput> function. 2781 Emacs works fine if you build it to use 2782 the standard malloc/free routines.</para> 2783 </listitem> 2784 </itemizedlist> 2785 2786 </sect1> 2787 2788 2789 <sect1 id="manual-core.example" xreflabel="An Example Run"> 2790 <title>An Example Run</title> 2791 2792 <para>This is the log for a run of a small program using Memcheck. 2793 The program is in fact correct, and the reported error is as the 2794 result of a potentially serious code generation bug in GNU g++ 2795 (snapshot 20010527).</para> 2796 2797 <programlisting><![CDATA[ 2798 sewardj@phoenix:~/newmat10$ ~/Valgrind-6/valgrind -v ./bogon 2799 ==25832== Valgrind 0.10, a memory error detector for x86 RedHat 7.1. 2800 ==25832== Copyright (C) 2000-2001, and GNU GPL'd, by Julian Seward. 2801 ==25832== Startup, with flags: 2802 ==25832== --suppressions=/home/sewardj/Valgrind/redhat71.supp 2803 ==25832== reading syms from /lib/ld-linux.so.2 2804 ==25832== reading syms from /lib/libc.so.6 2805 ==25832== reading syms from /mnt/pima/jrs/Inst/lib/libgcc_s.so.0 2806 ==25832== reading syms from /lib/libm.so.6 2807 ==25832== reading syms from /mnt/pima/jrs/Inst/lib/libstdc++.so.3 2808 ==25832== reading syms from /home/sewardj/Valgrind/valgrind.so 2809 ==25832== reading syms from /proc/self/exe 2810 ==25832== 2811 ==25832== Invalid read of size 4 2812 ==25832== at 0x8048724: BandMatrix::ReSize(int,int,int) (bogon.cpp:45) 2813 ==25832== by 0x80487AF: main (bogon.cpp:66) 2814 ==25832== Address 0xBFFFF74C is not stack'd, malloc'd or free'd 2815 ==25832== 2816 ==25832== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) 2817 ==25832== malloc/free: in use at exit: 0 bytes in 0 blocks. 2818 ==25832== malloc/free: 0 allocs, 0 frees, 0 bytes allocated. 2819 ==25832== For a detailed leak analysis, rerun with: --leak-check=yes 2820 ]]></programlisting> 2821 2822 <para>The GCC folks fixed this about a week before GCC 3.0 2823 shipped.</para> 2824 2825 </sect1> 2826 2827 2828 <sect1 id="manual-core.warnings" xreflabel="Warning Messages"> 2829 <title>Warning Messages You Might See</title> 2830 2831 <para>Some of these only appear if you run in verbose mode 2832 (enabled by <option>-v</option>):</para> 2833 2834 <itemizedlist> 2835 2836 <listitem> 2837 <para><computeroutput>More than 100 errors detected. Subsequent 2838 errors will still be recorded, but in less detail than 2839 before.</computeroutput></para> 2840 2841 <para>After 100 different errors have been shown, Valgrind becomes 2842 more conservative about collecting them. It then requires only the 2843 program counters in the top two stack frames to match when deciding 2844 whether or not two errors are really the same one. Prior to this 2845 point, the PCs in the top four frames are required to match. This 2846 hack has the effect of slowing down the appearance of new errors 2847 after the first 100. The 100 constant can be changed by recompiling 2848 Valgrind.</para> 2849 </listitem> 2850 2851 <listitem> 2852 <para><computeroutput>More than 1000 errors detected. I'm not 2853 reporting any more. Final error counts may be inaccurate. Go fix 2854 your program!</computeroutput></para> 2855 2856 <para>After 1000 different errors have been detected, Valgrind 2857 ignores any more. It seems unlikely that collecting even more 2858 different ones would be of practical help to anybody, and it avoids 2859 the danger that Valgrind spends more and more of its time comparing 2860 new errors against an ever-growing collection. As above, the 1000 2861 number is a compile-time constant.</para> 2862 </listitem> 2863 2864 <listitem> 2865 <para><computeroutput>Warning: client switching stacks?</computeroutput></para> 2866 2867 <para>Valgrind spotted such a large change in the stack pointer 2868 that it guesses the client is switching to a different stack. At 2869 this point it makes a kludgey guess where the base of the new 2870 stack is, and sets memory permissions accordingly. At the moment 2871 "large change" is defined as a change of more that 2000000 in the 2872 value of the stack pointer register. If Valgrind guesses wrong, 2873 you may get many bogus error messages following this and/or have 2874 crashes in the stack trace recording code. You might avoid these 2875 problems by informing Valgrind about the stack bounds using 2876 VALGRIND_STACK_REGISTER client request. </para> 2877 2878 </listitem> 2879 2880 <listitem> 2881 <para><computeroutput>Warning: client attempted to close Valgrind's 2882 logfile fd <number></computeroutput></para> 2883 2884 <para>Valgrind doesn't allow the client to close the logfile, 2885 because you'd never see any diagnostic information after that point. 2886 If you see this message, you may want to use the 2887 <option>--log-fd=<number></option> option to specify a 2888 different logfile file-descriptor number.</para> 2889 </listitem> 2890 2891 <listitem> 2892 <para><computeroutput>Warning: noted but unhandled ioctl 2893 <number></computeroutput></para> 2894 2895 <para>Valgrind observed a call to one of the vast family of 2896 <computeroutput>ioctl</computeroutput> system calls, but did not 2897 modify its memory status info (because nobody has yet written a 2898 suitable wrapper). The call will still have gone through, but you may get 2899 spurious errors after this as a result of the non-update of the 2900 memory info.</para> 2901 </listitem> 2902 2903 <listitem> 2904 <para><computeroutput>Warning: set address range perms: large range 2905 <number></computeroutput></para> 2906 2907 <para>Diagnostic message, mostly for benefit of the Valgrind 2908 developers, to do with memory permissions.</para> 2909 </listitem> 2910 2911 </itemizedlist> 2912 2913 </sect1> 2914 2915 2916 2917 2918 2919 2920 </chapter> 2921
