用内存管理器的钩子函数跟踪内存泄漏
<!--@page { size: 21cm 29.7cm; margin: 2cm }P { margin-bottom: 0.21cm }-->用内存管理器的钩子函数跟踪内存泄漏载时请注明出处和作者联系方式作者联系方式:李先静作为Linux下的C程序员,我总是习惯在单元测试通过之后,再用valgrind把程序跑一下,看看有没
·
用内存管理器的钩子函数跟踪内存泄漏
载时请注明出处和作者联系方式
作者联系方式:李先静 <xianjimli at hotmail dot com>
作为Linux下的C程序员,我总是习惯在单元测试通过之后,再用valgrind把程序跑一下,看看有没有内存泄漏和内存越界等问题。可惜的是,有时valgrind并不能很好的工作,像基于DirectFB的多进程程序在valgrind下是跑不起的, 这时我们可以通过内存管理器的钩子函数来跟踪内存泄漏。
glibc提供的内存管理器的钩子函数让你可以监控/改变内存管理函数的行为。其实glibc已经利用这个机制实现了内存泄漏检测的功能,提供了mtrace/muntrace两个函数和mtrace工具,只是不太好用,一是速度慢,二是没有backtrace。更惨的是在Fedora 7上再也找不到它了,只好自己写一个:
先记录分配/释放操作:
/*memory_trace.c*/
#include <execinfo.h>#include <stdio.h>#include <stdlib.h>#include <sys/types.h>#include <unistd.h>#include <malloc.h>#include <sys/stat.h>#include <fcntl.h>#include <string.h>static void memory_trace_init(void);static void memory_trace_deinit(void);static void *my_malloc_hook (size_t size, const void* ptr);static void my_free_hook (void* ptr, const void* caller);static void *my_realloc_hook (void *ptr, size_t size, const void *caller);static void *my_malloc_hook (size_t size, const void* ptr);static void my_free_hook (void* ptr, const void* caller);static void *my_realloc_hook (void *ptr, size_t size, const void *caller);static void *(*old_malloc_hook)(size_t size, const void* ptr);static void (*old_free_hook)(void* ptr, const void* caller);static void *(*old_realloc_hook)(void *ptr, size_t size, const void *caller);#define BACK_TRACE_DEPTH 8#define CACHE_SIZE 512static FILE* g_memory_trace_fp = NULL;static int g_memory_trace_cache_used = 0;/*additional 3 items: alloc/free addr size*/static void* g_memory_trace_cache[CACHE_SIZE][BACK_TRACE_DEPTH + 3]; static void memory_trace_flush(void);static void memory_trace_write(int alloc, void* addr, int size);static void memory_trace_backup(void){
old_malloc_hook = __malloc_hook; old_free_hook = __free_hook; old_realloc_hook = __realloc_hook; return;
}static void memory_trace_hook(void){ __malloc_hook = my_malloc_hook; __free_hook = my_free_hook; __realloc_hook = my_realloc_hook; return;}static void memory_trace_restore(void){ __malloc_hook = old_malloc_hook; __free_hook = old_free_hook; __realloc_hook = old_realloc_hook; return;}static void memory_trace_init(void){ if(g_memory_trace_fp == NULL && getenv("MALLOC_TRACE") != NULL)
{
char file_name[260] = {0}; snprintf(file_name, sizeof(file_name), "/tmp/%d_memory.log", getpid()); if((g_memory_trace_fp = fopen(file_name, "wb+")) != NULL) { memory_trace_backup(); memory_trace_hook();
} atexit(memory_trace_deinit); } return;}static void memory_trace_deinit(void){ if(g_memory_trace_fp != NULL) { memory_trace_restore(); memory_trace_flush(); fclose(g_memory_trace_fp); g_memory_trace_fp = NULL; } return;}void (*__malloc_initialize_hook) (void) = memory_trace_init;static void * my_malloc_hook (size_t size, const void *caller){ void *result = NULL; memory_trace_restore(); result = malloc (size); memory_trace_write(1, result, size); memory_trace_hook(); return result;}static void my_free_hook (void *ptr, const void *caller){ memory_trace_restore(); free (ptr); memory_trace_write(0, ptr, 0); memory_trace_hook(); return;}static void *my_realloc_hook (void *ptr, size_t size, const void *caller){ void* result = NULL; memory_trace_restore(); memory_trace_write(0, ptr, 0); result = realloc(ptr, size); memory_trace_write(1, result, size); memory_trace_hook(); return result;}static void memory_trace_flush_one_entry(int index){ int offset = 0; char buffer[512] = {0}; int fd = fileno(g_memory_trace_fp); int alloc = (int)g_memory_trace_cache[index][BACK_TRACE_DEPTH]; void* addr = g_memory_trace_cache[index][BACK_TRACE_DEPTH+1]; int size = (int)g_memory_trace_cache[index][BACK_TRACE_DEPTH+2]; void** backtrace_buffer = g_memory_trace_cache[index]; snprintf(buffer, sizeof(buffer), "%s %p %d ", alloc ? "alloc":"free", addr, size); if(!alloc) { write(fd, buffer, strlen(buffer)); return; } char** symbols = backtrace_symbols(backtrace_buffer, BACK_TRACE_DEPTH); if(symbols != NULL) { int i = 0; offset = strlen(buffer); for(i = 0; i < BACK_TRACE_DEPTH; i++) { if(symbols[i] == NULL) { break; } char* begin = strchr(symbols[i], '('); if(begin != NULL) { *begin = ' '; char* end = strchr(begin, ')'); if(end != NULL) { strcpy(end, " "); } strncpy(buffer+offset, begin, sizeof(buffer)-offset); offset += strlen(begin); } } write(fd, buffer, offset); free(symbols); } return;}static void memory_trace_flush(void){ int i = 0; for(i = 0; i < g_memory_trace_cache_used; i++) { memory_trace_flush_one_entry(i); } g_memory_trace_cache_used = 0; return;}static void memory_trace_write(int alloc, void* addr, int size){ if(g_memory_trace_cache_used >= CACHE_SIZE) { memory_trace_flush(); } int i = 0; void* backtrace_buffer[BACK_TRACE_DEPTH] = {0}; backtrace(backtrace_buffer, BACK_TRACE_DEPTH); for(i = 0; i < BACK_TRACE_DEPTH; i++) { g_memory_trace_cache[g_memory_trace_cache_used][i] = backtrace_buffer[i]; } g_memory_trace_cache[g_memory_trace_cache_used][BACK_TRACE_DEPTH] = (void*)alloc; g_memory_trace_cache[g_memory_trace_cache_used][BACK_TRACE_DEPTH+1] = addr; g_memory_trace_cache[g_memory_trace_cache_used][BACK_TRACE_DEPTH+2] = (void*)size; g_memory_trace_cache_used++; return;}#ifdef MEMORY_TRACE_TESTvoid test(void){ char* p = malloc(100); p = malloc(123); free(p); return;}int main(int argc, char* argv[]){ malloc(100); test(); malloc(100); test(); char* p = malloc(100); free(p); return 0;}#endif/*MEMORY_TRACE_TEST*/把以上代码编译成动态库,或者直接编译到功能代码一起。如果设置了MALLOC_TRACE环境变量,分配/释放会被记录到/tmp/$PID_memory.log下。
再写个程序来分析log文件:
/*mtrace.c*/#include <stdio.h>#define MAX_ENTRY 1024*1024int main(int argc, char* argv[]){ if(argc != 3) { printf("usage: %s [log file] [out file] ", argv[0]); return 0; } FILE* fp = fopen(argv[1], "r"); FILE* fp_out = fopen(argv[2], "wb+"); if(fp == NULL || fp_out == NULL) { printf("open file failed "); if(fp != NULL) { fclose(fp); } if(fp_out != NULL) { fclose(fp_out); } return; } int i = 0; int n = 0; int skip = 0; int line_index = 0; void* addr = 0; char line[260] = {0}; void* addrs_array[MAX_ENTRY] = {0}; int lines_array[MAX_ENTRY] = {0}; while(fgets(line, sizeof(line), fp) != NULL) { if(line[0] != 'a' && line[0] != 'f') { line_index++; continue; } addr = NULL; if(strncmp(line, "alloc", 5) == 0 && n < MAX_ENTRY) { sscanf(line, "alloc %p", &addr); addrs_array[n] = addr; lines_array[n] = line_index; n++; printf("a"); } else if(strncmp(line, "free", 4) == 0) { sscanf(line, "free %p", &addr); for(i = 0; i < n; i++) { if(addrs_array[i] == addr) { lines_array[i] = -1; break; } } printf("f"); } line_index++; } printf(" "); fseek(fp, 0, 0); i = 0; line_index = 0; while(fgets(line, sizeof(line), fp) != NULL) { if(strncmp(line, "alloc", 5) == 0) { if(lines_array[i] == line_index) { printf("leak %s", line); fprintf(fp_out, "*"); skip = 0; i++; } else { skip = 1; } } else if(strncmp(line, "free", 4) == 0) { skip = 1; } if(!skip) { fputs(line, fp_out); } line_index++; } fclose(fp); fclose(fp_out); return 0;}
把这个段代码编译成一个可执行文件mtrace,以前面记录的LOG为输入,再指定个输出文件,内存泄漏会被写到输出文件中,可以看到内存泄漏的地地址,大小和调用关系。
~~end~~
更多推荐
0
0- 0
已为社区贡献13条内容
所有评论(0)