Difference between revisions of "Valgrind"
Line 60: | Line 60: | ||
* {{issue|117153}} “utl::Bootstrap leaks Impl” | * {{issue|117153}} “utl::Bootstrap leaks Impl” | ||
* {{issue|117154}} “Desktop::GetCommandLineArgs leaks CommandLineArgs” | * {{issue|117154}} “Desktop::GetCommandLineArgs leaks CommandLineArgs” | ||
+ | * {{issue|117292}} “lock order violation in io service implementations” | ||
=== Definite False Positives === | === Definite False Positives === |
Revision as of 10:57, 9 March 2011
Valgrind is an instrumentation framework for dynamic analysis tools. It can be used to detect memory management and threading bugs and profile programs. It runs on Linux x86 and AMD64, PPC32 and PPC64 are fairly complete.
disabling the custom allocator
If you use ooo-build; export OOO_FORCE_SYSALLOC=1 before running, (this is built into linkoo's ooenv script).
If you use a Vanilla build, and your shell is setup for building ooo, use the following wrapper script around valgrind:
#!/bin/sh # instrument soffice with a malloc-based memory allocator. # Requires libsalalloc_malloc.so to be in the LD_LIBRARY_PATH. # Forwards all command line arguments to valgrind. export LD_PRELOAD=libsalalloc_malloc.so valgrind $@
which preloads a small interceptor lib, which redirects all allocator calls to malloc.
disabling glib's custom allocator
If you want to also track down problems with glib allocated objects, e.g. resource leaks in gconfbe then you need to disable glib's custom allocation as well, e.g.
G_SLICE=always-malloc valgrind ...
disabling the STLport custom allocator
The STLport default allocator uses a static free list (_S_free_list
in _alloc.h
) and there appears to be no functionality to flush it upon exit (like __libc_freeres
in the GNU C library). Thus, Valgrind can erroneously consider memory as still reachable at program termination.
The easiest workaround is probably to use a build that does not use STLport, like using a 64-bit unxlngx6
build.
Helgrind __cxa_guard_acquire
problems
The libstdc++.so.6
included in unxlngx6
Hamburg builds (and probably the one included in unxlngi6
builds as well) apparently has a __cxa_guard_acquire
that uses a single mutex for all the various statics, leading to many false complaints about lock order violation.
As a workaround, move the instances of libgcc_s.so.1
and libstdc++.so.6
within the OOo installation set out of the way (and thus use the ones from the system, which are hopefully recent enough).
Errors Found
Definite Errors
Open as of DEV300_m99
:
- Issue 114718 “forms/qa/unoapi: crash in remote async release call”
- Issue 116785 “framework::[Module]ImageManager kept alive by ring ref”
- Issue 116786 “framework::ToolBarLayoutManger::m_p{AddonOptions,GlobalSettings} leak”
- Issue 116850 “SvLBox::OnCurrentEntryChanged: Conditional jump or move depends on uninitialised value(s)”
- Issue 116885 “utl::TextSearch::CachedTextSearch::~CachedTextSearch called too late”
- Issue 116891 “framework::AddonMenuManager::BuildMenu leaks MenuConfiguration::Attributes”
- Issue 116910 “desktop::Acceptor leaks Thread_Impl”
- Issue 116915 “osl_getSystemPathFromFileURL leaks rtl_uStrings”
- Issue 116981 “rtl/source/bootstrap.cxx does not clean up memory”
- Issue 117082 “editengine: static maTypeSequence instances destroyed too late”
- Issue 117083 “document window leaks framework::WindowCommandDispatch instance”
- Issue 117084 “Desktop::Main leaks Lockfile instance”
- Issue 117119 “lock-order violation in comprehensive cppu_detail_getUnoType”
- Issue 117153 “utl::Bootstrap leaks Impl”
- Issue 117154 “Desktop::GetCommandLineArgs leaks CommandLineArgs”
- Issue 117292 “lock order violation in io service implementations”
Definite False Positives
Open as of DEV300_m99
:
- Issue 116872 “drawinglayer: BPixelRasterToBitmapEx causes false valgrind positive in rtl_crc32”
- On
unxlngx6
, executingDEV300_m100
sfx2/qa/complex
, a 14 bytecom.sun.star.util.DateTime
struct (consisting of sevenunsigned short
members) is filled with two 64 bit writes.
Invalid write of size 8 at 0x1558BBAC: x86_64::fill_struct(_typelib_TypeDescriptionReference*, unsigned long const*, double const*, void*) (in /opt/openoffice.org/ure/lib/libgcc3_uno.so) by 0x15591965: callVirtualMethod(void*, unsigned int, void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int, unsigned long*, unsigned int, double*, unsigned int) (in /opt/openoffice.org/ure/lib/libgcc3_uno.so) by 0x1559240D: cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*, bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int, _typelib_MethodParameter*, void*, void**, _uno_Any**) (in /opt/openoffice.org/ure/lib/libgcc3_uno.so) by 0x15592B8A: bridges::cpp_uno::shared::unoInterfaceProxyDispatch(_uno_Interface*, _typelib_TypeDescription const*, void*, void**, _uno_Any**) (in /opt/openoffice.org/ure/lib/libgcc3_uno.so) by 0x1A15C688: binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*, std::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny> >*) const (in /opt/openoffice.org/ure/lib/binaryurp.uno.so) by 0x1A15CC45: binaryurp::IncomingRequest::execute() const (in /opt/openoffice.org/ure/lib/binaryurp.uno.so) by 0x1A16B09A: request (in /opt/openoffice.org/ure/lib/binaryurp.uno.so) by 0x70057CA: cppu_threadpool::JobQueue::enter(long, unsigned char) (in /opt/openoffice.org/ure/lib/libuno_cppu.so.3) by 0x70062C2: cppu_threadpool::ORequestThread::run() (in /opt/openoffice.org/ure/lib/libuno_cppu.so.3) by 0x70065F2: cppu_requestThreadWorker (in /opt/openoffice.org/ure/lib/libuno_cppu.so.3) by 0x4E5F72E: osl_thread_start_Impl (in /opt/openoffice.org/ure/lib/libuno_sal.so.3) by 0x67679C9: start_thread (pthread_create.c:300) Address 0xeb32480 is 16 bytes inside a block of size 22 alloc'd at 0x4C274A8: malloc (vg_replace_malloc.c:236) by 0x4E9A7CC: rtl_allocateMemory (in /opt/openoffice.org/ure/lib/libuno_sal.so.3) by 0x4013EE: allocate(unsigned long, (anonymous namespace)::AllocatorTraits const&) (in /opt/openoffice.org3/program/soffice.bin) by 0x4014C5: operator new(unsigned long) (in /opt/openoffice.org3/program/soffice.bin) by 0x1A15E77E: __gnu_cxx::new_allocator<char>::allocate(unsigned long, void const*) (in /opt/openoffice.org/ure/lib/binaryurp.uno.so) by 0x1A15E7A6: std::_Vector_base<char, std::allocator<char> >::_M_allocate(unsigned long) (in /opt/openoffice.org/ure/lib/binaryurp.uno.so) by 0x1A15E7D8: std::_Vector_base<char, std::allocator<char> >::_Vector_base(unsigned long, std::allocator<char> const&) (in /opt/openoffice.org/ure/lib/binaryurp.uno.so) by 0x1A15F686: std::vector<char, std::allocator<char> >::vector(unsigned long, char const&, std::allocator<char> const&) (in /opt/openoffice.org/ure/lib/binaryurp.uno.so) by 0x1A15C57A: binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*, std::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny> >*) const (in /opt/openoffice.org/ure/lib/binaryurp.uno.so) by 0x1A15CC45: binaryurp::IncomingRequest::execute() const (in /opt/openoffice.org/ure/lib/binaryurp.uno.so) by 0x1A16B09A: request (in /opt/openoffice.org/ure/lib/binaryurp.uno.so) by 0x70057CA: cppu_threadpool::JobQueue::enter(long, unsigned char) (in /opt/openoffice.org/ure/lib/libuno_cppu.so.3)
- On
unxlngx6
, executingDEV300_m100
sfx2/qa/complex
triggers the below report, which appears to be a false positive caused by what appears to be an error in valgrind, see “setns instruction causes false positive”.
Conditional jump or move depends on uninitialised value(s) at 0x22694A93: SwLayAction::_FormatCntnt(SwCntntFrm const*, SwPageFrm const*) (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x226982DD: SwLayAction::_FormatFlyCntnt(SwFlyFrm const*) (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x226A0349: SwObjectFormatter::_FormatObj(SwAnchoredObject&) (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x226A14CB: SwObjectFormatterTxtFrm::DoFormatObj(SwAnchoredObject&, bool) (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x226A01C2: SwObjectFormatter::_FormatObjsAtFrm(SwTxtFrm*) (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x226A115B: SwObjectFormatterTxtFrm::DoFormatObjs() (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x2269FF52: SwObjectFormatter::FormatObjsAtFrm(SwFrm&, SwPageFrm const&, SwLayAction*) (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x2269501E: SwLayAction::FormatCntnt(SwPageFrm const*) (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x22696E9B: SwLayAction::InternalAction() (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x226975A7: SwLayAction::Action() (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x22885D50: ViewShell::ImplEndAction(unsigned char) (in /opt/openoffice.org/basis3.4/program/libswlx.so) by 0x225155A2: ViewShell::EndAction(unsigned char) (in /opt/openoffice.org/basis3.4/program/libswlx.so)
Potentially False Positives
Conditional jump or move depends on uninitialised value(s) at 0x9440A18: XcursorImageHash (in /usr/lib/libXcursor.so.1.0.2) by 0x9440ED7: XcursorNoticePutBitmap (in /usr/lib/libXcursor.so.1.0.2) by 0x42F5EF8: _XNoticePutBitmap (in /usr/lib/libX11.so.6.3.0) by 0x430D3A7: XPutImage (in /usr/lib/libX11.so.6.3.0) by 0x938107E: ImplSalDDB::ImplSalDDB(_XImage*, unsigned long, int, SalTwoRect const&) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/openoffice.org/basis3.4/program/libvclplug_genli.so) by 0x9382E77: X11SalBitmap::ImplGetDDB(unsigned long, int, long, SalTwoRect const&) const (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/openoffice.org/basis3.4/program/libvclplug_genli.so) by 0x9382F52: X11SalBitmap::ImplDraw(unsigned long, int, long, SalTwoRect const&, _XGC* const&) const (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/openoffice.org/basis3.4/program/libvclplug_genli.so) by 0x937DC2A: X11SalGraphics::drawMaskedBitmap(SalTwoRect const*, SalBitmap const&, SalBitmap const&) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/openoffice.org/basis3.4/program/libvclplug_genli.so) by 0x937DF70: X11SalGraphics::drawBitmap(SalTwoRect const*, SalBitmap const&, SalBitmap const&) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/openoffice.org/basis3.4/program/libvclplug_genli.so) by 0x5BAE9FB: SalGraphics::DrawBitmap(SalTwoRect const*, SalBitmap const&, SalBitmap const&, OutputDevice const*) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/openoffice.org/basis3.4/program/libvclli.so) by 0x5B92D9C: OutputDevice::ImplDrawBitmapEx(Point const&, Size const&, Point const&, Size const&, BitmapEx const&, unsigned long) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/openoffice.org/basis3.4/program/libvclli.so) by 0x5B9320D: OutputDevice::DrawBitmapEx(Point const&, Size const&, BitmapEx const&) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/openoffice.org/basis3.4/program/libvclli.so)
might be a false positive, [1] specifies a suppression block for the head of that stack,
{ X oddness 3 Memcheck:Cond fun:XcursorImageHash fun:XcursorNoticePutBitmap fun:_XNoticePutBitmap fun:XPutImage }
more information
There's also some Writer document about Valgrind: http://tools.openoffice.org/debugging/usingvalgrind.sxw
TODO: move (!) its content here, not just copy but also remove there, so we don't end up with a fork.
TODO: Run recent version
Someone should run the latest version o OO.o, as Valgrind 3.3.0 re-introduces Hellgrind which helps e.g. to hunt down deadlocks. See [2] for more.
Callgrind Profiling How-To
There's a Callgrind How-To.