From Apache OpenOffice Wiki
Jump to: navigation, search

Valgrind is an instrumentation framework for dynamic analysis tools. It can be used to detect memory management and threading bugs and profile programs. It runs on Linux x86 and AMD64, PPC32 and PPC64 are fairly complete.

disabling the custom allocator

If you use ooo-build; export OOO_FORCE_SYSALLOC=1 before running, (this is built into linkoo's ooenv script).

If you use a Vanilla build, and your shell is setup for building ooo, use the following wrapper script around valgrind:


# instrument soffice with a malloc-based memory allocator.
# Requires to be in the LD_LIBRARY_PATH.
# Forwards all command line arguments to valgrind.

valgrind $@ 

which preloads a small interceptor lib, which redirects all allocator calls to malloc.

disabling glib's custom allocator

If you want to also track down problems with glib allocated objects, e.g. resource leaks in gconfbe then you need to disable glib's custom allocation as well, e.g.

G_SLICE=always-malloc valgrind ...

disabling the STLport custom allocator

The STLport default allocator uses a static free list (_S_free_list in _alloc.h) and there appears to be no functionality to flush it upon exit (like __libc_freeres in the GNU C library). Thus, Valgrind can erroneously consider memory as still reachable at program termination.

The easiest workaround is probably to use a build that does not use STLport, like using a 64-bit unxlngx6 build.

Helgrind __cxa_guard_acquire problems

The included in unxlngx6 Hamburg builds (and probably the one included in unxlngi6 builds as well) apparently has a __cxa_guard_acquire that uses a single mutex for all the various statics, leading to many false complaints about lock order violation.

As a workaround, move the instances of and within the OOo installation set out of the way (and thus use the ones from the system, which are hopefully recent enough).

Errors Found

Definite Errors

Open as of DEV300_m99:

  • Issue 114718 “forms/qa/unoapi: crash in remote async release call”
  • Issue 116785 “framework::[Module]ImageManager kept alive by ring ref”
  • Issue 116786 “framework::ToolBarLayoutManger::m_p{AddonOptions,GlobalSettings} leak”
  • Issue 116850 “SvLBox::OnCurrentEntryChanged: Conditional jump or move depends on uninitialised value(s)”
  • Issue 116885 “utl::TextSearch::CachedTextSearch::~CachedTextSearch called too late”
  • Issue 116891 “framework::AddonMenuManager::BuildMenu leaks MenuConfiguration::Attributes”
  • Issue 116910 “desktop::Acceptor leaks Thread_Impl”
  • Issue 116915 “osl_getSystemPathFromFileURL leaks rtl_uStrings”
  • Issue 116981 “rtl/source/bootstrap.cxx does not clean up memory”
  • Issue 117082 “editengine: static maTypeSequence instances destroyed too late”
  • Issue 117083 “document window leaks framework::WindowCommandDispatch instance”
  • Issue 117084 “Desktop::Main leaks Lockfile instance”
  • Issue 117119 “lock-order violation in comprehensive cppu_detail_getUnoType”
  • Issue 117153 “utl::Bootstrap leaks Impl”
  • Issue 117154 “Desktop::GetCommandLineArgs leaks CommandLineArgs”
  • Issue 117292 “lock order violation in io service implementations”
  • Issue 117294 “lock order violation in SFX_IMPL_XSERVICEINFO”
  • Issue 117295 “lock order violation in cpp_uno bridge RTTI”
  • Issue 117296 “lock order violation in fileaccess service implementation”
  • Issue 117884 “registry: ORegKey::openSubKeys leaks memory”

Definite False Positives

Open as of DEV300_m99:

  • Issue 116872 “drawinglayer: BPixelRasterToBitmapEx causes false valgrind positive in rtl_crc32”
  • On unxlngx6, executing DEV300_m100 sfx2/qa/complex, a 14 byte struct (consisting of seven unsigned short members) is filled with two 64 bit writes.
Invalid write of size 8
   at 0x1558BBAC: x86_64::fill_struct(_typelib_TypeDescriptionReference*, unsigned long const*, double const*, void*) (in /opt/
   by 0x15591965: callVirtualMethod(void*, unsigned int, void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int, unsigned long*, unsigned int, double*, unsigned int) (in /opt/
   by 0x1559240D: cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*, bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int, _typelib_MethodParameter*, void*, void**, _uno_Any**) (in /opt/
   by 0x15592B8A: bridges::cpp_uno::shared::unoInterfaceProxyDispatch(_uno_Interface*, _typelib_TypeDescription const*, void*, void**, _uno_Any**) (in /opt/
   by 0x1A15C688: binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*, std::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny> >*) const (in /opt/
   by 0x1A15CC45: binaryurp::IncomingRequest::execute() const (in /opt/
   by 0x1A16B09A: request (in /opt/
   by 0x70057CA: cppu_threadpool::JobQueue::enter(long, unsigned char) (in /opt/
   by 0x70062C2: cppu_threadpool::ORequestThread::run() (in /opt/
   by 0x70065F2: cppu_requestThreadWorker (in /opt/
   by 0x4E5F72E: osl_thread_start_Impl (in /opt/
   by 0x67679C9: start_thread (pthread_create.c:300)
 Address 0xeb32480 is 16 bytes inside a block of size 22 alloc'd
   at 0x4C274A8: malloc (vg_replace_malloc.c:236)
   by 0x4E9A7CC: rtl_allocateMemory (in /opt/
   by 0x4013EE: allocate(unsigned long, (anonymous namespace)::AllocatorTraits const&) (in /opt/openoffice.org3/program/soffice.bin)
   by 0x4014C5: operator new(unsigned long) (in /opt/openoffice.org3/program/soffice.bin)
   by 0x1A15E77E: __gnu_cxx::new_allocator<char>::allocate(unsigned long, void const*) (in /opt/
   by 0x1A15E7A6: std::_Vector_base<char, std::allocator<char> >::_M_allocate(unsigned long) (in /opt/
   by 0x1A15E7D8: std::_Vector_base<char, std::allocator<char> >::_Vector_base(unsigned long, std::allocator<char> const&) (in /opt/
   by 0x1A15F686: std::vector<char, std::allocator<char> >::vector(unsigned long, char const&, std::allocator<char> const&) (in /opt/
   by 0x1A15C57A: binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*, std::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny> >*) const (in /opt/
   by 0x1A15CC45: binaryurp::IncomingRequest::execute() const (in /opt/
   by 0x1A16B09A: request (in /opt/
   by 0x70057CA: cppu_threadpool::JobQueue::enter(long, unsigned char) (in /opt/
Conditional jump or move depends on uninitialised value(s)
   at 0x22694A93: SwLayAction::_FormatCntnt(SwCntntFrm const*, SwPageFrm const*) (in /opt/
   by 0x226982DD: SwLayAction::_FormatFlyCntnt(SwFlyFrm const*) (in /opt/
   by 0x226A0349: SwObjectFormatter::_FormatObj(SwAnchoredObject&) (in /opt/
   by 0x226A14CB: SwObjectFormatterTxtFrm::DoFormatObj(SwAnchoredObject&, bool) (in /opt/
   by 0x226A01C2: SwObjectFormatter::_FormatObjsAtFrm(SwTxtFrm*) (in /opt/
   by 0x226A115B: SwObjectFormatterTxtFrm::DoFormatObjs() (in /opt/
   by 0x2269FF52: SwObjectFormatter::FormatObjsAtFrm(SwFrm&, SwPageFrm const&, SwLayAction*) (in /opt/
   by 0x2269501E: SwLayAction::FormatCntnt(SwPageFrm const*) (in /opt/
   by 0x22696E9B: SwLayAction::InternalAction() (in /opt/
   by 0x226975A7: SwLayAction::Action() (in /opt/
   by 0x22885D50: ViewShell::ImplEndAction(unsigned char) (in /opt/
   by 0x225155A2: ViewShell::EndAction(unsigned char) (in /opt/

Potentially False Positives

Conditional jump or move depends on uninitialised value(s)
   at 0x9440A18: XcursorImageHash (in /usr/lib/
   by 0x9440ED7: XcursorNoticePutBitmap (in /usr/lib/
   by 0x42F5EF8: _XNoticePutBitmap (in /usr/lib/
   by 0x430D3A7: XPutImage (in /usr/lib/
   by 0x938107E: ImplSalDDB::ImplSalDDB(_XImage*, unsigned long, int, SalTwoRect const&) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/
   by 0x9382E77: X11SalBitmap::ImplGetDDB(unsigned long, int, long, SalTwoRect const&) const (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/
   by 0x9382F52: X11SalBitmap::ImplDraw(unsigned long, int, long, SalTwoRect const&, _XGC* const&) const (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/
   by 0x937DC2A: X11SalGraphics::drawMaskedBitmap(SalTwoRect const*, SalBitmap const&, SalBitmap const&) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/
   by 0x937DF70: X11SalGraphics::drawBitmap(SalTwoRect const*, SalBitmap const&, SalBitmap const&) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/
   by 0x5BAE9FB: SalGraphics::DrawBitmap(SalTwoRect const*, SalBitmap const&, SalBitmap const&, OutputDevice const*) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/
   by 0x5B92D9C: OutputDevice::ImplDrawBitmapEx(Point const&, Size const&, Point const&, Size const&, BitmapEx const&, unsigned long) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/
   by 0x5B9320D: OutputDevice::DrawBitmapEx(Point const&, Size const&, BitmapEx const&) (in /cws/sb138_m98/DEV300/unxlngi6/installation/opt/

might be a false positive, [1] specifies a suppression block for the head of that stack,

   X oddness 3

more information

There's also some Writer document about Valgrind:

TODO: move (!) its content here, not just copy but also remove there, so we don't end up with a fork.

TODO: Run recent version
Someone should run the latest version o OO.o, as Valgrind 3.3.0 re-introduces Hellgrind which helps e.g. to hunt down deadlocks. See [2] for more.

Callgrind Profiling How-To

There's a Callgrind How-To.

Personal tools