Valgrind () is a

programming tool A programming tool or software development tool is a computer program that software developers use to create, debug, maintain, or otherwise support other programs and applications. The term usually refers to relatively simple programs, that can b ...

for

memory debugging Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remembered, ...

memory leak In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that Computer memory, memory which is no longer needed is not released. A memory leak may also happe ...

detection, and profiling. Valgrind was originally designed to be a

free Free may refer to: Concept * Freedom, having the ability to do something, without having to obey anyone/anything * Freethought, a position that beliefs should be formed only on the basis of logic, reason, and empiricism * Emancipate, to procur ...

memory debugging tool for

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...

, but has since evolved to become a generic framework for creating dynamic analysis tools such as checkers and profilers.

Overview

Valgrind is in essence a

virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...

using

just-in-time compilation In computing, just-in-time (JIT) compilation (also dynamic translation or run-time compilations) is a way of executing computer code that involves compilation during execution of a program (at run time) rather than before execution. This may cons ...

techniques, including

dynamic recompilation In computer science, dynamic recompilation is a feature of some emulators and virtual machines, where the system may recompile some part of a program during execution. By compiling during execution, the system can tailor the generated code to r ...

. Nothing from the original program ever gets run directly on the host

processor Processor may refer to: Computing Hardware * Processor (computing) **Central processing unit (CPU), the hardware within a computer that executes a program *** Microprocessor, a central processing unit contained on a single integrated circuit (I ...

. Instead, Valgrind first translates the program into a temporary, simpler form called

intermediate representation An intermediate representation (IR) is the data structure or code used internally by a compiler or virtual machine to represent source code. An IR is designed to be conducive to further processing, such as optimization and translation. A "good" ...

(IR), which is a processor-neutral,

static single assignment form In compiler design, static single assignment form (often abbreviated as SSA form or simply SSA) is a property of an intermediate representation (IR) that requires each variable to be assigned exactly once and defined before it is used. Existing var ...

-based form. After the conversion, a tool (see below) is free to do whatever transformations it would like on the IR, before Valgrind translates the IR back into machine code and lets the host processor run it. Valgrind recompiles

binary code A binary code represents text, computer processor instructions, or any other data using a two-symbol system. The two-symbol system used is often "0" and "1" from the binary number system. The binary code assigns a pattern of binary digits, also ...

to run on host and target (or simulated) CPUs of the same architecture. It also includes a

GDB The GNU Debugger (GDB) is a Software portability, portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada (programming language), Ada, C (programming language), C, C++, Objective-C, Free Pasc ...

stub to allow debugging of the target program as it runs in Valgrind, with "monitor commands" that allow querying the Valgrind tool for various information. A considerable amount of performance is lost in these transformations (and usually, the code the tool inserts); usually, code run with Valgrind and the "none" tool (which does nothing to the IR) runs at 20% to 25% of the speed of the normal program.

Tools

Memcheck

There are multiple tools included with Valgrind (and several external ones). The default (and most used) tool is ''Memcheck''. Memcheck inserts extra

instrumentation Instrumentation a collective term for measuring instruments that are used for indicating, measuring and recording physical quantities. The term has its origins in the art and science of scientific instrument-making. Instrumentation can refer to ...

code around almost all instructions, which keeps track of the ''validity'' (all unallocated memory starts as invalid or "undefined", until it is initialized into a deterministic state, possibly from other memory) and ''addressability'' (whether the memory address in question points to an allocated, non-freed memory block), stored in the so-called ''V bits'' and ''A bits'' respectively. As data is moved around or manipulated, the instrumentation code keeps track of the A and V bits, so they are always correct on a single-bit level. In addition, Memcheck replaces the standard C memory allocator with its own implementation, which also includes ''memory guards'' around all allocated blocks (with the A bits set to "invalid"). This feature enables Memcheck to detect

off-by-one error An off-by-one error or off-by-one bug (known by acronyms OBOE, OBO, OB1 and OBOB) is a logic error involving the discrete equivalent of a boundary condition. It often occurs in computer programming when an iterative loop iterates one time too m ...

s where a program reads or writes outside an allocated block by a small amount. The problems Memcheck can detect and warn about include the following: * Use of uninitialized memory * Reading/writing memory after it has been free'd * Reading/writing off the end of malloc'd blocks *

Memory leak In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that Computer memory, memory which is no longer needed is not released. A memory leak may also happe ...

s The price of this is lost performance. Programs running under Memcheck usually run 20–30 times slower than running outside Valgrind and use more memory (there is a memory penalty per allocation). Thus, few developers run their code under Memcheck (or any other Valgrind tool) all the time. They most commonly use such tools either to trace down some specific bug, or to verify that there are no latent bugs (of the kind Memcheck can detect) in the code.

Other tools

In addition to Memcheck, Valgrind has several other tools: *''None'', runs the code in the virtual machine without performing any analysis and thus has the smallest possible CPU and memory overhead of all tools. Since Valgrind itself provides a trace back from a

segmentation fault In computing, a segmentation fault (often shortened to segfault) or access violation is a fault, or failure condition, raised by hardware with memory protection, notifying an operating system (OS) the software has attempted to access a restricte ...

, the ''none'' tool provides this traceback at minimal overhead. *''Addrcheck'', similar to Memcheck but with much smaller CPU and memory overhead, thus catching fewer types of bugs. Addrcheck has been removed as of version 3.2.0. *''Massif'', a

heap Heap or HEAP may refer to: Computing and mathematics * Heap (data structure), a data structure commonly used to implement a priority queue * Heap (mathematics), a generalization of a group * Heap (programming) (or free store), an area of memory f ...

profiler. The separate

GUI The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...

massif-visualizer visualizes output from Massif. *''Helgrind'' and ''DRD'', detect

race condition A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when one or more of t ...

s in multithreaded code *''Cachegrind'', a

cache Cache, caching, or caché may refer to: Places United States * Cache, Idaho, an unincorporated community * Cache, Illinois, an unincorporated community * Cache, Oklahoma, a city in Comanche County * Cache, Utah, Cache County, Utah * Cache Count ...

profiler. The separate GUI KCacheGrind visualizes output from Cachegrind. *''Callgrind'', a

call graph A call graph (also known as a call multigraph) is a control-flow graph, which represents calling relationships between subroutines in a computer program. Each node represents a procedure and each edge ''(f, g)'' indicates that procedure ''f'' cal ...

analyzer created by Josef Weidendorfer, added to Valgrind as of version 3.2.0. KCacheGrind can visualize output from Callgrind. *''DHAT'', dynamic heap analysis tool which analyzes how much memory is allocated and for how long, as well as patterns of memory usage. *''exp-bbv'', a performance simulator that extrapolates performance from a small sample set. ''exp-sgcheck'' (named ''exp-ptrcheck'' prior to version 3.7), was removed in version 3.16.0. It was an experimental tool to find stack and global array overrun errors, which Memcheck cannot find. There are also several externally developed tools available. One such tool is ThreadSanitizer, another detector of

Platforms supported

As of version 3.4.0, Valgrind supports

x86-64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...

and

PowerPC PowerPC (with the backronym Performance Optimization With Enhanced RISC – Performance Computing, sometimes abbreviated as PPC) is a reduced instruction set computer (RISC) instruction set architecture (ISA) created by the 1991 Apple Inc., App ...

. Support for Linux on

ARMv7 ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configured ...

(used for example in certain

smartphones A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, which ...

) was added in version 3.6.0. Support for

Solaris Solaris may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Solaris'' (1972 film), directed by ...

was added in version 3.11.0. Support for was added in version 3.5.0. Support for

FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...

x86 and amd64 was added in version 3.18.0. There are unofficial ports to other

Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...

platforms (like

OpenBSD OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project em ...

, and

NetBSD NetBSD is a free and open-source Unix operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is a ...

). From version 3.7.0 the ARM/ Android platform support was added. Since version 3.9.0 there is support for Linux on

MIPS64 MIPS (Microprocessor without Interlocked Pipelined Stages) is a family of reduced instruction set computer (RISC) instruction set architectures (ISA)Price, Charles (September 1995). ''MIPS IV Instruction Set'' (Revision 3.2), MIPS Technologies, ...

little and big endian, for MIPS DSP ASE on

MIPS32 MIPS (Microprocessor without Interlocked Pipelined Stages) is a family of reduced instruction set computer (RISC) instruction set architectures (ISA)Price, Charles (September 1995). ''MIPS IV Instruction Set'' (Revision 3.2), MIPS Technologies, ...

, for

s390x Linux on IBM Z or Linux on zSystems is the collective term for the Linux operating system compiled to run on IBM mainframes, especially IBM Z / IBM zSystems and IBM LinuxONE servers. Similar terms which imply the same meaning are ''Linux/390'', ...

Decimal Floating Point instructions, for

POWER8 POWER8 is a family of superscalar multi-core microprocessors based on the Power ISA, announced in August 2013 at the Hot Chips conference. The designs are available for licensing under the OpenPOWER Foundation, which is the first time for s ...

( Power ISA 2.07) instructions, for Intel

AVX2 Advanced Vector Extensions (AVX) are extensions to the x86 instruction set architecture for microprocessors from Intel and Advanced Micro Devices (AMD). They were proposed by Intel in March 2008 and first supported by Intel with the Sandy Bridge ...

instructions, for Intel Transactional Synchronization Extensions, both RTM and HLE and initial support for Hardware Transactional Memory on POWER.

History and development

The name Valgrind is a reference to the main entrance of

Valhalla In Norse mythology Valhalla (;) is the anglicised name for non, Valhǫll ("hall of the slain").Orchard (1997:171–172) It is described as a majestic hall located in Asgard and presided over by the god Odin. Half of those who die in combat e ...

from

Norse mythology Norse, Nordic, or Scandinavian mythology is the body of myths belonging to the North Germanic peoples, stemming from Old Norse religion and continuing after the Christianization of Scandinavia, and into the Nordic folklore of the modern period ...

. During development (before release) the project was named

Heimdall In Norse mythology, Heimdall (from Old Norse Heimdallr) is a god who keeps watch for invaders and the onset of Ragnarök from his dwelling Himinbjörg, where the burning rainbow bridge Bifröst meets the sky. He is attested as possessing for ...

; however, the name would have conflicted with a security package. The original author of Valgrind is

Julian Seward Julian Seward is a British compiler writer and Free Software contributor who lives in Stuttgart. He is commonly known for creating the bzip2 compression tool in 1996, as well as the valgrind memory debugging toolset founded in 2000. In 2006, ...

, who in 2006 won a Google-O'Reilly Open Source Award for his work on Valgrind. Several others have also made significant contributions, including Cerion Armour-Brown, Jeremy Fitzhardinge, Tom Hughes, Nicholas Nethercote, Paul Mackerras, Dirk Mueller, Bart Van Assche, Josef Weidendorfer, and Robert Walsh. It is used by a number of Linux-based projects.

Limitations of Memcheck

In addition to the performance penalty, an important limitation of Memcheck is its inability to detect all cases of bounds errors in the use of static or stack-allocated data.Valgrind FAQ
/ref> The following code will pass the ''Memcheck'' tool in Valgrind without incident, despite containing the errors described in the comments: int Static int func(void) The experimental Valgrind tool exp-sgcheck has been written to address this limitation in Memcheck. It will detect array overrun errors, provided the first access to an array is within the array bounds. Note that exp-sgcheck will not detect the array overrun in the code above, since the first access to an array is out of bounds, but it will detect the array overrun error in the following code: void func(void) The inability to detect all errors involving the access of stack allocated data is especially noteworthy since certain types of stack errors make software vulnerable to the classic stack smashing exploit.

Notes

References

* * *

External links

* {{Linux Debuggers Free memory debuggers Free memory management software Free software testing tools Profilers Software testing tools