1<?xml version="1.0"?> <!-- -*- sgml -*- --> 2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 4[ <!ENTITY % vg-entities SYSTEM "vg-entities.xml"> %vg-entities; ]> 5 6 7<chapter id="manual-core" xreflabel="Valgrind's core"> 8<title>Using and understanding the Valgrind core</title> 9 10<para>This chapter describes the Valgrind core services, command-line 11options and behaviours. That means it is relevant regardless of what 12particular tool you are using. The information should be sufficient for you 13to make effective day-to-day use of Valgrind. Advanced topics related to 14the Valgrind core are described in <xref linkend="manual-core-adv"/>. 15</para> 16 17<para> 18A point of terminology: most references to "Valgrind" in this chapter 19refer to the Valgrind core services. </para> 20 21 22 23<sect1 id="manual-core.whatdoes" 24 xreflabel="What Valgrind does with your program"> 25<title>What Valgrind does with your program</title> 26 27<para>Valgrind is designed to be as non-intrusive as possible. It works 28directly with existing executables. You don't need to recompile, relink, 29or otherwise modify the program to be checked.</para> 30 31<para>You invoke Valgrind like this:</para> 32<programlisting><![CDATA[ 33valgrind [valgrind-options] your-prog [your-prog-options]]]></programlisting> 34 35<para>The most important option is <option>--tool</option> which dictates 36which Valgrind tool to run. For example, if want to run the command 37<computeroutput>ls -l</computeroutput> using the memory-checking tool 38Memcheck, issue this command:</para> 39 40<programlisting><![CDATA[ 41valgrind --tool=memcheck ls -l]]></programlisting> 42 43<para>However, Memcheck is the default, so if you want to use it you can 44omit the <option>--tool</option> option.</para> 45 46<para>Regardless of which tool is in use, Valgrind takes control of your 47program before it starts. Debugging information is read from the 48executable and associated libraries, so that error messages and other 49outputs can be phrased in terms of source code locations, when 50appropriate.</para> 51 52<para>Your program is then run on a synthetic CPU provided by the 53Valgrind core. As new code is executed for the first time, the core 54hands the code to the selected tool. The tool adds its own 55instrumentation code to this and hands the result back to the core, 56which coordinates the continued execution of this instrumented 57code.</para> 58 59<para>The amount of instrumentation code added varies widely between 60tools. At one end of the scale, Memcheck adds code to check every 61memory access and every value computed, 62making it run 10-50 times slower than natively. 63At the other end of the spectrum, the minimal tool, called Nulgrind, 64adds no instrumentation at all and causes in total "only" about a 4 times 65slowdown.</para> 66 67<para>Valgrind simulates every single instruction your program executes. 68Because of this, the active tool checks, or profiles, not only the code 69in your application but also in all supporting dynamically-linked libraries, 70including the C library, graphical libraries, and so on.</para> 71 72<para>If you're using an error-detection tool, Valgrind may 73detect errors in system libraries, for example the GNU C or X11 74libraries, which you have to use. You might not be interested in these 75errors, since you probably have no control over that code. Therefore, 76Valgrind allows you to selectively suppress errors, by recording them in 77a suppressions file which is read when Valgrind starts up. The build 78mechanism selects default suppressions which give reasonable 79behaviour for the OS and libraries detected on your machine. 80To make it easier to write suppressions, you can use the 81<option>--gen-suppressions=yes</option> option. This tells Valgrind to 82print out a suppression for each reported error, which you can then 83copy into a suppressions file.</para> 84 85<para>Different error-checking tools report different kinds of errors. 86The suppression mechanism therefore allows you to say which tool or 87tool(s) each suppression applies to.</para> 88 89</sect1> 90 91 92<sect1 id="manual-core.started" xreflabel="Getting started"> 93<title>Getting started</title> 94 95<para>First off, consider whether it might be beneficial to recompile 96your application and supporting libraries with debugging info enabled 97(the <option>-g</option> option). Without debugging info, the best 98Valgrind tools will be able to do is guess which function a particular 99piece of code belongs to, which makes both error messages and profiling 100output nearly useless. With <option>-g</option>, you'll get 101messages which point directly to the relevant source code lines.</para> 102 103<para>Another option you might like to consider, if you are working with 104C++, is <option>-fno-inline</option>. That makes it easier to see the 105function-call chain, which can help reduce confusion when navigating 106around large C++ apps. For example, debugging 107OpenOffice.org with Memcheck is a bit easier when using this option. You 108don't have to do this, but doing so helps Valgrind produce more accurate 109and less confusing error reports. Chances are you're set up like this 110already, if you intended to debug your program with GNU GDB, or some 111other debugger.</para> 112 113<para>If you are planning to use Memcheck: On rare 114occasions, compiler optimisations (at <option>-O2</option> 115and above, and sometimes <option>-O1</option>) have been 116observed to generate code which fools Memcheck into wrongly reporting 117uninitialised value errors, or missing uninitialised value errors. We have 118looked in detail into fixing this, and unfortunately the result is that 119doing so would give a further significant slowdown in what is already a slow 120tool. So the best solution is to turn off optimisation altogether. Since 121this often makes things unmanageably slow, a reasonable compromise is to use 122<option>-O</option>. This gets you the majority of the 123benefits of higher optimisation levels whilst keeping relatively small the 124chances of false positives or false negatives from Memcheck. Also, you 125should compile your code with <option>-Wall</option> because 126it can identify some or all of the problems that Valgrind can miss at the 127higher optimisation levels. (Using <option>-Wall</option> 128is also a good idea in general.) All other tools (as far as we know) are 129unaffected by optimisation level, and for profiling tools like Cachegrind it 130is better to compile your program at its normal optimisation level.</para> 131 132<para>Valgrind understands both the older "stabs" debugging format, used 133by GCC versions prior to 3.1, and the newer DWARF2/3/4 formats 134used by GCC 1353.1 and later. We continue to develop our debug-info readers, 136although the majority of effort will naturally enough go into the newer 137DWARF readers.</para> 138 139<para>When you're ready to roll, run Valgrind as described above. 140Note that you should run the real 141(machine-code) executable here. If your application is started by, for 142example, a shell or Perl script, you'll need to modify it to invoke 143Valgrind on the real executables. Running such scripts directly under 144Valgrind will result in you getting error reports pertaining to 145<filename>/bin/sh</filename>, 146<filename>/usr/bin/perl</filename>, or whatever interpreter 147you're using. This may not be what you want and can be confusing. You 148can force the issue by giving the option 149<option>--trace-children=yes</option>, but confusion is still 150likely.</para> 151 152</sect1> 153 154 155<sect1 id="manual-core.comment" xreflabel="The Commentary"> 156<title>The Commentary</title> 157 158<para>Valgrind tools write a commentary, a stream of text, detailing 159error reports and other significant events. All lines in the commentary 160have following form: 161 162<programlisting><![CDATA[ 163==12345== some-message-from-Valgrind]]></programlisting> 164</para> 165 166<para>The <computeroutput>12345</computeroutput> is the process ID. 167This scheme makes it easy to distinguish program output from Valgrind 168commentary, and also easy to differentiate commentaries from different 169processes which have become merged together, for whatever reason.</para> 170 171<para>By default, Valgrind tools write only essential messages to the 172commentary, so as to avoid flooding you with information of secondary 173importance. If you want more information about what is happening, 174re-run, passing the <option>-v</option> option to Valgrind. A second 175<option>-v</option> gives yet more detail. 176</para> 177 178<para>You can direct the commentary to three different places:</para> 179 180<orderedlist> 181 182 <listitem id="manual-core.out2fd" xreflabel="Directing output to fd"> 183 <para>The default: send it to a file descriptor, which is by default 184 2 (stderr). So, if you give the core no options, it will write 185 commentary to the standard error stream. If you want to send it to 186 some other file descriptor, for example number 9, you can specify 187 <option>--log-fd=9</option>.</para> 188 189 <para>This is the simplest and most common arrangement, but can 190 cause problems when Valgrinding entire trees of processes which 191 expect specific file descriptors, particularly stdin/stdout/stderr, 192 to be available for their own use.</para> 193 </listitem> 194 195 <listitem id="manual-core.out2file" 196 xreflabel="Directing output to file"> <para>A less intrusive 197 option is to write the commentary to a file, which you specify by 198 <option>--log-file=filename</option>. There are special format 199 specifiers that can be used to use a process ID or an environment 200 variable name in the log file name. These are useful/necessary if your 201 program invokes multiple processes (especially for MPI programs). 202 See the <link linkend="manual-core.basicopts">basic options section</link> 203 for more details.</para> 204 </listitem> 205 206 <listitem id="manual-core.out2socket" 207 xreflabel="Directing output to network socket"> <para>The 208 least intrusive option is to send the commentary to a network 209 socket. The socket is specified as an IP address and port number 210 pair, like this: <option>--log-socket=192.168.0.1:12345</option> if 211 you want to send the output to host IP 192.168.0.1 port 12345 212 (note: we 213 have no idea if 12345 is a port of pre-existing significance). You 214 can also omit the port number: 215 <option>--log-socket=192.168.0.1</option>, in which case a default 216 port of 1500 is used. This default is defined by the constant 217 <computeroutput>VG_CLO_DEFAULT_LOGPORT</computeroutput> in the 218 sources.</para> 219 220 <para>Note, unfortunately, that you have to use an IP address here, 221 rather than a hostname.</para> 222 223 <para>Writing to a network socket is pointless if you don't 224 have something listening at the other end. We provide a simple 225 listener program, 226 <computeroutput>valgrind-listener</computeroutput>, which accepts 227 connections on the specified port and copies whatever it is sent to 228 stdout. Probably someone will tell us this is a horrible security 229 risk. It seems likely that people will write more sophisticated 230 listeners in the fullness of time.</para> 231 232 <para><computeroutput>valgrind-listener</computeroutput> can accept 233 simultaneous connections from up to 50 Valgrinded processes. In front 234 of each line of output it prints the current number of active 235 connections in round brackets.</para> 236 237 <para><computeroutput>valgrind-listener</computeroutput> accepts two 238 command-line options:</para> 239 <itemizedlist> 240 <listitem> 241 <para><option>-e</option> or <option>--exit-at-zero</option>: 242 when the number of connected processes falls back to zero, 243 exit. Without this, it will run forever, that is, until you 244 send it Control-C.</para> 245 </listitem> 246 <listitem> 247 <para><option>portnumber</option>: changes the port it listens 248 on from the default (1500). The specified port must be in the 249 range 1024 to 65535. The same restriction applies to port 250 numbers specified by a <option>--log-socket</option> to 251 Valgrind itself.</para> 252 </listitem> 253 </itemizedlist> 254 255 <para>If a Valgrinded process fails to connect to a listener, for 256 whatever reason (the listener isn't running, invalid or unreachable 257 host or port, etc), Valgrind switches back to writing the commentary 258 to stderr. The same goes for any process which loses an established 259 connection to a listener. In other words, killing the listener 260 doesn't kill the processes sending data to it.</para> 261 </listitem> 262 263</orderedlist> 264 265<para>Here is an important point about the relationship between the 266commentary and profiling output from tools. The commentary contains a 267mix of messages from the Valgrind core and the selected tool. If the 268tool reports errors, it will report them to the commentary. However, if 269the tool does profiling, the profile data will be written to a file of 270some kind, depending on the tool, and independent of what 271<option>--log-*</option> options are in force. The commentary is 272intended to be a low-bandwidth, human-readable channel. Profiling data, 273on the other hand, is usually voluminous and not meaningful without 274further processing, which is why we have chosen this arrangement.</para> 275 276</sect1> 277 278 279<sect1 id="manual-core.report" xreflabel="Reporting of errors"> 280<title>Reporting of errors</title> 281 282<para>When an error-checking tool 283detects something bad happening in the program, an error 284message is written to the commentary. Here's an example from Memcheck:</para> 285 286<programlisting><![CDATA[ 287==25832== Invalid read of size 4 288==25832== at 0x8048724: BandMatrix::ReSize(int, int, int) (bogon.cpp:45) 289==25832== by 0x80487AF: main (bogon.cpp:66) 290==25832== Address 0xBFFFF74C is not stack'd, malloc'd or free'd]]></programlisting> 291 292<para>This message says that the program did an illegal 4-byte read of 293address 0xBFFFF74C, which, as far as Memcheck can tell, is not a valid 294stack address, nor corresponds to any current heap blocks or recently freed 295heap blocks. The read is happening at line 45 of 296<filename>bogon.cpp</filename>, called from line 66 of the same file, 297etc. For errors associated with an identified (current or freed) heap block, 298for example reading freed memory, Valgrind reports not only the 299location where the error happened, but also where the associated heap block 300was allocated/freed.</para> 301 302<para>Valgrind remembers all error reports. When an error is detected, 303it is compared against old reports, to see if it is a duplicate. If so, 304the error is noted, but no further commentary is emitted. This avoids 305you being swamped with bazillions of duplicate error reports.</para> 306 307<para>If you want to know how many times each error occurred, run with 308the <option>-v</option> option. When execution finishes, all the 309reports are printed out, along with, and sorted by, their occurrence 310counts. This makes it easy to see which errors have occurred most 311frequently.</para> 312 313<para>Errors are reported before the associated operation actually 314happens. For example, if you're using Memcheck and your program attempts to 315read from address zero, Memcheck will emit a message to this effect, and 316your program will then likely die with a segmentation fault.</para> 317 318<para>In general, you should try and fix errors in the order that they 319are reported. Not doing so can be confusing. For example, a program 320which copies uninitialised values to several memory locations, and later 321uses them, will generate several error messages, when run on Memcheck. 322The first such error message may well give the most direct clue to the 323root cause of the problem.</para> 324 325<para>The process of detecting duplicate errors is quite an 326expensive one and can become a significant performance overhead 327if your program generates huge quantities of errors. To avoid 328serious problems, Valgrind will simply stop collecting 329errors after 1,000 different errors have been seen, or 10,000,000 errors 330in total have been seen. In this situation you might as well 331stop your program and fix it, because Valgrind won't tell you 332anything else useful after this. Note that the 1,000/10,000,000 limits 333apply after suppressed errors are removed. These limits are 334defined in <filename>m_errormgr.c</filename> and can be increased 335if necessary.</para> 336 337<para>To avoid this cutoff you can use the 338<option>--error-limit=no</option> option. Then Valgrind will always show 339errors, regardless of how many there are. Use this option carefully, 340since it may have a bad effect on performance.</para> 341 342</sect1> 343 344 345<sect1 id="manual-core.suppress" xreflabel="Suppressing errors"> 346<title>Suppressing errors</title> 347 348<para>The error-checking tools detect numerous problems in the system 349libraries, such as the C library, 350which come pre-installed with your OS. You can't easily fix 351these, but you don't want to see these errors (and yes, there are many!) 352So Valgrind reads a list of errors to suppress at startup. A default 353suppression file is created by the 354<computeroutput>./configure</computeroutput> script when the system is 355built.</para> 356 357<para>You can modify and add to the suppressions file at your leisure, 358or, better, write your own. Multiple suppression files are allowed. 359This is useful if part of your project contains errors you can't or 360don't want to fix, yet you don't want to continuously be reminded of 361them.</para> 362 363<formalpara><title>Note:</title> <para>By far the easiest way to add 364suppressions is to use the <option>--gen-suppressions=yes</option> option 365described in <xref linkend="manual-core.options"/>. This generates 366suppressions automatically. For best results, 367though, you may want to edit the output 368 of <option>--gen-suppressions=yes</option> by hand, in which 369case it would be advisable to read through this section. 370</para> 371</formalpara> 372 373<para>Each error to be suppressed is described very specifically, to 374minimise the possibility that a suppression-directive inadvertently 375suppresses a bunch of similar errors which you did want to see. The 376suppression mechanism is designed to allow precise yet flexible 377specification of errors to suppress.</para> 378 379<para>If you use the <option>-v</option> option, at the end of execution, 380Valgrind prints out one line for each used suppression, giving its name 381and the number of times it got used. Here's the suppressions used by a 382run of <computeroutput>valgrind --tool=memcheck ls -l</computeroutput>:</para> 383 384<programlisting><![CDATA[ 385--27579-- supp: 1 socketcall.connect(serv_addr)/__libc_connect/__nscd_getgrgid_r 386--27579-- supp: 1 socketcall.connect(serv_addr)/__libc_connect/__nscd_getpwuid_r 387--27579-- supp: 6 strrchr/_dl_map_object_from_fd/_dl_map_object]]></programlisting> 388 389<para>Multiple suppressions files are allowed. By default, Valgrind 390uses <filename>$PREFIX/lib/valgrind/default.supp</filename>. You can 391ask to add suppressions from another file, by specifying 392<option>--suppressions=/path/to/file.supp</option>. 393</para> 394 395<para>If you want to understand more about suppressions, look at an 396existing suppressions file whilst reading the following documentation. 397The file <filename>glibc-2.3.supp</filename>, in the source 398distribution, provides some good examples.</para> 399 400<para>Each suppression has the following components:</para> 401 402<itemizedlist> 403 404 <listitem> 405 <para>First line: its name. This merely gives a handy name to the 406 suppression, by which it is referred to in the summary of used 407 suppressions printed out when a program finishes. It's not 408 important what the name is; any identifying string will do.</para> 409 </listitem> 410 411 <listitem> 412 <para>Second line: name of the tool(s) that the suppression is for 413 (if more than one, comma-separated), and the name of the suppression 414 itself, separated by a colon (n.b.: no spaces are allowed), eg:</para> 415<programlisting><![CDATA[ 416tool_name1,tool_name2:suppression_name]]></programlisting> 417 418 <para>Recall that Valgrind is a modular system, in which 419 different instrumentation tools can observe your program whilst it 420 is running. Since different tools detect different kinds of errors, 421 it is necessary to say which tool(s) the suppression is meaningful 422 to.</para> 423 424 <para>Tools will complain, at startup, if a tool does not understand 425 any suppression directed to it. Tools ignore suppressions which are 426 not directed to them. As a result, it is quite practical to put 427 suppressions for all tools into the same suppression file.</para> 428 </listitem> 429 430 <listitem> 431 <para>Next line: a small number of suppression types have extra 432 information after the second line (eg. the <varname>Param</varname> 433 suppression for Memcheck)</para> 434 </listitem> 435 436 <listitem> 437 <para>Remaining lines: This is the calling context for the error -- 438 the chain of function calls that led to it. There can be up to 24 439 of these lines.</para> 440 441 <para>Locations may be names of either shared objects or 442 functions. They begin 443 <computeroutput>obj:</computeroutput> and 444 <computeroutput>fun:</computeroutput> respectively. Function and 445 object names to match against may use the wildcard characters 446 <computeroutput>*</computeroutput> and 447 <computeroutput>?</computeroutput>.</para> 448 449 <para><command>Important note: </command> C++ function names must be 450 <command>mangled</command>. If you are writing suppressions by 451 hand, use the <option>--demangle=no</option> option to get the 452 mangled names in your error messages. An example of a mangled 453 C++ name is <computeroutput>_ZN9QListView4showEv</computeroutput>. 454 This is the form that the GNU C++ compiler uses internally, and 455 the form that must be used in suppression files. The equivalent 456 demangled name, <computeroutput>QListView::show()</computeroutput>, 457 is what you see at the C++ source code level. 458 </para> 459 460 <para>A location line may also be 461 simply "<computeroutput>...</computeroutput>" (three dots). This is 462 a frame-level wildcard, which matches zero or more frames. Frame 463 level wildcards are useful because they make it easy to ignore 464 varying numbers of uninteresting frames in between frames of 465 interest. That is often important when writing suppressions which 466 are intended to be robust against variations in the amount of 467 function inlining done by compilers.</para> 468 </listitem> 469 470 <listitem> 471 <para>Finally, the entire suppression must be between curly 472 braces. Each brace must be the first character on its own 473 line.</para> 474 </listitem> 475 476 </itemizedlist> 477 478<para>A suppression only suppresses an error when the error matches all 479the details in the suppression. Here's an example:</para> 480 481<programlisting><![CDATA[ 482{ 483 __gconv_transform_ascii_internal/__mbrtowc/mbtowc 484 Memcheck:Value4 485 fun:__gconv_transform_ascii_internal 486 fun:__mbr*toc 487 fun:mbtowc 488}]]></programlisting> 489 490 491<para>What it means is: for Memcheck only, suppress a 492use-of-uninitialised-value error, when the data size is 4, when it 493occurs in the function 494<computeroutput>__gconv_transform_ascii_internal</computeroutput>, when 495that is called from any function of name matching 496<computeroutput>__mbr*toc</computeroutput>, when that is called from 497<computeroutput>mbtowc</computeroutput>. It doesn't apply under any 498other circumstances. The string by which this suppression is identified 499to the user is 500<computeroutput>__gconv_transform_ascii_internal/__mbrtowc/mbtowc</computeroutput>.</para> 501 502<para>(See <xref linkend="mc-manual.suppfiles"/> for more details 503on the specifics of Memcheck's suppression kinds.)</para> 504 505<para>Another example, again for the Memcheck tool:</para> 506 507<programlisting><![CDATA[ 508{ 509 libX11.so.6.2/libX11.so.6.2/libXaw.so.7.0 510 Memcheck:Value4 511 obj:/usr/X11R6/lib/libX11.so.6.2 512 obj:/usr/X11R6/lib/libX11.so.6.2 513 obj:/usr/X11R6/lib/libXaw.so.7.0 514}]]></programlisting> 515 516<para>This suppresses any size 4 uninitialised-value error which occurs 517anywhere in <filename>libX11.so.6.2</filename>, when called from 518anywhere in the same library, when called from anywhere in 519<filename>libXaw.so.7.0</filename>. The inexact specification of 520locations is regrettable, but is about all you can hope for, given that 521the X11 libraries shipped on the Linux distro on which this example 522was made have had their symbol tables removed.</para> 523 524<para>Although the above two examples do not make this clear, you can 525freely mix <computeroutput>obj:</computeroutput> and 526<computeroutput>fun:</computeroutput> lines in a suppression.</para> 527 528<para>Finally, here's an example using three frame-level wildcards:</para> 529 530<programlisting><![CDATA[ 531{ 532 a-contrived-example 533 Memcheck:Leak 534 fun:malloc 535 ... 536 fun:ddd 537 ... 538 fun:ccc 539 ... 540 fun:main 541} 542]]></programlisting> 543This suppresses Memcheck memory-leak errors, in the case where 544the allocation was done by <computeroutput>main</computeroutput> 545calling (though any number of intermediaries, including zero) 546<computeroutput>ccc</computeroutput>, 547calling onwards via 548<computeroutput>ddd</computeroutput> and eventually 549to <computeroutput>malloc.</computeroutput>. 550</sect1> 551 552 553<sect1 id="manual-core.options" 554 xreflabel="Core Command-line Options"> 555<title>Core Command-line Options</title> 556 557<para>As mentioned above, Valgrind's core accepts a common set of options. 558The tools also accept tool-specific options, which are documented 559separately for each tool.</para> 560 561<para>Valgrind's default settings succeed in giving reasonable behaviour 562in most cases. We group the available options by rough categories.</para> 563 564<sect2 id="manual-core.toolopts" xreflabel="Tool-selection Option"> 565<title>Tool-selection Option</title> 566 567<para id="tool.opts.para">The single most important option.</para> 568 569<variablelist id="tool.opts.list"> 570 571 <varlistentry id="tool_name" xreflabel="--tool"> 572 <term> 573 <option><![CDATA[--tool=<toolname> [default: memcheck] ]]></option> 574 </term> 575 <listitem> 576 <para>Run the Valgrind tool called <varname>toolname</varname>, 577 e.g. Memcheck, Cachegrind, etc.</para> 578 </listitem> 579 </varlistentry> 580 581</variablelist> 582 583</sect2> 584 585 586 587<sect2 id="manual-core.basicopts" xreflabel="Basic Options"> 588<title>Basic Options</title> 589 590<!-- start of xi:include in the manpage --> 591<para id="basic.opts.para">These options work with all tools.</para> 592 593<variablelist id="basic.opts.list"> 594 595 <varlistentry id="opt.help" xreflabel="--help"> 596 <term><option>-h --help</option></term> 597 <listitem> 598 <para>Show help for all options, both for the core and for the 599 selected tool. If the option is repeated it is equivalent to giving 600 <option>--help-debug</option>.</para> 601 </listitem> 602 </varlistentry> 603 604 <varlistentry id="opt.help-debug" xreflabel="--help-debug"> 605 <term><option>--help-debug</option></term> 606 <listitem> 607 <para>Same as <option>--help</option>, but also lists debugging 608 options which usually are only of use to Valgrind's 609 developers.</para> 610 </listitem> 611 </varlistentry> 612 613 <varlistentry id="opt.version" xreflabel="--version"> 614 <term><option>--version</option></term> 615 <listitem> 616 <para>Show the version number of the Valgrind core. Tools can have 617 their own version numbers. There is a scheme in place to ensure 618 that tools only execute when the core version is one they are 619 known to work with. This was done to minimise the chances of 620 strange problems arising from tool-vs-core version 621 incompatibilities.</para> 622 </listitem> 623 </varlistentry> 624 625 <varlistentry id="opt.quiet" xreflabel="--quiet"> 626 <term><option>-q</option>, <option>--quiet</option></term> 627 <listitem> 628 <para>Run silently, and only print error messages. Useful if you 629 are running regression tests or have some other automated test 630 machinery.</para> 631 </listitem> 632 </varlistentry> 633 634 <varlistentry id="opt.verbose" xreflabel="--verbose"> 635 <term><option>-v</option>, <option>--verbose</option></term> 636 <listitem> 637 <para>Be more verbose. Gives extra information on various aspects 638 of your program, such as: the shared objects loaded, the 639 suppressions used, the progress of the instrumentation and 640 execution engines, and warnings about unusual behaviour. Repeating 641 the option increases the verbosity level.</para> 642 </listitem> 643 </varlistentry> 644 645 <varlistentry id="opt.trace-children" xreflabel="--trace-children"> 646 <term> 647 <option><![CDATA[--trace-children=<yes|no> [default: no] ]]></option> 648 </term> 649 <listitem> 650 <para>When enabled, Valgrind will trace into sub-processes 651 initiated via the <varname>exec</varname> system call. This is 652 necessary for multi-process programs. 653 </para> 654 <para>Note that Valgrind does trace into the child of a 655 <varname>fork</varname> (it would be difficult not to, since 656 <varname>fork</varname> makes an identical copy of a process), so this 657 option is arguably badly named. However, most children of 658 <varname>fork</varname> calls immediately call <varname>exec</varname> 659 anyway. 660 </para> 661 </listitem> 662 </varlistentry> 663 664 <varlistentry id="opt.trace-children-skip" xreflabel="--trace-children-skip"> 665 <term> 666 <option><![CDATA[--trace-children-skip=patt1,patt2,... ]]></option> 667 </term> 668 <listitem> 669 <para>This option only has an effect when 670 <option>--trace-children=yes</option> is specified. It allows 671 for some children to be skipped. The option takes a comma 672 separated list of patterns for the names of child executables 673 that Valgrind should not trace into. Patterns may include the 674 metacharacters <computeroutput>?</computeroutput> 675 and <computeroutput>*</computeroutput>, which have the usual 676 meaning.</para> 677 <para> 678 This can be useful for pruning uninteresting branches from a 679 tree of processes being run on Valgrind. But you should be 680 careful when using it. When Valgrind skips tracing into an 681 executable, it doesn't just skip tracing that executable, it 682 also skips tracing any of that executable's child processes. 683 In other words, the flag doesn't merely cause tracing to stop 684 at the specified executables -- it skips tracing of entire 685 process subtrees rooted at any of the specified 686 executables.</para> 687 </listitem> 688 </varlistentry> 689 690 <varlistentry id="opt.trace-children-skip-by-arg" 691 xreflabel="--trace-children-skip-by-arg"> 692 <term> 693 <option><![CDATA[--trace-children-skip-by-arg=patt1,patt2,... ]]></option> 694 </term> 695 <listitem> 696 <para>This is the same as 697 <option>--trace-children-skip</option>, with one difference: 698 the decision as to whether to trace into a child process is 699 made by examining the arguments to the child process, rather 700 than the name of its executable.</para> 701 </listitem> 702 </varlistentry> 703 704 <varlistentry id="opt.child-silent-after-fork" 705 xreflabel="--child-silent-after-fork"> 706 <term> 707 <option><![CDATA[--child-silent-after-fork=<yes|no> [default: no] ]]></option> 708 </term> 709 <listitem> 710 <para>When enabled, Valgrind will not show any debugging or 711 logging output for the child process resulting from 712 a <varname>fork</varname> call. This can make the output less 713 confusing (although more misleading) when dealing with processes 714 that create children. It is particularly useful in conjunction 715 with <varname>--trace-children=</varname>. Use of this option is also 716 strongly recommended if you are requesting XML output 717 (<varname>--xml=yes</varname>), since otherwise the XML from child and 718 parent may become mixed up, which usually makes it useless. 719 </para> 720 </listitem> 721 </varlistentry> 722 723 <varlistentry id="opt.vgdb" xreflabel="--vgdb"> 724 <term> 725 <option><![CDATA[--vgdb=<no|yes|full> [default: yes] ]]></option> 726 </term> 727 <listitem> 728 <para>Valgrind will provide "gdbserver" functionality when 729 <option>--vgdb=yes</option> 730 or <option>--vgdb=full</option> is specified. This 731 allows an external GNU GDB debugger 732 to control and debug your program when it runs on Valgrind. See 733 <xref linkend="manual-core-adv.gdbserver"/> for a detailed 734 description. 735 </para> 736 737 <para> If the embedded gdbserver is enabled but no gdb is 738 currently being used, the <xref linkend="manual-core-adv.vgdb"/> 739 command line utility can send "monitor commands" to Valgrind 740 from a shell. The Valgrind core provides a set of 741 <xref linkend="manual-core-adv.valgrind-monitor-commands"/>. A tool 742 can optionally provide tool specific monitor commands, which are 743 documented in the tool specific chapter. 744 </para> 745 746 <para><option>--vgdb=full</option> incurs 747 significant performance overheads. 748 </para> 749 </listitem> 750 </varlistentry> 751 752 <varlistentry id="opt.vgdb-error" xreflabel="--vgdb-error"> 753 <term> 754 <option><![CDATA[--vgdb-error=<number> [default: 999999999] ]]></option> 755 </term> 756 <listitem> 757 <para> Use this option when the Valgrind gdbserver is enabled with 758 <option>--vgdb=yes</option> or <option>--vgdb=full</option>. 759 Tools that report errors will wait 760 for "<computeroutput>number</computeroutput>" errors to be 761 reported before freezing the program and waiting for you to 762 connect with GDB. It follows that a value of zero will cause 763 the gdbserver to be started before your program is executed. 764 This is typically used to insert GDB breakpoints before 765 execution, and also works with tools that do not report 766 errors, such as Massif. 767 </para> 768 </listitem> 769 </varlistentry> 770 771 <varlistentry id="opt.track-fds" xreflabel="--track-fds"> 772 <term> 773 <option><![CDATA[--track-fds=<yes|no> [default: no] ]]></option> 774 </term> 775 <listitem> 776 <para>When enabled, Valgrind will print out a list of open file 777 descriptors on exit. Along with each file descriptor is printed a 778 stack backtrace of where the file was opened and any details 779 relating to the file descriptor such as the file name or socket 780 details.</para> 781 </listitem> 782 </varlistentry> 783 784 <varlistentry id="opt.time-stamp" xreflabel="--time-stamp"> 785 <term> 786 <option><![CDATA[--time-stamp=<yes|no> [default: no] ]]></option> 787 </term> 788 <listitem> 789 <para>When enabled, each message is preceded with an indication of 790 the elapsed wallclock time since startup, expressed as days, 791 hours, minutes, seconds and milliseconds.</para> 792 </listitem> 793 </varlistentry> 794 795 <varlistentry id="opt.log-fd" xreflabel="--log-fd"> 796 <term> 797 <option><![CDATA[--log-fd=<number> [default: 2, stderr] ]]></option> 798 </term> 799 <listitem> 800 <para>Specifies that Valgrind should send all of its messages to 801 the specified file descriptor. The default, 2, is the standard 802 error channel (stderr). Note that this may interfere with the 803 client's own use of stderr, as Valgrind's output will be 804 interleaved with any output that the client sends to 805 stderr.</para> 806 </listitem> 807 </varlistentry> 808 809 <varlistentry id="opt.log-file" xreflabel="--log-file"> 810 <term> 811 <option><![CDATA[--log-file=<filename> ]]></option> 812 </term> 813 <listitem> 814 <para>Specifies that Valgrind should send all of its messages to 815 the specified file. If the file name is empty, it causes an abort. 816 There are three special format specifiers that can be used in the file 817 name.</para> 818 819 <para><option>%p</option> is replaced with the current process ID. 820 This is very useful for program that invoke multiple processes. 821 WARNING: If you use <option>--trace-children=yes</option> and your 822 program invokes multiple processes OR your program forks without 823 calling exec afterwards, and you don't use this specifier 824 (or the <option>%q</option> specifier below), the Valgrind output from 825 all those processes will go into one file, possibly jumbled up, and 826 possibly incomplete.</para> 827 828 <para><option>%q{FOO}</option> is replaced with the contents of the 829 environment variable <varname>FOO</varname>. If the 830 <option>{FOO}</option> part is malformed, it causes an abort. This 831 specifier is rarely needed, but very useful in certain circumstances 832 (eg. when running MPI programs). The idea is that you specify a 833 variable which will be set differently for each process in the job, 834 for example <computeroutput>BPROC_RANK</computeroutput> or whatever is 835 applicable in your MPI setup. If the named environment variable is not 836 set, it causes an abort. Note that in some shells, the 837 <option>{</option> and <option>}</option> characters may need to be 838 escaped with a backslash.</para> 839 840 <para><option>%%</option> is replaced with <option>%</option>.</para> 841 842 <para>If an <option>%</option> is followed by any other character, it 843 causes an abort.</para> 844 </listitem> 845 </varlistentry> 846 847 <varlistentry id="opt.log-socket" xreflabel="--log-socket"> 848 <term> 849 <option><![CDATA[--log-socket=<ip-address:port-number> ]]></option> 850 </term> 851 <listitem> 852 <para>Specifies that Valgrind should send all of its messages to 853 the specified port at the specified IP address. The port may be 854 omitted, in which case port 1500 is used. If a connection cannot 855 be made to the specified socket, Valgrind falls back to writing 856 output to the standard error (stderr). This option is intended to 857 be used in conjunction with the 858 <computeroutput>valgrind-listener</computeroutput> program. For 859 further details, see 860 <link linkend="manual-core.comment">the commentary</link> 861 in the manual.</para> 862 </listitem> 863 </varlistentry> 864 865</variablelist> 866<!-- end of xi:include in the manpage --> 867 868</sect2> 869 870 871<sect2 id="manual-core.erropts" xreflabel="Error-related Options"> 872<title>Error-related Options</title> 873 874<!-- start of xi:include in the manpage --> 875<para id="error-related.opts.para">These options are used by all tools 876that can report errors, e.g. Memcheck, but not Cachegrind.</para> 877 878<variablelist id="error-related.opts.list"> 879 880 <varlistentry id="opt.xml" xreflabel="--xml"> 881 <term> 882 <option><![CDATA[--xml=<yes|no> [default: no] ]]></option> 883 </term> 884 <listitem> 885 <para>When enabled, the important parts of the output (e.g. tool error 886 messages) will be in XML format rather than plain text. Furthermore, 887 the XML output will be sent to a different output channel than the 888 plain text output. Therefore, you also must use one of 889 <option>--xml-fd</option>, <option>--xml-file</option> or 890 <option>--xml-socket</option> to specify where the XML is to be sent. 891 </para> 892 893 <para>Less important messages will still be printed in plain text, but 894 because the XML output and plain text output are sent to different 895 output channels (the destination of the plain text output is still 896 controlled by <option>--log-fd</option>, <option>--log-file</option> 897 and <option>--log-socket</option>) this should not cause problems. 898 </para> 899 900 <para>This option is aimed at making life easier for tools that consume 901 Valgrind's output as input, such as GUI front ends. Currently this 902 option works with Memcheck, Helgrind, DRD and SGcheck. The output 903 format is specified in the file 904 <computeroutput>docs/internals/xml-output-protocol4.txt</computeroutput> 905 in the source tree for Valgrind 3.5.0 or later.</para> 906 907 <para>The recommended options for a GUI to pass, when requesting 908 XML output, are: <option>--xml=yes</option> to enable XML output, 909 <option>--xml-file</option> to send the XML output to a (presumably 910 GUI-selected) file, <option>--log-file</option> to send the plain 911 text output to a second GUI-selected file, 912 <option>--child-silent-after-fork=yes</option>, and 913 <option>-q</option> to restrict the plain text output to critical 914 error messages created by Valgrind itself. For example, failure to 915 read a specified suppressions file counts as a critical error message. 916 In this way, for a successful run the text output file will be empty. 917 But if it isn't empty, then it will contain important information 918 which the GUI user should be made aware 919 of.</para> 920 </listitem> 921 </varlistentry> 922 923 <varlistentry id="opt.xml-fd" xreflabel="--xml-fd"> 924 <term> 925 <option><![CDATA[--xml-fd=<number> [default: -1, disabled] ]]></option> 926 </term> 927 <listitem> 928 <para>Specifies that Valgrind should send its XML output to the 929 specified file descriptor. It must be used in conjunction with 930 <option>--xml=yes</option>.</para> 931 </listitem> 932 </varlistentry> 933 934 <varlistentry id="opt.xml-file" xreflabel="--xml-file"> 935 <term> 936 <option><![CDATA[--xml-file=<filename> ]]></option> 937 </term> 938 <listitem> 939 <para>Specifies that Valgrind should send its XML output 940 to the specified file. It must be used in conjunction with 941 <option>--xml=yes</option>. Any <option>%p</option> or 942 <option>%q</option> sequences appearing in the filename are expanded 943 in exactly the same way as they are for <option>--log-file</option>. 944 See the description of <option>--log-file</option> for details. 945 </para> 946 </listitem> 947 </varlistentry> 948 949 <varlistentry id="opt.xml-socket" xreflabel="--xml-socket"> 950 <term> 951 <option><![CDATA[--xml-socket=<ip-address:port-number> ]]></option> 952 </term> 953 <listitem> 954 <para>Specifies that Valgrind should send its XML output the 955 specified port at the specified IP address. It must be used in 956 conjunction with <option>--xml=yes</option>. The form of the argument 957 is the same as that used by <option>--log-socket</option>. 958 See the description of <option>--log-socket</option> 959 for further details.</para> 960 </listitem> 961 </varlistentry> 962 963 <varlistentry id="opt.xml-user-comment" xreflabel="--xml-user-comment"> 964 <term> 965 <option><![CDATA[--xml-user-comment=<string> ]]></option> 966 </term> 967 <listitem> 968 <para>Embeds an extra user comment string at the start of the XML 969 output. Only works when <option>--xml=yes</option> is specified; 970 ignored otherwise.</para> 971 </listitem> 972 </varlistentry> 973 974 <varlistentry id="opt.demangle" xreflabel="--demangle"> 975 <term> 976 <option><![CDATA[--demangle=<yes|no> [default: yes] ]]></option> 977 </term> 978 <listitem> 979 <para>Enable/disable automatic demangling (decoding) of C++ names. 980 Enabled by default. When enabled, Valgrind will attempt to 981 translate encoded C++ names back to something approaching the 982 original. The demangler handles symbols mangled by g++ versions 983 2.X, 3.X and 4.X.</para> 984 985 <para>An important fact about demangling is that function names 986 mentioned in suppressions files should be in their mangled form. 987 Valgrind does not demangle function names when searching for 988 applicable suppressions, because to do otherwise would make 989 suppression file contents dependent on the state of Valgrind's 990 demangling machinery, and also slow down suppression matching.</para> 991 </listitem> 992 </varlistentry> 993 994 <varlistentry id="opt.num-callers" xreflabel="--num-callers"> 995 <term> 996 <option><![CDATA[--num-callers=<number> [default: 12] ]]></option> 997 </term> 998 <listitem> 999 <para>Specifies the maximum number of entries shown in stack traces 1000 that identify program locations. Note that errors are commoned up 1001 using only the top four function locations (the place in the current 1002 function, and that of its three immediate callers). So this doesn't 1003 affect the total number of errors reported.</para> 1004 1005 <para>The maximum value for this is 50. Note that higher settings 1006 will make Valgrind run a bit more slowly and take a bit more 1007 memory, but can be useful when working with programs with 1008 deeply-nested call chains.</para> 1009 </listitem> 1010 </varlistentry> 1011 1012 <varlistentry id="opt.error-limit" xreflabel="--error-limit"> 1013 <term> 1014 <option><![CDATA[--error-limit=<yes|no> [default: yes] ]]></option> 1015 </term> 1016 <listitem> 1017 <para>When enabled, Valgrind stops reporting errors after 10,000,000 1018 in total, or 1,000 different ones, have been seen. This is to 1019 stop the error tracking machinery from becoming a huge performance 1020 overhead in programs with many errors.</para> 1021 </listitem> 1022 </varlistentry> 1023 1024 <varlistentry id="opt.error-exitcode" xreflabel="--error-exitcode"> 1025 <term> 1026 <option><![CDATA[--error-exitcode=<number> [default: 0] ]]></option> 1027 </term> 1028 <listitem> 1029 <para>Specifies an alternative exit code to return if Valgrind 1030 reported any errors in the run. When set to the default value 1031 (zero), the return value from Valgrind will always be the return 1032 value of the process being simulated. When set to a nonzero value, 1033 that value is returned instead, if Valgrind detects any errors. 1034 This is useful for using Valgrind as part of an automated test 1035 suite, since it makes it easy to detect test cases for which 1036 Valgrind has reported errors, just by inspecting return codes.</para> 1037 </listitem> 1038 </varlistentry> 1039 1040 <varlistentry id="opt.stack-traces" xreflabel="--show-below-main"> 1041 <term> 1042 <option><![CDATA[--show-below-main=<yes|no> [default: no] ]]></option> 1043 </term> 1044 <listitem> 1045 <para>By default, stack traces for errors do not show any 1046 functions that appear beneath <function>main</function> because 1047 most of the time it's uninteresting C library stuff and/or 1048 gobbledygook. Alternatively, if <function>main</function> is not 1049 present in the stack trace, stack traces will not show any functions 1050 below <function>main</function>-like functions such as glibc's 1051 <function>__libc_start_main</function>. Furthermore, if 1052 <function>main</function>-like functions are present in the trace, 1053 they are normalised as <function>(below main)</function>, in order to 1054 make the output more deterministic.</para> 1055 1056 <para>If this option is enabled, all stack trace entries will be 1057 shown and <function>main</function>-like functions will not be 1058 normalised.</para> 1059 </listitem> 1060 </varlistentry> 1061 1062 <varlistentry id="opt.fullpath-after" xreflabel="--fullpath-after"> 1063 <term> 1064 <option><![CDATA[--fullpath-after=<string> 1065 [default: don't show source paths] ]]></option> 1066 </term> 1067 <listitem> 1068 <para>By default Valgrind only shows the filenames in stack 1069 traces, but not full paths to source files. When using Valgrind 1070 in large projects where the sources reside in multiple different 1071 directories, this can be inconvenient. 1072 <option>--fullpath-after</option> provides a flexible solution 1073 to this problem. When this option is present, the path to each 1074 source file is shown, with the following all-important caveat: 1075 if <option>string</option> is found in the path, then the path 1076 up to and including <option>string</option> is omitted, else the 1077 path is shown unmodified. Note that <option>string</option> is 1078 not required to be a prefix of the path.</para> 1079 1080 <para>For example, consider a file named 1081 <computeroutput>/home/janedoe/blah/src/foo/bar/xyzzy.c</computeroutput>. 1082 Specifying <option>--fullpath-after=/home/janedoe/blah/src/</option> 1083 will cause Valgrind to show the name 1084 as <computeroutput>foo/bar/xyzzy.c</computeroutput>.</para> 1085 1086 <para>Because the string is not required to be a prefix, 1087 <option>--fullpath-after=src/</option> will produce the same 1088 output. This is useful when the path contains arbitrary 1089 machine-generated characters. For example, the 1090 path 1091 <computeroutput>/my/build/dir/C32A1B47/blah/src/foo/xyzzy</computeroutput> 1092 can be pruned to <computeroutput>foo/xyzzy</computeroutput> 1093 using 1094 <option>--fullpath-after=/blah/src/</option>.</para> 1095 1096 <para>If you simply want to see the full path, just specify an 1097 empty string: <option>--fullpath-after=</option>. This isn't a 1098 special case, merely a logical consequence of the above rules.</para> 1099 1100 <para>Finally, you can use <option>--fullpath-after</option> 1101 multiple times. Any appearance of it causes Valgrind to switch 1102 to producing full paths and applying the above filtering rule. 1103 Each produced path is compared against all 1104 the <option>--fullpath-after</option>-specified strings, in the 1105 order specified. The first string to match causes the path to 1106 be truncated as described above. If none match, the full path 1107 is shown. This facilitates chopping off prefixes when the 1108 sources are drawn from a number of unrelated directories. 1109 </para> 1110 </listitem> 1111 </varlistentry> 1112 1113 <varlistentry id="opt.suppressions" xreflabel="--suppressions"> 1114 <term> 1115 <option><![CDATA[--suppressions=<filename> [default: $PREFIX/lib/valgrind/default.supp] ]]></option> 1116 </term> 1117 <listitem> 1118 <para>Specifies an extra file from which to read descriptions of 1119 errors to suppress. You may use up to 100 extra suppression 1120 files.</para> 1121 </listitem> 1122 </varlistentry> 1123 1124 <varlistentry id="opt.gen-suppressions" xreflabel="--gen-suppressions"> 1125 <term> 1126 <option><![CDATA[--gen-suppressions=<yes|no|all> [default: no] ]]></option> 1127 </term> 1128 <listitem> 1129 <para>When set to <varname>yes</varname>, Valgrind will pause 1130 after every error shown and print the line: 1131 <literallayout><computeroutput> ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ----</computeroutput></literallayout> 1132 1133 The prompt's behaviour is the same as for the 1134 <option>--db-attach</option> option (see below).</para> 1135 1136 <para>If you choose to, Valgrind will print out a suppression for 1137 this error. You can then cut and paste it into a suppression file 1138 if you don't want to hear about the error in the future.</para> 1139 1140 <para>When set to <varname>all</varname>, Valgrind will print a 1141 suppression for every reported error, without querying the 1142 user.</para> 1143 1144 <para>This option is particularly useful with C++ programs, as it 1145 prints out the suppressions with mangled names, as 1146 required.</para> 1147 1148 <para>Note that the suppressions printed are as specific as 1149 possible. You may want to common up similar ones, by adding 1150 wildcards to function names, and by using frame-level wildcards. 1151 The wildcarding facilities are powerful yet flexible, and with a 1152 bit of careful editing, you may be able to suppress a whole 1153 family of related errors with only a few suppressions. 1154 <!-- commented out because it causes broken links in the man page 1155 For details on how to do this, see 1156 <xref linkend="manual-core.suppress"/>. 1157 --> 1158 </para> 1159 1160 <para>Sometimes two different errors 1161 are suppressed by the same suppression, in which case Valgrind 1162 will output the suppression more than once, but you only need to 1163 have one copy in your suppression file (but having more than one 1164 won't cause problems). Also, the suppression name is given as 1165 <computeroutput><insert a suppression name 1166 here></computeroutput>; the name doesn't really matter, it's 1167 only used with the <option>-v</option> option which prints out all 1168 used suppression records.</para> 1169 </listitem> 1170 </varlistentry> 1171 1172 <varlistentry id="opt.db-attach" xreflabel="--db-attach"> 1173 <term> 1174 <option><![CDATA[--db-attach=<yes|no> [default: no] ]]></option> 1175 </term> 1176 <listitem> 1177 <para>When enabled, Valgrind will pause after every error shown 1178 and print the line: 1179 <literallayout><computeroutput> ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ----</computeroutput></literallayout> 1180 1181 Pressing <varname>Ret</varname>, or <varname>N Ret</varname> or 1182 <varname>n Ret</varname>, causes Valgrind not to start a debugger 1183 for this error.</para> 1184 1185 <para>Pressing <varname>Y Ret</varname> or 1186 <varname>y Ret</varname> causes Valgrind to start a debugger for 1187 the program at this point. When you have finished with the 1188 debugger, quit from it, and the program will continue. Trying to 1189 continue from inside the debugger doesn't work.</para> 1190 1191 <para> 1192 Note: if you use GDB, more powerful debugging support is 1193 provided by the <option>--vgdb=</option> <varname>yes</varname> 1194 or <varname>full</varname> value. This activates Valgrind's 1195 internal gdbserver, which provides more-or-less full GDB-style 1196 control of the application: insertion of breakpoints, continuing 1197 from inside GDB, inferior function calls, and much more. 1198 </para> 1199 1200 <para><varname>C Ret</varname> or <varname>c Ret</varname> causes 1201 Valgrind not to start a debugger, and not to ask again.</para> 1202 </listitem> 1203 </varlistentry> 1204 1205 <varlistentry id="opt.db-command" xreflabel="--db-command"> 1206 <term> 1207 <option><![CDATA[--db-command=<command> [default: gdb -nw %f %p] ]]></option> 1208 </term> 1209 <listitem> 1210 <para>Specify the debugger to use with the 1211 <option>--db-attach</option> command. The default debugger is 1212 GDB. This option is a template that is expanded by Valgrind at 1213 runtime. <literal>%f</literal> is replaced with the executable's 1214 file name and <literal>%p</literal> is replaced by the process ID 1215 of the executable.</para> 1216 1217 <para>This specifies how Valgrind will invoke the debugger. By 1218 default it will use whatever GDB is detected at build time, which 1219 is usually <computeroutput>/usr/bin/gdb</computeroutput>. Using 1220 this command, you can specify some alternative command to invoke 1221 the debugger you want to use.</para> 1222 1223 <para>The command string given can include one or instances of the 1224 <literal>%p</literal> and <literal>%f</literal> expansions. Each 1225 instance of <literal>%p</literal> expands to the PID of the 1226 process to be debugged and each instance of <literal>%f</literal> 1227 expands to the path to the executable for the process to be 1228 debugged.</para> 1229 1230 <para>Since <computeroutput><command></computeroutput> is likely 1231 to contain spaces, you will need to put this entire option in 1232 quotes to ensure it is correctly handled by the shell.</para> 1233 </listitem> 1234 </varlistentry> 1235 1236 <varlistentry id="opt.input-fd" xreflabel="--input-fd"> 1237 <term> 1238 <option><![CDATA[--input-fd=<number> [default: 0, stdin] ]]></option> 1239 </term> 1240 <listitem> 1241 <para>When using <option>--db-attach=yes</option> or 1242 <option>--gen-suppressions=yes</option>, Valgrind will stop so as 1243 to read keyboard input from you when each error occurs. By 1244 default it reads from the standard input (stdin), which is 1245 problematic for programs which close stdin. This option allows 1246 you to specify an alternative file descriptor from which to read 1247 input.</para> 1248 </listitem> 1249 </varlistentry> 1250 1251 <varlistentry id="opt.dsymutil" xreflabel="--dsymutil"> 1252 <term> 1253 <option><![CDATA[--dsymutil=no|yes [no] ]]></option> 1254 </term> 1255 <listitem> 1256 <para>This option is only relevant when running Valgrind on 1257 Mac OS X.</para> 1258 1259 <para>Mac OS X uses a deferred debug information (debuginfo) 1260 linking scheme. When object files containing debuginfo are 1261 linked into a <computeroutput>.dylib</computeroutput> or an 1262 executable, the debuginfo is not copied into the final file. 1263 Instead, the debuginfo must be linked manually by 1264 running <computeroutput>dsymutil</computeroutput>, a 1265 system-provided utility, on the executable 1266 or <computeroutput>.dylib</computeroutput>. The resulting 1267 combined debuginfo is placed in a directory alongside the 1268 executable or <computeroutput>.dylib</computeroutput>, but with 1269 the extension <computeroutput>.dSYM</computeroutput>.</para> 1270 1271 <para>With <option>--dsymutil=no</option>, Valgrind 1272 will detect cases where the 1273 <computeroutput>.dSYM</computeroutput> directory is either 1274 missing, or is present but does not appear to match the 1275 associated executable or <computeroutput>.dylib</computeroutput>, 1276 most likely because it is out of date. In these cases, Valgrind 1277 will print a warning message but take no further action.</para> 1278 1279 <para>With <option>--dsymutil=yes</option>, Valgrind 1280 will, in such cases, automatically 1281 run <computeroutput>dsymutil</computeroutput> as necessary to 1282 bring the debuginfo up to date. For all practical purposes, if 1283 you always use <option>--dsymutil=yes</option>, then 1284 there is never any need to 1285 run <computeroutput>dsymutil</computeroutput> manually or as part 1286 of your applications's build system, since Valgrind will run it 1287 as necessary.</para> 1288 1289 <para>Valgrind will not attempt to 1290 run <computeroutput>dsymutil</computeroutput> on any 1291 executable or library in 1292 <computeroutput>/usr/</computeroutput>, 1293 <computeroutput>/bin/</computeroutput>, 1294 <computeroutput>/sbin/</computeroutput>, 1295 <computeroutput>/opt/</computeroutput>, 1296 <computeroutput>/sw/</computeroutput>, 1297 <computeroutput>/System/</computeroutput>, 1298 <computeroutput>/Library/</computeroutput> or 1299 <computeroutput>/Applications/</computeroutput> 1300 since <computeroutput>dsymutil</computeroutput> will always fail 1301 in such situations. It fails both because the debuginfo for 1302 such pre-installed system components is not available anywhere, 1303 and also because it would require write privileges in those 1304 directories.</para> 1305 1306 <para>Be careful when 1307 using <option>--dsymutil=yes</option>, since it will 1308 cause pre-existing <computeroutput>.dSYM</computeroutput> 1309 directories to be silently deleted and re-created. Also note that 1310 <computeroutput>dsymutil</computeroutput> is quite slow, sometimes 1311 excessively so.</para> 1312 </listitem> 1313 </varlistentry> 1314 1315 <varlistentry id="opt.max-stackframe" xreflabel="--max-stackframe"> 1316 <term> 1317 <option><![CDATA[--max-stackframe=<number> [default: 2000000] ]]></option> 1318 </term> 1319 <listitem> 1320 <para>The maximum size of a stack frame. If the stack pointer moves by 1321 more than this amount then Valgrind will assume that 1322 the program is switching to a different stack.</para> 1323 1324 <para>You may need to use this option if your program has large 1325 stack-allocated arrays. Valgrind keeps track of your program's 1326 stack pointer. If it changes by more than the threshold amount, 1327 Valgrind assumes your program is switching to a different stack, 1328 and Memcheck behaves differently than it would for a stack pointer 1329 change smaller than the threshold. Usually this heuristic works 1330 well. However, if your program allocates large structures on the 1331 stack, this heuristic will be fooled, and Memcheck will 1332 subsequently report large numbers of invalid stack accesses. This 1333 option allows you to change the threshold to a different 1334 value.</para> 1335 1336 <para>You should only consider use of this option if Valgrind's 1337 debug output directs you to do so. In that case it will tell you 1338 the new threshold you should specify.</para> 1339 1340 <para>In general, allocating large structures on the stack is a 1341 bad idea, because you can easily run out of stack space, 1342 especially on systems with limited memory or which expect to 1343 support large numbers of threads each with a small stack, and also 1344 because the error checking performed by Memcheck is more effective 1345 for heap-allocated data than for stack-allocated data. If you 1346 have to use this option, you may wish to consider rewriting your 1347 code to allocate on the heap rather than on the stack.</para> 1348 </listitem> 1349 </varlistentry> 1350 1351 <varlistentry id="opt.main-stacksize" xreflabel="--main-stacksize"> 1352 <term> 1353 <option><![CDATA[--main-stacksize=<number> 1354 [default: use current 'ulimit' value] ]]></option> 1355 </term> 1356 <listitem> 1357 <para>Specifies the size of the main thread's stack.</para> 1358 1359 <para>To simplify its memory management, Valgrind reserves all 1360 required space for the main thread's stack at startup. That 1361 means it needs to know the required stack size at 1362 startup.</para> 1363 1364 <para>By default, Valgrind uses the current "ulimit" value for 1365 the stack size, or 16 MB, whichever is lower. In many cases 1366 this gives a stack size in the range 8 to 16 MB, which almost 1367 never overflows for most applications.</para> 1368 1369 <para>If you need a larger total stack size, 1370 use <option>--main-stacksize</option> to specify it. Only set 1371 it as high as you need, since reserving far more space than you 1372 need (that is, hundreds of megabytes more than you need) 1373 constrains Valgrind's memory allocators and may reduce the total 1374 amount of memory that Valgrind can use. This is only really of 1375 significance on 32-bit machines.</para> 1376 1377 <para>On Linux, you may request a stack of size up to 2GB. 1378 Valgrind will stop with a diagnostic message if the stack cannot 1379 be allocated.</para> 1380 1381 <para><option>--main-stacksize</option> only affects the stack 1382 size for the program's initial thread. It has no bearing on the 1383 size of thread stacks, as Valgrind does not allocate 1384 those.</para> 1385 1386 <para>You may need to use both <option>--main-stacksize</option> 1387 and <option>--max-stackframe</option> together. It is important 1388 to understand that <option>--main-stacksize</option> sets the 1389 maximum total stack size, 1390 whilst <option>--max-stackframe</option> specifies the largest 1391 size of any one stack frame. You will have to work out 1392 the <option>--main-stacksize</option> value for yourself 1393 (usually, if your applications segfaults). But Valgrind will 1394 tell you the needed <option>--max-stackframe</option> size, if 1395 necessary.</para> 1396 1397 <para>As discussed further in the description 1398 of <option>--max-stackframe</option>, a requirement for a large 1399 stack is a sign of potential portability problems. You are best 1400 advised to place all large data in heap-allocated memory.</para> 1401 </listitem> 1402 </varlistentry> 1403 1404</variablelist> 1405<!-- end of xi:include in the manpage --> 1406 1407</sect2> 1408 1409 1410<sect2 id="manual-core.mallocopts" xreflabel="malloc-related Options"> 1411<title>malloc-related Options</title> 1412 1413<!-- start of xi:include in the manpage --> 1414<para id="malloc-related.opts.para">For tools that use their own version of 1415<computeroutput>malloc</computeroutput> (e.g. Memcheck and 1416Massif), the following options apply.</para> 1417 1418<variablelist id="malloc-related.opts.list"> 1419 1420 <varlistentry id="opt.alignment" xreflabel="--alignment"> 1421 <term> 1422 <option><![CDATA[--alignment=<number> [default: 8 or 16, depending on the platform] ]]></option> 1423 </term> 1424 <listitem> 1425 <para>By default Valgrind's <function>malloc</function>, 1426 <function>realloc</function>, etc, return a block whose starting 1427 address is 8-byte aligned or 16-byte aligned (the value depends on the 1428 platform and matches the platform default). This option allows you to 1429 specify a different alignment. The supplied value must be greater 1430 than or equal to the default, less than or equal to 4096, and must be 1431 a power of two.</para> 1432 </listitem> 1433 </varlistentry> 1434 1435</variablelist> 1436<!-- end of xi:include in the manpage --> 1437 1438</sect2> 1439 1440 1441<sect2 id="manual-core.rareopts" xreflabel="Uncommon Options"> 1442<title>Uncommon Options</title> 1443 1444<!-- start of xi:include in the manpage --> 1445<para id="uncommon.opts.para">These options apply to all tools, as they 1446affect certain obscure workings of the Valgrind core. Most people won't 1447need to use these.</para> 1448 1449<variablelist id="uncommon.opts.list"> 1450 1451 <varlistentry id="opt.smc-check" xreflabel="--smc-check"> 1452 <term> 1453 <option><![CDATA[--smc-check=<none|stack|all|all-non-file> [default: stack] ]]></option> 1454 </term> 1455 <listitem> 1456 <para>This option controls Valgrind's detection of self-modifying 1457 code. If no checking is done, if a program executes some code, then 1458 overwrites it with new code, and executes the new code, Valgrind will 1459 continue to execute the translations it made for the old code. This 1460 will likely lead to incorrect behaviour and/or crashes.</para> 1461 1462 <para>Valgrind has four levels of self-modifying code detection: 1463 no detection, detect self-modifying code on the stack (which is used by 1464 GCC to implement nested functions), detect self-modifying code 1465 everywhere, and detect self-modifying code everywhere except in 1466 file-backed mappings. 1467 1468 Note that the default option will catch the vast majority 1469 of cases. The main case it will not catch is programs such as JIT 1470 compilers that dynamically generate code <emphasis>and</emphasis> 1471 subsequently overwrite part or all of it. Running with 1472 <varname>all</varname> will slow Valgrind down noticeably. 1473 Running with 1474 <varname>none</varname> will rarely speed things up, since very little 1475 code gets put on the stack for most programs. The 1476 <function>VALGRIND_DISCARD_TRANSLATIONS</function> client 1477 request is an alternative to <option>--smc-check=all</option> 1478 that requires more programmer effort but allows Valgrind to run 1479 your program faster, by telling it precisely when translations 1480 need to be re-made. 1481 <!-- commented out because it causes broken links in the man page 1482 ; see <xref 1483 linkend="manual-core-adv.clientreq"/> for more details. 1484 --> 1485 </para> 1486 1487 <para><option>--smc-check=all-non-file</option> provides a 1488 cheaper but more limited version 1489 of <option>--smc-check=all</option>. It adds checks to any 1490 translations that do not originate from file-backed memory 1491 mappings. Typical applications that generate code, for example 1492 JITs in web browsers, generate code into anonymous mmaped areas, 1493 whereas the "fixed" code of the browser always lives in 1494 file-backed mappings. <option>--smc-check=all-non-file</option> 1495 takes advantage of this observation, limiting the overhead of 1496 checking to code which is likely to be JIT generated.</para> 1497 1498 <para>Some architectures (including ppc32, ppc64 and ARM) require 1499 programs which create code at runtime to flush the instruction 1500 cache in between code generation and first use. Valgrind 1501 observes and honours such instructions. Hence, on ppc32/Linux, 1502 ppc64/Linux and ARM/Linux, Valgrind always provides complete, transparent 1503 support for self-modifying code. It is only on platforms such as 1504 x86/Linux, AMD64/Linux, x86/Darwin and AMD64/Darwin 1505 that you need to use this option.</para> 1506 </listitem> 1507 </varlistentry> 1508 1509 <varlistentry id="opt.read-var-info" xreflabel="--read-var-info"> 1510 <term> 1511 <option><![CDATA[--read-var-info=<yes|no> [default: no] ]]></option> 1512 </term> 1513 <listitem> 1514 <para>When enabled, Valgrind will read information about 1515 variable types and locations from DWARF3 debug info. 1516 This slows Valgrind down and makes it use more memory, but for 1517 the tools that can take advantage of it (Memcheck, Helgrind, 1518 DRD) it can result in more precise error messages. For example, 1519 here are some standard errors issued by Memcheck:</para> 1520<programlisting><![CDATA[ 1521==15516== Uninitialised byte(s) found during client check request 1522==15516== at 0x400633: croak (varinfo1.c:28) 1523==15516== by 0x4006B2: main (varinfo1.c:55) 1524==15516== Address 0x60103b is 7 bytes inside data symbol "global_i2" 1525==15516== 1526==15516== Uninitialised byte(s) found during client check request 1527==15516== at 0x400633: croak (varinfo1.c:28) 1528==15516== by 0x4006BC: main (varinfo1.c:56) 1529==15516== Address 0x7fefffefc is on thread 1's stack]]></programlisting> 1530 1531 <para>And here are the same errors with 1532 <option>--read-var-info=yes</option>:</para> 1533 1534<programlisting><![CDATA[ 1535==15522== Uninitialised byte(s) found during client check request 1536==15522== at 0x400633: croak (varinfo1.c:28) 1537==15522== by 0x4006B2: main (varinfo1.c:55) 1538==15522== Location 0x60103b is 0 bytes inside global_i2[7], 1539==15522== a global variable declared at varinfo1.c:41 1540==15522== 1541==15522== Uninitialised byte(s) found during client check request 1542==15522== at 0x400633: croak (varinfo1.c:28) 1543==15522== by 0x4006BC: main (varinfo1.c:56) 1544==15522== Location 0x7fefffefc is 0 bytes inside local var "local" 1545==15522== declared at varinfo1.c:46, in frame #1 of thread 1]]></programlisting> 1546 </listitem> 1547 </varlistentry> 1548 1549 <varlistentry id="opt.vgdb-poll" xreflabel="--vgdb-poll"> 1550 <term> 1551 <option><![CDATA[--vgdb-poll=<number> [default: 5000] ]]></option> 1552 </term> 1553 <listitem> 1554 <para> As part of its main loop, the Valgrind scheduler will 1555 poll to check if some activity (such as an external command or 1556 some input from a gdb) has to be handled by gdbserver. This 1557 activity poll will be done after having run the given number of 1558 basic blocks (or slightly more than the given number of basic 1559 blocks). This poll is quite cheap so the default value is set 1560 relatively low. You might further decrease this value if vgdb 1561 cannot use ptrace system call to interrupt Valgrind if all 1562 threads are (most of the time) blocked in a system call. 1563 </para> 1564 </listitem> 1565 </varlistentry> 1566 1567 <varlistentry id="opt.vgdb-shadow-registers" xreflabel="--vgdb-shadow-registers"> 1568 <term> 1569 <option><![CDATA[--vgdb-shadow-registers=no|yes [default: no] ]]></option> 1570 </term> 1571 <listitem> 1572 <para> When activated, gdbserver will expose the Valgrind shadow registers 1573 to GDB. With this, the value of the Valgrind shadow registers can be examined 1574 or changed using GDB. Exposing shadow registers only works with GDB version 1575 7.1 or later. 1576 </para> 1577 </listitem> 1578 </varlistentry> 1579 1580 <varlistentry id="opt.vgdb-prefix" xreflabel="--vgdb-prefix"> 1581 <term> 1582 <option><![CDATA[--vgdb-prefix=<prefix> [default: /tmp/vgdb-pipe] ]]></option> 1583 </term> 1584 <listitem> 1585 <para> To communicate with gdb/vgdb, the Valgrind gdbserver 1586 creates 3 files (2 named FIFOs and a mmap shared memory 1587 file). The prefix option controls the directory and prefix for 1588 the creation of these files. 1589 </para> 1590 </listitem> 1591 </varlistentry> 1592 1593 <varlistentry id="opt.run-libc-freeres" xreflabel="--run-libc-freeres"> 1594 <term> 1595 <option><![CDATA[--run-libc-freeres=<yes|no> [default: yes] ]]></option> 1596 </term> 1597 <listitem> 1598 <para>This option is only relevant when running Valgrind on Linux.</para> 1599 1600 <para>The GNU C library (<function>libc.so</function>), which is 1601 used by all programs, may allocate memory for its own uses. 1602 Usually it doesn't bother to free that memory when the program 1603 ends—there would be no point, since the Linux kernel reclaims 1604 all process resources when a process exits anyway, so it would 1605 just slow things down.</para> 1606 1607 <para>The glibc authors realised that this behaviour causes leak 1608 checkers, such as Valgrind, to falsely report leaks in glibc, when 1609 a leak check is done at exit. In order to avoid this, they 1610 provided a routine called <function>__libc_freeres</function> 1611 specifically to make glibc release all memory it has allocated. 1612 Memcheck therefore tries to run 1613 <function>__libc_freeres</function> at exit.</para> 1614 1615 <para>Unfortunately, in some very old versions of glibc, 1616 <function>__libc_freeres</function> is sufficiently buggy to cause 1617 segmentation faults. This was particularly noticeable on Red Hat 1618 7.1. So this option is provided in order to inhibit the run of 1619 <function>__libc_freeres</function>. If your program seems to run 1620 fine on Valgrind, but segfaults at exit, you may find that 1621 <option>--run-libc-freeres=no</option> fixes that, although at the 1622 cost of possibly falsely reporting space leaks in 1623 <filename>libc.so</filename>.</para> 1624 </listitem> 1625 </varlistentry> 1626 1627 <varlistentry id="opt.sim-hints" xreflabel="--sim-hints"> 1628 <term> 1629 <option><![CDATA[--sim-hints=hint1,hint2,... ]]></option> 1630 </term> 1631 <listitem> 1632 <para>Pass miscellaneous hints to Valgrind which slightly modify 1633 the simulated behaviour in nonstandard or dangerous ways, possibly 1634 to help the simulation of strange features. By default no hints 1635 are enabled. Use with caution! Currently known hints are:</para> 1636 <itemizedlist> 1637 <listitem> 1638 <para><option>lax-ioctls: </option> Be very lax about ioctl 1639 handling; the only assumption is that the size is 1640 correct. Doesn't require the full buffer to be initialized 1641 when writing. Without this, using some device drivers with a 1642 large number of strange ioctl commands becomes very 1643 tiresome.</para> 1644 </listitem> 1645 <listitem> 1646 <para><option>enable-inner: </option> Enable some special 1647 magic needed when the program being run is itself 1648 Valgrind.</para> 1649 </listitem> 1650 <listitem> 1651 <para><option>fuse-compatible: </option> Enable special 1652 handling for certain system calls that may block in a FUSE 1653 file-system. This may be necessary when running Valgrind 1654 on a multi-threaded program that uses one thread to manage 1655 a FUSE file-system and another thread to access that 1656 file-system. 1657 </para> 1658 </listitem> 1659 </itemizedlist> 1660 </listitem> 1661 </varlistentry> 1662 1663 <varlistentry id="opt.kernel-variant" xreflabel="--kernel-variant"> 1664 <term> 1665 <option>--kernel-variant=variant1,variant2,...</option> 1666 </term> 1667 <listitem> 1668 <para>Handle system calls and ioctls arising from minor variants 1669 of the default kernel for this platform. This is useful for 1670 running on hacked kernels or with kernel modules which support 1671 nonstandard ioctls, for example. Use with caution. If you don't 1672 understand what this option does then you almost certainly don't 1673 need it. Currently known variants are:</para> 1674 <itemizedlist> 1675 <listitem> 1676 <para><option>bproc: </option> Support the 1677 <function>sys_broc</function> system call on x86. This is for 1678 running on BProc, which is a minor variant of standard Linux which 1679 is sometimes used for building clusters.</para> 1680 </listitem> 1681 </itemizedlist> 1682 </listitem> 1683 </varlistentry> 1684 1685 <varlistentry id="opt.show-emwarns" xreflabel="--show-emwarns"> 1686 <term> 1687 <option><![CDATA[--show-emwarns=<yes|no> [default: no] ]]></option> 1688 </term> 1689 <listitem> 1690 <para>When enabled, Valgrind will emit warnings about its CPU 1691 emulation in certain cases. These are usually not 1692 interesting.</para> 1693 </listitem> 1694 </varlistentry> 1695 1696 <varlistentry id="opt.require-text-symbol" 1697 xreflabel="--require-text-symbol"> 1698 <term> 1699 <option><![CDATA[--require-text-symbol=:sonamepatt:fnnamepatt]]></option> 1700 </term> 1701 <listitem> 1702 <para>When a shared object whose soname 1703 matches <varname>sonamepatt</varname> is loaded into the 1704 process, examine all the text symbols it exports. If none of 1705 those match <varname>fnnamepatt</varname>, print an error 1706 message and abandon the run. This makes it possible to ensure 1707 that the run does not continue unless a given shared object 1708 contains a particular function name. 1709 </para> 1710 <para> 1711 Both <varname>sonamepatt</varname> and 1712 <varname>fnnamepatt</varname> can be written using the usual 1713 <varname>?</varname> and <varname>*</varname> wildcards. For 1714 example: <varname>":*libc.so*:foo?bar"</varname>. You may use 1715 characters other than a colon to separate the two patterns. It 1716 is only important that the first character and the separator 1717 character are the same. For example, the above example could 1718 also be written <varname>"Q*libc.so*Qfoo?bar"</varname>. 1719 Multiple <varname> --require-text-symbol</varname> flags are 1720 allowed, in which case shared objects that are loaded into 1721 the process will be checked against all of them. 1722 </para> 1723 <para> 1724 The purpose of this is to support reliable usage of marked-up 1725 libraries. For example, suppose we have a version of GCC's 1726 <varname>libgomp.so</varname> which has been marked up with 1727 annotations to support Helgrind. It is only too easy and 1728 confusing to load the wrong, un-annotated 1729 <varname>libgomp.so</varname> into the application. So the idea 1730 is: add a text symbol in the marked-up library, for 1731 example <varname>annotated_for_helgrind_3_6</varname>, and then 1732 give the flag 1733 <varname>--require-text-symbol=:*libgomp*so*:annotated_for_helgrind_3_6</varname> 1734 so that when <varname>libgomp.so</varname> is loaded, Valgrind 1735 scans its symbol table, and if the symbol isn't present the run 1736 is aborted, rather than continuing silently with the 1737 un-marked-up library. Note that you should put the entire flag 1738 in quotes to stop shells expanding up the <varname>*</varname> 1739 and <varname>?</varname> wildcards. 1740 </para> 1741 </listitem> 1742 </varlistentry> 1743 1744 1745</variablelist> 1746<!-- end of xi:include in the manpage --> 1747 1748</sect2> 1749 1750 1751<sect2 id="manual-core.debugopts" xreflabel="Debugging Options"> 1752<title>Debugging Options</title> 1753 1754<!-- start of xi:include in the manpage --> 1755<para id="debug.opts.para">There are also some options for debugging 1756Valgrind itself. You shouldn't need to use them in the normal run of 1757things. If you wish to see the list, use the 1758<option>--help-debug</option> option.</para> 1759 1760<para>If you wish to debug your program rather than debugging 1761Valgrind itself, then you should use the options 1762<option>--vgdb=yes</option> or <option>--vgdb=full</option> 1763or <option>--db-attach=yes</option>. 1764</para> 1765 1766<!-- end of xi:include in the manpage --> 1767 1768</sect2> 1769 1770 1771<sect2 id="manual-core.defopts" xreflabel="Setting Default Options"> 1772<title>Setting Default Options</title> 1773 1774<para>Note that Valgrind also reads options from three places:</para> 1775 1776 <orderedlist> 1777 <listitem> 1778 <para>The file <computeroutput>~/.valgrindrc</computeroutput></para> 1779 </listitem> 1780 1781 <listitem> 1782 <para>The environment variable 1783 <computeroutput>$VALGRIND_OPTS</computeroutput></para> 1784 </listitem> 1785 1786 <listitem> 1787 <para>The file <computeroutput>./.valgrindrc</computeroutput></para> 1788 </listitem> 1789 </orderedlist> 1790 1791<para>These are processed in the given order, before the 1792command-line options. Options processed later override those 1793processed earlier; for example, options in 1794<computeroutput>./.valgrindrc</computeroutput> will take 1795precedence over those in 1796<computeroutput>~/.valgrindrc</computeroutput>. 1797</para> 1798 1799<para>Please note that the <computeroutput>./.valgrindrc</computeroutput> 1800file is ignored if it is marked as world writeable or not owned 1801by the current user. This is because the 1802<computeroutput>./.valgrindrc</computeroutput> can contain options that are 1803potentially harmful or can be used by a local attacker to execute code under 1804your user account. 1805</para> 1806 1807<para>Any tool-specific options put in 1808<computeroutput>$VALGRIND_OPTS</computeroutput> or the 1809<computeroutput>.valgrindrc</computeroutput> files should be 1810prefixed with the tool name and a colon. For example, if you 1811want Memcheck to always do leak checking, you can put the 1812following entry in <literal>~/.valgrindrc</literal>:</para> 1813 1814<programlisting><![CDATA[ 1815--memcheck:leak-check=yes]]></programlisting> 1816 1817<para>This will be ignored if any tool other than Memcheck is 1818run. Without the <computeroutput>memcheck:</computeroutput> 1819part, this will cause problems if you select other tools that 1820don't understand 1821<option>--leak-check=yes</option>.</para> 1822 1823</sect2> 1824 1825</sect1> 1826 1827 1828 1829<sect1 id="manual-core.pthreads" xreflabel="Support for Threads"> 1830<title>Support for Threads</title> 1831 1832<para>Threaded programs are fully supported.</para> 1833 1834<para>The main thing to point out with respect to threaded programs is 1835that your program will use the native threading library, but Valgrind 1836serialises execution so that only one (kernel) thread is running at a 1837time. This approach avoids the horrible implementation problems of 1838implementing a truly multithreaded version of Valgrind, but it does 1839mean that threaded apps run only on one CPU, even if you have a 1840multiprocessor or multicore machine.</para> 1841 1842<para>Valgrind doesn't schedule the threads itself. It merely ensures 1843that only one thread runs at once, using a simple locking scheme. The 1844actual thread scheduling remains under control of the OS kernel. What 1845this does mean, though, is that your program will see very different 1846scheduling when run on Valgrind than it does when running normally. 1847This is both because Valgrind is serialising the threads, and because 1848the code runs so much slower than normal.</para> 1849 1850<para>This difference in scheduling may cause your program to behave 1851differently, if you have some kind of concurrency, critical race, 1852locking, or similar, bugs. In that case you might consider using the 1853tools Helgrind and/or DRD to track them down.</para> 1854 1855<para>On Linux, Valgrind also supports direct use of the 1856<computeroutput>clone</computeroutput> system call, 1857<computeroutput>futex</computeroutput> and so on. 1858<computeroutput>clone</computeroutput> is supported where either 1859everything is shared (a thread) or nothing is shared (fork-like); partial 1860sharing will fail. 1861</para> 1862 1863 1864</sect1> 1865 1866<sect1 id="manual-core.signals" xreflabel="Handling of Signals"> 1867<title>Handling of Signals</title> 1868 1869<para>Valgrind has a fairly complete signal implementation. It should be 1870able to cope with any POSIX-compliant use of signals.</para> 1871 1872<para>If you're using signals in clever ways (for example, catching 1873SIGSEGV, modifying page state and restarting the instruction), you're 1874probably relying on precise exceptions. In this case, you will need 1875to use <option>--vex-iropt-precise-memory-exns=yes</option>. 1876</para> 1877 1878<para>If your program dies as a result of a fatal core-dumping signal, 1879Valgrind will generate its own core file 1880(<computeroutput>vgcore.NNNNN</computeroutput>) containing your program's 1881state. You may use this core file for post-mortem debugging with GDB or 1882similar. (Note: it will not generate a core if your core dump size limit is 18830.) At the time of writing the core dumps do not include all the floating 1884point register information.</para> 1885 1886<para>In the unlikely event that Valgrind itself crashes, the operating system 1887will create a core dump in the usual way.</para> 1888 1889</sect1> 1890 1891 1892 1893 1894 1895 1896 1897 1898<sect1 id="manual-core.install" xreflabel="Building and Installing"> 1899<title>Building and Installing Valgrind</title> 1900 1901<para>We use the standard Unix 1902<computeroutput>./configure</computeroutput>, 1903<computeroutput>make</computeroutput>, <computeroutput>make 1904install</computeroutput> mechanism. Once you have completed 1905<computeroutput>make install</computeroutput> you may then want 1906to run the regression tests 1907with <computeroutput>make regtest</computeroutput>. 1908</para> 1909 1910<para>In addition to the usual 1911<option>--prefix=/path/to/install/tree</option>, there are three 1912 options which affect how Valgrind is built: 1913<itemizedlist> 1914 1915 <listitem> 1916 <para><option>--enable-inner</option></para> 1917 <para>This builds Valgrind with some special magic hacks which make 1918 it possible to run it on a standard build of Valgrind (what the 1919 developers call "self-hosting"). Ordinarily you should not use 1920 this option as various kinds of safety checks are disabled. 1921 </para> 1922 </listitem> 1923 1924 <listitem> 1925 <para><option>--enable-only64bit</option></para> 1926 <para><option>--enable-only32bit</option></para> 1927 <para>On 64-bit platforms (amd64-linux, ppc64-linux, 1928 amd64-darwin), Valgrind is by default built in such a way that 1929 both 32-bit and 64-bit executables can be run. Sometimes this 1930 cleverness is a problem for a variety of reasons. These two 1931 options allow for single-target builds in this situation. If you 1932 issue both, the configure script will complain. Note they are 1933 ignored on 32-bit-only platforms (x86-linux, ppc32-linux, 1934 arm-linux, x86-darwin). 1935 </para> 1936 </listitem> 1937 1938</itemizedlist> 1939</para> 1940 1941<para>The <computeroutput>configure</computeroutput> script tests 1942the version of the X server currently indicated by the current 1943<computeroutput>$DISPLAY</computeroutput>. This is a known bug. 1944The intention was to detect the version of the current X 1945client libraries, so that correct suppressions could be selected 1946for them, but instead the test checks the server version. This 1947is just plain wrong.</para> 1948 1949<para>If you are building a binary package of Valgrind for 1950distribution, please read <literal>README_PACKAGERS</literal> 1951<xref linkend="dist.readme-packagers"/>. It contains some 1952important information.</para> 1953 1954<para>Apart from that, there's not much excitement here. Let us 1955know if you have build problems.</para> 1956 1957</sect1> 1958 1959 1960 1961<sect1 id="manual-core.problems" xreflabel="If You Have Problems"> 1962<title>If You Have Problems</title> 1963 1964<para>Contact us at <ulink url="&vg-url;">&vg-url;</ulink>.</para> 1965 1966<para>See <xref linkend="manual-core.limits"/> for the known 1967limitations of Valgrind, and for a list of programs which are 1968known not to work on it.</para> 1969 1970<para>All parts of the system make heavy use of assertions and 1971internal self-checks. They are permanently enabled, and we have no 1972plans to disable them. If one of them breaks, please mail us!</para> 1973 1974<para>If you get an assertion failure 1975in <filename>m_mallocfree.c</filename>, this may have happened because 1976your program wrote off the end of a heap block, or before its 1977beginning, thus corrupting head metadata. Valgrind hopefully will have 1978emitted a message to that effect before dying in this way.</para> 1979 1980<para>Read the <xref linkend="FAQ"/> for more advice about common problems, 1981crashes, etc.</para> 1982 1983</sect1> 1984 1985 1986 1987<sect1 id="manual-core.limits" xreflabel="Limitations"> 1988<title>Limitations</title> 1989 1990<para>The following list of limitations seems long. However, most 1991programs actually work fine.</para> 1992 1993<para>Valgrind will run programs on the supported platforms 1994subject to the following constraints:</para> 1995 1996 <itemizedlist> 1997 <listitem> 1998 <para>On x86 and amd64, there is no support for 3DNow! 1999 instructions. If the translator encounters these, Valgrind will 2000 generate a SIGILL when the instruction is executed. Apart from 2001 that, on x86 and amd64, essentially all instructions are supported, 2002 up to and including SSE4.2 in 64-bit mode and SSSE3 in 32-bit mode. 2003 Some exceptions: SSE4.2 AES instructions are not supported in 2004 64-bit mode, and 32-bit mode does in fact support the bare minimum 2005 SSE4 instructions to needed to run programs on MacOSX 10.6 on 2006 32-bit targets. 2007 </para> 2008 </listitem> 2009 2010 <listitem> 2011 <para>On ppc32 and ppc64, almost all integer, floating point and 2012 Altivec instructions are supported. Specifically: integer and FP 2013 insns that are mandatory for PowerPC, the "General-purpose 2014 optional" group (fsqrt, fsqrts, stfiwx), the "Graphics optional" 2015 group (fre, fres, frsqrte, frsqrtes), and the Altivec (also known 2016 as VMX) SIMD instruction set, are supported. Also, instructions 2017 from the Power ISA 2.05 specification, as present in POWER6 CPUs, 2018 are supported.</para> 2019 </listitem> 2020 2021 <listitem> 2022 <para>On ARM, essentially the entire ARMv7-A instruction set 2023 is supported, in both ARM and Thumb mode. ThumbEE and Jazelle are 2024 not supported. NEON and VFPv3 support is fairly complete. ARMv6 2025 media instruction support is mostly done but not yet complete. 2026 </para> 2027 </listitem> 2028 2029 <listitem> 2030 <para>If your program does its own memory management, rather than 2031 using malloc/new/free/delete, it should still work, but Memcheck's 2032 error checking won't be so effective. If you describe your 2033 program's memory management scheme using "client requests" (see 2034 <xref linkend="manual-core-adv.clientreq"/>), Memcheck can do 2035 better. Nevertheless, using malloc/new and free/delete is still 2036 the best approach.</para> 2037 </listitem> 2038 2039 <listitem> 2040 <para>Valgrind's signal simulation is not as robust as it could be. 2041 Basic POSIX-compliant sigaction and sigprocmask functionality is 2042 supplied, but it's conceivable that things could go badly awry if you 2043 do weird things with signals. Workaround: don't. Programs that do 2044 non-POSIX signal tricks are in any case inherently unportable, so 2045 should be avoided if possible.</para> 2046 </listitem> 2047 2048 <listitem> 2049 <para>Machine instructions, and system calls, have been implemented 2050 on demand. So it's possible, although unlikely, that a program will 2051 fall over with a message to that effect. If this happens, please 2052 report all the details printed out, so we can try and implement the 2053 missing feature.</para> 2054 </listitem> 2055 2056 <listitem> 2057 <para>Memory consumption of your program is majorly increased 2058 whilst running under Valgrind's Memcheck tool. This is due to the 2059 large amount of administrative information maintained behind the 2060 scenes. Another cause is that Valgrind dynamically translates the 2061 original executable. Translated, instrumented code is 12-18 times 2062 larger than the original so you can easily end up with 100+ MB of 2063 translations when running (eg) a web browser.</para> 2064 </listitem> 2065 2066 <listitem> 2067 <para>Valgrind can handle dynamically-generated code just fine. If 2068 you regenerate code over the top of old code (ie. at the same 2069 memory addresses), if the code is on the stack Valgrind will 2070 realise the code has changed, and work correctly. This is 2071 necessary to handle the trampolines GCC uses to implemented nested 2072 functions. If you regenerate code somewhere other than the stack, 2073 and you are running on an 32- or 64-bit x86 CPU, you will need to 2074 use the <option>--smc-check=all</option> option, and Valgrind will 2075 run more slowly than normal. Or you can add client requests that 2076 tell Valgrind when your program has overwritten code. 2077 </para> 2078 <para> On other platforms (ARM, PowerPC) Valgrind observes and 2079 honours the cache invalidation hints that programs are obliged to 2080 emit to notify new code, and so self-modifying-code support should 2081 work automatically, without the need 2082 for <option>--smc-check=all</option>.</para> 2083 </listitem> 2084 2085 <listitem> 2086 <para>Valgrind has the following limitations 2087 in its implementation of x86/AMD64 floating point relative to 2088 IEEE754.</para> 2089 2090 <para>Precision: There is no support for 80 bit arithmetic. 2091 Internally, Valgrind represents all such "long double" numbers in 64 2092 bits, and so there may be some differences in results. Whether or 2093 not this is critical remains to be seen. Note, the x86/amd64 2094 fldt/fstpt instructions (read/write 80-bit numbers) are correctly 2095 simulated, using conversions to/from 64 bits, so that in-memory 2096 images of 80-bit numbers look correct if anyone wants to see.</para> 2097 2098 <para>The impression observed from many FP regression tests is that 2099 the accuracy differences aren't significant. Generally speaking, if 2100 a program relies on 80-bit precision, there may be difficulties 2101 porting it to non x86/amd64 platforms which only support 64-bit FP 2102 precision. Even on x86/amd64, the program may get different results 2103 depending on whether it is compiled to use SSE2 instructions (64-bits 2104 only), or x87 instructions (80-bit). The net effect is to make FP 2105 programs behave as if they had been run on a machine with 64-bit IEEE 2106 floats, for example PowerPC. On amd64 FP arithmetic is done by 2107 default on SSE2, so amd64 looks more like PowerPC than x86 from an FP 2108 perspective, and there are far fewer noticeable accuracy differences 2109 than with x86.</para> 2110 2111 <para>Rounding: Valgrind does observe the 4 IEEE-mandated rounding 2112 modes (to nearest, to +infinity, to -infinity, to zero) for the 2113 following conversions: float to integer, integer to float where 2114 there is a possibility of loss of precision, and float-to-float 2115 rounding. For all other FP operations, only the IEEE default mode 2116 (round to nearest) is supported.</para> 2117 2118 <para>Numeric exceptions in FP code: IEEE754 defines five types of 2119 numeric exception that can happen: invalid operation (sqrt of 2120 negative number, etc), division by zero, overflow, underflow, 2121 inexact (loss of precision).</para> 2122 2123 <para>For each exception, two courses of action are defined by IEEE754: 2124 either (1) a user-defined exception handler may be called, or (2) a 2125 default action is defined, which "fixes things up" and allows the 2126 computation to proceed without throwing an exception.</para> 2127 2128 <para>Currently Valgrind only supports the default fixup actions. 2129 Again, feedback on the importance of exception support would be 2130 appreciated.</para> 2131 2132 <para>When Valgrind detects that the program is trying to exceed any 2133 of these limitations (setting exception handlers, rounding mode, or 2134 precision control), it can print a message giving a traceback of 2135 where this has happened, and continue execution. This behaviour used 2136 to be the default, but the messages are annoying and so showing them 2137 is now disabled by default. Use <option>--show-emwarns=yes</option> to see 2138 them.</para> 2139 2140 <para>The above limitations define precisely the IEEE754 'default' 2141 behaviour: default fixup on all exceptions, round-to-nearest 2142 operations, and 64-bit precision.</para> 2143 </listitem> 2144 2145 <listitem> 2146 <para>Valgrind has the following limitations in 2147 its implementation of x86/AMD64 SSE2 FP arithmetic, relative to 2148 IEEE754.</para> 2149 2150 <para>Essentially the same: no exceptions, and limited observance of 2151 rounding mode. Also, SSE2 has control bits which make it treat 2152 denormalised numbers as zero (DAZ) and a related action, flush 2153 denormals to zero (FTZ). Both of these cause SSE2 arithmetic to be 2154 less accurate than IEEE requires. Valgrind detects, ignores, and can 2155 warn about, attempts to enable either mode.</para> 2156 </listitem> 2157 2158 <listitem> 2159 <para>Valgrind has the following limitations in 2160 its implementation of ARM VFPv3 arithmetic, relative to 2161 IEEE754.</para> 2162 2163 <para>Essentially the same: no exceptions, and limited observance 2164 of rounding mode. Also, switching the VFP unit into vector mode 2165 will cause Valgrind to abort the program -- it has no way to 2166 emulate vector uses of VFP at a reasonable performance level. This 2167 is no big deal given that non-scalar uses of VFP instructions are 2168 in any case deprecated.</para> 2169 </listitem> 2170 2171 <listitem> 2172 <para>Valgrind has the following limitations 2173 in its implementation of PPC32 and PPC64 floating point 2174 arithmetic, relative to IEEE754.</para> 2175 2176 <para>Scalar (non-Altivec): Valgrind provides a bit-exact emulation of 2177 all floating point instructions, except for "fre" and "fres", which are 2178 done more precisely than required by the PowerPC architecture specification. 2179 All floating point operations observe the current rounding mode. 2180 </para> 2181 2182 <para>However, fpscr[FPRF] is not set after each operation. That could 2183 be done but would give measurable performance overheads, and so far 2184 no need for it has been found.</para> 2185 2186 <para>As on x86/AMD64, IEEE754 exceptions are not supported: all floating 2187 point exceptions are handled using the default IEEE fixup actions. 2188 Valgrind detects, ignores, and can warn about, attempts to unmask 2189 the 5 IEEE FP exception kinds by writing to the floating-point status 2190 and control register (fpscr). 2191 </para> 2192 2193 <para>Vector (Altivec, VMX): essentially as with x86/AMD64 SSE/SSE2: 2194 no exceptions, and limited observance of rounding mode. 2195 For Altivec, FP arithmetic 2196 is done in IEEE/Java mode, which is more accurate than the Linux default 2197 setting. "More accurate" means that denormals are handled properly, 2198 rather than simply being flushed to zero.</para> 2199 </listitem> 2200 </itemizedlist> 2201 2202 <para>Programs which are known not to work are:</para> 2203 <itemizedlist> 2204 <listitem> 2205 <para>emacs starts up but immediately concludes it is out of 2206 memory and aborts. It may be that Memcheck does not provide 2207 a good enough emulation of the 2208 <computeroutput>mallinfo</computeroutput> function. 2209 Emacs works fine if you build it to use 2210 the standard malloc/free routines.</para> 2211 </listitem> 2212 </itemizedlist> 2213 2214</sect1> 2215 2216 2217<sect1 id="manual-core.example" xreflabel="An Example Run"> 2218<title>An Example Run</title> 2219 2220<para>This is the log for a run of a small program using Memcheck. 2221The program is in fact correct, and the reported error is as the 2222result of a potentially serious code generation bug in GNU g++ 2223(snapshot 20010527).</para> 2224 2225<programlisting><![CDATA[ 2226sewardj@phoenix:~/newmat10$ ~/Valgrind-6/valgrind -v ./bogon 2227==25832== Valgrind 0.10, a memory error detector for x86 RedHat 7.1. 2228==25832== Copyright (C) 2000-2001, and GNU GPL'd, by Julian Seward. 2229==25832== Startup, with flags: 2230==25832== --suppressions=/home/sewardj/Valgrind/redhat71.supp 2231==25832== reading syms from /lib/ld-linux.so.2 2232==25832== reading syms from /lib/libc.so.6 2233==25832== reading syms from /mnt/pima/jrs/Inst/lib/libgcc_s.so.0 2234==25832== reading syms from /lib/libm.so.6 2235==25832== reading syms from /mnt/pima/jrs/Inst/lib/libstdc++.so.3 2236==25832== reading syms from /home/sewardj/Valgrind/valgrind.so 2237==25832== reading syms from /proc/self/exe 2238==25832== 2239==25832== Invalid read of size 4 2240==25832== at 0x8048724: BandMatrix::ReSize(int,int,int) (bogon.cpp:45) 2241==25832== by 0x80487AF: main (bogon.cpp:66) 2242==25832== Address 0xBFFFF74C is not stack'd, malloc'd or free'd 2243==25832== 2244==25832== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) 2245==25832== malloc/free: in use at exit: 0 bytes in 0 blocks. 2246==25832== malloc/free: 0 allocs, 0 frees, 0 bytes allocated. 2247==25832== For a detailed leak analysis, rerun with: --leak-check=yes 2248]]></programlisting> 2249 2250<para>The GCC folks fixed this about a week before GCC 3.0 2251shipped.</para> 2252 2253</sect1> 2254 2255 2256<sect1 id="manual-core.warnings" xreflabel="Warning Messages"> 2257<title>Warning Messages You Might See</title> 2258 2259<para>Some of these only appear if you run in verbose mode 2260(enabled by <option>-v</option>):</para> 2261 2262 <itemizedlist> 2263 2264 <listitem> 2265 <para><computeroutput>More than 100 errors detected. Subsequent 2266 errors will still be recorded, but in less detail than 2267 before.</computeroutput></para> 2268 2269 <para>After 100 different errors have been shown, Valgrind becomes 2270 more conservative about collecting them. It then requires only the 2271 program counters in the top two stack frames to match when deciding 2272 whether or not two errors are really the same one. Prior to this 2273 point, the PCs in the top four frames are required to match. This 2274 hack has the effect of slowing down the appearance of new errors 2275 after the first 100. The 100 constant can be changed by recompiling 2276 Valgrind.</para> 2277 </listitem> 2278 2279 <listitem> 2280 <para><computeroutput>More than 1000 errors detected. I'm not 2281 reporting any more. Final error counts may be inaccurate. Go fix 2282 your program!</computeroutput></para> 2283 2284 <para>After 1000 different errors have been detected, Valgrind 2285 ignores any more. It seems unlikely that collecting even more 2286 different ones would be of practical help to anybody, and it avoids 2287 the danger that Valgrind spends more and more of its time comparing 2288 new errors against an ever-growing collection. As above, the 1000 2289 number is a compile-time constant.</para> 2290 </listitem> 2291 2292 <listitem> 2293 <para><computeroutput>Warning: client switching stacks?</computeroutput></para> 2294 2295 <para>Valgrind spotted such a large change in the stack pointer 2296 that it guesses the client is switching to 2297 a different stack. At this point it makes a kludgey guess where the 2298 base of the new stack is, and sets memory permissions accordingly. 2299 You may get many bogus error messages following this, if Valgrind 2300 guesses wrong. At the moment "large change" is defined as a change 2301 of more that 2000000 in the value of the 2302 stack pointer register.</para> 2303 </listitem> 2304 2305 <listitem> 2306 <para><computeroutput>Warning: client attempted to close Valgrind's 2307 logfile fd <number></computeroutput></para> 2308 2309 <para>Valgrind doesn't allow the client to close the logfile, 2310 because you'd never see any diagnostic information after that point. 2311 If you see this message, you may want to use the 2312 <option>--log-fd=<number></option> option to specify a 2313 different logfile file-descriptor number.</para> 2314 </listitem> 2315 2316 <listitem> 2317 <para><computeroutput>Warning: noted but unhandled ioctl 2318 <number></computeroutput></para> 2319 2320 <para>Valgrind observed a call to one of the vast family of 2321 <computeroutput>ioctl</computeroutput> system calls, but did not 2322 modify its memory status info (because nobody has yet written a 2323 suitable wrapper). The call will still have gone through, but you may get 2324 spurious errors after this as a result of the non-update of the 2325 memory info.</para> 2326 </listitem> 2327 2328 <listitem> 2329 <para><computeroutput>Warning: set address range perms: large range 2330 <number></computeroutput></para> 2331 2332 <para>Diagnostic message, mostly for benefit of the Valgrind 2333 developers, to do with memory permissions.</para> 2334 </listitem> 2335 2336 </itemizedlist> 2337 2338</sect1> 2339 2340 2341 2342 2343 2344 2345</chapter> 2346