1 2Building and not installing it 3~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4To run Valgrind without having to install it, run coregrind/valgrind 5with the VALGRIND_LIB environment variable set, where <dir> is the root 6of the source tree (and must be an absolute path). Eg: 7 8 VALGRIND_LIB=~/grind/head4/.in_place ~/grind/head4/coregrind/valgrind 9 10This allows you to compile and run with "make" instead of "make install", 11saving you time. 12 13Or, you can use the 'vg-in-place' script which does that for you. 14 15I recommend compiling with "make --quiet" to further reduce the amount of 16output spewed out during compilation, letting you actually see any errors, 17warnings, etc. 18 19 20Building a distribution tarball 21~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 22To build a distribution tarball from the valgrind sources: 23 24 make dist 25 26In addition to compiling, linking and packaging everything up, the command 27will also attempt to build the documentation. 28 29If you only want to test whether the generated tarball is complete and runs 30regression tests successfully, building documentation is not needed. 31 32 make dist BUILD_ALL_DOCS=no 33 34If you insist on building documentation some embarrassing instructions 35can be found in docs/README. 36 37 38Running the regression tests 39~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 40To build and run all the regression tests, run "make [--quiet] regtest". 41 42To run a subset of the regression tests, execute: 43 44 perl tests/vg_regtest <name> 45 46where <name> is a directory (all tests within will be run) or a single 47.vgtest test file, or the name of a program which has a like-named .vgtest 48file. Eg: 49 50 perl tests/vg_regtest memcheck 51 perl tests/vg_regtest memcheck/tests/badfree.vgtest 52 perl tests/vg_regtest memcheck/tests/badfree 53 54 55Running the performance tests 56~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 57To build and run all the performance tests, run "make [--quiet] perf". 58 59To run a subset of the performance suite, execute: 60 61 perl perf/vg_perf <name> 62 63where <name> is a directory (all tests within will be run) or a single 64.vgperf test file, or the name of a program which has a like-named .vgperf 65file. Eg: 66 67 perl perf/vg_perf perf/ 68 perl perf/vg_perf perf/bz2.vgperf 69 perl perf/vg_perf perf/bz2 70 71To compare multiple versions of Valgrind, use the --vg= option multiple 72times. For example, if you have two Valgrinds next to each other, one in 73trunk1/ and one in trunk2/, from within either trunk1/ or trunk2/ do this to 74compare them on all the performance tests: 75 76 perl perf/vg_perf --vg=../trunk1 --vg=../trunk2 perf/ 77 78 79Debugging Valgrind with GDB 80~~~~~~~~~~~~~~~~~~~~~~~~~~~ 81To debug the valgrind launcher program (<prefix>/bin/valgrind) just 82run it under gdb in the normal way. 83 84Debugging the main body of the valgrind code (and/or the code for 85a particular tool) requires a bit more trickery but can be achieved 86without too much problem by following these steps: 87 88(1) Set VALGRIND_LAUNCHER to point to the valgrind executable. Eg: 89 90 export VALGRIND_LAUNCHER=/usr/local/bin/valgrind 91 92 or for an uninstalled version in a source directory $DIR: 93 94 export VALGRIND_LAUNCHER=$DIR/coregrind/valgrind 95 96(2) Run gdb on the tool executable. Eg: 97 98 gdb /usr/local/lib/valgrind/ppc32-linux/lackey 99 100 or 101 102 gdb $DIR/.in_place/x86-linux/memcheck 103 104(3) Do "handle SIGSEGV SIGILL nostop noprint" in GDB to prevent GDB from 105 stopping on a SIGSEGV or SIGILL: 106 107 (gdb) handle SIGILL SIGSEGV nostop noprint 108 109(4) Set any breakpoints you want and proceed as normal for gdb. The 110 macro VG_(FUNC) is expanded to vgPlain_FUNC, so If you want to set 111 a breakpoint VG_(do_exec), you could do like this in GDB: 112 113 (gdb) b vgPlain_do_exec 114 115(5) Run the tool with required options (the --tool option is required 116 for correct setup), e.g. 117 118 (gdb) run --tool=lackey pwd 119 120Steps (1)--(3) can be put in a .gdbinit file, but any directory names must 121be fully expanded (ie. not an environment variable). 122 123A different and possibly easier way is as follows: 124 125(1) Run Valgrind as normal, but add the flag --wait-for-gdb=yes. This 126 puts the tool executable into a wait loop soon after it gains 127 control. This delays startup for a few seconds. 128 129(2) In a different shell, do "gdb /proc/<pid>/exe <pid>", where 130 <pid> you read from the output printed by (1). This attaches 131 GDB to the tool executable, which should be in the abovementioned 132 wait loop. 133 134(3) Do "cont" to continue. After the loop finishes spinning, startup 135 will continue as normal. Note that comment (3) above re passing 136 signals applies here too. 137 138 139Self-hosting 140~~~~~~~~~~~~ 141This section explains : 142 (A) How to configure Valgrind to run under Valgrind. 143 Such a setup is called self hosting, or outer/inner setup. 144 (B) How to run Valgrind regression tests in a 'self-hosting' mode, 145 e.g. to verify Valgrind has no bugs such as memory leaks. 146 (C) How to run Valgrind performance tests in a 'self-hosting' mode, 147 to analyse and optimise the performance of Valgrind and its tools. 148 149(A) How to configure Valgrind to run under Valgrind: 150 151(1) Check out 2 trees, "Inner" and "Outer". Inner runs the app 152 directly. Outer runs Inner. 153 154(2) Configure inner with --enable-inner and build/install as usual. 155 156(3) Configure Outer normally and build/install as usual. 157 158(4) Choose a very simple program (date) and try 159 160 outer/.../bin/valgrind --sim-hints=enable-outer --trace-children=yes \ 161 --smc-check=all-non-file \ 162 --run-libc-freeres=no --tool=cachegrind -v \ 163 inner/.../bin/valgrind --vgdb-prefix=./inner --tool=none -v prog 164 165Note: You must use a "make install"-ed valgrind. 166Do *not* use vg-in-place for the outer valgrind. 167 168If you omit the --trace-children=yes, you'll only monitor Inner's launcher 169program, not its stage2. Outer needs --run-libc-freeres=no, as otherwise 170it will try to find and run __libc_freeres in the inner, while libc is not 171used by the inner. Inner needs --vgdb-prefix=./inner to avoid inner 172gdbserver colliding with outer gdbserver. 173Currently, inner does *not* use the client request 174VALGRIND_DISCARD_TRANSLATIONS for the JITted code or the code patched for 175translation chaining. So the outer needs --smc-check=all-non-file to 176detect the modified code. 177 178Debugging the whole thing might imply to use up to 3 GDB: 179 * a GDB attached to the Outer valgrind, allowing 180 to examine the state of Outer. 181 * a GDB using Outer gdbserver, allowing to 182 examine the state of Inner. 183 * a GDB using Inner gdbserver, allowing to 184 examine the state of prog. 185 186The whole thing is fragile, confusing and slow, but it does work well enough 187for you to get some useful performance data. Inner has most of 188its output (ie. those lines beginning with "==<pid>==") prefixed with a '>', 189which helps a lot. However, when running regression tests in an Outer/Inner 190setup, this prefix causes the reg test diff to fail. Give 191--sim-hints=no-inner-prefix to the Inner to disable the production 192of the prefix in the stdout/stderr output of Inner. 193 194The allocator (coregrind/m_mallocfree.c) is annotated with client requests 195so Memcheck can be used to find leaks and use after free in an Inner 196Valgrind. 197 198The Valgrind "big lock" is annotated with helgrind client requests 199so helgrind and drd can be used to find race conditions in an Inner 200Valgrind. 201 202All this has not been tested much, so don't be surprised if you hit problems. 203 204When using self-hosting with an outer Callgrind tool, use '--pop-on-jump' 205(on the outer). Otherwise, Callgrind has much higher memory requirements. 206 207(B) Regression tests in an outer/inner setup: 208 209 To run all the regression tests with an outer memcheck, do : 210 perl tests/vg_regtest --outer-valgrind=../outer/.../bin/valgrind \ 211 --all 212 213 To run a specific regression tests with an outer memcheck, do: 214 perl tests/vg_regtest --outer-valgrind=../outer/.../bin/valgrind \ 215 none/tests/args.vgtest 216 217 To run regression tests with another outer tool: 218 perl tests/vg_regtest --outer-valgrind=../outer/.../bin/valgrind \ 219 --outer-tool=helgrind --all 220 221 --outer-args allows to give specific arguments to the outer tool, 222 replacing the default one provided by vg_regtest. 223 224Note: --outer-valgrind must be a "make install"-ed valgrind. 225Do *not* use vg-in-place. 226 227When an outer valgrind runs an inner valgrind, a regression test 228produces one additional file <testname>.outer.log which contains the 229errors detected by the outer valgrind. E.g. for an outer memcheck, it 230contains the leaks found in the inner, for an outer helgrind or drd, 231it contains the detected race conditions. 232 233The file tests/outer_inner.supp contains suppressions for 234the irrelevant or benign errors found in the inner. 235 236(C) Performance tests in an outer/inner setup: 237 238 To run all the performance tests with an outer cachegrind, do : 239 perl perf/vg_perf --outer-valgrind=../outer/.../bin/valgrind perf 240 241 To run a specific perf test (e.g. bz2) in this setup, do : 242 perl perf/vg_perf --outer-valgrind=../outer/.../bin/valgrind perf/bz2 243 244 To run all the performance tests with an outer callgrind, do : 245 perl perf/vg_perf --outer-valgrind=../outer/.../bin/valgrind \ 246 --outer-tool=callgrind perf 247 248Note: --outer-valgrind must be a "make install"-ed valgrind. 249Do *not* use vg-in-place. 250 251 To compare the performance of multiple Valgrind versions, do : 252 perl perf/vg_perf --outer-valgrind=../outer/.../bin/valgrind \ 253 --outer-tool=callgrind \ 254 --vg=../inner_xxxx --vg=../inner_yyyy perf 255 (where inner_xxxx and inner_yyyy are the toplevel directories of 256 the versions to compare). 257 Cachegrind and cg_diff are particularly handy to obtain a delta 258 between the two versions. 259 260When the outer tool is callgrind or cachegrind, the following 261output files will be created for each test: 262 <outertoolname>.out.<inner_valgrind_dir>.<tt>.<perftestname>.<pid> 263 <outertoolname>.outer.log.<inner_valgrind_dir>.<tt>.<perftestname>.<pid> 264 (where tt is the two letters abbreviation for the inner tool(s) run). 265 266For example, the command 267 perl perf/vg_perf \ 268 --outer-valgrind=../outer_trunk/install/bin/valgrind \ 269 --outer-tool=callgrind \ 270 --vg=../inner_tchain --vg=../inner_trunk perf/many-loss-records 271 272produces the files 273 callgrind.out.inner_tchain.no.many-loss-records.18465 274 callgrind.outer.log.inner_tchain.no.many-loss-records.18465 275 callgrind.out.inner_tchain.me.many-loss-records.21899 276 callgrind.outer.log.inner_tchain.me.many-loss-records.21899 277 callgrind.out.inner_trunk.no.many-loss-records.21224 278 callgrind.outer.log.inner_trunk.no.many-loss-records.21224 279 callgrind.out.inner_trunk.me.many-loss-records.22916 280 callgrind.outer.log.inner_trunk.me.many-loss-records.22916 281 282 283Printing out problematic blocks 284~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 285If you want to print out a disassembly of a particular block that 286causes a crash, do the following. 287 288Try running with "--vex-guest-chase-thresh=0 --trace-flags=10000000 289--trace-notbelow=999999". This should print one line for each block 290translated, and that includes the address. 291 292Then re-run with 999999 changed to the highest bb number shown. 293This will print the one line per block, and also will print a 294disassembly of the block in which the fault occurred. 295