I am seeing a leak in my program. It does not get caught with "valgrind memcheck" ( I confirmed this with summary report, it was no were near the top usage I can see). I could get something closer to my memory usage upon using "valgrind massif --pages-as-heap".
However it does not report a full Traceback for the portion thats does mmap and allocates big portions of memory and I can't do a examine of memory allocation also because I can collect massif output only after program is killed.
Another thing i tried was to inspect the memory blocks taking lot of RSS space. However I don't know how to look at the contents of the memory block reported by pmap. putting that addr on gdb dint help. I heard some address randomization is used by gdb. Can some one help me how to get the symbol that corresponds to the memory location reported by pmap output.
putting that addr on gdb dint help.
I don't know what you mean by "putting that addr on gdb", but doing that correctly will help.
I heard some address randomization is used by gdb.
You heard wrong: GDB doesn't do any randomization by itself, and it (by default) disables randomization that OS performs, so as to make debugging easier and more reproducible.
Can some one help me how to get the symbol that corresponds to the memory location reported by pmap output.
You are confused: heap allocated memory doesn't have any symbols by definition.
Ok, so let's work through example of examinining memory that is visible in pmap with GDB. Let's start by compiling this program, which builds a 1 million long linked list with some strings in it:
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
typedef struct Node { struct Node *next; char payload[64]; } Node;
int main()
{
int j;
Node *head = NULL;
for (j = 0; j < 1000000; j++) {
Node *n = malloc(sizeof(*n));
n->next = head;
sprintf(n->payload, "string %d", j);
head = n;
}
return 0;
}
gcc -Wall -g -std=c99 t.c && gdb -q ./a.out
(gdb) b 17
Breakpoint 1 at 0x4005e3: file t.c, line 17.
(gdb) r
Starting program: /tmp/a.out
Breakpoint 1, main () at t.c:17
17 return 0;
Now we can examine the program with pmap:
(gdb) info prog
Using the running image of child process 23785.
Program stopped at 0x4005e3.
It stopped at breakpoint 1.
Type "info stack" or "info registers" for more information.
(gdb) shell pmap 23785
23785: /tmp/a.out
0000000000400000 4K r-x-- a.out
0000000000600000 4K r---- a.out
0000000000601000 4K rw--- a.out
0000000000602000 78144K rw--- [ anon ]
00007ffff7a11000 1784K r-x-- libc-2.19.so
00007ffff7bcf000 2048K ----- libc-2.19.so
00007ffff7dcf000 16K r---- libc-2.19.so
00007ffff7dd3000 8K rw--- libc-2.19.so
00007ffff7dd5000 20K rw--- [ anon ]
00007ffff7dda000 140K r-x-- ld-2.19.so
00007ffff7fd1000 12K rw--- [ anon ]
00007ffff7ff6000 8K rw--- [ anon ]
00007ffff7ff8000 8K r---- [ anon ]
00007ffff7ffa000 8K r-x-- [ anon ]
00007ffff7ffc000 4K r---- ld-2.19.so
00007ffff7ffd000 4K rw--- ld-2.19.so
00007ffff7ffe000 4K rw--- [ anon ]
00007ffffffde000 132K rw--- [ stack ]
ffffffffff600000 4K r-x-- [ anon ]
total 82356K
It seems pretty clear that the anon space of 78MiB starting at 0x602000 must be where most of our data is. (You can also verify this by stepping a few times through the loop.)
How can we look at this data? Like so:
(gdb) x/30gx 0x602000
0x602000: 0x0000000000000000 0x0000000000000051
0x602010: 0x0000000000000000 0x3020676e69727473
0x602020: 0x0000000000000000 0x0000000000000000
0x602030: 0x0000000000000000 0x0000000000000000
0x602040: 0x0000000000000000 0x0000000000000000
0x602050: 0x0000000000000000 0x0000000000000051
0x602060: 0x0000000000602010 0x3120676e69727473
0x602070: 0x0000000000000000 0x0000000000000000
0x602080: 0x0000000000000000 0x0000000000000000
0x602090: 0x0000000000000000 0x0000000000000000
0x6020a0: 0x0000000000000000 0x0000000000000051
0x6020b0: 0x0000000000602060 0x3220676e69727473
0x6020c0: 0x0000000000000000 0x0000000000000000
0x6020d0: 0x0000000000000000 0x0000000000000000
0x6020e0: 0x0000000000000000 0x0000000000000000
Immediately you can notice that at 0x602018, at 0x602068 and at 0x6020b8 there are ASCII strings.
You can examine these strings like so:
(gdb) x/s 0x602018
0x602018: "string 0"
(gdb) x/s 0x602068
0x602068: "string 1"
(gdb) x/s 0x6020b8
0x6020b8: "string 2"
You can also notice that at 0x602060 there is a pointer to 0x602010, and at 0x6020b0 there is a pointer to 0x602060.
That gives you a guess that there is a Node at 0x602060, and another at 0x6020b0. You can confirm this guess:
(gdb) p *(Node*)0x602060
$1 = {next = 0x602010, payload = "string 1", '\000' <repeats 55 times>}
(gdb) p *(Node*)0x6020b0
$2 = {next = 0x602060, payload = "string 2", '\000' <repeats 55 times>}
And that's all there is to it.
Related
Consider the following piece of code:
#include
#include
int main () {
char *str;
/* Initial memory allocation */
str = (char *) malloc(15);
strcpy(str, "tutorialspoint");
printf("String = %s, Address = %u\n", str, str);
str = NULL;
free(str);
return(0);
}
Why does the above program cause a memory leak? How do I avoid this?
An error is thought to occur in "str = NULL;". Why?
valgrind log:
==4143== Memcheck, a memory error detector
==4143== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==4143== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==4143== Command: ./a.out
==4143==
String = tutorialspoint, Address = 86097984
==4143==
==4143== HEAP SUMMARY:
==4143== in use at exit: 15 bytes in 1 blocks
==4143== total heap usage: 2 allocs, 1 frees, 1,039 bytes allocated
==4143==
==4143== 15 bytes in 1 blocks are definitely lost in loss record 1 of 1
==4143== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4143== by 0x1086EB: main (in /home/stack/a.out)
==4143==
==4143== LEAK SUMMARY:
==4143== definitely lost: 15 bytes in 1 blocks
==4143== indirectly lost: 0 bytes in 0 blocks
==4143== possibly lost: 0 bytes in 0 blocks
==4143== still reachable: 0 bytes in 0 blocks
==4143== suppressed: 0 bytes in 0 blocks
==4143==
==4143== For counts of detected and suppressed errors, rerun with: -v
==4143== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
free(str); frees the space pointed to by str, where str is the space obtained by malloc. Because of the line str = NULL; happens before the free, free is attempting to deallocate the memory position at location 0. By definition in the C standard, this does nothing. It is common to set a pointer to 0 after it is deleted, so that if one were to accidentally attempt to delete it again, nothing happens.
To fix you code, you simply need to swap the lines str = NULL; and free(str);
I created a new swift project, and changed nothing to the project. It is just an empty swift project. If I choose to run on iPhone 6, the springboard will crash. But if I choose others (like iPhone 5s or resizeable iPhone, even iPhone 6 Plus), the empty project works fine.
Does anyone know what's wrong with my xcode? And how should I deal with this problem?
The error message was so long that I cannot attach the whole message here. I'll choose some part that seems important to me.
Process: SpringBoard [1047]
Path: /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk/System/Library/CoreServices/SpringBoard.app/SpringBoard
Identifier: SpringBoard
Version: 1.0 (50)
Code Type: X86-64 (Native)
Parent Process: launchd_sim [1035]
Responsible: launchd_sim [1035]
User ID: 501
OS Version: Mac OS X 10.10.2 (14C109)
Report Version: 11
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Application Specific Information:
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** setObjectForKey: key cannot be nil'
terminating with uncaught exception of type NSException
abort() called
CoreSimulator 110.4 - Device: iPhone 6 - Runtime: iOS 8.1 (12B411) - DeviceType: iPhone 6
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 714
thread_create: 0
thread_set_state: 160
VM Region Summary:
ReadOnly portion of Libraries: Total=283.3M resident=110.5M(39%) swapped_out_or_unallocated=172.8M(61%)
Writable regions: Total=176.0M written=49.6M(28%) resident=67.4M(38%) swapped_out=0K(0%) unallocated=108.6M(62%)
REGION TYPE VIRTUAL
=========== =======
CG raster data 2252K
CoreAnimation 324K
CoreData Object IDs 4100K
CoreServices 524K
CoreUI image data 240K
Dispatch continuations 8192K
Foundation 4K
Image IO 12K
Kernel Alloc Once 8K
MALLOC 105.3M
MALLOC (admin) 32K
OpenGL GLSL 128K
SQLite page cache 128K
STACK GUARD 56.1M
Stack 21.8M
VM_ALLOCATE 16.7M
__DATA 35.2M
__GLSLBUILTINS 952K
__LINKEDIT 70.9M
__TEXT 212.5M
__UNICODE 544K
mapped file 89.9M
shared memory 68K
=========== =======
TOTAL 625.5M
Model: MacBookAir6,2, BootROM MBA61.0099.B18, 2 processors, Intel Core i5, 1.3 GHz, 4 GB, SMC 2.13f15
Graphics: Intel HD Graphics 5000, Intel HD Graphics 5000, Built-In
Memory Module: BANK 0/DIMM0, 2 GB, DDR3, 1600 MHz, 0x02FE, 0x45424A3230554638454455302D474E2D4620
Memory Module: BANK 1/DIMM0, 2 GB, DDR3, 1600 MHz, 0x02FE, 0x45424A3230554638454455302D474E2D4620
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x117), Broadcom BCM43xx 1.0 (7.15.159.13.12)
Bluetooth: Version 4.3.2f6 15235, 3 services, 27 devices, 1 incoming serial ports
Network Service: Wi-Fi, AirPort, en0
Network Service: Thunderbolt Bridge, Ethernet, bridge0
Serial ATA Device: APPLE SSD SD0256F, 251 GB
USB Device: Internal Memory Card Reader
USB Device: BRCM20702 Hub
USB Device: Bluetooth USB Host Controller
Thunderbolt Bus: MacBook Air, Apple Inc., 23.6
The problem was solved automatically after I update my Xcode into the latest version.
If you have a possible answer for the question, you are still welcomed to answer the question.
I want to dump the memory pages of a process once it finishes execution. I'm trying to use gdb for that, First I set break points at exit and _exit then I run the process inside gdb, once the process breaks I use info proc mappings to get the memory map of the process. it looks like the following:
Mapped address spaces:
Start Addr End Addr Size Offset objfile
0x400000 0x415000 0x15000 0x0 /path/workspace/freqmine
0x614000 0x615000 0x1000 0x14000 /path/workspace/freqmine
0x615000 0x616000 0x1000 0x15000 /path/workspace/freqmine
0x616000 0x129b000 0xc85000 0x0 [heap]
0x7ffff71f4000 0x7ffff720a000 0x16000 0x0 /lib/x86_64-linux-gnu/libgcc_s.so.1
0x7ffff720a000 0x7ffff7409000 0x1ff000 0x16000 /lib/x86_64-linux-gnu/libgcc_s.so.1
0x7ffff7409000 0x7ffff740a000 0x1000 0x15000 /lib/x86_64-linux-gnu/libgcc_s.so.1
0x7ffff740a000 0x7ffff750f000 0x105000 0x0 /lib/x86_64-linux-gnu/libm-2.19.so
0x7ffff750f000 0x7ffff770e000 0x1ff000 0x105000 /lib/x86_64-linux-gnu/libm-2.19.so
0x7ffff770e000 0x7ffff770f000 0x1000 0x104000 /lib/x86_64-linux-gnu/libm-2.19.so
0x7ffff770f000 0x7ffff7710000 0x1000 0x105000 /lib/x86_64-linux-gnu/libm-2.19.so
0x7ffff7710000 0x7ffff78cb000 0x1bb000 0x0 /lib/x86_64-linux-gnu/libc-2.19.so
0x7ffff78cb000 0x7ffff7acb000 0x200000 0x1bb000 /lib/x86_64-linux-gnu/libc-2.19.so
0x7ffff7acb000 0x7ffff7acf000 0x4000 0x1bb000 /lib/x86_64-linux-gnu/libc-2.19.so
0x7ffff7acf000 0x7ffff7ad1000 0x2000 0x1bf000 /lib/x86_64-linux-gnu/libc-2.19.so
0x7ffff7ad1000 0x7ffff7ad6000 0x5000 0x0
0x7ffff7ad6000 0x7ffff7bbc000 0xe6000 0x0 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
0x7ffff7bbc000 0x7ffff7dbb000 0x1ff000 0xe6000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
0x7ffff7dbb000 0x7ffff7dc3000 0x8000 0xe5000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
0x7ffff7dc3000 0x7ffff7dc5000 0x2000 0xed000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
0x7ffff7dc5000 0x7ffff7dda000 0x15000 0x0
0x7ffff7dda000 0x7ffff7dfd000 0x23000 0x0 /lib/x86_64-linux-gnu/ld-2.19.so
0x7ffff7fce000 0x7ffff7fd3000 0x5000 0x0
0x7ffff7ff7000 0x7ffff7ffa000 0x3000 0x0
0x7ffff7ffa000 0x7ffff7ffc000 0x2000 0x0 [vdso]
0x7ffff7ffc000 0x7ffff7ffd000 0x1000 0x22000 /lib/x86_64-linux-gnu/ld-2.19.so
0x7ffff7ffd000 0x7ffff7ffe000 0x1000 0x23000 /lib/x86_64-linux-gnu/ld-2.19.so
0x7ffff7ffe000 0x7ffff7fff000 0x1000 0x0
0x7ffffffdd000 0x7ffffffff000 0x22000 0x0 [stack]
0xffffffffff600000 0xffffffffff601000 0x1000 0x0 [vsyscall]
Now I have two questions, first: getconf PAGESIZE on my machine returns 4096 which is equal to 0x1000, some of these memory spaces have different sizes though. how is that possible? are these spaces memory pages or just logical spaces? if these are not memory pages, how can I view the addresses of memory pages, or even directly dump memory pages to files?
my second question is the following: these addresses are supposed to be virtual addresses viewed by the program (not physical addresses), so why doesn't the program space start at 0? if I try to dump the memory starting from address 0 I get the following error: Cannot access memory at address 0x0. also why are there some regions in between these memory spaces that cannot be accessed (the region after the heap for example)? shouldn't the virtual space of a process be contiguous?
some of these memory spaces have different sizes though. how is that possible?
Easy: they span multiple pages (note that all of their sizes are multiples of 0x1000).
are these spaces memory pages or just logical spaces?
They are spans of one or more pages that have the same underlying mapping (the same file) and the same protections. I am not sure what exactly you call "logical spaces", but chances are you can call them that.
these addresses are supposed to be virtual addresses viewed by the program (not physical addresses),
Correct.
so why doesn't the program space start at 0?
Because long time ago VAX machines used to map something at address 0, and that made finding NULL pointer dereferences hard (they didn't crash). This was decided to be a bad idea, so later UNIX variants do not map zero page, and any attempt to dereference a NULL pointer causes SIGSEGV, helping you to debug your programs.
I am currently using Xcode 5 on my Macbook Pro which is running OSX Yosemite. I am trying to create an outlet from a UIWebview to a header file. When I let go of my mouse to create the connection, Xcode freezes and crashes. This is repeatedly happening no matter what I have done. I have tried restarting Xcode and my Macbook. Does anyone else have this problem or know how to fix it? Thanks!
I have added the logs from the crash(I couldn't include the backtrace because it exceeded the maximum characters in the body)
Process: Xcode [1631]
Path: /Applications/Xcode.app/Contents/MacOS/Xcode
Identifier: com.apple.dt.Xcode
Version: 5.1.1 (5085)
Build Info: IDEFrameworks-5085000000000000~10
App Item ID: 497799835
App External ID: 520942841
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: Xcode [1631]
User ID: 502
Date/Time: 2014-06-26 21:50:34.616 -0400
OS Version: Mac OS X 10.10 (14A238x)
Report Version: 11
Anonymous UUID: 6D3E70F1-91EB-79A5-FAB6-2929D7E8A66F
Sleep/Wake UUID: C86C5452-A655-43AA-9D11-92BE0F080F3E
Time Awake Since Boot: 11000 seconds
Time Since Wake: 510 seconds
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Application Specific Information:
ProductBuildVersion: 5B1008
ASSERTION FAILURE in /SourceCache/DVTFrameworks/DVTFrameworks-5074/DVTKit/ViewControllers/DVTControllerContentView.m:280
Details: <DVTControllerContentView: 0x7fe687d170a0> can only have one subview, its contentView
Object: <DVTControllerContentView: 0x7fe687d170a0>
Method: -addSubview:
Thread: <NSThread: 0x7fe682d086a0>{number = 1, name = main}
Hints: None
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 1
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 4286
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=404.2M resident=289.4M(72%) swapped_out_or_unallocated=114.9M(28%)
Writable regions: Total=1.2G written=71.9M(6%) resident=141.4M(11%) swapped_out=0K(0%) unallocated=1.1G(89%)
REGION TYPE VIRTUAL
=========== =======
Activity Tracing 2048K
CG backing stores 4084K
CG image 19.3M
CG raster data 92K
CG shared images 1324K
CoreAnimation 880K
CoreAnimation (reserved) 12K reserved VM address space (unallocated)
CoreData Object IDs 4100K
CoreImage 264K
CoreUI image data 180K
Dispatch continuations 4096K
Foundation 16K
IOKit 13.8M
IOKit (reserved) 4K reserved VM address space (unallocated)
Image IO 700K
JS JIT generated code 8K
JS JIT generated code (reserved) 1.0G reserved VM address space (unallocated)
Kernel Alloc Once 8K
MALLOC 114.7M
MALLOC (admin) 32K
Memory Tag 242 12K
Memory Tag 249 156K
Memory Tag 251 80K
OpenCL 16K
OpenGL GLSL 256K
SQLite page cache 4352K
STACK GUARD 56.1M
Stack 15.7M
VM_ALLOCATE 16.9M
WebKit Malloc 464K
__DATA 60.1M
__GLSLBUILTINS 2588K
__IMAGE 528K
__LINKEDIT 100.5M
__TEXT 304.0M
__UNICODE 544K
mapped file 152.6M
shared memory 68K
=========== =======
TOTAL 1.9G
TOTAL, minus reserved VM space 879.9M
Model: MacBookPro7,1, BootROM MBP71.0039.B0E, 2 processors, Intel Core 2 Duo, 2.4 GHz, 8 GB, SMC 1.62f7
Graphics: NVIDIA GeForce 320M, NVIDIA GeForce 320M, PCI, 256 MB
Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1067 MHz, 0x859B, 0x435435313236344243313036372E4D313646
Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1067 MHz, 0x859B, 0x435435313236344243313036372E4D313646
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x8D), Broadcom BCM43xx 1.0 (5.106.98.100.24)
Bluetooth: Version 4.3.0d49 14130, 3 services, 16 devices, 1 incoming serial ports
Network Service: Wi-Fi, AirPort, en1
Serial ATA Device: Hitachi HTS545032B9SA02, 320.07 GB
Serial ATA Device: HL-DT-ST DVDRW GS23N
USB Device: Built-in iSight
USB Device: Internal Memory Card Reader
USB Device: BRCM2046 Hub
USB Device: Bluetooth USB Host Controller
USB Device: IR Receiver
USB Device: Apple Internal Keyboard / Trackpad
Thunderbolt Bus:
I think you should declare a IBOutlet in your header file. And then in Storyboard you try to connect the header file.
Have you ever tried to clean your product(Product->Clean)?
Then, open the xib file as source code and delete your IBOutlet info. Maybe XCode get confused about your IBOutlet.
As we all know, memory layout has four segments as follows
Heap
Data Segment Read/Write permission
code segment Read/Execute permission
Stack
I would like to know the access permission for heap and stack segments.
I have written simple x86 OS to load elf image.
Which the roughly layout of the four segment is as:
Code segment
Data segment
Heap
Stack
You can get the layout in linux by:
sudo pmap <pid>
0000000000400000 384K r-x-- /usr/local/bin/tmux
0000000000660000 8K rw--- /usr/local/bin/tmux
0000000000662000 108K rw--- [ anon ]
0000000001242000 132K rw--- [ anon ]
0000000001263000 2868K rw--- [ anon ]
00000037ba400000 128K r-x-- /lib64/ld-2.12.so
...
00007fff4f411000 84K rw--- [ stack ]
00007fff4f55c000 4K r-x-- [ anon ]
ffffffffff600000 4K r-x-- [ anon ]
The first segment is for executable image. Second is for the read only data. Then goes the heap. The heap in linux which allocated by malloc was called Anonymous segment. In the address near 00008000 00000000 is the stack addresses.
Which stack grow downside, and heap grow upside from the address after the data segment of program.
Then you could found the permission of the heap and stack are all read/write permission.
Ps. I'm not quite sure why there are so many Anonymous segment as I haven't go to so detail of linux for a long time. But in my x86 simple OS, heap start after data segment with alignment and padding.