How to use libumem to find a bad free call
Thoughts on developer tools.

Wednesday March 22, 2006

How to use libumem to find a bad free call I have not seen any good simple tutorials on how to use libumem for debugging.  (Unless you also want to learn how to use mdb).  So I wrote a simple example.

% more t.c

#include 
#include 
int main()
{
    int i;
    free(&i);
    i = 10;
    char * p = (char *) malloc(1000);
}

This program has a bug, and it might crash or it might not. It might crash right away, or it might crash after running longer (if it had more code after the bug). Using libumem with default options, will cause more basic assertion checking.

% cc -g t.c
% a.out
% # notice no crash
% LD_PRELOAD=/lib/libumem.so ./a.out
Abort (core dumped)
% dbx -c 'where;quit' - core
Corefile specified executable: "/home/quenelle/./a.out"
Reading a.out
core file header read successfully
Reading ld.so.1
Reading libumem.so.1
Reading libc.so.1
Reading libc_psr.so.1
program terminated by signal ABRT (Abort)
0xff2c0f90: __lwp_kill+0x0008:  bcc,a,pt  %icc,__lwp_kill+0x18  ! 0xff2c0fa0
Current function is main
    8       free(&i);
  [1] __lwp_kill(0x0, 0x6, 0x0, 0x0, 0x0, 0x0), at 0xff2c0f90
  [2] raise(0x6, 0x0, 0x20f90, 0xff36b7cc, 0xff38a000, 0xff38abc4), at 0xff25fd78
  [3] umem_do_abort(0x4, 0xffbfe6c0, 0x6, 0x20ecc, 0xff37680c, 0x0), at 0xff3690fc
  [4] umem_err_recoverable(0xff377818, 0xa, 0x20dc4, 0xff38a6fc, 0xff38d0d0, 0xff377823), at 0xff3692a0
  [5] process_free(0xffbfe9d8, 0x1, 0x0, 0x3e3a1000, 0x1ee5c, 0x20c28), at 0xff36b2b0
=>[6] main(), line 8 in "t.c"

Abort (core dumped)

This trick can often be used to find the place where your malloc/free bug happened.  There are some environment variables you can use to control the behavior of libumem. You can read more about them in the umem_debug man page.  You can also find out more about libumem by reading the various white papers that are available.  You do a google search on "libumem" or "libumem solaris" to find out more.

Posted by Chris Quenelle ( Mar 22 2006, 04:53:07 PM PST ) - Permalink - Comments [2] - Development Tools

Older blog entries:

• Blog relocation
• C++ and OpenMP runtime libraries in Solaris
• command-not-found for OpenSolaris?
• Goodbye Solaris 9 (for Sun Studio)
• git user's guide?
• New Sun Studio FAQ site
• Dbx versus gdb
• Django (actually MySQL-python) and RPATH
• SXDE 5/07 -- Solaris Express Developers Edition
• Debugging tips for threaded programs on Solaris
• New dbx blog!
• libumem dbx module update (works on Solaris 9 now)
• Using dbx and libumem to find memory problems
• Latest Sun dwarf extensions
• dbx .ldynsym support - stack traces for stripped programs
• Using LDAP inside Sun
• gnome kstats
• Calling Sun Studio users...
• Compiler options by category and platform
• What do you call 64-bits?
• Sun Studio resources on genunix.org
• mod_auth_ldap
• Find Data Races and Deadlocks
• Goodbye -xarch=amd64, hello -m64
• Intel and Sun
• Sun Studio Express 3 lives again!
• Sun Studio Express 3 -- bad tarballs
• Sun Studio Wiki
• Introduction to Functional Programming Concepts
• OpenID starting to take off (finally)
• Dwarf and XML
• Sun Studio Express 3 (new GUI!)
• The latest Nevada/dbx bug
• Patch Check Advanced
• Dbx help docs in HTML
• Performancing at work.
• Performancing
• I keep forgetting how closures work...
• malloc interposition can't possibly work reliabily
• Dbx can crash with g++ symbols
• Sun Studio and patchadd -G
• Linux dbx patch available!! (for Sun Studio 11)
• Enterprise versus The Developer
• Data Race in my last example
• Graphical display of thread synchronization
• Attempting to tame StarOffice HTML
• My single greatest accomplishment
• Empty hallways ...
• Red Hat versus Ubuntu
• Markets without Marketing
• Instruction set selection in Sun Studio and gcc (Grudge match: -xarch versus -fast)
• Linux compilers update
• Community and Terminology
• Data Race Detection Tool and Sun Studio Express
• Fast threads
• /bin considered harmful
• AMD64 Nevada b37-b40 doesn't like dbx
• Solaris 10: Ack! Where did my archive libraries go?
• Anti-help
• Taking the plunge!
• Why can't dbx find my function?
• Solaris Day at the University of Washington
• Getting started with dtrace
• parallel features of dmake and gmake
• Linux headers are gcc-specific
• 32 versus 64-bit programs
• Sun Studio and Solaris integration
• Conform
• How to use libumem to find a bad free call
• Reporting bugs
• New blog theme
• Blogging client
• Page-o-links (good Sun Studio links!)
• Installing dual boot
• Blogger RTE editor
• Optimizing synchronization
• Keysigning...
• Sun email servers
• FREE SUPPORT for Sun Studio compilers and tools
• Using separate .dbg files with dbx
• Beyond Java
• CMT and MT
• Johnny L's layup
• misligned ELF section headers
• Sun Studio IDE -- turning off locals
• Two bad Solaris bugs that affect dbx users
• Supporting threads is harder than it seems
• Non-java developers unite!
• Sun Studio 11, less expensive than ever!
• Importing debug information into dbx
• The story of lazy stabs
• java google toolbar
• MAP_NORESERVE and dbx
• debug info in XML, and DSD 2.0
• shadows.com
• Concurrency utils for C/C++
• simple umem integration with dbx
• The Good Old Motif Workshop IDE
• Give it away for free, and make it up in volume!
• Technorati