需求
- 项目程序, 读取串口数据, 出现程序崩溃问题
- valgrind 可以调试定位内存问题: 内存泄漏,非法地址访问,越界访问等内存问题
- vscode + gdb 可视化调试效果, 比命令行简单快捷很多
- 期望使用vscode + valgrind + gdb 调试程序内存异常, 崩溃退出的问题
环境准备
sudo apt install valgrind gdb
调试
1.valgrind + gdb 命令行调试程序
1.代码
51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c
#include <stdio.h>
#include <string.h>
#include <stdint.h>
// 1.内存泄漏
void memory_leak(void)
{
char *p = (char *)malloc(1024);
memset(p, 0, 1024);
}
// 2.非法地址访问
void invalid_address_access(void)
{
// uint8_t *p = 0x12345678;
uint8_t *p = NULL;
uint8_t val = *p;
printf("val = %d\n", val);
}
// 3.栈空间越界 读写
void corss_border_read_write(void)
{
uint32_t a = 0x10;
uint32_t *p = &a + 0x8;
// 越界读 -- 导致逻辑错误
printf("Invalid address read %x\n", *p);
// 越界写 -- 程序错误
*p = 0x12345678;
printf("Invalid address write %x\n", *p);
}
// 4.堆空间越界访问, 属于2.非法地址访问
int main()
{
memory_leak();
corss_border_read_write();
invalid_address_access();
return 0;
}
2.编译
scons编译
SConstruct
env = Environment()
env["PROGSUFFIX"] = ".out" # 可执行后缀.out
env["CCFLAGS"] = " -g3 -O0 -Wall" # gdb 调试开关
env.Program("51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c")
scons
g++ -o 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.o -c -g3 -O0 --std=c99 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c
g++ -o 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.o
3.valgrind开启vgdb调试
valgrind --leak-check=full --show-leak-kinds=all --vgdb=yes --vgdb-error=0 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out
3279 Memcheck, a memory error detector
3279 Copyright © 2002-2017, and GNU GPL’d, by Julian Seward et al.
3279 Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
3279 Command: ./51_mem_valgrind_____________________________________________.out
3279
3279 (action at startup) vgdb me …
3279
3279 TO DEBUG THIS PROCESS USING GDB: start GDB like this
3279 /path/to/gdb ./51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out
3279 and then give GDB the following command
3279 target remote | /usr/lib/x86_64-linux-gnu/valgrind/…/…/bin/vgdb --pid=3279
3279 --pid is optional if only one valgrind process is running
valgrind 参数说明:
- –leak-check=full 内存泄漏检测
- –show-leak-kinds=all 详细各种异常检测
- –vgdb=yes --vgdb-error=0 开启vgdb
4.gdb 调试
gdb 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out
Reading symbols from ./51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out…
(gdb)target remote|vgdb
#远程到vgdb调试
Remote debugging using |vgdb
relaying data between gdb and process 3279
Reading symbols from /usr/lib/debug/.build-id/7a/e2aaae1a0e5b262df913ee0885582d2e327982.debug…
0x0000000004001100 in _start () from /lib64/ld-linux-x86-64.so.2
c
按c开始运行
命令行效果如图:
2.vscode + valgrind + gdb调试
1.vscode launch.json配置
使用国内几个大模型, 都无法给出正确可用的配置
在外网github搜到一个可参考的配置方法
链接: https://github.com/microsoft/vscode-cpptools/issues/4531
william-r-dieter commented on Aug 28, 2020
Here is the launch.json that worked for me:
launch.json
"customLaunchSetupCommands" : [
{
"description": "Attach to valgrind",
"text": "target remote | /usr/lib64/valgrind/../../bin/vgdb",
"ignoreFailures": false
}
],
vscode开启valgrind调试核心配置 launch.json
"setupCommands": [
{
"description": "vgdb",
"text": "target remote | /usr/bin/vgdb ",
"ignoreFailures": true
}
],
launch.json 完整配置
注意不能照抄, 我的默认编译构建工具是scons
{
"version": "0.2.0",
"configurations": [
{
"name": "(gdb) 启动",
"type": "cppdbg",
"request": "launch",
"program": "${fileDirname}/${fileBasenameNoExtension}.out",
"args": [],
"stopAtEntry": false,
"cwd": "${fileDirname}",
"environment": [],
"externalConsole": false,
"MIMode": "gdb",
"setupCommands": [
{
"description": "为 gdb 启用整齐打印",
"text": "-enable-pretty-printing",
"ignoreFailures": true
},
{
"description": "vgdb",
"text": "target remote | /usr/bin/vgdb ",
"ignoreFailures": true
}
],
"preLaunchTask": "scons"
}
]
}
2.valgrind 开启vgdb调试
valgrind --leak-check=full --show-leak-kinds=all --vgdb=yes --vgdb-error=0 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out
3.vscode 启动gdb远程
参考 1.vscode launch.json配置
F5 运行
效果如图
总结
- valgrind + gdb 可以快速定位问题点
- 有概率gdb调试退出时, valgrind没有退出, 使用kill -9 强制退出
kill -9 valgrind_pid
- 项目中使用cppcheck + valgrind, 找出潜在的问题5-6个问题点,其中一个映像深刻
- 字节缓冲区, data_len变量为异常值(默认128, 异常时为156023), 导致指针索引地址越界
- 当通过C 指针索引地址时, 如果索引为异常值, 导致越界,或非法访问, 确实有风险.
- python列表,索引值越界会报异常
- c++ vector<uint8_t> 索引值越界会报异常
反思
- c++中尝试尽量将 bytes字节数据 转为vector<uint8_t> 处理
- 提交代码之前,进入安全稳定自测: valgrind, lsof, ss 排查内存,文件句柄,套接字资源是否有泄漏,漏洞,网络安全
- 尝试使用安全的语言, 如rust, 确认是否会有此问题
我是一名 嵌入式-系统-网络-机器人爱好者