1 2Building and not installing it 3~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4To run Valgrind without having to install it, run coregrind/valgrind 5with the VALGRIND_LIB environment variable set, where <dir> is the root 6of the source tree (and must be an absolute path). Eg: 7 8 VALGRIND_LIB=~/grind/head4/.in_place ~/grind/head4/coregrind/valgrind 9 10This allows you to compile and run with "make" instead of "make install", 11saving you time. 12 13Or, you can use the 'vg-in-place' script which does that for you. 14 15I recommend compiling with "make --quiet" to further reduce the amount of 16output spewed out during compilation, letting you actually see any errors, 17warnings, etc. 18 19 20Building a distribution tarball 21~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 22To build a distribution tarball from the valgrind sources: 23 24 make dist 25 26In addition to compiling, linking and packaging everything up, the command 27will also attempt to build the documentation. 28 29If you only want to test whether the generated tarball is complete and runs 30regression tests successfully, building documentation is not needed. 31 32 make dist BUILD_ALL_DOCS=no 33 34If you insist on building documentation some embarrassing instructions 35can be found in docs/README. 36 37 38Running the regression tests 39~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 40To build and run all the regression tests, run "make [--quiet] regtest". 41 42To run a subset of the regression tests, execute: 43 44 perl tests/vg_regtest <name> 45 46where <name> is a directory (all tests within will be run) or a single 47.vgtest test file, or the name of a program which has a like-named .vgtest 48file. Eg: 49 50 perl tests/vg_regtest memcheck 51 perl tests/vg_regtest memcheck/tests/badfree.vgtest 52 perl tests/vg_regtest memcheck/tests/badfree 53 54 55Running the performance tests 56~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 57To build and run all the performance tests, run "make [--quiet] perf". 58 59To run a subset of the performance suite, execute: 60 61 perl perf/vg_perf <name> 62 63where <name> is a directory (all tests within will be run) or a single 64.vgperf test file, or the name of a program which has a like-named .vgperf 65file. Eg: 66 67 perl perf/vg_perf perf/ 68 perl perf/vg_perf perf/bz2.vgperf 69 perl perf/vg_perf perf/bz2 70 71To compare multiple versions of Valgrind, use the --vg= option multiple 72times. For example, if you have two Valgrinds next to each other, one in 73trunk1/ and one in trunk2/, from within either trunk1/ or trunk2/ do this to 74compare them on all the performance tests: 75 76 perl perf/vg_perf --vg=../trunk1 --vg=../trunk2 perf/ 77 78 79Debugging Valgrind with GDB 80~~~~~~~~~~~~~~~~~~~~~~~~~~~ 81To debug the valgrind launcher program (<prefix>/bin/valgrind) just 82run it under gdb in the normal way. 83 84Debugging the main body of the valgrind code (and/or the code for 85a particular tool) requires a bit more trickery but can be achieved 86without too much problem by following these steps: 87 88(1) Set VALGRIND_LAUNCHER to point to the valgrind executable. Eg: 89 90 export VALGRIND_LAUNCHER=/usr/local/bin/valgrind 91 92 or for an uninstalled version in a source directory $DIR: 93 94 export VALGRIND_LAUNCHER=$DIR/coregrind/valgrind 95 96(2) Run gdb on the tool executable. Eg: 97 98 gdb /usr/local/lib/valgrind/ppc32-linux/lackey 99 100 or 101 102 gdb $DIR/.in_place/x86-linux/memcheck 103 104(3) Do "handle SIGSEGV SIGILL nostop noprint" in GDB to prevent GDB from 105 stopping on a SIGSEGV or SIGILL: 106 107 (gdb) handle SIGILL SIGSEGV nostop noprint 108 109(4) Set any breakpoints you want and proceed as normal for gdb. The 110 macro VG_(FUNC) is expanded to vgPlain_FUNC, so If you want to set 111 a breakpoint VG_(do_exec), you could do like this in GDB: 112 113 (gdb) b vgPlain_do_exec 114 115(5) Run the tool with required options (the --tool option is required 116 for correct setup), e.g. 117 118 (gdb) run --tool=lackey pwd 119 120Steps (1)--(3) can be put in a .gdbinit file, but any directory names must 121be fully expanded (ie. not an environment variable). 122 123A different and possibly easier way is as follows: 124 125(1) Run Valgrind as normal, but add the flag --wait-for-gdb=yes. This 126 puts the tool executable into a wait loop soon after it gains 127 control. This delays startup for a few seconds. 128 129(2) In a different shell, do "gdb /proc/<pid>/exe <pid>", where 130 <pid> you read from the output printed by (1). This attaches 131 GDB to the tool executable, which should be in the abovementioned 132 wait loop. 133 134(3) Do "cont" to continue. After the loop finishes spinning, startup 135 will continue as normal. Note that comment (3) above re passing 136 signals applies here too. 137 138 139Self-hosting 140~~~~~~~~~~~~ 141This section explains : 142 (A) How to configure Valgrind to run under Valgrind. 143 Such a setup is called self hosting, or outer/inner setup. 144 (B) How to run Valgrind regression tests in a 'self-hosting' mode, 145 e.g. to verify Valgrind has no bugs such as memory leaks. 146 (C) How to run Valgrind performance tests in a 'self-hosting' mode, 147 to analyse and optimise the performance of Valgrind and its tools. 148 149(A) How to configure Valgrind to run under Valgrind: 150 151(1) Check out 2 trees, "Inner" and "Outer". Inner runs the app 152 directly. Outer runs Inner. 153 154(2) Configure Inner with --enable-inner and build as usual. 155 156(3) Configure Outer normally and build+install as usual. 157 Note: You must use a "make install"-ed valgrind. 158 Do *not* use vg-in-place for the Outer valgrind. 159 160(4) Choose a very simple program (date) and try 161 162 outer/.../bin/valgrind --sim-hints=enable-outer --trace-children=yes \ 163 --smc-check=all-non-file \ 164 --run-libc-freeres=no --tool=cachegrind -v \ 165 inner/.../vg-in-place --vgdb-prefix=./inner --tool=none -v prog 166 167If you omit the --trace-children=yes, you'll only monitor Inner's launcher 168program, not its stage2. Outer needs --run-libc-freeres=no, as otherwise 169it will try to find and run __libc_freeres in the inner, while libc is not 170used by the inner. Inner needs --vgdb-prefix=./inner to avoid inner 171gdbserver colliding with outer gdbserver. 172Currently, inner does *not* use the client request 173VALGRIND_DISCARD_TRANSLATIONS for the JITted code or the code patched for 174translation chaining. So the outer needs --smc-check=all-non-file to 175detect the modified code. 176 177Debugging the whole thing might imply to use up to 3 GDB: 178 * a GDB attached to the Outer valgrind, allowing 179 to examine the state of Outer. 180 * a GDB using Outer gdbserver, allowing to 181 examine the state of Inner. 182 * a GDB using Inner gdbserver, allowing to 183 examine the state of prog. 184 185The whole thing is fragile, confusing and slow, but it does work well enough 186for you to get some useful performance data. Inner has most of 187its output (ie. those lines beginning with "==<pid>==") prefixed with a '>', 188which helps a lot. However, when running regression tests in an Outer/Inner 189setup, this prefix causes the reg test diff to fail. Give 190--sim-hints=no-inner-prefix to the Inner to disable the production 191of the prefix in the stdout/stderr output of Inner. 192 193The allocators in coregrind/m_mallocfree.c and VEX/priv/main_util.h are 194annotated with client requests so Memcheck can be used to find leaks 195and use after free in an Inner Valgrind. 196 197The Valgrind "big lock" is annotated with helgrind client requests 198so Helgrind and DRD can be used to find race conditions in an Inner 199Valgrind. 200 201All this has not been tested much, so don't be surprised if you hit problems. 202 203When using self-hosting with an outer Callgrind tool, use '--pop-on-jump' 204(on the outer). Otherwise, Callgrind has much higher memory requirements. 205 206(B) Regression tests in an outer/inner setup: 207 208 To run all the regression tests with an outer memcheck, do : 209 perl tests/vg_regtest --outer-valgrind=../outer/.../bin/valgrind \ 210 --all 211 212 To run a specific regression tests with an outer memcheck, do: 213 perl tests/vg_regtest --outer-valgrind=../outer/.../bin/valgrind \ 214 none/tests/args.vgtest 215 216 To run regression tests with another outer tool: 217 perl tests/vg_regtest --outer-valgrind=../outer/.../bin/valgrind \ 218 --outer-tool=helgrind --all 219 220 --outer-args allows to give specific arguments to the outer tool, 221 replacing the default one provided by vg_regtest. 222 223Note: --outer-valgrind must be a "make install"-ed valgrind. 224Do *not* use vg-in-place. 225 226When an outer valgrind runs an inner valgrind, a regression test 227produces one additional file <testname>.outer.log which contains the 228errors detected by the outer valgrind. E.g. for an outer memcheck, it 229contains the leaks found in the inner, for an outer helgrind or drd, 230it contains the detected race conditions. 231 232The file tests/outer_inner.supp contains suppressions for 233the irrelevant or benign errors found in the inner. 234 235An regression test running in the inner (e.g. memcheck/tests/badrw) will 236cause the inner to report an error, which is expected and checked 237as usual when running the regtests in an outer/inner setup. 238However, the outer will often also observe an error, e.g. a jump 239using uninitialised data, or a read/write outside the bounds of a heap 240block. When the outer reports such an error, it will output the 241inner host stacktrace. To this stacktrace, it will append the 242stacktrace of the inner guest program. For example, this is an error 243reported by the outer when the inner runs the badrw regtest: 244 ==8119== Invalid read of size 2 245 ==8119== at 0x7F2EFD7AF: ??? 246 ==8119== by 0x7F2C82EAF: ??? 247 ==8119== by 0x7F180867F: ??? 248 ==8119== by 0x40051D: main (badrw.c:5) 249 ==8119== by 0x7F180867F: ??? 250 ==8119== by 0x1BFF: ??? 251 ==8119== by 0x3803B7F0: _______VVVVVVVV_appended_inner_guest_stack_VVVVVVVV_______ (m_execontext.c:332) 252 ==8119== by 0x40055C: main (badrw.c:22) 253 ==8119== Address 0x55cd03c is 4 bytes before a block of size 16 alloc'd 254 ==8119== at 0x2804E26D: vgPlain_arena_malloc (m_mallocfree.c:1914) 255 ==8119== by 0x2800BAB4: vgMemCheck_new_block (mc_malloc_wrappers.c:368) 256 ==8119== by 0x2800BC87: vgMemCheck_malloc (mc_malloc_wrappers.c:403) 257 ==8119== by 0x28097EAE: do_client_request (scheduler.c:1861) 258 ==8119== by 0x28097EAE: vgPlain_scheduler (scheduler.c:1425) 259 ==8119== by 0x280A7237: thread_wrapper (syswrap-linux.c:103) 260 ==8119== by 0x280A7237: run_a_thread_NORETURN (syswrap-linux.c:156) 261 ==8119== by 0x3803B7F0: _______VVVVVVVV_appended_inner_guest_stack_VVVVVVVV_______ (m_execontext.c:332) 262 ==8119== by 0x4C294C4: malloc (vg_replace_malloc.c:298) 263 ==8119== by 0x40051D: main (badrw.c:5) 264In the above, the first stacktrace starts with the inner host stacktrace, 265which in this case is some JITted code. Such code sometimes contains IPs 266that points in the inner guest code (0x40051D: main (badrw.c:5)). 267After the separator, we have the inner guest stacktrace. 268The second stacktrace gives the stacktrace where the heap block that was 269overrun was allocated. We see it was allocated by the inner valgrind 270in the client arena (first part of the stacktrace). The second part is 271the guest stacktrace that did the allocation. 272 273 274(C) Performance tests in an outer/inner setup: 275 276 To run all the performance tests with an outer cachegrind, do : 277 perl perf/vg_perf --outer-valgrind=../outer/.../bin/valgrind perf 278 279 To run a specific perf test (e.g. bz2) in this setup, do : 280 perl perf/vg_perf --outer-valgrind=../outer/.../bin/valgrind perf/bz2 281 282 To run all the performance tests with an outer callgrind, do : 283 perl perf/vg_perf --outer-valgrind=../outer/.../bin/valgrind \ 284 --outer-tool=callgrind perf 285 286Note: --outer-valgrind must be a "make install"-ed valgrind. 287Do *not* use vg-in-place. 288 289 To compare the performance of multiple Valgrind versions, do : 290 perl perf/vg_perf --outer-valgrind=../outer/.../bin/valgrind \ 291 --outer-tool=callgrind \ 292 --vg=../inner_xxxx --vg=../inner_yyyy perf 293 (where inner_xxxx and inner_yyyy are the toplevel directories of 294 the versions to compare). 295 Cachegrind and cg_diff are particularly handy to obtain a delta 296 between the two versions. 297 298When the outer tool is callgrind or cachegrind, the following 299output files will be created for each test: 300 <outertoolname>.out.<inner_valgrind_dir>.<tt>.<perftestname>.<pid> 301 <outertoolname>.outer.log.<inner_valgrind_dir>.<tt>.<perftestname>.<pid> 302 (where tt is the two letters abbreviation for the inner tool(s) run). 303 304For example, the command 305 perl perf/vg_perf \ 306 --outer-valgrind=../outer_trunk/install/bin/valgrind \ 307 --outer-tool=callgrind \ 308 --vg=../inner_tchain --vg=../inner_trunk perf/many-loss-records 309 310produces the files 311 callgrind.out.inner_tchain.no.many-loss-records.18465 312 callgrind.outer.log.inner_tchain.no.many-loss-records.18465 313 callgrind.out.inner_tchain.me.many-loss-records.21899 314 callgrind.outer.log.inner_tchain.me.many-loss-records.21899 315 callgrind.out.inner_trunk.no.many-loss-records.21224 316 callgrind.outer.log.inner_trunk.no.many-loss-records.21224 317 callgrind.out.inner_trunk.me.many-loss-records.22916 318 callgrind.outer.log.inner_trunk.me.many-loss-records.22916 319 320 321Printing out problematic blocks 322~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 323If you want to print out a disassembly of a particular block that 324causes a crash, do the following. 325 326Try running with "--vex-guest-chase-thresh=0 --trace-flags=10000000 327--trace-notbelow=999999". This should print one line for each block 328translated, and that includes the address. 329 330Then re-run with 999999 changed to the highest bb number shown. 331This will print the one line per block, and also will print a 332disassembly of the block in which the fault occurred. 333