Memory debugging tools Electric Fence

The following content is reproduced from MemoryDebugging tool Electric Fence_ChenXin's column - CSDN Blog_electric fence

The out-of-bounds reading and writing of memory in the program will bring serious problems. Although sometimes the problem will not be manifested immediately, it will bury serious hidden dangers. There will be a day when the program will crash inexplicably, and this kind of problem will be investigated.will be exhausting.Efence (Electric Fence) can help us find this kind of problem to the greatest extent in the debug stage, and precisely locate the problem.

Efence has two main functions:
1. Throws a segmentation fault when the memory is out of bounds for reading and writing.When a program uses malloc to apply for memory, Efence will use virtual memory technology to set the memory page after the allocated memory space to inaccessible (not readable and writable and executable).core file (core dump), the process exits.
2. A segmentation fault is thrown when accessing a memory space that has been freed.After the program frees a piece of space, Efence also sets the access protection level of this piece of memory to inaccessible, so when the program accesses this piece of freed memory again, it will also cause a segmentation fault.

You can control the behavior of Efence by configuring the following global variables and environment variables:
1. EF_ALIGNMENT: This is the number of memory alignment bytes of the space allocated by Efence malloc.The default value of this variable is sizeof(int), which is 4 for a 32-bit word-length CPU.This value is also the minimum value that Efence can detect for memory out-of-bounds.
2. EF_PROTECT_BELOW: By default, Efence places inaccessible pages after the allocated space, so it detects out-of-bounds access in the direction of high addresses.Set this value to 1 to detect out-of-bounds accesses at low addresses.
3. EF_PROTECT_FREE: Usually the freed memory block will be placed in the memory pool, waiting to be re-applied for allocation.After setting this value to 1, the free memory block will not be re-allocated, but also set as inaccessible, so Efence can find that the program accesses the free memory again.
4. EF_ALLOW_MALLOC_0: Efence will capture malloc(0) by default.Setting this value to 1 will not capture the situation of requesting 0 bytes of memory.
5. EF_FILL: After allocating memory, Efence will initialize each byte to this value (0-255).When this value is set to -1, the value of the memory is not fixed.

The library file libefence.a is required when Efence is used. The specific usage is as follows:
1. View and set the size of the linux core file:
[[email protected] root]# ulimit -c
0
[[email protected] root]# ulimit -c 10000
or
[[email protected] root]# ulimit -c unlimited
2. If Efence has been installed, link directly when compilingefence library:
gcc –g –o ef ef.c –lefence
If Efence is not installed, you need to specify the location of libefence.a:
gcc –g –o ef ef.c –lefence –L/usr/lib
3. When a segmentation fault occurs, a core file will be produced in the current directory. Under linux, we can use GDB to debug the core:
Gdb ef core.xxxx
Then enterwhere you can see the function call stack information when the program crashes.
—————————————————
Copyright statement: This article is an original article by CSDN blogger "chessinge", following the CC 4.0 BY-SA copyright agreement, please attach it to reprintThe original source link and this statement.
Original link: https://blog.csdn.net/chessinge/article/details/6743764

Write a test program, use mallc to allocate 1024 bytes, the effective memory boundary is 0-1023, we access the memory 1024 after the boundary to see the running status

From the results, nothing happened. Next, link the libfence.a library. This library requires bytes to download the source code and compile it.

At this time, an error is reported, because the efence library replaces the prototype of malloc and its associated functions with the virtual machine memory mechanism, and adds a protection mechanism, so when accessing out-of-bounds memory, the protection mechanism is triggered, resulting insegfault.At this time, if you want to see the specific location of the error, you can use gdb to debug, as shown below

The above is the specific use method of efence, is it very simple, very powerful, and very nice.