Debugging Tools
Memcheck Reloaded
dealing with compiler-generated branches on undefined values
Valgrind's Memcheck tool reports various kinds of errors. One of the most important are those where an if-condition or a memory address uses undefined data.
Detecting that reliably on optimized code is challenging, and recent compiler development has made the problem worse.
Two years ago, at FOSDEM 2018, I did a talk describing the techniques Memcheck uses to achieve a very low false positive rate. But by 2018 both GCC and Clang were routinely emitting code with branches on uninitialised data. Surprisingly, there are situations where such code is correct. Unfortunately Memcheck assumes that every conditional branch is important and so emits many complaints when this happens.
The worst thing was, this problem couldn't be solved using the bag of tricks we'd accumulated over Memcheck's decade-plus lifetime. Our options didn't look good. But in early 2019 it became clear how to fix this: enhance Valgrind's trace generation machinery to analyse more than one basic block at a time, and use that to recover the source-level &&-expressions, which can then be instrumented precisely. This talk tells the story.
The implementation (appears to!) work. If all goes well, it will ship in the upcoming 3.16 release.
Additional information
| Type | devroom |
|---|
More sessions
| 2/2/20 |
HawkTracer is low-overhead instrumentation-based profiler built at Amazon Video for platforms with limited capabilities. It's written in C but can be used almost with any other language (we've successfully used it with JavaScript, LUA, Python and Rust). It's highly extensible (at compile time) and portable so it can be run on almost any embedded device. In this talk I'll introduce the architecture of the profiler, present it's advantages and limitations, show how can you instrument the code and ...
|
| 2/2/20 |
We introduce a GDB plugin for working with large data structures in the inferior. This plugin brings some of the flexibility of Unix pipelines to the GDB command prompt, providing the ability to conveniently run some action on every element in a data structure that matches certain criteria. One big aim of this plugin is to make it easy and convenient for a user to write their own sub-commands to iterate over the data structures used in their own program. This is intended for anyone who has found ...
|
| 2/2/20 |
GDB has had a curses-based interface for many years. Come see what new features are available and how it can improve your debugging experience.
|
| 2/2/20 |
strace is a diagnostic, debugging and instructional utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state. In this talk the maintainer of strace will describe new features implemented since FOSDEM 2018.
|
| 2/2/20 |
The talk gives an overview of various optimisations implemented in strace over the past several years. While most of them are quite trivial (like caching of frequently-used data or avoiding syscalls whenever possible), some of them are a bit more tricky (like usage of seccomp BPF programs for avoiding excessive ptrace stops) and/or target more specific use cases (like the infamous thread queueing patch[1], which was carried as a RHEL downstream patch for almost 10 years). [1] ...
|
| 2/2/20 |
strace is known to add significant overhead to any application it traces. Even when users are interested in a handful of syscalls, strace will by default intercept all syscalls made by the observed processes, involving several context switches per syscall. Since strace v5.3, the --seccomp-bpf option allows reducing this overhead, by stopping observed processes only at syscalls of interest. This option relies on seccomp-bpf and inherits a few of its limitations. In this talk, we will describe the ...
|
| 2/2/20 |
By allowing to safely load programs from user space and to execute them in the kernel, eBPF (extended Berkeley Packet Filter) has brought new possibilities to the Linux kernel, in particular in terms of tracing and network processing. But when a program fails to load, or when it does not return the expected values, what tools do we have to examine, inspect and debug eBPF objects? This talk focuses on the different tools and mechanisms available to help eBPF developers debug their programs, at ...
|
