Using Memory Leak Checking
A memory leak is a dynamically allocated block of memory that has no pointers pointing to it anywhere in the data space of the program. Such blocks are orphaned memory. Because there are no pointers pointing to the blocks, programs cannot even reference them, much less free them. RTC finds and reports such blocks.
Memory leaks result in increased virtual memory consumption and generally result in memory fragmentation. This may slow down the performance of your program and the whole system.
Typically, memory leaks occur because allocated memory is not freed and you lose a pointer to the allocated block. Here are some examples of memory leaks:
void
foo()
{
char *s;
s = (char *) malloc(32);
strcpy(s, "hello world");
return; /* no free of s. Once foo returns, there is no */
/* pointer pointing to the malloc'ed block, */
/* so that block is leaked. */
}
A leak can result from incorrect use of an API:
void
printcwd()
{
printf("cwd = %s\n", getcwd(NULL, MAXPATHLEN));
return; /* libc function getcwd() returns a pointer to */
/* malloc'ed area when the first argument is NULL, */
/* program should remember to free this. In this */
/* case the block is not freed and results in leak.*/
}
Memory leaks can be avoided by following a good programming practice of always freeing memory when it is no longer needed and paying close attention to library functions that return allocated memory. If you use such functions, remember to free up the memory appropriately.
Sometimes, the term memory leak is used to refer to any block that has not been freed. This is a much less useful definition of a memory leak, because it is a common programming practice not to free memory if the program will terminate shortly anyway. RTC does not report a block as a leak if the program still retains one or more pointers to it.
Detecting Memory Leak Errors
Note -
RTC only finds leaks of malloc memory. If your program does not use malloc, RTC cannot find memory leaks.
RTC detects the following memory leak errors:
-
Memory Leak (mel)
-
Possible leak -- Address in Register (air)
-
Possible leak -- Address in Block (aib)
For a full explanation of each error and an example, see "RTC Errors".
Possible Leaks
There are two cases where RTC may report a "possible" leak. The first case is when no pointers were found pointing to the beginning of the block, but a pointer was found pointing to the interior of the block. This case is reported as an "Address in Block (aib)" error. If it was a stray pointer that happened to point into the block, this would be a real memory leak. However, some programs deliberately move the only pointer to an array back and forth as needed to access its entries. In this case it would not be a memory leak. Because RTC cannot distinguish these two cases, it reports them as possible leaks, allowing the user to make the determination.
The second type of possible leak occurs when no pointers to a block were found in the data space, but a pointer was found in a register. This case is reported as an "Address in Register (air)" error. If the register happens to point to the block accidentally, or if it is an old copy of a memory pointer that has since been lost, then this is a real leak. However, the compiler can optimize references and place the only pointer to a block in a register without ever writing the pointer to memory. In such cases, this would not be a real leak. Hence, if the program has been optimized and the report was the result of the showleaks command, it is likely not to be a real leak. In all other cases, it is likely to be a real leak.
Note -
RTC leak checking requires use of the standard libc malloc/free/realloc functions or allocators based on those functions. For other allocators, see "Runtime Checking Application Programming Interface".
Checking for Leaks
If memory leak checking is turned on, a scan for memory leaks is automatically performed just before the program being tested exits. Any detected leaks are reported. The program should not be killed with the kill command. Here is a typical memory leak error message:
Memory leak (mel):
Found leaked block of size 6 at address 0x21718
At time of allocation, the call stack was:
[1] foo() at line 63 in test.c
[2] main() at line 47 in test.c
Clicking on the call stack location hypertext link takes you to that line of the source code in the editor window.
UNIX programs have a main procedure (called MAIN in f77) that is the top-level user function for the program. Normally, a program terminates either by calling exit(3) or by simply returning from main. In the latter case, all variables local to main go out of scope after the return, and any heap blocks they pointed to are reported as leaks (unless globals point to those same blocks).
It is a common programming practice not to free heap blocks allocated to local variables in main, because the program is about to terminate, and return from main without calling (exit()). To prevent RTC from reporting such blocks as memory leaks, stop the program just before main returns by setting a breakpoint on the last executable source line in main. When the program halts there, use the RTC showleaks command to report all the true leaks, omitting the leaks that would result merely from variables in main going out of scope.
Understanding the Memory Leak Report
With leak checking turned on, you get an automatic leak report when the program exits. All possible leaks are reported--provided the program has not been killed using the kill command. By default, a non-verbose leak report is generated, which is controlled by the dbxenv variable rtc_mel_at_exit.
Reports are sorted according to the combined size of the leaks. Actual memory leaks are reported first, followed by possible leaks. The verbose report contains detailed stack trace information, including line numbers and source files whenever they are available.
Both reports include the following information for memory leak errors:
|
location |
Location where leaked block was allocated |
|
addr |
Address of leaked block |
|
size |
Size of leaked block |
|
stack |
Call stack at time of allocation, as constrained by check -frames |
The non-verbose report capsulizes the error information into a table, while the verbose report gives you a separate error message for each error. They both contain a hypertext link to the location of the error in the source code.
Here is the corresponding non-verbose memory leak report:
Actual leaks report (actual leaks: 3 total size: 2427 bytes)
Total Num of Leaked Allocation call stack
Size Blocks Block
Address
====== ====== ========== =======================================
1852 2 - true_leak < true_leak
575 1 0x22150 true_leak < main
Possible leaks report (possible leaks: 1 total size: 8 bytes)
Total Num of Leaked Allocation call stack
Size Blocks Block
Address
====== ====== ========== =======================================
8 1 0x219b0 in_block < main
Following is a typical verbose leak report:
Actual leaks report (actual leaks: 3 total size: 2427 bytes) Memory Leak (mel): Found 2 leaked blocks with total size 1852 bytes At time of each allocation, the call stack was: [1] true_leak() at line 220 in "leaks.c" [2] true_leak() at line 224 in "leaks.c" Memory Leak (mel): Found leaked block of size 575 bytes at address 0x22150 At time of allocation, the call stack was: [1] true_leak() at line 220 in "leaks.c" [2] main() at line 87 in "leaks.c" Possible leaks report (possible leaks: 1 total size: 8 bytes) Possible memory leak -- address in block (aib): Found leaked block of size 8 bytes at address 0x219b0 At time of allocation, the call stack was: [1] in_block() at line 177 in "leaks.c" [2] main() at line 100 in "leaks.c"
Generating a Leak Report
You can ask for a leak report at any time using the showleaks command, which reports new memory leaks since the last showleaks command.
Combining Leaks
Because the number of individual leaks can be very large, RTC automatically combines leaks allocated at the same place into a single combined leak report. The decision to combine leaks, or report them individually, is controlled by the number-of-frames-to-match parameter specified by the -match m option on a check -leaks or the -m option of the showleaks command. If the call stack at the time of allocation for two or more leaks matches to m frames to the exact program counter level, these leaks are reported in a single combined leak report.
Consider the following three call sequences:
|
Block 1 |
Block 2 |
Block 3 |
|---|---|---|
|
[1] malloc |
[1] malloc |
[1] malloc |
|
[2] d() at 0x20000 |
[2] d() at 0x20000 |
[2] d() at 0x20000 |
|
[3] c() at 0x30000 |
[3] c() at 0x30000 |
[3] c() at 0x31000 |
|
[4] b() at 0x40000 |
[4] b() at 0x41000 |
[4] b() at 0x40000 |
|
[5] a() at 0x50000 |
[5] a() at 0x50000 |
[5] a() at 0x50000 |
If all of these blocks lead to memory leaks, the value of m determines whether the leaks are reported as separate leaks or as one repeated leak. If m is 2, Blocks 1 and 2 are reported as one repeated leak because the 2 stack frames above malloc() are common to both call sequences. Block 3 will be reported as a separate leak because the trace for c() does not match the other blocks. For m greater than 2, RTC reports all leaks as separate leaks. (The malloc is not shown on the leak report.)
In general, the smaller the value of m, the fewer individual leak reports and the more combined leak reports are generated. The greater the value of m, the fewer combined leak reports and the more individual leak reports are generated.
Fixing Memory Leaks
Once you have obtained a memory leak report, there are some general guidelines for fixing the memory leaks. The most important thing is to determine where the leak is. The leak report tells you the allocation trace of the leaked block, the place where the leaked block was allocated. You can then look at the execution flow of your program and see how the block was used. If it is obvious where the pointer was lost, the job is easy; otherwise you can use showleaks to narrow your leak window. showleaks by default gives you only the new leaks created since the last showleaks command. You can run showleaks repeatedly to narrow the window where the block was leaked.
- © 2010, Oracle Corporation and/or its affiliates