Errors reported by runtime checking generally fall in two categories. Access errors and leaks.
When access checking is turned on, runtime checking detects and reports the following types of errors.
Problem: Attempt to free memory that has never been allocated.
Possible causes: Passing a non-heap data pointer to free() or realloc().
Example:
char a[4]; char *b = &a[0]; free(b); /* Bad free (baf) */
Problem: Attempt to free a heap block that has already been freed.
Possible causes: Calling free() more than once with the same pointer. In C++, using the delete operator more than once on the same pointer.
Example:
char *a = (char *)malloc(1); free(a); free(a); /* Duplicate free (duf) */
Problem: Attempt to free a misaligned heap block.
Possible causes: Passing an improperly aligned pointer to free() or realloc(); changing the pointer returned by malloc.
Example:
char *ptr = (char *)malloc(4); ptr++; free(ptr); /* Misaligned free */
Problem: Attempt to read data from an address without proper alignment.
Possible causes: Reading 2, 4, or 8 bytes from an address that is not half-word-aligned, word-aligned, or double-word-aligned, respectively.
Example:
char *s = “hello world”; int *i = (int *)&s[1]; int j; j = *i; /* Misaligned read (mar) */
Problem: Attempt to write data to an address without proper alignment.
Possible causes: Writing 2, 4, or 8 bytes to an address that is not half-word-aligned, word-aligned, or double-word-aligned, respectively.
Example:
char *s = “hello world”; int *i = (int *)&s[1]; *i = 0; /* Misaligned write (maw) */
Problem: Attempt to allocate memory beyond physical memory available.
Cause: Program cannot obtain more memory from the system. Useful in locating problems that occur when the return value from malloc() is not checked for NULL, which is a common programming mistake.
Example:
char *ptr = (char *)malloc(0x7fffffff); /* Out of Memory (oom), ptr == NULL */
Problem: Attempt to read from nonexistent, unallocated, or unmapped memory.
Possible causes: A stray pointer, overflowing the bounds of a heap block or accessing a heap block that has already been freed.
Example:
char c, *a = (char *)malloc(1); c = a[1]; /* Read from unallocated memory (rua) */
Problem: Attempt to read from uninitialized memory.
Possible causes: Reading local or heap data that has not been initialized.
Example:
foo() { int i, j; j = i; /* Read from uninitialized memory (rui) */ }
Problem: Attempt to write to read-only memory.
Possible causes: Writing to a text address, writing to a read-only data section (.rodata), or writing to a page that mmap has made read-only.
Example:
foo() { int *foop = (int *) foo; *foop = 0; /* Write to read-only memory (wro) */ }
Problem: Attempt to write to nonexistent, unallocated, or unmapped memory.
Possible causes: A stray pointer, overflowing the bounds of a heap block, or accessing a heap block that has already been freed.
Example:
char *a = (char *)malloc(1); a[1] = ”\0’; /* Write to unallocated memory (wua) */
With leak checking turned on, runtime checking reports the following types of errors.
Problem: A possible memory leak. There is no reference to the start of an allocated block, but there is at least one reference to an address within the block.
Possible causes: The only pointer to the start of the block is incremented.
Example;
char *ptr; main() { ptr = (char *)malloc(4); ptr++; /* Address in Block */ }
Problem: A possible memory leak. An allocated block has not been freed, and no reference to the block exists anywhere in program memory, but a reference exists in a register.
Possible causes: This can occur legitimately if the compiler keeps a program variable only in a register instead of in memory. The compiler often does this for local variables and function parameters when optimization is turned on. If this error occurs when optimization has not been turned on, it is likely to be an actual memory leak. This can occur if the only pointer to an allocated block goes out of scope before the block is freed.
Example:
if (i == 0) { char *ptr = (char *)malloc(4); /* ptr is going out of scope */ } /* Memory Leak or Address in Register */
Problem: An allocated block has not been freed, and no reference to the block exists anywhere in the program.
Possible causes: Program failed to free a block no longer used.
Example:
char *ptr;
ptr = (char *)malloc(1); ptr = 0; /* Memory leak (mel) */