How to use libumem to find a bad free call
Tags: SolarisI have not seen any good simple tutorials on how to use libumem for debugging. (Unless you also want to learn how to use mdb). So I wrote a simple example.
% more t.c #include #include int main() { int i; free(&i); i = 10; char * p = (char *) malloc(1000); }
This program has a bug, and it might crash or it might not. It might crash right away, or it might crash after running longer (if it had more code after the bug). Using libumem with default options, will cause more basic assertion checking.
% cc -g t.c % a.out % # notice no crash % LD_PRELOAD=/lib/libumem.so ./a.out Abort (core dumped) % dbx -c 'where;quit' - core Corefile specified executable: "/home/quenelle/./a.out" Reading a.out core file header read successfully Reading ld.so.1 Reading libumem.so.1 Reading libc.so.1 Reading libc_psr.so.1 program terminated by signal ABRT (Abort) 0xff2c0f90: __lwp_kill+0x0008: bcc,a,pt %icc,__lwp_kill+0x18 ! 0xff2c0fa0 Current function is main 8 free(&i); [1] __lwp_kill(0x0, 0x6, 0x0, 0x0, 0x0, 0x0), at 0xff2c0f90 [2] raise(0x6, 0x0, 0x20f90, 0xff36b7cc, 0xff38a000, 0xff38abc4), at 0xff25fd78 [3] umem_do_abort(0x4, 0xffbfe6c0, 0x6, 0x20ecc, 0xff37680c, 0x0), at 0xff3690fc [4] umem_err_recoverable(0xff377818, 0xa, 0x20dc4, 0xff38a6fc, 0xff38d0d0, 0xff377823), at 0xff3692a0 [5] process_free(0xffbfe9d8, 0x1, 0x0, 0x3e3a1000, 0x1ee5c, 0x20c28), at 0xff36b2b0 =>[6] main(), line 8 in "t.c" Abort (core dumped)
This trick can often be used to find the place where your malloc/free bug happened. There are some environment variables you can use to control the behavior of libumem. You can read more about them in the umem_debug man page. You can also find out more about libumem by reading the various white papers that are available. You do a google search on “libumem” or “libumem solaris” to find out more.