【Valgrind】How to check if we reading uninitialized memory in 10 min
1 #include <stdio.h> 2 #include <stdlib.h> 3 4 int main(int argc, char** argv) 5 { 6 int i; 7 int a[10]; 8 for (i = 0; i < 9; i++) 9 a[i] = i; 10 11 for (i = 0; i < 10; i++){ 12 printf("%d ", a[i]); 13 } 14 printf("\n"); 15 return 0; 16 }
Let's build and run:
$ gcc -O0 -g un_uninit.c -o un_uninit $ ./un_uninit 0 1 2 3 4 5 6 7 8 32767
It seems not as expect, and reading some memory that is randomized. Let's use Valgrind to test:
1 $ valgrind ./un_uninit 2 ==3863== Memcheck, a memory error detector 3 ==3863== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. 4 ==3863== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info 5 ==3863== Command: ./un_uninit 6 ==3863== 7 ==3863== Conditional jump or move depends on uninitialised value(s) 8 ==3863== at 0x4E8183E: vfprintf (vfprintf.c:1660) 9 ==3863== by 0x4E8B748: printf (printf.c:33) 10 ==3863== by 0x4005CD: main (un_uninit.c:12) 11 ==3863== 12 ==3863== Use of uninitialised value of size 8 13 ==3863== at 0x4E80CFB: _itoa_word (_itoa.c:179) 14 ==3863== by 0x4E849A6: vfprintf (vfprintf.c:1660) 15 ==3863== by 0x4E8B748: printf (printf.c:33) 16 ==3863== by 0x4005CD: main (un_uninit.c:12) 17 ==3863== 18 ==3863== Conditional jump or move depends on uninitialised value(s) 19 ==3863== at 0x4E80D05: _itoa_word (_itoa.c:179) 20 ==3863== by 0x4E849A6: vfprintf (vfprintf.c:1660) 21 ==3863== by 0x4E8B748: printf (printf.c:33) 22 ==3863== by 0x4005CD: main (un_uninit.c:12) 23 ==3863== 24 ==3863== Conditional jump or move depends on uninitialised value(s) 25 ==3863== at 0x4E849F2: vfprintf (vfprintf.c:1660) 26 ==3863== by 0x4E8B748: printf (printf.c:33) 27 ==3863== by 0x4005CD: main (un_uninit.c:12) 28 ==3863== 29 ==3863== Conditional jump or move depends on uninitialised value(s) 30 ==3863== at 0x4E81909: vfprintf (vfprintf.c:1660) 31 ==3863== by 0x4E8B748: printf (printf.c:33) 32 ==3863== by 0x4005CD: main (un_uninit.c:12) 33 ==3863== 34 ==3863== Conditional jump or move depends on uninitialised value(s) 35 ==3863== at 0x4E8198C: vfprintf (vfprintf.c:1660) 36 ==3863== by 0x4E8B748: printf (printf.c:33) 37 ==3863== by 0x4005CD: main (un_uninit.c:12) 38 ==3863== 39 0 1 2 3 4 5 6 7 8 15 40 ==3863== 41 ==3863== HEAP SUMMARY: 42 ==3863== in use at exit: 0 bytes in 0 blocks 43 ==3863== total heap usage: 0 allocs, 0 frees, 0 bytes allocated 44 ==3863== 45 ==3863== All heap blocks were freed -- no leaks are possible 46 ==3863== 47 ==3863== For counts of detected and suppressed errors, rerun with: -v 48 ==3863== Use --track-origins=yes to see where uninitialised values come from 49 ==3863== ERROR SUMMARY: 8 errors from 6 contexts (suppressed: 0 from 0)
From the error msg, we find there is "Use of uninitialised value of size 8" in line 12.
Let's assume we still cannot be sure if i or a[i] is the root cause, and use '--track-origins=yes' valgrind command line:
1 $ valgrind --track-origins=yes ./un_uninit 2 ==3917== Memcheck, a memory error detector 3 ==3917== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. 4 ==3917== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info 5 ==3917== Command: ./un_uninit 6 ==3917== 7 ==3917== Conditional jump or move depends on uninitialised value(s) 8 ==3917== at 0x4E8183E: vfprintf (vfprintf.c:1660) 9 ==3917== by 0x4E8B748: printf (printf.c:33) 10 ==3917== by 0x4005CD: main (un_uninit.c:12) 11 ==3917== Uninitialised value was created by a stack allocation 12 ==3917== at 0x40057D: main (un_uninit.c:5) 13 ==3917== 14 ==3917== Use of uninitialised value of size 8 15 ==3917== at 0x4E80CFB: _itoa_word (_itoa.c:179) 16 ==3917== by 0x4E849A6: vfprintf (vfprintf.c:1660) 17 ==3917== by 0x4E8B748: printf (printf.c:33) 18 ==3917== by 0x4005CD: main (un_uninit.c:12) 19 ==3917== Uninitialised value was created by a stack allocation 20 ==3917== at 0x40057D: main (un_uninit.c:5) 21 ==3917== 22 ==3917== Conditional jump or move depends on uninitialised value(s) 23 ==3917== at 0x4E80D05: _itoa_word (_itoa.c:179) 24 ==3917== by 0x4E849A6: vfprintf (vfprintf.c:1660) 25 ==3917== by 0x4E8B748: printf (printf.c:33) 26 ==3917== by 0x4005CD: main (un_uninit.c:12) 27 ==3917== Uninitialised value was created by a stack allocation 28 ==3917== at 0x40057D: main (un_uninit.c:5) 29 ==3917== 30 ==3917== Conditional jump or move depends on uninitialised value(s) 31 ==3917== at 0x4E849F2: vfprintf (vfprintf.c:1660) 32 ==3917== by 0x4E8B748: printf (printf.c:33) 33 ==3917== by 0x4005CD: main (un_uninit.c:12) 34 ==3917== Uninitialised value was created by a stack allocation 35 ==3917== at 0x40057D: main (un_uninit.c:5) 36 ==3917== 37 ==3917== Conditional jump or move depends on uninitialised value(s) 38 ==3917== at 0x4E81909: vfprintf (vfprintf.c:1660) 39 ==3917== by 0x4E8B748: printf (printf.c:33) 40 ==3917== by 0x4005CD: main (un_uninit.c:12) 41 ==3917== Uninitialised value was created by a stack allocation 42 ==3917== at 0x40057D: main (un_uninit.c:5) 43 ==3917== 44 ==3917== Conditional jump or move depends on uninitialised value(s) 45 ==3917== at 0x4E8198C: vfprintf (vfprintf.c:1660) 46 ==3917== by 0x4E8B748: printf (printf.c:33) 47 ==3917== by 0x4005CD: main (un_uninit.c:12) 48 ==3917== Uninitialised value was created by a stack allocation 49 ==3917== at 0x40057D: main (un_uninit.c:5) 50 ==3917== 51 0 1 2 3 4 5 6 7 8 15 52 ==3917== 53 ==3917== HEAP SUMMARY: 54 ==3917== in use at exit: 0 bytes in 0 blocks 55 ==3917== total heap usage: 0 allocs, 0 frees, 0 bytes allocated 56 ==3917== 57 ==3917== All heap blocks were freed -- no leaks are possible 58 ==3917== 59 ==3917== For counts of detected and suppressed errors, rerun with: -v 60 ==3917== ERROR SUMMARY: 8 errors from 6 contexts (suppressed: 0 from 0)
Now, everything is clear by "Uninitialised value was created by a stack allocation" in line 5(this line number should cover all the varable in stack).
reference:
http://pages.cs.wisc.edu/~bart/537/valgrind.html
