需求

1. 项目程序, 读取串口数据, 出现程序崩溃问题
2. valgrind 可以调试定位内存问题: 内存泄漏,非法地址访问,越界访问等内存问题
3. vscode + gdb 可视化调试效果, 比命令行简单快捷很多
4. 期望使用vscode + valgrind + gdb 调试程序内存异常, 崩溃退出的问题

环境准备
sudo apt install valgrind gdb

调试

1.valgrind + gdb 命令行调试程序

1.代码

51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c

#include <stdio.h>
#include <string.h>
#include <stdint.h>

// 1.内存泄漏
void memory_leak(void)
{
    char *p = (char *)malloc(1024);
    memset(p, 0, 1024);
}

// 2.非法地址访问
void invalid_address_access(void)
{
    // uint8_t *p = 0x12345678;
    uint8_t *p = NULL;
    uint8_t val = *p;
    printf("val = %d\n", val);
}

// 3.栈空间越界 读写
void corss_border_read_write(void)
{
    uint32_t a = 0x10;
    uint32_t *p = &a + 0x8;

    // 越界读 -- 导致逻辑错误
    printf("Invalid address read %x\n", *p);

    // 越界写 -- 程序错误
    *p = 0x12345678;
    printf("Invalid address write %x\n", *p);
}

// 4.堆空间越界访问, 属于2.非法地址访问

int main()
{
    memory_leak();
    corss_border_read_write();
    invalid_address_access();

    return 0;
}

2.编译

scons编译
SConstruct

env = Environment()
env["PROGSUFFIX"] = ".out"            # 可执行后缀.out
env["CCFLAGS"] = " -g3 -O0 -Wall"  # gdb 调试开关
env.Program("51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c")

scons

g++ -o 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.o -c -g3 -O0 --std=c99 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.c
g++ -o 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.o

3.valgrind开启vgdb调试

valgrind --leak-check=full --show-leak-kinds=all --vgdb=yes --vgdb-error=0 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out

3279 Memcheck, a memory error detector
3279 Copyright © 2002-2017, and GNU GPL’d, by Julian Seward et al.
3279 Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
3279 Command: ./51_mem_valgrind_____________________________________________.out
3279
3279 (action at startup) vgdb me …
3279
3279 TO DEBUG THIS PROCESS USING GDB: start GDB like this
3279 /path/to/gdb ./51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out
3279 and then give GDB the following command
3279 target remote | /usr/lib/x86_64-linux-gnu/valgrind/…/…/bin/vgdb --pid=3279
3279 --pid is optional if only one valgrind process is running

valgrind 参数说明:

• –leak-check=full 内存泄漏检测
• –show-leak-kinds=all 详细各种异常检测
• –vgdb=yes --vgdb-error=0 开启vgdb

4.gdb 调试

gdb 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out

Reading symbols from ./51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out…
(gdb) target remote|vgdb #远程到vgdb调试
Remote debugging using |vgdb
relaying data between gdb and process 3279
Reading symbols from /usr/lib/debug/.build-id/7a/e2aaae1a0e5b262df913ee0885582d2e327982.debug…
0x0000000004001100 in _start () from /lib64/ld-linux-x86-64.so.2
c 按c开始运行

命令行效果如图:

2.vscode + valgrind + gdb调试

1.vscode launch.json配置

使用国内几个大模型, 都无法给出正确可用的配置
在外网github搜到一个可参考的配置方法
链接: https://github.com/microsoft/vscode-cpptools/issues/4531
william-r-dieter commented on Aug 28, 2020
Here is the launch.json that worked for me:
launch.json

           "customLaunchSetupCommands" : [
               {
                 "description": "Attach to valgrind",
                 "text": "target remote | /usr/lib64/valgrind/../../bin/vgdb",
                 "ignoreFailures": false  
               }
           ],

vscode开启valgrind调试核心配置 launch.json

            "setupCommands": [
                {
                    "description": "vgdb",
                    "text": "target remote | /usr/bin/vgdb ",
                    "ignoreFailures": true
                }
            ],

launch.json 完整配置
注意不能照抄, 我的默认编译构建工具是scons

{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "(gdb) 启动",
            "type": "cppdbg",
            "request": "launch",
            "program": "${fileDirname}/${fileBasenameNoExtension}.out",
            "args": [],
            "stopAtEntry": false,
            "cwd": "${fileDirname}",
            "environment": [],
            "externalConsole": false,
            "MIMode": "gdb",
            "setupCommands": [
                {
                    "description": "为 gdb 启用整齐打印",
                    "text": "-enable-pretty-printing",
                    "ignoreFailures": true
                },
                {
                    "description": "vgdb",
                    "text": "target remote | /usr/bin/vgdb ",
                    "ignoreFailures": true
                }
            ],
            "preLaunchTask": "scons"
        }
    ]
}

2.valgrind 开启vgdb调试

valgrind --leak-check=full --show-leak-kinds=all --vgdb=yes --vgdb-error=0 51_mem_valgrind调试_内存泄漏_非法地址访问_越界.out

3.vscode 启动gdb远程

参考 1.vscode launch.json配置
F5 运行

效果如图

总结

1. valgrind + gdb 可以快速定位问题点
2. 有概率gdb调试退出时, valgrind没有退出, 可以使用kill -9 强制退出 kill -9 valgrind_pid
3. 项目中使用cppcheck + valgrind, 找出潜在的问题1个问题点
   1. 字节缓冲区, data_len变量为异常值(默认128, 异常时为156023), 导致指针索引地址越界

• 当通过C 指针索引地址时, 如果索引为异常值, 导致越界,或非法访问, 确实有风险.
• python列表,索引值越界会报异常
• c++ vector<uint8_t> 索引值越界会报异常

反思

1. c++中尽量将 bytes字节数据 转为vector<uint8_t> 处理
2. 提交代码之前,进入安全自测: valgrind, lsof, ss 排查内存,文件句柄,套接字资源是否有泄漏,漏洞.
3. 尝试使用安全的语言, 如rust, 确认是否会有此问题

我是一名 嵌入式-系统-网络-机器人爱好者

---