是否有任何静态代码分析器可以捕获此内存泄漏?

时间:2015-02-10 10:50:03

标签: linux memory-leaks linux-kernel coverity

这种泄漏对于肉眼来说似乎太微不足道了,我认为静态代码分析工具应该能够找到它们。

 Ex1:
 void foo(void) {
    u32 *ptr = kmalloc(512, GFP_KERNEL);
    ptr = (u32 *)0xffffffff;
    kfree(ptr);
 }

我知道Coverity可以找到如下所示的泄漏但不确定上述内容:任何人都可以告诉我这是否会在CoveritySparse等工具中被检测到? 

Ex2:
void foo(void) {
    kmalloc(512, GFP_KERNEL);
}

Ex3:
void foo(void) {
    void * ptr = kmalloc(512, GFP_KERNEL);

    if (true)
        return;

    kfree(ptr)
}

2 个答案:

答案 0 :(得分:0)

我不知道kmalloc(我没有带有Coverity许可证的Linux系统来测试它),但Coverity很容易用malloc检测到此表单的泄漏。所以我怀疑kmalloc会给它带来麻烦。

如果它确实给你带来麻烦,你总是可以提供一个kmalloc函数的用户模型,它只包含malloc函数,所以Coverity知道如何处理这个函数。

答案 1 :(得分:-2)


Valgrind可用于检测Ex1中提到的内存泄漏。 

e.g. 
#include<stdio.h> 
void foo(void) {
    int *ptr = (int *)malloc(512);
    ptr = (int *)0xffffffff;
    free(ptr);
 }
int main(){
        foo();
        return 1;
}

Valigrind Output:

[test@myhost /tmp]# valgrind --tool=memcheck --leak-check=full ./Ex1
==23780== Memcheck, a memory error detector
==23780== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==23780== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==23780== Command: ./Ex1
==23780== 
==23780== Invalid free() / delete / delete[]
==23780==    at 0x4A05A31: free (vg_replace_malloc.c:325)
==23780==    by 0x400509: foo (in /tmp/Ex1)
==23780==    by 0x400514: main (in /tmp/Ex1)
==23780==  Address 0xffffffff is not stack'd, malloc'd or (recently) free'd
==23780== 
==23780== 
==23780== HEAP SUMMARY:
==23780==     in use at exit: 512 bytes in 1 blocks
==23780==   total heap usage: 1 allocs, 1 frees, 512 bytes allocated
==23780== 
==23780== 512 bytes in 1 blocks are definitely lost in loss record 1 of 1
==23780==    at 0x4A05E1C: malloc (vg_replace_malloc.c:195)
==23780==    by 0x4004E9: foo (in /tmp/Ex1)
==23780==    by 0x400514: main (in /tmp/Ex1)
==23780== 
==23780== LEAK SUMMARY:
==23780==    definitely lost: 512 bytes in 1 blocks
==23780==    indirectly lost: 0 bytes in 0 blocks
==23780==      possibly lost: 0 bytes in 0 blocks
==23780==    still reachable: 0 bytes in 0 blocks
==23780==         suppressed: 0 bytes in 0 blocks
==23780== 
==23780== For counts of detected and suppressed errors, rerun with: -v
==23780== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
相关问题
最新问题