我一直在争论一个似乎是realloc与valgrind不合作的奇怪案例。似乎我要么以某种方式分配太多,要么错误地使用realloc。我认真对待valgrind错误,这样的错误让我深感担忧。
最小的工作示例:
#include <stdlib.h>
typedef struct test {
size_t n;
size_t r;
int **ptrs;
} test;
test *new_test() {
test *t = malloc(sizeof(test));
t->n = 0; //number of elements
t->r = 1; //reserve
t->ptrs = calloc(t->r, sizeof(*(t->ptrs))); //calloc inits so we don't have to
return t;
}
void push_back_test(test *t, int *ptr) {
if (t->n == t->r) {
t->r <<= 1;
int **temp_ptr = realloc(t->ptrs, sizeof(t->ptrs) * t->r);
if (temp_ptr) {
t->ptrs = temp_ptr;
} else {
exit(EXIT_FAILURE);
}
//NULL out the rest
for (int **ptri = t->ptrs + t->n; ptri < t->ptrs + t->r; ++ptri) {
(*ptri) = NULL;
}
}
t->ptrs[t->n] = ptr;
++(t->n);
}
int main(int argc, char **argv) {
test *t = new_test();
int *a = calloc(2, sizeof(int)); //calloc inits
int *b = calloc(4, sizeof(int));
int *c = calloc(8, sizeof(int));
push_back_test(t, a);
push_back_test(t, b);
push_back_test(t, c);
push_back_test(t, a);
push_back_test(t, b);
exit(EXIT_SUCCESS);
}
Valgrind输出:
==26528== Memcheck, a memory error detector
==26528== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==26528== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==26528== Command: ./test
==26528==
==26528== Conditional jump or move depends on uninitialised value(s)
==26528== at 0x435A32: __linkin_atfork (in /----/----/test)
==26528== by 0x414905: ptmalloc_init.part.8 (in /----/----/test)
==26528== by 0x414C7F: malloc_hook_ini (in /----/----/test)
==26528== by 0x465B1A: _dl_get_origin (in /----/----/test)
==26528== by 0x436AB4: _dl_non_dynamic_init (in /----/----/test)
==26528== by 0x437916: __libc_init_first (in /----/----/test)
==26528== by 0x40140F: (below main) (in /----/----/test)
==26528==
==26528== Conditional jump or move depends on uninitialised value(s)
==26528== at 0x4104BA: _int_free (in /----/----/test)
==26528== by 0x412C3B: _int_realloc (in /----/----/test)
==26528== by 0x414046: realloc (in /----/----/test)
==26528== by 0x40109D: push_back_test (test.c:20)
==26528== by 0x4011FB: main (test.c:44)
==26528==
==26528== Conditional jump or move depends on uninitialised value(s)
==26528== at 0x410518: _int_free (in /----/----/test)
==26528== by 0x412C3B: _int_realloc (in /----/----/test)
==26528== by 0x414046: realloc (in /----/----/test)
==26528== by 0x40109D: push_back_test (test.c:20)
==26528== by 0x4011FB: main (test.c:44)
==26528==
==26528==
==26528== HEAP SUMMARY:
==26528== in use at exit: 0 bytes in 0 blocks
==26528== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==26528==
==26528== All heap blocks were freed -- no leaks are possible
==26528==
==26528== For counts of detected and suppressed errors, rerun with: -v
==26528== Use --track-origins=yes to see where uninitialised values come from
==26528== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
现在我知道第一个错误可能是我的libc的一个问题,但其余的基本上是告诉我,我没有将我分配的所有内存归零并且正在传递垃圾,我认为这不是我的意思将新分配的内容归零。
我已经尝试了很多这方面的变化,他们要么(正确地)崩溃或给出这些消息。我很茫然。
编辑:我遇到问题的原始代码比这更正确。 我现在已经修好了MWE,仍然是一样的。答案 0 :(得分:6)
问题是glibc不是Valgrind-clean。通常情况下,这些错误似乎来自您的libc.so.6,Valgrind已经内置了这些错误。当您静态链接时,这些问题似乎来自您的二进制文件,因此不会被抑制。
您可以通过静态链接或使用suppressions和suppression files来解决此问题
如果你看一下被抱怨的内容,那就是将一些线程本地存储与NULL进行比较。如果您附加一个调试器,事实证明事情很好,并且问题是误报。
可以在this SO thread找到更多信息。
当然,多条评论会指出您new_test的原始错误以及您传递给realloc的大小的现有错误。一旦修复,Valgrind警告仍然存在,这就是原因。
答案 1 :(得分:1)
您似乎使用不正确的尺寸来呼叫realloc:
realloc(t->ptrs, sizeof(t->ptrs) * t->r);
应该是:
realloc(t->ptrs, sizeof(*t->ptrs) * t->r);
由于t->ptrs定义为int **ptrs;,因此计算会在您和大多数现代平台上提供相同的结果。因此,这个错误没有后果,也没有解释问题,正如dho正确评论的那样。