一、簡介

Valgrind是一個二進制插樁框架，可以用來制作二進制分析工具。利用Valgrind可以檢測二進制程序的內(nèi)存和線程漏洞。Valgrind框架目前包含以下幾種工具：

Memcheck?is a memory error detector. It helps you make your programs, particularly those written in C and C++, more correct.

Cachegrind?is a cache and branch-prediction profiler. It helps you make your programs run faster.

Callgrind?is a call-graph generating cache profiler. It has some overlap with Cachegrind, but also gathers some information that Cachegrind does not.

Helgrind?is a thread error detector. It helps you make your multi-threaded programs more correct.

DRD?is also a thread error detector. It is similar to Helgrind but uses different analysis techniques and so may find different problems.

Massif?is a heap profiler. It helps you make your programs use less memory.

DHAT?is a different kind of heap profiler. It helps you understand issues of block lifetimes, block utilisation, and layout inefficiencies.

SGcheck?is an experimental tool that can detect overruns of stack and global arrays. Its functionality is complementary to that of Memcheck: SGcheck finds problems that Memcheck can't, and vice versa..

BBV?is an experimental SimPoint basic block vector generator. It is useful to people doing computer architecture research and development.

二、安裝valgrind

從valgrind官網(wǎng)上下載源碼，解壓后依次執(zhí)行

./configure

make

sudo make install

輸入valgrind -h查看是否安裝成功

三、使用

valgrind的默認命令結(jié)構(gòu)為：

valgrind [valgrind-options] your-prog [your prog options]

對C/C++程序，采用-g?編譯選項進行編譯得到二進制程序myprog

一般使用下面命令來運行程序myprog：

valgrind --tool=memcheck? --leak-check=yes myprog arg1 arg2?

默認使用的是Memcheck工具，如果要使用別的工具可以在--tool?選項中設(shè)置,? --leak-check選項默認打開memory leak detector

--toool=<toolname>

toolname?可以為：memcheck, cachegrind, callgrind, helgrind, drd, massif, lackey, none, exp-sgcheck, exp-bbv, exp-dhat, etc.

如果目標是檢查程序漏洞，則常使用的tool為：memcheck (內(nèi)存錯誤)，?helgrind, drd(線程錯誤)