0

这样的泄漏在肉眼看来太微不足道了,我认为静态代码分析工具应该能够找到它们。

 Ex1:
 void foo(void) {
    u32 *ptr = kmalloc(512, GFP_KERNEL);
    ptr = (u32 *)0xffffffff;
    kfree(ptr);
 }

我知道Coverity可以找到如下泄漏,但不确定上述泄漏:谁能告诉我这是否会在任何一个Coverity或类似的工具中被检测到Sparse

Ex2:
void foo(void) {
    kmalloc(512, GFP_KERNEL);
}

Ex3:
void foo(void) {
    void * ptr = kmalloc(512, GFP_KERNEL);

    if (true)
        return;

    kfree(ptr)
}
4

2 回答 2

0

我不知道kmalloc(而且我没有带有 Coverity 许可证的 Linux 系统来测试它),但 Coveritymalloc很容易检测到这种形式的泄漏。所以我怀疑 kmalloc 会给它带来麻烦。

如果确实有问题,您始终可以提供一个 kmalloc 函数的用户模型,该模型只包含 malloc 函数,以便 Coverity 知道如何处理该函数。

于 2015-02-16T17:47:17.327 回答
-2


Valgrind可用于检测 Ex1 中提到的内存泄漏。

e.g. 
#include<stdio.h> 
void foo(void) {
    int *ptr = (int *)malloc(512);
    ptr = (int *)0xffffffff;
    free(ptr);
 }
int main(){
        foo();
        return 1;
}

Valigrind Output:

[test@myhost /tmp]# valgrind --tool=memcheck --leak-check=full ./Ex1
==23780== Memcheck, a memory error detector
==23780== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==23780== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==23780== Command: ./Ex1
==23780== 
==23780== Invalid free() / delete / delete[]
==23780==    at 0x4A05A31: free (vg_replace_malloc.c:325)
==23780==    by 0x400509: foo (in /tmp/Ex1)
==23780==    by 0x400514: main (in /tmp/Ex1)
==23780==  Address 0xffffffff is not stack'd, malloc'd or (recently) free'd
==23780== 
==23780== 
==23780== HEAP SUMMARY:
==23780==     in use at exit: 512 bytes in 1 blocks
==23780==   total heap usage: 1 allocs, 1 frees, 512 bytes allocated
==23780== 
==23780== 512 bytes in 1 blocks are definitely lost in loss record 1 of 1
==23780==    at 0x4A05E1C: malloc (vg_replace_malloc.c:195)
==23780==    by 0x4004E9: foo (in /tmp/Ex1)
==23780==    by 0x400514: main (in /tmp/Ex1)
==23780== 
==23780== LEAK SUMMARY:
==23780==    definitely lost: 512 bytes in 1 blocks
==23780==    indirectly lost: 0 bytes in 0 blocks
==23780==      possibly lost: 0 bytes in 0 blocks
==23780==    still reachable: 0 bytes in 0 blocks
==23780==         suppressed: 0 bytes in 0 blocks
==23780== 
==23780== For counts of detected and suppressed errors, rerun with: -v
==23780== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
于 2015-02-10T12:10:57.073 回答