1libtalloc_debugging(3) talloc libtalloc_debugging(3)
2
6 libtalloc_debugging - Chapter 6: Debugging
7 Although talloc makes memory management significantly easier than the C
10 standard library, developers are still only humans and can make
11 mistakes.
12 Therefore, it can be handy to know some tools for the inspection of
14 talloc memory usage.
15
17 We have already encountered the abort function in section Dynamic type
18 system. In that case it was used when a type mismatch was detected.
19 However, talloc calls this abort function in several more situations:
20 · when the provided pointer is not a valid talloc context,
22 · when the meta data is invalid - probably due to memory corruption,
24 · and when an access after free is detected.
26 The third one is probably the most interesting. It can help us with
28 detecting an attempt to double-free a context or any other manipulation
29 with it via talloc functions (using it as a parent, stealing it, etc.).
30 Before the context is freed talloc sets a flag in the meta data. This
32 is then used to detect the access after free. It basically works on the
33 assumption that the memory stays unchanged (at least for a while) even
34 when it is properly deallocated. This will work even if the memory is
35 filled with the value specified in TALLOC_FREE_FILL environment
36 variable, because it fills only the data part and leaves the meta data
37 intact.
38 Apart from the abort function, talloc uses a log function to provide
40 additional information to the aforementioned violations. To enable
41 logging we shall set the log function with one of:
42 · talloc_set_log_fn()
44 · talloc_set_log_stderr()
46 The following code is a sample output of accessing a context after it
48 has been freed:
49 talloc_set_log_stderr();
51 TALLOC_CTX *ctx = talloc_new(NULL);
52 talloc_free(ctx);
54 talloc_free(ctx);
55 results in:
57 talloc: access after free error - first free may be at ../src/main.c:55
58 Bad talloc magic value - access after free
59 Another example is an invalid context:
61 talloc_set_log_stderr();
63 TALLOC_CTX *ctx = talloc_new(NULL);
64 char *str = strdup("not a talloc context");
65 talloc_steal(ctx, str);
66 results in:
68 Bad talloc magic value - unknown value
69
71 Talloc can print reports of memory usage of a specified talloc context
72 to a file (to stdout or stderr). The report can be simple or full. The
73 simple report provides information only about the context itself and
74 its direct descendants. The full report goes recursively through the
75 entire context tree. See:
76 · talloc_report()
78 · talloc_report_full()
80 We will use the following code to retrieve the sample report:
82 struct foo {
84 char *str;
85 };
86 TALLOC_CTX *ctx = talloc_new(NULL);
88 char *str = talloc_strdup(ctx, "my string");
89 struct foo *foo = talloc_zero(ctx, struct foo);
90 foo->str = talloc_strdup(foo, "I am Foo");
91 char *str2 = talloc_strdup(foo, "Foo is my parent");
92 /* print full report */
94 talloc_report_full(ctx, stdout);
95 It will print a full report of ctx to the standard output. The message
97 should be similar to:
98 full talloc report on 'talloc_new: ../src/main.c:82' (total 46 bytes in 5 blocks)
100 struct foo contains 34 bytes in 3 blocks (ref 0) 0x1495130
101 Foo is my parent contains 17 bytes in 1 blocks (ref 0) 0x1495200
102 I am Foo contains 9 bytes in 1 blocks (ref 0) 0x1495190
103 my string contains 10 bytes in 1 blocks (ref 0) 0x14950c0
104 We can notice in this report that something is wrong with the context
106 containing struct foo. We know that the structure has only one string
107 element. However, we can see in the report that it has two children.
108 This indicates that we have either violated the memory hierarchy or
109 forgotten to free it as temporary data. Looking into the code, we can
110 see that 'Foo is my parent' should be attached to ctx.
111 See also:
113 · talloc_enable_null_tracking()
115 · talloc_disable_null_tracking()
117 · talloc_enable_leak_report()
119 · talloc_enable_leak_report_full()
121Version 2.0 Sat May 11 2019 libtalloc_debugging(3)