1VALGRIND(1) valgrind VALGRIND(1)
2
6 valgrind - a suite of tools for debugging and profiling programs
7
9 valgrind [valgrind-options] [your-program] [your-program-options]
10
12 Valgrind is a flexible program for debugging and profiling Linux
13 executables. It consists of a core, which provides a synthetic CPU in
14 software, and a series of debugging and profiling tools. The
15 architecture is modular, so that new tools can be created easily and
16 without disturbing the existing structure.
17 Some of the options described below work with all Valgrind tools, and
19 some only work with a few or one. The section MEMCHECK OPTIONS and
20 those below it describe tool-specific options.
21 This manual page covers only basic usage and options. For more
23 comprehensive information, please see the HTML documentation on your
24 system: $INSTALL/share/doc/valgrind/html/index.html, or online:
25 http://www.valgrind.org/docs/manual/index.html.
26
28 The single most important option.
29 --tool=<toolname> [default: memcheck]
31 Run the Valgrind tool called toolname, e.g. memcheck, cachegrind,
32 callgrind, helgrind, drd, massif, dhat, lackey, none, exp-bbv, etc.
33
35 These options work with all tools.
36 -h --help
38 Show help for all options, both for the core and for the selected
39 tool. If the option is repeated it is equivalent to giving
40 --help-debug.
41 --help-debug
43 Same as --help, but also lists debugging options which usually are
44 only of use to Valgrind's developers.
45 --version
47 Show the version number of the Valgrind core. Tools can have their
48 own version numbers. There is a scheme in place to ensure that
49 tools only execute when the core version is one they are known to
50 work with. This was done to minimise the chances of strange
51 problems arising from tool-vs-core version incompatibilities.
52 -q, --quiet
54 Run silently, and only print error messages. Useful if you are
55 running regression tests or have some other automated test
56 machinery.
57 -v, --verbose
59 Be more verbose. Gives extra information on various aspects of your
60 program, such as: the shared objects loaded, the suppressions used,
61 the progress of the instrumentation and execution engines, and
62 warnings about unusual behaviour. Repeating the option increases
63 the verbosity level.
64 --trace-children=<yes|no> [default: no]
66 When enabled, Valgrind will trace into sub-processes initiated via
67 the exec system call. This is necessary for multi-process programs.
68 Note that Valgrind does trace into the child of a fork (it would be
70 difficult not to, since fork makes an identical copy of a process),
71 so this option is arguably badly named. However, most children of
72 fork calls immediately call exec anyway.
73 --trace-children-skip=patt1,patt2,...
75 This option only has an effect when --trace-children=yes is
76 specified. It allows for some children to be skipped. The option
77 takes a comma separated list of patterns for the names of child
78 executables that Valgrind should not trace into. Patterns may
79 include the metacharacters ? and *, which have the usual meaning.
80 This can be useful for pruning uninteresting branches from a tree
82 of processes being run on Valgrind. But you should be careful when
83 using it. When Valgrind skips tracing into an executable, it
84 doesn't just skip tracing that executable, it also skips tracing
85 any of that executable's child processes. In other words, the flag
86 doesn't merely cause tracing to stop at the specified executables
87 -- it skips tracing of entire process subtrees rooted at any of the
88 specified executables.
89 --trace-children-skip-by-arg=patt1,patt2,...
91 This is the same as --trace-children-skip, with one difference: the
92 decision as to whether to trace into a child process is made by
93 examining the arguments to the child process, rather than the name
94 of its executable.
95 --child-silent-after-fork=<yes|no> [default: no]
97 When enabled, Valgrind will not show any debugging or logging
98 output for the child process resulting from a fork call. This can
99 make the output less confusing (although more misleading) when
100 dealing with processes that create children. It is particularly
101 useful in conjunction with --trace-children=. Use of this option is
102 also strongly recommended if you are requesting XML output
103 (--xml=yes), since otherwise the XML from child and parent may
104 become mixed up, which usually makes it useless.
105 --vgdb=<no|yes|full> [default: yes]
107 Valgrind will provide "gdbserver" functionality when --vgdb=yes or
108 --vgdb=full is specified. This allows an external GNU GDB debugger
109 to control and debug your program when it runs on Valgrind.
110 --vgdb=full incurs significant performance overheads, but provides
111 more precise breakpoints and watchpoints. See Debugging your
112 program using Valgrind's gdbserver and GDB for a detailed
113 description.
114 If the embedded gdbserver is enabled but no gdb is currently being
116 used, the vgdb command line utility can send "monitor commands" to
117 Valgrind from a shell. The Valgrind core provides a set of Valgrind
118 monitor commands. A tool can optionally provide tool specific
119 monitor commands, which are documented in the tool specific
120 chapter.
121 --vgdb-error=<number> [default: 999999999]
123 Use this option when the Valgrind gdbserver is enabled with
124 --vgdb=yes or --vgdb=full. Tools that report errors will wait for
125 "number" errors to be reported before freezing the program and
126 waiting for you to connect with GDB. It follows that a value of
127 zero will cause the gdbserver to be started before your program is
128 executed. This is typically used to insert GDB breakpoints before
129 execution, and also works with tools that do not report errors,
130 such as Massif.
131 --vgdb-stop-at=<set> [default: none]
133 Use this option when the Valgrind gdbserver is enabled with
134 --vgdb=yes or --vgdb=full. The Valgrind gdbserver will be invoked
135 for each error after --vgdb-error have been reported. You can
136 additionally ask the Valgrind gdbserver to be invoked for other
137 events, specified in one of the following ways:
138 • a comma separated list of one or more of startup exit abexit
140 valgrindabexit.
141 The values startup exit valgrindabexit respectively indicate to
143 invoke gdbserver before your program is executed, after the
144 last instruction of your program, on Valgrind abnormal exit
145 (e.g. internal error, out of memory, ...).
146 The option abexit is similar to exit but tells to invoke
148 gdbserver only when your application exits abnormally (i.e.
149 with an exit code different of 0).
150 Note: startup and --vgdb-error=0 will both cause Valgrind
152 gdbserver to be invoked before your program is executed. The
153 --vgdb-error=0 will in addition cause your program to stop on
154 all subsequent errors.
155 • all to specify the complete set. It is equivalent to
157 --vgdb-stop-at=startup,exit,abexit,valgrindabexit.
158 • none for the empty set.
160 --track-fds=<yes|no|all> [default: no]
162 When enabled, Valgrind will print out a list of open file
163 descriptors on exit or on request, via the gdbserver monitor
164 command v.info open_fds. Along with each file descriptor is printed
165 a stack backtrace of where the file was opened and any details
166 relating to the file descriptor such as the file name or socket
167 details. Use all to include reporting on stdin, stdout and stderr.
168 --time-stamp=<yes|no> [default: no]
170 When enabled, each message is preceded with an indication of the
171 elapsed wallclock time since startup, expressed as days, hours,
172 minutes, seconds and milliseconds.
173 --log-fd=<number> [default: 2, stderr]
175 Specifies that Valgrind should send all of its messages to the
176 specified file descriptor. The default, 2, is the standard error
177 channel (stderr). Note that this may interfere with the client's
178 own use of stderr, as Valgrind's output will be interleaved with
179 any output that the client sends to stderr.
180 --log-file=<filename>
182 Specifies that Valgrind should send all of its messages to the
183 specified file. If the file name is empty, it causes an abort.
184 There are three special format specifiers that can be used in the
185 file name.
186 %p is replaced with the current process ID. This is very useful for
188 program that invoke multiple processes. WARNING: If you use
189 --trace-children=yes and your program invokes multiple processes OR
190 your program forks without calling exec afterwards, and you don't
191 use this specifier (or the %q specifier below), the Valgrind output
192 from all those processes will go into one file, possibly jumbled
193 up, and possibly incomplete. Note: If the program forks and calls
194 exec afterwards, Valgrind output of the child from the period
195 between fork and exec will be lost. Fortunately this gap is really
196 tiny for most programs; and modern programs use posix_spawn anyway.
197 %n is replaced with a file sequence number unique for this process.
199 This is useful for processes that produces several files from the
200 same filename template.
201 %q{FOO} is replaced with the contents of the environment variable
203 FOO. If the {FOO} part is malformed, it causes an abort. This
204 specifier is rarely needed, but very useful in certain
205 circumstances (eg. when running MPI programs). The idea is that you
206 specify a variable which will be set differently for each process
207 in the job, for example BPROC_RANK or whatever is applicable in
208 your MPI setup. If the named environment variable is not set, it
209 causes an abort. Note that in some shells, the { and } characters
210 may need to be escaped with a backslash.
211 %% is replaced with %.
213 If an % is followed by any other character, it causes an abort.
215 If the file name specifies a relative file name, it is put in the
217 program's initial working directory: this is the current directory
218 when the program started its execution after the fork or after the
219 exec. If it specifies an absolute file name (ie. starts with '/')
220 then it is put there.
221 --log-socket=<ip-address:port-number>
223 Specifies that Valgrind should send all of its messages to the
224 specified port at the specified IP address. The port may be
225 omitted, in which case port 1500 is used. If a connection cannot be
226 made to the specified socket, Valgrind falls back to writing output
227 to the standard error (stderr). This option is intended to be used
228 in conjunction with the valgrind-listener program. For further
229 details, see the commentary in the manual.
230 --enable-debuginfod=<no|yes> [default: yes]
232 When enabled Valgrind will attempt to download missing debuginfo
233 from debuginfod servers if space-separated server URLs are present
234 in the $DEBUGINFOD_URLS environment variable. This option is
235 supported on Linux only.
236
238 These options are used by all tools that can report errors, e.g.
239 Memcheck, but not Cachegrind.
240 --xml=<yes|no> [default: no]
242 When enabled, the important parts of the output (e.g. tool error
243 messages) will be in XML format rather than plain text.
244 Furthermore, the XML output will be sent to a different output
245 channel than the plain text output. Therefore, you also must use
246 one of --xml-fd, --xml-file or --xml-socket to specify where the
247 XML is to be sent.
248 Less important messages will still be printed in plain text, but
250 because the XML output and plain text output are sent to different
251 output channels (the destination of the plain text output is still
252 controlled by --log-fd, --log-file and --log-socket) this should
253 not cause problems.
254 This option is aimed at making life easier for tools that consume
256 Valgrind's output as input, such as GUI front ends. Currently this
257 option works with Memcheck, Helgrind and DRD. The output format is
258 specified in the file docs/internals/xml-output-protocol4.txt in
259 the source tree for Valgrind 3.5.0 or later.
260 The recommended options for a GUI to pass, when requesting XML
262 output, are: --xml=yes to enable XML output, --xml-file to send the
263 XML output to a (presumably GUI-selected) file, --log-file to send
264 the plain text output to a second GUI-selected file,
265 --child-silent-after-fork=yes, and -q to restrict the plain text
266 output to critical error messages created by Valgrind itself. For
267 example, failure to read a specified suppressions file counts as a
268 critical error message. In this way, for a successful run the text
269 output file will be empty. But if it isn't empty, then it will
270 contain important information which the GUI user should be made
271 aware of.
272 --xml-fd=<number> [default: -1, disabled]
274 Specifies that Valgrind should send its XML output to the specified
275 file descriptor. It must be used in conjunction with --xml=yes.
276 --xml-file=<filename>
278 Specifies that Valgrind should send its XML output to the specified
279 file. It must be used in conjunction with --xml=yes. Any %p or %q
280 sequences appearing in the filename are expanded in exactly the
281 same way as they are for --log-file. See the description of --log-
282 file for details.
283 --xml-socket=<ip-address:port-number>
285 Specifies that Valgrind should send its XML output the specified
286 port at the specified IP address. It must be used in conjunction
287 with --xml=yes. The form of the argument is the same as that used
288 by --log-socket. See the description of --log-socket for further
289 details.
290 --xml-user-comment=<string>
292 Embeds an extra user comment string at the start of the XML output.
293 Only works when --xml=yes is specified; ignored otherwise.
294 --demangle=<yes|no> [default: yes]
296 Enable/disable automatic demangling (decoding) of C++ names.
297 Enabled by default. When enabled, Valgrind will attempt to
298 translate encoded C++ names back to something approaching the
299 original. The demangler handles symbols mangled by g++ versions
300 2.X, 3.X and 4.X.
301 An important fact about demangling is that function names mentioned
303 in suppressions files should be in their mangled form. Valgrind
304 does not demangle function names when searching for applicable
305 suppressions, because to do otherwise would make suppression file
306 contents dependent on the state of Valgrind's demangling machinery,
307 and also slow down suppression matching.
308 --num-callers=<number> [default: 12]
310 Specifies the maximum number of entries shown in stack traces that
311 identify program locations. Note that errors are commoned up using
312 only the top four function locations (the place in the current
313 function, and that of its three immediate callers). So this doesn't
314 affect the total number of errors reported.
315 The maximum value for this is 500. Note that higher settings will
317 make Valgrind run a bit more slowly and take a bit more memory, but
318 can be useful when working with programs with deeply-nested call
319 chains.
320 --unw-stack-scan-thresh=<number> [default: 0] ,
322 --unw-stack-scan-frames=<number> [default: 5]
323 Stack-scanning support is available only on ARM targets.
324 These flags enable and control stack unwinding by stack scanning.
326 When the normal stack unwinding mechanisms -- usage of Dwarf CFI
327 records, and frame-pointer following -- fail, stack scanning may be
328 able to recover a stack trace.
329 Note that stack scanning is an imprecise, heuristic mechanism that
331 may give very misleading results, or none at all. It should be used
332 only in emergencies, when normal unwinding fails, and it is
333 important to nevertheless have stack traces.
334 Stack scanning is a simple technique: the unwinder reads words from
336 the stack, and tries to guess which of them might be return
337 addresses, by checking to see if they point just after ARM or Thumb
338 call instructions. If so, the word is added to the backtrace.
339 The main danger occurs when a function call returns, leaving its
341 return address exposed, and a new function is called, but the new
342 function does not overwrite the old address. The result of this is
343 that the backtrace may contain entries for functions which have
344 already returned, and so be very confusing.
345 A second limitation of this implementation is that it will scan
347 only the page (4KB, normally) containing the starting stack
348 pointer. If the stack frames are large, this may result in only a
349 few (or not even any) being present in the trace. Also, if you are
350 unlucky and have an initial stack pointer near the end of its
351 containing page, the scan may miss all interesting frames.
352 By default stack scanning is disabled. The normal use case is to
354 ask for it when a stack trace would otherwise be very short. So, to
355 enable it, use --unw-stack-scan-thresh=number. This requests
356 Valgrind to try using stack scanning to "extend" stack traces which
357 contain fewer than number frames.
358 If stack scanning does take place, it will only generate at most
360 the number of frames specified by --unw-stack-scan-frames.
361 Typically, stack scanning generates so many garbage entries that
362 this value is set to a low value (5) by default. In no case will a
363 stack trace larger than the value specified by --num-callers be
364 created.
365 --error-limit=<yes|no> [default: yes]
367 When enabled, Valgrind stops reporting errors after 10,000,000 in
368 total, or 1,000 different ones, have been seen. This is to stop the
369 error tracking machinery from becoming a huge performance overhead
370 in programs with many errors.
371 --error-exitcode=<number> [default: 0]
373 Specifies an alternative exit code to return if Valgrind reported
374 any errors in the run. When set to the default value (zero), the
375 return value from Valgrind will always be the return value of the
376 process being simulated. When set to a nonzero value, that value is
377 returned instead, if Valgrind detects any errors. This is useful
378 for using Valgrind as part of an automated test suite, since it
379 makes it easy to detect test cases for which Valgrind has reported
380 errors, just by inspecting return codes. When set to a nonzero
381 value and Valgrind detects no error, the return value of Valgrind
382 will be the return value of the program being simulated.
383 --exit-on-first-error=<yes|no> [default: no]
385 If this option is enabled, Valgrind exits on the first error. A
386 nonzero exit value must be defined using --error-exitcode option.
387 Useful if you are running regression tests or have some other
388 automated test machinery.
389 --error-markers=<begin>,<end> [default: none]
391 When errors are output as plain text (i.e. XML not used),
392 --error-markers instructs to output a line containing the begin
393 (end) string before (after) each error.
394 Such marker lines facilitate searching for errors and/or extracting
396 errors in an output file that contain valgrind errors mixed with
397 the program output.
398 Note that empty markers are accepted. So, only using a begin (or an
400 end) marker is possible.
401 --show-error-list=no|yes [default: no]
403 If this option is enabled, for tools that report errors, valgrind
404 will show the list of detected errors and the list of used
405 suppressions at exit.
406 Note that at verbosity 2 and above, valgrind automatically shows
408 the list of detected errors and the list of used suppressions at
409 exit, unless --show-error-list=no is selected.
410 -s
412 Specifying -s is equivalent to --show-error-list=yes.
413 --sigill-diagnostics=<yes|no> [default: yes]
415 Enable/disable printing of illegal instruction diagnostics. Enabled
416 by default, but defaults to disabled when --quiet is given. The
417 default can always be explicitly overridden by giving this option.
418 When enabled, a warning message will be printed, along with some
420 diagnostics, whenever an instruction is encountered that Valgrind
421 cannot decode or translate, before the program is given a SIGILL
422 signal. Often an illegal instruction indicates a bug in the program
423 or missing support for the particular instruction in Valgrind. But
424 some programs do deliberately try to execute an instruction that
425 might be missing and trap the SIGILL signal to detect processor
426 features. Using this flag makes it possible to avoid the diagnostic
427 output that you would otherwise get in such cases.
428 --keep-debuginfo=<yes|no> [default: no]
430 When enabled, keep ("archive") symbols and all other debuginfo for
431 unloaded code. This allows saved stack traces to include file/line
432 info for code that has been dlclose'd (or similar). Be careful with
433 this, since it can lead to unbounded memory use for programs which
434 repeatedly load and unload shared objects.
435 Some tools and some functionalities have only limited support for
437 archived debug info. Memcheck fully supports it. Generally, tools
438 that report errors can use archived debug info to show the error
439 stack traces. The known limitations are: Helgrind's past access
440 stack trace of a race condition is does not use archived debug
441 info. Massif (and more generally the xtree Massif output format)
442 does not make use of archived debug info. Only Memcheck has been
443 (somewhat) tested with --keep-debuginfo=yes, so other tools may
444 have unknown limitations.
445 --show-below-main=<yes|no> [default: no]
447 By default, stack traces for errors do not show any functions that
448 appear beneath main because most of the time it's uninteresting C
449 library stuff and/or gobbledygook. Alternatively, if main is not
450 present in the stack trace, stack traces will not show any
451 functions below main-like functions such as glibc's
452 __libc_start_main. Furthermore, if main-like functions are present
453 in the trace, they are normalised as (below main), in order to make
454 the output more deterministic.
455 If this option is enabled, all stack trace entries will be shown
457 and main-like functions will not be normalised.
458 --fullpath-after=<string> [default: don't show source paths]
460 By default Valgrind only shows the filenames in stack traces, but
461 not full paths to source files. When using Valgrind in large
462 projects where the sources reside in multiple different
463 directories, this can be inconvenient. --fullpath-after provides a
464 flexible solution to this problem. When this option is present, the
465 path to each source file is shown, with the following all-important
466 caveat: if string is found in the path, then the path up to and
467 including string is omitted, else the path is shown unmodified.
468 Note that string is not required to be a prefix of the path.
469 For example, consider a file named
471 /home/janedoe/blah/src/foo/bar/xyzzy.c. Specifying
472 --fullpath-after=/home/janedoe/blah/src/ will cause Valgrind to
473 show the name as foo/bar/xyzzy.c.
474 Because the string is not required to be a prefix,
476 --fullpath-after=src/ will produce the same output. This is useful
477 when the path contains arbitrary machine-generated characters. For
478 example, the path /my/build/dir/C32A1B47/blah/src/foo/xyzzy can be
479 pruned to foo/xyzzy using --fullpath-after=/blah/src/.
480 If you simply want to see the full path, just specify an empty
482 string: --fullpath-after=. This isn't a special case, merely a
483 logical consequence of the above rules.
484 Finally, you can use --fullpath-after multiple times. Any
486 appearance of it causes Valgrind to switch to producing full paths
487 and applying the above filtering rule. Each produced path is
488 compared against all the --fullpath-after-specified strings, in the
489 order specified. The first string to match causes the path to be
490 truncated as described above. If none match, the full path is
491 shown. This facilitates chopping off prefixes when the sources are
492 drawn from a number of unrelated directories.
493 --extra-debuginfo-path=<path> [default: undefined and unused]
495 By default Valgrind searches in several well-known paths for debug
496 objects, such as /usr/lib/debug/.
497 However, there may be scenarios where you may wish to put debug
499 objects at an arbitrary location, such as external storage when
500 running Valgrind on a mobile device with limited local storage.
501 Another example might be a situation where you do not have
502 permission to install debug object packages on the system where you
503 are running Valgrind.
504 In these scenarios, you may provide an absolute path as an extra,
506 final place for Valgrind to search for debug objects by specifying
507 --extra-debuginfo-path=/path/to/debug/objects. The given path will
508 be prepended to the absolute path name of the searched-for object.
509 For example, if Valgrind is looking for the debuginfo for
510 /w/x/y/zz.so and --extra-debuginfo-path=/a/b/c is specified, it
511 will look for a debug object at /a/b/c/w/x/y/zz.so.
512 This flag should only be specified once. If it is specified
514 multiple times, only the last instance is honoured.
515 --debuginfo-server=ipaddr:port [default: undefined and unused]
517 This is a new, experimental, feature introduced in version 3.9.0.
518 In some scenarios it may be convenient to read debuginfo from
520 objects stored on a different machine. With this flag, Valgrind
521 will query a debuginfo server running on ipaddr and listening on
522 port port, if it cannot find the debuginfo object in the local
523 filesystem.
524 The debuginfo server must accept TCP connections on port port. The
526 debuginfo server is contained in the source file
527 auxprogs/valgrind-di-server.c. It will only serve from the
528 directory it is started in. port defaults to 1500 in both client
529 and server if not specified.
530 If Valgrind looks for the debuginfo for /w/x/y/zz.so by using the
532 debuginfo server, it will strip the pathname components and merely
533 request zz.so on the server. That in turn will look only in its
534 current working directory for a matching debuginfo object.
535 The debuginfo data is transmitted in small fragments (8 KB) as
537 requested by Valgrind. Each block is compressed using LZO to reduce
538 transmission time. The implementation has been tuned for best
539 performance over a single-stage 802.11g (WiFi) network link.
540 Note that checks for matching primary vs debug objects, using GNU
542 debuglink CRC scheme, are performed even when using the debuginfo
543 server. To disable such checking, you need to also specify
544 --allow-mismatched-debuginfo=yes.
545 By default the Valgrind build system will build valgrind-di-server
547 for the target platform, which is almost certainly not what you
548 want. So far we have been unable to find out how to get
549 automake/autoconf to build it for the build platform. If you want
550 to use it, you will have to recompile it by hand using the command
551 shown at the top of auxprogs/valgrind-di-server.c.
552 Valgrind can also download debuginfo via debuginfod. See the
554 DEBUGINFOD section for more information.
555 --allow-mismatched-debuginfo=no|yes [no]
557 When reading debuginfo from separate debuginfo objects, Valgrind
558 will by default check that the main and debuginfo objects match,
559 using the GNU debuglink mechanism. This guarantees that it does not
560 read debuginfo from out of date debuginfo objects, and also ensures
561 that Valgrind can't crash as a result of mismatches.
562 This check can be overridden using
564 --allow-mismatched-debuginfo=yes. This may be useful when the
565 debuginfo and main objects have not been split in the proper way.
566 Be careful when using this, though: it disables all consistency
567 checking, and Valgrind has been observed to crash when the main and
568 debuginfo objects don't match.
569 --suppressions=<filename> [default: $PREFIX/lib/valgrind/default.supp]
571 Specifies an extra file from which to read descriptions of errors
572 to suppress. You may use up to 100 extra suppression files.
573 --gen-suppressions=<yes|no|all> [default: no]
575 When set to yes, Valgrind will pause after every error shown and
576 print the line:
577 ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ----
579 Pressing Ret, or N Ret or n Ret, causes Valgrind continue execution
581 without printing a suppression for this error.
582 Pressing Y Ret or y Ret causes Valgrind to write a suppression for
584 this error. You can then cut and paste it into a suppression file
585 if you don't want to hear about the error in the future.
586 When set to all, Valgrind will print a suppression for every
588 reported error, without querying the user.
589 This option is particularly useful with C++ programs, as it prints
591 out the suppressions with mangled names, as required.
592 Note that the suppressions printed are as specific as possible. You
594 may want to common up similar ones, by adding wildcards to function
595 names, and by using frame-level wildcards. The wildcarding
596 facilities are powerful yet flexible, and with a bit of careful
597 editing, you may be able to suppress a whole family of related
598 errors with only a few suppressions.
599 Sometimes two different errors are suppressed by the same
601 suppression, in which case Valgrind will output the suppression
602 more than once, but you only need to have one copy in your
603 suppression file (but having more than one won't cause problems).
604 Also, the suppression name is given as <insert a suppression name
605 here>; the name doesn't really matter, it's only used with the -v
606 option which prints out all used suppression records.
607 --input-fd=<number> [default: 0, stdin]
609 When using --gen-suppressions=yes, Valgrind will stop so as to read
610 keyboard input from you when each error occurs. By default it reads
611 from the standard input (stdin), which is problematic for programs
612 which close stdin. This option allows you to specify an alternative
613 file descriptor from which to read input.
614 --dsymutil=no|yes [yes]
616 This option is only relevant when running Valgrind on macOS.
617 macOS uses a deferred debug information (debuginfo) linking scheme.
619 When object files containing debuginfo are linked into a .dylib or
620 an executable, the debuginfo is not copied into the final file.
621 Instead, the debuginfo must be linked manually by running dsymutil,
622 a system-provided utility, on the executable or .dylib. The
623 resulting combined debuginfo is placed in a directory alongside the
624 executable or .dylib, but with the extension .dSYM.
625 With --dsymutil=no, Valgrind will detect cases where the .dSYM
627 directory is either missing, or is present but does not appear to
628 match the associated executable or .dylib, most likely because it
629 is out of date. In these cases, Valgrind will print a warning
630 message but take no further action.
631 With --dsymutil=yes, Valgrind will, in such cases, automatically
633 run dsymutil as necessary to bring the debuginfo up to date. For
634 all practical purposes, if you always use --dsymutil=yes, then
635 there is never any need to run dsymutil manually or as part of your
636 applications's build system, since Valgrind will run it as
637 necessary.
638 Valgrind will not attempt to run dsymutil on any executable or
640 library in /usr/, /bin/, /sbin/, /opt/, /sw/, /System/, /Library/
641 or /Applications/ since dsymutil will always fail in such
642 situations. It fails both because the debuginfo for such
643 pre-installed system components is not available anywhere, and also
644 because it would require write privileges in those directories.
645 Be careful when using --dsymutil=yes, since it will cause
647 pre-existing .dSYM directories to be silently deleted and
648 re-created. Also note that dsymutil is quite slow, sometimes
649 excessively so.
650 --max-stackframe=<number> [default: 2000000]
652 The maximum size of a stack frame. If the stack pointer moves by
653 more than this amount then Valgrind will assume that the program is
654 switching to a different stack.
655 You may need to use this option if your program has large
657 stack-allocated arrays. Valgrind keeps track of your program's
658 stack pointer. If it changes by more than the threshold amount,
659 Valgrind assumes your program is switching to a different stack,
660 and Memcheck behaves differently than it would for a stack pointer
661 change smaller than the threshold. Usually this heuristic works
662 well. However, if your program allocates large structures on the
663 stack, this heuristic will be fooled, and Memcheck will
664 subsequently report large numbers of invalid stack accesses. This
665 option allows you to change the threshold to a different value.
666 You should only consider use of this option if Valgrind's debug
668 output directs you to do so. In that case it will tell you the new
669 threshold you should specify.
670 In general, allocating large structures on the stack is a bad idea,
672 because you can easily run out of stack space, especially on
673 systems with limited memory or which expect to support large
674 numbers of threads each with a small stack, and also because the
675 error checking performed by Memcheck is more effective for
676 heap-allocated data than for stack-allocated data. If you have to
677 use this option, you may wish to consider rewriting your code to
678 allocate on the heap rather than on the stack.
679 --main-stacksize=<number> [default: use current 'ulimit' value]
681 Specifies the size of the main thread's stack.
682 To simplify its memory management, Valgrind reserves all required
684 space for the main thread's stack at startup. That means it needs
685 to know the required stack size at startup.
686 By default, Valgrind uses the current "ulimit" value for the stack
688 size, or 16 MB, whichever is lower. In many cases this gives a
689 stack size in the range 8 to 16 MB, which almost never overflows
690 for most applications.
691 If you need a larger total stack size, use --main-stacksize to
693 specify it. Only set it as high as you need, since reserving far
694 more space than you need (that is, hundreds of megabytes more than
695 you need) constrains Valgrind's memory allocators and may reduce
696 the total amount of memory that Valgrind can use. This is only
697 really of significance on 32-bit machines.
698 On Linux, you may request a stack of size up to 2GB. Valgrind will
700 stop with a diagnostic message if the stack cannot be allocated.
701 --main-stacksize only affects the stack size for the program's
703 initial thread. It has no bearing on the size of thread stacks, as
704 Valgrind does not allocate those.
705 You may need to use both --main-stacksize and --max-stackframe
707 together. It is important to understand that --main-stacksize sets
708 the maximum total stack size, whilst --max-stackframe specifies the
709 largest size of any one stack frame. You will have to work out the
710 --main-stacksize value for yourself (usually, if your applications
711 segfaults). But Valgrind will tell you the needed --max-stackframe
712 size, if necessary.
713 As discussed further in the description of --max-stackframe, a
715 requirement for a large stack is a sign of potential portability
716 problems. You are best advised to place all large data in
717 heap-allocated memory.
718 --max-threads=<number> [default: 500]
720 By default, Valgrind can handle to up to 500 threads. Occasionally,
721 that number is too small. Use this option to provide a different
722 limit. E.g. --max-threads=3000.
723 --realloc-zero-bytes-frees=yes|no [default: yes for glibc no otherwise]
725 The behaviour of realloc() is implementation defined (in C17, in
726 C23 it is likely to become undefined). Valgrind tries to work in
727 the same way as the underlying OS and C runtime library. However,
728 if you use a different C runtime library then this default may be
729 wrong. For instance, if you use Valgrind on Linux installed via a
730 package and use the musl C runtime or the JEMalloc library then
731 consider using --realloc-zero-bytes-frees=no.
732 Address Sanitizer has a similar and even wordier option
734 allocator_frees_and_returns_null_on_realloc_zero.
735
737 For tools that use their own version of malloc (e.g. Memcheck, Massif,
738 Helgrind, DRD), the following options apply.
739 --alignment=<number> [default: 8 or 16, depending on the platform]
741 By default Valgrind's malloc, realloc, etc, return a block whose
742 starting address is 8-byte aligned or 16-byte aligned (the value
743 depends on the platform and matches the platform default). This
744 option allows you to specify a different alignment. The supplied
745 value must be greater than or equal to the default, less than or
746 equal to 4096, and must be a power of two.
747 --redzone-size=<number> [default: depends on the tool]
749 Valgrind's malloc, realloc, etc, add padding blocks before and
750 after each heap block allocated by the program being run. Such
751 padding blocks are called redzones. The default value for the
752 redzone size depends on the tool. For example, Memcheck adds and
753 protects a minimum of 16 bytes before and after each block
754 allocated by the client. This allows it to detect block underruns
755 or overruns of up to 16 bytes.
756 Increasing the redzone size makes it possible to detect overruns of
758 larger distances, but increases the amount of memory used by
759 Valgrind. Decreasing the redzone size will reduce the memory needed
760 by Valgrind but also reduces the chances of detecting
761 over/underruns, so is not recommended.
762 --xtree-memory=none|allocs|full [none]
764 Tools replacing Valgrind's malloc, realloc, etc, can optionally
765 produce an execution tree detailing which piece of code is
766 responsible for heap memory usage. See Execution Trees for a
767 detailed explanation about execution trees.
768 When set to none, no memory execution tree is produced.
770 When set to allocs, the memory execution tree gives the current
772 number of allocated bytes and the current number of allocated
773 blocks.
774 When set to full, the memory execution tree gives 6 different
776 measurements : the current number of allocated bytes and blocks
777 (same values as for allocs), the total number of allocated bytes
778 and blocks, the total number of freed bytes and blocks.
779 Note that the overhead in cpu and memory to produce an xtree
781 depends on the tool. The overhead in cpu is small for the value
782 allocs, as the information needed to produce this report is
783 maintained in any case by the tool. For massif and helgrind,
784 specifying full implies to capture a stack trace for each free
785 operation, while normally these tools only capture an allocation
786 stack trace. For Memcheck, the cpu overhead for the value full is
787 small, as this can only be used in combination with
788 --keep-stacktraces=alloc-and-free or
789 --keep-stacktraces=alloc-then-free, which already records a stack
790 trace for each free operation. The memory overhead varies between 5
791 and 10 words per unique stacktrace in the xtree, plus the memory
792 needed to record the stack trace for the free operations, if needed
793 specifically for the xtree.
794 --xtree-memory-file=<filename> [default: xtmemory.kcg.%p]
796 Specifies that Valgrind should produce the xtree memory report in
797 the specified file. Any %p or %q sequences appearing in the
798 filename are expanded in exactly the same way as they are for
799 --log-file. See the description of --log-file for details.
800 If the filename contains the extension .ms, then the produced file
802 format will be a massif output file format. If the filename
803 contains the extension .kcg or no extension is provided or
804 recognised, then the produced file format will be a callgrind
805 output format.
806 See Execution Trees for a detailed explanation about execution
808 trees formats.
809
811 These options apply to all tools, as they affect certain obscure
812 workings of the Valgrind core. Most people won't need to use them.
813 --smc-check=<none|stack|all|all-non-file> [default: all-non-file for
815 x86/amd64/s390x, stack for other archs]
816 This option controls Valgrind's detection of self-modifying code.
817 If no checking is done, when a program executes some code, then
818 overwrites it with new code, and executes the new code, Valgrind
819 will continue to execute the translations it made for the old code.
820 This will likely lead to incorrect behaviour and/or crashes.
821 For "modern" architectures -- anything that's not x86, amd64 or
823 s390x -- the default is stack. This is because a correct program
824 must take explicit action to reestablish D-I cache coherence
825 following code modification. Valgrind observes and honours such
826 actions, with the result that self-modifying code is transparently
827 handled with zero extra cost.
828 For x86, amd64 and s390x, the program is not required to notify the
830 hardware of required D-I coherence syncing. Hence the default is
831 all-non-file, which covers the normal case of generating code into
832 an anonymous (non-file-backed) mmap'd area.
833 The meanings of the four available settings are as follows. No
835 detection (none), detect self-modifying code on the stack (which is
836 used by GCC to implement nested functions) (stack), detect
837 self-modifying code everywhere (all), and detect self-modifying
838 code everywhere except in file-backed mappings (all-non-file).
839 Running with all will slow Valgrind down noticeably. Running with
841 none will rarely speed things up, since very little code gets
842 dynamically generated in most programs. The
843 VALGRIND_DISCARD_TRANSLATIONS client request is an alternative to
844 --smc-check=all and --smc-check=all-non-file that requires more
845 programmer effort but allows Valgrind to run your program faster,
846 by telling it precisely when translations need to be re-made.
847 --smc-check=all-non-file provides a cheaper but more limited
849 version of --smc-check=all. It adds checks to any translations that
850 do not originate from file-backed memory mappings. Typical
851 applications that generate code, for example JITs in web browsers,
852 generate code into anonymous mmaped areas, whereas the "fixed" code
853 of the browser always lives in file-backed mappings.
854 --smc-check=all-non-file takes advantage of this observation,
855 limiting the overhead of checking to code which is likely to be JIT
856 generated.
857 --read-inline-info=<yes|no> [default: see below]
859 When enabled, Valgrind will read information about inlined function
860 calls from DWARF3 debug info. This slows Valgrind startup and makes
861 it use more memory (typically for each inlined piece of code, 6
862 words and space for the function name), but it results in more
863 descriptive stacktraces. Currently, this functionality is enabled
864 by default only for Linux, Android and Solaris targets and only for
865 the tools Memcheck, Massif, Helgrind and DRD. Here is an example of
866 some stacktraces with --read-inline-info=no:
867 ==15380== Conditional jump or move depends on uninitialised value(s)
869 ==15380== at 0x80484EA: main (inlinfo.c:6)
870 ==15380==
871 ==15380== Conditional jump or move depends on uninitialised value(s)
872 ==15380== at 0x8048550: fun_noninline (inlinfo.c:6)
873 ==15380== by 0x804850E: main (inlinfo.c:34)
874 ==15380==
875 ==15380== Conditional jump or move depends on uninitialised value(s)
876 ==15380== at 0x8048520: main (inlinfo.c:6)
877 And here are the same errors with --read-inline-info=yes:
879 ==15377== Conditional jump or move depends on uninitialised value(s)
881 ==15377== at 0x80484EA: fun_d (inlinfo.c:6)
882 ==15377== by 0x80484EA: fun_c (inlinfo.c:14)
883 ==15377== by 0x80484EA: fun_b (inlinfo.c:20)
884 ==15377== by 0x80484EA: fun_a (inlinfo.c:26)
885 ==15377== by 0x80484EA: main (inlinfo.c:33)
886 ==15377==
887 ==15377== Conditional jump or move depends on uninitialised value(s)
888 ==15377== at 0x8048550: fun_d (inlinfo.c:6)
889 ==15377== by 0x8048550: fun_noninline (inlinfo.c:41)
890 ==15377== by 0x804850E: main (inlinfo.c:34)
891 ==15377==
892 ==15377== Conditional jump or move depends on uninitialised value(s)
893 ==15377== at 0x8048520: fun_d (inlinfo.c:6)
894 ==15377== by 0x8048520: main (inlinfo.c:35)
895 --read-var-info=<yes|no> [default: no]
897 When enabled, Valgrind will read information about variable types
898 and locations from DWARF3 debug info. This slows Valgrind startup
899 significantly and makes it use significantly more memory, but for
900 the tools that can take advantage of it (Memcheck, Helgrind, DRD)
901 it can result in more precise error messages. For example, here are
902 some standard errors issued by Memcheck:
903 ==15363== Uninitialised byte(s) found during client check request
905 ==15363== at 0x80484A9: croak (varinfo1.c:28)
906 ==15363== by 0x8048544: main (varinfo1.c:55)
907 ==15363== Address 0x80497f7 is 7 bytes inside data symbol "global_i2"
908 ==15363==
909 ==15363== Uninitialised byte(s) found during client check request
910 ==15363== at 0x80484A9: croak (varinfo1.c:28)
911 ==15363== by 0x8048550: main (varinfo1.c:56)
912 ==15363== Address 0xbea0d0cc is on thread 1's stack
913 ==15363== in frame #1, created by main (varinfo1.c:45)
914 And here are the same errors with --read-var-info=yes:
916 ==15370== Uninitialised byte(s) found during client check request
918 ==15370== at 0x80484A9: croak (varinfo1.c:28)
919 ==15370== by 0x8048544: main (varinfo1.c:55)
920 ==15370== Location 0x80497f7 is 0 bytes inside global_i2[7],
921 ==15370== a global variable declared at varinfo1.c:41
922 ==15370==
923 ==15370== Uninitialised byte(s) found during client check request
924 ==15370== at 0x80484A9: croak (varinfo1.c:28)
925 ==15370== by 0x8048550: main (varinfo1.c:56)
926 ==15370== Location 0xbeb4a0cc is 0 bytes inside local var "local"
927 ==15370== declared at varinfo1.c:46, in frame #1 of thread 1
928 --vgdb-poll=<number> [default: 5000]
930 As part of its main loop, the Valgrind scheduler will poll to check
931 if some activity (such as an external command or some input from a
932 gdb) has to be handled by gdbserver. This activity poll will be
933 done after having run the given number of basic blocks (or slightly
934 more than the given number of basic blocks). This poll is quite
935 cheap so the default value is set relatively low. You might further
936 decrease this value if vgdb cannot use ptrace system call to
937 interrupt Valgrind if all threads are (most of the time) blocked in
938 a system call.
939 --vgdb-shadow-registers=no|yes [default: no]
941 When activated, gdbserver will expose the Valgrind shadow registers
942 to GDB. With this, the value of the Valgrind shadow registers can
943 be examined or changed using GDB. Exposing shadow registers only
944 works with GDB version 7.1 or later.
945 --vgdb-prefix=<prefix> [default: /tmp/vgdb-pipe]
947 To communicate with gdb/vgdb, the Valgrind gdbserver creates 3
948 files (2 named FIFOs and a mmap shared memory file). The prefix
949 option controls the directory and prefix for the creation of these
950 files.
951 --run-libc-freeres=<yes|no> [default: yes]
953 This option is only relevant when running Valgrind on Linux.
954 The GNU C library (libc.so), which is used by all programs, may
956 allocate memory for its own uses. Usually it doesn't bother to free
957 that memory when the program ends—there would be no point, since
958 the Linux kernel reclaims all process resources when a process
959 exits anyway, so it would just slow things down.
960 The glibc authors realised that this behaviour causes leak
962 checkers, such as Valgrind, to falsely report leaks in glibc, when
963 a leak check is done at exit. In order to avoid this, they provided
964 a routine called __libc_freeres specifically to make glibc release
965 all memory it has allocated. Memcheck therefore tries to run
966 __libc_freeres at exit.
967 Unfortunately, in some very old versions of glibc, __libc_freeres
969 is sufficiently buggy to cause segmentation faults. This was
970 particularly noticeable on Red Hat 7.1. So this option is provided
971 in order to inhibit the run of __libc_freeres. If your program
972 seems to run fine on Valgrind, but segfaults at exit, you may find
973 that --run-libc-freeres=no fixes that, although at the cost of
974 possibly falsely reporting space leaks in libc.so.
975 --run-cxx-freeres=<yes|no> [default: yes]
977 This option is only relevant when running Valgrind on Linux or
978 Solaris C++ programs.
979 The GNU Standard C++ library (libstdc++.so), which is used by all
981 C++ programs compiled with g++, may allocate memory for its own
982 uses. Usually it doesn't bother to free that memory when the
983 program ends—there would be no point, since the kernel reclaims all
984 process resources when a process exits anyway, so it would just
985 slow things down.
986 The gcc authors realised that this behaviour causes leak checkers,
988 such as Valgrind, to falsely report leaks in libstdc++, when a leak
989 check is done at exit. In order to avoid this, they provided a
990 routine called __gnu_cxx::__freeres specifically to make libstdc++
991 release all memory it has allocated. Memcheck therefore tries to
992 run __gnu_cxx::__freeres at exit.
993 For the sake of flexibility and unforeseen problems with
995 __gnu_cxx::__freeres, option --run-cxx-freeres=no exists, although
996 at the cost of possibly falsely reporting space leaks in
997 libstdc++.so.
998 --sim-hints=hint1,hint2,...
1000 Pass miscellaneous hints to Valgrind which slightly modify the
1001 simulated behaviour in nonstandard or dangerous ways, possibly to
1002 help the simulation of strange features. By default no hints are
1003 enabled. Use with caution! Currently known hints are:
1004 • lax-ioctls: Be very lax about ioctl handling; the only
1006 assumption is that the size is correct. Doesn't require the
1007 full buffer to be initialised when writing. Without this, using
1008 some device drivers with a large number of strange ioctl
1009 commands becomes very tiresome.
1010 • fuse-compatible: Enable special handling for certain system
1012 calls that may block in a FUSE file-system. This may be
1013 necessary when running Valgrind on a multi-threaded program
1014 that uses one thread to manage a FUSE file-system and another
1015 thread to access that file-system.
1016 • enable-outer: Enable some special magic needed when the program
1018 being run is itself Valgrind.
1019 • no-inner-prefix: Disable printing a prefix > in front of each
1021 stdout or stderr output line in an inner Valgrind being run by
1022 an outer Valgrind. This is useful when running Valgrind
1023 regression tests in an outer/inner setup. Note that the prefix
1024 > will always be printed in front of the inner debug logging
1025 lines.
1026 • no-nptl-pthread-stackcache: This hint is only relevant when
1028 running Valgrind on Linux; it is ignored on FreeBSD, Solaris
1029 and macOS.
1030 The GNU glibc pthread library (libpthread.so), which is used by
1032 pthread programs, maintains a cache of pthread stacks. When a
1033 pthread terminates, the memory used for the pthread stack and
1034 some thread local storage related data structure are not always
1035 directly released. This memory is kept in a cache (up to a
1036 certain size), and is re-used if a new thread is started.
1037 This cache causes the helgrind tool to report some false
1039 positive race condition errors on this cached memory, as
1040 helgrind does not understand the internal glibc cache
1041 synchronisation primitives. So, when using helgrind, disabling
1042 the cache helps to avoid false positive race conditions, in
1043 particular when using thread local storage variables (e.g.
1044 variables using the __thread qualifier).
1045 When using the memcheck tool, disabling the cache ensures the
1047 memory used by glibc to handle __thread variables is directly
1048 released when a thread terminates.
1049 Note: Valgrind disables the cache using some internal knowledge
1051 of the glibc stack cache implementation and by examining the
1052 debug information of the pthread library. This technique is
1053 thus somewhat fragile and might not work for all glibc
1054 versions. This has been successfully tested with various glibc
1055 versions (e.g. 2.11, 2.16, 2.18) on various platforms.
1056 • lax-doors: (Solaris only) Be very lax about door syscall
1058 handling over unrecognised door file descriptors. Does not
1059 require that full buffer is initialised when writing. Without
1060 this, programs using libdoor(3LIB) functionality with
1061 completely proprietary semantics may report large number of
1062 false positives.
1063 • fallback-llsc: (MIPS and ARM64 only): Enables an alternative
1065 implementation of Load-Linked (LL) and Store-Conditional (SC)
1066 instructions. The standard implementation gives more correct
1067 behaviour, but can cause indefinite looping on certain
1068 processor implementations that are intolerant of extra memory
1069 references between LL and SC. So far this is known only to
1070 happen on Cavium 3 cores. You should not need to use this flag,
1071 since the relevant cores are detected at startup and the
1072 alternative implementation is automatically enabled if
1073 necessary. There is no equivalent anti-flag: you cannot
1074 force-disable the alternative implementation, if it is
1075 automatically enabled. The underlying problem exists because
1076 the "standard" implementation of LL and SC is done by copying
1077 through LL and SC instructions into the instrumented code.
1078 However, tools may insert extra instrumentation memory
1079 references in between the LL and SC instructions. These memory
1080 references are not present in the original uninstrumented code,
1081 and their presence in the instrumented code can cause the SC
1082 instructions to persistently fail, leading to indefinite
1083 looping in LL-SC blocks. The alternative implementation gives
1084 correct behaviour of LL and SC instructions between threads in
1085 a process, up to and including the ABA scenario. It also gives
1086 correct behaviour between a Valgrinded thread and a
1087 non-Valgrinded thread running in a different process, that
1088 communicate via shared memory, but only up to and including
1089 correct CAS behaviour -- in this case the ABA scenario may not
1090 be correctly handled.
1091 --scheduling-quantum=<number> [default: 100000]
1093 The --scheduling-quantum option controls the maximum number of
1094 basic blocks executed by a thread before releasing the lock used by
1095 Valgrind to serialise thread execution. Smaller values give finer
1096 interleaving but increases the scheduling overhead. Finer
1097 interleaving can be useful to reproduce race conditions with
1098 helgrind or DRD. For more details about the Valgrind thread
1099 serialisation scheme and its impact on performance and thread
1100 scheduling, see Scheduling and Multi-Thread Performance.
1101 --fair-sched=<no|yes|try> [default: no]
1103 The --fair-sched option controls the locking mechanism used by
1104 Valgrind to serialise thread execution. The locking mechanism
1105 controls the way the threads are scheduled, and different settings
1106 give different trade-offs between fairness and performance. For
1107 more details about the Valgrind thread serialisation scheme and its
1108 impact on performance and thread scheduling, see Scheduling and
1109 Multi-Thread Performance.
1110 • The value --fair-sched=yes activates a fair scheduler. In
1112 short, if multiple threads are ready to run, the threads will
1113 be scheduled in a round robin fashion. This mechanism is not
1114 available on all platforms or Linux versions. If not available,
1115 using --fair-sched=yes will cause Valgrind to terminate with an
1116 error.
1117 You may find this setting improves overall responsiveness if
1119 you are running an interactive multithreaded program, for
1120 example a web browser, on Valgrind.
1121 • The value --fair-sched=try activates fair scheduling if
1123 available on the platform. Otherwise, it will automatically
1124 fall back to --fair-sched=no.
1125 • The value --fair-sched=no activates a scheduler which does not
1127 guarantee fairness between threads ready to run, but which in
1128 general gives the highest performance.
1129 --kernel-variant=variant1,variant2,...
1131 Handle system calls and ioctls arising from minor variants of the
1132 default kernel for this platform. This is useful for running on
1133 hacked kernels or with kernel modules which support nonstandard
1134 ioctls, for example. Use with caution. If you don't understand what
1135 this option does then you almost certainly don't need it. Currently
1136 known variants are:
1137 • bproc: support the sys_broc system call on x86. This is for
1139 running on BProc, which is a minor variant of standard Linux
1140 which is sometimes used for building clusters.
1141 • android-no-hw-tls: some versions of the Android emulator for
1143 ARM do not provide a hardware TLS (thread-local state)
1144 register, and Valgrind crashes at startup. Use this variant to
1145 select software support for TLS.
1146 • android-gpu-sgx5xx: use this to support handling of proprietary
1148 ioctls for the PowerVR SGX 5XX series of GPUs on Android
1149 devices. Failure to select this does not cause stability
1150 problems, but may cause Memcheck to report false errors after
1151 the program performs GPU-specific ioctls.
1152 • android-gpu-adreno3xx: similarly, use this to support handling
1154 of proprietary ioctls for the Qualcomm Adreno 3XX series of
1155 GPUs on Android devices.
1156 --merge-recursive-frames=<number> [default: 0]
1158 Some recursive algorithms, for example balanced binary tree
1159 implementations, create many different stack traces, each
1160 containing cycles of calls. A cycle is defined as two identical
1161 program counter values separated by zero or more other program
1162 counter values. Valgrind may then use a lot of memory to store all
1163 these stack traces. This is a poor use of memory considering that
1164 such stack traces contain repeated uninteresting recursive calls
1165 instead of more interesting information such as the function that
1166 has initiated the recursive call.
1167 The option --merge-recursive-frames=<number> instructs Valgrind to
1169 detect and merge recursive call cycles having a size of up to
1170 <number> frames. When such a cycle is detected, Valgrind records
1171 the cycle in the stack trace as a unique program counter.
1172 The value 0 (the default) causes no recursive call merging. A value
1174 of 1 will cause stack traces of simple recursive algorithms (for
1175 example, a factorial implementation) to be collapsed. A value of 2
1176 will usually be needed to collapse stack traces produced by
1177 recursive algorithms such as binary trees, quick sort, etc. Higher
1178 values might be needed for more complex recursive algorithms.
1179 Note: recursive calls are detected by analysis of program counter
1181 values. They are not detected by looking at function names.
1182 --num-transtab-sectors=<number> [default: 6 for Android platforms, 16
1184 for all others]
1185 Valgrind translates and instruments your program's machine code in
1186 small fragments (basic blocks). The translations are stored in a
1187 translation cache that is divided into a number of sections
1188 (sectors). If the cache is full, the sector containing the oldest
1189 translations is emptied and reused. If these old translations are
1190 needed again, Valgrind must re-translate and re-instrument the
1191 corresponding machine code, which is expensive. If the "executed
1192 instructions" working set of a program is big, increasing the
1193 number of sectors may improve performance by reducing the number of
1194 re-translations needed. Sectors are allocated on demand. Once
1195 allocated, a sector can never be freed, and occupies considerable
1196 space, depending on the tool and the value of
1197 --avg-transtab-entry-size (about 40 MB per sector for Memcheck).
1198 Use the option --stats=yes to obtain precise information about the
1199 memory used by a sector and the allocation and recycling of
1200 sectors.
1201 --avg-transtab-entry-size=<number> [default: 0, meaning use tool
1203 provided default]
1204 Average size of translated basic block. This average size is used
1205 to dimension the size of a sector. Each tool provides a default
1206 value to be used. If this default value is too small, the
1207 translation sectors will become full too quickly. If this default
1208 value is too big, a significant part of the translation sector
1209 memory will be unused. Note that the average size of a basic block
1210 translation depends on the tool, and might depend on tool options.
1211 For example, the memcheck option --track-origins=yes increases the
1212 size of the basic block translations. Use --avg-transtab-entry-size
1213 to tune the size of the sectors, either to gain memory or to avoid
1214 too many retranslations.
1215 --aspace-minaddr=<address> [default: depends on the platform]
1217 To avoid potential conflicts with some system libraries, Valgrind
1218 does not use the address space below --aspace-minaddr value,
1219 keeping it reserved in case a library specifically requests memory
1220 in this region. So, some "pessimistic" value is guessed by Valgrind
1221 depending on the platform. On linux, by default, Valgrind avoids
1222 using the first 64MB even if typically there is no conflict in this
1223 complete zone. You can use the option --aspace-minaddr to have your
1224 memory hungry application benefitting from more of this lower
1225 memory. On the other hand, if you encounter a conflict, increasing
1226 aspace-minaddr value might solve it. Conflicts will typically
1227 manifest themselves with mmap failures in the low range of the
1228 address space. The provided address must be page aligned and must
1229 be equal or bigger to 0x1000 (4KB). To find the default value on
1230 your platform, do something such as valgrind -d -d date 2>&1 | grep
1231 -i minaddr. Values lower than 0x10000 (64KB) are known to create
1232 problems on some distributions.
1233 --valgrind-stacksize=<number> [default: 1MB]
1235 For each thread, Valgrind needs its own 'private' stack. The
1236 default size for these stacks is largely dimensioned, and so should
1237 be sufficient in most cases. In case the size is too small,
1238 Valgrind will segfault. Before segfaulting, a warning might be
1239 produced by Valgrind when approaching the limit.
1240 Use the option --valgrind-stacksize if such an (unlikely) warning
1242 is produced, or Valgrind dies due to a segmentation violation. Such
1243 segmentation violations have been seen when demangling huge C++
1244 symbols.
1245 If your application uses many threads and needs a lot of memory,
1247 you can gain some memory by reducing the size of these Valgrind
1248 stacks using the option --valgrind-stacksize.
1249 --show-emwarns=<yes|no> [default: no]
1251 When enabled, Valgrind will emit warnings about its CPU emulation
1252 in certain cases. These are usually not interesting.
1253 --require-text-symbol=:sonamepatt:fnnamepatt
1255 When a shared object whose soname matches sonamepatt is loaded into
1256 the process, examine all the text symbols it exports. If none of
1257 those match fnnamepatt, print an error message and abandon the run.
1258 This makes it possible to ensure that the run does not continue
1259 unless a given shared object contains a particular function name.
1260 Both sonamepatt and fnnamepatt can be written using the usual ?
1262 and * wildcards. For example: ":*libc.so*:foo?bar". You may use
1263 characters other than a colon to separate the two patterns. It is
1264 only important that the first character and the separator character
1265 are the same. For example, the above example could also be written
1266 "Q*libc.so*Qfoo?bar". Multiple
1267 --require-text-symbol flags are allowed, in which case shared
1268 objects that are loaded into the process will be checked against
1269 all of them.
1270 The purpose of this is to support reliable usage of marked-up
1272 libraries. For example, suppose we have a version of GCC's
1273 libgomp.so which has been marked up with annotations to support
1274 Helgrind. It is only too easy and confusing to load the wrong,
1275 un-annotated libgomp.so into the application. So the idea is: add a
1276 text symbol in the marked-up library, for example
1277 annotated_for_helgrind_3_6, and then give the flag
1278 --require-text-symbol=:*libgomp*so*:annotated_for_helgrind_3_6 so
1279 that when libgomp.so is loaded, Valgrind scans its symbol table,
1280 and if the symbol isn't present the run is aborted, rather than
1281 continuing silently with the un-marked-up library. Note that you
1282 should put the entire flag in quotes to stop shells expanding up
1283 the * and ? wildcards.
1284 --soname-synonyms=syn1=pattern1,syn2=pattern2,...
1286 When a shared library is loaded, Valgrind checks for functions in
1287 the library that must be replaced or wrapped. For example, Memcheck
1288 replaces some string and memory functions (strchr, strlen, strcpy,
1289 memchr, memcpy, memmove, etc.) with its own versions. Such
1290 replacements are normally done only in shared libraries whose
1291 soname matches a predefined soname pattern (e.g. libc.so* on
1292 linux). By default, no replacement is done for a statically linked
1293 binary or for alternative libraries, except for the allocation
1294 functions (malloc, free, calloc, memalign, realloc, operator new,
1295 operator delete, etc.) Such allocation functions are intercepted by
1296 default in any shared library or in the executable if they are
1297 exported as global symbols. This means that if a replacement
1298 allocation library such as tcmalloc is found, its functions are
1299 also intercepted by default. In some cases, the replacements allow
1300 --soname-synonyms to specify one additional synonym pattern, giving
1301 flexibility in the replacement. Or to prevent interception of all
1302 public allocation symbols.
1303 Currently, this flexibility is only allowed for the malloc related
1305 functions, using the synonym somalloc. This synonym is usable for
1306 all tools doing standard replacement of malloc related functions
1307 (e.g. memcheck, helgrind, drd, massif, dhat).
1308 • Alternate malloc library: to replace the malloc related
1310 functions in a specific alternate library with soname
1311 mymalloclib.so (and not in any others), give the option
1312 --soname-synonyms=somalloc=mymalloclib.so. A pattern can be
1313 used to match multiple libraries sonames. For example,
1314 --soname-synonyms=somalloc=*tcmalloc* will match the soname of
1315 all variants of the tcmalloc library (native, debug, profiled,
1316 ... tcmalloc variants).
1317 Note: the soname of a elf shared library can be retrieved using
1319 the readelf utility.
1320 • Replacements in a statically linked library are done by using
1322 the NONE pattern. For example, if you link with libtcmalloc.a,
1323 and only want to intercept the malloc related functions in the
1324 executable (and standard libraries) themselves, but not any
1325 other shared libraries, you can give the option
1326 --soname-synonyms=somalloc=NONE. Note that a NONE pattern will
1327 match the main executable and any shared library having no
1328 soname.
1329 • To run a "default" Firefox build for Linux, in which JEMalloc
1331 is linked in to the main executable, use
1332 --soname-synonyms=somalloc=NONE.
1333 • To only intercept allocation symbols in the default system
1335 libraries, but not in any other shared library or the
1336 executable defining public malloc or operator new related
1337 functions use a non-existing library name like
1338 --soname-synonyms=somalloc=nouserintercepts (where
1339 nouserintercepts can be any non-existing library name).
1340 • Shared library of the dynamic (runtime) linker is excluded from
1342 searching for global public symbols, such as those for the
1343 malloc related functions (identified by somalloc synonym).
1344 --progress-interval=<number> [default: 0, meaning 'disabled']
1346 This is an enhancement to Valgrind's debugging output. It is
1347 unlikely to be of interest to end users.
1348 When number is set to a non-zero value, Valgrind will print a
1350 one-line progress summary every number seconds. Valid settings for
1351 number are between 0 and 3600 inclusive. Here's some example output
1352 with number set to 10:
1353 PROGRESS: U 110s, W 113s, 97.3% CPU, EvC 414.79M, TIn 616.7k, TOut 0.5k, #thr 67
1355 PROGRESS: U 120s, W 124s, 96.8% CPU, EvC 505.27M, TIn 636.6k, TOut 3.0k, #thr 64
1356 PROGRESS: U 130s, W 134s, 97.0% CPU, EvC 574.90M, TIn 657.5k, TOut 3.0k, #thr 63
1357 Each line shows:
1359 • U: total user time
1361 • W: total wallclock time
1363 • CPU: overall average cpu use
1365 • EvC: number of event checks. An event check is a backwards
1367 branch in the simulated program, so this is a measure of
1368 forward progress of the program
1369 • TIn: number of code blocks instrumented by the JIT
1371 • TOut: number of instrumented code blocks that have been thrown
1373 away
1374 • #thr: number of threads in the program
1376 From the progress of these, it is possible to observe:
1378 • when the program is compute bound (TIn rises slowly, EvC rises
1380 rapidly)
1381 • when the program is in a spinloop (TIn/TOut fixed, EvC rises
1383 rapidly)
1384 • when the program is JIT-bound (TIn rises rapidly)
1386 • when the program is rapidly discarding code (TOut rises
1388 rapidly)
1389 • when the program is about to achieve some expected state (EvC
1391 arrives at some value you expect)
1392 • when the program is idling (U rises more slowly than W)
1394
1397 There are also some options for debugging Valgrind itself. You
1398 shouldn't need to use them in the normal run of things. If you wish to
1399 see the list, use the --help-debug option.
1400
1402 --leak-check=<no|summary|yes|full> [default: summary]
1403 When enabled, search for memory leaks when the client program
1404 finishes. If set to summary, it says how many leaks occurred. If
1405 set to full or yes, each individual leak will be shown in detail
1406 and/or counted as an error, as specified by the options
1407 --show-leak-kinds and --errors-for-leak-kinds.
1408 If --xml=yes is given, memcheck will automatically use the value
1410 --leak-check=full. You can use --show-leak-kinds=none to reduce the
1411 size of the xml output if you are not interested in the leak
1412 results.
1413 --leak-resolution=<low|med|high> [default: high]
1415 When doing leak checking, determines how willing Memcheck is to
1416 consider different backtraces to be the same for the purposes of
1417 merging multiple leaks into a single leak report. When set to low,
1418 only the first two entries need match. When med, four entries have
1419 to match. When high, all entries need to match.
1420 For hardcore leak debugging, you probably want to use
1422 --leak-resolution=high together with --num-callers=40 or some such
1423 large number.
1424 Note that the --leak-resolution setting does not affect Memcheck's
1426 ability to find leaks. It only changes how the results are
1427 presented.
1428 --show-leak-kinds=<set> [default: definite,possible]
1430 Specifies the leak kinds to show in a full leak search, in one of
1431 the following ways:
1432 • a comma separated list of one or more of definite indirect
1434 possible reachable.
1435 • all to specify the complete set (all leak kinds). It is
1437 equivalent to
1438 --show-leak-kinds=definite,indirect,possible,reachable.
1439 • none for the empty set.
1441 --errors-for-leak-kinds=<set> [default: definite,possible]
1443 Specifies the leak kinds to count as errors in a full leak search.
1444 The <set> is specified similarly to --show-leak-kinds
1445 --leak-check-heuristics=<set> [default: all]
1447 Specifies the set of leak check heuristics to be used during leak
1448 searches. The heuristics control which interior pointers to a block
1449 cause it to be considered as reachable. The heuristic set is
1450 specified in one of the following ways:
1451 • a comma separated list of one or more of stdstring length64
1453 newarray multipleinheritance.
1454 • all to activate the complete set of heuristics. It is
1456 equivalent to
1457 --leak-check-heuristics=stdstring,length64,newarray,multipleinheritance.
1458 • none for the empty set.
1460 Note that these heuristics are dependent on the layout of the
1462 objects produced by the C++ compiler. They have been tested with
1463 some gcc versions (e.g. 4.4 and 4.7). They might not work properly
1464 with other C++ compilers.
1465 --show-reachable=<yes|no> , --show-possibly-lost=<yes|no>
1467 These options provide an alternative way to specify the leak kinds
1468 to show:
1469 • --show-reachable=no --show-possibly-lost=yes is equivalent to
1471 --show-leak-kinds=definite,possible.
1472 • --show-reachable=no --show-possibly-lost=no is equivalent to
1474 --show-leak-kinds=definite.
1475 • --show-reachable=yes is equivalent to --show-leak-kinds=all.
1477 Note that --show-possibly-lost=no has no effect if
1479 --show-reachable=yes is specified.
1480 --xtree-leak=<no|yes> [no]
1482 If set to yes, the results for the leak search done at exit will be
1483 output in a 'Callgrind Format' execution tree file. Note that this
1484 automatically sets the options --leak-check=full and
1485 --show-leak-kinds=all, to allow xtree visualisation tools such as
1486 kcachegrind to select what kind to leak to visualise. The produced
1487 file will contain the following events:
1488 • RB : Reachable Bytes
1490 • PB : Possibly lost Bytes
1492 • IB : Indirectly lost Bytes
1494 • DB : Definitely lost Bytes (direct plus indirect)
1496 • DIB : Definitely Indirectly lost Bytes (subset of DB)
1498 • RBk : reachable Blocks
1500 • PBk : Possibly lost Blocks
1502 • IBk : Indirectly lost Blocks
1504 • DBk : Definitely lost Blocks
1506 The increase or decrease for all events above will also be output
1508 in the file to provide the delta (increase or decrease) between 2
1509 successive leak searches. For example, iRB is the increase of the
1510 RB event, dPBk is the decrease of PBk event. The values for the
1511 increase and decrease events will be zero for the first leak search
1512 done.
1513 See Execution Trees for a detailed explanation about execution
1515 trees.
1516 --xtree-leak-file=<filename> [default: xtleak.kcg.%p]
1518 Specifies that Valgrind should produce the xtree leak report in the
1519 specified file. Any %p, %q or %n sequences appearing in the
1520 filename are expanded in exactly the same way as they are for
1521 --log-file. See the description of --log-file for details.
1522 See Execution Trees for a detailed explanation about execution
1524 trees formats.
1525 --undef-value-errors=<yes|no> [default: yes]
1527 Controls whether Memcheck reports uses of undefined value errors.
1528 Set this to no if you don't want to see undefined value errors. It
1529 also has the side effect of speeding up Memcheck somewhat.
1530 AddrCheck (removed in Valgrind 3.1.0) functioned like Memcheck with
1531 --undef-value-errors=no.
1532 --track-origins=<yes|no> [default: no]
1534 Controls whether Memcheck tracks the origin of uninitialised
1535 values. By default, it does not, which means that although it can
1536 tell you that an uninitialised value is being used in a dangerous
1537 way, it cannot tell you where the uninitialised value came from.
1538 This often makes it difficult to track down the root problem.
1539 When set to yes, Memcheck keeps track of the origins of all
1541 uninitialised values. Then, when an uninitialised value error is
1542 reported, Memcheck will try to show the origin of the value. An
1543 origin can be one of the following four places: a heap block, a
1544 stack allocation, a client request, or miscellaneous other sources
1545 (eg, a call to brk).
1546 For uninitialised values originating from a heap block, Memcheck
1548 shows where the block was allocated. For uninitialised values
1549 originating from a stack allocation, Memcheck can tell you which
1550 function allocated the value, but no more than that -- typically it
1551 shows you the source location of the opening brace of the function.
1552 So you should carefully check that all of the function's local
1553 variables are initialised properly.
1554 Performance overhead: origin tracking is expensive. It halves
1556 Memcheck's speed and increases memory use by a minimum of 100MB,
1557 and possibly more. Nevertheless it can drastically reduce the
1558 effort required to identify the root cause of uninitialised value
1559 errors, and so is often a programmer productivity win, despite
1560 running more slowly.
1561 Accuracy: Memcheck tracks origins quite accurately. To avoid very
1563 large space and time overheads, some approximations are made. It is
1564 possible, although unlikely, that Memcheck will report an incorrect
1565 origin, or not be able to identify any origin.
1566 Note that the combination --track-origins=yes and
1568 --undef-value-errors=no is nonsensical. Memcheck checks for and
1569 rejects this combination at startup.
1570 --partial-loads-ok=<yes|no> [default: yes]
1572 Controls how Memcheck handles 32-, 64-, 128- and 256-bit naturally
1573 aligned loads from addresses for which some bytes are addressable
1574 and others are not. When yes, such loads do not produce an address
1575 error. Instead, loaded bytes originating from illegal addresses are
1576 marked as uninitialised, and those corresponding to legal addresses
1577 are handled in the normal way.
1578 When no, loads from partially invalid addresses are treated the
1580 same as loads from completely invalid addresses: an illegal-address
1581 error is issued, and the resulting bytes are marked as initialised.
1582 Note that code that behaves in this way is in violation of the ISO
1584 C/C++ standards, and should be considered broken. If at all
1585 possible, such code should be fixed.
1586 --expensive-definedness-checks=<no|auto|yes> [default: auto]
1588 Controls whether Memcheck should employ more precise but also more
1589 expensive (time consuming) instrumentation when checking the
1590 definedness of certain values. In particular, this affects the
1591 instrumentation of integer adds, subtracts and equality
1592 comparisons.
1593 Selecting --expensive-definedness-checks=yes causes Memcheck to use
1595 the most accurate analysis possible. This minimises false error
1596 rates but can cause up to 30% performance degradation.
1597 Selecting --expensive-definedness-checks=no causes Memcheck to use
1599 the cheapest instrumentation possible. This maximises performance
1600 but will normally give an unusably high false error rate.
1601 The default setting, --expensive-definedness-checks=auto, is
1603 strongly recommended. This causes Memcheck to use the minimum of
1604 expensive instrumentation needed to achieve the same false error
1605 rate as --expensive-definedness-checks=yes. It also enables an
1606 instrumentation-time analysis pass which aims to further reduce the
1607 costs of accurate instrumentation. Overall, the performance loss is
1608 generally around 5% relative to --expensive-definedness-checks=no,
1609 although this is strongly workload dependent. Note that the exact
1610 instrumentation settings in this mode are architecture dependent.
1611 --keep-stacktraces=alloc|free|alloc-and-free|alloc-then-free|none
1613 [default: alloc-and-free]
1614 Controls which stack trace(s) to keep for malloc'd and/or free'd
1615 blocks.
1616 With alloc-then-free, a stack trace is recorded at allocation time,
1618 and is associated with the block. When the block is freed, a second
1619 stack trace is recorded, and this replaces the allocation stack
1620 trace. As a result, any "use after free" errors relating to this
1621 block can only show a stack trace for where the block was freed.
1622 With alloc-and-free, both allocation and the deallocation stack
1624 traces for the block are stored. Hence a "use after free" error
1625 will show both, which may make the error easier to diagnose.
1626 Compared to alloc-then-free, this setting slightly increases
1627 Valgrind's memory use as the block contains two references instead
1628 of one.
1629 With alloc, only the allocation stack trace is recorded (and
1631 reported). With free, only the deallocation stack trace is recorded
1632 (and reported). These values somewhat decrease Valgrind's memory
1633 and cpu usage. They can be useful depending on the error types you
1634 are searching for and the level of detail you need to analyse them.
1635 For example, if you are only interested in memory leak errors, it
1636 is sufficient to record the allocation stack traces.
1637 With none, no stack traces are recorded for malloc and free
1639 operations. If your program allocates a lot of blocks and/or
1640 allocates/frees from many different stack traces, this can
1641 significantly decrease cpu and/or memory required. Of course, few
1642 details will be reported for errors related to heap blocks.
1643 Note that once a stack trace is recorded, Valgrind keeps the stack
1645 trace in memory even if it is not referenced by any block. Some
1646 programs (for example, recursive algorithms) can generate a huge
1647 number of stack traces. If Valgrind uses too much memory in such
1648 circumstances, you can reduce the memory required with the options
1649 --keep-stacktraces and/or by using a smaller value for the option
1650 --num-callers.
1651 If you want to use --xtree-memory=full memory profiling (see
1653 Execution Trees), then you cannot specify --keep-stacktraces=free
1654 or --keep-stacktraces=none.
1655 --freelist-vol=<number> [default: 20000000]
1657 When the client program releases memory using free (in C) or delete
1658 (C++), that memory is not immediately made available for
1659 re-allocation. Instead, it is marked inaccessible and placed in a
1660 queue of freed blocks. The purpose is to defer as long as possible
1661 the point at which freed-up memory comes back into circulation.
1662 This increases the chance that Memcheck will be able to detect
1663 invalid accesses to blocks for some significant period of time
1664 after they have been freed.
1665 This option specifies the maximum total size, in bytes, of the
1667 blocks in the queue. The default value is twenty million bytes.
1668 Increasing this increases the total amount of memory used by
1669 Memcheck but may detect invalid uses of freed blocks which would
1670 otherwise go undetected.
1671 --freelist-big-blocks=<number> [default: 1000000]
1673 When making blocks from the queue of freed blocks available for
1674 re-allocation, Memcheck will in priority re-circulate the blocks
1675 with a size greater or equal to --freelist-big-blocks. This ensures
1676 that freeing big blocks (in particular freeing blocks bigger than
1677 --freelist-vol) does not immediately lead to a re-circulation of
1678 all (or a lot of) the small blocks in the free list. In other
1679 words, this option increases the likelihood to discover dangling
1680 pointers for the "small" blocks, even when big blocks are freed.
1681 Setting a value of 0 means that all the blocks are re-circulated in
1683 a FIFO order.
1684 --workaround-gcc296-bugs=<yes|no> [default: no]
1686 When enabled, assume that reads and writes some small distance
1687 below the stack pointer are due to bugs in GCC 2.96, and does not
1688 report them. The "small distance" is 256 bytes by default. Note
1689 that GCC 2.96 is the default compiler on some ancient Linux
1690 distributions (RedHat 7.X) and so you may need to use this option.
1691 Do not use it if you do not have to, as it can cause real errors to
1692 be overlooked. A better alternative is to use a more recent GCC in
1693 which this bug is fixed.
1694 You may also need to use this option when working with GCC 3.X or
1696 4.X on 32-bit PowerPC Linux. This is because GCC generates code
1697 which occasionally accesses below the stack pointer, particularly
1698 for floating-point to/from integer conversions. This is in
1699 violation of the 32-bit PowerPC ELF specification, which makes no
1700 provision for locations below the stack pointer to be accessible.
1701 This option is deprecated as of version 3.12 and may be removed
1703 from future versions. You should instead use
1704 --ignore-range-below-sp to specify the exact range of offsets below
1705 the stack pointer that should be ignored. A suitable equivalent is
1706 --ignore-range-below-sp=1024-1.
1707 --ignore-range-below-sp=<number>-<number>
1709 This is a more general replacement for the deprecated
1710 --workaround-gcc296-bugs option. When specified, it causes Memcheck
1711 not to report errors for accesses at the specified offsets below
1712 the stack pointer. The two offsets must be positive decimal numbers
1713 and -- somewhat counterintuitively -- the first one must be larger,
1714 in order to imply a non-wraparound address range to ignore. For
1715 example, to ignore 4 byte accesses at 8192 bytes below the stack
1716 pointer, use --ignore-range-below-sp=8192-8189. Only one range may
1717 be specified.
1718 --show-mismatched-frees=<yes|no> [default: yes]
1720 When enabled, Memcheck checks that heap blocks are deallocated
1721 using a function that matches the allocating function. That is, it
1722 expects free to be used to deallocate blocks allocated by malloc,
1723 delete for blocks allocated by new, and delete[] for blocks
1724 allocated by new[]. If a mismatch is detected, an error is
1725 reported. This is in general important because in some
1726 environments, freeing with a non-matching function can cause
1727 crashes.
1728 There is however a scenario where such mismatches cannot be
1730 avoided. That is when the user provides implementations of
1731 new/new[] that call malloc and of delete/delete[] that call free,
1732 and these functions are asymmetrically inlined. For example,
1733 imagine that delete[] is inlined but new[] is not. The result is
1734 that Memcheck "sees" all delete[] calls as direct calls to free,
1735 even when the program source contains no mismatched calls.
1736 This causes a lot of confusing and irrelevant error reports.
1738 --show-mismatched-frees=no disables these checks. It is not
1739 generally advisable to disable them, though, because you may miss
1740 real errors as a result.
1741 --ignore-ranges=0xPP-0xQQ[,0xRR-0xSS]
1743 Any ranges listed in this option (and multiple ranges can be
1744 specified, separated by commas) will be ignored by Memcheck's
1745 addressability checking.
1746 --malloc-fill=<hexnumber>
1748 Fills blocks allocated by malloc, new, etc, but not by calloc, with
1749 the specified byte. This can be useful when trying to shake out
1750 obscure memory corruption problems. The allocated area is still
1751 regarded by Memcheck as undefined -- this option only affects its
1752 contents. Note that --malloc-fill does not affect a block of memory
1753 when it is used as argument to client requests
1754 VALGRIND_MEMPOOL_ALLOC or VALGRIND_MALLOCLIKE_BLOCK.
1755 --free-fill=<hexnumber>
1757 Fills blocks freed by free, delete, etc, with the specified byte
1758 value. This can be useful when trying to shake out obscure memory
1759 corruption problems. The freed area is still regarded by Memcheck
1760 as not valid for access -- this option only affects its contents.
1761 Note that --free-fill does not affect a block of memory when it is
1762 used as argument to client requests VALGRIND_MEMPOOL_FREE or
1763 VALGRIND_FREELIKE_BLOCK.
1764
1766 --cachegrind-out-file=<file>
1767 Write the Cachegrind output file to file rather than to the default
1768 output file, cachegrind.out.<pid>. The %p and %q format specifiers
1769 can be used to embed the process ID and/or the contents of an
1770 environment variable in the name, as is the case for the core
1771 option --log-file.
1772 --cache-sim=no|yes [no]
1774 Enables or disables collection of cache access and miss counts.
1775 --branch-sim=no|yes [no]
1777 Enables or disables collection of branch instruction and
1778 misprediction counts.
1779 --instr-at-start=no|yes [yes]
1781 Enables or disables instrumentation at the start of execution. Use
1782 this in combination with CACHEGRIND_START_INSTRUMENTATION and
1783 CACHEGRIND_STOP_INSTRUMENTATION to measure only part of a client
1784 program's execution.
1785 --I1=<size>,<associativity>,<line size>
1787 Specify the size, associativity and line size of the level 1
1788 instruction cache. Only useful with --cache-sim=yes.
1789 --D1=<size>,<associativity>,<line size>
1791 Specify the size, associativity and line size of the level 1 data
1792 cache. Only useful with --cache-sim=yes.
1793 --LL=<size>,<associativity>,<line size>
1795 Specify the size, associativity and line size of the last-level
1796 cache. Only useful with --cache-sim=yes.
1797
1799 --callgrind-out-file=<file>
1800 Write the profile data to file rather than to the default output
1801 file, callgrind.out.<pid>. The %p and %q format specifiers can be
1802 used to embed the process ID and/or the contents of an environment
1803 variable in the name, as is the case for the core option
1804 --log-file. When multiple dumps are made, the file name is modified
1805 further; see below.
1806 --dump-line=<no|yes> [default: yes]
1808 This specifies that event counting should be performed at source
1809 line granularity. This allows source annotation for sources which
1810 are compiled with debug information (-g).
1811 --dump-instr=<no|yes> [default: no]
1813 This specifies that event counting should be performed at
1814 per-instruction granularity. This allows for assembly code
1815 annotation. Currently the results can only be displayed by
1816 KCachegrind.
1817 --compress-strings=<no|yes> [default: yes]
1819 This option influences the output format of the profile data. It
1820 specifies whether strings (file and function names) should be
1821 identified by numbers. This shrinks the file, but makes it more
1822 difficult for humans to read (which is not recommended in any
1823 case).
1824 --compress-pos=<no|yes> [default: yes]
1826 This option influences the output format of the profile data. It
1827 specifies whether numerical positions are always specified as
1828 absolute values or are allowed to be relative to previous numbers.
1829 This shrinks the file size.
1830 --combine-dumps=<no|yes> [default: no]
1832 When enabled, when multiple profile data parts are to be generated
1833 these parts are appended to the same output file. Not recommended.
1834 --dump-every-bb=<count> [default: 0, never]
1836 Dump profile data every count basic blocks. Whether a dump is
1837 needed is only checked when Valgrind's internal scheduler is run.
1838 Therefore, the minimum setting useful is about 100000. The count is
1839 a 64-bit value to make long dump periods possible.
1840 --dump-before=<function>
1842 Dump when entering function.
1843 --zero-before=<function>
1845 Zero all costs when entering function.
1846 --dump-after=<function>
1848 Dump when leaving function.
1849 --instr-atstart=<yes|no> [default: yes]
1851 Specify if you want Callgrind to start simulation and profiling
1852 from the beginning of the program. When set to no, Callgrind will
1853 not be able to collect any information, including calls, but it
1854 will have at most a slowdown of around 4, which is the minimum
1855 Valgrind overhead. Instrumentation can be interactively enabled via
1856 callgrind_control -i on.
1857 Note that the resulting call graph will most probably not contain
1859 main, but will contain all the functions executed after
1860 instrumentation was enabled. Instrumentation can also be
1861 programmatically enabled/disabled. See the Callgrind include file
1862 callgrind.h for the macro you have to use in your source code.
1863 For cache simulation, results will be less accurate when switching
1865 on instrumentation later in the program run, as the simulator
1866 starts with an empty cache at that moment. Switch on event
1867 collection later to cope with this error.
1868 --collect-atstart=<yes|no> [default: yes]
1870 Specify whether event collection is enabled at beginning of the
1871 profile run.
1872 To only look at parts of your program, you have two possibilities:
1874 1. Zero event counters before entering the program part you want
1876 to profile, and dump the event counters to a file after leaving
1877 that program part.
1878 2. Switch on/off collection state as needed to only see event
1880 counters happening while inside of the program part you want to
1881 profile.
1882 The second option can be used if the program part you want to
1884 profile is called many times. Option 1, i.e. creating a lot of
1885 dumps is not practical here.
1886 Collection state can be toggled at entry and exit of a given
1888 function with the option --toggle-collect. If you use this option,
1889 collection state should be disabled at the beginning. Note that the
1890 specification of --toggle-collect implicitly sets
1891 --collect-state=no.
1892 Collection state can be toggled also by inserting the client
1894 request CALLGRIND_TOGGLE_COLLECT ; at the needed code positions.
1895 --toggle-collect=<function>
1897 Toggle collection on entry/exit of function.
1898 --collect-jumps=<no|yes> [default: no]
1900 This specifies whether information for (conditional) jumps should
1901 be collected. As above, callgrind_annotate currently is not able to
1902 show you the data. You have to use KCachegrind to get jump arrows
1903 in the annotated code.
1904 --collect-systime=<no|yes|msec|usec|nsec> [default: no]
1906 This specifies whether information for system call times should be
1907 collected.
1908 The value no indicates to record no system call information.
1910 The other values indicate to record the number of system calls done
1912 (sysCount event) and the elapsed time (sysTime event) spent in
1913 system calls. The --collect-systime value gives the unit used for
1914 sysTime : milli seconds, micro seconds or nano seconds. With the
1915 value nsec, callgrind also records the cpu time spent during system
1916 calls (sysCpuTime).
1917 The value yes is a synonym of msec. The value nsec is not supported
1919 on Darwin.
1920 --collect-bus=<no|yes> [default: no]
1922 This specifies whether the number of global bus events executed
1923 should be collected. The event type "Ge" is used for these events.
1924 --cache-sim=<yes|no> [default: no]
1926 Specify if you want to do full cache simulation. By default, only
1927 instruction read accesses will be counted ("Ir"). With cache
1928 simulation, further event counters are enabled: Cache misses on
1929 instruction reads ("I1mr"/"ILmr"), data read accesses ("Dr") and
1930 related cache misses ("D1mr"/"DLmr"), data write accesses ("Dw")
1931 and related cache misses ("D1mw"/"DLmw"). For more information, see
1932 Cachegrind: a cache and branch-prediction profiler.
1933 --branch-sim=<yes|no> [default: no]
1935 Specify if you want to do branch prediction simulation. Further
1936 event counters are enabled: Number of executed conditional branches
1937 and related predictor misses ("Bc"/"Bcm"), executed indirect jumps
1938 and related misses of the jump address predictor ("Bi"/"Bim").
1939
1941 --free-is-write=no|yes [default: no]
1942 When enabled (not the default), Helgrind treats freeing of heap
1943 memory as if the memory was written immediately before the free.
1944 This exposes races where memory is referenced by one thread, and
1945 freed by another, but there is no observable synchronisation event
1946 to ensure that the reference happens before the free.
1947 This functionality is new in Valgrind 3.7.0, and is regarded as
1949 experimental. It is not enabled by default because its interaction
1950 with custom memory allocators is not well understood at present.
1951 User feedback is welcomed.
1952 --track-lockorders=no|yes [default: yes]
1954 When enabled (the default), Helgrind performs lock order
1955 consistency checking. For some buggy programs, the large number of
1956 lock order errors reported can become annoying, particularly if
1957 you're only interested in race errors. You may therefore find it
1958 helpful to disable lock order checking.
1959 --history-level=none|approx|full [default: full]
1961 --history-level=full (the default) causes Helgrind collects enough
1962 information about "old" accesses that it can produce two stack
1963 traces in a race report -- both the stack trace for the current
1964 access, and the trace for the older, conflicting access. To limit
1965 memory usage, "old" accesses stack traces are limited to a maximum
1966 of --history-backtrace-size entries (default 8) or to --num-callers
1967 value if this value is smaller.
1968 Collecting such information is expensive in both speed and memory,
1970 particularly for programs that do many inter-thread synchronisation
1971 events (locks, unlocks, etc). Without such information, it is more
1972 difficult to track down the root causes of races. Nonetheless, you
1973 may not need it in situations where you just want to check for the
1974 presence or absence of races, for example, when doing regression
1975 testing of a previously race-free program.
1976 --history-level=none is the opposite extreme. It causes Helgrind
1978 not to collect any information about previous accesses. This can be
1979 dramatically faster than --history-level=full.
1980 --history-level=approx provides a compromise between these two
1982 extremes. It causes Helgrind to show a full trace for the later
1983 access, and approximate information regarding the earlier access.
1984 This approximate information consists of two stacks, and the
1985 earlier access is guaranteed to have occurred somewhere between
1986 program points denoted by the two stacks. This is not as useful as
1987 showing the exact stack for the previous access (as
1988 --history-level=full does), but it is better than nothing, and it
1989 is almost as fast as --history-level=none.
1990 --history-backtrace-size=<number> [default: 8]
1992 When --history-level=full is selected,
1993 --history-backtrace-size=number indicates how many entries to
1994 record in "old" accesses stack traces.
1995 --delta-stacktrace=no|yes [default: yes on linux amd64/x86]
1997 This flag only has any effect at --history-level=full.
1998 --delta-stacktrace configures the way Helgrind captures the
2000 stacktraces for the option --history-level=full. Such a stacktrace
2001 is typically needed each time a new piece of memory is read or
2002 written in a basic block of instructions.
2003 --delta-stacktrace=no causes Helgrind to compute a full history
2005 stacktrace from the unwind info each time a stacktrace is needed.
2006 --delta-stacktrace=yes indicates to Helgrind to derive a new
2008 stacktrace from the previous stacktrace, as long as there was no
2009 call instruction, no return instruction, or any other instruction
2010 changing the call stack since the previous stacktrace was captured.
2011 If no such instruction was executed, the new stacktrace can be
2012 derived from the previous stacktrace by just changing the top frame
2013 to the current program counter. This option can speed up Helgrind
2014 by 25% when using --history-level=full.
2015 The following aspects have to be considered when using
2017 --delta-stacktrace=yes :
2018 • In some cases (for example in a function prologue), the
2020 valgrind unwinder might not properly unwind the stack, due to
2021 some limitations and/or due to wrong unwind info. When using
2022 --delta-stacktrace=yes, the wrong stack trace captured in the
2023 function prologue will be kept till the next call or return.
2024 • On the other hand, --delta-stacktrace=yes sometimes helps to
2026 obtain a correct stacktrace, for example when the unwind info
2027 allows a correct stacktrace to be done in the beginning of the
2028 sequence, but not later on in the instruction sequence.
2029 • Determining which instructions are changing the callstack is
2031 partially based on platform dependent heuristics, which have to
2032 be tuned/validated specifically for the platform. Also,
2033 unwinding in a function prologue must be good enough to allow
2034 using --delta-stacktrace=yes. Currently, the option
2035 --delta-stacktrace=yes has been reasonably validated only on
2036 linux x86 32 bits and linux amd64 64 bits. For more details
2037 about how to validate --delta-stacktrace=yes, see debug option
2038 --hg-sanity-flags and the function check_cached_rcec_ok in
2039 libhb_core.c.
2040 --conflict-cache-size=N [default: 1000000]
2043 This flag only has any effect at --history-level=full.
2044 Information about "old" conflicting accesses is stored in a cache
2046 of limited size, with LRU-style management. This is necessary
2047 because it isn't practical to store a stack trace for every single
2048 memory access made by the program. Historical information on not
2049 recently accessed locations is periodically discarded, to free up
2050 space in the cache.
2051 This option controls the size of the cache, in terms of the number
2053 of different memory addresses for which conflicting access
2054 information is stored. If you find that Helgrind is showing race
2055 errors with only one stack instead of the expected two stacks, try
2056 increasing this value.
2057 The minimum value is 10,000 and the maximum is 30,000,000 (thirty
2059 times the default value). Increasing the value by 1 increases
2060 Helgrind's memory requirement by very roughly 100 bytes, so the
2061 maximum value will easily eat up three extra gigabytes or so of
2062 memory.
2063 --check-stack-refs=no|yes [default: yes]
2065 By default Helgrind checks all data memory accesses made by your
2066 program. This flag enables you to skip checking for accesses to
2067 thread stacks (local variables). This can improve performance, but
2068 comes at the cost of missing races on stack-allocated data.
2069 --ignore-thread-creation=<yes|no> [default: no]
2071 Controls whether all activities during thread creation should be
2072 ignored. By default enabled only on Solaris. Solaris provides
2073 higher throughput, parallelism and scalability than other operating
2074 systems, at the cost of more fine-grained locking activity. This
2075 means for example that when a thread is created under glibc, just
2076 one big lock is used for all thread setup. Solaris libc uses
2077 several fine-grained locks and the creator thread resumes its
2078 activities as soon as possible, leaving for example stack and TLS
2079 setup sequence to the created thread. This situation confuses
2080 Helgrind as it assumes there is some false ordering in place
2081 between creator and created thread; and therefore many types of
2082 race conditions in the application would not be reported. To
2083 prevent such false ordering, this command line option is set to yes
2084 by default on Solaris. All activity (loads, stores, client
2085 requests) is therefore ignored during:
2086 • pthread_create() call in the creator thread
2088 • thread creation phase (stack and TLS setup) in the created
2090 thread
2091 Also new memory allocated during thread creation is untracked, that
2093 is race reporting is suppressed there. DRD does the same thing
2094 implicitly. This is necessary because Solaris libc caches many
2095 objects and reuses them for different threads and that confuses
2096 Helgrind.
2097
2099 --check-stack-var=<yes|no> [default: no]
2100 Controls whether DRD detects data races on stack variables.
2101 Verifying stack variables is disabled by default because most
2102 programs do not share stack variables over threads.
2103 --exclusive-threshold=<n> [default: off]
2105 Print an error message if any mutex or writer lock has been held
2106 longer than the time specified in milliseconds. This option enables
2107 the detection of lock contention.
2108 --join-list-vol=<n> [default: 10]
2110 Data races that occur between a statement at the end of one thread
2111 and another thread can be missed if memory access information is
2112 discarded immediately after a thread has been joined. This option
2113 allows one to specify for how many joined threads memory access
2114 information should be retained.
2115 --first-race-only=<yes|no> [default: no]
2117 Whether to report only the first data race that has been detected
2118 on a memory location or all data races that have been detected on a
2119 memory location.
2120 --free-is-write=<yes|no> [default: no]
2122 Whether to report races between accessing memory and freeing
2123 memory. Enabling this option may cause DRD to run slightly slower.
2124 Notes:
2125 • Don't enable this option when using custom memory allocators
2127 that use the VG_USERREQ__MALLOCLIKE_BLOCK and
2128 VG_USERREQ__FREELIKE_BLOCK because that would result in false
2129 positives.
2130 • Don't enable this option when using reference-counted objects
2132 because that will result in false positives, even when that
2133 code has been annotated properly with ANNOTATE_HAPPENS_BEFORE
2134 and ANNOTATE_HAPPENS_AFTER. See e.g. the output of the
2135 following command for an example: valgrind --tool=drd
2136 --free-is-write=yes drd/tests/annotate_smart_pointer.
2137 --report-signal-unlocked=<yes|no> [default: yes]
2139 Whether to report calls to pthread_cond_signal and
2140 pthread_cond_broadcast where the mutex associated with the signal
2141 through pthread_cond_wait or pthread_cond_timed_waitis not locked
2142 at the time the signal is sent. Sending a signal without holding a
2143 lock on the associated mutex is a common programming error which
2144 can cause subtle race conditions and unpredictable behavior. There
2145 exist some uncommon synchronization patterns however where it is
2146 safe to send a signal without holding a lock on the associated
2147 mutex.
2148 --segment-merging=<yes|no> [default: yes]
2150 Controls segment merging. Segment merging is an algorithm to limit
2151 memory usage of the data race detection algorithm. Disabling
2152 segment merging may improve the accuracy of the so-called 'other
2153 segments' displayed in race reports but can also trigger an out of
2154 memory error.
2155 --segment-merging-interval=<n> [default: 10]
2157 Perform segment merging only after the specified number of new
2158 segments have been created. This is an advanced configuration
2159 option that allows one to choose whether to minimize DRD's memory
2160 usage by choosing a low value or to let DRD run faster by choosing
2161 a slightly higher value. The optimal value for this parameter
2162 depends on the program being analyzed. The default value works well
2163 for most programs.
2164 --shared-threshold=<n> [default: off]
2166 Print an error message if a reader lock has been held longer than
2167 the specified time (in milliseconds). This option enables the
2168 detection of lock contention.
2169 --show-confl-seg=<yes|no> [default: yes]
2171 Show conflicting segments in race reports. Since this information
2172 can help to find the cause of a data race, this option is enabled
2173 by default. Disabling this option makes the output of DRD more
2174 compact.
2175 --show-stack-usage=<yes|no> [default: no]
2177 Print stack usage at thread exit time. When a program creates a
2178 large number of threads it becomes important to limit the amount of
2179 virtual memory allocated for thread stacks. This option makes it
2180 possible to observe how much stack memory has been used by each
2181 thread of the client program. Note: the DRD tool itself allocates
2182 some temporary data on the client thread stack. The space necessary
2183 for this temporary data must be allocated by the client program
2184 when it allocates stack memory, but is not included in stack usage
2185 reported by DRD.
2186 --ignore-thread-creation=<yes|no> [default: no]
2188 Controls whether all activities during thread creation should be
2189 ignored. By default enabled only on Solaris. Solaris provides
2190 higher throughput, parallelism and scalability than other operating
2191 systems, at the cost of more fine-grained locking activity. This
2192 means for example that when a thread is created under glibc, just
2193 one big lock is used for all thread setup. Solaris libc uses
2194 several fine-grained locks and the creator thread resumes its
2195 activities as soon as possible, leaving for example stack and TLS
2196 setup sequence to the created thread. This situation confuses DRD
2197 as it assumes there is some false ordering in place between creator
2198 and created thread; and therefore many types of race conditions in
2199 the application would not be reported. To prevent such false
2200 ordering, this command line option is set to yes by default on
2201 Solaris. All activity (loads, stores, client requests) is therefore
2202 ignored during:
2203 • pthread_create() call in the creator thread
2205 • thread creation phase (stack and TLS setup) in the created
2207 thread
2208 --trace-addr=<address> [default: none]
2210 Trace all load and store activity for the specified address. This
2211 option may be specified more than once.
2212 --ptrace-addr=<address> [default: none]
2214 Trace all load and store activity for the specified address and
2215 keep doing that even after the memory at that address has been
2216 freed and reallocated.
2217 --trace-alloc=<yes|no> [default: no]
2219 Trace all memory allocations and deallocations. May produce a huge
2220 amount of output.
2221 --trace-barrier=<yes|no> [default: no]
2223 Trace all barrier activity.
2224 --trace-cond=<yes|no> [default: no]
2226 Trace all condition variable activity.
2227 --trace-fork-join=<yes|no> [default: no]
2229 Trace all thread creation and all thread termination events.
2230 --trace-hb=<yes|no> [default: no]
2232 Trace execution of the ANNOTATE_HAPPENS_BEFORE(),
2233 ANNOTATE_HAPPENS_AFTER() and ANNOTATE_HAPPENS_DONE() client
2234 requests.
2235 --trace-mutex=<yes|no> [default: no]
2237 Trace all mutex activity.
2238 --trace-rwlock=<yes|no> [default: no]
2240 Trace all reader-writer lock activity.
2241 --trace-semaphore=<yes|no> [default: no]
2243 Trace all semaphore activity.
2244
2246 --heap=<yes|no> [default: yes]
2247 Specifies whether heap profiling should be done.
2248 --heap-admin=<size> [default: 8]
2250 If heap profiling is enabled, gives the number of administrative
2251 bytes per block to use. This should be an estimate of the average,
2252 since it may vary. For example, the allocator used by glibc on
2253 Linux requires somewhere between 4 to 15 bytes per block, depending
2254 on various factors. That allocator also requires admin space for
2255 freed blocks, but Massif cannot account for this.
2256 --stacks=<yes|no> [default: no]
2258 Specifies whether stack profiling should be done. This option slows
2259 Massif down greatly, and so is off by default. Note that Massif
2260 assumes that the main stack has size zero at start-up. This is not
2261 true, but doing otherwise accurately is difficult. Furthermore,
2262 starting at zero better indicates the size of the part of the main
2263 stack that a user program actually has control over.
2264 --pages-as-heap=<yes|no> [default: no]
2266 Tells Massif to profile memory at the page level rather than at the
2267 malloc'd block level. See above for details.
2268 --depth=<number> [default: 30]
2270 Maximum depth of the allocation trees recorded for detailed
2271 snapshots. Increasing it will make Massif run somewhat more slowly,
2272 use more memory, and produce bigger output files.
2273 --alloc-fn=<name>
2275 Functions specified with this option will be treated as though they
2276 were a heap allocation function such as malloc. This is useful for
2277 functions that are wrappers to malloc or new, which can fill up the
2278 allocation trees with uninteresting information. This option can be
2279 specified multiple times on the command line, to name multiple
2280 functions.
2281 Note that the named function will only be treated this way if it is
2283 the top entry in a stack trace, or just below another function
2284 treated this way. For example, if you have a function malloc1 that
2285 wraps malloc, and malloc2 that wraps malloc1, just specifying
2286 --alloc-fn=malloc2 will have no effect. You need to specify
2287 --alloc-fn=malloc1 as well. This is a little inconvenient, but the
2288 reason is that checking for allocation functions is slow, and it
2289 saves a lot of time if Massif can stop looking through the stack
2290 trace entries as soon as it finds one that doesn't match rather
2291 than having to continue through all the entries.
2292 Note that C++ names are demangled. Note also that overloaded C++
2294 names must be written in full. Single quotes may be necessary to
2295 prevent the shell from breaking them up. For example:
2296 --alloc-fn='operator new(unsigned, std::nothrow_t const&)'
2298 Arguments of type size_t need to be replaced with unsigned long on
2300 64bit platforms and unsigned on 32bit platforms.
2301 --alloc-fn will work with inline functions. Inline function names
2303 are not mangled, which means that you only need to provide the
2304 function name and not the argument list.
2305 --alloc-fn does not support wildcards.
2307 --ignore-fn=<name>
2309 Any direct heap allocation (i.e. a call to malloc, new, etc, or a
2310 call to a function named by an --alloc-fn option) that occurs in a
2311 function specified by this option will be ignored. This is mostly
2312 useful for testing purposes. This option can be specified multiple
2313 times on the command line, to name multiple functions.
2314 Any realloc of an ignored block will also be ignored, even if the
2316 realloc call does not occur in an ignored function. This avoids the
2317 possibility of negative heap sizes if ignored blocks are shrunk
2318 with realloc.
2319 The rules for writing C++ function names are the same as for
2321 --alloc-fn above.
2322 --threshold=<m.n> [default: 1.0]
2324 The significance threshold for heap allocations, as a percentage of
2325 total memory size. Allocation tree entries that account for less
2326 than this will be aggregated. Note that this should be specified in
2327 tandem with ms_print's option of the same name.
2328 --peak-inaccuracy=<m.n> [default: 1.0]
2330 Massif does not necessarily record the actual global memory
2331 allocation peak; by default it records a peak only when the global
2332 memory allocation size exceeds the previous peak by at least 1.0%.
2333 This is because there can be many local allocation peaks along the
2334 way, and doing a detailed snapshot for every one would be expensive
2335 and wasteful, as all but one of them will be later discarded. This
2336 inaccuracy can be changed (even to 0.0%) via this option, but
2337 Massif will run drastically slower as the number approaches zero.
2338 --time-unit=<i|ms|B> [default: i]
2340 The time unit used for the profiling. There are three
2341 possibilities: instructions executed (i), which is good for most
2342 cases; real (wallclock) time (ms, i.e. milliseconds), which is
2343 sometimes useful; and bytes allocated/deallocated on the heap
2344 and/or stack (B), which is useful for very short-run programs, and
2345 for testing purposes, because it is the most reproducible across
2346 different machines.
2347 --detailed-freq=<n> [default: 10]
2349 Frequency of detailed snapshots. With --detailed-freq=1, every
2350 snapshot is detailed.
2351 --max-snapshots=<n> [default: 100]
2353 The maximum number of snapshots recorded. If set to N, for all
2354 programs except very short-running ones, the final number of
2355 snapshots will be between N/2 and N.
2356 --massif-out-file=<file> [default: massif.out.%p]
2358 Write the profile data to file rather than to the default output
2359 file, massif.out.<pid>. The %p and %q format specifiers can be used
2360 to embed the process ID and/or the contents of an environment
2361 variable in the name, as is the case for the core option
2362 --log-file.
2363
2365 --bb-out-file=<name> [default: bb.out.%p]
2366 This option selects the name of the basic block vector file. The %p
2367 and %q format specifiers can be used to embed the process ID and/or
2368 the contents of an environment variable in the name, as is the case
2369 for the core option --log-file.
2370 --pc-out-file=<name> [default: pc.out.%p]
2372 This option selects the name of the PC file. This file holds
2373 program counter addresses and function name info for the various
2374 basic blocks. This can be used in conjunction with the basic block
2375 vector file to fast-forward via function names instead of just
2376 instruction counts. The %p and %q format specifiers can be used to
2377 embed the process ID and/or the contents of an environment variable
2378 in the name, as is the case for the core option --log-file.
2379 --interval-size=<number> [default: 100000000]
2381 This option selects the size of the interval to use. The default is
2382 100 million instructions, which is a commonly used value. Other
2383 sizes can be used; smaller intervals can help programs with
2384 finer-grained phases. However smaller interval size can lead to
2385 accuracy issues due to warm-up effects (When fast-forwarding the
2386 various architectural features will be un-initialized, and it will
2387 take some number of instructions before they "warm up" to the state
2388 a full simulation would be at without the fast-forwarding. Large
2389 interval sizes tend to mitigate this.)
2390 --instr-count-only [default: no]
2392 This option tells the tool to only display instruction count
2393 totals, and to not generate the actual basic block vector file.
2394 This is useful for debugging, and for gathering instruction count
2395 info without generating the large basic block vector files.
2396
2398 --basic-counts=<no|yes> [default: yes]
2399 When enabled, Lackey prints the following statistics and
2400 information about the execution of the client program:
2401 1. The number of calls to the function specified by the --fnname
2403 option (the default is main). If the program has had its
2404 symbols stripped, the count will always be zero.
2405 2. The number of conditional branches encountered and the number
2407 and proportion of those taken.
2408 3. The number of superblocks entered and completed by the program.
2410 Note that due to optimisations done by the JIT, this is not at
2411 all an accurate value.
2412 4. The number of guest (x86, amd64, ppc, etc.) instructions and IR
2414 statements executed. IR is Valgrind's RISC-like intermediate
2415 representation via which all instrumentation is done.
2416 5. Ratios between some of these counts.
2418 6. The exit code of the client program.
2420 --detailed-counts=<no|yes> [default: no]
2422 When enabled, Lackey prints a table containing counts of loads,
2423 stores and ALU operations, differentiated by their IR types. The IR
2424 types are identified by their IR name ("I1", "I8", ... "I128",
2425 "F32", "F64", and "V128").
2426 --trace-mem=<no|yes> [default: no]
2428 When enabled, Lackey prints the size and address of almost every
2429 memory access made by the program. See the comments at the top of
2430 the file lackey/lk_main.c for details about the output format, how
2431 it works, and inaccuracies in the address trace. Note that this
2432 option produces immense amounts of output.
2433 --trace-superblocks=<no|yes> [default: no]
2435 When enabled, Lackey prints out the address of every superblock (a
2436 single entry, multiple exit, linear chunk of code) executed by the
2437 program. This is primarily of interest to Valgrind developers. See
2438 the comments at the top of the file lackey/lk_main.c for details
2439 about the output format. Note that this option produces large
2440 amounts of output.
2441 --fnname=<name> [default: main]
2443 Changes the function for which calls are counted when
2444 --basic-counts=yes is specified.
2445
2447 Valgrind supports the downloading of debuginfo files via debuginfod, an
2448 HTTP server for distributing ELF/DWARF debugging information. When a
2449 debuginfo file cannot be found locally, Valgrind is able to query
2450 debuginfod servers for the file using the file's build-id.
2451 In order to use this feature debuginfod-find must be installed and the
2453 $DEBUGINFOD_URLS environment variable must contain space-separated URLs
2454 of debuginfod servers. Valgrind does not support debuginfod-find
2455 verbose output that is normally enabled with $DEBUGINFOD_PROGRESS and
2456 $DEBUGINFOD_VERBOSE. These environment variables will be ignored. This
2457 feature is supported on Linux only.
2458 For more information regarding debuginfod, see Elfutils Debuginfod[1] .
2460
2462 cg_annotate(1), callgrind_annotate(1), callgrind_control(1),
2463 ms_print(1), $INSTALL/share/doc/valgrind/html/index.html or
2464 http://www.valgrind.org/docs/manual/index.html, Debugging your program
2465 using Valgrind's gdbserver and GDB[2] vgdb[3], Valgrind monitor
2466 commands[4], The Commentary[5], Scheduling and Multi-Thread
2467 Performance[6], Cachegrind: a cache and branch-prediction profiler[7].
2468 Execution Trees[8]
2469
2471 See the AUTHORS file in the valgrind distribution for a comprehensive
2472 list of authors.
2473 This manpage was written by Andres Roldan <aroldan@debian.org> and the
2475 Valgrind developers.
2476
2478 1. Elfutils Debuginfod
2479 https://sourceware.org/elfutils/Debuginfod.html
2480 2. Debugging your program using Valgrind's gdbserver and GDB
2482 http://www.valgrind.org/docs/manual/manual-core-adv.html#manual-core-adv.gdbserver
2483 3. vgdb
2485 http://www.valgrind.org/docs/manual/manual-core-adv.html#manual-core-adv.vgdb
2486 4. Valgrind monitor commands
2488 http://www.valgrind.org/docs/manual/manual-core-adv.html#manual-core-adv.valgrind-monitor-commands
2489 5. The Commentary
2491 http://www.valgrind.org/docs/manual/manual-core.html#manual-core.comment
2492 6. Scheduling and Multi-Thread Performance
2494 http://www.valgrind.org/docs/manual/manual-core.html#manual-core.pthreads_perf_sched
2495 7. Cachegrind: a cache and branch-prediction profiler
2497 http://www.valgrind.org/docs/manual/cg-manual.html
2498 8. Execution Trees
2500 http://www.valgrind.org/docs/manual/manual-core.html#manual-core.xtree
2501Release 3.22.0 10/31/2023 VALGRIND(1)