Pink Iguana

Home » Code » Valgrind


Advertisements, manual, here. This idea is wonderful in general, this part is brutal however – under the memcheck quick start guide it says “With -O1 line numbers in error messages can be inaccurate, although generally speaking running Memcheck on code compiled at -O1 works fairly well, and the speed improvement compared to running -O0 is quite significant. Use of -O2 and above is not recommended as Memcheck occasionally reports uninitialised-value errors which don’t really exist.”

Valgrind is an instrumentation framework for building dynamic analysis tools. It comes with a set of tools each of which performs some kind of debugging, profiling, or similar task that helps you improve your programs. Valgrind’s architecture is modular, so new tools can be created easily and without disturbing the existing structure.

A number of useful tools are supplied as standard.

  1. Memcheck is a memory error detector. It helps you make your programs, particularly those written in C and C++, more correct.
  2. Cachegrind is a cache and branch-prediction profiler. It helps you make your programs run faster.
  3. Callgrind is a call-graph generating cache profiler. It has some overlap with Cachegrind, but also gathers some information that Cachegrind does not.
  4. Helgrind is a thread error detector. It helps you make your multi-threaded programs more correct.
  5. DRD is also a thread error detector. It is similar to Helgrind but uses different analysis techniques and so may find different problems.
  6. Massif is a heap profiler. It helps you make your programs use less memory.
  7. DHAT is a different kind of heap profiler. It helps you understand issues of block lifetimes, block utilisation, and layout inefficiencies.
  8. SGcheck is an experimental tool that can detect overruns of stack and global arrays. Its functionality is complementary to that of Memcheck: SGcheck finds problems that Memcheck can’t, and vice versa..
  9. BBV is an experimental SimPoint basic block vector generator. It is useful to people doing computer architecture research and development.

There are also a couple of minor tools that aren’t useful to most users: Lackey is an example tool that illustrates some instrumentation basics; and Nulgrind is the minimal Valgrind tool that does no analysis or instrumentation, and is only useful for testing purposes.

Valgrind is closely tied to details of the CPU and operating system, and to a lesser extent, the compiler and basic C libraries. Nonetheless, it supports a number of widely-used platforms, listed in full at

Valgrind is built via the standard Unix ./configuremakemake install process; full details are given in the README file in the distribution.

Nicholas Nethercote and Julian Seward,, Valgrind: A Framework for Heavyweight Dynamic Instrumentation, here.

Dynamic binary instrumentation (DBI) frameworks make it easy to build dynamic binary analysis (DBA) tools such as checkers and profilers. Much of the focus on DBI frameworks has been on performance; little attention has been paid to their capabilities. As a result, we believe the potential of DBI has not been fully exploited.

In this paper we describe Valgrind, a DBI framework designed for building heavyweight DBA tools. We focus on its unique sup- port for shadow values—a powerful but previously little-studied and difficult-to-implement DBA technique, which requires a tool to shadow every register and memory value with another value that describes it. This support accounts for several crucial design fea- tures that distinguish Valgrind from other DBI frameworks. Be- cause of these features, lightweight tools built with Valgrind run comparatively slowly, but Valgrind can be used to build more in- teresting, heavyweight tools that are difficult or impossible to build with other DBI frameworks such as Pin and DynamoRIO.

Valgrind Research Papers,, here.

Research Papers By Valgrind Developers

If you refer to Valgrind in a published work, please cite one or more of the following papers, not just the Valgrind website.

  • Tracking Bad Apples: Reporting the Origin of Null and Undefined Value Errors.
    Michael D. Bond, Nicholas Nethercote, Stephen W. Kent, Samuel Z. Guyer and Kathryn S. McKinley.
    Proceedings of the ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA 2007), Montreal, Canada, October 2007.

    This paper describes an attempt to improve the error messages produced for undefined value errors detected by Memcheck by tracking their origins. Ultimately it wasn’t that useful in practice. The paper also describes a similar technique for improving null pointer exception messages in Java, which was much more successful. Please only cite this paper if you are specifically discussing origin tracking.
  • Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation.
    Nicholas Nethercote and Julian Seward.
    Proceedings of ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI 2007), San Diego, California, USA, June 2007.

    This paper describes how Valgrind works, and how it differs from other DBI frameworks such as Pin and DynamoRIO. Please cite this paper when discussing Valgrind in general. However, if you are discussing Valgrind specifically in relation to memory errors (i.e. the Memcheck tool), please cite the USENIX paper below as well or instead.
  • How to Shadow Every Byte of Memory Used by a Program.
    Nicholas Nethercote and Julian Seward.
    Proceedings of the Third International ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments (VEE 2007), San Diego, California, USA, June 2007.

    This paper describes in detail how Memcheck’s shadow memory is implemented, and compares it to other alternative approaches. Please cite this paper if you are discussing shadow memory implementations. You could also cite it when discussing Memcheck, but please cite the USENIX paper in preference.
  • Building Workload Characterization Tools with Valgrind.
    Nicholas Nethercote, Robert Walsh and Jeremy Fitzhardinge.
    Invited tutorial, IEEE International Symposium on Workload Characterization (IISWC 2006), San Jose, California, USA, October 2006.

    These four talks cover (a) how Valgrind works, (b) three example profiling tools (Cachegrind, Callgrind, Massif), (c) how to build a new tool, using a simple example, (d) ideas for more advanced tools, and general tool-building advice.
  • Using Valgrind to detect undefined value errors with bit-precision.
    Julian Seward and Nicholas Nethercote.
    Proceedings of the USENIX’05 Annual Technical Conference, Anaheim, California, USA, April 2005.

    This paper describes in detail how Memcheck’s undefined value error detection (a.k.a. V bits) works. Please cite it if you are talking about memory checking with Valgrind, in particular if you are referring to Memcheck’s undefined value error detection.
  • Dynamic Binary Analysis and Instrumentation.
    Nicholas Nethercote.
    PhD Dissertation, University of Cambridge, November 2004.

    This dissertation describes Valgrind in some detail (some of these details are now out-of-date) as well as Cachegrind, Annelid and Redux; it also covers some underlying theory about dynamic binary analysis in general and what all these tools have in common. Please cite it if you are writing about Cachegrind, or the dynamic binary analysis theory work. If you are writing about Valgrind in general, please cite the PLDI2007 paper above in preference. If you are writing about Annelid, please cite the SPACE2004 paper in preference. If you are writing about Redux, please cite the ENTCS paper in preference.
  • A Tool Suite for Simulation Based Analysis of Memory Access Behavior.
    Josef Weidendorfer, Markus Kowarschik and Carsten Trinitis.
    Proceedings of the 4th International Conference on Computational Science (ICCS 2004), Krakow, Poland, June 2004.

    This paper describes Callgrind.
  • Bounds-Checking Entire Programs Without Recompiling.
    Nicholas Nethercote and Jeremy Fitzhardinge.
    Informal Proceedings of the Second Workshop on Semantics, Program Analysis, and Computing Environments for Memory Management (SPACE 2004), Venice, Italy, January 2004.

    This paper describes Annelid, an experimental bounds checker. Although the paper is upbeat about Annelid, it really didn’t work that well. Good bounds-checking relies too much on source-level information (such as what values are pointers, and what things those pointers point to) that is difficult to obtain when working at the binary level.
  • Valgrind: A Program Supervision Framework. (slides)
    Nicholas Nethercote and Julian Seward.
    Electronic Notes in Theoretical Computer Science 89 No. 2, 2003.

    This paper describes Valgrind in general, but is somewhat out-of-date. Please cite the PLDI paper above in preference.
  • Redux: A Dynamic Dataflow Tracer.
    Nicholas Nethercote and Alan Mycroft.
    Electronic Notes in Theoretical Computer Science 89 No. 2, 2003.

    This paper describes Redux, and experimental dynamic dataflow tracing tool. Redux is fun and intriguing, although wildly unscaleable. The paper suggests multiple uses for it, none of which are likely to be practical. What it isgenuinely good for is stimulating ideas about the kinds of tools that Valgrind can be used to build; people see the graphs and say “oh, if you just changed X to Y, you could do Z”… they usually end up describing something entirely different to Redux that they wouldn’t have thought of without seeing Redux’s graphs. So really it’s best described as an ideas-for-Valgrind-tools stimulator!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: