Electric Fence

From eLinux.org
Jump to: navigation, search

Introduction

Electric Fence helps you detect two common programming bugs:

software that overruns the boundaries of a malloc()memory allocation,
software that touches a memory allocation that has been released by free().
Unlike other malloc() debuggers, Electric Fence will detect read accesses as well as writes, and it will pinpoint the exact instruction that causes an error.

Electric Fence uses the virtual memory hardware of your computer to place an inaccessible memory page immediately after (or before, at the user's option) each memory allocation.

Typical Problem

   [root@einfochips Debug] cat test_efence.c
   #include <stdio.h>
   #include <string.h>
   #include <stdlib.h>
   int main()
   {
       char *arr;    int i;
       arr = (char *)malloc(sizeof(char)*5);
       strcpy(arr,"amee is my name");
       return 0;
   }

Above four-liner code is definitely having a problem. Quite visible. It has malloced memory of 5 bytes and then writing past malloc boundry. But, running it on any intelligent Linux box would give any error ? For most of the time it will not panic.

But, being it a snippet from some large code. Imagine that it has malloced the memory, copied some content to it and then freeing the memory at some later stage. As soon as you will try to free the memory, OS will send SIGSEGV and prog will come out with SegFault. Now think, you have introduced a problem while copying the content to memory (i.e., in strcpy), and the problem appeared while freeing (i.e., in free() ) the memory.

Any debuggers like gdb and etc will not help you to locate the exact location of errors. That is exactly where Memory Debugger Tools will help.

Usage

Use the -lefence argument to the linker, otherwise put the path-name for libefence.a in the linker's command line. export LD_PRELOAD=libefence.so.0.0 will cause Electric Fence to be loaded at run time. Make sure you are not linking with -lmalloc, -lmallocdebug, or with other malloc-debugger or malloc-enhancer libraries.

Run program using a -lefence. Create a core file. If a program has one of the errors detected by Electric Fence, it will get a segmentation fault (SIGSEGV) at the offending instruction. Use the debugger(i.e GDB) to locate the erroneous statement, and repair it.

Set environment EF_PROTECT_BELOW or EF_PROTECT_FREE or EF_ALLOW_MALLOC_0 or EF_FILL in order to debug various problems.

Example

   [root@einfochips Debug]$ gcc -g -Wall -lefence test_efence.c
   [root@einfochips Debug]$ ./a.out
   
     Electric Fence 2.2.0 Copyright (C) 1987-1999 Bruce Perens <bruce@perens.com>
   Segmentation fault (core dumped)
   
   [root@einfochips Debug]$ gdb a.out core.5450
   GNU gdb Red Hat Linux (6.5-16.el5rh)
   Copyright (C) 2006 Free Software Foundation, Inc.
   GDB is free software, covered by the GNU General Public License, and you are
   welcome to change it and/or distribute copies of it under certain conditions.
   Type "show copying" to see the conditions.
   There is absolutely no warranty for GDB.  Type "show warranty" for details.
   This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1".
   
   
   warning: Can't read pathname for load map: Input/output error.
   Reading symbols from /usr/lib/libefence.so.0...done.
   Loaded symbols for /usr/lib/libefence.so.0
   Reading symbols from /lib/libc.so.6...done.
   Loaded symbols for /lib/libc.so.6
   Reading symbols from /lib/ld-linux.so.2...done.
   Loaded symbols for /lib/ld-linux.so.2
   Core was generated by `./a.out'.
   Program terminated with signal 11, Segmentation fault.
   #0  0x08048484 in main () at test_efence.c:11
   11              strcpy(arr,"amee is my name");
   (gdb)
       

Electric Fence can be downloaded here, http://linux.softpedia.com/get/Programming/Debuggers/Electric-Fence-3305.shtml