nginx下使用asan和valgrind两个静态检查工具

1、valgrind

valgrind安装：参考：https://blog.csdn.net/justheretobe/article/details/52986461

wegit：http://valgrind.org/downloads/valgrind-3.12.0.tar.bz2

tar -jxvf valgrind-3.12.0.tar.bz2

cd valgrind-3.12.0

./configure

make

sudo make install

输入valgrind–h显示valgrind的参数及提示，说明安装成功

luajit问题：参考https://groups.google.com/forum/#!topic/openresty/riEO_YXTwz4

 sudo valgrind --tool=memcheck --leak-check=full /usr/local/nginx-1.4.2/sbin/nginx
==41400== Memcheck, a memory error detector
==41400== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==41400== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==41400== Command: /usr/local/nginx-1.4.2/sbin/nginx
==41400==
==41400== Warning: set address range perms: large range [0x957a040, 0x2e45f7e2) (undefined)
==41400== Warning: set address range perms: large range [0x957b040, 0x2e45f040) (defined)
nginx: [error] failed to initialize Lua VM in /usr/local/nginx-1.4.2/conf/nginx.conf:125
==41400==
==41400== HEAP SUMMARY:
==41400==     in use at exit: 619,703,912 bytes in 3,285 blocks
==41400==   total heap usage: 20,476 allocs, 17,191 frees, 626,783,730 bytes allocated
==41400==
==41400== 128 bytes in 1 blocks are possibly lost in loss record 583 of 650
==41400==    at 0x4C2ABA0: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==41400==    by 0x431D0A: ngx_alloc (ngx_alloc.c:22)
==41400==    by 0x4222CE: ngx_crc32_table_init (ngx_crc32.c:117)
==41400==    by 0x41A20B: main (nginx.c:320)
==41400==
==41400== 1,024 bytes in 1 blocks are definitely lost in loss record 626 of 650
==41400==    at 0x4C2D136: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==41400==    by 0x4C2D251: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==41400==    by 0x431DBB: ngx_memalign (ngx_alloc.c:57)
==41400==    by 0x41B5C2: ngx_create_pool (ngx_palloc.c:21)
==41400==    by 0x419F52: main (nginx.c:299)
==41400==
==41400== LEAK SUMMARY:
==41400==    definitely lost: 1,024 bytes in 1 blocks
==41400==    indirectly lost: 0 bytes in 0 blocks
==41400==      possibly lost: 128 bytes in 1 blocks
==41400==    still reachable: 619,702,760 bytes in 3,283 blocks
==41400==         suppressed: 0 bytes in 0 blocks
==41400== Reachable blocks (those to which a pointer was found) are not shown.
==41400== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==41400==
==41400== For counts of detected and suppressed errors, rerun with: -v
==41400== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)

解决的办法是使用 openresty 的 luajit 仓库的 v2.1-agentzh 分支重新：  https://github.com/openresty/luajit2/tree/v2.1-agentzh ，然后，重新编译一个特殊版本的 LuaJIT，强制它使用系统的分配器，即在编译 LuaJIT 时使用类似下面的命令： make CCDEBUG=-g Q= XCFLAGS='-DLUAJIT_USE_VALGRIND -DLUAJIT_USE_SYSMALLOC' 

编译脚本做下面的修改：

export LUAJIT_INC=/usr/local/include/luajit-2.1

 

nginx处理请求都是在worker进程中，如果不特殊配置valgrind只检测master进程的信息，可以配置下面的样子，设置worker进程启动：

worker_processes 1;
daemon off;
master_process off;

或者使用在valgrind中使用–trace-children=yes 选项跟踪子进程信息

启动方式

sudo valgrind --tool=memcheck ./sbin/nginx  -p . -c conf/配置文件.conf

或以日志形式记录

sudo valgrind --log-file=./valgrind_report.log --leak-check=full --show-leak-kinds=all --show-reachable=no --track-origins=yes --trace-children=yes ./sbin/nginx -p . -c conf/main.conf

 

2、asan

（1）适配代码：

编译脚本中添加：

--fsanitize=address -fno-omit-frame-pointer -static-libasan
--with-ld-opt="-fsanitize=address -static-libasan"

makefile中添加 ：-fsanitize=address -fno-omit-frame-pointer -static-libasan

nginx本身需要适配一些文件，不然，会误认为是内存泄漏。

修改下面的文件：

 modified:   libs/libwtf/GNUmakefile
 modified:   libs/protobuf/Makefile
 modified:   src/core/nginx.h
 modified:   src/core/ngx_array.c
 modified:   src/core/ngx_array.h
 modified:   src/core/ngx_palloc.c
 modified:   src/core/ngx_palloc.h

(2)安装clang

(3)编译新版本运行起来，然后查看日志

默认情况下，asan遇到内存问题，就会终止当前进程的执行，并在spanner的日志文件error.log中打印相关的问题，以及问题的调用栈信息。

线上生成的调用栈只有函数地址，没有符号信息，可以将生成的调用栈弄下来，