要驗證程序,我需要生成一個確定性地址跟蹤。所以我使用mmap
在虛擬內存中的固定位置分配數組。在固定位置的內存映射數組
這是我有:
#define PG_SIZE 4096
#define PG_START(_v) ((_v) & ~(unsigned long)(PG_SIZE-1))
// has to be aligned to page. otherwise it will be done for you.
#define ARRAY_ONE_BASE PG_START(0xffeffd000)
#define ARRAY_ONE_SIZE (4096 * 2 * sizeof(int))
unsigned long * allocateArray(unsigned long addr, size_t size) {
int stack_prot = PROT_READ | PROT_WRITE;
int flags = MAP_SHARED | MAP_FIXED | MAP_ANONYMOUS;
unsigned long *m_map;
m_map = mmap((caddr_t)PG_START(addr), size, stack_prot, flags, -1, 0);
// fail if mmap faield
if (m_map == MAP_FAILED) {
perror("mmap failed");
abort();
}
printf("Base address of allocated variable: %li\n", m_map);
assert((void *)m_map == (void *)addr);
return m_map;
}
int main(int argc, char *argv[]) {
unsigned long *addrOne = allocateArray(ARRAY_ONE_BASE, ARRAY_ONE_SIZE);
}
如果我編譯和運行上面的代碼,它工作正常。但是,當我嘗試運行valgrind
工具lackey
時,它會出現分段錯誤。
命令:
gcc program.c
valgrind --read-var-info=yes --tool=lackey a.out
輸出:
==28528== Lackey, an example Valgrind tool
==28528== Copyright (C) 2002-2013, and GNU GPL'd, by Nicholas Nethercote.
==28528== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==28528== Command: a.out
==28528==
==28528==
==28528== Process terminating with default action of signal 11 (SIGSEGV)
==28528== Bad permissions for mapped region at address 0x0
==28528== at 0x0: ???
==28528==
==28528== Counted 1 call to main()
==28528==
==28528== Jccs:
==28528== total: 22,338
==28528== taken: 9,947 (44%)
==28528==
==28528== Executed:
==28528== SBs entered: 21,937
==28528== SBs completed: 14,439
==28528== guest instrs: 120,810
==28528== IRStmts: 723,993
==28528==
==28528== Ratios:
==28528== guest instrs : SB entered = 55 : 10
==28528== IRStmts : SB entered = 330 : 10
==28528== IRStmts : guest instr = 59 : 10
==28528==
==28528== Exit code: 0
Segmentation fault (core dumped)
我已經試過在的mmap保護標誌的不同組合,但有沒有運氣。我會很感激任何幫助。
更改內存地址的工作。我並不知道valgrind中的保留區域。謝謝! – goyalankit 2014-10-31 16:59:14