Fear and surprise

March 6th, 2009

Mike Ash: “I guarantee that if you run it for the first time on any substantial base of Cocoa code, you will be surprised and frightened at what it finds.”

Mike is talking about Clang, in a post I found via Brent Simmons. Dave Orchard also mentioned it.

My Mozilla coworker Nicholas Nethercote has been working on the OS X version of Valgrind.

I decided to poke around my macbook’s Applications folder with this tool. It wasn’t pretty.

==65875==
==65875== Thread 9:
==65875== Mismatched free() / delete / delete []
==65875== at 0xC6E607: operator delete(void*) (vg_replace_malloc.c:341)
==65875== by 0x602DEA: (within ./Skype)
==65875== by 0x21E1F51: thread_start (in /usr/lib/libSystem.B.dylib)
==65875== by 0xFFFFFFFF: ???
==65875== Address 0x7f02830 is 0 bytes inside a block of size 72 alloc'd
==65875== at 0xC6DC6F: operator new[](unsigned long) (vg_replace_malloc.c:260)
==65875== by 0x6020E2: (within ./Skype)
==65875== by 0xFFFFFFFF: ???

We’ve been running Valgrind on the Linux version of Firefox for years, so we’re doing better than most (there are also some false positives that we ignore using a suppression file). It is possible to browse the Web and otherwise interact with the program without triggering endless streams of warnings. Unfortunately, I can’t say the same thing for any other application I checked, or the OS itself.

Posted by rsayre Filed in Uncategorized
3 Comments »

3 Responses to “Fear and surprise”

  1. Neil Rashbrook Says:
    March 8th, 2009 at 11:40 am

    Out of interest, what are the actual false positives?

  2. me Says:
    March 9th, 2009 at 5:08 am

    Some optimisations cause false positives, for instance cacheing some value before checking if it is actually there. This will cause a warning in Valgrind because you’re copying an undefined value, but it’s not an error because you never actually use it.

    There’s a lot of these in the base libraries that are optimized for speed as opposed to clean design, like the C library.

    Great news that valgrind is being/has been ported to Mac OS X!

  3. Robert Sayre Says:
    March 9th, 2009 at 9:56 am

    Actually, I don’t think Valgrind warns for copying undefined values. This is one advantage it has over similar tools. Mozilla bug 407860 is a case of a false positive. There are a few similar ones in NSS, iirc.