1 <?xml version="1.0"?> <!-- -*- sgml -*- -->
2 <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
4 [ <!ENTITY % vg-entities SYSTEM "vg-entities.xml"> %vg-entities; ]>
7 <chapter id="manual-writing-tools" xreflabel="Writing a New Valgrind Tool">
8 <title>Writing a New Valgrind Tool</title>
10 So you want to write a Valgrind tool? Here are some instructions that may
13 <sect1 id="manual-writing-tools.intro" xreflabel="Introduction">
14 <title>Introduction</title>
16 <para>The key idea behind Valgrind's architecture is the division
17 between its <emphasis>core</emphasis> and <emphasis>tools</emphasis>.</para>
19 <para>The core provides the common low-level infrastructure to
20 support program instrumentation, including the JIT
21 compiler, low-level memory manager, signal handling and a
22 thread scheduler. It also provides certain services that
23 are useful to some but not all tools, such as support for error
24 recording, and support for replacing heap allocation functions such as
25 <function>malloc</function>.</para>
27 <para>But the core leaves certain operations undefined, which
28 must be filled by tools. Most notably, tools define how program
29 code should be instrumented. They can also call certain
30 functions to indicate to the core that they would like to use
31 certain services, or be notified when certain interesting events
32 occur. But the core takes care of all the hard work.</para>
38 <sect1 id="manual-writing-tools.writingatool" xreflabel="Basics">
41 <sect2 id="manual-writing-tools.howtoolswork" xreflabel="How tools work">
42 <title>How tools work</title>
44 <para>Tools must define various functions for instrumenting programs
45 that are called by Valgrind's core. They are then linked against
46 Valgrind's core to define a complete Valgrind tool which will be used
47 when the <option>--tool</option> option is used to select it.</para>
52 <sect2 id="manual-writing-tools.gettingcode" xreflabel="Getting the code">
53 <title>Getting the code</title>
55 <para>To write your own tool, you'll need the Valgrind source code. You'll
56 need a clone from the git repository for the automake/autoconf
57 build instructions to work. See the information about how to do clone
58 from the repository at <ulink url="&vg-repo-url;">the Valgrind
59 website</ulink>.</para>
64 <sect2 id="manual-writing-tools.gettingstarted" xreflabel="Getting started">
65 <title>Getting started</title>
67 <para>Valgrind uses GNU <computeroutput>automake</computeroutput> and
68 <computeroutput>autoconf</computeroutput> for the creation of Makefiles
69 and configuration. But don't worry, these instructions should be enough
70 to get you started even if you know nothing about those tools.</para>
72 <para>In what follows, all filenames are relative to Valgrind's
73 top-level directory <computeroutput>valgrind/</computeroutput>.</para>
77 <para>Choose a name for the tool, and a two-letter abbreviation that can
78 be used as a short prefix. We'll use
79 <computeroutput>foobar</computeroutput> and
80 <computeroutput>fb</computeroutput> as an example.</para>
84 <para>Make three new directories <filename>foobar/</filename>,
85 <filename>foobar/docs/</filename> and
86 <filename>foobar/tests/</filename>.
91 <para>Create an empty file <filename>foobar/tests/Makefile.am</filename>.
96 <para>Copy <filename>none/Makefile.am</filename> into
97 <filename>foobar/</filename>. Edit it by replacing all
98 occurrences of the strings
99 <computeroutput>"none"</computeroutput>,
100 <computeroutput>"nl_"</computeroutput> and
101 <computeroutput>"nl-"</computeroutput> with
102 <computeroutput>"foobar"</computeroutput>,
103 <computeroutput>"fb_"</computeroutput> and
104 <computeroutput>"fb-"</computeroutput> respectively.</para>
108 <para>Copy <filename>none/nl_main.c</filename> into
109 <computeroutput>foobar/</computeroutput>, renaming it as
110 <filename>fb_main.c</filename>. Edit it by changing the
111 <computeroutput>details</computeroutput> lines in
112 <function>nl_pre_clo_init</function> to something appropriate for the
113 tool. These fields are used in the startup message, except for
114 <computeroutput>bug_reports_to</computeroutput> which is used if a
115 tool assertion fails. Also, replace the string
116 <computeroutput>"nl_"</computeroutput> throughout with
117 <computeroutput>"fb_"</computeroutput> again.</para>
121 <para>Edit <filename>Makefile.am</filename>, adding the new directory
122 <filename>foobar</filename> to the
123 <computeroutput>TOOLS</computeroutput> or
124 <computeroutput>EXP_TOOLS</computeroutput> variables.</para>
128 <para>Edit <filename>configure.in</filename>, adding
129 <filename>foobar/Makefile</filename> and
130 <filename>foobar/tests/Makefile</filename> to the
131 <computeroutput>AC_OUTPUT</computeroutput> list.</para>
136 <programlisting><![CDATA[
138 ./configure --prefix=`pwd`/inst
140 make install]]></programlisting>
142 <para>It should automake, configure and compile without errors,
143 putting copies of the tool in
144 <filename>foobar/</filename> and
145 <filename>inst/lib/valgrind/</filename>.</para>
149 <para>You can test it with a command like:</para>
150 <programlisting><![CDATA[
151 inst/bin/valgrind --tool=foobar date]]></programlisting>
153 <para>(almost any program should work;
154 <computeroutput>date</computeroutput> is just an example).
155 The output should be something like this:</para>
156 <programlisting><![CDATA[
157 ==738== foobar-0.0.1, a foobarring tool.
158 ==738== Copyright (C) 2002-2017, and GNU GPL'd, by J. Programmer.
159 ==738== Using Valgrind-3.14.0.GIT and LibVEX; rerun with -h for copyright info
160 ==738== Command: date
162 Tue Nov 27 12:40:49 EST 2017
163 ==738==]]></programlisting>
165 <para>The tool does nothing except run the program uninstrumented.</para>
170 <para>These steps don't have to be followed exactly -- you can choose
171 different names for your source files, and use a different
172 <option>--prefix</option> for
173 <computeroutput>./configure</computeroutput>.</para>
175 <para>Now that we've setup, built and tested the simplest possible tool,
176 onto the interesting stuff...</para>
182 <sect2 id="manual-writing-tools.writingcode" xreflabel="Writing the Code">
183 <title>Writing the code</title>
185 <para>A tool must define at least these four functions:</para>
186 <programlisting><![CDATA[
190 fini()]]></programlisting>
192 <para>The names can be different to the above, but these are the usual
193 names. The first one is registered using the macro
194 <computeroutput>VG_DETERMINE_INTERFACE_VERSION</computeroutput>.
195 The last three are registered using the
196 <computeroutput>VG_(basic_tool_funcs)</computeroutput> function.</para>
198 <para>In addition, if a tool wants to use some of the optional services
199 provided by the core, it may have to define other functions and tell the
200 core about them.</para>
206 <sect2 id="manual-writing-tools.init" xreflabel="Initialisation">
207 <title>Initialisation</title>
209 <para>Most of the initialisation should be done in
210 <function>pre_clo_init</function>. Only use
211 <function>post_clo_init</function> if a tool provides command line
212 options and must do some initialisation after option processing takes
213 place (<computeroutput>"clo"</computeroutput> stands for "command line
216 <para>First of all, various "details" need to be set for a tool, using
217 the functions <function>VG_(details_*)</function>. Some are all
218 compulsory, some aren't. Some are used when constructing the startup
219 message, <computeroutput>detail_bug_reports_to</computeroutput> is used
220 if <computeroutput>VG_(tool_panic)</computeroutput> is ever called, or
221 a tool assertion fails. Others have other uses.</para>
223 <para>Second, various "needs" can be set for a tool, using the functions
224 <function>VG_(needs_*)</function>. They are mostly booleans, and can
225 be left untouched (they default to <varname>False</varname>). They
226 determine whether a tool can do various things such as: record, report
227 and suppress errors; process command line options; wrap system calls;
228 record extra information about heap blocks; etc.</para>
230 <para>For example, if a tool wants the core's help in recording and
231 reporting errors, it must call
232 <function>VG_(needs_tool_errors)</function> and provide definitions of
233 eight functions for comparing errors, printing out errors, reading
234 suppressions from a suppressions file, etc. While writing these
235 functions requires some work, it's much less than doing error handling
236 from scratch because the core is doing most of the work.
239 <para>Third, the tool can indicate which events in core it wants to be
240 notified about, using the functions <function>VG_(track_*)</function>.
241 These include things such as heap blocks being allocated, the stack
242 pointer changing, a mutex being locked, etc. If a tool wants to know
243 about this, it should provide a pointer to a function, which will be
244 called when that event happens.</para>
246 <para>For example, if the tool want to be notified when a new heap block
247 is allocated, it should call
248 <function>VG_(track_new_mem_heap)</function> with an appropriate
249 function pointer, and the assigned function will be called each time
252 <para>More information about "details", "needs" and "trackable events"
254 <filename>include/pub_tool_tooliface.h</filename>.</para>
260 <sect2 id="manual-writing-tools.instr" xreflabel="Instrumentation">
261 <title>Instrumentation</title>
263 <para><function>instrument</function> is the interesting one. It
264 allows you to instrument <emphasis>VEX IR</emphasis>, which is
265 Valgrind's RISC-like intermediate language. VEX IR is described
266 in the comments of the header file
267 <filename>VEX/pub/libvex_ir.h</filename>.</para>
269 <para>The easiest way to instrument VEX IR is to insert calls to C
270 functions when interesting things happen. See the tool "Lackey"
271 (<filename>lackey/lk_main.c</filename>) for a simple example of this, or
272 Cachegrind (<filename>cachegrind/cg_main.c</filename>) for a more
273 complex example.</para>
279 <sect2 id="manual-writing-tools.fini" xreflabel="Finalisation">
280 <title>Finalisation</title>
282 <para>This is where you can present the final results, such as a summary
283 of the information collected. Any log files should be written out at
290 <sect2 id="manual-writing-tools.otherinfo" xreflabel="Other Important Information">
291 <title>Other Important Information</title>
293 <para>Please note that the core/tool split infrastructure is quite
294 complex and not brilliantly documented. Here are some important points,
295 but there are undoubtedly many others that I should note but haven't
298 <para>The files <filename>include/pub_tool_*.h</filename> contain all the
299 types, macros, functions, etc. that a tool should (hopefully) need, and are
300 the only <filename>.h</filename> files a tool should need to
301 <computeroutput>#include</computeroutput>. They have a reasonable amount of
302 documentation in it that should hopefully be enough to get you going.</para>
304 <para>Note that you can't use anything from the C library (there
305 are deep reasons for this, trust us). Valgrind provides an
306 implementation of a reasonable subset of the C library, details of which
307 are in <filename>pub_tool_libc*.h</filename>.</para>
309 <para>When writing a tool, in theory you shouldn't need to look at any of
310 the code in Valgrind's core, but in practice it might be useful sometimes to
311 help understand something.</para>
313 <para>The <filename>include/pub_tool_basics.h</filename> and
314 <filename>VEX/pub/libvex_basictypes.h</filename> files have some basic
315 types that are widely used.</para>
317 <para>Ultimately, the tools distributed (Memcheck, Cachegrind, Lackey, etc.)
318 are probably the best documentation of all, for the moment.</para>
320 <para>The <computeroutput>VG_</computeroutput> macro is used
321 heavily. This just prepends a longer string in front of names to avoid
322 potential namespace clashes. It is defined in
323 <filename>include/pub_tool_basics.h</filename>.</para>
325 <para>There are some assorted notes about various aspects of the
326 implementation in <filename>docs/internals/</filename>. Much of it
327 isn't that relevant to tool-writers, however.</para>
336 <sect1 id="manual-writing-tools.advtopics" xreflabel="Advanced Topics">
337 <title>Advanced Topics</title>
339 <para>Once a tool becomes more complicated, there are some extra
340 things you may want/need to do.</para>
342 <sect2 id="manual-writing-tools.advice" xreflabel="Debugging Tips">
343 <title>Debugging Tips</title>
345 <para>Writing and debugging tools is not trivial. Here are some
346 suggestions for solving common problems.</para>
348 <para>If you are getting segmentation faults in C functions used by your
349 tool, the usual GDB command:</para>
352 gdb <prog> core]]></screen>
353 <para>usually gives the location of the segmentation fault.</para>
355 <para>If you want to debug C functions used by your tool, there are
356 instructions on how to do so in the file
357 <filename>README_DEVELOPERS</filename>.</para>
359 <para>If you are having problems with your VEX IR instrumentation, it's
360 likely that GDB won't be able to help at all. In this case, Valgrind's
361 <option>--trace-flags</option> option is invaluable for observing the
362 results of instrumentation.</para>
364 <para>If you just want to know whether a program point has been reached,
365 using the <computeroutput>OINK</computeroutput> macro (in
366 <filename>include/pub_tool_libcprint.h</filename>) can be easier than
369 <para>The other debugging command line options can be useful too (run
370 <computeroutput>valgrind --help-debug</computeroutput> for the
375 <sect2 id="manual-writing-tools.suppressions" xreflabel="Suppressions">
376 <title>Suppressions</title>
378 <para>If your tool reports errors and you want to suppress some common
379 ones, you can add suppressions to the suppression files. The relevant
380 files are <filename>*.supp</filename>; the final suppression
381 file is aggregated from these files by combining the relevant
382 <filename>.supp</filename> files depending on the versions of linux, X
383 and glibc on a system.</para>
385 <para>Suppression types have the form
386 <computeroutput>tool_name:suppression_name</computeroutput>. The
387 <computeroutput>tool_name</computeroutput> here is the name you specify
388 for the tool during initialisation with
389 <function>VG_(details_name)</function>.</para>
394 <sect2 id="manual-writing-tools.docs" xreflabel="Documentation">
395 <title>Documentation</title>
397 <para>If you are feeling conscientious and want to write some
398 documentation for your tool, please use XML as the rest of Valgrind does.
399 The file <filename>docs/README</filename> has more details on getting
400 the XML toolchain to work; this can be difficult, unfortunately.</para>
402 <para>To write the documentation, follow these steps (using
403 <computeroutput>foobar</computeroutput> as the example tool name
410 <computeroutput>foobar/docs/</computeroutput>, which you will
411 have created when you started writing the tool.</para>
415 <para>Copy the XML documentation file for the tool Nulgrind from
416 <filename>none/docs/nl-manual.xml</filename> to
417 <computeroutput>foobar/docs/</computeroutput>, and rename it to
418 <filename>foobar/docs/fb-manual.xml</filename>.</para>
420 <para><command>Note</command>: there is a tetex bug
421 involving underscores in filenames, so don't use '_'.</para>
425 <para>Write the documentation. There are some helpful bits and
426 pieces on using XML markup in
427 <filename>docs/xml/xml_help.txt</filename>.</para>
431 <para>Include it in the User Manual by adding the relevant entry to
432 <filename>docs/xml/manual.xml</filename>. Copy and edit an
433 existing entry.</para>
437 <para>Include it in the man page by adding the relevant entry to
438 <filename>docs/xml/valgrind-manpage.xml</filename>. Copy and
439 edit an existing entry.</para>
443 <para>Validate <filename>foobar/docs/fb-manual.xml</filename> using
444 the following command from within <filename>docs/</filename>:
450 <para>You may get errors that look like this:</para>
453 ./xml/index.xml:5: element chapter: validity error : No declaration for
454 attribute base of element chapter
457 <para>Ignore (only) these -- they're not important.</para>
459 <para>Because the XML toolchain is fragile, it is important to ensure
460 that <filename>fb-manual.xml</filename> won't break the documentation
461 set build. Note that just because an XML file happily transforms to
462 html does not necessarily mean the same holds true for pdf/ps.</para>
466 <para>You can (re-)generate the HTML docs while you are writing
467 <filename>fb-manual.xml</filename> to help you see how it's looking.
468 The generated files end up in
469 <filename>docs/html/</filename>. Use the following
470 command, within <filename>docs/</filename>:</para>
477 <para>When you have finished, try to generate PDF and PostScript output to
478 check all is well, from within <filename>docs/</filename>:
484 <para>Check the output <filename>.pdf</filename> and
485 <filename>.ps</filename> files in
486 <computeroutput>docs/print/</computeroutput>.</para>
488 <para>Note that the toolchain is even more fragile for the print docs,
489 so don't feel too bad if you can't get it working.</para>
497 <sect2 id="manual-writing-tools.regtests" xreflabel="Regression Tests">
498 <title>Regression Tests</title>
500 <para>Valgrind has some support for regression tests. If you want to
501 write regression tests for your tool:</para>
505 <para>The tests go in <computeroutput>foobar/tests/</computeroutput>,
506 which you will have created when you started writing the tool.</para>
510 <para>Write <filename>foobar/tests/Makefile.am</filename>. Use
511 <filename>memcheck/tests/Makefile.am</filename> as an
516 <para>Write the tests, <computeroutput>.vgtest</computeroutput> test
517 description files, <computeroutput>.stdout.exp</computeroutput> and
518 <computeroutput>.stderr.exp</computeroutput> expected output files.
519 (Note that Valgrind's output goes to stderr.) Some details on
520 writing and running tests are given in the comments at the top of
522 <computeroutput>tests/vg_regtest</computeroutput>.</para>
526 <para>Write a filter for stderr results
527 <computeroutput>foobar/tests/filter_stderr</computeroutput>. It can
528 call the existing filters in
529 <computeroutput>tests/</computeroutput>. See
530 <computeroutput>memcheck/tests/filter_stderr</computeroutput> for an
531 example; in particular note the
532 <computeroutput>$dir</computeroutput> trick that ensures the filter
533 works correctly from any directory.</para>
542 <sect2 id="manual-writing-tools.profiling" xreflabel="Profiling">
543 <title>Profiling</title>
545 <para>Lots of profiling tools have trouble running Valgrind. For example,
546 trying to use gprof is hopeless.</para>
548 <para>Probably the best way to profile a tool is with OProfile on Linux.</para>
550 <para>You can also use Cachegrind on it. Read
551 <filename>README_DEVELOPERS</filename> for details on running Valgrind under
552 Valgrind; it's a bit fragile but can usually be made to work.</para>
558 <sect2 id="manual-writing-tools.mkhackery" xreflabel="Other Makefile Hackery">
559 <title>Other Makefile Hackery</title>
561 <para>If you add any directories under
562 <computeroutput>foobar/</computeroutput>, you will need to add
563 an appropriate <filename>Makefile.am</filename> to it, and add a
564 corresponding entry to the <computeroutput>AC_OUTPUT</computeroutput>
565 list in <filename>configure.in</filename>.</para>
567 <para>If you add any scripts to your tool (see Cachegrind for an
568 example) you need to add them to the
569 <computeroutput>bin_SCRIPTS</computeroutput> variable in
570 <filename>foobar/Makefile.am</filename> and possible also to the
571 <computeroutput>AC_OUTPUT</computeroutput> list in
572 <filename>configure.in</filename>.</para>
578 <sect2 id="manual-writing-tools.ifacever" xreflabel="Core/tool Interface Versions">
579 <title>The Core/tool Interface</title>
581 <para>The core/tool interface evolves over time, but it's pretty stable.
582 We deliberately do not provide backward compatibility with old interfaces,
583 because it is too difficult and too restrictive. We view this as a good
584 thing -- if we had to be backward compatible with earlier versions, many
585 improvements now in the system could not have been added.</para>
587 <para>Because tools are statically linked with the core, if a tool compiles
588 successfully then it should be compatible with the core. We would not
589 deliberately violate this property by, for example, changing the behaviour
590 of a core function without changing its prototype.</para>
598 <sect1 id="manual-writing-tools.finalwords" xreflabel="Final Words">
599 <title>Final Words</title>
601 <para>Writing a new Valgrind tool is not easy, but the tools you can write
602 with Valgrind are among the most powerful programming tools there are.
603 Happy programming!</para>