如何在C中检测/配置内存（堆，指针）读写？

Question

I know this might be a bit vague and far-fetched (sorry, stackoverflow police!).

Is there a way, without external forces, to instrument (track basically) each pointer access and track reads and writes - either general reads/writes or quantity of reads/writes per access. Bonus if it can be done for all variables and differentiate between stack and heap ones.

Is there a way to wrap pointers in general or should this be done via custom heap? Even with custom heap I can't think of a way.

Ultimately I'd like to see a visual representation of said logs that would show me variables represented as blocks (of bytes or multiples of) and heatmap over them for reads and writes.

Ultra simple example:

int i = 5;
int *j = &i;

printf("%d", *j); /* Log would write *j was accessed for read and read sizeof(int) bytes

Attempt of rephrasing in more concise manner:

(How) can I intercept (and log) access to a pointer in C without external instrumentation of binary? - bonus if I can distinguish between read and write and get name of the pointer and size of read/write in bytes.

Answer 1

I guess (or hope for you) that you are developing on Linux/x86-64 with a recent GCC (5.2 in october 2015) or perhaps Clang/LLVM compiler (3.7).

I also guess that you are tracking a naughty bug, and not asking this (too broad) question from a purely theoretical point of view.

^{(Notice that practically there is no simple answer to your question, because in practice C compilers produce machine code close to the hardware, and most hardware do not have sophisticated instrumentations like the one you dream of)}

Of course, compile with all warnings and debug info ( gcc -Wall -Wextra -g ). Use the debugger ( gdb ), notably its watchpoint facilities which are related to your issue. Use also valgrind . Notice also that GDB (recent versions like 7.10) is scriptable in Python (or Guile), and you could code some scripts for GDB to assist you.

Notice also that recent GCC & Clang/LLVM have several sanitizers. Use some of the -fsanitize= debugging options , notably the address sanitizer with -fsanitize=address ; they are instrumenting the code to help in detecting pointer accesses, so they are sort-of doing what you want. Of course, the performance of the instrumented generated code is decreasing (depending on the sanitizer, can be 10 or 20% or a factor of 50x).

At last, you might even consider adding your own instrumentation by customizing your compiler , eg with MELT -a high level domain specific language designed for such customization tasks for GCC. This would take months of work, unless you are already familiar with GCC internals (then, only several weeks). You could add an "optimization" pass inside GCC which would instrument (by changing the Gimple code) whatever accesses or stores you want.

Read more about aspect-oriented programming .

Notice also that if your C code is generated, that is if you are meta-programming , then changing the C code generator might be very relevant. Read more about reflection and homoiconicity . Dynamic software updating is also related to your issues.

Look also into profiling tools like oprofile and into sound static source analyzers like Frama-C .

You could also run your program inside some (instrumenting) emulator (like Qemu , Unisim , etc...).

You might also compile for a fictitious architecture like MMIX and instrument its emulator.