通过libUSB内存泄漏同步读取中断传输数据
Memory leak synchronous reading interrupt transfer data via libUSB
我发现内存泄漏通过同步使用 libUSB 的 USB 中断传输读取数据。我的简单用户程序本身没有使用任何动态内存分配。 libusb 在内部过度使用动态内存分配。通信流按预期工作。使用 libusb_interrupt_transfer 后是否有释放任何内部动态内存的特殊函数?有谁知道是什么导致运行时内存不断增加?
我的协议实现了双向握手。因此,一个简单的数据交换会导致 OUT(request)、IN(Ack/Nack)、IN(Response) 和 OUT(Ack/Nack) 传输。报告大小为32字节,outEndpointAddr为1,inEndpointAddr为129,这里是相关的代码片段。
int main (void)
{
uint32_t devFound = 0;
uint32_t devErrors = 0;
...
int libUsbErr = 0;
if(!findSensor(&devFound, &devErrors, &libUsbErr, foundCB))
printf("finding sensor failed %d\n", libUsbErr);
if(!openSensor(mySensor, &libUsbErr))
printf("open sensor failed %d\n", libUsbErr);
int i = 0;
while(1)
{
printf("[%06d] Int Temp %f C\n",i++, readIntTemper());
Delay(0.5);
}
closeSensor(&mySensor, NULL);
closeSensorContext();
return 0;
}
float readIntTemper()
{
static uint8_t tmp[32];
static uint8_t response[32];
...//Prepare request frame
int libUsbErr = 0;
if(!HID_Write(mySensor, tmp, &written, 4000, &libUsbErr))
{
printf("write request failed %d\n", libUsbErr);
return 0;
}
//Read Ack / Nack
if(!HID_Read(mySensor, tmp, &read, 4000, &libUsbErr))
{
printf("Read ACK NACK failed %d\n", libUsbErr);
return 0;
}
...//Test if Ack / Nack
if(!HID_Read(mySensor, response, &read, 4000, &libUsbErr))
{
printf("Read response failed %d\n", libUsbErr);
return 0;
}
... //Prepare ACK
if(!HID_Write(mySensor, tmp, &written, 4000, &libUsbErr))
{
printf("Ack response failed %d\n", libUsbErr);
return 0;
}
...
float* temper = (float*)&response[8];
return *temper;
}
bool HID_Write(const Sensor* sens, uint8_t* repBuf, int* transferred, uint32_t timeout, int* libUsbErr)
{
if(sens == NULL || repBuf == NULL || transferred == NULL)
return returnlibUSBErr(libUsbErr, -1008); ///TODO nice error codes;
if(!sens->claimed)
return returnlibUSBErr(libUsbErr, -1012); ///TODO nice error codes;
int r = libusb_interrupt_transfer(sens->devHandle, sens->outEndpointAddr,
repBuf, sens->outRepSize, transferred, timeout);
if (r < 0)
return returnlibUSBErr(libUsbErr, r);
return returnlibUSBErr(libUsbErr, LIB_USB_OK);
}
bool HID_Read(const Sensor* sens, uint8_t* repBuf, int* read, uint32_t timeout, int* libUsbErr)
{
if(sens == NULL || read == NULL)
return returnlibUSBErr(libUsbErr, -1008); ///TODO nice error codes;
if(!sens->claimed)
return returnlibUSBErr(libUsbErr, -1012); ///TODO nice error codes;
int r = libusb_interrupt_transfer(sens->devHandle, sens->inEndpointAddr, repBuf,sens->inRepSize, read, timeout);
if (r < 0)
return returnlibUSBErr(libUsbErr, r);
return returnlibUSBErr(libUsbErr, LIB_USB_OK);
}
编辑
如果按照此说明监控内存使用情况:
为了找到漏洞,我使用了 UMDH Windows 工具,就像这里提到的:
问题是我必须使用 CVI NI 编译器来构建我的应用程序。我无法从这个编译器中得到符号 table。所以我的堆转储差异只显示地址。
// Each log entry has the following syntax:
//
// + BYTES_DELTA (NEW_BYTES - OLD_BYTES) NEW_COUNT allocs BackTrace TRACEID
// + COUNT_DELTA (NEW_COUNT - OLD_COUNT) BackTrace TRACEID allocations
// ... stack trace ...
//
// where:
//
// BYTES_DELTA - increase in bytes between before and after log
// NEW_BYTES - bytes in after log
// OLD_BYTES - bytes in before log
// COUNT_DELTA - increase in allocations between before and after log
// NEW_COUNT - number of allocations in after log
// OLD_COUNT - number of allocations in before log
// TRACEID - decimal index of the stack trace in the trace database
// (can be used to search for allocation instances in the original
// UMDH logs).
//
+ 80000 ( 80000 - 0) 1 allocs BackTrace4920B3C
+ 1 ( 1 - 0) BackTrace4920B3C allocations
ntdll!RtlAllocateHeap+274
cvirte!LoadExternalModule+291EC
cvirte!CVIDynamicMemoryInfo+12B6
cvirte!CVIDynamicMemoryInfo+1528
cvirte!CVIDynamicMemoryInfo+1AF9
cvirte!mblen+84D
cvirte!_CVI_Resource_Acquire+116
cvirte!malloc+68
libUSB_HID!???+0 : 41DCE8
libUSB_HID!???+0 : 4E95C7
libUSB_HID!???+0 : 4C13BE
libUSB_HID!???+0 : 4BA09D
libUSB_HID!???+0 : 4C7ABA
libUSB_HID!???+0 : 4F92F0
libUSB_HID!???+0 : 4FB3BD
libUSB_HID!???+0 : 4FC50E
libUSB_HID!???+0 : 415C31
libUSB_HID!???+0 : 408847
libUSB_HID!???+0 : 402967
libUSB_HID!???+0 : 41B51E
libUSB_HID!???+0 : 41A021
kernel32!BaseThreadInitThunk+E
ntdll!__RtlUserThreadStart+70
我还将 libUSB 中的所有 free、alloc、calloc 和 realloc cmd 替换为我自己的跟踪每个内存请求的实现。此跟踪未显示任何内存泄漏。正如预期的那样,分配的字节数在运行期间保持不变。不管怎样,UMDH 工具显示了堆分配差异。所以我完全不知道下一个 atm 测试什么。
My simple user program is not using any dynamic memory allocation.
不幸的是,那些 libusb_xxx_transfer 函数在内部用 malloc() 做事。但也支持在退出给调用者之前做相应的free()。
该内存通常不会返回给 OS,而是保留在应用程序中以供下一次 malloc() 调用使用。因此,您会在任务管理器中看到一些内存使用。
这就是为什么您需要更好的工具来检测实际内存泄漏,例如 valgrind。
抱歉,我将我的程序移植到 minGW gcc,一切都按预期工作。看来我为 CVI 编译器移植的 libusb 并不完全正确。现在我使用标准 dll,内存泄漏消失了。
我发现内存泄漏通过同步使用 libUSB 的 USB 中断传输读取数据。我的简单用户程序本身没有使用任何动态内存分配。 libusb 在内部过度使用动态内存分配。通信流按预期工作。使用 libusb_interrupt_transfer 后是否有释放任何内部动态内存的特殊函数?有谁知道是什么导致运行时内存不断增加?
我的协议实现了双向握手。因此,一个简单的数据交换会导致 OUT(request)、IN(Ack/Nack)、IN(Response) 和 OUT(Ack/Nack) 传输。报告大小为32字节,outEndpointAddr为1,inEndpointAddr为129,这里是相关的代码片段。
int main (void)
{
uint32_t devFound = 0;
uint32_t devErrors = 0;
...
int libUsbErr = 0;
if(!findSensor(&devFound, &devErrors, &libUsbErr, foundCB))
printf("finding sensor failed %d\n", libUsbErr);
if(!openSensor(mySensor, &libUsbErr))
printf("open sensor failed %d\n", libUsbErr);
int i = 0;
while(1)
{
printf("[%06d] Int Temp %f C\n",i++, readIntTemper());
Delay(0.5);
}
closeSensor(&mySensor, NULL);
closeSensorContext();
return 0;
}
float readIntTemper()
{
static uint8_t tmp[32];
static uint8_t response[32];
...//Prepare request frame
int libUsbErr = 0;
if(!HID_Write(mySensor, tmp, &written, 4000, &libUsbErr))
{
printf("write request failed %d\n", libUsbErr);
return 0;
}
//Read Ack / Nack
if(!HID_Read(mySensor, tmp, &read, 4000, &libUsbErr))
{
printf("Read ACK NACK failed %d\n", libUsbErr);
return 0;
}
...//Test if Ack / Nack
if(!HID_Read(mySensor, response, &read, 4000, &libUsbErr))
{
printf("Read response failed %d\n", libUsbErr);
return 0;
}
... //Prepare ACK
if(!HID_Write(mySensor, tmp, &written, 4000, &libUsbErr))
{
printf("Ack response failed %d\n", libUsbErr);
return 0;
}
...
float* temper = (float*)&response[8];
return *temper;
}
bool HID_Write(const Sensor* sens, uint8_t* repBuf, int* transferred, uint32_t timeout, int* libUsbErr)
{
if(sens == NULL || repBuf == NULL || transferred == NULL)
return returnlibUSBErr(libUsbErr, -1008); ///TODO nice error codes;
if(!sens->claimed)
return returnlibUSBErr(libUsbErr, -1012); ///TODO nice error codes;
int r = libusb_interrupt_transfer(sens->devHandle, sens->outEndpointAddr,
repBuf, sens->outRepSize, transferred, timeout);
if (r < 0)
return returnlibUSBErr(libUsbErr, r);
return returnlibUSBErr(libUsbErr, LIB_USB_OK);
}
bool HID_Read(const Sensor* sens, uint8_t* repBuf, int* read, uint32_t timeout, int* libUsbErr)
{
if(sens == NULL || read == NULL)
return returnlibUSBErr(libUsbErr, -1008); ///TODO nice error codes;
if(!sens->claimed)
return returnlibUSBErr(libUsbErr, -1012); ///TODO nice error codes;
int r = libusb_interrupt_transfer(sens->devHandle, sens->inEndpointAddr, repBuf,sens->inRepSize, read, timeout);
if (r < 0)
return returnlibUSBErr(libUsbErr, r);
return returnlibUSBErr(libUsbErr, LIB_USB_OK);
}
编辑
如果按照此说明监控内存使用情况:
为了找到漏洞,我使用了 UMDH Windows 工具,就像这里提到的:
问题是我必须使用 CVI NI 编译器来构建我的应用程序。我无法从这个编译器中得到符号 table。所以我的堆转储差异只显示地址。
// Each log entry has the following syntax:
//
// + BYTES_DELTA (NEW_BYTES - OLD_BYTES) NEW_COUNT allocs BackTrace TRACEID
// + COUNT_DELTA (NEW_COUNT - OLD_COUNT) BackTrace TRACEID allocations
// ... stack trace ...
//
// where:
//
// BYTES_DELTA - increase in bytes between before and after log
// NEW_BYTES - bytes in after log
// OLD_BYTES - bytes in before log
// COUNT_DELTA - increase in allocations between before and after log
// NEW_COUNT - number of allocations in after log
// OLD_COUNT - number of allocations in before log
// TRACEID - decimal index of the stack trace in the trace database
// (can be used to search for allocation instances in the original
// UMDH logs).
//
+ 80000 ( 80000 - 0) 1 allocs BackTrace4920B3C
+ 1 ( 1 - 0) BackTrace4920B3C allocations
ntdll!RtlAllocateHeap+274
cvirte!LoadExternalModule+291EC
cvirte!CVIDynamicMemoryInfo+12B6
cvirte!CVIDynamicMemoryInfo+1528
cvirte!CVIDynamicMemoryInfo+1AF9
cvirte!mblen+84D
cvirte!_CVI_Resource_Acquire+116
cvirte!malloc+68
libUSB_HID!???+0 : 41DCE8
libUSB_HID!???+0 : 4E95C7
libUSB_HID!???+0 : 4C13BE
libUSB_HID!???+0 : 4BA09D
libUSB_HID!???+0 : 4C7ABA
libUSB_HID!???+0 : 4F92F0
libUSB_HID!???+0 : 4FB3BD
libUSB_HID!???+0 : 4FC50E
libUSB_HID!???+0 : 415C31
libUSB_HID!???+0 : 408847
libUSB_HID!???+0 : 402967
libUSB_HID!???+0 : 41B51E
libUSB_HID!???+0 : 41A021
kernel32!BaseThreadInitThunk+E
ntdll!__RtlUserThreadStart+70
我还将 libUSB 中的所有 free、alloc、calloc 和 realloc cmd 替换为我自己的跟踪每个内存请求的实现。此跟踪未显示任何内存泄漏。正如预期的那样,分配的字节数在运行期间保持不变。不管怎样,UMDH 工具显示了堆分配差异。所以我完全不知道下一个 atm 测试什么。
My simple user program is not using any dynamic memory allocation.
不幸的是,那些 libusb_xxx_transfer 函数在内部用 malloc() 做事。但也支持在退出给调用者之前做相应的free()。
该内存通常不会返回给 OS,而是保留在应用程序中以供下一次 malloc() 调用使用。因此,您会在任务管理器中看到一些内存使用。
这就是为什么您需要更好的工具来检测实际内存泄漏,例如 valgrind。
抱歉,我将我的程序移植到 minGW gcc,一切都按预期工作。看来我为 CVI 编译器移植的 libusb 并不完全正确。现在我使用标准 dll,内存泄漏消失了。