In new enough versions of GCC, ‘-fstack-check’ may be able to ensure an
overflow is recognised by the system before too much damage is done, or
‘-fstack-limit-symbol’ or ‘-fstack-limit-register’ may be able to
add checking if the system itself doesn't do any (see Options for Code Generation).
These options must be added to the ‘CFLAGS’ used in the GMP build
(see Build Options), adding them just to an application will have no
effect. Note also they're a slowdown, adding overhead to each function call
and each stack allocation.
init GMP variables will have unpredictable effects, and
corruption arising elsewhere in a program may well affect GMP. Initializing
GMP variables more than once or failing to clear them will cause memory leaks.
In all such cases a malloc debugger is recommended. On a GNU or BSD
system the standard C library malloc has some diagnostic facilities,
see Allocation Debugging, or ‘man 3 malloc’. Other possibilities, in no
particular order, include
http://www.inf.ethz.ch/personal/biere/projects/ccmalloc/
http://dmalloc.com/
http://www.perens.com/FreeSoftware/ (electric fence)
http://packages.debian.org/stable/devel/fda
http://www.gnupdate.org/components/leakbug/
http://people.redhat.com/~otaylor/memprof/
http://www.cbmamiga.demon.co.uk/mpatrol/
The GMP default allocation routines in memory.c also have a simple
sentinel scheme which can be enabled with #define DEBUG in that file.
This is mainly designed for detecting buffer overruns during GMP development,
but might find other uses.
cd /my/build/dir
/my/source/dir/gmp-6.0.0/configure
This works via VPATH, and might require GNU make.
Alternately it might be possible to change the .c.lo rules
appropriately.
Applications using the low-level mpn functions, however, will benefit
from --enable-assert since it adds checks on the parameters of most
such functions, many of which have subtle restrictions on their usage. Note
however that only the generic C code has checks, not the assembly code, so
--disable-assembly should be used for maximum checking.
malloc (or
the allocation function set with mp_set_memory_functions).
This can help a malloc debugger detect accesses outside the intended bounds,
or detect memory not released. In a normal build, on the other hand,
temporary memory is allocated in blocks which GMP divides up for its own use,
or may be allocated with a compiler builtin alloca which will go
nowhere near any malloc debugger hooks.
./configure --disable-shared --enable-assert \
--enable-alloca=debug --disable-assembly CFLAGS=-g
For C++, add ‘--enable-cxx CXXFLAGS=-g’.
A build of GMP with checking within GMP itself can be made. This will run very very slowly. On GNU/Linux for example,
./configure --disable-assembly CC=checkergcc
--disable-assembly must be used, since the GMP assembly code doesn't
support the checking scheme. The GMP C++ features cannot be used, since
current versions of checker (0.9.9.1) don't yet support the standard C++
library.
Valgrind does not always support every possible instruction, in particular ones recently added to an ISA. Valgrind might therefore be incompatible with a recent GMP or even a less recent GMP which is compiled using a recent GCC.
GMP's assembly code sometimes promotes a read of the limbs to some larger size,
for efficiency. GMP will do this even at the start and end of a multilimb
operand, using naturally aligned operations on the larger type. This may lead
to benign reads outside of allocated areas, triggering complaints from
Valgrind. Valgrind's option ‘--partial-loads-ok=yes’ should help.