Dr. Memory's behavior can be controlled through options passed to drmemory.exe prior to the "--" delimiter. Boolean options can be disabled using a "-no_" prefix. Here is a list of options along with their default values and descriptions:
- -version
default: false
Display Dr. Memory version
- -dr <string>
default: ""
The path to the DynamoRIO installation to use. Not needed when using a released Dr. Memory package.
- -drmemory <string>
default: ""
The path to the base of the Dr. Memory installation. Not needed when invoking Dr. Memory from an unmodified installation tree.
- -srcfilter <string>
default: ""
Do not show errors that do not reference the named source file somewhere in their callstacks.
- -top_stats
default: false
Primarily for use by developers of the tool. Shows time taken and memory usage of the whole process at the end of the run
- -follow_children
default: true
Monitor child processes by following across execve on Linux or CreateProcess on Windows. On Linux, monitoring always continues across a fork.
- -nudge <int>
default: 0 (minimum: 0, maximum: UINT_MAX)
Use this option to 'nudge' an already-running process in order to request leak checking and other Dr. Memory actions that normally only occur when the process exits.
- -v
default: false
Display verbose information in the Dr. Memory front end
- -skip_results
default: false
Do not produce results while running the application. This can reduce resource usage if the symbol files for the application are large. To obtain the results, after the application run is finished, use the -results option in a separate step.
- -results <string>
default: ""
Use this option as the second step in a -skip_results run. Pass the name of the log directory created by the -skip_results application run. The results.txt will then be filled in.
- -results_app <string>
default: ""
Use this option when invoking -results on a different machine from where the application was run with -skip_results. When -results is invoked without this option also specified, the path to the application that was used to run it with -skip_results is assumed.
- -aggregate <string>
default: ""
Pass a list of log directories to produce an aggregate error report. Useful for applications that consist of a group of separate processes.
- -brief
default: false
Show simplified and easier-to-read error reports that hide STL and CRT source paths, remove executable path prefixes from source files, omit absolute addresses, omit instruction disassembly, and omit thread timestamps
- -logdir <string>
default: "<install>/logs"
Destination base directory for result files and the symbol cache (unless -symcache_dir is specified). A subdirectory inside this base directory is created for each process that is run, along with a single shared symbol cache directory. If you specify a separate base directory for every run, you will lose the benefits of symbol caching, unless you also specify a separate shared cache directory with the -symcache_dir option.
- -verbose <int>
default: 1 (minimum: 0, maximum: 32)
Verbosity level in log files: 0=none, 1=warnings, 2+=diagnostic. Primarily for debugging of Dr. Memory itself.
- -quiet
default: false
Suppress stderr messages and, on Windows, popup messages. Overrides -results_to_stderr and -summary.
- -results_to_stderr
default: true
Print error reports to stderr in addition to results.txt, interleaving them with the application output. The output will be prefixed by ~~Dr.M~~ for the main thread and by the thread id for other threads. This interleaving can make it easier to see which part of an application run raised an error.
- -ignore_asserts
default: false
Display, but do not abort, on asserts in debug build (in release build asserts are automatically disabled).
- -pause_at_error
default: false
Dr. Memory pauses at the point of each error that is identified. On Windows, this pause is a popup window. On Linux, the pause involves waiting for a keystroke, which may not work well if the application reads from stdin. In that case consider -pause_via_loop as an additional option.
- -pause_at_unaddressable
default: false
Dr. Memory pauses at the point of each unaddressable access error that is identified. On Windows, this pause is a popup window. On Linux, the pause involves waiting for a keystroke, which may not work well if the application reads from stdin. In that case consider -pause_via_loop as an additional option.
- -pause_at_uninitialized
default: false
Identical to -pause_at_unaddressable, but applies to uninitialized access errors.
- -pause_at_exit
default: false
Pauses at exit, using the same mechanism described in -pause_at_unaddressable. Meant for examining leaks in the debugger.
- -pause_at_assert
default: false
Dr. Memory pauses at the point of each debug-build assert. On Windows, this pause is a popup window. On Linux, the pause involves waiting for a keystroke, which may not work well if the application reads from stdin. In that case consider -pause_via_loop as an additional option.
- -pause_via_loop
default: false
Used in conjunction with -pause_at_uninitialized and -pause_at_uninitialized on Linux, this option causes Dr. Memory to pause via an infinite loop instead of waiting for stdin. Dr. Memory will not continue beyond the first such error found.
- -callstack_max_frames <int>
default: 12 (minimum: 0, maximum: 4096)
How many call stack frames to record for each error report. A larger maximum will ensure that no call stack is truncated, but can use more memory if many stacks are large, especially if -check_leaks is enabled.
- -callstack_style <int>
default: 0x0301 (minimum: 0, maximum: 0x3ff)
Set of flags that controls the callstack printing style:
-
0x0001 = show frame numbers
-
0x0002 = show absolute address
-
0x0004 = show offset from library base
-
0x0008 = show offset from symbol start: "library!symbol+offs"
-
0x0010 = show offset from line start: "foo.c:44+0x8"
-
0x0020 = "file:line" on separate line
-
0x0040 = "file @ line" instead of "file:line"
-
0x0080 = "symbol library" instead of "library!symbol"
-
0x0100 = put fields in aligned columns
-
0x0200 = show symbol and module offset when symbols are missing
- -callstack_truncate_below <string>
default: "main,wmain,WinMain,wWinMain"
Callstacks will be truncated at any frame that matches any of these ,-separated function names. The function names can contain * or ? wildcards.
- -callstack_modname_hide <string>
default: "*.exe"
Callstack frames will not list module names matching any of these ,-separated patterns. The names can contain * or ? wildcards. The module name will be displayed whenever the function name is uknown, however. The module name will only be hidden for error display purposes: it will still be included when considering suppressions, and it will be included in the generated suppression callstacks.
- -callstack_srcfile_hide <string>
default: ""
Callstack frames will not list source file paths matching any of these ,-separated patterns. The paths can contain * or ? wildcards.
- -callstack_srcfile_prefix <string>
default: ""
Callstack frame source paths that match any of these ,-separated prefixes will be printed without the leading portion up to and including the match.
- -callstack_use_top_fp
default: true
Whether to trust the top-level ebp/rbp register to hold the next frame pointer. Normally this is correct. However, if a frameless function is on top of the stack, using the ebp register can cause a callstack to skip the next function. If this option is set to false, the callstack walk will perform a stack scan at the top of every callstack. This adds additional overhead in exchange for more accuracy. It should not be necessary to disable this option normally, unless an application or one of its static libraries is built with optimizations that omit frame pointers.
- -callstack_max_scan <int>
default: 2048 (minimum: 0, maximum: 16384)
How far to scan to locate the first stack frame when starting in a frameless function, or to locate the next stack frame when crossing loader or glue stub thunks or a signal or exception frame. Increasing this can produce better callstacks but may incur noticeable overhead for applications that make many allocation calls.
- -check_leaks
default: true
Whether to list details of each individual memory leak. If this option is disabled and -count_leaks is enabled, leaks will still be detected, but only the count of leaks will be shown.
- -count_leaks
default: true
Whether to detect memory leaks. Whether details on each leak are shown is controlled by the -check_leaks option. Disabling this option can reduce execution overhead as less information must be kept internally, while disabling -check_leaks will not affect execution overhead.
- -symbol_offsets
default: false
Deprecated: use -callstack_style flag 0x4
- -ignore_early_leaks
default: true
Whether to ignore leaks from memory allocated by system code prior to Dr. Memory taking over.
- -check_leaks_on_destroy
default: true
If enabled, when a heap is destroyed (HeapDestroy on Windows), report any live allocations inside it as possible leaks.
- -possible_leaks
default: true
Whether to list possibly-reachable allocations when leak checking. Requires -check_leaks.
- -check_encoded_pointers
default: true
Check for encoded pointers to eliminate false positives from pointers kept in encoded form.
- -midchunk_size_ok
default: true
Consider allocations reached by a mid-allocation pointer that points past a size field at the head of the allocation to be reachable instead of possibly leaked. Currently this option looks for a very specific pattern. If your application's header is slightly different please contact the authors about generalizing this check.
- -midchunk_new_ok
default: true
Consider allocations reached by a mid-allocation pointer that points past a size field at the head of the allocation that looks like a new[] header to be reachable instead of possibly leaked. A heuristic is used for this identification that is not perfect.
- -midchunk_inheritance_ok
default: true
Consider allocations reached by a mid-allocation pointer that points to a parent class instantiation to be reachable instead of possibly leaked. A heuristic is used for this identification that is not perfect.
- -midchunk_string_ok
default: true
Consider allocations reached by a mid-allocation pointer that points to a char array inside an instance of a std::string representation to be reachable instead of possibly leaked. A heuristic is used for this identification that is not perfect.
- -show_reachable
default: false
Whether to list reachable allocations when leak checking. Requires -check_leaks.
- -suppress <string>
default: ""
File containing errors to suppress. May be repeated. See Suppressing Errors.
- -default_suppress
default: true
Use the set of default suppressions that come with Dr. Memory. See Suppressing Errors.
- -gen_suppress_offs
default: true
Generate mod+offs suppressions in addition to mod!sym suppressions in the output suppress file
- -gen_suppress_syms
default: true
Generate mod!syms suppressions in addition to mod+offs suppressions in the output suppress file
- -show_threads
default: true
Whether to print the callstack of each thread creation point referenced in an error report to the global logfile, which can be useful to identify which thread was involved in the error report. Look for 'NEW THREAD' in the global.pid.log file in the log directory where the results.txt file is found.
- -show_all_threads
default: false
Whether to print the callstack of each thread creation point (whether referenced in an error report or not) to the global logfile. This can be useful to identify which thread was involved in error reports, as well as general diagnostics for what threads were present during a run. Look for 'NEW THREAD' in the global.pid.log file in the log directory where the results.txt file is found.
- -conservative
default: false
Be conservative whenever reading application memory. When this option is disabled, Dr. Memory may read return addresses and arguments passed to functions without fault-handling code, which gains performance but can sacrifice robustness when running hand-crafted assembly code
- -check_uninit_cmps
default: true
Report definedness errors on compares instead of waiting for conditional jmps.
- -check_uninit_non_moves
default: false
Report definedness errors on any instruction that is not a move. Note: turning this option on may result in false positives, but can also help diagnose errors through earlier error reporting.
- -check_uninit_all
default: false
Report definedness errors on any instruction, rather than the default of waiting until something meaningful is done, which reduces false positives. Note: turning this option on may result in false positives, but can also help diagnose errors through earlier error reporting.
- -stack_swap_threshold <int>
default: 0x9000 (minimum: 256, maximum: INT_MAX)
Stack change amount to consider a swap instead of an allocation or de-allocation on the same stack. Dr. Memory attempts to dynamically tune this value unless it is changed from its default.
- -redzone_size <int>
default: 16 (minimum: 0, maximum: 32*1024)
Buffer on either side of each malloc. This should be a multiple of 8.
- -report_max <int>
default: 20000 (minimum: -1, maximum: INT_MAX)
Maximum non-leak errors to report (-1=no limit).
- -report_leak_max <int>
default: 10000 (minimum: -1, maximum: INT_MAX)
Maximum leaks to report (-1=no limit).
- -batch
default: false
Do not launch notepad with the results file at application exit.
- -summary
default: true
Display process startup information and a summary of errors to stderr at app exit.
- -use_symcache
default: true
Cache results of symbol lookups to speed up future runs
- -symcache_dir <string>
default: "<install>/logs/symcache"
Destination for symbol cache files. When using a unique log directory for each run, symbols will not be shared across runs because the default cache location is inside the log directory. Use this option to set a shared directory.
- -symcache_minsize <int>
default: 1000 (minimum: 0, maximum: UINT_MAX)
Minimum module size to cache symbols for. Note that there's little downside to caching and it is pretty much always better to cache.
- -use_symcache_postcall
default: true
Cache post-call sites to speed up future runs. Requires -use_symcache to be true.
- -warn_null_ptr
default: false
Whether to warn when NULL is passed to free() or realloc().
- -delay_frees <int>
default: 2000 (minimum: 0, maximum: UINT_MAX)
Frees to delay before committing. The larger this number, the greater the likelihood that Dr. Memory will identify use-after-free errors. However, the larger this number, the more memory will be used. This value is separate for each set of allocation routines.
- -delay_frees_maxsz <int>
default: 20000000 (minimum: 0, maximum: UINT_MAX)
Maximum size of frees to delay before committing. The larger this number, the greater the likelihood that Dr. Memory will identify use-after-free errors. However, the larger this number, the more memory will be used. This value is separate for each set of allocation routines.
- -delay_frees_stack
default: false
Record callstacks on free to use when reporting use-after-free or other errors that overlap with freed objects. There is a slight performance hit incurred by this feature for malloc-intensive applications.
- -leaks_only
default: false
Puts Dr. Memory into a leak-check-only mode that has lower overhead but does not detect other types of errors other than invalid frees.
- -check_uninitialized
default: true
Check for uninitialized read errors. When disabled, puts Dr. Memory into a mode that has lower overhead but does not detect definedness errors. Furthermore, the lack of definedness information reduces accuracy of leak identification, resulting in potentially failing to identify some leaks.
- -check_stack_bounds
default: false
Only applies for -no_check_uninitialized. Determines whether to check for beyond-top-of-stack accesses.
- -check_stack_access
default: false
Only applies for -no_check_uninitialized. Determines whether to check for errors on memory references that use esp or ebp as a base. These are normally local variable and function parameter references only, but for optimized or unusual code they could point elsewhere in memory. Checking these incurs additional overhead.
- -check_alignment
default: false
Only applies for -no_check_uninitialized. Determines whether to incur additional overhead in order to handle memory accesses that are not aligned to their size. With this option off, the tool may miss bounds overflows that involve unaligned memory references.
- -fault_to_slowpath
default: true
Only applies for -no_check_uninitialized. Determines whether to use faulting instructions rather than explicit jump-and-link to exit from fastpath to slowpath.
- -check_gdi
default: true
Check for GDI API usage errors. Any errors detected will be reported as errors of type WARNING. Currently this option is only supported on Windows 7.
- -check_delete_mismatch
default: true
Whether to check for free/delete/delete[] mismatches
- -prctl_whitelist <string>
default: ""
If this list is non-empty, when Dr. Memory sees prctl(PR_SET_NAME) and the name is not on the list, then Dr. Memory will disable its instrumentation for the rest of the process and for all of its child processes. The list is ,-separated.
- -auxlib <string>
default: ""
This option should specify the basename of an auxiliary system call handling library found in the same directory as the Dr. Memory client library.
- -analyze_unknown_syscalls
default: true
For unknown syscalls use memory comparison to find output params
- -syscall_dword_granularity
default: true
For unknown syscall comparisons (-analyze_unknown_syscalls), when changes are detected, consider the containing dword to have changed
- -syscall_sentinels
default: false
Use sentinels to detect writes on unknown syscalls and reduce false positives, in particular for uninitialized reads. Can potentially result in incorrect behavior if definedness information is incorrect or application threads read syscall parameter info simultaneously. This option requires -analyze_unknown_syscalls to be enabled.
- -prefer_msize
default: true
Prefer _msize to malloc_usable_size when both are present
- -perturb
default: false
Adds random delays to thread synchronization and other operations to try and increase the chances of catching race conditions.
- -perturb_only
default: false
Adds random delays to thread synchronization and other operations to try and increase the chances of catching race conditions, but disables all memory checking to create a low-overhead tool that executes significantly faster. However, without memory checking race conditions will only be detected if they result in an actual crash or other externally visible change in behavior. When this option is enabled, Dr. Memory will not produce an error summary or results.txt.
- -perturb_max <int>
default: 50 (minimum: 0, maximum: UINT_MAX)
This option sets the maximum delay added by -perturb, in milliseconds for thread operations and in custom units for instruction-level operations. Delays added will be randomly selected from 0 up to -perturb_max.
- -perturb_seed <int>
default: 0 (minimum: 0, maximum: UINT_MAX)
To reproduce the random delays added by -perturb, pass the seed from the logfile from the target run to this option. There may still be non-determinism in the rest of the system, however.
- -light
default: false
This option enables a lightweight mode that detects only critical errors. Currently these include only unaddressable accesses.
- -pattern <int>
default: 0 (minimum: 0, maximum: USHRT_MAX)
Use sentinels to detect accesses on unaddressable regions around allocated heap objects. When this option is enabled, checks for uninitialized read errors will be disabled.
- -leak_scan
default: true
Whether to perform the leak scan. For performance measurement purposes only.