platform_bionic/libc/malloc_debug/Config.h

179 lines
7.2 KiB
C
Raw Normal View History

bionic: import heaptracker as chk_malloc This patch is a rewrite of libc.debug.malloc = 10 (chk_malloc). It provides the same features as the original (poison freed memory, detect heap overruns and underruns), except that it provides more debugging information whenever it detects a problem. In addition to the original features, the new chk_malloc() implementation detects multiple frees within a given range of the last N allocations, N being configurable via the system property libc.debug.malloc.backlog. Finally, this patch keeps track of all outstanding memory allocations. On program exit, we walk that list and report each outstanding allocation. (There is support (not enabled) for a scanner thread periodically walks over the list of outstanding allocations as well as the backlog of recently-freed allocations, checking for heap-usage errors.) Feature overview: 1) memory leaks 2) multiple frees 3) use after free 4) overrun Implementation: -- for each allocation, there is a: 1) stack trace at the time the allocation is made 2) if the memory is freed, there is also a stack trace at the point 3) a front and rear guard (fence) 4) the stack traces are kept together with the allocation -- the following lists and maintained 1) all outstanding memory allocations 3) a backlog of allocations what are freed; when you call free(), instead of actually freed, the allocation is moved to this backlog; 4) when the backlog of allocations gets full, the oldest entry gets evicted from it; at that point, the allocation is checked for overruns or use-after-free errors, and then actually freed. 5) when the program exits, the list of outstanding allocations and the backlog are inspected for errors, then freed; To use this, set the following system properties before running the process or processes you want to inspect: libc.malloc.debug.backlog # defaults to 100 libc.malloc.debug 10 When a problem is detected, you will see the following on logcat for a multiple free: E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 BYTES MULTIPLY FREED! E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 4009647c /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 FIRST FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 40096490 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 NOW BEING FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c6ac /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 400964a0 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so The following for a heap overrun and underrun: E/libc ( 7233): +++ REAR GUARD MISMATCH [10, 11) E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 HAS A CORRUPTED REAR GUARD E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 40096438 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 40096462 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 HAS A CORRUPTED FRONT GUARD E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 400964ba /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 400964e4 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so The following for a memory leak: E/libc ( 7233): +++ THERE ARE 1 LEAKED ALLOCATIONS E/libc ( 7233): +++ DELETING 4096 BYTES OF LEAKED MEMORY AT 0x404b95e8 (1 REMAINING) E/libc ( 7233): +++ ALLOCATION 0x404b95e8 SIZE 4096 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 0001bc94 /system/lib/libc.so E/libc ( 7233): #04 pc 0001edf6 /system/lib/libc.so E/libc ( 7233): #05 pc 0001b80a /system/lib/libc.so E/libc ( 7233): #06 pc 0001c086 /system/lib/libc.so E/libc ( 7233): #07 pc 40096402 /system/bin/malloctest E/libc ( 7233): #08 pc 00016f24 /system/lib/libc.so Change-Id: Ic440e9d05a01e2ea86b25e8998714e88bc2d16e0 Signed-off-by: Iliyan Malchev <malchev@google.com>
2012-05-29 23:22:42 +02:00
/*
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
* Copyright (C) 2015 The Android Open Source Project
bionic: import heaptracker as chk_malloc This patch is a rewrite of libc.debug.malloc = 10 (chk_malloc). It provides the same features as the original (poison freed memory, detect heap overruns and underruns), except that it provides more debugging information whenever it detects a problem. In addition to the original features, the new chk_malloc() implementation detects multiple frees within a given range of the last N allocations, N being configurable via the system property libc.debug.malloc.backlog. Finally, this patch keeps track of all outstanding memory allocations. On program exit, we walk that list and report each outstanding allocation. (There is support (not enabled) for a scanner thread periodically walks over the list of outstanding allocations as well as the backlog of recently-freed allocations, checking for heap-usage errors.) Feature overview: 1) memory leaks 2) multiple frees 3) use after free 4) overrun Implementation: -- for each allocation, there is a: 1) stack trace at the time the allocation is made 2) if the memory is freed, there is also a stack trace at the point 3) a front and rear guard (fence) 4) the stack traces are kept together with the allocation -- the following lists and maintained 1) all outstanding memory allocations 3) a backlog of allocations what are freed; when you call free(), instead of actually freed, the allocation is moved to this backlog; 4) when the backlog of allocations gets full, the oldest entry gets evicted from it; at that point, the allocation is checked for overruns or use-after-free errors, and then actually freed. 5) when the program exits, the list of outstanding allocations and the backlog are inspected for errors, then freed; To use this, set the following system properties before running the process or processes you want to inspect: libc.malloc.debug.backlog # defaults to 100 libc.malloc.debug 10 When a problem is detected, you will see the following on logcat for a multiple free: E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 BYTES MULTIPLY FREED! E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 4009647c /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 FIRST FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 40096490 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 NOW BEING FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c6ac /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 400964a0 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so The following for a heap overrun and underrun: E/libc ( 7233): +++ REAR GUARD MISMATCH [10, 11) E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 HAS A CORRUPTED REAR GUARD E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 40096438 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 40096462 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 HAS A CORRUPTED FRONT GUARD E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 400964ba /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 400964e4 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so The following for a memory leak: E/libc ( 7233): +++ THERE ARE 1 LEAKED ALLOCATIONS E/libc ( 7233): +++ DELETING 4096 BYTES OF LEAKED MEMORY AT 0x404b95e8 (1 REMAINING) E/libc ( 7233): +++ ALLOCATION 0x404b95e8 SIZE 4096 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 0001bc94 /system/lib/libc.so E/libc ( 7233): #04 pc 0001edf6 /system/lib/libc.so E/libc ( 7233): #05 pc 0001b80a /system/lib/libc.so E/libc ( 7233): #06 pc 0001c086 /system/lib/libc.so E/libc ( 7233): #07 pc 40096402 /system/bin/malloctest E/libc ( 7233): #08 pc 00016f24 /system/lib/libc.so Change-Id: Ic440e9d05a01e2ea86b25e8998714e88bc2d16e0 Signed-off-by: Iliyan Malchev <malchev@google.com>
2012-05-29 23:22:42 +02:00
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#pragma once
bionic: import heaptracker as chk_malloc This patch is a rewrite of libc.debug.malloc = 10 (chk_malloc). It provides the same features as the original (poison freed memory, detect heap overruns and underruns), except that it provides more debugging information whenever it detects a problem. In addition to the original features, the new chk_malloc() implementation detects multiple frees within a given range of the last N allocations, N being configurable via the system property libc.debug.malloc.backlog. Finally, this patch keeps track of all outstanding memory allocations. On program exit, we walk that list and report each outstanding allocation. (There is support (not enabled) for a scanner thread periodically walks over the list of outstanding allocations as well as the backlog of recently-freed allocations, checking for heap-usage errors.) Feature overview: 1) memory leaks 2) multiple frees 3) use after free 4) overrun Implementation: -- for each allocation, there is a: 1) stack trace at the time the allocation is made 2) if the memory is freed, there is also a stack trace at the point 3) a front and rear guard (fence) 4) the stack traces are kept together with the allocation -- the following lists and maintained 1) all outstanding memory allocations 3) a backlog of allocations what are freed; when you call free(), instead of actually freed, the allocation is moved to this backlog; 4) when the backlog of allocations gets full, the oldest entry gets evicted from it; at that point, the allocation is checked for overruns or use-after-free errors, and then actually freed. 5) when the program exits, the list of outstanding allocations and the backlog are inspected for errors, then freed; To use this, set the following system properties before running the process or processes you want to inspect: libc.malloc.debug.backlog # defaults to 100 libc.malloc.debug 10 When a problem is detected, you will see the following on logcat for a multiple free: E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 BYTES MULTIPLY FREED! E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 4009647c /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 FIRST FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 40096490 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 NOW BEING FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c6ac /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 400964a0 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so The following for a heap overrun and underrun: E/libc ( 7233): +++ REAR GUARD MISMATCH [10, 11) E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 HAS A CORRUPTED REAR GUARD E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 40096438 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 40096462 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 HAS A CORRUPTED FRONT GUARD E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 400964ba /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 400964e4 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so The following for a memory leak: E/libc ( 7233): +++ THERE ARE 1 LEAKED ALLOCATIONS E/libc ( 7233): +++ DELETING 4096 BYTES OF LEAKED MEMORY AT 0x404b95e8 (1 REMAINING) E/libc ( 7233): +++ ALLOCATION 0x404b95e8 SIZE 4096 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 0001bc94 /system/lib/libc.so E/libc ( 7233): #04 pc 0001edf6 /system/lib/libc.so E/libc ( 7233): #05 pc 0001b80a /system/lib/libc.so E/libc ( 7233): #06 pc 0001c086 /system/lib/libc.so E/libc ( 7233): #07 pc 40096402 /system/bin/malloctest E/libc ( 7233): #08 pc 00016f24 /system/lib/libc.so Change-Id: Ic440e9d05a01e2ea86b25e8998714e88bc2d16e0 Signed-off-by: Iliyan Malchev <malchev@google.com>
2012-05-29 23:22:42 +02:00
#include <stdint.h>
bionic: import heaptracker as chk_malloc This patch is a rewrite of libc.debug.malloc = 10 (chk_malloc). It provides the same features as the original (poison freed memory, detect heap overruns and underruns), except that it provides more debugging information whenever it detects a problem. In addition to the original features, the new chk_malloc() implementation detects multiple frees within a given range of the last N allocations, N being configurable via the system property libc.debug.malloc.backlog. Finally, this patch keeps track of all outstanding memory allocations. On program exit, we walk that list and report each outstanding allocation. (There is support (not enabled) for a scanner thread periodically walks over the list of outstanding allocations as well as the backlog of recently-freed allocations, checking for heap-usage errors.) Feature overview: 1) memory leaks 2) multiple frees 3) use after free 4) overrun Implementation: -- for each allocation, there is a: 1) stack trace at the time the allocation is made 2) if the memory is freed, there is also a stack trace at the point 3) a front and rear guard (fence) 4) the stack traces are kept together with the allocation -- the following lists and maintained 1) all outstanding memory allocations 3) a backlog of allocations what are freed; when you call free(), instead of actually freed, the allocation is moved to this backlog; 4) when the backlog of allocations gets full, the oldest entry gets evicted from it; at that point, the allocation is checked for overruns or use-after-free errors, and then actually freed. 5) when the program exits, the list of outstanding allocations and the backlog are inspected for errors, then freed; To use this, set the following system properties before running the process or processes you want to inspect: libc.malloc.debug.backlog # defaults to 100 libc.malloc.debug 10 When a problem is detected, you will see the following on logcat for a multiple free: E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 BYTES MULTIPLY FREED! E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 4009647c /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 FIRST FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 40096490 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 NOW BEING FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c6ac /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 400964a0 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so The following for a heap overrun and underrun: E/libc ( 7233): +++ REAR GUARD MISMATCH [10, 11) E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 HAS A CORRUPTED REAR GUARD E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 40096438 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 40096462 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 HAS A CORRUPTED FRONT GUARD E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 400964ba /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 400964e4 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so The following for a memory leak: E/libc ( 7233): +++ THERE ARE 1 LEAKED ALLOCATIONS E/libc ( 7233): +++ DELETING 4096 BYTES OF LEAKED MEMORY AT 0x404b95e8 (1 REMAINING) E/libc ( 7233): +++ ALLOCATION 0x404b95e8 SIZE 4096 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 0001bc94 /system/lib/libc.so E/libc ( 7233): #04 pc 0001edf6 /system/lib/libc.so E/libc ( 7233): #05 pc 0001b80a /system/lib/libc.so E/libc ( 7233): #06 pc 0001c086 /system/lib/libc.so E/libc ( 7233): #07 pc 40096402 /system/bin/malloctest E/libc ( 7233): #08 pc 00016f24 /system/lib/libc.so Change-Id: Ic440e9d05a01e2ea86b25e8998714e88bc2d16e0 Signed-off-by: Iliyan Malchev <malchev@google.com>
2012-05-29 23:22:42 +02:00
#include <string>
#include <unordered_map>
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
constexpr uint64_t FRONT_GUARD = 0x1;
constexpr uint64_t REAR_GUARD = 0x2;
constexpr uint64_t BACKTRACE = 0x4;
constexpr uint64_t FILL_ON_ALLOC = 0x8;
constexpr uint64_t FILL_ON_FREE = 0x10;
constexpr uint64_t EXPAND_ALLOC = 0x20;
constexpr uint64_t FREE_TRACK = 0x40;
constexpr uint64_t TRACK_ALLOCS = 0x80;
constexpr uint64_t LEAK_TRACK = 0x100;
constexpr uint64_t RECORD_ALLOCS = 0x200;
constexpr uint64_t BACKTRACE_FULL = 0x400;
constexpr uint64_t ABORT_ON_ERROR = 0x800;
constexpr uint64_t VERBOSE = 0x1000;
constexpr uint64_t CHECK_UNREACHABLE_ON_SIGNAL = 0x2000;
constexpr uint64_t BACKTRACE_SPECIFIC_SIZES = 0x4000;
// In order to guarantee posix compliance, set the minimum alignment
// to 8 bytes for 32 bit systems and 16 bytes for 64 bit systems.
#if defined(__LP64__)
constexpr size_t MINIMUM_ALIGNMENT_BYTES = 16;
#else
constexpr size_t MINIMUM_ALIGNMENT_BYTES = 8;
#endif
// If one or more of these options is set, then a special header is needed.
constexpr uint64_t HEADER_OPTIONS = FRONT_GUARD | REAR_GUARD;
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
class Config {
public:
bool Init(const char* options_str);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
void LogUsage() const;
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
uint64_t options() const { return options_; }
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
int backtrace_signal() const { return backtrace_signal_; }
int backtrace_dump_signal() const { return backtrace_dump_signal_; }
size_t backtrace_frames() const { return backtrace_frames_; }
size_t backtrace_enabled() const { return backtrace_enabled_; }
size_t backtrace_enable_on_signal() const { return backtrace_enable_on_signal_; }
bool backtrace_dump_on_exit() const { return backtrace_dump_on_exit_; }
const std::string& backtrace_dump_prefix() const { return backtrace_dump_prefix_; }
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
size_t front_guard_bytes() const { return front_guard_bytes_; }
size_t rear_guard_bytes() const { return rear_guard_bytes_; }
uint8_t front_guard_value() const { return front_guard_value_; }
uint8_t rear_guard_value() const { return rear_guard_value_; }
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
size_t expand_alloc_bytes() const { return expand_alloc_bytes_; }
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
size_t free_track_allocations() const { return free_track_allocations_; }
size_t free_track_backtrace_num_frames() const { return free_track_backtrace_num_frames_; }
size_t fill_on_alloc_bytes() const { return fill_on_alloc_bytes_; }
size_t fill_on_free_bytes() const { return fill_on_free_bytes_; }
uint8_t fill_alloc_value() const { return fill_alloc_value_; }
uint8_t fill_free_value() const { return fill_free_value_; }
size_t backtrace_min_size_bytes() const { return backtrace_min_size_bytes_; }
size_t backtrace_max_size_bytes() const { return backtrace_max_size_bytes_; }
int record_allocs_signal() const { return record_allocs_signal_; }
size_t record_allocs_num_entries() const { return record_allocs_num_entries_; }
const std::string& record_allocs_file() const { return record_allocs_file_; }
int check_unreachable_signal() const { return check_unreachable_signal_; }
private:
struct OptionInfo {
uint64_t option;
bool (Config::*process_func)(const std::string&, const std::string&);
};
bool ParseValue(const std::string& option, const std::string& value, size_t default_value,
size_t min_value, size_t max_value, size_t* new_value) const;
bool ParseValue(const std::string& option, const std::string& value, size_t min_value,
size_t max_value, size_t* parsed_value) const;
bool SetGuard(const std::string& option, const std::string& value);
bool SetFrontGuard(const std::string& option, const std::string& value);
bool SetRearGuard(const std::string& option, const std::string& value);
bool SetFill(const std::string& option, const std::string& value);
bool SetFillOnAlloc(const std::string& option, const std::string& value);
bool SetFillOnFree(const std::string& option, const std::string& value);
bool SetBacktrace(const std::string& option, const std::string& value);
bool SetBacktraceEnableOnSignal(const std::string& option, const std::string& value);
bool SetBacktraceDumpOnExit(const std::string& option, const std::string& value);
bool SetBacktraceDumpPrefix(const std::string& option, const std::string& value);
bool SetBacktraceSize(const std::string& option, const std::string& value);
bool SetBacktraceMinSize(const std::string& option, const std::string& value);
bool SetBacktraceMaxSize(const std::string& option, const std::string& value);
bool SetExpandAlloc(const std::string& option, const std::string& value);
bool SetFreeTrack(const std::string& option, const std::string& value);
bool SetFreeTrackBacktraceNumFrames(const std::string& option, const std::string& value);
bool SetRecordAllocs(const std::string& option, const std::string& value);
bool SetRecordAllocsFile(const std::string& option, const std::string& value);
bool VerifyValueEmpty(const std::string& option, const std::string& value);
static bool GetOption(const char** option_str, std::string* option, std::string* value);
const static std::unordered_map<std::string, OptionInfo> kOptions;
size_t front_guard_bytes_ = 0;
size_t rear_guard_bytes_ = 0;
bool backtrace_enable_on_signal_ = false;
int backtrace_signal_ = 0;
int backtrace_dump_signal_ = 0;
bool backtrace_enabled_ = false;
size_t backtrace_frames_ = 0;
bool backtrace_dump_on_exit_ = false;
std::string backtrace_dump_prefix_;
size_t backtrace_min_size_bytes_ = 0;
size_t backtrace_max_size_bytes_ = 0;
size_t fill_on_alloc_bytes_ = 0;
size_t fill_on_free_bytes_ = 0;
size_t expand_alloc_bytes_ = 0;
size_t free_track_allocations_ = 0;
size_t free_track_backtrace_num_frames_ = 0;
int record_allocs_signal_ = 0;
size_t record_allocs_num_entries_ = 0;
std::string record_allocs_file_;
uint64_t options_ = 0;
uint8_t fill_alloc_value_;
uint8_t fill_free_value_;
uint8_t front_guard_value_;
uint8_t rear_guard_value_;
int check_unreachable_signal_ = 0;
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
};