A recent change
(https://android-review.googlesource.com/c/platform/bionic/+/961601)
caused this test to fail. This change allowed LLVM to optimize what was
previously `__write_chk` into a standard call to `write`.
LLVM knows things about `write`. In particular, it knows that `write`
doesn't capture its buffer param, which `Ref` assumes isn't possible.
LLVM can't reason much about `volatile` operations; storing this to a
`volatile` ptr should be good enough. If not, there are a few other
tricks we can play here.
Bug: 133479661
Test: `atest
memunreachable_test:memunreachable_test.MemunreachableTest#stack --
--abi x86` on internal-master
Change-Id: I905e510210cafdf83fa1b50f2f090d4f8b9653da
vendor_available: true means that some prebuilts will end up with
references to classes defined in memunreachable.h. Add version
numbers and reserved fields to the classes and default initialize
everything to zero.
Bug: 132302484
Test: memunreachable_unit_test
Change-Id: Ic183fcc766acd2c4c7dc62efafcc2c75a636e407
Bug 120032857 is seeing what appears to be allocations with incorrect
end addresses, leading to a much later crash when it tries to map
a zero page outside the valid virtual address space. Detect allocations
that extend outside the highest or lowest memory mapping and crash
immediately instead.
Test: memunreachable_test
Bug: 120032857
Change-Id: I9be670a025143e7078360a6bf7a83219279614d9
There's still <cutils/atomic.h> in a test, but I don't understand why
that isn't just std::atomic.
Also add a shared tgkill wrapper to libbase.
Bug: N/A
Test: ran tests
Change-Id: Idd4baa1e1670a84b3a8f35803cc5ffe5aae008a6
For some reason, the memunreachable tests are rock solid on the
devices covered by APCT, but catch a ton of false-negatives on
hikey960, which show up as failures that look like:
system/core/libmemunreachable/tests/MemUnreachable_test.cpp:200: Failure
Expected equality of these values:
1U
Which is: 1
info.leaks.size()
Which is: 0
These happen when a stray copy of a pointer is lying around that
points to the memory it is expected to leak. The stray pointers
can be on the stack or in the jemalloc thread cache of freed
allocations, which is always considered active memory.
Add some extra cleanups to get rid of old pointers.
1. Clear the tcache when destructing UnreachableMemoryInfo
2. Clear the stack and tcache before and after each test
3. Make MemunreachbleTest.twice match MemunreachableTest.stack
Also fix MemunreachableTest.notdumpable, which was only passing
when run as root, which was bypassing what the test was trying
to cover. Make the test pass when run as non-root, and skip
when the test is running as root.
Bug: 79701104
Test: memunreachable_test
Test: memunreachable_test as root
Change-Id: Ia6c6df11e76405d08118afcc19c1fe80a6684c56
Link statically against libmemunreachable to avoid runtime
dependency on libmemunreachable.so.
Provide a better error when run as non-root.
Rename the test to MemunreachableBinderTest.
Add comments explaining the test sequence.
Bug: 28275695
Test: memunreachable_binder_test
Change-Id: Iddfba636205b7ca3ad31a6ba2c4e85abadd32d0d
The static analyzer complains that this memory is leaked regardless of
how I try to work around it (unless we escape the memory by using a
global or something, but...). Basically, as long as there's some sort
of operation on the reinterpret_cast'ed pointer, it complains. If we
remove the bitwise negations, it doesn't. Doing so would presumably
defeat the purpose of this test, though, so add a NOLINT.
Bug: 27101951
Test: mma. No more static analyzer warning for this file.
Change-Id: If9008946a2145d17b8651535141bfd7ec9224739
The static analyzer was complaining that we were potentially leaking
memory here (in `ASSERT_NE(ptr, nullptr)` after `new (char)`). This
wasn't correct, but it's also not possible for `new` to return nullptr
without std::nothrow.
In any case, swap to direct calls to `::operator new`, since it looks
like this test explicitly wants calls to `::operator new` to be emitted
(which the C++ standard doesn't guarantee for all `new` expressions).
Bug: 27101951
Test: mma; static analyzer warnings are gone. Also ran
memunreachable_test on marlin; no failures.
Change-Id: Ia740e41079f263040da978ba1ccc71c9c39f53fd
The kernel can hold references to binder objects that have no userspace
references. Allow libmemunreachable to call into libbinder and
libhwbinder to get lists of kernel references. Use undefined weak
symbols so that libmemunreachable will continue to work in processes
that do not have libbinder.
Test: memunreachable_binder_test
Bug: 28275695
Change-Id: I9eae73f2a51a49a7025ffe6309ccdc2693a2391b
The stack test puts a pointer to an allocation on the stack, checks
that there are no leaks, then lets it go out of scope and checks
that libmemunreachable can find a leak. This works on arm64, but
on arm32 the pointer on the stack doesn't get overwitten and the
leak is not detected. Rewrite the pointer to be NULL instead.
Test: memunreachable_test
Change-Id: I5959a34cbb572a5d8670270077a85d247a3a4880
Putting libmemunreachable in the global C++ namespace was an oversight,
move it into namespace android.
Test: m -j checkbuild
Change-Id: I0799906f6463178cb04a719bb4054cad33a50dbe
Vendor blobs on ryu mprotect heap pages, causing segfaults when dumping
unreachable memory. Handle segfaults within HeapWalker by mapping a
zero page over any unreadable pages. HeapWalker runs in the forked
process, so the mapping will not affect the original process.
Bug: 28269332
Change-Id: I16245af722123f2ad467cbc6f245a70666c55544
(cherry picked from commit ba5d9ff6d9)
Combine similar leaks (those with identical stack traces) into a single
leak report, and sort the resulting leaks by total leak size across all
similar leaks and their references.
Bug: 27208635
Change-Id: Ia2bf2ccf3fcbc110d1c7ba60e3b77348d1c63d8d
(cherry picked from commit 7a22e81c20)
Find leaks that have no references at all, or are only referenced by
other leaks in the same strongly connected component, and hide all
referenced leaks.
Bug: 27208635
Change-Id: Ifbfd14e24e2ba0f8af7c1b887e57f34362720f2d
(cherry picked from commit 8e8f34c558)
Compile some tests for the host to ease debugging with valgrind or gdb.
Bug: 27208635
Change-Id: Ib46fcfa333ceb721f26efca00b2fa60b9fba44e6
(cherry picked from commit b8e20f557f)
libmemunreachable uses an imprecise mark and sweep pass over all memory
allocated by jemalloc in order to find unreachable allocations.
Change-Id: Ia70bbf31f5b40ff71dab28cfd6cd06c5ef01a2d4
