android_bionic/libc/malloc_debug/GuardData.cpp

102 lines
3.9 KiB
C++
Raw Normal View History

Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
/*
* Copyright (C) 2015 The Android Open Source Project
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <stdint.h>
#include <string.h>
#include <vector>
#include "backtrace.h"
#include "Config.h"
#include "debug_disable.h"
#include "debug_log.h"
#include "DebugData.h"
#include "malloc_debug.h"
#include "GuardData.h"
GuardData::GuardData(int init_value, size_t num_bytes) {
// Create a buffer for fast comparisons of the front guard.
cmp_mem_.resize(num_bytes);
memset(cmp_mem_.data(), init_value, cmp_mem_.size());
}
void GuardData::LogFailure(const Header* header, const void* pointer, const void* data) {
ScopedDisableDebugCalls disable;
error_log(LOG_DIVIDER);
error_log("+++ ALLOCATION %p SIZE %zu HAS A CORRUPTED %s GUARD", pointer,
header->real_size(), GetTypeName());
// Log all of the failing bytes.
const uint8_t* expected = cmp_mem_.data();
int pointer_idx = reinterpret_cast<uintptr_t>(data) - reinterpret_cast<uintptr_t>(pointer);
const uint8_t* real = reinterpret_cast<const uint8_t*>(data);
for (size_t i = 0; i < cmp_mem_.size(); i++, pointer_idx++) {
if (real[i] != expected[i]) {
error_log(" pointer[%d] = 0x%02x (expected 0x%02x)", pointer_idx, real[i], expected[i]);
}
}
error_log("Backtrace at time of failure:");
std::vector<uintptr_t> frames(64);
size_t frame_num = backtrace_get(frames.data(), frames.size());
frames.resize(frame_num);
backtrace_log(frames.data(), frames.size());
error_log(LOG_DIVIDER);
}
FrontGuardData::FrontGuardData(const Config& config, size_t* offset)
: GuardData(config.front_guard_value, config.front_guard_bytes) {
// Create a buffer for fast comparisons of the front guard.
cmp_mem_.resize(config.front_guard_bytes);
memset(cmp_mem_.data(), config.front_guard_value, cmp_mem_.size());
// Assumes that front_bytes is a multiple of MINIMUM_ALIGNMENT_BYTES.
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
offset_ = *offset;
*offset += config.front_guard_bytes;
}
bool FrontGuardData::Valid(DebugData& debug, const Header* header) {
return GuardData::Valid(debug.GetFrontGuard(header));
}
void FrontGuardData::LogFailure(DebugData& debug, const Header* header) {
GuardData::LogFailure(header, debug.GetPointer(header), debug.GetFrontGuard(header));
}
RearGuardData::RearGuardData(const Config& config)
: GuardData(config.rear_guard_value, config.rear_guard_bytes) {
}
bool RearGuardData::Valid(DebugData& debug, const Header* header) {
return GuardData::Valid(debug.GetRearGuard(header));
}
void RearGuardData::LogFailure(DebugData& debug, const Header* header) {
GuardData::LogFailure(header, debug.GetPointer(header), debug.GetRearGuard(header));
}