android_bionic/libc/malloc_debug/malloc_debug.cpp

677 lines
20 KiB
C++
Raw Normal View History

Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
/*
* Copyright (C) 2012 The Android Open Source Project
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <errno.h>
#include <inttypes.h>
#include <malloc.h>
#include <string.h>
#include <sys/cdefs.h>
#include <sys/param.h>
#include <unistd.h>
#include <vector>
#include <private/bionic_malloc_dispatch.h>
#include "backtrace.h"
#include "Config.h"
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
#include "DebugData.h"
#include "debug_disable.h"
#include "debug_log.h"
#include "malloc_debug.h"
// ------------------------------------------------------------------------
// Global Data
// ------------------------------------------------------------------------
DebugData* g_debug;
int* g_malloc_zygote_child;
const MallocDispatch* g_dispatch;
// ------------------------------------------------------------------------
// ------------------------------------------------------------------------
// Use C style prototypes for all exported functions. This makes it easy
// to do dlsym lookups during libc initialization when malloc debug
// is enabled.
// ------------------------------------------------------------------------
__BEGIN_DECLS
bool debug_initialize(const MallocDispatch* malloc_dispatch, int* malloc_zygote_child);
void debug_finalize();
void debug_get_malloc_leak_info(
uint8_t** info, size_t* overall_size, size_t* info_size, size_t* total_memory,
size_t* backtrace_size);
ssize_t debug_malloc_backtrace(void* pointer, uintptr_t* frames, size_t frame_count);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
void debug_free_malloc_leak_info(uint8_t* info);
size_t debug_malloc_usable_size(void* pointer);
void* debug_malloc(size_t size);
void debug_free(void* pointer);
void* debug_memalign(size_t alignment, size_t bytes);
void* debug_realloc(void* pointer, size_t bytes);
void* debug_calloc(size_t nmemb, size_t bytes);
struct mallinfo debug_mallinfo();
int debug_posix_memalign(void** memptr, size_t alignment, size_t size);
int debug_iterate(uintptr_t base, size_t size,
void (*callback)(uintptr_t base, size_t size, void* arg), void* arg);
void debug_malloc_disable();
void debug_malloc_enable();
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
#if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
void* debug_pvalloc(size_t bytes);
void* debug_valloc(size_t size);
#endif
__END_DECLS
// ------------------------------------------------------------------------
static void InitAtfork() {
static pthread_once_t atfork_init = PTHREAD_ONCE_INIT;
pthread_once(&atfork_init, [](){
pthread_atfork(
[](){
if (g_debug != nullptr) {
g_debug->PrepareFork();
}
},
[](){
if (g_debug != nullptr) {
g_debug->PostForkParent();
}
},
[](){
if (g_debug != nullptr) {
g_debug->PostForkChild();
}
}
);
});
}
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
static void LogTagError(const Header* header, const void* pointer, const char* name) {
ScopedDisableDebugCalls disable;
error_log(LOG_DIVIDER);
if (header->tag == DEBUG_FREE_TAG) {
error_log("+++ ALLOCATION %p USED AFTER FREE (%s)", pointer, name);
if (g_debug->config().options & FREE_TRACK) {
g_debug->free_track->LogBacktrace(header);
}
} else {
error_log("+++ ALLOCATION %p HAS INVALID TAG %" PRIx32 " (%s)", pointer, header->tag, name);
}
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
error_log("Backtrace at time of failure:");
std::vector<uintptr_t> frames(64);
size_t frame_num = backtrace_get(frames.data(), frames.size());
frames.resize(frame_num);
backtrace_log(frames.data(), frames.size());
error_log(LOG_DIVIDER);
}
static void* InitHeader(Header* header, void* orig_pointer, size_t size) {
header->tag = DEBUG_TAG;
header->orig_pointer = orig_pointer;
header->size = size;
if (*g_malloc_zygote_child) {
header->set_zygote();
}
header->usable_size = g_dispatch->malloc_usable_size(orig_pointer);
if (header->usable_size == 0) {
g_dispatch->free(orig_pointer);
return nullptr;
}
header->usable_size -= g_debug->pointer_offset() +
reinterpret_cast<uintptr_t>(orig_pointer) - reinterpret_cast<uintptr_t>(header);
if (g_debug->config().options & FRONT_GUARD) {
uint8_t* guard = g_debug->GetFrontGuard(header);
memset(guard, g_debug->config().front_guard_value, g_debug->config().front_guard_bytes);
}
if (g_debug->config().options & REAR_GUARD) {
uint8_t* guard = g_debug->GetRearGuard(header);
memset(guard, g_debug->config().rear_guard_value, g_debug->config().rear_guard_bytes);
// If the rear guard is enabled, set the usable size to the exact size
// of the allocation.
header->usable_size = header->real_size();
}
bool backtrace_found = false;
if (g_debug->config().options & BACKTRACE) {
BacktraceHeader* back_header = g_debug->GetAllocBacktrace(header);
if (g_debug->backtrace->enabled()) {
ScopedDisableDebugCalls disable;
back_header->num_frames = backtrace_get(
&back_header->frames[0], g_debug->config().backtrace_frames);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
backtrace_found = back_header->num_frames > 0;
} else {
back_header->num_frames = 0;
}
}
if (g_debug->config().options & TRACK_ALLOCS) {
g_debug->track->Add(header, backtrace_found);
}
return g_debug->GetPointer(header);
}
bool debug_initialize(const MallocDispatch* malloc_dispatch, int* malloc_zygote_child) {
if (malloc_zygote_child == nullptr) {
return false;
}
InitAtfork();
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
g_malloc_zygote_child = malloc_zygote_child;
g_dispatch = malloc_dispatch;
if (!DebugDisableInitialize()) {
return false;
}
DebugData* debug = new DebugData();
if (!debug->Initialize()) {
delete debug;
DebugDisableFinalize();
return false;
}
g_debug = debug;
// Always enable the backtrace code since we will use it in a number
// of different error cases.
backtrace_startup();
return true;
}
void debug_finalize() {
if (g_debug == nullptr) {
return;
}
if (g_debug->config().options & FREE_TRACK) {
g_debug->free_track->VerifyAll(*g_debug);
}
if (g_debug->config().options & LEAK_TRACK) {
g_debug->track->DisplayLeaks(*g_debug);
}
DebugDisableSet(true);
backtrace_shutdown();
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
delete g_debug;
g_debug = nullptr;
DebugDisableFinalize();
}
void debug_get_malloc_leak_info(uint8_t** info, size_t* overall_size,
size_t* info_size, size_t* total_memory, size_t* backtrace_size) {
ScopedDisableDebugCalls disable;
// Verify the arguments.
if (info == nullptr || overall_size == nullptr || info_size == NULL ||
total_memory == nullptr || backtrace_size == nullptr) {
error_log("get_malloc_leak_info: At least one invalid parameter.");
return;
}
*info = nullptr;
*overall_size = 0;
*info_size = 0;
*total_memory = 0;
*backtrace_size = 0;
if (!(g_debug->config().options & BACKTRACE)) {
error_log("get_malloc_leak_info: Allocations not being tracked, to enable "
"set the option 'backtrace'.");
return;
}
g_debug->track->GetInfo(*g_debug, info, overall_size, info_size, total_memory, backtrace_size);
}
void debug_free_malloc_leak_info(uint8_t* info) {
g_dispatch->free(info);
}
size_t debug_malloc_usable_size(void* pointer) {
if (DebugCallsDisabled() || !g_debug->need_header() || pointer == nullptr) {
return g_dispatch->malloc_usable_size(pointer);
}
Header* header = g_debug->GetHeader(pointer);
if (header->tag != DEBUG_TAG) {
LogTagError(header, pointer, "malloc_usable_size");
return 0;
}
return header->usable_size;
}
void* debug_malloc(size_t size) {
if (DebugCallsDisabled()) {
return g_dispatch->malloc(size);
}
size_t real_size = size + g_debug->extra_bytes();
if (real_size < size) {
// Overflow.
errno = ENOMEM;
return nullptr;
}
void* pointer;
if (g_debug->need_header()) {
if (size > Header::max_size()) {
errno = ENOMEM;
return nullptr;
}
Header* header = reinterpret_cast<Header*>(
g_dispatch->memalign(MINIMUM_ALIGNMENT_BYTES, real_size));
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
if (header == nullptr) {
return nullptr;
}
pointer = InitHeader(header, header, size);
} else {
pointer = g_dispatch->malloc(real_size);
}
if (pointer != nullptr && g_debug->config().options & FILL_ON_ALLOC) {
size_t bytes = debug_malloc_usable_size(pointer);
size_t fill_bytes = g_debug->config().fill_on_alloc_bytes;
bytes = (bytes < fill_bytes) ? bytes : fill_bytes;
memset(pointer, g_debug->config().fill_alloc_value, bytes);
}
return pointer;
}
void debug_free(void* pointer) {
if (DebugCallsDisabled() || pointer == nullptr) {
return g_dispatch->free(pointer);
}
void* free_pointer = pointer;
size_t bytes;
if (g_debug->need_header()) {
Header* header = g_debug->GetHeader(pointer);
if (header->tag != DEBUG_TAG) {
LogTagError(header, pointer, "free");
return;
}
free_pointer = header->orig_pointer;
if (g_debug->config().options & FRONT_GUARD) {
if (!g_debug->front_guard->Valid(*g_debug, header)) {
g_debug->front_guard->LogFailure(*g_debug, header);
}
}
if (g_debug->config().options & REAR_GUARD) {
if (!g_debug->rear_guard->Valid(*g_debug, header)) {
g_debug->rear_guard->LogFailure(*g_debug, header);
}
}
if (g_debug->config().options & TRACK_ALLOCS) {
bool backtrace_found = false;
if (g_debug->config().options & BACKTRACE) {
BacktraceHeader* back_header = g_debug->GetAllocBacktrace(header);
backtrace_found = back_header->num_frames > 0;
}
g_debug->track->Remove(header, backtrace_found);
}
if (g_debug->config().options & FREE_TRACK) {
g_debug->free_track->Add(*g_debug, header);
// Do not free this pointer just yet.
free_pointer = nullptr;
}
header->tag = DEBUG_FREE_TAG;
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
bytes = header->usable_size;
} else {
bytes = g_dispatch->malloc_usable_size(pointer);
}
if (g_debug->config().options & FILL_ON_FREE) {
size_t fill_bytes = g_debug->config().fill_on_free_bytes;
bytes = (bytes < fill_bytes) ? bytes : fill_bytes;
memset(pointer, g_debug->config().fill_free_value, bytes);
}
g_dispatch->free(free_pointer);
}
void* debug_memalign(size_t alignment, size_t bytes) {
if (DebugCallsDisabled()) {
return g_dispatch->memalign(alignment, bytes);
}
void* pointer;
if (g_debug->need_header()) {
if (bytes > Header::max_size()) {
errno = ENOMEM;
return nullptr;
}
// Make the alignment a power of two.
if (!powerof2(alignment)) {
alignment = BIONIC_ROUND_UP_POWER_OF_2(alignment);
}
// Force the alignment to at least MINIMUM_ALIGNMENT_BYTES to guarantee
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
// that the header is aligned properly.
if (alignment < MINIMUM_ALIGNMENT_BYTES) {
alignment = MINIMUM_ALIGNMENT_BYTES;
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
}
// We don't have any idea what the natural alignment of
// the underlying native allocator is, so we always need to
// over allocate.
size_t real_size = alignment + bytes + g_debug->extra_bytes();
if (real_size < bytes) {
// Overflow.
errno = ENOMEM;
return nullptr;
}
pointer = g_dispatch->malloc(real_size);
if (pointer == nullptr) {
return nullptr;
}
uintptr_t value = reinterpret_cast<uintptr_t>(pointer) + g_debug->pointer_offset();
// Now align the pointer.
value += (-value % alignment);
Header* header = g_debug->GetHeader(reinterpret_cast<void*>(value));
pointer = InitHeader(header, pointer, bytes);
} else {
size_t real_size = bytes + g_debug->extra_bytes();
if (real_size < bytes) {
// Overflow.
errno = ENOMEM;
return nullptr;
}
pointer = g_dispatch->memalign(alignment, real_size);
}
if (pointer != nullptr && g_debug->config().options & FILL_ON_ALLOC) {
size_t bytes = debug_malloc_usable_size(pointer);
size_t fill_bytes = g_debug->config().fill_on_alloc_bytes;
bytes = (bytes < fill_bytes) ? bytes : fill_bytes;
memset(pointer, g_debug->config().fill_alloc_value, bytes);
}
return pointer;
}
void* debug_realloc(void* pointer, size_t bytes) {
if (DebugCallsDisabled()) {
return g_dispatch->realloc(pointer, bytes);
}
if (pointer == nullptr) {
return debug_malloc(bytes);
}
if (bytes == 0) {
debug_free(pointer);
return nullptr;
}
size_t real_size = bytes;
if (g_debug->config().options & EXPAND_ALLOC) {
real_size += g_debug->config().expand_alloc_bytes;
if (real_size < bytes) {
// Overflow.
errno = ENOMEM;
return nullptr;
}
}
void* new_pointer;
size_t prev_size;
if (g_debug->need_header()) {
if (bytes > Header::max_size()) {
errno = ENOMEM;
return nullptr;
}
Header* header = g_debug->GetHeader(pointer);
if (header->tag != DEBUG_TAG) {
LogTagError(header, pointer, "realloc");
return nullptr;
}
// Same size, do nothing.
if (real_size == header->real_size()) {
return pointer;
}
// Allocation is shrinking.
if (real_size < header->usable_size) {
header->size = real_size;
if (*g_malloc_zygote_child) {
header->set_zygote();
}
if (g_debug->config().options & REAR_GUARD) {
// Don't bother allocating a smaller pointer in this case, simply
// change the header usable_size and reset the rear guard.
header->usable_size = header->real_size();
memset(g_debug->GetRearGuard(header), g_debug->config().rear_guard_value,
g_debug->config().rear_guard_bytes);
}
return pointer;
}
// Allocate the new size.
new_pointer = debug_malloc(bytes);
if (new_pointer == nullptr) {
errno = ENOMEM;
return nullptr;
}
prev_size = header->usable_size;
memcpy(new_pointer, pointer, prev_size);
debug_free(pointer);
} else {
prev_size = g_dispatch->malloc_usable_size(pointer);
new_pointer = g_dispatch->realloc(pointer, real_size);
if (new_pointer == nullptr) {
return nullptr;
}
}
if (g_debug->config().options & FILL_ON_ALLOC) {
size_t bytes = debug_malloc_usable_size(new_pointer);
if (bytes > g_debug->config().fill_on_alloc_bytes) {
bytes = g_debug->config().fill_on_alloc_bytes;
}
if (bytes > prev_size) {
memset(reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(new_pointer) + prev_size),
g_debug->config().fill_alloc_value, bytes - prev_size);
}
}
return new_pointer;
}
void* debug_calloc(size_t nmemb, size_t bytes) {
if (DebugCallsDisabled()) {
return g_dispatch->calloc(nmemb, bytes);
}
size_t real_size = nmemb * bytes + g_debug->extra_bytes();
if (real_size < bytes || real_size < nmemb) {
// Overflow.
errno = ENOMEM;
return nullptr;
}
if (g_debug->need_header()) {
// The above check will guarantee the multiply will not overflow.
if (bytes * nmemb > Header::max_size()) {
errno = ENOMEM;
return nullptr;
}
// Need to guarantee the alignment of the header.
Header* header = reinterpret_cast<Header*>(
g_dispatch->memalign(MINIMUM_ALIGNMENT_BYTES, real_size));
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
if (header == nullptr) {
return nullptr;
}
memset(header, 0, g_dispatch->malloc_usable_size(header));
return InitHeader(header, header, nmemb * bytes);
} else {
return g_dispatch->calloc(1, real_size);
}
}
struct mallinfo debug_mallinfo() {
return g_dispatch->mallinfo();
}
int debug_posix_memalign(void** memptr, size_t alignment, size_t size) {
if (DebugCallsDisabled()) {
return g_dispatch->posix_memalign(memptr, alignment, size);
}
if (!powerof2(alignment)) {
return EINVAL;
}
int saved_errno = errno;
*memptr = debug_memalign(alignment, size);
errno = saved_errno;
return (*memptr != nullptr) ? 0 : ENOMEM;
}
int debug_iterate(uintptr_t base, size_t size,
void (*callback)(uintptr_t base, size_t size, void* arg), void* arg) {
// Can't allocate, malloc is disabled
// Manual capture of the arguments to pass to the lambda below as void* arg
struct iterate_ctx {
decltype(callback) callback;
decltype(arg) arg;
} ctx = { callback, arg };
return g_dispatch->iterate(base, size,
[](uintptr_t base, size_t size, void* arg) {
const iterate_ctx* ctx = reinterpret_cast<iterate_ctx*>(arg);
const void* pointer = reinterpret_cast<void*>(base);
if (g_debug->need_header()) {
const Header* header = reinterpret_cast<const Header*>(pointer);
if (g_debug->config().options & TRACK_ALLOCS) {
if (g_debug->track->Contains(header)) {
// Return just the body of the allocation if we're sure the header exists
ctx->callback(reinterpret_cast<uintptr_t>(g_debug->GetPointer(header)),
header->usable_size, ctx->arg);
return;
}
}
}
// Fall back to returning the whole allocation
ctx->callback(base, size, ctx->arg);
}, &ctx);
}
void debug_malloc_disable() {
g_dispatch->malloc_disable();
if (g_debug->track) {
g_debug->track->PrepareFork();
}
}
void debug_malloc_enable() {
if (g_debug->track) {
g_debug->track->PostForkParent();
}
g_dispatch->malloc_enable();
}
ssize_t debug_malloc_backtrace(void* pointer, uintptr_t* frames, size_t frame_count) {
if (DebugCallsDisabled() || pointer == nullptr) {
return 0;
}
if (g_debug->need_header()) {
Header* header;
if (g_debug->config().options & TRACK_ALLOCS) {
header = g_debug->GetHeader(pointer);
if (!g_debug->track->Contains(header)) {
return 0;
}
} else {
header = reinterpret_cast<Header*>(pointer);
}
if (header->tag != DEBUG_TAG) {
return 0;
}
if (g_debug->config().options & BACKTRACE) {
BacktraceHeader* back_header = g_debug->GetAllocBacktrace(header);
if (back_header->num_frames > 0) {
if (frame_count > back_header->num_frames) {
frame_count = back_header->num_frames;
}
memcpy(frames, &back_header->frames[0], frame_count * sizeof(uintptr_t));
return frame_count;
}
}
}
return 0;
}
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 01:30:32 +00:00
#if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
void* debug_pvalloc(size_t bytes) {
if (DebugCallsDisabled()) {
return g_dispatch->pvalloc(bytes);
}
size_t pagesize = getpagesize();
size_t size = BIONIC_ALIGN(bytes, pagesize);
if (size < bytes) {
// Overflow
errno = ENOMEM;
return nullptr;
}
return debug_memalign(pagesize, size);
}
void* debug_valloc(size_t size) {
if (DebugCallsDisabled()) {
return g_dispatch->valloc(size);
}
return debug_memalign(getpagesize(), size);
}
#endif