Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 43f29072a974a4e57a519a098b6e81a1027eb77c / . / libmemunreachable / HeapWalker.cpp
blob: 7cae048691c51dcdcba1bd91964bbca1dd33c14b [file] [log] [blame]
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]17#include <errno.h>
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]18#include <inttypes.h>
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]19#include <sys/mman.h>
20#include <unistd.h>
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]21
22#include <map>
23#include <utility>
24
25#include "Allocator.h"
26#include "HeapWalker.h"
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]27#include "LeakFolding.h"
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]28#include "ScopedSignalHandler.h"
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]29#include "log.h"
30
Colin Crossa9939e92017-06-21 13:13:00 -0700[diff] [blame]31namespace android {
32
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]33bool HeapWalker::Allocation(uintptr_t begin, uintptr_t end) {
34 if (end == begin) {
35 end = begin + 1;
36 }
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]37 Range range{begin, end};
Colin Cross3ca19762018-11-28 17:01:59 -0800[diff] [blame]38 if (valid_mappings_range_.end != 0 &&
39 (begin < valid_mappings_range_.begin || end > valid_mappings_range_.end)) {
40 MEM_LOG_ALWAYS_FATAL("allocation %p-%p is outside mapping range %p-%p",
41 reinterpret_cast<void*>(begin), reinterpret_cast<void*>(end),
42 reinterpret_cast<void*>(valid_mappings_range_.begin),
43 reinterpret_cast<void*>(valid_mappings_range_.end));
44 }
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]45 auto inserted = allocations_.insert(std::pair<Range, AllocationInfo>(range, AllocationInfo{}));
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]46 if (inserted.second) {
47 valid_allocations_range_.begin = std::min(valid_allocations_range_.begin, begin);
48 valid_allocations_range_.end = std::max(valid_allocations_range_.end, end);
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]49 allocation_bytes_ += range.size();
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]50 return true;
51 } else {
52 Range overlap = inserted.first->first;
Colin Crosscecd6402016-04-26 17:10:04 -0700[diff] [blame]53 if (overlap != range) {
Christopher Ferris47dea712017-05-03 17:34:29 -0700[diff] [blame]54 MEM_ALOGE("range %p-%p overlaps with existing range %p-%p", reinterpret_cast<void*>(begin),
55 reinterpret_cast<void*>(end), reinterpret_cast<void*>(overlap.begin),
56 reinterpret_cast<void*>(overlap.end));
Colin Crosscecd6402016-04-26 17:10:04 -0700[diff] [blame]57 }
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]58 return false;
59 }
60}
61
Evgenii Stepanov3e1c6042019-03-19 17:17:47 -0700[diff] [blame]62// Sanitizers may consider certain memory inaccessible through certain pointers.
63// With MTE this will need to use unchecked instructions or disable tag checking globally.
64static uintptr_t ReadWordAtAddressUnsafe(uintptr_t word_ptr)
65 __attribute__((no_sanitize("address", "hwaddress"))) {
66 return *reinterpret_cast<uintptr_t*>(word_ptr);
67}
68
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]69bool HeapWalker::WordContainsAllocationPtr(uintptr_t word_ptr, Range* range, AllocationInfo** info) {
70 walking_ptr_ = word_ptr;
71 // This access may segfault if the process under test has done something strange,
72 // for example mprotect(PROT_NONE) on a native heap page. If so, it will be
73 // caught and handled by mmaping a zero page over the faulting page.
Evgenii Stepanov3e1c6042019-03-19 17:17:47 -0700[diff] [blame]74 uintptr_t value = ReadWordAtAddressUnsafe(word_ptr);
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]75 walking_ptr_ = 0;
76 if (value >= valid_allocations_range_.begin && value < valid_allocations_range_.end) {
77 AllocationMap::iterator it = allocations_.find(Range{value, value + 1});
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]78 if (it != allocations_.end()) {
79 *range = it->first;
80 *info = &it->second;
81 return true;
82 }
83 }
84 return false;
85}
86
87void HeapWalker::RecurseRoot(const Range& root) {
88 allocator::vector<Range> to_do(1, root, allocator_);
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]89 while (!to_do.empty()) {
90 Range range = to_do.back();
91 to_do.pop_back();
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]92
Colin Crossd780dcb2018-11-27 16:14:53 -0800[diff] [blame]93 walking_range_ = range;
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]94 ForEachPtrInRange(range, [&](Range& ref_range, AllocationInfo* ref_info) {
95 if (!ref_info->referenced_from_root) {
96 ref_info->referenced_from_root = true;
97 to_do.push_back(ref_range);
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]98 }
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]99 });
Colin Crossd780dcb2018-11-27 16:14:53 -0800[diff] [blame]100 walking_range_ = Range{0, 0};
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]101 }
102}
103
Colin Cross3ca19762018-11-28 17:01:59 -0800[diff] [blame]104void HeapWalker::Mapping(uintptr_t begin, uintptr_t end) {
105 valid_mappings_range_.begin = std::min(valid_mappings_range_.begin, begin);
106 valid_mappings_range_.end = std::max(valid_mappings_range_.end, end);
107}
108
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]109void HeapWalker::Root(uintptr_t begin, uintptr_t end) {
110 roots_.push_back(Range{begin, end});
111}
112
113void HeapWalker::Root(const allocator::vector<uintptr_t>& vals) {
114 root_vals_.insert(root_vals_.end(), vals.begin(), vals.end());
115}
116
117size_t HeapWalker::Allocations() {
118 return allocations_.size();
119}
120
121size_t HeapWalker::AllocationBytes() {
122 return allocation_bytes_;
123}
124
125bool HeapWalker::DetectLeaks() {
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]126 // Recursively walk pointers from roots to mark referenced allocations
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]127 for (auto it = roots_.begin(); it != roots_.end(); it++) {
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]128 RecurseRoot(*it);
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]129 }
130
131 Range vals;
132 vals.begin = reinterpret_cast<uintptr_t>(root_vals_.data());
133 vals.end = vals.begin + root_vals_.size() * sizeof(uintptr_t);
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]134
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]135 RecurseRoot(vals);
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]136
Colin Crossd780dcb2018-11-27 16:14:53 -0800[diff] [blame]137 if (segv_page_count_ > 0) {
138 MEM_ALOGE("%zu pages skipped due to segfaults", segv_page_count_);
139 }
140
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]141 return true;
142}
143
Colin Crossa83881e2017-06-22 10:50:05 -0700[diff] [blame]144bool HeapWalker::Leaked(allocator::vector<Range>& leaked, size_t limit, size_t* num_leaks_out,
145 size_t* leak_bytes_out) {
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]146 leaked.clear();
147
148 size_t num_leaks = 0;
149 size_t leak_bytes = 0;
150 for (auto it = allocations_.begin(); it != allocations_.end(); it++) {
151 if (!it->second.referenced_from_root) {
152 num_leaks++;
153 leak_bytes += it->first.end - it->first.begin;
154 }
155 }
156
157 size_t n = 0;
158 for (auto it = allocations_.begin(); it != allocations_.end(); it++) {
159 if (!it->second.referenced_from_root) {
Colin Cross8e8f34c2016-03-02 17:53:39 -0800[diff] [blame]160 if (n++ < limit) {
Colin Cross7add50d2016-01-14 15:35:40 -0800[diff] [blame]161 leaked.push_back(it->first);
162 }
163 }
164 }
165
166 if (num_leaks_out) {
167 *num_leaks_out = num_leaks;
168 }
169 if (leak_bytes_out) {
170 *leak_bytes_out = leak_bytes;
171 }
172
173 return true;
174}
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]175
176static bool MapOverPage(void* addr) {
177 const size_t page_size = sysconf(_SC_PAGE_SIZE);
Colin Crossa83881e2017-06-22 10:50:05 -0700[diff] [blame]178 void* page = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(addr) & ~(page_size - 1));
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]179
Colin Crossa83881e2017-06-22 10:50:05 -0700[diff] [blame]180 void* ret = mmap(page, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0);
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]181 if (ret == MAP_FAILED) {
Christopher Ferris47dea712017-05-03 17:34:29 -0700[diff] [blame]182 MEM_ALOGE("failed to map page at %p: %s", page, strerror(errno));
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]183 return false;
184 }
185
186 return true;
187}
188
Colin Crossa83881e2017-06-22 10:50:05 -0700[diff] [blame]189void HeapWalker::HandleSegFault(ScopedSignalHandler& handler, int signal, siginfo_t* si,
190 void* /*uctx*/) {
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]191 uintptr_t addr = reinterpret_cast<uintptr_t>(si->si_addr);
192 if (addr != walking_ptr_) {
193 handler.reset();
194 return;
195 }
Colin Crossd780dcb2018-11-27 16:14:53 -0800[diff] [blame]196 if (!segv_logged_) {
197 MEM_ALOGW("failed to read page at %p, signal %d", si->si_addr, signal);
198 if (walking_range_.begin != 0U) {
199 MEM_ALOGW("while walking range %p-%p", reinterpret_cast<void*>(walking_range_.begin),
200 reinterpret_cast<void*>(walking_range_.end));
201 }
202 segv_logged_ = true;
203 }
204 segv_page_count_++;
Colin Crossba5d9ff2016-04-26 16:51:32 -0700[diff] [blame]205 if (!MapOverPage(si->si_addr)) {
206 handler.reset();
207 }
208}
209
Colin Cross87315e92019-03-20 16:02:54 -0700[diff] [blame]210Allocator<ScopedSignalHandler::SignalFnMap>::unique_ptr ScopedSignalHandler::handler_map_;
Colin Crossa9939e92017-06-21 13:13:00 -0700[diff] [blame]211
212} // namespace android