Blame - libmemunreachable/HeapWalker.cpp - android_system_core

blob: 7cae048691c51dcdcba1bd91964bbca1dd33c14b [file] [log] [blame]

Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	1	/*
				2	* Copyright (C) 2016 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	17	#include <errno.h>
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	18	#include <inttypes.h>
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	19	#include <sys/mman.h>
				20	#include <unistd.h>
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	21
				22	#include <map>
				23	#include <utility>
				24
				25	#include "Allocator.h"
				26	#include "HeapWalker.h"
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	27	#include "LeakFolding.h"
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	28	#include "ScopedSignalHandler.h"
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	29	#include "log.h"
				30
Colin Cross	a9939e9	2017-06-21 13:13:00 -0700	[diff] [blame]	31	namespace android {
				32
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	33	bool HeapWalker::Allocation(uintptr_t begin, uintptr_t end) {
				34	if (end == begin) {
				35	end = begin + 1;
				36	}
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	37	Range range{begin, end};
Colin Cross	3ca1976	2018-11-28 17:01:59 -0800	[diff] [blame]	38	if (valid_mappings_range_.end != 0 &&
				39	(begin < valid_mappings_range_.begin \|\| end > valid_mappings_range_.end)) {
				40	MEM_LOG_ALWAYS_FATAL("allocation %p-%p is outside mapping range %p-%p",
				41	reinterpret_cast<void>(begin), reinterpret_cast<void>(end),
				42	reinterpret_cast<void*>(valid_mappings_range_.begin),
				43	reinterpret_cast<void*>(valid_mappings_range_.end));
				44	}
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	45	auto inserted = allocations_.insert(std::pair<Range, AllocationInfo>(range, AllocationInfo{}));
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	46	if (inserted.second) {
				47	valid_allocations_range_.begin = std::min(valid_allocations_range_.begin, begin);
				48	valid_allocations_range_.end = std::max(valid_allocations_range_.end, end);
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	49	allocation_bytes_ += range.size();
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	50	return true;
				51	} else {
				52	Range overlap = inserted.first->first;
Colin Cross	cecd640	2016-04-26 17:10:04 -0700	[diff] [blame]	53	if (overlap != range) {
Christopher Ferris	47dea71	2017-05-03 17:34:29 -0700	[diff] [blame]	54	MEM_ALOGE("range %p-%p overlaps with existing range %p-%p", reinterpret_cast<void*>(begin),
				55	reinterpret_cast<void>(end), reinterpret_cast<void>(overlap.begin),
				56	reinterpret_cast<void*>(overlap.end));
Colin Cross	cecd640	2016-04-26 17:10:04 -0700	[diff] [blame]	57	}
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	58	return false;
				59	}
				60	}
				61
Evgenii Stepanov	3e1c604	2019-03-19 17:17:47 -0700	[diff] [blame]	62	// Sanitizers may consider certain memory inaccessible through certain pointers.
				63	// With MTE this will need to use unchecked instructions or disable tag checking globally.
				64	static uintptr_t ReadWordAtAddressUnsafe(uintptr_t word_ptr)
				65	__attribute__((no_sanitize("address", "hwaddress"))) {
				66	return reinterpret_cast<uintptr_t>(word_ptr);
				67	}
				68
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	69	bool HeapWalker::WordContainsAllocationPtr(uintptr_t word_ptr, Range* range, AllocationInfo** info) {
				70	walking_ptr_ = word_ptr;
				71	// This access may segfault if the process under test has done something strange,
				72	// for example mprotect(PROT_NONE) on a native heap page. If so, it will be
				73	// caught and handled by mmaping a zero page over the faulting page.
Evgenii Stepanov	3e1c604	2019-03-19 17:17:47 -0700	[diff] [blame]	74	uintptr_t value = ReadWordAtAddressUnsafe(word_ptr);
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	75	walking_ptr_ = 0;
				76	if (value >= valid_allocations_range_.begin && value < valid_allocations_range_.end) {
				77	AllocationMap::iterator it = allocations_.find(Range{value, value + 1});
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	78	if (it != allocations_.end()) {
				79	*range = it->first;
				80	*info = &it->second;
				81	return true;
				82	}
				83	}
				84	return false;
				85	}
				86
				87	void HeapWalker::RecurseRoot(const Range& root) {
				88	allocator::vector<Range> to_do(1, root, allocator_);
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	89	while (!to_do.empty()) {
				90	Range range = to_do.back();
				91	to_do.pop_back();
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	92
Colin Cross	d780dcb	2018-11-27 16:14:53 -0800	[diff] [blame]	93	walking_range_ = range;
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	94	ForEachPtrInRange(range, [&](Range& ref_range, AllocationInfo* ref_info) {
				95	if (!ref_info->referenced_from_root) {
				96	ref_info->referenced_from_root = true;
				97	to_do.push_back(ref_range);
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	98	}
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	99	});
Colin Cross	d780dcb	2018-11-27 16:14:53 -0800	[diff] [blame]	100	walking_range_ = Range{0, 0};
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	101	}
				102	}
				103
Colin Cross	3ca1976	2018-11-28 17:01:59 -0800	[diff] [blame]	104	void HeapWalker::Mapping(uintptr_t begin, uintptr_t end) {
				105	valid_mappings_range_.begin = std::min(valid_mappings_range_.begin, begin);
				106	valid_mappings_range_.end = std::max(valid_mappings_range_.end, end);
				107	}
				108
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	109	void HeapWalker::Root(uintptr_t begin, uintptr_t end) {
				110	roots_.push_back(Range{begin, end});
				111	}
				112
				113	void HeapWalker::Root(const allocator::vector<uintptr_t>& vals) {
				114	root_vals_.insert(root_vals_.end(), vals.begin(), vals.end());
				115	}
				116
				117	size_t HeapWalker::Allocations() {
				118	return allocations_.size();
				119	}
				120
				121	size_t HeapWalker::AllocationBytes() {
				122	return allocation_bytes_;
				123	}
				124
				125	bool HeapWalker::DetectLeaks() {
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	126	// Recursively walk pointers from roots to mark referenced allocations
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	127	for (auto it = roots_.begin(); it != roots_.end(); it++) {
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	128	RecurseRoot(*it);
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	129	}
				130
				131	Range vals;
				132	vals.begin = reinterpret_cast<uintptr_t>(root_vals_.data());
				133	vals.end = vals.begin + root_vals_.size() * sizeof(uintptr_t);
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	134
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	135	RecurseRoot(vals);
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	136
Colin Cross	d780dcb	2018-11-27 16:14:53 -0800	[diff] [blame]	137	if (segv_page_count_ > 0) {
				138	MEM_ALOGE("%zu pages skipped due to segfaults", segv_page_count_);
				139	}
				140
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	141	return true;
				142	}
				143
Colin Cross	a83881e	2017-06-22 10:50:05 -0700	[diff] [blame]	144	bool HeapWalker::Leaked(allocator::vector<Range>& leaked, size_t limit, size_t* num_leaks_out,
				145	size_t* leak_bytes_out) {
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	146	leaked.clear();
				147
				148	size_t num_leaks = 0;
				149	size_t leak_bytes = 0;
				150	for (auto it = allocations_.begin(); it != allocations_.end(); it++) {
				151	if (!it->second.referenced_from_root) {
				152	num_leaks++;
				153	leak_bytes += it->first.end - it->first.begin;
				154	}
				155	}
				156
				157	size_t n = 0;
				158	for (auto it = allocations_.begin(); it != allocations_.end(); it++) {
				159	if (!it->second.referenced_from_root) {
Colin Cross	8e8f34c	2016-03-02 17:53:39 -0800	[diff] [blame]	160	if (n++ < limit) {
Colin Cross	7add50d	2016-01-14 15:35:40 -0800	[diff] [blame]	161	leaked.push_back(it->first);
				162	}
				163	}
				164	}
				165
				166	if (num_leaks_out) {
				167	*num_leaks_out = num_leaks;
				168	}
				169	if (leak_bytes_out) {
				170	*leak_bytes_out = leak_bytes;
				171	}
				172
				173	return true;
				174	}
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	175
				176	static bool MapOverPage(void* addr) {
				177	const size_t page_size = sysconf(_SC_PAGE_SIZE);
Colin Cross	a83881e	2017-06-22 10:50:05 -0700	[diff] [blame]	178	void* page = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(addr) & ~(page_size - 1));
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	179
Colin Cross	a83881e	2017-06-22 10:50:05 -0700	[diff] [blame]	180	void* ret = mmap(page, page_size, PROT_READ, MAP_ANONYMOUS \| MAP_PRIVATE \| MAP_FIXED, -1, 0);
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	181	if (ret == MAP_FAILED) {
Christopher Ferris	47dea71	2017-05-03 17:34:29 -0700	[diff] [blame]	182	MEM_ALOGE("failed to map page at %p: %s", page, strerror(errno));
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	183	return false;
				184	}
				185
				186	return true;
				187	}
				188
Colin Cross	a83881e	2017-06-22 10:50:05 -0700	[diff] [blame]	189	void HeapWalker::HandleSegFault(ScopedSignalHandler& handler, int signal, siginfo_t* si,
				190	void* /uctx/) {
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	191	uintptr_t addr = reinterpret_cast<uintptr_t>(si->si_addr);
				192	if (addr != walking_ptr_) {
				193	handler.reset();
				194	return;
				195	}
Colin Cross	d780dcb	2018-11-27 16:14:53 -0800	[diff] [blame]	196	if (!segv_logged_) {
				197	MEM_ALOGW("failed to read page at %p, signal %d", si->si_addr, signal);
				198	if (walking_range_.begin != 0U) {
				199	MEM_ALOGW("while walking range %p-%p", reinterpret_cast<void*>(walking_range_.begin),
				200	reinterpret_cast<void*>(walking_range_.end));
				201	}
				202	segv_logged_ = true;
				203	}
				204	segv_page_count_++;
Colin Cross	ba5d9ff	2016-04-26 16:51:32 -0700	[diff] [blame]	205	if (!MapOverPage(si->si_addr)) {
				206	handler.reset();
				207	}
				208	}
				209
Colin Cross	87315e9	2019-03-20 16:02:54 -0700	[diff] [blame]	210	Allocator<ScopedSignalHandler::SignalFnMap>::unique_ptr ScopedSignalHandler::handler_map_;
Colin Cross	a9939e9	2017-06-21 13:13:00 -0700	[diff] [blame]	211
				212	} // namespace android