| Christopher Ferris | 713a8e3 | 2016-03-18 14:29:51 -0700 | [diff] [blame^] | 1 | Native Memory Tracking using libc Callbacks |
| 2 | ------------------------------------------- |
| 3 | Malloc debug can be used to get information on all of the live allocations |
| 4 | in a process. The libc library in Android exports two calls that can be |
| 5 | used to gather this data from a process. This tracking can be enabled using |
| 6 | either the backtrace option or the backtrace\_enabled\_on\_signal option. |
| 7 | |
| 8 | The function to gather the data: |
| 9 | |
| 10 | <pre> |
| 11 | <b> |
| 12 | extern "C" void get_malloc_leak_info(uint8_t** info, size_t* overall_size, size_t* info_size, size_t* total_memory, size_t* backtrace_size); |
| 13 | </b> |
| 14 | </pre> |
| 15 | |
| 16 | <i>info</i> is set to a buffer allocated by the call that contains all of |
| 17 | the allocation information. |
| 18 | <i>overall\_size</i> is set to the total size of the buffer returned. If this |
| 19 | <i>info\_size</i> |
| 20 | value is zero, then there are no allocation being tracked. |
| 21 | <i>total\_memory</i> is set to the sum of all allocation sizes that are live at |
| 22 | the point of the function call. This does not include the memory allocated |
| 23 | by the malloc debug library itself. |
| 24 | <i>backtrace\_size</i> is set to the maximum number of backtrace entries |
| 25 | that are present for each allocation. |
| 26 | |
| 27 | In order to free the buffer allocated by the function, call: |
| 28 | |
| 29 | <pre> |
| 30 | <b> |
| 31 | extern "C" void free_malloc_leak_info(uint8_t* info); |
| 32 | </b> |
| 33 | </pre> |
| 34 | |
| 35 | ### Format of info Buffer |
| 36 | <pre> |
| 37 | size_t size_of_original_allocation |
| 38 | size_t num_backtrace_frames |
| 39 | uintptr_t pc1 |
| 40 | uintptr_t pc2 |
| 41 | uintptr_t pc3 |
| 42 | . |
| 43 | . |
| 44 | . |
| 45 | </pre> |
| 46 | |
| 47 | The number of <i>uintptr\_t</i> values is determined by the value |
| 48 | <i>backtrace\_size</i> as returned by the original call to |
| 49 | <i>get\_malloc\_leak\_info</i>. This value is not variable, it is the same |
| 50 | for all the returned data. The value |
| 51 | <i>num\_backtrace\_frames</i> contains the real number of frames found. The |
| 52 | extra frames are set to zero. Each <i>uintptr\_t</i> is a pc of the callstack. |
| 53 | The calls from within the malloc debug library are automatically removed. |
| 54 | |
| 55 | For 32 bit systems, <i>size\_t</i> and <i>uintptr\_t</i> are both 4 byte values. |
| 56 | |
| 57 | For 64 bit systems, <i>size\_t</i> and <i>uintptr\_t</i> are both 8 byte values. |
| 58 | |
| 59 | The total number of these structures returned in <i>info</i> is |
| 60 | <i>overall\_size</i> divided by <i>info\_size</i>. |
| 61 | |
| 62 | Note, the size value in each allocation data structure will have bit 31 set |
| 63 | if this allocation was created by the Zygote process. This helps to distinguish |
| 64 | between native allocations created by the application. |