Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / memory / libmemunreachable / refs/tags/rel/13/fp3/6.A.023.1 / . / HeapWalker.cpp
blob: c602c7f8179f993e0551e45b40b8d4448efd0f39 [file] [log] [blame]
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]17#include <errno.h>
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]18#include <inttypes.h>
Peter Collingbourneb4a37ff2020-01-10 19:15:35 -0800[diff] [blame]19#include <sys/auxv.h>
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]20#include <sys/mman.h>
21#include <unistd.h>
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]22
Martin Stjernholm85ad4012020-04-24 16:42:49 +0100[diff] [blame]23#if defined(__BIONIC__)
Peter Collingbourne0f882d02020-01-29 17:35:21 -0800[diff] [blame]24#include <bionic/mte.h>
Martin Stjernholm85ad4012020-04-24 16:42:49 +0100[diff] [blame]25#endif
Peter Collingbourneb4a37ff2020-01-10 19:15:35 -0800[diff] [blame]26
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]27#include <map>
28#include <utility>
29
30#include "Allocator.h"
31#include "HeapWalker.h"
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]32#include "LeakFolding.h"
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]33#include "ScopedSignalHandler.h"
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]34#include "log.h"
35
Colin Cross1fa81f52017-06-21 13:13:00 -0700[diff] [blame]36namespace android {
Mitch Phillipsde9758b2020-01-08 22:52:38 -0800[diff] [blame]37static inline uintptr_t UntagAddress(uintptr_t addr) {
38#if defined(__aarch64__)
39 constexpr uintptr_t mask = (static_cast<uintptr_t>(1) << 56) - 1;
40 addr = addr & mask;
41#endif
42 return addr;
43}
Colin Cross1fa81f52017-06-21 13:13:00 -0700[diff] [blame]44
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]45bool HeapWalker::Allocation(uintptr_t begin, uintptr_t end) {
46 if (end == begin) {
47 end = begin + 1;
48 }
Mitch Phillipsde9758b2020-01-08 22:52:38 -0800[diff] [blame]49 begin = UntagAddress(begin);
50 end = UntagAddress(end);
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]51 Range range{begin, end};
Colin Cross223069f2018-11-28 17:01:59 -0800[diff] [blame]52 if (valid_mappings_range_.end != 0 &&
53 (begin < valid_mappings_range_.begin || end > valid_mappings_range_.end)) {
54 MEM_LOG_ALWAYS_FATAL("allocation %p-%p is outside mapping range %p-%p",
55 reinterpret_cast<void*>(begin), reinterpret_cast<void*>(end),
56 reinterpret_cast<void*>(valid_mappings_range_.begin),
57 reinterpret_cast<void*>(valid_mappings_range_.end));
58 }
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]59 auto inserted = allocations_.insert(std::pair<Range, AllocationInfo>(range, AllocationInfo{}));
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]60 if (inserted.second) {
61 valid_allocations_range_.begin = std::min(valid_allocations_range_.begin, begin);
62 valid_allocations_range_.end = std::max(valid_allocations_range_.end, end);
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]63 allocation_bytes_ += range.size();
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]64 return true;
65 } else {
66 Range overlap = inserted.first->first;
Colin Cross1f997062016-04-26 17:10:04 -0700[diff] [blame]67 if (overlap != range) {
Christopher Ferris56b8d862017-05-03 17:34:29 -0700[diff] [blame]68 MEM_ALOGE("range %p-%p overlaps with existing range %p-%p", reinterpret_cast<void*>(begin),
69 reinterpret_cast<void*>(end), reinterpret_cast<void*>(overlap.begin),
70 reinterpret_cast<void*>(overlap.end));
Colin Cross1f997062016-04-26 17:10:04 -0700[diff] [blame]71 }
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]72 return false;
73 }
74}
75
Peter Collingbourneb4a37ff2020-01-10 19:15:35 -0800[diff] [blame]76// Sanitizers and MTE may consider certain memory inaccessible through certain pointers.
77// With MTE we set PSTATE.TCO during the access to suppress tag checks.
Evgenii Stepanov94485fa2019-03-19 17:17:47 -0700[diff] [blame]78static uintptr_t ReadWordAtAddressUnsafe(uintptr_t word_ptr)
79 __attribute__((no_sanitize("address", "hwaddress"))) {
Martin Stjernholm85ad4012020-04-24 16:42:49 +0100[diff] [blame]80#if defined(__BIONIC__)
Peter Collingbourne0f882d02020-01-29 17:35:21 -0800[diff] [blame]81 ScopedDisableMTE x;
Martin Stjernholm85ad4012020-04-24 16:42:49 +0100[diff] [blame]82#endif
Peter Collingbourne0f882d02020-01-29 17:35:21 -0800[diff] [blame]83 return *reinterpret_cast<uintptr_t*>(word_ptr);
Evgenii Stepanov94485fa2019-03-19 17:17:47 -0700[diff] [blame]84}
85
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]86bool HeapWalker::WordContainsAllocationPtr(uintptr_t word_ptr, Range* range, AllocationInfo** info) {
87 walking_ptr_ = word_ptr;
88 // This access may segfault if the process under test has done something strange,
89 // for example mprotect(PROT_NONE) on a native heap page. If so, it will be
90 // caught and handled by mmaping a zero page over the faulting page.
Evgenii Stepanov94485fa2019-03-19 17:17:47 -0700[diff] [blame]91 uintptr_t value = ReadWordAtAddressUnsafe(word_ptr);
Mitch Phillipsde9758b2020-01-08 22:52:38 -0800[diff] [blame]92 value = UntagAddress(value);
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]93 walking_ptr_ = 0;
94 if (value >= valid_allocations_range_.begin && value < valid_allocations_range_.end) {
95 AllocationMap::iterator it = allocations_.find(Range{value, value + 1});
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]96 if (it != allocations_.end()) {
97 *range = it->first;
98 *info = &it->second;
99 return true;
100 }
101 }
102 return false;
103}
104
105void HeapWalker::RecurseRoot(const Range& root) {
106 allocator::vector<Range> to_do(1, root, allocator_);
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]107 while (!to_do.empty()) {
108 Range range = to_do.back();
109 to_do.pop_back();
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]110
Colin Crossc2c76d42018-11-27 16:14:53 -0800[diff] [blame]111 walking_range_ = range;
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]112 ForEachPtrInRange(range, [&](Range& ref_range, AllocationInfo* ref_info) {
113 if (!ref_info->referenced_from_root) {
114 ref_info->referenced_from_root = true;
115 to_do.push_back(ref_range);
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]116 }
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]117 });
Colin Crossc2c76d42018-11-27 16:14:53 -0800[diff] [blame]118 walking_range_ = Range{0, 0};
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]119 }
120}
121
Colin Cross223069f2018-11-28 17:01:59 -0800[diff] [blame]122void HeapWalker::Mapping(uintptr_t begin, uintptr_t end) {
123 valid_mappings_range_.begin = std::min(valid_mappings_range_.begin, begin);
124 valid_mappings_range_.end = std::max(valid_mappings_range_.end, end);
125}
126
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]127void HeapWalker::Root(uintptr_t begin, uintptr_t end) {
128 roots_.push_back(Range{begin, end});
129}
130
131void HeapWalker::Root(const allocator::vector<uintptr_t>& vals) {
132 root_vals_.insert(root_vals_.end(), vals.begin(), vals.end());
133}
134
135size_t HeapWalker::Allocations() {
136 return allocations_.size();
137}
138
139size_t HeapWalker::AllocationBytes() {
140 return allocation_bytes_;
141}
142
143bool HeapWalker::DetectLeaks() {
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]144 // Recursively walk pointers from roots to mark referenced allocations
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]145 for (auto it = roots_.begin(); it != roots_.end(); it++) {
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]146 RecurseRoot(*it);
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]147 }
148
149 Range vals;
150 vals.begin = reinterpret_cast<uintptr_t>(root_vals_.data());
151 vals.end = vals.begin + root_vals_.size() * sizeof(uintptr_t);
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]152
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]153 RecurseRoot(vals);
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]154
Colin Crossc2c76d42018-11-27 16:14:53 -0800[diff] [blame]155 if (segv_page_count_ > 0) {
156 MEM_ALOGE("%zu pages skipped due to segfaults", segv_page_count_);
157 }
158
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]159 return true;
160}
161
Colin Cross401319a2017-06-22 10:50:05 -0700[diff] [blame]162bool HeapWalker::Leaked(allocator::vector<Range>& leaked, size_t limit, size_t* num_leaks_out,
163 size_t* leak_bytes_out) {
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]164 leaked.clear();
165
166 size_t num_leaks = 0;
167 size_t leak_bytes = 0;
168 for (auto it = allocations_.begin(); it != allocations_.end(); it++) {
169 if (!it->second.referenced_from_root) {
170 num_leaks++;
171 leak_bytes += it->first.end - it->first.begin;
172 }
173 }
174
175 size_t n = 0;
176 for (auto it = allocations_.begin(); it != allocations_.end(); it++) {
177 if (!it->second.referenced_from_root) {
Colin Cross6f922a42016-03-02 17:53:39 -0800[diff] [blame]178 if (n++ < limit) {
Colin Cross77673182016-01-14 15:35:40 -0800[diff] [blame]179 leaked.push_back(it->first);
180 }
181 }
182 }
183
184 if (num_leaks_out) {
185 *num_leaks_out = num_leaks;
186 }
187 if (leak_bytes_out) {
188 *leak_bytes_out = leak_bytes;
189 }
190
191 return true;
192}
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]193
194static bool MapOverPage(void* addr) {
195 const size_t page_size = sysconf(_SC_PAGE_SIZE);
Colin Cross401319a2017-06-22 10:50:05 -0700[diff] [blame]196 void* page = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(addr) & ~(page_size - 1));
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]197
Colin Cross401319a2017-06-22 10:50:05 -0700[diff] [blame]198 void* ret = mmap(page, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0);
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]199 if (ret == MAP_FAILED) {
Christopher Ferris56b8d862017-05-03 17:34:29 -0700[diff] [blame]200 MEM_ALOGE("failed to map page at %p: %s", page, strerror(errno));
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]201 return false;
202 }
203
204 return true;
205}
206
Colin Cross401319a2017-06-22 10:50:05 -0700[diff] [blame]207void HeapWalker::HandleSegFault(ScopedSignalHandler& handler, int signal, siginfo_t* si,
208 void* /*uctx*/) {
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]209 uintptr_t addr = reinterpret_cast<uintptr_t>(si->si_addr);
210 if (addr != walking_ptr_) {
211 handler.reset();
212 return;
213 }
Colin Crossc2c76d42018-11-27 16:14:53 -0800[diff] [blame]214 if (!segv_logged_) {
215 MEM_ALOGW("failed to read page at %p, signal %d", si->si_addr, signal);
216 if (walking_range_.begin != 0U) {
217 MEM_ALOGW("while walking range %p-%p", reinterpret_cast<void*>(walking_range_.begin),
218 reinterpret_cast<void*>(walking_range_.end));
219 }
220 segv_logged_ = true;
221 }
222 segv_page_count_++;
Colin Crossf8bf3272016-04-26 16:51:32 -0700[diff] [blame]223 if (!MapOverPage(si->si_addr)) {
224 handler.reset();
225 }
226}
227
Colin Cross8837c722019-03-20 16:02:54 -0700[diff] [blame]228Allocator<ScopedSignalHandler::SignalFnMap>::unique_ptr ScopedSignalHandler::handler_map_;
Colin Cross1fa81f52017-06-21 13:13:00 -0700[diff] [blame]229
230} // namespace android