1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <malloc.h> 18#include <signal.h> 19#include <stdlib.h> 20#include <string.h> 21#include <sys/cdefs.h> 22#include <sys/param.h> 23#include <sys/types.h> 24#include <unistd.h> 25 26#include <algorithm> 27#include <thread> 28#include <vector> 29#include <utility> 30 31#include <gtest/gtest.h> 32 33#include <android-base/file.h> 34#include <android-base/stringprintf.h> 35#include <android-base/strings.h> 36 37#include <private/bionic_macros.h> 38#include <private/bionic_malloc_dispatch.h> 39 40#include "Config.h" 41#include "malloc_debug.h" 42 43#include "log_fake.h" 44#include "backtrace_fake.h" 45 46__BEGIN_DECLS 47 48bool debug_initialize(const MallocDispatch*, int*, const char*); 49void debug_finalize(); 50 51void* debug_malloc(size_t); 52void debug_free(void*); 53void* debug_calloc(size_t, size_t); 54void* debug_realloc(void*, size_t); 55int debug_posix_memalign(void**, size_t, size_t); 56void* debug_memalign(size_t, size_t); 57void* debug_aligned_alloc(size_t, size_t); 58size_t debug_malloc_usable_size(void*); 59void debug_get_malloc_leak_info(uint8_t**, size_t*, size_t*, size_t*, size_t*); 60void debug_free_malloc_leak_info(uint8_t*); 61 62struct mallinfo debug_mallinfo(); 63int debug_mallopt(int, int); 64 65#if defined(HAVE_DEPRECATED_MALLOC_FUNCS) 66void* debug_pvalloc(size_t); 67void* debug_valloc(size_t); 68#endif 69 70__END_DECLS 71 72constexpr char DIVIDER[] = 73 "6 malloc_debug *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\n"; 74 75static size_t get_tag_offset() { 76 return __BIONIC_ALIGN(sizeof(Header), MINIMUM_ALIGNMENT_BYTES); 77} 78 79static constexpr const char RECORD_ALLOCS_FILE[] = "/data/local/tmp/record_allocs.txt"; 80 81static constexpr const char BACKTRACE_DUMP_PREFIX[] = "/data/local/tmp/backtrace_heap"; 82 83class MallocDebugTest : public ::testing::Test { 84 protected: 85 void SetUp() override { 86 initialized = false; 87 resetLogs(); 88 backtrace_fake_clear_all(); 89 // Delete the record data file if it exists. 90 unlink(RECORD_ALLOCS_FILE); 91 } 92 93 void TearDown() override { 94 if (initialized) { 95 debug_finalize(); 96 } 97 } 98 99 void Init(const char* options) { 100 zygote = 0; 101 ASSERT_TRUE(debug_initialize(&dispatch, &zygote, options)); 102 initialized = true; 103 } 104 105 void BacktraceDumpOnSignal(bool trigger_with_alloc); 106 107 static size_t GetInfoEntrySize(size_t max_frames) { 108 return 2 * sizeof(size_t) + max_frames * sizeof(uintptr_t); 109 } 110 111 bool initialized; 112 113 int zygote; 114 115 static MallocDispatch dispatch; 116}; 117 118MallocDispatch MallocDebugTest::dispatch = { 119 calloc, 120 free, 121 mallinfo, 122 malloc, 123 malloc_usable_size, 124 memalign, 125 posix_memalign, 126#if defined(HAVE_DEPRECATED_MALLOC_FUNCS) 127 nullptr, 128#endif 129 realloc, 130#if defined(HAVE_DEPRECATED_MALLOC_FUNCS) 131 nullptr, 132#endif 133 nullptr, 134 nullptr, 135 nullptr, 136 mallopt, 137 aligned_alloc, 138}; 139 140std::string ShowDiffs(uint8_t* a, uint8_t* b, size_t size) { 141 std::string diff; 142 for (size_t i = 0; i < size; i++) { 143 if (a[i] != b[i]) { 144 diff += android::base::StringPrintf("Byte %zu: 0x%x 0x%x\n", i, a[i], b[i]); 145 } 146 } 147 return diff; 148} 149 150void VerifyAllocCalls(bool backtrace_enabled) { 151 size_t alloc_size = 1024; 152 153 // Verify debug_malloc. 154 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(alloc_size)); 155 ASSERT_TRUE(pointer != nullptr); 156 for (size_t i = 0; i < debug_malloc_usable_size(pointer); i++) { 157 ASSERT_EQ(0xeb, pointer[i]); 158 } 159 debug_free(pointer); 160 161 // Verify debug_calloc. 162 pointer = reinterpret_cast<uint8_t*>(debug_calloc(1, alloc_size)); 163 ASSERT_TRUE(pointer != nullptr); 164 for (size_t i = 0; i < debug_malloc_usable_size(pointer); i++) { 165 ASSERT_EQ(0, pointer[i]) << "Failed at byte " << i; 166 } 167 debug_free(pointer); 168 169 pointer = reinterpret_cast<uint8_t*>(debug_memalign(128, alloc_size)); 170 ASSERT_TRUE(pointer != nullptr); 171 for (size_t i = 0; i < debug_malloc_usable_size(pointer); i++) { 172 ASSERT_EQ(0xeb, pointer[i]) << "Failed at byte " << i; 173 } 174 debug_free(pointer); 175 176 pointer = reinterpret_cast<uint8_t*>(debug_realloc(nullptr, alloc_size)); 177 ASSERT_TRUE(pointer != nullptr); 178 for (size_t i = 0; i < debug_malloc_usable_size(pointer); i++) { 179 ASSERT_EQ(0xeb, pointer[i]) << "Failed at byte " << i; 180 } 181 memset(pointer, 0xff, alloc_size); 182 // Increase the size, verify the extra length is initialized to 0xeb, 183 // but the rest is 0xff. 184 pointer = reinterpret_cast<uint8_t*>(debug_realloc(pointer, alloc_size * 2)); 185 ASSERT_TRUE(pointer != nullptr); 186 for (size_t i = 0; i < alloc_size; i++) { 187 ASSERT_EQ(0xff, pointer[i]) << "Failed at byte " << i; 188 } 189 for (size_t i = alloc_size; i < debug_malloc_usable_size(pointer); i++) { 190 ASSERT_EQ(0xeb, pointer[i]) << "Failed at byte " << i; 191 } 192 memset(pointer, 0xff, debug_malloc_usable_size(pointer)); 193 // Shrink the size and verify nothing changes. 194 pointer = reinterpret_cast<uint8_t*>(debug_realloc(pointer, alloc_size)); 195 ASSERT_TRUE(pointer != nullptr); 196 for (size_t i = 0; i < debug_malloc_usable_size(pointer); i++) { 197 ASSERT_EQ(0xff, pointer[i]) << "Failed at byte " << i; 198 } 199 // This should free the pointer. 200 pointer = reinterpret_cast<uint8_t*>(debug_realloc(pointer, 0)); 201 ASSERT_TRUE(pointer == nullptr); 202 203 ASSERT_STREQ("", getFakeLogBuf().c_str()); 204 std::string expected_log; 205 if (backtrace_enabled) { 206 expected_log += android::base::StringPrintf( 207 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 208 SIGRTMAX - 17, getpid()); 209 } 210 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 211} 212 213TEST_F(MallocDebugTest, fill_generic) { 214 Init("fill"); 215 VerifyAllocCalls(false); 216} 217 218TEST_F(MallocDebugTest, fill_on_alloc_generic) { 219 Init("fill_on_alloc"); 220 VerifyAllocCalls(false); 221} 222 223TEST_F(MallocDebugTest, fill_on_alloc_partial) { 224 Init("fill_on_alloc=25"); 225 226 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 227 ASSERT_TRUE(pointer != nullptr); 228 for (size_t i = 0; i < 25; i++) { 229 ASSERT_EQ(0xeb, pointer[i]) << "Failed at byte " << i; 230 } 231 debug_free(pointer); 232 233 ASSERT_STREQ("", getFakeLogBuf().c_str()); 234 ASSERT_STREQ("", getFakeLogPrint().c_str()); 235} 236 237TEST_F(MallocDebugTest, fill_on_free) { 238 Init("fill_on_free free_track free_track_backtrace_num_frames=0"); 239 240 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 241 ASSERT_TRUE(pointer != nullptr); 242 size_t usable_size = debug_malloc_usable_size(pointer); 243 memset(pointer, 0, usable_size); 244 debug_free(pointer); 245 246 for (size_t i = 0; i < usable_size; i++) { 247 ASSERT_EQ(0xef, pointer[i]) << "Failed at byte " << i; 248 } 249 250 ASSERT_STREQ("", getFakeLogBuf().c_str()); 251 ASSERT_STREQ("", getFakeLogPrint().c_str()); 252} 253 254TEST_F(MallocDebugTest, fill_on_free_partial) { 255 Init("fill_on_free=30 free_track free_track_backtrace_num_frames=0"); 256 257 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 258 ASSERT_TRUE(pointer != nullptr); 259 size_t usable_size = debug_malloc_usable_size(pointer); 260 memset(pointer, 0, usable_size); 261 debug_free(pointer); 262 263 for (size_t i = 0; i < 30; i++) { 264 ASSERT_EQ(0xef, pointer[i]) << "Failed to fill on free at byte " << i; 265 } 266 for (size_t i = 30; i < usable_size; i++) { 267 ASSERT_EQ(0, pointer[i]) << "Filled too much on byte " << i; 268 } 269 270 ASSERT_STREQ("", getFakeLogBuf().c_str()); 271 ASSERT_STREQ("", getFakeLogPrint().c_str()); 272} 273 274TEST_F(MallocDebugTest, free_track_partial) { 275 Init("fill_on_free=30 free_track free_track_backtrace_num_frames=0"); 276 277 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 278 ASSERT_TRUE(pointer != nullptr); 279 size_t usable_size = debug_malloc_usable_size(pointer); 280 memset(pointer, 0, usable_size); 281 debug_free(pointer); 282 283 for (size_t i = 0; i < 30; i++) { 284 ASSERT_EQ(0xef, pointer[i]) << "Failed to fill on free at byte " << i; 285 } 286 for (size_t i = 30; i < usable_size; i++) { 287 ASSERT_EQ(0, pointer[i]) << "Filled too much on byte " << i; 288 } 289 290 debug_finalize(); 291 initialized = false; 292 293 ASSERT_STREQ("", getFakeLogBuf().c_str()); 294 ASSERT_STREQ("", getFakeLogPrint().c_str()); 295} 296 297TEST_F(MallocDebugTest, all_options) { 298 Init("guard backtrace fill expand_alloc free_track leak_track"); 299 VerifyAllocCalls(true); 300} 301 302TEST_F(MallocDebugTest, expand_alloc) { 303 Init("expand_alloc=1024"); 304 305 void* pointer = debug_malloc(10); 306 ASSERT_TRUE(pointer != nullptr); 307 ASSERT_LE(1034U, debug_malloc_usable_size(pointer)); 308 debug_free(pointer); 309 310 pointer = debug_calloc(1, 20); 311 ASSERT_TRUE(pointer != nullptr); 312 ASSERT_LE(1044U, debug_malloc_usable_size(pointer)); 313 debug_free(pointer); 314 315 pointer = debug_memalign(128, 15); 316 ASSERT_TRUE(pointer != nullptr); 317 ASSERT_LE(1039U, debug_malloc_usable_size(pointer)); 318 debug_free(pointer); 319 320 pointer = debug_aligned_alloc(128, 15); 321 ASSERT_TRUE(pointer != nullptr); 322 ASSERT_LE(1039U, debug_malloc_usable_size(pointer)); 323 debug_free(pointer); 324 325 pointer = debug_realloc(nullptr, 30); 326 ASSERT_TRUE(pointer != nullptr); 327 ASSERT_LE(1054U, debug_malloc_usable_size(pointer)); 328 pointer = debug_realloc(pointer, 100); 329 ASSERT_LE(1124U, debug_malloc_usable_size(pointer)); 330 debug_free(pointer); 331 332 ASSERT_STREQ("", getFakeLogBuf().c_str()); 333 ASSERT_STREQ("", getFakeLogPrint().c_str()); 334} 335 336TEST_F(MallocDebugTest, front_guard) { 337 Init("front_guard=32"); 338 339 // Create a buffer for doing comparisons. 340 std::vector<uint8_t> buffer(32); 341 memset(buffer.data(), 0xaa, buffer.size()); 342 343 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 344 ASSERT_TRUE(pointer != nullptr); 345 ASSERT_TRUE(memcmp(buffer.data(), &pointer[-buffer.size()], buffer.size()) == 0) 346 << ShowDiffs(buffer.data(), &pointer[-buffer.size()], buffer.size()); 347 memset(pointer, 0xff, 100); 348 debug_free(pointer); 349 350 // Loop through a bunch alignments. 351 for (size_t alignment = 1; alignment <= 256; alignment++) { 352 pointer = reinterpret_cast<uint8_t*>(debug_memalign(alignment, 100)); 353 ASSERT_TRUE(pointer != nullptr); 354 ASSERT_TRUE(memcmp(buffer.data(), &pointer[-buffer.size()], buffer.size()) == 0) 355 << ShowDiffs(buffer.data(), &pointer[-buffer.size()], buffer.size()); 356 size_t alignment_mask = alignment - 1; 357 if (!powerof2(alignment)) { 358 alignment_mask = BIONIC_ROUND_UP_POWER_OF_2(alignment) - 1; 359 } 360 ASSERT_EQ(0U, reinterpret_cast<uintptr_t>(pointer) & alignment_mask); 361 memset(pointer, 0xff, 100); 362 debug_free(pointer); 363 } 364 365 pointer = reinterpret_cast<uint8_t*>(debug_calloc(1, 100)); 366 ASSERT_TRUE(pointer != nullptr); 367 ASSERT_TRUE(memcmp(buffer.data(), &pointer[-buffer.size()], buffer.size()) == 0) 368 << ShowDiffs(buffer.data(), &pointer[-buffer.size()], buffer.size()); 369 for (size_t i = 0; i < 100; i++) { 370 ASSERT_EQ(0, pointer[i]) << "debug_calloc non-zero byte at " << i; 371 } 372 debug_free(pointer); 373 374 pointer = reinterpret_cast<uint8_t*>(debug_realloc(nullptr, 100)); 375 ASSERT_TRUE(pointer != nullptr); 376 ASSERT_TRUE(memcmp(buffer.data(), &pointer[-buffer.size()], buffer.size()) == 0) 377 << ShowDiffs(buffer.data(), &pointer[-buffer.size()], buffer.size()); 378 memset(pointer, 0xff, 100); 379 pointer = reinterpret_cast<uint8_t*>(debug_realloc(pointer, 200)); 380 ASSERT_TRUE(memcmp(buffer.data(), &pointer[-buffer.size()], buffer.size()) == 0) 381 << ShowDiffs(buffer.data(), &pointer[-buffer.size()], buffer.size()); 382 memset(pointer, 0xff, 200); 383 pointer = reinterpret_cast<uint8_t*>(debug_realloc(pointer, 0)); 384 ASSERT_TRUE(pointer == nullptr); 385 386 ASSERT_STREQ("", getFakeLogBuf().c_str()); 387 ASSERT_STREQ("", getFakeLogPrint().c_str()); 388} 389 390TEST_F(MallocDebugTest, realloc_memalign_memory) { 391 Init("rear_guard"); 392 393 void* pointer = debug_memalign(1024, 100); 394 ASSERT_TRUE(pointer != nullptr); 395 memset(pointer, 0, 100); 396 397 pointer = debug_realloc(pointer, 1024); 398 ASSERT_TRUE(pointer != nullptr); 399 ASSERT_EQ(1024U, debug_malloc_usable_size(pointer)); 400 memset(pointer, 0, 1024); 401 debug_free(pointer); 402 403 ASSERT_STREQ("", getFakeLogBuf().c_str()); 404 ASSERT_STREQ("", getFakeLogPrint().c_str()); 405} 406 407TEST_F(MallocDebugTest, front_guard_corrupted) { 408 Init("front_guard=32"); 409 410 backtrace_fake_add(std::vector<uintptr_t> {0x1, 0x2, 0x3}); 411 412 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 413 ASSERT_TRUE(pointer != nullptr); 414 pointer[-32] = 0x00; 415 pointer[-15] = 0x02; 416 debug_free(pointer); 417 418 std::string expected_log(DIVIDER); 419 expected_log += android::base::StringPrintf( 420 "6 malloc_debug +++ ALLOCATION %p SIZE 100 HAS A CORRUPTED FRONT GUARD\n", pointer); 421 expected_log += "6 malloc_debug allocation[-32] = 0x00 (expected 0xaa)\n"; 422 expected_log += "6 malloc_debug allocation[-15] = 0x02 (expected 0xaa)\n"; 423 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 424 expected_log += "6 malloc_debug #00 pc 0x1\n"; 425 expected_log += "6 malloc_debug #01 pc 0x2\n"; 426 expected_log += "6 malloc_debug #02 pc 0x3\n"; 427 expected_log += DIVIDER; 428 ASSERT_STREQ("", getFakeLogBuf().c_str()); 429 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 430} 431 432TEST_F(MallocDebugTest, rear_guard) { 433 Init("rear_guard=32"); 434 435 // Create a buffer for doing comparisons. 436 std::vector<uint8_t> buffer(32); 437 memset(buffer.data(), 0xbb, buffer.size()); 438 439 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 440 ASSERT_TRUE(pointer != nullptr); 441 ASSERT_EQ(100U, debug_malloc_usable_size(pointer)); 442 ASSERT_TRUE(memcmp(buffer.data(), &pointer[100], buffer.size()) == 0) 443 << ShowDiffs(buffer.data(), &pointer[100], buffer.size()); 444 memset(pointer, 0xff, 100); 445 debug_free(pointer); 446 447 // Loop through a bunch alignments. 448 for (size_t alignment = 1; alignment <= 256; alignment++) { 449 pointer = reinterpret_cast<uint8_t*>(debug_memalign(alignment, 100)); 450 ASSERT_TRUE(pointer != nullptr); 451 ASSERT_EQ(100U, debug_malloc_usable_size(pointer)); 452 ASSERT_TRUE(memcmp(buffer.data(), &pointer[100], buffer.size()) == 0) 453 << ShowDiffs(buffer.data(), &pointer[100], buffer.size()); 454 size_t alignment_mask = alignment - 1; 455 if (!powerof2(alignment)) { 456 alignment_mask = BIONIC_ROUND_UP_POWER_OF_2(alignment) - 1; 457 } 458 ASSERT_EQ(0U, reinterpret_cast<uintptr_t>(pointer) & alignment_mask) 459 << "Failed at alignment " << alignment << " mask " << alignment_mask; 460 memset(pointer, 0xff, 100); 461 debug_free(pointer); 462 } 463 464 pointer = reinterpret_cast<uint8_t*>(debug_calloc(1, 100)); 465 ASSERT_TRUE(pointer != nullptr); 466 ASSERT_EQ(100U, debug_malloc_usable_size(pointer)); 467 ASSERT_TRUE(memcmp(buffer.data(), &pointer[100], buffer.size()) == 0) 468 << ShowDiffs(buffer.data(), &pointer[100], buffer.size()); 469 for (size_t i = 0; i < 100; i++) { 470 ASSERT_EQ(0, pointer[i]) << "debug_calloc non-zero byte at " << i; 471 } 472 debug_free(pointer); 473 474 pointer = reinterpret_cast<uint8_t*>(debug_realloc(nullptr, 100)); 475 ASSERT_TRUE(pointer != nullptr); 476 ASSERT_TRUE(memcmp(buffer.data(), &pointer[100], buffer.size()) == 0) 477 << ShowDiffs(buffer.data(), &pointer[100], buffer.size()); 478 memset(pointer, 0xff, 100); 479 pointer = reinterpret_cast<uint8_t*>(debug_realloc(pointer, 200)); 480 ASSERT_TRUE(memcmp(buffer.data(), &pointer[200], buffer.size()) == 0) 481 << ShowDiffs(buffer.data(), &pointer[200], buffer.size()); 482 for (size_t i = 0; i < 100; i++) { 483 ASSERT_EQ(0xff, pointer[i]) << "debug_realloc not copied byte at " << i; 484 } 485 memset(pointer, 0xff, 200); 486 pointer = reinterpret_cast<uint8_t*>(debug_realloc(pointer, 0)); 487 ASSERT_TRUE(pointer == nullptr); 488 489 ASSERT_STREQ("", getFakeLogBuf().c_str()); 490 ASSERT_STREQ("", getFakeLogPrint().c_str()); 491} 492 493TEST_F(MallocDebugTest, rear_guard_corrupted) { 494 Init("rear_guard=32"); 495 496 backtrace_fake_add(std::vector<uintptr_t> {0x100, 0x200, 0x300}); 497 498 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 499 ASSERT_TRUE(pointer != nullptr); 500 pointer[130] = 0xbf; 501 pointer[131] = 0x00; 502 debug_free(pointer); 503 504 std::string expected_log(DIVIDER); 505 expected_log += android::base::StringPrintf( 506 "6 malloc_debug +++ ALLOCATION %p SIZE 100 HAS A CORRUPTED REAR GUARD\n", pointer); 507 expected_log += "6 malloc_debug allocation[130] = 0xbf (expected 0xbb)\n"; 508 expected_log += "6 malloc_debug allocation[131] = 0x00 (expected 0xbb)\n"; 509 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 510 expected_log += "6 malloc_debug #00 pc 0x100\n"; 511 expected_log += "6 malloc_debug #01 pc 0x200\n"; 512 expected_log += "6 malloc_debug #02 pc 0x300\n"; 513 expected_log += DIVIDER; 514 515 ASSERT_STREQ("", getFakeLogBuf().c_str()); 516 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 517} 518 519TEST_F(MallocDebugTest, rear_guard_corrupted_after_realloc_shrink) { 520 Init("rear_guard=32"); 521 522 backtrace_fake_add(std::vector<uintptr_t> {0x100, 0x200, 0x300}); 523 524 void* pointer = debug_malloc(200); 525 ASSERT_TRUE(pointer != nullptr); 526 memset(pointer, 0, 200); 527 528 uint8_t* pointer_shrink = reinterpret_cast<uint8_t*>(debug_realloc(pointer, 100)); 529 pointer_shrink[130] = 0xbf; 530 pointer_shrink[131] = 0x00; 531 debug_free(pointer); 532 533 // When shrinking sizes, the same pointer should be returned. 534 ASSERT_EQ(pointer, pointer_shrink); 535 536 std::string expected_log(DIVIDER); 537 expected_log += android::base::StringPrintf( 538 "6 malloc_debug +++ ALLOCATION %p SIZE 100 HAS A CORRUPTED REAR GUARD\n", pointer); 539 expected_log += "6 malloc_debug allocation[130] = 0xbf (expected 0xbb)\n"; 540 expected_log += "6 malloc_debug allocation[131] = 0x00 (expected 0xbb)\n"; 541 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 542 expected_log += "6 malloc_debug #00 pc 0x100\n"; 543 expected_log += "6 malloc_debug #01 pc 0x200\n"; 544 expected_log += "6 malloc_debug #02 pc 0x300\n"; 545 expected_log += DIVIDER; 546 547 ASSERT_STREQ("", getFakeLogBuf().c_str()); 548 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 549} 550 551TEST_F(MallocDebugTest, tag_corrupted) { 552 Init("rear_guard=32"); 553 554 backtrace_fake_add(std::vector<uintptr_t> {0xa, 0xb, 0xc}); 555 556 backtrace_fake_add(std::vector<uintptr_t> {0xaa, 0xbb, 0xcc}); 557 558 backtrace_fake_add(std::vector<uintptr_t> {0xaaa, 0xbbb, 0xccc}); 559 560 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 561 ASSERT_TRUE(pointer != nullptr); 562 uint8_t saved = pointer[-get_tag_offset()]; 563 pointer[-get_tag_offset()] = 0x00; 564 ASSERT_EQ(0U, debug_malloc_usable_size(pointer)); 565 ASSERT_TRUE(debug_realloc(pointer, 200) == nullptr); 566 debug_free(pointer); 567 568 // Fix the pointer and really free it. 569 pointer[-get_tag_offset()] = saved; 570 debug_free(pointer); 571 572 std::string expected_log(DIVIDER); 573 expected_log += android::base::StringPrintf( 574 "6 malloc_debug +++ ALLOCATION %p HAS INVALID TAG 1ee7d000 (malloc_usable_size)\n", 575 pointer); 576 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 577 expected_log += "6 malloc_debug #00 pc 0xa\n"; 578 expected_log += "6 malloc_debug #01 pc 0xb\n"; 579 expected_log += "6 malloc_debug #02 pc 0xc\n"; 580 expected_log += DIVIDER; 581 582 expected_log += DIVIDER; 583 expected_log += android::base::StringPrintf( 584 "6 malloc_debug +++ ALLOCATION %p HAS INVALID TAG 1ee7d000 (realloc)\n", 585 pointer); 586 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 587 expected_log += "6 malloc_debug #00 pc 0xaa\n"; 588 expected_log += "6 malloc_debug #01 pc 0xbb\n"; 589 expected_log += "6 malloc_debug #02 pc 0xcc\n"; 590 expected_log += DIVIDER; 591 592 expected_log += DIVIDER; 593 expected_log += android::base::StringPrintf( 594 "6 malloc_debug +++ ALLOCATION %p HAS INVALID TAG 1ee7d000 (free)\n", 595 pointer); 596 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 597 expected_log += "6 malloc_debug #00 pc 0xaaa\n"; 598 expected_log += "6 malloc_debug #01 pc 0xbbb\n"; 599 expected_log += "6 malloc_debug #02 pc 0xccc\n"; 600 expected_log += DIVIDER; 601 602 ASSERT_STREQ("", getFakeLogBuf().c_str()); 603 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 604} 605 606TEST_F(MallocDebugTest, leak_track_no_frees) { 607 Init("leak_track"); 608 609 void* pointer1 = debug_malloc(200); 610 ASSERT_TRUE(pointer1 != nullptr); 611 memset(pointer1, 0, 200); 612 613 void* pointer2 = debug_malloc(128); 614 ASSERT_TRUE(pointer2 != nullptr); 615 memset(pointer2, 0, 128); 616 617 void* pointer3 = debug_malloc(1024); 618 ASSERT_TRUE(pointer3 != nullptr); 619 memset(pointer3, 0, 1024); 620 621 debug_finalize(); 622 initialized = false; 623 624 ASSERT_STREQ("", getFakeLogBuf().c_str()); 625 std::string expected_log = android::base::StringPrintf( 626 "6 malloc_debug +++ malloc_testing leaked block of size 1024 at %p (leak 1 of 3)\n", 627 pointer3); 628 expected_log += android::base::StringPrintf( 629 "6 malloc_debug +++ malloc_testing leaked block of size 200 at %p (leak 2 of 3)\n", 630 pointer1); 631 expected_log += android::base::StringPrintf( 632 "6 malloc_debug +++ malloc_testing leaked block of size 128 at %p (leak 3 of 3)\n", 633 pointer2); 634 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 635} 636 637TEST_F(MallocDebugTest, leak_track_no_frees_with_backtrace) { 638 Init("leak_track backtrace"); 639 640 backtrace_fake_add(std::vector<uintptr_t> {0x1000, 0x2000, 0x3000}); 641 642 void* pointer1 = debug_malloc(100); 643 ASSERT_TRUE(pointer1 != nullptr); 644 memset(pointer1, 0, 100); 645 646 backtrace_fake_add(std::vector<uintptr_t> {0xa000, 0xb000, 0xc000, 0xd000}); 647 648 void* pointer2 = debug_malloc(128); 649 ASSERT_TRUE(pointer2 != nullptr); 650 memset(pointer2, 0, 128); 651 652 backtrace_fake_add(std::vector<uintptr_t> {0xfe000, 0xde000, 0xce000, 0xbe000, 0xae000}); 653 654 void* pointer3 = debug_malloc(1024); 655 ASSERT_TRUE(pointer3 != nullptr); 656 memset(pointer3, 0, 1024); 657 658 debug_finalize(); 659 initialized = false; 660 661 ASSERT_STREQ("", getFakeLogBuf().c_str()); 662 std::string expected_log = android::base::StringPrintf( 663 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 664 SIGRTMAX - 17, getpid()); 665 expected_log += android::base::StringPrintf( 666 "6 malloc_debug +++ malloc_testing leaked block of size 1024 at %p (leak 1 of 3)\n", 667 pointer3); 668 expected_log += "6 malloc_debug Backtrace at time of allocation:\n"; 669 expected_log += "6 malloc_debug #00 pc 0xfe000\n"; 670 expected_log += "6 malloc_debug #01 pc 0xde000\n"; 671 expected_log += "6 malloc_debug #02 pc 0xce000\n"; 672 expected_log += "6 malloc_debug #03 pc 0xbe000\n"; 673 expected_log += "6 malloc_debug #04 pc 0xae000\n"; 674 675 expected_log += android::base::StringPrintf( 676 "6 malloc_debug +++ malloc_testing leaked block of size 128 at %p (leak 2 of 3)\n", 677 pointer2); 678 expected_log += "6 malloc_debug Backtrace at time of allocation:\n"; 679 expected_log += "6 malloc_debug #00 pc 0xa000\n"; 680 expected_log += "6 malloc_debug #01 pc 0xb000\n"; 681 expected_log += "6 malloc_debug #02 pc 0xc000\n"; 682 expected_log += "6 malloc_debug #03 pc 0xd000\n"; 683 684 expected_log += android::base::StringPrintf( 685 "6 malloc_debug +++ malloc_testing leaked block of size 100 at %p (leak 3 of 3)\n", 686 pointer1); 687 expected_log += "6 malloc_debug Backtrace at time of allocation:\n"; 688 expected_log += "6 malloc_debug #00 pc 0x1000\n"; 689 expected_log += "6 malloc_debug #01 pc 0x2000\n"; 690 expected_log += "6 malloc_debug #02 pc 0x3000\n"; 691 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 692} 693 694TEST_F(MallocDebugTest, leak_track_frees) { 695 Init("leak_track"); 696 697 void* pointer1 = debug_malloc(390); 698 ASSERT_TRUE(pointer1 != nullptr); 699 memset(pointer1, 0, 390); 700 debug_free(pointer1); 701 702 pointer1 = debug_malloc(100); 703 ASSERT_TRUE(pointer1 != nullptr); 704 memset(pointer1, 0, 100); 705 706 void* pointer2 = debug_malloc(250); 707 ASSERT_TRUE(pointer2 != nullptr); 708 memset(pointer2, 0, 250); 709 debug_free(pointer2); 710 711 pointer2 = debug_malloc(450); 712 ASSERT_TRUE(pointer2 != nullptr); 713 memset(pointer2, 0, 450); 714 715 void* pointer3 = debug_malloc(999); 716 ASSERT_TRUE(pointer3 != nullptr); 717 memset(pointer3, 0, 999); 718 debug_free(pointer2); 719 720 debug_finalize(); 721 initialized = false; 722 723 ASSERT_STREQ("", getFakeLogBuf().c_str()); 724 std::string expected_log = android::base::StringPrintf( 725 "6 malloc_debug +++ malloc_testing leaked block of size 999 at %p (leak 1 of 2)\n", 726 pointer3); 727 expected_log += android::base::StringPrintf( 728 "6 malloc_debug +++ malloc_testing leaked block of size 100 at %p (leak 2 of 2)\n", 729 pointer1); 730 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 731} 732 733TEST_F(MallocDebugTest, free_track) { 734 Init("free_track=5 free_track_backtrace_num_frames=0"); 735 736 void* pointers[10]; 737 for (size_t i = 0; i < sizeof(pointers) / sizeof(void*); i++) { 738 pointers[i] = debug_malloc(100 + i); 739 ASSERT_TRUE(pointers[i] != nullptr); 740 memset(pointers[i], 0, 100 + i); 741 debug_free(pointers[i]); 742 } 743 744 // Large allocations (> 4096) to verify large allocation checks. 745 void* pointer = debug_malloc(8192); 746 ASSERT_TRUE(pointer != nullptr); 747 memset(pointer, 0, 8192); 748 debug_free(pointer); 749 750 pointer = debug_malloc(9000); 751 ASSERT_TRUE(pointer != nullptr); 752 memset(pointer, 0, 9000); 753 debug_free(pointer); 754 755 ASSERT_STREQ("", getFakeLogBuf().c_str()); 756 ASSERT_STREQ("", getFakeLogPrint().c_str()); 757} 758 759TEST_F(MallocDebugTest, free_track_use_after_free) { 760 Init("free_track=5 free_track_backtrace_num_frames=0"); 761 762 uint8_t* pointers[5]; 763 for (size_t i = 0; i < sizeof(pointers) / sizeof(void*); i++) { 764 pointers[i] = reinterpret_cast<uint8_t*>(debug_malloc(100 + i)); 765 ASSERT_TRUE(pointers[i] != nullptr); 766 memset(pointers[i], 0, 100 + i); 767 debug_free(pointers[i]); 768 } 769 770 // Stomp on the data. 771 pointers[0][20] = 0xaf; 772 pointers[0][99] = 0x12; 773 774 pointers[3][3] = 0x34; 775 776 // Large allocations (> 4096) to verify large allocation checks. 777 uint8_t* pointer1_large = reinterpret_cast<uint8_t*>(debug_malloc(8192)); 778 ASSERT_TRUE(pointer1_large != nullptr); 779 memset(pointer1_large, 0, 8192); 780 debug_free(pointer1_large); 781 782 pointer1_large[4095] = 0x90; 783 pointer1_large[4100] = 0x56; 784 pointer1_large[8191] = 0x89; 785 786 uint8_t* pointer2_large = reinterpret_cast<uint8_t*>(debug_malloc(9000)); 787 ASSERT_TRUE(pointer2_large != nullptr); 788 memset(pointer2_large, 0, 9000); 789 debug_free(pointer2_large); 790 791 pointer2_large[8200] = 0x78; 792 793 // Do a bunch of alloc and free to verify the above frees are checked. 794 for (size_t i = 0; i < 10; i++) { 795 void* flush_pointer = debug_malloc(100+i); 796 ASSERT_TRUE(flush_pointer != nullptr); 797 memset(flush_pointer, 0, 100 + i); 798 debug_free(flush_pointer); 799 } 800 801 ASSERT_STREQ("", getFakeLogBuf().c_str()); 802 std::string expected_log(DIVIDER); 803 expected_log += android::base::StringPrintf("6 malloc_debug +++ ALLOCATION %p USED AFTER FREE\n", pointers[0]); 804 expected_log += "6 malloc_debug allocation[20] = 0xaf (expected 0xef)\n"; 805 expected_log += "6 malloc_debug allocation[99] = 0x12 (expected 0xef)\n"; 806 expected_log += DIVIDER; 807 expected_log += DIVIDER; 808 expected_log += android::base::StringPrintf("6 malloc_debug +++ ALLOCATION %p USED AFTER FREE\n", pointers[3]); 809 expected_log += "6 malloc_debug allocation[3] = 0x34 (expected 0xef)\n"; 810 expected_log += DIVIDER; 811 expected_log += DIVIDER; 812 expected_log += android::base::StringPrintf("6 malloc_debug +++ ALLOCATION %p USED AFTER FREE\n", pointer1_large); 813 expected_log += "6 malloc_debug allocation[4095] = 0x90 (expected 0xef)\n"; 814 expected_log += "6 malloc_debug allocation[4100] = 0x56 (expected 0xef)\n"; 815 expected_log += "6 malloc_debug allocation[8191] = 0x89 (expected 0xef)\n"; 816 expected_log += DIVIDER; 817 expected_log += DIVIDER; 818 expected_log += android::base::StringPrintf("6 malloc_debug +++ ALLOCATION %p USED AFTER FREE\n", pointer2_large); 819 expected_log += "6 malloc_debug allocation[8200] = 0x78 (expected 0xef)\n"; 820 expected_log += DIVIDER; 821 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 822} 823 824TEST_F(MallocDebugTest, free_track_use_after_free_finalize) { 825 Init("free_track=100 free_track_backtrace_num_frames=0"); 826 827 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 828 ASSERT_TRUE(pointer != nullptr); 829 memset(pointer, 0, 100); 830 debug_free(pointer); 831 832 pointer[56] = 0x91; 833 834 ASSERT_STREQ("", getFakeLogBuf().c_str()); 835 ASSERT_STREQ("", getFakeLogPrint().c_str()); 836 837 debug_finalize(); 838 initialized = false; 839 840 ASSERT_STREQ("", getFakeLogBuf().c_str()); 841 std::string expected_log(DIVIDER); 842 expected_log += android::base::StringPrintf("6 malloc_debug +++ ALLOCATION %p USED AFTER FREE\n", pointer); 843 expected_log += "6 malloc_debug allocation[56] = 0x91 (expected 0xef)\n"; 844 expected_log += DIVIDER; 845 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 846} 847 848TEST_F(MallocDebugTest, free_track_use_after_free_with_backtrace) { 849 Init("free_track=100 rear_guard"); 850 851 // Free backtrace. 852 backtrace_fake_add(std::vector<uintptr_t> {0xfa, 0xeb, 0xdc}); 853 854 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(200)); 855 ASSERT_TRUE(pointer != nullptr); 856 memset(pointer, 0, 200); 857 debug_free(pointer); 858 859 pointer[101] = 0xab; 860 861 ASSERT_STREQ("", getFakeLogBuf().c_str()); 862 ASSERT_STREQ("", getFakeLogPrint().c_str()); 863 864 debug_finalize(); 865 initialized = false; 866 867 ASSERT_STREQ("", getFakeLogBuf().c_str()); 868 std::string expected_log(DIVIDER); 869 expected_log += android::base::StringPrintf("6 malloc_debug +++ ALLOCATION %p USED AFTER FREE\n", pointer); 870 expected_log += "6 malloc_debug allocation[101] = 0xab (expected 0xef)\n"; 871 expected_log += "6 malloc_debug Backtrace at time of free:\n"; 872 expected_log += "6 malloc_debug #00 pc 0xfa\n"; 873 expected_log += "6 malloc_debug #01 pc 0xeb\n"; 874 expected_log += "6 malloc_debug #02 pc 0xdc\n"; 875 expected_log += DIVIDER; 876 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 877} 878 879TEST_F(MallocDebugTest, free_track_use_after_free_call_realloc) { 880 Init("free_track=100 rear_guard"); 881 882 // Free backtrace. 883 backtrace_fake_add(std::vector<uintptr_t> {0xfa, 0xeb, 0xdc}); 884 // Backtrace at realloc. 885 backtrace_fake_add(std::vector<uintptr_t> {0x12, 0x22, 0x32, 0x42}); 886 887 void* pointer = debug_malloc(200); 888 ASSERT_TRUE(pointer != nullptr); 889 memset(pointer, 0, 200); 890 debug_free(pointer); 891 892 // Choose a size that should not trigger a realloc to verify tag is 893 // verified early. 894 ASSERT_TRUE(debug_realloc(pointer, 200) == nullptr); 895 896 ASSERT_STREQ("", getFakeLogBuf().c_str()); 897 std::string expected_log(DIVIDER); 898 expected_log += android::base::StringPrintf( 899 "6 malloc_debug +++ ALLOCATION %p USED AFTER FREE (realloc)\n", pointer); 900 expected_log += "6 malloc_debug Backtrace of original free:\n"; 901 expected_log += "6 malloc_debug #00 pc 0xfa\n"; 902 expected_log += "6 malloc_debug #01 pc 0xeb\n"; 903 expected_log += "6 malloc_debug #02 pc 0xdc\n"; 904 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 905 expected_log += "6 malloc_debug #00 pc 0x12\n"; 906 expected_log += "6 malloc_debug #01 pc 0x22\n"; 907 expected_log += "6 malloc_debug #02 pc 0x32\n"; 908 expected_log += "6 malloc_debug #03 pc 0x42\n"; 909 expected_log += DIVIDER; 910 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 911} 912 913TEST_F(MallocDebugTest, free_track_use_after_free_call_free) { 914 Init("free_track=100 rear_guard"); 915 916 // Free backtrace. 917 backtrace_fake_add(std::vector<uintptr_t> {0xfa, 0xeb, 0xdc}); 918 // Backtrace at second free. 919 backtrace_fake_add(std::vector<uintptr_t> {0x12, 0x22, 0x32, 0x42}); 920 921 void* pointer = debug_malloc(200); 922 ASSERT_TRUE(pointer != nullptr); 923 memset(pointer, 0, 200); 924 debug_free(pointer); 925 926 debug_free(pointer); 927 928 ASSERT_STREQ("", getFakeLogBuf().c_str()); 929 std::string expected_log(DIVIDER); 930 expected_log += android::base::StringPrintf( 931 "6 malloc_debug +++ ALLOCATION %p USED AFTER FREE (free)\n", pointer); 932 expected_log += "6 malloc_debug Backtrace of original free:\n"; 933 expected_log += "6 malloc_debug #00 pc 0xfa\n"; 934 expected_log += "6 malloc_debug #01 pc 0xeb\n"; 935 expected_log += "6 malloc_debug #02 pc 0xdc\n"; 936 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 937 expected_log += "6 malloc_debug #00 pc 0x12\n"; 938 expected_log += "6 malloc_debug #01 pc 0x22\n"; 939 expected_log += "6 malloc_debug #02 pc 0x32\n"; 940 expected_log += "6 malloc_debug #03 pc 0x42\n"; 941 expected_log += DIVIDER; 942 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 943} 944 945TEST_F(MallocDebugTest, free_track_header_tag_corrupted) { 946 Init("free_track=100 free_track_backtrace_num_frames=0 rear_guard"); 947 948 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(100)); 949 ASSERT_TRUE(pointer != nullptr); 950 memset(pointer, 0, 100); 951 debug_free(pointer); 952 953 pointer[-get_tag_offset()] = 0x00; 954 955 ASSERT_STREQ("", getFakeLogBuf().c_str()); 956 ASSERT_STREQ("", getFakeLogPrint().c_str()); 957 958 debug_finalize(); 959 initialized = false; 960 961 ASSERT_STREQ("", getFakeLogBuf().c_str()); 962 std::string expected_log(DIVIDER); 963 expected_log += android::base::StringPrintf( 964 "6 malloc_debug +++ ALLOCATION %p HAS CORRUPTED HEADER TAG 0x1cc7dc00 AFTER FREE\n", 965 pointer); 966 expected_log += DIVIDER; 967 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 968} 969 970TEST_F(MallocDebugTest, free_track_multiple_thread) { 971 Init("free_track=10 free_track_backtrace_num_frames=0"); 972 973 std::vector<std::thread*> threads(1000); 974 for (size_t i = 0; i < threads.size(); i++) { 975 threads[i] = new std::thread([](){ 976 for (size_t j = 0; j < 100; j++) { 977 void* mem = debug_malloc(100); 978 write(0, mem, 0); 979 debug_free(mem); 980 } 981 }); 982 } 983 for (size_t i = 0; i < threads.size(); i++) { 984 threads[i]->join(); 985 delete threads[i]; 986 } 987 988 ASSERT_STREQ("", getFakeLogBuf().c_str()); 989 ASSERT_STREQ("", getFakeLogPrint().c_str()); 990} 991 992TEST_F(MallocDebugTest, get_malloc_leak_info_invalid) { 993 Init("fill"); 994 995 uint8_t* info; 996 size_t overall_size; 997 size_t info_size; 998 size_t total_memory; 999 size_t backtrace_size; 1000 1001 std::string expected_log("6 malloc_debug get_malloc_leak_info: At least one invalid parameter.\n"); 1002 1003 debug_get_malloc_leak_info(nullptr, &overall_size, &info_size, &total_memory, &backtrace_size); 1004 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1005 1006 resetLogs(); 1007 debug_get_malloc_leak_info(&info, nullptr, &info_size, &total_memory, &backtrace_size); 1008 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1009 1010 resetLogs(); 1011 debug_get_malloc_leak_info(&info, &overall_size, nullptr, &total_memory, &backtrace_size); 1012 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1013 1014 resetLogs(); 1015 debug_get_malloc_leak_info(&info, &overall_size, &info_size, nullptr, &backtrace_size); 1016 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1017 1018 resetLogs(); 1019 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, nullptr); 1020 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1021} 1022 1023TEST_F(MallocDebugTest, get_malloc_leak_info_not_enabled) { 1024 Init("fill"); 1025 1026 uint8_t* info; 1027 size_t overall_size; 1028 size_t info_size; 1029 size_t total_memory; 1030 size_t backtrace_size; 1031 1032 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1033 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1034 std::string expected_log( 1035 "6 malloc_debug get_malloc_leak_info: Allocations not being tracked, to enable " 1036 "set the option 'backtrace'.\n"); 1037 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1038} 1039 1040struct InfoEntry { 1041 size_t size; 1042 size_t num_allocations; 1043 uintptr_t frames[0]; 1044} __attribute__((packed)); 1045 1046TEST_F(MallocDebugTest, get_malloc_leak_info_empty) { 1047 Init("backtrace"); 1048 1049 uint8_t* info; 1050 size_t overall_size; 1051 size_t info_size; 1052 size_t total_memory; 1053 size_t backtrace_size; 1054 1055 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1056 ASSERT_TRUE(info == nullptr); 1057 ASSERT_EQ(0U, overall_size); 1058 ASSERT_EQ(0U, info_size); 1059 ASSERT_EQ(0U, total_memory); 1060 ASSERT_EQ(0U, backtrace_size); 1061 1062 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1063 std::string expected_log = android::base::StringPrintf( 1064 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1065 SIGRTMAX - 17, getpid()); 1066 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1067} 1068 1069TEST_F(MallocDebugTest, get_malloc_leak_info_single) { 1070 Init("backtrace"); 1071 1072 // Create the expected info buffer. 1073 size_t individual_size = GetInfoEntrySize(16); 1074 std::vector<uint8_t> expected_info(individual_size); 1075 memset(expected_info.data(), 0, individual_size); 1076 1077 InfoEntry* entry = reinterpret_cast<InfoEntry*>(expected_info.data()); 1078 entry->size = 200; 1079 entry->num_allocations = 1; 1080 entry->frames[0] = 0xf; 1081 entry->frames[1] = 0xe; 1082 entry->frames[2] = 0xd; 1083 1084 backtrace_fake_add(std::vector<uintptr_t> {0xf, 0xe, 0xd}); 1085 1086 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(entry->size)); 1087 ASSERT_TRUE(pointer != nullptr); 1088 memset(pointer, 0, entry->size); 1089 1090 uint8_t* info; 1091 size_t overall_size; 1092 size_t info_size; 1093 size_t total_memory; 1094 size_t backtrace_size; 1095 1096 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1097 ASSERT_TRUE(info != nullptr); 1098 ASSERT_EQ(individual_size, overall_size); 1099 ASSERT_EQ(individual_size, info_size); 1100 ASSERT_EQ(200U, total_memory); 1101 ASSERT_EQ(16U, backtrace_size); 1102 ASSERT_TRUE(memcmp(expected_info.data(), info, overall_size) == 0) 1103 << ShowDiffs(expected_info.data(), info, overall_size); 1104 1105 debug_free_malloc_leak_info(info); 1106 1107 debug_free(pointer); 1108 1109 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1110 std::string expected_log = android::base::StringPrintf( 1111 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1112 SIGRTMAX - 17, getpid()); 1113 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1114} 1115 1116TEST_F(MallocDebugTest, get_malloc_leak_info_multi) { 1117 Init("backtrace=16"); 1118 1119 // Create the expected info buffer. 1120 size_t individual_size = GetInfoEntrySize(16); 1121 std::vector<uint8_t> expected_info(individual_size * 3); 1122 memset(expected_info.data(), 0, individual_size * 3); 1123 1124 InfoEntry* entry0 = reinterpret_cast<InfoEntry*>(expected_info.data()); 1125 InfoEntry* entry1 = reinterpret_cast<InfoEntry*>( 1126 reinterpret_cast<uintptr_t>(entry0) + individual_size); 1127 InfoEntry* entry2 = reinterpret_cast<InfoEntry*>( 1128 reinterpret_cast<uintptr_t>(entry1) + individual_size); 1129 1130 // These values will be in the reverse order that we create. 1131 entry2->size = 500; 1132 entry2->num_allocations = 1; 1133 entry2->frames[0] = 0xf; 1134 entry2->frames[1] = 0xe; 1135 entry2->frames[2] = 0xd; 1136 entry2->frames[3] = 0xc; 1137 1138 backtrace_fake_add(std::vector<uintptr_t> {0xf, 0xe, 0xd, 0xc}); 1139 1140 uint8_t* pointers[3]; 1141 1142 pointers[0] = reinterpret_cast<uint8_t*>(debug_malloc(entry2->size)); 1143 ASSERT_TRUE(pointers[0] != nullptr); 1144 memset(pointers[0], 0, entry2->size); 1145 1146 entry1->size = 4100; 1147 entry1->num_allocations = 1; 1148 for (size_t i = 0; i < 16; i++) { 1149 entry1->frames[i] = 0xbc000 + i; 1150 } 1151 1152 backtrace_fake_add( 1153 std::vector<uintptr_t> {0xbc000, 0xbc001, 0xbc002, 0xbc003, 0xbc004, 0xbc005, 1154 0xbc006, 0xbc007, 0xbc008, 0xbc009, 0xbc00a, 0xbc00b, 1155 0xbc00c, 0xbc00d, 0xbc00e, 0xbc00f, 0xffff}); 1156 1157 pointers[1] = reinterpret_cast<uint8_t*>(debug_malloc(entry1->size)); 1158 ASSERT_TRUE(pointers[1] != nullptr); 1159 memset(pointers[1], 0, entry1->size); 1160 1161 entry0->size = 9000; 1162 entry0->num_allocations = 1; 1163 1164 entry0->frames[0] = 0x104; 1165 backtrace_fake_add(std::vector<uintptr_t> {0x104}); 1166 1167 pointers[2] = reinterpret_cast<uint8_t*>(debug_malloc(entry0->size)); 1168 ASSERT_TRUE(pointers[2] != nullptr); 1169 memset(pointers[2], 0, entry0->size); 1170 1171 uint8_t* info; 1172 size_t overall_size; 1173 size_t info_size; 1174 size_t total_memory; 1175 size_t backtrace_size; 1176 1177 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1178 ASSERT_TRUE(info != nullptr); 1179 ASSERT_EQ(individual_size * 3, overall_size); 1180 ASSERT_EQ(individual_size, info_size); 1181 ASSERT_EQ(500U + 4100U + 9000U, total_memory); 1182 ASSERT_EQ(16U, backtrace_size); 1183 ASSERT_TRUE(memcmp(expected_info.data(), info, overall_size) == 0) 1184 << ShowDiffs(expected_info.data(), info, overall_size); 1185 1186 debug_free_malloc_leak_info(info); 1187 1188 debug_free(pointers[0]); 1189 debug_free(pointers[1]); 1190 debug_free(pointers[2]); 1191 1192 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1193 std::string expected_log = android::base::StringPrintf( 1194 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1195 SIGRTMAX - 17, getpid()); 1196 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1197} 1198 1199TEST_F(MallocDebugTest, get_malloc_backtrace_with_header) { 1200 Init("backtrace=16 guard"); 1201 1202 void* pointer = debug_malloc(100); 1203 ASSERT_TRUE(pointer != nullptr); 1204 memset(pointer, 0, 100); 1205 EXPECT_EQ(100U, debug_malloc_usable_size(pointer)); 1206 1207 uint8_t* info; 1208 size_t overall_size; 1209 size_t info_size; 1210 size_t total_memory; 1211 size_t backtrace_size; 1212 1213 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1214 EXPECT_TRUE(info != nullptr); 1215 EXPECT_EQ(GetInfoEntrySize(16), overall_size); 1216 EXPECT_EQ(GetInfoEntrySize(16), info_size); 1217 EXPECT_EQ(100U, total_memory); 1218 EXPECT_EQ(16U, backtrace_size); 1219 debug_free_malloc_leak_info(info); 1220 1221 debug_free(pointer); 1222 1223 // There should be no pointers that have leaked. 1224 debug_finalize(); 1225 initialized = false; 1226 1227 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1228 std::string expected_log = android::base::StringPrintf( 1229 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1230 SIGRTMAX - 17, getpid()); 1231 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1232} 1233 1234static std::string SanitizeHeapData(const std::string& data) { 1235 // Remove the map data since it's not consistent. 1236 std::string sanitized; 1237 bool skip_map_data = false; 1238 bool map_data_found = false; 1239 for (auto& line : android::base::Split(data, "\n")) { 1240 if (skip_map_data) { 1241 if (line == "END") { 1242 if (map_data_found) { 1243 sanitized += "MAP_DATA\n"; 1244 map_data_found = false; 1245 } 1246 skip_map_data = false; 1247 } else { 1248 map_data_found = true; 1249 continue; 1250 } 1251 } 1252 if (line == "MAPS") { 1253 skip_map_data = true; 1254 } 1255 sanitized += line + '\n'; 1256 } 1257 return sanitized; 1258} 1259 1260void MallocDebugTest::BacktraceDumpOnSignal(bool trigger_with_alloc) { 1261 Init("backtrace=4"); 1262 1263 backtrace_fake_add(std::vector<uintptr_t> {0x100, 0x200}); 1264 backtrace_fake_add(std::vector<uintptr_t> {0x300, 0x400}); 1265 backtrace_fake_add(std::vector<uintptr_t> {0x500, 0x600}); 1266 1267 backtrace_fake_add(std::vector<uintptr_t> {0xa000, 0xb000}); 1268 backtrace_fake_add(std::vector<uintptr_t> {0xa100, 0xb200}); 1269 backtrace_fake_add(std::vector<uintptr_t> {0xa300, 0xb300}); 1270 1271 std::vector<void*> pointers; 1272 zygote = 1; 1273 pointers.push_back(debug_malloc(100)); 1274 ASSERT_TRUE(pointers.back() != nullptr); 1275 pointers.push_back(debug_malloc(40)); 1276 ASSERT_TRUE(pointers.back() != nullptr); 1277 pointers.push_back(debug_malloc(200)); 1278 ASSERT_TRUE(pointers.back() != nullptr); 1279 1280 zygote = 0; 1281 pointers.push_back(debug_malloc(10)); 1282 ASSERT_TRUE(pointers.back() != nullptr); 1283 pointers.push_back(debug_malloc(50)); 1284 ASSERT_TRUE(pointers.back() != nullptr); 1285 pointers.push_back(debug_malloc(5)); 1286 ASSERT_TRUE(pointers.back() != nullptr); 1287 1288 // Dump all of the data accumulated so far. 1289 ASSERT_TRUE(kill(getpid(), SIGRTMAX - 17) == 0); 1290 sleep(1); 1291 1292 // This triggers the dumping. 1293 if (trigger_with_alloc) { 1294 pointers.push_back(debug_malloc(23)); 1295 ASSERT_TRUE(pointers.back() != nullptr); 1296 } else { 1297 debug_free(pointers.back()); 1298 pointers.pop_back(); 1299 } 1300 1301 for (auto* pointer : pointers) { 1302 debug_free(pointer); 1303 } 1304 1305 // Read all of the contents. 1306 std::string actual; 1307 std::string name = android::base::StringPrintf("%s.%d.txt", BACKTRACE_DUMP_PREFIX, getpid()); 1308 ASSERT_TRUE(android::base::ReadFileToString(name, &actual)); 1309 ASSERT_EQ(0, unlink(name.c_str())); 1310 1311 std::string sanitized(SanitizeHeapData(actual)); 1312 1313 std::string expected = 1314 "Android Native Heap Dump v1.1\n" 1315 "\n" 1316 "Total memory: 405\n" 1317 "Allocation records: 6\n" 1318 "Backtrace size: 4\n" 1319 "\n" 1320#if defined(__LP64__) 1321 "z 0 sz 50 num 1 bt 000000000000a100 000000000000b200\n" 1322 "z 0 sz 10 num 1 bt 000000000000a000 000000000000b000\n" 1323 "z 0 sz 5 num 1 bt 000000000000a300 000000000000b300\n" 1324 "z 1 sz 200 num 1 bt 0000000000000500 0000000000000600\n" 1325 "z 1 sz 100 num 1 bt 0000000000000100 0000000000000200\n" 1326 "z 1 sz 40 num 1 bt 0000000000000300 0000000000000400\n" 1327#else 1328 "z 0 sz 50 num 1 bt 0000a100 0000b200\n" 1329 "z 0 sz 10 num 1 bt 0000a000 0000b000\n" 1330 "z 0 sz 5 num 1 bt 0000a300 0000b300\n" 1331 "z 1 sz 200 num 1 bt 00000500 00000600\n" 1332 "z 1 sz 100 num 1 bt 00000100 00000200\n" 1333 "z 1 sz 40 num 1 bt 00000300 00000400\n" 1334#endif 1335 "MAPS\n" 1336 "MAP_DATA\n" 1337 "END\n\n"; 1338 ASSERT_STREQ(expected.c_str(), sanitized.c_str()) << "Actual data: \n" << actual; 1339 1340 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1341 std::string expected_log = android::base::StringPrintf( 1342 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1343 SIGRTMAX - 17, getpid()); 1344 expected_log += android::base::StringPrintf( 1345 "6 malloc_debug Dumping to file: /data/local/tmp/backtrace_heap.%d.txt\n\n", getpid()); 1346 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1347} 1348 1349TEST_F(MallocDebugTest, backtrace_dump_on_signal_by_malloc) { 1350 BacktraceDumpOnSignal(true); 1351} 1352 1353TEST_F(MallocDebugTest, backtrace_dump_on_signal_by_free) { 1354 BacktraceDumpOnSignal(false); 1355} 1356 1357TEST_F(MallocDebugTest, backtrace_dump_on_exit) { 1358 pid_t pid; 1359 if ((pid = fork()) == 0) { 1360 Init("backtrace=4 backtrace_dump_on_exit"); 1361 backtrace_fake_add(std::vector<uintptr_t> {0x100, 0x200}); 1362 backtrace_fake_add(std::vector<uintptr_t> {0xa000, 0xb000}); 1363 backtrace_fake_add(std::vector<uintptr_t> {0xa000, 0xb000, 0xc000}); 1364 1365 std::vector<void*> pointers; 1366 pointers.push_back(debug_malloc(300)); 1367 pointers.push_back(debug_malloc(400)); 1368 pointers.push_back(debug_malloc(500)); 1369 1370 // Call the exit function manually. 1371 debug_finalize(); 1372 exit(0); 1373 } 1374 ASSERT_NE(-1, pid); 1375 ASSERT_EQ(pid, TEMP_FAILURE_RETRY(waitpid(pid, nullptr, 0))); 1376 1377 // Read all of the contents. 1378 std::string actual; 1379 std::string name = android::base::StringPrintf("%s.%d.exit.txt", BACKTRACE_DUMP_PREFIX, pid); 1380 ASSERT_TRUE(android::base::ReadFileToString(name, &actual)); 1381 ASSERT_EQ(0, unlink(name.c_str())); 1382 1383 std::string sanitized(SanitizeHeapData(actual)); 1384 1385 std::string expected = 1386 "Android Native Heap Dump v1.1\n" 1387 "\n" 1388 "Total memory: 1200\n" 1389 "Allocation records: 3\n" 1390 "Backtrace size: 4\n" 1391 "\n" 1392#if defined(__LP64__) 1393 "z 0 sz 500 num 1 bt 000000000000a000 000000000000b000 000000000000c000\n" 1394 "z 0 sz 400 num 1 bt 000000000000a000 000000000000b000\n" 1395 "z 0 sz 300 num 1 bt 0000000000000100 0000000000000200\n" 1396#else 1397 "z 0 sz 500 num 1 bt 0000a000 0000b000 0000c000\n" 1398 "z 0 sz 400 num 1 bt 0000a000 0000b000\n" 1399 "z 0 sz 300 num 1 bt 00000100 00000200\n" 1400#endif 1401 "MAPS\n" 1402 "MAP_DATA\n" 1403 "END\n\n"; 1404 ASSERT_STREQ(expected.c_str(), sanitized.c_str()) << "Actual data: \n" << actual; 1405 1406 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1407 ASSERT_STREQ("", getFakeLogPrint().c_str()); 1408} 1409 1410TEST_F(MallocDebugTest, backtrace_dump_on_exit_shared_backtrace) { 1411 pid_t pid; 1412 if ((pid = fork()) == 0) { 1413 Init("backtrace=4 backtrace_dump_on_exit"); 1414 backtrace_fake_add(std::vector<uintptr_t> {0x100, 0x200}); 1415 backtrace_fake_add(std::vector<uintptr_t> {0xa000, 0xb000, 0xc000}); 1416 backtrace_fake_add(std::vector<uintptr_t> {0x100, 0x200}); 1417 1418 std::vector<void*> pointers; 1419 pointers.push_back(debug_malloc(300)); 1420 pointers.push_back(debug_malloc(400)); 1421 pointers.push_back(debug_malloc(300)); 1422 1423 // Call the exit function manually. 1424 debug_finalize(); 1425 exit(0); 1426 } 1427 ASSERT_NE(-1, pid); 1428 ASSERT_EQ(pid, TEMP_FAILURE_RETRY(waitpid(pid, nullptr, 0))); 1429 1430 // Read all of the contents. 1431 std::string actual; 1432 std::string name = android::base::StringPrintf("%s.%d.exit.txt", BACKTRACE_DUMP_PREFIX, pid); 1433 ASSERT_TRUE(android::base::ReadFileToString(name, &actual)); 1434 ASSERT_EQ(0, unlink(name.c_str())); 1435 1436 std::string sanitized(SanitizeHeapData(actual)); 1437 1438 std::string expected = 1439 "Android Native Heap Dump v1.1\n" 1440 "\n" 1441 "Total memory: 1000\n" 1442 "Allocation records: 2\n" 1443 "Backtrace size: 4\n" 1444 "\n" 1445#if defined(__LP64__) 1446 "z 0 sz 400 num 1 bt 000000000000a000 000000000000b000 000000000000c000\n" 1447 "z 0 sz 300 num 2 bt 0000000000000100 0000000000000200\n" 1448#else 1449 "z 0 sz 400 num 1 bt 0000a000 0000b000 0000c000\n" 1450 "z 0 sz 300 num 2 bt 00000100 00000200\n" 1451#endif 1452 "MAPS\n" 1453 "MAP_DATA\n" 1454 "END\n\n"; 1455 ASSERT_STREQ(expected.c_str(), sanitized.c_str()) << "Actual data: \n" << actual; 1456 1457 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1458 ASSERT_STREQ("", getFakeLogPrint().c_str()); 1459} 1460 1461 1462TEST_F(MallocDebugTest, realloc_usable_size) { 1463 Init("front_guard"); 1464 1465 // Verify that if the usable size > size of alloc, that realloc 1466 // copies the bytes in the usable size not just the size. 1467 // This assumes that an allocation of size 1 returns usable size > 1. 1468 // If this isn't true, this test is not going to do anything. 1469 uint8_t* pointer = reinterpret_cast<uint8_t*>(debug_malloc(1)); 1470 ASSERT_TRUE(pointer != nullptr); 1471 size_t usable_size = debug_malloc_usable_size(pointer); 1472 memset(pointer, 0xaa, usable_size); 1473 pointer = reinterpret_cast<uint8_t*>(debug_realloc(pointer, usable_size + 10)); 1474 ASSERT_TRUE(pointer != nullptr); 1475 ASSERT_LE(usable_size + 10, debug_malloc_usable_size(pointer)); 1476 for (size_t i = 0; i < usable_size; i++) { 1477 ASSERT_EQ(0xaa, pointer[i]) << "Failed compare at byte " << i; 1478 } 1479 debug_free(pointer); 1480 1481 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1482 ASSERT_STREQ("", getFakeLogPrint().c_str()); 1483} 1484 1485TEST_F(MallocDebugTest, backtrace_enable_on_signal) { 1486 Init("backtrace_enable_on_signal=20"); 1487 1488 size_t individual_size = GetInfoEntrySize(20); 1489 1490 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1491 backtrace_fake_add(std::vector<uintptr_t> {0x100, 0x200, 0x300, 0x400}); 1492 backtrace_fake_add(std::vector<uintptr_t> {0x500, 0xa00, 0xb00}); 1493 1494 // First allocation should not actually attempt to get the backtrace. 1495 void* pointer = debug_malloc(10); 1496 ASSERT_TRUE(pointer != nullptr); 1497 1498 uint8_t* info; 1499 size_t overall_size; 1500 size_t info_size; 1501 size_t total_memory; 1502 size_t backtrace_size; 1503 1504 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1505 ASSERT_TRUE(info == nullptr); 1506 ASSERT_EQ(0U, overall_size); 1507 ASSERT_EQ(0U, info_size); 1508 ASSERT_EQ(0U, total_memory); 1509 ASSERT_EQ(0U, backtrace_size); 1510 debug_free(pointer); 1511 1512 debug_free_malloc_leak_info(info); 1513 1514 // Send the signal to enable. 1515 ASSERT_TRUE(kill(getpid(), SIGRTMAX - 19) == 0); 1516 sleep(1); 1517 1518 pointer = debug_malloc(100); 1519 ASSERT_TRUE(pointer != nullptr); 1520 1521 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1522 ASSERT_TRUE(info != nullptr); 1523 ASSERT_EQ(individual_size, overall_size); 1524 ASSERT_EQ(individual_size, info_size); 1525 ASSERT_EQ(100U, total_memory); 1526 ASSERT_EQ(20U, backtrace_size); 1527 uintptr_t* ips = reinterpret_cast<uintptr_t*>(&info[2 * sizeof(size_t)]); 1528 ASSERT_EQ(0xbc000U, ips[0]); 1529 ASSERT_EQ(0xecd00U, ips[1]); 1530 ASSERT_EQ(0x12000U, ips[2]); 1531 for (size_t i = 3; i < 20; i++) { 1532 ASSERT_EQ(0U, ips[i]); 1533 } 1534 1535 debug_free(pointer); 1536 1537 debug_free_malloc_leak_info(info); 1538 1539 // Send the signal to disable. 1540 ASSERT_TRUE(kill(getpid(), SIGRTMAX - 19) == 0); 1541 sleep(1); 1542 1543 pointer = debug_malloc(200); 1544 ASSERT_TRUE(pointer != nullptr); 1545 1546 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1547 ASSERT_TRUE(info == nullptr); 1548 ASSERT_EQ(0U, overall_size); 1549 ASSERT_EQ(0U, info_size); 1550 ASSERT_EQ(0U, total_memory); 1551 ASSERT_EQ(0U, backtrace_size); 1552 1553 debug_free(pointer); 1554 1555 debug_free_malloc_leak_info(info); 1556 1557 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1558 std::string expected_log = android::base::StringPrintf( 1559 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to enable backtracing.\n", 1560 SIGRTMAX - 19, getpid()); 1561 expected_log += android::base::StringPrintf( 1562 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1563 SIGRTMAX - 17, getpid()); 1564 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1565} 1566 1567TEST_F(MallocDebugTest, backtrace_same_stack) { 1568 Init("backtrace=4"); 1569 1570 size_t individual_size = GetInfoEntrySize(4); 1571 1572 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1573 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1574 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1575 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1576 1577 void* pointers[4]; 1578 pointers[0] = debug_malloc(10); 1579 ASSERT_TRUE(pointers[0] != nullptr); 1580 pointers[1] = debug_malloc(10); 1581 ASSERT_TRUE(pointers[1] != nullptr); 1582 pointers[2] = debug_malloc(10); 1583 ASSERT_TRUE(pointers[2] != nullptr); 1584 pointers[3] = debug_malloc(100); 1585 ASSERT_TRUE(pointers[3] != nullptr); 1586 1587 uint8_t* info; 1588 size_t overall_size; 1589 size_t info_size; 1590 size_t total_memory; 1591 size_t backtrace_size; 1592 1593 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1594 ASSERT_TRUE(info != nullptr); 1595 ASSERT_EQ(individual_size * 2, overall_size); 1596 ASSERT_EQ(individual_size, info_size); 1597 EXPECT_EQ(130U, total_memory); 1598 EXPECT_EQ(4U, backtrace_size); 1599 EXPECT_EQ(100U, *reinterpret_cast<size_t*>(&info[0])); 1600 EXPECT_EQ(1U, *reinterpret_cast<size_t*>(&info[sizeof(size_t)])); 1601 uintptr_t* ips = reinterpret_cast<uintptr_t*>(&info[2 * sizeof(size_t)]); 1602 EXPECT_EQ(0xbc000U, ips[0]); 1603 EXPECT_EQ(0xecd00U, ips[1]); 1604 EXPECT_EQ(0x12000U, ips[2]); 1605 1606 EXPECT_EQ(10U, *reinterpret_cast<size_t*>(&info[individual_size])); 1607 EXPECT_EQ(3U, *reinterpret_cast<size_t*>(&info[sizeof(size_t) + individual_size])); 1608 ips = reinterpret_cast<uintptr_t*>(&info[2 * sizeof(size_t) + individual_size]); 1609 EXPECT_EQ(0xbc000U, ips[0]); 1610 EXPECT_EQ(0xecd00U, ips[1]); 1611 EXPECT_EQ(0x12000U, ips[2]); 1612 1613 debug_free_malloc_leak_info(info); 1614 1615 debug_free(pointers[0]); 1616 debug_free(pointers[1]); 1617 debug_free(pointers[2]); 1618 debug_free(pointers[3]); 1619 1620 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1621 std::string expected_log = android::base::StringPrintf( 1622 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1623 SIGRTMAX - 17, getpid()); 1624 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1625} 1626 1627TEST_F(MallocDebugTest, backtrace_same_stack_zygote) { 1628 Init("backtrace=4"); 1629 1630 size_t individual_size = GetInfoEntrySize(4); 1631 1632 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1633 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1634 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1635 backtrace_fake_add(std::vector<uintptr_t> {0xbc000}); 1636 1637 zygote = 1; 1638 1639 void* pointers[4]; 1640 pointers[0] = debug_malloc(100); 1641 ASSERT_TRUE(pointers[0] != nullptr); 1642 pointers[1] = debug_malloc(100); 1643 ASSERT_TRUE(pointers[1] != nullptr); 1644 pointers[2] = debug_malloc(100); 1645 ASSERT_TRUE(pointers[2] != nullptr); 1646 pointers[3] = debug_malloc(100); 1647 ASSERT_TRUE(pointers[3] != nullptr); 1648 1649 uint8_t* info; 1650 size_t overall_size; 1651 size_t info_size; 1652 size_t total_memory; 1653 size_t backtrace_size; 1654 1655 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1656 ASSERT_TRUE(info != nullptr); 1657 ASSERT_EQ(individual_size * 2, overall_size); 1658 EXPECT_EQ(individual_size, info_size); 1659 EXPECT_EQ(400U, total_memory); 1660 EXPECT_EQ(4U, backtrace_size); 1661 1662 EXPECT_EQ(0x80000064U, *reinterpret_cast<size_t*>(&info[0])); 1663 EXPECT_EQ(3U, *reinterpret_cast<size_t*>(&info[sizeof(size_t)])); 1664 uintptr_t* ips = reinterpret_cast<uintptr_t*>(&info[2 * sizeof(size_t)]); 1665 EXPECT_EQ(0xbc000U, ips[0]); 1666 EXPECT_EQ(0xecd00U, ips[1]); 1667 EXPECT_EQ(0x12000U, ips[2]); 1668 1669 EXPECT_EQ(0x80000064U, *reinterpret_cast<size_t*>(&info[individual_size])); 1670 EXPECT_EQ(1U, *reinterpret_cast<size_t*>(&info[sizeof(size_t) + individual_size])); 1671 ips = reinterpret_cast<uintptr_t*>(&info[2 * sizeof(size_t) + individual_size]); 1672 EXPECT_EQ(0xbc000U, ips[0]); 1673 EXPECT_EQ(0U, ips[1]); 1674 1675 debug_free_malloc_leak_info(info); 1676 1677 debug_free(pointers[0]); 1678 debug_free(pointers[1]); 1679 debug_free(pointers[2]); 1680 debug_free(pointers[3]); 1681 1682 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1683 std::string expected_log = android::base::StringPrintf( 1684 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1685 SIGRTMAX - 17, getpid()); 1686 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1687} 1688 1689TEST_F(MallocDebugTest, backtrace_same_stack_mix_zygote) { 1690 Init("backtrace=4"); 1691 1692 size_t individual_size = GetInfoEntrySize(4); 1693 1694 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1695 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1696 backtrace_fake_add(std::vector<uintptr_t> {0xbc000, 0xecd00, 0x12000}); 1697 backtrace_fake_add(std::vector<uintptr_t> {0xbc000}); 1698 1699 zygote = 1; 1700 void* pointers[4]; 1701 pointers[0] = debug_malloc(40); 1702 ASSERT_TRUE(pointers[0] != nullptr); 1703 pointers[1] = debug_malloc(40); 1704 ASSERT_TRUE(pointers[1] != nullptr); 1705 1706 zygote = 0; 1707 pointers[2] = debug_malloc(40); 1708 ASSERT_TRUE(pointers[2] != nullptr); 1709 pointers[3] = debug_malloc(100); 1710 ASSERT_TRUE(pointers[3] != nullptr); 1711 1712 uint8_t* info; 1713 size_t overall_size; 1714 size_t info_size; 1715 size_t total_memory; 1716 size_t backtrace_size; 1717 1718 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1719 ASSERT_TRUE(info != nullptr); 1720 ASSERT_EQ(individual_size * 3, overall_size); 1721 ASSERT_EQ(individual_size, info_size); 1722 EXPECT_EQ(220U, total_memory); 1723 EXPECT_EQ(4U, backtrace_size); 1724 1725 EXPECT_EQ(100U, *reinterpret_cast<size_t*>(&info[0])); 1726 EXPECT_EQ(1U, *reinterpret_cast<size_t*>(&info[sizeof(size_t)])); 1727 uintptr_t* ips = reinterpret_cast<uintptr_t*>(&info[2 * sizeof(size_t)]); 1728 EXPECT_EQ(0xbc000U, ips[0]); 1729 EXPECT_EQ(0U, ips[1]); 1730 1731 EXPECT_EQ(40U, *reinterpret_cast<size_t*>(&info[individual_size])); 1732 EXPECT_EQ(1U, *reinterpret_cast<size_t*>(&info[sizeof(size_t) + individual_size])); 1733 ips = reinterpret_cast<uintptr_t*>(&info[2 * sizeof(size_t) + individual_size]); 1734 EXPECT_EQ(0xbc000U, ips[0]); 1735 EXPECT_EQ(0xecd00U, ips[1]); 1736 EXPECT_EQ(0x12000U, ips[2]); 1737 1738 EXPECT_EQ(0x80000028U, *reinterpret_cast<size_t*>(&info[2 * individual_size])); 1739 EXPECT_EQ(2U, *reinterpret_cast<size_t*>(&info[sizeof(size_t) + 2 * individual_size])); 1740 ips = reinterpret_cast<uintptr_t*>(&info[2 * sizeof(size_t) + 2 * individual_size]); 1741 EXPECT_EQ(0xbc000U, ips[0]); 1742 EXPECT_EQ(0xecd00U, ips[1]); 1743 EXPECT_EQ(0x12000U, ips[2]); 1744 1745 debug_free_malloc_leak_info(info); 1746 1747 debug_free(pointers[0]); 1748 debug_free(pointers[1]); 1749 debug_free(pointers[2]); 1750 debug_free(pointers[3]); 1751 1752 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1753 std::string expected_log = android::base::StringPrintf( 1754 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1755 SIGRTMAX - 17, getpid()); 1756 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1757} 1758 1759TEST_F(MallocDebugTest, backtrace_frame_data_nullptr_same_size) { 1760 Init("backtrace=4"); 1761 1762 size_t individual_size = GetInfoEntrySize(4); 1763 1764 void* pointers[4]; 1765 pointers[0] = debug_malloc(100); 1766 ASSERT_TRUE(pointers[0] != nullptr); 1767 pointers[1] = debug_malloc(100); 1768 ASSERT_TRUE(pointers[1] != nullptr); 1769 pointers[2] = debug_malloc(100); 1770 ASSERT_TRUE(pointers[2] != nullptr); 1771 pointers[3] = debug_malloc(100); 1772 ASSERT_TRUE(pointers[3] != nullptr); 1773 1774 uint8_t* info; 1775 size_t overall_size; 1776 size_t info_size; 1777 size_t total_memory; 1778 size_t backtrace_size; 1779 1780 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1781 ASSERT_TRUE(info != nullptr); 1782 ASSERT_EQ(individual_size, overall_size); 1783 EXPECT_EQ(individual_size, info_size); 1784 EXPECT_EQ(400U, total_memory); 1785 EXPECT_EQ(4U, backtrace_size); 1786 1787 EXPECT_EQ(100U, *reinterpret_cast<size_t*>(&info[0])); 1788 EXPECT_EQ(4U, *reinterpret_cast<size_t*>(&info[sizeof(size_t)])); 1789 uintptr_t* ips = reinterpret_cast<uintptr_t*>(&info[2 * sizeof(size_t)]); 1790 EXPECT_EQ(0U, ips[0]); 1791 1792 debug_free_malloc_leak_info(info); 1793 1794 debug_free(pointers[0]); 1795 debug_free(pointers[1]); 1796 debug_free(pointers[2]); 1797 debug_free(pointers[3]); 1798 1799 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1800 std::string expected_log = android::base::StringPrintf( 1801 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1802 SIGRTMAX - 17, getpid()); 1803 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1804} 1805 1806TEST_F(MallocDebugTest, overflow) { 1807 Init("guard fill_on_free"); 1808 1809 void* pointer = debug_malloc(SIZE_MAX); 1810 ASSERT_TRUE(pointer == nullptr); 1811 ASSERT_EQ(ENOMEM, errno); 1812 1813 pointer = debug_calloc(1, SIZE_MAX); 1814 ASSERT_TRUE(pointer == nullptr); 1815 ASSERT_EQ(ENOMEM, errno); 1816 1817 pointer = debug_calloc(SIZE_MAX, 1); 1818 ASSERT_TRUE(pointer == nullptr); 1819 ASSERT_EQ(ENOMEM, errno); 1820 1821 pointer = debug_calloc(SIZE_MAX/100, 100); 1822 ASSERT_TRUE(pointer == nullptr); 1823 ASSERT_EQ(ENOMEM, errno); 1824 1825 pointer = debug_calloc(100, SIZE_MAX/100); 1826 ASSERT_TRUE(pointer == nullptr); 1827 ASSERT_EQ(ENOMEM, errno); 1828 1829 const size_t size_t_bits = sizeof(size_t) * 8; 1830 const size_t sqrt_size_t = 1ULL << (size_t_bits/2); 1831 pointer = debug_calloc(sqrt_size_t + 1, sqrt_size_t); 1832 ASSERT_TRUE(pointer == nullptr); 1833 ASSERT_EQ(ENOMEM, errno); 1834 1835 pointer = debug_realloc(nullptr, SIZE_MAX); 1836 ASSERT_TRUE(pointer == nullptr); 1837 ASSERT_EQ(ENOMEM, errno); 1838 1839 pointer = debug_malloc(100); 1840 ASSERT_TRUE(pointer != nullptr); 1841 memset(pointer, 0xd0, 100); 1842 1843 void* realloc_pointer = debug_realloc(pointer, SIZE_MAX); 1844 ASSERT_TRUE(realloc_pointer == nullptr); 1845 // Verify the pointer was not freed. 1846 for (size_t i = 0; i < 100; i++) { 1847 ASSERT_EQ(0xd0, reinterpret_cast<uint8_t*>(pointer)[i]) << "Failed checking byte " << i; 1848 } 1849 debug_free(pointer); 1850 1851 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1852 ASSERT_STREQ("", getFakeLogPrint().c_str()); 1853} 1854 1855static void VerifyZygoteSet(size_t memory_bytes) { 1856 size_t expected_info_size = 2 * sizeof(size_t) + 16 * sizeof(uintptr_t); 1857 std::vector<uint8_t> expected_info(expected_info_size); 1858 memset(expected_info.data(), 0, expected_info_size); 1859 InfoEntry* entry = reinterpret_cast<InfoEntry*>(expected_info.data()); 1860 entry->size = memory_bytes | (1U << 31); 1861 entry->num_allocations = 1; 1862 entry->frames[0] = 0x1; 1863 1864 uint8_t* info; 1865 size_t overall_size; 1866 size_t info_size; 1867 size_t total_memory; 1868 size_t backtrace_size; 1869 1870 debug_get_malloc_leak_info(&info, &overall_size, &info_size, &total_memory, &backtrace_size); 1871 ASSERT_EQ(expected_info_size, overall_size); 1872 ASSERT_EQ(expected_info_size, info_size); 1873 ASSERT_EQ(memory_bytes, total_memory); 1874 ASSERT_EQ(16U, backtrace_size); 1875 ASSERT_TRUE(memcmp(info, expected_info.data(), expected_info_size) == 0) 1876 << ShowDiffs(info, expected_info.data(), expected_info_size); 1877 1878 debug_free_malloc_leak_info(info); 1879} 1880 1881TEST_F(MallocDebugTest, zygote_set) { 1882 // Set all of the options. 1883 Init("guard fill backtrace leak_track free_track=2"); 1884 1885 zygote = 1; 1886 1887 backtrace_fake_add(std::vector<uintptr_t> {0x1}); 1888 1889 void* pointer = debug_malloc(100); 1890 ASSERT_TRUE(pointer != nullptr); 1891 ASSERT_EQ(100U, debug_malloc_usable_size(pointer)); 1892 memset(pointer, 0, 100); 1893 VerifyZygoteSet(100); 1894 ASSERT_FALSE(HasFatalFailure()); 1895 debug_free(pointer); 1896 1897 backtrace_fake_add(std::vector<uintptr_t> {0x1}); 1898 pointer = debug_calloc(10, 20); 1899 ASSERT_TRUE(pointer != nullptr); 1900 ASSERT_EQ(200U, debug_malloc_usable_size(pointer)); 1901 VerifyZygoteSet(200); 1902 ASSERT_FALSE(HasFatalFailure()); 1903 debug_free(pointer); 1904 1905 backtrace_fake_add(std::vector<uintptr_t> {0x1}); 1906 pointer = debug_memalign(128, 300); 1907 ASSERT_TRUE(pointer != nullptr); 1908 ASSERT_EQ(300U, debug_malloc_usable_size(pointer)); 1909 memset(pointer, 0, 300); 1910 VerifyZygoteSet(300); 1911 ASSERT_FALSE(HasFatalFailure()); 1912 debug_free(pointer); 1913 1914 backtrace_fake_add(std::vector<uintptr_t> {0x1}); 1915 pointer = debug_malloc(500); 1916 ASSERT_TRUE(pointer != nullptr); 1917 ASSERT_EQ(500U, debug_malloc_usable_size(pointer)); 1918 memset(pointer, 0, 500); 1919 VerifyZygoteSet(500); 1920 ASSERT_FALSE(HasFatalFailure()); 1921 1922 backtrace_fake_add(std::vector<uintptr_t> {0x1}); 1923 pointer = debug_realloc(pointer, 300); 1924 ASSERT_TRUE(pointer != nullptr); 1925 ASSERT_EQ(300U, debug_malloc_usable_size(pointer)); 1926 VerifyZygoteSet(300); 1927 ASSERT_FALSE(HasFatalFailure()); 1928 debug_free(pointer); 1929 1930 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1931 std::string expected_log = android::base::StringPrintf( 1932 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the backtrace.\n", 1933 SIGRTMAX - 17, getpid()); 1934 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 1935} 1936 1937TEST_F(MallocDebugTest, max_size) { 1938 Init("guard"); 1939 1940 void* pointer = debug_malloc(1U << 31); 1941 ASSERT_TRUE(pointer == nullptr); 1942 1943 pointer = debug_calloc(1, 1U << 31); 1944 ASSERT_TRUE(pointer == nullptr); 1945 1946 pointer = debug_calloc(1U << 31, 1); 1947 ASSERT_TRUE(pointer == nullptr); 1948 1949 pointer = debug_memalign(16, 1U << 31); 1950 ASSERT_TRUE(pointer == nullptr); 1951 1952 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1953 ASSERT_STREQ("", getFakeLogPrint().c_str()); 1954} 1955 1956TEST_F(MallocDebugTest, debug_mallinfo) { 1957 Init("guard"); 1958 1959 void* pointer = debug_malloc(150); 1960 ASSERT_TRUE(pointer != nullptr); 1961 1962 struct mallinfo mi = debug_mallinfo(); 1963 EXPECT_NE(0U, mi.uordblks); 1964 1965 debug_free(pointer); 1966 1967 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1968 ASSERT_STREQ("", getFakeLogPrint().c_str()); 1969} 1970 1971TEST_F(MallocDebugTest, debug_mallopt) { 1972 Init("guard"); 1973 1974 void* pointer = debug_malloc(150); 1975 ASSERT_TRUE(pointer != nullptr); 1976 1977 EXPECT_EQ(0, debug_mallopt(-1000, 1)); 1978 1979 debug_free(pointer); 1980 1981 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1982 ASSERT_STREQ("", getFakeLogPrint().c_str()); 1983} 1984 1985TEST_F(MallocDebugTest, debug_posix_memalign) { 1986 Init("guard"); 1987 1988 void* pointer; 1989 ASSERT_EQ(0, debug_posix_memalign(&pointer, 32, 300)); 1990 ASSERT_TRUE(pointer != nullptr); 1991 debug_free(pointer); 1992 1993 ASSERT_EQ(EINVAL, debug_posix_memalign(&pointer, 11, 300)); 1994 1995 ASSERT_EQ(ENOMEM, debug_posix_memalign(&pointer, 16, SIZE_MAX)); 1996 1997 ASSERT_STREQ("", getFakeLogBuf().c_str()); 1998 ASSERT_STREQ("", getFakeLogPrint().c_str()); 1999} 2000 2001#if defined(HAVE_DEPRECATED_MALLOC_FUNCS) 2002TEST_F(MallocDebugTest, debug_pvalloc) { 2003 Init("guard"); 2004 2005 size_t pagesize = getpagesize(); 2006 void* pointer = debug_pvalloc(1); 2007 ASSERT_TRUE(pointer != nullptr); 2008 ASSERT_EQ(pagesize, debug_malloc_usable_size(pointer)); 2009 uintptr_t value = reinterpret_cast<uintptr_t>(pointer) & (pagesize - 1); 2010 ASSERT_EQ(0U, value); 2011 debug_free(pointer); 2012} 2013 2014TEST_F(MallocDebugTest, debug_valloc) { 2015 Init("guard"); 2016 2017 size_t pagesize = getpagesize(); 2018 void* pointer = debug_valloc(100); 2019 ASSERT_TRUE(pointer != nullptr); 2020 ASSERT_EQ(100U, debug_malloc_usable_size(pointer)); 2021 uintptr_t value = reinterpret_cast<uintptr_t>(pointer) & (pagesize - 1); 2022 ASSERT_EQ(0U, value); 2023 debug_free(pointer); 2024} 2025#endif 2026 2027void VerifyRecordAllocs() { 2028 std::string expected; 2029 2030 void* pointer = debug_malloc(10); 2031 ASSERT_TRUE(pointer != nullptr); 2032 expected += android::base::StringPrintf("%d: malloc %p 10\n", getpid(), pointer); 2033 debug_free(pointer); 2034 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2035 2036 pointer = debug_calloc(1, 20); 2037 ASSERT_TRUE(pointer != nullptr); 2038 expected += android::base::StringPrintf("%d: calloc %p 20 1\n", getpid(), pointer); 2039 debug_free(pointer); 2040 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2041 2042 pointer = debug_realloc(nullptr, 30); 2043 ASSERT_TRUE(pointer != nullptr); 2044 expected += android::base::StringPrintf("%d: realloc %p 0x0 30\n", getpid(), pointer); 2045 void* old_pointer = pointer; 2046 pointer = debug_realloc(pointer, 2048); 2047 ASSERT_TRUE(pointer != nullptr); 2048 expected += android::base::StringPrintf("%d: realloc %p %p 2048\n", getpid(), 2049 pointer, old_pointer); 2050 debug_realloc(pointer, 0); 2051 expected += android::base::StringPrintf("%d: realloc 0x0 %p 0\n", getpid(), pointer); 2052 2053 pointer = debug_memalign(16, 40); 2054 ASSERT_TRUE(pointer != nullptr); 2055 expected += android::base::StringPrintf("%d: memalign %p 16 40\n", getpid(), pointer); 2056 debug_free(pointer); 2057 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2058 2059 pointer = debug_aligned_alloc(32, 50); 2060 ASSERT_TRUE(pointer != nullptr); 2061 expected += android::base::StringPrintf("%d: memalign %p 32 50\n", getpid(), pointer); 2062 debug_free(pointer); 2063 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2064 2065 ASSERT_EQ(0, debug_posix_memalign(&pointer, 32, 50)); 2066 ASSERT_TRUE(pointer != nullptr); 2067 expected += android::base::StringPrintf("%d: memalign %p 32 50\n", getpid(), pointer); 2068 debug_free(pointer); 2069 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2070 2071#if defined(HAVE_DEPRECATED_MALLOC_FUNCS) 2072 pointer = debug_pvalloc(60); 2073 ASSERT_TRUE(pointer != nullptr); 2074 expected += android::base::StringPrintf("%d: memalign %p 4096 4096\n", getpid(), pointer); 2075 debug_free(pointer); 2076 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2077 2078 pointer = debug_valloc(70); 2079 ASSERT_TRUE(pointer != nullptr); 2080 expected += android::base::StringPrintf("%d: memalign %p 4096 70\n", getpid(), pointer); 2081 debug_free(pointer); 2082 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2083#endif 2084 2085 // Dump all of the data accumulated so far. 2086 ASSERT_TRUE(kill(getpid(), SIGRTMAX - 18) == 0); 2087 sleep(1); 2088 2089 // This triggers the dumping. 2090 pointer = debug_malloc(110); 2091 ASSERT_TRUE(pointer != nullptr); 2092 expected += android::base::StringPrintf("%d: malloc %p 110\n", getpid(), pointer); 2093 2094 // Read all of the contents. 2095 std::string actual; 2096 ASSERT_TRUE(android::base::ReadFileToString(RECORD_ALLOCS_FILE, &actual)); 2097 ASSERT_EQ(0, unlink(RECORD_ALLOCS_FILE)); 2098 2099 ASSERT_STREQ(expected.c_str(), actual.c_str()); 2100 2101 ASSERT_STREQ("", getFakeLogBuf().c_str()); 2102 std::string expected_log = android::base::StringPrintf( 2103 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the allocation records.\n", 2104 SIGRTMAX - 18, getpid()); 2105 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 2106 2107 debug_free(pointer); 2108} 2109 2110TEST_F(MallocDebugTest, record_allocs_no_header) { 2111 Init("record_allocs"); 2112 2113 VerifyRecordAllocs(); 2114} 2115 2116TEST_F(MallocDebugTest, record_allocs_with_header) { 2117 Init("record_allocs front_guard"); 2118 2119 VerifyRecordAllocs(); 2120} 2121 2122TEST_F(MallocDebugTest, record_allocs_max) { 2123 Init("record_allocs=5"); 2124 2125 std::string expected; 2126 2127 void* pointer = debug_malloc(10); 2128 ASSERT_TRUE(pointer != nullptr); 2129 expected += android::base::StringPrintf("%d: malloc %p 10\n", getpid(), pointer); 2130 debug_free(pointer); 2131 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2132 2133 pointer = debug_malloc(20); 2134 ASSERT_TRUE(pointer != nullptr); 2135 expected += android::base::StringPrintf("%d: malloc %p 20\n", getpid(), pointer); 2136 debug_free(pointer); 2137 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2138 2139 pointer = debug_malloc(1024); 2140 ASSERT_TRUE(pointer != nullptr); 2141 expected += android::base::StringPrintf("%d: malloc %p 1024\n", getpid(), pointer); 2142 debug_free(pointer); 2143 2144 // Dump all of the data accumulated so far. 2145 ASSERT_TRUE(kill(getpid(), SIGRTMAX - 18) == 0); 2146 sleep(1); 2147 2148 // This triggers the dumping. 2149 pointer = debug_malloc(110); 2150 ASSERT_TRUE(pointer != nullptr); 2151 2152 // Read all of the contents. 2153 std::string actual; 2154 ASSERT_TRUE(android::base::ReadFileToString(RECORD_ALLOCS_FILE, &actual)); 2155 ASSERT_EQ(0, unlink(RECORD_ALLOCS_FILE)); 2156 2157 ASSERT_STREQ(expected.c_str(), actual.c_str()); 2158 2159 ASSERT_STREQ("", getFakeLogBuf().c_str()); 2160 std::string expected_log = android::base::StringPrintf( 2161 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the allocation records.\n", 2162 SIGRTMAX - 18, getpid()); 2163 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 2164 2165 debug_free(pointer); 2166} 2167 2168TEST_F(MallocDebugTest, record_allocs_thread_done) { 2169 Init("record_allocs=5"); 2170 2171 static pid_t tid = 0; 2172 static void* pointer = nullptr; 2173 std::thread thread([](){ 2174 tid = gettid(); 2175 pointer = debug_malloc(100); 2176 write(0, pointer, 0); 2177 debug_free(pointer); 2178 }); 2179 thread.join(); 2180 2181 std::string expected = android::base::StringPrintf("%d: malloc %p 100\n", tid, pointer); 2182 expected += android::base::StringPrintf("%d: free %p\n", tid, pointer); 2183 expected += android::base::StringPrintf("%d: thread_done 0x0\n", tid); 2184 2185 // Dump all of the data accumulated so far. 2186 ASSERT_TRUE(kill(getpid(), SIGRTMAX - 18) == 0); 2187 sleep(1); 2188 2189 // This triggers the dumping. 2190 pointer = debug_malloc(23); 2191 ASSERT_TRUE(pointer != nullptr); 2192 expected += android::base::StringPrintf("%d: malloc %p 23\n", getpid(), pointer); 2193 2194 // Read all of the contents. 2195 std::string actual; 2196 ASSERT_TRUE(android::base::ReadFileToString(RECORD_ALLOCS_FILE, &actual)); 2197 ASSERT_EQ(0, unlink(RECORD_ALLOCS_FILE)); 2198 2199 ASSERT_STREQ(expected.c_str(), actual.c_str()); 2200 2201 ASSERT_STREQ("", getFakeLogBuf().c_str()); 2202 std::string expected_log = android::base::StringPrintf( 2203 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the allocation records.\n", 2204 SIGRTMAX - 18, getpid()); 2205 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 2206 2207 debug_free(pointer); 2208} 2209 2210TEST_F(MallocDebugTest, record_allocs_file_name_fail) { 2211 Init("record_allocs=5"); 2212 2213 // Delete the special.txt file and create a symbolic link there to 2214 // make sure the create file will fail. 2215 unlink(RECORD_ALLOCS_FILE); 2216 2217 ASSERT_EQ(0, symlink("/data/local/tmp/does_not_exist", RECORD_ALLOCS_FILE)); 2218 2219 std::string expected; 2220 2221 void* pointer = debug_malloc(10); 2222 ASSERT_TRUE(pointer != nullptr); 2223 expected += android::base::StringPrintf("%d: malloc %p 10\n", getpid(), pointer); 2224 debug_free(pointer); 2225 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2226 2227 // Dump all of the data accumulated so far. 2228 ASSERT_TRUE(kill(getpid(), SIGRTMAX - 18) == 0); 2229 sleep(1); 2230 2231 // This triggers the dumping. 2232 pointer = debug_malloc(110); 2233 ASSERT_TRUE(pointer != nullptr); 2234 expected += android::base::StringPrintf("%d: malloc %p 110\n", getpid(), pointer); 2235 2236 // Read all of the contents. 2237 std::string actual; 2238 ASSERT_FALSE(android::base::ReadFileToString(RECORD_ALLOCS_FILE, &actual)); 2239 2240 // Unlink the file so the next dump passes. 2241 ASSERT_EQ(0, unlink(RECORD_ALLOCS_FILE)); 2242 2243 // Dump all of the data accumulated so far. 2244 ASSERT_TRUE(kill(getpid(), SIGRTMAX - 18) == 0); 2245 sleep(1); 2246 2247 // This triggers the dumping. 2248 debug_free(pointer); 2249 expected += android::base::StringPrintf("%d: free %p\n", getpid(), pointer); 2250 2251 ASSERT_TRUE(android::base::ReadFileToString(RECORD_ALLOCS_FILE, &actual)); 2252 ASSERT_EQ(0, unlink(RECORD_ALLOCS_FILE)); 2253 ASSERT_STREQ(expected.c_str(), actual.c_str()); 2254 2255 ASSERT_STREQ("", getFakeLogBuf().c_str()); 2256 std::string expected_log = android::base::StringPrintf( 2257 "4 malloc_debug malloc_testing: Run: 'kill -%d %d' to dump the allocation records.\n", 2258 SIGRTMAX - 18, getpid()); 2259 expected_log += android::base::StringPrintf( 2260 "6 malloc_debug Cannot create record alloc file %s: Too many symbolic links encountered\n", 2261 RECORD_ALLOCS_FILE); 2262 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 2263} 2264 2265TEST_F(MallocDebugTest, verify_pointers) { 2266 Init("verify_pointers"); 2267 2268 void* pointer = debug_malloc(10); 2269 memset(pointer, 0, 10); 2270 debug_free(pointer); 2271 2272 ASSERT_STREQ("", getFakeLogBuf().c_str()); 2273 ASSERT_STREQ("", getFakeLogPrint().c_str()); 2274 2275 debug_free(pointer); 2276 ASSERT_EQ(0U, debug_malloc_usable_size(pointer)); 2277 ASSERT_EQ(nullptr, debug_realloc(pointer, 1000)); 2278 2279 ASSERT_STREQ("", getFakeLogBuf().c_str()); 2280 std::string free_pointer_str( 2281 android::base::StringPrintf("6 malloc_debug +++ ALLOCATION %p UNKNOWN POINTER (free)\n", 2282 pointer)); 2283 std::string usable_pointer_str( 2284 android::base::StringPrintf("6 malloc_debug +++ ALLOCATION %p UNKNOWN POINTER (malloc_usable_size)\n", 2285 pointer)); 2286 std::string realloc_pointer_str( 2287 android::base::StringPrintf("6 malloc_debug +++ ALLOCATION %p UNKNOWN POINTER (realloc)\n", 2288 pointer)); 2289 std::string backtrace_str("6 malloc_debug Backtrace failed to get any frames.\n"); 2290 2291 std::string expected_log(DIVIDER + free_pointer_str + backtrace_str + DIVIDER); 2292 expected_log += DIVIDER + usable_pointer_str + backtrace_str + DIVIDER; 2293 expected_log += DIVIDER + realloc_pointer_str + backtrace_str + DIVIDER; 2294 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 2295 2296 resetLogs(); 2297 2298 backtrace_fake_add(std::vector<uintptr_t> {0x100, 0x200}); 2299 backtrace_fake_add(std::vector<uintptr_t> {0x300, 0x400}); 2300 backtrace_fake_add(std::vector<uintptr_t> {0x500, 0x600}); 2301 debug_free(pointer); 2302 ASSERT_EQ(0U, debug_malloc_usable_size(pointer)); 2303 ASSERT_EQ(nullptr, debug_realloc(pointer, 1000)); 2304 2305 ASSERT_STREQ("", getFakeLogBuf().c_str()); 2306 expected_log = DIVIDER + free_pointer_str; 2307 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 2308 expected_log += "6 malloc_debug #00 pc 0x100\n"; 2309 expected_log += "6 malloc_debug #01 pc 0x200\n"; 2310 expected_log += DIVIDER; 2311 expected_log += DIVIDER + usable_pointer_str; 2312 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 2313 expected_log += "6 malloc_debug #00 pc 0x300\n"; 2314 expected_log += "6 malloc_debug #01 pc 0x400\n"; 2315 expected_log += DIVIDER; 2316 expected_log += DIVIDER + realloc_pointer_str; 2317 expected_log += "6 malloc_debug Backtrace at time of failure:\n"; 2318 expected_log += "6 malloc_debug #00 pc 0x500\n"; 2319 expected_log += "6 malloc_debug #01 pc 0x600\n"; 2320 expected_log += DIVIDER; 2321 ASSERT_STREQ(expected_log.c_str(), getFakeLogPrint().c_str()); 2322} 2323