e1dd3c287ba836281de0197670018bd9bbfbd62b |
|
29-May-2012 |
Iliyan Malchev <malchev@google.com> |
bionic: import heaptracker as chk_malloc This patch is a rewrite of libc.debug.malloc = 10 (chk_malloc). It provides the same features as the original (poison freed memory, detect heap overruns and underruns), except that it provides more debugging information whenever it detects a problem. In addition to the original features, the new chk_malloc() implementation detects multiple frees within a given range of the last N allocations, N being configurable via the system property libc.debug.malloc.backlog. Finally, this patch keeps track of all outstanding memory allocations. On program exit, we walk that list and report each outstanding allocation. (There is support (not enabled) for a scanner thread periodically walks over the list of outstanding allocations as well as the backlog of recently-freed allocations, checking for heap-usage errors.) Feature overview: 1) memory leaks 2) multiple frees 3) use after free 4) overrun Implementation: -- for each allocation, there is a: 1) stack trace at the time the allocation is made 2) if the memory is freed, there is also a stack trace at the point 3) a front and rear guard (fence) 4) the stack traces are kept together with the allocation -- the following lists and maintained 1) all outstanding memory allocations 3) a backlog of allocations what are freed; when you call free(), instead of actually freed, the allocation is moved to this backlog; 4) when the backlog of allocations gets full, the oldest entry gets evicted from it; at that point, the allocation is checked for overruns or use-after-free errors, and then actually freed. 5) when the program exits, the list of outstanding allocations and the backlog are inspected for errors, then freed; To use this, set the following system properties before running the process or processes you want to inspect: libc.malloc.debug.backlog # defaults to 100 libc.malloc.debug 10 When a problem is detected, you will see the following on logcat for a multiple free: E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 BYTES MULTIPLY FREED! E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 4009647c /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 FIRST FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 40096490 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 NOW BEING FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c6ac /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 400964a0 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so The following for a heap overrun and underrun: E/libc ( 7233): +++ REAR GUARD MISMATCH [10, 11) E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 HAS A CORRUPTED REAR GUARD E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 40096438 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 40096462 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 HAS A CORRUPTED FRONT GUARD E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 400964ba /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 FREED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so E/libc ( 7233): #03 pc 400964e4 /system/bin/malloctest E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so The following for a memory leak: E/libc ( 7233): +++ THERE ARE 1 LEAKED ALLOCATIONS E/libc ( 7233): +++ DELETING 4096 BYTES OF LEAKED MEMORY AT 0x404b95e8 (1 REMAINING) E/libc ( 7233): +++ ALLOCATION 0x404b95e8 SIZE 4096 ALLOCATED HERE: E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so E/libc ( 7233): #03 pc 0001bc94 /system/lib/libc.so E/libc ( 7233): #04 pc 0001edf6 /system/lib/libc.so E/libc ( 7233): #05 pc 0001b80a /system/lib/libc.so E/libc ( 7233): #06 pc 0001c086 /system/lib/libc.so E/libc ( 7233): #07 pc 40096402 /system/bin/malloctest E/libc ( 7233): #08 pc 00016f24 /system/lib/libc.so Change-Id: Ic440e9d05a01e2ea86b25e8998714e88bc2d16e0 Signed-off-by: Iliyan Malchev <malchev@google.com>
|
7c0c3793722aea293c45921ef50e4adcdf9645ce |
|
06-Sep-2011 |
Mathias Agopian <mathias.agopian@gmail.com> |
implement pthread mutex deadlock detection this works by building a directed graph of acquired pthread mutexes and making sure there are no loops in that graph. this feature is enabled with: setprop debug.libc.pthread 1 when a potential deadlock is detected, a large warning is output to the log with appropriate back traces. currently disabled at compile-time. set PTHREAD_DEBUG_ENABLED=1 to enable. Change-Id: I916eed2319599e8aaf8f229d3f18a8ddbec3aa8a
|
1df986c21ee52c6756846b4a5e45cb316f772112 |
|
21-Oct-2010 |
David 'Digit' Turner <digit@google.com> |
libc: fix executable destruction support. This change allows an executable to call its destructor functions (declared with __attribute__((destructor))) to be properly called when it normally exits. Note that this is different from calling the destructors of a shared library when it is unloaded with dlclose() or through program exit, which are already supported. Bug: 3106500 Change-Id: I1412ef5407f13b613fc6cb6103e0a691dbee4b1a
|
2bf607d599b703604cb1caf5beeb2e70c44682fb |
|
28-Jun-2010 |
Chris Peterson <cpeterso@cpeterso.com> |
Change-Id: I68cc462aeb2460345a53bdb9941ce4bfc10456fb bionic: fix clearenv() compiler warning and related comment typos
|
b74ceb25aae555570df64fa4d4076272733a9a20 |
|
17-Nov-2009 |
Vladimir Chtchetkine <vchtchetkine@google.com> |
Split libc_debug.so into two .so modules loaded on demand from libc.so This change is intended to eliminate need to replace libc.so with libc_debug.so in order to enablememory allocation debugging. This is also the first step towards implementing extended memoryallocation debugging using emulator's capabilities in monitoring memory access.
|
39f3745cf30efe38482ffead1c32f4e62f6fe32e |
|
22-Jul-2009 |
Andy McFadden <fadden@android.com> |
Restore malloc debug. Some libc changes were preventing the initialization call from being made. The basic problem appears to be that libc_init_common.c is only built once, and it's only built for the non-debug libc.
|
b56b5659b3996e98c2060f168d1cff1474e77d2a |
|
18-Jul-2009 |
David 'Digit' Turner <digit@google.com> |
Fix the C library runtime initialization order. This allows libc.so to run the C runtime initializer as soon as the dynamic linker loads the shared library, i.e. before any other initializers (e.g. static C++ constructors in other shared libraries the executable depends on). This also removes the bug where the initializers from the executable itself were run twice: once by the dynamic linker, and another time by __libc_init as defined by libc_init_dynamic.c
|
3a654b1e04d4275ae315cfe1b196998acf10052c |
|
03-Jun-2009 |
David 'Digit' Turner <digit@google.com> |
Revert "Fix the C library initialization to avoid calling static C++ constructors twice." This reverts commit 03eabfe65e1e2c36f4d26c78a730fa19a3bdada3.
|
03eabfe65e1e2c36f4d26c78a730fa19a3bdada3 |
|
28-May-2009 |
David 'Digit' Turner <digit@google.com> |
Fix the C library initialization to avoid calling static C++ constructors twice. The problem was due to the fact that, in the case of dynamic executables, the dynamic linker calls the DT_PREINIT_ARRAY, DT_INIT and DT_INIT_ARRAY constructors when loading shared libraries and dynamic executables, *before* calling the executable's entry point (i.e. arch-$ARCH/bionic/crtbegin_dynamic.c) which in turns call __libc_init() in libc.so, as defined by bionic/libc_init_dynamic.c The latter did call these constructors array again, mistakenly. The patch also updates the documentation of many related functions. Also adds a new section to linker/README.TXT explaining restrictions on C library usage. The patch has been tested on a Dream for stability issues with proprietary blobs: - H264 decoding works - Camera + Video recording works - GPS works - Sensors work The tests in system/extra/tests/bionic/libc/common/test_static_cpp_mutex.cpp has been run and shows the static C++ constructor being called only once.
|
1dc9e472e19acfe6dc7f41e429236e7eef7ceda1 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
|
1767f908af327fa388b1c66883760ad851267013 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
|
a27d2baa0c1a2ec70f47ea9199b1dd6762c8a349 |
|
21-Oct-2008 |
The Android Open Source Project <initial-contribution@android.com> |
Initial Contribution
|