2013-05-20 19:06:50 +08:00
|
|
|
//=-- lsan_common.cc ------------------------------------------------------===//
|
|
|
|
|
//
|
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
|
//
|
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
|
//
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
//
|
|
|
|
|
// This file is a part of LeakSanitizer.
|
|
|
|
|
// Implementation of common leak checking functionality.
|
|
|
|
|
//
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
|
|
#include "lsan_common.h"
|
|
|
|
|
|
|
|
|
|
#include "sanitizer_common/sanitizer_common.h"
|
|
|
|
|
#include "sanitizer_common/sanitizer_flags.h"
|
2015-01-15 23:13:43 +08:00
|
|
|
#include "sanitizer_common/sanitizer_flag_parser.h"
|
2013-06-28 22:38:31 +08:00
|
|
|
#include "sanitizer_common/sanitizer_placement_new.h"
|
2013-12-17 19:11:23 +08:00
|
|
|
#include "sanitizer_common/sanitizer_procmaps.h"
|
2013-05-20 19:06:50 +08:00
|
|
|
#include "sanitizer_common/sanitizer_stackdepot.h"
|
|
|
|
|
#include "sanitizer_common/sanitizer_stacktrace.h"
|
2013-06-28 22:38:31 +08:00
|
|
|
#include "sanitizer_common/sanitizer_suppressions.h"
|
2013-09-03 21:31:03 +08:00
|
|
|
#include "sanitizer_common/sanitizer_report_decorator.h"
|
2016-01-15 02:50:09 +08:00
|
|
|
#include "sanitizer_common/sanitizer_tls_get_addr.h"
|
2013-05-20 19:06:50 +08:00
|
|
|
|
2013-06-21 23:14:57 +08:00
|
|
|
#if CAN_SANITIZE_LEAKS
|
2013-06-21 23:50:49 +08:00
|
|
|
namespace __lsan {
|
2013-05-21 23:35:34 +08:00
|
|
|
|
2013-12-17 19:11:23 +08:00
|
|
|
// This mutex is used to prevent races between DoLeakCheck and IgnoreObject, and
|
|
|
|
|
// also to protect the global list of root regions.
|
2013-06-06 22:17:56 +08:00
|
|
|
BlockingMutex global_mutex(LINKER_INITIALIZED);
|
|
|
|
|
|
Use pthreads to manage thread-local storage on darwin for leak sanitizer
Summary:
__thread is supported on Darwin, but is implemented dynamically via
function calls to __tls_get_addr. This causes two issues when combined
with leak sanitizer, due to malloc() interception.
- The dynamic loader calls malloc during the process of loading
the sanitizer dylib, while swapping a placeholder tlv_boostrap
function for __tls_get_addr. This will cause tlv_bootstrap to
be called in DisabledInThisThread() via the asan allocator.
- The first time __tls_get_addr is called, it allocates memory
for the thread-local object, during which it calls malloc(). This
call will be intercepted, leading to an infinite loop in the asan
allocator, in which the allocator calls DisabledInThisThread,
which calls tls_get_addr, which calls into the allocator again.
Reviewers: kcc, glider, kubamracek
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D29786
llvm-svn: 294994
2017-02-14 06:20:07 +08:00
|
|
|
Flags lsan_flags;
|
|
|
|
|
|
|
|
|
|
void DisableCounterUnderflow() {
|
|
|
|
|
if (common_flags()->detect_leaks) {
|
2016-01-16 08:57:25 +08:00
|
|
|
Report("Unmatched call to __lsan_enable().\n");
|
|
|
|
|
Die();
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-06-21 22:51:52 +08:00
|
|
|
|
2015-01-07 08:38:00 +08:00
|
|
|
void Flags::SetDefaults() {
|
|
|
|
|
#define LSAN_FLAG(Type, Name, DefaultValue, Description) Name = DefaultValue;
|
|
|
|
|
#include "lsan_flags.inc"
|
|
|
|
|
#undef LSAN_FLAG
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-18 02:50:30 +08:00
|
|
|
void RegisterLsanFlags(FlagParser *parser, Flags *f) {
|
2015-01-15 23:13:43 +08:00
|
|
|
#define LSAN_FLAG(Type, Name, DefaultValue, Description) \
|
|
|
|
|
RegisterFlag(parser, #Name, Description, &f->Name);
|
2015-01-07 08:38:00 +08:00
|
|
|
#include "lsan_flags.inc"
|
|
|
|
|
#undef LSAN_FLAG
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-26 01:14:40 +08:00
|
|
|
#define LOG_POINTERS(...) \
|
|
|
|
|
do { \
|
|
|
|
|
if (flags()->log_pointers) Report(__VA_ARGS__); \
|
|
|
|
|
} while (0);
|
|
|
|
|
|
|
|
|
|
#define LOG_THREADS(...) \
|
|
|
|
|
do { \
|
|
|
|
|
if (flags()->log_threads) Report(__VA_ARGS__); \
|
|
|
|
|
} while (0);
|
|
|
|
|
|
2015-02-21 01:41:59 +08:00
|
|
|
ALIGNED(64) static char suppression_placeholder[sizeof(SuppressionContext)];
|
|
|
|
|
static SuppressionContext *suppression_ctx = nullptr;
|
|
|
|
|
static const char kSuppressionLeak[] = "leak";
|
|
|
|
|
static const char *kSuppressionTypes[] = { kSuppressionLeak };
|
2017-04-21 04:54:22 +08:00
|
|
|
static const char kStdSuppressions[] =
|
|
|
|
|
#if SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT
|
2017-04-26 01:24:27 +08:00
|
|
|
// For more details refer to the SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT
|
|
|
|
|
// definition.
|
|
|
|
|
"leak:*pthread_exit*\n"
|
2017-04-21 04:54:22 +08:00
|
|
|
#endif // SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT
|
2017-07-11 02:55:33 +08:00
|
|
|
#if SANITIZER_MAC
|
|
|
|
|
// For Darwin and os_log/os_trace: https://reviews.llvm.org/D35173
|
|
|
|
|
"leak:*_os_trace*\n"
|
|
|
|
|
#endif
|
2017-04-22 05:34:37 +08:00
|
|
|
// TLS leak in some glibc versions, described in
|
|
|
|
|
// https://sourceware.org/bugzilla/show_bug.cgi?id=12650.
|
2017-07-11 02:55:33 +08:00
|
|
|
"leak:*tls_get_addr*\n";
|
2014-08-05 08:43:23 +08:00
|
|
|
|
2013-06-28 22:38:31 +08:00
|
|
|
void InitializeSuppressions() {
|
2015-02-21 01:41:59 +08:00
|
|
|
CHECK_EQ(nullptr, suppression_ctx);
|
|
|
|
|
suppression_ctx = new (suppression_placeholder) // NOLINT
|
|
|
|
|
SuppressionContext(kSuppressionTypes, ARRAY_SIZE(kSuppressionTypes));
|
|
|
|
|
suppression_ctx->ParseFromFile(flags()->suppressions);
|
2013-06-28 22:38:31 +08:00
|
|
|
if (&__lsan_default_suppressions)
|
2015-02-21 01:41:59 +08:00
|
|
|
suppression_ctx->Parse(__lsan_default_suppressions());
|
2017-04-21 04:54:22 +08:00
|
|
|
suppression_ctx->Parse(kStdSuppressions);
|
2015-02-21 01:41:59 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static SuppressionContext *GetSuppressionContext() {
|
|
|
|
|
CHECK(suppression_ctx);
|
|
|
|
|
return suppression_ctx;
|
2013-06-28 22:38:31 +08:00
|
|
|
}
|
|
|
|
|
|
2017-04-20 05:25:06 +08:00
|
|
|
static InternalMmapVector<RootRegion> *root_regions;
|
2013-12-17 19:11:23 +08:00
|
|
|
|
2017-04-20 05:11:08 +08:00
|
|
|
InternalMmapVector<RootRegion> const *GetRootRegions() { return root_regions; }
|
|
|
|
|
|
2013-12-17 19:11:23 +08:00
|
|
|
void InitializeRootRegions() {
|
|
|
|
|
CHECK(!root_regions);
|
|
|
|
|
ALIGNED(64) static char placeholder[sizeof(InternalMmapVector<RootRegion>)];
|
|
|
|
|
root_regions = new(placeholder) InternalMmapVector<RootRegion>(1);
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-23 07:49:49 +08:00
|
|
|
const char *MaybeCallLsanDefaultOptions() {
|
|
|
|
|
return (&__lsan_default_options) ? __lsan_default_options() : "";
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-18 02:50:30 +08:00
|
|
|
void InitCommonLsan() {
|
2013-12-17 19:11:23 +08:00
|
|
|
InitializeRootRegions();
|
2013-10-22 03:35:00 +08:00
|
|
|
if (common_flags()->detect_leaks) {
|
|
|
|
|
// Initialization which can fail or print warnings should only be done if
|
|
|
|
|
// LSan is actually enabled.
|
|
|
|
|
InitializeSuppressions();
|
|
|
|
|
InitializePlatformSpecificModules();
|
|
|
|
|
}
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
|
2014-06-05 00:57:03 +08:00
|
|
|
class Decorator: public __sanitizer::SanitizerCommonDecorator {
|
2013-09-03 21:31:03 +08:00
|
|
|
public:
|
2014-06-05 00:57:03 +08:00
|
|
|
Decorator() : SanitizerCommonDecorator() { }
|
2013-09-03 21:31:03 +08:00
|
|
|
const char *Error() { return Red(); }
|
|
|
|
|
const char *Leak() { return Blue(); }
|
|
|
|
|
};
|
|
|
|
|
|
2013-05-20 19:06:50 +08:00
|
|
|
static inline bool CanBeAHeapPointer(uptr p) {
|
|
|
|
|
// Since our heap is located in mmap-ed memory, we can assume a sensible lower
|
2013-06-28 22:38:31 +08:00
|
|
|
// bound on heap addresses.
|
2013-05-20 19:06:50 +08:00
|
|
|
const uptr kMinAddress = 4 * 4096;
|
|
|
|
|
if (p < kMinAddress) return false;
|
2015-02-19 15:30:39 +08:00
|
|
|
#if defined(__x86_64__)
|
2013-05-20 19:06:50 +08:00
|
|
|
// Accept only canonical form user-space addresses.
|
|
|
|
|
return ((p >> 47) == 0);
|
2015-02-19 15:30:39 +08:00
|
|
|
#elif defined(__mips64)
|
|
|
|
|
return ((p >> 40) == 0);
|
2015-10-21 21:08:06 +08:00
|
|
|
#elif defined(__aarch64__)
|
2015-11-10 02:05:24 +08:00
|
|
|
unsigned runtimeVMA =
|
|
|
|
|
(MostSignificantSetBitIndex(GET_CURRENT_FRAME()) + 1);
|
|
|
|
|
return ((p >> runtimeVMA) == 0);
|
2013-05-20 19:06:50 +08:00
|
|
|
#else
|
|
|
|
|
return true;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-24 16:34:50 +08:00
|
|
|
// Scans the memory range, looking for byte patterns that point into allocator
|
|
|
|
|
// chunks. Marks those chunks with |tag| and adds them to |frontier|.
|
2015-04-25 00:53:15 +08:00
|
|
|
// There are two usage modes for this function: finding reachable chunks
|
|
|
|
|
// (|tag| = kReachable) and finding indirectly leaked chunks
|
2013-06-24 16:34:50 +08:00
|
|
|
// (|tag| = kIndirectlyLeaked). In the second case, there's no flood fill,
|
|
|
|
|
// so |frontier| = 0.
|
2013-06-14 17:59:40 +08:00
|
|
|
void ScanRangeForPointers(uptr begin, uptr end,
|
2013-06-14 18:07:56 +08:00
|
|
|
Frontier *frontier,
|
2013-05-20 19:06:50 +08:00
|
|
|
const char *region_type, ChunkTag tag) {
|
2015-04-25 00:53:15 +08:00
|
|
|
CHECK(tag == kReachable || tag == kIndirectlyLeaked);
|
2013-05-20 19:06:50 +08:00
|
|
|
const uptr alignment = flags()->pointer_alignment();
|
2013-12-26 01:14:40 +08:00
|
|
|
LOG_POINTERS("Scanning %s range %p-%p.\n", region_type, begin, end);
|
2013-05-20 19:06:50 +08:00
|
|
|
uptr pp = begin;
|
|
|
|
|
if (pp % alignment)
|
|
|
|
|
pp = pp + alignment - pp % alignment;
|
2013-06-24 16:34:50 +08:00
|
|
|
for (; pp + sizeof(void *) <= end; pp += alignment) { // NOLINT
|
2013-07-18 22:06:07 +08:00
|
|
|
void *p = *reinterpret_cast<void **>(pp);
|
2013-05-20 19:06:50 +08:00
|
|
|
if (!CanBeAHeapPointer(reinterpret_cast<uptr>(p))) continue;
|
2013-06-24 16:34:50 +08:00
|
|
|
uptr chunk = PointsIntoChunk(p);
|
2013-05-20 19:06:50 +08:00
|
|
|
if (!chunk) continue;
|
2013-10-16 00:00:11 +08:00
|
|
|
// Pointers to self don't count. This matters when tag == kIndirectlyLeaked.
|
|
|
|
|
if (chunk == begin) continue;
|
2013-05-20 19:06:50 +08:00
|
|
|
LsanMetadata m(chunk);
|
2015-04-25 00:53:15 +08:00
|
|
|
if (m.tag() == kReachable || m.tag() == kIgnored) continue;
|
2013-12-09 21:12:10 +08:00
|
|
|
|
|
|
|
|
// Do this check relatively late so we can log only the interesting cases.
|
|
|
|
|
if (!flags()->use_poisoned && WordIsPoisoned(pp)) {
|
2013-12-26 01:14:40 +08:00
|
|
|
LOG_POINTERS(
|
|
|
|
|
"%p is poisoned: ignoring %p pointing into chunk %p-%p of size "
|
|
|
|
|
"%zu.\n",
|
|
|
|
|
pp, p, chunk, chunk + m.requested_size(), m.requested_size());
|
2013-12-09 21:12:10 +08:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-20 19:06:50 +08:00
|
|
|
m.set_tag(tag);
|
2013-12-26 01:14:40 +08:00
|
|
|
LOG_POINTERS("%p: found %p pointing into chunk %p-%p of size %zu.\n", pp, p,
|
|
|
|
|
chunk, chunk + m.requested_size(), m.requested_size());
|
2013-05-20 19:06:50 +08:00
|
|
|
if (frontier)
|
2013-06-24 16:34:50 +08:00
|
|
|
frontier->push_back(chunk);
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-14 02:40:19 +08:00
|
|
|
// Scans a global range for pointers
|
|
|
|
|
void ScanGlobalRange(uptr begin, uptr end, Frontier *frontier) {
|
|
|
|
|
uptr allocator_begin = 0, allocator_end = 0;
|
|
|
|
|
GetAllocatorGlobalRange(&allocator_begin, &allocator_end);
|
|
|
|
|
if (begin <= allocator_begin && allocator_begin < end) {
|
|
|
|
|
CHECK_LE(allocator_begin, allocator_end);
|
|
|
|
|
CHECK_LE(allocator_end, end);
|
|
|
|
|
if (begin < allocator_begin)
|
|
|
|
|
ScanRangeForPointers(begin, allocator_begin, frontier, "GLOBAL",
|
|
|
|
|
kReachable);
|
|
|
|
|
if (allocator_end < end)
|
|
|
|
|
ScanRangeForPointers(allocator_end, end, frontier, "GLOBAL", kReachable);
|
|
|
|
|
} else {
|
|
|
|
|
ScanRangeForPointers(begin, end, frontier, "GLOBAL", kReachable);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-14 22:04:50 +08:00
|
|
|
void ForEachExtraStackRangeCb(uptr begin, uptr end, void* arg) {
|
|
|
|
|
Frontier *frontier = reinterpret_cast<Frontier *>(arg);
|
|
|
|
|
ScanRangeForPointers(begin, end, frontier, "FAKE STACK", kReachable);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-24 16:34:50 +08:00
|
|
|
// Scans thread data (stacks and TLS) for heap pointers.
|
2013-05-20 19:06:50 +08:00
|
|
|
static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
|
2013-06-14 18:07:56 +08:00
|
|
|
Frontier *frontier) {
|
2017-04-18 04:29:38 +08:00
|
|
|
InternalScopedBuffer<uptr> registers(suspended_threads.RegisterCount());
|
2013-05-20 19:06:50 +08:00
|
|
|
uptr registers_begin = reinterpret_cast<uptr>(registers.data());
|
|
|
|
|
uptr registers_end = registers_begin + registers.size();
|
2017-04-18 04:29:38 +08:00
|
|
|
for (uptr i = 0; i < suspended_threads.ThreadCount(); i++) {
|
2017-04-18 02:17:38 +08:00
|
|
|
tid_t os_id = static_cast<tid_t>(suspended_threads.GetThreadID(i));
|
2013-12-26 01:14:40 +08:00
|
|
|
LOG_THREADS("Processing thread %d.\n", os_id);
|
2013-05-20 19:06:50 +08:00
|
|
|
uptr stack_begin, stack_end, tls_begin, tls_end, cache_begin, cache_end;
|
2016-01-15 02:50:09 +08:00
|
|
|
DTLS *dtls;
|
2013-05-20 19:06:50 +08:00
|
|
|
bool thread_found = GetThreadRangesLocked(os_id, &stack_begin, &stack_end,
|
|
|
|
|
&tls_begin, &tls_end,
|
2016-01-15 02:50:09 +08:00
|
|
|
&cache_begin, &cache_end, &dtls);
|
2013-05-20 19:06:50 +08:00
|
|
|
if (!thread_found) {
|
|
|
|
|
// If a thread can't be found in the thread registry, it's probably in the
|
|
|
|
|
// process of destruction. Log this event and move on.
|
2013-12-26 01:14:40 +08:00
|
|
|
LOG_THREADS("Thread %d not found in registry.\n", os_id);
|
2013-05-20 19:06:50 +08:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
uptr sp;
|
2017-04-06 15:42:27 +08:00
|
|
|
PtraceRegistersStatus have_registers =
|
|
|
|
|
suspended_threads.GetRegistersAndSP(i, registers.data(), &sp);
|
|
|
|
|
if (have_registers != REGISTERS_AVAILABLE) {
|
|
|
|
|
Report("Unable to get registers from thread %d.\n", os_id);
|
|
|
|
|
// If unable to get SP, consider the entire stack to be reachable unless
|
|
|
|
|
// GetRegistersAndSP failed with ESRCH.
|
|
|
|
|
if (have_registers == REGISTERS_UNAVAILABLE_FATAL) continue;
|
2013-05-20 19:06:50 +08:00
|
|
|
sp = stack_begin;
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-27 19:41:46 +08:00
|
|
|
if (flags()->use_registers && have_registers)
|
2013-05-20 19:06:50 +08:00
|
|
|
ScanRangeForPointers(registers_begin, registers_end, frontier,
|
|
|
|
|
"REGISTERS", kReachable);
|
|
|
|
|
|
2013-05-27 19:41:46 +08:00
|
|
|
if (flags()->use_stacks) {
|
2013-12-26 01:14:40 +08:00
|
|
|
LOG_THREADS("Stack at %p-%p (SP = %p).\n", stack_begin, stack_end, sp);
|
2013-05-20 19:06:50 +08:00
|
|
|
if (sp < stack_begin || sp >= stack_end) {
|
|
|
|
|
// SP is outside the recorded stack range (e.g. the thread is running a
|
2016-02-12 02:07:17 +08:00
|
|
|
// signal handler on alternate stack, or swapcontext was used).
|
|
|
|
|
// Again, consider the entire stack range to be reachable.
|
2013-12-26 01:14:40 +08:00
|
|
|
LOG_THREADS("WARNING: stack pointer not in stack range.\n");
|
2016-02-12 02:07:17 +08:00
|
|
|
uptr page_size = GetPageSizeCached();
|
|
|
|
|
int skipped = 0;
|
|
|
|
|
while (stack_begin < stack_end &&
|
|
|
|
|
!IsAccessibleMemoryRange(stack_begin, 1)) {
|
|
|
|
|
skipped++;
|
|
|
|
|
stack_begin += page_size;
|
|
|
|
|
}
|
|
|
|
|
LOG_THREADS("Skipped %d guard page(s) to obtain stack %p-%p.\n",
|
|
|
|
|
skipped, stack_begin, stack_end);
|
2013-05-20 19:06:50 +08:00
|
|
|
} else {
|
|
|
|
|
// Shrink the stack range to ignore out-of-scope values.
|
|
|
|
|
stack_begin = sp;
|
|
|
|
|
}
|
|
|
|
|
ScanRangeForPointers(stack_begin, stack_end, frontier, "STACK",
|
|
|
|
|
kReachable);
|
2013-10-14 22:04:50 +08:00
|
|
|
ForEachExtraStackRange(os_id, ForEachExtraStackRangeCb, frontier);
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
|
2013-05-27 19:41:46 +08:00
|
|
|
if (flags()->use_tls) {
|
Implement tls scanning for darwin LSan
Summary:
This required for any users who call exit() after creating
thread-specific data, as tls destructors are only called when
pthread_exit() or pthread_cancel() are used. This should also
match tls behavior on linux.
Getting the base address of the tls section is straightforward,
as it's stored as a section offset in %gs. The size is a bit trickier
to work out, as there doesn't appear to be any official documentation
or source code referring to it. The size used in this patch was determined
by taking the difference between the base address and the address of the
subsequent memory region returned by vm_region_recurse_64, which was
1024 * sizeof(uptr) on all threads except the main thread, where it was
larger. Since the section must be the same size on all of the threads,
1024 * sizeof(uptr) seemed to be a reasonable size to use, barring
a more programtic way to get the size.
1024 seems like a reasonable number, given that PTHREAD_KEYS_MAX
is 512 on darwin, so pthread keys will fit inside the region while
leaving space for other tls data. A larger size would overflow the
memory region returned by vm_region_recurse_64, and a smaller size
wouldn't leave room for all the pthread keys. In addition, the
stress test added here passes, which means that we are scanning at
least the full set of possible pthread keys, and probably
the full tls section.
Reviewers: alekseyshl, kubamracek
Subscribers: krytarowski, llvm-commits
Differential Revision: https://reviews.llvm.org/D33215
llvm-svn: 303887
2017-05-26 01:41:13 +08:00
|
|
|
if (tls_begin) {
|
|
|
|
|
LOG_THREADS("TLS at %p-%p.\n", tls_begin, tls_end);
|
|
|
|
|
// If the tls and cache ranges don't overlap, scan full tls range,
|
|
|
|
|
// otherwise, only scan the non-overlapping portions
|
|
|
|
|
if (cache_begin == cache_end || tls_end < cache_begin ||
|
2017-05-26 03:55:44 +08:00
|
|
|
tls_begin > cache_end) {
|
Implement tls scanning for darwin LSan
Summary:
This required for any users who call exit() after creating
thread-specific data, as tls destructors are only called when
pthread_exit() or pthread_cancel() are used. This should also
match tls behavior on linux.
Getting the base address of the tls section is straightforward,
as it's stored as a section offset in %gs. The size is a bit trickier
to work out, as there doesn't appear to be any official documentation
or source code referring to it. The size used in this patch was determined
by taking the difference between the base address and the address of the
subsequent memory region returned by vm_region_recurse_64, which was
1024 * sizeof(uptr) on all threads except the main thread, where it was
larger. Since the section must be the same size on all of the threads,
1024 * sizeof(uptr) seemed to be a reasonable size to use, barring
a more programtic way to get the size.
1024 seems like a reasonable number, given that PTHREAD_KEYS_MAX
is 512 on darwin, so pthread keys will fit inside the region while
leaving space for other tls data. A larger size would overflow the
memory region returned by vm_region_recurse_64, and a smaller size
wouldn't leave room for all the pthread keys. In addition, the
stress test added here passes, which means that we are scanning at
least the full set of possible pthread keys, and probably
the full tls section.
Reviewers: alekseyshl, kubamracek
Subscribers: krytarowski, llvm-commits
Differential Revision: https://reviews.llvm.org/D33215
llvm-svn: 303887
2017-05-26 01:41:13 +08:00
|
|
|
ScanRangeForPointers(tls_begin, tls_end, frontier, "TLS", kReachable);
|
|
|
|
|
} else {
|
|
|
|
|
if (tls_begin < cache_begin)
|
|
|
|
|
ScanRangeForPointers(tls_begin, cache_begin, frontier, "TLS",
|
|
|
|
|
kReachable);
|
|
|
|
|
if (tls_end > cache_end)
|
|
|
|
|
ScanRangeForPointers(cache_end, tls_end, frontier, "TLS",
|
|
|
|
|
kReachable);
|
|
|
|
|
}
|
2013-05-25 02:07:53 +08:00
|
|
|
}
|
2017-04-06 15:42:27 +08:00
|
|
|
if (dtls && !DTLSInDestruction(dtls)) {
|
2016-01-15 02:50:09 +08:00
|
|
|
for (uptr j = 0; j < dtls->dtv_size; ++j) {
|
|
|
|
|
uptr dtls_beg = dtls->dtv[j].beg;
|
|
|
|
|
uptr dtls_end = dtls_beg + dtls->dtv[j].size;
|
|
|
|
|
if (dtls_beg < dtls_end) {
|
|
|
|
|
LOG_THREADS("DTLS %zu at %p-%p.\n", j, dtls_beg, dtls_end);
|
|
|
|
|
ScanRangeForPointers(dtls_beg, dtls_end, frontier, "DTLS",
|
|
|
|
|
kReachable);
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-04-06 15:42:27 +08:00
|
|
|
} else {
|
|
|
|
|
// We are handling a thread with DTLS under destruction. Log about
|
|
|
|
|
// this and continue.
|
|
|
|
|
LOG_THREADS("Thread %d has DTLS under destruction.\n", os_id);
|
2016-01-15 02:50:09 +08:00
|
|
|
}
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-20 05:25:06 +08:00
|
|
|
void ScanRootRegion(Frontier *frontier, const RootRegion &root_region,
|
2017-07-12 02:54:00 +08:00
|
|
|
uptr region_begin, uptr region_end, bool is_readable) {
|
2017-04-20 05:11:08 +08:00
|
|
|
uptr intersection_begin = Max(root_region.begin, region_begin);
|
|
|
|
|
uptr intersection_end = Min(region_end, root_region.begin + root_region.size);
|
|
|
|
|
if (intersection_begin >= intersection_end) return;
|
|
|
|
|
LOG_POINTERS("Root region %p-%p intersects with mapped region %p-%p (%s)\n",
|
|
|
|
|
root_region.begin, root_region.begin + root_region.size,
|
|
|
|
|
region_begin, region_end,
|
|
|
|
|
is_readable ? "readable" : "unreadable");
|
|
|
|
|
if (is_readable)
|
|
|
|
|
ScanRangeForPointers(intersection_begin, intersection_end, frontier, "ROOT",
|
|
|
|
|
kReachable);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void ProcessRootRegion(Frontier *frontier,
|
2017-04-20 05:25:06 +08:00
|
|
|
const RootRegion &root_region) {
|
2017-04-20 05:11:08 +08:00
|
|
|
MemoryMappingLayout proc_maps(/*cache_enabled*/ true);
|
2017-07-12 02:54:00 +08:00
|
|
|
MemoryMappedSegment segment;
|
|
|
|
|
while (proc_maps.Next(&segment)) {
|
|
|
|
|
ScanRootRegion(frontier, root_region, segment.start, segment.end,
|
|
|
|
|
segment.IsReadable());
|
2013-12-17 19:11:23 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Scans root regions for heap pointers.
|
|
|
|
|
static void ProcessRootRegions(Frontier *frontier) {
|
|
|
|
|
if (!flags()->use_root_regions) return;
|
|
|
|
|
CHECK(root_regions);
|
|
|
|
|
for (uptr i = 0; i < root_regions->size(); i++) {
|
2017-04-20 05:11:08 +08:00
|
|
|
ProcessRootRegion(frontier, (*root_regions)[i]);
|
2013-12-17 19:11:23 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-14 18:07:56 +08:00
|
|
|
static void FloodFillTag(Frontier *frontier, ChunkTag tag) {
|
2013-05-20 19:06:50 +08:00
|
|
|
while (frontier->size()) {
|
|
|
|
|
uptr next_chunk = frontier->back();
|
|
|
|
|
frontier->pop_back();
|
2013-06-24 16:34:50 +08:00
|
|
|
LsanMetadata m(next_chunk);
|
2013-05-20 19:06:50 +08:00
|
|
|
ScanRangeForPointers(next_chunk, next_chunk + m.requested_size(), frontier,
|
2013-06-03 19:21:34 +08:00
|
|
|
"HEAP", tag);
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-24 16:34:50 +08:00
|
|
|
// ForEachChunk callback. If the chunk is marked as leaked, marks all chunks
|
|
|
|
|
// which are reachable from it as indirectly leaked.
|
|
|
|
|
static void MarkIndirectlyLeakedCb(uptr chunk, void *arg) {
|
|
|
|
|
chunk = GetUserBegin(chunk);
|
|
|
|
|
LsanMetadata m(chunk);
|
2013-05-20 19:06:50 +08:00
|
|
|
if (m.allocated() && m.tag() != kReachable) {
|
2013-06-24 16:34:50 +08:00
|
|
|
ScanRangeForPointers(chunk, chunk + m.requested_size(),
|
2015-04-25 00:53:15 +08:00
|
|
|
/* frontier */ nullptr, "HEAP", kIndirectlyLeaked);
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-24 16:34:50 +08:00
|
|
|
// ForEachChunk callback. If chunk is marked as ignored, adds its address to
|
|
|
|
|
// frontier.
|
|
|
|
|
static void CollectIgnoredCb(uptr chunk, void *arg) {
|
|
|
|
|
CHECK(arg);
|
|
|
|
|
chunk = GetUserBegin(chunk);
|
|
|
|
|
LsanMetadata m(chunk);
|
2015-04-25 00:53:15 +08:00
|
|
|
if (m.allocated() && m.tag() == kIgnored) {
|
|
|
|
|
LOG_POINTERS("Ignored: chunk %p-%p of size %zu.\n",
|
|
|
|
|
chunk, chunk + m.requested_size(), m.requested_size());
|
2013-06-24 16:34:50 +08:00
|
|
|
reinterpret_cast<Frontier *>(arg)->push_back(chunk);
|
2015-04-25 00:53:15 +08:00
|
|
|
}
|
2013-06-03 19:21:34 +08:00
|
|
|
}
|
|
|
|
|
|
2017-04-19 22:00:35 +08:00
|
|
|
static uptr GetCallerPC(u32 stack_id, StackDepotReverseMap *map) {
|
|
|
|
|
CHECK(stack_id);
|
|
|
|
|
StackTrace stack = map->Get(stack_id);
|
|
|
|
|
// The top frame is our malloc/calloc/etc. The next frame is the caller.
|
|
|
|
|
if (stack.size >= 2)
|
|
|
|
|
return stack.trace[1];
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct InvalidPCParam {
|
|
|
|
|
Frontier *frontier;
|
|
|
|
|
StackDepotReverseMap *stack_depot_reverse_map;
|
|
|
|
|
bool skip_linker_allocations;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// ForEachChunk callback. If the caller pc is invalid or is within the linker,
|
|
|
|
|
// mark as reachable. Called by ProcessPlatformSpecificAllocations.
|
|
|
|
|
static void MarkInvalidPCCb(uptr chunk, void *arg) {
|
|
|
|
|
CHECK(arg);
|
|
|
|
|
InvalidPCParam *param = reinterpret_cast<InvalidPCParam *>(arg);
|
|
|
|
|
chunk = GetUserBegin(chunk);
|
|
|
|
|
LsanMetadata m(chunk);
|
|
|
|
|
if (m.allocated() && m.tag() != kReachable && m.tag() != kIgnored) {
|
|
|
|
|
u32 stack_id = m.stack_trace_id();
|
|
|
|
|
uptr caller_pc = 0;
|
|
|
|
|
if (stack_id > 0)
|
|
|
|
|
caller_pc = GetCallerPC(stack_id, param->stack_depot_reverse_map);
|
|
|
|
|
// If caller_pc is unknown, this chunk may be allocated in a coroutine. Mark
|
|
|
|
|
// it as reachable, as we can't properly report its allocation stack anyway.
|
|
|
|
|
if (caller_pc == 0 || (param->skip_linker_allocations &&
|
|
|
|
|
GetLinker()->containsAddress(caller_pc))) {
|
|
|
|
|
m.set_tag(kReachable);
|
|
|
|
|
param->frontier->push_back(chunk);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-06 06:53:17 +08:00
|
|
|
// On Linux, handles dynamically allocated TLS blocks by treating all chunks
|
|
|
|
|
// allocated from ld-linux.so as reachable.
|
2017-04-19 22:00:35 +08:00
|
|
|
// Dynamic TLS blocks contain the TLS variables of dynamically loaded modules.
|
|
|
|
|
// They are allocated with a __libc_memalign() call in allocate_and_init()
|
|
|
|
|
// (elf/dl-tls.c). Glibc won't tell us the address ranges occupied by those
|
|
|
|
|
// blocks, but we can make sure they come from our own allocator by intercepting
|
|
|
|
|
// __libc_memalign(). On top of that, there is no easy way to reach them. Their
|
|
|
|
|
// addresses are stored in a dynamically allocated array (the DTV) which is
|
|
|
|
|
// referenced from the static TLS. Unfortunately, we can't just rely on the DTV
|
|
|
|
|
// being reachable from the static TLS, and the dynamic TLS being reachable from
|
|
|
|
|
// the DTV. This is because the initial DTV is allocated before our interception
|
|
|
|
|
// mechanism kicks in, and thus we don't recognize it as allocated memory. We
|
|
|
|
|
// can't special-case it either, since we don't know its size.
|
|
|
|
|
// Our solution is to include in the root set all allocations made from
|
|
|
|
|
// ld-linux.so (which is where allocate_and_init() is implemented). This is
|
|
|
|
|
// guaranteed to include all dynamic TLS blocks (and possibly other allocations
|
|
|
|
|
// which we don't care about).
|
|
|
|
|
// On all other platforms, this simply checks to ensure that the caller pc is
|
|
|
|
|
// valid before reporting chunks as leaked.
|
|
|
|
|
void ProcessPC(Frontier *frontier) {
|
|
|
|
|
StackDepotReverseMap stack_depot_reverse_map;
|
|
|
|
|
InvalidPCParam arg;
|
|
|
|
|
arg.frontier = frontier;
|
|
|
|
|
arg.stack_depot_reverse_map = &stack_depot_reverse_map;
|
|
|
|
|
arg.skip_linker_allocations =
|
|
|
|
|
flags()->use_tls && flags()->use_ld_allocations && GetLinker() != nullptr;
|
|
|
|
|
ForEachChunk(MarkInvalidPCCb, &arg);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-24 16:34:50 +08:00
|
|
|
// Sets the appropriate tag on each chunk.
|
2013-05-20 19:06:50 +08:00
|
|
|
static void ClassifyAllChunks(SuspendedThreadsList const &suspended_threads) {
|
|
|
|
|
// Holds the flood fill frontier.
|
2013-12-26 01:14:40 +08:00
|
|
|
Frontier frontier(1);
|
2013-05-20 19:06:50 +08:00
|
|
|
|
2015-04-25 00:53:15 +08:00
|
|
|
ForEachChunk(CollectIgnoredCb, &frontier);
|
2013-12-26 01:14:40 +08:00
|
|
|
ProcessGlobalRegions(&frontier);
|
2013-05-20 19:06:50 +08:00
|
|
|
ProcessThreads(suspended_threads, &frontier);
|
2013-12-17 19:11:23 +08:00
|
|
|
ProcessRootRegions(&frontier);
|
2013-06-03 19:21:34 +08:00
|
|
|
FloodFillTag(&frontier, kReachable);
|
2015-04-25 00:53:15 +08:00
|
|
|
|
2017-04-19 22:00:35 +08:00
|
|
|
CHECK_EQ(0, frontier.size());
|
|
|
|
|
ProcessPC(&frontier);
|
|
|
|
|
|
2013-06-03 19:21:34 +08:00
|
|
|
// The check here is relatively expensive, so we do this in a separate flood
|
|
|
|
|
// fill. That way we can skip the check for chunks that are reachable
|
|
|
|
|
// otherwise.
|
2013-12-26 01:14:40 +08:00
|
|
|
LOG_POINTERS("Processing platform-specific allocations.\n");
|
2013-05-20 19:06:50 +08:00
|
|
|
ProcessPlatformSpecificAllocations(&frontier);
|
2013-06-03 19:21:34 +08:00
|
|
|
FloodFillTag(&frontier, kReachable);
|
2013-05-20 19:06:50 +08:00
|
|
|
|
2013-06-03 19:21:34 +08:00
|
|
|
// Iterate over leaked chunks and mark those that are reachable from other
|
|
|
|
|
// leaked chunks.
|
2013-12-26 01:14:40 +08:00
|
|
|
LOG_POINTERS("Scanning leaked chunks.\n");
|
2015-04-25 00:53:15 +08:00
|
|
|
ForEachChunk(MarkIndirectlyLeakedCb, nullptr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ForEachChunk callback. Resets the tags to pre-leak-check state.
|
|
|
|
|
static void ResetTagsCb(uptr chunk, void *arg) {
|
|
|
|
|
(void)arg;
|
|
|
|
|
chunk = GetUserBegin(chunk);
|
|
|
|
|
LsanMetadata m(chunk);
|
|
|
|
|
if (m.allocated() && m.tag() != kIgnored)
|
|
|
|
|
m.set_tag(kDirectlyLeaked);
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void PrintStackTraceById(u32 stack_trace_id) {
|
|
|
|
|
CHECK(stack_trace_id);
|
2014-10-26 11:35:14 +08:00
|
|
|
StackDepotGet(stack_trace_id).Print();
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
|
2013-12-26 01:14:40 +08:00
|
|
|
// ForEachChunk callback. Aggregates information about unreachable chunks into
|
|
|
|
|
// a LeakReport.
|
2013-06-24 16:34:50 +08:00
|
|
|
static void CollectLeaksCb(uptr chunk, void *arg) {
|
|
|
|
|
CHECK(arg);
|
|
|
|
|
LeakReport *leak_report = reinterpret_cast<LeakReport *>(arg);
|
|
|
|
|
chunk = GetUserBegin(chunk);
|
|
|
|
|
LsanMetadata m(chunk);
|
2013-05-20 19:06:50 +08:00
|
|
|
if (!m.allocated()) return;
|
2013-06-03 19:21:34 +08:00
|
|
|
if (m.tag() == kDirectlyLeaked || m.tag() == kIndirectlyLeaked) {
|
2015-01-22 21:33:16 +08:00
|
|
|
u32 resolution = flags()->resolution;
|
2013-12-24 20:03:02 +08:00
|
|
|
u32 stack_trace_id = 0;
|
2013-05-20 19:06:50 +08:00
|
|
|
if (resolution > 0) {
|
2014-10-26 11:35:14 +08:00
|
|
|
StackTrace stack = StackDepotGet(m.stack_trace_id());
|
2014-10-26 14:23:07 +08:00
|
|
|
stack.size = Min(stack.size, resolution);
|
|
|
|
|
stack_trace_id = StackDepotPut(stack);
|
2013-05-20 19:06:50 +08:00
|
|
|
} else {
|
2013-12-24 20:03:02 +08:00
|
|
|
stack_trace_id = m.stack_trace_id();
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
2013-12-24 20:42:15 +08:00
|
|
|
leak_report->AddLeakedChunk(chunk, stack_trace_id, m.requested_size(),
|
|
|
|
|
m.tag());
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-28 22:38:31 +08:00
|
|
|
static void PrintMatchedSuppressions() {
|
|
|
|
|
InternalMmapVector<Suppression *> matched(1);
|
2015-02-21 01:41:59 +08:00
|
|
|
GetSuppressionContext()->GetMatched(&matched);
|
2013-06-28 22:38:31 +08:00
|
|
|
if (!matched.size())
|
|
|
|
|
return;
|
|
|
|
|
const char *line = "-----------------------------------------------------";
|
|
|
|
|
Printf("%s\n", line);
|
|
|
|
|
Printf("Suppressions used:\n");
|
|
|
|
|
Printf(" count bytes template\n");
|
|
|
|
|
for (uptr i = 0; i < matched.size(); i++)
|
2015-09-03 19:20:46 +08:00
|
|
|
Printf("%7zu %10zu %s\n", static_cast<uptr>(atomic_load_relaxed(
|
|
|
|
|
&matched[i]->hit_count)), matched[i]->weight, matched[i]->templ);
|
2013-06-28 22:38:31 +08:00
|
|
|
Printf("%s\n\n", line);
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-25 00:53:15 +08:00
|
|
|
struct CheckForLeaksParam {
|
2013-06-19 22:04:11 +08:00
|
|
|
bool success;
|
|
|
|
|
LeakReport leak_report;
|
2013-05-24 21:16:02 +08:00
|
|
|
};
|
|
|
|
|
|
2015-04-25 00:53:15 +08:00
|
|
|
static void CheckForLeaksCallback(const SuspendedThreadsList &suspended_threads,
|
|
|
|
|
void *arg) {
|
|
|
|
|
CheckForLeaksParam *param = reinterpret_cast<CheckForLeaksParam *>(arg);
|
2013-06-19 22:04:11 +08:00
|
|
|
CHECK(param);
|
|
|
|
|
CHECK(!param->success);
|
2013-05-20 19:06:50 +08:00
|
|
|
ClassifyAllChunks(suspended_threads);
|
2013-06-24 16:34:50 +08:00
|
|
|
ForEachChunk(CollectLeaksCb, ¶m->leak_report);
|
2015-04-25 00:53:15 +08:00
|
|
|
// Clean up for subsequent leak checks. This assumes we did not overwrite any
|
|
|
|
|
// kIgnored tags.
|
|
|
|
|
ForEachChunk(ResetTagsCb, nullptr);
|
2013-06-19 22:04:11 +08:00
|
|
|
param->success = true;
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
|
2015-04-25 00:53:15 +08:00
|
|
|
static bool CheckForLeaks() {
|
2014-01-15 16:04:21 +08:00
|
|
|
if (&__lsan_is_turned_off && __lsan_is_turned_off())
|
2015-04-25 00:53:15 +08:00
|
|
|
return false;
|
|
|
|
|
EnsureMainThreadIDIsCorrect();
|
|
|
|
|
CheckForLeaksParam param;
|
2013-06-19 22:04:11 +08:00
|
|
|
param.success = false;
|
2013-06-03 19:21:34 +08:00
|
|
|
LockThreadRegistry();
|
|
|
|
|
LockAllocator();
|
2015-04-25 00:53:15 +08:00
|
|
|
DoStopTheWorld(CheckForLeaksCallback, ¶m);
|
2013-06-03 19:21:34 +08:00
|
|
|
UnlockAllocator();
|
|
|
|
|
UnlockThreadRegistry();
|
2013-06-19 22:04:11 +08:00
|
|
|
|
|
|
|
|
if (!param.success) {
|
2013-05-24 21:16:02 +08:00
|
|
|
Report("LeakSanitizer has encountered a fatal error.\n");
|
2016-02-13 04:20:51 +08:00
|
|
|
Report(
|
|
|
|
|
"HINT: For debugging, try setting environment variable "
|
|
|
|
|
"LSAN_OPTIONS=verbosity=1:log_threads=1\n");
|
2016-10-14 06:34:13 +08:00
|
|
|
Report(
|
|
|
|
|
"HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)\n");
|
2013-05-24 21:16:02 +08:00
|
|
|
Die();
|
2013-06-19 22:04:11 +08:00
|
|
|
}
|
2013-12-24 20:42:15 +08:00
|
|
|
param.leak_report.ApplySuppressions();
|
|
|
|
|
uptr unsuppressed_count = param.leak_report.UnsuppressedLeakCount();
|
|
|
|
|
if (unsuppressed_count > 0) {
|
2013-09-03 21:31:03 +08:00
|
|
|
Decorator d;
|
2013-06-28 23:05:16 +08:00
|
|
|
Printf("\n"
|
|
|
|
|
"================================================================="
|
2013-06-19 22:04:11 +08:00
|
|
|
"\n");
|
2013-09-03 21:31:03 +08:00
|
|
|
Printf("%s", d.Error());
|
2013-06-19 22:04:11 +08:00
|
|
|
Report("ERROR: LeakSanitizer: detected memory leaks\n");
|
2017-09-12 04:55:49 +08:00
|
|
|
Printf("%s", d.Default());
|
2013-12-24 20:42:15 +08:00
|
|
|
param.leak_report.ReportTopLeaks(flags()->max_leaks);
|
2013-06-28 23:05:16 +08:00
|
|
|
}
|
2014-07-31 05:33:04 +08:00
|
|
|
if (common_flags()->print_suppressions)
|
2013-06-28 22:38:31 +08:00
|
|
|
PrintMatchedSuppressions();
|
2013-12-24 20:42:15 +08:00
|
|
|
if (unsuppressed_count > 0) {
|
2013-06-19 22:04:11 +08:00
|
|
|
param.leak_report.PrintSummary();
|
2015-04-25 00:53:15 +08:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
Don't call exit() from atexit handlers on Darwin
Summary:
Calling exit() from an atexit handler is undefined behavior.
On Linux, it's unavoidable, since we cannot intercept exit (_exit isn't called
if a user program uses return instead of exit()), and I haven't
seen it cause issues regardless.
However, on Darwin, I have a fairly complex internal test that hangs roughly
once in every 300 runs after leak reporting finishes, which is resolved with
this patch, and is presumably due to the undefined behavior (since the Die() is
the only thing that happens after the end of leak reporting).
In addition, this is the way TSan works as well, where an atexit handler+Die()
is used on Linux, and an _exit() interceptor is used on Darwin. I'm not sure if it's
intentionally structured that way in TSan, since TSan sets up the atexit handler and the
_exit() interceptor on both platforms, but I have observed that on Darwin, only the
_exit() interceptor is used, and on Linux the atexit handler is used.
There is some additional related discussion here: https://reviews.llvm.org/D35085
Reviewers: alekseyshl, kubamracek
Subscribers: eugenis, vsk, llvm-commits
Differential Revision: https://reviews.llvm.org/D35513
llvm-svn: 308353
2017-07-19 04:18:32 +08:00
|
|
|
static bool has_reported_leaks = false;
|
|
|
|
|
bool HasReportedLeaks() { return has_reported_leaks; }
|
|
|
|
|
|
2015-04-25 00:53:15 +08:00
|
|
|
void DoLeakCheck() {
|
|
|
|
|
BlockingMutexLock l(&global_mutex);
|
|
|
|
|
static bool already_done;
|
|
|
|
|
if (already_done) return;
|
|
|
|
|
already_done = true;
|
Don't call exit() from atexit handlers on Darwin
Summary:
Calling exit() from an atexit handler is undefined behavior.
On Linux, it's unavoidable, since we cannot intercept exit (_exit isn't called
if a user program uses return instead of exit()), and I haven't
seen it cause issues regardless.
However, on Darwin, I have a fairly complex internal test that hangs roughly
once in every 300 runs after leak reporting finishes, which is resolved with
this patch, and is presumably due to the undefined behavior (since the Die() is
the only thing that happens after the end of leak reporting).
In addition, this is the way TSan works as well, where an atexit handler+Die()
is used on Linux, and an _exit() interceptor is used on Darwin. I'm not sure if it's
intentionally structured that way in TSan, since TSan sets up the atexit handler and the
_exit() interceptor on both platforms, but I have observed that on Darwin, only the
_exit() interceptor is used, and on Linux the atexit handler is used.
There is some additional related discussion here: https://reviews.llvm.org/D35085
Reviewers: alekseyshl, kubamracek
Subscribers: eugenis, vsk, llvm-commits
Differential Revision: https://reviews.llvm.org/D35513
llvm-svn: 308353
2017-07-19 04:18:32 +08:00
|
|
|
has_reported_leaks = CheckForLeaks();
|
|
|
|
|
if (has_reported_leaks) HandleLeaks();
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
|
2015-04-25 00:53:15 +08:00
|
|
|
static int DoRecoverableLeakCheck() {
|
|
|
|
|
BlockingMutexLock l(&global_mutex);
|
|
|
|
|
bool have_leaks = CheckForLeaks();
|
|
|
|
|
return have_leaks ? 1 : 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-22 15:11:43 +08:00
|
|
|
void DoRecoverableLeakCheckVoid() { DoRecoverableLeakCheck(); }
|
|
|
|
|
|
2013-06-28 22:38:31 +08:00
|
|
|
static Suppression *GetSuppressionForAddr(uptr addr) {
|
2014-12-03 03:48:40 +08:00
|
|
|
Suppression *s = nullptr;
|
2013-12-26 04:15:46 +08:00
|
|
|
|
|
|
|
|
// Suppress by module name.
|
2015-02-21 01:41:59 +08:00
|
|
|
SuppressionContext *suppressions = GetSuppressionContext();
|
2015-03-05 09:30:36 +08:00
|
|
|
if (const char *module_name =
|
|
|
|
|
Symbolizer::GetOrInit()->GetModuleNameForPc(addr))
|
|
|
|
|
if (suppressions->Match(module_name, kSuppressionLeak, &s))
|
|
|
|
|
return s;
|
2013-12-26 04:15:46 +08:00
|
|
|
|
|
|
|
|
// Suppress by file or function name.
|
2014-12-03 03:48:40 +08:00
|
|
|
SymbolizedStack *frames = Symbolizer::GetOrInit()->SymbolizePC(addr);
|
|
|
|
|
for (SymbolizedStack *cur = frames; cur; cur = cur->next) {
|
2015-02-21 01:41:59 +08:00
|
|
|
if (suppressions->Match(cur->info.function, kSuppressionLeak, &s) ||
|
|
|
|
|
suppressions->Match(cur->info.file, kSuppressionLeak, &s)) {
|
2014-12-03 03:48:40 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2013-06-28 22:38:31 +08:00
|
|
|
}
|
2014-12-03 03:48:40 +08:00
|
|
|
frames->ClearAll();
|
|
|
|
|
return s;
|
2013-06-28 22:38:31 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static Suppression *GetSuppressionForStack(u32 stack_trace_id) {
|
2014-10-26 11:35:14 +08:00
|
|
|
StackTrace stack = StackDepotGet(stack_trace_id);
|
|
|
|
|
for (uptr i = 0; i < stack.size; i++) {
|
|
|
|
|
Suppression *s = GetSuppressionForAddr(
|
|
|
|
|
StackTrace::GetPreviousInstructionPc(stack.trace[i]));
|
2013-06-28 22:38:31 +08:00
|
|
|
if (s) return s;
|
|
|
|
|
}
|
2015-10-01 08:22:21 +08:00
|
|
|
return nullptr;
|
2013-06-28 22:38:31 +08:00
|
|
|
}
|
|
|
|
|
|
2013-05-20 19:06:50 +08:00
|
|
|
///// LeakReport implementation. /////
|
|
|
|
|
|
|
|
|
|
// A hard limit on the number of distinct leaks, to avoid quadratic complexity
|
2013-12-24 20:42:15 +08:00
|
|
|
// in LeakReport::AddLeakedChunk(). We don't expect to ever see this many leaks
|
|
|
|
|
// in real-world applications.
|
2013-05-20 19:06:50 +08:00
|
|
|
// FIXME: Get rid of this limit by changing the implementation of LeakReport to
|
|
|
|
|
// use a hash table.
|
2013-07-12 20:31:22 +08:00
|
|
|
const uptr kMaxLeaksConsidered = 5000;
|
2013-05-20 19:06:50 +08:00
|
|
|
|
2013-12-24 20:42:15 +08:00
|
|
|
void LeakReport::AddLeakedChunk(uptr chunk, u32 stack_trace_id,
|
|
|
|
|
uptr leaked_size, ChunkTag tag) {
|
2013-05-20 19:06:50 +08:00
|
|
|
CHECK(tag == kDirectlyLeaked || tag == kIndirectlyLeaked);
|
|
|
|
|
bool is_directly_leaked = (tag == kDirectlyLeaked);
|
2013-12-24 20:03:02 +08:00
|
|
|
uptr i;
|
|
|
|
|
for (i = 0; i < leaks_.size(); i++) {
|
2013-05-20 19:06:50 +08:00
|
|
|
if (leaks_[i].stack_trace_id == stack_trace_id &&
|
|
|
|
|
leaks_[i].is_directly_leaked == is_directly_leaked) {
|
|
|
|
|
leaks_[i].hit_count++;
|
|
|
|
|
leaks_[i].total_size += leaked_size;
|
2013-12-24 20:03:02 +08:00
|
|
|
break;
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
2013-12-24 20:03:02 +08:00
|
|
|
}
|
|
|
|
|
if (i == leaks_.size()) {
|
|
|
|
|
if (leaks_.size() == kMaxLeaksConsidered) return;
|
|
|
|
|
Leak leak = { next_id_++, /* hit_count */ 1, leaked_size, stack_trace_id,
|
|
|
|
|
is_directly_leaked, /* is_suppressed */ false };
|
|
|
|
|
leaks_.push_back(leak);
|
|
|
|
|
}
|
|
|
|
|
if (flags()->report_objects) {
|
|
|
|
|
LeakedObject obj = {leaks_[i].id, chunk, leaked_size};
|
|
|
|
|
leaked_objects_.push_back(obj);
|
|
|
|
|
}
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
|
2013-07-22 19:18:32 +08:00
|
|
|
static bool LeakComparator(const Leak &leak1, const Leak &leak2) {
|
|
|
|
|
if (leak1.is_directly_leaked == leak2.is_directly_leaked)
|
|
|
|
|
return leak1.total_size > leak2.total_size;
|
|
|
|
|
else
|
|
|
|
|
return leak1.is_directly_leaked;
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
|
2013-12-24 20:42:15 +08:00
|
|
|
void LeakReport::ReportTopLeaks(uptr num_leaks_to_report) {
|
2013-05-20 19:06:50 +08:00
|
|
|
CHECK(leaks_.size() <= kMaxLeaksConsidered);
|
|
|
|
|
Printf("\n");
|
|
|
|
|
if (leaks_.size() == kMaxLeaksConsidered)
|
2013-06-21 23:10:20 +08:00
|
|
|
Printf("Too many leaks! Only the first %zu leaks encountered will be "
|
2013-05-20 19:06:50 +08:00
|
|
|
"reported.\n",
|
|
|
|
|
kMaxLeaksConsidered);
|
2013-06-28 22:38:31 +08:00
|
|
|
|
2013-12-24 20:42:15 +08:00
|
|
|
uptr unsuppressed_count = UnsuppressedLeakCount();
|
|
|
|
|
if (num_leaks_to_report > 0 && num_leaks_to_report < unsuppressed_count)
|
|
|
|
|
Printf("The %zu top leak(s):\n", num_leaks_to_report);
|
2013-07-22 19:18:32 +08:00
|
|
|
InternalSort(&leaks_, leaks_.size(), LeakComparator);
|
2013-12-24 20:42:15 +08:00
|
|
|
uptr leaks_reported = 0;
|
2013-06-28 22:38:31 +08:00
|
|
|
for (uptr i = 0; i < leaks_.size(); i++) {
|
|
|
|
|
if (leaks_[i].is_suppressed) continue;
|
2013-12-24 20:42:15 +08:00
|
|
|
PrintReportForLeak(i);
|
|
|
|
|
leaks_reported++;
|
|
|
|
|
if (leaks_reported == num_leaks_to_report) break;
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
2013-12-24 20:42:15 +08:00
|
|
|
if (leaks_reported < unsuppressed_count) {
|
|
|
|
|
uptr remaining = unsuppressed_count - leaks_reported;
|
2013-06-21 23:10:20 +08:00
|
|
|
Printf("Omitting %zu more leak(s).\n", remaining);
|
2013-05-20 19:06:50 +08:00
|
|
|
}
|
|
|
|
|
}
|
2013-05-21 23:35:34 +08:00
|
|
|
|
2013-12-24 20:42:15 +08:00
|
|
|
void LeakReport::PrintReportForLeak(uptr index) {
|
|
|
|
|
Decorator d;
|
|
|
|
|
Printf("%s", d.Leak());
|
|
|
|
|
Printf("%s leak of %zu byte(s) in %zu object(s) allocated from:\n",
|
|
|
|
|
leaks_[index].is_directly_leaked ? "Direct" : "Indirect",
|
|
|
|
|
leaks_[index].total_size, leaks_[index].hit_count);
|
2017-09-12 04:55:49 +08:00
|
|
|
Printf("%s", d.Default());
|
2013-12-24 20:42:15 +08:00
|
|
|
|
|
|
|
|
PrintStackTraceById(leaks_[index].stack_trace_id);
|
|
|
|
|
|
|
|
|
|
if (flags()->report_objects) {
|
|
|
|
|
Printf("Objects leaked above:\n");
|
|
|
|
|
PrintLeakedObjectsForLeak(index);
|
|
|
|
|
Printf("\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void LeakReport::PrintLeakedObjectsForLeak(uptr index) {
|
|
|
|
|
u32 leak_id = leaks_[index].id;
|
|
|
|
|
for (uptr j = 0; j < leaked_objects_.size(); j++) {
|
|
|
|
|
if (leaked_objects_[j].leak_id == leak_id)
|
|
|
|
|
Printf("%p (%zu bytes)\n", leaked_objects_[j].addr,
|
|
|
|
|
leaked_objects_[j].size);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-24 22:49:13 +08:00
|
|
|
void LeakReport::PrintSummary() {
|
|
|
|
|
CHECK(leaks_.size() <= kMaxLeaksConsidered);
|
2013-05-24 23:36:30 +08:00
|
|
|
uptr bytes = 0, allocations = 0;
|
2013-05-24 22:49:13 +08:00
|
|
|
for (uptr i = 0; i < leaks_.size(); i++) {
|
2013-06-28 22:38:31 +08:00
|
|
|
if (leaks_[i].is_suppressed) continue;
|
2013-05-24 23:36:30 +08:00
|
|
|
bytes += leaks_[i].total_size;
|
|
|
|
|
allocations += leaks_[i].hit_count;
|
2013-05-24 22:49:13 +08:00
|
|
|
}
|
2014-12-03 06:20:11 +08:00
|
|
|
InternalScopedString summary(kMaxSummaryLength);
|
|
|
|
|
summary.append("%zu byte(s) leaked in %zu allocation(s).", bytes,
|
|
|
|
|
allocations);
|
2013-11-02 01:02:14 +08:00
|
|
|
ReportErrorSummary(summary.data());
|
2013-05-24 22:49:13 +08:00
|
|
|
}
|
2013-06-28 22:38:31 +08:00
|
|
|
|
2013-12-24 20:42:15 +08:00
|
|
|
void LeakReport::ApplySuppressions() {
|
2013-06-28 22:38:31 +08:00
|
|
|
for (uptr i = 0; i < leaks_.size(); i++) {
|
|
|
|
|
Suppression *s = GetSuppressionForStack(leaks_[i].stack_trace_id);
|
|
|
|
|
if (s) {
|
|
|
|
|
s->weight += leaks_[i].total_size;
|
2015-09-03 19:20:46 +08:00
|
|
|
atomic_store_relaxed(&s->hit_count, atomic_load_relaxed(&s->hit_count) +
|
|
|
|
|
leaks_[i].hit_count);
|
2013-06-28 22:38:31 +08:00
|
|
|
leaks_[i].is_suppressed = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-12-24 20:42:15 +08:00
|
|
|
|
|
|
|
|
uptr LeakReport::UnsuppressedLeakCount() {
|
|
|
|
|
uptr result = 0;
|
|
|
|
|
for (uptr i = 0; i < leaks_.size(); i++)
|
|
|
|
|
if (!leaks_[i].is_suppressed) result++;
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-01 08:22:21 +08:00
|
|
|
} // namespace __lsan
|
2016-06-08 03:13:38 +08:00
|
|
|
#else // CAN_SANITIZE_LEAKS
|
|
|
|
|
namespace __lsan {
|
|
|
|
|
void InitCommonLsan() { }
|
|
|
|
|
void DoLeakCheck() { }
|
2017-09-22 15:11:43 +08:00
|
|
|
void DoRecoverableLeakCheckVoid() { }
|
2016-06-08 03:13:38 +08:00
|
|
|
void DisableInThisThread() { }
|
|
|
|
|
void EnableInThisThread() { }
|
|
|
|
|
}
|
2015-10-01 08:22:21 +08:00
|
|
|
#endif // CAN_SANITIZE_LEAKS
|
2013-06-06 22:17:56 +08:00
|
|
|
|
|
|
|
|
using namespace __lsan; // NOLINT
|
|
|
|
|
|
|
|
|
|
extern "C" {
|
2013-06-07 02:40:55 +08:00
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE
|
2013-06-06 22:17:56 +08:00
|
|
|
void __lsan_ignore_object(const void *p) {
|
2013-06-20 21:39:42 +08:00
|
|
|
#if CAN_SANITIZE_LEAKS
|
2013-10-22 03:35:00 +08:00
|
|
|
if (!common_flags()->detect_leaks)
|
|
|
|
|
return;
|
2013-06-06 22:17:56 +08:00
|
|
|
// Cannot use PointsIntoChunk or LsanMetadata here, since the allocator is not
|
|
|
|
|
// locked.
|
|
|
|
|
BlockingMutexLock l(&global_mutex);
|
|
|
|
|
IgnoreObjectResult res = IgnoreObjectLocked(p);
|
2013-12-18 02:18:32 +08:00
|
|
|
if (res == kIgnoreObjectInvalid)
|
|
|
|
|
VReport(1, "__lsan_ignore_object(): no heap object found at %p", p);
|
|
|
|
|
if (res == kIgnoreObjectAlreadyIgnored)
|
|
|
|
|
VReport(1, "__lsan_ignore_object(): "
|
2013-06-06 22:17:56 +08:00
|
|
|
"heap object at %p is already being ignored\n", p);
|
2013-12-18 02:18:32 +08:00
|
|
|
if (res == kIgnoreObjectSuccess)
|
|
|
|
|
VReport(1, "__lsan_ignore_object(): ignoring heap object at %p\n", p);
|
2015-10-01 08:22:21 +08:00
|
|
|
#endif // CAN_SANITIZE_LEAKS
|
2013-06-06 22:17:56 +08:00
|
|
|
}
|
2013-06-21 22:51:52 +08:00
|
|
|
|
2013-12-17 19:11:23 +08:00
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE
|
|
|
|
|
void __lsan_register_root_region(const void *begin, uptr size) {
|
|
|
|
|
#if CAN_SANITIZE_LEAKS
|
|
|
|
|
BlockingMutexLock l(&global_mutex);
|
|
|
|
|
CHECK(root_regions);
|
2017-04-20 05:11:08 +08:00
|
|
|
RootRegion region = {reinterpret_cast<uptr>(begin), size};
|
2013-12-17 19:11:23 +08:00
|
|
|
root_regions->push_back(region);
|
2013-12-18 02:18:32 +08:00
|
|
|
VReport(1, "Registered root region at %p of size %llu\n", begin, size);
|
2015-10-01 08:22:21 +08:00
|
|
|
#endif // CAN_SANITIZE_LEAKS
|
2013-12-17 19:11:23 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE
|
|
|
|
|
void __lsan_unregister_root_region(const void *begin, uptr size) {
|
|
|
|
|
#if CAN_SANITIZE_LEAKS
|
|
|
|
|
BlockingMutexLock l(&global_mutex);
|
|
|
|
|
CHECK(root_regions);
|
|
|
|
|
bool removed = false;
|
|
|
|
|
for (uptr i = 0; i < root_regions->size(); i++) {
|
|
|
|
|
RootRegion region = (*root_regions)[i];
|
2017-04-20 05:11:08 +08:00
|
|
|
if (region.begin == reinterpret_cast<uptr>(begin) && region.size == size) {
|
2013-12-17 19:11:23 +08:00
|
|
|
removed = true;
|
|
|
|
|
uptr last_index = root_regions->size() - 1;
|
|
|
|
|
(*root_regions)[i] = (*root_regions)[last_index];
|
|
|
|
|
root_regions->pop_back();
|
2013-12-18 02:18:32 +08:00
|
|
|
VReport(1, "Unregistered root region at %p of size %llu\n", begin, size);
|
2013-12-17 19:11:23 +08:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!removed) {
|
|
|
|
|
Report(
|
|
|
|
|
"__lsan_unregister_root_region(): region at %p of size %llu has not "
|
|
|
|
|
"been registered.\n",
|
|
|
|
|
begin, size);
|
|
|
|
|
Die();
|
|
|
|
|
}
|
2015-10-01 08:22:21 +08:00
|
|
|
#endif // CAN_SANITIZE_LEAKS
|
2013-12-17 19:11:23 +08:00
|
|
|
}
|
|
|
|
|
|
2013-06-21 22:51:52 +08:00
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE
|
|
|
|
|
void __lsan_disable() {
|
|
|
|
|
#if CAN_SANITIZE_LEAKS
|
2016-01-16 08:57:25 +08:00
|
|
|
__lsan::DisableInThisThread();
|
2013-06-21 22:51:52 +08:00
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE
|
|
|
|
|
void __lsan_enable() {
|
|
|
|
|
#if CAN_SANITIZE_LEAKS
|
2016-01-16 08:57:25 +08:00
|
|
|
__lsan::EnableInThisThread();
|
2013-06-21 22:51:52 +08:00
|
|
|
#endif
|
|
|
|
|
}
|
2013-06-27 17:35:50 +08:00
|
|
|
|
2013-07-18 22:06:07 +08:00
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE
|
|
|
|
|
void __lsan_do_leak_check() {
|
|
|
|
|
#if CAN_SANITIZE_LEAKS
|
2013-07-22 20:38:17 +08:00
|
|
|
if (common_flags()->detect_leaks)
|
|
|
|
|
__lsan::DoLeakCheck();
|
2015-10-01 08:22:21 +08:00
|
|
|
#endif // CAN_SANITIZE_LEAKS
|
2013-07-18 22:06:07 +08:00
|
|
|
}
|
|
|
|
|
|
2015-04-25 03:45:46 +08:00
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE
|
2015-04-25 00:53:15 +08:00
|
|
|
int __lsan_do_recoverable_leak_check() {
|
|
|
|
|
#if CAN_SANITIZE_LEAKS
|
|
|
|
|
if (common_flags()->detect_leaks)
|
|
|
|
|
return __lsan::DoRecoverableLeakCheck();
|
2015-10-01 08:22:21 +08:00
|
|
|
#endif // CAN_SANITIZE_LEAKS
|
2015-04-25 00:53:15 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-27 17:35:50 +08:00
|
|
|
#if !SANITIZER_SUPPORTS_WEAK_HOOKS
|
2017-09-23 07:49:49 +08:00
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
|
|
|
|
|
const char * __lsan_default_options() {
|
|
|
|
|
return "";
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-13 19:42:45 +08:00
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
|
2013-06-27 17:35:50 +08:00
|
|
|
int __lsan_is_turned_off() {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2017-01-07 08:31:20 +08:00
|
|
|
|
|
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
|
|
|
|
|
const char *__lsan_default_suppressions() {
|
|
|
|
|
return "";
|
|
|
|
|
}
|
2013-06-27 17:35:50 +08:00
|
|
|
#endif
|
2015-10-01 08:22:21 +08:00
|
|
|
} // extern "C"
|