//=-- lsan_common.cpp -----------------------------------------------------===// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// // // This file is a part of LeakSanitizer. // Implementation of common leak checking functionality. // //===----------------------------------------------------------------------===// #include "lsan_common.h" #include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_flag_parser.h" #include "sanitizer_common/sanitizer_flags.h" #include "sanitizer_common/sanitizer_placement_new.h" #include "sanitizer_common/sanitizer_procmaps.h" #include "sanitizer_common/sanitizer_report_decorator.h" #include "sanitizer_common/sanitizer_stackdepot.h" #include "sanitizer_common/sanitizer_stacktrace.h" #include "sanitizer_common/sanitizer_suppressions.h" #include "sanitizer_common/sanitizer_thread_registry.h" #include "sanitizer_common/sanitizer_tls_get_addr.h" #if CAN_SANITIZE_LEAKS # if SANITIZER_APPLE // https://github.com/apple-oss-distributions/objc4/blob/8701d5672d3fd3cd817aeb84db1077aafe1a1604/runtime/objc-runtime-new.h#L127 # if SANITIZER_IOS && !SANITIZER_IOSSIM #define OBJC_DATA_MASK … # else #define OBJC_DATA_MASK … # endif # endif namespace __lsan { // This mutex is used to prevent races between DoLeakCheck and IgnoreObject, and // also to protect the global list of root regions. static Mutex global_mutex; void LockGlobal() SANITIZER_ACQUIRE(global_mutex) { … } void UnlockGlobal() SANITIZER_RELEASE(global_mutex) { … } Flags lsan_flags; void DisableCounterUnderflow() { … } void Flags::SetDefaults() { … } void RegisterLsanFlags(FlagParser *parser, Flags *f) { … } #define LOG_POINTERS(...) … #define LOG_THREADS(...) … class LeakSuppressionContext { … }; alignas(64) static char suppression_placeholder[sizeof(LeakSuppressionContext)]; static LeakSuppressionContext *suppression_ctx = …; static const char kSuppressionLeak[] = …; static const char *kSuppressionTypes[] = …; static const char kStdSuppressions[] = …// For more details refer to the SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT // definition. "leak:*pthread_exit*\n" # endif // SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT # if SANITIZER_APPLE // For Darwin and os_log/os_trace: https://reviews.llvm.org/D35173 "leak:*_os_trace*\n" # endif // TLS leak in some glibc versions, described in // https://sourceware.org/bugzilla/show_bug.cgi?id=12650. "leak:*tls_get_addr*\n"; void InitializeSuppressions() { … } void LeakSuppressionContext::LazyInit() { … } Suppression *LeakSuppressionContext::GetSuppressionForAddr(uptr addr) { … } static uptr GetCallerPC(const StackTrace &stack) { … } # if SANITIZER_APPLE // Several pointers in the Objective-C runtime (method cache and class_rw_t, // for example) are tagged with additional bits we need to strip. static inline void *TransformPointer(void *p) { uptr ptr = reinterpret_cast<uptr>(p); return reinterpret_cast<void *>(ptr & OBJC_DATA_MASK); } # endif // On Linux, treats all chunks allocated from ld-linux.so as reachable, which // covers dynamically allocated TLS blocks, internal dynamic loader's loaded // modules accounting etc. // Dynamic TLS blocks contain the TLS variables of dynamically loaded modules. // They are allocated with a __libc_memalign() call in allocate_and_init() // (elf/dl-tls.c). Glibc won't tell us the address ranges occupied by those // blocks, but we can make sure they come from our own allocator by intercepting // __libc_memalign(). On top of that, there is no easy way to reach them. Their // addresses are stored in a dynamically allocated array (the DTV) which is // referenced from the static TLS. Unfortunately, we can't just rely on the DTV // being reachable from the static TLS, and the dynamic TLS being reachable from // the DTV. This is because the initial DTV is allocated before our interception // mechanism kicks in, and thus we don't recognize it as allocated memory. We // can't special-case it either, since we don't know its size. // Our solution is to include in the root set all allocations made from // ld-linux.so (which is where allocate_and_init() is implemented). This is // guaranteed to include all dynamic TLS blocks (and possibly other allocations // which we don't care about). // On all other platforms, this simply checks to ensure that the caller pc is // valid before reporting chunks as leaked. bool LeakSuppressionContext::SuppressInvalid(const StackTrace &stack) { … } bool LeakSuppressionContext::SuppressByRule(const StackTrace &stack, uptr hit_count, uptr total_size) { … } bool LeakSuppressionContext::Suppress(u32 stack_trace_id, uptr hit_count, uptr total_size) { … } static LeakSuppressionContext *GetSuppressionContext() { … } void InitCommonLsan() { … } class Decorator : public __sanitizer::SanitizerCommonDecorator { … }; static inline bool MaybeUserPointer(uptr p) { … } // Scans the memory range, looking for byte patterns that point into allocator // chunks. Marks those chunks with |tag| and adds them to |frontier|. // There are two usage modes for this function: finding reachable chunks // (|tag| = kReachable) and finding indirectly leaked chunks // (|tag| = kIndirectlyLeaked). In the second case, there's no flood fill, // so |frontier| = 0. void ScanRangeForPointers(uptr begin, uptr end, Frontier *frontier, const char *region_type, ChunkTag tag) { … } // Scans a global range for pointers void ScanGlobalRange(uptr begin, uptr end, Frontier *frontier) { … } void ScanExtraStackRanges(const InternalMmapVector<Range> &ranges, Frontier *frontier) { … } # if SANITIZER_FUCHSIA // Fuchsia handles all threads together with its own callback. static void ProcessThreads(SuspendedThreadsList const &, Frontier *, tid_t, uptr) {} # else # if SANITIZER_ANDROID // FIXME: Move this out into *libcdep.cpp extern "C" SANITIZER_WEAK_ATTRIBUTE void __libc_iterate_dynamic_tls( pid_t, void (*cb)(void *, void *, uptr, void *), void *); # endif static void ProcessThreadRegistry(Frontier *frontier) { … } // Scans thread data (stacks and TLS) for heap pointers. static void ProcessThreads(SuspendedThreadsList const &suspended_threads, Frontier *frontier, tid_t caller_tid, uptr caller_sp) { … } # endif // SANITIZER_FUCHSIA // A map that contains [region_begin, region_end) pairs. RootRegions; static RootRegions &GetRootRegionsLocked() { … } bool HasRootRegions() { … } void ScanRootRegions(Frontier *frontier, const InternalMmapVectorNoCtor<Region> &mapped_regions) { … } // Scans root regions for heap pointers. static void ProcessRootRegions(Frontier *frontier) { … } static void FloodFillTag(Frontier *frontier, ChunkTag tag) { … } // ForEachChunk callback. If the chunk is marked as leaked, marks all chunks // which are reachable from it as indirectly leaked. static void MarkIndirectlyLeakedCb(uptr chunk, void *arg) { … } static void IgnoredSuppressedCb(uptr chunk, void *arg) { … } // ForEachChunk callback. If chunk is marked as ignored, adds its address to // frontier. static void CollectIgnoredCb(uptr chunk, void *arg) { … } // Sets the appropriate tag on each chunk. static void ClassifyAllChunks(SuspendedThreadsList const &suspended_threads, Frontier *frontier, tid_t caller_tid, uptr caller_sp) { … } // ForEachChunk callback. Resets the tags to pre-leak-check state. static void ResetTagsCb(uptr chunk, void *arg) { … } // ForEachChunk callback. Aggregates information about unreachable chunks into // a LeakReport. static void CollectLeaksCb(uptr chunk, void *arg) { … } void LeakSuppressionContext::PrintMatchedSuppressions() { … } # if SANITIZER_FUCHSIA // Fuchsia provides a libc interface that guarantees all threads are // covered, and SuspendedThreadList is never really used. static void ReportUnsuspendedThreads(const SuspendedThreadsList &) {} # else // !SANITIZER_FUCHSIA static void ReportUnsuspendedThreads( const SuspendedThreadsList &suspended_threads) { … } # endif // !SANITIZER_FUCHSIA static void CheckForLeaksCallback(const SuspendedThreadsList &suspended_threads, void *arg) { … } static bool PrintResults(LeakReport &report) { … } static bool CheckForLeaks() { … } static bool has_reported_leaks = …; bool HasReportedLeaks() { … } void DoLeakCheck() { … } static int DoRecoverableLeakCheck() { … } void DoRecoverableLeakCheckVoid() { … } ///// LeakReport implementation. ///// // A hard limit on the number of distinct leaks, to avoid quadratic complexity // in LeakReport::AddLeakedChunk(). We don't expect to ever see this many leaks // in real-world applications. // FIXME: Get rid of this limit by moving logic into DedupLeaks. const uptr kMaxLeaksConsidered = …; void LeakReport::AddLeakedChunks(const LeakedChunks &chunks) { … } static bool LeakComparator(const Leak &leak1, const Leak &leak2) { … } void LeakReport::ReportTopLeaks(uptr num_leaks_to_report) { … } void LeakReport::PrintReportForLeak(uptr index) { … } void LeakReport::PrintLeakedObjectsForLeak(uptr index) { … } void LeakReport::PrintSummary() { … } uptr LeakReport::ApplySuppressions() { … } uptr LeakReport::UnsuppressedLeakCount() { … } uptr LeakReport::IndirectUnsuppressedLeakCount() { … } } // namespace __lsan #else // CAN_SANITIZE_LEAKS namespace __lsan { void InitCommonLsan() {} void DoLeakCheck() {} void DoRecoverableLeakCheckVoid() {} void DisableInThisThread() {} void EnableInThisThread() {} } // namespace __lsan #endif // CAN_SANITIZE_LEAKS usingnamespace__lsan; extern "C" { SANITIZER_INTERFACE_ATTRIBUTE void __lsan_ignore_object(const void *p) { … } SANITIZER_INTERFACE_ATTRIBUTE void __lsan_register_root_region(const void *begin, uptr size) { … } SANITIZER_INTERFACE_ATTRIBUTE void __lsan_unregister_root_region(const void *begin, uptr size) { … } SANITIZER_INTERFACE_ATTRIBUTE void __lsan_disable() { … } SANITIZER_INTERFACE_ATTRIBUTE void __lsan_enable() { … } SANITIZER_INTERFACE_ATTRIBUTE void __lsan_do_leak_check() { … } SANITIZER_INTERFACE_ATTRIBUTE int __lsan_do_recoverable_leak_check() { … } SANITIZER_INTERFACE_WEAK_DEF(const char *, __lsan_default_options, void) { … } #if !SANITIZER_SUPPORTS_WEAK_HOOKS SANITIZER_INTERFACE_WEAK_DEF(int, __lsan_is_turned_off, void) { return 0; } SANITIZER_INTERFACE_WEAK_DEF(const char *, __lsan_default_suppressions, void) { return ""; } #endif } // extern "C"
Codebase Browser
llvm