1 //=-- lsan_common.cc ------------------------------------------------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file is a part of LeakSanitizer.
11 // Implementation of common leak checking functionality.
13 //===----------------------------------------------------------------------===//
15 #include "lsan_common.h"
17 #include "sanitizer_common/sanitizer_common.h"
18 #include "sanitizer_common/sanitizer_flag_parser.h"
19 #include "sanitizer_common/sanitizer_flags.h"
20 #include "sanitizer_common/sanitizer_placement_new.h"
21 #include "sanitizer_common/sanitizer_procmaps.h"
22 #include "sanitizer_common/sanitizer_report_decorator.h"
23 #include "sanitizer_common/sanitizer_stackdepot.h"
24 #include "sanitizer_common/sanitizer_stacktrace.h"
25 #include "sanitizer_common/sanitizer_suppressions.h"
26 #include "sanitizer_common/sanitizer_thread_registry.h"
27 #include "sanitizer_common/sanitizer_tls_get_addr.h"
29 #if CAN_SANITIZE_LEAKS
32 // This mutex is used to prevent races between DoLeakCheck and IgnoreObject, and
33 // also to protect the global list of root regions.
34 BlockingMutex global_mutex(LINKER_INITIALIZED);
38 void DisableCounterUnderflow() {
39 if (common_flags()->detect_leaks) {
40 Report("Unmatched call to __lsan_enable().\n");
45 void Flags::SetDefaults() {
46 #define LSAN_FLAG(Type, Name, DefaultValue, Description) Name = DefaultValue;
47 #include "lsan_flags.inc"
51 void RegisterLsanFlags(FlagParser *parser, Flags *f) {
52 #define LSAN_FLAG(Type, Name, DefaultValue, Description) \
53 RegisterFlag(parser, #Name, Description, &f->Name);
54 #include "lsan_flags.inc"
58 #define LOG_POINTERS(...) \
60 if (flags()->log_pointers) Report(__VA_ARGS__); \
63 #define LOG_THREADS(...) \
65 if (flags()->log_threads) Report(__VA_ARGS__); \
68 ALIGNED(64) static char suppression_placeholder[sizeof(SuppressionContext)];
69 static SuppressionContext *suppression_ctx = nullptr;
70 static const char kSuppressionLeak[] = "leak";
71 static const char *kSuppressionTypes[] = { kSuppressionLeak };
72 static const char kStdSuppressions[] =
73 #if SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT
74 // For more details refer to the SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT
76 "leak:*pthread_exit*\n"
77 #endif // SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT
79 // For Darwin and os_log/os_trace: https://reviews.llvm.org/D35173
82 // TLS leak in some glibc versions, described in
83 // https://sourceware.org/bugzilla/show_bug.cgi?id=12650.
84 "leak:*tls_get_addr*\n";
86 void InitializeSuppressions() {
87 CHECK_EQ(nullptr, suppression_ctx);
88 suppression_ctx = new (suppression_placeholder) // NOLINT
89 SuppressionContext(kSuppressionTypes, ARRAY_SIZE(kSuppressionTypes));
90 suppression_ctx->ParseFromFile(flags()->suppressions);
91 if (&__lsan_default_suppressions)
92 suppression_ctx->Parse(__lsan_default_suppressions());
93 suppression_ctx->Parse(kStdSuppressions);
96 static SuppressionContext *GetSuppressionContext() {
97 CHECK(suppression_ctx);
98 return suppression_ctx;
101 static InternalMmapVector<RootRegion> *root_regions;
103 InternalMmapVector<RootRegion> const *GetRootRegions() { return root_regions; }
105 void InitializeRootRegions() {
106 CHECK(!root_regions);
107 ALIGNED(64) static char placeholder[sizeof(InternalMmapVector<RootRegion>)];
108 root_regions = new (placeholder) InternalMmapVector<RootRegion>(); // NOLINT
111 const char *MaybeCallLsanDefaultOptions() {
112 return (&__lsan_default_options) ? __lsan_default_options() : "";
115 void InitCommonLsan() {
116 InitializeRootRegions();
117 if (common_flags()->detect_leaks) {
118 // Initialization which can fail or print warnings should only be done if
119 // LSan is actually enabled.
120 InitializeSuppressions();
121 InitializePlatformSpecificModules();
125 class Decorator: public __sanitizer::SanitizerCommonDecorator {
127 Decorator() : SanitizerCommonDecorator() { }
128 const char *Error() { return Red(); }
129 const char *Leak() { return Blue(); }
132 static inline bool CanBeAHeapPointer(uptr p) {
133 // Since our heap is located in mmap-ed memory, we can assume a sensible lower
134 // bound on heap addresses.
135 const uptr kMinAddress = 4 * 4096;
136 if (p < kMinAddress) return false;
137 #if defined(__x86_64__)
138 // Accept only canonical form user-space addresses.
139 return ((p >> 47) == 0);
140 #elif defined(__mips64)
141 return ((p >> 40) == 0);
142 #elif defined(__aarch64__)
143 unsigned runtimeVMA =
144 (MostSignificantSetBitIndex(GET_CURRENT_FRAME()) + 1);
145 return ((p >> runtimeVMA) == 0);
151 // Scans the memory range, looking for byte patterns that point into allocator
152 // chunks. Marks those chunks with |tag| and adds them to |frontier|.
153 // There are two usage modes for this function: finding reachable chunks
154 // (|tag| = kReachable) and finding indirectly leaked chunks
155 // (|tag| = kIndirectlyLeaked). In the second case, there's no flood fill,
156 // so |frontier| = 0.
157 void ScanRangeForPointers(uptr begin, uptr end,
159 const char *region_type, ChunkTag tag) {
160 CHECK(tag == kReachable || tag == kIndirectlyLeaked);
161 const uptr alignment = flags()->pointer_alignment();
162 LOG_POINTERS("Scanning %s range %p-%p.\n", region_type, begin, end);
165 pp = pp + alignment - pp % alignment;
166 for (; pp + sizeof(void *) <= end; pp += alignment) { // NOLINT
167 void *p = *reinterpret_cast<void **>(pp);
168 if (!CanBeAHeapPointer(reinterpret_cast<uptr>(p))) continue;
169 uptr chunk = PointsIntoChunk(p);
170 if (!chunk) continue;
171 // Pointers to self don't count. This matters when tag == kIndirectlyLeaked.
172 if (chunk == begin) continue;
173 LsanMetadata m(chunk);
174 if (m.tag() == kReachable || m.tag() == kIgnored) continue;
176 // Do this check relatively late so we can log only the interesting cases.
177 if (!flags()->use_poisoned && WordIsPoisoned(pp)) {
179 "%p is poisoned: ignoring %p pointing into chunk %p-%p of size "
181 pp, p, chunk, chunk + m.requested_size(), m.requested_size());
186 LOG_POINTERS("%p: found %p pointing into chunk %p-%p of size %zu.\n", pp, p,
187 chunk, chunk + m.requested_size(), m.requested_size());
189 frontier->push_back(chunk);
193 // Scans a global range for pointers
194 void ScanGlobalRange(uptr begin, uptr end, Frontier *frontier) {
195 uptr allocator_begin = 0, allocator_end = 0;
196 GetAllocatorGlobalRange(&allocator_begin, &allocator_end);
197 if (begin <= allocator_begin && allocator_begin < end) {
198 CHECK_LE(allocator_begin, allocator_end);
199 CHECK_LE(allocator_end, end);
200 if (begin < allocator_begin)
201 ScanRangeForPointers(begin, allocator_begin, frontier, "GLOBAL",
203 if (allocator_end < end)
204 ScanRangeForPointers(allocator_end, end, frontier, "GLOBAL", kReachable);
206 ScanRangeForPointers(begin, end, frontier, "GLOBAL", kReachable);
210 void ForEachExtraStackRangeCb(uptr begin, uptr end, void* arg) {
211 Frontier *frontier = reinterpret_cast<Frontier *>(arg);
212 ScanRangeForPointers(begin, end, frontier, "FAKE STACK", kReachable);
215 // Scans thread data (stacks and TLS) for heap pointers.
216 static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
217 Frontier *frontier) {
218 InternalMmapVector<uptr> registers(suspended_threads.RegisterCount());
219 uptr registers_begin = reinterpret_cast<uptr>(registers.data());
221 reinterpret_cast<uptr>(registers.data() + registers.size());
222 for (uptr i = 0; i < suspended_threads.ThreadCount(); i++) {
223 tid_t os_id = static_cast<tid_t>(suspended_threads.GetThreadID(i));
224 LOG_THREADS("Processing thread %d.\n", os_id);
225 uptr stack_begin, stack_end, tls_begin, tls_end, cache_begin, cache_end;
227 bool thread_found = GetThreadRangesLocked(os_id, &stack_begin, &stack_end,
228 &tls_begin, &tls_end,
229 &cache_begin, &cache_end, &dtls);
231 // If a thread can't be found in the thread registry, it's probably in the
232 // process of destruction. Log this event and move on.
233 LOG_THREADS("Thread %d not found in registry.\n", os_id);
237 PtraceRegistersStatus have_registers =
238 suspended_threads.GetRegistersAndSP(i, registers.data(), &sp);
239 if (have_registers != REGISTERS_AVAILABLE) {
240 Report("Unable to get registers from thread %d.\n", os_id);
241 // If unable to get SP, consider the entire stack to be reachable unless
242 // GetRegistersAndSP failed with ESRCH.
243 if (have_registers == REGISTERS_UNAVAILABLE_FATAL) continue;
247 if (flags()->use_registers && have_registers)
248 ScanRangeForPointers(registers_begin, registers_end, frontier,
249 "REGISTERS", kReachable);
251 if (flags()->use_stacks) {
252 LOG_THREADS("Stack at %p-%p (SP = %p).\n", stack_begin, stack_end, sp);
253 if (sp < stack_begin || sp >= stack_end) {
254 // SP is outside the recorded stack range (e.g. the thread is running a
255 // signal handler on alternate stack, or swapcontext was used).
256 // Again, consider the entire stack range to be reachable.
257 LOG_THREADS("WARNING: stack pointer not in stack range.\n");
258 uptr page_size = GetPageSizeCached();
260 while (stack_begin < stack_end &&
261 !IsAccessibleMemoryRange(stack_begin, 1)) {
263 stack_begin += page_size;
265 LOG_THREADS("Skipped %d guard page(s) to obtain stack %p-%p.\n",
266 skipped, stack_begin, stack_end);
268 // Shrink the stack range to ignore out-of-scope values.
271 ScanRangeForPointers(stack_begin, stack_end, frontier, "STACK",
273 ForEachExtraStackRange(os_id, ForEachExtraStackRangeCb, frontier);
276 if (flags()->use_tls) {
278 LOG_THREADS("TLS at %p-%p.\n", tls_begin, tls_end);
279 // If the tls and cache ranges don't overlap, scan full tls range,
280 // otherwise, only scan the non-overlapping portions
281 if (cache_begin == cache_end || tls_end < cache_begin ||
282 tls_begin > cache_end) {
283 ScanRangeForPointers(tls_begin, tls_end, frontier, "TLS", kReachable);
285 if (tls_begin < cache_begin)
286 ScanRangeForPointers(tls_begin, cache_begin, frontier, "TLS",
288 if (tls_end > cache_end)
289 ScanRangeForPointers(cache_end, tls_end, frontier, "TLS",
293 if (dtls && !DTLSInDestruction(dtls)) {
294 for (uptr j = 0; j < dtls->dtv_size; ++j) {
295 uptr dtls_beg = dtls->dtv[j].beg;
296 uptr dtls_end = dtls_beg + dtls->dtv[j].size;
297 if (dtls_beg < dtls_end) {
298 LOG_THREADS("DTLS %zu at %p-%p.\n", j, dtls_beg, dtls_end);
299 ScanRangeForPointers(dtls_beg, dtls_end, frontier, "DTLS",
304 // We are handling a thread with DTLS under destruction. Log about
305 // this and continue.
306 LOG_THREADS("Thread %d has DTLS under destruction.\n", os_id);
312 void ScanRootRegion(Frontier *frontier, const RootRegion &root_region,
313 uptr region_begin, uptr region_end, bool is_readable) {
314 uptr intersection_begin = Max(root_region.begin, region_begin);
315 uptr intersection_end = Min(region_end, root_region.begin + root_region.size);
316 if (intersection_begin >= intersection_end) return;
317 LOG_POINTERS("Root region %p-%p intersects with mapped region %p-%p (%s)\n",
318 root_region.begin, root_region.begin + root_region.size,
319 region_begin, region_end,
320 is_readable ? "readable" : "unreadable");
322 ScanRangeForPointers(intersection_begin, intersection_end, frontier, "ROOT",
326 static void ProcessRootRegion(Frontier *frontier,
327 const RootRegion &root_region) {
328 MemoryMappingLayout proc_maps(/*cache_enabled*/ true);
329 MemoryMappedSegment segment;
330 while (proc_maps.Next(&segment)) {
331 ScanRootRegion(frontier, root_region, segment.start, segment.end,
332 segment.IsReadable());
336 // Scans root regions for heap pointers.
337 static void ProcessRootRegions(Frontier *frontier) {
338 if (!flags()->use_root_regions) return;
340 for (uptr i = 0; i < root_regions->size(); i++) {
341 ProcessRootRegion(frontier, (*root_regions)[i]);
345 static void FloodFillTag(Frontier *frontier, ChunkTag tag) {
346 while (frontier->size()) {
347 uptr next_chunk = frontier->back();
348 frontier->pop_back();
349 LsanMetadata m(next_chunk);
350 ScanRangeForPointers(next_chunk, next_chunk + m.requested_size(), frontier,
355 // ForEachChunk callback. If the chunk is marked as leaked, marks all chunks
356 // which are reachable from it as indirectly leaked.
357 static void MarkIndirectlyLeakedCb(uptr chunk, void *arg) {
358 chunk = GetUserBegin(chunk);
359 LsanMetadata m(chunk);
360 if (m.allocated() && m.tag() != kReachable) {
361 ScanRangeForPointers(chunk, chunk + m.requested_size(),
362 /* frontier */ nullptr, "HEAP", kIndirectlyLeaked);
366 // ForEachChunk callback. If chunk is marked as ignored, adds its address to
368 static void CollectIgnoredCb(uptr chunk, void *arg) {
370 chunk = GetUserBegin(chunk);
371 LsanMetadata m(chunk);
372 if (m.allocated() && m.tag() == kIgnored) {
373 LOG_POINTERS("Ignored: chunk %p-%p of size %zu.\n",
374 chunk, chunk + m.requested_size(), m.requested_size());
375 reinterpret_cast<Frontier *>(arg)->push_back(chunk);
379 static uptr GetCallerPC(u32 stack_id, StackDepotReverseMap *map) {
381 StackTrace stack = map->Get(stack_id);
382 // The top frame is our malloc/calloc/etc. The next frame is the caller.
384 return stack.trace[1];
388 struct InvalidPCParam {
390 StackDepotReverseMap *stack_depot_reverse_map;
391 bool skip_linker_allocations;
394 // ForEachChunk callback. If the caller pc is invalid or is within the linker,
395 // mark as reachable. Called by ProcessPlatformSpecificAllocations.
396 static void MarkInvalidPCCb(uptr chunk, void *arg) {
398 InvalidPCParam *param = reinterpret_cast<InvalidPCParam *>(arg);
399 chunk = GetUserBegin(chunk);
400 LsanMetadata m(chunk);
401 if (m.allocated() && m.tag() != kReachable && m.tag() != kIgnored) {
402 u32 stack_id = m.stack_trace_id();
405 caller_pc = GetCallerPC(stack_id, param->stack_depot_reverse_map);
406 // If caller_pc is unknown, this chunk may be allocated in a coroutine. Mark
407 // it as reachable, as we can't properly report its allocation stack anyway.
408 if (caller_pc == 0 || (param->skip_linker_allocations &&
409 GetLinker()->containsAddress(caller_pc))) {
410 m.set_tag(kReachable);
411 param->frontier->push_back(chunk);
416 // On Linux, treats all chunks allocated from ld-linux.so as reachable, which
417 // covers dynamically allocated TLS blocks, internal dynamic loader's loaded
418 // modules accounting etc.
419 // Dynamic TLS blocks contain the TLS variables of dynamically loaded modules.
420 // They are allocated with a __libc_memalign() call in allocate_and_init()
421 // (elf/dl-tls.c). Glibc won't tell us the address ranges occupied by those
422 // blocks, but we can make sure they come from our own allocator by intercepting
423 // __libc_memalign(). On top of that, there is no easy way to reach them. Their
424 // addresses are stored in a dynamically allocated array (the DTV) which is
425 // referenced from the static TLS. Unfortunately, we can't just rely on the DTV
426 // being reachable from the static TLS, and the dynamic TLS being reachable from
427 // the DTV. This is because the initial DTV is allocated before our interception
428 // mechanism kicks in, and thus we don't recognize it as allocated memory. We
429 // can't special-case it either, since we don't know its size.
430 // Our solution is to include in the root set all allocations made from
431 // ld-linux.so (which is where allocate_and_init() is implemented). This is
432 // guaranteed to include all dynamic TLS blocks (and possibly other allocations
433 // which we don't care about).
434 // On all other platforms, this simply checks to ensure that the caller pc is
435 // valid before reporting chunks as leaked.
436 void ProcessPC(Frontier *frontier) {
437 StackDepotReverseMap stack_depot_reverse_map;
439 arg.frontier = frontier;
440 arg.stack_depot_reverse_map = &stack_depot_reverse_map;
441 arg.skip_linker_allocations =
442 flags()->use_tls && flags()->use_ld_allocations && GetLinker() != nullptr;
443 ForEachChunk(MarkInvalidPCCb, &arg);
446 // Sets the appropriate tag on each chunk.
447 static void ClassifyAllChunks(SuspendedThreadsList const &suspended_threads) {
448 // Holds the flood fill frontier.
451 ForEachChunk(CollectIgnoredCb, &frontier);
452 ProcessGlobalRegions(&frontier);
453 ProcessThreads(suspended_threads, &frontier);
454 ProcessRootRegions(&frontier);
455 FloodFillTag(&frontier, kReachable);
457 CHECK_EQ(0, frontier.size());
458 ProcessPC(&frontier);
460 // The check here is relatively expensive, so we do this in a separate flood
461 // fill. That way we can skip the check for chunks that are reachable
463 LOG_POINTERS("Processing platform-specific allocations.\n");
464 ProcessPlatformSpecificAllocations(&frontier);
465 FloodFillTag(&frontier, kReachable);
467 // Iterate over leaked chunks and mark those that are reachable from other
469 LOG_POINTERS("Scanning leaked chunks.\n");
470 ForEachChunk(MarkIndirectlyLeakedCb, nullptr);
473 // ForEachChunk callback. Resets the tags to pre-leak-check state.
474 static void ResetTagsCb(uptr chunk, void *arg) {
476 chunk = GetUserBegin(chunk);
477 LsanMetadata m(chunk);
478 if (m.allocated() && m.tag() != kIgnored)
479 m.set_tag(kDirectlyLeaked);
482 static void PrintStackTraceById(u32 stack_trace_id) {
483 CHECK(stack_trace_id);
484 StackDepotGet(stack_trace_id).Print();
487 // ForEachChunk callback. Aggregates information about unreachable chunks into
489 static void CollectLeaksCb(uptr chunk, void *arg) {
491 LeakReport *leak_report = reinterpret_cast<LeakReport *>(arg);
492 chunk = GetUserBegin(chunk);
493 LsanMetadata m(chunk);
494 if (!m.allocated()) return;
495 if (m.tag() == kDirectlyLeaked || m.tag() == kIndirectlyLeaked) {
496 u32 resolution = flags()->resolution;
497 u32 stack_trace_id = 0;
498 if (resolution > 0) {
499 StackTrace stack = StackDepotGet(m.stack_trace_id());
500 stack.size = Min(stack.size, resolution);
501 stack_trace_id = StackDepotPut(stack);
503 stack_trace_id = m.stack_trace_id();
505 leak_report->AddLeakedChunk(chunk, stack_trace_id, m.requested_size(),
510 static void PrintMatchedSuppressions() {
511 InternalMmapVector<Suppression *> matched;
512 GetSuppressionContext()->GetMatched(&matched);
515 const char *line = "-----------------------------------------------------";
516 Printf("%s\n", line);
517 Printf("Suppressions used:\n");
518 Printf(" count bytes template\n");
519 for (uptr i = 0; i < matched.size(); i++)
520 Printf("%7zu %10zu %s\n", static_cast<uptr>(atomic_load_relaxed(
521 &matched[i]->hit_count)), matched[i]->weight, matched[i]->templ);
522 Printf("%s\n\n", line);
525 struct CheckForLeaksParam {
527 LeakReport leak_report;
530 static void ReportIfNotSuspended(ThreadContextBase *tctx, void *arg) {
531 const InternalMmapVector<tid_t> &suspended_threads =
532 *(const InternalMmapVector<tid_t> *)arg;
533 if (tctx->status == ThreadStatusRunning) {
534 uptr i = InternalLowerBound(suspended_threads, 0, suspended_threads.size(),
535 tctx->os_id, CompareLess<int>());
536 if (i >= suspended_threads.size() || suspended_threads[i] != tctx->os_id)
537 Report("Running thread %d was not suspended. False leaks are possible.\n",
542 static void ReportUnsuspendedThreads(
543 const SuspendedThreadsList &suspended_threads) {
544 InternalMmapVector<tid_t> threads(suspended_threads.ThreadCount());
545 for (uptr i = 0; i < suspended_threads.ThreadCount(); ++i)
546 threads[i] = suspended_threads.GetThreadID(i);
548 Sort(threads.data(), threads.size());
550 GetThreadRegistryLocked()->RunCallbackForEachThreadLocked(
551 &ReportIfNotSuspended, &threads);
554 static void CheckForLeaksCallback(const SuspendedThreadsList &suspended_threads,
556 CheckForLeaksParam *param = reinterpret_cast<CheckForLeaksParam *>(arg);
558 CHECK(!param->success);
559 ReportUnsuspendedThreads(suspended_threads);
560 ClassifyAllChunks(suspended_threads);
561 ForEachChunk(CollectLeaksCb, ¶m->leak_report);
562 // Clean up for subsequent leak checks. This assumes we did not overwrite any
564 ForEachChunk(ResetTagsCb, nullptr);
565 param->success = true;
568 static bool CheckForLeaks() {
569 if (&__lsan_is_turned_off && __lsan_is_turned_off())
571 EnsureMainThreadIDIsCorrect();
572 CheckForLeaksParam param;
573 param.success = false;
574 LockThreadRegistry();
576 DoStopTheWorld(CheckForLeaksCallback, ¶m);
578 UnlockThreadRegistry();
580 if (!param.success) {
581 Report("LeakSanitizer has encountered a fatal error.\n");
583 "HINT: For debugging, try setting environment variable "
584 "LSAN_OPTIONS=verbosity=1:log_threads=1\n");
586 "HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)\n");
589 param.leak_report.ApplySuppressions();
590 uptr unsuppressed_count = param.leak_report.UnsuppressedLeakCount();
591 if (unsuppressed_count > 0) {
594 "================================================================="
596 Printf("%s", d.Error());
597 Report("ERROR: LeakSanitizer: detected memory leaks\n");
598 Printf("%s", d.Default());
599 param.leak_report.ReportTopLeaks(flags()->max_leaks);
601 if (common_flags()->print_suppressions)
602 PrintMatchedSuppressions();
603 if (unsuppressed_count > 0) {
604 param.leak_report.PrintSummary();
610 static bool has_reported_leaks = false;
611 bool HasReportedLeaks() { return has_reported_leaks; }
614 BlockingMutexLock l(&global_mutex);
615 static bool already_done;
616 if (already_done) return;
618 has_reported_leaks = CheckForLeaks();
619 if (has_reported_leaks) HandleLeaks();
622 static int DoRecoverableLeakCheck() {
623 BlockingMutexLock l(&global_mutex);
624 bool have_leaks = CheckForLeaks();
625 return have_leaks ? 1 : 0;
628 void DoRecoverableLeakCheckVoid() { DoRecoverableLeakCheck(); }
630 static Suppression *GetSuppressionForAddr(uptr addr) {
631 Suppression *s = nullptr;
633 // Suppress by module name.
634 SuppressionContext *suppressions = GetSuppressionContext();
635 if (const char *module_name =
636 Symbolizer::GetOrInit()->GetModuleNameForPc(addr))
637 if (suppressions->Match(module_name, kSuppressionLeak, &s))
640 // Suppress by file or function name.
641 SymbolizedStack *frames = Symbolizer::GetOrInit()->SymbolizePC(addr);
642 for (SymbolizedStack *cur = frames; cur; cur = cur->next) {
643 if (suppressions->Match(cur->info.function, kSuppressionLeak, &s) ||
644 suppressions->Match(cur->info.file, kSuppressionLeak, &s)) {
652 static Suppression *GetSuppressionForStack(u32 stack_trace_id) {
653 StackTrace stack = StackDepotGet(stack_trace_id);
654 for (uptr i = 0; i < stack.size; i++) {
655 Suppression *s = GetSuppressionForAddr(
656 StackTrace::GetPreviousInstructionPc(stack.trace[i]));
662 ///// LeakReport implementation. /////
664 // A hard limit on the number of distinct leaks, to avoid quadratic complexity
665 // in LeakReport::AddLeakedChunk(). We don't expect to ever see this many leaks
666 // in real-world applications.
667 // FIXME: Get rid of this limit by changing the implementation of LeakReport to
669 const uptr kMaxLeaksConsidered = 5000;
671 void LeakReport::AddLeakedChunk(uptr chunk, u32 stack_trace_id,
672 uptr leaked_size, ChunkTag tag) {
673 CHECK(tag == kDirectlyLeaked || tag == kIndirectlyLeaked);
674 bool is_directly_leaked = (tag == kDirectlyLeaked);
676 for (i = 0; i < leaks_.size(); i++) {
677 if (leaks_[i].stack_trace_id == stack_trace_id &&
678 leaks_[i].is_directly_leaked == is_directly_leaked) {
679 leaks_[i].hit_count++;
680 leaks_[i].total_size += leaked_size;
684 if (i == leaks_.size()) {
685 if (leaks_.size() == kMaxLeaksConsidered) return;
686 Leak leak = { next_id_++, /* hit_count */ 1, leaked_size, stack_trace_id,
687 is_directly_leaked, /* is_suppressed */ false };
688 leaks_.push_back(leak);
690 if (flags()->report_objects) {
691 LeakedObject obj = {leaks_[i].id, chunk, leaked_size};
692 leaked_objects_.push_back(obj);
696 static bool LeakComparator(const Leak &leak1, const Leak &leak2) {
697 if (leak1.is_directly_leaked == leak2.is_directly_leaked)
698 return leak1.total_size > leak2.total_size;
700 return leak1.is_directly_leaked;
703 void LeakReport::ReportTopLeaks(uptr num_leaks_to_report) {
704 CHECK(leaks_.size() <= kMaxLeaksConsidered);
706 if (leaks_.size() == kMaxLeaksConsidered)
707 Printf("Too many leaks! Only the first %zu leaks encountered will be "
709 kMaxLeaksConsidered);
711 uptr unsuppressed_count = UnsuppressedLeakCount();
712 if (num_leaks_to_report > 0 && num_leaks_to_report < unsuppressed_count)
713 Printf("The %zu top leak(s):\n", num_leaks_to_report);
714 Sort(leaks_.data(), leaks_.size(), &LeakComparator);
715 uptr leaks_reported = 0;
716 for (uptr i = 0; i < leaks_.size(); i++) {
717 if (leaks_[i].is_suppressed) continue;
718 PrintReportForLeak(i);
720 if (leaks_reported == num_leaks_to_report) break;
722 if (leaks_reported < unsuppressed_count) {
723 uptr remaining = unsuppressed_count - leaks_reported;
724 Printf("Omitting %zu more leak(s).\n", remaining);
728 void LeakReport::PrintReportForLeak(uptr index) {
730 Printf("%s", d.Leak());
731 Printf("%s leak of %zu byte(s) in %zu object(s) allocated from:\n",
732 leaks_[index].is_directly_leaked ? "Direct" : "Indirect",
733 leaks_[index].total_size, leaks_[index].hit_count);
734 Printf("%s", d.Default());
736 PrintStackTraceById(leaks_[index].stack_trace_id);
738 if (flags()->report_objects) {
739 Printf("Objects leaked above:\n");
740 PrintLeakedObjectsForLeak(index);
745 void LeakReport::PrintLeakedObjectsForLeak(uptr index) {
746 u32 leak_id = leaks_[index].id;
747 for (uptr j = 0; j < leaked_objects_.size(); j++) {
748 if (leaked_objects_[j].leak_id == leak_id)
749 Printf("%p (%zu bytes)\n", leaked_objects_[j].addr,
750 leaked_objects_[j].size);
754 void LeakReport::PrintSummary() {
755 CHECK(leaks_.size() <= kMaxLeaksConsidered);
756 uptr bytes = 0, allocations = 0;
757 for (uptr i = 0; i < leaks_.size(); i++) {
758 if (leaks_[i].is_suppressed) continue;
759 bytes += leaks_[i].total_size;
760 allocations += leaks_[i].hit_count;
762 InternalScopedString summary(kMaxSummaryLength);
763 summary.append("%zu byte(s) leaked in %zu allocation(s).", bytes,
765 ReportErrorSummary(summary.data());
768 void LeakReport::ApplySuppressions() {
769 for (uptr i = 0; i < leaks_.size(); i++) {
770 Suppression *s = GetSuppressionForStack(leaks_[i].stack_trace_id);
772 s->weight += leaks_[i].total_size;
773 atomic_store_relaxed(&s->hit_count, atomic_load_relaxed(&s->hit_count) +
774 leaks_[i].hit_count);
775 leaks_[i].is_suppressed = true;
780 uptr LeakReport::UnsuppressedLeakCount() {
782 for (uptr i = 0; i < leaks_.size(); i++)
783 if (!leaks_[i].is_suppressed) result++;
787 } // namespace __lsan
788 #else // CAN_SANITIZE_LEAKS
790 void InitCommonLsan() { }
791 void DoLeakCheck() { }
792 void DoRecoverableLeakCheckVoid() { }
793 void DisableInThisThread() { }
794 void EnableInThisThread() { }
796 #endif // CAN_SANITIZE_LEAKS
798 using namespace __lsan; // NOLINT
801 SANITIZER_INTERFACE_ATTRIBUTE
802 void __lsan_ignore_object(const void *p) {
803 #if CAN_SANITIZE_LEAKS
804 if (!common_flags()->detect_leaks)
806 // Cannot use PointsIntoChunk or LsanMetadata here, since the allocator is not
808 BlockingMutexLock l(&global_mutex);
809 IgnoreObjectResult res = IgnoreObjectLocked(p);
810 if (res == kIgnoreObjectInvalid)
811 VReport(1, "__lsan_ignore_object(): no heap object found at %p", p);
812 if (res == kIgnoreObjectAlreadyIgnored)
813 VReport(1, "__lsan_ignore_object(): "
814 "heap object at %p is already being ignored\n", p);
815 if (res == kIgnoreObjectSuccess)
816 VReport(1, "__lsan_ignore_object(): ignoring heap object at %p\n", p);
817 #endif // CAN_SANITIZE_LEAKS
820 SANITIZER_INTERFACE_ATTRIBUTE
821 void __lsan_register_root_region(const void *begin, uptr size) {
822 #if CAN_SANITIZE_LEAKS
823 BlockingMutexLock l(&global_mutex);
825 RootRegion region = {reinterpret_cast<uptr>(begin), size};
826 root_regions->push_back(region);
827 VReport(1, "Registered root region at %p of size %llu\n", begin, size);
828 #endif // CAN_SANITIZE_LEAKS
831 SANITIZER_INTERFACE_ATTRIBUTE
832 void __lsan_unregister_root_region(const void *begin, uptr size) {
833 #if CAN_SANITIZE_LEAKS
834 BlockingMutexLock l(&global_mutex);
836 bool removed = false;
837 for (uptr i = 0; i < root_regions->size(); i++) {
838 RootRegion region = (*root_regions)[i];
839 if (region.begin == reinterpret_cast<uptr>(begin) && region.size == size) {
841 uptr last_index = root_regions->size() - 1;
842 (*root_regions)[i] = (*root_regions)[last_index];
843 root_regions->pop_back();
844 VReport(1, "Unregistered root region at %p of size %llu\n", begin, size);
850 "__lsan_unregister_root_region(): region at %p of size %llu has not "
851 "been registered.\n",
855 #endif // CAN_SANITIZE_LEAKS
858 SANITIZER_INTERFACE_ATTRIBUTE
859 void __lsan_disable() {
860 #if CAN_SANITIZE_LEAKS
861 __lsan::DisableInThisThread();
865 SANITIZER_INTERFACE_ATTRIBUTE
866 void __lsan_enable() {
867 #if CAN_SANITIZE_LEAKS
868 __lsan::EnableInThisThread();
872 SANITIZER_INTERFACE_ATTRIBUTE
873 void __lsan_do_leak_check() {
874 #if CAN_SANITIZE_LEAKS
875 if (common_flags()->detect_leaks)
876 __lsan::DoLeakCheck();
877 #endif // CAN_SANITIZE_LEAKS
880 SANITIZER_INTERFACE_ATTRIBUTE
881 int __lsan_do_recoverable_leak_check() {
882 #if CAN_SANITIZE_LEAKS
883 if (common_flags()->detect_leaks)
884 return __lsan::DoRecoverableLeakCheck();
885 #endif // CAN_SANITIZE_LEAKS
889 #if !SANITIZER_SUPPORTS_WEAK_HOOKS
890 SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
891 const char * __lsan_default_options() {
895 SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
896 int __lsan_is_turned_off() {
900 SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
901 const char *__lsan_default_suppressions() {