1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <poll.h>
32 #include <signal.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <sys/types.h>
36 #include <sys/wait.h>
37 #include <time.h>
38 #include <unistd.h>
39
40 #include <android-base/file.h>
41 #include <android-base/stringprintf.h>
42 #include <gtest/gtest.h>
43 #include <log/log_read.h>
44
45 #include <atomic>
46 #include <string>
47 #include <thread>
48 #include <vector>
49
50 #include <backtrace/Backtrace.h>
51 #include <backtrace/BacktraceMap.h>
52
53 #include <bionic/malloc.h>
54
55 // All DISABLED_ tests are designed to be executed after malloc debug
56 // is enabled. These tests don't run be default, and are executed
57 // by wrappers that will enable various malloc debug features.
58
59 static constexpr time_t kTimeoutSeconds = 10;
60
GetInitialArgs(const char *** args,size_t * num_args)61 extern "C" bool GetInitialArgs(const char*** args, size_t* num_args) {
62 static const char* initial_args[] = {"--slow_threshold_ms=30000",
63 "--deadline_threshold_ms=1200000"};
64 *args = initial_args;
65 *num_args = 2;
66 return true;
67 }
68
Exec(const char * test_name,const char * debug_options,pid_t * pid,int exit_code=0,time_t timeout_seconds=kTimeoutSeconds)69 static void Exec(const char* test_name, const char* debug_options, pid_t* pid, int exit_code = 0,
70 time_t timeout_seconds = kTimeoutSeconds) {
71 int fds[2];
72 ASSERT_NE(-1, pipe(fds));
73 ASSERT_NE(-1, fcntl(fds[0], F_SETFL, O_NONBLOCK));
74 if ((*pid = fork()) == 0) {
75 ASSERT_EQ(0, setenv("LIBC_DEBUG_MALLOC_OPTIONS", debug_options, 1));
76 close(fds[0]);
77 close(STDIN_FILENO);
78 close(STDOUT_FILENO);
79 close(STDERR_FILENO);
80 ASSERT_NE(0, dup2(fds[1], STDOUT_FILENO));
81 ASSERT_NE(0, dup2(fds[1], STDERR_FILENO));
82
83 std::vector<const char*> args;
84 // Get a copy of this argument so it doesn't disappear on us.
85 std::string exec(testing::internal::GetArgvs()[0]);
86 args.push_back(exec.c_str());
87 args.push_back("--gtest_also_run_disabled_tests");
88 std::string filter_arg = std::string("--gtest_filter=") + test_name;
89 args.push_back(filter_arg.c_str());
90 // Need this because some code depends on exit codes from the test run
91 // but the isolation runner does not support that.
92 args.push_back("--no_isolate");
93 args.push_back(nullptr);
94 execv(args[0], reinterpret_cast<char* const*>(const_cast<char**>(args.data())));
95 exit(20);
96 }
97 ASSERT_NE(-1, *pid);
98 close(fds[1]);
99
100 std::string output;
101 std::vector<char> buffer(4096);
102 time_t start_time = time(nullptr);
103 bool done = false;
104 while (true) {
105 struct pollfd read_fd = {.fd = fds[0], .events = POLLIN};
106 if (TEMP_FAILURE_RETRY(poll(&read_fd, 1, 1)) > 0) {
107 ssize_t bytes = TEMP_FAILURE_RETRY(read(fds[0], buffer.data(), sizeof(buffer) - 1));
108 if (bytes == -1 && errno == EAGAIN) {
109 continue;
110 }
111 ASSERT_NE(-1, bytes);
112 if (bytes == 0) {
113 done = true;
114 break;
115 }
116 output.append(buffer.data(), bytes);
117 }
118
119 if ((time(nullptr) - start_time) > timeout_seconds) {
120 kill(*pid, SIGINT);
121 break;
122 }
123 }
124 EXPECT_TRUE(done) << "Timed out while reading data, output:\n" << output;
125
126 done = false;
127 int status;
128 start_time = time(nullptr);
129 while (true) {
130 int wait_pid = waitpid(*pid, &status, WNOHANG);
131 if (*pid == wait_pid) {
132 done = true;
133 break;
134 }
135 if ((time(nullptr) - start_time) > timeout_seconds) {
136 break;
137 }
138 }
139 if (!done) {
140 kill(*pid, SIGKILL);
141 start_time = time(nullptr);
142 while (true) {
143 int kill_status;
144 int wait_pid = waitpid(*pid, &kill_status, WNOHANG);
145 if (wait_pid == *pid || (time(nullptr) - start_time) > timeout_seconds) {
146 break;
147 }
148 }
149 }
150
151 ASSERT_TRUE(done) << "Timed out waiting for waitpid, output:\n" << output;
152 ASSERT_FALSE(WIFSIGNALED(status))
153 << "Failed with signal " << WTERMSIG(status) << "\nOutput:\n" << output;
154 ASSERT_EQ(exit_code, WEXITSTATUS(status)) << "Output:\n" << output;
155 }
156
GetLogStr(pid_t pid,std::string * log_str,log_id log=LOG_ID_MAIN)157 static void GetLogStr(pid_t pid, std::string* log_str, log_id log = LOG_ID_MAIN) {
158 log_str->clear();
159
160 logger_list* list;
161 list = android_logger_list_open(log, ANDROID_LOG_NONBLOCK, 1000, pid);
162 ASSERT_TRUE(list != nullptr);
163
164 while (true) {
165 log_msg msg;
166 ssize_t actual = android_logger_list_read(list, &msg);
167 if (actual < 0) {
168 if (actual == -EINTR) {
169 // Interrupted retry.
170 continue;
171 } else if (actual == -EAGAIN) {
172 // Non-blocking EOF, finished.
173 break;
174 } else {
175 break;
176 }
177 } else if (actual == 0) {
178 break;
179 }
180 ASSERT_EQ(msg.entry.pid, pid);
181
182 char* msg_str = msg.msg();
183 if (msg_str != nullptr) {
184 char* tag = msg_str + 1;
185 msg_str = tag + strlen(tag) + 1;
186 *log_str += msg_str;
187 if (log_str->back() != '\n') {
188 *log_str += '\n';
189 }
190 }
191 }
192
193 android_logger_list_close(list);
194 }
195
FindStrings(pid_t pid,std::vector<const char * > match_strings,std::vector<const char * > no_match_strings=std::vector<const char * >{},time_t timeout_seconds=kTimeoutSeconds)196 static void FindStrings(pid_t pid, std::vector<const char*> match_strings,
197 std::vector<const char*> no_match_strings = std::vector<const char*>{},
198 time_t timeout_seconds = kTimeoutSeconds) {
199 std::string log_str;
200 time_t start = time(nullptr);
201 std::string missing_match;
202 while (true) {
203 GetLogStr(pid, &log_str);
204 missing_match.clear();
205 // Look for the expected strings.
206 for (auto str : match_strings) {
207 if (log_str.find(str) == std::string::npos) {
208 missing_match = str;
209 break;
210 }
211 }
212
213 // Verify the unexpected strings are not present.
214 for (auto str : no_match_strings) {
215 ASSERT_TRUE(log_str.find(str) == std::string::npos) << "Unexpectedly found '" << str << "' in log output:\n" << log_str;
216 }
217 if (missing_match.empty()) {
218 return;
219 }
220 if ((time(nullptr) - start) > timeout_seconds) {
221 break;
222 }
223 }
224 ASSERT_EQ("", missing_match) << "Didn't find expected log output:\n" << log_str;
225 }
226
TEST(MallocTests,DISABLED_smoke)227 TEST(MallocTests, DISABLED_smoke) {}
228
TEST(MallocDebugSystemTest,smoke)229 TEST(MallocDebugSystemTest, smoke) {
230 pid_t pid;
231 ASSERT_NO_FATAL_FAILURE(Exec("MallocTests.DISABLED_smoke", "verbose backtrace", &pid));
232
233 ASSERT_NO_FATAL_FAILURE(FindStrings(pid, std::vector<const char*>{"malloc debug enabled"}));
234 }
235
SetAllocationLimit()236 static void SetAllocationLimit() {
237 // Set to a large value, this is only to enable the limit code and
238 // verify that malloc debug is still called properly.
239 size_t limit = 500 * 1024 * 1024;
240 ASSERT_TRUE(android_mallopt(M_SET_ALLOCATION_LIMIT_BYTES, &limit, sizeof(limit)));
241 }
242
AlignedAlloc()243 static void AlignedAlloc() {
244 void* ptr = aligned_alloc(64, 1152);
245 ASSERT_TRUE(ptr != nullptr);
246 memset(ptr, 0, 1152);
247 }
248
TEST(MallocTests,DISABLED_leak_memory_aligned_alloc)249 TEST(MallocTests, DISABLED_leak_memory_aligned_alloc) {
250 AlignedAlloc();
251 }
252
TEST(MallocTests,DISABLED_leak_memory_limit_aligned_alloc)253 TEST(MallocTests, DISABLED_leak_memory_limit_aligned_alloc) {
254 SetAllocationLimit();
255 AlignedAlloc();
256 }
257
Calloc()258 static void Calloc() {
259 void* ptr = calloc(1, 1123);
260 ASSERT_TRUE(ptr != nullptr);
261 memset(ptr, 1, 1123);
262 }
263
TEST(MallocTests,DISABLED_leak_memory_calloc)264 TEST(MallocTests, DISABLED_leak_memory_calloc) {
265 Calloc();
266 }
267
TEST(MallocTests,DISABLED_leak_memory_limit_calloc)268 TEST(MallocTests, DISABLED_leak_memory_limit_calloc) {
269 SetAllocationLimit();
270 Calloc();
271 }
272
Malloc()273 static void Malloc() {
274 void* ptr = malloc(1123);
275 ASSERT_TRUE(ptr != nullptr);
276 memset(ptr, 0, 1123);
277 }
278
TEST(MallocTests,DISABLED_leak_memory_malloc)279 TEST(MallocTests, DISABLED_leak_memory_malloc) {
280 Malloc();
281 }
282
TEST(MallocTests,DISABLED_leak_memory_limit_malloc)283 TEST(MallocTests, DISABLED_leak_memory_limit_malloc) {
284 SetAllocationLimit();
285 Malloc();
286 }
287
Memalign()288 static void Memalign() {
289 void* ptr = memalign(64, 1123);
290 ASSERT_TRUE(ptr != nullptr);
291 memset(ptr, 0, 1123);
292 }
293
TEST(MallocTests,DISABLED_leak_memory_memalign)294 TEST(MallocTests, DISABLED_leak_memory_memalign) {
295 Memalign();
296 }
297
TEST(MallocTests,DISABLED_leak_memory_limit_memalign)298 TEST(MallocTests, DISABLED_leak_memory_limit_memalign) {
299 SetAllocationLimit();
300 Memalign();
301 }
302
PosixMemalign()303 static void PosixMemalign() {
304 void* ptr;
305 ASSERT_EQ(0, posix_memalign(&ptr, 64, 1123));
306 ASSERT_TRUE(ptr != nullptr);
307 memset(ptr, 0, 1123);
308 }
309
TEST(MallocTests,DISABLED_leak_memory_posix_memalign)310 TEST(MallocTests, DISABLED_leak_memory_posix_memalign) {
311 PosixMemalign();
312 }
313
TEST(MallocTests,DISABLED_leak_memory_limit_posix_memalign)314 TEST(MallocTests, DISABLED_leak_memory_limit_posix_memalign) {
315 SetAllocationLimit();
316 PosixMemalign();
317 }
318
Reallocarray()319 static void Reallocarray() {
320 void* ptr = reallocarray(nullptr, 1, 1123);
321 ASSERT_TRUE(ptr != nullptr);
322 memset(ptr, 0, 1123);
323 }
324
TEST(MallocTests,DISABLED_leak_memory_reallocarray)325 TEST(MallocTests, DISABLED_leak_memory_reallocarray) {
326 Reallocarray();
327 }
328
TEST(MallocTests,DISABLED_leak_memory_limit_reallocarray)329 TEST(MallocTests, DISABLED_leak_memory_limit_reallocarray) {
330 SetAllocationLimit();
331 Reallocarray();
332 }
333
Realloc()334 static void Realloc() {
335 void* ptr = realloc(nullptr, 1123);
336 ASSERT_TRUE(ptr != nullptr);
337 memset(ptr, 0, 1123);
338 }
339
TEST(MallocTests,DISABLED_leak_memory_realloc)340 TEST(MallocTests, DISABLED_leak_memory_realloc) {
341 Realloc();
342 }
343
TEST(MallocTests,DISABLED_leak_memory_limit_realloc)344 TEST(MallocTests, DISABLED_leak_memory_limit_realloc) {
345 SetAllocationLimit();
346 Realloc();
347 }
348
349 #if !defined(__LP64__)
350 extern "C" void* pvalloc(size_t);
351
Pvalloc()352 static void Pvalloc() {
353 void* ptr = pvalloc(1123);
354 ASSERT_TRUE(ptr != nullptr);
355 memset(ptr, 0, 1123);
356 }
357
TEST(MallocTests,DISABLED_leak_memory_pvalloc)358 TEST(MallocTests, DISABLED_leak_memory_pvalloc) {
359 Pvalloc();
360 }
361
TEST(MallocTests,DISABLED_leak_memory_limit_pvalloc)362 TEST(MallocTests, DISABLED_leak_memory_limit_pvalloc) {
363 SetAllocationLimit();
364 Pvalloc();
365 }
366
367 extern "C" void* valloc(size_t);
368
Valloc()369 static void Valloc() {
370 void* ptr = valloc(1123);
371 ASSERT_TRUE(ptr != nullptr);
372 memset(ptr, 0, 1123);
373 }
374
TEST(MallocTests,DISABLED_leak_memory_valloc)375 TEST(MallocTests, DISABLED_leak_memory_valloc) {
376 Valloc();
377 }
378
TEST(MallocTests,DISABLED_leak_memory_limit_valloc)379 TEST(MallocTests, DISABLED_leak_memory_limit_valloc) {
380 SetAllocationLimit();
381 Valloc();
382 }
383 #endif
384
VerifyLeak(const char * test_prefix)385 static void VerifyLeak(const char* test_prefix) {
386 struct FunctionInfo {
387 const char* name;
388 size_t size;
389 };
390 static FunctionInfo functions[] = {
391 {
392 "aligned_alloc",
393 1152,
394 },
395 {
396 "calloc",
397 1123,
398 },
399 {
400 "malloc",
401 1123,
402 },
403 {
404 "memalign",
405 1123,
406 },
407 {
408 "posix_memalign",
409 1123,
410 },
411 {
412 "reallocarray",
413 1123,
414 },
415 {
416 "realloc",
417 1123,
418 },
419 #if !defined(__LP64__)
420 {
421 "pvalloc",
422 4096,
423 },
424 {
425 "valloc",
426 1123,
427 }
428 #endif
429 };
430
431 for (size_t i = 0; i < sizeof(functions) / sizeof(FunctionInfo); i++) {
432 pid_t pid;
433 SCOPED_TRACE(testing::Message() << functions[i].name << " expected size " << functions[i].size);
434 std::string test = std::string("MallocTests.DISABLED_") + test_prefix + functions[i].name;
435 ASSERT_NO_FATAL_FAILURE(Exec(test.c_str(), "verbose backtrace leak_track", &pid));
436
437 std::string expected_leak = android::base::StringPrintf("leaked block of size %zu at", functions[i].size);
438 EXPECT_NO_FATAL_FAILURE(FindStrings(
439 pid, std::vector<const char*>{"malloc debug enabled", expected_leak.c_str()}));
440 }
441 }
442
TEST(MallocDebugSystemTest,verify_leak)443 TEST(MallocDebugSystemTest, verify_leak) {
444 VerifyLeak("leak_memory_");
445 }
446
TEST(MallocDebugSystemTest,verify_leak_allocation_limit)447 TEST(MallocDebugSystemTest, verify_leak_allocation_limit) {
448 VerifyLeak("leak_memory_limit_");
449 }
450
451 static constexpr int kExpectedExitCode = 30;
452
TEST(MallocTests,DISABLED_exit_while_threads_allocating)453 TEST(MallocTests, DISABLED_exit_while_threads_allocating) {
454 std::atomic_uint32_t thread_mask;
455 thread_mask = 0;
456
457 for (size_t i = 0; i < 32; i++) {
458 std::thread malloc_thread([&thread_mask, i] {
459 while (true) {
460 void* ptr = malloc(100);
461 if (ptr == nullptr) {
462 exit(1000);
463 }
464 free(ptr);
465 thread_mask.fetch_or(1 << i);
466 }
467 });
468 malloc_thread.detach();
469 }
470
471 // Wait until each thread has done at least one allocation.
472 while (thread_mask.load() != 0xffffffff)
473 ;
474 exit(kExpectedExitCode);
475 }
476
477 // Verify that exiting while other threads are doing malloc operations,
478 // that there are no crashes.
TEST(MallocDebugSystemTest,exit_while_threads_allocating)479 TEST(MallocDebugSystemTest, exit_while_threads_allocating) {
480 for (size_t i = 0; i < 100; i++) {
481 SCOPED_TRACE(::testing::Message() << "Run " << i);
482 pid_t pid;
483 ASSERT_NO_FATAL_FAILURE(Exec("MallocTests.DISABLED_exit_while_threads_allocating",
484 "verbose backtrace", &pid, kExpectedExitCode));
485
486 ASSERT_NO_FATAL_FAILURE(FindStrings(pid, std::vector<const char*>{"malloc debug enabled"}));
487
488 std::string log_str;
489 GetLogStr(pid, &log_str, LOG_ID_CRASH);
490 ASSERT_TRUE(log_str.find("Fatal signal") == std::string::npos)
491 << "Found crash in log.\nLog message: " << log_str;
492 }
493 }
494
TEST(MallocTests,DISABLED_write_leak_info)495 TEST(MallocTests, DISABLED_write_leak_info) {
496 TemporaryFile tf;
497 ASSERT_TRUE(tf.fd != -1);
498
499 FILE* fp = fdopen(tf.fd, "w+");
500 if (fp == nullptr) {
501 printf("Unable to create %s\n", tf.path);
502 _exit(1);
503 }
504 tf.release();
505
506 void* ptr = malloc(1000);
507 if (ptr == nullptr) {
508 printf("malloc failed\n");
509 _exit(1);
510 }
511 memset(ptr, 0, 1000);
512
513 android_mallopt(M_WRITE_MALLOC_LEAK_INFO_TO_FILE, fp, sizeof(fp));
514
515 fclose(fp);
516
517 free(ptr);
518 }
519
TEST(MallocDebugSystemTest,write_leak_info_no_header)520 TEST(MallocDebugSystemTest, write_leak_info_no_header) {
521 pid_t pid;
522 ASSERT_NO_FATAL_FAILURE(Exec("MallocTests.DISABLED_write_leak_info", "verbose backtrace", &pid, 0));
523
524 ASSERT_NO_FATAL_FAILURE(FindStrings(pid, std::vector<const char*>{"malloc debug enabled"},
525
526 std::vector<const char*>{" HAS INVALID TAG ", "USED AFTER FREE ", "UNKNOWN POINTER "}));
527 }
528
TEST(MallocDebugSystemTest,write_leak_info_header)529 TEST(MallocDebugSystemTest, write_leak_info_header) {
530 pid_t pid;
531 ASSERT_NO_FATAL_FAILURE(Exec("MallocTests.DISABLED_write_leak_info", "verbose backtrace guard", &pid, 0));
532
533 ASSERT_NO_FATAL_FAILURE(FindStrings(pid, std::vector<const char*>{"malloc debug enabled"},
534 std::vector<const char*>{" HAS INVALID TAG ", "USED AFTER FREE ", "UNKNOWN POINTER "}));
535 }
536
TEST(MallocTests,DISABLED_malloc_and_backtrace_deadlock)537 TEST(MallocTests, DISABLED_malloc_and_backtrace_deadlock) {
538 std::atomic_bool running(false);
539 pid_t tid;
540 std::thread thread([&tid, &running] {
541 tid = gettid();
542 running = true;
543 while (running) {
544 void* ptr = malloc(200);
545 if (ptr == nullptr) {
546 return;
547 }
548 free(ptr);
549 }
550 });
551
552 while (!running) {
553 }
554
555 static constexpr size_t kNumUnwinds = 1000;
556 for (size_t i = 0; i < kNumUnwinds; i++) {
557 std::unique_ptr<Backtrace> backtrace(Backtrace::Create(getpid(), tid));
558 ASSERT_TRUE(backtrace->Unwind(0)) << "Failed on unwind " << i;
559 ASSERT_LT(1, backtrace->NumFrames()) << "Failed on unwind " << i;
560 }
561 running = false;
562 thread.join();
563 }
564
TEST(MallocDebugSystemTest,malloc_and_backtrace_deadlock)565 TEST(MallocDebugSystemTest, malloc_and_backtrace_deadlock) {
566 pid_t pid;
567 ASSERT_NO_FATAL_FAILURE(Exec("MallocTests.DISABLED_malloc_and_backtrace_deadlock",
568 "verbose verify_pointers", &pid, 0, 180));
569
570 // Make sure that malloc debug is enabled and that no timeouts occur during
571 // unwinds.
572 ASSERT_NO_FATAL_FAILURE(FindStrings(pid, std::vector<const char*>{"malloc debug enabled"},
573 std::vector<const char*>{"Timed out waiting for "}));
574 }
575