xref: /freebsd/contrib/llvm-project/compiler-rt/lib/lsan/lsan_common.cpp (revision f9fd7337f63698f33239c58c07bf430198235a22)
1 //=-- lsan_common.cpp -----------------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of LeakSanitizer.
10 // Implementation of common leak checking functionality.
11 //
12 //===----------------------------------------------------------------------===//
13 
14 #include "lsan_common.h"
15 
16 #include "sanitizer_common/sanitizer_common.h"
17 #include "sanitizer_common/sanitizer_flag_parser.h"
18 #include "sanitizer_common/sanitizer_flags.h"
19 #include "sanitizer_common/sanitizer_placement_new.h"
20 #include "sanitizer_common/sanitizer_procmaps.h"
21 #include "sanitizer_common/sanitizer_report_decorator.h"
22 #include "sanitizer_common/sanitizer_stackdepot.h"
23 #include "sanitizer_common/sanitizer_stacktrace.h"
24 #include "sanitizer_common/sanitizer_suppressions.h"
25 #include "sanitizer_common/sanitizer_thread_registry.h"
26 #include "sanitizer_common/sanitizer_tls_get_addr.h"
27 
28 extern "C" const char *__lsan_current_stage = "unknown";
29 
30 #if CAN_SANITIZE_LEAKS
31 namespace __lsan {
32 
33 // This mutex is used to prevent races between DoLeakCheck and IgnoreObject, and
34 // also to protect the global list of root regions.
35 BlockingMutex global_mutex(LINKER_INITIALIZED);
36 
37 Flags lsan_flags;
38 
39 
40 void DisableCounterUnderflow() {
41   if (common_flags()->detect_leaks) {
42     Report("Unmatched call to __lsan_enable().\n");
43     Die();
44   }
45 }
46 
47 void Flags::SetDefaults() {
48 #define LSAN_FLAG(Type, Name, DefaultValue, Description) Name = DefaultValue;
49 #include "lsan_flags.inc"
50 #undef LSAN_FLAG
51 }
52 
53 void RegisterLsanFlags(FlagParser *parser, Flags *f) {
54 #define LSAN_FLAG(Type, Name, DefaultValue, Description) \
55   RegisterFlag(parser, #Name, Description, &f->Name);
56 #include "lsan_flags.inc"
57 #undef LSAN_FLAG
58 }
59 
60 #define LOG_POINTERS(...)                           \
61   do {                                              \
62     if (flags()->log_pointers) Report(__VA_ARGS__); \
63   } while (0)
64 
65 #define LOG_THREADS(...)                           \
66   do {                                             \
67     if (flags()->log_threads) Report(__VA_ARGS__); \
68   } while (0)
69 
70 ALIGNED(64) static char suppression_placeholder[sizeof(SuppressionContext)];
71 static SuppressionContext *suppression_ctx = nullptr;
72 static const char kSuppressionLeak[] = "leak";
73 static const char *kSuppressionTypes[] = { kSuppressionLeak };
74 static const char kStdSuppressions[] =
75 #if SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT
76   // For more details refer to the SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT
77   // definition.
78   "leak:*pthread_exit*\n"
79 #endif  // SANITIZER_SUPPRESS_LEAK_ON_PTHREAD_EXIT
80 #if SANITIZER_MAC
81   // For Darwin and os_log/os_trace: https://reviews.llvm.org/D35173
82   "leak:*_os_trace*\n"
83 #endif
84   // TLS leak in some glibc versions, described in
85   // https://sourceware.org/bugzilla/show_bug.cgi?id=12650.
86   "leak:*tls_get_addr*\n";
87 
88 void InitializeSuppressions() {
89   CHECK_EQ(nullptr, suppression_ctx);
90   suppression_ctx = new (suppression_placeholder)
91       SuppressionContext(kSuppressionTypes, ARRAY_SIZE(kSuppressionTypes));
92   suppression_ctx->ParseFromFile(flags()->suppressions);
93   if (&__lsan_default_suppressions)
94     suppression_ctx->Parse(__lsan_default_suppressions());
95   suppression_ctx->Parse(kStdSuppressions);
96 }
97 
98 static SuppressionContext *GetSuppressionContext() {
99   CHECK(suppression_ctx);
100   return suppression_ctx;
101 }
102 
103 static InternalMmapVector<RootRegion> *root_regions;
104 
105 InternalMmapVector<RootRegion> const *GetRootRegions() { return root_regions; }
106 
107 void InitializeRootRegions() {
108   CHECK(!root_regions);
109   ALIGNED(64) static char placeholder[sizeof(InternalMmapVector<RootRegion>)];
110   root_regions = new (placeholder) InternalMmapVector<RootRegion>();
111 }
112 
113 const char *MaybeCallLsanDefaultOptions() {
114   return (&__lsan_default_options) ? __lsan_default_options() : "";
115 }
116 
117 void InitCommonLsan() {
118   InitializeRootRegions();
119   if (common_flags()->detect_leaks) {
120     // Initialization which can fail or print warnings should only be done if
121     // LSan is actually enabled.
122     InitializeSuppressions();
123     InitializePlatformSpecificModules();
124   }
125 }
126 
127 class Decorator: public __sanitizer::SanitizerCommonDecorator {
128  public:
129   Decorator() : SanitizerCommonDecorator() { }
130   const char *Error() { return Red(); }
131   const char *Leak() { return Blue(); }
132 };
133 
134 static inline bool CanBeAHeapPointer(uptr p) {
135   // Since our heap is located in mmap-ed memory, we can assume a sensible lower
136   // bound on heap addresses.
137   const uptr kMinAddress = 4 * 4096;
138   if (p < kMinAddress) return false;
139 #if defined(__x86_64__)
140   // Accept only canonical form user-space addresses.
141   return ((p >> 47) == 0);
142 #elif defined(__mips64)
143   return ((p >> 40) == 0);
144 #elif defined(__aarch64__)
145   unsigned runtimeVMA =
146     (MostSignificantSetBitIndex(GET_CURRENT_FRAME()) + 1);
147   return ((p >> runtimeVMA) == 0);
148 #else
149   return true;
150 #endif
151 }
152 
153 // Scans the memory range, looking for byte patterns that point into allocator
154 // chunks. Marks those chunks with |tag| and adds them to |frontier|.
155 // There are two usage modes for this function: finding reachable chunks
156 // (|tag| = kReachable) and finding indirectly leaked chunks
157 // (|tag| = kIndirectlyLeaked). In the second case, there's no flood fill,
158 // so |frontier| = 0.
159 void ScanRangeForPointers(uptr begin, uptr end,
160                           Frontier *frontier,
161                           const char *region_type, ChunkTag tag) {
162   CHECK(tag == kReachable || tag == kIndirectlyLeaked);
163   const uptr alignment = flags()->pointer_alignment();
164   LOG_POINTERS("Scanning %s range %p-%p.\n", region_type, begin, end);
165   uptr pp = begin;
166   if (pp % alignment)
167     pp = pp + alignment - pp % alignment;
168   for (; pp + sizeof(void *) <= end; pp += alignment) {
169     void *p = *reinterpret_cast<void **>(pp);
170     if (!CanBeAHeapPointer(reinterpret_cast<uptr>(p))) continue;
171     uptr chunk = PointsIntoChunk(p);
172     if (!chunk) continue;
173     // Pointers to self don't count. This matters when tag == kIndirectlyLeaked.
174     if (chunk == begin) continue;
175     LsanMetadata m(chunk);
176     if (m.tag() == kReachable || m.tag() == kIgnored) continue;
177 
178     // Do this check relatively late so we can log only the interesting cases.
179     if (!flags()->use_poisoned && WordIsPoisoned(pp)) {
180       LOG_POINTERS(
181           "%p is poisoned: ignoring %p pointing into chunk %p-%p of size "
182           "%zu.\n",
183           pp, p, chunk, chunk + m.requested_size(), m.requested_size());
184       continue;
185     }
186 
187     m.set_tag(tag);
188     LOG_POINTERS("%p: found %p pointing into chunk %p-%p of size %zu.\n", pp, p,
189                  chunk, chunk + m.requested_size(), m.requested_size());
190     if (frontier)
191       frontier->push_back(chunk);
192   }
193 }
194 
195 // Scans a global range for pointers
196 void ScanGlobalRange(uptr begin, uptr end, Frontier *frontier) {
197   uptr allocator_begin = 0, allocator_end = 0;
198   GetAllocatorGlobalRange(&allocator_begin, &allocator_end);
199   if (begin <= allocator_begin && allocator_begin < end) {
200     CHECK_LE(allocator_begin, allocator_end);
201     CHECK_LE(allocator_end, end);
202     if (begin < allocator_begin)
203       ScanRangeForPointers(begin, allocator_begin, frontier, "GLOBAL",
204                            kReachable);
205     if (allocator_end < end)
206       ScanRangeForPointers(allocator_end, end, frontier, "GLOBAL", kReachable);
207   } else {
208     ScanRangeForPointers(begin, end, frontier, "GLOBAL", kReachable);
209   }
210 }
211 
212 void ForEachExtraStackRangeCb(uptr begin, uptr end, void* arg) {
213   Frontier *frontier = reinterpret_cast<Frontier *>(arg);
214   ScanRangeForPointers(begin, end, frontier, "FAKE STACK", kReachable);
215 }
216 
217 #if SANITIZER_FUCHSIA
218 
219 // Fuchsia handles all threads together with its own callback.
220 static void ProcessThreads(SuspendedThreadsList const &, Frontier *) {}
221 
222 #else
223 
224 // Scans thread data (stacks and TLS) for heap pointers.
225 static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
226                            Frontier *frontier) {
227   InternalMmapVector<uptr> registers(suspended_threads.RegisterCount());
228   uptr registers_begin = reinterpret_cast<uptr>(registers.data());
229   uptr registers_end =
230       reinterpret_cast<uptr>(registers.data() + registers.size());
231   for (uptr i = 0; i < suspended_threads.ThreadCount(); i++) {
232     tid_t os_id = static_cast<tid_t>(suspended_threads.GetThreadID(i));
233     LOG_THREADS("Processing thread %d.\n", os_id);
234     uptr stack_begin, stack_end, tls_begin, tls_end, cache_begin, cache_end;
235     DTLS *dtls;
236     bool thread_found = GetThreadRangesLocked(os_id, &stack_begin, &stack_end,
237                                               &tls_begin, &tls_end,
238                                               &cache_begin, &cache_end, &dtls);
239     if (!thread_found) {
240       // If a thread can't be found in the thread registry, it's probably in the
241       // process of destruction. Log this event and move on.
242       LOG_THREADS("Thread %d not found in registry.\n", os_id);
243       continue;
244     }
245     uptr sp;
246     PtraceRegistersStatus have_registers =
247         suspended_threads.GetRegistersAndSP(i, registers.data(), &sp);
248     if (have_registers != REGISTERS_AVAILABLE) {
249       Report("Unable to get registers from thread %d.\n", os_id);
250       // If unable to get SP, consider the entire stack to be reachable unless
251       // GetRegistersAndSP failed with ESRCH.
252       if (have_registers == REGISTERS_UNAVAILABLE_FATAL) continue;
253       sp = stack_begin;
254     }
255 
256     if (flags()->use_registers && have_registers)
257       ScanRangeForPointers(registers_begin, registers_end, frontier,
258                            "REGISTERS", kReachable);
259 
260     if (flags()->use_stacks) {
261       LOG_THREADS("Stack at %p-%p (SP = %p).\n", stack_begin, stack_end, sp);
262       if (sp < stack_begin || sp >= stack_end) {
263         // SP is outside the recorded stack range (e.g. the thread is running a
264         // signal handler on alternate stack, or swapcontext was used).
265         // Again, consider the entire stack range to be reachable.
266         LOG_THREADS("WARNING: stack pointer not in stack range.\n");
267         uptr page_size = GetPageSizeCached();
268         int skipped = 0;
269         while (stack_begin < stack_end &&
270                !IsAccessibleMemoryRange(stack_begin, 1)) {
271           skipped++;
272           stack_begin += page_size;
273         }
274         LOG_THREADS("Skipped %d guard page(s) to obtain stack %p-%p.\n",
275                     skipped, stack_begin, stack_end);
276       } else {
277         // Shrink the stack range to ignore out-of-scope values.
278         stack_begin = sp;
279       }
280       ScanRangeForPointers(stack_begin, stack_end, frontier, "STACK",
281                            kReachable);
282       ForEachExtraStackRange(os_id, ForEachExtraStackRangeCb, frontier);
283     }
284 
285     if (flags()->use_tls) {
286       if (tls_begin) {
287         LOG_THREADS("TLS at %p-%p.\n", tls_begin, tls_end);
288         // If the tls and cache ranges don't overlap, scan full tls range,
289         // otherwise, only scan the non-overlapping portions
290         if (cache_begin == cache_end || tls_end < cache_begin ||
291             tls_begin > cache_end) {
292           ScanRangeForPointers(tls_begin, tls_end, frontier, "TLS", kReachable);
293         } else {
294           if (tls_begin < cache_begin)
295             ScanRangeForPointers(tls_begin, cache_begin, frontier, "TLS",
296                                  kReachable);
297           if (tls_end > cache_end)
298             ScanRangeForPointers(cache_end, tls_end, frontier, "TLS",
299                                  kReachable);
300         }
301       }
302       if (dtls && !DTLSInDestruction(dtls)) {
303         for (uptr j = 0; j < dtls->dtv_size; ++j) {
304           uptr dtls_beg = dtls->dtv[j].beg;
305           uptr dtls_end = dtls_beg + dtls->dtv[j].size;
306           if (dtls_beg < dtls_end) {
307             LOG_THREADS("DTLS %zu at %p-%p.\n", j, dtls_beg, dtls_end);
308             ScanRangeForPointers(dtls_beg, dtls_end, frontier, "DTLS",
309                                  kReachable);
310           }
311         }
312       } else {
313         // We are handling a thread with DTLS under destruction. Log about
314         // this and continue.
315         LOG_THREADS("Thread %d has DTLS under destruction.\n", os_id);
316       }
317     }
318   }
319 }
320 
321 #endif  // SANITIZER_FUCHSIA
322 
323 void ScanRootRegion(Frontier *frontier, const RootRegion &root_region,
324                     uptr region_begin, uptr region_end, bool is_readable) {
325   uptr intersection_begin = Max(root_region.begin, region_begin);
326   uptr intersection_end = Min(region_end, root_region.begin + root_region.size);
327   if (intersection_begin >= intersection_end) return;
328   LOG_POINTERS("Root region %p-%p intersects with mapped region %p-%p (%s)\n",
329                root_region.begin, root_region.begin + root_region.size,
330                region_begin, region_end,
331                is_readable ? "readable" : "unreadable");
332   if (is_readable)
333     ScanRangeForPointers(intersection_begin, intersection_end, frontier, "ROOT",
334                          kReachable);
335 }
336 
337 static void ProcessRootRegion(Frontier *frontier,
338                               const RootRegion &root_region) {
339   MemoryMappingLayout proc_maps(/*cache_enabled*/ true);
340   MemoryMappedSegment segment;
341   while (proc_maps.Next(&segment)) {
342     ScanRootRegion(frontier, root_region, segment.start, segment.end,
343                    segment.IsReadable());
344   }
345 }
346 
347 // Scans root regions for heap pointers.
348 static void ProcessRootRegions(Frontier *frontier) {
349   if (!flags()->use_root_regions) return;
350   CHECK(root_regions);
351   for (uptr i = 0; i < root_regions->size(); i++) {
352     ProcessRootRegion(frontier, (*root_regions)[i]);
353   }
354 }
355 
356 static void FloodFillTag(Frontier *frontier, ChunkTag tag) {
357   while (frontier->size()) {
358     uptr next_chunk = frontier->back();
359     frontier->pop_back();
360     LsanMetadata m(next_chunk);
361     ScanRangeForPointers(next_chunk, next_chunk + m.requested_size(), frontier,
362                          "HEAP", tag);
363   }
364 }
365 
366 // ForEachChunk callback. If the chunk is marked as leaked, marks all chunks
367 // which are reachable from it as indirectly leaked.
368 static void MarkIndirectlyLeakedCb(uptr chunk, void *arg) {
369   __lsan_current_stage = "MarkIndirectlyLeakedCb";
370   chunk = GetUserBegin(chunk);
371   LsanMetadata m(chunk);
372   if (m.allocated() && m.tag() != kReachable) {
373     ScanRangeForPointers(chunk, chunk + m.requested_size(),
374                          /* frontier */ nullptr, "HEAP", kIndirectlyLeaked);
375   }
376 }
377 
378 // ForEachChunk callback. If chunk is marked as ignored, adds its address to
379 // frontier.
380 static void CollectIgnoredCb(uptr chunk, void *arg) {
381   CHECK(arg);
382   __lsan_current_stage = "CollectIgnoredCb";
383   chunk = GetUserBegin(chunk);
384   LsanMetadata m(chunk);
385   if (m.allocated() && m.tag() == kIgnored) {
386     LOG_POINTERS("Ignored: chunk %p-%p of size %zu.\n",
387                  chunk, chunk + m.requested_size(), m.requested_size());
388     reinterpret_cast<Frontier *>(arg)->push_back(chunk);
389   }
390 }
391 
392 static uptr GetCallerPC(u32 stack_id, StackDepotReverseMap *map) {
393   CHECK(stack_id);
394   StackTrace stack = map->Get(stack_id);
395   // The top frame is our malloc/calloc/etc. The next frame is the caller.
396   if (stack.size >= 2)
397     return stack.trace[1];
398   return 0;
399 }
400 
401 struct InvalidPCParam {
402   Frontier *frontier;
403   StackDepotReverseMap *stack_depot_reverse_map;
404   bool skip_linker_allocations;
405 };
406 
407 // ForEachChunk callback. If the caller pc is invalid or is within the linker,
408 // mark as reachable. Called by ProcessPlatformSpecificAllocations.
409 static void MarkInvalidPCCb(uptr chunk, void *arg) {
410   CHECK(arg);
411   InvalidPCParam *param = reinterpret_cast<InvalidPCParam *>(arg);
412   __lsan_current_stage = "MarkInvalidPCCb";
413   chunk = GetUserBegin(chunk);
414   LsanMetadata m(chunk);
415   if (m.allocated() && m.tag() != kReachable && m.tag() != kIgnored) {
416     u32 stack_id = m.stack_trace_id();
417     uptr caller_pc = 0;
418     if (stack_id > 0)
419       caller_pc = GetCallerPC(stack_id, param->stack_depot_reverse_map);
420     // If caller_pc is unknown, this chunk may be allocated in a coroutine. Mark
421     // it as reachable, as we can't properly report its allocation stack anyway.
422     if (caller_pc == 0 || (param->skip_linker_allocations &&
423                            GetLinker()->containsAddress(caller_pc))) {
424       m.set_tag(kReachable);
425       param->frontier->push_back(chunk);
426     }
427   }
428 }
429 
430 // On Linux, treats all chunks allocated from ld-linux.so as reachable, which
431 // covers dynamically allocated TLS blocks, internal dynamic loader's loaded
432 // modules accounting etc.
433 // Dynamic TLS blocks contain the TLS variables of dynamically loaded modules.
434 // They are allocated with a __libc_memalign() call in allocate_and_init()
435 // (elf/dl-tls.c). Glibc won't tell us the address ranges occupied by those
436 // blocks, but we can make sure they come from our own allocator by intercepting
437 // __libc_memalign(). On top of that, there is no easy way to reach them. Their
438 // addresses are stored in a dynamically allocated array (the DTV) which is
439 // referenced from the static TLS. Unfortunately, we can't just rely on the DTV
440 // being reachable from the static TLS, and the dynamic TLS being reachable from
441 // the DTV. This is because the initial DTV is allocated before our interception
442 // mechanism kicks in, and thus we don't recognize it as allocated memory. We
443 // can't special-case it either, since we don't know its size.
444 // Our solution is to include in the root set all allocations made from
445 // ld-linux.so (which is where allocate_and_init() is implemented). This is
446 // guaranteed to include all dynamic TLS blocks (and possibly other allocations
447 // which we don't care about).
448 // On all other platforms, this simply checks to ensure that the caller pc is
449 // valid before reporting chunks as leaked.
450 void ProcessPC(Frontier *frontier) {
451   StackDepotReverseMap stack_depot_reverse_map;
452   InvalidPCParam arg;
453   arg.frontier = frontier;
454   arg.stack_depot_reverse_map = &stack_depot_reverse_map;
455   arg.skip_linker_allocations =
456       flags()->use_tls && flags()->use_ld_allocations && GetLinker() != nullptr;
457   ForEachChunk(MarkInvalidPCCb, &arg);
458 }
459 
460 // Sets the appropriate tag on each chunk.
461 static void ClassifyAllChunks(SuspendedThreadsList const &suspended_threads,
462                               Frontier *frontier) {
463   ForEachChunk(CollectIgnoredCb, frontier);
464   ProcessGlobalRegions(frontier);
465   ProcessThreads(suspended_threads, frontier);
466   ProcessRootRegions(frontier);
467   FloodFillTag(frontier, kReachable);
468 
469   CHECK_EQ(0, frontier->size());
470   ProcessPC(frontier);
471 
472   // The check here is relatively expensive, so we do this in a separate flood
473   // fill. That way we can skip the check for chunks that are reachable
474   // otherwise.
475   LOG_POINTERS("Processing platform-specific allocations.\n");
476   ProcessPlatformSpecificAllocations(frontier);
477   FloodFillTag(frontier, kReachable);
478 
479   // Iterate over leaked chunks and mark those that are reachable from other
480   // leaked chunks.
481   LOG_POINTERS("Scanning leaked chunks.\n");
482   ForEachChunk(MarkIndirectlyLeakedCb, nullptr);
483 }
484 
485 // ForEachChunk callback. Resets the tags to pre-leak-check state.
486 static void ResetTagsCb(uptr chunk, void *arg) {
487   (void)arg;
488   __lsan_current_stage = "ResetTagsCb";
489   chunk = GetUserBegin(chunk);
490   LsanMetadata m(chunk);
491   if (m.allocated() && m.tag() != kIgnored)
492     m.set_tag(kDirectlyLeaked);
493 }
494 
495 static void PrintStackTraceById(u32 stack_trace_id) {
496   CHECK(stack_trace_id);
497   StackDepotGet(stack_trace_id).Print();
498 }
499 
500 // ForEachChunk callback. Aggregates information about unreachable chunks into
501 // a LeakReport.
502 static void CollectLeaksCb(uptr chunk, void *arg) {
503   CHECK(arg);
504   LeakReport *leak_report = reinterpret_cast<LeakReport *>(arg);
505   __lsan_current_stage = "CollectLeaksCb";
506   chunk = GetUserBegin(chunk);
507   LsanMetadata m(chunk);
508   if (!m.allocated()) return;
509   if (m.tag() == kDirectlyLeaked || m.tag() == kIndirectlyLeaked) {
510     u32 resolution = flags()->resolution;
511     u32 stack_trace_id = 0;
512     if (resolution > 0) {
513       StackTrace stack = StackDepotGet(m.stack_trace_id());
514       stack.size = Min(stack.size, resolution);
515       stack_trace_id = StackDepotPut(stack);
516     } else {
517       stack_trace_id = m.stack_trace_id();
518     }
519     leak_report->AddLeakedChunk(chunk, stack_trace_id, m.requested_size(),
520                                 m.tag());
521   }
522 }
523 
524 static void PrintMatchedSuppressions() {
525   InternalMmapVector<Suppression *> matched;
526   GetSuppressionContext()->GetMatched(&matched);
527   if (!matched.size())
528     return;
529   const char *line = "-----------------------------------------------------";
530   Printf("%s\n", line);
531   Printf("Suppressions used:\n");
532   Printf("  count      bytes template\n");
533   for (uptr i = 0; i < matched.size(); i++)
534     Printf("%7zu %10zu %s\n", static_cast<uptr>(atomic_load_relaxed(
535         &matched[i]->hit_count)), matched[i]->weight, matched[i]->templ);
536   Printf("%s\n\n", line);
537 }
538 
539 static void ReportIfNotSuspended(ThreadContextBase *tctx, void *arg) {
540   const InternalMmapVector<tid_t> &suspended_threads =
541       *(const InternalMmapVector<tid_t> *)arg;
542   if (tctx->status == ThreadStatusRunning) {
543     uptr i = InternalLowerBound(suspended_threads, 0, suspended_threads.size(),
544                                 tctx->os_id, CompareLess<int>());
545     if (i >= suspended_threads.size() || suspended_threads[i] != tctx->os_id)
546       Report("Running thread %d was not suspended. False leaks are possible.\n",
547              tctx->os_id);
548   }
549 }
550 
551 #if SANITIZER_FUCHSIA
552 
553 // Fuchsia provides a libc interface that guarantees all threads are
554 // covered, and SuspendedThreadList is never really used.
555 static void ReportUnsuspendedThreads(const SuspendedThreadsList &) {}
556 
557 #else  // !SANITIZER_FUCHSIA
558 
559 static void ReportUnsuspendedThreads(
560     const SuspendedThreadsList &suspended_threads) {
561   InternalMmapVector<tid_t> threads(suspended_threads.ThreadCount());
562   for (uptr i = 0; i < suspended_threads.ThreadCount(); ++i)
563     threads[i] = suspended_threads.GetThreadID(i);
564 
565   Sort(threads.data(), threads.size());
566 
567   GetThreadRegistryLocked()->RunCallbackForEachThreadLocked(
568       &ReportIfNotSuspended, &threads);
569 }
570 
571 #endif  // !SANITIZER_FUCHSIA
572 
573 static void CheckForLeaksCallback(const SuspendedThreadsList &suspended_threads,
574                                   void *arg) {
575   CheckForLeaksParam *param = reinterpret_cast<CheckForLeaksParam *>(arg);
576   CHECK(param);
577   CHECK(!param->success);
578   ReportUnsuspendedThreads(suspended_threads);
579   ClassifyAllChunks(suspended_threads, &param->frontier);
580   ForEachChunk(CollectLeaksCb, &param->leak_report);
581   // Clean up for subsequent leak checks. This assumes we did not overwrite any
582   // kIgnored tags.
583   ForEachChunk(ResetTagsCb, nullptr);
584   param->success = true;
585 }
586 
587 static bool CheckForLeaks() {
588   if (&__lsan_is_turned_off && __lsan_is_turned_off())
589       return false;
590   EnsureMainThreadIDIsCorrect();
591   CheckForLeaksParam param;
592   LockStuffAndStopTheWorld(CheckForLeaksCallback, &param);
593 
594   if (!param.success) {
595     Report("LeakSanitizer has encountered a fatal error.\n");
596     Report(
597         "HINT: For debugging, try setting environment variable "
598         "LSAN_OPTIONS=verbosity=1:log_threads=1\n");
599     Report(
600         "HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)\n");
601     Die();
602   }
603   param.leak_report.ApplySuppressions();
604   uptr unsuppressed_count = param.leak_report.UnsuppressedLeakCount();
605   if (unsuppressed_count > 0) {
606     Decorator d;
607     Printf("\n"
608            "================================================================="
609            "\n");
610     Printf("%s", d.Error());
611     Report("ERROR: LeakSanitizer: detected memory leaks\n");
612     Printf("%s", d.Default());
613     param.leak_report.ReportTopLeaks(flags()->max_leaks);
614   }
615   if (common_flags()->print_suppressions)
616     PrintMatchedSuppressions();
617   if (unsuppressed_count > 0) {
618     param.leak_report.PrintSummary();
619     return true;
620   }
621   return false;
622 }
623 
624 static bool has_reported_leaks = false;
625 bool HasReportedLeaks() { return has_reported_leaks; }
626 
627 void DoLeakCheck() {
628   BlockingMutexLock l(&global_mutex);
629   static bool already_done;
630   if (already_done) return;
631   already_done = true;
632   has_reported_leaks = CheckForLeaks();
633   if (has_reported_leaks) HandleLeaks();
634 }
635 
636 static int DoRecoverableLeakCheck() {
637   BlockingMutexLock l(&global_mutex);
638   bool have_leaks = CheckForLeaks();
639   return have_leaks ? 1 : 0;
640 }
641 
642 void DoRecoverableLeakCheckVoid() { DoRecoverableLeakCheck(); }
643 
644 static Suppression *GetSuppressionForAddr(uptr addr) {
645   Suppression *s = nullptr;
646 
647   // Suppress by module name.
648   SuppressionContext *suppressions = GetSuppressionContext();
649   if (const char *module_name =
650           Symbolizer::GetOrInit()->GetModuleNameForPc(addr))
651     if (suppressions->Match(module_name, kSuppressionLeak, &s))
652       return s;
653 
654   // Suppress by file or function name.
655   SymbolizedStack *frames = Symbolizer::GetOrInit()->SymbolizePC(addr);
656   for (SymbolizedStack *cur = frames; cur; cur = cur->next) {
657     if (suppressions->Match(cur->info.function, kSuppressionLeak, &s) ||
658         suppressions->Match(cur->info.file, kSuppressionLeak, &s)) {
659       break;
660     }
661   }
662   frames->ClearAll();
663   return s;
664 }
665 
666 static Suppression *GetSuppressionForStack(u32 stack_trace_id) {
667   StackTrace stack = StackDepotGet(stack_trace_id);
668   for (uptr i = 0; i < stack.size; i++) {
669     Suppression *s = GetSuppressionForAddr(
670         StackTrace::GetPreviousInstructionPc(stack.trace[i]));
671     if (s) return s;
672   }
673   return nullptr;
674 }
675 
676 ///// LeakReport implementation. /////
677 
678 // A hard limit on the number of distinct leaks, to avoid quadratic complexity
679 // in LeakReport::AddLeakedChunk(). We don't expect to ever see this many leaks
680 // in real-world applications.
681 // FIXME: Get rid of this limit by changing the implementation of LeakReport to
682 // use a hash table.
683 const uptr kMaxLeaksConsidered = 5000;
684 
685 void LeakReport::AddLeakedChunk(uptr chunk, u32 stack_trace_id,
686                                 uptr leaked_size, ChunkTag tag) {
687   CHECK(tag == kDirectlyLeaked || tag == kIndirectlyLeaked);
688   bool is_directly_leaked = (tag == kDirectlyLeaked);
689   uptr i;
690   for (i = 0; i < leaks_.size(); i++) {
691     if (leaks_[i].stack_trace_id == stack_trace_id &&
692         leaks_[i].is_directly_leaked == is_directly_leaked) {
693       leaks_[i].hit_count++;
694       leaks_[i].total_size += leaked_size;
695       break;
696     }
697   }
698   if (i == leaks_.size()) {
699     if (leaks_.size() == kMaxLeaksConsidered) return;
700     Leak leak = { next_id_++, /* hit_count */ 1, leaked_size, stack_trace_id,
701                   is_directly_leaked, /* is_suppressed */ false };
702     leaks_.push_back(leak);
703   }
704   if (flags()->report_objects) {
705     LeakedObject obj = {leaks_[i].id, chunk, leaked_size};
706     leaked_objects_.push_back(obj);
707   }
708 }
709 
710 static bool LeakComparator(const Leak &leak1, const Leak &leak2) {
711   if (leak1.is_directly_leaked == leak2.is_directly_leaked)
712     return leak1.total_size > leak2.total_size;
713   else
714     return leak1.is_directly_leaked;
715 }
716 
717 void LeakReport::ReportTopLeaks(uptr num_leaks_to_report) {
718   CHECK(leaks_.size() <= kMaxLeaksConsidered);
719   Printf("\n");
720   if (leaks_.size() == kMaxLeaksConsidered)
721     Printf("Too many leaks! Only the first %zu leaks encountered will be "
722            "reported.\n",
723            kMaxLeaksConsidered);
724 
725   uptr unsuppressed_count = UnsuppressedLeakCount();
726   if (num_leaks_to_report > 0 && num_leaks_to_report < unsuppressed_count)
727     Printf("The %zu top leak(s):\n", num_leaks_to_report);
728   Sort(leaks_.data(), leaks_.size(), &LeakComparator);
729   uptr leaks_reported = 0;
730   for (uptr i = 0; i < leaks_.size(); i++) {
731     if (leaks_[i].is_suppressed) continue;
732     PrintReportForLeak(i);
733     leaks_reported++;
734     if (leaks_reported == num_leaks_to_report) break;
735   }
736   if (leaks_reported < unsuppressed_count) {
737     uptr remaining = unsuppressed_count - leaks_reported;
738     Printf("Omitting %zu more leak(s).\n", remaining);
739   }
740 }
741 
742 void LeakReport::PrintReportForLeak(uptr index) {
743   Decorator d;
744   Printf("%s", d.Leak());
745   Printf("%s leak of %zu byte(s) in %zu object(s) allocated from:\n",
746          leaks_[index].is_directly_leaked ? "Direct" : "Indirect",
747          leaks_[index].total_size, leaks_[index].hit_count);
748   Printf("%s", d.Default());
749 
750   PrintStackTraceById(leaks_[index].stack_trace_id);
751 
752   if (flags()->report_objects) {
753     Printf("Objects leaked above:\n");
754     PrintLeakedObjectsForLeak(index);
755     Printf("\n");
756   }
757 }
758 
759 void LeakReport::PrintLeakedObjectsForLeak(uptr index) {
760   u32 leak_id = leaks_[index].id;
761   for (uptr j = 0; j < leaked_objects_.size(); j++) {
762     if (leaked_objects_[j].leak_id == leak_id)
763       Printf("%p (%zu bytes)\n", leaked_objects_[j].addr,
764              leaked_objects_[j].size);
765   }
766 }
767 
768 void LeakReport::PrintSummary() {
769   CHECK(leaks_.size() <= kMaxLeaksConsidered);
770   uptr bytes = 0, allocations = 0;
771   for (uptr i = 0; i < leaks_.size(); i++) {
772       if (leaks_[i].is_suppressed) continue;
773       bytes += leaks_[i].total_size;
774       allocations += leaks_[i].hit_count;
775   }
776   InternalScopedString summary(kMaxSummaryLength);
777   summary.append("%zu byte(s) leaked in %zu allocation(s).", bytes,
778                  allocations);
779   ReportErrorSummary(summary.data());
780 }
781 
782 void LeakReport::ApplySuppressions() {
783   for (uptr i = 0; i < leaks_.size(); i++) {
784     Suppression *s = GetSuppressionForStack(leaks_[i].stack_trace_id);
785     if (s) {
786       s->weight += leaks_[i].total_size;
787       atomic_store_relaxed(&s->hit_count, atomic_load_relaxed(&s->hit_count) +
788           leaks_[i].hit_count);
789       leaks_[i].is_suppressed = true;
790     }
791   }
792 }
793 
794 uptr LeakReport::UnsuppressedLeakCount() {
795   uptr result = 0;
796   for (uptr i = 0; i < leaks_.size(); i++)
797     if (!leaks_[i].is_suppressed) result++;
798   return result;
799 }
800 
801 } // namespace __lsan
802 #else // CAN_SANITIZE_LEAKS
803 namespace __lsan {
804 void InitCommonLsan() { }
805 void DoLeakCheck() { }
806 void DoRecoverableLeakCheckVoid() { }
807 void DisableInThisThread() { }
808 void EnableInThisThread() { }
809 }
810 #endif // CAN_SANITIZE_LEAKS
811 
812 using namespace __lsan;
813 
814 extern "C" {
815 SANITIZER_INTERFACE_ATTRIBUTE
816 void __lsan_ignore_object(const void *p) {
817 #if CAN_SANITIZE_LEAKS
818   if (!common_flags()->detect_leaks)
819     return;
820   // Cannot use PointsIntoChunk or LsanMetadata here, since the allocator is not
821   // locked.
822   BlockingMutexLock l(&global_mutex);
823   IgnoreObjectResult res = IgnoreObjectLocked(p);
824   if (res == kIgnoreObjectInvalid)
825     VReport(1, "__lsan_ignore_object(): no heap object found at %p", p);
826   if (res == kIgnoreObjectAlreadyIgnored)
827     VReport(1, "__lsan_ignore_object(): "
828            "heap object at %p is already being ignored\n", p);
829   if (res == kIgnoreObjectSuccess)
830     VReport(1, "__lsan_ignore_object(): ignoring heap object at %p\n", p);
831 #endif // CAN_SANITIZE_LEAKS
832 }
833 
834 SANITIZER_INTERFACE_ATTRIBUTE
835 void __lsan_register_root_region(const void *begin, uptr size) {
836 #if CAN_SANITIZE_LEAKS
837   BlockingMutexLock l(&global_mutex);
838   CHECK(root_regions);
839   RootRegion region = {reinterpret_cast<uptr>(begin), size};
840   root_regions->push_back(region);
841   VReport(1, "Registered root region at %p of size %llu\n", begin, size);
842 #endif // CAN_SANITIZE_LEAKS
843 }
844 
845 SANITIZER_INTERFACE_ATTRIBUTE
846 void __lsan_unregister_root_region(const void *begin, uptr size) {
847 #if CAN_SANITIZE_LEAKS
848   BlockingMutexLock l(&global_mutex);
849   CHECK(root_regions);
850   bool removed = false;
851   for (uptr i = 0; i < root_regions->size(); i++) {
852     RootRegion region = (*root_regions)[i];
853     if (region.begin == reinterpret_cast<uptr>(begin) && region.size == size) {
854       removed = true;
855       uptr last_index = root_regions->size() - 1;
856       (*root_regions)[i] = (*root_regions)[last_index];
857       root_regions->pop_back();
858       VReport(1, "Unregistered root region at %p of size %llu\n", begin, size);
859       break;
860     }
861   }
862   if (!removed) {
863     Report(
864         "__lsan_unregister_root_region(): region at %p of size %llu has not "
865         "been registered.\n",
866         begin, size);
867     Die();
868   }
869 #endif // CAN_SANITIZE_LEAKS
870 }
871 
872 SANITIZER_INTERFACE_ATTRIBUTE
873 void __lsan_disable() {
874 #if CAN_SANITIZE_LEAKS
875   __lsan::DisableInThisThread();
876 #endif
877 }
878 
879 SANITIZER_INTERFACE_ATTRIBUTE
880 void __lsan_enable() {
881 #if CAN_SANITIZE_LEAKS
882   __lsan::EnableInThisThread();
883 #endif
884 }
885 
886 SANITIZER_INTERFACE_ATTRIBUTE
887 void __lsan_do_leak_check() {
888 #if CAN_SANITIZE_LEAKS
889   if (common_flags()->detect_leaks)
890     __lsan::DoLeakCheck();
891 #endif // CAN_SANITIZE_LEAKS
892 }
893 
894 SANITIZER_INTERFACE_ATTRIBUTE
895 int __lsan_do_recoverable_leak_check() {
896 #if CAN_SANITIZE_LEAKS
897   if (common_flags()->detect_leaks)
898     return __lsan::DoRecoverableLeakCheck();
899 #endif // CAN_SANITIZE_LEAKS
900   return 0;
901 }
902 
903 #if !SANITIZER_SUPPORTS_WEAK_HOOKS
904 SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
905 const char * __lsan_default_options() {
906   return "";
907 }
908 
909 SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
910 int __lsan_is_turned_off() {
911   return 0;
912 }
913 
914 SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
915 const char *__lsan_default_suppressions() {
916   return "";
917 }
918 #endif
919 } // extern "C"
920