metrics: Connect leak detector to allocator

components/metrics/leak_detector/leak_detector.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/metrics/leak_detector/leak_detector.h"
 
+#include <link.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#include "base/allocator/allocator_extension.h"
+#include "base/logging.h"
 #include "content/public/browser/browser_thread.h"
 
 namespace metrics {
 
+using LeakReport = LeakDetector::LeakReport;
+using leak_detector::CustomAllocator;
+using leak_detector::LeakDetectorImpl;
+using InternalLeakReport = LeakDetectorImpl::LeakReport;
+template <typename T>
+using InternalVector = LeakDetectorImpl::InternalVector<T>;
+
+namespace {
+
+// The sampling of allocs and frees is handled internally using integer values,
+// not floating point values. This is the integer value that represents a 100%
+// sampling rate. See |g_sampling_factor|.
+const int kMaxSamplingFactor = 256;
+
+// Create an object of this class to store the current new/delete hooks and
+// then remove them. When this object goes out of scope, it will automatically
+// restore the original hooks if they existed.
+//
+// If multiple instances of this class are created and there are hooks
+// registered, only the first object will save and restore the hook functions.
+// The others will have no effect. However, all concurrent instances MUST be
+// destroyed in reverse relative to their instantiation.
+//
+// This is useful in situations such as:
+// - Calling alloc or free from within a hook function, which would otherwise
+//   result in recursive hook calls.
+// - Calling LOG() when |g_lock| is being held, as LOG will call malloc, which
+//   calls NewHook(), which then attempts to acquire the lock, resulting in it
+//   being blocked.
+class MallocHookDisabler {
+ public:
+  MallocHookDisabler()
+      : new_hook_(base::allocator::SetSingleAllocHook(nullptr)),
+        delete_hook_(base::allocator::SetSingleFreeHook(nullptr)) {}
+
+  ~MallocHookDisabler() {
+    if (new_hook_)
+      base::allocator::SetSingleAllocHook(new_hook_);
+    if (delete_hook_)
+      base::allocator::SetSingleFreeHook(delete_hook_);
+  }
+
+ private:
+  base::allocator::AllocHookFunc new_hook_;
+  base::allocator::FreeHookFunc delete_hook_;
+
+  DISALLOW_COPY_AND_ASSIGN(MallocHookDisabler);
+};
+
+// For storing the address range of the Chrome binary in memory.
+struct MappingInfo {
+  uintptr_t addr;
+  size_t size;
+};
+
+// Disables hooks before calling new.
+void* InternalAlloc(size_t size) {
+  MallocHookDisabler disabler;
+  return new char[size];
+}
+
+// Disables hooks before calling delete.
+void InternalFree(void* ptr, size_t /* size */) {
+  MallocHookDisabler disabler;
+  delete[] reinterpret_cast<char*>(ptr);
+}
+
+// Callback for dl_iterate_phdr() to find the Chrome binary mapping.
+int IterateLoadedObjects(struct dl_phdr_info* shared_object,
+                         size_t /* size */,
+                         void* data) {
+  for (int i = 0; i < shared_object->dlpi_phnum; i++) {
+    // Find the ELF segment header that contains the actual code of the Chrome
+    // binary.
+    const ElfW(Phdr)& segment_header = shared_object->dlpi_phdr[i];
+    if (segment_header.p_type == SHT_PROGBITS && segment_header.p_offset == 0 &&
+        data) {
+      MappingInfo* mapping = static_cast<MappingInfo*>(data);
+
+      // Make sure the fields in the ELF header and MappingInfo have the
+      // same size.
+      static_assert(sizeof(mapping->addr) == sizeof(shared_object->dlpi_addr),
+                    "Integer size mismatch between MappingInfo::addr and "
+                    "dl_phdr_info::dlpi_addr.");
+      static_assert(sizeof(mapping->size) == sizeof(segment_header.p_offset),
+                    "Integer size mismatch between MappingInfo::size and "
+                    "ElfW(Phdr)::p_memsz.");
+
+      mapping->addr = shared_object->dlpi_addr + segment_header.p_offset;
+      mapping->size = segment_header.p_memsz;
+      return 1;
+    }
+  }
+  return 0;
+}
+
+// Convert a pointer to a hash value. Returns only the upper eight bits.
+inline uint64_t PointerToHash(const void* ptr) {
+  // The input data is the pointer address, not the location in memory pointed
+  // to by the pointer.
+  // The multiplier is taken from Farmhash code:
+  //   https://github.com/google/farmhash/blob/master/src/farmhash.cc
+  const uint64_t kMultiplier = 0x9ddfea08eb382d69ULL;
+  uint64_t value = reinterpret_cast<uint64_t>(ptr) * kMultiplier;
+  return value >> 56;
+}
+
+LeakDetector* g_instance = nullptr;
+
+}  // namespace
+
 LeakDetector::LeakReport::LeakReport() {}
 
 LeakDetector::LeakReport::~LeakReport() {}
 
 LeakDetector::LeakDetector(float sampling_rate,
                            size_t max_call_stack_unwind_depth,
                            uint64_t analysis_interval_bytes,
                            uint32_t size_suspicion_threshold,
                            uint32_t call_stack_suspicion_threshold)
-    : weak_factory_(this) {
-  // TODO(sque): Connect this class to LeakDetectorImpl and base::allocator.
+    : total_alloc_size_(0),
+      last_analysis_alloc_size_(0),
+      analysis_interval_bytes_(analysis_interval_bytes),
+      max_call_stack_unwind_depth_(max_call_stack_unwind_depth),
+      sampling_factor_(sampling_rate * kMaxSamplingFactor),
+      weak_factory_(this) {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  CHECK(!g_instance) << "Cannot instantiate multiple instances of this class.";
+
+  // Locate the Chrome binary mapping info.
+  MappingInfo mapping;
+  dl_iterate_phdr(IterateLoadedObjects, &mapping);
+  binary_mapping_addr_ = mapping.addr;
+  binary_mapping_size_ = mapping.size;
+
+  CustomAllocator::Initialize(&InternalAlloc, &InternalFree);
+  impl_.reset(new LeakDetectorImpl(mapping.addr, mapping.size,
+                                   size_suspicion_threshold,
+                                   call_stack_suspicion_threshold));
+
+  // Register allocator hook functions.
+  if (base::allocator::SetSingleAllocHook(&AllocHook) != nullptr ||
+      base::allocator::SetSingleFreeHook(&FreeHook) != nullptr) {
+    MallocHookDisabler disabler;
+    LOG(FATAL) << "Overwrote existing callback.";
+  } else if (base::allocator::GetSingleAllocHook() != &AllocHook ||
+             base::allocator::GetSingleFreeHook() != &FreeHook) {
+    MallocHookDisabler disabler;
+    LOG(FATAL) << "Failed to register free callback.";
+    return;
+  }
+
+  g_instance = this;
 }
 
-LeakDetector::~LeakDetector() {}
+LeakDetector::~LeakDetector() {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  g_instance = nullptr;
+
+  // Unregister allocator hook functions.
+  if (base::allocator::GetSingleAllocHook() == &AllocHook)
+    base::allocator::SetSingleAllocHook(nullptr);
+  if (base::allocator::GetSingleFreeHook() == &FreeHook)
+    base::allocator::SetSingleFreeHook(nullptr);
+
+  impl_.reset();
+  if (!CustomAllocator::Shutdown()) {
+    LOG(ERROR) << "Memory leak in leak detector, allocated objects remain.";
+  }
+}
 
 void LeakDetector::AddObserver(Observer* observer) {
   DCHECK(thread_checker_.CalledOnValidThread());
   observers_.AddObserver(observer);
 }
 
 void LeakDetector::RemoveObserver(Observer* observer) {
   DCHECK(thread_checker_.CalledOnValidThread());
   observers_.RemoveObserver(observer);
 }
 
+// static
+void LeakDetector::AllocHook(const void* ptr, size_t size) {
+  CHECK(g_instance);
+
+  {
+    base::AutoLock lock(g_instance->lock_);
+    g_instance->total_alloc_size_ += size;
+
+    if (!ptr || !g_instance->ShouldSample(ptr))
+      return;
+  }
+
+  auto& impl = g_instance->impl_;
+
+  // Must be modified under lock as it uses the shared resources of
+  // CustomAllocator.
+  InternalVector<void*> stack;
+
+  // Take the stack trace outside the critical section.
+  // |LeakDetectorImpl::ShouldGetStackTraceForSize()| is const; there is no
+  // need for a lock.
+  int depth = 0;
+  if (impl->ShouldGetStackTraceForSize(size)) {
+    {
+      base::AutoLock lock(g_instance->lock_);
+      stack.resize(g_instance->max_call_stack_unwind_depth_);
+    }
+    depth = base::allocator::GetCallStack(stack.data(), stack.size(), 0);
+  }
+
+  g_instance->RecordAlloc(ptr, size, depth, stack.data());
+
+  {
+    base::AutoLock lock(g_instance->lock_);
+
+    // InternalVectors must be cleaned up under lock, so we can't wait for them
+    // to go out of scope.
+    // std::vector::clear() still leaves reserved memory inside that will be
+    // cleaned up by the destructor when it goes out of scope. And
+    // vector::shrink_to_fit() is not allowed to be used yet. Instead swap
+    // out the contents to a local container that is cleaned up when it goes
+    // out of scope.
+    InternalVector<void*> dummy_stack;
+    stack.swap(dummy_stack);
+  }
+}
+
+// static
+void LeakDetector::FreeHook(const void* ptr) {
+  if (!ptr || !g_instance->ShouldSample(ptr))
+    return;
+
+  base::AutoLock lock(g_instance->lock_);
+  g_instance->impl_->RecordFree(ptr);
+}
+
+inline bool LeakDetector::ShouldSample(const void* ptr) const {
+  return PointerToHash(ptr) < static_cast<uint64_t>(sampling_factor_);
+}
+
+void LeakDetector::RecordAlloc(const void* ptr, size_t size, int depth,
+                               void** call_stack) {
+  // This should be modified only with a lock because it uses the shared
+  // resources in CustomAllocator.
+  InternalVector<InternalLeakReport> leak_reports;
+
+  {
+    base::AutoLock lock(lock_);
+    impl_->RecordAlloc(ptr, size, depth, call_stack);
+
+    // Check for leaks after |analysis_interval_bytes_| bytes have been
+    // allocated since the last time that was done. Should be called with a lock
+    // since it:
+    // - Modifies the global variable |g_last_analysis_alloc_size|.
+    // - Updates internals of |*impl|.
+    // - Possibly generates a vector of LeakReports using CustomAllocator.
+    if (total_alloc_size_ >
+        last_analysis_alloc_size_ + analysis_interval_bytes_) {
+      // Try to maintain regular intervals of size |analysis_interval_bytes_|.
+      last_analysis_alloc_size_ =
+          total_alloc_size_ - total_alloc_size_ % analysis_interval_bytes_;
+      impl_->TestForLeaks(&leak_reports);
+    }
+  }
+
+  std::vector<LeakReport> leak_reports_for_observers;
+  leak_reports_for_observers.reserve(leak_reports.size());
+  for (const InternalLeakReport& report : leak_reports) {
+    leak_reports_for_observers.push_back(LeakReport());
+
+    LeakReport* new_report = &leak_reports_for_observers.back();
+    new_report->alloc_size_bytes = report.alloc_size_bytes();
+    if (!report.call_stack().empty()) {
+      new_report->call_stack.resize(report.call_stack().size());
+      memcpy(new_report->call_stack.data(), report.call_stack().data(),
+             report.call_stack().size() * sizeof(report.call_stack()[0]));
+    }
+  }
+
+  {
+    base::AutoLock lock(lock_);
+    InternalVector<InternalLeakReport> dummy_leak_reports;
+    leak_reports.swap(dummy_leak_reports);
+  }
+
+  // Pass leak reports to observers. The observers must be called outside of the
+  // locked area to avoid slowdown.
+  NotifyObservers(leak_reports_for_observers);
+}
+
 void LeakDetector::NotifyObservers(const std::vector<LeakReport>& reports) {
+  if (reports.empty())
+    return;
+
   if (!content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)) {
     content::BrowserThread::PostTask(
         content::BrowserThread::UI, FROM_HERE,
         base::Bind(&LeakDetector::NotifyObservers, weak_factory_.GetWeakPtr(),
                    reports));
     return;
   }
 
   for (const LeakReport& report : reports) {
     FOR_EACH_OBSERVER(Observer, observers_, OnLeakFound(report));
   }
 }
 
 }  // namespace metrics