[Android] Introduce libheap_profiler for memory profiling.

tools/android/heap_profiler/heap_profiler_hooks_android.c

Index: tools/android/heap_profiler/heap_profiler_hooks_android.c
diff --git a/tools/android/heap_profiler/heap_profiler_hooks_android.c b/tools/android/heap_profiler/heap_profiler_hooks_android.c
new file mode 100644
index 0000000000000000000000000000000000000000..c2cd1b8963353e47885d4f78cfbc74fd354d8fd5
--- /dev/null
+++ b/tools/android/heap_profiler/heap_profiler_hooks_android.c
@@ -0,0 +1,192 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <dlfcn.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <unwind.h>
+
+#include "tools/android/heap_profiler/heap_profiler.h"
+
+
+static int get_backtrace(uintptr_t* frames, size_t max_depth);
+
+// Function pointers typedefs for the hooked symbols.
+typedef void* (*mmap_t)(void*, size_t, int, int, int, off_t);
+typedef void* (*mmap2_t)(void*, size_t, int, int, int, off_t);
+typedef void* (*mmap64_t)(void*, size_t, int, int, int, off64_t);
+typedef void* (*mremap_t)(void*, size_t, size_t, unsigned long);
+typedef int (*munmap_t)(void*, size_t);
+typedef void* (*malloc_t)(size_t);
+typedef void* (*calloc_t)(size_t, size_t);
+typedef void* (*realloc_t)(void*, size_t);
+typedef void (*free_t)(void*);
+
+// And their actual definitions.

[pasko, 2014/06/10 16:59:52]

s/definitions/declarations/

[Primiano Tucci (use gerrit), 2014/06/19 12:27:18]

Well, technically speaking this is a variable definition, as it is allocating
storage for the variable itself.
A declaration would be something like "extern int foo;"

+static mmap_t real_mmap;
+static mmap2_t real_mmap2;
+static mmap64_t real_mmap64;
+static mremap_t real_mremap;
+static munmap_t real_munmap;
+static malloc_t real_malloc;
+static calloc_t real_calloc;
+static realloc_t real_realloc;
+static free_t real_free;
+static int* has_forked_off_zygote;
+
+// +---------------------------------------------------------------------------+
+// + Initialization of heap_profiler and lookup of hooks' addresses            +
+// +---------------------------------------------------------------------------+
+__attribute__((constructor))
+static void initialize() {
+  real_mmap = (mmap_t) dlsym(RTLD_NEXT, "mmap");
+  real_mmap2 = (mmap_t) dlsym(RTLD_NEXT, "mmap2");
+  real_mmap64 = (mmap64_t) dlsym(RTLD_NEXT, "mmap64");
+  real_mremap = (mremap_t) dlsym(RTLD_NEXT, "mremap");
+  real_munmap = (munmap_t) dlsym(RTLD_NEXT, "munmap");
+  real_malloc = (malloc_t) dlsym(RTLD_NEXT, "malloc");
+  real_calloc = (calloc_t) dlsym(RTLD_NEXT, "calloc");
+  real_realloc = (realloc_t) dlsym(RTLD_NEXT, "realloc");
+  real_free = (free_t) dlsym(RTLD_NEXT, "free");
+
+  // gMallocLeakZygoteChild is an extra useful piece of information to have.
+  // When available, it tels whether we're in the zygote (=0) or forked (=1)
+  // a child off it. In the worst case it will be NULL and we'll just ignore it.
+  has_forked_off_zygote = (int*) dlsym(RTLD_NEXT, "gMallocLeakZygoteChild");
+
+  // Allocate room for the HeapStats area and initialize the heap profiler.
+  // Make an explicit map of /dev/zero (instead of MAP_ANONYMOUS), so that the
+  // hdump tool can easily spot the mapping in the target process.
+  int fd = open("/dev/zero", O_RDONLY);
+  if (fd < 0)
+    abort();  // This world has gone wrong. Good night Vienna.

[pasko, 2014/06/10 16:59:52]

please do perror("open") before aborting to print the error message.

[Primiano Tucci (use gerrit), 2014/06/19 12:27:18]

Done.

+  heap_profiler_init((HeapStats*) real_mmap(
+      0, sizeof(HeapStats), PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0));
+}
+
+static void unwind_and_record_alloc(void* start, size_t size, uint32_t flags) {
+  uintptr_t frames[HEAP_PROFILER_MAX_DEPTH];
+  const size_t depth = get_backtrace(frames, HEAP_PROFILER_MAX_DEPTH);

[pasko, 2014/06/10 16:59:52]

this function returns int, then converts to size_t, then uint32_t. Please unify.

[Primiano Tucci (use gerrit), 2014/06/19 12:27:18]

Done.

+  if (has_forked_off_zygote != NULL && *has_forked_off_zygote == 0)
+    flags |= HEAP_PROFILER_FLAGS_IN_ZYGOTE;
+  heap_profiler_alloc(start, size, frames, depth, flags);
+}
+
+static uint32_t get_flags_for_mmap(int fd) {

[pasko, 2014/06/10 16:59:52]

it is worth a comment:
1. what flags==0 means
2. why ignoring file mapping
3. how some shared memory mappings fly below the radar and why this does not
affect Android (I am not totally sure btw)

[Primiano Tucci (use gerrit), 2014/06/19 12:27:18]

Added a comment to explain what flags are.
This is not responsbility of this library at all. This library just makes the
information available and doesn't ignore anything. Eventually the client will
ignore it.
Hence, I think that talking about ignoring here is pointless.
I think that this is something I'll document in the overall library docs (when
I'll have an html page explaining all the profiler tricks)

+  return HEAP_PROFILER_FLAGS_MMAP | (fd ? HEAP_PROFILER_FLAGS_MMAP_FILE : 0);
+}
+
+// +---------------------------------------------------------------------------+
+// + Actual mmap/malloc hooks                                                  +
+// +---------------------------------------------------------------------------+
+HEAP_PROFILER_EXPORT void* mmap(
+    void* addr, size_t size, int prot, int flags, int fd, off_t offset)  {
+  void* ret = real_mmap(addr, size, prot, flags, fd, offset);
+  if (ret != NULL)
+    unwind_and_record_alloc(ret, size, get_flags_for_mmap(fd));

[pasko, 2014/06/10 16:59:52]

I did not check properly, but it seems this function resets errno, please make
sure to set errno properly. Having a test for that would be nice too.

[Primiano Tucci (use gerrit), 2014/06/19 12:27:18]

This is a very good catch. I didn't think about errno. Thanks

+  return ret;
+}
+
+HEAP_PROFILER_EXPORT void* mmap2(
+    void* addr, size_t size, int prot, int flags, int fd, off_t pgoffset)  {
+  void* ret = real_mmap2(addr, size, prot, flags, fd, pgoffset);
+  if (ret != NULL)
+    unwind_and_record_alloc(ret, size, get_flags_for_mmap(fd));
+  return ret;
+}
+
+HEAP_PROFILER_EXPORT void* mmap64(
+    void* addr, size_t size, int prot, int flags, int fd, off64_t offset) {
+  void* ret = real_mmap64(addr, size, prot, flags, fd, offset);
+  if (ret != NULL)
+    unwind_and_record_alloc(ret, size, get_flags_for_mmap(fd));
+  return ret;
+}
+
+HEAP_PROFILER_EXPORT void* mremap(
+    void* addr, size_t oldlen, size_t newlen, unsigned long flags) {
+  void* ret = real_mremap(addr, oldlen, newlen, flags);
+  if (ret != NULL) {
+    uint32_t flags = 0;
+    if (addr)
+      heap_profiler_free(addr, oldlen, &flags);
+    if (newlen > 0)
+      unwind_and_record_alloc(ret, newlen, flags);
+  }
+  return ret;
+}
+
+HEAP_PROFILER_EXPORT int munmap(
+    void* ptr, size_t size) {
+  int ret = real_munmap(ptr, size);
+  heap_profiler_free(ptr, size, /*old_flags=*/NULL);
+  return ret;
+}
+
+HEAP_PROFILER_EXPORT void* malloc(
+    size_t byte_count) {
+  void* ret = real_malloc(byte_count);
+  if (ret != NULL)
+    unwind_and_record_alloc(ret, byte_count, HEAP_PROFILER_FLAGS_MALLOC);
+  return ret;
+}
+
+HEAP_PROFILER_EXPORT void* calloc(
+    size_t nmemb, size_t size) {
+  void* ret = real_calloc(nmemb, size);
+  if (ret != NULL)
+    unwind_and_record_alloc(ret, nmemb * size, HEAP_PROFILER_FLAGS_MALLOC);
+  return ret;
+}
+
+HEAP_PROFILER_EXPORT void* realloc(
+    void* ptr, size_t size) {
+  void* ret = real_realloc(ptr, size);
+  uint32_t flags = 0;
+  if (ptr)
+    heap_profiler_free(ptr, 0, &flags);
+  if (ret != NULL)
+    unwind_and_record_alloc(ret, size, flags | HEAP_PROFILER_FLAGS_MALLOC);
+  return ret;
+}
+
+HEAP_PROFILER_EXPORT void free(
+    void* ptr) {
+  real_free(ptr);
+  heap_profiler_free(ptr, 0, /*old_flags=*/NULL);
+}
+
+// +---------------------------------------------------------------------------+
+// + Stack unwinder                                                            +
+// +---------------------------------------------------------------------------+
+typedef struct {
+  uintptr_t* frames;
+  size_t frame_count;
+  size_t max_depth;
+  bool have_skipped_self;
+} stack_crawl_state_t;
+
+static _Unwind_Reason_Code unwind_fn(struct _Unwind_Context* ctx, void* arg) {
+  stack_crawl_state_t* state = (stack_crawl_state_t*) arg;
+  uintptr_t ip = _Unwind_GetIP(ctx);
+
+  if (ip != 0 && !state->have_skipped_self) {
+    state->have_skipped_self = true;

[pasko, 2014/06/10 16:59:52]

Is this to skip the get_backtrace() from the trace or _Unwind_Backtrace() or up
to the overridden function?

How about marking appropriate amount of functions noinline or alwaysinline to
make sure the final output would not change with a different compiler?

[Primiano Tucci (use gerrit), 2014/06/19 12:27:18]

The latter.
Right. Added always_inline to get_backtrace and unwind_and_record_alloc.

+    return _URC_NO_REASON;
+  }
+
+  state->frames[state->frame_count++] = ip;
+  return (state->frame_count >= state->max_depth) ?
+          _URC_END_OF_STACK : _URC_NO_REASON;
+}
+
+static int get_backtrace(uintptr_t* frames, size_t max_depth) {
+  stack_crawl_state_t state = {.frames = frames, .max_depth = max_depth};

[pasko, 2014/06/10 16:59:52]

I ❤ C

+  _Unwind_Backtrace(unwind_fn, &state);
+  return state.frame_count;
+}