Add some simple scripts that can aid with double-free investigations

a1227e08 · Kevin Modzelewski · ef853774 · a1227e08 · a1227e08 · a1227e08
Commit a1227e08 authored Aug 25, 2014 by Kevin Modzelewski
4 changed files
--- a/src/Makefile
+++ b/src/Makefile
@@ -787,6 +787,7 @@ perf_%: perf_release_%
 	@true
 $(call make_target,_dbg)
+$(call make_target,_debug)
 $(call make_target,_release)
 $(call make_target,_grwl)
 $(call make_target,_grwl_dbg)

--- a/src/gc/gc_alloc.cpp
+++ b/src/gc/gc_alloc.cpp
@@ -45,19 +45,29 @@ extern "C" void gc_compat_free(void* ptr) {
    gc_free(ptr);
 }
-int nallocs = 0;
 bool recursive = false;
-// We may need to hook malloc as well:
+// We may need to hook malloc as well.  For now, these definitions serve
+// as a reference on how to do that, and also can help with debugging malloc
+// usage issues.
 #if 0
 extern "C" void* malloc(size_t sz) {
    static void *(*libc_malloc)(size_t) = (void* (*)(size_t))dlsym(RTLD_NEXT, "malloc");
-    nallocs++;
+    void* r = libc_malloc(sz);
-    void* r = libc_malloc(sz);;
+    if (!recursive) {
-    if (!recursive && nallocs > 4000000) {
        recursive = true;
-        printf("malloc'd: %p\n", r);
+        printf("\nmalloc %p\n", r);
-        raise(SIGTRAP);
+        recursive = false;
+    }
+    return r;
+}
+extern "C" void* relloc(void* p, size_t sz) {
+    static void *(*libc_realloc)(void*, size_t) = (void* (*)(void*, size_t))dlsym(RTLD_NEXT, "realloc");
+    void* r = libc_realloc(p, sz);
+    if (!recursive) {
+        recursive = true;
+        printf("\nrealloc %p %p\n", p, r);
        recursive = false;
    }
    return r;
@@ -65,13 +75,13 @@ extern "C" void* malloc(size_t sz) {
 extern "C" void free(void* p) {
    static void (*libc_free)(void*) = (void (*)(void*))dlsym(RTLD_NEXT, "free");
-    if (!recursive && nallocs > 4000000) {
+    if (!recursive) {
        recursive = true;
-        printf("free: %p\n", p);
+        printf("\nfree %p\n", p);
-        raise(SIGTRAP);
+        if (p == (void*)0x1c4c780)
+            raise(SIGTRAP);
        recursive = false;
    }
-    nallocs--;
    libc_free(p);
 }
 #endif

--- a/tools/process_malloc_trace.py
+++ b/tools/process_malloc_trace.py
+lines = [l for l in open("out.log").readlines() if l.startswith("malloc ") or l.startswith("free ")]
+freed = set()
+err = set()
+for l in lines:
+    if l.startswith("malloc"):
+        p = l[7:]
+        if p in freed:
+            freed.remove(p)
+    else:
+        assert l.startswith("free")
+        p = l[5:]
+        if p.startswith("(nil)"):
+            continue
+        if p in freed:
+            if p not in err:
+                err.add(p)
+                print p.strip()
+        freed.add(p)
--- a/tools/process_mtrace_trace.py
+++ b/tools/process_mtrace_trace.py
+allocated = set()
+freed = set()
+reported = set()
+for l in open("malloc.trace").readlines()[1:]:
+    s = l.strip().split()
+    if s[-3] == '+':
+        p = s[-2]
+        if p in freed:
+            freed.remove(p)
+    elif s[-2] == '-':
+        p = s[-1]
+        if p in freed:
+            if p not in reported:
+                print "double-freed", p
+                reported.add(p)
+        freed.add(p)
+    elif s[-2] == '<':
+        p = s[-1]
+        assert p not in freed, p
+        freed.add(p)
+    elif s[-3] == '>':
+        p = s[-2]
+        if p in freed:
+            freed.remove(p)
+    else:
+        assert 0, l