diff options
| author | glider@chromium.org <glider@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-27 10:13:21 +0000 |
|---|---|---|
| committer | glider@chromium.org <glider@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-27 10:13:21 +0000 |
| commit | 64e2d4a477055eab43bd5a66e98a468f3ea38520 (patch) | |
| tree | 7671902c765dde36a6fb7d178423eb8b92af9dcc /build | |
| parent | 2ba8f892990cf6baec7d386c833e3f009d2fd44c (diff) | |
| download | chromium_src-64e2d4a477055eab43bd5a66e98a468f3ea38520.zip chromium_src-64e2d4a477055eab43bd5a66e98a468f3ea38520.tar.gz chromium_src-64e2d4a477055eab43bd5a66e98a468f3ea38520.tar.bz2 | |
This CL introduces the stack shadowing mechanism that should help TCMalloc's
heap leak checker to unwind the memory allocation stacks better.
Currently, if a memory region is allocated from a library built without frame
pointers heapchecker is unable to unwind the stack and records only the top
frame. This is inconvenient, because:
-- several leaks from different places are treated as leaks from the same
source
-- it's hard to suppress such leaks, because a one-line suppression is
uninformative
linux_shadow_stacks.cc keeps the threads' IP and SP values in thread-local
stacks upon each function entry/exit using gcc function instrumentation
(-finstrument-functions).
The GetStackTrace routine from stacktrace_shadow-inl.h unwinds the stack as
usual (using frame pointers), but then updates the result with the shadow stack
frames which SP values are below the bottom frame of the unwind result.
Note that -finstrument-functions affects only Chromium code, not the libraries.
This means that we cannot get more than one library function frame at the top
of the stack.
For example, consider a libfoo library that has a public foo_do_something()
routine which allocates memory via foo_alloc(). If Chromium calls
foo_do_something() from ChromeCallFoo(), then the following call chain
effectively happens:
main -> ChromeCallFoo -> foo_do_something -> foo_alloc
If libfoo is built with -fomit-frame-pointers, heapcheck can unwind only the
last stack frame:
foo_alloc
On the other hand, the shadow stack at the allocation site contains everything
below the libfoo calls:
main -> ChromeCallFoo
As a result the following allocation stack is recorded:
main -> ChromeCallFoo -> foo_alloc
This is enough to distinguish between e.g. ChromeCallFoo1 and ChromeCallFoo2
Review URL: http://codereview.chromium.org/3120017
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57658 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'build')
| -rw-r--r-- | build/common.gypi | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/build/common.gypi b/build/common.gypi index 0512572..faeefc6 100644 --- a/build/common.gypi +++ b/build/common.gypi @@ -256,6 +256,10 @@ # Disable TCMalloc's heapchecker. 'linux_use_heapchecker%': 0, + # Disable shadow stack keeping used by heapcheck to unwind the stacks + # better. + 'linux_keep_shadow_stacks%': 0, + # Set to 1 to turn on seccomp sandbox by default. # (Note: this is ignored for official builds.) 'linux_use_seccomp_sandbox%': 0, @@ -1132,6 +1136,10 @@ ['linux_use_heapchecker==0', { 'defines': ['NO_HEAPCHECKER'], }], + ['linux_keep_shadow_stacks==1', { + 'defines': ['KEEP_SHADOW_STACKS'], + 'cflags': ['-finstrument-functions'], + }], ], }, }], |