Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Android Memory Leak Profiling - VMFive

dv
December 27, 2015

Android Memory Leak Profiling - VMFive

Introduce tools for memory profiling

dv

December 27, 2015
Tweet

More Decks by dv

Other Decks in Programming

Transcript

  1. 4 前言 我們寫程式總免不了會有 bugs, 其中 Memory 相關的 bugs 佔了一大部份, 有工具可以幫我們檢查嗎?

    有的, 最常見的是 Valgrind, 除此之外還有 Pin、Dr. Memory、Sanitizer ...
  2. 5 Memory 問題分類 • Heap OOB (Out of Bounds) •

    Stack OOB (Out of Bounds) • Global OOB (Out of Bounds) • UAF (Use After Free) • UAR (Use After Return) • UMR (Uninitialized Memory Reads) • Leaks • Double Free
  3. 6 Memory 問題分類 • Heap OOB (Out of Bounds) •

    Stack OOB (Out of Bounds) • Global OOB (Out of Bounds) • UAF (Use After Free) • UAR (Use After Return) • UMR (Uninitialized Memory Reads) • Leaks • Double Free
  4. 7 Memory 問題分類 • Heap OOB (Out of Bounds) •

    Stack OOB (Out of Bounds) • Global OOB (Out of Bounds) • UAF (Use After Free) • UAR (Use After Return) • UMR (Uninitialized Memory Reads) • Leaks • Double Free
  5. 8 Memory 問題分類 • Heap OOB (Out of Bounds) •

    Stack OOB (Out of Bounds) • Global OOB (Out of Bounds) • UAF (Use After Free) • UAR (Use After Return) • UMR (Uninitialized Memory Reads) • Leaks • Double Free
  6. 9 Memory 問題分類 • Heap OOB (Out of Bounds) •

    Stack OOB (Out of Bounds) • Global OOB (Out of Bounds) • UAF (Use After Free) • UAR (Use After Return) • UMR (Uninitialized Memory Reads) • Leaks • Double Free
  7. 1 0 Memory 問題分類 • Heap OOB (Out of Bounds)

    • Stack OOB (Out of Bounds) • Global OOB (Out of Bounds) • UAF (Use After Free) • UAR (Use After Return) • UMR (Uninitialized Memory Reads) • Leaks • Double Free
  8. 1 1 Memory 問題分類 • Heap OOB (Out of Bounds)

    • Stack OOB (Out of Bounds) • Global OOB (Out of Bounds) • UAF (Use After Free) • UAR (Use After Return) • UMR (Uninitialized Memory Reads) • Leaks • Double Free
  9. 1 2 Memory 問題分類 • Heap OOB (Out of Bounds)

    • Stack OOB (Out of Bounds) • Global OOB (Out of Bounds) • UAF (Use After Free) • UAR (Use After Return) • UMR (Uninitialized Memory Reads) • Leaks • Double Free
  10. 1 3 Memory 問題分類 • Heap OOB (Out of Bounds)

    • Stack OOB (Out of Bounds) • Global OOB (Out of Bounds) • UAF (Use After Free) • UAR (Use After Return) • UMR (Uninitialized Memory Reads) • Leaks • Double Free
  11. 1 5 Dynamic Binary Instrumentation • Pros ◦ 使用者不用重新 compile

    或 link ◦ 可以獲得執行時期的資訊 • Cons ◦ 速度較慢
  12. 1 6 Compile-Time Instrumentation • Pros ◦ 速度較 DBI 快

    (事先編譯好 & 可以做更多優化) • Cons ◦ 需要 Compiler 支援
  13. 1 8 Valgrind • Memcheck • Cachegrind • Callgrind •

    Helgrind • DRD • Massif • DHAT [EXP] • SGCheck [EXP] • BBV [EXP]
  14. 1 9 Valgrind • Memcheck • Cachegrind • Callgrind •

    Helgrind • DRD • Massif • DHAT [EXP] • SGCheck [EXP] • BBV [EXP] • Heap OOB • UAF • UMR • Double Free • Leaks
  15. 2 0 Valgrind • Memcheck • Cachegrind • Callgrind •

    Helgrind • DRD • Massif • DHAT [EXP] • SGCheck [EXP] • BBV [EXP] • Simulate Cache • Simulate Branch Predictor
  16. 2 1 Valgrind • Memcheck • Cachegrind • Callgrind •

    Helgrind • DRD • Massif • DHAT [EXP] • SGCheck [EXP] • BBV [EXP] • Generate Call Graph
  17. 2 2 Valgrind • Memcheck • Cachegrind • Callgrind •

    Helgrind • DRD • Massif • DHAT [EXP] • SGCheck [EXP] • BBV [EXP] • Data Race • Misuse of pthreads API • Potential Deadlocks
  18. 2 3 Valgrind • Memcheck • Cachegrind • Callgrind •

    Helgrind • DRD • Massif • DHAT [EXP] • SGCheck [EXP] • BBV [EXP] • Data Race • Misuse of pthreads API • Potential Deadlocks
  19. 2 4 Valgrind • Memcheck • Cachegrind • Callgrind •

    Helgrind • DRD • Massif • DHAT [EXP] • SGCheck [EXP] • BBV [EXP] • Heap Use Profiling
  20. 2 5 Valgrind • Memcheck • Cachegrind • Callgrind •

    Helgrind • DRD • Massif • DHAT [EXP] • SGCheck [EXP] • BBV [EXP] • Heap Allocation • Heap Access • Heap Lifetime • ...
  21. 2 6 Valgrind • Memcheck • Cachegrind • Callgrind •

    Helgrind • DRD • Massif • DHAT [EXP] • SGCheck [EXP] • BBV [EXP] • Stack OOB • Global OOB
  22. 2 7 Valgrind • Memcheck • Cachegrind • Callgrind •

    Helgrind • DRD • Massif • DHAT [EXP] • SGCheck [EXP] • BBV [EXP] • Basic Block Vector Generation (for SimPoint)
  23. 2 8 Cross-Compile for Android ARM Official SVN Version [Patch]

    disable Elf32_Nhdr definition for android-21 to avoid redefinition (coregrind/m_coredump/coredump-elf.c)
  24. 3 1 Problem on Emulator Valgrind wrapper fail to run

    on Android Emulator (not solve yet)
  25. 3 3 Problem - Unhandled Instruction • disInstr(arm) ◦ 0xEC510F1E

    (cond=14(0xE) 27:20=197(0xC5) 4: 4=1 3:0=14(0xE)) ▪ mrrc 15, 1, r0, r1, cr14 ◦ 0xEE190F1D (cond=14(0xE) 27:20=225(0xE1) 4: 4=1 3:0=13(0xD)) ▪ mrc 15, 0, r0, cr9, cr13, {0}
  26. 3 4 Problem - Unhandled Instruction • disInstr(thumb) ◦ 0xDEFF

    0xF8DF ▪ mrcle 8, 7, APSR_nzcv, cr15, cr15, {6} ◦ 0xDEFF 0xF107 ▪ nrmlee f7, f7 ◦ 0xDEFF 0x461F ▪ mrcle 6, 7, r4, cr15, cr15, {0} ◦ 0xDEFF 0x4607 ▪ cdple 6, 15, cr4, cr15, cr7, {0}
  27. 3 6 Sanitizer • AddressSanitizer • MemorySanitizer • LeakSanitizer •

    UndefinedBehaviorSanitizer • ThreadSanitizer • Heap OOB • Stack OOB • Global OOB • UAF • UAR • Double Free • Leaks (LeakSanitizer)
  28. 3 7 Sanitizer • AddressSanitizer • MemorySanitizer • LeakSanitizer •

    UndefinedBehaviorSanitizer • ThreadSanitizer • UMR
  29. 3 8 Sanitizer • AddressSanitizer • MemorySanitizer • LeakSanitizer •

    UndefinedBehaviorSanitizer • ThreadSanitizer • Leaks
  30. 3 9 Sanitizer • AddressSanitizer • MemorySanitizer • LeakSanitizer •

    UndefinedBehaviorSanitizer • ThreadSanitizer • Integer Overflow • NULL Pointer • Divide By Zero • ...
  31. 4 0 Sanitizer • AddressSanitizer • MemorySanitizer • LeakSanitizer •

    UndefinedBehaviorSanitizer • ThreadSanitizer • Data Race
  32. 4 4 References • [2004] Dynamic Binary Analysis and Instrumentation

    • [2007] Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation • [2009] ThreadSanitizer: data race detection in practice • [2012] AddressSanitizer: A Fast Address Sanity Checker • [2012] Dynamic Race Detection with LLVM Compiler • [2014] How Developers Use Data Race Detection Tools • [2014] C/C++ Thread Safety Analysis • [2015] MemorySanitizer: fast detector of uninitialized memory use in C++