/mdump

Primary LanguageCOtherNOASSERTION

mdump

This is a tool to interpet and show information generated b y my experimental changes to OpenBSD's malloc.

First step is to apply the diff to src/lib/libc/stdlib/malloc.c, recompile and install libc:

$ cd /usr/src/lib/libc
$ patch < malloc.diff
$ make obj
$ MALLOC_STATS=1 make
$ doas make install

After this, malloc will generate utrace(2) records when instructed to do so. These ulog records are written to a file on regular exit of your program

The trace file is generated by running your program with

MALLOC_OPTIONS=DT ktrace -tu program

The MALLOC_OPTIONS instruct malloc to write the infomration and the ktrace invocation takes care of catching the utrace records and writing themn to a file, by default called ktrace.out. After that you can use the mdump program to display the information.

Remeber to build your program and libraries with debug information. On OpenBSD system libraries are installed with debug info, so that's convenient. To get deeper stack trace information on leaks use more T's. Note that the machanism used (builtin_return_address) is not guaranteed to work for more than one T, some executablea on some platforms will crash when too many T's are used.

To compile mdump, you'll need to elftoolchain package.

# doas pkg_add elftoolchain
$ make obj
$ make
$ doas make install

This wil install the tool and man page into /usr/local.

Basic usage is

  mdump

to show leak info and

  mdump -D

to show a dump of malloc's internal state at program exit.

To produce readable stack traces, the program and its libraries should be compiled with debug information, typically -g. Statically linked programs must be compiled with the -nopie option. High optimization levels can produce debug information that mdump cannot interpret.

How does it work?

While running (and if enabled by MALLOC_OPTIONS) malloc stores backtrace information for allocations. Per stackframe the return address is recorded. Any allocation equal or larger than a page is tracked. For smaller allocations, only a sample is recorded. This means that not all leaks will be shown for smaller allocations.

At program exit, malloc will check which allocations are not freed, translate the addresses into library/executable plus offset information using dladdr(3) and construct utrace records to send out.

The mdump program then takes this information and translates the library plus offset information into function name + file + linenumber information using the debug information embedded in the program and its libraries.