summaryrefslogtreecommitdiff
path: root/debuggerd/debuggerd_test.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Display offset in backtraces if necessary.Christopher Ferris2023-02-011-2/+58
| | | | | | | | | | | | | | | When moving to a proto tombstone, backtraces no longer contain an offset when a frame is in a shared library from an apk. Add the offset display again if needed, and add a test to verify this behavior. Bug: 267341682 Test: All unit tests pass. Test: Dumped a process running through an apk to verify the offset Test: is present. Change-Id: Ib720ccb5bfcc8531d1e407f3d01817e8a0b9128c (cherry picked from commit 22035ccb01693da3e0ec94776c86988c7d5c617e)
* Fix check for thread unwind.Christopher Ferris2022-05-241-0/+23
| | | | | | | | | | | | | If a process requires executing fallback unwinder and the thread crashing is not the main thread, the wrong unwinder is used. Fix this case, and add a new unit test that causes an abort in the non main thread. Bug: 233721755 Test: New unit test passes with fix and fails without. Test: Ran debuggerd on swcodec process and it still dumps all threads. Change-Id: I70fffc5d680256ce867e7a1d427593b584259160
* Merge "[GWP-ASan] Enable debuggerd to pull more allocation metadata."Mitch Phillips2022-04-211-2/+8
|\
| * [GWP-ASan] Enable debuggerd to pull more allocation metadata.Mitch Phillips2022-04-141-2/+8
| | | | | | | | | | | | | | | | | | | | | | With the addition of runtime-configurable GWP-ASan, there might be many, many more than 1,000 allocations. Have support for them, but keep a hopefully-won't-crash-the-device limit. Bug: 219651032 Test: atest bionic-unit-tests Change-Id: I7b8e2bf5ab7c723ab6c61365f0dc610e400dbbce
* | Skip debuggerd tests that do not apply to HWASan.Florian Mayer2022-04-151-0/+11
|/ | | | Change-Id: Ieab61dc61e11c3e55f116a45c37ceb805a6212e0
* Update for accurate unreadable elf files.Christopher Ferris2022-03-151-2/+4
| | | | | | | | | | | | | The functionality moved from the Unwinder object to the MapInfo object and means that the individual unreadable files can be displayed now. Included adding the unreadable elfs per thread in the protobuf. Updated the unwinder test. Test: All unit tests pass. Change-Id: I7140bde16938736da005f926e10bbdb3dbc0f6f5
* Dump threads in tombstone fallback path.Christopher Ferris2022-02-161-10/+17
| | | | | | | | | | | | | | | | | | | | | When dumping a tombstone using the fallback path, only the main thread was showing up. Modify the code to dump the threads using a slightly different path for the tombstone generation code. In addition, while looking at this code, two MTE variables were not set in the tombstone fallback code. Added those variables so MTE devices will work properly in this fallback path. Modified the tombstone unit tests for seccomp to have multiple threads and verify those threads show up in the tombstone. Bug: 208933016 Test: Ran unit tests. Test: Ran debuggerd <PID> on a privileged process and verified Test: all threads dumped. Also verified that the tagged_addr_ctrl Test: variable is present on the raven device. Change-Id: I16eadb0cc2c37a7dbc5cac16af9b5051008b5127
* Fix typo.Christopher Ferris2022-01-311-1/+1
| | | | | | | | Change use of new_ to old_ to save the old sigaction data. This hasn't caused any issues, but it's obviously wrong. Test: Ran unit tests on coral. Change-Id: I96be5b0980c323c3aeafb422fbc06202577604a2
* debuggerd: add the PAC keys to the tombstones.Elliott Hughes2022-01-131-0/+14
| | | | | | | | Hard to get otherwise if you're trying to debug PAC issues. Bug: http://b/214314197 Test: treehugger Change-Id: I2e5502809f84579bf287364e59d6e7ff67770919
* Remove non-protobuf path.Christopher Ferris2021-11-191-0/+211
| | | | | | | | | | | | | It is expensive to keep the non-protobuf path around and it hasn't been used for an entire release without anyone noticing, so remove it. Create new end-to-end unit tests that cover tests of the non-proto code paths that are being deleted. Bug: 197981919 Test: Unit tests pass. Change-Id: Ia1c45572300bd63e5f196ad61e5e5386830c8ece
* Merge "Improvements to tombstone output."Treehugger Robot2021-11-121-13/+53
|\
| * Improvements to tombstone output.Peter Collingbourne2021-11-111-13/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Use "likelihood" instead of "probability" since that has connotations of being less precise, and our probability ordering isn't very precise anyway. - Hide the fault address with SEGV_MTEAERR because it is not available. - Pad the fault address with leading zeroes to make it clearer which bits of the top byte (and any following bytes such as PAC signature bits) are set. Bug: 206015287 Change-Id: I5e1e99b7f3e967c44781d8550bbd7158eb421b64
* | Merge "Add a human readable description of the tagged_addr_ctrl value to ↵Peter Collingbourne2021-11-101-1/+2
|\ \ | |/ |/| | | tombstones."
| * Add a human readable description of the tagged_addr_ctrl value to tombstones.Peter Collingbourne2021-11-051-1/+2
| | | | | | | | Change-Id: Ib9860b282cf749891e0f6ef7697669b94235c236
* | Add a test to verify the dex_pc is correct.Christopher Ferris2021-09-151-0/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The libunwindstack code will attempt to dlopen the libdexfile.so when a dex pc is found. Unfortunately, this failed since that library was not properly listed as a runtime library. To make sure this doesn't happen again, add an end to end test that will create a dex pc frame, and will verify the correct dex function name is in that frame. Bug: 199043576 Test: Unit test passes on arm/aarch64/x86/x86_64. Test: Removed the runtime_libs of libdexfile from libunwindstack Test: and verified the new test fails. Change-Id: I3a11f9ee44e06e37a547d193b04f7fbb90ccfe0a
* | Add fault address marker in proto to tombstone.Christopher Ferris2021-08-231-0/+175
|/ | | | | | | | | | | | | | | When the switch was made to dump the tombstone from the protobuf, the fault address marker in the maps section went missing. Re-add that logic and add new unit tests to verify all of the different behaviors. Bug: 193935960 Test: All unit tests pass. Test: All unit tests pass when setprop debug.debuggerd.translate_proto_to_text 0 Test: The above on cuttlefish, 32 bit and 64 bit. Test: The above on a flame, 32 bit and 64 bit. Change-Id: I098bb6ab4bacacae2ca0fc5ec9a73549ed0b9489
* Remove trailing newlines from abort message.Christopher Ferris2021-08-181-0/+38
| | | | | | | | | | | | The tombstone will add a newline after the abort message, so remove any trailing newlines before saving/printing. Bug: 196414062 Test: Unit tests pass. Test: Set system property debug.debuggerd.translate_proto_to_text to 0 test: and unit tests still pass. Change-Id: I0d3dc215eb5d8be93d99e5b9d4f0a14b1d61396d
* Always use main thread pid for manual dumping.Christopher Ferris2021-07-301-0/+26
| | | | | | | | | | | | | | | | | | | | | | | When running debuggerd from the command line, it's possible that the signal will happen on a side thread. The original intercept in tombstoned is set to only handle crashes from the main thread pid, so in this case, the intercept doesn't occur. To fix this, modify the code so that running debuggerd always sends the signal to the main pid. In addition, modify the signal handler is entered due to the BIONIC_SIGNAL_DEBUGGER signal, then the crashing tid is set to the main thread pid instead of the current thread. Add unit test to cover this case. Bug: 194346289 Test: All unit tests pass. Test: Verify the new unit test is getting the signal on the non-main Test: thread and still properly handling the intercept. Test: Modify the debuggerd code to send the signal to the non main pid Test: and verify the dump still occurs correctly. Change-Id: I2dd1bd11fc8ef4a6fe87f05ecc67ae349a101c82
* [MTE] Add a HWASan-style tag dump to tombstones.Mitch Phillips2021-06-281-10/+129
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We already dump the tags in the regigster dump section by appending the tag to the memory address. You only get 2 granules before each register and 13 after. The HWASan-style tag dump is extremely useful for debugging, as it gives a pretty comprehensive overview of the memory subsystem. It also provides enough context bytes (256) to give you a reasonable intuition about a particular bug. The tag dump shows up only if PTRACE_PEEKTAGS returns at least one value in the 256 requested. If the start of end of the region is untagged, it's omitted. The tag dump looks like this: Change-Id: Icc33fb97542d9b1fa3ae9e58aba34d524c6ba7b5 --- Memory tags around the fault address (0x60000704414d340), one tag per 16 bytes: 0x704414d000: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0x704414d100: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0x704414d200: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 =>0x704414d300: 0 0 0 0 [2] 2 0 0 0 0 0 0 0 0 0 0 0x704414d400: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0x704414d500: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0x704414d600: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0x704414d700: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0x704414d800: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0x704414d900: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0x704414da00: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 --- Bug: 183992164 Test: atest debuggerd_test on MTE+QEMU and sunfish. Change-Id: I8d5842e4803ca30b407e866c99eef56f2cb36600
* [MTE] Print cause and alloc/dealloc traces to logcat.Mitch Phillips2021-06-011-37/+68
| | | | | | | | | | | | | | | This information clearly meets the bar for being dumped to logcat. If we omit the info, we may confuse the user into thinking that it's not available at all, especially if it's their first time seeing an MTE report. This also adds some functionality to the integration testing library to pull logcat messages and scan them to make sure the contents are in both places. Bug: 187881237 Test: atest debuggerd_test # on QEMU w/ MTE. Change-Id: Icc17ea45bda7628331cc4812eaad3bc5c949b7a7
* Merge "Run MTE tests on zero-sized allocations."Peter Collingbourne2021-05-141-1/+6
|\
| * Run MTE tests on zero-sized allocations.Peter Collingbourne2021-05-131-1/+6
| | | | | | | | | | Bug: 187879470 Change-Id: I9547f3032af9d1a921f8597a53389d25af33b369
* | Merge "Test that out-of-bounds UAF is not detected with MTE."Peter Collingbourne2021-05-131-0/+32
|\ \
| * | Test that out-of-bounds UAF is not detected with MTE.Peter Collingbourne2021-05-121-0/+32
| |/ | | | | | | | | | | | | | | This type of error is unlikely and attempting to detect it with MTE is likely to produce false positive reports. Make sure that this type of error is not detected by the allocator. Change-Id: I90676d1a031411d6b725890311317802bc24b459
* | Re-add backtrace note about unreadable elf.Christopher Ferris2021-05-031-0/+56
| | | | | | | | | | | | | | | | | | | | | | When moving to the proto-ized tombstones, the note about unreadable elf files in a backtrace got lost. This re-adds it and adds a test to verify that the note properly shows up. Bug: 185428454 Test: Ran unit tests. Change-Id: I1150cc737772e1b79fd73ec5c782caadc4629421
* | Allow another prctl call.Christopher Ferris2021-04-161-1/+1
|/ | | | | | | | | A change was made so that pthread_create is calling prctl(PR_PAC_RESET_KEYS, ...) on aarch64. It's possible that other seccomp policies might need to change to allow this. Test: CrasherTest.seccomp_backtrace passes on aarch64. Change-Id: I9c4d1b3dca5f19a6285bf904bb942f1f52e42bd0
* Merge "Support MTE and GWP-ASan features in proto tombstones."Peter Collingbourne2021-03-191-10/+7
|\
| * Support MTE and GWP-ASan features in proto tombstones.Peter Collingbourne2021-03-161-10/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | Proto tombstones were missing tagged fault addresses, tagged_addr_ctrl, tags in memory dumps and Scudo and GWP-ASan error reports. Since text tombstones now go via protos, all of these features broke when we switched to text tombstones generated from protos by default. Fix the features by adding support for them to the proto format, tombstone_proto and tombstone_proto_to_text. Bug: 135772972 Bug: 182489365 Change-Id: I3ca854546c38755b1f6410a1f6198a44d25ed1c5
* | Merge "[GWP-ASan] Add debuggerd end-to-end tests and remove unique wording."Peter Collingbourne2021-03-191-0/+74
|\ \
| * | [GWP-ASan] Add debuggerd end-to-end tests and remove unique wording.Mitch Phillips2021-03-111-0/+74
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Looks like we unintentionally had a breakage after aosp/1595302, where both GWP-ASan and MTE tests started failing because the extra information wasn't plumbed through the tombstones. MTE has end-to-end tests but aren't run continuously, and GWP-ASan was missing the e2e tests. Also remove some unique wording for GWP-ASan, a UaF on the free'd pointer is now "0 bytes into a 16-byte allocation" instead of "on a 16-byte allocation". The former is more descriptive and is more ubiquitously used in our tooling. This patch adds the E2E tests, but the underlying problem needs to be fixed as well, before this patch can land. Bug: 182489365 Test: atest debuggerd_test Change-Id: I0fe8aba7ea443b3071724987f46b19a6525cda3c
* / debuggerd: prepare to abandon ship^Wgdb.Elliott Hughes2021-03-171-8/+13
|/ | | | | | | | | | | | Talk of "gdb" when we currently mean "gdb or lldb" and will soon mean "lldb" is starting to confuse people. Let's use the more neutral "debugger" in places where it really doesn't matter. The switch from gdbclient.py to lldbclient.py is a change for another day... Test: treehugger Change-Id: If39ca7e1cdf4c8bb9475f1791cdaf201fbea50e0
* Merge "Teach debuggerd to pass the secondary ring buffer to ↵Peter Collingbourne2021-03-111-14/+21
|\ | | | | | | __scudo_get_error_info()."
| * Teach debuggerd to pass the secondary ring buffer to __scudo_get_error_info().Peter Collingbourne2021-02-121-14/+21
| | | | | | | | | | | | | | | | | | | | With this change we can report memory errors involving secondary allocations. Update the existing crasher tests to also test UAF/overflow/underflow on allocations with sizes sufficient to trigger the secondary allocator. Bug: 135772972 Change-Id: Ic8925c1f18621a8f272e26d5630e5d11d6d34d38
* | Merge "Untag addresses in registers before looking up the mapping."Treehugger Robot2021-03-061-3/+3
|\ \
| * | Untag addresses in registers before looking up the mapping.Peter Collingbourne2021-02-051-3/+3
| |/ | | | | | | | | | | | | | | Otherwise we can fail to find map entries for tagged addresses, such as those of heap objects. Bug: 135772972 Change-Id: Ia626b0587c8461eb575b2de5c08562c73ba4a66e
* | Don't hard-code number of tombstones.Christopher Ferris2021-02-181-7/+14
| | | | | | | | | | | | | | | | | | | | On cuttlefish, the number of tombstones allowed is much larger than 50, so change the algorithm to search for any tombstone file. Test: Ran unit tests on cuttlefish with > 50 tombstones. Test: Ran unit tests on device. Change-Id: Ia1d885fe19a7f7751fe3386d40b48750d1e21bd5
* | Fix CrasherTest.smoke in debuggerd_test.Peter Collingbourne2021-02-021-1/+1
|/ | | | | | | | Now that we default to sync MTE in tests, the default tagged_addr_ctrl in this test needs to be updated. Bug: 135772972 Change-Id: I9bf6fb29df9799d1ed8c0d8b66f4d2891f487d80
* Reland protobuf tombstones.Josh Gao2021-01-261-2/+69
| | | | | | | | | | | | | This reverts the following commits: e156ede145a7fc671c705d045d89b49922a758b5. eda96eddcbdda9632166232b2363c7b84da0994d. 5ec54d1e843729cd1e38a2f791f001226a653e95. 1e45d3f2239333217d3252f78151f4294fda4e80. a50f61f8fa903117a6df82d164628de310f16ae9. Test: treehugger Test: atest -c CtsSeccompHostTestCases:android.seccomp.cts.SeccompHostJUnit4DeviceTest#testAppZygoteSyscalls Change-Id: Ic2b1f489ac9f1fec7d7a33c845c29891f4306bbd
* Revert "tombstoned: make it easier to add more types of outputs."Jerome Gaillard2021-01-261-2/+2
| | | | | | | | | | | | | | | | | | Revert "Let crash_dump read /proc/$PID." Revert submission 1556807-tombstone_proto Reason for revert: b/178455196, Broken test: android.seccomp.cts.SeccompHostJUnit4DeviceTest#testAppZygoteSyscalls on git_master on cf_x86_64_phone-userdebug Reverted Changes: Ide6811297:tombstoned: switch from goto to RAII. I8d285c4b4:tombstoned: make it easier to add more types of ou... Id0f0fa285:tombstoned: support for protobuf fds. I6be6082ab:Let crash_dump read /proc/$PID. Id812ca390:Make protobuf vendor_ramdisk_available. Ieeece6e6d:libdebuggerd: add protobuf implementation. Change-Id: Ib2403c1b61f6cf0513b76361440fbc5909d7554a
* Revert "tombstoned: support for protobuf fds."Jerome Gaillard2021-01-261-67/+0
| | | | | | | | | | | | | | | | | | Revert "Let crash_dump read /proc/$PID." Revert submission 1556807-tombstone_proto Reason for revert: b/178455196, Broken test: android.seccomp.cts.SeccompHostJUnit4DeviceTest#testAppZygoteSyscalls on git_master on cf_x86_64_phone-userdebug Reverted Changes: Ide6811297:tombstoned: switch from goto to RAII. I8d285c4b4:tombstoned: make it easier to add more types of ou... Id0f0fa285:tombstoned: support for protobuf fds. I6be6082ab:Let crash_dump read /proc/$PID. Id812ca390:Make protobuf vendor_ramdisk_available. Ieeece6e6d:libdebuggerd: add protobuf implementation. Change-Id: I0c4f3a17e8b06d6c65255388c571ebf11d371dbb
* Merge changes from topic "tombstone_proto"Josh Gao2021-01-251-2/+69
|\ | | | | | | | | | | | | | | * changes: libdebuggerd: add protobuf implementation. tombstoned: support for protobuf fds. tombstoned: make it easier to add more types of outputs. tombstoned: switch from goto to RAII.
| * tombstoned: support for protobuf fds.Josh Gao2021-01-131-0/+67
| | | | | | | | | | Test: debuggerd_test Change-Id: Id0f0fa2856e4b8e57d7dc0e1495134e943b289da
| * tombstoned: make it easier to add more types of outputs.Josh Gao2021-01-131-2/+2
| | | | | | | | | | | | | | While we're at it, switch to unlinkat. Test: debuggerd_test Change-Id: I8d285c4b4e94effa1acb8f69ac3af4ff8c37defb
* | Move debuggerd_test over to mallopt().Elliott Hughes2021-01-151-3/+2
|/ | | | | | Bug: http://b/135772972 Test: treehugger Change-Id: I178f2a753b5608d9e72cee8874524ad4faf701d7
* Remove ANDROID_EXPERIMENTAL_MTE.Peter Collingbourne2021-01-111-12/+12
| | | | | | | | Now that the feature guarded by this flag has landed in Linux 5.10 we no longer need the flag, so we can remove it. Bug: 135772972 Change-Id: I02fa50848cbd0486c23c8a229bb8f1ab5dd5a56f
* Change the android_mallopt(M_SET_HEAP_TAGGING_LEVEL) API.Peter Collingbourne2020-11-181-11/+0
| | | | | | | | | | | | | | | | | | | | | | | | - Make it apply to every thread, and thus remove the restriction that it must be called while the program is single threaded. - Make it change TCF0 itself (on all threads), instead of requiring callers to do it themselves, which can be error prone. And update all of the call sites. Change the implementation of android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) to call android_mallopt(M_SET_HEAP_TAGGING_LEVEL) internally. This avoids crashes during startup that were observed when the two mallopts updated TCF0 unaware of each other. I wouldn't expect there to be any out-of-tree callers at this point, but it's worth noting that the new interface is backwards compatible with the old one because it strictly expands the set of situations in which the API can be used (i.e. situations where there are multiple threads running or where TCF0 hadn't been updated beforehand). Bug: 135772972 Change-Id: I7746707898ff31ef2e0af01c4f55ba90b72bef51
* Fix the expected tagged_addr_ctrl in a test.Peter Collingbourne2020-11-021-1/+1
| | | | | | | | | It turns out that I had originally written the test with a local patch applied that forces TCF0 to SYNC, so it was testing for the wrong tagged_addr_ctrl value. Fix it. Bug: 135772972 Change-Id: Ibb9b25e5f5635372ad5de7825c31d7264ff02590
* Dump the per-thread TAGGED_ADDR_CTRL value if available.Peter Collingbourne2020-09-151-0/+5
| | | | | | | | | | This value indicates whether memory tagging is enabled on a thread, the mode (sync or async) and the set of excluded tags. This information can sometimes be important for understanding an MTE related crash, so include it in the per-thread tombstone output. Bug: 135772972 Change-Id: I25a16e10ac7fbb2b1ab2a961a5279f787039000b
* Include memory tags in memory dump output.Peter Collingbourne2020-07-211-0/+50
| | | | | | | | | | Tags appear in the addresses printed in the memory dump, which seems like a reasonable place to put them because tagged addresses will also appear in other places in the tombstone, such as registers and the fault address. Bug: 135772972 Change-Id: I52da338347ff6b7503cf5ac80763c540695dc061
* Fix dumping of heap memory.Peter Collingbourne2020-07-171-0/+44
| | | | | | | | | | After r.android.com/1288984 we started failing to dump memory contents for heap addresses because the tag started causing any addresses to fail this bounds check. Add an untag_address() call to the bounds check so that the tag is ignored. Bug: 154272452 Change-Id: I3a6d1a078b21871bd93164150a123549f83289f6
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 04:25:36 +0000