search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update V8 to version 4.6.61.
[chromium-blink-merge.git] / tools / valgrind / memcheck_analyze.py
bloba5c78c144dec1f88901050aac9281bcaebab3227
1 #!/usr/bin/env python
2 # Copyright (c) 2011 The Chromium Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file.
5
6 # memcheck_analyze.py
7
8 ''' Given a valgrind XML file, parses errors and uniques them.'''
9
10 import gdb_helper
11
12 from collections import defaultdict
13 import hashlib
14 import logging
15 import optparse
16 import os
17 import re
18 import subprocess
19 import sys
20 import time
21 from xml.dom.minidom import parse
22 from xml.parsers.expat import ExpatError
23
24 import common
25
26 # Global symbol table (yuck)
27 TheAddressTable = None
28
29 # These are regexps that define functions (using C++ mangled names)
30 # we don't want to see in stack traces while pretty printing
31 # or generating suppressions.
32 # Just stop printing the stack/suppression frames when the current one
33 # matches any of these.
34 _BORING_CALLERS = common.BoringCallers(mangled=True, use_re_wildcards=True)
35
36 def getTextOf(top_node, name):
37 ''' Returns all text in all DOM nodes with a certain |name| that are children
38 of |top_node|.
39 '''
40
41 text = ""
42 for nodes_named in top_node.getElementsByTagName(name):
43 text += "".join([node.data for node in nodes_named.childNodes
44 if node.nodeType == node.TEXT_NODE])
45 return text
46
47 def getCDATAOf(top_node, name):
48 ''' Returns all CDATA in all DOM nodes with a certain |name| that are children
49 of |top_node|.
50 '''
51
52 text = ""
53 for nodes_named in top_node.getElementsByTagName(name):
54 text += "".join([node.data for node in nodes_named.childNodes
55 if node.nodeType == node.CDATA_SECTION_NODE])
56 if (text == ""):
57 return None
58 return text
59
60 def shortenFilePath(source_dir, directory):
61 '''Returns a string with the string prefix |source_dir| removed from
62 |directory|.'''
63 prefixes_to_cut = ["build/src/", "valgrind/coregrind/", "out/Release/../../"]
64
65 if source_dir:
66 prefixes_to_cut.append(source_dir)
67
68 for p in prefixes_to_cut:
69 index = directory.rfind(p)
70 if index != -1:
71 directory = directory[index + len(p):]
72
73 return directory
74
75 # Constants that give real names to the abbreviations in valgrind XML output.
76 INSTRUCTION_POINTER = "ip"
77 OBJECT_FILE = "obj"
78 FUNCTION_NAME = "fn"
79 SRC_FILE_DIR = "dir"
80 SRC_FILE_NAME = "file"
81 SRC_LINE = "line"
82
83 def gatherFrames(node, source_dir):
84 frames = []
85 for frame in node.getElementsByTagName("frame"):
86 frame_dict = {
87 INSTRUCTION_POINTER : getTextOf(frame, INSTRUCTION_POINTER),
88 OBJECT_FILE : getTextOf(frame, OBJECT_FILE),
89 FUNCTION_NAME : getTextOf(frame, FUNCTION_NAME),
90 SRC_FILE_DIR : shortenFilePath(
91 source_dir, getTextOf(frame, SRC_FILE_DIR)),
92 SRC_FILE_NAME : getTextOf(frame, SRC_FILE_NAME),
93 SRC_LINE : getTextOf(frame, SRC_LINE)
94 }
95
96 # Ignore this frame and all the following if it's a "boring" function.
97 enough_frames = False
98 for regexp in _BORING_CALLERS:
99 if re.match("^%s$" % regexp, frame_dict[FUNCTION_NAME]):
100 enough_frames = True
101 break
102 if enough_frames:
103 break
104
105 frames += [frame_dict]
106
107 global TheAddressTable
108 if TheAddressTable != None and frame_dict[SRC_LINE] == "":
109 # Try using gdb
110 TheAddressTable.Add(frame_dict[OBJECT_FILE],
111 frame_dict[INSTRUCTION_POINTER])
112 return frames
113
114 class ValgrindError:
115 ''' Takes a <DOM Element: error> node and reads all the data from it. A
116 ValgrindError is immutable and is hashed on its pretty printed output.
117 '''
118
119 def __init__(self, source_dir, error_node, commandline, testcase):
120 ''' Copies all the relevant information out of the DOM and into object
121 properties.
122
123 Args:
124 error_node: The <error></error> DOM node we're extracting from.
125 source_dir: Prefix that should be stripped from the <dir> node.
126 commandline: The command that was run under valgrind
127 testcase: The test case name, if known.
128 '''
129
130 # Valgrind errors contain one <what><stack> pair, plus an optional
131 # <auxwhat><stack> pair, plus an optional <origin><what><stack></origin>,
132 # plus (since 3.5.0) a <suppression></suppression> pair.
133 # (Origin is nicely enclosed; too bad the other two aren't.)
134 # The most common way to see all three in one report is
135 # a syscall with a parameter that points to uninitialized memory, e.g.
136 # Format:
137 # <error>
138 # <unique>0x6d</unique>
139 # <tid>1</tid>
140 # <kind>SyscallParam</kind>
141 # <what>Syscall param write(buf) points to uninitialised byte(s)</what>
142 # <stack>
143 # <frame>
144 # ...
145 # </frame>
146 # </stack>
147 # <auxwhat>Address 0x5c9af4f is 7 bytes inside a block of ...</auxwhat>
148 # <stack>
149 # <frame>
150 # ...
151 # </frame>
152 # </stack>
153 # <origin>
154 # <what>Uninitialised value was created by a heap allocation</what>
155 # <stack>
156 # <frame>
157 # ...
158 # </frame>
159 # </stack>
160 # </origin>
161 # <suppression>
162 # <sname>insert_a_suppression_name_here</sname>
163 # <skind>Memcheck:Param</skind>
164 # <skaux>write(buf)</skaux>
165 # <sframe> <fun>__write_nocancel</fun> </sframe>
166 # ...
167 # <sframe> <fun>main</fun> </sframe>
168 # <rawtext>
169 # <![CDATA[
170 # {
171 # <insert_a_suppression_name_here>
172 # Memcheck:Param
173 # write(buf)
174 # fun:__write_nocancel
175 # ...
176 # fun:main
177 # }
178 # ]]>
179 # </rawtext>
180 # </suppression>
181 # </error>
182 #
183 # Each frame looks like this:
184 # <frame>
185 # <ip>0x83751BC</ip>
186 # <obj>/data/dkegel/chrome-build/src/out/Release/base_unittests</obj>
187 # <fn>_ZN7testing8internal12TestInfoImpl7RunTestEPNS_8TestInfoE</fn>
188 # <dir>/data/dkegel/chrome-build/src/testing/gtest/src</dir>
189 # <file>gtest-internal-inl.h</file>
190 # <line>655</line>
191 # </frame>
192 # although the dir, file, and line elements are missing if there is
193 # no debug info.
194
195 self._kind = getTextOf(error_node, "kind")
196 self._backtraces = []
197 self._suppression = None
198 self._commandline = commandline
199 self._testcase = testcase
200 self._additional = []
201
202 # Iterate through the nodes, parsing <what|auxwhat><stack> pairs.
203 description = None
204 for node in error_node.childNodes:
205 if node.localName == "what" or node.localName == "auxwhat":
206 description = "".join([n.data for n in node.childNodes
207 if n.nodeType == n.TEXT_NODE])
208 elif node.localName == "xwhat":
209 description = getTextOf(node, "text")
210 elif node.localName == "stack":
211 assert description
212 self._backtraces.append([description, gatherFrames(node, source_dir)])
213 description = None
214 elif node.localName == "origin":
215 description = getTextOf(node, "what")
216 stack = node.getElementsByTagName("stack")[0]
217 frames = gatherFrames(stack, source_dir)
218 self._backtraces.append([description, frames])
219 description = None
220 stack = None
221 frames = None
222 elif description and node.localName != None:
223 # The lastest description has no stack, e.g. "Address 0x28 is unknown"
224 self._additional.append(description)
225 description = None
226
227 if node.localName == "suppression":
228 self._suppression = getCDATAOf(node, "rawtext");
229
230 def __str__(self):
231 ''' Pretty print the type and backtrace(s) of this specific error,
232 including suppression (which is just a mangled backtrace).'''
233 output = ""
234 output += "\n" # Make sure the ### is at the beginning of line.
235 output += "### BEGIN MEMORY TOOL REPORT (error hash=#%016X#)\n" % \
236 self.ErrorHash()
237 if (self._commandline):
238 output += self._commandline + "\n"
239
240 output += self._kind + "\n"
241 for backtrace in self._backtraces:
242 output += backtrace[0] + "\n"
243 filter = subprocess.Popen("c++filt -n", stdin=subprocess.PIPE,
244 stdout=subprocess.PIPE,
245 stderr=subprocess.STDOUT,
246 shell=True,
247 close_fds=True)
248 buf = ""
249 for frame in backtrace[1]:
250 buf += (frame[FUNCTION_NAME] or frame[INSTRUCTION_POINTER]) + "\n"
251 (stdoutbuf, stderrbuf) = filter.communicate(buf.encode('latin-1'))
252 demangled_names = stdoutbuf.split("\n")
253
254 i = 0
255 for frame in backtrace[1]:
256 output += (" " + demangled_names[i])
257 i = i + 1
258
259 global TheAddressTable
260 if TheAddressTable != None and frame[SRC_FILE_DIR] == "":
261 # Try using gdb
262 foo = TheAddressTable.GetFileLine(frame[OBJECT_FILE],
263 frame[INSTRUCTION_POINTER])
264 if foo[0] != None:
265 output += (" (" + foo[0] + ":" + foo[1] + ")")
266 elif frame[SRC_FILE_DIR] != "":
267 output += (" (" + frame[SRC_FILE_DIR] + "/" + frame[SRC_FILE_NAME] +
268 ":" + frame[SRC_LINE] + ")")
269 else:
270 output += " (" + frame[OBJECT_FILE] + ")"
271 output += "\n"
272
273 for additional in self._additional:
274 output += additional + "\n"
275
276 assert self._suppression != None, "Your Valgrind doesn't generate " \
277 "suppressions - is it too old?"
278
279 if self._testcase:
280 output += "The report came from the `%s` test.\n" % self._testcase
281 output += "Suppression (error hash=#%016X#):\n" % self.ErrorHash()
282 output += (" For more info on using suppressions see "
283 "http://dev.chromium.org/developers/tree-sheriffs/sheriff-details-chromium/memory-sheriff#TOC-Suppressing-memory-reports")
284
285 # Widen suppression slightly to make portable between mac and linux
286 # TODO(timurrrr): Oops, these transformations should happen
287 # BEFORE calculating the hash!
288 supp = self._suppression;
289 supp = supp.replace("fun:_Znwj", "fun:_Znw*")
290 supp = supp.replace("fun:_Znwm", "fun:_Znw*")
291 supp = supp.replace("fun:_Znaj", "fun:_Zna*")
292 supp = supp.replace("fun:_Znam", "fun:_Zna*")
293
294 # Make suppressions even less platform-dependent.
295 for sz in [1, 2, 4, 8]:
296 supp = supp.replace("Memcheck:Addr%d" % sz, "Memcheck:Unaddressable")
297 supp = supp.replace("Memcheck:Value%d" % sz, "Memcheck:Uninitialized")
298 supp = supp.replace("Memcheck:Cond", "Memcheck:Uninitialized")
299
300 # Split into lines so we can enforce length limits
301 supplines = supp.split("\n")
302 supp = None # to avoid re-use
303
304 # Truncate at line 26 (VG_MAX_SUPP_CALLERS plus 2 for name and type)
305 # or at the first 'boring' caller.
306 # (https://bugs.kde.org/show_bug.cgi?id=199468 proposes raising
307 # VG_MAX_SUPP_CALLERS, but we're probably fine with it as is.)
308 newlen = min(26, len(supplines));
309
310 # Drop boring frames and all the following.
311 enough_frames = False
312 for frameno in range(newlen):
313 for boring_caller in _BORING_CALLERS:
314 if re.match("^ +fun:%s$" % boring_caller, supplines[frameno]):
315 newlen = frameno
316 enough_frames = True
317 break
318 if enough_frames:
319 break
320 if (len(supplines) > newlen):
321 supplines = supplines[0:newlen]
322 supplines.append("}")
323
324 for frame in range(len(supplines)):
325 # Replace the always-changing anonymous namespace prefix with "*".
326 m = re.match("( +fun:)_ZN.*_GLOBAL__N_.*\.cc_" +
327 "[0-9a-fA-F]{8}_[0-9a-fA-F]{8}(.*)",
328 supplines[frame])
329 if m:
330 supplines[frame] = "*".join(m.groups())
331
332 output += "\n".join(supplines) + "\n"
333 output += "### END MEMORY TOOL REPORT (error hash=#%016X#)\n" % \
334 self.ErrorHash()
335
336 return output
337
338 def UniqueString(self):
339 ''' String to use for object identity. Don't print this, use str(obj)
340 instead.'''
341 rep = self._kind + " "
342 for backtrace in self._backtraces:
343 for frame in backtrace[1]:
344 rep += frame[FUNCTION_NAME]
345
346 if frame[SRC_FILE_DIR] != "":
347 rep += frame[SRC_FILE_DIR] + "/" + frame[SRC_FILE_NAME]
348 else:
349 rep += frame[OBJECT_FILE]
350
351 return rep
352
353 # This is a device-independent hash identifying the suppression.
354 # By printing out this hash we can find duplicate reports between tests and
355 # different shards running on multiple buildbots
356 def ErrorHash(self):
357 return int(hashlib.md5(self.UniqueString()).hexdigest()[:16], 16)
358
359 def __hash__(self):
360 return hash(self.UniqueString())
361 def __eq__(self, rhs):
362 return self.UniqueString() == rhs
363
364 def log_is_finished(f, force_finish):
365 f.seek(0)
366 prev_line = ""
367 while True:
368 line = f.readline()
369 if line == "":
370 if not force_finish:
371 return False
372 # Okay, the log is not finished but we can make it up to be parseable:
373 if prev_line.strip() in ["</error>", "</errorcounts>", "</status>"]:
374 f.write("</valgrindoutput>\n")
375 return True
376 return False
377 if '</valgrindoutput>' in line:
378 # Valgrind often has garbage after </valgrindoutput> upon crash.
379 f.truncate()
380 return True
381 prev_line = line
382
383 class MemcheckAnalyzer:
384 ''' Given a set of Valgrind XML files, parse all the errors out of them,
385 unique them and output the results.'''
386
387 SANITY_TEST_SUPPRESSIONS = {
388 "Memcheck sanity test 01 (memory leak).": 1,
389 "Memcheck sanity test 02 (malloc/read left).": 1,
390 "Memcheck sanity test 03 (malloc/read right).": 1,
391 "Memcheck sanity test 04 (malloc/write left).": 1,
392 "Memcheck sanity test 05 (malloc/write right).": 1,
393 "Memcheck sanity test 06 (new/read left).": 1,
394 "Memcheck sanity test 07 (new/read right).": 1,
395 "Memcheck sanity test 08 (new/write left).": 1,
396 "Memcheck sanity test 09 (new/write right).": 1,
397 "Memcheck sanity test 10 (write after free).": 1,
398 "Memcheck sanity test 11 (write after delete).": 1,
399 "Memcheck sanity test 12 (array deleted without []).": 1,
400 "Memcheck sanity test 13 (single element deleted with []).": 1,
401 "Memcheck sanity test 14 (malloc/read uninit).": 1,
402 "Memcheck sanity test 15 (new/read uninit).": 1,
403 }
404
405 # Max time to wait for memcheck logs to complete.
406 LOG_COMPLETION_TIMEOUT = 180.0
407
408 def __init__(self, source_dir, show_all_leaks=False, use_gdb=False):
409 '''Create a parser for Memcheck logs.
410
411 Args:
412 source_dir: Path to top of source tree for this build
413 show_all_leaks: Whether to show even less important leaks
414 use_gdb: Whether to use gdb to resolve source filenames and line numbers
415 in the report stacktraces
416 '''
417 self._source_dir = source_dir
418 self._show_all_leaks = show_all_leaks
419 self._use_gdb = use_gdb
420
421 # Contains the set of unique errors
422 self._errors = set()
423
424 # Contains the time when the we started analyzing the first log file.
425 # This variable is used to skip incomplete logs after some timeout.
426 self._analyze_start_time = None
427
428
429 def Report(self, files, testcase, check_sanity=False):
430 '''Reads in a set of files and prints Memcheck report.
431
432 Args:
433 files: A list of filenames.
434 check_sanity: if true, search for SANITY_TEST_SUPPRESSIONS
435 '''
436 # Beyond the detailed errors parsed by ValgrindError above,
437 # the xml file contain records describing suppressions that were used:
438 # <suppcounts>
439 # <pair>
440 # <count>28</count>
441 # <name>pango_font_leak_todo</name>
442 # </pair>
443 # <pair>
444 # <count>378</count>
445 # <name>bug_13243</name>
446 # </pair>
447 # </suppcounts
448 # Collect these and print them at the end.
449 #
450 # With our patch for https://bugs.kde.org/show_bug.cgi?id=205000 in,
451 # the file also includes records of the form
452 # <load_obj><obj>/usr/lib/libgcc_s.1.dylib</obj><ip>0x27000</ip></load_obj>
453 # giving the filename and load address of each binary that was mapped
454 # into the process.
455
456 global TheAddressTable
457 if self._use_gdb:
458 TheAddressTable = gdb_helper.AddressTable()
459 else:
460 TheAddressTable = None
461 cur_report_errors = set()
462 suppcounts = defaultdict(int)
463 badfiles = set()
464
465 if self._analyze_start_time == None:
466 self._analyze_start_time = time.time()
467 start_time = self._analyze_start_time
468
469 parse_failed = False
470 for file in files:
471 # Wait up to three minutes for valgrind to finish writing all files,
472 # but after that, just skip incomplete files and warn.
473 f = open(file, "r+")
474 pid = re.match(".*\.([0-9]+)$", file)
475 if pid:
476 pid = pid.groups()[0]
477 found = False
478 running = True
479 firstrun = True
480 skip = False
481 origsize = os.path.getsize(file)
482 while (running and not found and not skip and
483 (firstrun or
484 ((time.time() - start_time) < self.LOG_COMPLETION_TIMEOUT))):
485 firstrun = False
486 f.seek(0)
487 if pid:
488 # Make sure the process is still running so we don't wait for
489 # 3 minutes if it was killed. See http://crbug.com/17453
490 ps_out = subprocess.Popen("ps p %s" % pid, shell=True,
491 stdout=subprocess.PIPE).stdout
492 if len(ps_out.readlines()) < 2:
493 running = False
494 else:
495 skip = True
496 running = False
497 found = log_is_finished(f, False)
498 if not running and not found:
499 logging.warn("Valgrind process PID = %s is not running but its "
500 "XML log has not been finished correctly.\n"
501 "Make it up by adding some closing tags manually." % pid)
502 found = log_is_finished(f, not running)
503 if running and not found:
504 time.sleep(1)
505 f.close()
506 if not found:
507 badfiles.add(file)
508 else:
509 newsize = os.path.getsize(file)
510 if origsize > newsize+1:
511 logging.warn(str(origsize - newsize) +
512 " bytes of junk were after </valgrindoutput> in %s!" %
513 file)
514 try:
515 parsed_file = parse(file);
516 except ExpatError, e:
517 parse_failed = True
518 logging.warn("could not parse %s: %s" % (file, e))
519 lineno = e.lineno - 1
520 context_lines = 5
521 context_start = max(0, lineno - context_lines)
522 context_end = lineno + context_lines + 1
523 context_file = open(file, "r")
524 for i in range(0, context_start):
525 context_file.readline()
526 for i in range(context_start, context_end):
527 context_data = context_file.readline().rstrip()
528 if i != lineno:
529 logging.warn(" %s" % context_data)
530 else:
531 logging.warn("> %s" % context_data)
532 context_file.close()
533 continue
534 if TheAddressTable != None:
535 load_objs = parsed_file.getElementsByTagName("load_obj")
536 for load_obj in load_objs:
537 obj = getTextOf(load_obj, "obj")
538 ip = getTextOf(load_obj, "ip")
539 TheAddressTable.AddBinaryAt(obj, ip)
540
541 commandline = None
542 preamble = parsed_file.getElementsByTagName("preamble")[0];
543 for node in preamble.getElementsByTagName("line"):
544 if node.localName == "line":
545 for x in node.childNodes:
546 if x.nodeType == node.TEXT_NODE and "Command" in x.data:
547 commandline = x.data
548 break
549
550 raw_errors = parsed_file.getElementsByTagName("error")
551 for raw_error in raw_errors:
552 # Ignore "possible" leaks for now by default.
553 if (self._show_all_leaks or
554 getTextOf(raw_error, "kind") != "Leak_PossiblyLost"):
555 error = ValgrindError(self._source_dir,
556 raw_error, commandline, testcase)
557 if error not in cur_report_errors:
558 # We haven't seen such errors doing this report yet...
559 if error in self._errors:
560 # ... but we saw it in earlier reports, e.g. previous UI test
561 cur_report_errors.add("This error was already printed in "
562 "some other test, see 'hash=#%016X#'" % \
563 error.ErrorHash())
564 else:
565 # ... and we haven't seen it in other tests as well
566 self._errors.add(error)
567 cur_report_errors.add(error)
568
569 suppcountlist = parsed_file.getElementsByTagName("suppcounts")
570 if len(suppcountlist) > 0:
571 suppcountlist = suppcountlist[0]
572 for node in suppcountlist.getElementsByTagName("pair"):
573 count = getTextOf(node, "count");
574 name = getTextOf(node, "name");
575 suppcounts[name] += int(count)
576
577 if len(badfiles) > 0:
578 logging.warn("valgrind didn't finish writing %d files?!" % len(badfiles))
579 for file in badfiles:
580 logging.warn("Last 20 lines of %s :" % file)
581 os.system("tail -n 20 '%s' 1>&2" % file)
582
583 if parse_failed:
584 logging.error("FAIL! Couldn't parse Valgrind output file")
585 return -2
586
587 common.PrintUsedSuppressionsList(suppcounts)
588
589 retcode = 0
590 if cur_report_errors:
591 logging.error("FAIL! There were %s errors: " % len(cur_report_errors))
592
593 if TheAddressTable != None:
594 TheAddressTable.ResolveAll()
595
596 for error in cur_report_errors:
597 logging.error(error)
598
599 retcode = -1
600
601 # Report tool's insanity even if there were errors.
602 if check_sanity:
603 remaining_sanity_supp = MemcheckAnalyzer.SANITY_TEST_SUPPRESSIONS
604 for (name, count) in suppcounts.iteritems():
605 # Workaround for http://crbug.com/334074
606 if (name in remaining_sanity_supp and
607 remaining_sanity_supp[name] <= count):
608 del remaining_sanity_supp[name]
609 if remaining_sanity_supp:
610 logging.error("FAIL! Sanity check failed!")
611 logging.info("The following test errors were not handled: ")
612 for (name, count) in remaining_sanity_supp.iteritems():
613 logging.info(" * %dx %s" % (count, name))
614 retcode = -3
615
616 if retcode != 0:
617 return retcode
618
619 logging.info("PASS! No errors found!")
620 return 0
621
622
623 def _main():
624 '''For testing only. The MemcheckAnalyzer class should be imported instead.'''
625 parser = optparse.OptionParser("usage: %prog [options] <files to analyze>")
626 parser.add_option("", "--source-dir",
627 help="path to top of source tree for this build"
628 "(used to normalize source paths in baseline)")
629
630 (options, args) = parser.parse_args()
631 if len(args) == 0:
632 parser.error("no filename specified")
633 filenames = args
634
635 analyzer = MemcheckAnalyzer(options.source_dir, use_gdb=True)
636 return analyzer.Report(filenames, None)
637
638
639 if __name__ == "__main__":
640 sys.exit(_main())