mbox series

[Concept,00/35] malloc: Add heap debugging commands and mcheck caller tracking

Message ID 20251210000737.180797-1-sjg@u-boot.org
Headers
Series malloc: Add heap debugging commands and mcheck caller tracking |

Message

Simon Glass Dec. 10, 2025, 12:06 a.m. UTC 
  From: Simon Glass <simon.glass@canonical.com>

This series adds improved heap-debugging capabilities.

As part of this, the recently added backtrace feature is reworked to
avoid itself using malloc(), which makes it difficult for malloc() to
use.

A new 'malloc' command with 'info' and 'dump' subcommands allows
inspecting the heap state at runtime.

The mcheck heap-protection feature is integrated into Kconfig and can be
used to to track caller information for each allocation, showing the
function name and line number.

The caller info can be seen with 'malloc dump', including for freed
chunks where possible.

The 'malloc info' command shows a few more heap statistics:

    => malloc info
    total bytes   = 96 MiB
    in use bytes  = 700.9 KiB
    malloc count  = 1234
    free count    = 567
    realloc count = 89

The 'malloc dump' command walks the heap showing each chunk:

    => malloc dump
    Heap dump: 19a0e000 - 1fa10000
         Address        Size  Status
    ----------------------------------
        19a0e000          10  (chunk header)
        19a0e010          a0        log_init:453 <-board_init_r:774 <-sandbox_flow:
        19a0e0b0       20070        membuf_new:420 <-console_record_init:880 <-boar
        19a2e120         170        membuf_new:420 <-console_record_init:886 <-boar
        19a2e290         150        unflatten_device_tree:299 <-of_live_build:328 <
        19a2e3e0          a0        uclass_get:157 <-device_bind_common:59 <-device
        ...
        19a4b080          70  free  done_word:2489 <-parse_stream_outer:3190 <-pars
        ...

This is useful for debugging memory leaks, understanding allocation
patterns, and tracking down heap corruption issues.

Some additional patches are included to make all this work:
- format_size() for human-readable size formatting
- ut_asserteq_regex() for flexible test assertions
- backtrace_str() for condensed backtrace output

Finally, this series includes a few patches for some of the more obvious
memory leaks (scmi and some test drivers), plus a reduction in truetype
memory allocations and a fix for a watchdog crash with 'ut dm'.


Simon Glass (35):
  watchdog: Unregister cyclic on device removal
  firmware: scmi: Free allocated strings on device removal
  test: dm: Fix memory leaks in test drivers
  test: dm: Fix delta usage in dm_test_devres_free()
  mmc: sandbox: Fix memory leak on probe failure
  video: truetype: Use pre-allocated buffer for glyph rendering
  lib: Add format_size() to format sizes as strings
  test: Add ut_asserteq_regex() for regex pattern matching
  test: Show the required size when console-record overflows
  malloc: Use mcheck.h header instead of local declaration
  malloc: Make mcheck respect REALLOC_ZERO_BYTES_FREES
  backtrace: Use a static buffer in backtrace_ctx for symbols
  backtrace: Add backtrace_str() for condensed backtrace output
  malloc: Fix unused internal_memalign warning with mcheck
  malloc: Add malloc_get_info() to retrieve memory statistics
  malloc: Add a Kconfig option for debugging malloc()
  malloc: Enable stats if UNIT_TEST or MALLOC_DEBUG
  malloc: Add 'malloc' command with 'info' subcommand
  malloc: Add call counters for malloc, free, realloc
  malloc: Add a Kconfig option for heap protection
  malloc: Move mcheck block after includes
  malloc: Fix internal calls and memalign for mcheck
  malloc: Update the valloc functions to use mcheck wrappers
  malloc: Increase the mcheck registry size
  sandbox: Enable mcheck heap protection
  malloc: Remove warning messages during relocation
  malloc: Support storing caller information
  malloc: Add a caller-info parameter to dlmalloc_impl()
  malloc: Add malloc dump command to walk the heap
  malloc: Fix malloc_dump to find mcheck headers in memalign chunks
  malloc: Record caller backtrace for each allocation
  malloc: Skip backtrace when stack is corrupted
  malloc: Show caller info for freed chunks in malloc_dump
  malloc: Print mcheck registry-overflow message only once
  doc: malloc: Document debugging features

 Kconfig                                   |  18 ++
 arch/sandbox/cpu/backtrace.c              |  53 ++--
 arch/sandbox/lib/backtrace.c              |  47 +--
 cmd/Kconfig                               |   9 +
 cmd/Makefile                              |   1 +
 cmd/font.c                                |  30 +-
 cmd/malloc.c                              |  47 +++
 cmd/stackprot_test.c                      |   7 +
 common/Kconfig                            |   1 +
 common/board_f.c                          |   4 +-
 common/console.c                          |  16 +-
 common/dlmalloc.c                         | 366 +++++++++++++++++++---
 common/mcheck_core.inc.h                  |  59 ++--
 common/stackprot.c                        |   6 +
 configs/sandbox_defconfig                 |   5 +-
 doc/develop/malloc.rst                    | 103 +++++-
 doc/develop/tests_writing.rst             |   5 +
 doc/usage/cmd/font.rst                    |  20 +-
 doc/usage/cmd/malloc.rst                  |  83 +++++
 doc/usage/index.rst                       |   1 +
 drivers/firmware/scmi/scmi_agent-uclass.c |  21 ++
 drivers/mmc/sandbox_mmc.c                 |  11 +-
 drivers/video/Kconfig                     |  24 ++
 drivers/video/console_truetype.c          |  59 +++-
 drivers/watchdog/wdt-uclass.c             |  11 +
 include/asm-generic/global_data.h         |  36 +++
 include/backtrace.h                       |  77 ++++-
 include/display_options.h                 |  14 +
 include/malloc.h                          |  58 ++++
 include/mcheck.h                          |   3 +
 include/os.h                              |  22 +-
 include/test/ut.h                         |  29 ++
 lib/Kconfig                               |  16 +
 lib/backtrace.c                           | 135 +++++++-
 lib/display_options.c                     |  34 +-
 test/cmd/Makefile                         |   1 +
 test/cmd/font.c                           |  20 ++
 test/cmd/malloc.c                         |  54 ++++
 test/common/malloc.c                      |   2 +-
 test/dm/core.c                            |   1 +
 test/dm/devres.c                          |  10 +-
 test/dm/test-driver.c                     |   3 +
 test/lib/backtrace.c                      |  50 ++-
 test/lib/test_print.c                     |  14 +
 test/ut.c                                 |  45 ++-
 45 files changed, 1411 insertions(+), 220 deletions(-)
 create mode 100644 cmd/malloc.c
 create mode 100644 doc/usage/cmd/malloc.rst
 create mode 100644 test/cmd/malloc.c