Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bpf-tools: Add new feature(doublefree)
doublefree tool can detect double free on user space Usage: doublefree [OPTION...] Detect and report double free error. Either -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report example: $ ~/test/doublefree_generator & [1] 48310 $ sudo ./doublefree -p 48310 Warn: Is this process alive? pid: 48310 Found double free... Allocation happended on: stack_id: 50292 iovisor#1 0x0055b302c34219 foo iovisor#2 0x0055b302c341d0 main iovisor#3 0x007f5d6379dd90 __libc_init_first First deallocation happended on: stack_id: 57265 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c341ea main iovisor#3 0x007f5d6379dd90 __libc_init_first Second deallocation happended on: stack_id: 2974 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c342eb baz iovisor#3 0x0055b302c34200 main iovisor#4 0x007f5d6379dd90 __libc_init_first Source code of test program: $ cat Makefile OBJ = doublefree_generator.o foobar.o baz.o TARGET = doublefree_generator all: clean $(TARGET) $(TARGET): $(OBJ) gcc -o $@ $^ %.o: %.c gcc -c $< -o $@ clean: rm -f $(OBJ) $(TARGET) $ cat doublefree_generator.c \#include <unistd.h> \#include "foobar.h" \#include "baz.h" int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; baz(val); return 0; } $ cat foobar.h \#include <stdio.h> int* foo(); void bar(int* p); $ cat foobar.c \#include <stdlib.h> \#include "foobar.h" int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { printf("bar: %p\n", p); free(p); } $ cat baz.h \#include <stdio.h> void baz(int* p); $ cat baz.c \#include <stdlib.h> \#include <stdbool.h> \#include "baz.h" void func(int* p) { while (true) { if (p != NULL) { printf("free %d\n", *p); free(p); break; } } } void baz(int* p) { printf("baz: %p\n", p); printf("bazz: %d\n", *p); func(p); }
- Loading branch information