1Native Memory Tracking using libc Callbacks
2-------------------------------------------
3Malloc debug can be used to get information on all of the live allocations
4in a process. The libc library in Android exports two calls that can be
5used to gather this data from a process. This tracking can be enabled using
6either the backtrace option or the backtrace\_enabled\_on\_signal option.
7
8The function to gather the data:
9
10`extern "C" void get_malloc_leak_info(uint8_t** info, size_t* overall_size, size_t* info_size, size_t* total_memory, size_t* backtrace_size);`
11
12*info* is set to a buffer allocated by the call that contains all of
13the allocation information.
14*overall\_size* is set to the total size of the buffer returned. If this
15*info\_size*
16value is zero, then there are no allocation being tracked.
17*total\_memory* is set to the sum of all allocation sizes that are live at
18the point of the function call. This does not include the memory allocated
19by the malloc debug library itself.
20*backtrace\_size* is set to the maximum number of backtrace entries
21that are present for each allocation.
22
23In order to free the buffer allocated by the function, call:
24
25`extern "C" void free_malloc_leak_info(uint8_t* info);`
26
27### Format of info Buffer
28    size_t size_of_original_allocation
29    size_t num_allocations
30    uintptr_t pc1
31    uintptr_t pc2
32    uintptr_t pc3
33    .
34    .
35    .
36
37The number of *uintptr\_t* values is determined by the value
38*backtrace\_size* as returned by the original call to
39*get\_malloc\_leak\_info*. This value is not variable, it is the same
40for all the returned data. The value
41*num\_allocations* contains the total number of allocations with the same
42backtrace and size as this allocation. On Android Nougat, this value was
43incorrectly set to the number of frames in the backtrace.
44Each *uintptr\_t* is a pc of the callstack. If the total number
45of backtrace entries is less than *backtrace\_size*, the rest of the
46entries are zero.
47The calls from within the malloc debug library are automatically removed.
48
49For 32 bit systems, *size\_t* and *uintptr\_t* are both 4 byte values.
50
51For 64 bit systems, *size\_t* and *uintptr\_t* are both 8 byte values.
52
53The total number of these structures returned in *info* is
54*overall\_size* divided by *info\_size*.
55
56Note, the size value in each allocation data structure will have bit 31 set
57if this allocation was created in a process forked from the Zygote process.
58This helps to distinguish between native allocations created by the application.
59