1 /* Copyright (C) 2007-2010 The Android Open Source Project 2 ** 3 ** This software is licensed under the terms of the GNU General Public 4 ** License version 2, as published by the Free Software Foundation, and 5 ** may be copied, distributed, and modified under those terms. 6 ** 7 ** This program is distributed in the hope that it will be useful, 8 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 9 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 ** GNU General Public License for more details. 11 */ 12 13 /* 14 * Contains implementation of memory checking framework in the emulator. 15 */ 16 17 /* This file should compile iff qemu is built with memory checking 18 * configuration turned on. */ 19 #ifndef CONFIG_MEMCHECK 20 #error CONFIG_MEMCHECK is not defined. 21 #endif // CONFIG_MEMCHECK 22 23 #include "qemu-queue.h" 24 #include "qemu_file.h" 25 #include "elff_api.h" 26 #include "memcheck.h" 27 #include "memcheck_proc_management.h" 28 #include "memcheck_util.h" 29 #include "memcheck_logging.h" 30 31 // ============================================================================= 32 // Global data 33 // ============================================================================= 34 35 /* Controls what messages from the guest should be printed to emulator's 36 * stdout. This variable holds a combinations of TRACE_LIBC_XXX flags. */ 37 uint32_t trace_flags = 0; 38 39 /* Global flag, indicating whether or not memchecking has been enabled 40 * for the current emulator session. 1 means that memchecking has been enabled, 41 * 0 means that memchecking has not been enabled. */ 42 int memcheck_enabled = 0; 43 44 /* Global flag, indicating whether or not __ld/__stx_mmu should be instrumented 45 * for checking for access violations. If read / write access violation check 46 * has been disabled by -memcheck flags, there is no need to instrument mmu 47 * routines and waste performance. 48 * 1 means that instrumenting is required, 0 means that instrumenting is not 49 * required. */ 50 int memcheck_instrument_mmu = 0; 51 52 /* Global flag, indicating whether or not memchecker is collecting call stack. 53 * 1 - call stack is being collected, 0 means that stack is not being 54 * collected. */ 55 int memcheck_watch_call_stack = 1; 56 57 // ============================================================================= 58 // Static routines. 59 // ============================================================================= 60 61 /* Prints invalid pointer access violation information. 62 * Param: 63 * proc - Process that caused access violation. 64 * ptr - Pointer that caused access violation. 65 * routine - If 1, access violation has occurred in 'free' routine. 66 * If 2, access violation has occurred in 'realloc' routine. 67 */ 68 static void 69 av_invalid_pointer(ProcDesc* proc, target_ulong ptr, int routine) 70 { 71 if (trace_flags & TRACE_CHECK_INVALID_PTR_ENABLED) { 72 printf("memcheck: Access violation is detected in process %s[pid=%u]:\n" 73 " INVALID POINTER 0x%08X is used in '%s' operation.\n" 74 " Allocation descriptor for this pointer has not been found in the\n" 75 " allocation map for the process. Most likely, this is an attempt\n" 76 " to %s a pointer that has been freed.\n", 77 proc->image_path, proc->pid, ptr, routine == 1 ? "free" : "realloc", 78 routine == 1 ? "free" : "reallocate"); 79 } 80 } 81 82 /* Prints read / write access violation information. 83 * Param: 84 * proc - Process that caused access violation. 85 * desc - Allocation descriptor for the violation. 86 * addr - Address at which vilation has occurred. 87 * data_size - Size of data accessed at the 'addr'. 88 * val - If access violation has occurred at write operation, this parameter 89 * contains value that's being written to 'addr'. For read violation this 90 * parameter is not used. 91 * retaddr - Code address (in TB) where access violation has occurred. 92 * is_read - If 1, access violation has occurred when memory at 'addr' has been 93 * read. If 0, access violation has occurred when memory was written. 94 */ 95 static void 96 av_access_violation(ProcDesc* proc, 97 MallocDescEx* desc, 98 target_ulong addr, 99 uint32_t data_size, 100 uint64_t val, 101 target_ulong retaddr, 102 int is_read) 103 { 104 target_ulong vaddr; 105 Elf_AddressInfo elff_info; 106 ELFF_HANDLE elff_handle = NULL; 107 108 desc->malloc_desc.av_count++; 109 if ((is_read && !(trace_flags & TRACE_CHECK_READ_VIOLATION_ENABLED)) || 110 (!is_read && !(trace_flags & TRACE_CHECK_WRITE_VIOLATION_ENABLED))) { 111 return; 112 } 113 114 /* Convert host address to guest address. */ 115 vaddr = memcheck_tpc_to_gpc(retaddr); 116 printf("memcheck: Access violation is detected in process %s[pid=%u]:\n", 117 proc->image_path, proc->pid); 118 119 /* Obtain routine, filename / line info for the address. */ 120 const MMRangeDesc* rdesc = procdesc_get_range_desc(proc, vaddr); 121 if (rdesc != NULL) { 122 int elff_res; 123 printf(" In module %s at address 0x%08X\n", rdesc->path, vaddr); 124 elff_res = 125 memcheck_get_address_info(vaddr, rdesc, &elff_info, &elff_handle); 126 if (elff_res == 0) { 127 printf(" In routine %s in %s/%s:%u\n", 128 elff_info.routine_name, elff_info.dir_name, 129 elff_info.file_name, elff_info.line_number); 130 if (elff_info.inline_stack != NULL) { 131 const Elf_InlineInfo* inl = elff_info.inline_stack; 132 int index = 0; 133 for (; inl[index].routine_name != NULL; index++) { 134 char align[64]; 135 size_t set_align = 4 + index * 2; 136 if (set_align >= sizeof(align)) { 137 set_align = sizeof(align) -1; 138 } 139 memset(align, ' ', set_align); 140 align[set_align] = '\0'; 141 printf(align); 142 if (inl[index].inlined_in_file == NULL) { 143 printf("inlined to %s in unknown location\n", 144 inl[index].routine_name); 145 } else { 146 printf("inlined to %s in %s/%s:%u\n", 147 inl[index].routine_name, 148 inl[index].inlined_in_file_dir, 149 inl[index].inlined_in_file, 150 inl[index].inlined_at_line); 151 } 152 } 153 } 154 elff_free_pc_address_info(elff_handle, &elff_info); 155 elff_close(elff_handle); 156 } else if (elff_res == 1) { 157 printf(" Unable to obtain routine information. Symbols file is not found.\n"); 158 } else { 159 printf(" Unable to obtain routine information.\n" 160 " Symbols file doesn't contain debugging information for address 0x%08X.\n", 161 mmrangedesc_get_module_offset(rdesc, vaddr)); 162 } 163 } else { 164 printf(" In unknown module at address 0x%08X\n", vaddr); 165 } 166 167 printf(" Process attempts to %s %u bytes %s address 0x%08X\n", 168 is_read ? "read" : "write", data_size, 169 is_read ? "from" : "to", addr); 170 printf(" Accessed range belongs to the %s guarding area of allocated block.\n", 171 addr < (target_ulong)mallocdesc_get_user_ptr(&desc->malloc_desc) ? 172 "prefix" : "suffix"); 173 printf(" Allocation descriptor for this violation:\n"); 174 memcheck_dump_malloc_desc(desc, 1, 0); 175 } 176 177 /* Validates access to a guest address. 178 * Param: 179 * addr - Virtual address in the guest space where memory is accessed. 180 * data_size - Size of the accessed data. 181 * proc_ptr - Upon exit from this routine contains pointer to the process 182 * descriptor for the current process, or NULL, if no such descriptor has 183 * been found. 184 * desc_ptr - Upon exit from this routine contains pointer to the allocation 185 * descriptor matching given address range, or NULL, if allocation 186 * descriptor for the validated memory range has not been found. 187 * Return: 188 * 0 if access to the given guest address range doesn't violate anything, or 189 * 1 if given guest address range doesn't match any entry in the current 190 * process allocation descriptors map, or 191 * -1 if a violation has been detected. 192 */ 193 static int 194 memcheck_common_access_validation(target_ulong addr, 195 uint32_t data_size, 196 ProcDesc** proc_ptr, 197 MallocDescEx** desc_ptr) 198 { 199 MallocDescEx* desc; 200 target_ulong validating_range_end; 201 target_ulong user_range_end; 202 203 ProcDesc* proc = get_current_process(); 204 *proc_ptr = proc; 205 if (proc == NULL) { 206 *desc_ptr = NULL; 207 return 1; 208 } 209 210 desc = procdesc_find_malloc_for_range(proc, addr, data_size); 211 *desc_ptr = desc; 212 if (desc == NULL) { 213 return 1; 214 } 215 216 /* Verify that validating address range doesn't start before the address 217 * available to the user. */ 218 if (addr < mallocdesc_get_user_ptr(&desc->malloc_desc)) { 219 // Stepped on the prefix guarding area. 220 return -1; 221 } 222 223 validating_range_end = addr + data_size; 224 user_range_end = mallocdesc_get_user_alloc_end(&desc->malloc_desc); 225 226 /* Verify that validating address range ends inside the user block. 227 * We may step on the suffix guarding area because of alignment issue. 228 * For example, the application code reads last byte in the allocated block 229 * with something like this: 230 * 231 * char last_byte_value = *(char*)last_byte_address; 232 * 233 * and this code got compiled into something like this: 234 * 235 * mov eax, [last_byte_address]; 236 * mov [last_byte_value], al; 237 * 238 * In this case we will catch a read from the suffix area, even though 239 * there were no errors in the code. So, in order to prevent such "false 240 * negative" alarms, lets "forgive" this violation. 241 * There is one bad thing about this "forgivness" though, as it may very 242 * well be, that in real life some of these "out of bound" bytes will cross 243 * page boundaries, marching into a page that has not been mapped to the 244 * process. 245 */ 246 if (validating_range_end <= user_range_end) { 247 // Validating address range is fully contained inside the user block. 248 return 0; 249 } 250 251 /* Lets see if this AV is caused by an alignment issue.*/ 252 if ((validating_range_end - user_range_end) < data_size) { 253 /* Could be an alignment. */ 254 return 0; 255 } 256 257 return -1; 258 } 259 260 /* Checks if process has allocation descriptors for pages defined by a buffer. 261 * Param: 262 * addr - Starting address of a buffer. 263 * buf_size - Buffer size. 264 * Return: 265 * 1 if process has allocations descriptors for pages defined by a buffer, or 266 * 0 if pages containing given buffer don't have any memory allocations in 267 * them. 268 */ 269 static inline int 270 procdesc_contains_allocs(ProcDesc* proc, target_ulong addr, uint32_t buf_size) { 271 if (proc != NULL) { 272 // Beginning of the page containing last byte in range. 273 const target_ulong end_page = (addr + buf_size - 1) & TARGET_PAGE_MASK; 274 // Adjust beginning of the range to the beginning of the page. 275 addr &= TARGET_PAGE_MASK; 276 // Total size of range to check for descriptors. 277 buf_size = end_page - addr + TARGET_PAGE_SIZE + 1; 278 return procdesc_find_malloc_for_range(proc, addr, buf_size) ? 1 : 0; 279 } else { 280 return 0; 281 } 282 } 283 284 // ============================================================================= 285 // Memchecker API. 286 // ============================================================================= 287 288 void 289 memcheck_init(const char* tracing_flags) 290 { 291 if (*tracing_flags == '0') { 292 // Memchecker is disabled. 293 return; 294 } else if (*tracing_flags == '1') { 295 // Set default tracing. 296 trace_flags = TRACE_CHECK_LEAK_ENABLED | 297 TRACE_CHECK_READ_VIOLATION_ENABLED | 298 TRACE_CHECK_INVALID_PTR_ENABLED | 299 TRACE_CHECK_WRITE_VIOLATION_ENABLED; 300 } 301 302 // Parse -memcheck option params, converting them into tracing flags. 303 while (*tracing_flags) { 304 switch (*tracing_flags) { 305 case 'A': 306 // Enable all emulator's tracing messages. 307 trace_flags |= TRACE_ALL_ENABLED; 308 break; 309 case 'F': 310 // Enable fork() tracing. 311 trace_flags |= TRACE_PROC_FORK_ENABLED; 312 break; 313 case 'S': 314 // Enable guest process staring tracing. 315 trace_flags |= TRACE_PROC_START_ENABLED; 316 break; 317 case 'E': 318 // Enable guest process exiting tracing. 319 trace_flags |= TRACE_PROC_EXIT_ENABLED; 320 break; 321 case 'C': 322 // Enable clone() tracing. 323 trace_flags |= TRACE_PROC_CLONE_ENABLED; 324 break; 325 case 'N': 326 // Enable new PID allocation tracing. 327 trace_flags |= TRACE_PROC_NEW_PID_ENABLED; 328 break; 329 case 'B': 330 // Enable libc.so initialization tracing. 331 trace_flags |= TRACE_PROC_LIBC_INIT_ENABLED; 332 break; 333 case 'L': 334 // Enable memory leaks tracing. 335 trace_flags |= TRACE_CHECK_LEAK_ENABLED; 336 break; 337 case 'I': 338 // Enable invalid free / realloc pointer tracing. 339 trace_flags |= TRACE_CHECK_INVALID_PTR_ENABLED; 340 break; 341 case 'R': 342 // Enable reading violations tracing. 343 trace_flags |= TRACE_CHECK_READ_VIOLATION_ENABLED; 344 break; 345 case 'W': 346 // Enable writing violations tracing. 347 trace_flags |= TRACE_CHECK_WRITE_VIOLATION_ENABLED; 348 break; 349 case 'M': 350 // Enable module mapping tracing. 351 trace_flags |= TRACE_PROC_MMAP_ENABLED; 352 break; 353 default: 354 break; 355 } 356 if (trace_flags == TRACE_ALL_ENABLED) { 357 break; 358 } 359 tracing_flags++; 360 } 361 362 /* Lets see if we need to instrument MMU, injecting memory access checking. 363 * We instrument MMU only if we monitor read, or write memory access. */ 364 if (trace_flags & (TRACE_CHECK_READ_VIOLATION_ENABLED | 365 TRACE_CHECK_WRITE_VIOLATION_ENABLED)) { 366 memcheck_instrument_mmu = 1; 367 } else { 368 memcheck_instrument_mmu = 0; 369 } 370 371 memcheck_init_proc_management(); 372 373 /* Lets check env. variables needed for memory checking. */ 374 if (getenv("ANDROID_PROJECT_OUT") == NULL) { 375 printf("memcheck: Missing ANDROID_PROJECT_OUT environment variable, that is used\n" 376 "to calculate path to symbol files.\n"); 377 } 378 379 // Always set this flag at the very end of the initialization! 380 memcheck_enabled = 1; 381 } 382 383 void 384 memcheck_guest_libc_initialized(uint32_t pid) 385 { 386 ProcDesc* proc = get_process_from_pid(pid); 387 if (proc == NULL) { 388 ME("memcheck: Unable to obtain process for libc_init pid=%u", pid); 389 return; 390 } 391 proc->flags |= PROC_FLAG_LIBC_INITIALIZED; 392 393 /* When process initializes its own libc.so instance, it means that now 394 * it has fresh heap. So, at this point we must get rid of all entries 395 * (inherited and transition) that were collected in this process' 396 * allocation descriptors map. */ 397 procdesc_empty_alloc_map(proc); 398 T(PROC_LIBC_INIT, "memcheck: libc.so has been initialized for %s[pid=%u]\n", 399 proc->image_path, proc->pid); 400 } 401 402 void 403 memcheck_guest_alloc(target_ulong guest_address) 404 { 405 MallocDescEx desc; 406 MallocDescEx replaced; 407 RBTMapResult insert_res; 408 ProcDesc* proc; 409 ThreadDesc* thread; 410 uint32_t indx; 411 412 // Copy allocation descriptor from guest to emulator. 413 memcheck_get_malloc_descriptor(&desc.malloc_desc, guest_address); 414 desc.flags = 0; 415 desc.call_stack = NULL; 416 desc.call_stack_count = 0; 417 418 proc = get_process_from_pid(desc.malloc_desc.allocator_pid); 419 if (proc == NULL) { 420 ME("memcheck: Unable to obtain process for allocation pid=%u", 421 desc.malloc_desc.allocator_pid); 422 memcheck_fail_alloc(guest_address); 423 return; 424 } 425 426 if (!procdesc_is_executing(proc)) { 427 desc.flags |= MDESC_FLAG_TRANSITION_ENTRY; 428 } 429 430 /* Copy thread's calling stack to the allocation descriptor. */ 431 thread = get_current_thread(); 432 desc.call_stack_count = thread->call_stack_count; 433 if (desc.call_stack_count) { 434 desc.call_stack = qemu_malloc(desc.call_stack_count * sizeof(target_ulong)); 435 if (desc.call_stack == NULL) { 436 ME("memcheck: Unable to allocate %u bytes for the calling stack", 437 desc.call_stack_count * sizeof(target_ulong)); 438 return; 439 } 440 } 441 442 /* Thread's calling stack is in descending order (i.e. first entry in the 443 * thread's stack is the most distant routine from the current one). On the 444 * other hand, we keep calling stack entries in allocation descriptor in 445 * assending order. */ 446 for (indx = 0; indx < thread->call_stack_count; indx++) { 447 desc.call_stack[indx] = 448 thread->call_stack[thread->call_stack_count - 1 - indx].call_address; 449 } 450 451 // Save malloc descriptor in the map. 452 insert_res = procdesc_add_malloc(proc, &desc, &replaced); 453 if (insert_res == RBT_MAP_RESULT_ENTRY_INSERTED) { 454 // Invalidate TLB cache for the allocated block. 455 if (memcheck_instrument_mmu) { 456 invalidate_tlb_cache(desc.malloc_desc.ptr, 457 mallocdesc_get_alloc_end(&desc.malloc_desc)); 458 } 459 } else if (insert_res == RBT_MAP_RESULT_ENTRY_REPLACED) { 460 /* We don't expect to have another entry in the map that matches 461 * inserting entry. This is an error condition for us, indicating 462 * that we somehow lost track of memory allocations. */ 463 ME("memcheck: Duplicate allocation blocks:"); 464 if (VERBOSE_CHECK(memcheck)) { 465 printf(" New block:\n"); 466 memcheck_dump_malloc_desc(&desc, 1, 1); 467 printf(" Replaced block:\n"); 468 memcheck_dump_malloc_desc(&replaced, 1, 1); 469 } 470 if (replaced.call_stack != NULL) { 471 qemu_free(replaced.call_stack); 472 } 473 } else { 474 ME("memcheck: Unable to insert an entry to the allocation map:"); 475 if (VERBOSE_CHECK(memcheck)) { 476 memcheck_dump_malloc_desc(&desc, 1, 1); 477 } 478 memcheck_fail_alloc(guest_address); 479 return; 480 } 481 } 482 483 void 484 memcheck_guest_free(target_ulong guest_address) 485 { 486 MallocFree desc; 487 MallocDescEx pulled; 488 int pull_res; 489 ProcDesc* proc; 490 491 // Copy free descriptor from guest to emulator. 492 memcheck_get_free_descriptor(&desc, guest_address); 493 494 proc = get_process_from_pid(desc.free_pid); 495 if (proc == NULL) { 496 ME("memcheck: Unable to obtain process for pid=%u on free", 497 desc.free_pid); 498 memcheck_fail_free(guest_address); 499 return; 500 } 501 502 // Pull matching entry from the map. 503 pull_res = procdesc_pull_malloc(proc, desc.ptr, &pulled); 504 if (pull_res) { 505 av_invalid_pointer(proc, desc.ptr, 1); 506 memcheck_fail_free(guest_address); 507 return; 508 } 509 510 // Make sure that ptr has expected value 511 if (desc.ptr != mallocdesc_get_user_ptr(&pulled.malloc_desc)) { 512 if (trace_flags & TRACE_CHECK_INVALID_PTR_ENABLED) { 513 printf("memcheck: Access violation is detected in process %s[pid=%u]:\n", 514 proc->image_path, proc->pid); 515 printf(" INVALID POINTER 0x%08X is used in 'free' operation.\n" 516 " This pointer is unexpected for 'free' operation, as allocation\n" 517 " descriptor found for this pointer in the process' allocation map\n" 518 " suggests that 0x%08X is the pointer to be used to free this block.\n" 519 " Allocation descriptor matching the pointer:\n", 520 desc.ptr, 521 (uint32_t)mallocdesc_get_user_ptr(&pulled.malloc_desc)); 522 memcheck_dump_malloc_desc(&pulled, 1, 0); 523 } 524 } 525 if (pulled.call_stack != NULL) { 526 qemu_free(pulled.call_stack); 527 } 528 } 529 530 void 531 memcheck_guest_query_malloc(target_ulong guest_address) 532 { 533 MallocDescQuery qdesc; 534 MallocDescEx* found; 535 ProcDesc* proc; 536 537 // Copy free descriptor from guest to emulator. 538 memcheck_get_query_descriptor(&qdesc, guest_address); 539 540 proc = get_process_from_pid(qdesc.query_pid); 541 if (proc == NULL) { 542 ME("memcheck: Unable to obtain process for pid=%u on query_%s", 543 qdesc.query_pid, qdesc.routine == 1 ? "free" : "realloc"); 544 memcheck_fail_query(guest_address); 545 return; 546 } 547 548 // Find allocation entry for the given address. 549 found = procdesc_find_malloc(proc, qdesc.ptr); 550 if (found == NULL) { 551 av_invalid_pointer(proc, qdesc.ptr, qdesc.routine); 552 memcheck_fail_query(guest_address); 553 return; 554 } 555 556 // Copy allocation descriptor back to the guest's space. 557 memcheck_set_malloc_descriptor(qdesc.desc, &found->malloc_desc); 558 } 559 560 void 561 memcheck_guest_print_str(target_ulong str) { 562 char str_copy[4096]; 563 memcheck_get_guest_string(str_copy, str, sizeof(str_copy)); 564 printf(str_copy); 565 } 566 567 /* Validates read operations, detected in __ldx_mmu routine. 568 * This routine is called from __ldx_mmu wrapper implemented in 569 * softmmu_template.h on condition that loading is occurring from user memory. 570 * Param: 571 * addr - Virtual address in the guest space where memory is read. 572 * data_size - Size of the read. 573 * retaddr - Code address (in TB) that accesses memory. 574 * Return: 575 * 1 if TLB record for the accessed page should be invalidated in order to 576 * ensure that subsequent attempts to access data in this page will cause 577 * __ld/stx_mmu to be used. If memchecker is no longer interested in monitoring 578 * access to this page, this routine returns 0. 579 */ 580 int 581 memcheck_validate_ld(target_ulong addr, 582 uint32_t data_size, 583 target_ulong retaddr) 584 { 585 ProcDesc* proc; 586 MallocDescEx* desc; 587 588 int res = memcheck_common_access_validation(addr, data_size, &proc, &desc); 589 if (res == -1) { 590 av_access_violation(proc, desc, addr, data_size, 0, retaddr, 1); 591 return 1; 592 } 593 594 /* Even though descriptor for the given address range has not been found, 595 * we need to make sure that pages containing the given address range 596 * don't contain other descriptors. */ 597 return res ? procdesc_contains_allocs(proc, addr, data_size) : 0; 598 } 599 600 /* Validates write operations, detected in __stx_mmu routine. 601 * This routine is called from __stx_mmu wrapper implemented in 602 * softmmu_template.h on condition that storing is occurring from user memory. 603 * Param: 604 * addr - Virtual address in the guest space where memory is written. 605 * data_size - Size of the write. 606 * value - Value to be written. Note that we typecast all values to 64 bits, 607 * since this will fit all data sizes. 608 * retaddr - Code address (in TB) that accesses memory. 609 * Return: 610 * 1 if TLB record for the accessed page should be invalidated in order to 611 * ensure that subsequent attempts to access data in this page will cause 612 * __ld/stx_mmu to be used. If memchecker is no longer interested in monitoring 613 * access to this page, this routine returns 0. 614 */ 615 int 616 memcheck_validate_st(target_ulong addr, 617 uint32_t data_size, 618 uint64_t value, 619 target_ulong retaddr) 620 { 621 MallocDescEx* desc; 622 ProcDesc* proc; 623 624 int res = memcheck_common_access_validation(addr, data_size, &proc, &desc); 625 if (res == -1) { 626 av_access_violation(proc, desc, addr, data_size, value, retaddr, 0); 627 return 1; 628 } 629 630 /* Even though descriptor for the given address range has not been found, 631 * we need to make sure that pages containing the given address range 632 * don't contain other descriptors. */ 633 return res ? procdesc_contains_allocs(proc, addr, data_size) : 0; 634 } 635 636 /* Checks if given address range in the context of the current process is under 637 * surveillance. 638 * Param: 639 * addr - Starting address of a range. 640 * size - Range size. 641 * Return: 642 * boolean: 1 if address range contains memory that require access violation 643 * detection, or 0 if given address range is in no interest to the memchecker. 644 */ 645 int 646 memcheck_is_checked(target_ulong addr, uint32_t size) { 647 return procdesc_contains_allocs(get_current_process(), addr, size) ? 1 : 0; 648 } 649
