Add leak examples. Update report.

Author: rubidijum

ProjectAnalysisReport.md

@@ -28,6 +28,13 @@ Valgrind setup and dir structure
 
 ##### valgrind memcheck
 
+Alat memcheck pruza mogucnost analize koda u kontekstu bezbednog upravljanja memorijom. Postoji nekoliko kategorija potencijalnih problema sa memorijom. Najbitniji tipovi memorijskih gresaka opisani su ispod:
+
+1) definitely lost - Memorija je alocirana i nikada nije oslobodjena, a pokazivac na tu memoriju je definitivno izgubljen i ne postoji nacin da mu program pristupi.
+2) indirectly lost - Memorijski blok nije direktno izgubljen, ali zavisi od bloka memorije koji jeste izgubljen.
+3) possibly lost - Memorijski blok je alociran, ali Valgrind ne moze da zakljuci da li je izgubljen.
+4) still reachable - Memorjski blok je alociran i neoslobodjen, ali i dalje postoji pokazivac na njega.
+
 Nakon pokretanja memcheck alata nad jednostavnim primerom (`samples/bluetooth/beacon` pokrenut uz pomoc skripte `run_beacon_valgrind.sh`), vidimo da se greske vecinski ticu POSIX podsistema i funkcija koje nisu nuzno deo Zephyr OS-a. Naime, sve funkcije se zavrsavaju pozivom deljene biblioteke kojoj nemamo pristup u izvornom obliku.
 
 ```bash
@@ -180,6 +187,7 @@ Nakon pokretanja memcheck alata nad jednostavnim primerom (`samples/bluetooth/be
 
 ```
 
+Najveci broj bajtova koji su problematicni je `still reachable`. Ovo nije nuzno problem kao sto cemo videti ispod.
 
 U svakom slucaju, probacemo da ispratimo call trace za neke od pronadjenih gresaka u okviru samog Zephyr OS sistema.
 Jos jedno zapazanje je da se `main` funkcija ne smatra kao ulazna tacka za aplikaciju iskompajliranu za izvrsavanje na POSIX platformi. Naime, u fajlu `posix_cheats.h` vidimo da se main funkcija preimenuje u `_posix_zephyr_main` koja odgovara main funkciji u nasem primeru.
@@ -253,6 +261,8 @@ Takodje vidimo da je izbor napravljen zarad osiguravanja pravilnog izvrsavanja n
 
 Poslusacemo savet u vezi koriscenja fajla za ignorisanje valgrind gresaka i pokrenuti analizu ispocetka. Dodajemo opciju `-s` za ukljucivanje supression fajla u `run_beacon_valgrind.sh` skriptu. _Za postizanje prvobitnog izlaza, pokrenuti skriptu bez ove opcije._
 
+Sam suppression fajl navodi pravila za ignorisanje `reachable` i `possible` tipova gresaka koje smo videli u prvobitnom izlazu. Konkretno ignorisu se alokacije koje su nastale pozivima `posix_nex_thread` funkcija izmedju ostalih.
+
 Izlaz iz ovako konfigurisane analize nam govori da su sve prijavljene greske u vezi alokacije bile izazvane konfiguracijom sistema za emulaciju. Pokusacemo i pokretanje aplikacije za babblesim platformu kasnije. Za sad, dobijamo prijavljene greske o koriscenju neinicijalizovane memorije. Nadalje cemo uvek uvlaciti fajl za suppression kako bismo se fokusirali samo na greske koje sama aplikacija moze izazvati.
 
 ```bash
@@ -393,6 +403,38 @@ Izmene u izvornom kodu `userchan.c` date su u patchu `userchan_fix_uninit_access
 ==104210== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
  ```
 
+ Kao dodatak, napravicemo i primere za ostale tipove gresaka sa memorijom uvodjenjem sledecih funkcija:
+
+ ```c
+ typedef struct {
+    char *data;
+} Node;
+
+void leak_indirectly() {
+    Node *node = malloc(sizeof(Node)); // Allocated struct
+    node->data = malloc(50);           // Allocated internal pointer
+
+    // If `node` is lost, `node->data` is also lost (indirectly)
+}
+ ```
+
+
+ ```c
+void possibly_lost() {
+    void *ptr = malloc(100);
+    ptr = ptr - 5;  // Pointer is now shifted
+}
+ ```
+
+ ```c
+ void still_reachable() {
+    static char *global_ptr;
+    global_ptr = malloc(100);
+}
+ ```
+
+Izmena se nalazi u fajlu `memleak_demo_all_leaks.patch`, a rezultati analize su u `valgrind_20250209_195054_all.log`. U rezultujucem fajlu vidimo da se prijavljuju ostali tipovi gresaka TODO(avra): opisati dalje...
+
 ##### valgrind tool2
 
 --- ;

patches/memleak_demo_all_leaks.patch

@@ -0,0 +1,121 @@
+diff --git a/drivers/bluetooth/hci/userchan.c b/drivers/bluetooth/hci/userchan.c
+index 50c3165809d..0c9553b655b 100644
+--- a/drivers/bluetooth/hci/userchan.c
++++ b/drivers/bluetooth/hci/userchan.c
+@@ -58,7 +58,7 @@ static K_KERNEL_STACK_DEFINE(rx_thread_stack,
+ 			     CONFIG_ARCH_POSIX_RECOMMENDED_STACK_SIZE);
+ static struct k_thread rx_thread_data;
+ 
+-static unsigned short bt_dev_index;
++static unsigned short bt_dev_index = 0;
+ 
+ #define TCP_ADDR_BUFF_SIZE 16
+ static bool hci_socket;
+@@ -328,7 +328,8 @@ static int user_chan_open(void)
+ 	int fd;
+ 
+ 	if (hci_socket) {
+-		struct sockaddr_hci addr;
++		struct sockaddr addr;
++		struct sockaddr_hci *hci_addr = (struct sockaddr_hci *)&addr;
+ 
+ 		fd = socket(PF_BLUETOOTH, SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK,
+ 			    BTPROTO_HCI);
+@@ -337,9 +338,12 @@ static int user_chan_open(void)
+ 		}
+ 
+ 		(void)memset(&addr, 0, sizeof(addr));
+-		addr.hci_family = AF_BLUETOOTH;
+-		addr.hci_dev = bt_dev_index;
+-		addr.hci_channel = HCI_CHANNEL_USER;
++		hci_addr->hci_family = AF_BLUETOOTH;
++		hci_addr->hci_dev = bt_dev_index;
++		hci_addr->hci_channel = HCI_CHANNEL_USER;
++
++		// LOG_ERR("sizeof(sockaddr_hci) = %zu\n", sizeof(struct sockaddr_hci));
++		// LOG_ERR("sizeof(sockaddr_rc) = %zu\n", sizeof(struct sockaddr));
+ 
+ 		if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+ 			int err = -errno;
+diff --git a/samples/bluetooth/beacon/prj.conf b/samples/bluetooth/beacon/prj.conf
+index 045c5c5f61d..dad48c73103 100644
+--- a/samples/bluetooth/beacon/prj.conf
++++ b/samples/bluetooth/beacon/prj.conf
+@@ -1,3 +1,5 @@
+ CONFIG_BT=y
+ CONFIG_LOG=y
+ CONFIG_BT_DEVICE_NAME="Test beacon"
++CONFIG_DEBUG=y
++CONFIG_NO_OPTIMIZATIONS=y
+\ No newline at end of file
+diff --git a/samples/bluetooth/beacon/src/main.c b/samples/bluetooth/beacon/src/main.c
+index 484b6e94c8f..cc9a6033f23 100644
+--- a/samples/bluetooth/beacon/src/main.c
++++ b/samples/bluetooth/beacon/src/main.c
+@@ -10,6 +10,8 @@
+ #include <stddef.h>
+ #include <zephyr/sys/printk.h>
+ #include <zephyr/sys/util.h>
++#include <stdlib.h>
++#include <string.h>
+ 
+ #include <zephyr/bluetooth/bluetooth.h>
+ #include <zephyr/bluetooth/hci.h>
+@@ -40,6 +42,43 @@ static const struct bt_data sd[] = {
+ 	BT_DATA(BT_DATA_NAME_COMPLETE, DEVICE_NAME, DEVICE_NAME_LEN),
+ };
+ 
++void mem_leak(){
++	printk("mem_leak()\n");
++	void *ptr = malloc(100);
++}
++
++void use_uninitialized_mem(){
++	printk("use_uninitialized_mem()\n");
++	int *ptr = malloc(sizeof(int));
++	int value = *ptr;
++	free(ptr);
++}
++
++typedef struct {
++    char *data;
++} Node;
++
++void leak_indirectly() {
++    Node *node = malloc(sizeof(Node)); // Allocated struct
++    node->data = malloc(50);           // Allocated internal pointer
++
++    // If `node` is lost, `node->data` is also lost (indirectly)
++}
++
++void possibly_lost() {
++    int *ptr1 = malloc(100); // Allocate memory
++
++    ptr1 += 10; // Overwrite ptr1 with ptr2, losing the original ptr1
++
++    // At this point, the memory allocated for ptr1 is "possibly lost"
++    // because ptr1 no longer points to it
++}
++
++void still_reachable() {
++    static char *global_ptr;
++    global_ptr = malloc(100);
++}
++
+ static void bt_ready(int err)
+ {
+ 	char addr_s[BT_ADDR_LE_STR_LEN];
+@@ -80,6 +119,13 @@ int main(void)
+ 
+ 	printk("Starting Beacon Demo\n");
+ 
++	printk("Calling memleak functions\n");
++	mem_leak();
++	use_uninitialized_mem();
++	leak_indirectly();
++	possibly_lost();
++	still_reachable();
++
+ 	/* Initialize the Bluetooth Subsystem */
+ 	err = bt_enable(bt_ready);
+ 	if (err) {

valgrind/memcheck/memcheck_beacon/valgrind_20250209_195054_all.log

@@ -0,0 +1,75 @@
+==108541== Memcheck, a memory error detector
+==108541== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
+==108541== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
+==108541== Command: ./build/zephyr/zephyr.exe --bt-dev=hci1
+==108541== Parent PID: 108540
+==108541== 
+==108541== 
+==108541== HEAP SUMMARY:
+==108541==     in use at exit: 3,122 bytes in 12 blocks
+==108541==   total heap usage: 24 allocs, 12 frees, 14,636 bytes allocated
+==108541== 
+==108541== 50 bytes in 1 blocks are indirectly lost in loss record 1 of 12
+==108541==    at 0x40436A0: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-x86-linux.so)
+==108541==    by 0x8049988: leak_indirectly (main.c:63)
+==108541==    by 0x8049B0B: _posix_zephyr_main (main.c:125)
+==108541==    by 0x8059292: bg_thread_main (init.c:564)
+==108541==    by 0x804B32F: z_thread_entry (thread_entry.c:48)
+==108541==    by 0x804E560: posix_arch_thread_entry (thread.c:96)
+==108541==    by 0x804EA85: nct_thread_starter (nct.c:366)
+==108541==    by 0x41F4C00: start_thread (pthread_create.c:442)
+==108541==    by 0x428F309: clone (clone.S:107)
+==108541== 
+==108541== 54 (4 direct, 50 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 12
+==108541==    at 0x40436A0: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-x86-linux.so)
+==108541==    by 0x8049978: leak_indirectly (main.c:62)
+==108541==    by 0x8049B0B: _posix_zephyr_main (main.c:125)
+==108541==    by 0x8059292: bg_thread_main (init.c:564)
+==108541==    by 0x804B32F: z_thread_entry (thread_entry.c:48)
+==108541==    by 0x804E560: posix_arch_thread_entry (thread.c:96)
+==108541==    by 0x804EA85: nct_thread_starter (nct.c:366)
+==108541==    by 0x41F4C00: start_thread (pthread_create.c:442)
+==108541==    by 0x428F309: clone (clone.S:107)
+==108541== 
+==108541== 100 bytes in 1 blocks are still reachable in loss record 5 of 12
+==108541==    at 0x40436A0: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-x86-linux.so)
+==108541==    by 0x80499C2: still_reachable (main.c:79)
+==108541==    by 0x8049B15: _posix_zephyr_main (main.c:127)
+==108541==    by 0x8059292: bg_thread_main (init.c:564)
+==108541==    by 0x804B32F: z_thread_entry (thread_entry.c:48)
+==108541==    by 0x804E560: posix_arch_thread_entry (thread.c:96)
+==108541==    by 0x804EA85: nct_thread_starter (nct.c:366)
+==108541==    by 0x41F4C00: start_thread (pthread_create.c:442)
+==108541==    by 0x428F309: clone (clone.S:107)
+==108541== 
+==108541== 100 bytes in 1 blocks are definitely lost in loss record 6 of 12
+==108541==    at 0x40436A0: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-x86-linux.so)
+==108541==    by 0x8049920: mem_leak (main.c:47)
+==108541==    by 0x8049B01: _posix_zephyr_main (main.c:123)
+==108541==    by 0x8059292: bg_thread_main (init.c:564)
+==108541==    by 0x804B32F: z_thread_entry (thread_entry.c:48)
+==108541==    by 0x804E560: posix_arch_thread_entry (thread.c:96)
+==108541==    by 0x804EA85: nct_thread_starter (nct.c:366)
+==108541==    by 0x41F4C00: start_thread (pthread_create.c:442)
+==108541==    by 0x428F309: clone (clone.S:107)
+==108541== 
+==108541== 100 bytes in 1 blocks are definitely lost in loss record 7 of 12
+==108541==    at 0x40436A0: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-x86-linux.so)
+==108541==    by 0x80499A5: possibly_lost (main.c:69)
+==108541==    by 0x8049B10: _posix_zephyr_main (main.c:126)
+==108541==    by 0x8059292: bg_thread_main (init.c:564)
+==108541==    by 0x804B32F: z_thread_entry (thread_entry.c:48)
+==108541==    by 0x804E560: posix_arch_thread_entry (thread.c:96)
+==108541==    by 0x804EA85: nct_thread_starter (nct.c:366)
+==108541==    by 0x41F4C00: start_thread (pthread_create.c:442)
+==108541==    by 0x428F309: clone (clone.S:107)
+==108541== 
+==108541== LEAK SUMMARY:
+==108541==    definitely lost: 204 bytes in 3 blocks
+==108541==    indirectly lost: 50 bytes in 1 blocks
+==108541==      possibly lost: 0 bytes in 0 blocks
+==108541==    still reachable: 100 bytes in 1 blocks
+==108541==         suppressed: 2,768 bytes in 7 blocks
+==108541== 
+==108541== For lists of detected and suppressed errors, rerun with: -s
+==108541== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 4 from 4)

valgrind/memcheck/memcheck_beacon/valgrind_stdout_20250209_195054_all.log

@@ -0,0 +1,13 @@
+WARNING: Using a test - not safe - entropy source
+*** Booting Zephyr OS build v4.0.0-2878-g6f240ef18c11 ***
+Starting Beacon Demo
+Calling memleak functions
+mem_leak()
+use_uninitialized_mem()
+[00:00:00.400,000] <inf> bt_hci_core: Identity: 8C:88:0B:0A:55:94 (public)
+[00:00:00.400,000] <inf> bt_hci_core: HCI: version 5.1 (0x0a) revision 0xdfc6, manufacturer 0x005d
+[00:00:00.400,000] <inf> bt_hci_core: LMP: version 5.1 (0x0a) subver 0xd922
+Bluetooth initialized
+Beacon started, advertising as 8C:88:0B:0A:55:94 (public)
+
+Stopped at 8.920s