| blob | 5264c973420bfb5a6aabc9f50862a2baba639aa1 |
1 /*
2 * qsp.c - QEMU Synchronization Profiler
3 *
4 * Copyright (C) 2018, Emilio G. Cota <cota@braap.org>
5 *
6 * License: GNU GPL, version 2 or later.
7 * See the COPYING file in the top-level directory.
8 *
9 * QSP profiles the time spent in synchronization primitives, which can
10 * help diagnose performance problems, e.g. scalability issues when
11 * contention is high.
12 *
13 * The primitives currently supported are mutexes, recursive mutexes and
14 * condition variables. Note that not all related functions are intercepted;
15 * instead we profile only those functions that can have a performance impact,
16 * either due to blocking (e.g. cond_wait, mutex_lock) or cache line
17 * contention (e.g. mutex_lock, mutex_trylock).
18 *
19 * QSP's design focuses on speed and scalability. This is achieved
20 * by having threads do their profiling entirely on thread-local data.
21 * The appropriate thread-local data is found via a QHT, i.e. a concurrent hash
22 * table. To aggregate data in order to generate a report, we iterate over
23 * all entries in the hash table. Depending on the number of threads and
24 * synchronization objects this might be expensive, but note that it is
25 * very rarely called -- reports are generated only when requested by users.
26 *
27 * Reports are generated as a table where each row represents a call site. A
28 * call site is the triplet formed by the __file__ and __LINE__ of the caller
29 * as well as the address of the "object" (i.e. mutex, rec. mutex or condvar)
30 * being operated on. Optionally, call sites that operate on different objects
31 * of the same type can be coalesced, which can be particularly useful when
32 * profiling dynamically-allocated objects.
33 *
34 * Alternative designs considered:
35 *
36 * - Use an off-the-shelf profiler such as mutrace. This is not a viable option
37 * for us because QEMU has __malloc_hook set (by one of the libraries it
38 * uses); leaving this hook unset is required to avoid deadlock in mutrace.
39 *
40 * - Use a glib HT for each thread, protecting each HT with its own lock.
41 * This isn't simpler than the current design, and is 10% slower in the
42 * atomic_add-bench microbenchmark (-m option).
43 *
44 * - For reports, just use a binary tree as we aggregate data, instead of having
45 * an intermediate hash table. This would simplify the code only slightly, but
46 * would perform badly if there were many threads and objects to track.
47 *
48 * - Wrap operations on qsp entries with RCU read-side critical sections, so
49 * that qsp_reset() can delete entries. Unfortunately, the overhead of calling
50 * rcu_read_lock/unlock slows down atomic_add-bench -m by 24%. Having
51 * a snapshot that is updated on qsp_reset() avoids this overhead.
52 *
53 * Related Work:
54 * - Lennart Poettering's mutrace: http://0pointer.de/blog/projects/mutrace.html
55 * - Lozi, David, Thomas, Lawall and Muller. "Remote Core Locking: Migrating
56 * Critical-Section Execution to Improve the Performance of Multithreaded
57 * Applications", USENIX ATC'12.
58 */
69 QSP_MUTEX,
70 QSP_BQL_MUTEX,
71 QSP_REC_MUTEX,
72 QSP_CONDVAR,
73 };
80 };
89 };
95 };
98 /* initial sizing for hash tables */
99 #define QSP_INITIAL_SIZE 64
101 /* If this file is moved, QSP_REL_PATH should be updated accordingly */
104 /* this file's full path. Used to present all call sites with relative paths */
107 /* the address of qsp_thread gives us a unique 'thread ID' */
110 /*
111 * Call sites are the same for all threads, so we track them in a separate hash
112 * table to save memory.
113 */
125 };
131 QemuRecMutexTrylockFunc qemu_rec_mutex_trylock_func =
132 qemu_rec_mutex_trylock_impl;
135 /*
136 * It pays off to _not_ hash callsite->file; hashing a string is slow, and
137 * without it we still get a pretty unique hash.
138 */
141 {
147 }
151 {
153 }
156 {
158 }
161 {
163 }
166 {
168 }
170 /* without the objects we need to hash the file name to get a decent hash */
172 {
179 }
182 {
191 }
194 {
202 }
205 {
210 }
213 {
218 }
221 {
227 }
229 /*
230 * Normally we'd call this from a constructor function, but we want it to work
231 * via libutil as well.
232 */
234 {
235 /* make sure this file's path in the tree is up to date with QSP_REL_PATH */
243 }
246 {
253 }
254 }
255 }
257 /* qsp_init() must be called from _all_ exported functions */
259 {
262 }
264 }
267 {
282 }
283 }
285 }
289 {
301 }
303 }
307 {
313 }
315 }
317 /*
318 * Note: Entries are never removed, so callers do not have to be in an RCU
319 * read-side critical section.
320 */
323 {
324 QSPCallSite callsite = {
329 };
330 QSPEntry orig;
340 }
342 /*
343 * @e is in the global hash table; it is only written to by the current thread,
344 * so we write to it atomically (as in "write once") to prevent torn reads.
345 */
347 {
351 }
352 }
355 {
357 }
359 #define QSP_GEN_VOID(type_, qsp_t_, func_, impl_) \
360 static void func_(type_ *obj, const char *file, int line) \
361 { \
362 QSPEntry *e; \
363 int64_t t0, t1; \
364 \
365 t0 = get_clock(); \
366 impl_(obj, file, line); \
367 t1 = get_clock(); \
368 \
369 e = qsp_entry_get(obj, file, line, qsp_t_); \
370 qsp_entry_record(e, t1 - t0); \
371 }
373 #define QSP_GEN_RET1(type_, qsp_t_, func_, impl_) \
374 static int func_(type_ *obj, const char *file, int line) \
375 { \
376 QSPEntry *e; \
377 int64_t t0, t1; \
378 int err; \
379 \
380 t0 = get_clock(); \
381 err = impl_(obj, file, line); \
382 t1 = get_clock(); \
383 \
384 e = qsp_entry_get(obj, file, line, qsp_t_); \
385 do_qsp_entry_record(e, t1 - t0, !err); \
386 return err; \
387 }
394 qemu_rec_mutex_lock_impl)
396 qemu_rec_mutex_trylock_impl)
398 #undef QSP_GEN_RET1
399 #undef QSP_GEN_VOID
401 static void
403 {
413 }
416 {
418 }
421 {
428 }
431 {
438 }
441 {
454 }
457 {
465 }
467 }
470 }
474 /* Break the tie with the object's address */
482 /* same obj. Break the tie with the callsite's file */
486 }
487 /* same callsite file. Break the tie with the callsite's line */
494 /* break the tie with the callsite's type */
496 }
497 }
498 }
501 {
506 }
509 {
517 /*
518 * The entry is in the global hash table; read from it atomically (as in
519 * "read once").
520 */
523 }
526 {
532 /* entries are never deleted, so we must have this one */
534 /* our reading of the stats happened after the snapshot was taken */
541 /* No point in reporting an empty entry */
547 }
548 }
551 {
553 }
556 {
569 }
572 }
575 {
577 }
580 {
585 /*
586 * First, see if there's a prior snapshot, so that we read the global hash
587 * table _after_ the snapshot has been created, which guarantees that
588 * the entries we'll read will be a superset of the snapshot's entries.
589 *
590 * We must remain in an RCU read-side critical section until we're done
591 * with the snapshot.
592 */
596 /* Aggregate all results from the global hash table into a local one */
601 /* compute the difference wrt the snapshot, if any */
604 }
605 /* done with the snapshot; RCU can reclaim it */
614 /* free the previous hash table, and point htp to coalesce_ht */
618 }
620 /* sort the hash table elements by using a tree */
623 /* free the hash table, but keep the elements (those are in the tree now) */
625 }
627 /* free string with g_free */
629 {
633 /* remove the absolute path to qemu */
638 }
641 }
651 };
658 };
662 {
669 }
681 }
684 {
692 /* find out the maximum length of all 'callsite' fields */
699 }
700 }
703 /* white space to leave to the right of "Call site" */
709 /* build a horizontal rule with dashes */
725 }
732 }
736 }
739 {
746 }
748 }
752 {
754 QSPReport rep;
768 }
771 {
775 }
778 {
787 /* take a snapshot of the current state */
790 /* replace the previous snapshot, if any */
794 }
795 }