| blob | 57d94237c5b8261ac419abf1db90ba2ad8202b52 |
2 //--------------------------------------------------------------------//
3 //--- DHAT: a Dynamic Heap Analysis Tool dh_main.c ---//
4 //--------------------------------------------------------------------//
6 /*
7 This file is part of DHAT, a Valgrind tool for profiling the
8 heap usage of programs.
10 Copyright (C) 2010-2018 Mozilla Foundation
12 This program is free software; you can redistribute it and/or
13 modify it under the terms of the GNU General Public License as
14 published by the Free Software Foundation; either version 2 of the
15 License, or (at your option) any later version.
17 This program is distributed in the hope that it will be useful, but
18 WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 General Public License for more details.
22 You should have received a copy of the GNU General Public License
23 along with this program; if not, see <http://www.gnu.org/licenses/>.
25 The GNU General Public License is contained in the file COPYING.
26 */
28 /* Contributed by Julian Seward <jseward@acm.org> */
47 #define HISTOGRAM_SIZE_LIMIT 1024
49 //------------------------------------------------------------//
50 //--- Globals ---//
51 //------------------------------------------------------------//
53 // Values for the entire run.
57 // Current values. g_curr_blocks and g_curr_bytes are only used with
58 // clo_mode=Heap.
63 // Values at the global max, i.e. when g_curr_bytes peaks.
64 // Only used with clo_mode=Heap.
68 // Time of the global max.
71 // Values for the entire run. Updated each time a block is retired.
72 // Only used with clo_mode=Heap.
76 //------------------------------------------------------------//
77 //--- Command line args ---//
78 //------------------------------------------------------------//
87 {
96 }
99 }
102 {
106 );
107 }
110 {
113 );
114 }
116 //------------------------------------------------------------//
117 //--- an Interval Tree of live blocks ---//
118 //------------------------------------------------------------//
120 /* Tracks information about live blocks. */
121 typedef
123 Addr payload;
124 SizeT req_szB;
127 ULong reads_bytes;
128 ULong writes_bytes;
129 /* Approx histogram, one byte per payload byte. Counts latch up
130 therefore at 0xFFFF. Can be NULL if the block is resized or if
131 the block is larger than HISTOGRAM_SIZE_LIMIT. */
133 }
134 Block;
136 /* May not contain zero-sized blocks. May not contain
137 overlapping blocks. */
140 /* Here's the comparison function. Since the tree is required
141 to contain non-zero sized, non-overlapping blocks, it's good
142 enough to consider any overlap as a match. */
144 {
152 }
154 // 3-entry cache for find_Block_containing
166 {
172 // found at 0
173 stats__n_fBc_cached0++;
175 }
179 // found at 1; swap 0 and 1
183 stats__n_fBc_cached1++;
185 }
189 // found at 2; swap 1 and 2
193 stats__n_fBc_cached2++;
195 }
197 Block fake;
205 stats__n_fBc_notfound++;
207 }
212 // put at the top position
216 stats__n_fBc_uncached++;
218 }
220 // delete a block; asserts if not found. (viz, 'a' must be
221 // known to be present.)
223 {
226 Block fake;
233 }
235 //------------------------------------------------------------//
236 //--- a FM of allocation points (APs) ---//
237 //------------------------------------------------------------//
239 typedef
241 // The program point that we're summarising stats for.
244 // Total number of blocks and bytes allocated by this PP.
245 ULong total_blocks;
246 ULong total_bytes;
248 // The current number of blocks and bytes live for this PP.
249 // Only used with clo_mode=Heap.
250 ULong curr_blocks;
251 ULong curr_bytes;
253 // Values at the PP max, i.e. when this PP's curr_bytes peaks.
254 // Only used with clo_mode=Heap.
258 // Values at the global max.
259 // Only used with clo_mode=Heap.
260 ULong at_tgmax_blocks;
261 ULong at_tgmax_bytes;
263 // Total lifetimes of all blocks allocated by this PP. Includes blocks
264 // explicitly freed and blocks implicitly freed at termination.
265 // Only used with clo_mode=Heap.
266 ULong total_lifetimes_instrs;
268 // Number of blocks freed by this PP. (Only used in assertions.)
269 // Only used with clo_mode=Heap.
270 ULong freed_blocks;
272 // Total number of reads and writes in all blocks allocated
273 // by this PP. Only used with clo_mode=Heap.
274 ULong reads_bytes;
275 ULong writes_bytes;
277 /* Histogram information. We maintain a histogram aggregated for
278 all retiring Blocks allocated by this PP, but only if:
279 - this PP has only ever allocated objects of one size
280 - that size is <= HISTOGRAM_SIZE_LIMIT
281 What we need therefore is a mechanism to see if this PP
282 has only ever allocated blocks of one size.
284 3 states:
285 Unknown because no retirement yet
286 Exactly xsize all retiring blocks are of this size
287 Mixed multiple different sizes seen
289 Only used with clo_mode=Heap.
290 */
292 SizeT xsize;
294 }
295 PPInfo;
297 /* maps ExeContext*'s to PPInfo*'s. Note that the keys must match the
298 .ec field in the values. */
301 // Are we at peak memory? If so, update at_tgmax_blocks and at_tgmax_bytes in
302 // all PPInfos. Note that this is moderately expensive so we avoid calling it
303 // on every allocation.
305 {
309 // It's a peak. (If there are multiple equal peaks we record the latest
310 // one.)
318 }
320 }
321 }
323 /* 'bk' is being introduced (has just been allocated). Find the
324 relevant PPInfo entry for it, or create one, based on the block's
325 allocation EC. Then, update the PPInfo to the extent that we
326 actually can, to reflect the allocation. */
328 {
348 // histo stuff
353 }
354 }
358 // Update global stats and PPInfo stats.
360 g_total_blocks++;
367 g_curr_blocks++;
373 // The use of `>=` rather than `>` means that if there are multiple equal
374 // peaks we record the latest one, like `check_for_peak` does.
382 }
383 }
384 }
386 /* 'bk' is retiring (being freed). Find the relevant PPInfo entry for
387 it, which must already exist. Then, fold info from 'bk' into that
388 entry. 'because_freed' is True if the block is retiring because
389 the client has freed it. If it is False then the block is retiring
390 because the program has finished, in which case we want to skip the
391 updates of the total blocks live etc for this PP, but still fold in
392 the access counts and histo data that have so far accumulated for
393 the block. */
395 {
409 // update stats following this free.
415 // Total bytes is coming down from a possible peak.
418 // Then update global stats.
421 g_curr_blocks--;
424 // Then update PPInfo stats.
431 }
436 // access counts
442 // histo stuff. First, do state transitions for xsize/xsize_tag.
452 // and allocate the histo
457 }
461 //tl_assert(ppi->freed_blocks > 1);
467 // deallocate the histo, if any
471 }
472 }
476 //tl_assert(ppi->freed_blocks > 1);
481 }
483 // See if we can fold the histo data from this block into
484 // the data for the PP.
487 UWord i;
489 // FIXME: do something better in case of overflow of ppi->histo[..]
490 // Right now, at least don't let it overflow/wrap around
493 }
495 }
497 #if 0
500 UWord i;
506 }
507 #endif
508 }
510 /* This handles block resizing. When a block with PP 'ec' has a
511 size change of 'delta', call here to update the PPInfo. */
513 {
531 // Total bytes might be coming down from a possible peak.
533 }
535 // Note: we treat realloc() like malloc() + free() for total counts, i.e. we
536 // increment total_blocks by 1 and increment total_bytes by new_req_szB.
537 //
538 // A reasonable alternative would be to leave total_blocks unchanged and
539 // increment total_bytes by delta (but only if delta is positive). But then
540 // calls to realloc wouldn't be counted towards the total_blocks count,
541 // which is undesirable.
543 // Update global stats and PPInfo stats.
545 g_total_blocks++;
557 // The use of `>=` rather than `>` means that if there are multiple equal
558 // peaks we record the latest one, like `check_for_peak` does.
566 }
567 }
569 //------------------------------------------------------------//
570 //--- update both Block and PPInfos after {m,re}alloc/free ---//
571 //------------------------------------------------------------//
573 static
575 Bool is_zeroed )
576 {
578 SizeT actual_szB;
584 }
586 // Allocate and zero if necessary
591 }
595 }
599 }
601 // Make new Block, add to interval_tree.
609 // Set up histogram array, if the block isn't too large.
614 }
623 }
625 static
627 {
632 }
637 }
640 // assert the block finder is behaving sanely
646 }
654 }
656 }
658 static
660 {
670 }
674 }
676 // Find the old block.
680 }
683 // Assert the block finder is behaving sanely.
689 }
691 // Keeping the histogram alive in any meaningful way across
692 // block resizing is too darn complicated. Just throw it away.
696 }
698 // Actually do the allocation, if necessary.
700 // New size is smaller or same; block not moved.
704 // Update reads/writes for the implicit copy. Even though we didn't
705 // actually do a copy, we act like we did, to match up with the fact
706 // that we treat this as an additional allocation.
713 // New size is bigger; make new block, copy shared contents, free old.
716 // Nb: if realloc fails, NULL is returned but the old block is not
717 // touched. What an awful function.
719 }
725 // Since the block has moved, we need to re-insert it into the
726 // interval tree at the new place. Do this by removing
727 // and re-adding it.
729 // Now 'bk' is no longer in the tree, but the Block itself
730 // is still alive.
732 // Update reads/writes for the copy.
736 // Update the metadata.
741 // And re-add it to the interval tree.
742 Bool present
746 }
749 }
751 //------------------------------------------------------------//
752 //--- malloc() et al replacement wrappers ---//
753 //------------------------------------------------------------//
756 {
758 }
761 {
763 }
766 {
768 }
771 {
773 }
776 {
778 }
781 {
783 }
786 {
788 }
791 {
793 }
796 {
798 }
801 {
803 }
806 {
808 }
811 {
813 }
816 {
819 }
824 }
826 }
828 }
831 {
834 }
838 }
840 //------------------------------------------------------------//
841 //--- memory references ---//
842 //------------------------------------------------------------//
844 static
846 {
853 //VG_(printf)("%lu %lu (size of block %lu)\n", offMin, offMax1, bk->req_szB);
858 }
859 }
863 {
871 }
872 }
876 {
884 }
885 }
887 // Handle reads and writes by syscalls (read == kernel
888 // reads user space, write == kernel writes user space).
889 // Assumes no such read or write spans a heap block
890 // boundary and so we can treat it just as one giant
891 // read or write.
892 static
895 {
908 }
909 }
911 static
913 Addr str)
914 {
919 }
921 static
924 {
936 }
937 }
939 //------------------------------------------------------------//
940 //--- Instrumentation ---//
941 //------------------------------------------------------------//
943 #define binop(_op, _arg1, _arg2) IRExpr_Binop((_op),(_arg1),(_arg2))
944 #define mkexpr(_tmp) IRExpr_RdTmp((_tmp))
945 #define mkU32(_n) IRExpr_Const(IRConst_U32(_n))
946 #define mkU64(_n) IRExpr_Const(IRConst_U64(_n))
947 #define assign(_t, _e) IRStmt_WrTmp((_t), (_e))
949 static
951 {
952 #if defined(VG_BIGENDIAN)
953 # define END Iend_BE
954 #elif defined(VG_LITTLEENDIAN)
955 # define END Iend_LE
956 #else
958 #endif
959 // Add code to increment 'g_curr_instrs' by 'n', like this:
960 // WrTmp(t1, Load64(&g_curr_instrs))
961 // WrTmp(t2, Add64(RdTmp(t1), Const(n)))
962 // Store(&g_curr_instrs, t2)
974 }
976 static
978 Int goff_sp)
979 {
982 }
1002 }
1006 /* Add the helper. */
1012 argv );
1014 /* Generate the guard condition: "(addr - (SP - RZ)) >u N", for
1015 some arbitrary N. If that fails then addr is in the range (SP -
1016 RZ .. SP + N - RZ). If N is smallish (a page?) then we can say
1017 addr is within a page of SP and so can't possibly be a heap
1018 access, and so can be skipped. */
1024 sbOut,
1026 tyAddr == Ity_I32
1029 );
1033 sbOut,
1035 tyAddr == Ity_I32
1038 );
1042 sbOut,
1044 tyAddr == Ity_I32
1047 );
1051 }
1053 static
1060 {
1067 // We increment the instruction count in two places:
1068 // - just before any Ist_Exit statements;
1069 // - just before the IRSB's end.
1070 // In the former case, we zero 'n' and then continue instrumenting.
1074 // Copy verbatim any IR preamble preceding the first IMark
1078 i++;
1079 }
1089 n++;
1091 }
1095 // Add an increment before the Exit statement, then reset 'n'.
1098 }
1100 }
1106 // Note also, endianness info is ignored. I guess
1107 // that's not interesting.
1111 }
1113 }
1122 }
1125 Int dataSize;
1128 /* This dirty helper accesses memory. Collect the details. */
1132 // Large (eg. 28B, 108B, 512B on x86) data-sized
1133 // instructions will be done inaccurately, but they're
1134 // very rare and this avoids errors from hitting more
1135 // than two cache lines in the simulation.
1145 }
1147 }
1150 /* We treat it as a read and a write of the location. I
1151 think that is the same behaviour as it was before IRCAS
1152 was introduced, since prior to that point, the Vex
1153 front ends would translate a lock-prefixed instruction
1154 into a (normal) read followed by a (normal) write. */
1155 Int dataSize;
1167 }
1170 IRType dataTy;
1172 /* LL */
1178 /* SC */
1183 }
1185 }
1189 }
1192 }
1195 // Add an increment before the SB end.
1197 }
1199 }
1201 #undef binop
1202 #undef mkexpr
1203 #undef mkU32
1204 #undef mkU64
1205 #undef assign
1207 //------------------------------------------------------------//
1208 //--- Client requests ---//
1209 //------------------------------------------------------------//
1212 {
1217 }
1221 // Only the ec and req_szB fields are used by intro_Block().
1222 Block bk;
1230 }
1237 }
1239 // Only the ec and req_szB fields are used by intro_Block().
1240 Block bk;
1248 }
1252 Vg_UserMsg,
1255 );
1257 }
1258 }
1260 //------------------------------------------------------------//
1261 //--- Finalisation ---//
1262 //------------------------------------------------------------//
1264 // File format notes.
1265 //
1266 // - The files are JSON, because it's a widely-used format and saves us having
1267 // to write a parser in dh_view.js.
1268 //
1269 // - We use a comma-first style for the generated JSON. Comma-first style
1270 // moves the special case for arrays/objects from the last item to the
1271 // first. This helps in cases where you can't easily tell in advance the
1272 // size of arrays/objects, such as iterating over a WordFM (because
1273 // VG_(sizeFM) is O(n) rather than O(1)), and iterating over stack frames
1274 // using VG_(apply_ExeContext) in combination with an InlIpCursor.
1275 //
1276 // - We use short field names and minimal whitespace to minimize file sizes.
1277 //
1278 // Sample output:
1279 //
1280 // {
1281 // // Version number of the format. Incremented on each
1282 // // backwards-incompatible change. A mandatory integer.
1283 // "dhatFileVersion": 2,
1284 //
1285 // // The invocation mode. A mandatory, free-form string.
1286 // "mode": "heap",
1287 //
1288 // // The verb used before above stack frames, i.e. "<verb> at {". A
1289 // // mandatory string.
1290 // "verb": "Allocated",
1291 //
1292 // // Are block lifetimes recorded? Affects whether some other fields are
1293 // // present. A mandatory boolean.
1294 // "bklt": true,
1295 //
1296 // // Are block accesses recorded? Affects whether some other fields are
1297 // // present. A mandatory boolean.
1298 // "bkacc": true,
1299 //
1300 // // Byte/bytes/blocks-position units. Optional strings. "byte", "bytes",
1301 // // and "blocks" are the values used if these fields are omitted.
1302 // "bu": "byte", "bsu": "bytes", "bksu": "blocks",
1303 //
1304 // // Time units (individual and 1,000,000x). Mandatory strings.
1305 // "tu": "instrs", "Mtu": "Minstr"
1306 //
1307 // // The "short-lived" time threshold, measures in "tu"s.
1308 // // - bklt=true: a mandatory integer.
1309 // // - bklt=false: omitted.
1310 // "tuth": 500,
1311 //
1312 // // The executed command. A mandatory string.
1313 // "cmd": "date",
1314 //
1315 // // The process ID. A mandatory integer.
1316 // "pid": 61129
1317 //
1318 // // The time at the end of execution (t-end). A mandatory integer.
1319 // "te": 350682
1320 //
1321 // // The time of the global max (t-gmax).
1322 // // - bklt=true: a mandatory integer.
1323 // // - bklt=false: omitted.
1324 // "tg": 331312,
1325 //
1326 // // The program points. A mandatory array.
1327 // "pps": [
1328 // {
1329 // // Total bytes and blocks. Mandatory integers.
1330 // "tb": 5, "tbk": 1,
1331 //
1332 // // Total lifetimes of all blocks allocated at this PP.
1333 // // - bklt=true: a mandatory integer.
1334 // // - bklt=false: omitted.
1335 // "tl": 274,
1336 //
1337 // // The maximum bytes and blocks for this PP.
1338 // // - bklt=true: mandatory integers.
1339 // // - bklt=false: omitted.
1340 // "mb": 5, "mbk": 1,
1341 //
1342 // // The bytes and blocks at t-gmax for this PP.
1343 // // - bklt=true: mandatory integers.
1344 // // - bklt=false: omitted.
1345 // "gb": 0, "gbk": 0,
1346 //
1347 // // The bytes and blocks at t-end for this PP.
1348 // // - bklt=true: mandatory integers.
1349 // // - bklt=false: omitted.
1350 // "eb": 0, "ebk": 0,
1351 //
1352 // // The reads and writes of blocks for this PP.
1353 // // - bkacc=true: mandatory integers.
1354 // // - bkacc=false: omitted.
1355 // "rb": 41, "wb": 5,
1356 //
1357 // // The exact accesses of blocks for this PP. Only used when all
1358 // // allocations are the same size and sufficiently small. A negative
1359 // // element indicates run-length encoding of the following integer.
1360 // // E.g. `-3, 4` means "three 4s in a row".
1361 // // - bkacc=true: an optional array of integers.
1362 // // - bkacc=false: omitted.
1363 // "acc": [5, -3, 4, 2],
1364 //
1365 // // Frames. Each element is an index into the "ftbl" array below.
1366 // // - All modes: A mandatory array of integers.
1367 // "fs": [1, 2, 3]
1368 // }
1369 // ],
1370 //
1371 // // Frame table. A mandatory array of strings.
1372 // "ftbl": [
1373 // "[root]",
1374 // "0x4AA1D9F: _nl_normalize_codeset (l10nflist.c:332)",
1375 // "0x4A9B414: _nl_load_locale_from_archive (loadarchive.c:173)",
1376 // "0x4A9A2BE: _nl_find_locale (findlocale.c:153)"
1377 // ]
1378 // }
1382 #define FP(format, args...) ({ VG_(fprintf)(fp, format, ##args); })
1384 // The frame table holds unique frames.
1389 {
1391 }
1394 {
1397 }
1399 // For JSON, we must escape double quote, backslash, and 0x00..0x1f.
1400 //
1401 // Returns the original string if no escaping was required. Returns a pointer
1402 // to a static buffer if escaping was required. Therefore, the return value is
1403 // only valid until the next call to this function.
1405 {
1409 // Do we need any escaping?
1418 }
1419 p++;
1420 }
1424 // No escaping needed.
1426 }
1428 // Escaping needed. (The +1 is for the NUL terminator.) Enlarge buf if
1429 // necessary.
1434 }
1455 }
1456 p++;
1457 }
1461 }
1464 {
1471 // Skip entries in vg_replace_malloc.c (e.g. `malloc`, `calloc`,
1472 // `realloc`, `operator new`) because they're boring and clog up the
1473 // output.
1476 }
1478 // If this description has been seen before, get its number. Otherwise,
1479 // give it a new number and put it in the table.
1484 //const HChar* str = (const HChar*)keyW;
1485 //tl_assert(0 == VG_(strcmp)(buf, str));
1488 // `buf` is a static buffer, we must copy it.
1493 }
1501 };
1504 {
1527 // Simple run-length encoding: when N entries in a row have the same
1528 // value M, we print "-N,M". If there is just one in a row, we just
1529 // print "M". This reduces file size significantly.
1535 // Continue current run.
1536 reps++;
1538 // End of run; print it.
1543 }
1546 }
1547 }
1548 // Print the final run.
1553 }
1556 }
1571 }
1579 }
1582 {
1594 }
1598 // We didn't print any elements. This happens if ppinfo is empty.
1600 }
1603 }
1606 {
1607 // This function does lots of allocations that it doesn't bother to free,
1608 // because execution is almost over anyway.
1612 // Total bytes might be at a possible peak.
1616 // Before printing statistics, we must harvest various stats (such as
1617 // lifetimes and accesses) for all the blocks that are still alive.
1624 }
1627 // Stats.
1631 stats__n_fBc_cached0 + stats__n_fBc_cached1
1632 + stats__n_fBc_cached2
1635 stats__n_fBc_cached0,
1636 stats__n_fBc_cached1);
1638 stats__n_fBc_cached2,
1639 stats__n_fBc_uncached);
1642 }
1643 }
1645 // Create the frame table, and insert the special "[root]" node at index 0.
1649 frame_cmp);
1655 // Setup output filename. Nb: it's important to do this now, i.e. as late
1656 // as possible. If we do it at start-up and the program forks and the
1657 // output file format string contains a %p (pid) specifier, both the parent
1658 // and child will incorrectly write to the same file; this happened in
1659 // 3.3.0.
1669 }
1671 // Write to data file.
1674 // The output mode, block booleans, and byte/block units.
1687 }
1689 // The time units.
1693 }
1695 // The command.
1701 }
1704 // The PID.
1707 // Times.
1713 }
1715 // APs.
1718 // Frame table.
1721 // The frame table maps strings to numbers. We want to print it ordered by
1722 // numbers. So we create an array and fill it in from the frame table, then
1723 // print that.
1732 }
1737 }
1748 }
1750 // Print brief global stats.
1768 }
1770 // Print a how-to-view-the-profile hint.
1781 }
1783 //------------------------------------------------------------//
1784 //--- Initialisation ---//
1785 //------------------------------------------------------------//
1788 {
1793 }
1794 }
1797 {
1806 // Basic functions.
1808 dh_instrument,
1809 dh_fini);
1811 // Needs.
1815 dh_print_usage,
1816 dh_print_debug_usage);
1818 // VG_(needs_sanity_checks) (dh_cheap_sanity_check,
1819 // dh_expensive_sanity_check);
1821 dh___builtin_new,
1822 dh___builtin_new_aligned,
1823 dh___builtin_vec_new,
1824 dh___builtin_vec_new_aligned,
1825 dh_memalign,
1826 dh_calloc,
1827 dh_free,
1828 dh___builtin_delete,
1829 dh___builtin_delete_aligned,
1830 dh___builtin_vec_delete,
1831 dh___builtin_vec_delete_aligned,
1832 dh_realloc,
1833 dh_malloc_usable_size,
1844 interval_tree_Cmp );
1850 }
1854 //--------------------------------------------------------------------//
1855 //--- end dh_main.c ---//
1856 //--------------------------------------------------------------------//