| blob | 24d1c2768b3de3e1fb3e00861b42c215eff7dd8b |
2 //--------------------------------------------------------------------//
3 //--- DHAT: a Dynamic Heap Analysis Tool dh_main.c ---//
4 //--------------------------------------------------------------------//
6 /*
7 This file is part of DHAT, a Valgrind tool for profiling the
8 heap usage of programs.
10 Copyright (C) 2010-2018 Mozilla Foundation
12 This program is free software; you can redistribute it and/or
13 modify it under the terms of the GNU General Public License as
14 published by the Free Software Foundation; either version 2 of the
15 License, or (at your option) any later version.
17 This program is distributed in the hope that it will be useful, but
18 WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 General Public License for more details.
22 You should have received a copy of the GNU General Public License
23 along with this program; if not, see <http://www.gnu.org/licenses/>.
25 The GNU General Public License is contained in the file COPYING.
26 */
28 /* Contributed by Julian Seward <jseward@acm.org> */
47 #define HISTOGRAM_SIZE_LIMIT 1024
48 #define USER_HISTOGRAM_SIZE_LIMIT 25*HISTOGRAM_SIZE_LIMIT
50 //------------------------------------------------------------//
51 //--- Globals ---//
52 //------------------------------------------------------------//
54 // Values for the entire run.
58 // Current values. g_curr_blocks and g_curr_bytes are only used with
59 // clo_mode=Heap.
64 // Values at the global max, i.e. when g_curr_bytes peaks.
65 // Only used with clo_mode=Heap.
69 // Time of the global max.
72 // Values for the entire run. Updated each time a block is retired.
73 // Only used with clo_mode=Heap.
77 //------------------------------------------------------------//
78 //--- Command line args ---//
79 //------------------------------------------------------------//
88 {
97 }
100 }
103 {
107 );
108 }
111 {
114 );
115 }
117 //------------------------------------------------------------//
118 //--- an Interval Tree of live blocks ---//
119 //------------------------------------------------------------//
121 /* Tracks information about live blocks. */
122 typedef
124 Addr payload;
125 SizeT req_szB;
128 ULong reads_bytes;
129 ULong writes_bytes;
130 /* Approx histogram, one byte per payload byte. Counts latch up
131 therefore at 0xFFFF. Can be NULL if the block is resized or if
132 the block is larger than HISTOGRAM_SIZE_LIMIT. */
134 }
135 Block;
137 /* May not contain zero-sized blocks. May not contain
138 overlapping blocks. */
141 /* Here's the comparison function. Since the tree is required
142 to contain non-zero sized, non-overlapping blocks, it's good
143 enough to consider any overlap as a match. */
145 {
153 }
155 // 3-entry cache for find_Block_containing
167 {
173 // found at 0
174 stats__n_fBc_cached0++;
176 }
180 // found at 1; swap 0 and 1
184 stats__n_fBc_cached1++;
186 }
190 // found at 2; swap 1 and 2
194 stats__n_fBc_cached2++;
196 }
198 Block fake;
206 stats__n_fBc_notfound++;
208 }
213 // put at the top position
217 stats__n_fBc_uncached++;
219 }
221 // delete a block; asserts if not found. (viz, 'a' must be
222 // known to be present.)
224 {
227 Block fake;
234 }
236 //------------------------------------------------------------//
237 //--- a FM of allocation points (APs) ---//
238 //------------------------------------------------------------//
240 typedef
242 // The program point that we're summarising stats for.
245 // Total number of blocks and bytes allocated by this PP.
246 ULong total_blocks;
247 ULong total_bytes;
249 // The current number of blocks and bytes live for this PP.
250 // Only used with clo_mode=Heap.
251 ULong curr_blocks;
252 ULong curr_bytes;
254 // Values at the PP max, i.e. when this PP's curr_bytes peaks.
255 // Only used with clo_mode=Heap.
259 // Values at the global max.
260 // Only used with clo_mode=Heap.
261 ULong at_tgmax_blocks;
262 ULong at_tgmax_bytes;
264 // Total lifetimes of all blocks allocated by this PP. Includes blocks
265 // explicitly freed and blocks implicitly freed at termination.
266 // Only used with clo_mode=Heap.
267 ULong total_lifetimes_instrs;
269 // Number of blocks freed by this PP. (Only used in assertions.)
270 // Only used with clo_mode=Heap.
271 ULong freed_blocks;
273 // Total number of reads and writes in all blocks allocated
274 // by this PP. Only used with clo_mode=Heap.
275 ULong reads_bytes;
276 ULong writes_bytes;
278 /* Histogram information. We maintain a histogram aggregated for
279 all retiring Blocks allocated by this PP, but only if:
280 - this PP has only ever allocated objects of one size
281 - that size is <= HISTOGRAM_SIZE_LIMIT
282 What we need therefore is a mechanism to see if this PP
283 has only ever allocated blocks of one size.
285 3 states:
286 Unknown because no retirement yet
287 Exactly xsize all retiring blocks are of this size
288 Mixed multiple different sizes seen
290 Only used with clo_mode=Heap.
291 */
293 SizeT xsize;
295 }
296 PPInfo;
298 /* maps ExeContext*'s to PPInfo*'s. Note that the keys must match the
299 .ec field in the values. */
302 // Are we at peak memory? If so, update at_tgmax_blocks and at_tgmax_bytes in
303 // all PPInfos. Note that this is moderately expensive so we avoid calling it
304 // on every allocation.
306 {
310 // It's a peak. (If there are multiple equal peaks we record the latest
311 // one.)
319 }
321 }
322 }
324 /* 'bk' is being introduced (has just been allocated). Find the
325 relevant PPInfo entry for it, or create one, based on the block's
326 allocation EC. Then, update the PPInfo to the extent that we
327 actually can, to reflect the allocation. */
329 {
349 // histo stuff
354 }
355 }
359 // Update global stats and PPInfo stats.
361 g_total_blocks++;
368 g_curr_blocks++;
374 // The use of `>=` rather than `>` means that if there are multiple equal
375 // peaks we record the latest one, like `check_for_peak` does.
383 }
384 }
385 }
387 /* 'bk' is retiring (being freed). Find the relevant PPInfo entry for
388 it, which must already exist. Then, fold info from 'bk' into that
389 entry. 'because_freed' is True if the block is retiring because
390 the client has freed it. If it is False then the block is retiring
391 because the program has finished, in which case we want to skip the
392 updates of the total blocks live etc for this PP, but still fold in
393 the access counts and histo data that have so far accumulated for
394 the block. */
396 {
410 // update stats following this free.
416 // Total bytes is coming down from a possible peak.
419 // Then update global stats.
422 g_curr_blocks--;
425 // Then update PPInfo stats.
432 }
437 // access counts
443 // histo stuff. First, do state transitions for xsize/xsize_tag.
453 // and allocate the histo
458 }
462 //tl_assert(ppi->freed_blocks > 1);
468 // deallocate the histo, if any
472 }
473 }
477 //tl_assert(ppi->freed_blocks > 1);
482 }
484 // See if we can fold the histo data from this block into
485 // the data for the PP.
488 UWord i;
490 // FIXME: do something better in case of overflow of ppi->histo[..]
491 // Right now, at least don't let it overflow/wrap around
494 }
496 }
498 #if 0
501 UWord i;
507 }
508 #endif
509 }
511 /* This handles block resizing. When a block with PP 'ec' has a
512 size change of 'delta', call here to update the PPInfo. */
514 {
532 // Total bytes might be coming down from a possible peak.
534 }
536 // Note: we treat realloc() like malloc() + free() for total counts, i.e. we
537 // increment total_blocks by 1 and increment total_bytes by new_req_szB.
538 //
539 // A reasonable alternative would be to leave total_blocks unchanged and
540 // increment total_bytes by delta (but only if delta is positive). But then
541 // calls to realloc wouldn't be counted towards the total_blocks count,
542 // which is undesirable.
544 // Update global stats and PPInfo stats.
546 g_total_blocks++;
558 // The use of `>=` rather than `>` means that if there are multiple equal
559 // peaks we record the latest one, like `check_for_peak` does.
567 }
568 }
570 //------------------------------------------------------------//
571 //--- update both Block and PPInfos after {m,re}alloc/free ---//
572 //------------------------------------------------------------//
574 static
576 Bool is_zeroed )
577 {
579 SizeT actual_szB;
585 }
587 // Allocate and zero if necessary
592 }
596 }
600 }
602 // Make new Block, add to interval_tree.
610 // Set up histogram array, if the block isn't too large.
615 }
624 }
626 static
628 {
633 }
638 }
641 // assert the block finder is behaving sanely
647 }
655 }
657 }
659 static
661 {
671 }
675 }
677 // Find the old block.
681 }
684 // Assert the block finder is behaving sanely.
690 }
692 // Keeping the histogram alive in any meaningful way across
693 // block resizing is too darn complicated. Just throw it away.
697 }
699 // Actually do the allocation, if necessary.
701 // New size is smaller or same; block not moved.
705 // Update reads/writes for the implicit copy. Even though we didn't
706 // actually do a copy, we act like we did, to match up with the fact
707 // that we treat this as an additional allocation.
714 // New size is bigger; make new block, copy shared contents, free old.
717 // Nb: if realloc fails, NULL is returned but the old block is not
718 // touched. What an awful function.
720 }
726 // Since the block has moved, we need to re-insert it into the
727 // interval tree at the new place. Do this by removing
728 // and re-adding it.
730 // Now 'bk' is no longer in the tree, but the Block itself
731 // is still alive.
733 // Update reads/writes for the copy.
737 // Update the metadata.
742 // And re-add it to the interval tree.
743 Bool present
747 }
750 }
752 //------------------------------------------------------------//
753 //--- malloc() et al replacement wrappers ---//
754 //------------------------------------------------------------//
757 {
759 }
762 {
764 }
767 {
769 }
772 {
774 }
777 {
779 }
782 {
784 }
787 {
789 }
792 {
794 }
797 {
799 }
802 {
804 }
807 {
809 }
812 {
814 }
817 {
820 }
825 }
827 }
829 }
832 {
835 }
839 }
841 //------------------------------------------------------------//
842 //--- memory references ---//
843 //------------------------------------------------------------//
845 static
847 {
854 //VG_(printf)("%lu %lu (size of block %lu)\n", offMin, offMax1, bk->req_szB);
859 }
860 }
864 {
872 }
873 }
877 {
885 }
886 }
888 // Handle reads and writes by syscalls (read == kernel
889 // reads user space, write == kernel writes user space).
890 // Assumes no such read or write spans a heap block
891 // boundary and so we can treat it just as one giant
892 // read or write.
893 static
896 {
909 }
910 }
912 static
914 Addr str)
915 {
920 }
922 static
925 {
937 }
938 }
940 //------------------------------------------------------------//
941 //--- Instrumentation ---//
942 //------------------------------------------------------------//
944 #define binop(_op, _arg1, _arg2) IRExpr_Binop((_op),(_arg1),(_arg2))
945 #define mkexpr(_tmp) IRExpr_RdTmp((_tmp))
946 #define mkU32(_n) IRExpr_Const(IRConst_U32(_n))
947 #define mkU64(_n) IRExpr_Const(IRConst_U64(_n))
948 #define assign(_t, _e) IRStmt_WrTmp((_t), (_e))
950 static
952 {
953 #if defined(VG_BIGENDIAN)
954 # define END Iend_BE
955 #elif defined(VG_LITTLEENDIAN)
956 # define END Iend_LE
957 #else
959 #endif
960 // Add code to increment 'g_curr_instrs' by 'n', like this:
961 // WrTmp(t1, Load64(&g_curr_instrs))
962 // WrTmp(t2, Add64(RdTmp(t1), Const(n)))
963 // Store(&g_curr_instrs, t2)
975 }
977 static
979 Int goff_sp)
980 {
983 }
1003 }
1007 /* Add the helper. */
1013 argv );
1015 /* Generate the guard condition: "(addr - (SP - RZ)) >u N", for
1016 some arbitrary N. If that fails then addr is in the range (SP -
1017 RZ .. SP + N - RZ). If N is smallish (a page?) then we can say
1018 addr is within a page of SP and so can't possibly be a heap
1019 access, and so can be skipped. */
1025 sbOut,
1027 tyAddr == Ity_I32
1030 );
1034 sbOut,
1036 tyAddr == Ity_I32
1039 );
1043 sbOut,
1045 tyAddr == Ity_I32
1048 );
1052 }
1054 static
1061 {
1068 // We increment the instruction count in two places:
1069 // - just before any Ist_Exit statements;
1070 // - just before the IRSB's end.
1071 // In the former case, we zero 'n' and then continue instrumenting.
1075 // Copy verbatim any IR preamble preceding the first IMark
1079 i++;
1080 }
1090 n++;
1092 }
1096 // Add an increment before the Exit statement, then reset 'n'.
1099 }
1101 }
1107 // Note also, endianness info is ignored. I guess
1108 // that's not interesting.
1112 }
1114 }
1123 }
1126 Int dataSize;
1129 /* This dirty helper accesses memory. Collect the details. */
1133 // Large (eg. 28B, 108B, 512B on x86) data-sized
1134 // instructions will be done inaccurately, but they're
1135 // very rare and this avoids errors from hitting more
1136 // than two cache lines in the simulation.
1146 }
1148 }
1151 /* We treat it as a read and a write of the location. I
1152 think that is the same behaviour as it was before IRCAS
1153 was introduced, since prior to that point, the Vex
1154 front ends would translate a lock-prefixed instruction
1155 into a (normal) read followed by a (normal) write. */
1156 Int dataSize;
1168 }
1171 IRType dataTy;
1173 /* LL */
1179 /* SC */
1184 }
1186 }
1190 }
1193 }
1196 // Add an increment before the SB end.
1198 }
1200 }
1202 #undef binop
1203 #undef mkexpr
1204 #undef mkU32
1205 #undef mkU64
1206 #undef assign
1208 //------------------------------------------------------------//
1209 //--- Client requests ---//
1210 //------------------------------------------------------------//
1213 {
1218 }
1222 // Only the ec and req_szB fields are used by intro_Block().
1223 Block bk;
1231 }
1237 // bogus address
1240 Vg_UserMsg,
1242 );
1244 }
1246 // already histogrammed
1249 Vg_UserMsg,
1250 "Warning: request for user histogram of size %lu is smaller than the normal histogram limit, request ignored\n",
1251 bk->req_szB
1252 );
1254 }
1256 // too big
1259 Vg_UserMsg,
1260 "Warning: request for user histogram of size %lu is larger than the maximum user request limit, request ignored\n",
1261 bk->req_szB
1262 );
1264 }
1271 }
1278 }
1280 // Only the ec and req_szB fields are used by intro_Block().
1281 Block bk;
1289 }
1293 Vg_UserMsg,
1296 );
1298 }
1299 }
1301 //------------------------------------------------------------//
1302 //--- Finalisation ---//
1303 //------------------------------------------------------------//
1305 // File format notes.
1306 //
1307 // - The files are JSON, because it's a widely-used format and saves us having
1308 // to write a parser in dh_view.js.
1309 //
1310 // - We use a comma-first style for the generated JSON. Comma-first style
1311 // moves the special case for arrays/objects from the last item to the
1312 // first. This helps in cases where you can't easily tell in advance the
1313 // size of arrays/objects, such as iterating over a WordFM (because
1314 // VG_(sizeFM) is O(n) rather than O(1)), and iterating over stack frames
1315 // using VG_(apply_ExeContext) in combination with an InlIpCursor.
1316 //
1317 // - We use short field names and minimal whitespace to minimize file sizes.
1318 //
1319 // Sample output:
1320 //
1321 // {
1322 // // Version number of the format. Incremented on each
1323 // // backwards-incompatible change. A mandatory integer.
1324 // "dhatFileVersion": 2,
1325 //
1326 // // The invocation mode. A mandatory, free-form string.
1327 // "mode": "heap",
1328 //
1329 // // The verb used before above stack frames, i.e. "<verb> at {". A
1330 // // mandatory string.
1331 // "verb": "Allocated",
1332 //
1333 // // Are block lifetimes recorded? Affects whether some other fields are
1334 // // present. A mandatory boolean.
1335 // "bklt": true,
1336 //
1337 // // Are block accesses recorded? Affects whether some other fields are
1338 // // present. A mandatory boolean.
1339 // "bkacc": true,
1340 //
1341 // // Byte/bytes/blocks-position units. Optional strings. "byte", "bytes",
1342 // // and "blocks" are the values used if these fields are omitted.
1343 // "bu": "byte", "bsu": "bytes", "bksu": "blocks",
1344 //
1345 // // Time units (individual and 1,000,000x). Mandatory strings.
1346 // "tu": "instrs", "Mtu": "Minstr"
1347 //
1348 // // The "short-lived" time threshold, measures in "tu"s.
1349 // // - bklt=true: a mandatory integer.
1350 // // - bklt=false: omitted.
1351 // "tuth": 500,
1352 //
1353 // // The executed command. A mandatory string.
1354 // "cmd": "date",
1355 //
1356 // // The process ID. A mandatory integer.
1357 // "pid": 61129
1358 //
1359 // // The time at the end of execution (t-end). A mandatory integer.
1360 // "te": 350682
1361 //
1362 // // The time of the global max (t-gmax).
1363 // // - bklt=true: a mandatory integer.
1364 // // - bklt=false: omitted.
1365 // "tg": 331312,
1366 //
1367 // // The program points. A mandatory array.
1368 // "pps": [
1369 // {
1370 // // Total bytes and blocks. Mandatory integers.
1371 // "tb": 5, "tbk": 1,
1372 //
1373 // // Total lifetimes of all blocks allocated at this PP.
1374 // // - bklt=true: a mandatory integer.
1375 // // - bklt=false: omitted.
1376 // "tl": 274,
1377 //
1378 // // The maximum bytes and blocks for this PP.
1379 // // - bklt=true: mandatory integers.
1380 // // - bklt=false: omitted.
1381 // "mb": 5, "mbk": 1,
1382 //
1383 // // The bytes and blocks at t-gmax for this PP.
1384 // // - bklt=true: mandatory integers.
1385 // // - bklt=false: omitted.
1386 // "gb": 0, "gbk": 0,
1387 //
1388 // // The bytes and blocks at t-end for this PP.
1389 // // - bklt=true: mandatory integers.
1390 // // - bklt=false: omitted.
1391 // "eb": 0, "ebk": 0,
1392 //
1393 // // The reads and writes of blocks for this PP.
1394 // // - bkacc=true: mandatory integers.
1395 // // - bkacc=false: omitted.
1396 // "rb": 41, "wb": 5,
1397 //
1398 // // The exact accesses of blocks for this PP. Only used when all
1399 // // allocations are the same size and sufficiently small. A negative
1400 // // element indicates run-length encoding of the following integer.
1401 // // E.g. `-3, 4` means "three 4s in a row".
1402 // // - bkacc=true: an optional array of integers.
1403 // // - bkacc=false: omitted.
1404 // "acc": [5, -3, 4, 2],
1405 //
1406 // // Frames. Each element is an index into the "ftbl" array below.
1407 // // - All modes: A mandatory array of integers.
1408 // "fs": [1, 2, 3]
1409 // }
1410 // ],
1411 //
1412 // // Frame table. A mandatory array of strings.
1413 // "ftbl": [
1414 // "[root]",
1415 // "0x4AA1D9F: _nl_normalize_codeset (l10nflist.c:332)",
1416 // "0x4A9B414: _nl_load_locale_from_archive (loadarchive.c:173)",
1417 // "0x4A9A2BE: _nl_find_locale (findlocale.c:153)"
1418 // ]
1419 // }
1423 #define FP(format, args...) ({ VG_(fprintf)(fp, format, ##args); })
1425 // The frame table holds unique frames.
1430 {
1432 }
1435 {
1438 }
1440 // For JSON, we must escape double quote, backslash, and 0x00..0x1f.
1441 //
1442 // Returns the original string if no escaping was required. Returns a pointer
1443 // to a static buffer if escaping was required. Therefore, the return value is
1444 // only valid until the next call to this function.
1446 {
1450 // Do we need any escaping?
1459 }
1460 p++;
1461 }
1465 // No escaping needed.
1467 }
1469 // Escaping needed. (The +1 is for the NUL terminator.) Enlarge buf if
1470 // necessary.
1475 }
1496 }
1497 p++;
1498 }
1502 }
1505 {
1512 // Skip entries in vg_replace_malloc.c (e.g. `malloc`, `calloc`,
1513 // `realloc`, `operator new`) because they're boring and clog up the
1514 // output.
1517 }
1519 // If this description has been seen before, get its number. Otherwise,
1520 // give it a new number and put it in the table.
1525 //const HChar* str = (const HChar*)keyW;
1526 //tl_assert(0 == VG_(strcmp)(buf, str));
1529 // `buf` is a static buffer, we must copy it.
1534 }
1542 };
1545 {
1568 // Simple run-length encoding: when N entries in a row have the same
1569 // value M, we print "-N,M". If there is just one in a row, we just
1570 // print "M". This reduces file size significantly.
1576 // Continue current run.
1577 reps++;
1579 // End of run; print it.
1584 }
1587 }
1588 }
1589 // Print the final run.
1594 }
1597 }
1612 }
1620 }
1623 {
1635 }
1639 // We didn't print any elements. This happens if ppinfo is empty.
1641 }
1644 }
1647 {
1648 // This function does lots of allocations that it doesn't bother to free,
1649 // because execution is almost over anyway.
1653 // Total bytes might be at a possible peak.
1657 // Before printing statistics, we must harvest various stats (such as
1658 // lifetimes and accesses) for all the blocks that are still alive.
1665 }
1668 // Stats.
1672 stats__n_fBc_cached0 + stats__n_fBc_cached1
1673 + stats__n_fBc_cached2
1676 stats__n_fBc_cached0,
1677 stats__n_fBc_cached1);
1679 stats__n_fBc_cached2,
1680 stats__n_fBc_uncached);
1683 }
1684 }
1686 // Create the frame table, and insert the special "[root]" node at index 0.
1690 frame_cmp);
1696 // Setup output filename. Nb: it's important to do this now, i.e. as late
1697 // as possible. If we do it at start-up and the program forks and the
1698 // output file format string contains a %p (pid) specifier, both the parent
1699 // and child will incorrectly write to the same file; this happened in
1700 // 3.3.0.
1710 }
1712 // Write to data file.
1715 // The output mode, block booleans, and byte/block units.
1728 }
1730 // The time units.
1734 }
1736 // The command.
1742 }
1745 // The PID.
1748 // Times.
1754 }
1756 // APs.
1759 // Frame table.
1762 // The frame table maps strings to numbers. We want to print it ordered by
1763 // numbers. So we create an array and fill it in from the frame table, then
1764 // print that.
1773 }
1778 }
1789 }
1791 // Print brief global stats.
1809 }
1811 // Print a how-to-view-the-profile hint.
1822 }
1824 //------------------------------------------------------------//
1825 //--- Initialisation ---//
1826 //------------------------------------------------------------//
1829 {
1834 }
1835 }
1838 {
1847 // Basic functions.
1849 dh_instrument,
1850 dh_fini);
1852 // Needs.
1856 dh_print_usage,
1857 dh_print_debug_usage);
1859 // VG_(needs_sanity_checks) (dh_cheap_sanity_check,
1860 // dh_expensive_sanity_check);
1862 dh___builtin_new,
1863 dh___builtin_new_aligned,
1864 dh___builtin_vec_new,
1865 dh___builtin_vec_new_aligned,
1866 dh_memalign,
1867 dh_calloc,
1868 dh_free,
1869 dh___builtin_delete,
1870 dh___builtin_delete_aligned,
1871 dh___builtin_vec_delete,
1872 dh___builtin_vec_delete_aligned,
1873 dh_realloc,
1874 dh_malloc_usable_size,
1885 interval_tree_Cmp );
1891 }
1895 //--------------------------------------------------------------------//
1896 //--- end dh_main.c ---//
1897 //--------------------------------------------------------------------//