| blob | 90b1a965ac70841c33873dfd5c055abdfec37c7e |
2 //--------------------------------------------------------------------//
3 //--- DHAT: a Dynamic Heap Analysis Tool dh_main.c ---//
4 //--------------------------------------------------------------------//
6 /*
7 This file is part of DHAT, a Valgrind tool for profiling the
8 heap usage of programs.
10 Copyright (C) 2010-2018 Mozilla Foundation
12 This program is free software; you can redistribute it and/or
13 modify it under the terms of the GNU General Public License as
14 published by the Free Software Foundation; either version 2 of the
15 License, or (at your option) any later version.
17 This program is distributed in the hope that it will be useful, but
18 WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 General Public License for more details.
22 You should have received a copy of the GNU General Public License
23 along with this program; if not, see <http://www.gnu.org/licenses/>.
25 The GNU General Public License is contained in the file COPYING.
26 */
28 /* Contributed by Julian Seward <jseward@acm.org> */
47 #define HISTOGRAM_SIZE_LIMIT 1024
49 //------------------------------------------------------------//
50 //--- Globals ---//
51 //------------------------------------------------------------//
53 // Values for the entire run.
57 // Current values. g_curr_blocks and g_curr_bytes are only used with
58 // clo_mode=Heap.
63 // Values at the global max, i.e. when g_curr_bytes peaks.
64 // Only used with clo_mode=Heap.
68 // Time of the global max.
71 // Values for the entire run. Updated each time a block is retired.
72 // Only used with clo_mode=Heap.
76 //------------------------------------------------------------//
77 //--- Command line args ---//
78 //------------------------------------------------------------//
87 {
96 }
99 }
102 {
106 );
107 }
110 {
113 );
114 }
116 //------------------------------------------------------------//
117 //--- an Interval Tree of live blocks ---//
118 //------------------------------------------------------------//
120 /* Tracks information about live blocks. */
121 typedef
123 Addr payload;
124 SizeT req_szB;
127 ULong reads_bytes;
128 ULong writes_bytes;
129 /* Approx histogram, one byte per payload byte. Counts latch up
130 therefore at 0xFFFF. Can be NULL if the block is resized or if
131 the block is larger than HISTOGRAM_SIZE_LIMIT. */
133 }
134 Block;
136 /* May not contain zero-sized blocks. May not contain
137 overlapping blocks. */
140 /* Here's the comparison function. Since the tree is required
141 to contain non-zero sized, non-overlapping blocks, it's good
142 enough to consider any overlap as a match. */
144 {
152 }
154 // 2-entry cache for find_Block_containing
163 {
169 // found at 0
170 stats__n_fBc_cached++;
172 }
176 // found at 1; swap 0 and 1
180 stats__n_fBc_cached++;
182 }
183 Block fake;
191 stats__n_fBc_notfound++;
193 }
198 // put at the top position
201 stats__n_fBc_uncached++;
203 }
205 // delete a block; asserts if not found. (viz, 'a' must be
206 // known to be present.)
208 {
211 Block fake;
218 }
220 //------------------------------------------------------------//
221 //--- a FM of allocation points (APs) ---//
222 //------------------------------------------------------------//
224 typedef
226 // The program point that we're summarising stats for.
229 // Total number of blocks and bytes allocated by this PP.
230 ULong total_blocks;
231 ULong total_bytes;
233 // The current number of blocks and bytes live for this PP.
234 // Only used with clo_mode=Heap.
235 ULong curr_blocks;
236 ULong curr_bytes;
238 // Values at the PP max, i.e. when this PP's curr_bytes peaks.
239 // Only used with clo_mode=Heap.
243 // Values at the global max.
244 // Only used with clo_mode=Heap.
245 ULong at_tgmax_blocks;
246 ULong at_tgmax_bytes;
248 // Total lifetimes of all blocks allocated by this PP. Includes blocks
249 // explicitly freed and blocks implicitly freed at termination.
250 // Only used with clo_mode=Heap.
251 ULong total_lifetimes_instrs;
253 // Number of blocks freed by this PP. (Only used in assertions.)
254 // Only used with clo_mode=Heap.
255 ULong freed_blocks;
257 // Total number of reads and writes in all blocks allocated
258 // by this PP. Only used with clo_mode=Heap.
259 ULong reads_bytes;
260 ULong writes_bytes;
262 /* Histogram information. We maintain a histogram aggregated for
263 all retiring Blocks allocated by this PP, but only if:
264 - this PP has only ever allocated objects of one size
265 - that size is <= HISTOGRAM_SIZE_LIMIT
266 What we need therefore is a mechanism to see if this PP
267 has only ever allocated blocks of one size.
269 3 states:
270 Unknown because no retirement yet
271 Exactly xsize all retiring blocks are of this size
272 Mixed multiple different sizes seen
274 Only used with clo_mode=Heap.
275 */
277 SizeT xsize;
279 }
280 PPInfo;
282 /* maps ExeContext*'s to PPInfo*'s. Note that the keys must match the
283 .ec field in the values. */
286 // Are we at peak memory? If so, update at_tgmax_blocks and at_tgmax_bytes in
287 // all PPInfos. Note that this is moderately expensive so we avoid calling it
288 // on every allocation.
290 {
294 // It's a peak. (If there are multiple equal peaks we record the latest
295 // one.)
303 }
305 }
306 }
308 /* 'bk' is being introduced (has just been allocated). Find the
309 relevant PPInfo entry for it, or create one, based on the block's
310 allocation EC. Then, update the PPInfo to the extent that we
311 actually can, to reflect the allocation. */
313 {
333 // histo stuff
338 }
339 }
343 // Update global stats and PPInfo stats.
345 g_total_blocks++;
352 g_curr_blocks++;
358 // The use of `>=` rather than `>` means that if there are multiple equal
359 // peaks we record the latest one, like `check_for_peak` does.
367 }
368 }
369 }
371 /* 'bk' is retiring (being freed). Find the relevant PPInfo entry for
372 it, which must already exist. Then, fold info from 'bk' into that
373 entry. 'because_freed' is True if the block is retiring because
374 the client has freed it. If it is False then the block is retiring
375 because the program has finished, in which case we want to skip the
376 updates of the total blocks live etc for this PP, but still fold in
377 the access counts and histo data that have so far accumulated for
378 the block. */
380 {
394 // update stats following this free.
400 // Total bytes is coming down from a possible peak.
403 // Then update global stats.
406 g_curr_blocks--;
409 // Then update PPInfo stats.
416 }
421 // access counts
427 // histo stuff. First, do state transitions for xsize/xsize_tag.
437 // and allocate the histo
442 }
446 //tl_assert(ppi->freed_blocks > 1);
452 // deallocate the histo, if any
456 }
457 }
461 //tl_assert(ppi->freed_blocks > 1);
466 }
468 // See if we can fold the histo data from this block into
469 // the data for the PP.
472 UWord i;
474 // FIXME: do something better in case of overflow of ppi->histo[..]
475 // Right now, at least don't let it overflow/wrap around
478 }
480 }
482 #if 0
485 UWord i;
491 }
492 #endif
493 }
495 /* This handles block resizing. When a block with PP 'ec' has a
496 size change of 'delta', call here to update the PPInfo. */
498 {
516 // Total bytes might be coming down from a possible peak.
518 }
520 // Note: we treat realloc() like malloc() + free() for total counts, i.e. we
521 // increment total_blocks by 1 and increment total_bytes by new_req_szB.
522 //
523 // A reasonable alternative would be to leave total_blocks unchanged and
524 // increment total_bytes by delta (but only if delta is positive). But then
525 // calls to realloc wouldn't be counted towards the total_blocks count,
526 // which is undesirable.
528 // Update global stats and PPInfo stats.
530 g_total_blocks++;
542 // The use of `>=` rather than `>` means that if there are multiple equal
543 // peaks we record the latest one, like `check_for_peak` does.
551 }
552 }
554 //------------------------------------------------------------//
555 //--- update both Block and PPInfos after {m,re}alloc/free ---//
556 //------------------------------------------------------------//
558 static
560 Bool is_zeroed )
561 {
563 SizeT actual_szB;
569 }
571 // Allocate and zero if necessary
576 }
580 }
584 }
586 // Make new Block, add to interval_tree.
594 // Set up histogram array, if the block isn't too large.
599 }
608 }
610 static
612 {
617 }
622 }
625 // assert the block finder is behaving sanely
631 }
639 }
641 }
643 static
645 {
655 }
659 }
661 // Find the old block.
665 }
668 // Assert the block finder is behaving sanely.
674 }
676 // Keeping the histogram alive in any meaningful way across
677 // block resizing is too darn complicated. Just throw it away.
681 }
683 // Actually do the allocation, if necessary.
685 // New size is smaller or same; block not moved.
689 // Update reads/writes for the implicit copy. Even though we didn't
690 // actually do a copy, we act like we did, to match up with the fact
691 // that we treat this as an additional allocation.
698 // New size is bigger; make new block, copy shared contents, free old.
701 // Nb: if realloc fails, NULL is returned but the old block is not
702 // touched. What an awful function.
704 }
710 // Since the block has moved, we need to re-insert it into the
711 // interval tree at the new place. Do this by removing
712 // and re-adding it.
714 // Now 'bk' is no longer in the tree, but the Block itself
715 // is still alive.
717 // Update reads/writes for the copy.
721 // Update the metadata.
726 // And re-add it to the interval tree.
727 Bool present
731 }
734 }
736 //------------------------------------------------------------//
737 //--- malloc() et al replacement wrappers ---//
738 //------------------------------------------------------------//
741 {
743 }
746 {
748 }
751 {
753 }
756 {
758 }
761 {
763 }
766 {
768 }
771 {
773 }
776 {
778 }
781 {
784 }
788 }
790 }
793 {
796 }
800 }
802 //------------------------------------------------------------//
803 //--- memory references ---//
804 //------------------------------------------------------------//
806 static
808 {
815 //VG_(printf)("%lu %lu (size of block %lu)\n", offMin, offMax1, bk->req_szB);
820 }
821 }
825 {
833 }
834 }
838 {
846 }
847 }
849 // Handle reads and writes by syscalls (read == kernel
850 // reads user space, write == kernel writes user space).
851 // Assumes no such read or write spans a heap block
852 // boundary and so we can treat it just as one giant
853 // read or write.
854 static
857 {
870 }
871 }
873 static
875 Addr str)
876 {
881 }
883 static
886 {
898 }
899 }
901 //------------------------------------------------------------//
902 //--- Instrumentation ---//
903 //------------------------------------------------------------//
905 #define binop(_op, _arg1, _arg2) IRExpr_Binop((_op),(_arg1),(_arg2))
906 #define mkexpr(_tmp) IRExpr_RdTmp((_tmp))
907 #define mkU32(_n) IRExpr_Const(IRConst_U32(_n))
908 #define mkU64(_n) IRExpr_Const(IRConst_U64(_n))
909 #define assign(_t, _e) IRStmt_WrTmp((_t), (_e))
911 static
913 {
914 #if defined(VG_BIGENDIAN)
915 # define END Iend_BE
916 #elif defined(VG_LITTLEENDIAN)
917 # define END Iend_LE
918 #else
920 #endif
921 // Add code to increment 'g_curr_instrs' by 'n', like this:
922 // WrTmp(t1, Load64(&g_curr_instrs))
923 // WrTmp(t2, Add64(RdTmp(t1), Const(n)))
924 // Store(&g_curr_instrs, t2)
936 }
938 static
940 Int goff_sp)
941 {
944 }
964 }
968 /* Add the helper. */
974 argv );
976 /* Generate the guard condition: "(addr - (SP - RZ)) >u N", for
977 some arbitrary N. If that fails then addr is in the range (SP -
978 RZ .. SP + N - RZ). If N is smallish (a page?) then we can say
979 addr is within a page of SP and so can't possibly be a heap
980 access, and so can be skipped. */
986 sbOut,
988 tyAddr == Ity_I32
991 );
995 sbOut,
997 tyAddr == Ity_I32
1000 );
1004 sbOut,
1006 tyAddr == Ity_I32
1009 );
1013 }
1015 static
1022 {
1029 // We increment the instruction count in two places:
1030 // - just before any Ist_Exit statements;
1031 // - just before the IRSB's end.
1032 // In the former case, we zero 'n' and then continue instrumenting.
1036 // Copy verbatim any IR preamble preceding the first IMark
1040 i++;
1041 }
1051 n++;
1053 }
1057 // Add an increment before the Exit statement, then reset 'n'.
1060 }
1062 }
1068 // Note also, endianness info is ignored. I guess
1069 // that's not interesting.
1073 }
1075 }
1084 }
1087 Int dataSize;
1090 /* This dirty helper accesses memory. Collect the details. */
1094 // Large (eg. 28B, 108B, 512B on x86) data-sized
1095 // instructions will be done inaccurately, but they're
1096 // very rare and this avoids errors from hitting more
1097 // than two cache lines in the simulation.
1107 }
1109 }
1112 /* We treat it as a read and a write of the location. I
1113 think that is the same behaviour as it was before IRCAS
1114 was introduced, since prior to that point, the Vex
1115 front ends would translate a lock-prefixed instruction
1116 into a (normal) read followed by a (normal) write. */
1117 Int dataSize;
1129 }
1132 IRType dataTy;
1134 /* LL */
1140 /* SC */
1145 }
1147 }
1151 }
1154 }
1157 // Add an increment before the SB end.
1159 }
1161 }
1163 #undef binop
1164 #undef mkexpr
1165 #undef mkU32
1166 #undef mkU64
1167 #undef assign
1169 //------------------------------------------------------------//
1170 //--- Client requests ---//
1171 //------------------------------------------------------------//
1174 {
1179 }
1183 // Only the ec and req_szB fields are used by intro_Block().
1184 Block bk;
1192 }
1199 }
1201 // Only the ec and req_szB fields are used by intro_Block().
1202 Block bk;
1210 }
1214 Vg_UserMsg,
1217 );
1219 }
1220 }
1222 //------------------------------------------------------------//
1223 //--- Finalisation ---//
1224 //------------------------------------------------------------//
1226 // File format notes.
1227 //
1228 // - The files are JSON, because it's a widely-used format and saves us having
1229 // to write a parser in dh_view.js.
1230 //
1231 // - We use a comma-first style for the generated JSON. Comma-first style
1232 // moves the special case for arrays/objects from the last item to the
1233 // first. This helps in cases where you can't easily tell in advance the
1234 // size of arrays/objects, such as iterating over a WordFM (because
1235 // VG_(sizeFM) is O(n) rather than O(1)), and iterating over stack frames
1236 // using VG_(apply_ExeContext) in combination with an InlIpCursor.
1237 //
1238 // - We use short field names and minimal whitespace to minimize file sizes.
1239 //
1240 // Sample output:
1241 //
1242 // {
1243 // // Version number of the format. Incremented on each
1244 // // backwards-incompatible change. A mandatory integer.
1245 // "dhatFileVersion": 2,
1246 //
1247 // // The invocation mode. A mandatory, free-form string.
1248 // "mode": "heap",
1249 //
1250 // // The verb used before above stack frames, i.e. "<verb> at {". A
1251 // // mandatory string.
1252 // "verb": "Allocated",
1253 //
1254 // // Are block lifetimes recorded? Affects whether some other fields are
1255 // // present. A mandatory boolean.
1256 // "bklt": true,
1257 //
1258 // // Are block accesses recorded? Affects whether some other fields are
1259 // // present. A mandatory boolean.
1260 // "bkacc": true,
1261 //
1262 // // Byte/bytes/blocks-position units. Optional strings. "byte", "bytes",
1263 // // and "blocks" are the values used if these fields are omitted.
1264 // "bu": "byte", "bsu": "bytes", "bksu": "blocks",
1265 //
1266 // // Time units (individual and 1,000,000x). Mandatory strings.
1267 // "tu": "instrs", "Mtu": "Minstr"
1268 //
1269 // // The "short-lived" time threshold, measures in "tu"s.
1270 // // - bklt=true: a mandatory integer.
1271 // // - bklt=false: omitted.
1272 // "tuth": 500,
1273 //
1274 // // The executed command. A mandatory string.
1275 // "cmd": "date",
1276 //
1277 // // The process ID. A mandatory integer.
1278 // "pid": 61129
1279 //
1280 // // The time at the end of execution (t-end). A mandatory integer.
1281 // "te": 350682
1282 //
1283 // // The time of the global max (t-gmax).
1284 // // - bklt=true: a mandatory integer.
1285 // // - bklt=false: omitted.
1286 // "tg": 331312,
1287 //
1288 // // The program points. A mandatory array.
1289 // "pps": [
1290 // {
1291 // // Total bytes and blocks. Mandatory integers.
1292 // "tb": 5, "tbk": 1,
1293 //
1294 // // Total lifetimes of all blocks allocated at this PP.
1295 // // - bklt=true: a mandatory integer.
1296 // // - bklt=false: omitted.
1297 // "tl": 274,
1298 //
1299 // // The maximum bytes and blocks for this PP.
1300 // // - bklt=true: mandatory integers.
1301 // // - bklt=false: omitted.
1302 // "mb": 5, "mbk": 1,
1303 //
1304 // // The bytes and blocks at t-gmax for this PP.
1305 // // - bklt=true: mandatory integers.
1306 // // - bklt=false: omitted.
1307 // "gb": 0, "gbk": 0,
1308 //
1309 // // The bytes and blocks at t-end for this PP.
1310 // // - bklt=true: mandatory integers.
1311 // // - bklt=false: omitted.
1312 // "eb": 0, "ebk": 0,
1313 //
1314 // // The reads and writes of blocks for this PP.
1315 // // - bkacc=true: mandatory integers.
1316 // // - bkacc=false: omitted.
1317 // "rb": 41, "wb": 5,
1318 //
1319 // // The exact accesses of blocks for this PP. Only used when all
1320 // // allocations are the same size and sufficiently small. A negative
1321 // // element indicates run-length encoding of the following integer.
1322 // // E.g. `-3, 4` means "three 4s in a row".
1323 // // - bkacc=true: an optional array of integers.
1324 // // - bkacc=false: omitted.
1325 // "acc": [5, -3, 4, 2],
1326 //
1327 // // Frames. Each element is an index into the "ftbl" array below.
1328 // // - All modes: A mandatory array of integers.
1329 // "fs": [1, 2, 3]
1330 // }
1331 // ],
1332 //
1333 // // Frame table. A mandatory array of strings.
1334 // "ftbl": [
1335 // "[root]",
1336 // "0x4AA1D9F: _nl_normalize_codeset (l10nflist.c:332)",
1337 // "0x4A9B414: _nl_load_locale_from_archive (loadarchive.c:173)",
1338 // "0x4A9A2BE: _nl_find_locale (findlocale.c:153)"
1339 // ]
1340 // }
1344 #define FP(format, args...) ({ VG_(fprintf)(fp, format, ##args); })
1346 // The frame table holds unique frames.
1351 {
1353 }
1356 {
1359 }
1361 // For JSON, we must escape double quote, backslash, and 0x00..0x1f.
1362 //
1363 // Returns the original string if no escaping was required. Returns a pointer
1364 // to a static buffer if escaping was required. Therefore, the return value is
1365 // only valid until the next call to this function.
1367 {
1371 // Do we need any escaping?
1380 }
1381 p++;
1382 }
1386 // No escaping needed.
1388 }
1390 // Escaping needed. (The +1 is for the NUL terminator.) Enlarge buf if
1391 // necessary.
1396 }
1417 }
1418 p++;
1419 }
1423 }
1426 {
1433 // Skip entries in vg_replace_malloc.c (e.g. `malloc`, `calloc`,
1434 // `realloc`, `operator new`) because they're boring and clog up the
1435 // output.
1438 }
1440 // If this description has been seen before, get its number. Otherwise,
1441 // give it a new number and put it in the table.
1446 //const HChar* str = (const HChar*)keyW;
1447 //tl_assert(0 == VG_(strcmp)(buf, str));
1450 // `buf` is a static buffer, we must copy it.
1455 }
1463 };
1466 {
1489 // Simple run-length encoding: when N entries in a row have the same
1490 // value M, we print "-N,M". If there is just one in a row, we just
1491 // print "M". This reduces file size significantly.
1497 // Continue current run.
1498 reps++;
1500 // End of run; print it.
1505 }
1508 }
1509 }
1510 // Print the final run.
1515 }
1518 }
1533 }
1541 }
1544 {
1556 }
1560 // We didn't print any elements. This happens if ppinfo is empty.
1562 }
1565 }
1568 {
1569 // This function does lots of allocations that it doesn't bother to free,
1570 // because execution is almost over anyway.
1574 // Total bytes might be at a possible peak.
1578 // Before printing statistics, we must harvest various stats (such as
1579 // lifetimes and accesses) for all the blocks that are still alive.
1586 }
1589 // Stats.
1594 stats__n_fBc_cached,
1595 stats__n_fBc_uncached);
1598 }
1599 }
1601 // Create the frame table, and insert the special "[root]" node at index 0.
1605 frame_cmp);
1611 // Setup output filename. Nb: it's important to do this now, i.e. as late
1612 // as possible. If we do it at start-up and the program forks and the
1613 // output file format string contains a %p (pid) specifier, both the parent
1614 // and child will incorrectly write to the same file; this happened in
1615 // 3.3.0.
1625 }
1627 // Write to data file.
1630 // The output mode, block booleans, and byte/block units.
1643 }
1645 // The time units.
1649 }
1651 // The command.
1657 }
1660 // The PID.
1663 // Times.
1669 }
1671 // APs.
1674 // Frame table.
1677 // The frame table maps strings to numbers. We want to print it ordered by
1678 // numbers. So we create an array and fill it in from the frame table, then
1679 // print that.
1688 }
1693 }
1704 }
1706 // Print brief global stats.
1724 }
1726 // Print a how-to-view-the-profile hint.
1737 }
1739 //------------------------------------------------------------//
1740 //--- Initialisation ---//
1741 //------------------------------------------------------------//
1744 {
1749 }
1750 }
1753 {
1761 // Basic functions.
1763 dh_instrument,
1764 dh_fini);
1766 // Needs.
1770 dh_print_usage,
1771 dh_print_debug_usage);
1773 // VG_(needs_sanity_checks) (dh_cheap_sanity_check,
1774 // dh_expensive_sanity_check);
1776 dh___builtin_new,
1777 dh___builtin_vec_new,
1778 dh_memalign,
1779 dh_calloc,
1780 dh_free,
1781 dh___builtin_delete,
1782 dh___builtin_vec_delete,
1783 dh_realloc,
1784 dh_malloc_usable_size,
1794 interval_tree_Cmp );
1800 }
1804 //--------------------------------------------------------------------//
1805 //--- end dh_main.c ---//
1806 //--------------------------------------------------------------------//