| blob | 7ba4e8a870800560e862b1a17d2a5df2c65f4bf1 |
1 /*--------------------------------------------------------------------*/
2 /*--- Callgrind ---*/
3 /*--- bbcc.c ---*/
4 /*--------------------------------------------------------------------*/
6 /*
7 This file is part of Callgrind, a Valgrind tool for call tracing.
9 Copyright (C) 2002-2017, Josef Weidendorfer (Josef.Weidendorfer@gmx.de)
11 This program is free software; you can redistribute it and/or
12 modify it under the terms of the GNU General Public License as
13 published by the Free Software Foundation; either version 2 of the
14 License, or (at your option) any later version.
16 This program is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
24 02111-1307, USA.
26 The GNU General Public License is contained in the file COPYING.
27 */
34 /*------------------------------------------------------------*/
35 /*--- BBCC operations ---*/
36 /*------------------------------------------------------------*/
38 #define N_BBCC_INITIAL_ENTRIES 10437
40 /* BBCC table (key is BB/Context), per thread, resizable */
41 bbcc_hash current_bbccs;
44 {
45 Int i;
55 }
58 {
64 }
67 {
69 }
72 {
78 }
80 /*
81 * Zero all costs of a BBCC
82 */
84 {
85 Int i;
106 }
107 }
110 }
115 {
122 /* every bbcc should have a rec_array */
129 }
131 }
132 }
133 }
136 /* All BBCCs for recursion level 0 are inserted into a
137 * thread specific hash table with key
138 * - address of BB structure (unique, as never freed)
139 * - current context (includes caller chain)
140 * BBCCs for other recursion levels are in bbcc->rec_array.
141 *
142 * The hash is used in setup_bb(), i.e. to find the cost
143 * counters to be changed in the execution of a BB.
144 */
146 static __inline__
148 {
153 }
156 /* Lookup for a BBCC in hash.
157 */
158 static
160 {
162 UInt idx;
164 /* check LRU */
167 /* if we don't dump threads separate, tid doesn't have to match */
169 }
171 }
181 }
191 }
194 /* double size of hash table 1 (addr->BBCC) */
196 {
199 UInt new_idx;
218 new_size);
223 conflicts1++;
225 conflicts2++;
226 }
229 }
230 }
242 }
245 static __inline
247 {
258 }
261 /*
262 * Allocate a new BBCC
263 *
264 * Uninitialized:
265 * cxt, rec_index, rec_array, next_bbcc, next1, next2
266 */
267 static __inline__
269 {
271 Int i;
273 /* We need cjmp_count+1 JmpData structs:
274 * the last is for the unconditional jump/call/ret at end of BB
275 */
290 }
293 /* Init pointer caches (LRU) */
304 }
307 /**
308 * Inserts a new BBCC into hashes.
309 * BBCC specific items must be set as this is used for the hash
310 * keys:
311 * fn : current function
312 * tid : current thread ID
313 * from : position where current function is called from
314 *
315 * Recursion level doesn't need to be set as this is not included
316 * in the hash key: Only BBCCs with rec level 0 are in hashes.
317 */
318 static
320 {
321 UInt idx;
328 /* check fill degree of hash and resize if needed (>90%) */
339 }
341 /* String is returned in a dynamically allocated buffer. Caller is
342 responsible for free'ing it. */
344 {
349 /* Overestimate the number of bytes we need to hold the string. */
362 }
365 /* Create a new BBCC as a copy of an existing one,
366 * but with costs set to 0 and jcc chains empty.
367 *
368 * This is needed when a BB is executed in another context than
369 * the one at instrumentation time of the BB.
370 *
371 * Use cases:
372 * rec_index == 0: clone from a BBCC with differing tid/cxt
373 * and insert into hashes
374 * rec_index >0 : clone from a BBCC with same tid/cxt and rec_index 0
375 * don't insert into hashes
376 */
378 {
388 /* hash insertion is only allowed if tid or cxt is different */
398 }
408 /* new BBCC will only have differing recursion level */
413 }
415 /* update list of BBCCs for same BB */
429 mangled_orig,
430 mangled_bbcc);
437 };
441 /* Get a pointer to the cost centre structure for given basic block
442 * address. If created, the BBCC is inserted into the BBCC hash.
443 * Also sets BB_seen_before by reference.
444 *
445 */
447 {
457 /* initialize BBCC */
468 }
474 }
477 /* Callgrind manages its own call stack for each thread.
478 * When leaving a function, a underflow can happen when
479 * Callgrind's tracing was switched on in the middle of
480 * a run, i.e. when Callgrind was not able to trace the
481 * call instruction.
482 * This function tries to reconstruct the original call.
483 * As we know the return address (the address following
484 * the CALL instruction), we can detect the function
485 * we return back to, but the original call site is unknown.
486 * We suppose a call site at return address - 1.
487 * (TODO: other heuristic: lookup info of instrumented BBs).
488 */
490 {
491 /* RET at top of call stack */
494 Bool seen_before;
502 /* we emulate an old call from the function we return to
503 * by using (<return address> -1) */
507 /* seen_before can be true if RET from a signal handler */
510 }
514 /* Force a new top context, will be set active by push_cxt() */
521 /* set rec array for source BBCC: this is at rec level 1 */
528 }
531 /* correct active counts */
536 /* This assertion is not correct for reentrant
537 * signal handlers */
538 /* CLG_ASSERT(*pactive == 0); */
541 /* back to current context */
545 call_entry_up =
547 /* assume this call is lasting since last dump or
548 * for a signal handler since it's call */
552 else
554 }
557 /*
558 * Helper function called at start of each instrumented BB to setup
559 * pointer to costs for current thread/context/recursion level
560 */
564 {
567 Addr sp;
569 ThreadId tid;
570 ClgJumpKind jmpkind;
571 Bool isConditionalJump;
578 /* This is needed because thread switches can not reliable be tracked
579 * with callback CLG_(run_thread) only: we have otherwise no way to get
580 * the thread ID after a signal handler returns.
581 * This could be removed again if that bug is fixed in Valgrind.
582 * This is in the hot path but hopefully not to costly.
583 */
585 #if 1
586 /* CLG_(switch_thread) is a no-op when tid is equal to CLG_(current_tid).
587 * As this is on the hot path, we only call CLG_(switch_thread)(tid)
588 * if tid differs from the CLG_(current_tid).
589 */
592 #else
594 #endif
611 /* update Ir cost */
614 }
615 }
617 /* do not increment exe counter of BBs in skipped functions, as it
618 * would fool dumping code */
620 /* update Ir cost */
625 }
626 }
627 }
632 }
633 }
637 }
639 /* Manipulate JmpKind if needed, only using BB specific info */
643 /* A return not matching the top call in our callstack is a jump */
648 /* We have a real return if
649 * - the stack pointer (SP) left the current stack frame, or
650 * - SP has the same value as when reaching the current function
651 * and the address of this BB is the return address of last call
652 * (we even allow to leave multiple frames if the SP stays the
653 * same and we find a matching return address)
654 * The latter condition is needed because on PPC, SP can stay
655 * the same over CALL=b(c)l / RET=b(c)lr boundaries
656 */
662 csp_up--;
665 popcount_on_return++;
667 }
668 }
671 }
672 }
676 }
677 }
679 /* Should this jump be converted to call or pop/call ? */
683 /* We simulate a JMP/Cont to be a CALL if
684 * - jump is in another ELF object or section kind
685 * - jump is to first instruction of a function (tail recursion)
686 */
688 /* This is for detection of optimized tail recursion.
689 * On PPC, this is only detected as call when going to another
690 * function. The problem is that on PPC it can go wrong
691 * more easily (no stack frame setup needed)
692 */
693 #if defined(VGA_ppc32)
695 #else
697 #endif
714 /* change source for delayed push */
719 }
722 }
723 }
727 }
728 }
742 }
746 }
748 /* Handle CALL/RET and update context to get correct BBCC */
756 /* On an empty call stack or at a signal separation marker,
757 * a RETURN generates an call stack underflow.
758 */
761 }
765 }
766 }
770 /* if unwinding was done, this actually is a return */
772 }
781 }
782 }
784 /* Change new context if needed, taking delayed_push into account */
787 }
790 /* If there is a fresh instrumented BBCC, assign current context */
801 }
803 /* get BBCC with current context */
805 /* first check LRU of last bbcc executed */
813 }
814 else
823 }
825 /* save for fast lookup */
837 /* a call was detected, which means that the source BB != 0 */
839 /* only increment rec. level if called from different function */
841 level++;
842 }
844 }
849 /* can only happen if instrumentation just was switched on */
852 }
857 else
861 }
865 /* a call from skipped to nonskipped */
867 /* FIXME: take the real passed count from shadow stack */
869 }
872 }
876 /* Handle conditional jumps followed, i.e. trace arcs
877 * This uses JCC structures, too */
881 // Change from default, and check if already changed
885 // FIXME: Why can this fail?
886 // CLG_ASSERT(jcc->jmpkind == jmpkind);
887 }
892 else
894 }
897 /* Even though this will be set in instrumented code directly before
898 * side exits, it needs to be set to 0 here in case an exception
899 * happens in first instructions of the BB */
901 // needed for log_* handlers called in this BB
909 }
919 }