forked from JuliaLang/julia
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gc-debug.c
447 lines (403 loc) · 14.7 KB
/
gc-debug.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
// This file is a part of Julia. License is MIT: http://julialang.org/license
// Useful function in debugger to find page/region metadata
gcpage_t *jl_gc_page_metadata(void *data)
{
return page_metadata(data);
}
region_t *jl_gc_find_region(void *ptr, int maybe)
{
return find_region(ptr, maybe);
}
// Find the memory block in the pool that owns the byte pointed to by p.
// For end of object pointer (which is always the case for pointer to a
// singleton object), this usually returns the same pointer which points to
// the next object but it can also return NULL if the pointer is pointing to
// the end of the page.
JL_DLLEXPORT jl_taggedvalue_t *jl_gc_find_taggedvalue_pool(char *p, size_t *osize_p)
{
region_t *r = find_region(p, 1);
// Not in the pool
if (!r)
return NULL;
char *page_begin = GC_PAGE_DATA(p) + GC_PAGE_OFFSET;
// In the page header
if (p < page_begin)
return NULL;
size_t ofs = p - page_begin;
int pg_idx = PAGE_INDEX(r, p);
// Check if this is a free page
if (r->freemap[pg_idx / 32] & (uint32_t)(1 << (pg_idx % 32)))
return NULL;
gcpage_t *pagemeta = &r->meta[pg_idx];
int osize = pagemeta->osize;
// Shouldn't be needed, just in case
if (osize == 0)
return NULL;
char *tag = (char*)p - ofs % osize;
// Points to an "object" that gets into the next page
if (tag + osize > GC_PAGE_DATA(p) + GC_PAGE_SZ)
return NULL;
if (osize_p)
*osize_p = osize;
return (jl_taggedvalue_t*)tag;
}
#ifdef GC_DEBUG_ENV
#include <inttypes.h>
#include <stdio.h>
#endif
void jl_(void *jl_value);
// mark verification
#ifdef GC_VERIFY
static jl_value_t *lostval = 0;
static arraylist_t lostval_parents;
static arraylist_t lostval_parents_done;
static int verifying;
static void add_lostval_parent(jl_value_t *parent)
{
for(int i = 0; i < lostval_parents_done.len; i++) {
if ((jl_value_t*)lostval_parents_done.items[i] == parent)
return;
}
for(int i = 0; i < lostval_parents.len; i++) {
if ((jl_value_t*)lostval_parents.items[i] == parent)
return;
}
arraylist_push(&lostval_parents, parent);
}
#define verify_val(v) do { \
if (lostval == (jl_value_t*)(v) && (v) != 0) { \
jl_printf(JL_STDOUT, \
"Found lostval %p at %s:%d oftype: ", \
(void*)(lostval), __FILE__, __LINE__); \
jl_static_show(JL_STDOUT, jl_typeof(v)); \
jl_printf(JL_STDOUT, "\n"); \
} \
} while(0);
#define verify_parent(ty, obj, slot, args...) do { \
if (*(jl_value_t**)(slot) == lostval && \
(jl_value_t*)(obj) != lostval) { \
jl_printf(JL_STDOUT, "Found parent %p %p at %s:%d\n", \
(void*)(ty), (void*)(obj), __FILE__, __LINE__); \
jl_printf(JL_STDOUT, "\tloc %p : ", (void*)(slot)); \
jl_printf(JL_STDOUT, args); \
jl_printf(JL_STDOUT, "\n"); \
jl_printf(JL_STDOUT, "\ttype: "); \
jl_static_show(JL_STDOUT, jl_typeof(obj)); \
jl_printf(JL_STDOUT, "\n"); \
add_lostval_parent((jl_value_t*)(obj)); \
} \
} while(0);
#define verify_parent1(ty,obj,slot,arg1) verify_parent(ty,obj,slot,arg1)
#define verify_parent2(ty,obj,slot,arg1,arg2) verify_parent(ty,obj,slot,arg1,arg2)
/*
How to debug a missing write barrier :
(or rather how I do it, if you know of a better way update this)
First, reproduce it with GC_VERIFY. It does change the allocation profile so if the error
is rare enough this may not be straightforward. If the backtracking goes well you should know
which object and which of its slots was written to without being caught by the write
barrier. Most times this allows you to take a guess. If this type of object is modified
by C code directly, look for missing jl_gc_wb() on pointer updates. Be aware that there are
innocent looking functions which allocate (and thus trigger marking) only on special cases.
If you cant find it, you can try the following :
- Ensure that should_timeout() is deterministic instead of clock based.
- Once you have a completly deterministic program which crashes on gc_verify, the addresses
should stay constant between different runs (with same binary, same environment ...).
Do not forget to turn off ASLR (linux: echo 0 > /proc/sys/kernel/randomize_va_space).
At this point you should be able to run under gdb and use a hw watch to look for writes
at the exact addr of the slot (use something like watch *slot_addr if *slot_addr == val).
- If it went well you are now stopped at the exact point the problem is happening.
Backtraces in JIT'd code wont work for me (but I'm not sure they should) so in that
case you can try to jl_throw(something) from gdb.
*/
// this does not yet detect missing writes from marked to marked_noesc
// the error is caught at the first long collection
static arraylist_t bits_save[4];
// set all mark bits to bits
// record the state of the region and can replay it in restore()
// restore _must_ be called as this will overwrite parts of the
// freelist in pools
static void clear_mark(int bits)
{
gcval_t *pv;
if (!verifying) {
for (int i = 0; i < 4; i++) {
bits_save[i].len = 0;
}
}
bigval_t *v;
FOR_EACH_HEAP () {
v = big_objects;
while (v != NULL) {
void *gcv = &v->header;
if (!verifying) arraylist_push(&bits_save[gc_bits(gcv)], gcv);
gc_bits(gcv) = bits;
v = v->next;
}
}
v = big_objects_marked;
while (v != NULL) {
void *gcv = &v->header;
if (!verifying) arraylist_push(&bits_save[gc_bits(gcv)], gcv);
gc_bits(gcv) = bits;
v = v->next;
}
for (int h = 0; h < REGION_COUNT; h++) {
region_t *region = regions[h];
if (!region) break;
for (int pg_i = 0; pg_i < REGION_PG_COUNT/32; pg_i++) {
uint32_t line = region->freemap[pg_i];
if (!!~line) {
for (int j = 0; j < 32; j++) {
if (!((line >> j) & 1)) {
gcpage_t *pg = page_metadata(®ion->pages[pg_i*32 + j][0] + GC_PAGE_OFFSET);
pool_t *pool;
FOR_HEAP (pg->thread_n)
pool = &pools[pg->pool_n];
pv = (gcval_t*)(pg->data + GC_PAGE_OFFSET);
char *lim = (char*)pv + GC_PAGE_SZ - GC_PAGE_OFFSET - pool->osize;
while ((char*)pv <= lim) {
if (!verifying) arraylist_push(&bits_save[gc_bits(pv)], pv);
gc_bits(pv) = bits;
pv = (gcval_t*)((char*)pv + pool->osize);
}
}
}
}
}
}
}
static void restore(void)
{
for(int b = 0; b < 4; b++) {
for(int i = 0; i < bits_save[b].len; i++) {
gc_bits(bits_save[b].items[i]) = b;
}
}
}
static void gc_verify_track(void)
{
do {
arraylist_push(&lostval_parents_done, lostval);
jl_printf(JL_STDERR, "Now looking for %p =======\n", lostval);
clear_mark(GC_CLEAN);
pre_mark();
post_mark(&finalizer_list, 1);
post_mark(&finalizer_list_marked, 1);
if (lostval_parents.len == 0) {
jl_printf(JL_STDERR, "Could not find the missing link. We missed a toplevel root. This is odd.\n");
break;
}
jl_value_t *lostval_parent = NULL;
for(int i = 0; i < lostval_parents.len; i++) {
lostval_parent = (jl_value_t*)lostval_parents.items[i];
int clean_len = bits_save[GC_CLEAN].len;
for(int j = 0; j < clean_len + bits_save[GC_QUEUED].len; j++) {
void *p = bits_save[j >= clean_len ? GC_QUEUED : GC_CLEAN].items[j >= clean_len ? j - clean_len : j];
if (jl_valueof(p) == lostval_parent) {
lostval = lostval_parent;
lostval_parent = NULL;
break;
}
}
if (lostval_parent != NULL) break;
}
if (lostval_parent == NULL) { // all parents of lostval were also scheduled for deletion
lostval = (jl_value_t*)arraylist_pop(&lostval_parents);
}
else {
jl_printf(JL_STDERR, "Missing write barrier found !\n");
jl_printf(JL_STDERR, "%p was written a reference to %p that was not recorded\n", lostval_parent, lostval);
jl_printf(JL_STDERR, "(details above)\n");
lostval = NULL;
}
restore();
} while(lostval != NULL);
}
static void gc_verify(void)
{
lostval = NULL;
lostval_parents.len = 0;
lostval_parents_done.len = 0;
check_timeout = 0;
clear_mark(GC_CLEAN);
verifying = 1;
pre_mark();
post_mark(&finalizer_list, 1);
post_mark(&finalizer_list_marked, 1);
int clean_len = bits_save[GC_CLEAN].len;
for(int i = 0; i < clean_len + bits_save[GC_QUEUED].len; i++) {
gcval_t *v = (gcval_t*)bits_save[i >= clean_len ? GC_QUEUED : GC_CLEAN].items[i >= clean_len ? i - clean_len : i];
if (gc_marked(v)) {
jl_printf(JL_STDERR, "Error. Early free of %p type :", v);
jl_(jl_typeof(jl_valueof(v)));
jl_printf(JL_STDERR, "val : ");
jl_(jl_valueof(v));
jl_printf(JL_STDERR, "Let's try to backtrack the missing write barrier :\n");
lostval = jl_valueof(v);
break;
}
}
if (lostval == NULL) {
verifying = 0;
restore(); // we did not miss anything
return;
}
restore();
gc_verify_track();
gc_debug_print_status();
gc_debug_critical_error();
abort();
}
#else
#define gc_verify()
#define verify_val(v)
#define verify_parent1(ty,obj,slot,arg1)
#define verify_parent2(ty,obj,slot,arg1,arg2)
#endif
#ifdef GC_DEBUG_ENV
typedef struct {
uint64_t num;
uint64_t min;
uint64_t interv;
uint64_t max;
} jl_alloc_num_t;
typedef struct {
int sweep_mask;
int wait_for_debugger;
jl_alloc_num_t pool;
jl_alloc_num_t other;
jl_alloc_num_t print;
} jl_gc_debug_env_t;
JL_DLLEXPORT jl_gc_debug_env_t jl_gc_debug_env = {
GC_MARKED_NOESC,
0,
{0, 0, 0, 0},
{0, 0, 0, 0},
{0, 0, 0, 0}
};
static void gc_debug_alloc_init(jl_alloc_num_t *num, const char *name)
{
// Not very generic and robust but good enough for a debug option
char buff[128];
sprintf(buff, "JULIA_GC_ALLOC_%s", name);
char *env = getenv(buff);
if (!env)
return;
num->interv = 1;
num->max = (uint64_t)-1ll;
sscanf(env, "%" SCNd64 ":%" SCNd64 ":%" SCNd64,
(int64_t*)&num->min, (int64_t*)&num->interv, (int64_t*)&num->max);
}
static int gc_debug_alloc_check(jl_alloc_num_t *num)
{
num->num++;
if (num->interv == 0 || num->num < num->min || num->num > num->max)
return 0;
return ((num->num - num->min) % num->interv) == 0;
}
static char *gc_stack_lo;
static void gc_debug_init(void)
{
gc_stack_lo = (char*)gc_get_stack_ptr();
char *env = getenv("JULIA_GC_NO_GENERATIONAL");
if (env && strcmp(env, "0") != 0)
jl_gc_debug_env.sweep_mask = GC_MARKED;
env = getenv("JULIA_GC_WAIT_FOR_DEBUGGER");
jl_gc_debug_env.wait_for_debugger = env && strcmp(env, "0") != 0;
gc_debug_alloc_init(&jl_gc_debug_env.pool, "POOL");
gc_debug_alloc_init(&jl_gc_debug_env.other, "OTHER");
gc_debug_alloc_init(&jl_gc_debug_env.print, "PRINT");
}
static inline int gc_debug_check_pool(void)
{
return gc_debug_alloc_check(&jl_gc_debug_env.pool);
}
static inline int gc_debug_check_other(void)
{
return gc_debug_alloc_check(&jl_gc_debug_env.other);
}
void gc_debug_print_status(void)
{
uint64_t pool_count = jl_gc_debug_env.pool.num;
uint64_t other_count = jl_gc_debug_env.other.num;
jl_safe_printf("Allocations: %" PRIu64 " "
"(Pool: %" PRIu64 "; Other: %" PRIu64 "); GC: %d\n",
pool_count + other_count, pool_count, other_count, n_pause);
}
void gc_debug_critical_error(void)
{
gc_debug_print_status();
if (!jl_gc_debug_env.wait_for_debugger)
return;
jl_safe_printf("Waiting for debugger to attach\n");
while (1) {
sleep(1000);
}
}
static inline void gc_debug_print(void)
{
if (!gc_debug_alloc_check(&jl_gc_debug_env.print))
return;
gc_debug_print_status();
}
static void gc_scrub_range(char *stack_lo, char *stack_hi)
{
stack_lo = (char*)((uintptr_t)stack_lo & ~(uintptr_t)15);
for (char **stack_p = (char**)stack_lo;
stack_p > (char**)stack_hi;stack_p--) {
char *p = *stack_p;
size_t osize;
jl_taggedvalue_t *tag = jl_gc_find_taggedvalue_pool(p, &osize);
if (osize <= sizeof_jl_taggedvalue_t || !tag || gc_marked(tag))
continue;
gcpage_t *pg = page_metadata(tag);
// Make sure the sweep rebuild the freelist
pg->allocd = 1;
pg->gc_bits = 0x3;
// Find the age bit
char *page_begin = GC_PAGE_DATA(tag) + GC_PAGE_OFFSET;
int obj_id = (((char*)tag) - page_begin) / osize;
uint8_t *ages = pg->ages + obj_id / 8;
// Force this to be a young object to save some memory
// (especially on 32bit where it's more likely to have pointer-like
// bit patterns)
*ages &= ~(1 << (obj_id % 8));
memset(tag, 0xff, osize);
}
}
static void gc_scrub(char *stack_hi)
{
gc_scrub_range(gc_stack_lo, stack_hi);
}
#else
static inline int gc_debug_check_other(void)
{
return 0;
}
static inline int gc_debug_check_pool(void)
{
return 0;
}
void gc_debug_print_status(void)
{
// May not be accurate but should be helpful enough
uint64_t pool_count = gc_num.poolalloc;
uint64_t big_count = gc_num.bigalloc;
jl_safe_printf("Allocations: %" PRIu64 " "
"(Pool: %" PRIu64 "; Big: %" PRIu64 "); GC: %d\n",
pool_count + big_count, pool_count, big_count, n_pause);
}
void gc_debug_critical_error(void)
{
}
static inline void gc_debug_print(void)
{
}
static inline void gc_debug_init(void)
{
}
static void gc_scrub(char *stack_hi)
{
(void)stack_hi;
}
#endif