| blob | aef63baf41c2d5deda3996a602c676bc8b2adabe |
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // This is a OS-independent* module which purpose is tracking allocations and
6 // their call sites (stack traces). It is able to deal with hole punching
7 // (read: munmap). Also, it has low overhead and its presence in the system its
8 // barely noticeable, even if tracing *all* the processes.
9 // This module does NOT know how to deal with stack unwinding. The caller must
10 // do that and pass the addresses of the unwound stack.
11 // * (Modulo three lines for mutexes.)
12 //
13 // Exposed API:
14 // void heap_profiler_init(HeapStats*);
15 // void heap_profiler_alloc(addr, size, stack_frames, depth, flags);
16 // void heap_profiler_free(addr, size); (size == 0 means free entire region).
17 //
18 // The profiling information is tracked into two data structures:
19 // 1) A RB-Tree of non-overlapping VM regions (allocs) sorted by their start
20 // addr. Each entry tracks the start-end addresses and points to the stack
21 // trace which created that allocation (see below).
22 // 2) A (hash) table of stack traces. In general the #allocations >> #call sites
23 // which create those allocations. In order to avoid duplicating the latter,
24 // they are stored distinctly in this hash table and used by reference.
25 //
26 // / Process virtual address space \
27 // +------+ +------+ +------+
28 // |Alloc1| |Alloc2| |Alloc3| <- Allocs (a RB-Tree underneath)
29 // +------+ +------+ +------+
30 // Len: 12 Len: 4 Len: 4
31 // | | | stack_traces
32 // | | | +-----------+--------------+
33 // | | | | Alloc tot | stack frames +
34 // | | | +-----------+--------------+
35 // +------------|-------------+------------> | 16 | 0x1234 .... |
36 // | +-----------+--------------+
37 // +--------------------------> | 4 | 0x5678 .... |
38 // +-----------+--------------+
39 // (A hash-table underneath)
40 //
41 // Final note: the memory for both 1) and 2) entries is carved out from two
42 // static pools (i.e. stack_traces and allocs). The pools are treated as
43 // a sbrk essentially, and are kept compact by reusing freed elements (hence
44 // having a freelist for each of them).
45 //
46 // All the internal (static) functions here assume that the |lock| is held.
48 #include <assert.h>
49 #include <string.h>
51 // Platform-dependent mutex boilerplate.
52 #if defined(__linux__) || defined(__ANDROID__)
53 #include <pthread.h>
54 #define DEFINE_MUTEX(x) pthread_mutex_t x = PTHREAD_MUTEX_INITIALIZER
55 #define LOCK_MUTEX(x) pthread_mutex_lock(&x)
56 #define UNLOCK_MUTEX(x) pthread_mutex_unlock(&x)
57 #else
58 #error OS not supported.
59 #endif
66 // |stats| contains the global tracking metadata and is the entry point which
67 // is read by the heap_dump tool.
70 // +---------------------------------------------------------------------------+
71 // + Stack traces hash-table +
72 // +---------------------------------------------------------------------------+
73 #define ST_ENTRIES_MAX (64 * 1024)
80 // Looks up a stack trace from the stack frames. Creates a new one if necessary.
95 // Look for an existing entry in the hash-table.
100 }
102 // If not found, create a new one from the stack_traces array and add it to
103 // the hash-table.
105 // Get a free element either from the freelist or from the pool.
114 }
122 }
125 }
127 // Frees up a stack trace and appends it to the corresponding freelist.
132 // The expected load factor of the hash-table is very low. Frees should be
133 // pretty rare. Hence don't bother with a doubly linked list, might cost more.
138 // Remove from the hash-table bucket.
142 // Add to the freelist.
146 }
148 // +---------------------------------------------------------------------------+
149 // + Allocs RB-tree +
150 // +---------------------------------------------------------------------------+
151 #define ALLOCS_ENTRIES_MAX (256 * 1024)
158 // Comparator used by the RB-Tree (mind the overflow, avoid arith on addresses).
165 }
170 // Allocates a new Alloc and inserts it in the tree.
175 // First of all, get a free element either from the freelist or from the pool.
184 }
194 }
196 // Deletes all the allocs in the range [addr, addr+size[ dealing with partial
197 // frees and hole punching. Note that in the general case this function might
198 // need to deal with very unfortunate cases, as below:
199 //
200 // Alloc tree begin: [Alloc 1]----[Alloc 2]-------[Alloc 3][Alloc 4]---[Alloc 5]
201 // Deletion range: [xxxxxxxxxxxxxxxxxxxx]
202 // Alloc tree end: [Alloc 1]----[Al.2]----------------------[Al.4]---[Alloc 5]
203 // Alloc3 has to be deleted and Alloc 2,4 shrunk.
212 // Lookup the first (by address) relevant Alloc to initiate the deletion walk.
213 // At the end of the loop next_alloc is either:
214 // - the closest alloc starting before (or exactly at) the start of the
215 // deletion range (i.e. addr == del_start).
216 // - the first alloc inside the deletion range.
217 // - the first alloc after the deletion range iff the range was already empty
218 // (in this case the next loop will just bail out doing nothing).
219 // - NULL: iff the entire tree is empty (as above).
228 }
229 }
231 // Now scan the allocs linearly deleting chunks (or eventually whole allocs)
232 // until passing the end of the deleting region.
239 // In the general case we stop passed the end of the deletion range.
243 // This deals with the case of the first Alloc laying before the range.
247 // size == 0 is a special case. It means deleting only the alloc which
248 // starts exactly at |del_start| if any (for dealing with free(ptr)).
254 }
256 // Reached this point the Alloc must overlap (partially or completely) with
257 // the deletion range.
266 // Complete overlap. Delete full Alloc. Note: the range might might
267 // still overlap with the next allocs.
268 // Begin: ------[alloc.start alloc.end]-[next alloc]
269 // Del range: [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
270 // Result: ---------------------------------[next alloc]
271 // [next alloc] will be shrinked on the next iteration.
275 // Clean-up, so heap_dump can tell this is a free entry and skip it.
279 // Put in the freelist.
284 // Partial overlap at beginning. Cut first part and shrink the alloc.
285 // Begin: ------[alloc.start alloc.end]-[next alloc]
286 // Del range: [xxxxxx]
287 // Result: ------------[start alloc.end]-[next alloc]
290 // No need to update the tree even if we changed the key. The keys are
291 // still monotonic (because the ranges are guaranteed to not overlap).
292 }
295 // Partial overlap at end. Cut last part and shrink the alloc left.
296 // Begin: ------[alloc.start alloc.end]-[next alloc]
297 // Del range: [xxxxxxxx]
298 // Result: ------[alloc.start alloc.end]-----[next alloc]
299 // [next alloc] will be shrinked on the next iteration.
303 // Hole punching. Requires creating an extra alloc.
304 // Begin: ------[alloc.start alloc.end]-[next alloc]
305 // Del range: [xxx]
306 // Result: ------[ alloc 1 ]-----[ alloc 2 ]-[next alloc]
311 // In case of OOM, don't count the 2nd alloc we failed to allocate.
314 }
315 }
316 // Now update the StackTraceEntry the Alloc was pointing to, eventually
317 // freeing it up.
323 }
325 }
327 // +---------------------------------------------------------------------------+
328 // + Library entry points (refer to heap_profiler.h for API doc). +
329 // +---------------------------------------------------------------------------+
339 }
363 }
364 }
367 }
380 }
397 }