| blob | 6a300b83bb7bdc0294f458c20d501feb28e627ea |
2 /*--------------------------------------------------------------------*/
3 /*--- Helgrind: a Valgrind tool for detecting errors ---*/
4 /*--- in threaded programs. hg_main.c ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of Helgrind, a Valgrind tool for detecting errors
9 in threaded programs.
11 Copyright (C) 2007-2017 OpenWorks LLP
12 info@open-works.co.uk
14 Copyright (C) 2007-2017 Apple, Inc.
16 This program is free software; you can redistribute it and/or
17 modify it under the terms of the GNU General Public License as
18 published by the Free Software Foundation; either version 2 of the
19 License, or (at your option) any later version.
21 This program is distributed in the hope that it will be useful, but
22 WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
24 General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program; if not, see <http://www.gnu.org/licenses/>.
29 The GNU General Public License is contained in the file COPYING.
31 Neither the names of the U.S. Department of Energy nor the
32 University of California nor the names of its contributors may be
33 used to endorse or promote products derived from this software
34 without prior written permission.
35 */
72 // FIXME: new_mem_w_tid ignores the supplied tid. (wtf?!)
74 // FIXME: when client destroys a lock or a CV, remove these
75 // from our mappings, so that the associated SO can be freed up
77 /*----------------------------------------------------------------*/
78 /*--- ---*/
79 /*----------------------------------------------------------------*/
81 /* Note this needs to be compiled with -fno-strict-aliasing, since it
82 contains a whole bunch of calls to lookupFM etc which cast between
83 Word and pointer types. gcc rightly complains this breaks ANSI C
84 strict aliasing rules, at -O2. No complaints at -O, but -O2 gives
85 worthwhile performance benefits over -O.
86 */
88 // FIXME what is supposed to happen to locks in memory which
89 // is relocated as a result of client realloc?
91 // FIXME put referencing ThreadId into Thread and get
92 // rid of the slow reverse mapping function.
94 // FIXME accesses to NoAccess areas: change state to Excl?
96 // FIXME report errors for accesses of NoAccess memory?
98 // FIXME pth_cond_wait/timedwait wrappers. Even if these fail,
99 // the thread still holds the lock.
101 /* ------------ Debug/trace options ------------ */
103 // 0 for silent, 1 for some stuff, 2 for lots of stuff
104 #define SHOW_EVENTS 0
111 // 0 for none, 1 for dump at end of run
112 #define SHOW_DATA_STRUCTURES 0
115 /* ------------ Misc comments ------------ */
117 // FIXME: don't hardwire initial entries for root thread.
118 // Instead, let the pre_thread_ll_create handler do this.
121 /*----------------------------------------------------------------*/
122 /*--- Primary data structures ---*/
123 /*----------------------------------------------------------------*/
125 /* Admin linked list of Threads */
129 /* Admin double linked list of Locks */
130 /* We need a double linked list to properly and efficiently
131 handle del_LockN. */
134 /* Mapping table for core ThreadIds to Thread* */
137 /* Mapping table for lock guest addresses to Lock* */
140 /* The word-set universes for lock sets. */
144 /* univ_laog will be garbaged collected when the nr of element in univ_laog is
145 >= next_gc_univ_laog. */
147 /* Allow libhb to get at the universe of locksets stored
148 here. Sigh. */
151 /* Allow libhb to get at the list of locks stored here. Ditto
152 sigh. */
156 /*----------------------------------------------------------------*/
157 /*--- Simple helpers for the data structures ---*/
158 /*----------------------------------------------------------------*/
163 #if defined(VGO_solaris)
165 #else
169 static
172 /* --------- Constructors --------- */
189 #if defined(VGO_solaris)
195 }
197 // Make a new lock which is unlocked (hence ownerless)
198 // and insert the new lock in admin_locks double linked list.
202 /* begin: add to double linked list */
208 /* end: add */
220 }
222 /* Release storage for a Lock. Also release storage in .heldBy, if
223 any. Removes from admin_locks double linked list. */
225 {
231 /* begin: del lock from double linked list */
237 }
243 }
244 /* end: del */
247 }
249 /* Update 'lk' to reflect that 'thr' now has a write-acquisition of
250 it. This is done strictly: only combinations resulting from
251 correct program and libpthread behaviour are allowed. */
253 {
257 stats__lockN_acquires++;
259 /* EXPOSITION only */
260 /* We need to keep recording snapshots of where the lock was
261 acquired, so as to produce better lock-order error messages. */
263 ThreadId tid;
266 lk->acquired_at
270 }
271 /* end EXPOSITION only */
275 case_LK_nonRec:
285 /* 2nd and subsequent locking of a lock by its owner */
287 /* assert: lk is only held by one thread .. */
289 /* assert: .. and that thread is 'thr'. */
299 }
301 }
304 {
307 /* can only add reader to a reader-writer lock. */
309 /* lk must be free or already r-held. */
313 stats__lockN_acquires++;
315 /* EXPOSITION only */
316 /* We need to keep recording snapshots of where the lock was
317 acquired, so as to produce better lock-order error messages. */
319 ThreadId tid;
322 lk->acquired_at
326 }
327 /* end EXPOSITION only */
335 }
338 }
340 /* Update 'lk' to reflect a release of it by 'thr'. This is done
341 strictly: only combinations resulting from correct program and
342 libpthread behaviour are allowed. */
345 {
346 Bool b;
349 /* lock must be held by someone */
351 stats__lockN_releases++;
352 /* Remove it from the holder set */
354 /* thr must actually have been a holder of lk */
356 /* normalise */
363 }
365 }
368 {
373 }
374 /* for each thread that holds this lock do ... */
380 thr->locksetA
386 thr->locksetW
388 }
389 }
391 }
394 /*----------------------------------------------------------------*/
395 /*--- Print out the primary data structures ---*/
396 /*----------------------------------------------------------------*/
398 #define PP_THREADS (1<<1)
399 #define PP_LOCKS (1<<2)
400 #define PP_ALL (PP_THREADS | PP_LOCKS)
406 {
407 Int i;
417 }
420 {
425 }
429 }
432 {
436 /* nothing */
437 }
443 }
445 }
447 }
450 {
455 n++;
456 }
463 }
465 }
473 }
474 }
476 /* Pretty Print lock lk.
477 if show_lock_addrdescr, describes the (guest) lock address.
478 (this description will be more complete with --read-var-info=yes).
479 if show_internal_data, shows also helgrind internal information.
480 d is the level at which output is indented. */
482 Bool show_lock_addrdescr,
483 Bool show_internal_data)
484 {
485 // FIXME PW EPOCH should use the epoch of the allocated_at ec.
490 else
500 }
503 }
507 }
510 }
513 UWord count;
525 else
528 }
529 }
532 }
534 }
537 {
541 /* nothing */
542 }
548 }
552 }
554 }
557 {
567 }
570 }
573 {
582 }
588 }
593 }
595 #undef SHOW_ADMIN
598 /*----------------------------------------------------------------*/
599 /*--- Initialise the primary data structures ---*/
600 /*----------------------------------------------------------------*/
603 {
605 WordSetID wsid;
607 /* Get everything initialised and zeroed. */
623 /* Ensure that univ_lsets is non-empty, with lockset zero being the
624 empty lockset. hg_errors.c relies on the assumption that
625 lockset number zero in univ_lsets is always valid. */
634 }
636 /* Set up entries for the root thread */
637 // FIXME: this assumes that the first real ThreadId is 1
639 /* a Thread for the new thread ... */
642 identity of the root thread. */
646 /* and bind it in the thread-map table. */
655 }
658 /*----------------------------------------------------------------*/
659 /*--- map_threads :: array[core-ThreadId] of Thread* ---*/
660 /*----------------------------------------------------------------*/
662 /* Doesn't assert if the relevant map_threads entry is NULL. */
664 {
669 }
671 /* Asserts if the relevant map_threads entry is NULL. */
673 {
679 }
681 /* Do a reverse lookup. Does not assert if 'thr' is not found in
682 map_threads. */
684 {
685 ThreadId tid;
687 /* Check nobody used the invalid-threadid slot */
693 }
695 /* Do a reverse lookup. Warning: POTENTIALLY SLOW. Asserts if 'thr'
696 is not found in map_threads. */
698 {
704 }
707 {
714 }
718 #if defined(VGO_solaris) || defined(VGO_freebsd)
721 }
724 #if defined(VGO_solaris) || defined(VGO_freebsd)
728 }
730 #if defined(VGO_freebsd)
734 }
735 #endif
740 }
745 }
750 }
752 /*----------------------------------------------------------------*/
753 /*--- map_locks :: WordFM guest-Addr-of-lock Lock* ---*/
754 /*----------------------------------------------------------------*/
756 /* Make sure there is a lock table entry for the given (lock) guest
757 address. If not, create one of the stated 'kind' in unheld state.
758 In any case, return the address of the existing or new Lock. */
759 static
761 {
762 Bool found;
779 }
780 }
783 {
784 Bool found;
789 }
792 {
797 /* delFromFM produces the val which is being deleted, if it is
798 found. So assert it is non-null; that in effect asserts that we
799 are deleting a (ga, Lock) pair which actually exists. */
802 }
806 /*----------------------------------------------------------------*/
807 /*--- Sanity checking the data structures ---*/
808 /*----------------------------------------------------------------*/
814 /* REQUIRED INVARIANTS:
816 Thread vs Segment/Lock/SecMaps
818 for each t in Threads {
820 // Thread.lockset: each element is really a valid Lock
822 // Thread.lockset: each Lock in set is actually held by that thread
823 for lk in Thread.lockset
824 lk == LockedBy(t)
826 // Thread.csegid is a valid SegmentID
827 // and the associated Segment has .thr == t
829 }
831 all thread Locksets are pairwise empty under intersection
832 (that is, no lock is claimed to be held by more than one thread)
833 -- this is guaranteed if all locks in locksets point back to their
834 owner threads
836 Lock vs Thread/Segment/SecMaps
838 for each entry (gla, la) in map_locks
839 gla == la->guest_addr
841 for each lk in Locks {
843 lk->tag is valid
844 lk->guest_addr does not have shadow state NoAccess
845 if lk == LockedBy(t), then t->lockset contains lk
846 if lk == UnlockedBy(segid) then segid is valid SegmentID
847 and can be mapped to a valid Segment(seg)
848 and seg->thr->lockset does not contain lk
849 if lk == UnlockedNew then (no lockset contains lk)
851 secmaps for lk has .mbHasLocks == True
853 }
855 Segment vs Thread/Lock/SecMaps
857 the Segment graph is a dag (no cycles)
858 all of the Segment graph must be reachable from the segids
859 mentioned in the Threads
861 for seg in Segments {
863 seg->thr is a sane Thread
865 }
867 SecMaps vs Segment/Thread/Lock
869 for sm in SecMaps {
871 sm properly aligned
872 if any shadow word is ShR or ShM then .mbHasShared == True
874 for each Excl(segid) state
875 map_segments_lookup maps to a sane Segment(seg)
876 for each ShM/ShR(tsetid,lsetid) state
877 each lk in lset is a valid Lock
878 each thr in tset is a valid thread, which is non-dead
880 }
881 */
884 /* Return True iff 'thr' holds 'lk' in some mode. */
886 {
889 else
891 }
893 /* Sanity check Threads, as far as possible */
896 {
897 #define BAD(_str) do { how = (_str); goto bad; } while (0)
908 // locks held in W mode are a subset of all locks held
913 // Thread.lockset: each element is really a valid Lock
915 // Thread.lockset: each Lock in set is actually held by that
916 // thread
918 }
919 }
921 bad:
924 #undef BAD
925 }
928 /* Sanity check Locks, as far as possible */
931 {
932 #define BAD(_str) do { how = (_str); goto bad; } while (0)
934 Addr gla;
936 Int i;
937 // # entries in admin_locks == # entries in map_locks
939 ;
941 // for each entry (gla, lk) in map_locks
942 // gla == lk->guest_addr
947 }
949 // scan through admin_locks ...
951 // lock is sane. Quite comprehensive, also checks that
952 // referenced (holder) threads are sane.
954 // map_locks binds guest address back to this lock
956 // look at all threads mentioned as holders of this lock. Ensure
957 // this lock is mentioned in their locksets.
960 UWord count;
964 // HG_(is_sane_LockN) above ensures these
969 // also check the w-only lockset
976 }
979 /* lock not held by anybody */
981 // since lk is unheld, then (no lockset contains lk)
982 // hmm, this is really too expensive to check. Hmm.
983 }
984 }
987 bad:
990 #undef BAD
991 }
995 stats__sanity_checks++;
1000 }
1004 }
1007 /*----------------------------------------------------------------*/
1008 /*--- Shadow value and address range handlers ---*/
1009 /*----------------------------------------------------------------*/
1012 //static void laog__handle_lock_deletions ( WordSetID ); /* fwds */
1018 /* Block-copy states (needed for implementing realloc()). */
1019 /* FIXME this copies shadow memory; it doesn't apply the MSM to it.
1020 Is that a problem? (hence 'scopy' rather than 'ccopy') */
1023 {
1027 }
1030 {
1034 }
1040 }
1043 {
1045 }
1048 SizeT len )
1049 {
1052 // has no effect (NoFX)
1054 }
1057 SizeT len)
1058 {
1061 // Actually Has An Effect (AHAE)
1063 }
1066 SizeT len )
1067 {
1071 }
1074 /*----------------------------------------------------------------*/
1075 /*--- Event handlers (evh__* functions) ---*/
1076 /*--- plus helpers (evhH__* functions) ---*/
1077 /*----------------------------------------------------------------*/
1079 /*--------- Event handler helpers (evhH__* functions) ---------*/
1081 /* Create a new segment for 'thr', making it depend (.prev) on its
1082 existing segment, bind together the SegmentID and Segment, and
1083 return both of them. Also update 'thr' so it references the new
1084 Segment. */
1085 //zz static
1086 //zz void evhH__start_new_segment_for_thread ( /*OUT*/SegmentID* new_segidP,
1087 //zz /*OUT*/Segment** new_segP,
1088 //zz Thread* thr )
1089 //zz {
1090 //zz Segment* cur_seg;
1091 //zz tl_assert(new_segP);
1092 //zz tl_assert(new_segidP);
1093 //zz tl_assert(HG_(is_sane_Thread)(thr));
1094 //zz cur_seg = map_segments_lookup( thr->csegid );
1095 //zz tl_assert(cur_seg);
1096 //zz tl_assert(cur_seg->thr == thr); /* all sane segs should point back
1097 //zz at their owner thread. */
1098 //zz *new_segP = mk_Segment( thr, cur_seg, NULL/*other*/ );
1099 //zz *new_segidP = alloc_SegmentID();
1100 //zz map_segments_add( *new_segidP, *new_segP );
1101 //zz thr->csegid = *new_segidP;
1102 //zz }
1105 /* The lock at 'lock_ga' has acquired a writer. Make all necessary
1106 updates, and also do all possible error checks. */
1107 static
1110 {
1113 /* Basically what we need to do is call lockN_acquire_writer.
1114 However, that will barf if any 'invalid' lock states would
1115 result. Therefore check before calling. Side effect is that
1116 'HG_(is_sane_LockN)(lk)' is both a pre- and post-condition of this
1117 routine.
1119 Because this routine is only called after successful lock
1120 acquisition, we should not be asked to move the lock into any
1121 invalid states. Requests to do so are bugs in libpthread, since
1122 that should have rejected any such requests. */
1125 /* Try to find the lock. If we can't, then create a new one with
1126 kind 'lkk'. */
1131 /* check libhb level entities exist */
1136 /* the lock isn't held. Simple. */
1139 /* acquire a dependency from the lock's VCs */
1142 }
1144 /* So the lock is already held. If held as a r-lock then
1145 libpthread must be buggy. */
1152 }
1154 /* So the lock is held in w-mode. If it's held by some other
1155 thread, then libpthread must be buggy. */
1161 "granted on mutex/rwlock which is currently "
1164 }
1166 /* So the lock is already held in w-mode by 'thr'. That means this
1167 is an attempt to lock it recursively, which is only allowable
1168 for LK_mbRec kinded locks. Since this routine is called only
1169 once the lock has been acquired, this must also be a libpthread
1170 bug. */
1174 "granted on mutex/wrlock which does not "
1177 }
1179 /* So we are recursively re-locking a lock we already w-hold. */
1181 /* acquire a dependency from the lock's VC. Probably pointless,
1182 but also harmless. */
1186 noerror:
1188 /* check lock order acquisition graph, and update. This has to
1189 happen before the lock is added to the thread's locksetA/W. */
1191 }
1192 /* update the thread's held-locks set */
1195 /* fall through */
1197 error:
1199 }
1202 /* The lock at 'lock_ga' has acquired a reader. Make all necessary
1203 updates, and also do all possible error checks. */
1204 static
1207 {
1210 /* Basically what we need to do is call lockN_acquire_reader.
1211 However, that will barf if any 'invalid' lock states would
1212 result. Therefore check before calling. Side effect is that
1213 'HG_(is_sane_LockN)(lk)' is both a pre- and post-condition of this
1214 routine.
1216 Because this routine is only called after successful lock
1217 acquisition, we should not be asked to move the lock into any
1218 invalid states. Requests to do so are bugs in libpthread, since
1219 that should have rejected any such requests. */
1222 /* Try to find the lock. If we can't, then create a new one with
1223 kind 'lkk'. Only a reader-writer lock can be read-locked,
1224 hence the first assertion. */
1230 /* check libhb level entities exist */
1235 /* the lock isn't held. Simple. */
1238 /* acquire a dependency from the lock's VC */
1241 }
1243 /* So the lock is already held. If held as a w-lock then
1244 libpthread must be buggy. */
1248 "granted on rwlock which is "
1251 }
1253 /* Easy enough. In short anybody can get a read-lock on a rwlock
1254 provided it is either unlocked or already in rd-held. */
1256 /* acquire a dependency from the lock's VC. Probably pointless,
1257 but also harmless. */
1261 noerror:
1263 /* check lock order acquisition graph, and update. This has to
1264 happen before the lock is added to the thread's locksetA/W. */
1266 }
1267 /* update the thread's held-locks set */
1269 /* but don't update thr->locksetW, since lk is only rd-held */
1270 /* fall through */
1272 error:
1274 }
1277 /* The lock at 'lock_ga' is just about to be unlocked. Make all
1278 necessary updates, and also do all possible error checks. */
1279 static
1282 {
1284 Word n;
1285 Bool was_heldW;
1287 /* This routine is called prior to a lock release, before
1288 libpthread has had a chance to validate the call. Hence we need
1289 to detect and reject any attempts to move the lock into an
1290 invalid state. Such attempts are bugs in the client.
1292 isRDWR is True if we know from the wrapper context that lock_ga
1293 should refer to a reader-writer lock, and is False if [ditto]
1294 lock_ga should refer to a standard mutex. */
1300 /* We know nothing about a lock at 'lock_ga'. Nevertheless
1301 the client is trying to unlock it. So complain, then ignore
1302 the attempt. */
1305 }
1313 }
1317 }
1320 /* The lock is not held. This indicates a serious bug in the
1321 client. */
1327 }
1329 /* test just above dominates */
1333 /* The lock is held. Is this thread one of the holders? If not,
1334 report a bug in the client. */
1338 /* We are not a current holder of the lock. This is a bug in
1339 the guest, and (per POSIX pthread rules) the unlock
1340 attempt will fail. So just complain and do nothing
1341 else. */
1349 }
1351 /* Ok, we hold the lock 'n' times. */
1356 n--;
1362 /* We still hold the lock. So either it's a recursive lock
1363 or a rwlock which is currently r-held. */
1369 else
1372 /* n is zero. This means we don't hold the lock any more. But
1373 if it's a rwlock held in r-mode, someone else could still
1374 hold it. Just do whatever sanity checks we can. */
1376 /* It's a rwlock. We no longer hold it but we used to;
1377 nevertheless it still appears to be held by someone else.
1378 The implication is that, prior to this release, it must
1379 have been shared by us and and whoever else is holding it;
1380 which in turn implies it must be r-held, since a lock
1381 can't be w-held by more than one thread. */
1382 /* The lock is now R-held by somebody else: */
1385 /* Normal case. It's either not a rwlock, or it's a rwlock
1386 that we used to hold in w-mode (which is pretty much the
1387 same thing as a non-rwlock.) Since this transaction is
1388 atomic (V does not allow multiple threads to run
1389 simultaneously), it must mean the lock is now not held by
1390 anybody. Hence assert for it. */
1391 /* The lock is now not held by anybody: */
1394 }
1395 //if (lock->heldBy) {
1396 // tl_assert(0 == VG_(elemBag)( lock->heldBy, (UWord)thr ));
1397 //}
1398 /* update this thread's lockset accordingly. */
1399 thr->locksetA
1401 thr->locksetW
1403 /* push our VC into the lock */
1406 /* If the lock was previously W-held, then we want to do a
1407 strong send, and if previously R-held, then a weak send. */
1409 }
1410 /* fall through */
1412 error:
1414 }
1417 /* ---------------------------------------------------------- */
1418 /* -------- Event handlers proper (evh__* functions) -------- */
1419 /* ---------------------------------------------------------- */
1421 /* What is the Thread* for the currently running thread? This is
1422 absolutely performance critical. We receive notifications from the
1423 core for client code starts/stops, and cache the looked-up result
1424 in 'current_Thread'. Hence, for the vast majority of requests,
1425 finding the current thread reduces to a read of a global variable,
1426 provided get_current_Thread_in_C_C is inlined.
1428 Outside of client code, current_Thread is NULL, and presumably
1429 any uses of it will cause a segfault. Hence:
1431 - for uses definitely within client code, use
1432 get_current_Thread_in_C_C.
1434 - for all other uses, use get_current_Thread.
1435 */
1448 }
1449 }
1455 }
1458 }
1460 ThreadId coretid;
1465 /* evidently not in client code. Do it the slow way. */
1467 /* FIXME: get rid of the following kludge. It exists because
1468 evh__new_mem is called during initialisation (as notification
1469 of initial memory layout) and VG_(get_running_tid)() returns
1470 VG_INVALID_THREADID at that point. */
1475 }
1477 static
1487 }
1489 static
1499 }
1501 #define DCL_evh__new_mem_stack(syze) \
1502 static void VG_REGPARM(1) evh__new_mem_stack_##syze(Addr new_SP) \
1503 { \
1504 Thread *thr = get_current_Thread(); \
1505 if (SHOW_EVENTS >= 2) \
1507 (void*)new_SP, (SizeT)syze ); \
1508 shadow_mem_make_New( thr, -VG_STACK_REDZONE_SZB + new_SP, syze ); \
1509 if (syze >= SCE_BIGRANGE_T && (HG_(clo_sanity_flags) & SCE_BIGRANGE)) \
1511 if (UNLIKELY(thr->pthread_create_nesting_level > 0)) \
1512 shadow_mem_make_Untracked( thr, new_SP, syze ); \
1513 }
1525 static
1535 }
1537 static
1548 }
1551 }
1553 static
1556 // This handles mprotect requests. If the memory is being put
1557 // into no-R no-W state, paint it as NoAccess, for the reasons
1558 // documented at evh__die_mem_munmap().
1562 /* Hmm. What should we do here, that actually makes any sense?
1563 Let's say: if neither readable nor writable, then declare it
1564 NoAccess, else leave it alone. */
1569 }
1571 static
1573 // Urr, libhb ignores this.
1579 }
1581 static
1583 // It's important that libhb doesn't ignore this. If, as is likely,
1584 // the client is subject to address space layout randomization,
1585 // then unmapped areas may never get remapped over, even in long
1586 // runs. If we just ignore them we wind up with large resource
1587 // (VTS) leaks in libhb. So force them to NoAccess, so that all
1588 // VTS references in the affected area are dropped. Marking memory
1589 // as NoAccess is expensive, but we assume that munmap is sufficiently
1590 // rare that the space gains of doing this are worth the costs.
1594 }
1596 static
1598 // Libhb doesn't ignore this.
1604 }
1606 static
1615 }
1617 static
1619 {
1646 /* Create a new thread record for the child. */
1647 /* a Thread for the new thread ... */
1652 /* and bind it in the thread-map table */
1657 /* Record where the parent is so we can later refer to this in
1658 error messages.
1660 On x86/amd64-linux, this entails a nasty glibc specific hack.
1661 The stack snapshot is taken immediately after the parent has
1662 returned from its sys_clone call. Unfortunately there is no
1663 unwind info for the insn following "syscall" - reading the
1664 glibc sources confirms this. So we ask for a snapshot to be
1665 taken as if RIP was 3 bytes earlier, in a place where there
1666 is unwind info. Sigh.
1667 */
1669 # if defined(VGP_amd64_linux) || defined(VGP_x86_linux)
1671 # elif defined(VGP_arm64_linux) || defined(VGP_arm_linux)
1673 # endif
1675 }
1681 /* Counterpart in _VG_USERREQ__HG_SET_MY_PTHREAD_T. */
1682 }
1683 }
1687 }
1689 static
1691 {
1692 Int nHeld;
1698 /* quit_tid has disappeared without joining to any other thread.
1699 Therefore there is no synchronisation event associated with its
1700 exit and so we have to pretty much treat it as if it was still
1701 alive but mysteriously making no progress. That is because, if
1702 we don't know when it really exited, then we can never say there
1703 is a point in time when we're sure the thread really has
1704 finished, and so we need to consider the possibility that it
1705 lingers indefinitely and continues to interact with other
1706 threads. */
1707 /* However, it might have rendezvous'd with a thread that called
1708 pthread_join with this one as arg, prior to this point (that's
1709 how NPTL works). In which case there has already been a prior
1710 sync event. So in any case, just let the thread exit. On NPTL,
1711 all thread exits go through here. */
1716 /* Complain if this thread holds any locks. */
1724 }
1726 /* Not much to do here:
1727 - tell libhb the thread is gone
1728 - clear the map_threads entry, in order that the Valgrind core
1729 can re-use it. */
1730 /* Cleanup actions (next 5 lines) copied in evh__atfork_child; keep
1731 in sync. */
1740 }
1742 /* This is called immediately after fork, for the child only. 'tid'
1743 is the only surviving thread (as per POSIX rules on fork() in
1744 threaded programs), so we have to clean up map_threads to remove
1745 entries for any other threads. */
1746 static
1748 {
1749 UInt i;
1751 /* Slot 0 should never be used. */
1754 /* Clean up all other slots except 'tid'. */
1761 /* Cleanup actions (next 5 lines) copied from end of
1762 evh__pre_thread_ll_exit; keep in sync. */
1768 }
1769 }
1771 /* generate a dependence from the hbthr_q quitter to the hbthr_s stayer. */
1772 static
1774 {
1776 /* Allocate a temporary synchronisation object and use it to send
1777 an imaginary message from the quitter to the stayer, the purpose
1778 being to generate a dependence from the quitter to the
1779 stayer. */
1782 /* Send last arg of _so_send as False, since the sending thread
1783 doesn't actually exist any more, so we don't want _so_send to
1784 try taking stack snapshots of it. */
1789 /* Tell libhb that the quitter has been reaped. Note that we might
1790 have to be cleverer about this, to exclude 2nd and subsequent
1791 notifications for the same hbthr_q, in the case where the app is
1792 buggy (calls pthread_join twice or more on the same thread) AND
1793 where libpthread is also buggy and doesn't return ESRCH on
1794 subsequent calls. (If libpthread isn't thusly buggy, then the
1795 wrapper for pthread_join in hg_intercepts.c will stop us getting
1796 notified here multiple times for the same joinee.) See also
1797 comments in helgrind/tests/jointwice.c. */
1799 }
1802 static
1804 {
1830 /* evh__pre_thread_ll_exit issues an error message if the exiting
1831 thread holds any locks. No need to check here. */
1833 /* This holds because, at least when using NPTL as the thread
1834 library, we should be notified the low level thread exit before
1835 we hear of any join event on it. The low level exit
1836 notification feeds through into evh__pre_thread_ll_exit,
1837 which should clear the map_threads entry for it. Hence we
1838 expect there to be no map_threads entry at this point. */
1844 }
1846 static
1858 }
1860 static
1863 Int len;
1867 // Don't segfault if the string starts in an obviously stupid
1868 // place. Actually we should check the whole string, not just
1869 // the start address, but that's too much trouble. At least
1870 // checking the first byte is better than nothing. See #255009.
1879 }
1881 static
1892 }
1894 static
1899 // We ignore the initialisation state (is_inited); that's ok.
1903 }
1905 static
1913 /* Treat frees as if the memory was written immediately prior to
1914 the free. This shakes out more races, specifically, cases
1915 where memory is referenced by one thread, and freed by
1916 another, and there's no observable synchronisation event to
1917 guarantee that the reference happens before the free. */
1920 }
1922 /* We used to call instead
1923 shadow_mem_make_NoAccess_NoFX( thr, a, len );
1924 A non-buggy application will not access anymore
1925 the freed memory, and so marking no access is in theory useless.
1926 Not marking freed memory would avoid the overhead for applications
1927 doing mostly malloc/free, as the freed memory should then be recycled
1928 very quickly after marking.
1929 We rather mark it noaccess for the following reasons:
1930 * accessibility bits then always correctly represents the memory
1931 status (e.g. for the client request VALGRIND_HG_GET_ABITS).
1932 * the overhead is reasonable (about 5 seconds per Gb in 1000 bytes
1933 blocks, on a ppc64le, for a unrealistic workload of an application
1934 doing only malloc/free).
1935 * marking no access allows to GC the SecMap, which might improve
1936 performance and/or memory usage.
1937 * we might detect more applications bugs when memory is marked
1938 noaccess.
1939 If needed, we could support here an option --free-is-noaccess=yes|no
1940 to avoid marking freed memory as no access if some applications
1941 would need to avoid the marking noaccess overhead. */
1945 }
1947 /* --- Event handlers called from generated code --- */
1955 }
1963 }
1971 }
1979 }
1987 }
1995 }
2003 }
2011 }
2013 /* Same as evh__mem_help_cwrite_4 but unwind will use a first_sp_delta of
2014 one word. */
2024 }
2032 }
2034 /* Same as evh__mem_help_cwrite_8 but unwind will use a first_sp_delta of
2035 one word. */
2045 }
2053 }
2056 /* ------------------------------------------------------- */
2057 /* -------------- events to do with mutexes -------------- */
2058 /* ------------------------------------------------------- */
2060 /* EXPOSITION only: by intercepting lock init events we can show the
2061 user where the lock was initialised, rather than only being able to
2062 show where it was first locked. Intercepting lock initialisations
2063 is not necessary for the basic operation of the race checker. */
2064 static
2067 {
2076 }
2078 static
2080 Bool mutex_is_init )
2081 {
2090 /* cannot fail - Thread* must already exist */
2096 /* We're destroying a mutex which we don't have any record of,
2097 and which appears to have the value PTHREAD_MUTEX_INITIALIZER.
2098 Assume it never got used, and so we don't need to do anything
2099 more. */
2101 }
2106 }
2112 /* Basically act like we unlocked the lock */
2115 /* remove lock from locksets of all owning threads */
2121 }
2129 }
2131 out:
2134 }
2138 {
2139 /* Just check the mutex is sane; nothing else to do. */
2140 // 'mutex' may be invalid - not checked by wrapper
2156 }
2164 /* uh, it's a non-recursive lock and we already w-hold it, and
2165 this is a real lock operation (not a speculative "tryLock"
2166 kind of thing). Duh. Deadlock coming up; but at least
2167 produce an error message. */
2175 }
2176 }
2177 }
2180 {
2181 // only called if the real library call succeeded - so mutex is sane
2191 thr,
2194 );
2195 }
2198 {
2199 // 'mutex' may be invalid - not checked by wrapper
2209 }
2212 {
2213 // only called if the real library call succeeded - so mutex is sane
2221 // anything we should do here?
2222 }
2225 /* ------------------------------------------------------- */
2226 /* -------------- events to do with spinlocks ------------ */
2227 /* ------------------------------------------------------- */
2229 /* All a bit of a kludge. Pretend we're really dealing with ordinary
2230 pthread_mutex_t's instead, for the most part. */
2234 {
2237 /* In glibc's kludgey world, we're either initialising or unlocking
2238 it. Since this is the pre-routine, if it is locked, unlock it
2239 and take a dependence edge. Otherwise, do nothing. */
2252 /* it's held. So do the normal pre-unlock actions, as copied
2253 from evh__HG_PTHREAD_MUTEX_UNLOCK_PRE. This stupidly
2254 duplicates the map_locks_maybe_lookup. */
2257 }
2258 }
2262 {
2264 /* More kludgery. If the lock has never been seen before, do
2265 actions as per evh__HG_PTHREAD_MUTEX_INIT_POST. Else do
2266 nothing. */
2276 }
2277 }
2281 {
2283 }
2287 {
2289 }
2293 {
2295 }
2298 /* ----------------------------------------------------- */
2299 /* --------------- events to do with CVs --------------- */
2300 /* ----------------------------------------------------- */
2302 /* A mapping from CV to (the SO associated with it, plus some
2303 auxiliary data for error checking). When the CV is
2304 signalled/broadcasted upon, we do a 'send' into the SO, and when a
2305 wait on it completes, we do a 'recv' from the SO. This is believed
2306 to give the correct happens-before events arising from CV
2307 signallings/broadcasts.
2308 */
2310 /* .so is the SO for this CV.
2311 .mx_ga is the associated mutex, when .nWaiters > 0
2313 POSIX says effectively that the first pthread_cond_{timed}wait call
2314 causes a dynamic binding between the CV and the mutex, and that
2315 lasts until such time as the waiter count falls to zero. Hence
2316 need to keep track of the number of waiters in order to do
2317 consistency tracking. */
2318 typedef
2323 }
2324 CVInfo;
2327 /* pthread_cond_t* -> CVInfo* */
2334 }
2335 }
2350 }
2351 }
2361 }
2362 }
2382 /* Destroying a cond var being waited upon outcome is EBUSY and
2383 variable is not destroyed. */
2385 }
2392 /* We have no record of this CV. So complain about it
2393 .. except, don't bother to complain if it has exactly the
2394 value PTHREAD_COND_INITIALIZER, since it might be that the CV
2395 was initialised like that but never used. */
2399 }
2400 }
2401 }
2404 {
2405 /* 'tid' has signalled on 'cond'. As per the comment above, bind
2406 cond to a SO if it is not already so bound, and 'send' on the
2407 SO. This is later used by other thread(s) which successfully
2408 exit from a pthread_cond_wait on the same cv; then they 'recv'
2409 from the SO, thereby acquiring a dependency on this signalling
2410 event. */
2413 //Lock* lk;
2426 // error-if: mutex is bogus
2427 // error-if: mutex is not locked
2428 // Hmm. POSIX doesn't actually say that it's an error to call
2429 // pthread_cond_signal with the associated mutex being unlocked.
2430 // Although it does say that it should be "if consistent scheduling
2431 // is desired." For that reason, print "dubious" if the lock isn't
2432 // held by any thread. Skip the "dubious" if it is held by some
2433 // other thread; that sounds straight-out wrong.
2434 //
2435 // Anybody who writes code that signals on a CV without holding
2436 // the associated MX needs to be shipped off to a lunatic asylum
2437 // ASAP, even though POSIX doesn't actually declare such behaviour
2438 // illegal -- it makes code extremely difficult to understand/
2439 // reason about. In particular it puts the signalling thread in
2440 // a situation where it is racing against the released waiter
2441 // as soon as the signalling is done, and so there needs to be
2442 // some auxiliary synchronisation mechanism in the program that
2443 // makes this safe -- or the race(s) need to be harmless, or
2444 // probably nonexistent.
2445 //
2450 }
2451 /* note: lk could be NULL. Be careful. */
2456 }
2459 "pthread_cond_{signal,broadcast}: dubious: "
2461 }
2464 "pthread_cond_{signal,broadcast}: "
2466 }
2468 /* Couldn't even find the damn thing. */
2469 // But actually .. that's not necessarily an error. We don't
2470 // know the (CV,MX) binding until a pthread_cond_wait or bcast
2471 // shows us what it is, and if that may not have happened yet.
2472 // So just keep quiet in this circumstance.
2473 //HG_(record_error_Misc)( thr,
2474 // "pthread_cond_{signal,broadcast}: "
2475 // "no or invalid mutex associated with cond");
2476 }
2477 }
2480 }
2482 /* returns True if it reckons 'mutex' is valid and held by this
2483 thread, else False */
2486 {
2502 /* Check for stupid mutex arguments. There are various ways to be
2503 a bozo. Only complain once, though, even if more than one thing
2504 is wrong. */
2508 thr,
2529 }
2530 }
2532 // error-if: cond is also associated with a different mutex
2537 /* form initial (CV,MX) binding */
2539 }
2545 }
2549 }
2553 Bool timeout)
2554 {
2555 /* A pthread_cond_wait(cond, mutex) completed successfully. Find
2556 the SO for this cond, and 'recv' from it so as to acquire a
2557 dependency edge back to the signaller/broadcaster. */
2569 // error-if: cond is also associated with a different mutex
2573 /* This could be either a bug in helgrind or the guest application
2574 that did an error (e.g. cond var was destroyed by another thread.
2575 Let's assume helgrind is perfect ...
2576 Note that this is similar to drd behaviour. */
2580 }
2587 /* Hmm. How can a wait on 'cond' succeed if nobody signalled
2588 it? If this happened it would surely be a bug in the threads
2589 library. Or one of those fabled "spurious wakeups". */
2591 "succeeded"
2593 }
2595 /* anyway, acquire a dependency on it. */
2599 }
2603 {
2614 }
2619 {
2620 /* Deal with destroy events. The only purpose is to free storage
2621 associated with the CV, so as to avoid any possible resource
2622 leaks. */
2629 }
2632 /* ------------------------------------------------------- */
2633 /* -------------- events to do with rwlocks -------------- */
2634 /* ------------------------------------------------------- */
2636 /* EXPOSITION only */
2637 static
2639 {
2646 }
2648 static
2650 {
2658 /* cannot fail - Thread* must already exist */
2666 }
2672 /* Basically act like we unlocked the lock */
2675 /* remove lock from locksets of all owning threads */
2681 }
2689 }
2693 }
2695 static
2699 {
2700 /* Just check the rwl is sane; nothing else to do. */
2701 // 'rwl' may be invalid - not checked by wrapper
2716 /* Wrong kind of lock. Duh. */
2720 }
2721 }
2723 static
2725 {
2726 // only called if the real library call succeeded - so mutex is sane
2738 thr,
2741 );
2742 }
2745 {
2746 // 'rwl' may be invalid - not checked by wrapper
2756 }
2759 {
2760 // only called if the real library call succeeded - so mutex is sane
2768 // anything we should do here?
2769 }
2772 /* ---------------------------------------------------------- */
2773 /* -------------- events to do with semaphores -------------- */
2774 /* ---------------------------------------------------------- */
2776 /* This is similar to but not identical to the handling for condition
2777 variables. */
2779 /* For each semaphore, we maintain a stack of SOs. When a 'post'
2780 operation is done on a semaphore (unlocking, essentially), a new SO
2781 is created for the posting thread, the posting thread does a strong
2782 send to it (which merely installs the posting thread's VC in the
2783 SO), and the SO is pushed on the semaphore's stack.
2785 Later, when a (probably different) thread completes 'wait' on the
2786 semaphore, we pop a SO off the semaphore's stack (which should be
2787 nonempty), and do a strong recv from it. This mechanism creates
2788 dependencies between posters and waiters of the semaphore.
2790 It may not be necessary to use a stack - perhaps a bag of SOs would
2791 do. But we do need to keep track of how many unused-up posts have
2792 happened for the semaphore.
2794 Imagine T1 and T2 both post once on a semaphore S, and T3 waits
2795 twice on S. T3 cannot complete its waits without both T1 and T2
2796 posting. The above mechanism will ensure that T3 acquires
2797 dependencies on both T1 and T2.
2799 When a semaphore is initialised with value N, we do as if we'd
2800 posted N times on the semaphore: basically create N SOs and do a
2801 strong send to all of then. This allows up to N waits on the
2802 semaphore to acquire a dependency on the initialisation point,
2803 which AFAICS is the correct behaviour.
2805 We don't emit an error for DESTROY_PRE on a semaphore we don't know
2806 about. We should.
2807 */
2809 /* sem_t* -> XArray* SO* */
2816 }
2817 }
2820 UWord keyW;
2833 }
2834 }
2837 UWord keyW;
2843 /* xa is the stack for this semaphore. */
2844 Word sz;
2855 /* hmm, that's odd. No stack for this semaphore. */
2857 }
2858 }
2861 {
2871 /* Empty out the semaphore's SO stack. This way of doing it is
2872 stupid, but at least it's easy. */
2877 }
2885 }
2886 }
2888 static
2890 {
2901 /* Empty out the semaphore's SO stack. This way of doing it is
2902 stupid, but at least it's easy. */
2907 }
2909 /* If we don't do this check, the following while loop runs us out
2910 of memory for stupid initial values of 'value'. */
2915 }
2917 /* Now create 'valid' new SOs for the thread, do a strong send to
2918 each of them, and push them all on the stack. */
2926 }
2927 }
2930 {
2931 /* 'tid' has posted on 'sem'. Create a new SO, do a strong send to
2932 it (iow, write our VC into it, then tick ours), and push the SO
2933 on on a stack of SOs associated with 'sem'. This is later used
2934 by other thread(s) which successfully exit from a sem_wait on
2935 the same sem; by doing a strong recv from SOs popped of the
2936 stack, they acquire dependencies on the posting thread
2937 segment(s). */
2950 // error-if: sem is bogus
2958 }
2961 {
2962 /* A sem_wait(sem) completed successfully. Pop the posting-SO for
2963 the 'sem' from this semaphore's SO-stack, and do a strong recv
2964 from it. This creates a dependency back to one of the post-ers
2965 for the semaphore. */
2978 // error-if: sem is bogus
2989 /* Hmm. How can a wait on 'sem' succeed if nobody posted to it?
2990 If this happened it would surely be a bug in the threads
2991 library. */
2995 }
2996 }
2999 /* -------------------------------------------------------- */
3000 /* -------------- events to do with barriers -------------- */
3001 /* -------------------------------------------------------- */
3003 typedef
3009 }
3010 Bar;
3014 /* all fields are zero */
3017 }
3024 }
3026 /* A mapping which stores auxiliary data for barriers. */
3028 /* pthread_barrier_t* -> Bar* */
3035 }
3036 }
3048 }
3049 }
3058 }
3059 }
3064 UWord count,
3065 UWord resizable )
3066 {
3081 );
3082 }
3087 );
3088 }
3096 );
3097 }
3103 );
3105 }
3109 }
3115 }
3120 {
3124 /* Deal with destroy events. The only purpose is to free storage
3125 associated with the barrier, so as to avoid any possible
3126 resource leaks. */
3141 );
3142 }
3147 );
3148 }
3150 /* Maybe we shouldn't do this; just let it persist, so that when it
3151 is reinitialised we don't need to do any dynamic memory
3152 allocation? The downside is a potentially unlimited space leak,
3153 if the client creates (in turn) a large number of barriers all
3154 at different locations. Note that if we do later move to the
3155 don't-delete-it scheme, we need to mark the barrier as
3156 uninitialised again since otherwise a later _init call will
3157 elicit a duplicate-init error. */
3159 }
3162 /* All the threads have arrived. Now do the Interesting Bit. Get a
3163 new synchronisation object and do a weak send to it from all the
3164 participating threads. This makes its vector clocks be the join of
3165 all the individual threads' vector clocks. Then do a strong
3166 receive from it back to all threads, so that their VCs are a copy
3167 of it (hence are all equal to the join of their original VCs.) */
3169 {
3170 /* XXX check bar->waiting has no duplicates */
3171 UWord i;
3177 /* compute the join ... */
3182 }
3183 /* ... and distribute to all threads */
3188 }
3190 /* finally, we must empty out the waiting vector */
3193 /* and we don't need this any more. Perhaps a stack-allocated
3194 SO would be better? */
3196 }
3201 {
3202 /* This function gets called after a client thread calls
3203 pthread_barrier_wait but before it arrives at the real
3204 pthread_barrier_wait.
3206 Why is the following correct? It's a bit subtle.
3208 If this is not the last thread arriving at the barrier, we simply
3209 note its presence and return. Because valgrind (at least as of
3210 Nov 08) is single threaded, we are guaranteed safe from any race
3211 conditions when in this function -- no other client threads are
3212 running.
3214 If this is the last thread, then we are again the only running
3215 thread. All the other threads will have either arrived at the
3216 real pthread_barrier_wait or are on their way to it, but in any
3217 case are guaranteed not to be able to move past it, because this
3218 thread is currently in this function and so has not yet arrived
3219 at the real pthread_barrier_wait. That means that:
3221 1. While we are in this function, none of the other threads
3222 waiting at the barrier can move past it.
3224 2. When this function returns (and simulated execution resumes),
3225 this thread and all other waiting threads will be able to move
3226 past the real barrier.
3228 Because of this, it is now safe to update the vector clocks of
3229 all threads, to represent the fact that they all arrived at the
3230 barrier and have all moved on. There is no danger of any
3231 complications to do with some threads leaving the barrier and
3232 racing back round to the front, whilst others are still leaving
3233 (which is the primary source of complication in correct handling/
3234 implementation of barriers). That can't happen because we update
3235 here our data structures so as to indicate that the threads have
3236 passed the barrier, even though, as per (2) above, they are
3237 guaranteed not to pass the barrier until we return.
3239 This relies crucially on Valgrind being single threaded. If that
3240 changes, this will need to be reconsidered.
3241 */
3244 UWord present;
3260 );
3262 }
3264 /* guaranteed by _INIT_PRE above */
3270 /* guaranteed by this function */
3278 }
3283 UWord newcount )
3284 {
3287 UWord present;
3303 );
3305 }
3310 );
3312 }
3317 );
3319 }
3321 /* guaranteed by _INIT_PRE above */
3324 /* Guaranteed by this fn */
3328 /* Increasing the capacity. There's no possibility of threads
3329 moving on from the barrier in this situation, so just note
3330 the fact and do nothing more. */
3333 /* Decreasing the capacity. If we decrease it to be equal or
3334 below the number of waiting threads, they will now move past
3335 the barrier, so need to mess with dep edges in the same way
3336 as if the barrier had filled up normally. */
3342 }
3344 }
3345 }
3348 /* ----------------------------------------------------- */
3349 /* ----- events to do with user-specified HB edges ----- */
3350 /* ----------------------------------------------------- */
3352 /* A mapping from arbitrary UWord tag to the SO associated with it.
3353 The UWord tags are meaningless to us, interpreted only by the
3354 user. */
3358 /* UWord -> SO* */
3365 }
3366 }
3378 }
3379 }
3389 }
3390 }
3393 static
3395 {
3396 /* TID is just about to notionally sent a message on a notional
3397 abstract synchronisation object whose identity is given by
3398 USERTAG. Bind USERTAG to a real SO if it is not already so
3399 bound, and do a 'weak send' on the SO. This joins the vector
3400 clocks from this thread into any vector clocks already present
3401 in the SO. The resulting SO vector clocks are later used by
3402 other thread(s) which successfully 'receive' from the SO,
3403 thereby acquiring a dependency on all the events that have
3404 previously signalled on this SO. */
3419 }
3421 static
3423 {
3424 /* TID has just notionally received a message from a notional
3425 abstract synchronisation object whose identity is given by
3426 USERTAG. Bind USERTAG to a real SO if it is not already so
3427 bound. If the SO has at some point in the past been 'sent' on,
3428 to a 'strong receive' on it, thereby acquiring a dependency on
3429 the sender. */
3443 /* Acquire a dependency on it. If the SO has never so far been
3444 sent on, then libhb_so_recv will do nothing. So we're safe
3445 regardless of SO's history. */
3447 }
3449 static
3451 {
3452 /* TID declares that any happens-before edges notionally stored in
3453 USERTAG can be deleted. If (as would normally be the case) a
3454 SO is associated with USERTAG, then the association is removed
3455 and all resources associated with SO are freed. Importantly,
3456 that frees up any VTSs stored in SO. */
3462 }
3465 #if defined(VGO_solaris)
3466 /* ----------------------------------------------------- */
3467 /* --- events to do with bind guard/clear intercepts --- */
3468 /* ----------------------------------------------------- */
3470 static
3472 {
3485 /* Misuse pthread_create_nesting_level for ignoring mutex activity. */
3487 }
3488 }
3490 static
3492 {
3506 }
3507 }
3511 /*--------------------------------------------------------------*/
3512 /*--- Lock acquisition order monitoring ---*/
3513 /*--------------------------------------------------------------*/
3515 /* FIXME: here are some optimisations still to do in
3516 laog__pre_thread_acquires_lock.
3518 The graph is structured so that if L1 --*--> L2 then L1 must be
3519 acquired before L2.
3521 The common case is that some thread T holds (eg) L1 L2 and L3 and
3522 is repeatedly acquiring and releasing Ln, and there is no ordering
3523 error in what it is doing. Hence it repeatedly:
3525 (1) searches laog to see if Ln --*--> {L1,L2,L3}, which always
3526 produces the answer No (because there is no error).
3528 (2) adds edges {L1,L2,L3} --> Ln to laog, which are already present
3529 (because they already got added the first time T acquired Ln).
3531 Hence cache these two events:
3533 (1) Cache result of the query from last time. Invalidate the cache
3534 any time any edges are added to or deleted from laog.
3536 (2) Cache these add-edge requests and ignore them if said edges
3537 have already been added to laog. Invalidate the cache any time
3538 any edges are deleted from laog.
3539 */
3541 typedef
3545 }
3546 LAOGLinks;
3548 /* lock order acquisition graph */
3551 /* EXPOSITION ONLY: for each edge in 'laog', record the two places
3552 where that edge was created, so that we can show the user later if
3553 we need to. */
3554 typedef
3560 }
3561 LAOGLinkExposition;
3564 /* Compare LAOGLinkExposition*s by (src_ga,dst_ga) field pair. */
3572 }
3575 /* end EXPOSITION ONLY */
3580 {
3589 cmp_LAOGLinkExposition );
3590 }
3614 }
3617 }
3620 Word i;
3629 // univ_laog_seen[*] set to 0 (False) by zalloc.
3640 }
3645 seen++;
3646 else
3648 }
3652 // We need to decide the value of the next_gc.
3653 // 3 solutions were looked at:
3654 // Sol 1: garbage collect at seen * 2
3655 // This solution was a lot slower, probably because we both do a lot of
3656 // garbage collection and do not keep long enough laog WV that will become
3657 // useful again very soon.
3658 // Sol 2: garbage collect at a percentage increase of the current cardinality
3659 // (with a min increase of 1)
3660 // Trials on a small test program with 1%, 5% and 10% increase was done.
3661 // 1% is slightly faster than 5%, which is slightly slower than 10%.
3662 // However, on a big application, this caused the memory to be exhausted,
3663 // as even a 1% increase of size at each gc becomes a lot, when many gc
3664 // are done.
3665 // Sol 3: always garbage collect at current cardinality + 1.
3666 // This solution was the fastest of the 3 solutions, and caused no memory
3667 // exhaustion in the big application.
3668 //
3669 // With regards to cost introduced by gc: on the t2t perf test (doing only
3670 // lock/unlock operations), t2t 50 10 2 was about 25% faster than the
3671 // version with garbage collection. With t2t 50 20 2, my machine started
3672 // to page out, and so the garbage collected version was much faster.
3673 // On smaller lock sets (e.g. t2t 20 5 2, giving about 100 locks), the
3674 // difference performance is insignificant (~ 0.1 s).
3675 // Of course, it might be that real life programs are not well represented
3676 // by t2t.
3678 // If ever we want to have a more sophisticated control
3679 // (e.g. clo options to control the percentage increase or fixed increased),
3680 // we should do it here, eg.
3681 // next_gc_univ_laog = prev_next_gc_univ_laog + VG_(clo_laog_gc_fixed);
3682 // Currently, we just hard-code the solution 3 above.
3690 }
3695 UWord keyW;
3700 /* Take the opportunity to sanity check the graph. Record in
3701 presentF if there is already a src->dst mapping in this node's
3702 forwards links, and presentR if there is already a src->dst
3703 mapping in this node's backwards links. They should agree!
3704 Also, we need to know whether the edge was already present so as
3705 to decide whether or not to update the link details mapping. We
3706 can compute presentF and presentR essentially for free, so may
3707 as well do this always. */
3710 /* Update the out edges for src */
3714 WordSetID outs_new;
3725 }
3726 /* Update the in edges for dst */
3730 WordSetID inns_new;
3741 }
3746 LAOGLinkExposition expo;
3747 /* If this edge is entering the graph, and we have acquired_at
3748 information for both src and dst, record those acquisition
3749 points. Hence, if there is later a violation of this
3750 ordering, we can show the user the two places in which the
3751 required src-dst ordering was previously established. */
3760 /* we already have it; do nothing */
3769 }
3770 }
3774 }
3778 UWord keyW;
3781 /* Update the out edges for src */
3788 }
3789 /* Update the in edges for dst */
3796 }
3798 /* Remove the exposition of src,dst (if present) */
3799 {
3802 LAOGLinkExposition expo;
3811 }
3812 }
3814 /* deleting edges can increase nr of of WS so check for gc. */
3818 }
3822 UWord keyW;
3832 }
3833 }
3837 UWord keyW;
3847 }
3848 }
3870 }
3877 }
3880 }
3884 bad:
3888 }
3890 /* If there is a path in laog from 'src' to any of the elements in
3891 'dst', return an arbitrarily chosen element of 'dst' reachable from
3892 'src'. If no path exist from 'src' to any element in 'dst', return
3893 NULL. */
3895 static
3897 {
3899 Word ssz;
3903 WordSetID succs;
3906 //laog__sanity_check();
3908 /* If the destination set is empty, we can never get there from
3909 'src' :-), so don't bother to try */
3939 }
3944 }
3947 /* Thread 'thr' is acquiring 'lk'. Check for inconsistent ordering
3948 between 'lk' and the locks already held by 'thr' and issue a
3949 complaint if so. Also, update the ordering graph appropriately.
3950 */
3954 Lock* lk
3955 )
3956 {
3961 /* It may be that 'thr' already holds 'lk' and is recursively
3962 relocking in. In this case we just ignore the call. */
3963 /* NB: univ_lsets really is correct here */
3967 /* First, the check. Complain if there is any path in laog from lk
3968 to any of the locks already held by thr, since if any such path
3969 existed, it would mean that previously lk was acquired before
3970 (rather than after, as we are doing here) at least one of those
3971 locks.
3972 */
3976 /* So we managed to find a path lk --*--> other in the graph,
3977 which implies that 'lk' should have been acquired before
3978 'other' but is in fact being acquired afterwards. We present
3979 the lk/other arguments to record_error_LockOrder in the order
3980 in which they should have been acquired. */
3981 /* Go look in the laog_exposition mapping, to find the allocation
3982 points for this edge, so we can show the user. */
3999 /* Hmm. This can't happen (can it?) */
4000 /* Yes, it can happen: see tests/tc14_laog_dinphils.
4001 Imagine we have 3 philosophers A B C, and the forks
4002 between them:
4004 C
4006 fCA fBC
4008 A fAB B
4010 Let's have the following actions:
4011 A takes fCA,fAB
4012 A releases fCA,fAB
4013 B takes fAB,fBC
4014 B releases fAB,fBC
4015 C takes fBC,fCA
4016 C releases fBC,fCA
4018 Helgrind will report a lock order error when C takes fCA.
4019 Effectively, we have a deadlock if the following
4020 sequence is done:
4021 A takes fCA
4022 B takes fAB
4023 C takes fBC
4025 The error reported is:
4026 Observed (incorrect) order fBC followed by fCA
4027 but the stack traces that have established the required order
4028 are not given.
4030 This is because there is no pair (fCA, fBC) in laog exposition :
4031 the laog_exposition records all pairs of locks between a new lock
4032 taken by a thread and all the already taken locks.
4033 So, there is no laog_exposition (fCA, fBC) as no thread ever
4034 first locked fCA followed by fBC.
4036 In other words, when the deadlock cycle involves more than
4037 two locks, then helgrind does not report the sequence of
4038 operations that created the cycle.
4040 However, we can report the current stack trace (where
4041 lk is being taken), and the stack trace where other was acquired:
4042 Effectively, the variable 'other' contains a lock currently
4043 held by this thread, with its 'acquired_at'. */
4048 }
4049 }
4051 /* Second, add to laog the pairs
4052 (old, lk) | old <- locks already held by thr
4053 Since both old and lk are currently held by thr, their acquired_at
4054 fields must be non-NULL.
4055 */
4062 }
4064 /* Why "except_Locks" ? We're here because a lock is being
4065 acquired by a thread, and we're in an inconsistent state here.
4066 See the call points in evhH__post_thread_{r,w}_acquires_lock.
4067 When called in this inconsistent state, locks__sanity_check duly
4068 barfs. */
4071 }
4073 /* Allocates a duplicate of words. Caller must HG_(free) the result. */
4075 {
4076 UInt i;
4087 }
4089 /* Delete from 'laog' any pair mentioning a lock in locksToDelete */
4093 {
4101 // We need to duplicate the payload, as these can be garbage collected
4102 // during the del/add operations below.
4118 /* This can pass unlocked locks to laog__add_edge, since
4119 we're deleting stuff. So their acquired_at fields may
4120 be NULL. */
4122 }
4123 }
4124 }
4131 // Remove lk information from laog links FM
4132 {
4140 }
4141 }
4142 /* FIXME ??? What about removing lock lk data from EXPOSITION ??? */
4143 }
4145 //__attribute__((noinline))
4146 //static void laog__handle_lock_deletions (
4147 // WordSetID /* in univ_laog */ locksToDelete
4148 // )
4149 //{
4150 // Word i, ws_size;
4151 // UWord* ws_words;
4152 //
4153 //
4154 // HG_(getPayloadWS)( &ws_words, &ws_size, univ_lsets, locksToDelete );
4155 // UWordV_dup call needed here ...
4156 // for (i = 0; i < ws_size; i++)
4157 // laog__handle_one_lock_deletion( (Lock*)ws_words[i] );
4158 //
4159 // if (HG_(clo_sanity_flags) & SCE_LAOG)
4160 // all__sanity_check("laog__handle_lock_deletions-post");
4161 //}
4164 /*--------------------------------------------------------------*/
4165 /*--- Malloc/free replacements ---*/
4166 /*--------------------------------------------------------------*/
4168 typedef
4175 }
4176 MallocMeta;
4178 /* A hash table of MallocMetas, used to track malloc'd blocks
4179 (obviously). */
4182 /* MallocMeta are small elements. We use a pool to avoid
4183 the overhead of malloc for each MallocMeta. */
4190 }
4193 }
4196 /* Allocate a client block and set up the metadata for it. */
4198 static
4201 {
4202 Addr p;
4209 }
4213 /* Note that map_threads_lookup must succeed (cannot assert), since
4214 memory can only be allocated by currently alive threads, hence
4215 they must have an entry in map_threads. */
4226 /* Tell the lower level memory wranglers. */
4230 }
4232 /* Re the checks for less-than-zero (also in hg_cli__realloc below):
4233 Cast to a signed type to catch any unexpectedly negative args.
4234 We're assuming here that the size asked for is not greater than
4235 2^31 bytes (for 32-bit platforms) or 2^63 bytes (for 64-bit
4236 platforms). */
4241 }
4246 }
4247 static void* hg_cli____builtin_new_aligned ( ThreadId tid, SizeT n, SizeT align, SizeT orig_align ) {
4251 }
4256 }
4257 static void* hg_cli____builtin_vec_new_aligned ( ThreadId tid, SizeT n, SizeT align, SizeT orig_align ) {
4261 }
4266 }
4271 }
4274 /* Free a client block, including getting rid of the relevant
4275 metadata. */
4278 {
4280 SizeT szB;
4282 /* First see if we can find the metadata for 'p'. */
4292 }
4294 /* Nuke the metadata block */
4304 /* Tell the lower level memory wranglers. */
4306 }
4310 }
4313 }
4316 }
4319 }
4322 }
4325 {
4327 SizeT i;
4336 }
4354 }
4356 }
4359 /* size unchanged */
4362 }
4365 /* new size is smaller */
4370 }
4373 /* new size is bigger */
4376 // Nb: if realloc fails, NULL is returned but the old block is not
4377 // touched. What an awful function.
4379 }
4381 /* First half kept and copied, second half new */
4382 // FIXME: shouldn't we use a copier which implements the
4383 // memory state machine?
4387 /* FIXME: can anything funny happen here? specifically, if the
4388 old range contained a lock, then die_mem_heap will complain.
4389 Is that the correct behaviour? Not sure. */
4392 /* Copy from old to new */
4396 /* Because the metadata hash table is index by payload address,
4397 we have to get rid of the old hash table entry and make a new
4398 one. We can't just modify the existing metadata in place,
4399 because then it would (almost certainly) be in the wrong hash
4400 chain. */
4411 /* Update fields */
4417 /* and add */
4421 }
4422 }
4425 {
4428 // There may be slop, but pretend there isn't because only the asked-for
4429 // area will have been shadowed properly.
4431 }
4434 /* For error creation: map 'data_addr' to a malloc'd chunk, if any.
4435 Slow linear search. With a bit of hash table help if 'data_addr'
4436 is either the start of a block or up to 15 word-sized steps along
4437 from the start of a block. */
4440 {
4441 /* Accept 'a' as within 'mm' if 'mm's size is zero and 'a' points
4442 right at it. */
4445 /* else normal interval rules apply */
4449 }
4455 Addr data_addr )
4456 {
4458 Int i;
4461 /* Before searching the list of allocated blocks in hg_mallocmeta_table,
4462 first verify that data_addr is in a heap client segment. */
4467 /* First, do a few fast searches on the basis that data_addr might
4468 be exactly the start of a block or up to 15 words inside. This
4469 can happen commonly via the creq
4470 _VG_USERREQ__HG_CLEAN_MEMORY_HEAPBLOCK. */
4476 }
4478 /* Well, this totally sucks. But without using an interval tree or
4479 some such, it's hard to see how to do better. We have to check
4480 every block in the entire table. */
4485 }
4487 /* Not found. Bah. */
4489 /*NOTREACHED*/
4491 found:
4499 }
4502 /*--------------------------------------------------------------*/
4503 /*--- Instrumentation ---*/
4504 /*--------------------------------------------------------------*/
4506 #define unop(_op, _arg1) IRExpr_Unop((_op),(_arg1))
4507 #define binop(_op, _arg1, _arg2) IRExpr_Binop((_op),(_arg1),(_arg2))
4508 #define mkexpr(_tmp) IRExpr_RdTmp((_tmp))
4509 #define mkU32(_n) IRExpr_Const(IRConst_U32(_n))
4510 #define mkU64(_n) IRExpr_Const(IRConst_U64(_n))
4511 #define assign(_t, _e) IRStmt_WrTmp((_t), (_e))
4513 /* This takes and returns atoms, of course. Not full IRExprs. */
4515 {
4519 /* Generate 32to1(And32(1Uto32(arg1), 1Uto32(arg2))). Appalling
4520 code, I know. */
4531 }
4535 Int szB,
4536 Bool isStore,
4537 Bool fixupSP_needed,
4538 Int hWordTy_szB,
4539 Int goff_sp,
4540 Int goff_sp_s1,
4541 /* goff_sp_s1 is the offset in guest
4542 state where the cachedstack validity
4543 is stored. */
4545 {
4553 // THRESH is the size of the window above SP (well,
4554 // mostly above) that we assume implies a stack reference.
4564 /* So the effective address is in 'addr' now. */
4580 /* Unwind has to be done with a SP fixed up with one word.
4581 See Ist_Put heuristic in hg_instrument. */
4587 }
4592 /* Unwind has to be done with a SP fixed up with one word.
4593 See Ist_Put heuristic in hg_instrument. */
4599 }
4609 }
4639 }
4640 }
4642 /* Create the helper. */
4648 argv );
4651 /* memory access helper might read the shadow1 SP offset, that
4652 indicates if the cached stacktrace is valid. */
4659 }
4662 /* We're ignoring memory references which are (obviously) to the
4663 stack. In fact just skip stack refs that are within 4 pages
4664 of SP (SP - the redzone, really), as that's simple, easy, and
4665 filters out most stack references. */
4666 /* Generate the guard condition: "(addr - (SP - RZ)) >u N", for
4667 some arbitrary N. If that is true then addr is outside the
4668 range (SP - RZ .. SP + N - RZ). If N is smallish (a few
4669 pages) then we can say addr is within a few pages of SP and
4670 so can't possibly be a heap access, and so can be skipped.
4672 Note that the condition simplifies to
4673 (addr - SP + RZ) >u N
4674 which generates better code in x86/amd64 backends, but it does
4675 not unfortunately simplify to
4676 (addr - SP) >u (N - RZ)
4677 (would be beneficial because N - RZ is a constant) because
4678 wraparound arithmetic messes up the comparison. eg.
4679 20 >u 10 == True,
4680 but (20 - 15) >u (10 - 15) == 5 >u (MAXINT-5) == False.
4681 */
4685 /* "addr - SP" */
4688 sbOut,
4690 tyAddr == Ity_I32
4693 );
4695 /* "addr - SP + RZ" */
4698 sbOut,
4700 tyAddr == Ity_I32
4703 );
4705 /* guardA == "guard on the address" */
4708 sbOut,
4710 tyAddr == Ity_I32
4713 );
4715 }
4717 /* If there's a guard on the access itself (as supplied by the
4718 caller of this routine), we need to AND that in to any guard we
4719 might already have. */
4722 }
4724 /* Add the helper. */
4726 }
4729 /* Figure out if GA is a guest code address in the dynamic linker, and
4730 if so return True. Otherwise (and in case of any doubt) return
4731 False. (sidedly safe w/ False as the safe value) */
4733 {
4745 }
4747 static
4749 Int goff_sp_s1,
4750 Int hWordTy_szB)
4751 {
4752 /* Invalidate cached stack: Write 0 in the shadow1 offset 0 */
4757 /// ???? anything more efficient than assign a Word???
4758 }
4760 static
4767 {
4768 Int i;
4775 // Set to True when SP must be fixed up when taking a stack trace for the
4776 // mem accesses in the rest of the instruction
4780 /* SP in shadow1 indicates if cached stack is valid.
4781 We have to invalidate the cached stack e.g. when seeing call or ret. */
4786 /* We don't currently support this case. */
4788 }
4792 }
4794 /* Set up BB */
4801 // Copy verbatim any IR preamble preceding the first IMark
4805 i++;
4806 }
4808 // Get the first statement, and initial cia from it
4822 /* No memory reference, but if we do anything else than
4823 Ijk_Boring, indicate to helgrind that the previously
4824 recorded stack is invalid.
4825 For Ijk_Boring, also invalidate the stack if the exit
4826 instruction has no CF info. This heuristic avoids cached
4827 stack trace mismatch in some cases such as longjmp
4828 implementation. Similar logic below for the bb exit. */
4835 /* None of these can contain any memory references. */
4838 /* This cannot contain any memory references. */
4839 /* If we see a put to SP, from now on in this instruction,
4840 the SP needed to unwind has to be fixed up by one word.
4841 This very simple heuristic ensures correct unwinding in the
4842 typical case of a push instruction. If we need to cover more
4843 cases, then we need to better track how the SP is modified by
4844 the instruction (and calculate a precise sp delta), rather than
4845 assuming that the SP is decremented by a Word size. */
4848 }
4851 /* This cannot contain any memory references. */
4857 /* no mem refs, but note the insn address. */
4860 /* Don't instrument the dynamic linker. It generates a
4861 lot of races which we just expensively suppress, so
4862 it's pointless.
4864 Avoid flooding is_in_dynamic_linker_shared_object with
4865 requests by only checking at transitions between 4K
4866 pages. */
4873 }
4883 }
4887 /* Atomic read-modify-write cycle. Just pretend it's a
4888 read. */
4897 }
4898 /* Just be boring about it. */
4901 bbOut,
4907 NULL/*no-guard*/
4908 );
4909 }
4911 }
4914 /* We pretend store-conditionals don't exist, viz, ignore
4915 them. Whereas load-linked's are treated the same as
4916 normal loads. */
4917 IRType dataTy;
4919 /* LL */
4923 bbOut,
4928 NULL/*no-guard*/
4929 );
4930 }
4932 /* SC */
4933 /*ignore */
4934 }
4936 }
4941 bbOut,
4946 NULL/*no-guard*/
4947 );
4948 }
4959 hWordTy_szB,
4962 }
4973 hWordTy_szB,
4976 }
4983 bbOut,
4988 NULL/*no-guard*/
4989 );
4990 }
4991 }
4993 }
4996 Int dataSize;
4999 /* This dirty helper accesses memory. Collect the
5000 details. */
5010 NULL/*no-guard*/
5011 );
5012 }
5013 }
5020 NULL/*no-guard*/
5021 );
5022 }
5023 }
5027 }
5029 }
5032 unhandled:
5041 // See above the case Ist_Exit:
5047 }
5049 #undef binop
5050 #undef mkexpr
5051 #undef mkU32
5052 #undef mkU64
5053 #undef assign
5056 /*----------------------------------------------------------------*/
5057 /*--- Client requests ---*/
5058 /*----------------------------------------------------------------*/
5060 /* Sheesh. Yet another goddam finite map. */
5067 }
5068 }
5070 /* A list of Ada dependent tasks and their masters. Used for implementing
5071 the Ada task termination semantic as implemented by the
5072 gcc gnat Ada runtime. */
5073 typedef
5079 }
5083 {
5088 }
5089 }
5092 {
5100 }
5102 {
5103 // Make xtmemory_report_next_block ready to be called.
5107 }
5110 {
5112 (
5122 }
5124 /* return True if request recognised, False otherwise */
5126 {
5130 Int kwdid;
5135 /* NB: if possible, avoid introducing a new command below which
5136 starts with the same first letter(s) as an already existing
5137 command. This ensures a shorter abbreviation for the user. */
5157 {
5162 Int i;
5171 }
5172 }
5179 }
5180 }
5186 }
5190 }
5194 {
5195 Addr address;
5202 }
5206 else
5208 }
5210 }
5217 }
5222 }
5223 }
5225 static
5227 {
5232 /* Anything that gets past the above check is one of ours, so we
5233 should be able to handle it. */
5235 /* default, meaningless return value, unless otherwise set */
5240 /* --- --- User-visible client requests --- --- */
5245 /* Call die_mem to (expensively) tidy up properly, if there
5246 are any held locks etc in the area. Calling evh__die_mem
5247 and then evh__new_mem is a bit inefficient; probably just
5248 the latter would do. */
5251 /* and then set it to New */
5253 }
5266 }
5270 }
5272 }
5279 }
5287 }
5300 else
5304 /* This thread (tid) (a master) is informing us that it has
5305 seen the termination of a dependent task, and that this should
5306 be considered as a join between master and dependent. */
5308 Word n;
5319 /* Similar loop as for master completed hook below, but stops at
5320 the first matching occurrence, only comparing master and
5321 dependent. */
5334 }
5335 }
5337 }
5339 /* --- --- Client requests for Helgrind's use only --- --- */
5341 /* Some thread is telling us its pthread_t value. Record the
5342 binding between that and the associated Thread*, so we can
5343 later find the Thread* again when notified of a join by the
5344 thread. */
5352 /* This assertion should hold because the map_threads (tid to
5353 Thread*) binding should have been made at the point of
5354 low-level creation of this thread, which should have
5355 happened prior to us getting this client request for it.
5356 That's because this client request is sent from
5357 client-world from the 'thread_wrapper' function, which
5358 only runs once the thread has been low-level created. */
5360 /* So now we know that (pthread_t)args[1] is associated with
5361 (Thread*)my_thr. Note that down. */
5368 /* FIXME: hardwires assumption about identity of the root thread. */
5373 }
5374 }
5376 }
5383 #if defined(VGO_freebsd)
5386 }
5387 #endif
5391 }
5393 /* This thread (tid) has completed a join with the quitting
5394 thread whose pthread_t is in args[1]. */
5404 /* Can this fail? It would mean that our pthread_join
5405 wrapper observed a successful join on args[1] yet that
5406 thread never existed (or at least, it never lodged an
5407 entry in the mapping (via SET_MY_PTHREAD_T)). Which
5408 sounds like a bug in the threads library. */
5409 // FIXME: get rid of this assertion; handle properly
5414 thr_q);
5416 }
5418 }
5420 /* This thread (tid) is informing us of its master. */
5422 GNAT_dmml dmml;
5431 "dependent = %p master = %p master_level = %ld"
5438 }
5440 /* This thread (tid) is informing us that it has completed a
5441 master. */
5443 Word n;
5455 /* Reverse loop on the array, simulating a pthread_join for
5456 the Dependent tasks of the completed master, and removing
5457 them from the array. */
5469 }
5470 }
5472 }
5474 /* EXPOSITION only: by intercepting lock init events we can show
5475 the user where the lock was initialised, rather than only
5476 being able to show where it was first locked. Intercepting
5477 lock initialisations is not necessary for the basic operation
5478 of the race checker. */
5483 /* mutex=arg[1], mutex_is_init=arg[2] */
5513 /* This thread is about to do pthread_cond_signal on the
5514 pthread_cond_t* in arg[1]. Ditto pthread_cond_broadcast. */
5526 /* Entry into pthread_cond_wait, cond=arg[1], mutex=arg[2].
5527 Returns a flag indicating whether or not the mutex is believed to be
5528 valid for this operation. */
5531 Bool mutex_is_valid
5536 }
5538 /* Thread successfully completed pthread_cond_init:
5539 cond=arg[1], cond_attr=arg[2] */
5545 /* cond=arg[1], cond_is_init=arg[2] */
5550 /* Thread completed pthread_cond_wait, cond=arg[1],
5551 mutex=arg[2], timeout=arg[3], successful=arg[4] */
5568 /* rwlock=arg[1], isW=arg[2], isTryLock=arg[3] */
5576 /* rwlock=arg[1], isW=arg[2], tookLock=arg[3] */
5618 #if defined(VGO_freebsd)
5621 #else
5624 #endif
5629 /* pth_bar_t*, ulong count, ulong resizable */
5635 /* pth_bar_t*, ulong newcount */
5641 /* pth_bar_t* */
5646 /* pth_bar_t* */
5651 /* pth_spinlock_t* */
5656 /* pth_spinlock_t* */
5661 /* pth_spinlock_t*, Word */
5666 /* pth_spinlock_t* */
5671 /* pth_spinlock_t* */
5676 /* HChar* who */
5684 /* record_error_Misc strdup's buf, so this is safe: */
5687 }
5690 /* UWord arbitrary-SO-tag */
5695 /* UWord arbitrary-SO-tag */
5700 /* UWord arbitrary-SO-tag */
5708 else
5711 }
5718 }
5720 }
5727 }
5729 }
5755 #if defined(VGO_solaris)
5766 /* Unhandled Helgrind client request! */
5771 }
5774 }
5777 /*----------------------------------------------------------------*/
5778 /*--- Setup ---*/
5779 /*----------------------------------------------------------------*/
5782 {
5799 // 500 just in case someone with a lot of CPU and memory would like to use
5800 // the same value for --num-callers and this.
5808 /* "stuvwx" --> stuvwx (binary) */
5810 Int j;
5816 }
5824 }
5825 }
5827 }
5844 else
5848 }
5851 {
5871 );
5872 }
5875 {
5893 );
5894 }
5897 {
5905 }
5906 }
5908 //zz VG_(printf)("\n");
5909 //zz VG_(printf)(" hbefore: %'10lu queries\n", stats__hbefore_queries);
5910 //zz VG_(printf)(" hbefore: %'10lu cache 0 hits\n", stats__hbefore_cache0s);
5911 //zz VG_(printf)(" hbefore: %'10lu cache > 0 hits\n", stats__hbefore_cacheNs);
5912 //zz VG_(printf)(" hbefore: %'10lu graph searches\n", stats__hbefore_gsearches);
5913 //zz VG_(printf)(" hbefore: %'10lu of which slow\n",
5914 //zz stats__hbefore_gsearches - stats__hbefore_gsearchFs);
5915 //zz VG_(printf)(" hbefore: %'10lu stack high water mark\n",
5916 //zz stats__hbefore_stk_hwm);
5917 //zz VG_(printf)(" hbefore: %'10lu cache invals\n", stats__hbefore_invals);
5918 //zz VG_(printf)(" hbefore: %'10lu probes\n", stats__hbefore_probes);
5926 }
5928 //VG_(printf)("L(ast)L(ock) map: %'8lu inserts (%d map size)\n",
5929 // stats__ga_LL_adds,
5930 // (Int)(ga_to_lastlock ? VG_(sizeFM)( ga_to_lastlock ) : 0) );
5947 }
5951 stats__lockN_acquires,
5952 stats__lockN_releases
5953 );
5958 }
5961 {
5970 }
5979 }
5981 /* FIXME: move these somewhere sane */
5983 static
5985 {
5987 ThreadId tid;
5988 UWord nActual;
6000 }
6002 static
6004 {
6006 ThreadId tid;
6012 /* this will assert if tid is invalid */
6015 }
6019 {
6025 "helgrind --delta-stacktrace=yes only works with "
6029 }
6032 /////////////////////////////////////////////
6034 for_libhb__get_EC );
6035 /////////////////////////////////////////////
6043 // Activate full xtree memory profiling.
6045 }
6048 {
6050 }
6053 {
6063 hg_instrument,
6064 hg_fini);
6083 hg_print_usage,
6084 hg_print_debug_usage);
6087 // FIXME?
6088 //VG_(needs_sanity_checks) (hg_cheap_sanity_check,
6089 // hg_expensive_sanity_check);
6095 hg_cli____builtin_new,
6096 hg_cli____builtin_new_aligned,
6097 hg_cli____builtin_vec_new,
6098 hg_cli____builtin_vec_new_aligned,
6099 hg_cli__memalign,
6100 hg_cli__calloc,
6101 hg_cli__free,
6102 hg_cli____builtin_delete,
6103 hg_cli____builtin_delete_aligned,
6104 hg_cli____builtin_vec_delete,
6105 hg_cli____builtin_vec_delete_aligned,
6106 hg_cli__realloc,
6107 hg_cli_malloc_usable_size,
6108 HG_CLI__DEFAULT_MALLOC_REDZONE_SZB );
6110 /* 21 Dec 08: disabled this; it mostly causes H to start more
6111 slowly and use significantly more memory, without very often
6112 providing useful results. The user can request to load this
6113 information manually with --read-var-info=yes. */
6131 // FIXME: surely this isn't thread-aware
6140 /* evh__die_mem calls at the end libhb_srange_noaccess_NoFX
6141 which has no effect. We do not use VG_(track_die_mem_stack),
6142 as this would be an expensive way to do nothing. */
6143 // VG_(track_die_mem_stack) ( evh__die_mem );
6145 // FIXME: what is this for?
6153 /////////////////
6161 /* Ensure that requirements for "dodgy C-as-C++ style inheritance"
6162 as described in comments at the top of pub_tool_hashtable.h, are
6163 met. Blargh. */
6166 hg_mallocmeta_table
6175 // add a callback to clean up on (threaded) fork.
6177 }
6181 /*--------------------------------------------------------------------*/
6182 /*--- end hg_main.c ---*/
6183 /*--------------------------------------------------------------------*/