1 /* mc_diff - Memory snapshooting and comparison */
3 /* Copyright (c) 2008-2015. The SimGrid Team.
4 * All rights reserved. */
6 /* This program is free software; you can redistribute it and/or modify it
7 * under the terms of the license (GNU LGPL) which comes with this package. */
9 #include "src/xbt/ex_interface.h" /* internals of backtrace setup */
12 #include "xbt/mmalloc.h"
13 #include "mc_object_info.h"
14 #include "mc/datatypes.h"
15 #include "src/mc/mc_private.h"
16 #include "src/mc/mc_snapshot.h"
17 #include "src/mc/mc_dwarf.hpp"
18 #include "src/mc/Type.hpp"
20 using simgrid::mc::remote;
24 XBT_LOG_NEW_DEFAULT_SUBCATEGORY(mc_diff, xbt,
25 "Logging specific to mc_diff in mc");
27 xbt_dynar_t mc_heap_comparison_ignore;
29 /*********************************** Heap comparison ***********************************/
30 /***************************************************************************************/
32 typedef char *type_name;
34 struct XBT_PRIVATE s_mc_diff {
35 s_xbt_mheap_t std_heap_copy;
36 std::size_t heaplimit;
37 // Number of blocks in the heaps:
38 std::size_t heapsize1, heapsize2;
39 std::vector<s_mc_heap_ignore_region_t>* to_ignore1;
40 std::vector<s_mc_heap_ignore_region_t>* to_ignore2;
41 s_heap_area_t *equals_to1, *equals_to2;
42 simgrid::mc::Type **types1;
43 simgrid::mc::Type **types2;
44 std::size_t available;
47 #define equals_to1_(i,j) equals_to1[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
48 #define equals_to2_(i,j) equals_to2[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
49 #define types1_(i,j) types1[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
50 #define types2_(i,j) types2[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
52 static __thread struct s_mc_diff *mc_diff_info = nullptr;
54 /*********************************** Free functions ************************************/
56 static void heap_area_pair_free(heap_area_pair_t pair)
62 static void heap_area_pair_free_voidp(void *d)
64 heap_area_pair_free((heap_area_pair_t) * (void **) d);
67 static void heap_area_free(heap_area_t area)
73 /************************************************************************************/
75 static s_heap_area_t make_heap_area(int block, int fragment)
80 area.fragment = fragment;
85 static int is_new_heap_area_pair(xbt_dynar_t list, int block1, int fragment1,
86 int block2, int fragment2)
89 unsigned int cursor = 0;
90 heap_area_pair_t current_pair;
92 xbt_dynar_foreach(list, cursor, current_pair) {
93 if (current_pair->block1 == block1 && current_pair->block2 == block2
94 && current_pair->fragment1 == fragment1
95 && current_pair->fragment2 == fragment2)
102 static int add_heap_area_pair(xbt_dynar_t list, int block1, int fragment1,
103 int block2, int fragment2)
106 if (is_new_heap_area_pair(list, block1, fragment1, block2, fragment2)) {
107 heap_area_pair_t pair = NULL;
108 pair = xbt_new0(s_heap_area_pair_t, 1);
109 pair->block1 = block1;
110 pair->fragment1 = fragment1;
111 pair->block2 = block2;
112 pair->fragment2 = fragment2;
114 xbt_dynar_push(list, &pair);
122 static ssize_t heap_comparison_ignore_size(std::vector<s_mc_heap_ignore_region_t>* ignore_list,
126 int end = ignore_list->size() - 1;
128 while (start <= end) {
129 unsigned int cursor = (start + end) / 2;
130 s_mc_heap_ignore_region_t region = (*ignore_list)[cursor];
131 if (region.address == address)
133 if (region.address < address)
135 if (region.address > address)
142 static bool is_stack(const void *address)
144 for (auto const& stack : mc_model_checker->process().stack_areas())
145 if (address == stack.address)
150 // TODO, this should depend on the snapshot?
151 static bool is_block_stack(int block)
153 for (auto const& stack : mc_model_checker->process().stack_areas())
154 if (block == stack.block)
159 static void match_equals(struct s_mc_diff *state, xbt_dynar_t list)
162 unsigned int cursor = 0;
163 heap_area_pair_t current_pair;
165 xbt_dynar_foreach(list, cursor, current_pair) {
167 if (current_pair->fragment1 != -1) {
169 state->equals_to1_(current_pair->block1, current_pair->fragment1) =
170 make_heap_area(current_pair->block2, current_pair->fragment2);
171 state->equals_to2_(current_pair->block2, current_pair->fragment2) =
172 make_heap_area(current_pair->block1, current_pair->fragment1);
176 state->equals_to1_(current_pair->block1, 0) =
177 make_heap_area(current_pair->block2, current_pair->fragment2);
178 state->equals_to2_(current_pair->block2, 0) =
179 make_heap_area(current_pair->block1, current_pair->fragment1);
186 /** Check whether two blocks are known to be matching
188 * @param state State used
189 * @param b1 Block of state 1
190 * @param b2 Block of state 2
191 * @return if the blocks are known to be matching
193 static int equal_blocks(struct s_mc_diff *state, int b1, int b2)
196 if (state->equals_to1_(b1, 0).block == b2
197 && state->equals_to2_(b2, 0).block == b1)
203 /** Check whether two fragments are known to be matching
205 * @param state State used
206 * @param b1 Block of state 1
207 * @param f1 Fragment of state 1
208 * @param b2 Block of state 2
209 * @param f2 Fragment of state 2
210 * @return if the fragments are known to be matching
212 static int equal_fragments(struct s_mc_diff *state, int b1, int f1, int b2,
216 if (state->equals_to1_(b1, f1).block == b2
217 && state->equals_to1_(b1, f1).fragment == f2
218 && state->equals_to2_(b2, f2).block == b1
219 && state->equals_to2_(b2, f2).fragment == f1)
227 int init_heap_information(xbt_mheap_t heap1, xbt_mheap_t heap2,
228 std::vector<s_mc_heap_ignore_region_t>* i1,
229 std::vector<s_mc_heap_ignore_region_t>* i2)
231 if (mc_diff_info == NULL) {
232 mc_diff_info = xbt_new0(struct s_mc_diff, 1);
233 mc_diff_info->equals_to1 = NULL;
234 mc_diff_info->equals_to2 = NULL;
235 mc_diff_info->types1 = NULL;
236 mc_diff_info->types2 = NULL;
238 struct s_mc_diff *state = mc_diff_info;
240 if ((((struct mdesc *) heap1)->heaplimit !=
241 ((struct mdesc *) heap2)->heaplimit)
243 ((((struct mdesc *) heap1)->heapsize !=
244 ((struct mdesc *) heap2)->heapsize)))
247 state->heaplimit = ((struct mdesc *) heap1)->heaplimit;
249 state->std_heap_copy = *mc_model_checker->process().get_heap();
251 state->heapsize1 = heap1->heapsize;
252 state->heapsize2 = heap2->heapsize;
254 state->to_ignore1 = i1;
255 state->to_ignore2 = i2;
257 if (state->heaplimit > state->available) {
258 state->equals_to1 = (s_heap_area_t*)
259 realloc(state->equals_to1,
260 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
261 sizeof(s_heap_area_t));
262 state->types1 = (simgrid::mc::Type**)
263 realloc(state->types1,
264 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
265 sizeof(simgrid::mc::Type*));
266 state->equals_to2 = (s_heap_area_t*)
267 realloc(state->equals_to2,
268 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
269 sizeof(s_heap_area_t));
270 state->types2 = (simgrid::mc::Type**)
271 realloc(state->types2,
272 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
273 sizeof(simgrid::mc::Type*));
274 state->available = state->heaplimit;
277 memset(state->equals_to1, 0,
278 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(s_heap_area_t));
279 memset(state->equals_to2, 0,
280 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(s_heap_area_t));
281 memset(state->types1, 0,
282 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(type_name *));
283 memset(state->types2, 0,
284 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(type_name *));
292 void reset_heap_information()
297 // TODO, have a robust way to find it in O(1)
299 mc_mem_region_t MC_get_heap_region(mc_snapshot_t snapshot)
301 size_t n = snapshot->snapshot_regions.size();
302 for (size_t i=0; i!=n; ++i) {
303 mc_mem_region_t region = snapshot->snapshot_regions[i].get();
304 if (region->region_type() == simgrid::mc::RegionType::Heap)
307 xbt_die("No heap region");
310 int mmalloc_compare_heap(mc_snapshot_t snapshot1, mc_snapshot_t snapshot2)
312 simgrid::mc::Process* process = &mc_model_checker->process();
313 struct s_mc_diff *state = mc_diff_info;
315 /* Start comparison */
316 size_t i1, i2, j1, j2, k;
317 void *addr_block1, *addr_block2, *addr_frag1, *addr_frag2;
318 int nb_diff1 = 0, nb_diff2 = 0;
320 int equal, res_compare = 0;
322 /* Check busy blocks */
326 malloc_info heapinfo_temp1, heapinfo_temp2;
327 malloc_info heapinfo_temp2b;
329 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
330 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
332 // This is the address of std_heap->heapinfo in the application process:
333 void* heapinfo_address = &((xbt_mheap_t) process->heap_address)->heapinfo;
335 // This is in snapshot do not use them directly:
336 const malloc_info* heapinfos1 = snapshot1->read<malloc_info*>(
337 (std::uint64_t)heapinfo_address, simgrid::mc::ProcessIndexMissing);
338 const malloc_info* heapinfos2 = snapshot2->read<malloc_info*>(
339 (std::uint64_t)heapinfo_address, simgrid::mc::ProcessIndexMissing);
341 while (i1 < state->heaplimit) {
343 const malloc_info* heapinfo1 = (const malloc_info*) MC_region_read(heap_region1, &heapinfo_temp1, &heapinfos1[i1], sizeof(malloc_info));
344 const malloc_info* heapinfo2 = (const malloc_info*) MC_region_read(heap_region2, &heapinfo_temp2, &heapinfos2[i1], sizeof(malloc_info));
346 if (heapinfo1->type == MMALLOC_TYPE_FREE || heapinfo1->type == MMALLOC_TYPE_HEAPINFO) { /* Free block */
351 if (heapinfo1->type < 0) {
352 fprintf(stderr, "Unkown mmalloc block type.\n");
357 ((void *) (((ADDR2UINT(i1)) - 1) * BLOCKSIZE +
358 (char *) state->std_heap_copy.heapbase));
360 if (heapinfo1->type == MMALLOC_TYPE_UNFRAGMENTED) { /* Large block */
362 if (is_stack(addr_block1)) {
363 for (k = 0; k < heapinfo1->busy_block.size; k++)
364 state->equals_to1_(i1 + k, 0) = make_heap_area(i1, -1);
365 for (k = 0; k < heapinfo2->busy_block.size; k++)
366 state->equals_to2_(i1 + k, 0) = make_heap_area(i1, -1);
367 i1 += heapinfo1->busy_block.size;
371 if (state->equals_to1_(i1, 0).valid) {
380 /* Try first to associate to same block in the other heap */
381 if (heapinfo2->type == heapinfo1->type) {
383 if (state->equals_to2_(i1, 0).valid == 0) {
385 addr_block2 = (ADDR2UINT(i1) - 1) * BLOCKSIZE +
386 (char *) state->std_heap_copy.heapbase;
389 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_block1, addr_block2, snapshot1, snapshot2,
392 if (res_compare != 1) {
393 for (k = 1; k < heapinfo2->busy_block.size; k++)
394 state->equals_to2_(i1 + k, 0) = make_heap_area(i1, -1);
395 for (k = 1; k < heapinfo1->busy_block.size; k++)
396 state->equals_to1_(i1 + k, 0) = make_heap_area(i1, -1);
398 i1 += heapinfo1->busy_block.size;
405 while (i2 < state->heaplimit && !equal) {
407 addr_block2 = (ADDR2UINT(i2) - 1) * BLOCKSIZE +
408 (char *) state->std_heap_copy.heapbase;
415 const malloc_info* heapinfo2b = (const malloc_info*) MC_region_read(heap_region2, &heapinfo_temp2b, &heapinfos2[i2], sizeof(malloc_info));
417 if (heapinfo2b->type != MMALLOC_TYPE_UNFRAGMENTED) {
422 if (state->equals_to2_(i2, 0).valid) {
428 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_block1, addr_block2, snapshot1, snapshot2,
431 if (res_compare != 1) {
432 for (k = 1; k < heapinfo2b->busy_block.size; k++)
433 state->equals_to2_(i2 + k, 0) = make_heap_area(i1, -1);
434 for (k = 1; k < heapinfo1->busy_block.size; k++)
435 state->equals_to1_(i1 + k, 0) = make_heap_area(i2, -1);
437 i1 += heapinfo1->busy_block.size;
445 XBT_DEBUG("Block %zu not found (size_used = %zu, addr = %p)", i1,
446 heapinfo1->busy_block.busy_size, addr_block1);
447 i1 = state->heaplimit + 1;
452 } else { /* Fragmented block */
454 for (j1 = 0; j1 < (size_t) (BLOCKSIZE >> heapinfo1->type); j1++) {
456 if (heapinfo1->busy_frag.frag_size[j1] == -1) /* Free fragment */
459 if (state->equals_to1_(i1, j1).valid)
463 (void *) ((char *) addr_block1 + (j1 << heapinfo1->type));
468 /* Try first to associate to same fragment in the other heap */
469 if (heapinfo2->type == heapinfo1->type) {
471 if (state->equals_to2_(i1, j1).valid == 0) {
473 addr_block2 = (ADDR2UINT(i1) - 1) * BLOCKSIZE +
474 (char *) state->std_heap_copy.heapbase;
476 (void *) ((char *) addr_block2 +
477 (j1 << heapinfo2->type));
480 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_frag1, addr_frag2, snapshot1, snapshot2,
483 if (res_compare != 1)
490 while (i2 < state->heaplimit && !equal) {
492 const malloc_info* heapinfo2b = (const malloc_info*) MC_region_read(
493 heap_region2, &heapinfo_temp2b, &heapinfos2[i2],
494 sizeof(malloc_info));
496 if (heapinfo2b->type == MMALLOC_TYPE_FREE || heapinfo2b->type == MMALLOC_TYPE_HEAPINFO) {
501 // We currently do not match fragments with unfragmented blocks (maybe we should).
502 if (heapinfo2b->type == MMALLOC_TYPE_UNFRAGMENTED) {
507 if (heapinfo2b->type < 0) {
508 fprintf(stderr, "Unkown mmalloc block type.\n");
512 for (j2 = 0; j2 < (size_t) (BLOCKSIZE >> heapinfo2b->type);
515 if (i2 == i1 && j2 == j1)
518 if (state->equals_to2_(i2, j2).valid)
521 addr_block2 = (ADDR2UINT(i2) - 1) * BLOCKSIZE +
522 (char *) state->std_heap_copy.heapbase;
524 (void *) ((char *) addr_block2 +
525 (j2 << heapinfo2b->type));
528 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_frag1, addr_frag2, snapshot2, snapshot2,
531 if (res_compare != 1) {
544 ("Block %zu, fragment %zu not found (size_used = %zd, address = %p)\n",
545 i1, j1, heapinfo1->busy_frag.frag_size[j1],
547 i2 = state->heaplimit + 1;
548 i1 = state->heaplimit + 1;
561 /* All blocks/fragments are equal to another block/fragment ? */
564 for(i = 1; i < state->heaplimit; i++) {
565 const malloc_info* heapinfo1 = (const malloc_info*) MC_region_read(
566 heap_region1, &heapinfo_temp1, &heapinfos1[i], sizeof(malloc_info));
567 if (heapinfo1->type == MMALLOC_TYPE_UNFRAGMENTED) {
568 if (i1 == state->heaplimit) {
569 if (heapinfo1->busy_block.busy_size > 0) {
570 if (state->equals_to1_(i, 0).valid == 0) {
571 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
573 XBT_DEBUG("Block %zu not found (size used = %zu)", i,
574 heapinfo1->busy_block.busy_size);
575 //mmalloc_backtrace_block_display((void*)heapinfo1, i);
582 if (heapinfo1->type > 0) {
583 for (j = 0; j < (size_t) (BLOCKSIZE >> heapinfo1->type); j++) {
584 if (i1 == state->heaplimit) {
585 if (heapinfo1->busy_frag.frag_size[j] > 0) {
586 if (state->equals_to1_(i, j).valid == 0) {
587 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
588 // TODO, print fragment address
590 ("Block %zu, Fragment %zu not found (size used = %zd)",
592 heapinfo1->busy_frag.frag_size[j]);
593 //mmalloc_backtrace_fragment_display((void*)heapinfo1, i, j);
603 if (i1 == state->heaplimit)
604 XBT_DEBUG("Number of blocks/fragments not found in heap1 : %d", nb_diff1);
606 for (i=1; i < state->heaplimit; i++) {
607 const malloc_info* heapinfo2 = (const malloc_info*) MC_region_read(
608 heap_region2, &heapinfo_temp2, &heapinfos2[i], sizeof(malloc_info));
609 if (heapinfo2->type == MMALLOC_TYPE_UNFRAGMENTED) {
610 if (i1 == state->heaplimit) {
611 if (heapinfo2->busy_block.busy_size > 0) {
612 if (state->equals_to2_(i, 0).valid == 0) {
613 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
614 // TODO, print address of the block
615 XBT_DEBUG("Block %zu not found (size used = %zu)", i,
616 heapinfo2->busy_block.busy_size);
617 //mmalloc_backtrace_block_display((void*)heapinfo2, i);
624 if (heapinfo2->type > 0) {
625 for (j = 0; j < (size_t) (BLOCKSIZE >> heapinfo2->type); j++) {
626 if (i1 == state->heaplimit) {
627 if (heapinfo2->busy_frag.frag_size[j] > 0) {
628 if (state->equals_to2_(i, j).valid == 0) {
629 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
630 // TODO, print address of the block
632 ("Block %zu, Fragment %zu not found (size used = %zd)",
634 heapinfo2->busy_frag.frag_size[j]);
635 //mmalloc_backtrace_fragment_display((void*)heapinfo2, i, j);
645 if (i1 == state->heaplimit)
646 XBT_DEBUG("Number of blocks/fragments not found in heap2 : %d", nb_diff2);
648 return ((nb_diff1 > 0) || (nb_diff2 > 0));
654 * @param real_area1 Process address for state 1
655 * @param real_area2 Process address for state 2
656 * @param snapshot1 Snapshot of state 1
657 * @param snapshot2 Snapshot of state 2
660 * @param check_ignore
662 static int compare_heap_area_without_type(struct s_mc_diff *state, int process_index,
663 const void *real_area1, const void *real_area2,
664 mc_snapshot_t snapshot1,
665 mc_snapshot_t snapshot2,
666 xbt_dynar_t previous, int size,
669 simgrid::mc::Process* process = &mc_model_checker->process();
672 const void *addr_pointed1, *addr_pointed2;
673 int pointer_align, res_compare;
674 ssize_t ignore1, ignore2;
676 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
677 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
681 if (check_ignore > 0) {
683 heap_comparison_ignore_size(state->to_ignore1,
684 (char *) real_area1 + i)) != -1) {
686 heap_comparison_ignore_size(state->to_ignore2,
687 (char *) real_area2 + i)) == ignore1) {
700 if (MC_snapshot_region_memcmp(((char *) real_area1) + i, heap_region1, ((char *) real_area2) + i, heap_region2, 1) != 0) {
702 pointer_align = (i / sizeof(void *)) * sizeof(void *);
703 addr_pointed1 = snapshot1->read(
704 remote((void**)((char *) real_area1 + pointer_align)), process_index);
705 addr_pointed2 = snapshot2->read(
706 remote((void**)((char *) real_area2 + pointer_align)), process_index);
708 if (process->in_maestro_stack(remote(addr_pointed1))
709 && process->in_maestro_stack(remote(addr_pointed2))) {
710 i = pointer_align + sizeof(void *);
712 } else if (addr_pointed1 > state->std_heap_copy.heapbase
713 && addr_pointed1 < mc_snapshot_get_heap_end(snapshot1)
714 && addr_pointed2 > state->std_heap_copy.heapbase
715 && addr_pointed2 < mc_snapshot_get_heap_end(snapshot2)) {
716 // Both addreses are in the heap:
718 compare_heap_area(process_index, addr_pointed1, addr_pointed2, snapshot1,
719 snapshot2, previous, NULL, 0);
720 if (res_compare == 1) {
723 i = pointer_align + sizeof(void *);
742 * @param real_area1 Process address for state 1
743 * @param real_area2 Process address for state 2
744 * @param snapshot1 Snapshot of state 1
745 * @param snapshot2 Snapshot of state 2
748 * @param area_size either a byte_size or an elements_count (?)
749 * @param check_ignore
750 * @param pointer_level
751 * @return 0 (same), 1 (different), -1 (unknown)
753 static int compare_heap_area_with_type(struct s_mc_diff *state, int process_index,
754 const void *real_area1, const void *real_area2,
755 mc_snapshot_t snapshot1,
756 mc_snapshot_t snapshot2,
757 xbt_dynar_t previous, simgrid::mc::Type* type,
758 int area_size, int check_ignore,
762 if (is_stack(real_area1) && is_stack(real_area2))
765 ssize_t ignore1, ignore2;
767 if ((check_ignore > 0)
768 && ((ignore1 = heap_comparison_ignore_size(state->to_ignore1, real_area1))
770 && ((ignore2 = heap_comparison_ignore_size(state->to_ignore2, real_area2))
775 simgrid::mc::Type *subtype, *subsubtype;
777 const void *addr_pointed1, *addr_pointed2;
779 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
780 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
782 switch (type->type) {
783 case DW_TAG_unspecified_type:
786 case DW_TAG_base_type:
787 if (!type->name.empty() && type->name == "char") { /* String, hence random (arbitrary ?) size */
788 if (real_area1 == real_area2)
791 return (MC_snapshot_region_memcmp(real_area1, heap_region1, real_area2, heap_region2, area_size) != 0);
793 if (area_size != -1 && type->byte_size != area_size)
796 return (MC_snapshot_region_memcmp(real_area1, heap_region1, real_area2, heap_region2, type->byte_size) != 0);
800 case DW_TAG_enumeration_type:
801 if (area_size != -1 && type->byte_size != area_size)
804 return (MC_snapshot_region_memcmp(real_area1, heap_region1, real_area2, heap_region2, type->byte_size) != 0);
807 case DW_TAG_const_type:
808 case DW_TAG_volatile_type:
810 type = type->subtype;
813 case DW_TAG_array_type:
814 subtype = type->subtype;
815 switch (subtype->type) {
816 case DW_TAG_unspecified_type:
819 case DW_TAG_base_type:
820 case DW_TAG_enumeration_type:
821 case DW_TAG_pointer_type:
822 case DW_TAG_reference_type:
823 case DW_TAG_rvalue_reference_type:
824 case DW_TAG_structure_type:
825 case DW_TAG_class_type:
826 case DW_TAG_union_type:
827 if (subtype->full_type)
828 subtype = subtype->full_type;
829 elm_size = subtype->byte_size;
831 // TODO, just remove the type indirection?
832 case DW_TAG_const_type:
834 case DW_TAG_volatile_type:
835 subsubtype = subtype->subtype;
836 if (subsubtype->full_type)
837 subsubtype = subsubtype->full_type;
838 elm_size = subsubtype->byte_size;
844 for (int i = 0; i < type->element_count; i++) {
845 // TODO, add support for variable stride (DW_AT_byte_stride)
847 compare_heap_area_with_type(state, process_index,
848 (char *) real_area1 + (i * elm_size),
849 (char *) real_area2 + (i * elm_size),
850 snapshot1, snapshot2, previous,
851 type->subtype, subtype->byte_size,
852 check_ignore, pointer_level);
857 case DW_TAG_reference_type:
858 case DW_TAG_rvalue_reference_type:
859 case DW_TAG_pointer_type:
860 if (type->subtype && type->subtype->type == DW_TAG_subroutine_type) {
861 addr_pointed1 = snapshot1->read(remote((void**)real_area1), process_index);
862 addr_pointed2 = snapshot2->read(remote((void**)real_area2), process_index);
863 return (addr_pointed1 != addr_pointed2);;
866 if (pointer_level > 1) { /* Array of pointers */
867 for (size_t i = 0; i < (area_size / sizeof(void *)); i++) {
868 addr_pointed1 = snapshot1->read(
869 remote((void**)((char*) real_area1 + i * sizeof(void *))),
871 addr_pointed2 = snapshot2->read(
872 remote((void**)((char*) real_area2 + i * sizeof(void *))),
874 if (addr_pointed1 > state->std_heap_copy.heapbase
875 && addr_pointed1 < mc_snapshot_get_heap_end(snapshot1)
876 && addr_pointed2 > state->std_heap_copy.heapbase
877 && addr_pointed2 < mc_snapshot_get_heap_end(snapshot2))
879 compare_heap_area(process_index, addr_pointed1, addr_pointed2, snapshot1,
880 snapshot2, previous, type->subtype,
883 res = (addr_pointed1 != addr_pointed2);
888 addr_pointed1 = snapshot1->read(remote((void**)real_area1), process_index);
889 addr_pointed2 = snapshot2->read(remote((void**)real_area2), process_index);
890 if (addr_pointed1 > state->std_heap_copy.heapbase
891 && addr_pointed1 < mc_snapshot_get_heap_end(snapshot1)
892 && addr_pointed2 > state->std_heap_copy.heapbase
893 && addr_pointed2 < mc_snapshot_get_heap_end(snapshot2))
894 return compare_heap_area(process_index, addr_pointed1, addr_pointed2, snapshot1,
895 snapshot2, previous, type->subtype,
898 return (addr_pointed1 != addr_pointed2);
902 case DW_TAG_structure_type:
903 case DW_TAG_class_type:
905 type = type->full_type;
906 if (area_size != -1 && type->byte_size != area_size) {
907 if (area_size > type->byte_size && area_size % type->byte_size == 0) {
908 for (size_t i = 0; i < (size_t)(area_size / type->byte_size); i++) {
910 compare_heap_area_with_type(state, process_index,
911 (char *) real_area1 + i * type->byte_size,
912 (char *) real_area2 + i * type->byte_size,
913 snapshot1, snapshot2, previous, type, -1,
922 for(simgrid::mc::Member& member : type->members) {
923 // TODO, optimize this? (for the offset case)
924 void *real_member1 = simgrid::dwarf::resolve_member(
925 real_area1, type, &member, (simgrid::mc::AddressSpace*) snapshot1, process_index);
926 void *real_member2 = simgrid::dwarf::resolve_member(
927 real_area2, type, &member, (simgrid::mc::AddressSpace*) snapshot2, process_index);
929 compare_heap_area_with_type(state, process_index, real_member1, real_member2,
930 snapshot1, snapshot2,
931 previous, member.type, -1,
939 case DW_TAG_union_type:
940 return compare_heap_area_without_type(state, process_index, real_area1, real_area2,
941 snapshot1, snapshot2, previous,
942 type->byte_size, check_ignore);
952 /** Infer the type of a part of the block from the type of the block
954 * TODO, handle DW_TAG_array_type as well as arrays of the object ((*p)[5], p[5])
956 * TODO, handle subfields ((*p).bar.foo, (*p)[5].bar…)
958 * @param type_id DWARF type ID of the root address
960 * @return DWARF type ID for given offset
962 static simgrid::mc::Type* get_offset_type(void *real_base_address, simgrid::mc::Type* type,
963 int offset, int area_size,
964 mc_snapshot_t snapshot, int process_index)
967 // Beginning of the block, the infered variable type if the type of the block:
971 switch (type->type) {
972 case DW_TAG_structure_type:
973 case DW_TAG_class_type:
975 type = type->full_type;
977 if (area_size != -1 && type->byte_size != area_size) {
978 if (area_size > type->byte_size && area_size % type->byte_size == 0)
983 for(simgrid::mc::Member& member : type->members) {
985 if (member.has_offset_location()) {
986 // We have the offset, use it directly (shortcut):
987 if (member.offset() == offset)
990 void *real_member = simgrid::dwarf::resolve_member(
991 real_base_address, type, &member, snapshot, process_index);
992 if ((char*) real_member - (char *) real_base_address == offset)
1001 /* FIXME : other cases ? */
1009 * @param area1 Process address for state 1
1010 * @param area2 Process address for state 2
1011 * @param snapshot1 Snapshot of state 1
1012 * @param snapshot2 Snapshot of state 2
1013 * @param previous Pairs of blocks already compared on the current path (or NULL)
1014 * @param type_id Type of variable
1015 * @param pointer_level
1016 * @return 0 (same), 1 (different), -1
1018 int compare_heap_area(int process_index, const void *area1, const void *area2, mc_snapshot_t snapshot1,
1019 mc_snapshot_t snapshot2, xbt_dynar_t previous,
1020 simgrid::mc::Type* type, int pointer_level)
1022 simgrid::mc::Process* process = &mc_model_checker->process();
1024 struct s_mc_diff *state = mc_diff_info;
1027 ssize_t block1, frag1, block2, frag2;
1029 int check_ignore = 0;
1031 void *real_addr_block1, *real_addr_block2, *real_addr_frag1, *real_addr_frag2;
1033 int offset1 = 0, offset2 = 0;
1034 int new_size1 = -1, new_size2 = -1;
1035 simgrid::mc::Type *new_type1 = NULL, *new_type2 = NULL;
1037 int match_pairs = 0;
1039 // This is the address of std_heap->heapinfo in the application process:
1040 void* heapinfo_address = &((xbt_mheap_t) process->heap_address)->heapinfo;
1042 const malloc_info* heapinfos1 = snapshot1->read(
1043 remote((const malloc_info**)heapinfo_address), process_index);
1044 const malloc_info* heapinfos2 = snapshot2->read(
1045 remote((const malloc_info**)heapinfo_address), process_index);
1047 malloc_info heapinfo_temp1, heapinfo_temp2;
1049 if (previous == NULL) {
1051 xbt_dynar_new(sizeof(heap_area_pair_t), heap_area_pair_free_voidp);
1054 // Get block number:
1057 (char *) state->std_heap_copy.heapbase) / BLOCKSIZE + 1;
1060 (char *) state->std_heap_copy.heapbase) / BLOCKSIZE + 1;
1062 // If either block is a stack block:
1063 if (is_block_stack((int) block1) && is_block_stack((int) block2)) {
1064 add_heap_area_pair(previous, block1, -1, block2, -1);
1066 match_equals(state, previous);
1067 xbt_dynar_free(&previous);
1071 // If either block is not in the expected area of memory:
1072 if (((char *) area1 < (char *) state->std_heap_copy.heapbase)
1073 || (block1 > (ssize_t) state->heapsize1) || (block1 < 1)
1074 || ((char *) area2 < (char *) state->std_heap_copy.heapbase)
1075 || (block2 > (ssize_t) state->heapsize2) || (block2 < 1)) {
1077 xbt_dynar_free(&previous);
1082 // Process address of the block:
1083 real_addr_block1 = (ADDR2UINT(block1) - 1) * BLOCKSIZE +
1084 (char *) state->std_heap_copy.heapbase;
1085 real_addr_block2 = (ADDR2UINT(block2) - 1) * BLOCKSIZE +
1086 (char *) state->std_heap_copy.heapbase;
1090 if (type->full_type)
1091 type = type->full_type;
1093 // This assume that for "boring" types (volatile ...) byte_size is absent:
1094 while (type->byte_size == 0 && type->subtype != NULL)
1095 type = type->subtype;
1098 if ((type->type == DW_TAG_pointer_type)
1099 || ((type->type == DW_TAG_base_type) && !type->name.empty()
1100 && type->name == "char"))
1103 type_size = type->byte_size;
1107 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
1108 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
1110 const malloc_info* heapinfo1 = (const malloc_info*) MC_region_read(
1111 heap_region1, &heapinfo_temp1, &heapinfos1[block1], sizeof(malloc_info));
1112 const malloc_info* heapinfo2 = (const malloc_info*) MC_region_read(
1113 heap_region2, &heapinfo_temp2, &heapinfos2[block2], sizeof(malloc_info));
1115 if ((heapinfo1->type == MMALLOC_TYPE_FREE || heapinfo1->type==MMALLOC_TYPE_HEAPINFO)
1116 && (heapinfo2->type == MMALLOC_TYPE_FREE || heapinfo2->type ==MMALLOC_TYPE_HEAPINFO)) {
1120 match_equals(state, previous);
1121 xbt_dynar_free(&previous);
1125 } else if (heapinfo1->type == MMALLOC_TYPE_UNFRAGMENTED
1126 && heapinfo2->type == MMALLOC_TYPE_UNFRAGMENTED) {
1127 /* Complete block */
1129 // TODO, lookup variable type from block type as done for fragmented blocks
1131 offset1 = (char *) area1 - (char *) real_addr_block1;
1132 offset2 = (char *) area2 - (char *) real_addr_block2;
1134 if (state->equals_to1_(block1, 0).valid
1135 && state->equals_to2_(block2, 0).valid) {
1136 if (equal_blocks(state, block1, block2)) {
1138 match_equals(state, previous);
1139 xbt_dynar_free(&previous);
1145 if (type_size != -1) {
1146 if (type_size != (ssize_t) heapinfo1->busy_block.busy_size
1147 && type_size != (ssize_t) heapinfo2->busy_block.busy_size
1148 && (type->name.empty() || type->name == "struct s_smx_context")) {
1150 match_equals(state, previous);
1151 xbt_dynar_free(&previous);
1157 if (heapinfo1->busy_block.size !=
1158 heapinfo2->busy_block.size) {
1160 xbt_dynar_free(&previous);
1165 if (heapinfo1->busy_block.busy_size !=
1166 heapinfo2->busy_block.busy_size) {
1168 xbt_dynar_free(&previous);
1173 if (!add_heap_area_pair(previous, block1, -1, block2, -1)) {
1175 match_equals(state, previous);
1176 xbt_dynar_free(&previous);
1181 size = heapinfo1->busy_block.busy_size;
1183 // Remember (basic) type inference.
1184 // The current data structure only allows us to do this for the whole block.
1185 if (type != NULL && area1 == real_addr_block1) {
1186 state->types1_(block1, 0) = type;
1188 if (type != NULL && area2 == real_addr_block2) {
1189 state->types2_(block2, 0) = type;
1194 match_equals(state, previous);
1195 xbt_dynar_free(&previous);
1203 if ((heapinfo1->busy_block.ignore > 0)
1204 && (heapinfo2->busy_block.ignore ==
1205 heapinfo1->busy_block.ignore))
1206 check_ignore = heapinfo1->busy_block.ignore;
1208 } else if ((heapinfo1->type > 0) && (heapinfo2->type > 0)) { /* Fragmented block */
1212 ((uintptr_t) (ADDR2UINT(area1) % (BLOCKSIZE))) >> heapinfo1->type;
1214 ((uintptr_t) (ADDR2UINT(area2) % (BLOCKSIZE))) >> heapinfo2->type;
1216 // Process address of the fragment:
1218 (void *) ((char *) real_addr_block1 +
1219 (frag1 << heapinfo1->type));
1221 (void *) ((char *) real_addr_block2 +
1222 (frag2 << heapinfo2->type));
1224 // Check the size of the fragments against the size of the type:
1225 if (type_size != -1) {
1226 if (heapinfo1->busy_frag.frag_size[frag1] == -1
1227 || heapinfo2->busy_frag.frag_size[frag2] == -1) {
1229 match_equals(state, previous);
1230 xbt_dynar_free(&previous);
1235 if (type_size != heapinfo1->busy_frag.frag_size[frag1]
1236 || type_size != heapinfo2->busy_frag.frag_size[frag2]) {
1238 match_equals(state, previous);
1239 xbt_dynar_free(&previous);
1245 // Check if the blocks are already matched together:
1246 if (state->equals_to1_(block1, frag1).valid
1247 && state->equals_to2_(block2, frag2).valid) {
1248 if (offset1==offset2 && equal_fragments(state, block1, frag1, block2, frag2)) {
1250 match_equals(state, previous);
1251 xbt_dynar_free(&previous);
1256 // Compare the size of both fragments:
1257 if (heapinfo1->busy_frag.frag_size[frag1] !=
1258 heapinfo2->busy_frag.frag_size[frag2]) {
1259 if (type_size == -1) {
1261 match_equals(state, previous);
1262 xbt_dynar_free(&previous);
1267 xbt_dynar_free(&previous);
1273 // Size of the fragment:
1274 size = heapinfo1->busy_frag.frag_size[frag1];
1276 // Remember (basic) type inference.
1277 // The current data structure only allows us to do this for the whole fragment.
1278 if (type != NULL && area1 == real_addr_frag1) {
1279 state->types1_(block1, frag1) = type;
1281 if (type != NULL && area2 == real_addr_frag2) {
1282 state->types2_(block2, frag2) = type;
1284 // The type of the variable is already known:
1289 // Type inference from the block type.
1290 else if (state->types1_(block1, frag1) != NULL
1291 || state->types2_(block2, frag2) != NULL) {
1293 offset1 = (char *) area1 - (char *) real_addr_frag1;
1294 offset2 = (char *) area2 - (char *) real_addr_frag2;
1296 if (state->types1_(block1, frag1) != NULL
1297 && state->types2_(block2, frag2) != NULL) {
1299 get_offset_type(real_addr_frag1, state->types1_(block1, frag1),
1300 offset1, size, snapshot1, process_index);
1302 get_offset_type(real_addr_frag2, state->types2_(block2, frag2),
1303 offset1, size, snapshot2, process_index);
1304 } else if (state->types1_(block1, frag1) != NULL) {
1306 get_offset_type(real_addr_frag1, state->types1_(block1, frag1),
1307 offset1, size, snapshot1, process_index);
1309 get_offset_type(real_addr_frag2, state->types1_(block1, frag1),
1310 offset2, size, snapshot2, process_index);
1311 } else if (state->types2_(block2, frag2) != NULL) {
1313 get_offset_type(real_addr_frag1, state->types2_(block2, frag2),
1314 offset1, size, snapshot1, process_index);
1316 get_offset_type(real_addr_frag2, state->types2_(block2, frag2),
1317 offset2, size, snapshot2, process_index);
1320 match_equals(state, previous);
1321 xbt_dynar_free(&previous);
1326 if (new_type1 != NULL && new_type2 != NULL && new_type1 != new_type2) {
1329 while (type->byte_size == 0 && type->subtype != NULL)
1330 type = type->subtype;
1331 new_size1 = type->byte_size;
1334 while (type->byte_size == 0 && type->subtype != NULL)
1335 type = type->subtype;
1336 new_size2 = type->byte_size;
1340 match_equals(state, previous);
1341 xbt_dynar_free(&previous);
1347 if (new_size1 > 0 && new_size1 == new_size2) {
1352 if (offset1 == 0 && offset2 == 0) {
1353 if (!add_heap_area_pair(previous, block1, frag1, block2, frag2)) {
1355 match_equals(state, previous);
1356 xbt_dynar_free(&previous);
1364 match_equals(state, previous);
1365 xbt_dynar_free(&previous);
1370 if ((heapinfo1->busy_frag.ignore[frag1] > 0)
1371 && (heapinfo2->busy_frag.ignore[frag2] ==
1372 heapinfo1->busy_frag.ignore[frag1]))
1373 check_ignore = heapinfo1->busy_frag.ignore[frag1];
1378 xbt_dynar_free(&previous);
1385 /* Start comparison */
1388 compare_heap_area_with_type(state, process_index, area1, area2, snapshot1, snapshot2,
1389 previous, type, size, check_ignore,
1393 compare_heap_area_without_type(state, process_index, area1, area2, snapshot1, snapshot2,
1394 previous, size, check_ignore);
1396 if (res_compare == 1) {
1398 xbt_dynar_free(&previous);
1403 match_equals(state, previous);
1404 xbt_dynar_free(&previous);
1410 /*********************************************** Miscellaneous ***************************************************/
1411 /****************************************************************************************************************/
1413 // Not used and broken code:
1417 static int get_pointed_area_size(void *area, int heap)
1420 struct s_mc_diff *state = mc_diff_info;
1423 malloc_info *heapinfo;
1426 heapinfo = state->heapinfo1;
1428 heapinfo = state->heapinfo2;
1432 (char *) state->std_heap_copy.heapbase) / BLOCKSIZE + 1;
1434 if (((char *) area < (char *) state->std_heap_copy.heapbase)
1435 || (block > state->heapsize1) || (block < 1))
1438 if (heapinfo[block].type == MMALLOC_TYPE_FREE || heapinfo[block].type == MMALLOC_TYPE_HEAPINFO) { /* Free block */
1440 } else if (heapinfo[block].type == MMALLOC_TYPE_UNFRAGMENTED) { /* Complete block */
1441 return (int) heapinfo[block].busy_block.busy_size;
1444 ((uintptr_t) (ADDR2UINT(area) % (BLOCKSIZE))) >> heapinfo[block].type;
1445 return (int) heapinfo[block].busy_frag.frag_size[frag];
1450 #define max( a, b ) ( ((a) > (b)) ? (a) : (b) )
1454 int mmalloc_linear_compare_heap(xbt_mheap_t heap1, xbt_mheap_t heap2)
1457 struct s_mc_diff *state = mc_diff_info;
1459 if (heap1 == NULL && heap1 == NULL) {
1460 XBT_DEBUG("Malloc descriptors null");
1464 if (heap1->heaplimit != heap2->heaplimit) {
1465 XBT_DEBUG("Different limit of valid info table indices");
1469 /* Heap information */
1470 state->heaplimit = ((struct mdesc *) heap1)->heaplimit;
1472 state->std_heap_copy = *mc_model_checker->process().get_heap();
1474 state->heapbase1 = (char *) heap1 + BLOCKSIZE;
1475 state->heapbase2 = (char *) heap2 + BLOCKSIZE;
1478 (malloc_info *) ((char *) heap1 +
1480 ((char *) heap1->heapinfo - (char *) state->s_heap)));
1482 (malloc_info *) ((char *) heap2 +
1484 ((char *) heap2->heapinfo - (char *) state->s_heap)));
1486 state->heapsize1 = heap1->heapsize;
1487 state->heapsize2 = heap2->heapsize;
1489 /* Start comparison */
1491 void *addr_block1, *addr_block2, *addr_frag1, *addr_frag2;
1495 /* Check busy blocks */
1499 while (i <= state->heaplimit) {
1502 ((void *) (((ADDR2UINT(i)) - 1) * BLOCKSIZE +
1503 (char *) state->heapbase1));
1505 ((void *) (((ADDR2UINT(i)) - 1) * BLOCKSIZE +
1506 (char *) state->heapbase2));
1508 if (state->heapinfo1[i].type != state->heapinfo2[i].type) {
1510 distance += BLOCKSIZE;
1511 XBT_DEBUG("Different type of blocks (%zu) : %d - %d -> distance = %d", i,
1512 state->heapinfo1[i].type, state->heapinfo2[i].type, distance);
1517 if (state->heapinfo1[i].type == MMALLOC_TYPE_FREE
1518 || state->heapinfo1[i].type == MMALLOC_TYPE_HAPINFO) { /* Free block */
1523 if (state->heapinfo1[i].type == MMALLOC_TYPE_UNFRAGMENTED) { /* Large block */
1525 if (state->heapinfo1[i].busy_block.size !=
1526 state->heapinfo2[i].busy_block.size) {
1528 BLOCKSIZE * max(state->heapinfo1[i].busy_block.size,
1529 state->heapinfo2[i].busy_block.size);
1530 i += max(state->heapinfo1[i].busy_block.size,
1531 state->heapinfo2[i].busy_block.size);
1533 ("Different larger of cluster at block %zu : %zu - %zu -> distance = %d",
1534 i, state->heapinfo1[i].busy_block.size,
1535 state->heapinfo2[i].busy_block.size, distance);
1539 /*if(heapinfo1[i].busy_block.busy_size != heapinfo2[i].busy_block.busy_size){
1540 distance += max(heapinfo1[i].busy_block.busy_size, heapinfo2[i].busy_block.busy_size);
1541 i += max(heapinfo1[i].busy_block.size, heapinfo2[i].busy_block.size);
1542 XBT_DEBUG("Different size used oin large cluster at block %zu : %zu - %zu -> distance = %d", i, heapinfo1[i].busy_block.busy_size, heapinfo2[i].busy_block.busy_size, distance);
1548 //while(k < (heapinfo1[i].busy_block.busy_size)){
1549 while (k < state->heapinfo1[i].busy_block.size * BLOCKSIZE) {
1550 if (memcmp((char *) addr_block1 + k, (char *) addr_block2 + k, 1) !=
1559 } else { /* Fragmented block */
1561 for (j = 0; j < (size_t) (BLOCKSIZE >> state->heapinfo1[i].type); j++) {
1564 (void *) ((char *) addr_block1 + (j << state->heapinfo1[i].type));
1566 (void *) ((char *) addr_block2 + (j << state->heapinfo2[i].type));
1568 if (state->heapinfo1[i].busy_frag.frag_size[j] == 0
1569 && state->heapinfo2[i].busy_frag.frag_size[j] == 0) {
1574 /*if(heapinfo1[i].busy_frag.frag_size[j] != heapinfo2[i].busy_frag.frag_size[j]){
1575 distance += max(heapinfo1[i].busy_frag.frag_size[j], heapinfo2[i].busy_frag.frag_size[j]);
1576 XBT_DEBUG("Different size used in fragment %zu in block %zu : %d - %d -> distance = %d", j, i, heapinfo1[i].busy_frag.frag_size[j], heapinfo2[i].busy_frag.frag_size[j], distance);
1582 //while(k < max(heapinfo1[i].busy_frag.frag_size[j], heapinfo2[i].busy_frag.frag_size[j])){
1583 while (k < (BLOCKSIZE / (BLOCKSIZE >> state->heapinfo1[i].type))) {
1584 if (memcmp((char *) addr_frag1 + k, (char *) addr_frag2 + k, 1) !=
