1 /* mc_diff - Memory snapshooting and comparison */
3 /* Copyright (c) 2008-2015. The SimGrid Team.
4 * All rights reserved. */
6 /* This program is free software; you can redistribute it and/or modify it
7 * under the terms of the license (GNU LGPL) which comes with this package. */
9 #include "xbt/ex_interface.h" /* internals of backtrace setup */
12 #include "xbt/mmalloc.h"
13 #include "mc_object_info.h"
14 #include "mc/datatypes.h"
15 #include "mc/mc_private.h"
16 #include "mc/mc_snapshot.h"
17 #include "mc/mc_dwarf.hpp"
18 #include "mc/Type.hpp"
20 using simgrid::mc::remote;
24 XBT_LOG_NEW_DEFAULT_SUBCATEGORY(mc_diff, xbt,
25 "Logging specific to mc_diff in mc");
27 xbt_dynar_t mc_heap_comparison_ignore;
28 xbt_dynar_t stacks_areas;
30 /*********************************** Heap comparison ***********************************/
31 /***************************************************************************************/
33 typedef char *type_name;
35 struct XBT_PRIVATE s_mc_diff {
36 s_xbt_mheap_t std_heap_copy;
38 // Number of blocks in the heaps:
39 size_t heapsize1, heapsize2;
40 std::vector<s_mc_heap_ignore_region_t>* to_ignore1;
41 std::vector<s_mc_heap_ignore_region_t>* to_ignore2;
42 s_heap_area_t *equals_to1, *equals_to2;
43 simgrid::mc::Type **types1;
44 simgrid::mc::Type **types2;
48 #define equals_to1_(i,j) equals_to1[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
49 #define equals_to2_(i,j) equals_to2[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
50 #define types1_(i,j) types1[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
51 #define types2_(i,j) types2[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
53 __thread struct s_mc_diff *mc_diff_info = NULL;
55 /*********************************** Free functions ************************************/
57 static void heap_area_pair_free(heap_area_pair_t pair)
63 static void heap_area_pair_free_voidp(void *d)
65 heap_area_pair_free((heap_area_pair_t) * (void **) d);
68 static void heap_area_free(heap_area_t area)
74 /************************************************************************************/
76 static s_heap_area_t make_heap_area(int block, int fragment)
81 area.fragment = fragment;
86 static int is_new_heap_area_pair(xbt_dynar_t list, int block1, int fragment1,
87 int block2, int fragment2)
90 unsigned int cursor = 0;
91 heap_area_pair_t current_pair;
93 xbt_dynar_foreach(list, cursor, current_pair) {
94 if (current_pair->block1 == block1 && current_pair->block2 == block2
95 && current_pair->fragment1 == fragment1
96 && current_pair->fragment2 == fragment2)
103 static int add_heap_area_pair(xbt_dynar_t list, int block1, int fragment1,
104 int block2, int fragment2)
107 if (is_new_heap_area_pair(list, block1, fragment1, block2, fragment2)) {
108 heap_area_pair_t pair = NULL;
109 pair = xbt_new0(s_heap_area_pair_t, 1);
110 pair->block1 = block1;
111 pair->fragment1 = fragment1;
112 pair->block2 = block2;
113 pair->fragment2 = fragment2;
115 xbt_dynar_push(list, &pair);
123 static ssize_t heap_comparison_ignore_size(std::vector<s_mc_heap_ignore_region_t>* ignore_list,
127 int end = ignore_list->size() - 1;
129 while (start <= end) {
130 unsigned int cursor = (start + end) / 2;
131 s_mc_heap_ignore_region_t region = (*ignore_list)[cursor];
132 if (region.address == address)
134 if (region.address < address)
136 if (region.address > address)
143 static int is_stack(const void *address)
145 unsigned int cursor = 0;
146 stack_region_t stack;
148 xbt_dynar_foreach(stacks_areas, cursor, stack) {
149 if (address == stack->address)
156 // TODO, this should depend on the snapshot?
157 static int is_block_stack(int block)
159 unsigned int cursor = 0;
160 stack_region_t stack;
162 xbt_dynar_foreach(stacks_areas, cursor, stack) {
163 if (block == stack->block)
170 static void match_equals(struct s_mc_diff *state, xbt_dynar_t list)
173 unsigned int cursor = 0;
174 heap_area_pair_t current_pair;
176 xbt_dynar_foreach(list, cursor, current_pair) {
178 if (current_pair->fragment1 != -1) {
180 state->equals_to1_(current_pair->block1, current_pair->fragment1) =
181 make_heap_area(current_pair->block2, current_pair->fragment2);
182 state->equals_to2_(current_pair->block2, current_pair->fragment2) =
183 make_heap_area(current_pair->block1, current_pair->fragment1);
187 state->equals_to1_(current_pair->block1, 0) =
188 make_heap_area(current_pair->block2, current_pair->fragment2);
189 state->equals_to2_(current_pair->block2, 0) =
190 make_heap_area(current_pair->block1, current_pair->fragment1);
197 /** Check whether two blocks are known to be matching
199 * @param state State used
200 * @param b1 Block of state 1
201 * @param b2 Block of state 2
202 * @return if the blocks are known to be matching
204 static int equal_blocks(struct s_mc_diff *state, int b1, int b2)
207 if (state->equals_to1_(b1, 0).block == b2
208 && state->equals_to2_(b2, 0).block == b1)
214 /** Check whether two fragments are known to be matching
216 * @param state State used
217 * @param b1 Block of state 1
218 * @param f1 Fragment of state 1
219 * @param b2 Block of state 2
220 * @param f2 Fragment of state 2
221 * @return if the fragments are known to be matching
223 static int equal_fragments(struct s_mc_diff *state, int b1, int f1, int b2,
227 if (state->equals_to1_(b1, f1).block == b2
228 && state->equals_to1_(b1, f1).fragment == f2
229 && state->equals_to2_(b2, f2).block == b1
230 && state->equals_to2_(b2, f2).fragment == f1)
238 int init_heap_information(xbt_mheap_t heap1, xbt_mheap_t heap2,
239 std::vector<s_mc_heap_ignore_region_t>* i1,
240 std::vector<s_mc_heap_ignore_region_t>* i2)
242 if (mc_diff_info == NULL) {
243 mc_diff_info = xbt_new0(struct s_mc_diff, 1);
244 mc_diff_info->equals_to1 = NULL;
245 mc_diff_info->equals_to2 = NULL;
246 mc_diff_info->types1 = NULL;
247 mc_diff_info->types2 = NULL;
249 struct s_mc_diff *state = mc_diff_info;
251 if ((((struct mdesc *) heap1)->heaplimit !=
252 ((struct mdesc *) heap2)->heaplimit)
254 ((((struct mdesc *) heap1)->heapsize !=
255 ((struct mdesc *) heap2)->heapsize)))
258 state->heaplimit = ((struct mdesc *) heap1)->heaplimit;
260 state->std_heap_copy = *mc_model_checker->process().get_heap();
262 state->heapsize1 = heap1->heapsize;
263 state->heapsize2 = heap2->heapsize;
265 state->to_ignore1 = i1;
266 state->to_ignore2 = i2;
268 if (state->heaplimit > state->available) {
269 state->equals_to1 = (s_heap_area_t*)
270 realloc(state->equals_to1,
271 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
272 sizeof(s_heap_area_t));
273 state->types1 = (simgrid::mc::Type**)
274 realloc(state->types1,
275 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
276 sizeof(simgrid::mc::Type*));
277 state->equals_to2 = (s_heap_area_t*)
278 realloc(state->equals_to2,
279 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
280 sizeof(s_heap_area_t));
281 state->types2 = (simgrid::mc::Type**)
282 realloc(state->types2,
283 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
284 sizeof(simgrid::mc::Type*));
285 state->available = state->heaplimit;
288 memset(state->equals_to1, 0,
289 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(s_heap_area_t));
290 memset(state->equals_to2, 0,
291 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(s_heap_area_t));
292 memset(state->types1, 0,
293 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(type_name *));
294 memset(state->types2, 0,
295 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(type_name *));
303 void reset_heap_information()
308 // TODO, have a robust way to find it in O(1)
310 mc_mem_region_t MC_get_heap_region(mc_snapshot_t snapshot)
312 size_t n = snapshot->snapshot_regions.size();
313 for (size_t i=0; i!=n; ++i) {
314 mc_mem_region_t region = snapshot->snapshot_regions[i].get();
315 if (region->region_type() == simgrid::mc::RegionType::Heap)
318 xbt_die("No heap region");
321 int mmalloc_compare_heap(mc_snapshot_t snapshot1, mc_snapshot_t snapshot2)
323 simgrid::mc::Process* process = &mc_model_checker->process();
324 struct s_mc_diff *state = mc_diff_info;
326 /* Start comparison */
327 size_t i1, i2, j1, j2, k;
328 void *addr_block1, *addr_block2, *addr_frag1, *addr_frag2;
329 int nb_diff1 = 0, nb_diff2 = 0;
331 int equal, res_compare = 0;
333 /* Check busy blocks */
337 malloc_info heapinfo_temp1, heapinfo_temp2;
338 malloc_info heapinfo_temp2b;
340 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
341 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
343 // This is the address of std_heap->heapinfo in the application process:
344 void* heapinfo_address = &((xbt_mheap_t) process->heap_address)->heapinfo;
346 // This is in snapshot do not use them directly:
347 const malloc_info* heapinfos1 = snapshot1->read<malloc_info*>(
348 (std::uint64_t)heapinfo_address, simgrid::mc::ProcessIndexMissing);
349 const malloc_info* heapinfos2 = snapshot2->read<malloc_info*>(
350 (std::uint64_t)heapinfo_address, simgrid::mc::ProcessIndexMissing);
352 while (i1 < state->heaplimit) {
354 const malloc_info* heapinfo1 = (const malloc_info*) MC_region_read(heap_region1, &heapinfo_temp1, &heapinfos1[i1], sizeof(malloc_info));
355 const malloc_info* heapinfo2 = (const malloc_info*) MC_region_read(heap_region2, &heapinfo_temp2, &heapinfos2[i1], sizeof(malloc_info));
357 if (heapinfo1->type == MMALLOC_TYPE_FREE || heapinfo1->type == MMALLOC_TYPE_HEAPINFO) { /* Free block */
362 if (heapinfo1->type < 0) {
363 fprintf(stderr, "Unkown mmalloc block type.\n");
368 ((void *) (((ADDR2UINT(i1)) - 1) * BLOCKSIZE +
369 (char *) state->std_heap_copy.heapbase));
371 if (heapinfo1->type == MMALLOC_TYPE_UNFRAGMENTED) { /* Large block */
373 if (is_stack(addr_block1)) {
374 for (k = 0; k < heapinfo1->busy_block.size; k++)
375 state->equals_to1_(i1 + k, 0) = make_heap_area(i1, -1);
376 for (k = 0; k < heapinfo2->busy_block.size; k++)
377 state->equals_to2_(i1 + k, 0) = make_heap_area(i1, -1);
378 i1 += heapinfo1->busy_block.size;
382 if (state->equals_to1_(i1, 0).valid) {
391 /* Try first to associate to same block in the other heap */
392 if (heapinfo2->type == heapinfo1->type) {
394 if (state->equals_to2_(i1, 0).valid == 0) {
396 addr_block2 = (ADDR2UINT(i1) - 1) * BLOCKSIZE +
397 (char *) state->std_heap_copy.heapbase;
400 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_block1, addr_block2, snapshot1, snapshot2,
403 if (res_compare != 1) {
404 for (k = 1; k < heapinfo2->busy_block.size; k++)
405 state->equals_to2_(i1 + k, 0) = make_heap_area(i1, -1);
406 for (k = 1; k < heapinfo1->busy_block.size; k++)
407 state->equals_to1_(i1 + k, 0) = make_heap_area(i1, -1);
409 i1 += heapinfo1->busy_block.size;
416 while (i2 < state->heaplimit && !equal) {
418 addr_block2 = (ADDR2UINT(i2) - 1) * BLOCKSIZE +
419 (char *) state->std_heap_copy.heapbase;
426 const malloc_info* heapinfo2b = (const malloc_info*) MC_region_read(heap_region2, &heapinfo_temp2b, &heapinfos2[i2], sizeof(malloc_info));
428 if (heapinfo2b->type != MMALLOC_TYPE_UNFRAGMENTED) {
433 if (state->equals_to2_(i2, 0).valid) {
439 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_block1, addr_block2, snapshot1, snapshot2,
442 if (res_compare != 1) {
443 for (k = 1; k < heapinfo2b->busy_block.size; k++)
444 state->equals_to2_(i2 + k, 0) = make_heap_area(i1, -1);
445 for (k = 1; k < heapinfo1->busy_block.size; k++)
446 state->equals_to1_(i1 + k, 0) = make_heap_area(i2, -1);
448 i1 += heapinfo1->busy_block.size;
456 XBT_DEBUG("Block %zu not found (size_used = %zu, addr = %p)", i1,
457 heapinfo1->busy_block.busy_size, addr_block1);
458 i1 = state->heaplimit + 1;
463 } else { /* Fragmented block */
465 for (j1 = 0; j1 < (size_t) (BLOCKSIZE >> heapinfo1->type); j1++) {
467 if (heapinfo1->busy_frag.frag_size[j1] == -1) /* Free fragment */
470 if (state->equals_to1_(i1, j1).valid)
474 (void *) ((char *) addr_block1 + (j1 << heapinfo1->type));
479 /* Try first to associate to same fragment in the other heap */
480 if (heapinfo2->type == heapinfo1->type) {
482 if (state->equals_to2_(i1, j1).valid == 0) {
484 addr_block2 = (ADDR2UINT(i1) - 1) * BLOCKSIZE +
485 (char *) state->std_heap_copy.heapbase;
487 (void *) ((char *) addr_block2 +
488 (j1 << heapinfo2->type));
491 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_frag1, addr_frag2, snapshot1, snapshot2,
494 if (res_compare != 1)
501 while (i2 < state->heaplimit && !equal) {
503 const malloc_info* heapinfo2b = (const malloc_info*) MC_region_read(
504 heap_region2, &heapinfo_temp2b, &heapinfos2[i2],
505 sizeof(malloc_info));
507 if (heapinfo2b->type == MMALLOC_TYPE_FREE || heapinfo2b->type == MMALLOC_TYPE_HEAPINFO) {
512 // We currently do not match fragments with unfragmented blocks (maybe we should).
513 if (heapinfo2b->type == MMALLOC_TYPE_UNFRAGMENTED) {
518 if (heapinfo2b->type < 0) {
519 fprintf(stderr, "Unkown mmalloc block type.\n");
523 for (j2 = 0; j2 < (size_t) (BLOCKSIZE >> heapinfo2b->type);
526 if (i2 == i1 && j2 == j1)
529 if (state->equals_to2_(i2, j2).valid)
532 addr_block2 = (ADDR2UINT(i2) - 1) * BLOCKSIZE +
533 (char *) state->std_heap_copy.heapbase;
535 (void *) ((char *) addr_block2 +
536 (j2 << heapinfo2b->type));
539 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_frag1, addr_frag2, snapshot2, snapshot2,
542 if (res_compare != 1) {
555 ("Block %zu, fragment %zu not found (size_used = %zd, address = %p)\n",
556 i1, j1, heapinfo1->busy_frag.frag_size[j1],
558 i2 = state->heaplimit + 1;
559 i1 = state->heaplimit + 1;
572 /* All blocks/fragments are equal to another block/fragment ? */
575 for(i = 1; i < state->heaplimit; i++) {
576 const malloc_info* heapinfo1 = (const malloc_info*) MC_region_read(
577 heap_region1, &heapinfo_temp1, &heapinfos1[i], sizeof(malloc_info));
578 if (heapinfo1->type == MMALLOC_TYPE_UNFRAGMENTED) {
579 if (i1 == state->heaplimit) {
580 if (heapinfo1->busy_block.busy_size > 0) {
581 if (state->equals_to1_(i, 0).valid == 0) {
582 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
584 XBT_DEBUG("Block %zu not found (size used = %zu)", i,
585 heapinfo1->busy_block.busy_size);
586 //mmalloc_backtrace_block_display((void*)heapinfo1, i);
593 if (heapinfo1->type > 0) {
594 for (j = 0; j < (size_t) (BLOCKSIZE >> heapinfo1->type); j++) {
595 if (i1 == state->heaplimit) {
596 if (heapinfo1->busy_frag.frag_size[j] > 0) {
597 if (state->equals_to1_(i, j).valid == 0) {
598 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
599 // TODO, print fragment address
601 ("Block %zu, Fragment %zu not found (size used = %zd)",
603 heapinfo1->busy_frag.frag_size[j]);
604 //mmalloc_backtrace_fragment_display((void*)heapinfo1, i, j);
614 if (i1 == state->heaplimit)
615 XBT_DEBUG("Number of blocks/fragments not found in heap1 : %d", nb_diff1);
617 for (i=1; i < state->heaplimit; i++) {
618 const malloc_info* heapinfo2 = (const malloc_info*) MC_region_read(
619 heap_region2, &heapinfo_temp2, &heapinfos2[i], sizeof(malloc_info));
620 if (heapinfo2->type == MMALLOC_TYPE_UNFRAGMENTED) {
621 if (i1 == state->heaplimit) {
622 if (heapinfo2->busy_block.busy_size > 0) {
623 if (state->equals_to2_(i, 0).valid == 0) {
624 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
625 // TODO, print address of the block
626 XBT_DEBUG("Block %zu not found (size used = %zu)", i,
627 heapinfo2->busy_block.busy_size);
628 //mmalloc_backtrace_block_display((void*)heapinfo2, i);
635 if (heapinfo2->type > 0) {
636 for (j = 0; j < (size_t) (BLOCKSIZE >> heapinfo2->type); j++) {
637 if (i1 == state->heaplimit) {
638 if (heapinfo2->busy_frag.frag_size[j] > 0) {
639 if (state->equals_to2_(i, j).valid == 0) {
640 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
641 // TODO, print address of the block
643 ("Block %zu, Fragment %zu not found (size used = %zd)",
645 heapinfo2->busy_frag.frag_size[j]);
646 //mmalloc_backtrace_fragment_display((void*)heapinfo2, i, j);
656 if (i1 == state->heaplimit)
657 XBT_DEBUG("Number of blocks/fragments not found in heap2 : %d", nb_diff2);
659 return ((nb_diff1 > 0) || (nb_diff2 > 0));
665 * @param real_area1 Process address for state 1
666 * @param real_area2 Process address for state 2
667 * @param snapshot1 Snapshot of state 1
668 * @param snapshot2 Snapshot of state 2
671 * @param check_ignore
673 static int compare_heap_area_without_type(struct s_mc_diff *state, int process_index,
674 const void *real_area1, const void *real_area2,
675 mc_snapshot_t snapshot1,
676 mc_snapshot_t snapshot2,
677 xbt_dynar_t previous, int size,
680 simgrid::mc::Process* process = &mc_model_checker->process();
683 const void *addr_pointed1, *addr_pointed2;
684 int pointer_align, res_compare;
685 ssize_t ignore1, ignore2;
687 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
688 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
692 if (check_ignore > 0) {
694 heap_comparison_ignore_size(state->to_ignore1,
695 (char *) real_area1 + i)) != -1) {
697 heap_comparison_ignore_size(state->to_ignore2,
698 (char *) real_area2 + i)) == ignore1) {
711 if (MC_snapshot_region_memcmp(((char *) real_area1) + i, heap_region1, ((char *) real_area2) + i, heap_region2, 1) != 0) {
713 pointer_align = (i / sizeof(void *)) * sizeof(void *);
714 addr_pointed1 = snapshot1->read(
715 remote((void**)((char *) real_area1 + pointer_align)), process_index);
716 addr_pointed2 = snapshot2->read(
717 remote((void**)((char *) real_area2 + pointer_align)), process_index);
719 if (process->in_maestro_stack(remote(addr_pointed1))
720 && process->in_maestro_stack(remote(addr_pointed2))) {
721 i = pointer_align + sizeof(void *);
723 } else if (addr_pointed1 > state->std_heap_copy.heapbase
724 && addr_pointed1 < mc_snapshot_get_heap_end(snapshot1)
725 && addr_pointed2 > state->std_heap_copy.heapbase
726 && addr_pointed2 < mc_snapshot_get_heap_end(snapshot2)) {
727 // Both addreses are in the heap:
729 compare_heap_area(process_index, addr_pointed1, addr_pointed2, snapshot1,
730 snapshot2, previous, NULL, 0);
731 if (res_compare == 1) {
734 i = pointer_align + sizeof(void *);
753 * @param real_area1 Process address for state 1
754 * @param real_area2 Process address for state 2
755 * @param snapshot1 Snapshot of state 1
756 * @param snapshot2 Snapshot of state 2
759 * @param area_size either a byte_size or an elements_count (?)
760 * @param check_ignore
761 * @param pointer_level
762 * @return 0 (same), 1 (different), -1 (unknown)
764 static int compare_heap_area_with_type(struct s_mc_diff *state, int process_index,
765 const void *real_area1, const void *real_area2,
766 mc_snapshot_t snapshot1,
767 mc_snapshot_t snapshot2,
768 xbt_dynar_t previous, simgrid::mc::Type* type,
769 int area_size, int check_ignore,
773 if (is_stack(real_area1) && is_stack(real_area2))
776 ssize_t ignore1, ignore2;
778 if ((check_ignore > 0)
779 && ((ignore1 = heap_comparison_ignore_size(state->to_ignore1, real_area1))
781 && ((ignore2 = heap_comparison_ignore_size(state->to_ignore2, real_area2))
786 simgrid::mc::Type *subtype, *subsubtype;
788 const void *addr_pointed1, *addr_pointed2;
790 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
791 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
793 switch (type->type) {
794 case DW_TAG_unspecified_type:
797 case DW_TAG_base_type:
798 if (!type->name.empty() && type->name == "char") { /* String, hence random (arbitrary ?) size */
799 if (real_area1 == real_area2)
802 return (MC_snapshot_region_memcmp(real_area1, heap_region1, real_area2, heap_region2, area_size) != 0);
804 if (area_size != -1 && type->byte_size != area_size)
807 return (MC_snapshot_region_memcmp(real_area1, heap_region1, real_area2, heap_region2, type->byte_size) != 0);
811 case DW_TAG_enumeration_type:
812 if (area_size != -1 && type->byte_size != area_size)
815 return (MC_snapshot_region_memcmp(real_area1, heap_region1, real_area2, heap_region2, type->byte_size) != 0);
818 case DW_TAG_const_type:
819 case DW_TAG_volatile_type:
821 type = type->subtype;
824 case DW_TAG_array_type:
825 subtype = type->subtype;
826 switch (subtype->type) {
827 case DW_TAG_unspecified_type:
830 case DW_TAG_base_type:
831 case DW_TAG_enumeration_type:
832 case DW_TAG_pointer_type:
833 case DW_TAG_reference_type:
834 case DW_TAG_rvalue_reference_type:
835 case DW_TAG_structure_type:
836 case DW_TAG_class_type:
837 case DW_TAG_union_type:
838 if (subtype->full_type)
839 subtype = subtype->full_type;
840 elm_size = subtype->byte_size;
842 // TODO, just remove the type indirection?
843 case DW_TAG_const_type:
845 case DW_TAG_volatile_type:
846 subsubtype = subtype->subtype;
847 if (subsubtype->full_type)
848 subsubtype = subsubtype->full_type;
849 elm_size = subsubtype->byte_size;
855 for (int i = 0; i < type->element_count; i++) {
856 // TODO, add support for variable stride (DW_AT_byte_stride)
858 compare_heap_area_with_type(state, process_index,
859 (char *) real_area1 + (i * elm_size),
860 (char *) real_area2 + (i * elm_size),
861 snapshot1, snapshot2, previous,
862 type->subtype, subtype->byte_size,
863 check_ignore, pointer_level);
868 case DW_TAG_reference_type:
869 case DW_TAG_rvalue_reference_type:
870 case DW_TAG_pointer_type:
871 if (type->subtype && type->subtype->type == DW_TAG_subroutine_type) {
872 addr_pointed1 = snapshot1->read(remote((void**)real_area1), process_index);
873 addr_pointed2 = snapshot2->read(remote((void**)real_area2), process_index);
874 return (addr_pointed1 != addr_pointed2);;
877 if (pointer_level > 1) { /* Array of pointers */
878 for (size_t i = 0; i < (area_size / sizeof(void *)); i++) {
879 addr_pointed1 = snapshot1->read(
880 remote((void**)((char*) real_area1 + i * sizeof(void *))),
882 addr_pointed2 = snapshot2->read(
883 remote((void**)((char*) real_area2 + i * sizeof(void *))),
885 if (addr_pointed1 > state->std_heap_copy.heapbase
886 && addr_pointed1 < mc_snapshot_get_heap_end(snapshot1)
887 && addr_pointed2 > state->std_heap_copy.heapbase
888 && addr_pointed2 < mc_snapshot_get_heap_end(snapshot2))
890 compare_heap_area(process_index, addr_pointed1, addr_pointed2, snapshot1,
891 snapshot2, previous, type->subtype,
894 res = (addr_pointed1 != addr_pointed2);
899 addr_pointed1 = snapshot1->read(remote((void**)real_area1), process_index);
900 addr_pointed2 = snapshot2->read(remote((void**)real_area2), process_index);
901 if (addr_pointed1 > state->std_heap_copy.heapbase
902 && addr_pointed1 < mc_snapshot_get_heap_end(snapshot1)
903 && addr_pointed2 > state->std_heap_copy.heapbase
904 && addr_pointed2 < mc_snapshot_get_heap_end(snapshot2))
905 return compare_heap_area(process_index, addr_pointed1, addr_pointed2, snapshot1,
906 snapshot2, previous, type->subtype,
909 return (addr_pointed1 != addr_pointed2);
913 case DW_TAG_structure_type:
914 case DW_TAG_class_type:
916 type = type->full_type;
917 if (area_size != -1 && type->byte_size != area_size) {
918 if (area_size > type->byte_size && area_size % type->byte_size == 0) {
919 for (size_t i = 0; i < (size_t)(area_size / type->byte_size); i++) {
921 compare_heap_area_with_type(state, process_index,
922 (char *) real_area1 + i * type->byte_size,
923 (char *) real_area2 + i * type->byte_size,
924 snapshot1, snapshot2, previous, type, -1,
933 for(simgrid::mc::Member& member : type->members) {
934 // TODO, optimize this? (for the offset case)
936 mc_member_resolve(real_area1, type, &member, (simgrid::mc::AddressSpace*) snapshot1, process_index);
938 mc_member_resolve(real_area2, type, &member, (simgrid::mc::AddressSpace*) snapshot2, process_index);
940 compare_heap_area_with_type(state, process_index, real_member1, real_member2,
941 snapshot1, snapshot2,
942 previous, member.type, -1,
950 case DW_TAG_union_type:
951 return compare_heap_area_without_type(state, process_index, real_area1, real_area2,
952 snapshot1, snapshot2, previous,
953 type->byte_size, check_ignore);
963 /** Infer the type of a part of the block from the type of the block
965 * TODO, handle DW_TAG_array_type as well as arrays of the object ((*p)[5], p[5])
967 * TODO, handle subfields ((*p).bar.foo, (*p)[5].bar…)
969 * @param type_id DWARF type ID of the root address
971 * @return DWARF type ID for given offset
973 static simgrid::mc::Type* get_offset_type(void *real_base_address, simgrid::mc::Type* type,
974 int offset, int area_size,
975 mc_snapshot_t snapshot, int process_index)
978 // Beginning of the block, the infered variable type if the type of the block:
982 switch (type->type) {
983 case DW_TAG_structure_type:
984 case DW_TAG_class_type:
986 type = type->full_type;
988 if (area_size != -1 && type->byte_size != area_size) {
989 if (area_size > type->byte_size && area_size % type->byte_size == 0)
994 for(simgrid::mc::Member& member : type->members) {
996 if (member.has_offset_location()) {
997 // We have the offset, use it directly (shortcut):
998 if (member.offset() == offset)
1002 mc_member_resolve(real_base_address, type, &member,
1003 snapshot, process_index);
1004 if ((char*) real_member - (char *) real_base_address == offset)
1013 /* FIXME : other cases ? */
1021 * @param area1 Process address for state 1
1022 * @param area2 Process address for state 2
1023 * @param snapshot1 Snapshot of state 1
1024 * @param snapshot2 Snapshot of state 2
1025 * @param previous Pairs of blocks already compared on the current path (or NULL)
1026 * @param type_id Type of variable
1027 * @param pointer_level
1028 * @return 0 (same), 1 (different), -1
1030 int compare_heap_area(int process_index, const void *area1, const void *area2, mc_snapshot_t snapshot1,
1031 mc_snapshot_t snapshot2, xbt_dynar_t previous,
1032 simgrid::mc::Type* type, int pointer_level)
1034 simgrid::mc::Process* process = &mc_model_checker->process();
1036 struct s_mc_diff *state = mc_diff_info;
1039 ssize_t block1, frag1, block2, frag2;
1041 int check_ignore = 0;
1043 void *real_addr_block1, *real_addr_block2, *real_addr_frag1, *real_addr_frag2;
1045 int offset1 = 0, offset2 = 0;
1046 int new_size1 = -1, new_size2 = -1;
1047 simgrid::mc::Type *new_type1 = NULL, *new_type2 = NULL;
1049 int match_pairs = 0;
1051 // This is the address of std_heap->heapinfo in the application process:
1052 void* heapinfo_address = &((xbt_mheap_t) process->heap_address)->heapinfo;
1054 const malloc_info* heapinfos1 = snapshot1->read(
1055 remote((const malloc_info**)heapinfo_address), process_index);
1056 const malloc_info* heapinfos2 = snapshot2->read(
1057 remote((const malloc_info**)heapinfo_address), process_index);
1059 malloc_info heapinfo_temp1, heapinfo_temp2;
1061 if (previous == NULL) {
1063 xbt_dynar_new(sizeof(heap_area_pair_t), heap_area_pair_free_voidp);
1066 // Get block number:
1069 (char *) state->std_heap_copy.heapbase) / BLOCKSIZE + 1;
1072 (char *) state->std_heap_copy.heapbase) / BLOCKSIZE + 1;
1074 // If either block is a stack block:
1075 if (is_block_stack((int) block1) && is_block_stack((int) block2)) {
1076 add_heap_area_pair(previous, block1, -1, block2, -1);
1078 match_equals(state, previous);
1079 xbt_dynar_free(&previous);
1083 // If either block is not in the expected area of memory:
1084 if (((char *) area1 < (char *) state->std_heap_copy.heapbase)
1085 || (block1 > (ssize_t) state->heapsize1) || (block1 < 1)
1086 || ((char *) area2 < (char *) state->std_heap_copy.heapbase)
1087 || (block2 > (ssize_t) state->heapsize2) || (block2 < 1)) {
1089 xbt_dynar_free(&previous);
1094 // Process address of the block:
1095 real_addr_block1 = (ADDR2UINT(block1) - 1) * BLOCKSIZE +
1096 (char *) state->std_heap_copy.heapbase;
1097 real_addr_block2 = (ADDR2UINT(block2) - 1) * BLOCKSIZE +
1098 (char *) state->std_heap_copy.heapbase;
1102 if (type->full_type)
1103 type = type->full_type;
1105 // This assume that for "boring" types (volatile ...) byte_size is absent:
1106 while (type->byte_size == 0 && type->subtype != NULL)
1107 type = type->subtype;
1110 if ((type->type == DW_TAG_pointer_type)
1111 || ((type->type == DW_TAG_base_type) && !type->name.empty()
1112 && type->name == "char"))
1115 type_size = type->byte_size;
1119 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
1120 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
1122 const malloc_info* heapinfo1 = (const malloc_info*) MC_region_read(
1123 heap_region1, &heapinfo_temp1, &heapinfos1[block1], sizeof(malloc_info));
1124 const malloc_info* heapinfo2 = (const malloc_info*) MC_region_read(
1125 heap_region2, &heapinfo_temp2, &heapinfos2[block2], sizeof(malloc_info));
1127 if ((heapinfo1->type == MMALLOC_TYPE_FREE || heapinfo1->type==MMALLOC_TYPE_HEAPINFO)
1128 && (heapinfo2->type == MMALLOC_TYPE_FREE || heapinfo2->type ==MMALLOC_TYPE_HEAPINFO)) {
1132 match_equals(state, previous);
1133 xbt_dynar_free(&previous);
1137 } else if (heapinfo1->type == MMALLOC_TYPE_UNFRAGMENTED
1138 && heapinfo2->type == MMALLOC_TYPE_UNFRAGMENTED) {
1139 /* Complete block */
1141 // TODO, lookup variable type from block type as done for fragmented blocks
1143 offset1 = (char *) area1 - (char *) real_addr_block1;
1144 offset2 = (char *) area2 - (char *) real_addr_block2;
1146 if (state->equals_to1_(block1, 0).valid
1147 && state->equals_to2_(block2, 0).valid) {
1148 if (equal_blocks(state, block1, block2)) {
1150 match_equals(state, previous);
1151 xbt_dynar_free(&previous);
1157 if (type_size != -1) {
1158 if (type_size != (ssize_t) heapinfo1->busy_block.busy_size
1159 && type_size != (ssize_t) heapinfo2->busy_block.busy_size
1160 && (type->name.empty() || type->name == "struct s_smx_context")) {
1162 match_equals(state, previous);
1163 xbt_dynar_free(&previous);
1169 if (heapinfo1->busy_block.size !=
1170 heapinfo2->busy_block.size) {
1172 xbt_dynar_free(&previous);
1177 if (heapinfo1->busy_block.busy_size !=
1178 heapinfo2->busy_block.busy_size) {
1180 xbt_dynar_free(&previous);
1185 if (!add_heap_area_pair(previous, block1, -1, block2, -1)) {
1187 match_equals(state, previous);
1188 xbt_dynar_free(&previous);
1193 size = heapinfo1->busy_block.busy_size;
1195 // Remember (basic) type inference.
1196 // The current data structure only allows us to do this for the whole block.
1197 if (type != NULL && area1 == real_addr_block1) {
1198 state->types1_(block1, 0) = type;
1200 if (type != NULL && area2 == real_addr_block2) {
1201 state->types2_(block2, 0) = type;
1206 match_equals(state, previous);
1207 xbt_dynar_free(&previous);
1215 if ((heapinfo1->busy_block.ignore > 0)
1216 && (heapinfo2->busy_block.ignore ==
1217 heapinfo1->busy_block.ignore))
1218 check_ignore = heapinfo1->busy_block.ignore;
1220 } else if ((heapinfo1->type > 0) && (heapinfo2->type > 0)) { /* Fragmented block */
1224 ((uintptr_t) (ADDR2UINT(area1) % (BLOCKSIZE))) >> heapinfo1->type;
1226 ((uintptr_t) (ADDR2UINT(area2) % (BLOCKSIZE))) >> heapinfo2->type;
1228 // Process address of the fragment:
1230 (void *) ((char *) real_addr_block1 +
1231 (frag1 << heapinfo1->type));
1233 (void *) ((char *) real_addr_block2 +
1234 (frag2 << heapinfo2->type));
1236 // Check the size of the fragments against the size of the type:
1237 if (type_size != -1) {
1238 if (heapinfo1->busy_frag.frag_size[frag1] == -1
1239 || heapinfo2->busy_frag.frag_size[frag2] == -1) {
1241 match_equals(state, previous);
1242 xbt_dynar_free(&previous);
1247 if (type_size != heapinfo1->busy_frag.frag_size[frag1]
1248 || type_size != heapinfo2->busy_frag.frag_size[frag2]) {
1250 match_equals(state, previous);
1251 xbt_dynar_free(&previous);
1257 // Check if the blocks are already matched together:
1258 if (state->equals_to1_(block1, frag1).valid
1259 && state->equals_to2_(block2, frag2).valid) {
1260 if (offset1==offset2 && equal_fragments(state, block1, frag1, block2, frag2)) {
1262 match_equals(state, previous);
1263 xbt_dynar_free(&previous);
1268 // Compare the size of both fragments:
1269 if (heapinfo1->busy_frag.frag_size[frag1] !=
1270 heapinfo2->busy_frag.frag_size[frag2]) {
1271 if (type_size == -1) {
1273 match_equals(state, previous);
1274 xbt_dynar_free(&previous);
1279 xbt_dynar_free(&previous);
1285 // Size of the fragment:
1286 size = heapinfo1->busy_frag.frag_size[frag1];
1288 // Remember (basic) type inference.
1289 // The current data structure only allows us to do this for the whole fragment.
1290 if (type != NULL && area1 == real_addr_frag1) {
1291 state->types1_(block1, frag1) = type;
1293 if (type != NULL && area2 == real_addr_frag2) {
1294 state->types2_(block2, frag2) = type;
1296 // The type of the variable is already known:
1301 // Type inference from the block type.
1302 else if (state->types1_(block1, frag1) != NULL
1303 || state->types2_(block2, frag2) != NULL) {
1305 offset1 = (char *) area1 - (char *) real_addr_frag1;
1306 offset2 = (char *) area2 - (char *) real_addr_frag2;
1308 if (state->types1_(block1, frag1) != NULL
1309 && state->types2_(block2, frag2) != NULL) {
1311 get_offset_type(real_addr_frag1, state->types1_(block1, frag1),
1312 offset1, size, snapshot1, process_index);
1314 get_offset_type(real_addr_frag2, state->types2_(block2, frag2),
1315 offset1, size, snapshot2, process_index);
1316 } else if (state->types1_(block1, frag1) != NULL) {
1318 get_offset_type(real_addr_frag1, state->types1_(block1, frag1),
1319 offset1, size, snapshot1, process_index);
1321 get_offset_type(real_addr_frag2, state->types1_(block1, frag1),
1322 offset2, size, snapshot2, process_index);
1323 } else if (state->types2_(block2, frag2) != NULL) {
1325 get_offset_type(real_addr_frag1, state->types2_(block2, frag2),
1326 offset1, size, snapshot1, process_index);
1328 get_offset_type(real_addr_frag2, state->types2_(block2, frag2),
1329 offset2, size, snapshot2, process_index);
1332 match_equals(state, previous);
1333 xbt_dynar_free(&previous);
1338 if (new_type1 != NULL && new_type2 != NULL && new_type1 != new_type2) {
1341 while (type->byte_size == 0 && type->subtype != NULL)
1342 type = type->subtype;
1343 new_size1 = type->byte_size;
1346 while (type->byte_size == 0 && type->subtype != NULL)
1347 type = type->subtype;
1348 new_size2 = type->byte_size;
1352 match_equals(state, previous);
1353 xbt_dynar_free(&previous);
1359 if (new_size1 > 0 && new_size1 == new_size2) {
1364 if (offset1 == 0 && offset2 == 0) {
1365 if (!add_heap_area_pair(previous, block1, frag1, block2, frag2)) {
1367 match_equals(state, previous);
1368 xbt_dynar_free(&previous);
1376 match_equals(state, previous);
1377 xbt_dynar_free(&previous);
1382 if ((heapinfo1->busy_frag.ignore[frag1] > 0)
1383 && (heapinfo2->busy_frag.ignore[frag2] ==
1384 heapinfo1->busy_frag.ignore[frag1]))
1385 check_ignore = heapinfo1->busy_frag.ignore[frag1];
1390 xbt_dynar_free(&previous);
1397 /* Start comparison */
1400 compare_heap_area_with_type(state, process_index, area1, area2, snapshot1, snapshot2,
1401 previous, type, size, check_ignore,
1405 compare_heap_area_without_type(state, process_index, area1, area2, snapshot1, snapshot2,
1406 previous, size, check_ignore);
1408 if (res_compare == 1) {
1410 xbt_dynar_free(&previous);
1415 match_equals(state, previous);
1416 xbt_dynar_free(&previous);
1422 /*********************************************** Miscellaneous ***************************************************/
1423 /****************************************************************************************************************/
1425 // Not used and broken code:
1429 static int get_pointed_area_size(void *area, int heap)
1432 struct s_mc_diff *state = mc_diff_info;
1435 malloc_info *heapinfo;
1438 heapinfo = state->heapinfo1;
1440 heapinfo = state->heapinfo2;
1444 (char *) state->std_heap_copy.heapbase) / BLOCKSIZE + 1;
1446 if (((char *) area < (char *) state->std_heap_copy.heapbase)
1447 || (block > state->heapsize1) || (block < 1))
1450 if (heapinfo[block].type == MMALLOC_TYPE_FREE || heapinfo[block].type == MMALLOC_TYPE_HEAPINFO) { /* Free block */
1452 } else if (heapinfo[block].type == MMALLOC_TYPE_UNFRAGMENTED) { /* Complete block */
1453 return (int) heapinfo[block].busy_block.busy_size;
1456 ((uintptr_t) (ADDR2UINT(area) % (BLOCKSIZE))) >> heapinfo[block].type;
1457 return (int) heapinfo[block].busy_frag.frag_size[frag];
1462 #define max( a, b ) ( ((a) > (b)) ? (a) : (b) )
1466 int mmalloc_linear_compare_heap(xbt_mheap_t heap1, xbt_mheap_t heap2)
1469 struct s_mc_diff *state = mc_diff_info;
1471 if (heap1 == NULL && heap1 == NULL) {
1472 XBT_DEBUG("Malloc descriptors null");
1476 if (heap1->heaplimit != heap2->heaplimit) {
1477 XBT_DEBUG("Different limit of valid info table indices");
1481 /* Heap information */
1482 state->heaplimit = ((struct mdesc *) heap1)->heaplimit;
1484 state->std_heap_copy = *mc_model_checker->process().get_heap();
1486 state->heapbase1 = (char *) heap1 + BLOCKSIZE;
1487 state->heapbase2 = (char *) heap2 + BLOCKSIZE;
1490 (malloc_info *) ((char *) heap1 +
1492 ((char *) heap1->heapinfo - (char *) state->s_heap)));
1494 (malloc_info *) ((char *) heap2 +
1496 ((char *) heap2->heapinfo - (char *) state->s_heap)));
1498 state->heapsize1 = heap1->heapsize;
1499 state->heapsize2 = heap2->heapsize;
1501 /* Start comparison */
1503 void *addr_block1, *addr_block2, *addr_frag1, *addr_frag2;
1507 /* Check busy blocks */
1511 while (i <= state->heaplimit) {
1514 ((void *) (((ADDR2UINT(i)) - 1) * BLOCKSIZE +
1515 (char *) state->heapbase1));
1517 ((void *) (((ADDR2UINT(i)) - 1) * BLOCKSIZE +
1518 (char *) state->heapbase2));
1520 if (state->heapinfo1[i].type != state->heapinfo2[i].type) {
1522 distance += BLOCKSIZE;
1523 XBT_DEBUG("Different type of blocks (%zu) : %d - %d -> distance = %d", i,
1524 state->heapinfo1[i].type, state->heapinfo2[i].type, distance);
1529 if (state->heapinfo1[i].type == MMALLOC_TYPE_FREE
1530 || state->heapinfo1[i].type == MMALLOC_TYPE_HAPINFO) { /* Free block */
1535 if (state->heapinfo1[i].type == MMALLOC_TYPE_UNFRAGMENTED) { /* Large block */
1537 if (state->heapinfo1[i].busy_block.size !=
1538 state->heapinfo2[i].busy_block.size) {
1540 BLOCKSIZE * max(state->heapinfo1[i].busy_block.size,
1541 state->heapinfo2[i].busy_block.size);
1542 i += max(state->heapinfo1[i].busy_block.size,
1543 state->heapinfo2[i].busy_block.size);
1545 ("Different larger of cluster at block %zu : %zu - %zu -> distance = %d",
1546 i, state->heapinfo1[i].busy_block.size,
1547 state->heapinfo2[i].busy_block.size, distance);
1551 /*if(heapinfo1[i].busy_block.busy_size != heapinfo2[i].busy_block.busy_size){
1552 distance += max(heapinfo1[i].busy_block.busy_size, heapinfo2[i].busy_block.busy_size);
1553 i += max(heapinfo1[i].busy_block.size, heapinfo2[i].busy_block.size);
1554 XBT_DEBUG("Different size used oin large cluster at block %zu : %zu - %zu -> distance = %d", i, heapinfo1[i].busy_block.busy_size, heapinfo2[i].busy_block.busy_size, distance);
1560 //while(k < (heapinfo1[i].busy_block.busy_size)){
1561 while (k < state->heapinfo1[i].busy_block.size * BLOCKSIZE) {
1562 if (memcmp((char *) addr_block1 + k, (char *) addr_block2 + k, 1) !=
1571 } else { /* Fragmented block */
1573 for (j = 0; j < (size_t) (BLOCKSIZE >> state->heapinfo1[i].type); j++) {
1576 (void *) ((char *) addr_block1 + (j << state->heapinfo1[i].type));
1578 (void *) ((char *) addr_block2 + (j << state->heapinfo2[i].type));
1580 if (state->heapinfo1[i].busy_frag.frag_size[j] == 0
1581 && state->heapinfo2[i].busy_frag.frag_size[j] == 0) {
1586 /*if(heapinfo1[i].busy_frag.frag_size[j] != heapinfo2[i].busy_frag.frag_size[j]){
1587 distance += max(heapinfo1[i].busy_frag.frag_size[j], heapinfo2[i].busy_frag.frag_size[j]);
1588 XBT_DEBUG("Different size used in fragment %zu in block %zu : %d - %d -> distance = %d", j, i, heapinfo1[i].busy_frag.frag_size[j], heapinfo2[i].busy_frag.frag_size[j], distance);
1594 //while(k < max(heapinfo1[i].busy_frag.frag_size[j], heapinfo2[i].busy_frag.frag_size[j])){
1595 while (k < (BLOCKSIZE / (BLOCKSIZE >> state->heapinfo1[i].type))) {
1596 if (memcmp((char *) addr_frag1 + k, (char *) addr_frag2 + k, 1) !=
