1 /* mc_diff - Memory snapshooting and comparison */
3 /* Copyright (c) 2008-2015. The SimGrid Team.
4 * All rights reserved. */
6 /* This program is free software; you can redistribute it and/or modify it
7 * under the terms of the license (GNU LGPL) which comes with this package. */
9 #include "xbt/ex_interface.h" /* internals of backtrace setup */
12 #include "xbt/mmalloc.h"
13 #include "mc_object_info.h"
14 #include "mc/datatypes.h"
15 #include "mc/mc_private.h"
16 #include "mc/mc_snapshot.h"
17 #include "mc/Type.hpp"
19 using simgrid::mc::remote;
23 XBT_LOG_NEW_DEFAULT_SUBCATEGORY(mc_diff, xbt,
24 "Logging specific to mc_diff in mc");
26 xbt_dynar_t mc_heap_comparison_ignore;
27 xbt_dynar_t stacks_areas;
29 /*********************************** Heap comparison ***********************************/
30 /***************************************************************************************/
32 typedef char *type_name;
34 struct XBT_PRIVATE s_mc_diff {
35 s_xbt_mheap_t std_heap_copy;
37 // Number of blocks in the heaps:
38 size_t heapsize1, heapsize2;
39 std::vector<s_mc_heap_ignore_region_t>* to_ignore1;
40 std::vector<s_mc_heap_ignore_region_t>* to_ignore2;
41 s_heap_area_t *equals_to1, *equals_to2;
42 simgrid::mc::Type **types1;
43 simgrid::mc::Type **types2;
47 #define equals_to1_(i,j) equals_to1[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
48 #define equals_to2_(i,j) equals_to2[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
49 #define types1_(i,j) types1[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
50 #define types2_(i,j) types2[ MAX_FRAGMENT_PER_BLOCK*(i) + (j)]
52 __thread struct s_mc_diff *mc_diff_info = NULL;
54 /*********************************** Free functions ************************************/
56 static void heap_area_pair_free(heap_area_pair_t pair)
62 static void heap_area_pair_free_voidp(void *d)
64 heap_area_pair_free((heap_area_pair_t) * (void **) d);
67 static void heap_area_free(heap_area_t area)
73 /************************************************************************************/
75 static s_heap_area_t make_heap_area(int block, int fragment)
80 area.fragment = fragment;
85 static int is_new_heap_area_pair(xbt_dynar_t list, int block1, int fragment1,
86 int block2, int fragment2)
89 unsigned int cursor = 0;
90 heap_area_pair_t current_pair;
92 xbt_dynar_foreach(list, cursor, current_pair) {
93 if (current_pair->block1 == block1 && current_pair->block2 == block2
94 && current_pair->fragment1 == fragment1
95 && current_pair->fragment2 == fragment2)
102 static int add_heap_area_pair(xbt_dynar_t list, int block1, int fragment1,
103 int block2, int fragment2)
106 if (is_new_heap_area_pair(list, block1, fragment1, block2, fragment2)) {
107 heap_area_pair_t pair = NULL;
108 pair = xbt_new0(s_heap_area_pair_t, 1);
109 pair->block1 = block1;
110 pair->fragment1 = fragment1;
111 pair->block2 = block2;
112 pair->fragment2 = fragment2;
114 xbt_dynar_push(list, &pair);
122 static ssize_t heap_comparison_ignore_size(std::vector<s_mc_heap_ignore_region_t>* ignore_list,
126 int end = ignore_list->size() - 1;
128 while (start <= end) {
129 unsigned int cursor = (start + end) / 2;
130 s_mc_heap_ignore_region_t region = (*ignore_list)[cursor];
131 if (region.address == address)
133 if (region.address < address)
135 if (region.address > address)
142 static int is_stack(const void *address)
144 unsigned int cursor = 0;
145 stack_region_t stack;
147 xbt_dynar_foreach(stacks_areas, cursor, stack) {
148 if (address == stack->address)
155 // TODO, this should depend on the snapshot?
156 static int is_block_stack(int block)
158 unsigned int cursor = 0;
159 stack_region_t stack;
161 xbt_dynar_foreach(stacks_areas, cursor, stack) {
162 if (block == stack->block)
169 static void match_equals(struct s_mc_diff *state, xbt_dynar_t list)
172 unsigned int cursor = 0;
173 heap_area_pair_t current_pair;
175 xbt_dynar_foreach(list, cursor, current_pair) {
177 if (current_pair->fragment1 != -1) {
179 state->equals_to1_(current_pair->block1, current_pair->fragment1) =
180 make_heap_area(current_pair->block2, current_pair->fragment2);
181 state->equals_to2_(current_pair->block2, current_pair->fragment2) =
182 make_heap_area(current_pair->block1, current_pair->fragment1);
186 state->equals_to1_(current_pair->block1, 0) =
187 make_heap_area(current_pair->block2, current_pair->fragment2);
188 state->equals_to2_(current_pair->block2, 0) =
189 make_heap_area(current_pair->block1, current_pair->fragment1);
196 /** Check whether two blocks are known to be matching
198 * @param state State used
199 * @param b1 Block of state 1
200 * @param b2 Block of state 2
201 * @return if the blocks are known to be matching
203 static int equal_blocks(struct s_mc_diff *state, int b1, int b2)
206 if (state->equals_to1_(b1, 0).block == b2
207 && state->equals_to2_(b2, 0).block == b1)
213 /** Check whether two fragments are known to be matching
215 * @param state State used
216 * @param b1 Block of state 1
217 * @param f1 Fragment of state 1
218 * @param b2 Block of state 2
219 * @param f2 Fragment of state 2
220 * @return if the fragments are known to be matching
222 static int equal_fragments(struct s_mc_diff *state, int b1, int f1, int b2,
226 if (state->equals_to1_(b1, f1).block == b2
227 && state->equals_to1_(b1, f1).fragment == f2
228 && state->equals_to2_(b2, f2).block == b1
229 && state->equals_to2_(b2, f2).fragment == f1)
237 int init_heap_information(xbt_mheap_t heap1, xbt_mheap_t heap2,
238 std::vector<s_mc_heap_ignore_region_t>* i1,
239 std::vector<s_mc_heap_ignore_region_t>* i2)
241 if (mc_diff_info == NULL) {
242 mc_diff_info = xbt_new0(struct s_mc_diff, 1);
243 mc_diff_info->equals_to1 = NULL;
244 mc_diff_info->equals_to2 = NULL;
245 mc_diff_info->types1 = NULL;
246 mc_diff_info->types2 = NULL;
248 struct s_mc_diff *state = mc_diff_info;
250 if ((((struct mdesc *) heap1)->heaplimit !=
251 ((struct mdesc *) heap2)->heaplimit)
253 ((((struct mdesc *) heap1)->heapsize !=
254 ((struct mdesc *) heap2)->heapsize)))
257 state->heaplimit = ((struct mdesc *) heap1)->heaplimit;
259 state->std_heap_copy = *mc_model_checker->process().get_heap();
261 state->heapsize1 = heap1->heapsize;
262 state->heapsize2 = heap2->heapsize;
264 state->to_ignore1 = i1;
265 state->to_ignore2 = i2;
267 if (state->heaplimit > state->available) {
268 state->equals_to1 = (s_heap_area_t*)
269 realloc(state->equals_to1,
270 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
271 sizeof(s_heap_area_t));
272 state->types1 = (simgrid::mc::Type**)
273 realloc(state->types1,
274 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
275 sizeof(simgrid::mc::Type*));
276 state->equals_to2 = (s_heap_area_t*)
277 realloc(state->equals_to2,
278 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
279 sizeof(s_heap_area_t));
280 state->types2 = (simgrid::mc::Type**)
281 realloc(state->types2,
282 state->heaplimit * MAX_FRAGMENT_PER_BLOCK *
283 sizeof(simgrid::mc::Type*));
284 state->available = state->heaplimit;
287 memset(state->equals_to1, 0,
288 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(s_heap_area_t));
289 memset(state->equals_to2, 0,
290 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(s_heap_area_t));
291 memset(state->types1, 0,
292 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(type_name *));
293 memset(state->types2, 0,
294 state->heaplimit * MAX_FRAGMENT_PER_BLOCK * sizeof(type_name *));
302 void reset_heap_information()
307 // TODO, have a robust way to find it in O(1)
309 mc_mem_region_t MC_get_heap_region(mc_snapshot_t snapshot)
311 size_t n = snapshot->snapshot_regions.size();
312 for (size_t i=0; i!=n; ++i) {
313 mc_mem_region_t region = snapshot->snapshot_regions[i].get();
314 if (region->region_type() == simgrid::mc::RegionType::Heap)
317 xbt_die("No heap region");
320 int mmalloc_compare_heap(mc_snapshot_t snapshot1, mc_snapshot_t snapshot2)
322 simgrid::mc::Process* process = &mc_model_checker->process();
323 struct s_mc_diff *state = mc_diff_info;
325 /* Start comparison */
326 size_t i1, i2, j1, j2, k;
327 void *addr_block1, *addr_block2, *addr_frag1, *addr_frag2;
328 int nb_diff1 = 0, nb_diff2 = 0;
330 int equal, res_compare = 0;
332 /* Check busy blocks */
336 malloc_info heapinfo_temp1, heapinfo_temp2;
337 malloc_info heapinfo_temp2b;
339 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
340 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
342 // This is the address of std_heap->heapinfo in the application process:
343 void* heapinfo_address = &((xbt_mheap_t) process->heap_address)->heapinfo;
345 // This is in snapshot do not use them directly:
346 const malloc_info* heapinfos1 = snapshot1->read<malloc_info*>(
347 (std::uint64_t)heapinfo_address, simgrid::mc::ProcessIndexMissing);
348 const malloc_info* heapinfos2 = snapshot2->read<malloc_info*>(
349 (std::uint64_t)heapinfo_address, simgrid::mc::ProcessIndexMissing);
351 while (i1 < state->heaplimit) {
353 const malloc_info* heapinfo1 = (const malloc_info*) MC_region_read(heap_region1, &heapinfo_temp1, &heapinfos1[i1], sizeof(malloc_info));
354 const malloc_info* heapinfo2 = (const malloc_info*) MC_region_read(heap_region2, &heapinfo_temp2, &heapinfos2[i1], sizeof(malloc_info));
356 if (heapinfo1->type == MMALLOC_TYPE_FREE || heapinfo1->type == MMALLOC_TYPE_HEAPINFO) { /* Free block */
361 if (heapinfo1->type < 0) {
362 fprintf(stderr, "Unkown mmalloc block type.\n");
367 ((void *) (((ADDR2UINT(i1)) - 1) * BLOCKSIZE +
368 (char *) state->std_heap_copy.heapbase));
370 if (heapinfo1->type == MMALLOC_TYPE_UNFRAGMENTED) { /* Large block */
372 if (is_stack(addr_block1)) {
373 for (k = 0; k < heapinfo1->busy_block.size; k++)
374 state->equals_to1_(i1 + k, 0) = make_heap_area(i1, -1);
375 for (k = 0; k < heapinfo2->busy_block.size; k++)
376 state->equals_to2_(i1 + k, 0) = make_heap_area(i1, -1);
377 i1 += heapinfo1->busy_block.size;
381 if (state->equals_to1_(i1, 0).valid) {
390 /* Try first to associate to same block in the other heap */
391 if (heapinfo2->type == heapinfo1->type) {
393 if (state->equals_to2_(i1, 0).valid == 0) {
395 addr_block2 = (ADDR2UINT(i1) - 1) * BLOCKSIZE +
396 (char *) state->std_heap_copy.heapbase;
399 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_block1, addr_block2, snapshot1, snapshot2,
402 if (res_compare != 1) {
403 for (k = 1; k < heapinfo2->busy_block.size; k++)
404 state->equals_to2_(i1 + k, 0) = make_heap_area(i1, -1);
405 for (k = 1; k < heapinfo1->busy_block.size; k++)
406 state->equals_to1_(i1 + k, 0) = make_heap_area(i1, -1);
408 i1 += heapinfo1->busy_block.size;
415 while (i2 < state->heaplimit && !equal) {
417 addr_block2 = (ADDR2UINT(i2) - 1) * BLOCKSIZE +
418 (char *) state->std_heap_copy.heapbase;
425 const malloc_info* heapinfo2b = (const malloc_info*) MC_region_read(heap_region2, &heapinfo_temp2b, &heapinfos2[i2], sizeof(malloc_info));
427 if (heapinfo2b->type != MMALLOC_TYPE_UNFRAGMENTED) {
432 if (state->equals_to2_(i2, 0).valid) {
438 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_block1, addr_block2, snapshot1, snapshot2,
441 if (res_compare != 1) {
442 for (k = 1; k < heapinfo2b->busy_block.size; k++)
443 state->equals_to2_(i2 + k, 0) = make_heap_area(i1, -1);
444 for (k = 1; k < heapinfo1->busy_block.size; k++)
445 state->equals_to1_(i1 + k, 0) = make_heap_area(i2, -1);
447 i1 += heapinfo1->busy_block.size;
455 XBT_DEBUG("Block %zu not found (size_used = %zu, addr = %p)", i1,
456 heapinfo1->busy_block.busy_size, addr_block1);
457 i1 = state->heaplimit + 1;
462 } else { /* Fragmented block */
464 for (j1 = 0; j1 < (size_t) (BLOCKSIZE >> heapinfo1->type); j1++) {
466 if (heapinfo1->busy_frag.frag_size[j1] == -1) /* Free fragment */
469 if (state->equals_to1_(i1, j1).valid)
473 (void *) ((char *) addr_block1 + (j1 << heapinfo1->type));
478 /* Try first to associate to same fragment in the other heap */
479 if (heapinfo2->type == heapinfo1->type) {
481 if (state->equals_to2_(i1, j1).valid == 0) {
483 addr_block2 = (ADDR2UINT(i1) - 1) * BLOCKSIZE +
484 (char *) state->std_heap_copy.heapbase;
486 (void *) ((char *) addr_block2 +
487 (j1 << heapinfo2->type));
490 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_frag1, addr_frag2, snapshot1, snapshot2,
493 if (res_compare != 1)
500 while (i2 < state->heaplimit && !equal) {
502 const malloc_info* heapinfo2b = (const malloc_info*) MC_region_read(
503 heap_region2, &heapinfo_temp2b, &heapinfos2[i2],
504 sizeof(malloc_info));
506 if (heapinfo2b->type == MMALLOC_TYPE_FREE || heapinfo2b->type == MMALLOC_TYPE_HEAPINFO) {
511 // We currently do not match fragments with unfragmented blocks (maybe we should).
512 if (heapinfo2b->type == MMALLOC_TYPE_UNFRAGMENTED) {
517 if (heapinfo2b->type < 0) {
518 fprintf(stderr, "Unkown mmalloc block type.\n");
522 for (j2 = 0; j2 < (size_t) (BLOCKSIZE >> heapinfo2b->type);
525 if (i2 == i1 && j2 == j1)
528 if (state->equals_to2_(i2, j2).valid)
531 addr_block2 = (ADDR2UINT(i2) - 1) * BLOCKSIZE +
532 (char *) state->std_heap_copy.heapbase;
534 (void *) ((char *) addr_block2 +
535 (j2 << heapinfo2b->type));
538 compare_heap_area(simgrid::mc::ProcessIndexMissing, addr_frag1, addr_frag2, snapshot2, snapshot2,
541 if (res_compare != 1) {
554 ("Block %zu, fragment %zu not found (size_used = %zd, address = %p)\n",
555 i1, j1, heapinfo1->busy_frag.frag_size[j1],
557 i2 = state->heaplimit + 1;
558 i1 = state->heaplimit + 1;
571 /* All blocks/fragments are equal to another block/fragment ? */
574 for(i = 1; i < state->heaplimit; i++) {
575 const malloc_info* heapinfo1 = (const malloc_info*) MC_region_read(
576 heap_region1, &heapinfo_temp1, &heapinfos1[i], sizeof(malloc_info));
577 if (heapinfo1->type == MMALLOC_TYPE_UNFRAGMENTED) {
578 if (i1 == state->heaplimit) {
579 if (heapinfo1->busy_block.busy_size > 0) {
580 if (state->equals_to1_(i, 0).valid == 0) {
581 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
583 XBT_DEBUG("Block %zu not found (size used = %zu)", i,
584 heapinfo1->busy_block.busy_size);
585 //mmalloc_backtrace_block_display((void*)heapinfo1, i);
592 if (heapinfo1->type > 0) {
593 for (j = 0; j < (size_t) (BLOCKSIZE >> heapinfo1->type); j++) {
594 if (i1 == state->heaplimit) {
595 if (heapinfo1->busy_frag.frag_size[j] > 0) {
596 if (state->equals_to1_(i, j).valid == 0) {
597 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
598 // TODO, print fragment address
600 ("Block %zu, Fragment %zu not found (size used = %zd)",
602 heapinfo1->busy_frag.frag_size[j]);
603 //mmalloc_backtrace_fragment_display((void*)heapinfo1, i, j);
613 if (i1 == state->heaplimit)
614 XBT_DEBUG("Number of blocks/fragments not found in heap1 : %d", nb_diff1);
616 for (i=1; i < state->heaplimit; i++) {
617 const malloc_info* heapinfo2 = (const malloc_info*) MC_region_read(
618 heap_region2, &heapinfo_temp2, &heapinfos2[i], sizeof(malloc_info));
619 if (heapinfo2->type == MMALLOC_TYPE_UNFRAGMENTED) {
620 if (i1 == state->heaplimit) {
621 if (heapinfo2->busy_block.busy_size > 0) {
622 if (state->equals_to2_(i, 0).valid == 0) {
623 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
624 // TODO, print address of the block
625 XBT_DEBUG("Block %zu not found (size used = %zu)", i,
626 heapinfo2->busy_block.busy_size);
627 //mmalloc_backtrace_block_display((void*)heapinfo2, i);
634 if (heapinfo2->type > 0) {
635 for (j = 0; j < (size_t) (BLOCKSIZE >> heapinfo2->type); j++) {
636 if (i1 == state->heaplimit) {
637 if (heapinfo2->busy_frag.frag_size[j] > 0) {
638 if (state->equals_to2_(i, j).valid == 0) {
639 if (XBT_LOG_ISENABLED(mc_diff, xbt_log_priority_debug)) {
640 // TODO, print address of the block
642 ("Block %zu, Fragment %zu not found (size used = %zd)",
644 heapinfo2->busy_frag.frag_size[j]);
645 //mmalloc_backtrace_fragment_display((void*)heapinfo2, i, j);
655 if (i1 == state->heaplimit)
656 XBT_DEBUG("Number of blocks/fragments not found in heap2 : %d", nb_diff2);
658 return ((nb_diff1 > 0) || (nb_diff2 > 0));
664 * @param real_area1 Process address for state 1
665 * @param real_area2 Process address for state 2
666 * @param snapshot1 Snapshot of state 1
667 * @param snapshot2 Snapshot of state 2
670 * @param check_ignore
672 static int compare_heap_area_without_type(struct s_mc_diff *state, int process_index,
673 const void *real_area1, const void *real_area2,
674 mc_snapshot_t snapshot1,
675 mc_snapshot_t snapshot2,
676 xbt_dynar_t previous, int size,
679 simgrid::mc::Process* process = &mc_model_checker->process();
682 const void *addr_pointed1, *addr_pointed2;
683 int pointer_align, res_compare;
684 ssize_t ignore1, ignore2;
686 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
687 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
691 if (check_ignore > 0) {
693 heap_comparison_ignore_size(state->to_ignore1,
694 (char *) real_area1 + i)) != -1) {
696 heap_comparison_ignore_size(state->to_ignore2,
697 (char *) real_area2 + i)) == ignore1) {
710 if (MC_snapshot_region_memcmp(((char *) real_area1) + i, heap_region1, ((char *) real_area2) + i, heap_region2, 1) != 0) {
712 pointer_align = (i / sizeof(void *)) * sizeof(void *);
713 addr_pointed1 = snapshot1->read(
714 remote((void**)((char *) real_area1 + pointer_align)), process_index);
715 addr_pointed2 = snapshot2->read(
716 remote((void**)((char *) real_area2 + pointer_align)), process_index);
718 if (process->in_maestro_stack(remote(addr_pointed1))
719 && process->in_maestro_stack(remote(addr_pointed2))) {
720 i = pointer_align + sizeof(void *);
722 } else if (addr_pointed1 > state->std_heap_copy.heapbase
723 && addr_pointed1 < mc_snapshot_get_heap_end(snapshot1)
724 && addr_pointed2 > state->std_heap_copy.heapbase
725 && addr_pointed2 < mc_snapshot_get_heap_end(snapshot2)) {
726 // Both addreses are in the heap:
728 compare_heap_area(process_index, addr_pointed1, addr_pointed2, snapshot1,
729 snapshot2, previous, NULL, 0);
730 if (res_compare == 1) {
733 i = pointer_align + sizeof(void *);
752 * @param real_area1 Process address for state 1
753 * @param real_area2 Process address for state 2
754 * @param snapshot1 Snapshot of state 1
755 * @param snapshot2 Snapshot of state 2
758 * @param area_size either a byte_size or an elements_count (?)
759 * @param check_ignore
760 * @param pointer_level
761 * @return 0 (same), 1 (different), -1 (unknown)
763 static int compare_heap_area_with_type(struct s_mc_diff *state, int process_index,
764 const void *real_area1, const void *real_area2,
765 mc_snapshot_t snapshot1,
766 mc_snapshot_t snapshot2,
767 xbt_dynar_t previous, simgrid::mc::Type* type,
768 int area_size, int check_ignore,
772 if (is_stack(real_area1) && is_stack(real_area2))
775 ssize_t ignore1, ignore2;
777 if ((check_ignore > 0)
778 && ((ignore1 = heap_comparison_ignore_size(state->to_ignore1, real_area1))
780 && ((ignore2 = heap_comparison_ignore_size(state->to_ignore2, real_area2))
785 simgrid::mc::Type *subtype, *subsubtype;
787 const void *addr_pointed1, *addr_pointed2;
789 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
790 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
792 switch (type->type) {
793 case DW_TAG_unspecified_type:
796 case DW_TAG_base_type:
797 if (!type->name.empty() && type->name == "char") { /* String, hence random (arbitrary ?) size */
798 if (real_area1 == real_area2)
801 return (MC_snapshot_region_memcmp(real_area1, heap_region1, real_area2, heap_region2, area_size) != 0);
803 if (area_size != -1 && type->byte_size != area_size)
806 return (MC_snapshot_region_memcmp(real_area1, heap_region1, real_area2, heap_region2, type->byte_size) != 0);
810 case DW_TAG_enumeration_type:
811 if (area_size != -1 && type->byte_size != area_size)
814 return (MC_snapshot_region_memcmp(real_area1, heap_region1, real_area2, heap_region2, type->byte_size) != 0);
817 case DW_TAG_const_type:
818 case DW_TAG_volatile_type:
820 type = type->subtype;
823 case DW_TAG_array_type:
824 subtype = type->subtype;
825 switch (subtype->type) {
826 case DW_TAG_unspecified_type:
829 case DW_TAG_base_type:
830 case DW_TAG_enumeration_type:
831 case DW_TAG_pointer_type:
832 case DW_TAG_reference_type:
833 case DW_TAG_rvalue_reference_type:
834 case DW_TAG_structure_type:
835 case DW_TAG_class_type:
836 case DW_TAG_union_type:
837 if (subtype->full_type)
838 subtype = subtype->full_type;
839 elm_size = subtype->byte_size;
841 // TODO, just remove the type indirection?
842 case DW_TAG_const_type:
844 case DW_TAG_volatile_type:
845 subsubtype = subtype->subtype;
846 if (subsubtype->full_type)
847 subsubtype = subsubtype->full_type;
848 elm_size = subsubtype->byte_size;
854 for (int i = 0; i < type->element_count; i++) {
855 // TODO, add support for variable stride (DW_AT_byte_stride)
857 compare_heap_area_with_type(state, process_index,
858 (char *) real_area1 + (i * elm_size),
859 (char *) real_area2 + (i * elm_size),
860 snapshot1, snapshot2, previous,
861 type->subtype, subtype->byte_size,
862 check_ignore, pointer_level);
867 case DW_TAG_reference_type:
868 case DW_TAG_rvalue_reference_type:
869 case DW_TAG_pointer_type:
870 if (type->subtype && type->subtype->type == DW_TAG_subroutine_type) {
871 addr_pointed1 = snapshot1->read(remote((void**)real_area1), process_index);
872 addr_pointed2 = snapshot2->read(remote((void**)real_area2), process_index);
873 return (addr_pointed1 != addr_pointed2);;
876 if (pointer_level > 1) { /* Array of pointers */
877 for (size_t i = 0; i < (area_size / sizeof(void *)); i++) {
878 addr_pointed1 = snapshot1->read(
879 remote((void**)((char*) real_area1 + i * sizeof(void *))),
881 addr_pointed2 = snapshot2->read(
882 remote((void**)((char*) real_area2 + i * sizeof(void *))),
884 if (addr_pointed1 > state->std_heap_copy.heapbase
885 && addr_pointed1 < mc_snapshot_get_heap_end(snapshot1)
886 && addr_pointed2 > state->std_heap_copy.heapbase
887 && addr_pointed2 < mc_snapshot_get_heap_end(snapshot2))
889 compare_heap_area(process_index, addr_pointed1, addr_pointed2, snapshot1,
890 snapshot2, previous, type->subtype,
893 res = (addr_pointed1 != addr_pointed2);
898 addr_pointed1 = snapshot1->read(remote((void**)real_area1), process_index);
899 addr_pointed2 = snapshot2->read(remote((void**)real_area2), process_index);
900 if (addr_pointed1 > state->std_heap_copy.heapbase
901 && addr_pointed1 < mc_snapshot_get_heap_end(snapshot1)
902 && addr_pointed2 > state->std_heap_copy.heapbase
903 && addr_pointed2 < mc_snapshot_get_heap_end(snapshot2))
904 return compare_heap_area(process_index, addr_pointed1, addr_pointed2, snapshot1,
905 snapshot2, previous, type->subtype,
908 return (addr_pointed1 != addr_pointed2);
912 case DW_TAG_structure_type:
913 case DW_TAG_class_type:
915 type = type->full_type;
916 if (area_size != -1 && type->byte_size != area_size) {
917 if (area_size > type->byte_size && area_size % type->byte_size == 0) {
918 for (size_t i = 0; i < (size_t)(area_size / type->byte_size); i++) {
920 compare_heap_area_with_type(state, process_index,
921 (char *) real_area1 + i * type->byte_size,
922 (char *) real_area2 + i * type->byte_size,
923 snapshot1, snapshot2, previous, type, -1,
932 for(simgrid::mc::Type& member : type->members) {
933 // TODO, optimize this? (for the offset case)
935 mc_member_resolve(real_area1, type, &member, (simgrid::mc::AddressSpace*) snapshot1, process_index);
937 mc_member_resolve(real_area2, type, &member, (simgrid::mc::AddressSpace*) snapshot2, process_index);
939 compare_heap_area_with_type(state, process_index, real_member1, real_member2,
940 snapshot1, snapshot2,
941 previous, member.subtype, -1,
949 case DW_TAG_union_type:
950 return compare_heap_area_without_type(state, process_index, real_area1, real_area2,
951 snapshot1, snapshot2, previous,
952 type->byte_size, check_ignore);
962 /** Infer the type of a part of the block from the type of the block
964 * TODO, handle DW_TAG_array_type as well as arrays of the object ((*p)[5], p[5])
966 * TODO, handle subfields ((*p).bar.foo, (*p)[5].bar…)
968 * @param type_id DWARF type ID of the root address
970 * @return DWARF type ID for given offset
972 static simgrid::mc::Type* get_offset_type(void *real_base_address, simgrid::mc::Type* type,
973 int offset, int area_size,
974 mc_snapshot_t snapshot, int process_index)
977 // Beginning of the block, the infered variable type if the type of the block:
981 switch (type->type) {
982 case DW_TAG_structure_type:
983 case DW_TAG_class_type:
985 type = type->full_type;
987 if (area_size != -1 && type->byte_size != area_size) {
988 if (area_size > type->byte_size && area_size % type->byte_size == 0)
993 for(simgrid::mc::Type& member : type->members) {
995 if (member.has_offset_location()) {
996 // We have the offset, use it directly (shortcut):
997 if (member.offset() == offset)
998 return member.subtype;
1001 mc_member_resolve(real_base_address, type, &member,
1002 snapshot, process_index);
1003 if ((char*) real_member - (char *) real_base_address == offset)
1004 return member.subtype;
1012 /* FIXME : other cases ? */
1020 * @param area1 Process address for state 1
1021 * @param area2 Process address for state 2
1022 * @param snapshot1 Snapshot of state 1
1023 * @param snapshot2 Snapshot of state 2
1024 * @param previous Pairs of blocks already compared on the current path (or NULL)
1025 * @param type_id Type of variable
1026 * @param pointer_level
1027 * @return 0 (same), 1 (different), -1
1029 int compare_heap_area(int process_index, const void *area1, const void *area2, mc_snapshot_t snapshot1,
1030 mc_snapshot_t snapshot2, xbt_dynar_t previous,
1031 simgrid::mc::Type* type, int pointer_level)
1033 simgrid::mc::Process* process = &mc_model_checker->process();
1035 struct s_mc_diff *state = mc_diff_info;
1038 ssize_t block1, frag1, block2, frag2;
1040 int check_ignore = 0;
1042 void *real_addr_block1, *real_addr_block2, *real_addr_frag1, *real_addr_frag2;
1044 int offset1 = 0, offset2 = 0;
1045 int new_size1 = -1, new_size2 = -1;
1046 simgrid::mc::Type *new_type1 = NULL, *new_type2 = NULL;
1048 int match_pairs = 0;
1050 // This is the address of std_heap->heapinfo in the application process:
1051 void* heapinfo_address = &((xbt_mheap_t) process->heap_address)->heapinfo;
1053 const malloc_info* heapinfos1 = snapshot1->read(
1054 remote((const malloc_info**)heapinfo_address), process_index);
1055 const malloc_info* heapinfos2 = snapshot2->read(
1056 remote((const malloc_info**)heapinfo_address), process_index);
1058 malloc_info heapinfo_temp1, heapinfo_temp2;
1060 if (previous == NULL) {
1062 xbt_dynar_new(sizeof(heap_area_pair_t), heap_area_pair_free_voidp);
1065 // Get block number:
1068 (char *) state->std_heap_copy.heapbase) / BLOCKSIZE + 1;
1071 (char *) state->std_heap_copy.heapbase) / BLOCKSIZE + 1;
1073 // If either block is a stack block:
1074 if (is_block_stack((int) block1) && is_block_stack((int) block2)) {
1075 add_heap_area_pair(previous, block1, -1, block2, -1);
1077 match_equals(state, previous);
1078 xbt_dynar_free(&previous);
1082 // If either block is not in the expected area of memory:
1083 if (((char *) area1 < (char *) state->std_heap_copy.heapbase)
1084 || (block1 > (ssize_t) state->heapsize1) || (block1 < 1)
1085 || ((char *) area2 < (char *) state->std_heap_copy.heapbase)
1086 || (block2 > (ssize_t) state->heapsize2) || (block2 < 1)) {
1088 xbt_dynar_free(&previous);
1093 // Process address of the block:
1094 real_addr_block1 = (ADDR2UINT(block1) - 1) * BLOCKSIZE +
1095 (char *) state->std_heap_copy.heapbase;
1096 real_addr_block2 = (ADDR2UINT(block2) - 1) * BLOCKSIZE +
1097 (char *) state->std_heap_copy.heapbase;
1101 if (type->full_type)
1102 type = type->full_type;
1104 // This assume that for "boring" types (volatile ...) byte_size is absent:
1105 while (type->byte_size == 0 && type->subtype != NULL)
1106 type = type->subtype;
1109 if ((type->type == DW_TAG_pointer_type)
1110 || ((type->type == DW_TAG_base_type) && !type->name.empty()
1111 && type->name == "char"))
1114 type_size = type->byte_size;
1118 mc_mem_region_t heap_region1 = MC_get_heap_region(snapshot1);
1119 mc_mem_region_t heap_region2 = MC_get_heap_region(snapshot2);
1121 const malloc_info* heapinfo1 = (const malloc_info*) MC_region_read(
1122 heap_region1, &heapinfo_temp1, &heapinfos1[block1], sizeof(malloc_info));
1123 const malloc_info* heapinfo2 = (const malloc_info*) MC_region_read(
1124 heap_region2, &heapinfo_temp2, &heapinfos2[block2], sizeof(malloc_info));
1126 if ((heapinfo1->type == MMALLOC_TYPE_FREE || heapinfo1->type==MMALLOC_TYPE_HEAPINFO)
1127 && (heapinfo2->type == MMALLOC_TYPE_FREE || heapinfo2->type ==MMALLOC_TYPE_HEAPINFO)) {
1131 match_equals(state, previous);
1132 xbt_dynar_free(&previous);
1136 } else if (heapinfo1->type == MMALLOC_TYPE_UNFRAGMENTED
1137 && heapinfo2->type == MMALLOC_TYPE_UNFRAGMENTED) {
1138 /* Complete block */
1140 // TODO, lookup variable type from block type as done for fragmented blocks
1142 offset1 = (char *) area1 - (char *) real_addr_block1;
1143 offset2 = (char *) area2 - (char *) real_addr_block2;
1145 if (state->equals_to1_(block1, 0).valid
1146 && state->equals_to2_(block2, 0).valid) {
1147 if (equal_blocks(state, block1, block2)) {
1149 match_equals(state, previous);
1150 xbt_dynar_free(&previous);
1156 if (type_size != -1) {
1157 if (type_size != (ssize_t) heapinfo1->busy_block.busy_size
1158 && type_size != (ssize_t) heapinfo2->busy_block.busy_size
1159 && (type->name.empty() || type->name == "struct s_smx_context")) {
1161 match_equals(state, previous);
1162 xbt_dynar_free(&previous);
1168 if (heapinfo1->busy_block.size !=
1169 heapinfo2->busy_block.size) {
1171 xbt_dynar_free(&previous);
1176 if (heapinfo1->busy_block.busy_size !=
1177 heapinfo2->busy_block.busy_size) {
1179 xbt_dynar_free(&previous);
1184 if (!add_heap_area_pair(previous, block1, -1, block2, -1)) {
1186 match_equals(state, previous);
1187 xbt_dynar_free(&previous);
1192 size = heapinfo1->busy_block.busy_size;
1194 // Remember (basic) type inference.
1195 // The current data structure only allows us to do this for the whole block.
1196 if (type != NULL && area1 == real_addr_block1) {
1197 state->types1_(block1, 0) = type;
1199 if (type != NULL && area2 == real_addr_block2) {
1200 state->types2_(block2, 0) = type;
1205 match_equals(state, previous);
1206 xbt_dynar_free(&previous);
1214 if ((heapinfo1->busy_block.ignore > 0)
1215 && (heapinfo2->busy_block.ignore ==
1216 heapinfo1->busy_block.ignore))
1217 check_ignore = heapinfo1->busy_block.ignore;
1219 } else if ((heapinfo1->type > 0) && (heapinfo2->type > 0)) { /* Fragmented block */
1223 ((uintptr_t) (ADDR2UINT(area1) % (BLOCKSIZE))) >> heapinfo1->type;
1225 ((uintptr_t) (ADDR2UINT(area2) % (BLOCKSIZE))) >> heapinfo2->type;
1227 // Process address of the fragment:
1229 (void *) ((char *) real_addr_block1 +
1230 (frag1 << heapinfo1->type));
1232 (void *) ((char *) real_addr_block2 +
1233 (frag2 << heapinfo2->type));
1235 // Check the size of the fragments against the size of the type:
1236 if (type_size != -1) {
1237 if (heapinfo1->busy_frag.frag_size[frag1] == -1
1238 || heapinfo2->busy_frag.frag_size[frag2] == -1) {
1240 match_equals(state, previous);
1241 xbt_dynar_free(&previous);
1246 if (type_size != heapinfo1->busy_frag.frag_size[frag1]
1247 || type_size != heapinfo2->busy_frag.frag_size[frag2]) {
1249 match_equals(state, previous);
1250 xbt_dynar_free(&previous);
1256 // Check if the blocks are already matched together:
1257 if (state->equals_to1_(block1, frag1).valid
1258 && state->equals_to2_(block2, frag2).valid) {
1259 if (offset1==offset2 && equal_fragments(state, block1, frag1, block2, frag2)) {
1261 match_equals(state, previous);
1262 xbt_dynar_free(&previous);
1267 // Compare the size of both fragments:
1268 if (heapinfo1->busy_frag.frag_size[frag1] !=
1269 heapinfo2->busy_frag.frag_size[frag2]) {
1270 if (type_size == -1) {
1272 match_equals(state, previous);
1273 xbt_dynar_free(&previous);
1278 xbt_dynar_free(&previous);
1284 // Size of the fragment:
1285 size = heapinfo1->busy_frag.frag_size[frag1];
1287 // Remember (basic) type inference.
1288 // The current data structure only allows us to do this for the whole fragment.
1289 if (type != NULL && area1 == real_addr_frag1) {
1290 state->types1_(block1, frag1) = type;
1292 if (type != NULL && area2 == real_addr_frag2) {
1293 state->types2_(block2, frag2) = type;
1295 // The type of the variable is already known:
1300 // Type inference from the block type.
1301 else if (state->types1_(block1, frag1) != NULL
1302 || state->types2_(block2, frag2) != NULL) {
1304 offset1 = (char *) area1 - (char *) real_addr_frag1;
1305 offset2 = (char *) area2 - (char *) real_addr_frag2;
1307 if (state->types1_(block1, frag1) != NULL
1308 && state->types2_(block2, frag2) != NULL) {
1310 get_offset_type(real_addr_frag1, state->types1_(block1, frag1),
1311 offset1, size, snapshot1, process_index);
1313 get_offset_type(real_addr_frag2, state->types2_(block2, frag2),
1314 offset1, size, snapshot2, process_index);
1315 } else if (state->types1_(block1, frag1) != NULL) {
1317 get_offset_type(real_addr_frag1, state->types1_(block1, frag1),
1318 offset1, size, snapshot1, process_index);
1320 get_offset_type(real_addr_frag2, state->types1_(block1, frag1),
1321 offset2, size, snapshot2, process_index);
1322 } else if (state->types2_(block2, frag2) != NULL) {
1324 get_offset_type(real_addr_frag1, state->types2_(block2, frag2),
1325 offset1, size, snapshot1, process_index);
1327 get_offset_type(real_addr_frag2, state->types2_(block2, frag2),
1328 offset2, size, snapshot2, process_index);
1331 match_equals(state, previous);
1332 xbt_dynar_free(&previous);
1337 if (new_type1 != NULL && new_type2 != NULL && new_type1 != new_type2) {
1340 while (type->byte_size == 0 && type->subtype != NULL)
1341 type = type->subtype;
1342 new_size1 = type->byte_size;
1345 while (type->byte_size == 0 && type->subtype != NULL)
1346 type = type->subtype;
1347 new_size2 = type->byte_size;
1351 match_equals(state, previous);
1352 xbt_dynar_free(&previous);
1358 if (new_size1 > 0 && new_size1 == new_size2) {
1363 if (offset1 == 0 && offset2 == 0) {
1364 if (!add_heap_area_pair(previous, block1, frag1, block2, frag2)) {
1366 match_equals(state, previous);
1367 xbt_dynar_free(&previous);
1375 match_equals(state, previous);
1376 xbt_dynar_free(&previous);
1381 if ((heapinfo1->busy_frag.ignore[frag1] > 0)
1382 && (heapinfo2->busy_frag.ignore[frag2] ==
1383 heapinfo1->busy_frag.ignore[frag1]))
1384 check_ignore = heapinfo1->busy_frag.ignore[frag1];
1389 xbt_dynar_free(&previous);
1396 /* Start comparison */
1399 compare_heap_area_with_type(state, process_index, area1, area2, snapshot1, snapshot2,
1400 previous, type, size, check_ignore,
1404 compare_heap_area_without_type(state, process_index, area1, area2, snapshot1, snapshot2,
1405 previous, size, check_ignore);
1407 if (res_compare == 1) {
1409 xbt_dynar_free(&previous);
1414 match_equals(state, previous);
1415 xbt_dynar_free(&previous);
1421 /*********************************************** Miscellaneous ***************************************************/
1422 /****************************************************************************************************************/
1424 // Not used and broken code:
1428 static int get_pointed_area_size(void *area, int heap)
1431 struct s_mc_diff *state = mc_diff_info;
1434 malloc_info *heapinfo;
1437 heapinfo = state->heapinfo1;
1439 heapinfo = state->heapinfo2;
1443 (char *) state->std_heap_copy.heapbase) / BLOCKSIZE + 1;
1445 if (((char *) area < (char *) state->std_heap_copy.heapbase)
1446 || (block > state->heapsize1) || (block < 1))
1449 if (heapinfo[block].type == MMALLOC_TYPE_FREE || heapinfo[block].type == MMALLOC_TYPE_HEAPINFO) { /* Free block */
1451 } else if (heapinfo[block].type == MMALLOC_TYPE_UNFRAGMENTED) { /* Complete block */
1452 return (int) heapinfo[block].busy_block.busy_size;
1455 ((uintptr_t) (ADDR2UINT(area) % (BLOCKSIZE))) >> heapinfo[block].type;
1456 return (int) heapinfo[block].busy_frag.frag_size[frag];
1461 #define max( a, b ) ( ((a) > (b)) ? (a) : (b) )
1465 int mmalloc_linear_compare_heap(xbt_mheap_t heap1, xbt_mheap_t heap2)
1468 struct s_mc_diff *state = mc_diff_info;
1470 if (heap1 == NULL && heap1 == NULL) {
1471 XBT_DEBUG("Malloc descriptors null");
1475 if (heap1->heaplimit != heap2->heaplimit) {
1476 XBT_DEBUG("Different limit of valid info table indices");
1480 /* Heap information */
1481 state->heaplimit = ((struct mdesc *) heap1)->heaplimit;
1483 state->std_heap_copy = *mc_model_checker->process().get_heap();
1485 state->heapbase1 = (char *) heap1 + BLOCKSIZE;
1486 state->heapbase2 = (char *) heap2 + BLOCKSIZE;
1489 (malloc_info *) ((char *) heap1 +
1491 ((char *) heap1->heapinfo - (char *) state->s_heap)));
1493 (malloc_info *) ((char *) heap2 +
1495 ((char *) heap2->heapinfo - (char *) state->s_heap)));
1497 state->heapsize1 = heap1->heapsize;
1498 state->heapsize2 = heap2->heapsize;
1500 /* Start comparison */
1502 void *addr_block1, *addr_block2, *addr_frag1, *addr_frag2;
1506 /* Check busy blocks */
1510 while (i <= state->heaplimit) {
1513 ((void *) (((ADDR2UINT(i)) - 1) * BLOCKSIZE +
1514 (char *) state->heapbase1));
1516 ((void *) (((ADDR2UINT(i)) - 1) * BLOCKSIZE +
1517 (char *) state->heapbase2));
1519 if (state->heapinfo1[i].type != state->heapinfo2[i].type) {
1521 distance += BLOCKSIZE;
1522 XBT_DEBUG("Different type of blocks (%zu) : %d - %d -> distance = %d", i,
1523 state->heapinfo1[i].type, state->heapinfo2[i].type, distance);
1528 if (state->heapinfo1[i].type == MMALLOC_TYPE_FREE
1529 || state->heapinfo1[i].type == MMALLOC_TYPE_HAPINFO) { /* Free block */
1534 if (state->heapinfo1[i].type == MMALLOC_TYPE_UNFRAGMENTED) { /* Large block */
1536 if (state->heapinfo1[i].busy_block.size !=
1537 state->heapinfo2[i].busy_block.size) {
1539 BLOCKSIZE * max(state->heapinfo1[i].busy_block.size,
1540 state->heapinfo2[i].busy_block.size);
1541 i += max(state->heapinfo1[i].busy_block.size,
1542 state->heapinfo2[i].busy_block.size);
1544 ("Different larger of cluster at block %zu : %zu - %zu -> distance = %d",
1545 i, state->heapinfo1[i].busy_block.size,
1546 state->heapinfo2[i].busy_block.size, distance);
1550 /*if(heapinfo1[i].busy_block.busy_size != heapinfo2[i].busy_block.busy_size){
1551 distance += max(heapinfo1[i].busy_block.busy_size, heapinfo2[i].busy_block.busy_size);
1552 i += max(heapinfo1[i].busy_block.size, heapinfo2[i].busy_block.size);
1553 XBT_DEBUG("Different size used oin large cluster at block %zu : %zu - %zu -> distance = %d", i, heapinfo1[i].busy_block.busy_size, heapinfo2[i].busy_block.busy_size, distance);
1559 //while(k < (heapinfo1[i].busy_block.busy_size)){
1560 while (k < state->heapinfo1[i].busy_block.size * BLOCKSIZE) {
1561 if (memcmp((char *) addr_block1 + k, (char *) addr_block2 + k, 1) !=
1570 } else { /* Fragmented block */
1572 for (j = 0; j < (size_t) (BLOCKSIZE >> state->heapinfo1[i].type); j++) {
1575 (void *) ((char *) addr_block1 + (j << state->heapinfo1[i].type));
1577 (void *) ((char *) addr_block2 + (j << state->heapinfo2[i].type));
1579 if (state->heapinfo1[i].busy_frag.frag_size[j] == 0
1580 && state->heapinfo2[i].busy_frag.frag_size[j] == 0) {
1585 /*if(heapinfo1[i].busy_frag.frag_size[j] != heapinfo2[i].busy_frag.frag_size[j]){
1586 distance += max(heapinfo1[i].busy_frag.frag_size[j], heapinfo2[i].busy_frag.frag_size[j]);
1587 XBT_DEBUG("Different size used in fragment %zu in block %zu : %d - %d -> distance = %d", j, i, heapinfo1[i].busy_frag.frag_size[j], heapinfo2[i].busy_frag.frag_size[j], distance);
1593 //while(k < max(heapinfo1[i].busy_frag.frag_size[j], heapinfo2[i].busy_frag.frag_size[j])){
1594 while (k < (BLOCKSIZE / (BLOCKSIZE >> state->heapinfo1[i].type))) {
1595 if (memcmp((char *) addr_frag1 + k, (char *) addr_frag2 + k, 1) !=
