| /* |
| * Copyright (C) 2014 Apple Inc. All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in the |
| * documentation and/or other materials provided with the distribution. |
| * |
| * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY |
| * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR |
| * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
| * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
| * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
| |
| #include "config.h" |
| #include "HeapVerifier.h" |
| |
| #include "ButterflyInlines.h" |
| #include "CopiedSpaceInlines.h" |
| #include "HeapIterationScope.h" |
| #include "JSCInlines.h" |
| #include "JSObject.h" |
| |
| namespace JSC { |
| |
| HeapVerifier::HeapVerifier(Heap* heap, unsigned numberOfGCCyclesToRecord) |
| : m_heap(heap) |
| , m_currentCycle(0) |
| , m_numberOfCycles(numberOfGCCyclesToRecord) |
| { |
| RELEASE_ASSERT(m_numberOfCycles > 0); |
| m_cycles = std::make_unique<GCCycle[]>(m_numberOfCycles); |
| } |
| |
| const char* HeapVerifier::collectionTypeName(HeapOperation type) |
| { |
| switch (type) { |
| case NoOperation: |
| return "NoOperation"; |
| case AnyCollection: |
| return "AnyCollection"; |
| case Allocation: |
| return "Allocation"; |
| case EdenCollection: |
| return "EdenCollection"; |
| case FullCollection: |
| return "FullCollection"; |
| } |
| RELEASE_ASSERT_NOT_REACHED(); |
| return nullptr; // Silencing a compiler warning. |
| } |
| |
| const char* HeapVerifier::phaseName(HeapVerifier::Phase phase) |
| { |
| switch (phase) { |
| case Phase::BeforeGC: |
| return "BeforeGC"; |
| case Phase::BeforeMarking: |
| return "BeforeMarking"; |
| case Phase::AfterMarking: |
| return "AfterMarking"; |
| case Phase::AfterGC: |
| return "AfterGC"; |
| } |
| RELEASE_ASSERT_NOT_REACHED(); |
| return nullptr; // Silencing a compiler warning. |
| } |
| |
| static void getButterflyDetails(JSObject* obj, void*& butterflyBase, size_t& butterflyCapacityInBytes, CopiedBlock*& butterflyBlock) |
| { |
| Structure* structure = obj->structure(); |
| Butterfly* butterfly = obj->butterfly(); |
| butterflyBase = butterfly->base(structure); |
| butterflyBlock = CopiedSpace::blockFor(butterflyBase); |
| |
| size_t propertyCapacity = structure->outOfLineCapacity(); |
| size_t preCapacity; |
| size_t indexingPayloadSizeInBytes; |
| bool hasIndexingHeader = obj->hasIndexingHeader(); |
| if (UNLIKELY(hasIndexingHeader)) { |
| preCapacity = butterfly->indexingHeader()->preCapacity(structure); |
| indexingPayloadSizeInBytes = butterfly->indexingHeader()->indexingPayloadSizeInBytes(structure); |
| } else { |
| preCapacity = 0; |
| indexingPayloadSizeInBytes = 0; |
| } |
| butterflyCapacityInBytes = Butterfly::totalSize(preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes); |
| } |
| |
| void HeapVerifier::initializeGCCycle() |
| { |
| Heap* heap = m_heap; |
| incrementCycle(); |
| currentCycle().collectionType = heap->operationInProgress(); |
| } |
| |
| struct GatherLiveObjFunctor : MarkedBlock::CountFunctor { |
| GatherLiveObjFunctor(LiveObjectList& list) |
| : m_list(list) |
| { |
| ASSERT(!list.liveObjects.size()); |
| } |
| |
| inline void visit(JSCell* cell) |
| { |
| if (!cell->isObject()) |
| return; |
| LiveObjectData data(asObject(cell)); |
| m_list.liveObjects.append(data); |
| } |
| |
| IterationStatus operator()(JSCell* cell) |
| { |
| visit(cell); |
| return IterationStatus::Continue; |
| } |
| |
| LiveObjectList& m_list; |
| }; |
| |
| void HeapVerifier::gatherLiveObjects(HeapVerifier::Phase phase) |
| { |
| Heap* heap = m_heap; |
| LiveObjectList& list = *liveObjectListForGathering(phase); |
| |
| HeapIterationScope iterationScope(*heap); |
| list.reset(); |
| GatherLiveObjFunctor functor(list); |
| heap->m_objectSpace.forEachLiveCell(iterationScope, functor); |
| } |
| |
| LiveObjectList* HeapVerifier::liveObjectListForGathering(HeapVerifier::Phase phase) |
| { |
| switch (phase) { |
| case Phase::BeforeMarking: |
| return ¤tCycle().before; |
| case Phase::AfterMarking: |
| return ¤tCycle().after; |
| case Phase::BeforeGC: |
| case Phase::AfterGC: |
| // We should not be gathering live objects during these phases. |
| break; |
| } |
| RELEASE_ASSERT_NOT_REACHED(); |
| return nullptr; // Silencing a compiler warning. |
| } |
| |
| static void trimDeadObjectsFromList(HashSet<JSObject*>& knownLiveSet, LiveObjectList& list) |
| { |
| if (!list.hasLiveObjects) |
| return; |
| |
| size_t liveObjectsFound = 0; |
| for (size_t i = 0; i < list.liveObjects.size(); i++) { |
| LiveObjectData& objData = list.liveObjects[i]; |
| if (objData.isConfirmedDead) |
| continue; // Don't "resurrect" known dead objects. |
| if (!knownLiveSet.contains(objData.obj)) { |
| objData.isConfirmedDead = true; |
| continue; |
| } |
| liveObjectsFound++; |
| } |
| list.hasLiveObjects = !!liveObjectsFound; |
| } |
| |
| void HeapVerifier::trimDeadObjects() |
| { |
| HashSet<JSObject*> knownLiveSet; |
| |
| LiveObjectList& after = currentCycle().after; |
| for (size_t i = 0; i < after.liveObjects.size(); i++) { |
| LiveObjectData& objData = after.liveObjects[i]; |
| knownLiveSet.add(objData.obj); |
| } |
| |
| trimDeadObjectsFromList(knownLiveSet, currentCycle().before); |
| |
| for (int i = -1; i > -m_numberOfCycles; i--) { |
| trimDeadObjectsFromList(knownLiveSet, cycleForIndex(i).before); |
| trimDeadObjectsFromList(knownLiveSet, cycleForIndex(i).after); |
| } |
| } |
| |
| bool HeapVerifier::verifyButterflyIsInStorageSpace(Phase phase, LiveObjectList& list) |
| { |
| auto& liveObjects = list.liveObjects; |
| |
| CopiedSpace& storageSpace = m_heap->m_storageSpace; |
| bool listNamePrinted = false; |
| bool success = true; |
| for (size_t i = 0; i < liveObjects.size(); i++) { |
| LiveObjectData& objectData = liveObjects[i]; |
| if (objectData.isConfirmedDead) |
| continue; |
| |
| JSObject* obj = objectData.obj; |
| Butterfly* butterfly = obj->butterfly(); |
| if (butterfly) { |
| void* butterflyBase; |
| size_t butterflyCapacityInBytes; |
| CopiedBlock* butterflyBlock; |
| getButterflyDetails(obj, butterflyBase, butterflyCapacityInBytes, butterflyBlock); |
| |
| if (!storageSpace.contains(butterflyBlock)) { |
| if (!listNamePrinted) { |
| dataLogF("Verification @ phase %s FAILED in object list '%s' (size %zu)\n", |
| phaseName(phase), list.name, liveObjects.size()); |
| listNamePrinted = true; |
| } |
| |
| Structure* structure = obj->structure(); |
| const char* structureClassName = structure->classInfo()->className; |
| dataLogF(" butterfly %p (base %p size %zu block %p) NOT in StorageSpace | obj %p type '%s'\n", |
| butterfly, butterflyBase, butterflyCapacityInBytes, butterflyBlock, obj, structureClassName); |
| success = false; |
| } |
| } |
| } |
| return success; |
| } |
| |
| void HeapVerifier::verify(HeapVerifier::Phase phase) |
| { |
| bool beforeVerified = verifyButterflyIsInStorageSpace(phase, currentCycle().before); |
| bool afterVerified = verifyButterflyIsInStorageSpace(phase, currentCycle().after); |
| RELEASE_ASSERT(beforeVerified && afterVerified); |
| } |
| |
| void HeapVerifier::reportObject(LiveObjectData& objData, int cycleIndex, HeapVerifier::GCCycle& cycle, LiveObjectList& list) |
| { |
| JSObject* obj = objData.obj; |
| |
| if (objData.isConfirmedDead) { |
| dataLogF("FOUND dead obj %p in GC[%d] %s list '%s'\n", |
| obj, cycleIndex, cycle.collectionTypeName(), list.name); |
| return; |
| } |
| |
| Structure* structure = obj->structure(); |
| Butterfly* butterfly = obj->butterfly(); |
| void* butterflyBase; |
| size_t butterflyCapacityInBytes; |
| CopiedBlock* butterflyBlock; |
| getButterflyDetails(obj, butterflyBase, butterflyCapacityInBytes, butterflyBlock); |
| |
| dataLogF("FOUND obj %p type '%s' butterfly %p (base %p size %zu block %p) in GC[%d] %s list '%s'\n", |
| obj, structure->classInfo()->className, |
| butterfly, butterflyBase, butterflyCapacityInBytes, butterflyBlock, |
| cycleIndex, cycle.collectionTypeName(), list.name); |
| } |
| |
| void HeapVerifier::checkIfRecorded(JSObject* obj) |
| { |
| bool found = false; |
| |
| for (int cycleIndex = 0; cycleIndex > -m_numberOfCycles; cycleIndex--) { |
| GCCycle& cycle = cycleForIndex(cycleIndex); |
| LiveObjectList& beforeList = cycle.before; |
| LiveObjectList& afterList = cycle.after; |
| |
| LiveObjectData* objData; |
| objData = beforeList.findObject(obj); |
| if (objData) { |
| reportObject(*objData, cycleIndex, cycle, beforeList); |
| found = true; |
| } |
| objData = afterList.findObject(obj); |
| if (objData) { |
| reportObject(*objData, cycleIndex, cycle, afterList); |
| found = true; |
| } |
| } |
| |
| if (!found) |
| dataLogF("obj %p NOT FOUND\n", obj); |
| } |
| |
| } // namespace JSC |
