mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-30 21:55:31 +00:00
563 lines
18 KiB
C++
563 lines
18 KiB
C++
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
|
* vim: sw=4 ts=4 et :
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
#ifndef mozilla_DeadlockDetector_h
|
|
#define mozilla_DeadlockDetector_h
|
|
|
|
#include "mozilla/Attributes.h"
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include "plhash.h"
|
|
#include "prlock.h"
|
|
|
|
#include "nsTArray.h"
|
|
|
|
#ifdef NS_TRACE_MALLOC
|
|
# include "nsTraceMalloc.h"
|
|
#endif // ifdef NS_TRACE_MALLOC
|
|
|
|
namespace mozilla {
|
|
|
|
|
|
// FIXME bug 456272: split this off into a convenience API on top of
|
|
// nsStackWalk?
|
|
class NS_COM_GLUE CallStack
|
|
{
|
|
private:
|
|
#ifdef NS_TRACE_MALLOC
|
|
typedef nsTMStackTraceID callstack_id;
|
|
// needs to be a macro to avoid disturbing the backtrace
|
|
# define NS_GET_BACKTRACE() NS_TraceMallocGetStackTrace()
|
|
# define NS_DEADLOCK_DETECTOR_CONSTEXPR
|
|
#else
|
|
typedef void* callstack_id;
|
|
# define NS_GET_BACKTRACE() 0
|
|
# define NS_DEADLOCK_DETECTOR_CONSTEXPR MOZ_CONSTEXPR
|
|
#endif // ifdef NS_TRACE_MALLOC
|
|
|
|
callstack_id mCallStack;
|
|
|
|
public:
|
|
/**
|
|
* CallStack
|
|
* *ALWAYS* *ALWAYS* *ALWAYS* call this with no arguments. This
|
|
* constructor takes an argument *ONLY* so that |GET_BACKTRACE()|
|
|
* can be evaluated in the stack frame of the caller, rather than
|
|
* that of the constructor.
|
|
*
|
|
* *BEWARE*: this means that calling this constructor with no
|
|
* arguments is not the same as a "default, do-nothing"
|
|
* constructor: it *will* construct a backtrace. This can cause
|
|
* unexpected performance issues.
|
|
*/
|
|
NS_DEADLOCK_DETECTOR_CONSTEXPR
|
|
CallStack(const callstack_id aCallStack = NS_GET_BACKTRACE()) :
|
|
mCallStack(aCallStack)
|
|
{
|
|
}
|
|
NS_DEADLOCK_DETECTOR_CONSTEXPR
|
|
CallStack(const CallStack& aFrom) :
|
|
mCallStack(aFrom.mCallStack)
|
|
{
|
|
}
|
|
CallStack& operator=(const CallStack& aFrom)
|
|
{
|
|
mCallStack = aFrom.mCallStack;
|
|
return *this;
|
|
}
|
|
bool operator==(const CallStack& aOther) const
|
|
{
|
|
return mCallStack == aOther.mCallStack;
|
|
}
|
|
bool operator!=(const CallStack& aOther) const
|
|
{
|
|
return mCallStack != aOther.mCallStack;
|
|
}
|
|
|
|
// FIXME bug 456272: if this is split off,
|
|
// NS_TraceMallocPrintStackTrace should be modified to print into
|
|
// an nsACString
|
|
void Print(FILE* f) const
|
|
{
|
|
#ifdef NS_TRACE_MALLOC
|
|
if (this != &kNone && mCallStack) {
|
|
NS_TraceMallocPrintStackTrace(f, mCallStack);
|
|
return;
|
|
}
|
|
#endif
|
|
fputs(" [stack trace unavailable]\n", f);
|
|
}
|
|
|
|
/** The "null" callstack. */
|
|
static const CallStack kNone;
|
|
};
|
|
|
|
|
|
/**
|
|
* DeadlockDetector
|
|
*
|
|
* The following is an approximate description of how the deadlock detector
|
|
* works.
|
|
*
|
|
* The deadlock detector ensures that all blocking resources are
|
|
* acquired according to a partial order P. One type of blocking
|
|
* resource is a lock. If a lock l1 is acquired (locked) before l2,
|
|
* then we say that |l1 <_P l2|. The detector flags an error if two
|
|
* locks l1 and l2 have an inconsistent ordering in P; that is, if
|
|
* both |l1 <_P l2| and |l2 <_P l1|. This is a potential error
|
|
* because a thread acquiring l1,l2 according to the first order might
|
|
* race with a thread acquiring them according to the second order.
|
|
* If this happens under the right conditions, then the acquisitions
|
|
* will deadlock.
|
|
*
|
|
* This deadlock detector doesn't know at compile-time what P is. So,
|
|
* it tries to discover the order at run time. More precisely, it
|
|
* finds <i>some</i> order P, then tries to find chains of resource
|
|
* acquisitions that violate P. An example acquisition sequence, and
|
|
* the orders they impose, is
|
|
* l1.lock() // current chain: [ l1 ]
|
|
* // order: { }
|
|
*
|
|
* l2.lock() // current chain: [ l1, l2 ]
|
|
* // order: { l1 <_P l2 }
|
|
*
|
|
* l3.lock() // current chain: [ l1, l2, l3 ]
|
|
* // order: { l1 <_P l2, l2 <_P l3, l1 <_P l3 }
|
|
* // (note: <_P is transitive, so also |l1 <_P l3|)
|
|
*
|
|
* l2.unlock() // current chain: [ l1, l3 ]
|
|
* // order: { l1 <_P l2, l2 <_P l3, l1 <_P l3 }
|
|
* // (note: it's OK, but weird, that l2 was unlocked out
|
|
* // of order. we still have l1 <_P l3).
|
|
*
|
|
* l2.lock() // current chain: [ l1, l3, l2 ]
|
|
* // order: { l1 <_P l2, l2 <_P l3, l1 <_P l3,
|
|
* l3 <_P l2 (!!!) }
|
|
* BEEP BEEP! Here the detector will flag a potential error, since
|
|
* l2 and l3 were used inconsistently (and potentially in ways that
|
|
* would deadlock).
|
|
*/
|
|
template <typename T>
|
|
class DeadlockDetector
|
|
{
|
|
public:
|
|
/**
|
|
* ResourceAcquisition
|
|
* Consists simply of a resource and the calling context from
|
|
* which it was acquired. We pack this information together so
|
|
* that it can be returned back to the caller when a potential
|
|
* deadlock has been found.
|
|
*/
|
|
struct ResourceAcquisition
|
|
{
|
|
const T* mResource;
|
|
CallStack mCallContext;
|
|
|
|
ResourceAcquisition(
|
|
const T* aResource,
|
|
const CallStack aCallContext=CallStack::kNone) :
|
|
mResource(aResource),
|
|
mCallContext(aCallContext)
|
|
{
|
|
}
|
|
ResourceAcquisition(const ResourceAcquisition& aFrom) :
|
|
mResource(aFrom.mResource),
|
|
mCallContext(aFrom.mCallContext)
|
|
{
|
|
}
|
|
ResourceAcquisition& operator=(const ResourceAcquisition& aFrom)
|
|
{
|
|
mResource = aFrom.mResource;
|
|
mCallContext = aFrom.mCallContext;
|
|
return *this;
|
|
}
|
|
};
|
|
typedef nsTArray<ResourceAcquisition> ResourceAcquisitionArray;
|
|
|
|
private:
|
|
typedef nsTArray<PLHashEntry*> HashEntryArray;
|
|
typedef typename HashEntryArray::index_type index_type;
|
|
typedef typename HashEntryArray::size_type size_type;
|
|
enum {
|
|
NoIndex = HashEntryArray::NoIndex
|
|
};
|
|
|
|
/**
|
|
* Value type for the ordering table. Contains the other
|
|
* resources on which an ordering constraint |key < other|
|
|
* exists. The catch is that we also store the calling context at
|
|
* which the other resource was acquired; this improves the
|
|
* quality of error messages when potential deadlock is detected.
|
|
*/
|
|
struct OrderingEntry
|
|
{
|
|
OrderingEntry() :
|
|
mFirstSeen(CallStack::kNone),
|
|
mOrderedLT() // FIXME bug 456272: set to empirical
|
|
{ // dep size?
|
|
}
|
|
~OrderingEntry()
|
|
{
|
|
}
|
|
|
|
CallStack mFirstSeen; // first site from which the resource appeared
|
|
HashEntryArray mOrderedLT; // this <_o Other
|
|
};
|
|
|
|
static void* TableAlloc(void* /*pool*/, size_t size)
|
|
{
|
|
return operator new(size);
|
|
}
|
|
static void TableFree(void* /*pool*/, void* item)
|
|
{
|
|
operator delete(item);
|
|
}
|
|
static PLHashEntry* EntryAlloc(void* /*pool*/, const void* key)
|
|
{
|
|
return new PLHashEntry;
|
|
}
|
|
static void EntryFree(void* /*pool*/, PLHashEntry* entry, unsigned flag)
|
|
{
|
|
delete static_cast<T*>(const_cast<void*>(entry->key));
|
|
delete static_cast<OrderingEntry*>(entry->value);
|
|
entry->value = 0;
|
|
if (HT_FREE_ENTRY == flag)
|
|
delete entry;
|
|
}
|
|
static PLHashNumber HashKey(const void* aKey)
|
|
{
|
|
return NS_PTR_TO_INT32(aKey) >> 2;
|
|
}
|
|
static const PLHashAllocOps kAllocOps;
|
|
|
|
// Hash table "interface" the rest of the code should use
|
|
|
|
PLHashEntry** GetEntry(const T* aKey)
|
|
{
|
|
return PL_HashTableRawLookup(mOrdering, HashKey(aKey), aKey);
|
|
}
|
|
|
|
void PutEntry(T* aKey)
|
|
{
|
|
PL_HashTableAdd(mOrdering, aKey, new OrderingEntry());
|
|
}
|
|
|
|
// XXX need these helper methods because OrderingEntry doesn't have
|
|
// XXX access to underlying PLHashEntry
|
|
|
|
/**
|
|
* Add the order |aFirst <_o aSecond|.
|
|
*
|
|
* WARNING: this does not check whether it's sane to add this
|
|
* order. In the "best" bad case, when this order already exists,
|
|
* adding it anyway may unnecessarily result in O(n^2) space. In
|
|
* the "worst" bad case, adding it anyway will cause
|
|
* |InTransitiveClosure()| to diverge.
|
|
*/
|
|
void AddOrder(PLHashEntry* aLT, PLHashEntry* aGT)
|
|
{
|
|
static_cast<OrderingEntry*>(aLT->value)->mOrderedLT
|
|
.InsertElementSorted(aGT);
|
|
}
|
|
|
|
/**
|
|
* Return true iff the order |aFirst < aSecond| has been
|
|
* *explicitly* added.
|
|
*
|
|
* Does not consider transitivity.
|
|
*/
|
|
bool IsOrdered(const PLHashEntry* aFirst, const PLHashEntry* aSecond)
|
|
const
|
|
{
|
|
return NoIndex !=
|
|
static_cast<const OrderingEntry*>(aFirst->value)->mOrderedLT
|
|
.BinaryIndexOf(aSecond);
|
|
}
|
|
|
|
/**
|
|
* Return a pointer to the array of all elements "that" for
|
|
* which the order |this < that| has been explicitly added.
|
|
*
|
|
* NOTE: this does *not* consider transitive orderings.
|
|
*/
|
|
PLHashEntry* const* GetOrders(const PLHashEntry* aEntry) const
|
|
{
|
|
return static_cast<const OrderingEntry*>(aEntry->value)->mOrderedLT
|
|
.Elements();
|
|
}
|
|
|
|
/**
|
|
* Return the number of elements "that" for which the order
|
|
* |this < that| has been explicitly added.
|
|
*
|
|
* NOTE: this does *not* consider transitive orderings.
|
|
*/
|
|
size_type NumOrders(const PLHashEntry* aEntry) const
|
|
{
|
|
return static_cast<const OrderingEntry*>(aEntry->value)->mOrderedLT
|
|
.Length();
|
|
}
|
|
|
|
/** Make a ResourceAcquisition out of |aEntry|. */
|
|
ResourceAcquisition MakeResourceAcquisition(const PLHashEntry* aEntry)
|
|
const
|
|
{
|
|
return ResourceAcquisition(
|
|
static_cast<const T*>(aEntry->key),
|
|
static_cast<const OrderingEntry*>(aEntry->value)->mFirstSeen);
|
|
}
|
|
|
|
// Throwaway RAII lock to make the following code safer.
|
|
struct PRAutoLock
|
|
{
|
|
PRAutoLock(PRLock* aLock) : mLock(aLock) { PR_Lock(mLock); }
|
|
~PRAutoLock() { PR_Unlock(mLock); }
|
|
PRLock* mLock;
|
|
};
|
|
|
|
public:
|
|
static const uint32_t kDefaultNumBuckets;
|
|
|
|
/**
|
|
* DeadlockDetector
|
|
* Create a new deadlock detector.
|
|
*
|
|
* @param aNumResourcesGuess Guess at approximate number of resources
|
|
* that will be checked.
|
|
*/
|
|
DeadlockDetector(uint32_t aNumResourcesGuess = kDefaultNumBuckets)
|
|
{
|
|
mOrdering = PL_NewHashTable(aNumResourcesGuess,
|
|
HashKey,
|
|
PL_CompareValues, PL_CompareValues,
|
|
&kAllocOps, 0);
|
|
if (!mOrdering)
|
|
NS_RUNTIMEABORT("couldn't initialize resource ordering table");
|
|
|
|
mLock = PR_NewLock();
|
|
if (!mLock)
|
|
NS_RUNTIMEABORT("couldn't allocate deadlock detector lock");
|
|
}
|
|
|
|
/**
|
|
* ~DeadlockDetector
|
|
*
|
|
* *NOT* thread safe.
|
|
*/
|
|
~DeadlockDetector()
|
|
{
|
|
PL_HashTableDestroy(mOrdering);
|
|
PR_DestroyLock(mLock);
|
|
}
|
|
|
|
/**
|
|
* Add
|
|
* Make the deadlock detector aware of |aResource|.
|
|
*
|
|
* WARNING: The deadlock detector owns |aResource|.
|
|
*
|
|
* Thread safe.
|
|
*
|
|
* @param aResource Resource to make deadlock detector aware of.
|
|
*/
|
|
void Add(T* aResource)
|
|
{
|
|
PRAutoLock _(mLock);
|
|
PutEntry(aResource);
|
|
}
|
|
|
|
// Nb: implementing a Remove() method makes the detector "more
|
|
// unsound." By removing a resource from the orderings, deadlocks
|
|
// may be missed that would otherwise have been found. However,
|
|
// removing resources possibly reduces the # of false positives,
|
|
// and additionally saves space. So it's a trade off; we have
|
|
// chosen to err on the side of caution and not implement Remove().
|
|
|
|
/**
|
|
* CheckAcquisition This method is called after acquiring |aLast|,
|
|
* but before trying to acquire |aProposed| from |aCallContext|.
|
|
* It determines whether actually trying to acquire |aProposed|
|
|
* will create problems. It is OK if |aLast| is nullptr; this is
|
|
* interpreted as |aProposed| being the thread's first acquisition
|
|
* of its current chain.
|
|
*
|
|
* Iff acquiring |aProposed| may lead to deadlock for some thread
|
|
* interleaving (including the current one!), the cyclical
|
|
* dependency from which this was deduced is returned. Otherwise,
|
|
* 0 is returned.
|
|
*
|
|
* If a potential deadlock is detected and a resource cycle is
|
|
* returned, it is the *caller's* responsibility to free it.
|
|
*
|
|
* Thread safe.
|
|
*
|
|
* @param aLast Last resource acquired by calling thread (or 0).
|
|
* @param aProposed Resource calling thread proposes to acquire.
|
|
* @param aCallContext Calling context whence acquisiton request came.
|
|
*/
|
|
ResourceAcquisitionArray* CheckAcquisition(const T* aLast,
|
|
const T* aProposed,
|
|
const CallStack& aCallContext)
|
|
{
|
|
NS_ASSERTION(aProposed, "null resource");
|
|
PRAutoLock _(mLock);
|
|
|
|
PLHashEntry* second = *GetEntry(aProposed);
|
|
OrderingEntry* e = static_cast<OrderingEntry*>(second->value);
|
|
if (CallStack::kNone == e->mFirstSeen)
|
|
e->mFirstSeen = aCallContext;
|
|
|
|
if (!aLast)
|
|
// don't check if |0 < proposed|; just vamoose
|
|
return 0;
|
|
|
|
PLHashEntry* first = *GetEntry(aLast);
|
|
|
|
// this is the crux of the deadlock detector algorithm
|
|
|
|
if (first == second) {
|
|
// reflexive deadlock. fastpath b/c InTransitiveClosure is
|
|
// not applicable here.
|
|
ResourceAcquisitionArray* cycle = new ResourceAcquisitionArray();
|
|
if (!cycle)
|
|
NS_RUNTIMEABORT("can't allocate dep. cycle array");
|
|
cycle->AppendElement(MakeResourceAcquisition(first));
|
|
cycle->AppendElement(ResourceAcquisition(aProposed,
|
|
aCallContext));
|
|
return cycle;
|
|
}
|
|
if (InTransitiveClosure(first, second)) {
|
|
// we've already established |last < proposed|. all is well.
|
|
return 0;
|
|
}
|
|
if (InTransitiveClosure(second, first)) {
|
|
// the order |proposed < last| has been deduced, perhaps
|
|
// transitively. we're attempting to violate that
|
|
// constraint by acquiring resources in the order
|
|
// |last < proposed|, and thus we may deadlock under the
|
|
// right conditions.
|
|
ResourceAcquisitionArray* cycle = GetDeductionChain(second, first);
|
|
// show how acquiring |proposed| would complete the cycle
|
|
cycle->AppendElement(ResourceAcquisition(aProposed,
|
|
aCallContext));
|
|
return cycle;
|
|
}
|
|
// |last|, |proposed| are unordered according to our
|
|
// poset. this is fine, but we now need to add this
|
|
// ordering constraint.
|
|
AddOrder(first, second);
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* Return true iff |aTarget| is in the transitive closure of |aStart|
|
|
* over the ordering relation `<_this'.
|
|
*
|
|
* @precondition |aStart != aTarget|
|
|
*/
|
|
bool InTransitiveClosure(const PLHashEntry* aStart,
|
|
const PLHashEntry* aTarget) const
|
|
{
|
|
if (IsOrdered(aStart, aTarget))
|
|
return true;
|
|
|
|
index_type i = 0;
|
|
size_type len = NumOrders(aStart);
|
|
for (const PLHashEntry* const* it = GetOrders(aStart);
|
|
i < len; ++i, ++it)
|
|
if (InTransitiveClosure(*it, aTarget))
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Return an array of all resource acquisitions
|
|
* aStart <_this r1 <_this r2 <_ ... <_ aTarget
|
|
* from which |aStart <_this aTarget| was deduced, including
|
|
* |aStart| and |aTarget|.
|
|
*
|
|
* Nb: there may be multiple deductions of |aStart <_this
|
|
* aTarget|. This function returns the first ordering found by
|
|
* depth-first search.
|
|
*
|
|
* Nb: |InTransitiveClosure| could be replaced by this function.
|
|
* However, this one is more expensive because we record the DFS
|
|
* search stack on the heap whereas the other doesn't.
|
|
*
|
|
* @precondition |aStart != aTarget|
|
|
*/
|
|
ResourceAcquisitionArray* GetDeductionChain(
|
|
const PLHashEntry* aStart,
|
|
const PLHashEntry* aTarget)
|
|
{
|
|
ResourceAcquisitionArray* chain = new ResourceAcquisitionArray();
|
|
if (!chain)
|
|
NS_RUNTIMEABORT("can't allocate dep. cycle array");
|
|
chain->AppendElement(MakeResourceAcquisition(aStart));
|
|
|
|
NS_ASSERTION(GetDeductionChain_Helper(aStart, aTarget, chain),
|
|
"GetDeductionChain called when there's no deadlock");
|
|
return chain;
|
|
}
|
|
|
|
// precondition: |aStart != aTarget|
|
|
// invariant: |aStart| is the last element in |aChain|
|
|
bool GetDeductionChain_Helper(const PLHashEntry* aStart,
|
|
const PLHashEntry* aTarget,
|
|
ResourceAcquisitionArray* aChain)
|
|
{
|
|
if (IsOrdered(aStart, aTarget)) {
|
|
aChain->AppendElement(MakeResourceAcquisition(aTarget));
|
|
return true;
|
|
}
|
|
|
|
index_type i = 0;
|
|
size_type len = NumOrders(aStart);
|
|
for (const PLHashEntry* const* it = GetOrders(aStart);
|
|
i < len; ++i, ++it) {
|
|
aChain->AppendElement(MakeResourceAcquisition(*it));
|
|
if (GetDeductionChain_Helper(*it, aTarget, aChain))
|
|
return true;
|
|
aChain->RemoveElementAt(aChain->Length() - 1);
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* The partial order on resource acquisitions used by the deadlock
|
|
* detector.
|
|
*/
|
|
PLHashTable* mOrdering; // T* -> PLHashEntry<OrderingEntry>
|
|
|
|
/**
|
|
* Protects contentious methods.
|
|
* Nb: can't use mozilla::Mutex since we are used as its deadlock
|
|
* detector.
|
|
*/
|
|
PRLock* mLock;
|
|
|
|
private:
|
|
DeadlockDetector(const DeadlockDetector& aDD) MOZ_DELETE;
|
|
DeadlockDetector& operator=(const DeadlockDetector& aDD) MOZ_DELETE;
|
|
};
|
|
|
|
|
|
template<typename T>
|
|
const PLHashAllocOps DeadlockDetector<T>::kAllocOps = {
|
|
DeadlockDetector<T>::TableAlloc, DeadlockDetector<T>::TableFree,
|
|
DeadlockDetector<T>::EntryAlloc, DeadlockDetector<T>::EntryFree
|
|
};
|
|
|
|
|
|
template<typename T>
|
|
// FIXME bug 456272: tune based on average workload
|
|
const uint32_t DeadlockDetector<T>::kDefaultNumBuckets = 64;
|
|
|
|
|
|
} // namespace mozilla
|
|
|
|
#endif // ifndef mozilla_DeadlockDetector_h
|