mirror of https://gitee.com/openkylin/firefox.git
360 lines
12 KiB
C++
360 lines
12 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
#ifndef mozilla_DeadlockDetector_h
|
|
#define mozilla_DeadlockDetector_h
|
|
|
|
#include "mozilla/Attributes.h"
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include "prlock.h"
|
|
|
|
#include "nsClassHashtable.h"
|
|
#include "nsTArray.h"
|
|
|
|
namespace mozilla {
|
|
|
|
/**
|
|
* DeadlockDetector
|
|
*
|
|
* The following is an approximate description of how the deadlock detector
|
|
* works.
|
|
*
|
|
* The deadlock detector ensures that all blocking resources are
|
|
* acquired according to a partial order P. One type of blocking
|
|
* resource is a lock. If a lock l1 is acquired (locked) before l2,
|
|
* then we say that |l1 <_P l2|. The detector flags an error if two
|
|
* locks l1 and l2 have an inconsistent ordering in P; that is, if
|
|
* both |l1 <_P l2| and |l2 <_P l1|. This is a potential error
|
|
* because a thread acquiring l1,l2 according to the first order might
|
|
* race with a thread acquiring them according to the second order.
|
|
* If this happens under the right conditions, then the acquisitions
|
|
* will deadlock.
|
|
*
|
|
* This deadlock detector doesn't know at compile-time what P is. So,
|
|
* it tries to discover the order at run time. More precisely, it
|
|
* finds <i>some</i> order P, then tries to find chains of resource
|
|
* acquisitions that violate P. An example acquisition sequence, and
|
|
* the orders they impose, is
|
|
* l1.lock() // current chain: [ l1 ]
|
|
* // order: { }
|
|
*
|
|
* l2.lock() // current chain: [ l1, l2 ]
|
|
* // order: { l1 <_P l2 }
|
|
*
|
|
* l3.lock() // current chain: [ l1, l2, l3 ]
|
|
* // order: { l1 <_P l2, l2 <_P l3, l1 <_P l3 }
|
|
* // (note: <_P is transitive, so also |l1 <_P l3|)
|
|
*
|
|
* l2.unlock() // current chain: [ l1, l3 ]
|
|
* // order: { l1 <_P l2, l2 <_P l3, l1 <_P l3 }
|
|
* // (note: it's OK, but weird, that l2 was unlocked out
|
|
* // of order. we still have l1 <_P l3).
|
|
*
|
|
* l2.lock() // current chain: [ l1, l3, l2 ]
|
|
* // order: { l1 <_P l2, l2 <_P l3, l1 <_P l3,
|
|
* l3 <_P l2 (!!!) }
|
|
* BEEP BEEP! Here the detector will flag a potential error, since
|
|
* l2 and l3 were used inconsistently (and potentially in ways that
|
|
* would deadlock).
|
|
*/
|
|
template <typename T>
|
|
class DeadlockDetector {
|
|
public:
|
|
typedef nsTArray<const T*> ResourceAcquisitionArray;
|
|
|
|
private:
|
|
struct OrderingEntry;
|
|
typedef nsTArray<OrderingEntry*> HashEntryArray;
|
|
typedef typename HashEntryArray::index_type index_type;
|
|
typedef typename HashEntryArray::size_type size_type;
|
|
static const index_type NoIndex = HashEntryArray::NoIndex;
|
|
|
|
/**
|
|
* Value type for the ordering table. Contains the other
|
|
* resources on which an ordering constraint |key < other|
|
|
* exists. The catch is that we also store the calling context at
|
|
* which the other resource was acquired; this improves the
|
|
* quality of error messages when potential deadlock is detected.
|
|
*/
|
|
struct OrderingEntry {
|
|
explicit OrderingEntry(const T* aResource)
|
|
: mOrderedLT() // FIXME bug 456272: set to empirical dep size?
|
|
,
|
|
mExternalRefs(),
|
|
mResource(aResource) {}
|
|
~OrderingEntry() {}
|
|
|
|
size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const {
|
|
size_t n = aMallocSizeOf(this);
|
|
n += mOrderedLT.ShallowSizeOfExcludingThis(aMallocSizeOf);
|
|
n += mExternalRefs.ShallowSizeOfExcludingThis(aMallocSizeOf);
|
|
return n;
|
|
}
|
|
|
|
HashEntryArray mOrderedLT; // this <_o Other
|
|
HashEntryArray mExternalRefs; // hash entries that reference this
|
|
const T* mResource;
|
|
};
|
|
|
|
// Throwaway RAII lock to make the following code safer.
|
|
struct PRAutoLock {
|
|
explicit PRAutoLock(PRLock* aLock) : mLock(aLock) { PR_Lock(mLock); }
|
|
~PRAutoLock() { PR_Unlock(mLock); }
|
|
PRLock* mLock;
|
|
};
|
|
|
|
public:
|
|
static const uint32_t kDefaultNumBuckets;
|
|
|
|
/**
|
|
* DeadlockDetector
|
|
* Create a new deadlock detector.
|
|
*
|
|
* @param aNumResourcesGuess Guess at approximate number of resources
|
|
* that will be checked.
|
|
*/
|
|
explicit DeadlockDetector(uint32_t aNumResourcesGuess = kDefaultNumBuckets)
|
|
: mOrdering(aNumResourcesGuess) {
|
|
mLock = PR_NewLock();
|
|
if (!mLock) {
|
|
MOZ_CRASH("couldn't allocate deadlock detector lock");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* ~DeadlockDetector
|
|
*
|
|
* *NOT* thread safe.
|
|
*/
|
|
~DeadlockDetector() { PR_DestroyLock(mLock); }
|
|
|
|
size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const {
|
|
size_t n = aMallocSizeOf(this);
|
|
|
|
{
|
|
PRAutoLock _(mLock);
|
|
n += mOrdering.ShallowSizeOfExcludingThis(aMallocSizeOf);
|
|
for (const auto& data : mOrdering.Values()) {
|
|
// NB: Key is accounted for in the entry.
|
|
n += data->SizeOfIncludingThis(aMallocSizeOf);
|
|
}
|
|
}
|
|
|
|
return n;
|
|
}
|
|
|
|
/**
|
|
* Add
|
|
* Make the deadlock detector aware of |aResource|.
|
|
*
|
|
* WARNING: The deadlock detector owns |aResource|.
|
|
*
|
|
* Thread safe.
|
|
*
|
|
* @param aResource Resource to make deadlock detector aware of.
|
|
*/
|
|
void Add(const T* aResource) {
|
|
PRAutoLock _(mLock);
|
|
mOrdering.InsertOrUpdate(aResource, MakeUnique<OrderingEntry>(aResource));
|
|
}
|
|
|
|
void Remove(const T* aResource) {
|
|
PRAutoLock _(mLock);
|
|
|
|
OrderingEntry* entry = mOrdering.Get(aResource);
|
|
|
|
// Iterate the external refs and remove the entry from them.
|
|
HashEntryArray& refs = entry->mExternalRefs;
|
|
for (index_type i = 0; i < refs.Length(); i++) {
|
|
refs[i]->mOrderedLT.RemoveElementSorted(entry);
|
|
}
|
|
|
|
// Iterate orders and remove this entry from their refs.
|
|
HashEntryArray& orders = entry->mOrderedLT;
|
|
for (index_type i = 0; i < orders.Length(); i++) {
|
|
orders[i]->mExternalRefs.RemoveElementSorted(entry);
|
|
}
|
|
|
|
// Now the entry can be safely removed.
|
|
mOrdering.Remove(aResource);
|
|
}
|
|
|
|
/**
|
|
* CheckAcquisition This method is called after acquiring |aLast|,
|
|
* but before trying to acquire |aProposed|.
|
|
* It determines whether actually trying to acquire |aProposed|
|
|
* will create problems. It is OK if |aLast| is nullptr; this is
|
|
* interpreted as |aProposed| being the thread's first acquisition
|
|
* of its current chain.
|
|
*
|
|
* Iff acquiring |aProposed| may lead to deadlock for some thread
|
|
* interleaving (including the current one!), the cyclical
|
|
* dependency from which this was deduced is returned. Otherwise,
|
|
* 0 is returned.
|
|
*
|
|
* If a potential deadlock is detected and a resource cycle is
|
|
* returned, it is the *caller's* responsibility to free it.
|
|
*
|
|
* Thread safe.
|
|
*
|
|
* @param aLast Last resource acquired by calling thread (or 0).
|
|
* @param aProposed Resource calling thread proposes to acquire.
|
|
*/
|
|
ResourceAcquisitionArray* CheckAcquisition(const T* aLast,
|
|
const T* aProposed) {
|
|
if (!aLast) {
|
|
// don't check if |0 < aProposed|; just vamoose
|
|
return 0;
|
|
}
|
|
|
|
NS_ASSERTION(aProposed, "null resource");
|
|
PRAutoLock _(mLock);
|
|
|
|
OrderingEntry* proposed = mOrdering.Get(aProposed);
|
|
NS_ASSERTION(proposed, "missing ordering entry");
|
|
|
|
OrderingEntry* current = mOrdering.Get(aLast);
|
|
NS_ASSERTION(current, "missing ordering entry");
|
|
|
|
// this is the crux of the deadlock detector algorithm
|
|
|
|
if (current == proposed) {
|
|
// reflexive deadlock. fastpath b/c InTransitiveClosure is
|
|
// not applicable here.
|
|
ResourceAcquisitionArray* cycle = new ResourceAcquisitionArray();
|
|
if (!cycle) {
|
|
MOZ_CRASH("can't allocate dep. cycle array");
|
|
}
|
|
cycle->AppendElement(current->mResource);
|
|
cycle->AppendElement(aProposed);
|
|
return cycle;
|
|
}
|
|
if (InTransitiveClosure(current, proposed)) {
|
|
// we've already established |aLast < aProposed|. all is well.
|
|
return 0;
|
|
}
|
|
if (InTransitiveClosure(proposed, current)) {
|
|
// the order |aProposed < aLast| has been deduced, perhaps
|
|
// transitively. we're attempting to violate that
|
|
// constraint by acquiring resources in the order
|
|
// |aLast < aProposed|, and thus we may deadlock under the
|
|
// right conditions.
|
|
ResourceAcquisitionArray* cycle = GetDeductionChain(proposed, current);
|
|
// show how acquiring |aProposed| would complete the cycle
|
|
cycle->AppendElement(aProposed);
|
|
return cycle;
|
|
}
|
|
// |aLast|, |aProposed| are unordered according to our
|
|
// poset. this is fine, but we now need to add this
|
|
// ordering constraint.
|
|
current->mOrderedLT.InsertElementSorted(proposed);
|
|
proposed->mExternalRefs.InsertElementSorted(current);
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* Return true iff |aTarget| is in the transitive closure of |aStart|
|
|
* over the ordering relation `<_this'.
|
|
*
|
|
* @precondition |aStart != aTarget|
|
|
*/
|
|
bool InTransitiveClosure(const OrderingEntry* aStart,
|
|
const OrderingEntry* aTarget) const {
|
|
// NB: Using a static comparator rather than default constructing one shows
|
|
// a 9% improvement in scalability tests on some systems.
|
|
static nsDefaultComparator<const OrderingEntry*, const OrderingEntry*> comp;
|
|
if (aStart->mOrderedLT.BinaryIndexOf(aTarget, comp) != NoIndex) {
|
|
return true;
|
|
}
|
|
|
|
index_type i = 0;
|
|
size_type len = aStart->mOrderedLT.Length();
|
|
for (auto it = aStart->mOrderedLT.Elements(); i < len; ++i, ++it) {
|
|
if (InTransitiveClosure(*it, aTarget)) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Return an array of all resource acquisitions
|
|
* aStart <_this r1 <_this r2 <_ ... <_ aTarget
|
|
* from which |aStart <_this aTarget| was deduced, including
|
|
* |aStart| and |aTarget|.
|
|
*
|
|
* Nb: there may be multiple deductions of |aStart <_this
|
|
* aTarget|. This function returns the first ordering found by
|
|
* depth-first search.
|
|
*
|
|
* Nb: |InTransitiveClosure| could be replaced by this function.
|
|
* However, this one is more expensive because we record the DFS
|
|
* search stack on the heap whereas the other doesn't.
|
|
*
|
|
* @precondition |aStart != aTarget|
|
|
*/
|
|
ResourceAcquisitionArray* GetDeductionChain(const OrderingEntry* aStart,
|
|
const OrderingEntry* aTarget) {
|
|
ResourceAcquisitionArray* chain = new ResourceAcquisitionArray();
|
|
if (!chain) {
|
|
MOZ_CRASH("can't allocate dep. cycle array");
|
|
}
|
|
chain->AppendElement(aStart->mResource);
|
|
|
|
NS_ASSERTION(GetDeductionChain_Helper(aStart, aTarget, chain),
|
|
"GetDeductionChain called when there's no deadlock");
|
|
return chain;
|
|
}
|
|
|
|
// precondition: |aStart != aTarget|
|
|
// invariant: |aStart| is the last element in |aChain|
|
|
bool GetDeductionChain_Helper(const OrderingEntry* aStart,
|
|
const OrderingEntry* aTarget,
|
|
ResourceAcquisitionArray* aChain) {
|
|
if (aStart->mOrderedLT.BinaryIndexOf(aTarget) != NoIndex) {
|
|
aChain->AppendElement(aTarget->mResource);
|
|
return true;
|
|
}
|
|
|
|
index_type i = 0;
|
|
size_type len = aStart->mOrderedLT.Length();
|
|
for (auto it = aStart->mOrderedLT.Elements(); i < len; ++i, ++it) {
|
|
aChain->AppendElement((*it)->mResource);
|
|
if (GetDeductionChain_Helper(*it, aTarget, aChain)) {
|
|
return true;
|
|
}
|
|
aChain->RemoveLastElement();
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* The partial order on resource acquisitions used by the deadlock
|
|
* detector.
|
|
*/
|
|
nsClassHashtable<nsPtrHashKey<const T>, OrderingEntry> mOrdering;
|
|
|
|
/**
|
|
* Protects contentious methods.
|
|
* Nb: can't use mozilla::Mutex since we are used as its deadlock
|
|
* detector.
|
|
*/
|
|
PRLock* mLock;
|
|
|
|
private:
|
|
DeadlockDetector(const DeadlockDetector& aDD) = delete;
|
|
DeadlockDetector& operator=(const DeadlockDetector& aDD) = delete;
|
|
};
|
|
|
|
template <typename T>
|
|
// FIXME bug 456272: tune based on average workload
|
|
const uint32_t DeadlockDetector<T>::kDefaultNumBuckets = 32;
|
|
|
|
} // namespace mozilla
|
|
|
|
#endif // ifndef mozilla_DeadlockDetector_h
|