marking-verifier_8cc_source.html

// Copyright 2020 the V8 project authors. All rights reserved.

// Use of this source code is governed by a BSD-style license that can be

// found in the LICENSE file.


#include "src/heap/cppgc/marking-verifier.h"


#include <optional>


#include "src/base/logging.h"

#include "src/heap/cppgc/heap-object-header.h"

#include "src/heap/cppgc/marking-visitor.h"

#include "src/heap/cppgc/object-view.h"


#if defined(CPPGC_CAGED_HEAP)

#include "include/cppgc/internal/caged-heap-local-data.h"

#endif  // defined(CPPGC_CAGED_HEAP)


namespace cppgc {

namespace internal {


void VerificationState::VerifyMarked(const void* base_object_payload) const {

  const HeapObjectHeader& child_header =

      HeapObjectHeader::FromObject(base_object_payload);


  if (!child_header.IsMarked()) {

    FATAL(

        "MarkingVerifier: Encountered unmarked object.\n"

        "#\n"

        "# Hint:\n"

        "#   %s (%p)\n"

        "#     \\-> %s (%p)",

        parent_

            ? parent_

                  ->GetName(

                      HeapObjectNameForUnnamedObject::kUseClassNameIfSupported)

                  .value

            : "Stack",

        parent_ ? parent_->ObjectStart() : nullptr,

        child_header

            .GetName(HeapObjectNameForUnnamedObject::kUseClassNameIfSupported)

            .value,

        child_header.ObjectStart());

  }

}


MarkingVerifierBase::MarkingVerifierBase(

    HeapBase& heap, CollectionType collection_type,

    VerificationState& verification_state,

    std::unique_ptr<cppgc::Visitor> visitor)

    : ConservativeTracingVisitor(heap, *heap.page_backend(), *visitor),

      verification_state_(verification_state),

      visitor_(std::move(visitor)),

      collection_type_(collection_type) {}


void MarkingVerifierBase::Run(StackState stack_state,

                              std::optional<size_t> expected_marked_bytes) {

  Traverse(heap_.raw_heap());

// Avoid verifying the stack when running with TSAN as the TSAN runtime changes

// stack contents when e.g. working with locks. Specifically, the marker uses

// locks in slow path operations which results in stack changes throughout

// marking. This means that the conservative iteration below may find more

// objects then the regular marker. The difference is benign as the delta of

// objects is not reachable from user code but it prevents verification.

// We also avoid verifying the stack when pointer compression is enabled.

// Currently, verification happens after compaction, V8 compaction can change

// slots on stack, which could lead to false positives in verifier. Those are

// more likely with checking compressed pointers on stack.

// TODO(chromium:1325007): Investigate if Oilpan verification can be moved

// before V8 compaction or compaction never runs with stack.

#if !defined(THREAD_SANITIZER) && !defined(CPPGC_POINTER_COMPRESSION)

  if (stack_state == StackState::kMayContainHeapPointers) {

    in_construction_objects_ = &in_construction_objects_stack_;

    heap_.stack()->IteratePointersUntilMarker(this);

    // The objects found through the unsafe iteration are only a subset of the

    // regular iteration as they miss objects held alive only from callee-saved

    // registers that are never pushed on the stack and SafeStack.

    CHECK_LE(in_construction_objects_stack_.size(),

             in_construction_objects_heap_.size());

    for (auto* header : in_construction_objects_stack_) {

      CHECK_NE(in_construction_objects_heap_.end(),

               in_construction_objects_heap_.find(header));

    }

  }

#endif  // !defined(THREAD_SANITIZER)

  if (expected_marked_bytes && verifier_found_marked_bytes_are_exact_) {

    // Report differences in marked objects, if possible.

    if (V8_UNLIKELY(expected_marked_bytes.value() !=

                    verifier_found_marked_bytes_) &&

        collection_type_ != CollectionType::kMinor) {

      ReportDifferences(expected_marked_bytes.value());

    }

    CHECK_EQ(expected_marked_bytes.value(), verifier_found_marked_bytes_);

    // Minor GCs use sticky markbits and as such cannot expect that the marked

    // bytes on pages match the marked bytes accumulated by the marker.

    if (collection_type_ != CollectionType::kMinor) {

      CHECK_EQ(expected_marked_bytes.value(),

               verifier_found_marked_bytes_in_pages_);

    }

  }

}


void MarkingVerifierBase::VisitInConstructionConservatively(

    HeapObjectHeader& header, TraceConservativelyCallback callback) {

  if (in_construction_objects_->find(&header) !=

      in_construction_objects_->end())

    return;

  in_construction_objects_->insert(&header);


  // Stack case: Parent is stack and this is merely ensuring that the object

  // itself is marked. If the object is marked, then it is being processed by

  // the on-heap phase.

  if (verification_state_.IsParentOnStack()) {

    verification_state_.VerifyMarked(header.ObjectStart());

    return;

  }


  // Heap case: Dispatching parent object that must be marked (pre-condition).

  CHECK(header.IsMarked());

  callback(this, header);

}


void MarkingVerifierBase::VisitPointer(const void* address) {

  // Entry point for stack walk. The conservative visitor dispatches as follows:

  // - Fully constructed objects: Visit()

  // - Objects in construction: VisitInConstructionConservatively()

  TraceConservativelyIfNeeded(address);

}


bool MarkingVerifierBase::VisitNormalPage(NormalPage& page) {

  verifier_found_marked_bytes_in_pages_ += page.marked_bytes();

  return false;  // Continue visitation.

}


bool MarkingVerifierBase::VisitLargePage(LargePage& page) {

  verifier_found_marked_bytes_in_pages_ += page.marked_bytes();

  return false;  // Continue visitation.

}


bool MarkingVerifierBase::VisitHeapObjectHeader(HeapObjectHeader& header) {

  // Verify only non-free marked objects.

  if (!header.IsMarked()) return true;


  DCHECK(!header.IsFree());


#if defined(CPPGC_YOUNG_GENERATION)

  if (collection_type_ == CollectionType::kMinor) {

    auto& caged_heap = CagedHeap::Instance();

    const auto age = CagedHeapLocalData::Get().age_table.GetAge(

        caged_heap.OffsetFromAddress(header.ObjectStart()));

    if (age == AgeTable::Age::kOld) {

      // Do not verify old objects.

      return true;

    } else if (age == AgeTable::Age::kMixed) {

      // If the age is not known, the marked bytes may not be exact as possibly

      // old objects are verified as well.

      verifier_found_marked_bytes_are_exact_ = false;

    }

    // Verify young and unknown objects.

  }

#endif  // defined(CPPGC_YOUNG_GENERATION)


  verification_state_.SetCurrentParent(&header);


  if (!header.IsInConstruction()) {

    header.TraceImpl(visitor_.get());

  } else {

    // Dispatches to conservative tracing implementation.

    TraceConservativelyIfNeeded(header);

  }


  verifier_found_marked_bytes_ +=

      ObjectView<>(header).Size() + sizeof(HeapObjectHeader);


  verification_state_.SetCurrentParent(nullptr);


  return true;

}


void MarkingVerifierBase::ReportDifferences(

    size_t expected_marked_bytes) const {

  v8::base::OS::PrintError("\n<--- Mismatch in marking verifier --->\n");

  v8::base::OS::PrintError(

      "Marked bytes: expected %zu vs. verifier found %zu, difference %zd\n",

      expected_marked_bytes, verifier_found_marked_bytes_,

      expected_marked_bytes - verifier_found_marked_bytes_);

  v8::base::OS::PrintError(

      "A list of pages with possibly mismatched marked objects follows.\n");

  for (auto& space : heap_.raw_heap()) {

    for (auto* page : *space) {

      size_t marked_bytes_on_page = 0;

      if (page->is_large()) {

        const auto& large_page = *LargePage::From(page);

        const auto& header = *large_page.ObjectHeader();

        if (header.IsMarked())

          marked_bytes_on_page +=

              ObjectView<>(header).Size() + sizeof(HeapObjectHeader);

        if (marked_bytes_on_page == large_page.marked_bytes()) continue;

        ReportLargePage(large_page, marked_bytes_on_page);

        ReportHeapObjectHeader(header);

      } else {

        const auto& normal_page = *NormalPage::From(page);

        for (const auto& header : normal_page) {

          if (header.IsMarked())

            marked_bytes_on_page +=

                ObjectView<>(header).Size() + sizeof(HeapObjectHeader);

        }

        if (marked_bytes_on_page == normal_page.marked_bytes()) continue;

        ReportNormalPage(normal_page, marked_bytes_on_page);

        for (const auto& header : normal_page) {

          ReportHeapObjectHeader(header);

        }

      }

    }

  }

}


void MarkingVerifierBase::ReportNormalPage(const NormalPage& page,

                                           size_t marked_bytes_on_page) const {

  v8::base::OS::PrintError(

      "\nNormal page in space %zu:\n"

      "Marked bytes: expected %zu vs. verifier found %zu, difference %zd\n",

      page.space().index(), page.marked_bytes(), marked_bytes_on_page,

      page.marked_bytes() - marked_bytes_on_page);

}


void MarkingVerifierBase::ReportLargePage(const LargePage& page,

                                          size_t marked_bytes_on_page) const {

  v8::base::OS::PrintError(

      "\nLarge page in space %zu:\n"

      "Marked bytes: expected %zu vs. verifier found %zu, difference %zd\n",

      page.space().index(), page.marked_bytes(), marked_bytes_on_page,

      page.marked_bytes() - marked_bytes_on_page);

}


void MarkingVerifierBase::ReportHeapObjectHeader(

    const HeapObjectHeader& header) const {

  const char* name =

      header.IsFree()

          ? "free space"

          : header

                .GetName(

                    HeapObjectNameForUnnamedObject::kUseClassNameIfSupported)

                .value;

  v8::base::OS::PrintError("- %s at %p, size %zu, %s\n", name,

                           header.ObjectStart(), header.ObjectSize(),

                           header.IsMarked() ? "marked" : "unmarked");

}


namespace {


class VerificationVisitor final : public cppgc::Visitor {

 public:

  explicit VerificationVisitor(VerificationState& state)

      : cppgc::Visitor(VisitorFactory::CreateKey()), state_(state) {}


  void Visit(const void*, TraceDescriptor desc) final {

    state_.VerifyMarked(desc.base_object_payload);

  }


  void VisitWeak(const void*, TraceDescriptor desc, WeakCallback,

                 const void*) final {

    // Weak objects should have been cleared at this point. As a consequence,

    // all objects found through weak references have to point to live objects

    // at this point.

    state_.VerifyMarked(desc.base_object_payload);

  }


  void VisitWeakContainer(const void* object, TraceDescriptor,

                          TraceDescriptor weak_desc, WeakCallback,

                          const void*) final {

    if (!object) return;


    // Contents of weak containers are found themselves through page iteration

    // and are treated strongly, similar to how they are treated strongly when

    // found through stack scanning. The verification here only makes sure that

    // the container itself is properly marked.

    state_.VerifyMarked(weak_desc.base_object_payload);

  }


 private:

  VerificationState& state_;

};


}  // namespace


MarkingVerifier::MarkingVerifier(HeapBase& heap_base,

                                 CollectionType collection_type)

    : MarkingVerifierBase(heap_base, collection_type, state_,

                          std::make_unique<VerificationVisitor>(state_)) {}


}  // namespace internal

}  // namespace cppgc

caged-heap-local-data.h

cppgc::Visitor
Definition visitor.h:75

cppgc::internal::CagedHeap::Instance
static CagedHeap & Instance()
Definition caged-heap.cc:93

cppgc::internal::ConservativeTracingVisitor
Definition visitor.h:49

cppgc::internal::ConservativeTracingVisitor::heap_
HeapBase & heap_
Definition visitor.h:71

cppgc::internal::ConservativeTracingVisitor::TraceConservativelyCallback
void(ConservativeTracingVisitor *, const HeapObjectHeader &) TraceConservativelyCallback
Definition visitor.h:63

cppgc::internal::ConservativeTracingVisitor::TraceConservativelyIfNeeded
virtual void TraceConservativelyIfNeeded(const void *)
Definition visitor.cc:96

cppgc::internal::HeapBase
Definition heap-base.h:82

cppgc::internal::HeapBase::raw_heap
RawHeap & raw_heap()
Definition heap-base.h:104

cppgc::internal::HeapBase::stack
virtual heap::base::Stack * stack()
Definition heap-base.h:174

cppgc::internal::HeapObjectHeader
Definition heap-object-header.h:58

cppgc::internal::HeapObjectHeader::FromObject
static HeapObjectHeader & FromObject(void *address)
Definition heap-object-header.h:174

cppgc::internal::HeapObjectHeader::TraceImpl
void TraceImpl(Visitor *) const
Definition heap-object-header.h:343

cppgc::internal::HeapObjectHeader::ObjectStart
Address ObjectStart() const
Definition heap-object-header.h:208

cppgc::internal::HeapObjectHeader::IsMarked
bool IsMarked() const
Definition heap-object-header.h:270

cppgc::internal::HeapObjectHeader::IsInConstruction
bool IsInConstruction() const
Definition heap-object-header.h:263

cppgc::internal::HeapObjectHeader::GetName
V8_EXPORT_PRIVATE HeapObjectName GetName() const
Definition heap-object-header.cc:41

cppgc::internal::HeapObjectHeader::IsFree
bool IsFree() const
Definition heap-object-header.h:305

cppgc::internal::HeapObjectHeader::ObjectSize
size_t ObjectSize() const
Definition heap-object-header.h:251

cppgc::internal::HeapVisitor< MarkingVerifierBase >::Traverse
void Traverse(RawHeap &heap)
Definition heap-visitor.h:22

cppgc::internal::LargePage
Definition heap-page.h:256

cppgc::internal::LargePage::From
static LargePage * From(BasePage *page)
Definition heap-page.h:275

cppgc::internal::MarkingVerifierBase
Definition marking-verifier.h:36

cppgc::internal::MarkingVerifierBase::verifier_found_marked_bytes_in_pages_
size_t verifier_found_marked_bytes_in_pages_
Definition marking-verifier.h:75

cppgc::internal::MarkingVerifierBase::VisitInConstructionConservatively
void VisitInConstructionConservatively(HeapObjectHeader &, TraceConservativelyCallback) final
Definition marking-verifier.cc:102

cppgc::internal::MarkingVerifierBase::MarkingVerifierBase
MarkingVerifierBase(const MarkingVerifierBase &)=delete

cppgc::internal::MarkingVerifierBase::in_construction_objects_
std::unordered_set< const HeapObjectHeader * > * in_construction_objects_
Definition marking-verifier.h:70

cppgc::internal::MarkingVerifierBase::VisitLargePage
bool VisitLargePage(LargePage &)
Definition marking-verifier.cc:134

cppgc::internal::MarkingVerifierBase::ReportNormalPage
void ReportNormalPage(const NormalPage &, size_t) const
Definition marking-verifier.cc:217

cppgc::internal::MarkingVerifierBase::ReportDifferences
void ReportDifferences(size_t) const
Definition marking-verifier.cc:179

cppgc::internal::MarkingVerifierBase::Run
void Run(StackState, std::optional< size_t >)
Definition marking-verifier.cc:55

cppgc::internal::MarkingVerifierBase::verifier_found_marked_bytes_
size_t verifier_found_marked_bytes_
Definition marking-verifier.h:72

cppgc::internal::MarkingVerifierBase::verifier_found_marked_bytes_are_exact_
bool verifier_found_marked_bytes_are_exact_
Definition marking-verifier.h:73

cppgc::internal::MarkingVerifierBase::visitor_
std::unique_ptr< cppgc::Visitor > visitor_
Definition marking-verifier.h:66

cppgc::internal::MarkingVerifierBase::VisitNormalPage
bool VisitNormalPage(NormalPage &)
Definition marking-verifier.cc:129

cppgc::internal::MarkingVerifierBase::in_construction_objects_heap_
std::unordered_set< const HeapObjectHeader * > in_construction_objects_heap_
Definition marking-verifier.h:68

cppgc::internal::MarkingVerifierBase::in_construction_objects_stack_
std::unordered_set< const HeapObjectHeader * > in_construction_objects_stack_
Definition marking-verifier.h:69

cppgc::internal::MarkingVerifierBase::verification_state_
VerificationState & verification_state_
Definition marking-verifier.h:65

cppgc::internal::MarkingVerifierBase::VisitPointer
void VisitPointer(const void *) final
Definition marking-verifier.cc:122

cppgc::internal::MarkingVerifierBase::collection_type_
CollectionType collection_type_
Definition marking-verifier.h:74

cppgc::internal::MarkingVerifierBase::ReportHeapObjectHeader
void ReportHeapObjectHeader(const HeapObjectHeader &) const
Definition marking-verifier.cc:235

cppgc::internal::MarkingVerifierBase::ReportLargePage
void ReportLargePage(const LargePage &, size_t) const
Definition marking-verifier.cc:226

cppgc::internal::MarkingVerifierBase::VisitHeapObjectHeader
bool VisitHeapObjectHeader(HeapObjectHeader &)
Definition marking-verifier.cc:139

cppgc::internal::MarkingVerifier::MarkingVerifier
MarkingVerifier(HeapBase &, CollectionType)
Definition marking-verifier.cc:286

cppgc::internal::NormalPage
Definition heap-page.h:152

cppgc::internal::NormalPage::From
static NormalPage * From(BasePage *page)
Definition heap-page.h:205

cppgc::internal::ObjectView
Definition object-view.h:19

cppgc::internal::ObjectView::Size
V8_INLINE size_t Size() const
Definition object-view.h:54

cppgc::internal::VerificationState
Definition marking-verifier.h:21

cppgc::internal::VerificationState::VerifyMarked
void VerifyMarked(const void *) const
Definition marking-verifier.cc:21

cppgc::internal::VerificationState::parent_
const HeapObjectHeader * parent_
Definition marking-verifier.h:30

cppgc::internal::VerificationState::SetCurrentParent
void SetCurrentParent(const HeapObjectHeader *header)
Definition marking-verifier.h:24

cppgc::internal::VerificationState::IsParentOnStack
bool IsParentOnStack() const
Definition marking-verifier.h:27

cppgc::internal::VisitorFactory
Definition visitor.h:18

heap::base::Stack::IteratePointersUntilMarker
void IteratePointersUntilMarker(StackVisitor *visitor) const
Definition stack.cc:161

collection_type_
CppHeap::CollectionType collection_type_
Definition cpp-heap.cc:219

marking-visitor.h

state_
enum v8::internal::@1270::DeoptimizableCodeIterator::@67 state_

heap-object-header.h

callback
TNode< Object > callback
Definition js-call-reducer.cc:1499

marking-verifier.h

cppgc::internal::CollectionType
CollectionType
Definition heap-config.h:15

cppgc::internal::CollectionType::kMinor
@ kMinor

cppgc::internal::HeapObjectNameForUnnamedObject::kUseClassNameIfSupported
@ kUseClassNameIfSupported

cppgc
Definition cross-heap-remembered-set.h:14

cppgc::EmbedderStackState
EmbedderStackState
Definition common.h:15

cppgc::WeakCallback
void(*)(const LivenessBroker &, const void *) WeakCallback
Definition visitor.h:37

heap
Definition platform.h:72

std
STL namespace.

v8::internal::internal
internal
Definition wasm-objects-inl.h:458

object-view.h

logging.h

FATAL
#define FATAL(...)
Definition logging.h:47

CHECK
#define CHECK(condition)
Definition logging.h:124

CHECK_LE
#define CHECK_LE(lhs, rhs)

CHECK_NE
#define CHECK_NE(lhs, rhs)

CHECK_EQ
#define CHECK_EQ(lhs, rhs)

DCHECK
#define DCHECK(condition)
Definition logging.h:482

cppgc::TraceDescriptor
Definition trace-trait.h:44

cppgc::internal::HeapObjectName::value
const char * value
Definition name-trait.h:58

visitor_
RootVisitor * visitor_
Definition traced-handles.cc:585

V8_UNLIKELY
#define V8_UNLIKELY(condition)
Definition v8config.h:660