1// Copyright 2018 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5// Garbage collector: stack objects and stack tracing
6// See the design doc at https://docs.google.com/document/d/1un-Jn47yByHL7I0aVIP_uVCMxjdM5mpelJhiKlIqxkE/edit?usp=sharing
7// Also see issue 22350.
8
9// Stack tracing solves the problem of determining which parts of the
10// stack are live and should be scanned. It runs as part of scanning
11// a single goroutine stack.
12//
13// Normally determining which parts of the stack are live is easy to
14// do statically, as user code has explicit references (reads and
15// writes) to stack variables. The compiler can do a simple dataflow
16// analysis to determine liveness of stack variables at every point in
17// the code. See cmd/compile/internal/gc/plive.go for that analysis.
18//
19// However, when we take the address of a stack variable, determining
20// whether that variable is still live is less clear. We can still
21// look for static accesses, but accesses through a pointer to the
22// variable are difficult in general to track statically. That pointer
23// can be passed among functions on the stack, conditionally retained,
24// etc.
25//
26// Instead, we will track pointers to stack variables dynamically.
27// All pointers to stack-allocated variables will themselves be on the
28// stack somewhere (or in associated locations, like defer records), so
29// we can find them all efficiently.
30//
31// Stack tracing is organized as a mini garbage collection tracing
32// pass. The objects in this garbage collection are all the variables
33// on the stack whose address is taken, and which themselves contain a
34// pointer. We call these variables "stack objects".
35//
36// We begin by determining all the stack objects on the stack and all
37// the statically live pointers that may point into the stack. We then
38// process each pointer to see if it points to a stack object. If it
39// does, we scan that stack object. It may contain pointers into the
40// heap, in which case those pointers are passed to the main garbage
41// collection. It may also contain pointers into the stack, in which
42// case we add them to our set of stack pointers.
43//
44// Once we're done processing all the pointers (including the ones we
45// added during processing), we've found all the stack objects that
46// are live. Any dead stack objects are not scanned and their contents
47// will not keep heap objects live. Unlike the main garbage
48// collection, we can't sweep the dead stack objects; they live on in
49// a moribund state until the stack frame that contains them is
50// popped.
51//
52// A stack can look like this:
53//
54// +----------+
55// | foo()    |
56// | +------+ |
57// | |  A   | | <---\
58// | +------+ |     |
59// |          |     |
60// | +------+ |     |
61// | |  B   | |     |
62// | +------+ |     |
63// |          |     |
64// +----------+     |
65// | bar()    |     |
66// | +------+ |     |
67// | |  C   | | <-\ |
68// | +----|-+ |   | |
69// |      |   |   | |
70// | +----v-+ |   | |
71// | |  D  ---------/
72// | +------+ |   |
73// |          |   |
74// +----------+   |
75// | baz()    |   |
76// | +------+ |   |
77// | |  E  -------/
78// | +------+ |
79// |      ^   |
80// | F: --/   |
81// |          |
82// +----------+
83//
84// foo() calls bar() calls baz(). Each has a frame on the stack.
85// foo() has stack objects A and B.
86// bar() has stack objects C and D, with C pointing to D and D pointing to A.
87// baz() has a stack object E pointing to C, and a local variable F pointing to E.
88//
89// Starting from the pointer in local variable F, we will eventually
90// scan all of E, C, D, and A (in that order). B is never scanned
91// because there is no live pointer to it. If B is also statically
92// dead (meaning that foo() never accesses B again after it calls
93// bar()), then B's pointers into the heap are not considered live.
94
95package runtime
96
97import (
98	"runtime/internal/sys"
99	"unsafe"
100)
101
102const stackTraceDebug = false
103
104// Buffer for pointers found during stack tracing.
105// Must be smaller than or equal to workbuf.
106//
107//go:notinheap
108type stackWorkBuf struct {
109	stackWorkBufHdr
110	obj [(_WorkbufSize - unsafe.Sizeof(stackWorkBufHdr{})) / sys.PtrSize]uintptr
111}
112
113// Header declaration must come after the buf declaration above, because of issue #14620.
114//
115//go:notinheap
116type stackWorkBufHdr struct {
117	workbufhdr
118	next *stackWorkBuf // linked list of workbufs
119	// Note: we could theoretically repurpose lfnode.next as this next pointer.
120	// It would save 1 word, but that probably isn't worth busting open
121	// the lfnode API.
122}
123
124// Buffer for stack objects found on a goroutine stack.
125// Must be smaller than or equal to workbuf.
126//
127//go:notinheap
128type stackObjectBuf struct {
129	stackObjectBufHdr
130	obj [(_WorkbufSize - unsafe.Sizeof(stackObjectBufHdr{})) / unsafe.Sizeof(stackObject{})]stackObject
131}
132
133//go:notinheap
134type stackObjectBufHdr struct {
135	workbufhdr
136	next *stackObjectBuf
137}
138
139func init() {
140	if unsafe.Sizeof(stackWorkBuf{}) > unsafe.Sizeof(workbuf{}) {
141		panic("stackWorkBuf too big")
142	}
143	if unsafe.Sizeof(stackObjectBuf{}) > unsafe.Sizeof(workbuf{}) {
144		panic("stackObjectBuf too big")
145	}
146}
147
148// A stackObject represents a variable on the stack that has had
149// its address taken.
150//
151//go:notinheap
152type stackObject struct {
153	off   uint32       // offset above stack.lo
154	size  uint32       // size of object
155	typ   *_type       // type info (for ptr/nonptr bits). nil if object has been scanned.
156	left  *stackObject // objects with lower addresses
157	right *stackObject // objects with higher addresses
158}
159
160// obj.typ = typ, but with no write barrier.
161//go:nowritebarrier
162func (obj *stackObject) setType(typ *_type) {
163	// Types of stack objects are always in read-only memory, not the heap.
164	// So not using a write barrier is ok.
165	*(*uintptr)(unsafe.Pointer(&obj.typ)) = uintptr(unsafe.Pointer(typ))
166}
167
168// A stackScanState keeps track of the state used during the GC walk
169// of a goroutine.
170//
171//go:notinheap
172type stackScanState struct {
173	cache pcvalueCache
174
175	// stack limits
176	stack stack
177
178	// conservative indicates that the next frame must be scanned conservatively.
179	// This applies only to the innermost frame at an async safe-point.
180	conservative bool
181
182	// buf contains the set of possible pointers to stack objects.
183	// Organized as a LIFO linked list of buffers.
184	// All buffers except possibly the head buffer are full.
185	buf     *stackWorkBuf
186	freeBuf *stackWorkBuf // keep around one free buffer for allocation hysteresis
187
188	// cbuf contains conservative pointers to stack objects. If
189	// all pointers to a stack object are obtained via
190	// conservative scanning, then the stack object may be dead
191	// and may contain dead pointers, so it must be scanned
192	// defensively.
193	cbuf *stackWorkBuf
194
195	// list of stack objects
196	// Objects are in increasing address order.
197	head  *stackObjectBuf
198	tail  *stackObjectBuf
199	nobjs int
200
201	// root of binary tree for fast object lookup by address
202	// Initialized by buildIndex.
203	root *stackObject
204}
205
206// Add p as a potential pointer to a stack object.
207// p must be a stack address.
208func (s *stackScanState) putPtr(p uintptr, conservative bool) {
209	if p < s.stack.lo || p >= s.stack.hi {
210		throw("address not a stack address")
211	}
212	head := &s.buf
213	if conservative {
214		head = &s.cbuf
215	}
216	buf := *head
217	if buf == nil {
218		// Initial setup.
219		buf = (*stackWorkBuf)(unsafe.Pointer(getempty()))
220		buf.nobj = 0
221		buf.next = nil
222		*head = buf
223	} else if buf.nobj == len(buf.obj) {
224		if s.freeBuf != nil {
225			buf = s.freeBuf
226			s.freeBuf = nil
227		} else {
228			buf = (*stackWorkBuf)(unsafe.Pointer(getempty()))
229		}
230		buf.nobj = 0
231		buf.next = *head
232		*head = buf
233	}
234	buf.obj[buf.nobj] = p
235	buf.nobj++
236}
237
238// Remove and return a potential pointer to a stack object.
239// Returns 0 if there are no more pointers available.
240//
241// This prefers non-conservative pointers so we scan stack objects
242// precisely if there are any non-conservative pointers to them.
243func (s *stackScanState) getPtr() (p uintptr, conservative bool) {
244	for _, head := range []**stackWorkBuf{&s.buf, &s.cbuf} {
245		buf := *head
246		if buf == nil {
247			// Never had any data.
248			continue
249		}
250		if buf.nobj == 0 {
251			if s.freeBuf != nil {
252				// Free old freeBuf.
253				putempty((*workbuf)(unsafe.Pointer(s.freeBuf)))
254			}
255			// Move buf to the freeBuf.
256			s.freeBuf = buf
257			buf = buf.next
258			*head = buf
259			if buf == nil {
260				// No more data in this list.
261				continue
262			}
263		}
264		buf.nobj--
265		return buf.obj[buf.nobj], head == &s.cbuf
266	}
267	// No more data in either list.
268	if s.freeBuf != nil {
269		putempty((*workbuf)(unsafe.Pointer(s.freeBuf)))
270		s.freeBuf = nil
271	}
272	return 0, false
273}
274
275// addObject adds a stack object at addr of type typ to the set of stack objects.
276func (s *stackScanState) addObject(addr uintptr, typ *_type) {
277	x := s.tail
278	if x == nil {
279		// initial setup
280		x = (*stackObjectBuf)(unsafe.Pointer(getempty()))
281		x.next = nil
282		s.head = x
283		s.tail = x
284	}
285	if x.nobj > 0 && uint32(addr-s.stack.lo) < x.obj[x.nobj-1].off+x.obj[x.nobj-1].size {
286		throw("objects added out of order or overlapping")
287	}
288	if x.nobj == len(x.obj) {
289		// full buffer - allocate a new buffer, add to end of linked list
290		y := (*stackObjectBuf)(unsafe.Pointer(getempty()))
291		y.next = nil
292		x.next = y
293		s.tail = y
294		x = y
295	}
296	obj := &x.obj[x.nobj]
297	x.nobj++
298	obj.off = uint32(addr - s.stack.lo)
299	obj.size = uint32(typ.size)
300	obj.setType(typ)
301	// obj.left and obj.right will be initialized by buildIndex before use.
302	s.nobjs++
303}
304
305// buildIndex initializes s.root to a binary search tree.
306// It should be called after all addObject calls but before
307// any call of findObject.
308func (s *stackScanState) buildIndex() {
309	s.root, _, _ = binarySearchTree(s.head, 0, s.nobjs)
310}
311
312// Build a binary search tree with the n objects in the list
313// x.obj[idx], x.obj[idx+1], ..., x.next.obj[0], ...
314// Returns the root of that tree, and the buf+idx of the nth object after x.obj[idx].
315// (The first object that was not included in the binary search tree.)
316// If n == 0, returns nil, x.
317func binarySearchTree(x *stackObjectBuf, idx int, n int) (root *stackObject, restBuf *stackObjectBuf, restIdx int) {
318	if n == 0 {
319		return nil, x, idx
320	}
321	var left, right *stackObject
322	left, x, idx = binarySearchTree(x, idx, n/2)
323	root = &x.obj[idx]
324	idx++
325	if idx == len(x.obj) {
326		x = x.next
327		idx = 0
328	}
329	right, x, idx = binarySearchTree(x, idx, n-n/2-1)
330	root.left = left
331	root.right = right
332	return root, x, idx
333}
334
335// findObject returns the stack object containing address a, if any.
336// Must have called buildIndex previously.
337func (s *stackScanState) findObject(a uintptr) *stackObject {
338	off := uint32(a - s.stack.lo)
339	obj := s.root
340	for {
341		if obj == nil {
342			return nil
343		}
344		if off < obj.off {
345			obj = obj.left
346			continue
347		}
348		if off >= obj.off+obj.size {
349			obj = obj.right
350			continue
351		}
352		return obj
353	}
354}
355