| Ben Murdoch | 8b112d2 | 2011-06-08 16:22:53 +0100 | [diff] [blame] | 1 | DESCRIPTION ------------------------------------------------------------------- |
| 2 | |
| 3 | gcmole is a simple static analysis tool used to find possible evaluation order |
| 4 | dependent GC-unsafe places in the V8 codebase. |
| 5 | |
| 6 | For example the following code is GC-unsafe: |
| 7 | |
| 8 | Handle<Object> Foo(); // Assume Foo can trigger a GC. |
| 9 | void Bar(Object*, Object*); |
| 10 | |
| 11 | Handle<Object> baz; |
| 12 | baz->Qux(*Foo()); // (a) |
| 13 | Bar(*Foo(), *baz); // (b) |
| 14 | |
| 15 | Both in cases (a) and (b) compiler is free to evaluate call arguments (that |
| 16 | includes receiver) in any order. That means it can dereference baz before |
| 17 | calling to Foo and save a raw pointer to a heap object in the register or |
| 18 | on the stack. |
| 19 | |
| 20 | PREREQUISITES ----------------------------------------------------------------- |
| 21 | |
| 22 | 1) Install Lua 5.1 |
| 23 | |
| Ben Murdoch | b8a8cc1 | 2014-11-26 15:28:44 +0000 | [diff] [blame] | 24 | 2) Get LLVM 2.9 and Clang 2.9 sources and build them. |
| Ben Murdoch | 8b112d2 | 2011-06-08 16:22:53 +0100 | [diff] [blame] | 25 | |
| 26 | Follow the instructions on http://clang.llvm.org/get_started.html. |
| 27 | |
| 28 | Make sure to pass --enable-optimized to configure to get Release build |
| 29 | instead of a Debug one. |
| 30 | |
| 31 | 3) Build gcmole Clang plugin (libgcmole.so) |
| 32 | |
| 33 | In the tools/gcmole execute the following command: |
| 34 | |
| 35 | LLVM_SRC_ROOT=<path-to-llvm-source-root> make |
| 36 | |
| 37 | USING GCMOLE ------------------------------------------------------------------ |
| 38 | |
| 39 | gcmole consists of driver script written in Lua and Clang plugin that does |
| 40 | C++ AST processing. Plugin (libgcmole.so) is expected to be in the same |
| 41 | folder as driver (gcmole.lua). |
| 42 | |
| 43 | To start analysis cd into the root of v8 checkout and execute the following |
| 44 | command: |
| 45 | |
| 46 | CLANG_BIN=<path-to-clang-bin-folder> lua tools/gcmole/gcmole.lua [<arch>] |
| 47 | |
| 48 | where arch should be one of architectures supported by V8 (arm, ia32, x64). |
| 49 | |
| 50 | Analysis will be performed in 2 stages: |
| 51 | |
| 52 | - on the first stage driver will parse all files and build a global callgraph |
| 53 | approximation to find all functions that might potentially cause GC, list |
| 54 | of this functions will be written into gcsuspects file. |
| 55 | |
| 56 | - on the second stage driver will parse all files again and will locate all |
| 57 | callsites that might be GC-unsafe based on the list of functions causing GC. |
| 58 | Such places are marked with a "Possible problem with evaluation order." |
| 59 | warning. Messages "Failed to resolve v8::internal::Object" are benign and |
| 60 | can be ignored. |
| 61 | |
| 62 | If any errors were found driver exits with non-zero status. |