1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
| //===-- xray_segmented_array.h ---------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file is a part of XRay, a dynamic runtime instrumentation system.
//
// Defines the implementation of a segmented array, with fixed-size segments
// backing the segments.
//
//===----------------------------------------------------------------------===//
#ifndef XRAY_SEGMENTED_ARRAY_H
#define XRAY_SEGMENTED_ARRAY_H
#include "sanitizer_common/sanitizer_allocator.h"
#include "xray_allocator.h"
#include "xray_utils.h"
#include <cassert>
#include <type_traits>
#include <utility>
namespace __xray {
/// The Array type provides an interface similar to std::vector<...> but does
/// not shrink in size. Once constructed, elements can be appended but cannot be
/// removed. The implementation is heavily dependent on the contract provided by
/// the Allocator type, in that all memory will be released when the Allocator
/// is destroyed. When an Array is destroyed, it will destroy elements in the
/// backing store but will not free the memory.
template <class T> class Array {
struct Segment {
Segment *Prev;
Segment *Next;
char Data[1];
};
public:
// Each segment of the array will be laid out with the following assumptions:
//
// - Each segment will be on a cache-line address boundary (kCacheLineSize
// aligned).
//
// - The elements will be accessed through an aligned pointer, dependent on
// the alignment of T.
//
// - Each element is at least two-pointers worth from the beginning of the
// Segment, aligned properly, and the rest of the elements are accessed
// through appropriate alignment.
//
// We then compute the size of the segment to follow this logic:
//
// - Compute the number of elements that can fit within
// kCacheLineSize-multiple segments, minus the size of two pointers.
//
// - Request cacheline-multiple sized elements from the allocator.
static constexpr uint64_t AlignedElementStorageSize =
sizeof(typename std::aligned_storage<sizeof(T), alignof(T)>::type);
static constexpr uint64_t SegmentControlBlockSize = sizeof(Segment *) * 2;
static constexpr uint64_t SegmentSize = nearest_boundary(
SegmentControlBlockSize + next_pow2(sizeof(T)), kCacheLineSize);
using AllocatorType = Allocator<SegmentSize>;
static constexpr uint64_t ElementsPerSegment =
(SegmentSize - SegmentControlBlockSize) / next_pow2(sizeof(T));
static_assert(ElementsPerSegment > 0,
"Must have at least 1 element per segment.");
static Segment SentinelSegment;
using size_type = uint64_t;
private:
// This Iterator models a BidirectionalIterator.
template <class U> class Iterator {
Segment *S = &SentinelSegment;
uint64_t Offset = 0;
uint64_t Size = 0;
public:
Iterator(Segment *IS, uint64_t Off, uint64_t S) XRAY_NEVER_INSTRUMENT
: S(IS),
Offset(Off),
Size(S) {}
Iterator(const Iterator &) NOEXCEPT XRAY_NEVER_INSTRUMENT = default;
Iterator() NOEXCEPT XRAY_NEVER_INSTRUMENT = default;
Iterator(Iterator &&) NOEXCEPT XRAY_NEVER_INSTRUMENT = default;
Iterator &operator=(const Iterator &) XRAY_NEVER_INSTRUMENT = default;
Iterator &operator=(Iterator &&) XRAY_NEVER_INSTRUMENT = default;
~Iterator() XRAY_NEVER_INSTRUMENT = default;
Iterator &operator++() XRAY_NEVER_INSTRUMENT {
if (++Offset % ElementsPerSegment || Offset == Size)
return *this;
// At this point, we know that Offset % N == 0, so we must advance the
// segment pointer.
DCHECK_EQ(Offset % ElementsPerSegment, 0);
DCHECK_NE(Offset, Size);
DCHECK_NE(S, &SentinelSegment);
DCHECK_NE(S->Next, &SentinelSegment);
S = S->Next;
DCHECK_NE(S, &SentinelSegment);
return *this;
}
Iterator &operator--() XRAY_NEVER_INSTRUMENT {
DCHECK_NE(S, &SentinelSegment);
DCHECK_GT(Offset, 0);
auto PreviousOffset = Offset--;
if (PreviousOffset != Size && PreviousOffset % ElementsPerSegment == 0) {
DCHECK_NE(S->Prev, &SentinelSegment);
S = S->Prev;
}
return *this;
}
Iterator operator++(int) XRAY_NEVER_INSTRUMENT {
Iterator Copy(*this);
++(*this);
return Copy;
}
Iterator operator--(int) XRAY_NEVER_INSTRUMENT {
Iterator Copy(*this);
--(*this);
return Copy;
}
template <class V, class W>
friend bool operator==(const Iterator<V> &L,
const Iterator<W> &R) XRAY_NEVER_INSTRUMENT {
return L.S == R.S && L.Offset == R.Offset;
}
template <class V, class W>
friend bool operator!=(const Iterator<V> &L,
const Iterator<W> &R) XRAY_NEVER_INSTRUMENT {
return !(L == R);
}
U &operator*() const XRAY_NEVER_INSTRUMENT {
DCHECK_NE(S, &SentinelSegment);
auto RelOff = Offset % ElementsPerSegment;
// We need to compute the character-aligned pointer, offset from the
// segment's Data location to get the element in the position of Offset.
auto Base = &S->Data;
auto AlignedOffset = Base + (RelOff * AlignedElementStorageSize);
return *reinterpret_cast<U *>(AlignedOffset);
}
U *operator->() const XRAY_NEVER_INSTRUMENT { return &(**this); }
};
AllocatorType *Alloc;
Segment *Head;
Segment *Tail;
// Here we keep track of segments in the freelist, to allow us to re-use
// segments when elements are trimmed off the end.
Segment *Freelist;
uint64_t Size;
// ===============================
// In the following implementation, we work through the algorithms and the
// list operations using the following notation:
//
// - pred(s) is the predecessor (previous node accessor) and succ(s) is
// the successor (next node accessor).
//
// - S is a sentinel segment, which has the following property:
//
// pred(S) == succ(S) == S
//
// - @ is a loop operator, which can imply pred(s) == s if it appears on
// the left of s, or succ(s) == S if it appears on the right of s.
//
// - sL <-> sR : means a bidirectional relation between sL and sR, which
// means:
//
// succ(sL) == sR && pred(SR) == sL
//
// - sL -> sR : implies a unidirectional relation between sL and SR,
// with the following properties:
//
// succ(sL) == sR
//
// sL <- sR : implies a unidirectional relation between sR and sL,
// with the following properties:
//
// pred(sR) == sL
//
// ===============================
Segment *NewSegment() XRAY_NEVER_INSTRUMENT {
// We need to handle the case in which enough elements have been trimmed to
// allow us to re-use segments we've allocated before. For this we look into
// the Freelist, to see whether we need to actually allocate new blocks or
// just re-use blocks we've already seen before.
if (Freelist != &SentinelSegment) {
// The current state of lists resemble something like this at this point:
//
// Freelist: @S@<-f0->...<->fN->@S@
// ^ Freelist
//
// We want to perform a splice of `f0` from Freelist to a temporary list,
// which looks like:
//
// Templist: @S@<-f0->@S@
// ^ FreeSegment
//
// Our algorithm preconditions are:
DCHECK_EQ(Freelist->Prev, &SentinelSegment);
// Then the algorithm we implement is:
//
// SFS = Freelist
// Freelist = succ(Freelist)
// if (Freelist != S)
// pred(Freelist) = S
// succ(SFS) = S
// pred(SFS) = S
//
auto *FreeSegment = Freelist;
Freelist = Freelist->Next;
// Note that we need to handle the case where Freelist is now pointing to
// S, which we don't want to be overwriting.
// TODO: Determine whether the cost of the branch is higher than the cost
// of the blind assignment.
if (Freelist != &SentinelSegment)
Freelist->Prev = &SentinelSegment;
FreeSegment->Next = &SentinelSegment;
FreeSegment->Prev = &SentinelSegment;
// Our postconditions are:
DCHECK_EQ(Freelist->Prev, &SentinelSegment);
DCHECK_NE(FreeSegment, &SentinelSegment);
return FreeSegment;
}
auto SegmentBlock = Alloc->Allocate();
if (SegmentBlock.Data == nullptr)
return nullptr;
// Placement-new the Segment element at the beginning of the SegmentBlock.
new (SegmentBlock.Data) Segment{&SentinelSegment, &SentinelSegment, {0}};
auto SB = reinterpret_cast<Segment *>(SegmentBlock.Data);
return SB;
}
Segment *InitHeadAndTail() XRAY_NEVER_INSTRUMENT {
DCHECK_EQ(Head, &SentinelSegment);
DCHECK_EQ(Tail, &SentinelSegment);
auto S = NewSegment();
if (S == nullptr)
return nullptr;
DCHECK_EQ(S->Next, &SentinelSegment);
DCHECK_EQ(S->Prev, &SentinelSegment);
DCHECK_NE(S, &SentinelSegment);
Head = S;
Tail = S;
DCHECK_EQ(Head, Tail);
DCHECK_EQ(Tail->Next, &SentinelSegment);
DCHECK_EQ(Tail->Prev, &SentinelSegment);
return S;
}
Segment *AppendNewSegment() XRAY_NEVER_INSTRUMENT {
auto S = NewSegment();
if (S == nullptr)
return nullptr;
DCHECK_NE(Tail, &SentinelSegment);
DCHECK_EQ(Tail->Next, &SentinelSegment);
DCHECK_EQ(S->Prev, &SentinelSegment);
DCHECK_EQ(S->Next, &SentinelSegment);
S->Prev = Tail;
Tail->Next = S;
Tail = S;
DCHECK_EQ(S, S->Prev->Next);
DCHECK_EQ(Tail->Next, &SentinelSegment);
return S;
}
public:
explicit Array(AllocatorType &A) XRAY_NEVER_INSTRUMENT
: Alloc(&A),
Head(&SentinelSegment),
Tail(&SentinelSegment),
Freelist(&SentinelSegment),
Size(0) {}
Array() XRAY_NEVER_INSTRUMENT : Alloc(nullptr),
Head(&SentinelSegment),
Tail(&SentinelSegment),
Freelist(&SentinelSegment),
Size(0) {}
Array(const Array &) = delete;
Array &operator=(const Array &) = delete;
Array(Array &&O) XRAY_NEVER_INSTRUMENT : Alloc(O.Alloc),
Head(O.Head),
Tail(O.Tail),
Freelist(O.Freelist),
Size(O.Size) {
O.Alloc = nullptr;
O.Head = &SentinelSegment;
O.Tail = &SentinelSegment;
O.Size = 0;
O.Freelist = &SentinelSegment;
}
Array &operator=(Array &&O) XRAY_NEVER_INSTRUMENT {
Alloc = O.Alloc;
O.Alloc = nullptr;
Head = O.Head;
O.Head = &SentinelSegment;
Tail = O.Tail;
O.Tail = &SentinelSegment;
Freelist = O.Freelist;
O.Freelist = &SentinelSegment;
Size = O.Size;
O.Size = 0;
return *this;
}
~Array() XRAY_NEVER_INSTRUMENT {
for (auto &E : *this)
(&E)->~T();
}
bool empty() const XRAY_NEVER_INSTRUMENT { return Size == 0; }
AllocatorType &allocator() const XRAY_NEVER_INSTRUMENT {
DCHECK_NE(Alloc, nullptr);
return *Alloc;
}
uint64_t size() const XRAY_NEVER_INSTRUMENT { return Size; }
template <class... Args>
T *AppendEmplace(Args &&... args) XRAY_NEVER_INSTRUMENT {
DCHECK((Size == 0 && Head == &SentinelSegment && Head == Tail) ||
(Size != 0 && Head != &SentinelSegment && Tail != &SentinelSegment));
if (UNLIKELY(Head == &SentinelSegment)) {
auto R = InitHeadAndTail();
if (R == nullptr)
return nullptr;
}
DCHECK_NE(Head, &SentinelSegment);
DCHECK_NE(Tail, &SentinelSegment);
auto Offset = Size % ElementsPerSegment;
if (UNLIKELY(Size != 0 && Offset == 0))
if (AppendNewSegment() == nullptr)
return nullptr;
DCHECK_NE(Tail, &SentinelSegment);
auto Base = &Tail->Data;
auto AlignedOffset = Base + (Offset * AlignedElementStorageSize);
DCHECK_LE(AlignedOffset + sizeof(T),
reinterpret_cast<unsigned char *>(Base) + SegmentSize);
// In-place construct at Position.
new (AlignedOffset) T{std::forward<Args>(args)...};
++Size;
return reinterpret_cast<T *>(AlignedOffset);
}
T *Append(const T &E) XRAY_NEVER_INSTRUMENT {
// FIXME: This is a duplication of AppenEmplace with the copy semantics
// explicitly used, as a work-around to GCC 4.8 not invoking the copy
// constructor with the placement new with braced-init syntax.
DCHECK((Size == 0 && Head == &SentinelSegment && Head == Tail) ||
(Size != 0 && Head != &SentinelSegment && Tail != &SentinelSegment));
if (UNLIKELY(Head == &SentinelSegment)) {
auto R = InitHeadAndTail();
if (R == nullptr)
return nullptr;
}
DCHECK_NE(Head, &SentinelSegment);
DCHECK_NE(Tail, &SentinelSegment);
auto Offset = Size % ElementsPerSegment;
if (UNLIKELY(Size != 0 && Offset == 0))
if (AppendNewSegment() == nullptr)
return nullptr;
DCHECK_NE(Tail, &SentinelSegment);
auto Base = &Tail->Data;
auto AlignedOffset = Base + (Offset * AlignedElementStorageSize);
DCHECK_LE(AlignedOffset + sizeof(T),
reinterpret_cast<unsigned char *>(Tail) + SegmentSize);
// In-place construct at Position.
new (AlignedOffset) T(E);
++Size;
return reinterpret_cast<T *>(AlignedOffset);
}
T &operator[](uint64_t Offset) const XRAY_NEVER_INSTRUMENT {
DCHECK_LE(Offset, Size);
// We need to traverse the array enough times to find the element at Offset.
auto S = Head;
while (Offset >= ElementsPerSegment) {
S = S->Next;
Offset -= ElementsPerSegment;
DCHECK_NE(S, &SentinelSegment);
}
auto Base = &S->Data;
auto AlignedOffset = Base + (Offset * AlignedElementStorageSize);
auto Position = reinterpret_cast<T *>(AlignedOffset);
return *reinterpret_cast<T *>(Position);
}
T &front() const XRAY_NEVER_INSTRUMENT {
DCHECK_NE(Head, &SentinelSegment);
DCHECK_NE(Size, 0u);
return *begin();
}
T &back() const XRAY_NEVER_INSTRUMENT {
DCHECK_NE(Tail, &SentinelSegment);
DCHECK_NE(Size, 0u);
auto It = end();
--It;
return *It;
}
template <class Predicate>
T *find_element(Predicate P) const XRAY_NEVER_INSTRUMENT {
if (empty())
return nullptr;
auto E = end();
for (auto I = begin(); I != E; ++I)
if (P(*I))
return &(*I);
return nullptr;
}
/// Remove N Elements from the end. This leaves the blocks behind, and not
/// require allocation of new blocks for new elements added after trimming.
void trim(uint64_t Elements) XRAY_NEVER_INSTRUMENT {
auto OldSize = Size;
Elements = Elements > Size ? Size : Elements;
Size -= Elements;
// We compute the number of segments we're going to return from the tail by
// counting how many elements have been trimmed. Given the following:
//
// - Each segment has N valid positions, where N > 0
// - The previous size > current size
//
// To compute the number of segments to return, we need to perform the
// following calculations for the number of segments required given 'x'
// elements:
//
// f(x) = {
// x == 0 : 0
// , 0 < x <= N : 1
// , N < x <= max : x / N + (x % N ? 1 : 0)
// }
//
// We can simplify this down to:
//
// f(x) = {
// x == 0 : 0,
// , 0 < x <= max : x / N + (x < N || x % N ? 1 : 0)
// }
//
// And further down to:
//
// f(x) = x ? x / N + (x < N || x % N ? 1 : 0) : 0
//
// We can then perform the following calculation `s` which counts the number
// of segments we need to remove from the end of the data structure:
//
// s(p, c) = f(p) - f(c)
//
// If we treat p = previous size, and c = current size, and given the
// properties above, the possible range for s(...) is [0..max(typeof(p))/N]
// given that typeof(p) == typeof(c).
auto F = [](uint64_t X) {
return X ? (X / ElementsPerSegment) +
(X < ElementsPerSegment || X % ElementsPerSegment ? 1 : 0)
: 0;
};
auto PS = F(OldSize);
auto CS = F(Size);
DCHECK_GE(PS, CS);
auto SegmentsToTrim = PS - CS;
for (auto I = 0uL; I < SegmentsToTrim; ++I) {
// Here we place the current tail segment to the freelist. To do this
// appropriately, we need to perform a splice operation on two
// bidirectional linked-lists. In particular, we have the current state of
// the doubly-linked list of segments:
//
// @S@ <- s0 <-> s1 <-> ... <-> sT -> @S@
//
DCHECK_NE(Head, &SentinelSegment);
DCHECK_NE(Tail, &SentinelSegment);
DCHECK_EQ(Tail->Next, &SentinelSegment);
if (Freelist == &SentinelSegment) {
// Our two lists at this point are in this configuration:
//
// Freelist: (potentially) @S@
// Mainlist: @S@<-s0<->s1<->...<->sPT<->sT->@S@
// ^ Head ^ Tail
//
// The end state for us will be this configuration:
//
// Freelist: @S@<-sT->@S@
// Mainlist: @S@<-s0<->s1<->...<->sPT->@S@
// ^ Head ^ Tail
//
// The first step for us is to hold a reference to the tail of Mainlist,
// which in our notation is represented by sT. We call this our "free
// segment" which is the segment we are placing on the Freelist.
//
// sF = sT
//
// Then, we also hold a reference to the "pre-tail" element, which we
// call sPT:
//
// sPT = pred(sT)
//
// We want to splice sT into the beginning of the Freelist, which in
// an empty Freelist means placing a segment whose predecessor and
// successor is the sentinel segment.
//
// The splice operation then can be performed in the following
// algorithm:
//
// succ(sPT) = S
// pred(sT) = S
// succ(sT) = Freelist
// Freelist = sT
// Tail = sPT
//
auto SPT = Tail->Prev;
SPT->Next = &SentinelSegment;
Tail->Prev = &SentinelSegment;
Tail->Next = Freelist;
Freelist = Tail;
Tail = SPT;
// Our post-conditions here are:
DCHECK_EQ(Tail->Next, &SentinelSegment);
DCHECK_EQ(Freelist->Prev, &SentinelSegment);
} else {
// In the other case, where the Freelist is not empty, we perform the
// following transformation instead:
//
// This transforms the current state:
//
// Freelist: @S@<-f0->@S@
// ^ Freelist
// Mainlist: @S@<-s0<->s1<->...<->sPT<->sT->@S@
// ^ Head ^ Tail
//
// Into the following:
//
// Freelist: @S@<-sT<->f0->@S@
// ^ Freelist
// Mainlist: @S@<-s0<->s1<->...<->sPT->@S@
// ^ Head ^ Tail
//
// The algorithm is:
//
// sFH = Freelist
// sPT = pred(sT)
// pred(SFH) = sT
// succ(sT) = Freelist
// pred(sT) = S
// succ(sPT) = S
// Tail = sPT
// Freelist = sT
//
auto SFH = Freelist;
auto SPT = Tail->Prev;
auto ST = Tail;
SFH->Prev = ST;
ST->Next = Freelist;
ST->Prev = &SentinelSegment;
SPT->Next = &SentinelSegment;
Tail = SPT;
Freelist = ST;
// Our post-conditions here are:
DCHECK_EQ(Tail->Next, &SentinelSegment);
DCHECK_EQ(Freelist->Prev, &SentinelSegment);
DCHECK_EQ(Freelist->Next->Prev, Freelist);
}
}
// Now in case we've spliced all the segments in the end, we ensure that the
// main list is "empty", or both the head and tail pointing to the sentinel
// segment.
if (Tail == &SentinelSegment)
Head = Tail;
DCHECK(
(Size == 0 && Head == &SentinelSegment && Tail == &SentinelSegment) ||
(Size != 0 && Head != &SentinelSegment && Tail != &SentinelSegment));
DCHECK(
(Freelist != &SentinelSegment && Freelist->Prev == &SentinelSegment) ||
(Freelist == &SentinelSegment && Tail->Next == &SentinelSegment));
}
// Provide iterators.
Iterator<T> begin() const XRAY_NEVER_INSTRUMENT {
return Iterator<T>(Head, 0, Size);
}
Iterator<T> end() const XRAY_NEVER_INSTRUMENT {
return Iterator<T>(Tail, Size, Size);
}
Iterator<const T> cbegin() const XRAY_NEVER_INSTRUMENT {
return Iterator<const T>(Head, 0, Size);
}
Iterator<const T> cend() const XRAY_NEVER_INSTRUMENT {
return Iterator<const T>(Tail, Size, Size);
}
};
// We need to have this storage definition out-of-line so that the compiler can
// ensure that storage for the SentinelSegment is defined and has a single
// address.
template <class T>
typename Array<T>::Segment Array<T>::SentinelSegment{
&Array<T>::SentinelSegment, &Array<T>::SentinelSegment, {'\0'}};
} // namespace __xray
#endif // XRAY_SEGMENTED_ARRAY_H
|