Lines Matching refs:type
27 * Postmortem type identification
34 * type of an arbitrary memory buffer, however, one has historically been
36 * object of known type is finally reached, types can be back-propagated to
37 * determine the type of the unknown object.
48 * Once the graph is constructed, we start at nodes of known type, and use the
49 * type information to determine the type of each pointer represented by an
50 * outgoing edge. Determining the pointer type allows us to determine the
51 * type of the edge's destination node, and therefore to iteratively continue
52 * the process of type identification. This process works as long as all
56 * type. This is largely due to three phenomena:
59 * pointer to some number of objects of like type.
62 * of structures that are implicitly followed by arrays of the type of the
80 * the structures only by the smaller type. This can be thought of as
96 * an object that is larger than the pointed-to type, we don't know if the
97 * object is an array of objects of the pointed-to type, the pointed-to type
98 * followed by an array of that type's last member, or some other larger type
102 * type graph heuristics. Type graph processing is performed in an initial
103 * pass, four type-determining passes, and a final, post-pass:
110 * marked with their known type. This pass takes the longest amount of
120 * type (that is, we've run into one of the three phenomena described above),
121 * we add the inferred type to the node's tgn_typelist, but we don't descend.
131 * calculate the size of the object modulo the size of the inferred type and
134 * array of the inferred type -- if it were an array of the inferred type, it
141 * an array of the inferred type, and we abort processing of the node. Note
144 * can induce substantial cascading type misinterpretation, it is preferred to
145 * be conservative and accurate in such cases -- even if it means a lower type
150 * pass3 coalesces type possibilities by preferring structural possibilities
151 * over non-structural ones. For example, if an object is either of type
152 * "char" (pointed to by a caddr_t) or type "struct frotz", the possibilities
155 * pass4: Non-array type inference
160 * inference for the unknown type, the node is inferred to be of that type, and
161 * the type is propagated. This pass picks up those nodes that are larger than
162 * their inferred type, but for which the inferred type is likely accurate.
163 * (struct dcentry, with its FAM of characters, is an example type that is
171 * If the user can -- by hook or by crook -- determine the true type of this
172 * node (and set it with ::istype), much more type identification should be
175 * node's type better known. We determine the reach by performing a
204 mdb_ctf_id_t tgt_type; /* CTF type */
205 mdb_ctf_id_t tgt_utype; /* unresolved CTF type */
206 mdb_ctf_id_t tgt_rtype; /* referring type */
210 struct tg_type *tgt_next; /* next type */
224 tg_type_t *tgn_fraglist; /* type fragment list */
229 mdb_ctf_id_t tgn_type; /* known type */
246 mdb_ctf_id_t tgto_type; /* found type */
271 mdb_ctf_id_t tgtd_type; /* conjectured type */
282 * To assist type identification, specific caches are identified with the
307 * to keep interface clients from eating the Forbidden Fruit, it can make type
309 * structures like dev_info_t. To assist type identification, we keep a table
312 * translation is preventing substantial type identification. (This can be
345 static int tg_built; /* flag indicating that type graph is built */
359 mdb_warn("can't find type '%s'\n",
367 mdb_warn("can't find type '%s'\n",
375 * A wrapper around mdb_ctf_type_resolve() that first checks the type
379 typegraph_resolve(mdb_ctf_id_t type)
388 if (mdb_ctf_type_cmp(type, tg_typetab[i].tgt_type) == 0) {
389 type = tg_typetab[i].tgt_actual_type;
394 (void) mdb_ctf_type_resolve(type, &ret);
402 * "typedef struct { int bar } foo_t"); we expect the unresolved type to
406 typegraph_type_name(mdb_ctf_id_t type, mdb_ctf_id_t utype)
410 if (mdb_ctf_type_name(type, buf, sizeof (buf)) == NULL) {
428 typegraph_size(mdb_ctf_id_t type)
433 if (!mdb_ctf_type_valid(type))
436 if (mdb_ctf_type_kind(type) != CTF_K_ARRAY)
437 return (mdb_ctf_type_size(type));
439 if (mdb_ctf_array_info(type, &arr) == -1)
442 type = typegraph_resolve(arr.mta_contents);
444 if (!mdb_ctf_type_valid(type))
447 if ((size = mdb_ctf_type_size(type)) == -1)
457 typegraph_offiter(const char *name, mdb_ctf_id_t type,
473 if (!mdb_ctf_type_valid(type = typegraph_resolve(type)))
476 if ((size = mdb_ctf_type_size(type)) == -1)
488 * If the base type is not a structure, an array or a union, and
489 * the offset equals the desired offset, we have our type.
491 if ((kind = mdb_ctf_type_kind(type)) != CTF_K_STRUCT &&
494 toffs->tgto_type = type;
503 * If the type is an array, see if we fall within the bounds.
506 if (mdb_ctf_array_info(type, &arr) == -1)
509 type = typegraph_resolve(arr.mta_contents);
511 if (!mdb_ctf_type_valid(type))
514 size = mdb_ctf_type_size(type) * arr.mta_nelems;
524 toffs->tgto_type = typegraph_type_offset(type,
531 * The mdb_ctf_member_iter() callback for typegraph_type_offset() when the type
538 typegraph_union(const char *name, mdb_ctf_id_t type, ulong_t off,
547 if (!mdb_ctf_type_valid(type = typegraph_resolve(type)))
550 kind = mdb_ctf_type_kind(type);
554 type = typegraph_type_offset(type,
558 if (!mdb_ctf_type_valid(type))
561 if (mdb_ctf_type_kind(type) != CTF_K_POINTER)
567 if (mdb_ctf_type_reference(type, &rtype) == -1)
578 * the alleged pointer type must be an invalid interpretation of the
589 * This looks like it could be legit. If the type hasn't been
595 * union. Invalidate the type.
601 toffs->tgto_type = type;
612 mdb_ctf_id_t type, ulong_t off, void *last)
614 *((mdb_ctf_id_t *)last) = type;
628 typegraph_hasfam(mdb_ctf_id_t type, mdb_ctf_id_t *atype)
634 if (!mdb_ctf_type_valid(type))
637 if ((kind = mdb_ctf_type_kind(type)) != CTF_K_STRUCT)
641 mdb_ctf_member_iter(type, typegraph_lastmember, &last);
652 if (typegraph_size(last) == typegraph_size(type)) {
675 * This routine takes a type and offset, and returns the type at the specified
681 typegraph_type_offset(mdb_ctf_id_t type, size_t offset, tg_edge_t *e,
698 * Resolve type to its base type.
700 type = typegraph_resolve(type);
701 kind = mdb_ctf_type_kind(type);
708 * structure, and then determine our offset within that type.
711 if (mdb_ctf_array_info(type, &arr) == -1)
714 type = typegraph_resolve(arr.mta_contents);
716 if (!mdb_ctf_type_valid(type))
720 * If the type is not a structure/union, then check that the
721 * offset doesn't point to the middle of the base type and
724 kind = mdb_ctf_type_kind(type);
725 size = mdb_ctf_type_size(type);
731 * type; return failure.
736 return (type);
739 return (typegraph_type_offset(type, offset % size, e, member));
747 * (a) A structure that has this type as its first member.
749 * (b) An array of structures of this type.
757 size = mdb_ctf_type_size(type);
760 if (typegraph_hasfam(type, &last)) {
782 mdb_ctf_member_iter(type,
788 if (!mdb_ctf_type_valid(type = typegraph_resolve(type)))
791 size = mdb_ctf_type_size(type);
795 * The offset is pointing to the middle of a type;
801 return (type);
820 if (mdb_ctf_member_iter(type,
826 (void) mdb_ctf_lookup_by_name("void *", &type);
828 return (type);
840 return (type);
845 * This routine takes an address and a type, and determines if the memory
846 * pointed to by the specified address could be of the specified type.
848 * simple: this is _not_ of the specified type if it's a pointer, and either:
850 * (a) The alignment is not correct given the type that is pointed to.
858 typegraph_couldbe(uintptr_t addr, mdb_ctf_id_t type)
866 if (mdb_ctf_type_kind(type) != CTF_K_POINTER)
869 if (mdb_ctf_type_reference(type, &rtype) == -1)
882 mdb_warn("failed to evaluate pointer type at address %p", addr);
898 mdb_ctf_type_name(type, buf, sizeof (buf)));
921 mdb_ctf_type_name(type, buf, sizeof (buf)));
1050 mdb_ctf_id_t type;
1053 mdb_ctf_type_invalidate(&type);
1074 &type) == -1) {
1075 mdb_warn("could not find type '%s', allegedly type "
1162 node->tgn_type = type;
1200 typegraph_build_anchored(uintptr_t addr, size_t size, mdb_ctf_id_t type)
1221 src->tgn_type = type;
1278 * of type graph construction, we avoid recursing.
1345 mdb_ctf_id_t type;
1370 * We have the symbol; now get its type.
1372 if (mdb_ctf_lookup_by_addr(addr, &type) == -1) {
1377 if (!mdb_ctf_type_valid(type)) {
1382 if (!mdb_ctf_type_valid(type = typegraph_resolve(type))) {
1387 typegraph_build_anchored(addr, (size_t)sym.st_size, type);
1394 typegraph_thread(uintptr_t addr, const kthread_t *t, mdb_ctf_id_t *type)
1398 * regardless, set its type to be the specified type.
1403 typegraph_build_anchored(addr, mdb_ctf_type_size(*type), *type);
1405 node->tgn_type = *type;
1413 typegraph_kstat(uintptr_t addr, const vmem_seg_t *seg, mdb_ctf_id_t *type)
1415 size_t size = mdb_ctf_type_size(*type);
1417 typegraph_build_anchored(seg->vs_start, size, *type);
1424 const char *rmember, size_t roffs, mdb_ctf_id_t utype, mdb_ctf_id_t type)
1436 * First, search for this type in the type list.
1439 if (mdb_ctf_type_cmp(tp->tgt_type, type) == 0)
1445 tp->tgt_type = type;
1488 * an exhaustive type search.
1597 * This is called both in pass1 and in subsequent passes (to propagate new type
1601 typegraph_pass1_node(tg_node_t *node, mdb_ctf_id_t type)
1610 if (!mdb_ctf_type_valid(type))
1615 * determine their type.
1617 size = typegraph_size(type);
1627 * (a) If the outgoing edge is beyond the size of the type
1630 * could be looking at array of the projected type -- but
1632 * conjectured type as the root.
1636 * add the type to the type list of the destination node.
1643 if (offs >= typegraph_size(type))
1652 ntype = typegraph_type_offset(type,
1673 typegraph_node_addtype(e->tge_dest, e, type,
1680 * If our destination offset is 0 and the type that we marked
1699 * If the conjectured type is less than half of the
1701 * polymorphic type. It's dangerous to descend in
1702 * this case -- if our conjectured type is larger than
1703 * the actual type, we will mispropagate. (See the
1762 type = this->tgtd_type;
1789 mdb_ctf_id_t type, ntype;
1824 fam = typegraph_hasfam(type = found->tgt_type, &ntype);
1829 * FAM type isn't a struct or pointer, we're going to treat
1838 tsize = typegraph_size(type);
1844 * preferred type is greater than half the size of the node, we
1853 * expecting the type size to evenly divide the node
1854 * size -- we must not have the right type.
1861 * If this were really an array of this type,
1865 * array of some other type. In either case,
1888 ntype = typegraph_type_offset(type, offs, NULL, NULL);
1904 ntype = typegraph_type_offset(type, offs, NULL, NULL);
1926 * Now mark this type as an array, and reattempt pass1 from this node.
1929 typegraph_pass1_node(node, type);
1960 * nodes where one possible type is a structure, and another is
1986 * First, scan for type CTF_K_STRUCT. If we find it, eliminate
2028 mdb_ctf_id_t type, ntype;
2038 mdb_ctf_type_invalidate(&type);
2043 * conjectured type, check the types of the referring node.
2066 if (src != NULL && mdb_ctf_type_cmp(type, ntype) != 0) {
2076 type = ntype;
2080 typegraph_pass1_node(src, type);
2177 * that child is of unknown type. This prevents long
2208 * From those nodes with unknown type and no outgoing edges, we want
2280 mdb_ctf_id_t type;
2300 if (mdb_ctf_lookup_by_name("struct module", &type) != -1)
2301 node->tgn_type = type;
2331 mdb_ctf_id_t type;
2339 if (mdb_ctf_lookup_by_name(typename, &type) == -1) {
2340 mdb_warn("couldn't find type for '%s'", typename);
2344 node->tgn_type = type;
2378 mdb_ctf_id_t type;
2446 if (mdb_ctf_lookup_by_name("kthread_t", &type) == -1) {
2451 if (mdb_walk("thread", (mdb_walk_cb_t)typegraph_thread, &type) == -1) {
2456 if (mdb_ctf_lookup_by_name("ekstat_t", &type) == -1) {
2467 &type, kstat_arena) == -1) {
2530 mdb_warn("type graph not yet built; run ::typegraph.\n");
2573 mdb_printf("unknown type\n");
2613 mdb_printf("(from %p+%p, type %s)\n",
2703 mdb_ctf_id_t type;
2721 * Now look up the specified type.
2723 if (mdb_ctf_lookup_by_name(argv[0].a_un.a_str, &type) == -1) {
2724 mdb_warn("could not find type %s", argv[0].a_un.a_str);
2728 node->tgn_type = type;
2852 findlocks_findmutex(const char *name, mdb_ctf_id_t type, ulong_t offs,
2867 mdb_warn("can't find 'kmutex_t' type");
2872 mdb_warn("can't resolve 'kmutex_t' type");
2877 mdb_warn("can't find 'kthread_t' type");
2882 mdb_warn("can't resolve 'kthread_t' type");
2889 if (!mdb_ctf_type_valid(type))
2892 type = typegraph_resolve(type);
2893 kind = mdb_ctf_type_kind(type);
2895 if (!mdb_ctf_type_valid(type))
2902 if (mdb_ctf_array_info(type, &arr) == -1)
2905 type = typegraph_resolve(arr.mta_contents);
2907 if (!mdb_ctf_type_valid(type))
2912 * if we know that we can't process the type.
2914 kind = mdb_ctf_type_kind(type);
2915 size = mdb_ctf_type_size(type);
2922 findlocks_findmutex(name, type, 0, fl);
2933 if (mdb_ctf_type_cmp(type, mutex) == 0) {
3001 fl->fl_parent = type;
3007 mdb_ctf_member_iter(type, (mdb_ctf_member_f *)findlocks_findmutex, fl);
3019 mdb_ctf_id_t type = node->tgn_type, ntype;
3023 if (!mdb_ctf_type_valid(type)) {
3024 mdb_ctf_type_invalidate(&type);
3052 type = found->tgt_type;
3054 fl->fl_parent = type;
3058 * We have our type. Now iterate for locks. Note that we don't yet
3068 findlocks_findmutex(NULL, type, 0, fl);
3072 findlocks_findmutex(NULL, type, 0, fl);
3075 if (mdb_ctf_type_valid(type))
3155 * ::findfalse: Using type knowledge to detect potential false sharing
3175 * Building on the mechanism for postmortem type information, however, we
3177 * cases of false sharing. Specifically, after having run through the type
3182 * be of type CTF_K_ARRAY, or the node was inferred to be an array in
3183 * pass2 of type identification (described above).
3198 * name (if any), type, type size and total size are provided as output.
3210 findfalse_findsync(const char *name, mdb_ctf_id_t type, ulong_t offs,
3217 mdb_ctf_id_t type;
3232 if (mdb_ctf_lookup_by_name(name, &sync[i].type) == -1) {
3233 mdb_warn("can't find '%s' type", name);
3237 sync[i].type = typegraph_resolve(sync[i].type);
3239 if (!mdb_ctf_type_valid(sync[i].type)) {
3240 mdb_warn("can't resolve '%s' type", name);
3247 * See if this type is any of the synchronization primitives.
3249 if (!mdb_ctf_type_valid(type))
3252 type = typegraph_resolve(type);
3255 if (mdb_ctf_type_cmp(type, sync[i].type) == 0) {
3263 if ((kind = mdb_ctf_type_kind(type)) == CTF_K_ARRAY) {
3266 if (mdb_ctf_array_info(type, &arr) == -1)
3269 type = typegraph_resolve(arr.mta_contents);
3271 return (findfalse_findsync(name, type, 0, NULL));
3277 if (mdb_ctf_member_iter(type,
3287 mdb_ctf_id_t type = node->tgn_type;
3294 if (!mdb_ctf_type_valid(type)) {
3295 mdb_ctf_type_invalidate(&type);
3323 type = found->tgt_type;
3325 if (!mdb_ctf_type_valid(type))
3328 kind = mdb_ctf_type_kind(type);
3348 if (mdb_ctf_array_info(type, &arr) == -1)
3351 type = typegraph_resolve(arr.mta_contents);
3353 if (!mdb_ctf_type_valid(type))
3358 size = mdb_ctf_type_size(type);
3372 * type contains a mutex, rwlock, semaphore or condition variable,
3375 if (!findfalse_findsync(NULL, type, 0, NULL))
3388 mdb_ctf_type_name(type, buf, sizeof (buf)), size,