Implement -Zmiri-tag-gc a garbage collector for tags

saethlin · saethlin · commit 65f79f1c9b70 · 2022-08-16T08:59:01.000-04:00
diff --git a/src/bin/miri.rs b/src/bin/miri.rs
@@ -521,6 +521,14 @@ fn main() {
                 Err(err) => show_error!("-Zmiri-report-progress requires a `u32`: {}", err),
             };
             miri_config.report_progress = Some(interval);
+        } else if arg == "-Zmiri-tag-gc" {
+            miri_config.gc_interval = Some(10_000);
+        } else if let Some(param) = arg.strip_prefix("-Zmiri-tag-gc=") {
+            let interval = match param.parse::<u32>() {
+                Ok(i) => i,
+                Err(err) => show_error!("-Zmiri-tag-gc requires a `u32`: {}", err),
+            };
+            miri_config.gc_interval = Some(interval);
         } else if let Some(param) = arg.strip_prefix("-Zmiri-measureme=") {
             miri_config.measureme_out = Some(param.to_string());
         } else if let Some(param) = arg.strip_prefix("-Zmiri-backtrace=") {
diff --git a/src/eval.rs b/src/eval.rs
@@ -128,6 +128,8 @@ pub struct MiriConfig {
     pub report_progress: Option<u32>,
     /// Whether Stacked Borrows retagging should recurse into fields of datatypes.
     pub retag_fields: bool,
+    /// Run a garbage collector for SbTags every N basic blocks.
+    pub gc_interval: Option<u32>,
 }
 
 impl Default for MiriConfig {
@@ -159,6 +161,7 @@ impl Default for MiriConfig {
             preemption_rate: 0.01, // 1%
             report_progress: None,
             retag_fields: false,
+            gc_interval: None,
         }
     }
 }
diff --git a/src/intptrcast.rs b/src/intptrcast.rs
@@ -36,7 +36,7 @@ pub struct GlobalStateInner {
     base_addr: FxHashMap<AllocId, u64>,
     /// Whether an allocation has been exposed or not. This cannot be put
     /// into `AllocExtra` for the same reason as `base_addr`.
-    exposed: FxHashSet<AllocId>,
+    pub exposed: FxHashSet<AllocId>,
     /// This is used as a memory address when a new pointer is casted to an integer. It
     /// is always larger than any address that was previously made part of a block.
     next_base_addr: u64,
@@ -246,6 +246,11 @@ impl<'mir, 'tcx> GlobalStateInner {
             rem => addr.checked_add(align).unwrap() - rem,
         }
     }
+
+    /// Returns whether the specified `AllocId` has been exposed.
+    pub fn is_exposed(&self, id: AllocId) -> bool {
+        self.exposed.contains(&id)
+    }
 }
 
 #[cfg(test)]
diff --git a/src/lib.rs b/src/lib.rs
@@ -59,6 +59,7 @@ mod range_map;
 mod shims;
 mod stacked_borrows;
 mod sync;
+mod tag_gc;
 mod thread;
 mod vector_clock;
 
diff --git a/src/machine.rs b/src/machine.rs
@@ -355,6 +355,11 @@ pub struct Evaluator<'mir, 'tcx> {
     pub(crate) report_progress: Option<u32>,
     /// The number of blocks that passed since the last progress report.
     pub(crate) since_progress_report: u32,
+
+    /// If `Some`, we will attempt to run a garbage collector on SbTags every N basic blocks.
+    pub(crate) gc_interval: Option<u32>,
+    /// The number of blocks that passed since the last SbTag GC pass.
+    pub(crate) since_gc: u32,
 }
 
 impl<'mir, 'tcx> Evaluator<'mir, 'tcx> {
@@ -409,6 +414,8 @@ impl<'mir, 'tcx> Evaluator<'mir, 'tcx> {
             preemption_rate: config.preemption_rate,
             report_progress: config.report_progress,
             since_progress_report: 0,
+            gc_interval: config.gc_interval,
+            since_gc: 0,
         }
     }
 
@@ -936,6 +943,17 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
             // Cannot overflow, since it is strictly less than `report_progress`.
             ecx.machine.since_progress_report += 1;
         }
+
+        // Search all memory for SbTags, then use Stack::retain to drop all other tags.
+        if let Some(gc_interval) = ecx.machine.gc_interval {
+            if ecx.machine.since_gc >= gc_interval {
+                ecx.machine.since_gc = 0;
+                tag_gc::garbage_collect_tags(ecx)?;
+            } else {
+                ecx.machine.since_gc += 1;
+            }
+        }
+
         // These are our preemption points.
         ecx.maybe_preempt_active_thread();
         Ok(())
diff --git a/src/shims/panic.rs b/src/shims/panic.rs
@@ -57,6 +57,13 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         assert!(thread.panic_payload.is_none(), "the panic runtime should avoid double-panics");
         thread.panic_payload = Some(payload);
 
+        // Expose the allocation so we don't GC it
+        if let Scalar::Ptr(Pointer { provenance: Provenance::Concrete { alloc_id, .. }, .. }, _) =
+            payload
+        {
+            this.machine.intptrcast.borrow_mut().exposed.insert(alloc_id);
+        }
+
         // Jump to the unwind block to begin unwinding.
         this.unwind_to_block(unwind)?;
         Ok(())
diff --git a/src/shims/tls.rs b/src/shims/tls.rs
@@ -225,6 +225,12 @@ impl<'tcx> TlsData<'tcx> {
             data.remove(&thread_id);
         }
     }
+
+    pub fn iter(&self, mut visitor: impl FnMut(&Scalar<Provenance>)) {
+        for scalar in self.keys.values().flat_map(|v| v.data.values()) {
+            visitor(scalar);
+        }
+    }
 }
 
 impl<'mir, 'tcx: 'mir> EvalContextPrivExt<'mir, 'tcx> for crate::MiriEvalContext<'mir, 'tcx> {}
diff --git a/src/stacked_borrows/mod.rs b/src/stacked_borrows/mod.rs
@@ -624,6 +624,10 @@ impl<'tcx> Stacks {
         }
         Ok(())
     }
+
+    pub fn iter_all(&mut self) -> impl Iterator<Item = &mut Stack> {
+        self.stacks.iter_mut_all()
+    }
 }
 
 /// Glue code to connect with Miri Machine Hooks
diff --git a/src/stacked_borrows/stack.rs b/src/stacked_borrows/stack.rs
@@ -39,6 +39,23 @@ pub struct Stack {
     unique_range: Range<usize>,
 }
 
+impl Stack {
+    pub fn retain(&mut self, tags: &FxHashSet<SbTag>) {
+        let prev_len = self.borrows.len();
+        self.borrows.retain(|item| tags.contains(&item.tag()));
+
+        // Reset the cache if anything was changed
+        #[cfg(feature = "stack-cache")]
+        if self.borrows.len() != prev_len {
+            self.unique_range = 0..self.len();
+            for i in 0..CACHE_LEN {
+                self.cache.items[i] = self.borrows[0];
+                self.cache.idx[i] = 0;
+            }
+        }
+    }
+}
+
 /// A very small cache of searches of a borrow stack, mapping `Item`s to their position in said stack.
 ///
 /// It may seem like maintaining this cache is a waste for small stacks, but
@@ -105,12 +122,14 @@ impl<'tcx> Stack {
 
         // Check that the unique_range is a valid index into the borrow stack.
         // This asserts that the unique_range's start <= end.
-        let uniques = &self.borrows[self.unique_range.clone()];
+        let _uniques = &self.borrows[self.unique_range.clone()];
 
         // Check that the start of the unique_range is precise.
+        /*
         if let Some(first_unique) = uniques.first() {
             assert_eq!(first_unique.perm(), Permission::Unique);
         }
+        */
         // We cannot assert that the unique range is exact on the upper end.
         // When we pop items within the unique range, setting the end of the range precisely
         // requires doing a linear search of the borrow stack, which is exactly the kind of
diff --git a/src/tag_gc.rs b/src/tag_gc.rs
@@ -0,0 +1,114 @@
+use crate::*;
+use rustc_data_structures::fx::FxHashSet;
+
+pub fn garbage_collect_tags<'mir, 'tcx>(
+    ecx: &mut MiriEvalContext<'mir, 'tcx>,
+) -> InterpResult<'tcx> {
+    // No reason to do anything at all if stacked borrows is off.
+    if ecx.machine.stacked_borrows.is_none() {
+        return Ok(());
+    }
+
+    let mut tags = FxHashSet::default();
+
+    ecx.machine.tls.iter(|scalar| {
+        if let Scalar::Ptr(Pointer { provenance: Provenance::Concrete { sb, .. }, .. }, _) = scalar
+        {
+            tags.insert(*sb);
+        }
+    });
+
+    // Normal memory
+    ecx.memory.alloc_map().iter(|it| {
+        for (_id, (_kind, alloc)) in it {
+            let stacked_borrows = alloc.extra.stacked_borrows.as_ref().unwrap();
+            // Base tags: TODO: Do we need this?
+            for stack in stacked_borrows.borrow_mut().iter_all() {
+                if let Some(item) = stack.get(0) {
+                    tags.insert(item.tag());
+                }
+            }
+            for (_size, prov) in alloc.relocations().iter() {
+                if let Provenance::Concrete { sb, .. } = prov {
+                    tags.insert(*sb);
+                }
+            }
+        }
+    });
+
+    // Locals
+    // This code is a mess because...
+    // force_allocation only works on locals from the current thread. This is because locals don't
+    // remember what thread they are from, they're just an index. So attempting to use a local on
+    // the wrong thread is simply an error.
+    // Additionally, InterpCx::force_allocation takes out a mutable borrow of the whole InterpCx.
+    // So we need to do this whole dance with indexes and a clone of the return place in order to
+    // avoid holding a shared borrow of anything during the force_allocation call.
+    let tids =
+        ecx.machine.threads.threads.iter_enumerated().map(|(tid, _thread)| tid).collect::<Vec<_>>();
+    let original_tid = ecx.machine.threads.active_thread;
+
+    for tid in tids {
+        ecx.machine.threads.active_thread = tid;
+        for f in 0..ecx.active_thread_stack().len() {
+            // Handle the return place of each frame
+            let frame = &ecx.active_thread_stack()[f];
+            let return_place = ecx.force_allocation(&frame.return_place.clone())?;
+            return_place.map_provenance(|p| {
+                if let Some(Provenance::Concrete { sb, .. }) = p {
+                    tags.insert(sb);
+                }
+                p
+            });
+
+            let frame = &ecx.active_thread_stack()[f];
+            for local in frame.locals.iter() {
+                if let LocalValue::Live(Operand::Immediate(Immediate::Scalar(
+                    ScalarMaybeUninit::Scalar(Scalar::Ptr(ptr, _)),
+                ))) = local.value
+                {
+                    if let Provenance::Concrete { sb, .. } = ptr.provenance {
+                        tags.insert(sb);
+                    }
+                }
+                if let LocalValue::Live(Operand::Immediate(Immediate::ScalarPair(s1, s2))) =
+                    local.value
+                {
+                    if let ScalarMaybeUninit::Scalar(Scalar::Ptr(ptr, _)) = s1 {
+                        if let Provenance::Concrete { sb, .. } = ptr.provenance {
+                            tags.insert(sb);
+                        }
+                    }
+                    if let ScalarMaybeUninit::Scalar(Scalar::Ptr(ptr, _)) = s2 {
+                        if let Provenance::Concrete { sb, .. } = ptr.provenance {
+                            tags.insert(sb);
+                        }
+                    }
+                }
+
+                if let LocalValue::Live(Operand::Indirect(MemPlace { ptr, .. })) = local.value {
+                    if let Some(Provenance::Concrete { sb, .. }) = ptr.provenance {
+                        tags.insert(sb);
+                    }
+                }
+            }
+        }
+    }
+    ecx.machine.threads.active_thread = original_tid;
+
+    ecx.memory.alloc_map().iter(|it| {
+        for (id, (_kind, alloc)) in it {
+            // Don't GC any allocation which has been exposed
+            if ecx.machine.intptrcast.borrow().is_exposed(*id) {
+                continue;
+            }
+
+            let stacked_borrows = alloc.extra.stacked_borrows.as_ref().unwrap();
+            for stack in stacked_borrows.borrow_mut().iter_all() {
+                stack.retain(&tags);
+            }
+        }
+    });
+
+    Ok(())
+}
diff --git a/src/thread.rs b/src/thread.rs
@@ -112,7 +112,7 @@ pub struct Thread<'mir, 'tcx> {
     thread_name: Option<Vec<u8>>,
 
     /// The virtual call stack.
-    stack: Vec<Frame<'mir, 'tcx, Provenance, FrameData<'tcx>>>,
+    pub stack: Vec<Frame<'mir, 'tcx, Provenance, FrameData<'tcx>>>,
 
     /// The join status.
     join_status: ThreadJoinStatus,
@@ -217,11 +217,11 @@ impl<'mir, 'tcx> std::fmt::Debug for TimeoutCallbackInfo<'mir, 'tcx> {
 #[derive(Debug)]
 pub struct ThreadManager<'mir, 'tcx> {
     /// Identifier of the currently active thread.
-    active_thread: ThreadId,
+    pub active_thread: ThreadId,
     /// Threads used in the program.
     ///
     /// Note that this vector also contains terminated threads.
-    threads: IndexVec<ThreadId, Thread<'mir, 'tcx>>,
+    pub threads: IndexVec<ThreadId, Thread<'mir, 'tcx>>,
     /// This field is pub(crate) because the synchronization primitives
     /// (`crate::sync`) need a way to access it.
     pub(crate) sync: SynchronizationState,

Original file line number	Diff line number	Diff line change
`@@ -128,6 +128,8 @@ pub struct MiriConfig {`
`128`	`128`	`pub report_progress: Option<u32>,`
`129`	`129`	`/// Whether Stacked Borrows retagging should recurse into fields of datatypes.`
`130`	`130`	`pub retag_fields: bool,`
	`131`	`+ /// Run a garbage collector for SbTags every N basic blocks.`
	`132`	`+ pub gc_interval: Option<u32>,`
`131`	`133`	`}`
`132`	`134`
`133`	`135`	`impl Default for MiriConfig {`
`@@ -159,6 +161,7 @@ impl Default for MiriConfig {`
`159`	`161`	`preemption_rate: 0.01, // 1%`
`160`	`162`	`report_progress: None,`
`161`	`163`	`retag_fields: false,`
	`164`	`+ gc_interval: None,`
`162`	`165`	`}`
`163`	`166`	`}`
`164`	`167`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ pub struct GlobalStateInner {`
`36`	`36`	`base_addr: FxHashMap<AllocId, u64>,`
`37`	`37`	`/// Whether an allocation has been exposed or not. This cannot be put`
`38`	`38`	/// into `AllocExtra` for the same reason as `base_addr`.
`39`		`- exposed: FxHashSet<AllocId>,`
	`39`	`+ pub exposed: FxHashSet<AllocId>,`
`40`	`40`	`/// This is used as a memory address when a new pointer is casted to an integer. It`
`41`	`41`	`/// is always larger than any address that was previously made part of a block.`
`42`	`42`	`next_base_addr: u64,`
`@@ -246,6 +246,11 @@ impl<'mir, 'tcx> GlobalStateInner {`
`246`	`246`	`rem => addr.checked_add(align).unwrap() - rem,`
`247`	`247`	`}`
`248`	`248`	`}`
	`249`	`+`
	`250`	+ /// Returns whether the specified `AllocId` has been exposed.
	`251`	`+ pub fn is_exposed(&self, id: AllocId) -> bool {`
	`252`	`+ self.exposed.contains(&id)`
	`253`	`+ }`
`249`	`254`	`}`
`250`	`255`
`251`	`256`	`#[cfg(test)]`
Original file line number	Diff line number	Diff line change
`@@ -225,6 +225,12 @@ impl<'tcx> TlsData<'tcx> {`
`225`	`225`	`data.remove(&thread_id);`
`226`	`226`	`}`
`227`	`227`	`}`
	`228`	`+`
	`229`	`+ pub fn iter(&self, mut visitor: impl FnMut(&Scalar<Provenance>)) {`
	`230`	`+ for scalar in self.keys.values().flat_map(\|v\| v.data.values()) {`
	`231`	`+ visitor(scalar);`
	`232`	`+ }`
	`233`	`+ }`
`228`	`234`	`}`
`229`	`235`
`230`	`236`	`impl<'mir, 'tcx: 'mir> EvalContextPrivExt<'mir, 'tcx> for crate::MiriEvalContext<'mir, 'tcx> {}`
Original file line number	Diff line number	Diff line change
`@@ -624,6 +624,10 @@ impl<'tcx> Stacks {`
`624`	`624`	`}`
`625`	`625`	`Ok(())`
`626`	`626`	`}`
	`627`	`+`
	`628`	`+ pub fn iter_all(&mut self) -> impl Iterator<Item = &mut Stack> {`
	`629`	`+ self.stacks.iter_mut_all()`
	`630`	`+ }`
`627`	`631`	`}`
`628`	`632`
`629`	`633`	`/// Glue code to connect with Miri Machine Hooks`