v8/tools/gcmole
Yang Guo f9934aa9cf [gyp] move gyp files from src to gypfiles.
Bug: v8:7341
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I90879be3a94745859b7da7c9bb9b6533af11cc2d
Reviewed-on: https://chromium-review.googlesource.com/878221
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50790}
2018-01-23 09:54:36 +00:00
..
bootstrap.sh Update gcmole to a more recent clang/llvm. 2014-08-07 12:56:53 +00:00
download_gcmole_tools.py Remove "Skipping X download..." messages from gclient hooks 2017-10-21 14:22:37 +00:00
gccause.lua Adjust contents of kAheadOfTime to match write-barrier stub called from CompileArrayPushCall. 2011-10-04 11:38:12 +00:00
gcmole-tools.tar.gz.sha1 [test] Upgrade gcmole plugin 2017-02-16 14:54:22 +00:00
gcmole.cc [gcmole] Fixes for unreachable code 2017-02-16 14:13:11 +00:00
gcmole.lua [gyp] move gyp files from src to gypfiles. 2018-01-23 09:54:36 +00:00
Makefile Update gcmole to a more recent clang/llvm. 2014-08-07 12:56:53 +00:00
parallel.py Make gcmole execute in parallel. 2015-02-18 15:35:34 +00:00
README Make it clear that GCMole depends on Clang 2.9 currently. 2013-04-23 12:48:59 +00:00
run_gcmole.gyp [gn] Move build to gypfiles 2016-04-29 10:11:11 +00:00
run-gcmole.isolate [gn] Add gn support to gcmole 2016-09-21 11:45:24 +00:00
run-gcmole.py [tools] Properly handle sigterm in gcmole 2017-04-05 09:36:48 +00:00

DESCRIPTION -------------------------------------------------------------------

gcmole is a simple static analysis tool used to find possible evaluation order 
dependent GC-unsafe places in the V8 codebase.

For example the following code is GC-unsafe:

Handle<Object> Foo();  // Assume Foo can trigger a GC.
void Bar(Object*, Object*);

Handle<Object> baz;
baz->Qux(*Foo());  // (a)  
Bar(*Foo(), *baz);  // (b)

Both in cases (a) and (b) compiler is free to evaluate call arguments (that 
includes receiver) in any order. That means it can dereference baz before 
calling to Foo and save a raw pointer to a heap object in the register or 
on the stack.  

PREREQUISITES -----------------------------------------------------------------

1) Install Lua 5.1

2) Get LLVM 2.9 and Clang 2.9 sources and build them.

Follow the instructions on http://clang.llvm.org/get_started.html.

Make sure to pass --enable-optimized to configure to get Release build 
instead of a Debug one.

3) Build gcmole Clang plugin (libgcmole.so)

In the tools/gcmole execute the following command:

LLVM_SRC_ROOT=<path-to-llvm-source-root> make

USING GCMOLE ------------------------------------------------------------------

gcmole consists of driver script written in Lua and Clang plugin that does
C++ AST processing. Plugin (libgcmole.so) is expected to be in the same
folder as driver (gcmole.lua).

To start analysis cd into the root of v8 checkout and execute the following
command:

CLANG_BIN=<path-to-clang-bin-folder> lua tools/gcmole/gcmole.lua [<arch>]

where arch should be one of architectures supported by V8 (arm, ia32, x64).

Analysis will be performed in 2 stages: 

- on the first stage driver will parse all files and build a global callgraph 
approximation to find all functions that might potentially cause GC, list
of this functions will be written into gcsuspects file.

- on the second stage driver will parse all files again and will locate all 
callsites that might be GC-unsafe based on the list of functions causing GC. 
Such places are marked with a "Possible problem with evaluation order." 
warning. Messages "Failed to resolve v8::internal::Object" are benign and 
can be ignored.

If any errors were found driver exits with non-zero status.