前言
好久没有动用LLDB了,本篇通过它来看下FOH也就是.NET8里面优化字符串,为了提高其性能增加的FOH堆分配过程。关于FOH可以参考:.NET8极致性能优化Non-GC Heap
详细
来看一个简单的例子:
public static string GetPrefix() => "https://";static void Main(string[] args){ GetPrefix(); GC.Collect(); Console.ReadLine();}
函数GetPrefix里面的字符串“https://”就是被分配到FOH堆里面的,如何验证呢?
首先通过LLDB把CLR运行到托管Main入口
(lldb) b RunMainInternalBreakpoint 7: where = libcoreclr.so`RunMainInternal(Param*) at assembly.cpp:1257, address = 0x00007ffff6d43930(lldb) rProcess 2697 launched: '/home/tang/opt/dotnet/debug_clr/clrrun' (x86_64)Process 2697 stopped* thread #1, name = 'clrrun', stop reason = breakpoint 6.1 7.1 frame #0: 0x00007ffff6d43930 libcoreclr.so`RunMainInternal(pParam=0x00007ffff7faaab6) at assembly.cpp:1257 1254 } param; 1255 1256 static void RunMainInternal(Param* pParam)-> 1257 { 1258 MethodDescCallSite threadStart(pParam->pFD); 1259 1260 PTRARRAYREF StrArgArray = NULL;(lldb)
然后把其运行到JIT前置入口
(lldb) b PreStubWorkerBreakpoint 8: where = libcoreclr.so`::PreStubWorker(TransitionBlock *, MethodDesc *) at prestub.cpp:1865, address = 0x00007ffff6ee6c10(lldb) cProcess 2697 resumingProcess 2697 stopped* thread #1, name = 'clrrun', stop reason = breakpoint 8.1 frame #0: 0x00007ffff6ee6c10 libcoreclr.so`::PreStubWorker(pTransitionBlock=0x00000000ffffcb38, pMD=0x0000000155608c70) at prestub.cpp:1865 1862 // returns a pointer to the new code for the prestub's convenience. 1863 //============================================================================= 1864 extern "C" PCODE STDCALL PreStubWorker(TransitionBlock* pTransitionBlock, MethodDesc* pMD)-> 1865 { 1866 PCODE pbRetVal = NULL; 1867 1868 BEGIN_PRESERVE_LAST_ERROR;
此时可以看下当前JIT编译的函数是谁,这里需要先n命令单步一下
(lldb) nProcess 2697 stopped* thread #1, name = 'clrrun', stop reason = step over frame #0: 0x00007ffff6ee6c36 libcoreclr.so`::PreStubWorker(pTransitionBlock=0x00007fffffffc648, pMD=0x00007fff78f56b70) at prestub.cpp:1866:11 1863 //============================================================================= 1864 extern "C" PCODE STDCALL PreStubWorker(TransitionBlock* pTransitionBlock, MethodDesc* pMD) 1865 {-> 1866 PCODE pbRetVal = NULL; 1867 1868 BEGIN_PRESERVE_LAST_ERROR;
然后通过微软提供的sos.dll Dump下当前的函数描述结构体MethodDesc,pMD是传过来的函数参数,也即是MethodDesc的变量
(lldb) sos dumpmd pMDMethod Name: ConsoleApp1.Test+Program.Main(System.String[])Class: 00007fff78f97530MethodTable: 00007fff78f56c08mdToken: 0000000006000008Module: 00007fff78f542d0IsJitted: noCurrent CodeAddr: ffffffffffffffffVersion History: ILCodeVersion: 0000000000000000 ReJIT ID: 0 IL Addr: 00007ffff7faa2aa CodeAddr: 0000000000000000 (MinOptJitted) NativeCodeVersion: 0000000000000000
可以清晰的看到Method Name就是ConsoleApp1.Test+Program.Main,OK这一步确定了,我们下面继续寻找字符串分配到FOH,首先删掉前面所有的断点
(lldb) br delAbout to delete all breakpoints, do you want to do that?: [Y/n] yAll breakpoints removed. (3 breakpoints)
在TryAllocateObject 函数上下断,它是分配托管内存的函数
(lldb) b TryAllocateObjectBreakpoint 9: 2 locations.
运行到此处
(lldb) cProcess 2697 resumingProcess 2697 stopped* thread #1, name = 'clrrun', stop reason = breakpoint 9.1 frame #0: 0x00007ffff70300c0 libcoreclr.so`FrozenObjectHeapManager::TryAllocateObject(this=0x00007fffffff80b8, type=0x00000008017fa948, objectSize=140737488322759, publish=false) at frozenobjectheap.cpp:22 19 // May return nullptr if object is too large (larger than FOH_COMMIT_SIZE) 20 // in such cases caller is responsible to find a more appropriate heap to allocate it 21 Object* FrozenObjectHeapManager::TryAllocateObject(PTR_MethodTable type, size_t objectSize, bool publish)-> 22 { 23 CONTRACTL 24 { 25 THROWS;
这个函数就是字符串分配到FOH堆的地方,通过它的函数所在的类名即可看出FrozenObjectHeapManager,但是我们依然还是需要验证下。继续n单步这个函数的返回的地方,也就是如下代码:
202-> 203 return object;
此时的这个object变量就是示例里面字符串的“https://”的对象地址,看下它的地址值
(lldb) p/x object(Object *) $14 = 0x00007fffe6bff8c0
记住这个值:0x00007fffe6bff8c0,后面会把它和GC堆的范围进行一个比较。如果它不在GC堆范围,说明.NET8的字符串确实分配在了FOH堆里面。
我们继续单步向下,运行到这个对象被赋值字符串的地方
STRINGREF AllocateStringObject(EEStringData *pStringData, bool preferFrozenObjHeap, bool* pIsFrozen){ //此处省略 memcpyNoGCRefs(strDest, pStringData->GetStringBuffer(), cCount*sizeof(WCHAR)); //此处省略}
然后看下它的内存:
(lldb) memory re 0x00007fffe6bff8c00x7fffe6bff8c0: 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 h.t.t.p.s.:././.0x7fffe6bff8dc: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
它确实是https字符串的对象地址。没有问题。
避免干扰,此时我们再次删除所有断点
(lldb) br delAbout to delete all breakpoints, do you want to do that?: [Y/n] yAll breakpoints removed. (1 breakpoint)
然后在函数is_in_find_object_range处下断,它是在GC回收的时候,判断当前的对象地址是否在GC堆里面,如果是则进行对象标记,如果不是直接返回。可以通过这个获取GC堆的范围,运行到此处
(lldb) b is_in_find_object_range(lldb) cProcess 2697 resumingProcess 2697 stopped* thread #1, name = 'clrrun', stop reason = breakpoint 13.8 frame #0: 0x00007ffff72d881d libcoreclr.so`WKS::GCHeap::Promote(Object**, ScanContext*, unsigned int) [inlined] WKS::gc_heap::is_in_find_object_range(o=0x0000000000000000) at gc.cpp:7906:11 7903 inline 7904 bool gc_heap::is_in_find_object_range (uint8_t* o) 7905 {-> 7906 if (o == nullptr) 7907 { 7908 return false; 7909 }
单步n
(lldb) nProcess 2697 stopped* thread #1, name = 'clrrun', stop reason = step over frame #0: 0x00007ffff72d8831 libcoreclr.so`WKS::GCHeap::Promote(Object**, ScanContext*, unsigned int) [inlined] WKS::gc_heap::is_in_find_object_range(o="@\x9b\xd6x\xff\U0000007f") at gc.cpp:7911:14 7908 return false; 7909 } 7910 #if defined(USE_REGIONS) && defined(FEATURE_CONSERVATIVE_GC)-> 7911 return ((o >= g_gc_lowest_address) && (o < bookkeeping_covered_committed)); 7912 #else //USE_REGIONS && FEATURE_CONSERVATIVE_GC 7913 if ((o >= g_gc_lowest_address) && (o < g_gc_highest_address)) 7914 {
注意,此时我们看到了GC堆的一个范围,也就是变量g_gc_lowest_address和变量g_gc_highest_address,看下它们的地址范围
(lldb) p/x g_gc_lowest_address (uint8_t *) $17 = 0x00007fbf68000000 ""(lldb) p/x g_gc_highest_address(uint8_t *) $18 = 0x00007fff68000000 "0"
上面很明显了,GC堆的范围起始地址:0x00007fbf68000000 ,结束地址:0x00007fff68000000 。而字符串“https://”的对象地址是0x00007fffe6bff8c0,很明显它不在GC堆的范围内。
以上通过分配一个字符串到FOH堆,后调用一个GC.Collect()查看GC堆的范围,对FOH对象地址和GC堆范围进行一个判断,为一个非常简单的FOH字符串分配验证。
结尾
作者:jianghupt
原文:.NET8顶级调试lldb观察FOH堆字符串分配
公众号:jianghupt,文章首发,欢迎关注
经验首页