I: Background
1. Storytelling
The writing of this piece originated when a friend at the boot camp mentioned a problem in the!t -special The output has aSuspendEE character, how is this character made in coreclr? The output is as follows:
0:000> !t -special
ThreadCount: 3
UnstartedThread: 0
BackgroundThread: 2
PendingThread: 0
DeadThread: 0
Hosted Runtime: no
Lock
DBG ID OSID ThreadOBJ State GC Mode GC Alloc Context Domain Count Apt Exception
0 1 4ab0 000001CC44E5C490 2a020 Cooperative 0000000000000000:0000000000000000 000001cc44e520d0 -00001 MTA (GC)
11 2 19d8 000001CC44E84700 21220 Preemptive 0000000000000000:0000000000000000 000001cc44e520d0 -00001 Ukn (Finalizer)
12 3 6668 000001CC44ED4520 2b220 Preemptive 0000000000000000:0000000000000000 000001cc44e520d0 -00001 MTA
OSID Special thread type
0 4ab0 SuspendEE
10 3b6c DbgHelper
11 19d8 Finalizer
Haha, in fact, I can especially understand, a lot of people learn advanced debugging after curiosity will be bursting, look at what all want to explore the bottom, there is a kind of technical rebirth, this article we will have a good chat.
II: WinDbg Analysis
1. What is the SuspendEE marking?
The word is called Suspend Engine Execution.Freeze execution engine So, where is the entry method to freeze the execution engine? This tests your knowledge of the skeleton diagram of GC operations, and there is one in the coreclr source code, simplified as follows:
GarbageCollectGeneration()
{
SuspendEE();
garbage_collect();
RestartEE();
}
garbage_collect()
{
generation_to_condemn();
gc1();
}
upperSuspendEE() This is the entry function for the SuspendEE tag in SOS, so let's dig deeper into this method.
2. What did SuspendEE do?
If you read through the source code for the SuspendEE() method, you'll see that the core enumeration variable is theThreadType_DynamicSuspendEE, it plays a role in setting the scene, the reference code is as follows:
thread_local size_t t_ThreadType;
void ThreadSuspend::SuspendEE(SUSPEND_REASON reason)
{
// set tls flags for compat with SOS
ClrFlsSetThreadType(ThreadType_DynamicSuspendEE);
}
void ClrFlsSetThreadType(TlsThreadTypeFlag flag)
{
t_ThreadType |= flag;
gCurrentThreadInfo.m_EETlsData = (void**)&t_ThreadType - TlsIdx_ThreadType;
}
enum PredefinedTlsSlots
{
TlsIdx_ThreadType = 11 // bit flags to indicate special thread's type
};
enum TlsThreadTypeFlag // flag used for thread type in Tls data
{
ThreadType_DynamicSuspendEE = 0x00000020,
}
From the above code we can see that t_ThreadType is a C++ level thread local storage, which means that every thread has its backup, and it is also the core source of the SuspendEE flag, if the 11th slot of m_EETlsData is 0x20, the SuspendEE flag is successfully hit, and the source can be tracked by the gCurrentThreadInfo.m_EETlsData variable to track down the source. With this much information, the next step is to verify the code.
III: Case validation
1. A test code
The code is very simple, a simple manual GC trigger.
internal class Program
{
static void Main(string[] args)
{
();
();
();
}
}
Next, use windbg to place a breakpoint on the SuspendEE method at the entry point.bp coreclr!ThreadSuspend::SuspendEE Observe, screenshot below:
once theThreadType_DynamicSuspendEE=0x20 After assigning the value, you can then use windbg to do a validation.
0:000> x coreclr!*gCurrentThreadInfo*
000001a1`668ee8c0 coreclr!gCurrentThreadInfo = struct ThreadLocalInfo
0:000> dx -id 0,0 -r1 (*((coreclr!ThreadLocalInfo *)0x1a1668ee8c0))
(*((coreclr!ThreadLocalInfo *)0x1a1668ee8c0)) [Type: ThreadLocalInfo]
[+0x000] m_pThread : 0x1a166902e50 [Type: Thread *]
[+0x008] m_pAppDomain : 0x1a166948b40 [Type: AppDomain *]
[+0x010] m_EETlsData : 0x1a1668ee880 [Type: void * *]
0:000> dp 0x1a1668ee880
000001a1`668ee880 00000000`00000000 00000000`00000000
000001a1`668ee890 00000000`00000000 00000000`00000000
000001a1`668ee8a0 00000000`00000000 00000000`00000000
000001a1`668ee8b0 00000000`00000000 00000000`00000000
000001a1`668ee8c0 000001a1`66902e50 000001a1`66948b40
000001a1`668ee8d0 000001a1`668ee880 00000000`00000020
As you can see from the output above000001a1668ee8d0+0x8 The content of the address has been successfully seeded, and I believe that by this time the!t -special Can get the markers too.
0:000> !t -special
Lock
DBG ID OSID ThreadOBJ State GC Mode GC Alloc Context Domain Count Apt Exception
0 1 640c 000001A166902E50 2a020 Preemptive 000001A16B0094A8:000001A16B00A5B8 000001a166948b40 -00001 MTA (GC)
11 2 3e50 000001A16692B2D0 21220 Preemptive 0000000000000000:0000000000000000 000001a166948b40 -00001 Ukn (Finalizer)
12 3 6a24 000001A16699F8F0 2b220 Preemptive 0000000000000000:0000000000000000 000001a166948b40 -00001 MTA
OSID Special thread type
0 640c SuspendEE
10 76b0 DbgHelper
11 3e50 Finalizer
So when is this 0x20 taken out? The answer to this can be found in the source code, continue to go run, the output is as follows:
void ClrFlsClearThreadType(TlsThreadTypeFlag flag)
{
t_ThreadType &= ~flag;
}
0:012> dp 0x1a1668ee880
000001a1`668ee880 00000000`00000000 00000000`00000000
000001a1`668ee890 00000000`00000000 00000000`00000000
000001a1`668ee8a0 00000000`00000000 00000000`00000000
000001a1`668ee8b0 00000000`00000000 00000000`00000000
000001a1`668ee8c0 000001a1`66902e50 000001a1`66948b40
000001a1`668ee8d0 000001a1`668ee880 00000000`00000000
Of course if you go looking for the source code implementation of sos, you will find the appropriate answer as well.
HRESULT PrintSpecialThreads()
{
...
if (ThreadType & ThreadType_DynamicSuspendEE)
{
type += "SuspendEE ";
}
...
return Status;
}
IV: Summary
Digging into the past life of this tag is actually quite interesting looking back, coreclr actually added the m_EETlsData field to give sos a compromise, haha, this highlights the status of sos as a first class citizen.