7 #include "concretepredicate.h"
11 #include "execution.h"
12 #include "newfuzzer.h"
14 /** @brief Constructor */
15 ModelHistory::ModelHistory() :
16 func_counter(1), /* function id starts with 1 */
21 /* The following are snapshot data structures */
22 write_history = new HashTable<void *, value_set_t *, uintptr_t, 4>();
23 loc_rd_func_nodes_map = new HashTable<void *, SnapVector<FuncNode *> *, uintptr_t, 0>();
24 loc_wr_func_nodes_map = new HashTable<void *, SnapVector<FuncNode *> *, uintptr_t, 0>();
25 loc_waiting_writes_map = new HashTable<void *, SnapVector<ConcretePredicate *> *, uintptr_t, 0>();
26 thrd_waiting_write = new SnapVector<ConcretePredicate *>();
27 thrd_wait_obj = new SnapVector<WaitObj *>();
28 func_inst_act_maps = new HashTable<uint32_t, SnapVector<inst_act_map_t *> *, int, 0>(128);
31 ModelHistory::~ModelHistory()
33 // TODO: complete deconstructor; maybe not needed
34 for (uint i = 0; i < thrd_wait_obj->size(); i++)
35 delete (*thrd_wait_obj)[i];
38 void ModelHistory::enter_function(const uint32_t func_id, thread_id_t tid)
40 //model_print("thread %d entering func %d\n", tid, func_id);
41 ModelExecution * execution = model->get_execution();
42 uint id = id_to_int(tid);
44 SnapVector<func_id_list_t> * thrd_func_list = execution->get_thrd_func_list();
45 SnapVector< SnapList<action_list_t *> *> *
46 thrd_func_act_lists = execution->get_thrd_func_act_lists();
47 SnapVector<uint32_t> * thrd_last_entered_func = execution->get_thrd_last_entered_func();
49 if ( thrd_func_list->size() <= id ) {
50 uint oldsize = thrd_func_list->size();
51 thrd_func_list->resize( id + 1 );
52 thrd_func_act_lists->resize( id + 1 );
54 for (uint i = oldsize; i < id + 1; i++) {
55 // push 0 as a dummy function id to a void seg fault
56 new (&(*thrd_func_list)[i]) func_id_list_t();
57 (*thrd_func_list)[i].push_back(0);
59 (*thrd_func_act_lists)[i] = new SnapList<action_list_t *>();
60 thrd_last_entered_func->push_back(0);
64 SnapList<action_list_t *> * func_act_lists = (*thrd_func_act_lists)[id];
65 func_act_lists->push_back( new action_list_t() );
67 uint32_t last_entered_func_id = (*thrd_last_entered_func)[id];
68 (*thrd_last_entered_func)[id] = func_id;
69 (*thrd_func_list)[id].push_back(func_id);
71 if ( func_nodes.size() <= func_id )
72 resize_func_nodes( func_id + 1 );
74 FuncNode * func_node = func_nodes[func_id];
75 func_node->init_predicate_tree_position(tid);
76 func_node->init_inst_act_map(tid);
78 /* Add edges between FuncNodes */
79 if (last_entered_func_id != 0) {
80 FuncNode * last_func_node = func_nodes[last_entered_func_id];
81 last_func_node->add_out_edge(func_node);
84 /* Monitor the statuses of threads waiting for tid */
85 monitor_waiting_thread(func_id, tid);
88 /* @param func_id a non-zero value */
89 void ModelHistory::exit_function(const uint32_t func_id, thread_id_t tid)
91 ModelExecution * execution = model->get_execution();
92 uint32_t id = id_to_int(tid);
93 SnapVector<func_id_list_t> * thrd_func_list = execution->get_thrd_func_list();
94 SnapVector< SnapList<action_list_t *> *> *
95 thrd_func_act_lists = execution->get_thrd_func_act_lists();
97 SnapList<action_list_t *> * func_act_lists = (*thrd_func_act_lists)[id];
98 uint32_t last_func_id = (*thrd_func_list)[id].back();
100 if (last_func_id == func_id) {
101 FuncNode * func_node = func_nodes[func_id];
102 func_node->set_predicate_tree_position(tid, NULL);
103 func_node->reset_inst_act_map(tid);
105 action_list_t * curr_act_list = func_act_lists->back();
107 /* defer the processing of curr_act_list until the function has exits a few times
108 * (currently twice) so that more information can be gathered to infer nullity predicates.
110 func_node->incr_exit_count();
111 if (func_node->get_exit_count() >= 2) {
112 SnapList<action_list_t *> * action_list_buffer = func_node->get_action_list_buffer();
113 while (action_list_buffer->size() > 0) {
114 action_list_t * act_list = action_list_buffer->back();
115 action_list_buffer->pop_back();
116 func_node->update_tree(act_list);
119 func_node->update_tree(curr_act_list);
121 func_node->get_action_list_buffer()->push_front(curr_act_list);
123 (*thrd_func_list)[id].pop_back();
124 func_act_lists->pop_back();
126 model_print("trying to exit with a wrong function id\n");
127 model_print("--- last_func: %d, func_id: %d\n", last_func_id, func_id);
129 //model_print("thread %d exiting func %d\n", tid, func_id);
132 void ModelHistory::resize_func_nodes(uint32_t new_size)
134 uint32_t old_size = func_nodes.size();
136 if ( old_size < new_size )
137 func_nodes.resize(new_size);
139 for (uint32_t id = old_size; id < new_size; id++) {
140 const char * func_name = func_map_rev[id];
141 FuncNode * func_node = new FuncNode(this);
142 func_node->set_func_id(id);
143 func_node->set_func_name(func_name);
144 func_nodes[id] = func_node;
148 void ModelHistory::process_action(ModelAction *act, thread_id_t tid)
150 ModelExecution * execution = model->get_execution();
151 SnapVector<func_id_list_t> * thrd_func_list = execution->get_thrd_func_list();
152 SnapVector< SnapList<action_list_t *> *> *
153 thrd_func_act_lists = execution->get_thrd_func_act_lists();
155 uint32_t thread_id = id_to_int(tid);
156 /* Return if thread tid has not entered any function that contains atomics */
157 if ( thrd_func_list->size() <= thread_id )
160 /* Monitor the statuses of threads waiting for tid */
161 monitor_waiting_thread_counter(tid);
163 /* Every write action should be processed, including
164 * nonatomic writes (which have no position) */
165 if (act->is_write()) {
166 void * location = act->get_location();
167 uint64_t value = act->get_write_value();
168 update_write_history(location, value);
170 /* Notify FuncNodes that may read from this location */
171 SnapVector<FuncNode *> * func_node_list = getRdFuncNodes(location);
172 for (uint i = 0; i < func_node_list->size(); i++) {
173 FuncNode * func_node = (*func_node_list)[i];
174 func_node->add_to_val_loc_map(value, location);
177 check_waiting_write(act);
180 uint32_t func_id = (*thrd_func_list)[thread_id].back();
182 /* The following does not care about actions that are not inside
183 * any function that contains atomics or actions without a position */
184 if (func_id == 0 || act->get_position() == NULL)
187 SnapList<action_list_t *> * func_act_lists = (*thrd_func_act_lists)[thread_id];
189 /* The list of actions that thread tid has taken in its current function */
190 action_list_t * curr_act_list = func_act_lists->back();
192 if (skip_action(act, curr_act_list))
195 /* Add to curr_inst_list */
196 curr_act_list->push_back(act);
198 FuncNode * func_node = func_nodes[func_id];
199 func_node->add_inst(act);
201 if (act->is_read()) {
202 func_node->update_inst_act_map(tid, act);
204 // Update predicate tree position
205 Fuzzer * fuzzer = execution->getFuzzer();
206 Predicate * selected_branch = fuzzer->get_selected_child_branch(tid);
207 func_node->set_predicate_tree_position(tid, selected_branch);
211 /* Return the FuncNode given its func_id */
212 FuncNode * ModelHistory::get_func_node(uint32_t func_id)
217 // This node has not been added to func_nodes
218 if (func_nodes.size() <= func_id)
221 return func_nodes[func_id];
224 /* Return the current FuncNode when given a thread id */
225 FuncNode * ModelHistory::get_curr_func_node(thread_id_t tid)
227 int thread_id = id_to_int(tid);
228 SnapVector<func_id_list_t> * thrd_func_list = model->get_execution()->get_thrd_func_list();
229 uint32_t func_id = (*thrd_func_list)[thread_id].back();
232 return func_nodes[func_id];
238 void ModelHistory::update_write_history(void * location, uint64_t write_val)
240 value_set_t * write_set = write_history->get(location);
242 if (write_set == NULL) {
243 write_set = new value_set_t();
244 write_history->put(location, write_set);
247 write_set->add(write_val);
250 void ModelHistory::update_loc_rd_func_nodes_map(void * location, FuncNode * node)
252 SnapVector<FuncNode *> * func_node_list = getRdFuncNodes(location);
253 func_node_list->push_back(node);
256 void ModelHistory::update_loc_wr_func_nodes_map(void * location, FuncNode * node)
258 SnapVector<FuncNode *> * func_node_list = getWrFuncNodes(location);
259 func_node_list->push_back(node);
262 SnapVector<FuncNode *> * ModelHistory::getRdFuncNodes(void * location)
264 SnapVector<FuncNode *> * func_node_list = loc_rd_func_nodes_map->get(location);
265 if (func_node_list == NULL) {
266 func_node_list = new SnapVector<FuncNode *>();
267 loc_rd_func_nodes_map->put(location, func_node_list);
270 return func_node_list;
273 SnapVector<FuncNode *> * ModelHistory::getWrFuncNodes(void * location)
275 SnapVector<FuncNode *> * func_node_list = loc_wr_func_nodes_map->get(location);
276 if (func_node_list == NULL) {
277 func_node_list = new SnapVector<FuncNode *>();
278 loc_wr_func_nodes_map->put(location, func_node_list);
281 return func_node_list;
284 /* When a thread is paused by Fuzzer, keep track of the condition it is waiting for */
285 void ModelHistory::add_waiting_write(ConcretePredicate * concrete)
287 void * location = concrete->get_location();
288 SnapVector<ConcretePredicate *> * waiting_conditions = loc_waiting_writes_map->get(location);
289 if (waiting_conditions == NULL) {
290 waiting_conditions = new SnapVector<ConcretePredicate *>();
291 loc_waiting_writes_map->put(location, waiting_conditions);
294 /* waiting_conditions should not have duplications */
295 waiting_conditions->push_back(concrete);
297 int thread_id = id_to_int(concrete->get_tid());
298 if (thrd_waiting_write->size() <= (uint) thread_id) {
299 thrd_waiting_write->resize(thread_id + 1);
302 (*thrd_waiting_write)[thread_id] = concrete;
305 void ModelHistory::remove_waiting_write(thread_id_t tid)
307 ConcretePredicate * concrete = (*thrd_waiting_write)[ id_to_int(tid) ];
308 void * location = concrete->get_location();
309 SnapVector<ConcretePredicate *> * concrete_preds = loc_waiting_writes_map->get(location);
311 /* Linear search should be fine because presumably not many ConcretePredicates
312 * are at the same memory location */
313 for (uint i = 0; i < concrete_preds->size(); i++) {
314 ConcretePredicate * current = (*concrete_preds)[i];
315 if (concrete == current) {
316 (*concrete_preds)[i] = concrete_preds->back();
317 concrete_preds->pop_back();
322 int thread_id = id_to_int( concrete->get_tid() );
323 (*thrd_waiting_write)[thread_id] = NULL;
327 /* Check if any other thread is waiting for this write action. If so, "notify" them */
328 void ModelHistory::check_waiting_write(ModelAction * write_act)
330 void * location = write_act->get_location();
331 uint64_t value = write_act->get_write_value();
332 SnapVector<ConcretePredicate *> * concrete_preds = loc_waiting_writes_map->get(location);
333 SnapVector<ConcretePredicate *> to_remove = SnapVector<ConcretePredicate *>();
334 if (concrete_preds == NULL)
338 while (index < concrete_preds->size()) {
339 ConcretePredicate * concrete_pred = (*concrete_preds)[index];
340 SnapVector<struct concrete_pred_expr> * concrete_exprs = concrete_pred->getExpressions();
341 bool satisfy_predicate = true;
342 /* Check if the written value satisfies every predicate expression */
343 for (uint i = 0; i < concrete_exprs->size(); i++) {
344 struct concrete_pred_expr concrete = (*concrete_exprs)[i];
346 switch (concrete.token) {
348 equality = (value == concrete.value);
351 equality = ((void*)value == NULL);
354 model_print("unknown predicate token");
358 if (equality != concrete.equality) {
359 satisfy_predicate = false;
364 if (satisfy_predicate) {
365 to_remove.push_back(concrete_pred);
371 for (uint i = 0; i < to_remove.size(); i++) {
372 ConcretePredicate * concrete_pred = to_remove[i];
374 /* Wake up threads */
375 thread_id_t tid = concrete_pred->get_tid();
376 Thread * thread = model->get_thread(tid);
378 model_print("** thread %d is woken up\n", thread->get_id());
379 model->get_execution()->getFuzzer()->notify_paused_thread(thread);
383 WaitObj * ModelHistory::getWaitObj(thread_id_t tid)
385 int thread_id = id_to_int(tid);
386 int old_size = thrd_wait_obj->size();
387 if (old_size <= thread_id) {
388 thrd_wait_obj->resize(thread_id + 1);
389 for (int i = old_size; i < thread_id + 1; i++) {
390 (*thrd_wait_obj)[i] = new WaitObj( int_to_id(i) );
394 return (*thrd_wait_obj)[thread_id];
397 void ModelHistory::add_waiting_thread(thread_id_t self_id,
398 thread_id_t waiting_for_id, FuncNode * target_node, int dist)
400 WaitObj * self_wait_obj = getWaitObj(self_id);
401 self_wait_obj->add_waiting_for(waiting_for_id, target_node, dist);
403 /* Update waited-by relation */
404 WaitObj * other_wait_obj = getWaitObj(waiting_for_id);
405 other_wait_obj->add_waited_by(self_id);
408 /* Thread tid is woken up (or notified), so it is not waiting for others anymore */
409 void ModelHistory::remove_waiting_thread(thread_id_t tid)
411 WaitObj * self_wait_obj = getWaitObj(tid);
412 thrd_id_set_t * waiting_for = self_wait_obj->getWaitingFor();
414 /* Remove tid from waited_by's */
415 thrd_id_set_iter * iter = waiting_for->iterator();
416 while (iter->hasNext()) {
417 thread_id_t other_id = iter->next();
418 WaitObj * other_wait_obj = getWaitObj(other_id);
419 other_wait_obj->remove_waited_by(tid);
422 self_wait_obj->clear_waiting_for();
425 void ModelHistory::stop_waiting_for_node(thread_id_t self_id,
426 thread_id_t waiting_for_id, FuncNode * target_node)
428 WaitObj * self_wait_obj = getWaitObj(self_id);
429 bool thread_removed = self_wait_obj->remove_waiting_for_node(waiting_for_id, target_node);
431 // model_print("\t%d gives up %d on node %d\n", self_id, waiting_for_id, target_node->get_func_id());
433 /* If thread self_id is not waiting for waiting_for_id anymore */
434 if (thread_removed) {
435 WaitObj * other_wait_obj = getWaitObj(waiting_for_id);
436 other_wait_obj->remove_waited_by(self_id);
438 thrd_id_set_t * self_waiting_for = self_wait_obj->getWaitingFor();
439 if ( self_waiting_for->isEmpty() ) {
440 // model_print("\tthread %d waits for nobody, wake up\n", self_id);
441 ModelExecution * execution = model->get_execution();
442 Thread * thread = execution->get_thread(self_id);
443 execution->getFuzzer()->notify_paused_thread(thread);
448 SnapVector<inst_act_map_t *> * ModelHistory::getThrdInstActMap(uint32_t func_id)
450 ASSERT(func_id != 0);
452 SnapVector<inst_act_map_t *> * maps = func_inst_act_maps->get(func_id);
454 maps = new SnapVector<inst_act_map_t *>();
455 func_inst_act_maps->put(func_id, maps);
461 bool ModelHistory::skip_action(ModelAction * act, SnapList<ModelAction *> * curr_act_list)
463 ASSERT(curr_act_list != NULL);
465 bool second_part_of_rmw = act->is_rmwc() || act->is_rmw();
466 modelclock_t curr_seq_number = act->get_seq_number();
468 /* Skip actions that are second part of a read modify write */
469 if (second_part_of_rmw)
472 /* Skip actions with the same sequence number */
473 if (curr_act_list->size() != 0) {
474 ModelAction * last_act = curr_act_list->back();
475 if (last_act->get_seq_number() == curr_seq_number)
479 /* Skip actions that are paused by fuzzer (sequence number is 0) */
480 if (curr_seq_number == 0)
486 /* Monitor thread tid and decide whether other threads (that are waiting for tid)
487 * should keep waiting for this thread or not. Shall only be called when a thread
490 * Heuristics: If the distance from the current FuncNode to some target node
491 * ever increases, stop waiting for this thread on this target node.
493 void ModelHistory::monitor_waiting_thread(uint32_t func_id, thread_id_t tid)
495 WaitObj * wait_obj = getWaitObj(tid);
496 thrd_id_set_t * waited_by = wait_obj->getWaitedBy();
497 FuncNode * curr_node = func_nodes[func_id];
499 /* For each thread waiting for tid */
500 thrd_id_set_iter * tid_iter = waited_by->iterator();
501 while (tid_iter->hasNext()) {
502 thread_id_t waited_by_id = tid_iter->next();
503 WaitObj * other_wait_obj = getWaitObj(waited_by_id);
505 node_set_t * target_nodes = other_wait_obj->getTargetNodes(tid);
506 node_set_iter * node_iter = target_nodes->iterator();
507 while (node_iter->hasNext()) {
508 FuncNode * target = node_iter->next();
509 int old_dist = other_wait_obj->lookup_dist(tid, target);
510 int new_dist = curr_node->compute_distance(target, old_dist);
512 if (new_dist == -1) {
513 stop_waiting_for_node(waited_by_id, tid, target);
519 void ModelHistory::monitor_waiting_thread_counter(thread_id_t tid)
521 WaitObj * wait_obj = getWaitObj(tid);
522 thrd_id_set_t * waited_by = wait_obj->getWaitedBy();
523 SnapVector<thread_id_t> expire_threads;
525 // Thread tid has taken an action, update the counter for threads waiting for tid
526 thrd_id_set_iter * tid_iter = waited_by->iterator();
527 while (tid_iter->hasNext()) {
528 thread_id_t waited_by_id = tid_iter->next();
529 WaitObj * other_wait_obj = getWaitObj(waited_by_id);
531 bool expire = other_wait_obj->incr_counter(tid);
533 wait_obj->remove_waited_by(waited_by_id);
534 other_wait_obj->remove_waiting_for(tid);
536 thrd_id_set_t * other_waiting_for = other_wait_obj->getWaitingFor();
537 if ( other_waiting_for->isEmpty() ) {
538 // model_print("\tthread %d waits for nobody, wake up\n", self_id);
539 ModelExecution * execution = model->get_execution();
540 Thread * thread = execution->get_thread(waited_by_id);
541 execution->getFuzzer()->notify_paused_thread(thread);
547 /* Reallocate some snapshotted memories when new executions start */
548 void ModelHistory::set_new_exec_flag()
550 for (uint i = 1; i < func_nodes.size(); i++) {
551 FuncNode * func_node = func_nodes[i];
552 func_node->set_new_exec_flag();
556 void ModelHistory::dump_func_node_graph()
558 model_print("digraph func_node_graph {\n");
559 for (uint i = 1; i < func_nodes.size(); i++) {
560 FuncNode * node = func_nodes[i];
561 ModelList<FuncNode *> * out_edges = node->get_out_edges();
563 model_print("\"%p\" [label=\"%s\"]\n", node, node->get_func_name());
564 mllnode<FuncNode *> * it;
565 for (it = out_edges->begin(); it != NULL; it = it->getNext()) {
566 FuncNode * other = it->getVal();
567 model_print("\"%p\" -> \"%p\"\n", node, other);
573 void ModelHistory::print_func_node()
575 /* function id starts with 1 */
576 for (uint32_t i = 1; i < func_nodes.size(); i++) {
577 FuncNode * func_node = func_nodes[i];
579 func_inst_list_mt * entry_insts = func_node->get_entry_insts();
580 model_print("function %s has entry actions\n", func_node->get_func_name());
582 mllnode<FuncInst*>* it;
583 for (it = entry_insts->begin();it != NULL;it=it->getNext()) {
584 FuncInst *inst = it->getVal();
585 model_print("type: %d, at: %s\n", inst->get_type(), inst->get_position());
590 void ModelHistory::print_waiting_threads()
592 ModelExecution * execution = model->get_execution();
593 for (unsigned int i = 0; i < execution->get_num_threads();i++) {
594 thread_id_t tid = int_to_id(i);
595 WaitObj * wait_obj = getWaitObj(tid);
596 wait_obj->print_waiting_for();
599 for (unsigned int i = 0; i < execution->get_num_threads();i++) {
600 thread_id_t tid = int_to_id(i);
601 WaitObj * wait_obj = getWaitObj(tid);
602 wait_obj->print_waited_by();