#include "concretepredicate.h"
#include "model.h"
+#include "execution.h"
+#include "newfuzzer.h"
#include <cmath>
FuncNode::FuncNode(ModelHistory * history) :
+ func_id(0),
+ func_name(NULL),
history(history),
- exit_count(0),
inst_counter(1),
marker(1),
- thrd_marker(),
+ exit_count(0),
+ thrd_markers(),
+ thrd_recursion_depth(),
func_inst_map(),
inst_list(),
entry_insts(),
- thrd_inst_pred_map(),
- thrd_inst_id_map(),
- thrd_loc_inst_map(),
+ thrd_inst_pred_maps(),
+ thrd_inst_id_maps(),
+ thrd_loc_inst_maps(),
+ likely_null_set(),
thrd_predicate_tree_position(),
thrd_predicate_trace(),
- failed_predicates(),
edge_table(32),
out_edges()
{
void FuncNode::function_entry_handler(thread_id_t tid)
{
- set_marker(tid);
- init_inst_act_map(tid);
+ init_marker(tid);
init_local_maps(tid);
init_predicate_tree_data_structure(tid);
}
void FuncNode::function_exit_handler(thread_id_t tid)
{
- exit_count++;
+ int thread_id = id_to_int(tid);
- reset_inst_act_map(tid);
reset_local_maps(tid);
+ thrd_recursion_depth[thread_id]--;
+ thrd_markers[thread_id]->pop_back();
+
Predicate * exit_pred = get_predicate_tree_position(tid);
if (exit_pred->get_exit() == NULL) {
// Exit predicate is unset yet
update_predicate_tree_weight(tid);
reset_predicate_tree_data_structure(tid);
+
+ exit_count++;
+ //model_print("exit count: %d\n", exit_count);
+
+// print_predicate_tree();
}
/**
write_locations->add(loc);
history->update_loc_wr_func_nodes_map(loc, this);
}
-
- // Do not process writes for now
- return;
}
if (act->is_read()) {
-
/* If func_inst may only read_from a single location, then:
*
* The first time an action reads from some location,
add_to_val_loc_map(write_values, loc);
history->update_loc_rd_func_nodes_map(loc, this);
}
+
+ // Keep a has-been-zero-set record
+ if ( likely_reads_from_null(act) )
+ likely_null_set.put(func_inst, true);
}
// update_inst_tree(&inst_list); TODO
- update_predicate_tree(act);
-// print_predicate_tree();
+ update_predicate_tree(act);
}
/**
{
thread_id_t tid = next_act->get_tid();
int thread_id = id_to_int(tid);
- int this_marker = thrd_marker[thread_id];
+ uint32_t this_marker = thrd_markers[thread_id]->back();
+ int recursion_depth = thrd_recursion_depth[thread_id];
- loc_inst_map_t * loc_inst_map = thrd_loc_inst_map[thread_id];
- inst_pred_map_t * inst_pred_map = thrd_inst_pred_map[thread_id];
- inst_id_map_t * inst_id_map = thrd_inst_id_map[thread_id];
+ loc_inst_map_t * loc_inst_map = thrd_loc_inst_maps[thread_id]->back();
+ inst_pred_map_t * inst_pred_map = thrd_inst_pred_maps[thread_id]->back();
+ inst_id_map_t * inst_id_map = thrd_inst_id_maps[thread_id]->back();
Predicate * curr_pred = get_predicate_tree_position(tid);
+ NewFuzzer * fuzzer = (NewFuzzer *)model->get_execution()->getFuzzer();
+ Predicate * selected_branch = fuzzer->get_selected_child_branch(tid);
+
+ bool amended;
while (true) {
FuncInst * next_inst = get_inst(next_act);
- next_inst->set_associated_read(tid, next_act->get_reads_from_value(), this_marker);
Predicate * unset_predicate = NULL;
bool branch_found = follow_branch(&curr_pred, next_inst, next_act, &unset_predicate);
// A branch with unset predicate expression is detected
if (!branch_found && unset_predicate != NULL) {
- bool amended = amend_predicate_expr(curr_pred, next_inst, next_act);
+ amended = amend_predicate_expr(curr_pred, next_inst, next_act);
if (amended)
continue;
else {
continue;
}
- if (next_act->is_write())
+ if (next_act->is_write()) {
curr_pred->set_write(true);
+ }
if (next_act->is_read()) {
/* Only need to store the locations of read actions */
- loc_inst_map->put(next_inst->get_location(), next_inst);
+ loc_inst_map->put(next_act->get_location(), next_inst);
}
inst_pred_map->put(next_inst, curr_pred);
curr_pred->incr_expl_count();
add_predicate_to_trace(tid, curr_pred);
+ if (next_act->is_read())
+ next_inst->set_associated_read(tid, recursion_depth, this_marker, next_act->get_reads_from_value());
+
break;
}
+
+ // A check
+ if (next_act->is_read()) {
+// if (selected_branch != NULL && !amended)
+// ASSERT(selected_branch == curr_pred);
+ }
}
/* Given curr_pred and next_inst, find the branch following curr_pred that
/* Check if a branch with func_inst and corresponding predicate exists */
bool branch_found = false;
thread_id_t tid = next_act->get_tid();
- int this_marker = thrd_marker[id_to_int(tid)];
ModelVector<Predicate *> * branches = (*curr_pred)->get_children();
for (uint i = 0;i < branches->size();i++) {
FuncInst * to_be_compared;
to_be_compared = pred_expression->func_inst;
- last_read = to_be_compared->get_associated_read(tid, this_marker);
- ASSERT(last_read != VALUE_NONE);
+ last_read = get_associated_read(tid, to_be_compared);
+ if (last_read == VALUE_NONE)
+ predicate_correct = false;
+ // ASSERT(last_read != VALUE_NONE);
next_read = next_act->get_reads_from_value();
equality = (last_read == next_read);
break;
case NULLITY:
- next_read = next_act->get_reads_from_value();
// TODO: implement likely to be null
- equality = ( (void*) (next_read & 0xffffffff) == NULL);
+ equality = likely_reads_from_null(next_act);
if (equality != pred_expression->value)
predicate_correct = false;
break;
{
void * loc = next_act->get_location();
int thread_id = id_to_int(next_act->get_tid());
- loc_inst_map_t * loc_inst_map = thrd_loc_inst_map[thread_id];
+ loc_inst_map_t * loc_inst_map = thrd_loc_inst_maps[thread_id]->back();
if (next_inst->is_read()) {
/* read + rmw */
delete loc_it;
}
- } else {
- // next_inst is not single location
- uint64_t read_val = next_act->get_reads_from_value();
+ }
- // only infer NULLITY predicate when it is actually NULL.
- if ( (void*)read_val == NULL) {
- struct half_pred_expr * expression = new half_pred_expr(NULLITY, NULL);
- half_pred_expressions->push_back(expression);
- }
+ // next_inst is not single location and has been null
+ bool likely_null = likely_null_set.contains(next_inst);
+ if ( !next_inst->is_single_location() && likely_null ) {
+ struct half_pred_expr * expression = new half_pred_expr(NULLITY, NULL);
+ half_pred_expressions->push_back(expression);
}
} else {
/* Pure writes */
}
}
- uint64_t read_val = next_act->get_reads_from_value();
+ bool likely_null = likely_null_set.contains(next_inst);
// only generate NULLITY predicate when it is actually NULL.
- if ( !next_inst->is_single_location() && (void*)read_val == NULL ) {
+ if ( !next_inst->is_single_location() && likely_null ) {
Predicate * new_pred = new Predicate(next_inst);
curr_pred->add_child(new_pred);
delete loc_it;
}
+bool FuncNode::likely_reads_from_null(ModelAction * read)
+{
+ uint64_t read_val = read->get_reads_from_value();
+ if ( (void *)(read_val && 0xffffffff) == NULL )
+ return true;
+
+ return false;
+}
+
void FuncNode::set_predicate_tree_position(thread_id_t tid, Predicate * pred)
{
int thread_id = id_to_int(tid);
thrd_predicate_trace[thread_id]->back()->push_back(pred);
}
-/* Make sure elements of thrd_inst_act_map are initialized properly when threads enter functions */
-void FuncNode::init_inst_act_map(thread_id_t tid)
+void FuncNode::init_marker(thread_id_t tid)
{
- int thread_id = id_to_int(tid);
- SnapVector<inst_act_map_t *> * thrd_inst_act_map = history->getThrdInstActMap(func_id);
- uint old_size = thrd_inst_act_map->size();
-
- if (old_size <= (uint) thread_id) {
- uint new_size = thread_id + 1;
- thrd_inst_act_map->resize(new_size);
-
- for (uint i = old_size;i < new_size;i++)
- (*thrd_inst_act_map)[i] = new inst_act_map_t(128);
- }
-}
+ marker++;
-/* Reset elements of thrd_inst_act_map when threads exit functions */
-void FuncNode::reset_inst_act_map(thread_id_t tid)
-{
int thread_id = id_to_int(tid);
- SnapVector<inst_act_map_t *> * thrd_inst_act_map = history->getThrdInstActMap(func_id);
+ int old_size = thrd_markers.size();
- inst_act_map_t * map = (*thrd_inst_act_map)[thread_id];
- map->reset();
-}
+ if (old_size < thread_id + 1) {
+ thrd_markers.resize(thread_id + 1);
-void FuncNode::update_inst_act_map(thread_id_t tid, ModelAction * read_act)
-{
- int thread_id = id_to_int(tid);
- SnapVector<inst_act_map_t *> * thrd_inst_act_map = history->getThrdInstActMap(func_id);
+ for (int i = old_size; i < thread_id + 1; i++) {
+ thrd_markers[i] = new ModelVector<uint32_t>();
+ thrd_recursion_depth.push_back(-1);
+ }
+ }
- inst_act_map_t * map = (*thrd_inst_act_map)[thread_id];
- FuncInst * read_inst = get_inst(read_act);
- map->put(read_inst, read_act);
+ thrd_markers[thread_id]->push_back(marker);
+ thrd_recursion_depth[thread_id]++;
}
-inst_act_map_t * FuncNode::get_inst_act_map(thread_id_t tid)
+uint64_t FuncNode::get_associated_read(thread_id_t tid, FuncInst * inst)
{
int thread_id = id_to_int(tid);
- SnapVector<inst_act_map_t *> * thrd_inst_act_map = history->getThrdInstActMap(func_id);
-
- return (*thrd_inst_act_map)[thread_id];
-}
+ int recursion_depth = thrd_recursion_depth[thread_id];
+ uint marker = thrd_markers[thread_id]->back();
-void FuncNode::set_marker(thread_id_t tid)
-{
- marker++;
- uint thread_id = id_to_int(tid);
- for (uint i = thrd_marker.size(); i < thread_id + 1; i++) {
- thrd_marker.push_back(0);
- }
-
- thrd_marker[thread_id] = marker;
+ return inst->get_associated_read(tid, recursion_depth, marker);
}
/* Make sure elements of maps are initialized properly when threads enter functions */
void FuncNode::init_local_maps(thread_id_t tid)
{
int thread_id = id_to_int(tid);
- uint old_size = thrd_loc_inst_map.size();
+ int old_size = thrd_loc_inst_maps.size();
- if (old_size <= (uint) thread_id) {
- uint new_size = thread_id + 1;
+ if (old_size < thread_id + 1) {
+ int new_size = thread_id + 1;
- thrd_loc_inst_map.resize(new_size);
- thrd_inst_id_map.resize(new_size);
- thrd_inst_pred_map.resize(new_size);
+ thrd_loc_inst_maps.resize(new_size);
+ thrd_inst_id_maps.resize(new_size);
+ thrd_inst_pred_maps.resize(new_size);
- for (uint i = old_size; i < new_size; i++) {
- thrd_loc_inst_map[i] = new loc_inst_map_t(128);
- thrd_inst_id_map[i] = new inst_id_map_t(128);
- thrd_inst_pred_map[i] = new inst_pred_map_t(128);
+ for (int i = old_size; i < new_size; i++) {
+ thrd_loc_inst_maps[i] = new ModelVector<loc_inst_map_t *>;
+ thrd_inst_id_maps[i] = new ModelVector<inst_id_map_t *>;
+ thrd_inst_pred_maps[i] = new ModelVector<inst_pred_map_t *>;
}
}
+
+ ModelVector<loc_inst_map_t *> * map = thrd_loc_inst_maps[thread_id];
+ int index = thrd_recursion_depth[thread_id];
+
+ // If there are recursive calls, push more hashtables into the vector.
+ if (map->size() < (uint) index + 1) {
+ thrd_loc_inst_maps[thread_id]->push_back(new loc_inst_map_t(64));
+ thrd_inst_id_maps[thread_id]->push_back(new inst_id_map_t(64));
+ thrd_inst_pred_maps[thread_id]->push_back(new inst_pred_map_t(64));
+ }
+
+ ASSERT(map->size() == (uint) index + 1);
}
/* Reset elements of maps when threads exit functions */
void FuncNode::reset_local_maps(thread_id_t tid)
{
int thread_id = id_to_int(tid);
- thrd_loc_inst_map[thread_id]->reset();
- thrd_inst_id_map[thread_id]->reset();
- thrd_inst_pred_map[thread_id]->reset();
+ int index = thrd_recursion_depth[thread_id];
+
+ // When recursive call ends, keep only one hashtable in the vector
+ if (index > 0) {
+ delete thrd_loc_inst_maps[thread_id]->back();
+ delete thrd_inst_id_maps[thread_id]->back();
+ delete thrd_inst_pred_maps[thread_id]->back();
+
+ thrd_loc_inst_maps[thread_id]->pop_back();
+ thrd_inst_id_maps[thread_id]->pop_back();
+ thrd_inst_pred_maps[thread_id]->pop_back();
+ } else {
+ thrd_loc_inst_maps[thread_id]->back()->reset();
+ thrd_inst_id_maps[thread_id]->back()->reset();
+ thrd_inst_pred_maps[thread_id]->back()->reset();
+ }
}
void FuncNode::init_predicate_tree_data_structure(thread_id_t tid)
int thread_id = id_to_int(tid);
int old_size = thrd_predicate_tree_position.size();
- if (old_size <= thread_id + 1) {
+ if (old_size < thread_id + 1) {
thrd_predicate_tree_position.resize(thread_id + 1);
thrd_predicate_trace.resize(thread_id + 1);
int thread_id = id_to_int(tid);
thrd_predicate_tree_position[thread_id]->pop_back();
- predicate_trace_t * trace = thrd_predicate_trace[thread_id]->back();
- delete trace;
+ // Free memories allocated in init_predicate_tree_data_structure
+ delete thrd_predicate_trace[thread_id]->back();
thrd_predicate_trace[thread_id]->pop_back();
}
else if (target == this)
return 0;
+ // Be careful with memory
SnapList<FuncNode *> queue;
HashTable<FuncNode *, int, uintptr_t, 0> distances(128);
return -1;
}
-void FuncNode::add_failed_predicate(Predicate * pred)
-{
- failed_predicates.add(pred);
-}
-
void FuncNode::update_predicate_tree_weight(thread_id_t tid)
{
- failed_predicates.reset();
-
predicate_trace_t * trace = thrd_predicate_trace[id_to_int(tid)]->back();
// Update predicate weights based on prediate trace
- for (mllnode<Predicate *> * rit = trace->end(); rit != NULL; rit = rit->getPrev()) {
- Predicate * node = rit->getVal();
+ for (int i = trace->size() - 1; i >= 0; i--) {
+ Predicate * node = (*trace)[i];
ModelVector<Predicate *> * children = node->get_children();
if (children->size() == 0) {