#include "history.h"
#include "action.h"
#include "funcnode.h"
+#include "funcinst.h"
#include "common.h"
+#include "concretepredicate.h"
#include "model.h"
#include "execution.h"
-
+#include "newfuzzer.h"
/** @brief Constructor */
ModelHistory::ModelHistory() :
func_counter(1), /* function id starts with 1 */
func_map(),
func_map_rev(),
- func_nodes(),
- write_history(),
- write_locations()
-{}
+ func_nodes()
+{
+ /* The following are snapshot data structures */
+ write_history = new HashTable<void *, value_set_t *, uintptr_t, 4>();
+ loc_rd_func_nodes_map = new HashTable<void *, SnapVector<FuncNode *> *, uintptr_t, 0>();
+ loc_wr_func_nodes_map = new HashTable<void *, SnapVector<FuncNode *> *, uintptr_t, 0>();
+ loc_waiting_writes_map = new HashTable<void *, SnapVector<ConcretePredicate *> *, uintptr_t, 0>();
+ thrd_waiting_write = new SnapVector<ConcretePredicate *>();
+ func_inst_act_maps = new HashTable<uint32_t, SnapVector<inst_act_map_t *> *, int, 0>(128);
+}
void ModelHistory::enter_function(const uint32_t func_id, thread_id_t tid)
{
//model_print("thread %d entering func %d\n", tid, func_id);
+ ModelExecution * execution = model->get_execution();
uint id = id_to_int(tid);
- SnapVector<func_id_list_t> * thrd_func_list = model->get_execution()->get_thrd_func_list();
+ SnapVector<func_id_list_t> * thrd_func_list = execution->get_thrd_func_list();
SnapVector< SnapList<action_list_t *> *> *
- thrd_func_act_lists = model->get_execution()->get_thrd_func_act_lists();
+ thrd_func_act_lists = execution->get_thrd_func_act_lists();
+ SnapVector<uint32_t> * thrd_last_entered_func = execution->get_thrd_last_entered_func();
if ( thrd_func_list->size() <= id ) {
uint oldsize = thrd_func_list->size();
thrd_func_list->resize( id + 1 );
+ thrd_func_act_lists->resize( id + 1 );
+
for (uint i = oldsize; i < id + 1; i++) {
- new (&(*thrd_func_list)[i]) func_id_list_t();
// push 0 as a dummy function id to a void seg fault
+ new (&(*thrd_func_list)[i]) func_id_list_t();
(*thrd_func_list)[i].push_back(0);
- }
- thrd_func_act_lists->resize( id + 1 );
- for (uint i = oldsize; i < id + 1; i++) {
(*thrd_func_act_lists)[i] = new SnapList<action_list_t *>();
+ thrd_last_entered_func->push_back(0);
}
}
SnapList<action_list_t *> * func_act_lists = (*thrd_func_act_lists)[id];
+ func_act_lists->push_back( new action_list_t() );
+ uint32_t last_entered_func_id = (*thrd_last_entered_func)[id];
+ (*thrd_last_entered_func)[id] = func_id;
(*thrd_func_list)[id].push_back(func_id);
- func_act_lists->push_back( new action_list_t() );
if ( func_nodes.size() <= func_id )
resize_func_nodes( func_id + 1 );
+
+ FuncNode * func_node = func_nodes[func_id];
+ func_node->init_predicate_tree_position(tid);
+ func_node->init_inst_act_map(tid);
+
+ /* Add edges between FuncNodes */
+ if (last_entered_func_id != 0) {
+ FuncNode * last_func_node = func_nodes[last_entered_func_id];
+ last_func_node->add_out_edge(func_node);
+ }
}
/* @param func_id a non-zero value */
void ModelHistory::exit_function(const uint32_t func_id, thread_id_t tid)
{
+ ModelExecution * execution = model->get_execution();
uint32_t id = id_to_int(tid);
- SnapVector<func_id_list_t> * thrd_func_list = model->get_execution()->get_thrd_func_list();
+ SnapVector<func_id_list_t> * thrd_func_list = execution->get_thrd_func_list();
SnapVector< SnapList<action_list_t *> *> *
- thrd_func_act_lists = model->get_execution()->get_thrd_func_act_lists();
+ thrd_func_act_lists = execution->get_thrd_func_act_lists();
SnapList<action_list_t *> * func_act_lists = (*thrd_func_act_lists)[id];
uint32_t last_func_id = (*thrd_func_list)[id].back();
if (last_func_id == func_id) {
FuncNode * func_node = func_nodes[func_id];
- func_node->clear_read_map(tid);
+ func_node->set_predicate_tree_position(tid, NULL);
+ func_node->reset_inst_act_map(tid);
action_list_t * curr_act_list = func_act_lists->back();
- func_node->incr_exit_count();
-
/* defer the processing of curr_act_list until the function has exits a few times
- * (currently 2 times) so that more information can be gathered to infer nullity predicates.
+ * (currently twice) so that more information can be gathered to infer nullity predicates.
*/
+ func_node->incr_exit_count();
if (func_node->get_exit_count() >= 2) {
- ModelList<action_list_t *> * action_list_buffer = func_node->get_action_list_buffer();
+ SnapList<action_list_t *> * action_list_buffer = func_node->get_action_list_buffer();
while (action_list_buffer->size() > 0) {
action_list_t * act_list = action_list_buffer->back();
action_list_buffer->pop_back();
if ( old_size < new_size )
func_nodes.resize(new_size);
- for (uint32_t id = old_size;id < new_size;id++) {
+ for (uint32_t id = old_size; id < new_size; id++) {
const char * func_name = func_map_rev[id];
FuncNode * func_node = new FuncNode(this);
func_node->set_func_id(id);
void ModelHistory::process_action(ModelAction *act, thread_id_t tid)
{
- /* return if thread i has not entered any function or has exited
+ ModelExecution * execution = model->get_execution();
+ /* Return if thread i has not entered any function or has exited
from all functions */
- SnapVector<func_id_list_t> * thrd_func_list = model->get_execution()->get_thrd_func_list();
+ SnapVector<func_id_list_t> * thrd_func_list = execution->get_thrd_func_list();
SnapVector< SnapList<action_list_t *> *> *
- thrd_func_act_lists = model->get_execution()->get_thrd_func_act_lists();
+ thrd_func_act_lists = execution->get_thrd_func_act_lists();
uint32_t id = id_to_int(tid);
if ( thrd_func_list->size() <= id )
return;
- /* get the function id that thread i is currently in */
+ /* Get the function id that thread i is currently in */
uint32_t func_id = (*thrd_func_list)[id].back();
SnapList<action_list_t *> * func_act_lists = (*thrd_func_act_lists)[id];
- if (act->is_write())
- add_to_write_history(act->get_location(), act->get_write_value());
+ if (act->is_write()) {
+ void * location = act->get_location();
+ uint64_t value = act->get_write_value();
+ update_write_history(location, value);
- if (func_id == 0)
- return;
- else if ( func_nodes.size() <= func_id )
- resize_func_nodes( func_id + 1 );
-
- FuncNode * func_node = func_nodes[func_id];
+ /* Update FuncNodes that may read from this location */
+ SnapVector<FuncNode *> * func_node_list = getRdFuncNodes(location);
+ for (uint i = 0; i < func_node_list->size(); i++) {
+ FuncNode * func_node = (*func_node_list)[i];
+ func_node->add_to_val_loc_map(value, location);
+ }
- /* do not care about actions without a position */
+ check_waiting_write(act);
+ }
- if (act->get_position() == NULL)
+ /* The following does not care about actions without a position */
+ if (func_id == 0 || act->get_position() == NULL)
return;
- if (act->is_read())
- func_node->store_read(act, tid);
+ action_list_t * curr_act_list = func_act_lists->back();
+ ASSERT(curr_act_list != NULL);
- /* add to curr_inst_list */
+ if (skip_action(act, curr_act_list))
+ return;
- bool second_part_of_rmw = act->is_rmwc() || act->is_rmw();
- if (!second_part_of_rmw) {
- action_list_t * curr_act_list = func_act_lists->back();
- ASSERT(curr_act_list != NULL);
+ FuncNode * func_node = func_nodes[func_id];
- ModelAction * last_act;
- if (curr_act_list->size() != 0)
- last_act = curr_act_list->back();
+ /* Add to curr_inst_list */
+ curr_act_list->push_back(act);
+ func_node->add_inst(act);
- // do not add actions with the same sequence number twice
- if (last_act != NULL && last_act->get_seq_number() == act->get_seq_number())
- return;
+ if (act->is_read()) {
+ func_node->update_inst_act_map(tid, act);
- curr_act_list->push_back(act);
- func_node->add_inst(act);
+ // Update predicate tree position
+ Fuzzer * fuzzer = execution->getFuzzer();
+ Predicate * selected_branch = fuzzer->get_selected_child_branch(tid);
+ func_node->set_predicate_tree_position(tid, selected_branch);
}
}
-/* return the FuncNode given its func_id */
+/* Return the FuncNode given its func_id */
FuncNode * ModelHistory::get_func_node(uint32_t func_id)
{
- if (func_nodes.size() <= func_id) // this node has not been added to func_nodes
+ if (func_id == 0)
+ return NULL;
+
+ // This node has not been added to func_nodes
+ if (func_nodes.size() <= func_id)
return NULL;
return func_nodes[func_id];
}
-uint64_t ModelHistory::query_last_read(void * location, thread_id_t tid)
+/* Return the current FuncNode when given a thread id */
+FuncNode * ModelHistory::get_curr_func_node(thread_id_t tid)
{
- SnapVector<func_id_list_t> * thrd_func_list = model->get_execution()->get_thrd_func_list();
- uint32_t id = id_to_int(tid);
-
- ASSERT( thrd_func_list->size() > id );
- uint32_t func_id = (*thrd_func_list)[id].back();
- FuncNode * func_node = func_nodes[func_id];
+ int thread_id = id_to_int(tid);
+ SnapVector<func_id_list_t> * thrd_func_list = model->get_execution()->get_thrd_func_list();
+ uint32_t func_id = (*thrd_func_list)[thread_id].back();
- uint64_t last_read_val = 0xdeadbeef;
- if (func_node != NULL) {
- last_read_val = func_node->query_last_read(location, tid);
+ if (func_id != 0) {
+ return func_nodes[func_id];
}
- return last_read_val;
+ return NULL;
}
-void ModelHistory::add_to_write_history(void * location, uint64_t write_val)
+void ModelHistory::update_write_history(void * location, uint64_t write_val)
{
- write_set_t * write_set = write_history.get(location);
+ value_set_t * write_set = write_history->get(location);
if (write_set == NULL) {
- write_set = new write_set_t();
- write_history.put(location, write_set);
+ write_set = new value_set_t();
+ write_history->put(location, write_set);
}
write_set->add(write_val);
- write_locations.add(location);
}
+void ModelHistory::update_loc_rd_func_nodes_map(void * location, FuncNode * node)
+{
+ SnapVector<FuncNode *> * func_node_list = getRdFuncNodes(location);
+ func_node_list->push_back(node);
+}
+
+void ModelHistory::update_loc_wr_func_nodes_map(void * location, FuncNode * node)
+{
+ SnapVector<FuncNode *> * func_node_list = getWrFuncNodes(location);
+ func_node_list->push_back(node);
+}
+
+SnapVector<FuncNode *> * ModelHistory::getRdFuncNodes(void * location)
+{
+ SnapVector<FuncNode *> * func_node_list = loc_rd_func_nodes_map->get(location);
+ if (func_node_list == NULL) {
+ func_node_list = new SnapVector<FuncNode *>();
+ loc_rd_func_nodes_map->put(location, func_node_list);
+ }
+
+ return func_node_list;
+}
+
+SnapVector<FuncNode *> * ModelHistory::getWrFuncNodes(void * location)
+{
+ SnapVector<FuncNode *> * func_node_list = loc_wr_func_nodes_map->get(location);
+ if (func_node_list == NULL) {
+ func_node_list = new SnapVector<FuncNode *>();
+ loc_wr_func_nodes_map->put(location, func_node_list);
+ }
+
+ return func_node_list;
+}
+
+/* When a thread is paused by Fuzzer, keep track of the condition it is waiting for */
+void ModelHistory::add_waiting_write(ConcretePredicate * concrete)
+{
+ void * location = concrete->get_location();
+ SnapVector<ConcretePredicate *> * waiting_conditions = loc_waiting_writes_map->get(location);
+ if (waiting_conditions == NULL) {
+ waiting_conditions = new SnapVector<ConcretePredicate *>();
+ loc_waiting_writes_map->put(location, waiting_conditions);
+ }
+
+ /* waiting_conditions should not have duplications */
+ waiting_conditions->push_back(concrete);
+
+ int thread_id = id_to_int(concrete->get_tid());
+ if (thrd_waiting_write->size() <= (uint) thread_id) {
+ thrd_waiting_write->resize(thread_id + 1);
+ }
+
+ (*thrd_waiting_write)[thread_id] = concrete;
+}
+
+void ModelHistory::remove_waiting_write(thread_id_t tid)
+{
+ ConcretePredicate * concrete = (*thrd_waiting_write)[ id_to_int(tid) ];
+ void * location = concrete->get_location();
+ SnapVector<ConcretePredicate *> * concrete_preds = loc_waiting_writes_map->get(location);
+
+ for (uint i = 0; i < concrete_preds->size(); i++) {
+ ConcretePredicate * current = (*concrete_preds)[i];
+ if (concrete == current) {
+ (*concrete_preds)[i] = concrete_preds->back();
+ concrete_preds->pop_back();
+ break;
+ }
+ }
+
+ int thread_id = id_to_int( concrete->get_tid() );
+ (*thrd_waiting_write)[thread_id] = NULL;
+ delete concrete;
+}
+
+/* Check if any other thread is waiting for this write action. If so, "notify" them */
+void ModelHistory::check_waiting_write(ModelAction * write_act)
+{
+ void * location = write_act->get_location();
+ uint64_t value = write_act->get_write_value();
+ SnapVector<ConcretePredicate *> * concrete_preds = loc_waiting_writes_map->get(location);
+ SnapVector<ConcretePredicate *> to_remove = SnapVector<ConcretePredicate *>();
+ if (concrete_preds == NULL)
+ return;
+
+ uint index = 0;
+ while (index < concrete_preds->size()) {
+ ConcretePredicate * concrete_pred = (*concrete_preds)[index];
+ SnapVector<struct concrete_pred_expr> * concrete_exprs = concrete_pred->getExpressions();
+ bool satisfy_predicate = true;
+ /* Check if the written value satisfies every predicate expression */
+ for (uint i = 0; i < concrete_exprs->size(); i++) {
+ struct concrete_pred_expr concrete = (*concrete_exprs)[i];
+ bool equality;
+ switch (concrete.token) {
+ case EQUALITY:
+ equality = (value == concrete.value);
+ break;
+ case NULLITY:
+ equality = ((void*)value == NULL);
+ break;
+ default:
+ model_print("unknown predicate token");
+ break;
+ }
+
+ if (equality != concrete.equality) {
+ satisfy_predicate = false;
+ break;
+ }
+ }
+
+ if (satisfy_predicate) {
+ to_remove.push_back(concrete_pred);
+ }
+
+ index++;
+ }
+
+ for (uint i = 0; i < to_remove.size(); i++) {
+ ConcretePredicate * concrete_pred = to_remove[i];
+
+ /* Wake up threads */
+ thread_id_t tid = concrete_pred->get_tid();
+ Thread * thread = model->get_thread(tid);
+
+ model_print("** thread %d is woken up\n", thread->get_id());
+ model->get_execution()->getFuzzer()->notify_paused_thread(thread);
+ }
+}
+
+SnapVector<inst_act_map_t *> * ModelHistory::getThrdInstActMap(uint32_t func_id)
+{
+ ASSERT(func_id != 0);
+
+ SnapVector<inst_act_map_t *> * maps = func_inst_act_maps->get(func_id);
+ if (maps == NULL) {
+ maps = new SnapVector<inst_act_map_t *>();
+ func_inst_act_maps->put(func_id, maps);
+ }
+
+ return maps;
+}
+
+bool ModelHistory::skip_action(ModelAction * act, SnapList<ModelAction *> * curr_act_list)
+{
+ bool second_part_of_rmw = act->is_rmwc() || act->is_rmw();
+ modelclock_t curr_seq_number = act->get_seq_number();
+
+ /* Skip actions that are second part of a read modify write */
+ if (second_part_of_rmw)
+ return true;
+
+ /* Skip actions with the same sequence number */
+ if (curr_act_list->size() != 0) {
+ ModelAction * last_act = curr_act_list->back();
+ if (last_act->get_seq_number() == curr_seq_number)
+ return true;
+ }
+
+ /* Skip actions that are paused by fuzzer (sequence number is 0) */
+ if (curr_seq_number == 0)
+ return true;
+
+ return false;
+}
+
+/* Reallocate some snapshotted memories when new executions start */
void ModelHistory::set_new_exec_flag()
{
for (uint i = 1; i < func_nodes.size(); i++) {
}
}
-void ModelHistory::print_write()
+void ModelHistory::dump_func_node_graph()
{
+ model_print("digraph func_node_graph {\n");
+ for (uint i = 1; i < func_nodes.size(); i++) {
+ FuncNode * node = func_nodes[i];
+ ModelList<FuncNode *> * out_edges = node->get_out_edges();
+
+ model_print("\"%p\" [label=\"%s\"]\n", node, node->get_func_name());
+ mllnode<FuncNode *> * it;
+ for (it = out_edges->begin(); it != NULL; it = it->getNext()) {
+ FuncNode * other = it->getVal();
+ model_print("\"%p\" -> \"%p\"\n", node, other);
+ }
+ }
+ model_print("}\n");
}
void ModelHistory::print_func_node()
FuncInst *inst = it->getVal();
model_print("type: %d, at: %s\n", inst->get_type(), inst->get_position());
}
-/*
- func_inst_list_mt * inst_list = funcNode->get_inst_list();
-
- model_print("function %s has following actions\n", funcNode->get_func_name());
- func_inst_list_mt::iterator it;
- for (it = inst_list->begin(); it != inst_list->end(); it++) {
- FuncInst *inst = *it;
- model_print("type: %d, at: %s\n", inst->get_type(), inst->get_position());
- }
-*/
}
}