Add sleep score
authorweiyu <weiyuluo1232@gmail.com>
Tue, 15 Oct 2019 19:41:26 +0000 (12:41 -0700)
committerweiyu <weiyuluo1232@gmail.com>
Tue, 15 Oct 2019 19:41:26 +0000 (12:41 -0700)
newfuzzer.cc
newfuzzer.h
predicate.cc
predicate.h

index e61cfb6..1d373e8 100644 (file)
@@ -77,8 +77,7 @@ int NewFuzzer::selectWrite(ModelAction *read, SnapVector<ModelAction *> * rf_set
                        return -1;
                } else {
                        Predicate * selected_branch = get_selected_child_branch(tid);
-                       selected_branch->incr_fail_count();
-                       failed_predicates.put(selected_branch, true);
+                       update_predicate_score(selected_branch, 1);
 
                        SnapVector<ModelAction *> * pruned_writes = thrd_pruned_writes[thread_id];
                        for (uint i = 0; i < pruned_writes->size(); i++) {
@@ -357,7 +356,8 @@ void NewFuzzer::wake_up_paused_threads(int * threadlist, int * numthreads)
        (*numthreads)++;
 
        Predicate * selected_branch = get_selected_child_branch(tid);
-       selected_branch->incr_fail_count();
+       update_predicate_score(selected_branch, 3);
+
        model_print("thread %d is woken up\n", tid);
 }
 
@@ -379,6 +379,9 @@ void NewFuzzer::notify_paused_thread(Thread * thread)
        history->remove_waiting_write(tid);
        history->remove_waiting_thread(tid);
 
+       Predicate * selected_branch = get_selected_child_branch(tid);
+       update_predicate_score(selected_branch, 4);
+
        model_print("** thread %d is woken up\n", tid);
 }
 
@@ -418,6 +421,33 @@ bool NewFuzzer::find_threads(ModelAction * pending_read)
        return finds_waiting_for;
 }
 
+/* Update predicate counts and scores (asynchronous) when the read value is not available
+ *
+ * @param type
+ *        type 1: find_threads return false
+ *        type 2: find_threads return true, but the fuzzer decides that that thread shall not sleep based on sleep score
+ *        type 3: threads are put to sleep but woken up before the waited value appears
+ *        type 4: threads are put to sleep and the waited vaule appears (success)
+ */
+void NewFuzzer::update_predicate_score(Predicate * predicate, int type)
+{
+       switch (type) {
+               case 1:
+                       predicate->incr_fail_count();
+
+                       /* Do not choose this predicate when reselecting a new branch */
+                       failed_predicates.put(predicate, true);
+               case 2:
+                       predicate->incr_fail_count();
+                       predicate->decr_sleep_score(1);
+               case 3:
+                       predicate->incr_fail_count();
+                       predicate->incr_sleep_score(10);
+               case 4:
+                       predicate->decr_sleep_score(10);
+       }
+}
+
 bool NewFuzzer::shouldWait(const ModelAction * act)
 {
        return random() & 1;
index 61925c1..e94de33 100644 (file)
@@ -47,6 +47,7 @@ private:
        void wake_up_paused_threads(int * threadlist, int * numthreads);
 
        bool find_threads(ModelAction * pending_read);
+       void update_predicate_score(Predicate * predicate, int type);
 };
 
 #endif /* end of __NEWFUZZER_H__ */
index 09e4739..714ebbb 100644 (file)
@@ -9,6 +9,7 @@ Predicate::Predicate(FuncInst * func_inst, bool is_entry, bool is_exit) :
        does_write(false),
        exploration_count(0),
        failure_count(0),
+       sleep_score(0),
        pred_expressions(16),
        children(),
        parent(NULL),
@@ -97,6 +98,32 @@ ConcretePredicate * Predicate::evaluate(inst_act_map_t * inst_act_map, thread_id
        return concrete;
 }
 
+void Predicate::incr_expl_count()
+{
+       exploration_count++;
+}
+
+void Predicate::incr_fail_count()
+{
+       failure_count++;
+}
+
+void Predicate::incr_sleep_score(uint32_t amount)
+{
+       if (sleep_score + amount > 100)
+               sleep_score = 100;
+       else
+               sleep_score += amount;
+}
+
+void Predicate::decr_sleep_score(uint32_t amount)
+{
+       if (sleep_score > amount)
+               sleep_score -= amount;
+       else
+               sleep_score = 0;
+}
+
 void Predicate::print_predicate()
 {
        model_print("\"%p\" [shape=box, label=\"\n", this);
index 6a35fcc..413b2cd 100644 (file)
@@ -41,8 +41,11 @@ public:
 
        uint32_t get_expl_count() { return exploration_count; }
        uint32_t get_fail_count() { return failure_count; }
-       void incr_expl_count() { exploration_count++; }
-       void incr_fail_count() { failure_count++; }
+       uint32_t get_scleep_score() { return sleep_score; }
+       void incr_expl_count();
+       void incr_fail_count();
+       void incr_sleep_score(uint32_t amount);
+       void decr_sleep_score(uint32_t amount);
 
        void print_predicate();
        void print_pred_subtree();
@@ -53,8 +56,10 @@ private:
        bool entry_predicate;
        bool exit_predicate;
        bool does_write;
+
        uint32_t exploration_count;
        uint32_t failure_count;
+       uint32_t sleep_score;   /* 0 <= sleep_score <= 100 */
 
        /* May have multiple predicate expressions */
        PredExprSet pred_expressions;