From 0acd7ac85bd6004e53e1283a2900ffef7debeed8 Mon Sep 17 00:00:00 2001 From: weiyu Date: Thu, 3 Oct 2019 17:51:41 -0700 Subject: [PATCH] Compute the threads that a paused thread my wait for --- funcnode.cc | 34 ++++++++++++++++++++++++++++++++++ funcnode.h | 2 ++ history.cc | 22 +--------------------- history.h | 6 ------ newfuzzer.cc | 40 ++++++++++++++++++++++++++++++++++------ newfuzzer.h | 2 ++ 6 files changed, 73 insertions(+), 33 deletions(-) diff --git a/funcnode.cc b/funcnode.cc index 9228dc77..bf8971bd 100644 --- a/funcnode.cc +++ b/funcnode.cc @@ -640,6 +640,40 @@ void FuncNode::add_out_edge(FuncNode * other) } } +int FuncNode::compute_distance(FuncNode * target, int max_step) +{ + SnapList queue; + HashTable distances; + + int dist = 0; + queue.push_back(this); + distances.put(this, dist); + + while (!queue.empty()) { + FuncNode * curr = queue.front(); + queue.pop_front(); + + if (curr == target) + return dist; + else if (max_step < dist) + return -1; + + dist++; + ModelList * outEdges = curr->get_out_edges(); + mllnode * it; + for (it = outEdges->begin(); it != NULL; it = it->getNext()) { + FuncNode * out_node = it->getVal(); + if ( !distances.contains(out_node) ) { + queue.push_back(out_node); + distances.put(out_node, dist); + } + } + } + + /* Target node is unreachable */ + return -1; +} + void FuncNode::print_predicate_tree() { model_print("digraph function_%s {\n", func_name); diff --git a/funcnode.h b/funcnode.h index 0d0755db..04665c5c 100644 --- a/funcnode.h +++ b/funcnode.h @@ -5,6 +5,7 @@ #include "classlist.h" #include "threads-model.h" +#define MAX_DIST 10 typedef ModelList func_inst_list_mt; typedef enum edge_type { @@ -55,6 +56,7 @@ public: void add_out_edge(FuncNode * other); ModelList * get_out_edges() { return &out_edges; } + int compute_distance(FuncNode * target, int max_step = MAX_DIST); void print_predicate_tree(); void print_val_loc_map(); diff --git a/history.cc b/history.cc index 3e0644ed..c3e7eeb0 100644 --- a/history.cc +++ b/history.cc @@ -24,7 +24,6 @@ ModelHistory::ModelHistory() : loc_waiting_writes_map = new HashTable *, uintptr_t, 0>(); thrd_waiting_write = new SnapVector(); func_inst_act_maps = new HashTable *, int, 0>(128); - func_threads_map = new HashTable *, int, 0>(128); } void ModelHistory::enter_function(const uint32_t func_id, thread_id_t tid) @@ -247,7 +246,7 @@ SnapVector * ModelHistory::getRdFuncNodes(void * location) SnapVector * func_node_list = loc_rd_func_nodes_map->get(location); if (func_node_list == NULL) { func_node_list = new SnapVector(); - loc_wr_func_nodes_map->put(location, func_node_list); + loc_rd_func_nodes_map->put(location, func_node_list); } return func_node_list; @@ -397,25 +396,6 @@ bool ModelHistory::skip_action(ModelAction * act, SnapList * curr return false; } -void ModelHistory::update_func_threads_map(uint32_t func_id, thread_id_t tid) -{ - SnapVector * thread_ids = get_calling_threads(func_id); - thread_ids->push_back(tid); -} - -/* Return a vector of thread_id's that have called this function before */ -SnapVector * ModelHistory::get_calling_threads(uint32_t func_id) -{ - SnapVector * thread_ids = func_threads_map->get(func_id); - if (thread_ids == NULL) { - /* Make sure the result can be iterated without checking nullity */ - thread_ids = new SnapVector(); - func_threads_map->put(func_id, thread_ids); - } - - return thread_ids; -} - /* Reallocate some snapshotted memories when new executions start */ void ModelHistory::set_new_exec_flag() { diff --git a/history.h b/history.h index 869aecf5..2ce88f2f 100644 --- a/history.h +++ b/history.h @@ -42,9 +42,6 @@ public: SnapVector * getThrdInstActMap(uint32_t func_id); - void update_func_threads_map(uint32_t func_id, thread_id_t tid); - SnapVector * get_calling_threads(uint32_t func_id); - void set_new_exec_flag(); void dump_func_node_graph(); void print_func_node(); @@ -78,9 +75,6 @@ private: HashTable *, int, 0> * func_inst_act_maps; bool skip_action(ModelAction * act, SnapList * curr_act_list); - - /* Map func_id to threads that have called this function */ - HashTable *, int, 0> * func_threads_map; }; #endif /* __HISTORY_H__ */ diff --git a/newfuzzer.cc b/newfuzzer.cc index 00219b63..b0874c85 100644 --- a/newfuzzer.cc +++ b/newfuzzer.cc @@ -44,18 +44,18 @@ int NewFuzzer::selectWrite(ModelAction *read, SnapVector * rf_set thrd_last_read_act[thread_id] = read; FuncNode * func_node = history->get_curr_func_node(tid); - inst_act_map_t * inst_act_map = func_node->get_inst_act_map(tid); Predicate * curr_pred = func_node->get_predicate_tree_position(tid); FuncInst * read_inst = func_node->get_inst(read); - Predicate * selected_branch = selectBranch(tid, curr_pred, read_inst); + + inst_act_map_t * inst_act_map = func_node->get_inst_act_map(tid); prune_writes(tid, selected_branch, rf_set, inst_act_map); } // No write satisfies the selected predicate, so pause this thread. if ( rf_set->size() == 0 ) { Thread * read_thread = execution->get_thread(tid); - model_print("the %d read action of thread %d is unsuccessful\n", read->get_seq_number(), read_thread->get_id()); + model_print("the %d read action of thread %d at %p is unsuccessful\n", read->get_seq_number(), read_thread->get_id(), read->get_location()); // reset thread pending action and revert sequence numbers read_thread->set_pending(read); @@ -63,6 +63,9 @@ int NewFuzzer::selectWrite(ModelAction *read, SnapVector * rf_set execution->restore_last_seq_num(); conditional_sleep(read_thread); + + find_threads(read); + return -1; /* SnapVector * pruned_writes = thrd_pruned_writes[thread_id]; @@ -214,7 +217,7 @@ void NewFuzzer::conditional_sleep(Thread * thread) paused_thread_set.push_back(thread); paused_thread_table.put(thread, index); // Update table - /* */ + /* Add the waiting condition to ModelHistory */ ModelAction * read = thread->get_pending(); thread_id_t tid = thread->get_id(); FuncNode * func_node = history->get_curr_func_node(tid); @@ -236,8 +239,7 @@ Thread * NewFuzzer::selectThread(int * threadlist, int numthreads) { if (numthreads == 0 && has_paused_threads()) { wake_up_paused_threads(threadlist, &numthreads); - model_print("list size: %d\n", numthreads); - model_print("active t id: %d\n", threadlist[0]); + model_print("list size: %d, active t id: %d\n", numthreads, threadlist[0]); } int random_index = random() % numthreads; @@ -287,6 +289,32 @@ void NewFuzzer::notify_paused_thread(Thread * thread) history->remove_waiting_write(tid); } +/* Find threads that may write values that the pending read action is waiting for */ +void NewFuzzer::find_threads(ModelAction * pending_read) +{ + void * location = pending_read->get_location(); + thread_id_t self_id = pending_read->get_tid(); + + SnapVector * func_node_list = history->getWrFuncNodes(location); + for (uint i = 0; i < func_node_list->size(); i++) { + FuncNode * target_node = (*func_node_list)[i]; + model_print("node %s may write to loc %p\n", target_node->get_func_name(), location); + + for (uint i = 1; i < execution->get_num_threads(); i++) { + thread_id_t tid = int_to_id(i); + if (tid == self_id) + continue; + + FuncNode * node = history->get_curr_func_node(tid); + if (node == NULL) + continue; + + int distance = node->compute_distance(target_node); + model_print("thread: %d; distance from node %d to node %d: %d\n", tid, node->get_func_id(), target_node->get_func_id(), distance); + } + } +} + bool NewFuzzer::shouldWait(const ModelAction * act) { return random() & 1; diff --git a/newfuzzer.h b/newfuzzer.h index c152c5d9..0e5d483b 100644 --- a/newfuzzer.h +++ b/newfuzzer.h @@ -42,6 +42,8 @@ private: void conditional_sleep(Thread * thread); void wake_up_paused_threads(int * threadlist, int * numthreads); + + void find_threads(ModelAction * pending_read); }; #endif /* end of __NEWFUZZER_H__ */ -- 2.34.1