From 5aff275cd81f65fbfaa2c08fdcc1ff62903453ee Mon Sep 17 00:00:00 2001 From: weiyu Date: Mon, 17 Feb 2020 11:27:57 -0800 Subject: [PATCH] Bug fix --- funcnode.cc | 9 +++++ history.cc | 11 +++--- newfuzzer.cc | 95 +++++++++++++++++++++++----------------------------- newfuzzer.h | 3 -- predicate.cc | 4 ++- 5 files changed, 58 insertions(+), 64 deletions(-) diff --git a/funcnode.cc b/funcnode.cc index 92e37955..db39072b 100644 --- a/funcnode.cc +++ b/funcnode.cc @@ -6,6 +6,8 @@ #include "concretepredicate.h" #include "model.h" +#include "execution.h" +#include "newfuzzer.h" #include FuncNode::FuncNode(ModelHistory * history) : @@ -290,6 +292,9 @@ void FuncNode::update_predicate_tree(ModelAction * next_act) inst_id_map_t * inst_id_map = thrd_inst_id_maps[thread_id]->back(); Predicate * curr_pred = get_predicate_tree_position(tid); + NewFuzzer * fuzzer = (NewFuzzer *)model->get_execution()->getFuzzer(); + Predicate * selected_branch = fuzzer->get_selected_child_branch(tid); + while (true) { FuncInst * next_inst = get_inst(next_act); next_inst->set_associated_read(tid, recursion_depth, this_marker, next_act->get_reads_from_value()); @@ -352,6 +357,10 @@ void FuncNode::update_predicate_tree(ModelAction * next_act) add_predicate_to_trace(tid, curr_pred); break; } + + // A check + if (selected_branch != NULL) + ASSERT(selected_branch == curr_pred); } /* Given curr_pred and next_inst, find the branch following curr_pred that diff --git a/history.cc b/history.cc index 081f85d1..7fab503b 100644 --- a/history.cc +++ b/history.cc @@ -148,12 +148,9 @@ void ModelHistory::process_action(ModelAction *act, thread_id_t tid) func_node->add_inst(act); if (act->is_read()) { -// Fuzzer * fuzzer = model->get_execution()->getFuzzer(); -// Predicate * selected_branch = ((NewFuzzer *)fuzzer)->get_selected_child_branch(tid); -// func_node->set_predicate_tree_position(tid, selected_branch); - } -/* - if (act->is_write()) { + // Do nothing + } else if (act->is_write()) { + /* Predicate * curr_pred = func_node->get_predicate_tree_position(tid); FuncInst * curr_inst = func_node->get_inst(act); @@ -162,8 +159,8 @@ void ModelHistory::process_action(ModelAction *act, thread_id_t tid) curr_pred = curr_pred->follow_write_child(curr_inst); } func_node->set_predicate_tree_position(tid, curr_pred); + */ } -*/ func_node->update_tree(act); last_action = act; diff --git a/newfuzzer.cc b/newfuzzer.cc index ff19354c..be483886 100644 --- a/newfuzzer.cc +++ b/newfuzzer.cc @@ -19,7 +19,6 @@ NewFuzzer::NewFuzzer() : thrd_pruned_writes(), paused_thread_list(), paused_thread_table(128), - failed_predicates(32), dist_info_vec() {} @@ -74,12 +73,10 @@ int NewFuzzer::selectWrite(ModelAction *read, SnapVector * rf_set delete it; } + thrd_selected_child_branch[thread_id] = selected_branch; prune_writes(tid, index, marker, selected_branch, rf_set); } - if (!failed_predicates.isEmpty()) - failed_predicates.reset(); - thrd_last_read_act[thread_id] = read; thrd_last_func_inst[thread_id] = read_inst; } @@ -92,8 +89,7 @@ int NewFuzzer::selectWrite(ModelAction *read, SnapVector * rf_set int index = func_node->get_recursion_depth(tid); uint32_t marker = func_node->get_marker(tid); - // Add failed predicate to NewFuzzer and FuncNode - failed_predicates.put(selected_branch, true); + // Increment failure count selected_branch->incr_fail_count(); //model_print("the %d read action of thread %d at %p is unsuccessful\n", read->get_seq_number(), read_thread->get_id(), read->get_location()); @@ -107,6 +103,7 @@ int NewFuzzer::selectWrite(ModelAction *read, SnapVector * rf_set Predicate * curr_pred = selected_branch->get_parent(); FuncInst * read_inst = thrd_last_func_inst[thread_id]; selected_branch = selectBranch(tid, curr_pred, read_inst); + thrd_selected_child_branch[thread_id] = selected_branch; prune_writes(tid, index, marker, selected_branch, rf_set); @@ -170,7 +167,6 @@ Predicate * NewFuzzer::selectBranch(thread_id_t tid, Predicate * curr_pred, Func int index = choose_branch_index(&available_branches_tmp_storage); Predicate * selected_branch = available_branches_tmp_storage[ index ]; - thrd_selected_child_branch[thread_id] = selected_branch; /* Remove the chosen branch from vec in case that this * branch fails and need to choose another one */ @@ -255,7 +251,45 @@ bool NewFuzzer::prune_writes(thread_id_t tid, int index, uint32_t marker, ModelAction * write_act = (*rf_set)[rf_index]; uint64_t write_val = write_act->get_write_value(); bool no_predicate = false; - bool satisfy_predicate = check_predicate_expressions(tid, index, marker, pred_expressions, write_val, &no_predicate); + bool satisfy_predicate = true; + + // Check if the write value satisfies the predicates + PredExprSetIter * pred_expr_it = pred_expressions->iterator(); + while (pred_expr_it->hasNext()) { + struct pred_expr * expression = pred_expr_it->next(); + bool equality; + + switch (expression->token) { + case NOPREDICATE: + no_predicate = true; + break; + case EQUALITY: + FuncInst * to_be_compared; + uint64_t last_read; + + to_be_compared = expression->func_inst; + last_read = to_be_compared->get_associated_read(tid, index, marker); + ASSERT(last_read != VALUE_NONE); + + equality = (write_val == last_read); + if (equality != expression->value) + satisfy_predicate = false; + break; + case NULLITY: + // TODO: implement likely to be null + equality = ((void*) (write_val & 0xffffffff) == NULL); + if (equality != expression->value) + satisfy_predicate = false; + break; + default: + model_print("unknown predicate token\n"); + break; + } + + if (!satisfy_predicate) + break; + } + delete pred_expr_it; if (no_predicate) return false; @@ -416,51 +450,6 @@ bool NewFuzzer::find_threads(ModelAction * pending_read) return finds_waiting_for; } -bool NewFuzzer::check_predicate_expressions(thread_id_t tid, int index, uint32_t marker, - PredExprSet * pred_expressions, uint64_t write_val, bool * no_predicate) -{ - bool satisfy_predicate = true; - - PredExprSetIter * pred_expr_it = pred_expressions->iterator(); - while (pred_expr_it->hasNext()) { - struct pred_expr * expression = pred_expr_it->next(); - bool equality; - - switch (expression->token) { - case NOPREDICATE: - *no_predicate = true; - break; - case EQUALITY: - FuncInst * to_be_compared; - uint64_t last_read; - - to_be_compared = expression->func_inst; - last_read = to_be_compared->get_associated_read(tid, index, marker); - ASSERT(last_read != VALUE_NONE); - - equality = (write_val == last_read); - if (equality != expression->value) - satisfy_predicate = false; - break; - case NULLITY: - // TODO: implement likely to be null - equality = ((void*) (write_val & 0xffffffff) == NULL); - if (equality != expression->value) - satisfy_predicate = false; - break; - default: - model_print("unknown predicate token\n"); - break; - } - - if (!satisfy_predicate) - break; - } - - delete pred_expr_it; - return satisfy_predicate; -} - bool NewFuzzer::shouldWait(const ModelAction * act) { return random() & 1; diff --git a/newfuzzer.h b/newfuzzer.h index c8a3f036..730b81fd 100644 --- a/newfuzzer.h +++ b/newfuzzer.h @@ -58,7 +58,6 @@ private: */ SnapVector paused_thread_list; //-- (not in use) HashTable paused_thread_table; //-- - HashTable failed_predicates; SnapVector dist_info_vec; //-- @@ -66,8 +65,6 @@ private: void wake_up_paused_threads(int * threadlist, int * numthreads); //-- bool find_threads(ModelAction * pending_read); //-- - - bool check_predicate_expressions(thread_id_t tid, int index, uint32_t marker, PredExprSet * pred_expressions, uint64_t write_val, bool * no_predicate); }; #endif /* end of __NEWFUZZER_H__ */ diff --git a/predicate.cc b/predicate.cc index 86bc30ed..9b329f10 100644 --- a/predicate.cc +++ b/predicate.cc @@ -131,8 +131,10 @@ ConcretePredicate * Predicate::evaluate(thread_id_t tid) } delete it; - */ return concrete; + */ + + return NULL; } void Predicate::print_predicate() -- 2.34.1