From 8eead7359632f3d3e8271df48750da89503a3ef6 Mon Sep 17 00:00:00 2001
From: weiyu <weiyuluo1232@gmail.com>
Date: Fri, 11 Oct 2019 19:35:06 -0700
Subject: [PATCH] Fix bug

---
 funcnode.cc  |  2 +-
 newfuzzer.cc | 23 ++++++++++++++---------
 predicate.cc |  1 +
 predicate.h  |  7 +++++--
 4 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/funcnode.cc b/funcnode.cc
index d6672cb8..8cb39da9 100644
--- a/funcnode.cc
+++ b/funcnode.cc
@@ -306,7 +306,7 @@ void FuncNode::update_predicate_tree(action_list_t * act_list)
 			inst_id_map.put(next_inst, inst_counter++);
 
 		it = it->getNext();
-		curr_pred->incr_count();
+		curr_pred->incr_expl_count();
 	}
 
 	curr_pred->set_exit(predicate_tree_exit);
diff --git a/newfuzzer.cc b/newfuzzer.cc
index e290db41..5675c790 100644
--- a/newfuzzer.cc
+++ b/newfuzzer.cc
@@ -72,12 +72,11 @@ int NewFuzzer::selectWrite(ModelAction *read, SnapVector<ModelAction *> * rf_set
 			execution->restore_last_seq_num();
 
 			conditional_sleep(read_thread);
-
 			// Returning -1 stops the while loop of ModelExecution::process_read
 			return -1;
 		} else {
 			Predicate * selected_branch = get_selected_child_branch(tid);
-//			selected_branch->incr_count();
+			selected_branch->incr_fail_count();
 			failed_predicates.put(selected_branch, true);
 
 			SnapVector<ModelAction *> * pruned_writes = thrd_pruned_writes[thread_id];
@@ -128,8 +127,8 @@ Predicate * NewFuzzer::selectBranch(thread_id_t tid, Predicate * curr_pred, Func
 			branches.push_back(child);
 
 			// max of (exploration counts + 1)
-			if (child->get_count() + 1 > numerator)
-				numerator = child->get_count() + 1;
+			if (child->get_expl_count() + 1 > numerator)
+				numerator = child->get_expl_count() + 1;
 		}
 	}
 
@@ -172,12 +171,12 @@ int NewFuzzer::choose_index(SnapVector<Predicate *> * branches, uint32_t numerat
 		return 0;
 
 	double total_factor = 0;
-	SnapVector<double> factors = SnapVector<double>( branches->size() );
+	SnapVector<double> factors = SnapVector<double>( branches->size() + 1 );
 	for (uint i = 0; i < branches->size(); i++) {
 		Predicate * branch = (*branches)[i];
-		double factor = (double) numerator / (branch->get_count() + 1);
+		double factor = (double) numerator / (branch->get_expl_count() + 2 * branch->get_fail_count() + 1);
 		total_factor += factor;
-		factors[i] = factor;
+		factors.push_back(factor);
 	}
 
 	double prob = (double) random() / RAND_MAX;
@@ -185,9 +184,9 @@ int NewFuzzer::choose_index(SnapVector<Predicate *> * branches, uint32_t numerat
 	int index = 0;
 
 	for (uint i = 0; i < factors.size(); i++) {
-		prob_sum += (double) factors[i] / total_factor;
+		index = i;
+		prob_sum += (double) (factors[i] / total_factor);
 		if (prob_sum > prob) {
-			index = i;
 			break;
 		}
 	}
@@ -352,6 +351,10 @@ void NewFuzzer::wake_up_paused_threads(int * threadlist, int * numthreads)
 	//model_print("thread %d is woken up\n", tid);
 	threadlist[*numthreads] = tid;
 	(*numthreads)++;
+
+	Predicate * selected_branch = get_selected_child_branch(tid);
+	selected_branch->incr_fail_count();
+	model_print("thread %d is woken up\n", tid);
 }
 
 /* Wake up conditional sleeping threads if the desired write is available */
@@ -371,6 +374,8 @@ void NewFuzzer::notify_paused_thread(Thread * thread)
 	thread_id_t tid = thread->get_id();
 	history->remove_waiting_write(tid);
 	history->remove_waiting_thread(tid);
+
+	model_print("** thread %d is woken up\n", tid);
 }
 
 /* Find threads that may write values that the pending read action is waiting for
diff --git a/predicate.cc b/predicate.cc
index 0f7c620d..4094b615 100644
--- a/predicate.cc
+++ b/predicate.cc
@@ -8,6 +8,7 @@ Predicate::Predicate(FuncInst * func_inst, bool is_entry, bool is_exit) :
 	exit_predicate(is_exit),
 	does_write(false),
 	exploration_count(0),
+	failure_count(0),
 	pred_expressions(16),
 	children(),
 	parent(NULL),
diff --git a/predicate.h b/predicate.h
index fd1c768b..6a35fcc4 100644
--- a/predicate.h
+++ b/predicate.h
@@ -39,8 +39,10 @@ public:
 
 	ConcretePredicate * evaluate(inst_act_map_t * inst_act_map, thread_id_t tid);
 
-	uint32_t get_count() { return exploration_count; }
-	void incr_count() { exploration_count++; }
+	uint32_t get_expl_count() { return exploration_count; }
+	uint32_t get_fail_count() { return failure_count; }
+	void incr_expl_count() { exploration_count++; }
+	void incr_fail_count() { failure_count++; }
 
 	void print_predicate();
 	void print_pred_subtree();
@@ -52,6 +54,7 @@ private:
 	bool exit_predicate;
 	bool does_write;
 	uint32_t exploration_count;
+	uint32_t failure_count;
 
 	/* May have multiple predicate expressions */
 	PredExprSet pred_expressions;
-- 
2.34.1