7 #include "concretepredicate.h"
10 #include "execution.h"
11 #include "newfuzzer.h"
13 /** @brief Constructor */
14 ModelHistory::ModelHistory() :
15 func_counter(1), /* function id starts with 1 */
20 /* The following are snapshot data structures */
21 write_history = new HashTable<void *, value_set_t *, uintptr_t, 4>();
22 loc_rd_func_nodes_map = new HashTable<void *, SnapVector<FuncNode *> *, uintptr_t, 0>();
23 loc_wr_func_nodes_map = new HashTable<void *, SnapVector<FuncNode *> *, uintptr_t, 0>();
24 loc_waiting_writes_map = new HashTable<void *, SnapVector<ConcretePredicate *> *, uintptr_t, 0>();
25 thrd_waiting_write = new SnapVector<ConcretePredicate *>();
26 func_inst_act_maps = new HashTable<uint32_t, SnapVector<inst_act_map_t *> *, int, 0>(128);
29 void ModelHistory::enter_function(const uint32_t func_id, thread_id_t tid)
31 //model_print("thread %d entering func %d\n", tid, func_id);
32 ModelExecution * execution = model->get_execution();
33 uint id = id_to_int(tid);
34 SnapVector<func_id_list_t> * thrd_func_list = execution->get_thrd_func_list();
35 SnapVector< SnapList<action_list_t *> *> *
36 thrd_func_act_lists = execution->get_thrd_func_act_lists();
37 SnapVector<uint32_t> * thrd_last_entered_func = execution->get_thrd_last_entered_func();
39 if ( thrd_func_list->size() <= id ) {
40 uint oldsize = thrd_func_list->size();
41 thrd_func_list->resize( id + 1 );
42 thrd_func_act_lists->resize( id + 1 );
44 for (uint i = oldsize; i < id + 1; i++) {
45 // push 0 as a dummy function id to a void seg fault
46 new (&(*thrd_func_list)[i]) func_id_list_t();
47 (*thrd_func_list)[i].push_back(0);
49 (*thrd_func_act_lists)[i] = new SnapList<action_list_t *>();
50 thrd_last_entered_func->push_back(0);
54 SnapList<action_list_t *> * func_act_lists = (*thrd_func_act_lists)[id];
55 func_act_lists->push_back( new action_list_t() );
57 uint32_t last_entered_func_id = (*thrd_last_entered_func)[id];
58 (*thrd_last_entered_func)[id] = func_id;
59 (*thrd_func_list)[id].push_back(func_id);
61 if ( func_nodes.size() <= func_id )
62 resize_func_nodes( func_id + 1 );
64 FuncNode * func_node = func_nodes[func_id];
65 func_node->init_predicate_tree_position(tid);
66 func_node->init_inst_act_map(tid);
68 /* Add edges between FuncNodes */
69 if (last_entered_func_id != 0) {
70 FuncNode * last_func_node = func_nodes[last_entered_func_id];
71 last_func_node->add_out_edge(func_node);
75 /* @param func_id a non-zero value */
76 void ModelHistory::exit_function(const uint32_t func_id, thread_id_t tid)
78 ModelExecution * execution = model->get_execution();
79 uint32_t id = id_to_int(tid);
80 SnapVector<func_id_list_t> * thrd_func_list = execution->get_thrd_func_list();
81 SnapVector< SnapList<action_list_t *> *> *
82 thrd_func_act_lists = execution->get_thrd_func_act_lists();
84 SnapList<action_list_t *> * func_act_lists = (*thrd_func_act_lists)[id];
85 uint32_t last_func_id = (*thrd_func_list)[id].back();
87 if (last_func_id == func_id) {
88 FuncNode * func_node = func_nodes[func_id];
89 func_node->set_predicate_tree_position(tid, NULL);
90 func_node->reset_inst_act_map(tid);
92 action_list_t * curr_act_list = func_act_lists->back();
94 /* defer the processing of curr_act_list until the function has exits a few times
95 * (currently twice) so that more information can be gathered to infer nullity predicates.
97 func_node->incr_exit_count();
98 if (func_node->get_exit_count() >= 2) {
99 SnapList<action_list_t *> * action_list_buffer = func_node->get_action_list_buffer();
100 while (action_list_buffer->size() > 0) {
101 action_list_t * act_list = action_list_buffer->back();
102 action_list_buffer->pop_back();
103 func_node->update_tree(act_list);
106 func_node->update_tree(curr_act_list);
108 func_node->get_action_list_buffer()->push_front(curr_act_list);
110 (*thrd_func_list)[id].pop_back();
111 func_act_lists->pop_back();
113 model_print("trying to exit with a wrong function id\n");
114 model_print("--- last_func: %d, func_id: %d\n", last_func_id, func_id);
116 //model_print("thread %d exiting func %d\n", tid, func_id);
119 void ModelHistory::resize_func_nodes(uint32_t new_size)
121 uint32_t old_size = func_nodes.size();
123 if ( old_size < new_size )
124 func_nodes.resize(new_size);
126 for (uint32_t id = old_size; id < new_size; id++) {
127 const char * func_name = func_map_rev[id];
128 FuncNode * func_node = new FuncNode(this);
129 func_node->set_func_id(id);
130 func_node->set_func_name(func_name);
131 func_nodes[id] = func_node;
135 void ModelHistory::process_action(ModelAction *act, thread_id_t tid)
137 ModelExecution * execution = model->get_execution();
138 /* Return if thread i has not entered any function or has exited
139 from all functions */
140 SnapVector<func_id_list_t> * thrd_func_list = execution->get_thrd_func_list();
141 SnapVector< SnapList<action_list_t *> *> *
142 thrd_func_act_lists = execution->get_thrd_func_act_lists();
144 uint32_t id = id_to_int(tid);
145 if ( thrd_func_list->size() <= id )
148 /* Get the function id that thread i is currently in */
149 uint32_t func_id = (*thrd_func_list)[id].back();
150 SnapList<action_list_t *> * func_act_lists = (*thrd_func_act_lists)[id];
152 if (act->is_write()) {
153 void * location = act->get_location();
154 uint64_t value = act->get_write_value();
155 update_write_history(location, value);
157 /* Update FuncNodes that may read from this location */
158 SnapVector<FuncNode *> * func_node_list = getRdFuncNodes(location);
159 for (uint i = 0; i < func_node_list->size(); i++) {
160 FuncNode * func_node = (*func_node_list)[i];
161 func_node->add_to_val_loc_map(value, location);
164 check_waiting_write(act);
167 /* The following does not care about actions without a position */
168 if (func_id == 0 || act->get_position() == NULL)
171 action_list_t * curr_act_list = func_act_lists->back();
172 ASSERT(curr_act_list != NULL);
174 if (skip_action(act, curr_act_list))
177 FuncNode * func_node = func_nodes[func_id];
179 /* Add to curr_inst_list */
180 curr_act_list->push_back(act);
181 func_node->add_inst(act);
183 if (act->is_read()) {
184 func_node->update_inst_act_map(tid, act);
186 // Update predicate tree position
187 Fuzzer * fuzzer = execution->getFuzzer();
188 Predicate * selected_branch = fuzzer->get_selected_child_branch(tid);
189 func_node->set_predicate_tree_position(tid, selected_branch);
193 /* Return the FuncNode given its func_id */
194 FuncNode * ModelHistory::get_func_node(uint32_t func_id)
199 // This node has not been added to func_nodes
200 if (func_nodes.size() <= func_id)
203 return func_nodes[func_id];
206 /* Return the current FuncNode when given a thread id */
207 FuncNode * ModelHistory::get_curr_func_node(thread_id_t tid)
209 int thread_id = id_to_int(tid);
210 SnapVector<func_id_list_t> * thrd_func_list = model->get_execution()->get_thrd_func_list();
211 uint32_t func_id = (*thrd_func_list)[thread_id].back();
214 return func_nodes[func_id];
220 void ModelHistory::update_write_history(void * location, uint64_t write_val)
222 value_set_t * write_set = write_history->get(location);
224 if (write_set == NULL) {
225 write_set = new value_set_t();
226 write_history->put(location, write_set);
229 write_set->add(write_val);
232 void ModelHistory::update_loc_rd_func_nodes_map(void * location, FuncNode * node)
234 SnapVector<FuncNode *> * func_node_list = getRdFuncNodes(location);
235 func_node_list->push_back(node);
238 void ModelHistory::update_loc_wr_func_nodes_map(void * location, FuncNode * node)
240 SnapVector<FuncNode *> * func_node_list = getWrFuncNodes(location);
241 func_node_list->push_back(node);
244 SnapVector<FuncNode *> * ModelHistory::getRdFuncNodes(void * location)
246 SnapVector<FuncNode *> * func_node_list = loc_rd_func_nodes_map->get(location);
247 if (func_node_list == NULL) {
248 func_node_list = new SnapVector<FuncNode *>();
249 loc_rd_func_nodes_map->put(location, func_node_list);
252 return func_node_list;
255 SnapVector<FuncNode *> * ModelHistory::getWrFuncNodes(void * location)
257 SnapVector<FuncNode *> * func_node_list = loc_wr_func_nodes_map->get(location);
258 if (func_node_list == NULL) {
259 func_node_list = new SnapVector<FuncNode *>();
260 loc_wr_func_nodes_map->put(location, func_node_list);
263 return func_node_list;
266 /* When a thread is paused by Fuzzer, keep track of the condition it is waiting for */
267 void ModelHistory::add_waiting_write(ConcretePredicate * concrete)
269 void * location = concrete->get_location();
270 SnapVector<ConcretePredicate *> * waiting_conditions = loc_waiting_writes_map->get(location);
271 if (waiting_conditions == NULL) {
272 waiting_conditions = new SnapVector<ConcretePredicate *>();
273 loc_waiting_writes_map->put(location, waiting_conditions);
276 /* waiting_conditions should not have duplications */
277 waiting_conditions->push_back(concrete);
279 int thread_id = id_to_int(concrete->get_tid());
280 if (thrd_waiting_write->size() <= (uint) thread_id) {
281 thrd_waiting_write->resize(thread_id + 1);
284 (*thrd_waiting_write)[thread_id] = concrete;
287 void ModelHistory::remove_waiting_write(thread_id_t tid)
289 ConcretePredicate * concrete = (*thrd_waiting_write)[ id_to_int(tid) ];
290 void * location = concrete->get_location();
291 SnapVector<ConcretePredicate *> * concrete_preds = loc_waiting_writes_map->get(location);
293 for (uint i = 0; i < concrete_preds->size(); i++) {
294 ConcretePredicate * current = (*concrete_preds)[i];
295 if (concrete == current) {
296 (*concrete_preds)[i] = concrete_preds->back();
297 concrete_preds->pop_back();
302 int thread_id = id_to_int( concrete->get_tid() );
303 (*thrd_waiting_write)[thread_id] = NULL;
307 /* Check if any other thread is waiting for this write action. If so, "notify" them */
308 void ModelHistory::check_waiting_write(ModelAction * write_act)
310 void * location = write_act->get_location();
311 uint64_t value = write_act->get_write_value();
312 SnapVector<ConcretePredicate *> * concrete_preds = loc_waiting_writes_map->get(location);
313 SnapVector<ConcretePredicate *> to_remove = SnapVector<ConcretePredicate *>();
314 if (concrete_preds == NULL)
318 while (index < concrete_preds->size()) {
319 ConcretePredicate * concrete_pred = (*concrete_preds)[index];
320 SnapVector<struct concrete_pred_expr> * concrete_exprs = concrete_pred->getExpressions();
321 bool satisfy_predicate = true;
322 /* Check if the written value satisfies every predicate expression */
323 for (uint i = 0; i < concrete_exprs->size(); i++) {
324 struct concrete_pred_expr concrete = (*concrete_exprs)[i];
326 switch (concrete.token) {
328 equality = (value == concrete.value);
331 equality = ((void*)value == NULL);
334 model_print("unknown predicate token");
338 if (equality != concrete.equality) {
339 satisfy_predicate = false;
344 if (satisfy_predicate) {
345 to_remove.push_back(concrete_pred);
351 for (uint i = 0; i < to_remove.size(); i++) {
352 ConcretePredicate * concrete_pred = to_remove[i];
354 /* Wake up threads */
355 thread_id_t tid = concrete_pred->get_tid();
356 Thread * thread = model->get_thread(tid);
358 model_print("** thread %d is woken up\n", thread->get_id());
359 model->get_execution()->getFuzzer()->notify_paused_thread(thread);
363 SnapVector<inst_act_map_t *> * ModelHistory::getThrdInstActMap(uint32_t func_id)
365 ASSERT(func_id != 0);
367 SnapVector<inst_act_map_t *> * maps = func_inst_act_maps->get(func_id);
369 maps = new SnapVector<inst_act_map_t *>();
370 func_inst_act_maps->put(func_id, maps);
376 bool ModelHistory::skip_action(ModelAction * act, SnapList<ModelAction *> * curr_act_list)
378 bool second_part_of_rmw = act->is_rmwc() || act->is_rmw();
379 modelclock_t curr_seq_number = act->get_seq_number();
381 /* Skip actions that are second part of a read modify write */
382 if (second_part_of_rmw)
385 /* Skip actions with the same sequence number */
386 if (curr_act_list->size() != 0) {
387 ModelAction * last_act = curr_act_list->back();
388 if (last_act->get_seq_number() == curr_seq_number)
392 /* Skip actions that are paused by fuzzer (sequence number is 0) */
393 if (curr_seq_number == 0)
399 /* Reallocate some snapshotted memories when new executions start */
400 void ModelHistory::set_new_exec_flag()
402 for (uint i = 1; i < func_nodes.size(); i++) {
403 FuncNode * func_node = func_nodes[i];
404 func_node->set_new_exec_flag();
408 void ModelHistory::dump_func_node_graph()
410 model_print("digraph func_node_graph {\n");
411 for (uint i = 1; i < func_nodes.size(); i++) {
412 FuncNode * node = func_nodes[i];
413 ModelList<FuncNode *> * out_edges = node->get_out_edges();
415 model_print("\"%p\" [label=\"%s\"]\n", node, node->get_func_name());
416 mllnode<FuncNode *> * it;
417 for (it = out_edges->begin(); it != NULL; it = it->getNext()) {
418 FuncNode * other = it->getVal();
419 model_print("\"%p\" -> \"%p\"\n", node, other);
425 void ModelHistory::print_func_node()
427 /* function id starts with 1 */
428 for (uint32_t i = 1; i < func_nodes.size(); i++) {
429 FuncNode * func_node = func_nodes[i];
431 func_inst_list_mt * entry_insts = func_node->get_entry_insts();
432 model_print("function %s has entry actions\n", func_node->get_func_name());
434 mllnode<FuncInst*>* it;
435 for (it = entry_insts->begin();it != NULL;it=it->getNext()) {
436 FuncInst *inst = it->getVal();
437 model_print("type: %d, at: %s\n", inst->get_type(), inst->get_position());