import gov.nasa.jpf.vm.bytecode.ReadInstruction;
import gov.nasa.jpf.vm.bytecode.StoreInstruction;
import gov.nasa.jpf.vm.bytecode.WriteInstruction;
+import gov.nasa.jpf.vm.choice.IntChoiceFromSet;
import gov.nasa.jpf.vm.choice.IntIntervalGenerator;
+import java.awt.*;
import java.io.PrintWriter;
import java.util.*;
+import java.util.List;
// TODO: Fix for Groovy's model-checking
-// TODO: This is a listener created to detect device conflicts and global variable conflicts
+// TODO: This is a setter to change the values of the ChoiceGenerator to implement POR
/**
- * Simple listener tool to track remove unwanted ChoiceGenerators that are registered
- * while an existing ChoiceGenerator is being explored. Multiple ChoiceGenerators of the same
- * type could be registered spuriously during a while(true) loop.
+ * simple tool to log state changes
*/
public class StateReducer extends ListenerAdapter {
+ // Debug info fields
private boolean debugMode;
private boolean stateReductionMode;
private final PrintWriter out;
- private String detail;
- private int depth;
- private int id;
- private Transition transition;
+ volatile private String detail;
+ volatile private int depth;
+ volatile private int id;
+ Transition transition;
- // Holds values that have appeared during CG advances
- private HashSet<Integer> cgChoiceSet;
+ // State reduction fields
+ private Integer[] choices;
+ private int choiceCounter;
private Integer choiceUpperBound;
private boolean isInitialized;
+ private boolean isResetAfterAnalysis;
+ private boolean isBooleanCGFlipped;
+ private HashMap<IntChoiceFromSet,Integer> cgMap;
+ // Record the mapping between event number and field accesses (Read and Write)
+ private HashMap<Integer,ReadWriteSet> readWriteFieldsMap;
+ // The following is the backtrack map (set) that stores all the backtrack information
+ // e.g., event number 1 can have two backtrack sequences: {3,1,2,4,...} and {2,1,3,4,...}
+ private HashMap<Integer,LinkedList<Integer[]>> backtrackMap;
+ private HashMap<Integer,HashSet<Integer>> conflictPairMap;
+ // Map choicelist with start index
+ private HashMap<Integer[],Integer> choiceListStartIndexMap;
public StateReducer (Config config, JPF jpf) {
debugMode = config.getBoolean("debug_state_transition", false);
depth = 0;
id = 0;
transition = null;
- cgChoiceSet = new HashSet<>();
- choiceUpperBound = 0;
- isInitialized = false;
+ isBooleanCGFlipped = false;
+ initializeStateReduction();
+ }
+
+ private void initializeStateReduction() {
+ if (stateReductionMode) {
+ choices = null;
+ choiceCounter = 0;
+ choiceUpperBound = 0;
+ isInitialized = false;
+ isResetAfterAnalysis = false;
+ cgMap = new HashMap<>();
+ readWriteFieldsMap = new HashMap<>();
+ backtrackMap = new HashMap<>();
+ conflictPairMap = new HashMap<>();
+ choiceListStartIndexMap = new HashMap<>();
+ }
}
@Override
}
@Override
- public void choiceGeneratorSet (VM vm, ChoiceGenerator<?> newCG) {
+ public void choiceGeneratorRegistered (VM vm, ChoiceGenerator<?> nextCG, ThreadInfo currentThread, Instruction executedInstruction) {
if (stateReductionMode) {
// Initialize with necessary information from the CG
- if (newCG instanceof IntIntervalGenerator) {
- IntIntervalGenerator iigCG = (IntIntervalGenerator) newCG;
+ if (nextCG instanceof IntChoiceFromSet) {
+ IntChoiceFromSet icsCG = (IntChoiceFromSet) nextCG;
// Check if CG has been initialized, otherwise initialize it
+ Integer[] cgChoices = icsCG.getAllChoices();
if (!isInitialized) {
- Integer[] choices = iigCG.getChoices();
// Get the upper bound from the last element of the choices
- choiceUpperBound = choices[choices.length - 1];
+ choiceUpperBound = (Integer) cgChoices[cgChoices.length - 1];
isInitialized = true;
+ }
+ // Record the subsequent Integer CGs only until we hit the upper bound
+ if (!isResetAfterAnalysis && choiceCounter <= choiceUpperBound && !cgMap.containsValue(choiceCounter)) {
+ // Update the choices of the first CG and add '-1'
+ if (choices == null) {
+ // All the choices are always the same so we only need to update it once
+ choices = new Integer[cgChoices.length + 1];
+ System.arraycopy(cgChoices, 0, choices, 0, cgChoices.length);
+ choices[choices.length - 1] = -1;
+ }
+ icsCG.setNewValues(choices);
+ icsCG.reset();
+ // Advance the current Integer CG
+ // This way we explore all the event numbers in the first pass
+ icsCG.advance(choices[choiceCounter]);
+ cgMap.put(icsCG, choices[choiceCounter]);
+ choiceCounter++;
} else {
- newCG.setDone();
+ // Set done the subsequent CGs
+ // We only need n CGs (n is event numbers)
+ icsCG.setDone();
}
}
}
}
+ private void resetAllCGs() {
+ // Extract the event numbers that have backtrack lists
+ Set<Integer> eventSet = backtrackMap.keySet();
+ // Return if there is no conflict at all (highly unlikely)
+ if (eventSet.isEmpty()) {
+ return;
+ }
+ // Reset every CG with the first backtrack lists
+ for(IntChoiceFromSet cg : cgMap.keySet()) {
+ int event = cgMap.get(cg);
+ LinkedList<Integer[]> choiceLists = backtrackMap.get(event);
+ if (choiceLists != null && choiceLists.peekFirst() != null) {
+ Integer[] choiceList = choiceLists.removeFirst();
+ // Deploy the new choice list for this CG
+ cg.setNewValues(choiceList);
+ cg.reset();
+ } else {
+ cg.setDone();
+ }
+ }
+ }
+
@Override
public void choiceGeneratorAdvanced (VM vm, ChoiceGenerator<?> currentCG) {
- if (stateReductionMode) {
+
+ if(stateReductionMode) {
+ // Check the boolean CG and if it is flipped, we are resetting the analysis
+ if (currentCG instanceof BooleanChoiceGenerator) {
+ if (!isBooleanCGFlipped) {
+ isBooleanCGFlipped = true;
+ } else {
+ initializeStateReduction();
+ }
+ }
// Check every choice generated and make sure that all the available choices
// are chosen first before repeating the same choice of value twice!
- if (currentCG instanceof IntIntervalGenerator) {
- IntIntervalGenerator iigCG = (IntIntervalGenerator) currentCG;
- Integer nextChoice = iigCG.getNextChoice();
- if (!cgChoiceSet.contains(nextChoice)) {
- cgChoiceSet.add(nextChoice);
+ if (currentCG instanceof IntChoiceFromSet) {
+ IntChoiceFromSet icsCG = (IntChoiceFromSet) currentCG;
+ // Update the current pointer to the current set of choices
+ if (choices == null || choices != icsCG.getAllChoices()) {
+ choiceListStartIndexMap.remove(choices);
+ choices = icsCG.getAllChoices();
+ // Reset a few things for the sub-graph
+ conflictPairMap = new HashMap<>();
+ readWriteFieldsMap = new HashMap<>();
+ choiceCounter = 0;
+ }
+ // Traverse the sub-graphs
+ if (isResetAfterAnalysis) {
+ // Advance choice counter for sub-graphs
+ choiceCounter++;
+ // Do this for every CG after finishing each backtrack list
+ if (icsCG.getNextChoice() == -1) {
+ int event = cgMap.get(icsCG);
+ LinkedList<Integer[]> choiceLists = backtrackMap.get(event);
+ if (choiceLists != null && choiceLists.peekFirst() != null) {
+ Integer[] choiceList = choiceLists.removeFirst();
+ // Deploy the new choice list for this CG
+ icsCG.setNewValues(choiceList);
+ icsCG.reset();
+ } else {
+ // Set done if this was the last backtrack list
+ icsCG.setDone();
+ }
+ }
}
- // Allow reinitialization after an upper bound is hit
- // This means all available choices have been explored once during this iteration
- if (cgChoiceSet.contains(choiceUpperBound)) {
- isInitialized = false;
- cgChoiceSet.clear();
+ // Update and reset the CG if needed (do this for the first time after the analysis)
+ if (!isResetAfterAnalysis && icsCG.getNextChoice() == -1) {
+ resetAllCGs();
+ isResetAfterAnalysis = true;
}
}
}
out.println("\n==> DEBUG: ----------------------------------- search finished" + "\n");
}
}
+
+ // This class compactly stores Read and Write field sets
+ // We store the field name and its object ID
+ // Sharing the same field means the same field name and object ID
+ private class ReadWriteSet {
+ private HashMap<String,Integer> readSet;
+ private HashMap<String,Integer> writeSet;
+
+ public ReadWriteSet() {
+ readSet = new HashMap<>();
+ writeSet = new HashMap<>();
+ }
+
+ public void addReadField(String field, int objectId) {
+ readSet.put(field, objectId);
+ }
+
+ public void addWriteField(String field, int objectId) {
+ writeSet.put(field, objectId);
+ }
+
+ public boolean readFieldExists(String field) {
+ return readSet.containsKey(field);
+ }
+
+ public boolean writeFieldExists(String field) {
+ return writeSet.containsKey(field);
+ }
+
+ public int readFieldObjectId(String field) {
+ return readSet.get(field);
+ }
+
+ public int writeFieldObjectId(String field) {
+ return writeSet.get(field);
+ }
+ }
+
+ private void analyzeReadWriteAccesses(Instruction executedInsn, String fieldClass, int currentChoice) {
+ // Do the analysis to get Read and Write accesses to fields
+ ReadWriteSet rwSet;
+ // We already have an entry
+ if (readWriteFieldsMap.containsKey(choices[currentChoice])) {
+ rwSet = readWriteFieldsMap.get(choices[currentChoice]);
+ } else { // We need to create a new entry
+ rwSet = new ReadWriteSet();
+ readWriteFieldsMap.put(choices[currentChoice], rwSet);
+ }
+ int objectId = ((JVMFieldInstruction) executedInsn).getFieldInfo().getClassInfo().getClassObjectRef();
+ // Record the field in the map
+ if (executedInsn instanceof WriteInstruction) {
+ // Exclude certain field writes because of infrastructure needs, e.g., Event class field writes
+ for(String str : EXCLUDED_FIELDS_WRITE_INSTRUCTIONS_STARTS_WITH_LIST) {
+ if (fieldClass.startsWith(str)) {
+ return;
+ }
+ }
+ rwSet.addWriteField(fieldClass, objectId);
+ } else if (executedInsn instanceof ReadInstruction) {
+ rwSet.addReadField(fieldClass, objectId);
+ }
+ }
+
+ private boolean recordConflictPair(int currentEvent, int eventNumber) {
+ HashSet<Integer> conflictSet;
+ if (!conflictPairMap.containsKey(currentEvent)) {
+ conflictSet = new HashSet<>();
+ conflictPairMap.put(currentEvent, conflictSet);
+ } else {
+ conflictSet = conflictPairMap.get(currentEvent);
+ }
+ // If this conflict has been recorded before, we return false because
+ // we don't want to service this backtrack point twice
+ if (conflictSet.contains(eventNumber)) {
+ return false;
+ }
+ // If it hasn't been recorded, then do otherwise
+ conflictSet.add(eventNumber);
+ return true;
+ }
+
+ private void createBacktrackChoiceList(int currentChoice, int conflictEventNumber) {
+
+ LinkedList<Integer[]> backtrackChoiceLists;
+ // Check if we have a list for this choice number
+ // If not we create a new one for it
+ if (!backtrackMap.containsKey(conflictEventNumber)) {
+ backtrackChoiceLists = new LinkedList<>();
+ backtrackMap.put(conflictEventNumber, backtrackChoiceLists);
+ } else {
+ backtrackChoiceLists = backtrackMap.get(conflictEventNumber);
+ }
+ // Create a new list of choices for backtrack based on the current choice and conflicting event number
+ // If we have a conflict between 1 and 3, then we create the list {3, 1, 2, 4, 5} for backtrack
+ // The backtrack point is the CG for event number 1 and the list length is one less than the original list
+ // (originally of length 6) since we don't start from event number 0
+ if (!isResetAfterAnalysis) {
+ int maxListLength = choiceUpperBound + 1;
+ int listLength = maxListLength - conflictEventNumber;
+ Integer[] newChoiceList = new Integer[listLength + 1];
+ // Put the conflicting event numbers first and reverse the order
+ newChoiceList[0] = choices[currentChoice];
+ newChoiceList[1] = choices[conflictEventNumber];
+ // Put the rest of the event numbers into the array starting from the minimum to the upper bound
+ for (int i = conflictEventNumber + 1, j = 2; j < listLength; i++) {
+ if (choices[i] != choices[currentChoice]) {
+ newChoiceList[j] = choices[i];
+ j++;
+ }
+ }
+ // Set the last element to '-1' as the end of the sequence
+ newChoiceList[newChoiceList.length - 1] = -1;
+ backtrackChoiceLists.addLast(newChoiceList);
+ // The start index for the recursion is always 1 (from the main branch)
+ choiceListStartIndexMap.put(newChoiceList, 1);
+ } else { // This is a sub-graph
+ int listLength = choices.length;
+ Integer[] newChoiceList = new Integer[listLength];
+ // Copy everything before the conflict number
+ for(int i = 0; i < conflictEventNumber; i++) {
+ newChoiceList[i] = choices[i];
+ }
+ // Put the conflicting events
+ newChoiceList[conflictEventNumber] = choices[currentChoice];
+ newChoiceList[conflictEventNumber + 1] = choices[conflictEventNumber];
+ // Copy the rest
+ for(int i = conflictEventNumber + 1, j = conflictEventNumber + 2; j < listLength - 1; i++) {
+ if (choices[i] != choices[currentChoice]) {
+ newChoiceList[j] = choices[i];
+ j++;
+ }
+ }
+ // Set the last element to '-1' as the end of the sequence
+ newChoiceList[newChoiceList.length - 1] = -1;
+ backtrackChoiceLists.addLast(newChoiceList);
+ // For the sub-graph the start index depends on the conflicting event number
+ choiceListStartIndexMap.put(newChoiceList, conflictEventNumber + 1);
+ }
+ }
+
+ // We exclude fields that come from libraries (Java and Groovy), and also the infrastructure
+ private final static String[] EXCLUDED_FIELDS_STARTS_WITH_LIST =
+ // Java and Groovy libraries
+ { "java", "org", "sun", "com", "gov", "groovy"};
+ private final static String[] EXCLUDED_FIELDS_ENDS_WITH_LIST =
+ // Groovy library created fields
+ {"stMC", "callSiteArray", "metaClass", "staticClassInfo", "__constructor__",
+ // Infrastructure
+ "sendEvent", "Object", "reference", "location", "app", "state", "log", "functionList", "objectList",
+ "eventList", "valueList", "settings", "printToConsole", "app1", "app2"};
+ private final static String[] EXCLUDED_FIELDS_CONTAINS_LIST = {"_closure"};
+ private final static String[] EXCLUDED_FIELDS_WRITE_INSTRUCTIONS_STARTS_WITH_LIST = {"Event"};
+
+ private boolean isFieldExcluded(String field) {
+ // Check against "starts-with" list
+ for(String str : EXCLUDED_FIELDS_STARTS_WITH_LIST) {
+ if (field.startsWith(str)) {
+ return true;
+ }
+ }
+ // Check against "ends-with" list
+ for(String str : EXCLUDED_FIELDS_ENDS_WITH_LIST) {
+ if (field.endsWith(str)) {
+ return true;
+ }
+ }
+ // Check against "contains" list
+ for(String str : EXCLUDED_FIELDS_CONTAINS_LIST) {
+ if (field.contains(str)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ @Override
+ public void instructionExecuted(VM vm, ThreadInfo ti, Instruction nextInsn, Instruction executedInsn) {
+ if (stateReductionMode) {
+ if (isInitialized) {
+ if (choiceCounter > choices.length - 1) {
+ // We do not compute the conflicts for the choice '-1'
+ return;
+ }
+ int currentChoice = choiceCounter - 1;
+ // Record accesses from executed instructions
+ if (executedInsn instanceof JVMFieldInstruction) {
+ // Analyze only after being initialized
+ String fieldClass = ((JVMFieldInstruction) executedInsn).getFieldInfo().getFullName();
+ // We don't care about libraries
+ if (!isFieldExcluded(fieldClass)) {
+ analyzeReadWriteAccesses(executedInsn, fieldClass, currentChoice);
+ }
+ }
+ // Analyze conflicts from next instructions
+ if (nextInsn instanceof JVMFieldInstruction) {
+ // The constructor is only called once when the object is initialized
+ // It does not have shared access with other objects
+ MethodInfo mi = nextInsn.getMethodInfo();
+ if (!mi.getName().equals("<init>")) {
+ String fieldClass = ((JVMFieldInstruction) nextInsn).getFieldInfo().getFullName();
+ // We don't care about libraries
+ if (!isFieldExcluded(fieldClass)) {
+ // For the main graph we go down to 0, but for subgraph, we only go down to 1 since 0 contains
+ // the reversed event
+ int end = !isResetAfterAnalysis ? 0 : choiceListStartIndexMap.get(choices);
+ // Check for conflict (go backward from currentChoice and get the first conflict)
+ // If the current event has conflicts with multiple events, then these will be detected
+ // one by one as this recursively checks backward when backtrack set is revisited and executed.
+ for (int eventNumber = currentChoice - 1; eventNumber >= end; eventNumber--) {
+ // Skip if this event number does not have any Read/Write set
+ if (!readWriteFieldsMap.containsKey(choices[eventNumber])) {
+ continue;
+ }
+ ReadWriteSet rwSet = readWriteFieldsMap.get(choices[eventNumber]);
+ int currObjId = ((JVMFieldInstruction) nextInsn).getFieldInfo().getClassInfo().getClassObjectRef();
+ // 1) Check for conflicts with Write fields for both Read and Write instructions
+ if (((nextInsn instanceof WriteInstruction || nextInsn instanceof ReadInstruction) &&
+ rwSet.writeFieldExists(fieldClass) && rwSet.writeFieldObjectId(fieldClass) == currObjId) ||
+ (nextInsn instanceof WriteInstruction && rwSet.readFieldExists(fieldClass) &&
+ rwSet.readFieldObjectId(fieldClass) == currObjId)) {
+ // We do not record and service the same backtrack pair/point twice!
+ // If it has been serviced before, we just skip this
+ if (recordConflictPair(currentChoice, eventNumber)) {
+ createBacktrackChoiceList(currentChoice, eventNumber);
+ // Break if a conflict is found!
+ break;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
}
\ No newline at end of file