Brian Norris [Wed, 14 Nov 2012 23:52:16 +0000 (15:52 -0800)]
model: add ModelChecker is_enabled() functions
We don't want all users to have to directly address the scheduler;
provide an interface.
Brian Norris [Wed, 14 Nov 2012 23:43:39 +0000 (15:43 -0800)]
schedule: improve is_enabled() routines
The comments don't clearly explain what is_enabled() might include
(i.e., SLEEP_SET, ENABLED, or DISABLED). Also, we need a direct accessor
keyed by thread_id_t, not just by class Thread.
Brian Norris [Wed, 14 Nov 2012 23:28:25 +0000 (15:28 -0800)]
model: fix spacing
Brian Norris [Wed, 14 Nov 2012 23:27:40 +0000 (15:27 -0800)]
model: move snapshot members out of header
This struct is only used within model.cc
Brian Norris [Wed, 14 Nov 2012 03:31:02 +0000 (19:31 -0800)]
README
Brian Norris [Wed, 7 Nov 2012 03:10:53 +0000 (19:10 -0800)]
main: change default future value sloppiness
Future value sloppiness should be set somewhat in proportion to
maxfuturedelay, and we need a value higher than 2. Set to 10 for now,
although we may change this later.
Brian Norris [Wed, 7 Nov 2012 00:10:33 +0000 (16:10 -0800)]
nodestack: implement expiration sloppiness parameter
Now, a previously-explored, repeated future value will only generate a
new future-value/expiration pair if the expiration is higher than the
previous expiration + sloppiness. This prevents executions where we
continue to step up the future value expiration by a small increment,
creating the same execution.
This also rewrites the add_future_value() logic just a bit so that it is
a little bit more clear.
Brian Norris [Wed, 7 Nov 2012 00:09:59 +0000 (16:09 -0800)]
main/model: add future value expiration sloppiness parameter
Functionality not implemented yet
Brian Norris [Sun, 4 Nov 2012 02:39:33 +0000 (19:39 -0700)]
nodestack: limit the number of future values per read
Not tested very thoroughly, but it seems to limit the future values set
as intended.
Brian Norris [Sun, 4 Nov 2012 01:16:45 +0000 (18:16 -0700)]
main: add maxfuturevalues parameter (-M)
Not implemented yet
Brian Norris [Sun, 4 Nov 2012 00:50:26 +0000 (17:50 -0700)]
common: early quit on MODEL_ASSERT()
If a user program hits an assertion, we should quit before executing any
further. i.e., don't even wait for the next atomic action, since the
assertion might trigger more bugs that have unintended/unforseen
consequences.
Brian Norris [Sat, 3 Nov 2012 22:52:16 +0000 (15:52 -0700)]
model-assert: add MODEL_ASSERT() for user programs
Brian Norris [Tue, 6 Nov 2012 00:00:18 +0000 (16:00 -0800)]
model: refactor build_reads_from_past
A couple of if-else conditions can be merged to a single if block.
Also, I move the DBG prints for the may_read_from set into the correct
part of the if, to avoid printing false messages about the may_read_from
set.
Brian Norris [Wed, 14 Nov 2012 22:39:07 +0000 (14:39 -0800)]
common/config: allow enable/disable ASSERT() easily
Now, assertions (ASSERT()) are only checked if the CONFIG_ASSERT macro
is defined. We leave this enabled for all builds for now.
Brian Norris [Tue, 13 Nov 2012 00:42:41 +0000 (16:42 -0800)]
race: where possible, use "const void *" for addresses
This allows more flexible use for read-only objects.
Brian Norris [Wed, 7 Nov 2012 03:26:13 +0000 (19:26 -0800)]
test: add AB/BA deadlock test
Brian Norris [Wed, 7 Nov 2012 03:18:34 +0000 (19:18 -0800)]
model: add deadlock detection
This is only a simple end-of-execution deadlock detection. If we have a
true deadlock, and no other threads are spinning, then our execution
will exit --- we can recognize this state.
For more complicated deadlocks involving other spinning threads, we need
to perform some sort of depth-first-search cycle detection.
Brian Norris [Wed, 7 Nov 2012 03:13:05 +0000 (19:13 -0800)]
model: get_num_threads() should be const
Brian Norris [Sat, 3 Nov 2012 22:31:20 +0000 (15:31 -0700)]
snapshot: find the correct binary name
This is somewhat of a neutral change; the existing /proc/*/maps check
works because our path name usually has the word 'model' in it. But
really, we should find the true, full path of the user program.
This should be extended to find more maps (e.g., for other libraries),
and it should be extended for Mac OSX too.
Brian Norris [Sat, 3 Nov 2012 21:55:56 +0000 (14:55 -0700)]
snapshot: read from /proc/self/maps
We don't need to get the PID
Brian Norris [Fri, 2 Nov 2012 22:50:48 +0000 (15:50 -0700)]
main: fixup parameter parsing for user program
The user program expects 'optind' to be reset and for 'argv' and 'argc'
to include the program name as the first argument variable.
Note: our mmap()/mprotect()-based snapshotting does not snapshot this
'optind' global, so user-progs that use optarg() functionality might
fail.
Brian Norris [Sun, 4 Nov 2012 01:14:19 +0000 (18:14 -0700)]
main: always ensure defaults when printing
If one or more arguments have been parsed by the time we print a help
message, we may print the wrong defaults. Fix: always reset to defaults
before printing.
Brian Norris [Sun, 4 Nov 2012 01:09:59 +0000 (18:09 -0700)]
model: fix some whitespace
Brian Demsky [Sat, 3 Nov 2012 22:24:54 +0000 (15:24 -0700)]
annoying bug... Optimization was originally intended for the following insight:
if you have a unresolved read and a write w that is mod ordered after whatever that read sees, then any writes that are mo past w should not send their future values back to the unresolved read. So we begin by looking for operations that happen after the unresolved read and if they are a write we have our w, and if they are a read then its reads_from is our w.
The case I missed was we don't want to consider the write that the read we want to send the value to is currently reading... It won't cause a mo problem because it will be gone if we send a future value back to that read.
Brian Norris [Sat, 3 Nov 2012 19:09:20 +0000 (12:09 -0700)]
promise: fix signed/unsigned warning
Brian Demsky [Sat, 3 Nov 2012 09:54:08 +0000 (02:54 -0700)]
clean up check code
Brian Demsky [Sat, 3 Nov 2012 09:41:00 +0000 (02:41 -0700)]
optimization - a given write can resolve at most one promise from a rmw
Brian Demsky [Sat, 3 Nov 2012 08:32:19 +0000 (01:32 -0700)]
various fixes. linux rw locks should work again with -m 1
Brian Demsky [Sat, 3 Nov 2012 05:14:17 +0000 (22:14 -0700)]
Merge branch 'master' of ssh://demsky.eecs.uci.edu/home/git/model-checker
Brian Demsky [Sat, 3 Nov 2012 05:13:31 +0000 (22:13 -0700)]
fix two bugs in model.cc...mainly don't print bogus data race messages...
Brian Demsky [Sat, 3 Nov 2012 04:10:00 +0000 (21:10 -0700)]
this is the bad line...
Brian Demsky [Sat, 3 Nov 2012 03:26:19 +0000 (20:26 -0700)]
previous synchronization was weird...
Brian Demsky [Sat, 3 Nov 2012 01:50:11 +0000 (18:50 -0700)]
fix bugs with promise check...
Brian Demsky [Sat, 3 Nov 2012 00:35:42 +0000 (17:35 -0700)]
changes to fix at least a bug
Brian Demsky [Fri, 2 Nov 2012 08:11:40 +0000 (01:11 -0700)]
fix norris bugs
Brian Norris [Fri, 2 Nov 2012 04:43:07 +0000 (21:43 -0700)]
model: totally destroy 'curr' within initialize_curr_action()
We don't really want 'curr' and 'newcurr' to hang around together. So
convert initialize_curr_action() to have two "return" parameters; it
overwrites the 'curr' pointer as a return value and it returns a status
boolean to show that it overwrote it. This may help prevent some future
bugs.
Brian Norris [Fri, 2 Nov 2012 04:19:51 +0000 (21:19 -0700)]
clockvector: remove old include
We don't use std::max anymore.
Brian Demsky [Thu, 1 Nov 2012 23:50:19 +0000 (16:50 -0700)]
found the bug
Brian Demsky [Thu, 1 Nov 2012 22:59:56 +0000 (15:59 -0700)]
realloc doesn't guarantee zeroing...
Brian Demsky [Thu, 1 Nov 2012 22:57:49 +0000 (15:57 -0700)]
bug
Brian Demsky [Thu, 1 Nov 2012 22:11:00 +0000 (15:11 -0700)]
fix new bug
norris's makefile change breaks compile on mac
Brian Norris [Thu, 1 Nov 2012 19:53:01 +0000 (12:53 -0700)]
clockvector: bugfix - bad clock merge
The clock merge function had a really bad bug, where it would copy
garbage into the new clock vector, if the earlier clock vector (cv) was
"wider" than the current clock vector (this).
Now, ClockVector::merge is much simpler and much less buggy.
Brian Norris [Thu, 1 Nov 2012 19:08:53 +0000 (12:08 -0700)]
nodestack: improve bounds-checking assertion
I have a test case where future_index == -1 in get_future_value(). It
passes the ASSERT() and instead triggers a fault when accessing the
vector.
With the benchmarks at this commit:
commit
40b27f40998eed81640b016094bacf79df96d377
mpmc-queue: run more producer/consumer threads
I can trigger a model-checker bug by running:
# ./run.sh mpmc-queue/mpmc-queue -f 4 -m 1
...
Error: assertion failed in nodestack.cc at line 319
stack trace:
../libmodel.so : Node::get_future_value()+0x56
../libmodel.so : ModelChecker::process_read(ModelAction*, bool)+0x141
../libmodel.so :
ModelChecker::check_current_action(ModelAction*)+0x2ff
../libmodel.so : ModelChecker::take_step()+0x6c
../libmodel.so : ModelChecker::finish_execution()+0x10
../libmodel.so : ()+0x16a8a
../libmodel.so : main()+0x37
/lib/x86_64-linux-gnu/libc.so.6 : __libc_start_main()+0xed
mpmc-queue/mpmc-queue() [0x400f59]
...
Brian Norris [Thu, 1 Nov 2012 17:59:42 +0000 (10:59 -0700)]
common.mk: build with -O3 (except for Mac OSX)
Brian Norris [Thu, 1 Nov 2012 17:58:11 +0000 (10:58 -0700)]
model: silence "uninitialized" warning
Brian Norris [Thu, 1 Nov 2012 17:38:49 +0000 (10:38 -0700)]
model: update mo_may_allow restrictions
For future values, we can enforce the following rule:
If X --hb-> Y --mo-> Z, then X should not read from Z.
This a change from previous behavior, where we used 'sb' instead of
'hb'.
Tested with linuxrwlocks example:
./run.sh test/linuxrwlocks.o -f 4 -m 1
No difference in number of executions (feasible or infeasible); HASH
values were exactly the same.
Brian Norris [Mon, 29 Oct 2012 18:44:52 +0000 (11:44 -0700)]
tests: add thinair test
Brian Norris [Mon, 29 Oct 2012 18:23:26 +0000 (11:23 -0700)]
Makefile/malloc: don't warn for self-assign
Brian Norris [Mon, 29 Oct 2012 18:19:28 +0000 (11:19 -0700)]
Makefile: use -rdyanmic only for linking
I ignored this part of the GCC manpage:
"Pass the flag -export-dynamic to the ELF linker..."
Brian Norris [Mon, 29 Oct 2012 18:09:12 +0000 (11:09 -0700)]
tests: use signed printf format
Brian Demsky [Fri, 26 Oct 2012 23:31:20 +0000 (16:31 -0700)]
changes to allow running programs with racing initialization...
Brian Demsky [Thu, 25 Oct 2012 23:28:19 +0000 (16:28 -0700)]
check in test
Brian Demsky [Thu, 25 Oct 2012 23:25:09 +0000 (16:25 -0700)]
add test from nitpick paper...
Brian Demsky [Thu, 25 Oct 2012 04:37:02 +0000 (21:37 -0700)]
embarrassing bug...fixed...
Brian Norris [Fri, 19 Oct 2012 22:27:37 +0000 (15:27 -0700)]
model: fix - RMW cannot break release sequences
I misinterpreted the spec's description of release sequences.
Brian Norris [Fri, 12 Oct 2012 18:05:26 +0000 (11:05 -0700)]
Doxygen: document subdirectories
Document include/, but ignore doc/, benchmarks/, and test/.
Brian Norris [Fri, 12 Oct 2012 18:05:12 +0000 (11:05 -0700)]
thread_id_t: add comments
Brian Norris [Fri, 12 Oct 2012 17:52:00 +0000 (10:52 -0700)]
fixup 'int' vs. 'thread_id_t' usage
Brian Norris [Fri, 12 Oct 2012 17:24:18 +0000 (10:24 -0700)]
modeltypes: move to include/ dir, for now
The <mutex> header uses some small amount of private model-checker
information, so just move the common typedefs to our external include/
directory.
Brian Norris [Fri, 12 Oct 2012 17:21:41 +0000 (10:21 -0700)]
mutex: define empty destructor
I don't think we really need the destructor. It causes undefined
reference compilation errors though:
... undefined reference to `std::mutex::~mutex()'
Brian Norris [Fri, 12 Oct 2012 17:14:44 +0000 (10:14 -0700)]
condition_variable: move header
Move from "conditionvariable.h" to "include/condition_variable". This
allows the normal C++11 #include syntax of:
#include <condition_variable>
Brian Demsky [Fri, 12 Oct 2012 06:56:40 +0000 (23:56 -0700)]
add two test cases
Brian Demsky [Fri, 12 Oct 2012 06:56:12 +0000 (23:56 -0700)]
forgot to add two files...
bug fixes...
Brian Demsky [Fri, 12 Oct 2012 05:51:45 +0000 (22:51 -0700)]
commit untested condvar code
Brian Demsky [Fri, 12 Oct 2012 05:01:33 +0000 (22:01 -0700)]
Merge branch 'master' of ssh://demsky.eecs.uci.edu/home/git/model-checker
Brian Norris [Fri, 12 Oct 2012 00:08:20 +0000 (17:08 -0700)]
move other interface headers to include/
We want all external interface headers (i.e., any #include'd in user
programs) to be in the include/ directory.
Brian Demsky [Thu, 11 Oct 2012 23:54:20 +0000 (16:54 -0700)]
compiles with condition variables file added...
still need model checker support
Brian Norris [Thu, 11 Oct 2012 23:48:39 +0000 (16:48 -0700)]
mutex: move mutex.h to standard name/location
The important exported interfaces should be in the include/ dir. Also,
C++11 programs should use this header as:
#include <mutex>
Brian Norris [Thu, 11 Oct 2012 17:28:22 +0000 (10:28 -0700)]
include/: add small header comments
Brian Norris [Thu, 11 Oct 2012 17:18:18 +0000 (10:18 -0700)]
impatomic: add multiple-inclusion guards
Brian Norris [Thu, 11 Oct 2012 02:24:29 +0000 (19:24 -0700)]
action: improve printing
The 'value' field of a ModelAction might actually represent a signed
number, a pointer, or something else entirely, so values look very huge
and uninformative when printed, especially in decimal. Hexadecimal
representation makes everything a little more readable, I think.
While I'm at it, I adjust the spacing a little and make VALUE_NONE into
a different magic number which is more recognizable in hex.
Brian Norris [Wed, 10 Oct 2012 23:01:30 +0000 (16:01 -0700)]
Makefile: add benchmarks to top-level
Brian Norris [Wed, 10 Oct 2012 22:42:27 +0000 (15:42 -0700)]
segfault file/line breakpoint info
This can give easy info for using gdb. e.g.:
For debugging, place breakpoint at: snapshot.cc:92
Brian Norris [Wed, 10 Oct 2012 22:21:32 +0000 (15:21 -0700)]
Merge remote-tracking branch 'origin/master'
Brian Norris [Wed, 10 Oct 2012 22:16:59 +0000 (15:16 -0700)]
impatomic: add strong/weak compare_exchange
According to n2748.html, there was a change to allow spurious failure of
compare_exchange operations. Thus, there is no longer a
compare_exchange() operation, but rather a pair of
compare_exchange_{strong,weak)(). I resolve this for compilation
purposes now by editing the impatomic header (mostly with Vim macros for
patterned copy-paste-substitute) and adding an _ATOMIC_CMPSWP_WEAK_
macro, which is just an alias for _ATOMIC_CMPSWP_. Thus, we don't
simulate spurious failure yet.
See:
http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2748.html
Brian Demsky [Wed, 10 Oct 2012 21:33:30 +0000 (14:33 -0700)]
make scheduler choose fair schedules when threads with priority are sleeping...
Brian Norris [Wed, 10 Oct 2012 18:43:52 +0000 (11:43 -0700)]
action: add NULL dereference assertion
In user programs, we might find a NULL atomic object being dereferenced,
causing strange model-checker behavior which will track memory address 0
as an atomic object. This may result in apparently-uninitialized
variables, for instance.
So, just nip these in the bud with an assertion. Perhaps these things
can transformed into some more informative type of warning in the
future, where user-visible bugs might print helpful messages.
Brian Norris [Wed, 10 Oct 2012 18:41:38 +0000 (11:41 -0700)]
threads: correct 'thrd_yield()'
The C11 thrd_yield() interface should return void. Also, it doesn't need
to do anything in our model-checker for now. I'm leaving its
implementation commented out for now, in case we find it helps for
fairness, for instance. Note that I made its location parameter non-NULL
now, too, so that we can identify the Thread, if we ever use it.
Brian Demsky [Wed, 10 Oct 2012 01:10:37 +0000 (18:10 -0700)]
Merge branch 'master' of ssh://demsky.eecs.uci.edu/home/git/model-checker
Brian Demsky [Wed, 10 Oct 2012 01:10:10 +0000 (18:10 -0700)]
make linux_rw locks work again
Brian Norris [Wed, 10 Oct 2012 00:58:32 +0000 (17:58 -0700)]
Merge remote-tracking branch 'origin/master'
Brian Norris [Wed, 10 Oct 2012 00:55:31 +0000 (17:55 -0700)]
impatomic: rename all 'swap' to 'exchange'
n2427.html seems to have some very old definitions. I think this all
should be 'exchange', not 'swap'.
Note that there are other issues where we don't have the correct
function names available. But this fixes some of the problems.
Brian Demsky [Wed, 10 Oct 2012 00:54:43 +0000 (17:54 -0700)]
fix some of the bugs related to barrier example...
Brian Norris [Wed, 10 Oct 2012 00:48:56 +0000 (17:48 -0700)]
include: add multiple-inclusion guards
Brian Norris [Tue, 9 Oct 2012 23:30:43 +0000 (16:30 -0700)]
.gitignore: ignore 'benchmarks' folder
Now, you can clone the benchmarks repository under the name 'benchmarks'
and have it compile-ready (but ignored by this repository) with:
git clone <URI/model-checker-benchmarks.git> benchmarks
cd benchmarks
make
Future updates can be pulled in via a 'git pull' from that directory:
cd benchmarks
git pull
Brian Norris [Tue, 9 Oct 2012 21:10:45 +0000 (14:10 -0700)]
tests: use <stdatomic.h>
While I'm at it, rearrange the header listings.
Brian Norris [Tue, 9 Oct 2012 19:09:02 +0000 (12:09 -0700)]
move libthreads.h -> include/threads.h
Helps user programs to be able to just use C11 <threads.h>
Brian Norris [Tue, 9 Oct 2012 19:05:32 +0000 (12:05 -0700)]
rename threads.h -> threads-model.h
There's a name conflict with the C11 <threads.h>
We might as well just avoid the conflict entirely
Brian Norris [Tue, 9 Oct 2012 19:02:42 +0000 (12:02 -0700)]
include: add <atomic> header
Brian Demsky [Tue, 9 Oct 2012 06:35:21 +0000 (23:35 -0700)]
did a little more looking at infeasible executions...
another obvious property we missed...kills about 1/3 of the infeasible executions...
Brian Norris [Wed, 3 Oct 2012 19:07:33 +0000 (12:07 -0700)]
model: JOIN/LOCK unification
Make join and lock actions use similar code paths.
This used to trigger a bug, due to the lack of a private snapshotting
heap.
Brian Norris [Tue, 9 Oct 2012 02:34:43 +0000 (19:34 -0700)]
datarace: reformat datarace printing
Brian Norris [Tue, 9 Oct 2012 01:59:26 +0000 (18:59 -0700)]
threads: allocate on user's snapshotting heap
The following comment is included in threads.h to explain this choice:
Intentionally NOT allocated with MODELALLOC or SNAPSHOTALLOC. Threads
should be allocated on the user's normal (snapshotting) heap to allow
their allocation/deallocation to follow the same pattern as the rest
of the backtracked/replayed program.
This fix solves problems seen in certain test programs regarding a
Thread being allocated in different locations for different executions.
Brian Norris [Tue, 9 Oct 2012 01:42:22 +0000 (18:42 -0700)]
schedule: bugfix - fix typo in wake
The Thread should be re-enabled, not disabled, when waking up.
Brian Norris [Tue, 9 Oct 2012 01:36:06 +0000 (18:36 -0700)]
user_main: pass remaining arguments to the user program
Brian Norris [Tue, 9 Oct 2012 01:34:35 +0000 (18:34 -0700)]
main: rename 'real_main()' to 'model_main()'
Brian Demsky [Tue, 9 Oct 2012 00:20:20 +0000 (17:20 -0700)]
mistake
Brian Demsky [Tue, 9 Oct 2012 00:19:32 +0000 (17:19 -0700)]
be much more careful about sending values backwards...
also implement hashing for traces...just an easy way to confirm whether we lose new traces...
Brian Demsky [Mon, 8 Oct 2012 21:48:47 +0000 (14:48 -0700)]
be even more aggressive about sleep sets...
if an action was sleeping, it should only read from a value that could potentially result in synchronization with a release done while it was sleeping
Brian Norris [Mon, 8 Oct 2012 20:53:42 +0000 (13:53 -0700)]
mymemory: re-indent