Brian Norris [Fri, 16 Nov 2012 22:58:32 +0000 (14:58 -0800)]
model: rework assert_bug() and assert_user_bug() interfaces
We don't need assert_bug_immediate(), and we don't need some of the
optional parameters in assert_bug(). Just simplify down to two
interfaces:
assert_bug()
assert_user_bug()
The former is useful for all bugs triggered from model-checker threads,
and the latter is useful from a user-thread context, so that you can
immediately switch to the model-checking context and exit the program -
but *only if* the trace is currently-feasible.
Brian Norris [Fri, 16 Nov 2012 22:44:32 +0000 (14:44 -0800)]
dataraces: don't print an uninformative "Data race" bug msg
Now that checkDataRaces() handles all bug reporting and assertions on
its own, we don't need an additional bug report message printed by the
caller. In some cases, this means the caller doesn't have any action to
take. In one case (a race immediately-realized from a user thread), we
still need to "bail out" to the model-checker.
Brian Norris [Fri, 16 Nov 2012 22:38:26 +0000 (14:38 -0800)]
datarace: redirect "Data race @ ..." messages to model-checker bug list
Data race information was previously printed in multiple ways: through
the datarace.cc printRace() method and through the model-checker
assert_bug() method. Start unifying that.
Other notes:
- Data race objects probably should be freed (even though they are
snapshotted). I fix this.
- Races could be printed more than once previously, since the
unrealizedraces vector was never cleared of realized races. Now, we
clear this vector every time we process it (in a feasible execution),
either stashing a bug message or dropping the race entirely.
Brian Norris [Fri, 16 Nov 2012 21:59:03 +0000 (13:59 -0800)]
datarace: change "Datarace" to "Data race"
Brian Norris [Fri, 16 Nov 2012 20:02:10 +0000 (12:02 -0800)]
model: restructure statistics records
Brian Norris [Fri, 16 Nov 2012 02:01:31 +0000 (18:01 -0800)]
model: annotate SNAPSHOT for bug_message
Since we use operator new with bug_message, it needs to be marked
SNAPSHOTALLOC.
Brian Norris [Fri, 16 Nov 2012 01:51:43 +0000 (17:51 -0800)]
model: temporary fix for uninitialized loads
This patch does two things:
(1) Convert 'set_assert()' to 'assert_bug()' to provide:
- More unified bug printing
- Only printing the bug for a feasible prefix
(2) Avoids the work_queue loop if a bug was asserted
Part (1) mostly provides some cosmetic fixes.
Part (2) prevents an ASSERT() from being thrown in future values, since
we don't abort the trace early enough when there's nothing to read from.
This all needs better treatment of uninitialized loads, as there are
some loose ends.
Brian Norris [Thu, 15 Nov 2012 21:50:40 +0000 (13:50 -0800)]
assert bugs through common interface
- User-provied assertions (MODEL_ASSERT())
- Data races
- Deadlocks
- Unlock before lock
Notably, I have not yet converted the "uninitialized load" bug, because
it actually isn't correct yet. It needs to handle future values and lazy
synchronization better.
Brian Norris [Thu, 15 Nov 2012 21:33:13 +0000 (13:33 -0800)]
model: print bug reports at end of each execution
This ensures:
- that bug reports are printed only at the end of feasible executions
- that execution summaries are printed only for complete (or halted and
buggy) executions that are feasible
- that all bug reports will have the same formatting (at least, ones
that use the 'assert_bug()' function)
Note that deadlocks are the only bugs reported this way right now. I'll
fix that up soon.
Brian Norris [Thu, 15 Nov 2012 21:25:35 +0000 (13:25 -0800)]
model: add bug reporting framework
This will help clean up bug reporting so that bugs are only printed for
complete, valid executions.
Brian Norris [Thu, 15 Nov 2012 21:29:44 +0000 (13:29 -0800)]
model: remove unnecessary DEBUG()
Brian Norris [Thu, 15 Nov 2012 20:43:23 +0000 (12:43 -0800)]
model: use snapshot_calloc()
Also, might as well free priv on destruction.
Brian Norris [Thu, 15 Nov 2012 20:21:45 +0000 (12:21 -0800)]
model: add 'const'
Brian Norris [Thu, 15 Nov 2012 00:46:03 +0000 (16:46 -0800)]
model: routine to check if execution is complete
Not used yet.
Brian Demsky [Thu, 15 Nov 2012 07:29:52 +0000 (23:29 -0800)]
make compile on linux...needed string.h
Brian Demsky [Thu, 15 Nov 2012 07:27:30 +0000 (23:27 -0800)]
Merge branch 'master' of /home/git/model-checker
Brian Demsky [Thu, 15 Nov 2012 07:26:45 +0000 (23:26 -0800)]
optimize hashtable so we don't always build new ones for cyclegraph check
Brian Demsky [Thu, 15 Nov 2012 06:45:26 +0000 (22:45 -0800)]
remove hashtable functionality
Brian Demsky [Thu, 15 Nov 2012 06:44:33 +0000 (22:44 -0800)]
make hashtables only contain primitive types or pointers
Brian Demsky [Thu, 15 Nov 2012 04:55:23 +0000 (20:55 -0800)]
Merge branch 'master' of /home/git/model-checker
Brian Demsky [Thu, 15 Nov 2012 04:55:06 +0000 (20:55 -0800)]
avoid warning
Brian Demsky [Thu, 15 Nov 2012 02:15:04 +0000 (18:15 -0800)]
merge
Merge branch 'master' of ssh://demsky.eecs.uci.edu/home/git/model-checker
Conflicts:
config.h
model.cc
Brian Demsky [Thu, 15 Nov 2012 02:11:29 +0000 (18:11 -0800)]
optimization...don't calloc the datarace tables every single time...it is really expensive for rollback
Brian Norris [Thu, 15 Nov 2012 00:30:39 +0000 (16:30 -0800)]
model: remove useless special case
Why do we want to print races, etc., when exiting due to execution
length bound? If you want that, just enable debug prints.
Brian Norris [Wed, 14 Nov 2012 23:56:55 +0000 (15:56 -0800)]
model: don't export Scheduler
I removed any users of the get_scheduler() function.
Brian Norris [Wed, 14 Nov 2012 23:55:59 +0000 (15:55 -0800)]
model/promise: use ModelChecker is_enabled() interface
class Promise should not need to access Scheduler directly. Use the
ModelChecker interface.
Brian Norris [Wed, 14 Nov 2012 23:53:16 +0000 (15:53 -0800)]
model: is_deadlocked() (sort of) had a bug
We were comparing the boolean (is_enabled(t)) to an enum
(THREAD_DISABLED). This happened to work as we wanted to because
THREAD_DISABLED == 0 == false. But that's not really what I meant...
Anyway, this uses a proper ModelChecker::is_enabled(tid) interface.
Brian Norris [Wed, 14 Nov 2012 23:52:16 +0000 (15:52 -0800)]
model: add ModelChecker is_enabled() functions
We don't want all users to have to directly address the scheduler;
provide an interface.
Brian Norris [Wed, 14 Nov 2012 23:43:39 +0000 (15:43 -0800)]
schedule: improve is_enabled() routines
The comments don't clearly explain what is_enabled() might include
(i.e., SLEEP_SET, ENABLED, or DISABLED). Also, we need a direct accessor
keyed by thread_id_t, not just by class Thread.
Brian Norris [Wed, 14 Nov 2012 23:28:25 +0000 (15:28 -0800)]
model: fix spacing
Brian Norris [Wed, 14 Nov 2012 23:27:40 +0000 (15:27 -0800)]
model: move snapshot members out of header
This struct is only used within model.cc
Brian Norris [Wed, 14 Nov 2012 03:31:02 +0000 (19:31 -0800)]
README
Brian Norris [Wed, 7 Nov 2012 03:10:53 +0000 (19:10 -0800)]
main: change default future value sloppiness
Future value sloppiness should be set somewhat in proportion to
maxfuturedelay, and we need a value higher than 2. Set to 10 for now,
although we may change this later.
Brian Norris [Wed, 7 Nov 2012 00:10:33 +0000 (16:10 -0800)]
nodestack: implement expiration sloppiness parameter
Now, a previously-explored, repeated future value will only generate a
new future-value/expiration pair if the expiration is higher than the
previous expiration + sloppiness. This prevents executions where we
continue to step up the future value expiration by a small increment,
creating the same execution.
This also rewrites the add_future_value() logic just a bit so that it is
a little bit more clear.
Brian Norris [Wed, 7 Nov 2012 00:09:59 +0000 (16:09 -0800)]
main/model: add future value expiration sloppiness parameter
Functionality not implemented yet
Brian Norris [Sun, 4 Nov 2012 02:39:33 +0000 (19:39 -0700)]
nodestack: limit the number of future values per read
Not tested very thoroughly, but it seems to limit the future values set
as intended.
Brian Norris [Sun, 4 Nov 2012 01:16:45 +0000 (18:16 -0700)]
main: add maxfuturevalues parameter (-M)
Not implemented yet
Brian Norris [Sun, 4 Nov 2012 00:50:26 +0000 (17:50 -0700)]
common: early quit on MODEL_ASSERT()
If a user program hits an assertion, we should quit before executing any
further. i.e., don't even wait for the next atomic action, since the
assertion might trigger more bugs that have unintended/unforseen
consequences.
Brian Norris [Sat, 3 Nov 2012 22:52:16 +0000 (15:52 -0700)]
model-assert: add MODEL_ASSERT() for user programs
Brian Norris [Tue, 6 Nov 2012 00:00:18 +0000 (16:00 -0800)]
model: refactor build_reads_from_past
A couple of if-else conditions can be merged to a single if block.
Also, I move the DBG prints for the may_read_from set into the correct
part of the if, to avoid printing false messages about the may_read_from
set.
Brian Norris [Wed, 14 Nov 2012 22:39:07 +0000 (14:39 -0800)]
common/config: allow enable/disable ASSERT() easily
Now, assertions (ASSERT()) are only checked if the CONFIG_ASSERT macro
is defined. We leave this enabled for all builds for now.
Brian Norris [Tue, 13 Nov 2012 00:42:41 +0000 (16:42 -0800)]
race: where possible, use "const void *" for addresses
This allows more flexible use for read-only objects.
Brian Norris [Wed, 7 Nov 2012 03:26:13 +0000 (19:26 -0800)]
test: add AB/BA deadlock test
Brian Norris [Wed, 7 Nov 2012 03:18:34 +0000 (19:18 -0800)]
model: add deadlock detection
This is only a simple end-of-execution deadlock detection. If we have a
true deadlock, and no other threads are spinning, then our execution
will exit --- we can recognize this state.
For more complicated deadlocks involving other spinning threads, we need
to perform some sort of depth-first-search cycle detection.
Brian Norris [Wed, 7 Nov 2012 03:13:05 +0000 (19:13 -0800)]
model: get_num_threads() should be const
Brian Norris [Sat, 3 Nov 2012 22:31:20 +0000 (15:31 -0700)]
snapshot: find the correct binary name
This is somewhat of a neutral change; the existing /proc/*/maps check
works because our path name usually has the word 'model' in it. But
really, we should find the true, full path of the user program.
This should be extended to find more maps (e.g., for other libraries),
and it should be extended for Mac OSX too.
Brian Norris [Sat, 3 Nov 2012 21:55:56 +0000 (14:55 -0700)]
snapshot: read from /proc/self/maps
We don't need to get the PID
Brian Norris [Fri, 2 Nov 2012 22:50:48 +0000 (15:50 -0700)]
main: fixup parameter parsing for user program
The user program expects 'optind' to be reset and for 'argv' and 'argc'
to include the program name as the first argument variable.
Note: our mmap()/mprotect()-based snapshotting does not snapshot this
'optind' global, so user-progs that use optarg() functionality might
fail.
Brian Norris [Wed, 7 Nov 2012 03:26:13 +0000 (19:26 -0800)]
test: add AB/BA deadlock test
Brian Norris [Wed, 7 Nov 2012 03:18:34 +0000 (19:18 -0800)]
model: add deadlock detection
This is only a simple end-of-execution deadlock detection. If we have a
true deadlock, and no other threads are spinning, then our execution
will exit --- we can recognize this state.
For more complicated deadlocks involving other spinning threads, we need
to perform some sort of depth-first-search cycle detection.
Brian Norris [Wed, 7 Nov 2012 03:13:05 +0000 (19:13 -0800)]
model: get_num_threads() should be const
Brian Norris [Wed, 7 Nov 2012 03:10:53 +0000 (19:10 -0800)]
main: change default future value sloppiness
Future value sloppiness should be set somewhat in proportion to
maxfuturedelay, and we need a value higher than 2. Set to 10 for now,
although we may change this later.
Brian Norris [Wed, 7 Nov 2012 00:10:33 +0000 (16:10 -0800)]
nodestack: implement expiration sloppiness parameter
Now, a previously-explored, repeated future value will only generate a
new future-value/expiration pair if the expiration is higher than the
previous expiration + sloppiness. This prevents executions where we
continue to step up the future value expiration by a small increment,
creating the same execution.
This also rewrites the add_future_value() logic just a bit so that it is
a little bit more clear.
Brian Norris [Wed, 7 Nov 2012 00:09:59 +0000 (16:09 -0800)]
main/model: add future value expiration sloppiness parameter
Functionality not implemented yet
Brian Norris [Tue, 6 Nov 2012 00:00:18 +0000 (16:00 -0800)]
model: refactor build_reads_from_past
A couple of if-else conditions can be merged to a single if block.
Also, I move the DBG prints for the may_read_from set into the correct
part of the if, to avoid printing false messages about the may_read_from
set.
Brian Norris [Sun, 4 Nov 2012 02:39:33 +0000 (19:39 -0700)]
nodestack: limit the number of future values per read
Not tested very thoroughly, but it seems to limit the future values set
as intended.
Brian Norris [Sun, 4 Nov 2012 01:16:45 +0000 (18:16 -0700)]
main: add maxfuturevalues parameter (-M)
Not implemented yet
Brian Norris [Sun, 4 Nov 2012 01:16:19 +0000 (18:16 -0700)]
Merge branch 'master' into pldi13
Brian Norris [Sun, 4 Nov 2012 01:14:19 +0000 (18:14 -0700)]
main: always ensure defaults when printing
If one or more arguments have been parsed by the time we print a help
message, we may print the wrong defaults. Fix: always reset to defaults
before printing.
Brian Norris [Sun, 4 Nov 2012 01:09:59 +0000 (18:09 -0700)]
model: fix some whitespace
Brian Norris [Sun, 4 Nov 2012 00:50:26 +0000 (17:50 -0700)]
common: early quit on MODEL_ASSERT()
If a user program hits an assertion, we should quit before executing any
further. i.e., don't even wait for the next atomic action, since the
assertion might trigger more bugs that have unintended/unforseen
consequences.
Brian Norris [Sat, 3 Nov 2012 22:52:16 +0000 (15:52 -0700)]
model-assert: add MODEL_ASSERT() for user programs
Brian Norris [Sat, 3 Nov 2012 22:31:20 +0000 (15:31 -0700)]
snapshot: find the correct binary name
This is somewhat of a neutral change; the existing /proc/*/maps check
works because our path name usually has the word 'model' in it. But
really, we should find the true, full path of the user program.
This should be extended to find more maps (e.g., for other libraries),
and it should be extended for Mac OSX too.
Brian Norris [Sat, 3 Nov 2012 22:31:02 +0000 (15:31 -0700)]
Merge remote-tracking branch 'origin/master' into pldi13
Brian Demsky [Sat, 3 Nov 2012 22:24:54 +0000 (15:24 -0700)]
annoying bug... Optimization was originally intended for the following insight:
if you have a unresolved read and a write w that is mod ordered after whatever that read sees, then any writes that are mo past w should not send their future values back to the unresolved read. So we begin by looking for operations that happen after the unresolved read and if they are a write we have our w, and if they are a read then its reads_from is our w.
The case I missed was we don't want to consider the write that the read we want to send the value to is currently reading... It won't cause a mo problem because it will be gone if we send a future value back to that read.
Brian Norris [Sat, 3 Nov 2012 21:55:56 +0000 (14:55 -0700)]
snapshot: read from /proc/self/maps
We don't need to get the PID
Brian Norris [Sat, 3 Nov 2012 19:09:47 +0000 (12:09 -0700)]
Merge remote-tracking branch 'origin/master' into pldi13
Brian Norris [Sat, 3 Nov 2012 19:09:20 +0000 (12:09 -0700)]
promise: fix signed/unsigned warning
Brian Demsky [Sat, 3 Nov 2012 09:54:08 +0000 (02:54 -0700)]
clean up check code
Brian Demsky [Sat, 3 Nov 2012 09:41:00 +0000 (02:41 -0700)]
optimization - a given write can resolve at most one promise from a rmw
Brian Demsky [Sat, 3 Nov 2012 08:32:19 +0000 (01:32 -0700)]
various fixes. linux rw locks should work again with -m 1
Brian Demsky [Sat, 3 Nov 2012 05:14:17 +0000 (22:14 -0700)]
Merge branch 'master' of ssh://demsky.eecs.uci.edu/home/git/model-checker
Brian Demsky [Sat, 3 Nov 2012 05:13:31 +0000 (22:13 -0700)]
fix two bugs in model.cc...mainly don't print bogus data race messages...
Brian Demsky [Sat, 3 Nov 2012 04:10:00 +0000 (21:10 -0700)]
this is the bad line...
Brian Demsky [Sat, 3 Nov 2012 03:26:19 +0000 (20:26 -0700)]
previous synchronization was weird...
Brian Norris [Sat, 3 Nov 2012 03:20:49 +0000 (20:20 -0700)]
Merge remote-tracking branch 'origin/master' into pldi13
Brian Demsky [Sat, 3 Nov 2012 01:50:11 +0000 (18:50 -0700)]
fix bugs with promise check...
Brian Demsky [Sat, 3 Nov 2012 00:35:42 +0000 (17:35 -0700)]
changes to fix at least a bug
Brian Norris [Fri, 2 Nov 2012 22:50:48 +0000 (15:50 -0700)]
main: fixup parameter parsing for user program
The user program expects 'optind' to be reset and for 'argv' and 'argc'
to include the program name as the first argument variable.
Note: our mmap()/mprotect()-based snapshotting does not snapshot this
'optind' global, so user-progs that use optarg() functionality might
fail.
Brian Norris [Fri, 2 Nov 2012 19:46:35 +0000 (12:46 -0700)]
common/config: disable ASSERT() by default
Brian Demsky [Fri, 2 Nov 2012 08:11:40 +0000 (01:11 -0700)]
fix norris bugs
Brian Norris [Fri, 2 Nov 2012 04:43:07 +0000 (21:43 -0700)]
model: totally destroy 'curr' within initialize_curr_action()
We don't really want 'curr' and 'newcurr' to hang around together. So
convert initialize_curr_action() to have two "return" parameters; it
overwrites the 'curr' pointer as a return value and it returns a status
boolean to show that it overwrote it. This may help prevent some future
bugs.
Brian Norris [Fri, 2 Nov 2012 04:19:51 +0000 (21:19 -0700)]
clockvector: remove old include
We don't use std::max anymore.
Brian Demsky [Thu, 1 Nov 2012 23:50:19 +0000 (16:50 -0700)]
found the bug
Brian Demsky [Thu, 1 Nov 2012 22:59:56 +0000 (15:59 -0700)]
realloc doesn't guarantee zeroing...
Brian Demsky [Thu, 1 Nov 2012 22:57:49 +0000 (15:57 -0700)]
bug
Brian Demsky [Thu, 1 Nov 2012 22:11:00 +0000 (15:11 -0700)]
fix new bug
norris's makefile change breaks compile on mac
Brian Norris [Thu, 1 Nov 2012 19:53:01 +0000 (12:53 -0700)]
clockvector: bugfix - bad clock merge
The clock merge function had a really bad bug, where it would copy
garbage into the new clock vector, if the earlier clock vector (cv) was
"wider" than the current clock vector (this).
Now, ClockVector::merge is much simpler and much less buggy.
Brian Norris [Thu, 1 Nov 2012 19:08:53 +0000 (12:08 -0700)]
nodestack: improve bounds-checking assertion
I have a test case where future_index == -1 in get_future_value(). It
passes the ASSERT() and instead triggers a fault when accessing the
vector.
With the benchmarks at this commit:
commit
40b27f40998eed81640b016094bacf79df96d377
mpmc-queue: run more producer/consumer threads
I can trigger a model-checker bug by running:
# ./run.sh mpmc-queue/mpmc-queue -f 4 -m 1
...
Error: assertion failed in nodestack.cc at line 319
stack trace:
../libmodel.so : Node::get_future_value()+0x56
../libmodel.so : ModelChecker::process_read(ModelAction*, bool)+0x141
../libmodel.so :
ModelChecker::check_current_action(ModelAction*)+0x2ff
../libmodel.so : ModelChecker::take_step()+0x6c
../libmodel.so : ModelChecker::finish_execution()+0x10
../libmodel.so : ()+0x16a8a
../libmodel.so : main()+0x37
/lib/x86_64-linux-gnu/libc.so.6 : __libc_start_main()+0xed
mpmc-queue/mpmc-queue() [0x400f59]
...
Brian Norris [Thu, 1 Nov 2012 17:59:42 +0000 (10:59 -0700)]
common.mk: build with -O3 (except for Mac OSX)
Brian Norris [Thu, 1 Nov 2012 17:58:11 +0000 (10:58 -0700)]
model: silence "uninitialized" warning
Brian Norris [Thu, 1 Nov 2012 17:38:49 +0000 (10:38 -0700)]
model: update mo_may_allow restrictions
For future values, we can enforce the following rule:
If X --hb-> Y --mo-> Z, then X should not read from Z.
This a change from previous behavior, where we used 'sb' instead of
'hb'.
Tested with linuxrwlocks example:
./run.sh test/linuxrwlocks.o -f 4 -m 1
No difference in number of executions (feasible or infeasible); HASH
values were exactly the same.
Brian Norris [Mon, 29 Oct 2012 18:44:52 +0000 (11:44 -0700)]
tests: add thinair test
Brian Norris [Mon, 29 Oct 2012 18:23:26 +0000 (11:23 -0700)]
Makefile/malloc: don't warn for self-assign
Brian Norris [Mon, 29 Oct 2012 18:19:28 +0000 (11:19 -0700)]
Makefile: use -rdyanmic only for linking
I ignored this part of the GCC manpage:
"Pass the flag -export-dynamic to the ELF linker..."
Brian Norris [Mon, 29 Oct 2012 18:09:12 +0000 (11:09 -0700)]
tests: use signed printf format
Brian Demsky [Fri, 26 Oct 2012 23:31:20 +0000 (16:31 -0700)]
changes to allow running programs with racing initialization...
Brian Demsky [Thu, 25 Oct 2012 23:28:19 +0000 (16:28 -0700)]
check in test
Brian Demsky [Thu, 25 Oct 2012 23:25:09 +0000 (16:25 -0700)]
add test from nitpick paper...
Brian Demsky [Thu, 25 Oct 2012 04:37:02 +0000 (21:37 -0700)]
embarrassing bug...fixed...