From 5aff275cd81f65fbfaa2c08fdcc1ff62903453ee Mon Sep 17 00:00:00 2001
From: weiyu <weiyuluo1232@gmail.com>
Date: Mon, 17 Feb 2020 11:27:57 -0800
Subject: [PATCH] Bug fix
---
funcnode.cc | 9 +++++
history.cc | 11 +++---
newfuzzer.cc | 95 +++++++++++++++++++++++-----------------------------
newfuzzer.h | 3 --
predicate.cc | 4 ++-
5 files changed, 58 insertions(+), 64 deletions(-)
diff --git a/funcnode.cc b/funcnode.cc
index 92e37955..db39072b 100644
--- a/funcnode.cc
+++ b/funcnode.cc
@@ -6,6 +6,8 @@
#include "concretepredicate.h"
#include "model.h"
+#include "execution.h"
+#include "newfuzzer.h"
#include <cmath>
FuncNode::FuncNode(ModelHistory * history) :
@@ -290,6 +292,9 @@ void FuncNode::update_predicate_tree(ModelAction * next_act)
inst_id_map_t * inst_id_map = thrd_inst_id_maps[thread_id]->back();
Predicate * curr_pred = get_predicate_tree_position(tid);
+ NewFuzzer * fuzzer = (NewFuzzer *)model->get_execution()->getFuzzer();
+ Predicate * selected_branch = fuzzer->get_selected_child_branch(tid);
+
while (true) {
FuncInst * next_inst = get_inst(next_act);
next_inst->set_associated_read(tid, recursion_depth, this_marker, next_act->get_reads_from_value());
@@ -352,6 +357,10 @@ void FuncNode::update_predicate_tree(ModelAction * next_act)
add_predicate_to_trace(tid, curr_pred);
break;
}
+
+ // A check
+ if (selected_branch != NULL)
+ ASSERT(selected_branch == curr_pred);
}
/* Given curr_pred and next_inst, find the branch following curr_pred that
diff --git a/history.cc b/history.cc
index 081f85d1..7fab503b 100644
--- a/history.cc
+++ b/history.cc
@@ -148,12 +148,9 @@ void ModelHistory::process_action(ModelAction *act, thread_id_t tid)
func_node->add_inst(act);
if (act->is_read()) {
-// Fuzzer * fuzzer = model->get_execution()->getFuzzer();
-// Predicate * selected_branch = ((NewFuzzer *)fuzzer)->get_selected_child_branch(tid);
-// func_node->set_predicate_tree_position(tid, selected_branch);
- }
-/*
- if (act->is_write()) {
+ // Do nothing
+ } else if (act->is_write()) {
+ /*
Predicate * curr_pred = func_node->get_predicate_tree_position(tid);
FuncInst * curr_inst = func_node->get_inst(act);
@@ -162,8 +159,8 @@ void ModelHistory::process_action(ModelAction *act, thread_id_t tid)
curr_pred = curr_pred->follow_write_child(curr_inst);
}
func_node->set_predicate_tree_position(tid, curr_pred);
+ */
}
-*/
func_node->update_tree(act);
last_action = act;
diff --git a/newfuzzer.cc b/newfuzzer.cc
index ff19354c..be483886 100644
--- a/newfuzzer.cc
+++ b/newfuzzer.cc
@@ -19,7 +19,6 @@ NewFuzzer::NewFuzzer() :
thrd_pruned_writes(),
paused_thread_list(),
paused_thread_table(128),
- failed_predicates(32),
dist_info_vec()
{}
@@ -74,12 +73,10 @@ int NewFuzzer::selectWrite(ModelAction *read, SnapVector<ModelAction *> * rf_set
delete it;
}
+ thrd_selected_child_branch[thread_id] = selected_branch;
prune_writes(tid, index, marker, selected_branch, rf_set);
}
- if (!failed_predicates.isEmpty())
- failed_predicates.reset();
-
thrd_last_read_act[thread_id] = read;
thrd_last_func_inst[thread_id] = read_inst;
}
@@ -92,8 +89,7 @@ int NewFuzzer::selectWrite(ModelAction *read, SnapVector<ModelAction *> * rf_set
int index = func_node->get_recursion_depth(tid);
uint32_t marker = func_node->get_marker(tid);
- // Add failed predicate to NewFuzzer and FuncNode
- failed_predicates.put(selected_branch, true);
+ // Increment failure count
selected_branch->incr_fail_count();
//model_print("the %d read action of thread %d at %p is unsuccessful\n", read->get_seq_number(), read_thread->get_id(), read->get_location());
@@ -107,6 +103,7 @@ int NewFuzzer::selectWrite(ModelAction *read, SnapVector<ModelAction *> * rf_set
Predicate * curr_pred = selected_branch->get_parent();
FuncInst * read_inst = thrd_last_func_inst[thread_id];
selected_branch = selectBranch(tid, curr_pred, read_inst);
+ thrd_selected_child_branch[thread_id] = selected_branch;
prune_writes(tid, index, marker, selected_branch, rf_set);
@@ -170,7 +167,6 @@ Predicate * NewFuzzer::selectBranch(thread_id_t tid, Predicate * curr_pred, Func
int index = choose_branch_index(&available_branches_tmp_storage);
Predicate * selected_branch = available_branches_tmp_storage[ index ];
- thrd_selected_child_branch[thread_id] = selected_branch;
/* Remove the chosen branch from vec in case that this
* branch fails and need to choose another one */
@@ -255,7 +251,45 @@ bool NewFuzzer::prune_writes(thread_id_t tid, int index, uint32_t marker,
ModelAction * write_act = (*rf_set)[rf_index];
uint64_t write_val = write_act->get_write_value();
bool no_predicate = false;
- bool satisfy_predicate = check_predicate_expressions(tid, index, marker, pred_expressions, write_val, &no_predicate);
+ bool satisfy_predicate = true;
+
+ // Check if the write value satisfies the predicates
+ PredExprSetIter * pred_expr_it = pred_expressions->iterator();
+ while (pred_expr_it->hasNext()) {
+ struct pred_expr * expression = pred_expr_it->next();
+ bool equality;
+
+ switch (expression->token) {
+ case NOPREDICATE:
+ no_predicate = true;
+ break;
+ case EQUALITY:
+ FuncInst * to_be_compared;
+ uint64_t last_read;
+
+ to_be_compared = expression->func_inst;
+ last_read = to_be_compared->get_associated_read(tid, index, marker);
+ ASSERT(last_read != VALUE_NONE);
+
+ equality = (write_val == last_read);
+ if (equality != expression->value)
+ satisfy_predicate = false;
+ break;
+ case NULLITY:
+ // TODO: implement likely to be null
+ equality = ((void*) (write_val & 0xffffffff) == NULL);
+ if (equality != expression->value)
+ satisfy_predicate = false;
+ break;
+ default:
+ model_print("unknown predicate token\n");
+ break;
+ }
+
+ if (!satisfy_predicate)
+ break;
+ }
+ delete pred_expr_it;
if (no_predicate)
return false;
@@ -416,51 +450,6 @@ bool NewFuzzer::find_threads(ModelAction * pending_read)
return finds_waiting_for;
}
-bool NewFuzzer::check_predicate_expressions(thread_id_t tid, int index, uint32_t marker,
- PredExprSet * pred_expressions, uint64_t write_val, bool * no_predicate)
-{
- bool satisfy_predicate = true;
-
- PredExprSetIter * pred_expr_it = pred_expressions->iterator();
- while (pred_expr_it->hasNext()) {
- struct pred_expr * expression = pred_expr_it->next();
- bool equality;
-
- switch (expression->token) {
- case NOPREDICATE:
- *no_predicate = true;
- break;
- case EQUALITY:
- FuncInst * to_be_compared;
- uint64_t last_read;
-
- to_be_compared = expression->func_inst;
- last_read = to_be_compared->get_associated_read(tid, index, marker);
- ASSERT(last_read != VALUE_NONE);
-
- equality = (write_val == last_read);
- if (equality != expression->value)
- satisfy_predicate = false;
- break;
- case NULLITY:
- // TODO: implement likely to be null
- equality = ((void*) (write_val & 0xffffffff) == NULL);
- if (equality != expression->value)
- satisfy_predicate = false;
- break;
- default:
- model_print("unknown predicate token\n");
- break;
- }
-
- if (!satisfy_predicate)
- break;
- }
-
- delete pred_expr_it;
- return satisfy_predicate;
-}
-
bool NewFuzzer::shouldWait(const ModelAction * act)
{
return random() & 1;
diff --git a/newfuzzer.h b/newfuzzer.h
index c8a3f036..730b81fd 100644
--- a/newfuzzer.h
+++ b/newfuzzer.h
@@ -58,7 +58,6 @@ private:
*/
SnapVector<Thread *> paused_thread_list; //-- (not in use)
HashTable<Thread *, int, uintptr_t, 0> paused_thread_table; //--
- HashTable<Predicate *, bool, uintptr_t, 0> failed_predicates;
SnapVector<struct node_dist_info> dist_info_vec; //--
@@ -66,8 +65,6 @@ private:
void wake_up_paused_threads(int * threadlist, int * numthreads); //--
bool find_threads(ModelAction * pending_read); //--
-
- bool check_predicate_expressions(thread_id_t tid, int index, uint32_t marker, PredExprSet * pred_expressions, uint64_t write_val, bool * no_predicate);
};
#endif /* end of __NEWFUZZER_H__ */
diff --git a/predicate.cc b/predicate.cc
index 86bc30ed..9b329f10 100644
--- a/predicate.cc
+++ b/predicate.cc
@@ -131,8 +131,10 @@ ConcretePredicate * Predicate::evaluate(thread_id_t tid)
}
delete it;
- */
return concrete;
+ */
+
+ return NULL;
}
void Predicate::print_predicate()
--
2.34.1