From 9c8fe6c437d1a43d2d6170ea2842f52555b62a11 Mon Sep 17 00:00:00 2001 From: weiyu Date: Tue, 1 Oct 2019 18:43:44 -0700 Subject: [PATCH] Fix a memory bug --- funcnode.cc | 9 ++++-- funcnode.h | 3 -- history.cc | 90 ++++++++++++++++++++++++++++++++--------------------- history.h | 22 ++++++++----- 4 files changed, 76 insertions(+), 48 deletions(-) diff --git a/funcnode.cc b/funcnode.cc index 18c18997..e05e84f7 100644 --- a/funcnode.cc +++ b/funcnode.cc @@ -24,7 +24,6 @@ FuncNode::FuncNode(ModelHistory * history) : write_locations = new loc_set_t(); val_loc_map = new HashTable(); loc_may_equal_map = new HashTable(); - thrd_inst_act_map = new SnapVector(); //values_may_read_from = new value_set_t(); } @@ -42,7 +41,6 @@ void FuncNode::set_new_exec_flag() write_locations = new loc_set_t(); val_loc_map = new HashTable(); loc_may_equal_map = new HashTable(); - thrd_inst_act_map = new SnapVector(); //values_may_read_from = new value_set_t(); } @@ -586,6 +584,7 @@ Predicate * FuncNode::get_predicate_tree_position(thread_id_t tid) void FuncNode::init_inst_act_map(thread_id_t tid) { int thread_id = id_to_int(tid); + SnapVector * thrd_inst_act_map = history->getThrdInstActMap(func_id); uint old_size = thrd_inst_act_map->size(); if (thrd_inst_act_map->size() <= (uint) thread_id) { @@ -601,6 +600,8 @@ void FuncNode::init_inst_act_map(thread_id_t tid) void FuncNode::reset_inst_act_map(thread_id_t tid) { int thread_id = id_to_int(tid); + SnapVector * thrd_inst_act_map = history->getThrdInstActMap(func_id); + inst_act_map_t * map = (*thrd_inst_act_map)[thread_id]; map->reset(); } @@ -608,6 +609,8 @@ void FuncNode::reset_inst_act_map(thread_id_t tid) void FuncNode::update_inst_act_map(thread_id_t tid, ModelAction * read_act) { int thread_id = id_to_int(tid); + SnapVector * thrd_inst_act_map = history->getThrdInstActMap(func_id); + inst_act_map_t * map = (*thrd_inst_act_map)[thread_id]; FuncInst * read_inst = get_inst(read_act); map->put(read_inst, read_act); @@ -616,6 +619,8 @@ void FuncNode::update_inst_act_map(thread_id_t tid, ModelAction * read_act) inst_act_map_t * FuncNode::get_inst_act_map(thread_id_t tid) { int thread_id = id_to_int(tid); + SnapVector * thrd_inst_act_map = history->getThrdInstActMap(func_id); + return (*thrd_inst_act_map)[thread_id]; } diff --git a/funcnode.h b/funcnode.h index 14b5806a..0d0755db 100644 --- a/funcnode.h +++ b/funcnode.h @@ -104,9 +104,6 @@ private: /* Run-time position in the predicate tree for each thread */ ModelVector predicate_tree_position; - /* A run-time map from FuncInst to ModelAction for each thread; needed by NewFuzzer */ - SnapVector * thrd_inst_act_map; - /* Store the relation between this FuncNode and other FuncNodes */ HashTable edge_table; diff --git a/history.cc b/history.cc index 24350181..bf40312c 100644 --- a/history.cc +++ b/history.cc @@ -15,14 +15,17 @@ ModelHistory::ModelHistory() : func_counter(1), /* function id starts with 1 */ func_map(), func_map_rev(), - func_nodes(), - write_history(), // snapshot data structure - loc_func_nodes_map(), // shapshot data structure - loc_wr_func_nodes_map(), // shapshot data structure - thrd_last_entered_func(), // snapshot data structure - loc_waiting_writes_map(), // snapshot data structure - thrd_waiting_write() // snapshot data structure -{} + func_nodes() +{ + /* The following are snapshot data structures */ + write_history = new HashTable(); + loc_func_nodes_map = new HashTable *, uintptr_t, 0>(); + loc_wr_func_nodes_map = new HashTable *, uintptr_t, 0>(); + thrd_last_entered_func = new SnapVector(); + loc_waiting_writes_map = new HashTable *, uintptr_t, 0>(); + thrd_waiting_write = new SnapVector(); + func_inst_act_maps = new HashTable *, int, 0>(); +} void ModelHistory::enter_function(const uint32_t func_id, thread_id_t tid) { @@ -46,15 +49,15 @@ void ModelHistory::enter_function(const uint32_t func_id, thread_id_t tid) } } - while ( thrd_last_entered_func.size() <= id ) { - thrd_last_entered_func.push_back(0); // 0 is a dummy function id + while ( thrd_last_entered_func->size() <= id ) { + thrd_last_entered_func->push_back(0); // 0 is a dummy function id } SnapList * func_act_lists = (*thrd_func_act_lists)[id]; func_act_lists->push_back( new action_list_t() ); - uint32_t last_entered_func_id = thrd_last_entered_func[id]; - thrd_last_entered_func[id] = func_id; + uint32_t last_entered_func_id = (*thrd_last_entered_func)[id]; + (*thrd_last_entered_func)[id] = func_id; (*thrd_func_list)[id].push_back(func_id); if ( func_nodes.size() <= func_id ) @@ -152,7 +155,7 @@ void ModelHistory::process_action(ModelAction *act, thread_id_t tid) update_write_history(location, value); /* Update FuncNodes that may read from this location */ - SnapList * func_nodes = loc_func_nodes_map.get(location); + SnapList * func_nodes = loc_func_nodes_map->get(location); if (func_nodes != NULL) { sllnode * it = func_nodes->begin(); for (; it != NULL; it = it->getNext()) { @@ -204,7 +207,11 @@ void ModelHistory::process_action(ModelAction *act, thread_id_t tid) /* Return the FuncNode given its func_id */ FuncNode * ModelHistory::get_func_node(uint32_t func_id) { - if (func_nodes.size() <= func_id) // this node has not been added to func_nodes + if (func_id == 0) + return NULL; + + // This node has not been added to func_nodes + if (func_nodes.size() <= func_id) return NULL; return func_nodes[func_id]; @@ -216,18 +223,21 @@ FuncNode * ModelHistory::get_curr_func_node(thread_id_t tid) int thread_id = id_to_int(tid); SnapVector * thrd_func_list = model->get_execution()->get_thrd_func_list(); uint32_t func_id = (*thrd_func_list)[thread_id].back(); - FuncNode * func_node = func_nodes[func_id]; - return func_node; + if (func_id != 0) { + return func_nodes[func_id]; + } + + return NULL; } void ModelHistory::update_write_history(void * location, uint64_t write_val) { - value_set_t * write_set = write_history.get(location); + value_set_t * write_set = write_history->get(location); if (write_set == NULL) { write_set = new value_set_t(); - write_history.put(location, write_set); + write_history->put(location, write_set); } write_set->add(write_val); @@ -235,10 +245,10 @@ void ModelHistory::update_write_history(void * location, uint64_t write_val) void ModelHistory::update_loc_func_nodes_map(void * location, FuncNode * node) { - SnapList * func_node_list = loc_func_nodes_map.get(location); + SnapList * func_node_list = loc_func_nodes_map->get(location); if (func_node_list == NULL) { func_node_list = new SnapList(); - loc_func_nodes_map.put(location, func_node_list); + loc_func_nodes_map->put(location, func_node_list); } func_node_list->push_back(node); @@ -246,10 +256,10 @@ void ModelHistory::update_loc_func_nodes_map(void * location, FuncNode * node) void ModelHistory::update_loc_wr_func_nodes_map(void * location, FuncNode * node) { - SnapList * func_node_list = loc_wr_func_nodes_map.get(location); + SnapList * func_node_list = loc_wr_func_nodes_map->get(location); if (func_node_list == NULL) { func_node_list = new SnapList(); - loc_func_nodes_map.put(location, func_node_list); + loc_func_nodes_map->put(location, func_node_list); } func_node_list->push_back(node); @@ -259,31 +269,28 @@ void ModelHistory::update_loc_wr_func_nodes_map(void * location, FuncNode * node void ModelHistory::add_waiting_write(ConcretePredicate * concrete) { void * location = concrete->get_location(); - SnapVector * waiting_conditions = loc_waiting_writes_map.get(location); + SnapVector * waiting_conditions = loc_waiting_writes_map->get(location); if (waiting_conditions == NULL) { waiting_conditions = new SnapVector(); - loc_waiting_writes_map.put(location, waiting_conditions); + loc_waiting_writes_map->put(location, waiting_conditions); } /* waiting_conditions should not have duplications */ waiting_conditions->push_back(concrete); int thread_id = id_to_int(concrete->get_tid()); - int oldsize = thrd_waiting_write.size(); - - if (oldsize <= thread_id) { - for (int i = oldsize; i < thread_id + 1; i++) - thrd_waiting_write.resize(thread_id + 1); + if (thrd_waiting_write->size() <= (uint) thread_id) { + thrd_waiting_write->resize(thread_id + 1); } - thrd_waiting_write[thread_id] = concrete; + (*thrd_waiting_write)[thread_id] = concrete; } void ModelHistory::remove_waiting_write(thread_id_t tid) { - ConcretePredicate * concrete = thrd_waiting_write[ id_to_int(tid) ]; + ConcretePredicate * concrete = (*thrd_waiting_write)[ id_to_int(tid) ]; void * location = concrete->get_location(); - SnapVector * concrete_preds = loc_waiting_writes_map.get(location); + SnapVector * concrete_preds = loc_waiting_writes_map->get(location); for (uint i = 0; i < concrete_preds->size(); i++) { ConcretePredicate * current = (*concrete_preds)[i]; @@ -295,16 +302,16 @@ void ModelHistory::remove_waiting_write(thread_id_t tid) } int thread_id = id_to_int( concrete->get_tid() ); - thrd_waiting_write[thread_id] = NULL; + (*thrd_waiting_write)[thread_id] = NULL; delete concrete; } -/* Check if any other thread is waiting for this write action. If so, wake them up */ +/* Check if any other thread is waiting for this write action. If so, "notify" them */ void ModelHistory::check_waiting_write(ModelAction * write_act) { void * location = write_act->get_location(); uint64_t value = write_act->get_write_value(); - SnapVector * concrete_preds = loc_waiting_writes_map.get(location); + SnapVector * concrete_preds = loc_waiting_writes_map->get(location); SnapVector to_remove = SnapVector(); if (concrete_preds == NULL) return; @@ -355,6 +362,19 @@ void ModelHistory::check_waiting_write(ModelAction * write_act) } } +SnapVector * ModelHistory::getThrdInstActMap(uint32_t func_id) +{ + ASSERT(func_id != 0); + + SnapVector * maps = func_inst_act_maps->get(func_id); + if (maps == NULL) { + maps = new SnapVector(); + func_inst_act_maps->put(func_id, maps); + } + + return maps; +} + /* Reallocate some snapshotted memories when new executions start */ void ModelHistory::set_new_exec_flag() { diff --git a/history.h b/history.h index 5a3657c4..a39850ba 100644 --- a/history.h +++ b/history.h @@ -29,14 +29,16 @@ public: FuncNode * get_curr_func_node(thread_id_t tid); void update_write_history(void * location, uint64_t write_val); - HashTable * getWriteHistory() { return &write_history; } + HashTable * getWriteHistory() { return write_history; } void update_loc_func_nodes_map(void * location, FuncNode * node); void update_loc_wr_func_nodes_map(void * location, FuncNode * node); void add_waiting_write(ConcretePredicate * concrete); void remove_waiting_write(thread_id_t tid); void check_waiting_write(ModelAction * write_act); - SnapVector * getThrdWaitingWrite() { return &thrd_waiting_write; } + SnapVector * getThrdWaitingWrite() { return thrd_waiting_write; } + + SnapVector * getThrdInstActMap(uint32_t func_id); void set_new_exec_flag(); void dump_func_node_graph(); @@ -55,19 +57,23 @@ private: ModelVector func_nodes; /* Map a location to a set of values that have been written to it */ - HashTable write_history; + HashTable * write_history; /* Map a location to FuncNodes that may read from it */ - HashTable *, uintptr_t, 4> loc_func_nodes_map; + HashTable *, uintptr_t, 0> * loc_func_nodes_map; /* Map a location to FuncNodes that may write to it */ - HashTable *, uintptr_t, 4> loc_wr_func_nodes_map; + HashTable *, uintptr_t, 0> * loc_wr_func_nodes_map; /* Keeps track of the last function entered by each thread */ - SnapVector thrd_last_entered_func; + SnapVector * thrd_last_entered_func; + + HashTable *, uintptr_t, 0> * loc_waiting_writes_map; + SnapVector * thrd_waiting_write; - HashTable *, uintptr_t, 4> loc_waiting_writes_map; - SnapVector thrd_waiting_write; + /* A run-time map from FuncInst to ModelAction per each FuncNode, per each thread. + * Manipulated by FuncNode, and needed by NewFuzzer */ + HashTable *, int, 0> * func_inst_act_maps; }; #endif /* __HISTORY_H__ */ -- 2.34.1