-/* Copyright (c) 2008-2021. The SimGrid Team. All rights reserved. */
+/* Copyright (c) 2008-2023. The SimGrid Team. All rights reserved. */
/* This program is free software; you can redistribute it and/or modify it
* under the terms of the license (GNU LGPL) which comes with this package. */
#include "src/mc/mc_config.hpp"
#include "src/mc/mc_private.hpp"
+#include "src/mc/sosp/RemoteProcessMemory.hpp"
#include "src/mc/sosp/Snapshot.hpp"
+#include "xbt/ex.h"
#include <algorithm>
-XBT_LOG_NEW_DEFAULT_SUBCATEGORY(mc_compare, xbt, "Logging specific to mc_compare in mc");
+XBT_LOG_NEW_DEFAULT_SUBCATEGORY(mc_compare, mc, "Logging specific to mc_compare in mc");
-using simgrid::mc::remote;
-
-namespace simgrid {
-namespace mc {
+namespace simgrid::mc {
/*********************************** Heap comparison ***********************************/
/***************************************************************************************/
compared_pointers.clear();
}
- int initHeapInformation(const s_xbt_mheap_t* heap1, const s_xbt_mheap_t* heap2,
+ int initHeapInformation(RemoteProcessMemory& appli, const s_xbt_mheap_t* heap1, const s_xbt_mheap_t* heap2,
const std::vector<IgnoredHeapRegion>& i1, const std::vector<IgnoredHeapRegion>& i2);
template <int rank> HeapArea& equals_to_(std::size_t i, std::size_t j)
void match_equals(const HeapLocationPairs* list);
};
-} // namespace mc
-} // namespace simgrid
+} // namespace simgrid::mc
/************************************************************************************/
return (pos != ignore_list->end() && pos->address == address) ? pos->size : -1;
}
-static bool is_stack(const simgrid::mc::RemoteProcess& process, const void* address)
+static bool is_stack(const simgrid::mc::RemoteProcessMemory& process, const void* address)
{
auto const& stack_areas = process.stack_areas();
return std::any_of(stack_areas.begin(), stack_areas.end(),
}
// TODO, this should depend on the snapshot?
-static bool is_block_stack(const simgrid::mc::RemoteProcess& process, int block)
+static bool is_block_stack(const simgrid::mc::RemoteProcessMemory& process, int block)
{
auto const& stack_areas = process.stack_areas();
return std::any_of(stack_areas.begin(), stack_areas.end(),
[block](auto const& stack) { return stack.block == block; });
}
-namespace simgrid {
-namespace mc {
+namespace simgrid::mc {
void StateComparator::match_equals(const HeapLocationPairs* list)
{
this->types.assign(heaplimit * MAX_FRAGMENT_PER_BLOCK, nullptr);
}
-int StateComparator::initHeapInformation(const s_xbt_mheap_t* heap1, const s_xbt_mheap_t* heap2,
- const std::vector<IgnoredHeapRegion>& i1,
+int StateComparator::initHeapInformation(simgrid::mc::RemoteProcessMemory& memory, const s_xbt_mheap_t* heap1,
+ const s_xbt_mheap_t* heap2, const std::vector<IgnoredHeapRegion>& i1,
const std::vector<IgnoredHeapRegion>& i2)
{
if ((heap1->heaplimit != heap2->heaplimit) || (heap1->heapsize != heap2->heapsize))
return -1;
this->heaplimit = heap1->heaplimit;
- this->std_heap_copy = *mc_model_checker->get_remote_process().get_heap();
+ this->std_heap_copy = *memory.get_heap();
this->processStates[0].initHeapInformation(heap1, i1);
this->processStates[1].initHeapInformation(heap2, i2);
return 0;
xbt_die("No heap region");
}
-static bool heap_area_differ(const RemoteProcess& process, StateComparator& state, const void* area1, const void* area2,
- const Snapshot& snapshot1, const Snapshot& snapshot2, HeapLocationPairs* previous,
- Type* type, int pointer_level);
+static bool heap_area_differ(const RemoteProcessMemory& process, StateComparator& state, const void* area1,
+ const void* area2, const Snapshot& snapshot1, const Snapshot& snapshot2,
+ HeapLocationPairs* previous, Type* type, int pointer_level);
-static bool mmalloc_heap_differ(const RemoteProcess& process, StateComparator& state, const Snapshot& snapshot1,
+/* Compares the content of each heap fragment between the two states, at the bit level.
+ *
+ * This operation is costly (about 5 seconds per snapshots' pair to compare on a small program),
+ * but hard to optimize because our algorithm is too hackish.
+ *
+ * Going at bit level can trigger syntaxtic differences on states that are semantically equivalent.
+ *
+ * Padding bytes constitute the first source of such syntaxtic difference: Any malloced memory contains spaces that
+ * are not used to enforce the memory alignment constraints of the CPU. So, cruft of irrelevant changes could get
+ * added on these bits. But this case is handled properly, as any memory block is zeroed by mmalloc before being handled
+ * back, not only for calloc but also for malloc. So the memory interstices due to padding bytes are properly zeroed.
+ *
+ * Another source of such change comes from the order of mallocs, that may well change from one execution path to
+ * another. This will change the malloc fragment in which the data is stored and the pointer values (syntaxtic
+ * difference) while the semantic of the state remains the same.
+ *
+ * To fix this, this code relies on a hugly hack. When we see a difference during the bit-level comparison,
+ * we first check if it could be explained by a pointer-to-block difference. Ie, if when interpreting the memory
+ * area containing that difference as a pointer, I get the pointer to a valid fragment in the heap (in both snapshots).
+ *
+ * This is why we cannot pre-compute a bit-level hash of the heap content: we discover the pointers to other memory
+ * fragment when a difference is found during the bit-level exploration. Fixing this would require to save typing
+ * information about the memory fragments, which is something that could be done with https://github.com/tudasc/TypeART
+ * This would give us all pointers in the mallocated memory, allowing the graph traversal needed to precompute the hash.
+ *
+ * Using a hash without paying attention to malloc fragment reordering would lead to false negatives:
+ * semantically equivalent states would be detected as [syntaxically] different. It's of no importance for the
+ * state-equality reduction (we would re-explore semantically equivalent states), but it would endanger the soundness
+ * of the liveness model-checker, as state-equality is used to detect the loops that constitute the accepting states of
+ * the verified property. So we could miss counter-examples to the verified property. Not good. Not good at all.
+ */
+static bool mmalloc_heap_differ(const RemoteProcessMemory& process, StateComparator& state, const Snapshot& snapshot1,
const Snapshot& snapshot2)
{
/* Check busy blocks */
xbt_assert(heapinfo1->type >= 0, "Unknown mmalloc block type: %d", heapinfo1->type);
- void* addr_block1 = ((void*)(((ADDR2UINT(i1)) - 1) * BLOCKSIZE + (char*)state.std_heap_copy.heapbase));
+ void* addr_block1 = (ADDR2UINT(i1) - 1) * BLOCKSIZE + (char*)state.std_heap_copy.heapbase;
if (heapinfo1->type == MMALLOC_TYPE_UNFRAGMENTED) { /* Large block */
if (is_stack(process, addr_block1)) {
* @param check_ignore
* @return true when different, false otherwise (same or unknown)
*/
-static bool heap_area_differ_without_type(const RemoteProcess& process, StateComparator& state, const void* real_area1,
- const void* real_area2, const Snapshot& snapshot1, const Snapshot& snapshot2,
- HeapLocationPairs* previous, int size, int check_ignore)
+static bool heap_area_differ_without_type(const RemoteProcessMemory& process, StateComparator& state,
+ const void* real_area1, const void* real_area2, const Snapshot& snapshot1,
+ const Snapshot& snapshot2, HeapLocationPairs* previous, int size,
+ int check_ignore)
{
const Region* heap_region1 = MC_get_heap_region(snapshot1);
const Region* heap_region2 = MC_get_heap_region(snapshot2);
* @param pointer_level
* @return true when different, false otherwise (same or unknown)
*/
-static bool heap_area_differ_with_type(const simgrid::mc::RemoteProcess& process, StateComparator& state,
+static bool heap_area_differ_with_type(const simgrid::mc::RemoteProcessMemory& process, StateComparator& state,
const void* real_area1, const void* real_area2, const Snapshot& snapshot1,
const Snapshot& snapshot2, HeapLocationPairs* previous, const Type* type,
int area_size, int check_ignore, int pointer_level)
* @param pointer_level
* @return true when different, false otherwise (same or unknown)
*/
-static bool heap_area_differ(const RemoteProcess& process, StateComparator& state, const void* area1, const void* area2,
- const Snapshot& snapshot1, const Snapshot& snapshot2, HeapLocationPairs* previous,
- Type* type, int pointer_level)
+static bool heap_area_differ(const RemoteProcessMemory& process, StateComparator& state, const void* area1,
+ const void* area2, const Snapshot& snapshot1, const Snapshot& snapshot2,
+ HeapLocationPairs* previous, Type* type, int pointer_level)
{
ssize_t block1;
ssize_t block2;
// If either block is not in the expected area of memory:
if (((const char*)area1 < (const char*)state.std_heap_copy.heapbase) ||
- (block1 > (ssize_t)state.processStates[0].heapsize) || (block1 < 1) ||
+ (block1 > (ssize_t)state.processStates[0].heapsize) ||
((const char*)area2 < (const char*)state.std_heap_copy.heapbase) ||
- (block2 > (ssize_t)state.processStates[1].heapsize) || (block2 < 1)) {
+ (block2 > (ssize_t)state.processStates[1].heapsize)) {
return true;
}
}
if (type_size != -1 && type_size != (ssize_t)heapinfo1->busy_block.busy_size &&
- type_size != (ssize_t)heapinfo2->busy_block.busy_size &&
- (type->name.empty() || type->name == "struct s_smx_context")) {
+ type_size != (ssize_t)heapinfo2->busy_block.busy_size && type->name.empty()) {
if (match_pairs)
state.match_equals(previous);
return false;
}
// Check if the blocks are already matched together:
- if (state.equals_to_<1>(block1, frag1).valid_ && state.equals_to_<2>(block2, frag2).valid_ && offset1 == offset2 &&
+ if (state.equals_to_<1>(block1, frag1).valid_ && state.equals_to_<2>(block2, frag2).valid_ &&
state.fragmentsEqual(block1, frag1, block2, frag2)) {
if (match_pairs)
state.match_equals(previous);
return true;
/* Start comparison */
- bool differ = type ? heap_area_differ_with_type(process, state, area1, area2, snapshot1, snapshot2, previous, type,
- size, check_ignore, pointer_level)
- : heap_area_differ_without_type(process, state, area1, area2, snapshot1, snapshot2, previous, size,
- check_ignore);
- if (differ)
+ if (type ? heap_area_differ_with_type(process, state, area1, area2, snapshot1, snapshot2, previous, type, size,
+ check_ignore, pointer_level)
+ : heap_area_differ_without_type(process, state, area1, area2, snapshot1, snapshot2, previous, size,
+ check_ignore))
return true;
if (match_pairs)
state.match_equals(previous);
return false;
}
-} // namespace mc
-} // namespace simgrid
+} // namespace simgrid::mc
/************************** Snapshot comparison *******************************/
/******************************************************************************/
-static bool areas_differ_with_type(const simgrid::mc::RemoteProcess& process, simgrid::mc::StateComparator& state,
+static bool areas_differ_with_type(const simgrid::mc::RemoteProcessMemory& process, simgrid::mc::StateComparator& state,
const void* real_area1, const simgrid::mc::Snapshot& snapshot1,
simgrid::mc::Region* region1, const void* real_area2,
const simgrid::mc::Snapshot& snapshot2, simgrid::mc::Region* region2,
return false;
}
-static bool global_variables_differ(const simgrid::mc::RemoteProcess& process, simgrid::mc::StateComparator& state,
+static bool global_variables_differ(const simgrid::mc::RemoteProcessMemory& process,
+ simgrid::mc::StateComparator& state,
const simgrid::mc::ObjectInformation* object_info, simgrid::mc::Region* r1,
simgrid::mc::Region* r2, const simgrid::mc::Snapshot& snapshot1,
const simgrid::mc::Snapshot& snapshot2)
return false;
}
-static bool local_variables_differ(const simgrid::mc::RemoteProcess& process, simgrid::mc::StateComparator& state,
+static bool local_variables_differ(const simgrid::mc::RemoteProcessMemory& process, simgrid::mc::StateComparator& state,
const simgrid::mc::Snapshot& snapshot1, const simgrid::mc::Snapshot& snapshot2,
const_mc_snapshot_stack_t stack1, const_mc_snapshot_stack_t stack2)
{
return false;
}
-namespace simgrid {
-namespace mc {
+namespace simgrid::mc {
-bool snapshot_equal(const Snapshot* s1, const Snapshot* s2)
+bool Snapshot::operator==(const Snapshot& other)
{
// TODO, make this a field of ModelChecker or something similar
static StateComparator state_comparator;
- const RemoteProcess& process = mc_model_checker->get_remote_process();
+ RemoteProcessMemory& memory = mc_model_checker->get_remote_process_memory();
- if (s1->hash_ != s2->hash_) {
- XBT_VERB("(%d - %d) Different hash: 0x%" PRIx64 "--0x%" PRIx64, s1->num_state_, s2->num_state_, s1->hash_,
- s2->hash_);
+ if (hash_ != other.hash_) {
+ XBT_VERB("(%ld - %ld) Different hash: 0x%" PRIx64 "--0x%" PRIx64, this->num_state_, other.num_state_, this->hash_,
+ other.hash_);
return false;
}
- XBT_VERB("(%d - %d) Same hash: 0x%" PRIx64, s1->num_state_, s2->num_state_, s1->hash_);
+ XBT_VERB("(%ld - %ld) Same hash: 0x%" PRIx64, this->num_state_, other.num_state_, this->hash_);
- /* Compare enabled processes */
- if (s1->enabled_processes_ != s2->enabled_processes_) {
- XBT_VERB("(%d - %d) Different amount of enabled processes", s1->num_state_, s2->num_state_);
- return false;
- }
+ /* TODO: re-enable the quick filter of counting enabled processes in each snapshots */
/* Compare size of stacks */
- for (unsigned long i = 0; i < s1->stacks_.size(); i++) {
- size_t size_used1 = s1->stack_sizes_[i];
- size_t size_used2 = s2->stack_sizes_[i];
+ for (unsigned long i = 0; i < this->stacks_.size(); i++) {
+ size_t size_used1 = this->stack_sizes_[i];
+ size_t size_used2 = other.stack_sizes_[i];
if (size_used1 != size_used2) {
- XBT_VERB("(%d - %d) Different size used in stacks: %zu - %zu", s1->num_state_, s2->num_state_, size_used1,
+ XBT_VERB("(%ld - %ld) Different size used in stacks: %zu - %zu", num_state_, other.num_state_, size_used1,
size_used2);
return false;
}
/* Init heap information used in heap comparison algorithm */
const s_xbt_mheap_t* heap1 = static_cast<xbt_mheap_t>(
- s1->read_bytes(alloca(sizeof(s_xbt_mheap_t)), sizeof(s_xbt_mheap_t), process.heap_address, ReadOptions::lazy()));
+ this->read_bytes(alloca(sizeof(s_xbt_mheap_t)), sizeof(s_xbt_mheap_t), memory.heap_address, ReadOptions::lazy()));
const s_xbt_mheap_t* heap2 = static_cast<xbt_mheap_t>(
- s2->read_bytes(alloca(sizeof(s_xbt_mheap_t)), sizeof(s_xbt_mheap_t), process.heap_address, ReadOptions::lazy()));
- if (state_comparator.initHeapInformation(heap1, heap2, s1->to_ignore_, s2->to_ignore_) == -1) {
- XBT_VERB("(%d - %d) Different heap information", s1->num_state_, s2->num_state_);
+ other.read_bytes(alloca(sizeof(s_xbt_mheap_t)), sizeof(s_xbt_mheap_t), memory.heap_address, ReadOptions::lazy()));
+ if (state_comparator.initHeapInformation(memory, heap1, heap2, this->to_ignore_, other.to_ignore_) == -1) {
+ XBT_VERB("(%ld - %ld) Different heap information", this->num_state_, other.num_state_);
return false;
}
/* Stacks comparison */
- for (unsigned int cursor = 0; cursor < s1->stacks_.size(); cursor++) {
- const_mc_snapshot_stack_t stack1 = &s1->stacks_[cursor];
- const_mc_snapshot_stack_t stack2 = &s2->stacks_[cursor];
+ for (unsigned int cursor = 0; cursor < this->stacks_.size(); cursor++) {
+ const_mc_snapshot_stack_t stack1 = &this->stacks_[cursor];
+ const_mc_snapshot_stack_t stack2 = &other.stacks_[cursor];
- if (local_variables_differ(process, state_comparator, *s1, *s2, stack1, stack2)) {
- XBT_VERB("(%d - %d) Different local variables between stacks %u", s1->num_state_, s2->num_state_, cursor + 1);
+ if (local_variables_differ(memory, state_comparator, *this, other, stack1, stack2)) {
+ XBT_VERB("(%ld - %ld) Different local variables between stacks %u", this->num_state_, other.num_state_,
+ cursor + 1);
return false;
}
}
- size_t regions_count = s1->snapshot_regions_.size();
- if (regions_count != s2->snapshot_regions_.size())
+ size_t regions_count = this->snapshot_regions_.size();
+ if (regions_count != other.snapshot_regions_.size())
return false;
for (size_t k = 0; k != regions_count; ++k) {
- Region* region1 = s1->snapshot_regions_[k].get();
- Region* region2 = s2->snapshot_regions_[k].get();
+ Region* region1 = this->snapshot_regions_[k].get();
+ Region* region2 = other.snapshot_regions_[k].get();
// Preconditions:
if (region1->region_type() != RegionType::Data)
xbt_assert(region1->object_info());
/* Compare global variables */
- if (global_variables_differ(process, state_comparator, region1->object_info(), region1, region2, *s1, *s2)) {
+ if (global_variables_differ(memory, state_comparator, region1->object_info(), region1, region2, *this, other)) {
std::string const& name = region1->object_info()->file_name;
- XBT_VERB("(%d - %d) Different global variables in %s", s1->num_state_, s2->num_state_, name.c_str());
+ XBT_VERB("(%ld - %ld) Different global variables in %s", this->num_state_, other.num_state_, name.c_str());
return false;
}
}
+ XBT_VERB(" Compare heap...");
/* Compare heap */
- if (mmalloc_heap_differ(process, state_comparator, *s1, *s2)) {
- XBT_VERB("(%d - %d) Different heap (mmalloc_compare)", s1->num_state_, s2->num_state_);
+ if (mmalloc_heap_differ(memory, state_comparator, *this, other)) {
+ XBT_VERB("(%ld - %ld) Different heap (mmalloc_heap_differ)", this->num_state_, other.num_state_);
return false;
}
- XBT_VERB("(%d - %d) No difference found", s1->num_state_, s2->num_state_);
+ XBT_VERB("(%ld - %ld) No difference found", this->num_state_, other.num_state_);
return true;
}
-} // namespace mc
-} // namespace simgrid
+} // namespace simgrid::mc
