#include "simgrid_config.h"
#include <stdio.h>
+#include <stdbool.h>
#ifndef WIN32
#include <sys/mman.h>
#endif
#include "xbt/function_types.h"
#include "xbt/mmalloc.h"
#include "../simix/smx_private.h"
+#include "../xbt/mmalloc/mmprivate.h"
#include "xbt/automaton.h"
#include "xbt/hash.h"
#include "msg/msg.h"
#include "msg/datatypes.h"
#include "xbt/strbuff.h"
#include "xbt/parmap.h"
+#include "mc_mmu.h"
+#include "mc_page_store.h"
+#include "mc_interface.h"
+
+SG_BEGIN_DECL()
typedef struct s_dw_frame s_dw_frame_t, *dw_frame_t;
typedef struct s_mc_function_index_item s_mc_function_index_item_t, *mc_function_index_item_t;
/****************************** Snapshots ***********************************/
-#define NB_REGIONS 3 /* binary data (data + BSS) (type = 2), libsimgrid data (data + BSS) (type = 1), std_heap (type = 0)*/
+#define NB_REGIONS 3 /* binary data (data + BSS) (type = 2), libsimgrid data (data + BSS) (type = 1), std_heap (type = 0)*/
+/** @brief Copy/snapshot of a given memory region
+ *
+ * Two types of region snapshots exist:
+ * <ul>
+ * <li>flat/dense snapshots are a simple copy of the region;</li>
+ * <li>sparse/per-page snapshots are snaapshots which shared
+ * identical pages.</li>
+ * </ul>
+ */
typedef struct s_mc_mem_region{
- // Real address:
+ /** @brief Virtual address of the region in the simulated process */
void *start_addr;
- // Copy of the datra:
+
+ /** @brief Permanent virtual address of the region
+ *
+ * This is usually the same address as the simuilated process address.
+ * However, when using SMPI privatization of global variables,
+ * each SMPI process has its own set of global variables stored
+ * at a different virtual address. The scheduler maps those region
+ * on the region of the global variables.
+ *
+ * */
+ void *permanent_addr;
+
+ /** @brief Copy of the snapshot for flat snapshots regions (NULL otherwise) */
void *data;
- // Size of the data region:
+
+ /** @brief Size of the data region in bytes */
size_t size;
+
+ /** @brief Pages indices in the page store for per-page snapshots (NULL otherwise) */
+ size_t* page_numbers;
+
} s_mc_mem_region_t, *mc_mem_region_t;
+static inline __attribute__ ((always_inline))
+bool mc_region_contain(mc_mem_region_t region, void* p)
+{
+ return p >= region->start_addr &&
+ p < (void*)((char*) region->start_addr + region->size);
+}
+
+/** Ignored data
+ *
+ * Some parts of the snapshot are ignored by zeroing them out: the real
+ * values is stored here.
+ * */
+typedef struct s_mc_snapshot_ignored_data {
+ void* start;
+ size_t size;
+ void* data;
+} s_mc_snapshot_ignored_data_t, *mc_snapshot_ignored_data_t;
+
typedef struct s_mc_snapshot{
size_t heap_bytes_used;
mc_mem_region_t regions[NB_REGIONS];
- int nb_processes;
+ xbt_dynar_t enabled_processes;
+ mc_mem_region_t* privatization_regions;
+ int privatization_index;
size_t *stack_sizes;
xbt_dynar_t stacks;
xbt_dynar_t to_ignore;
uint64_t hash;
-} s_mc_snapshot_t, *mc_snapshot_t;
+ xbt_dynar_t ignored_data;
+} s_mc_snapshot_t;
+
+/** @brief Process index used when no process is available
+ *
+ * The expected behaviour is that if a process index is needed it will fail.
+ * */
+#define MC_NO_PROCESS_INDEX -1
+
+/** @brief Process index when any process is suitable
+ *
+ * We could use a special negative value in the future.
+ */
+#define MC_ANY_PROCESS_INDEX 0
+
+mc_mem_region_t mc_get_snapshot_region(void* addr, mc_snapshot_t snapshot, int process_index);
+
+static inline __attribute__ ((always_inline))
+mc_mem_region_t mc_get_region_hinted(void* addr, mc_snapshot_t snapshot, int process_index, mc_mem_region_t region)
+{
+ if (mc_region_contain(region, addr))
+ return region;
+ else
+ return mc_get_snapshot_region(addr, snapshot, process_index);
+}
/** Information about a given stack frame
*
typedef struct s_mc_snapshot_stack{
xbt_dynar_t local_variables;
- void *stack_pointer;
- void *real_address;
xbt_dynar_t stack_frames; // mc_stack_frame_t
+ int process_index;
}s_mc_snapshot_stack_t, *mc_snapshot_stack_t;
typedef struct s_mc_global_t{
size_t size;
}s_mc_checkpoint_ignore_region_t, *mc_checkpoint_ignore_region_t;
-mc_snapshot_t SIMIX_pre_mc_snapshot(smx_simcall_t simcall);
+static void* mc_snapshot_get_heap_end(mc_snapshot_t snapshot);
+
mc_snapshot_t MC_take_snapshot(int num_state);
void MC_restore_snapshot(mc_snapshot_t);
void MC_free_snapshot(mc_snapshot_t);
-void* mc_translate_address(uintptr_t addr, mc_snapshot_t snapshot);
-uintptr_t mc_untranslate_address(void* addr, mc_snapshot_t snapshot);
+
+int mc_important_snapshot(mc_snapshot_t snapshot);
+
+size_t* mc_take_page_snapshot_region(void* data, size_t page_count, uint64_t* pagemap, size_t* reference_pages);
+void mc_free_page_snapshot_region(size_t* pagenos, size_t page_count);
+void mc_restore_page_snapshot_region(void* start_addr, size_t page_count, size_t* pagenos, uint64_t* pagemap, size_t* reference_pagenos);
+
+mc_mem_region_t mc_region_new_sparse(int type, void *start_addr, void* data_addr, size_t size, mc_mem_region_t ref_reg);
+void MC_region_destroy(mc_mem_region_t reg);
+void mc_region_restore_sparse(mc_mem_region_t reg, mc_mem_region_t ref_reg);
+void mc_softdirty_reset();
+
+static inline __attribute__((always_inline))
+bool mc_snapshot_region_linear(mc_mem_region_t region) {
+ return !region || !region->data;
+}
+
+void* mc_snapshot_read_fragmented(void* addr, mc_mem_region_t region, void* target, size_t size);
+
+void* mc_snapshot_read(void* addr, mc_snapshot_t snapshot, int process_index, void* target, size_t size);
+int mc_snapshot_region_memcmp(
+ void* addr1, mc_mem_region_t region1,
+ void* addr2, mc_mem_region_t region2, size_t size);
+int mc_snapshot_memcmp(
+ void* addr1, mc_snapshot_t snapshot1,
+ void* addr2, mc_snapshot_t snapshot2, int process_index, size_t size);
+
+static void* mc_snapshot_read_pointer(void* addr, mc_snapshot_t snapshot, int process_index);
+
+/** @brief State of the model-checker (global variables for the model checker)
+ *
+ * Each part of the state of the model chercker represented as a global
+ * variable prevents some sharing between snapshots and must be ignored.
+ * By moving as much state as possible in this structure allocated
+ * on the model-chercker heap, we avoid those issues.
+ */
+typedef struct s_mc_model_checker {
+ // This is the parent snapshot of the current state:
+ mc_snapshot_t parent_snapshot;
+ mc_pages_store_t pages;
+ int fd_clear_refs;
+ int fd_pagemap;
+} s_mc_model_checker_t, *mc_model_checker_t;
+
+extern mc_model_checker_t mc_model_checker;
extern xbt_dynar_t mc_checkpoint_ignore;
void MC_show_deadlock(smx_simcall_t req);
void MC_show_stack_safety(xbt_fifo_t stack);
void MC_dump_stack_safety(xbt_fifo_t stack);
-void MC_init(void);
-int SIMIX_pre_mc_random(smx_simcall_t simcall, int min, int max);
+
+extern xbt_fifo_t mc_stack;
+int get_search_interval(xbt_dynar_t list, void *ref, int *min, int *max);
/********************************* Requests ***********************************/
/******************************** States **************************************/
+extern mc_global_t initial_global_state;
+
/* Possible exploration status of a process in a state */
typedef enum {
MC_NOT_INTERLEAVE=0, /* Do not interleave (do not execute) */
/* Normally the system should operate in std, for switching to raw mode */
/* you must wrap the code between MC_SET_RAW_MODE and MC_UNSET_RAW_MODE */
-extern void *std_heap;
-extern void *raw_heap;
+extern xbt_mheap_t std_heap;
+extern xbt_mheap_t mc_heap;
/* FIXME: Horrible hack! because the mmalloc library doesn't provide yet of */
/* size_t bytes_free; /\* Byte total of chunks in the free list. *\/ */
/* }; */
-#define MC_SET_RAW_MEM mmalloc_set_current_heap(raw_heap)
-#define MC_UNSET_RAW_MEM mmalloc_set_current_heap(std_heap)
+#define MC_SET_MC_HEAP mmalloc_set_current_heap(mc_heap)
+#define MC_SET_STD_HEAP mmalloc_set_current_heap(std_heap)
/******************************* MEMORY MAPPINGS ***************************/
extern __thread double mc_snapshot_comparison_time;
int snapshot_compare(void *state1, void *state2);
-int SIMIX_pre_mc_compare_snapshots(smx_simcall_t simcall, mc_snapshot_t s1, mc_snapshot_t s2);
void print_comparison_times(void);
//#define MC_DEBUG 1
#define MC_VERBOSE 1
-/********************************** DPOR for safety property **************************************/
+/********************************** Safety verification **************************************/
typedef enum {
e_mc_reduce_unset,
} e_mc_reduce_t;
extern e_mc_reduce_t mc_reduce_kind;
-extern mc_global_t initial_state_safety;
-extern xbt_fifo_t mc_stack_safety;
extern xbt_dict_t first_enabled_state;
-void MC_dpor_init(void);
-void MC_dpor(void);
+void MC_pre_modelcheck_safety(void);
+void MC_modelcheck_safety(void);
typedef struct s_mc_visited_state{
mc_snapshot_t system_state;
int other_num; // dot_output for
}s_mc_visited_state_t, *mc_visited_state_t;
+extern xbt_dynar_t visited_states;
+mc_visited_state_t is_visited_state(void);
+void visited_state_free(mc_visited_state_t state);
+void visited_state_free_voidp(void *s);
-/********************************** Double-DFS for liveness property **************************************/
+/********************************** Liveness verification **************************************/
-extern xbt_fifo_t mc_stack_liveness;
-extern mc_global_t initial_state_liveness;
extern xbt_automaton_t _mc_property_automaton;
-extern int compare;
typedef struct s_mc_pair{
int num;
mc_visited_pair_t MC_visited_pair_new(int pair_num, xbt_automaton_state_t automaton_state, xbt_dynar_t atomic_propositions);
void MC_visited_pair_delete(mc_visited_pair_t p);
-void MC_ddfs_init(void);
-void MC_ddfs(void);
+void MC_pre_modelcheck_liveness(void);
+void MC_modelcheck_liveness(void);
void MC_show_stack_liveness(xbt_fifo_t stack);
void MC_dump_stack_liveness(xbt_fifo_t stack);
+extern xbt_dynar_t visited_pairs;
+int is_visited_pair(mc_visited_pair_t pair, int pair_num, xbt_automaton_state_t automaton_state, xbt_dynar_t atomic_propositions);
+
/********************************** Variables with DWARF **********************************/
void MC_find_object_address(memory_map_t maps, mc_object_info_t result);
void MC_post_process_types(mc_object_info_t info);
+void MC_post_process_object_info(mc_object_info_t info);
// ***** Expressions
mc_expression_t locations;
} s_mc_location_list_t, *mc_location_list_t;
-Dwarf_Off mc_dwarf_resolve_location(mc_expression_t expression, unw_cursor_t* c, void* frame_pointer_address, mc_snapshot_t snapshot);
-Dwarf_Off mc_dwarf_resolve_locations(mc_location_list_t locations, unw_cursor_t* c, void* frame_pointer_address, mc_snapshot_t snapshot);
+uintptr_t mc_dwarf_resolve_location(mc_expression_t expression, mc_object_info_t object_info, unw_cursor_t* c, void* frame_pointer_address, mc_snapshot_t snapshot, int process_index);
+uintptr_t mc_dwarf_resolve_locations(mc_location_list_t locations, mc_object_info_t object_info, unw_cursor_t* c, void* frame_pointer_address, mc_snapshot_t snapshot, int process_index);
void mc_dwarf_expression_clear(mc_expression_t expression);
void mc_dwarf_expression_init(mc_expression_t expression, size_t len, Dwarf_Op* ops);
struct s_dw_type{
e_dw_type_type type;
- void *id; /* Offset in the section (in hexadecimal form) */
+ Dwarf_Off id; /* Offset in the section (in hexadecimal form) */
char *name; /* Name of the type */
int byte_size; /* Size in bytes */
int element_count; /* Number of elements for array type */
dw_type_t full_type; // The same (but more complete) type
};
-void* mc_member_resolve(const void* base, dw_type_t type, dw_type_t member, mc_snapshot_t snapshot);
-void* mc_member_snapshot_resolve(const void* base, dw_type_t type, dw_type_t member, mc_snapshot_t snapshot);
+void* mc_member_resolve(const void* base, dw_type_t type, dw_type_t member, mc_snapshot_t snapshot, int process_index);
typedef struct s_dw_variable{
Dwarf_Off dwarf_offset; /* Global offset of the field. */
void* address;
size_t start_scope;
+ mc_object_info_t object_info;
}s_dw_variable_t, *dw_variable_t;
struct s_dw_frame{
+ int tag;
char *name;
void *low_pc;
void *high_pc;
s_mc_location_list_t frame_base;
xbt_dynar_t /* <dw_variable_t> */ variables; /* Cannot use dict, there may be several variables with the same name (in different lexical blocks)*/
- unsigned long int start; /* DWARF offset of the subprogram */
- unsigned long int end; /* Dwarf offset of the next sibling */
+ unsigned long int id; /* DWARF offset of the subprogram */
+ xbt_dynar_t /* <dw_frame_t> */ scopes;
+ Dwarf_Off abstract_origin_id;
+ mc_object_info_t object_info;
};
struct s_mc_function_index_item {
void MC_register_variable(mc_object_info_t info, dw_frame_t frame, dw_variable_t variable);
void MC_dwarf_register_non_global_variable(mc_object_info_t info, dw_frame_t frame, dw_variable_t variable);
void MC_dwarf_register_variable(mc_object_info_t info, dw_frame_t frame, dw_variable_t variable);
+
+/** Find the DWARF offset for this ELF object
+ *
+ * An offset is applied to address found in DWARF:
+ *
+ * <ul>
+ * <li>for an executable obejct, addresses are virtual address
+ * (there is no offset) i.e. \f$\text{virtual address} = \{dwarf address}\f$;</li>
+ * <li>for a shared object, the addreses are offset from the begining
+ * of the shared object (the base address of the mapped shared
+ * object must be used as offset
+ * i.e. \f$\text{virtual address} = \text{shared object base address}
+ * + \text{dwarf address}\f$.</li>
+ *
+ */
void* MC_object_base_address(mc_object_info_t info);
/********************************** DWARF **********************************/
#define MC_EXPRESSION_E_STACK_UNDERFLOW 3
#define MC_EXPRESSION_E_MISSING_STACK_CONTEXT 4
#define MC_EXPRESSION_E_MISSING_FRAME_BASE 5
+#define MC_EXPRESSION_E_NO_BASE_ADDRESS 6
typedef struct s_mc_expression_state {
uintptr_t stack[MC_EXPRESSION_STACK_SIZE];
unw_cursor_t* cursor;
void* frame_base;
mc_snapshot_t snapshot;
+ mc_object_info_t object_info;
+ int process_index;
} s_mc_expression_state_t, *mc_expression_state_t;
int mc_dwarf_execute_expression(size_t n, const Dwarf_Op* ops, mc_expression_state_t state);
-void* mc_find_frame_base(dw_frame_t frame, unw_cursor_t* unw_cursor);
+void* mc_find_frame_base(dw_frame_t frame, mc_object_info_t object_info, unw_cursor_t* unw_cursor);
/********************************** Miscellaneous **********************************/
typedef struct s_local_variable{
- char *frame;
+ dw_frame_t subprogram;
unsigned long ip;
char *name;
dw_type_t type;
int num;
smx_action_t comm;
e_smx_comm_type_t type;
- int completed;
unsigned long src_proc;
unsigned long dst_proc;
const char *src_host;
const char *dst_host;
char *rdv;
- size_t data_size;
+ ssize_t data_size;
void *data;
- int matched_comm;
}s_mc_comm_pattern_t, *mc_comm_pattern_t;
+extern xbt_dynar_t initial_communications_pattern;
extern xbt_dynar_t communications_pattern;
+extern xbt_dynar_t incomplete_communications_pattern;
void get_comm_pattern(xbt_dynar_t communications_pattern, smx_simcall_t request, int call);
+void complete_comm_pattern(xbt_dynar_t list, smx_action_t comm);
+void MC_pre_modelcheck_comm_determinism(void);
+void MC_modelcheck_comm_determinism(void);
/* *********** Sets *********** */
* */
uint64_t mc_hash_processes_state(int num_state, xbt_dynar_t stacks);
-#endif
+/* *********** Snapshot *********** */
+
+static inline __attribute__((always_inline))
+void* mc_translate_address_region(uintptr_t addr, mc_mem_region_t region)
+{
+ size_t pageno = mc_page_number(region->start_addr, (void*) addr);
+ size_t snapshot_pageno = region->page_numbers[pageno];
+ const void* snapshot_page = mc_page_store_get_page(mc_model_checker->pages, snapshot_pageno);
+ return (char*) snapshot_page + mc_page_offset((void*) addr);
+}
+
+/** \brief Translate a pointer from process address space to snapshot address space
+ *
+ * The address space contains snapshot of the main/application memory:
+ * this function finds the address in a given snaphot for a given
+ * real/application address.
+ *
+ * For read only memory regions and other regions which are not int the
+ * snapshot, the address is not changed.
+ *
+ * \param addr Application address
+ * \param snapshot The snapshot of interest (if NULL no translation is done)
+ * \return Translated address in the snapshot address space
+ * */
+static inline __attribute__((always_inline))
+void* mc_translate_address(uintptr_t addr, mc_snapshot_t snapshot, int process_index)
+{
+
+ // If not in a process state/clone:
+ if (!snapshot) {
+ return (uintptr_t *) addr;
+ }
+
+ mc_mem_region_t region = mc_get_snapshot_region((void*) addr, snapshot, process_index);
+
+ xbt_assert(mc_region_contain(region, (void*) addr), "Trying to read out of the region boundary.");
+
+ if (!region) {
+ return (void *) addr;
+ }
+
+ // Flat snapshot:
+ else if (region->data) {
+ uintptr_t offset = addr - (uintptr_t) region->start_addr;
+ return (void *) ((uintptr_t) region->data + offset);
+ }
+
+ // Per-page snapshot:
+ else if (region->page_numbers) {
+ return mc_translate_address_region(addr, region);
+ }
+
+ else {
+ xbt_die("No data for this memory region");
+ }
+}
+
+static inline __attribute__ ((always_inline))
+ void* mc_snapshot_get_heap_end(mc_snapshot_t snapshot) {
+ if(snapshot==NULL)
+ xbt_die("snapshot is NULL");
+ void** addr = &(std_heap->breakval);
+ return mc_snapshot_read_pointer(addr, snapshot, MC_ANY_PROCESS_INDEX);
+}
+
+static inline __attribute__ ((always_inline))
+void* mc_snapshot_read_pointer(void* addr, mc_snapshot_t snapshot, int process_index)
+{
+ void* res;
+ return *(void**) mc_snapshot_read(addr, snapshot, process_index, &res, sizeof(void*));
+}
+
+/** @brief Read memory from a snapshot region
+ *
+ * @param addr Process (non-snapshot) address of the data
+ * @param region Snapshot memory region where the data is located
+ * @param target Buffer to store the value
+ * @param size Size of the data to read in bytes
+ * @return Pointer where the data is located (target buffer of original location)
+ */
+static inline __attribute__((always_inline))
+void* mc_snapshot_read_region(void* addr, mc_mem_region_t region, void* target, size_t size)
+{
+ if (region==NULL)
+ return addr;
+
+ uintptr_t offset = (char*) addr - (char*) region->start_addr;
+
+ xbt_assert(mc_region_contain(region, addr),
+ "Trying to read out of the region boundary.");
+
+ // Linear memory region:
+ if (region->data) {
+ return (char*) region->data + offset;
+ }
+
+ // Fragmented memory region:
+ else if (region->page_numbers) {
+ // Last byte of the region:
+ void* end = (char*) addr + size - 1;
+ if( mc_same_page(addr, end) ) {
+ // The memory is contained in a single page:
+ return mc_translate_address_region((uintptr_t) addr, region);
+ } else {
+ // The memory spans several pages:
+ return mc_snapshot_read_fragmented(addr, region, target, size);
+ }
+ }
+
+ else {
+ xbt_die("No data available for this region");
+ }
+}
+
+static inline __attribute__ ((always_inline))
+void* mc_snapshot_read_pointer_region(void* addr, mc_mem_region_t region)
+{
+ void* res;
+ return *(void**) mc_snapshot_read_region(addr, region, &res, sizeof(void*));
+}
+
+SG_END_DECL()
+#endif
