1 /* Copyright (c) 2007-2014. The SimGrid Team.
2 * All rights reserved. */
4 /* This program is free software; you can redistribute it and/or modify it
5 * under the terms of the license (GNU LGPL) which comes with this package. */
10 #include "simgrid_config.h"
15 #include <elfutils/libdw.h>
18 #include "mc/datatypes.h"
20 #include "xbt/config.h"
21 #include "xbt/function_types.h"
22 #include "xbt/mmalloc.h"
23 #include "../simix/smx_private.h"
24 #include "../xbt/mmalloc/mmprivate.h"
25 #include "xbt/automaton.h"
28 #include "msg/datatypes.h"
29 #include "xbt/strbuff.h"
30 #include "xbt/parmap.h"
32 typedef struct s_dw_frame s_dw_frame_t, *dw_frame_t;
33 typedef struct s_mc_function_index_item s_mc_function_index_item_t, *mc_function_index_item_t;
35 /****************************** Snapshots ***********************************/
37 #define NB_REGIONS 3 /* binary data (data + BSS) (type = 2), libsimgrid data (data + BSS) (type = 1), std_heap (type = 0)*/
39 typedef struct s_mc_mem_region{
44 // Size of the data region:
46 // For per-page snapshots, this is an array to the number of
48 } s_mc_mem_region_t, *mc_mem_region_t;
52 * Some parts of the snapshot are ignored by zeroing them out: the real
53 * values is stored here.
55 typedef struct s_mc_snapshot_ignored_data {
59 } s_mc_snapshot_ignored_data_t, *mc_snapshot_ignored_data_t;
61 typedef struct s_mc_snapshot{
62 size_t heap_bytes_used;
63 mc_mem_region_t regions[NB_REGIONS];
64 xbt_dynar_t enabled_processes;
65 mc_mem_region_t* privatization_regions;
66 int privatization_index;
69 xbt_dynar_t to_ignore;
71 xbt_dynar_t ignored_data;
72 } s_mc_snapshot_t, *mc_snapshot_t;
74 /** Information about a given stack frame
77 typedef struct s_mc_stack_frame {
78 /** Instruction pointer */
82 unw_word_t frame_base;
85 unw_cursor_t unw_cursor;
86 } s_mc_stack_frame_t, *mc_stack_frame_t;
88 typedef struct s_mc_snapshot_stack{
89 xbt_dynar_t local_variables;
92 xbt_dynar_t stack_frames; // mc_stack_frame_t
93 }s_mc_snapshot_stack_t, *mc_snapshot_stack_t;
95 typedef struct s_mc_global_t{
96 mc_snapshot_t snapshot;
100 int initial_communications_pattern_done;
101 int comm_deterministic;
102 int send_deterministic;
103 }s_mc_global_t, *mc_global_t;
105 typedef struct s_mc_checkpoint_ignore_region{
108 }s_mc_checkpoint_ignore_region_t, *mc_checkpoint_ignore_region_t;
112 inline static void* mc_snapshot_get_heap_end(mc_snapshot_t snapshot) {
114 xbt_die("snapshot is NULL");
115 xbt_mheap_t heap = (xbt_mheap_t)snapshot->regions[0]->data;
116 return heap->breakval;
119 mc_snapshot_t SIMIX_pre_mc_snapshot(smx_simcall_t simcall);
120 mc_snapshot_t MC_take_snapshot(int num_state);
121 void MC_restore_snapshot(mc_snapshot_t);
122 void MC_free_snapshot(mc_snapshot_t);
124 int mc_important_snapshot(mc_snapshot_t snapshot);
126 size_t* mc_take_page_snapshot_region(void* data, size_t page_count, uint64_t* pagemap, size_t* reference_pages);
127 void mc_free_page_snapshot_region(size_t* pagenos, size_t page_count);
128 void mc_restore_page_snapshot_region(mc_mem_region_t region, size_t page_count, uint64_t* pagemap, mc_mem_region_t reference_region);
130 mc_mem_region_t mc_region_new_sparse(int type, void *start_addr, size_t size, mc_mem_region_t ref_reg);
131 void mc_region_restore_sparse(mc_mem_region_t reg, mc_mem_region_t ref_reg);
132 void mc_softdirty_reset();
134 typedef struct s_mc_pages_store s_mc_pages_store_t, * mc_pages_store_t;
135 mc_pages_store_t mc_pages_store_new();
137 /** @brief State of the model-checker (global variables for the model checker)
139 * Each part of the state of the model chercker represented as a global
140 * variable prevents some sharing between snapshots and must be ignored.
141 * By moving as much state as possible in this structure allocated
142 * on the model-chercker heap, we avoid those issues.
144 typedef struct s_mc_model_checker {
145 // This is the parent snapshot of the current state:
146 mc_snapshot_t parent_snapshot;
147 mc_pages_store_t pages;
150 } s_mc_model_checker_t, *mc_model_checker_t;
152 extern mc_model_checker_t mc_model_checker;
154 /** \brief Translate a pointer from process address space to snapshot address space
156 * The address space contains snapshot of the main/application memory:
157 * this function finds the address in a given snaphot for a given
158 * real/application address.
160 * For read only memory regions and other regions which are not int the
161 * snapshot, the address is not changed.
163 * \param addr Application address
164 * \param snapshot The snapshot of interest (if NULL no translation is done)
165 * \return Translated address in the snapshot address space
167 void* mc_translate_address(uintptr_t addr, mc_snapshot_t snapshot);
169 /** \brief Translate a pointer from the snapshot address space to the application address space
171 * This is the inverse of mc_translate_address.
173 * \param addr Address in the snapshot address space
174 * \param snapsot Snapshot of interest (if NULL no translation is done)
175 * \return Translated address in the application address space
177 uintptr_t mc_untranslate_address(void* addr, mc_snapshot_t snapshot);
179 extern xbt_dynar_t mc_checkpoint_ignore;
181 /********************************* MC Global **********************************/
183 extern double *mc_time;
184 extern FILE *dot_output;
185 extern const char* colors[13];
186 extern xbt_parmap_t parmap;
188 extern int user_max_depth_reached;
190 int MC_deadlock_check(void);
191 void MC_replay(xbt_fifo_t stack, int start);
192 void MC_replay_liveness(xbt_fifo_t stack, int all_stack);
193 void MC_wait_for_requests(void);
194 void MC_show_deadlock(smx_simcall_t req);
195 void MC_show_stack_safety(xbt_fifo_t stack);
196 void MC_dump_stack_safety(xbt_fifo_t stack);
197 int SIMIX_pre_mc_random(smx_simcall_t simcall, int min, int max);
199 extern xbt_fifo_t mc_stack;
200 int get_search_interval(xbt_dynar_t list, void *ref, int *min, int *max);
203 /********************************* Requests ***********************************/
205 int MC_request_depend(smx_simcall_t req1, smx_simcall_t req2);
206 char* MC_request_to_string(smx_simcall_t req, int value);
207 unsigned int MC_request_testany_fail(smx_simcall_t req);
208 /*int MC_waitany_is_enabled_by_comm(smx_req_t req, unsigned int comm);*/
209 int MC_request_is_visible(smx_simcall_t req);
210 int MC_request_is_enabled(smx_simcall_t req);
211 int MC_request_is_enabled_by_idx(smx_simcall_t req, unsigned int idx);
212 int MC_process_is_enabled(smx_process_t process);
213 char *MC_request_get_dot_output(smx_simcall_t req, int value);
216 /******************************** States **************************************/
218 extern mc_global_t initial_global_state;
220 /* Possible exploration status of a process in a state */
222 MC_NOT_INTERLEAVE=0, /* Do not interleave (do not execute) */
223 MC_INTERLEAVE, /* Interleave the process (one or more request) */
224 MC_MORE_INTERLEAVE, /* Interleave twice the process (for mc_random simcall) */
225 MC_DONE /* Already interleaved */
226 } e_mc_process_state_t;
228 /* On every state, each process has an entry of the following type */
229 typedef struct mc_procstate{
230 e_mc_process_state_t state; /* Exploration control information */
231 unsigned int interleave_count; /* Number of times that the process was
233 } s_mc_procstate_t, *mc_procstate_t;
235 /* An exploration state is composed of: */
236 typedef struct mc_state {
237 unsigned long max_pid; /* Maximum pid at state's creation time */
238 mc_procstate_t proc_status; /* State's exploration status by process */
239 s_smx_action_t internal_comm; /* To be referenced by the internal_req */
240 s_smx_simcall_t internal_req; /* Internal translation of request */
241 s_smx_simcall_t executed_req; /* The executed request of the state */
242 int req_num; /* The request number (in the case of a
243 multi-request like waitany ) */
244 mc_snapshot_t system_state; /* Snapshot of system state */
246 } s_mc_state_t, *mc_state_t;
248 mc_state_t MC_state_new(void);
249 void MC_state_delete(mc_state_t state);
250 void MC_state_interleave_process(mc_state_t state, smx_process_t process);
251 unsigned int MC_state_interleave_size(mc_state_t state);
252 int MC_state_process_is_done(mc_state_t state, smx_process_t process);
253 void MC_state_set_executed_request(mc_state_t state, smx_simcall_t req, int value);
254 smx_simcall_t MC_state_get_executed_request(mc_state_t state, int *value);
255 smx_simcall_t MC_state_get_internal_request(mc_state_t state);
256 smx_simcall_t MC_state_get_request(mc_state_t state, int *value);
257 void MC_state_remove_interleave_process(mc_state_t state, smx_process_t process);
260 /****************************** Statistics ************************************/
262 typedef struct mc_stats {
263 unsigned long state_size;
264 unsigned long visited_states;
265 unsigned long visited_pairs;
266 unsigned long expanded_states;
267 unsigned long expanded_pairs;
268 unsigned long executed_transitions;
269 } s_mc_stats_t, *mc_stats_t;
271 extern mc_stats_t mc_stats;
273 void MC_print_statistics(mc_stats_t);
276 /********************************** MEMORY ******************************/
277 /* The possible memory modes for the modelchecker are standard and raw. */
278 /* Normally the system should operate in std, for switching to raw mode */
279 /* you must wrap the code between MC_SET_RAW_MODE and MC_UNSET_RAW_MODE */
281 extern void *std_heap;
282 extern void *mc_heap;
285 /* FIXME: Horrible hack! because the mmalloc library doesn't provide yet of */
286 /* an API to query about the status of a heap, we simply call mmstats and */
287 /* because I now how does structure looks like, then I redefine it here */
289 /* struct mstats { */
290 /* size_t bytes_total; /\* Total size of the heap. *\/ */
291 /* size_t chunks_used; /\* Chunks allocated by the user. *\/ */
292 /* size_t bytes_used; /\* Byte total of user-allocated chunks. *\/ */
293 /* size_t chunks_free; /\* Chunks in the free list. *\/ */
294 /* size_t bytes_free; /\* Byte total of chunks in the free list. *\/ */
297 #define MC_SET_MC_HEAP mmalloc_set_current_heap(mc_heap)
298 #define MC_SET_STD_HEAP mmalloc_set_current_heap(std_heap)
301 /******************************* MEMORY MAPPINGS ***************************/
302 /* These functions and data structures implements a binary interface for */
303 /* the proc maps ascii interface */
305 /* Each field is defined as documented in proc's manual page */
306 typedef struct s_map_region {
308 void *start_addr; /* Start address of the map */
309 void *end_addr; /* End address of the map */
310 int prot; /* Memory protection */
311 int flags; /* Additional memory flags */
312 void *offset; /* Offset in the file/whatever */
313 char dev_major; /* Major of the device */
314 char dev_minor; /* Minor of the device */
315 unsigned long inode; /* Inode in the device */
316 char *pathname; /* Path name of the mapped file */
320 typedef struct s_memory_map {
322 s_map_region_t *regions; /* Pointer to an array of regions */
323 int mapsize; /* Number of regions in the memory */
325 } s_memory_map_t, *memory_map_t;
328 void MC_init_memory_map_info(void);
329 memory_map_t MC_get_memory_map(void);
330 void MC_free_memory_map(memory_map_t map);
332 extern char *libsimgrid_path;
334 /********************************** Snapshot comparison **********************************/
336 typedef struct s_mc_comparison_times{
337 double nb_processes_comparison_time;
338 double bytes_used_comparison_time;
339 double stacks_sizes_comparison_time;
340 double binary_global_variables_comparison_time;
341 double libsimgrid_global_variables_comparison_time;
342 double heap_comparison_time;
343 double stacks_comparison_time;
344 }s_mc_comparison_times_t, *mc_comparison_times_t;
346 extern __thread mc_comparison_times_t mc_comp_times;
347 extern __thread double mc_snapshot_comparison_time;
349 int snapshot_compare(void *state1, void *state2);
350 int SIMIX_pre_mc_compare_snapshots(smx_simcall_t simcall, mc_snapshot_t s1, mc_snapshot_t s2);
351 void print_comparison_times(void);
356 /********************************** Safety verification **************************************/
364 extern e_mc_reduce_t mc_reduce_kind;
365 extern xbt_dict_t first_enabled_state;
367 void MC_pre_modelcheck_safety(void);
368 void MC_modelcheck_safety(void);
370 typedef struct s_mc_visited_state{
371 mc_snapshot_t system_state;
372 size_t heap_bytes_used;
375 int other_num; // dot_output for
376 }s_mc_visited_state_t, *mc_visited_state_t;
378 extern xbt_dynar_t visited_states;
379 int is_visited_state(void);
380 void visited_state_free(mc_visited_state_t state);
381 void visited_state_free_voidp(void *s);
383 /********************************** Liveness verification **************************************/
385 extern xbt_automaton_t _mc_property_automaton;
387 typedef struct s_mc_pair{
390 mc_state_t graph_state; /* System state included */
391 xbt_automaton_state_t automaton_state;
392 xbt_dynar_t atomic_propositions;
394 }s_mc_pair_t, *mc_pair_t;
396 typedef struct s_mc_visited_pair{
398 int other_num; /* Dot output for */
400 mc_state_t graph_state; /* System state included */
401 xbt_automaton_state_t automaton_state;
402 xbt_dynar_t atomic_propositions;
403 size_t heap_bytes_used;
405 int acceptance_removed;
407 }s_mc_visited_pair_t, *mc_visited_pair_t;
409 mc_pair_t MC_pair_new(void);
410 void MC_pair_delete(mc_pair_t);
411 void mc_pair_free_voidp(void *p);
412 mc_visited_pair_t MC_visited_pair_new(int pair_num, xbt_automaton_state_t automaton_state, xbt_dynar_t atomic_propositions);
413 void MC_visited_pair_delete(mc_visited_pair_t p);
415 void MC_pre_modelcheck_liveness(void);
416 void MC_modelcheck_liveness(void);
417 void MC_show_stack_liveness(xbt_fifo_t stack);
418 void MC_dump_stack_liveness(xbt_fifo_t stack);
420 extern xbt_dynar_t visited_pairs;
421 int is_visited_pair(mc_visited_pair_t pair, int pair_num, xbt_automaton_state_t automaton_state, xbt_dynar_t atomic_propositions);
424 /********************************** Variables with DWARF **********************************/
426 #define MC_OBJECT_INFO_EXECUTABLE 1
428 struct s_mc_object_info {
431 char *start_exec, *end_exec; // Executable segment
432 char *start_rw, *end_rw; // Read-write segment
433 char *start_ro, *end_ro; // read-only segment
434 xbt_dict_t subprograms; // xbt_dict_t<origin as hexadecimal string, dw_frame_t>
435 xbt_dynar_t global_variables; // xbt_dynar_t<dw_variable_t>
436 xbt_dict_t types; // xbt_dict_t<origin as hexadecimal string, dw_type_t>
437 xbt_dict_t full_types_by_name; // xbt_dict_t<name, dw_type_t> (full defined type only)
439 // Here we sort the minimal information for an efficient (and cache-efficient)
440 // lookup of a function given an instruction pointer.
441 // The entries are sorted by low_pc and a binary search can be used to look them up.
442 xbt_dynar_t functions_index;
445 mc_object_info_t MC_new_object_info(void);
446 mc_object_info_t MC_find_object_info(memory_map_t maps, char* name, int executable);
447 void MC_free_object_info(mc_object_info_t* p);
449 void MC_dwarf_get_variables(mc_object_info_t info);
450 void MC_dwarf_get_variables_libdw(mc_object_info_t info);
451 const char* MC_dwarf_attrname(int attr);
452 const char* MC_dwarf_tagname(int tag);
454 dw_frame_t MC_find_function_by_ip(void* ip);
455 mc_object_info_t MC_ip_find_object_info(void* ip);
457 extern mc_object_info_t mc_libsimgrid_info;
458 extern mc_object_info_t mc_binary_info;
459 extern mc_object_info_t mc_object_infos[2];
460 extern size_t mc_object_infos_size;
462 void MC_find_object_address(memory_map_t maps, mc_object_info_t result);
463 void MC_post_process_types(mc_object_info_t info);
464 void MC_post_process_object_info(mc_object_info_t info);
468 /** \brief a DWARF expression with optional validity contraints */
469 typedef struct s_mc_expression {
472 // Optional validity:
473 void* lowpc, *highpc;
474 } s_mc_expression_t, *mc_expression_t;
476 /** A location list (list of location expressions) */
477 typedef struct s_mc_location_list {
479 mc_expression_t locations;
480 } s_mc_location_list_t, *mc_location_list_t;
482 uintptr_t mc_dwarf_resolve_location(mc_expression_t expression, mc_object_info_t object_info, unw_cursor_t* c, void* frame_pointer_address, mc_snapshot_t snapshot);
483 uintptr_t mc_dwarf_resolve_locations(mc_location_list_t locations, mc_object_info_t object_info, unw_cursor_t* c, void* frame_pointer_address, mc_snapshot_t snapshot);
485 void mc_dwarf_expression_clear(mc_expression_t expression);
486 void mc_dwarf_expression_init(mc_expression_t expression, size_t len, Dwarf_Op* ops);
488 void mc_dwarf_location_list_clear(mc_location_list_t list);
490 void mc_dwarf_location_list_init_from_expression(mc_location_list_t target, size_t len, Dwarf_Op* ops);
491 void mc_dwarf_location_list_init(mc_location_list_t target, mc_object_info_t info, Dwarf_Die* die, Dwarf_Attribute* attr);
493 // ***** Variables and functions
497 Dwarf_Off id; /* Offset in the section (in hexadecimal form) */
498 char *name; /* Name of the type */
499 int byte_size; /* Size in bytes */
500 int element_count; /* Number of elements for array type */
501 char *dw_type_id; /* DW_AT_type id */
502 xbt_dynar_t members; /* if DW_TAG_structure_type, DW_TAG_class_type, DW_TAG_union_type*/
505 // Location (for members) is either of:
506 struct s_mc_expression location;
509 dw_type_t subtype; // DW_AT_type
510 dw_type_t full_type; // The same (but more complete) type
513 void* mc_member_resolve(const void* base, dw_type_t type, dw_type_t member, mc_snapshot_t snapshot);
514 void* mc_member_snapshot_resolve(const void* base, dw_type_t type, dw_type_t member, mc_snapshot_t snapshot);
516 typedef struct s_dw_variable{
517 Dwarf_Off dwarf_offset; /* Global offset of the field. */
524 s_mc_location_list_t locations;
528 mc_object_info_t object_info;
530 }s_dw_variable_t, *dw_variable_t;
537 s_mc_location_list_t frame_base;
538 xbt_dynar_t /* <dw_variable_t> */ variables; /* Cannot use dict, there may be several variables with the same name (in different lexical blocks)*/
539 unsigned long int id; /* DWARF offset of the subprogram */
540 xbt_dynar_t /* <dw_frame_t> */ scopes;
541 Dwarf_Off abstract_origin_id;
542 mc_object_info_t object_info;
545 struct s_mc_function_index_item {
546 void* low_pc, *high_pc;
550 void mc_frame_free(dw_frame_t freme);
552 void dw_type_free(dw_type_t t);
553 void dw_variable_free(dw_variable_t v);
554 void dw_variable_free_voidp(void *t);
556 void MC_dwarf_register_global_variable(mc_object_info_t info, dw_variable_t variable);
557 void MC_register_variable(mc_object_info_t info, dw_frame_t frame, dw_variable_t variable);
558 void MC_dwarf_register_non_global_variable(mc_object_info_t info, dw_frame_t frame, dw_variable_t variable);
559 void MC_dwarf_register_variable(mc_object_info_t info, dw_frame_t frame, dw_variable_t variable);
561 /** Find the DWARF offset for this ELF object
563 * An offset is applied to address found in DWARF:
566 * <li>for an executable obejct, addresses are virtual address
567 * (there is no offset) i.e. \f$\text{virtual address} = \{dwarf address}\f$;</li>
568 * <li>for a shared object, the addreses are offset from the begining
569 * of the shared object (the base address of the mapped shared
570 * object must be used as offset
571 * i.e. \f$\text{virtual address} = \text{shared object base address}
572 * + \text{dwarf address}\f$.</li>
575 void* MC_object_base_address(mc_object_info_t info);
577 /********************************** DWARF **********************************/
579 #define MC_EXPRESSION_STACK_SIZE 64
581 #define MC_EXPRESSION_OK 0
582 #define MC_EXPRESSION_E_UNSUPPORTED_OPERATION 1
583 #define MC_EXPRESSION_E_STACK_OVERFLOW 2
584 #define MC_EXPRESSION_E_STACK_UNDERFLOW 3
585 #define MC_EXPRESSION_E_MISSING_STACK_CONTEXT 4
586 #define MC_EXPRESSION_E_MISSING_FRAME_BASE 5
587 #define MC_EXPRESSION_E_NO_BASE_ADDRESS 6
589 typedef struct s_mc_expression_state {
590 uintptr_t stack[MC_EXPRESSION_STACK_SIZE];
593 unw_cursor_t* cursor;
595 mc_snapshot_t snapshot;
596 mc_object_info_t object_info;
597 } s_mc_expression_state_t, *mc_expression_state_t;
599 int mc_dwarf_execute_expression(size_t n, const Dwarf_Op* ops, mc_expression_state_t state);
601 void* mc_find_frame_base(dw_frame_t frame, mc_object_info_t object_info, unw_cursor_t* unw_cursor);
603 /********************************** Miscellaneous **********************************/
605 typedef struct s_local_variable{
606 dw_frame_t subprogram;
612 }s_local_variable_t, *local_variable_t;
614 /********************************* Communications pattern ***************************/
616 typedef struct s_mc_comm_pattern{
619 e_smx_comm_type_t type;
620 unsigned long src_proc;
621 unsigned long dst_proc;
622 const char *src_host;
623 const char *dst_host;
627 }s_mc_comm_pattern_t, *mc_comm_pattern_t;
629 extern xbt_dynar_t communications_pattern;
630 extern xbt_dynar_t incomplete_communications_pattern;
632 void get_comm_pattern(xbt_dynar_t communications_pattern, smx_simcall_t request, int call);
633 void complete_comm_pattern(xbt_dynar_t list, smx_action_t comm);
634 void MC_pre_modelcheck_comm_determinism(void);
635 void MC_modelcheck_comm_determinism(void);
637 /* *********** Sets *********** */
639 typedef struct s_mc_address_set *mc_address_set_t;
641 mc_address_set_t mc_address_set_new();
642 void mc_address_set_free(mc_address_set_t* p);
643 void mc_address_add(mc_address_set_t p, const void* value);
644 bool mc_address_test(mc_address_set_t p, const void* value);
646 /* *********** Hash *********** */
648 /** \brief Hash the current state
649 * \param num_state number of states
650 * \param stacks stacks (mc_snapshot_stak_t) used fot the stack unwinding informations
651 * \result resulting hash
653 uint64_t mc_hash_processes_state(int num_state, xbt_dynar_t stacks);