Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ThreadEscape: Collect set of escaping threads flow-insensitively #1078

Merged
merged 22 commits into from
Jul 4, 2023
Merged

ThreadEscape: Collect set of escaping threads flow-insensitively #1078

merged 22 commits into from
Jul 4, 2023

Conversation

jerhard
Copy link
Member

@jerhard jerhard commented Jun 7, 2023

This PR changes the ThreadEscape analysis to track which threads escaped a variable in a flow-insensitive invariant. A thread escapes a variable if it assigns it to an lvalue that may already be escaped.

The escape information in the local state now collects only the escapes that happened in the threads own past. That means, there is no joining of escaped variables from the flow-insensitive invariant into the local state.

When queried whether a variable is escaped, the analysis checks the flow-insensitive set of threads that escaped it. If the set is empty, it is not escaped. If the set is not empty, it is checked whether any of the other threads that escaped it may already be started. If so, the variable may be escaped. If none of the other threads escaped the variable, then it is checked whether the current thread may have escaped the variable. This is done by looking it up in the local state.

This approach in particular handles the case when variables escape via globals after some threads have already started (see #1074), while not treating such variables as escaped at all program points (which was one issue with #1075, as well as the issue with the implementation in threadenter mentioned here: #1075 (comment)).

Fixes #1074

jerhard added 9 commits June 7, 2023 10:48
@jerhard
Add test case where escaped local has unsound value.
070f7ca
@jerhard
Remove race annotation, as this is secondary for this test case.
843e0dc
@jerhard
Move failing test with local escaping into escape test folder, simpli…
87a10f9 
…fy it.
@jerhard
ThreadEscape: Extract function emitting events.
f2c2145
@jerhard
Add simple failiing test case due to unsound escape analysis.
df407b1
@jerhard
ThreadEscape: collect which threads escaped variables in flow-insensi…
9143b2a 
…tive invariant.
@jerhard
ThreadEscape: also answer whether variable escaped in singlethreaded …
cbfe7b6 
…mode, support pthread_setspecific again.

The base analysis relies on variables being considered escaped even in single-threaded mode, when determining which local variables to pass to a callee: Locals possibly reachable via globals need to be considered escaped.
@jerhard
Add test case, extend test case with interval checks.
7533309
@jerhard
Indent threadEscape.ml
fb90c45
@jerhard jerhard mentioned this pull request Jun 7, 2023
Closed
@michael-schwarz michael-schwarz self-requested a review June 7, 2023 09:14
jerhard added 2 commits June 14, 2023 10:43
@jerhard
Enable intervals for test case.
3fd471c
@jerhard
ThreadEscape: Check for uniquness of thread.
006d4ea 
If the current thread is non-unqiue and may escape the variable queried with (MayEscape v), then v may be escaped.
jerhard added 6 commits June 14, 2023 12:34
@jerhard
RelationAnalysis.threadenter: include reachable thread create args in…
7d70907 
… rel.

Reuse implementation of enter in threadenter to determine what to add to rel.
@jerhard
ThreadEscape.threadenter: set local state (i.e., variables secaped in…
44d560e 
… thread) to empty set.

Previous solution that had a non-empty state was required only due to RelationAnalysis that did not pass reachable variables to the created thread in threadenter.
@jerhard
Remove debug output.
fb93563
@jerhard
Revert "RelationAnalysis.threadenter: include reachable thread create…
83e87e5 
… args in rel."

This reverts commit 7d70907.
@jerhard
Fix apron threadenter for unreached fixedpoint for 63/16.
6b6c00f
@jerhard
RelationAnalysis.threadenter: Deduplicate code with enter.
3d60727
@jerhard
Copy link
Member Author

jerhard commented Jun 16, 2023
edited
Loading

Some changes to the RelationAnalysis.threadenter were necessary. The reason is that the RelationAnalysis relied on variables that were reachable for the created thread via an argument to the pthread_create to be considered escaped right away, otherwise, it would crash. This becomes a problem now that the information that the parameter to the pthread_create escapes is only computed later during the evaluation of the constraint system (via a side-effect in threadspawn).
Therefore, I changed the RelationAnalysis.threadenter such that it maintains variables reachable from the passed argument in the relation rel of the created thread.

michael-schwarz
michael-schwarz approved these changes Jun 21, 2023
View reviewed changes
Copy link
Member

@michael-schwarz michael-schwarz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apart from the comments, i think this is good to merge!

@sim642 sim642 self-requested a review June 22, 2023 10:21
jerhard added 2 commits June 26, 2023 13:57
@jerhard
Extract check for thread-uniqueness out.
a8c6722
@jerhard
Move copy of relation to ensure that ctx.local.rel is not changed by …
491dfbd 
…following desctructive update.

This ensures that new_rel is a disctinct object from ctx.local.rel to ensure that the latter is not modified by RD.remove_filter_with.
@michael-schwarz
Copy link
Member

@sim642 Do you still want to review this or are we good to merge?

@jerhard
AffineEqualityDomain: Perform explicit copy in add_vars, drop_vars, k…
90016e1 
…eep_vars, keep_filter.

The operations on a relational domain (wihtout _with suffix) should ensure that the returned object is not physically equal. This way, the explicit copy in relationAnalysis.make_callee_rel can be avoided.
@michael-schwarz
Copy link
Member

@sim642 Since the remaining issue was addressed, is this now good to merge?

@michael-schwarz michael-schwarz merged commit d65ed54 into master Jul 4, 2023
@michael-schwarz michael-schwarz deleted the escape_analysis_flow-insens branch July 4, 2023 16:23
@sim642 sim642 added this to the v2.2.0 milestone Sep 11, 2023
@sim642 sim642 mentioned this pull request Sep 13, 2023
Closed
sim642 added a commit to sim642/opam-repository that referenced this pull request Sep 13, 2023
@sim642
[new release] goblint (2.2.0)
eb80bce 
CHANGES:

* Add `setjmp`/`longjmp` analysis (goblint/analyzer#887, goblint/analyzer#970, goblint/analyzer#1015, goblint/analyzer#1019).
* Refactor race analysis to lazy distribution (goblint/analyzer#1084, goblint/analyzer#1089, goblint/analyzer#1136, goblint/analyzer#1016).
* Add thread-unsafe library function call analysis (goblint/analyzer#723, goblint/analyzer#1082).
* Add mutex type analysis and mutex API analysis (goblint/analyzer#800, goblint/analyzer#839, goblint/analyzer#1073).
* Add interval set domain and string literals domain (goblint/analyzer#901, goblint/analyzer#966, goblint/analyzer#994, goblint/analyzer#1048).
* Add affine equalities analysis (goblint/analyzer#592).
* Add use-after-free analysis (goblint/analyzer#1050, goblint/analyzer#1114).
* Add dead code elimination transformation (goblint/analyzer#850, goblint/analyzer#979).
* Add taint analysis for partial contexts (goblint/analyzer#553, goblint/analyzer#952).
* Add YAML witness validation via unassume (goblint/analyzer#796, goblint/analyzer#977, goblint/analyzer#1044, goblint/analyzer#1045, goblint/analyzer#1124).
* Add incremental analysis rename detection (goblint/analyzer#774, goblint/analyzer#777).
* Fix address sets unsoundness (goblint/analyzer#822, goblint/analyzer#967, goblint/analyzer#564, goblint/analyzer#1032, goblint/analyzer#998, goblint/analyzer#1031).
* Fix thread escape analysis unsoundness (goblint/analyzer#939, goblint/analyzer#984, goblint/analyzer#1074, goblint/analyzer#1078).
* Fix many incremental analysis issues (goblint/analyzer#627, goblint/analyzer#836, goblint/analyzer#835, goblint/analyzer#841, goblint/analyzer#932, goblint/analyzer#678, goblint/analyzer#942, goblint/analyzer#949, goblint/analyzer#950, goblint/analyzer#957, goblint/analyzer#955, goblint/analyzer#954, goblint/analyzer#960, goblint/analyzer#959, goblint/analyzer#1004, goblint/analyzer#558, goblint/analyzer#1010, goblint/analyzer#1091).
* Fix server mode for abstract debugging (goblint/analyzer#983, goblint/analyzer#990, goblint/analyzer#997, goblint/analyzer#1000, goblint/analyzer#1001, goblint/analyzer#1013, goblint/analyzer#1018, goblint/analyzer#1017, goblint/analyzer#1026, goblint/analyzer#1027).
* Add documentation for configuration JSON schema and OCaml API (goblint/analyzer#999, goblint/analyzer#1054, goblint/analyzer#1055, goblint/analyzer#1053).
* Add many library function specifications (goblint/analyzer#962, goblint/analyzer#996, goblint/analyzer#1028, goblint/analyzer#1079, goblint/analyzer#1121, goblint/analyzer#1135, goblint/analyzer#1138).
* Add OCaml 5.0 support (goblint/analyzer#1003, goblint/analyzer#945, goblint/analyzer#1162).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michael-schwarz michael-schwarz michael-schwarz approved these changes

@sim642 sim642 sim642 approved these changes

Assignees
No one assigned
Labels
bug unsound
Projects
None yet
Milestone
v2.2.0
Development

Successfully merging this pull request may close these issues.

Escaped variables are not communicated between threads
3 participants
@jerhard @michael-schwarz @sim642