Ego-Lane-Derived-Digests for Privatizations: ProtectionBasedTIDPriv
#1398
Conversation
|
I was able to cast this as a generic lifter, which means we get no additional code duplication here 😄 |
| module ThreadNotStartedDigest:Digest = | ||
| struct | ||
| include ThreadIdDomain.ThreadLifted | ||
|
|
||
| module TID = ThreadIdDomain.Thread | ||
|
|
||
| let current (ask: Q.ask) = | ||
| ThreadId.get_current ask | ||
|
|
||
| let accounted_for (ask: Q.ask) ~(current: t) ~(other: t) = | ||
| match current, other with | ||
| | `Lifted current, `Lifted other -> | ||
| MHP.definitely_not_started (current, ask.f Q.CreatedThreads) other | ||
| | _ -> false | ||
| end |
There was a problem hiding this comment.
Why does protection-tid use different digests than mutex-meet-tid?
There was a problem hiding this comment.
The difference is that mutex-meet-tid is equipped with a L component that guarantees that all join-local contributions are already accounted for. protection-tid instead does not track such a component and thus needs to rely purely on the refinement provided by the ego-lane-derived digest. I'll add a comment to this effect.
There was a problem hiding this comment.
But the digest modules don't have access to mutex-meet-tid's L, so how can it be coupled with that? Also in more-traces, the digest framework is introduced before L.
There was a problem hiding this comment.
Yes, but things such as not reading from yourself and not reading from joined threads goes beyond what the digests can do, and relies on the analysis taking care of it in some way.
Consider e.g. reading from a thread that has been joined: It is possible that this thread held the mutex last before me, and thus the digests are compatible.
It is only because the analyses also read from some L that this contribution is accounted_for.
There was a problem hiding this comment.
In more-traces this is the difference between
and
There was a problem hiding this comment.
Thanks for the explanation. I guess the coupling is kind of implicit here: this accounted_for assumes that the privatization actually accounts for things in its thread_join.
Co-authored-by: Simmo Saan <[email protected]>
CHANGES: * Remove unmaintained analyses: spec, file (goblint/analyzer#1281). * Add linear two-variable equalities analysis (goblint/analyzer#1297, goblint/analyzer#1412, goblint/analyzer#1466). * Add callstring, loopfree callstring and context gas analyses (goblint/analyzer#1038, goblint/analyzer#1340, goblint/analyzer#1379, goblint/analyzer#1427, goblint/analyzer#1439). * Add non-relational thread-modular value analyses with thread IDs (goblint/analyzer#1366, goblint/analyzer#1398, goblint/analyzer#1399). * Add NULL byte array domain (goblint/analyzer#1076). * Fix spurious overflow warnings from internal evaluations (goblint/analyzer#1406, goblint/analyzer#1411, goblint/analyzer#1511). * Refactor non-definite mutex handling to fix unsoundness (goblint/analyzer#1430, goblint/analyzer#1500, goblint/analyzer#1503, goblint/analyzer#1409). * Fix non-relational thread-modular value analysis unsoundness with ambiguous points-to sets (goblint/analyzer#1457, goblint/analyzer#1458). * Fix mutex type analysis unsoundness and enable it by default (goblint/analyzer#1414, goblint/analyzer#1416, goblint/analyzer#1510). * Add points-to set refinement on mutex path splitting (goblint/analyzer#1287, goblint/analyzer#1343, goblint/analyzer#1374, goblint/analyzer#1396, goblint/analyzer#1407). * Improve narrowing operators (goblint/analyzer#1502, goblint/analyzer#1540, goblint/analyzer#1543). * Extract automatic configuration tuning for soundness (goblint/analyzer#1369). * Fix many locations in witnesses (goblint/analyzer#1355, goblint/analyzer#1372, goblint/analyzer#1400, goblint/analyzer#1403). * Improve output readability (goblint/analyzer#1294, goblint/analyzer#1312, goblint/analyzer#1405, goblint/analyzer#1497). * Refactor logging (goblint/analyzer#1117). * Modernize all library function specifications (goblint/analyzer#1029, goblint/analyzer#688, goblint/analyzer#1174, goblint/analyzer#1289, goblint/analyzer#1447, goblint/analyzer#1487). * Remove OCaml 4.10, 4.11, 4.12 and 4.13 support (goblint/analyzer#1448).
CHANGES: * Remove unmaintained analyses: spec, file (goblint/analyzer#1281). * Add linear two-variable equalities analysis (goblint/analyzer#1297, goblint/analyzer#1412, goblint/analyzer#1466). * Add callstring, loopfree callstring and context gas analyses (goblint/analyzer#1038, goblint/analyzer#1340, goblint/analyzer#1379, goblint/analyzer#1427, goblint/analyzer#1439). * Add non-relational thread-modular value analyses with thread IDs (goblint/analyzer#1366, goblint/analyzer#1398, goblint/analyzer#1399). * Add NULL byte array domain (goblint/analyzer#1076). * Fix spurious overflow warnings from internal evaluations (goblint/analyzer#1406, goblint/analyzer#1411, goblint/analyzer#1511). * Refactor non-definite mutex handling to fix unsoundness (goblint/analyzer#1430, goblint/analyzer#1500, goblint/analyzer#1503, goblint/analyzer#1409). * Fix non-relational thread-modular value analysis unsoundness with ambiguous points-to sets (goblint/analyzer#1457, goblint/analyzer#1458). * Fix mutex type analysis unsoundness and enable it by default (goblint/analyzer#1414, goblint/analyzer#1416, goblint/analyzer#1510). * Add points-to set refinement on mutex path splitting (goblint/analyzer#1287, goblint/analyzer#1343, goblint/analyzer#1374, goblint/analyzer#1396, goblint/analyzer#1407). * Improve narrowing operators (goblint/analyzer#1502, goblint/analyzer#1540, goblint/analyzer#1543). * Extract automatic configuration tuning for soundness (goblint/analyzer#1369). * Fix many locations in witnesses (goblint/analyzer#1355, goblint/analyzer#1372, goblint/analyzer#1400, goblint/analyzer#1403). * Improve output readability (goblint/analyzer#1294, goblint/analyzer#1312, goblint/analyzer#1405, goblint/analyzer#1497). * Refactor logging (goblint/analyzer#1117). * Modernize all library function specifications (goblint/analyzer#1029, goblint/analyzer#688, goblint/analyzer#1174, goblint/analyzer#1289, goblint/analyzer#1447, goblint/analyzer#1487). * Remove OCaml 4.10, 4.11, 4.12 and 4.13 support (goblint/analyzer#1448).
Introduces one of the new privatizations which will need to be evaluated for my thesis. This might actually be a lightweight interesting instance that might be worth evaluating it in practice.
This takes the protection based analysis and replaces
[g]and[g]'by[g,A]and[g,A]'respectively, whereAis an ego-lane derived digest.Implementation-wise we once more use the Reduced-Cardinal-Powerset construction and change types of unknowns from
ValDto partial mapsDigest -> ValDwith default valuebot.TODO:
TID.is_must_parent. Currently, this is reflexive, which is against intuition (I rarely think of myself as my own father)