adding memory access count and proper scan for read d. races

Author: luickk

CMakeLists.txt

@@ -1,7 +1,7 @@
 project(sample)
 add_library(myclient SHARED instrument.c error_detector.c)
 target_include_directories(myclient PRIVATE ${include/})
-find_package(DynamoRIO PATHS ../DynamoRIO/cmake)
+find_package(DynamoRIO PATHS ../Libs/DynamoRIO-AArch64-Linux-9.0.1/cmake)
 if (NOT DynamoRIO_FOUND)
   message(FATAL_ERROR "DynamoRIO package required to build")
 endif(NOT DynamoRIO_FOUND)

buildAndRun.sh

@@ -1,2 +1,2 @@
 bash build.sh
-../DynamoRIO/bin64/drrun -c build/libmyclient.so -- basicMultiThread.elf -lpthread
+../Libs//DynamoRIO-AArch64-Linux-9.0.1/bin64/drrun -c build/libmyclient.so -- basicMultiThread.elf -lpthread

error_detector.c

@@ -13,6 +13,7 @@ typedef struct MemoryAccess {
    u16 opcode;
    u64 size;
    u64 callee_thread_id;
+   u64 memory_access_count;
 } MemoryAccess;
 
 typedef enum LockWritability {
@@ -28,10 +29,19 @@ typedef struct LockState {
    usize unlock_count;
 } LockState;
 
+
+typedef struct LockAccess {
+   LockWritability state;
+   usize addr;
+   u64 callee_thread_id;
+   u64 memory_access_count;
+} LockAccess;
+
 typedef struct MemoryAllocation {
    usize addr;
    u64 size;
    u64 callee_thread_id;
+   u64 memory_access_count;
 } MemoryAllocation;
 
 typedef struct ThreadState {
@@ -44,9 +54,18 @@ typedef struct ThreadState {
     u64 mem_write_set_capacity;
     u64 mem_write_set_len;
 
+
     LockState *lock_state_set;
     u64 lock_state_set_capacity;
     u64 lock_state_set_len;
+
+    LockAccess *lock_write_held_set;
+    u64 lock_write_held_set_capacity;
+    u64 lock_write_held_set_len;
+
+    LockAccess *lock_read_held_set;
+    u64 lock_read_held_set_capacity;
+    u64 lock_read_held_set_len;
 } ThreadState;
 
 
@@ -57,6 +76,7 @@ u64 n_allocs = 0;
 ThreadState threads[MAX_THREADS] = {};
 u64 n_threads = 0;
 
+u64 memory_access_counter = 0;
 
 // util fns..
 void *increase_set_capacity(void *set, u64 *set_capacity) {
@@ -75,6 +95,16 @@ i64 find_thread_by_tid(u64 tid) {
     return -1;
 }
 
+i64 find_lockset_by_memory_access_count(LockAccess *lock_set, u64 lock_set_len, u64 access_count) {
+    u64 i;
+    for (i = 0; i <= lock_set_len; i++) {
+        if (lock_set[i].memory_access_count == access_count) {
+            return i;
+        }
+    }
+    return -1;
+}
+
 u32 is_in_range(u64 num, u64 min, u64 max) {      
     return (min <= num && num <= max); 
 }
@@ -97,6 +127,8 @@ void mem_analyse_exit() {
         free(threads[j].mem_write_set);
         free(threads[j].mem_read_set);
         free(threads[j].lock_state_set);
+        free(threads[j].lock_write_held_set);
+        free(threads[j].lock_read_held_set);
     }
 }
 
@@ -131,6 +163,20 @@ u32 mem_analyse_new_thread_init(void *drcontext) {
         return 0;
     }
 
+    threads[n_threads].lock_write_held_set = (LockAccess*)malloc(sizeof(LockAccess) * linear_set_size_increment);
+    threads[n_threads].lock_write_held_set_capacity = linear_set_size_increment;
+    if (threads[n_threads].lock_write_held_set == NULL) {        
+        printf("set allocation error \n");
+        return 0;
+    }
+
+    threads[n_threads].lock_read_held_set = (LockAccess*)malloc(sizeof(LockAccess) * linear_set_size_increment);
+    threads[n_threads].lock_read_held_set_capacity = linear_set_size_increment;
+    if (threads[n_threads].lock_read_held_set == NULL) {        
+        printf("set allocation error \n");
+        return 0;
+    }
+
     n_threads += 1;
     return 1;
 }
@@ -194,7 +240,17 @@ void wrap_pre_lock(void *wrapcxt, OUT void **user_data) {
     }
     thread_accessed->lock_state_set[i].lock_count += 1;
     if (thread_accessed->lock_state_set[i].lock_count >= thread_accessed->lock_state_set[i].lock_count) {
-        thread_accessed->lock_state_set[i].state = WriteHeld;
+        // now the lock is write held
+        thread_accessed->lock_write_held_set[thread_accessed->lock_write_held_set_len].addr = (usize) addr;
+        thread_accessed->lock_write_held_set[thread_accessed->lock_write_held_set_len].callee_thread_id = thread_id;
+        thread_accessed->lock_write_held_set[thread_accessed->lock_write_held_set_len].memory_access_count = memory_access_counter;
+        thread_accessed->lock_write_held_set_len += 1;
+    } else {
+        // read held
+        thread_accessed->lock_read_held_set[thread_accessed->lock_read_held_set_len].addr = (usize) addr;
+        thread_accessed->lock_read_held_set[thread_accessed->lock_read_held_set_len].callee_thread_id = thread_id;
+        thread_accessed->lock_read_held_set[thread_accessed->lock_read_held_set_len].memory_access_count = memory_access_counter;
+        thread_accessed->lock_read_held_set_len += 1;
     }
 }
 
@@ -226,23 +282,11 @@ void wrap_pre_malloc(void *wrapcxt, OUT void **user_data) {
 void check_for_race(ThreadState *thread_state) {
     int write_set_i, read_set_i, lock_set_i1, lock_set_i2;
     for (write_set_i = 0; write_set_i <= thread_state->mem_write_set_len; write_set_i++) {
-        for (lock_set_i2 = 0; lock_set_i2 <= thread_state->lock_state_set_len; lock_set_i2++) {
-            if(thread_state->lock_state_set[lock_set_i2].addr == thread_state->mem_write_set[write_set_i].address_accessed) {
-                // u32 lock_found = 0;
-
-                // for (read_set_i = 0; read_set_i <= thread_state->mem_read_set_len; read_set_i++) {
-                //     if(thread_state->lock_state_set[lock_set_i2].addr == thread_state->mem_read_set[read_set_i].address_accessed) {
-                //         for (lock_set_i1 = 0; lock_set_i1 <= thread_state->lock_state_set_len; lock_set_i1++) {
-                //             if(thread_state->lock_state_set[lock_set_i2].addr == thread_state->lock_state_set[lock_set_i1].addr) {
-                //                 lock_found = 1;
-                //             }
-                //         }
-                //     }
-                // }
-
-                // if (lock_found) {
-                //     printf("NO RACE CONDITION \n");
-                // }
+        for (read_set_i = 0; read_set_i <= thread_state->mem_read_set_len; read_set_i++) {
+            if (thread_state->mem_write_set[write_set_i].memory_access_count > thread_state->mem_read_set[read_set_i].memory_access_count) {
+                if (find_lockset_by_memory_access_count(thread_state->lock_write_held_set, thread_state->lock_write_held_set_len, thread_state->lock_write_held_set[write_set_i].memory_access_count) == -1 || find_lockset_by_memory_access_count(thread_state->lock_write_held_set, thread_state->lock_write_held_set_len, thread_state->mem_read_set[read_set_i].memory_access_count) == -1) {
+                    printf("FOUND!\n");
+                }
             }
         }
     }
@@ -277,6 +321,8 @@ void memtrace(void *drcontext, u64 thread_id) {
             BUF_PTR(data->seg_base) = data->buf_base;
             return;
         }
+        memory_access_counter++;
+        if (memory_access_counter >= LLONG_MAX) DR_ASSERT(false);
         u64 thread_id_owning_accessed_addr = allocations[j].callee_thread_id;
         // printf("COMING THROUGH %ld \n", thread_id_owning_accessed_addr);
 
@@ -296,6 +342,7 @@ void memtrace(void *drcontext, u64 thread_id) {
             thread_accessed->mem_write_set[thread_accessed->mem_write_set_len].opcode = mem_ref->type;
             thread_accessed->mem_write_set[thread_accessed->mem_write_set_len].callee_thread_id = thread_id;
             thread_accessed->mem_write_set[thread_accessed->mem_write_set_len].size = mem_ref->size;
+            thread_accessed->mem_write_set[thread_accessed->mem_write_set_len].memory_access_count = memory_access_counter;
             thread_accessed->mem_write_set_len += 1;
         } else if(mem_ref->type == 0 || mem_ref->type == 227 || mem_ref->type == 225 || mem_ref->type == 197 || mem_ref->type == 228 || mem_ref->type == 229 || mem_ref->type == 299 || mem_ref->type == 173) {
             // mem read
@@ -305,15 +352,11 @@ void memtrace(void *drcontext, u64 thread_id) {
             thread_accessed->mem_read_set[thread_accessed->mem_read_set_len].opcode = mem_ref->type;
             thread_accessed->mem_read_set[thread_accessed->mem_read_set_len].callee_thread_id = thread_id;
             thread_accessed->mem_read_set[thread_accessed->mem_read_set_len].size = mem_ref->size;
+            thread_accessed->mem_read_set[thread_accessed->mem_read_set_len].memory_access_count = memory_access_counter;
             thread_accessed->mem_read_set_len += 1;
         }
-        //  else {
-        //     printf("missed %d \n", mem_ref->type);        
-        // }
-        // // /* We use PIFX to avoid leading zeroes and shrink the resulting file. */
-        // fprintf(data->logf, "" PIFX ": %2d, %s (%d)\n", (ptr_uint_t)mem_ref->addr, mem_ref->size, (mem_ref->type > REF_TYPE_WRITE) ? decode_opcode_name(mem_ref->type) /* opcode for instr */ : (mem_ref->type == REF_TYPE_WRITE ? "w" : "r"), mem_ref->type);
-        continue_outer_loop:;
         check_for_race(thread_accessed);
+        continue_outer_loop:;
         data->num_refs++;
         BUF_PTR(data->seg_base) = data->buf_base;
     }