[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r23114 - monkey/branches/MonkeyBacktracking/monkey/src/path
From: |
gnunet |
Subject: |
[GNUnet-SVN] r23114 - monkey/branches/MonkeyBacktracking/monkey/src/pathologist |
Date: |
Sun, 5 Aug 2012 17:40:47 +0200 |
Author: safey
Date: 2012-08-05 17:40:47 +0200 (Sun, 05 Aug 2012)
New Revision: 23114
Modified:
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/action_api.c
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/pathologist.c
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/pathologist_action.h
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/test_pathologist.c
Log:
Refactoring expression value analysis, and bug classification.
Modified: monkey/branches/MonkeyBacktracking/monkey/src/pathologist/action_api.c
===================================================================
--- monkey/branches/MonkeyBacktracking/monkey/src/pathologist/action_api.c
2012-08-05 14:33:32 UTC (rev 23113)
+++ monkey/branches/MonkeyBacktracking/monkey/src/pathologist/action_api.c
2012-08-05 15:40:47 UTC (rev 23114)
@@ -397,7 +397,7 @@
static int
-analyzeSegmentationFault(struct Function *function,
+analyzeExpressionValues(struct Function *function,
struct MONKEY_ACTION_Context *cntxt)
{
struct Expression *tmp;
@@ -409,35 +409,34 @@
continue; // We will not evaluate function calls
(because GDB will evaluate by calling the function)
}
if (tmp != faultyExpression) {
- if (MONKEY_NO == isAssignment(tmp->expressionSyntax)) { // We
should NOT evaluate assignments, otherwise subsequent expression evaluations
will be spoiled
- if (strcmp(tmp->expressionSyntax, "NULL") == 0) {
- tmp->expressionValue = "0x0";
+ if (MONKEY_NO == isAssignment(tmp->expressionSyntax)) {
// We should NOT evaluate assignments, otherwise subsequent expression
evaluations will be spoiled
+ if (strcmp(tmp->expressionSyntax, "NULL") == 0)
{
+ tmp->expressionValue = "0x0";
+ tmp = tmp->next;
+ continue;
+ }
+ tmp->expressionValue =
+ gmi_data_evaluate_expression(cntxt->gdb_handle,
+ tmp->
+
expressionSyntax);
+ if (NULL != tmp->expressionValue
+ && (strcmp(tmp->expressionValue, "0x0") == 0
+ || strcmp(tmp->expressionValue,
+ "NULL") == 0)) {
+ cntxt->gdb_null_variable =
tmp->expressionSyntax;
+ cntxt->has_null = MONKEY_YES;
+ }
+ } else {
+ /* Expressions with assignments should be
removed from the list of expressions */
+ struct Expression *removedExpression = tmp;
tmp = tmp->next;
- continue;
+ MONKEY_CONTAINER_DLL_remove(function->
+ expressionListHead,
+ function->
+ expressionListTail,
+ removedExpression);
+ continue; // don't progress the pointer
twice
}
- tmp->expressionValue =
- gmi_data_evaluate_expression(cntxt->gdb_handle,
- tmp->
- expressionSyntax);
- if (NULL != tmp->expressionValue
- && (strcmp(tmp->expressionValue, "0x0") == 0
- || strcmp(tmp->expressionValue,
- "NULL") == 0)) {
- cntxt->gdb_null_variable = tmp->expressionSyntax;
- cntxt->bug_detected = BUG_NULL_POINTER; // We are sure
at this point that it's a NULL Pointer Exception and not a Bad Memory Access
- //return MONKEY_OK;
- }
- } else {
- /* Expressions with assignments should be removed from the
list of expressions */
- struct Expression *removedExpression = tmp;
- tmp = tmp->next;
- MONKEY_CONTAINER_DLL_remove(function->
- expressionListHead,
- function->
- expressionListTail,
- removedExpression);
- continue; // don't progress the pointer twice
- }
}
tmp = tmp->next;
}
@@ -446,46 +445,6 @@
}
-
-static int
-analyzeCustomFault(struct Function *function,
- struct MONKEY_ACTION_Context *cntxt)
-{
- struct Expression *tmp;
-
- tmp = function->expressionListHead;
- while (NULL != tmp) {
- if (MONKEY_YES == tmp->isCall) {
- tmp = tmp->next;
- continue;
- }
- if (MONKEY_NO == isAssignment(tmp->expressionSyntax)) {
- const char *eval;
- if (strcmp(tmp->expressionSyntax, "NULL") == 0) {
- tmp->expressionValue = "0x0";
- tmp = tmp->next;
- continue;
- }
- eval =
- gmi_data_evaluate_expression(cntxt->gdb_handle,
- tmp->expressionSyntax);
- if (NULL != eval) {
- tmp->expressionValue = eval;
- }
- tmp = tmp->next;
- } else {
- /* Expressions with assignments should be removed from
the list of expressions */
- struct Expression *removedExpression = tmp;
- tmp = tmp->next;
-
MONKEY_CONTAINER_DLL_remove(function->expressionListHead,
-
function->expressionListTail,
- removedExpression);
- }
- }
- return MONKEY_OK;
-}
-
-
static int flushTrace(struct Trace *trace)
{
struct Function *functionPtr = NULL;
@@ -566,6 +525,7 @@
/* Variables used across recursive calls */
static struct Trace *trace = NULL;
+ static int isBugClassified = MONKEY_NO;
static int stackDepth = 0;
static struct MONKEY_EDB_Context *edbCntxt;
@@ -575,25 +535,25 @@
}
if (NULL == epoch) {
- epoch = MONKEY_malloc(sizeof(struct Epoch));
- epoch->traceListHead = NULL;
- epoch->traceListTail = NULL;
+ epoch = MONKEY_malloc(sizeof(struct Epoch));
+ epoch->traceListHead = NULL;
+ epoch->traceListTail = NULL;
}
if (0 == stackDepth) {
- /* Initialize the trace structure for this particular epoch step */
- trace = MONKEY_malloc(sizeof(struct Trace));
- MONKEY_CONTAINER_DLL_insert_tail(epoch->traceListHead,
- epoch->traceListTail, trace);
+ /* Initialize the trace structure for this particular epoch
step */
+ trace = MONKEY_malloc(sizeof(struct Trace));
+ MONKEY_CONTAINER_DLL_insert_tail(epoch->traceListHead,
+ epoch->traceListTail, trace);
- /* Create a connection to the Expression Database */
- edbCntxt = MONKEY_EDB_connect(cntxt->expression_database_path);
- if (NULL == edbCntxt) {
- fprintf(stderr,
- "Unable to connect to Expression Database file!\n");
- ret = MONKEY_NO;
- goto cleanup;
- }
+ /* Create a connection to the Expression Database */
+ edbCntxt = MONKEY_EDB_connect(cntxt->expression_database_path);
+ if (NULL == edbCntxt) {
+ fprintf(stderr,
+ "Unable to connect to Expression Database
file!\n");
+ ret = MONKEY_NO;
+ goto cleanup;
+ }
}
ret = MONKEY_EDB_get_expression_scope_end(edbCntxt,
@@ -614,62 +574,63 @@
}
if (cntxt->scope_depth > 0 && MONKEY_YES == crashExpressionFoundInEDB) {
- /* Means we need to look is scopes outer than the one where the problem
occurred */
- struct ScopeEnd *scopeEndPtr;
- int index = 1;
+ /* Means we need to look is scopes outer than the one where the
problem occurred */
+ struct ScopeEnd *scopeEndPtr;
+ int index = 1;
- ret =
- MONKEY_EDB_function_start_line_for_scope(edbCntxt,
- cntxt->gdb_frames->
- file, endScope,
- &functionStartCallback,
- NULL);
- if (ret == MONKEY_NO || failureFunctionStartLine <= 0) {
- goto cleanup;
- }
+ ret =
+ MONKEY_EDB_function_start_line_for_scope(edbCntxt,
+
cntxt->gdb_frames->
+ file, endScope,
+
&functionStartCallback,
+ NULL);
+ if (ret == MONKEY_NO || failureFunctionStartLine <= 0) {
+ goto cleanup;
+ }
- /* Scope end list should be flushed before being used for the new
function */
- if (NULL != scopeEndListHead)
- flushScopeEndList();
+ /* Scope end list should be flushed before being used for the
new function */
+ if (NULL != scopeEndListHead)
+ flushScopeEndList();
- ret =
- MONKEY_EDB_get_all_outer_scopes(edbCntxt,
- cntxt->gdb_frames->file,
- failureFunctionStartLine,
- cntxt->gdb_frames->line,
- endScope, &outerScopesCallback,
- NULL);
- if (ret == MONKEY_NO) {
- goto cleanup;
- }
- /**
- * 1 void fun()
- * 2 {
- * 3 int i;
- * 4 int j;
- * 5 for (i = 0; i < 5; i++)
- * 6 {
- * 7 //Stuff
- * 8 .
- * 9 .
- * 10 for (j = 0; j < 7; j++)
- * 11 {
- * 12 //Other Stuff
- * 13 .
- * 14 .
- * 15 stop->because = crash->happens->here;
<----------Crash happens here (Depth 0)
- * 16 }
- * 17 }<------- Scope End List: first element <---------------Outer
scope depth 1
- * 18}<--------- Scope End List: second element<---------------Outer
scope depth 2
- */
- if (NULL != scopeEndListHead) {
- scopeEndPtr = scopeEndListHead;
- while (index < cntxt->scope_depth && NULL != scopeEndPtr) {
- scopeEndPtr = scopeEndPtr->next;
- index++;
- }
- endScope = scopeEndPtr->lineNo;
- }
+ ret =
+ MONKEY_EDB_get_all_outer_scopes(edbCntxt,
+ cntxt->gdb_frames->file,
+
failureFunctionStartLine,
+ cntxt->gdb_frames->line,
+ endScope,
&outerScopesCallback,
+ NULL);
+ if (ret == MONKEY_NO) {
+ goto cleanup;
+ }
+ /**
+ * 1 void fun()
+ * 2 {
+ * 3 int i;
+ * 4 int j;
+ * 5 for (i = 0; i < 5; i++)
+ * 6 {
+ * 7 //Stuff
+ * 8 .
+ * 9 .
+ * 10 for (j = 0; j < 7; j++)
+ * 11 {
+ * 12 //Other Stuff
+ * 13 .
+ * 14 .
+ * 15 stop->because = crash->happens->here;
<----------Crash happens here (Depth 0)
+ * 16 }
+ * 17 }<------- Scope End List: first element
<---------------Outer scope depth 1
+ * 18}<--------- Scope End List: second
element<---------------Outer scope depth 2
+ */
+ if (NULL != scopeEndListHead) {
+ scopeEndPtr = scopeEndListHead;
+ while (index < cntxt->scope_depth && NULL !=
scopeEndPtr->next) {
+ scopeEndPtr = scopeEndPtr->next;
+ index++;
+ }
+ endScope = scopeEndPtr->lineNo;
+ fprintf(stderr, "Pathologist set scope depth to %d\n",
index);
+ }
}
/* Now we know the end scope of the faulty expression. We can build the
function struct */
@@ -685,52 +646,47 @@
MONKEY_CONTAINER_DLL_insert_tail(trace->functionListHead,
trace->functionListTail, function);
- if ((strcasecmp(signalMeaning, "Segmentation fault") == 0)
- || (strcasecmp(signalMeaning, "Signal 0") == 0)) {
- MONKEY_EDB_get_expressions(edbCntxt, cntxt->gdb_frames->file,
- cntxt->gdb_frames->line, endScope,
- &iterateExpressions, function);
- ret = analyzeSegmentationFault(function, cntxt); // will decide
whether the problem is a NULL Pointer Exception or a Bad Memory Access
- if (BUG_NULL_POINTER != cntxt->bug_detected) {
- cntxt->bug_detected = BUG_BAD_MEM_ACCESS;
- }
- } else if (strcasecmp(signalMeaning, "Aborted") == 0) {
- cntxt->bug_detected = BUG_ABORT;
- /*
- MONKEY_EDB_get_sub_expressions (edbCntxt,
- cntxt->gdb_frames->file,
- cntxt->gdb_frames->line,
- endScope, &iterateExpressions,
- NULL);
- */
- MONKEY_EDB_get_expressions(edbCntxt,
- cntxt->gdb_frames->file,
- cntxt->gdb_frames->line, endScope,
- &iterateExpressions, function);
- ret = analyzeCustomFault(function, cntxt);
+ /* Retrieve scope expressions from the database */
+ if (cntxt->scope_depth > 0) {
+ MONKEY_EDB_get_expressions_outer_scopes(edbCntxt,
+ cntxt->gdb_frames->
+ file,
+
failureFunctionStartLine, endScope,
+ &iterateExpressions,
+ function);
}
else {
- if (strcasecmp(signalMeaning, "Arithmetic exception") == 0) {
- cntxt->bug_detected = BUG_ARITHMETIC;
- }
- else if (strcasecmp(signalName, "SIGBUS") == 0) {
- cntxt->bug_detected = BUG_SIG_BUS;
- }
- if (cntxt->scope_depth > 0)
- MONKEY_EDB_get_expressions_outer_scopes(edbCntxt,
-
cntxt->gdb_frames->
- file,
-
failureFunctionStartLine, endScope,
-
&iterateExpressions,
- function);
- else
- MONKEY_EDB_get_expressions(edbCntxt,
- cntxt->gdb_frames->file,
- cntxt->gdb_frames->line,
endScope,
- &iterateExpressions,
function);
- ret = analyzeCustomFault(function, cntxt);
+ MONKEY_EDB_get_expressions(edbCntxt,
+ cntxt->gdb_frames->file,
+ cntxt->gdb_frames->line, endScope,
+ &iterateExpressions, function);
}
+ /* Do value analysis for relevant expressions */
+ analyzeExpressionValues(function, cntxt);
+ if (MONKEY_NO == isBugClassified) {
+ isBugClassified = MONKEY_YES;
+ if ((strcasecmp(signalMeaning, "Segmentation fault") == 0)
+ || (strcasecmp(signalMeaning, "Signal 0") == 0)) {
+ if (MONKEY_YES == cntxt->has_null) {
+ cntxt->bug_detected = BUG_NULL_POINTER;
+ }
+ else {
+ cntxt->bug_detected = BUG_BAD_MEM_ACCESS;
+ }
+ }
+ else if (strcasecmp(signalMeaning, "Aborted") == 0) {
+ cntxt->bug_detected = BUG_ABORT;
+ }
+ else if (strcasecmp(signalMeaning, "Arithmetic exception") ==
0) {
+ cntxt->bug_detected = BUG_ARITHMETIC;
+ }
+ else if (strcasecmp(signalName, "SIGBUS") == 0) {
+ cntxt->bug_detected = BUG_SIG_BUS;
+ }
+ }
+
+
/* Now, dive deeper into the stack trace */
cntxt->gdb_frames = cntxt->gdb_frames->next;
Modified:
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/pathologist.c
===================================================================
--- monkey/branches/MonkeyBacktracking/monkey/src/pathologist/pathologist.c
2012-08-05 14:33:32 UTC (rev 23113)
+++ monkey/branches/MonkeyBacktracking/monkey/src/pathologist/pathologist.c
2012-08-05 15:40:47 UTC (rev 23114)
@@ -98,7 +98,8 @@
cntxt->inspect_expression = inspectExpression;
cntxt->inspect_function = inspectFunction;
cntxt->scope_depth = (NULL == scopeDepth) ? 0 : atoi(scopeDepth);
- cntxt->bug_detected = 0;
+ cntxt->bug_detected = NO_BUG_DETECTED;
+ cntxt->has_null = MONKEY_NO;
cntxt->xml_report_node = NULL;
cntxt->run_reverse = reverseExecutionAllowed;
cntxt->gdb_connected = MONKEY_NO;
Modified:
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/pathologist_action.h
===================================================================
---
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/pathologist_action.h
2012-08-05 14:33:32 UTC (rev 23113)
+++
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/pathologist_action.h
2012-08-05 15:40:47 UTC (rev 23114)
@@ -26,6 +26,7 @@
#define GDB_SAFETY_COUNT 2
#define DEBUG_MODE_VALGRIND 4
#define DEBUG_MODE_REPORT_READY 5
+#define NO_BUG_DETECTED -1
#define BUG_NULL_POINTER 6
#define BUG_ABORT 7
#define BUG_ARITHMETIC 8
@@ -48,6 +49,7 @@
const char *inspect_function;
int debug_mode;
int bug_detected;
+ int has_null;
char *debug_report;
struct MONKEY_XML_Node *xml_report_node;
Modified:
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/test_pathologist.c
===================================================================
---
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/test_pathologist.c
2012-08-05 14:33:32 UTC (rev 23113)
+++
monkey/branches/MonkeyBacktracking/monkey/src/pathologist/test_pathologist.c
2012-08-05 15:40:47 UTC (rev 23114)
@@ -261,6 +261,7 @@
char *commandStrReverse = "pathologist -m text -d %s -o %s -r -b %s";
char *commandStrDepthOne = "pathologist -m text -d %s -o %s -p 1 -b %s";
char *commandStrDepthOneReverse = "pathologist -m text -d %s -o %s -p 1
-r -b %s";
+ char *commandStrDepthThousand = "pathologist -m text -d %s -o %s -p
1000 -b %s";
fprintf(stderr, "Testing Monkey Pathologist...\n");
@@ -385,5 +386,16 @@
fprintf(stderr, "Test bug division by zero loop with depth 1
with backtracking: PASSED\n");
}
+ // Bug Division By Zero Loop depth 1000
+ fprintf(stderr, "Testing bug division by zero loop depth 1000...\n");
+ if (NO == runTest("ref_bug_division_by_zero_loop_depth_1_rpt.xml",
+ "test_bug_division_by_zero_depth_1000.xml",
"bug_division_by_zero_loop.db",
+ "bug_division_by_zero_loop", commandStrDepthThousand)) {
+ ret = NO;
+ fprintf(stderr, "Test bug division by zero loop with depth
1000: FAILED\n");
+ } else {
+ fprintf(stderr, "Test bug division by zero loop with depth
1000: PASSED\n");
+ }
+
return ret;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r23114 - monkey/branches/MonkeyBacktracking/monkey/src/pathologist,
gnunet <=