Skip to content

ThreadEscape: Collect flow-insensitive set of variables reachable from globals#1075

Closed
jerhard wants to merge 7 commits intomasterfrom
issue_1074
Closed

ThreadEscape: Collect flow-insensitive set of variables reachable from globals#1075
jerhard wants to merge 7 commits intomasterfrom
issue_1074

Conversation

@jerhard
Copy link
Copy Markdown
Member

@jerhard jerhard commented Jun 6, 2023

In #1074 it was discovered that in the analysis it is not communicated to a thread that variable may escape (via a global), after the thread has been created.
Previously, the analysis was adding variables that may become reachable via the argument passed to pthreadcreate. This does not take into account that the escaping after the thread creation may also happen via global variables.
This PR collects variables that are assigned to global variables separately under a flow-insensitive variable global_var.
In the threadenter, the set of variables escaped to globals, that was collected flow-insensitively, is then joined into the local state.

This increases the imprecision of the escape analysis, due to the flow-insensitive nature of the handling of variables escaped via globals. Such variables will be considered escaped even in unique threads before they have actually escaped.

Fixes #1074.

@michael-schwarz
Copy link
Copy Markdown
Member

michael-schwarz commented Jun 6, 2023

Two ideas:

  • Can we maybe add the thread id of the thread that caused it to escape? Then we would still be able to consider things as not escaped when it is known that that has not happened yet.
  • is threadenter ever called for the main thread, i.e., does it also see these things that escaped?

@jerhard
Extract shared code between ThreadCreate special and threadenter.
727f077 
Emit Escape event on all variables escaped on threadenter, not only those directly reachable from the thread create argument.
@jerhard
Copy link
Copy Markdown
Member Author

jerhard commented Jun 6, 2023
edited
Loading

is threadenter ever called for the main thread, i.e., does it also see these things that escaped?

No, actually not. Another issue with the approach of retrieving the variables escaped via globals and the thread-create-parameter in the threadenter: when the set of escaped variables changes at the threadenter edge, everything happening in the thread has to be recomputed. Instead of variables escaped via globals at the threadenter, one could instead think of checking whether a variable has escaped by looking it up in the flow-insensitive invariant when queried.
A possible advantage of doing this over incorporating the escaped variables at the thread start could be fewer dependencies at the threadenter edge.

Can we maybe add the thread id of the thread that caused it to escape? Then we would still be able to consider things as not escaped when it is known that that has not happened yet.

This should be doable in principle, although I fear it may be quite expensive on larger programs. For sv-comp style code it may be worth doing though.

@jerhard jerhard mentioned this pull request Jun 7, 2023
Merged
@jerhard
Copy link
Copy Markdown
Member Author

jerhard commented Jun 7, 2023

Closed in favor of #1078

@jerhard jerhard closed this Jun 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Escaped variables are not communicated between threads

3 participants

@jerhard @michael-schwarz @sim642