Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add unknown thread ID #1224

Merged
merged 15 commits into from
Dec 8, 2023
Merged

Add unknown thread ID #1224

merged 15 commits into from
Dec 8, 2023

Conversation

karoliineh
Copy link
Member

Relates to #392.

  • Adds unknown thread ID to ThreadIdDomain.Thread
  • Uses SetDomain with UnknownThread element as top instead of ToppedSet for ThreadSet in concDomain
  • Adds UnknownThread element to ThreadSet when invalidating. Fixes an unsoundness issue and adds a test case.

However, I am not too sure what having an UnknownThread element and preserving other thread IDs in the set is good for. I could not find a case where this would improve our precision. Maybe others have ideas?

@karoliineh karoliineh marked this pull request as draft October 27, 2023 20:14
@karoliineh karoliineh marked this pull request as ready for review October 27, 2023 21:21
@michael-schwarz
Copy link
Member

However, I am not too sure what having an UnknownThread element and preserving other thread IDs in the set is good for. I could not find a case where this would improve our precision. Maybe others have ideas?

It is not an analysis we currently have, but e.g. for an analysis trying to detect the case where thread may be joined multiple times by the same thread, one could imagine tracking may-joined threads - in this case if I find that a specific thread id is in that set in could issue a warning with a higher confidence as opposed to the case where only the unknown thread id is there.

@sim642 sim642 self-requested a review November 1, 2023 16:37
@sim642
Copy link
Member

sim642 commented Nov 2, 2023

It is not an analysis we currently have, but e.g. for an analysis trying to detect the case where thread may be joined multiple times by the same thread, one could imagine tracking may-joined threads

It's a slippery slope to do things for hypothetical analyses because it has a performance impact right now. A set of known threads in addition to unknown can increase, creating even more contexts that we all analyze identically with existing analyses. We already have issues with contexts exploding on real-world programs (including on not-so-large Concrat ones), so we're just shooting ourselves in the foot performance-wise with absolutely no benefit right now.

The soundness fixes here also work with the current ToppedSet and can be made independently from the performance-impacting "unknown thread with known threads set".

@michael-schwarz
Copy link
Member

A set of known threads in addition to unknown can increase, creating even more contexts that we all analyze identically with existing analyses.

Yes, this is certainly true. However, I think having a clean solution, that, e.g., coincides with the solution we have for pointers is preferable to these potential gains here.

Also, if we encounter such contexts being problematic in the future, we could still always opt to construct contexts in a different way that do not admit this blowup. This is the beauty of having completely decoupled contexts from local values by giving up on simulating the side-effect free formulation of function-calls.

@sim642 sim642 added this to the v2.4.0 milestone Nov 15, 2023
@michael-schwarz
Copy link
Member

As soon as the conflict with master is resolved, I think we can merge this.

@sim642 sim642 added the cleanup Refactoring, clean-up label Nov 27, 2023
sim642
sim642 reviewed Nov 27, 2023
View reviewed changes
src/analyses/base.ml
@@ -2372,6 +2372,7 @@ struct
| Int n when GobOption.exists (BI.equal BI.zero) (ID.to_int n) -> st
| Address ret_a ->
begin match eval_rv (Analyses.ask_of_ctx ctx) gs st id with
| Thread a when ValueDomain.Threads.is_top a -> invalidate ~ctx (Analyses.ask_of_ctx ctx) gs st [ret_var]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In light of #1264, this and the other invalidates for ThreadJoin should also be shallow I think. pthread_join writes the return value, but doesn't dereference its previous value for writing (it even can't because it's void*).

@michael-schwarz
Copy link
Member

CI failure is unrelated.

@sim642 sim642 merged commit 18a9aac into master Dec 8, 2023
17 of 19 checks passed
@sim642 sim642 deleted the issue-392 branch December 8, 2023 14:52
@michael-schwarz michael-schwarz mentioned this pull request Jan 27, 2024
Closed
@sim642 sim642 linked an issue Jan 29, 2024 that may be closed by this pull request
Add unknown thread ID #392
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sim642 sim642 sim642 left review comments

@michael-schwarz michael-schwarz michael-schwarz approved these changes

Assignees
No one assigned
Labels
cleanup Refactoring, clean-up
Projects
None yet
Milestone
v2.4.0
Development

Successfully merging this pull request may close these issues.

Add unknown thread ID
3 participants
@karoliineh @michael-schwarz @sim642