Also have abort for Solvers

Now immediate crash

No deadlocks?

Now it works

Fixing test

Update

Cleanup

Cleanup

Author: msooseth

src/EVM/Solvers.hs

@@ -9,8 +9,9 @@ import Prelude hiding (LT, GT)
 import GHC.Natural
 import GHC.IO.Handle (Handle, hFlush, hSetBuffering, BufferMode(..))
 import Control.Concurrent.Chan (Chan, newChan, writeChan, readChan)
-import Control.Concurrent (forkIO, killThread)
-import Control.Concurrent.STM (writeTChan, newTChan, TChan, tryReadTChan, atomically)
+import Control.Concurrent (forkIO, killThread, ThreadId, myThreadId)
+import Control.Concurrent.STM (writeTChan, newTChan, TChan, tryReadTChan, atomically, readTVar, readTVarIO, modifyTVar', check)
+import Control.Concurrent.STM.TVar (TVar, newTVarIO)
 import Control.Monad
 import Control.Monad.State.Strict
 import Control.Monad.IO.Unlift
@@ -61,7 +62,10 @@ data SolverInstance = SolverInstance
   }
 
 -- | A channel representing a group of solvers
-newtype SolverGroup = SolverGroup (Chan Task)
+data SolverGroup = SolverGroup
+  { taskQueue :: Chan Task
+  , shouldAbort :: TVar Bool
+  }
 
 data MultiSol = MultiSol
   { maxSols :: Int
@@ -92,13 +96,13 @@ supersetAny :: Set Prop -> [Set Prop] -> Bool
 supersetAny a bs = any (`isSubsetOf` a) bs
 
 checkMulti :: SolverGroup -> Err SMT2 -> MultiSol -> IO (Maybe [W256])
-checkMulti (SolverGroup taskq) smt2 multiSol = do
+checkMulti sg smt2 multiSol = do
   if isLeft smt2 then pure Nothing
   else do
     -- prepare result channel
     resChan <- newChan
     -- send task to solver group
-    writeChan taskq (TaskMulti (MultiData (getNonError smt2) multiSol resChan))
+    writeChan sg.taskQueue (TaskMulti (MultiData (getNonError smt2) multiSol resChan))
     -- collect result
     readChan resChan
 
@@ -115,13 +119,13 @@ checkSatWithProps sg props = do
 
 -- When props is Nothing, the cache will not be filled or used
 checkSat :: SolverGroup -> Maybe [Prop] -> Err SMT2 -> IO SMTResult
-checkSat (SolverGroup taskq) props smt2 = do
+checkSat sg props smt2 = do
   if isLeft smt2 then pure $ Error $ getError smt2
   else do
     -- prepare result channel
     resChan <- newChan
     -- send task to solver group
-    writeChan taskq (TaskSingle (SingleData (getNonError smt2) props resChan))
+    writeChan sg.taskQueue (TaskSingle (SingleData (getNonError smt2) props resChan))
     -- collect result
     readChan resChan
 
@@ -139,44 +143,93 @@ withSolvers solver count threads timeout cont = do
     taskq <- liftIO newChan
     cacheq <- liftIO . atomically $ newTChan
     availableInstances <- liftIO newChan
+    shouldAbort <- liftIO $ newTVarIO False
+    runningThreads <- liftIO $ newTVarIO ([] :: [(ThreadId, Task)])
     liftIO $ forM_ instances (writeChan availableInstances)
-    orchestrate' <- toIO $ orchestrate taskq cacheq availableInstances [] 0
+
+    -- Spawn orchestration thread
+    orchestrate' <- toIO $ orchestrate taskq cacheq availableInstances shouldAbort runningThreads [] 0
     orchestrateId <- liftIO $ forkIO orchestrate'
 
+    -- Spawn watcher thread that kills solver threads when abort flag is set
+    abortWatcher' <- toIO $ abortWatcher shouldAbort runningThreads
+    abortWatcherId <- liftIO $ forkIO abortWatcher'
+
     -- run continuation with task queue
-    res <- cont (SolverGroup taskq)
+    res <- cont (SolverGroup taskq shouldAbort)
 
     -- cleanup and return results
     liftIO $ mapM_ (stopSolver) instances
     liftIO $ killThread orchestrateId
+    liftIO $ killThread abortWatcherId
     pure res
   where
-    orchestrate :: App m => Chan Task -> TChan CacheEntry -> Chan SolverInstance -> [Set Prop] -> Int -> m b
-    orchestrate taskq cacheq avail knownUnsat fileCounter = do
+    -- Watcher thread that blocks until abort flag is set, then kills all solver threads
+    abortWatcher :: App m => TVar Bool -> TVar [(ThreadId, Task)] -> m ()
+    abortWatcher abortFlag runningThreads = do
       conf <- readConfig
-      mx <- liftIO . atomically $ tryReadTChan cacheq
-      case mx of
-        Just (CacheEntry props)  -> do
-          let knownUnsat' = (fromList props):knownUnsat
-          when conf.debug $ liftIO $ putStrLn "   adding UNSAT cache"
-          orchestrate taskq cacheq avail knownUnsat' fileCounter
-        Nothing -> do
-          task <- liftIO $ readChan taskq
+      when conf.earlyAbort $ do
+        -- Block until abort flag becomes True
+        liftIO . atomically $ do
+          abort <- readTVar abortFlag
+          check abort
+        -- Kill all running solver threads immediately and write errors to their result channels
+        tidTasks <- liftIO $ readTVarIO runningThreads
+        liftIO $ forM_ tidTasks $ \(tid, task) -> do
+          killThread tid
+          -- Write error result to the task's result channel
           case task of
-            TaskSingle (SingleData _ props r) | isJust props && supersetAny (fromList (fromJust props)) knownUnsat -> do
-              liftIO $ writeChan r Qed
-              when conf.debug $ liftIO $ putStrLn "   Qed found via cache!"
-              orchestrate taskq cacheq avail knownUnsat fileCounter
-            _ -> do
-              inst <- liftIO $ readChan avail
-              runTask' <- case task of
-                TaskSingle (SingleData smt2 props r) -> toIO $ getOneSol smt2 props r cacheq inst avail fileCounter
-                TaskMulti (MultiData smt2 multiSol r) -> toIO $ getMultiSol smt2 multiSol r inst avail fileCounter
-              _ <- liftIO $ forkIO runTask'
-              orchestrate taskq cacheq avail knownUnsat (fileCounter + 1)
-
-getMultiSol :: forall m. (MonadIO m, ReadConfig m) => SMT2 -> MultiSol -> (Chan (Maybe [W256])) -> SolverInstance -> Chan SolverInstance -> Int -> m ()
-getMultiSol smt2@(SMT2 cmds cexvars _) multiSol r inst availableInstances fileCounter = do
+            TaskSingle (SingleData _ _ r) -> writeChan r (Error "Aborted due to early abort")
+            TaskMulti (MultiData _ _ r) -> writeChan r Nothing
+        liftIO . atomically $ modifyTVar' runningThreads (const [])
+        when conf.debug $ liftIO $ putStrLn $ "   [Abort Watcher] Killed " <> show (length tidTasks) <> " running solver thread(s) due to early abort"
+
+    orchestrate :: App m => Chan Task -> TChan CacheEntry -> Chan SolverInstance -> TVar Bool -> TVar [(ThreadId, Task)] -> [Set Prop] -> Int -> m b
+    orchestrate taskq cacheq avail abortFlag runningThreads knownUnsat fileCounter = do
+      conf <- readConfig
+      -- Check if we should abort early
+      abort <- liftIO $ readTVarIO abortFlag
+      if (conf.earlyAbort && abort) then do
+        -- Drain pending tasks and return errors
+        drainTasks taskq
+      else do
+        mx <- liftIO . atomically $ tryReadTChan cacheq
+        case mx of
+          Just (CacheEntry props)  -> do
+            let knownUnsat' = (fromList props):knownUnsat
+            when conf.debug $ liftIO $ putStrLn "   adding UNSAT cache"
+            orchestrate taskq cacheq avail abortFlag runningThreads knownUnsat' fileCounter
+          Nothing -> do
+            task <- liftIO $ readChan taskq
+            case task of
+              TaskSingle (SingleData _ props r) | isJust props && supersetAny (fromList (fromJust props)) knownUnsat -> do
+                liftIO $ writeChan r Qed
+                when conf.debug $ liftIO $ putStrLn "   Qed found via cache!"
+                orchestrate taskq cacheq avail abortFlag runningThreads knownUnsat fileCounter
+              _ -> do
+                inst <- liftIO $ readChan avail
+                runTask' <- case task of
+                  TaskSingle (SingleData smt2 props r) -> toIO $ getOneSol smt2 props r cacheq inst avail runningThreads fileCounter
+                  TaskMulti (MultiData smt2 multiSol r) -> toIO $ getMultiSol smt2 multiSol r inst avail runningThreads fileCounter
+                tid <- liftIO $ forkIO runTask'
+                liftIO . atomically $ modifyTVar' runningThreads ((tid, task):)
+                orchestrate taskq cacheq avail abortFlag runningThreads knownUnsat (fileCounter + 1)
+
+    -- Drain any pending tasks from the queue and return error results
+    drainTasks :: App m => Chan Task -> m b
+    drainTasks taskq = do
+      conf <- readConfig
+      when conf.debug $ liftIO $ putStrLn "   [Orchestrate] Draining pending tasks due to early abort"
+      forever $ do
+        task <- liftIO $ readChan taskq
+        case task of
+          TaskSingle (SingleData _ _ r) -> liftIO $ writeChan r (Error "Aborted due to early abort")
+          TaskMulti (MultiData _ _ r) -> liftIO $ writeChan r Nothing
+
+getMultiSol :: forall m. (MonadIO m, ReadConfig m) => SMT2 -> MultiSol -> (Chan (Maybe [W256])) -> SolverInstance -> Chan SolverInstance -> TVar [(ThreadId, Task)] -> Int -> m ()
+getMultiSol smt2@(SMT2 cmds cexvars _) multiSol r inst availableInstances runningThreads fileCounter = do
+  tid <- liftIO myThreadId
+  let cleanup = liftIO . atomically $ modifyTVar' runningThreads (filter (\(t, _) -> t /= tid))
   conf <- readConfig
   when conf.dumpQueries $ liftIO $ writeSMT2File smt2 "." (show fileCounter)
   -- reset solver and send all lines of provided script
@@ -195,6 +248,8 @@ getMultiSol smt2@(SMT2 cmds cexvars _) multiSol r inst availableInstances fileCo
       subRun [] smt2 sat
   -- put the instance back in the list of available instances
   liftIO $ writeChan availableInstances inst
+  -- remove thread from running threads list
+  cleanup
   where
     maskFromBytesCount k
       | k <= 32 = (2 ^ (8 * k) - 1)
@@ -243,9 +298,10 @@ getMultiSol smt2@(SMT2 cmds cexvars _) multiSol r inst availableInstances fileCo
           when conf.debug $ putStrLn $ "Unable to write SMT to solver: " <> (T.unpack err)
           writeChan r Nothing
 
-getOneSol :: (MonadIO m, ReadConfig m) => SMT2 -> Maybe [Prop] -> Chan SMTResult -> TChan CacheEntry -> SolverInstance -> Chan SolverInstance -> Int -> m ()
-getOneSol smt2@(SMT2 cmds cexvars _) props r cacheq inst availableInstances fileCounter = do
+getOneSol :: (MonadIO m, ReadConfig m) => SMT2 -> Maybe [Prop] -> Chan SMTResult -> TChan CacheEntry -> SolverInstance -> Chan SolverInstance -> TVar [(ThreadId, Task)] -> Int -> m ()
+getOneSol smt2@(SMT2 cmds cexvars _) props r cacheq inst availableInstances runningThreads fileCounter = do
   conf <- readConfig
+  tid <- liftIO myThreadId
   liftIO $ do
     when (conf.dumpQueries) $ writeSMT2File smt2 "." (show fileCounter)
     -- reset solver and send all lines of provided script
@@ -275,6 +331,8 @@ getOneSol smt2@(SMT2 cmds cexvars _) props r cacheq inst availableInstances file
 
     -- put the instance back in the list of available instances
     writeChan availableInstances inst
+    -- remove thread from running threads list
+    liftIO . atomically $ modifyTVar' runningThreads (filter (\(t, _) -> t /= tid))
 
 dumpUnsolved :: SMT2 -> Int -> Maybe FilePath -> IO ()
 dumpUnsolved fullSmt fileCounter dump = do

src/EVM/SymExec.hs

@@ -630,8 +630,7 @@ getExprEmptyStore solvers c signature' concreteArgs opts = do
   conf <- readConfig
   calldata <- mkCalldata signature' concreteArgs
   preState <- liftIO $ stToIO $ loadEmptySymVM (RuntimeCode (ConcreteRuntimeCode c)) (Lit 0) calldata
-  shouldAbort <- liftIO $ newTVarIO False
-  paths <- interpret (Fetch.oracle solvers Nothing opts.rpcInfo) opts.iterConf preState shouldAbort runExpr pure
+  paths <- interpret (Fetch.oracle solvers Nothing opts.rpcInfo) opts.iterConf preState solvers.shouldAbort runExpr pure
   if conf.simp then (pure $ map Expr.simplify paths) else pure paths
 
 -- Used only in testing
@@ -647,8 +646,7 @@ getExpr solvers c signature' concreteArgs opts = do
   conf <- readConfig
   calldata <- mkCalldata signature' concreteArgs
   preState <- liftIO $ stToIO $ abstractVM calldata c Nothing False
-  shouldAbort <- liftIO $ newTVarIO False
-  paths <- interpret (Fetch.oracle solvers Nothing opts.rpcInfo) opts.iterConf preState shouldAbort runExpr pure
+  paths <- interpret (Fetch.oracle solvers Nothing opts.rpcInfo) opts.iterConf preState solvers.shouldAbort runExpr pure
   if conf.simp then (pure $ map Expr.simplify paths) else pure paths
 
 {- | Checks if an assertion violation has been encountered
@@ -733,8 +731,7 @@ exploreContract solvers theCode signature' concreteArgs opts maybepre = do
   calldata <- mkCalldata signature' concreteArgs
   preState <- liftIO $ stToIO $ abstractVM calldata theCode maybepre False
   let fetcher = Fetch.oracle solvers Nothing opts.rpcInfo
-  shouldAbort <- liftIO $ newTVarIO False
-  executeVM fetcher opts.iterConf preState shouldAbort pure
+  executeVM fetcher opts.iterConf preState solvers.shouldAbort pure
 
 -- | Stepper that parses the result of Stepper.runFully into an Expr End
 runExpr :: Stepper.Stepper Symbolic (Expr End)
@@ -844,8 +841,7 @@ verifyInputsWithHandler solvers opts fetcher preState post cexHandler = do
     putStrLn $ "   Keccak preimages in state: " <> (show $ length preState.keccakPreImgs)
     putStrLn $ "   Exploring call " <> call
 
-  shouldAbort <- liftIO $ newTVarIO False
-  results <- executeVM fetcher opts.iterConf preState shouldAbort $ \leaf -> do
+  results <- executeVM fetcher opts.iterConf preState solvers.shouldAbort $ \leaf -> do
     -- Extract partial if applicable
     let mPartial = case leaf of
           Partial _ _ p -> Just (p, leaf)
@@ -861,8 +857,8 @@ verifyInputsWithHandler solvers opts fetcher preState post cexHandler = do
         case (cexHandler, res) of
           (Just handler, cex@(Cex _)) -> do
             handler preState cex leaf
-            when conf.earlyAbort $ liftIO $ atomically $ writeTVar shouldAbort True
-          (_, (Cex _)) -> when conf.earlyAbort $ liftIO $ atomically $ writeTVar shouldAbort True
+            when conf.earlyAbort $ liftIO $ atomically $ writeTVar solvers.shouldAbort True
+          (_, (Cex _)) -> when conf.earlyAbort $ liftIO $ atomically $ writeTVar solvers.shouldAbort True
           _ -> pure ()
         pure (res, leaf)
       else pure (Qed, leaf)
@@ -960,8 +956,7 @@ equivalenceCheck solvers sess bytecodeA bytecodeB opts calldata create = do
     getBranches bs = do
       let bytecode = if BS.null bs then BS.pack [0] else bs
       prestate <- liftIO $ stToIO $ abstractVM calldata bytecode Nothing create
-      shouldAbort <- liftIO $ newTVarIO False
-      interpret (Fetch.oracle solvers sess Fetch.noRpc) opts.iterConf prestate shouldAbort runExpr pure
+      interpret (Fetch.oracle solvers sess Fetch.noRpc) opts.iterConf prestate solvers.shouldAbort runExpr pure
     filterQeds (EqIssues res partials) = EqIssues (filter (\(r, _) -> not . isQed $ r) res) partials
 
 rewriteFresh :: Text -> [Expr a] -> [Expr a]

test/EVM/Test/FuzzSymExec.hs

@@ -12,7 +12,6 @@ concretely through Expr.simplify, then check that against evmtool's output.
 -}
 module EVM.Test.FuzzSymExec where
 
-import Control.Concurrent.STM.TVar (newTVarIO)
 import Control.Monad (when)
 import Control.Monad.IO.Unlift
 import Control.Monad.ST (ST, stToIO, RealWorld)
@@ -408,9 +407,7 @@ runCodeWithTrace rpcinfo evmEnv alloc txn fromAddr toAddress = withSolvers Z3 0
       code' = alloc.code
       iterConf = IterConfig { maxIter = Nothing, askSmtIters = 1, loopHeuristic = Naive }
       fetcherSym = Fetch.oracle solvers Nothing rpcinfo
-      buildExpr vm = do
-        abortFlag <- liftIO $ newTVarIO False
-        interpret fetcherSym iterConf vm abortFlag runExpr pure
+      buildExpr vm = interpret fetcherSym iterConf vm solvers.shouldAbort runExpr pure
   origVM <- liftIO $ stToIO $ vmForRuntimeCode code' calldata' evmEnv alloc txn fromAddr toAddress
   expr <- buildExpr $ symbolify origVM
 

test/test.hs

@@ -1930,7 +1930,7 @@ tests = testGroup "hevm"
           let calldata = (WriteWord (Lit 0x0) (Var "u") (ConcreteBuf ""), [])
           initVM <- liftIO $ stToIO $ abstractVM calldata initCode Nothing True
           let iterConf = IterConfig {maxIter=Nothing, askSmtIters=1, loopHeuristic=StackBased }
-          paths <- interpret (Fetch.noRpcFetcher s) iterConf initVM runExpr pure
+          paths <- interpret (Fetch.noRpcFetcher s) iterConf initVM s.shouldAbort runExpr pure
           let exprSimp = map Expr.simplify paths
           assertBoolM "unexptected partial execution" (not $ any isPartial exprSimp)
     , test "mixed-concrete-symbolic-args" $ do
@@ -2022,7 +2022,7 @@ tests = testGroup "hevm"
         withDefaultSolver $ \s -> do
           vm <- liftIO $ stToIO $ loadSymVM runtimecode (Lit 0) initCode False
           let iterConf = IterConfig {maxIter=Nothing, askSmtIters=1, loopHeuristic=StackBased }
-          paths <- interpret (Fetch.noRpcFetcher s) iterConf vm runExpr pure
+          paths <- interpret (Fetch.noRpcFetcher s) iterConf vm s.shouldAbort runExpr pure
           let exprSimp = map Expr.simplify paths
           assertBoolM "expected partial execution" (any isPartial exprSimp)
     ]