GKLEE Tutorial Guodong Li, Peng Li, Geof Sawaya, Wei-Fan Chiang, Ganesh Gopalakrishnan School of Computing, University of Utah – http://www.cs.utah.edu/fv Contents 1 Introduction 2 2 How to run Gklee from the LiveDVD 2 2.1 Getting the LiveDVD Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.2 GKLEE Flags and Emacs Keybindings . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.3 Running under the Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.4 Running under Emacs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3 Example 1: Computing the Prefix Sum of an Array 5 3.1 Converting Existing CUDA Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1.1 New Includes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1.2 Remove Unsupported Constructs . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1.3 Downsize to limit verification time . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1.4 Change syntax of dim commands . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.5 Change Kernel Invocation Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.6 Similarly for the rest of the kernel . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.7 Change Verification Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.1.8 Setting up for Symbolic Execution . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.2 Results for prefix5.C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4 Example-2: Bitonic Sort 10 5 Example-3: Incorrect barrier placement (textbook illustration) 10 6 Example-4: A large multi-kernel example 11 7 Example-5: Unexpected Bank Conflicts 11 8 Example-6: histogram64 kernel.C 11 9 Concluding Remarks 12 1
1 Introduction GKLEE is a concrete plus symbolic (“concolic”) execution platform for CUDA programs. Our paper in PPoPP 2012 1 explains GKLEE in some detail. This tutorial shows GKLEE ’s features concretely through many examples, and also summarizes the flag options of GKLEE . 2 How to run Gklee from the LiveDVD 2.1 Getting the LiveDVD Started • Either boot into the LiveDVD or build a VM out of it. The user name is ganesh and password is gklee . Once in there, do a sudo su and give gklee as the password again. • Then cd /home/ganesh/Tools/gklee and source setupGklee . • Then cd /home/ganesh/Tools/gklee/Gklee/CUDA/Benchmarks , and begin your work in one of the example-laden directories: Others , Table-1 , or Table-2 . Both klee-l++ and gklee must be already present in your path. Then get to enjoy Gklee as described in the rest of this manual! Apply one patch to suppress an annoying Emacs message, as follows: • The error message is ** (emacs:25074): CRITICAL **: murrine_style_draw_box: assertion ‘height >= -1’ failed. • To fix this, modify the entry in /usr/share/themes/Ambiance/gtk-2.0/gtkrc from GtkRange::trough-under-steppers = 0 to GtkRange::trough-under-steppers = 1 . (Also, klee-show-tests does not seem to work on the LiveDVD. We’ll fix it.) 2.2 GKLEE Flags and Emacs Keybindings Besides all commands inherited from KLEE, GKLEE includes its own options: 1 http://www.cs.utah.edu/fv/GKLEE 2
Flag Description Value Default Emacs Keys (Note-1) –ignore-concur-bug Continue execn. even after concur. bug encountered 0/1 0 tcb –check-BC Check bank conflicts 0/1 1 tbc –check-MC Check whether global mem. acc. can be coalesced 0/1 1 tmc –check-WD Check whether there exists warp divergence 0/1 1 twd –check-volatile Check whether volatile keywork is missing 0/1 1 tcv –check-barrier-redundant Check whether this barrier is redundant or not 0/1 0 trb –device-capability Set dev. capability (0): 1.0-1.1; (1): 1.2-1.3; (2): 2. 0/1/2 2 sdc –reduce-tests outputs only a subset of test cases 0/1 0 trt –bc-cov calculate bytecode coverage for the threads 0/1 0 tgc –Path-Reduce path reduction (Note-2) ”B/T” ”” spr –verbose Dump informative debugging information 0/1 0 tv –check-level Race check level (Note-3) 0/1/2 1 scl Note-1: Emacs keybindings begin with [Meta]-g (or [ESC]-g) Note-2: – B: (line/branch) covered by some thread at least once. – T: (line or branch) covered by all the threads at least once Note-3: – (0): no race checking – (1), only sh. mem. chk. – (2). sh. + glob. mem. chk. 2.3 Running under the Shell One can run GKLEE in the shell as below: klee-l++ <flag> file.C -- where the flag can be -O0, -O1, -O2, or -O3 gklee <flags> file.o > file.out -- where the flags are listed below .. then view file.out to see the results .. 2.4 Running under Emacs One can run GKLEE in Emacs using the functionality provided in gklee-mode.el . Before beginning the GKLEE analysis, you may set any of the GKLEE options in the table above. ESC-gr (Provide the compiler optimization level) Then, one can visit buffer *gklee-run* , *gklee-run-debug* , *gklee-compile-debug* , etc. to see various pieces of information in these buffers. One can click any of the trace files produced, by clicking on a float-over highlighted section in *gklee-run* . Therein, one can see the source lines and the byte codes. The trace buffer is named *test[number].trace* . Here is a list of functions available from the trace buffer: 3
Function Keybinding Description (Note-1) (Note-2) exit-trace [BACKSPACE] closes the trace buffer and takes you back to the *gklee-run* buffer show-thread st filters out of the trace all threads but the one you enter at prompt show-warp sw filters out all warps but one entered at prompt show-file sf filters out all source files represented in trace but one selected show-block sb filters out instructions executed in blocks except the one selected add-thread-show at shows an additional thread’s instructions in the trace add-warp-show aw shows an additional warp’s instructions in the trace add-file-show af shows additional instructions executed in chosen source file add-block-show ab shows instructions to trace from the block selected remove-thread rt hides the instructions belonging to selected thread remove-warp rw hides the instructions from the selected warp remove-file rf hides the instructions from the selected file remove-block rb hides instructions from the selected block unfilter uf reveals all instructions executed by GKLEE toggle-asm-visible ta shows/hides the bytecode level instructions for each source instruction Note-1: Function names begin with ‘gklee-’. You may get a list of ‘interactive’ functions with [ESC]-h gklee-[TAB] Note-2: GKLEE Emacs keybindings begin with ‘[ESC]-g’, unless they are special cases (like [BACKSPACE]) Here is a sampling of GKLEE-related commands I’ve found useful (for a complete list, please look into gklee-mode.el ). PLEASE NOTE: Occasionally, the ‘unfilter’ and ‘toggle-asm-visible’ com- mands, when executed with the keybindings, do not refresh the buffer until another event happens. If you enter one of these commands and don’t see the results, simply try to enter a character in the trace buffer. This will allow the buffer to refresh (for some reason). • (Optional): This is not necessary necessary for most programs. But if you have embedded flags ( #define s), you can set their values using this facility. ESC-X: set-variable: gklee-user-compile- args: ("-D_SYM") • ESC-gr: executes gklee-run . Optimization level . [0,1,2,3] . • The *gklee-run* buffer shows that there are 28 trace files. You can click on any one of them to be taken to the particular trace buffer. • In the trace buffer, you can apply any of the Emacs filter commands listed above. • Clicking on the source-code line takes you to the source line of the trace file entry. • The commands gklee-show-block, or ESC-gsb , gklee-show-warp , and gklee-show-thread shows only those items in question. • Commands gklee-add-block-show and gklee-add-thread-show helps pull in additional threads and blocks into view. 4
3 Example 1: Computing the Prefix Sum of an Array This example was taken from the Allinea DDT Tutorial. It serves to explain • how one can port an existing example for execution within GKLEE • how to make symbolic execution happen • how one can understand the effect of compilers (which can be confusing for those who take the source text literally) • how to introduce bugs and find them 3.1 Converting Existing CUDA Examples The differences between prefix5.C and prefixOrig.cu are highlighted below, with ADDED showing what was added to the former, and REMOVED showing what was removed from the latter. 3.1.1 New Includes Add these includes. > ADDED : these inludes > > #include "cutil.h" > #include "klee.h" 3.1.2 Remove Unsupported Constructs We don’t support profiling constructs now. < REMOVED : commands that print device properties < < #define DUMP(x) printf("%s %d\n", #x, props.x) < void dumpCUDAProps(cudaDeviceProp & props) < { < DUMP(canMapHostMemory); < DUMP(clockRate); .. < } 3.1.3 Downsize to limit verification time Downsize example suitably. 5
Recommend
More recommend
