The reader should keep in mind that conceptually what EXPLODE does is very simple. If we assume infinite resources and ignore some details, the following would approximate its implementation: 1. Create a clean initial state (§3.3) and invoke the client’s mutate on it. 2. At every choose(N) call, fork N children. 3. Onclient request, generate all crash disks and run the client check method on them. 4. When mutate returns, re-invoke it

这个简化是非常不讲道理的。作为不需要复现这种技术的人来说,当然可以假设你在每一个分支的地方都去作 Fork,但是。。。这始终不是很对。

对于想要模仿这种做法的人来说,完全找不到任何方法可以忽略过度使用 fork() 带来的进程数量爆炸。问题不光处在系统性能资源上。甚至可以说,连进程数量上限都能摸到

当然作者的说法是很狡猾的,“你们大可以把这件事情看成是这样”。这句话隐含的意思就是实际情况和他所说的相去甚远。

当然,作者还是有所补充的:

As a result, EX PLODE unsurprisingly looks like a primitive operating system: it has a queue of saved processes, a scheduler that picks which of these jobs to run, and time slices

所以总的来说,做法还是状态存取和调度器。

image-20241111174219924

接下来有点费解。

exhaust all possible combinations of choices within a single mutate call before doing another.

也就是原地把所有的可能性都走一步,再往下走。有一种广搜的感觉,而不是:我尝试这个分支,然后从这里继续往后探索。

eXplode 的 ckpt 方法是确定性回放。也就是 stateless。

EXPLODE uses computation rather than copying to recreate states.