std::string btorTranslate(BtorTranslationPolicy& policy, SgProject* proj, FILE* outfile, bool initialConditionsAreUnknown, bool bogusIpIsError) {
std::vector<SgNode*> headers = NodeQuery::querySubTree(proj, V_SgAsmGenericHeader);
ROSE_ASSERT (headers.size() == 1);
SgAsmGenericHeader* header = isSgAsmGenericHeader(headers[0]);
rose_addr_t entryPoint = header->get_entry_rva() + header->get_base_va();
X86InstructionSemantics<BtorTranslationPolicy, BtorWordType> t(policy);
std::vector<SgNode*> instructions = NodeQuery::querySubTree(proj, V_SgAsmX86Instruction);
for (size_t i = 0; i < instructions.size(); ++i) {
SgAsmX86Instruction* insn = isSgAsmX86Instruction(instructions[i]);
ROSE_ASSERT (insn);
try {
t.processInstruction(insn);
} catch (const X86InstructionSemantics<BtorTranslationPolicy, BtorWordType>::Exception &e) {
fprintf(stderr, "%s: %s\n", e.mesg.c_str(), unparseInstructionWithAddress(e.insn).c_str());
}
}
policy.setInitialState(entryPoint, initialConditionsAreUnknown);
// Add "bogus IP" error
policy.newRegisterMap.errorFlag[bmc_error_bogus_ip] =
policy.invert(policy.isValidIp);
for (size_t i = 0; i < numBmcErrors; ++i) {
if (i == bmc_error_bogus_ip && !bogusIpIsError) continue; // For testing
policy.problem.computations.push_back(policy.problem.build_op_root(policy.problem.build_op_and(policy.errorsEnabled, policy.newRegisterMap.errorFlag[i])));
}
policy.addNexts();
return policy.problem.unparse();
}
int
RSIM_Simulator::exec(int argc, char **argv)
{
assert(argc>0);
create_process();
SgAsmGenericHeader *fhdr = process->load(argv[0]);
entry_va = fhdr->get_base_va() + fhdr->get_entry_rva();
RSIM_Thread *main_thread = process->get_thread(getpid());
assert(main_thread!=NULL);
process->initialize_stack(fhdr, argc, argv);
process->binary_trace_start();
if ((process->get_tracing_flags() & tracingFacilityBit(TRACE_MMAP))) {
fprintf(process->get_tracing_file(), "memory map after program load:\n");
process->get_memory()->dump(process->get_tracing_file(), " ");
}
main_thread->tracing(TRACE_STATE)->mesg("Initial state:\n");
main_thread->policy.dump_registers(main_thread->tracing(TRACE_STATE));
return 0;
}
int
main(int argc, char *argv[])
{
SgProject *project = frontend(argc, argv);
SgAsmInterpretation *interp = SageInterface::querySubTree<SgAsmInterpretation>(project).back();
AllInstructions insns(interp);
SgAsmGenericHeader *header = interp->get_headers()->get_headers().front();
rose_addr_t start_va = header->get_base_va() + header->get_entry_rva();
#if SEMANTIC_API == OLD_API
MyPolicy operators;
X86InstructionSemantics<MyPolicy, MyValueType> dispatcher(operators);
#else
BaseSemantics::RiscOperatorsPtr operators = make_ops();
BaseSemantics::DispatcherPtr dispatcher = DispatcherX86::instance(operators);
#endif
struct sigaction sa;
sa.sa_handler = alarm_handler;
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0;
sigaction(SIGALRM, &sa, NULL);
alarm(timeout);
struct timeval start_time;
std::cout <<"test starting...\n";
gettimeofday(&start_time, NULL);
size_t ninsns = 0;
while (!had_alarm) {
rose_addr_t va = start_va;
while (SgAsmInstruction *insn = insns.fetch(va)) {
//std::cerr <<unparseInstructionWithAddress(insn) <<"\n";
#if SEMANTIC_API == OLD_API
dispatcher.processInstruction(isSgAsmx86Instruction(insn));
++ninsns;
#if SEMANTIC_DOMAIN == MULTI_DOMAIN
// multi-semantics ValueType has no is_known() or get_known(). We need to invoke it on a specific subpolicy.
PartialSymbolicSemantics::ValueType<32> ip = operators.readRegister<32>("eip")
.get_subvalue(MyMultiSemanticsClass::SP0());
#else
MyValueType<32> ip = operators.readRegister<32>("eip");
#endif
if (!ip.is_known())
break;
va = ip.known_value();
#else
dispatcher->processInstruction(insn);
++ninsns;
BaseSemantics::SValuePtr ip = operators->readRegister(dispatcher->findRegister("eip"));
if (!ip->is_number())
break;
va = ip->get_number();
#endif
if (had_alarm)
break;
}
}
#if SEMANTIC_API == OLD_API
MyValueType<32> eax = operators.readRegister<32>("eax");
std::cerr <<"eax = " <<eax <<"\n";
#else
BaseSemantics::SValuePtr eax = operators->readRegister(dispatcher->findRegister("eax"));
#if SEMANTIC_DOMAIN == MULTI_DOMAIN
// This is entirely optional, but the output looks better if it has the names of the subdomains.
std::cerr <<"eax = " <<(*eax + MultiSemantics::RiscOperators::promote(operators)->get_formatter()) <<"\n";
#else
std::cerr <<"eax = " <<*eax <<"\n";
#endif
#endif
struct timeval stop_time;
gettimeofday(&stop_time, NULL);
double elapsed = ((double)stop_time.tv_sec-start_time.tv_sec) + 1e-6*((double)stop_time.tv_usec-start_time.tv_usec);
if (elapsed < timeout/4.0)
std::cout <<"warning: test did not run for a sufficiently long time; output may contain a high degree of error.\n";
std::cout <<"number of instructions: " <<ninsns <<"\n"
<<"elapsed time: " <<elapsed <<" seconds\n"
<<"semantic execution rate: " <<(ninsns/elapsed) <<" instructions/second\n";
return 0;
}