int main(int argc, char **argv) {
int a, b, c, x;
if (argc==2 && strcmp(argv[1], "initial") == 0) {
klee_make_symbolic(&a, sizeof a, "a");
klee_make_symbolic(&b, sizeof b, "b");
klee_make_symbolic(&c, sizeof c, "c");
klee_make_symbolic(&x, sizeof x, "a");
klee_assume(a == 3);
klee_assume(b == 4);
klee_assume(c == 5);
klee_assume(x == 6);
} else {
klee_make_symbolic(&a, sizeof a, "a");
klee_make_symbolic(&c, sizeof c, "c");
klee_make_symbolic(&b, sizeof b, "b");
klee_make_symbolic(&x, sizeof x, "a");
}
if (a==3) printf("a==3\n");
if (b==4) printf("b==4\n");
if (c==5) printf("c==5\n");
if (x==6) printf("x==6\n");
return 0;
}
int main() {
char buf[4];
klee_make_symbolic(buf, sizeof buf);
buf[1] = 'a';
constantArr[klee_range(0, 16, "idx.0")] = buf[0];
// Use this to trigger an interior update list usage.
int y = constantArr[klee_range(0, 16, "idx.1")];
constantArr[klee_range(0, 16, "idx.2")] = buf[3];
buf[klee_range(0, 4, "idx.3")] = 0;
klee_assume(buf[0] == 'h');
int x = *((int*) buf);
klee_assume(x > 2);
klee_assume(x == constantArr[12]);
klee_assume(y != (1 << 5));
assert(0);
return 0;
}
int main(void)
{
int a;
klee_make_symbolic(&a, sizeof(int), "a");
klee_assume(a >= 0);
klee_assume(a <= 10);
In = fib(a);
return 0;
}
int main() {
int x = klee_int("x");
klee_assume(x > 10);
klee_assume(x < 20);
assert(!klee_is_symbolic(klee_get_value_i32(x)));
assert(klee_get_value_i32(x) > 10);
assert(klee_get_value_i32(x) < 20);
return 0;
}
int main (int argc, char** argv) {
int x;
int y;
klee_make_symbolic(&x, sizeof(x), "x");
klee_make_symbolic(&y, sizeof(y), "y");
// klee_assume((1.99946831462933) * x + (1.99946259758235) * y >= 0.999016667912656);
klee_assume (x < 0);
klee_assume (x + y > -1);
klee_assert (y >= 0);
return 0;
}
void main() {
uint32_t na;
uint32_t nb;
uint32_t nc;
klee_make_symbolic(&na, sizeof(na), "na");
klee_make_symbolic(&nb, sizeof(nb), "nb");
klee_make_symbolic(&nc, sizeof(nc), "nc");
int nN = 3;
klee_assume(na > 0);
klee_assume(nb > 0);
klee_assume(nc > 0);
assert(nPow(na, nN) + nPow(nb, nN) != nPow(nc, nN));
}
int main (int argc, char** argv) {
int x;
int y;
klee_make_symbolic(&x, sizeof(x), "x");
klee_make_symbolic(&y, sizeof(y), "y");
klee_assume(x + y > -1);
klee_assume (x >= 0);
x--;
y++;
klee_assert(x + y > -1);
return 0;
}
static void __create_new_dfile(exe_disk_file_t *dfile, unsigned size,
const char *name, struct stat64 *defaults) {
struct stat64 *s = malloc(sizeof(*s));
const char *sp;
char sname[64];
for (sp=name; *sp; ++sp)
sname[sp-name] = *sp;
memcpy(&sname[sp-name], "-stat", 6);
assert(size);
dfile->size = size;
dfile->contents = malloc(dfile->size);
klee_make_symbolic(dfile->contents, dfile->size, name);
klee_make_symbolic(s, sizeof(*s), sname);
/* For broken tests */
if (!klee_is_symbolic(s->st_ino) &&
(s->st_ino & 0x7FFFFFFF) == 0)
s->st_ino = defaults->st_ino;
/* Important since we copy this out through getdents, and readdir
will otherwise skip this entry. For same reason need to make sure
it fits in low bits. */
klee_assume((s->st_ino & 0x7FFFFFFF) != 0);
/* uclibc opendir uses this as its buffer size, try to keep
reasonable. */
klee_assume((s->st_blksize & ~0xFFFF) == 0);
klee_posix_prefer_cex(s, !(s->st_mode & ~(S_IFMT | 0777)));
klee_posix_prefer_cex(s, s->st_dev == defaults->st_dev);
klee_posix_prefer_cex(s, s->st_rdev == defaults->st_rdev);
klee_posix_prefer_cex(s, (s->st_mode&0700) == 0600);
klee_posix_prefer_cex(s, (s->st_mode&0070) == 0020);
klee_posix_prefer_cex(s, (s->st_mode&0007) == 0002);
klee_posix_prefer_cex(s, (s->st_mode&S_IFMT) == S_IFREG);
klee_posix_prefer_cex(s, s->st_nlink == 1);
klee_posix_prefer_cex(s, s->st_uid == defaults->st_uid);
klee_posix_prefer_cex(s, s->st_gid == defaults->st_gid);
klee_posix_prefer_cex(s, s->st_blksize == 4096);
klee_posix_prefer_cex(s, s->st_atime == defaults->st_atime);
klee_posix_prefer_cex(s, s->st_mtime == defaults->st_mtime);
klee_posix_prefer_cex(s, s->st_ctime == defaults->st_ctime);
s->st_size = dfile->size;
s->st_blocks = 8;
dfile->stat = s;
}
int main()
{
int a;
/* We make a symbolic */
/* a = 30; */
klee_make_symbolic(&a, sizeof(int), "a");
klee_assume(a >= 0);
klee_assume(a <= 30);
fib(a);
return a;
}
int main() {
int count;
int i;
klee_make_symbolic(&count, sizeof(count), "count");
klee_make_symbolic(&i, sizeof(i), "i");
klee_assume(count == 0);
klee_assume(i == 0);
klee_abstract(i == 0);
klee_abstract(count == 2);
while(i < 3){
count++;
i++;
}
klee_assert(count == 3);
}
int main() {
int p1, p2, p3;
klee_make_symbolic(&p1, sizeof(p1), "p1");
klee_make_symbolic(&p2, sizeof(p2), "p2");
klee_make_symbolic(&p3, sizeof(p3), "p3");
klee_make_symbolic(&x, sizeof(x), "x");
klee_assume (x <= 0);
if (p1 > 8)
x = x + 1;
else
x = x + 2;
if (p2 > 8)
x = x + 1;
else
x = x + 2;
if (p3 > 8)
x = x + 1;
else
x = x + 2;
assert(x <= 6);
return 0;
}
int client(void) {
int forks = 0;
unsigned i;
for (i = 0; i < PRODUCERS_COUNT; i++) {
pid_t pid = fork();
assert(pid >= 0);
if (pid == 0) {
send_units(UNITS_PER_PRODUCER*i, UNITS_PER_PRODUCER);
return 0;
} else {
forks++;
}
}
while (forks > 0) {
int res = wait(NULL);
assert(res != -1);
forks--;
}
int unit;
klee_make_symbolic(&unit, sizeof(unit), "negative unit");
klee_assume(unit < -10);
send_unit(unit);
return 0;
}
int main() {
int p1,p2, x;
klee_make_symbolic(&p1, sizeof(p1), "p1");
klee_make_symbolic(&p2, sizeof(p2), "p2");
klee_make_symbolic(&x, sizeof(x), "x");
klee_assume(x == 0);
if (p1 > 8)
x = x;
else
x = x + 1;
if (p2 > 8)
x = x;
else
x = x + 2;
// Without the join, this example produces 4 tests, but with the
// join just1 1.
klee_join("dummy1", x);
klee_assert(x <= 3);
return x;
}
int main() {
unsigned char a[4] = "abc";
unsigned i;
int p1, p2;
klee_make_symbolic(&i, sizeof(i), "i");
klee_make_symbolic(&p1, sizeof(p1), "p1");
klee_make_symbolic(&p2, sizeof(p2), "p2");
klee_assume(i < 4);
if (p1 < 8) {
if (i > 0)
a[i] = 'b';
}
if (p2 < 8) {
if (i < 3)
a[i] = 'a';
}
assert(a[0] == 'a');
return 0;
}
int main(void)
{
int n, m;
klee_make_symbolic(&n, sizeof n, "n");
klee_assume(n < -1);
if (n/2 > 0)
assert(0);
klee_make_symbolic(&m, sizeof m, "m");
klee_assume(m > 0);
if (m/2 == 2)
printf("m is 2\n");
return 0;
}
int main()
{
int N;
klee_make_symbolic(&N, sizeof(N), "N");
klee_assume(0 <= N);
klee_assume(N <= 4);
int x = 0, i = 0;
while (i < N) {
if (i % 2 == 0) {
x += 2;
}
i++;
}
assert(x == N || x == N + 1); // x == N if N is even, otherwise N is odd
return 0;
}
int main(int argc, char** argv) {
int x = 54;
klee_make_symbolic(&x, sizeof(x), "x");
klee_assume(x == ASSUME_VALUE);
#ifdef PRINT_VALUE
printf("x=%d\n", x);
#endif
return 0;
}
int main (int argc, char** argv) {
int x;
int y;
int xa;
int ya;
klee_make_symbolic(&xa, sizeof(xa), "xa");
klee_make_symbolic(&ya, sizeof(ya), "ya");
klee_assume(xa + 2 * ya >= 0);
klee_assert(xa + 2 * ya >= -1);
return 0;
}
/* n_files: number of symbolic input files, excluding stdin
file_length: size in bytes of each symbolic file, including stdin
sym_stdout_flag: 1 if stdout should be symbolic, 0 otherwise
save_all_writes_flag: 1 if all writes are executed as expected, 0 if
writes past the initial file size are discarded
(file offset is always incremented)
max_failures: maximum number of system call failures */
void klee_init_fds(unsigned n_files, unsigned file_length,
int sym_stdout_flag, int save_all_writes_flag,
unsigned max_failures) {
unsigned k;
char name[7] = "?-data";
struct stat64 s;
stat64(".", &s);
__exe_fs.n_sym_files = n_files;
__exe_fs.sym_files = malloc(sizeof(*__exe_fs.sym_files) * n_files);
for (k=0; k < n_files; k++) {
name[0] = 'A' + k;
__create_new_dfile(&__exe_fs.sym_files[k], file_length, name, &s);
}
/* setting symbolic stdin */
if (file_length) {
__exe_fs.sym_stdin = malloc(sizeof(*__exe_fs.sym_stdin));
__create_new_dfile(__exe_fs.sym_stdin, file_length, "stdin", &s);
__exe_env.fds[0].dfile = __exe_fs.sym_stdin;
}
else __exe_fs.sym_stdin = NULL;
__exe_fs.max_failures = max_failures;
if (__exe_fs.max_failures) {
__exe_fs.open_fail = malloc(sizeof(*__exe_fs.open_fail));
__exe_fs.read_fail = malloc(sizeof(*__exe_fs.read_fail));
__exe_fs.write_fail = malloc(sizeof(*__exe_fs.write_fail));
__exe_fs.close_fail = malloc(sizeof(*__exe_fs.close_fail));
__exe_fs.ftruncate_fail = malloc(sizeof(*__exe_fs.ftruncate_fail));
__exe_fs.getcwd_fail = malloc(sizeof(*__exe_fs.getcwd_fail));
klee_make_symbolic(__exe_fs.open_fail, sizeof(*__exe_fs.open_fail), "open_fail");
klee_make_symbolic(__exe_fs.read_fail, sizeof(*__exe_fs.read_fail), "read_fail");
klee_make_symbolic(__exe_fs.write_fail, sizeof(*__exe_fs.write_fail), "write_fail");
klee_make_symbolic(__exe_fs.close_fail, sizeof(*__exe_fs.close_fail), "close_fail");
klee_make_symbolic(__exe_fs.ftruncate_fail, sizeof(*__exe_fs.ftruncate_fail), "ftruncate_fail");
klee_make_symbolic(__exe_fs.getcwd_fail, sizeof(*__exe_fs.getcwd_fail), "getcwd_fail");
}
/* setting symbolic stdout */
if (sym_stdout_flag) {
__exe_fs.sym_stdout = malloc(sizeof(*__exe_fs.sym_stdout));
__create_new_dfile(__exe_fs.sym_stdout, 1024, "stdout", &s);
__exe_env.fds[1].dfile = __exe_fs.sym_stdout;
__exe_fs.stdout_writes = 0;
}
else __exe_fs.sym_stdout = NULL;
__exe_env.save_all_writes = save_all_writes_flag;
__exe_env.version = __sym_uint32("model_version");
klee_assume(__exe_env.version == 1);
}
int main(int argc, char** argv) {
int x = klee_range(0, BOUND_VALUE, "x");
#ifdef FORCE_VALUE
klee_assume(x == FORCE_VALUE);
#endif
#ifdef PRINT_VALUE
printf("x=%d\n", x);
#endif
return 0;
}
int klee_range(int start, int end, const char* name) {
int x;
if (start >= end)
klee_report_error(__FILE__, __LINE__, "invalid range", "user");
if (start+1==end) {
return start;
} else {
klee_make_symbolic(&x, sizeof x, name);
/* Make nicer constraint when simple... */
if (start==0) {
klee_assume((unsigned) x < (unsigned) end);
} else {
klee_assume(start <= x);
klee_assume(x < end);
}
return x;
}
}
int main() {
char a[6] = "hello";
unsigned i;
klee_make_symbolic(&i, sizeof(i), "i");
klee_assume(i <= 1);
a[i] = 0;
assert(a[3] != 0);
return 0;
}
int main (int argc, char **argv) {
int a = 1;
int b = 1;
// ADVANCED ALGORITHM START
while (b <= 10) {
b = a;
a = a * 2;
}
// Some constraint that we wish to have satisfied
klee_assume(b <= a);
return 0;
}
int main() {
unsigned char k;
klee_make_symbolic(&k, sizeof(k), "k");
klee_assume(k < 10);
// CHECK: Yes
// CHECK-NEXT: No
if (array[k] >= 1)
printf("Yes\n");
// CHECK: KLEE: done: completed paths = 1
return 0;
}
int main() {
int i;
int j;
klee_make_symbolic(&i, sizeof(i), "i");
klee_make_symbolic(&j, sizeof(j), "j");
klee_assume (0 <= i);
klee_assume (i <= 10);
int x,y;
x=i;
y=j;
while (x!=0) {
x--;
y--;
}
if (i==j) {
assert( y == 0);
}
return 1;
}
/*
* This is an example to test if the dependency
* of the assertion to z is computed correctly.
*/
int add(int p1, int p2, int p3, int x) {
int z = 6;
klee_assume(x <= 0);
if (p1 > 8)
x = x + 1;
if (p2 > 8)
x = x;
else
x = x + 2;
if (p3 > 8)
x = x + 3;
assert(x <= z);
return x;
}
int main() {
unsigned char k;
klee_make_symbolic(&k, sizeof(k), "k");
klee_assume(k < 5);
// CHECK: Yes
// CHECK-NEXT: No
if (array[array2[k]] == 7)
printf("Yes\n");
else
printf("No\n");
// CHECK: KLEE: done: completed paths = 2
return 0;
}
int main(int argc, char *argv[])
{
int length;
if (argc < 2) {
length = NITEMS;
}
else length = atoi(argv[1]);
int *data = (int*) malloc(length * sizeof(int));
int *ROM_data = (int*) malloc(length * sizeof(int));
klee_make_symbolic(data, NITEMS * sizeof(int), "data_symb");
// for (int i = 0; i < length-1; ++i) {
// data[i] = i; //could be rand(); later
// ROM_data[i] = i;
// }
// devicesDump();
klee_assume(data[0] != data[1]);
// Copy all the symbolic stuff in!
for (int i = 0; i < length; ++i)
{
ROM_data[i] = data[i];
}
if (data[0] < data[1])
{ printf("a\n");
cudasummer(data, length);
}
else
{ printf("b\n");
cudasummer(data, length);
}
if (length < 1000)
for (int i = 0 ; i < length; ++i)
{
printf("%d\n", data[i]);
}
verify(data, ROM_data, length);
}
static const char *__concretize_string(const char *s) {
char *sc = __concretize_ptr(s);
unsigned i;
for (i=0; ; ++i) {
char c = *sc;
if (!(i&(i-1))) {
if (!c) {
*sc++ = 0;
break;
} else if (c=='/') {
*sc++ = '/';
}
} else {
char cc = (char) klee_get_valuel((long)c);
klee_assume(cc == c);
*sc++ = cc;
if (!cc) break;
}
}
return s;
}
void __VERIFIER_assume(int expr)
{
klee_assume(expr);
}
