static SolverImpl::SolverRunStatus
runAndGetCex(::VC vc, STPBuilder *builder, ::VCExpr q,
const std::vector<const Array *> &objects,
std::vector<std::vector<unsigned char> > &values,
bool &hasSolution) {
// XXX I want to be able to timeout here, safely
hasSolution = !vc_query(vc, q);
if (hasSolution) {
values.reserve(objects.size());
for (std::vector<const Array *>::const_iterator it = objects.begin(),
ie = objects.end();
it != ie; ++it) {
const Array *array = *it;
std::vector<unsigned char> data;
data.reserve(array->size);
for (unsigned offset = 0; offset < array->size; offset++) {
ExprHandle counter =
vc_getCounterExample(vc, builder->getInitialRead(array, offset));
unsigned char val = getBVUnsigned(counter);
data.push_back(val);
}
values.push_back(data);
}
}
if (true == hasSolution) {
return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_SOLVABLE;
} else {
return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_UNSOLVABLE;
}
}
int main() {
VC vc = vc_createValidityChecker();
vc_setFlags('n');
vc_setFlags('d');
//vc_setFlags('p');
Type bv8 = vc_bvType(vc, 8);
Expr a = vc_bvCreateMemoryArray(vc, "a");
Expr index_3 = vc_bvConstExprFromInt(vc, 32, 3);
Expr a_of_0 = vc_readExpr(vc, a, index_3);
int i;
for (i = 2; i >= 0; i--)
a_of_0 = vc_bvConcatExpr(vc,
a_of_0,
vc_readExpr(vc, a,
vc_bvConstExprFromInt(vc, 32, i)));
Expr ct_5 = vc_bvConstExprFromInt(vc, 32, 5);
Expr a_of_0_div_5 = vc_bvDivExpr(vc, 32, a_of_0, ct_5);
Expr a_of_0_div_5_eq_5 = vc_eqExpr(vc, a_of_0_div_5, ct_5);
vc_printExpr(vc, a_of_0_div_5_eq_5); printf("\n");
/* Query 1 */
vc_push(vc);
int query = vc_query(vc, a_of_0_div_5_eq_5);
vc_pop(vc);
printf("query = %d\n", query);
vc_assertFormula(vc, a_of_0_div_5_eq_5);
vc_printExpr(vc, a_of_0_div_5_eq_5);
/* query(false) */
vc_push(vc);
query = vc_query(vc, vc_falseExpr(vc));
vc_pop(vc);
printf("query = %d\n", query);
assert(!query);
assert(vc_counterexample_size(vc));
int* a_val = (int*) malloc(sizeof *a_val);
char *p = (char*) a_val;
//a_of_1 = vc_simplify(vc, a_of_1); // BUG here
for (i=0; i<=3; i++) {
Expr elem = vc_readExpr(vc, a, vc_bvConstExprFromInt(vc, 32, i));
Expr ce = vc_getCounterExample(vc, elem);
unsigned long long v = getBVUnsigned(ce);
fprintf(stderr, "a[%d] = %ld\n", i, v);
*p = v; p++;
}
printf("a = %d\n", *a_val);
assert((*a_val)/5 == 5);
vc_Destroy(vc);
}
TEST(stp_array_model,one) {
VC vc = vc_createValidityChecker();
Expr a = vc_bvCreateMemoryArray(vc, "a");
Expr index_1 = vc_bvConstExprFromInt(vc, 32, 1);
Expr a_of_1 = vc_readExpr(vc, a, index_1);
Expr index_2 = vc_bvConstExprFromInt(vc, 32, 2);
Expr a_of_2 = vc_readExpr(vc, a, index_2);
Expr ct_42 = vc_bvConstExprFromInt(vc, 8, 42);
Expr a_of_1_eq_42 = vc_eqExpr(vc, a_of_1, ct_42);
Expr ct_77 = vc_bvConstExprFromInt(vc, 8, 77);
Expr a_of_2_eq_77 = vc_eqExpr(vc, a_of_2, ct_77);
vc_assertFormula(vc, a_of_1_eq_42);
vc_assertFormula(vc, a_of_2_eq_77);
/* query(false) */
ASSERT_TRUE(vc_query(vc, vc_falseExpr(vc)) == 0); // Should be invalid
ASSERT_FALSE(vc_counterexample_size(vc) == 0);
Expr *indices;
Expr *values;
int size;
vc_getCounterExampleArray(vc, a, &indices, &values, &size);
ASSERT_FALSE(size == 0); // No array entries
int j;
for (j = 0; j < size; ++j) {
Expr index = vc_getCounterExample(vc, indices[j]);
Expr value = vc_getCounterExample(vc, values[j]);
unsigned long long i = getBVUnsigned(index);
unsigned long long v = getBVUnsigned(value);
fprintf(stderr, "a[%llu] = %llu\n", i, v);
}
vc_Destroy(vc);
}
int main() {
VC vc = vc_createValidityChecker();
vc_setFlags('n');
vc_setFlags('d');
//vc_setFlags('p');
Type bv8 = vc_bvType(vc, 8);
Expr a = vc_bvCreateMemoryArray(vc, "a");
Expr index_1 = vc_bvConstExprFromInt(vc, 32, 1);
Expr a_of_1 = vc_readExpr(vc, a, index_1);
Expr ct_100 = vc_bvConstExprFromInt(vc, 8, 100);
Expr a_of_1_eq_100 = vc_eqExpr(vc, a_of_1, ct_100);
/* Query 1 */
vc_push(vc);
int query = vc_query(vc, a_of_1_eq_100);
vc_pop(vc);
printf("query = %d\n", query);
vc_assertFormula(vc, a_of_1_eq_100);
/* query(false) */
vc_push(vc);
query = vc_query(vc, vc_falseExpr(vc));
vc_pop(vc);
printf("query = %d\n", query);
if (vc_counterexample_size(vc) == 0) {
printf("Counterexample size is 0\n");
exit(1);
}
a_of_1 = vc_simplify(vc, a_of_1);
//vc_printExpr(vc, a_of_1);
Expr ce = vc_getCounterExample(vc, a_of_1);
unsigned long long v = getBVUnsigned(ce);
fprintf(stderr, "a[1] = %ld\n", v);
vc_Destroy(vc);
}
TEST(stp_counterex,one) {
VC vc = vc_createValidityChecker();
vc_setFlags(vc,'n');
vc_setFlags(vc,'d');
//vc_setFlags(vc,'p');
Type bv8 = vc_bvType(vc, 8);
Expr a = vc_bvCreateMemoryArray(vc, "a");
Expr index_1 = vc_bvConstExprFromInt(vc, 32, 1);
Expr a_of_1 = vc_readExpr(vc, a, index_1);
Expr ct_100 = vc_bvConstExprFromInt(vc, 8, 100);
Expr a_of_1_eq_100 = vc_eqExpr(vc, a_of_1, ct_100);
/* Query 1 */
vc_push(vc);
int query = vc_query(vc, a_of_1_eq_100);
vc_pop(vc);
printf("query = %d\n", query);
vc_assertFormula(vc, a_of_1_eq_100);
/* query(false) */
vc_push(vc);
query = vc_query(vc, vc_falseExpr(vc));
vc_pop(vc);
printf("query = %d\n", query);
ASSERT_FALSE(vc_counterexample_size(vc) == 0);
a_of_1 = vc_simplify(vc, a_of_1);
//vc_printExpr(vc, a_of_1);
Expr ce = vc_getCounterExample(vc, a_of_1);
unsigned long long v = getBVUnsigned(ce);
fprintf(stderr, "a[1] = %llu\n", v);
vc_Destroy(vc);
// FIXME: we should test more things!
}
static SolverImpl::SolverRunStatus
runAndGetCexForked(::VC vc, STPBuilder *builder, ::VCExpr q,
const std::vector<const Array *> &objects,
std::vector<std::vector<unsigned char> > &values,
bool &hasSolution, double timeout) {
unsigned char *pos = shared_memory_ptr;
unsigned sum = 0;
for (std::vector<const Array *>::const_iterator it = objects.begin(),
ie = objects.end();
it != ie; ++it)
sum += (*it)->size;
if (sum >= shared_memory_size)
llvm::report_fatal_error("not enough shared memory for counterexample");
fflush(stdout);
fflush(stderr);
int pid = fork();
if (pid == -1) {
klee_warning("fork failed (for STP)");
if (!IgnoreSolverFailures)
exit(1);
return SolverImpl::SOLVER_RUN_STATUS_FORK_FAILED;
}
if (pid == 0) {
if (timeout) {
::alarm(0); /* Turn off alarm so we can safely set signal handler */
::signal(SIGALRM, stpTimeoutHandler);
::alarm(std::max(1, (int)timeout));
}
unsigned res = vc_query(vc, q);
if (!res) {
for (std::vector<const Array *>::const_iterator it = objects.begin(),
ie = objects.end();
it != ie; ++it) {
const Array *array = *it;
for (unsigned offset = 0; offset < array->size; offset++) {
ExprHandle counter =
vc_getCounterExample(vc, builder->getInitialRead(array, offset));
*pos++ = getBVUnsigned(counter);
}
}
}
_exit(res);
} else {
int status;
pid_t res;
do {
res = waitpid(pid, &status, 0);
} while (res < 0 && errno == EINTR);
if (res < 0) {
klee_warning("waitpid() for STP failed");
if (!IgnoreSolverFailures)
exit(1);
return SolverImpl::SOLVER_RUN_STATUS_WAITPID_FAILED;
}
// From timed_run.py: It appears that linux at least will on
// "occasion" return a status when the process was terminated by a
// signal, so test signal first.
if (WIFSIGNALED(status) || !WIFEXITED(status)) {
klee_warning("STP did not return successfully. Most likely you forgot "
"to run 'ulimit -s unlimited'");
if (!IgnoreSolverFailures) {
exit(1);
}
return SolverImpl::SOLVER_RUN_STATUS_INTERRUPTED;
}
int exitcode = WEXITSTATUS(status);
if (exitcode == 0) {
hasSolution = true;
} else if (exitcode == 1) {
hasSolution = false;
} else if (exitcode == 52) {
klee_warning("STP timed out");
// mark that a timeout occurred
return SolverImpl::SOLVER_RUN_STATUS_TIMEOUT;
} else {
klee_warning("STP did not return a recognized code");
if (!IgnoreSolverFailures)
exit(1);
return SolverImpl::SOLVER_RUN_STATUS_UNEXPECTED_EXIT_CODE;
}
if (hasSolution) {
values = std::vector<std::vector<unsigned char> >(objects.size());
unsigned i = 0;
for (std::vector<const Array *>::const_iterator it = objects.begin(),
ie = objects.end();
it != ie; ++it) {
const Array *array = *it;
std::vector<unsigned char> &data = values[i++];
data.insert(data.begin(), pos, pos + array->size);
pos += array->size;
}
}
if (true == hasSolution) {
return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_SOLVABLE;
} else {
return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_UNSOLVABLE;
}
}
}
value caml_getBVUnsigned(value e)
{
CAMLparam1(e);
CAMLreturn(Val_int(getBVUnsigned(Expr_val(e))));
}
