int main(int argc, char *argv[]) {
VC vc = vc_createValidityChecker();
vc_setFlags('n');
vc_setFlags('d');
vc_setFlags('p');
Expr nresp1 = vc_varExpr(vc, "nresp1", vc_bv32Type(vc));
Expr packet_get_int0 = vc_varExpr(vc, "packet_get_int0", vc_bv32Type(vc));
Expr exprs[] = {
// nresp1 == packet_get_int0
vc_eqExpr(vc, nresp1, packet_get_int0),
// nresp1 > 0
vc_bvGtExpr(vc, nresp1, vc_bv32ConstExprFromInt(vc, 0))
};
Expr res = vc_andExprN(vc, exprs, sizeof(exprs)/sizeof(exprs[0]));
vc_printExpr(vc, res);
int x = vc_query(vc, res);
printf("vc_query result = %d\n", x);
vc_printCounterExample(vc);
Expr cex = vc_getCounterExample(vc, res);
//vc_printExpr(vc, cex);
}
static SolverImpl::SolverRunStatus
runAndGetCex(::VC vc, STPBuilder *builder, ::VCExpr q,
const std::vector<const Array *> &objects,
std::vector<std::vector<unsigned char> > &values,
bool &hasSolution) {
// XXX I want to be able to timeout here, safely
hasSolution = !vc_query(vc, q);
if (hasSolution) {
values.reserve(objects.size());
for (std::vector<const Array *>::const_iterator it = objects.begin(),
ie = objects.end();
it != ie; ++it) {
const Array *array = *it;
std::vector<unsigned char> data;
data.reserve(array->size);
for (unsigned offset = 0; offset < array->size; offset++) {
ExprHandle counter =
vc_getCounterExample(vc, builder->getInitialRead(array, offset));
unsigned char val = getBVUnsigned(counter);
data.push_back(val);
}
values.push_back(data);
}
}
if (true == hasSolution) {
return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_SOLVABLE;
} else {
return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_UNSOLVABLE;
}
}
int main() {
VC vc = vc_createValidityChecker();
vc_setFlags('n');
vc_setFlags('d');
//vc_setFlags('p');
Type bv8 = vc_bvType(vc, 8);
Expr a = vc_bvCreateMemoryArray(vc, "a");
Expr index_3 = vc_bvConstExprFromInt(vc, 32, 3);
Expr a_of_0 = vc_readExpr(vc, a, index_3);
int i;
for (i = 2; i >= 0; i--)
a_of_0 = vc_bvConcatExpr(vc,
a_of_0,
vc_readExpr(vc, a,
vc_bvConstExprFromInt(vc, 32, i)));
Expr ct_5 = vc_bvConstExprFromInt(vc, 32, 5);
Expr a_of_0_div_5 = vc_bvDivExpr(vc, 32, a_of_0, ct_5);
Expr a_of_0_div_5_eq_5 = vc_eqExpr(vc, a_of_0_div_5, ct_5);
vc_printExpr(vc, a_of_0_div_5_eq_5); printf("\n");
/* Query 1 */
vc_push(vc);
int query = vc_query(vc, a_of_0_div_5_eq_5);
vc_pop(vc);
printf("query = %d\n", query);
vc_assertFormula(vc, a_of_0_div_5_eq_5);
vc_printExpr(vc, a_of_0_div_5_eq_5);
/* query(false) */
vc_push(vc);
query = vc_query(vc, vc_falseExpr(vc));
vc_pop(vc);
printf("query = %d\n", query);
assert(!query);
assert(vc_counterexample_size(vc));
int* a_val = (int*) malloc(sizeof *a_val);
char *p = (char*) a_val;
//a_of_1 = vc_simplify(vc, a_of_1); // BUG here
for (i=0; i<=3; i++) {
Expr elem = vc_readExpr(vc, a, vc_bvConstExprFromInt(vc, 32, i));
Expr ce = vc_getCounterExample(vc, elem);
unsigned long long v = getBVUnsigned(ce);
fprintf(stderr, "a[%d] = %ld\n", i, v);
*p = v; p++;
}
printf("a = %d\n", *a_val);
assert((*a_val)/5 == 5);
vc_Destroy(vc);
}
TEST(stp_array_model,one) {
VC vc = vc_createValidityChecker();
Expr a = vc_bvCreateMemoryArray(vc, "a");
Expr index_1 = vc_bvConstExprFromInt(vc, 32, 1);
Expr a_of_1 = vc_readExpr(vc, a, index_1);
Expr index_2 = vc_bvConstExprFromInt(vc, 32, 2);
Expr a_of_2 = vc_readExpr(vc, a, index_2);
Expr ct_42 = vc_bvConstExprFromInt(vc, 8, 42);
Expr a_of_1_eq_42 = vc_eqExpr(vc, a_of_1, ct_42);
Expr ct_77 = vc_bvConstExprFromInt(vc, 8, 77);
Expr a_of_2_eq_77 = vc_eqExpr(vc, a_of_2, ct_77);
vc_assertFormula(vc, a_of_1_eq_42);
vc_assertFormula(vc, a_of_2_eq_77);
/* query(false) */
ASSERT_TRUE(vc_query(vc, vc_falseExpr(vc)) == 0); // Should be invalid
ASSERT_FALSE(vc_counterexample_size(vc) == 0);
Expr *indices;
Expr *values;
int size;
vc_getCounterExampleArray(vc, a, &indices, &values, &size);
ASSERT_FALSE(size == 0); // No array entries
int j;
for (j = 0; j < size; ++j) {
Expr index = vc_getCounterExample(vc, indices[j]);
Expr value = vc_getCounterExample(vc, values[j]);
unsigned long long i = getBVUnsigned(index);
unsigned long long v = getBVUnsigned(value);
fprintf(stderr, "a[%llu] = %llu\n", i, v);
}
vc_Destroy(vc);
}
// FIXME: Pick a sensible testname that actually means something!
TEST(array_cvcl02,one) {
VC vc = vc_createValidityChecker();
vc_setFlag(vc,'n');
vc_setFlag(vc,'d');
vc_setFlag(vc,'p');
Expr cvcl_array = vc_varExpr1(vc, "a",32,32);
Expr i = vc_varExpr1(vc, "i", 0, 8);
Expr i32 = vc_bvConcatExpr(vc,
vc_bvConstExprFromStr(vc,
"000000000000000000000000"),
i);
Expr no_underflow = vc_bvLeExpr(vc,
vc_bvConstExprFromInt(vc, 32, 0),
i32);
Expr no_overflow = vc_bvLeExpr(vc,
i32,
vc_bvConstExprFromInt(vc, 32, 9));
Expr in_bounds = vc_andExpr(vc, no_underflow, no_overflow);
Expr a_of_i = vc_bvSignExtend(vc,
vc_readExpr(vc,cvcl_array,i32),
32);
Expr a_of_i_eq_11 = vc_eqExpr(vc,
vc_bvConcatExpr(vc,i32,a_of_i),
vc_bvConstExprFromInt(vc, 64, 11));
vc_assertFormula(vc, in_bounds);
vc_assertFormula(vc, a_of_i_eq_11);
vc_query(vc, vc_falseExpr(vc));
long long v;
Expr pre = vc_bvConstExprFromInt(vc,24,0);
int j;
for(j=0;j<10;j++) {
Expr exprj = vc_bvConstExprFromInt(vc,8,j);
Expr index = vc_bvConcatExpr(vc, pre, exprj);
index = vc_simplify(vc,index);
Expr a_of_j = vc_readExpr(vc, cvcl_array, index);
Expr ce = vc_getCounterExample(vc,a_of_j);
}
vc_Destroy(vc);
//vc_printCounterExample(vc);
// FIXME: Actually test something
//ASSERT_TRUE(false && "FIXME: Actually test something");
}
int main() {
VC vc = vc_createValidityChecker();
vc_setFlags('n');
vc_setFlags('d');
//vc_setFlags('p');
Type bv8 = vc_bvType(vc, 8);
Expr a = vc_bvCreateMemoryArray(vc, "a");
Expr index_1 = vc_bvConstExprFromInt(vc, 32, 1);
Expr a_of_1 = vc_readExpr(vc, a, index_1);
Expr ct_100 = vc_bvConstExprFromInt(vc, 8, 100);
Expr a_of_1_eq_100 = vc_eqExpr(vc, a_of_1, ct_100);
/* Query 1 */
vc_push(vc);
int query = vc_query(vc, a_of_1_eq_100);
vc_pop(vc);
printf("query = %d\n", query);
vc_assertFormula(vc, a_of_1_eq_100);
/* query(false) */
vc_push(vc);
query = vc_query(vc, vc_falseExpr(vc));
vc_pop(vc);
printf("query = %d\n", query);
if (vc_counterexample_size(vc) == 0) {
printf("Counterexample size is 0\n");
exit(1);
}
a_of_1 = vc_simplify(vc, a_of_1);
//vc_printExpr(vc, a_of_1);
Expr ce = vc_getCounterExample(vc, a_of_1);
unsigned long long v = getBVUnsigned(ce);
fprintf(stderr, "a[1] = %ld\n", v);
vc_Destroy(vc);
}
TEST(stp_counterex,one) {
VC vc = vc_createValidityChecker();
vc_setFlags(vc,'n');
vc_setFlags(vc,'d');
//vc_setFlags(vc,'p');
Type bv8 = vc_bvType(vc, 8);
Expr a = vc_bvCreateMemoryArray(vc, "a");
Expr index_1 = vc_bvConstExprFromInt(vc, 32, 1);
Expr a_of_1 = vc_readExpr(vc, a, index_1);
Expr ct_100 = vc_bvConstExprFromInt(vc, 8, 100);
Expr a_of_1_eq_100 = vc_eqExpr(vc, a_of_1, ct_100);
/* Query 1 */
vc_push(vc);
int query = vc_query(vc, a_of_1_eq_100);
vc_pop(vc);
printf("query = %d\n", query);
vc_assertFormula(vc, a_of_1_eq_100);
/* query(false) */
vc_push(vc);
query = vc_query(vc, vc_falseExpr(vc));
vc_pop(vc);
printf("query = %d\n", query);
ASSERT_FALSE(vc_counterexample_size(vc) == 0);
a_of_1 = vc_simplify(vc, a_of_1);
//vc_printExpr(vc, a_of_1);
Expr ce = vc_getCounterExample(vc, a_of_1);
unsigned long long v = getBVUnsigned(ce);
fprintf(stderr, "a[1] = %llu\n", v);
vc_Destroy(vc);
// FIXME: we should test more things!
}
// XXX
// Expr * vc_getCounterExample(VC vc, int *size)
value caml_vc_getCounterExample(value vc)
{
CAMLparam1(vc);
CAMLlocal2(tmp,result);
Expr *e;
int i, size;
e = vc_getCounterExample(VC_val(vc), &size);
if( !e ) CAMLreturn(Val_int(0)); // empty list
result = Val_int(0);
for( i = 0; i < size; i++ ) {
tmp = caml_alloc(2, 0);
Store_field(tmp, 0, alloc_Expr(e[i]));
Store_field(tmp, 1, result);
result = tmp;
}
free(e);
CAMLreturn(result);
}
void test1()
{
Flags flags = vc_createFlags();
VC vc;
Type b;
Expr p, np, e;
Type r, real2real;
Expr x, y, fx, fy, xeqy, fxeqfy, w, z, weqx, yeqz, one, two, xeqone, xeqtwo,
simp, simp2;
Op f;
Expr* assertions;
int i, size, res;
Kind k;
vc_setStringFlag(flags, "dump-log", ".testc1.cvc");
vc_setStrSeqFlag(flags, "trace", "pushpop", 1);
vc = vc_createValidityChecker(flags);
// Check p OR ~p
b = vc_boolType(vc);
p = vc_varExpr(vc, "p", vc_boolType(vc));
np = vc_notExpr(vc, p);
e = vc_orExpr(vc, p, np);
res = check(vc, e);
FatalAssert(res == 1, "Expected Valid");
FatalAssert(vc_getKind(e) == OR, "Expected TRUE for kind check");
FatalAssert(vc_getKind(vc_getType(vc, e)) == BOOLEAN, "Expected TRUE for type kind check");
vc_deleteType(b);
vc_deleteExpr(p);
vc_deleteExpr(np);
vc_deleteExpr(e);
/* Check x = y -> f(x) = f(y) */
r = vc_realType(vc);
x = vc_varExpr(vc, "x", r);
y = vc_varExpr(vc, "y", r);
real2real = vc_funType1(vc, r, r);
f = vc_createOp(vc, "f", real2real);
fx = vc_funExpr1(vc, f, x);
fy = vc_funExpr1(vc, f, y);
xeqy = vc_eqExpr(vc, x, y);
fxeqfy = vc_eqExpr(vc, fx, fy);
e = vc_impliesExpr(vc, xeqy, fxeqfy);
res = check(vc, e);
FatalAssert(res == 1, "Expected Valid");
vc_deleteType(real2real);
vc_deleteExpr(e);
// Check f(x) = f(y) -> x = y
e = vc_impliesExpr(vc, fxeqfy, xeqy);
vc_push(vc);
res = check(vc, e);
FatalAssert(res == 0, "Expected Invalid");
vc_deleteExpr(e);
// Get counter-example
printf("Stack level: %d\n", vc_stackLevel(vc));
printf("Counter-example:\n");
assertions = vc_getCounterExample(vc, &size);
for (i = 0; i < size; ++i) {
vc_printExpr(vc, assertions[i]);
}
vc_deleteVector(assertions);
printf("End of counter-example\n\n");
printf("Concrete model:\n");
assertions = vc_getConcreteModel(vc, &size);
for (i = 0; i < size; ++i) {
vc_printExpr(vc, assertions[i]);
}
vc_deleteVector(assertions);
printf("End of concrete model\n\n");
// Reset to initial scope
printf("Resetting\n");
vc_pop(vc);
printf("Stack level: %d\n\n", vc_stackLevel(vc));
// Check w = x & x = y & y = z & f(x) = f(y) & x = 1 & z = 2
w = vc_varExpr(vc, "w", r);
z = vc_varExpr(vc, "z", r);
printf("Push Scope\n\n");
vc_push(vc);
weqx = vc_eqExpr(vc, w, x);
yeqz = vc_eqExpr(vc, y, z);
one = vc_ratExpr(vc, 1, 1);
two = vc_ratExpr(vc, 2, 1);
xeqone = vc_eqExpr(vc, x, one);
xeqtwo = vc_eqExpr(vc, x, two);
newAssertion(vc, weqx);
newAssertion(vc, xeqy);
newAssertion(vc, yeqz);
newAssertion(vc, fxeqfy);
newAssertion(vc, xeqone);
newAssertion(vc, xeqtwo);
printf("\nsimplify(w) = ");
simp = vc_simplify(vc, w);
char* str = vc_printExprString(vc, simp);
printf("%s\n", str);
vc_deleteString(str);
printf("Inconsistent?: %d\n", vc_inconsistent(vc, &assertions, &size));
check_error("Error occured during inconsistency check");
printf("Assumptions Used:\n");
for (i = 0; i < size; ++i) {
vc_printExpr(vc, assertions[i]);
}
vc_deleteVector(assertions);
printf("\nPop Scope\n\n");
vc_pop(vc);
printf("simplify(w) = ");
simp2 = vc_simplify(vc, w);
vc_printExpr(vc, simp2);
printf("\n");
printf("Inconsistent?: %d\n", vc_inconsistent(vc, &assertions, &size));
vc_deleteVector(assertions);
vc_deleteType(r);
vc_deleteExpr(x);
vc_deleteExpr(y);
vc_deleteOp(f);
vc_deleteExpr(fx);
vc_deleteExpr(fy);
vc_deleteExpr(xeqy);
vc_deleteExpr(fxeqfy);
vc_deleteExpr(w);
vc_deleteExpr(z);
vc_deleteExpr(weqx);
vc_deleteExpr(yeqz);
vc_deleteExpr(one);
vc_deleteExpr(two);
vc_deleteExpr(xeqone);
vc_deleteExpr(xeqtwo);
vc_deleteExpr(simp);
vc_deleteExpr(simp2);
vc_destroyValidityChecker(vc);
vc_deleteFlags(flags);
}
static SolverImpl::SolverRunStatus
runAndGetCexForked(::VC vc, STPBuilder *builder, ::VCExpr q,
const std::vector<const Array *> &objects,
std::vector<std::vector<unsigned char> > &values,
bool &hasSolution, double timeout) {
unsigned char *pos = shared_memory_ptr;
unsigned sum = 0;
for (std::vector<const Array *>::const_iterator it = objects.begin(),
ie = objects.end();
it != ie; ++it)
sum += (*it)->size;
if (sum >= shared_memory_size)
llvm::report_fatal_error("not enough shared memory for counterexample");
fflush(stdout);
fflush(stderr);
int pid = fork();
if (pid == -1) {
klee_warning("fork failed (for STP)");
if (!IgnoreSolverFailures)
exit(1);
return SolverImpl::SOLVER_RUN_STATUS_FORK_FAILED;
}
if (pid == 0) {
if (timeout) {
::alarm(0); /* Turn off alarm so we can safely set signal handler */
::signal(SIGALRM, stpTimeoutHandler);
::alarm(std::max(1, (int)timeout));
}
unsigned res = vc_query(vc, q);
if (!res) {
for (std::vector<const Array *>::const_iterator it = objects.begin(),
ie = objects.end();
it != ie; ++it) {
const Array *array = *it;
for (unsigned offset = 0; offset < array->size; offset++) {
ExprHandle counter =
vc_getCounterExample(vc, builder->getInitialRead(array, offset));
*pos++ = getBVUnsigned(counter);
}
}
}
_exit(res);
} else {
int status;
pid_t res;
do {
res = waitpid(pid, &status, 0);
} while (res < 0 && errno == EINTR);
if (res < 0) {
klee_warning("waitpid() for STP failed");
if (!IgnoreSolverFailures)
exit(1);
return SolverImpl::SOLVER_RUN_STATUS_WAITPID_FAILED;
}
// From timed_run.py: It appears that linux at least will on
// "occasion" return a status when the process was terminated by a
// signal, so test signal first.
if (WIFSIGNALED(status) || !WIFEXITED(status)) {
klee_warning("STP did not return successfully. Most likely you forgot "
"to run 'ulimit -s unlimited'");
if (!IgnoreSolverFailures) {
exit(1);
}
return SolverImpl::SOLVER_RUN_STATUS_INTERRUPTED;
}
int exitcode = WEXITSTATUS(status);
if (exitcode == 0) {
hasSolution = true;
} else if (exitcode == 1) {
hasSolution = false;
} else if (exitcode == 52) {
klee_warning("STP timed out");
// mark that a timeout occurred
return SolverImpl::SOLVER_RUN_STATUS_TIMEOUT;
} else {
klee_warning("STP did not return a recognized code");
if (!IgnoreSolverFailures)
exit(1);
return SolverImpl::SOLVER_RUN_STATUS_UNEXPECTED_EXIT_CODE;
}
if (hasSolution) {
values = std::vector<std::vector<unsigned char> >(objects.size());
unsigned i = 0;
for (std::vector<const Array *>::const_iterator it = objects.begin(),
ie = objects.end();
it != ie; ++it) {
const Array *array = *it;
std::vector<unsigned char> &data = values[i++];
data.insert(data.begin(), pos, pos + array->size);
pos += array->size;
}
}
if (true == hasSolution) {
return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_SOLVABLE;
} else {
return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_UNSOLVABLE;
}
}
}
