int main(int argc, char *argv[]) { VC vc = vc_createValidityChecker(); vc_setFlags('n'); vc_setFlags('d'); vc_setFlags('p'); Expr nresp1 = vc_varExpr(vc, "nresp1", vc_bv32Type(vc)); Expr packet_get_int0 = vc_varExpr(vc, "packet_get_int0", vc_bv32Type(vc)); Expr exprs[] = { // nresp1 == packet_get_int0 vc_eqExpr(vc, nresp1, packet_get_int0), // nresp1 > 0 vc_bvGtExpr(vc, nresp1, vc_bv32ConstExprFromInt(vc, 0)) }; Expr res = vc_andExprN(vc, exprs, sizeof(exprs)/sizeof(exprs[0])); vc_printExpr(vc, res); int x = vc_query(vc, res); printf("vc_query result = %d\n", x); vc_printCounterExample(vc); Expr cex = vc_getCounterExample(vc, res); //vc_printExpr(vc, cex); }
static SolverImpl::SolverRunStatus runAndGetCex(::VC vc, STPBuilder *builder, ::VCExpr q, const std::vector<const Array *> &objects, std::vector<std::vector<unsigned char> > &values, bool &hasSolution) { // XXX I want to be able to timeout here, safely hasSolution = !vc_query(vc, q); if (hasSolution) { values.reserve(objects.size()); for (std::vector<const Array *>::const_iterator it = objects.begin(), ie = objects.end(); it != ie; ++it) { const Array *array = *it; std::vector<unsigned char> data; data.reserve(array->size); for (unsigned offset = 0; offset < array->size; offset++) { ExprHandle counter = vc_getCounterExample(vc, builder->getInitialRead(array, offset)); unsigned char val = getBVUnsigned(counter); data.push_back(val); } values.push_back(data); } } if (true == hasSolution) { return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_SOLVABLE; } else { return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_UNSOLVABLE; } }
int main() { VC vc = vc_createValidityChecker(); vc_setFlags('n'); vc_setFlags('d'); //vc_setFlags('p'); Type bv8 = vc_bvType(vc, 8); Expr a = vc_bvCreateMemoryArray(vc, "a"); Expr index_3 = vc_bvConstExprFromInt(vc, 32, 3); Expr a_of_0 = vc_readExpr(vc, a, index_3); int i; for (i = 2; i >= 0; i--) a_of_0 = vc_bvConcatExpr(vc, a_of_0, vc_readExpr(vc, a, vc_bvConstExprFromInt(vc, 32, i))); Expr ct_5 = vc_bvConstExprFromInt(vc, 32, 5); Expr a_of_0_div_5 = vc_bvDivExpr(vc, 32, a_of_0, ct_5); Expr a_of_0_div_5_eq_5 = vc_eqExpr(vc, a_of_0_div_5, ct_5); vc_printExpr(vc, a_of_0_div_5_eq_5); printf("\n"); /* Query 1 */ vc_push(vc); int query = vc_query(vc, a_of_0_div_5_eq_5); vc_pop(vc); printf("query = %d\n", query); vc_assertFormula(vc, a_of_0_div_5_eq_5); vc_printExpr(vc, a_of_0_div_5_eq_5); /* query(false) */ vc_push(vc); query = vc_query(vc, vc_falseExpr(vc)); vc_pop(vc); printf("query = %d\n", query); assert(!query); assert(vc_counterexample_size(vc)); int* a_val = (int*) malloc(sizeof *a_val); char *p = (char*) a_val; //a_of_1 = vc_simplify(vc, a_of_1); // BUG here for (i=0; i<=3; i++) { Expr elem = vc_readExpr(vc, a, vc_bvConstExprFromInt(vc, 32, i)); Expr ce = vc_getCounterExample(vc, elem); unsigned long long v = getBVUnsigned(ce); fprintf(stderr, "a[%d] = %ld\n", i, v); *p = v; p++; } printf("a = %d\n", *a_val); assert((*a_val)/5 == 5); vc_Destroy(vc); }
TEST(stp_array_model,one) { VC vc = vc_createValidityChecker(); Expr a = vc_bvCreateMemoryArray(vc, "a"); Expr index_1 = vc_bvConstExprFromInt(vc, 32, 1); Expr a_of_1 = vc_readExpr(vc, a, index_1); Expr index_2 = vc_bvConstExprFromInt(vc, 32, 2); Expr a_of_2 = vc_readExpr(vc, a, index_2); Expr ct_42 = vc_bvConstExprFromInt(vc, 8, 42); Expr a_of_1_eq_42 = vc_eqExpr(vc, a_of_1, ct_42); Expr ct_77 = vc_bvConstExprFromInt(vc, 8, 77); Expr a_of_2_eq_77 = vc_eqExpr(vc, a_of_2, ct_77); vc_assertFormula(vc, a_of_1_eq_42); vc_assertFormula(vc, a_of_2_eq_77); /* query(false) */ ASSERT_TRUE(vc_query(vc, vc_falseExpr(vc)) == 0); // Should be invalid ASSERT_FALSE(vc_counterexample_size(vc) == 0); Expr *indices; Expr *values; int size; vc_getCounterExampleArray(vc, a, &indices, &values, &size); ASSERT_FALSE(size == 0); // No array entries int j; for (j = 0; j < size; ++j) { Expr index = vc_getCounterExample(vc, indices[j]); Expr value = vc_getCounterExample(vc, values[j]); unsigned long long i = getBVUnsigned(index); unsigned long long v = getBVUnsigned(value); fprintf(stderr, "a[%llu] = %llu\n", i, v); } vc_Destroy(vc); }
// FIXME: Pick a sensible testname that actually means something! TEST(array_cvcl02,one) { VC vc = vc_createValidityChecker(); vc_setFlag(vc,'n'); vc_setFlag(vc,'d'); vc_setFlag(vc,'p'); Expr cvcl_array = vc_varExpr1(vc, "a",32,32); Expr i = vc_varExpr1(vc, "i", 0, 8); Expr i32 = vc_bvConcatExpr(vc, vc_bvConstExprFromStr(vc, "000000000000000000000000"), i); Expr no_underflow = vc_bvLeExpr(vc, vc_bvConstExprFromInt(vc, 32, 0), i32); Expr no_overflow = vc_bvLeExpr(vc, i32, vc_bvConstExprFromInt(vc, 32, 9)); Expr in_bounds = vc_andExpr(vc, no_underflow, no_overflow); Expr a_of_i = vc_bvSignExtend(vc, vc_readExpr(vc,cvcl_array,i32), 32); Expr a_of_i_eq_11 = vc_eqExpr(vc, vc_bvConcatExpr(vc,i32,a_of_i), vc_bvConstExprFromInt(vc, 64, 11)); vc_assertFormula(vc, in_bounds); vc_assertFormula(vc, a_of_i_eq_11); vc_query(vc, vc_falseExpr(vc)); long long v; Expr pre = vc_bvConstExprFromInt(vc,24,0); int j; for(j=0;j<10;j++) { Expr exprj = vc_bvConstExprFromInt(vc,8,j); Expr index = vc_bvConcatExpr(vc, pre, exprj); index = vc_simplify(vc,index); Expr a_of_j = vc_readExpr(vc, cvcl_array, index); Expr ce = vc_getCounterExample(vc,a_of_j); } vc_Destroy(vc); //vc_printCounterExample(vc); // FIXME: Actually test something //ASSERT_TRUE(false && "FIXME: Actually test something"); }
int main() { VC vc = vc_createValidityChecker(); vc_setFlags('n'); vc_setFlags('d'); //vc_setFlags('p'); Type bv8 = vc_bvType(vc, 8); Expr a = vc_bvCreateMemoryArray(vc, "a"); Expr index_1 = vc_bvConstExprFromInt(vc, 32, 1); Expr a_of_1 = vc_readExpr(vc, a, index_1); Expr ct_100 = vc_bvConstExprFromInt(vc, 8, 100); Expr a_of_1_eq_100 = vc_eqExpr(vc, a_of_1, ct_100); /* Query 1 */ vc_push(vc); int query = vc_query(vc, a_of_1_eq_100); vc_pop(vc); printf("query = %d\n", query); vc_assertFormula(vc, a_of_1_eq_100); /* query(false) */ vc_push(vc); query = vc_query(vc, vc_falseExpr(vc)); vc_pop(vc); printf("query = %d\n", query); if (vc_counterexample_size(vc) == 0) { printf("Counterexample size is 0\n"); exit(1); } a_of_1 = vc_simplify(vc, a_of_1); //vc_printExpr(vc, a_of_1); Expr ce = vc_getCounterExample(vc, a_of_1); unsigned long long v = getBVUnsigned(ce); fprintf(stderr, "a[1] = %ld\n", v); vc_Destroy(vc); }
TEST(stp_counterex,one) { VC vc = vc_createValidityChecker(); vc_setFlags(vc,'n'); vc_setFlags(vc,'d'); //vc_setFlags(vc,'p'); Type bv8 = vc_bvType(vc, 8); Expr a = vc_bvCreateMemoryArray(vc, "a"); Expr index_1 = vc_bvConstExprFromInt(vc, 32, 1); Expr a_of_1 = vc_readExpr(vc, a, index_1); Expr ct_100 = vc_bvConstExprFromInt(vc, 8, 100); Expr a_of_1_eq_100 = vc_eqExpr(vc, a_of_1, ct_100); /* Query 1 */ vc_push(vc); int query = vc_query(vc, a_of_1_eq_100); vc_pop(vc); printf("query = %d\n", query); vc_assertFormula(vc, a_of_1_eq_100); /* query(false) */ vc_push(vc); query = vc_query(vc, vc_falseExpr(vc)); vc_pop(vc); printf("query = %d\n", query); ASSERT_FALSE(vc_counterexample_size(vc) == 0); a_of_1 = vc_simplify(vc, a_of_1); //vc_printExpr(vc, a_of_1); Expr ce = vc_getCounterExample(vc, a_of_1); unsigned long long v = getBVUnsigned(ce); fprintf(stderr, "a[1] = %llu\n", v); vc_Destroy(vc); // FIXME: we should test more things! }
// XXX // Expr * vc_getCounterExample(VC vc, int *size) value caml_vc_getCounterExample(value vc) { CAMLparam1(vc); CAMLlocal2(tmp,result); Expr *e; int i, size; e = vc_getCounterExample(VC_val(vc), &size); if( !e ) CAMLreturn(Val_int(0)); // empty list result = Val_int(0); for( i = 0; i < size; i++ ) { tmp = caml_alloc(2, 0); Store_field(tmp, 0, alloc_Expr(e[i])); Store_field(tmp, 1, result); result = tmp; } free(e); CAMLreturn(result); }
void test1() { Flags flags = vc_createFlags(); VC vc; Type b; Expr p, np, e; Type r, real2real; Expr x, y, fx, fy, xeqy, fxeqfy, w, z, weqx, yeqz, one, two, xeqone, xeqtwo, simp, simp2; Op f; Expr* assertions; int i, size, res; Kind k; vc_setStringFlag(flags, "dump-log", ".testc1.cvc"); vc_setStrSeqFlag(flags, "trace", "pushpop", 1); vc = vc_createValidityChecker(flags); // Check p OR ~p b = vc_boolType(vc); p = vc_varExpr(vc, "p", vc_boolType(vc)); np = vc_notExpr(vc, p); e = vc_orExpr(vc, p, np); res = check(vc, e); FatalAssert(res == 1, "Expected Valid"); FatalAssert(vc_getKind(e) == OR, "Expected TRUE for kind check"); FatalAssert(vc_getKind(vc_getType(vc, e)) == BOOLEAN, "Expected TRUE for type kind check"); vc_deleteType(b); vc_deleteExpr(p); vc_deleteExpr(np); vc_deleteExpr(e); /* Check x = y -> f(x) = f(y) */ r = vc_realType(vc); x = vc_varExpr(vc, "x", r); y = vc_varExpr(vc, "y", r); real2real = vc_funType1(vc, r, r); f = vc_createOp(vc, "f", real2real); fx = vc_funExpr1(vc, f, x); fy = vc_funExpr1(vc, f, y); xeqy = vc_eqExpr(vc, x, y); fxeqfy = vc_eqExpr(vc, fx, fy); e = vc_impliesExpr(vc, xeqy, fxeqfy); res = check(vc, e); FatalAssert(res == 1, "Expected Valid"); vc_deleteType(real2real); vc_deleteExpr(e); // Check f(x) = f(y) -> x = y e = vc_impliesExpr(vc, fxeqfy, xeqy); vc_push(vc); res = check(vc, e); FatalAssert(res == 0, "Expected Invalid"); vc_deleteExpr(e); // Get counter-example printf("Stack level: %d\n", vc_stackLevel(vc)); printf("Counter-example:\n"); assertions = vc_getCounterExample(vc, &size); for (i = 0; i < size; ++i) { vc_printExpr(vc, assertions[i]); } vc_deleteVector(assertions); printf("End of counter-example\n\n"); printf("Concrete model:\n"); assertions = vc_getConcreteModel(vc, &size); for (i = 0; i < size; ++i) { vc_printExpr(vc, assertions[i]); } vc_deleteVector(assertions); printf("End of concrete model\n\n"); // Reset to initial scope printf("Resetting\n"); vc_pop(vc); printf("Stack level: %d\n\n", vc_stackLevel(vc)); // Check w = x & x = y & y = z & f(x) = f(y) & x = 1 & z = 2 w = vc_varExpr(vc, "w", r); z = vc_varExpr(vc, "z", r); printf("Push Scope\n\n"); vc_push(vc); weqx = vc_eqExpr(vc, w, x); yeqz = vc_eqExpr(vc, y, z); one = vc_ratExpr(vc, 1, 1); two = vc_ratExpr(vc, 2, 1); xeqone = vc_eqExpr(vc, x, one); xeqtwo = vc_eqExpr(vc, x, two); newAssertion(vc, weqx); newAssertion(vc, xeqy); newAssertion(vc, yeqz); newAssertion(vc, fxeqfy); newAssertion(vc, xeqone); newAssertion(vc, xeqtwo); printf("\nsimplify(w) = "); simp = vc_simplify(vc, w); char* str = vc_printExprString(vc, simp); printf("%s\n", str); vc_deleteString(str); printf("Inconsistent?: %d\n", vc_inconsistent(vc, &assertions, &size)); check_error("Error occured during inconsistency check"); printf("Assumptions Used:\n"); for (i = 0; i < size; ++i) { vc_printExpr(vc, assertions[i]); } vc_deleteVector(assertions); printf("\nPop Scope\n\n"); vc_pop(vc); printf("simplify(w) = "); simp2 = vc_simplify(vc, w); vc_printExpr(vc, simp2); printf("\n"); printf("Inconsistent?: %d\n", vc_inconsistent(vc, &assertions, &size)); vc_deleteVector(assertions); vc_deleteType(r); vc_deleteExpr(x); vc_deleteExpr(y); vc_deleteOp(f); vc_deleteExpr(fx); vc_deleteExpr(fy); vc_deleteExpr(xeqy); vc_deleteExpr(fxeqfy); vc_deleteExpr(w); vc_deleteExpr(z); vc_deleteExpr(weqx); vc_deleteExpr(yeqz); vc_deleteExpr(one); vc_deleteExpr(two); vc_deleteExpr(xeqone); vc_deleteExpr(xeqtwo); vc_deleteExpr(simp); vc_deleteExpr(simp2); vc_destroyValidityChecker(vc); vc_deleteFlags(flags); }
static SolverImpl::SolverRunStatus runAndGetCexForked(::VC vc, STPBuilder *builder, ::VCExpr q, const std::vector<const Array *> &objects, std::vector<std::vector<unsigned char> > &values, bool &hasSolution, double timeout) { unsigned char *pos = shared_memory_ptr; unsigned sum = 0; for (std::vector<const Array *>::const_iterator it = objects.begin(), ie = objects.end(); it != ie; ++it) sum += (*it)->size; if (sum >= shared_memory_size) llvm::report_fatal_error("not enough shared memory for counterexample"); fflush(stdout); fflush(stderr); int pid = fork(); if (pid == -1) { klee_warning("fork failed (for STP)"); if (!IgnoreSolverFailures) exit(1); return SolverImpl::SOLVER_RUN_STATUS_FORK_FAILED; } if (pid == 0) { if (timeout) { ::alarm(0); /* Turn off alarm so we can safely set signal handler */ ::signal(SIGALRM, stpTimeoutHandler); ::alarm(std::max(1, (int)timeout)); } unsigned res = vc_query(vc, q); if (!res) { for (std::vector<const Array *>::const_iterator it = objects.begin(), ie = objects.end(); it != ie; ++it) { const Array *array = *it; for (unsigned offset = 0; offset < array->size; offset++) { ExprHandle counter = vc_getCounterExample(vc, builder->getInitialRead(array, offset)); *pos++ = getBVUnsigned(counter); } } } _exit(res); } else { int status; pid_t res; do { res = waitpid(pid, &status, 0); } while (res < 0 && errno == EINTR); if (res < 0) { klee_warning("waitpid() for STP failed"); if (!IgnoreSolverFailures) exit(1); return SolverImpl::SOLVER_RUN_STATUS_WAITPID_FAILED; } // From timed_run.py: It appears that linux at least will on // "occasion" return a status when the process was terminated by a // signal, so test signal first. if (WIFSIGNALED(status) || !WIFEXITED(status)) { klee_warning("STP did not return successfully. Most likely you forgot " "to run 'ulimit -s unlimited'"); if (!IgnoreSolverFailures) { exit(1); } return SolverImpl::SOLVER_RUN_STATUS_INTERRUPTED; } int exitcode = WEXITSTATUS(status); if (exitcode == 0) { hasSolution = true; } else if (exitcode == 1) { hasSolution = false; } else if (exitcode == 52) { klee_warning("STP timed out"); // mark that a timeout occurred return SolverImpl::SOLVER_RUN_STATUS_TIMEOUT; } else { klee_warning("STP did not return a recognized code"); if (!IgnoreSolverFailures) exit(1); return SolverImpl::SOLVER_RUN_STATUS_UNEXPECTED_EXIT_CODE; } if (hasSolution) { values = std::vector<std::vector<unsigned char> >(objects.size()); unsigned i = 0; for (std::vector<const Array *>::const_iterator it = objects.begin(), ie = objects.end(); it != ie; ++it) { const Array *array = *it; std::vector<unsigned char> &data = values[i++]; data.insert(data.begin(), pos, pos + array->size); pos += array->size; } } if (true == hasSolution) { return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_SOLVABLE; } else { return SolverImpl::SOLVER_RUN_STATUS_SUCCESS_UNSOLVABLE; } } }