diff options
| author | Cristian Cadar <c.cadar@imperial.ac.uk> | 2022-06-25 21:02:58 +0100 |
|---|---|---|
| committer | MartinNowack <2443641+MartinNowack@users.noreply.github.com> | 2022-09-26 09:42:07 +0100 |
| commit | 667ce0f1ef33c32fbe2d1836fc1b334066e244ca (patch) | |
| tree | bc338c8c00a2adc7577366eba9cecdc7ee5b3e82 | |
| parent | 21146a3653cdb29790a9d0f557f0f1651befbe9e (diff) | |
| download | klee-667ce0f1ef33c32fbe2d1836fc1b334066e244ca.tar.gz | |
Improve the message for when large arrays become symbolic. Only print this warning once per array. Add test case.
| -rw-r--r-- | lib/Core/Memory.cpp | 32 | ||||
| -rw-r--r-- | test/Feature/LargeArrayBecomesSym.c | 33 |
2 files changed, 53 insertions, 12 deletions
diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp index f2f679ad..efc23612 100644 --- a/lib/Core/Memory.cpp +++ b/lib/Core/Memory.cpp @@ -375,19 +375,23 @@ ref<Expr> ObjectState::read8(unsigned offset) const { } ref<Expr> ObjectState::read8(ref<Expr> offset) const { - assert(!isa<ConstantExpr>(offset) && "constant offset passed to symbolic read8"); + assert(!isa<ConstantExpr>(offset) && + "constant offset passed to symbolic read8"); unsigned base, size; fastRangeCheckOffset(offset, &base, &size); flushRangeForRead(base, size); - if (size>4096) { + if (size > 4096) { std::string allocInfo; object->getAllocInfo(allocInfo); - klee_warning_once(0, "flushing %d bytes on read, may be slow and/or crash: %s", - size, - allocInfo.c_str()); + klee_warning_once( + nullptr, + "Symbolic memory access will send the following array of %d bytes to " + "the constraint solver -- large symbolic arrays may cause significant " + "performance issues: %s", + size, allocInfo.c_str()); } - + return ReadExpr::create(getUpdates(), ZExtExpr::create(offset, Expr::Int32)); } @@ -413,19 +417,23 @@ void ObjectState::write8(unsigned offset, ref<Expr> value) { } void ObjectState::write8(ref<Expr> offset, ref<Expr> value) { - assert(!isa<ConstantExpr>(offset) && "constant offset passed to symbolic write8"); + assert(!isa<ConstantExpr>(offset) && + "constant offset passed to symbolic write8"); unsigned base, size; fastRangeCheckOffset(offset, &base, &size); flushRangeForWrite(base, size); - if (size>4096) { + if (size > 4096) { std::string allocInfo; object->getAllocInfo(allocInfo); - klee_warning_once(0, "flushing %d bytes on read, may be slow and/or crash: %s", - size, - allocInfo.c_str()); + klee_warning_once( + nullptr, + "Symbolic memory access will send the following array of %d bytes to " + "the constraint solver -- large symbolic arrays may cause significant " + "performance issues: %s", + size, allocInfo.c_str()); } - + updates.extend(ZExtExpr::create(offset, Expr::Int32), value); } diff --git a/test/Feature/LargeArrayBecomesSym.c b/test/Feature/LargeArrayBecomesSym.c new file mode 100644 index 00000000..a875e99e --- /dev/null +++ b/test/Feature/LargeArrayBecomesSym.c @@ -0,0 +1,33 @@ +/* This test checks that KLEE emits a warning when a large (> 4096) + concrete array becomes symbolic. */ + +// RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc +// RUN: rm -rf %t.klee-out +/* The solver timeout is needed as some solvers, such as metaSMT+CVC4, time out here. */ +// RUN: %klee --max-solver-time=2 --output-dir=%t.klee-out %t1.bc 2>&1 | FileCheck %s + +#include "klee/klee.h" + +#include <assert.h> +#include <stdio.h> + +#define N 4100 + +int main() { + char a[N] = { + 1, + 2, + }; + + unsigned k; + klee_make_symbolic(&k, sizeof(k), "k"); + klee_assume(k < N); + a[k] = 3; + // CHECK: KLEE: WARNING ONCE: Symbolic memory access will send the following array of 4100 bytes to the constraint solver + + unsigned i; + klee_make_symbolic(&i, sizeof(i), "i"); + klee_assume(i < N); + if (a[i] == 2) + assert(i == 1); +} |