Add support for concretizing symbolic objects passed to external functions

author: Timotej Kapus <timotej.kapus13@imperial.ac.uk> 2017-12-13 17:37:16 +0000
committer: Cristian Cadar <c.cadar@imperial.ac.uk> 2018-05-17 15:38:14 +0100
commit: 8bec949fc84d8fe8dacbf38ff123b404f1eb4737 (patch)
tree: 2d703f77babe6ff009574049e9d01757453a4ed1 /lib/Core/Memory.cpp
parent: 8fe14b1041f39b61cdb43c32840f3d2cb97cc110 (diff)
download: klee-8bec949fc84d8fe8dacbf38ff123b404f1eb4737.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp
index cd13eada..5c855fb8 100644
--- a/lib/Core/Memory.cpp
+++ b/lib/Core/Memory.cpp
@@ -229,6 +229,22 @@ const UpdateList &ObjectState::getUpdates() const {
   return updates;
 }
 
+void ObjectState::flushToConcreteStore(TimingSolver *solver,
+                                       const ExecutionState &state) const {
+  for (unsigned i = 0; i < size; i++) {
+    if (isByteKnownSymbolic(i)) {
+      ref<ConstantExpr> ce;
+      bool success = solver->getValue(state, read8(i), ce);
+      if (!success)
+        klee_warning("Solver timed out when getting a value for external call, "
+                     "byte %p+%u will have random value",
+                     (void *)object->address, i);
+      else
+        ce->toMemory(concreteStore + i);
+    }
+  }
+}
+
 void ObjectState::makeConcrete() {
   delete concreteMask;
   delete flushMask;
author	Timotej Kapus <timotej.kapus13@imperial.ac.uk>	2017-12-13 17:37:16 +0000
committer	Cristian Cadar <c.cadar@imperial.ac.uk>	2018-05-17 15:38:14 +0100
commit	8bec949fc84d8fe8dacbf38ff123b404f1eb4737 (patch)
tree	2d703f77babe6ff009574049e9d01757453a4ed1 /lib/Core/Memory.cpp
parent	8fe14b1041f39b61cdb43c32840f3d2cb97cc110 (diff)
download	klee-8bec949fc84d8fe8dacbf38ff123b404f1eb4737.tar.gz