diff options
| author | Cristian Cadar <c.cadar@imperial.ac.uk> | 2023-10-20 16:58:26 +0100 |
|---|---|---|
| committer | MartinNowack <2443641+MartinNowack@users.noreply.github.com> | 2024-01-30 17:30:11 +0000 |
| commit | cbf10dbdd7345434e0ec74526ec3ca3d0391797a (patch) | |
| tree | d3fe2ecf35d427d477159b14591f36bae6908c3e /lib/Core | |
| parent | 72b6207d49ce204b13dc2017033211f1b2cbd935 (diff) | |
| download | klee-cbf10dbdd7345434e0ec74526ec3ca3d0391797a.tar.gz | |
Concretize constants using seed values, when available. Added two tests (w/ and w/o seed extension) based on FP concretization.
Diffstat (limited to 'lib/Core')
| -rw-r--r-- | lib/Core/Executor.cpp | 34 | ||||
| -rw-r--r-- | lib/Core/Executor.h | 7 |
2 files changed, 32 insertions, 9 deletions
diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index 7fe20bb8..e4fba39b 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -1329,16 +1329,21 @@ Executor::toConstant(ExecutionState &state, if (ConstantExpr *CE = dyn_cast<ConstantExpr>(e)) return CE; - ref<ConstantExpr> value; - bool success = - solver->getValue(state.constraints, e, value, state.queryMetaData); - assert(success && "FIXME: Unhandled solver failure"); - (void) success; + ref<Expr> value; + if (auto found = seedMap.find(&state); found != seedMap.end()) + value = getValueFromSeeds(found->second, e); + /* If no seed evaluation results in a constant, call the solver */ + ref<ConstantExpr> cvalue = llvm::dyn_cast_or_null<ConstantExpr>(value); + if (!cvalue) { + [[maybe_unused]] bool success = + solver->getValue(state.constraints, e, cvalue, state.queryMetaData); + assert(success && "FIXME: Unhandled solver failure"); + } std::string str; llvm::raw_string_ostream os(str); os << "silently concretizing (reason: " << reason << ") expression " << e - << " to value " << value << " (" << (*(state.pc)).info->file << ":" + << " to value " << cvalue << " (" << (*(state.pc)).info->file << ":" << (*(state.pc)).info->line << ")"; if (ExternalCallWarnings == ExtCallWarnings::All) @@ -1346,9 +1351,20 @@ Executor::toConstant(ExecutionState &state, else klee_warning_once(reason, "%s", os.str().c_str()); - addConstraint(state, EqExpr::create(e, value)); - - return value; + addConstraint(state, EqExpr::create(e, cvalue)); + + return cvalue; +} + +ref<klee::Expr> +Executor::getValueFromSeeds(std::vector<SeedInfo> &seeds, ref<Expr> e) { + assert(!seeds.empty()); + for (auto seed:seeds) { + auto value = seed.assignment.evaluate(e); + if (isa<ConstantExpr>(value)) + return value; + } + return nullptr; } void Executor::executeGetValue(ExecutionState &state, diff --git a/lib/Core/Executor.h b/lib/Core/Executor.h index f7f84101..bf773fa5 100644 --- a/lib/Core/Executor.h +++ b/lib/Core/Executor.h @@ -396,6 +396,13 @@ private: ref<klee::ConstantExpr> toConstant(ExecutionState &state, ref<Expr> e, const char *purpose); + /// Evaluate the given expression under each seed, and return the + /// first one that results in a constant, if such a seed exist. Otherwise, + /// return the non-constant evaluation of the expression under one of the + /// seeds. + ref<klee::Expr> getValueFromSeeds(std::vector<SeedInfo> &seeds, + ref<Expr> e); + /// Bind a constant value for e to the given target. NOTE: This /// function may fork state if the state has multiple seeds. void executeGetValue(ExecutionState &state, ref<Expr> e, KInstruction *target); |