diff options
| author | Martin Nowack <m.nowack@imperial.ac.uk> | 2024-02-27 15:59:00 +0000 |
|---|---|---|
| committer | Cristian Cadar <c.cadar@imperial.ac.uk> | 2024-02-29 19:57:08 +0000 |
| commit | 46b4c4885c0162893835081e2d9d731ca7a8341c (patch) | |
| tree | c570eb475de1b669b23be0fd43ab30d827e58d2e /lib | |
| parent | 8750da62ccb9772a121126d5fffd393690c95758 (diff) | |
| download | klee-46b4c4885c0162893835081e2d9d731ca7a8341c.tar.gz | |
Refactor `ObjectState::flushToConcreteStore` to use `toConstant`
Use existing `Executor::toConstant()` function to transform a symbolic byte of an `ObjectState` to its concrete representation. This will also add constraints if required.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Core/Executor.h | 1 | ||||
| -rw-r--r-- | lib/Core/Memory.cpp | 23 | ||||
| -rw-r--r-- | lib/Core/Memory.h | 16 |
3 files changed, 21 insertions, 19 deletions
diff --git a/lib/Core/Executor.h b/lib/Core/Executor.h index 7be056a1..465751f6 100644 --- a/lib/Core/Executor.h +++ b/lib/Core/Executor.h @@ -94,6 +94,7 @@ class Executor : public Interpreter { friend class SpecialFunctionHandler; friend class StatsTracker; friend class MergeHandler; + friend class ObjectState; friend klee::Searcher *klee::constructUserSearcher(Executor &executor); public: diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp index 0c9394bd..d77270f2 100644 --- a/lib/Core/Memory.cpp +++ b/lib/Core/Memory.cpp @@ -11,6 +11,7 @@ #include "Context.h" #include "ExecutionState.h" +#include "Executor.h" #include "MemoryManager.h" #include "klee/ADT/BitArray.h" @@ -196,20 +197,16 @@ const UpdateList &ObjectState::getUpdates() const { return updates; } -void ObjectState::flushToConcreteStore(TimingSolver *solver, - const ExecutionState &state) const { +void ObjectState::flushToConcreteStore(Executor &executor, + ExecutionState &state, bool concretize) { for (unsigned i = 0; i < size; i++) { - if (!isByteConcrete(i)) { - ref<ConstantExpr> ce; - bool success = solver->getValue(state.constraints, read8(i), ce, - state.queryMetaData); - if (!success) - klee_warning("Solver timed out when getting a value for external call, " - "byte %p+%u will have random value", - (void *)object->address, i); - else - ce->toMemory(concreteStore + i); - } + if (isByteConcrete(i)) + continue; + // Get a concrete value for the symbolic byte and write it to the memory + // object + ref<ConstantExpr> ce = + executor.toConstant(state, read8(i), "external call", concretize); + ce->toMemory(concreteStore + i); } } diff --git a/lib/Core/Memory.h b/lib/Core/Memory.h index 9a936746..3b365c20 100644 --- a/lib/Core/Memory.h +++ b/lib/Core/Memory.h @@ -29,6 +29,7 @@ namespace klee { class ArrayCache; class BitArray; class ExecutionState; +class Executor; class MemoryManager; class Solver; @@ -233,12 +234,15 @@ public: void write64(unsigned offset, uint64_t value); void print() const; - /* - Looks at all the symbolic bytes of this object, gets a value for them - from the solver and puts them in the concreteStore. - */ - void flushToConcreteStore(TimingSolver *solver, - const ExecutionState &state) const; + /// Generate concrete values for each symbolic byte of the object and put them + /// in the concrete store. + /// + /// \param executor + /// \param state + /// \param concretize if true, constraints for concretised bytes are added if + /// necessary + void flushToConcreteStore(Executor &executor, ExecutionState &state, + bool concretize); private: const UpdateList &getUpdates() const; |