about summary refs log tree commit diff homepage
AgeCommit message (Collapse)Author
2015-04-02Fixed some doxygen issues.Cristian Cadar
2015-04-02Removed unused fakeState field from ExecutionStateCristian Cadar
2015-04-02Pass over the comments in ExecutionState.hCristian Cadar
2015-04-02Removed underConstrained field, which I believe was re-introduced byCristian Cadar
mistake in the last cleanup commit.
2015-04-02[Core] Documentation and cleanupMartin Nowack
* Removed unused member ShadowObjects in ExecutionState * Added documentation of members and reorder according to categories
2015-04-01Added the function IndependentSolver::createdPointEvaluatesToTrueEric Rizzi
This function should be used solely in assertion statements and is intended as a sanity check to make sure that the solution constructed by IndependentSolver::getInitialValues() produces and answer that in fact satisfies the the query.
2015-04-01Commit of improved IndependentSolver::getIniitalValues().Eric Rizzi
Previous implementation simply passed the entire constraint forward without any factoring of the constraint at all. This is a problem since it is highly likely that there are cached solutions to pieces of the constraint. The new implementation breaks the entire constraint down into its requisite factors and passes each piece forward, one by one, down the solver chain. After an answer is returned, it is integrated into a larger solution. Since, by definition, no factor can affect another, we can safely create a solution to the larger constraint from the answers of its smaller pieces. The reconstruction of the solution is done by analyzing which parts of an array a factor touches. If the factor is the only one to reference a particular array, then all of the values calculated in the solution for that array are included in the final answer. If the factor references a particular element of the array (for example, arr[1]), then only the value in index 1 of array arr will be included in the solution.
2015-04-01Added the ability to solve for all factors in a particular query.Eric Rizzi
This functionality is necessary in order to more effectively handle calls to IndependentSolver::getInitialValues. An incoming query will be broken down into its smaller parts, and each piece will be solved for. At the end, the pieces will be recombined into a larger solution. The IndependentElementSet::getAllFactors() method takes a query and breaks it down into all of it's non-interacting factors. The IndependentElementSet::calculateArrays() method calculates which arrays are involved in a particular factor.
2015-04-01[include] Add missing functions in klee.hMartin Nowack
2015-04-01[runtime] Fix include in klee_intMartin Nowack
2015-04-01[test] Fix compilation warningMartin Nowack
Use correct definition and declaration of main function
2015-04-01[Core] Fixed typo in assertionMartin Nowack
2015-04-01[runtime] Fix comments to c style for c files and headersMartin Nowack
2015-04-01[tests] Fix undefined functionMartin Nowack
Add some missing header to silence compiler warnings
2015-04-01[tools] Added fortified version wrapper for fprintfMartin Nowack
2015-04-01[include] Added documentationMartin Nowack
2015-04-01[include] Removed unused variableMartin Nowack
2015-03-22Fix compilation under MacOS, see https://github.com/klee/klee/issues/219 for ↵Cristian Cadar
details.
2015-03-20Improve arithmetic-right-overshift-sym-conc.c test by make sure itDan Liew
also test a negative constant as the lhs.
2015-03-20[Solver] Fix leak intermediate expression not freedMartin Nowack
2015-03-20[Core] Fix memory leak in assembler raisingMartin Nowack
2015-03-13Timestamp improvements.Emil Rakadjiev
Replaced inefficient llvm::sys::Process::GetTimeUsage() with TimeValue::now(), because in many cases only the wall clock time is needed, not the user and sys times (which are significantly more expensive to get). Updated TimingSolver and WallTimer accordingly.
2015-03-12Merge pull request #212 from MartinNowack/killing_states_warningCristian Cadar
[Core] Always warn if states get deleted due to memory limits
2015-03-12[Core] Always warn if states get deleted due to memory limitsMartin Nowack
2015-03-12Add klee-clang as alternative to klee-gccMartin Nowack
2015-03-10Altered DenseSet and IndependentElementSet to record ref<Expr> involvedEric Rizzi
This is important for future changes to IndependentSolver:: getInitialValues() so that an incoming constraint can be broken down into its smallest possible parts. Each of these individual parts may then be solved for and then the solutions to each piece combined to create a final answer. Finally, several fields which had previously been private are now public to facilitate the smaller solutions being combined into a larger solution.
2015-03-03Consistent capitalization of "KLEE"Cristian Cadar
2015-03-03Slight updates in license file, acknowledging more recent contributions.Cristian Cadar
2015-03-02New regression test checking that the Array factory correctly distinguishes ↵Cristian Cadar
between arrays created at the same location but with different sizes
2015-03-02Merge branch 'holycrap872-ArrayFactory'Cristian Cadar
2015-02-27Improved some comments and fixed some formatting issues in the Array factory ↵Cristian Cadar
patch.
2015-02-27Merge branch 'ArrayFactory' of https://github.com/holycrap872/klee into ↵Cristian Cadar
holycrap872-ArrayFactory
2015-02-22Added factory method for Arrays + hid constructors from outside callsEric Rizzi
The way that Arrays were handled in the past led to the possibility of aliasing issues. This occured whenever a new branch discovered an array for the first time. Each branch would create a new instance of the same array without seeing if it had been created before. Therefore, should a new branch encounter the same state as some previous branch, the previous branch's solution wouldn't satisfy the new state since they didn't recognize they were referencing the same array. By creating an array factory that creates a single symbolic array, that problem is handled. Note: Concrete arrays should not be created by the factory method since their values are never shared between branches. The factory works by seeing if an array with a similar hash has been created before (the hash is based on the name and size of array). If there has been it then searches through all of the arrays with the same hash (stored in a vector) to see if there is one with an exact match. If there is one, the address of this previously created equivalent array is returned. Otherwise, the newly created array is unique, it is added to the map, and it's address is returned. This aliasing issue can be seen by comparing the output of the Dogfood/ImmutableSet.cpp test cases with and with out this commit. Both act correctly, but the number of queries making it to the solver in the previous version is much greater 244 vs 211. This is because the UBTree in the CexCachingSolver and the cache in the CachingSolver do not recognize queries whose solutions were previously calculated because it doesn't think the arrays in the two queries are the same. While this does not cause an error, it does mean that extra calls are made.
2015-02-19Teach ExprSMTLIBPrinter to use SMTLIBv2's distinct function ratherDan Liew
than writing "(not (= a b))". This makes the code simpler and queries slightly simpler.
2015-02-13Fixed and refactored overflow test cases.Cristian Cadar
2015-02-13refactor integer overflow detection, add signed intLuca Dariz
Instead of checking for every possible casse which result in overflow, it is much simpler to perform the operation using integers with bigger dimension and check if the result overflow
2015-02-13Fix overflow detection in unsigned multiplicationLuca Dariz
Previously the check was done as unsigned int a, b, c; c = a * b; if (c < a) // error but it is wrong, since it catches only a subset of all the possible overflows. This patch improves the check as unsigned int a, b, c; if ((a > 1) && (b > 1){ if ((UINT_MAX/a) < b) // error } An additional case has been added to the tests, with two 32-bit values that cause overflow and are not detected by the old check. It is also necessary to break the lowering procedure in case the current BasicBlock is splitted; in this case it was necessary in order not to trigger the division by 0 error.
2015-02-13add tests for unsigned integer overflowLuca Dariz
2015-02-13Detect overflow of unsigned add, sub and mul operationsLuca Dariz
This requires clang with -fsanitize=unsigned-integer-overflow tested with clang and llvm 3.4.2
2015-02-13Revert "Merged @luckyluke's change for detecting overflow of unsigned add, sub"Cristian Cadar
Will redo the merge to preserve original commits. This reverts commit a743d7072d9ccf11f96e3df45f25ad07da6ad9d6.
2015-02-10Merged @luckyluke's change for detecting overflow of unsigned add, subCristian Cadar
and mul operations. Refactored tests into two main cases, and disabled them on LLVM 2.9, which does not support -fsanitized=*signed-integer-overflow.
2014-12-19Merge pull request #168 from willemp/fix-va-args-passing-for-big-typesCristian Cadar
Fix va args passing for big types
2014-12-19Moved some of @ddunbar's notes from llvm.org/bugs into TODO.txtCristian Cadar
2014-12-18Merge pull request #178 from mchalupa/masterCristian Cadar
klee: let user override path to runtime library
2014-12-13Add a few line breaks to make the code more readable inDan Liew
ExprSMTLIBPrinter
2014-12-13Clean up some ExprSMTLIBPrinter code by using llvm_unreachableDan Liew
2014-12-13Clean up a few comments in ExprSMTLIBPrinterDan Liew
2014-12-12Print nested let-abbreviations in ExprSMTLIBPrinterRaimondas Sasnauskas
This patch introduces nested let-abbreviations in the ExprSMTLIBPrinter to reduce the size of the SMTLIBv2 queries and the corresponding processing time (bugfix for #170). The current implementation of the let abbreviation mode does not consider expression intra-dependencies and prints all abbreviations in the same let scope. For a (simplified) example, it prints (assert (let ( (?B1 (A + B)) (?B2 (A + B + C)) ) (= ?B1 ?B2) ) ). This is extremely inefficient if the expressions (and there many of these!) extensively reuse their subexpressions. Therefore, it's better to print the query with nested let-expressions by reusing existing expression bindings in the new let scope: (assert (let ( (?B1 (A + B)) ) (let ( (?B2 (?B1 + C)) ) (= ?B1 ?B2) ) ) ). This patch adds a new function ExprSMTLIBPrinter::scanBindingExprDeps() that scans bindings for expression dependencies. The result is a vector of new bindings (orderedBindings) that represents the expression dependency tree. When printing in the let-abbreviation mode, the new code starts with abbreviating expressions that have no dependencies and then gradually makes these new bindings available in the upcoming let-scopes where expressions with dependencies reuse them. The effect of nested let-abbreviations is comparable to :named abbreviations. However, the latter mode is not supported by the majority of the solvers.
2014-12-09Merge pull request #186 from paulmar/fixshiftCristian Cadar
Fix overshift check
2014-12-08Merge pull request #183 from hpalikareva/fix-overshift-metasmtCristian Cadar
Handling overshift behaviour in MetaSMTBuilder