about summary refs log tree commit diff homepage
path: root/lib/Expr
AgeCommit message (Collapse)Author
2019-03-13Consistently use "default=true" and "default=false" instead of "default=on" ↵Cristian Cadar
and "default=off" in --help
2019-03-13Added options in ArrayExprOptimizer.cpp to the constraint solving categoryCristian Cadar
2019-03-13Reordered includes in ArrayExprOptimizer.cpp for consistency with the other ↵Cristian Cadar
files
2018-10-26llvm5: APInt->getSignBit -> getSignMaskJiri Slaby
This was renamed in LLVM commit 54f0462d2b7f, so handle the rename. Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2018-10-26llvm5: integerPartWidth is from llvm::APFloatBaseJiri Slaby
Otherwise we see: ../lib/Expr/Expr.cpp:331:14: error: no member named 'integerPartWidth' in namespace 'llvm'; did you mean 'llvm::APFloatBase::integerPartWidth'? Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2018-10-23Updated an include to reflect a recent filename changeCristian Cadar
2018-10-23Move unrelated function from ReadExpr classMartin Nowack
2018-10-23Avoid unsafe static downcastsMartin Nowack
2018-10-23Modernize codeMartin Nowack
* use `using` instead of typdef * use `collection.empty()` instead of size * use `auto` if clear * use `emplace_back` where useful * use `nullptr` instead of NULL * use `override` if applicable * use `explicit` for constructor to avoid implicit conversion
2018-10-23Move optimization specific headers away from the project include directoryMartin Nowack
Don't pollute the project include directory with optimization specific headers.
2018-10-23Clean-up headersMartin Nowack
Remove unneeded headers from include files
2018-10-23Remove condition check before function invocationMartin Nowack
Conditions are checked inside of `optimizeExpr()` anyway. This simplifies the code a lot.
2018-10-23Move ConstantExpr check inside optimizeExpr functionMartin Nowack
2018-10-23optimizeExpr: return the result as return value instead as function argumentMartin Nowack
simplifies code a lot.
2018-10-23Fixed compilation of array optimization patch with LLVM >= 4.0Cristian Cadar
2018-10-23Added missing headers and clang-format the filesCristian Cadar
2018-10-23Added support for KLEE value-based array optimizationAndrea Mattavelli
2018-10-23Added support for KLEE index-based array optimizationAndrea Mattavelli
2018-06-29Fix the final -Wimplicit-fallthrough warningDaniel Schemmel
2018-06-29Make ConstantExpr hashing function faster and modify affected testTimotej Kapus
2018-05-24isLSB should be a boolean, as it is only used in truth contextsDaniel Schemmel
2018-05-09Improve handling of constant array in Z3Timotej Kapus
2017-10-04Remove Autoconf/Makefile build system and adjust the TravisCIDan Liew
configuration, TravisCI scripts and Dockerfile build appropriately. There are a bunch of clean ups this enables but this commit doesn't attempt them. We can do that in future commits.
2017-08-27Remove unnecessary null pointer checksOscar Deits
Fixes klee/klee#717 delete on null pointer is always safe.
2017-07-23Remove support for LLVM < 3.4Martin Nowack
Request LLVM 3.4 as minimal requirement for KLEE
2017-06-12llvm: don't use clEnumValEnd for LLVM 4.0Jiri Slaby
It became unnecessary when defining options and mainly undefined. So introduce KLEE_LLVM_CL_VAL_END as suggested by @delcypher. Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-03-23Add `AssignmentValidatingSolver`. It's purpose is to check any computedDan Liew
assignments against the corresponding `Query` object and check the assignment evaluates correctly. This can be switched on using `-debug-assignment-validating-solver` on the command line.
2017-02-14ReadExpr::create() was missing an opportunity to constant fold when handling ↵Dan Liew
constant arrays.
2016-11-28Clean up `Expr::compare()` interface byDan Liew
* Making `Expr::compre(const Expr&, ExprEquivSet)` private and moving its implementation into `Expr.cpp`. * Document `Expr::compare(const Expr&)`. This partially addresses #515 .
2016-11-18[CMake] Remove use of tabs in `CMakeLists.txt` files.Dan Liew
2016-11-18[CMake] Re-express LLVM and KLEE library dependencies asDan Liew
transitive dependencies on KLEE's libraries rather than on the final binaries. This is better because it means we can build other tools that use KLEE's libraries and not need to express the needed LLVM dependencies. It also makes it clearer what the dependencies are between KLEE libraries. This has illustrated a problem with the `kleeBasic` library. It contains `ConstructSolverChain.cpp` which clearly belongs in `kleaverSolver` not in `kleeBasic`. This will be fixed later.
2016-11-07Implement a CMake based build system for KLEE.Dan Liew
This is based off intial work by @jirislaby in #481. However it has been substantially modified. Notably it includes a separate build sytem to build the runtimes which is inspired by the old build system. The reason for doing this is because CMake is not well suited for building the runtime: * CMake is configured to use the host compiler, not the bitcode compiler. These are not the same thing. * Building the runtime using `add_custom_command()` is flawed because we can't automatically get transitive depencies (i.e. header file dependencies) unless the CMake generator is makefiles. (See `IMPLICIT_DEPENDS` of `add_custom_command()` in CMake). So for now we have a very simple build system for building the runtimes. In the future we can replace this with something more sophisticated if we need it. Support for all features of the old build system are implemented apart from recording the git revision and showing it in the output of `klee --help`. Another notable change is the CMake build system works much better with LLVM installs which don't ship with testing tools. The build system will download the sources for `FileCheck` and `not` tools if the corresponding binaries aren't available and will build them. However `lit` (availabe via `pip install lit`) and GTest must already be installed. Apart from better support for testing a significant advantage of the new CMake build system compared to the existing "Autoconf/Makefile" build system is that it is **not** coupled to LLVM's build system (unlike the existing build system). This means that LLVM's autoconf/Makefiles don't need to be installed somewhere on the system. Currently all tests pass. Support has been implemented in TravisCI and the Dockerfile for building with CMake. The existing "Autoconf/Makefile" build system has been left intact and so both build systems can coexist for a short while. We should remove the old build system as soon as possible though because it creates an unnecessary maintance burden.
2016-09-29Fix bug in `AssignmentEvaluator` where NotOptimizedExpr would not (#466)Dan Liew
* Add unittest to check that the `Assignment` class can evaluate expressions containing a `NotOptimizedExpr`. * Fix the `AssignmentTest.FoldNotOptimized` unit test by teaching the `ExprEvaluator` to fold `NotOptimizedExpr` nodes.
2016-05-24Fixed bug #375 in Kleaver's parserAndrea Mattavelli
2016-03-22ExprPPrinter: Print out arrays deterministicallyMartin Nowack
The address of KLEE-internal data structures should not influence the order arrays are printed out. Order arrays by name.
2016-02-23When calling ``Assignment::dump()`` if there are no bindings emitDan Liew
a message stating this.
2016-02-23Move ``Assignment::dump()`` into its own implementation file soDan Liew
that it's possible to call it from gdb.
2016-02-22Remove stray STP function declaration.Dan Liew
2016-02-22Move Array constructor out of ``Expr.h`` and into ``Expr.cpp``.Dan Liew
The implementation of the constructor calls a method on a ``ConstantExpr`` which means the type must be complete (i.e. a forward declaration of ``ConstantExpr`` is insufficient) which creates an unnecessary ordering Dependency in ``Expr.h``.
2015-12-18Fix a leak detected by ASan in the KQuery parser where on destruction ofDan Liew
the ``ParserImpl`` it wouldn't free allocated ``Identifier``s
2015-12-18Fix memory leaks of ``Array`` objects detected by ASan.Dan Liew
Some of these leaks were introduced by the factory constructor for Array objects (f049ff3bc04daead8c3bb9f06e89e71e2054c82a) but a few others have been around for far longer. This leak was fixed by introducing a ``ArrayCache`` object which has two purposes * Retains ownership of all created ``Array`` objects and destroys them when the ``ArrayCache`` destructor is called. * Mimic the caching behaviour for symbolic arrays that was introduced by f049ff3bc04daead8c3bb9f06e89e71e2054c82a where arrays with the same name and size get "uniqued". The Executor now maintains a ``arrayCache`` member that it uses and passes by pointer to objects that need to construct ``Array`` objects (i.e. ``ObjectState``). This way when the Executor is destroyed all the ``Array`` objects get freed which seems like the right time to do this. For Kleaver the ``ParserImpl`` has a ``TheArrayCache`` member that is used for building ``Array`` objects. This means that the Parser must live as long as the built expressions will be used otherwise we will have a use after free. I'm not sure this is the right design choice. It might be better to transfer ownership of the ``Array`` objects to the root ``Decl`` returned by the parser.
2015-12-17Fix a memory leak in ``UpdateList`` detected by AddressSanitizer.Dan Liew
The overloaded assignment operator previously only deleted the head ``UpdateNode`` if the ``UpdateList`` had exclusive ownership which left the remaining list of ``UpdateNode``s dangling if those nodes had ``refCount`` of 1. To fix this the logic that was previously in the ``UpdateList`` destructor for deleting nodes that were exclusively referenced by the UpdateList has been moved into ``UpdateList::tryFreeNodes()`` so that it can be called from ``UpdateList::operator=()``. It looks like this bug has been in KLEE since the beginning.
2015-04-15Fix the handling of AShrExpr in ExprSMTLIBPrinter so that an overshiftDan Liew
always goes to zero (matches LLVM's APInt::ashr(...)). This is meant to partially address issue #218. There are a few problems with this commit * It is possible for AShrExpr to not be abbreviated because the scan methods will not see that we print the 0th child of the AShrExpr twice * The added test case should really be run through an SMT solver ( i.e. STP) but that requires infrastructure changes.
2015-04-09Added a new option, --rewrite-equalities, which makes it possible to disable ↵Cristian Cadar
the optimisation that rewrites existing constraints when an equality with a constant is added
2015-02-27Improved some comments and fixed some formatting issues in the Array factory ↵Cristian Cadar
patch.
2015-02-27Merge branch 'ArrayFactory' of https://github.com/holycrap872/klee into ↵Cristian Cadar
holycrap872-ArrayFactory
2015-02-22Added factory method for Arrays + hid constructors from outside callsEric Rizzi
The way that Arrays were handled in the past led to the possibility of aliasing issues. This occured whenever a new branch discovered an array for the first time. Each branch would create a new instance of the same array without seeing if it had been created before. Therefore, should a new branch encounter the same state as some previous branch, the previous branch's solution wouldn't satisfy the new state since they didn't recognize they were referencing the same array. By creating an array factory that creates a single symbolic array, that problem is handled. Note: Concrete arrays should not be created by the factory method since their values are never shared between branches. The factory works by seeing if an array with a similar hash has been created before (the hash is based on the name and size of array). If there has been it then searches through all of the arrays with the same hash (stored in a vector) to see if there is one with an exact match. If there is one, the address of this previously created equivalent array is returned. Otherwise, the newly created array is unique, it is added to the map, and it's address is returned. This aliasing issue can be seen by comparing the output of the Dogfood/ImmutableSet.cpp test cases with and with out this commit. Both act correctly, but the number of queries making it to the solver in the previous version is much greater 244 vs 211. This is because the UBTree in the CexCachingSolver and the cache in the CachingSolver do not recognize queries whose solutions were previously calculated because it doesn't think the arrays in the two queries are the same. While this does not cause an error, it does mean that extra calls are made.
2015-02-19Teach ExprSMTLIBPrinter to use SMTLIBv2's distinct function ratherDan Liew
than writing "(not (= a b))". This makes the code simpler and queries slightly simpler.
2014-12-13Add a few line breaks to make the code more readable inDan Liew
ExprSMTLIBPrinter
2014-12-13Clean up some ExprSMTLIBPrinter code by using llvm_unreachableDan Liew