about summary refs log tree commit diff homepage
path: root/lib
AgeCommit message (Collapse)Author
2015-03-20[Solver] Fix leak intermediate expression not freedMartin Nowack
2015-03-20[Core] Fix memory leak in assembler raisingMartin Nowack
2015-03-12[Core] Always warn if states get deleted due to memory limitsMartin Nowack
2015-02-27Improved some comments and fixed some formatting issues in the Array factory ↵Cristian Cadar
patch.
2015-02-27Merge branch 'ArrayFactory' of https://github.com/holycrap872/klee into ↵Cristian Cadar
holycrap872-ArrayFactory
2015-02-22Added factory method for Arrays + hid constructors from outside callsEric Rizzi
The way that Arrays were handled in the past led to the possibility of aliasing issues. This occured whenever a new branch discovered an array for the first time. Each branch would create a new instance of the same array without seeing if it had been created before. Therefore, should a new branch encounter the same state as some previous branch, the previous branch's solution wouldn't satisfy the new state since they didn't recognize they were referencing the same array. By creating an array factory that creates a single symbolic array, that problem is handled. Note: Concrete arrays should not be created by the factory method since their values are never shared between branches. The factory works by seeing if an array with a similar hash has been created before (the hash is based on the name and size of array). If there has been it then searches through all of the arrays with the same hash (stored in a vector) to see if there is one with an exact match. If there is one, the address of this previously created equivalent array is returned. Otherwise, the newly created array is unique, it is added to the map, and it's address is returned. This aliasing issue can be seen by comparing the output of the Dogfood/ImmutableSet.cpp test cases with and with out this commit. Both act correctly, but the number of queries making it to the solver in the previous version is much greater 244 vs 211. This is because the UBTree in the CexCachingSolver and the cache in the CachingSolver do not recognize queries whose solutions were previously calculated because it doesn't think the arrays in the two queries are the same. While this does not cause an error, it does mean that extra calls are made.
2015-02-19Teach ExprSMTLIBPrinter to use SMTLIBv2's distinct function ratherDan Liew
than writing "(not (= a b))". This makes the code simpler and queries slightly simpler.
2015-02-13refactor integer overflow detection, add signed intLuca Dariz
Instead of checking for every possible casse which result in overflow, it is much simpler to perform the operation using integers with bigger dimension and check if the result overflow
2015-02-13Fix overflow detection in unsigned multiplicationLuca Dariz
Previously the check was done as unsigned int a, b, c; c = a * b; if (c < a) // error but it is wrong, since it catches only a subset of all the possible overflows. This patch improves the check as unsigned int a, b, c; if ((a > 1) && (b > 1){ if ((UINT_MAX/a) < b) // error } An additional case has been added to the tests, with two 32-bit values that cause overflow and are not detected by the old check. It is also necessary to break the lowering procedure in case the current BasicBlock is splitted; in this case it was necessary in order not to trigger the division by 0 error.
2015-02-13Detect overflow of unsigned add, sub and mul operationsLuca Dariz
This requires clang with -fsanitize=unsigned-integer-overflow tested with clang and llvm 3.4.2
2015-02-13Revert "Merged @luckyluke's change for detecting overflow of unsigned add, sub"Cristian Cadar
Will redo the merge to preserve original commits. This reverts commit a743d7072d9ccf11f96e3df45f25ad07da6ad9d6.
2015-02-10Merged @luckyluke's change for detecting overflow of unsigned add, subCristian Cadar
and mul operations. Refactored tests into two main cases, and disabled them on LLVM 2.9, which does not support -fsanitized=*signed-integer-overflow.
2014-12-19Merge pull request #168 from willemp/fix-va-args-passing-for-big-typesCristian Cadar
Fix va args passing for big types
2014-12-13Add a few line breaks to make the code more readable inDan Liew
ExprSMTLIBPrinter
2014-12-13Clean up some ExprSMTLIBPrinter code by using llvm_unreachableDan Liew
2014-12-13Clean up a few comments in ExprSMTLIBPrinterDan Liew
2014-12-12Print nested let-abbreviations in ExprSMTLIBPrinterRaimondas Sasnauskas
This patch introduces nested let-abbreviations in the ExprSMTLIBPrinter to reduce the size of the SMTLIBv2 queries and the corresponding processing time (bugfix for #170). The current implementation of the let abbreviation mode does not consider expression intra-dependencies and prints all abbreviations in the same let scope. For a (simplified) example, it prints (assert (let ( (?B1 (A + B)) (?B2 (A + B + C)) ) (= ?B1 ?B2) ) ). This is extremely inefficient if the expressions (and there many of these!) extensively reuse their subexpressions. Therefore, it's better to print the query with nested let-expressions by reusing existing expression bindings in the new let scope: (assert (let ( (?B1 (A + B)) ) (let ( (?B2 (?B1 + C)) ) (= ?B1 ?B2) ) ) ). This patch adds a new function ExprSMTLIBPrinter::scanBindingExprDeps() that scans bindings for expression dependencies. The result is a vector of new bindings (orderedBindings) that represents the expression dependency tree. When printing in the let-abbreviation mode, the new code starts with abbreviating expressions that have no dependencies and then gradually makes these new bindings available in the upcoming let-scopes where expressions with dependencies reuse them. The effect of nested let-abbreviations is comparable to :named abbreviations. However, the latter mode is not supported by the majority of the solvers.
2014-12-09Merge pull request #186 from paulmar/fixshiftCristian Cadar
Fix overshift check
2014-12-08Fix overshift checkPaul Marinescu
Shifting by bitwidth-1 is valid
2014-12-03Handling overshift behaviour in MetaSMTBuilderHristina Palikareva
2014-12-02Fix typoDan Liew
2014-12-02Add a comment explaining why the query expr is being negated.Dan Liew
2014-12-02The printing of constraints and the QueryExpr have been merged into aDan Liew
single method with two different implementations. There is one version of this method for human readability (printHumanReadableQuery()) and a version for machine consumption (printMachineReadableQuery()). The reason for having two versions is because different behaviour is needed in different scenarios * In machine readable mode the entire query is printed inside a single ``(assert ...)``. This is done to allow ``(let ...)`` to abbreviate as much as possible. * In human readable mode each constraint and query expression is printed inside its own ``(assert ...)`` unless the abbreviation mode is ABBR_LET in which case all constraints and query expr are printed inside a single ``(assert ...)`` much like in the machine readable mode Whilst I was here I also fixed a bug handling identation when printing ``(let ...)`` expressions in printAssert()
2014-12-02Implement :named and let abbreviation modes in ExprSMTLIBPrinterRaimondas Sasnauskas
* Set the default abbreviation mode to let (ExprSMTLIBPrinter::ABBR_LET) * Remove the now defunct ExprSMTLIBLetPrinter * Improve performance of ExprSMTLIBPrinter::scan() by keeping track of visited Expr to avoid visiting them again * Rename ExprSMTLIBPrinter::printQuery() to ExprSMTLIBPrinter::printQueryExpr()
2014-10-09Fixed passing of long double (and other big types) in var_args on x86_64. ↵Willem
Removed XFAIL tag from the Feature/VarArgLongDouble.c test Fixed Executor to (more) correctly handle the alignment of types larger than 64bit (such as long double) when those are passed in var_args on x86_64. Specifically: From http://www.x86-64.org/documentation/abi.pdf AMD64-ABI 3.5.7p5: Step 7. Align l->overflow_arg_area upwards to a 16 byte boundary if alignment needed by type exceeds 8 byte boundary.
2014-09-19Removed code related to underConstrained, as it is unused (issue pointed out ↵Cristian Cadar
by @hpalikareva).
2014-09-16Fix compilation error due to r199218. Maybe we should just remove thisDan Liew
assertion entirely?
2014-09-15Taught klee_warning(), klee_error() etc... to emit coloured text output.Dan Liew
Also use bold green text when KLEE finishes. This is done by taking advantage of llvm::raw_ostream's nice API for controlling the console text colour.
2014-09-15Removed inlineChecks() function which was just dead code.Dan Liew
2014-09-14[LLVM3.5] Ensure Twine definition is available from Executor.h.Daniel Dunbar
2014-09-14Fix LLVM3.5 compilation. This is due to r202168Dan Liew
2014-09-14[LLVM3.5] Drop use of PassNameParser, which we don't even use anymore.Daniel Dunbar
2014-09-14Fix LLVM3.5 compilation due to switching to std::error_codeDan Liew
2014-09-14[LLVM3.5] Update for more random headers moving around.Daniel Dunbar
2014-09-14[LLVM3.5] Update for move of CFG.h into IR.Daniel Dunbar
- Mostly fixed by removing unnecessary references.
2014-09-14[LLVM3.5] Update for CallSite.h move into IR/.Daniel Dunbar
2014-09-14Fix compilation error due to change in raw_fd_ostream for LLVM3.5Dan Liew
2014-09-14[LLVM3.5] Don't try to use DEBUG macro without DEBUG_TYPE.Daniel Dunbar
2014-09-14[Core] Fix a bug in how source file names were written in .istats files.Daniel Dunbar
- KCachegrind appears to expect the first function name to be preceeded by the name of the file it appears in. Otherwise, it will end up creating two different records for the function, one of which has no file name and won't have any statistics.
2014-09-14[Module] Try harder to associate each instruction with source level debug info.Daniel Dunbar
- This makes KCachegrind output look nicer, as otherwise it assumes instructions without debug info were inlined and shows some message to that effect. - This does however we might be lying a bit about the source line that an instruction came from. - This also adds a test case for our istats output, yay!
2014-09-14[Core] Remove support for "--use-asm-addresses".Daniel Dunbar
- I suspect no one is using this feature, and I'm not sure it is well conceived either. Ripping it out for now in lieu of bothering to maintain it.
2014-09-13[Core] Fix implementation of FRem for LLVM 3.3+, which was wrong (caught by ↵Daniel Dunbar
FloatingPointOps.ll).
2014-09-13[Solver] Tune down the shared memory region size on Darwin.Daniel Dunbar
- See comment, this is a gross workaround for Darwin's very small default limit on shared memory size. I'm not sure how big of a counterexample users can actually expect STP to solve in practice -- if there is a practical use for larger ones it would probably be good for us to write a fallback strategy.
2014-09-13[Solver] Ensure shared memory allocation failures are reported as errors, ↵Daniel Dunbar
not asserts.
2014-09-13Small edits to test the Travis CI trigger.Cristian Cadar
2014-09-13Add KLEE specific DEBUG macros.Daniel Dunbar
- This allows us to build in +Asserts mode even when LLVM isn't (by disabling the checks in that mode). - Eventually it would be nice to just move off of LLVM's DEBUG infrastructure entirely and just have our own copy, but this works for now. - Fixes #150.
2014-09-12[Core] Fix some warnings in -Asserts builds.Daniel Dunbar
2014-09-12[Module] Fix handling of instructions without debug info.Daniel Dunbar
- The change in 6829fb9 caused us to not allocation InstructionInfo objects for instructions without source-level debug info, however, that means that all such instructions end up sharing the one dummy InstructionInfo object, which really breaks statistics tracking. - This commit basically reverts that change, and also changes the code so we don't ever use the dummy InstructionInfo object for instructions, so that this problem can't be hit in other ways (e.g., if someone modifies the module after the InstructionInfoTable construction). There is a FIXME for checking the same thing for functions. - Fixes #144.
2014-09-12When building against libc++ (vs libstdcxx), use standard ↵Daniel Dunbar
unordered_{map,set} includes. - I'm not sure what the status of libstdcxx's c++11 support is. It may be we can just move over to <unordered_map> everywhere, but I don't have a Linux test machine handy at the moment.
2014-09-12Tweak the workarounds for multiple definition of PACKAGE_* macros from ↵Daniel Dunbar
config.h files. - There seems to be a better solution for this by defining a macro prefix, per: http://www.gnu.org/software/autoconf-archive/ax_prefix_config_h.html but I have no experience with that and it looks like it might involve rewriting a bunch of our macro checks.