about summary refs log tree commit diff homepage
path: root/lib
AgeCommit message (Collapse)Author
2017-07-20Replace assertions of types on LLVM instructions in the Executor with aDan Liew
pass that checks these assertions. This improves several things. * This pass provides more friendly messages than assertions in that it just emits a warning and carries on checking the rest of the instructions. * The takes the checks outside of the Executor's hot path and so avoids checking the same instruction multiple times. Now each instruction is only checked once just before execution starts. The disadvantage of this approach is the check for invariants we expect to hold have been pulled far away from where we expect them to hold. After discussion with @ccadar and @MartinNowack it was decided we will take this hit to readability for better performance and simpler code in the Executor.
2017-07-19Implement basic support for vectorized instructions.Dan Liew
We use LLVM's Scalarizer pass to remove most vectorized code so that the Executor only needs to support the InsertElement and ExtractElement instructions. This pass was not available in LLVM 3.4 so to support that LLVM version the pass has been back ported. To check that the Executor is not receiving vector operand types that it can't handle assertions have been added. There are a few limitations to this implementation. * The InsertElement and ExtractElement index cannot be symbolic. * There is no support for LLVM < 3.4.
2017-06-16move module loading into external functionJörg Thalheim
- having an explicit function which is defined for multiple llvm versions separately increases readability. - also: error handling was simplified - Personal motivation: being able to use this functionality in unit tests fixes #561 related to #656
2017-06-16llvm37: introduce type for PassManagerJiri Slaby
In LLVM 3.7, PassManager was moved to the legacy:: namespace. Introduce a type for it and use it in the code. Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-06-16Added location info for external calls and improved a message.Cristian Cadar
2017-06-15llvm37: do not copy DILocation to getDSPIPathJiri Slaby
DILocation is not copyable in LLVM 3.7. So, pass it as reference and make it const given we do not write to it. Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-06-12llvm: don't use clEnumValEnd for LLVM 4.0Jiri Slaby
It became unnecessary when defining options and mainly undefined. So introduce KLEE_LLVM_CL_VAL_END as suggested by @delcypher. Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-06-08Merge pull request #675 from ccadar/varargsAndrea Mattavelli
Fixed typos in comments related to vararg support.
2017-06-08Fixed typos in comments related to vararg support.Cristian Cadar
2017-06-02hide backend solver declarations from public includeHoang M. Le
2017-06-02replace handleMetaSMT() with klee::createMetaSMTSolver() and move it into ↵Hoang M. Le
MetaSMTSolver.cpp so that the backend headers only need to be included once there
2017-06-01[Z3] Remove unused include.Dan Liew
2017-06-01[Z3] Add `-debug-z3-verbosity=<N>` option which behaves like Z3's `-v:<N>` ↵Dan Liew
option. This lets us see what Z3 is doing execution (e.g. which tactic is being applied) which is very useful for debugging.
2017-06-01[Z3] Switch from `Z3_mk_simple_solver()` to `Z3_mk_solver()`.Dan Liew
My discussions [1] with the Z3 team have revealed that `Z3_mk_simple_solver()` is the wrong solver to use. That solver basically runs the `simplify` tactic and then the `smt` tactic. This by-passes Z3's attempt to probe for different logics and apply its own specialized tactic. Using `Z3_mk_solver()` should be closer to the behaviour of the Z3 binary. This partially addresses #653. We still need to try rolling our own custom tactic. [1] https://github.com/Z3Prover/z3/issues/1035
2017-06-01[Z3] In `getConstraintLog()` use a separate builder from that of theDan Liew
solver. This is to avoid tampering with the cache of the builder the solver is using.
2017-06-01[Z3] Implement API logging.Dan Liew
Add `-debug-z3-log-api-interaction` option to allow Z3 API calls to be logged to a file. The files logged by this option can be replayed by the `z3` binary (using its `-log` option). This is incredibly useful because it allows to exactly replay Z3's behaviour outside of KLEE.
2017-06-01[Z3] Add option to manually validate Z3 models.Dan Liew
This can be enabled by passing the command line option `-debug-z3-validate-models`. Although Z3 has a global parameter `model_validate` (off by default) I don't trust it so do the validation manually. This also means we can potentially do validation on a per Z3Solver instance basis rather than globally. When failing to validate a Z3 model the solver state and model are dumped to standard error.
2017-06-01[Z3] Add the `-debug-z3-dump-queries=<path>` command line option. ThisDan Liew
is useful for getting access to the constraints being stored in the Z3 solver in the SMT-LIBv2.5 format.
2017-06-01Refactor file opening code out of `main.cpp` and intoDan Liew
`klee_open_output_file()` function so that it can be used by the Z3Solver.
2017-06-01[Z3] Move the `dump()` methods of the Z3NodeHandle<> specializationsDan Liew
into `Z3Builder.cpp` so they can be called from in gdb.
2017-06-01[Z3] Add assertions in Z3 builder to catch underflow with bad widths.Dan Liew
2017-06-01[Z3] Support another solver failure reason that Z3 might give. I'm goingDan Liew
to guess it means timeout but I'm not 100% sure about this.
2017-05-30Merge pull request #655 from Mic92/loggingCristian Cadar
Fixed some KLEE messages and added build to .gitignore
2017-05-24Rearchitect ExternalDispatcherDan Liew
Previous changes for LLVM 3.6 using the MCJIT were incredibly hacky. Those changes required creating and destroying the ExternalDispatcher for every call to an external function. This is really bad * It's very poor design. The Executor should not need to know about the internal implementation details of the ExternalDispatcher. * It's likely very inefficient to keep creating and destroying the external dispatcher. The new code does several things. * Moves all of the implementation details into a `ExternalDispatcherImpl` class so that implementation details are not exposed in `ExternalDispatcher.h`. * When using the MCJIT a module is compiled for every (instruction, function) tuple. This is necessary because the MCJIT compiles whole modules at a time and once a module is compiled it cannot be modified and re-compiled. Doing this means we get to reuse already generated code for call sites which hopefully will reduce the overhead of repeatedly executing the same call site. A consequence of this change is that now the dispatcher function name needs to be unique across all modules. To do this we just append the module name because we guarantee that the module name is unique by construction. The code has also been clang-formatted.
2017-05-24llvm: make KLEE compile against LLVM 3.5 and 3.6Richard Trembecký
Based on work by @ccadeptic23 and @delcypher. Formatting fixed by @snf. Fix compiler warning by @martijnthe. Further fixes by @mchalupa. Refactored, so that changes can be reviewed -- no massive changes in whitespace and in the surrounding code. Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-05-24Remove redundant KLEE prefix while loggingJörg Thalheim
2017-04-09Removed unused variable 'fake_object' in MemoryObjectAndrea Mattavelli
2017-03-23[CMake] Unbreak build due to not adding AssignmentValidatingSolver.cppDan Liew
to list of source files. The cause of the breakage was me being to eager and merging #468 before forcing tests to re-run. That PR was written before the CMake build system existed.
2017-03-23Add `AssignmentValidatingSolver`. It's purpose is to check any computedDan Liew
assignments against the corresponding `Query` object and check the assignment evaluates correctly. This can be switched on using `-debug-assignment-validating-solver` on the command line.
2017-03-23[WIP] Fix bug where stats would not be updated on early exit caused byDan Liew
finding a bug with the `-exit-on-error` option enabled.
2017-03-06Merge pull request #611 from jirislaby/getDirectCallTargetAndrea Mattavelli
Core: explicitly create CallSite from Instruction
2017-03-06Merge pull request #609 from ccadar/warningsAndrea Mattavelli
Added new option --warnings-only-to-file which causes warnings to be written to warnings.txt only.
2017-03-05Merge pull request #607 from jirislaby/dispatcherAndrea Mattavelli
Core: MCJIT functions need unique names
2017-03-05Merge pull request #606 from jirislaby/ObjectFileCristian Cadar
Module: simplify is_object checks
2017-03-03Merge pull request #613 from ccadar/minor2Andrea Mattavelli
Moved printFileLine() to be part of KInstruction
2017-03-03Moved printFileLine() to be part of KInstructionCristian Cadar
2017-03-03Merge pull request #589 from gladtbx/klee_fix_pathOSAndrea Mattavelli
Fix internal fork without new pathOS.id
2017-03-03Using klee_message instead of llvm:errsCristian Cadar
2017-03-01fix for PathOS.idgladtbx
2017-03-01Core: explicitly create CallSite from InstructionJiri Slaby
Newer LLVMs do not allow implicit conversion from Instruction to CallSite. We see this error: Internal/Support/ModuleUtil.h:36:19: note: candidate function not viable: no known conversion from 'llvm::Instruction *' to 'llvm::CallSite' for 1st argument llvm::Function *getDirectCallTarget(llvm::CallSite); ^ So explicitly create a CallSite from Instruction. Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-03-01Added new option --warnings-only-to-file which causes warnings to be written ↵Cristian Cadar
to warnings.txt only. Disabled by default.
2017-02-28Core: MCJIT functions need unique namesJiri Slaby
We will use newer MCJIT with newer LLVM versions. But it needs unique names of functions or a wrong function can be called. So prepend "dispatcher_" to function names (even for older LLVMs). Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-02-28convert iterators using static_castJiri Slaby
Newer versions of LLVM do not allow to implicitly cast iterators to pointers where they point. So convert all such uses to explicit static_cast, the same as LLVM code does. Otherwise we see errors like: lib/Core/Executor.cpp:548:15: error: no viable conversion from 'Module::iterator' (aka 'ilist_iterator<llvm::Function>') to 'llvm::Function *' Function *f = i; ^ ~ Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-02-28Module: simplify is_object checksJiri Slaby
object::Binary has isObject method, which can be used to check whether it is an object::ObjectFile. Use that, since dyn_casting of object::Binary is not allowed in newer LLVMs: lib/Module/ModuleUtil.cpp:304:78: error: cannot convert ‘llvm::object::ObjectFile’ to ‘llvm::object::ObjectFile*’ in initialization else if (object::ObjectFile *o = dyn_cast<object::ObjectFile>(child.get())) ^ Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-02-28Merge pull request #547 from delcypher/fix_alignment_of_alloc_memoryCristian Cadar
Teach KLEE to respect the requested memory alignment of allocated memory
2017-02-25llvm: stop using global contextJiri Slaby
It was marked as deprecated long time ago and finally removed in LLVM 3.9. Remove all uses of getGlobalContext and create our own context. Propagate it all over the code then. [v2] use ctx, not C as name Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-02-24Teach KLEE to respect the requested memory alignment of globals and stackDan Liew
variables when possible. Previously an alignment 8 was always used which did not faithfully emulate what was either explicitly requested in the LLVM IR or what the default alignment was for the target.
2017-02-22klee: remove use of deprecated 'register'Jiri Slaby
New compilers warn about using 'register' as follows: ConstantDivision.cpp:66:3: warning: 'register' storage class specifier is deprecated and incompatible with C++1z [-Wdeprecated-register] Remove the register specifier -- the compilers are clever enough to know what to do. Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
2017-02-21Teach `klee::getDirectCallTarget()` to resolve weak aliases. This isDan Liew
controlled by a new parameter `moduleIsFullyLinked`. When true the linkage type of a weak alias is ignored. It is legal to do this when the module is fully linked because there won't be another function that could override the weak alias. This fixes a previous assertion failure in `klee::getDirectCallTarget()` triggered by the `test/regression/2016-11-24-bitcast-weak-alias.c` test case.
2017-02-14Increased the type size for the stop-after-n-instructions option to avoid ↵Andrea Mattavelli
too strict limitations (LLVM >= 3.0)