| Age | Commit message (Collapse) | Author |
|---|
|
|
|
The previous version left unnecessary intermediate nodes behind, sometimes
leading to very long paths in the tree.
|
|
- If an unknown intrinsic appears in the bitcode file,
it is reported but execution can proceed.
- If an unknown intrinsic is encountered during execution of some path,
- the intrinsic is reported
- this path is treated as an error
- execution of other paths can proceed
To be more precise, there is a list of "known unknown intrinsics".
Intrinsics not on this list will prevent execution.
|
|
|
|
* move global theRNG into Executor
* pass theRNG via ctor to searchers
* remove some type warnings from RNG.cpp
Fixes #1023.
|
|
|
|
|
|
This constructor has been a hack and was wrongly used, use ConstraintManager instead.
Allow copy-constructing states only via `ExecutionState::branch()` call.
|
|
Decouple ExecutionState from TimingSolver
Instead of providing an execution state to the timing solver use a set of
constraints and an additional object for metadata.
Fixes:
* correct accounting of metadata to a specific state
* accounting of all solver invocations (e.g. solver-getRange was not
accounted)
* allows to invoke the solver without a state (avoids costly copying of
states/constraints)
|
|
|
|
|
|
|
|
|
|
|
|
This reverts commit 0aed7731210d0eb41c0ea767edb8067130cf6252.
|
|
Changes:
- IntrinsicCleaner accepts fshr/fshl as accepted intrinsics
- Executor::executeCall converts fshr/fshl to urem/zext/concat/shift/extract
- Klee/main suppresses warnings about externals that are LLVM reserved
(i.e., begin with "llvm.")
- New test exercises 32 and 7 bit versions including oversize shift values
Test values are based on LLVM's test for fshl/fshr
- Changes that depend on existence of fshr/fshl are guarded by
#if LLVM_VERSION_CODE >= LLVM_VERSION(7, 0)
or
; REQUIRES: geq-llvm-7.0
|
|
* extend help messages for -max-memory and -max-memory-inhibit
* introduces branchingPermitted()
* enforces fork/branch limits in branch() (vector version)
* changes main loop
* calls updateStates() before checkMemoryUsage()
* calls updateStates() again in case we early terminate states
This should prevent double termination for now. Other solutions are
imho more expensive as we would have to compare possibly large
vectors of states (either states(arr) in checkMemoryUsage() or
removedStates in terminateState()).
|
|
|
|
|
|
mainly range-based for, code deduplication
|
|
|
|
|
|
This is the same check used in Executor::setModule. Without this check,
KLEE will segfault in StatisticsManager::incrementIndexedValue,
getIndexedValue, and setIndexedValue when `-output-stats=false` or
`-output-istats=false` because StatisticsManager::indexedStats has not
been allocated.
|
|
|
|
* add getID()/setID()
* use ExecutionStateIDCompare in Executor::states set
* output state id in .err files
|
|
|
|
|
|
"Instruction *i" declared at the beginning of the function. Reformatted this function.
|
|
values
Inline asm used for memory barriers might use their operands and propagate them as
return value.
This is currently not supported. Tighten check for this condition and do not to
lift those inline asm instructions.
Fixes #1252
|
|
Array names used for STP queries used to be restricted to 32 characters,
with the last characters replaced by a unique number.
Similarly, an array is made unique by `klee_make_symbolic`.
Unfortunately, both combined can lead to the generation of the same STP array name for different arrays.
This leads to wrong queries with invalid results.
This is more likely be triggered with longer names for `klee_make_symbolic`
Fixes #1257
|
|
appropriate existing directories and a new directory Statistics; a few missing renames.
|
|
|
|
tly in lib/Core
|
|
using "../"
|
|
|
|
The code assumed that the passed pointer points at the beginning
of the object. Remove this assumption and support any (constant)
pointer. The string is read util either the end of the object
is hit (in which case a warning is issued as the string
was not zero terminated) or until the terminating zero is found.
|
|
The code is simpler and more in the spirit of C++.
|
|
|
|
|
|
|
|
constraints
|
|
ArrayHashTime
* fix binding order for assignments when KLEE_ARRAY_DEBUG enabled
* always write ArrayHashTime column to run.stats, assign -1 when KLEE_ARRAY_DEBUG disabled
* remove unused NumObjects column from run.stats
* remove NumObjects panel from Grafana
|
|
introduced during the optimization step
|
|
|
|
This uses the `ref<>`-based memory handling of MemoryObjects.
This makes it explicit that references are held in:
- ExecutionState::symbolics
- ObjectState
|
|
Remove additional reference counting as part of UpdateNodeList and
UpdateNode. Simplifies code.
|
|
Using KLEE's `ref<>` shared ptr requires the referenced object
to contain a reference counter to be added and initialised to 0
as part of the constructor.
To support better reuse of the `ref<>` ptr add a `ReferenceCounter`
struct.
Just adding this struct to a new class/struct as member enables
reference counting with `ref<>` - no additional counter management
needed.
|
|
TR1 implementation got replaced by the std::* equivalents with C++11.
Start to use the standard versions instead of the old ones.
|
|
|
|
Statistics encoded in `run.istats` were limited to a maximum number of 13 due to encoding in a `uint64_t` variable.
This approach has multiple limitations:
- a maximum number of 13 statistics were allowed
- a subtle bug can be triggered if many more statistics are added - independent of the selected statistics for `run.istats`
Depending on the linking order, statistics will get a different ID. Previously, the ID was used to shift a `1` to its position marking the statistic as being used.
This will lead to undefined behaviour if more than 63 statistics are used.
Using an llvm::SmallBitVector instead fixes both problems.
|
