Age | Commit message (Collapse) | Author |
|
|
|
versions, also mark two errors as ExecErrors, as these should not be caused by users
|
|
We implement the Itanium ABI unwinding base-API, and leave the
C++-specific parts to libcxxabi.
Co-authored-by: Lukas Wölfer <lukas.woelfer@rwth-aachen.de>
|
|
|
|
|
|
|
|
Global variables can't be a direct call target. Their values are read
and treated as indirect call targets.
|
|
This is in preparation for LLVM 11 as the llvm:CallSite class has been
removed.
|
|
|
|
The previous version left unnecessary intermediate nodes behind, sometimes
leading to very long paths in the tree.
|
|
- If an unknown intrinsic appears in the bitcode file,
it is reported but execution can proceed.
- If an unknown intrinsic is encountered during execution of some path,
- the intrinsic is reported
- this path is treated as an error
- execution of other paths can proceed
To be more precise, there is a list of "known unknown intrinsics".
Intrinsics not on this list will prevent execution.
|
|
|
|
* move global theRNG into Executor
* pass theRNG via ctor to searchers
* remove some type warnings from RNG.cpp
Fixes #1023.
|
|
|
|
|
|
This constructor has been a hack and was wrongly used, use ConstraintManager instead.
Allow copy-constructing states only via `ExecutionState::branch()` call.
|
|
Decouple ExecutionState from TimingSolver
Instead of providing an execution state to the timing solver use a set of
constraints and an additional object for metadata.
Fixes:
* correct accounting of metadata to a specific state
* accounting of all solver invocations (e.g. solver-getRange was not
accounted)
* allows to invoke the solver without a state (avoids costly copying of
states/constraints)
|
|
|
|
|
|
|
|
|
|
|
|
This reverts commit 0aed7731210d0eb41c0ea767edb8067130cf6252.
|
|
Changes:
- IntrinsicCleaner accepts fshr/fshl as accepted intrinsics
- Executor::executeCall converts fshr/fshl to urem/zext/concat/shift/extract
- Klee/main suppresses warnings about externals that are LLVM reserved
(i.e., begin with "llvm.")
- New test exercises 32 and 7 bit versions including oversize shift values
Test values are based on LLVM's test for fshl/fshr
- Changes that depend on existence of fshr/fshl are guarded by
#if LLVM_VERSION_CODE >= LLVM_VERSION(7, 0)
or
; REQUIRES: geq-llvm-7.0
|
|
* extend help messages for -max-memory and -max-memory-inhibit
* introduces branchingPermitted()
* enforces fork/branch limits in branch() (vector version)
* changes main loop
* calls updateStates() before checkMemoryUsage()
* calls updateStates() again in case we early terminate states
This should prevent double termination for now. Other solutions are
imho more expensive as we would have to compare possibly large
vectors of states (either states(arr) in checkMemoryUsage() or
removedStates in terminateState()).
|
|
|
|
|
|
mainly range-based for, code deduplication
|
|
|
|
|
|
This is the same check used in Executor::setModule. Without this check,
KLEE will segfault in StatisticsManager::incrementIndexedValue,
getIndexedValue, and setIndexedValue when `-output-stats=false` or
`-output-istats=false` because StatisticsManager::indexedStats has not
been allocated.
|
|
|
|
* add getID()/setID()
* use ExecutionStateIDCompare in Executor::states set
* output state id in .err files
|
|
|
|
|
|
"Instruction *i" declared at the beginning of the function. Reformatted this function.
|
|
values
Inline asm used for memory barriers might use their operands and propagate them as
return value.
This is currently not supported. Tighten check for this condition and do not to
lift those inline asm instructions.
Fixes #1252
|
|
Array names used for STP queries used to be restricted to 32 characters,
with the last characters replaced by a unique number.
Similarly, an array is made unique by `klee_make_symbolic`.
Unfortunately, both combined can lead to the generation of the same STP array name for different arrays.
This leads to wrong queries with invalid results.
This is more likely be triggered with longer names for `klee_make_symbolic`
Fixes #1257
|
|
appropriate existing directories and a new directory Statistics; a few missing renames.
|
|
|
|
tly in lib/Core
|
|
using "../"
|
|
|
|
The code assumed that the passed pointer points at the beginning
of the object. Remove this assumption and support any (constant)
pointer. The string is read util either the end of the object
is hit (in which case a warning is issued as the string
was not zero terminated) or until the terminating zero is found.
|
|
The code is simpler and more in the spirit of C++.
|
|
|
|
|
|
|
|
constraints
|
|
ArrayHashTime
* fix binding order for assignments when KLEE_ARRAY_DEBUG enabled
* always write ArrayHashTime column to run.stats, assign -1 when KLEE_ARRAY_DEBUG disabled
* remove unused NumObjects column from run.stats
* remove NumObjects panel from Grafana
|