about summary refs log tree commit diff homepage
path: root/lib
AgeCommit message (Collapse)Author
2016-11-22[CMake] Add another missing LLVM component dependency for `kleeModule`.Dan Liew
Reported by @jirislaby in #507.
2016-11-22[CMake] Add missing dependencies reported in #507.Dan Liew
This has shown that there is another circular dependency (added by me! sigh...) between `kleeCore` and `kleeModule`.
2016-11-19Remove option --randomize-fork. If someone needs this, the right way is to ↵Cristian Cadar
implement it in the solver.
2016-11-19Documented the level at which BFS operates in KLEE, as part of --helpCristian Cadar
2016-11-19Merge branch 'fix_bfs2' of https://github.com/MartinNowack/klee into ↵Cristian Cadar
MartinNowack-fix_bfs2
2016-11-19Merge pull request #492 from hoangmle/masterCristian Cadar
add nicer error messages for --use-merge and add explanation why it currently cannot be used with random-path
2016-11-18[CMake] Remove use of tabs in `CMakeLists.txt` files.Dan Liew
2016-11-18[CMake] Re-express LLVM and KLEE library dependencies asDan Liew
transitive dependencies on KLEE's libraries rather than on the final binaries. This is better because it means we can build other tools that use KLEE's libraries and not need to express the needed LLVM dependencies. It also makes it clearer what the dependencies are between KLEE libraries. This has illustrated a problem with the `kleeBasic` library. It contains `ConstructSolverChain.cpp` which clearly belongs in `kleaverSolver` not in `kleeBasic`. This will be fixed later.
2016-11-09Fix BFS searcherMartin Nowack
For performance reasons, if KLEE branches, one state is reused and it is progressed by adding new constraints. Make sure both new states end up at the end of the BFS searcher queue.
2016-11-08add nicer error messages for --use-merge and add explanation why it ↵Hoang M. Le
currently cannot be used with random-path
2016-11-07Implement a CMake based build system for KLEE.Dan Liew
This is based off intial work by @jirislaby in #481. However it has been substantially modified. Notably it includes a separate build sytem to build the runtimes which is inspired by the old build system. The reason for doing this is because CMake is not well suited for building the runtime: * CMake is configured to use the host compiler, not the bitcode compiler. These are not the same thing. * Building the runtime using `add_custom_command()` is flawed because we can't automatically get transitive depencies (i.e. header file dependencies) unless the CMake generator is makefiles. (See `IMPLICIT_DEPENDS` of `add_custom_command()` in CMake). So for now we have a very simple build system for building the runtimes. In the future we can replace this with something more sophisticated if we need it. Support for all features of the old build system are implemented apart from recording the git revision and showing it in the output of `klee --help`. Another notable change is the CMake build system works much better with LLVM installs which don't ship with testing tools. The build system will download the sources for `FileCheck` and `not` tools if the corresponding binaries aren't available and will build them. However `lit` (availabe via `pip install lit`) and GTest must already be installed. Apart from better support for testing a significant advantage of the new CMake build system compared to the existing "Autoconf/Makefile" build system is that it is **not** coupled to LLVM's build system (unlike the existing build system). This means that LLVM's autoconf/Makefiles don't need to be installed somewhere on the system. Currently all tests pass. Support has been implemented in TravisCI and the Dockerfile for building with CMake. The existing "Autoconf/Makefile" build system has been left intact and so both build systems can coexist for a short while. We should remove the old build system as soon as possible though because it creates an unnecessary maintance burden.
2016-11-03Adds support for Darwin platform in RaiseAsm passAndrea Mattavelli
2016-10-27apply clang-formatHoang M. Le
2016-10-27update commentsHoang M. Le
2016-10-27upgrade to boolector-2.2.0 & remove the no longer needed aux array vectorHoang M. Le
2016-10-26move the query creation part into runAndGetCex() (to be consistent with ↵Hoang M. Le
runAndGetCexForked())
2016-10-26change signature of runAndGetCex() to match runAndGetCexForked()Hoang M. Le
2016-10-26remove outdated FIXME (metaSMT-Z3 implements assumption via push/pop)Hoang M. Le
2016-10-18Fix `-Wmisleading-indentation` warning and also correctly set theDan Liew
`dirty` flag if we remove `llvm.trap` from the module.
2016-10-01Merge pull request #426 from hoangmle/metaSMT_remove_ITE_chain_for_shiftMartinNowack
remove mimic_stp option and the associated ITE chain construction for variable shift operations
2016-09-29Fix bug in `AssignmentEvaluator` where NotOptimizedExpr would not (#466)Dan Liew
* Add unittest to check that the `Assignment` class can evaluate expressions containing a `NotOptimizedExpr`. * Fix the `AssignmentTest.FoldNotOptimized` unit test by teaching the `ExprEvaluator` to fold `NotOptimizedExpr` nodes.
2016-09-29remove mimic_stp option and the associated ITE chain construction for shift ↵Hoang M. Le
operators
2016-09-29configure: add option to enable timestampingJiri Slaby
It is pain for build systems to see __DATE__ or __TIME__ in sources as the build is not reproducible. So disable the timestamping by default and add an option to enable it if somebody is really after it. Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2016-09-26Modified logging information to steer the usage of klee_message, ↵Andrea Mattavelli
klee_warning, and klee_error
2016-09-20Merge pull request #443 from MartinNowack/feat_assembler_raisingCristian Cadar
Extended support for assembler raising
2016-09-16Avoid internalization of non-standard entry point (i.e. not the main ↵Andrea Mattavelli
function) (#455)
2016-09-15Rename `-debug-cross-check-core-solver` option toDan Liew
`-debug-crosscheck-core-solver` as requested by Cristian
2016-09-15Add ``-debug-cross-check-core-solver`` option to allow cross-checkingDan Liew
with another solver. For example the core solver can be STP and the cross checking solver can be Z3. Unfortunately a few fragile tests don't pass when actually using this option.
2016-09-15Clang-format ``ConstructSolverChain.cpp``Dan Liew
2016-08-10Extended support for assembler raisingMartin Nowack
Improved support for assembler handling. Providing additional triple information to raise assembler for supported architectures only. Implemented support for raising full assembly memory fence. Added initial support for memory fences in Executor.
2016-08-10Merge pull request #451 from andreamattavelli/fix_ub_ptreeMartinNowack
Fix to PTree pointer use-after-delete
2016-08-09Fix to PTree pointer use-after-delete undefined behaviorAndrea Mattavelli
2016-08-08Merge pull request #447 from hutoTUM/fix-klee_get_obj_sizeMartinNowack
Fix for klee_get_obj_size() crashing on 64-bit, resolves #446
2016-08-08Fix for klee_get_obj_size() crashing on 64-bit, resolves #446hutoTUM
2016-08-06Fix to #445Andrea Mattavelli
2016-08-04klee: add exit-on-error-type parameterJiri Slaby
It allows stopping the execution on some conditions like assertions. The use is like: klee -exit-on-error-type=Assert -exit-on-error-type=External file.llvm This is especially useful in the SV-COMP. A test to cover the new parameter was added too. Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2016-08-03fprintf: convert to klee_warningJiri Slaby
In some Solver sources, some error outputs were missing \n. Instead of adding a new line to all of them, convert the fprintf's to klee_warning which adds \n automatically. ErrorHandling.h had to be included in MetaSMTSolver.cpp to have klee_warning declared there. Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2016-08-02Merge pull request #438 from jirislaby/memuseMartinNowack
MemoryUsage: handle ill-designed mallinfo
2016-08-02MemoryUsage: fix GetTotalMallocUsageJiri Slaby
The mallinfo() interface is ill-designed. It returns 'int' as occupied memory. This means at most 2G. This causes troubles when capping the memory to 3G by -max-memory=3000 for example. We cannot fix the interface, but we can at least extend the space to 4G. So cast those 'int's to 'unsigned int's to avoid sign extension. Then do the addition on 'size_t' to count on 64bit values (on 64 bit). Apart from that, the original 'int' + 'int' led to overflow which is undefined on 'signed int's in C. Also, when klee is run under valgrind, generic.current_allocated_bytes from gperftools does not touch the passed pointer and in that case, we return garbage from GetTotalMallocUsage. So initialize 'value' to 0 to avoid the problem. And since GetNumericProperty accepts 'size_t', let's define 'value' as such. It was 'uint64_t' previously and they differ on 32 bit. Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2016-07-31Merge pull request #422 from ccadar/div-zero-testCristian Cadar
Added test case exposing division by zero failure reported by @kren1 and made division total in STP to fix it.
2016-07-29Explicitely making division total in STP.Cristian Cadar
2016-07-11Executor: do not crash on non-sized globalsJiri Slaby
Sometimes, globals are not sized and ->getTypeStoreSize on such type crashes inside the LLVM. Check whether type is sized prior to calling the function above. A minimalistic example of Y being unsized with no effect on the actual code is put to tests. [v2] Use klee_warning for printing. And use %.*s formatting string given StringRef.data() need not be null terminated. Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2016-07-10Fix parsing of deterministic address.Martin Nowack
Allows to provide 0 as an address to allocate deterministic memory area at any free space.
2016-07-09Fix variable shifting behavior with different sizesMartin Nowack
Generated STP equality expressions have to be the same type. If a shift with different types as operands was used, therefore equality expressions of different width were generated. Beside avoiding the different sizes, this patch restores the original behavior to extract just the part involved in shifting and therefore should generate smaller expressions. Enable sdiv test case
2016-07-08Clang-formated MemoryManagerMartin Nowack
2016-07-08Add deterministic allocation of memoryMartin Nowack
Deterministic allocation provides an internal allocator which mmaps memory to a fixed static address. This way, same allocation is assured across different KLEE runs for the same application assuming a deterministic searcher. In addition, this patch provides following options: -allocate-determ: switch on/off deterministic allocation -allocate-determ-size: adjust preallocated memory -null-on-zero-malloc: returns null pointer in case a malloc of size 0 was requested. According to standard, also a non-null pointer can be returned (which happens with the default glibc malloc implementation) -allocation-space: space between allocations can be adjusted. KLEE is not able to detect out-of-bound accesses which are inside another but wrong object. Due the implementation of typical allocators adjacent mallocs have space in between for management purposes. This spaces helped KLEE to detect off-by-1/2 accesses. For higher numbers, the allocation space has to be increased. -allocate-determ-start-address: adjust deterministic start address. The addres has to be page aligned. KLEE fails if it cannot acquire this address
2016-07-08Handle aligned varargs allignment correctlyMartin Nowack
For vararg handling, arguments of size bigger than 64 bit need to be handled 128bit aligned according to AMD calling conventions AMD64-ABI 3.5.7p5. To handle that case correctly, we do: 1) make sure that every argument is aligned correctly in an allocation for function arguments 2) the allocation itself is aligned correctly
2016-07-08Generate forked states for switch instructions deterministicallyMartin Nowack
This patch generates the states based on the order of switch-cases. Before, switch-constraints were randomly assigned to forked states. As generated code might be different between LLVM versions, we use the case values, order them, and iterate in that order over the cases. This way we can also support deterministic execution of older LLVM versions.
2016-07-08Use vector instead of set to add/remove statesMartin Nowack
Deterministic adding/removing of states.
2016-07-08IterativeDeepeningTimeSearcher: Fix using wrong iteratorMartin Nowack