about summary refs log tree commit diff homepage
path: root/test
AgeCommit message (Collapse)Author
2016-11-09Fix BFS searcherMartin Nowack
For performance reasons, if KLEE branches, one state is reused and it is progressed by adding new constraints. Make sure both new states end up at the end of the BFS searcher queue.
2016-11-07Implement a CMake based build system for KLEE.Dan Liew
This is based off intial work by @jirislaby in #481. However it has been substantially modified. Notably it includes a separate build sytem to build the runtimes which is inspired by the old build system. The reason for doing this is because CMake is not well suited for building the runtime: * CMake is configured to use the host compiler, not the bitcode compiler. These are not the same thing. * Building the runtime using `add_custom_command()` is flawed because we can't automatically get transitive depencies (i.e. header file dependencies) unless the CMake generator is makefiles. (See `IMPLICIT_DEPENDS` of `add_custom_command()` in CMake). So for now we have a very simple build system for building the runtimes. In the future we can replace this with something more sophisticated if we need it. Support for all features of the old build system are implemented apart from recording the git revision and showing it in the output of `klee --help`. Another notable change is the CMake build system works much better with LLVM installs which don't ship with testing tools. The build system will download the sources for `FileCheck` and `not` tools if the corresponding binaries aren't available and will build them. However `lit` (availabe via `pip install lit`) and GTest must already be installed. Apart from better support for testing a significant advantage of the new CMake build system compared to the existing "Autoconf/Makefile" build system is that it is **not** coupled to LLVM's build system (unlike the existing build system). This means that LLVM's autoconf/Makefiles don't need to be installed somewhere on the system. Currently all tests pass. Support has been implemented in TravisCI and the Dockerfile for building with CMake. The existing "Autoconf/Makefile" build system has been left intact and so both build systems can coexist for a short while. We should remove the old build system as soon as possible though because it creates an unnecessary maintance burden.
2016-09-20Merge pull request #443 from MartinNowack/feat_assembler_raisingCristian Cadar
Extended support for assembler raising
2016-09-16Avoid internalization of non-standard entry point (i.e. not the main ↵Andrea Mattavelli
function) (#455)
2016-09-15Check the existence of the entry point during the initialization of the ↵Andrea Mattavelli
POSIX runtime. If the check fails, exit with an error. (#457)
2016-08-10Extended support for assembler raisingMartin Nowack
Improved support for assembler handling. Providing additional triple information to raise assembler for supported architectures only. Implemented support for raising full assembly memory fence. Added initial support for memory fences in Executor.
2016-08-08Merge pull request #447 from hutoTUM/fix-klee_get_obj_sizeMartinNowack
Fix for klee_get_obj_size() crashing on 64-bit, resolves #446
2016-08-08Fix for klee_get_obj_size() crashing on 64-bit, resolves #446hutoTUM
2016-08-04klee: add exit-on-error-type parameterJiri Slaby
It allows stopping the execution on some conditions like assertions. The use is like: klee -exit-on-error-type=Assert -exit-on-error-type=External file.llvm This is especially useful in the SV-COMP. A test to cover the new parameter was added too. Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2016-07-31Merge pull request #422 from ccadar/div-zero-testCristian Cadar
Added test case exposing division by zero failure reported by @kren1 and made division total in STP to fix it.
2016-07-11Executor: do not crash on non-sized globalsJiri Slaby
Sometimes, globals are not sized and ->getTypeStoreSize on such type crashes inside the LLVM. Check whether type is sized prior to calling the function above. A minimalistic example of Y being unsized with no effect on the actual code is put to tests. [v2] Use klee_warning for printing. And use %.*s formatting string given StringRef.data() need not be null terminated. Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2016-07-09Fix variable shifting behavior with different sizesMartin Nowack
Generated STP equality expressions have to be the same type. If a shift with different types as operands was used, therefore equality expressions of different width were generated. Beside avoiding the different sizes, this patch restores the original behavior to extract just the part involved in shifting and therefore should generate smaller expressions. Enable sdiv test case
2016-07-08Generate forked states for switch instructions deterministicallyMartin Nowack
This patch generates the states based on the order of switch-cases. Before, switch-constraints were randomly assigned to forked states. As generated code might be different between LLVM versions, we use the case values, order them, and iterate in that order over the cases. This way we can also support deterministic execution of older LLVM versions.
2016-07-08Use vector instead of set to add/remove statesMartin Nowack
Deterministic adding/removing of states.
2016-07-08Support gzip-based compression of raw_outstreamsMartin Nowack
Provide initial zlib-based compression support for raw_outstreams. Replacing llvm::raw_fd_outstreams with compressed_fd_outstreams automatically compresses data in gzip format before writing to file. Options added: * --compress-log to compress all query log files (e.g. *.pc, *.smt2) on the fly. Every query log file gets extended with .gz. * --debug-compress-instructions to compress logfile for instruction stream on the fly.
2016-06-28Added test case exposing division by zero failure reported by @kren1, and ↵Cristian Cadar
recently fixed in STP.
2016-05-28Fixed an incorrect read() invocation and missing includes for FD_Fail2.cCristian Cadar
2016-05-27Merge pull request #396 from andreamattavelli/fix_kleaver_parserCristian Cadar
Fixed bug #375 in Kleaver's parser and added --clear-array-decls-after-query option to Kleaver.
2016-05-24Split creation of symbolic files and stdin in two distinct optionsAndrea Mattavelli
2016-05-24Fixed bug #375 in Kleaver's parserAndrea Mattavelli
2016-05-18Modified -debug-print-instructions to allow to write directly on log file.Andrea Mattavelli
The option now contains 4 different options: 1) all:stderr, which logs all instructions to file in format [src, inst_id, llvm_inst]; 2) src:stderr, which logs all instructions to file in format [src, inst_id]; 3) compact:stderr, which logs all instructions to file in format [inst_id]; 4) all:file, which logs all instructions to file in format [src, inst_id, llvm_inst]; 5) src:file, which logs all instructions to file in format [src, inst_id]; 6) compact:file, which logs all instructions to file in format [inst_id]; Writing to file gives a speedup of ~50x.
2016-04-17Merge pull request #359 from delcypher/fix_indep_solver_bugCristian Cadar
Bug fix in IndependentSolver
2016-04-14This test passes under 2.9, so it cannot be used as an XFAIL. We can enable ↵Cristian Cadar
it after the division bug is fixed.
2016-04-14Added test case with the examples from ↵Cristian Cadar
https://github.com/klee/klee/issues/334, which triggers a bug in solver-optimize-divides, and which is for now expected to fail.
2016-04-08Rename KLEE command line options fromDan Liew
* ``-replay-out`` to ``-replay-ktest-file`` * ``-replay-out-dir`` to ``-replay-ktest-dir`` and also rename * help descriptions * global variables corresponding to these options. * Names used in ``KleeHandler``, ``Interpreter``, ``Executor`` and in KLEE's ``main()`` function. The old name for the options/code was very unhelpful as it wasn't obvious that "out" files are ``.ktest`` files unless you examine KLEE's source code.
2016-03-22Try to fix #348Dan Liew
The problem was that ``assertCreatedPointEvaluatesToTrue()`` used in the IndependentSolver assumed that it would be given an assignment for every array. If this wasn't the case the ``Assignment`` object by default would just replace every read of an unknown array with a byte filled with zeros. This problem would appear if ``IndependentSolver::getInitialValues(...)`` was called without asking for assignment for used arrays. I saw two ways of fixing this * Get an assignment for all arrays even if the client didn't ask for them. This guarantees that is the query is satisfiable then we can compute a concrete assignment. * Just do a "best effort" check and only check expressions that can be fully assigned to. I chose the latter because the first option seems pretty wasteful, especially for an assert. The second option isn't ideal though as it would be possible to compute an assignment that for the whole query leads to "unsat" but we wouldn't notice.
2016-02-25Added support to load libraries from command lineOmer Anson
This allows a user to invoke klee with specific libraries to load from command line. This is an attempt to allow klee to run on applications linked to external libraries. The libraries still have to be compiled specially for klee, in a manner similar to klee-uclibc, i.e. archives (build with llvm-ar) of llvm IR files.
2016-02-14Try to fix the TravisCI build when using Z3 as the solver. TheDan Liew
``test/Feature/SolverTimeout.c`` test fails there. The error message I see in TravisCI is ``` Command 2: "/home/travis/build/klee/build/klee/Release+Asserts/bin/klee" "--output-dir=/home/travis/build/klee/build/klee/test/Feature/Output/SolverTimeout.c.tmp.klee-out" "--max-solver-time=1" "/home/travis/build/klee/build/klee/test/Feature/Output/SolverTimeout.c.tmp1.bc" Command 2 Result: -11 Command 2 Output: Command 2 Stderr: KLEE: output directory is "/home/travis/build/klee/build/klee/test/Feature/Output/SolverTimeout.c.tmp.klee-out" KLEE: WARNING: undefined reference to function: printf KLEE: ERROR: (location information missing) divide by zero KLEE: NOTE: now ignoring this error at this location 0 klee 0x0000000000da87d2 llvm::sys::PrintStackTrace(_IO_FILE*) + 34 1 klee 0x0000000000da85c9 2 libpthread.so.0 0x00007fca19936cb0 3 libz3.so 0x00007fca19079826 4 librt.so.1 0x00007fca1747640c 5 libpthread.so.0 0x00007fca1992ee9a 6 libc.so.6 0x00007fca1776c38d clone + 109 ``` The issue appears to be racey as I had to run several copies of KLEE in parallel for the bug to occur using Z3 4.4.1. I managed to get a coredump and got the backtrace from gdb for the crash which is ``` #0 0x00007f4841b11c46 in scoped_timer::imp::sig_handler (s=..., s@entry=...) at ../src/util/scoped_timer.cpp:112 #1 0x00007f484031e0ff in timer_sigev_thread (arg=0x7f48380008c0) at ../nptl/sysdeps/unix/sysv/linux/timer_routines.c:63 #2 0x00007f484291c182 in start_thread (arg=0x7f483db46700) at pthread_create.c:312 #3 0x00007f484061b47d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 ``` The crash appears to be in Z3 itself but I can't reproduce the issue when using the version of Z3 from the master branch. For now we simply workaround the issue by not running the ``test/Feature/SolverTimeout.c`` test when using Z3 as the solver. We should revisit this issue when another stable release of Z3 is made.
2016-01-12Refactor setting the core solver (i.e. STP, MetaSMT or DummySolver) by providingDan Liew
a ``createCoreSolver()`` function. The solver used is set by the new ``--solver-backend`` command line argument. The default is STP. This change necessitated refactoring the MetaSMT stuff. That clearly didn't belong in the Executor! The MetaSMT command line option is now ``--metasmt-backend`` as this only picks the MetaSMT backend. In order to use MetaSMT ``--solver-backend=metasmt`` needs to be passed. Note I don't have MetaSMT built on my development machine so I don't know if the MetaSMT stuff even compiles...
2015-12-19Implement support for lowering the ``llvm.objectsize`` intrinsicDan Liew
introduced in LLVM 2.7. Previously KLEE would emit the following error message when ``IntrinsicLowering::LowerIntrinsicCall()`` was called on the intrinsic ``` LLVM ERROR: Code generator does not support intrinsic function 'llvm.objectsize.i64.p0i8'! ``` The ``IntrinsicCleaner`` pass now lowers this intrinsic to a constant integer depending on the second argument to the intrinsic. This corresponds to the case where the size of the object pointed to by the first argument is unknown. An alternative design would be to handle this intrinsic in the Executor where is actually possible to know the size of objects during execution. However that would be much more complicated because if the pointer is symbolic we would have to fork for every object that could be pointed to. The implementation is similar to #260 but we handle the second argument to the intrinsic correctly and also have a simple test case. Unfortunately we have to have a different version of the test case for LLVM 2.9 because the expected suffix for the intrinsic is different in LLVM 2.9.
2015-12-17Fixed a bug with how non power 2 values were written to memory, added test ↵Timotej Kapus
for it
2015-12-16Propagate AddressSanitizer, LeakSanitizer (part of AddressSanitizer),Dan Liew
MemorySanitzer and ThreadSanitizer environment variables when running lit tests. This makes it easy suppress errors in sanitized versions of KLEE
2015-12-11Change SilentKleeAssume.c test slightly so thatDan Liew
``--silent-klee-assume=0`` is no longer passed. This ensures that we also check that ``--silent-klee-assume`` is off by default.
2015-12-11Add command line flag ``--silent-klee-assume``to suppress errors due toValentin Wüstholz
infeasible assumptions.
2015-11-08Merge pull request #269 from MartinNowack/fix_sremMartinNowack
[STPBuilder] Generate SRrem expressions correctly
2015-09-25Don't use /tmp for futimesat unit testAndrew Chi
This causes problems on a shared machine where multiple users are running the KLEE unit tests.
2015-09-22[STPBuilder] Generate SRrem expressions correctlyMartin Nowack
The '%' operater in C is not Gauss Modulo but remainder operations. Using a negative number as right operand can result in a negative number. Fix appropriate SRem building Note: MetaSMTlib implementation doesn't have that bug.
2015-09-21Merge pull request #274 from MartinNowack/fix_sdiv_1Cristian Cadar
Fix signed division by constant 1/ -1
2015-09-05Allow to generate initial values with empty constraint setMartin Nowack
2015-08-30Fix signed division by constant 1/ -1Martin Nowack
Division by constant divisor get optimized using shift and multiplication operations in STP builder. The used method cannot be applied for divisor 1 and -1. In that case use slow path.
2015-08-21Merge pull request #251 from ret2libc/entryFnParamCristian Cadar
Added option to specify a different entry point from main(). Remove some whitespaces.
2015-08-14test: add Feature test for EntryPoint optionRiccardo Schirone
2015-04-29Fix assertion failure in getDirectCallTargetSean Bartell
It failed when the function being called is a bitcasted alias.
2015-04-19Fixed RewriteEqualities input to be more resilient to differences in ↵Cristian Cadar
compilation.
2015-04-19Temportily marking RewriteEqualities test as XFAIL.Cristian Cadar
2015-04-19Added a new test case that checks the --rewrite-equalities optimisation. ↵Cristian Cadar
The test contains the program proposed by Eric Rizzi in https://github.com/klee/klee/issues/227, and shows a case in which a constant constraint results after the optimisation.
2015-04-15Fix the handling of AShrExpr in ExprSMTLIBPrinter so that an overshiftDan Liew
always goes to zero (matches LLVM's APInt::ashr(...)). This is meant to partially address issue #218. There are a few problems with this commit * It is possible for AShrExpr to not be abbreviated because the scan methods will not see that we print the 0th child of the AShrExpr twice * The added test case should really be run through an SMT solver ( i.e. STP) but that requires infrastructure changes.
2015-04-01[test] Fix compilation warningMartin Nowack
Use correct definition and declaration of main function
2015-04-01[tests] Fix undefined functionMartin Nowack
Add some missing header to silence compiler warnings
2015-03-20Improve arithmetic-right-overshift-sym-conc.c test by make sure itDan Liew
also test a negative constant as the lhs.