From cbf10dbdd7345434e0ec74526ec3ca3d0391797a Mon Sep 17 00:00:00 2001 From: Cristian Cadar Date: Fri, 20 Oct 2023 16:58:26 +0100 Subject: Concretize constants using seed values, when available. Added two tests (w/ and w/o seed extension) based on FP concretization. --- lib/Core/Executor.cpp | 34 +++++++++++++++++++++++++--------- lib/Core/Executor.h | 7 +++++++ 2 files changed, 32 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index 7fe20bb8..e4fba39b 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -1329,16 +1329,21 @@ Executor::toConstant(ExecutionState &state, if (ConstantExpr *CE = dyn_cast(e)) return CE; - ref value; - bool success = - solver->getValue(state.constraints, e, value, state.queryMetaData); - assert(success && "FIXME: Unhandled solver failure"); - (void) success; + ref value; + if (auto found = seedMap.find(&state); found != seedMap.end()) + value = getValueFromSeeds(found->second, e); + /* If no seed evaluation results in a constant, call the solver */ + ref cvalue = llvm::dyn_cast_or_null(value); + if (!cvalue) { + [[maybe_unused]] bool success = + solver->getValue(state.constraints, e, cvalue, state.queryMetaData); + assert(success && "FIXME: Unhandled solver failure"); + } std::string str; llvm::raw_string_ostream os(str); os << "silently concretizing (reason: " << reason << ") expression " << e - << " to value " << value << " (" << (*(state.pc)).info->file << ":" + << " to value " << cvalue << " (" << (*(state.pc)).info->file << ":" << (*(state.pc)).info->line << ")"; if (ExternalCallWarnings == ExtCallWarnings::All) @@ -1346,9 +1351,20 @@ Executor::toConstant(ExecutionState &state, else klee_warning_once(reason, "%s", os.str().c_str()); - addConstraint(state, EqExpr::create(e, value)); - - return value; + addConstraint(state, EqExpr::create(e, cvalue)); + + return cvalue; +} + +ref +Executor::getValueFromSeeds(std::vector &seeds, ref e) { + assert(!seeds.empty()); + for (auto seed:seeds) { + auto value = seed.assignment.evaluate(e); + if (isa(value)) + return value; + } + return nullptr; } void Executor::executeGetValue(ExecutionState &state, diff --git a/lib/Core/Executor.h b/lib/Core/Executor.h index f7f84101..bf773fa5 100644 --- a/lib/Core/Executor.h +++ b/lib/Core/Executor.h @@ -396,6 +396,13 @@ private: ref toConstant(ExecutionState &state, ref e, const char *purpose); + /// Evaluate the given expression under each seed, and return the + /// first one that results in a constant, if such a seed exist. Otherwise, + /// return the non-constant evaluation of the expression under one of the + /// seeds. + ref getValueFromSeeds(std::vector &seeds, + ref e); + /// Bind a constant value for e to the given target. NOTE: This /// function may fork state if the state has multiple seeds. void executeGetValue(ExecutionState &state, ref e, KInstruction *target); -- cgit 1.4.1