Esempio n. 1
0
        public void RemByZero()
        {
            var builders = GetSimpleAndConstantFoldingBuilder();
            var sfb      = builders.Item1;
            var cfb      = builders.Item2;
            var dividend = cfb.ConstantBV(5, 4);
            var divisor  = cfb.ConstantBV(0, 4);

            var noFoldResult = sfb.BVSMOD(dividend, divisor);
            var cfbNoFold    = cfb.BVSMOD(dividend, divisor);

            CheckIsBvType(cfbNoFold, 4);
            CheckIsBvType(noFoldResult, 4);
            Assert.IsNull(ExprUtil.AsLiteral(cfbNoFold));
            Assert.IsTrue(ExprUtil.StructurallyEqual(noFoldResult, cfbNoFold));
            CheckIsBvType(cfbNoFold, 4);
        }
Esempio n. 2
0
        public void NoFold()
        {
            var builders = GetSimpleAndConstantFoldingBuilder();
            SimpleExprBuilder          sfb = builders.Item1;
            ConstantFoldingExprBuilder cfb = builders.Item2;
            var arg0         = GetVarAndIdExpr("x", BasicType.GetBvType(8)).Item2;
            var arg1         = GetVarAndIdExpr("y", BasicType.GetBvType(8)).Item2;
            var simpleResult = sfb.BVSGE(arg0, arg1);
            var result       = cfb.BVSGE(arg0, arg1);

            CheckIsBoolType(result);
            CheckIsBoolType(simpleResult);

            Assert.IsNull(ExprUtil.AsLiteral(result));
            Assert.IsNotNull(ExprUtil.AsBVSGE(result));
            Assert.IsTrue(ExprUtil.StructurallyEqual(result, simpleResult));
        }
Esempio n. 3
0
        public void RequiresEqualityConstraintBV()
        {
            p = LoadProgramFrom(@"
                var g:bv32;
                procedure main()
                modifies g;
                requires (g == 0bv32);
                {
                    assert {:symbooglix_bp ""entry""} true;
                    assert g == 0bv32;
                }
                ", "test.bpl");

            e = GetExecutor(p, new DFSStateScheduler(), GetSolver());
            int bpCounter = 0;

            e.BreakPointReached += delegate(object sender, Executor.BreakPointEventArgs eventArgs)
            {
                ++bpCounter;
                switch (eventArgs.Name)
                {
                case "entry":
                    // Check that the global "g" is concrete
                    var p1    = e.CurrentState.GetInScopeVariableAndExprByName("g");
                    var asLit = ExprUtil.AsLiteral(p1.Value);
                    Assert.IsNotNull(asLit);
                    Assert.IsTrue(asLit.isBvConst);
                    Assert.AreEqual(Microsoft.Basetypes.BigNum.FromInt(0), asLit.asBvConst.Value);
                    Assert.AreEqual(32, asLit.asBvConst.Bits);
                    break;

                default:
                    Assert.Fail("Unexpected break point");
                    break;
                }
            };

            var tc = new TerminationCounter();

            tc.Connect(e);
            e.Run(GetMain(p));
            Assert.AreEqual(1, bpCounter);
            Assert.AreEqual(1, tc.Sucesses);
            Assert.AreEqual(0, tc.NumberOfFailures);
        }
Esempio n. 4
0
        public void SelectMapStoreStoresToSymbolicIndex(int depth)
        {
            var builders           = GetSimpleAndConstantFoldingBuilder();
            var sb                 = builders.Item1;
            var cfb                = builders.Item2;
            var map                = GetMapVariable("m", BasicType.Int, BasicType.Int).Item1;
            var unconstrainedIndex = GetVarAndIdExpr("idx", BasicType.Int).Item2;

            var update   = cfb.MapStore(map, cfb.ConstantInt(1), unconstrainedIndex);
            var updateSb = sb.MapStore(map, cfb.ConstantInt(1), unconstrainedIndex);

            // Add multiple updates to various locations, these should prevent accessing the deeply nested mapStore at unconstrainedIndex
            for (int index = 0; index < depth; ++index)
            {
                update   = cfb.MapStore(update, cfb.ConstantInt(2 + index), cfb.ConstantInt(index));
                updateSb = sb.MapStore(updateSb, sb.ConstantInt(2 + index), cfb.ConstantInt(index));
            }

            // Now do a MapSelect from same location
            var result   = cfb.MapSelect(update, unconstrainedIndex);
            var resultSb = sb.MapSelect(update, unconstrainedIndex);

            CheckIsInt(result);
            CheckIsInt(resultSb);

            if (depth == 0)
            {
                // Only in this case should we be able to get a concrete value back

                // Now check we read the concrete value we expect
                var asLit = ExprUtil.AsLiteral(result);
                Assert.IsNotNull(asLit);
                Assert.AreEqual(BigNum.FromInt(1), asLit.asBigNum);
            }
            else
            {
                Assert.IsNull(ExprUtil.AsLiteral(result));
                Assert.IsNotNull(ExprUtil.AsMapSelect(result));
                // The result should be structurally the same as what the non folding builder built (i.e no folding happened)
                Assert.AreEqual(resultSb, result);
            }
        }
Esempio n. 5
0
        public void SameExprAdded()
        {
            var cfb  = GetConstantFoldingBuilder();
            var x    = GetVarAndIdExpr("x", BasicType.GetBvType(8)).Item2;
            var y    = GetVarAndIdExpr("x", BasicType.GetBvType(8)).Item2;
            var side = cfb.BVADD(x, y);

            CheckIsBvType(side, 8);
            Assert.IsNull(ExprUtil.AsLiteral(side));
            var result = cfb.BVADD(side, side);

            CheckIsBvType(result, 8);
            var mul = ExprUtil.AsBVMUL(result);

            Assert.IsNotNull(mul);
            var lhs = ExprUtil.AsLiteral(mul.Args[0]);

            Assert.IsNotNull(lhs);
            Assert.AreEqual(2, lhs.asBvConst.Value.ToInt);
            Assert.AreSame(side, mul.Args[1]);
        }
Esempio n. 6
0
 public void FollowThen()
 {
     p = LoadProgramFrom(@"
         procedure main()
         {
             var a:int;
             var b:int;
             var old_b:int;
             old_b := b;
             assume a > 0;
             b := if a > 0 then 1 else b;
             assert {:symbooglix_bp ""follow_then""} b == 1;
         }
         ", "test.bpl");
     Run(0, 1, (object sender, Executor.BreakPointEventArgs e) =>
     {
         Assert.AreEqual("follow_then", e.Name);
         Executor executor = sender as Executor;
         Assert.IsNotNull(executor);
         var pair = executor.CurrentState.GetInScopeVariableAndExprByName("b");
         Assert.IsNotNull(ExprUtil.AsLiteral(pair.Value));
         Assert.AreEqual("1", pair.Value.ToString());
     });
 }
Esempio n. 7
0
        public void SelectMapStoreSingleIndexRepeatedStoresToConcreteIndex(int depth)
        {
            var cfb = GetConstantFoldingBuilder();
            var map = GetMapVariable("m", BasicType.Int, BasicType.Int).Item1;

            var update = cfb.MapStore(map, cfb.ConstantInt(1), cfb.ConstantInt(1));

            // Add multiple updates to the same location
            for (int index = 0; index < depth; ++index)
            {
                update = cfb.MapStore(update, cfb.ConstantInt(2 + index), cfb.ConstantInt(1));
            }

            // Now do a MapSelect from same location
            var result = cfb.MapSelect(update, cfb.ConstantInt(1));

            CheckIsInt(result);

            // Now check we read the concrete value we expect
            var asLit = ExprUtil.AsLiteral(result);

            Assert.IsNotNull(asLit);
            Assert.AreEqual(BigNum.FromInt(1 + depth), asLit.asBigNum);
        }
Esempio n. 8
0
        public void SymbolicWriteForcesStoresToBeDropped()
        {
            // Build var m:[int]bool;
            var mapTy = GetMapVariable(BPLType.Int, BPLType.Int);

            // Build map variable variable
            var builder = GetSimpleExprBuilder();
            var mv      = GetVariable("map", mapTy);
            var mapId   = builder.Identifier(mv);
            var mp      = GetMapProxy(mapId);

            // m[0] := false
            mp.WriteMapAt(new List <Expr>()
            {
                builder.ConstantInt(0)
            }, builder.ConstantInt(99));

            // m[2] := true
            mp.WriteMapAt(new List <Expr>()
            {
                builder.ConstantInt(2)
            }, builder.ConstantInt(101));

            // m[5] := false
            mp.WriteMapAt(new List <Expr>()
            {
                builder.ConstantInt(5)
            }, builder.ConstantInt(25));

            // Read back
            Assert.AreEqual(builder.ConstantInt(99), mp.ReadMapAt(new List <Expr>()
            {
                builder.ConstantInt(0)
            }));
            Assert.AreEqual(builder.ConstantInt(101), mp.ReadMapAt(new List <Expr>()
            {
                builder.ConstantInt(2)
            }));
            Assert.AreEqual(builder.ConstantInt(25), mp.ReadMapAt(new List <Expr>()
            {
                builder.ConstantInt(5)
            }));

            // Now write to a symbolic location. This should cause all the stores to flushed
            // and then dropped
            var symIndex = GetVariable("symIndex", BPLType.Int);

            mp.WriteMapAt(new List <Expr>()
            {
                builder.Identifier(symIndex)
            }, builder.ConstantInt(11));

            // Read back
            var m0AfterFlush = mp.ReadMapAt(new List <Expr>()
            {
                builder.ConstantInt(0)
            });

            Assert.IsNull(ExprUtil.AsLiteral(m0AfterFlush));
            Assert.AreEqual("map[0 := 99][2 := 101][5 := 25][symIndex := 11][0]", m0AfterFlush.ToString());

            var m2AfterFlush = mp.ReadMapAt(new List <Expr>()
            {
                builder.ConstantInt(2)
            });

            Assert.IsNull(ExprUtil.AsLiteral(m2AfterFlush));
            Assert.AreEqual("map[0 := 99][2 := 101][5 := 25][symIndex := 11][2]", m2AfterFlush.ToString());

            var m5AfterFlush = mp.ReadMapAt(new List <Expr>()
            {
                builder.ConstantInt(5)
            });

            Assert.IsNull(ExprUtil.AsLiteral(m5AfterFlush));
            Assert.AreEqual("map[0 := 99][2 := 101][5 := 25][symIndex := 11][5]", m5AfterFlush.ToString());
        }
Esempio n. 9
0
            public IBranchSatisfiabilityResult CheckBranchSatisfiability(IConstraintManager constraints, Constraint trueExpr, IExprBuilder builder)
            {
                // Note: We implicitly assume that the constraints are satisfiable
                TryInterupt = false;
                IQueryResult falseBranchResult = null;
                IQueryResult trueBranchResult  = null;

                try
                {
                    Timer.Start();
                    // Fast path: trueExpr is constant
                    var trueExprAsLit = ExprUtil.AsLiteral(trueExpr.Condition);
                    if (trueExprAsLit != null)
                    {
                        if (!trueExprAsLit.isBool)
                        {
                            throw new ExprTypeCheckException("trueExpr must be of boolean type");
                        }

                        if (trueExprAsLit.asBool)
                        {
                            return(new SimpleBranchSatsifiabilityResult(Result.SAT, Result.UNSAT));
                        }
                        else
                        {
                            return(new SimpleBranchSatsifiabilityResult(Result.UNSAT, Result.SAT));
                        }
                    }

                    // Slow path: Invoke solver

                    // First see if it's possible for the false branch to be feasible
                    // ∃ X constraints(X) ∧ ¬ condition(X)
                    var query = new Solver.Query(constraints, trueExpr);
                    falseBranchResult = InternalComputeSatisfiability(query.WithNegatedQueryExpr(builder));
                    var falseBranch = falseBranchResult.Satisfiability;


                    var trueBranch = Result.UNKNOWN;
                    // Only invoke solver again if necessary
                    if (falseBranch == Result.UNSAT)
                    {
                        // This actually implies that
                        //
                        // ∀X : C(X) → Q(X)
                        // That is if the constraints are satisfiable then
                        // the query expr is always true. Because we've been
                        // checking constraints as we go we already know C(X) is satisfiable
                        trueBranch = Result.SAT;
                    }
                    else
                    {
                        if (TryInterupt)
                        {
                            // Don't do next solver call
                            Console.Error.WriteLine("WARNING: Tried to kill solver during CheckBranchSatisfiability()");
                            return(new SimpleBranchSatsifiabilityResult(Result.UNKNOWN, falseBranch));
                        }

                        // Now see if it's possible for execution to continue past the assertion
                        // ∃ X constraints(X) ∧ condition(X)
                        trueBranchResult = InternalComputeSatisfiability(query);
                        trueBranch       = trueBranchResult.Satisfiability;
                    }

                    return(new SimpleBranchSatsifiabilityResult(trueBranch, falseBranch));
                }
                finally
                {
                    Timer.Stop();
                    if (falseBranchResult != null)
                    {
                        UpdateStatistics(falseBranchResult);
                    }

                    if (trueBranchResult != null)
                    {
                        UpdateStatistics(trueBranchResult);
                    }
                }
            }