public Z3BoolExpr MkTest(Z3Expr t, Term type) { Term intr; var unn = Owner.GetIntersection(Type, type, out intr); var bt = (Z3BVExpr)UnboxingFun.Apply(t); if (intr == null) { return(Context.MkFalse()); } else if (intr == Type) { return(Context.MkTrue()); } Z3BoolExpr test = null; foreach (var i in unn.RangeMembers) { var istart = Context.MkBV((i.Key - Lower).ToString(), bvSort.Size); var iend = Context.MkBV((i.Value - Lower).ToString(), bvSort.Size); test = test.Or(Context, bt.UGe(Context, istart).And(Context, bt.ULe(Context, iend))); } return(test); }
public Z3BoolExpr MkTest(Z3Expr t, Term type) { Term intr; var unn = Owner.GetIntersection(Type, type, out intr); var it = (Z3IntExpr)UnboxingFun.Apply(t); if (intr == null) { return(Context.MkFalse()); } else if (intr == Type) { return(Context.MkTrue()); } Z3BoolExpr test = null; var iPos = MkIntCoercion(t); foreach (var r in unn.RangeMembers) { test = test.Or( Context, iPos.Ge( Context, Context.MkInt(r.Key.ToString())).And( Context, iPos.Le(Context, Context.MkInt(r.Value.ToString())))); } return(test); }
public Z3BoolExpr MkTest(Z3Expr t, Term type) { Term intr; var unn = Owner.GetIntersection(Type, type, out intr); var bt = (Z3BVExpr)UnboxingFun.Apply(t); if (intr == null) { return(Context.MkFalse()); } else if (intr == Type) { return(Context.MkTrue()); } Z3BoolExpr test = null; foreach (var m in unn.NonRangeMembers) { if (m.Kind != SymbolKind.BaseCnstSymb && m.Kind != SymbolKind.UserCnstSymb) { continue; } test = test.Or(Context, bt.Eq(Context, Context.MkBV(symbToVal[m], bvSort.Size))); } return(test); }
public Z3BoolExpr MkTest(Z3Expr t, Term type) { Term intr; var unn = Owner.GetIntersection(Type, type, out intr); var rt = (Z3RealExpr)t; if (intr == null) { return(Context.MkFalse()); } else if (intr == Type) { return(Context.MkTrue()); } Z3BoolExpr test = null; if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.Integer))) { test = test.Or(Context, Context.MkIsInteger(rt)); } else { if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.Natural))) { test = test.Or(Context, Context.MkIsInteger(rt).And(Context, rt.Ge(Context, Context.MkReal(0)))); } else if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.PosInteger))) { test = test.Or(Context, Context.MkIsInteger(rt).And(Context, rt.Ge(Context, Context.MkReal(1)))); } if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.NegInteger))) { test = test.Or(Context, Context.MkIsInteger(rt).And(Context, rt.Lt(Context, Context.MkReal(0)))); } } Rational r; foreach (var e in unn.NonRangeMembers) { if (e.Kind != SymbolKind.BaseCnstSymb) { continue; } r = (Rational)((BaseCnstSymb)e).Raw; test = test.Or(Context, rt.Eq(Context, Context.MkReal(string.Format("{0}/{1}", r.Numerator, r.Denominator)))); } foreach (var i in unn.RangeMembers) { test = test.Or(Context, rt.Ge(Context, Context.MkReal(i.Key.ToString())). And(Context, rt.Le(Context, Context.MkReal(i.Value.ToString()))). And(Context, Context.MkIsInteger(rt))); } return(test); }
public void Test_Runner_Jmp_7() { string programStr = " jz label1 " + Environment.NewLine + " mov rax, 10 " + Environment.NewLine + " jmp label2 " + Environment.NewLine + "label1: " + Environment.NewLine + " mov rax, 20 " + Environment.NewLine + "label2: " + Environment.NewLine + " mov rbx, rax " + Environment.NewLine + " jz label3 " + Environment.NewLine + "label3: "; Tools tools = this.CreateTools(); StaticFlow sFlow = new StaticFlow(tools); sFlow.Update(programStr); tools.StateConfig = sFlow.Create_StateConfig(); //var dFlow = Runner.Construct_DynamicFlow_Backward(sFlow, tools); DynamicFlow dFlow = Runner.Construct_DynamicFlow_Forward(sFlow, tools); //DotVisualizer.SaveToDot(sFlow, dFlow, "test1.dot"); State state = dFlow.EndState; Assert.IsNotNull(state); if (logToDisplay) { Console.WriteLine("state:\n" + state); } TestTools.IsTrue(state.IsConsistent); TestTools.AreEqual(Rn.RAX, "00000000_00000000_00000000_00000000_00000000_00000000_00000000_000????0", state); Microsoft.Z3.BoolExpr branch_Condition = dFlow.Get_Branch_Condition(0); { State state2a = new State(state); state2a.Add(new BranchInfo(branch_Condition, true)); if (logToDisplay) { Console.WriteLine("state with ZF = true:\n" + state2a); } TestTools.IsTrue(state2a.IsConsistent); TestTools.AreEqual(Rn.RAX, 10, state2a); } { State state2b = new State(state); state2b.Add(new BranchInfo(branch_Condition, false)); if (logToDisplay) { Console.WriteLine("state with ZF = false:\n" + state2b); } TestTools.IsTrue(state2b.IsConsistent); TestTools.AreEqual(Rn.RAX, 20, state2b); } }
/// <summary> /// Disjoins the current side constraint with constr /// </summary> /// <param name="constr"></param> /// <param name="context"></param> public void ExtendSideConstraint(int index, Z3BoolExpr constr, Z3Context context) { Z3BoolExpr crntConstr; if (SideConstraints.TryFindValue(index, out crntConstr)) { SideConstraints[index] = context.MkOr(crntConstr, constr); } else { SideConstraints.Add(index, constr); } }
public static Z3BoolExpr And(this Z3BoolExpr expr1, Z3Context context, Z3BoolExpr expr2) { if (expr1 == null) { return(expr2); } else if (expr2 == null) { return(expr1); } else { return(context.MkAnd(expr1, expr2)); } }
public void Test_Runner_Mem_Merge_1() { Tools tools = this.CreateTools(); tools.StateConfig.Set_All_Off(); tools.StateConfig.RAX = true; tools.StateConfig.RBX = true; tools.StateConfig.ZF = true; tools.StateConfig.Mem = true; tools.Quiet = true; string programStr = " jz label1 " + Environment.NewLine + " mov byte ptr[rax], 10 " + Environment.NewLine + " jmp label2 " + Environment.NewLine + "label1: " + Environment.NewLine + " mov byte ptr[rax], 20 " + Environment.NewLine + "label2: " + Environment.NewLine + " mov bl, byte ptr[rax] "; StaticFlow sFlow = new StaticFlow(tools); sFlow.Update(programStr); DynamicFlow dFlow = Runner.Construct_DynamicFlow_Backward(sFlow, tools); State state = dFlow.EndState; State state3 = new State(state); State state4 = new State(state); Microsoft.Z3.BoolExpr branch_Condition = dFlow.Get_Branch_Condition(0); state3.Add(new BranchInfo(branch_Condition, true)); if (logToDisplay) { Console.WriteLine("state3:\n" + state3); } TestTools.AreEqual(Rn.BL, 10, state3); state4.Add(new BranchInfo(branch_Condition, false)); if (logToDisplay) { Console.WriteLine("state4:\n" + state4); } TestTools.AreEqual(Rn.BL, 20, state4); }
public Z3BoolExpr MkTest(Z3Expr t, Term type) { Term intr; var unn = Owner.GetIntersection(Type, type, out intr); var it = (Z3IntExpr)t; if (intr == null) { return(Context.MkFalse()); } else if (intr == Type) { return(Context.MkTrue()); } Z3BoolExpr test = null; if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.Natural))) { test = test.Or(Context, it.Ge(Context, Context.MkInt(0))); } else if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.PosInteger))) { test = test.Or(Context, it.Ge(Context, Context.MkInt(1))); } if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.NegInteger))) { test = test.Or(Context, it.Lt(Context, Context.MkInt(0))); } foreach (var i in unn.RangeMembers) { test = test.Or(Context, it.Ge(Context, Context.MkInt(i.Key.ToString())). And(Context, it.Le(Context, Context.MkInt(i.Value.ToString())))); } return(test); }
public Z3BoolExpr MkTest(Z3Expr t, Term type) { Contract.Assert(t != null && t.Sort.Equals(Representation)); Term intr; var unn = Owner.GetIntersection(Type, type, out intr); if (intr == null) { return(Context.MkFalse()); } else if (intr == Type) { return(Context.MkTrue()); } Z3BoolExpr test = null; var nat = (Z3IntExpr)UnboxingFun.Apply(t); if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.PosInteger))) { test = test.Or(Context, nat.NEq(Context, Context.MkInt(0))); } var iNat = MkIntCoercion(t); foreach (var r in unn.RangeMembers) { test = test.Or( Context, iNat.Ge( Context, Context.MkInt(r.Key.ToString())).And( Context, iNat.Le(Context, Context.MkInt(r.Value.ToString())))); } return(test); }
public Z3BoolExpr MkTest(Z3Expr t, Term type) { Term intr; var unn = Owner.GetIntersection(Type, type, out intr); var st = (Z3Expr)t; if (intr == null) { return(Context.MkFalse()); } else if (intr == Type) { return(Context.MkTrue()); } Z3BoolExpr test = null; BaseCnstSymb bc; foreach (var e in unn.NonRangeMembers) { if (e.Kind != SymbolKind.BaseCnstSymb) { continue; } bc = (BaseCnstSymb)e; if (bc.CnstKind != CnstKind.String) { continue; } test = test.Or(Context, st.Eq(Context, MkGround(e, null))); } return(test); }
public void Test_Runner_Jmp_11() { string programStr = " cmp al, 0 " + Environment.NewLine + " jp label1 " + Environment.NewLine + " mov al, 1 " + Environment.NewLine + " jz label1 " + Environment.NewLine + " mov al, 2 " + Environment.NewLine + "label1: "; Tools tools = this.CreateTools(); StaticFlow sFlow = new StaticFlow(tools); sFlow.Update(programStr); if (logToDisplay) { Console.WriteLine(sFlow.ToString()); } tools.StateConfig = sFlow.Create_StateConfig(); DynamicFlow dFlow = Runner.Construct_DynamicFlow_Backward(sFlow, tools); State state = dFlow.EndState; Assert.IsNotNull(state); if (logToDisplay) { Console.WriteLine("state:\n" + state); } TestTools.IsTrue(state.IsConsistent); Microsoft.Z3.BoolExpr branch_Condition_jp = dFlow.Get_Branch_Condition(1); Microsoft.Z3.BoolExpr branch_Condition_jz = dFlow.Get_Branch_Condition(3); if (true) { if (true) { State state2 = new State(state); state2.Add(new BranchInfo(branch_Condition_jp, true)); state2.Add(new BranchInfo(branch_Condition_jz, true)); TestTools.AreEqual(Rn.AL, "00000000", state2); } if (true) { State state2 = new State(state); state2.Add(new BranchInfo(branch_Condition_jp, true)); state2.Add(new BranchInfo(branch_Condition_jz, false)); TestTools.AreEqual(Rn.AL, "????????", state2); } if (true) { State state2 = new State(state); state2.Add(new BranchInfo(branch_Condition_jp, false)); state2.Add(new BranchInfo(branch_Condition_jz, true)); TestTools.AreEqual(Rn.AL, "XXXXXXXX", state2); } if (true) { State state2 = new State(state); state2.Add(new BranchInfo(branch_Condition_jp, false)); state2.Add(new BranchInfo(branch_Condition_jz, false)); TestTools.AreEqual(Rn.AL, "00000010", state2); } } }
public static Z3BoolExpr Not(this Z3BoolExpr expr1, Z3Context context) { Contract.Assert(expr1 != null); return(context.MkNot(expr1)); }
public static Z3BoolExpr Iff(this Z3BoolExpr expr1, Z3Context context, Z3BoolExpr expr2) { Contract.Assert(expr1 != null && expr2 != null); return(context.MkIff(expr1, expr2)); }
public static Z3Expr Ite(this Z3BoolExpr cond, Z3Context context, Z3Expr ifTrue, Z3Expr ifFalse) { Contract.Assert(cond != null && ifTrue != null && ifFalse != null); return(context.MkITE(cond, ifTrue, ifFalse)); }
public Z3BoolExpr MkTest(Z3Expr t, Term type) { ///// Produces a test of the form. //// ite(isBox_T(t), Test_T(t), ...). Term intr; var unn = Owner.GetIntersection(Type, type, out intr); if (intr == null) { return(Context.MkFalse()); } else if (intr == Type) { return(Context.MkTrue()); } bool wasAdded; Z3Con boxCon; Z3Fun unbox, tester; Z3BoolExpr boxTest; ITypeEmbedding te; Term subtypeTrm; MutableTuple <Z3Con, Term> subtype; Z3BoolExpr iteTest = Context.MkFalse(); //// For non-user sorts, want to project the type along the boxed type, so the boxed type //// can decide how to encode the test of this projection. Map <Z3Sort, MutableTuple <Z3Con, Term> > subtypes = new Map <Z3Sort, MutableTuple <Z3Con, Term> >((x, y) => ((int)x.Id) - ((int)y.Id)); foreach (var s in unn.NonRangeMembers) { boxCon = GetBoxer(s); Contract.Assert(boxCon != null); unbox = boxCon.AccessorDecls[0]; if (s.Kind == SymbolKind.UserSortSymb) { tester = boxCon.TesterDecl; te = Owner.GetEmbedding(unbox.Range); boxTest = (Z3BoolExpr)tester.Apply(t); subtypeTrm = Index.MkApply(s, TermIndex.EmptyArgs, out wasAdded); iteTest = (Z3BoolExpr)boxTest.Ite(Context, te.MkTest(unbox.Apply(t), subtypeTrm), iteTest); } else { if (!subtypes.TryFindValue(unbox.Range, out subtype)) { subtype = new MutableTuple <Z3Con, Term>( boxCon, Index.MkApply(s, TermIndex.EmptyArgs, out wasAdded)); subtypes.Add(unbox.Range, subtype); } else { subtype.Item2 = Index.MkApply( Index.TypeUnionSymbol, new Term[] { Index.MkApply(s, TermIndex.EmptyArgs, out wasAdded), subtype.Item2 }, out wasAdded); } } } foreach (var kv in unn.RangeMembers) { subtypeTrm = Index.MkApply( Index.RangeSymbol, new Term[] { Index.MkCnst(new Rational(kv.Key, BigInteger.One), out wasAdded), Index.MkCnst(new Rational(kv.Value, BigInteger.One), out wasAdded) }, out wasAdded); foreach (var bc in GetBoxers(kv.Key, kv.Value)) { unbox = bc.AccessorDecls[0]; if (!subtypes.TryFindValue(unbox.Range, out subtype)) { subtype = new MutableTuple <Z3Con, Term>(bc, subtypeTrm); subtypes.Add(unbox.Range, subtype); } else { subtype.Item2 = Index.MkApply( Index.TypeUnionSymbol, new Term[] { subtypeTrm, subtype.Item2 }, out wasAdded); } } } foreach (var kv in subtypes) { boxCon = kv.Value.Item1; Contract.Assert(boxCon != null); unbox = boxCon.AccessorDecls[0]; tester = boxCon.TesterDecl; te = Owner.GetEmbedding(unbox.Range); boxTest = (Z3BoolExpr)tester.Apply(t); iteTest = (Z3BoolExpr)boxTest.Ite(Context, te.MkTest(unbox.Apply(t), kv.Value.Item2), iteTest); } return(iteTest); }