static void Prove(Z3.Context ctx, BoolExpr f, bool useMBQI = false, params BoolExpr[] assumptions)
{
Console.WriteLine("Proving: " + f);
Solver s = ctx.MkSolver();
Params p = ctx.MkParams();
p.Add("mbqi", useMBQI);
s.Parameters = p;
foreach (BoolExpr a in assumptions)
{
s.Assert(a);
}
s.Assert(ctx.MkNot(f));
Status q = s.Check();
switch (q)
{
case Status.UNKNOWN:
Console.WriteLine("Unknown because: " + s.ReasonUnknown);
break;
case Status.SATISFIABLE:
throw new Exception("Test failed");
case Status.UNSATISFIABLE:
Console.WriteLine("OK, proof: " + s.Proof);
break;
}
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" },
{ "MODEL", "true" }
};
using (Context ctx = new Context(cfg))
{
EnumSort color = ctx.MkEnumSort("Color", new string[] { "red", "green", "blue" });
Expr red = color.Consts[0];
Expr green = color.Consts[1];
Expr blue = color.Consts[2];
Console.WriteLine(ctx.MkEq(green, blue));
Console.WriteLine(ctx.MkEq(green, blue).Simplify());
Expr c = ctx.MkConst("c", color);
Solver s = ctx.MkSolver();
s.Assert(ctx.MkNot(ctx.MkEq(c, green)));
s.Assert(ctx.MkNot(ctx.MkEq(c, blue)));
Console.WriteLine(s.Check());
Console.WriteLine(s.Model);
}
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" }
};
using (Context ctx = new Context(cfg))
{
FuncDecl f = ctx.MkFuncDecl("f", new Sort[] { ctx.IntSort, ctx.IntSort }, ctx.IntSort);
IntExpr x = ctx.MkIntConst("x");
IntExpr y = ctx.MkIntConst("y");
Console.WriteLine(ctx.MkForall(new Expr[] { x, y }, ctx.MkEq(f[x, y], ctx.MkInt(0))));
Console.WriteLine(ctx.MkExists(new Expr[] { x }, ctx.MkGe((ArithExpr)f[x, x], ctx.MkInt(0))));
IntExpr a = ctx.MkIntConst("a");
IntExpr b = ctx.MkIntConst("b");
Solver s = ctx.MkSolver();
s.Assert(ctx.MkForall(new Expr[] { x }, ctx.MkEq(f[x, x], ctx.MkInt(0))));
s.Assert(ctx.MkEq(f[a, b], ctx.MkInt(1)));
Console.WriteLine(s.Check());
Console.WriteLine(s.Model);
}
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" }
};
using (Context ctx = new Context(cfg))
{
IntExpr dog = ctx.MkIntConst("dog");
IntExpr cat = ctx.MkIntConst("cat");
IntExpr mouse = ctx.MkIntConst("mouse");
Solver s = ctx.MkSolver();
s.Assert(ctx.MkGe(dog, ctx.MkInt(1)));
s.Assert(ctx.MkGe(cat, ctx.MkInt(1)));
s.Assert(ctx.MkGe(mouse, ctx.MkInt(1)));
s.Assert(ctx.MkEq(ctx.MkAdd(dog, cat, mouse), ctx.MkInt(100)));
s.Assert(ctx.MkEq(ctx.MkAdd(ctx.MkMul(ctx.MkInt(1500), dog),
ctx.MkMul(ctx.MkInt(100), cat),
ctx.MkMul(ctx.MkInt(25), mouse)),
ctx.MkInt(10000)));
Console.WriteLine(s.Check());
Console.WriteLine(s.Model);
}
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
};
using (Context ctx = new Context(cfg))
{
FuncDecl f = ctx.MkFuncDecl("f", ctx.IntSort, ctx.IntSort);
FuncDecl g = ctx.MkFuncDecl("g", ctx.IntSort, ctx.IntSort);
IntExpr a = ctx.MkIntConst("a");
IntExpr b = ctx.MkIntConst("b");
IntExpr c = ctx.MkIntConst("c");
IntExpr x = ctx.MkIntConst("x");
Solver s = ctx.MkSolver();
Params p = ctx.MkParams();
p.Add("AUTO_CONFIG", false);
p.Add("MBQI", false);
s.Parameters = p;
s.Assert(ctx.MkForall(new Expr[] { x }, ctx.MkEq(f[g[x]], x), 1, new Pattern[] { ctx.MkPattern(f[g[x]]) }));
s.Assert(ctx.MkEq(g[a], c));
s.Assert(ctx.MkEq(g[b], c));
s.Assert(ctx.MkDistinct(a, b));
Console.WriteLine(s);
Console.WriteLine(s.Check());
}
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" }
};
using (Context ctx = new Context(cfg))
{
IntExpr x = ctx.MkIntConst("x");
IntExpr y = ctx.MkIntConst("y");
Solver s = ctx.MkSolver();
Console.WriteLine(s);
s.Assert(ctx.MkGt(x, ctx.MkInt(10)), ctx.MkEq(y, ctx.MkAdd(x, ctx.MkInt(2))));
Console.WriteLine(s);
Console.WriteLine("solving s");
Console.WriteLine(s.Check());
Console.WriteLine("creating new scope");
s.Push();
s.Assert(ctx.MkLt(y, ctx.MkInt(11)));
Console.WriteLine(s);
Console.WriteLine("solving updated constraints");
Console.WriteLine(s.Check());
Console.WriteLine("restoring");
s.Pop();
Console.WriteLine(s);
Console.WriteLine("solving restored constraints");
Console.WriteLine(s.Check());
}
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" },
{ "PROOF_MODE", "2" }
};
using (Context ctx = new Context(cfg))
{
ArrayExpr AllOne = ctx.MkConstArray(ctx.IntSort, ctx.MkInt(1));
IntExpr a = ctx.MkIntConst("a");
IntExpr i = ctx.MkIntConst("i");
Solver s = ctx.MkSolver();
s.Assert(ctx.MkEq(a, ctx.MkSelect(AllOne, i)));
Console.WriteLine(s.Check());
s = ctx.MkSolver();
s.Assert(ctx.MkEq(a, ctx.MkSelect(AllOne, i)));
s.Assert(ctx.MkNot(ctx.MkEq(a, ctx.MkInt(1))));
Console.WriteLine(s.Check());
}
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" }
};
using (Context ctx = new Context(cfg))
{
BitVecExpr x = ctx.MkBVConst("x", 16);
BitVecExpr y = ctx.MkBVConst("y", 16);
Params p = ctx.MkParams();
p.Add(":mul2concat", true);
Tactic t = ctx.Then(ctx.UsingParams(ctx.MkTactic("simplify"), p),
ctx.MkTactic("solve-eqs"),
ctx.MkTactic("bit-blast"),
ctx.MkTactic("aig"),
ctx.MkTactic("sat"));
Solver s = ctx.MkSolver(t);
s.Assert(ctx.MkEq(ctx.MkBVAdd(ctx.MkBVMul(x, ctx.MkBV(32, 16)), y), ctx.MkBV(13, 16)));
s.Assert(ctx.MkBVSLT(ctx.MkBVAND(x, y), ctx.MkBV(10, 16)));
s.Assert(ctx.MkBVSGT(y, ctx.MkBV(-100, 16)));
Console.WriteLine(s.Check());
Model m = s.Model;
Console.WriteLine(m);
Console.WriteLine(ctx.MkBVAdd(ctx.MkBVMul(x, ctx.MkBV(32, 16)), y) + " == " + m.Evaluate(ctx.MkBVAdd(ctx.MkBVMul(x, ctx.MkBV(32, 16)), y)));
Console.WriteLine(ctx.MkBVAND(x, y) + " == " + m.Evaluate(ctx.MkBVAND(x, y)));
}
}
static void Disprove(Context ctx, BoolExpr f, params BoolExpr[] assumptions)
{
Console.WriteLine("Disproving: " + f);
Solver s = Z3.Context.MkSolver();
foreach (BoolExpr a in assumptions)
{
s.Assert(a);
}
s.Assert(ctx.MkNot(f));
Status q = s.Check();
switch (q)
{
case Status.UNKNOWN:
Console.WriteLine("Unknown because: " + s.ReasonUnknown);
break;
case Status.SATISFIABLE:
Console.WriteLine("OK, model: " + s.Model);
break;
case Status.UNSATISFIABLE:
throw new ArgumentException("Test Failed Expception");
}
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" }
};
using (Context ctx = new Context(cfg))
{
Sort A = ctx.MkUninterpretedSort("A");
Sort B = ctx.MkUninterpretedSort("B");
FuncDecl f = ctx.MkFuncDecl("f", A, B);
Expr a1 = ctx.MkConst("a1", A);
Expr a2 = ctx.MkConst("a2", A);
Expr b = ctx.MkConst("b", B);
Expr x = ctx.MkConst("x", A);
Expr y = ctx.MkConst("y", A);
Solver s = ctx.MkSolver();
s.Assert(ctx.MkNot(ctx.MkEq(a1, a2)));
s.Assert(ctx.MkEq(f[a1], b));
s.Assert(ctx.MkEq(f[a2], b));
s.Assert(ctx.MkForall(new Expr[] { x, y }, ctx.MkImplies(ctx.MkEq(f[x], f[y]),
ctx.MkEq(x, y)),
1,
new Pattern[] { ctx.MkPattern(f[x], f[y]) }));
Console.WriteLine(s);
Console.WriteLine(s.Check());
}
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" }
};
using (Context ctx = new Context(cfg))
{
RealExpr d = ctx.MkRealConst("d");
RealExpr a = ctx.MkRealConst("a");
RealExpr t = ctx.MkRealConst("t");
RealExpr v_i = ctx.MkRealConst("v_i");
RealExpr v_f = ctx.MkRealConst("v_f");
BoolExpr[] equations = new BoolExpr[] {
ctx.MkEq(d, ctx.MkAdd(ctx.MkMul(v_i, t),
ctx.MkDiv(ctx.MkMul(a, ctx.MkPower(t, ctx.MkReal(2))),
ctx.MkReal(2)))),
ctx.MkEq(v_f, ctx.MkAdd(v_i, ctx.MkMul(a, t)))
};
Console.WriteLine("Kinematic equations: ");
foreach (BoolExpr e in equations)
{
Console.WriteLine(e);
}
BoolExpr[] problem = new BoolExpr[] {
ctx.MkEq(v_i, ctx.MkReal(0)),
ctx.MkEq(t, ctx.MkReal("4.10")),
ctx.MkEq(a, ctx.MkReal(6))
};
Console.WriteLine("Problem: ");
foreach (BoolExpr p in problem)
{
Console.WriteLine(p);
}
Solver s = ctx.MkSolver();
s.Assert(equations);
s.Assert(problem);
if (s.Check() != Status.SATISFIABLE)
{
throw new Exception("BUG");
}
Console.WriteLine("Solution: ");
Console.WriteLine(s.Model);
Console.WriteLine("Decimal Solution: ");
foreach (FuncDecl f in s.Model.ConstDecls)
{
Console.WriteLine(f.Name + " = " + ((RatNum)s.Model.ConstInterp(f)).ToDecimalString(10));
}
}
}
public override void ToSMTConstraints(Context z3Context, Solver z3Solver, int maxNumVars, VariableCache variableGenerator)
{
this.constraintVariable = variableGenerator.GetVarChoiceVariable(orgId);
ArithExpr myVariable = z3Context.MkIntConst(this.constraintVariable);
z3Solver.Assert(z3Context.MkLe(z3Context.MkInt(0), myVariable));
z3Solver.Assert(z3Context.MkLe(myVariable, z3Context.MkInt(maxNumVars - 1)));
}
public override void ToSMTConstraints(Context z3Context, Solver z3Solver, int maxNumVars, VariableCache variableGenerator)
{
this.constraintVariable = variableGenerator.GetFreshVariableName();
ArithExpr myVariable = z3Context.MkIntConst(this.constraintVariable);
z3Solver.Assert(z3Context.MkLe(z3Context.MkInt(0), myVariable));
z3Solver.Assert(z3Context.MkLe(myVariable, z3Context.MkInt(1)));
this.condition.ToSMTConstraints(z3Context, z3Solver, maxNumVars, variableGenerator);
}
public override void ToSMTConstraints(Context z3Context, Solver z3Solver, int maxNumVars, VariableCache variableGenerator)
{
this.constraintVariable = variableGenerator.GetConstChoiceVariable(orgValue);
ArithExpr myVariable = z3Context.MkIntConst(this.constraintVariable);
//range for variation of constants
//TODO: allow 0?
int lowerBound = Math.Max((int)(this.orgValue / 2), 0);
int upperBound = Math.Max((int)(this.orgValue * 2), 0);
z3Solver.Assert(z3Context.MkLe(z3Context.MkInt(lowerBound), myVariable));
z3Solver.Assert(z3Context.MkLe(myVariable, z3Context.MkInt(upperBound)));
}
public override void ToSMTConstraints(Context z3Context, Solver z3Solver, int maxNumVars, VariableCache variableGenerator)
{
/* constraint variable in { 0, 1 }
* 0 -> increment
* 1 -> decrement
*/
this.constraintVariable = variableGenerator.GetFreshVariableName();
ArithExpr myVariable = z3Context.MkIntConst(this.constraintVariable);
z3Solver.Assert(z3Context.MkLe(z3Context.MkInt(0), myVariable));
z3Solver.Assert(z3Context.MkLe(myVariable, z3Context.MkInt(1)));
this.arg.ToSMTConstraints(z3Context, z3Solver, maxNumVars, variableGenerator);
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" }
};
using (Context ctx = new Context(cfg))
{
ArithExpr[] Q = new ArithExpr[8];
for (uint i = 0; i < 8; i++)
{
Q[i] = ctx.MkIntConst(string.Format("Q_{0}", i + 1));
}
BoolExpr[] val_c = new BoolExpr[8];
for (uint i = 0; i < 8; i++)
{
val_c[i] = ctx.MkAnd(ctx.MkLe(ctx.MkInt(1), Q[i]),
ctx.MkLe(Q[i], ctx.MkInt(8)));
}
BoolExpr col_c = ctx.MkDistinct(Q);
BoolExpr[][] diag_c = new BoolExpr[8][];
for (uint i = 0; i < 8; i++)
{
diag_c[i] = new BoolExpr[i];
for (uint j = 0; j < i; j++)
{
diag_c[i][j] = (BoolExpr)ctx.MkITE(ctx.MkEq(ctx.MkInt(i), ctx.MkInt(j)),
ctx.MkTrue(),
ctx.MkAnd(ctx.MkNot(ctx.MkEq(ctx.MkSub(Q[i], Q[j]),
ctx.MkSub(ctx.MkInt(i), ctx.MkInt(j)))),
ctx.MkNot(ctx.MkEq(ctx.MkSub(Q[i], Q[j]),
ctx.MkSub(ctx.MkInt(j), ctx.MkInt(i))))));
}
}
Solver s = ctx.MkSolver();
s.Assert(val_c);
s.Assert(col_c);
foreach (var c in diag_c)
{
s.Assert(c);
}
Console.WriteLine(s.Check());
Console.WriteLine(s.Model);
}
}
public override void ToSMTConstraints(Context z3Context, Solver z3Solver, int maxNumVars, VariableCache variableGenerator)
{
/* constraint variable in { 0, 1 }
* 0 -> and
* 1 -> or
*/
this.constraintVariable = variableGenerator.GetFreshVariableName();
ArithExpr myVariable = z3Context.MkIntConst(this.constraintVariable);
z3Solver.Assert(z3Context.MkLe(z3Context.MkInt(0), myVariable));
z3Solver.Assert(z3Context.MkLe(myVariable, z3Context.MkInt(Enum.GetNames(typeof(WCCompound.Logic)).Length - 1)));
this.cond1.ToSMTConstraints(z3Context, z3Solver, maxNumVars, variableGenerator);
this.cond2.ToSMTConstraints(z3Context, z3Solver, maxNumVars, variableGenerator);
}
public override void ToSMTConstraints(Context z3Context, Solver z3Solver, int maxNumVars, VariableCache variableGenerator)
{
/* constraint variable in { 0, 1 }
* 0 -> plus
* 1 -> minus
*/
this.constraintVariable = variableGenerator.GetFreshVariableName();
ArithExpr myVariable = z3Context.MkIntConst(this.constraintVariable);
z3Solver.Assert(z3Context.MkLe(z3Context.MkInt(0), myVariable));
z3Solver.Assert(z3Context.MkLe(myVariable, z3Context.MkInt(Enum.GetNames(typeof(WEArith.ArithOp)).Length - 1)));
this.lhs.ToSMTConstraints(z3Context, z3Solver, maxNumVars, variableGenerator);
this.arg1.ToSMTConstraints(z3Context, z3Solver, maxNumVars, variableGenerator);
this.arg2.ToSMTConstraints(z3Context, z3Solver, maxNumVars, variableGenerator);
}
public override void ToSMTConstraints(Context z3Context, Solver z3Solver, int maxNumVars, VariableCache variableGenerator)
{
/* constraint variable in { 0, ..., 5 }
* -> eq, l, leq, neq, g, geq
*/
this.constraintVariable = variableGenerator.GetFreshVariableName();
ArithExpr myVariable = z3Context.MkIntConst(this.constraintVariable);
z3Solver.Assert(z3Context.MkLe(z3Context.MkInt(0), myVariable));
z3Solver.Assert(z3Context.MkLe(myVariable, z3Context.MkInt(Enum.GetNames(typeof(WCComparison.CompareType)).Length - 1)));
this.arg1.ToSMTConstraints(z3Context, z3Solver, maxNumVars, variableGenerator);
//Currently, arg2 may be concretized to a 0 constant, possibly resulting in an '== 0' or '!= 0' condition, which is a simple condition.
this.arg2.ToSMTConstraints(z3Context, z3Solver, maxNumVars, variableGenerator);
}
public void Test_Z3_MemWithArray_2()
{
#region Definitions
uint nBits = 8;
Context ctx = new Context();
BitVecExpr bv_0 = ctx.MkBV(0, nBits);
BitVecExpr bv_16 = ctx.MkBV(16, nBits);
BitVecExpr bv_32 = ctx.MkBV(32, nBits);
BitVecExpr rax = ctx.MkBVConst("RAX!0", nBits);
BitVecExpr rbx = ctx.MkBVConst("RBX!0", nBits);
BitVecExpr rcx = ctx.MkBVConst("RCX!0", nBits);
BitVecExpr rdx = ctx.MkBVConst("RDX!0", nBits);
ArrayExpr mem = ctx.MkArrayConst("mem", ctx.MkBitVecSort(nBits), ctx.MkBitVecSort(nBits));
Goal state = ctx.MkGoal();
#endregion
// Test possible memory overwrite
Console.WriteLine("mov qword ptr[16], 0 ; store at address=16 value=0");
mem = ctx.MkStore(mem, bv_16, bv_0);
Console.WriteLine("mov rax, qword ptr[16] ; load rax with the value at address=16");
state.Assert(ctx.MkEq(rax, ctx.MkSelect(mem, bv_16)));
Console.WriteLine("mov qword ptr[rcx], 32 ; store at unknown address rcx value 32, appreciate that address 16 could be overwritten");
mem = ctx.MkStore(mem, rcx, bv_32);
Console.WriteLine("mov rbx, qword ptr[16] ; load rbx with value at address 16, appreciate that rbx need not be equal to rax");
state.Assert(ctx.MkEq(rbx, ctx.MkSelect(mem, bv_16)));
if (true)
{
Console.WriteLine("cmp rcx, 16 ;");
Console.WriteLine("jnz label1: ");
state.Assert(ctx.MkEq(rcx, bv_16));
}
#region Write to console
Console.WriteLine("mem=" + mem);
Solver solver = ctx.MkSolver();
Solver solver_U = ctx.MkSolver();
solver.Assert(state.Formulas);
Console.WriteLine("state1=" + state);
if (true)
{
Tactic tactic1 = ctx.MkTactic("propagate-values");
Goal state2 = tactic1.Apply(state).Subgoals[0];
Console.WriteLine("state2=" + state2.ToString());
}
Console.WriteLine(string.Empty);
Tv[] raxTV = ToolsZ3.GetTvArray(rax, (int)nBits, solver, solver_U, ctx);
Console.WriteLine("rax = " + ToolsZ3.ToStringBin(raxTV) + " = " + ToolsZ3.ToStringHex(raxTV));
Tv[] rbxTV = ToolsZ3.GetTvArray(rbx, (int)nBits, solver, solver_U, ctx);
Console.WriteLine("rbx = " + ToolsZ3.ToStringBin(rbxTV) + " = " + ToolsZ3.ToStringHex(rbxTV));
Tv[] rcxTV = ToolsZ3.GetTvArray(rcx, (int)nBits, solver, solver_U, ctx);
Console.WriteLine("rcx = " + ToolsZ3.ToStringBin(rcxTV) + " = " + ToolsZ3.ToStringHex(rcxTV));
// Tv5[] rdxTV = ToolsZ3.getTvArray(rdx, nBits, solver, ctx);
// Console.WriteLine("rdx = " + ToolsZ3.toStringBin(rdxTV) + " = " + ToolsZ3.toStringHex(rdxTV));
#endregion
}
private static BoolExpr GeneratePredicateOut(int attemptsLeft)
{
if (attemptsLeft == 0)
{
var i = (IntExpr)(c.MkInt(2));
var ex = (IntExpr)(c.MkMul(c.MkInt(5), (IntExpr)(c.MkConst("x", c.IntSort))));
ex = c.MkMod(ex, i);
return(c.MkEq(ex, (IntExpr)(c.MkInt(1))));
}
try
{
var v = GeneratePredicate();
Solver s = c.MkSolver();
s.Assert(v);
var res = s.Check();
if (res == Status.SATISFIABLE)
{
return(v);
}
else
{
return(GeneratePredicateOut(attemptsLeft - 1));
}
}
catch (Z3Exception e)
{
return(GeneratePredicateOut(attemptsLeft - 1));
}
}
public static bool sat(BoolExpr f1)
{
Solver s = ctx.MkSolver();
s.Assert(f1.expr);
return(s.Check() == Status.SATISFIABLE);
}
public void Run()
{
Dictionary <string, string> cfg = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" }
};
using (Context ctx = new Context(cfg))
{
Sort A = ctx.MkUninterpretedSort("A");
Expr x = ctx.MkConst("x", A);
Expr y = ctx.MkConst("y", A);
FuncDecl f = ctx.MkFuncDecl("f", A, A);
Solver s = ctx.MkSolver();
s.Assert(ctx.MkEq(f[f[x]], x),
ctx.MkEq(f[x], y),
ctx.MkNot(ctx.MkEq(x, y)));
Console.WriteLine(s.Check());
Model m = s.Model;
Console.WriteLine(m);
Console.WriteLine("interpretation assigned to A: ");
foreach (Expr a in m.SortUniverse(A))
{
Console.WriteLine(a);
}
}
}
/// <summary>
/// Checks equivalence of two <see cref="WindowsFirewall"/> instances.
/// </summary>
/// <param name="f1">First firewall.</param>
/// <param name="f2">Second firewall.</param>
/// <returns>A report detailing firewall differences, if any.</returns>
public static IEnumerable <WindowsFirewallInconsistency> CheckEquivalence(WindowsFirewall f1, WindowsFirewall f2)
{
var pastInconsistencies = new List <WindowsFirewallPacket>();
using (var ctx = new Context())
{
while (true)
{
Solver s = ctx.MkSolver();
var packetVars = new WindowsFirewallPacketVariables(ctx);
BoolExpr firewallInequivalence = ctx.MkNot(ctx.MkIff(f1.Allows(ctx, packetVars), f2.Allows(ctx, packetVars)));
BoolExpr matchesPastInconsistency = ctx.MkOr(pastInconsistencies.Select(p => p.Matches(ctx, packetVars)).ToArray());
s.Assert(ctx.MkAnd(firewallInequivalence, ctx.MkNot(matchesPastInconsistency)));
if (Status.UNSATISFIABLE == s.Check())
{
break;
}
Model m = s.Model;
var packet = new WindowsFirewallPacket(m);
pastInconsistencies.Add(packet);
var inconsistency = new WindowsFirewallInconsistency
{
Packet = packet,
Firewalls = Tuple.Create(f1, f2),
Allowed =
Tuple.Create(m.Eval(f1.Allows(ctx, packetVars)).IsTrue, m.Eval(f2.Allows(ctx, packetVars)).IsTrue),
RuleMatches =
Tuple.Create(f1.GetMatches(ctx, packetVars, m).ToList(), f2.GetMatches(ctx, packetVars, m).ToList())
};
yield return(inconsistency);
}
}
}
public void TestSatisfiableRange()
{
using (var ctx = new Context())
{
IPAddress low = IPAddress.Parse("127.0.0.1");
IPAddress high = IPAddress.Parse("127.0.0.10");
var range = new AddressRange
{
Low = low,
High = high
};
string variableName = "address";
BitVecExpr variable = ctx.MkConst(variableName, ctx.MkBitVecSort(32)) as BitVecExpr;
Assert.IsNotNull(variable);
Solver s = ctx.MkSolver();
s.Assert(range.Contains(ctx, variable));
Status result = s.Check();
Assert.AreEqual(Status.SATISFIABLE, result);
IPAddress binding;
Assert.IsTrue(RetrieveModelValue.TryRetrieveAddress(variableName, s.Model, out binding));
Assert.IsTrue(AddressRangeTest.CompareAddresses(low, binding) >= 0);
Assert.IsTrue(AddressRangeTest.CompareAddresses(high, binding) <= 0);
}
}
private static void ExcludeLastModel(IEnumerable <string> choiceVariables, Context z3Context, Solver z3Solver)
{
Model lastModel = z3Solver.Model;
BoolExpr characteristicFormula = CreateCharacteristicFormula(choiceVariables, z3Context, lastModel);
z3Solver.Assert(z3Context.MkNot(characteristicFormula));
}
public void TestAllowByDefault()
{
using (var ctx = new Context())
{
IPAddress allowed = IPAddress.Parse("128.0.0.1");
string lowerBlock = "X\tYes\tBlock\tAny\t0.0.0.0-128.0.0.0\tAny\tAny";
string upperBlock = "Y\tYes\tBlock\tAny\t128.0.0.2-255.255.255.255\tAny\tAny";
string text = $"{WindowsFirewallRuleParserTest.HeaderText}\n{lowerBlock}\n{upperBlock}";
var firewall = new WindowsFirewall
{
BlockByDefault = false,
Rules = WindowsFirewallRuleParser.Parse(text, '\t').ToList()
};
var packetVars = new WindowsFirewallPacketVariables(ctx);
Solver s = ctx.MkSolver();
s.Assert(firewall.Allows(ctx, packetVars));
Status result = s.Check();
Assert.AreEqual(Status.SATISFIABLE, result);
var packet = new WindowsFirewallPacket(s.Model);
Assert.AreEqual(allowed, packet.SourceAddress);
Assert.AreEqual(null, packet.SourcePort);
Assert.AreEqual(null, packet.DestinationPort);
Assert.AreEqual(null, packet.Protocol);
}
}
public void Run()
{
Dictionary <string, string> settings = new Dictionary <string, string>()
{
{ "AUTO_CONFIG", "true" }, { "MODEL", "true" }
};
using (Context ctx = new Context(settings))
{
IntExpr a = ctx.MkIntConst("a");
IntExpr b = ctx.MkIntConst("b");
IntExpr c = ctx.MkIntConst("c");
RealExpr d = ctx.MkRealConst("d");
RealExpr e = ctx.MkRealConst("e");
BoolExpr q = ctx.MkAnd(
ctx.MkGt(a, ctx.MkAdd(b, ctx.MkInt(2))),
ctx.MkEq(a, ctx.MkAdd(ctx.MkMul(ctx.MkInt(2), c), ctx.MkInt(10))),
ctx.MkLe(ctx.MkAdd(c, b), ctx.MkInt(1000)),
ctx.MkGe(d, e));
Solver s = ctx.MkSolver();
s.Assert(q);
Console.WriteLine(s.Check());
Console.WriteLine(s.Model);
}
}
/// <summary>
/// Solves the clauses and returns a solution.
/// </summary>
/// <param name="status">The solver status.</param>
/// <returns>The solution.</returns>
public Dictionary <string, bool> Solve(out SolverStatus status)
{
// Use Z3 and figure out the variable assignments
using (Context context = new Context())
{
Dictionary <string, Z3Variable> variables = GetVariables(context, this.clauses);
List <BoolExpr> clauses = GenerateClauses(context, this.clauses, variables);
Solver solver = context.MkSolver();
solver.Assert(clauses.ToArray());
Status solver_status = solver.Check();
if (solver_status == Status.SATISFIABLE)
{
Dictionary <string, bool> assignments = new Dictionary <string, bool>();
foreach (string variable in variables.Keys)
{
Expr expr = solver.Model.Evaluate(variables[variable].Positive);
if (expr.BoolValue != Z3_lbool.Z3_L_UNDEF)
{
assignments.Add(variable, expr.BoolValue == Z3_lbool.Z3_L_TRUE ? true : false);
}
}
status = SolverStatus.Satisfiable;
return(assignments);
}
status = SolverStatus.Unsatisfiable;
return(null);
}
}
public void TestAllowSingle()
{
using (var ctx = new Context())
{
int localPort = 80;
IPAddress remoteAddress = IPAddress.Parse("192.168.1.1");
int remotePort = 128;
int protocol = 6;
string record = $"X\tYes\tAllow\t{localPort}\t{remoteAddress}\t{remotePort}\t{protocol}";
string text = $"{WindowsFirewallRuleParserTest.HeaderText}\n{record}";
var firewall = new WindowsFirewall
{
BlockByDefault = true,
Rules = WindowsFirewallRuleParser.Parse(text, '\t').ToList()
};
var packetVars = new WindowsFirewallPacketVariables(ctx);
Solver s = ctx.MkSolver();
s.Assert(firewall.Allows(ctx, packetVars));
Status result = s.Check();
Assert.AreEqual(Status.SATISFIABLE, result);
var packet = new WindowsFirewallPacket(s.Model);
Assert.AreEqual(remoteAddress, packet.SourceAddress);
Assert.AreEqual(remotePort, packet.SourcePort);
Assert.AreEqual(localPort, packet.DestinationPort);
Assert.AreEqual(protocol, packet.Protocol);
}
}