public Z3BoolExpr MkTest(Z3Expr t, Term type)
{
Term intr;
var unn = Owner.GetIntersection(Type, type, out intr);
var bt = (Z3BVExpr)UnboxingFun.Apply(t);
if (intr == null)
{
return(Context.MkFalse());
}
else if (intr == Type)
{
return(Context.MkTrue());
}
Z3BoolExpr test = null;
foreach (var i in unn.RangeMembers)
{
var istart = Context.MkBV((i.Key - Lower).ToString(), bvSort.Size);
var iend = Context.MkBV((i.Value - Lower).ToString(), bvSort.Size);
test = test.Or(Context, bt.UGe(Context, istart).And(Context, bt.ULe(Context, iend)));
}
return(test);
}
public Z3BoolExpr MkTest(Z3Expr t, Term type)
{
Term intr;
var unn = Owner.GetIntersection(Type, type, out intr);
var it = (Z3IntExpr)UnboxingFun.Apply(t);
if (intr == null)
{
return(Context.MkFalse());
}
else if (intr == Type)
{
return(Context.MkTrue());
}
Z3BoolExpr test = null;
var iPos = MkIntCoercion(t);
foreach (var r in unn.RangeMembers)
{
test = test.Or(
Context,
iPos.Ge(
Context,
Context.MkInt(r.Key.ToString())).And(
Context,
iPos.Le(Context, Context.MkInt(r.Value.ToString()))));
}
return(test);
}
public Z3BoolExpr MkTest(Z3Expr t, Term type)
{
Term intr;
var unn = Owner.GetIntersection(Type, type, out intr);
var bt = (Z3BVExpr)UnboxingFun.Apply(t);
if (intr == null)
{
return(Context.MkFalse());
}
else if (intr == Type)
{
return(Context.MkTrue());
}
Z3BoolExpr test = null;
foreach (var m in unn.NonRangeMembers)
{
if (m.Kind != SymbolKind.BaseCnstSymb && m.Kind != SymbolKind.UserCnstSymb)
{
continue;
}
test = test.Or(Context, bt.Eq(Context, Context.MkBV(symbToVal[m], bvSort.Size)));
}
return(test);
}
public Z3BoolExpr MkTest(Z3Expr t, Term type)
{
Term intr;
var unn = Owner.GetIntersection(Type, type, out intr);
var rt = (Z3RealExpr)t;
if (intr == null)
{
return(Context.MkFalse());
}
else if (intr == Type)
{
return(Context.MkTrue());
}
Z3BoolExpr test = null;
if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.Integer)))
{
test = test.Or(Context, Context.MkIsInteger(rt));
}
else
{
if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.Natural)))
{
test = test.Or(Context, Context.MkIsInteger(rt).And(Context, rt.Ge(Context, Context.MkReal(0))));
}
else if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.PosInteger)))
{
test = test.Or(Context, Context.MkIsInteger(rt).And(Context, rt.Ge(Context, Context.MkReal(1))));
}
if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.NegInteger)))
{
test = test.Or(Context, Context.MkIsInteger(rt).And(Context, rt.Lt(Context, Context.MkReal(0))));
}
}
Rational r;
foreach (var e in unn.NonRangeMembers)
{
if (e.Kind != SymbolKind.BaseCnstSymb)
{
continue;
}
r = (Rational)((BaseCnstSymb)e).Raw;
test = test.Or(Context, rt.Eq(Context, Context.MkReal(string.Format("{0}/{1}", r.Numerator, r.Denominator))));
}
foreach (var i in unn.RangeMembers)
{
test = test.Or(Context, rt.Ge(Context, Context.MkReal(i.Key.ToString())).
And(Context, rt.Le(Context, Context.MkReal(i.Value.ToString()))).
And(Context, Context.MkIsInteger(rt)));
}
return(test);
}
public void Test_Runner_Jmp_7()
{
string programStr =
" jz label1 " + Environment.NewLine +
" mov rax, 10 " + Environment.NewLine +
" jmp label2 " + Environment.NewLine +
"label1: " + Environment.NewLine +
" mov rax, 20 " + Environment.NewLine +
"label2: " + Environment.NewLine +
" mov rbx, rax " + Environment.NewLine +
" jz label3 " + Environment.NewLine +
"label3: ";
Tools tools = this.CreateTools();
StaticFlow sFlow = new StaticFlow(tools);
sFlow.Update(programStr);
tools.StateConfig = sFlow.Create_StateConfig();
//var dFlow = Runner.Construct_DynamicFlow_Backward(sFlow, tools);
DynamicFlow dFlow = Runner.Construct_DynamicFlow_Forward(sFlow, tools);
//DotVisualizer.SaveToDot(sFlow, dFlow, "test1.dot");
State state = dFlow.EndState;
Assert.IsNotNull(state);
if (logToDisplay)
{
Console.WriteLine("state:\n" + state);
}
TestTools.IsTrue(state.IsConsistent);
TestTools.AreEqual(Rn.RAX, "00000000_00000000_00000000_00000000_00000000_00000000_00000000_000????0", state);
Microsoft.Z3.BoolExpr branch_Condition = dFlow.Get_Branch_Condition(0);
{
State state2a = new State(state);
state2a.Add(new BranchInfo(branch_Condition, true));
if (logToDisplay)
{
Console.WriteLine("state with ZF = true:\n" + state2a);
}
TestTools.IsTrue(state2a.IsConsistent);
TestTools.AreEqual(Rn.RAX, 10, state2a);
}
{
State state2b = new State(state);
state2b.Add(new BranchInfo(branch_Condition, false));
if (logToDisplay)
{
Console.WriteLine("state with ZF = false:\n" + state2b);
}
TestTools.IsTrue(state2b.IsConsistent);
TestTools.AreEqual(Rn.RAX, 20, state2b);
}
}
/// <summary>
/// Disjoins the current side constraint with constr
/// </summary>
/// <param name="constr"></param>
/// <param name="context"></param>
public void ExtendSideConstraint(int index, Z3BoolExpr constr, Z3Context context)
{
Z3BoolExpr crntConstr;
if (SideConstraints.TryFindValue(index, out crntConstr))
{
SideConstraints[index] = context.MkOr(crntConstr, constr);
}
else
{
SideConstraints.Add(index, constr);
}
}
public static Z3BoolExpr And(this Z3BoolExpr expr1, Z3Context context, Z3BoolExpr expr2)
{
if (expr1 == null)
{
return(expr2);
}
else if (expr2 == null)
{
return(expr1);
}
else
{
return(context.MkAnd(expr1, expr2));
}
}
public void Test_Runner_Mem_Merge_1()
{
Tools tools = this.CreateTools();
tools.StateConfig.Set_All_Off();
tools.StateConfig.RAX = true;
tools.StateConfig.RBX = true;
tools.StateConfig.ZF = true;
tools.StateConfig.Mem = true;
tools.Quiet = true;
string programStr =
" jz label1 " + Environment.NewLine +
" mov byte ptr[rax], 10 " + Environment.NewLine +
" jmp label2 " + Environment.NewLine +
"label1: " + Environment.NewLine +
" mov byte ptr[rax], 20 " + Environment.NewLine +
"label2: " + Environment.NewLine +
" mov bl, byte ptr[rax] ";
StaticFlow sFlow = new StaticFlow(tools);
sFlow.Update(programStr);
DynamicFlow dFlow = Runner.Construct_DynamicFlow_Backward(sFlow, tools);
State state = dFlow.EndState;
State state3 = new State(state);
State state4 = new State(state);
Microsoft.Z3.BoolExpr branch_Condition = dFlow.Get_Branch_Condition(0);
state3.Add(new BranchInfo(branch_Condition, true));
if (logToDisplay)
{
Console.WriteLine("state3:\n" + state3);
}
TestTools.AreEqual(Rn.BL, 10, state3);
state4.Add(new BranchInfo(branch_Condition, false));
if (logToDisplay)
{
Console.WriteLine("state4:\n" + state4);
}
TestTools.AreEqual(Rn.BL, 20, state4);
}
public Z3BoolExpr MkTest(Z3Expr t, Term type)
{
Term intr;
var unn = Owner.GetIntersection(Type, type, out intr);
var it = (Z3IntExpr)t;
if (intr == null)
{
return(Context.MkFalse());
}
else if (intr == Type)
{
return(Context.MkTrue());
}
Z3BoolExpr test = null;
if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.Natural)))
{
test = test.Or(Context, it.Ge(Context, Context.MkInt(0)));
}
else if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.PosInteger)))
{
test = test.Or(Context, it.Ge(Context, Context.MkInt(1)));
}
if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.NegInteger)))
{
test = test.Or(Context, it.Lt(Context, Context.MkInt(0)));
}
foreach (var i in unn.RangeMembers)
{
test = test.Or(Context, it.Ge(Context, Context.MkInt(i.Key.ToString())).
And(Context, it.Le(Context, Context.MkInt(i.Value.ToString()))));
}
return(test);
}
public Z3BoolExpr MkTest(Z3Expr t, Term type)
{
Contract.Assert(t != null && t.Sort.Equals(Representation));
Term intr;
var unn = Owner.GetIntersection(Type, type, out intr);
if (intr == null)
{
return(Context.MkFalse());
}
else if (intr == Type)
{
return(Context.MkTrue());
}
Z3BoolExpr test = null;
var nat = (Z3IntExpr)UnboxingFun.Apply(t);
if (unn.Contains(Index.SymbolTable.GetSortSymbol(BaseSortKind.PosInteger)))
{
test = test.Or(Context, nat.NEq(Context, Context.MkInt(0)));
}
var iNat = MkIntCoercion(t);
foreach (var r in unn.RangeMembers)
{
test = test.Or(
Context,
iNat.Ge(
Context,
Context.MkInt(r.Key.ToString())).And(
Context,
iNat.Le(Context, Context.MkInt(r.Value.ToString()))));
}
return(test);
}
public Z3BoolExpr MkTest(Z3Expr t, Term type)
{
Term intr;
var unn = Owner.GetIntersection(Type, type, out intr);
var st = (Z3Expr)t;
if (intr == null)
{
return(Context.MkFalse());
}
else if (intr == Type)
{
return(Context.MkTrue());
}
Z3BoolExpr test = null;
BaseCnstSymb bc;
foreach (var e in unn.NonRangeMembers)
{
if (e.Kind != SymbolKind.BaseCnstSymb)
{
continue;
}
bc = (BaseCnstSymb)e;
if (bc.CnstKind != CnstKind.String)
{
continue;
}
test = test.Or(Context, st.Eq(Context, MkGround(e, null)));
}
return(test);
}
public void Test_Runner_Jmp_11()
{
string programStr =
" cmp al, 0 " + Environment.NewLine +
" jp label1 " + Environment.NewLine +
" mov al, 1 " + Environment.NewLine +
" jz label1 " + Environment.NewLine +
" mov al, 2 " + Environment.NewLine +
"label1: ";
Tools tools = this.CreateTools();
StaticFlow sFlow = new StaticFlow(tools);
sFlow.Update(programStr);
if (logToDisplay)
{
Console.WriteLine(sFlow.ToString());
}
tools.StateConfig = sFlow.Create_StateConfig();
DynamicFlow dFlow = Runner.Construct_DynamicFlow_Backward(sFlow, tools);
State state = dFlow.EndState;
Assert.IsNotNull(state);
if (logToDisplay)
{
Console.WriteLine("state:\n" + state);
}
TestTools.IsTrue(state.IsConsistent);
Microsoft.Z3.BoolExpr branch_Condition_jp = dFlow.Get_Branch_Condition(1);
Microsoft.Z3.BoolExpr branch_Condition_jz = dFlow.Get_Branch_Condition(3);
if (true)
{
if (true)
{
State state2 = new State(state);
state2.Add(new BranchInfo(branch_Condition_jp, true));
state2.Add(new BranchInfo(branch_Condition_jz, true));
TestTools.AreEqual(Rn.AL, "00000000", state2);
}
if (true)
{
State state2 = new State(state);
state2.Add(new BranchInfo(branch_Condition_jp, true));
state2.Add(new BranchInfo(branch_Condition_jz, false));
TestTools.AreEqual(Rn.AL, "????????", state2);
}
if (true)
{
State state2 = new State(state);
state2.Add(new BranchInfo(branch_Condition_jp, false));
state2.Add(new BranchInfo(branch_Condition_jz, true));
TestTools.AreEqual(Rn.AL, "XXXXXXXX", state2);
}
if (true)
{
State state2 = new State(state);
state2.Add(new BranchInfo(branch_Condition_jp, false));
state2.Add(new BranchInfo(branch_Condition_jz, false));
TestTools.AreEqual(Rn.AL, "00000010", state2);
}
}
}
public static Z3BoolExpr Not(this Z3BoolExpr expr1, Z3Context context)
{
Contract.Assert(expr1 != null);
return(context.MkNot(expr1));
}
public static Z3BoolExpr Iff(this Z3BoolExpr expr1, Z3Context context, Z3BoolExpr expr2)
{
Contract.Assert(expr1 != null && expr2 != null);
return(context.MkIff(expr1, expr2));
}
public static Z3Expr Ite(this Z3BoolExpr cond, Z3Context context, Z3Expr ifTrue, Z3Expr ifFalse)
{
Contract.Assert(cond != null && ifTrue != null && ifFalse != null);
return(context.MkITE(cond, ifTrue, ifFalse));
}
public Z3BoolExpr MkTest(Z3Expr t, Term type)
{
///// Produces a test of the form.
//// ite(isBox_T(t), Test_T(t), ...).
Term intr;
var unn = Owner.GetIntersection(Type, type, out intr);
if (intr == null)
{
return(Context.MkFalse());
}
else if (intr == Type)
{
return(Context.MkTrue());
}
bool wasAdded;
Z3Con boxCon;
Z3Fun unbox, tester;
Z3BoolExpr boxTest;
ITypeEmbedding te;
Term subtypeTrm;
MutableTuple <Z3Con, Term> subtype;
Z3BoolExpr iteTest = Context.MkFalse();
//// For non-user sorts, want to project the type along the boxed type, so the boxed type
//// can decide how to encode the test of this projection.
Map <Z3Sort, MutableTuple <Z3Con, Term> > subtypes =
new Map <Z3Sort, MutableTuple <Z3Con, Term> >((x, y) => ((int)x.Id) - ((int)y.Id));
foreach (var s in unn.NonRangeMembers)
{
boxCon = GetBoxer(s);
Contract.Assert(boxCon != null);
unbox = boxCon.AccessorDecls[0];
if (s.Kind == SymbolKind.UserSortSymb)
{
tester = boxCon.TesterDecl;
te = Owner.GetEmbedding(unbox.Range);
boxTest = (Z3BoolExpr)tester.Apply(t);
subtypeTrm = Index.MkApply(s, TermIndex.EmptyArgs, out wasAdded);
iteTest = (Z3BoolExpr)boxTest.Ite(Context, te.MkTest(unbox.Apply(t), subtypeTrm), iteTest);
}
else
{
if (!subtypes.TryFindValue(unbox.Range, out subtype))
{
subtype = new MutableTuple <Z3Con, Term>(
boxCon,
Index.MkApply(s, TermIndex.EmptyArgs, out wasAdded));
subtypes.Add(unbox.Range, subtype);
}
else
{
subtype.Item2 = Index.MkApply(
Index.TypeUnionSymbol,
new Term[] { Index.MkApply(s, TermIndex.EmptyArgs, out wasAdded), subtype.Item2 },
out wasAdded);
}
}
}
foreach (var kv in unn.RangeMembers)
{
subtypeTrm = Index.MkApply(
Index.RangeSymbol,
new Term[]
{
Index.MkCnst(new Rational(kv.Key, BigInteger.One), out wasAdded),
Index.MkCnst(new Rational(kv.Value, BigInteger.One), out wasAdded)
},
out wasAdded);
foreach (var bc in GetBoxers(kv.Key, kv.Value))
{
unbox = bc.AccessorDecls[0];
if (!subtypes.TryFindValue(unbox.Range, out subtype))
{
subtype = new MutableTuple <Z3Con, Term>(bc, subtypeTrm);
subtypes.Add(unbox.Range, subtype);
}
else
{
subtype.Item2 = Index.MkApply(
Index.TypeUnionSymbol,
new Term[] { subtypeTrm, subtype.Item2 },
out wasAdded);
}
}
}
foreach (var kv in subtypes)
{
boxCon = kv.Value.Item1;
Contract.Assert(boxCon != null);
unbox = boxCon.AccessorDecls[0];
tester = boxCon.TesterDecl;
te = Owner.GetEmbedding(unbox.Range);
boxTest = (Z3BoolExpr)tester.Apply(t);
iteTest = (Z3BoolExpr)boxTest.Ite(Context, te.MkTest(unbox.Apply(t), kv.Value.Item2), iteTest);
}
return(iteTest);
}
