1. Trang chủ
  2. Giáo Dục - Đào Tạo

(Luận văn thạc sĩ) using SMT solver and symbolic execution to generate test inputs for c programs luận văn ths công nghệ thông tin

47 22 0
(Luận văn thạc sĩ) using SMT solver and symbolic execution to generate test inputs for c programs luận văn ths công nghệ thông tin

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

U s in g E x e c u tio n S M T to S o lv e r G e n e r a te a n d S y m b o lic T e s t I n p u ts fo r C P r o g r a m s NÜ* j TRU N G T Â M J H Ô N G TIN î h u V i£ n , /A - lo / 6 DO Q U O C H U Y F a c u lty U n iv e rsity V ie tn a m of in fo rm a tio n of E n g in e e rin g T e c h n o lo g y an d T e c h n o lo g y N a tio n a l U n iv e rsity , H a n o i S u p e rv ise d by A thesis s u b m itte d in fulfillment of the requirem ents for the degree of M aster of Com puter Science June, 2010 T a b le C o n t e n t s In tro d u c tio n 1.1 M o t i v a t i o n a n d c o n t r i b u t i o n 1.2 B a c k g r o u n d 1.2.1 S M T s o l v e r 2 S y m b o l i c e x e c u t i o n U sin g S M T so lv e rs a n d S y m b o lic E x e c u tio n to G e n e r a te T est I n p u t s 1.3 T e x t o v e r v i e w 1.1 R e l a t e d w o r k CR EST 12 2.1 A r c h i t e c t u r e o f C R E S T 12 1 I n s t r u m e n t a t i o n t o o l 13 2 C i I l i b r a r y f o r p e r f o r m i n g c o n c o l i c e x e c u t i o n 17 S e a r c h s t r a t e g i e s m o d u l e 19 2 o f L i m i t a t i o n s o f C R E S T re a lC R E S T : A n ew te s t g e n e tio n to o l b a s e d o n C R E S T 3.1 M a i n i m p r o v e m e n t s c o m p a r e d t o C R E S T 3 1 H a n d lin g flo atin g -p o in t v ariab les P r o c e s s i n g d i v i s i o n o p e r a t o r 3 C o m b in in g m u ltip le S M T so lv e rs to e n h a n c e te st i n p u tg e n e r ­ a tio n 's a b i l i t y 3.2 23 r e a lC R E S T s arc h itec tu re 25 E x p e rim e n t a n d d isc u ssio n 29 C o n c lu sio n a n d F u tu re W o rk 32 IV TABLE OF C O N T E N T S A S o m e im p o rta n t m e th o d s of ro a lC R E S T 33 A l S o l v e m e t h o d o f C V C S o l v c r c l a s s 3 A S o l v e m e t h o d o f Y i c e s S o l v e r c l a s s A S o lv e A tB n c h m e th o d o f S earch class L is t 1.1 o f F i g u r e s P r o g r a m ' s s e g m e n t u s e d t o e x c h a n g e t w o v a r i a b l e ’s v a l u e s a n d c o r r e l a ­ t i v e s y m b o l i c e x e c u t i o n t r e e E a c h s t a t e ' s t r a n s f o r m a t i o n is n u m b e r e d b y t h e n u m b e r o f s t a t e m e n t in p r o g r a m s 1.2 S y m b o l i c t e s t i n g t e c h n i q u e T e s t g e n e r a t i o n life c y c l e 2.1 C o - o p e r a t i o n o f t h r e e m a i n p a r t s in C R E S T 13 2.2 “c r e s t c ” s c r i p t file t o i n s t r u m e n t s o u r c e c o d e 14 2.3 A c t i v i t y o f i n s t r u m e n t a t i o n t o o l 15 2.4 O v e r v i e w o f C + - l i b r a r y f o r p e r f o r m i n g s y m b o l i c e x e c u t i o n 17 2.5 P r o t o t y p e o f c l a s s S y m b o l i c E x p r 18 2.6 P r o t o t y p e o f c l a s s S y m b o l i c P r c d 19 2.7 P r o t o t y p e o f c l a s s S v m b o l i c P a t h 20 2.8 P r o t o t y p e o f c l a s s S y m b o l i c E x e c u t i o n 21 2.9 P r o t o t y p e o f c l a s s S y m b o l i c l n t e r p r e t e r 21 P r o t o t y p e o f c l a s s Y i c e s S o l v e r 22 2.11 O v e r v i e w o f s e a r c h s t r a t e g i e s m o d u l e 22 3.1 C o m b in in g m u lti so lv ers a lg o r ith m O v e r v i e w o f r e a l C R E S T 1.1 T i m e c o s t s 31 vi L is t o f T a b le s B ranches coverage C h a p t e r I n t r o d u c t i o n 1 M o t i v a t i o n a n d c o n t r i b u t i o n N o w a d a y s , t e s t i n g is t h e p r i m a r y w a y t o v a l i d a t e t h e c o r r e c t n e s s o f s o f tw a r e T e s t in g w i t h m a n u a l l y g e n e r a t e d i n p u t s is t h e p r e d o m i n a n t t e c h n i q u e in p r a c t i c e t o e n s u r e so ftw a re q u ality It a c c o u n t s fo r -8 % s o f tw a r e d e v e lo p m e n t co st i n p u t s g e n e r a t i o n is e x p e n s i v e , e r r o r - p r o n e , a n d r a r e l y e x h a u s t i v e M a n u al te st T h u s , s e v c —1 te c h n iq u e s h a v e b e e n p r o p o s e d t o a u t o m a t e th is ta s k T h e y c a n b e d iv id e d in to tw o m a in te c h n iq u e s: r a n d o m te s tin g a n d s y m b o lic ex e cu tio n R a n d o m te s tin g (B ird & S m a g d a k is, 2004) (P a ch e co M u n o z , 1983) (F o rre ste r Sz L M i l l e r 0 ) ( C s a l l n e r &; E r n s t , 0 ) is s i m p l e t e c h n i q u e f o r a u t o m a t i n g t e s t g e n e r a tio n In r a n d o m te s tin g , te s t in p u ts a re g e n e r a te d n d o m ly A fte r t h a t th e y a r e u s e d t o e x e c u t e t h e p r o g r a m A k e y a d v a n t a g e o f r a n d o m t e s t i n g is t h a t i t s c a l e s w e l l in t h e s e n s e t h a t r a n d o m t e s t i n p u t g e n e r a t i o n t a k e s n e g l i g i b l e t i m e H o w e v e r , r a n d o m t e s t i n g is e x t r e m e l y u n l i k e l y t o t e s t a l l p o s s i b l e b e h a v i o r s o f a p r o g r a m T o g e n e r a te t e s t in p u ts t h a t c a n e x p lo re a s m a n y b n c h e s o f a p r o g m a s p o ssi­ b le s o m e t e c h n i q u e s b a s e d o n s y m b o l i c e x e c u t i o n ( K in g 197 ) h a v e b e e n p r o p o s e d S u ch te c h n iq u e s a t t e m p t to sy m b o lic a lly e x e c u te a p ro g m u n d e r te s t alo n g w ith all p o s s ib le e x e c u t i o n p a t h s o f t h e p r o g r a m , g e n e r a t i n g a n d s o lv in g c o n s t r a i n t s o f p r o g r a m v a r i a b l e s t o follo w t h e s e p a t h s t o p r o d u c e c o n c r e t e i n p u t s t h a t te s t e a c h p ath U su a lly a n e x te r n a l S M T so lv e r ( M a u r a R u b io , 2008) (R o b e rto B ru tto m c sso B j o r n 0 ) ( M i q u c l B o f i l l ÍC S c b a s t i a n i 0 ) is u s e d t o s o l v i n g t h e p a t h c o n s tr a in ts to p r o d u c e a m o d e l th a t b e c o m e s te st in p u ts d ire c tin g th e p r o g m 's e x e cu tio n to th a t p a th 1.1 M o t i v a t i o n a n d c o n t r i b u t i o n T h e r e a re m a n y s ta te -o f -th e - a r t so lv ers su c h a s Z ( M a u r a & B jo rn 2008) C Y C ( B a r r e t t ic T i n e l l i 0 ) V i c e s ( S R I , 0 ) , B a r c e l o g i c ( M i q u e l B o f ill k R u b io 0 ) T h e r e a r e m a n y d i f f e r e n c e s b e t w e e n t h o s e S M T s o l v e r s in t h e i r s p e e d , m e m ­ o r y u s e a n d a l g o r i t h m s a s w e ll a s u n d e r l y i n g t h e o r i e s t h e y s u p p o r t w o rk o n ly o n s o m e sp ecific p la tf o r m S o m e so lv e rs S o lv er X c a n b e b e t t e r t h a n so lv e r Y in lin ­ e a r in te g e r a r i t h m e t i c b u t w o rs e t h a n in n o n - l i n e a r re a l a r i t h m e t i c A ll te s t i n p u t s g e n e r a tio n s to o l n o w u s e o n ly o n e S M T so lv e r t o so lv e t h e c o n s tr a in ts , th e r e f o r e t h e i r a b i l i t i e s i n t e s t i n p u t s g e n e r a t i o n a r e l i m i t e d , d e p e n d i n g o n t h e s o l v e r t h a t is used C o m b in in g t h e p o w e r of th e s e so lv e rs m a y allo w u s to m a k e te s t g e n e r a tio n to o l m u c h m o re p ow erful C R E S T ( J a c o b B u r n i m 0 ) is a t o o l u s e d t o g e n e r a t e t e s t a u t o m a t i c a l l y f o r C program s U s i n g C I L ( G N e c u l a 2|ol V | - » ( ^ l | x : ¿>l|V.r : F r e e ( o c c u r r e n c e s ) o f v a r i a b l e s in a f o r m u l a a r e t h o s e n o t b o u n d b y a q u a n t i f i e r ( , V) A s e n t e n c e is a f i r s t - o r d e r f o r m u l a w i t h n o f r e e v a r i a b l e s A (first-o rd er) th e o ry T s e n te n c e s (over Y (over a s ig n a tu r e Yl) is a s e t o f ( d e d u c t i v e l y c l o s e d ) a n d V ) L e t D C ( [ ) b e t h e d e d u c t i v e c l o s u r e o f a s e t o f s e n t e n c e s f\ A t h e o r y T is c o n s i s t e n t if f a l s e ^ T W e c a n v i e w a ( f i r s t - o r d e r ) t h e o r y T a s t h e c l a s s o f a ll m o d e l s o f T (d u e to c o m p l e t e n e s s o f f i r s t - o r d e r lo g ic ) A m o d e l M is d e f i n e d ¿is fo llo w s : D o m a i n S is s e t o f e l e m e n t s : - I n t e r p r e t a t i o n a r it y (f ) —> S for e a c h / G — n Yf = r> - I n t e r p r e t a t i o n p A/ G Sn - for ev e ry v a ria b le A f A1 : S n A ssig n m en t fo rm u la é xM G S for e a c h p G Yip x w i t li G arity(p) V is t r u e in a m o d e l M if i t e v a l u a t e s t o t r u e u n d e r t h e g i v e n i n t e r ­ p r e t a t i o n s o v e r t h e d o m a i n S M is a m o d e l f o r t h e t h e o n ' T if all s e n t e n c e s o f T a r e t r u e in M A fo rm u la That M (p(!*) is t h e r e is a m o d e l M f o r T Tô(x) ( A is s a t i s f i a b l e in a t h e o r y T if t h e r e is a m o d e l o f fo rm u la o(~Ÿ) in w h i c h cfi(x) DC(Tu3x ev a lu a tes to tru e , d e n o te d by T h i s is a l s o c a l l e d T - s a t i s f i a b i l i t y is v a l i d in a t h e o r y T if V f.(;?) G T T h a t is o(x) e v a l u a t e s to t r u e in e v e r y m o d e l M o f T T - v a l i d i t y is d e n o t e d b y J= To(x) T h e q u a n t if ie r free T - s a tis f ia b ility p r o b le m r e s t r i c t s D ecid in g w h ere a fo rm u la cid in g w h e th e r a m o d e l of (x) t o b e q u a n t i f i e r f re e is s a t i s f i a b l e in a t h e o r y T is e q u i v a l e n t w i t h d e ­ D C ( T U 3x.d(x)) e x i s t s o r n o t It is t h e e s s e n t i a l m i s s i o n 1.2 B a c k g r o u n d o f S M T s o l v e r T h e r e ¿ire s e v e r a l k i n d s o f t h e o r y d e p e n d i n g o n t h e t y p e o f v a r i a b l e s , for e x a m p l e lin e a r in te g e r a r i t h m e t i c , lin e a r re a l a r i t h m e t i c , t h e o r y o f a rra y , t h e o r y o f b it v ec to r, th e o r y o f T u p le s k R e c o rd s, a n d so t h e o r y is a l s o a n N P - c o m p l e t e p r o b l e m use on e of tw o m a in ap p ro a ch es 011 F i n d i n g a m o d e l in a s p e c i a l T o so lv e t h i s p r o b le m S M T so lv e rs o fte n T h e f irs t is E a g e r a p p r o a c h w h i c h s o l v e s S M T in stan c es by tra n s la tin g th e m to B o o lean S A T in sta n c e s a n d p assin g th e se fo rm u las t o a B o o l e a n S A T s o l v e r T h e a d v a n t a g e o f t h i s a p p r o a c h is: w e c a n u s e b e s t a v a i l ­ a b le S A T so lv er B u t th is a p p r o a c h h a s tw o d is a d v a n ta g e s : we need so p h istica te d e n c o d i n g s f o r e a c h t h e o r y a n d s o m e t i m e s t r a n s l a t i o n a n d / o r s o l v i n g a r e t o o s lo w T h e s e c o n d is l a z y a p p r o a c h w h i c h t i g h t l y i n t e g r a t i n g t h e B o o l e a n r e a s o n i n g o f a D P L L - s ty le se a rc h w ith th e o ry -sp e c ific so lv e rs (T -so lv e rs) t h a t h a n d le c o n ju n c tio n s (A N D s ) o f p r e d ic a te s fro m a g iv e n th e o ry v elo p ed by several g ro u p s: T h is a p p ro a c h w as in d e p e n d e n tly d e­ G V C (S ta n fo rd ), IC S (S R I) M a th S A T (U n iv T re n to , Ita ly ), a n d V erifu n (H P ) 2 S y m b o lic e x e c u tio n S y m b o lic E x e c u tio n (K in g 1976): v erify p r o g r a m s re c e n tly T h e m a i n i d e a o f t h i s t e c h n i q u e is u s i n g s y m b o l s a l t e r c o n c re te v alues as te s t in p u ts by sy m b o lic fo rm u las is a t e c h n i q u e ' h a t is u s e d p o p u l a r l y f o r t e s t , T h e v alues of p r o g m 's v a ria b le s are re p re s e n te d T h e e x e c u t i o n ’s r e s u l t is r e p r e s e n t e d a s a f u n c t i o n o f i n p u t s y m b o l ’s v a l u e s T h e s t a t e o f p r o g r a m w h e n s y m b o l i c e x e c u t i o n is p e r f o r m e d i n c l u d e s : • T h e sy m b o lic v a lu e s o f v a ria b les • P a t h c o n d i t i o n ( P C ) : Is a l o g i c a l f o r m u l a o f i n p u t s y m b o l i c v a r i a b l e s , w h i c h n o t c o n ta in tw o o p e to rs : a n d V It is a c o l l e c t i o n o f c o n s t r a i n t s in w h i c h t h e i n p u t v a r ia b le s m u s t b e s a tis f y so t h a t t h e p r o g r a m 's e x e c u t io n follow s t h e co rrela tiv e p a th E ach sy m b o lic e x e c u tio n tree d escrib es th e ex e cu tio n p a th s g a in e d w h en p erfo rm sy m b o lic e x e c u tio n E a c h n o d e re p re s e n ts a p r o g m 's s ta te a n d each arc d e s c rib e s a tr a n s f o r m from o n e s ta te to th e n e x t sta te I n f i g u r e 1.1 i n i t i a l l y , P C e q u a l s t r u e A t e a c h b r a n c h i n g n o d e P C is u p d a t e d b y c o n s t r a i n t c o n d i t i o n s o f i n p u t v a r i a b l e s w i t h c o r r e l a t i v e b r a n c h e s If a t a b r a n c h 3.2 r e a l C R E S T ’s a r c h i t e c t u r e F i g u r e 3.2 : O v e r v i e w o f r e a l C R E S T 28 C h a p t e r E x p e r i m e n t a n d d i s c u s s i o n W c d o e x p e rim e n ts to te st ex ten sio n s of re a lC R E S T m u lti so lv e rs a n d t h e efficien c y o f u s in g T h e t e s t i n g p r o g r a m is a s i m p l e C p r o g r a m w h i c h c h e c k s if t h r e e real n u m b e r s a r e le n g th o f th r e e e d g e s o f a tr ia n g le , a n d w h a t k in d o f tr ia n g le th e y co n stru c t W e in se rt so m e c o n d itio n a l s ta te m e n ts to m a k e th e te s tin g p ro g m b e c o m e m o re co m p lic ate d in te g e r v a ria b le T h e i n p u t v a r ia b le s a r e t h r e e flo at v a r ia b le s a n d o n e T h is p ro g m can n o t be ex e c u te d by C R E S T , b ec au se of th e l i m i t a t i o n o f C R E S T in l i n e a r , i n t e g e r a r i t h m e t i c W e in se rt a n in c lu d e s ta te m e n t ( ^ i n c l u d e “c r e s t h ” ) a n d f o u r c o r r e s p o n d i n g m a c r o s t o i n d i c a t e t h e m T h e t e s t i n g p r o g r a m is a s b e l o w : // i n c 1u d c < s t d i o h> #includc inI mai n ( ) { f 1o a t a b ,c : CREST-float ( a ) : CREST.float(b) : CR E S T - f l o a t ( c ) : int x: CRESTJnt(x) : if ((a f i r s t ) : s n p r i il t f ( b u f f sizeof(buff), i f ( ( i —> s e c o n d t y p e s : : Fi.X)AT) | | ( i —> s c c o n d t y p e s : : IX)UBLE) ) { x o x p r [ i —> f i r s t ] = v c - > v a r E x p r ( b u f f v c —> r e a l T v p c ( ) ) : A p p e n d i x A x _ e x p r [ i —> f i r s t ] v c —> v a r E x p r ( b u f f v c —> i n t T y p e ( ) ) : } formula v c —> a n d E x p r ( f o r m u l a v c —> g e E x p r ( x _ e x p r [ i —> f i r s ] m i n e x p r [ i —> s c c o n d ] ) ) : formula v c —> a n d E x p r ( f o r m u l a v c —> l e E x p r ( x _ c x p r [ i —> f i r s t ] m a x _ e x p r | i —> s e c o n d ] ) ) : } Expr zero v c —> r a t E x p r ( ) ; { vector for ( P r ed I t const terms; i — c o n s t r a i n t s begi n () ; S y m b o l i c E x p r & se - i ! — c o n s t r a i n t s end ( ) ; f f i ) { ( * i )—> e x p r ( ) ; terms, clear ( ) ; char b uffer [350] ; sn prin tf( buffer, si z e o f ( b u f f e r ) , " %f se c o n s t _ t e r m ( ) ); t e r m s p u s h , b ac k ( v c —> r at E x p r ( b u f fe r ) ) : for ( Sy m b o l i c E x p r : : T e r m It end(); H j) j se t e r m s ( ) b e g i n ( ) : j ! se t e r m s ( ) { sn p r in t f ( b uf f er , s i z e o f ( b u f f e r ) , "% f " j —> r e c o n d ) ; Expr x e x p r [ j - > f i r s t ] , v c —> r a t E x p r ( b u f f e r ) prod [ 2] - { }: t e r m s p u s h b a c k ( v c - > m u l t E x p r ( p r o d [ 0] p r o d ( J) ) ; } Expr e — v c —> p l u s E x p r ( t e r m s ) ; Expr pred: s w i t c h (( * i )-> o p () ) c a s e ops : : EQ: case pr ed ops : : NEQ : p r e d cas e ops : : GT: case { ops : : LE : v c —> n o t E x p r ( vc —> e q E x p r ( e zero)): pr ed - v c —> g t E x p r ( e , z e r o ) ; b r e a k : pred = vc -> le E x p r ( e z e r o ) ; c a s e ops : : L T: p r ed case pred o ps : : CE : vc > e q E x p r ( e , z e r o ) ; b r e a k : break break : v c —>11 E x p r ( e z e r o ) ; b r e a k : = vc->gcExpr( e , zero) ; break : d e fa u 11 : f p r i u t f ( s t d e r r , "U n kno w n comparison 0); ex i t ( 1) ; } formula formula vc - andExpr ( f o r m u l a p r e d ) ; v c —> n o t E x p r ( f o r m u l a ) ; operator: % l\n" ( * i ) —>o p A p p e n d i x 35 A v c —> p r i n t E x p r ( f o r m 11 1a ) ; 1) 0 success vc->qucrv ( formula ) : if ( ! success) { F x p r N1ap< E x p r > m : v c —> g e t C o n c r e t e M o d e l (rn) : E x p rM a p < E x p r > :: i t e r a t o r i f ( it it m b e g i n ( ) end m.end(): = = end ) cout « e 1s e ’’ Di d not find concrete model for a ny vars" « endl : { s o l n —> c l e a r ( ) ; double val ; Varlt i = v a r s begin () : for ( ; i t ! — end : i t ++) ostringstream { *os new o s t r i n g s t r e a m ( o s t r i n g s t r e a m : : o u t ) ; v c —> p r i n t E x p r ( i t —> s e c o n d * os ) : va s t r _ t o _ d o u b l e ( o s —> s t r ( ) ) : i f ( ( i —> s e c o n d = t y pes : : FLOAT) | | ( i —> s e c o n d = t y pes : : DOUBLE) ) p r i n t f ( * ’ \ n f c v c ') x %i = % f \ n ' i —> f i r s t ,v a 1) ; i —> f i r s t ( 1o n g)v el se p r i 11 f ( " \ ii ( c v c ) x%d - %d \ n " s o l n —> i n s e r t ( m a k e p a i r ( i —> f i r s t , a 1) ; val)); -H -i : } } } delete vc; r et u rn (! s u c c e s s ) ; A bool S o lv e m e t h o d o f Y ic e s S o lv c r c la ss Y i c e s S o l v e r :: S o l v e ( c o n s t const vector & vars, SymbolicPred*>& maj K v a r _t v a 1u e _t > * s o l n ) constraints , j t y ]) ed e f in a jK a r _t , t y pe _t > :: c o n s t _ i t e r a t o r Yarlt : t v p e d e f m a p < v a r t , t y p e _t > :: c o ns t _i t e r a t o r vi c e s _c o n t e x t ct x Varlt : v i c e s , m k c o n t e x t () : A p p e n d i x A a s s e r t ( ct x ) : v e c t o r < v i c e s _e x p r > i n i n _e x p r ( t y p e s : : I X )UBLE f ) : v e c t o r c v i c e s e x p r > m a x e x p r ( t y p e s : : DOUBLE+1) : for (int i = t y p e s :: l-.C H A R : i ( kMinValueStr [ i ] ) ) : max_expr[i] = yices_mk_iium_froin_string ( ctx , const cast < c h a r *> ( kMaxValueStr [ i ] ) ) : assert ( min.expr [ i ] ) : a s s e r t ( ma x _expr [ i ] ) : } char i n t _t y n a m e [ ] — yices.tvpe int.ty = iit t “ ; y ic e s m k t y p e ( ctx i n t t y n a m e ) ; assert( int.ty ) : -drr.hrchar for final in * point variable r e a l _t y n a m e [ ) - " r e a l ’ ; yices.tvpe r e a 1_ t y — y i c c s _m k _t y p c ( c t x , r e a 1_t y _n a m e ) : a s s e r t ( r e a 1_t y ) ; V a n a b J x _d e c ; map< v a r _t , y i c e s _e x p r > x _e x p r : for ( Varlt char buff i — vars begin () ; i !~~ v a r s e n d ( ) : f fi ) { 13 | : sn p r i n t f ( bu ff s i z e o f ( b u f f ) " x% \ , i —> f i r s t ) ; i f ( ( i - > s e c o n d — t y pes : : FLOAT) | | ( i - > s e c o n d t y p e s :: DOUBLE) ) { x _d e c [ i —> f i r s t ] — y i c es _m k _ v a r _d eel ( c t x , b u f f , r e a l t y ) ; } e 1s e { x _d e c [ i - > f i r s t ] - y i c e s _m k _v a r d qg ( c t x , buff in t t y ) ; } x _e x p r [ i —> f i r s t ] y i c e s m k v a r f r o m _decl ( c t x x _d e e [ i —> f i r s t ] ) : a s s e r t ( x _d e e [ i —> f i r s t ] ) : a s s e r t ( x _ e x p r [ i —> f i r s t ] ) : y i c e s a s s e r t ( et x , y i c e s m k _ge ( c t x x _ ex p r [ i —> f i r s t | m i n _expr [ i —> s econd j )); vie es assert ( c t x secondj)): y i c e s _m k _1e ( c t x x _e x p r [ i —> f i r s t j m ax _exp r ( i —> A p p e n d i x 37 A yices.expr zero y i c e s mk n u m ( etx , ) : a ss er t ( zero ) : { v e c t o r < y i e e s _e x p r > t e r m s ; for (Predlt const i = c o n s t r a i n ts b eg i n () : SymbolicExprk i != c o n s t r a i n t s end ( ) : 4-4-i ) { se ( * i )—> e x p r ( ) : t e r m s c l e a r () ; char buffer [350]; s i z e o f ( b u f f e r ) , " % f " , se c o n s t t e r m ( ) sn prin tf( buffer, t e r m s push b a c k ( v i ces i n k n i i m f r o m s t r i n g ( c t x , for ( SymbolicExpr : : Ternilt end ( ) : 4- f j ) buffer ) ) : j = se t e r m s ( ) b e g i n ( ) ; j != s e t e r m s ( ) { s n p r in tf ( buffer yices.expr ); s i z e o f ( b u f f e r ) , " % f " j -> s e c o n d ) ; p r o d [ 2] = { x e x p r [ j —> f i r s t ] , y i c e s _ mk _n u m _ f r o m _st r i ng ( c t x buffer) }; t e r ms pus h _bac k ( y i ccs _m k _m u 1( ct x p ro d ) ) : } yices.expr e — v i c e s m k s u m ( c t x , & t e r m s f r o n t ( ) , t e r m s s i ze ( ) ) ; yices.expr pred ; s w i t e h ( ( * i ) —> o p ( ) ) { c as e ops::EQ: pred = y i ce s mk e q ( ctx e, c as e ops:: NBQ: p r ed y i c e s m k d i s e q ( c t x , e ca s e ops::GT: ca s e pred — v i c e s _ m k _gt ( c t x ops : : L E : p r e d - zero); break ; zero): c, ze ro): break; break y i c e s _ mk _le ( c t x e z e r o ) : break case o p s : : LT pr ed y i c e s _ m k l t ( ctx e, z e r o ) : break case ops::GE pred = y i c c s m k _gc ( c t x c, ze ro ); break d e f a u 11 : f p r i n t f ( s t d e r r " U n known c o rn p a r i so n o p e r a t o r : %d \ n " ): ex i t ( 1) : y i c e s _as s e r t ( c t x , p r e d ) ; bool success ( y ices.check ( ctx ) I _t r ue if (success) { s o 1n —> c 1e a r ( ) ; >• i c e s _in o d e m o d e for ( Varlt i y i e e s _g e t _m o d e ( c t x ) : vars begin () : i ! vars.end(): 4- f i ) •{ (* i ) >op() A p p e n *5 d i x 38 A double val : i f ( ( i —> s e c o n d = 86 87 types : : FLO AT) | | (i —> s e c o n d = t v p e s : : D O U BLE)) { a s s e r t ( y i c e s _ g e t _ d o u b l e _ v a l u e ( y i c e s _ g e t _ m o d e l ( c t x ) x d e c l ( i —> f i r s t ] k v a ) ) : *8 } e 1se { K9 1o 90 a s s e r t ( y i c e s g e t _ i n t v a l u e (m o d e l 91 val n g v a 11 m p : , x _ d e c l [ i —> f i r s t ] &valtmp)); ( d o u b l e ) v a ltm p : 92 } 93 s o l n - > i n s e r t ( m a k e p a i r ( i —> f i r s t , val)); } 95 } 96 y i c e s _d e _c o n t e x t ( c t x ) : 97 return success; 98 } A i bool S o lv e A tB r a n c h m e t h o d o f S e a rc h class S e a r c h :: S o l v e A t B r a n c h ( c o n s t size.t branch id x , vector * s S y m b o l i c E x e c u t i o n & ex const vector&; constraints input) { = ex p a t h ( ) c o n s t r a i n t s ( ) ; Opt imi m*iô.*n ã If any of t h.r p it vions const mints are i d n ti a *u ' i : ;; 11'■!! id x (int i = 1.11*• for 10 if 11 t !i ( unsi.rain' i m m e d ia t ely r ( b r a n c h _ i d x ) - 1; falsi* i >= 0; i— ) { ( c o n s t r a i n t s [ b r a n c h i d x ] —> Eq u a l ( * c o n s t r a i n t s [ i ] ) ) return false: } 13 vector cs ( c o n s t r a i n t s b e g i n ( ) , c o n s t r n t s beg i n ( ) -f b r a n c h i d x f 1); 15 m a p < v a r _ t v a l u e _t > s o l n : 16 c o n s t r a i n t s [ b r a n c h _id x ] - > Ne g a t e ( ) 17 ' r '• V r i'I :■ it':* 18 solver 19 bool new c r e s t : : Y i c e s S o 1v e r f ) s u c c e s s = s o l v e r - - > I n c r e m e n t a l S o l v e ( ex i n p u t s ( ) , ex v a r s ( ) cs , k soln ) : 20 : : A •21 22 23 24 p p e n d i x 39 A 1:• i i ji ' H ' ‘ u e f v is !: c o n s t r a i n t s [ br anc h i dx] —> Nogatc () : if (success) { p r i n t f ( “ u s i ng v i c es \ n“ ) ; in*' Mr r - « 25 s o lu tio n !h!»:n 26 27 ( (\>;: will: the Id previous nd'm w i1• inpu* ;o - it the i ns t ead ; !: j >: i ’ s next * i n p u t = ex i n p u t s (); 28B h jjfio n 'j]jip u v ex v a rs [■ inpui / ; 29 t y p e d e f m a jK v a r.t val ue «t >:: c o n s t i t e r a t o r 30 for 31 (Sol nit Sol n i t : i = so In begin () ; i != s o l n e n d ( ) ; -H-i ) (*i n p u t ) [ i —> f i r s t | { i —>second : } 33 S-a \ e i n e x i \ on 34 inp u t y char f name[32]; 35 s n p r i n t f (fnarne , 32, :

Ngày đăng: 05/12/2020, 09:24

Xem thêm:

Mục lục

  • 2 . 1 . 2 C + + library for performing concolic execution

  • 3 . 1 Main improvements compared to CREST

  • 3.1.1 Handling floating -point variables

  • A . 1 Solve method of CVC3Solver class

  • A . 2 Solve method of YicesSolver class

  • A . 3 SolveAtBranch method of Search class

Tài liệu cùng người dùng

Tài liệu liên quan