Ejemplo n.º 1
0
  @Override
  public Instruction execute(ThreadInfo th) {
    IntegerExpression sym_lval =
        (IntegerExpression) th.getModifiableTopFrame().getLongOperandAttr();
    if (sym_lval == null) {
      return super.execute(th);
    } else {
      // throw new RuntimeException("## Error: symbolic L2F not yet hanled ");

      // here we get a hold of the current path condition and
      // add an extra mixed constraint sym_dval==sym_ival

      ChoiceGenerator<?> cg;
      if (!th.isFirstStepInsn()) { // first time around
        cg = new PCChoiceGenerator(1); // only one choice
        th.getVM().getSystemState().setNextChoiceGenerator(cg);
        return this;
      } else { // this is what really returns results
        cg = th.getVM().getSystemState().getChoiceGenerator();
        assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg;
      }

      // get the path condition from the
      // previous choice generator of the same type

      PathCondition pc;
      ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGenerator();
      while (!((prev_cg == null) || (prev_cg instanceof PCChoiceGenerator))) {
        prev_cg = prev_cg.getPreviousChoiceGenerator();
      }

      if (prev_cg == null)
        pc = new PathCondition(); // TODO: handling of preconditions needs to be changed
      else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC();
      assert pc != null;
      StackFrame sf = th.getModifiableTopFrame();
      sf.popLong();
      sf.push(0, false); // for symbolic expressions, the concrete value does not matter
      SymbolicReal sym_fval = new SymbolicReal();

      sf.setOperandAttr(sym_fval);

      pc._addDet(Comparator.EQ, sym_fval, sym_lval);

      if (!pc.simplify()) { // not satisfiable
        th.getVM().getSystemState().setIgnored(true);
      } else {
        // pc.solve();
        ((PCChoiceGenerator) cg).setCurrentPC(pc);
        // System.out.println(((PCChoiceGenerator) cg).getCurrentPC());
      }

      // System.out.println("Execute L2F: " + sf.getLongOperandAttr());
      return getNext(th);
    }
  }
Ejemplo n.º 2
0
  @Override
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo ti) {

    StackFrame sf = ti.getTopFrame();

    IntegerExpression sym_v1 = (IntegerExpression) sf.getOperandAttr(1);
    IntegerExpression sym_v2 = (IntegerExpression) sf.getOperandAttr(0);

    if ((sym_v1 == null) && (sym_v2 == null)) { // both conditions are concrete
      // System.out.println("Execute IF_ICMPEQ: The conditions are concrete");
      return super.execute(ss, ks, ti);
    } else { // at least one condition is symbolic
      ChoiceGenerator<?> cg;

      if (!ti.isFirstStepInsn()) { // first time around
        cg = new PCChoiceGenerator(2);
        ss.setNextChoiceGenerator(cg);
        return this;
      } else { // this is what really returns results
        cg = ss.getChoiceGenerator();
        assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg;
        conditionValue = (Integer) cg.getNextChoice() == 0 ? false : true;
      }

      int v2 = ti.pop();
      int v1 = ti.pop();
      // System.out.println("Execute IF_ICMPEQ: "+ conditionValue);
      PathCondition pc;

      // pc is updated with the pc stored in the choice generator above
      // get the path condition from the
      // previous choice generator of the same type

      ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGenerator();
      while (!((prev_cg == null) || (prev_cg instanceof PCChoiceGenerator))) {
        prev_cg = prev_cg.getPreviousChoiceGenerator();
      }

      if (prev_cg == null) pc = new PathCondition();
      else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC();

      assert pc != null;

      if (conditionValue) {
        if (sym_v1 != null) {
          if (sym_v2 != null) { // both are symbolic values
            pc._addDet(Comparator.EQ, sym_v1, sym_v2);
          } else pc._addDet(Comparator.EQ, sym_v1, v2);
        } else pc._addDet(Comparator.EQ, v1, sym_v2);
        if (!pc.simplify()) { // not satisfiable
          ss.setIgnored(true);
        } else {
          // pc.solve();
          ((PCChoiceGenerator) cg).setCurrentPC(pc);
          //	System.out.println(((PCChoiceGenerator) cg).getCurrentPC());
        }
        return getTarget();
      } else {
        if (sym_v1 != null) {
          if (sym_v2 != null) { // both are symbolic values
            pc._addDet(Comparator.NE, sym_v1, sym_v2);
          } else pc._addDet(Comparator.NE, sym_v1, v2);
        } else pc._addDet(Comparator.NE, v1, sym_v2);
        if (!pc.simplify()) { // not satisfiable
          ss.setIgnored(true);
        } else {
          // pc.solve();
          ((PCChoiceGenerator) cg).setCurrentPC(pc);
          // System.out.println(((PCChoiceGenerator) cg).getCurrentPC());
        }
        return getNext(ti);
      }
    }
  }
Ejemplo n.º 3
0
  @Override
  public Instruction execute(ThreadInfo th) {
    StackFrame sf = th.getModifiableTopFrame();
    IntegerExpression sym_v1 = (IntegerExpression) sf.getOperandAttr(0);
    IntegerExpression sym_v2 = (IntegerExpression) sf.getOperandAttr(1);
    int v1, v2;

    if (sym_v1 == null && sym_v2 == null)
      return super.execute(th); // we'll still do the concrete execution

    // result is symbolic

    if (sym_v1 == null && sym_v2 != null) {
      v1 = sf.pop();
      v2 = sf.pop();
      if (v1 == 0) return th.createAndThrowException("java.lang.ArithmeticException", "div by 0");
      sf.push(0, false);
      IntegerExpression result = sym_v2._div(v1);
      sf.setOperandAttr(result);
      return getNext(th);
    }

    // div by zero check affects path condition
    // sym_v1 is non-null and should be checked against zero

    ChoiceGenerator<?> cg;
    boolean condition;

    if (!th.isFirstStepInsn()) { // first time around
      cg = new PCChoiceGenerator(2);
      ((PCChoiceGenerator) cg).setOffset(this.position);
      ((PCChoiceGenerator) cg).setMethodName(this.getMethodInfo().getFullName());
      th.getVM().setNextChoiceGenerator(cg);
      return this;
    } else { // this is what really returns results
      cg = th.getVM().getChoiceGenerator();
      assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg;
      condition = (Integer) cg.getNextChoice() == 0 ? false : true;
    }

    v1 = sf.pop();
    v2 = sf.pop();
    sf.push(0, false);

    PathCondition pc;
    ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGeneratorOfType(PCChoiceGenerator.class);

    if (prev_cg == null) pc = new PathCondition();
    else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC();

    assert pc != null;

    if (condition) { // check div by zero
      pc._addDet(Comparator.EQ, sym_v1, 0);
      if (pc.simplify()) { // satisfiable
        ((PCChoiceGenerator) cg).setCurrentPC(pc);

        return th.createAndThrowException("java.lang.ArithmeticException", "div by 0");
      } else {
        th.getVM().getSystemState().setIgnored(true);
        return getNext(th);
      }
    } else {
      pc._addDet(Comparator.NE, sym_v1, 0);
      if (pc.simplify()) { // satisfiable
        ((PCChoiceGenerator) cg).setCurrentPC(pc);

        // set the result
        IntegerExpression result;
        if (sym_v2 != null) result = sym_v2._div(sym_v1);
        else result = sym_v1._div_reverse(v2);

        sf = th.getModifiableTopFrame();
        sf.setOperandAttr(result);
        return getNext(th);

      } else {
        th.getVM().getSystemState().setIgnored(true);
        return getNext(th);
      }
    }
  }