@Override public Instruction execute(ThreadInfo th) { IntegerExpression sym_lval = (IntegerExpression) th.getModifiableTopFrame().getLongOperandAttr(); if (sym_lval == null) { return super.execute(th); } else { // throw new RuntimeException("## Error: symbolic L2F not yet hanled "); // here we get a hold of the current path condition and // add an extra mixed constraint sym_dval==sym_ival ChoiceGenerator<?> cg; if (!th.isFirstStepInsn()) { // first time around cg = new PCChoiceGenerator(1); // only one choice th.getVM().getSystemState().setNextChoiceGenerator(cg); return this; } else { // this is what really returns results cg = th.getVM().getSystemState().getChoiceGenerator(); assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg; } // get the path condition from the // previous choice generator of the same type PathCondition pc; ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGenerator(); while (!((prev_cg == null) || (prev_cg instanceof PCChoiceGenerator))) { prev_cg = prev_cg.getPreviousChoiceGenerator(); } if (prev_cg == null) pc = new PathCondition(); // TODO: handling of preconditions needs to be changed else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC(); assert pc != null; StackFrame sf = th.getModifiableTopFrame(); sf.popLong(); sf.push(0, false); // for symbolic expressions, the concrete value does not matter SymbolicReal sym_fval = new SymbolicReal(); sf.setOperandAttr(sym_fval); pc._addDet(Comparator.EQ, sym_fval, sym_lval); if (!pc.simplify()) { // not satisfiable th.getVM().getSystemState().setIgnored(true); } else { // pc.solve(); ((PCChoiceGenerator) cg).setCurrentPC(pc); // System.out.println(((PCChoiceGenerator) cg).getCurrentPC()); } // System.out.println("Execute L2F: " + sf.getLongOperandAttr()); return getNext(th); } }
@Override public Instruction execute(SystemState ss, KernelState ks, ThreadInfo ti) { StackFrame sf = ti.getTopFrame(); IntegerExpression sym_v1 = (IntegerExpression) sf.getOperandAttr(1); IntegerExpression sym_v2 = (IntegerExpression) sf.getOperandAttr(0); if ((sym_v1 == null) && (sym_v2 == null)) { // both conditions are concrete // System.out.println("Execute IF_ICMPEQ: The conditions are concrete"); return super.execute(ss, ks, ti); } else { // at least one condition is symbolic ChoiceGenerator<?> cg; if (!ti.isFirstStepInsn()) { // first time around cg = new PCChoiceGenerator(2); ss.setNextChoiceGenerator(cg); return this; } else { // this is what really returns results cg = ss.getChoiceGenerator(); assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg; conditionValue = (Integer) cg.getNextChoice() == 0 ? false : true; } int v2 = ti.pop(); int v1 = ti.pop(); // System.out.println("Execute IF_ICMPEQ: "+ conditionValue); PathCondition pc; // pc is updated with the pc stored in the choice generator above // get the path condition from the // previous choice generator of the same type ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGenerator(); while (!((prev_cg == null) || (prev_cg instanceof PCChoiceGenerator))) { prev_cg = prev_cg.getPreviousChoiceGenerator(); } if (prev_cg == null) pc = new PathCondition(); else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC(); assert pc != null; if (conditionValue) { if (sym_v1 != null) { if (sym_v2 != null) { // both are symbolic values pc._addDet(Comparator.EQ, sym_v1, sym_v2); } else pc._addDet(Comparator.EQ, sym_v1, v2); } else pc._addDet(Comparator.EQ, v1, sym_v2); if (!pc.simplify()) { // not satisfiable ss.setIgnored(true); } else { // pc.solve(); ((PCChoiceGenerator) cg).setCurrentPC(pc); // System.out.println(((PCChoiceGenerator) cg).getCurrentPC()); } return getTarget(); } else { if (sym_v1 != null) { if (sym_v2 != null) { // both are symbolic values pc._addDet(Comparator.NE, sym_v1, sym_v2); } else pc._addDet(Comparator.NE, sym_v1, v2); } else pc._addDet(Comparator.NE, v1, sym_v2); if (!pc.simplify()) { // not satisfiable ss.setIgnored(true); } else { // pc.solve(); ((PCChoiceGenerator) cg).setCurrentPC(pc); // System.out.println(((PCChoiceGenerator) cg).getCurrentPC()); } return getNext(ti); } } }
@SuppressWarnings("deprecation") @Override public Instruction execute(ThreadInfo ti) { StackFrame sf = ti.getModifiableTopFrame(); IntegerExpression sym_v = (IntegerExpression) sf.getOperandAttr(); if (sym_v == null) { // the condition is concrete return super.execute(ti); } else { // the condition is symbolic ChoiceGenerator<?> cg; if (!ti.isFirstStepInsn()) { // first time around cg = new PCChoiceGenerator(matches.length + 1); ((PCChoiceGenerator) cg).setOffset(this.position); ((PCChoiceGenerator) cg).setMethodName(this.getMethodInfo().getCompleteName()); ti.getVM().getSystemState().setNextChoiceGenerator(cg); return this; } else { // this is what really returns results cg = ti.getVM().getSystemState().getChoiceGenerator(); assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg; } sym_v = (IntegerExpression) sf.getOperandAttr(); sf.pop(); PathCondition pc; // pc is updated with the pc stored in the choice generator above // get the path condition from the // previous choice generator of the same type // TODO: could be optimized to not do this for each choice ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGeneratorOfType(PCChoiceGenerator.class); if (prev_cg == null) pc = new PathCondition(); else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC(); assert pc != null; int idx = (Integer) cg.getNextChoice(); if (idx == matches.length) { // default branch lastIdx = DEFAULT; for (int i = 0; i < matches.length; i++) pc._addDet(Comparator.NE, sym_v, matches[i]); if (!pc.simplify()) { // not satisfiable ti.getVM().getSystemState().setIgnored(true); } else { // pc.solve(); ((PCChoiceGenerator) cg).setCurrentPC(pc); // System.out.println(((PCChoiceGenerator) cg).getCurrentPC()); } return mi.getInstructionAt(target); } else { lastIdx = idx; // System.out.println("index "+idx); pc._addDet(Comparator.EQ, sym_v, matches[idx]); // System.out.println(sym_v + "eq"+ matches[idx]); // System.out.println("pc after "+pc); if (!pc.simplify()) { // not satisfiable ti.getVM().getSystemState().setIgnored(true); } else { // pc.solve(); ((PCChoiceGenerator) cg).setCurrentPC(pc); // System.out.println(((PCChoiceGenerator) cg).getCurrentPC()); } return mi.getInstructionAt(targets[idx]); } } }
@Override public Instruction execute(ThreadInfo th) { StackFrame sf = th.getModifiableTopFrame(); IntegerExpression sym_v1 = (IntegerExpression) sf.getOperandAttr(0); IntegerExpression sym_v2 = (IntegerExpression) sf.getOperandAttr(1); int v1, v2; if (sym_v1 == null && sym_v2 == null) return super.execute(th); // we'll still do the concrete execution // result is symbolic if (sym_v1 == null && sym_v2 != null) { v1 = sf.pop(); v2 = sf.pop(); if (v1 == 0) return th.createAndThrowException("java.lang.ArithmeticException", "div by 0"); sf.push(0, false); IntegerExpression result = sym_v2._div(v1); sf.setOperandAttr(result); return getNext(th); } // div by zero check affects path condition // sym_v1 is non-null and should be checked against zero ChoiceGenerator<?> cg; boolean condition; if (!th.isFirstStepInsn()) { // first time around cg = new PCChoiceGenerator(2); ((PCChoiceGenerator) cg).setOffset(this.position); ((PCChoiceGenerator) cg).setMethodName(this.getMethodInfo().getFullName()); th.getVM().setNextChoiceGenerator(cg); return this; } else { // this is what really returns results cg = th.getVM().getChoiceGenerator(); assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg; condition = (Integer) cg.getNextChoice() == 0 ? false : true; } v1 = sf.pop(); v2 = sf.pop(); sf.push(0, false); PathCondition pc; ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGeneratorOfType(PCChoiceGenerator.class); if (prev_cg == null) pc = new PathCondition(); else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC(); assert pc != null; if (condition) { // check div by zero pc._addDet(Comparator.EQ, sym_v1, 0); if (pc.simplify()) { // satisfiable ((PCChoiceGenerator) cg).setCurrentPC(pc); return th.createAndThrowException("java.lang.ArithmeticException", "div by 0"); } else { th.getVM().getSystemState().setIgnored(true); return getNext(th); } } else { pc._addDet(Comparator.NE, sym_v1, 0); if (pc.simplify()) { // satisfiable ((PCChoiceGenerator) cg).setCurrentPC(pc); // set the result IntegerExpression result; if (sym_v2 != null) result = sym_v2._div(sym_v1); else result = sym_v1._div_reverse(v2); sf = th.getModifiableTopFrame(); sf.setOperandAttr(result); return getNext(th); } else { th.getVM().getSystemState().setIgnored(true); return getNext(th); } } }
@Override public Instruction execute(ThreadInfo ti) { // We may need to add the case where we have a smybolic index and a concrete array IntegerExpression indexAttr = null; ArrayExpression arrayAttr = null; StackFrame frame = ti.getModifiableTopFrame(); int arrayRef = peekArrayRef(ti); // need to be polymorphic, could be LongArrayStore if (arrayRef == MJIEnv.NULL) { return ti.createAndThrowException("java.lang.NullPointerException"); } // Retrieve the array expression if it was previously in the pathcondition, and store it as an // array attr PCChoiceGenerator temp_cg = (PCChoiceGenerator) ti.getVM().getLastChoiceGeneratorOfType(PCChoiceGenerator.class); if (temp_cg != null) { if (temp_cg .getCurrentPC() .arrayExpressions .containsKey(ti.getElementInfo(ti.getModifiableTopFrame().peek(2)).toString())) { ti.getModifiableTopFrame() .setOperandAttr( 2, temp_cg .getCurrentPC() .arrayExpressions .get(ti.getElementInfo(ti.getModifiableTopFrame().peek(2)).toString())); } } // If only the value is symbolic, we use the concrete instruction if (peekArrayAttr(ti) == null || !(peekArrayAttr(ti) instanceof ArrayExpression)) { // In this case, the array isn't symbolic if (peekIndexAttr(ti) == null || !(peekIndexAttr(ti) instanceof IntegerExpression)) { return super.execute(ti); } } ChoiceGenerator<?> cg; if (!ti.isFirstStepInsn()) { // first time around cg = new PCChoiceGenerator(3); ((PCChoiceGenerator) cg).setOffset(this.position); ((PCChoiceGenerator) cg).setMethodName(this.getMethodInfo().getFullName()); ti.getVM().setNextChoiceGenerator(cg); return this; } else { // this is what really returns results cg = ti.getVM().getChoiceGenerator(); assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg; } PathCondition pc; ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGeneratorOfType(PCChoiceGenerator.class); if (prev_cg == null) pc = new PathCondition(); else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC(); assert pc != null; if (peekIndexAttr(ti) == null || !(peekIndexAttr(ti) instanceof IntegerExpression)) { int index = ti.getTopFrame().peek(1); indexAttr = new IntegerConstant(index); } else { indexAttr = (IntegerExpression) peekIndexAttr(ti); } assert (indexAttr != null) : "indexAttr shouldn't be null in FASTORE instruction"; if (peekArrayAttr(ti) == null || !(peekArrayAttr(ti) instanceof ArrayExpression)) { // In this case, the array isn't symbolic if (peekIndexAttr(ti) == null || !(peekIndexAttr(ti) instanceof IntegerExpression)) { return super.execute(ti); } else { // We create a symbolic array out of the concrete array ElementInfo arrayInfo = ti.getElementInfo(arrayRef); arrayAttr = ArrayExpression.create(arrayInfo.toString(), arrayInfo.arrayLength()); // We add the constraints about all the elements of the array for (int i = 0; i < arrayInfo.arrayLength(); i++) { float arrValue = arrayInfo.getFloatElement(i); pc._addDet( Comparator.EQ, new SelectExpression(arrayAttr, new IntegerConstant(i)), new RealConstant(arrValue)); } } } else { arrayAttr = (ArrayExpression) peekArrayAttr(ti); } assert (arrayAttr != null) : "arrayAttr shouldn't be null in FASTORE instruction"; if ((Integer) cg.getNextChoice() == 1) { // check bounds of the index pc._addDet(Comparator.GE, indexAttr, arrayAttr.length); if (pc.simplify()) { // satisfiable ((PCChoiceGenerator) cg).setCurrentPC(pc); return ti.createAndThrowException( "java.lang.ArrayIndexOutOfBoundsException", "index greater than array bounds"); } else { ti.getVM().getSystemState().setIgnored(true); return getNext(ti); } } else if ((Integer) cg.getNextChoice() == 2) { pc._addDet(Comparator.LT, indexAttr, new IntegerConstant(0)); if (pc.simplify()) { // satisfiable ((PCChoiceGenerator) cg).setCurrentPC(pc); return ti.createAndThrowException( "java.lang.ArrayIndexOutOfBoundsException", "index smaller than array bounds"); } else { ti.getVM().getSystemState().setIgnored(true); return getNext(ti); } } else { pc._addDet(Comparator.LT, indexAttr, arrayAttr.length); pc._addDet(Comparator.GE, indexAttr, new IntegerConstant(0)); if (pc.simplify()) { // satisfiable ((PCChoiceGenerator) cg).setCurrentPC(pc); RealExpression sym_value = null; if (frame.getOperandAttr(0) == null || !(frame.getOperandAttr(0) instanceof RealExpression)) { float value = frame.popFloat(); sym_value = new RealConstant(value); } else { // The value is symbolic. sym_value = (RealExpression) frame.getOperandAttr(0); frame.popFloat(); } // We create a new arrayAttr, and inherits information from the previous attribute ArrayExpression newArrayAttr = new ArrayExpression(arrayAttr); frame.pop(2); // We pop the array and the index RealStoreExpression se = new RealStoreExpression(arrayAttr, indexAttr, sym_value); pc._addDet(Comparator.EQ, se, newArrayAttr); pc.arrayExpressions.put(newArrayAttr.getRootName(), newArrayAttr); return getNext(ti); } else { ti.getVM().getSystemState().setIgnored(true); return getNext(ti); } } }