Пример #1
0
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
    StackFrame sf = th.getTopFrame();

    RealExpression sym_v1 = (RealExpression) sf.getLongOperandAttr();
    double v1 = Types.longToDouble(th.longPop());
    RealExpression sym_v2 = (RealExpression) sf.getLongOperandAttr();
    double v2 = Types.longToDouble(th.longPop());

    double r = v1 * v2;

    if (sym_v1 == null && sym_v2 == null) th.longPush(Types.doubleToLong(r));
    else th.longPush(0);

    RealExpression result = null;
    if (sym_v2 != null) {
      if (sym_v1 != null) result = sym_v2._mul(sym_v1);
      else // v1 is concrete
      result = sym_v2._mul(v1);
    } else if (sym_v1 != null) result = sym_v1._mul(v2);

    sf.setLongOperandAttr(result);

    // System.out.println("Execute DMUL: "+ sf.getLongOperandAttr());

    return getNext(th);
  }
Пример #2
0
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
    long v1 = th.longPop();
    long v2 = th.longPop();

    th.push(conditionValue(v1, v2), false);

    return getNext(th);
  }
Пример #3
0
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
    int v1 = th.pop();
    int v2 = th.pop();

    th.push(v1 + v2, false);

    return getNext(th);
  }
Пример #4
0
Файл: F2L.java Проект: null3/jpf
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
    RealExpression sym_fval = (RealExpression) th.getTopFrame().getOperandAttr();

    if (sym_fval == null) {
      return super.execute(ss, ks, th);
    } else {

      // System.out.println("Execute symbolic F2L");

      // here we get a hold of the current path condition and
      // add an extra mixed constraint sym_dval==sym_ival

      ChoiceGenerator<?> cg;
      if (!th.isFirstStepInsn()) { // first time around
        cg = new PCChoiceGenerator(1); // only one choice
        ss.setNextChoiceGenerator(cg);
        return this;
      } else { // this is what really returns results
        cg = ss.getChoiceGenerator();
        assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg;
      }

      // get the path condition from the
      // previous choice generator of the same type

      PathCondition pc;
      ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGenerator();
      while (!((prev_cg == null) || (prev_cg instanceof PCChoiceGenerator))) {
        prev_cg = prev_cg.getPreviousChoiceGenerator();
      }

      if (prev_cg == null)
        pc = new PathCondition(); // TODO: handling of preconditions needs to be changed
      else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC();
      assert pc != null;

      th.pop();
      th.longPush(0); // for symbolic expressions, the concrete value does not matter
      SymbolicInteger sym_lval = new SymbolicInteger();
      StackFrame sf = th.getTopFrame();
      sf.setLongOperandAttr(sym_lval);

      pc._addDet(Comparator.EQ, sym_fval, sym_lval);

      if (!pc.simplify()) { // not satisfiable
        ss.setIgnored(true);
      } else {
        // pc.solve();
        ((PCChoiceGenerator) cg).setCurrentPC(pc);
        // System.out.println(((PCChoiceGenerator) cg).getCurrentPC());
      }

      // System.out.println("Execute D2I: " + sf.getLongOperandAttr());
      return getNext(th);
    }
  }
Пример #5
0
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
    long v1 = th.longPop();
    long v2 = th.longPop();

    if (v1 == 0) {
      return th.createAndThrowException("java.lang.ArithmeticException", "division by zero");
    }

    th.longPush(v2 % v1);

    return getNext(th);
  }
  // the purpose of this method is to set the PCheap to the "eq null" constraint for the input
  // specified w/ stringRef
  public static int makeSymbolicNull(MJIEnv env, int objRef, int stringRef) {

    // introduce a heap choice generator for the element in the heap
    ThreadInfo ti = env.getVM().getCurrentThread();
    SystemState ss = env.getVM().getSystemState();
    ChoiceGenerator<?> cg;

    if (!ti.isFirstStepInsn()) {
      cg = new HeapChoiceGenerator(1); // new
      ss.setNextChoiceGenerator(cg);
      env.repeatInvocation();
      return -1; // not used anyways
    }
    // else this is what really returns results

    cg = ss.getChoiceGenerator();
    assert (cg instanceof HeapChoiceGenerator) : "expected HeapChoiceGenerator, got: " + cg;

    // see if there were more inputs added before
    ChoiceGenerator<?> prevHeapCG = cg.getPreviousChoiceGenerator();
    while (!((prevHeapCG == null) || (prevHeapCG instanceof HeapChoiceGenerator))) {
      prevHeapCG = prevHeapCG.getPreviousChoiceGenerator();
    }

    PathCondition pcHeap;
    SymbolicInputHeap symInputHeap;
    if (prevHeapCG == null) {

      pcHeap = new PathCondition();
      symInputHeap = new SymbolicInputHeap();
    } else {
      pcHeap = ((HeapChoiceGenerator) prevHeapCG).getCurrentPCheap();
      symInputHeap = ((HeapChoiceGenerator) prevHeapCG).getCurrentSymInputHeap();
    }

    String name = env.getStringObject(stringRef);
    String refChain =
        name + "[-1]"; // why is the type used here? should use the name of the field instead

    SymbolicInteger newSymRef = new SymbolicInteger(refChain);

    // create new HeapNode based on above info
    // update associated symbolic input heap

    pcHeap._addDet(Comparator.EQ, newSymRef, new IntegerConstant(-1));
    ((HeapChoiceGenerator) cg).setCurrentPCheap(pcHeap);
    ((HeapChoiceGenerator) cg).setCurrentSymInputHeap(symInputHeap);
    // System.out.println(">>>>>>>>>>>> initial pcHeap: " + pcHeap.toString());
    return -1;
  }
Пример #7
0
    void setExecuted(ThreadInfo ti, Instruction insn) {
      int idx = ti.getId();

      if (covered == null) {
        covered = new BitSet[idx + 1];
      } else if (idx >= covered.length) {
        BitSet[] a = new BitSet[idx + 1];
        System.arraycopy(covered, 0, a, 0, covered.length);
        covered = a;
      }

      if (covered[idx] == null) {
        covered[idx] = new BitSet(mi.getInstructions().length);
      }

      int off = insn.getInstructionIndex();
      covered[idx].set(off);

      if (showBranchCoverage && (insn instanceof IfInstruction)) {
        if (branchTrue == null) {
          branchTrue = new BitSet(mi.getInstructions().length);
          branchFalse = new BitSet(branchTrue.size());
        }
        if (!((IfInstruction) insn).getConditionValue()) {
          branchTrue.set(off);
        } else {
          branchFalse.set(off);
        }
      }
    }
Пример #8
0
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo ti) {

    if (!ti.isFirstStepInsn()) {
      InvocationCG cg = new InvocationCG("INVOKECG", invokes);
      ss.setNextChoiceGenerator(cg);
      return this;

    } else {
      InvocationCG cg = ss.getCurrentChoiceGenerator("INVOKECG", InvocationCG.class);
      assert (cg != null) : "no current InvocationCG";

      Invocation call = cg.getNextChoice();
      MethodInfo callee = call.getMethodInfo();
      InstructionFactory insnFactory = MethodInfo.getInstructionFactory();

      if (callee.isStatic()) {
        realInvoke = (InvokeInstruction) insnFactory.create(null, Constants.INVOKESTATIC);
      } else {
        realInvoke = (InvokeInstruction) insnFactory.create(null, Constants.INVOKENONVIRTUAL);
      }
      realInvoke.init(mi, offset, position);
      realInvoke.setInvokedMethod(
          callee.getClassInfo().getName(), callee.getName(), callee.getSignature());

      pushArguments(ti, call.getArguments(), call.getAttrs());

      return realInvoke;
    }
  }
Пример #9
0
  void logStack(ThreadInfo ti) {
    long time = System.currentTimeMillis();

    if (time < nextLog) {
      return;
    }

    nextLog = time + logPeriod;

    out.println();
    out.print("Thread: ");
    out.print(ti.getId());
    out.println(":");

    out.println(ti.getStackTrace());
    out.println();
  }
  public static void $init(MJIEnv env, int objref) {
    ThreadInfo ti = env.getThreadInfo();
    StackFrame caller = ti.getCallerStackFrame();
    Instruction insn = caller.getPC();

    InsnExecCount a = insn.getAttr(InsnExecCount.class);
    if (a == null) {
      a = new InsnExecCount();
      insn.addAttr(a);
    }

    SystemState ss = env.getSystemState();
    if (!ss.hasRestorer(a)) {
      env.getSystemState().putRestorer(a, new InsnCountRestorer(a));
    }

    a.count++;
    env.setIntField(objref, "id", a.count);
  }
Пример #11
0
    public void setSharedErrorMessage() {
      StringBuilder sb = new StringBuilder("@NonShared object violation: ");
      sb.append(rec.ei);
      sb.append("\n\tcreated in thread: ");
      sb.append(rec.tiCreate.getName());
      sb.append("\n\tused in thread:    ");
      sb.append(tiUse.getName());
      sb.append("\n\tmethod:            ");
      sb.append(insn.getSourceLocation());

      msg = sb.toString();
    }
Пример #12
0
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo ti) {
    Heap heap = ti.getHeap();
    ClassInfo ci;

    try {
      ci = ClassInfo.getResolvedClassInfo(cname);

    } catch (NoClassInfoException cx) {
      // can be any inherited class or required interface
      return ti.createAndThrowException("java.lang.NoClassDefFoundError", cx.getMessage());
    }

    if (!ci.isRegistered()) {
      ci.registerClass(ti);
    }

    // since this is a NEW, we also have to pushClinit
    if (!ci.isInitialized()) {
      if (ci.initializeClass(ti)) {
        return ti.getPC(); // reexecute this instruction once we return from the clinits
      }
    }

    if (heap.isOutOfMemory()) { // simulate OutOfMemoryError
      return ti.createAndThrowException(
          "java.lang.OutOfMemoryError", "trying to allocate new " + cname);
    }

    int objRef = heap.newObject(ci, ti);
    newObjRef = objRef;

    // pushes the return value onto the stack
    ti.push(objRef, true);

    ss.checkGC(); // has to happen after we push the new object ref

    return getNext(ti);
  }
Пример #13
0
  void pushArguments(ThreadInfo ti, Object[] args, Object[] attrs) {
    if (args != null) {
      for (int i = 0; i < args.length; i++) {
        Object a = args[i];
        boolean isLong = false;

        if (a != null) {
          if (a instanceof Ref) {
            ti.push(((Ref) a).getReference(), true);
          } else if (a instanceof Boolean) {
            ti.push((Boolean) a ? 1 : 0, false);
          } else if (a instanceof Integer) {
            ti.push((Integer) a, false);
          } else if (a instanceof Long) {
            ti.longPush((Long) a);
            isLong = true;
          } else if (a instanceof Double) {
            ti.longPush(Types.doubleToLong((Double) a));
            isLong = true;
          } else if (a instanceof Byte) {
            ti.push((Byte) a, false);
          } else if (a instanceof Short) {
            ti.push((Short) a, false);
          } else if (a instanceof Float) {
            ti.push(Types.floatToInt((Float) a), false);
          }
        }

        if (attrs != null && attrs[i] != null) {
          if (isLong) {
            ti.setLongOperandAttr(attrs[i]);
          } else {
            ti.setOperandAttr(attrs[i]);
          }
        }
      }
    }
  }
Пример #14
0
  boolean checkConst(Record rec, ThreadInfo ti, FieldInfo fi, Instruction insn) {
    if (checkConst) {
      AnnotationInfo ai = insn.getMethodInfo().getAnnotation("gov.nasa.jpf.Const");
      if (ai != null) {
        violation = new Violation(rec, ti, fi, insn);
        violation.setConstErrorMessage();

        ti.breakTransition();
        return false;
      }
    }

    return true;
  }
Пример #15
0
  boolean checkShared(Record rec, ThreadInfo ti, InfoObject use, Instruction insn) {
    if (checkShared) {
      AnnotationInfo ai = rec.ei.getClassInfo().getAnnotation("gov.nasa.jpf.NonShared");
      if (ai != null && ti != rec.tiCreate) {
        violation = new Violation(rec, ti, use, insn);
        violation.setSharedErrorMessage();

        ti.breakTransition();
        return false;
      }
    }

    return true;
  }
Пример #16
0
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
    th.dup2_x2();

    return getNext(th);
  }
  public static void makeFieldsSymbolic(MJIEnv env, int objRef, int stringRef, int objvRef) {
    // makes all the fields of obj v symbolic and adds obj v to the symbolic heap to kick off lazy
    // initialization
    if (objvRef == -1) throw new RuntimeException("## Error: null object");
    // introduce a heap choice generator for the element in the heap
    ThreadInfo ti = env.getVM().getCurrentThread();
    SystemState ss = env.getVM().getSystemState();
    ChoiceGenerator<?> cg;

    if (!ti.isFirstStepInsn()) {
      cg = new HeapChoiceGenerator(1); // new
      ss.setNextChoiceGenerator(cg);
      env.repeatInvocation();
      return; // not used anyways
    }
    // else this is what really returns results

    cg = ss.getChoiceGenerator();
    assert (cg instanceof HeapChoiceGenerator) : "expected HeapChoiceGenerator, got: " + cg;

    // see if there were more inputs added before
    ChoiceGenerator<?> prevHeapCG = cg.getPreviousChoiceGenerator();
    while (!((prevHeapCG == null) || (prevHeapCG instanceof HeapChoiceGenerator))) {
      prevHeapCG = prevHeapCG.getPreviousChoiceGenerator();
    }

    PathCondition pcHeap;
    SymbolicInputHeap symInputHeap;
    if (prevHeapCG == null) {

      pcHeap = new PathCondition();
      symInputHeap = new SymbolicInputHeap();
    } else {
      pcHeap = ((HeapChoiceGenerator) prevHeapCG).getCurrentPCheap();
      symInputHeap = ((HeapChoiceGenerator) prevHeapCG).getCurrentSymInputHeap();
    }

    // set all the fields to be symbolic
    ClassInfo ci = env.getClassInfo(objvRef);
    FieldInfo[] fields = ci.getDeclaredInstanceFields();
    FieldInfo[] staticFields = ci.getDeclaredStaticFields();

    String name = env.getStringObject(stringRef);
    String refChain =
        name + "[" + objvRef
            + "]"; // why is the type used here? should use the name of the field instead

    SymbolicInteger newSymRef = new SymbolicInteger(refChain);
    // ElementInfo eiRef = DynamicArea.getHeap().get(objvRef);
    ElementInfo eiRef = JVM.getVM().getHeap().get(objvRef);
    Helper.initializeInstanceFields(fields, eiRef, refChain);
    Helper.initializeStaticFields(staticFields, ci, ti);

    // create new HeapNode based on above info
    // update associated symbolic input heap

    ClassInfo typeClassInfo = eiRef.getClassInfo();

    HeapNode n = new HeapNode(objvRef, typeClassInfo, newSymRef);
    symInputHeap._add(n);
    pcHeap._addDet(Comparator.NE, newSymRef, new IntegerConstant(-1));
    ((HeapChoiceGenerator) cg).setCurrentPCheap(pcHeap);
    ((HeapChoiceGenerator) cg).setCurrentSymInputHeap(symInputHeap);
    // System.out.println(">>>>>>>>>>>> initial pcHeap: " + pcHeap.toString());
    return;
  }
Пример #18
0
  @Override
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo ti) {

    StackFrame sf = ti.getTopFrame();

    IntegerExpression sym_v1 = (IntegerExpression) sf.getOperandAttr(1);
    IntegerExpression sym_v2 = (IntegerExpression) sf.getOperandAttr(0);

    if ((sym_v1 == null) && (sym_v2 == null)) { // both conditions are concrete
      // System.out.println("Execute IF_ICMPEQ: The conditions are concrete");
      return super.execute(ss, ks, ti);
    } else { // at least one condition is symbolic
      ChoiceGenerator<?> cg;

      if (!ti.isFirstStepInsn()) { // first time around
        cg = new PCChoiceGenerator(2);
        ss.setNextChoiceGenerator(cg);
        return this;
      } else { // this is what really returns results
        cg = ss.getChoiceGenerator();
        assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg;
        conditionValue = (Integer) cg.getNextChoice() == 0 ? false : true;
      }

      int v2 = ti.pop();
      int v1 = ti.pop();
      // System.out.println("Execute IF_ICMPEQ: "+ conditionValue);
      PathCondition pc;

      // pc is updated with the pc stored in the choice generator above
      // get the path condition from the
      // previous choice generator of the same type

      ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGenerator();
      while (!((prev_cg == null) || (prev_cg instanceof PCChoiceGenerator))) {
        prev_cg = prev_cg.getPreviousChoiceGenerator();
      }

      if (prev_cg == null) pc = new PathCondition();
      else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC();

      assert pc != null;

      if (conditionValue) {
        if (sym_v1 != null) {
          if (sym_v2 != null) { // both are symbolic values
            pc._addDet(Comparator.EQ, sym_v1, sym_v2);
          } else pc._addDet(Comparator.EQ, sym_v1, v2);
        } else pc._addDet(Comparator.EQ, v1, sym_v2);
        if (!pc.simplify()) { // not satisfiable
          ss.setIgnored(true);
        } else {
          // pc.solve();
          ((PCChoiceGenerator) cg).setCurrentPC(pc);
          //	System.out.println(((PCChoiceGenerator) cg).getCurrentPC());
        }
        return getTarget();
      } else {
        if (sym_v1 != null) {
          if (sym_v2 != null) { // both are symbolic values
            pc._addDet(Comparator.NE, sym_v1, sym_v2);
          } else pc._addDet(Comparator.NE, sym_v1, v2);
        } else pc._addDet(Comparator.NE, v1, sym_v2);
        if (!pc.simplify()) { // not satisfiable
          ss.setIgnored(true);
        } else {
          // pc.solve();
          ((PCChoiceGenerator) cg).setCurrentPC(pc);
          // System.out.println(((PCChoiceGenerator) cg).getCurrentPC());
        }
        return getNext(ti);
      }
    }
  }
Пример #19
0
  /** @see gov.nasa.jpf.ListenerAdapter#instructionExecuted(gov.nasa.jpf.jvm.JVM) */
  public void instructionExecuted(JVM vm) {
    Instruction instr = vm.getLastInstruction();
    ThreadInfo ti = vm.getLastThreadInfo();

    if (instr instanceof InvokeInstruction) {
      InvokeInstruction invInstr = ((InvokeInstruction) instr);

      String method = invInstr.toString();
      // if(method.contains("Test"))
      // System.out.println(method);

      MethodInfo mi = ((InvokeInstruction) instr).getInvokedMethod();
      if (this.traceDefFilter != null && this.traceDefFilter.accept(mi)) {
        // Callee
        ElementInfo calleeElement = ti.getThisElementInfo();
        MethodInfo calleeMethod = invInstr.getInvokedMethod();
        ClassInfo calleeClass = null;
        int calleeID = -1;
        if (calleeMethod.isStatic()) {
          // static method: method declared in class
          calleeClass = calleeMethod.getClassInfo();
          // static methods do not have a instance
          calleeID = -1;
        } else {
          // non static method: method is maybe overridden. get the current class
          // instead of the class the method is declared in.
          calleeClass = calleeElement.getClassInfo();
          // get the current instance
          calleeID = calleeElement.getThisReference();
        }
        assert (calleeClass != null);

        // Caller
        ElementInfo callerElement = ti.getElementInfo(ti.getCallerStackFrame().getThis());
        if (callerElement != null) {
          MethodInfo callerMethod = invInstr.getMethodInfo();
          ClassInfo callerClass = null;
          int callerID = -1;
          if (callerMethod.isStatic()) {
            // see above
            callerClass = callerMethod.getClassInfo();
            callerID = -1;
          } else {
            // see above
            callerClass = callerElement.getClassInfo();
            callerID = callerElement.getThisReference();
          }

          // Arguments
          Object[] argumentValues = invInstr.getArgumentValues(ti);
          Object[] arguments = new Object[argumentValues.length];
          for (int i = 0; i < arguments.length; i++) {
            if (this.argumentValues) {
              if (argumentValues[i] instanceof ElementInfo)
                arguments[i] = ((ElementInfo) argumentValues[i]).getThisReference();
              else arguments[i] = argumentValues[i];
            } else arguments[i] = null;
          }

          MethodEntry methodEntry =
              new MethodEntry(
                  callerID,
                  callerMethod,
                  callerClass,
                  calleeID,
                  calleeMethod,
                  calleeClass,
                  arguments,
                  ti.getName());

          this.currentStateNode.methods.add(methodEntry);

          if (this.timeStamps) methodEntry.time = new Date().getTime();
        }
      }
    }
  }
Пример #20
0
  public boolean popConditionValue(ThreadInfo ti) {
    int v1 = ti.pop();
    int v2 = ti.pop();

    return (v1 == v2);
  }
Пример #21
0
 void log(ThreadInfo ti, String fmt, Object... args) {
   out.print(ti.getId());
   out.print(": ");
   out.printf(fmt, args);
   out.println();
 }
Пример #22
0
  public Instruction execute(SystemState ss, KernelState ks, ThreadInfo th) {
    th.longPush(value);

    return getNext(th);
  }