@Override public Instruction execute(ThreadInfo th) { StackFrame sf = th.getModifiableTopFrame(); IntegerExpression sym_v1 = (IntegerExpression) sf.getOperandAttr(0); IntegerExpression sym_v2 = (IntegerExpression) sf.getOperandAttr(1); if (sym_v1 == null && sym_v2 == null) return super.execute(th); // we'll still do the concrete execution else { int v1 = sf.pop(); int v2 = sf.pop(); sf.push(0, false); // for symbolic expressions, the concrete value does not matter IntegerExpression result = null; if (sym_v1 != null) { if (sym_v2 != null) result = sym_v1._or(sym_v2); else // v2 is concrete result = sym_v1._or(v2); } else if (sym_v2 != null) result = sym_v2._or(v1); sf.setOperandAttr(result); // System.out.println("Execute IADD: "+result); return getNext(th); } }
public Instruction execute(ThreadInfo ti) { StackFrame frame = ti.getModifiableTopFrame(); float v = frame.popFloat(); frame.pushLong((long) v); return getNext(ti); }
@Override public Instruction execute(ThreadInfo ti) { StackFrame frame = ti.getModifiableTopFrame(); int v1 = frame.pop(); int v2 = frame.pop(); frame.push(v1 | v2); return getNext(ti); }
@MJI public void $init(MJIEnv env, int objref, FeatureExpr ctx) { ThreadInfo ti = env.getThreadInfo(); StackFrame caller = ti.getCallerStackFrame(); Instruction insn = caller.getPC().getValue(); InsnExecCount a = insn.getAttr(InsnExecCount.class); if (a == null) { a = new InsnExecCount(); insn.addAttr(a); } SystemState ss = env.getSystemState(); if (!ss.hasRestorer(a)) { env.getSystemState().putRestorer(a, new InsnCountRestorer(a)); } a.count++; env.setIntField(ctx, objref, "id", new One<>(a.count)); }
@Override public Instruction execute(ThreadInfo ti) { StackFrame frame = ti.getModifiableTopFrame(); int v = frame.getLocalVariable(index); v += increment; frame.setLocalVariable(index, v, false); return getNext(ti); }
@Override public Instruction execute(ThreadInfo th) { IntegerExpression sym_lval = (IntegerExpression) th.getModifiableTopFrame().getLongOperandAttr(); if (sym_lval == null) { return super.execute(th); } else { // throw new RuntimeException("## Error: symbolic L2F not yet hanled "); // here we get a hold of the current path condition and // add an extra mixed constraint sym_dval==sym_ival ChoiceGenerator<?> cg; if (!th.isFirstStepInsn()) { // first time around cg = new PCChoiceGenerator(1); // only one choice th.getVM().getSystemState().setNextChoiceGenerator(cg); return this; } else { // this is what really returns results cg = th.getVM().getSystemState().getChoiceGenerator(); assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg; } // get the path condition from the // previous choice generator of the same type PathCondition pc; ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGenerator(); while (!((prev_cg == null) || (prev_cg instanceof PCChoiceGenerator))) { prev_cg = prev_cg.getPreviousChoiceGenerator(); } if (prev_cg == null) pc = new PathCondition(); // TODO: handling of preconditions needs to be changed else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC(); assert pc != null; StackFrame sf = th.getModifiableTopFrame(); sf.popLong(); sf.push(0, false); // for symbolic expressions, the concrete value does not matter SymbolicReal sym_fval = new SymbolicReal(); sf.setOperandAttr(sym_fval); pc._addDet(Comparator.EQ, sym_fval, sym_lval); if (!pc.simplify()) { // not satisfiable th.getVM().getSystemState().setIgnored(true); } else { // pc.solve(); ((PCChoiceGenerator) cg).setCurrentPC(pc); // System.out.println(((PCChoiceGenerator) cg).getCurrentPC()); } // System.out.println("Execute L2F: " + sf.getLongOperandAttr()); return getNext(th); } }
@Override public Instruction execute(ThreadInfo th) { StackFrame sf = th.getModifiableTopFrame(); RealExpression sym_v1 = (RealExpression) sf.getOperandAttr(1); RealExpression sym_v2 = (RealExpression) sf.getOperandAttr(3); if (sym_v1 == null && sym_v2 == null) { // both conditions are concrete return super.execute(th); } else { // at least one condition is symbolic Instruction nxtInstr = IFInstrSymbHelper.getNextInstructionAndSetPCChoiceDouble( th, this, sym_v1, sym_v2, Comparator.LT, Comparator.EQ, Comparator.GT); return nxtInstr; } }
@Override public void methodExited(VM vm, ThreadInfo ti, MethodInfo mi) { if (traceActive) { assertSame(mi, ThreadInfo.getCurrentThread().getTopFrameMethodInfo()); if (CLSNAME.equals(mi.getClassName())) { level--; String prefix = levelPrefix(level); trace.add(prefix + "< " + mi.getName()); System.out.println(prefix + "< " + mi.getName()); if (level == 0) { traceActive = false; } } } }
@Override public Instruction execute(ThreadInfo ti) { StackFrame sf = ti.getModifiableTopFrame(); IntegerExpression sym_v1 = (IntegerExpression) sf.getOperandAttr(1); IntegerExpression sym_v2 = (IntegerExpression) sf.getOperandAttr(0); if ((sym_v1 == null) && (sym_v2 == null)) { // both conditions are concrete // System.out.println("Execute IF_ICMPLT: The conditions are concrete"); return super.execute(ti); } else { // at least one condition is symbolic Instruction nxtInstr = IFInstrSymbHelper.getNextInstructionAndSetPCChoice( ti, this, sym_v1, sym_v2, Comparator.LT, Comparator.GE); return nxtInstr; } }
@Override public void methodEntered(VM vm, ThreadInfo ti, MethodInfo mi) { assertSame(mi, ThreadInfo.getCurrentThread().getTopFrameMethodInfo()); if (CLSNAME.equals(mi.getClassName())) { String mthName = mi.getName(); if (mthName.equals(startMthName)) { traceActive = true; level = 0; } if (traceActive) { String prefix = levelPrefix(level); trace.add(prefix + "> " + mthName); System.out.println(prefix + "> " + mthName); level++; } } }
@SuppressWarnings("deprecation") @Override public Instruction execute(ThreadInfo ti) { StackFrame sf = ti.getModifiableTopFrame(); IntegerExpression sym_v = (IntegerExpression) sf.getOperandAttr(); if (sym_v == null) { // the condition is concrete return super.execute(ti); } else { // the condition is symbolic ChoiceGenerator<?> cg; if (!ti.isFirstStepInsn()) { // first time around cg = new PCChoiceGenerator(matches.length + 1); ((PCChoiceGenerator) cg).setOffset(this.position); ((PCChoiceGenerator) cg).setMethodName(this.getMethodInfo().getCompleteName()); ti.getVM().getSystemState().setNextChoiceGenerator(cg); return this; } else { // this is what really returns results cg = ti.getVM().getSystemState().getChoiceGenerator(); assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg; } sym_v = (IntegerExpression) sf.getOperandAttr(); sf.pop(); PathCondition pc; // pc is updated with the pc stored in the choice generator above // get the path condition from the // previous choice generator of the same type // TODO: could be optimized to not do this for each choice ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGeneratorOfType(PCChoiceGenerator.class); if (prev_cg == null) pc = new PathCondition(); else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC(); assert pc != null; int idx = (Integer) cg.getNextChoice(); if (idx == matches.length) { // default branch lastIdx = DEFAULT; for (int i = 0; i < matches.length; i++) pc._addDet(Comparator.NE, sym_v, matches[i]); if (!pc.simplify()) { // not satisfiable ti.getVM().getSystemState().setIgnored(true); } else { // pc.solve(); ((PCChoiceGenerator) cg).setCurrentPC(pc); // System.out.println(((PCChoiceGenerator) cg).getCurrentPC()); } return mi.getInstructionAt(target); } else { lastIdx = idx; // System.out.println("index "+idx); pc._addDet(Comparator.EQ, sym_v, matches[idx]); // System.out.println(sym_v + "eq"+ matches[idx]); // System.out.println("pc after "+pc); if (!pc.simplify()) { // not satisfiable ti.getVM().getSystemState().setIgnored(true); } else { // pc.solve(); ((PCChoiceGenerator) cg).setCurrentPC(pc); // System.out.println(((PCChoiceGenerator) cg).getCurrentPC()); } return mi.getInstructionAt(targets[idx]); } } }
@MJI public int getProcessId____I(MJIEnv env, int objRef, FeatureExpr ctx) { return ThreadInfo.getCurrentThread().getApplicationContext().getId(); }
@Override public Instruction execute(ThreadInfo th) { StackFrame sf = th.getModifiableTopFrame(); IntegerExpression sym_v1 = (IntegerExpression) sf.getOperandAttr(0); IntegerExpression sym_v2 = (IntegerExpression) sf.getOperandAttr(1); int v1, v2; if (sym_v1 == null && sym_v2 == null) return super.execute(th); // we'll still do the concrete execution // result is symbolic if (sym_v1 == null && sym_v2 != null) { v1 = sf.pop(); v2 = sf.pop(); if (v1 == 0) return th.createAndThrowException("java.lang.ArithmeticException", "div by 0"); sf.push(0, false); IntegerExpression result = sym_v2._div(v1); sf.setOperandAttr(result); return getNext(th); } // div by zero check affects path condition // sym_v1 is non-null and should be checked against zero ChoiceGenerator<?> cg; boolean condition; if (!th.isFirstStepInsn()) { // first time around cg = new PCChoiceGenerator(2); ((PCChoiceGenerator) cg).setOffset(this.position); ((PCChoiceGenerator) cg).setMethodName(this.getMethodInfo().getFullName()); th.getVM().setNextChoiceGenerator(cg); return this; } else { // this is what really returns results cg = th.getVM().getChoiceGenerator(); assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg; condition = (Integer) cg.getNextChoice() == 0 ? false : true; } v1 = sf.pop(); v2 = sf.pop(); sf.push(0, false); PathCondition pc; ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGeneratorOfType(PCChoiceGenerator.class); if (prev_cg == null) pc = new PathCondition(); else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC(); assert pc != null; if (condition) { // check div by zero pc._addDet(Comparator.EQ, sym_v1, 0); if (pc.simplify()) { // satisfiable ((PCChoiceGenerator) cg).setCurrentPC(pc); return th.createAndThrowException("java.lang.ArithmeticException", "div by 0"); } else { th.getVM().getSystemState().setIgnored(true); return getNext(th); } } else { pc._addDet(Comparator.NE, sym_v1, 0); if (pc.simplify()) { // satisfiable ((PCChoiceGenerator) cg).setCurrentPC(pc); // set the result IntegerExpression result; if (sym_v2 != null) result = sym_v2._div(sym_v1); else result = sym_v1._div_reverse(v2); sf = th.getModifiableTopFrame(); sf.setOperandAttr(result); return getNext(th); } else { th.getVM().getSystemState().setIgnored(true); return getNext(th); } } }
@Override public Instruction execute(ThreadInfo ti) { // We may need to add the case where we have a smybolic index and a concrete array IntegerExpression indexAttr = null; ArrayExpression arrayAttr = null; StackFrame frame = ti.getModifiableTopFrame(); int arrayRef = peekArrayRef(ti); // need to be polymorphic, could be LongArrayStore if (arrayRef == MJIEnv.NULL) { return ti.createAndThrowException("java.lang.NullPointerException"); } // Retrieve the array expression if it was previously in the pathcondition, and store it as an // array attr PCChoiceGenerator temp_cg = (PCChoiceGenerator) ti.getVM().getLastChoiceGeneratorOfType(PCChoiceGenerator.class); if (temp_cg != null) { if (temp_cg .getCurrentPC() .arrayExpressions .containsKey(ti.getElementInfo(ti.getModifiableTopFrame().peek(2)).toString())) { ti.getModifiableTopFrame() .setOperandAttr( 2, temp_cg .getCurrentPC() .arrayExpressions .get(ti.getElementInfo(ti.getModifiableTopFrame().peek(2)).toString())); } } // If only the value is symbolic, we use the concrete instruction if (peekArrayAttr(ti) == null || !(peekArrayAttr(ti) instanceof ArrayExpression)) { // In this case, the array isn't symbolic if (peekIndexAttr(ti) == null || !(peekIndexAttr(ti) instanceof IntegerExpression)) { return super.execute(ti); } } ChoiceGenerator<?> cg; if (!ti.isFirstStepInsn()) { // first time around cg = new PCChoiceGenerator(3); ((PCChoiceGenerator) cg).setOffset(this.position); ((PCChoiceGenerator) cg).setMethodName(this.getMethodInfo().getFullName()); ti.getVM().setNextChoiceGenerator(cg); return this; } else { // this is what really returns results cg = ti.getVM().getChoiceGenerator(); assert (cg instanceof PCChoiceGenerator) : "expected PCChoiceGenerator, got: " + cg; } PathCondition pc; ChoiceGenerator<?> prev_cg = cg.getPreviousChoiceGeneratorOfType(PCChoiceGenerator.class); if (prev_cg == null) pc = new PathCondition(); else pc = ((PCChoiceGenerator) prev_cg).getCurrentPC(); assert pc != null; if (peekIndexAttr(ti) == null || !(peekIndexAttr(ti) instanceof IntegerExpression)) { int index = ti.getTopFrame().peek(1); indexAttr = new IntegerConstant(index); } else { indexAttr = (IntegerExpression) peekIndexAttr(ti); } assert (indexAttr != null) : "indexAttr shouldn't be null in FASTORE instruction"; if (peekArrayAttr(ti) == null || !(peekArrayAttr(ti) instanceof ArrayExpression)) { // In this case, the array isn't symbolic if (peekIndexAttr(ti) == null || !(peekIndexAttr(ti) instanceof IntegerExpression)) { return super.execute(ti); } else { // We create a symbolic array out of the concrete array ElementInfo arrayInfo = ti.getElementInfo(arrayRef); arrayAttr = ArrayExpression.create(arrayInfo.toString(), arrayInfo.arrayLength()); // We add the constraints about all the elements of the array for (int i = 0; i < arrayInfo.arrayLength(); i++) { float arrValue = arrayInfo.getFloatElement(i); pc._addDet( Comparator.EQ, new SelectExpression(arrayAttr, new IntegerConstant(i)), new RealConstant(arrValue)); } } } else { arrayAttr = (ArrayExpression) peekArrayAttr(ti); } assert (arrayAttr != null) : "arrayAttr shouldn't be null in FASTORE instruction"; if ((Integer) cg.getNextChoice() == 1) { // check bounds of the index pc._addDet(Comparator.GE, indexAttr, arrayAttr.length); if (pc.simplify()) { // satisfiable ((PCChoiceGenerator) cg).setCurrentPC(pc); return ti.createAndThrowException( "java.lang.ArrayIndexOutOfBoundsException", "index greater than array bounds"); } else { ti.getVM().getSystemState().setIgnored(true); return getNext(ti); } } else if ((Integer) cg.getNextChoice() == 2) { pc._addDet(Comparator.LT, indexAttr, new IntegerConstant(0)); if (pc.simplify()) { // satisfiable ((PCChoiceGenerator) cg).setCurrentPC(pc); return ti.createAndThrowException( "java.lang.ArrayIndexOutOfBoundsException", "index smaller than array bounds"); } else { ti.getVM().getSystemState().setIgnored(true); return getNext(ti); } } else { pc._addDet(Comparator.LT, indexAttr, arrayAttr.length); pc._addDet(Comparator.GE, indexAttr, new IntegerConstant(0)); if (pc.simplify()) { // satisfiable ((PCChoiceGenerator) cg).setCurrentPC(pc); RealExpression sym_value = null; if (frame.getOperandAttr(0) == null || !(frame.getOperandAttr(0) instanceof RealExpression)) { float value = frame.popFloat(); sym_value = new RealConstant(value); } else { // The value is symbolic. sym_value = (RealExpression) frame.getOperandAttr(0); frame.popFloat(); } // We create a new arrayAttr, and inherits information from the previous attribute ArrayExpression newArrayAttr = new ArrayExpression(arrayAttr); frame.pop(2); // We pop the array and the index RealStoreExpression se = new RealStoreExpression(arrayAttr, indexAttr, sym_value); pc._addDet(Comparator.EQ, se, newArrayAttr); pc.arrayExpressions.put(newArrayAttr.getRootName(), newArrayAttr); return getNext(ti); } else { ti.getVM().getSystemState().setIgnored(true); return getNext(ti); } } }
public static HelperResult addNewArrayHeapNode( ClassInfo typeClassInfo, ThreadInfo ti, Object attr, PathCondition pcHeap, SymbolicInputHeap symInputHeap, int numSymRefs, HeapNode[] prevSymRefs, boolean setShared, IntegerExpression indexAttr, int arrayRef) { int daIndex = ti.getHeap().newObject(typeClassInfo, ti).getObjectRef(); ti.getHeap().registerPinDown(daIndex); String refChain = ((ArrayExpression) attr) .getName(); // + "[" + daIndex + "]"; // do we really need to add daIndex here? SymbolicInteger newSymRef = new SymbolicInteger(refChain); ElementInfo eiRef = ti.getModifiableElementInfo(daIndex); // ti.getElementInfo(daIndex); // TODO to review! if (setShared) { eiRef.setShared(ti, true); // ?? } // daIndex.getObjectRef() -> number // neha: this change allows all the fields in the class hierarchy of the // object to be initialized as symbolic and not just its instance fields int numOfFields = eiRef.getNumberOfFields(); FieldInfo[] fields = new FieldInfo[numOfFields]; for (int fieldIndex = 0; fieldIndex < numOfFields; fieldIndex++) { fields[fieldIndex] = eiRef.getFieldInfo(fieldIndex); } Helper.initializeInstanceFields(fields, eiRef, refChain); // neha: this change allows all the static fields in the class hierarchy // of the object to be initialized as symbolic and not just its immediate // static fields ClassInfo superClass = typeClassInfo; while (superClass != null) { FieldInfo[] staticFields = superClass.getDeclaredStaticFields(); Helper.initializeStaticFields(staticFields, superClass, ti); superClass = superClass.getSuperClass(); } // Put symbolic array in PC if we create a new array. if (typeClassInfo.isArray()) { String typeClass = typeClassInfo.getType(); ArrayExpression arrayAttr = null; if (typeClass.charAt(1) != 'L') { arrayAttr = new ArrayExpression(eiRef.toString()); } else { arrayAttr = new ArrayExpression(eiRef.toString(), typeClass.substring(2, typeClass.length() - 1)); } ti.getVM() .getLastChoiceGeneratorOfType(PCChoiceGenerator.class) .getCurrentPC() .arrayExpressions .put(eiRef.toString(), arrayAttr); } // create new HeapNode based on above info // update associated symbolic input heap ArrayHeapNode n = new ArrayHeapNode(daIndex, typeClassInfo, newSymRef, indexAttr, arrayRef); symInputHeap._add(n); pcHeap._addDet(Comparator.NE, newSymRef, new IntegerConstant(-1)); pcHeap._addDet(Comparator.EQ, newSymRef, new IntegerConstant(numSymRefs)); for (int i = 0; i < numSymRefs; i++) pcHeap._addDet(Comparator.NE, n.getSymbolic(), prevSymRefs[i].getSymbolic()); HelperResult result = new HelperResult(n, daIndex); return result; }